add content

2019-05-08 14:53:59 +03:00
parent fdb66ec988
commit 840f37da49
122 changed files with 5873 additions and 0 deletions
--- a/app-crypt/lego/Manifest
+++ b/app-crypt/lego/Manifest
@@ -0,0 +1,6 @@
+DIST lego-1.0.1.tar.gz 2147839 BLAKE2B ad33e8b1cf61efd3396d584cf8506e987d8726c72726b0f4214124f81de47ef158ecc5f708ac1c7b75d5351865df48563af572812fd653eb9f30fcb3df635a4c SHA512 65f278873eb9e7fe8b17d1a65782876bf2ea8afc20b9f205b912d937e4dcc8fd40fbee0eced64e80d05d6334ccec85324edbe0c8cdd47e1a35a459d9f6e2edb5
+DIST lego-1.2.1.tar.gz 4307533 BLAKE2B 1f5c35a456a30cbf8722dc61356f7072e94231627ea4edac0e3bda53d35a86ce8abe2aaf9669b5c475b5766233c40c9fb7b364bd24707bf9c9960356a676e1e9 SHA512 b326b27a768d7c767df1401ff7497eb73b7f2842ebbbc3a1ccb1907d031c2397aca2d1e47c150b46bd5a3421306e67de80d31c247d28402acfd47d6be251336b
+DIST lego-2.4.0.tar.gz 4595834 BLAKE2B cbf538c497455ba37b6c0648c97919971d758dfbffe92f9c38bcf65536f4e0393ae85f4efe46c820339f7f7e82bc434bcdd2a3b2b2f2fab97d58c1bf6eee5e3d SHA512 aaed154fed3bc5d490c945a31170c934b8115ea60f0811d5e2f781eeb8befe4b94692d4890a42d3c88eca390574b60dd0cae2a7d8c35474b58b2e1d6bd817aec
+EBUILD lego-1.0.1.ebuild 812 BLAKE2B 4c6f7486778b877f67e9ea674b31df289c306c3fffdc1b0bd5dfdf74866fabcef908b502d605a840acbf520ecf4b4341500a7c046d48fa27ee8df882dd91f9b8 SHA512 764ef611797dab0adbff773bb3b9a3cf1724fe1b636f275808e07d1310f2ca568365ff78ddc940523c00462a0c65e25b736fd76be8a223e0f01874bd0785e8f5
+EBUILD lego-1.2.1.ebuild 812 BLAKE2B 4c6f7486778b877f67e9ea674b31df289c306c3fffdc1b0bd5dfdf74866fabcef908b502d605a840acbf520ecf4b4341500a7c046d48fa27ee8df882dd91f9b8 SHA512 764ef611797dab0adbff773bb3b9a3cf1724fe1b636f275808e07d1310f2ca568365ff78ddc940523c00462a0c65e25b736fd76be8a223e0f01874bd0785e8f5
+EBUILD lego-2.4.0.ebuild 832 BLAKE2B af396f02f21680e339eca2e5142eb87ac1e83a60dc0e4683a8c0aac1aac241b394e7d1ae6ae02e118a36630eaa2727fa290433b89fa9f9cb2a3bc0167c3f6c0e SHA512 9ad70f7cece1dbfe93e9cf50339b16d4f0fef004724b4694fb85a20d51d4330dbf66fc724d6894ce5900b5c305ec10ce07a071695de0129f7219f35af9441b62
--- a/app-crypt/lego/lego-1.0.1.ebuild
+++ b/app-crypt/lego/lego-1.0.1.ebuild
@@ -0,0 +1,31 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+EGO_PN="github.com/xenolf/lego"
+
+inherit golang-build golang-vcs-snapshot
+
+KEYWORDS="~amd64"
+
+DESCRIPTION="Let's Encrypt client and ACME library written in Go"
+HOMEPAGE="https://github.com/xenolf/lego"
+SRC_URI="https://${EGO_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+LICENSE="MIT"
+SLOT="0"
+IUSE="selinux"
+
+RDEPEND="selinux? ( sec-policy/selinux-lego )"
+
+src_compile() {
+                export GOPATH="${S}:$(get_golibdir_gopath)"
+                cd src/${EGO_PN} || die
+                go build -ldflags="-s -X main.version=${PV}" -o bin/lego || die
+}
+
+src_install() {
