From a38a7f73f9fd897374938a9924b3a560bea28e92 Mon Sep 17 00:00:00 2001 From: Bertrand Jacquin Date: Sat, 11 Jan 2020 18:08:27 +0000 Subject: sys-firmware/gnuk: version bump Package-Manager: Portage-2.3.79, Repoman-2.3.16 --- .../gnuk/files/1.2.10-Disable-PIE-by-default.patch | 24 -- ...-Always-get-version-from-the-VERSION-file.patch | 32 -- sys-firmware/gnuk/files/1.2.14-Disable-PIE.patch | 47 ++ .../files/1.2.14-Disable-stack-protector.patch | 46 ++ ...-Always-get-version-from-the-VERSION-file.patch | 32 ++ .../gnuk/files/1.2.14-tool-switch-to-python3.patch | 477 +++++++++++++++++++++ sys-firmware/gnuk/gnuk-1.2.10.ebuild | 119 ----- sys-firmware/gnuk/gnuk-1.2.14.ebuild | 123 ++++++ 8 files changed, 725 insertions(+), 175 deletions(-) delete mode 100644 sys-firmware/gnuk/files/1.2.10-Disable-PIE-by-default.patch delete mode 100644 sys-firmware/gnuk/files/1.2.10-MINOR-Always-get-version-from-the-VERSION-file.patch create mode 100644 sys-firmware/gnuk/files/1.2.14-Disable-PIE.patch create mode 100644 sys-firmware/gnuk/files/1.2.14-Disable-stack-protector.patch create mode 100644 sys-firmware/gnuk/files/1.2.14-MINOR-Always-get-version-from-the-VERSION-file.patch create mode 100644 sys-firmware/gnuk/files/1.2.14-tool-switch-to-python3.patch delete mode 100644 sys-firmware/gnuk/gnuk-1.2.10.ebuild create mode 100644 sys-firmware/gnuk/gnuk-1.2.14.ebuild (limited to 'sys-firmware') diff --git a/sys-firmware/gnuk/files/1.2.10-Disable-PIE-by-default.patch b/sys-firmware/gnuk/files/1.2.10-Disable-PIE-by-default.patch deleted file mode 100644 index 2469ecb5..00000000 --- a/sys-firmware/gnuk/files/1.2.10-Disable-PIE-by-default.patch +++ /dev/null @@ -1,24 +0,0 @@ -From a62a16d0f7561c91580bec39a2170fabf6f3c80a Mon Sep 17 00:00:00 2001 -From: Bertrand Jacquin -Date: Tue, 28 Aug 2018 21:51:26 +0100 -Subject: [PATCH] Disable PIE by default - -If gcc is built using --enable-default-pie, generated binary will -contain dynamic relocations which is irrelevant for firmware build ---- - chopstx/rules.mk | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/chopstx/rules.mk b/chopstx/rules.mk -index 110079efdaaa..39ec326fb295 100644 ---- a/chopstx/rules.mk -+++ b/chopstx/rules.mk -@@ -42,7 +42,7 @@ OUTFILES = $(BUILDDIR)/$(PROJECT) - endif - - --OPT += -ffunction-sections -fdata-sections -fno-common -+OPT += -ffunction-sections -fdata-sections -fno-common -fno-pie - - OBJS = $(addprefix $(BUILDDIR)/, $(notdir $(CSRC:.c=.o))) - diff --git a/sys-firmware/gnuk/files/1.2.10-MINOR-Always-get-version-from-the-VERSION-file.patch b/sys-firmware/gnuk/files/1.2.10-MINOR-Always-get-version-from-the-VERSION-file.patch deleted file mode 100644 index 6d704acb..00000000 --- a/sys-firmware/gnuk/files/1.2.10-MINOR-Always-get-version-from-the-VERSION-file.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 97d8b30d11913ae4d25da22d6c1de19b75e3d5fa Mon Sep 17 00:00:00 2001 -From: Bertrand Jacquin -Date: Sun, 19 Feb 2017 02:18:13 +0000 -Subject: [PATCH] MINOR: Always get version from the VERSION file - ---- - src/configure | 12 +----------- - 1 file changed, 1 insertion(+), 11 deletions(-) - -diff --git a/src/configure b/src/configure -index e959befdddf3..ca6710cba8a3 100755 ---- a/src/configure -+++ b/src/configure -@@ -51,17 +51,7 @@ exec_prefix='${prefix}' - libexecdir='${exec_prefix}/libexec' - - # Revision number --if test -e ../.git; then -- if type git >/dev/null 2>&1; then -- REVISION=$(git describe --dirty="-modified") -- else -- # echo 'No git available, please install git' -- GIT_REVISION=$(sed -e 's/^\(.......\).