ExternalVendorCode/heads
1
0
Fork 0
mirror of https://github.com/linuxboot/heads.git synced 2024-12-18 20:47:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #510 from tlaurion/gpg2

Browse Source 
Gpg2 with all fixes included
This commit is contained in:
tlaurion 2019-02-08 13:31:21 -05:00 committed by GitHub
commit eafb47065f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
26 changed files with 360 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Makefile
View File

@ -393,6 +393,8 @@ bin_modules-$(CONFIG_PCIUTILS) += pciutils
bin_modules-$(CONFIG_FLASHROM) += flashrom
bin_modules-$(CONFIG_CRYPTSETUP) += cryptsetup
bin_modules-$(CONFIG_GPG) += gpg
bin_modules-$(CONFIG_GPG2) += gpg2
bin_modules-$(CONFIG_PINENTRY) += pinentry
bin_modules-$(CONFIG_LVM2) += lvm2
bin_modules-$(CONFIG_DROPBEAR) += dropbear
bin_modules-$(CONFIG_FLASHTOOLS) += flashtools

2
boards/librem13v2/librem13v2.config
View File

@ -6,7 +6,7 @@ export CONFIG_COREBOOT=y
CONFIG_CRYPTSETUP=y
CONFIG_FLASHROM=y
CONFIG_FLASHTOOLS=y
CONFIG_GPG=y
CONFIG_GPG2=y
CONFIG_KEXEC=y
CONFIG_UTIL_LINUX=y
CONFIG_LVM2=y

2
boards/librem15v3/librem15v3.config
View File

@ -8,7 +8,7 @@ export CONFIG_COREBOOT=y
CONFIG_CRYPTSETUP=y
CONFIG_FLASHROM=y
CONFIG_FLASHTOOLS=y
CONFIG_GPG=y
CONFIG_GPG2=y
CONFIG_KEXEC=y
CONFIG_UTIL_LINUX=y
CONFIG_LVM2=y

2
boards/qemu-coreboot/qemu-coreboot.config
View File

@ -17,7 +17,7 @@ CONFIG_FLASHROM=y
CONFIG_PCIUTILS=y
CONFIG_UTIL_LINUX=y
CONFIG_CRYPTSETUP=y
CONFIG_GPG=y
CONFIG_GPG2=y
CONFIG_LVM2=y
CONFIG_MBEDTLS=y
CONFIG_DROPBEAR=y

2
boards/qemu-linuxboot/qemu-linuxboot.config
View File

@ -18,7 +18,7 @@ endif
CONFIG_FLASHROM=y
CONFIG_FLASHTOOLS=y
CONFIG_GPG=y
CONFIG_GPG2=y
CONFIG_KEXEC=y
CONFIG_UTIL_LINUX=y
CONFIG_DROPBEAR=y

2
boards/x230/x230.config
View File

@ -6,7 +6,7 @@ CONFIG_LINUX_CONFIG=config/linux-x230.config
CONFIG_CRYPTSETUP=y
CONFIG_FLASHROM=y
CONFIG_FLASHTOOLS=y
CONFIG_GPG=y
CONFIG_GPG2=y
CONFIG_KEXEC=y
CONFIG_UTIL_LINUX=y
CONFIG_LVM2=y

1
config/linux-kgpe-d16.config
View File

@ -64,6 +64,7 @@ CONFIG_PCI_PRI=y
# CONFIG_COREDUMP is not set
CONFIG_NET=y
CONFIG_PACKET=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_SYN_COOKIES=y
# CONFIG_INET_XFRM_MODE_TRANSPORT is not set

1
config/linux-librem13v2.config
View File

@ -63,6 +63,7 @@ CONFIG_PCI_PRI=y
# CONFIG_COREDUMP is not set
CONFIG_NET=y
CONFIG_PACKET=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_SYN_COOKIES=y
# CONFIG_INET_XFRM_MODE_TRANSPORT is not set

1
config/linux-linuxboot.config
View File

@ -84,6 +84,7 @@ CONFIG_PCI_PRI=y
CONFIG_IA32_EMULATION=y
CONFIG_NET=y
CONFIG_PACKET=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_SYN_COOKIES=y
# CONFIG_INET_XFRM_MODE_TRANSPORT is not set

1
config/linux-x230.config
View File

@ -64,6 +64,7 @@ CONFIG_PCI_PRI=y
# CONFIG_COREDUMP is not set
CONFIG_NET=y
CONFIG_PACKET=y
CONFIG_UNIX=y
CONFIG_INET=y
CONFIG_SYN_COOKIES=y
# CONFIG_INET_XFRM_MODE_TRANSPORT is not set

27
initrd/.ash_history
View File

@ -1,14 +1,17 @@
mount /dev/sda1 /boot
mount -o remount,rw /boot
rm /boot/kexec_*
mount-usb
mkdir -p /media/gpg_keys
gpg --home=/media/gpg_keys --card-edit
gpg --home=/media/gpg_keys --export --armor e@mail.address > /media/gpg_keys/public.key
gpg --home=/media/gpg_keys --export-secret-keys --armor e@mail.address > /media/gpg_keys/private.key
cbfs -o /media/coreboot.rom -a "heads/initrd/.gnupg/keys/public.key" -f /media/gpg_keys/public.key
cbfs -o /media/coreboot.rom -a "heads/initrd/.gnupg/keys/private.key" -f /media/gpg_keys/private.key
mount -o remount,ro /media
flash.sh /media/coreboot.com
#remove invalid kexec_* signed files
mount /dev/sda1 /boot && mount -o remount,rw /boot && rm /boot/kexec* && mount -o remount,ro /boot
#Generate keys from GPG smartcard:
mount-usb && gpg --home=/.gnupg/ --card-edit
#Copy generated public key, private_subkey, trustdb and artifacts to external media for backup:
mount -o remount,rw /media && mkdir -p /media/gpg_keys; gpg --export-secret-keys --armor email@address.com > /media/gpg_keys/private.key && gpg --export --armor email@address.com > /media/gpg_keys/public.key && gpg --export-ownertrust > /media/gpg_keys/otrust.txt && cp -r ./.gnupg/* /media/gpg_keys/ 2> /dev/null
#Insert public key and trustdb export into reproducible rom:
cbfs -o /media/coreboot.rom -a "heads/initrd/.gnupg/keys/public.key" -f /media/gpg_keys/public.key && cbfs -o /media/coreboot.rom -a "heads/initrd/.gnupg/keys/otrust.txt" -f /media/gpg_keys/otrust.txt
#Flush changes to external media:
mount -o,remount ro /media
#Flash modified reproducible rom with inserted public key and trustdb export from precedent step. Flushes actual rom's keys (-c: clean):
flash.sh -c /media/coreboot.rom
#Attest integrity of firmware as it is
seal-totp
#Verify Intel ME state:
cbmem --console | grep '^ME'
cbmem --console | less

3
initrd/.gnupg/gpg-agent.conf Normal file
View File

@ -0,0 +1,3 @@
scdaemon-program /bin/scdaemon
pinentry-program /bin/pinentry-tty
daemon

