mirror of
https://github.com/flatcar/scripts.git
synced 2025-08-17 18:06:59 +02:00
Merge pull request #56 from gregkh/app-crypt
feat(app-crypt/sbsigntool) update to latest upstream patches
This commit is contained in:
Brandon Philips
commit
5b01b0b59f
@ -1,6 +1,18 @@
|
||||
# ChangeLog for app-crypt/sbsigntool
|
||||
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-crypt/sbsigntool/ChangeLog,v 1.3 2013/08/28 11:17:16 ago Exp $
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-crypt/sbsigntool/ChangeLog,v 1.5 2013/10/03 02:09:21 gregkh Exp $
|
||||
|
||||
*sbsigntool-0.6-r1 (03 Oct 2013)
|
||||
|
||||
03 Oct 2013; Greg Kroah-Hartman <gregkh@gentoo.org>
|
||||
+files/0002-image.c-clear-image-variable.patch,
|
||||
+files/0003-Fix-for-multi-sign.patch, +sbsigntool-0.6-r1.ebuild:
|
||||
patches to fix multi-key signing, fixing bugs with new versions of UEFI
|
||||
firmware. Taken from the openSUSE packages as the upstream Launchpad project
|
||||
is now dead.
|
||||
|
||||
05 Sep 2013; Mike Frysinger <vapier@gentoo.org> sbsigntool-0.6.ebuild:
|
||||
Fix $AR handling #481480 by Agostino Sarubbo.
|
||||
|
||||
28 Aug 2013; Agostino Sarubbo <ago@gentoo.org> sbsigntool-0.6.ebuild:
|
||||
Stable for x86, wrt bug #481396
|
||||
|
||||
@ -1,24 +1,7 @@
|
||||
-----BEGIN PGP SIGNED MESSAGE-----
|
||||
Hash: SHA512
|
||||
|
||||
AUX 0002-image.c-clear-image-variable.patch 822 SHA256 7877d69c0a6d014f43e1dc922db3fb503c1c3176dd2665a96f85ddfd73ed7e12 SHA512 004ba118cbe8fe5cc291888966e5994373c0b9d8149bc5c652a72971138fab5e64d721061c69e8b864d6ca5cdb4ffa193520156941b6bd9c998b256f8d72697b WHIRLPOOL 3872d97cde83e9423622f348dc50eb414f8512f95673cbf7e4b908f699455003d57711bda6bd0893f3a21b876a66ec480416bed5df52e5ecb33c00b21cbbb6c9
|
||||
AUX 0003-Fix-for-multi-sign.patch 1452 SHA256 803f97f6c01a573367371f9ffd4c53aab5916ea3218fdc515429ca559f5dad31 SHA512 2aba55a116536e7f41e4aac2fd33eeb92cf89b14bcdd8b93b6e9dc9bdaf2f0162134e56f7d365640445bf801ad8590f6d49f14cdf80b791324647067d52ae435 WHIRLPOOL a83c8dde50cf82559408be58482f73aa1c3460a63424578decfc36033b5c368f8ad219b1412a7eb0a478e91b8654e7a7392dc886a496f9efea6f12dcd2f0e379
|
||||
DIST sbsigntool_0.6.orig.tar.gz 212375 SHA256 84fb0c8f6fb1e79aa418a4f70a3139b38d5630043b28291c875f383e9b4294b8 SHA512 ed314d1cb7278cf5f27d4c3cd17f2195678419a7f9e47770429b6f95df35f7df035331e60c45970183ddd9b150a9b752f876c777929598b0525872b3255af95c WHIRLPOOL 3b86b9861f5e26586e8a9eb9bbf48adf1a12714b294f0acd605d53e37c27192006c6ecc81d31bf4f200f8e88508f38a52ef93e9e01e301c4245a11894227cecc
