app-crypt/cprocsp: small fixes + return 12900 back (certified)

Signed-off-by: Vadim Misbakh-Soloviov <[email protected]>
msva · Feb 4, 2024 · 2fd8fcd · 2fd8fcd
1 parent 81c489d
commit 2fd8fcd
Show file tree

Hide file tree

Showing 5 changed files with 732 additions and 9 deletions.
diff --git a/app-crypt/cprocsp/Manifest b/app-crypt/cprocsp/Manifest
@@ -1,3 +1,7 @@
+DIST cprocsp-5.0.12000_amd64.tgz 16134526 BLAKE2B a327b173554f4de17daaac56c7435eb7a7309e9b3fd4a79a72f385448f59881f07d3865b0ddeb1f2a98e53b87436ad3bd1c1df4455bfe11673953129cdef2322 SHA512 5ce29f12178e64983f194ef5792130185b3a0eb200532d2ca140c7f6867a2c92c1d1a8958dc8ca7e9e721f47d5a39772f6527abc06cb255080709252cd16c7e4
+DIST cprocsp-5.0.12000_arm.tgz 15120827 BLAKE2B d6dc93bf167fe2ad0967fa3dd55df0e647471a0413680030f621df2130cd8b0a72b8076ee74f642da44ae220e07fcfdfa81b018397d4b788884de221e9e9240f SHA512 396b7ee57a0afe9e2399c7f53b4132da5b19f5294aa7a200cd18b72a62bed9b390462e886eccc0c0a15c5f165684902a09ae12613c86743968e6c723a87f51d9
+DIST cprocsp-5.0.12000_arm64.tgz 17409050 BLAKE2B c62d9779298f56e60b05e3b642bc21584e18b5d62a47f2052c70843536f63424d363f3a5e441536377d5b5373af9a5be7b27e96dbb8c5d72669ae63bdf0a8772 SHA512 180d80dfc1769eacd28ed1a2670d35f4b78407d13c152630659de64839ff6351266100f620f64deea165436a392d3bfdc4a8fa294937812c3cc1eec202315b4a
+DIST cprocsp-5.0.12000_x86.tgz 16587422 BLAKE2B f68571e9be35c90a1ac02fe7d1dd1c015318777320a35fadaf32e6deab5a5a0a32b75bbb9629a7e3f36b1e9986034b7bc20b849f5ccd30b347e45389d48b9d42 SHA512 1f67f5175b698a271980b6680a16a54746ada274f5df0b86de4ae1a48148c3c3d3955ae22cf0c4dd520398572ded8c35dbd8fe478f6affad23e5e83a04956c43
 DIST cprocsp-5.0.12900_amd64.tgz 31500188 BLAKE2B 721673fc4058ad5fd80599a812a529196bc6354717bd1676acd3f1d43272761f099950e25ae03db53903bac6eb7f07b9240ae143f8fcf06aa32ed2b731c2975c SHA512 ea8e9e06002a851e2edfb0ba95eb37d2a25d76ec72c82e82a6927ccce6662422bf74dbe5fc96dcecfbe50af89cb7925d8602333612661defd87c5263548ad11a
 DIST cprocsp-5.0.12900_arm.tgz 31846102 BLAKE2B ce0456222b373c121da272b24cbc39247d41b6c6dd8e8f4727db692a7b7874a9048e0540611642bfe62ab9d149ad93c014ee3f167617bd6859a10ec3eed3708e SHA512 14cf91f92ae2ccba08d39d4790bc54bde97238f4c09a02d6773d0398c299a99b215adf89fd47cddb0ad956a3aa61585a0ce8e84a2a05fe9799509009e20300eb
 DIST cprocsp-5.0.12900_arm64.tgz 36753992 BLAKE2B 12833a2c89ca808d7241e872fa46f6eb315dcdb89f24ee9ef110316f3a430b7581d876e887ef7bd86d46ee09fbd82c418672bcb751d31edcd57caaa1bb509dcb SHA512 3c8d1e69b33a2a9c6b663e351b5ed0f261d7e09aaf3df4d27d0e33cf828d8968c8da037b8a6fc5e23de993b6e4d25aabc15c88a7f20ad0ad8abd6c9764740742

