rpms/shim-unsigned-aarch64
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

merge into: rpms:rawhide
Branches Tags
rpms:rawhide
rpms:f41
rpms:f42
rpms:f43
rpms:main
rpms:f40
rpms:f39
rpms:f38
rpms:f37
rpms:f35
rpms:f36
rpms:f34
rpms:f32
rpms:f31
rpms:f30
rpms:f33
rpms:f28
rpms:f29
rpms:f27
rpms:f26
rpms:f25
rpms:f24
...
pull from: rpms:f34
Branches Tags
rpms:f41
rpms:f42
rpms:f43
rpms:main
rpms:rawhide
rpms:f40
rpms:f39
rpms:f38
rpms:f37
rpms:f35
rpms:f36
rpms:f34
rpms:f32
rpms:f31
rpms:f30
rpms:f33
rpms:f28
rpms:f29
rpms:f27
rpms:f26
rpms:f25
rpms:f24
Sign in to create a new pull request.

2 commits
rawhide ... f34

Author SHA1 Message Date
Peter Jones
d5c5732cac Nerf debuginfo generation on aarch64 
Our DSOs currently don't wind up having a build-id, which means we can't
correctly generate debuginfo.  It'll have to be fixed later.

Signed-off-by: Peter Jones <pjones@redhat.com>
 2021-03-30 18:02:41 -04:00
Peter Jones
b98994839d Update to shim 15.4 
- Support for revocations via the ".sbat" section and SBAT EFI variable
- A new unit test framework and a bunch of unit tests
- No external gnu-efi dependency
- Better CI

Signed-off-by: Peter Jones <pjones@redhat.com>
 2021-03-30 17:25:50 -04:00
5 changed files with 94 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

BIN
dbx.esl
View file

Binary file not shown.

0
fedora-ca.cer → fedora-ca-20200709.cer
View file

1
sbat.redhat.csv Normal file
View file

@ -0,0 +1 @@
shim.redhat,1,The Fedora Project,shim,15.3,https://src.fedoraproject.org/rpms/shim-unsigned-x64
1 shim.redhat 1 The Fedora Project shim 15.3 https://src.fedoraproject.org/rpms/shim-unsigned-x64

