summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJory Pratt <anarchy@gentoo.org>2019-04-22 17:22:49 -0500
committerJory Pratt <anarchy@gentoo.org>2019-04-22 17:22:49 -0500
commit207feedb0bfcc3c887bba2877f5c67a97e8d4d5e (patch)
treed6ac25381e415f357eb80853b041335d0d5e7e0d
parentdev-libs/libgpg-error: Fixed in main tree (diff)
downloadanarchy-207feedb0bfcc3c887bba2877f5c67a97e8d4d5e.tar.gz
anarchy-207feedb0bfcc3c887bba2877f5c67a97e8d4d5e.tar.bz2
anarchy-207feedb0bfcc3c887bba2877f5c67a97e8d4d5e.zip
sys-apps/kmod: Add libressl fixes to local overlay
Signed-off-by: Jory Pratt <anarchy@gentoo.org>
-rw-r--r--sys-apps/kmod/Manifest5
-rw-r--r--sys-apps/kmod/files/kmod-26-libressl.patch186
-rw-r--r--sys-apps/kmod/files/kmod-static-nodes-r118
-rw-r--r--sys-apps/kmod/kmod-26-r1.ebuild200
-rw-r--r--sys-apps/kmod/metadata.xml16
5 files changed, 425 insertions, 0 deletions
diff --git a/sys-apps/kmod/Manifest b/sys-apps/kmod/Manifest
new file mode 100644
index 0000000..690174c
--- /dev/null
+++ b/sys-apps/kmod/Manifest
@@ -0,0 +1,5 @@
+AUX kmod-26-libressl.patch 4641 BLAKE2B 0d1e20249e001729abfaaedf9cc16a30b470f449fd53cd276c1f8bd8ff56f69f0d2a8405a43f4792adc7fcdb1a1dedf45c5abe15982de22cea969478515f4766 SHA512 daeabca7dc3e53b72e9631d32b96b549e3b40e745015cf063b61aca6e01aa7f73f0159fcbe11492d94be8a328ee416f8b4eb2675a419eb0c4a8425da42c1d8a2
+AUX kmod-static-nodes-r1 497 BLAKE2B eced5e152e017fa01abad98083031c1439c854b73cfc6b186f0b18ad0f65b61385e2d51e4ba649026e9d04774d1aa6db4b9a6c487554a4eb6417fa575da5b924 SHA512 4020c75d20260d66e0158b8bc53eb8c340d4b2f60ff703467c968734cf96c2c511764f2c983062d77924858b3269e3d421f8440a8e3591eb372ac1f5aa8d4b8f
+DIST kmod-26.tar.xz 552032 BLAKE2B 3e596d06b48599bf4919346475a036b058fb18a7b19d39953e24fa943b95fdbe34a29a5062f6b4fe3510e667ae873d3b9ae03b72350fa85ddbb40ca6a7730b34 SHA512 3ca276c6fc13c2dd2220ec528b8dc4ab4edee5d2b22e16b6f945c552e51f74342c01c33a53740e6af8c893d42bd4d6f629cd8fa6e15ef8bd8da30cb003ef0865
+EBUILD kmod-26-r1.ebuild 5129 BLAKE2B f44ee8421b3c130a73cc84939e1e39fa324c9603a7816273d2f7a00a508175f0b58b4960fb66f2db54b4fb56954ef6098bcbba5a67c0e07f8c25ba842ebf21a8 SHA512 8df7808e8ec34be0528077ac69c5a939c2aa09bb442f48a799ad7ff8a6859080192ca04b97f6d045204c2ee891885b82ee7c3bffa33cf30fad4cdef3ea6f2251
+MISC metadata.xml 540 BLAKE2B ec5ee262fe76215688d99e32778848e71de5825f488eea2219e076290e020aa86de6138ab8366d5e077d44797789a27c22fea1c64f9c6e2713cf315b4b891455 SHA512 c4f47a77dfa7bc4cbaa61744fc46c5547763b51b48521cd229ac89680325ecbf415bd9e1ce9c71982ea721d0d5c4cf3677a0f70e8dad65235f523840cd14de94
diff --git a/sys-apps/kmod/files/kmod-26-libressl.patch b/sys-apps/kmod/files/kmod-26-libressl.patch
new file mode 100644
index 0000000..7d70ed2
--- /dev/null
+++ b/sys-apps/kmod/files/kmod-26-libressl.patch
@@ -0,0 +1,186 @@
+From fd8b59fb8c576751aef6d59dd5ab208baee2ad49 Mon Sep 17 00:00:00 2001
+From: Stefan Strogin <stefan.strogin@gmail.com>
+Date: Fri, 15 Feb 2019 05:34:55 +0200
+Subject: [PATCH] libkmod-signature: use PKCS7 for LibreSSL or older OpenSSL
+
+Linux kernel uses either PKCS #7 or CMS signing modules (scripts/sign-file.c).
