Re: [PR PATCH] [Updated] sbctl: update, add kernel hook

[dkwo <dkwo@users.noreply.github.com>]

[-- Attachment #1: Type: text/plain, Size: 509 bytes --]

There is an updated pull request by dkwo against master on the void-packages repository

https://github.com/dkwo/void-packages sbctl
https://github.com/void-linux/void-packages/pull/46165

sbctl: update, add kernel hook
- I tested the changes in this PR: yes
- I built this PR locally for my native architecture, (x86_64-glibc)

the patch fixes https://github.com/Foxboron/sbctl/issues/102
cc maintainer @ericonr 

A patch file from https://github.com/void-linux/void-packages/pull/46165.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-sbctl-46165.patch --]
[-- Type: text/x-diff, Size: 3241 bytes --]

From 38d745b89f772a48065c0f50bfcca96615a6b9d7 Mon Sep 17 00:00:00 2001
From: dkwo <nicolopiazzalunga@gmail.com>
Date: Sun, 17 Sep 2023 09:43:11 -0400
Subject: [PATCH] sbctl: run checks, add kernel hook, update to 0.13, change
 key loc

by default keys are at /usr/share/secureboot,
put them at /etc/secureboot instead via go_ldflag
---
 srcpkgs/sbctl/files/kernel-hook-postinst | 17 ++++++++++++++
 srcpkgs/sbctl/files/kernel-hook.confd    |  3 +++
 srcpkgs/sbctl/template                   | 30 ++++++++++++++++--------
 3 files changed, 40 insertions(+), 10 deletions(-)
 create mode 100644 srcpkgs/sbctl/files/kernel-hook-postinst
 create mode 100644 srcpkgs/sbctl/files/kernel-hook.confd

diff --git a/srcpkgs/sbctl/files/kernel-hook-postinst b/srcpkgs/sbctl/files/kernel-hook-postinst
new file mode 100644
index 0000000000000..c49ece0d0bedb
--- /dev/null
+++ b/srcpkgs/sbctl/files/kernel-hook-postinst
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# Kernel post-install hook for sbctl.
+#
+# Arguments passed to this script: $1 pkgname, $2 version.
+#
+
+[ -x usr/bin/sbctl ] || exit 0
+
+PKGNAME="$1"
+VERSION="$2"
+
+. "${ROOTDIR}/etc/default/sbctl-kernel-hook"
+
+[ -z "${SBCTL_SIGN_KERNEL}" ] && exit 0
+[ -e "boot/vmlinuz-${VERSION}" ] && usr/bin/sbctl sign -s boot/vmlinuz-${VERSION}
+[ -e "boot/vmlinux-${VERSION}" ] && usr/bin/sbctl sign -s boot/vmlinux-${VERSION}
diff --git a/srcpkgs/sbctl/files/kernel-hook.confd b/srcpkgs/sbctl/files/kernel-hook.confd
new file mode 100644
index 0000000000000..59a52c91c7de2
--- /dev/null
+++ b/srcpkgs/sbctl/files/kernel-hook.confd
@@ -0,0 +1,3 @@
+# Options for the kernel hook script installed by the sbctl package.
+# SBCTL_SIGN_KERNEL=yes
+# To let sbctl sign new kernel images, set it to 'yes'
diff --git a/srcpkgs/sbctl/template b/srcpkgs/sbctl/template
index 5d181cd62da0d..484cb0fd23dd0 100644
--- a/srcpkgs/sbctl/template
+++ b/srcpkgs/sbctl/template
@@ -1,26 +1,36 @@
 # Template file for 'sbctl'
 pkgname=sbctl
-version=0.10
-revision=3
+version=0.13
+revision=1
 build_style=go
+build_helper=qemu
 go_import_path="github.com/foxboron/sbctl"
+go_package="${go_import_path}/cmd/sbctl"
+go_ldflags="-X ${go_import_path}.DatabasePath=/etc/secureboot"
 hostmakedepends="asciidoc"
 short_desc="Secure Boot key manager"
 maintainer="Érico Nogueira <ericonr@disroot.org>"
 license="MIT"
 homepage="https://github.com/Foxboron/sbctl"
 distfiles="https://github.com/Foxboron/sbctl/archive/${version}.tar.gz"
-checksum=22c394e1ae3f80eafe85e331ca4499d2df28bebcc4421c0af89241b897a17774
+checksum=3d5b396985eabea4960377dbf81dbd891db473af20284edc7db1b4e891368c02
+export GOFLAGS="-buildmode=pie"
 
-do_build() {
-	make
-}
-
-do_install() {
-	make install PREFIX=/usr DESTDIR=$DESTDIR
-	# TODO: install completions, sbctl tries to run lsblk when generating them
+do_check() {
+	go test -v ./...
 }
 
 post_install() {
+	make man
+	vman docs/sbctl.8
 	vlicense LICENSE
+
+	SBCTL="${DESTDIR}/usr/bin/sbctl"
+	for shell in bash fish zsh; do
+		vtargetrun ${SBCTL} completion ${shell} > sbctl.${shell}
+		vcompletion sbctl.${shell} ${shell}
+	done
+
+	vinstall ${FILESDIR}/kernel-hook-postinst 744 etc/kernel.d/post-install 40-sbctl
+	vinstall ${FILESDIR}/kernel-hook.confd 644 etc/default sbctl-kernel-hook
 }