From a5ffa5d41bb6bf004df48ce977aabf55257cd558 Mon Sep 17 00:00:00 2001
From: dataCobra <datacobra@thinkbot.de>
Date: Fri, 26 Jan 2024 10:56:47 +0100
Subject: [PATCH] fwupd-efi: update to 1.4.

---
 .../fwupd-efi-1.4-efi_ld_override.patch       |  26 +++++
 .../fwupd-efi-1.4-uefi_210_fixes.patch        | 107 ++++++++++++++++++
 srcpkgs/fwupd-efi/template                    |   6 +-
 3 files changed, 136 insertions(+), 3 deletions(-)
 create mode 100644 srcpkgs/fwupd-efi/patches/fwupd-efi-1.4-efi_ld_override.patch
 create mode 100644 srcpkgs/fwupd-efi/patches/fwupd-efi-1.4-uefi_210_fixes.patch

diff --git a/srcpkgs/fwupd-efi/patches/fwupd-efi-1.4-efi_ld_override.patch b/srcpkgs/fwupd-efi/patches/fwupd-efi-1.4-efi_ld_override.patch
new file mode 100644
index 0000000000000..0b703a41d2e60
--- /dev/null
+++ b/srcpkgs/fwupd-efi/patches/fwupd-efi-1.4-efi_ld_override.patch
@@ -0,0 +1,26 @@
+--- a/efi/meson.build
++++ b/efi/meson.build
+@@ -1,6 +1,7 @@
+ generate_sbat = find_program('generate_sbat.py', native: true)
+ generate_binary = find_program('generate_binary.py', native: true)
+ 
++efi_ld = get_option('efi-ld')
+ efi_ldsdir = get_option('efi-ldsdir')
+ efi_incdir = get_option('efi-includedir')
+ 
+@@ -226,7 +227,7 @@
+ so = custom_target('fwup.so',
+                    input : [o_file1, o_file2, o_file3, o_file4, o_file5],
+                    output : 'fwup.so',
+-                   command : [ld, '-o', '@OUTPUT@'] +
++                   command : [efi_ld, '-o', '@OUTPUT@'] +
+                              efi_ldflags + ['@INPUT@'] +
+                              ['-lefi', '-lgnuefi', libgcc_file_name],
+                    depends: fwupd_so_deps)
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -1,3 +1,4 @@
++option('efi-ld', type : 'string', value : 'ld', description : 'the linker to use for EFI modules')
+ option('efi-libdir', type : 'string', description : 'path to the EFI lib directory')
+ option('efi-ldsdir', type : 'string', description : 'path to the EFI lds directory')
+ option('efi-includedir', type : 'string', value : '/usr/include/efi', description : 'path to the EFI header directory')
diff --git a/srcpkgs/fwupd-efi/patches/fwupd-efi-1.4-uefi_210_fixes.patch b/srcpkgs/fwupd-efi/patches/fwupd-efi-1.4-uefi_210_fixes.patch
new file mode 100644
index 0000000000000..d4de5f174857e
--- /dev/null
+++ b/srcpkgs/fwupd-efi/patches/fwupd-efi-1.4-uefi_210_fixes.patch
@@ -0,0 +1,107 @@
+From bd958f2e8f03a85a7e1fe40a3ca7b78e0b24b79f Mon Sep 17 00:00:00 2001
+From: Callum Farmer <gmbr3@opensuse.org>
+Date: Sat, 11 Feb 2023 15:39:06 +0000
+Subject: [PATCH] UEFI 2.10 fixes
+
+Revert "Align sections to 512 bytes"
+
+This is not permitted according to the Microsoft
+guidelines which require section alignment to be
+the same as the page size of the architecture which
+for all supported archs is the default in Binutils
+
+https://techcommunity.microsoft.com/t5/hardware-dev-center/new-uefi-ca-memory-mitigation-requirements-for-signing/ba-p/3608714
+
+This reverts commit c60c0b8dfda71275ab40bdb316a6ca650c7a8948.
+
+Keep .areloc ARM32 section
+
+This is the psuedo .reloc section but renamed only on ARM32 to avoid
+a bad RELSZ value (gnu-efi 3.0.18+)
+
+Only use 4KiB pages on aarch64
+
+Binutils is currently configured by default
+to use 64KiB pages on aarch64, however this
+is not allowed by the UEFI specification
+
+Check if crt0 contains .note.GNU-stack section
+
+We need the .note.GNU-stack section for NX
+compat. If we don't have a new enough
+gnu-efi, error as the gnu-efi libraries
+themselves must have been built as NX
+for this to work
+
+Signed-off-by: Callum Farmer <gmbr3@opensuse.org>
+---
+ efi/crt0/meson.build   |  1 +
+ efi/generate_binary.py |  4 ++--