|
||||
EBUILD sbsigntool-0.6.ebuild 927 SHA256 4b265394fb3a83c49489cc0001bcd65716a00c1f95bd11c978ada2f64a3ef683 SHA512 2b3ba8533ddc1445ae93fe1cc3775255d9e8fb12375b4d1cced4431d5a516cf11a5f762916cfc47202e290665430e8788e455d5aa836581050c873e0a043810a WHIRLPOOL ec501b6ce4ce5f59fe47c3436315932c08b586c11f114bd768928520372179912f14d295df737ff3a68c22203c909263cc9e1d0110a7d8190cd8ecccc0d30b5a
|
||||
MISC ChangeLog 589 SHA256 b209e9aef39923d0c4d11563b6568e42eabb4ea59f64b5a63fb4649bb9ea6ab7 SHA512 f346aa5c9e045d945b1921bd5039c554e5b6164179ba4877bca6c522f9c2a6f59d28a674e13792f58d4897189dd94c77a30232cf09bccebe17fb7a2545713d88 WHIRLPOOL c8286d1507c2b58c162627e2033f8f48ed04033c3ade807e6d0e2d15a6efb06f0a882ea76c308fb439722d6daf3cae5f5720b8cbb51cfb148fedfa061924b6a4
|
||||
EBUILD sbsigntool-0.6-r1.ebuild 1156 SHA256 efb231e59814ccb124ef80de7458267dd393ce482bbcf93fd1b8d0bfb09df42e SHA512 bb9e4b56c0b9cc11f126bd9b3b304745253259122665527cabe0646cd6ff92afde33698ee6e658098b72c4e4eac1985fa42f5ee3f3e602e974bcf627e4074947 WHIRLPOOL c84bc235184215eeacf9511f3d24225dae07c9b05432c41b55a0726ee1a879bb42e7b07f0d67deac088113b43c3de6163d6aac727cce55c5d10fd6f786ad44db
|
||||
EBUILD sbsigntool-0.6.ebuild 1030 SHA256 8bc44c1f02f282908aa16e638f3d950a270b3997906055bb4d5b24b1f249bace SHA512 40f1746f5e87f8f5fda0fccd3907ee62aab3f6c0268c9cc474b2182f367cf0d28d05bfec7569a73c72c71dc7071e942a3841cac2f4dde671664cef72053ab2ff WHIRLPOOL e25a70fbadd8cded0c5daa1a28a0518bd3c13d4f182498a7c784fed88bc0972dd54a03fe4fe243eef4fdd9a1f21d3f66a9f93597a097a224f1d00ecde938cc1c
|
||||
MISC ChangeLog 1088 SHA256 f6330d40480ce3a4c864e50d5f486890dd2815ce7b9ae10177e4771ceebccb7a SHA512 744e16add502ea2b5bb165372d6f22767ca1ce0d117fac749a9f14e5f75463b68a2d4394e4a24ed42c88a1c40292854f8425f2d90043639c606b203e031e639b WHIRLPOOL 518bbffb52258512217b189e31edc33a9a9df6dbb202077ab8d65f0b85ab0efde4fa0b773a386b3c03600ce9ca5d41334d51129efb525899cbc0f8ef7fcfe1d1
|
||||
MISC metadata.xml 240 SHA256 060d4d570194ff567e10d66246f85d4b9fee1efb17d111aeb9f03345f6e20efd SHA512 41a5c4b9e67d814937a0524714617a059c1351a00ac12d9344373f43b41d074e24fab5598e44c8a22f1848bfa12b8fc76cd5674ca62cd1f917b3235c77721971 WHIRLPOOL da0b560d9528cfe4fcff409de2d9749cf9ae8b7a04468b42463e8097b89e152a67a0da0ea7e6db1186f852687979c2e843e487a5eb76e663717148a796aa093d
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
Version: GnuPG v2.0.20 (GNU/Linux)
|
||||
|
||||
iQIcBAEBCgAGBQJSHdw9AAoJELp701BxlEWfUCEP/2usWaSIi1CTQRu+4g2VARYh
|
||||
