mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-22 22:32:23 +00:00
Fix key to card failing with invalid time when moving keys to smartcard on master (Opt: Authenticated Heads)
- Revert gnupg toolstack version bump to prior of #1661 merge (2.4.2 -> 2.4.0). Version bump not needed for reproducibility. - Investigation and upstream discussions will take their time resolving invalid time issue introduced by between 2.4.0 and latest gnupg, fix regression first under master) - oem-factory-reset - Adding DO_WITH_DEBUG to oem-factory-reset for all its gpg calls. If failing in debug mode, /tmp/debug.txt contains calls and errors - Wipe keyrings only (*.gpg, *.kbx) not conf files under gpg homedir (keep initrd/.gnupg/*.conf) - flake.nix - switch build derivative from qemu and qemu_kvm to qemu_full to have qemu-img tool which was missing to run qemu boards (v0.1.8 docker) - add gnupg so that qemu boards can call inject_gpg to inject public key in absence of flashrom+pflash support for internal flashing - flake.lock: Updated nix pinned package list under flake.lock with 'nix flake update' so qemu_full builds - README.md: have consistent docker testing + release (push) notes - .circleci/config.yml: depend on docker v0.1.8 (qemu_full built with canokey-qemu lib support, diffoscopeMinimal and gnupg for proper qemu testing) TODO: - some fd2 instead of fd1?! - oem-factory-resest has whiptail_or_die which sets whiptail box to HEIGHT 0. This doesn't show a scrolling window on gpg errors which is problematic with fbwhiptail, not whiptail Signed-off-by: Thierry Laurion <insurgo@riseup.net>
This commit is contained in:
parent
b80aa87077
commit
37f04e2855
@ -45,7 +45,7 @@ commands:
|
||||
jobs:
|
||||
prep_env:
|
||||
docker:
|
||||
- image: tlaurion/heads-dev-env:v0.1.6
|
||||
- image: tlaurion/heads-dev-env:v0.1.8
|
||||
resource_class: large
|
||||
working_directory: ~/heads
|
||||
steps:
|
||||
@ -111,7 +111,7 @@ jobs:
|
||||
|
||||
build_and_persist:
|
||||
docker:
|
||||
- image: tlaurion/heads-dev-env:v0.1.6
|
||||
- image: tlaurion/heads-dev-env:v0.1.8
|
||||
resource_class: large
|
||||
working_directory: ~/heads
|
||||
parameters:
|
||||
@ -139,7 +139,7 @@ jobs:
|
||||
|
||||
build:
|
||||
docker:
|
||||
- image: tlaurion/heads-dev-env:v0.1.6
|
||||
- image: tlaurion/heads-dev-env:v0.1.8
|
||||
resource_class: large
|
||||
working_directory: ~/heads
|
||||
parameters:
|
||||
@ -160,7 +160,7 @@ jobs:
|
||||
|
||||
save_cache:
|
||||
docker:
|
||||
- image: tlaurion/heads-dev-env:v0.1.6
|
||||
- image: tlaurion/heads-dev-env:v0.1.8
|
||||
resource_class: large
|
||||
working_directory: ~/heads
|
||||
steps:
|
||||
|
@ -97,6 +97,10 @@ Maintenance notes on docker image
|
||||
Redo the steps above in case the flake.nix or nix.lock changes. Then publish on docker hub:
|
||||
|
||||
```
|
||||
docker tag linuxboot/heads:dev-env tlaurion/heads-dev-env:vx.y.z
|
||||
docker push tlaurion/heads-dev-env:vx.y.z
|
||||
#test against CircleCI in PR. Merge.
|
||||
#make last version the latest
|
||||
docker tag tlaurion/heads-dev-env:vx.y.z tlaurion/heads-dev-env:latest
|
||||
docker push tlaurion/heads-dev-env:latest
|
||||
```
|
||||
|
6
flake.lock
generated
6
flake.lock
generated
@ -20,11 +20,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1711703276,
|
||||
"narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
|
||||
"lastModified": 1715534503,
|
||||
"narHash": "sha256-5ZSVkFadZbFP1THataCaSf0JH2cAH3S29hU9rrxTEqk=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
|
||||
"rev": "2057814051972fa1453ddfb0d98badbea9b83c06",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -75,14 +75,16 @@
|
||||
canokeySupport = true; # This override enables Canokey support in QEMU, resulting in -device canokey being available.
