[Buildroot] [PATCH 1/1] package/mokutil: new package

[Buildroot] [PATCH 1/1] package/mokutil: new package

[Julien Olivain]

mokutil is a tool to import or delete the machines owner
keys (MOK) stored in the database of shim.

"shim" is the first stage bootloader to support UEFI Secure
Boot. See also the "shim" package in the bootloaders
section.

https://github.com/lcp/mokutil

Signed-off-by: Julien Olivain <ju.o@free.fr>
---
Patch tested on branch master at commit 31abe2f with commands:

    make check-package
    ...
    0 warnings generated

    utils/test-pkg -a -p mokutil
    ...
        br-i386-pentium-mmx-musl [32/45]: FAILED
    ...
    45 builds, 32 skipped, 1 build failed, 0 legal-info failed, 0 show-info failed

Note: the br-i386-pentium-mmx-musl build failure is due to an old
musl libc not containing the qsort_r() function.

Thomas mentioned in [1] that this kind of failure should be addressed
by updating the toolchain in test-pkg, instead.

[1] https://lists.buildroot.org/pipermail/buildroot/2024-March/686962.html
---
 DEVELOPERS                   |  1 +
 package/Config.in            |  1 +
 package/mokutil/Config.in    | 31 +++++++++++++++++++++++++++++++
 package/mokutil/mokutil.hash |  3 +++
 package/mokutil/mokutil.mk   | 19 +++++++++++++++++++
 5 files changed, 55 insertions(+)
 create mode 100644 package/mokutil/Config.in
 create mode 100644 package/mokutil/mokutil.hash
 create mode 100644 package/mokutil/mokutil.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index a6364cdd441..087f3bc0b66 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -1733,6 +1733,7 @@ F:	package/gnupg2/
 F:	package/highway/
 F:	package/kexec/
 F:	package/libjxl/
+F:	package/mokutil/
 F:	package/octave/
 F:	package/ola/
 F:	package/openblas/
diff --git a/package/Config.in b/package/Config.in
index c677c3ff4a9..a39022cef8c 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2763,6 +2763,7 @@ menu "System tools"
 	source "package/mender-grubenv/Config.in"
 	source "package/mfoc/Config.in"
 	source "package/moby-buildkit/Config.in"
+	source "package/mokutil/Config.in"
 	source "package/monit/Config.in"
 	source "package/multipath-tools/Config.in"
 	source "package/ncdu/Config.in"
diff --git a/package/mokutil/Config.in b/package/mokutil/Config.in
new file mode 100644
index 00000000000..e6164087b86
--- /dev/null
+++ b/package/mokutil/Config.in
@@ -0,0 +1,31 @@
+config BR2_PACKAGE_MOKUTIL
+	bool "mokutil"
+	depends on BR2_PACKAGE_EFIVAR_ARCH_SUPPORTS
+	depends on BR2_PACKAGE_SHIM_ARCH_SUPPORTS
+	depends on BR2_USE_MMU # keyutils
+	depends on !BR2_STATIC_LIBS # efivar, keyutils
+	depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_MIPS # efivar
+	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 # efivar
+	depends on BR2_TOOLCHAIN_HAS_THREADS # efivar
+	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_12 # efivar
+	select BR2_PACKAGE_EFIVAR
+	select BR2_PACKAGE_KEYUTILS
+	select BR2_PACKAGE_OPENSSL
+	help
+	  mokutil is a tool to import or delete the machines owner
+	  keys (MOK) stored in the database of shim.
+
+	  "shim" is the first stage bootloader to support UEFI Secure
+	  Boot. See also the "shim" package in the bootloaders
+	  section.
+
+	  https://github.com/lcp/mokutil
+
+comment "mokutil needs a toolchain w/ dynamic library, threads, gcc >= 4.9, headers >= 3.12"
+	depends on BR2_PACKAGE_EFIVAR_ARCH_SUPPORTS
+	depends on BR2_PACKAGE_SHIM_ARCH_SUPPORTS
+	depends on BR2_USE_MMU
+	depends on BR2_STATIC_LIBS || \
+		BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 || \
+		!BR2_TOOLCHAIN_HAS_THREADS || \
+		BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_12
diff --git a/package/mokutil/mokutil.hash b/package/mokutil/mokutil.hash
new file mode 100644
index 00000000000..86555e6f4db
--- /dev/null
+++ b/package/mokutil/mokutil.hash
@@ -0,0 +1,3 @@
+# Locally calculated
+sha256  1c0bcba3d2f4ab98235b1edb5eb71b40508f79d93d3e28b1a04b7fbd4a2c1457  mokutil-0.7.1.tar.gz
+sha256  8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING
diff --git a/package/mokutil/mokutil.mk b/package/mokutil/mokutil.mk
new file mode 100644
index 00000000000..6e83d9f1383
--- /dev/null
+++ b/package/mokutil/mokutil.mk
@@ -0,0 +1,19 @@
+################################################################################
+#
+# mokutil
+#
+################################################################################
+
+MOKUTIL_VERSION = 0.7.1
+MOKUTIL_SITE = $(call github,lcp,mokutil,$(MOKUTIL_VERSION))
+MOKUTIL_LICENSE = GPL-3.0+
+MOKUTIL_LICENSE_FILES = COPYING
+MOKUTIL_AUTORECONF = YES
+
+MOKUTIL_DEPENDENCIES = \
+	efivar \
+	host-pkgconf \
+	keyutils \
+	openssl
+
+$(eval $(autotools-package))
-- 
2.44.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/1] package/mokutil: new package

[Thomas Petazzoni via buildroot]

On Sun, 10 Mar 2024 16:10:36 +0100
Julien Olivain <ju.o@free.fr> wrote:

> mokutil is a tool to import or delete the machines owner
> keys (MOK) stored in the database of shim.
> 
> "shim" is the first stage bootloader to support UEFI Secure
> Boot. See also the "shim" package in the bootloaders
> section.
> 
> https://github.com/lcp/mokutil
> 
> Signed-off-by: Julien Olivain <ju.o@free.fr>
> ---
> Patch tested on branch master at commit 31abe2f with commands:

Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot