[arch-commits] Commit in sbsigntools/repos/extra-x86_64 (6 files)
Tobias Powalowski
tpowa at archlinux.org
Fri Jun 22 08:25:46 UTC 2018
Date: Friday, June 22, 2018 @ 08:25:46
Author: tpowa
Revision: 327441
archrelease: copy trunk to extra-x86_64
Added:
sbsigntools/repos/extra-x86_64/0001-sbsigntools-fix-autogen.sh-for-build-service.patch
(from rev 327440, sbsigntools/trunk/0001-sbsigntools-fix-autogen.sh-for-build-service.patch)
sbsigntools/repos/extra-x86_64/PKGBUILD
(from rev 327440, sbsigntools/trunk/PKGBUILD)
sbsigntools/repos/extra-x86_64/update-openssl-api-usage-to-support-openssl-1.1.patch
(from rev 327440, sbsigntools/trunk/update-openssl-api-usage-to-support-openssl-1.1.patch)
Deleted:
sbsigntools/repos/extra-x86_64/0001-sbsigntools-fix-autogen.sh-for-build-service.patch
sbsigntools/repos/extra-x86_64/PKGBUILD
sbsigntools/repos/extra-x86_64/update-openssl-api-usage-to-support-openssl-1.1.patch
---------------------------------------------------------+
0001-sbsigntools-fix-autogen.sh-for-build-service.patch | 554 +++++++-------
PKGBUILD | 91 +-
update-openssl-api-usage-to-support-openssl-1.1.patch | 286 +++----
3 files changed, 464 insertions(+), 467 deletions(-)
Deleted: 0001-sbsigntools-fix-autogen.sh-for-build-service.patch
===================================================================
--- 0001-sbsigntools-fix-autogen.sh-for-build-service.patch 2018-06-22 08:25:39 UTC (rev 327440)
+++ 0001-sbsigntools-fix-autogen.sh-for-build-service.patch 2018-06-22 08:25:46 UTC (rev 327441)
@@ -1,277 +0,0 @@
-From c8c7e1ba97d15433247bcf87e88485cf7c6b7cc3 Mon Sep 17 00:00:00 2001
-From: James Bottomley <JBottomley at Parallels.com>
-Date: Tue, 26 Jun 2012 09:49:05 +0100
-Subject: sbsigntools: fix autogen.sh for build service
-
----
- AUTHORS | 4 ++
- ChangeLog | 224 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
- autogen.sh | 10 ---
- 3 files changed, 228 insertions(+), 10 deletions(-)
- create mode 100644 AUTHORS
- create mode 100644 ChangeLog
-
-diff --git a/AUTHORS b/AUTHORS
-new file mode 100644
-index 0000000..3eaa355
---- /dev/null
-+++ b/AUTHORS
-@@ -0,0 +1,4 @@
-+ Adam Conrad
-+ Ivan Hu
-+ James Bottomley
-+ Jeremy Kerr
-diff --git a/ChangeLog b/ChangeLog
-new file mode 100644
-index 0000000..d5d5ea6
---- /dev/null
-+++ b/ChangeLog
-@@ -0,0 +1,224 @@
-+2012-06-20 c07dfb9 Ivan Hu <ivan.hu at canonical.com>
-+
-+ * configure: Add check for bfh.h
-+
-+2012-06-19 5e07c4e Ivan Hu <ivan.hu at canonical.com>
-+
-+ * tests: Add a test to check invalid PKCS7 signature attaching
-+
-+2012-06-19 bfb778e Ivan Hu <ivan.hu at canonical.com>
-+
-+ * sbattach: Check that attached signatures are valid PKCS7 data
-+
-+2012-06-14 bf6df84 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbverify: Use a variable for image filename
-+
-+2012-06-13 9b7f7fb Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * image: Unconditionally parse PE/COFF data
-+
-+2012-06-13 128f1c1 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbverify: Check for failed image load
-+
-+2012-06-13 b48e256 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * tests: Add tests for missing image, cert & key files
-+
-+2012-06-13 0af5e01 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * tests: Execute tests in a clean (temporary) directory
-+
-+2012-06-13 8716e88 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * tests: Use COMPILE.S for assembing test object
-+
-+2012-06-13 807f0e6 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * Version 0.2
-+
-+2012-06-13 7c2d8bb Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * docs: Add simple manpage for sbattach
-+
-+2012-06-13 deb9211 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * automake: Clean generated man files
-+
-+2012-06-13 3cde1e4 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * tests: Add a few simple tests
-+
-+2012-06-13 cc881c2 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * Remove unused test.c file
-+
-+2012-06-12 4c79e3a Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbattach: Add too to manage detached signatures
-+
-+2012-06-12 564f5bc Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * image: Add facility to write unsigned images
-+
-+2012-06-11 a07b8d2 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbsign,sbverify: Update getopt_long optstrings
