[arch-commits] Commit in sbsigntools/trunk (2 files)
Date: Thursday, May 28, 2020 @ 20:31:31 Author: dvzrv Revision: 387782 upgpkg: sbsigntools 0.9.3-2: Rebuilding with source verification. Switching to current upstream at git.kernel.org. Adding all available sodeps in package() and moving the respective packages to makedepends. Adding PGP source verification by adding James Bottomley's key (D5606E73C8B46271BEAD9ADF814AE47C214854D6). Switching to git over https for submodule. Removing unneeded autogen patch. Running autogen.sh in prepare (because of special sauce). Installing docs. Updating maintainer info. Modified: sbsigntools/trunk/PKGBUILD Deleted: sbsigntools/trunk/0001-sbsigntools-fix-autogen.sh-for-build-service.patch -+ 0001-sbsigntools-fix-autogen.sh-for-build-service.patch | 277 -- PKGBUILD| 59 +- 2 files changed, 31 insertions(+), 305 deletions(-) Deleted: 0001-sbsigntools-fix-autogen.sh-for-build-service.patch === --- 0001-sbsigntools-fix-autogen.sh-for-build-service.patch 2020-05-28 18:59:45 UTC (rev 387781) +++ 0001-sbsigntools-fix-autogen.sh-for-build-service.patch 2020-05-28 20:31:31 UTC (rev 387782) @@ -1,277 +0,0 @@ -From c8c7e1ba97d15433247bcf87e88485cf7c6b7cc3 Mon Sep 17 00:00:00 2001 -From: James Bottomley -Date: Tue, 26 Jun 2012 09:49:05 +0100 -Subject: sbsigntools: fix autogen.sh for build service - - AUTHORS| 4 ++ - ChangeLog | 224 + - autogen.sh | 10 --- - 3 files changed, 228 insertions(+), 10 deletions(-) - create mode 100644 AUTHORS - create mode 100644 ChangeLog - -diff --git a/AUTHORS b/AUTHORS -new file mode 100644 -index 000..3eaa355 /dev/null -+++ b/AUTHORS -@@ -0,0 +1,4 @@ -+ Adam Conrad -+ Ivan Hu -+ James Bottomley -+ Jeremy Kerr -diff --git a/ChangeLog b/ChangeLog -new file mode 100644 -index 000..d5d5ea6 /dev/null -+++ b/ChangeLog -@@ -0,0 +1,224 @@ -+2012-06-20 c07dfb9 Ivan Hu -+ -+ * configure: Add check for bfh.h -+ -+2012-06-19 5e07c4e Ivan Hu -+ -+ * tests: Add a test to check invalid PKCS7 signature attaching -+ -+2012-06-19 bfb778e Ivan Hu -+ -+ * sbattach: Check that attached signatures are valid PKCS7 data -+ -+2012-06-14 bf6df84 Jeremy Kerr -+ -+ * sbverify: Use a variable for image filename -+ -+2012-06-13 9b7f7fb Jeremy Kerr -+ -+ * image: Unconditionally parse PE/COFF data -+ -+2012-06-13 128f1c1 Jeremy Kerr -+ -+ * sbverify: Check for failed image load -+ -+2012-06-13 b48e256 Jeremy Kerr -+ -+ * tests: Add tests for missing image, cert & key files -+ -+2012-06-13 0af5e01 Jeremy Kerr -+ -+ * tests: Execute tests in a clean (temporary) directory -+ -+2012-06-13 8716e88 Jeremy Kerr -+ -+ * tests: Use COMPILE.S for assembing test object -+ -+2012-06-13 807f0e6 Jeremy Kerr -+ -+ * Version 0.2 -+ -+2012-06-13 7c2d8bb Jeremy Kerr -+ -+ * docs: Add simple manpage for sbattach -+ -+2012-06-13 deb9211 Jeremy Kerr -+ -+ * automake: Clean generated man files -+ -+2012-06-13 3cde1e4 Jeremy Kerr -+ -+ * tests: Add a few simple tests -+ -+2012-06-13 cc881c2 Jeremy Kerr -+ -+ * Remove unused test.c file -+ -+2012-06-12 4c79e3a Jeremy Kerr -+ -+ * sbattach: Add too to manage detached signatures -+ -+2012-06-12 564f5bc Jeremy Kerr -+ -+ * image: Add facility to write unsigned images -+ -+2012-06-11 a07b8d2 Jeremy Kerr -+ -+ * sbsign,sbverify: Update getopt_long optstrings -+ -+2012-06-11 5836038 Jeremy Kerr -+ -+ * sbverify: Add support for detached signatures -+ -+2012-06-11 b8a7d51 Jeremy Kerr -+ -+ * sbverify: Split image signature table reading to separate function -+ -+2012-06-11 e9f438c Jeremy Kerr -+ -+ * Fix warnings from added -W flags -+ -+2012-06-11 f19e8bb Jeremy Kerr -+ -+ * automake: Add -Wall -Wextra CFLAGS -+ -+2012-06-11 af4f088 Jeremy Kerr -+ -+ * sbsign: Add --detached option to create detached PKCS7 signatures -+ -+2012-06-11 0c9fbd2 Jeremy Kerr -+ -+ * sbsign: fix flag for verbose operation -+ -+2012-06-11 3673db1 Jeremy Kerr -+ -+ * docs: Fix manpage creation -+ -+2012-05-29 9b2f3a7 Adam Conrad -+ -+ * autogen.sh: Fix ccan_module assignment -+ -+2012-05-28 3fb0f00 Jeremy Kerr -+ -+ * image: use read_write_all from ccan -+ -+2012-05-28 f1112b4 Jeremy Kerr -+ -+ * image: Fix format specifier for 32-bit builds -+ -+2012-05-24 d5e634c Jeremy Kerr -+ -+ * autoconfiscate -+ -+2012-05-23 82f8c30 Jeremy Kerr -+ -+ * docs: Add initial manpages -+ -+2012-05-23 c14efcb Jeremy Kerr -+ -+ * sbsign,sbverify: help2man-ize usage output -+ -+2012-05-23 98a4f10 Jeremy Kerr -+ -+ * Makefile: Add dist targets -+ -+2012-05-22 1b2b5c6 Jeremy Kerr -+ -+ * ccan: Add ccan import logic -+ -+2012-05-15 6ff68e5 Jeremy Kerr -+ -+ * Move ccan submodule -+ -+2012-05-15 9a08e25 Jeremy Kerr -+ -+ * Remove unused header -+ -+2012-05-14 bc618c5
[arch-commits] Commit in sbsigntools/trunk (2 files)
Date: Saturday, March 11, 2017 @ 23:05:49
Author: jgc
Revision: 290642
upgpkg: sbsigntools 0.8-2
Added:
sbsigntools/trunk/update-openssl-api-usage-to-support-openssl-1.1.patch
Modified:
sbsigntools/trunk/PKGBUILD
---+
PKGBUILD |9 -
update-openssl-api-usage-to-support-openssl-1.1.patch | 143
2 files changed, 149 insertions(+), 3 deletions(-)
Modified: PKGBUILD
===
--- PKGBUILD2017-03-11 22:57:50 UTC (rev 290641)
+++ PKGBUILD2017-03-11 23:05:49 UTC (rev 290642)
@@ -5,7 +5,7 @@
pkgname="sbsigntools"
pkgver=0.8
-pkgrel=1
+pkgrel=2
pkgdesc="Tools to add signatures to EFI binaries and Drivers"
arch=('x86_64' 'i686')
url="https://build.opensuse.org/package/show/home:jejb1:UEFI/sbsigntools;
@@ -14,14 +14,17 @@
depends=('libutil-linux' 'openssl')
source=("git+https://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git#tag=v${pkgver};
"git://git.ozlabs.org/~ccan/ccan"
- "0001-sbsigntools-fix-autogen.sh-for-build-service.patch")
+ "0001-sbsigntools-fix-autogen.sh-for-build-service.patch"
+update-openssl-api-usage-to-support-openssl-1.1.patch)
sha256sums=('SKIP'
'SKIP'
-'9085ad181f67ac911918864783a9804af456d33c4631659e6acaaa27987786d7')
+'9085ad181f67ac911918864783a9804af456d33c4631659e6acaaa27987786d7'
