Actually update to the *real* 13 final.

Related: rhbz#1489604

Signed-off-by: Peter Jones <pjones@redhat.com>

0001-Typo-on-aarch64.patch

@@ -1,26 +0,0 @@
-From db142ce288a63db2e8f7858ba7564158cc7a64e5 Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Tue, 30 Jun 2015 14:54:43 -0400
-Subject: [PATCH] Typo on aarch64 :/
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/Makefile b/Makefile
-index 46d0234..1181b8a 100644
---- a/Makefile
-+++ b/Makefile
-@@ -52,7 +52,7 @@ ifeq ($(ARCH),ia32)
- 		"-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/ia32-$(VERSION)$(RELEASE)/\""
- endif
- ifeq ($(ARCH),aarch64)
--	CFLAGS += "-DEFI_ARCH=L\"aa64\""
-+	CFLAGS += "-DEFI_ARCH=L\"aa64\"" \
- 		"-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/aa64-$(VERSION)$(RELEASE)/\""
- endif
- 
--- 
-2.4.3
-

shim-find-debuginfo.sh

@@ -1,412 +1,90 @@
 #!/bin/bash
-#find-debuginfo.sh - automagically generate debug info and file list
-#for inclusion in an rpm spec file.
 #
-# Usage: find-debuginfo.sh [--strict-build-id] [-g] [-r]
-#	 		   [-o debugfiles.list]
-#			   [[-l filelist]... [-p 'pattern'] -o debuginfo.list]
-#			   [builddir]
+# shim-find-debuginfo.sh
+# Copyright (C) 2017 Peter Jones <Peter Jones@random>
 #
-# The -g flag says to use strip -g instead of full strip on DSOs or EXEs.
-# The --strict-build-id flag says to exit with failure status if
-# any ELF binary processed fails to contain a build-id note.
-# The -r flag says to use eu-strip --reloc-debug-sections.
-#
-# A single -o switch before any -l or -p switches simply renames
-# the primary output file from debugfiles.list to something else.
-# A -o switch that follows a -p switch or some -l switches produces
-# an additional output file with the debuginfo for the files in
-# the -l filelist file, or whose names match the -p pattern.
-# The -p argument is an grep -E -style regexp matching the a file name,
-# and must not use anchors (^ or $).
-#
-# All file names in switches are relative to builddir (. if not given).
+# Distributed under terms of the GPLv3 license.
 #
+set -e
+set -u
 