-+
-+2012-06-11 5836038 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbverify: Add support for detached signatures
-+
-+2012-06-11 b8a7d51 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbverify: Split image signature table reading to separate function
-+
-+2012-06-11 e9f438c Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * Fix warnings from added -W flags
-+
-+2012-06-11 f19e8bb Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * automake: Add -Wall -Wextra CFLAGS
-+
-+2012-06-11 af4f088 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbsign: Add --detached option to create detached PKCS7 signatures
-+
-+2012-06-11 0c9fbd2 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbsign: fix flag for verbose operation
-+
-+2012-06-11 3673db1 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * docs: Fix manpage creation
-+
-+2012-05-29 9b2f3a7 Adam Conrad <adconrad at 0c3.net>
-+
-+ * autogen.sh: Fix ccan_module assignment
-+
-+2012-05-28 3fb0f00 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * image: use read_write_all from ccan
-+
-+2012-05-28 f1112b4 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * image: Fix format specifier for 32-bit builds
-+
-+2012-05-24 d5e634c Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * autoconfiscate
-+
-+2012-05-23 82f8c30 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * docs: Add initial manpages
-+
-+2012-05-23 c14efcb Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbsign,sbverify: help2man-ize usage output
-+
-+2012-05-23 98a4f10 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * Makefile: Add dist targets
-+
-+2012-05-22 1b2b5c6 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * ccan: Add ccan import logic
-+
-+2012-05-15 6ff68e5 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * Move ccan submodule
-+
-+2012-05-15 9a08e25 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * Remove unused header
-+
-+2012-05-14 bc618c5 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * Remove pkcs7-simple test file
-+
-+2012-05-14 9ac930e Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * Makefile: add install target
-+
-+2012-05-14 a1b270f Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * Makefile: Comment components
-+
-+2012-05-14 c67b82a Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbverify: clean up openssl init
-+
-+2012-05-14 c499763 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbverify: add check for invalid PKCS7 data
-+
-+2012-05-14 74eb766 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbverify: Add certificate chain verification
-+
-+2012-05-12 e111127 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * verify: move idc-related parsing to idc.c
-+
-+2012-05-12 46cf6a6 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbsign: fix incorrect check for certificate load
-+
-+2012-05-12 57d9f0c Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * image: reformat gap warnings
-+
-+2012-05-12 ab05bec Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * image: add cert table to image size
-+
-+2012-05-12 e1fec08 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbverify: Add check for image hash
-+
-+2012-05-12 fefe97c Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbverify: check for presence of signature table
-+
-+2012-05-12 b73f723 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * Makefile: add $(tools) var
-+
-+2012-05-12 55b1940 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbsigntool -> sbsign
-+
-+2012-05-12 a183de9 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * image: open output file with O_TRUNC
-+
-+2012-04-24 04b70fc Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * sbsigntooL: expand usage info
-+
-+2012-04-24 9826a43 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * Add GPLv3 text in COPYING
-+
-+2012-04-24 906654e Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * coff: remove unneeded coff includes
-+
-+2012-04-23 9d3c8b5 Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * Add copyright comments
-+
-+2012-04-23 e019eec Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * image: warn about potential checksum differences
-+
