reinit the tree, so we can have metadata

6 files changed, 179 insertions, 0 deletions

diff --git a/app-crypt/sbsigntool/Manifest b/app-crypt/sbsigntool/Manifest
new file mode 100644
index 000000000000..18bf04355f26
--- /dev/null
+++ b/app-crypt/sbsigntool/Manifest
@@ -0,0 +1,10 @@
+AUX 0002-image.c-clear-image-variable.patch 822 SHA256 7877d69c0a6d014f43e1dc922db3fb503c1c3176dd2665a96f85ddfd73ed7e12 SHA512 004ba118cbe8fe5cc291888966e5994373c0b9d8149bc5c652a72971138fab5e64d721061c69e8b864d6ca5cdb4ffa193520156941b6bd9c998b256f8d72697b WHIRLPOOL 3872d97cde83e9423622f348dc50eb414f8512f95673cbf7e4b908f699455003d57711bda6bd0893f3a21b876a66ec480416bed5df52e5ecb33c00b21cbbb6c9
+AUX 0003-Fix-for-multi-sign.patch 1452 SHA256 803f97f6c01a573367371f9ffd4c53aab5916ea3218fdc515429ca559f5dad31 SHA512 2aba55a116536e7f41e4aac2fd33eeb92cf89b14bcdd8b93b6e9dc9bdaf2f0162134e56f7d365640445bf801ad8590f6d49f14cdf80b791324647067d52ae435 WHIRLPOOL a83c8dde50cf82559408be58482f73aa1c3460a63424578decfc36033b5c368f8ad219b1412a7eb0a478e91b8654e7a7392dc886a496f9efea6f12dcd2f0e379
+DIST sbsigntool-0.8-ccan.tar.gz 113537 SHA256 8693929fff1138ed39d5387774da05355162f7275f5495638b55bfd258200e0b SHA512 6857096879f116f1802eb6b44789cbea7bb24440bc0f16503aeadf5f276fa45943f322f844dbb9abee717655205d82b830143be3a7f4424fd4146b9360674a09 WHIRLPOOL 4b577b5d959af7bc6a4bd29d877a293007286de56cd7a88ad144b23eb7d91dafe32ab095f4eede82fdbfd689f5df07d15232bdec186e0b38c580a496b76a27ae
+DIST sbsigntool-0.8.tar.gz 55537 SHA256 67a5df2818a424d0f76e8701562d9239fad88769421d8d2df733e5a98f119812 SHA512 ffc2661135dcdbdd218640f0a0657127c5519ade7ddaaa894898e382b4898829e5b877be51fce48bddd186667bf533f779cd5a323c79aad8b0e63b74f7a2c128 WHIRLPOOL 72693ff682cc2bcde9c166edc2532755da78c626504a1f830d1e1b04d855ee8c571e43110d6a30a763c4342de7f86603724636d1f38b2b91ea74e64555203872
+DIST sbsigntool_0.6.orig.tar.gz 212375 SHA256 84fb0c8f6fb1e79aa418a4f70a3139b38d5630043b28291c875f383e9b4294b8 SHA512 ed314d1cb7278cf5f27d4c3cd17f2195678419a7f9e47770429b6f95df35f7df035331e60c45970183ddd9b150a9b752f876c777929598b0525872b3255af95c WHIRLPOOL 3b86b9861f5e26586e8a9eb9bbf48adf1a12714b294f0acd605d53e37c27192006c6ecc81d31bf4f200f8e88508f38a52ef93e9e01e301c4245a11894227cecc
+EBUILD sbsigntool-0.6-r1.ebuild 1122 SHA256 828ba46bc8135784118229d194bc2dcbee47f552890f3d96443452187ea2064d SHA512 3805523425a7a4b85094c7cc1a2db43b7a8a8b15ed63f587cb5d512d76774eb77a683500f33ccb69ee2c1e55a71587b2111c6fa1cd54820137da442158a9a28d WHIRLPOOL 64a4a4d9ed24350d450154fab8a8cf024d51075f70081bc54e11fcbce3fe82ecbffa2cbf03e985cb29fa84693dfc6bd35ecb93f7a8933326bba307a0478e6c0e
+EBUILD sbsigntool-0.8.ebuild 1242 SHA256 451b8542b232db7eedbe1b90d2b954a7bf77db4cf127a3f43daf535e2d206553 SHA512 bfa6d73bcf491ae0acc533d27721a18ad30b022afc26cd6f0e8cd4ade4828617ee7ef031e4782bb867b50d7652c3ccb9609b43cf4d871ffa69eb29b77bb9df34 WHIRLPOOL ffed1da8b74486ee1180915d5f92b722f865bd1b091dbf5ddc548dd8d3fa14d8b5e2ed729ebab80e27cc7e795ffd7b000e3679c4aab9b97f1d7e06d9b76d68f8
