From: dkwo <dkwo@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: [PR PATCH] [Updated] sbctl: update to 0.11, patch, add kernel hook
Date: Fri, 27 Oct 2023 00:08:51 +0200 [thread overview]
Message-ID: <20231026220851.GClPPDmpRDRyPEJ_1BnqQO27DPjaKRdlvtPaqSsEMIY@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-46165@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 524 bytes --]
There is an updated pull request by dkwo against master on the void-packages repository
https://github.com/dkwo/void-packages sbctl
https://github.com/void-linux/void-packages/pull/46165
sbctl: update to 0.11, patch, add kernel hook
- I tested the changes in this PR: yes
- I built this PR locally for my native architecture, (x86_64-glibc)
the patch fixes https://github.com/Foxboron/sbctl/issues/102
cc maintainer @ericonr
A patch file from https://github.com/void-linux/void-packages/pull/46165.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sbctl-46165.patch --]
[-- Type: text/x-diff, Size: 6506 bytes --]
From 8dc6327910cab4ffb7d516cabb680e51951e391b Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Sun, 17 Sep 2023 09:43:11 -0400
Subject: [PATCH 1/2] sbctl: update to 0.11, patch, add kernel hooks
---
srcpkgs/sbctl/files/kernel-hook-postinst | 17 +++++++++++++++++
srcpkgs/sbctl/files/kernel-hook-postrm | 17 +++++++++++++++++
srcpkgs/sbctl/files/kernel-hook.confd | 3 +++
srcpkgs/sbctl/patches/keyusage.patch | 17 +++++++++++++++++
srcpkgs/sbctl/template | 9 ++++++---
5 files changed, 60 insertions(+), 3 deletions(-)
create mode 100644 srcpkgs/sbctl/files/kernel-hook-postinst
create mode 100644 srcpkgs/sbctl/files/kernel-hook-postrm
create mode 100644 srcpkgs/sbctl/files/kernel-hook.confd
create mode 100644 srcpkgs/sbctl/patches/keyusage.patch
diff --git a/srcpkgs/sbctl/files/kernel-hook-postinst b/srcpkgs/sbctl/files/kernel-hook-postinst
new file mode 100644
index 0000000000000..c49ece0d0bedb
--- /dev/null
+++ b/srcpkgs/sbctl/files/kernel-hook-postinst
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# Kernel post-install hook for sbctl.
+#
+# Arguments passed to this script: $1 pkgname, $2 version.
+#
+
+[ -x usr/bin/sbctl ] || exit 0
+
+PKGNAME="$1"
+VERSION="$2"
+
+. "${ROOTDIR}/etc/default/sbctl-kernel-hook"
+
+[ -z "${SBCTL_SIGN_KERNEL}" ] && exit 0
+[ -e "boot/vmlinuz-${VERSION}" ] && usr/bin/sbctl sign -s boot/vmlinuz-${VERSION}
+[ -e "boot/vmlinux-${VERSION}" ] && usr/bin/sbctl sign -s boot/vmlinux-${VERSION}
diff --git a/srcpkgs/sbctl/files/kernel-hook-postrm b/srcpkgs/sbctl/files/kernel-hook-postrm
new file mode 100644
index 0000000000000..2fe43327ef72f
--- /dev/null
+++ b/srcpkgs/sbctl/files/kernel-hook-postrm
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# Kernel post-remove hook for sbctl.
+#
+# Arguments passed to this script: $1 pkgname, $2 version.
+#
+
+[ -x usr/bin/sbctl ] || exit 0
+
+PKGNAME="$1"
+VERSION="$2"
+
+. "${ROOTDIR}/etc/default/sbctl-kernel-hook"
+
+[ -z "${SBCTL_SIGN_KERNEL}" ] && exit 0
+[ -e "boot/vmlinuz-${VERSION}" ] && usr/bin/sbctl rm boot/vmlinuz-${VERSION}
+[ -e "boot/vmlinux-${VERSION}" ] && usr/bin/sbctl rm boot/vmlinux-${VERSION}
diff --git a/srcpkgs/sbctl/files/kernel-hook.confd b/srcpkgs/sbctl/files/kernel-hook.confd
new file mode 100644
index 0000000000000..59a52c91c7de2
--- /dev/null
+++ b/srcpkgs/sbctl/files/kernel-hook.confd
@@ -0,0 +1,3 @@
+# Options for the kernel hook script installed by the sbctl package.
