Add support for GnuPG2

Makefile

@@ -393,6 +393,8 @@ bin_modules-$(CONFIG_PCIUTILS) += pciutils
 bin_modules-$(CONFIG_FLASHROM) += flashrom
 bin_modules-$(CONFIG_CRYPTSETUP) += cryptsetup
 bin_modules-$(CONFIG_GPG) += gpg
+bin_modules-$(CONFIG_GPG2) += gpg2
+bin_modules-$(CONFIG_PINENTRY) += pinentry
 bin_modules-$(CONFIG_LVM2) += lvm2
 bin_modules-$(CONFIG_DROPBEAR) += dropbear
 bin_modules-$(CONFIG_FLASHTOOLS) += flashtools

boards/librem13v2/librem13v2.config

@@ -7,6 +7,7 @@ CONFIG_CRYPTSETUP=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
 CONFIG_GPG=y
+CONFIG_GPG2=y
 CONFIG_KEXEC=y
 CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y

boards/librem15v3/librem15v3.config

@@ -9,6 +9,7 @@ CONFIG_CRYPTSETUP=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
 CONFIG_GPG=y
+CONFIG_GPG2=y
 CONFIG_KEXEC=y
 CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y

boards/qemu-coreboot/qemu-coreboot.config

@@ -17,7 +17,7 @@ CONFIG_FLASHROM=y
 CONFIG_PCIUTILS=y
 CONFIG_UTIL_LINUX=y
 CONFIG_CRYPTSETUP=y
-CONFIG_GPG=y
+CONFIG_GPG2=y
 CONFIG_LVM2=y
 CONFIG_MBEDTLS=y
 CONFIG_DROPBEAR=y

boards/qemu-linuxboot/qemu-linuxboot.config

@@ -18,7 +18,7 @@ endif
 
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
-CONFIG_GPG=y
+CONFIG_GPG2=y
 CONFIG_KEXEC=y
 CONFIG_UTIL_LINUX=y
 CONFIG_DROPBEAR=y

boards/x230/x230.config

@@ -6,7 +6,7 @@ CONFIG_LINUX_CONFIG=config/linux-x230.config
 CONFIG_CRYPTSETUP=y
 CONFIG_FLASHROM=y
 CONFIG_FLASHTOOLS=y
-CONFIG_GPG=y
+CONFIG_GPG2=y
 CONFIG_KEXEC=y
 CONFIG_UTIL_LINUX=y
 CONFIG_LVM2=y

config/linux-kgpe-d16.config

@@ -64,6 +64,7 @@ CONFIG_PCI_PRI=y
 # CONFIG_COREDUMP is not set
 CONFIG_NET=y
 CONFIG_PACKET=y
+CONFIG_UNIX=y
 CONFIG_INET=y
 CONFIG_SYN_COOKIES=y
 # CONFIG_INET_XFRM_MODE_TRANSPORT is not set

config/linux-librem13v2.config

@@ -63,6 +63,7 @@ CONFIG_PCI_PRI=y
 # CONFIG_COREDUMP is not set
 CONFIG_NET=y
 CONFIG_PACKET=y
+CONFIG_UNIX=y
 CONFIG_INET=y
 CONFIG_SYN_COOKIES=y
 # CONFIG_INET_XFRM_MODE_TRANSPORT is not set

config/linux-linuxboot.config

@@ -84,6 +84,7 @@ CONFIG_PCI_PRI=y
 CONFIG_IA32_EMULATION=y
 CONFIG_NET=y
 CONFIG_PACKET=y
+CONFIG_UNIX=y
 CONFIG_INET=y
 CONFIG_SYN_COOKIES=y
 # CONFIG_INET_XFRM_MODE_TRANSPORT is not set

config/linux-qemu.config

@@ -69,6 +69,7 @@ CONFIG_PCI_PRI=y
 CONFIG_IA32_EMULATION=y
 CONFIG_NET=y
 CONFIG_PACKET=y
+CONFIG_UNIX=y
 CONFIG_INET=y
 CONFIG_SYN_COOKIES=y
 # CONFIG_INET_XFRM_MODE_TRANSPORT is not set

