From 43f30994a634b679f5d2ea7074f712c62d2c7a57 Mon Sep 17 00:00:00 2001 From: Jonathan Li Date: Sun, 8 Feb 2015 07:24:44 +0700 Subject: system/sbsigntools: Added (Signing utility for UEFI Secure Boot). Signed-off-by: Willy Sudiarto Raharjo --- system/sbsigntools/README | 1 + system/sbsigntools/autogen.patch | 277 ++++++++++++++++++++++++++++++ system/sbsigntools/ccan_makefile.patch | 20 +++ system/sbsigntools/fix_efi_arch.patch | 26 +++ system/sbsigntools/sbsigntools.SlackBuild | 117 +++++++++++++ system/sbsigntools/sbsigntools.info | 12 ++ system/sbsigntools/slack-desc | 19 ++ 7 files changed, 472 insertions(+) create mode 100644 system/sbsigntools/README create mode 100644 system/sbsigntools/autogen.patch create mode 100644 system/sbsigntools/ccan_makefile.patch create mode 100644 system/sbsigntools/fix_efi_arch.patch create mode 100644 system/sbsigntools/sbsigntools.SlackBuild create mode 100644 system/sbsigntools/sbsigntools.info create mode 100644 system/sbsigntools/slack-desc (limited to 'system/sbsigntools') diff --git a/system/sbsigntools/README b/system/sbsigntools/README new file mode 100644 index 0000000000..491bdcbb5a --- /dev/null +++ b/system/sbsigntools/README @@ -0,0 +1 @@ +sbsigntools is a set of tools for adding signatures. diff --git a/system/sbsigntools/autogen.patch b/system/sbsigntools/autogen.patch new file mode 100644 index 0000000000..e681792c49 --- /dev/null +++ b/system/sbsigntools/autogen.patch @@ -0,0 +1,277 @@ +From c8c7e1ba97d15433247bcf87e88485cf7c6b7cc3 Mon Sep 17 00:00:00 2001 +From: James Bottomley +Date: Tue, 26 Jun 2012 09:49:05 +0100 +Subject: sbsigntools: fix autogen.sh for build service + +--- + AUTHORS | 4 ++ + ChangeLog | 224 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + autogen.sh | 10 --- + 3 files changed, 228 insertions(+), 10 deletions(-) + create mode 100644 AUTHORS + create mode 100644 ChangeLog + +diff --git a/AUTHORS b/AUTHORS +new file mode 100644 +index 0000000..3eaa355 +--- /dev/null ++++ b/AUTHORS +@@ -0,0 +1,4 @@ ++ Adam Conrad ++ Ivan Hu ++ James Bottomley ++ Jeremy Kerr +diff --git a/ChangeLog b/ChangeLog +new file mode 100644 +index 0000000..d5d5ea6 +--- /dev/null ++++ b/ChangeLog +@@ -0,0 +1,224 @@ ++2012-06-20 c07dfb9 Ivan Hu ++ ++ * configure: Add check for bfh.h ++ ++2012-06-19 5e07c4e Ivan Hu ++ ++ * tests: Add a test to check invalid PKCS7 signature attaching ++ ++2012-06-19 bfb778e Ivan Hu ++ ++ * sbattach: Check that attached signatures are valid PKCS7 data ++ ++2012-06-14 bf6df84 Jeremy Kerr ++ ++ * sbverify: Use a variable for image filename ++ ++2012-06-13 9b7f7fb Jeremy Kerr ++ ++ * image: Unconditionally parse PE/COFF data ++ ++2012-06-13 128f1c1 Jeremy Kerr ++ ++ * sbverify: Check for failed image load ++ ++2012-06-13 b48e256 Jeremy Kerr ++ ++ * tests: Add tests for missing image, cert & key files ++ ++2012-06-13 0af5e01 Jeremy Kerr ++ ++ * tests: Execute tests in a clean (temporary) directory ++ ++2012-06-13 8716e88 Jeremy Kerr ++ ++ * tests: Use COMPILE.S for assembing test object ++ ++2012-06-13 807f0e6 Jeremy Kerr ++ ++ * Version 0.2 ++ ++2012-06-13 7c2d8bb Jeremy Kerr ++ ++ * docs: Add simple manpage for sbattach ++ ++2012-06-13 