From: Mathias Kresin <dev@kresin.me>
Date: Sat, 5 Jan 2019 20:51:00 +0100
Subject: tools: add zip utility
One image requires a zip compressed image, so add the zip util found in
the packages feed, and extend it with some useful debian patches.
Signed-off-by: Mathias Kresin <dev@kresin.me>
tools: zip: add option for reproducible archives
Add the option -mt/--mtime to pass a timestamp which is used as filedate
for the containing files.
So far, it isn't used for anything written to the extra fields,
therefore requires the -X (eXclude eXtra file attributes) parameter to
be effective.
Signed-off-by: Mathias Kresin <dev@kresin.me>
diff --git a/tools/Makefile b/tools/Makefile
index d2b5daf18c233c8e94657fd61922c75770a3b35b..3ac3b226d35311c606e6dcc562fb8a2d31cec584 100644
--- a/tools/Makefile
+++ b/tools/Makefile
@@ -32,7 +32,7 @@ tools-$(CONFIG_TARGET_x86) += qemu
tools-$(CONFIG_TARGET_mxs) += elftosb sdimage
tools-$(CONFIG_TARGET_ar71xx) += lzma-old squashfs
tools-$(CONFIG_USES_MINOR) += kernel2minor
-tools-y += lzma squashfs4
+tools-y += lzma squashfs4 zip
tools-$(BUILD_B43_TOOLS) += b43-tools
tools-$(BUILD_ISL) += isl
tools-$(CONFIG_USE_SPARSE) += sparse
diff --git a/tools/zip/Makefile b/tools/zip/Makefile
new file mode 100644
index 0000000000000000000000000000000000000000..7dd81a1b8bc3bfeb5773d0770cb57c164f6db157
--- /dev/null
+++ b/tools/zip/Makefile
@@ -0,0 +1,36 @@
+#
+# Copyright (C) 2007-2016 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=zip
+PKG_REV:=30
+PKG_VERSION:=3.0
+
+PKG_SOURCE:=$(PKG_NAME)$(PKG_REV).tar.gz
+PKG_SOURCE_URL:=@SF/infozip
+PKG_HASH:=f0e8bb1f9b7eb0b01285495a2699df3a4b766784c1765a8f1aeedf63c0806369
+
+PKG_LICENSE:=BSD-4-Clause
+PKG_LICENSE_FILES:=LICENSE
+
+HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/$(PKG_NAME)-$(PKG_VERSION)/zip$(PKG_REV)
+HOST_BUILD_PARALLEL:=1
+
+include $(INCLUDE_DIR)/host-build.mk
+
+define Host/Compile
+ +$(HOST_MAKE_VARS) $(MAKE) $(HOST_JOBS) -C $(HOST_BUILD_DIR) -I. -f unix/Makefile zip
+endef
+
+define Host/Install
+ $(INSTALL_DIR) $(STAGING_DIR_HOST)/bin/
+ $(INSTALL_BIN) $(HOST_BUILD_DIR)/zip $(STAGING_DIR_HOST)/bin/
+endef
+
+$(eval $(call HostBuild))
+#$(eval $(call BuildPackage,zip))
diff --git a/tools/zip/patches/001-unix-configure-borrow-the-LFS-test-from-autotools.patch b/tools/zip/patches/001-unix-configure-borrow-the-LFS-test-from-autotools.patch
new file mode 100644
index 0000000000000000000000000000000000000000..ef0de6fd9b9bb1f2ee29a9609ce0dbd7799f3410
--- /dev/null
+++ b/tools/zip/patches/001-unix-configure-borrow-the-LFS-test-from-autotools.patch
@@ -0,0 +1,89 @@
+From fc392c939b9a18959482f588aff0afc29dd6d30a Mon Sep 17 00:00:00 2001
+From: Romain Naour <romain.naour at openwide.fr>
+Date: Fri, 23 Jan 2015 22:20:18 +0100
+Subject: [PATCH 6/6] unix/configure: borrow the LFS test from autotools.
+
+Infozip's LFS check can't work for cross-compilation
+since it try to run a target's binary on the host system.
+
+Instead, use to LFS test used by autotools which is a
+compilation test.