+# SBCTL_SIGN_KERNEL=yes
+# To let sbctl sign new kernel images, set it to 'yes'
diff --git a/srcpkgs/sbctl/patches/keyusage.patch b/srcpkgs/sbctl/patches/keyusage.patch
new file mode 100644
index 0000000000000..cf2d33ef91205
--- /dev/null
+++ b/srcpkgs/sbctl/patches/keyusage.patch
@@ -0,0 +1,17 @@
+omit the keyUsage bitfield, so that the certificate is accepted by the
+firmware of certain thinkpad laptops
+
+fixes https://github.com/Foxboron/sbctl/issues/102
+
+diff --git a/keys.go b/keys.go
+index ffc7858..61c2db6 100644
+--- a/keys.go
++++ b/keys.go
+@@ -58,7 +58,6 @@
+ SignatureAlgorithm: x509.SHA256WithRSA,
+ NotBefore: time.Now(),
+ NotAfter: time.Now().AddDate(5, 0, 0),
+- KeyUsage: x509.KeyUsageDigitalSignature,
+ Subject: pkix.Name{
+ Country: []string{name},
+ CommonName: name,
diff --git a/srcpkgs/sbctl/template b/srcpkgs/sbctl/template
index 5d181cd62da0d..ce09dbede1835 100644
--- a/srcpkgs/sbctl/template
+++ b/srcpkgs/sbctl/template
@@ -1,7 +1,7 @@
# Template file for 'sbctl'
pkgname=sbctl
-version=0.10
-revision=3
+version=0.11
+revision=1
build_style=go
go_import_path="github.com/foxboron/sbctl"
hostmakedepends="asciidoc"
@@ -10,7 +10,7 @@ maintainer="Érico Nogueira <ericonr@disroot.org>"
license="MIT"
homepage="https://github.com/Foxboron/sbctl"
distfiles="https://github.com/Foxboron/sbctl/archive/${version}.tar.gz"
-checksum=22c394e1ae3f80eafe85e331ca4499d2df28bebcc4421c0af89241b897a17774
+checksum=9709c912ac38cac6afbf024588ca1b341c1a9b5a29c4c575d2863fe2ad5aed75
do_build() {
make
@@ -23,4 +23,7 @@ do_install() {
post_install() {
vlicense LICENSE
+ vinstall ${FILESDIR}/kernel-hook-postinst 744 etc/kernel.d/post-install 40-sbctl
+ vinstall ${FILESDIR}/kernel-hook-postrm 744 etc/kernel.d/post-remove 40-sbctl
+ vinstall ${FILESDIR}/kernel-hook.confd 644 etc/default sbctl-kernel-hook
}
From 86f9c0d61218763cf61b8329d70e61e339cf4213 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Thu, 26 Oct 2023 18:06:12 -0400
Subject: [PATCH 2/2] sbctl: update to 0.12
---
srcpkgs/sbctl/template | 27 +++++++++++++++++++++------
1 file changed, 21 insertions(+), 6 deletions(-)
diff --git a/srcpkgs/sbctl/template b/srcpkgs/sbctl/template
index ce09dbede1835..1afb25512e35c 100644
--- a/srcpkgs/sbctl/template
+++ b/srcpkgs/sbctl/template
@@ -1,28 +1,43 @@
# Template file for 'sbctl'
pkgname=sbctl
-version=0.11
+version=0.12
revision=1
build_style=go
go_import_path="github.com/foxboron/sbctl"
+go_package="${go_import_path}/cmd/sbctl"
hostmakedepends="asciidoc"
short_desc="Secure Boot key manager"
maintainer="Érico Nogueira <ericonr@disroot.org>"
license="MIT"
homepage="https://github.com/Foxboron/sbctl"
distfiles="https://github.com/Foxboron/sbctl/archive/${version}.tar.gz"
-checksum=9709c912ac38cac6afbf024588ca1b341c1a9b5a29c4c575d2863fe2ad5aed75
+checksum=38f97a4e47e9ff4e175f444833c6877a26b6d78308916e704edee0f06b3057eb
do_build() {
- make
+ # want -buildmode=pie -trimpath
+ go install -p "$XBPS_MAKEJOBS" -mod="${go_mod_mode}" -modcacherw -buildmode=pie -trimpath -v -tags "${go_build_tags}" -ldflags "${go_ldflags}" ${go_package}
}
-do_install() {
- make install PREFIX=/usr DESTDIR=$DESTDIR
- # TODO: install completions, sbctl tries to run lsblk when generating them
+post_build() {
+ make man
+ # builds it again, to generate the completions
+ make completions
+}
+
+do_check() {
+ go test -v ./...