deb9211 Jeremy Kerr ++ ++ * automake: Clean generated man files ++ ++2012-06-13 3cde1e4 Jeremy Kerr ++ ++ * tests: Add a few simple tests ++ ++2012-06-13 cc881c2 Jeremy Kerr ++ ++ * Remove unused test.c file ++ ++2012-06-12 4c79e3a Jeremy Kerr ++ ++ * sbattach: Add too to manage detached signatures ++ ++2012-06-12 564f5bc Jeremy Kerr ++ ++ * image: Add facility to write unsigned images ++ ++2012-06-11 a07b8d2 Jeremy Kerr ++ ++ * sbsign,sbverify: Update getopt_long optstrings ++ ++2012-06-11 5836038 Jeremy Kerr ++ ++ * sbverify: Add support for detached signatures ++ ++2012-06-11 b8a7d51 Jeremy Kerr ++ ++ * sbverify: Split image signature table reading to separate function ++ ++2012-06-11 e9f438c Jeremy Kerr ++ ++ * Fix warnings from added -W flags ++ ++2012-06-11 f19e8bb Jeremy Kerr ++ ++ * automake: Add -Wall -Wextra CFLAGS ++ ++2012-06-11 af4f088 Jeremy Kerr ++ ++ * sbsign: Add --detached option to create detached PKCS7 signatures ++ ++2012-06-11 0c9fbd2 Jeremy Kerr ++ ++ * sbsign: fix flag for verbose operation ++ ++2012-06-11 3673db1 Jeremy Kerr ++ ++ * docs: Fix manpage creation ++ ++2012-05-29 9b2f3a7 Adam Conrad ++ ++ * autogen.sh: Fix ccan_module assignment ++ ++2012-05-28 3fb0f00 Jeremy Kerr ++ ++ * image: use read_write_all from ccan ++ ++2012-05-28 f1112b4 Jeremy Kerr ++ ++ * image: Fix format specifier for 32-bit builds ++ ++2012-05-24 d5e634c Jeremy Kerr ++ ++ * autoconfiscate ++ ++2012-05-23 82f8c30 Jeremy Kerr ++ ++ * docs: Add initial manpages ++ ++2012-05-23 c14efcb Jeremy Kerr ++ ++ * sbsign,sbverify: help2man-ize usage output ++ ++2012-05-23 98a4f10 Jeremy Kerr ++ ++ * Makefile: Add dist targets ++ ++2012-05-22 1b2b5c6 Jeremy Kerr ++ ++ * ccan: Add ccan import logic ++ ++2012-05-15 6ff68e5 Jeremy Kerr ++ ++ * Move ccan submodule ++ ++2012-05-15 9a08e25 Jeremy Kerr ++ ++ * Remove unused header ++ ++2012-05-14 bc618c5 Jeremy Kerr ++ ++ * Remove pkcs7-simple test file ++ ++2012-05-14 9ac930e Jeremy Kerr ++ ++ * Makefile: add install target ++ ++2012-05-14 a1b270f Jeremy Kerr ++ ++ * Makefile: Comment components ++ ++2012-05-14 c67b82a Jeremy Kerr ++ ++ * sbverify: clean up openssl init ++ ++2012-05-14 c499763 Jeremy Kerr ++ ++ * sbverify: add check for invalid PKCS7 data ++ ++2012-05-14 74eb766 Jeremy Kerr ++ ++ * sbverify: Add certificate chain verification ++ ++2012-05-12 e111127 Jeremy Kerr ++ ++ * verify: move idc-related parsing to idc.c ++ ++2012-05-12 46cf6a6 Jeremy Kerr ++ ++ * sbsign: fix incorrect check for certificate load ++ ++2012-05-12 57d9f0c Jeremy Kerr ++ ++ * image: reformat gap warnings ++ ++2012-05-12 ab05bec Jeremy Kerr ++ ++ * image: add cert table to image size ++ ++2012-05-12 e1fec08 Jeremy Kerr ++ ++ * sbverify: Add check for image hash ++ ++2012-05-12 fefe97c Jeremy Kerr ++ ++ * sbverify: check for presence of signature table ++ ++2012-05-12 b73f723 Jeremy Kerr ++ ++ * Makefile: add $(tools) var ++ ++2012-05-12 55b1940 Jeremy Kerr ++ ++ * sbsigntool -> sbsign ++ ++2012-05-12 a183de9 Jeremy Kerr ++ ++ * image: open output file with O_TRUNC ++ ++2012-04-24 04b70fc Jeremy Kerr ++ ++ * sbsigntooL: expand usage info ++ ++2012-04-24 9826a43 Jeremy Kerr ++ ++ * Add GPLv3 