sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-07-18 01:39:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

New port: sysutils/pesign

Browse source 
Signing tool for PE-COFF binaries, hopefully at least vaguely compliant
with the PE and Authenticode specifications.

Sponsored by:	The FreeBSD Foundation
This commit is contained in:
Edward Tomasz Napierala 2015-01-21 13:40:24 +00:00
parent c277e07b27
commit b7ec4f6183
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=377606
18 changed files with 412 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
sysutils/Makefile
View file

@ -676,6 +676,7 @@
SUBDIR += pecl-proctitle SUBDIR += pecl-proctitle
SUBDIR += pefs-kmod SUBDIR += pefs-kmod
SUBDIR += personality SUBDIR += personality
SUBDIR += pesign
SUBDIR += pflogx SUBDIR += pflogx
SUBDIR += pfstat SUBDIR += pfstat
SUBDIR += pftables SUBDIR += pftables

47
sysutils/pesign/Makefile Normal file
View file

@ -0,0 +1,47 @@
# Created by: Edward Tomasz Napierala <trasz@FreeBSD.org>
# $FreeBSD$
PORTNAME= pesign
PORTVERSION= 0.110
CATEGORIES= sysutils
MAINTAINER= trasz@FreeBSD.org
COMMENT= Signing utility for UEFI secure boot
LICENSE= GPLv2
LIB_DEPENDS= libefivar.so:${PORTSDIR}/devel/efivar \
libnspr4.so:${PORTSDIR}/devel/nspr \
libnss3.so:${PORTSDIR}/security/nss \
libpopt.so:${PORTSDIR}/devel/popt \
libuuid.so:${PORTSDIR}/misc/e2fsprogs-libuuid
USE_GCC= 4.8+
USE_GITHUB= yes
GH_ACCOUNT= vathpela
GH_COMMIT= 00288b4
USES= gmake pkgconfig
USE_LDCONFIG= yes
.include <bsd.port.pre.mk>
.if ${OPSYS} == FreeBSD && ${OSVERSION} < 1001505
BROKEN= This port requires ppoll(2) system call
.endif
post-patch:
@${REINPLACE_CMD} -e 's|%%CC%%|${CC}|g' ${WRKSRC}/Make.defaults
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/src/efikeygen ${STAGEDIR}${PREFIX}/bin
${INSTALL_PROGRAM} ${WRKSRC}/src/pesign ${STAGEDIR}${PREFIX}/bin
${INSTALL_LIB} ${WRKSRC}/libdpe/libdpe.so ${STAGEDIR}${PREFIX}/lib
${MKDIR} ${STAGEDIR}${PREFIX}/include/libdpe
${INSTALL_DATA} ${WRKSRC}/include/libdpe/pe.h ${STAGEDIR}${PREFIX}/include/libdpe
${INSTALL_DATA} ${WRKSRC}/include/libdpe/libdpe.h ${STAGEDIR}${PREFIX}/include/libdpe
${INSTALL_MAN} ${WRKSRC}/src/efikeygen.1 ${STAGEDIR}${MAN1PREFIX}/man/man1
${INSTALL_MAN} ${WRKSRC}/src/pesign-client.1 ${STAGEDIR}${MAN1PREFIX}/man/man1
${INSTALL_MAN} ${WRKSRC}/src/pesign.1 ${STAGEDIR}${MAN1PREFIX}/man/man1
.include <bsd.port.post.mk>

2
sysutils/pesign/distinfo Normal file
View file

@ -0,0 +1,2 @@
SHA256 (pesign-0.110.tar.gz) = f45ebbdf15c48283b364b6c5c75e7560d1adede3fc04b6432ad6fee560e030fa
SIZE (pesign-0.110.tar.gz) = 103884

