diff options
author | Jory Pratt <anarchy@gentoo.org> | 2019-04-22 17:22:49 -0500 |
---|---|---|
committer | Jory Pratt <anarchy@gentoo.org> | 2019-04-22 17:22:49 -0500 |
commit | 207feedb0bfcc3c887bba2877f5c67a97e8d4d5e (patch) | |
tree | d6ac25381e415f357eb80853b041335d0d5e7e0d | |
parent | dev-libs/libgpg-error: Fixed in main tree (diff) | |
download | anarchy-207feedb0bfcc3c887bba2877f5c67a97e8d4d5e.tar.gz anarchy-207feedb0bfcc3c887bba2877f5c67a97e8d4d5e.tar.bz2 anarchy-207feedb0bfcc3c887bba2877f5c67a97e8d4d5e.zip |
sys-apps/kmod: Add libressl fixes to local overlay
Signed-off-by: Jory Pratt <anarchy@gentoo.org>
-rw-r--r-- | sys-apps/kmod/Manifest | 5 | ||||
-rw-r--r-- | sys-apps/kmod/files/kmod-26-libressl.patch | 186 | ||||
-rw-r--r-- | sys-apps/kmod/files/kmod-static-nodes-r1 | 18 | ||||
-rw-r--r-- | sys-apps/kmod/kmod-26-r1.ebuild | 200 | ||||
-rw-r--r-- | sys-apps/kmod/metadata.xml | 16 |
5 files changed, 425 insertions, 0 deletions
diff --git a/sys-apps/kmod/Manifest b/sys-apps/kmod/Manifest new file mode 100644 index 0000000..690174c --- /dev/null +++ b/sys-apps/kmod/Manifest @@ -0,0 +1,5 @@ +AUX kmod-26-libressl.patch 4641 BLAKE2B 0d1e20249e001729abfaaedf9cc16a30b470f449fd53cd276c1f8bd8ff56f69f0d2a8405a43f4792adc7fcdb1a1dedf45c5abe15982de22cea969478515f4766 SHA512 daeabca7dc3e53b72e9631d32b96b549e3b40e745015cf063b61aca6e01aa7f73f0159fcbe11492d94be8a328ee416f8b4eb2675a419eb0c4a8425da42c1d8a2 +AUX kmod-static-nodes-r1 497 BLAKE2B eced5e152e017fa01abad98083031c1439c854b73cfc6b186f0b18ad0f65b61385e2d51e4ba649026e9d04774d1aa6db4b9a6c487554a4eb6417fa575da5b924 SHA512 4020c75d20260d66e0158b8bc53eb8c340d4b2f60ff703467c968734cf96c2c511764f2c983062d77924858b3269e3d421f8440a8e3591eb372ac1f5aa8d4b8f +DIST kmod-26.tar.xz 552032 BLAKE2B 3e596d06b48599bf4919346475a036b058fb18a7b19d39953e24fa943b95fdbe34a29a5062f6b4fe3510e667ae873d3b9ae03b72350fa85ddbb40ca6a7730b34 SHA512 3ca276c6fc13c2dd2220ec528b8dc4ab4edee5d2b22e16b6f945c552e51f74342c01c33a53740e6af8c893d42bd4d6f629cd8fa6e15ef8bd8da30cb003ef0865 +EBUILD kmod-26-r1.ebuild 5129 BLAKE2B f44ee8421b3c130a73cc84939e1e39fa324c9603a7816273d2f7a00a508175f0b58b4960fb66f2db54b4fb56954ef6098bcbba5a67c0e07f8c25ba842ebf21a8 SHA512 8df7808e8ec34be0528077ac69c5a939c2aa09bb442f48a799ad7ff8a6859080192ca04b97f6d045204c2ee891885b82ee7c3bffa33cf30fad4cdef3ea6f2251 +MISC metadata.xml 540 BLAKE2B ec5ee262fe76215688d99e32778848e71de5825f488eea2219e076290e020aa86de6138ab8366d5e077d44797789a27c22fea1c64f9c6e2713cf315b4b891455 SHA512 c4f47a77dfa7bc4cbaa61744fc46c5547763b51b48521cd229ac89680325ecbf415bd9e1ce9c71982ea721d0d5c4cf3677a0f70e8dad65235f523840cd14de94 diff --git a/sys-apps/kmod/files/kmod-26-libressl.patch b/sys-apps/kmod/files/kmod-26-libressl.patch new file mode 100644 index 0000000..7d70ed2 --- /dev/null +++ b/sys-apps/kmod/files/kmod-26-libressl.patch @@ -0,0 +1,186 @@ +From fd8b59fb8c576751aef6d59dd5ab208baee2ad49 Mon Sep 17 00:00:00 2001 +From: Stefan Strogin <stefan.strogin@gmail.com> +Date: Fri, 15 Feb 2019 05:34:55 +0200 +Subject: [PATCH] libkmod-signature: use PKCS7 for LibreSSL or older OpenSSL + +Linux kernel uses either PKCS #7 or CMS signing modules (scripts/sign-file.c). +CMS is not supported by LibreSSL, PKCS #7 is used instead. +For now modinfo used CMS with no altenative requiring >=openssl-1.1.0 +built with CMS support. + +Use PKCS #7 for parsing module signature information when CMS is not available. + +Upstream-Status: Submitted [https://patchwork.kernel.org/patch/10814147/] +Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com> +--- + libkmod/libkmod-signature.c | 78 +++++++++++++++++++++++++++++++++++-- + 1 file changed, 75 insertions(+), 3 deletions(-) + +diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c +index 48d0145..aa2a60e 100644 +--- a/libkmod/libkmod-signature.c ++++ b/libkmod/libkmod-signature.c +@@ -20,9 +20,16 @@ + #include <endian.h> + #include <inttypes.h> + #ifdef ENABLE_OPENSSL +-#include <openssl/cms.h> +-#include <openssl/ssl.h> +-#endif ++# include <openssl/ssl.h> ++# if defined(LIBRESSL_VERSION_NUMBER) || \ ++ OPENSSL_VERSION_NUMBER < 0x10100000L || \ ++ defined(OPENSSL_NO_CMS) ++# define USE_PKCS7 ++# include <openssl/pkcs7.h> ++# else ++# include <openssl/cms.h> ++# endif /* LIBRESSL_VERSION_NUMBER */ ++#endif /* ENABLE_OPENSSL */ + #include <stdio.h> + #include <stdlib.h> + #include <string.h> +@@ -122,7 +129,11 @@ static bool fill_default(const char *mem, off_t size, + #ifdef ENABLE_OPENSSL + + struct pkcs7_private { ++#ifndef USE_PKCS7 + CMS_ContentInfo *cms; ++#else ++ PKCS7 *pkcs7; ++#endif + unsigned char *key_id; + BIGNUM *sno; + }; +@@ -132,7 +143,11 @@ static void pkcs7_free(void *s) + struct kmod_signature_info *si = s; + struct pkcs7_private *pvt = si->private; + ++#ifndef USE_PKCS7 + CMS_ContentInfo_free(pvt->cms); ++#else ++ PKCS7_free(pvt->pkcs7); ++#endif + BN_free(pvt->sno); + free(pvt->key_id); + free(pvt); +@@ -187,7 +202,13 @@ static const char *x509_name_to_str(X509_NAME *name) + return NULL; + + d = X509_NAME_ENTRY_get_data(e); ++#if (defined(LIBRESSL_VERSION_NUMBER) && \ ++ LIBRESSL_VERSION_NUMBER < 0x20700000L) || \ ++ OPENSSL_VERSION_NUMBER < 0x10100000L ++ str = (const char *)ASN1_STRING_data(d); ++#else + str = (const char *)ASN1_STRING_get0_data(d); ++#endif + + return str; + } +@@ -197,11 +218,18 @@ static bool fill_pkcs7(const char *mem, off_t size, + struct kmod_signature_info *sig_info) + { + const char *pkcs7_raw; ++#ifndef USE_PKCS7 + CMS_ContentInfo *cms; + STACK_OF(CMS_SignerInfo) *sis; + CMS_SignerInfo *si; + int rc; + ASN1_OCTET_STRING *key_id; ++#else ++ PKCS7 *pkcs7; ++ STACK_OF(PKCS7_SIGNER_INFO) *sis; ++ PKCS7_SIGNER_INFO *si; ++ PKCS7_ISSUER_AND_SERIAL *is; ++#endif + X509_NAME *issuer; + ASN1_INTEGER *sno; + ASN1_OCTET_STRING *sig; +@@ -220,14 +248,23 @@ static bool fill_pkcs7(const char *mem, off_t size, + + in = BIO_new_mem_buf(pkcs7_raw, sig_len); + ++#ifndef USE_PKCS7 + cms = d2i_CMS_bio(in, NULL); + if (cms == NULL) { + BIO_free(in); + return false; + } ++#else ++ pkcs7 = d2i_PKCS7_bio(in, NULL); ++ if (pkcs7 == NULL) { ++ BIO_free(in); ++ return false; ++ } ++#endif + + BIO_free(in); + ++#ifndef USE_PKCS7 + sis = CMS_get0_SignerInfos(cms); + if (sis == NULL) + goto err; +@@ -245,8 +282,35 @@ static bool fill_pkcs7(const char *mem, off_t size, + goto err; + + CMS_SignerInfo_get0_algs(si, NULL, NULL, &dig_alg, &sig_alg); ++#else ++ sis = PKCS7_get_signer_info(pkcs7); ++ if (sis == NULL) ++ goto err; ++ ++ si = sk_PKCS7_SIGNER_INFO_value(sis, 0); ++ if (si == NULL) ++ goto err; ++ ++ is = si->issuer_and_serial; ++ if (is == NULL) ++ goto err; ++ issuer = is->issuer; ++ sno = is->serial; ++ ++ sig = si->enc_digest; ++ if (sig == NULL) ++ goto err; ++ ++ PKCS7_SIGNER_INFO_get0_algs(si, NULL, &dig_alg, &sig_alg); ++#endif + ++#if (defined(LIBRESSL_VERSION_NUMBER) && \ ++ LIBRESSL_VERSION_NUMBER < 0x20700000L) || \ ++ OPENSSL_VERSION_NUMBER < 0x10100000L ++ sig_info->sig = (const char *)ASN1_STRING_data(sig); ++#else + sig_info->sig = (const char *)ASN1_STRING_get0_data(sig); ++#endif + sig_info->sig_len = ASN1_STRING_length(sig); + + sno_bn = ASN1_INTEGER_to_BN(sno, NULL); +@@ -277,7 +341,11 @@ static bool fill_pkcs7(const char *mem, off_t size, + if (pvt == NULL) + goto err3; + ++#ifndef USE_PKCS7 + pvt->cms = cms; ++#else ++ pvt->pkcs7 = pkcs7; ++#endif + pvt->key_id = key_id_str; + pvt->sno = sno_bn; + sig_info->private = pvt; +@@ -290,7 +358,11 @@ err3: + err2: + BN_free(sno_bn); + err: ++#ifndef USE_PKCS7 + CMS_ContentInfo_free(cms); ++#else ++ PKCS7_free(pkcs7); ++#endif + return false; + } + +-- +2.20.1 + diff --git a/sys-apps/kmod/files/kmod-static-nodes-r1 b/sys-apps/kmod/files/kmod-static-nodes-r1 new file mode 100644 index 0000000..9362f28 --- /dev/null +++ b/sys-apps/kmod/files/kmod-static-nodes-r1 @@ -0,0 +1,18 @@ +#!/sbin/openrc-run +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +description="Create list of required static device nodes for the current kernel" + +depend() { + after dev-mount + before tmpfiles.dev dev + keyword -lxc -systemd-nspawn +} + +start() { + ebegin "Creating list of required static device nodes for the current kernel" + checkpath -q -d /run/tmpfiles.d + kmod static-nodes --format=tmpfiles --output=/run/tmpfiles.d/kmod.conf + eend $? +} diff --git a/sys-apps/kmod/kmod-26-r1.ebuild b/sys-apps/kmod/kmod-26-r1.ebuild new file mode 100644 index 0000000..2752b85 --- /dev/null +++ b/sys-apps/kmod/kmod-26-r1.ebuild @@ -0,0 +1,200 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 + +PYTHON_COMPAT=( python{2_7,3_{4,5,6,7}} ) + +inherit