commit:     1676e6c83dc843ddccbfae6424b9cf0a454ea6fa
Author:     Stefan Strogin <stefan.strogin <AT> gmail <DOT> com>
AuthorDate: Sun Feb 24 01:43:38 2019 +0000
Commit:     Stefan Strogin <stefan.strogin <AT> gmail <DOT> com>
CommitDate: Sun Feb 24 01:44:05 2019 +0000
URL:        https://gitweb.gentoo.org/repo/proj/libressl.git/commit/?id=1676e6c8

sys-apps/kmod: add package from gentoo.git; patch for LibreSSL

Bug: https://bugs.gentoo.org/677960
Package-Manager: Portage-2.3.62, Repoman-2.3.12
Signed-off-by: Stefan Strogin <stefan.strogin <AT> gmail.com>

 sys-apps/kmod/Manifest                     |   1 +
 sys-apps/kmod/files/kmod-26-libressl.patch | 186 +++++++++++++++++++++++++++
 sys-apps/kmod/files/kmod-static-nodes-r1   |  18 +++
 sys-apps/kmod/kmod-26-r1.ebuild            | 200 +++++++++++++++++++++++++++++
 sys-apps/kmod/metadata.xml                 |  16 +++
 5 files changed, 421 insertions(+)

diff --git a/sys-apps/kmod/Manifest b/sys-apps/kmod/Manifest
new file mode 100644
index 0000000..3f2e6db
--- /dev/null
+++ b/sys-apps/kmod/Manifest
@@ -0,0 +1 @@
+DIST kmod-26.tar.xz 552032 BLAKE2B 
3e596d06b48599bf4919346475a036b058fb18a7b19d39953e24fa943b95fdbe34a29a5062f6b4fe3510e667ae873d3b9ae03b72350fa85ddbb40ca6a7730b34
 SHA512 
3ca276c6fc13c2dd2220ec528b8dc4ab4edee5d2b22e16b6f945c552e51f74342c01c33a53740e6af8c893d42bd4d6f629cd8fa6e15ef8bd8da30cb003ef0865