diff --git a/app-crypt/cprocsp/cprocsp-5.0.12000.ebuild b/app-crypt/cprocsp/cprocsp-5.0.12000.ebuild
@@ -0,0 +1,218 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit rpm systemd xdg udev
+
+DESCRIPTION="CryptoPro Crypto Provider"
+
+SRC_URI="
+	x86? ( ${P}_x86.tgz )
+	amd64? ( ${P}_amd64.tgz )
+	arm? ( ${P}_arm.tgz )
+	arm64? ( ${P}_arm64.tgz )
+"
+
+HOMEPAGE="https://cryptopro.ru/products/csp/downloads"
+LICENSE="Crypto-Pro"
+RESTRICT="bindist fetch mirror strip"
+SLOT="0"
+KEYWORDS="~amd64 ~arm ~arm64 ~x86"
+
+DEPEND="
+	app-accessibility/at-spi2-core
+	dev-libs/glib
+	dev-libs/libusb-compat
+	media-libs/fontconfig
+	media-libs/freetype
+	sys-libs/pam
+	sys-libs/zlib
+	x11-libs/cairo
+	x11-libs/gdk-pixbuf
+	x11-libs/gtk+:2
+	x11-libs/libSM
+	x11-libs/libX11
+	x11-libs/libXxf86vm
+	x11-libs/pango
+"
+RDEPEND="
+	app-crypt/ccid
+	>=dev-libs/libp11-0.4.0
+	dev-libs/libxml2
+	x86? ( dev-libs/opensc )
+	amd64? ( dev-libs/opensc )
+	media-libs/libpng:0
+	media-libs/fontconfig
+	sys-apps/dbus
+	sys-apps/lsb-release
+	>=sys-apps/pcsc-lite-1.4.99
+	sys-apps/pcsc-tools
+	virtual/libcrypt:=
+	virtual/libusb:0
+	${DEPEND}
+"
+BDEPEND="
+	app-arch/rpm2targz
+	app-alternatives/bzip2
+"
+
+QA_PREBUILT="opt/cprocsp/*"
+
+_get_arch() {
+	if [[ -n "${_got_arch}" ]]; then
+		echo ${_got_arch};
+		return
+	fi
+	local _got_arch
+	case $(uname -m) in
+		x86_64)
+			_got_arch="amd64"
+			;;
+		i*86)
+			_got_arch="ia32"
+			;;
+		armv7*)
+			_got_arch="armhf"
+			;;
+		aarch64)
+			_got_arch="arm64"
+			;;
+	esac
+	export _got_arch
+	echo "${_got_arch}"
+}
+
+pkg_nofetch() {
+	local BASE_URL="https://cryptopro.ru/sites/default/files/private/csp"
+	local v=$(ver_cut 1-2)
+	local arch=$(_get_arch)
+	einfo "Please, open this link in the browser: ${BASE_URL}/${v//.}/$(ver_cut 3)/linux-${arch}.tgz"
+	einfo "(registration/login needed)"
+	einfo "Then download it, and place at ${PORTAGE_ACTUAL_DISTDIR}/${A}"
+	ewarn "Please, post an issue on GitHub in case of checksums mismatch"
+}
+
+src_unpack() {
+	local uname_m=$(uname -m)
+	local arch=$(_get_arch);
+	local libdir=$(get_libdir)
+
+	default
+
+	mkdir -p "${S}"
+	cd "${S}"
+
+	PKGS=( # Packages that usually installed by CryptoPro installer
+		lsb-cprocsp-{base,rdr,kc1,capilite,ca-certs,pkcs11}
+		cprocsp-{curl,rdr}
+		apache-modssl
+	)
+	ADD_PKGS=( # Additional packages that should be useful (token drivers, patched stunnel, cert viewer)
+		lsb-cprocsp-rcrypt
+		cprocsp-{stunnel,xer2print,cptools}
+		cprocsp-ipsec-{genpsk,ike}
+		ifd-rutokens
+	)
+
+	# TODO: USE-flags for readers, browser plugin, curl, stunnel and so on
+
+	for f in ${PKGS[@]} ${ADD_PKGS[@]}; do
+		find "../linux-${arch}" -name "${f}*.rpm" | while read r; do rpm_unpack "./${r}"; done
+	done
+
+	rm opt/cprocsp/sbin/"${arch}"/oauth_gtk2 || die # linked against long outdated webkitgtk1
+	mv tmp opt/cprocsp
+
+	mkdir -p usr/lib
+	mv etc/udev usr/lib/udev
+
+	mkdir -p usr/${libdir}/readers/usb || die
+	mv usr/${libdir}/pcsc/drivers/* usr/${libdir}/readers/usb/ || die
+
+	cp -rl opt/cprocsp/share usr/share || die
+	# ^  TODO: investigave about pottential collisions on certmgr (mono?) and stunnel mans
+
+	mkdir -p usr/lib/mozilla/plugins || die
+	cp -lL opt/cprocsp/lib/${arch}/libnpcades.so usr/lib/mozilla/plugins/ || die
+
+	# cp etc/opt/cprocsp/config64.ini{,.backup} || die # TODO: What about non-64bit installs? (need someone with 32bit setup)
+	bzip2 -d -c < "${FILESDIR}"/cprocsp_postinstal_all_scripts.sh.bz2 > "${T}"/postinst.bash || die
+}
+