*$/g\1/' "../.git/$(sed -e 's/^ref: //' ../.git/HEAD)") -- REVISION=$(cat ../VERSION)-$GIT_REVISION -- fi --else -- REVISION=$(cat ../VERSION) --fi -+REVISION=$(cat ../VERSION) - - # Process each option - for option; do diff --git a/sys-firmware/gnuk/files/1.2.14-Disable-PIE.patch b/sys-firmware/gnuk/files/1.2.14-Disable-PIE.patch new file mode 100644 index 00000000..4071def8 --- /dev/null +++ b/sys-firmware/gnuk/files/1.2.14-Disable-PIE.patch @@ -0,0 +1,47 @@ +From 16bf07e3880a45af9a6c8e477166733577f05a1c Mon Sep 17 00:00:00 2001 +From: Bertrand Jacquin +Date: Tue, 28 Aug 2018 21:51:26 +0100 +Subject: [PATCH 1/2] Disable PIE + +If gcc is built using --enable-default-pie, generated binary will +contain dynamic relocations which is irrelevant for firmware build +--- + regnual/Makefile | 2 +- + src/Makefile | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/regnual/Makefile b/regnual/Makefile +index b3ae5973d8e8..9479776ad681 100644 +--- a/regnual/Makefile ++++ b/regnual/Makefile +@@ -24,7 +24,7 @@ CWARN = -Wall -Wextra -Wstrict-prototypes + MCFLAGS= -mcpu=$(MCU) + DEFS += -DFREE_STANDING + +-CFLAGS = -O2 -g ++CFLAGS = -O2 -g -fno-pie + CFLAGS += -Wa,-alms=$(notdir $(<:.c=.lst)) -fpie + CFLAGS += $(CWARN) -I . -I ../chopstx -fno-common $(MCFLAGS) $(TOPT) $(DEFS) + +diff --git a/src/Makefile b/src/Makefile +index ba2c3bf863d2..d5e1b7299702 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -63,7 +63,7 @@ LD = $(CROSS)gcc + OBJCOPY = $(CROSS)objcopy + + CWARN = -Wall -Wextra -Wstrict-prototypes +-OPT = -O3 -Os -g ++OPT = -O3 -Os -g -fno-pie + + ####################### + include $(CHOPSTX)/rules.mk +@@ -74,7 +74,7 @@ board.h: + + sys.c: board.h + +-build/bignum.o: OPT = -O3 -g ++build/bignum.o: OPT = -O3 -g -fno-pie + + build/stdaln-sys.elf: build/sys-$(CHIP).o stdaln-sys.ld + @echo diff --git a/sys-firmware/gnuk/files/1.2.14-Disable-stack-protector.patch b/sys-firmware/gnuk/files/1.2.14-Disable-stack-protector.patch new file mode 100644 index 00000000..6c382d04 --- /dev/null +++ b/sys-firmware/gnuk/files/1.2.14-Disable-stack-protector.patch @@ -0,0 +1,46 @@ +From 40fad3de514d5ba594fe0c6e3e5f732e14f8b9e3 Mon Sep 17 00:00:00 2001 +From: Bertrand Jacquin +Date: Sat, 11 Jan 2020 22:56:13 +0000 +Subject: [PATCH 2/2] Disable stack-protector + +newlib has no implementation of __stack_chk_fail +--- + regnual/Makefile | 2 +- + src/Makefile | 4 ++-- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/regnual/Makefile b/regnual/Makefile +index 9479776ad681..db088cf69065 100644 +--- a/regnual/Makefile ++++ b/regnual/Makefile +@@ -24,7 +24,7 @@ CWARN = -Wall -Wextra -Wstrict-prototypes + MCFLAGS= -mcpu=$(MCU) + DEFS += -DFREE_STANDING + +-CFLAGS = -O2 -g -fno-pie ++CFLAGS = -O2 -g -fno-pie -fno-stack-protector + CFLAGS += -Wa,-alms=$(notdir $(<:.c=.lst)) -fpie + CFLAGS += $(CWARN) -I . -I ../chopstx -fno-common $(MCFLAGS) $(TOPT) $(DEFS) + +diff --git a/src/Makefile b/src/Makefile +index d5e1b7299702..a2afce17f685 100644 +--- a/src/Makefile ++++ b/src/Makefile +@@ -63,7 +63,7 @@ LD = $(CROSS)gcc + OBJCOPY = $(CROSS)objcopy + + CWARN = -Wall -Wextra -Wstrict-prototypes +-OPT = -O3 -Os -g -fno-pie ++OPT = -O3 -Os -g -fno-pie -fno-stack-protector + + ####################### + include $(CHOPSTX)/rules.mk +@@ -74,7 +74,7 @@ board.h: + + sys.c: board.h + +-build/bignum.o: OPT = -O3 -g -fno-pie ++build/bignum.o: OPT = -O3 -g -fno-pie -fno-stack-protector + + build/stdaln-sys.elf: build/sys-$(CHIP).o stdaln-sys.ld + @echo diff --git a/sys-firmware/gnuk/files/1.2.14-MINOR-Always-get-version-from-the-VERSION-file.patch b/sys-firmware/gnuk/files/1.2.14-MINOR-Always-get-version-from-the-VERSION-file.patch new file mode 100644 index 00000000..9db4e957 --- /dev/null +++ b/sys-firmware/gnuk/files/1.2.14-MINOR-Always-get-version-from-the-VERSION-file.patch @@ -0,0 +1,32 @@ +From e2ce363cd282781aab28cdb1c84c4493e57cba22 Mon Sep 17 00:00:00 2001 +From: Bertrand Jacquin +Date: Sun, 19 Feb 2017 02:18:13 +0000 +Subject: [PATCH] MINOR: Always get version from the VERSION file + +--- + src/configure | 12 +----------- + 1 file changed, 1 insertion(+), 11 deletions(-) + +diff --git a/src/configure b/src/configure +index d09cde68969b..54da932e1f27 100755 +--- a/src/configure ++++ b/src/configure +@@ -52,17 +52,7 @@ exec_prefix='${prefix}' + libexecdir='${exec_prefix}/libexec' + + # Revision number +-if test -e ../.git; then +- if type git >/dev/null 2>&1; then +- REVISION=$(git describe --dirty="-modified") +- else +- # echo 'No git available, please install git' +- GIT_REVISION=$(sed -e 's/^\(.......\).