[gentoo-commits] repo/proj/libressl:master commit in: app-crypt/sbsigntools/files/, app-crypt/sbsigntools/ - gentoo-commits

From:	Quentin Retornaz <gentoo@××××××××.com>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/proj/libressl:master commit in: app-crypt/sbsigntools/files/, app-crypt/sbsigntools/
Date:	Mon, 03 May 2021 16:23:06
Message-Id:	`1620058960.e2163d2ada041a93a694dd763ad0204854d19b25.quentin@gentoo`

1

commit:     e2163d2ada041a93a694dd763ad0204854d19b25

2

Author:     Quentin Retornaz <gentoo <AT> retornaz <DOT> com>

3

AuthorDate: Mon May  3 16:22:40 2021 +0000

4

Commit:     Quentin Retornaz <gentoo <AT> retornaz <DOT> com>

5

CommitDate: Mon May  3 16:22:40 2021 +0000

6

URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=e2163d2a

7

8

app-crypt/sbsigntools: new package

9

10

Package-Manager: Portage-3.0.18, Repoman-3.0.2

11

Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>

12

13

 app-crypt/sbsigntools/Manifest                     |   2 +

14

 .../sbsigntools-0.9.1-openssl-1.1.0-compat.patch   | 152 +++++++++++++++++++

15

 .../files/sbsigntools-0.9.2-libressl.patch         | 161 +++++++++++++++++++++

16

 app-crypt/sbsigntools/metadata.xml                 |  10 ++

17

 app-crypt/sbsigntools/sbsigntools-0.9.2.ebuild     |  48 ++++++

18

 5 files changed, 373 insertions(+)

19

20

diff --git a/app-crypt/sbsigntools/Manifest b/app-crypt/sbsigntools/Manifest

21

new file mode 100644

22

index 0000000..564b3aa

23

--- /dev/null

24

+++ b/app-crypt/sbsigntools/Manifest

25

@@ -0,0 +1,2 @@

26

+DIST sbsigntool-0.8-ccan.tar.gz 113537 BLAKE2B 8fbf27463d30c1895930628a145be2d521ae4f6adb7af3299bf2f5f4319fd643df0a07347ef6851bd41d233af4c3fc5f77002771af1c43aa0f20665aef2390b8 SHA512 6857096879f116f1802eb6b44789cbea7bb24440bc0f16503aeadf5f276fa45943f322f844dbb9abee717655205d82b830143be3a7f4424fd4146b9360674a09

27

+DIST sbsigntools-0.9.2.tar.gz 56525 BLAKE2B 0bce1f534aa960672eab6a415e287b79ff9f18eb947e2217ad4533081f8b854e160b57828afbb56423b2dcab723d3a8aacb2e6affeb2057d17ce3c1761d96b11 SHA512 060753ed9c8db794e4755cc66c1940a2ccc89f4ddf0e825da1f1e6eaa75fc67c21060ee4b5dfb0c757b69e6f5959bfa68156d9f95a945cf63c6a20f1414a2c27

28

29

diff --git a/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch b/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch

30

new file mode 100644

31

index 0000000..2f9364f

32

--- /dev/null

33

+++ b/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch

34

@@ -0,0 +1,152 @@

35

+diff --git a/src/fileio.c b/src/fileio.c

36

+index 032eb1e..09bc3aa 100644

37

+--- a/src/fileio.c

38

++++ b/src/fileio.c

39

+@@ -40,6 +40,7 @@

40

+ #include <openssl/pem.h>

41

+ #include <openssl/err.h>

42

+ #include <openssl/engine.h>

43

++#include <openssl/ui.h>

44

+

45

+ #include <ccan/talloc/talloc.h>

46

+ #include <ccan/read_write_all/read_write_all.h>

47

+diff --git a/src/idc.c b/src/idc.c

48

+index 236cefd..6d87bd4 100644

49

+--- a/src/idc.c

50

++++ b/src/idc.c

51

+@@ -238,7 +238,11 @@ struct idc *IDC_get(PKCS7 *p7, BIO *bio)

52

+

53

+ 	/* extract the idc from the signed PKCS7 'other' data */

54

+ 	str = p7->d.sign->contents->d.other->value.asn1_string;

55

++#if OPENSSL_VERSION_NUMBER < 0x10100000L

56

+ 	idcbuf = buf = ASN1_STRING_data(str);

57

++#else

58

++	idcbuf = buf = ASN1_STRING_get0_data(str);

59

++#endif

60

+ 	idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str));

61

+

62

+ 	/* If we were passed a BIO, write the idc data, minus type and length,

63

+@@ -289,7 +293,11 @@ int IDC_check_hash(struct idc *idc, struct image *image)

64

+ 	}

65

+

66

+ 	/* check hash against the one we calculated from the image */

67

++#if OPENSSL_VERSION_NUMBER < 0x10100000L

68

+ 	buf = ASN1_STRING_data(str);

69

++#else

70

++	buf = ASN1_STRING_get0_data(str);

71

++#endif

72

+ 	if (memcmp(buf, sha, sizeof(sha))) {

73

+ 		fprintf(stderr, "Hash doesn't match image\n");

74

+ 		fprintf(stderr, " got:       %s\n", sha256_str(buf));

