summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJason Zaman <perfinion@gentoo.org>2017-11-18 14:17:48 +0800
committerJason Zaman <perfinion@gentoo.org>2017-11-18 16:28:15 +0800
commit355f57a7181769c610d7678fbbacc7f5b6b6335b (patch)
treee3af316c2d62e732b03119ac204fe8c2ffe088b8
parentruby-ng.eclass: Fix eclass doc warnings (diff)
downloadgentoo-355f57a7181769c610d7678fbbacc7f5b6b6335b.tar.gz
gentoo-355f57a7181769c610d7678fbbacc7f5b6b6335b.tar.bz2
gentoo-355f57a7181769c610d7678fbbacc7f5b6b6335b.zip
sys-boot/tboot: snapshot to fix CVE-2017-16837 (bug 637942)
Package-Manager: Portage-2.3.13, Repoman-2.3.3
-rw-r--r--sys-boot/tboot/Manifest1
-rw-r--r--sys-boot/tboot/tboot-1.9.6_p20171118.ebuild71
2 files changed, 72 insertions, 0 deletions
diff --git a/sys-boot/tboot/Manifest b/sys-boot/tboot/Manifest
index 1248c9738036..da65d9daa3e7 100644
--- a/sys-boot/tboot/Manifest
+++ b/sys-boot/tboot/Manifest
@@ -1,2 +1,3 @@
DIST tboot-1.9.5.tar.gz 685460 SHA256 c7032e367ac0129493c9bb1fcd1437f400ff5533c970119ddce281ff4d58a13f SHA512 d806b692d3d57d0aaf4095ef514a2859b2b054ec695cb5589b3a6133eec7f7a9a0e76544e4b557df02add5ed67c3c15fb3ee5f17d6438252b659d6e5c7d17fe9 WHIRLPOOL 04843854b1a646d6126079a3b46bacf0c8191d5b5c322f8bc04ea39c0d5470bba2f7f2499761d42aa258552c1dfbeb626275e7473628b21719a6fe59bc05029c
DIST tboot-1.9.6.tar.gz 693564 SHA256 1b55eed6ca8196b2a003936594248a242888ac34ff970eda651e7660c4772a39 SHA512 f53f5535f7ab031439514b43811cd2ec93efcb7614cb7bc7d1f3051d808d942e8a4942fd1d0ab6fe0c245740c2a10ba7adbcd44f2c42b2a577d9a20c0c5df90e WHIRLPOOL 889af09491c599d73976a0a4b456e9d01f44c47bffd047cb0f84ca786953b02c952a2d8c1fe873ac0390f6faffe7f41c0871e07f8c9466c9bc719f683dfc4a36
+DIST tboot-1.9.6_p20171118.tar.gz 691068 SHA256 729cb6ef75d1da7e258a544084fb36d87313a06300d30fef767d802cbc1cfd28 SHA512 6476b783516909bf9cf10915fc23e71dca03d521dcc7bf71fbd19684c996c2c588955bb8f896f02afe56feddf9c639b6349635651c852a90319429b2943ec950 WHIRLPOOL 0d98e303069a3fcf9e3706050b1325497c0e52b66e52f934a619962f2e6c2b4519ffef0627c41e38fd7924fdbb9b170a58f65f674f5be52a344322cdb8f2f307
diff --git a/sys-boot/tboot/tboot-1.9.6_p20171118.ebuild b/sys-boot/tboot/tboot-1.9.6_p20171118.ebuild
new file mode 100644
index 000000000000..3da7e7525a77
--- /dev/null
+++ b/sys-boot/tboot/tboot-1.9.6_p20171118.ebuild
@@ -0,0 +1,71 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit flag-o-matic mount-boot
+
+DESCRIPTION="Performs a measured and verified boot using Intel Trusted Execution Technology"
+HOMEPAGE="https://sourceforge.net/projects/tboot/"
+SRC_URI="https://dev.gentoo.org/~perfinion/distfiles/${P}.tar.gz"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="~amd64 ~x86 -*"
+IUSE="custom-cflags selinux"
+
+# requires patching the kernel src
+RESTRICT="test"
+
+DEPEND="app-crypt/trousers
+app-crypt/tpm-tools
+dev-libs/openssl:0=[-bindist]"
+
+RDEPEND="${DEPEND}
+sys-boot/grub:2
+selinux? ( sec-policy/selinux-tboot )"
+
+DOCS=( README COPYING CHANGELOG )
+PATCHES=( "${FILESDIR}/${PN}-1.9.5-genkernel-path.patch" )
+
+src_prepare() {
+ sed -i 's/ -Werror//g' Config.mk || die
+ sed -i 's/^INSTALL_STRIP = -s$//' Config.mk || die # QA Errors
+
+ default
+}
+
+src_compile() {
+ use custom-cflags && export TBOOT_CFLAGS=${CFLAGS} || unset CCASFLAGS CFLAGS CPPFLAGS LDFLAGS
+
+ if use amd64; then
+ export MAKEARGS="TARGET_ARCH=x86_64"
+ else
+ export MAKEARGS="TARGET_ARCH=i686"
+ fi
+
+ default
+}
+
+src_install() {
+ emake DISTDIR="${D}" install
+
+ dodoc "${DOCS[@]}"
+ dodoc docs/*.txt lcptools/*.{txt,pdf} || die "docs failed"
+
+ cd "${D}"
+ mkdir -p usr/lib/tboot/ || die
+ mv boot usr/lib/tboot/ || die
+}
+
+pkg_postinst() {
+ mount-boot_mount_boot_partition
+
+ cp ${ROOT%/}/usr/lib/tboot/boot/* ${ROOT%/}/boot/
+
+ mount-boot_pkg_postinst
+
+ ewarn "Please remember to download the SINIT AC Module relevant"
+ ewarn "for your platform from:"
+ ewarn "http://software.intel.com/en-us/articles/intel-trusted-execution-technology/"
+}