1
initrd/.gnupg/gpg.conf Normal file
View File

@ -0,0 +1 @@
use-agent

72
initrd/bin/flash-gui.sh
View File

@ -101,9 +101,9 @@ while true; do
if (whiptail --title 'Flash ROM?' \
--yesno "This will replace your old ROM with $ROM\n\nDo you want to proceed?" 16 90) then
if [ "$menu_choice" == "c" ]; then
/bin/flash.sh -c $ROM
/bin/flash.sh -c "$ROM"
else
/bin/flash.sh $ROM
/bin/flash.sh "$ROM"
fi
whiptail --title 'ROM Flashed Successfully' \
--msgbox "$ROM flashed successfully. Press Enter to reboot" 16 60
@ -137,18 +137,43 @@ while true; do
ROM=$FILE
fi
cat $PUBKEY | gpg --import
cp $ROM /tmp/gpg-gui.rom
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg") then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.gpg"
cat "$PUBKEY" | gpg --import
#update /.gnupg/trustdb.gpg to ultimately trust all user provided public keys
gpg --list-keys --fingerprint --with-colons |sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --import-ownertrust
gpg --update-trust
cp "$ROM" /tmp/gpg-gui.rom
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.kbx"); then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.kbx"
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg"); then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.gpg"
if [ -e /.gnupg/pubring.gpg ];then
rm /.gnupg/pubring.gpg
fi
fi
fi
#to be compatible with gpgv1
if [ -e /.gnupg/pubring.kbx ];then
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx
if [ -e /.gnupg/pubring.gpg ];then
rm /.gnupg/pubring.gpg
fi
fi
if [ -e /.gnupg/pubring.gpg ];then
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg
fi
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/trustdb.gpg") then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/trustdb.gpg"
fi
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg
#Remove old method owner trust exported file
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/otrust.txt") then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/otrust.txt"
fi
if (whiptail --title 'Flash ROM?' \
--yesno "This will replace your old ROM with $ROM\n\nDo you want to proceed?" 16 90) then
/bin/flash.sh /tmp/gpg-gui.rom
@ -179,17 +204,42 @@ while true; do
exit 1
fi
cat $PUBKEY | gpg --import
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg") then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.gpg"
cat "$PUBKEY" | gpg --import
#update /.gnupg/trustdb.gpg to ultimately trust all user provided public keys
gpg --list-keys --fingerprint --with-colons |sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --import-ownertrust
gpg --update-trust
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.kbx"); then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.kbx"
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg"); then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.gpg"
if [ -e /.gnupg/pubring.gpg ];then
rm /.gnupg/pubring.gpg
fi
fi
fi
#to be compatible with gpgv1
if [ -e /.gnupg/pubring.kbx ];then
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx
if [ -e /.gnupg/pubring.gpg ];then
rm /.gnupg/pubring.gpg
fi
fi
if [ -e /.gnupg/pubring.gpg ];then
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg
fi
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/trustdb.gpg") then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/trustdb.gpg"
fi
cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/trustdb.gpg" -f /.gnupg/trustdb.gpg
#Remove old method owner trust exported file
if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/otrust.txt") then
cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/otrust.txt"
fi
if (whiptail --title 'Update ROM?' \
--yesno "This will reflash your BIOS with the updated version\n\nDo you want to proceed?" 16 90) then
/bin/flash.sh /tmp/gpg-gui.rom

6
initrd/bin/key-init
View File

@ -5,9 +5,13 @@ set -e -o pipefail
# Post processing of keys
# Import user's keys
gpg --import /.gnupg/keys/* 2>/dev/null || true
gpg --import /.gnupg/keys/*.key /.gnupg/keys/*.asc 2>/dev/null || true
# Import trusted distro keys allowed for ISO signing
gpg --homedir=/etc/distro/ --import /etc/distro/keys/* 2>/dev/null || true
#Set distro keys trust level to ultimate (trust anything that was signed with these keys)
gpg --homedir=/etc/distro/ --list-keys --fingerprint --with-colons|sed -E -n -e 's/^fpr:::::::::([0-9A-F]+):$/\1:6:/p' |gpg --homedir=/etc/distro/ --import-ownertrust 2>/dev/null || true
gpg --homedir=/etc/distro/ --update-trust 2>/dev/null || true
# Add user's keys to the list of trusted keys for ISO signing
gpg --export | gpg --homedir=/etc/distro/ --import 2>/dev/null || true

3
initrd/init
View File

@ -49,6 +49,9 @@ if [ "$CONFIG_LINUXBOOT" = "y" ]; then
/bin/uefi-init
fi
# Set GPG_TTY before calling gpg in key-init
export GPG_TTY=$(tty)
/bin/key-init
# Setup recovery serial shell

