diff options
Diffstat (limited to 'app-crypt/efitools')
-rw-r--r-- | app-crypt/efitools/Manifest | 1 | ||||
-rw-r--r-- | app-crypt/efitools/efitools-1.8.1.ebuild | 50 | ||||
-rw-r--r-- | app-crypt/efitools/efitools-1.9.2-r1.ebuild (renamed from app-crypt/efitools/efitools-1.9.2.ebuild) | 43 | ||||
-rw-r--r-- | app-crypt/efitools/files/1.7.0-Make.rules.patch | 11 | ||||
-rw-r--r-- | app-crypt/efitools/files/1.9.2-Makefile.patch | 121 | ||||
-rw-r--r-- | app-crypt/efitools/files/1.9.2-clang16.patch | 108 | ||||
-rw-r--r-- | app-crypt/efitools/metadata.xml | 2 |
7 files changed, 252 insertions, 84 deletions
diff --git a/app-crypt/efitools/Manifest b/app-crypt/efitools/Manifest index f6d9e8258627..aced0dc8f91c 100644 --- a/app-crypt/efitools/Manifest +++ b/app-crypt/efitools/Manifest @@ -1,2 +1 @@ -DIST efitools-1.8.1.tar.gz 115319 BLAKE2B 3aad65defc203055122027cc3a48f50912d2f08b592841780fdc1bf337d75774116e698c4270865275ce7fe64988cd84105138ca979d81818f0065d7ae90f1d0 SHA512 114ef8e52160f5a5239ec306dbd587610849bce771ba8145ed092afd79e44f3ecee93cc1d97e2d5fdb880cc825bbbe928b3ef6701fd3b1fa444053894be1098a DIST efitools-1.9.2.tar.gz 116037 BLAKE2B b3540932eb112e362fd0eed47090360603807dcaec8c6a10058618f8252eeb5dcbbd703d313cb6fadae62c1312815080cf2c77fc86f9dfc9f9afca24ad97f584 SHA512 77e0ad7e865814ed388ff6daabe0f4b49ba51672bf2cbb98b7905e209cbd28f9ede2f73213ce45af8a978c1e67dba24ec88a1188661317cc22317b47e575cde8 diff --git a/app-crypt/efitools/efitools-1.8.1.ebuild b/app-crypt/efitools/efitools-1.8.1.ebuild deleted file mode 100644 index 3d0ff6e70f24..000000000000 --- a/app-crypt/efitools/efitools-1.8.1.ebuild +++ /dev/null @@ -1,50 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 - -inherit flag-o-matic toolchain-funcs - -DESCRIPTION="Tools for manipulating UEFI secure boot platforms" -HOMEPAGE="https://git.kernel.org/cgit/linux/kernel/git/jejb/efitools.git" -SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git/snapshot/${P}.tar.gz" - -LICENSE="GPL-2 LGPL-2.1" -SLOT="0" -KEYWORDS="~amd64 ~arm64 ~x86" -IUSE="static" - -LIB_DEPEND="dev-libs/openssl:0=[static-libs(+)]" - -RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} ) - sys-apps/util-linux" - -DEPEND="${RDEPEND} - app-crypt/sbsigntools - dev-perl/File-Slurp - static? ( ${LIB_DEPEND} ) - sys-apps/help2man - sys-boot/gnu-efi - virtual/pkgconfig" - -PATCHES=( - "${FILESDIR}/1.7.0-Make.rules.patch" -) - -src_prepare() { - if use static; then - append-ldflags -static - sed -i "s/-lcrypto\b/$($(tc-getPKG_CONFIG) --static --libs libcrypto)/g" \ - Makefile || die - fi - - # Respect users CFLAGS - sed -i -e 's/CFLAGS.*= -O2 -g/CFLAGS += /' Make.rules || die - - # Respect users LDFLAGS - sed -i -e 's/LDFLAGS/LIBS/g' Make.rules || die - sed -i -e 's/\$(CC)/& $(LDFLAGS)/g' Makefile || die - - # Run 'default', to apply user patches - default -} diff --git a/app-crypt/efitools/efitools-1.9.2.ebuild b/app-crypt/efitools/efitools-1.9.2-r1.ebuild index 2f10592f3b1c..0deba136bb4c 100644 --- a/app-crypt/efitools/efitools-1.9.2.ebuild +++ b/app-crypt/efitools/efitools-1.9.2-r1.ebuild @@ -1,7 +1,7 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI=6 +EAPI=8 inherit flag-o-matic toolchain-funcs @@ -14,42 +14,43 @@ SLOT="0" KEYWORDS="amd64 ~arm64 x86" IUSE="static" -LIB_DEPEND="dev-libs/openssl:0=[static-libs(+)]" +LIB_DEPEND="dev-libs/openssl:=[static-libs(+)]" -RDEPEND="!static? ( ${LIB_DEPEND//\[static-libs(+)]} ) +RDEPEND=" + !static? ( ${LIB_DEPEND//\[static-libs(+)]} ) sys-apps/util-linux" - DEPEND="${RDEPEND} + static? ( ${LIB_DEPEND} ) + sys-boot/gnu-efi" +BDEPEND=" app-crypt/sbsigntools dev-perl/File-Slurp - static? ( ${LIB_DEPEND} ) sys-apps/help2man - sys-boot/gnu-efi virtual/pkgconfig" PATCHES=( - "${FILESDIR}/1.7.0-Make.rules.patch" + "${FILESDIR}"/1.9.2-clang16.patch + "${FILESDIR}"/1.9.2-Makefile.patch ) src_prepare() { - if use static; then - append-ldflags -static - sed -i "s/-lcrypto\b/$($(tc-getPKG_CONFIG) --static --libs libcrypto)/g" \ - Makefile || die - fi + default - # Let it build with clang. + # Let it build with clang if tc-is-clang; then sed -i -e 's/-fno-toplevel-reorder//g' Make.rules || die fi - # Respect users CFLAGS - sed -i -e 's/CFLAGS.*= -O2 -g/CFLAGS += /' Make.rules || die + if use static; then + append-ldflags -static + export STATIC_FLAG=--static + fi +} - # Respect users LDFLAGS - sed -i -e 's/LDFLAGS/LIBS/g' Make.rules || die - sed -i -e 's/\$(CC)/& $(LDFLAGS)/g' Makefile || die +src_configure() { + # Calls LD directly, doesn't respect LDFLAGS. Low level package anyway. + # See bug #908813. + filter-lto - # Run 'default', to apply user patches - default + tc-export AR CC LD NM OBJCOPY PKG_CONFIG } diff --git a/app-crypt/efitools/files/1.7.0-Make.rules.patch b/app-crypt/efitools/files/1.7.0-Make.rules.patch deleted file mode 100644 index 89665ab3b690..000000000000 --- a/app-crypt/efitools/files/1.7.0-Make.rules.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/Make.rules -+++ b/Make.rules -@@ -71,7 +71,7 @@ - %.hash: %.efi hash-to-efi-sig-list - ./hash-to-efi-sig-list $< $@ - --%-blacklist.esl: %.crt cert-to-efi-hash-list -+%-blacklist.esl: %.crt cert-to-efi-sig-list - ./cert-to-efi-sig-list $< $@ - - %-hash-blacklist.esl: %.crt cert-to-efi-hash-list diff --git a/app-crypt/efitools/files/1.9.2-Makefile.patch b/app-crypt/efitools/files/1.9.2-Makefile.patch new file mode 100644 index 000000000000..e8e99b1858a5 --- /dev/null +++ b/app-crypt/efitools/files/1.9.2-Makefile.patch @@ -0,0 +1,121 @@ +--- a/Makefile ++++ b/Makefile +@@ -21,6 +21,8 @@ + KEYBLACKLISTAUTH = $(ALLKEYS:=-blacklist.auth) + KEYHASHBLACKLISTAUTH = $(ALLKEYS:=-hash-blacklist.auth) + ++SSL_LIBS = $(shell $(PKG_CONFIG) $(STATIC_FLAG) --libs libcrypto) ++ + export TOPDIR := $(shell pwd)/ + + include Make.rules +@@ -88,31 +90,31 @@ + ShimReplace.so: lib/lib-efi.a + + cert-to-efi-sig-list: cert-to-efi-sig-list.o lib/lib.a +- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto ++ $(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a $(SSL_LIBS) + + sig-list-to-certs: sig-list-to-certs.o lib/lib.a +- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto ++ $(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a $(SSL_LIBS) + + sign-efi-sig-list: sign-efi-sig-list.o lib/lib.a +- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto ++ $(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a $(SSL_LIBS) + + hash-to-efi-sig-list: hash-to-efi-sig-list.o lib/lib.a +- $(CC) $(ARCH3264) -o $@ $< lib/lib.a ++ $(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a + + cert-to-efi-hash-list: cert-to-efi-hash-list.o lib/lib.a +- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto ++ $(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a $(SSL_LIBS) + + efi-keytool: efi-keytool.o lib/lib.a +- $(CC) $(ARCH3264) -o $@ $< lib/lib.a ++ $(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a + + efi-readvar: efi-readvar.o lib/lib.a +- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto ++ $(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a $(SSL_LIBS) + + efi-updatevar: efi-updatevar.o lib/lib.a +- $(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto ++ $(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a $(SSL_LIBS) + + flash-var: flash-var.o lib/lib.a +- $(CC) $(ARCH3264) -o $@ $< lib/lib.a ++ $(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a + + clean: + rm -f PK.* KEK.* DB.* $(EFIFILES) $(EFISIGNED) $(BINARIES) *.o *.so +--- a/Make.rules ++++ b/Make.rules +@@ -15,8 +15,7 @@ + endif + INCDIR = -I$(TOPDIR)include/ -I/usr/include/efi -I/usr/include/efi/$(ARCH) -I/usr/include/efi/protocol + CPPFLAGS = -DCONFIG_$(ARCH) +-CFLAGS = -O2 -g $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check +-LDFLAGS = -nostdlib ++CFLAGS += $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check + CRTOBJ = crt0-efi-$(ARCH).o + CRTPATHS = /lib /lib64 /lib/efi /lib64/efi /usr/lib /usr/lib64 /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi + CRTPATH = $(shell for f in $(CRTPATHS); do if [ -e $$f/$(CRTOBJ) ]; then echo $$f; break; fi; done) +@@ -24,10 +23,9 @@ + # there's a bug in the gnu tools ... the .reloc section has to be + # aligned otherwise the file alignment gets screwed up + LDSCRIPT = elf_$(ARCH)_efi.lds +-LDFLAGS += -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -L /usr/lib -L /usr/lib64 -T $(LDSCRIPT) ++LIBS += -nostdlib -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -T $(LDSCRIPT) + LOADLIBES = -lefi -lgnuefi $(shell $(CC) $(ARCH3264) -print-libgcc-file-name) + FORMAT = --target=efi-app-$(ARCH) +-OBJCOPY = objcopy + MYGUID = 11111111-2222-3333-4444-123456789abc + INSTALL = install + BINDIR = $(DESTDIR)/usr/bin +@@ -47,12 +45,12 @@ + endif + + ifeq ($(ARCH),arm) +- LDFLAGS += --defsym=EFI_SUBSYSTEM=0x0a ++ LIBS += --defsym=EFI_SUBSYSTEM=0x0a + FORMAT = -O binary + endif + + ifeq ($(ARCH),aarch64) +- LDFLAGS += --defsym=EFI_SUBSYSTEM=0x0a ++ LIBS += --defsym=EFI_SUBSYSTEM=0x0a + FORMAT = -O binary + endif + +@@ -61,9 +59,9 @@ + -j .rel -j .rela -j .rel.* -j .rela.