+CMS is not supported by LibreSSL, PKCS #7 is used instead.
+For now modinfo used CMS with no altenative requiring >=openssl-1.1.0
+built with CMS support.
+
+Use PKCS #7 for parsing module signature information when CMS is not available.
+
+Upstream-Status: Submitted [https://patchwork.kernel.org/patch/10814147/]
+Signed-off-by: Stefan Strogin <stefan.strogin@gmail.com>
+---
+ libkmod/libkmod-signature.c | 78 +++++++++++++++++++++++++++++++++++--
+ 1 file changed, 75 insertions(+), 3 deletions(-)
+
+diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
+index 48d0145..aa2a60e 100644
+--- a/libkmod/libkmod-signature.c
++++ b/libkmod/libkmod-signature.c
+@@ -20,9 +20,16 @@
+ #include <endian.h>
+ #include <inttypes.h>
+ #ifdef ENABLE_OPENSSL
+-#include <openssl/cms.h>
+-#include <openssl/ssl.h>
+-#endif
++# include <openssl/ssl.h>
++# if defined(LIBRESSL_VERSION_NUMBER) || \
++ OPENSSL_VERSION_NUMBER < 0x10100000L || \
++ defined(OPENSSL_NO_CMS)
++# define USE_PKCS7
++# include <openssl/pkcs7.h>
++# else
++# include <openssl/cms.h>
++# endif /* LIBRESSL_VERSION_NUMBER */
++#endif /* ENABLE_OPENSSL */
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -122,7 +129,11 @@ static bool fill_default(const char *mem, off_t size,
+ #ifdef ENABLE_OPENSSL
+
+ struct pkcs7_private {
++#ifndef USE_PKCS7
+ CMS_ContentInfo *cms;
++#else
++ PKCS7 *pkcs7;
++#endif
+ unsigned char *key_id;
+ BIGNUM *sno;
+ };
+@@ -132,7 +143,11 @@ static void pkcs7_free(void *s)
+ struct kmod_signature_info *si = s;
+ struct pkcs7_private *pvt = si->private;
+
++#ifndef USE_PKCS7
+ CMS_ContentInfo_free(pvt->cms);
++#else
++ PKCS7_free(pvt->pkcs7);
++#endif
+ BN_free(pvt->sno);
+ free(pvt->key_id);
+ free(pvt);
+@@ -187,7 +202,13 @@ static const char *x509_name_to_str(X509_NAME *name)
+ return NULL;
+
+ d = X509_NAME_ENTRY_get_data(e);
++#if (defined(LIBRESSL_VERSION_NUMBER) && \
++ LIBRESSL_VERSION_NUMBER < 0x20700000L) || \
++ OPENSSL_VERSION_NUMBER < 0x10100000L
++ str = (const char *)ASN1_STRING_data(d);
++#else
+ str = (const char *)ASN1_STRING_get0_data(d);
++#endif
+
+ return str;
+ }
+@@ -197,11 +218,18 @@ static bool fill_pkcs7(const char *mem, off_t size,
+ struct kmod_signature_info *sig_info)
+ {
+ const char *pkcs7_raw;
++#ifndef USE_PKCS7
+ CMS_ContentInfo *cms;
+ STACK_OF(CMS_SignerInfo) *sis;
+ CMS_SignerInfo *si;
+ int rc;
+ ASN1_OCTET_STRING *key_id;
++#else
++ PKCS7 *pkcs7;
++ STACK_OF(PKCS7_SIGNER_INFO) *sis;
++ PKCS7_SIGNER_INFO *si;
++ PKCS7_ISSUER_AND_SERIAL *is;
++#endif
+ X509_NAME *issuer;
