From 92f813bf6097ca1371db20ce1b7cdd866c0ab538 Mon Sep 17 00:00:00 2001 From: Krzesimir Nowak Date: Wed, 2 Apr 2025 16:13:27 +0200 Subject: [PATCH] app-crypt/sbsigntools: Sync with Gentoo It's from Gentoo commit 18c124079dd14ab994e3c4a576a80bbb24e9fa12. --- .../app-crypt/sbsigntools/Manifest | 1 + .../sbsigntools/files/openssl-3-compat.patch | 15 ----- .../files/sbsigntools-0.9.4-no-werror.patch | 13 ++++ .../files/sbsigntools-0.9.4-openssl3.patch | 35 +++++++++++ .../app-crypt/sbsigntools/metadata.xml | 3 +- ...9.4.ebuild => sbsigntools-0.9.4-r1.ebuild} | 11 ++-- .../sbsigntools/sbsigntools-0.9.5.ebuild | 59 +++++++++++++++++++ 7 files changed, 115 insertions(+), 22 deletions(-) delete mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/openssl-3-compat.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-no-werror.patch create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch rename sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/{sbsigntools-0.9.4.ebuild => sbsigntools-0.9.4-r1.ebuild} (85%) create mode 100644 sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.5.ebuild diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/Manifest b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/Manifest index 25850541d8..e0a935653e 100644 --- a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/Manifest +++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/Manifest @@ -1,2 +1,3 @@ DIST sbsigntool-0.8-ccan.tar.gz 113537 BLAKE2B 8fbf27463d30c1895930628a145be2d521ae4f6adb7af3299bf2f5f4319fd643df0a07347ef6851bd41d233af4c3fc5f77002771af1c43aa0f20665aef2390b8 SHA512 6857096879f116f1802eb6b44789cbea7bb24440bc0f16503aeadf5f276fa45943f322f844dbb9abee717655205d82b830143be3a7f4424fd4146b9360674a09 DIST sbsigntools-0.9.4.tar.gz 57714 BLAKE2B 94797af6c98a9c13cb71e52ba6f7ff07de70660af2194b14061e0cb618d6effff52ef7a4dd2fd4e44e75f022b979442d4290b1d65d63017b2fbebdca5951c5c9 SHA512 953d3d9a7f92b837da966eabe3572163a29c5292e792d5ef17cf842d7373ffaa901377cb4ec68006a6ef2f9c97d48db8ffdd3a6d2853be67016d3484a118bba9 +DIST sbsigntools-0.9.5.tar.gz 57876 BLAKE2B 677f87eac9fba9185acd7e25b8d7a3682083938313f3086aaaa6871e010bd403bdda5b9a5fe931151af75a344802c964918be8feb38ec6229d9a16c5b63416b6 SHA512 3b23bdf1855132a91e2063039bd4d14c5564e9cd8f551711aa89a91646ff783afb6e318479e9cf46eedbc914a1eade142398c774d8dbfef8fd1d65cbbe60aabd diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/openssl-3-compat.patch b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/openssl-3-compat.patch deleted file mode 100644 index 2304bd432a..0000000000 --- a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/openssl-3-compat.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff --git a/src/idc.c b/src/idc.c -index 6d87bd4..0a82218 100644 ---- a/src/idc.c -+++ b/src/idc.c -@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image) - - idc->data->type = OBJ_nid2obj(peid_nid); - idc->data->value = ASN1_TYPE_new(); -- type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it); -+ type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID)); - - idc->digest->alg->parameter = ASN1_TYPE_new(); - idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256); --- -2.25.1 diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-no-werror.patch b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-no-werror.patch new file mode 100644 index 0000000000..42650929b8 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-no-werror.patch @@ -0,0 +1,13 @@ +https://bugs.gentoo.org/832212 +https://bugs.gentoo.org/845372 +--- a/src/Makefile.am ++++ b/src/Makefile.am +@@ -7,7 +7,7 @@ AM_CFLAGS = -Wall -Wextra --std=gnu99 + common_SOURCES = idc.c idc.h image.c image.h fileio.c fileio.h \ + efivars.h $(coff_headers) + common_LDADD = ../lib/ccan/libccan.a $(libcrypto_LIBS) +-common_CFLAGS = -I$(top_srcdir)/lib/ccan/ -Werror ++common_CFLAGS = -I$(top_srcdir)/lib/ccan/ + + sbsign_SOURCES = sbsign.c $(common_SOURCES) + sbsign_LDADD = $(common_LDADD) diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch new file mode 100644 index 0000000000..3fffe9b668 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/files/sbsigntools-0.9.4-openssl3.patch @@ -0,0 +1,35 @@ +Subject: [PATCH] Fix openssl-3.0 issue involving ASN1 xxx_it +From: Jeremi Piotrowski +Origin: https://groups.io/g/sbsigntools/message/54 + +Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it. + +openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it` to +`const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind +OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is +available. This change should have been transparent to the application, but +only if the `ASN1_ITEM_rptr()` macro is used. + +This change passes `make check` with both openssl 1.1 and 3.0. + +Signed-off-by: Jeremi Piotrowski +--- + src/idc.