rpms
/
shim-unsigned-x64
21
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix build

Browse Source
i8 changed/i8/shim-unsigned-x64-15.6-1.el8.inferit
Arkady L. Shane 1 year ago
parent 4e6deb0aa3
commit 0290efb3cc
Signed by: tigro
GPG Key ID: 1EC08A25C9DB2503
2 changed files with 96 additions and 103 deletions
Show Stats Download Patch File Download Diff File

0
SOURCES/dbx.esl
Unescape View File

199
SPECS/shim-unsigned-x64.spec
Unescape View File

@ -1,6 +1,13 @@
%global pesign_vre 0.106-1 %global pesign_vre 0.106-1
%global gnuefi_vre 1:3.0.5-6
%global openssl_vre 1.0.2j %global openssl_vre 1.0.2j
%global debug_package %{nil}
%global __debug_package 1
%global _binaries_in_noarch_packages_terminate_build 0
%global __debug_install_post %{SOURCE100} x64 ia32
%undefine _debuginfo_subpackages
%global efidir msvsphere %global efidir msvsphere
%global shimrootdir %{_datadir}/shim/ %global shimrootdir %{_datadir}/shim/
%global shimversiondir %{shimrootdir}/%{version}-%{release} %global shimversiondir %{shimrootdir}/%{version}-%{release}
@ -9,15 +16,6 @@
%global efialtarch ia32 %global efialtarch ia32
%global shimaltdir %{shimversiondir}/%{efialtarch} %global shimaltdir %{shimversiondir}/%{efialtarch}
%global debug_package %{nil}
%global __debug_package 1
%global _binaries_in_noarch_packages_terminate_build 0
%global __debug_install_post %{SOURCE100} %{efiarch} %{efialtarch}
%undefine _debuginfo_subpackages
# currently here's what's in our dbx: nothing
%global dbxfile %{nil}
Name: shim-unsigned-%{efiarch} Name: shim-unsigned-%{efiarch}
Version: 15.6 Version: 15.6
Release: 1.el8.inferit Release: 1.el8.inferit
@ -27,9 +25,9 @@ License: BSD
URL: https://github.com/rhboot/shim URL: https://github.com/rhboot/shim
Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2 Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
Source1: spheresecurebootca.cer Source1: spheresecurebootca.cer
%if 0%{?dbxfile} # currently here's what's in our dbx:
Source2: %{dbxfile} # nothing.
%endif Source2: dbx.esl
Source3: sbat.msvsphere.csv Source3: sbat.msvsphere.csv
Source4: shim.patches Source4: shim.patches
@ -69,6 +67,7 @@ Provides: bundled(openssl) = %{openssl_vre}
%package debuginfo %package debuginfo
Summary: Debug information for shim-unsigned-%{efiarch} Summary: Debug information for shim-unsigned-%{efiarch}
Requires: %{name}-debugsource = %{version}-%{release}
Group: Development/Debug Group: Development/Debug
AutoReqProv: 0 AutoReqProv: 0
BuildArch: noarch BuildArch: noarch
@ -79,6 +78,7 @@ BuildArch: noarch
%package -n shim-unsigned-%{efialtarch}-debuginfo %package -n shim-unsigned-%{efialtarch}-debuginfo
Summary: Debug information for shim-unsigned-%{efialtarch} Summary: Debug information for shim-unsigned-%{efialtarch}
Group: Development/Debug Group: Development/Debug
Requires: %{name}-debugsource = %{version}-%{release}
AutoReqProv: 0 AutoReqProv: 0
BuildArch: noarch BuildArch: noarch
@ -108,14 +108,12 @@ MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} " MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
MAKEFLAGS+="ENABLE_SHIM_HASH=true " MAKEFLAGS+="ENABLE_SHIM_HASH=true "
MAKEFLAGS+="%{_smp_mflags}" MAKEFLAGS+="%{_smp_mflags}"
if [ -f "%{SOURCE1}" ]; then if [ -s "%{SOURCE1}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}" MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
fi fi
%if 0%{?dbxfile} if [ -s "%{SOURCE2}" ]; then
if [ -f "%{SOURCE2}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2}" MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2}"
fi fi
%endif
cd build-%{efiarch} cd build-%{efiarch}
make ${MAKEFLAGS} \ make ${MAKEFLAGS} \
@ -123,19 +121,23 @@ make ${MAKEFLAGS} \
all all
cd .. cd ..
cd build-%{efialtarch}