-+2012-04-23 01e33cd Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * idc: allocate using the image context
-+
-+2012-04-23 acd8c0a Jeremy Kerr <jeremy.kerr at canonical.com>
-+
-+ * Initial commit
-+
-diff --git a/autogen.sh b/autogen.sh
-index 32ea6f6..117835b 100755
---- a/autogen.sh
-+++ b/autogen.sh
-@@ -16,16 +16,6 @@ then
- --build-type=automake lib/ccan $ccan_modules
- fi
-
--# Create generatable docs from git
--(
-- echo "Authors of sbsigntool:"
-- echo
-- git log --format='%an' | sort -u | sed 's,^,\t,'
--) > AUTHORS
--
--# Generate simple ChangeLog
--git log --date=short --format='%ad %t %an <%ae>%n%n * %s%n' > ChangeLog
--
- # automagic
- aclocal
- autoheader
---
-2.1.2
-
Copied: sbsigntools/repos/extra-x86_64/0001-sbsigntools-fix-autogen.sh-for-build-service.patch (from rev 327440, sbsigntools/trunk/0001-sbsigntools-fix-autogen.sh-for-build-service.patch)
===================================================================
--- 0001-sbsigntools-fix-autogen.sh-for-build-service.patch (rev 0)
+++ 0001-sbsigntools-fix-autogen.sh-for-build-service.patch 2018-06-22 08:25:46 UTC (rev 327441)
@@ -0,0 +1,277 @@
+From c8c7e1ba97d15433247bcf87e88485cf7c6b7cc3 Mon Sep 17 00:00:00 2001
+From: James Bottomley <JBottomley at Parallels.com>
+Date: Tue, 26 Jun 2012 09:49:05 +0100
+Subject: sbsigntools: fix autogen.sh for build service
+
+---
+ AUTHORS | 4 ++
+ ChangeLog | 224 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ autogen.sh | 10 ---
+ 3 files changed, 228 insertions(+), 10 deletions(-)
+ create mode 100644 AUTHORS
+ create mode 100644 ChangeLog
+
+diff --git a/AUTHORS b/AUTHORS
+new file mode 100644
+index 0000000..3eaa355
+--- /dev/null
++++ b/AUTHORS
+@@ -0,0 +1,4 @@
++ Adam Conrad
++ Ivan Hu
++ James Bottomley
++ Jeremy Kerr
+diff --git a/ChangeLog b/ChangeLog
+new file mode 100644
+index 0000000..d5d5ea6
+--- /dev/null
++++ b/ChangeLog
+@@ -0,0 +1,224 @@
++2012-06-20 c07dfb9 Ivan Hu <ivan.hu at canonical.com>
++
++ * configure: Add check for bfh.h
++
++2012-06-19 5e07c4e Ivan Hu <ivan.hu at canonical.com>
++
++ * tests: Add a test to check invalid PKCS7 signature attaching
++
++2012-06-19 bfb778e Ivan Hu <ivan.hu at canonical.com>
++
++ * sbattach: Check that attached signatures are valid PKCS7 data
++
++2012-06-14 bf6df84 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbverify: Use a variable for image filename
++
++2012-06-13 9b7f7fb Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * image: Unconditionally parse PE/COFF data
++
++2012-06-13 128f1c1 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbverify: Check for failed image load
++
++2012-06-13 b48e256 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * tests: Add tests for missing image, cert & key files
++
++2012-06-13 0af5e01 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * tests: Execute tests in a clean (temporary) directory
++
++2012-06-13 8716e88 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * tests: Use COMPILE.S for assembing test object
++
++2012-06-13 807f0e6 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * Version 0.2
++
++2012-06-13 7c2d8bb Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * docs: Add simple manpage for sbattach
++
++2012-06-13 deb9211 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * automake: Clean generated man files
++
++2012-06-13 3cde1e4 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * tests: Add a few simple tests
++
++2012-06-13 cc881c2 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * Remove unused test.c file
++
++2012-06-12 4c79e3a Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbattach: Add too to manage detached signatures
++
++2012-06-12 564f5bc Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * image: Add facility to write unsigned images
++
++2012-06-11 a07b8d2 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbsign,sbverify: Update getopt_long optstrings
++
++2012-06-11 5836038 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbverify: Add support for detached signatures
++
++2012-06-11 b8a7d51 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbverify: Split image signature table reading to separate function
++
++2012-06-11 e9f438c Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * Fix warnings from added -W flags
++