|
||||
})
|
||||
# Packages for qemu support with Canokey integration from previous override
|
||||
#qemu_full #Heavier but contains qemu-img, kvm and everything else needed to do development cycles under docker
|
||||
qemu # To test make BOARD=qemu-coreboot-* boards and then call make BOARD=qemu-coreboot-* with inject_gpg statement, and then run statement.
|
||||
qemu_kvm # kvm additional support for qemu without all the qemu-img and everything else under qemu_full
|
||||
qemu_full #Heavier but contains qemu-img, kvm and everything else needed to do development cycles under docker
|
||||
#qemu # To test make BOARD=qemu-coreboot-* boards and then call make BOARD=qemu-coreboot-* with inject_gpg statement, and then run statement.
|
||||
#qemu_kvm # kvm additional support for qemu without all the qemu-img and everything else under qemu_full
|
||||
] ++ [
|
||||
# Additional tools for debugging/editing/testing.
|
||||
vim # Mostly used amongst us, sorry if you'd like something else, open issue.
|
||||
swtpm # QEMU requirement to emulate tpm1/tpm2.
|
||||
dosfstools # QEMU requirement to produce valid fs to store exported public key to be fused through inject_key on qemu (so qemu flashrom emulated SPI support).
|
||||
diffoscopeMinimal # Not sure exactly what is packed here, let's try.
|
||||
gnupg #to inject public key inside of qemu create rom through inject_gpg target of targets/qemu.mk TODO: remove when pflash supported by flashrom
|
||||
#diffoscope #should we include it? Massive:11 GB uncompressed. Wow?!?!
|
||||
] ++ [
|
||||
# Tools for handling binary blobs in their compressed state. (blobs/xx30/vbios_[tw]530.sh)
|
||||
|
@ -38,8 +38,9 @@ MAX_HOTP_GPG_PIN_LENGTH=25
|
||||
CUSTOM_PASS_AFFECTED_COMPONENTS=""
|
||||
|
||||
# Default GPG Algorithm is RSA
|
||||
# p256 also supported (TODO: nk3 supports RSA 4096 in secure element in firmare v1.7.1. Switch!?
|
||||
GPG_ALGO="RSA"
|
||||
# Default RSA key length
|
||||
# Default RSA key length is 3072 bits for OEM key gen. 4096 are way longer to generate in smartcard
|
||||
RSA_KEY_LENGTH=3072
|
||||
|
||||
GPG_USER_NAME="OEM Key"
|
||||
@ -85,12 +86,11 @@ mount_boot() {
|
||||
fi
|
||||
}
|
||||
|
||||
#Generate a gpg master key: no expiration date, RSA 4096 bits
|
||||
#Generate a gpg master key: no expiration date, ${RSA_KEY_LENGTH} bits
|
||||
#This key will be used to sign 3 subkeys: encryption, authentication and signing
|
||||
#The master key and subkeys will be copied to backup, and the subkeys moved from memory keyring to the smartcard
|
||||
generate_inmemory_RSA_master_and_subkeys() {
|
||||
TRACE_FUNC
|
||||
echo "Generating GPG key material in memory:"
|
||||
|
||||
echo "Generating GPG RSA ${RSA_KEY_LENGTH} bits master key..."
|
||||
# Generate GPG master key
|
||||
@ -104,7 +104,7 @@ generate_inmemory_RSA_master_and_subkeys() {
|
||||
echo "Expire-Date: 0" # No expiration date
|
||||
echo "Passphrase: ${ADMIN_PIN}" # Admin PIN
|
||||
echo "%commit" # Commit changes
|
||||
} | gpg --command-fd=0 --status-fd=1 --batch --gen-key >/tmp/gpg_card_edit_output 2>&1
|
||||
} | DO_WITH_DEBUG gpg --expert --batch --command-fd=0 --status-fd=1 --pinentry-mode=loopback --generate-key >/tmp/gpg_card_edit_output 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
ERROR=$(cat /tmp/gpg_card_edit_output)
|
||||
whiptail_error_die "GPG Key generation failed!\n\n$ERROR"
|
||||
@ -120,7 +120,7 @@ generate_inmemory_RSA_master_and_subkeys() {
|
||||
echo ${ADMIN_PIN} # Local keyring admin pin
|
||||
echo y # confirm
|
||||
echo save # save changes and commit to keyring
|
||||
} | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --edit-key "${GPG_USER_MAIL}" \
|
||||
} | DO_WITH_DEBUG gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --edit-key "${GPG_USER_MAIL}" \
|
||||
>/tmp/gpg_card_edit_output 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
ERROR=$(cat /tmp/gpg_card_edit_output)
|
||||
@ -137,7 +137,7 @@ generate_inmemory_RSA_master_and_subkeys() {
|
||||
echo ${ADMIN_PIN} # Local keyring admin pin
|
||||
echo y # confirm
|
||||
echo save # save changes and commit to keyring
|
||||
} | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --edit-key "${GPG_USER_MAIL}" \
|
||||
} | DO_WITH_DEBUG gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --edit-key "${GPG_USER_MAIL}" \
|
||||
>/tmp/gpg_card_edit_output 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
ERROR=$(cat /tmp/gpg_card_edit_output)
|
||||
@ -161,26 +161,12 @@ generate_inmemory_RSA_master_and_subkeys() {
|
||||
echo ${ADMIN_PIN} # Local keyring admin pin
|
||||
echo y # confirm
|
||||
echo save # save changes and commit to keyring
|
||||
} | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --expert --edit-key "${GPG_USER_MAIL}" \
|
||||
} | DO_WITH_DEBUG gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --expert --edit-key "${GPG_USER_MAIL}" \
|
||||
>/tmp/gpg_card_edit_output 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
ERROR=$(cat /tmp/gpg_card_edit_output)
|
||||
whiptail_error_die "GPG Key authentication subkey generation failed!\n\n$ERROR"
|
||||
fi
|
||||
|
||||
DEBUG "Setting public key to ultimate trust..."