+MISC ChangeLog 3103 SHA256 4afbf378d12a8bb7ac37eef0c7ec1e7eedbc53da4c83716b362b3a059ff042d3 SHA512 f68c0f847f14bfbb5f26ee467eb9f3a461ecebd96f6bb8b38703b511938c598ee74dfc9214f9a426a41d7f477083c421cc42e1c758633146f6130df29b36c127 WHIRLPOOL c3b24c5cfa5477fe5663e659b13b80672121c402d8f42e91c22372f16e04a669f16068ef75bf6182e14cda6944841a640380f18677bc84cd06ecef3b97ed6b23
+MISC ChangeLog-2015 1396 SHA256 66a4ce4ab77613664c5ba27eb3d38bf068b5dc27d87bb9f79df6db6749ddf950 SHA512 fe0e3814d2272263f40ea3b78739000a7a7b6d16cfcb34d432d7580798496e84fe3d053c79d014f659df28de2772fcc414d4f519500b0b23031ad636212d6352 WHIRLPOOL add9bd9fa4567ee6677bba710567b9cec6caa23f875bdab0ae8828dbeaf8b490b3c4a8ddcf94723776e9163a5ed80b6d9b4e2007fc2cbd0b881295d64f39abf2
+MISC metadata.xml 463 SHA256 f0fbd55749d24666f4dbf0a6b01525a83369d032bd31734ffaf797fe8259418d SHA512 062380e68865333256499a2fde22991f632197900bc278f34ebd3b13b050f9f21143965257cd2013d6e811667178c6937e9567c2be287a755d88921714a08547 WHIRLPOOL ac7bc56f91ab4f8106fc9aa1de9df5889e19f88e75586f83b69b26783094989a7667bcee6da6f0ead175bee079389f4ca9e5cc9c10fa27c38e59e8b947f522a0
diff --git a/app-crypt/sbsigntool/files/0002-image.c-clear-image-variable.patch b/app-crypt/sbsigntool/files/0002-image.c-clear-image-variable.patch
new file mode 100644
index 000000000000..dfe183e66cd2
--- /dev/null
+++ b/app-crypt/sbsigntool/files/0002-image.c-clear-image-variable.patch
@@ -0,0 +1,29 @@
+From 21e984fa9d93a760cc03f5d9d13d023809227df2 Mon Sep 17 00:00:00 2001
+From: James Bottomley <JBottomley@Parallels.com>
+Date: Thu, 11 Apr 2013 21:12:17 -0700
+Subject: image.c: clear image variable
+
+Not zeroing the image after talloc occasionally leads to a segfault because
+the programme thinks it has a signature when in reality it just has a junk
+pointer and segfaults.
+
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+---
+ src/image.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/image.c b/src/image.c
+index cc55791..10eba0e 100644
+--- a/src/image.c
++++ b/src/image.c
+@@ -401,6 +401,7 @@ struct image *image_load(const char *filename)
+ 		return NULL;
+ 	}
+ 
++	memset(image, 0, sizeof(*image));
+ 	rc = fileio_read_file(image, filename, &image->buf, &image->size);
+ 	if (rc)
+ 		goto err;
+-- 
+1.8.2.1
+
diff --git a/app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch b/app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch
new file mode 100644
index 000000000000..f42c69616d13
--- /dev/null
+++ b/app-crypt/sbsigntool/files/0003-Fix-for-multi-sign.patch
@@ -0,0 +1,39 @@
+From e58a528ef57e53008222f238cce7c326a14572e2 Mon Sep 17 00:00:00 2001
+From: James Bottomley <JBottomley@Parallels.com>
+Date: Mon, 30 Sep 2013 19:25:37 -0700
+Subject: [PATCH 4/4] Fix for multi-sign
+
+The new Tianocore multi-sign code fails now for images signed with
+sbsigntools.  The reason is that we don't actually align the signature table,
+we just slap it straight after the binary data.  Unfortunately, the new
+multi-signature code checks that our alignment offsets are correct and fails
+the signature for this reason.  Fix by adding junk to the end of the image to
+align the signature section.