+src_install() {
+	local arch=$(_get_arch)
+
+	insinto /
+	doins -r opt etc usr var
+
+	exeinto /opt/cprocsp/bin/"${arch}"
+	doexe opt/cprocsp/bin/"${arch}"/*
+	exeinto /opt/cprocsp/sbin/"${arch}"
+	doexe opt/cprocsp/sbin/"${arch}"/*
+	exeinto /opt/cprocsp/lib/"${arch}"
+	doexe opt/cprocsp/lib/${arch}/*
+
+	keepdir /var/opt/cprocsp/dsrf
+	keepdir /var/opt/cprocsp/dsrf/db1
+	keepdir /var/opt/cprocsp/dsrf/db2
+	keepdir /var/opt/cprocsp/keys
+	keepdir /var/opt/cprocsp/tmp
+	keepdir /var/opt/cprocsp/users
+	keepdir /var/opt/cprocsp/users/stores
+	keepdir /var/opt/cprocsp/mnt
+
+	# insinto /etc/opt/cprocsp
+
+	# alt-compat
+	# rm "${arch}"/ld-lsb-x86-64.so.3
+	# rm etc/init.d/cprocsp
+	mv etc/init.d/cprocsp opt/cprocsp/cprocsp.init || die # FIXME:
+
+	newinitd "${FILESDIR}/${P}" cprocsp
+	# TODO: ^ make it just script, and make normal openrc init-file
+	systemd_dounit "${FILESDIR}/${PN}.service"
+
+	newenvd - "99${PN}" <<-_EOF_
+		PATH=/opt/cprocsp/bin/${arch}:/opt/cprocsp/sbin/${arch}
+	_EOF_
+	# TODO: ^^^ adding it to the end of PATH leads to shadowing
+	# CryptoPro's `certmgr` by same-named utility from dev-lang/mono
+	# And adding it to the beginning leads to shadowning `curl` from
+	# net-misc/curl by proprietary-patched `curl` from this package.
+	# TODO: maybe make symliks to bindir instead of adding to PATH?
+	# Or wrapper(s)?
+}
+
+pkg_postinst() {
+	local arch=$(_get_arch)
+	local pi_st
+
+	/etc/init.d/cprocsp repair_var
+
+	ebegin "Running postinstall script (pre-configuring)"
+		bash "${T}"/postinst.bash &>"${T}/postinst.log"
+		pi_st=$?
+	eend "${pi_st}"
+	if [[ "${pi_st}" -gt 0 ]]; then
+		eerror "Something gone wrong during postinstall. It is not necessarily bad, but check the log just in case:"
+		eerror "=================="
+		cat "${T}/postinst.log"
+		eerror "=================="
+	fi
+
+	xdg_desktop_database_update
+	udev_reload
+
+	einfo "You may want to run following command as user (not root):"
+	einfo "    /opt/cprocsp/bin/"${arch}"/csptestf -absorb -certs -autoprov"
+	einfo "to import cryptocontainers and certificates from USB-smartcard (aka token)"
+
+	ewarn "!!!!!! WARNING !!!!!!"
+	ewarn "In case of breakages (for example, it stopped to work with your smartcard)"
+	ewarn "try to:"
+	ewarn "1) uninstall this package"
+	ewarn "2) remove (or move to another place) /etc/opt/cprocsp/config64.ini if it wasn't removed by portage"
+	ewarn "3) install this package again"
+	ewarn "4) if you did any modifications on config64.ini - repeat them now"
+}
diff --git a/app-crypt/cprocsp/cprocsp-5.0.12900.ebuild b/app-crypt/cprocsp/cprocsp-5.0.12900.ebuild
@@ -52,12 +52,6 @@ RDEPEND="
 	virtual/libusb:0
 	${DEPEND}
 "
-# media-libs/libcanberra[gtk2]
-# x11-misc/appmenu-gtk-module[gtk2]
-# ^ Actually, having gtk2 on them doesn't strictly needed.
-# It works just fine without it. It might be added just to silence warnings on startup, but gtk2 is deprecated.
-# keepeng them in case upstream will go crazy and make them mandatory.
-
 BDEPEND="
 	app-arch/rpm2targz
 	app-alternatives/bzip2
@@ -121,6 +115,9 @@ src_unpack() {
 		ifd-rutokens
 		cprocsp-pki{,-{plugin,cades}} # ,phpcades}}
 	)
+
+	# TODO: USE-flags for readers, browser plugin, curl, stunnel and so on
+
 	for f in ${PKGS[@]} ${ADD_PKGS[@]}; do
 		find "../linux-${arch}" -name "${f}*.rpm" | while read r; do rpm_unpack "./${r}"; done
 	done
@@ -131,13 +128,13 @@ src_unpack() {
 	mkdir -p usr/${libdir}/readers/usb || die
 	mv usr/${libdir}/pcsc/drivers/* usr/${libdir}/readers/usb/ || die
 
