From 2c4a4c02a893a9984210e62ea9d461582e858a4c Mon Sep 17 00:00:00 2001
From: Doan Tran Cong Danh <congdanhqx@gmail.com>
Date: Wed, 17 Apr 2019 07:54:20 +0700
Subject: [PATCH] New package: efitools-1.9.2

closes #11057
---
 srcpkgs/efitools-efi                          |  1 +
 .../patches/libressl-compatibility.patch      | 11 +++
 .../makefile-enable-harden-local-files.patch  | 45 +++++++++++
 .../makefile-keep-freestanding-flag.patch     | 81 +++++++++++++++++++
 ...le-remove-useless-problematic-target.patch | 32 ++++++++
 srcpkgs/efitools/template                     | 43 ++++++++++
 6 files changed, 213 insertions(+)
 create mode 120000 srcpkgs/efitools-efi
 create mode 100644 srcpkgs/efitools/patches/libressl-compatibility.patch
 create mode 100644 srcpkgs/efitools/patches/makefile-enable-harden-local-files.patch
 create mode 100644 srcpkgs/efitools/patches/makefile-keep-freestanding-flag.patch
 create mode 100644 srcpkgs/efitools/patches/makefile-remove-useless-problematic-target.patch
 create mode 100644 srcpkgs/efitools/template

diff --git a/srcpkgs/efitools-efi b/srcpkgs/efitools-efi
new file mode 120000
index 0000000000..08eba12452
--- /dev/null
+++ b/srcpkgs/efitools-efi
@@ -0,0 +1 @@
+efitools
\ No newline at end of file
diff --git a/srcpkgs/efitools/patches/libressl-compatibility.patch b/srcpkgs/efitools/patches/libressl-compatibility.patch
new file mode 100644
index 0000000000..876baae16f
--- /dev/null
+++ b/srcpkgs/efitools/patches/libressl-compatibility.patch
@@ -0,0 +1,11 @@
+--- a/cert-to-efi-hash-list.c	2018-04-21 20:59:24.814748503 +0200
++++ b/cert-to-efi-hash-list.c	2018-04-21 20:59:51.868581307 +0200
+@@ -135,7 +135,7 @@
+         X509 *cert = PEM_read_bio_X509(cert_bio, NULL, NULL, NULL);
+ 	unsigned char *cert_buf = NULL;
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x10100000L
++#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+ 	int cert_len = i2d_X509_CINF(cert->cert_info, &cert_buf);
+ #else
+ 	int cert_len = i2d_re_X509_tbs(cert, &cert_buf);
diff --git a/srcpkgs/efitools/patches/makefile-enable-harden-local-files.patch b/srcpkgs/efitools/patches/makefile-enable-harden-local-files.patch
new file mode 100644
index 0000000000..a0d7571301
--- /dev/null
+++ b/srcpkgs/efitools/patches/makefile-enable-harden-local-files.patch
@@ -0,0 +1,45 @@
+diff --git a/Makefile b/Makefile
+index 30e236b..31004a6 100644
+--- a/Makefile
++++ b/Makefile
+@@ -82,31 +82,31 @@ HelloWorld.so: lib/lib-efi.a
+ ShimReplace.so: lib/lib-efi.a
+ 
+ cert-to-efi-sig-list: cert-to-efi-sig-list.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
++	$(CC) $(ARCH3264) -o $@ $< $(CFLAGS) $(LDFLAGS) lib/lib.a -lcrypto
+ 
