Accepting request 197604 from home:lnussel:branches:devel:openSUSE:Factory

- set timestamp of PE file to time of the binary the signature was
  made for.
- make sure cert.o get's rebuilt for each target

- Update microsoft.asc: shim signed by UEFI signing service, based
  on code from "Wed Aug 28 15:54:38 UTC 2013"

OBS-URL: https://build.opensuse.org/request/show/197604
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=42
This commit is contained in:
Gary Ching-Pang Lin 2013-09-09 03:29:33 +00:00 committed by Git OBS Bridge
parent 3436d7ba57
commit 23b0639b8c
6 changed files with 303 additions and 118 deletions

View File

@ -20,4 +20,5 @@ certutil -f "$nssdir/pw" -d "$nssdir" -N
# wtf? # wtf?
(pesign -n "$nssdir" -h -P -i "$infile"; (pesign -n "$nssdir" -h -P -i "$infile";
${0%/*}/timestamp.pl "$infile";
pesign -n "$nssdir" -a -f -e /dev/stdout -i "$infile")|cat pesign -n "$nssdir" -a -f -e /dev/stdout -i "$infile")|cat

View File

@ -1,8 +1,11 @@
hash: cb340011afeb0d74c4a588b36ebaa441961608e8d2fa80dca8c13872c850796b hash: 9c259fcb301d5fc7397ed5759963e0ef6b36e42057fd73046e6bd08b149f751c
# 2013-08-29 08:45:28
timestamp: 521f0a28
checksum: bd3e
-----BEGIN AUTHENTICODE SIGNATURE----- -----BEGIN AUTHENTICODE SIGNATURE-----
MIIhPgYJKoZIhvcNAQcCoIIhLzCCISsCAQExDzANBglghkgBZQMEAgEFADBcBgor MIIhngYJKoZIhvcNAQcCoIIhjzCCIYsCAQExDzANBglghkgBZQMEAgEFADBcBgor
BgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgB BgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgB
ZQMEAgEFAAQgyzQAEa/rDXTEpYizbrqkQZYWCOjS+oDcqME4cshQeWugggrpMIIE ZQMEAgEFAAQgnCWfyzAdX8c5ftV1mWPg72s25CBX/XMEbmvQixSfdRygggrpMIIE
0TCCA7mgAwIBAgITMwAAAAgesX6cFfyDegABAAAACDANBgkqhkiG9w0BAQsFADCB 0TCCA7mgAwIBAgITMwAAAAgesX6cFfyDegABAAAACDANBgkqhkiG9w0BAQsFADCB
gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi
@ -61,121 +64,123 @@ jlZ/s58WmLKG0Gg+kCO1L16PUIWNxo2CX0Gh9C4N4JnSbHXktmm1IYb6B9H24k3R
2q0sd1MeJTI3x2xScpWGsPE1YWoZ9bI7gVBWpjIt/qKJ+UKGJxhVoYLKWpv4MJhU 2q0sd1MeJTI3x2xScpWGsPE1YWoZ9bI7gVBWpjIt/qKJ+UKGJxhVoYLKWpv4MJhU
FKZHliUvyCbkQZQaXAI/5ZbjhVs8Pj+7RxZyVeIlIrHZe+cDBiqj9x6QRsMADdYZ FKZHliUvyCbkQZQaXAI/5ZbjhVs8Pj+7RxZyVeIlIrHZe+cDBiqj9x6QRsMADdYZ
ieMONSdiA3EVpu/QJ6CgWTdg+DiUuOB4cPi6TIaHlPbgrgJF7mXCtqN+aRZ1B5Kb ieMONSdiA3EVpu/QJ6CgWTdg+DiUuOB4cPi6TIaHlPbgrgJF7mXCtqN+aRZ1B5Kb
9aa8WYNYMYIVyDCCFcQCAQEwgZkwgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX 9aa8WYNYMYIWKDCCFiQCAQEwgZkwgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX
YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg
Q29ycG9yYXRpb24xKzApBgNVBAMTIk1pY3Jvc29mdCBDb3Jwb3JhdGlvbiBVRUZJ Q29ycG9yYXRpb24xKzApBgNVBAMTIk1pY3Jvc29mdCBDb3Jwb3JhdGlvbiBVRUZJ
IENBIDIwMTECEzMAAAAIHrF+nBX8g3oAAQAAAAgwDQYJYIZIAWUDBAIBBQCggcow IENBIDIwMTECEzMAAAAIHrF+nBX8g3oAAQAAAAgwDQYJYIZIAWUDBAIBBQCgggER
GQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisG MBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwGCisGAQQBgjcCAQsxDjAMBgor
AQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIGVZb//6Ozv03LK+h0gc9rgbrHonOkZd BgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCBS5Kww7Vp9GTSzYl0ETiSOSzPtmBUV
0MfBd8nL3VbhMF4GCisGAQQBgjcCAQwxUDBOoBqAGABXAGkAbgBxAHUAYQBsACAA zygB6+YZJOjQ/DCBpAYKKwYBBAGCNwIBDDGBlTCBkqBegFwAaAB0AHQAcAA6AC8A
VABlAHMAdKEwgC5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vd2hkYy9oY2wvZGVm LwB3AHcAdwAuAG0AaQBjAHIAbwBzAG8AZgB0AC4AYwBvAG0ALwB3AGgAZABjAC8A
YXVsdC5tc3B4MA0GCSqGSIb3DQEBAQUABIIBAEUjL3FyotA8sfCYF1B24bGYtPZb aABjAGwALwBkAGUAZgBhAHUAbAB0AC4AbQBzAHAAeKEwgC5odHRwOi8vd3d3Lm1p
dMlmr+6crsaQTI0iNFIqH7O7PrN082ScJHIOpGZtpuo6vblmDMGemdgN8Ad2mnju Y3Jvc29mdC5jb20vd2hkYy9oY2wvZGVmYXVsdC5tc3B4MA0GCSqGSIb3DQEBAQUA
JNPKkvzlm/0XUDoUmx+Dbl6tKCpVyh7ZEz6mTAHV2RZUbzevkIR9oAanyaNNJZHc BIIBALoEW5yyw2YtVS3lSj8F//twwjORHHvMF2jC805z5mqdAmsdUDfthKKofBLJ
e0d6VdykdYtPZeK5sYzaO9slEHfg5d9B31AdqjU1aQPUxxZxbNOjNIFc6Ro7YR67 LIOylgbXW11Vax7ZfnZ2WHs9JBCrTVDjc5+sI34kpYA98lHAywYVfEfIrvHPAC6O
3s0EgfEKKVZHmvVZ2ChICTA2Ln/ckXFiAy/lyBJlx0CmiifNPyVhlGn0ny8+5bBB JZXF0cV5Qqe3hjRGd3SGmQkzC6lecVD+3uBmfCnzfE2Rahfy8C3ugLuEutvCGY07
L2CG5ZKLTLYMWZXRQzJgiZG+4uHLaycwR+E100rcLcZ07ooeS25Wx0Tgfe6hghMy RB4/sKz6bGoYjx+MIS2hk65Ieip5htZaYirn+5IBMHX3xrTxpIhomOmyL4CpeW7B
MIITLgYKKwYBBAGCNwMDATGCEx4wghMaBgkqhkiG9w0BBwKgghMLMIITBwIBAzEP 48IUvekaQal+/ePEg/bnDzqUFJ2PdEH03fP0VsKS7z7nJdxfu2XP4wdx/KJin61d
MA0GCWCGSAFlAwQCAQUAMIIBPQYLKoZIhvcNAQkQAQSgggEsBIIBKDCCASQCAQEG N0oWjcyKpy7wKHSFWrAMRAs5zW2hghNKMIITRgYKKwYBBAGCNwMDATGCEzYwghMy
CisGAQQBhFkKAwEwMTANBglghkgBZQMEAgEFAAQgUrLZiye/Z1cUhRClMHxwiIy4 BgkqhkiG9w0BBwKgghMjMIITHwIBAzEPMA0GCWCGSAFlAwQCAQUAMIIBPQYLKoZI
gZcRB8Ml/65nTr8ulPICBlEBPu7EShgTMjAxMzAyMDkwMDEwNDguODg5WjAHAgEB hvcNAQkQAQSgggEsBIIBKDCCASQCAQEGCisGAQQBhFkKAwEwMTANBglghkgBZQME
gAIB9KCBuaSBtjCBszELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x AgEFAAQgDiEkqbSjOTIMfAFQV0jV58xTCE9vCJ2mmQQvVlsMEB8CBlIjIBHCFxgT
EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv MjAxMzA5MDYwNjM2NDYuNTkyWjAHAgEBgAIB9KCBuaSBtjCBszELMAkGA1UEBhMC
bjENMAsGA1UECxMETU9QUjEnMCUGA1UECxMebkNpcGhlciBEU0UgRVNOOkJCRUMt
MzBDQS0yREJFMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNl
oIIOxzCCBnEwggRZoAMCAQICCmEJgSoAAAAAAAIwDQYJKoZIhvcNAQELBQAwgYgx
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt
b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1p
Y3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTEwMDcw
MTIxMzY1NVoXDTI1MDcwMTIxNDY1NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m
dCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENB
IDIwMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpHQ28dxGKOiDs
/BOX9fp/aZRrdFQQ1aUKAIKF++18aEssX8XD5WHCdrc+Zitb8BVTJwQxH0EbGpUd
zgkTjnxhMFmxMEQP8WCIhFRDDNdNuDgIs0Ldk6zWczBXJoKjRQ3Q6vVHgc2/JGAy
WGBG8lhHhjKEHnRhZ5FfgVSxz5NMksHEpl3RYRNuKMYa+YaAu99h/EbBJx0kZxJy
GiGKr0tkiVBisV39dx898Fd1rL2KQk1AUdEPnAY+Z3/1ZsADlkR+79BL/W7lmsqx
qPJ6Kgox8NpOBpG2iAg16HgcsOmZzTznL0S6p/TcZL2kAcEgCZN4zfy8wMlEXV4W
nAEFTyJNAgMBAAGjggHmMIIB4jAQBgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQU
1WM6XIoxkPNDe3xGG8UzaFqFbVUwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEw
CwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/o
olxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNy
b3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYt
MjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5t
aWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5j
cnQwgaAGA1UdIAEB/wSBlTCBkjCBjwYJKwYBBAGCNy4DMIGBMD0GCCsGAQUFBwIB
FjFodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vUEtJL2RvY3MvQ1BTL2RlZmF1bHQu
aHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAFAAbwBsAGkAYwB5AF8A
UwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQAH5ohRDeLG
4Jg/gXEDPZ2joSFvs+umzPUxvs8F4qn++ldtGTCzwsVmyWrf9efweL3HqJ4l4/m8
7WtUVwgrUYJEEvu5U4zM9GASinbMQEBBm9xcF/9c+V4XNZgkVkt070IQyK+/f8Z/
8jd9Wj8c8pl5SpFSAK84Dxf1L3mBZdmptWvkx872ynoAb0swRCQiPM/tA6WWj1kp
vLb9BOFwnzJKJ/1Vry/+tuWOM7tiX5rbV0Dp8c6ZZpCM/2pif93FSguRJuI57BlK
cWOdeyFtw5yjojz6f32WapB4pm3S4Zz5Hfw42JT0xqUKloakvZ4argRCg7i1gJsi
OCC1JeVk7Pf0v35jWSUPei45V3aicaoGig+JFrphpxHLmtgOR5qAxdDNp9DvfYPw
4TtxCd9ddJgiCGHasFAeb73x4QDf5zEHpJM692VHeOj4qEir995yfmFrb3epgcun
Caw5u+zGy9iCtHLNHfS4hQEegPsbiSpUObJb2sgNVZl6h3M7COaYLeqN4DMuEin1
wC9UJyH3yKxO2ii4sanblrKnQqLJzxlBTeCG+SqaoxFmMNO7dDJL32N79ZmKLxvH
Ia9Zta7cRDyXUHHXodLFVeNp3lfB0d4wwP3M5k37Db9dT+mdHhk4L7zPWAUu7w2g
UDXa7wknHNWzfjUeCLraNtvTX4/edIhJEjCCBNEwggO5oAMCAQICCmEH6j4AAAAA
ABAwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp
bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw
b3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAw
HhcNMTIwMTA5MjEzNTM3WhcNMTMwNDA5MjE0NTM3WjCBszELMAkGA1UEBhMCVVMx
EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT
FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjENMAsGA1UECxMETU9QUjEnMCUGA1UECxMe
bkNpcGhlciBEU0UgRVNOOkJCRUMtMzBDQS0yREJFMSUwIwYDVQQDExxNaWNyb3Nv
ZnQgVGltZS1TdGFtcCBTZXJ2aWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEArLKRs8Ez2L8FlySOHC3g7HEsvCifzy1JVeHvu/zjwUeMjKHpXrLzNxtM
lcXvcRU+GocXarhoJaGzJQ405JHlqhitYI9UXw74r+pQ3XJlOyEFABlNPE6HPY7J
SRcrTQKXH6XPndfvdKYzWrzNRcna9lrEd8/G7IZ6sBvr2JMYJ1sA2LxRMOMZO7ZN
PW8ZEwH6q2qIXHyrAUPszTV3MocYl9I/q7UL8VUrElE4mNlXcFHXcpdanPIZMuqC
K7r2shLy1YlcL8zrXktoX8q0CIDMKoge+nFmJoVgoIBBn6tBTj5JxH/YlWjRBaa8
lRbWQENtJ6Xn2kiPB1Dy/m/hsJn0sQIDAQABo4IBGzCCARcwHQYDVR0OBBYEFBw+