setarch linux32 -B make ${MAKEFLAGS} ARCH=%{efialtarch} \
DEFAULT_LOADER='\\\\grub%{efialtarch}.efi' \
all
cd ..
%install %install
COMMITID=$(cat commit) COMMITID=$(cat commit)
MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} " MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} " MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
MAKEFLAGS+="ENABLE_SHIM_HASH=true " MAKEFLAGS+="ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true "
if [ -f "%{SOURCE1}" ]; then if [ -s "%{SOURCE1}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}" MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
fi fi
%if 0%{?dbxfile} if [ -s "%{SOURCE2}" ]; then
if [ -f "%{SOURCE2}" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2}" MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2}"
fi fi
%endif
cd build-%{efiarch} cd build-%{efiarch}
make ${MAKEFLAGS} \ make ${MAKEFLAGS} \
@ -144,89 +146,87 @@ make ${MAKEFLAGS} \
install-as-data install-debuginfo install-debugsource install-as-data install-debuginfo install-debugsource
cd .. cd ..
cd build-%{efialtarch}
setarch linux32 make ${MAKEFLAGS} ARCH=%{efialtarch} \
DEFAULT_LOADER='\\\\grub%{efialtarch}.efi' \
DESTDIR=${RPM_BUILD_ROOT} \
install-as-data install-debuginfo install-debugsource
cd ..
%files %files
%license COPYRIGHT %license COPYRIGHT
%dir %{shimrootdir} %dir %{shimrootdir}
%dir %{shimversiondir} %dir %{shimversiondir}
%dir %{shimdir} %dir %{shimdir}
%{shimdir}/*.CSV
%{shimdir}/*.efi %{shimdir}/*.efi
%{shimdir}/*.hash %{shimdir}/*.hash
%{shimdir}/*.CSV
%files -n shim-unsigned-%{efialtarch}
%license COPYRIGHT
%dir %{shimrootdir}
%dir %{shimversiondir}
%dir %{shimaltdir}
%{shimaltdir}/*.CSV
%{shimaltdir}/*.efi
%{shimaltdir}/*.hash
%files debuginfo -f build-%{efiarch}/debugfiles.list %files debuginfo -f build-%{efiarch}/debugfiles.list
%files -n shim-unsigned-%{efialtarch}-debuginfo -f build-%{efialtarch}/debugfiles.list
%files debugsource -f build-%{efiarch}/debugsource.list %files debugsource -f build-%{efiarch}/debugsource.list
%changelog %changelog
* Wed Mar 22 2023 Eugene Zamriy <ezamriy@@msvsphere.ru> - 15.6-1.inferit * Fri Dec 22 2023 Arkady L. Shane <tigro@msvsphere-os.ru> - 15.6-1.inferit
- Use MSVSphere vendor certificate and SBAT entry - Use MSVSphere vendor certificate and SBAT entry
- Rebuilt for MSVSphere 9.1
* Wed Jun 01 2022 Peter Jones <pjones@redhat.com> - 15.6-1.el9 * Thu Dec 07 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 15.6-1
- Rebuilt for MSVSphere 8.8
* Wed Jun 01 2022 Peter Jones <pjones@redhat.com> - 15.6-1.el8
- Update to shim-15.6 - Update to shim-15.6
Resolves: CVE-2022-28737 Resolves: CVE-2022-28737
* Wed Mar 09 2022 Peter Jones <pjones@redhat.com> - 15.5-1 * Thu Sep 17 2020 Peter Jones <pjones@redhat.com> - 15-9.el8
- Update to shim-15.5 - Fix an incorrect allocation size.
Related: rhbz#1932057 Related: rhbz#1877253
* Thu Apr 01 2021 Peter Jones <pjones@redhat.com> - 15.4-4 * Thu Jul 30 2020 Peter Jones <pjones@redhat.com> - 15-8
- Fix the sbat data to actually match /this/ product. - Fix a load-address-dependent forever loop.
Resolves: CVE-2020-14372 Resolves: rhbz#1861977
Resolves: CVE-2020-25632 Related: CVE-2020-10713
Resolves: CVE-2020-25647 Related: CVE-2020-14308
Resolves: CVE-2020-27749 Related: CVE-2020-14309
Resolves: CVE-2020-27779 Related: CVE-2020-14310
Resolves: CVE-2021-20225 Related: CVE-2020-14311
Resolves: CVE-2021-20233 Related: CVE-2020-15705
Related: CVE-2020-15706
* Wed Mar 31 2021 Peter Jones <pjones@redhat.com> - 15.4-3 Related: CVE-2020-15707
- Build with the correct certificate trust list for this OS.
Resolves: CVE-2020-14372 * Sat Jul 25 2020 Peter Jones <pjones@redhat.com> - 15-7
Resolves: CVE-2020-25632 - Implement Lenny's workaround