++2012-06-11 f19e8bb Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * automake: Add -Wall -Wextra CFLAGS
++
++2012-06-11 af4f088 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbsign: Add --detached option to create detached PKCS7 signatures
++
++2012-06-11 0c9fbd2 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbsign: fix flag for verbose operation
++
++2012-06-11 3673db1 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * docs: Fix manpage creation
++
++2012-05-29 9b2f3a7 Adam Conrad <adconrad at 0c3.net>
++
++ * autogen.sh: Fix ccan_module assignment
++
++2012-05-28 3fb0f00 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * image: use read_write_all from ccan
++
++2012-05-28 f1112b4 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * image: Fix format specifier for 32-bit builds
++
++2012-05-24 d5e634c Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * autoconfiscate
++
++2012-05-23 82f8c30 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * docs: Add initial manpages
++
++2012-05-23 c14efcb Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbsign,sbverify: help2man-ize usage output
++
++2012-05-23 98a4f10 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * Makefile: Add dist targets
++
++2012-05-22 1b2b5c6 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * ccan: Add ccan import logic
++
++2012-05-15 6ff68e5 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * Move ccan submodule
++
++2012-05-15 9a08e25 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * Remove unused header
++
++2012-05-14 bc618c5 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * Remove pkcs7-simple test file
++
++2012-05-14 9ac930e Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * Makefile: add install target
++
++2012-05-14 a1b270f Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * Makefile: Comment components
++
++2012-05-14 c67b82a Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbverify: clean up openssl init
++
++2012-05-14 c499763 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbverify: add check for invalid PKCS7 data
++
++2012-05-14 74eb766 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbverify: Add certificate chain verification
++
++2012-05-12 e111127 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * verify: move idc-related parsing to idc.c
++
++2012-05-12 46cf6a6 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbsign: fix incorrect check for certificate load
++
++2012-05-12 57d9f0c Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * image: reformat gap warnings
++
++2012-05-12 ab05bec Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * image: add cert table to image size
++
++2012-05-12 e1fec08 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbverify: Add check for image hash
++
++2012-05-12 fefe97c Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbverify: check for presence of signature table
++
++2012-05-12 b73f723 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * Makefile: add $(tools) var
++
++2012-05-12 55b1940 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbsigntool -> sbsign
++
++2012-05-12 a183de9 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * image: open output file with O_TRUNC
++
++2012-04-24 04b70fc Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * sbsigntooL: expand usage info
++
++2012-04-24 9826a43 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * Add GPLv3 text in COPYING
++
++2012-04-24 906654e Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * coff: remove unneeded coff includes
++
++2012-04-23 9d3c8b5 Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * Add copyright comments
++
++2012-04-23 e019eec Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * image: warn about potential checksum differences
++
++2012-04-23 01e33cd Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * idc: allocate using the image context
++
++2012-04-23 acd8c0a Jeremy Kerr <jeremy.kerr at canonical.com>
++
++ * Initial commit
++
+diff --git a/autogen.sh b/autogen.sh
+index 32ea6f6..117835b 100755
+--- a/autogen.sh
++++ b/autogen.sh
+@@ -16,16 +16,6 @@ then
+ --build-type=automake lib/ccan $ccan_modules
+ fi
+
+-# Create generatable docs from git
+-(
+- echo "Authors of sbsigntool:"
+- echo
