sbsigntool: update from 0.9.4 to 0.9.5

* Drop OpenSSL 3 support patch now included upstream
* Rework OE build integration to be a bit cleaner
* Update to use BBCLASSEXTEND for native, instead of
  having a direct -native recipe

Signed-off-by: Matt Madison <matt@madison.systems>

recipes-support/sbsigntool/sbsigntool/0001-Updates-for-OE-cross-builds.patch

@@ -0,0 +1,65 @@
+From 69abde06d5dd8025e375890e3e2bd2e552967ef2 Mon Sep 17 00:00:00 2001
+From: Matt Madison <matt@madison.systems>
+Date: Mon, 20 Jan 2025 06:39:57 -0800
+Subject: [PATCH] Updates for OE cross-builds
+
+Upstream-Status: Inappropriate [oe-specific]
+Signed-off-by: Matt Madison <matt@madison.systems>
+---
+ configure.ac | 34 ++++++++++++----------------------
+ 1 file changed, 13 insertions(+), 23 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 8a5340a..02592e9 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -1,6 +1,6 @@
+ AC_INIT([sbsigntool], [0.9.5], [James.Bottomley@HansenPartnership.com])
+ 
+-AM_INIT_AUTOMAKE()
++AM_INIT_AUTOMAKE([foreign subdir-objects])
+ 
+ AC_PREREQ(2.60)
+ 
+@@ -67,30 +67,20 @@ PKG_CHECK_MODULES(uuid, uuid,
+     AC_MSG_ERROR([libuuid (from the uuid package) is required]))
+ 
+ dnl gnu-efi headers require extra include dirs
+-EFI_ARCH=$(uname -m | sed 's/i.86/ia32/;s/arm.*/arm/')
++if test "x$EFI_ARCH" = "x"; then
++    EFI_ARCH=$(uname -m | sed 's/i.86/ia32/;s/arm.*/arm/')
++fi
+ AM_CONDITIONAL(TEST_BINARY_FORMAT, [ test "$EFI_ARCH" = "arm" -o "$EFI_ARCH" = "aarch64" -o "$EFI_ARCH" = riscv64 ])
+ 
+-##
+-# no consistent view of where gnu-efi should dump the efi stuff, so find it
+-##
+-for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi ; do
+-    if test -e $path/crt0-efi-$EFI_ARCH.o; then
+-       CRTPATH=$path
+-    fi
+-done
+-if test -z "$CRTPATH"; then
+-   AC_MSG_ERROR([cannot find the gnu-efi crt path])
+-fi
++PKG_CHECK_MODULES([GNUEFI], [gnu-efi],,
++			   AC_MSG_ERROR([gnu-efi not found]))
++PKG_CHECK_VAR([GNUEFI_LIBDIR], [gnu-efi], [libdir],
++			       [CRTPATH="$GNUEFI_LIBDIR/crt0-efi-$EFI_ARCH.o"],
++			       AC_MSG_ERROR([no libdir set for gnu-efi]))
+ 
+-EFI_CPPFLAGS="-I/usr/include/efi -I/usr/include/efi/$EFI_ARCH \
+- -DEFI_FUNCTION_WRAPPER"
+-CPPFLAGS_save="$CPPFLAGS"
+-CPPFLAGS="$CPPFLAGS $EFI_CPPFLAGS"
+-AC_CHECK_HEADERS([efi.h], [], [], $EFI_INCLUDES)
+-CPPFLAGS="$CPPFLAGS_save"
+-AC_SUBST(EFI_CPPFLAGS, $EFI_CPPFLAGS)
+-AC_SUBST(EFI_ARCH, $EFI_ARCH)
+-AC_SUBST(CRTPATH, $CRTPATH)
++AC_SUBST([EFI_CPPFLAGS], [$GNUEFI_CFLAGS -DEFI_FUNCTION_WRAPPER])
++AC_SUBST([EFI_ARCH])
++AC_SUBST([CRTPATH])
+ 
+ AC_CONFIG_FILES([Makefile src/Makefile lib/ccan/Makefile]
+ 		[docs/Makefile tests/Makefile])

recipes-support/sbsigntool/sbsigntool/0001-configure-Fixup-build-dependencies-for-cross-compili.patch

