Re: [PR PATCH] [Updated] sbctl: update to 0.11, patch, add kernel hook

Github messages for voidlinux
 help / color / mirror / Atom feed

From: dkwo <dkwo@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: [PR PATCH] [Updated] sbctl: update to 0.11, patch, add kernel hook
Date: Sat, 23 Sep 2023 16:59:05 +0200	[thread overview]
Message-ID: <20230923145905.Wb44MmXY6qLz0A5Xngi2bOIr4bgD_nZNeDt7QkWejWs@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-46165@inbox.vuxu.org>

[-- Attachment #1: Type: text/plain, Size: 524 bytes --]

There is an updated pull request by dkwo against master on the void-packages repository

https://github.com/dkwo/void-packages sbctl
https://github.com/void-linux/void-packages/pull/46165

sbctl: update to 0.11, patch, add kernel hook
- I tested the changes in this PR: yes
- I built this PR locally for my native architecture, (x86_64-glibc)

the patch fixes https://github.com/Foxboron/sbctl/issues/102
cc maintainer @ericonr 

A patch file from https://github.com/void-linux/void-packages/pull/46165.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sbctl-46165.patch --]
[-- Type: text/x-diff, Size: 3461 bytes --]

From 3e35956e17693349659d4ae3646e97c2b92c55b6 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Sun, 17 Sep 2023 09:43:11 -0400
Subject: [PATCH] sbctl: update to 0.11, patch, add kernel hook

---
 srcpkgs/sbctl/files/kernel-hook-postinst | 17 +++++++++++++++++
 srcpkgs/sbctl/files/kernel-hook.confd    |  3 +++
 srcpkgs/sbctl/patches/keyusage.patch     | 17 +++++++++++++++++
 srcpkgs/sbctl/template                   |  8 +++++---
 4 files changed, 42 insertions(+), 3 deletions(-)
 create mode 100644 srcpkgs/sbctl/files/kernel-hook-postinst
 create mode 100644 srcpkgs/sbctl/files/kernel-hook.confd
 create mode 100644 srcpkgs/sbctl/patches/keyusage.patch

diff --git a/srcpkgs/sbctl/files/kernel-hook-postinst b/srcpkgs/sbctl/files/kernel-hook-postinst
new file mode 100644
index 0000000000000..c49ece0d0bedb
--- /dev/null
+++ b/srcpkgs/sbctl/files/kernel-hook-postinst
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# Kernel post-install hook for sbctl.
+#
+# Arguments passed to this script: $1 pkgname, $2 version.
+#
+
+[ -x usr/bin/sbctl ] || exit 0
+
+PKGNAME="$1"
+VERSION="$2"
+
+. "${ROOTDIR}/etc/default/sbctl-kernel-hook"
+
+[ -z "${SBCTL_SIGN_KERNEL}" ] && exit 0
+[ -e "boot/vmlinuz-${VERSION}" ] && usr/bin/sbctl sign -s boot/vmlinuz-${VERSION}
+[ -e "boot/vmlinux-${VERSION}" ] && usr/bin/sbctl sign -s boot/vmlinux-${VERSION}
diff --git a/srcpkgs/sbctl/files/kernel-hook.confd b/srcpkgs/sbctl/files/kernel-hook.confd
new file mode 100644
index 0000000000000..59a52c91c7de2
--- /dev/null
+++ b/srcpkgs/sbctl/files/kernel-hook.confd
@@ -0,0 +1,3 @@
+# Options for the kernel hook script installed by the sbctl package.
+# SBCTL_SIGN_KERNEL=yes
+# To let sbctl sign new kernel images, set it to 'yes'
diff --git a/srcpkgs/sbctl/patches/keyusage.patch b/srcpkgs/sbctl/patches/keyusage.patch
new file mode 100644
index 0000000000000..cf2d33ef91205
--- /dev/null
+++ b/srcpkgs/sbctl/patches/keyusage.patch
@@ -0,0 +1,17 @@
+omit the keyUsage bitfield, so that the certificate is accepted by the
+firmware of certain thinkpad laptops
+
+fixes https://github.com/Foxboron/sbctl/issues/102
+
+diff --git a/keys.go b/keys.go
+index ffc7858..61c2db6 100644
+--- a/keys.go
++++ b/keys.go
+@@ -58,7 +58,6 @@
+ 		SignatureAlgorithm: x509.SHA256WithRSA,
+ 		NotBefore:          time.Now(),
+ 		NotAfter:           time.Now().AddDate(5, 0, 0),
+-		KeyUsage:           x509.KeyUsageDigitalSignature,
+ 		Subject: pkix.Name{
+ 			Country:    []string{name},
+ 			CommonName: name,
diff --git a/srcpkgs/sbctl/template b/srcpkgs/sbctl/template
index 5d181cd62da0d..5fdc4210ffe3b 100644
--- a/srcpkgs/sbctl/template
+++ b/srcpkgs/sbctl/template
@@ -1,7 +1,7 @@
 # Template file for 'sbctl'
 pkgname=sbctl
-version=0.10
-revision=3
+version=0.11
+revision=1
 build_style=go
 go_import_path="github.com/foxboron/sbctl"
 hostmakedepends="asciidoc"
@@ -10,7 +10,7 @@ maintainer="Érico Nogueira <ericonr@disroot.org>"
 license="MIT"
 homepage="https://github.com/Foxboron/sbctl"
 distfiles="https://github.com/Foxboron/sbctl/archive/${version}.tar.gz"
-checksum=22c394e1ae3f80eafe85e331ca4499d2df28bebcc4421c0af89241b897a17774
+checksum=9709c912ac38cac6afbf024588ca1b341c1a9b5a29c4c575d2863fe2ad5aed75
 