+(see autotools/lib/autoconf/specific.m4)
+
+Reported-by: Richard Genoud <richard.genoud at gmail.com>
+Signed-off-by: Romain Naour <romain.naour at openwide.fr>
+---
+ configure | 46 +++++++++++++++-------------------------------
+ 1 file changed, 15 insertions(+), 31 deletions(-)
+
+--- a/unix/configure
++++ b/unix/configure
+@@ -399,9 +399,8 @@ else
+ fi
+
+
+-# Now we set the 64-bit file environment and check the size of off_t
+-# Added 11/4/2003 EG
+-# Revised 8/12/2004 EG
++# LFS check borrowed from autotools sources
++# lib/autoconf/specific.m4
+
+ echo Check for Large File Support
+ cat > conftest.c << _EOF_
+@@ -410,23 +409,19 @@ cat > conftest.c << _EOF_
+ # define _FILE_OFFSET_BITS 64 /* select default interface as 64 bit */
+ # define _LARGE_FILES /* some OSes need this for 64-bit off_t */
+ #include <sys/types.h>
+-#include <sys/stat.h>
+-#include <unistd.h>
+-#include <stdio.h>
++
++ /* Check that off_t can represent 2**63 - 1 correctly.
++ We can't simply define LARGE_OFF_T to be 9223372036854775807,
++ since some C++ compilers masquerading as C compilers
++ incorrectly reject 9223372036854775807. */
++#define LARGE_OFF_T (((off_t) 1 << 62) - 1 + ((off_t) 1 << 62))
++ int off_t_is_large[(LARGE_OFF_T % 2147483629 == 721
++ && LARGE_OFF_T % 2147483647 == 1)
++ ? 1 : -1];
++
+ int main()
+ {
+- off_t offset;
+- struct stat s;
+- /* see if have 64-bit off_t */
+- if (sizeof(offset) < 8)
+- return 1;
+- printf(" off_t is %d bytes\n", sizeof(off_t));
+- /* see if have 64-bit stat */
+- if (sizeof(s.st_size) < 8) {
+- printf(" s.st_size is %d bytes\n", sizeof(s.st_size));
+- return 2;
+- }
+- return 3;
++ return 0;
+ }
+ _EOF_
+ # compile it
+@@ -434,19 +429,8 @@ $CC -o conftest conftest.c >/dev/null 2>
+ if [ $? -ne 0 ]; then
+ echo -- no Large File Support
+ else
+-# run it
+- ./conftest
+- r=$?
+- if [ $r -eq 1 ]; then
+- echo -- no Large File Support - no 64-bit off_t
+- elif [ $r -eq 2 ]; then
+- echo -- no Large File Support - no 64-bit stat
+- elif [ $r -eq 3 ]; then
+- echo -- yes we have Large File Support!
+- CFLAGS="${CFLAGS} -DLARGE_FILE_SUPPORT"
+- else
+- echo -- no Large File Support - conftest returned $r
+- fi
++ echo -- yes we have Large File Support!
++ CFLAGS="${CFLAGS} -DLARGE_FILE_SUPPORT"
+ fi
+
+
diff --git a/tools/zip/patches/004-do-not-set-unwanted-cflags.patch b/tools/zip/patches/004-do-not-set-unwanted-cflags.patch
new file mode 100644
index 0000000000000000000000000000000000000000..bfd226077a9742f87a1988747a81e9226e89dfaf
--- /dev/null
+++ b/tools/zip/patches/004-do-not-set-unwanted-cflags.patch
@@ -0,0 +1,15 @@
+From: Santiago Vila <sanvila@debian.org>
+Subject: Do not set unwanted CFLAGS, as it breaks DEB_BUILD_OPTIONS
+X-Debian-version: 2.32-1
+
+--- a/unix/configure
++++ b/unix/configure
+@@ -98,7 +98,7 @@ int main()
+ _EOF_
+ $CC $CFLAGS -c conftest.c > /dev/null 2>/dev/null
+ if test $? -eq 0; then
+- CFLAGS_OPT='-O3'
++ # CFLAGS_OPT='-O3'
+ echo " GNU C ($CFLAGS_OPT)"
+ # Special Mac OS X shared library "ld" option?