TiQkOFKmsJaLPYP6QBzUl3mAMB8GA1UdIwQYMBaAFNVjOlyKMZDzQ3t8RhvFM2ha
hW1VMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9w
a2kvY3JsL3Byb2R1Y3RzL01pY1RpbVN0YVBDQV8yMDEwLTA3LTAxLmNybDBaBggr
BgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNv
bS9wa2kvY2VydHMvTWljVGltU3RhUENBXzIwMTAtMDctMDEuY3J0MAwGA1UdEwEB
/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwgwDQYJKoZIhvcNAQELBQADggEBAIx4
LOwvQWC+3K/ovFms3igerIdnL2iSbmkoKdUklRC3S2LU6FmnTwPzyY2nDeZk2AW8
VEqGr62SXhWm6KJ0C6iU+gDItDYfCZsT19FQQd5TuoFwnDzqbtdFMnl2ykE4xVLp
WvqXYkTms2oFJJ1Py6IH44wUtQkfWbIqacDBQGAL4zDsSLA7i6cYJbka/mGQbsv7
lxb+Dav3Vxql4hhP/rC6arhdr/J+EAEmhUcgX8bSTPTirnJs2GVgS2mKZhUMEpMh
ztXnrToJ8VSvwmh6R9SlWXW0wQNjc0SO+clpfJ3/MXhdKqAQBi7Kg0cLYw1Et9wP
LKYMEGUUAdOuqnzPMQChggN5MIICYQIBATCB46GBuaSBtjCBszELMAkGA1UEBhMC
VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV
BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjENMAsGA1UECxMETU9QUjEnMCUGA1UE BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjENMAsGA1UECxMETU9QUjEnMCUGA1UE
CxMebkNpcGhlciBEU0UgRVNOOkJCRUMtMzBDQS0yREJFMSUwIwYDVQQDExxNaWNy CxMebkNpcGhlciBEU0UgRVNOOjMxQzUtMzBCQS03QzkxMSUwIwYDVQQDExxNaWNy
b3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiUKAQEwCQYFKw4DAhoFAAMVAMkjHgxV b3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloIIOzTCCBnEwggRZoAMCAQICCmEJgSoA
D5VtMurdbnMaFzgx80X/oIHCMIG/pIG8MIG5MQswCQYDVQQGEwJVUzETMBEGA1UE AAAAAAIwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX
CBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9z YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg
b2Z0IENvcnBvcmF0aW9uMQ0wCwYDVQQLEwRNT1BSMScwJQYDVQQLEx5uQ2lwaGVy Q29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRl
IE5UUyBFU046QjAyNy1DNkY4LTFEODgxKzApBgNVBAMTIk1pY3Jvc29mdCBUaW1l IEF1dGhvcml0eSAyMDEwMB4XDTEwMDcwMTIxMzY1NVoXDTI1MDcwMTIxNDY1NVow
IFNvdXJjZSBNYXN0ZXIgQ2xvY2swDQYJKoZIhvcNAQEFBQACBQDUv21+MCIYDzIw fDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
MTMwMjA4MTIyNjM4WhgPMjAxMzAyMDkxMjI2MzhaMHcwPQYKKwYBBAGEWQoEATEv ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMd
MC0wCgIFANS/bX4CAQAwCgIBAAICDhkCAf8wBwIBAAICF04wCgIFANTAvv4CAQAw TWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggEiMA0GCSqGSIb3DQEBAQUA
NgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAaAKMAgCAQACAxbjYKEKMAgC A4IBDwAwggEKAoIBAQCpHQ28dxGKOiDs/BOX9fp/aZRrdFQQ1aUKAIKF++18aEss
AQACAwehIDANBgkqhkiG9w0BAQUFAAOCAQEAzQCT6RScPYTOQuFjYFRfluWFOu+H X8XD5WHCdrc+Zitb8BVTJwQxH0EbGpUdzgkTjnxhMFmxMEQP8WCIhFRDDNdNuDgI
mkaFnRv5AHpyepmEUC5MtCXudCSbDI8hKG9KtMD5ICy1hMrMKMFwXYcSfE0lveqP s0Ldk6zWczBXJoKjRQ3Q6vVHgc2/JGAyWGBG8lhHhjKEHnRhZ5FfgVSxz5NMksHE
D/DJMNrrzEJcgDLnv8jkmvjdXhXo3K5NLM8ffxV5Wl8JVVU9Ldm28s0C39oVTOVD pl3RYRNuKMYa+YaAu99h/EbBJx0kZxJyGiGKr0tkiVBisV39dx898Fd1rL2KQk1A