60
modules/gpg2 Normal file
View File

@ -0,0 +1,60 @@
modules-$(CONFIG_GPG2) += gpg2
gpg2_version := 2.2.10
gpg2_dir := gnupg-$(gpg2_version)
gpg2_tar := gnupg-$(gpg2_version).tar.bz2
gpg2_url := https://www.gnupg.org/ftp/gcrypt/gnupg/$(gpg2_tar)
gpg2_hash := 799dd37a86a1448732e339bd20440f4f5ee6e69755f6fd7a73ee8af30840c915
# For reproducibility reasons we have to override the exec_prefix
# and datarootdir on the configure line so that the Makefiles will
# be generated with the correct paths, but then re-write them when
# we use the install target so that they will be copied to the correct
# location.
gpg2_configure := ./configure \
$(CROSS_TOOLS) \
CPPFLAGS="-I$(INSTALL)/include/libusb-1.0" \
--host x86_64-linux-musl \
--with-libusb="$(INSTALL)" \
--with-libgpg-error-prefix="$(INSTALL)" \
--with-libgcrypt-prefix="$(INSTALL)" \
--with-libassuan-prefix="$(INSTALL)" \
--with-ksba-prefix="$(INSTALL)" \
--with-npth-prefix="$(INSTALL)" \
--prefix "/" \
--libexecdir "/bin" \
--enable-scdaemon \
--enable-ccid-driver \
--disable-tofu \
--disable-rpath \
--disable-regex \
--disable-doc \
--disable-bzip2 \
--disable-asm \
--disable-exec \
--disable-photo-viewers \
--disable-keyserver-helpers \
--disable-ldap \
--disable-hkp \
--disable-finger \
--disable-dns-srv \
--disable-dns-cert \
--disable-regex \
--disable-nls \
--disable-all-tests \
--disable-wks-server \
--disable-wks-tools \
--disable-gnutls \
--disable-dirmngr \
# Run one build to generate the executables with the pre-defined
# exec_prefix and datarootdir, then a second make to install the binaries
# into our actual target location
gpg2_target := $(MAKE_JOBS) \
&& $(MAKE) -C $(build)/$(gpg2_dir) \
DESTDIR="$(INSTALL)" \
install
gpg2_output := g10/gpg agent/gpg-agent scd/scdaemon
gpg2_depends := libgpg-error libgcrypt libksba libassuan npth libusb-compat $(musl_dep)

24
modules/libassuan Normal file
View File

@ -0,0 +1,24 @@
modules-$(CONFIG_GPG2) += libassuan
libassuan_version := 2.5.1
libassuan_dir := libassuan-$(libassuan_version)
libassuan_tar := libassuan-$(libassuan_version).tar.bz2
libassuan_url := https://gnupg.org/ftp/gcrypt/libassuan/$(libassuan_tar)
libassuan_hash := 47f96c37b4f2aac289f0bc1bacfa8bd8b4b209a488d3d15e2229cb6cc9b26449
libassuan_configure := ./configure \
$(CROSS_TOOLS) \
--host x86_64-linux-musl \
--prefix "/" \
--disable-static \
--disable-nls \
--with-libgpg-error-prefix="$(INSTALL)" \
--disable-asm \
libassuan_target := $(MAKE_JOBS) \
DESTDIR="$(INSTALL)" \
$(CROSS_TOOLS) \
install \
libassuan_libraries := src/.libs/libassuan.so.0
libassuan_depends := libgpg-error $(musl_dep)

24
modules/libgcrypt Normal file
View File

@ -0,0 +1,24 @@
modules-$(CONFIG_GPG2) += libgcrypt
libgcrypt_version := 1.8.3
libgcrypt_dir := libgcrypt-$(libgcrypt_version)
libgcrypt_tar := libgcrypt-$(libgcrypt_version).tar.bz2
libgcrypt_url := https://gnupg.org/ftp/gcrypt/libgcrypt/$(libgcrypt_tar)
libgcrypt_hash := 66ec90be036747602f2b48f98312361a9180c97c68a690a5f376fa0f67d0af7c
libgcrypt_configure := ./configure \
$(CROSS_TOOLS) \
--host=x86_64-linux-musl \
--prefix "/" \
--disable-static \
--with-libgpg-error-prefix="$(INSTALL)" \
--disable-asm \
--disable-nls \
libgcrypt_target := $(MAKE_JOBS) \
DESTDIR="$(INSTALL)" \
$(CROSS_TOOLS) \
install \
libgcrypt_libraries := src/.libs/libgcrypt.so.20
libgcrypt_depends := libgpg-error $(musl_dep)