|
||||
#Set the public key to the ultimate trust
|
||||
{
|
||||
echo trust # trust key in --edit-key mode
|
||||
echo 5 # ultimate trust
|
||||
echo y # confirm
|
||||
echo save # save changes and commit to keyring
|
||||
} | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --edit-key "${GPG_USER_MAIL}" \
|
||||
>/tmp/gpg_card_edit_output 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
ERROR=$(cat /tmp/gpg_card_edit_output)
|
||||
whiptail_error_die "GPG Key setting public key to ultimate trust failed!\n\n$ERROR"
|
||||
fi
|
||||
}
|
||||
|
||||
#Generate a gpg master key: no expiration date, p256 key (ECC)
|
||||
@ -200,7 +186,7 @@ generate_inmemory_p256_master_and_subkeys() {
|
||||
echo "Passphrase: ${ADMIN_PIN}" # Local keyring admin pin
|
||||
echo "Expire-Date: 0" # No expiration date
|
||||
echo "%commit" # Commit changes
|
||||
} | gpg --expert --batch --command-fd=0 --status-fd=1 --pinentry-mode=loopback --generate-key \
|
||||
} | DO_WITH_DEBUG gpg --expert --batch --command-fd=0 --status-fd=1 --pinentry-mode=loopback --generate-key \
|
||||
>/tmp/gpg_card_edit_output 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
ERROR=$(cat /tmp/gpg_card_edit_output)
|
||||
@ -216,10 +202,10 @@ generate_inmemory_p256_master_and_subkeys() {
|
||||
echo 11 # ECC own set capability
|
||||
echo Q # sign already present, do not modify
|
||||
echo 3 # P-256
|
||||
echo 0 # no expiration
|
||||
echo 0 # No validity/expiration date
|
||||
echo ${ADMIN_PIN} # Local keyring admin pin
|
||||
echo save # save changes and commit to keyring
|
||||
} | gpg --expert --command-fd=0 --status-fd=1 --pinentry-mode=loopback --edit-key ${MASTER_KEY_FP} >/tmp/gpg_card_edit_output 2>&1
|
||||
} | DO_WITH_DEBUG gpg --expert --command-fd=0 --status-fd=1 --pinentry-mode=loopback --edit-key ${MASTER_KEY_FP} >/tmp/gpg_card_edit_output 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
ERROR_MSG=$(cat /tmp/gpg_card_edit_output)
|
||||
whiptail_error_die "Failed to add ECC nistp256 signing key to master key\n\n${ERROR_MSG}"
|
||||
@ -231,10 +217,10 @@ generate_inmemory_p256_master_and_subkeys() {
|
||||
echo 12 # ECC own set capability
|
||||
echo Q # Quit
|
||||
echo 3 # P-256
|
||||
echo 0 # no expiration
|
||||
echo 0 # No validity/expiration date
|
||||
echo ${ADMIN_PIN} # Local keyring admin pin
|
||||
echo save # save changes and commit to keyring
|
||||
} | gpg --expert --command-fd=0 --status-fd=1 --pinentry-mode=loopback --edit-key ${MASTER_KEY_FP} >/tmp/gpg_card_edit_output 2>&1
|
||||
} | DO_WITH_DEBUG gpg --expert --command-fd=0 --status-fd=1 --pinentry-mode=loopback --edit-key ${MASTER_KEY_FP} >/tmp/gpg_card_edit_output 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
ERROR_MSG=$(cat /tmp/gpg_card_edit_output)
|
||||
whiptail_error_die "Failed to add ECC nistp256 encryption key to master key\n\n${ERROR_MSG}"
|
||||
@ -251,7 +237,7 @@ generate_inmemory_p256_master_and_subkeys() {
|
||||
echo 0 # no expiration
|
||||
echo ${ADMIN_PIN} # Local keyring admin pin
|
||||
echo save # save changes and commit to keyring