h+v+t8iccLZa4t7nGFu1fb7dtYCf9H44+/uxOi4xIMYslVbFRyxK6RVH6w4mtjeQ UdEPnAY+Z3/1ZsADlkR+79BL/W7lmsqxqPJ6Kgox8NpOBpG2iAg16HgcsOmZzTzn
Gixih2JNGintVyA8AeTNdMwCl8X8TUh8/YYlWW1gZHgQzfGba1qNjPTTFsATd/eB L0S6p/TcZL2kAcEgCZN4zfy8wMlEXV4WnAEFTyJNAgMBAAGjggHmMIIB4jAQBgkr
WWyzGQo9ZXIglRKmyGF4orHWjX4Sq15E1rSraqUNBiXQAH4OSrEFhDoUojGCAuMw BgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQU1WM6XIoxkPNDe3xGG8UzaFqFbVUwGQYJ
ggLfAgEBMIGKMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw KwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQF
DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x MAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQwVgYDVR0fBE8w
JjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAgphB+o+AAAA TTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVj
AAAQMA0GCWCGSAFlAwQCAQUAoIIBKTAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQ dHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBK
AQQwLwYJKoZIhvcNAQkEMSIEIGOQwgAVf2pXul5+zbE/dgOk6M9oBkEUEqfheuWf BggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9N
6IH6MIHZBgsqhkiG9w0BCRACDDGByTCBxjCBwzCBqAQUySMeDFUPlW0y6t1ucxoX aWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwgaAGA1UdIAEB/wSBlTCBkjCBjwYJ
ODHzRf8wgY8wgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv KwYBBAGCNy4DMIGBMD0GCCsGAQUFBwIBFjFodHRwOi8vd3d3Lm1pY3Jvc29mdC5j
bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 b20vUEtJL2RvY3MvQ1BTL2RlZmF1bHQuaHRtMEAGCCsGAQUFBwICMDQeMiAdAEwA
aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAIKYQfq ZQBnAGEAbABfAFAAbwBsAGkAYwB5AF8AUwB0AGEAdABlAG0AZQBuAHQALiAdMA0G
PgAAAAAAEDAWBBRflhFLlhbsbPjG85vpBBvIGRjAYzANBgkqhkiG9w0BAQsFAASC CSqGSIb3DQEBCwUAA4ICAQAH5ohRDeLG4Jg/gXEDPZ2joSFvs+umzPUxvs8F4qn+
AQBjsNknQztyuopS9mEaJ1c1CCKUyjtDZZbajoOBYdpaeTmF6/HivmcxmA/qBdE9 +ldtGTCzwsVmyWrf9efweL3HqJ4l4/m87WtUVwgrUYJEEvu5U4zM9GASinbMQEBB
5Wk4ZSz4qFfRah5VwoiQFx37tgHPHoGFOZE7dZzpmj1IObv/cAnBS7Ez/Xx1HGte m9xcF/9c+V4XNZgkVkt070IQyK+/f8Z/8jd9Wj8c8pl5SpFSAK84Dxf1L3mBZdmp
C4VuvXAq5Up1zmC0RCpAyN6f7C/XNOhN+9YQxCfs/MVdNM8340V6N95JIn62TAij tWvkx872ynoAb0swRCQiPM/tA6WWj1kpvLb9BOFwnzJKJ/1Vry/+tuWOM7tiX5rb
UyxHOSstpwTqG042U0VfEvtk52wQottzWd0ra29wCG8cZAyTb4F+BUCzEEyDoOPr V0Dp8c6ZZpCM/2pif93FSguRJuI57BlKcWOdeyFtw5yjojz6f32WapB4pm3S4Zz5
aHzGEOAGuwDeiG6SclVuuDxM9BUsPdWy1xUlQ74eGGB9lEMG9/sHX14VKH0q9kA3 Hfw42JT0xqUKloakvZ4argRCg7i1gJsiOCC1JeVk7Pf0v35jWSUPei45V3aicaoG
KNa/GX4NdMvMjP1DJzdisFTMAAAAAAAA ig+JFrphpxHLmtgOR5qAxdDNp9DvfYPw4TtxCd9ddJgiCGHasFAeb73x4QDf5zEH
pJM692VHeOj4qEir995yfmFrb3epgcunCaw5u+zGy9iCtHLNHfS4hQEegPsbiSpU
ObJb2sgNVZl6h3M7COaYLeqN4DMuEin1wC9UJyH3yKxO2ii4sanblrKnQqLJzxlB
TeCG+SqaoxFmMNO7dDJL32N79ZmKLxvHIa9Zta7cRDyXUHHXodLFVeNp3lfB0d4w
