From 871179913c778d4f66d9c4f5f5a70cb93b3c97b0 Mon Sep 17 00:00:00 2001
From: Matthias Maier <tamiko@gentoo.org>
Date: Thu, 28 Jun 2018 22:56:15 -0500
Subject: app-crypt/sbsigntool: version bump to 0.9.1

 * version bump to 0.9.1
 * use new upstream repository
 * openssl-1.1.0 patches, thanks to Quentin Minster
 * multiple compilation fixes

Closes: https://bugs.gentoo.org/647914
Closes: https://bugs.gentoo.org/652094
Closes: https://bugs.gentoo.org/629992
Closes: https://bugs.gentoo.org/632068
Closes: https://bugs.gentoo.org/657648
Package-Manager: Portage-2.3.41, Repoman-2.3.9
---
 app-crypt/sbsigntool/Manifest                      |   1 +
 .../sbsigntool-0.9.1-openssl-1.1.0-compat.patch    | 152 +++++++++++++++++++++
 app-crypt/sbsigntool/sbsigntool-0.8.ebuild         |   2 +-
 app-crypt/sbsigntool/sbsigntool-0.9.1.ebuild       |  52 +++++++
 4 files changed, 206 insertions(+), 1 deletion(-)
 create mode 100644 app-crypt/sbsigntool/files/sbsigntool-0.9.1-openssl-1.1.0-compat.patch
 create mode 100644 app-crypt/sbsigntool/sbsigntool-0.9.1.ebuild

(limited to 'app-crypt')

diff --git a/app-crypt/sbsigntool/Manifest b/app-crypt/sbsigntool/Manifest
index da74645d423d..b6ff136f716b 100644
--- a/app-crypt/sbsigntool/Manifest
+++ b/app-crypt/sbsigntool/Manifest
@@ -1,3 +1,4 @@
 DIST sbsigntool-0.8-ccan.tar.gz 113537 BLAKE2B 8fbf27463d30c1895930628a145be2d521ae4f6adb7af3299bf2f5f4319fd643df0a07347ef6851bd41d233af4c3fc5f77002771af1c43aa0f20665aef2390b8 SHA512 6857096879f116f1802eb6b44789cbea7bb24440bc0f16503aeadf5f276fa45943f322f844dbb9abee717655205d82b830143be3a7f4424fd4146b9360674a09
 DIST sbsigntool-0.8.tar.gz 55537 BLAKE2B f81a530995b90f4030ae2bb36cdf4c5bab8fde5bbc4646029af008df9368968c1f1774317e8b0f94e6c75a33f0d79892f26d99c2987c92766f520a3b9a8e2e57 SHA512 ffc2661135dcdbdd218640f0a0657127c5519ade7ddaaa894898e382b4898829e5b877be51fce48bddd186667bf533f779cd5a323c79aad8b0e63b74f7a2c128
+DIST sbsigntool-0.9.1.tar.gz 56497 BLAKE2B 22791bd4b490f36963a19e82da3ce7b93a56d948bf44d1ffdb62fa3291a3f815b2c19d68f9180b607c2b1438f656367ec1f9002f0b1225734d16a9aadc6d20ec SHA512 ae16232327c098bbc60a9701185d856d851cb7fa8f62be64d3c8f75c8b274b8521fcc4212226189def05db980690878ee6ac9a9b418166c92442aaf35e790d29
 DIST sbsigntool_0.6.orig.tar.gz 212375 BLAKE2B fab9141c7fbfa01ec24f975503ac83be4ae0664251a1311afb3d95124fec3750ce20a5ffab35b6965d4ee4585ab4ee91f25ae49488214a983b6fc006071d0968 SHA512 ed314d1cb7278cf5f27d4c3cd17f2195678419a7f9e47770429b6f95df35f7df035331e60c45970183ddd9b150a9b752f876c777929598b0525872b3255af95c
diff --git a/app-crypt/sbsigntool/files/sbsigntool-0.9.1-openssl-1.1.0-compat.patch b/app-crypt/sbsigntool/files/sbsigntool-0.9.1-openssl-1.1.0-compat.patch
new file mode 100644
index 000000000000..2f9364f246ee
--- /dev/null
+++ b/app-crypt/sbsigntool/files/sbsigntool-0.9.1-openssl-1.1.0-compat.patch
@@ -0,0 +1,152 @@
+diff --git a/src/fileio.c b/src/fileio.c
+index 032eb1e..09bc3aa 100644
+--- a/src/fileio.c
++++ b/src/fileio.c
+@@ -40,6 +40,7 @@
+ #include <openssl/pem.h>
+ #include <openssl/err.h>
+ #include <openssl/engine.h>
++#include <openssl/ui.h>
+ 
+ #include <ccan/talloc/talloc.h>
+ #include <ccan/read_write_all/read_write_all.h>
+diff --git a/src/idc.c b/src/idc.c