+'c48939a573c12f798e111921ac19ddf22c6e0cdfdc82dbb0b06c975d14a61341')
prepare() {
cd "${srcdir}/${pkgname}"
patch -p1 -i
"${srcdir}/0001-sbsigntools-fix-autogen.sh-for-build-service.patch"
+ patch -p1 -i ../update-openssl-api-usage-to-support-openssl-1.1.patch
git submodule init
git config submodule."lib/ccan.git".url "${srcdir}/ccan"
Added: update-openssl-api-usage-to-support-openssl-1.1.patch
===
--- update-openssl-api-usage-to-support-openssl-1.1.patch
(rev 0)
+++ update-openssl-api-usage-to-support-openssl-1.1.patch 2017-03-11
23:05:49 UTC (rev 290642)
@@ -0,0 +1,143 @@
+Author: Ben Hutchings
+Date: Sun, 26 Jun 2016 22:04:29 +0200
+Description: Update OpenSSL API usage to support OpenSSL 1.1
+ Most structure definitions in OpenSSL are now opaque and we must call
+ the appropriate accessor functions to get information from them.
+ Not all the accessors are available in older versions, so define the
+ missing accessors as macros.
+ .
+ The X509_retrieve_match() function is no longer usable, as we cannot
+ initialise an X509_OBJECT ourselves. Instead, iterate over the
+ certificate store and use X509_OBJECT_get_type and X509_cmp to
+ compare certificates.
+
+--- a/src/sbverify.c
b/src/sbverify.c
+@@ -55,6 +55,14 @@
+ #include
+ #include
+
++#if OPENSSL_VERSION_NUMBER < 0x1010L
++#define X509_OBJECT_get0_X509(obj) ((obj)->data.x509)
++#define X509_OBJECT_get_type(obj) ((obj)->type)
++#define X509_STORE_CTX_get0_cert(ctx) ((ctx)->cert)
++#define X509_STORE_get0_objects(certs) ((certs)->objs)
++#define X509_get_extended_key_usage(cert) ((cert)->ex_xkusage)
++#endif
++
+ static const char *toolname = "sbverify";
+ static const int cert_name_len = 160;
+
+@@ -123,9 +131,9 @@ static void print_signature_info(PKCS7 *
+
+ for (i = 0; i < sk_X509_num(p7->d.sign->cert); i++) {
+ cert = sk_X509_value(p7->d.sign->cert, i);
+- X509_NAME_oneline(cert->cert_info->subject,
++ X509_NAME_oneline(X509_get_subject_name(cert),
+ subject_name, cert_name_len);
+- X509_NAME_oneline(cert->cert_info->issuer,
++ X509_NAME_oneline(X509_get_issuer_name(cert),
+ issuer_name, cert_name_len);
+
+ printf(" - subject: %s\n", subject_name);
+@@ -136,20 +144,26 @@ static void print_signature_info(PKCS7 *
+ static void print_certificate_store_certs(X509_STORE *certs)
+ {
+ char subject_name[cert_name_len + 1], issuer_name[cert_name_len + 1];
++ STACK_OF(X509_OBJECT) *objs;
+ X509_OBJECT *obj;
++ X509 *cert;
+ int i;
+
+ printf("certificate store:\n");
+
+- for (i = 0; i < sk_X509_OBJECT_num(certs->objs); i++) {
+- obj = sk_X509_OBJECT_value(certs->objs, i);
++ objs = X509_STORE_get0_objects(certs);
++
++ for (i = 0; i < sk_X509_OBJECT_num(objs); i++) {
++ obj = sk_X509_OBJECT_value(objs, i);
+
+- if (obj->type != X509_LU_X509)
++ if (X509_OBJECT_get_type(obj) != X509_LU_X509)
+ continue;
+
+- X509_NAME_oneline(obj->data.x509->cert_info->subject,
++ cert = X509_OBJECT_get0_X509(obj);
++
++ X509_NAME_oneline(X509_get_subject_name(cert),
+