|
||||
} | gpg --expert --command-fd=0 --status-fd=1 --pinentry-mode=loopback --edit-key ${MASTER_KEY_FP} >/tmp/gpg_card_edit_output 2>&1
|
||||
} | DO_WITH_DEBUG gpg --expert --command-fd=0 --status-fd=1 --pinentry-mode=loopback --edit-key ${MASTER_KEY_FP} >/tmp/gpg_card_edit_output 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
ERROR_MSG=$(cat /tmp/gpg_card_edit_output)
|
||||
whiptail_error_die "Failed to add ECC nistp256 authentication key to master key\n\n${ERROR_MSG}"
|
||||
@ -297,7 +283,7 @@ keytocard_subkeys_to_smartcard() {
|
||||
echo "${ADMIN_PIN_DEF}" #Smartcard Admin PIN
|
||||
echo "key 3" #Toggle off Authentication key
|
||||
echo "save" #Save changes and commit to keyring
|
||||
} | gpg --expert --command-fd=0 --status-fd=1 --pinentry-mode=loopback --edit-key "${GPG_USER_MAIL}" \
|
||||
} | DO_WITH_DEBUG gpg --expert --command-fd=0 --status-fd=1 --pinentry-mode=loopback --edit-key "${GPG_USER_MAIL}" \
|
||||
>/tmp/gpg_card_edit_output 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
ERROR=$(cat /tmp/gpg_card_edit_output)
|
||||
@ -488,7 +474,7 @@ gpg_key_factory_reset() {
|
||||
echo factory-reset # factory reset smartcard
|
||||
echo y # confirm
|
||||
echo yes # confirm
|
||||
} | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
|
||||
} | DO_WITH_DEBUG gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
|
||||
>/tmp/gpg_card_edit_output 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
ERROR=$(cat /tmp/gpg_card_edit_output)
|
||||
@ -508,7 +494,7 @@ gpg_key_factory_reset() {
|
||||
echo admin # admin menu
|
||||
echo forcesig # toggle forcesig
|
||||
echo ${ADMIN_PIN_DEF} # local keyring PIN
|
||||
} | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
|
||||
} | DO_WITH_DEBUG gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
|
||||
>/tmp/gpg_card_edit_output 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
ERROR=$(cat /tmp/gpg_card_edit_output)
|
||||
@ -529,7 +515,7 @@ gpg_key_factory_reset() {
|
||||
echo 2 # ECC
|
||||
echo 3 # P-256
|
||||
echo ${ADMIN_PIN_DEF} # local keyring PIN
|
||||
} | gpg --expert --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
|
||||
} | DO_WITH_DEBUG gpg --expert --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
|
||||
>/tmp/gpg_card_edit_output 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
ERROR=$(cat /tmp/gpg_card_edit_output)
|
||||
@ -551,7 +537,7 @@ gpg_key_factory_reset() {
|
||||
echo 1 # RSA
|
||||
echo ${RSA_KEY_LENGTH} #Authentication key size set to RSA_KEY_LENGTH
|
||||
echo ${ADMIN_PIN_DEF} #Local keyring PIN
|
||||
} | gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
|
||||
} | DO_WITH_DEBUG gpg --command-fd=0 --status-fd=1 --pinentry-mode=loopback --card-edit \
|
||||
>/tmp/gpg_card_edit_output 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
ERROR=$(cat /tmp/gpg_card_edit_output)
|
||||
@ -581,7 +567,7 @@ generate_OEM_gpg_keys() {
|
||||
echo ${GPG_USER_MAIL} # User email
|
||||
echo ${GPG_USER_COMMENT} # User comment
|
||||
echo ${USER_PIN_DEF} # Default user PIN since we just factory reset