75

+diff --git a/src/sbattach.c b/src/sbattach.c

76

+index a0c01b8..e89a23e 100644

77

+--- a/src/sbattach.c

78

++++ b/src/sbattach.c

79

+@@ -231,6 +231,7 @@ int main(int argc, char **argv)

80

+ 		return EXIT_FAILURE;

81

+ 	}

82

+

83

++#if OPENSSL_VERSION_NUMBER < 0x10100000L

84

+ 	ERR_load_crypto_strings();

85

+ 	OpenSSL_add_all_digests();

86

+ 	OPENSSL_config(NULL);

87

+@@ -239,6 +240,7 @@ int main(int argc, char **argv)

88

+ 	 * module isn't present).  In either case ignore the errors

89

+ 	 * (malloc will cause other failures out lower down */

90

+ 	ERR_clear_error();

91

++#endif

92

+

93

+ 	image = image_load(image_filename);

94

+ 	if (!image) {

95

+diff --git a/src/sbkeysync.c b/src/sbkeysync.c

96

+index 7b17f40..419b1e7 100644

97

+--- a/src/sbkeysync.c

98

++++ b/src/sbkeysync.c

99

+@@ -208,7 +208,11 @@ static int x509_key_parse(struct key *key, uint8_t *data, size_t len)

100

+ 		goto out;

101

+

102

+ 	key->id_len = ASN1_STRING_length(serial);

103

++#if OPENSSL_VERSION_NUMBER < 0x10100000L

104

+ 	key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len);

105

++#else

106

++	key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len);

107

++#endif

108

+

109

+ 	key->description = talloc_array(key, char, description_len);

110

+ 	X509_NAME_oneline(X509_get_subject_name(x509),

111

+@@ -927,6 +931,7 @@ int main(int argc, char **argv)

112

+ 		return EXIT_FAILURE;

113

+ 	}

114

+

115

++#if OPENSSL_VERSION_NUMBER < 0x10100000L

116

+ 	ERR_load_crypto_strings();

117

+ 	OpenSSL_add_all_digests();

118

+ 	OpenSSL_add_all_ciphers();

119

+@@ -936,6 +941,7 @@ int main(int argc, char **argv)

120

+ 	 * module isn't present).  In either case ignore the errors

121

+ 	 * (malloc will cause other failures out lower down */

122

+ 	ERR_clear_error();

123

++#endif

124

+

125

+ 	ctx->filesystem_keys = init_keyset(ctx);

126

+ 	ctx->firmware_keys = init_keyset(ctx);

127

+diff --git a/src/sbsign.c b/src/sbsign.c

128

+index ff1fdfd..78d8d64 100644

129

+--- a/src/sbsign.c

130

++++ b/src/sbsign.c

131

+@@ -188,6 +188,7 @@ int main(int argc, char **argv)

132

+

133

+ 	talloc_steal(ctx, ctx->image);

134

+

135

++#if OPENSSL_VERSION_NUMBER < 0x10100000L

136

+ 	ERR_load_crypto_strings();

137

+ 	OpenSSL_add_all_digests();

138

+ 	OpenSSL_add_all_ciphers();

139

+@@ -197,6 +198,7 @@ int main(int argc, char **argv)

140

+ 	 * module isn't present).  In either case ignore the errors

141

+ 	 * (malloc will cause other failures out lower down */

142

+ 	ERR_clear_error();

143

++#endif

144

+ 	if (engine)

145

+ 		pkey = fileio_read_engine_key(engine, keyfilename);

146

+ 	else

147

+diff --git a/src/sbvarsign.c b/src/sbvarsign.c

148

+index 7dcbe51..9319c8b 100644

149

+--- a/src/sbvarsign.c

150

++++ b/src/sbvarsign.c

151

+@@ -509,6 +509,7 @@ int main(int argc, char **argv)

152

+ 		return EXIT_FAILURE;

153

+ 	}

154

+

155

++#if OPENSSL_VERSION_NUMBER < 0x10100000L

156

+ 	/* initialise openssl */

157

+ 	OpenSSL_add_all_digests();

158

+ 	OpenSSL_add_all_ciphers();

159

+@@ -519,6 +520,7 @@ int main(int argc, char **argv)

160

+ 	 * module isn't present).  In either case ignore the errors

161

+ 	 * (malloc will cause other failures out lower down */

162

+ 	ERR_clear_error();

163

++#endif

164

+

165

+ 	/* set up the variable signing context */

166

+ 	varname = argv[optind];

167

+diff --git a/src/sbverify.c b/src/sbverify.c

168

+index 3920d91..d0b203a 100644

169

+--- a/src/sbverify.c

170

++++ b/src/sbverify.c

171

+@@ -250,6 +250,7 @@ int main(int argc, char **argv)

172

+ 	verbose = false;

173

+ 	detached_sig_filename = NULL;

174

+

175

++#if OPENSSL_VERSION_NUMBER < 0x10100000L

176

+ 	OpenSSL_add_all_digests();

177

+ 	ERR_load_crypto_strings();

178

+ 	OPENSSL_config(NULL);

179

+@@ -258,6 +259,7 @@ int main(int argc, char **argv)