-# With -g arg, pass it to strip on libraries or executables.
-strip_g=false
-
-# with -r arg, pass --reloc-debug-sections to eu-strip.
-strip_r=false
-
-# Barf on missing build IDs.
-strict=false
-
-BUILDDIR=.
-out=debugfiles.list
-nout=0
-while [ $# -gt 0 ]; do
-  case "$1" in
-  --strict-build-id)
-    strict=true
-    ;;
-  -g)
-    strip_g=true
-    ;;
-  -o)
-    if [ -z "${lists[$nout]}" -a -z "${ptns[$nout]}" ]; then
-      out=$2
-    else
-      outs[$nout]=$2
-      ((nout++))
-    fi
-    shift
-    ;;
-  -l)
-    lists[$nout]="${lists[$nout]} $2"
-    shift
-    ;;
-  -p)
-    ptns[$nout]=$2
-    shift
-    ;;
-  -r)
-    strip_r=true
-    ;;
-  *)
-    BUILDDIR=$1
-    shift
-    break
-    ;;
-  esac
-  shift
-done
-
-i=0
-while ((i < nout)); do
-  outs[$i]="$BUILDDIR/${outs[$i]}"
-  l=''
-  for f in ${lists[$i]}; do
-    l="$l $BUILDDIR/$f"
-  done
-  lists[$i]=$l
-  ((++i))
-done
-
-LISTFILE="$BUILDDIR/$out"
-SOURCEFILE="$BUILDDIR/debugsources.list"
-LINKSFILE="$BUILDDIR/debuglinks.list"
-
-> "$SOURCEFILE"
-> "$LISTFILE"
-> "$LINKSFILE"
-
-debugdir="${RPM_BUILD_ROOT}/usr/lib/debug"
-
-strip_to_debug()
-{
-  local g=
-  local r=
-  $strip_r && r=--reloc-debug-sections
-  $strip_g && case "$(file -bi "$2")" in
-  application/x-sharedlib*) g=-g ;;
-  application/x-executable*) g=-g ;;
-  esac
-  eu-strip --remove-comment $r $g -f "$1" "$2" || exit
-  chmod 444 "$1" || exit
-}
-
-# Make a relative symlink to $1 called $3$2
-shopt -s extglob
-link_relative()
-{
-  local t="$1" f="$2" pfx="$3"
-  local fn="${f#/}" tn="${t#/}"
-  local fd td d
-
-  while fd="${fn%%/*}"; td="${tn%%/*}"; [ "$fd" = "$td" ]; do
-    fn="${fn#*/}"
-    tn="${tn#*/}"
-  done
-
-  d="${fn%/*}"
-  if [ "$d" != "$fn" ]; then
-    d="${d//+([!\/])/..}"
-    tn="${d}/${tn}"
-  fi
-
-  mkdir -p "$(dirname "$pfx$f")" && ln -snf "$tn" "$pfx$f"
-}
-
-# Make a symlink in /usr/lib/debug/$2 to $1
-debug_link()
-{
-  local l="/usr/lib/debug$2"
-  local t="$1"
-  echo >> "$LINKSFILE" "$l $t"
-  link_relative "$t" "$l" "$RPM_BUILD_ROOT"
-}
-
-# Provide .2, .3, ... symlinks to all filename instances of this build-id.
-make_id_dup_link()
-{
-  local id="$1" file="$2" idfile
-
-  local n=1
-  while true; do
-    idfile=".build-id/${id:0:2}/${id:2}.$n"
-    [ $# -eq 3 ] && idfile="${idfile}$3"
-    if [ ! -L "$RPM_BUILD_ROOT/usr/lib/debug/$idfile" ]; then
-      break
-    fi
-    n=$[$n+1]
-  done
-  debug_link "$file" "/$idfile"
-}
-
-# Make a build-id symlink for id $1 with suffix $3 to file $2.
-make_id_link()
-{
-  local id="$1" file="$2"
-  local idfile=".build-id/${id:0:2}/${id:2}"
-  [ $# -eq 3 ] && idfile="${idfile}$3"
-  local root_idfile="$RPM_BUILD_ROOT/usr/lib/debug/$idfile"
-
-  if [ ! -L "$root_idfile" ]; then
-    debug_link "$file" "/$idfile"
-    return
-  fi
-
-  make_id_dup_link "$@"
-
-  [ $# -eq 3 ] && return 0
-
-  local other=$(readlink -m "$root_idfile")
-  other=${other#$RPM_BUILD_ROOT}
-  if cmp -s "$root_idfile" "$RPM_BUILD_ROOT$file" ||
-     eu-elfcmp -q "$root_idfile" "$RPM_BUILD_ROOT$file" 2> /dev/null; then
-    # Two copies.  Maybe one has to be setuid or something.
-    echo >&2 "*** WARNING: identical binaries are copied, not linked:"
-    echo >&2 "        $file"
-    echo >&2 "   and  $other"
-  else
-    # This is pathological, break the build.
-    echo >&2 "*** ERROR: same build ID in nonidentical files!"
-    echo >&2 "        $file"
-    echo >&2 "   and  $other"
-    exit 2
-  fi
-}
-
-get_debugfn()
-{
-  dn=$(dirname "${1#$RPM_BUILD_ROOT}")
-  [ "$dn" == "." ] && dn=""
-  bn=$(basename "$1" .so).debug
-  bn=$(basename "$bn" .debug).debug
-  
-  debugdn=${debugdir}${dn}
-  debugfn=${debugdn}/${bn}
-
-  [ -n "$2" ] && shadowfn=$(basename "$2")
-}
-
-set -o pipefail
-
-strict_error=ERROR
-$strict || strict_error=WARNING
-
-handle_single_file()
-{
-  nlinks=$1 && shift
-  inum=$1 && shift
-  f=$1 && shift
-  shadow=$1 && shift
-  zf="$f"
-  [ -n "${shadowfn}" ] && zf="${shadowfn}"
-
-  get_debugfn "$f" "$shadow"