*$/g\1/' "../.git/$(sed -e 's/^ref: //' ../.git/HEAD)") +- REVISION=$(cat ../VERSION)-$GIT_REVISION +- fi +-else +- REVISION=$(cat ../VERSION) +-fi ++REVISION=$(cat ../VERSION) + + # Process each option + for option; do diff --git a/sys-firmware/gnuk/files/1.2.14-tool-switch-to-python3.patch b/sys-firmware/gnuk/files/1.2.14-tool-switch-to-python3.patch new file mode 100644 index 00000000..dd9d3632 --- /dev/null +++ b/sys-firmware/gnuk/files/1.2.14-tool-switch-to-python3.patch @@ -0,0 +1,477 @@ +From a6bb96bb94ce324e7b1ddd5fb67367517d1562eb Mon Sep 17 00:00:00 2001 +From: Bertrand Jacquin +Date: Sat, 11 Jan 2020 18:00:48 +0000 +Subject: [PATCH] tool: switch to python3 + +python2 is no longer maintained upstream +--- + tool/add_openpgp_authkey_from_gpgssh.py | 8 +- + tool/calc_precompute_table_ecc.py | 14 +-- + tool/dfuse.py | 32 +++---- + tool/dump_mem.py | 8 +- + tool/get_raw_public_key.py | 2 +- + tool/pageant_proxy_to_gpg.py | 2 +- + tool/pinpadtest.py | 114 ++++++++++++------------ + 7 files changed, 91 insertions(+), 91 deletions(-) + +diff --git a/tool/add_openpgp_authkey_from_gpgssh.py b/tool/add_openpgp_authkey_from_gpgssh.py +index 1eb80de9c8a8..2f9f0e13ad03 100644 +--- a/tool/add_openpgp_authkey_from_gpgssh.py ++++ b/tool/add_openpgp_authkey_from_gpgssh.py +@@ -109,15 +109,15 @@ def build_rsakey_from_ssh_key_under_gpg_agent(g, timestamp=None): + # The information is in SEXP format, extract N and E + s = sexp(pubkey_info_str) + if s[0] != 'public-key': +- print s ++ print(s) + exit(1) + rsa = s[1] + if rsa[0] != 'rsa': +- print rsa ++ print(rsa) + exit(1) + n_x = rsa[1] + if n_x[0] != 'n': +- print n_x ++ print(n_x) + exit(1) + n_byte_str = n_x[1] + while n_byte_str[0] == '\x00': +@@ -125,7 +125,7 @@ def build_rsakey_from_ssh_key_under_gpg_agent(g, timestamp=None): + n = n_byte_str + e_x = rsa[2] + if e_x[0] != 'e': +- print e_x ++ print(e_x) + exit(1) + e = e_x[1] + if not timestamp: +diff --git a/tool/calc_precompute_table_ecc.py b/tool/calc_precompute_table_ecc.py +index 2b59789329ad..5536db1ebd2b 100644 +--- a/tool/calc_precompute_table_ecc.py ++++ b/tool/calc_precompute_table_ecc.py +@@ -8,21 +8,21 @@ def print_nG(n): + nGy_str = "%064x" % nG.y() + print256(nGx_str) + print256(nGy_str) +- print ++ print() + + def print256(s): + print("0x%s, 0x%s, 0x%s, 0x%s," % (s[56:64], s[48:56], s[40:48], s[32:40])) + print("0x%s, 0x%s, 0x%s, 0x%s" % (s[24:32], s[16:24], s[8:16], s[0:8])) +- print ++ print() + + + for i in range(1,16): +- n = (i & 1) + (i & 2) * 0x8000000000000000L + (i & 4) * 0x40000000000000000000000000000000L + (i & 8) * 0x200000000000000000000000000000000000000000000000L +- print "%064x" % n ++ n = (i & 1) + (i & 2) * 0x8000000000000000 + (i & 4) * 0x40000000000000000000000000000000 + (i & 8) * 0x200000000000000000000000000000000000000000000000 ++ print("%064x" % n) + print_nG(n) + + for i in range(1,16): +- n = (i & 1) + (i & 2) * 0x8000000000000000L + (i & 4) * 0x40000000000000000000000000000000L + (i & 8) * 0x200000000000000000000000000000000000000000000000L +- n = n * 0x100000000L +- print "%064x" % n ++ n = (i & 1) + (i & 2) * 0x8000000000000000 + (i & 4) * 0x40000000000000000000000000000000 + (i & 8) * 0x200000000000000000000000000000000000000000000000 ++ n = n * 0x100000000 ++ print("%064x" % n) + print_nG(n) +diff --git a/tool/dfuse.py b/tool/dfuse.py +index cd0f17284817..d108810e85e3 100755 +--- a/tool/dfuse.py ++++ b/tool/dfuse.py +@@ -104,9 +104,9 @@ class DFU_STM32(object): + interface: usb.Interface object representing the interface and altenate setting. + """ + if interface.interfaceClass != DFU_CLASS: +- raise ValueError, "Wrong interface class" ++ raise ValueError("Wrong interface class") + if interface.interfaceSubClass != DFU_SUBCLASS: +- raise ValueError, "Wrong interface sub class" ++ raise ValueError("Wrong interface sub class") + self.__protocol = interface.interfaceProtocol + self.__devhandle = device.open() + self.