app-crypt/efitools: update EAPI 6 -> 8

Bug: https://bugs.gentoo.org/794766 Bug: https://bugs.gentoo.org/816555 Bug: https://bugs.gentoo.org/816558 Bug: https://bugs.gentoo.org/876379 Signed-off-by: David Seifert <soap@gentoo.org>
author: David Seifert <soap@gentoo.org> 2022-10-24 22:02:27 +0100
committer: David Seifert <soap@gentoo.org> 2022-10-24 22:02:27 +0100
commit: ddd706d317284d5120b833e1185d64708961ba7d (patch)
tree: c93e71d614e8ee204f00427369a1118d4a557e61 /app-crypt/efitools
parent: media-gfx/graphviz: add 7.0.0 (diff)
download: gentoo-ddd706d317284d5120b833e1185d64708961ba7d.tar.gz
gentoo-ddd706d317284d5120b833e1185d64708961ba7d.tar.bz2
gentoo-ddd706d317284d5120b833e1185d64708961ba7d.zip
3 files changed, 281 insertions, 0 deletions
diff --git a/app-crypt/efitools/efitools-1.9.2-r1.ebuild b/app-crypt/efitools/efitools-1.9.2-r1.ebuild
new file mode 100644
index 000000000000..ae06bba83d82
--- /dev/null
+++ b/app-crypt/efitools/efitools-1.9.2-r1.ebuild
@@ -0,0 +1,52 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit flag-o-matic toolchain-funcs
+
+DESCRIPTION="Tools for manipulating UEFI secure boot platforms"
+HOMEPAGE="https://git.kernel.org/cgit/linux/kernel/git/jejb/efitools.git"
+SRC_URI="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git/snapshot/${P}.tar.gz"
+
+LICENSE="GPL-2 LGPL-2.1"
+SLOT="0"
+KEYWORDS="~amd64 ~arm64 ~x86"
+IUSE="static"
+
+LIB_DEPEND="dev-libs/openssl:=[static-libs(+)]"
+
+RDEPEND="
+	!static? ( ${LIB_DEPEND//\[static-libs(+)]} )
+	sys-apps/util-linux"
+DEPEND="${RDEPEND}
+	static? ( ${LIB_DEPEND} )
+	sys-boot/gnu-efi"
+BDEPEND="
+	app-crypt/sbsigntools
+	dev-perl/File-Slurp
+	sys-apps/help2man
+	virtual/pkgconfig"
+
+PATCHES=(
+	"${FILESDIR}"/1.9.2-clang16.patch
+	"${FILESDIR}"/1.9.2-Makefile.patch
+)
+
+src_prepare() {
+	default
+
+	# Let it build with clang
+	if tc-is-clang; then
+		sed -i -e 's/-fno-toplevel-reorder//g' Make.rules || die
+	fi
+
+	if use static; then
+		append-ldflags -static
+		export STATIC_FLAG=--static
+	fi
+}
+
+src_configure() {
+	tc-export AR CC LD NM OBJCOPY PKG_CONFIG
+}
diff --git a/app-crypt/efitools/files/1.9.2-Makefile.patch b/app-crypt/efitools/files/1.9.2-Makefile.patch
new file mode 100644
index 000000000000..e8e99b1858a5
--- /dev/null
+++ b/app-crypt/efitools/files/1.9.2-Makefile.patch
@@ -0,0 +1,121 @@
+--- a/Makefile
++++ b/Makefile
+@@ -21,6 +21,8 @@
+ KEYBLACKLISTAUTH = $(ALLKEYS:=-blacklist.auth)
+ KEYHASHBLACKLISTAUTH = $(ALLKEYS:=-hash-blacklist.auth)
+ 
++SSL_LIBS = $(shell $(PKG_CONFIG) $(STATIC_FLAG) --libs libcrypto)
++
+ export TOPDIR	:= $(shell pwd)/
+ 
+ include Make.rules
+@@ -88,31 +90,31 @@
+ ShimReplace.so: lib/lib-efi.a
+ 
+ cert-to-efi-sig-list: cert-to-efi-sig-list.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
++	$(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a $(SSL_LIBS)
+ 
+ sig-list-to-certs: sig-list-to-certs.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
++	$(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a $(SSL_LIBS)
+ 
+ sign-efi-sig-list: sign-efi-sig-list.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
++	$(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a $(SSL_LIBS)