+- git log --format='%an' | sort -u | sed 's,^,\t,'
+-) > AUTHORS
+-
+-# Generate simple ChangeLog
+-git log --date=short --format='%ad %t %an <%ae>%n%n * %s%n' > ChangeLog
+-
+ # automagic
+ aclocal
+ autoheader
+--
+2.1.2
+
Deleted: PKGBUILD
===================================================================
--- PKGBUILD 2018-06-22 08:25:39 UTC (rev 327440)
+++ PKGBUILD 2018-06-22 08:25:46 UTC (rev 327441)
@@ -1,47 +0,0 @@
-# $Id$
-# Maintainer: Tobias Powalowski <tpowa at archlinux.org>
-# Contributor : Mico Tischler <mt-ml at gmx dot net>
-# Contributor : Keshav Amburay <(the ddoott ridikulus ddoott rat) (aatt) (gemmaeiil) (ddoott) (ccoomm)>
-
-pkgname="sbsigntools"
-pkgver=0.8
-pkgrel=2
-pkgdesc="Tools to add signatures to EFI binaries and Drivers"
-arch=('x86_64' 'i686')
-url="https://build.opensuse.org/package/show/home:jejb1:UEFI/sbsigntools"
-license=('GPL3')
-makedepends=('gnu-efi-libs' 'help2man' 'git')
-depends=('libutil-linux' 'openssl')
-source=("git+https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git#tag=v${pkgver}"
- "git://git.ozlabs.org/~ccan/ccan"
- "0001-sbsigntools-fix-autogen.sh-for-build-service.patch"
- update-openssl-api-usage-to-support-openssl-1.1.patch)
-sha256sums=('SKIP'
- 'SKIP'
- '9085ad181f67ac911918864783a9804af456d33c4631659e6acaaa27987786d7'
- 'c48939a573c12f798e111921ac19ddf22c6e0cdfdc82dbb0b06c975d14a61341')
-
-prepare() {
- cd "${srcdir}/${pkgname}"
- patch -p1 -i "${srcdir}/0001-sbsigntools-fix-autogen.sh-for-build-service.patch"
- patch -p1 -i ../update-openssl-api-usage-to-support-openssl-1.1.patch
-
- git submodule init
- git config submodule."lib/ccan.git".url "${srcdir}/ccan"
- git submodule update
-}
-
-build() {
- cd "${pkgname}"
-
- NOCONFIGURE=1 ./autogen.sh
- ./configure --prefix="/usr" --bindir="/usr/bin" --sbindir="/usr/bin" --libexecdir="/usr/lib" --mandir="/usr/share/man" --sysconfdir="/etc"
- cp "lib/ccan.git/config.h" "lib/ccan/"
- make
-}
-
-package() {
- cd "${pkgname}"
-
- make DESTDIR="${pkgdir}" install
-}
Copied: sbsigntools/repos/extra-x86_64/PKGBUILD (from rev 327440, sbsigntools/trunk/PKGBUILD)
===================================================================
--- PKGBUILD (rev 0)
+++ PKGBUILD 2018-06-22 08:25:46 UTC (rev 327441)
@@ -0,0 +1,44 @@
+# $Id$
+# Maintainer: Tobias Powalowski <tpowa at archlinux.org>
+# Contributor : Mico Tischler <mt-ml at gmx dot net>
+# Contributor : Keshav Amburay <(the ddoott ridikulus ddoott rat) (aatt) (gemmaeiil) (ddoott) (ccoomm)>
+
+pkgname="sbsigntools"
+pkgver=0.9.1
+pkgrel=1
+pkgdesc="Tools to add signatures to EFI binaries and Drivers"
+arch=('x86_64')
+url="https://build.opensuse.org/package/show/home:jejb1:UEFI/sbsigntools"
+license=('GPL3')
+makedepends=('gnu-efi-libs' 'help2man' 'git')
+depends=('libutil-linux' 'openssl')
+source=("git+https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git#tag=v${pkgver}"
+ "git://git.ozlabs.org/~ccan/ccan"
+ "0001-sbsigntools-fix-autogen.sh-for-build-service.patch")
+sha256sums=('SKIP'
+ 'SKIP'
+ '9085ad181f67ac911918864783a9804af456d33c4631659e6acaaa27987786d7')
+
+prepare() {
+ cd "${srcdir}/${pkgname}"
+ patch -p1 -i "${srcdir}/0001-sbsigntools-fix-autogen.sh-for-build-service.patch"
+
+ git submodule init
+ git config submodule."lib/ccan.git".url "${srcdir}/ccan"
+ git submodule update
+}
+
+build() {
+ cd "${pkgname}"
+
+ NOCONFIGURE=1 ./autogen.sh
+ ./configure --prefix="/usr" --bindir="/usr/bin" --sbindir="/usr/bin" --libexecdir="/usr/lib" --mandir="/usr/share/man" --sysconfdir="/etc"
+ cp "lib/ccan.git/config.h" "lib/ccan/"
+ make
+}
+
+package() {
+ cd "${pkgname}"
+
+ make DESTDIR="${pkgdir}" install
+}
Deleted: update-openssl-api-usage-to-support-openssl-1.1.patch
===================================================================
--- update-openssl-api-usage-to-support-openssl-1.1.patch 2018-06-22 08:25:39 UTC (rev 327440)
+++ update-openssl-api-usage-to-support-openssl-1.1.patch 2018-06-22 08:25:46 UTC (rev 327441)
@@ -1,143 +0,0 @@
-Author: Ben Hutchings <ben at decadent.org.uk>
-Date: Sun, 26 Jun 2016 22:04:29 +0200
-Description: Update OpenSSL API usage to support OpenSSL 1.1
- Most structure definitions in OpenSSL are now opaque and we must call
- the appropriate accessor functions to get information from them.