+index 236cefd..6d87bd4 100644
+--- a/src/idc.c
++++ b/src/idc.c
+@@ -238,7 +238,11 @@ struct idc *IDC_get(PKCS7 *p7, BIO *bio)
+ 
+ 	/* extract the idc from the signed PKCS7 'other' data */
+ 	str = p7->d.sign->contents->d.other->value.asn1_string;
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	idcbuf = buf = ASN1_STRING_data(str);
++#else
++	idcbuf = buf = ASN1_STRING_get0_data(str);
++#endif
+ 	idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str));
+ 
+ 	/* If we were passed a BIO, write the idc data, minus type and length,
+@@ -289,7 +293,11 @@ int IDC_check_hash(struct idc *idc, struct image *image)
+ 	}
+ 
+ 	/* check hash against the one we calculated from the image */
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	buf = ASN1_STRING_data(str);
++#else
++	buf = ASN1_STRING_get0_data(str);
++#endif
+ 	if (memcmp(buf, sha, sizeof(sha))) {
+ 		fprintf(stderr, "Hash doesn't match image\n");
+ 		fprintf(stderr, " got:       %s\n", sha256_str(buf));
+diff --git a/src/sbattach.c b/src/sbattach.c
+index a0c01b8..e89a23e 100644
+--- a/src/sbattach.c
++++ b/src/sbattach.c
+@@ -231,6 +231,7 @@ int main(int argc, char **argv)
+ 		return EXIT_FAILURE;
+ 	}
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	ERR_load_crypto_strings();
+ 	OpenSSL_add_all_digests();
+ 	OPENSSL_config(NULL);
+@@ -239,6 +240,7 @@ int main(int argc, char **argv)
+ 	 * module isn't present).  In either case ignore the errors
+ 	 * (malloc will cause other failures out lower down */
+ 	ERR_clear_error();
++#endif
+ 
+ 	image = image_load(image_filename);
+ 	if (!image) {
+diff --git a/src/sbkeysync.c b/src/sbkeysync.c
+index 7b17f40..419b1e7 100644
+--- a/src/sbkeysync.c
++++ b/src/sbkeysync.c
+@@ -208,7 +208,11 @@ static int x509_key_parse(struct key *key, uint8_t *data, size_t len)
+ 		goto out;
+ 
+ 	key->id_len = ASN1_STRING_length(serial);
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len);
++#else
++	key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len);
++#endif
+ 
+ 	key->description = talloc_array(key, char, description_len);
+ 	X509_NAME_oneline(X509_get_subject_name(x509),
+@@ -927,6 +931,7 @@ int main(int argc, char **argv)
+ 		return EXIT_FAILURE;
+ 	}
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	ERR_load_crypto_strings();
+ 	OpenSSL_add_all_digests();
+ 	OpenSSL_add_all_ciphers();
+@@ -936,6 +941,7 @@ int main(int argc, char **argv)
+ 	 * module isn't present).  In either case ignore the errors
+ 	 * (malloc will cause other failures out lower down */
+ 	ERR_clear_error();
++#endif
+ 
+ 	ctx->filesystem_keys = init_keyset(ctx);
+ 	ctx->firmware_keys = init_keyset(ctx);
+diff --git a/src/sbsign.c b/src/sbsign.c
+index ff1fdfd..78d8d64 100644
+--- a/src/sbsign.c
++++ b/src/sbsign.c
+@@ -188,6 +188,7 @@ int main(int argc, char **argv)
+ 
+ 	talloc_steal(ctx, ctx->image);
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	ERR_load_crypto_strings();
+ 	OpenSSL_add_all_digests();
+ 	OpenSSL_add_all_ciphers();
+@@ -197,6 +198,7 @@ int main(int argc, char **argv)
+ 	 * module isn't present).  In either case ignore the errors
+ 	 * (malloc will cause other failures out lower down */
+ 	ERR_clear_error();
++#endif
+ 	if (engine)
+ 		pkey = fileio_read_engine_key(engine, keyfilename);