37
sysutils/pesign/files/patch-Make.defaults Normal file
View file

@ -0,0 +1,37 @@
--- Make.defaults.orig 2014-10-24 21:51:06.000000000 +0200
+++ Make.defaults 2015-01-16 10:34:32.000000000 +0100
@@ -4,22 +4,24 @@ PREFIX := /usr
HOSTARCH = $(shell uname -m | sed s,i[3456789]86,ia32,)
ARCH := $(shell uname -m | sed s,i[3456789]86,ia32,)
INCDIR = -I$(TOPDIR)/include
-CPPFLAGS = -DCONFIG_$(ARCH)
-CFLAGS = -g -O0
+CPPFLAGS += -DCONFIG_$(ARCH)
+CFLAGS += -g -O0
BUILDFLAGS := $(CFLAGS) $(ARCH3264) -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants --std=gnu99 -D_GNU_SOURCE -Wno-unused-result -Wno-unused-function
ASFLAGS = $(ARCH3264)
LDFLAGS = -nostdlib
CCLDFLAGS = -shared
INSTALL = install
-# XXX this is broken
-bindir = /usr/bin/
-CC = $(bindir)gcc
-AS = $(bindir)as
-LD = $(bindir)ld.bfd
-AR = $(bindir)ar
-RANLIB = $(bindir)ranlib
-OBJCOPY = $(bindir)objcopy
+CC = $(prefix)%%CC%%
+AS = $(prefix)as
+LD = $(prefix)ld.bfd
+AR = $(prefix)ar
+RANLIB = $(prefix)ranlib
+OBJCOPY = $(prefix)objcopy
+
+ifeq ($(ARCH),amd64)
+ ARCH = x86_64
+endif
ifeq ($(ARCH),ia64)
CFLAGS += -mfixed-range=f32-f127

11
sysutils/pesign/files/patch-include-libdpe-libdpe.h Normal file
View file

@ -0,0 +1,11 @@
--- include/libdpe/libdpe.h.orig 2015-01-16 09:43:46.000000000 +0100
+++ include/libdpe/libdpe.h 2015-01-16 09:43:53.000000000 +0100
@@ -78,7 +78,7 @@ extern Pe *pe_begin(int fildes, Pe_Cmd c
extern Pe *pe_clone(Pe *pe, Pe_Cmd cmd);
extern Pe *pe_memory(char *image, size_t size);
extern int pe_end(Pe *pe);
-extern loff_t pe_update(Pe *pe, Pe_Cmd cmd);
+extern off_t pe_update(Pe *pe, Pe_Cmd cmd);
extern Pe_Kind pe_kind(Pe *Pe) __attribute__ ((__pure__));
extern Pe_Scn *pe_nextscn(Pe *pe, Pe_Scn *scn);
extern Pe_Scn *pe_getscn(Pe *pe, size_t idx);

17
sysutils/pesign/files/patch-libdpe-common.h Normal file
View file

@ -0,0 +1,17 @@
--- libdpe/common.h.orig 2014-10-24 21:51:06.000000000 +0200
+++ libdpe/common.h 2015-01-16 10:23:58.000000000 +0100
@@ -23,11 +23,11 @@
#include <sys/mman.h>
#define pwrite_retry(fd, buf, len, off) \
- TEMP_FAILURE_RETRY (pwrite (fd, buf, len, off))
+ pwrite (fd, buf, len, off)
#define write_retry(fd, buf, n) \
- TEMP_FAILURE_RETRY (write (fd, buf, n))
+ write (fd, buf, n)
#define pread_retry(fd, buf, len, off) \
- TEMP_FAILURE_RETRY (pread (fd, buf, len, off))
+ pread (fd, buf, len, off)
#define is_64_bit(pe) ((pe)->flags & IMAGE_FILE_32BIT_MACHINE)