@@ -1,54 +0,0 @@
-From c3533b8da1e1425801d2fc0bcd231e13d593f16b Mon Sep 17 00:00:00 2001
-From: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
-Date: Tue, 19 Feb 2019 20:07:45 +0800
-Subject: [PATCH] configure: Fixup build dependencies for cross-compiling
-
-When cross-compiling, custom header files and libraries need to be
-specified. sbsign assumes that all the dependencies are located
-under /usr/include and /usr/lib.
-
-Prepend these paths with a placeholder that can be replaced with the
-actual paths once they are resolved.
-
-Upstream-Status: Inappropriate [OE specific]
-
-Signed-off-by: Ricardo Neri <ricardo.neri-calderon@linux.intel.com>
-
-Taken from :
-https://github.com/intel/luv-yocto/tree/master/meta-luv/recipes-devtools/sbsigntool/sbsigntool
-
-Corrected typo error and ported to version 0.9.2
-
-Signed-off-by: Naveen Saini <naveen.kumar.saini@intel.com>
----
- configure.ac | 7 +++++--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
-diff --git a/configure.ac b/configure.ac
-index 1459e91..3e34c8d 100644
---- a/configure.ac
-+++ b/configure.ac
-@@ -70,7 +70,10 @@ AM_CONDITIONAL(TEST_BINARY_FORMAT, [ test "$EFI_ARCH" = "arm" -o "$EFI_ARCH" = "
- ##
- # no consistent view of where gnu-efi should dump the efi stuff, so find it
- ##
--for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi ; do
-+for path in RECIPE_SYSROOT/lib RECIPE_SYSROOT/lib64 RECIPE_SYSROOT/usr/lib \
-+            RECIPE_SYSROOT/usr/lib64 RECIPE_SYSROOT/usr/lib32 \
-+            RECIPE_SYSROOT/lib/efi RECIPE_SYSROOT/lib64/efi \
-+            RECIPE_SYSROOT/usr/lib/efi RECIPE_SYSROOT/usr/lib64/efi; do
-     if test -e $path/crt0-efi-$EFI_ARCH.o; then
-        CRTPATH=$path
-     fi
-@@ -79,7 +82,7 @@ if test -z "$CRTPATH"; then
-    AC_MSG_ERROR([cannot find the gnu-efi crt path])
- fi
- 
--EFI_CPPFLAGS="-I/usr/include/efi -I/usr/include/efi/$EFI_ARCH \
-+EFI_CPPFLAGS="-IRECIPE_SYSROOT/usr/include/efi -IRECIPE_SYSROOT/usr/include/efi/$EFI_ARCH \
-  -DEFI_FUNCTION_WRAPPER"
- CPPFLAGS_save="$CPPFLAGS"
- CPPFLAGS="$CPPFLAGS $EFI_CPPFLAGS"
--- 
-2.7.4
-

recipes-support/sbsigntool/sbsigntool/0002-ccan-simplify-SCOREDIR.patch

@@ -0,0 +1,28 @@
+From 9d95c153a0a2dde657a44b9a6cbf4c50543aacc0 Mon Sep 17 00:00:00 2001
+From: Matt Madison <matt@madison.systems>
+Date: Mon, 20 Jan 2025 06:19:07 -0800
+Subject: [PATCH] ccan: simplify SCOREDIR
+
+For OE builds we don't use 'make scores' anyway, and the
+shell callouts in setting that variable cause messages
+about commands that aren't available in the build tree.
+
+Upstream-Status: Inappropriate [oe-specific]
+Signed-off-by: Matt Madison <matt@madison.systems>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 13aa195d..b44125f6 100644
+--- a/Makefile
++++ b/Makefile
+@@ -15,7 +15,7 @@
+ EXCLUDE=wwviaudio ogg_to_pcm jmap jset nfs
+ 
+ # Where make scores puts the results
+-SCOREDIR=scores/$(shell whoami)/$(shell uname -s)-$(shell uname -m)-$(CC)-$(shell git describe --always --dirty)
++SCOREDIR=scores
+ 
+ ALL=$(filter-out $(EXCLUDE), $(REALLY_ALL))
+ 

recipes-support/sbsigntool/sbsigntool/0002-fix-openssl-3-0.patch

@@ -1,32 +0,0 @@
-Use ASN1_ITEM_rptr() instead of taking the address of IDC_PEID_it.
-
-openssl-3.0 changed the type of TYPE_it from `const ASN1_ITEM TYPE_it` to
-`const ASN1_ITEM *TYPE_it(void)`. This was previously hidden behind
-OPENSSL_EXPORT_VAR_AS_FUNCTION but in 3.0 only the function version is
-available. This change should have been transparent to the application, but
-only if the `ASN1_ITEM_rptr()` macro is used.
-
-This change passes `make check` with both openssl 1.1 and 3.0.
-
-Signed-off-by: Jeremi Piotrowski <jpiotrowski@microsoft.com>
-Upstream-Status: Submitted [https://groups.io/g/sbsigntools/topic/patch_fix_openssl_3_0_issue/85903418]
----
- src/idc.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/idc.c b/src/idc.c
-index 6d87bd4..0a82218 100644
---- a/src/idc.c
-+++ b/src/idc.c
-@@ -189,7 +189,7 @@ int IDC_set(PKCS7 *p7, PKCS7_SIGNER_INFO *si, struct image *image)
-
- 	idc->data->type = OBJ_nid2obj(peid_nid);
- 	idc->data->value = ASN1_TYPE_new();
--	type_set_sequence(image, idc->data->value, peid, &IDC_PEID_it);
-+	type_set_sequence(image, idc->data->value, peid, ASN1_ITEM_rptr(IDC_PEID));
-
-         idc->digest->alg->parameter = ASN1_TYPE_new();
-         idc->digest->alg->algorithm = OBJ_nid2obj(NID_sha256);
---
-2.25.1
-

