diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..ffa67e1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/sbsigntools-0.9.1.tar.xz diff --git a/sbsigntools-gnuefi.patch b/sbsigntools-gnuefi.patch new file mode 100644 index 0000000..e6da73a --- /dev/null +++ b/sbsigntools-gnuefi.patch @@ -0,0 +1,24 @@ +diff -up sbsigntools-0.9.1/configure.ac.gnuefi sbsigntools-0.9.1/configure.ac +--- sbsigntools-0.9.1/configure.ac.gnuefi 2018-02-21 17:48:52.000000000 +0100 ++++ sbsigntools-0.9.1/configure.ac 2018-02-22 13:26:50.529433565 +0100 +@@ -70,7 +70,7 @@ AM_CONDITIONAL(TEST_BINARY_FORMAT, [ tes + ## + # no consistent view of where gnu-efi should dump the efi stuff, so find it + ## +-for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi; do ++for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi ; do + if test -e $path/crt0-efi-$EFI_ARCH.o; then + CRTPATH=$path + fi +diff -up sbsigntools-0.9.1/tests/Makefile.am.gnuefi sbsigntools-0.9.1/tests/Makefile.am +--- sbsigntools-0.9.1/tests/Makefile.am.gnuefi 2018-02-21 17:48:52.000000000 +0100 ++++ sbsigntools-0.9.1/tests/Makefile.am 2018-02-22 13:58:10.297539648 +0100 +@@ -27,7 +27,7 @@ check_SCRIPTS = test-wrapper.sh + $(FORMAT) $^ $@ + + .$(OBJEXT).elf: +- $(LD) $(EFILDFLAGS) -nostdlib -L $(CRTPATH) -shared -Bsymbolic $(CRTPATH)/crt0-efi-$(EFI_ARCH).o -T elf_$(EFI_ARCH)_efi.lds $< -o $@ -lefi -lgnuefi ++ $(LD) $(EFILDFLAGS) -nostdlib -L $(CRTPATH) -shared -Bsymbolic $(CRTPATH)/crt0-efi-$(EFI_ARCH).o -T elf_$(EFI_ARCH)_efi.lds $< -o $@ @libdir@/libefi.a @libdir@/libgnuefi.a + + AM_CFLAGS=-fpic -I/usr/include/efi -I/usr/include/efi/$(EFI_ARCH) + diff --git a/sbsigntools-mktarball.sh b/sbsigntools-mktarball.sh new file mode 100755 index 0000000..c99bebd --- /dev/null +++ b/sbsigntools-mktarball.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +set -e + +tmp=$(mktemp -d) + +#trap cleanup EXIT +#cleanup() { +# set +e +# [ -z "$tmp" -o ! -d "$tmp" ] || rm -rf "$tmp" +#} + +unset CDPATH +pwd=$(pwd) +version=0.9.1 +commit=a631793f2d02ef219b5348eab0ac2ae604ed1269 + +pushd "$tmp" +git clone git://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git +cd sbsigntools +git checkout ${commit} +ccan_modules="talloc read_write_all build_assert array_size endian" +git submodule init +git submodule update +lib/ccan.git/tools/create-ccan-tree --build-type=automake lib/ccan $ccan_modules +rm -r lib/ccan.git +( + echo "Authors of sbsigntool:" + echo + git log --format='%an' | sort -u | sed 's,^,\t,' +) > AUTHORS +git log --date=short --format='%ad %t %an <%ae>%n%n * %s%n' > ChangeLog +cd .. +mv sbsigntools sbsigntools-${version} +tar cJf "$pwd"/sbsigntools-${version}.tar.xz --exclude=.git sbsigntools-${version} +popd diff --git a/sbsigntools-no-git.patch b/sbsigntools-no-git.patch new file mode 100644 index 0000000..ec83377 --- /dev/null +++ b/sbsigntools-no-git.patch @@ -0,0 +1,35 @@ +diff -up sbsigntools-0.8/autogen.sh.nogit sbsigntools-0.8/autogen.sh +--- sbsigntools-0.8/autogen.sh.nogit 2017-09-04 18:22:49.244640635 +0200 ++++ sbsigntools-0.8/autogen.sh 2017-09-04 18:31:49.136838666 +0200 +@@ -1,31 +1,5 @@ + #!