diff options
| -rw-r--r-- | profiles/use.local.desc | 37 | ||||
| -rw-r--r-- | sys-firmware/gnuk/files/1.2.14-Disable-PIE.patch | 47 | ||||
| -rw-r--r-- | sys-firmware/gnuk/files/1.2.14-Disable-stack-protector.patch | 46 | ||||
| -rw-r--r-- | sys-firmware/gnuk/files/1.2.14-tool-switch-to-python3.patch | 477 | ||||
| -rw-r--r-- | sys-firmware/gnuk/files/1.2.15-MINOR-Always-get-version-from-the-VERSION-file.patch (renamed from sys-firmware/gnuk/files/1.2.14-MINOR-Always-get-version-from-the-VERSION-file.patch) | 0 | ||||
| -rw-r--r-- | sys-firmware/gnuk/files/1.2.15-build-discard-compiler-default-specs.patch | 26 | ||||
| -rw-r--r-- | sys-firmware/gnuk/files/1.2.15-build-do-not-produce-a-dynamically-linked-position-i.patch | 24 | ||||
| -rw-r--r-- | sys-firmware/gnuk/files/1.2.15-build-initilize-empty-MCFLAGS-and-LDFLAGS.patch | 37 | ||||
| -rw-r--r-- | sys-firmware/gnuk/files/1.2.15-build-move-nostartfiles-earlier.patch | 26 | ||||
| -rw-r--r-- | sys-firmware/gnuk/gnuk-1.2.15.ebuild (renamed from sys-firmware/gnuk/gnuk-1.2.14.ebuild) | 16 |
10 files changed, 158 insertions, 578 deletions
diff --git a/profiles/use.local.desc b/profiles/use.local.desc index 362e721f..d7660eb5 100644 --- a/profiles/use.local.desc +++ b/profiles/use.local.desc @@ -2,6 +2,43 @@ # your descriptions to your package's metadata.xml ONLY. # * generated automatically using egencache * +cross-arm-none-eabi/binutils:default-gold - Set ld to point to ld.gold instead of ld.bfd +cross-arm-none-eabi/binutils:gold - Build ld.gold linker +cross-arm-none-eabi/binutils:multitarget - Adds support to binutils for cross compiling (does not work with gas) +cross-arm-none-eabi/binutils:plugins - Enable plugin support in tools +cross-arm-none-eabi/gcc:awt - Useful only when building GCJ, this enables Abstract Window Toolkit (AWT) peer support on top of GTK+ +cross-arm-none-eabi/gcc:boundschecking - Add the bounds checking patch by Haj Ten Brugge, this will DISABLE the hardened PIE+SSP patches +cross-arm-none-eabi/gcc:cilk - Support the Cilk Plus language (C/C++ based languages for parallel programming) +cross-arm-none-eabi/gcc:d - Enable support for the D programming language +cross-arm-none-eabi/gcc:fixed-point - Enable fixed-point arithmetic support for MIPS targets in gcc (Warning: significantly increases compile time!) +cross-arm-none-eabi/gcc:gcj - Build the GCJ Java language frontend. +cross-arm-none-eabi/gcc:go - Build the GCC Go language frontend. +cross-arm-none-eabi/gcc:graphite - Add support for the framework for loop optimizations based on a polyhedral intermediate representation +cross-arm-none-eabi/gcc:jit - Enable libgccjit so other applications can embed gcc for Just-In-Time compilation. This will slow down the compiler a bit as it forces all of the toolchain to be shared libs. +cross-arm-none-eabi/gcc:libssp - Build SSP support into a dedicated library rather than use the code in the C library (DO NOT ENABLE THIS IF YOU DON'T KNOW WHAT IT DOES) +cross-arm-none-eabi/gcc:lto - Build using Link Time Optimizations (LTO) +cross-arm-none-eabi/gcc:mpx - Enable support for Intel Memory Protection Extensions (MPX) +cross-arm-none-eabi/gcc:mudflap - Add support for mudflap, a pointer use checking library +cross-arm-none-eabi/gcc:nopie - Disable PIE support (NOT FOR GENERAL USE) +cross-arm-none-eabi/gcc:nossp - Disable SSP support (NOT FOR GENERAL USE) +cross-arm-none-eabi/gcc:nptl - Enable support for Native POSIX Threads Library, the new threading module (requires linux-2.6 or better usually) +cross-arm-none-eabi/gcc:objc - Build support for the Objective C code language +cross-arm-none-eabi/gcc:objc++ - Build support for the Objective C++ language +cross-arm-none-eabi/gcc:objc-gc - Build support for the Objective C code language Garbage Collector +cross-arm-none-eabi/gcc:pgo - Build GCC using Profile Guided Optimization (PGO) +cross-arm-none-eabi/gcc:sanitize - Build support for various sanitizer functions (ASAN/TSAN/etc...) +cross-arm-none-eabi/gcc:ssp - Build packages with stack smashing protector on by default +cross-arm-none-eabi/gcc:systemtap - enable systemtap static probe points +cross-arm-none-eabi/gcc:vtv - Build support for virtual table verification (a C++ hardening feature) +cross-arm-none-eabi/gdb:client - Install the main "gdb" program (most people want this) +cross-arm-none-eabi/gdb:lzma - Support lzma compression in ELF debug info +cross-arm-none-eabi/gdb:multitarget - Support all known targets in one gdb binary +cross-arm-none-eabi/gdb:python - Enable support for the new internal scripting language, as well as extended pretty printers +cross-arm-none-eabi/gdb:server - Install the "gdbserver" program (useful for embedded/remote targets) +cross-arm-none-eabi/gdb:source-highlight - Enable listing highlighting via dev-util/source-highlight +cross-arm-none-eabi/gdb:xml - Support parsing XML data files needed (at least) for cpu features, memory maps, and syscall tracing +cross-arm-none-eabi/gdb:xxhash - Use dev-libs/xxhash to speed up internal hashing. +cross-arm-none-eabi/newlib:nano - Build additional newlib-nano library dev-lang/lua:deprecated - make deprecated data structures/routines available dev-lang/luajit:lua52compat - Enable some upwards-compatible features from Lua 5.2 that are unlikely to break existing code. dev-lang/php:adabas - Adds support for the Adabas database engine diff --git a/sys-firmware/gnuk/files/1.2.14-Disable-PIE.patch b/sys-firmware/gnuk/files/1.2.14-Disable-PIE.patch deleted file mode 100644 index 4071def8..00000000 --- a/sys-firmware/gnuk/files/1.2.14-Disable-PIE.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 16bf07e3880a45af9a6c8e477166733577f05a1c Mon Sep 17 00:00:00 2001 -From: Bertrand Jacquin <bertrand@jacquin.bzh> -Date: Tue, 28 Aug 2018 21:51:26 +0100 -Subject: [PATCH 1/2] Disable PIE - -If gcc is built using --enable-default-pie, generated binary will -contain dynamic relocations which is irrelevant for firmware build ---- - regnual/Makefile | 2 +- - src/Makefile | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/regnual/Makefile b/regnual/Makefile -index b3ae5973d8e8..9479776ad681 100644 ---- a/regnual/Makefile -+++ b/regnual/Makefile -@@ -24,7 +24,7 @@ CWARN = -Wall -Wextra -Wstrict-prototypes - MCFLAGS= -mcpu=$(MCU) - DEFS += -DFREE_STANDING - --CFLAGS = -O2 -g -+CFLAGS = -O2 -g -fno-pie - CFLAGS += -Wa,-alms=$(notdir $(<:.c=.lst)) -fpie - CFLAGS += $(CWARN) -I . -I ../chopstx -fno-common $(MCFLAGS) $(TOPT) $(DEFS) - -diff --git a/src/Makefile b/src/Makefile -index ba2c3bf863d2..d5e1b7299702 100644 ---- a/src/Makefile -+++ b/src/Makefile -@@ -63,7 +63,7 @@ LD = $(CROSS)gcc - OBJCOPY = $(CROSS)objcopy - - CWARN = -Wall -Wextra -Wstrict-prototypes --OPT = -O3 -Os -g -+OPT = -O3 -Os -g -fno-pie - - ####################### - include $(CHOPSTX)/rules.mk -@@ -74,7 +74,7 @@ board.h: - - sys.c: board.h - --build/bignum.o: OPT = -O3 -g -+build/bignum.o: OPT = -O3 -g -fno-pie - - build/stdaln-sys.elf: build/sys-$(CHIP).o stdaln-sys.ld - @echo diff --git a/sys-firmware/gnuk/files/1.2.14-Disable-stack-protector.patch b/sys-firmware/gnuk/files/1.2.14-Disable-stack-protector.patch deleted file mode 100644 index 6c382d04..00000000 --- a/sys-firmware/gnuk/files/1.2.14-Disable-stack-protector.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 40fad3de514d5ba594fe0c6e3e5f732e14f8b9e3 Mon Sep 17 00:00:00 2001 -From: Bertrand Jacquin <bertrand@jacquin.bzh> -Date: Sat, 11 Jan 2020 22:56:13 +0000 -Subject: [PATCH 2/2] Disable stack-protector - -newlib has no implementation of __stack_chk_fail ---- - regnual/Makefile | 2 +- - src/Makefile | 4 ++-- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/regnual/Makefile b/regnual/Makefile -index 9479776ad681..db088cf69065 100644 ---- a/regnual/Makefile -+++ b/regnual/Makefile -@@ -24,7 +24,7 @@ CWARN = -Wall -Wextra -Wstrict-prototypes - MCFLAGS= -mcpu=$(MCU) - DEFS += -DFREE_STANDING - --CFLAGS = -O2 -g -fno-pie -+CFLAGS = -O2 -g -fno-pie -fno-stack-protector - CFLAGS += -Wa,-alms=$(notdir $(<:.c=.lst)) -fpie - CFLAGS += $(CWARN) -I . -I ../chopstx -fno-common $(MCFLAGS) $(TOPT) $(DEFS) - -diff --git a/src/Makefile b/src/Makefile -index d5e1b7299702..a2afce17f685 100644 ---- a/src/Makefile -+++ b/src/Makefile -@@ -63,7 +63,7 @@ LD = $(CROSS)gcc - OBJCOPY = $(CROSS)objcopy - - CWARN = -Wall -Wextra -Wstrict-prototypes --OPT = -O3 -Os -g -fno-pie -+OPT = -O3 -Os -g -fno-pie -fno-stack-protector - - ####################### - include $(CHOPSTX)/rules.mk -@@ -74,7 +74,7 @@ board.h: - - sys.c: board.h - --build/bignum.o: OPT = -O3 -g -fno-pie -+build/bignum.o: OPT = -O3 -g -fno-pie -fno-stack-protector - - build/stdaln-sys.elf: build/sys-$(CHIP).o stdaln-sys.ld - @echo diff --git a/sys-firmware/gnuk/files/1.2.14-tool-switch-to-python3.patch b/sys-firmware/gnuk/files/1.2.14-tool-switch-to-python3.patch deleted file mode 100644 index dd9d3632..00000000 --- a/sys-firmware/gnuk/files/1.2.14-tool-switch-to-python3.patch +++ /dev/null @@ -1,477 +0,0 @@ -From a6bb96bb94ce324e7b1ddd5fb67367517d1562eb Mon Sep 17 00:00:00 2001 -From: Bertrand Jacquin <bertrand@jacquin.bzh> -Date: Sat, 11 Jan 2020 18:00:48 +0000 -Subject: [PATCH] tool: switch to python3 - -python2 is no longer maintained upstream ---- - tool/add_openpgp_authkey_from_gpgssh.py | 8 +- - tool/calc_precompute_table_ecc.py | 14 +-- - tool/dfuse.py | 32 +++---- - tool/dump_mem.py | 8 +- - tool/get_raw_public_key.py | 2 +- - tool/pageant_proxy_to_gpg.py | 2 +- - tool/pinpadtest.py | 114 ++++++++++++------------ - 7 files changed, 91 insertions(+), 91 deletions(-) - -diff --git a/tool/add_openpgp_authkey_from_gpgssh.py b/tool/add_openpgp_authkey_from_gpgssh.py -index 1eb80de9c8a8..2f9f0e13ad03 100644 ---- a/tool/add_openpgp_authkey_from_gpgssh.py -+++ b/tool/add_openpgp_authkey_from_gpgssh.py -@@ -109,15 +109,15 @@ def build_rsakey_from_ssh_key_under_gpg_agent(g, timestamp=None): - # The information is in SEXP format, extract N and E - s = sexp(pubkey_info_str) - if s[0] != 'public-key': -- print s -+ print(s) - exit(1) - rsa = s[1] - if rsa[0] != 'rsa': -- print rsa -+ print(rsa) - exit(1) - n_x = rsa[1] - if n_x[0] != 'n': -- print n_x -+ print(n_x) - exit(1) - n_byte_str = n_x[1] - while n_byte_str[0] == '\x00': -@@ -125,7 +125,7 @@ def build_rsakey_from_ssh_key_under_gpg_agent(g, timestamp=None): - n = n_byte_str - e_x = rsa[2] - if e_x[0] != 'e': -- print e_x -+ print(e_x) - exit(1) - e = e_x[1] - if not timestamp: -diff --git a/tool/calc_precompute_table_ecc.py b/tool/calc_precompute_table_ecc.py -index 2b59789329ad..5536db1ebd2b 100644 ---- a/tool/calc_precompute_table_ecc.py -+++ b/tool/calc_precompute_table_ecc.py -@@ -8,21 +8,21 @@ def print_nG(n): - nGy_str = "%064x" % nG.y() - print256(nGx_str) - print256(nGy_str) -- print -+ print() - - def print256(s): - print("0x%s, 0x%s, 0x%s, 0x%s," % (s[56:64], s[48:56], s[40:48], s[32:40])) - print("0x%s, 0x%s, 0x%s, 0x%s" % (s[24:32], s[16:24], s[8:16], s[0:8])) -- print -+ print() - - - for i in range(1,16): -- n = (i & 1) + (i & 2) * 0x8000000000000000L + (i & 4) * 0x40000000000000000000000000000000L + (i & 8) * 0x200000000000000000000000000000000000000000000000L -- print "%064x" % n -+ n = (i & 1) + (i & 2) * 0x8000000000000000 + (i & 4) * 0x40000000000000000000000000000000 + (i & 8) * 0x200000000000000000000000000000000000000000000000 -+ print("%064x" % n) - print_nG(n) - - for i in range(1,16): -- n = (i & 1) + (i & 2) * 0x8000000000000000L + (i & 4) * 0x40000000000000000000000000000000L + (i & 8) * 0x200000000000000000000000000000000000000000000000L -- n = n * 0x100000000L -- print "%064x" % n -+ n = (i & 1) + (i & 2) * 0x8000000000000000 + (i & 4) * 0x40000000000000000000000000000000 + (i & 8) * 0x200000000000000000000000000000000000000000000000 -+ n = n * 0x100000000 -+ print("%064x" % n) - print_nG(n) -diff --git a/tool/dfuse.py b/tool/dfuse.py -index cd0f17284817..d108810e85e3 100755 ---- a/tool/dfuse.py -+++ b/tool/dfuse.py -@@ -104,9 +104,9 @@ class DFU_STM32(object): - interface: usb.Interface object representing the interface and altenate setting. - """ - if interface.interfaceClass != DFU_CLASS: -- raise ValueError, "Wrong interface class" -+ raise ValueError("Wrong interface class") - if interface.interfaceSubClass != DFU_SUBCLASS: -- raise ValueError, "Wrong interface sub class" -+ raise ValueError("Wrong interface sub class") - self.__protocol = interface.interfaceProtocol - self.__devhandle = device.open() - self.