commit: 3b8a376e2734c94174127aa3ac6d1563e3555b28 Author: Amy Liffey <amynka <AT> gentoo <DOT> org> AuthorDate: Wed Mar 10 19:05:15 2021 +0000 Commit: Amy Liffey <amynka <AT> gentoo <DOT> org> CommitDate: Wed Mar 10 19:05:15 2021 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3b8a376e
app-crypt/eid-mw: remove old 4.4.27, 5.0.11 Submitted-by: Vincent Hardy <vincent.hardy.be <AT> gmail.com> Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Amy Liffey <amynka <AT> gentoo.org> app-crypt/eid-mw/Manifest | 2 - app-crypt/eid-mw/eid-mw-4.4.27.ebuild | 108 --------- app-crypt/eid-mw/eid-mw-5.0.11.ebuild | 111 --------- app-crypt/eid-mw/files/eid-sign-test-4.4.19.patch | 272 ---------------------- app-crypt/eid-mw/metadata.xml | 3 - 5 files changed, 496 deletions(-) diff --git a/app-crypt/eid-mw/Manifest b/app-crypt/eid-mw/Manifest index 198a92e64ad..0af6a426942 100644 --- a/app-crypt/eid-mw/Manifest +++ b/app-crypt/eid-mw/Manifest @@ -1,3 +1 @@ -DIST eid-mw-4.4.27.tar.gz 7481892 BLAKE2B 5d1268946a62436eec74a7ed83e8391c1ceb0274ef8798b95bee2087e4e439d46ea5f88b8237cff1e925d31d1762fe979a959ce35efd4d6210dda580827bab3b SHA512 c4e9917907bb351b9dd427eb48c2124e55de0d8a73cfd142b9cb5e81c84f91e62a39a90bb1fbd109fb59aeb089898ffcd18ef5ccf2ab72c883b41ec4d9b9edf1 -DIST eid-mw-5.0.11.tar.gz 8928406 BLAKE2B 36358b758e1e865a7a99099f548b8e7acc045df73ab6290dc5ebf7e82c8b03566137340498e815cdb3458c63961233ef0e8530f75dfeed18e714b6fb4fcfbbcd SHA512 2753739797dbfe5b01c4538fca02f5a0833a3850a2b62cd4e7179a148b0459c9217311f44d1f03b9b9655187af7d90cbe53dd1e4a8318a0cba864d346f8c9324 DIST eid-mw-5.0.14.tar.gz 8971565 BLAKE2B d1e6997c089c72f6b6b15fafefa227d7341721c1fa52e446f0334c3915b2e16d84ccb27053dc2e12c0f932bb3cb96e1cbfadc0d6b203098734f74fa0dbffc6ab SHA512 97a4e1359c853f14e91d5ec6c3b13d97b3113106da1e7125b558d724aea76f8a15b289dd06ed13391896d9318daea0133eba9269b6103fb1b922e8b55ceaf9cc diff --git a/app-crypt/eid-mw/eid-mw-4.4.27.ebuild b/app-crypt/eid-mw/eid-mw-4.4.27.ebuild deleted file mode 100644 index 38d7672f996..00000000000 --- a/app-crypt/eid-mw/eid-mw-4.4.27.ebuild +++ /dev/null @@ -1,108 +0,0 @@ -# Copyright 1999-2020 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools desktop gnome2-utils xdg-utils - -DESCRIPTION="Electronic Identity Card middleware supplied by the Belgian Federal Government" -HOMEPAGE="https://eid.belgium.be"; -SRC_URI="https://codeload.github.com/fedict/${PN}/tar.gz/v${PV} -> ${P}.tar.gz" - -LICENSE="LGPL-3" -SLOT="0" -KEYWORDS="~amd64 ~arm ~x86" -IUSE="+dialogs +gtk +p11v220 p11-kit" - -RDEPEND=">=sys-apps/pcsc-lite-1.2.9 - gtk? ( - x11-libs/gdk-pixbuf[jpeg] - x11-libs/gtk+:* - dev-libs/libxml2 - net-misc/curl[ssl] - net-libs/libproxy - !app-misc/eid-viewer-bin - ) - p11-kit? ( app-crypt/p11-kit )" - -DEPEND="${RDEPEND} - virtual/pkgconfig" - -REQUIRED_USE="dialogs? ( gtk )" - -src_prepare() { - default - - sed -i -e 's:/beid/rsaref220:/rsaref220:' configure.ac || die - sed -i -e 's:/beid::' cardcomm/pkcs11/src/libbeidpkcs11.pc.in || die - - # Buggy internal versioning when autoreconf a tarball release. - # Weird numbering is required otherwise we get a seg fault in - # about-eid-mw program. - echo "${PV}-v${PV}" > .version - sed -i \ - -e '/^GITDESC/ d' \ - -e '/^VERCLEAN/ d' \ - scripts/build-aux/genver.sh - - # legacy xpi module : we don't want it anymore - sed -i -e '/SUBDIRS/ s:plugins_tools/xpi ::' Makefile.am || die - sed -i -e '/plugins_tools\/xpi/ d' configure.ac || die - - # hardcoded lsb_info - sed -i \ - -e "s:get_lsb_info('i'):strdup(_(\"Gentoo\")):" \ - -e "s:get_lsb_info('r'):strdup(_(\"n/a\")):" \ - -e "s:get_lsb_info('c'):strdup(_(\"n/a\")):" \ - plugins_tools/aboutmw/gtk/about-main.c || die - - # Fix libdir for pkcs11_manifestdir - sed -i \ - -e "/pkcs11_manifestdir/ s:prefix)/lib:libdir):" \ - cardcomm/pkcs11/src/Makefile.am || die - - # See bug #691308 - eapply "${FILESDIR}/eid-sign-test-4.4.19.patch" - - # See bug #732994 - sed -i \ - -e '/LDFLAGS="/ s:$CPPFLAGS:$LDFLAGS:' \ - configure.ac || die - - eautoreconf -} - -src_configure() { - econf \ - $(use_enable dialogs) \ - $(use_enable p11v220) \ - $(use_enable p11-kit p11kit) \ - $(use_with gtk gtkvers 'detect') \ - --with-gnu-ld \ - --disable-static -} - -src_install() { - default - rm -r "${ED}"/usr/$(get_libdir)/*.la || die - if use gtk; then - domenu plugins_tools/eid-viewer/eid-viewer.desktop - doicon plugins_tools/eid-viewer/gtk/eid-viewer.png - fi -} - -pkg_postinst() { - if use gtk; then - gnome2_schemas_update - xdg_desktop_database_update - xdg_icon_cache_update - fi -} - -pkg_postrm() { - if use gtk; then - gnome2_schemas_update - xdg_desktop_database_update - xdg_icon_cache_update - fi -} diff --git a/app-crypt/eid-mw/eid-mw-5.0.11.ebuild b/app-crypt/eid-mw/eid-mw-5.0.11.ebuild deleted file mode 100644 index b0e0654fd5b..00000000000 --- a/app-crypt/eid-mw/eid-mw-5.0.11.ebuild +++ /dev/null @@ -1,111 +0,0 @@ -# Copyright 1999-2021 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 - -inherit autotools desktop gnome2-utils xdg-utils - -DESCRIPTION="Electronic Identity Card middleware supplied by the Belgian Federal Government" -HOMEPAGE="https://eid.belgium.be"; -SRC_URI="https://codeload.github.com/fedict/${PN}/tar.gz/v${PV} -> ${P}.tar.gz" - -LICENSE="LGPL-3" -SLOT="0" -KEYWORDS="~amd64 ~arm ~x86" -IUSE="+dialogs +gtk +p11v220 p11-kit" - -RDEPEND=">=sys-apps/pcsc-lite-1.2.9 - gtk? ( - x11-libs/gdk-pixbuf[jpeg] - x11-libs/gtk+:3 - dev-libs/libxml2 - net-misc/curl[ssl] - net-libs/libproxy - app-crypt/pinentry[gtk] - ) - p11-kit? ( app-crypt/p11-kit )" - -DEPEND="${RDEPEND} - virtual/pkgconfig" - -REQUIRED_USE="dialogs? ( gtk )" - -src_prepare() { - default - - # Buggy internal versioning when autoreconf a tarball release. - # Weird numbering is required otherwise we get a seg fault in - # about-eid-mw program. - echo "${PV}-v${PV}" > .version - - # xpi module : we don't want it anymore - sed -i -e '/SUBDIRS/ s:plugins_tools/xpi ::' Makefile.am || die - sed -i -e '/plugins_tools\/xpi/ d' configure.ac || die - - # hardcoded lsb_info - sed -i \ - -e "s:get_lsb_info('i'):strdup(_(\"Gentoo\")):" \ - -e "s:get_lsb_info('r'):strdup(_(\"n/a\")):" \ - -e "s:get_lsb_info('c'):strdup(_(\"n/a\")):" \ - plugins_tools/aboutmw/gtk/about-main.c || die - - # Fix libdir for pkcs11_manifestdir - sed -i \ - -e "/pkcs11_manifestdir/ s:prefix)/lib:libdir):" \ - cardcomm/pkcs11/src/Makefile.am || die - - # See bug #732994 - sed -i \ - -e '/LDFLAGS="/ s:$CPPFLAGS:$LDFLAGS:' \ - configure.ac || die - - # See bug #751472 - eapply "${FILESDIR}/use-printf-in-Makefile.patch" - - eautoreconf -} - -src_configure() { - econf \ - $(use_enable dialogs) \ - $(use_enable p11v220) \ - $(use_enable p11-kit p11kit) \ - $(use_with gtk gtkvers 'detect') \ - --with-gnu-ld \ - --disable-static -} - -src_install() { - default - rm -r "${ED}"/usr/$(get_libdir)/*.la || die - if use gtk; then - domenu plugins_tools/eid-viewer/eid-viewer.desktop - doicon plugins_tools/eid-viewer/gtk/eid-viewer.png - fi -} - -pkg_postinst() { - if use gtk; then - gnome2_schemas_update - xdg_desktop_database_update - xdg_icon_cache_update - - local peimpl=$(eselect --brief --colour=no pinentry show) - case "${peimpl}" in - *gtk*) ;; - *) ewarn "The pinentry front-end currently selected is not supported by eid-mw." - ewarn "You may be prompted for your pin code in an inaccessible shell!!" - ewarn "Please select pinentry-gtk-2 as default pinentry provider:" - ewarn " # eselect pinentry set pinentry-gtk-2" - ;; - esac - fi -} - -pkg_postrm() { - if use gtk; then - gnome2_schemas_update - xdg_desktop_database_update - xdg_icon_cache_update - fi -} diff --git a/app-crypt/eid-mw/files/eid-sign-test-4.4.19.patch b/app-crypt/eid-mw/files/eid-sign-test-4.4.19.patch deleted file mode 100644 index cf59f99a8ea..00000000000 --- a/app-crypt/eid-mw/files/eid-sign-test-4.4.19.patch +++ /dev/null @@ -1,272 +0,0 @@ ---- eid-mw-4.4.19/tests/unit/sign.c 2019-07-11 16:08:46.000000000 +0200 -+++ eid-mw-git/tests/unit/sign.c 2019-08-04 17:40:08.683942928 +0200 -@@ -19,10 +19,13 @@ - **************************************************************************** */ - #ifdef WIN32 - #include <win32.h> -+#pragma pack(push, cryptoki, 1) -+#include "pkcs11.h" -+#pragma pack(pop, cryptoki) - #else - #include <unix.h> --#endif - #include <pkcs11.h> -+#endif - #include <stdio.h> - #include <string.h> - #include <stdlib.h> -@@ -33,66 +36,88 @@ - #include <config.h> - #endif - -+#include <stdbool.h> -+ - #if HAVE_OPENSSL --#include <openssl/rsa.h> -+#include <openssl/opensslv.h> -+#include <openssl/evp.h> - #include <openssl/engine.h> - --#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) --static int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { -- if(!r || !n || !e) { -- return 0; -- } -- r->n = n; -- r->e = e; -- r->d = d; -- return 1; --} --#endif -- --CK_BYTE digest_sha256[] = { -- 0x2c, 0x26, 0xb4, 0x6b, -- 0x68, 0xff, 0xc6, 0x8f, -- 0xf9, 0x9b, 0x45, 0x3c, -- 0x1d, 0x30, 0x41, 0x34, -- 0x13, 0x42, 0x2d, 0x70, -- 0x64, 0x83, 0xbf, 0xa0, -- 0xf9, 0x8a, 0x5e, 0x88, -- 0x62, 0x66, 0xe7, 0xae --}; -- --int verify_sig(unsigned char* sig, CK_ULONG siglen, CK_BYTE_PTR modulus, CK_ULONG modlen, CK_BYTE_PTR exponent, CK_ULONG explen) { -- RSA* rsa = RSA_new(); -- unsigned char* s = malloc(siglen); -- int ret; -- -- RSA_set0_key(rsa, BN_bin2bn(modulus, (int) modlen, NULL), BN_bin2bn(exponent, (int) explen, NULL), NULL); -- -- int v = RSA_verify(NID_sha256, digest_sha256, sizeof(digest_sha256), sig, siglen, rsa); -- -- printf("Signature verification returned: %d\n", v); -- if(!v) { -- unsigned long e = ERR_get_error(); -- printf("error %ld: %s\n", e, ERR_error_string(e, NULL)); -- ret = TEST_RV_FAIL; -- } else { -- ret = TEST_RV_OK; -+// These were copied from eid-test-ca:derencode.c -+int verify_sig(const unsigned char *sig_in, CK_ULONG siglen, const unsigned char *certificate, size_t certlen, bool is_rsa) { -+#if OPENSSL_VERSION_NUMBER > 0x10100000L -+ X509 *cert = NULL; -+ EVP_PKEY *pkey = NULL; -+ EVP_MD_CTX *mdctx; -+ EVP_PKEY_CTX *pctx; -+ const EVP_MD *md = EVP_get_digestbyname("sha256"); -+ unsigned char *sig = (unsigned char*)sig_in; -+ -+ if(d2i_X509(&cert, &certificate, certlen) == NULL) { -+ fprintf(stderr, "E: could not parse X509 certificate\n"); -+ return TEST_RV_FAIL; -+ } -+ pkey = X509_get0_pubkey(cert); -+ if(pkey == NULL) { -+ fprintf(stderr, "E: could not find public key in certificate\n"); -+ return TEST_RV_FAIL; -+ } -+ mdctx = EVP_MD_CTX_new(); -+ if(EVP_DigestVerifyInit(mdctx, &pctx, md, NULL, pkey) != 1) { -+ fprintf(stderr, "E: initialization for signature validation failed!\n"); -+ return TEST_RV_FAIL; -+ } -+ if(EVP_DigestVerifyUpdate(mdctx, (const unsigned char*)"foo", 3) != 1) { -+ fprintf(stderr, "E: hashing for signature failed!\n"); -+ return TEST_RV_FAIL; - } - -- free(s); -- RSA_free(rsa); -- -- return ret; -+ ECDSA_SIG* ec_sig; -+ if(!is_rsa) { -+ BIGNUM *r; -+ BIGNUM *s; -+ ec_sig = ECDSA_SIG_new(); -+ if((r = BN_bin2bn(sig, siglen / 2, NULL)) == NULL) { -+ fprintf(stderr, "E: could not convert R part of ECDSA signature!