devel-factory/shim
SHA256
3
0
Fork 1
forked from pool/shim
Code Pull Requests Activity

16.1-add-MS-signed-shim-v3 #3

Manually merged
joeyli merged 2 commits from joeyli/shim:16.1-add-MS-signed-shim-v3 into main 2025-11-28 04:49:47 +01:00
Conversation 0 Commits 2 Files Changed 1 +11 -7
joeyli commented 2025-11-28 04:43:10 +01:00
Contributor
Copy Link

Workaround the build failed with 'openSUSE Secure Boot Signkey' in openSUSE:Factory:secure-boot/shim on OBS:

  • shim.spec: Workaround the string comparison issue in elif directive
  • shim.spec: Specify the certificate format in openssl commands
Workaround the build failed with 'openSUSE Secure Boot Signkey' in openSUSE:Factory:secure-boot/shim on OBS: - shim.spec: Workaround the string comparison issue in elif directive - shim.spec: Specify the certificate format in openssl commands
joeyli added 2 commits 2025-11-28 04:43:11 +01:00
shim.spec: Specify the certificate format in openssl commands d33006b0e0 
The old openssl in SLE-15-SP3 assumes the format of input
certificate is PEM. In d279b0c453 patch, we converted the SUSE
certificates from PEM to DER format for using by Lua in pretrans
script. It causes the openssl command to fail with old openssl.
So we specify the certificate format in openssl commands.
shim.spec: Workaround the string comparison issue in elif directive 2a0ca4d82b 
With the rpm-4.14.3 on SLE-15-SP3, the string comparison in elif
directive has problem. It causes that the certificate block in the
elif-endif to disappear permanently, regardless of whether the
comparison succeeds or fails.

This change can also workaround the issue that elif can not handle
special issue_hash/subject_hash from 'openSUSE Secure Boot Signkey':

shim> openssl x509 -in factory-secure-boot.crt -inform PEM -noout -subject_hash
babd5674
shim> openssl x509 -in factory-secure-boot.crt -inform PEM -noout -issuer_hash
d29860c3

Directlly put to global define in shim.spec can reproduce issue:
global prjissuer_hash d29860c3
global prjsubjec_hash babd5674

This patch changed codes by using if-endif instead of elif-endif to
workaround the above two problems
autogits-devel requested review from dirkmueller 2025-11-28 04:43:17 +01:00
autogits-devel requested review from gary_lin 2025-11-28 04:43:17 +01:00
autogits-devel removed review request for dirkmueller 2025-11-28 04:49:43 +01:00
autogits-devel removed review request for gary_lin 2025-11-28 04:49:43 +01:00
joeyli manually merged commit 2a0ca4d82b into main 2025-11-28 04:49:47 +01:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
adamm_super autogits-devel dirkmueller gary_lin
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: devel-factory/shim#3
Delete Branch "joeyli/shim:16.1-add-MS-signed-shim-v3"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?