__devhandle.setConfiguration(configuration) -@@ -170,7 +170,7 @@ class DFU_STM32(object): - while s[4] == STATE_DFU_DOWNLOAD_BUSY: - time.sleep(0.1) - s = self.ll_get_status() -- raise ValueError, "Read memory failed (%d)" % s[0] -+ raise ValueError("Read memory failed (%d)" % s[0]) - - def dfuse_set_address_pointer(self, address): - bytes = get_four_bytes (address) -@@ -181,7 +181,7 @@ class DFU_STM32(object): - time.sleep(0.1) - s = self.ll_get_status() - if s[4] != STATE_DFU_DOWNLOAD_IDLE: -- raise ValueError, "Set Address Pointer failed" -+ raise ValueError("Set Address Pointer failed") - - def dfuse_erase(self, address): - bytes = get_four_bytes (address) -@@ -191,7 +191,7 @@ class DFU_STM32(object): - time.sleep(0.1) - s = self.ll_get_status() - if s[4] != STATE_DFU_DOWNLOAD_IDLE: -- raise ValueError, "Erase failed" -+ raise ValueError("Erase failed") - - def dfuse_write_memory(self, block): - blocknum = self.__blocknum -@@ -202,7 +202,7 @@ class DFU_STM32(object): - time.sleep(0.1) - s = self.ll_get_status() - if s[4] != STATE_DFU_DOWNLOAD_IDLE: -- raise ValueError, "Write memory failed" -+ raise ValueError("Write memory failed") - - def download(self, ih): - # First, erase pages -@@ -280,7 +280,7 @@ class DFU_STM32(object): - elif s[4] == STATE_DFU_MANIFEST_WAIT_RESET: - self.__devhandle.reset() - elif s[4] != STATE_DFU_IDLE: -- raise ValueError, "write failed (%d)." % s[4] -+ raise ValueError("write failed (%d)." % s[4]) - else: - self.ll_clear_status() - self.ll_clear_status() -@@ -315,7 +315,7 @@ class DFU_STM32(object): - j = 0 - for c in data[0:(addr + 1024 - start_addr)]: - if (ord(c)&0xff) != block[j + start_addr - addr]: -- raise ValueError, "verify failed at %08x" % (addr + i*1024+j) -+ raise ValueError("verify failed at %08x" % (addr + i*1024+j)) - j += 1 - data = data[(addr + 1024 - start_addr):] - addr += 1024 -@@ -330,7 +330,7 @@ class DFU_STM32(object): - j = 0 - for c in data[i*1024:(i+1)*1024]: - if (ord(c)&0xff) != block[j]: -- raise ValueError, "verify failed at %08x" % (addr + i*1024+j) -+ raise ValueError("verify failed at %08x" % (addr + i*1024+j)) - j += 1 - if i & 0x03 == 0x03: - sys.stdout.write("#") -@@ -367,25 +367,25 @@ def get_device(): - (alt.interfaceProtocol == DFU_STM32PROTOCOL_0 or \ - alt.interfaceProtocol == DFU_STM32PROTOCOL_2): - return dev, config, alt -- raise ValueError, "Device not found" -+ raise ValueError("Device not found") - - def main(filename): - dev, config, intf = get_device() -- print "Device:", dev.filename -- print "Configuration", config.value -- print "Interface", intf.interfaceNumber -+ print("Device:", dev.filename) -+ print("Configuration", config.value) -+ print("Interface", intf.interfaceNumber) - dfu = DFU_STM32(dev, config, intf) -- print dfu.ll_get_string(intf.iInterface) -+ print(dfu.ll_get_string(intf.iInterface)) - s = dfu.ll_get_status() - if s[4] == STATE_DFU_ERROR: - dfu.ll_clear_status() - s = dfu.ll_get_status() -- print s -+ print(s) - if s[4] == STATE_DFU_IDLE: - exit - transfer_size = 1024 - if s[0] != DFU_STATUS_OK: -- print s -+ print(s) - exit - ih = intel_hex(filename) - dfu.download(ih) -diff --git a/tool/dump_mem.py b/tool/dump_mem.py -index 806bafe5b1b5..d793271c7dc5 100755 ---- a/tool/dump_mem.py -+++ b/tool/dump_mem.py -@@ -27,22 +27,22 @@ from dfuse import * - - dev, config, intf = get_device() - dfu = DFU_STM32(dev, config, intf) --print dfu.ll_get_string(intf.iInterface) -+print(dfu.ll_get_string(intf.iInterface)) - s = dfu.ll_get_status() - dfu.ll_clear_status() - s = dfu.ll_get_status() --print s -+print(s) - dfu.dfuse_set_address_pointer(int(sys.argv[1], 16)) - s = dfu.ll_get_status() - dfu.ll_clear_status() - s = dfu.ll_get_status() - dfu.ll_clear_status() - s = dfu.ll_get_status() --print s -+print(s) - block = dfu.dfuse_read_memory() - count = 0 - for d in block: -- print "%02x" % d, -+ print("%02x" % d) - if count & 0x0f == 0x0f: - print - count += 1 -diff --git a/tool/get_raw_public_key.py b/tool/get_raw_public_key.py -index fb1272f09163..f09bba89c754 100755 ---- a/tool/get_raw_public_key.py -+++ b/tool/get_raw_public_key.py -@@ -20,7 +20,7 @@ def get_gpg_public_key(keygrip): - pos_last = key.index(")(1:e3:") - key = key[pos:pos_last] - if len(key) != 256: -- raise ValueError, binascii.hexlify(key) -+ raise ValueError(binascii.hexlify(key)) - return key - - if __name__ == '__main__': -diff --git