[gentoo-commits] repo/gentoo:master commit in: sys-boot/tboot/, sys-boot/tboot/files/

["Jason Zaman" <perfinion@gentoo.org>]

commit:     b9f76a244f44802ad1d193ad1f3072a10908b02b
Author:     Christopher Byrne <salah.coronya <AT> gmail <DOT> com>
AuthorDate: Thu Dec 19 03:32:02 2019 +0000
Commit:     Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Sun Feb 16 13:34:22 2020 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b9f76a24

sys-boot/tboot: Bump to 1.9.11 and add libressl support

Closes: https://bugs.gentoo.org/590262
Closes: https://bugs.gentoo.org/677952
Package-Manager: Portage-2.3.79, Repoman-2.3.16
Signed-off-by: Salah Coronya <salah.coronya <AT> gmail.com>
Signed-off-by: Jason Zaman <perfinion <AT> gentoo.org>

 sys-boot/tboot/Manifest                            |  1 +
 .../tboot/files/tboot-1.9.11-genkernel-path.patch  | 62 ++++++++++++++++++++
 sys-boot/tboot/tboot-1.9.11.ebuild                 | 68 ++++++++++++++++++++++
 3 files changed, 131 insertions(+)

diff --git a/sys-boot/tboot/Manifest b/sys-boot/tboot/Manifest
index 107717df656..558f4ee8baa 100644
--- a/sys-boot/tboot/Manifest
+++ b/sys-boot/tboot/Manifest
@@ -1 +1,2 @@
+DIST tboot-1.9.11.tar.gz 709092 BLAKE2B 97b6ea5a09e1adbf1fbdc36516e0e80d3acc67469f297603125542aed8235e6533afb96e6c38885b87e4584392da40d9f65d00eced2b8a87a2ecf61a17c3a985 SHA512 5c2466438ad3ab95ca66fe4d460f4e6b31ccd3c6ac79221b129883df4180fce4878dd07a5f180bb79fae13b59fa90c05aeda7339159d1d950011a59645024b8a
 DIST tboot-1.9.6_p20171118.tar.gz 691068 BLAKE2B c269f9b14cb07139983bd3b1c99511458d5ab5bbd74b097d0aa3b32e0c3e9054d0a67ff18ce7b8090389727acdf47b8c48af6599ecb3148a68786083fe8ded73 SHA512 6476b783516909bf9cf10915fc23e71dca03d521dcc7bf71fbd19684c996c2c588955bb8f896f02afe56feddf9c639b6349635651c852a90319429b2943ec950

diff --git a/sys-boot/tboot/files/tboot-1.9.11-genkernel-path.patch b/sys-boot/tboot/files/tboot-1.9.11-genkernel-path.patch
new file mode 100644
index 00000000000..b2459816068
--- /dev/null
+++ b/sys-boot/tboot/files/tboot-1.9.11-genkernel-path.patch
@@ -0,0 +1,62 @@
+diff -r 9998b2fb83fd tboot/20_linux_tboot
+--- a/tboot/20_linux_tboot	Wed Apr 10 11:47:06 2019 +0200
++++ b/tboot/20_linux_tboot	Tue Jul 23 22:42:00 2019 -0500
+@@ -173,7 +173,16 @@
+ EOF
+ }
+ 
+-linux_list=`for i in /boot/vmlinu[xz]-* /vmlinu[xz]-* ; do
++machine=`uname -m`
++case "$machine" in
++    i?86) GENKERNEL_ARCH="x86" ;;
++    mips|mips64) GENKERNEL_ARCH="mips" ;;
++    mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;;
++    arm*) GENKERNEL_ARCH="arm" ;;
++    *) GENKERNEL_ARCH="$machine" ;;
++esac
++
++linux_list=`for i in /boot/vmlinu[xz]-* /vmlinu[xz]-* /boot/kernel-*; do
+     	basename=$(basename $i)
+ 	version=$(echo $basename | sed -e "s,^[^0-9]*-,,g")
+         if grub_file_is_not_garbage "$i" && grep -qx "CONFIG_INTEL_TXT=y" /boot/config-${version} 2> /dev/null ; then echo -n "$i " ; fi
+@@ -219,7 +228,9 @@
+ 		 "initrd.img-${alt_version}" "initrd-${alt_version}.img" \
+ 		 "initrd-${alt_version}" "initramfs-${alt_version}.img" \
+ 		 "initramfs-genkernel-${version}" \
+-		 "initramfs-genkernel-${alt_version}"; do
++		 "initramfs-genkernel-${alt_version}" \
++		 "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
++		 "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do
+ 	    if test -e "${dirname}/${i}" ; then
+ 		initrd="$i"
+ 		break
+diff -r 9998b2fb83fd tboot/20_linux_xen_tboot
+--- a/tboot/20_linux_xen_tboot	Wed Apr 10 11:47:06 2019 +0200
++++ b/tboot/20_linux_xen_tboot	Tue Jul 23 22:42:00 2019 -0500
+@@ -167,6 +167,15 @@
+ EOF
+ }
+ 
++machine=`uname -m`
++case "$machine" in
++    i?86) GENKERNEL_ARCH="x86" ;;
++    mips|mips64) GENKERNEL_ARCH="mips" ;;
++    mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;;
++    arm*) GENKERNEL_ARCH="arm" ;;
++    *) GENKERNEL_ARCH="$machine" ;;
++esac
++
+ linux_list=`for i in /boot/vmlinu[xz]-* /vmlinu[xz]-* /boot/kernel-*; do
+     if grub_file_is_not_garbage "$i"; then
+     	basename=$(basename $i)
+@@ -234,7 +243,9 @@
+                 "initrd-${version}" "initrd.img-${alt_version}" \
+                 "initrd-${alt_version}.img" "initrd-${alt_version}" \
+                 "initramfs-genkernel-${version}" \
+-                "initramfs-genkernel-${alt_version}" ; do
++                "initramfs-genkernel-${alt_version}" \
++                "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \
++                "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do
+                 if test -e "${dirname}/${i}" ; then
+                     initrd="$i"
+                     break

