diff options
Diffstat (limited to 'app-crypt/sbsigntools')
-rw-r--r-- | app-crypt/sbsigntools/Manifest | 4 | ||||
-rw-r--r-- | app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch | 152 | ||||
-rw-r--r-- | app-crypt/sbsigntools/files/sbsigntools-0.9.4-no-werror.patch | 13 | ||||
-rw-r--r-- | app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch | 35 | ||||
-rw-r--r-- | app-crypt/sbsigntools/metadata.xml | 2 | ||||
-rw-r--r-- | app-crypt/sbsigntools/sbsigntools-0.9.4-r1.ebuild (renamed from app-crypt/sbsigntools/sbsigntools-0.9.1-r1.ebuild) | 10 | ||||
-rw-r--r-- | app-crypt/sbsigntools/sbsigntools-0.9.5.ebuild (renamed from app-crypt/sbsigntools/sbsigntools-0.9.2.ebuild) | 32 |
7 files changed, 79 insertions, 169 deletions
diff --git a/app-crypt/sbsigntools/Manifest b/app-crypt/sbsigntools/Manifest index b2ddc3be7a21..e0a935653e38 100644 --- a/app-crypt/sbsigntools/Manifest +++ b/app-crypt/sbsigntools/Manifest @@ -1,3 +1,3 @@ DIST sbsigntool-0.8-ccan.tar.gz 113537 BLAKE2B 8fbf27463d30c1895930628a145be2d521ae4f6adb7af3299bf2f5f4319fd643df0a07347ef6851bd41d233af4c3fc5f77002771af1c43aa0f20665aef2390b8 SHA512 6857096879f116f1802eb6b44789cbea7bb24440bc0f16503aeadf5f276fa45943f322f844dbb9abee717655205d82b830143be3a7f4424fd4146b9360674a09 -DIST sbsigntools-0.9.1.tar.gz 56497 BLAKE2B 22791bd4b490f36963a19e82da3ce7b93a56d948bf44d1ffdb62fa3291a3f815b2c19d68f9180b607c2b1438f656367ec1f9002f0b1225734d16a9aadc6d20ec SHA512 ae16232327c098bbc60a9701185d856d851cb7fa8f62be64d3c8f75c8b274b8521fcc4212226189def05db980690878ee6ac9a9b418166c92442aaf35e790d29 -DIST sbsigntools-0.9.2.tar.gz 56525 BLAKE2B 0bce1f534aa960672eab6a415e287b79ff9f18eb947e2217ad4533081f8b854e160b57828afbb56423b2dcab723d3a8aacb2e6affeb2057d17ce3c1761d96b11 SHA512 060753ed9c8db794e4755cc66c1940a2ccc89f4ddf0e825da1f1e6eaa75fc67c21060ee4b5dfb0c757b69e6f5959bfa68156d9f95a945cf63c6a20f1414a2c27 +DIST sbsigntools-0.9.4.tar.gz 57714 BLAKE2B 94797af6c98a9c13cb71e52ba6f7ff07de70660af2194b14061e0cb618d6effff52ef7a4dd2fd4e44e75f022b979442d4290b1d65d63017b2fbebdca5951c5c9 SHA512 953d3d9a7f92b837da966eabe3572163a29c5292e792d5ef17cf842d7373ffaa901377cb4ec68006a6ef2f9c97d48db8ffdd3a6d2853be67016d3484a118bba9 +DIST sbsigntools-0.9.5.tar.gz 57876 BLAKE2B 677f87eac9fba9185acd7e25b8d7a3682083938313f3086aaaa6871e010bd403bdda5b9a5fe931151af75a344802c964918be8feb38ec6229d9a16c5b63416b6 SHA512 3b23bdf1855132a91e2063039bd4d14c5564e9cd8f551711aa89a91646ff783afb6e318479e9cf46eedbc914a1eade142398c774d8dbfef8fd1d65cbbe60aabd diff --git a/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch b/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch deleted file mode 100644 index 2f9364f246ee..000000000000 --- a/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch +++ /dev/null @@ -1,152 +0,0 @@ -diff --git a/src/fileio.c b/src/fileio.c -index 032eb1e..09bc3aa 100644 ---- a/src/fileio.c -+++ b/src/fileio.c -@@ -40,6 +40,7 @@ - #include <openssl/pem.h> - #include <openssl/err.h> - #include <openssl/engine.h> -+#include <openssl/ui.h> - - #include <ccan/talloc/talloc.h> - #include <ccan/read_write_all/read_write_all.h> -diff --git a/src/idc.c b/src/idc.c -index 236cefd..6d87bd4 100644 ---- a/src/idc.c -+++ b/src/idc.c -@@ -238,7 +238,11 @@ struct idc *IDC_get(PKCS7 *p7, BIO *bio) - - /* extract the idc from the signed PKCS7 'other' data */ - str = p7->d.sign->contents->d.other->value.asn1_string; -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - idcbuf = buf = ASN1_STRING_data(str); -+#else -+ idcbuf = buf = ASN1_STRING_get0_data(str); -+#endif - idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str)); - - /* If we were passed a BIO, write the idc data, minus type and length, -@@ -289,7 +293,11 @@ int IDC_check_hash(struct idc *idc, struct image *image) - } - - /* check hash against the one we calculated from the image */ -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - buf = ASN1_STRING_data(str); -+#else -+ buf = ASN1_STRING_get0_data(str); -+#endif - if (memcmp(buf, sha, sizeof(sha))) { - fprintf(stderr, "Hash doesn't match image\n"); - fprintf(stderr, " got: %s\n", sha256_str(buf)); -diff --git a/src/sbattach.c b/src/sbattach.c -index a0c01b8..e89a23e 100644 ---- a/src/sbattach.c -+++ b/src/sbattach.c -@@ -231,6 +231,7 @@ int main(int argc, char **argv) - return EXIT_FAILURE; - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - ERR_load_crypto_strings(); - OpenSSL_add_all_digests(); - OPENSSL_config(NULL); -@@ -239,6 +240,7 @@ int main(int argc, char **argv) - * module isn't present). In either case ignore the errors - * (malloc will cause other failures out lower down */ - ERR_clear_error(); -+#endif - - image = image_load(image_filename); - if (!image) { -diff --git a/src/sbkeysync.c b/src/sbkeysync.c -index 7b17f40..419b1e7 100644 ---- a/src/sbkeysync.c -+++ b/src/sbkeysync.c -@@ -208,7 +208,11 @@ static int x509_key_parse(struct key *key, uint8_t *data, size_t len) - goto out; - - key->id_len = ASN1_STRING_length(serial); -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len); -+#else -+ key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len); -+#endif - - key->description = talloc_array(key, char, description_len); - X509_NAME_oneline(X509_get_subject_name(x509), -@@ -927,6 +931,7 @@ int main(int argc, char **argv) - return EXIT_FAILURE; - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - ERR_load_crypto_strings(); - OpenSSL_add_all_digests(); - OpenSSL_add_all_ciphers(); -@@ -936,6 +941,7 @@ int main(int argc, char **argv) - * module isn't present). In either case ignore the errors - * (malloc will cause other failures out lower down */ - ERR_clear_error(); -+#endif - - ctx->filesystem_keys = init_keyset(ctx); - ctx->firmware_keys = init_keyset(ctx); -diff --git a/src/sbsign.c b/src/sbsign.c -index ff1fdfd..78d8d64 100644 ---- a/src/sbsign.c -+++ b/src/sbsign.c -@@ -188,6 +188,7 @@ int main(int argc, char **argv) - - talloc_steal(ctx, ctx->image); - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - ERR_load_crypto_strings(); - OpenSSL_add_all_digests(); - OpenSSL_add_all_ciphers(); -@@ -197,6 +198,7 @@ int main(int argc, char **argv) - * module isn't present). In either case ignore the errors - * (malloc will cause other failures out lower down */ - ERR_clear_error(); -+#endif - if (engine) - pkey = fileio_read_engine_key(engine, keyfilename); - else -diff --git a/src/sbvarsign.c b/src/sbvarsign.c -index 7dcbe51..9319c8b 100644 ---- a/src/sbvarsign.c -+++ b/src/sbvarsign.c -@@ -509,6 +509,7 @@ int main(int argc, char **argv) - return EXIT_FAILURE; - } - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - /* initialise openssl */ - OpenSSL_add_all_digests(); - OpenSSL_add_all_ciphers(); -@@ -519,6 +520,7 @@ int main(int argc, char **argv) - * module isn't present). In either case ignore the errors - * (malloc will cause other failures out lower down */ - ERR_clear_error(); -+#endif - - /* set up the variable signing context */ - varname = argv[optind]; -diff --git a/src/sbverify.c b/src/sbverify.c -index 3920d91..d0b203a 100644 ---- a/src/sbverify.c -+++ b/src/sbverify.c -@@ -250,6 +250,7 @@ int main(int argc, char **argv) - verbose = false; - detached_sig_filename = NULL; - -+#if OPENSSL_VERSION_NUMBER < 0x10100000L - OpenSSL_add_all_digests(); - ERR_load_crypto_strings(); - OPENSSL_config(NULL); -@@ -258,6 +259,7 @@ int main(int argc, char **argv) - * module isn't present). In either case ignore the errors - * (malloc will cause other failures out lower down */ - ERR_clear_error(); -+#endif - - for (;;) { - int idx; diff --git a/app-crypt/sbsigntools/files/sbsigntools-0.9.4-no-werror.patch b/app-crypt/sbsigntools/files/sbsigntools-0.9.4-no-werror.patch new file mode 100644 index 000000000000..42650929b87c --- /dev/null +++ b/app-crypt/sbsigntools/files/sbsigntools-0.9.4-no-werror.patch @@ -0,0 +1,13 @@ +https://bugs.gentoo.org/832212 +https://bugs.gentoo.org/845372 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -7,7 +7,7 @@ AM_CFLAGS = -Wall -Wextra --std=gnu99 + common_SOURCES = idc.c idc.h image.c image.h fileio.c fileio.h \ + efivars.h $(coff_headers) + common_LDADD = ../lib/ccan/libccan.a $(libcrypto_LIBS) +-common_CFLAGS = -I$(top_srcdir)/lib/ccan/ -Werror ++common_CFLAGS = -I$(top_srcdir)/lib/ccan/ + + sbsign_SOURCES = sbsign.c $(common_SOURCES) + sbsign_LDADD = $(common_LDADD) diff --git a/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch b/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch new file mode 100644 index 000000000000..3fffe9b668eb --- /dev/null +++ b/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch @@ -0,0 +1,35 @@ +Subject: [PATCH] Fix openssl-3.0 issue involving ASN1 xxx_it +From: Jeremi Piotrowski <jeremi.piotrowski@microsoft.com> +Origin: https://groups.io/g/sbsigntools/message/54 + +Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it. + +openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it` to +`const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind +OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is +available. This change should have been transparent to the application, but +only if the `ASN1_ITEM_rptr()` macro is used. + +This change passes `make check` with both openssl 1.1 and 3.0. + +Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com> +--- + src/idc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/idc.c b/src/idc.c +index 6d87bd4..0a82218 100644 +--- a/src/idc.c ++++ b/src/idc.c +@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image) + + idc->data->type = OBJ_nid2obj(peid_nid); + idc->data->value = ASN1_TYPE_new(); +- type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it); ++ type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID)); + + idc->digest->alg->parameter = ASN1_TYPE_new(); + idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256); +-- +2.25.1 + diff --git a/app-crypt/sbsigntools/metadata.xml b/app-crypt/sbsigntools/metadata.xml index 20001d6eb7ad..ef5313d4212e 100644 --- a/app-crypt/sbsigntools/metadata.xml +++ b/app-crypt/sbsigntools/metadata.xml @@ -1,5 +1,5 @@ <?xml version="1.0" encoding="UTF-8"?