/bin/bash + +-ccan_modules="talloc read_write_all build_assert array_size endian" +- +-# Add ccan upstream sources +-if [ ! -e lib/ccan.git/Makefile ] +-then +- git submodule init +- git submodule update +-fi +- +-# create ccan build tree +-if [ ! -e lib/ccan ] +-then +- lib/ccan.git/tools/create-ccan-tree \ +- --build-type=automake lib/ccan $ccan_modules +-fi +- +-# Create generatable docs from git +-( +- echo "Authors of sbsigntool:" +- echo +- git log --format='%an' | sort -u | sed 's,^,\t,' +-) > AUTHORS +- +-# Generate simple ChangeLog +-git log --date=short --format='%ad %t %an <%ae>%n%n * %s%n' > ChangeLog +- + # automagic + aclocal + autoheader diff --git a/sbsigntools.spec b/sbsigntools.spec new file mode 100644 index 0000000..e363876 --- /dev/null +++ b/sbsigntools.spec @@ -0,0 +1,75 @@ +%bcond_without check + +Name: sbsigntools +Version: 0.9.1 +Release: 1%{?dist} +Summary: Signing utility for UEFI secure boot +License: GPLv3+ +URL: https://build.opensuse.org/package/show/home:jejb1:UEFI/sbsigntools +# upstream tarballs don't include bundled ccan +# run sbsigntools-mktarball.sh +Source0: %{name}-%{version}.tar.xz +Source1: %{name}-mktarball.sh +# don't fetch ccan or run git from autogen.sh, already done by mktarball.sh +Patch0: %{name}-no-git.patch +# add Fedora gnu-efi path and link statically against libefi.a/libgnuefi.a +Patch1: %{name}-gnuefi.patch +# same as gnu-efi +ExclusiveArch: x86_64 aarch64 %{arm} %{ix86} +BuildRequires: automake +BuildRequires: binutils-devel +BuildRequires: gnu-efi-devel +BuildRequires: help2man +BuildRequires: libuuid-devel +%if %{with check} +BuildRequires: openssl +%endif +BuildRequires: openssl-devel +Provides: bundled(ccan-array_size) +Provides: bundled(ccan-build_assert) +Provides: bundled(ccan-endian) +Provides: bundled(ccan-read_write_all) +Provides: bundled(ccan-talloc) + +%description +Tools to add signatures to EFI binaries and Drivers. + +%prep +%autosetup -p1 + +%build +./autogen.sh +%configure +%make_build + +%install +%make_install + +%if %{with check} +%check +make check +%endif + +%files +%license COPYING LICENSE.GPLv3 lib/ccan/licenses/* +%doc AUTHORS ChangeLog +%{_bindir}/sbattach +%{_bindir}/sbkeysync +%{_bindir}/sbsiglist +%{_bindir}/sbsign +%{_bindir}/sbvarsign +%{_bindir}/sbverify +%{_mandir}/man1/sbattach.1.* +%{_mandir}/man1/sbsiglist.1.* +%{_mandir}/man1/sbsign.1.* +%{_mandir}/man1/sbvarsign.1.* +%{_mandir}/man1/sbverify.1.* + +%changelog +* Thu Feb 22 2018 Dominik Mierzejewski - 0.9.1-1 +- update to 0.9.1 +- add Fedora gnu-efi libs location to search path +- link tests statically against gnu-efi libs, there are no shared versions + +* Mon Sep 4 2017 Dominik Mierzejewski - 0.8-1 +- initial build diff --git a/sources b/sources new file mode 100644 index 0000000..491fd8f --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (sbsigntools-0.9.1.tar.xz) = d4102ba950321d43b7e592f83fddd536adc974a43f97df8cab00e2fd44d226fec6814d4065fe591fbeb3c006015cbbcb62586192447ebf21a1539b72b96408f2