[gentoo-commits] repo/gentoo:master commit in: app-crypt/yubihsm-shell/files/, app-crypt/yubihsm-shell/

[gentoo-commits] repo/gentoo:master commit in: app-crypt/yubihsm-shell/files/, app-crypt/yubihsm-shell/

[Sam James]

commit:     8f5b54c8a93ddcfda53a4275acf577ec228eb0a2
Author:     Sam James <sam <AT> gentoo <DOT> org>
AuthorDate: Thu May  1 03:58:38 2025 +0000
Commit:     Sam James <sam <AT> gentoo <DOT> org>
CommitDate: Thu May  1 04:00:00 2025 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8f5b54c8

app-crypt/yubihsm-shell: add 2.6.0

Bug: https://bugs.gentoo.org/955141
Closes: https://bugs.gentoo.org/946066
Signed-off-by: Sam James <sam <AT> gentoo.org>

 app-crypt/yubihsm-shell/Manifest                   |  1 +
 .../yubihsm-shell-2.6.0-pcsc-lite-pkgconfig.patch  | 40 ++++++++++++++++++++
 ...hell-2.6.0-remove-hardcoded-compiler-opts.patch | 14 +++++++
 app-crypt/yubihsm-shell/yubihsm-shell-2.6.0.ebuild | 43 ++++++++++++++++++++++
 4 files changed, 98 insertions(+)

diff --git a/app-crypt/yubihsm-shell/Manifest b/app-crypt/yubihsm-shell/Manifest
index 06ca5892b1cc..de17eb2b5059 100644
--- a/app-crypt/yubihsm-shell/Manifest
+++ b/app-crypt/yubihsm-shell/Manifest
@@ -1 +1,2 @@
 DIST yubihsm-shell-2.4.0.tar.gz 334956 BLAKE2B 93a86baa1e463aa5200e31e9cc657642f37e05ec6e9897bb35f0b518df83b38c69e365766170d76aeeae6da357f3c2fce736c03665861c7ed4f2b56805a7eb3a SHA512 2b08e6e8932ff3bc12d1233d88147264a9875ce145290e29fb6b8f25eeb8e502afff9e7d02714a50454b85b0f01b09c0321d830a483d6b4f7afb962adce882d5
+DIST yubihsm-shell-2.6.0.tar.gz 426458 BLAKE2B f36a44c054fc30b548a71fc50e4fe3c59fac297d747c52b31997034b538208fc128ae1ec57a2976de247302710b44ad1f3eba518be268e5996d4c3e33069c6d8 SHA512 04335fffa110fe43df2f1e46231e0ca7fcfe4f6a7305f8630dd346f7ed5d6d57bab53f6c268010bf7358729a429b05c52ffd273fe021cf60cfe97a6941ab0f56

diff --git a/app-crypt/yubihsm-shell/files/yubihsm-shell-2.6.0-pcsc-lite-pkgconfig.patch b/app-crypt/yubihsm-shell/files/yubihsm-shell-2.6.0-pcsc-lite-pkgconfig.patch
new file mode 100644
index 000000000000..1c473d2942a4
--- /dev/null
+++ b/app-crypt/yubihsm-shell/files/yubihsm-shell-2.6.0-pcsc-lite-pkgconfig.patch
@@ -0,0 +1,40 @@
+https://bugs.gentoo.org/946066
+https://github.com/Yubico/yubihsm-shell/issues/404
+https://github.com/Yubico/yubihsm-shell/pull/411
+
+From 440ba3ad140732ab51bc2df56ae0c82684d02922 Mon Sep 17 00:00:00 2001
+From: Jakub Jelen <jjelen@redhat.com>
+Date: Tue, 30 Jul 2024 10:18:02 +0200
+Subject: [PATCH] cmake: Fix build against pcsc-lite >= 2.2
+
+The pcsc-lite 2.2.0 switched from autotools to meson and reworked the
+pkgconfig files. The new pkg config provides CFLAGS that work ok, but
+the yubihsm-shell ignores them and hopes that all included files are in
+the default include directory (with the PCSC prefix).
+
+Note, the value ${LIBPCSC_CFLAGS} is a semicolon separated list which
+we need to split to separate items here.
+
+This solution works with both old and new versions.
+
+Fixes: #404
+
+Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+---
+ CMakeLists.txt | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/CMakeLists.txt b/CMakeLists.txt
+index acbb3926..ecf3df85 100644
+--- a/CMakeLists.txt
++++ b/CMakeLists.txt
+@@ -194,6 +194,8 @@ if(NOT BUILD_ONLY_LIB)
+ 
+   if(${CMAKE_SYSTEM_NAME} MATCHES "Linux")
+     pkg_search_module (LIBPCSC REQUIRED libpcsclite)
++    string (REPLACE ";" " " MY_LIBPCSC_CFLAGS "${LIBPCSC_CFLAGS}")
++    string (APPEND CMAKE_C_FLAGS " ${MY_LIBPCSC_CFLAGS}")
+   elseif(${CMAKE_SYSTEM_NAME} MATCHES "Windows")
+     set (LIBPCSC_LDFLAGS "winscard.lib")
+   elseif(${CMAKE_SYSTEM_NAME} MATCHES "Darwin")
+