180

+ 	 * module isn't present).  In either case ignore the errors

181

+ 	 * (malloc will cause other failures out lower down */

182

+ 	ERR_clear_error();

183

++#endif

184

+

185

+ 	for (;;) {

186

+ 		int idx;

187

188

diff --git a/app-crypt/sbsigntools/files/sbsigntools-0.9.2-libressl.patch b/app-crypt/sbsigntools/files/sbsigntools-0.9.2-libressl.patch

189

new file mode 100644

190

index 0000000..226f7fd

191

--- /dev/null

192

+++ b/app-crypt/sbsigntools/files/sbsigntools-0.9.2-libressl.patch

193

@@ -0,0 +1,161 @@

194

+diff --git a/src/fileio.c b/src/fileio.c

195

+index 032eb1e..09bc3aa 100644

196

+--- a/src/fileio.c

197

++++ b/src/fileio.c

198

+@@ -40,6 +40,7 @@

199

+ #include <openssl/pem.h>

200

+ #include <openssl/err.h>

201

+ #include <openssl/engine.h>

202

++#include <openssl/ui.h>

203

+

204

+ #include <ccan/talloc/talloc.h>

205

+ #include <ccan/read_write_all/read_write_all.h>

206

+diff --git a/src/idc.c b/src/idc.c

207

+index 236cefd..18c670a 100644

208

+--- a/src/idc.c

209

++++ b/src/idc.c

210

+@@ -238,7 +238,11 @@ struct idc *IDC_get(PKCS7 *p7, BIO *bio)

211

+

212

+ 	/* extract the idc from the signed PKCS7 'other' data */

213

+ 	str = p7->d.sign->contents->d.other->value.asn1_string;

214

++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

215

+ 	idcbuf = buf = ASN1_STRING_data(str);

216

++#else

217

++	idcbuf = buf = ASN1_STRING_get0_data(str);

218

++#endif

219

+ 	idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str));

220

+

221

+ 	/* If we were passed a BIO, write the idc data, minus type and length,

222

+@@ -289,7 +293,11 @@ int IDC_check_hash(struct idc *idc, struct image *image)

223

+ 	}

224

+

225

+ 	/* check hash against the one we calculated from the image */

226

++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

227

+ 	buf = ASN1_STRING_data(str);

228

++#else

229

++	buf = ASN1_STRING_get0_data(str);

230

++#endif

231

+ 	if (memcmp(buf, sha, sizeof(sha))) {

232

+ 		fprintf(stderr, "Hash doesn't match image\n");

233

+ 		fprintf(stderr, " got:       %s\n", sha256_str(buf));

234

+diff --git a/src/sbattach.c b/src/sbattach.c

235

+index a0c01b8..fe5a18e 100644

236

+--- a/src/sbattach.c

237

++++ b/src/sbattach.c

238

+@@ -231,6 +231,7 @@ int main(int argc, char **argv)

239

+ 		return EXIT_FAILURE;

240

+ 	}

241

+

242

++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

243

+ 	ERR_load_crypto_strings();

244

+ 	OpenSSL_add_all_digests();

245

+ 	OPENSSL_config(NULL);

246

+@@ -239,6 +240,7 @@ int main(int argc, char **argv)

247

+ 	 * module isn't present).  In either case ignore the errors

248

+ 	 * (malloc will cause other failures out lower down */

249

+ 	ERR_clear_error();

250

++#endif

251

+

252

+ 	image = image_load(image_filename);

253

+ 	if (!image) {

254

+diff --git a/src/sbkeysync.c b/src/sbkeysync.c

255

+index 7b17f40..753ca52 100644

256

+--- a/src/sbkeysync.c

257

++++ b/src/sbkeysync.c

258

+@@ -208,7 +208,11 @@ static int x509_key_parse(struct key *key, uint8_t *data, size_t len)

259

+ 		goto out;

260

+

261

+ 	key->id_len = ASN1_STRING_length(serial);

262

++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

263

+ 	key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len);

264

++#else

265

++	key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len);

266

++#endif

267

+

268

+ 	key->description = talloc_array(key, char, description_len);

269

+ 	X509_NAME_oneline(X509_get_subject_name(x509),

270

+@@ -927,6 +931,7 @@ int main(int argc, char **argv)

271

+ 		return EXIT_FAILURE;

272

+ 	}

273

+

274

++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

275

+ 	ERR_load_crypto_strings();

276

+ 	OpenSSL_add_all_digests();

277

+ 	OpenSSL_add_all_ciphers();

278

+@@ -936,6 +941,7 @@ int main(int argc, char **argv)

279

+ 	 * module isn't present).  In either case ignore the errors

280

+ 	 * (malloc will cause other failures out lower down */

281

+ 	ERR_clear_error();

282

++#endif

283

+

284

+ 	ctx->filesystem_keys = init_keyset(ctx);

285

+ 	ctx->firmware_keys = init_keyset(ctx);

286

+diff --git a/src/sbsign.c b/src/sbsign.c

287

+index ff1fdfd..5754113 100644

288

+--- a/src/sbsign.c

289

++++ b/src/sbsign.c

290

+@@ -188,6 +188,7 @@ int main(int argc, char **argv)

291

+

292

+ 	talloc_steal(ctx, ctx->image);