+ sig-list-to-certs: sig-list-to-certs.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
++	$(CC) $(ARCH3264) -o $@ $< $(CFLAGS) $(LDFLAGS) lib/lib.a -lcrypto
+ 
+ sign-efi-sig-list: sign-efi-sig-list.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
++	$(CC) $(ARCH3264) -o $@ $< $(CFLAGS) $(LDFLAGS) lib/lib.a -lcrypto
+ 
+ hash-to-efi-sig-list: hash-to-efi-sig-list.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a
++	$(CC) $(ARCH3264) -o $@ $< $(CFLAGS) $(LDFLAGS) lib/lib.a
+ 
+ cert-to-efi-hash-list: cert-to-efi-hash-list.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
++	$(CC) $(ARCH3264) -o $@ $< $(CFLAGS) $(LDFLAGS) lib/lib.a -lcrypto
+ 
+ efi-keytool: efi-keytool.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a
++	$(CC) $(ARCH3264) -o $@ $< $(CFLAGS) $(LDFLAGS) lib/lib.a
+ 
+ efi-readvar: efi-readvar.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
++	$(CC) $(ARCH3264) -o $@ $< $(CFLAGS) $(LDFLAGS) lib/lib.a -lcrypto
+ 
+ efi-updatevar: efi-updatevar.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a -lcrypto
++	$(CC) $(ARCH3264) -o $@ $< $(CFLAGS) $(LDFLAGS) lib/lib.a -lcrypto
+ 
+ flash-var: flash-var.o lib/lib.a
+-	$(CC) $(ARCH3264) -o $@ $< lib/lib.a
++	$(CC) $(ARCH3264) -o $@ $< $(CFLAGS) $(LDFLAGS) lib/lib.a
+ 
+ clean:
+ 	rm -f PK.* KEK.* DB.* $(EFIFILES) $(EFISIGNED) $(BINARIES) *.o *.so
diff --git a/srcpkgs/efitools/patches/makefile-keep-freestanding-flag.patch b/srcpkgs/efitools/patches/makefile-keep-freestanding-flag.patch
new file mode 100644
index 0000000000..66ebb30bb9
--- /dev/null
+++ b/srcpkgs/efitools/patches/makefile-keep-freestanding-flag.patch
@@ -0,0 +1,81 @@
+diff --git a/Make.rules b/Make.rules
+index 489ad8c..ac46165 100644
+--- a/Make.rules
++++ b/Make.rules
+@@ -14,9 +14,9 @@ else
+ $(error unknown architecture $(ARCH))
+ endif
+ INCDIR	   = -I$(TOPDIR)include/ -I/usr/include/efi -I/usr/include/efi/$(ARCH) -I/usr/include/efi/protocol
+-CPPFLAGS   = -DCONFIG_$(ARCH)
+-CFLAGS	   = -O2 -g $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check
+-LDFLAGS	   = -nostdlib
++EFI_CPPFLAGS   = -DCONFIG_$(ARCH)
++EFI_CFLAGS	   = -O2 -g $(ARCH3264) -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -fno-stack-protector -ffreestanding -fno-stack-check
++EFI_LDFLAGS	   = -nostdlib
+ CRTOBJ		= crt0-efi-$(ARCH).o
+ CRTPATHS	= /lib /lib64 /lib/efi /lib64/efi /usr/lib /usr/lib64 /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi
+ CRTPATH		= $(shell for f in $(CRTPATHS); do if [ -e $$f/$(CRTOBJ) ]; then echo $$f; break; fi; done)
+@@ -24,7 +24,7 @@ CRTOBJS		= $(CRTPATH)/$(CRTOBJ)
+ # there's a bug in the gnu tools ... the .reloc section has to be