+ 
+ hash-to-efi-sig-list: hash-to-efi-sig-list.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a
++	$(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a
+ 
+ cert-to-efi-hash-list: cert-to-efi-hash-list.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
++	$(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a $(SSL_LIBS)
+ 
+ efi-keytool: efi-keytool.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a
++	$(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a
+ 
+ efi-readvar: efi-readvar.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
++	$(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a $(SSL_LIBS)
+ 
+ efi-updatevar: efi-updatevar.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
++	$(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a $(SSL_LIBS)
+ 
+ flash-var: flash-var.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a
++	$(CC) $(LDFLAGS) $(ARCH3264) -o $@ $< lib/lib.a
+ 
+ clean:
+ 	rm -f PK.* KEK.* DB.* $(EFIFILES) $(EFISIGNED) $(BINARIES) *.o *.so
+--- a/Make.rules
++++ b/Make.rules
+@@ -15,8 +15,7 @@
+ endif
+ INCDIR	   = -I$(TOPDIR)include/ -I/usr/include/efi -I/usr/include/efi/$(ARCH) -I/usr/include/efi/protocol
+ CPPFLAGS   = -DCONFIG_$(ARCH)
+-CFLAGS	   = -O2 -g $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check
+-LDFLAGS	   = -nostdlib
++CFLAGS +=  $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check
+ CRTOBJ		= crt0-efi-$(ARCH).o
+ CRTPATHS	= /lib /lib64 /lib/efi /lib64/efi /usr/lib /usr/lib64 /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi
+ CRTPATH		= $(shell for f in $(CRTPATHS); do if [ -e $$f/$(CRTOBJ) ]; then echo $$f; break; fi; done)
+@@ -24,10 +23,9 @@
+ # there's a bug in the gnu tools ... the .reloc section has to be
+ # aligned otherwise the file alignment gets screwed up
+ LDSCRIPT	= elf_$(ARCH)_efi.lds
+-LDFLAGS		+= -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -L /usr/lib -L /usr/lib64 -T $(LDSCRIPT)
++LIBS		+= -nostdlib -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -T $(LDSCRIPT)
+ LOADLIBES	= -lefi -lgnuefi $(shell $(CC) $(ARCH3264) -print-libgcc-file-name)
+ FORMAT		= --target=efi-app-$(ARCH)
+-OBJCOPY		= objcopy
+ MYGUID		= 11111111-2222-3333-4444-123456789abc
+ INSTALL		= install
+ BINDIR		= $(DESTDIR)/usr/bin
+@@ -47,12 +45,12 @@
+ endif
+ 
+ ifeq ($(ARCH),arm)
+-  LDFLAGS += --defsym=EFI_SUBSYSTEM=0x0a
++  LIBS += --defsym=EFI_SUBSYSTEM=0x0a
+   FORMAT = -O binary
+ endif
+ 
+ ifeq ($(ARCH),aarch64)
+-  LDFLAGS += --defsym=EFI_SUBSYSTEM=0x0a
++  LIBS += --defsym=EFI_SUBSYSTEM=0x0a
+   FORMAT = -O binary
+ endif
+ 
+@@ -61,9 +59,9 @@
+ 		   -j .rel -j .rela -j .rel.* -j .rela.* -j .rel* -j .rela* \
+ 		   -j .reloc $(FORMAT) $*.so $@
+ %.so: %.o
+-	$(LD) $(LDFLAGS) $^ -o $@ $(LOADLIBES)
++	$(LD) $(LIBS) $^ -o $@ $(LOADLIBES)
+ 	# check we have no undefined symbols
+-	nm -D $@ | grep ' U ' && exit 1 || exit 0
++	$(NM) -D $@ | grep ' U ' && exit 1 || exit 0
+ 
+ %.h: %.auth
+ 	./xxdi.pl $< > $@
+@@ -71,7 +69,7 @@
+ %.hash: %.efi hash-to-efi-sig-list
+ 	./hash-to-efi-sig-list $< $@
+ 
+-%-blacklist.esl: %.crt cert-to-efi-hash-list
++%-blacklist.esl: %.crt cert-to-efi-sig-list
