Accepting request 186559 from devel:openSUSE:Factory
- don't include binary in the sources. Instead package the raw signature and attach it during build (bnc#813448). (forwarded request 186534 from lnussel) OBS-URL: https://build.opensuse.org/request/show/186559 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=17
This commit is contained in:
commit
38991a68fe
2
.gitattributes
vendored
2
.gitattributes
vendored
@ -21,5 +21,3 @@
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
||||
## Specific LFS patterns
|
||||
shim-signed.efi filter=lfs diff=lfs merge=lfs -text
|
||||
|
23
attach_signature.sh
Normal file
23
attach_signature.sh
Normal file
@ -0,0 +1,23 @@
|
||||
#!/bin/bash
|
||||
# attach ascii armored signature to a PE binary
|
||||
set -e
|
||||
|
||||
sig="$1"
|
||||
infile="$2"
|
||||
if [ -z "$sig" -o ! -e "$sig" -o -z "$infile" -o ! -e "$infile" ]; then
|
||||
echo "USAGE: $0 sig.asc file.efi"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
outfile="${infile%.efi}-signed.efi"
|
||||
|
||||
nssdir=`mktemp -d`
|
||||
cleanup()
|
||||
{
|
||||
rm -r "$nssdir"
|
||||
}
|
||||
trap cleanup EXIT
|
||||
echo > "$nssdir/pw"
|
||||
certutil -f "$nssdir/pw" -d "$nssdir" -N
|
||||
|
||||
pesign -n "$nssdir" -m "$sig" -i "$infile" -o "$outfile"
|
23
extract_signature.sh
Normal file
23
extract_signature.sh
Normal file
@ -0,0 +1,23 @@
|
||||
#!/bin/bash
|
||||
# extract ascii armored signature from a PE binary
|
||||
set -e
|
||||
|
||||
infile="$1"
|
||||
|
||||
if [ -z "$infile" -o ! -e "$infile" ]; then
|
||||
echo "USAGE: $0 file.efi"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
nssdir=`mktemp -d`
|
||||
cleanup()
|
||||
{
|
||||
rm -r "$nssdir"
|
||||
}
|
||||
trap cleanup EXIT
|
||||
echo > "$nssdir/pw"
|
||||
certutil -f "$nssdir/pw" -d "$nssdir" -N
|
||||
|
||||
# wtf?
|
||||
(pesign -n "$nssdir" -h -P -i "$infile";
|
||||
pesign -n "$nssdir" -a -f -e /dev/stdout -i "$infile")|cat
|
181
microsoft.asc
Normal file
181
microsoft.asc
Normal file
@ -0,0 +1,181 @@
|
||||
hash: cb340011afeb0d74c4a588b36ebaa441961608e8d2fa80dca8c13872c850796b
|
||||
-----BEGIN AUTHENTICODE SIGNATURE-----
|
||||
MIIhPgYJKoZIhvcNAQcCoIIhLzCCISsCAQExDzANBglghkgBZQMEAgEFADBcBgor
|
||||
BgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgB
|
||||
ZQMEAgEFAAQgyzQAEa/rDXTEpYizbrqkQZYWCOjS+oDcqME4cshQeWugggrpMIIE
|
||||
0TCCA7mgAwIBAgITMwAAAAgesX6cFfyDegABAAAACDANBgkqhkiG9w0BAQsFADCB
|
||||
gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
|
||||
ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi
|
||||
TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTAeFw0xMjA3MDIyMjI1