60
sysutils/pesign/files/patch-libdpe-endian.h Normal file
View file

@ -0,0 +1,60 @@
--- libdpe/endian.h.orig 2015-01-16 09:47:58.000000000 +0100
+++ libdpe/endian.h 2015-01-16 09:48:53.000000000 +0100
@@ -19,7 +19,7 @@
#ifndef ENDIAN_H
#define ENDIAN_H
-#include <endian.h>
+#include <sys/endian.h>
#include <stdint.h>
#include <string.h>
@@ -30,32 +30,34 @@
#define le16_to_cpu(x) (x)
#define le32_to_cpu(x) (x)
#define le64_to_cpu(x) (x)
-#define cpu_to_be16(x) __bswap_16(x)
-#define cpu_to_be32(x) __bswap_32(x)
-#define cpu_to_be64(x) __bswap_64(x)
-#define be16_to_cpu(x) __bswap_16(x)
-#define be32_to_cpu(x) __bswap_32(x)
-#define be64_to_cpu(x) __bswap_64(x)
-#else
+#define cpu_to_be16(x) bswap16(x)
+#define cpu_to_be32(x) bswap32(x)
+#define cpu_to_be64(x) bswap64(x)
+#define be16_to_cpu(x) bswap16(x)
+#define be32_to_cpu(x) bswap32(x)
+#define be64_to_cpu(x) bswap64(x)
+#elif __BYTE_ORDER == __BIG_ENDIAN
#define cpu_to_be16(x) (x)
#define cpu_to_be32(x) (x)
#define cpu_to_be64(x) (x)
#define be16_to_cpu(x) (x)
#define be32_to_cpu(x) (x)
#define be64_to_cpu(x) (x)
-#define cpu_to_le16(x) __bswap_16(x)
-#define cpu_to_le32(x) __bswap_32(x)
-#define cpu_to_le64(x) __bswap_64(x)
-#define le16_to_cpu(x) __bswap_16(x)
-#define le32_to_cpu(x) __bswap_32(x)
-#define le64_to_cpu(x) __bswap_64(x)
+#define cpu_to_le16(x) bswap16(x)
+#define cpu_to_le32(x) bswap32(x)
+#define cpu_to_le64(x) bswap64(x)
+#define le16_to_cpu(x) bswap16(x)
+#define le32_to_cpu(x) bswap32(x)
+#define le64_to_cpu(x) bswap64(x)
+#else
+#error "Unknown endianess"
#endif
static inline uint32_t
__attribute__((unused))
SwapBytes32(uint32_t x)
{
- return __bswap_32(x);
+ return bswap32(x);
}
static inline int

11
sysutils/pesign/files/patch-libdpe-lock.h Normal file
View file

@ -0,0 +1,11 @@
--- libdpe/lock.h.orig 2015-01-16 09:53:05.000000000 +0100
+++ libdpe/lock.h 2015-01-16 09:53:44.000000000 +0100
@@ -31,7 +31,7 @@
#include <assert.h>
#define rwlock_define(class,name) class pthread_rwlock_t name
#define RWLOCK_CALL(call) \
- ({ int _err = pthread_rwlock_ ## call; assert_perror(_err); })
+ ({ int _err = pthread_rwlock_ ## call; assert(_err == 0); })
#define rwlock_init(lock) RWLOCK_CALL(init (&lock, NULL))
#define rwlock_fini(lock) RWLOCK_CALL(destroy (&lock))
#define rwlock_rdlock(lock) RWLOCK_CALL(rdlock (&lock))

52
sysutils/pesign/files/patch-libdpe-pe_allocspace.c Normal file
View file

@ -0,0 +1,52 @@
--- libdpe/pe_allocspace.c.orig 2014-10-24 21:51:06.000000000 +0200
+++ libdpe/pe_allocspace.c 2015-01-16 09:58:52.000000000 +0100
@@ -19,6 +19,7 @@
#include "libdpe.h"
+#include <err.h>
#include <unistd.h>
#include <sys/mman.h>
#include <sys/types.h>
@@ -83,6 +84,7 @@ pe_set_image_size(Pe *pe)
int
pe_extend_file(Pe *pe, size_t size, uint32_t *new_space, int align)
{
+ int error;
void *new = NULL;
if (align)
@@ -93,9 +95,13 @@ pe_extend_file(Pe *pe, size_t size, uint
if (rc < 0)
return -1;
- new = mremap(pe->map_address, pe->maximum_size,
- pe->maximum_size + extra, MREMAP_MAYMOVE);
+ error = munmap(pe->map_address, pe->maximum_size);
+ if (error != 0)
+ err(1, "munmap");
+ new = mmap(pe->map_address, pe->maximum_size + extra,
+ PROT_WRITE | PROT_READ, MAP_SHARED, pe->fildes, 0);
if (new == MAP_FAILED) {
+ err(1, "mmap");
__libpe_seterrno (PE_E_NOMEM);
return -1;
}
@@ -116,10 +122,15 @@ int
pe_shorten_file(Pe *pe, size_t size)
{
void *new = NULL;
+ int error;
- new = mremap(pe->map_address, pe->maximum_size,
- pe->maximum_size - size, 0);
+ error = munmap(pe->map_address, pe->maximum_size);
+ if (error != 0)
+ err(1, "munmap");
+
+ new = mmap(pe->map_address, pe->maximum_size - size, PROT_READ | PROT_WRITE, MAP_SHARED, pe->fildes, 0);
if (new == MAP_FAILED) {
+ err(1, "mmap");
__libpe_seterrno (PE_E_NOMEM);
return -1;
}