diff --git a/sys-apps/kmod/files/kmod-26-libressl.patch 
b/sys-apps/kmod/files/kmod-26-libressl.patch
new file mode 100644
index 0000000..7d70ed2
--- /dev/null
+++ b/sys-apps/kmod/files/kmod-26-libressl.patch
@@ -0,0 +1,186 @@
+From fd8b59fb8c576751aef6d59dd5ab208baee2ad49 Mon Sep 17 00:00:00 2001
+From: Stefan Strogin <stefan.stro...@gmail.com>
+Date: Fri, 15 Feb 2019 05:34:55 +0200
+Subject: [PATCH] libkmod-signature: use PKCS7 for LibreSSL or older OpenSSL
+
+Linux kernel uses either PKCS #7 or CMS signing modules (scripts/sign-file.c).
+CMS is not supported by LibreSSL, PKCS #7 is used instead.
+For now modinfo used CMS with no altenative requiring >=openssl-1.1.0
+built with CMS support.
+
+Use PKCS #7 for parsing module signature information when CMS is not available.
+
+Upstream-Status: Submitted [https://patchwork.kernel.org/patch/10814147/]
+Signed-off-by: Stefan Strogin <stefan.stro...@gmail.com>
+---
+ libkmod/libkmod-signature.c | 78 +++++++++++++++++++++++++++++++++++--
+ 1 file changed, 75 insertions(+), 3 deletions(-)
+
+diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c
+index 48d0145..aa2a60e 100644
+--- a/libkmod/libkmod-signature.c
++++ b/libkmod/libkmod-signature.c
+@@ -20,9 +20,16 @@
+ #include <endian.h>
+ #include <inttypes.h>
+ #ifdef ENABLE_OPENSSL
+-#include <openssl/cms.h>
+-#include <openssl/ssl.h>
+-#endif
++# include <openssl/ssl.h>
++# if defined(LIBRESSL_VERSION_NUMBER) || \
++      OPENSSL_VERSION_NUMBER < 0x10100000L || \
++      defined(OPENSSL_NO_CMS)
++#  define USE_PKCS7
++#  include <openssl/pkcs7.h>
++# else
++#  include <openssl/cms.h>
++# endif /* LIBRESSL_VERSION_NUMBER */
++#endif /* ENABLE_OPENSSL */
+ #include <stdio.h>
+ #include <stdlib.h>
+ #include <string.h>
+@@ -122,7 +129,11 @@ static bool fill_default(const char *mem, off_t size,
+ #ifdef ENABLE_OPENSSL
+ 
+ struct pkcs7_private {
++#ifndef USE_PKCS7
+       CMS_ContentInfo *cms;
++#else
++      PKCS7 *pkcs7;
++#endif
+       unsigned char *key_id;
+       BIGNUM *sno;
+ };
+@@ -132,7 +143,11 @@ static void pkcs7_free(void *s)
+       struct kmod_signature_info *si = s;
+       struct pkcs7_private *pvt = si->private;
+ 
++#ifndef USE_PKCS7
+       CMS_ContentInfo_free(pvt->cms);
++#else
++      PKCS7_free(pvt->pkcs7);
++#endif
+       BN_free(pvt->sno);
+       free(pvt->key_id);
+       free(pvt);
+@@ -187,7 +202,13 @@ static const char *x509_name_to_str(X509_NAME *name)
+               return NULL;
+ 
+       d = X509_NAME_ENTRY_get_data(e);
++#if (defined(LIBRESSL_VERSION_NUMBER) && \
++              LIBRESSL_VERSION_NUMBER < 0x20700000L) || \
++      OPENSSL_VERSION_NUMBER < 0x10100000L
++      str = (const char *)ASN1_STRING_data(d);
++#else
+       str = (const char *)ASN1_STRING_get0_data(d);
++#endif
+ 
+       return str;
+ }
+@@ -197,11 +218,18 @@ static bool fill_pkcs7(const char *mem, off_t size,
+                      struct kmod_signature_info *sig_info)
+ {
+       const char *pkcs7_raw;
++#ifndef USE_PKCS7
+       CMS_ContentInfo *cms;
+       STACK_OF(CMS_SignerInfo) *sis;
+       CMS_SignerInfo *si;
+       int rc;
+       ASN1_OCTET_STRING *key_id;
++#else
++      PKCS7 *pkcs7;
++      STACK_OF(PKCS7_SIGNER_INFO) *sis;
++      PKCS7_SIGNER_INFO *si;
++      PKCS7_ISSUER_AND_SERIAL *is;
++#endif
+       X509_NAME *issuer;
+       ASN1_INTEGER *sno;
+       ASN1_OCTET_STRING *sig;
+@@ -220,14 +248,23 @@ static bool fill_pkcs7(const char *mem, off_t size,
+ 
+       in = BIO_new_mem_buf(pkcs7_raw, sig_len);
+ 
++#ifndef USE_PKCS7
+       cms = d2i_CMS_bio(in, NULL);
+       if (cms == NULL) {
+               BIO_free(in);
+               return false;
+       }
++#else
++      pkcs7 = d2i_PKCS7_bio(in, NULL);
++      if (pkcs7 == NULL) {
++              BIO_free(in);
++              return false;
++      }
++#endif
+ 
+       BIO_free(in);
+ 
++#ifndef USE_PKCS7
+       sis = CMS_get0_SignerInfos(cms);
+       if (sis == NULL)
+               goto err;
+@@ -245,8 +282,35 @@ static bool fill_pkcs7(const char *mem, off_t size,
+               goto err;
+ 
+       CMS_SignerInfo_get0_algs(si, NULL, NULL, &dig_alg, &sig_alg);
++#else
++      sis = PKCS7_get_signer_info(pkcs7);
++      if (sis == NULL)
++              goto err;
++
++      si = sk_PKCS7_SIGNER_INFO_value(sis, 0);
++      if (si == NULL)
++              goto err;
++
++      is = si->issuer_and_serial;
++      if (is == NULL)
++              goto err;
++      issuer = is->issuer;
++      sno = is->serial;
++
++      sig = si->enc_digest;
++      if (sig == NULL)
++              goto err;
++
++      PKCS7_SIGNER_INFO_get0_algs(si, NULL, &dig_alg, &sig_alg);
++#endif
+ 
++#if (defined(LIBRESSL_VERSION_NUMBER) && \
++              LIBRESSL_VERSION_NUMBER < 0x20700000L) || \
++      OPENSSL_VERSION_NUMBER < 0x10100000L
++      sig_info->sig = (const char *)ASN1_STRING_data(sig);
++#else
+       sig_info->sig = (const char *)ASN1_STRING_get0_data(sig);
++#endif
+       sig_info->sig_len = ASN1_STRING_length(sig);
+ 
+       sno_bn = ASN1_INTEGER_to_BN(sno, NULL);
+@@ -277,7 +341,11 @@ static bool fill_pkcs7(const char *mem, off_t size,
+       if (pvt == NULL)
+               goto err3;
+ 
++#ifndef USE_PKCS7
+       pvt->cms = cms;
++#else
++      pvt->pkcs7 = pkcs7;
++#endif
+       pvt->key_id = key_id_str;
+       pvt->sno = sno_bn;
+       sig_info->private = pvt;
+@@ -290,7 +358,11 @@ err3:
+ err2:
+       BN_free(sno_bn);
+ err:
++#ifndef USE_PKCS7
+       CMS_ContentInfo_free(cms);
++#else
++      PKCS7_free(pkcs7);
++#endif
+       return false;
+ }
+ 
+-- 
+2.20.1
+