\n"); -+ return TEST_RV_FAIL; -+ } -+ if((s = BN_bin2bn(sig + (siglen / 2), siglen / 2, NULL)) == NULL) { -+ fprintf(stderr, "E: could not convert S part of ECDSA signature!\n"); -+ return TEST_RV_FAIL; -+ } -+ if(ECDSA_SIG_set0(ec_sig, r, s) == 0) { -+ fprintf(stderr, "E: could not set ECDSA_SIG structure!\n"); -+ return TEST_RV_FAIL; -+ } -+ siglen = i2d_ECDSA_SIG(ec_sig, NULL); -+ unsigned char *dersig = sig = malloc(siglen); -+ siglen = i2d_ECDSA_SIG(ec_sig, &dersig); -+ } -+ if(EVP_DigestVerifyFinal(mdctx, sig, siglen) != 1) { -+ fprintf(stderr, "E: signature fails validation!\n"); -+ return TEST_RV_FAIL; -+ } -+ if(!is_rsa) { -+ free(sig); -+ } -+ printf("signature verified\n"); -+ return TEST_RV_OK; -+#else -+ printf("OpenSSL too old for verification\n"); -+#endif - } -- - #endif - --int test_key(char* label, CK_SESSION_HANDLE session, CK_SLOT_ID slot EIDT_UNUSED) { -+int test_key(char* label, CK_SESSION_HANDLE session, CK_SLOT_ID slot) { - CK_ATTRIBUTE attr[2]; - CK_MECHANISM mech; -+ CK_MECHANISM_TYPE_PTR mechlist; - CK_BYTE data[] = { 'f', 'o', 'o' }; - CK_BYTE_PTR sig, mod, exp; - CK_ULONG sig_len, type, count; -- CK_OBJECT_HANDLE privatekey, publickey; -+ CK_OBJECT_HANDLE privatekey, publickey, certificate; -+ bool is_rsa = false; -+ int i; - - attr[0].type = CKA_CLASS; - attr[0].pValue = &type; -@@ -113,7 +138,22 @@ - return TEST_RV_SKIP; - } - -- mech.mechanism = CKM_SHA256_RSA_PKCS; -+ check_rv(C_GetMechanismList(slot, NULL_PTR, &count)); -+ mechlist = malloc(sizeof(CK_MECHANISM_TYPE) * count); -+#undef CHECK_RV_DEALLOCATE -+#define CHECK_RV_DEALLOCATE free(mechlist) -+ -+ check_rv(C_GetMechanismList(slot, mechlist, &count)); -+ -+ for(i=0; i<count; i++) { -+ if(mechlist[i] == CKM_SHA256_RSA_PKCS) { -+ mech.mechanism = mechlist[i]; -+ i=count; -+ is_rsa = true; -+ break; -+ } -+ } -+ - check_rv(C_SignInit(session, &mech, privatekey)); - - check_rv(C_Sign(session, data, sizeof(data), NULL, &sig_len)); -@@ -124,42 +164,68 @@ - - hex_dump((char*)sig, sig_len); - -- type = CKO_PUBLIC_KEY; -- check_rv(C_FindObjectsInit(session, attr, 2)); -- check_rv(C_FindObjects(session, &publickey, 1, &count)); -- verbose_assert(count == 1); -- check_rv(C_FindObjectsFinal(session)); -+ if(is_rsa) { -+ type = CKO_PUBLIC_KEY; -+ check_rv(C_FindObjectsInit(session, attr, 2)); -+ check_rv(C_FindObjects(session, &publickey, 1, &count)); -+ verbose_assert(count == 1); -+ check_rv(C_FindObjectsFinal(session)); - -- attr[0].type = CKA_MODULUS; -- attr[0].pValue = NULL_PTR; -- attr[0].ulValueLen = 0; -+ attr[0].type = CKA_MODULUS; -+ attr[0].pValue = NULL_PTR; -+ attr[0].ulValueLen = 0; - -- attr[1].type = CKA_PUBLIC_EXPONENT; -- attr[1].pValue = NULL_PTR; -- attr[1].ulValueLen = 0; -+ attr[1].type = CKA_PUBLIC_EXPONENT; -+ attr[1].pValue = NULL_PTR; -+ attr[1].ulValueLen = 