+ 	./cert-to-efi-sig-list $< $@
+ 
+ %-hash-blacklist.esl: %.crt cert-to-efi-hash-list
+@@ -129,7 +127,7 @@
+ #	sbsign --key KEK.key --cert KEK.crt --output $@ $<
+ 
+ %.a:
+-	ar rcv $@ $^
++	$(AR) rcv $@ $^
+ 
+ doc/%.1: doc/%.1.in %
+ 	$(HELP2MAN) --no-info -i $< -o $@ ./$*
diff --git a/app-crypt/efitools/files/1.9.2-clang16.patch b/app-crypt/efitools/files/1.9.2-clang16.patch
new file mode 100644
index 000000000000..944a731bcde8
--- /dev/null
+++ b/app-crypt/efitools/files/1.9.2-clang16.patch
@@ -0,0 +1,108 @@
+--- a/cert-to-efi-sig-list.c
++++ b/cert-to-efi-sig-list.c
+@@ -6,7 +6,6 @@
+ 
+ 
+ #include <stdint.h>
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ #ifdef CONFIG_arm
+ /* FIXME:
+--- a/efi-keytool.c
++++ b/efi-keytool.c
+@@ -15,7 +15,6 @@
+ #include <fcntl.h>
+ #include <unistd.h>
+ 
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ 
+ #include <kernel_efivars.h>
+--- a/efi-readvar.c
++++ b/efi-readvar.c
+@@ -17,7 +17,6 @@
+ 
+ #include <openssl/x509.h>
+ 
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ 
+ #include <kernel_efivars.h>
+--- a/efi-updatevar.c
++++ b/efi-updatevar.c
+@@ -20,7 +20,6 @@
+ #include <openssl/err.h>
+ #include <openssl/pem.h>
+ 
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ 
+ #include <kernel_efivars.h>
+--- a/flash-var.c
++++ b/flash-var.c
+@@ -1,3 +1,5 @@
++#define _XOPEN_SOURCE 700
++
+ #include <stdlib.h>
+ #include <stdint.h>
+ #include <sys/types.h>
+@@ -10,7 +12,6 @@
+ #include <fcntl.h>
+ #include <unistd.h>
+ 
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ 
+ #include <version.h>
+--- a/hash-to-efi-sig-list.c
++++ b/hash-to-efi-sig-list.c
+@@ -4,7 +4,6 @@
+  * see COPYING file
+  */
+ #include <stdint.h>
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ #ifdef CONFIG_arm
+ /* FIXME:
+--- a/include/variableformat.h
++++ b/include/variableformat.h
+@@ -109,7 +109,7 @@
+ 
+ #pragma pack()
+ 
+-inline BOOLEAN
++static inline BOOLEAN
+ IsValidVariableHeader (VARIABLE_HEADER   *vh) {
+ 	if (vh == NULL || vh->StartId != VARIABLE_DATA)
+ 		return FALSE;
+--- a/lib/kernel_efivars.c
++++ b/lib/kernel_efivars.c
+@@ -16,7 +16,6 @@
+ #include <unistd.h>
+ #include <time.h>
+ 
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ 
+ #include <kernel_efivars.h>
+--- a/sig-list-to-certs.c
++++ b/sig-list-to-certs.c
+@@ -4,7 +4,6 @@
+  * see COPYING file
+  */
+ #include <stdint.h>
+-#define __STDC_VERSION__ 199901L
+ #include <efi.h>
+ #ifdef CONFIG_arm
+ /* FIXME:
+--- a/sign-efi-sig-list.c
++++ b/sign-efi-sig-list.c
+@@ -4,7 +4,7 @@
+  * see COPYING file
+  */
+ #include <stdint.h>
+-#define __STDC_VERSION__ 199901L
++#define _XOPEN_SOURCE 700
+ #include <efi.h>
+ #ifdef CONFIG_arm
+ /* FIXME:
author	David Seifert <soap@gentoo.org>	2022-10-24 22:02:27 +0100
committer	David Seifert <soap@gentoo.org>	2022-10-24 22:02:27 +0100
commit	ddd706d317284d5120b833e1185d64708961ba7d (patch)
tree	c93e71d614e8ee204f00427369a1118d4a557e61 /app-crypt/efitools
parent	media-gfx/graphviz: add 7.0.0 (diff)
download	gentoo-ddd706d317284d5120b833e1185d64708961ba7d.tar.gz gentoo-ddd706d317284d5120b833e1185d64708961ba7d.tar.bz2 gentoo-ddd706d317284d5120b833e1185d64708961ba7d.zip