}
post_install() {
+ vcompletion contrib/completions/bash-completion/completions/sbctl bash
+ vcompletion contrib/completions/zsh/site-functions/_sbctl zsh
+ vcompletion contrib/completions/fish/vendor_completions.d/sbctl.fish fish
+
+ vinstall contrib/kernel-install/91-sbctl.install 755 usr/lib/kernel/install.d/91-sbctl.install
+
+ vman docs/sbctl.8
vlicense LICENSE
+
vinstall ${FILESDIR}/kernel-hook-postinst 744 etc/kernel.d/post-install 40-sbctl
vinstall ${FILESDIR}/kernel-hook-postrm 744 etc/kernel.d/post-remove 40-sbctl
vinstall ${FILESDIR}/kernel-hook.confd 644 etc/default sbctl-kernel-hook
next prev parent reply other threads:[~2023-10-26 22:08 UTC|newest]
Thread overview: 64+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-20 20:39 [PR PATCH] " dkwo
2023-09-20 22:27 ` Duncaen
2023-09-20 22:27 ` Duncaen
2023-09-20 22:28 ` Duncaen
2023-09-21 15:59 ` dkwo
2023-09-21 16:09 ` Duncaen
2023-09-21 18:11 ` [PR PATCH] [Updated] " dkwo
2023-09-21 18:12 ` dkwo
2023-09-21 18:16 ` Duncaen
2023-09-21 18:22 ` Duncaen
2023-09-21 18:22 ` Duncaen
2023-09-21 18:22 ` Duncaen
2023-09-21 18:23 ` Duncaen
2023-09-21 18:24 ` Duncaen
2023-09-21 20:09 ` [PR PATCH] [Updated] " dkwo
2023-09-21 20:09 ` dkwo
2023-09-23 13:06 ` [PR REVIEW] " classabbyamp
2023-09-23 14:59 ` [PR PATCH] [Updated] " dkwo
2023-09-23 15:00 ` [PR REVIEW] " dkwo
2023-09-23 20:59 ` [PR PATCH] [Updated] " dkwo
2023-09-23 21:00 ` dkwo
2023-10-11 18:48 ` dkwo
2023-10-26 22:08 ` dkwo [this message]
2023-10-26 22:13 ` dkwo
2023-10-27 19:50 ` [PR PATCH] [Updated] " dkwo
2023-10-27 20:22 ` dkwo
2023-10-27 20:25 ` sbctl: update to 0.12, " dkwo
2023-10-27 20:25 ` dkwo
2023-11-02 14:54 ` dkwo
2023-12-21 9:13 ` [PR PATCH] [Updated] " dkwo
2023-12-27 16:18 ` dkwo
2023-12-27 18:41 ` dkwo
2024-01-07 14:17 ` [PR PATCH] [Updated] sbctl: update, " dkwo
2024-01-16 17:03 ` dkwo
2024-01-16 22:41 ` dkwo
2024-01-16 22:42 ` [PR PATCH] [Updated] " dkwo
2024-01-25 19:38 ` dkwo
2024-01-25 19:40 ` dkwo
2024-01-25 19:42 ` [PR PATCH] [Updated] " dkwo
2024-01-25 19:46 ` dkwo
2024-01-30 22:51 ` dkwo
2024-02-01 0:42 ` Duncaen
2024-02-01 0:43 ` Duncaen
2024-02-01 0:43 ` Duncaen
2024-02-01 16:06 ` dkwo
2024-02-01 17:27 ` Duncaen
2024-02-02 22:36 ` [PR PATCH] [Updated] " dkwo
2024-02-02 22:40 ` dkwo
2024-02-02 22:40 ` dkwo
2024-04-17 19:53 ` [PR PATCH] [Updated] " dkwo
2024-04-17 19:58 ` dkwo
2024-05-11 20:18 ` [PR PATCH] [Updated] sbctl: update dkwo
2024-05-11 21:55 ` dkwo
2024-07-31 11:59 ` Calandracas606
2024-07-31 14:58 ` [PR PATCH] [Updated] " dkwo
2024-07-31 15:17 ` dkwo
2024-07-31 17:56 ` Foxboron
2024-08-01 9:32 ` [PR PATCH] [Updated] " dkwo
2024-08-01 9:35 ` dkwo
2024-08-05 8:17 ` dkwo
2024-08-07 3:49 ` classabbyamp
2024-08-07 8:59 ` [PR PATCH] [Updated] " dkwo
2024-08-07 9:08 ` dkwo
2024-08-07 10:20 ` [PR PATCH] [Merged]: " classabbyamp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20231026220851.GClPPDmpRDRyPEJ_1BnqQO27DPjaKRdlvtPaqSsEMIY@z \
--to=dkwo@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).