26
modules/libgpg-error Normal file
View File

@ -0,0 +1,26 @@
modules-$(CONFIG_GPG2) += libgpg-error
libgpg-error_version := 1.32
libgpg-error_dir := libgpg-error-$(libgpg-error_version)
libgpg-error_tar := libgpg-error-$(libgpg-error_version).tar.bz2
libgpg-error_url := https://gnupg.org/ftp/gcrypt/libgpg-error/$(libgpg-error_tar)
libgpg-error_hash := c345c5e73cc2332f8d50db84a2280abfb1d8f6d4f1858b9daa30404db44540ca
libgpg-error_configure := ./configure \
$(CROSS_TOOLS) \
--prefix "/" \
--host=x86_64-linux-musl \
--disable-static \
--disable-nls \
--disable-languages \
--disable-doc \
--disable-tests \
--disable-asm \
libgpg-error_target := $(MAKE_JOBS) \
DESTDIR="$(INSTALL)" \
$(CROSS_TOOLS) \
install \
libgpg-error_libraries := src/.libs/libgpg-error.so.0
libgpg-error_depends := $(musl_dep)

24
modules/libksba Normal file
View File

@ -0,0 +1,24 @@
modules-$(CONFIG_GPG2) += libksba
libksba_version := 1.3.5
libksba_dir := libksba-$(libksba_version)
libksba_tar := libksba-$(libksba_version).tar.bz2
libksba_url := https://gnupg.org/ftp/gcrypt/libksba/$(libksba_tar)
libksba_hash := 41444fd7a6ff73a79ad9728f985e71c9ba8cd3e5e53358e70d5f066d35c1a340
libksba_configure := ./configure \
$(CROSS_TOOLS) \
--host x86_64-linux-musl \
--prefix "/" \
--disable-static \
--disable-nls \
--with-libgpg-error-prefix="$(INSTALL)" \
--disable-asm \
libksba_target := $(MAKE_JOBS) \
DESTDIR="$(INSTALL)" \
$(CROSS_TOOLS) \
install \
libksba_libraries := src/.libs/libksba.so.8
libksba_depends := libgpg-error $(musl_dep)

13
modules/libusb
View File

@ -1,5 +1,6 @@
# GPG with Yubikey support requires libusb
modules-$(CONFIG_GPG) += libusb
modules-$(CONFIG_GPG2) += libusb
libusb_version := 1.0.21
libusb_dir := libusb-$(libusb_version)
@ -7,15 +8,17 @@ libusb_tar := libusb-$(libusb_version).tar.bz2
libusb_url := https://downloads.sourceforge.net/project/libusb/libusb-1.0/libusb-$(libusb_version)/$(libusb_tar)
libusb_hash := 7dce9cce9a81194b7065ee912bcd55eeffebab694ea403ffb91b67db66b1824b
libusb_configure := ./configure \
$(CROSS_TOOLS) \
--host i386-elf-linux \
--prefix "/" \
--disable-udev \
libusb_configure := ./configure\
$(CROSS_TOOLS)\
--host i386-elf-linux\
--prefix "/"\
--disable-udev\
--disable-tests\
# Run one build to generate the executables with the pre-defined
# exec_prefix and datarootdir, then a second make to install the binaries
# into our actual target location
libusb_target := $(MAKE_JOBS) \
DESTDIR="$(INSTALL)" \
$(CROSS_TOOLS) \

2
modules/libusb-compat
View File

@ -1,7 +1,9 @@
# GPG 1.4.21 uses an old version of libusb, which
# is emulated with the compatibility library.
# This is a bit of a hack to set it up.
modules-$(CONFIG_GPG) += libusb-compat
modules-$(CONFIG_GPG2) += libusb-compat
libusb-compat_version := 0.1.5
libusb-compat_dir := libusb-compat-$(libusb-compat_version)