-  [ -f "${debugfn}" ] && return
-
-  # If this file has multiple links, keep track and make
-  # the corresponding .debug files all links to one file too.
-  if [ $nlinks -gt 1 ]; then
-    eval linked=\$linked_$inum
-    if [ -n "$linked" ]; then
-      eval id=\$linkedid_$inum
-      make_id_dup_link "$id" "$dn/$(basename ${zf})"
-      make_id_dup_link "$id" "/usr/lib/debug$dn/$bn" .debug
-      link=$debugfn
-      get_debugfn "$linked"
-      echo "hard linked $link to $debugfn"
-      mkdir -p "$(dirname "$link")" && ln -nf "$debugfn" "$link"
-      return
-    else
-      eval linked_$inum=\$f
-      echo "file $f has $[$nlinks - 1] other hard links"
-    fi
-  fi
-
-  echo "extracting debug info from $f"
-  echo /usr/lib/rpm/debugedit -b "$RPM_BUILD_DIR" -d /usr/src/debug \
-			      -i -l "$SOURCEFILE" "$f"
-  id=$(/usr/lib/rpm/debugedit -b "$RPM_BUILD_DIR" -d /usr/src/debug \
-			      -i -l "$SOURCEFILE" "$f") || exit
-  if [ $nlinks -gt 1 ]; then
-    eval linkedid_$inum=\$id
-  fi
-  if [ -z "$id" ]; then
-    echo >&2 "*** ${strict_error}: No build ID note found in $zf"
-    $strict && exit 2
-  fi
-
-  [ -x /usr/bin/gdb-add-index ] && /usr/bin/gdb-add-index "$zf" > /dev/null 2>&1
-
-  # A binary already copied into /usr/lib/debug doesn't get stripped,
-  # just has its file names collected and adjusted.
-  case "$dn" in
-  /usr/lib/debug/*)
-    [ -z "$id" ] || make_id_link "$id" "$dn/$(basename $zf)"
-    return ;;
-  esac
-
-  mkdir -p "${debugdn}"
-  if test -w "$f"; then
-    strip_to_debug "${debugfn}" "$f"
-  else
-    chmod u+w "$f"
-    strip_to_debug "${debugfn}" "$f"
-    chmod u-w "$f"
-  fi
-
-  if [ -n "$id" ]; then
-    make_id_link "$id" "$dn/$(basename ${zf})"
-    make_id_link "$id" "/usr/lib/debug$dn/$bn" .debug
-  fi
-}
-
-# Strip ELF binaries
-find "$RPM_BUILD_ROOT" ! -path "${debugdir}/*.debug" -type f \
-     		     \( -perm -0100 -or -perm -0010 -or -perm -0001 \) \
-		     -print |
-file -N -f - | sed -n -e 's/^\(.*\):[ 	]*.*ELF.*, not stripped.*/\1/p' |
-xargs --no-run-if-empty stat -c '%h %D_%i %n' |
-while read nlinks inum f; do
-    handle_single_file $nlinks $inum $f
-done || exit
-
-find "$RPM_BUILD_ROOT" ! -path "${debugdir}/*.debug" -type f \
-                     -iname '*.efi' -print |
-file -N -f - | sed -n -e 's/^\(.*\):[ 	]*.*PE32.*EFI .*/\1/p' |
-xargs --no-run-if-empty stat -c '%h %D_%i %n' |
-while read nlinks inum f; do
-    [ -f "$f" ] || continue
-    [ -f "${f%%.efi}.so" ] || continue
-    handle_single_file $nlinks $inum ${f%%.efi}.so $f
-done || exit
-
-# On Aarch64 file tells us "MS-DOS" instead of PE32+.  Why not.
-find "$RPM_BUILD_ROOT" ! -path "${debugdir}/*.debug" -type f \
-                     -iname '*.efi' -print |
-file -N -f - | sed -n -e 's/^\(.*\):[ 	]MS-DOS.*/\1/p' |
-xargs --no-run-if-empty stat -c '%h %D_%i %n' |
-while read nlinks inum f; do
-    [ -f "$f" ] || continue
-    [ -f "${f%%.efi}.so" ] || continue
-    handle_single_file $nlinks $inum ${f%%.efi}.so $f
-done || exit
-# For each symlink whose target has a .debug file,
-# make a .debug symlink to that file.
-find "$RPM_BUILD_ROOT" ! -path "${debugdir}/*" -type l -print |
-while read f
-do
-  t=$(readlink -m "$f").debug
-  f=${f#$RPM_BUILD_ROOT}
-  t=${t#$RPM_BUILD_ROOT}
-  if [ -f "$debugdir$t" ]; then
-    echo "symlinked /usr/lib/debug$t to /usr/lib/debug${f}.debug"
-    debug_link "/usr/lib/debug$t" "${f}.debug"
-  fi
-done
-
-if [ -s "$SOURCEFILE" ]; then
-  mkdir -p "${RPM_BUILD_ROOT}/usr/src/debug"
-  LC_ALL=C sort -z -u "$SOURCEFILE" | grep -E -v -z '(<internal>|<built-in>)$' |
-  (cd "$RPM_BUILD_DIR"; cpio -pd0mL "${RPM_BUILD_ROOT}/usr/src/debug")
-  # stupid cpio creates new directories in mode 0700, fixup
-  find "${RPM_BUILD_ROOT}/usr/src/debug" -type d -print0 |
-  xargs --no-run-if-empty -0 chmod a+rx
+mainarch=$1 && shift
+if [ $# == 1 ]; then
+    altarch=$1 && shift
+fi
+if ! [ -v RPM_BUILD_ROOT ]; then
+    echo "RPM_BUILD_ROOT must be set" 1>&2
+    exit 1
 fi
 
