From 2e6e121496bfcbe09c018558be13733077b6df9b Mon Sep 17 00:00:00 2001
From: Julien Olivain <ju.o@free.fr>
Date: Sun, 10 Mar 2024 16:10:36 +0100
Subject: [PATCH] package/mokutil: new package

mokutil is a tool to import or delete the machines owner
keys (MOK) stored in the database of shim.

"shim" is the first stage bootloader to support UEFI Secure
Boot. See also the "shim" package in the bootloaders
section.

https://github.com/lcp/mokutil

Signed-off-by: Julien Olivain <ju.o@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
---
 DEVELOPERS                   |  1 +
 package/Config.in            |  1 +
 package/mokutil/Config.in    | 33 +++++++++++++++++++++++++++++++++
 package/mokutil/mokutil.hash |  3 +++
 package/mokutil/mokutil.mk   | 19 +++++++++++++++++++
 5 files changed, 57 insertions(+)
 create mode 100644 package/mokutil/Config.in
 create mode 100644 package/mokutil/mokutil.hash
 create mode 100644 package/mokutil/mokutil.mk

diff --git a/DEVELOPERS b/DEVELOPERS
index b282d64508..456e2b87ce 100644
--- a/DEVELOPERS
+++ b/DEVELOPERS
@@ -1752,6 +1752,7 @@ F:	package/gnupg2/
 F:	package/highway/
 F:	package/kexec/
 F:	package/libjxl/
+F:	package/mokutil/
 F:	package/octave/
 F:	package/ola/
 F:	package/openblas/
diff --git a/package/Config.in b/package/Config.in
index 190b100609..c7bad67553 100644
--- a/package/Config.in
+++ b/package/Config.in
@@ -2776,6 +2776,7 @@ menu "System tools"
 	source "package/mender-grubenv/Config.in"
 	source "package/mfoc/Config.in"
 	source "package/moby-buildkit/Config.in"
+	source "package/mokutil/Config.in"
 	source "package/monit/Config.in"
 	source "package/multipath-tools/Config.in"
 	source "package/ncdu/Config.in"
diff --git a/package/mokutil/Config.in b/package/mokutil/Config.in
new file mode 100644
index 0000000000..3f0c760f7d
--- /dev/null
+++ b/package/mokutil/Config.in
@@ -0,0 +1,33 @@
+config BR2_PACKAGE_MOKUTIL
+	bool "mokutil"
+	# We're not selecting shim, but this package only makes sense
+	# on architectures on which shim is supported
+	depends on BR2_PACKAGE_SHIM_ARCH_SUPPORTS
+	depends on BR2_PACKAGE_EFIVAR_ARCH_SUPPORTS
+	depends on BR2_USE_MMU # keyutils
+	depends on !BR2_STATIC_LIBS # efivar, keyutils
+	depends on !BR2_TOOLCHAIN_EXTERNAL_CODESOURCERY_MIPS # efivar
+	depends on BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 # efivar
+	depends on BR2_TOOLCHAIN_HAS_THREADS # efivar
+	depends on BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_12 # efivar
+	select BR2_PACKAGE_EFIVAR
+	select BR2_PACKAGE_KEYUTILS
+	select BR2_PACKAGE_OPENSSL
+	help
+	  mokutil is a tool to import or delete the machines owner
+	  keys (MOK) stored in the database of shim.
+
+	  "shim" is the first stage bootloader to support UEFI Secure
+	  Boot. See also the "shim" package in the bootloaders
+	  section.
+
+	  https://github.com/lcp/mokutil
+
+comment "mokutil needs a toolchain w/ dynamic library, threads, gcc >= 4.9, headers >= 3.12"
+	depends on BR2_PACKAGE_EFIVAR_ARCH_SUPPORTS
+	depends on BR2_PACKAGE_SHIM_ARCH_SUPPORTS
+	depends on BR2_USE_MMU
+	depends on BR2_STATIC_LIBS || \
+		BR2_TOOLCHAIN_GCC_AT_LEAST_4_9 || \
+		!BR2_TOOLCHAIN_HAS_THREADS || \
+		BR2_TOOLCHAIN_HEADERS_AT_LEAST_3_12
diff --git a/package/mokutil/mokutil.hash b/package/mokutil/mokutil.hash
new file mode 100644
index 0000000000..86555e6f4d
--- /dev/null
+++ b/package/mokutil/mokutil.hash
@@ -0,0 +1,3 @@
+# Locally calculated
+sha256  1c0bcba3d2f4ab98235b1edb5eb71b40508f79d93d3e28b1a04b7fbd4a2c1457  mokutil-0.7.1.tar.gz
+sha256  8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903  COPYING
diff --git a/package/mokutil/mokutil.mk b/package/mokutil/mokutil.mk
new file mode 100644
index 0000000000..6e83d9f138
--- /dev/null
+++ b/package/mokutil/mokutil.mk
@@ -0,0 +1,19 @@
+################################################################################
+#
+# mokutil
+#
+################################################################################
+
+MOKUTIL_VERSION = 0.7.1
+MOKUTIL_SITE = $(call github,lcp,mokutil,$(MOKUTIL_VERSION))
+MOKUTIL_LICENSE = GPL-3.0+
+MOKUTIL_LICENSE_FILES = COPYING
+MOKUTIL_AUTORECONF = YES
+
+MOKUTIL_DEPENDENCIES = \
+	efivar \
+	host-pkgconf \
+	keyutils \
+	openssl
+
+$(eval $(autotools-package))