diff --git a/sys-boot/tboot/tboot-1.9.11.ebuild b/sys-boot/tboot/tboot-1.9.11.ebuild
new file mode 100644
index 00000000000..4778e6215bb
--- /dev/null
+++ b/sys-boot/tboot/tboot-1.9.11.ebuild
@@ -0,0 +1,68 @@
+# Copyright 1999-2020 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit flag-o-matic mount-boot
+
+DESCRIPTION="Performs a measured and verified boot using Intel Trusted Execution Technology"
+HOMEPAGE="https://sourceforge.net/projects/tboot/"
+SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="-* ~amd64 ~x86"
+IUSE="custom-cflags libressl selinux"
+
+# requires patching the kernel src
+RESTRICT="test"
+
+DEPEND="app-crypt/trousers
+app-crypt/tpm-tools
+!libressl? ( dev-libs/openssl:0=[-bindist] )
+libressl? ( dev-libs/libressl:0= )"
+
+RDEPEND="${DEPEND}
+sys-boot/grub:2
+selinux? ( sec-policy/selinux-tboot )"
+
+DOCS=( README COPYING CHANGELOG )
+PATCHES=( "${FILESDIR}/${PN}-1.9.11-genkernel-path.patch" )
+
+src_prepare() {
+	sed -i 's/ -Werror//g' Config.mk || die
+	sed -i 's/^INSTALL_STRIP = -s$//' Config.mk || die # QA Errors
+
+	default
+}
+
+src_compile() {
+	use custom-cflags && export TBOOT_CFLAGS=${CFLAGS} || unset CCASFLAGS CFLAGS CPPFLAGS LDFLAGS
+
+	if use amd64; then
+		export MAKEARGS="TARGET_ARCH=x86_64"
+	else
+		export MAKEARGS="TARGET_ARCH=i686"
+	fi
+
+	default
+}
+
+src_install() {
+	emake DISTDIR="${D}" install
+
+	dodoc "${DOCS[@]}"
+	dodoc docs/*.txt lcptools/*.pdf || die "docs failed"
+
+	cd "${D}"
+	mkdir -p usr/lib/tboot/ || die
+	mv boot usr/lib/tboot/ || die
+}
+
+pkg_postinst() {
+	cp "${ROOT}/usr/lib/tboot/boot/*" "${ROOT}/boot/" || die
+
+	ewarn "Please remember to download the SINIT AC Module relevant"
+	ewarn "for your platform from:"
+	ewarn "http://software.intel.com/en-us/articles/intel-trusted-execution-technology/"
+}