- Not all the accessors are available in older versions, so define the
- missing accessors as macros.
- .
- The X509_retrieve_match() function is no longer usable, as we cannot
- initialise an X509_OBJECT ourselves. Instead, iterate over the
- certificate store and use X509_OBJECT_get_type and X509_cmp to
- compare certificates.
-
---- a/src/sbverify.c
-+++ b/src/sbverify.c
-@@ -55,6 +55,14 @@
- #include <openssl/pem.h>
- #include <openssl/x509v3.h>
-
-+#if OPENSSL_VERSION_NUMBER < 0x10100000L
-+#define X509_OBJECT_get0_X509(obj) ((obj)->data.x509)
-+#define X509_OBJECT_get_type(obj) ((obj)->type)
-+#define X509_STORE_CTX_get0_cert(ctx) ((ctx)->cert)
-+#define X509_STORE_get0_objects(certs) ((certs)->objs)
-+#define X509_get_extended_key_usage(cert) ((cert)->ex_xkusage)
-+#endif
-+
- static const char *toolname = "sbverify";
- static const int cert_name_len = 160;
-
-@@ -123,9 +131,9 @@ static void print_signature_info(PKCS7 *
-
- for (i = 0; i < sk_X509_num(p7->d.sign->cert); i++) {
- cert = sk_X509_value(p7->d.sign->cert, i);
-- X509_NAME_oneline(cert->cert_info->subject,
-+ X509_NAME_oneline(X509_get_subject_name(cert),
- subject_name, cert_name_len);
-- X509_NAME_oneline(cert->cert_info->issuer,
-+ X509_NAME_oneline(X509_get_issuer_name(cert),
- issuer_name, cert_name_len);
-
- printf(" - subject: %s\n", subject_name);
-@@ -136,20 +144,26 @@ static void print_signature_info(PKCS7 *
- static void print_certificate_store_certs(X509_STORE *certs)
- {
- char subject_name[cert_name_len + 1], issuer_name[cert_name_len + 1];
-+ STACK_OF(X509_OBJECT) *objs;
- X509_OBJECT *obj;
-+ X509 *cert;
- int i;
-
- printf("certificate store:\n");
-
-- for (i = 0; i < sk_X509_OBJECT_num(certs->objs); i++) {
-- obj = sk_X509_OBJECT_value(certs->objs, i);
-+ objs = X509_STORE_get0_objects(certs);
-+
-+ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
-+ obj = sk_X509_OBJECT_value(objs, i);
-
-- if (obj->type != X509_LU_X509)
-+ if (X509_OBJECT_get_type(obj) != X509_LU_X509)
- continue;
-
-- X509_NAME_oneline(obj->data.x509->cert_info->subject,
-+ cert = X509_OBJECT_get0_X509(obj);
-+
-+ X509_NAME_oneline(X509_get_subject_name(cert),
- subject_name, cert_name_len);
-- X509_NAME_oneline(obj->data.x509->cert_info->issuer,
-+ X509_NAME_oneline(X509_get_issuer_name(cert),
- issuer_name, cert_name_len);
-
- printf(" - subject: %s\n", subject_name);
-@@ -182,12 +196,21 @@ static int load_detached_signature_data(
-
- static int cert_in_store(X509 *cert, X509_STORE_CTX *ctx)
- {
-- X509_OBJECT obj;
-+ STACK_OF(X509_OBJECT) *objs;
-+ X509_OBJECT *obj;
-+ int i;
-+
-+ objs = X509_STORE_get0_objects(X509_STORE_CTX_get0_store(ctx));
-
-- obj.type = X509_LU_X509;
-- obj.data.x509 = cert;
-+ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
-+ obj = sk_X509_OBJECT_value(objs, i);
-
-- return X509_OBJECT_retrieve_match(ctx->ctx->objs, &obj) != NULL;
-+ if (X509_OBJECT_get_type(obj) == X509_LU_X509 &&
-+ !X509_cmp(X509_OBJECT_get0_X509(obj), cert))
-+ return 1;
-+ }
-+
-+ return 0;
- }
-
- static int x509_verify_cb(int status, X509_STORE_CTX *ctx)
-@@ -195,8 +218,9 @@ static int x509_verify_cb(int status, X5
- int err = X509_STORE_CTX_get_error(ctx);
-
- /* also accept code-signing keys */
-- if (err == X509_V_ERR_INVALID_PURPOSE
-- && ctx->cert->ex_xkusage == XKU_CODE_SIGN)