|
||||
} | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \
|
||||
} | DO_WITH_DEBUG gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \
|
||||
>/tmp/gpg_card_edit_output 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
ERROR=$(cat /tmp/gpg_card_edit_output)
|
||||
@ -608,7 +594,7 @@ gpg_key_change_pin() {
|
||||
echo ${PIN_NEW} # confirm new PIN
|
||||
echo q # quit
|
||||
echo q
|
||||
} | gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \
|
||||
} | DO_WITH_DEBUG gpg --command-fd=0 --status-fd=2 --pinentry-mode=loopback --card-edit \
|
||||
>/tmp/gpg_card_edit_output 2>&1
|
||||
if [ $? -ne 0 ]; then
|
||||
ERROR=$(cat /tmp/gpg_card_edit_output | fold -s)
|
||||
@ -686,7 +672,7 @@ generate_checksums() {
|
||||
fi
|
||||
|
||||
DEBUG "Detach-signing boot files under kexec.sig: ${param_files}"
|
||||
if sha256sum $param_files 2>/dev/null | gpg \
|
||||
if sha256sum $param_files 2>/dev/null | DO_WITH_DEBUG gpg \
|
||||
--pinentry-mode loopback \
|
||||
--passphrase "${USER_PIN}" \
|
||||
--digest-algo SHA256 \
|
||||
@ -1142,7 +1128,7 @@ assert_signable
|
||||
# clear gpg-agent cache so that next gpg calls doesn't have past keyring in memory
|
||||
killall gpg-agent >/dev/null 2>&1 || true
|
||||
# clear local keyring
|
||||
rm -rf /.gnupg/* >/dev/null 2>&1 || true
|
||||
rm -rf /.gnupg/*.kbx /.gnupg/*.gpg >/dev/null 2>&1 || true
|
||||
|
||||
# detect and set /boot device
|
||||
echo -e "\nDetecting and setting boot device...\n"
|
||||
@ -1242,7 +1228,7 @@ if [ "$GPG_EXPORT" != "0" ]; then
|
||||
fi
|
||||
|
||||
# ensure key imported locally
|
||||
if ! cat "$PUBKEY" | gpg --import >/dev/null 2>/tmp/error; then
|
||||
if ! cat "$PUBKEY" | DO_WITH_DEBUG gpg --import >/dev/null 2>/tmp/error; then
|
||||
ERROR=$(tail -n 1 /tmp/error | fold -s)
|
||||
whiptail_error_die "Error importing GPG key:\n\n$ERROR"
|
||||
fi
|
||||
|
@ -1,10 +1,10 @@
|
||||
modules-$(CONFIG_GPG2) += gpg2
|
||||
|
||||
gpg2_version := 2.4.2
|
||||
gpg2_version := 2.4.0
|
||||
gpg2_dir := gnupg-$(gpg2_version)
|
||||
gpg2_tar := gnupg-$(gpg2_version).tar.bz2
|
||||
gpg2_url := https://www.gnupg.org/ftp/gcrypt/gnupg/$(gpg2_tar)
|
||||
gpg2_hash := 97eb47df8ae5a3ff744f868005a090da5ab45cb48ee9836dbf5ee739a4e5cf49
|
||||
gpg2_hash := 1d79158dd01d992431dd2e3facb89fdac97127f89784ea2cb610c600fb0c1483
|
||||
gpg2_depends := libgpg-error libgcrypt libksba libassuan npth libusb $(musl_dep)
|
||||
|
||||
# For reproducibility reasons we have to override the exec_prefix
|
||||
|
@ -1,10 +1,10 @@
|
||||
modules-$(CONFIG_GPG2) += libassuan
|
||||
|
||||
libassuan_version := 2.5.6
|
||||
libassuan_version := 2.5.5
|
||||
libassuan_dir := libassuan-$(libassuan_version)
|
||||
libassuan_tar := libassuan-$(libassuan_version).tar.bz2
|
||||
libassuan_url := https://gnupg.org/ftp/gcrypt/libassuan/$(libassuan_tar)
|
||||
libassuan_hash := e9fd27218d5394904e4e39788f9b1742711c3e6b41689a31aa3380bd5aa4f426
|
||||
libassuan_hash := 8e8c2fcc982f9ca67dcbb1d95e2dc746b1739a4668bc20b3a3c5be632edb34e4
|
||||
|
||||
libassuan_configure := \