11
sysutils/pesign/files/patch-libdpe-pe_update.c Normal file
View file

@ -0,0 +1,11 @@
--- libdpe/pe_update.c.orig 2015-01-16 09:50:40.000000000 +0100
+++ libdpe/pe_update.c 2015-01-16 09:50:47.000000000 +0100
@@ -75,7 +75,7 @@ write_file(Pe *pe, off_t size, size_t sh
return size;
}
-loff_t
+off_t
pe_update(Pe *pe, Pe_Cmd cmd)
{
if (cmd != PE_C_NULL && cmd != PE_C_WRITE && cmd != PE_C_WRITE_MMAP) {

13
sysutils/pesign/files/patch-src-Makefile Normal file
View file

@ -0,0 +1,13 @@
--- src/Makefile.orig 2015-01-16 10:03:55.000000000 +0100
+++ src/Makefile 2015-01-16 10:04:21.000000000 +0100
@@ -7,8 +7,8 @@ PKLIBS = nss
LIBS = popt uuid efivar
STATIC_LIBS = $(TOPDIR)/libdpe/libdpe.a
LDFLAGS =
-CCLDFLAGS = -L../libdpe $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-L $(pklib))) -pie -fPIE -Wl,-z,relro,-z,now
-BUILDFLAGS += -I../include/ $(foreach pklib,$(PKLIBS), $(shell pkg-config --cflags $(pklib))) -Werror -fPIE
+CCLDFLAGS = -L../libdpe $(foreach pklib,$(PKLIBS), $(shell pkg-config --libs-only-L $(pklib))) -fPIC -Wl,-z,relro,-z,now
+BUILDFLAGS += -I../include/ $(foreach pklib,$(PKLIBS), $(shell pkg-config --cflags $(pklib))) -Werror -fPIC
TARGETS = pesign authvar client efisiglist efikeygen pesigcheck

11
sysutils/pesign/files/patch-src-cms_common.c Normal file
View file

@ -0,0 +1,11 @@
--- src/cms_common.c.orig 2014-10-24 21:51:06.000000000 +0200
+++ src/cms_common.c 2015-01-16 10:00:34.000000000 +0100
@@ -45,7 +45,7 @@ struct digest_param {
SECOidTag digest_tag;
SECOidTag signature_tag;
SECOidTag digest_encryption_tag;
- efi_guid_t *efi_guid;
+ const efi_guid_t *efi_guid;
int size;
};

48
sysutils/pesign/files/patch-src-daemon.c Normal file
View file

@ -0,0 +1,48 @@
--- src/daemon.c.orig 2014-10-24 21:51:06.000000000 +0200
+++ src/daemon.c 2015-01-16 09:57:05.000000000 +0100
@@ -25,7 +25,6 @@
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
-#include <sys/prctl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
@@ -864,8 +863,8 @@ shutdown:
struct sockaddr_un remote;
socklen_t len = sizeof(remote);
- pollfds[nsockets-1].fd = accept(pollfds[0].fd, &remote,
- &len);
+ pollfds[nsockets-1].fd = accept(pollfds[0].fd,
+ (struct sockaddr *)&remote, &len);
pollfds[nsockets-1].events = POLLIN|POLLPRI|POLLHUP;
pollfds[nsockets-1].revents = pollfds[0].revents;
}
@@ -942,7 +941,7 @@ set_up_socket(context *ctx)
.sun_path = SOCKPATH,
};
- int rc = bind(sd, &addr_un, sizeof(addr_un));
+ int rc = bind(sd, (struct sockaddr *)&addr_un, sizeof(addr_un));
if (rc < 0) {
ctx->backup_cms->log(ctx->backup_cms, ctx->priority|LOG_ERR,
"unable to bind to \"%s\": %m",
@@ -998,7 +997,7 @@ check_socket(context *ctx)
struct sockaddr_un remote;
socklen_t size = sizeof(remote);
- rc = getpeername(sd, &remote, &size);
+ rc = getpeername(sd, (struct sockaddr *)&remote, &size);
if (rc < 0) {
close(sd);
return;
@@ -1159,8 +1158,6 @@ daemonize(cms_context *cms_ctx, char *ce
close(fd);
}
- prctl(PR_SET_NAME, "pesignd", 0, 0, 0);
-
setsid();
if (do_fork) {