__devhandle.setConfiguration(configuration) +@@ -170,7 +170,7 @@ class DFU_STM32(object): + while s[4] == STATE_DFU_DOWNLOAD_BUSY: + time.sleep(0.1) + s = self.ll_get_status() +- raise ValueError, "Read memory failed (%d)" % s[0] ++ raise ValueError("Read memory failed (%d)" % s[0]) + + def dfuse_set_address_pointer(self, address): + bytes = get_four_bytes (address) +@@ -181,7 +181,7 @@ class DFU_STM32(object): + time.sleep(0.1) + s = self.ll_get_status() + if s[4] != STATE_DFU_DOWNLOAD_IDLE: +- raise ValueError, "Set Address Pointer failed" ++ raise ValueError("Set Address Pointer failed") + + def dfuse_erase(self, address): + bytes = get_four_bytes (address) +@@ -191,7 +191,7 @@ class DFU_STM32(object): + time.sleep(0.1) + s = self.ll_get_status() + if s[4] != STATE_DFU_DOWNLOAD_IDLE: +- raise ValueError, "Erase failed" ++ raise ValueError("Erase failed") + + def dfuse_write_memory(self, block): + blocknum = self.__blocknum +@@ -202,7 +202,7 @@ class DFU_STM32(object): + time.sleep(0.1) + s = self.ll_get_status() + if s[4] != STATE_DFU_DOWNLOAD_IDLE: +- raise ValueError, "Write memory failed" ++ raise ValueError("Write memory failed") + + def download(self, ih): + # First, erase pages +@@ -280,7 +280,7 @@ class DFU_STM32(object): + elif s[4] == STATE_DFU_MANIFEST_WAIT_RESET: + self.__devhandle.reset() + elif s[4] != STATE_DFU_IDLE: +- raise ValueError, "write failed (%d)." % s[4] ++ raise ValueError("write failed (%d)." % s[4]) + else: + self.ll_clear_status() + self.ll_clear_status() +@@ -315,7 +315,7 @@ class DFU_STM32(object): + j = 0 + for c in data[0:(addr + 1024 - start_addr)]: + if (ord(c)&0xff) != block[j + start_addr - addr]: +- raise ValueError, "verify failed at %08x" % (addr + i*1024+j) ++ raise ValueError("verify failed at %08x" % (addr + i*1024+j)) + j += 1 + data = data[(addr + 1024 - start_addr):] + addr += 1024 +@@ -330,7 +330,7 @@ class DFU_STM32(object): + j = 0 + for c in data[i*1024:(i+1)*1024]: + if (ord(c)&0xff) != block[j]: +- raise ValueError, "verify failed at %08x" % (addr + i*1024+j) ++ raise ValueError("verify failed at %08x" % (addr + i*1024+j)) + j += 1 + if i & 0x03 == 0x03: + sys.stdout.write("#") +@@ -367,25 +367,25 @@ def get_device(): + (alt.interfaceProtocol == DFU_STM32PROTOCOL_0 or \ + alt.interfaceProtocol == DFU_STM32PROTOCOL_2): + return dev, config, alt +- raise ValueError, "Device not found" ++ raise ValueError("Device not found") + + def main(filename): + dev, config, intf = get_device() +- print "Device:", dev.filename +- print "Configuration", config.value +- print "Interface", intf.interfaceNumber ++ print("Device:", dev.filename) ++ print("Configuration", config.value) ++ print("Interface", intf.interfaceNumber) + dfu = DFU_STM32(dev, config, intf) +- print dfu.ll_get_string(intf.iInterface) ++ print(dfu.ll_get_string(intf.iInterface)) + s = dfu.ll_get_status() + if s[4] == STATE_DFU_ERROR: + dfu.ll_clear_status() + s = dfu.ll_get_status() +- print s ++ print(s) + if s[4] == STATE_DFU_IDLE: + exit + transfer_size = 1024 + if s[0] != DFU_STATUS_OK: +- print s ++ print(s) + exit + ih = intel_hex(filename) + dfu.download(ih) +diff --git a/tool/dump_mem.py b/tool/dump_mem.py +index 806bafe5b1b5..d793271c7dc5 100755 +--- a/tool/dump_mem.py ++++ b/tool/dump_mem.py +@@ -27,22 +27,22 @@ from dfuse import * + + dev, config, intf = get_device() + dfu = DFU_STM32(dev, config, intf) +-print dfu.ll_get_string(intf.iInterface) ++print(dfu.ll_get_string(intf.iInterface)) + s = dfu.ll_get_status() + dfu.ll_clear_status() + s = dfu.ll_get_status() +-print s ++print(s) + dfu.dfuse_set_address_pointer(int(sys.argv[1], 16)) + s = dfu.ll_get_status() + dfu.ll_clear_status() + s = dfu.ll_get_status() + dfu.ll_clear_status() + s = dfu.ll_get_status() +-print s ++print(s) + block = dfu.dfuse_read_memory() + count = 0 + for d in block: +- print "%02x" % d, ++ print("%02x" % d) + if count & 0x0f == 0x0f: + print + count += 1 +diff --git a/tool/get_raw_public_key.py b/tool/get_raw_public_key.py +index fb1272f09163..f09bba89c754 100755 +--- a/tool/get_raw_public_key.py ++++ b/tool/get_raw_public_key.py +@@ -20,7 +20,7 @@ def get_gpg_public_key(keygrip): + pos_last = key.index(")(1:e3:") + key = key[pos:pos_last] + if len(key) != 256: +- raise ValueError, binascii.hexlify(key) ++ raise ValueError(binascii.hexlify(key)) + return key + + if __name__ == '__main__': +diff --git a/tool/pageant_proxy_to_gpg.py b/tool/pageant_proxy_to_gpg.py +index a755efcd282d..ec7ddc3f6d49 100644 +--- a/tool/pageant_proxy_to_gpg.py ++++ b/tool/pageant_proxy_to_gpg.py +@@ -28,7 +28,7 @@ from sexp import sexp + # Assume it's only