293

+

294

++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

295

+ 	ERR_load_crypto_strings();

296

+ 	OpenSSL_add_all_digests();

297

+ 	OpenSSL_add_all_ciphers();

298

+@@ -197,6 +198,7 @@ int main(int argc, char **argv)

299

+ 	 * module isn't present).  In either case ignore the errors

300

+ 	 * (malloc will cause other failures out lower down */

301

+ 	ERR_clear_error();

302

++#endif

303

+ 	if (engine)

304

+ 		pkey = fileio_read_engine_key(engine, keyfilename);

305

+ 	else

306

+diff --git a/src/sbvarsign.c b/src/sbvarsign.c

307

+index ebf625c..43a1a61 100644

308

+--- a/src/sbvarsign.c

309

++++ b/src/sbvarsign.c

310

+@@ -509,6 +509,7 @@ int main(int argc, char **argv)

311

+ 		return EXIT_FAILURE;

312

+ 	}

313

+

314

++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

315

+ 	/* initialise openssl */

316

+ 	OpenSSL_add_all_digests();

317

+ 	OpenSSL_add_all_ciphers();

318

+@@ -519,6 +520,7 @@ int main(int argc, char **argv)

319

+ 	 * module isn't present).  In either case ignore the errors

320

+ 	 * (malloc will cause other failures out lower down */

321

+ 	ERR_clear_error();

322

++#endif

323

+

324

+ 	/* set up the variable signing context */

325

+ 	varname = argv[optind];

326

+diff --git a/src/sbverify.c b/src/sbverify.c

327

+index 3920d91..3d9c0a1 100644

328

+--- a/src/sbverify.c

329

++++ b/src/sbverify.c

330

+@@ -56,7 +56,7 @@

331

+ #include <openssl/pem.h>

332

+ #include <openssl/x509v3.h>

333

+

334

+-#if OPENSSL_VERSION_NUMBER < 0x10100000L

335

++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

336

+ #define X509_OBJECT_get0_X509(obj) ((obj)->data.x509)

337

+ #define X509_OBJECT_get_type(obj) ((obj)->type)

338

+ #define X509_STORE_CTX_get0_cert(ctx) ((ctx)->cert)

339

+@@ -250,6 +250,7 @@ int main(int argc, char **argv)

340

+ 	verbose = false;

341

+ 	detached_sig_filename = NULL;

342

+

343

++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)

344

+ 	OpenSSL_add_all_digests();

345

+ 	ERR_load_crypto_strings();

346

+ 	OPENSSL_config(NULL);

347

+@@ -258,6 +259,7 @@ int main(int argc, char **argv)

348

+ 	 * module isn't present).  In either case ignore the errors

349

+ 	 * (malloc will cause other failures out lower down */

350

+ 	ERR_clear_error();

351

++#endif

352

+

353

+ 	for (;;) {

354

+ 		int idx;

355

356

diff --git a/app-crypt/sbsigntools/metadata.xml b/app-crypt/sbsigntools/metadata.xml

357

new file mode 100644

358

index 0000000..20001d6

359

--- /dev/null

360

+++ b/app-crypt/sbsigntools/metadata.xml

361

@@ -0,0 +1,10 @@

362

+<?xml version="1.0" encoding="UTF-8"?>

363

+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">

364

+<pkgmetadata>

365

+	<maintainer type="person">

366

+		<email>tamiko@g.o</email>

367

+	</maintainer>

368

+	<upstream>

369

+		<remote-id type="launchpad">ubuntu</remote-id>

370

+	</upstream>

371

+</pkgmetadata>

372

373

diff --git a/app-crypt/sbsigntools/sbsigntools-0.9.2.ebuild b/app-crypt/sbsigntools/sbsigntools-0.9.2.ebuild

374

new file mode 100644

375

index 0000000..92c0ab7

376

--- /dev/null

377

+++ b/app-crypt/sbsigntools/sbsigntools-0.9.2.ebuild

378

@@ -0,0 +1,48 @@

379

+# Copyright 1999-2021 Gentoo Authors

380

+# Distributed under the terms of the GNU General Public License v2

381

+

382

+EAPI="7"

383

+

384

+MY_PN="${PN::-1}"

385

+

386

+inherit autotools toolchain-funcs

387

+

388

+DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot"

389

+HOMEPAGE="https://git.kernel.org/cgit/linux/kernel/git/jejb/sbsigntools.git/"

390

+SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/${PN}.git/snapshot/${P}.tar.gz

391

+	https://dev.gentoo.org/~tamiko/distfiles/${MY_PN}-0.8-ccan.tar.gz"

392

+

393

+LICENSE="GPL-3 LGPL-3 LGPL-2.1 CC0-1.0"

394

+SLOT="0"

395

+KEYWORDS="amd64 ~arm64 x86"

396

+IUSE=""

397

+

398

+RDEPEND="

399

+	dev-libs/openssl:0=

400

+	sys-apps/util-linux"

401

+DEPEND="${RDEPEND}

402

+	sys-apps/help2man

403

+	sys-boot/gnu-efi

404

+	sys-libs/binutils-libs

405

+	virtual/pkgconfig"