+ if test ` uname -s 2> /dev/null ` = 'Darwin'; then
diff --git a/tools/zip/patches/006-stack-markings-to-avoid-executable-stack.patch b/tools/zip/patches/006-stack-markings-to-avoid-executable-stack.patch
new file mode 100644
index 0000000000000000000000000000000000000000..8b479faedaeedbe83d378306d386a0a88493b282
--- /dev/null
+++ b/tools/zip/patches/006-stack-markings-to-avoid-executable-stack.patch
@@ -0,0 +1,21 @@
+From: Kees Cook <kees@debian.org>
+Subject: put stack markings in i386 assembly to avoid executable stack
+Bug-Debian: http://bugs.debian.org/528280
+X-Debian-version: 3.0-2
+
+--- a/crc_i386.S
++++ b/crc_i386.S
+@@ -302,3 +302,5 @@ _crc32: /* ulg c
+ #endif /* i386 || _i386 || _I386 || __i386 */
+
+ #endif /* !USE_ZLIB && !CRC_TABLE_ONLY */
++.section .note.GNU-stack, "", @progbits
++.previous
+--- a/match.S
++++ b/match.S
+@@ -405,3 +405,5 @@ L__return:
+ #endif /* i386 || _I386 || _i386 || __i386 */
+
+ #endif /* !USE_ZLIB */
++.section .note.GNU-stack, "", @progbits
++.previous
diff --git a/tools/zip/patches/007-fclose-in-file-not-fclose-x.patch b/tools/zip/patches/007-fclose-in-file-not-fclose-x.patch
new file mode 100644
index 0000000000000000000000000000000000000000..402f90a2d5ef3d08a7d71268fe4f5e2484a10664
--- /dev/null
+++ b/tools/zip/patches/007-fclose-in-file-not-fclose-x.patch
@@ -0,0 +1,16 @@
+From: Christian Spieler
+Subject: zipnote.c: Close in_file instead of undefined file x
+Bug-Debian: http://bugs.debian.org/628594
+X-Debian-version: 3.0-4
+
+--- a/zipnote.c
++++ b/zipnote.c
+@@ -661,7 +661,7 @@ char **argv; /* command line
+ if ((r = zipcopy(z)) != ZE_OK)
+ ziperr(r, "was copying an entry");
+ }
+- fclose(x);
++ fclose(in_file);
+
+ /* Write central directory and end of central directory with new comments */
+ if ((c = zftello(y)) == (zoff_t)-1) /* get start of central */
diff --git a/tools/zip/patches/008-hardening-build-fix-1.patch b/tools/zip/patches/008-hardening-build-fix-1.patch
new file mode 100644
index 0000000000000000000000000000000000000000..a0c3a91eeec064b2305c3873a8a95669c750ea9b
--- /dev/null
+++ b/tools/zip/patches/008-hardening-build-fix-1.patch
@@ -0,0 +1,25 @@
+From: Santiago Vila <sanvila@debian.org>
+Subject: Use format specifier %s to print strings, not the string itself
+Bug-Debian: http://bugs.debian.org/673476
+X-Debian-version: 3.0-5
+
+--- a/zip.c
++++ b/zip.c
+@@ -1028,7 +1028,7 @@ local void help_extended()
+
+ for (i = 0; i < sizeof(text)/sizeof(char *); i++)
+ {
+- printf(text[i]);
++ printf("%s", text[i]);
+ putchar('\n');
+ }
+ #ifdef DOS
+@@ -1225,7 +1225,7 @@ local void version_info()
+ CR_MAJORVER, CR_MINORVER, CR_BETA_VER, CR_VERSION_DATE);
+ for (i = 0; i < sizeof(cryptnote)/sizeof(char *); i++)
+ {
+- printf(cryptnote[i]);
++ printf("%s", cryptnote[i]);
+ putchar('\n');
+ }
+ ++i; /* crypt support means there IS at least one compilation option */
diff --git a/tools/zip/patches/009-hardening-build-fix-2.patch b/tools/zip/patches/009-hardening-build-fix-2.patch
new file mode 100644
index 0000000000000000000000000000000000000000..e295ffbc641879768cc9257641fae85af327a338
--- /dev/null
+++ b/tools/zip/patches/009-hardening-build-fix-2.patch
@@ -0,0 +1,16 @@
+From: Santiago Vila <sanvila@debian.org>
+Subject: unix/configure: Take linking flags from the environment
+Bug-Debian: http://bugs.debian.org/673476
+X-Debian-version: 3.0-5
+
+--- a/unix/configure
++++ b/unix/configure
