Accepting request 991171 from home:joeyli:branches:devel:openSUSE:Factory

Revoked the change in shim.spec for use common SBAT values (boo#1193282) (bsc#1198458)

OBS-URL: https://build.opensuse.org/request/show/991171
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=189

shim.changes

@@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Mon Jul 25 12:44:24 UTC 2022 - Joey Lee <jlee@suse.com>
+
+- Revoked the change in shim.spec for "use common SBAT values (boo#1193282)"
+  - we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory
+    is unstable for building out a stable shim binary for signing. (bsc#1198458)
+  - But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4
+    because closing-the-leap-gap. So sbat_distro_* variables are SLE version,
+    not for openSUSE. (bsc#1198458)
+
 -------------------------------------------------------------------
 Tue Jun 28 04:03:45 UTC 2022 - Joey Lee <jlee@suse.com>
 

shim.spec

@@ -35,13 +35,6 @@
 %endif
 %endif
 
-%if %{defined sbat_distro}
-# SBAT metadata
-%define sbat_generation 1
-%else
-%{error please define sbat_distro, sbat_distro_summary and sbat_distro_url}
-%endif
-
 Name:           shim
 Version:        15.6
 Release:        0
@@ -134,10 +127,17 @@ The source code of UEFI shim loader
 %patch100 -p1
 
 %build
-%if 0%{?sbat_generation}
 # generate the vendor SBAT metadata
-echo "shim.%{sbat_distro},%{sbat_generation},%{sbat_distro_summary},%{name},%{version},%{sbat_distro_url}" > data/sbat.vendor.csv
+%if 0%{?is_opensuse} == 1 || 0%{?sle_version} == 0
+distro_id="opensuse"
+distro_name="The openSUSE project"
+%else
+distro_id="sle"
+distro_name="SUSE Linux Enterprise"
 %endif
+distro_sbat=1
+sbat="shim.${distro_id},${distro_sbat},${distro_name},%{name},%{version},mail:security-team@suse.de"
+echo "${sbat}" > data/sbat.vendor.csv
 
 # first, build MokManager and fallback as they don't depend on a
 # specific certificate