|
||||
MTRaFw0xMzEwMDIyMjI1MTRaMIGVMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz
|
||||
aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv
|
||||
cnBvcmF0aW9uMQ0wCwYDVQQLEwRNT1BSMTAwLgYDVQQDEydNaWNyb3NvZnQgV2lu
|
||||
ZG93cyBVRUZJIERyaXZlciBQdWJsaXNoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
|
||||
DwAwggEKAoIBAQDpIk+20zs8FhtIQeSe7u0Zy3v+A6a9a/HrKH3WwokbEKW/s5l9
|
||||
TL84I+diNjk92FTXhCTT6uJTxVvjPiaojAHGmeDtq63hMdG1ohoCVzKoUjy0k6eH
|
||||
e7X4svz0S57G14dtK742GhM2iIw9y9FedPZxfG4PjC9+y/iNpdXnszHwPysxNtYd
|
||||
/qPkE1AA0c7qPgm1/twwtB95d+UCgyyfwHAHY+fmjEOBC5HJc2PZRbmEWgeuve5t
|
||||
xFZ0LhGHcyXPleVtJftuv6Nx8VVpGzC959IdseQBbuNtLyCH4tqAAGfsWEoHCVcN
|
||||
gk+COheAFQanfGIbi+Yi16CmV+YfjpAgLzbnAgMBAAGjggEqMIIBJjAfBgNVHSUE
|
||||
GDAWBggrBgEFBQcDAwYKKwYBBAGCN1ACATAdBgNVHQ4EFgQUwEz8eC+VFd3VZV26
|
||||
/zKXOWqTUqYwHwYDVR0jBBgwFoAUE62/Qwm9gnCcjNVPMW7VIpiKG9QwUwYDVR0f
|
||||
BEwwSjBIoEagRIZCaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jcmwv
|
||||
TWljQ29yVUVGQ0EyMDExXzIwMTEtMDYtMjcuY3JsMGAGCCsGAQUFBwEBBFQwUjBQ
|
||||
BggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0
|
||||
cy9NaWNDb3JVRUZDQTIwMTFfMjAxMS0wNi0yNy5jcnQwDAYDVR0TAQH/BAIwADAN
|
||||
BgkqhkiG9w0BAQsFAAOCAQEAhAgxQ55OY+iNAOGwwGeNcLuJ9GbpAnqygXeSbV3v
|
||||
gXWzJA5yn5Q/HmvZSg8nyS5palABwHR/a/dXTAnoSFpettcCQkTd1zI2wo6d+tWO
|
||||
xQmLdFFiNCMlUtkjDB0N2ucxCLCgFEvZ6SZdrFbr3M51Es82J6aFjUGHbt4Z014O
|
||||
J5V6aJaq6eoVAJgydFD+fHI4Wqxv7/Bhaz0GbNC+flpTe7GEiMZ9ufBzHDCseRj+
|
||||
l3tCUP+/vuqB4bo7igMFuTdPDSJFN4HMWCO1+q1eUOhDBjgfgzgv4O2LF2qcn/GG
|
||||
jMZUPn8SsfESrcYkMP0bpTDYd6KQ8NLgnqzOB+037EOcJTCCBhAwggP4oAMCAQIC
|
||||
CmEI08QAAAAAAAQwDQYJKoZIhvcNAQELBQAwgZExCzAJBgNVBAYTAlVTMRMwEQYD
|
||||
VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy
|
||||
b3NvZnQgQ29ycG9yYXRpb24xOzA5BgNVBAMTMk1pY3Jvc29mdCBDb3Jwb3JhdGlv
|
||||
biBUaGlyZCBQYXJ0eSBNYXJrZXRwbGFjZSBSb290MB4XDTExMDYyNzIxMjI0NVoX
|
||||
DTI2MDYyNzIxMzI0NVowgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5n
|
||||
dG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9y
|
||||
YXRpb24xKzApBgNVBAMTIk1pY3Jvc29mdCBDb3Jwb3JhdGlvbiBVRUZJIENBIDIw
|
||||
MTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQClCGxMx0UJaksMpMCH
|
||||
fwZ1DEMBVGTgFn8H7ZJ9C7JzvwwKxkpFYaDFFi2W0/UroPtNSZtBgJA8uVT95rzR
|
||||
ncSkGIp/QYpcWYNoMruMR8nucbwhT5qKfP9EP42PMrImSK51te7JTB5KGX7kgpod
|
||||
eHdNDLC99g/TFtO8+iulUThd9fu623gC2//sChuW1YO4GRPptsB7QHvhHygnyfrv
|
||||
Vl4c5n6UfsDwRLJ5OeXasmKLTb84cOJoJBTJM6QIN9VYaV7TfO3BBFMI506wKodj
|
||||
CGFvYxVZ6rIredcMYWeKW/1erYd/uoZnT3FYEiIEIiLOi+9UcQDOUDVYdpUI7mqx
|
||||
ogHVAgMBAAGjggF2MIIBcjASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcV
|
||||
AgQWBBT4wWu3f3dTSvMlNx1OoSZ7DyBwgDAdBgNVHQ4EFgQUE62/Qwm9gnCcjNVP
|
||||
MW7VIpiKG9QwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGG
|
||||
MA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAURWZSQ+F+WBG/1k6eI1UIOzoi
|
||||
aqgwXAYDVR0fBFUwUzBRoE+gTYZLaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3Br
|
||||
aS9jcmwvcHJvZHVjdHMvTWljQ29yVGhpUGFyTWFyUm9vXzIwMTAtMTAtMDUuY3Js
|
||||
MGAGCCsGAQUFBwEBBFQwUjBQBggrBgEFBQcwAoZEaHR0cDovL3d3dy5taWNyb3Nv
|
||||
ZnQuY29tL3BraS9jZXJ0cy9NaWNDb3JUaGlQYXJNYXJSb29fMjAxMC0xMC0wNS5j
|
||||
cnQwDQYJKoZIhvcNAQELBQADggIBADUIQv8wzM73dgytEGhYNSlGMnYnfO8SQSdC
|
||||
G0qqbYE4SFkTVfPpWDSmFguCql2tgtqAg0EGj7Qd8gO58xpdG/FQkPmzVYRCKBwg
|
||||
vbKuURTFwKyXlSEckNsP/HeelXORiMq9vVK5BVAN31eeoGHtDeVtJdlADxdAyM6j
|
||||
SsJNr5oSHQhUj73HvLkrPUkrHzL8aiFpT5vIfkI0/DYGF4uPIEDAs5oldSfNyQOj
|
||||
9l3R5zZUerlQtdMS0Qe/u3Tf3B6PgNXtGPQvFBZrL95mjLAj5ceE2O3qwTOCrVZL
|
||||
GC3xaJUHzc/wcvCuu92GhZgsIUwzK/APSvBoh7WSVTJ1oWqCajyjJRGk7a3XBK7L
|
||||
2EBZoITRlUxikSIadB2MPUcORKbksJs0NbH6tlOoLIHspAVxyJ24uugbRGbkR1QO
|
||||
jlZ/s58WmLKG0Gg+kCO1L16PUIWNxo2CX0Gh9C4N4JnSbHXktmm1IYb6B9H24k3R
|
||||
2q0sd1MeJTI3x2xScpWGsPE1YWoZ9bI7gVBWpjIt/qKJ+UKGJxhVoYLKWpv4MJhU
|
||||
FKZHliUvyCbkQZQaXAI/5ZbjhVs8Pj+7RxZyVeIlIrHZe+cDBiqj9x6QRsMADdYZ
|
||||
ieMONSdiA3EVpu/QJ6CgWTdg+DiUuOB4cPi6TIaHlPbgrgJF7mXCtqN+aRZ1B5Kb
|
||||
9aa8WYNYMYIVyDCCFcQCAQEwgZkwgYExCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpX
|
||||
YXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQg
|
||||
Q29ycG9yYXRpb24xKzApBgNVBAMTIk1pY3Jvc29mdCBDb3Jwb3JhdGlvbiBVRUZJ
|
||||
IENBIDIwMTECEzMAAAAIHrF+nBX8g3oAAQAAAAgwDQYJYIZIAWUDBAIBBQCggcow
|
||||
GQYJKoZIhvcNAQkDMQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisG
|
||||
AQQBgjcCARUwLwYJKoZIhvcNAQkEMSIEIGVZb//6Ozv03LK+h0gc9rgbrHonOkZd
|
||||
0MfBd8nL3VbhMF4GCisGAQQBgjcCAQwxUDBOoBqAGABXAGkAbgBxAHUAYQBsACAA
|
||||
VABlAHMAdKEwgC5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vd2hkYy9oY2wvZGVm
|
||||
YXVsdC5tc3B4MA0GCSqGSIb3DQEBAQUABIIBAEUjL3FyotA8sfCYF1B24bGYtPZb
|
||||
dMlmr+6crsaQTI0iNFIqH7O7PrN082ScJHIOpGZtpuo6vblmDMGemdgN8Ad2mnju
|
||||
JNPKkvzlm/0XUDoUmx+Dbl6tKCpVyh7ZEz6mTAHV2RZUbzevkIR9oAanyaNNJZHc
|
||||
e0d6VdykdYtPZeK5sYzaO9slEHfg5d9B31AdqjU1aQPUxxZxbNOjNIFc6Ro7YR67
|
||||
3s0EgfEKKVZHmvVZ2ChICTA2Ln/ckXFiAy/lyBJlx0CmiifNPyVhlGn0ny8+5bBB
|
||||
L2CG5ZKLTLYMWZXRQzJgiZG+4uHLaycwR+E100rcLcZ07ooeS25Wx0Tgfe6hghMy
|
||||
MIITLgYKKwYBBAGCNwMDATGCEx4wghMaBgkqhkiG9w0BBwKgghMLMIITBwIBAzEP
|
||||
MA0GCWCGSAFlAwQCAQUAMIIBPQYLKoZIhvcNAQkQAQSgggEsBIIBKDCCASQCAQEG
|
||||
CisGAQQBhFkKAwEwMTANBglghkgBZQMEAgEFAAQgUrLZiye/Z1cUhRClMHxwiIy4