+ efi/meson.build        | 12 +++++++++++-
+ 3 files changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/efi/crt0/meson.build b/efi/crt0/meson.build
+index f5f45c5..fbd943e 100644
+--- a/efi/crt0/meson.build
++++ b/efi/crt0/meson.build
+@@ -1,3 +1,4 @@
++arch_crt_source = 'crt0-efi-@0@.S'.format(gnu_efi_path_arch)
+ o_crt0 = custom_target('efi_crt0',
+                        input : arch_crt_source,
+                        output : arch_crt,
+diff --git a/efi/generate_binary.py b/efi/generate_binary.py
+index bd2d959..e27f926 100755
+--- a/efi/generate_binary.py
++++ b/efi/generate_binary.py
+@@ -31,9 +31,9 @@ def _run_objcopy(args):
+         "-j",
+         ".rodata",
+         "-j",
++        ".areloc",
++        "-j",
+         ".rel*",
+-        "--section-alignment",
+-        "512",
+         args.infile,
+         args.outfile,
+     ]
+diff --git a/efi/meson.build b/efi/meson.build
+index 1931855..a476884 100644
+--- a/efi/meson.build
++++ b/efi/meson.build
+@@ -95,6 +95,11 @@ else
+         coff_header_in_crt0 = false
+ endif
+ 
++# For NX compat, we must ensure we have .note.GNU-stack
++if run_command('grep', '-q', '.note.GNU-stack', join_paths(efi_crtdir, arch_crt), check: false).returncode() != 0
++    error('Cannot find NX section in @0@, update to gnu-efi 3.0.15+'.format(join_paths(efi_crtdir, arch_crt)))
++endif
++
+ # older objcopy for Aarch64 and ARM32 are not EFI capable.
+ # Use 'binary' instead, and add required symbols manually.
+ if host_cpu == 'arm' or (host_cpu == 'aarch64' and (objcopy_version.version_compare ('< 2.38') or coff_header_in_crt0))
+@@ -119,7 +124,6 @@ endif
+ # is the system crt0 for arm and aarch64 new enough to know about SBAT?
+ if objcopy_manualsymbols
+   if get_option('efi_sbat_distro_id') != ''
+-    arch_crt_source = 'crt0-efi-@0@.S'.format(gnu_efi_path_arch)
+     cmd = run_command('grep', '-q', 'sbat', join_paths(efi_crtdir, arch_crt))
+     if cmd.returncode() != 0
+       warning('Cannot find SBAT section in @0@, using local copy'.format(join_paths(efi_crtdir, arch_crt)))
+@@ -187,6 +191,12 @@ efi_ldflags = ['-T',
+                '-L', efi_libdir,
+                join_paths(efi_crtdir, arch_crt)]
+ 
++if host_cpu == 'aarch64'
++# Don't use 64KiB pages
++  efi_ldflags += ['-z', 'common-page-size=4096']
++  efi_ldflags += ['-z', 'max-page-size=4096']
++endif
++
+ if objcopy_manualsymbols
+   # older objcopy for Aarch64 and ARM32 are not EFI capable.
+   # Use 'binary' instead, and add required symbols manually.
+-- 
+2.34.1
+
diff --git a/srcpkgs/fwupd-efi/template b/srcpkgs/fwupd-efi/template
index 78a543fec1dd7..206948e8d0a86 100644
--- a/srcpkgs/fwupd-efi/template
+++ b/srcpkgs/fwupd-efi/template
@@ -1,6 +1,6 @@
 # Template file for 'fwupd-efi'
 pkgname=fwupd-efi
-version=1.3
+version=1.4
 revision=1
 archs="x86_64* i686* arm* aarch64*"
 build_style=meson
@@ -9,13 +9,13 @@ configure_args="-Defi-includedir=${XBPS_CROSS_BASE}/usr/include/efi
  -Defi-ldsdir=${XBPS_CROSS_BASE}/usr/lib -Defi-ld=${XBPS_CROSS_BASE}/bin/ld
  -Defi-libdir=${XBPS_CROSS_BASE}/usr/lib"
 hostmakedepends="efivar"
-makedepends="libefivar-devel gnu-efi-libs"
+makedepends="libefivar-devel gnu-efi-libs python3-pefile"
 short_desc="EFI Application used by uefi-capsule plugin in fwupd"
 maintainer="dkwo <nicolopiazzalunga@gmail.com>"
 license="LGPL-2.1-or-later"
 homepage="https://github.com/fwupd/fwupd-efi"
 distfiles="https://github.com/fwupd/fwupd-efi/archive/refs/tags/${version}.tar.gz"
-checksum=0e76057c178e221f63eaf9142fa1d06780a8eb3df7cf0c11f92660138dec5c83
+checksum=b1f5fe72e16d4e2f4c616da416dc93bd79331057336208465da37bafe8f8f83d
 
 if [ "$CROSS_BUILD" ]; then
 	configure_args+=" -Defi-cc=/usr/bin/${XBPS_CROSS_TRIPLET}-gcc"