406

+

407

+src_prepare() {

408

+	eapply "${FILESDIR}"/"${P}"-libressl.patch

409

+	mv "${WORKDIR}"/lib/ccan "${S}"/lib || die "mv failed"

410

+	rmdir "${WORKDIR}"/lib || die "rmdir failed"

411

+

412

+	local iarch

413

+	case ${ARCH} in

414

+		amd64) iarch=x86_64 ;;

415

+		arm64) iarch=aarch64 ;;

416

+		ia64)  iarch=ia64 ;;

417

+		x86)   iarch=ia32 ;;

418

+		*)     die "unsupported architecture: ${ARCH}" ;;

419

+	esac

420

+	sed -i "/^EFI_ARCH=/s:=.*:=${iarch}:" configure.ac || die

421

+	sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.am || die

422

+	sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480

423

+

424

+	default

425

+	eautoreconf

426

+}

1	commit: e2163d2ada041a93a694dd763ad0204854d19b25
2	Author: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
3	AuthorDate: Mon May 3 16:22:40 2021 +0000
4	Commit: Quentin Retornaz <gentoo <AT> retornaz <DOT> com>
5	CommitDate: Mon May 3 16:22:40 2021 +0000
6	URL: https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=e2163d2a
7
8	app-crypt/sbsigntools: new package
9
10	Package-Manager: Portage-3.0.18, Repoman-3.0.2
11	Signed-off-by: Quentin Retornaz <gentoo <AT> retornaz.com>
12
13	app-crypt/sbsigntools/Manifest \| 2 +
14	.../sbsigntools-0.9.1-openssl-1.1.0-compat.patch \| 152 +++++++++++++++++++
15	.../files/sbsigntools-0.9.2-libressl.patch \| 161 +++++++++++++++++++++
16	app-crypt/sbsigntools/metadata.xml \| 10 ++
17	app-crypt/sbsigntools/sbsigntools-0.9.2.ebuild \| 48 ++++++
18	5 files changed, 373 insertions(+)
19
20	diff --git a/app-crypt/sbsigntools/Manifest b/app-crypt/sbsigntools/Manifest
21	new file mode 100644
22	index 0000000..564b3aa
23	--- /dev/null
24	+++ b/app-crypt/sbsigntools/Manifest
25	@@ -0,0 +1,2 @@
26	+DIST sbsigntool-0.8-ccan.tar.gz 113537 BLAKE2B 8fbf27463d30c1895930628a145be2d521ae4f6adb7af3299bf2f5f4319fd643df0a07347ef6851bd41d233af4c3fc5f77002771af1c43aa0f20665aef2390b8 SHA512 6857096879f116f1802eb6b44789cbea7bb24440bc0f16503aeadf5f276fa45943f322f844dbb9abee717655205d82b830143be3a7f4424fd4146b9360674a09
27	+DIST sbsigntools-0.9.2.tar.gz 56525 BLAKE2B 0bce1f534aa960672eab6a415e287b79ff9f18eb947e2217ad4533081f8b854e160b57828afbb56423b2dcab723d3a8aacb2e6affeb2057d17ce3c1761d96b11 SHA512 060753ed9c8db794e4755cc66c1940a2ccc89f4ddf0e825da1f1e6eaa75fc67c21060ee4b5dfb0c757b69e6f5959bfa68156d9f95a945cf63c6a20f1414a2c27
28
29	diff --git a/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch b/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch
30	new file mode 100644
31	index 0000000..2f9364f
32	--- /dev/null
33	+++ b/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch
34	@@ -0,0 +1,152 @@
35	+diff --git a/src/fileio.c b/src/fileio.c
36	+index 032eb1e..09bc3aa 100644
37	+--- a/src/fileio.c
38	++++ b/src/fileio.c
39	+@@ -40,6 +40,7 @@
40	+ #include <openssl/pem.h>
41	+ #include <openssl/err.h>
42	+ #include <openssl/engine.h>
43	++#include <openssl/ui.h>
44	+
45	+ #include <ccan/talloc/talloc.h>
46	+ #include <ccan/read_write_all/read_write_all.h>
47	+diff --git a/src/idc.c b/src/idc.c
48	+index 236cefd..6d87bd4 100644
49	+--- a/src/idc.c
50	++++ b/src/idc.c
51	+@@ -238,7 +238,11 @@ struct idc IDC_get(PKCS7 p7, BIO *bio)
52	+
53	+ /* extract the idc from the signed PKCS7 'other' data */
54	+ str = p7->d.sign->contents->d.other->value.asn1_string;
55	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
56	+ idcbuf = buf = ASN1_STRING_data(str);
57	++#else
58	++ idcbuf = buf = ASN1_STRING_get0_data(str);
59	++#endif
60	+ idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str));
61	+
62	+ /* If we were passed a BIO, write the idc data, minus type and length,
63	+@@ -289,7 +293,11 @@ int IDC_check_hash(struct idc idc, struct image image)
64	+ }
65	+
66	+ /* check hash against the one we calculated from the image */
67	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
68	+ buf = ASN1_STRING_data(str);
69	++#else
70	++ buf = ASN1_STRING_get0_data(str);
71	++#endif
72	+ if (memcmp(buf, sha, sizeof(sha))) {
73	+ fprintf(stderr, "Hash doesn't match image\n");
74	+ fprintf(stderr, " got: %s\n", sha256_str(buf));
75	+diff --git a/src/sbattach.c b/src/sbattach.c
