app-crypt/sbsigntools: Sync with Gentoo

It's from Gentoo commit 18c124079dd14ab994e3c4a576a80bbb24e9fa12.
2025-11-26 21:11:54 +01:00 · 2025-04-02 16:13:27 +02:00 · 2025-04-02 16:13:27 +02:00 · 92f813bf60
commit 92f813bf60
parent 21b9f61d96
7 changed files with 115 additions and 22 deletions
--- a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/Manifest
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/Manifest
@ -1,2 +1,3 @@
 DIST sbsigntool-0.8-ccan.tar.gz 113537 BLAKE2B 8fbf27463d30c1895930628a145be2d521ae4f6adb7af3299bf2f5f4319fd643df0a07347ef6851bd41d233af4c3fc5f77002771af1c43aa0f20665aef2390b8 SHA512 6857096879f116f1802eb6b44789cbea7bb24440bc0f16503aeadf5f276fa45943f322f844dbb9abee717655205d82b830143be3a7f4424fd4146b9360674a09
 DIST sbsigntools-0.9.4.tar.gz 57714 BLAKE2B 94797af6c98a9c13cb71e52ba6f7ff07de70660af2194b14061e0cb618d6effff52ef7a4dd2fd4e44e75f022b979442d4290b1d65d63017b2fbebdca5951c5c9 SHA512 953d3d9a7f92b837da966eabe3572163a29c5292e792d5ef17cf842d7373ffaa901377cb4ec68006a6ef2f9c97d48db8ffdd3a6d2853be67016d3484a118bba9
+DIST sbsigntools-0.9.5.tar.gz 57876 BLAKE2B 677f87eac9fba9185acd7e25b8d7a3682083938313f3086aaaa6871e010bd403bdda5b9a5fe931151af75a344802c964918be8feb38ec6229d9a16c5b63416b6 SHA512 3b23bdf1855132a91e2063039bd4d14c5564e9cd8f551711aa89a91646ff783afb6e318479e9cf46eedbc914a1eade142398c774d8dbfef8fd1d65cbbe60aabd
--- a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/openssl-3-compat.patch
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/openssl-3-compat.patch
@ -1,15 +0,0 @@
-diff --git a/src/idc.c b/src/idc.c
-index 6d87bd4..0a82218 100644
--- a/src/idc.c
-+++ b/src/idc.c
-@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image)
- 
- 	idc->data->type = OBJ_nid2obj(peid_nid);
- 	idc->data->value = ASN1_TYPE_new();
-	type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it);
-+	type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID));
- 
-         idc->digest->alg->parameter = ASN1_TYPE_new();
-         idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256);
-- 
-2.25.1
--- a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-no-werror.patch
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-no-werror.patch
@ -0,0 +1,13 @@
+https://bugs.gentoo.org/832212
+https://bugs.gentoo.org/845372
+--- a/src/Makefile.am
+++ b/src/Makefile.am
+@@ -7,7 +7,7 @@ AM_CFLAGS = -Wall -Wextra --std=gnu99
+ common_SOURCES = idc.c idc.h image.c image.h fileio.c fileio.h \
+ 	efivars.h $(coff_headers)
+ common_LDADD = ../lib/ccan/libccan.a $(libcrypto_LIBS)
+-common_CFLAGS = -I$(top_srcdir)/lib/ccan/ -Werror
+common_CFLAGS = -I$(top_srcdir)/lib/ccan/
+ 
+ sbsign_SOURCES = sbsign.c $(common_SOURCES)
+ sbsign_LDADD = $(common_LDADD)
--- a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch
@ -0,0 +1,35 @@
+Subject: [PATCH] Fix openssl-3.0 issue involving ASN1 xxx_it
+From: Jeremi Piotrowski <jeremi.piotrowski@microsoft.com>
+Origin: https://groups.io/g/sbsigntools/message/54
+
+Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it.
+
+openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it` to
+`const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind
+OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is
+available. This change should have been transparent to the application, but
+only if the `ASN1_ITEM_rptr()` macro is used.
+
+This change passes `make check` with both openssl 1.1 and 3.0.
+
+Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
+---
+ src/idc.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/idc.c b/src/idc.c
+index 6d87bd4..0a82218 100644
+--- a/src/idc.c
+++ b/src/idc.c
+@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image)
+
+ 	idc->data->type = OBJ_nid2obj(peid_nid);
+ 	idc->data->value = ASN1_TYPE_new();
+-	type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it);
+	type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID));
+
+         idc->digest->alg->parameter = ASN1_TYPE_new();
+         idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256);
+-- 
+2.25.1
+
--- a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/metadata.xml
@ -2,7 +2,8 @@
 <!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
 <pkgmetadata>
 	<maintainer type="person">
-		<email>tamiko@gentoo.org</email>
+		<email>nowa@gentoo.org</email>
+		<name>Nowa Ammerlaan</name>
 	</maintainer>
 	<upstream>
 		<remote-id type="launchpad">ubuntu</remote-id>
--- a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.4-r1.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.4-r1.ebuild
@ -1,4 +1,4 @@
-# Copyright 1999-2021 Gentoo Authors
+# Copyright 1999-2022 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2