text in COPYING ++ ++2012-04-24 906654e Jeremy Kerr ++ ++ * coff: remove unneeded coff includes ++ ++2012-04-23 9d3c8b5 Jeremy Kerr ++ ++ * Add copyright comments ++ ++2012-04-23 e019eec Jeremy Kerr ++ ++ * image: warn about potential checksum differences ++ ++2012-04-23 01e33cd Jeremy Kerr ++ ++ * idc: allocate using the image context ++ ++2012-04-23 acd8c0a Jeremy Kerr ++ ++ * Initial commit ++ +diff --git a/autogen.sh b/autogen.sh +index 32ea6f6..117835b 100755 +--- a/autogen.sh ++++ b/autogen.sh +@@ -16,16 +16,6 @@ then + --build-type=automake lib/ccan $ccan_modules + fi + +-# Create generatable docs from git +-( +- echo "Authors of sbsigntool:" +- echo +- git log --format='%an' | sort -u | sed 's,^,\t,' +-) > AUTHORS +- +-# Generate simple ChangeLog +-git log --date=short --format='%ad %t %an <%ae>%n%n * %s%n' > ChangeLog +- + # automagic + aclocal + autoheader +-- +2.1.2 + diff --git a/system/sbsigntools/ccan_makefile.patch b/system/sbsigntools/ccan_makefile.patch new file mode 100644 index 0000000000..e77b958ab8 --- /dev/null +++ b/system/sbsigntools/ccan_makefile.patch @@ -0,0 +1,20 @@ +--- sbsigntools-0.7/lib/ccan.git/Makefile 2015-02-07 12:56:54.457781357 +0000 ++++ sbsigntools-0.7/lib/ccan.git/Makefile 2015-02-07 13:00:25.482175092 +0000 +@@ -15,7 +15,7 @@ + EXCLUDE=wwviaudio ogg_to_pcm jmap jset nfs + + # Where make scores puts the results +-SCOREDIR=scores/$(shell whoami)/$(shell uname -s)-$(shell uname -m)-$(CC)-$(shell git describe --always --dirty) ++#SCOREDIR=scores/$(shell whoami)/$(shell uname -s)-$(shell uname -m)-$(CC)-$(shell git describe --always --dirty) + + ALL=$(filter-out $(EXCLUDE), $(REALLY_ALL)) + +@@ -77,7 +77,7 @@ distclean: clean + scores: $(SCOREDIR)/SUMMARY + + $(SCOREDIR)/SUMMARY: $(patsubst ccan/%/_info, $(SCOREDIR)/score-%, $(wildcard ccan/*/_info)) +- git describe --always > $@ ++# git describe --always > $@ + uname -a >> $@ + $(CC) -v >> $@ + cat $^ | grep 'Total score:' >> $@ diff --git a/system/sbsigntools/fix_efi_arch.patch b/system/sbsigntools/fix_efi_arch.patch new file mode 100644 index 0000000000..fceb96f4bf --- /dev/null +++ b/system/sbsigntools/fix_efi_arch.patch @@ -0,0 +1,26 @@ +From 706bec1a957f2fcce3781e326e6e0b2be41a9b86 Mon Sep 17 00:00:00 2001 +From: James Bottomley +Date: Tue, 6 Jan 2015 08:00:28 -0800 +Subject: [PATCH] OBS add correcting definition of EFI_ARCH + +Signed-off-by: James Bottomley +--- + configure.ac | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index 4891151..2e80e09 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -64,7 +64,7 @@ PKG_CHECK_MODULES(uuid, uuid, + AC_MSG_ERROR([libuuid (from the uuid package) is required])) + + dnl gnu-efi headers require extra include dirs +-EFI_ARCH=$(uname -m) ++EFI_ARCH=$(uname -m | sed s/i.86/ia32/) + EFI_CPPFLAGS="-I/usr/include/efi -I/usr/include/efi/$EFI_ARCH \ + -DEFI_FUNCTION_WRAPPER" + CPPFLAGS_save="$CPPFLAGS" +-- +2.1.2 + diff --git a/system/sbsigntools/sbsigntools.SlackBuild b/system/sbsigntools/sbsigntools.SlackBuild new file mode 100644 index 0000000000..f9701591ff --- /dev/null +++ b/system/sbsigntools/sbsigntools.SlackBuild @@ -0,0 +1,117 @@ +#!