-	mv opt/cprocsp/share/* usr/share/ || die
-	rmdir opt/cprocsp/share || die
+	cp -rl opt/cprocsp/share usr/share || die
+	# ^  TODO: investigave about pottential collisions on certmgr (mono?) and stunnel mans
 
 	mkdir -p usr/lib/mozilla/plugins || die
 	cp -lL opt/cprocsp/lib/${arch}/libnpcades.so usr/lib/mozilla/plugins/ || die
 
-	# cp etc/opt/cprocsp/config64.ini{,.backup} || die # What about non-64bit installs?
+	# cp etc/opt/cprocsp/config64.ini{,.backup} || die # TODO: What about non-64bit installs? (need someone with 32bit setup)
 	bzip2 -d -c < "${FILESDIR}"/cprocsp_postinstal_all_scripts.sh.bz2 > "${T}"/postinst.bash || die
 }
 
@@ -177,6 +174,12 @@ src_install() {
 	newenvd - "99${PN}" <<-_EOF_
 		PATH=/opt/cprocsp/bin/${arch}:/opt/cprocsp/sbin/${arch}
 	_EOF_
+	# TODO: ^^^ adding it to the end of PATH leads to shadowing
+	# CryptoPro's `certmgr` by same-named utility from dev-lang/mono
+	# And adding it to the beginning leads to shadowning `curl` from
+	# net-misc/curl by proprietary-patched `curl` from this package.
+	# TODO: maybe make symliks to bindir instead of adding to PATH?
+	# Or wrapper(s)?
 }
 
 pkg_postinst() {
@@ -202,4 +205,12 @@ pkg_postinst() {
 	einfo "You may want to run following command as user (not root):"
 	einfo "    /opt/cprocsp/bin/"${arch}"/csptestf -absorb -certs -autoprov"
 	einfo "to import cryptocontainers and certificates from USB-smartcard (aka token)"
+
+	ewarn "!!!!!! WARNING !!!!!!"
+	ewarn "In case of breakages (for example, it stopped to work with your smartcard)"
+	ewarn "try to:"
+	ewarn "1) uninstall this package"
+	ewarn "2) remove (or move to another place) /etc/opt/cprocsp/config64.ini if it wasn't removed by portage"
+	ewarn "3) install this package again"
+	ewarn "4) if you did any modifications on config64.ini - repeat them now"
 }