 EAPI="7"
@ -14,7 +14,7 @@ SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/${PN}.git/snapshot

 LICENSE="GPL-3 LGPL-3 LGPL-2.1 CC0-1.0"
 SLOT="0"
-KEYWORDS="amd64 arm64 ~x86"
+KEYWORDS="amd64 arm64 ~riscv x86"
 IUSE=""

 RDEPEND="
@ -27,7 +27,8 @@ DEPEND="${RDEPEND}
 	virtual/pkgconfig"

 PATCHES=(
-	"${FILESDIR}"/openssl-3-compat.patch
+	"${FILESDIR}"/${PN}-0.9.4-no-werror.patch
+	"${FILESDIR}"/${PN}-0.9.4-openssl3.patch
 )

 src_prepare() {
@ -39,6 +40,7 @@ src_prepare() {
 		amd64) iarch=x86_64 ;;
 		arm64) iarch=aarch64 ;;
 		ia64)  iarch=ia64 ;;
+		riscv) iarch=riscv64 ;;
 		x86)   iarch=ia32 ;;
 		*)     die "unsupported architecture: ${ARCH}" ;;
 	esac
@ -46,9 +48,6 @@ src_prepare() {
 	sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.am || die
 	sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480

-	# Flatcar change required to compile with OpenSSLv3
-	sed -i "s/-Werror//g" src/Makefile.am || die
-
 	default
 	eautoreconf
 }
--- a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.5.ebuild
+++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.5.ebuild
@ -0,0 +1,59 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+MY_PN="${PN::-1}"
+
+inherit autotools toolchain-funcs
+
+DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot"
+HOMEPAGE="https://git.kernel.org/cgit/linux/kernel/git/jejb/sbsigntools.git/"
+SRC_URI="
+	https://git.kernel.org/pub/scm/linux/kernel/git/jejb/${PN}.git/snapshot/${P}.tar.gz
+	https://dev.gentoo.org/~tamiko/distfiles/${MY_PN}-0.8-ccan.tar.gz
+"
+
+LICENSE="GPL-3 LGPL-3 LGPL-2.1 CC0-1.0"
+SLOT="0"
+KEYWORDS="amd64 arm64 ~riscv x86"
+IUSE=""
+
+RDEPEND="
+	dev-libs/openssl:=
+	sys-apps/util-linux
+"
+DEPEND="
+	${RDEPEND}
+	sys-boot/gnu-efi
+	sys-libs/binutils-libs
+"
+BDEPEND="
+	sys-apps/help2man
+	virtual/pkgconfig
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-0.9.4-no-werror.patch
+)
+
+src_prepare() {
+	mv "${WORKDIR}"/lib/ccan "${S}"/lib || die "mv failed"
+	rmdir "${WORKDIR}"/lib || die "rmdir failed"
+
+	local iarch
+	case ${ARCH} in
+		amd64) iarch=x86_64 ;;
+		arm64) iarch=aarch64 ;;
+		ia64)  iarch=ia64 ;;
+		riscv) iarch=riscv64 ;;
+		x86)   iarch=ia32 ;;
+		*)     die "unsupported architecture: ${ARCH}" ;;
+	esac
+	sed -i "/^EFI_ARCH=/s:=.*:=${iarch}:" configure.ac || die
+	sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.am || die
+	sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480
+
+	default
+	eautoreconf
+}