76	+index a0c01b8..e89a23e 100644
77	+--- a/src/sbattach.c
78	++++ b/src/sbattach.c
79	+@@ -231,6 +231,7 @@ int main(int argc, char **argv)
80	+ return EXIT_FAILURE;
81	+ }
82	+
83	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
84	+ ERR_load_crypto_strings();
85	+ OpenSSL_add_all_digests();
86	+ OPENSSL_config(NULL);
87	+@@ -239,6 +240,7 @@ int main(int argc, char **argv)
88	+ * module isn't present). In either case ignore the errors
89	+ * (malloc will cause other failures out lower down */
90	+ ERR_clear_error();
91	++#endif
92	+
93	+ image = image_load(image_filename);
94	+ if (!image) {
95	+diff --git a/src/sbkeysync.c b/src/sbkeysync.c
96	+index 7b17f40..419b1e7 100644
97	+--- a/src/sbkeysync.c
98	++++ b/src/sbkeysync.c
99	+@@ -208,7 +208,11 @@ static int x509_key_parse(struct key key, uint8_t data, size_t len)
100	+ goto out;
101	+
102	+ key->id_len = ASN1_STRING_length(serial);
103	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
104	+ key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len);
105	++#else
106	++ key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len);
107	++#endif
108	+
109	+ key->description = talloc_array(key, char, description_len);
110	+ X509_NAME_oneline(X509_get_subject_name(x509),
111	+@@ -927,6 +931,7 @@ int main(int argc, char **argv)
112	+ return EXIT_FAILURE;
113	+ }
114	+
115	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
116	+ ERR_load_crypto_strings();
117	+ OpenSSL_add_all_digests();
118	+ OpenSSL_add_all_ciphers();
119	+@@ -936,6 +941,7 @@ int main(int argc, char **argv)
120	+ * module isn't present). In either case ignore the errors
121	+ * (malloc will cause other failures out lower down */
122	+ ERR_clear_error();
123	++#endif
124	+
125	+ ctx->filesystem_keys = init_keyset(ctx);
126	+ ctx->firmware_keys = init_keyset(ctx);
127	+diff --git a/src/sbsign.c b/src/sbsign.c
128	+index ff1fdfd..78d8d64 100644
129	+--- a/src/sbsign.c
130	++++ b/src/sbsign.c
131	+@@ -188,6 +188,7 @@ int main(int argc, char **argv)
132	+
133	+ talloc_steal(ctx, ctx->image);
134	+
135	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
136	+ ERR_load_crypto_strings();
137	+ OpenSSL_add_all_digests();
138	+ OpenSSL_add_all_ciphers();
139	+@@ -197,6 +198,7 @@ int main(int argc, char **argv)
140	+ * module isn't present). In either case ignore the errors
141	+ * (malloc will cause other failures out lower down */
142	+ ERR_clear_error();
143	++#endif
144	+ if (engine)
145	+ pkey = fileio_read_engine_key(engine, keyfilename);
146	+ else
147	+diff --git a/src/sbvarsign.c b/src/sbvarsign.c
148	+index 7dcbe51..9319c8b 100644
149	+--- a/src/sbvarsign.c
150	++++ b/src/sbvarsign.c
151	+@@ -509,6 +509,7 @@ int main(int argc, char **argv)
152	+ return EXIT_FAILURE;
153	+ }
154	+
155	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
156	+ /* initialise openssl */
157	+ OpenSSL_add_all_digests();
158	+ OpenSSL_add_all_ciphers();
159	+@@ -519,6 +520,7 @@ int main(int argc, char **argv)
160	+ * module isn't present). In either case ignore the errors
161	+ * (malloc will cause other failures out lower down */
162	+ ERR_clear_error();
163	++#endif
164	+
165	+ /* set up the variable signing context */
166	+ varname = argv[optind];
167	+diff --git a/src/sbverify.c b/src/sbverify.c
168	+index 3920d91..d0b203a 100644
169	+--- a/src/sbverify.c
170	++++ b/src/sbverify.c
171	+@@ -250,6 +250,7 @@ int main(int argc, char **argv)
172	+ verbose = false;
173	+ detached_sig_filename = NULL;
174	+
175	++#if OPENSSL_VERSION_NUMBER < 0x10100000L
176	+ OpenSSL_add_all_digests();
177	+ ERR_load_crypto_strings();
178	+ OPENSSL_config(NULL);
179	+@@ -258,6 +259,7 @@ int main(int argc, char **argv)
180	+ * module isn't present). In either case ignore the errors
181	+ * (malloc will cause other failures out lower down */
182	+ ERR_clear_error();
183	++#endif
184	+
185	+ for (;;) {
186	+ int idx;
187
188	diff --git a/app-crypt/sbsigntools/files/sbsigntools-0.9.2-libressl.patch b/app-crypt/sbsigntools/files/sbsigntools-0.9.2-libressl.patch
189	new file mode 100644
190	index 0000000..226f7fd
191	--- /dev/null
192	+++ b/app-crypt/sbsigntools/files/sbsigntools-0.9.2-libressl.patch
193	@@ -0,0 +1,161 @@
194	+diff --git a/src/fileio.c b/src/fileio.c
195	+index 032eb1e..09bc3aa 100644
196	+--- a/src/fileio.c
197	++++ b/src/fileio.c
198	+@@ -40,6 +40,7 @@
199	+ #include <openssl/pem.h>
200	+ #include <openssl/err.h>
201	+ #include <openssl/engine.h>
202	++#include <openssl/ui.h>
203	+
204	+ #include <ccan/talloc/talloc.h>
205	+ #include <ccan/read_write_all/read_write_all.h>
206	+diff --git a/src/idc.c b/src/idc.c
207	+index 236cefd..18c670a 100644
208	+--- a/src/idc.c
209	++++ b/src/idc.c
210	+@@ -238,7 +238,11 @@ struct idc IDC_get(PKCS7 p7, BIO *bio)
211	+
212	+ /* extract the idc from the signed PKCS7 'other' data */
213	+ str = p7->d.sign->contents->d.other->value.asn1_string;
214	++#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
215	+ idcbuf = buf = ASN1_STRING_data(str);
216	++#else
217	++ idcbuf = buf = ASN1_STRING_get0_data(str);
218	++#endif
219	+ idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str));
220	+
221	+ /* If we were passed a BIO, write the idc data, minus type and length,
222	+@@ -289,7 +293,11 @@ int IDC_check_hash(struct idc idc, struct image image)
223	+ }
224	+
225	+ /* check hash against the one we calculated from the image */
226	++#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
227	+ buf = ASN1_STRING_data(str);
228	++#else
229	++ buf = ASN1_STRING_get0_data(str);
230	++#endif
231	+ if (memcmp(buf, sha, sizeof(sha))) {
232	+ fprintf(stderr, "Hash doesn't match image\n");
233	+ fprintf(stderr, " got: %s\n", sha256_str(buf));
234	+diff --git a/src/sbattach.c b/src/sbattach.c
235	+index a0c01b8..fe5a18e 100644
236	+--- a/src/sbattach.c
237	++++ b/src/sbattach.c
238	+@@ -231,6 +231,7 @@ int main(int argc, char **argv)
239	+ return EXIT_FAILURE;
240	+ }
241	+
242	++#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
243	+ ERR_load_crypto_strings();
244	+ OpenSSL_add_all_digests();
245	+ OPENSSL_config(NULL);
246	+@@ -239,6 +240,7 @@ int main(int argc, char **argv)
247	+ * module isn't present). In either case ignore the errors
248	+ * (malloc will cause other failures out lower down */
249	+ ERR_clear_error();
250	++#endif
251	+
252	+ image = image_load(image_filename);
253	+ if (!image) {
254	+diff --git a/src/sbkeysync.c b/src/sbkeysync.c
255	+index 7b17f40..753ca52 100644
256	+--- a/src/sbkeysync.c
257	++++ b/src/sbkeysync.c
258	+@@ -208,7 +208,11 @@ static int x509_key_parse(struct key key, uint8_t data, size_t len)
259	+ goto out;
260	+
261	+ key->id_len = ASN1_STRING_length(serial);
262	++#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
263	+ key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len);
264	++#else
265	++ key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len);
266	++#endif
267	+
268	+ key->description = talloc_array(key, char, description_len);
269	+ X509_NAME_oneline(X509_get_subject_name(x509),
270	+@@ -927,6 +931,7 @@ int main(int argc, char **argv)
271	+ return EXIT_FAILURE;
272	+ }
273	+
274	++#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
275	+ ERR_load_crypto_strings();
276	+ OpenSSL_add_all_digests();
277	+ OpenSSL_add_all_ciphers();
278	+@@ -936,6 +941,7 @@ int main(int argc, char **argv)
279	+ * module isn't present). In either case ignore the errors
280	+ * (malloc will cause other failures out lower down */
281	+ ERR_clear_error();
282	++#endif
283	+
284	+ ctx->filesystem_keys = init_keyset(ctx);
285	+ ctx->firmware_keys = init_keyset(ctx);
286	+diff --git a/src/sbsign.c b/src/sbsign.c
287	+index ff1fdfd..5754113 100644
288	+--- a/src/sbsign.c
289	++++ b/src/sbsign.c
290	+@@ -188,6 +188,7 @@ int main(int argc, char **argv)
291	+
292	+ talloc_steal(ctx, ctx->image);
293	+
294	++#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
295	+ ERR_load_crypto_strings();
296	+ OpenSSL_add_all_digests();
297	+ OpenSSL_add_all_ciphers();
298	+@@ -197,6 +198,7 @@ int main(int argc, char **argv)
299	+ * module isn't present). In either case ignore the errors
300	+ * (malloc will cause other failures out lower down */
301	+ ERR_clear_error();
302	++#endif
303	+ if (engine)
304	+ pkey = fileio_read_engine_key(engine, keyfilename);
