diff options
Diffstat (limited to 'app-crypt/sbctl')
-rw-r--r-- | app-crypt/sbctl/Manifest | 6 | ||||
-rw-r--r-- | app-crypt/sbctl/files/sbctl-0.13-no-installkernel-error.patch | 27 | ||||
-rw-r--r-- | app-crypt/sbctl/metadata.xml | 12 | ||||
-rw-r--r-- | app-crypt/sbctl/sbctl-0.13-r1.ebuild | 40 | ||||
-rw-r--r-- | app-crypt/sbctl/sbctl-0.14.ebuild | 38 |
5 files changed, 123 insertions, 0 deletions
diff --git a/app-crypt/sbctl/Manifest b/app-crypt/sbctl/Manifest new file mode 100644 index 000000000000..a96d507722c3 --- /dev/null +++ b/app-crypt/sbctl/Manifest @@ -0,0 +1,6 @@ +DIST sbctl-0.13-deps.tar.xz 21415148 BLAKE2B cf16f7dd3341f7fef273d542f879d5e0a60b8b648fcd1efc8c85a66f0342b0631c5d273417777ecdd4231709ba6ef59592d40adc70a55b59af1aa36987019492 SHA512 f969ca335f14b9f3df52188e00ea68dbd69eef3bcbf71bbd162d0487f28f040ab14ce755ef56b554e7bde3e1c587f0f09ee7b4331edf5baa380b904694f0ad9f +DIST sbctl-0.13.tar.gz 1642040 BLAKE2B 569f42ca5694a4db0b1b66ef58dc255ec337a99f8025c61c58d5b54860e09f543e29e63b0e3adf65e3883abacabf6c1554e8849a8b25569ea05414d86fe0cfc4 SHA512 02c1f3e745f83f0e0a2fe90974f940a314aadbe26bd0d0c3e314bb3720b72c74715a26c891f8b22023f40eb8d1d8d24a7d2b1bc1c5d60f9781971f7e97224a4c +DIST sbctl-0.13.tar.gz.sig 566 BLAKE2B e0996fc4732501b1e66b7c65c9f4523a0c9f4b714e8b985bf5ad8b6d662dff99ddd4f4269374cf8e9e206c1ae8884ad312cd20cc8fcf33ed0af1ca0d1d81e967 SHA512 9435943dda069a5ae5629ab1880158349127654f122a2e5251cf8625db00cb12e85a671c24dda630c2e9beb312cc1c6cf2c24edc7d3a37e6b22ddb871e5c8682 +DIST sbctl-0.14-deps.tar.xz 114919252 BLAKE2B a2baa7cca501d924c1353404725999fb8372b52e88a3e2bd7760cf04da4900c676a326c3687adb58169acfb032e4009bb35be66cef3547cf888767325a0baecb SHA512 75122f835dc4f2bd41a8dbdd2b5ed6ad4c9c2f2f802f989245d08c55620d4eb992d23c78812bc761b96fb6b44b6eb6b6ae702b32d8b8f60ad23ac8a76f7e70bd +DIST sbctl-0.14.tar.gz 17809255 BLAKE2B a59eb3c5a32cb73cb2993c785d16798cbc83b70186eda8c8ce064a17fc338d3e70b93b277ad55c20991952e8d807c77f2a23ae4467c045019ba717ba342d5442 SHA512 a541324ec0b42503f5b5837b18e5f3076aa6fbe3c32041c3362945be52c281c6d057a856512cd134df37bf133106061af34d2b4fbfc377852ae4a86078e65fd8 +DIST sbctl-0.14.tar.gz.sig 566 BLAKE2B a5ec700d7ebf42393114c7b193483218df285977622f8ca6c2fb50b622478889647083b34c008fe8618244232416b374f099dd0ca7fce0f961949ef8b9cddbd8 SHA512 8508cc4a77e8bd08d77b2119d59c65d8724ace4576e1d233d0801c0b470afaac96981915c86a185ad0a29e94b7ad6aae1c6c3d52574f353d75d20d11cd503b0f diff --git a/app-crypt/sbctl/files/sbctl-0.13-no-installkernel-error.patch b/app-crypt/sbctl/files/sbctl-0.13-no-installkernel-error.patch new file mode 100644 index 000000000000..18e28eb39b1d --- /dev/null +++ b/app-crypt/sbctl/files/sbctl-0.13-no-installkernel-error.patch @@ -0,0 +1,27 @@ +From: https://github.com/Foxboron/sbctl/pull/188 +From: John Helmert III <ajak@gentoo.org> +Date: Sat, 10 Feb 2024 11:46:01 -0800 +Subject: [PATCH] 91-sbctl.install: don't sign without signing keys + +It's expected that signing doesn't work without having previously +generated keys, so don't try to sign when keys don't exist. + +Closes: https://github.com/Foxboron/sbctl/issues/187 +Signed-off-by: John Helmert III <ajak@gentoo.org> +--- a/contrib/kernel-install/91-sbctl.install ++++ b/contrib/kernel-install/91-sbctl.install +@@ -28,6 +28,14 @@ fi + case "$COMMAND" in + add) + printf 'sbctl: Signing kernel %s\n' "$IMAGE_FILE" ++ ++ # exit without error if keys don't exist ++ # https://github.com/Foxboron/sbctl/issues/187 ++ if ! test -d /usr/share/secureboot/keys; then ++ echo "Secureboot key directory doesn't exist, not signing!" ++ exit 0 ++ fi ++ + sbctl sign -s "$IMAGE_FILE" 1>/dev/null + ;; + remove) diff --git a/app-crypt/sbctl/metadata.xml b/app-crypt/sbctl/metadata.xml new file mode 100644 index 000000000000..31fb1548e9e1 --- /dev/null +++ b/app-crypt/sbctl/metadata.xml @@ -0,0 +1,12 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> + <maintainer type="person"> + <email>ajak@gentoo.org</email> + <name>John Helmert III</name> + </maintainer> + <upstream> + <remote-id type="github">Foxboron/sbctl</remote-id> + <changelog>https://github.com/Foxboron/sbctl/releases</changelog> + </upstream> +</pkgmetadata> diff --git a/app-crypt/sbctl/sbctl-0.13-r1.ebuild b/app-crypt/sbctl/sbctl-0.13-r1.ebuild new file mode 100644 index 000000000000..f193cf0fa9d8 --- /dev/null +++ b/app-crypt/sbctl/sbctl-0.13-r1.ebuild @@ -0,0 +1,40 @@ +# Copyright 2022-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module optfeature verify-sig + +DESCRIPTION="Secure Boot key manager" +HOMEPAGE="https://github.com/Foxboron/sbctl" +SRC_URI="https://github.com/Foxboron/${PN}/releases/download/${PV}/${P}.tar.gz + verify-sig? ( https://github.com/Foxboron/${PN}/releases/download/${PV}/${P}.tar.gz.sig )" +SRC_URI+=" https://dev.gentoo.org/~ajak/distfiles/${CATEGORY}/${PN}/${P}-deps.tar.xz" + +LICENSE="Apache-2.0 BSD BSD-2 MIT" +SLOT="0" +KEYWORDS="amd64" + +BDEPEND="app-text/asciidoc + verify-sig? ( sec-keys/openpgp-keys-foxboron )" + +PATCHES=( "${FILESDIR}/${PN}-0.13-no-installkernel-error.patch" ) + +VERIFY_SIG_OPENPGP_KEY_PATH="/usr/share/openpgp-keys/foxboron.asc" + +src_unpack() { + if use verify-sig; then + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.sig} + fi + + default +} + +src_install() { + emake PREFIX="${ED}/usr" install +} + +pkg_postinst() { + optfeature "automatically signing installed kernels with sbctl keys on each kernel installation" \ + "sys-kernel/installkernel[systemd]" +} diff --git a/app-crypt/sbctl/sbctl-0.14.ebuild b/app-crypt/sbctl/sbctl-0.14.ebuild new file mode 100644 index 000000000000..97f67663daf4 --- /dev/null +++ b/app-crypt/sbctl/sbctl-0.14.ebuild @@ -0,0 +1,38 @@ +# Copyright 2022-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +inherit go-module optfeature verify-sig + +DESCRIPTION="Secure Boot key manager" +HOMEPAGE="https://github.com/Foxboron/sbctl" +SRC_URI="https://github.com/Foxboron/${PN}/releases/download/${PV}/${P}.tar.gz + verify-sig? ( https://github.com/Foxboron/${PN}/releases/download/${PV}/${P}.tar.gz.sig )" +SRC_URI+=" https://dev.gentoo.org/~ajak/distfiles/${CATEGORY}/${PN}/${P}-deps.tar.xz" + +LICENSE="Apache-2.0 BSD BSD-2 MIT" +SLOT="0" +KEYWORDS="~amd64" + +BDEPEND="app-text/asciidoc + verify-sig? ( sec-keys/openpgp-keys-foxboron )" + +VERIFY_SIG_OPENPGP_KEY_PATH="/usr/share/openpgp-keys/foxboron.asc" + +src_unpack() { + if use verify-sig; then + verify-sig_verify_detached "${DISTDIR}"/${P}.tar.gz{,.sig} + fi + + default +} + +src_install() { + emake PREFIX="${ED}/usr" install +} + +pkg_postinst() { + optfeature "automatically signing installed kernels with sbctl keys on each kernel installation" \ + "sys-kernel/installkernel[systemd]" +} |