|
||||
CFLAGS="-Os" \
|
||||
@ -14,7 +14,7 @@ libassuan_configure := \
|
||||
--prefix "/" \
|
||||
--disable-doc \
|
||||
--disable-static \
|
||||
--with-libgpg-error-prefix="$(INSTALL)" \
|
||||
--with-gpg-error-prefix="$(INSTALL)" \
|
||||
|
||||
libassuan_target := $(MAKE_JOBS) \
|
||||
DESTDIR="$(INSTALL)" \
|
||||
|
@ -1,10 +1,10 @@
|
||||
modules-$(CONFIG_GPG2) += libgcrypt
|
||||
|
||||
libgcrypt_version := 1.10.2
|
||||
libgcrypt_version := 1.10.1
|
||||
libgcrypt_dir := libgcrypt-$(libgcrypt_version)
|
||||
libgcrypt_tar := libgcrypt-$(libgcrypt_version).tar.bz2
|
||||
libgcrypt_url := https://gnupg.org/ftp/gcrypt/libgcrypt/$(libgcrypt_tar)
|
||||
libgcrypt_hash := 3b9c02a004b68c256add99701de00b383accccf37177e0d6c58289664cce0c03
|
||||
libgcrypt_hash := ef14ae546b0084cd84259f61a55e07a38c3b53afc0f546bffcef2f01baffe9de
|
||||
|
||||
libgcrypt_configure := \
|
||||
$(CROSS_TOOLS) \
|
||||
@ -14,7 +14,7 @@ libgcrypt_configure := \
|
||||
--prefix "/" \
|
||||
--disable-doc \
|
||||
--disable-static \
|
||||
--with-libgpg-error-prefix="$(INSTALL)" \
|
||||
--with-gpg-error-prefix="$(INSTALL)" \
|
||||
|
||||
libgcrypt_target := $(MAKE_JOBS) \
|
||||
DESTDIR="$(INSTALL)" \
|
||||
|
@ -1,10 +1,10 @@
|
||||
modules-$(CONFIG_GPG2) += libgpg-error
|
||||
|
||||
libgpg-error_version := 1.47
|
||||
libgpg-error_version := 1.46
|
||||
libgpg-error_dir := libgpg-error-$(libgpg-error_version)
|
||||
libgpg-error_tar := libgpg-error-$(libgpg-error_version).tar.bz2
|
||||
libgpg-error_url := https://gnupg.org/ftp/gcrypt/libgpg-error/$(libgpg-error_tar)
|
||||
libgpg-error_hash := 9e3c670966b96ecc746c28c2c419541e3bcb787d1a73930f5e5f5e1bcbbb9bdb
|
||||
libgpg-error_hash := b7e11a64246bbe5ef37748de43b245abd72cfcd53c9ae5e7fc5ca59f1c81268d
|
||||
|
||||
libgpg-error_configure := \
|
||||
$(CROSS_TOOLS) \
|
||||
|
@ -1,10 +1,10 @@
|
||||
modules-$(CONFIG_GPG2) += libksba
|
||||
|
||||
libksba_version := 1.6.4
|
||||
libksba_version := 1.6.3
|
||||
libksba_dir := libksba-$(libksba_version)
|
||||
libksba_tar := libksba-$(libksba_version).tar.bz2
|
||||
libksba_url := https://gnupg.org/ftp/gcrypt/libksba/$(libksba_tar)
|
||||
libksba_hash := bbb43f032b9164d86c781ffe42213a83bf4f2fee91455edfa4654521b8b03b6b
|
||||
libksba_hash := 3f72c68db30971ebbf14367527719423f0a4d5f8103fc9f4a1c01a9fa440de5c
|
||||
|
||||
libksba_configure := \
|
||||
$(CROSS_TOOLS) \
|
||||
@ -13,7 +13,7 @@ libksba_configure := \
|
||||
--host $(MUSL_ARCH)-linux-musl \
|
||||
--prefix "/" \
|
||||
--disable-static \
|
||||
--with-libgpg-error-prefix="$(INSTALL)" \
|
||||
--with-gpg-error-prefix="$(INSTALL)" \
|
||||
|
||||
libksba_target := $(MAKE_JOBS) \
|
||||
DESTDIR="$(INSTALL)" \
|
||||
|
@ -1,27 +0,0 @@
|
||||
diff -u --recursive /home/tlaurion/build/clean/gnupg-2.2.10/configure gnupg-2.2.10/configure
|
||||
--- /home/tlaurion/build/clean/gnupg-2.2.10/configure 2016-08-17 09:20:25.000000000 -0400
|
||||
+++ gnupg-2.2.10/configure 2018-01-20 16:55:14.502067084 -0500
|
||||
@@ -572,7 +572,7 @@
|
||||
ac_clean_files=
|
||||
ac_config_libobj_dir=.
