gentoo auto-resync : 05:12:2023 - 17:02:58

3 files changed, 180 insertions, 0 deletions

diff --git a/sys-apps/fwupd-efi/Manifest b/sys-apps/fwupd-efi/Manifest
index 4e16fe4585b0..5dfde251ee09 100644
--- a/sys-apps/fwupd-efi/Manifest
+++ b/sys-apps/fwupd-efi/Manifest
@@ -1,4 +1,6 @@
 AUX fwupd-efi-1.4-efi_ld_override.patch 1219 BLAKE2B f501bd949a82d28bc9daaef5b62e726e18825a081a584b50358e566b5c3af1eb0eaf409d17d5947b85b4f15098bb5d12025037ddb7a74489b88a945fc8eafbbc SHA512 31f966a7babdaa3a232ca86df065ff8e3724829455a9a3ce733bbd8454bd2f45cd3abf0b2526793a6b20b60ed9fce39f87f3528fd89c8c15093d016b65fb3784
+AUX fwupd-efi-1.4-uefi_210_fixes.patch 3716 BLAKE2B 9399f95f71fa1180509320dce8eaa58c136a9365c5484283cc3e519179894cac146e0efb9929277e20c8c5cfb4d46ae6bad67047cb59726a3f8409d65efd32ee SHA512 0f6ac5eef011b0a839c598bdf4dfd7c338a8069486d7e575c6d0b5196609edb24d6b6d02de27f64d04c2f7096d54ce0c6ef2e4a8d5d2134da6799948e3e4153e
 DIST fwupd-efi-1.4.tar.xz 35984 BLAKE2B 24ce9788500781aac5b856740dc17d94bec79cf57f4f1a0359f42e6be4b9600d34259794a88f69bf83aa38ee5976b26228b20813f717edce5cc627c163585b40 SHA512 c330409861a8c1e332a0d4fd49c54ef2c5bf7cdaca99d14de39b50fb35f0c490e9f7f7a4c9dd48181bd509cd358c43eb23659536aea93408c1fefb47629e4991
+EBUILD fwupd-efi-1.4-r1.ebuild 1448 BLAKE2B 88e6c9fdd1060bba21925fc1a8a1012cd69c06ab6af1007f653ce3b485d638590cac28232374014a508bc42ba090fb443d67e936d64ecc1f9da281a507a1ab72 SHA512 088e27e071306e7b8e443e2bd1056fa573b1e818e6482b689ae273dcfcac8a6c7fb7f71cff72ab7bd47b0c90269e1ba4494bdc990219bf45eab4e1847029cd7a
 EBUILD fwupd-efi-1.4.ebuild 1399 BLAKE2B 726e24909760f613d5557fc5503a8658a5828b119173ba587bfb4b30d818991b87870ad5b3459b58d3c889014f6df997adf022d54fbb2296478d35c99cdb0143 SHA512 37343ef8181e59ee67da8f8508c63e601f96695f4bbdd260f2b82587817c2b931de5b8eb54b00183c036f2c3e94205e72881ac2524cb7a0b854c81bd995849bb
 MISC metadata.xml 389 BLAKE2B 130ccd29eddd855aced2084c0d42873449a4a10e3dd65137ce1994669bb65784909ccf004a9aa19b2fc70a49bdfe469977da6acf49b14dd07ed62189a9a34e0c SHA512 843b9301455128a38a366bb5bc2e8b2867664a5a61710f9db4d1ed1fb814203ab8be4bcf64eb339b4af2bd6e5f1522ae61aed38e6f19dbee238a1721c8769a01
diff --git a/sys-apps/fwupd-efi/files/fwupd-efi-1.4-uefi_210_fixes.patch b/sys-apps/fwupd-efi/files/fwupd-efi-1.4-uefi_210_fixes.patch
new file mode 100644
index 000000000000..d4de5f174857
--- /dev/null
+++ b/sys-apps/fwupd-efi/files/fwupd-efi-1.4-uefi_210_fixes.patch
@@ -0,0 +1,107 @@
+From bd958f2e8f03a85a7e1fe40a3ca7b78e0b24b79f Mon Sep 17 00:00:00 2001
+From: Callum Farmer <gmbr3@opensuse.org>
+Date: Sat, 11 Feb 2023 15:39:06 +0000
+Subject: [PATCH] UEFI 2.10 fixes
+
+Revert "Align sections to 512 bytes"
+
+This is not permitted according to the Microsoft
+guidelines which require section alignment to be
+the same as the page size of the architecture which
+for all supported archs is the default in Binutils
+
+https://techcommunity.microsoft.com/t5/hardware-dev-center/new-uefi-ca-memory-mitigation-requirements-for-signing/ba-p/3608714
+
+This reverts commit c60c0b8dfda71275ab40bdb316a6ca650c7a8948.