+ ASN1_INTEGER *sno;
+ ASN1_OCTET_STRING *sig;
+@@ -220,14 +248,23 @@ static bool fill_pkcs7(const char *mem, off_t size,
+
+ in = BIO_new_mem_buf(pkcs7_raw, sig_len);
+
++#ifndef USE_PKCS7
+ cms = d2i_CMS_bio(in, NULL);
+ if (cms == NULL) {
+ BIO_free(in);
+ return false;
+ }
++#else
++ pkcs7 = d2i_PKCS7_bio(in, NULL);
++ if (pkcs7 == NULL) {
++ BIO_free(in);
++ return false;
++ }
++#endif
+
+ BIO_free(in);
+
++#ifndef USE_PKCS7
+ sis = CMS_get0_SignerInfos(cms);
+ if (sis == NULL)
+ goto err;
+@@ -245,8 +282,35 @@ static bool fill_pkcs7(const char *mem, off_t size,
+ goto err;
+
+ CMS_SignerInfo_get0_algs(si, NULL, NULL, &dig_alg, &sig_alg);
++#else
++ sis = PKCS7_get_signer_info(pkcs7);
++ if (sis == NULL)
++ goto err;
++
++ si = sk_PKCS7_SIGNER_INFO_value(sis, 0);
++ if (si == NULL)
++ goto err;
++
++ is = si->issuer_and_serial;
++ if (is == NULL)
++ goto err;
++ issuer = is->issuer;
++ sno = is->serial;
++
++ sig = si->enc_digest;
++ if (sig == NULL)
++ goto err;
++
++ PKCS7_SIGNER_INFO_get0_algs(si, NULL, &dig_alg, &sig_alg);
++#endif
+
++#if (defined(LIBRESSL_VERSION_NUMBER) && \
++ LIBRESSL_VERSION_NUMBER < 0x20700000L) || \
++ OPENSSL_VERSION_NUMBER < 0x10100000L
++ sig_info->sig = (const char *)ASN1_STRING_data(sig);
++#else
+ sig_info->sig = (const char *)ASN1_STRING_get0_data(sig);
++#endif
+ sig_info->sig_len = ASN1_STRING_length(sig);
+
+ sno_bn = ASN1_INTEGER_to_BN(sno, NULL);
+@@ -277,7 +341,11 @@ static bool fill_pkcs7(const char *mem, off_t size,
+ if (pvt == NULL)
+ goto err3;
+
++#ifndef USE_PKCS7
+ pvt->cms = cms;
++#else
++ pvt->pkcs7 = pkcs7;
++#endif
+ pvt->key_id = key_id_str;
+ pvt->sno = sno_bn;
+ sig_info->private = pvt;
+@@ -290,7 +358,11 @@ err3:
+ err2:
+ BN_free(sno_bn);
+ err:
++#ifndef USE_PKCS7
+ CMS_ContentInfo_free(cms);
++#else
++ PKCS7_free(pkcs7);
++#endif
+ return false;
+ }
+
+--
+2.20.1
+
diff --git a/sys-apps/kmod/files/kmod-static-nodes-r1 b/sys-apps/kmod/files/kmod-static-nodes-r1
new file mode 100644
index 0000000..9362f28
--- /dev/null
+++ b/sys-apps/kmod/files/kmod-static-nodes-r1
@@ -0,0 +1,18 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+description="Create list of required static device nodes for the current kernel"
+
+depend() {
+ after dev-mount
+ before tmpfiles.dev dev
+ keyword -lxc -systemd-nspawn
+}
+
+start() {
+ ebegin "Creating list of required static device nodes for the current kernel"
+ checkpath -q -d /run/tmpfiles.d
+ kmod static-nodes --format=tmpfiles --output=/run/tmpfiles.d/kmod.conf
+ eend $?