-if [ -d "${RPM_BUILD_ROOT}/usr/lib" -o -d "${RPM_BUILD_ROOT}/usr/src" ]; then
-  ((nout > 0)) ||
-  test ! -d "${RPM_BUILD_ROOT}/usr/lib" ||
-  (cd "${RPM_BUILD_ROOT}/usr/lib"; find debug -type d) |
-  sed 's,^,%dir /usr/lib/,' >> "$LISTFILE"
+findsource()
+{
+    (
+        cd ${RPM_BUILD_ROOT}
+        find usr/src/debug/ -type d | sed "s,^,%dir /,"
+        find usr/src/debug/ -type f | sed "s,^,/,"
+    )
+}
 
-  (cd "${RPM_BUILD_ROOT}/usr"
-   test ! -d lib/debug || find lib/debug ! -type d
-   test ! -d src/debug || find src/debug -mindepth 1 -maxdepth 1
-  ) | sed 's,^,/usr/,' >> "$LISTFILE"
-fi
-
-# Append to $1 only the lines from stdin not already in the file.
-append_uniq()
-{
-  grep -F -f "$1" -x -v >> "$1"
-}
-
-# Helper to generate list of corresponding .debug files from a file list.
-filelist_debugfiles()
-{
-  local extra="$1"
-  shift
-  sed 's/^%[a-z0-9_][a-z0-9_]*([^)]*) *//
-s/^%[a-z0-9_][a-z0-9_]* *//
-/^$/d
-'"$extra" "$@"
-}
-
-# Write an output debuginfo file list based on given input file lists.
-filtered_list()
-{
-  local out="$1"
-  shift
-  test $# -gt 0 || return
-  grep -F -f <(filelist_debugfiles 's,^.*$,/usr/lib/debug&.debug,' "$@") \
-  	-x $LISTFILE >> $out
-  sed -n -f <(filelist_debugfiles 's/[\\.*+#]/\\&/g
-h
-s,^.*$,s# &$##p,p
-g
-s,^.*$,s# /usr/lib/debug&.debug$##p,p
-' "$@") "$LINKSFILE" | append_uniq "$out"
-}
-
-# Write an output debuginfo file list based on an grep -E -style regexp.
-pattern_list()
-{
-  local out="$1" ptn="$2"
-  test -n "$ptn" || return
-  grep -E -x -e "$ptn" "$LISTFILE" >> "$out"
-  sed -n -r "\#^$ptn #s/ .*\$//p" "$LINKSFILE" | append_uniq "$out"
-}
-
-#
-# When given multiple -o switches, split up the output as directed.
-#
-i=0
-while ((i < nout)); do
-  > ${outs[$i]}
-  filtered_list ${outs[$i]} ${lists[$i]}
-  pattern_list ${outs[$i]} "${ptns[$i]}"
-  grep -Fvx -f ${outs[$i]} "$LISTFILE" > "${LISTFILE}.new"
-  mv "${LISTFILE}.new" "$LISTFILE"
-  ((++i))
-done
-if ((nout > 0)); then
-  # Now add the right %dir lines to each output list.
-  (cd "${RPM_BUILD_ROOT}"; find usr/lib/debug -type d) |
-  sed 's#^.*$#\\@^/&/@{h;s@^.*$@%dir /&@p;g;}#' |
-  LC_ALL=C sort -ur > "${LISTFILE}.dirs.sed"
-  i=0
-  while ((i < nout)); do
-    sed -n -f "${LISTFILE}.dirs.sed" "${outs[$i]}" | sort -u > "${outs[$i]}.new"
-    cat "${outs[$i]}" >> "${outs[$i]}.new"
-    mv -f "${outs[$i]}.new" "${outs[$i]}"
-    ((++i))
-  done
-  sed -n -f "${LISTFILE}.dirs.sed" "${LISTFILE}" | sort -u > "${LISTFILE}.new"
-  cat "$LISTFILE" >> "${LISTFILE}.new"
-  mv "${LISTFILE}.new" "$LISTFILE"
+finddebug()
+{
+    arch=$1 && shift
+    declare -a dirs=()
+    declare -a files=()
+    declare -a excludes=()
+
+    pushd ${RPM_BUILD_ROOT} >/dev/null 2>&1
+    for x in $(find usr/lib/debug/ -type f -iname *.efi.debug); do
+        if ! [ -e "${x}" ]; then
+            break
+        fi
+        if [[ ${x} =~ ${arch}\.efi\.debug$ ]]; then
+            files[${#files[@]}]=${x}
+        else
+            excludes[${#excludes[@]}]=${x}
+        fi
+    done
+    for x in usr/lib/debug/.build-id/*/*.debug ; do
+        if ! [ -e "${x}" ]; then
+            break
+        fi
+        link=$(readlink "${x}")
+        if [[ ${link} =~ ${arch}\.efi\.debug$ ]]; then
+            files[${#files[@]}]=${x}
+            files[${#files[@]}]=${x%%.debug}
+        else
+            excludes[${#excludes[@]}]=${x}
+            excludes[${#excludes[@]}]=${x%%.debug}
+        fi
+    done
+    for x in ${files[@]} ; do
+        declare name=$(dirname /${x})
+        while [ "${name}" != "/" ]; do
+            case "${name}" in
+            "/usr/lib/debug"|"/usr/lib"|"/usr")
+                ;;
+            *)
+                dirs[${#dirs[@]}]=${name}
+                ;;
+            esac
+            name=$(dirname ${name})
+        done
+    done
+
+    popd >/dev/null 2>&1
+    for x in ${dirs[@]} ; do
+        echo "%dir ${x}"
+    done | sort | uniq
+    for x in ${files[@]} ; do
+        echo "/${x}"
+    done | sort | uniq
+    for x in ${excludes[@]} ; do
+        echo "%exclude /${x}"
+    done
+}
+
+findsource > build-${mainarch}/debugsource.list
+finddebug ${mainarch} > build-${mainarch}/debugfiles.list
+if [ -v altarch ]; then
+    finddebug ${altarch} > build-${altarch}/debugfiles.list
 fi