+ # aligned otherwise the file alignment gets screwed up
+ LDSCRIPT	= elf_$(ARCH)_efi.lds
+-LDFLAGS		+= -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -L /usr/lib -L /usr/lib64 -T $(LDSCRIPT)
++EFI_LDFLAGS		+= -shared -Bsymbolic $(CRTOBJS) -L $(CRTPATH) -L /usr/lib -L /usr/lib64 -T $(LDSCRIPT)
+ LOADLIBES	= -lefi -lgnuefi $(shell $(CC) $(ARCH3264) -print-libgcc-file-name)
+ FORMAT		= --target=efi-app-$(ARCH)
+ OBJCOPY		= objcopy
+@@ -36,23 +36,23 @@ EFIDIR		= $(DESTDIR)/usr/share/efitools/efi
+ DOCDIR		= $(DESTDIR)/usr/share/efitools
+ 
+ # globally use EFI calling conventions (requires gcc >= 4.7)
+-CFLAGS += -DGNU_EFI_USE_MS_ABI
++EFI_CFLAGS += -DGNU_EFI_USE_MS_ABI
+ 
+ ifeq ($(ARCH),x86_64)
+-  CFLAGS += -DEFI_FUNCTION_WRAPPER -mno-red-zone
++  EFI_CFLAGS += -DEFI_FUNCTION_WRAPPER -mno-red-zone
+ endif
+ 
+ ifeq ($(ARCH),ia32)
+-  CFLAGS += -mno-red-zone
++  EFI_CFLAGS += -mno-red-zone
+ endif
+ 
+ ifeq ($(ARCH),arm)
+-  LDFLAGS += --defsym=EFI_SUBSYSTEM=0x0a
++  EFI_LDFLAGS += --defsym=EFI_SUBSYSTEM=0x0a
+   FORMAT = -O binary
+ endif
+ 
+ ifeq ($(ARCH),aarch64)
+-  LDFLAGS += --defsym=EFI_SUBSYSTEM=0x0a
++  EFI_LDFLAGS += --defsym=EFI_SUBSYSTEM=0x0a
+   FORMAT = -O binary
+ endif
+ 
+@@ -61,7 +61,7 @@ endif
+ 		   -j .rel -j .rela -j .rel.* -j .rela.* -j .rel* -j .rela* \
+ 		   -j .reloc $(FORMAT) $*.so $@
+ %.so: %.o
+-	$(LD) $(LDFLAGS) $^ -o $@ $(LOADLIBES)
++	$(LD) $(EFI_LDFLAGS) $^ -o $@ $(LOADLIBES)
+ 	# check we have no undefined symbols
+ 	nm -D $@ | grep ' U ' && exit 1 || exit 0
+ 
+@@ -99,13 +99,13 @@ getvar = $(shell if [ "$(1)" = "PK" -o "$(1)" = "KEK" ]; then echo $(1); else ec
+ 	./sign-efi-sig-list -a -c PK.crt -k PK.key dbx $< $@
+ 
+ %.o: %.c
+-	$(CC) $(INCDIR) $(CFLAGS) $(CPPFLAGS) -c $< -o $@
++	$(CC) $(INCDIR) $(EFI_CFLAGS) $(EFI_CPPFLAGS) -c $< -o $@
+ 
+ %.efi.o: %.c
+-	$(CC) $(INCDIR) $(CFLAGS) $(CPPFLAGS) -fno-toplevel-reorder -DBUILD_EFI -c $< -o $@
++	$(CC) $(INCDIR) $(EFI_CFLAGS) $(EFI_CPPFLAGS) -fno-toplevel-reorder -DBUILD_EFI -c $< -o $@
+ 
+ %.efi.s: %.c
+-	$(CC) -S $(INCDIR) $(CFLAGS) $(CPPFLAGS) -fno-toplevel-reorder -DBUILD_EFI -c $< -o $@
++	$(CC) -S $(INCDIR) $(EFI_CFLAGS) $(EFI_CPPFLAGS) -fno-toplevel-reorder -DBUILD_EFI -c $< -o $@
+ 
+ %.crt:
+ 	openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$*/" -keyout $*.key -out $@ -days 3650 -nodes -sha256
diff --git a/srcpkgs/efitools/patches/makefile-remove-useless-problematic-target.patch b/srcpkgs/efitools/patches/makefile-remove-useless-problematic-target.patch
new file mode 100644
index 0000000000..a960654dd9
--- /dev/null
+++ b/srcpkgs/efitools/patches/makefile-remove-useless-problematic-target.patch
@@ -0,0 +1,32 @@
+diff --git a/Makefile b/Makefile
