so, I've masked version 0.9.1-r1 as it didn't compile for me either way. with that said, sbsigntools-0.6-r2 with the RDEPENDS set to RDEPEND=" || ( dev-libs/openssl:0= dev-libs/libressl:0= ) sys-apps/util-linux" doesn't seem to complain. Is there a reason why it hard depends on openssl? I'm not really using this thing just yet, but today's problem is convincing my @world to not hard depend on openssl & this was one of the last pieces of the puzzle.
(In reply to Erik from comment #0) > so, I've masked version 0.9.1-r1 as it didn't compile for me either way. Please submit a bug for this, or use this one.
Should we add it to https://bugs.gentoo.org/561854 as a dependency?
Created attachment 548112 [details, diff] Fix I've edited ebuild to depend on libressl instead of openssl and to use only this patch, added it to local overlay, merged the package and tried to sign kernel with it and boot it. Everything went flawlessly... except for a few warnings during the signing process, but I don't think they are relevant: https://askubuntu.com/questions/717339/should-i-be-worried-about-warning-checksum-areas-are-greater-than-image-size
The attached patch will break regular openssl support. Would you mind guarding the defines in a compatible manner?
Libressl 2.9.2 (current stable) and 3.0.0 (current ~amd64) already have most of the defines the fix adds. A smaller patch can do the job and still seems to run just fine. the only compile time warnings are a couple of unused things sbvarsign.c:108:23: warning: ‘default_guid’ defined but not used [-Wunused-const-variable=] 108 | static const EFI_GUID default_guid = EFI_GLOBAL_VARIABLE; | ^~~~~~~~~~~~ sbverify.c:152:13: warning: ‘print_certificate_store_certs’ defined but not used [-Wunused-function] 152 | static void print_certificate_store_certs(X509_STORE *certs) | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Created attachment 591938 [details, diff] Simpler patch that doesn't touch existing defines
Created attachment 591944 [details, diff] Simpler patch that doesn't touch existing defines