shim-unsigned-aarch64.spec

@@ -1,12 +1,28 @@
-Name:           shim-unsigned-aarch64
-Version:        0.9
-Release:        4%{?dist}
-Summary:        First-stage UEFI bootloader
-ExclusiveArch:  aarch64
-License:        BSD
-URL:            https://github.com/rhinstaller/shim
-Source0:        https://github.com/rhinstaller/shim/releases/download/%{version}/shim-%{version}.tar.bz2
-Source1:        fedora-ca.cer
+%global pesign_vre 0.106-1
+%global gnuefi_vre 1:3.0.5-6
+%global openssl_vre 1.0.2j
+
+%global debug_package %{nil}
+%global __debug_package 1
+%global _binaries_in_noarch_packages_terminate_build 0
+%global __debug_install_post %{SOURCE100} aa64
+%undefine _debuginfo_subpackages
+
+%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/'))
+%global shimrootdir %{_datadir}/shim/
+%global shimversiondir %{shimrootdir}/%{version}-%{release}
+%global efiarch aa64
+%global shimdir %{shimversiondir}/%{efiarch}
+
+Name:		shim-unsigned-aarch64
+Version:	13
+Release:	3%{?dist}
+Summary:	First-stage UEFI bootloader
+ExclusiveArch:	aarch64
+License:	BSD
+URL:		https://github.com/rhboot/shim
+Source0:	https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
+Source1:	fedora-ca.cer
 # currently here's what's in our dbx:
 # grub2-efi-2.00-11.fc18.x86_64:
 # grubx64.efi 6ac839881e73504047c06a1aac0c4763408ecb3642783c8acf77a2d393ea5cd7
@@ -15,106 +31,117 @@ Source1:        fedora-ca.cer
 # grubx64.efi 49ece9a10a9403b32c8e0c892fd9afe24a974323c96f2cc3dd63608754bf9b45
 # gcdx64.efi 99fcaa957786c155a92b40be9c981c4e4685b8c62b408cb0f6cb2df9c30b9978
 # woops.
-Source2:        dbx.esl
-Source3:        rhtest.cer
-Source4:        shim-find-debuginfo.sh
+Source2:	dbx.esl
 