+                pushd src/${EGO_PN} >& /dev/null || die
+                dobin bin/*
+                popd >& /dev/null || die
+}
--- a/app-crypt/lego/lego-1.2.1.ebuild
+++ b/app-crypt/lego/lego-1.2.1.ebuild
@@ -0,0 +1,31 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+EGO_PN="github.com/xenolf/lego"
+
+inherit golang-build golang-vcs-snapshot
+
+KEYWORDS="~amd64"
+
+DESCRIPTION="Let's Encrypt client and ACME library written in Go"
+HOMEPAGE="https://github.com/xenolf/lego"
+SRC_URI="https://${EGO_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+LICENSE="MIT"
+SLOT="0"
+IUSE="selinux"
+
+RDEPEND="selinux? ( sec-policy/selinux-lego )"
+
+src_compile() {
+                export GOPATH="${S}:$(get_golibdir_gopath)"
+                cd src/${EGO_PN} || die
+                go build -ldflags="-s -X main.version=${PV}" -o bin/lego || die
+}
+
+src_install() {
+                pushd src/${EGO_PN} >& /dev/null || die
+                dobin bin/*
+                popd >& /dev/null || die
+}
--- a/app-crypt/lego/lego-2.4.0.ebuild
+++ b/app-crypt/lego/lego-2.4.0.ebuild
@@ -0,0 +1,32 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+EGO_PN="github.com/go-acme/lego"
+
+inherit golang-build golang-vcs-snapshot
+
+KEYWORDS="amd64"
+
+DESCRIPTION="Let's Encrypt client and ACME library written in Go"
+HOMEPAGE="https://go-acme.github.io/lego/"
+SRC_URI="https://${EGO_PN}/archive/v${PV}.tar.gz -> ${P}.tar.gz"
+
+LICENSE="MIT"
+SLOT="0"
+IUSE="selinux"
+
+RDEPEND="selinux? ( sec-policy/selinux-lego )"
+
+src_compile() {
+                export GOPATH="${S}:$(get_golibdir_gopath)"
+                cd src/${EGO_PN} || die
+                go build -ldflags="-s -X main.version=${PV}" -o dist/lego ./cmd/lego/ || die
+}
+
+src_install() {
+                pushd src/${EGO_PN} >& /dev/null || die
+                dobin dist/${PN}
+                popd >& /dev/null || die
+}
--- a/app-crypt/sbsigntools/Manifest
+++ b/app-crypt/sbsigntools/Manifest
@@ -0,0 +1,6 @@
+AUX 0002-image.c-clear-image-variable.patch 822 BLAKE2B acb775f625ecd081d9b3d7e497b066218e82d2dc13f80c473c25361dc85098ee15e5f14530334e47c33fe7cc9b2349ffb1aaba7abe4fdd33bfdde05ed9191c39 SHA512 004ba118cbe8fe5cc291888966e5994373c0b9d8149bc5c652a72971138fab5e64d721061c69e8b864d6ca5cdb4ffa193520156941b6bd9c998b256f8d72697b
+AUX 0003-Fix-for-multi-sign.patch 1452 BLAKE2B eaa6e39c18d13f3819d5852eda27eb5a8d589241224965392f1b1e067b5cb9ff0ece7fa83697e5fb6f5f8dd0acec15b7bbe57fcd5f761fcb2e8e1fc51193641f SHA512 2aba55a116536e7f41e4aac2fd33eeb92cf89b14bcdd8b93b6e9dc9bdaf2f0162134e56f7d365640445bf801ad8590f6d49f14cdf80b791324647067d52ae435
+AUX sbsigntools-0.9.1-openssl-1.1.0-compat.patch 4727 BLAKE2B 3b47c8086220cf12778bf5cd6018627a30ea349677eeb2cfcd1eaa1b83a25d39499ab21a1a123181a51f4138624c17e574050216f59c480e38d9774936f8b6f0 SHA512 6946e1d67161345088aee3ab54129b6e904b6008f2b275ab4eb55ed24fb2b866029f7d7ca856c5dfe76c395580f04709ad1be974369a1b4954b9e87cf812fd4b