16
sysutils/pesign/files/patch-src-efisiglist.c Normal file
View file

@ -0,0 +1,16 @@
--- src/efisiglist.c.orig 2014-10-24 21:51:06.000000000 +0200
+++ src/efisiglist.c 2015-01-16 10:01:33.000000000 +0100
@@ -38,11 +38,11 @@ struct hash_param {
static struct hash_param hash_params[] = {
{.name = "sha256",
- .guid = &efi_guid_sha256,
+ .guid = (void *)&efi_guid_sha256,
.size = 32,
},
{.name = "sha1",
- .guid = &efi_guid_sha1,
+ .guid = (void *)&efi_guid_sha1,
.size = 20,
},
};

52
sysutils/pesign/files/patch-src-endian.h Normal file
View file

@ -0,0 +1,52 @@
--- src/endian.h.orig 2015-01-16 09:45:30.000000000 +0100
+++ src/endian.h 2015-01-16 09:46:28.000000000 +0100
@@ -18,7 +18,7 @@
#ifndef ENDIAN_H
#define ENDIAN_H
-#include <endian.h>
+#include <sys/endian.h>
#if __BYTE_ORDER == __LITTLE_ENDIAN
#define cpu_to_le16(x) (x)
@@ -27,25 +27,27 @@
#define le16_to_cpu(x) (x)
#define le32_to_cpu(x) (x)
#define le64_to_cpu(x) (x)
-#define cpu_to_be16(x) __bswap_16(x)
-#define cpu_to_be32(x) __bswap_32(x)
-#define cpu_to_be64(x) __bswap_64(x)
-#define be16_to_cpu(x) __bswap_16(x)
-#define be32_to_cpu(x) __bswap_32(x)
-#define be64_to_cpu(x) __bswap_64(x)
-#else
+#define cpu_to_be16(x) bswap_16(x)
+#define cpu_to_be32(x) bswap_32(x)
+#define cpu_to_be64(x) bswap_64(x)
+#define be16_to_cpu(x) bswap_16(x)
+#define be32_to_cpu(x) bswap_32(x)
+#define be64_to_cpu(x) bswap_64(x)
+#elif __BYTE_ORDER == __BIG_ENDIAN
#define cpu_to_be16(x) (x)
#define cpu_to_be32(x) (x)
#define cpu_to_be64(x) (x)
#define be16_to_cpu(x) (x)
#define be32_to_cpu(x) (x)
#define be64_to_cpu(x) (x)
-#define cpu_to_le16(x) __bswap_16(x)
-#define cpu_to_le32(x) __bswap_32(x)
-#define cpu_to_le64(x) __bswap_64(x)
-#define le16_to_cpu(x) __bswap_16(x)
-#define le32_to_cpu(x) __bswap_32(x)
-#define le64_to_cpu(x) __bswap_64(x)
+#define cpu_to_le16(x) bswap_16(x)
+#define cpu_to_le32(x) bswap_32(x)
+#define cpu_to_le64(x) bswap_64(x)
+#define le16_to_cpu(x) bswap_16(x)
+#define le32_to_cpu(x) bswap_32(x)
+#define le64_to_cpu(x) bswap_64(x)
+#else
+#error "Unknown endianess"
#endif
#endif /* ENDIAN_H */

11
sysutils/pesign/files/patch-src-siglist.c Normal file
View file

@ -0,0 +1,11 @@
--- src/siglist.c.orig 2014-10-24 21:51:06.000000000 +0200
+++ src/siglist.c 2015-01-16 10:02:50.000000000 +0100
@@ -60,7 +60,7 @@ struct signature_list {
};
struct sig_type {
- efi_guid_t *type;
+ const efi_guid_t *type;
uint32_t size;
};

4
sysutils/pesign/pkg-descr Normal file
View file

@ -0,0 +1,4 @@
Signing tool for PE-COFF binaries, hopefully at least vaguely compliant
with the PE and Authenticode specifications.
WWW: https://github.com/rhinstaller/pesign

8
sysutils/pesign/pkg-plist Normal file
View file

@ -0,0 +1,8 @@
bin/efikeygen
bin/pesign
include/libdpe/libdpe.h
include/libdpe/pe.h
lib/libdpe.so
man/man1/efikeygen.1.gz
man/man1/pesign-client.1.gz
man/man1/pesign.1.gz