wP3M5k37Db9dT+mdHhk4L7zPWAUu7w2gUDXa7wknHNWzfjUeCLraNtvTX4/edIhJ
EjCCBNowggPCoAMCAQICEzMAAAArcqou9km77NcAAAAAACswDQYJKoZIhvcNAQEL
BQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UE
AxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwHhcNMTMwMzI3MjAxMzE1
WhcNMTQwNjI3MjAxMzE1WjCBszELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp
bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw
b3JhdGlvbjENMAsGA1UECxMETU9QUjEnMCUGA1UECxMebkNpcGhlciBEU0UgRVNO
OjMxQzUtMzBCQS03QzkxMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBT
ZXJ2aWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3Z7t/Pp/HRcd
iNXB0W8SSbw4GhHtLWNtGfzQrsfCr4860ca9qncVZBQnAheS3S9li6d0R3eXKCT4
R0NqGMPybXzuf0wCRD5tRUGDbW1x7VlkmbZarrGCrzvkVOpq+kH1GKrdC9XJxH4Q
7D5UfeN15Q1yCASFFg22aydaqGyCPaQ3HtPcFvw2xg5SqqiKDO7jtZZQLIYqvrMN
b/VSKlS5JEgyDVIVPSfjgN1fgs4ufYURw2KBeoV6XwR+emmvk02j37DWsrZdbmZB
7xO5mtltxSZwhKIHFVxrt+M0OSdzyqhH8zFpBXHtfAtD1tiZEwUIh0PYD6twcRya
R4PSOQxo8wIDAQABo4IBGzCCARcwHQYDVR0OBBYEFACIYILy9WDlBpejP8vw4yXL
FeAVMB8GA1UdIwQYMBaAFNVjOlyKMZDzQ3t8RhvFM2hahW1VMFYGA1UdHwRPME0w
S6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3Rz
L01pY1RpbVN0YVBDQV8yMDEwLTA3LTAxLmNybDBaBggrBgEFBQcBAQROMEwwSgYI
KwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWlj
VGltU3RhUENBXzIwMTAtMDctMDEuY3J0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAww
CgYIKwYBBQUHAwgwDQYJKoZIhvcNAQELBQADggEBAAYWV+d5jEsbOPGOzJ7O1HVv
nfxgluZnVZGGW2GsKzFJ8BSMZUnvetBXmjmffxanrjFXwJLrqfe5KvjJ7Y9gJpoO
22KE2sT2YiDI/yEYXMnumnKLr8uTzEQ/aSr1XYLGWatOklFu5CkROP10duIBC8B0
+1Yn3EeJuNmlHHcDNXFYJsa0K94Ho0go0+ZAE/TbaxlUK67xzqmvLbPB1bbU1Tky
BJ7qdw5X4kVMDZdFvBertWNkk6OgaebVqhtmQU/YQhW8SibyaP89PPZi7BPR3C/r
UjHXwzgvqoYihQ4Yvij0OFzn6E/B8PYIcsnK12yTQMQEFd6JUzKCerQnogg1o7yh
ggN2MIICXgIBATCB46GBuaSBtjCBszELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh
c2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD
b3Jwb3JhdGlvbjENMAsGA1UECxMETU9QUjEnMCUGA1UECxMebkNpcGhlciBEU0Ug
RVNOOjMxQzUtMzBCQS03QzkxMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFt
cCBTZXJ2aWNloiUKAQEwCQYFKw4DAhoFAAMVABdKA9rBDqP5NngZ5vhFNgZYAya8
oIHCMIG/pIG8MIG5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQ
MA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9u
MQ0wCwYDVQQLEwRNT1BSMScwJQYDVQQLEx5uQ2lwaGVyIE5UUyBFU046QjAyNy1D
NkY4LTFEODgxKzApBgNVBAMTIk1pY3Jvc29mdCBUaW1lIFNvdXJjZSBNYXN0ZXIg
Q2xvY2swDQYJKoZIhvcNAQEFBQACBQDV059dMCIYDzIwMTMwOTA2MDAyNTAxWhgP
MjAxMzA5MDcwMDI1MDFaMHQwOgYKKwYBBAGEWQoEATEsMCowCgIFANXTn10CAQAw
BwIBAAICG4EwBwIBAAICGBEwCgIFANXU8N0CAQAwNgYKKwYBBAGEWQoEAjEoMCYw
DAYKKwYBBAGEWQoDAaAKMAgCAQACAxbjYKEKMAgCAQACAwehIDANBgkqhkiG9w0B
AQUFAAOCAQEAYuLRkwuSnYRqZki8ezB3xEDkMmZTSMytyICNPC7M7l1iXfB08VH4
hlygAtINFJ6xbCzPL15//Y7uCCOi/WszIzu4rn51HubH8bj7K4ZUIbxGhipWg3lc