> -<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> <pkgmetadata> <maintainer type="person"> <email>tamiko@gentoo.org</email> diff --git a/app-crypt/sbsigntools/sbsigntools-0.9.1-r1.ebuild b/app-crypt/sbsigntools/sbsigntools-0.9.4-r1.ebuild index 13cc594e34f9..0ce5dbbe30a0 100644 --- a/app-crypt/sbsigntools/sbsigntools-0.9.1-r1.ebuild +++ b/app-crypt/sbsigntools/sbsigntools-0.9.4-r1.ebuild @@ -1,7 +1,7 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI="6" +EAPI="7" MY_PN="${PN::-1}" @@ -14,7 +14,7 @@ SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/${PN}.git/snapshot LICENSE="GPL-3 LGPL-3 LGPL-2.1 CC0-1.0" SLOT="0" -KEYWORDS="amd64 ~arm64 ~x86" +KEYWORDS="amd64 arm64 ~riscv x86" IUSE="" RDEPEND=" @@ -27,7 +27,8 @@ DEPEND="${RDEPEND} virtual/pkgconfig" PATCHES=( - "${FILESDIR}"/${P}-openssl-1.1.0-compat.patch + "${FILESDIR}"/${PN}-0.9.4-no-werror.patch + "${FILESDIR}"/${PN}-0.9.4-openssl3.patch ) src_prepare() { @@ -39,6 +40,7 @@ src_prepare() { amd64) iarch=x86_64 ;; arm64) iarch=aarch64 ;; ia64) iarch=ia64 ;; + riscv) iarch=riscv64 ;; x86) iarch=ia32 ;; *) die "unsupported architecture: ${ARCH}" ;; esac diff --git a/app-crypt/sbsigntools/sbsigntools-0.9.2.ebuild b/app-crypt/sbsigntools/sbsigntools-0.9.5.ebuild index 9266c28813a6..b6c7e8e1d90d 100644 --- a/app-crypt/sbsigntools/sbsigntools-0.9.2.ebuild +++ b/app-crypt/sbsigntools/sbsigntools-0.9.5.ebuild @@ -1,7 +1,7 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2024 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 -EAPI="7" +EAPI=8 MY_PN="${PN::-1}" @@ -9,22 +9,33 @@ inherit autotools toolchain-funcs DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot" HOMEPAGE="https://git.kernel.org/cgit/linux/kernel/git/jejb/sbsigntools.git/" -SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/${PN}.git/snapshot/${P}.tar.gz - https://dev.gentoo.org/~tamiko/distfiles/${MY_PN}-0.8-ccan.tar.gz" +SRC_URI=" + https://git.kernel.org/pub/scm/linux/kernel/git/jejb/${PN}.git/snapshot/${P}.tar.gz + https://dev.gentoo.org/~tamiko/distfiles/${MY_PN}-0.8-ccan.tar.gz +" LICENSE="GPL-3 LGPL-3 LGPL-2.1 CC0-1.0" SLOT="0" -KEYWORDS="amd64 ~arm64 x86" +KEYWORDS="amd64 arm64 ~riscv x86" IUSE="" RDEPEND=" - dev-libs/openssl:0= - sys-apps/util-linux" -DEPEND="${RDEPEND} - sys-apps/help2man + dev-libs/openssl:= + sys-apps/util-linux +" +DEPEND=" + ${RDEPEND} sys-boot/gnu-efi sys-libs/binutils-libs - virtual/pkgconfig" +" +BDEPEND=" + sys-apps/help2man + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}"/${PN}-0.9.4-no-werror.patch +) src_prepare() { mv "${WORKDIR}"/lib/ccan "${S}"/lib || die "mv failed" @@ -35,6 +46,7 @@ src_prepare() { amd64) iarch=x86_64 ;; arm64) iarch=aarch64 ;; ia64) iarch=ia64 ;; + riscv) iarch=riscv64 ;; x86) iarch=ia32 ;; *) die "unsupported architecture: ${ARCH}" ;; esac |