116
shim-unsigned-aarch64.spec
View file

@ -2,36 +2,36 @@
%global gnuefi_vre 1:3.0.8-1
%global openssl_vre 1.0.2j
%global debug_package %{nil}
%global __debug_package 1
%global _binaries_in_noarch_packages_terminate_build 0
%global __debug_install_post %{SOURCE100} aa64
%undefine _debuginfo_subpackages
%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/'))
%global shimrootdir %{_datadir}/shim/
%global shimversiondir %{shimrootdir}/%{version}-%{release}
%global efiarch aa64
%global shimdir %{shimversiondir}/%{efiarch}
%global efialtarch arm
%global shimaltdir %{shimversiondir}/%{efialtarch}
%global debug_package %{nil}
%global __debug_package 1
%global __debug_install_post %{SOURCE100} %{efiarch} %{efialtarch}
%global _binaries_in_noarch_packages_terminate_build 0
%undefine _debuginfo_subpackages
# currently here's what's in our dbx: nothing
%global dbxfile %{nil}
Name: shim-unsigned-aarch64
Version: 15
Version: 15.4
Release: 1%{?dist}
Summary: First-stage UEFI bootloader
ExclusiveArch: aarch64
License: BSD
URL: https://github.com/rhboot/shim
Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
Source1: fedora-ca.cer
# currently here's what's in our dbx:
# grub2-efi-2.00-11.fc18.x86_64:
# grubx64.efi 6ac839881e73504047c06a1aac0c4763408ecb3642783c8acf77a2d393ea5cd7
# gcdx64.efi 065cd63bab696ad2f4732af9634d66f2c0d48f8a3134b8808750d378550be151
# grub2-efi-2.00-11.fc19.x86_64:
# grubx64.efi 49ece9a10a9403b32c8e0c892fd9afe24a974323c96f2cc3dd63608754bf9b45
# gcdx64.efi 99fcaa957786c155a92b40be9c981c4e4685b8c62b408cb0f6cb2df9c30b9978
# woops.
Source2: dbx.esl
Source1: fedora-ca-20200709.cer
%if 0%{?dbxfile}
Source2: %{dbxfile}
%endif
Source3: sbat.redhat.csv
Source100: shim-find-debuginfo.sh
@ -39,8 +39,8 @@ BuildRequires: gcc make
BuildRequires: elfutils-libelf-devel
BuildRequires: git openssl-devel openssl
BuildRequires: pesign >= %{pesign_vre}
BuildRequires: gnu-efi >= %{gnuefi_vre}
BuildRequires: gnu-efi-devel >= %{gnuefi_vre}
BuildRequires: dos2unix findutils
BuildRequires: binutils-arm-linux-gnu gcc-arm-linux-gnu
# Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
# compatible with SysV (there's no red zone under UEFI) and there isn't a
@ -59,15 +59,30 @@ use this package or when debugging this package.
%description
%desc
%package -n shim-unsigned-%{efialtarch}
Summary: First-stage UEFI bootloader (unsigned data)
Provides: bundled(openssl) = %{openssl_vre}
%description -n shim-unsigned-%{efialtarch}
%desc
%if 0
%package debuginfo
Summary: Debug information for shim-unsigned-aarch64
Requires: %{name}-debugsource = %{version}-%{release}
Summary: Debug information for shim-unsigned-%{efiarch}
AutoReqProv: 0
BuildArch: noarch
%description debuginfo
%debug_desc
%package -n shim-unsigned-%{efialtarch}-debuginfo
Summary: Debug information for shim-unsigned-%{efialtarch}
AutoReqProv: 0
BuildArch: noarch
%description -n shim-unsigned-%{efialtarch}-debuginfo
%debug_desc
%package debugsource
Summary: Debug Source for shim-unsigned
AutoReqProv: 0
@ -75,47 +90,79 @@ BuildArch: noarch
%description debugsource
%debug_desc
%endif
%prep
%autosetup -S git -n shim-%{version}
git config --unset user.email
git config --unset user.name
mkdir build-%{efiarch}
mkdir build-%{efialtarch}
cp %{SOURCE3} data/
%build
COMMITID=$(cat commit)
MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
MAKEFLAGS+="ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true "
MAKEFLAGS+="ENABLE_SHIM_HASH=true "
MAKEFLAGS+="%{_smp_mflags}"
if [ -f "%{SOURCE1}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
fi
%if 0%{?dbxfile}
if [ -f "%{SOURCE2}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2}"
fi
%endif
cd build-%{efiarch}
make ${MAKEFLAGS} DEFAULT_LOADER='\\\\grub%{efiarch}.efi' all
make ${MAKEFLAGS} \
DEFAULT_LOADER='\\\\grub%{efiarch}.efi' \
all
cd ..
cd build-%{efialtarch}
make ${MAKEFLAGS} \
ARCH=%{efialtarch} CROSS_COMPILE=arm-linux-gnu- \
DEFAULT_LOADER='\\\\grub%{efialtarch}.efi' \
all
cd ..
%install
COMMITID=$(cat commit)
MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
MAKEFLAGS+="ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true "
MAKEFLAGS+="ENABLE_SHIM_HASH=true "
if [ -f "%{SOURCE1}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
fi
%if 0%{?dbxfile}
if [ -f "%{SOURCE2}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2}"
fi
%endif
cd build-%{efiarch}
make ${MAKEFLAGS} \
DEFAULT_LOADER='\\\\grub%{efiarch}.efi' \
DESTDIR=${RPM_BUILD_ROOT} \
%if 0
install-as-data install-debuginfo install-debugsource
%else
install-as-data
%endif
cd ..
cd build-%{efialtarch}
make ${MAKEFLAGS} \
ARCH=%{efialtarch} CROSS_COMPILE=arm-linux-gnu- \
DEFAULT_LOADER='\\\\grub%{efialtarch}.efi' \
DESTDIR=${RPM_BUILD_ROOT} \
%if 0
install-as-data install-debuginfo install-debugsource
%else
install-as-data
%endif
cd ..
%files
@ -125,12 +172,33 @@ cd ..
%dir %{shimdir}
%{shimdir}/*.efi
%{shimdir}/*.hash
%{shimdir}/*.CSV
%files -n shim-unsigned-%{efialtarch}
%license COPYRIGHT
%dir %{shimrootdir}
%dir %{shimversiondir}
%dir %{shimaltdir}
%{shimaltdir}/*.efi
%{shimaltdir}/*.hash
%{shimaltdir}/*.CSV
%if 0
%files debuginfo -f build-%{efiarch}/debugfiles.list
%files -n shim-unsigned-%{efialtarch}-debuginfo -f build-%{efialtarch}/debugfiles.list
%files debugsource -f build-%{efiarch}/debugsource.list
%endif
%changelog
* Tue Mar 30 2021 Peter Jones <pjones@redhat.com> - 15.4-1
- Update to shim 15.4
- Support for revocations via the ".sbat" section and SBAT EFI variable
- A new unit test framework and a bunch of unit tests
- No external gnu-efi dependency
- Better CI
* Thu Apr 05 2018 Peter Jones <pjones@redhat.com> - 15-1
- Update to shim 15
- better checking for bad linker output

1
sources
View file

@ -1 +1,2 @@
SHA512 (shim-15.tar.bz2) = f7dfac774d644111431ca56da76b5575b891b0abad970b318edaede11a0d83c869728bc39cb6af3689bdb203c6826545caf8ddd3d14228831027e334963cf957
SHA512 (shim-15.4.tar.bz2) = b9712fe6964f60de251f1bff83914c4aac0f6430474c44741c059f31b72c2d5987c313cbb5e8bc07bfd04e61e6b511ea2d19a9975cde8c6127bc05f2de834526