 do_build() {
 	make
@@ -23,4 +23,6 @@ do_install() {
 
 post_install() {
 	vlicense LICENSE
+	vinstall ${FILESDIR}/kernel-hook-postinst 744 etc/kernel.d/post-install 40-sbctl
+	vinstall ${FILESDIR}/kernel-hook.confd 644 etc/default sbctl-kernel-hook
 }

next prev parent reply	other threads:[~2023-09-23 14:59 UTC|newest]

Thread overview: 53+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-09-20 20:39 [PR PATCH] " dkwo
2023-09-20 22:27 ` Duncaen
2023-09-20 22:27 ` Duncaen
2023-09-20 22:28 ` Duncaen
2023-09-21 15:59 ` dkwo
2023-09-21 16:09 ` Duncaen
2023-09-21 18:11 ` [PR PATCH] [Updated] " dkwo
2023-09-21 18:12 ` dkwo
2023-09-21 18:16 ` Duncaen
2023-09-21 18:22 ` Duncaen
2023-09-21 18:22 ` Duncaen
2023-09-21 18:22 ` Duncaen
2023-09-21 18:23 ` Duncaen
2023-09-21 18:24 ` Duncaen
2023-09-21 20:09 ` [PR PATCH] [Updated] " dkwo
2023-09-21 20:09 ` dkwo
2023-09-23 13:06 ` [PR REVIEW] " classabbyamp
2023-09-23 14:59 ` dkwo [this message]
2023-09-23 15:00 ` dkwo
2023-09-23 20:59 ` [PR PATCH] [Updated] " dkwo
2023-09-23 21:00 ` dkwo
2023-10-11 18:48 ` dkwo
2023-10-26 22:08 ` [PR PATCH] [Updated] " dkwo
2023-10-26 22:13 ` dkwo
2023-10-27 19:50 ` [PR PATCH] [Updated] " dkwo
2023-10-27 20:22 ` dkwo
2023-10-27 20:25 ` sbctl: update to 0.12, " dkwo
2023-10-27 20:25 ` dkwo
2023-11-02 14:54 ` dkwo
2023-12-21  9:13 ` [PR PATCH] [Updated] " dkwo
2023-12-27 16:18 ` dkwo
2023-12-27 18:41 ` dkwo
2024-01-07 14:17 ` [PR PATCH] [Updated] sbctl: update, " dkwo
2024-01-16 17:03 ` dkwo
2024-01-16 22:41 ` dkwo
2024-01-16 22:42 ` [PR PATCH] [Updated] " dkwo
2024-01-25 19:38 ` dkwo
2024-01-25 19:40 ` dkwo
2024-01-25 19:42 ` [PR PATCH] [Updated] " dkwo
2024-01-25 19:46 ` dkwo
2024-01-30 22:51 ` dkwo
2024-02-01  0:42 ` Duncaen
2024-02-01  0:43 ` Duncaen
2024-02-01  0:43 ` Duncaen
2024-02-01 16:06 ` dkwo
2024-02-01 17:27 ` Duncaen
2024-02-02 22:36 ` [PR PATCH] [Updated] " dkwo
2024-02-02 22:40 ` dkwo
2024-02-02 22:40 ` dkwo
2024-04-17 19:53 ` [PR PATCH] [Updated] " dkwo
2024-04-17 19:58 ` dkwo
2024-05-11 20:18 ` [PR PATCH] [Updated] sbctl: update dkwo
2024-05-11 21:55 ` dkwo

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230923145905.Wb44MmXY6qLz0A5Xngi2bOIr4bgD_nZNeDt7QkWejWs@z \
    --to=dkwo@users.noreply.github.com \
    --cc=ml@inbox.vuxu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).