OPENPGP.3 key and it's 2048-bit + + def debug(string): +- print "DEBUG: %s" % string ++ print("DEBUG: %s" % string) + sys.stdout.flush() + + def get_keygrip_list(keyinfo_result): +diff --git a/tool/pinpadtest.py b/tool/pinpadtest.py +index 99b132636083..bebe7845313d 100755 +--- a/tool/pinpadtest.py ++++ b/tool/pinpadtest.py +@@ -82,7 +82,7 @@ class Card(object): + elif code == FEATURE_MODIFY_PIN_DIRECT: + self.modify_ioctl = ioctl + if self.verify_ioctl == -1: +- raise ValueError, "Not supported" ++ raise ValueError("Not supported") + + def cmd_select_openpgp(self): + apdu = [0x00, 0xa4, 0x04, 0x00, 6, 0xd2, 0x76, 0x00, 0x01, 0x24, 0x01 ] +@@ -90,7 +90,7 @@ class Card(object): + if sw1 == 0x61: # More data + response, sw1, sw2 = self.connection.transmit([0x00, 0xc0, 0, 0, sw2]) + elif not (sw1 == 0x90 and sw2 == 0x00): +- raise ValueError, ("cmd_select_openpgp %02x %02x" % (sw1, sw2)) ++ raise ValueError("cmd_select_openpgp %02x %02x" % (sw1, sw2)) + + def possibly_add_dummy_byte(self): + if self.another_byte: +@@ -135,11 +135,11 @@ class Card(object): + sw1 = data[0] + sw2 = data[1] + if not (sw1 == 0x90 and sw2 == 0x00): +- raise ValueError, ("cmd_verify_pinpad %02x %02x" % (sw1, sw2)) ++ raise ValueError("cmd_verify_pinpad %02x %02x" % (sw1, sw2)) + + def send_modify_pinpad(self, apdu, single_step, command): + if self.modify_ioctl == -1: +- raise ValueError, "Not supported" ++ raise ValueError("Not supported") + pin_modify = [ 0x00, # bTimerOut + 0x00, # bTimerOut2 + 0x82, # bmFormatString: Byte, pos=0, left, ASCII. +@@ -171,7 +171,7 @@ class Card(object): + sw1 = data[0] + sw2 = data[1] + if not (sw1 == 0x90 and sw2 == 0x00): +- raise ValueError, ("%s %02x %02x" % (command, sw1, sw2)) ++ raise ValueError("%s %02x %02x" % (command, sw1, sw2)) + + def cmd_reset_retry_counter(self, who, data): + if who == BY_ADMIN: +@@ -180,7 +180,7 @@ class Card(object): + apdu = [0x00, 0x2c, 0x00, 0x81, len(data) ] + data # BY_USER with resetcode + response, sw1, sw2 = self.connection.transmit(apdu) + if not (sw1 == 0x90 and sw2 == 0x00): +- raise ValueError, ("cmd_reset_retry_counter %02x %02x" % (sw1, sw2)) ++ raise ValueError("cmd_reset_retry_counter %02x %02x" % (sw1, sw2)) + + # Note: CCID specification doesn't permit this (only 0x20 and 0x24) + def cmd_reset_retry_counter_pinpad(self, who): +@@ -195,7 +195,7 @@ class Card(object): + apdu = [0x00, 0xda, 0x00, 0xd3, len(data) ] + data # BY_ADMIN + response, sw1, sw2 = self.connection.transmit(apdu) + if not (sw1 == 0x90 and sw2 == 0x00): +- raise ValueError, ("cmd_put_resetcode %02x %02x" % (sw1, sw2)) ++ raise ValueError("cmd_put_resetcode %02x %02x" % (sw1, sw2)) + + # Note: CCID specification doesn't permit this (only 0x20 and 0x24) + def cmd_put_resetcode_pinpad(self): +@@ -225,8 +225,8 @@ def main(who, method, add_a_byte, pinmin, pinmax, change_by_two_steps, fixed): + card.connection.connect() + + ident = card.connection.getReader() +- print "Reader/Token:", ident +- print "ATR:", toHexString( card.connection.getATR() ) ++ print("Reader/Token:", ident) ++ print("ATR:", toHexString( card.connection.getATR() )) + + if ident == COVADIS_VEGA_ALPHA: + card.cmd_vega_alpha_disable_empty_verify() +@@ -236,29 +236,29 @@ def main(who, method, add_a_byte, pinmin, pinmax, change_by_two_steps, fixed): + card.cmd_select_openpgp() + if method == "verify": + if who == BY_USER: +- print "Please input User's PIN" ++ print("Please input User's PIN") + else: +- print "Please input Admin's PIN" ++ print("Please input Admin's PIN") + card.cmd_verify_pinpad(who) + elif method == "change": + if change_by_two_steps: + if who == BY_USER: +- print "Please input User's PIN" ++ print("Please input User's PIN") + else: +- print "Please input Admin's PIN" ++ print("Please input Admin's PIN") + card.cmd_verify_pinpad(who) + if who == BY_USER: +- print "Please input New User's PIN twice" ++ print("Please input New User's PIN twice") + else: +- print "Please input New Admin's PIN twice" ++ print("Please input New Admin's PIN twice") + card.cmd_change_reference_data_pinpad(who, True) + else: + if who == BY_USER: +- print "Please input User's PIN" +- print "and New User's PIN