+ 	else
+diff --git a/src/sbvarsign.c b/src/sbvarsign.c
+index 7dcbe51..9319c8b 100644
+--- a/src/sbvarsign.c
++++ b/src/sbvarsign.c
+@@ -509,6 +509,7 @@ int main(int argc, char **argv)
+ 		return EXIT_FAILURE;
+ 	}
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	/* initialise openssl */
+ 	OpenSSL_add_all_digests();
+ 	OpenSSL_add_all_ciphers();
+@@ -519,6 +520,7 @@ int main(int argc, char **argv)
+ 	 * module isn't present).  In either case ignore the errors
+ 	 * (malloc will cause other failures out lower down */
+ 	ERR_clear_error();
++#endif
+ 
+ 	/* set up the variable signing context */
+ 	varname = argv[optind];
+diff --git a/src/sbverify.c b/src/sbverify.c
+index 3920d91..d0b203a 100644
+--- a/src/sbverify.c
++++ b/src/sbverify.c
+@@ -250,6 +250,7 @@ int main(int argc, char **argv)
+ 	verbose = false;
+ 	detached_sig_filename = NULL;
+ 
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	OpenSSL_add_all_digests();
+ 	ERR_load_crypto_strings();
+ 	OPENSSL_config(NULL);
+@@ -258,6 +259,7 @@ int main(int argc, char **argv)
+ 	 * module isn't present).  In either case ignore the errors
+ 	 * (malloc will cause other failures out lower down */
+ 	ERR_clear_error();
++#endif
+ 
+ 	for (;;) {
+ 		int idx;
diff --git a/app-crypt/sbsigntool/sbsigntool-0.8.ebuild b/app-crypt/sbsigntool/sbsigntool-0.8.ebuild
index 853bb5244541..5ee27f8cf230 100644
--- a/app-crypt/sbsigntool/sbsigntool-0.8.ebuild
+++ b/app-crypt/sbsigntool/sbsigntool-0.8.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2018 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 EAPI="5"
diff --git a/app-crypt/sbsigntool/sbsigntool-0.9.1.ebuild b/app-crypt/sbsigntool/sbsigntool-0.9.1.ebuild
new file mode 100644
index 000000000000..83cf4a6bf773
--- /dev/null
+++ b/app-crypt/sbsigntool/sbsigntool-0.9.1.ebuild
@@ -0,0 +1,52 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit eutils autotools
+
+DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot"
+HOMEPAGE="https://git.kernel.org/cgit/linux/kernel/git/jejb/sbsigntools.git/"
+SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/${PN}s.git/snapshot/${PN}s-${PV}.tar.gz -> ${P}.tar.gz
+	https://dev.gentoo.org/~tamiko/distfiles/${PN}-0.8-ccan.tar.gz"
+
+LICENSE="GPL-3 LGPL-3 LGPL-2.1 CC0-1.0"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~x86"
+IUSE="libressl"
+
+RDEPEND="
+	!libressl? ( dev-libs/openssl:0= )
+	libressl? ( dev-libs/libressl:0= )
+	sys-apps/util-linux"
+DEPEND="${RDEPEND}
+	sys-apps/help2man
+	sys-boot/gnu-efi
+	sys-libs/binutils-libs
+	virtual/pkgconfig"
+
+S="${WORKDIR}/${PN}s-${PV}"
+
+PATCHES=(
+	"${FILESDIR}"/${P}-openssl-1.1.0-compat.patch
+)
+
+src_prepare() {
+	mv "${WORKDIR}"/lib/ccan "${S}"/lib || die "mv failed"
+	rmdir "${WORKDIR}"/lib || die "rmdir failed"
+
+	local iarch
+	case ${ARCH} in
+		amd64) iarch=x86_64 ;;
+		arm64) iarch=aarch64 ;;
+		ia64)  iarch=ia64 ;;
+		x86)   iarch=ia32 ;;
+		*)     die "unsupported architecture: ${ARCH}" ;;
+	esac
+	sed -i "/^EFI_ARCH=/s:=.*:=${iarch}:" configure.ac || die
+	sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.am || die
+	sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480
+
+	default
+	eautoreconf
+}
-- 
cgit v1.2.3-65-gdbad