Resolves: CVE-2020-25647 Related: CVE-2020-10713
Resolves: CVE-2020-27749 Related: CVE-2020-14308
Resolves: CVE-2020-27779 Related: CVE-2020-14309
Resolves: CVE-2021-20225 Related: CVE-2020-14310
Resolves: CVE-2021-20233 Related: CVE-2020-14311
* Wed Mar 31 2021 Peter Jones <pjones@redhat.com> - 15.4-2 * Fri Jul 24 2020 Peter Jones <pjones@redhat.com> - 15-5
- Fix the ia32 build. - Once more with the MokListRT config table patch added.
Resolves: CVE-2020-14372 Related: CVE-2020-10713
Resolves: CVE-2020-25632 Related: CVE-2020-14308
Resolves: CVE-2020-25647 Related: CVE-2020-14309
Resolves: CVE-2020-27749 Related: CVE-2020-14310
Resolves: CVE-2020-27779 Related: CVE-2020-14311
Resolves: CVE-2021-20225
Resolves: CVE-2021-20233 * Thu Jul 23 2020 Peter Jones <pjones@redhat.com> - 15-4
- Rebuild for bug fixes and new signing keys
* Tue Mar 30 2021 Peter Jones <pjones@redhat.com> - 15.4-1 Related: CVE-2020-10713
- Update to shim 15.4 Related: CVE-2020-14308
- Support for revocations via the ".sbat" section and SBAT EFI variable Related: CVE-2020-14309
- A new unit test framework and a bunch of unit tests Related: CVE-2020-14310
- No external gnu-efi dependency Related: CVE-2020-14311
- Better CI
Resolves: CVE-2020-14372
Resolves: CVE-2020-25632
Resolves: CVE-2020-25647
Resolves: CVE-2020-27749
Resolves: CVE-2020-27779
Resolves: CVE-2021-20225
Resolves: CVE-2021-20233
* Wed Mar 24 2021 Peter Jones <pjones@redhat.com> - 15.3-0~1
- Update to shim 15.3
- Support for revocations via the ".sbat" section and SBAT EFI variable
- A new unit test framework and a bunch of unit tests
- No external gnu-efi dependency
- Better CI
Resolves: CVE-2020-14372
Resolves: CVE-2020-25632
Resolves: CVE-2020-25647
Resolves: CVE-2020-27749
Resolves: CVE-2020-27779
Resolves: CVE-2021-20225
Resolves: CVE-2021-20233
* Wed Jun 05 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-3 * Wed Jun 05 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-3
- Make EFI variable copying fatal only on secureboot enabled systems - Make EFI variable copying fatal only on secureboot enabled systems
@ -238,24 +238,17 @@ cd ..
- Fix MoK mirroring issue which breaks kdump without intervention - Fix MoK mirroring issue which breaks kdump without intervention
Related: rhbz#1668966 Related: rhbz#1668966
* Thu Apr 05 2018 Peter Jones <pjones@redhat.com> - 15-1 * Fri Jul 20 2018 Peter Jones <pjones@redhat.com> - 15-1
- Update to shim 15 - Update to shim 15
- better checking for bad linker output
- flicker-free console if there's no error output * Tue Sep 19 2017 Peter Jones <pjones@redhat.com> - 13-3
- improved http boot support - Actually update to the *real* 13 final.
- better protocol re-installation Related: rhbz#1489604
- dhcp proxy support
- tpm measurement even when verification is disabled * Thu Aug 31 2017 Peter Jones <pjones@redhat.com> - 13-2
- REQUIRE_TPM build flag - Actually update to 13 final.
- more reproducable builds
- measurement of everything verified through shim_verify() * Fri Aug 18 2017 Peter Jones <pjones@redhat.com> - 13-1
- coverity and scan-build checker make targets
- misc cleanups
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 13-0.2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Fri Aug 18 2017 Peter Jones <pjones@redhat.com> - 13-0.1
- Make a new shim-unsigned-x64 package like the shim-unsigned-aarch64 one. - Make a new shim-unsigned-x64 package like the shim-unsigned-aarch64 one.
- This will (eventually) supersede what's in the "shim" package so we can - This will (eventually) supersede what's in the "shim" package so we can
make "shim" hold the signed one, which will confuse fewer people. make "shim" hold the signed one, which will confuse fewer people.

Write Preview
Loading…
Cancel
Save