/bin/sh + +# Slackware build script for sbsigntools + +# Copyright 2015 Jonathan Li +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=sbsigntools +VERSION=${VERSION:-0.7} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +CCAN_VERSION=${CCAN_VERSION:-0.0.2} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz +cd $PRGNAM-$VERSION +tar -xvf $CWD/ccan-$CCAN_VERSION.tar.gz -C lib/ccan.git + +# Next 2 patches taken from +# https://build.opensuse.org/package/show/home:jejb1:UEFI/sbsigntools?rev=16 +# Fixes build on 32-bit. +patch -p1 -i $CWD/fix_efi_arch.patch + +# Creates changelog and stops git from being called. +patch -p1 -i $CWD/autogen.patch + +# Suppress "not git repo messages"- they're evaluated by the makefile but don't +# actually get run so it's just noise. +patch -p1 -i $CWD/ccan_makefile.patch +rm lib/ccan.git/Makefile-web + +chown -R root:root . +find -L . \ + \( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \ + -o -perm 511 \) -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \ + -o -perm 440 -o -perm 400 \) -exec chmod 644 {} \; + +./autogen.sh +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --mandir=/usr/man \ + --build=$ARCH-slackware-linux + +# In the wrong place for some reason. +cp lib/ccan.git/config.h lib/ccan + +make +make install DESTDIR=$PKG + +find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +find $PKG/usr/man -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a AUTHORS COPYING LICENSE.GPLv3 ChangeLog $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/system/sbsigntools/sbsigntools.info b/system/sbsigntools/sbsigntools.info new file mode 100644 index 0000000000..a4fc110610 --- /dev/null +++ b/system/sbsigntools/sbsigntools.info @@ -0,0 +1,12 @@ +PRGNAM="sbsigntools" +VERSION="0.7" +HOMEPAGE="https://git.kernel.org/cgit/linux/kernel/git/jejb/sbsigntools.git/" +DOWNLOAD="https://build.opensuse.org/source/home:jejb1:UEFI/sbsigntools/sbsigntools-0.7.tar.gz \ + https://build.opensuse.org/source/home:jejb1:UEFI/sbsigntools/ccan-0.0.2.tar.gz" +MD5SUM="5adb5f7caaf435268f833eb816566c8e \ + 6de60482bf935a159ecb647d2e4a57ab" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +REQUIRES="" +MAINTAINER="Jonathan Li" +EMAIL="jonathan dot li at hotmail dot co dot uk" diff --git a/system/sbsigntools/slack-desc b/system/sbsigntools/slack-desc new file mode 100644 index 0000000000..e577aa4398 --- /dev/null +++ b/system/sbsigntools/slack-desc @@ -0,0 +1,19 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. +# Line up the first '|' above the ':' following the base package name, and +# the '|' on the right side marks the last column you can put a character in. +# You must make exactly 11 lines for the formatting to be correct. It's also +# customary to leave one space after the ':' except on otherwise blank lines. + + |-----handy-ruler------------------------------------------------------| +sbsigntools: sbsigntools (Signing utility for UEFI Secure Boot) +sbsigntools: +sbsigntools: sbsigntools is a set of tools for signing EFI binaries and drivers +sbsigntools: for use with Secure Boot. +sbsigntools: +sbsigntools: +sbsigntools: +sbsigntools: +sbsigntools: +sbsigntools: +sbsigntools: -- cgit v1.2.3-65-gdbad