From 717dd37c2f7caa2168924685c02951103fc7412e2cb81b5114e346c252913361 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin Date: Tue, 27 Apr 2021 08:07:02 +0000 Subject: [PATCH] Accepting request 888707 from home:gary_lin:branches:devel:openSUSE:Factory Update to shim to 15.4-lp152.4.8.1 from openSUSE Leap 15.2 for SBAT support (bsc#1182057) OBS-URL: https://build.opensuse.org/request/show/888707 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim-leap?expand=0&rev=29 --- README | 5 +++++ shim-15+git47-lp152.4.5.1.x86_64.rpm | 3 --- shim-15.4-lp152.4.8.1.x86_64.rpm | 3 +++ shim-leap.changes | 10 ++++++++++ shim-leap.spec | 10 ++++++---- 5 files changed, 24 insertions(+), 7 deletions(-) create mode 100644 README delete mode 100644 shim-15+git47-lp152.4.5.1.x86_64.rpm create mode 100644 shim-15.4-lp152.4.8.1.x86_64.rpm diff --git a/README b/README new file mode 100644 index 0000000..4e746e7 --- /dev/null +++ b/README @@ -0,0 +1,5 @@ +Since shim needs a "stable" environment to reproduce the binary to match +the signature from UEFI CA, it's difficult to maintain shim in Tumbleweed +due to the nature of a rolling release distro. Instead of compiling shim +for Tumbleweed, we directly import the binary the latest stable Leap +release to maintain a stable and reproducible shim binary. diff --git a/shim-15+git47-lp152.4.5.1.x86_64.rpm b/shim-15+git47-lp152.4.5.1.x86_64.rpm deleted file mode 100644 index 90e0a08..0000000 --- a/shim-15+git47-lp152.4.5.1.x86_64.rpm +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:9b52e8b0c9b6918abae23193d19b4f67b7a73ebfb7312f929b9f15c7612f60fa -size 609424 diff --git a/shim-15.4-lp152.4.8.1.x86_64.rpm b/shim-15.4-lp152.4.8.1.x86_64.rpm new file mode 100644 index 0000000..20a21ee --- /dev/null +++ b/shim-15.4-lp152.4.8.1.x86_64.rpm @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:a5311f07570ee19eddc879f692176c78861b37e7e4d302fb9237b374c15aa22d +size 455728 diff --git a/shim-leap.changes b/shim-leap.changes index 23cb95a..5243bdc 100644 --- a/shim-leap.changes +++ b/shim-leap.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Tue Apr 27 07:45:26 UTC 2021 - Gary Ching-Pang Lin + +- Update to shim to 15.4-lp152.4.8.1 from openSUSE Leap 15.2 for + SBAT support (bsc#1182057) + + Version: 15.4, "Wed Apr 21 05:46:19 UTC 2021" + + Include the fixes for bsc#1177789, CVE-2019-14584, bsc#1177315, + bsc#1175509, bsc#1173411, bsc#1177404, bsc#1174512, bsc#1184454 +- Add README to note why we need shim-leap for Tumbleweed + ------------------------------------------------------------------- Thu Aug 27 07:27:54 UTC 2020 - Gary Ching-Pang Lin diff --git a/shim-leap.spec b/shim-leap.spec index 4801477..e3832af 100644 --- a/shim-leap.spec +++ b/shim-leap.spec @@ -1,7 +1,7 @@ # # spec file for package shim-leap # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,12 +25,13 @@ %endif Name: shim-leap -Version: 15+git47 +Version: 15.4 Release: 0 Summary: UEFI shim loader License: BSD-2-Clause Group: System/Boot -Source: shim-15+git47-lp152.4.5.1.x86_64.rpm +Source: shim-15.4-lp152.4.8.1.x86_64.rpm +Source1: README BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: x86_64 @@ -54,12 +55,13 @@ rpm2cpio %{SOURCE0} | cpio --extract --unconditional --preserve-modification-tim %install # purely repackaged cp -a * %{buildroot} -# NOTE: shim-15+git47 already contains the sym-link to /usr/lib64/efi. +cp %{S:1} . %post -n shim /sbin/update-bootloader --reinit || true %files -n shim +%doc README %dir %{?sysefibasedir} %dir %{sysefidir} %{sysefidir}/shim.efi