a/tool/pageant_proxy_to_gpg.py b/tool/pageant_proxy_to_gpg.py -index a755efcd282d..ec7ddc3f6d49 100644 ---- a/tool/pageant_proxy_to_gpg.py -+++ b/tool/pageant_proxy_to_gpg.py -@@ -28,7 +28,7 @@ from sexp import sexp - # Assume it's only OPENPGP.3 key and it's 2048-bit - - def debug(string): -- print "DEBUG: %s" % string -+ print("DEBUG: %s" % string) - sys.stdout.flush() - - def get_keygrip_list(keyinfo_result): -diff --git a/tool/pinpadtest.py b/tool/pinpadtest.py -index 99b132636083..bebe7845313d 100755 ---- a/tool/pinpadtest.py -+++ b/tool/pinpadtest.py -@@ -82,7 +82,7 @@ class Card(object): - elif code == FEATURE_MODIFY_PIN_DIRECT: - self.modify_ioctl = ioctl - if self.verify_ioctl == -1: -- raise ValueError, "Not supported" -+ raise ValueError("Not supported") - - def cmd_select_openpgp(self): - apdu = [0x00, 0xa4, 0x04, 0x00, 6, 0xd2, 0x76, 0x00, 0x01, 0x24, 0x01 ] -@@ -90,7 +90,7 @@ class Card(object): - if sw1 == 0x61: # More data - response, sw1, sw2 = self.connection.transmit([0x00, 0xc0, 0, 0, sw2]) - elif not (sw1 == 0x90 and sw2 == 0x00): -- raise ValueError, ("cmd_select_openpgp %02x %02x" % (sw1, sw2)) -+ raise ValueError("cmd_select_openpgp %02x %02x" % (sw1, sw2)) - - def possibly_add_dummy_byte(self): - if self.another_byte: -@@ -135,11 +135,11 @@ class Card(object): - sw1 = data[0] - sw2 = data[1] - if not (sw1 == 0x90 and sw2 == 0x00): -- raise ValueError, ("cmd_verify_pinpad %02x %02x" % (sw1, sw2)) -+ raise ValueError("cmd_verify_pinpad %02x %02x" % (sw1, sw2)) - - def send_modify_pinpad(self, apdu, single_step, command): - if self.modify_ioctl == -1: -- raise ValueError, "Not supported" -+ raise ValueError("Not supported") - pin_modify = [ 0x00, # bTimerOut - 0x00, # bTimerOut2 - 0x82, # bmFormatString: Byte, pos=0, left, ASCII. -@@ -171,7 +171,7 @@ class Card(object): - sw1 = data[0] - sw2 = data[1] - if not (sw1 == 0x90 and sw2 == 0x00): -- raise ValueError, ("%s %02x %02x" % (command, sw1, sw2)) -+ raise ValueError("%s %02x %02x" % (command, sw1, sw2)) - - def cmd_reset_retry_counter(self, who, data): - if who == BY_ADMIN: -@@ -180,7 +180,7 @@ class Card(object): - apdu = [0x00, 0x2c, 0x00, 0x81, len(data) ] + data # BY_USER with resetcode - response, sw1, sw2 = self.connection.transmit(apdu) - if not (sw1 == 0x90 and sw2 == 0x00): -- raise ValueError, ("cmd_reset_retry_counter %02x %02x" % (sw1, sw2)) -+ raise ValueError("cmd_reset_retry_counter %02x %02x" % (sw1, sw2)) - - # Note: CCID specification doesn't permit this (only 0x20 and 0x24) - def cmd_reset_retry_counter_pinpad(self, who): -@@ -195,7 +195,7 @@ class Card(object): - apdu = [0x00, 0xda, 0x00, 0xd3, len(data) ] + data # BY_ADMIN - response, sw1, sw2 = self.connection.transmit(apdu) - if not (sw1 == 0x90 and sw2 == 0x00): -- raise ValueError, ("cmd_put_resetcode %02x %02x" % (sw1, sw2)) -+ raise ValueError("cmd_put_resetcode %02x %02x" % (sw1, sw2)) - - # Note: CCID specification doesn't permit this (only 0x20 and 0x24) - def cmd_put_resetcode_pinpad(self): -@@ -225,8 +225,8 @@ def main(who, method, add_a_byte, pinmin, pinmax, change_by_two_steps, fixed): - card.connection.connect() - - ident = card.connection.getReader() -- print "Reader/Token:", ident -- print "ATR:", toHexString( card.connection.getATR() ) -+ print("Reader/Token:", ident) -+ print("ATR:", toHexString( card.connection.getATR() )) - - if ident == COVADIS_VEGA_ALPHA: - card.cmd_vega_alpha_disable_empty_verify() -@@ -236,29 +236,29 @@ def main(who, method, add_a_byte, pinmin, pinmax, change_by_two_steps, fixed): - card.cmd_select_openpgp() - if method == "verify": - if who == BY_USER: -- print "Please input User's PIN" -+ print("Please input User's PIN") - else: -- print "Please input Admin's PIN" -+ print("Please input Admin's PIN") - card.cmd_verify_pinpad(who) - elif method == "change": - if change_by_two_steps: - if who == BY_USER: -- print "Please input User's PIN" -+ print("Please input User's PIN") - else: -- print "Please input Admin's PIN" -+ print("Please input Admin's PIN") - card.cmd_verify_pinpad(who) - if who == BY_USER: -- print "Please input New User's PIN twice" -+ print("Please input New User's PIN twice") - else: -- print "Please input New Admin's PIN