c8BfV5Y3keSRIJt4qeqaWsIQinTWF21UqNv7iX1zFZv1f+kFsFIBRaPDl7wOKJf8
rCxNSh+z0JGG4WaOqbTuD6N+SYqjrkyyEuAjzWsKpi2wisYhpYfIwflGdm760dZS
4OATdOPENnO+8WUuBYZO5Vags4OsY1cNiF8A1uHwkdRiEHPx0+civ6dvvDzXRrf0
5XUoAWJC1+lf/fVBrX6DyQTdMS98DWJmdTGCAvUwggLxAgEBMIGTMHwxCzAJBgNV
BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w
HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29m
dCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAAK3KqLvZJu+zXAAAAAAArMA0GCWCG
SAFlAwQCAQUAoIIBMjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZI
hvcNAQkEMSIEIP5GubwVeFY2kQXbjAnUAgrRj7wm8/IfMpc9OkIWCExuMIHiBgsq
hkiG9w0BCRACDDGB0jCBzzCBzDCBsQQUF0oD2sEOo/k2eBnm+EU2BlgDJrwwgZgw
gYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE
BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYD
VQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAITMwAAACtyqi72Sbvs
1wAAAAAAKzAWBBSjgipRxvpbBIh/WFsdP/4QrA7g/zANBgkqhkiG9w0BAQsFAASC
AQCdOnqw8y/2V6d8wlUKMKpf6FgqQVc/FJKuQnnnMVxs39mG6TMWNoPoNRjP/Dcr
xROr8Zlx6Bp0kQ0urYNquO6y9irkJwQa67ZtUHE29vYlotjDdVMuroJhoVZ3xDur
56ff87c6XvvjfaY3iLGMuv5fkeL8ajQ5HQ4AZzYSH4eni9FknbK/VH4qNU0e/FH8
l17VNNOnmonw0oS99AtiwInDGQo5Z9ngcQFs9O9yzHhDfm1cU6ByKU78wRAwjHeM
ZPLScgBH2ZL5fcJKi8TxhGc9Xtg9fnOYg+KtX+vQmJ2of+XgwZjnPnTvJYSf6KRx
FTeClTPncn4kysdsHNU7aaoUAAAAAAAA
-----END AUTHENTICODE SIGNATURE----- -----END AUTHENTICODE SIGNATURE-----

View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Fri Sep 6 13:57:36 UTC 2013 - lnussel@suse.de
- set timestamp of PE file to time of the binary the signature was
made for.
- make sure cert.o get's rebuilt for each target
-------------------------------------------------------------------
Fri Sep 6 11:48:14 CEST 2013 - fcrozat@suse.com
- Update microsoft.asc: shim signed by UEFI signing service, based
on code from "Wed Aug 28 15:54:38 UTC 2013"
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Aug 28 15:54:38 UTC 2013 - lnussel@suse.de Wed Aug 28 15:54:38 UTC 2013 - lnussel@suse.de

View File

@ -37,6 +37,7 @@ Source6: attach_signature.sh
Source7: show_hash.sh Source7: show_hash.sh
Source8: show_signatures.sh Source8: show_signatures.sh
Source9: openSUSE-UEFI-CA-Certificate-4096.crt Source9: openSUSE-UEFI-CA-Certificate-4096.crt
Source10: timestamp.pl
# PATCH-FIX-SUSE shim-suse-build.patch glin@suse.com -- Adjust Makefile for the build service # PATCH-FIX-SUSE shim-suse-build.patch glin@suse.com -- Adjust Makefile for the build service
Patch0: shim-suse-build.patch Patch0: shim-suse-build.patch
# PATCH-FIX-UPSTREAM shim-fix-pointer-casting.patch glin@suse.com -- Fix a casting issue and the size of an empty vendor_cert or dbx_cert. # PATCH-FIX-UPSTREAM shim-fix-pointer-casting.patch glin@suse.com -- Fix a casting issue and the size of an empty vendor_cert or dbx_cert.