0; - -- check_rv(C_GetAttributeValue(session, publickey, attr, 2)); -+ check_rv(C_GetAttributeValue(session, publickey, attr, 2)); - -- verbose_assert(attr[0].ulValueLen == sig_len); -+ verbose_assert(attr[0].ulValueLen == sig_len); - -- mod = malloc(attr[0].ulValueLen); -- mod[0] = 0xde; mod[1] = 0xad; mod[2] = 0xbe; mod[3] = 0xef; -- exp = malloc(attr[1].ulValueLen); -- exp[0] = 0xde; exp[1] = 0xad; exp[2] = 0xbe; exp[3] = 0xef; -+ mod = malloc(attr[0].ulValueLen); -+ mod[0] = 0xde; mod[1] = 0xad; mod[2] = 0xbe; mod[3] = 0xef; -+ exp = malloc(attr[1].ulValueLen); -+ exp[0] = 0xde; exp[1] = 0xad; exp[2] = 0xbe; exp[3] = 0xef; - -- attr[0].pValue = mod; -- attr[1].pValue = exp; -+ attr[0].pValue = mod; -+ attr[1].pValue = exp; - -- check_rv(C_GetAttributeValue(session, publickey, attr, 2)); -+ check_rv(C_GetAttributeValue(session, publickey, attr, 2)); - -- printf("Received key modulus with length %lu:\n", attr[0].ulValueLen); -- hex_dump((char*)mod, attr[0].ulValueLen); -+ printf("Received key modulus with length %lu:\n", attr[0].ulValueLen); -+ hex_dump((char*)mod, attr[0].ulValueLen); - -- printf("Received public exponent of key with length %lu:\n", attr[1].ulValueLen); -- hex_dump((char*)exp, attr[1].ulValueLen); -+ printf("Received public exponent of key with length %lu:\n", attr[1].ulValueLen); -+ hex_dump((char*)exp, attr[1].ulValueLen); -+ } - --#if HAVE_OPENSSL -- return verify_sig(sig, sig_len, mod, attr[0].ulValueLen, exp, attr[1].ulValueLen); -+#if HAVE_OPENSSL && OPENSSL_VERSION_NUMBER > 0x10100000L -+ unsigned char cert[4096]; -+ attr[0].type = CKA_CLASS; -+ attr[0].pValue = &type; -+ type = CKO_CERTIFICATE; -+ attr[0].ulValueLen = sizeof(CK_ULONG); -+ -+ attr[1].type = CKA_LABEL; -+ attr[1].pValue = label; -+ attr[1].ulValueLen = strlen(label); -+ -+ check_rv(C_FindObjectsInit(session, attr, 2)); -+ check_rv(C_FindObjects(session, &certificate, 1, &count)); -+ verbose_assert(count == 1); -+ check_rv(C_FindObjectsFinal(session)); -+ -+ attr[0].type = CKA_VALUE; -+ attr[0].pValue = cert; -+ attr[0].ulValueLen = sizeof(cert); -+ -+ check_rv(C_GetAttributeValue(session, certificate, attr, 1)); -+ -+ printf("Received certificate with length %lu:\n", attr[0].ulValueLen); -+ hex_dump((char*)cert, attr[0].ulValueLen); -+ -+ return verify_sig(sig, sig_len, cert, attr[0].ulValueLen, is_rsa); - #else - return TEST_RV_OK; - #endif diff --git a/app-crypt/eid-mw/metadata.xml b/app-crypt/eid-mw/metadata.xml index 99549db6384..1ef7d1fc920 100644 --- a/app-crypt/eid-mw/metadata.xml +++ b/app-crypt/eid-mw/metadata.xml @@ -28,8 +28,5 @@ These three functions form the basis of the countless applications for your eID. <flag name="p11-kit"> Support for app-crypt/p11-kit. </flag> - <flag name="p11v220"> - Enable PKCS#11 v2.20 features. - </flag> </use> </pkgmetadata>