k54qcQMC/o3k8my/pSUSSjw5ORkCxA4k1bwzIyMeEcOOzJJFuIOIZR3njmPzE+sy
|
||||
IY3PaMCVcn6OT4gHUw03SUl/IV0/SdrFv39LeLW8S4MyhbPsu4h5m2G64HmR0JwI
|
||||
LPOhmHNfNLfMWoljn0auU4bPF0Y7gab2zmc68ElewdLmMS9ubxgfipqmZuzvJaub
|
||||
FiiDx7QkVHkZNc2/wkZhVml4+T3kej2GiLVBE4o6C6pfAjzxl+D6AFbmRO6ewwbX
|
||||
PayhgUE6S3iZ5na9zS6iR3G36EeLStmELUb0L2HK5yAGlwk0YLRWL8XZvJhkYhya
|
||||
QedP9TQES9A7EyssQSmtl9q6DpSdIme/5evkul+CuYVLyOicWztOuDKQqaiv0anU
|
||||
K5YvWw6eH81d1SBG1BzKae2ZtoYA9Mvfwq7DJ+W1wTm95bzeeoKztQtOvm9PwTTi
|
||||
oO9dAue0Lgb1TgVlTAJ099MztVCgozKFz3gIN3z15qGpOus67WqUUEV/J1dmrs7d
|
||||
kD4S/6XNyy4yvhggzlve7MHb9JtK3Xf5rLttJaBQ9WIQM/MlYbMSXP2+aZ4gO5T4
|
||||
q6ZyjQv9Ju8I2KWhMVitRyhPOs3aJ1VrkGcjLNElJCeyIBgtQjlMztrKrAMFwQVl
|
||||
7vT3Cy78pqIW3KbPFSVV
|
||||
=ciag
|
||||
-----END PGP SIGNATURE-----
|
||||
|
||||
@ -0,0 +1,29 @@
|
||||
From 21e984fa9d93a760cc03f5d9d13d023809227df2 Mon Sep 17 00:00:00 2001
|
||||
From: James Bottomley <JBottomley@Parallels.com>
|
||||
Date: Thu, 11 Apr 2013 21:12:17 -0700
|
||||
Subject: image.c: clear image variable
|
||||
|
||||
Not zeroing the image after talloc occasionally leads to a segfault because
|
||||
the programme thinks it has a signature when in reality it just has a junk
|
||||
pointer and segfaults.
|
||||
|
||||
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
|
||||
---
|
||||
src/image.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/image.c b/src/image.c
|
||||
index cc55791..10eba0e 100644
|
||||
--- a/src/image.c
|
||||
+++ b/src/image.c
|
||||
@@ -401,6 +401,7 @@ struct image *image_load(const char *filename)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+ memset(image, 0, sizeof(*image));
|
||||
rc = fileio_read_file(image, filename, &image->buf, &image->size);
|
||||
if (rc)
|
||||
goto err;
|
||||
--
|
||||
1.8.2.1
|
||||
|
||||
@ -0,0 +1,39 @@
|
||||
From e58a528ef57e53008222f238cce7c326a14572e2 Mon Sep 17 00:00:00 2001
|
||||
From: James Bottomley <JBottomley@Parallels.com>
|
||||
Date: Mon, 30 Sep 2013 19:25:37 -0700
|
||||
Subject: [PATCH 4/4] Fix for multi-sign
|
||||
|
||||
The new Tianocore multi-sign code fails now for images signed with
|
||||
sbsigntools. The reason is that we don't actually align the signature table,
|
||||
we just slap it straight after the binary data. Unfortunately, the new
|
||||
multi-signature code checks that our alignment offsets are correct and fails
|
||||
the signature for this reason. Fix by adding junk to the end of the image to
|
||||
align the signature section.