* -j .rel* -j .rela* \ + -j .reloc $(FORMAT) $*.so $@ + %.so: %.o +- $(LD) $(LDFLAGS) $^ -o $@ $(LOADLIBES) ++ $(LD) $(LIBS) $^ -o $@ $(LOADLIBES) + # check we have no undefined symbols +- nm -D $@ | grep ' U ' && exit 1 || exit 0 ++ $(NM) -D $@ | grep ' U ' && exit 1 || exit 0 + + %.h: %.auth + ./xxdi.pl $< > $@ +@@ -71,7 +69,7 @@ + %.hash: %.efi hash-to-efi-sig-list + ./hash-to-efi-sig-list $< $@ + +-%-blacklist.esl: %.crt cert-to-efi-hash-list ++%-blacklist.esl: %.crt cert-to-efi-sig-list + ./cert-to-efi-sig-list $< $@ + + %-hash-blacklist.esl: %.crt cert-to-efi-hash-list +@@ -129,7 +127,7 @@ + # sbsign --key KEK.key --cert KEK.crt --output $@ $< + + %.a: +- ar rcv $@ $^ ++ $(AR) rcv $@ $^ + + doc/%.1: doc/%.1.in % + $(HELP2MAN) --no-info -i $< -o $@ ./$* diff --git a/app-crypt/efitools/files/1.9.2-clang16.patch b/app-crypt/efitools/files/1.9.2-clang16.patch new file mode 100644 index 000000000000..944a731bcde8 --- /dev/null +++ b/app-crypt/efitools/files/1.9.2-clang16.patch @@ -0,0 +1,108 @@ +--- a/cert-to-efi-sig-list.c ++++ b/cert-to-efi-sig-list.c +@@ -6,7 +6,6 @@ + + + #include <stdint.h> +-#define __STDC_VERSION__ 199901L + #include <efi.h> + #ifdef CONFIG_arm + /* FIXME: +--- a/efi-keytool.c ++++ b/efi-keytool.c +@@ -15,7 +15,6 @@ + #include <fcntl.h> + #include <unistd.h> + +-#define __STDC_VERSION__ 199901L + #include <efi.h> + + #include <kernel_efivars.h> +--- a/efi-readvar.c ++++ b/efi-readvar.c +@@ -17,7 +17,6 @@ + + #include <openssl/x509.h> + +-#define __STDC_VERSION__ 199901L + #include <efi.h> + + #include <kernel_efivars.h> +--- a/efi-updatevar.c ++++ b/efi-updatevar.c +@@ -20,7 +20,6 @@ + #include <openssl/err.h> + #include <openssl/pem.h> + +-#define __STDC_VERSION__ 199901L + #include <efi.h> + + #include <kernel_efivars.h> +--- a/flash-var.c ++++ b/flash-var.c +@@ -1,3 +1,5 @@ ++#define _XOPEN_SOURCE 700 ++ + #include <stdlib.h> + #include <stdint.h> + #include <sys/types.h> +@@ -10,7 +12,6 @@ + #include <fcntl.h> + #include <unistd.h> + +-#define __STDC_VERSION__ 199901L + #include <efi.h> + + #include <version.h> +--- a/hash-to-efi-sig-list.c ++++ b/hash-to-efi-sig-list.c +@@ -4,7 +4,6 @@ + * see COPYING file + */ + #include <stdint.h> +-#define __STDC_VERSION__ 199901L + #include <efi.h> + #ifdef CONFIG_arm + /* FIXME: +--- a/include/variableformat.h ++++ b/include/variableformat.h +@@ -109,7 +109,7 @@ + + #pragma pack() + +-inline BOOLEAN ++static inline BOOLEAN + IsValidVariableHeader (VARIABLE_HEADER *vh) { + if (vh == NULL || vh->StartId != VARIABLE_DATA) + return FALSE; +--- a/lib/kernel_efivars.c ++++ b/lib/kernel_efivars.c +@@ -16,7 +16,6 @@ + #include <unistd.h> + #include <time.h> + +-#define __STDC_VERSION__ 199901L + #include <efi.h> + + #include <kernel_efivars.h> +--- a/sig-list-to-certs.c ++++ b/sig-list-to-certs.c +@@ -4,7 +4,6 @@ + * see COPYING file + */ + #include <stdint.h> +-#define __STDC_VERSION__ 199901L + #include <efi.h> + #ifdef CONFIG_arm + /* FIXME: +--- a/sign-efi-sig-list.c ++++ b/sign-efi-sig-list.c +@@ -4,7 +4,7 @@ + * see COPYING file + */ + #include <stdint.h> +-#define __STDC_VERSION__ 199901L ++#define _XOPEN_SOURCE 700 + #include <efi.h> + #ifdef CONFIG_arm + /* FIXME: diff --git a/app-crypt/efitools/metadata.xml b/app-crypt/efitools/metadata.xml index c1f7c0b4ef2a..ba25ee6d9d76 100644 --- a/app-crypt/efitools/metadata.xml +++ b/app-crypt/efitools/metadata.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> <maintainer type="person"> <email>tamiko@gentoo.org</email> |