|
||||
gZcRB8Ml/65nTr8ulPICBlEBPu7EShgTMjAxMzAyMDkwMDEwNDguODg5WjAHAgEB
|
||||
gAIB9KCBuaSBtjCBszELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x
|
||||
EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv
|
||||
bjENMAsGA1UECxMETU9QUjEnMCUGA1UECxMebkNpcGhlciBEU0UgRVNOOkJCRUMt
|
||||
MzBDQS0yREJFMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNl
|
||||
oIIOxzCCBnEwggRZoAMCAQICCmEJgSoAAAAAAAIwDQYJKoZIhvcNAQELBQAwgYgx
|
||||
CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt
|
||||
b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1p
|
||||
Y3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTEwMDcw
|
||||
MTIxMzY1NVoXDTI1MDcwMTIxNDY1NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgT
|
||||
Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m
|
||||
dCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENB
|
||||
IDIwMTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpHQ28dxGKOiDs
|
||||
/BOX9fp/aZRrdFQQ1aUKAIKF++18aEssX8XD5WHCdrc+Zitb8BVTJwQxH0EbGpUd
|
||||
zgkTjnxhMFmxMEQP8WCIhFRDDNdNuDgIs0Ldk6zWczBXJoKjRQ3Q6vVHgc2/JGAy
|
||||
WGBG8lhHhjKEHnRhZ5FfgVSxz5NMksHEpl3RYRNuKMYa+YaAu99h/EbBJx0kZxJy
|
||||
GiGKr0tkiVBisV39dx898Fd1rL2KQk1AUdEPnAY+Z3/1ZsADlkR+79BL/W7lmsqx
|
||||
qPJ6Kgox8NpOBpG2iAg16HgcsOmZzTznL0S6p/TcZL2kAcEgCZN4zfy8wMlEXV4W
|
||||
nAEFTyJNAgMBAAGjggHmMIIB4jAQBgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQU
|
||||
1WM6XIoxkPNDe3xGG8UzaFqFbVUwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEw
|
||||
CwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/o
|
||||
olxiaNE9lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNy
|
||||
b3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYt
|
||||
MjMuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5t
|
||||
aWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5j
|
||||
cnQwgaAGA1UdIAEB/wSBlTCBkjCBjwYJKwYBBAGCNy4DMIGBMD0GCCsGAQUFBwIB
|
||||
FjFodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vUEtJL2RvY3MvQ1BTL2RlZmF1bHQu
|
||||
aHRtMEAGCCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAFAAbwBsAGkAYwB5AF8A
|
||||
UwB0AGEAdABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQAH5ohRDeLG
|
||||
4Jg/gXEDPZ2joSFvs+umzPUxvs8F4qn++ldtGTCzwsVmyWrf9efweL3HqJ4l4/m8
|
||||
7WtUVwgrUYJEEvu5U4zM9GASinbMQEBBm9xcF/9c+V4XNZgkVkt070IQyK+/f8Z/
|
||||
8jd9Wj8c8pl5SpFSAK84Dxf1L3mBZdmptWvkx872ynoAb0swRCQiPM/tA6WWj1kp
|
||||
vLb9BOFwnzJKJ/1Vry/+tuWOM7tiX5rbV0Dp8c6ZZpCM/2pif93FSguRJuI57BlK
|
||||
cWOdeyFtw5yjojz6f32WapB4pm3S4Zz5Hfw42JT0xqUKloakvZ4argRCg7i1gJsi
|
||||
OCC1JeVk7Pf0v35jWSUPei45V3aicaoGig+JFrphpxHLmtgOR5qAxdDNp9DvfYPw
|
||||