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/idc.c b/src/idc.c +index 6d87bd4..0a82218 100644 +--- a/src/idc.c ++++ b/src/idc.c +@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image) + + idc->data->type = OBJ_nid2obj(peid_nid); + idc->data->value = ASN1_TYPE_new(); +- type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it); ++ type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID)); + + idc->digest->alg->parameter = ASN1_TYPE_new(); + idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256); +-- +2.25.1 + diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/metadata.xml b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/metadata.xml index ef5313d421..f0168eb305 100644 --- a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/metadata.xml +++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/metadata.xml @@ -2,7 +2,8 @@ - tamiko@gentoo.org + nowa@gentoo.org + Nowa Ammerlaan ubuntu diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.4.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.4-r1.ebuild similarity index 85% rename from sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.4.ebuild rename to sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.4-r1.ebuild index 41cf7c59c5..0ce5dbbe30 100644 --- a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.4.ebuild +++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.4-r1.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2021 Gentoo Authors +# Copyright 1999-2022 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI="7" @@ -14,7 +14,7 @@ SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/${PN}.git/snapshot LICENSE="GPL-3 LGPL-3 LGPL-2.1 CC0-1.0" SLOT="0" -KEYWORDS="amd64 arm64 ~x86" +KEYWORDS="amd64 arm64 ~riscv x86" IUSE="" RDEPEND=" @@ -27,7 +27,8 @@ DEPEND="${RDEPEND} virtual/pkgconfig" PATCHES=( - "${FILESDIR}"/openssl-3-compat.patch + "${FILESDIR}"/${PN}-0.9.4-no-werror.patch + "${FILESDIR}"/${PN}-0.9.4-openssl3.patch ) src_prepare() { @@ -39,6 +40,7 @@ src_prepare() { amd64) iarch=x86_64 ;; arm64) iarch=aarch64 ;; ia64) iarch=ia64 ;; + riscv) iarch=riscv64 ;; x86) iarch=ia32 ;; *) die "unsupported architecture: ${ARCH}" ;; esac @@ -46,9 +48,6 @@ src_prepare() { sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.am || die sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480 - # Flatcar change required to compile with OpenSSLv3 - sed -i "s/-Werror//g" src/Makefile.am || die - default eautoreconf } diff --git a/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.5.ebuild b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.5.ebuild new file mode 100644 index 0000000000..b6c7e8e1d9 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/app-crypt/sbsigntools/sbsigntools-0.9.5.ebuild @@ -0,0 +1,59 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +MY_PN="${PN::-1}" + +inherit autotools toolchain-funcs + +DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot" +HOMEPAGE="https://git.kernel.org/cgit/linux/kernel/git/jejb/sbsigntools.git/" +SRC_URI=" + https://git.kernel.org/pub/scm/linux/kernel/git/jejb/${PN}.git/snapshot/${P}.tar.gz + https://dev.gentoo.org/~tamiko/distfiles/${MY_PN}-0.8-ccan.tar.gz +" + +LICENSE="GPL-3 LGPL-3 LGPL-2.1 CC0-1.0" +SLOT="0" +KEYWORDS="amd64 arm64 ~riscv x86" +IUSE="" + +RDEPEND=" + dev-libs/openssl:= + sys-apps/util-linux +" +DEPEND=" + ${RDEPEND} + sys-boot/gnu-efi + sys-libs/binutils-libs +" +BDEPEND=" + sys-apps/help2man + virtual/pkgconfig +" + +PATCHES=( + "${FILESDIR}"/${PN}-0.9.4-no-werror.patch +) + +src_prepare() { + mv "${WORKDIR}"/lib/ccan "${S}"/lib || die "mv failed" + rmdir "${WORKDIR}"/lib || die "rmdir failed" + + local iarch + case ${ARCH} in + amd64) iarch=x86_64 ;; + arm64) iarch=aarch64 ;; + ia64) iarch=ia64 ;; + riscv) iarch=riscv64 ;; + x86) iarch=ia32 ;; + *) die "unsupported architecture: ${ARCH}" ;; + esac + sed -i "/^EFI_ARCH=/s:=.*:=${iarch}:" configure.ac || die + sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.am || die + sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480 + + default + eautoreconf +}