diff options
6 files changed, 268 insertions, 0 deletions
diff --git a/sys-firmware/gnuk/files/1.2.16-MINOR-Always-get-version-from-the-VERSION-file.patch b/sys-firmware/gnuk/files/1.2.16-MINOR-Always-get-version-from-the-VERSION-file.patch new file mode 100644 index 00000000..9db4e957 --- /dev/null +++ b/sys-firmware/gnuk/files/1.2.16-MINOR-Always-get-version-from-the-VERSION-file.patch @@ -0,0 +1,32 @@ +From e2ce363cd282781aab28cdb1c84c4493e57cba22 Mon Sep 17 00:00:00 2001 +From: Bertrand Jacquin <bertrand@jacquin.bzh> +Date: Sun, 19 Feb 2017 02:18:13 +0000 +Subject: [PATCH] MINOR: Always get version from the VERSION file + +--- + src/configure | 12 +----------- + 1 file changed, 1 insertion(+), 11 deletions(-) + +diff --git a/src/configure b/src/configure +index d09cde68969b..54da932e1f27 100755 +--- a/src/configure ++++ b/src/configure +@@ -52,17 +52,7 @@ exec_prefix='${prefix}' + libexecdir='${exec_prefix}/libexec' + + # Revision number +-if test -e ../.git; then +- if type git >/dev/null 2>&1; then +- REVISION=$(git describe --dirty="-modified") +- else +- # echo 'No git available, please install git' +- GIT_REVISION=$(sed -e 's/^\(.......\).*$/g\1/' "../.git/$(sed -e 's/^ref: //' ../.git/HEAD)") +- REVISION=$(cat ../VERSION)-$GIT_REVISION +- fi +-else +- REVISION=$(cat ../VERSION) +-fi ++REVISION=$(cat ../VERSION) + + # Process each option + for option; do diff --git a/sys-firmware/gnuk/files/1.2.16-build-discard-compiler-default-specs.patch b/sys-firmware/gnuk/files/1.2.16-build-discard-compiler-default-specs.patch new file mode 100644 index 00000000..972a09b2 --- /dev/null +++ b/sys-firmware/gnuk/files/1.2.16-build-discard-compiler-default-specs.patch @@ -0,0 +1,26 @@ +From b66bd970dbe4f3c9a0ccbe62debb1c8da287e13e Mon Sep 17 00:00:00 2001 +From: Bertrand Jacquin <bertrand@jacquin.bzh> +Date: Sat, 25 Apr 2020 14:28:08 +0100 +Subject: [PATCH] build: discard compiler default specs + +This allow to overwrite any potential default specs defined in local gcc +build like stack-protector which is now enforced by more and more Linux +distributions while it should not apply in chopstx use case +--- + chopstx/rules.mk | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/chopstx/rules.mk b/chopstx/rules.mk +index 3915268418d4..c0f99a6c92e2 100644 +--- a/chopstx/rules.mk ++++ b/chopstx/rules.mk +@@ -57,6 +57,9 @@ LDFLAGS = + + ### + ifeq ($(EMULATION),) ++# Discard compiler default specs ++MCFLAGS += -specs=nosys.specs ++ + MCFLAGS += -mcpu=$(MCU) + LDFLAGS += $(MCFLAGS) -nostartfiles -T$(LDSCRIPT) \ + -Wl,-Map=$(BUILDDIR)/$(PROJECT).map,--cref,--no-warn-mismatch,--gc-sections diff --git a/sys-firmware/gnuk/files/1.2.16-build-do-not-produce-a-dynamically-linked-position-i.patch b/sys-firmware/gnuk/files/1.2.16-build-do-not-produce-a-dynamically-linked-position-i.patch new file mode 100644 index 00000000..34b5d354 --- /dev/null +++ b/sys-firmware/gnuk/files/1.2.16-build-do-not-produce-a-dynamically-linked-position-i.patch @@ -0,0 +1,24 @@ +From 1a16da9e480c5eeb7a76d14dcbb5c92fa71febbb Mon Sep 17 00:00:00 2001 +From: Bertrand Jacquin <bertrand@jacquin.bzh> +Date: Tue, 28 Aug 2018 21:51:26 +0100 +Subject: [PATCH] build: do not produce a dynamically linked position + independent executable + +--- + chopstx/rules.mk | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/chopstx/rules.mk b/chopstx/rules.mk +index 23d55f677f58..5ff80d86509b 100644 +--- a/chopstx/rules.mk ++++ b/chopstx/rules.mk +@@ -63,6 +63,9 @@ MCFLAGS += -specs=nosys.specs + # Do not use the standard system startup files when linking + MCFLAGS += -nostartfiles + ++# Don't produce a dynamically linked position independent executable ++MCFLAGS += -fno-pie ++ + MCFLAGS += -mcpu=$(MCU) + LDFLAGS += $(MCFLAGS) -T$(LDSCRIPT) \ + -Wl,-Map=$(BUILDDIR)/$(PROJECT).map,--cref,--no-warn-mismatch,--gc-sections diff --git a/sys-firmware/gnuk/files/1.2.16-build-initilize-empty-MCFLAGS-and-LDFLAGS.patch b/sys-firmware/gnuk/files/1.2.16-build-initilize-empty-MCFLAGS-and-LDFLAGS.patch new file mode 100644 index 00000000..4669a194 --- /dev/null +++ b/sys-firmware/gnuk/files/1.2.16-build-initilize-empty-MCFLAGS-and-LDFLAGS.patch @@ -0,0 +1,37 @@ +From d9c65c613a6cccbcfd403ef00ffabccec25bf29f Mon Sep 17 00:00:00 2001 +From: Bertrand Jacquin <bertrand@jacquin.bzh> +Date: Sat, 25 Apr 2020 14:26:46 +0100 +Subject: [PATCH] build: initilize empty MCFLAGS and LDFLAGS + +Such variables are modified later, it make it clearer to read when +variable are only appened +--- + chopstx/rules.mk | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/chopstx/rules.mk b/chopstx/rules.mk +index 110079efdaaa..3915268418d4 100644 +--- a/chopstx/rules.mk ++++ b/chopstx/rules.mk +@@ -50,14 +50,17 @@ IINCDIR = $(patsubst %,-I%,$(INCDIR)) + LLIBDIR = $(patsubst %,-L%,$(LIBDIR)) + + VPATH = $(sort $(dir $(CSRC))) ++ ++# Initilize empty LDFLAGS and MCFLAGS ++MCFLAGS = ++LDFLAGS = ++ + ### + ifeq ($(EMULATION),) +-MCFLAGS = -mcpu=$(MCU) +-LDFLAGS = $(MCFLAGS) -nostartfiles -T$(LDSCRIPT) \ ++MCFLAGS += -mcpu=$(MCU) ++LDFLAGS += $(MCFLAGS) -nostartfiles -T$(LDSCRIPT) \ + -Wl,-Map=$(BUILDDIR)/$(PROJECT).map,--cref,--no-warn-mismatch,--gc-sections + else +-MCFLAGS = +-LDFLAGS = + DEFS += -D_GNU_SOURCE + endif + diff --git a/sys-firmware/gnuk/files/1.2.16-build-move-nostartfiles-earlier.patch b/sys-firmware/gnuk/files/1.2.16-build-move-nostartfiles-earlier.patch new file mode 100644 index 00000000..fcee56ee --- /dev/null +++ b/sys-firmware/gnuk/files/1.2.16-build-move-nostartfiles-earlier.patch @@ -0,0 +1,26 @@ +From 81395c4dcecf24a273184862a95c422576228978 Mon Sep 17 00:00:00 2001 +From: Bertrand Jacquin <bertrand@jacquin.bzh> +Date: Sat, 25 Apr 2020 14:40:36 +0100 +Subject: [PATCH] build: move -nostartfiles earlier + +--- + chopstx/rules.mk | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/chopstx/rules.mk b/chopstx/rules.mk +index c0f99a6c92e2..23d55f677f58 100644 +--- a/chopstx/rules.mk ++++ b/chopstx/rules.mk +@@ -60,8 +60,11 @@ ifeq ($(EMULATION),) + # Discard compiler default specs + MCFLAGS += -specs=nosys.specs + ++# Do not use the standard system startup files when linking ++MCFLAGS += -nostartfiles ++ + MCFLAGS += -mcpu=$(MCU) +-LDFLAGS += $(MCFLAGS) -nostartfiles -T$(LDSCRIPT) \ ++LDFLAGS += $(MCFLAGS) -T$(LDSCRIPT) \ + -Wl,-Map=$(BUILDDIR)/$(PROJECT).map,--cref,--no-warn-mismatch,--gc-sections + else + DEFS += -D_GNU_SOURCE diff --git a/sys-firmware/gnuk/gnuk-1.2.16.ebuild b/sys-firmware/gnuk/gnuk-1.2.16.ebuild new file mode 100644 index 00000000..1ac7cc7d --- /dev/null +++ b/sys-firmware/gnuk/gnuk-1.2.16.ebuild @@ -0,0 +1,123 @@ +# Copyright 1999-2021 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +PYTHON_COMPAT=( python{3_7,3_8,3_9} ) +inherit git-r3 eutils python-r1 udev + +DESCRIPTION="An Implementation of USB Cryptographic Token for