|
||||
LIBOBJS=
|
||||
-cross_compiling=no
|
||||
+cross_compiling=yes
|
||||
subdirs=
|
||||
MFLAGS=
|
||||
MAKEFLAGS=
|
||||
diff -u --recursive gnupg-2.2.10/common/ttyio.c gnupg-2.2.10/common/ttyio.c.mod
|
||||
--- gnupg-2.2.10/common/ttyio.c 2017-08-28 06:22:54.000000000 -0400
|
||||
+++ gnupg-2.2.10/common/ttyio.c.mod 2018-09-18 23:00:07.386250017 -0400
|
||||
@@ -190,7 +190,9 @@
|
||||
#elif defined (HAVE_W32CE_SYSTEM)
|
||||
ttyfp = stderr;
|
||||
#else
|
||||
- ttyfp = batchmode? stderr : fopen (tty_get_ttyname (), "r+");
|
||||
+ //ttyfp = batchmode? stderr : fopen( tty_get_ttyname (), "r+");
|
||||
+ ttyfp = stderr;
|
||||
+
|
||||
if( !ttyfp ) {
|
||||
log_error("cannot open '%s': %s\n", tty_get_ttyname (),
|
||||
strerror(errno) );
|
||||
|
@ -1,7 +1,7 @@
|
||||
diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
--- libassuan-2.5.1-clean/configure 2017-12-07 06:55:50.000000000 -0800
|
||||
+++ libassuan-2.5.1/configure 2020-01-12 13:39:50.655638965 -0800
|
||||
@@ -10781,7 +10781,7 @@
|
||||
diff -u -r libgcrypt-1.8.3-clean/configure libgcrypt-1.8.3/configure
|
||||
--- libgcrypt-1.8.3-clean/configure 2018-06-13 00:39:33.000000000 -0700
|
||||
+++ libgcrypt-1.8.3/configure 2020-01-12 13:32:34.840010800 -0800
|
||||
@@ -11292,7 +11292,7 @@
|
||||
version_type=linux # correct to gnu/linux during the next big refactor
|
||||
need_lib_prefix=no
|
||||
need_version=no
|
||||
@ -10,7 +10,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
if test "$host_cpu" = ia64; then
|
||||
# AIX 5 supports IA64
|
||||
library_names_spec='${libname}${release}${shared_ext}$major ${libname}${release}${shared_ext}$versuffix $libname${shared_ext}'
|
||||
@@ -11020,16 +11020,16 @@
|
||||
@@ -11531,16 +11531,16 @@
|
||||
;;
|
||||
freebsd3.[01]* | freebsdelf3.[01]*)
|
||||
shlibpath_overrides_runpath=yes
|
||||
@ -30,7 +30,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
;;
|
||||
esac
|
||||
;;
|
||||
@@ -11042,7 +11042,7 @@
|
||||
@@ -11553,7 +11553,7 @@
|
||||
soname_spec='${libname}${release}${shared_ext}$major'
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
shlibpath_overrides_runpath=no
|
||||
@ -39,7 +39,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
;;
|
||||
|
||||
haiku*)
|
||||
@@ -11055,7 +11055,7 @@
|
||||
@@ -11566,7 +11566,7 @@
|
||||
shlibpath_var=LIBRARY_PATH
|
||||
shlibpath_overrides_runpath=yes
|
||||
sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib'
|
||||
@ -48,7 +48,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
;;
|
||||
|
||||
hpux9* | hpux10* | hpux11*)
|
||||
@@ -11067,7 +11067,7 @@
|
||||
@@ -11578,7 +11578,7 @@
|
||||
case $host_cpu in
|
||||
ia64*)
|
||||
shrext_cmds='.so'
|
||||
@ -57,7 +57,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
dynamic_linker="$host_os dld.so"
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
|
||||
@@ -11082,7 +11082,7 @@
|
||||
@@ -11593,7 +11593,7 @@
|
||||
;;
|
||||
hppa*64*)
|
||||
shrext_cmds='.sl'
|
||||
@ -66,7 +66,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
dynamic_linker="$host_os dld.sl"
|
||||
shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH
|
||||
shlibpath_overrides_runpath=yes # Unless +noenvvar is specified.