twice" ++ print("Please input User's PIN") ++ print("and New User's PIN twice") + else: +- print "Please input Admin's PIN" +- print "and New Admin's PIN twice" ++ print("Please input Admin's PIN") ++ print("and New Admin's PIN twice") + card.cmd_change_reference_data_pinpad(who, False) + elif method == "unblock": + if change_by_two_steps: +@@ -268,66 +268,66 @@ def main(who, method, add_a_byte, pinmin, pinmax, change_by_two_steps, fixed): + newpin=s2l(getpass("Please input New User's PIN from keyboard: ")) + card.cmd_reset_retry_counter(who,resetcode+newpin) + else: +- print "Please input Admin's PIN" ++ print("Please input Admin's PIN") + card.cmd_verify_pinpad(BY_ADMIN) + newpin=s2l(getpass("Please input New User's PIN from keyboard: ")) + card.cmd_reset_retry_counter(who,newpin) + else: + if who == BY_USER: +- print "Please input reset code" +- print "and New User's PIN twice" ++ print("Please input reset code") ++ print("and New User's PIN twice") + else: +- print "Please input Admin's PIN" ++ print("Please input Admin's PIN") + card.cmd_verify_pinpad(BY_ADMIN) +- print "Please input New User's PIN twice" ++ print("Please input New User's PIN twice") + card.cmd_reset_retry_counter_pinpad(who) + elif method == "put": + if change_by_two_steps: + # It means using keyboard for new PIN +- print "Please input Admin's PIN" ++ print("Please input Admin's PIN") + card.cmd_verify_pinpad(BY_ADMIN) + resetcode=s2l(getpass("Please input New Reset Code from keyboard: ")) + card.cmd_put_resetcode(resetcode) + else: +- print "Please input Admin's PIN" ++ print("Please input Admin's PIN") + card.cmd_verify_pinpad(BY_ADMIN) +- print "Please input New Reset Code twice" ++ print("Please input New Reset Code twice") + card.cmd_put_resetcode_pinpad() + else: +- raise ValueError, method ++ raise ValueError(method) + card.connection.disconnect() + +- print "OK." ++ print("OK.") + return 0 + + def print_usage(): +- print "pinpad-test: testing pinentry of PC/SC card reader" +- print " help:" +- print "\t--help:\t\tthis message" +- print " method:\t\t\t\t\t\t\t[verify]" +- print "\t--verify:\tverify PIN" +- print "\t--change:\tchange PIN (old PIN, new PIN twice)" +- print "\t--change2:\tchange PIN by two steps (old PIN, new PIN twice)" +- print "\t--unblock:\tunblock PIN (admin PIN/resetcode, new PIN twice)" +- print "\t--unblock2:\tunblock PIN (admin PIN:pinpad, new PIN:kbd)" +- print "\t--put:\t\tsetup resetcode (admin PIN, new PIN twice)" +- print "\t--put2::\t\tsetup resetcode (admin PIN:pinpad, new PIN:kbd)" +- print " options:" +- print "\t--fixed N:\tUse fixed length input" +- print "\t--admin:\tby administrator\t\t\t[False]" +- print "\t--add:\t\tadd a dummy byte at the end of APDU\t[False]" +- print "\t--pinmin:\tspecify minimum length of PIN\t\t[6]" +- print "\t--pinmax:\tspecify maximum length of PIN\t\t[15]" +- print "EXAMPLES:" +- print " $ pinpad-test # verify user's PIN " +- print " $ pinpad-test --admin # verify admin's PIN " +- print " $ pinpad-test --change # change user's PIN " +- print " $ pinpad-test --change --admin # change admin's PIN " +- print " $ pinpad-test --change2 # change user's PIN by two steps" +- print " $ pinpad-test --change2 --admin # change admin's PIN by two steps" +- print " $ pinpad-test --unblock # change user's PIN by reset code" +- print " $ pinpad-test --unblock --admin # change user's PIN by admin's PIN" +- print " $ pinpad-test --put # setup resetcode " ++ print("pinpad-test: testing pinentry of PC/SC card reader") ++ print(" help:") ++ print("\t--help:\t\tthis message") ++ print(" method:\t\t\t\t\t\t\t[verify]") ++ print("\t--verify:\tverify PIN") ++ print("\t--change:\tchange PIN (old PIN, new PIN twice)") ++ print("\t--change2:\tchange PIN by two steps (old PIN, new PIN twice)") ++ print("\t--unblock:\tunblock PIN (admin PIN/resetcode, new PIN twice)") ++ print("\t--unblock2:\tunblock PIN (admin PIN:pinpad, new PIN:kbd)") ++ print("\t--put:\t\tsetup resetcode (admin PIN, new PIN twice)") ++ print("\t--put2::\t\tsetup resetcode (admin PIN:pinpad, new PIN:kbd)") ++ print(" options:") ++ print("\t--fixed N:\tUse fixed length input") ++ print("\t--admin:\tby