From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 19CE5138351 for ; Sun, 16 Feb 2020 13:35:41 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E8C78E0897; Sun, 16 Feb 2020 13:35:39 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BBF22E0897 for ; Sun, 16 Feb 2020 13:35:39 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 920CE34EB87 for ; Sun, 16 Feb 2020 13:35:38 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 6F49B145 for ; Sun, 16 Feb 2020 13:35:35 +0000 (UTC) From: "Jason Zaman" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Jason Zaman" Message-ID: <1581860062.b9f76a244f44802ad1d193ad1f3072a10908b02b.perfinion@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: sys-boot/tboot/, sys-boot/tboot/files/ X-VCS-Repository: repo/gentoo X-VCS-Files: sys-boot/tboot/Manifest sys-boot/tboot/files/tboot-1.9.11-genkernel-path.patch sys-boot/tboot/tboot-1.9.11.ebuild X-VCS-Directories: sys-boot/tboot/ sys-boot/tboot/files/ X-VCS-Committer: perfinion X-VCS-Committer-Name: Jason Zaman X-VCS-Revision: b9f76a244f44802ad1d193ad1f3072a10908b02b X-VCS-Branch: master Date: Sun, 16 Feb 2020 13:35:35 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: f3a0f81f-7dc3-4972-ac0d-66bbccfb98e1 X-Archives-Hash: 5b9d64f1721ce300a7b21ec78c54047c commit: b9f76a244f44802ad1d193ad1f3072a10908b02b Author: Christopher Byrne gmail com> AuthorDate: Thu Dec 19 03:32:02 2019 +0000 Commit: Jason Zaman gentoo org> CommitDate: Sun Feb 16 13:34:22 2020 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b9f76a24 sys-boot/tboot: Bump to 1.9.11 and add libressl support Closes: https://bugs.gentoo.org/590262 Closes: https://bugs.gentoo.org/677952 Package-Manager: Portage-2.3.79, Repoman-2.3.16 Signed-off-by: Salah Coronya gmail.com> Signed-off-by: Jason Zaman gentoo.org> sys-boot/tboot/Manifest | 1 + .../tboot/files/tboot-1.9.11-genkernel-path.patch | 62 ++++++++++++++++++++ sys-boot/tboot/tboot-1.9.11.ebuild | 68 ++++++++++++++++++++++ 3 files changed, 131 insertions(+) diff --git a/sys-boot/tboot/Manifest b/sys-boot/tboot/Manifest index 107717df656..558f4ee8baa 100644 --- a/sys-boot/tboot/Manifest +++ b/sys-boot/tboot/Manifest @@ -1 +1,2 @@ +DIST tboot-1.9.11.tar.gz 709092 BLAKE2B 97b6ea5a09e1adbf1fbdc36516e0e80d3acc67469f297603125542aed8235e6533afb96e6c38885b87e4584392da40d9f65d00eced2b8a87a2ecf61a17c3a985 SHA512 5c2466438ad3ab95ca66fe4d460f4e6b31ccd3c6ac79221b129883df4180fce4878dd07a5f180bb79fae13b59fa90c05aeda7339159d1d950011a59645024b8a DIST tboot-1.9.6_p20171118.tar.gz 691068 BLAKE2B c269f9b14cb07139983bd3b1c99511458d5ab5bbd74b097d0aa3b32e0c3e9054d0a67ff18ce7b8090389727acdf47b8c48af6599ecb3148a68786083fe8ded73 SHA512 6476b783516909bf9cf10915fc23e71dca03d521dcc7bf71fbd19684c996c2c588955bb8f896f02afe56feddf9c639b6349635651c852a90319429b2943ec950 diff --git a/sys-boot/tboot/files/tboot-1.9.11-genkernel-path.patch b/sys-boot/tboot/files/tboot-1.9.11-genkernel-path.patch new file mode 100644 index 00000000000..b2459816068 --- /dev/null +++ b/sys-boot/tboot/files/tboot-1.9.11-genkernel-path.patch @@ -0,0 +1,62 @@ +diff -r 9998b2fb83fd tboot/20_linux_tboot +--- a/tboot/20_linux_tboot Wed Apr 10 11:47:06 2019 +0200 ++++ b/tboot/20_linux_tboot Tue Jul 23 22:42:00 2019 -0500 +@@ -173,7 +173,16 @@ + EOF + } + +-linux_list=`for i in /boot/vmlinu[xz]-* /vmlinu[xz]-* ; do ++machine=`uname -m` ++case "$machine" in ++ i?86) GENKERNEL_ARCH="x86" ;; ++ mips|mips64) GENKERNEL_ARCH="mips" ;; ++ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; ++ arm*) GENKERNEL_ARCH="arm" ;; ++ *) GENKERNEL_ARCH="$machine" ;; ++esac ++ ++linux_list=`for i in /boot/vmlinu[xz]-* /vmlinu[xz]-* /boot/kernel-*; do + basename=$(basename $i) + version=$(echo $basename | sed -e "s,^[^0-9]*-,,g") + if grub_file_is_not_garbage "$i" && grep -qx "CONFIG_INTEL_TXT=y" /boot/config-${version} 2> /dev/null ; then echo -n "$i " ; fi +@@ -219,7 +228,9 @@ + "initrd.img-${alt_version}" "initrd-${alt_version}.img" \ + "initrd-${alt_version}" "initramfs-${alt_version}.img" \ + "initramfs-genkernel-${version}" \ +- "initramfs-genkernel-${alt_version}"; do ++ "initramfs-genkernel-${alt_version}" \ ++ "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ ++ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do + if test -e "${dirname}/${i}" ; then + initrd="$i" + break +diff -r 9998b2fb83fd tboot/20_linux_xen_tboot +--- a/tboot/20_linux_xen_tboot Wed Apr 10 11:47:06 2019 +0200 ++++ b/tboot/20_linux_xen_tboot Tue Jul 23 22:42:00 2019 -0500 +@@ -167,6 +167,15 @@ + EOF + } + ++machine=`uname -m` ++case "$machine" in ++ i?86) GENKERNEL_ARCH="x86" ;; ++ mips|mips64) GENKERNEL_ARCH="mips" ;; ++ mipsel|mips64el) GENKERNEL_ARCH="mipsel" ;; ++ arm*) GENKERNEL_ARCH="arm" ;; ++ *) GENKERNEL_ARCH="$machine" ;; ++esac ++ + linux_list=`for i in /boot/vmlinu[xz]-* /vmlinu[xz]-* /boot/kernel-*; do + if grub_file_is_not_garbage "$i"; then + basename=$(basename $i) +@@ -234,7 +243,9 @@ + "initrd-${version}" "initrd.img-${alt_version}" \ + "initrd-${alt_version}.img" "initrd-${alt_version}" \ + "initramfs-genkernel-${version}" \ +- "initramfs-genkernel-${alt_version}" ; do ++ "initramfs-genkernel-${alt_version}" \ ++ "initramfs-genkernel-${GENKERNEL_ARCH}-${version}" \ ++ "initramfs-genkernel-${GENKERNEL_ARCH}-${alt_version}"; do + if test -e "${dirname}/${i}" ; then + initrd="$i" + break diff --git a/sys-boot/tboot/tboot-1.9.11.ebuild b/sys-boot/tboot/tboot-1.9.11.ebuild new file mode 100644 index 00000000000..4778e6215bb --- /dev/null +++ b/sys-boot/tboot/tboot-1.9.11.ebuild @@ -0,0 +1,68 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit flag-o-matic mount-boot + +DESCRIPTION="Performs a measured and verified boot using Intel Trusted Execution Technology" +HOMEPAGE="https://sourceforge.net/projects/tboot/" +SRC_URI="mirror://sourceforge/${PN}/${P}.tar.gz" + +LICENSE="BSD" +SLOT="0" +KEYWORDS="-* ~amd64 ~x86" +IUSE="custom-cflags libressl selinux" + +# requires patching the kernel src +RESTRICT="test" + +DEPEND="app-crypt/trousers +app-crypt/tpm-tools +!libressl? ( dev-libs/openssl:0=[-bindist] ) +libressl? ( dev-libs/libressl:0= )" + +RDEPEND="${DEPEND} +sys-boot/grub:2 +selinux? ( sec-policy/selinux-tboot )" + +DOCS=( README COPYING CHANGELOG ) +PATCHES=( "${FILESDIR}/${PN}-1.9.11-genkernel-path.patch" ) + +src_prepare() { + sed -i 's/ -Werror//g' Config.mk || die + sed -i 's/^INSTALL_STRIP = -s$//' Config.mk || die # QA Errors + + default +} + +src_compile() { + use custom-cflags && export TBOOT_CFLAGS=${CFLAGS} || unset CCASFLAGS CFLAGS CPPFLAGS LDFLAGS + + if use amd64; then + export MAKEARGS="TARGET_ARCH=x86_64" + else + export MAKEARGS="TARGET_ARCH=i686" + fi + + default +} + +src_install() { + emake DISTDIR="${D}" install + + dodoc "${DOCS[@]}" + dodoc docs/*.txt lcptools/*.pdf || die "docs failed" + + cd "${D}" + mkdir -p usr/lib/tboot/ || die + mv boot usr/lib/tboot/ || die +} + +pkg_postinst() { + cp "${ROOT}/usr/lib/tboot/boot/*" "${ROOT}/boot/" || die + + ewarn "Please remember to download the SINIT AC Module relevant" + ewarn "for your platform from:" + ewarn "http://software.intel.com/en-us/articles/intel-trusted-execution-technology/" +}