|
||||
@@ -11115,7 +11115,7 @@
|
||||
@@ -11626,7 +11626,7 @@
|
||||
dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)'
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
shlibpath_overrides_runpath=no
|
||||
@ -75,7 +75,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
;;
|
||||
|
||||
irix5* | irix6* | nonstopux*)
|
||||
@@ -11152,7 +11152,7 @@
|
||||
@@ -11663,7 +11663,7 @@
|
||||
shlibpath_overrides_runpath=no
|
||||
sys_lib_search_path_spec="/usr/lib${libsuff} /lib${libsuff} /usr/local/lib${libsuff}"
|
||||
sys_lib_dlsearch_path_spec="/usr/lib${libsuff} /lib${libsuff}"
|
||||
@ -84,7 +84,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
;;
|
||||
|
||||
# No shared lib support for Linux oldld, aout, or coff.
|
||||
@@ -11173,7 +11173,7 @@
|
||||
@@ -11684,7 +11684,7 @@
|
||||
# This implies no fast_install, which is unacceptable.
|
||||
# Some rework will be needed to allow for fast_install
|
||||
# before this can be enabled.
|
||||
@ -93,7 +93,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
|
||||
dynamic_linker='Android linker'
|
||||
# Don't embed -rpath directories since the linker doesn't support them.
|
||||
@@ -11228,7 +11228,7 @@
|
||||
@@ -11739,7 +11739,7 @@
|
||||
# This implies no fast_install, which is unacceptable.
|
||||
# Some rework will be needed to allow for fast_install
|
||||
# before this can be enabled.
|
||||
@ -102,7 +102,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
|
||||
# Append ld.so.conf contents to the search path
|
||||
if test -f /etc/ld.so.conf; then
|
||||
@@ -11253,7 +11253,7 @@
|
||||
@@ -11764,7 +11764,7 @@
|
||||
soname_spec='${libname}${release}${shared_ext}$major'
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
shlibpath_overrides_runpath=no
|
||||
@ -111,7 +111,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
dynamic_linker='NetBSD ld.elf_so'
|
||||
;;
|
||||
|
||||
@@ -11272,7 +11272,7 @@
|
||||
@@ -11783,7 +11783,7 @@
|
||||
fi
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
shlibpath_overrides_runpath=yes
|
||||
@ -120,7 +120,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
;;
|
||||
|
||||
newsos6)
|
||||
@@ -11290,7 +11290,7 @@
|
||||
@@ -11801,7 +11801,7 @@
|
||||
soname_spec='${libname}${release}${shared_ext}$major'
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
shlibpath_overrides_runpath=no
|
||||
@ -129,7 +129,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
dynamic_linker='ldqnx.so'
|
||||
;;
|
||||
|
||||
@@ -11352,7 +11352,7 @@
|
||||
@@ -11863,7 +11863,7 @@
|
||||
soname_spec='${libname}${release}${shared_ext}$major'
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
shlibpath_overrides_runpath=yes
|
||||
@ -138,7 +138,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
# ldd complains unless libraries are executable
|
||||
postinstall_cmds='chmod +x $lib'
|
||||
;;
|
||||
@@ -11409,7 +11409,7 @@
|
||||
@@ -11920,7 +11920,7 @@
|
||||
soname_spec='${libname}${release}${shared_ext}$major'
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
shlibpath_overrides_runpath=yes
|
||||
@ -147,7 +147,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
if test "$with_gnu_ld" = yes; then
|
||||
sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib'
|
||||
else
|
||||
@@ -11431,7 +11431,7 @@
|
||||
@@ -11942,7 +11942,7 @@
|
||||
library_names_spec='${libname}${release}${shared_ext}$versuffix ${libname}${release}${shared_ext}$major $libname${shared_ext}'
|
||||
shlibpath_var=LD_LIBRARY_PATH
|
||||
shlibpath_overrides_runpath=no
|
||||
@ -156,7 +156,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
;;
|
||||
|
||||
uts4*)
|
||||
@@ -15680,7 +15680,7 @@
|
||||
@@ -19824,7 +19824,7 @@
|
||||
postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`'
|
||||
finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`'
|
||||
finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`'
|
||||
@ -165,7 +165,7 @@ diff -u -r libassuan-2.5.1-clean/configure libassuan-2.5.1/configure
|
||||
sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`'
|
||||
sys_lib_dlsearch_path_spec='`$ECHO "$sys_lib_dlsearch_path_spec" | $SED "$delay_single_quote_subst"`'
|
||||
hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`'
|
||||
@@ -16896,7 +16896,7 @@
|
||||
@@ -21088,7 +21088,7 @@
|
||||
finish_eval=$lt_finish_eval
|
||||
|
||||
# Whether we should hardcode library paths into libraries.
|
Loading…
Reference in New Issue
Block a user