+DIST sbsigntool_0.6.orig.tar.gz 212375 BLAKE2B fab9141c7fbfa01ec24f975503ac83be4ae0664251a1311afb3d95124fec3750ce20a5ffab35b6965d4ee4585ab4ee91f25ae49488214a983b6fc006071d0968 SHA512 ed314d1cb7278cf5f27d4c3cd17f2195678419a7f9e47770429b6f95df35f7df035331e60c45970183ddd9b150a9b752f876c777929598b0525872b3255af95c
+EBUILD sbsigntools-0.6-r2.ebuild 1175 BLAKE2B 929699251878c2860398192e990a9e502453e50f8d3b5259dc8e7bc0f6a9ffe6e746016f120efb24b92b0a934033bd1763f7a9f6592e421b49903da6e81e3951 SHA512 7751a727c445f3e50d5669aafce8f2e4869789c988c1a32a097be814ec466a2e876f80b454c2d0817d590206ccb6ae0f24ed845cf4dee26ca5bae55ff8accd4d
+MISC metadata.xml 291 BLAKE2B 0aeb75750176d719f10db508a8924d0bf2fe75e8544b275a7c7e11c44320ce4f7819febb093dd3083a33a998a225f2a3b882407a8ffc03d1a57d03cbfc0a7ff2 SHA512 f7a520fc9a216ff983bd3d361c6ddb3b635eb5dcd94ed042e7c5d0beb0b4e10cdb231e2b4ace599ebb93d4bb46e071a744f1a780ec83f451bb2ee6bad4c2d8cc
--- a/app-crypt/sbsigntools/files/0002-image.c-clear-image-variable.patch
+++ b/app-crypt/sbsigntools/files/0002-image.c-clear-image-variable.patch
@@ -0,0 +1,29 @@
+From 21e984fa9d93a760cc03f5d9d13d023809227df2 Mon Sep 17 00:00:00 2001
+From: James Bottomley <JBottomley@Parallels.com>
+Date: Thu, 11 Apr 2013 21:12:17 -0700
+Subject: image.c: clear image variable
+
+Not zeroing the image after talloc occasionally leads to a segfault because
+the programme thinks it has a signature when in reality it just has a junk
+pointer and segfaults.
+
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+---
+ src/image.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/image.c b/src/image.c
+index cc55791..10eba0e 100644
+--- a/src/image.c
+++ b/src/image.c
+@@ -401,6 +401,7 @@ struct image *image_load(const char *filename)
+ 		return NULL;
+ 	}
+ 
+	memset(image, 0, sizeof(*image));
+ 	rc = fileio_read_file(image, filename, &image->buf, &image->size);
+ 	if (rc)
+ 		goto err;
+-- 
+1.8.2.1
+
--- a/app-crypt/sbsigntools/files/0003-Fix-for-multi-sign.patch
+++ b/app-crypt/sbsigntools/files/0003-Fix-for-multi-sign.patch
@@ -0,0 +1,39 @@
+From e58a528ef57e53008222f238cce7c326a14572e2 Mon Sep 17 00:00:00 2001
+From: James Bottomley <JBottomley@Parallels.com>
+Date: Mon, 30 Sep 2013 19:25:37 -0700
+Subject: [PATCH 4/4] Fix for multi-sign
+
+The new Tianocore multi-sign code fails now for images signed with
+sbsigntools.  The reason is that we don't actually align the signature table,
+we just slap it straight after the binary data.  Unfortunately, the new
+multi-signature code checks that our alignment offsets are correct and fails
+the signature for this reason.  Fix by adding junk to the end of the image to
+align the signature section.