config/linux-x230.config

@@ -64,6 +64,7 @@ CONFIG_PCI_PRI=y
 # CONFIG_COREDUMP is not set
 CONFIG_NET=y
 CONFIG_PACKET=y
+CONFIG_UNIX=y
 CONFIG_INET=y
 CONFIG_SYN_COOKIES=y
 # CONFIG_INET_XFRM_MODE_TRANSPORT is not set

initrd/.gnupg/gpg-agent.conf

@@ -0,0 +1,3 @@
+scdaemon-program /bin/scdaemon
+pinentry-program /bin/pinentry-tty
+daemon

initrd/.gnupg/gpg.conf

@@ -0,0 +1 @@
+use-agent

initrd/bin/flash-gui.sh

@@ -139,10 +139,10 @@ while true; do
 
           cat $PUBKEY | gpg --import
           cp $ROM /tmp/gpg-gui.rom
-          if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg") then
-            cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.gpg"
+          if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.kbx") then
+            cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.kbx"
           fi
-          cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg
+          cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx
 
           if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/trustdb.gpg") then
             cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/trustdb.gpg"
@@ -180,10 +180,10 @@ while true; do
           fi
 
           cat $PUBKEY | gpg --import
-          if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.gpg") then
-            cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.gpg"
+          if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/pubring.kbx") then
+            cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/pubring.kbx"
           fi
-          cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.gpg" -f /.gnupg/pubring.gpg
+          cbfs -o /tmp/gpg-gui.rom -a "heads/initrd/.gnupg/pubring.kbx" -f /.gnupg/pubring.kbx
 
           if (cbfs -o /tmp/gpg-gui.rom -l | grep -q "heads/initrd/.gnupg/trustdb.gpg") then
             cbfs -o /tmp/gpg-gui.rom -d "heads/initrd/.gnupg/trustdb.gpg"

initrd/init

@@ -57,6 +57,10 @@ fi
 if [ "$CONFIG_LINUXBOOT" = "y" ]; then
 	/bin/uefi-init
 fi
+
+# Set GPG_TTY before calling gpg in key-init
+export GPG_TTY=$(tty)
+
 /bin/key-init
 
 # Setup recovery serial shell

modules/gpg2

@@ -0,0 +1,60 @@
+modules-$(CONFIG_GPG2) += gpg2
+
+gpg2_version := 2.2.10
+gpg2_dir := gnupg-$(gpg2_version)
+gpg2_tar := gnupg-$(gpg2_version).tar.bz2
+gpg2_url := https://www.gnupg.org/ftp/gcrypt/gnupg/$(gpg2_tar)
+gpg2_hash := 799dd37a86a1448732e339bd20440f4f5ee6e69755f6fd7a73ee8af30840c915
+
+# For reproducibility reasons we have to override the exec_prefix
+# and datarootdir on the configure line so that the Makefiles will
+# be generated with the correct paths, but then re-write them when
+# we use the install target so that they will be copied to the correct
+# location.
+gpg2_configure := ./configure \
+	$(CROSS_TOOLS) \
+	CPPFLAGS="-I$(INSTALL)/include/libusb-1.0" \
+	--host x86_64-linux-musl \
+	--with-libusb="$(INSTALL)" \
+	--with-libgpg-error-prefix="$(INSTALL)" \
+	--with-libgcrypt-prefix="$(INSTALL)" \
+	--with-libassuan-prefix="$(INSTALL)" \
+	--with-ksba-prefix="$(INSTALL)" \
+	--with-npth-prefix="$(INSTALL)" \
+	--prefix "/" \
+	--libexecdir "/bin" \
+	--enable-scdaemon \
+	--enable-ccid-driver \
+	--disable-tofu \
+	--disable-rpath \
+        --disable-regex \
+        --disable-doc \
+	--disable-bzip2 \
+	--disable-asm \
+	--disable-exec \
+	--disable-photo-viewers \
+	--disable-keyserver-helpers \
+	--disable-ldap \
+	--disable-hkp \
+	--disable-finger \
+	--disable-dns-srv \
+	--disable-dns-cert \
+	--disable-regex \
+	--disable-nls \
+	--disable-all-tests \
+	--disable-wks-server \
+	--disable-wks-tools \
+	--disable-gnutls \
+	--disable-dirmngr \
+
+# Run one build to generate the executables with the pre-defined
+# exec_prefix and datarootdir, then a second make to install the binaries
+# into our actual target location
+gpg2_target := $(MAKE_JOBS) \
+	&& $(MAKE) -C $(build)/$(gpg2_dir) \
+		DESTDIR="$(INSTALL)" \
+		install
+
+gpg2_output := g10/gpg agent/gpg-agent scd/scdaemon
+
+gpg2_depends := libgpg-error libgcrypt libksba libassuan npth libusb-compat $(musl_dep)

