diff --git a/shim.changes b/shim.changes index 9100598..8252d6e 100644 --- a/shim.changes +++ b/shim.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Fri Nov 28 08:30:55 UTC 2025 - Joey Lee + +- Fixed some issues in RPM Macro and pretrans lus script with the old + rpm-4.14.3 on SLE-15-SP3: + - shim.spec: Use io.open instead of pcall rpm.open in pretrans lua script + - shim.spec: Workaround the string comparison issue in elif directive + - shim.spec: Specify the certificate format in openssl commands + ------------------------------------------------------------------- Wed Nov 26 07:42:15 UTC 2025 - Joey Lee diff --git a/shim.spec b/shim.spec index 9015251..429c126 100644 --- a/shim.spec +++ b/shim.spec @@ -370,30 +370,14 @@ print("INFO: Current Lua Version: " .. tostring(_VERSION)) local db_filename = "/sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f" -- The db file existence check --- Use pcall to execute rpm.open to prevent errors from being thrown when --- the file cannot be found, causing RPM to fail. -local success, result = pcall(rpm.open, db_filename, "rb") +local f_check, err_check = io.open(db_filename, "rb") -local f_check = nil - -if not success then - -- pcall catches errors (e.g. "No such file or directory") - print("WARNING: Attempt to open db EFI variable file failed. Error message: " .. tostring(result)) +if not f_check then + print("WARNING: Attempt to open db EFI variable file failed. Error message: " .. tostring(err_check)) print("WARNING: This usually means the system is not booted in UEFI mode. Skipping all db check steps.") return 0 -else - -- If pcall succeeds, result may be an archive handle or nil (depending on the behavior of rpm.open) - f_check = result - if not f_check then - -- The archive does not exist, but rpm.open returns nil - print("WARNING: db EFI variable file does not exist (rpm.open returned nil). Skipping db check steps.") - return 0 - else - -- If the file exists and is successfully opened, - -- close the handle immediately so that subsequent code can open it again. - f_check:close() - end end +f_check:close() -- ========================================================================================== -- This is the hardcoded target certificate content used to check for its existence. @@ -463,13 +447,13 @@ end local db_content = "" do -- The db file is now confirmed to exist, open it again to read the contents - local f = rpm.open(db_filename, "rb") + local f_db, err_db = io.open(db_filename, "rb") - if f then + if f_db then local chunks = {} local CHUNK_SIZE = 4096 local raw_content = "" - local chunk = f:read(CHUNK_SIZE) + local chunk = f_db:read(CHUNK_SIZE) while chunk do -- If an empty string is read, it means EOF has been reached and the loop is exited. @@ -477,12 +461,12 @@ do break end table.insert(chunks, chunk) - chunk = f:read(CHUNK_SIZE) + chunk = f_db:read(CHUNK_SIZE) end raw_content = table.concat(chunks) - f:close() + f_db:close() -- Skip the first 4 bytes (EFI attributes) if #raw_content > 4 then @@ -520,13 +504,12 @@ print("Please add the appropriate certificate to the db or disable UEFI secure b -- Secure Boot status check: We only proceed with installation if the certificate is not present in the db and Secure Boot is disabled. local sb_filename = "/sys/firmware/efi/efivars/SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c" -local success_sb, result_sb = pcall(rpm.open, sb_filename, "rb") +local f_sb, err_sb = io.open(sb_filename, "rb") -if not success_sb or not result_sb then +if not f_sb then -- If the file is missing, it typically means the system is not UEFI, or Secure Boot is disabled/the variable is absent. print("WARNING: SecureBoot EFI variable file does not exist. Proceed with install.") else - local f_sb = result_sb local raw_content_sb = "" local sb_status = 0