+
+Signed-off-by: James Bottomley <JBottomley@Parallels.com>
+---
+ src/image.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/image.c b/src/image.c
+index 10eba0e..519e288 100644
+--- a/src/image.c
+++ b/src/image.c
+@@ -385,7 +385,13 @@ static int image_find_regions(struct image *image)
+ 
+ 	/* record the size of non-signature data */
+ 	r = &image->checksum_regions[image->n_checksum_regions - 1];
+-	image->data_size = (r->data - (void *)image->buf) + r->size;
+	/*
+	 * The new Tianocore multisign does a stricter check of the signatures
+	 * in particular, the signature table must start at an aligned offset
+	 * fix this by adding bytes to the end of the text section (which must
+	 * be included in the hash)
+	 */
+	image->data_size = align_up((r->data - (void *)image->buf) + r->size, 8);
+ 
+ 	return 0;
+ }
+-- 
+1.8.4
+
--- a/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch
+++ b/app-crypt/sbsigntools/files/sbsigntools-0.9.1-openssl-1.1.0-compat.patch
@@ -0,0 +1,152 @@
+diff --git a/src/fileio.c b/src/fileio.c
+index 032eb1e..09bc3aa 100644
+--- a/src/fileio.c
+++ b/src/fileio.c
+@@ -40,6 +40,7 @@
+ #include <openssl/pem.h>
+ #include <openssl/err.h>
+ #include <openssl/engine.h>
+#include <openssl/ui.h>
+ 
+ #include <ccan/talloc/talloc.h>
+ #include <ccan/read_write_all/read_write_all.h>
+diff --git a/src/idc.c b/src/idc.c
+index 236cefd..6d87bd4 100644
+--- a/src/idc.c
+++ b/src/idc.c
+@@ -238,7 +238,11 @@ struct idc *IDC_get(PKCS7 *p7, BIO *bio)
+ 
+ 	/* extract the idc from the signed PKCS7 'other' data */
+ 	str = p7->d.sign->contents->d.other->value.asn1_string;
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	idcbuf = buf = ASN1_STRING_data(str);
+#else
+	idcbuf = buf = ASN1_STRING_get0_data(str);
+#endif
+ 	idc = d2i_IDC(NULL, &buf, ASN1_STRING_length(str));
+ 
+ 	/* If we were passed a BIO, write the idc data, minus type and length,
+@@ -289,7 +293,11 @@ int IDC_check_hash(struct idc *idc, struct image *image)
+ 	}
+ 
+ 	/* check hash against the one we calculated from the image */
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	buf = ASN1_STRING_data(str);
+#else
+	buf = ASN1_STRING_get0_data(str);
+#endif
+ 	if (memcmp(buf, sha, sizeof(sha))) {
+ 		fprintf(stderr, "Hash doesn't match image\n");
+ 		fprintf(stderr, " got:       %s\n", sha256_str(buf));
+diff --git a/src/sbattach.c b/src/sbattach.c
+index a0c01b8..e89a23e 100644
+--- a/src/sbattach.c
+++ b/src/sbattach.c
+@@ -231,6 +231,7 @@ int main(int argc, char **argv)
+ 		return EXIT_FAILURE;
+ 	}
+ 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	ERR_load_crypto_strings();
+ 	OpenSSL_add_all_digests();
+ 	OPENSSL_config(NULL);
+@@ -239,6 +240,7 @@ int main(int argc, char **argv)
+ 	 * module isn't present).  In either case ignore the errors
+ 	 * (malloc will cause other failures out lower down */
+ 	ERR_clear_error();
+#endif
+ 
+ 	image = image_load(image_filename);
+ 	if (!image) {
+diff --git a/src/sbkeysync.c b/src/sbkeysync.c
+index 7b17f40..419b1e7 100644
+--- a/src/sbkeysync.c
+++ b/src/sbkeysync.c
+@@ -208,7 +208,11 @@ static int x509_key_parse(struct key *key, uint8_t *data, size_t len)
+ 		goto out;
+ 
+ 	key->id_len = ASN1_STRING_length(serial);
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len);
+#else
+	key->id = talloc_memdup(key, ASN1_STRING_get0_data(serial), key->id_len);
+#endif
+ 
+ 	key->description = talloc_array(key, char, description_len);
+ 	X509_NAME_oneline(X509_get_subject_name(x509),
+@@ -927,6 +931,7 @@ int main(int argc, char **argv)
+ 		return EXIT_FAILURE;
+ 	}
+ 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	ERR_load_crypto_strings();
+ 	OpenSSL_add_all_digests();
+ 	OpenSSL_add_all_ciphers();