twice" -+ print("Please input New Admin's PIN twice") - card.cmd_change_reference_data_pinpad(who, True) - else: - if who == BY_USER: -- print "Please input User's PIN" -- print "and New User's PIN twice" -+ print("Please input User's PIN") -+ print("and New User's PIN twice") - else: -- print "Please input Admin's PIN" -- print "and New Admin's PIN twice" -+ print("Please input Admin's PIN") -+ print("and New Admin's PIN twice") - card.cmd_change_reference_data_pinpad(who, False) - elif method == "unblock": - if change_by_two_steps: -@@ -268,66 +268,66 @@ def main(who, method, add_a_byte, pinmin, pinmax, change_by_two_steps, fixed): - newpin=s2l(getpass("Please input New User's PIN from keyboard: ")) - card.cmd_reset_retry_counter(who,resetcode+newpin) - else: -- print "Please input Admin's PIN" -+ print("Please input Admin's PIN") - card.cmd_verify_pinpad(BY_ADMIN) - newpin=s2l(getpass("Please input New User's PIN from keyboard: ")) - card.cmd_reset_retry_counter(who,newpin) - else: - if who == BY_USER: -- print "Please input reset code" -- print "and New User's PIN twice" -+ print("Please input reset code") -+ print("and New User's PIN twice") - else: -- print "Please input Admin's PIN" -+ print("Please input Admin's PIN") - card.cmd_verify_pinpad(BY_ADMIN) -- print "Please input New User's PIN twice" -+ print("Please input New User's PIN twice") - card.cmd_reset_retry_counter_pinpad(who) - elif method == "put": - if change_by_two_steps: - # It means using keyboard for new PIN -- print "Please input Admin's PIN" -+ print("Please input Admin's PIN") - card.cmd_verify_pinpad(BY_ADMIN) - resetcode=s2l(getpass("Please input New Reset Code from keyboard: ")) - card.cmd_put_resetcode(resetcode) - else: -- print "Please input Admin's PIN" -+ print("Please input Admin's PIN") - card.cmd_verify_pinpad(BY_ADMIN) -- print "Please input New Reset Code twice" -+ print("Please input New Reset Code twice") - card.cmd_put_resetcode_pinpad() - else: -- raise ValueError, method -+ raise ValueError(method) - card.connection.disconnect() - -- print "OK." -+ print("OK.") - return 0 - - def print_usage(): -- print "pinpad-test: testing pinentry of PC/SC card reader" -- print " help:" -- print "\t--help:\t\tthis message" -- print " method:\t\t\t\t\t\t\t[verify]" -- print "\t--verify:\tverify PIN" -- print "\t--change:\tchange PIN (old PIN, new PIN twice)" -- print "\t--change2:\tchange PIN by two steps (old PIN, new PIN twice)" -- print "\t--unblock:\tunblock PIN (admin PIN/resetcode, new PIN twice)" -- print "\t--unblock2:\tunblock PIN (admin PIN:pinpad, new PIN:kbd)" -- print "\t--put:\t\tsetup resetcode (admin PIN, new PIN twice)" -- print "\t--put2::\t\tsetup resetcode (admin PIN:pinpad, new PIN:kbd)" -- print " options:" -- print "\t--fixed N:\tUse fixed length input" -- print "\t--admin:\tby administrator\t\t\t[False]" -- print "\t--add:\t\tadd a dummy byte at the end of APDU\t[False]" -- print "\t--pinmin:\tspecify minimum length of PIN\t\t[6]" -- print "\t--pinmax:\tspecify maximum length of PIN\t\t[15]" -- print "EXAMPLES:" -- print " $ pinpad-test # verify user's PIN " -- print " $ pinpad-test --admin # verify admin's PIN " -- print " $ pinpad-test --change # change user's PIN " -- print " $ pinpad-test --change --admin # change admin's PIN " -- print " $ pinpad-test --change2 # change user's PIN by two steps" -- print " $ pinpad-test --change2 --admin # change admin's PIN by two steps" -- print " $ pinpad-test --unblock # change user's PIN by reset code" -- print " $ pinpad-test --unblock --admin # change user's PIN by admin's PIN" -- print " $ pinpad-test --put # setup resetcode " -+ print("pinpad-test: testing pinentry of PC/SC card reader") -+ print(" help:") -+ print("\t--help:\t\tthis message") -+ print(" method:\t\t\t\t\t\t\t[verify]") -+ print("\t--verify:\tverify PIN") -+ print("\t--change:\tchange PIN (old PIN, new PIN twice)") -+ print("\t--change2:\tchange PIN by two steps (old PIN, new PIN twice)") -+ print("\t--unblock:\tunblock PIN (admin PIN/resetcode, new PIN twice)") -+ print("\t--unblock2:\tunblock PIN (admin PIN:pinpad, new PIN:kbd)") -+ print("\t--put:\t\tsetup resetcode (admin PIN, new PIN twice)") -+ print("\t--put2::\t\tsetup resetcode (admin PIN:pinpad, new PIN:kbd)") -+ print(" options:") -+ print("\t--fixed N:\tUse fixed length input") -+ print("\t--admin:\tby administrator\t\t\t[False]") -+ print("\t--add:\t\tadd a dummy byte at the end of APDU\t[False]") -+ print("\t--pinmin:\tspecify minimum length of PIN\t\t[6]") -+ print("\t--pinmax:\tspecify maximum length of PIN\t\t[15]") -+ print("EXAMPLES:") -+ print(" $ pinpad-test # verify user's PIN ") -+ print(" $ pinpad-test --admin # verify admin's PIN ") -+ print(" $ pinpad-test --change # change user's PIN ") -+ print(" $ pinpad-test --change --admin # change admin's PIN ") -+ print(" $ pinpad-test --change2 # change user's PIN by two steps") -+ print(" $ pinpad-test --change2 --admin # change admin's PIN by two steps") -+ print(" $ pinpad-test --unblock # change user's PIN by reset code") -+ print(" $ pinpad-test --unblock --admin # change user's PIN by admin's PIN") -+ print(" $ pinpad-test --put # setup resetcode ") - - if __name__ == '__main__': - who = BY_USER -@@ -374,7 +374,7 @@ if __name__ == '__main__': - print_usage() - exit(0) - else: -- raise ValueError, option -+ raise ValueError(option) - main(who, method, add_a_byte, pinmin, pinmax, change_by_two_steps, fixed) - - # Failure diff --git a/sys-firmware/gnuk/files/1.2.14-MINOR-Always-get-version-from-the-VERSION-file.patch b/sys-firmware/gnuk/files/1.2.15-MINOR-Always-get-version-from-the-VERSION-file.patch index 9db4e957..9db4e957 100644 --- a/sys-firmware/gnuk/files/1.2.14-MINOR-Always-get-version-from-the-VERSION-file.patch +++ b/sys-firmware/gnuk/files/1.2.15-MINOR-Always-get-version-from-the-VERSION-file.patch diff --git a/sys-firmware/gnuk/files/1.2.15-build-discard-compiler-default-specs.patch b/sys-firmware/gnuk/files/1.2.15-build-discard-compiler-default-specs.patch new file mode 100644 index 00000000..972a09b2 --- /dev/null +++ b/sys-firmware/gnuk/files/1.2.15-build-discard-compiler-default-specs.patch @@ -0,0 +1,26 @@ +From b66bd970dbe4f3c9a0ccbe62debb1c8da287e13e Mon Sep 17 00:00:00 2001 +From: Bertrand Jacquin <bertrand@jacquin.bzh> +Date: Sat, 25 Apr 2020 14:28:08 +0100 +Subject: [PATCH] build: discard compiler default specs + +This allow to overwrite any potential default specs defined in local gcc +build like stack-protector which is now enforced by more and more Linux +distributions while it should not apply in chopstx use case +--- + chopstx/rules.mk | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/chopstx/rules.mk b/chopstx/rules.mk +index 3915268418d4..c0f99a6c92e2 100644 +--- a/chopstx/rules.mk ++++ b/chopstx/rules.mk +@@ -57,6 +57,9 @@ LDFLAGS = + + ### + ifeq ($(EMULATION),) ++# Discard compiler default specs ++MCFLAGS += -specs=nosys.specs ++ + MCFLAGS += -mcpu=$(MCU) + LDFLAGS += $(MCFLAGS) -nostartfiles -T$(LDSCRIPT) \ + -Wl,-Map=$(BUILDDIR)/$(PROJECT).map,--cref,--no-warn-mismatch,--gc-sections diff --git a/sys-firmware/gnuk/files/1.2.15-build-do-not-produce-a-dynamically-linked-position-i.patch b/sys-firmware/gnuk/files/1.2.15-build-do-not-produce-a-dynamically-linked-position-i.patch new file mode 100644 index 00000000..34b5d354 --- /dev/null +++ b/sys-firmware/gnuk/files/1.2.15-build-do-not-produce-a-dynamically-linked-position-i.patch @@ -0,0 +1,24 @@ +From 1a16da9e480c5eeb7a76d14dcbb5c92fa71febbb Mon Sep 17 00:00:00 2001 +From: Bertrand Jacquin <bertrand@jacquin.bzh> +Date: Tue, 28 Aug 2018 21:51:26 +0100 +Subject: [PATCH] build: do not produce a dynamically linked position + independent executable + +--- + chopstx/rules.mk | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/chopstx/rules.mk b/chopstx/rules.mk +index 23d55f677f58..5ff80d86509b 100644 +--- a/chopstx/rules.mk ++++ b/chopstx/rules.mk +@@ -63,6 +63,9 @@ MCFLAGS += -specs=nosys.specs + # Do not use the standard system startup files when linking + MCFLAGS += -nostartfiles + ++# Don't produce a dynamically linked position independent executable ++MCFLAGS += -fno-pie ++ + MCFLAGS += -mcpu=$(MCU) + LDFLAGS += $(MCFLAGS) -T$(LDSCRIPT) \ + -Wl,-Map=$(BUILDDIR)/$(PROJECT).map,--cref,--no-warn-mismatch,--gc-sections diff --git a/sys-firmware/gnuk/files/1.2.15-build-initilize-empty-MCFLAGS-and-LDFLAGS.patch