modules/libassuan

@@ -0,0 +1,24 @@
+modules-$(CONFIG_GPG2) += libassuan
+libassuan_version := 2.5.1
+libassuan_dir := libassuan-$(libassuan_version)
+libassuan_tar := libassuan-$(libassuan_version).tar.bz2
+libassuan_url := https://gnupg.org/ftp/gcrypt/libassuan/$(libassuan_tar)
+libassuan_hash := 47f96c37b4f2aac289f0bc1bacfa8bd8b4b209a488d3d15e2229cb6cc9b26449
+
+libassuan_configure := ./configure \
+	$(CROSS_TOOLS) \
+	--host x86_64-linux-musl \
+	--prefix "/" \
+	--disable-static \
+	--disable-nls \
+	--with-libgpg-error-prefix="$(INSTALL)" \
+	--disable-asm \
+
+libassuan_target := $(MAKE_JOBS) \
+	DESTDIR="$(INSTALL)" \
+	$(CROSS_TOOLS) \
+	install \
+
+libassuan_libraries := src/.libs/libassuan.so.0
+
+libassuan_depends := libgpg-error $(musl_dep)

modules/libgcrypt

@@ -0,0 +1,24 @@
+modules-$(CONFIG_GPG2) += libgcrypt
+libgcrypt_version := 1.8.3
+libgcrypt_dir := libgcrypt-$(libgcrypt_version)
+libgcrypt_tar := libgcrypt-$(libgcrypt_version).tar.bz2
+libgcrypt_url := https://gnupg.org/ftp/gcrypt/libgcrypt/$(libgcrypt_tar)
+libgcrypt_hash := 66ec90be036747602f2b48f98312361a9180c97c68a690a5f376fa0f67d0af7c
+
+libgcrypt_configure := ./configure \
+	$(CROSS_TOOLS) \
+	--host=x86_64-linux-musl \
+	--prefix "/" \
+	--disable-static \
+	--with-libgpg-error-prefix="$(INSTALL)" \
+	--disable-asm \
+	--disable-nls \
+
+libgcrypt_target := $(MAKE_JOBS) \
+	DESTDIR="$(INSTALL)" \
+	$(CROSS_TOOLS) \
+	install \
+
+libgcrypt_libraries := src/.libs/libgcrypt.so.20
+
+libgcrypt_depends := libgpg-error $(musl_dep)

modules/libgpg-error

@@ -0,0 +1,26 @@
+modules-$(CONFIG_GPG2) += libgpg-error
+libgpg-error_version := 1.32
+libgpg-error_dir := libgpg-error-$(libgpg-error_version)
+libgpg-error_tar := libgpg-error-$(libgpg-error_version).tar.bz2
+libgpg-error_url := https://gnupg.org/ftp/gcrypt/libgpg-error/$(libgpg-error_tar)
+libgpg-error_hash := c345c5e73cc2332f8d50db84a2280abfb1d8f6d4f1858b9daa30404db44540ca
+
+libgpg-error_configure := ./configure \
+	$(CROSS_TOOLS) \
+	--prefix "/" \
+	--host=x86_64-linux-musl \
+	--disable-static \
+	--disable-nls \
+	--disable-languages \
+	--disable-doc \
+	--disable-tests \
+	--disable-asm \
+
+libgpg-error_target := $(MAKE_JOBS) \
+	DESTDIR="$(INSTALL)" \
+	$(CROSS_TOOLS) \
+	install \
+
+libgpg-error_libraries := src/.libs/libgpg-error.so.0
+
+libgpg-error_depends := $(musl_dep)