4TtxCd9ddJgiCGHasFAeb73x4QDf5zEHpJM692VHeOj4qEir995yfmFrb3epgcun
|
||||
Caw5u+zGy9iCtHLNHfS4hQEegPsbiSpUObJb2sgNVZl6h3M7COaYLeqN4DMuEin1
|
||||
wC9UJyH3yKxO2ii4sanblrKnQqLJzxlBTeCG+SqaoxFmMNO7dDJL32N79ZmKLxvH
|
||||
Ia9Zta7cRDyXUHHXodLFVeNp3lfB0d4wwP3M5k37Db9dT+mdHhk4L7zPWAUu7w2g
|
||||
UDXa7wknHNWzfjUeCLraNtvTX4/edIhJEjCCBNEwggO5oAMCAQICCmEH6j4AAAAA
|
||||
ABAwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp
|
||||
bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw
|
||||
b3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAw
|
||||
HhcNMTIwMTA5MjEzNTM3WhcNMTMwNDA5MjE0NTM3WjCBszELMAkGA1UEBhMCVVMx
|
||||
EzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoT
|
||||
FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjENMAsGA1UECxMETU9QUjEnMCUGA1UECxMe
|
||||
bkNpcGhlciBEU0UgRVNOOkJCRUMtMzBDQS0yREJFMSUwIwYDVQQDExxNaWNyb3Nv
|
||||
ZnQgVGltZS1TdGFtcCBTZXJ2aWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
|
||||
CgKCAQEArLKRs8Ez2L8FlySOHC3g7HEsvCifzy1JVeHvu/zjwUeMjKHpXrLzNxtM
|
||||
lcXvcRU+GocXarhoJaGzJQ405JHlqhitYI9UXw74r+pQ3XJlOyEFABlNPE6HPY7J
|
||||
SRcrTQKXH6XPndfvdKYzWrzNRcna9lrEd8/G7IZ6sBvr2JMYJ1sA2LxRMOMZO7ZN
|
||||
PW8ZEwH6q2qIXHyrAUPszTV3MocYl9I/q7UL8VUrElE4mNlXcFHXcpdanPIZMuqC
|
||||
K7r2shLy1YlcL8zrXktoX8q0CIDMKoge+nFmJoVgoIBBn6tBTj5JxH/YlWjRBaa8
|
||||
lRbWQENtJ6Xn2kiPB1Dy/m/hsJn0sQIDAQABo4IBGzCCARcwHQYDVR0OBBYEFBw+
|
||||
TiQkOFKmsJaLPYP6QBzUl3mAMB8GA1UdIwQYMBaAFNVjOlyKMZDzQ3t8RhvFM2ha
|
||||
hW1VMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9w
|
||||
a2kvY3JsL3Byb2R1Y3RzL01pY1RpbVN0YVBDQV8yMDEwLTA3LTAxLmNybDBaBggr
|
||||
BgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNv
|
||||
bS9wa2kvY2VydHMvTWljVGltU3RhUENBXzIwMTAtMDctMDEuY3J0MAwGA1UdEwEB
|
||||
/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwgwDQYJKoZIhvcNAQELBQADggEBAIx4
|
||||
LOwvQWC+3K/ovFms3igerIdnL2iSbmkoKdUklRC3S2LU6FmnTwPzyY2nDeZk2AW8
|
||||
VEqGr62SXhWm6KJ0C6iU+gDItDYfCZsT19FQQd5TuoFwnDzqbtdFMnl2ykE4xVLp
|
||||
WvqXYkTms2oFJJ1Py6IH44wUtQkfWbIqacDBQGAL4zDsSLA7i6cYJbka/mGQbsv7
|
||||
lxb+Dav3Vxql4hhP/rC6arhdr/J+EAEmhUcgX8bSTPTirnJs2GVgS2mKZhUMEpMh
|
||||
ztXnrToJ8VSvwmh6R9SlWXW0wQNjc0SO+clpfJ3/MXhdKqAQBi7Kg0cLYw1Et9wP
|
||||
LKYMEGUUAdOuqnzPMQChggN5MIICYQIBATCB46GBuaSBtjCBszELMAkGA1UEBhMC
|
||||
VVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNV
|
||||
BAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjENMAsGA1UECxMETU9QUjEnMCUGA1UE
|
||||
CxMebkNpcGhlciBEU0UgRVNOOkJCRUMtMzBDQS0yREJFMSUwIwYDVQQDExxNaWNy
|
||||
b3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNloiUKAQEwCQYFKw4DAhoFAAMVAMkjHgxV
|
||||
D5VtMurdbnMaFzgx80X/oIHCMIG/pIG8MIG5MQswCQYDVQQGEwJVUzETMBEGA1UE