-Patch0001:      0001-Typo-on-aarch64.patch
+Source100:	shim-find-debuginfo.sh
 
-BuildRequires: git openssl-devel openssl
-BuildRequires: pesign >= 0.106-1
-BuildRequires: gnu-efi >= 3.0.3-3
-BuildRequires: gnu-efi-devel >= 3.0.3-3
+BuildRequires:	elfutils-libelf-devel
+BuildRequires:	git openssl-devel openssl
+BuildRequires:	pesign >= %{pesign_vre}
+BuildRequires:	gnu-efi >= %{gnuefi_vre}
+BuildRequires:	gnu-efi-devel >= %{gnuefi_vre}
 
 # Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
 # compatible with SysV (there's no red zone under UEFI) and there isn't a
 # POSIX-style C library.
-# BuildRequires: OpenSSL
-Provides: bundled(openssl) = 0.9.8zb
+# BuildRequires:	OpenSSL
+Provides:	bundled(openssl) = %{openssl_vre}
 
-%global efiarch aa64
-%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/'))
-
-%global debug_package %{nil}
-%global __debug_package 1
-%global _binaries_in_noarch_packages_terminate_build 0
+%global desc \
+Initial UEFI bootloader that handles chaining to a trusted full \
+bootloader under secure boot environments.
+%global debug_desc \
+This package provides debug information for package %{expand:%%{name}} \
+Debug information is useful when developing applications that \
+use this package or when debugging this package.
 
 %description
-Initial UEFI bootloader that handles chaining to a trusted full bootloader
-under secure boot environments.
+%desc
 
-%package -n shim-unsigned
-Summary: First-stage UEFI bootloader (unsigned data)
+%package debuginfo
+Summary:	Debug information for shim-unsigned-aarch64
+Requires:	%{name}-debugsource = %{version}-%{release}
+Group:		Development/Debug
+AutoReqProv:	0
+BuildArch:	noarch
 
-%description -n shim-unsigned
-Initial UEFI bootloader that handles chaining to a trusted full bootloader
-under secure boot environments.
+%description debuginfo
+%debug_desc
 
-%package -n shim-unsigned-aarch64-debuginfo
-Obsoletes: shim-debuginfo < 0.9
-Provides: shim-debuginfo = %{version}-%{release}
-Summary: Debug information for package %{name}
-Group: Development/Debug
-AutoReqProv: 0
-BuildArch: noarch
+%package debugsource
+Summary:	Debug Source for shim-unsigned
+Group:		Development/Debug
+AutoReqProv:	0
+BuildArch:	noarch
 
-%description -n shim-unsigned-aarch64-debuginfo
-This package provides debug information for package %{name}.
-Debug information is useful when developing applications that use this
-package or when debugging this package.
+%description debugsource
+%debug_desc
 
 %prep
-%setup -q -n shim-%{version}
-git init
-git config user.email "%{name}-owner@fedoraproject.org"
-git config user.name "Fedora Ninjas"
-git add .
-git commit -a -q -m "%{version} baseline."
-git am --ignore-whitespace %{patches} </dev/null
+%autosetup -S git -n shim-%{version}
 git config --unset user.email
 git config --unset user.name
+mkdir build-%{efiarch}
 