305	+ else
306	+diff --git a/src/sbvarsign.c b/src/sbvarsign.c
307	+index ebf625c..43a1a61 100644
308	+--- a/src/sbvarsign.c
309	++++ b/src/sbvarsign.c
310	+@@ -509,6 +509,7 @@ int main(int argc, char **argv)
311	+ return EXIT_FAILURE;
312	+ }
313	+
314	++#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
315	+ /* initialise openssl */
316	+ OpenSSL_add_all_digests();
317	+ OpenSSL_add_all_ciphers();
318	+@@ -519,6 +520,7 @@ int main(int argc, char **argv)
319	+ * module isn't present). In either case ignore the errors
320	+ * (malloc will cause other failures out lower down */
321	+ ERR_clear_error();
322	++#endif
323	+
324	+ /* set up the variable signing context */
325	+ varname = argv[optind];
326	+diff --git a/src/sbverify.c b/src/sbverify.c
327	+index 3920d91..3d9c0a1 100644
328	+--- a/src/sbverify.c
329	++++ b/src/sbverify.c
330	+@@ -56,7 +56,7 @@
331	+ #include <openssl/pem.h>
332	+ #include <openssl/x509v3.h>
333	+
334	+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
335	++#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
336	+ #define X509_OBJECT_get0_X509(obj) ((obj)->data.x509)
337	+ #define X509_OBJECT_get_type(obj) ((obj)->type)
338	+ #define X509_STORE_CTX_get0_cert(ctx) ((ctx)->cert)
339	+@@ -250,6 +250,7 @@ int main(int argc, char **argv)
340	+ verbose = false;
341	+ detached_sig_filename = NULL;
342	+
343	++#if OPENSSL_VERSION_NUMBER < 0x10100000L \|\| defined(LIBRESSL_VERSION_NUMBER)
344	+ OpenSSL_add_all_digests();
345	+ ERR_load_crypto_strings();
346	+ OPENSSL_config(NULL);
347	+@@ -258,6 +259,7 @@ int main(int argc, char **argv)
348	+ * module isn't present). In either case ignore the errors
349	+ * (malloc will cause other failures out lower down */
350	+ ERR_clear_error();
351	++#endif
352	+
353	+ for (;;) {
354	+ int idx;
355
356	diff --git a/app-crypt/sbsigntools/metadata.xml b/app-crypt/sbsigntools/metadata.xml
357	new file mode 100644
358	index 0000000..20001d6
359	--- /dev/null
360	+++ b/app-crypt/sbsigntools/metadata.xml
361	@@ -0,0 +1,10 @@
362	+<?xml version="1.0" encoding="UTF-8"?>
363	+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
364	+<pkgmetadata>
365	+ <maintainer type="person">
366	+ <email>tamiko@g.o</email>
367	+ </maintainer>
368	+ <upstream>
369	+ <remote-id type="launchpad">ubuntu</remote-id>
370	+ </upstream>
371	+</pkgmetadata>
372
373	diff --git a/app-crypt/sbsigntools/sbsigntools-0.9.2.ebuild b/app-crypt/sbsigntools/sbsigntools-0.9.2.ebuild
374	new file mode 100644
375	index 0000000..92c0ab7
376	--- /dev/null
377	+++ b/app-crypt/sbsigntools/sbsigntools-0.9.2.ebuild
378	@@ -0,0 +1,48 @@
379	+# Copyright 1999-2021 Gentoo Authors
380	+# Distributed under the terms of the GNU General Public License v2
381	+
382	+EAPI="7"
383	+
384	+MY_PN="${PN::-1}"
385	+
386	+inherit autotools toolchain-funcs
387	+
388	+DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot"
389	+HOMEPAGE="https://git.kernel.org/cgit/linux/kernel/git/jejb/sbsigntools.git/"
390	+SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/${PN}.git/snapshot/${P}.tar.gz
391	+ https://dev.gentoo.org/~tamiko/distfiles/${MY_PN}-0.8-ccan.tar.gz"
392	+
393	+LICENSE="GPL-3 LGPL-3 LGPL-2.1 CC0-1.0"
394	+SLOT="0"
395	+KEYWORDS="amd64 ~arm64 x86"
396	+IUSE=""
397	+
398	+RDEPEND="
399	+ dev-libs/openssl:0=
400	+ sys-apps/util-linux"
401	+DEPEND="${RDEPEND}
402	+ sys-apps/help2man
403	+ sys-boot/gnu-efi
404	+ sys-libs/binutils-libs
405	+ virtual/pkgconfig"
406	+
407	+src_prepare() {
408	+ eapply "${FILESDIR}"/"${P}"-libressl.patch
409	+ mv "${WORKDIR}"/lib/ccan "${S}"/lib \|\| die "mv failed"
410	+ rmdir "${WORKDIR}"/lib \|\| die "rmdir failed"
411	+
412	+ local iarch
413	+ case ${ARCH} in
414	+ amd64) iarch=x86_64 ;;
415	+ arm64) iarch=aarch64 ;;
416	+ ia64) iarch=ia64 ;;
417	+ x86) iarch=ia32 ;;
418	+ *) die "unsupported architecture: ${ARCH}" ;;
419	+ esac
420	+ sed -i "/^EFI_ARCH=/s:=.*:=${iarch}:" configure.ac \|\| die
421	+ sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.am \|\| die
422	+ sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in \|\| die #481480
423	+
424	+ default
425	+ eautoreconf
426	+}

Gentoo Archives: gentoo-commits