diff --git a/sys-apps/kmod/files/kmod-static-nodes-r1 
b/sys-apps/kmod/files/kmod-static-nodes-r1
new file mode 100644
index 0000000..9362f28
--- /dev/null
+++ b/sys-apps/kmod/files/kmod-static-nodes-r1
@@ -0,0 +1,18 @@
+#!/sbin/openrc-run
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+description="Create list of required static device nodes for the current 
kernel"
+
+depend() {
+       after dev-mount
+       before tmpfiles.dev dev
+       keyword -lxc -systemd-nspawn
+}
+
+start() {
+       ebegin "Creating list of required static device nodes for the current 
kernel"
+       checkpath -q -d /run/tmpfiles.d
+       kmod static-nodes --format=tmpfiles --output=/run/tmpfiles.d/kmod.conf
+       eend $?
+}

diff --git a/sys-apps/kmod/kmod-26-r1.ebuild b/sys-apps/kmod/kmod-26-r1.ebuild
new file mode 100644
index 0000000..2752b85
--- /dev/null
+++ b/sys-apps/kmod/kmod-26-r1.ebuild
@@ -0,0 +1,200 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+PYTHON_COMPAT=( python{2_7,3_{4,5,6,7}} )
+
+inherit bash-completion-r1 multilib python-r1
+
+if [[ ${PV} == 9999* ]]; then
+       
EGIT_REPO_URI="https://git.kernel.org/pub/scm/utils/kernel/${PN}/${PN}.git";
+       inherit autotools git-r3
+else
+       SRC_URI="mirror://kernel/linux/utils/kernel/kmod/${P}.tar.xz"
+       KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 
~s390 ~sh ~sparc ~x86"
+       inherit libtool
+fi
+
+DESCRIPTION="library and tools for managing linux kernel modules"
+HOMEPAGE="https://git.kernel.org/?p=utils/kernel/kmod/kmod.git";
+
+LICENSE="LGPL-2"
+SLOT="0"
+IUSE="debug doc libressl lzma python ssl static-libs +tools zlib"
+
+# Upstream does not support running the test suite with custom configure flags.
+# I was also told that the test suite is intended for kmod developers.
+# So we have to restrict it.
+# See bug #408915.
+RESTRICT="test"
+
+# Block systemd below 217 for 
-static-nodes-indicate-that-creation-of-static-nodes-.patch
+RDEPEND="!sys-apps/module-init-tools
+       !sys-apps/modutils
+       !<sys-apps/openrc-0.13.8
+       !<sys-apps/systemd-216-r3
+       lzma? ( >=app-arch/xz-utils-5.0.4-r1 )
+       python? ( ${PYTHON_DEPS} )
+       ssl? (
+               !libressl? ( >=dev-libs/openssl-1.1.0:0= )
+               libressl? ( dev-libs/libressl:0= )
+       )
+       zlib? ( >=sys-libs/zlib-1.2.6 )" #427130
+DEPEND="${RDEPEND}
+       doc? ( dev-util/gtk-doc )
+       lzma? ( virtual/pkgconfig )
+       python? (
+               dev-python/cython[${PYTHON_USEDEP}]
+               virtual/pkgconfig
+               )
+       zlib? ( virtual/pkgconfig )"
+if [[ ${PV} == 9999* ]]; then
+       DEPEND="${DEPEND}
+               dev-libs/libxslt"
+fi
+
+REQUIRED_USE="python? ( ${PYTHON_REQUIRED_USE} )"
+
+DOCS="NEWS README TODO"
+
+PATCHES=(
+       "${FILESDIR}/${P}-libressl.patch" # bug 677960
+)
+
+src_prepare() {
+       default
+
+       if [[ ! -e configure ]] ; then
+               if use doc; then
+                       gtkdocize --copy --docdir libkmod/docs || die
+               else
+                       touch libkmod/docs/gtk-doc.make
+               fi
+               eautoreconf
+       else
+               elibtoolize
+       fi
+
+       # Restore possibility of running --enable-static wrt #472608
+       sed -i \
+               -e '/--enable-static is not supported by 
kmod/s:as_fn_error:echo:' \
+               configure || die
+}
+
+src_configure() {
+       local myeconfargs=(
+               --bindir="${EPREFIX}/bin"
+               --enable-shared
+               --with-bashcompletiondir="$(get_bashcompdir)"
+               --with-rootlibdir="${EPREFIX}/$(get_libdir)"
+               $(use_enable debug)
+               $(use_enable doc gtk-doc)
+               $(use_enable static-libs static)
+               $(use_enable tools)
+               $(use_with lzma xz)
+               $(use_with ssl openssl)
+               $(use_with zlib)
+       )
+
+       local ECONF_SOURCE="${S}"
+
+       kmod_configure() {
+               mkdir -p "${BUILD_DIR}" || die
+               run_in_build_dir econf "${myeconfargs[@]}" "$@"
+       }
+
+       BUILD_DIR="${WORKDIR}/build"