-+ if (err == X509_V_ERR_INVALID_PURPOSE &&
-+ X509_get_extended_key_usage(X509_STORE_CTX_get0_cert(ctx))
-+ == XKU_CODE_SIGN)
- status = 1;
-
- /* all certs given with the --cert argument are trusted */
-@@ -204,7 +228,7 @@ static int x509_verify_cb(int status, X5
- err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT ||
- err == X509_V_ERR_CERT_UNTRUSTED) {
-
-- if (cert_in_store(ctx->current_cert, ctx))
-+ if (cert_in_store(X509_STORE_CTX_get_current_cert(ctx), ctx))
- status = 1;
- }
- /* UEFI doesn't care about expired signatures, so we shouldn't either. */
---- a/src/sbkeysync.c
-+++ b/src/sbkeysync.c
-@@ -204,16 +204,15 @@ static int x509_key_parse(struct key *ke
- return -1;
-
- /* we use the X509 serial number as the key ID */
-- if (!x509->cert_info || !x509->cert_info->serialNumber)
-+ serial = X509_get_serialNumber(x509);
-+ if (!serial)
- goto out;
-
-- serial = x509->cert_info->serialNumber;
--
- key->id_len = ASN1_STRING_length(serial);
- key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len);
-
- key->description = talloc_array(key, char, description_len);
-- X509_NAME_oneline(x509->cert_info->subject,
-+ X509_NAME_oneline(X509_get_subject_name(x509),
- key->description, description_len);
-
- rc = 0;
Copied: sbsigntools/repos/extra-x86_64/update-openssl-api-usage-to-support-openssl-1.1.patch (from rev 327440, sbsigntools/trunk/update-openssl-api-usage-to-support-openssl-1.1.patch)
===================================================================
--- update-openssl-api-usage-to-support-openssl-1.1.patch (rev 0)
+++ update-openssl-api-usage-to-support-openssl-1.1.patch 2018-06-22 08:25:46 UTC (rev 327441)
@@ -0,0 +1,143 @@
+Author: Ben Hutchings <ben at decadent.org.uk>
+Date: Sun, 26 Jun 2016 22:04:29 +0200
+Description: Update OpenSSL API usage to support OpenSSL 1.1
+ Most structure definitions in OpenSSL are now opaque and we must call
+ the appropriate accessor functions to get information from them.
+ Not all the accessors are available in older versions, so define the
+ missing accessors as macros.
+ .
+ The X509_retrieve_match() function is no longer usable, as we cannot
+ initialise an X509_OBJECT ourselves. Instead, iterate over the
+ certificate store and use X509_OBJECT_get_type and X509_cmp to
+ compare certificates.
+
+--- a/src/sbverify.c
++++ b/src/sbverify.c
+@@ -55,6 +55,14 @@
+ #include <openssl/pem.h>
+ #include <openssl/x509v3.h>
+
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#define X509_OBJECT_get0_X509(obj) ((obj)->data.x509)
++#define X509_OBJECT_get_type(obj) ((obj)->type)
++#define X509_STORE_CTX_get0_cert(ctx) ((ctx)->cert)
++#define X509_STORE_get0_objects(certs) ((certs)->objs)
++#define X509_get_extended_key_usage(cert) ((cert)->ex_xkusage)
++#endif
++
+ static const char *toolname = "sbverify";
+ static const int cert_name_len = 160;
+
+@@ -123,9 +131,9 @@ static void print_signature_info(PKCS7 *
+
+ for (i = 0; i < sk_X509_num(p7->d.sign->cert); i++) {
+ cert = sk_X509_value(p7->d.sign->cert, i);
+- X509_NAME_oneline(cert->cert_info->subject,
++ X509_NAME_oneline(X509_get_subject_name(cert),
+ subject_name, cert_name_len);
+- X509_NAME_oneline(cert->cert_info->issuer,
++ X509_NAME_oneline(X509_get_issuer_name(cert),
+ issuer_name, cert_name_len);
+