diff --git a/app-crypt/yubihsm-shell/files/yubihsm-shell-2.6.0-remove-hardcoded-compiler-opts.patch b/app-crypt/yubihsm-shell/files/yubihsm-shell-2.6.0-remove-hardcoded-compiler-opts.patch
new file mode 100644
index 000000000000..12f7115499b5
--- /dev/null
+++ b/app-crypt/yubihsm-shell/files/yubihsm-shell-2.6.0-remove-hardcoded-compiler-opts.patch
@@ -0,0 +1,14 @@
+We don't want -Werror or other stuff forced on us and our toolchain already
+defaults to various hardening options.
+--- a/cmake/SecurityFlags.cmake
++++ b/cmake/SecurityFlags.cmake
+@@ -1,8 +1,6 @@
+ include(CheckCCompilerFlag)
+ 
+-if (CMAKE_C_COMPILER_ID STREQUAL "Clang" OR
+-    CMAKE_C_COMPILER_ID STREQUAL "AppleClang" OR
+-    CMAKE_C_COMPILER_ID STREQUAL "GNU")
++if (FALSE)
+ 
+     add_compile_options (-Wall -Wextra -Werror)
+     add_compile_options (-Wformat -Wformat-nonliteral -Wformat-security)

diff --git a/app-crypt/yubihsm-shell/yubihsm-shell-2.6.0.ebuild b/app-crypt/yubihsm-shell/yubihsm-shell-2.6.0.ebuild
new file mode 100644
index 000000000000..e3ab00ef57ef
--- /dev/null
+++ b/app-crypt/yubihsm-shell/yubihsm-shell-2.6.0.ebuild
@@ -0,0 +1,43 @@
+# Copyright 2023-2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit cmake
+
+DESCRIPTION="Components used to interact with the YubiHSM 2"
+HOMEPAGE="https://developers.yubico.com/yubihsm-shell/"
+SRC_URI="https://developers.yubico.com/${PN}/Releases/${P}.tar.gz"
+
+LICENSE="Apache-2.0"
+SLOT="0"
+KEYWORDS="~amd64"
+RESTRICT="test"
+
+DEPEND="
+	dev-libs/openssl:=
+	net-misc/curl
+	dev-libs/libedit
+	sys-apps/pcsc-lite
+	virtual/libusb:1
+"
+RDEPEND="${DEPEND}"
+BDEPEND="
+	dev-util/gengetopt
+	sys-apps/help2man
+	virtual/pkgconfig
+"
+
+PATCHES=(
+	"${FILESDIR}"/${PN}-2.6.0-pcsc-lite-pkgconfig.patch
+	"${FILESDIR}"/${PN}-2.6.0-remove-hardcoded-compiler-opts.patch
+)
+
+src_configure() {
+	local mycmakeargs=(
+		# Allow users to set this, don't force it.
+		-DDISABLE_LTO=ON
+	)
+
+	cmake_src_configure
+}