+       kmod_configure --disable-python
+
+       if use python; then
+               python_foreach_impl kmod_configure --enable-python
+       fi
+}
+
+src_compile() {
+       emake -C "${BUILD_DIR}"
+
+       if use python; then
+               local native_builddir=${BUILD_DIR}
+
+               python_compile() {
+                       emake -C "${BUILD_DIR}" -f Makefile -f - python \
+                               VPATH="${native_builddir}:${S}" \
+                               native_builddir="${native_builddir}" \
+                               
libkmod_python_kmod_{kmod,list,module,_util}_la_LIBADD='$(PYTHON_LIBS) 
$(native_builddir)/libkmod/libkmod.la' \
+                               <<< 'python: $(pkgpyexec_LTLIBRARIES)'
+               }
+
+               python_foreach_impl python_compile
+       fi
+}
+
+src_install() {
+       emake -C "${BUILD_DIR}" DESTDIR="${D}" install
+       einstalldocs
+
+       if use python; then
+               local native_builddir=${BUILD_DIR}
+
+               python_install() {
+                       emake -C "${BUILD_DIR}" DESTDIR="${D}" \
+                               VPATH="${native_builddir}:${S}" \
+                               install-pkgpyexecLTLIBRARIES \
+                               install-dist_pkgpyexecPYTHON
+               }
+
+               python_foreach_impl python_install
+       fi
+
+       find "${ED}" -name "*.la" -delete || die
+
+       if use tools; then
+               local bincmd sbincmd
+               for sbincmd in depmod insmod lsmod modinfo modprobe rmmod; do
+                       dosym ../bin/kmod /sbin/${sbincmd}
+               done
+
+               # These are also usable as normal user
+               for bincmd in lsmod modinfo; do
+                       dosym kmod /bin/${bincmd}
+               done
+       fi
+
+       cat <<-EOF > "${T}"/usb-load-ehci-first.conf
+       softdep uhci_hcd pre: ehci_hcd
+       softdep ohci_hcd pre: ehci_hcd
+       EOF
+
+       insinto /lib/modprobe.d
+       doins "${T}"/usb-load-ehci-first.conf #260139
+
+       newinitd "${FILESDIR}"/kmod-static-nodes-r1 kmod-static-nodes
+}
+
+pkg_postinst() {
+       if [[ -L ${EROOT%/}/etc/runlevels/boot/static-nodes ]]; then
+               ewarn "Removing old conflicting static-nodes init script from 
the boot runlevel"
+               rm -f "${EROOT%/}"/etc/runlevels/boot/static-nodes
+       fi
+
+       # Add kmod to the runlevel automatically if this is the first install 
of this package.
+       if [[ -z ${REPLACING_VERSIONS} ]]; then
+               if [[ ! -d ${EROOT%/}/etc/runlevels/sysinit ]]; then
+                       mkdir -p "${EROOT%/}"/etc/runlevels/sysinit
+               fi
+               if [[ -x ${EROOT%/}/etc/init.d/kmod-static-nodes ]]; then
+                       ln -s /etc/init.d/kmod-static-nodes 
"${EROOT%/}"/etc/runlevels/sysinit/kmod-static-nodes
+               fi
+       fi
+
+       if [[ -e ${EROOT%/}/etc/runlevels/sysinit ]]; then
+               if [[ ! -e ${EROOT%/}/etc/runlevels/sysinit/kmod-static-nodes 
]]; then
+                       ewarn
+                       ewarn "You need to add kmod-static-nodes to the sysinit 
runlevel for"
+                       ewarn "kernel modules to have required static nodes!"
+                       ewarn "Run this command:"
+                       ewarn "\trc-update add kmod-static-nodes sysinit"
+               fi
+       fi
+}

diff --git a/sys-apps/kmod/metadata.xml b/sys-apps/kmod/metadata.xml
new file mode 100644
index 0000000..188bf47
--- /dev/null
+++ b/sys-apps/kmod/metadata.xml
@@ -0,0 +1,16 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd";>
+<pkgmetadata>
+<maintainer type="project">
+       <email>udev-b...@gentoo.org</email>
+</maintainer>
+<maintainer type="project">
+       <email>base-sys...@gentoo.org</email>
+       <name>Gentoo Base System</name>
+</maintainer>
+<use>
+       <flag name="lzma">Enable support for XZ compressed modules</flag>
+       <flag name="tools">Install module loading/unloading tools.</flag>
+       <flag name="zlib">Enable support for gzipped modules</flag>
+</use>
+</pkgmetadata>

Reply via email to