administrator\t\t\t[False]") ++ print("\t--add:\t\tadd a dummy byte at the end of APDU\t[False]") ++ print("\t--pinmin:\tspecify minimum length of PIN\t\t[6]") ++ print("\t--pinmax:\tspecify maximum length of PIN\t\t[15]") ++ print("EXAMPLES:") ++ print(" $ pinpad-test # verify user's PIN ") ++ print(" $ pinpad-test --admin # verify admin's PIN ") ++ print(" $ pinpad-test --change # change user's PIN ") ++ print(" $ pinpad-test --change --admin # change admin's PIN ") ++ print(" $ pinpad-test --change2 # change user's PIN by two steps") ++ print(" $ pinpad-test --change2 --admin # change admin's PIN by two steps") ++ print(" $ pinpad-test --unblock # change user's PIN by reset code") ++ print(" $ pinpad-test --unblock --admin # change user's PIN by admin's PIN") ++ print(" $ pinpad-test --put # setup resetcode ") + + if __name__ == '__main__': + who = BY_USER +@@ -374,7 +374,7 @@ if __name__ == '__main__': + print_usage() + exit(0) + else: +- raise ValueError, option ++ raise ValueError(option) + main(who, method, add_a_byte, pinmin, pinmax, change_by_two_steps, fixed) + + # Failure diff --git a/sys-firmware/gnuk/gnuk-1.2.10.ebuild b/sys-firmware/gnuk/gnuk-1.2.10.ebuild deleted file mode 100644 index 1cff6331..00000000 --- a/sys-firmware/gnuk/gnuk-1.2.10.ebuild +++ /dev/null @@ -1,119 +0,0 @@ -# Copyright 1999-2018 Gentoo Foundation -# Distributed under the terms of the GNU General Public License v2 - -EAPI=6 -PYTHON_COMPAT=( python2_7 ) -inherit git-r3 eutils python-r1 udev - -DESCRIPTION="An Implementation of USB Cryptographic Token for GnuPG" -HOMEPAGE="https://www.fsij.org/category/gnuk.html" -EGIT_REPO_URI="https://salsa.debian.org/gnuk-team/${PN}/${PN}.git" -EGIT_COMMIT="release/${PV}" - -LICENSE="GPL-3" -SLOT="0" -KEYWORDS="~amd64" -IUSE="debug doc tools" - -DEPEND="doc? ( dev-python/sphinx )" -RDEPEND="virtual/udev - tools? ( - ${PYTHON_DEPS} - dev-python/pyusb[${PYTHON_USEDEP}] - dev-python/colorama[${PYTHON_USEDEP}] - )" - -PATCHES=( - "${FILESDIR}/${PV}-MINOR-Always-get-version-from-the-VERSION-file.patch" - "${FILESDIR}/${PV}-Disable-PIE-by-default.patch" -) - -pkg_pretend() { - if type -p arm-none-eabi-gcc > /dev/null 2>&1 ; then - return 0 - fi - - eerror "Before you could build the firmware, you need to install arm-none-eabi toolchain" - eerror "Run the following commands:" - eerror " emerge -vat crossdev" - eerror " crossdev --stable -t arm-none-eabi" - die "arm-none-eabi toolchain is needed" -} - -src_prepare () { - default - - mv tool/get_raw_public_key.py "tool/${PN}-get_raw_public_key.py" - mv tool/gnuk_put_binary_libusb.py "tool/${PN}-put_binary_libusb.py" - mv tool/gnuk_remove_keys_libusb.py "tool/${PN}-remove_keys_libusb.py" - mv tool/gnuk_upgrade.py "tool/${PN}-upgrade.py" - mv tool/stlinkv2.py "tool/${PN}-stlinkv2.py" - mv tool/upgrade_by_passwd.py "tool/${PN}-upgrade_by_passwd.py" - mv tool/usb_strings.py "tool/${PN}-usb_strings.py" -} - -src_configure() { - cd "${S}/src" - ./configure \ - --target=FST_01 \ - --vidpid=234b:0000 \ - --enable-certdo \ - --enable-factory-reset \ - --enable-hid-card-change \ - $(use_enable debug) \ - || die "configure failed" -} - -src_compile() { - cd "${S}/src" - emake CROSS="arm-none-eabi-" - - if use doc ; then - cd "${S}/doc" - emake html - emake man - fi - - cd "${S}/regnual" - emake TRGT="arm-none-eabi-" -} - -src_install() { - insinto "/usr/share/${PN}/firmware" - doins "src/build/${PN}.bin" - doins "regnual/regnual.bin" - - udev_dorules "${FILESDIR}/60-${PN}.rules" - - if use doc ; then - HTML_DOCS=( doc/_build/html/* ) - doman doc/_build/man/* - fi - - install_example() { - python_export PYTHON_SCRIPTDIR - insinto "${PYTHON_SCRIPTDIR}" - doins "${1}" - } - - if use tools ; then - python_foreach_impl python_domodule tool/gnuk_token.py - python_foreach_impl python_domodule tool/gpg_agent.py - python_foreach_impl python_domodule tool/kdf_calc.py - python_foreach_impl python_domodule tool/rsa.py - - python_foreach_impl python_doscript "tool/${PN}-get_raw_public_key.py" - python_foreach_impl python_doscript "tool/${PN}-put_binary_libusb.py" - python_foreach_impl python_doscript "tool/${PN}-remove_keys_libusb.py" - python_foreach_impl