@ -146,10 +147,14 @@ for suffix in "${suffixes[@]}"; do
# make sure cast warnings don't trigger post build check # make sure cast warnings don't trigger post build check
make VENDOR_CERT_FILE=shim-$suffix.der shim.efi 2>/dev/null make VENDOR_CERT_FILE=shim-$suffix.der shim.efi 2>/dev/null
# make VENDOR_CERT_FILE=cert.der VENDOR_DBX_FILE=dbx # make VENDOR_CERT_FILE=cert.der VENDOR_DBX_FILE=dbx
chmod 755 %{SOURCE6} %{SOURCE7} chmod 755 %{SOURCE6} %{SOURCE7} %{SOURCE10}
# alternative: verify signature # alternative: verify signature
#sbverify --cert MicCorThiParMarRoo_2010-10-05.pem shim-signed.efi #sbverify --cert MicCorThiParMarRoo_2010-10-05.pem shim-signed.efi
head -1 %{SOURCE1} > hash1 head -1 %{SOURCE1} > hash1
cp shim.efi shim.efi.bak
# pe header contains timestamp and checksum. we need to
# restore that
%{SOURCE10} --set-from-file %{SOURCE1} shim.efi
%{SOURCE7} shim.efi > hash2 %{SOURCE7} shim.efi > hash2
cat hash1 hash2 cat hash1 hash2
if ! cmp -s hash1 hash2; then if ! cmp -s hash1 hash2; then
@ -159,13 +164,17 @@ for suffix in "${suffixes[@]}"; do
if [ "${prj%%:*}" = "openSUSE" ]; then if [ "${prj%%:*}" = "openSUSE" ]; then
false false
fi fi
mv shim.efi shim-$suffix.efi mv shim.efi.bak shim-$suffix.efi
rm shim.efi
else else
# attach signature
%{SOURCE6} %{SOURCE1} shim.efi %{SOURCE6} %{SOURCE1} shim.efi
mv shim-signed.efi shim-$suffix.efi mv shim-signed.efi shim-$suffix.efi
rm -f shim.efi rm -f shim.efi
fi fi
rm -f shim.cer shim.crt rm -f shim.cer shim.crt
# make sure cert.o gets rebuilt
rm -f cert.o
done done
ln -s shim-${suffixes[0]}.efi shim.efi ln -s shim-${suffixes[0]}.efi shim.efi

22
strip_signature.sh Normal file
View File

@ -0,0 +1,22 @@
#!/bin/bash
# attach ascii armored signature to a PE binary
set -e
infile="$1"
if [ -z "$infile" -o ! -e "$infile" ]; then
echo "USAGE: $0 file.efi"
exit 1
fi
outfile="${infile%.efi}-unsigned.efi"
nssdir=`mktemp -d`
cleanup()
{
rm -r "$nssdir"
}
trap cleanup EXIT
echo > "$nssdir/pw"
certutil -f "$nssdir/pw" -d "$nssdir" -N
pesign -n "$nssdir" -r -i "$infile" -o "$outfile"

135
timestamp.pl Normal file
View File

@ -0,0 +1,135 @@
#!/usr/bin/perl -w
# Copyright (c) 2012,2013 SUSE Linux Products GmbH
#
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
#
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
=head1 timestamp.pl
timestamp.pl - show or set pe timestamp in file
=head1 SYNOPSIS
timestamp.pl [OPTIONS] FILE...
=head1 OPTIONS
=over 4
=item B<--set-form-file=FILE>
parse timestamp and checksum from file
=item B<--help, -h>
print help
=back
=head1 DESCRIPTION
lorem ipsum ...
=cut
use strict;
use Getopt::Long;
Getopt::Long::Configure("no_ignore_case");
use POSIX qw/strftime/;
my %options;
sub usage($) {
my $r = shift;
eval "use Pod::Usage; pod2usage($r);";
if ($@) {
die "cannot display help, install perl(Pod::Usage)\n";
}
}
GetOptions(
\%options,
"set-from-file=s",
"verbose|v",
"help|h",
) or usage(1);
usage(1) unless @ARGV;
usage(0) if ($options{'help'});
my $set_timestamp;
my $set_checksum;
if ($options{'set-from-file'}) {
die "$options{'set-from-file'}: $!\n" unless open(my $fh, '<', $options{'set-from-file'});
while (<$fh>) {
chomp;
if (/^timestamp: ([0-9a-f]+)/) {
$set_timestamp = pack('L', hex($1));
next;
} elsif (/^checksum: ([0-9a-f]+)/) {
$set_checksum = pack('S', hex($1));
next;
}
last if $set_timestamp && $set_checksum;
}
close($fh);
die "file didn't contain timestamp and checksum\n" unless $set_timestamp && $set_checksum;
}
sub do_show($)
{
my $file = shift;
die "$file: $!\n" unless open(my $fh, '<', $file);
die "seek $file: $!\n" unless seek($fh, 136, 0);
my $value;
die "read $file: $!\n" unless read($fh, $value, 4);
my $timestamp = unpack('L', $value);
print strftime("# %Y-%m-%d %H:%M:%S\n", gmtime($timestamp));
printf ("timestamp: %x\n", $timestamp);
die "seek $file: $!\n" unless seek($fh, 216, 0);
die "read $file: $!\n" unless read($fh, $value, 2);
printf ("checksum: %x\n", unpack('S', $value));
close($fh);
}
sub do_set($)
{
my $file = shift;
die "$file: $!\n" unless open(my $fh, '+<', $file);
die "seek $file: $!\n" unless seek($fh, 136, 0);
die "write $file: $!\n" unless print $fh $set_timestamp;
die "seek $file: $!\n" unless seek($fh, 216, 0);
die "read $file: $!\n" unless print $fh $set_checksum;
close($fh);
}
for my $file (@ARGV) {
if ($options{'set-from-file'}) {
do_set($file);
} else {
do_show($file);
}
}