24
modules/npth Normal file
View File

@ -0,0 +1,24 @@
modules-$(CONFIG_GPG2) += npth
npth_version := 1.6
npth_dir := npth-$(npth_version)
npth_tar := npth-$(npth_version).tar.bz2
npth_url := https://gnupg.org/ftp/gcrypt/npth/$(npth_tar)
npth_hash := 1393abd9adcf0762d34798dc34fdcf4d0d22a8410721e76f1e3afcd1daa4e2d1
npth_configure := ./configure \
$(CROSS_TOOLS) \
--host x86_64-linux-musl \
--prefix "/" \
--disable-static \
--disable-nls \
--with-libgpg-error-prefix="$(INSTALL)" \
--disable-asm \
npth_target := $(MAKE_JOBS) \
DESTDIR="$(INSTALL)" \
$(CROSS_TOOLS) \
install \
npth_libraries := src/.libs/libnpth.so.0
npth_depends := libgpg-error $(musl_dep)

42
modules/pinentry Normal file
View File

@ -0,0 +1,42 @@
# pinentry is required for gpg2 to be able to read user passwords
CONFIG_PINENTRY ?= $(CONFIG_GPG2)
modules-$(CONFIG_PINENTRY) += pinentry
pinentry_version := 1.1.0
pinentry_dir := pinentry-$(pinentry_version)
pinentry_tar := pinentry-$(pinentry_version).tar.bz2
pinentry_url := https://www.gnupg.org/ftp/gcrypt/pinentry/$(pinentry_tar)
pinentry_hash := 68076686fa724a290ea49cdf0d1c0c1500907d1b759a3bcbfbec0293e8f56570
# For reproducibility reasons we have to override the exec_prefix
# and datarootdir on the configure line so that the Makefiles will
# be generated with the correct paths, but then re-write them when
# we use the install target so that they will be copied to the correct
# location.
pinentry_configure := ./configure \
$(CROSS_TOOLS) \
--host x86_64-linux-musl \
--prefix "/" \
--enable-pinentry-tty \
--disable-libsecret \
--disable-fallback-curses \
--disable-pinentry-curses \
--disable-pinentry-qt \
--disable-pinentry-fltk \
--disable-pinentry-emacs \
--disable-fallback-curses \
--with-libgpg-error-prefix="$(INSTALL)" \
--with-libassuan-prefix="$(INSTALL)" \
# Run one build to generate the executables with the pre-defined
# exec_prefix and datarootdir, then a second make to install the binaries
# into our actual target location
pinentry_target := $(MAKE_JOBS) \
&& $(MAKE) -C $(build)/$(pinentry_dir) \
DESTDIR="$(INSTALL)" \
install \
&& cp $(build)/$(pinentry_dir)/tty/pinentry-tty $(build)/$(pinentry_dir)/tty/pinentry
pinentry_output := tty/pinentry-tty
pinentry_depends := libgpg-error libassuan $(musl_dep)

27
patches/gpg2-2.2.10.patch Normal file
View File

@ -0,0 +1,27 @@
diff -u --recursive /home/tlaurion/build/clean/gnupg-2.2.10/configure gnupg-2.2.10/configure
--- /home/tlaurion/build/clean/gnupg-2.2.10/configure 2016-08-17 09:20:25.000000000 -0400
+++ gnupg-2.2.10/configure 2018-01-20 16:55:14.502067084 -0500
@@ -572,7 +572,7 @@
ac_clean_files=
ac_config_libobj_dir=.
LIBOBJS=
-cross_compiling=no
+cross_compiling=yes
subdirs=
MFLAGS=
MAKEFLAGS=
diff -u --recursive gnupg-2.2.10/common/ttyio.c gnupg-2.2.10/common/ttyio.c.mod
--- gnupg-2.2.10/common/ttyio.c 2017-08-28 06:22:54.000000000 -0400
+++ gnupg-2.2.10/common/ttyio.c.mod 2018-09-18 23:00:07.386250017 -0400
@@ -190,7 +190,9 @@
#elif defined (HAVE_W32CE_SYSTEM)
ttyfp = stderr;
#else
- ttyfp = batchmode? stderr : fopen (tty_get_ttyname (), "r+");
+ //ttyfp = batchmode? stderr : fopen( tty_get_ttyname (), "r+");
+ ttyfp = stderr;
+
if( !ttyfp ) {
log_error("cannot open '%s': %s\n", tty_get_ttyname (),
strerror(errno) );