bash-completion-r1 multilib python-r1 + +if [[ ${PV} == 9999* ]]; then + EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/kernel/${PN}/${PN}.git" + inherit autotools git-r3 +else + SRC_URI="mirror://kernel/linux/utils/kernel/kmod/${P}.tar.xz" + KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86" + inherit libtool +fi + +DESCRIPTION="library and tools for managing linux kernel modules" +HOMEPAGE="https://git.kernel.org/?p=utils/kernel/kmod/kmod.git" + +LICENSE="LGPL-2" +SLOT="0" +IUSE="debug doc libressl lzma python ssl static-libs +tools zlib" + +# Upstream does not support running the test suite with custom configure flags. +# I was also told that the test suite is intended for kmod developers. +# So we have to restrict it. +# See bug #408915. +RESTRICT="test" + +# Block systemd below 217 for -static-nodes-indicate-that-creation-of-static-nodes-.patch +RDEPEND="!sys-apps/module-init-tools + !sys-apps/modutils + !<sys-apps/openrc-0.13.8 + !<sys-apps/systemd-216-r3 + lzma? ( >=app-arch/xz-utils-5.0.4-r1 ) + python? ( ${PYTHON_DEPS} ) + ssl? ( + !libressl? ( >=dev-libs/openssl-1.1.0:0= ) + libressl? ( dev-libs/libressl:0= ) + ) + zlib? ( >=sys-libs/zlib-1.2.6 )" #427130 +DEPEND="${RDEPEND} + doc? ( dev-util/gtk-doc ) + lzma? ( virtual/pkgconfig ) + python? ( + dev-python/cython[${PYTHON_USEDEP}] + virtual/pkgconfig + ) + zlib? ( virtual/pkgconfig )" +if [[ ${PV} == 9999* ]]; then + DEPEND="${DEPEND} + dev-libs/libxslt" +fi + +REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )" + +DOCS="NEWS README TODO" + +PATCHES=( + "${FILESDIR}/${P}-libressl.patch" # bug 677960 +) + +src_prepare() { + default + + if [[ ! -e configure ]] ; then + if use doc; then + gtkdocize --copy --docdir libkmod/docs || die + else + touch libkmod/docs/gtk-doc.make + fi + eautoreconf + else + elibtoolize + fi + + # Restore possibility of running --enable-static wrt #472608 + sed -i \ + -e '/--enable-static is not supported by kmod/s:as_fn_error:echo:' \ + configure || die +} + +src_configure() { + local myeconfargs=( + --bindir="${EPREFIX}/bin" + --enable-shared + --with-bashcompletiondir="$(get_bashcompdir)" + --with-rootlibdir="${EPREFIX}/$(get_libdir)" + $(use_enable debug) + $(use_enable doc gtk-doc) + $(use_enable static-libs static) + $(use_enable tools) + $(use_with lzma xz) + $(use_with ssl openssl) + $(use_with zlib) + ) + + local ECONF_SOURCE="${S}" + + kmod_configure() { + mkdir -p "${BUILD_DIR}" || die + run_in_build_dir econf "${myeconfargs[@]}" "$@" + } + + BUILD_DIR="${WORKDIR}/build" + kmod_configure --disable-python + + if use python; then + python_foreach_impl kmod_configure --enable-python + fi +} + +src_compile() { + emake -C "${BUILD_DIR}" + + if use python; then + local native_builddir=${BUILD_DIR} + + python_compile() { + emake -C "${BUILD_DIR}" -f Makefile -f - python \ + VPATH="${native_builddir}:${S}" \ + native_builddir="${native_builddir}" \ + libkmod_python_kmod_{kmod,list,module,_util}_la_LIBADD='$(PYTHON_LIBS) $(native_builddir)/libkmod/libkmod.la' \ + <<< 'python: $(pkgpyexec_LTLIBRARIES)' + } + + python_foreach_impl python_compile + fi +} + +src_install() { + emake -C "${BUILD_DIR}" DESTDIR="${D}" install + einstalldocs + + if use python; then + local native_builddir=${BUILD_DIR} + + python_install() { + emake -C "${BUILD_DIR}" DESTDIR="${D}" \ + VPATH="${native_builddir}:${S}" \ + install-pkgpyexecLTLIBRARIES \ + install-dist_pkgpyexecPYTHON + } + + python_foreach_impl python_install + fi + + find "${ED}" -name "*.la" -delete || die + + if use tools; then + local bincmd sbincmd + for sbincmd in depmod insmod lsmod modinfo modprobe rmmod; do + dosym ../bin/kmod /sbin/${sbincmd} + done + + # These are also usable as normal user + for bincmd in lsmod modinfo; do + dosym kmod /bin/${bincmd} + done + fi + + cat <<-EOF > "${T}"/usb-load-ehci-first.conf + softdep uhci_hcd pre: ehci_hcd + softdep ohci_hcd pre: ehci_hcd + EOF + + insinto /lib/modprobe.d + doins "${T}"/usb-load-ehci-first.conf #260139 + + newinitd "${FILESDIR}"/kmod-static-nodes-r1 kmod-static-nodes +} + +pkg_postinst() { + if [[ -L ${EROOT%/}/etc/runlevels/boot/static-nodes ]]; then + ewarn "Removing old conflicting static-nodes init script from the boot runlevel" + rm -f "${EROOT%/}"/etc/runlevels/boot/static-nodes + fi + + # Add kmod to the runlevel automatically if this is the first install of this package. + if [[ -z ${REPLACING_VERSIONS} ]]; then + if [[ ! -d ${EROOT%/}/etc/runlevels/sysinit ]]; then + mkdir -p "${EROOT%/}"/etc/runlevels/sysinit + fi + if [[ -x ${EROOT%/}/etc/init.d/kmod-static-nodes ]]; then + ln -s /etc/init.d/kmod-static-nodes "${EROOT%/}"/etc/runlevels/sysinit/kmod-static-nodes + fi + fi + + if [[ -e ${EROOT%/}/etc/runlevels/sysinit ]]; then + if [[ ! -e ${EROOT%/}/etc/runlevels/sysinit/kmod-static-nodes ]]; then + ewarn + ewarn "You need to add kmod-static-nodes to the sysinit runlevel for" + ewarn "kernel modules to have required static nodes!" + ewarn "Run this command:" + ewarn "\trc-update add kmod-static-nodes sysinit" + fi + fi +} diff --git a/sys-apps/kmod/metadata.xml b/sys-apps/kmod/metadata.xml new file mode 100644 index 0000000..188bf47 --- /dev/null +++ b/sys-apps/kmod/metadata.xml @@ -0,0 +1,16 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd"> +<pkgmetadata> +<maintainer type="project"> + <email>udev-bugs@gentoo.org</email> +</maintainer> +<maintainer type="project"> + <email>base-system@gentoo.org</email> + <name>Gentoo Base System</name> +</maintainer> +<use> + <flag name="lzma">Enable support for XZ compressed modules</flag> + <flag name="tools">Install module loading/unloading tools.</flag> + <flag name="zlib">Enable support for gzipped modules</flag> +</use> +</pkgmetadata> |