+
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+---
+ src/image.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/image.c b/src/image.c
+index 10eba0e..519e288 100644
+--- a/src/image.c
++++ b/src/image.c
+@@ -385,7 +385,13 @@ static int image_find_regions(struct image *image)
+ 
+ 	/* record the size of non-signature data */
+ 	r = &image->checksum_regions[image->n_checksum_regions - 1];
+-	image->data_size = (r->data - (void *)image->buf) + r->size;
++	/*
++	 * The new Tianocore multisign does a stricter check of the signatures
++	 * in particular, the signature table must start at an aligned offset
++	 * fix this by adding bytes to the end of the text section (which must
++	 * be included in the hash)
++	 */
++	image->data_size = align_up((r->data - (void *)image->buf) + r->size, 8);
+ 
+ 	return 0;
+ }
+-- 
+1.8.4
+
diff --git a/app-crypt/sbsigntool/metadata.xml b/app-crypt/sbsigntool/metadata.xml
new file mode 100644
index 000000000000..6234418898f3
--- /dev/null
+++ b/app-crypt/sbsigntool/metadata.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>vapier@gentoo.org</email>
+		<description>do whatever</description>
+	</maintainer>
+	<maintainer type="person">
+		<email>tamiko@gentoo.org</email>
+		<description>yell at me if it breaks</description>
+	</maintainer>
+	<upstream>
+		<remote-id type="launchpad">ubuntu</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/app-crypt/sbsigntool/sbsigntool-0.6-r1.ebuild b/app-crypt/sbsigntool/sbsigntool-0.6-r1.ebuild
new file mode 100644
index 000000000000..60b0606bfcd4
--- /dev/null
+++ b/app-crypt/sbsigntool/sbsigntool-0.6-r1.ebuild
@@ -0,0 +1,40 @@
+# Copyright 1999-2016 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+inherit eutils toolchain-funcs
+
+DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot"
+HOMEPAGE="https://launchpad.net/ubuntu/+source/sbsigntool"
+SRC_URI="https://launchpad.net/ubuntu/+archive/primary/+files/${PN}_${PV}.orig.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE="libressl"
+
+RDEPEND="
+	!libressl? ( dev-libs/openssl:0= )
+	libressl? ( dev-libs/libressl:0= )
+	sys-apps/util-linux"
+DEPEND="${RDEPEND}
+	sys-apps/help2man
+	sys-boot/gnu-efi
+	sys-libs/binutils-libs
+	virtual/pkgconfig"
+
+src_prepare() {
+	local iarch
+	case ${ARCH} in
+		ia64)  iarch=ia64 ;;
+		x86)   iarch=ia32 ;;
+		amd64) iarch=x86_64 ;;
+		*)     die "unsupported architecture: ${ARCH}" ;;
+	esac
+	sed -i "/^EFI_ARCH=/s:=.*:=${iarch}:" configure || die
+	sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.in || die
+	sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480
+	epatch "${FILESDIR}"/0002-image.c-clear-image-variable.patch
+	epatch "${FILESDIR}"/0003-Fix-for-multi-sign.patch
+}
diff --git a/app-crypt/sbsigntool/sbsigntool-0.8.ebuild b/app-crypt/sbsigntool/sbsigntool-0.8.ebuild
new file mode 100644
index 000000000000..853bb5244541
--- /dev/null
+++ b/app-crypt/sbsigntool/sbsigntool-0.8.ebuild
@@ -0,0 +1,46 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+inherit eutils toolchain-funcs autotools-utils
+
+DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot"
+HOMEPAGE="https://git.kernel.org/cgit/linux/kernel/git/jejb/sbsigntools.git/"
+SRC_URI="https://dev.gentoo.org/~tamiko/distfiles/${P}.tar.gz
+	https://dev.gentoo.org/~tamiko/distfiles/${P}-ccan.tar.gz"
+
+LICENSE="GPL-3 LGPL-3 LGPL-2.1 CC0-1.0"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~x86"
+IUSE="libressl"
+
+RDEPEND="
+	!libressl? ( dev-libs/openssl:0= )
+	libressl? ( dev-libs/libressl:0= )
+	sys-apps/util-linux"
+DEPEND="${RDEPEND}
+	sys-apps/help2man
+	sys-boot/gnu-efi
+	sys-libs/binutils-libs
+	virtual/pkgconfig"
+
+S="${WORKDIR}"
+
+src_prepare() {
+	local iarch
+	case ${ARCH} in
+		amd64) iarch=x86_64 ;;
+		arm64) iarch=aarch64 ;;
+		ia64)  iarch=ia64 ;;
+		x86)   iarch=ia32 ;;
+		*)     die "unsupported architecture: ${ARCH}" ;;
+	esac
+	sed -i "/^EFI_ARCH=/s:=.*:=${iarch}:" configure.ac || die
+	sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.am || die
+	sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480
+
+	AUTOTOOLS_IN_SOURCE_BUILD=1
+	AUTOTOOLS_AUTORECONF=true
+	autotools-utils_src_prepare
+}