package/mokutil: new package

mokutil is a tool to import or delete the machines owner keys (MOK) stored in the database of shim. "shim" is the first stage bootloader to support UEFI Secure Boot. See also the "shim" package in the bootloaders section. https://github.com/lcp/mokutil Signed-off-by: Julien Olivain <ju.o@free.fr> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2024-03-10 16:10:36 +01:00 · 2024-03-10 16:10:36 +01:00 · 2e6e121496
commit 2e6e121496
parent 0f0660ad2d
5 changed files with 57 additions and 0 deletions
--- a/1
+++ b/1
@ -1752,6 +1752,7 @@ F:	package/gnupg2/
 F:	package/highway/
 F:	package/kexec/
 F:	package/libjxl/
+F:	package/mokutil/
 F:	package/octave/
 F:	package/ola/
 F:	package/openblas/
--- a/package/Config.in
+++ b/package/Config.in
@ -2776,6 +2776,7 @@ menu "System tools"
 	source "package/mender-grubenv/Config.in"
 	source "package/mfoc/Config.in"
 	source "package/moby-buildkit/Config.in"
+	source "package/mokutil/Config.in"
 	source "package/monit/Config.in"
 	source "package/multipath-tools/Config.in"
 	source "package/ncdu/Config.in"
--- a/package/mokutil/Config.in
+++ b/package/mokutil/Config.in
@ -0,0 +1,33 @@
+config BR2_PACKAGE_MOKUTIL
+	bool "mokutil"
+	# We're not selecting shim, but this package only makes sense
+	# on architectures on which shim is supported
+	depends on BR2_PACKAGE_SHIM_ARCH_SUPPORTS
+	depends on BR2_PACKAGE_EFIVAR_ARCH_SUPPORTS
+	depends on BR2_USE_MMU # keyutils
+	depends on !BR2_STATIC_LIBS # efivar, keyutils
+	depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_MIPS # efivar
+	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 # efivar
+	depends on BR2_TOOLCHAIN_HAS_THREADS # efivar
+	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_12 # efivar
+	select BR2_PACKAGE_EFIVAR
+	select BR2_PACKAGE_KEYUTILS
+	select BR2_PACKAGE_OPENSSL
+	help
+	  mokutil is a tool to import or delete the machines owner
+	  keys (MOK) stored in the database of shim.
+
+	  "shim" is the first stage bootloader to support UEFI Secure
+	  Boot. See also the "shim" package in the bootloaders
+	  section.
+
+	  https://github.com/lcp/mokutil
+
+comment "mokutil needs a toolchain w/ dynamic library, threads, gcc >= 4.9, headers >= 3.12"
+	depends on BR2_PACKAGE_EFIVAR_ARCH_SUPPORTS
+	depends on BR2_PACKAGE_SHIM_ARCH_SUPPORTS
+	depends on BR2_USE_MMU
+	depends on BR2_STATIC_LIBS || \
+		BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 || \
+		!BR2_TOOLCHAIN_HAS_THREADS || \
+		BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_12
--- a/package/mokutil/mokutil.hash
+++ b/package/mokutil/mokutil.hash
@ -0,0 +1,3 @@
+# Locally calculated
+sha256  1c0bcba3d2f4ab98235b1edb5eb71b40508f79d93d3e28b1a04b7fbd4a2c1457  mokutil-0.7.1.tar.gz
+sha256  8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING
--- a/package/mokutil/mokutil.mk
+++ b/package/mokutil/mokutil.mk
@ -0,0 +1,19 @@
+################################################################################
+#
+# mokutil
+#
+################################################################################
+
+MOKUTIL_VERSION = 0.7.1
+MOKUTIL_SITE = $(call github,lcp,mokutil,$(MOKUTIL_VERSION))
+MOKUTIL_LICENSE = GPL-3.0+
+MOKUTIL_LICENSE_FILES = COPYING
+MOKUTIL_AUTORECONF = YES
+
+MOKUTIL_DEPENDENCIES = \
+	efivar \
+	host-pkgconf \
+	keyutils \
+	openssl
+
+$(eval $(autotools-package))