GnuPG" +HOMEPAGE="https://www.fsij.org/category/gnuk.html" +EGIT_REPO_URI="https://salsa.debian.org/gnuk-team/${PN}/${PN}" +EGIT_COMMIT="release/${PV}" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64" +IUSE="debug doc tools" + +DEPEND="doc? ( dev-python/sphinx )" +RDEPEND="virtual/udev + tools? ( + ${PYTHON_DEPS} + dev-python/pyusb[${PYTHON_USEDEP}] + dev-python/colorama[${PYTHON_USEDEP}] + )" + +PATCHES=( + "${FILESDIR}/${PV}-MINOR-Always-get-version-from-the-VERSION-file.patch" + "${FILESDIR}/${PV}-build-initilize-empty-MCFLAGS-and-LDFLAGS.patch" + "${FILESDIR}/${PV}-build-discard-compiler-default-specs.patch" + "${FILESDIR}/${PV}-build-move-nostartfiles-earlier.patch" + "${FILESDIR}/${PV}-build-do-not-produce-a-dynamically-linked-position-i.patch" +) + +pkg_pretend() { + if type -p arm-none-eabi-gcc > /dev/null 2>&1 ; then + return 0 + fi + + eerror "Before you could build the firmware, you need to install arm-none-eabi toolchain" + eerror "Run the following commands:" + eerror " emerge -vat crossdev" + eerror " crossdev --target arm-none-eabi" + die "arm-none-eabi toolchain is needed" +} + +src_prepare () { + default + + mv tool/get_raw_public_key.py "tool/${PN}-get_raw_public_key.py" || die + mv tool/gnuk_get_random.py "tool/${PN}-get_random.py" || die + mv tool/gnuk_put_binary_libusb.py "tool/${PN}-put_binary_libusb.py" || die + mv tool/gnuk_remove_keys_libusb.py "tool/${PN}-remove_keys_libusb.py" || die + mv tool/gnuk_upgrade.py "tool/${PN}-upgrade.py" || die + mv tool/stlinkv2.py "tool/${PN}-stlinkv2.py" || die + mv tool/upgrade_by_passwd.py "tool/${PN}-upgrade_by_passwd.py" || die + mv tool/usb_strings.py "tool/${PN}-usb_strings.py" || die +} + +src_configure() { + cd "${S}/src" + ./configure \ + --target=FST_01 \ + --vidpid=234b:0000 \ + --enable-certdo \ + --enable-factory-reset \ + --enable-hid-card-change \ + $(use_enable debug) \ + || die "configure failed" +} + +src_compile() { + cd "${S}/src" + emake CROSS="arm-none-eabi-" + + if use doc ; then + cd "${S}/doc" + emake html + emake man + fi + + cd "${S}/regnual" + emake TRGT="arm-none-eabi-" +} + +src_install() { + insinto "/usr/share/${PN}/firmware" + doins "src/build/${PN}.bin" + doins "regnual/regnual.bin" + + udev_dorules "${FILESDIR}/60-${PN}.rules" + + if use doc ; then + HTML_DOCS=( doc/_build/html/* ) + doman doc/_build/man/* + fi + + install_example() { + insinto "$(python_get_scriptdir)" + doins "${1}" + } + + if use tools ; then + python_foreach_impl python_domodule tool/gnuk_token.py + python_foreach_impl python_domodule tool/gpg_agent.py + python_foreach_impl python_domodule tool/kdf_calc.py + python_foreach_impl python_domodule tool/rsa.py + + python_foreach_impl python_doscript "tool/${PN}-get_random.py" + python_foreach_impl python_doscript "tool/${PN}-get_raw_public_key.py" + python_foreach_impl python_doscript "tool/${PN}-put_binary_libusb.py" + python_foreach_impl python_doscript "tool/${PN}-remove_keys_libusb.py" + python_foreach_impl python_doscript "tool/${PN}-stlinkv2.py" + python_foreach_impl python_doscript "tool/${PN}-upgrade.py" + python_foreach_impl python_doscript "tool/${PN}-upgrade_by_passwd.py" + python_foreach_impl python_doscript "tool/${PN}-usb_strings.py" + python_foreach_impl install_example tool/rsa_example.key + + udev_dorules "${FILESDIR}/10-stlink.rules" + fi + + dodoc AUTHORS ChangeLog NEWS README THANKS + dodoc -r doc/note +} |