+index 7d471da..30e236b 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,4 +1,4 @@
+-EFIFILES = HelloWorld.efi LockDown.efi Loader.efi ReadVars.efi UpdateVars.efi \
++EFIFILES = HelloWorld.efi Loader.efi ReadVars.efi UpdateVars.efi \
+ 	KeyTool.efi HashTool.efi SetNull.efi ShimReplace.efi
+ BINARIES = cert-to-efi-sig-list sig-list-to-certs sign-efi-sig-list \
+ 	hash-to-efi-sig-list efi-readvar efi-updatevar cert-to-efi-hash-list \
+@@ -27,20 +27,14 @@ include Make.rules
+ 
+ EFISIGNED = $(patsubst %.efi,%-signed.efi,$(EFIFILES))
+ 
+-all: $(EFISIGNED) $(BINARIES) $(MANPAGES) noPK.auth $(KEYAUTH) \
+-	$(KEYUPDATEAUTH) $(KEYBLACKLISTAUTH) $(KEYHASHBLACKLISTAUTH)
+-
++all: $(EFIFILES) $(BINARIES)
+ 
+ install: all
+-	$(INSTALL) -m 755 -d $(MANDIR)
+-	$(INSTALL) -m 644 $(MANPAGES) $(MANDIR)
+ 	$(INSTALL) -m 755 -d $(EFIDIR)
+ 	$(INSTALL) -m 755 $(EFIFILES) $(EFIDIR)
+ 	$(INSTALL) -m 755 -d $(BINDIR)
+ 	$(INSTALL) -m 755 $(BINARIES) $(BINDIR)
+ 	$(INSTALL) -m 755 mkusb.sh $(BINDIR)/efitool-mkusb
+-	$(INSTALL) -m 755 -d $(DOCDIR)
+-	$(INSTALL) -m 644 README COPYING $(DOCDIR)
+ 
+ lib/lib.a lib/lib-efi.a: FORCE
+ 	$(MAKE) -C lib $(notdir $@)
diff --git a/srcpkgs/efitools/template b/srcpkgs/efitools/template
new file mode 100644
index 0000000000..5979cc6595
--- /dev/null
+++ b/srcpkgs/efitools/template
@@ -0,0 +1,43 @@
+# Template file for 'efitools'
+pkgname=efitools
+version=1.9.2
+revision=1
+build_style=gnu-makefile
+hostmakedepends="perl-File-Slurp"
+makedepends="gnu-efi-libs libressl-devel"
+short_desc="Tools to manipulate EFI secure boot platforms"
+maintainer="Doan Tran Cong Danh <congdanhqx@gmail.com>"
+license="GPL-2.0-only"
+homepage="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git"
+distfiles="https://git.kernel.org/pub/scm/linux/kernel/git/jejb/efitools.git/snapshot/${pkgname}-${version}.tar.gz"
+checksum=0f315b36e7d1ba74bfc97ab9f304f0a3072c47578bbe5e42594acae381f9acfe
+patch_args="-Nup1"
+
+post_patch() {
+	[ ! "$CROSS_BUILD" ] && return
+
+	case "${XBPS_TARGET_MACHINE}" in
+		arm*) _ARCH=arm ;;
+		i686*) _ARCH=ia32 ;;
+		*) _ARCH="${XBPS_TARGET_MACHINE%-musl}" ;;
+	esac
+	# 1: correct target arch
+	# 2,3,4: include and lib inside sysroot
+	# 5: use cross-objcopy
+	sed -i -e "/^ARCH[[:space:]]*=/s/=.*/=${_ARCH}/" \
+		-e "s,^\(CRTPATH.*=\).*,\1${XBPS_CROSS_BASE}/usr/lib," \
+		-e "/^INCDIR/s,I\(/usr/include\),I${XBPS_CROSS_BASE}\1,g" \
+		-e "s,-L /usr/lib,-L ${XBPS_CROSS_BASE}/usr/lib,g" \
+		-e "/^OBJCOPY/d" \
+		Make.rules
+}
+
+efitools-efi_package() {
+	short_desc+=" - bare metal tools"
+	nostrip=yes
+	noverifyrdeps=yes
+	noshlibprovides=yes
+	pkg_install() {
+		vmove usr/share/efitools
+	}
+}