+}
diff --git a/sys-apps/kmod/kmod-26-r1.ebuild b/sys-apps/kmod/kmod-26-r1.ebuild
new file mode 100644
index 0000000..2752b85
--- /dev/null
+++ b/sys-apps/kmod/kmod-26-r1.ebuild
@@ -0,0 +1,200 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_{4,5,6,7}} )
+
+inherit bash-completion-r1 multilib python-r1
+
+if [[ ${PV} == 9999* ]]; then
+ EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/kernel/${PN}/${PN}.git"
+ inherit autotools git-r3
+else
+ SRC_URI="mirror://kernel/linux/utils/kernel/kmod/${P}.tar.xz"
+ KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+ inherit libtool
+fi
+
+DESCRIPTION="library and tools for managing linux kernel modules"
+HOMEPAGE="https://git.kernel.org/?p=utils/kernel/kmod/kmod.git"
+
+LICENSE="LGPL-2"
+SLOT="0"
+IUSE="debug doc libressl lzma python ssl static-libs +tools zlib"
+
+# Upstream does not support running the test suite with custom configure flags.
+# I was also told that the test suite is intended for kmod developers.
+# So we have to restrict it.
+# See bug #408915.
+RESTRICT="test"
+
+# Block systemd below 217 for -static-nodes-indicate-that-creation-of-static-nodes-.patch
+RDEPEND="!sys-apps/module-init-tools
+ !sys-apps/modutils
+ !<sys-apps/openrc-0.13.8
+ !<sys-apps/systemd-216-r3
+ lzma? ( >=app-arch/xz-utils-5.0.4-r1 )
+ python? ( ${PYTHON_DEPS} )
+ ssl? (
+ !libressl? ( >=dev-libs/openssl-1.1.0:0= )
+ libressl? ( dev-libs/libressl:0= )
+ )
+ zlib? ( >=sys-libs/zlib-1.2.6 )" #427130
+DEPEND="${RDEPEND}
+ doc? ( dev-util/gtk-doc )
+ lzma? ( virtual/pkgconfig )
+ python? (
+ dev-python/cython[${PYTHON_USEDEP}]
+ virtual/pkgconfig
+ )
+ zlib? ( virtual/pkgconfig )"
+if [[ ${PV} == 9999* ]]; then
+ DEPEND="${DEPEND}
+ dev-libs/libxslt"
+fi
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+DOCS="NEWS README TODO"
+
+PATCHES=(
+ "${FILESDIR}/${P}-libressl.patch" # bug 677960
+)
+
+src_prepare() {
+ default
+
+ if [[ ! -e configure ]] ; then
+ if use doc; then
+ gtkdocize --copy --docdir libkmod/docs || die
+ else
+ touch libkmod/docs/gtk-doc.make
+ fi
+ eautoreconf
+ else
+ elibtoolize
+ fi
+
+ # Restore possibility of running --enable-static wrt #472608
+ sed -i \
+ -e '/--enable-static is not supported by kmod/s:as_fn_error:echo:' \
+ configure || die
+}
+
+src_configure() {
+ local myeconfargs=(
+ --bindir="${EPREFIX}/bin"
+ --enable-shared
+ --with-bashcompletiondir="$(get_bashcompdir)"
+ --with-rootlibdir="${EPREFIX}/$(get_libdir)"
+ $(use_enable debug)
+ $(use_enable doc gtk-doc)
+ $(use_enable static-libs static)
+ $(use_enable tools)
+ $(use_with lzma xz)
+ $(use_with ssl openssl)
+ $(use_with zlib)
+ )
+
+ local ECONF_SOURCE="${S}"
+
+ kmod_configure() {
+ mkdir -p "${BUILD_DIR}" || die
+ run_in_build_dir econf "${myeconfargs[@]}" "$@"
+ }
+
+ BUILD_DIR="${WORKDIR}/build"
+ kmod_configure --disable-python
+
+ if use python; then
+ python_foreach_impl kmod_configure --enable-python
+ fi
+}
+
+src_compile() {
+ emake -C "${BUILD_DIR}"
+