modules/libksba

@@ -0,0 +1,24 @@
+modules-$(CONFIG_GPG2) += libksba
+libksba_version := 1.3.5
+libksba_dir := libksba-$(libksba_version)
+libksba_tar := libksba-$(libksba_version).tar.bz2
+libksba_url := https://gnupg.org/ftp/gcrypt/libksba/$(libksba_tar)
+libksba_hash := 41444fd7a6ff73a79ad9728f985e71c9ba8cd3e5e53358e70d5f066d35c1a340
+
+libksba_configure := ./configure \
+	$(CROSS_TOOLS) \
+	--host x86_64-linux-musl \
+	--prefix "/" \
+	--disable-static \
+	--disable-nls \
+	--with-libgpg-error-prefix="$(INSTALL)" \
+	--disable-asm \
+
+libksba_target := $(MAKE_JOBS) \
+	DESTDIR="$(INSTALL)" \
+	$(CROSS_TOOLS) \
+	install \
+
+libksba_libraries := src/.libs/libksba.so.8
+
+libksba_depends := libgpg-error $(musl_dep)

modules/libusb

@@ -1,21 +1,24 @@
 # GPG with Yubikey support requires libusb
 modules-$(CONFIG_GPG) += libusb
+modules-$(CONFIG_GPG2) += libusb
 
 libusb_version := 1.0.21
 libusb_dir := libusb-$(libusb_version)
 libusb_tar := libusb-$(libusb_version).tar.bz2
 libusb_url := https://downloads.sourceforge.net/project/libusb/libusb-1.0/libusb-$(libusb_version)/$(libusb_tar)
 libusb_hash := 7dce9cce9a81194b7065ee912bcd55eeffebab694ea403ffb91b67db66b1824b
 
-libusb_configure := ./configure \
-	$(CROSS_TOOLS) \
-	--host i386-elf-linux \
-	--prefix "/" \
-	--disable-udev \
+libusb_configure := ./configure\
+	$(CROSS_TOOLS)\
+	--host i386-elf-linux\
+	--prefix "/"\
+	--disable-udev\
+	--disable-tests\
 
 # Run one build to generate the executables with the pre-defined
 # exec_prefix and datarootdir, then a second make to install the binaries
 # into our actual target location
+
 libusb_target := $(MAKE_JOBS) \
 	DESTDIR="$(INSTALL)" \
 	$(CROSS_TOOLS) \

modules/libusb-compat

@@ -1,7 +1,9 @@
 # GPG 1.4.21 uses an old version of libusb, which
 # is emulated with the compatibility library.
 # This is a bit of a hack to set it up.
+
 modules-$(CONFIG_GPG) += libusb-compat
+modules-$(CONFIG_GPG2) += libusb-compat
 
 libusb-compat_version := 0.1.5
 libusb-compat_dir := libusb-compat-$(libusb-compat_version)

modules/npth

@@ -0,0 +1,24 @@
+modules-$(CONFIG_GPG2) += npth
+npth_version := 1.6
+npth_dir := npth-$(npth_version)
+npth_tar := npth-$(npth_version).tar.bz2
+npth_url := https://gnupg.org/ftp/gcrypt/npth/$(npth_tar)
+npth_hash := 1393abd9adcf0762d34798dc34fdcf4d0d22a8410721e76f1e3afcd1daa4e2d1
+
+npth_configure := ./configure \
+	$(CROSS_TOOLS) \
+	--host x86_64-linux-musl \
+	--prefix "/" \
+	--disable-static \
+	--disable-nls \
+	--with-libgpg-error-prefix="$(INSTALL)" \
+	--disable-asm \
+
+npth_target := $(MAKE_JOBS) \
+	DESTDIR="$(INSTALL)" \
+	$(CROSS_TOOLS) \
+	install \
+
+npth_libraries := src/.libs/libnpth.so.0
+
+npth_depends := libgpg-error $(musl_dep)