python_doscript "tool/${PN}-stlinkv2.py" - python_foreach_impl python_doscript "tool/${PN}-upgrade.py" - python_foreach_impl python_doscript "tool/${PN}-upgrade_by_passwd.py" - python_foreach_impl python_doscript "tool/${PN}-usb_strings.py" - python_foreach_impl install_example tool/rsa_example.key - - udev_dorules "${FILESDIR}/10-stlink.rules" - fi - - dodoc AUTHORS ChangeLog NEWS README THANKS - dodoc -r doc/note -} diff --git a/sys-firmware/gnuk/gnuk-1.2.14.ebuild b/sys-firmware/gnuk/gnuk-1.2.14.ebuild new file mode 100644 index 00000000..66ed7202 --- /dev/null +++ b/sys-firmware/gnuk/gnuk-1.2.14.ebuild @@ -0,0 +1,123 @@ +# Copyright 1999-2020 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=6 +PYTHON_COMPAT=( python{3_6,3_7} ) +inherit git-r3 eutils python-r1 udev + +DESCRIPTION="An Implementation of USB Cryptographic Token for GnuPG" +HOMEPAGE="https://www.fsij.org/category/gnuk.html" +EGIT_REPO_URI="https://salsa.debian.org/gnuk-team/${PN}/${PN}.git" +EGIT_COMMIT="release/${PV}" + +LICENSE="GPL-3" +SLOT="0" +KEYWORDS="~amd64" +IUSE="debug doc tools" + +DEPEND="doc? ( dev-python/sphinx )" +RDEPEND="virtual/udev + tools? ( + ${PYTHON_DEPS} + dev-python/pyusb[${PYTHON_USEDEP}] + dev-python/colorama[${PYTHON_USEDEP}] + )" + +PATCHES=( + "${FILESDIR}/${PV}-MINOR-Always-get-version-from-the-VERSION-file.patch" + "${FILESDIR}/${PV}-Disable-PIE.patch" + "${FILESDIR}/${PV}-Disable-stack-protector.patch" + "${FILESDIR}/${PV}-tool-switch-to-python3.patch" +) + +pkg_pretend() { + if type -p arm-none-eabi-gcc > /dev/null 2>&1 ; then + return 0 + fi + + eerror "Before you could build the firmware, you need to install arm-none-eabi toolchain" + eerror "Run the following commands:" + eerror " emerge -vat crossdev" + eerror " crossdev --stable -t arm-none-eabi" + die "arm-none-eabi toolchain is needed" +} + +src_prepare () { + default + + mv tool/get_raw_public_key.py "tool/${PN}-get_raw_public_key.py" || die + mv tool/gnuk_get_random.py "tool/${PN}-get_random.py" || die + mv tool/gnuk_put_binary_libusb.py "tool/${PN}-put_binary_libusb.py" || die + mv tool/gnuk_remove_keys_libusb.py "tool/${PN}-remove_keys_libusb.py" || die + mv tool/gnuk_upgrade.py "tool/${PN}-upgrade.py" || die + mv tool/stlinkv2.py "tool/${PN}-stlinkv2.py" || die + mv tool/upgrade_by_passwd.py "tool/${PN}-upgrade_by_passwd.py" || die + mv tool/usb_strings.py "tool/${PN}-usb_strings.py" || die +} + +src_configure() { + cd "${S}/src" + ./configure \ + --target=FST_01 \ + --vidpid=234b:0000 \ + --enable-certdo \ + --enable-factory-reset \ + --enable-hid-card-change \ + $(use_enable debug) \ + || die "configure failed" +} + +src_compile() { + cd "${S}/src" + emake CROSS="arm-none-eabi-" + + if use doc ; then + cd "${S}/doc" + emake html + emake man + fi + + cd "${S}/regnual" + emake TRGT="arm-none-eabi-" +} + +src_install() { + insinto "/usr/share/${PN}/firmware" + doins "src/build/${PN}.bin" + doins "regnual/regnual.bin" + + udev_dorules "${FILESDIR}/60-${PN}.rules" + + if use doc ; then + HTML_DOCS=( doc/_build/html/* ) + doman doc/_build/man/* + fi + + install_example() { + python_export PYTHON_SCRIPTDIR + insinto "${PYTHON_SCRIPTDIR}" + doins "${1}" + } + + if use tools ; then + python_foreach_impl python_domodule tool/gnuk_token.py + python_foreach_impl python_domodule tool/gpg_agent.py + python_foreach_impl python_domodule tool/kdf_calc.py + python_foreach_impl python_domodule tool/rsa.py + + python_foreach_impl python_doscript "tool/${PN}-get_random.py" + python_foreach_impl python_doscript "tool/${PN}-get_raw_public_key.py" + python_foreach_impl python_doscript "tool/${PN}-put_binary_libusb.py" + python_foreach_impl python_doscript "tool/${PN}-remove_keys_libusb.py" + python_foreach_impl python_doscript "tool/${PN}-stlinkv2.py" + python_foreach_impl python_doscript "tool/${PN}-upgrade.py" + python_foreach_impl python_doscript "tool/${PN}-upgrade_by_passwd.py" + python_foreach_impl python_doscript "tool/${PN}-usb_strings.py" + python_foreach_impl install_example tool/rsa_example.key + + udev_dorules "${FILESDIR}/10-stlink.rules" + fi + + dodoc AUTHORS ChangeLog NEWS README THANKS + dodoc -r doc/note +} -- cgit v1.2.3