b/sys-firmware/gnuk/files/1.2.15-build-initilize-empty-MCFLAGS-and-LDFLAGS.patch new file mode 100644 index 00000000..4669a194 --- /dev/null +++ b/sys-firmware/gnuk/files/1.2.15-build-initilize-empty-MCFLAGS-and-LDFLAGS.patch @@ -0,0 +1,37 @@ +From d9c65c613a6cccbcfd403ef00ffabccec25bf29f Mon Sep 17 00:00:00 2001 +From: Bertrand Jacquin <bertrand@jacquin.bzh> +Date: Sat, 25 Apr 2020 14:26:46 +0100 +Subject: [PATCH] build: initilize empty MCFLAGS and LDFLAGS + +Such variables are modified later, it make it clearer to read when +variable are only appened +--- + chopstx/rules.mk | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/chopstx/rules.mk b/chopstx/rules.mk +index 110079efdaaa..3915268418d4 100644 +--- a/chopstx/rules.mk ++++ b/chopstx/rules.mk +@@ -50,14 +50,17 @@ IINCDIR = $(patsubst %,-I%,$(INCDIR)) + LLIBDIR = $(patsubst %,-L%,$(LIBDIR)) + + VPATH = $(sort $(dir $(CSRC))) ++ ++# Initilize empty LDFLAGS and MCFLAGS ++MCFLAGS = ++LDFLAGS = ++ + ### + ifeq ($(EMULATION),) +-MCFLAGS = -mcpu=$(MCU) +-LDFLAGS = $(MCFLAGS) -nostartfiles -T$(LDSCRIPT) \ ++MCFLAGS += -mcpu=$(MCU) ++LDFLAGS += $(MCFLAGS) -nostartfiles -T$(LDSCRIPT) \ + -Wl,-Map=$(BUILDDIR)/$(PROJECT).map,--cref,--no-warn-mismatch,--gc-sections + else +-MCFLAGS = +-LDFLAGS = + DEFS += -D_GNU_SOURCE + endif + diff --git a/sys-firmware/gnuk/files/1.2.15-build-move-nostartfiles-earlier.patch b/sys-firmware/gnuk/files/1.2.15-build-move-nostartfiles-earlier.patch new file mode 100644 index 00000000..fcee56ee --- /dev/null +++ b/sys-firmware/gnuk/files/1.2.15-build-move-nostartfiles-earlier.patch @@ -0,0 +1,26 @@ +From 81395c4dcecf24a273184862a95c422576228978 Mon Sep 17 00:00:00 2001 +From: Bertrand Jacquin <bertrand@jacquin.bzh> +Date: Sat, 25 Apr 2020 14:40:36 +0100 +Subject: [PATCH] build: move -nostartfiles earlier + +--- + chopstx/rules.mk | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/chopstx/rules.mk b/chopstx/rules.mk +index c0f99a6c92e2..23d55f677f58 100644 +--- a/chopstx/rules.mk ++++ b/chopstx/rules.mk +@@ -60,8 +60,11 @@ ifeq ($(EMULATION),) + # Discard compiler default specs + MCFLAGS += -specs=nosys.specs + ++# Do not use the standard system startup files when linking ++MCFLAGS += -nostartfiles ++ + MCFLAGS += -mcpu=$(MCU) +-LDFLAGS += $(MCFLAGS) -nostartfiles -T$(LDSCRIPT) \ ++LDFLAGS += $(MCFLAGS) -T$(LDSCRIPT) \ + -Wl,-Map=$(BUILDDIR)/$(PROJECT).map,--cref,--no-warn-mismatch,--gc-sections + else + DEFS += -D_GNU_SOURCE diff --git a/sys-firmware/gnuk/gnuk-1.2.14.ebuild b/sys-firmware/gnuk/gnuk-1.2.15.ebuild index 66ed7202..f52f14aa 100644 --- a/sys-firmware/gnuk/gnuk-1.2.14.ebuild +++ b/sys-firmware/gnuk/gnuk-1.2.15.ebuild @@ -2,12 +2,12 @@ # Distributed under the terms of the GNU General Public License v2 EAPI=6 -PYTHON_COMPAT=( python{3_6,3_7} ) +PYTHON_COMPAT=( python{3_6,3_7,3_8} ) inherit git-r3 eutils python-r1 udev DESCRIPTION="An Implementation of USB Cryptographic Token for GnuPG" HOMEPAGE="https://www.fsij.org/category/gnuk.html" -EGIT_REPO_URI="https://salsa.debian.org/gnuk-team/${PN}/${PN}.git" +EGIT_REPO_URI="https://salsa.debian.org/gnuk-team/${PN}/${PN}" EGIT_COMMIT="release/${PV}" LICENSE="GPL-3" @@ -25,9 +25,10 @@ RDEPEND="virtual/udev PATCHES=( "${FILESDIR}/${PV}-MINOR-Always-get-version-from-the-VERSION-file.patch" - "${FILESDIR}/${PV}-Disable-PIE.patch" - "${FILESDIR}/${PV}-Disable-stack-protector.patch" - "${FILESDIR}/${PV}-tool-switch-to-python3.patch" + "${FILESDIR}/${PV}-build-initilize-empty-MCFLAGS-and-LDFLAGS.patch" + "${FILESDIR}/${PV}-build-discard-compiler-default-specs.patch" + "${FILESDIR}/${PV}-build-move-nostartfiles-earlier.patch" + "${FILESDIR}/${PV}-build-do-not-produce-a-dynamically-linked-position-i.patch" ) pkg_pretend() { @@ -38,7 +39,7 @@ pkg_pretend() { eerror "Before you could build the firmware, you need to install arm-none-eabi toolchain" eerror "Run the following commands:" eerror " emerge -vat crossdev" - eerror " crossdev --stable -t arm-none-eabi" + eerror " crossdev --target arm-none-eabi" die "arm-none-eabi toolchain is needed" } @@ -94,8 +95,7 @@ src_install() { fi install_example() { - python_export PYTHON_SCRIPTDIR - insinto "${PYTHON_SCRIPTDIR}" + insinto "$(python_get_scriptdir)" doins "${1}" } |