+
+Keep .areloc ARM32 section
+
+This is the psuedo .reloc section but renamed only on ARM32 to avoid
+a bad RELSZ value (gnu-efi 3.0.18+)
+
+Only use 4KiB pages on aarch64
+
+Binutils is currently configured by default
+to use 64KiB pages on aarch64, however this
+is not allowed by the UEFI specification
+
+Check if crt0 contains .note.GNU-stack section
+
+We need the .note.GNU-stack section for NX
+compat. If we don't have a new enough
+gnu-efi, error as the gnu-efi libraries
+themselves must have been built as NX
+for this to work
+
+Signed-off-by: Callum Farmer <gmbr3@opensuse.org>
+---
+ efi/crt0/meson.build   |  1 +
+ efi/generate_binary.py |  4 ++--
+ efi/meson.build        | 12 +++++++++++-
+ 3 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/efi/crt0/meson.build b/efi/crt0/meson.build
+index f5f45c5..fbd943e 100644
+--- a/efi/crt0/meson.build
++++ b/efi/crt0/meson.build
+@@ -1,3 +1,4 @@
++arch_crt_source = 'crt0-efi-@0@.S'.format(gnu_efi_path_arch)
+ o_crt0 = custom_target('efi_crt0',
+                        input : arch_crt_source,
+                        output : arch_crt,
+diff --git a/efi/generate_binary.py b/efi/generate_binary.py
+index bd2d959..e27f926 100755
+--- a/efi/generate_binary.py
++++ b/efi/generate_binary.py
+@@ -31,9 +31,9 @@ def _run_objcopy(args):
+         "-j",
+         ".rodata",
+         "-j",
++        ".areloc",
++        "-j",
+         ".rel*",
+-        "--section-alignment",
+-        "512",
+         args.infile,
+         args.outfile,
+     ]
+diff --git a/efi/meson.build b/efi/meson.build
+index 1931855..a476884 100644
+--- a/efi/meson.build
++++ b/efi/meson.build
+@@ -95,6 +95,11 @@ else
+         coff_header_in_crt0 = false
+ endif
+ 
++# For NX compat, we must ensure we have .note.GNU-stack
++if run_command('grep', '-q', '.note.GNU-stack', join_paths(efi_crtdir, arch_crt), check: false).returncode() != 0
++    error('Cannot find NX section in @0@, update to gnu-efi 3.0.15+'.format(join_paths(efi_crtdir, arch_crt)))
++endif
++
+ # older objcopy for Aarch64 and ARM32 are not EFI capable.
+ # Use 'binary' instead, and add required symbols manually.
+ if host_cpu == 'arm' or (host_cpu == 'aarch64' and (objcopy_version.version_compare ('< 2.38') or coff_header_in_crt0))
+@@ -119,7 +124,6 @@ endif
+ # is the system crt0 for arm and aarch64 new enough to know about SBAT?
+ if objcopy_manualsymbols
+   if get_option('efi_sbat_distro_id') != ''
+-    arch_crt_source = 'crt0-efi-@0@.S'.format(gnu_efi_path_arch)
+     cmd = run_command('grep', '-q', 'sbat', join_paths(efi_crtdir, arch_crt))
+     if cmd.returncode() != 0
+       warning('Cannot find SBAT section in @0@, using local copy'.format(join_paths(efi_crtdir, arch_crt)))
+@@ -187,6 +191,12 @@ efi_ldflags = ['-T',
+                '-L', efi_libdir,
+                join_paths(efi_crtdir, arch_crt)]
+ 
++if host_cpu == 'aarch64'
++# Don't use 64KiB pages
++  efi_ldflags += ['-z', 'common-page-size=4096']
++  efi_ldflags += ['-z', 'max-page-size=4096']
++endif
++
+ if objcopy_manualsymbols
+   # older objcopy for Aarch64 and ARM32 are not EFI capable.
+   # Use 'binary' instead, and add required symbols manually.
+-- 
+2.34.1
+
diff --git a/sys-apps/fwupd-efi/fwupd-efi-1.4-r1.ebuild b/sys-apps/fwupd-efi/fwupd-efi-1.4-r1.ebuild
new file mode 100644
index 000000000000..5a890daf01a9
--- /dev/null
+++ b/sys-apps/fwupd-efi/fwupd-efi-1.4-r1.ebuild
@@ -0,0 +1,71 @@
+# Copyright 2021-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_COMPAT=( python3_{10..12} )
+
+inherit meson python-any-r1 secureboot toolchain-funcs
+
+DESCRIPTION="EFI executable for fwupd"
+HOMEPAGE="https://fwupd.org"
+
+if [[ ${PV} = *9999 ]]; then
+	inherit git-r3
+	EGIT_REPO_URI="https://github.com/fwupd/fwupd-efi.git"
+else
+	SRC_URI="https://github.com/fwupd/${PN}/releases/download/${PV}/${P}.tar.xz"
+	KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+fi
+
+LICENSE="LGPL-2.1+"
+SLOT="0"
+IUSE=""
+
+BDEPEND="$(python_gen_any_dep '
+		dev-python/pefile[${PYTHON_USEDEP}]
+	')
+	virtual/pkgconfig"
+
+DEPEND="sys-boot/gnu-efi"
+
+RDEPEND="!<sys-apps/fwupd-1.6.0"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-1.4-efi_ld_override.patch	# Bug #892339
+	"${FILESDIR}"/${PN}-1.4-uefi_210_fixes.patch
+)
+
+python_check_deps() {
+	python_has_version "dev-python/pefile[${PYTHON_USEDEP}]"
+}
+
+pkg_setup() {
+	python-any-r1_pkg_setup
+	secureboot_pkg_setup
+}
+
+src_prepare() {
+	default
+
+	python_fix_shebang "${S}/efi"
+}
+
+src_configure() {
+	local emesonargs=(
+		-Defi-ld="$(tc-getLD)"
+		-Defi-libdir="${EPREFIX}"/usr/$(get_libdir)
+		-Defi_sbat_distro_id="gentoo"
+		-Defi_sbat_distro_summary="Gentoo GNU/Linux"
+		-Defi_sbat_distro_pkgname="${PN}"
+		-Defi_sbat_distro_version="${PVR}"
+		-Defi_sbat_distro_url="https://packages.gentoo.org/packages/${CATEGORY}/${PN}"
+	)
+
+	meson_src_configure
+}
+
+src_install() {
+	meson_src_install
+	secureboot_auto_sign
+}