+@@ -936,6 +941,7 @@ int main(int argc, char **argv)
+ 	 * module isn't present).  In either case ignore the errors
+ 	 * (malloc will cause other failures out lower down */
+ 	ERR_clear_error();
+#endif
+ 
+ 	ctx->filesystem_keys = init_keyset(ctx);
+ 	ctx->firmware_keys = init_keyset(ctx);
+diff --git a/src/sbsign.c b/src/sbsign.c
+index ff1fdfd..78d8d64 100644
+--- a/src/sbsign.c
+++ b/src/sbsign.c
+@@ -188,6 +188,7 @@ int main(int argc, char **argv)
+ 
+ 	talloc_steal(ctx, ctx->image);
+ 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	ERR_load_crypto_strings();
+ 	OpenSSL_add_all_digests();
+ 	OpenSSL_add_all_ciphers();
+@@ -197,6 +198,7 @@ int main(int argc, char **argv)
+ 	 * module isn't present).  In either case ignore the errors
+ 	 * (malloc will cause other failures out lower down */
+ 	ERR_clear_error();
+#endif
+ 	if (engine)
+ 		pkey = fileio_read_engine_key(engine, keyfilename);
+ 	else
+diff --git a/src/sbvarsign.c b/src/sbvarsign.c
+index 7dcbe51..9319c8b 100644
+--- a/src/sbvarsign.c
+++ b/src/sbvarsign.c
+@@ -509,6 +509,7 @@ int main(int argc, char **argv)
+ 		return EXIT_FAILURE;
+ 	}
+ 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	/* initialise openssl */
+ 	OpenSSL_add_all_digests();
+ 	OpenSSL_add_all_ciphers();
+@@ -519,6 +520,7 @@ int main(int argc, char **argv)
+ 	 * module isn't present).  In either case ignore the errors
+ 	 * (malloc will cause other failures out lower down */
+ 	ERR_clear_error();
+#endif
+ 
+ 	/* set up the variable signing context */
+ 	varname = argv[optind];
+diff --git a/src/sbverify.c b/src/sbverify.c
+index 3920d91..d0b203a 100644
+--- a/src/sbverify.c
+++ b/src/sbverify.c
+@@ -250,6 +250,7 @@ int main(int argc, char **argv)
+ 	verbose = false;
+ 	detached_sig_filename = NULL;
+ 
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ 	OpenSSL_add_all_digests();
+ 	ERR_load_crypto_strings();
+ 	OPENSSL_config(NULL);
+@@ -258,6 +259,7 @@ int main(int argc, char **argv)
+ 	 * module isn't present).  In either case ignore the errors
+ 	 * (malloc will cause other failures out lower down */
+ 	ERR_clear_error();
+#endif
+ 
+ 	for (;;) {
+ 		int idx;
--- a/app-crypt/sbsigntools/metadata.xml
+++ b/app-crypt/sbsigntools/metadata.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>tamiko@gentoo.org</email>
+	</maintainer>
+	<upstream>
+		<remote-id type="launchpad">ubuntu</remote-id>
+	</upstream>
+</pkgmetadata>
--- a/app-crypt/sbsigntools/sbsigntools-0.6-r2.ebuild
+++ b/app-crypt/sbsigntools/sbsigntools-0.6-r2.ebuild
@@ -0,0 +1,44 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="5"
+
+MY_PN="${PN::-1}"
+
+inherit eutils toolchain-funcs
+
+DESCRIPTION="Utilities for signing and verifying files for UEFI Secure Boot"
+HOMEPAGE="https://launchpad.net/ubuntu/+source/sbsigntool"
+SRC_URI="https://launchpad.net/ubuntu/+archive/primary/+files/${MY_PN}_${PV}.orig.tar.gz"
+
+LICENSE="GPL-3"
+SLOT="0"
+KEYWORDS="amd64 x86"
+IUSE="libressl"
+
+RDEPEND="
+	!libressl? ( dev-libs/openssl:0= )
+	libressl? ( dev-libs/libressl:0= )
+	sys-apps/util-linux"
+DEPEND="${RDEPEND}
+	sys-apps/help2man
+	sys-boot/gnu-efi
+	sys-libs/binutils-libs
+	virtual/pkgconfig"
+
+S="${WORKDIR}/${MY_PN}-${PV}"
+
+src_prepare() {
+	local iarch
+	case ${ARCH} in
+		ia64)  iarch=ia64 ;;
+		x86)   iarch=ia32 ;;
+		amd64) iarch=x86_64 ;;
+		*)     die "unsupported architecture: ${ARCH}" ;;
+	esac
+	sed -i "/^EFI_ARCH=/s:=.*:=${iarch}:" configure || die
+	sed -i 's/-m64$/& -march=x86-64/' tests/Makefile.in || die
+	sed -i "/^AR /s:=.*:= $(tc-getAR):" lib/ccan/Makefile.in || die #481480
+	epatch "${FILESDIR}"/0002-image.c-clear-image-variable.patch
+	epatch "${FILESDIR}"/0003-Fix-for-multi-sign.patch
+}