+@@ -18,7 +18,7 @@ trap "rm -f conftest* core a.out; exit 1
+
+ CC=${1-cc}
+ CFLAGS=${2-"-I. -DUNIX"}
+-LFLAGS1=''
++LFLAGS1=${LDFLAGS}
+ LFLAGS2=''
+ LN="ln -s"
+
diff --git a/tools/zip/patches/010-remove-build-date.patch b/tools/zip/patches/010-remove-build-date.patch
new file mode 100644
index 0000000000000000000000000000000000000000..5fc385228a8f6bff01416748bb6c392f2e986322
--- /dev/null
+++ b/tools/zip/patches/010-remove-build-date.patch
@@ -0,0 +1,15 @@
+From: Santiago Vila <sanvila@debian.org>
+Subject: Remove (optional) build date to make the build reproducible
+Bug-Debian: http://bugs.debian.org/779042
+
+--- a/unix/unix.c
++++ b/unix/unix.c
+@@ -1020,7 +1020,7 @@ void version_local()
+
+
+ /* Define the compile date string */
+-#ifdef __DATE__
++#if 0
+ # define COMPILE_DATE " on " __DATE__
+ #else
+ # define COMPILE_DATE ""
diff --git a/tools/zip/patches/011-add-option-for-reproducible-archives.patch b/tools/zip/patches/011-add-option-for-reproducible-archives.patch
new file mode 100644
index 0000000000000000000000000000000000000000..45b9d67e159327798535db55cd264ab9eeec6c38
--- /dev/null
+++ b/tools/zip/patches/011-add-option-for-reproducible-archives.patch
@@ -0,0 +1,145 @@
+From 6d659fc87451c02c8777dc33f750b16834e4c715 Mon Sep 17 00:00:00 2001
+From: Mathias Kresin <dev@kresin.me>
+Date: Sat, 12 Jan 2019 19:33:33 +0100
+Subject: [PATCH] add option for reproducible archives
+
+Add the option -mt/--mtime to pass a timestamp which is used as filedate
+for the containing files.
+
+So far, it isn't used for anything written to the extra fields,
+therefore requires the -X (eXclude eXtra file attributes) parameter to
+be effective.
+
+Signed-off-by: Mathias Kresin <dev@kresin.me>
+---
+ globals.c | 1 +
+ util.c | 22 ++++++++++++++++++++++
+ zip.c | 6 ++++++
+ zip.h | 1 +
+ zipup.c | 4 +++-
+ 5 files changed, 33 insertions(+), 1 deletion(-)
+
+--- a/globals.c
++++ b/globals.c
+@@ -205,6 +205,7 @@ uzoff_t bytes_this_split = 0; /* byt
+ int read_split_archive = 0; /* 1=scanzipf_reg detected spanning signature */
+ int split_method = 0; /* 0=no splits, 1=seekable, 2=data desc, -1=no */
+ uzoff_t split_size = 0; /* how big each split should be */
++time_t timestamp = -1; /* fixed timestamp for archive content filedate */
+ int split_bell = 0; /* when pause for next split ring bell */
+ uzoff_t bytes_prev_splits = 0; /* total bytes written to all splits before this */
+ uzoff_t bytes_this_entry = 0; /* bytes written for this entry across all splits */
+--- a/util.c
++++ b/util.c
+@@ -1217,6 +1217,7 @@ int DisplayNumString(file, i)
+ return 0;
+ }
+
++
+ /* Read numbers with trailing size multiplier (like 10M) and return number.
+ 10/30/04 EG */
+
+@@ -1279,6 +1280,29 @@ uzoff_t ReadNumString( numstring )
+ }
+
+
++uzoff_t ReadNumStringUL( numstring )
++ char *numstring;
++{
++ zoff_t num = 0;
++
++ /* check if valid number (currently no negatives) */
++ if (numstring == NULL) {
++ zipwarn("Unable to read empty number in ReadNumString", "");
++ return (uzoff_t)-1;
++ }
++ if (numstring[0] < '0' || numstring[0] > '9') {
++ zipwarn("Unable to read number (must start with digit): ", numstring);
++ return (uzoff_t)-1;
++ }
++ if (strlen(numstring) > 10) {
++ zipwarn("Number too long to read (10 characters max): ", numstring);
++ return (uzoff_t)-1;
++ }
++
++ return (uzoff_t)atoll(numstring);
++}
++
++
+ /* Write the number as a string with a multiplier (like 10M) to outstring.
