commit 85c28ce56541b989e5e006544a937571b5102139 Author: tigro Date: Tue Nov 14 10:56:34 2023 +0300 import sbsigntools-0.9.5-1.el9 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..b824248 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/sbsigntools-0.9.5.tar.xz diff --git a/.sbsigntools.metadata b/.sbsigntools.metadata new file mode 100644 index 0000000..0523f92 --- /dev/null +++ b/.sbsigntools.metadata @@ -0,0 +1 @@ +58e87ed5aa072a77e8bda8272d5a54473fb1378c SOURCES/sbsigntools-0.9.5.tar.xz diff --git a/SOURCES/sbsigntools-gnuefi.patch b/SOURCES/sbsigntools-gnuefi.patch new file mode 100644 index 0000000..4e3c07a --- /dev/null +++ b/SOURCES/sbsigntools-gnuefi.patch @@ -0,0 +1,69 @@ +diff -up sbsigntools-0.9.5/configure.ac.gnu-efi sbsigntools-0.9.5/configure.ac +--- sbsigntools-0.9.5/configure.ac.gnu-efi 2023-05-05 12:56:50.000000000 +0200 ++++ sbsigntools-0.9.5/configure.ac 2023-05-05 13:06:47.495361241 +0200 +@@ -67,19 +67,30 @@ PKG_CHECK_MODULES(uuid, uuid, + AC_MSG_ERROR([libuuid (from the uuid package) is required])) + + dnl gnu-efi headers require extra include dirs +-EFI_ARCH=$(uname -m | sed 's/i.86/ia32/;s/arm.*/arm/') +-AM_CONDITIONAL(TEST_BINARY_FORMAT, [ test "$EFI_ARCH" = "arm" -o "$EFI_ARCH" = "aarch64" -o "$EFI_ARCH" = riscv64 ]) ++EFI_ARCH=$(uname -m | sed -e 's/i.86/ia32/;s/arm.*/arm/' -e 's/x86_64/x64/' -e 's/aarch64/aa64/') ++AM_CONDITIONAL(TEST_BINARY_FORMAT, [ test "$EFI_ARCH" = "arm" -o "$EFI_ARCH" = "aa64" -o "$EFI_ARCH" = riscv64 ]) + + ## + # no consistent view of where gnu-efi should dump the efi stuff, so find it + ## +-for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi ; do +- if test -e $path/crt0-efi-$EFI_ARCH.o; then ++AC_MSG_CHECKING([gnu-efi crt path]) ++for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi /usr/lib/gnuefi/$EFI_ARCH ; do ++ if test -e $path/crt0.o; then + CRTPATH=$path ++ CRT=crt0.o ++ LDS=efi.lds ++ EFI_PATH=$path ++ elif test -e $path/crt0-efi-$EFI_ARCH.o; then ++ CRTPATH=$path ++ CRT=crt0-efi-${EFI_ARCH}.o ++ LDS=elf_${EFI_ARCH}_efi.lds ++ EFI_PATH=$libdir + fi + done + if test -z "$CRTPATH"; then + AC_MSG_ERROR([cannot find the gnu-efi crt path]) ++else ++ AC_MSG_RESULT($CRTPATH) + fi + + EFI_CPPFLAGS="-I/usr/include/efi -I/usr/include/efi/$EFI_ARCH \ +@@ -91,6 +102,9 @@ CPPFLAGS="$CPPFLAGS_save" + AC_SUBST(EFI_CPPFLAGS, $EFI_CPPFLAGS) + AC_SUBST(EFI_ARCH, $EFI_ARCH) + AC_SUBST(CRTPATH, $CRTPATH) ++AC_SUBST(CRT, $CRT) ++AC_SUBST(LDS, $LDS) ++AC_SUBST(EFI_PATH, $EFI_PATH) + + AC_CONFIG_FILES([Makefile src/Makefile lib/ccan/Makefile] + [docs/Makefile tests/Makefile]) +diff -up sbsigntools-0.9.5/tests/Makefile.am.gnu-efi sbsigntools-0.9.5/tests/Makefile.am +--- sbsigntools-0.9.5/tests/Makefile.am.gnu-efi 2023-05-05 12:56:50.000000000 +0200 ++++ sbsigntools-0.9.5/tests/Makefile.am 2023-05-05 12:57:50.674915069 +0200 +@@ -18,7 +18,7 @@ if TEST_BINARY_FORMAT + EFILDFLAGS = --defsym=EFI_SUBSYSTEM=0x0a + FORMAT = -O binary + else +-FORMAT = --target=efi-app-$(EFI_ARCH) ++FORMAT = --target=efi-app-$(EFI_ARCH:x64=x86_64) + endif + check_DATA = $(test_key) $(test_cert) + check_SCRIPTS = test-wrapper.sh +@@ -31,7 +31,7 @@ check_SCRIPTS = test-wrapper.sh + $(FORMAT) $^ $@ + + .$(OBJEXT).elf: +- $(LD) $(EFILDFLAGS) -nostdlib -L /usr/lib -L /usr/lib64 -L $(CRTPATH) -shared -Bsymbolic $(CRTPATH)/crt0-efi-$(EFI_ARCH).o -T elf_$(EFI_ARCH)_efi.lds $< -o $@ -lefi -lgnuefi ++ $(LD) $(EFILDFLAGS) -nostdlib -L /usr/lib -L /usr/lib64 -L $(CRTPATH) -shared -Bsymbolic $(CRTPATH)/$(CRT) -T $(LDS) $< -o $@ $(EFI_PATH)/libefi.a $(EFI_PATH)/libgnuefi.a + + AM_CFLAGS=-fpic -I/usr/include/efi -I/usr/include/efi/$(EFI_ARCH) + diff --git a/SOURCES/sbsigntools-mktarball.sh b/SOURCES/sbsigntools-mktarball.sh new file mode 100755 index 0000000..b6e6f0f --- /dev/null +++ b/SOURCES/sbsigntools-mktarball.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +set -e + +tmp=$(mktemp -d) + +#trap cleanup EXIT +#cleanup() { +# set +e +# [ -z "$tmp" -o ! -d "$tmp" ] || rm -rf "$tmp" +#} + +unset CDPATH +pwd=$(pwd) +version=0.9.5 +commit=9cfca9fe7aa7a8e29b92fe33ce8433e212c9a8ba + +pushd "$tmp" +git clone git://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git +cd sbsigntools +git checkout ${commit} +ccan_modules="talloc read_write_all build_assert array_size endian" +git submodule init +git submodule update +lib/ccan.git/tools/create-ccan-tree --build-type=automake lib/ccan $ccan_modules +rm -r lib/ccan.git +( + echo "Authors of sbsigntool:" + echo + git log --format='%an' | sort -u | sed 's,^,\t,' +) > AUTHORS +git log --date=short --format='%ad %t %an <%ae>%n%n * %s%n' > ChangeLog +cd .. +mv sbsigntools sbsigntools-${version} +tar cJf "$pwd"/sbsigntools-${version}.tar.xz --exclude=.git sbsigntools-${version} +popd diff --git a/SOURCES/sbsigntools-no-git.patch b/SOURCES/sbsigntools-no-git.patch new file mode 100644 index 0000000..ec83377 --- /dev/null +++ b/SOURCES/sbsigntools-no-git.patch @@ -0,0 +1,35 @@ +diff -up sbsigntools-0.8/autogen.sh.nogit sbsigntools-0.8/autogen.sh +--- sbsigntools-0.8/autogen.sh.nogit 2017-09-04 18:22:49.244640635 +0200 ++++ sbsigntools-0.8/autogen.sh 2017-09-04 18:31:49.136838666 +0200 +@@ -1,31 +1,5 @@ + #!/bin/bash + +-ccan_modules="talloc read_write_all build_assert array_size endian" +- +-# Add ccan upstream sources +-if [ ! -e lib/ccan.git/Makefile ] +-then +- git submodule init +- git submodule update +-fi +- +-# create ccan build tree +-if [ ! -e lib/ccan ] +-then +- lib/ccan.git/tools/create-ccan-tree \ +- --build-type=automake lib/ccan $ccan_modules +-fi +- +-# Create generatable docs from git +-( +- echo "Authors of sbsigntool:" +- echo +- git log --format='%an' | sort -u | sed 's,^,\t,' +-) > AUTHORS +- +-# Generate simple ChangeLog +-git log --date=short --format='%ad %t %an <%ae>%n%n * %s%n' > ChangeLog +- + # automagic + aclocal + autoheader diff --git a/SPECS/sbsigntools.spec b/SPECS/sbsigntools.spec new file mode 100644 index 0000000..4e0c4e7 --- /dev/null +++ b/SPECS/sbsigntools.spec @@ -0,0 +1,154 @@ +%bcond_without check +%define _warning_options -Wall -Werror=format-security -Wno-deprecated-declarations -Wno-maybe-uninitialized + +Name: sbsigntools +Version: 0.9.5 +Release: 1%{?dist} +Summary: Signing utility for UEFI secure boot +License: GPLv3+ +URL: https://build.opensuse.org/package/show/home:jejb1:UEFI/sbsigntools +# upstream tarballs don't include bundled ccan +# run sbsigntools-mktarball.sh +Source0: %{name}-%{version}.tar.xz +Source1: %{name}-mktarball.sh +# don't fetch ccan or run git from autogen.sh, already done by mktarball.sh +Patch0: %{name}-no-git.patch +# add Fedora gnu-efi path and link statically against libefi.a/libgnuefi.a +Patch1: %{name}-gnuefi.patch +# same as gnu-efi +ExclusiveArch: x86_64 aarch64 %{arm} %{ix86} +BuildRequires: make +BuildRequires: automake +BuildRequires: binutils-devel +BuildRequires: gcc +BuildRequires: gnu-efi-devel >= 1:3.0.8-3 +BuildRequires: help2man +BuildRequires: libuuid-devel +%if %{with check} +BuildRequires: openssl +%endif +BuildRequires: openssl-devel +Provides: bundled(ccan-array_size) +Provides: bundled(ccan-build_assert) +Provides: bundled(ccan-check_type) +Provides: bundled(ccan-compiler) +Provides: bundled(ccan-container_of) +Provides: bundled(ccan-endian) +Provides: bundled(ccan-failtest) +Provides: bundled(ccan-hash) +Provides: bundled(ccan-htable) +Provides: bundled(ccan-list) +Provides: bundled(ccan-read_write_all) +Provides: bundled(ccan-str) +Provides: bundled(ccan-talloc) +Provides: bundled(ccan-tcon) +Provides: bundled(ccan-time) +Provides: bundled(ccan-tlist) +Provides: bundled(ccan-typesafe_cb) + +%description +Tools to add signatures to EFI binaries and Drivers. + +%prep +%autosetup -p1 + +%build +./autogen.sh +%configure +%make_build + +%install +%make_install + +%if %{with check} +%check +make check +%endif + +%files +%license COPYING LICENSE.GPLv3 lib/ccan/licenses/* +%doc AUTHORS ChangeLog +%{_bindir}/sbattach +%{_bindir}/sbkeysync +%{_bindir}/sbsiglist +%{_bindir}/sbsign +%{_bindir}/sbvarsign +%{_bindir}/sbverify +%{_mandir}/man1/sbattach.1.* +%{_mandir}/man1/sbkeysync.1.* +%{_mandir}/man1/sbsiglist.1.* +%{_mandir}/man1/sbsign.1.* +%{_mandir}/man1/sbvarsign.1.* +%{_mandir}/man1/sbverify.1.* + +%changelog +* Tue Nov 14 2023 Arkady L. Shane - 0.9.5-1 +- Rebuilt for MSVSphere 9.2 + +* Fri May 05 2023 Dominik Mierzejewski - 0.9.5-1 +- update to 0.9.5 (#2179697) +- drop obsolete patches + +* Sat Jan 21 2023 Fedora Release Engineering - 0.9.4-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Tue Jan 17 2023 Dominik Mierzejewski - 0.9.4-10 +- fix build with GCC 13 + +* Sat Jul 23 2022 Fedora Release Engineering - 0.9.4-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Sat Jan 22 2022 Fedora Release Engineering - 0.9.4-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Fri Nov 19 2021 Dominik Mierzejewski - 0.9.4-7 +- fix build with OpenSSL 3.0.0 (fixes rhbz#2021909) + +* Tue Sep 14 2021 Sahana Prasad - 0.9.4-6 +- Rebuilt with OpenSSL 3.0.0 + +* Fri Jul 23 2021 Fedora Release Engineering - 0.9.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon May 17 2021 Dominik Mierzejewski - 0.9.4-4 +- don't ignore errors from sbkeysync (fixes rhbz#1955828) + +* Wed Jan 27 2021 Fedora Release Engineering - 0.9.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 0.9.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Jul 03 2020 Dominik Mierzejewski - 0.9.4-1 +- update to 0.9.4 (#1846578) + +* Mon Feb 03 2020 Dominik Mierzejewski - 0.9.3-1 +- update to 0.9.3 +- update bundled CCAN components list +- support building with gnu-efi 3.0.11 + +* Thu Jan 30 2020 Fedora Release Engineering - 0.9.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jul 26 2019 Fedora Release Engineering - 0.9.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Feb 28 2019 Dominik Mierzejewski - 0.9.2-1 +- update to 0.9.2 + +* Sat Feb 02 2019 Fedora Release Engineering - 0.9.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Wed Jul 25 2018 Dominik Mierzejewski - 0.9.1-3 +- fix paths to gnu-efi (work around #1608293) + +* Sat Jul 14 2018 Fedora Release Engineering - 0.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Feb 22 2018 Dominik Mierzejewski - 0.9.1-1 +- update to 0.9.1 +- add Fedora gnu-efi libs location to search path +- link tests statically against gnu-efi libs, there are no shared versions + +* Mon Sep 4 2017 Dominik Mierzejewski - 0.8-1 +- initial build