|
||||
|
||||
Signed-off-by: James Bottomley <JBottomley@Parallels.com>
|
||||
---
|
||||
src/image.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/image.c b/src/image.c
|
||||
index 10eba0e..519e288 100644
|
||||
--- a/src/image.c
|
||||
+++ b/src/image.c
|
||||
@@ -385,7 +385,13 @@ static int image_find_regions(struct image *image)
|
||||
|
||||
/* record the size of non-signature data */
|
||||
r = &image->checksum_regions[image->n_checksum_regions - 1];
|
||||
- image->data_size = (r->data - (void *)image->buf) + r->size;
|
||||
+ /*
|
||||
+ * The new Tianocore multisign does a stricter check of the signatures
|
||||
+ * in particular, the signature table must start at an aligned offset
|
||||
+ * fix this by adding bytes to the end of the text section (which must
|
||||
+ * be included in the hash)
|
||||
+ */
|
||||
+ image->data_size = align_up((r->data - (void *)image->buf) + r->size, 8);
|
||||
|
||||
return 0;
|
||||
}
|
||||
--
|
||||
1.8.4
|
||||
|
||||
38
sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/sbsigntool-0.6-r1.ebuild
vendored
Normal file
38
sdk_container/src/third_party/portage-stable/app-crypt/sbsigntool/sbsigntool-0.6-r1.ebuild
vendored
Normal file
@ -0,0 +1,38 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-crypt/sbsigntool/sbsigntool-0.6-r1.ebuild,v 1.1 2013/10/03 02:09:21 gregkh Exp $
|
||||
|
||||
EAPI="4"
|
||||
|
||||
inherit eutils toolchain-funcs
|
||||
|
||||
DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot"
|
||||
HOMEPAGE="https://launchpad.net/ubuntu/+source/sbsigntool"
|
||||
SRC_URI="https://launchpad.net/ubuntu/+archive/primary/+files/${PN}_${PV}.orig.tar.gz"
|
||||
|
||||
LICENSE="GPL-3"
|
||||
SLOT="0"
|
||||
KEYWORDS="~amd64 ~x86"
|
||||
IUSE=""
|
||||
|
||||
RDEPEND="dev-libs/openssl
|
||||
sys-apps/util-linux"
|
||||
DEPEND="${RDEPEND}
|
||||
sys-apps/help2man
|
||||
sys-boot/gnu-efi
|
||||
virtual/pkgconfig"
|
||||
|
||||
src_prepare() {
|
||||
local iarch
|
||||
case ${ARCH} in
|
||||
ia64) iarch=ia64 ;;
|
||||
x86) iarch=ia32 ;;
|
||||
amd64) iarch=x86_64 ;;
|
||||
*) die "unsupported architecture: ${ARCH}" ;;
|
||||
esac
|
||||
sed -i "/^EFI_ARCH=/s:=.*:=${iarch}:" configure || die
|
||||
sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.in || die
|
||||
sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480
|
||||
epatch "${FILESDIR}"/0002-image.c-clear-image-variable.patch
|
||||
epatch "${FILESDIR}"/0003-Fix-for-multi-sign.patch
|
||||
}
|
||||
@ -1,11 +1,13 @@
|
||||
# Copyright 1999-2013 Gentoo Foundation
|
||||
# Distributed under the terms of the GNU General Public License v2
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-crypt/sbsigntool/sbsigntool-0.6.ebuild,v 1.3 2013/08/28 11:17:16 ago Exp $
|
||||
# $Header: /var/cvsroot/gentoo-x86/app-crypt/sbsigntool/sbsigntool-0.6.ebuild,v 1.4 2013/09/05 07:31:21 vapier Exp $
|
||||
|
||||
EAPI="4"
|
||||
|
||||
inherit toolchain-funcs
|
||||
|
||||
DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot"
|
||||
HOMEPAGE="http://packages.ubuntu.com/quantal/sbsigntool"
|
||||
HOMEPAGE="https://launchpad.net/ubuntu/+source/sbsigntool"
|
||||
SRC_URI="https://launchpad.net/ubuntu/+archive/primary/+files/${PN}_${PV}.orig.tar.gz"
|
||||
|
||||
LICENSE="GPL-3"
|
||||
@ -30,4 +32,5 @@ src_prepare() {
|
||||
esac
|
||||
sed -i "/^EFI_ARCH=/s:=.*:=${iarch}:" configure || die
|
||||
sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.in || die
|
||||
sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user