|
||||
CBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9z
|
||||
b2Z0IENvcnBvcmF0aW9uMQ0wCwYDVQQLEwRNT1BSMScwJQYDVQQLEx5uQ2lwaGVy
|
||||
IE5UUyBFU046QjAyNy1DNkY4LTFEODgxKzApBgNVBAMTIk1pY3Jvc29mdCBUaW1l
|
||||
IFNvdXJjZSBNYXN0ZXIgQ2xvY2swDQYJKoZIhvcNAQEFBQACBQDUv21+MCIYDzIw
|
||||
MTMwMjA4MTIyNjM4WhgPMjAxMzAyMDkxMjI2MzhaMHcwPQYKKwYBBAGEWQoEATEv
|
||||
MC0wCgIFANS/bX4CAQAwCgIBAAICDhkCAf8wBwIBAAICF04wCgIFANTAvv4CAQAw
|
||||
NgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAaAKMAgCAQACAxbjYKEKMAgC
|
||||
AQACAwehIDANBgkqhkiG9w0BAQUFAAOCAQEAzQCT6RScPYTOQuFjYFRfluWFOu+H
|
||||
mkaFnRv5AHpyepmEUC5MtCXudCSbDI8hKG9KtMD5ICy1hMrMKMFwXYcSfE0lveqP
|
||||
D/DJMNrrzEJcgDLnv8jkmvjdXhXo3K5NLM8ffxV5Wl8JVVU9Ldm28s0C39oVTOVD
|
||||
h+v+t8iccLZa4t7nGFu1fb7dtYCf9H44+/uxOi4xIMYslVbFRyxK6RVH6w4mtjeQ
|
||||
Gixih2JNGintVyA8AeTNdMwCl8X8TUh8/YYlWW1gZHgQzfGba1qNjPTTFsATd/eB
|
||||
WWyzGQo9ZXIglRKmyGF4orHWjX4Sq15E1rSraqUNBiXQAH4OSrEFhDoUojGCAuMw
|
||||
ggLfAgEBMIGKMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAw
|
||||
DgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24x
|
||||
JjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAgphB+o+AAAA
|
||||
AAAQMA0GCWCGSAFlAwQCAQUAoIIBKTAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQ
|
||||
AQQwLwYJKoZIhvcNAQkEMSIEIGOQwgAVf2pXul5+zbE/dgOk6M9oBkEUEqfheuWf
|
||||
6IH6MIHZBgsqhkiG9w0BCRACDDGByTCBxjCBwzCBqAQUySMeDFUPlW0y6t1ucxoX
|
||||
ODHzRf8wgY8wgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv
|
||||
bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0
|
||||
aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAIKYQfq
|
||||
PgAAAAAAEDAWBBRflhFLlhbsbPjG85vpBBvIGRjAYzANBgkqhkiG9w0BAQsFAASC
|
||||
AQBjsNknQztyuopS9mEaJ1c1CCKUyjtDZZbajoOBYdpaeTmF6/HivmcxmA/qBdE9
|
||||
5Wk4ZSz4qFfRah5VwoiQFx37tgHPHoGFOZE7dZzpmj1IObv/cAnBS7Ez/Xx1HGte
|
||||
C4VuvXAq5Up1zmC0RCpAyN6f7C/XNOhN+9YQxCfs/MVdNM8340V6N95JIn62TAij
|
||||
UyxHOSstpwTqG042U0VfEvtk52wQottzWd0ra29wCG8cZAyTb4F+BUCzEEyDoOPr
|
||||
aHzGEOAGuwDeiG6SclVuuDxM9BUsPdWy1xUlQ74eGGB9lEMG9/sHX14VKH0q9kA3
|
||||
KNa/GX4NdMvMjP1DJzdisFTMAAAAAAAA
|
||||
-----END AUTHENTICODE SIGNATURE-----
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:df224ef3b05794cbce084c11baaf3d85f380a5213d9097e400d9fa42fc412933
|
||||
size 1378256
|
@ -1,3 +1,9 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Aug 7 15:51:36 UTC 2013 - lnussel@suse.de
|
||||
|
||||
- don't include binary in the sources. Instead package the raw
|
||||
signature and attach it during build (bnc#813448).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 30 07:36:28 UTC 2013 - glin@suse.com