+ if use python; then
+ local native_builddir=${BUILD_DIR}
+
+ python_compile() {
+ emake -C "${BUILD_DIR}" -f Makefile -f - python \
+ VPATH="${native_builddir}:${S}" \
+ native_builddir="${native_builddir}" \
+ libkmod_python_kmod_{kmod,list,module,_util}_la_LIBADD='$(PYTHON_LIBS) $(native_builddir)/libkmod/libkmod.la' \
+ <<< 'python: $(pkgpyexec_LTLIBRARIES)'
+ }
+
+ python_foreach_impl python_compile
+ fi
+}
+
+src_install() {
+ emake -C "${BUILD_DIR}" DESTDIR="${D}" install
+ einstalldocs
+
+ if use python; then
+ local native_builddir=${BUILD_DIR}
+
+ python_install() {
+ emake -C "${BUILD_DIR}" DESTDIR="${D}" \
+ VPATH="${native_builddir}:${S}" \
+ install-pkgpyexecLTLIBRARIES \
+ install-dist_pkgpyexecPYTHON
+ }
+
+ python_foreach_impl python_install
+ fi
+
+ find "${ED}" -name "*.la" -delete || die
+
+ if use tools; then
+ local bincmd sbincmd
+ for sbincmd in depmod insmod lsmod modinfo modprobe rmmod; do
+ dosym ../bin/kmod /sbin/${sbincmd}
+ done
+
+ # These are also usable as normal user
+ for bincmd in lsmod modinfo; do
+ dosym kmod /bin/${bincmd}
+ done
+ fi
+
+ cat <<-EOF > "${T}"/usb-load-ehci-first.conf
+ softdep uhci_hcd pre: ehci_hcd
+ softdep ohci_hcd pre: ehci_hcd
+ EOF
+
+ insinto /lib/modprobe.d
+ doins "${T}"/usb-load-ehci-first.conf #260139
+
+ newinitd "${FILESDIR}"/kmod-static-nodes-r1 kmod-static-nodes
+}
+
+pkg_postinst() {
+ if [[ -L ${EROOT%/}/etc/runlevels/boot/static-nodes ]]; then
+ ewarn "Removing old conflicting static-nodes init script from the boot runlevel"
+ rm -f "${EROOT%/}"/etc/runlevels/boot/static-nodes
+ fi
+
+ # Add kmod to the runlevel automatically if this is the first install of this package.
+ if [[ -z ${REPLACING_VERSIONS} ]]; then
+ if [[ ! -d ${EROOT%/}/etc/runlevels/sysinit ]]; then
+ mkdir -p "${EROOT%/}"/etc/runlevels/sysinit
+ fi
+ if [[ -x ${EROOT%/}/etc/init.d/kmod-static-nodes ]]; then
+ ln -s /etc/init.d/kmod-static-nodes "${EROOT%/}"/etc/runlevels/sysinit/kmod-static-nodes
+ fi
+ fi
+
+ if [[ -e ${EROOT%/}/etc/runlevels/sysinit ]]; then
+ if [[ ! -e ${EROOT%/}/etc/runlevels/sysinit/kmod-static-nodes ]]; then
+ ewarn
+ ewarn "You need to add kmod-static-nodes to the sysinit runlevel for"
+ ewarn "kernel modules to have required static nodes!"
+ ewarn "Run this command:"
+ ewarn "\trc-update add kmod-static-nodes sysinit"
+ fi
+ fi
+}
diff --git a/sys-apps/kmod/metadata.xml b/sys-apps/kmod/metadata.xml
new file mode 100644
index 0000000..188bf47
--- /dev/null
+++ b/sys-apps/kmod/metadata.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+<maintainer type="project">
+ <email>udev-bugs@gentoo.org</email>
+</maintainer>
+<maintainer type="project">
+ <email>base-system@gentoo.org</email>
+ <name>Gentoo Base System</name>
+</maintainer>
+<use>
+ <flag name="lzma">Enable support for XZ compressed modules</flag>
+ <flag name="tools">Install module loading/unloading tools.</flag>
+ <flag name="zlib">Enable support for gzipped modules</flag>
+</use>
+</pkgmetadata>