+ printf(" - subject: %s\n", subject_name);
+@@ -136,20 +144,26 @@ static void print_signature_info(PKCS7 *
+ static void print_certificate_store_certs(X509_STORE *certs)
+ {
+ char subject_name[cert_name_len + 1], issuer_name[cert_name_len + 1];
++ STACK_OF(X509_OBJECT) *objs;
+ X509_OBJECT *obj;
++ X509 *cert;
+ int i;
+
+ printf("certificate store:\n");
+
+- for (i = 0; i < sk_X509_OBJECT_num(certs->objs); i++) {
+- obj = sk_X509_OBJECT_value(certs->objs, i);
++ objs = X509_STORE_get0_objects(certs);
++
++ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
++ obj = sk_X509_OBJECT_value(objs, i);
+
+- if (obj->type != X509_LU_X509)
++ if (X509_OBJECT_get_type(obj) != X509_LU_X509)
+ continue;
+
+- X509_NAME_oneline(obj->data.x509->cert_info->subject,
++ cert = X509_OBJECT_get0_X509(obj);
++
++ X509_NAME_oneline(X509_get_subject_name(cert),
+ subject_name, cert_name_len);
+- X509_NAME_oneline(obj->data.x509->cert_info->issuer,
++ X509_NAME_oneline(X509_get_issuer_name(cert),
+ issuer_name, cert_name_len);
+
+ printf(" - subject: %s\n", subject_name);
+@@ -182,12 +196,21 @@ static int load_detached_signature_data(
+
+ static int cert_in_store(X509 *cert, X509_STORE_CTX *ctx)
+ {
+- X509_OBJECT obj;
++ STACK_OF(X509_OBJECT) *objs;
++ X509_OBJECT *obj;
++ int i;
++
++ objs = X509_STORE_get0_objects(X509_STORE_CTX_get0_store(ctx));
+
+- obj.type = X509_LU_X509;
+- obj.data.x509 = cert;
++ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
++ obj = sk_X509_OBJECT_value(objs, i);
+
+- return X509_OBJECT_retrieve_match(ctx->ctx->objs, &obj) != NULL;
++ if (X509_OBJECT_get_type(obj) == X509_LU_X509 &&
++ !X509_cmp(X509_OBJECT_get0_X509(obj), cert))
++ return 1;
++ }
++
++ return 0;
+ }
+
+ static int x509_verify_cb(int status, X509_STORE_CTX *ctx)
+@@ -195,8 +218,9 @@ static int x509_verify_cb(int status, X5
+ int err = X509_STORE_CTX_get_error(ctx);
+
+ /* also accept code-signing keys */
+- if (err == X509_V_ERR_INVALID_PURPOSE
+- && ctx->cert->ex_xkusage == XKU_CODE_SIGN)
++ if (err == X509_V_ERR_INVALID_PURPOSE &&
++ X509_get_extended_key_usage(X509_STORE_CTX_get0_cert(ctx))
++ == XKU_CODE_SIGN)
+ status = 1;
+
+ /* all certs given with the --cert argument are trusted */
+@@ -204,7 +228,7 @@ static int x509_verify_cb(int status, X5
+ err == X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT ||
+ err == X509_V_ERR_CERT_UNTRUSTED) {
+
+- if (cert_in_store(ctx->current_cert, ctx))
++ if (cert_in_store(X509_STORE_CTX_get_current_cert(ctx), ctx))
+ status = 1;
+ }
+ /* UEFI doesn't care about expired signatures, so we shouldn't either. */
+--- a/src/sbkeysync.c
++++ b/src/sbkeysync.c
+@@ -204,16 +204,15 @@ static int x509_key_parse(struct key *ke
+ return -1;
+
+ /* we use the X509 serial number as the key ID */
+- if (!x509->cert_info || !x509->cert_info->serialNumber)
++ serial = X509_get_serialNumber(x509);
++ if (!serial)
+ goto out;
+
+- serial = x509->cert_info->serialNumber;
+-
+ key->id_len = ASN1_STRING_length(serial);
+ key->id = talloc_memdup(key, ASN1_STRING_data(serial), key->id_len);
+
+ key->description = talloc_array(key, char, description_len);
+- X509_NAME_oneline(x509->cert_info->subject,
++ X509_NAME_oneline(X509_get_subject_name(x509),
+ key->description, description_len);
+
+ rc = 0;
More information about the arch-commits
mailing list