+ Always writes no more than 3 digits followed maybe by a multiplier and
+ returns the characters written or -1 if error.
+--- a/zip.c
++++ b/zip.c
+@@ -1942,6 +1942,7 @@ int set_filetype(out_path)
+ #ifdef UNICODE_TEST
+ #define o_sC 0x146
+ #endif
++#define o_mt 0x255
+
+
+ /* the below is mainly from the old main command line
+@@ -2036,6 +2037,7 @@ struct option_struct far options[] = {
+ {"m", "move", o_NO_VALUE, o_NOT_NEGATABLE, 'm', "add files to archive then delete files"},
+ {"mm", "", o_NO_VALUE, o_NOT_NEGATABLE, o_mm, "not used"},
+ {"MM", "must-match", o_NO_VALUE, o_NOT_NEGATABLE, o_MM, "error if in file not matched/not readable"},
++ {"mt", "mtime", o_REQUIRED_VALUE, o_NOT_NEGATABLE, o_mt, "use fixed timestamp for archive content filedate"},
+ {"n", "suffixes", o_REQUIRED_VALUE, o_NOT_NEGATABLE, 'n', "suffixes to not compress: .gz:.zip"},
+ {"nw", "no-wild", o_NO_VALUE, o_NOT_NEGATABLE, o_nw, "no wildcards during add or update"},
+ #if defined(AMIGA) || defined(MACOS)
+@@ -2440,6 +2442,7 @@ char **argv; /* command line
+ split_method = 0; /* 0=no splits, 1=update LHs, 2=data descriptors */
+ split_size = 0; /* how big each split should be */
+ split_bell = 0; /* when pause for next split ring bell */
++ timestamp = -1; /* fixed timestamp for archive content filedate */
+ bytes_prev_splits = 0; /* total bytes written to all splits before this */
+ bytes_this_entry = 0; /* bytes written for this entry across all splits */
+ noisy_splits = 0; /* be verbose about creating splits */
+@@ -2897,6 +2900,9 @@ char **argv; /* command line
+ dispose = 1; break;
+ case o_MM: /* Exit with error if input file can't be read */
+ bad_open_is_error = 1; break;
++ case o_mt: /* fixed timestamp for archive content filedate */
++ timestamp = ReadNumStringUL(value);
++ break;
+ case 'n': /* Don't compress files with a special suffix */
+ special = value;
+ /* special = NULL; */ /* will be set at next argument */
+--- a/zip.h
++++ b/zip.h
+@@ -502,6 +502,7 @@ extern uzoff_t bytes_this_split; /* byte
+ extern int read_split_archive; /* 1=scanzipf_reg detected spanning signature */
+ extern int split_method; /* 0=no splits, 1=seekable, 2=data descs, -1=no */
+ extern uzoff_t split_size; /* how big each split should be */
++extern time_t timestamp; /* fixed timestamp for archive content filedate */
+ extern int split_bell; /* when pause for next split ring bell */
+ extern uzoff_t bytes_prev_splits; /* total bytes written to all splits before this */
+ extern uzoff_t bytes_this_entry; /* bytes written for this entry across all splits */
+@@ -789,6 +790,7 @@ char *zip_fzofft OF((zoff_t, char
+ int DisplayNumString OF ((FILE *file, uzoff_t i));
+ int WriteNumString OF((uzoff_t num, char *outstring));
+ uzoff_t ReadNumString OF((char *numstring));
++uzoff_t ReadNumStringUL OF((char *numstring));
+
+ /* returns true if abbrev is abbreviation for string */
+ int abbrevmatch OF((char *, char *, int, int));
+--- a/zipup.c
++++ b/zipup.c
+@@ -415,7 +415,6 @@ struct zlist far *z; /* zip entry to
+ char *tempextra = NULL;
+ char *tempcextra = NULL;
+
+-
+ #ifdef WINDLL
+ # ifdef ZIP64_SUPPORT
+ extern _int64 filesize64;
+@@ -441,6 +440,9 @@ struct zlist far *z; /* zip entry to
+ if (tim == 0 || q == (zoff_t) -3)
+ return ZE_OPEN;
+
++ if (timestamp > 0)
++ tim = unix2dostime(×tamp);
++
+ /* q is set to -1 if the input file is a device, -2 for a volume label */
+ if (q == (zoff_t) -2) {
+ isdir = 1;