|
||||
|
||||
|
30
shim.spec
30
shim.spec
@ -26,13 +26,15 @@ License: BSD-2-Clause
|
||||
Group: System/Boot
|
||||
Url: https://github.com/mjg59/shim
|
||||
Source: %{name}-%{version}.tar.bz2
|
||||
# this binary has been signed by UEFI signing service
|
||||
# FIXME: evaluate whether using signature only and attaching that
|
||||
# to the built binary also works
|
||||
Source1: shim-signed.efi
|
||||
# run "extract_signature.sh shim.efi" where shim.efi is the binary
|
||||
# with the signature from the UEFI signing service.
|
||||
Source1: microsoft.asc
|
||||
Source2: openSUSE-UEFI-CA-Certificate.crt
|
||||
Source3: shim-install
|
||||
Source4: SLES-UEFI-CA-Certificate.crt
|
||||
Source5: extract_signature.sh
|
||||
Source6: attach_signature.sh
|
||||
Source7: show_hash.sh
|
||||
# PATCH-FIX-SUSE shim-suse-build.patch glin@suse.com -- Adjust Makefile for the build service
|
||||
Patch0: shim-suse-build.patch
|
||||
# PATCH-FIX-UPSTREAM shim-fix-pointer-casting.patch glin@suse.com -- Fix a casting issue and the size of an empty vendor_cert or dbx_cert.
|
||||
@ -121,15 +123,29 @@ touch shim.cer
|
||||
# make sure cast warnings don't trigger post build check
|
||||
make VENDOR_CERT_FILE=shim-$suffix.der shim.efi MokManager.efi fallback.efi 2>/dev/null
|
||||
# make VENDOR_CERT_FILE=cert.der VENDOR_DBX_FILE=dbx
|
||||
mv shim.efi shim-$suffix.efi
|
||||
cp shim.efi shim-$suffix.efi
|
||||
chmod 755 %{SOURCE6} %{SOURCE7}
|
||||
# alternative: verify signature
|
||||
#sbverify --cert MicCorThiParMarRoo_2010-10-05.pem shim-signed.efi
|
||||
head -1 %{SOURCE1} > hash1
|
||||
%{SOURCE7} shim.efi > hash2
|
||||
cat hash1 hash2
|
||||
if ! cmp -s hash1 hash2; then
|
||||
echo "ERROR: binary changed, need to request new signature!"
|
||||
# don't fail in devel projects
|
||||
prj="%{_project}"
|
||||
if "${prj%%:*}" = "openSUSE"; then
|
||||
false
|
||||
fi
|
||||
fi
|
||||
%{SOURCE6} %{SOURCE1} shim.efi
|
||||
|
||||
%install
|
||||
export BRP_PESIGN_FILES='%{_libdir}/efi/shim*.efi %{_libdir}/efi/MokManager.efi %{_libdir}/efi/fallback.efi'
|
||||
install -d %{buildroot}/%{_libdir}/efi
|
||||
install -m 644 shim-*.efi %{buildroot}/%{_libdir}/efi
|
||||
install -m 444 shim-*.der %{buildroot}/%{_libdir}/efi
|
||||
# FIXME: install signed shim here
|
||||
install -m 644 %{SOURCE1} %{buildroot}/%{_libdir}/efi/shim.efi
|
||||
install -m 644 shim-signed.efi %{buildroot}/%{_libdir}/efi/shim.efi
|
||||
install -m 644 MokManager.efi %{buildroot}/%{_libdir}/efi/MokManager.efi
|
||||
install -m 644 fallback.efi %{buildroot}/%{_libdir}/efi/fallback.efi
|
||||
install -d %{buildroot}/%{_sbindir}
|
||||
|
21
show_hash.sh
Normal file
21
show_hash.sh
Normal file
@ -0,0 +1,21 @@
|
||||
#!/bin/bash
|
||||
# show hash of PE binary
|
||||
set -e
|
||||
|
||||
infile="$1"
|
||||
|
||||
if [ -z "$infile" -o ! -e "$infile" ]; then
|
||||
echo "USAGE: $0 file.efi"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
nssdir=`mktemp -d`
|
||||
cleanup()
|
||||
{
|
||||
rm -r "$nssdir"
|
||||
}
|
||||
trap cleanup EXIT
|
||||
echo > "$nssdir/pw"
|
||||
certutil -f "$nssdir/pw" -d "$nssdir" -N
|
||||
|
||||
pesign -n "$nssdir" -h -P -i "$infile"
|
Loading…
Reference in New Issue
Block a user