recipes-support/sbsigntool/sbsigntool_git.bb

@@ -21,50 +21,36 @@ LIC_FILES_CHKSUM = "file://LICENSE.GPLv3;md5=9eef91148a9b14ec7f9df333daebc746 \
 # not been maintained and many patches have been backported in this repo.
 SRC_URI = "git://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git;protocol=https;name=sbsigntools;branch=master \
            git://github.com/rustyrussell/ccan.git;protocol=https;destsuffix=git/lib/ccan.git;name=ccan;branch=master \
-           file://0001-configure-Fixup-build-dependencies-for-cross-compili.patch \
-           file://0002-fix-openssl-3-0.patch \
-          "
+           file://0001-Updates-for-OE-cross-builds.patch \
+           file://0002-ccan-simplify-SCOREDIR.patch;patchdir=lib/ccan.git \
+           "
 
-SRCREV_sbsigntools  ?= "f12484869c9590682ac3253d583bf59b890bb826"
+SRCREV_sbsigntools  ?= "9cfca9fe7aa7a8e29b92fe33ce8433e212c9a8ba"
 SRCREV_ccan         ?= "b1f28e17227f2320d07fe052a8a48942fe17caa5"
 SRCREV_FORMAT       =  "sbsigntools_ccan"
 
-DEPENDS = "binutils-native gnu-efi-native help2man-native openssl-native util-linux-native"
+DEPENDS = "binutils-native gnu-efi help2man-native openssl util-linux"
 
-PV = "0.9.4-git"
+PV = "0.9.5-git"
 
 S = "${WORKDIR}/git"
 
 inherit autotools pkgconfig
-inherit_defer native
 
-do_configure:prepend() {
-	cd ${S}
+SBSIGN_SEARCH_BASE = "${RECIPE_SYSROOT}"
+SBSIGN_SEARCH_BASE:class-native = "${RECIPE_SYSROOT_NATIVE}"
 
-	sed -i s#RECIPE_SYSROOT#${RECIPE_SYSROOT_NATIVE}#g configure.ac
+EXTRA_OECONF = "EFI_ARCH=${@efi_arch(d)}"
 
-	if [ ! -e lib/ccan ]; then
-
-		# Use empty SCOREDIR because 'make scores' is not run.
-		# The default setting depends on (non-whitelisted) host tools.
-		sed -i -e 's#^\(SCOREDIR=\).*#\1#' lib/ccan.git/Makefile
-
-		lib/ccan.git/tools/create-ccan-tree \
-		--build-type=automake lib/ccan \
+do_configure() {
+    rm -rf ${S}/lib/ccan
+    oldwd="$PWD"
+    cd ${S}
+    ./lib/ccan.git/tools/create-ccan-tree \
+    		--build-type=automake ${S}/lib/ccan \
 		talloc read_write_all build_assert array_size endian
-	fi
-
-	# Create generatable docs from git
-	(
-	 echo "Authors of sbsigntool:"
-	 echo
-	 git log --format='%an' | sort -u | sed 's,^,\t,'
-	) > AUTHORS
-
-	# Generate simple ChangeLog
-	git log --date=short --format='%ad %t %an <%ae>%n%n  * %s%n' > ChangeLog
-
-	cd ${B}
+    cd "$oldwd"
+    autotools_do_configure
 }
 
 def efi_arch(d):
@@ -74,11 +60,4 @@ def efi_arch(d):
         return "ia32"
     return harch
 
-EXTRA_OEMAKE = "\
-    INCLUDES+='-I${S}/lib/ccan.git/ \
-              -I${STAGING_INCDIR_NATIVE}/efi \
-              -I${STAGING_INCDIR_NATIVE} \
-              -I${STAGING_INCDIR_NATIVE}/efi/${@efi_arch(d)}' \
-    "
-
-CFLAGS:append = " -Wno-error"
+BBCLASSEXTEND = "native"