 %build
-MAKEFLAGS=""
-if [ -f "%{SOURCE3}" ]; then
-	MAKEFLAGS="VENDOR_CERT_FILE=%{SOURCE3} VENDOR_DBX_FILE=%{SOURCE2}"
+COMMITID=$(cat commit)
+MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
+MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
+MAKEFLAGS+="ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true "
+MAKEFLAGS+="%{_smp_mflags}"
+if [ -f "%{SOURCE1}" ]; then
+	MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
 fi
-MAKEFLAGS="$MAKEFLAGS RELEASE=%{release}"
-make 'DEFAULT_LOADER=\\\\grub%{efiarch}.efi' ${MAKEFLAGS} shim.efi MokManager.efi fallback.efi
+if [ -f "%{SOURCE2}" ]; then
+	MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2}"
+fi
+
+cd build-%{efiarch}
+make ${MAKEFLAGS} DEFAULT_LOADER='\\\\grub%{efiarch}.efi' all
+cd ..
 
 %install
-rm -rf $RPM_BUILD_ROOT
-pesign -h -P -i shim.efi -h > shim.hash
-install -D -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/shim/
-install -D -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/shim/%{efiarch}-%{version}-%{release}/
-install -m 0644 shim.hash $RPM_BUILD_ROOT%{_datadir}/shim/%{efiarch}-%{version}-%{release}/shim.hash
-for x in shim fallback MokManager ; do
-	install -m 0644 $x.efi $RPM_BUILD_ROOT%{_datadir}/shim/%{efiarch}-%{version}-%{release}/
-	install -m 0644 $x.so $RPM_BUILD_ROOT%{_datadir}/shim/%{efiarch}-%{version}-%{release}/
-done
+COMMITID=$(cat commit)
+MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
+MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
+MAKEFLAGS+="ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true "
+if [ -f "%{SOURCE1}" ]; then
+	MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
+fi
+if [ -f "%{SOURCE2}" ]; then
+	MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2}"
+fi
 
-%global __debug_install_post						\
-	bash %{SOURCE4}							\\\
-		%{?_missing_build_ids_terminate_build:--strict-build-id}\\\
-		%{?_find_debuginfo_opts} "%{_builddir}/%{?buildsubdir}"	\
-	rm -f $RPM_BUILD_ROOT%{_datadir}/shim/%{efiarch}-%{version}-%{release}/*.so		\
-	%{nil}
+cd build-%{efiarch}
+make ${MAKEFLAGS} \
+	DEFAULT_LOADER='\\\\grub%{efiarch}.efi' \
+	DESTDIR=${RPM_BUILD_ROOT} \
+	install-as-data install-debuginfo install-debugsource
+cd ..
 
-install -D -d -m 0755  $RPM_BUILD_ROOT/usr/src/debug/
-pushd $RPM_BUILD_ROOT/usr/src/debug/
-tar xf %{SOURCE0}
-popd
-
-%files -n shim-unsigned
+%files
 %license COPYRIGHT
-%dir %{_datadir}/shim
-%dir %{_datadir}/shim/%{efiarch}-%{version}-%{release}/
-%{_datadir}/shim/%{efiarch}-%{version}-%{release}/*.efi
-%{_datadir}/shim/%{efiarch}-%{version}-%{release}/*.hash
+%dir %{shimrootdir}
+%dir %{shimversiondir}
+%dir %{shimdir}
+%{shimdir}/*.efi
+%{shimdir}/*.hash
 
-%files -n shim-unsigned-aarch64-debuginfo -f debugfiles.list
+%files debuginfo -f build-%{efiarch}/debugfiles.list
+
+%files debugsource -f build-%{efiarch}/debugsource.list
 
 %changelog
+* Tue Sep 19 2017 Peter Jones <pjones@redhat.com> - 13-3
+- Actually update to the *real* 13 final.
+  Related: rhbz#1489604
+
+* Thu Aug 31 2017 Peter Jones <pjones@redhat.com> - 13-2
+- Actually update to 13 final.
+
+* Mon Aug 21 2017 Peter Jones <pjones@redhat.com> - 13-0.1
+- Update to shim-13 test release.
+
 * Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
 

sources

@@ -1 +1 @@
-fc8fb830c0e3eb66f73b0a7872a71279  shim-0.9.tar.bz2
+SHA512 (shim-13.tar.bz2) = fc2ebd769b985a285df6eb89915796327dd49c8b7de416342b0f08097e4f94b5e14b90be9ff30351040c4c3e94b3f854d5ddb14824cf4dfa9681806a43e19d8d