Accepting request 317610 from home:gary_lin:branches:devel:openSUSE:Factory

Update openssl and package the debug symbols OBS-URL: https://build.opensuse.org/request/show/317610 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=100
2015-07-20 10:27:18 +00:00 · 2015-07-20 10:27:18 +00:00 · b326961adf
commit b326961adf
parent fc4b3ef345
6 changed files with 146343 additions and 88 deletions
--- a/shim-change-debug-file-path.patch
+++ b/shim-change-debug-file-path.patch
@ -0,0 +1,26 @@
+From a2b1ceac7093798d770cf50c8a2a78f7051c7be9 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Wed, 15 Jul 2015 18:15:40 +0800
+Subject: [PATCH] Change the debug file path
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/Makefile b/Makefile
+index 48e2a7d..081c9a8 100644
+--- a/Makefile
+++ b/Makefile
+@@ -43,7 +43,7 @@ ifeq ($(ARCH),x86_64)
+ 		-maccumulate-outgoing-args \
+ 		-DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \
+ 		"-DEFI_ARCH=L\"x64\"" \
+-		"-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/x64-$(VERSION)$(RELEASE)/\""
+		"-DDEBUGDIR=L\"/usr/lib/debug/usr/lib64/efi/shim.debug\""
+ endif
+ ifeq ($(ARCH),ia32)
+ 	CFLAGS	+= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
+-- 
+2.1.4
+
--- a/shim-fix-gnu-efi-30w.patch
+++ b/shim-fix-gnu-efi-30w.patch
@ -1,85 +0,0 @@
-From 7bfd197ba085e84db662decd9efc8ecf8a435ec2 Mon Sep 17 00:00:00 2001
-From: Gary Ching-Pang Lin <glin@suse.com>
-Date: Thu, 25 Sep 2014 18:12:42 +0800
-Subject: [PATCH] Adapt the change in gnu-efi-3.0w
-
---
- Cryptlib/Include/OpenSslSupport.h | 13 +++++++------
- Cryptlib/Makefile                 |  1 +
- Cryptlib/OpenSSL/Makefile         |  3 +++
- Makefile                          |  2 ++
- 4 files changed, 13 insertions(+), 6 deletions(-)
-
-diff --git a/Cryptlib/Include/OpenSslSupport.h b/Cryptlib/Include/OpenSslSupport.h
-index b77838d..8a53eb7 100644
--- a/Cryptlib/Include/OpenSslSupport.h
-+++ b/Cryptlib/Include/OpenSslSupport.h
-@@ -16,12 +16,6 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
- #define __OPEN_SSL_SUPPORT_H__
- 
- #include <efi.h>
-#include <efilib.h>
-#include <Base.h>
-#include <Library/BaseLib.h>
-#include <Library/BaseMemoryLib.h>
-#include <Library/MemoryAllocationLib.h>
-#include <Library/DebugLib.h>
- 
- #define CONST const
- 
-@@ -63,6 +57,13 @@ typedef __builtin_va_list VA_LIST;
- #define va_end(Marker)                ((void)0)
- #endif
- 
-+#include <efilib.h>
-+#include <Base.h>
-+#include <Library/BaseLib.h>
-+#include <Library/BaseMemoryLib.h>
-+#include <Library/MemoryAllocationLib.h>
-+#include <Library/DebugLib.h>
-+
- //
- // #defines from EFI Application Toolkit required to buiild Open SSL
- //
-diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
-index 1769e67..e4f9eb5 100644
--- a/Cryptlib/Makefile
-+++ b/Cryptlib/Makefile
-@@ -4,6 +4,7 @@ EFI_INCLUDES	= -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLU
- CFLAGS		= -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar \
- 		  -Wall $(EFI_INCLUDES) \
- 		  -ffreestanding -I$(shell $(CC) -print-file-name=include)
-+CFLAGS          += -DGNU_EFI_USE_EXTERNAL_STDARG
- 
- ifeq ($(ARCH),x86_64)
- 	CFLAGS	+= -mno-mmx -mno-sse -mno-red-zone -nostdinc -maccumulate-outgoing-args \
-diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile
-index 7bedb94..1f2c6d5 100644
--- a/Cryptlib/OpenSSL/Makefile
-+++ b/Cryptlib/OpenSSL/Makefile
-@@ -19,6 +19,9 @@ endif
- ifeq ($(ARCH),arm)
- 	CFLAGS	+= -O2 -DTHIRTY_TWO_BIT
- endif
-+
-+CFLAGS          += -DGNU_EFI_USE_EXTERNAL_STDARG
-+
- LDFLAGS		= -nostdlib -znocombreloc
- 
- TARGET		= libopenssl.a
-diff --git a/Makefile b/Makefile
-index 83cf374..9cfebc7 100644
--- a/Makefile
-+++ b/Makefile
-@@ -28,6 +28,8 @@ CFLAGS		= -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
- 		  "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
- 		  $(EFI_INCLUDES)
- 
-+CFLAGS          += -DGNU_EFI_USE_EXTERNAL_STDARG
-+
- ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
- 	CFLAGS	+= -DOVERRIDE_SECURITY_POLICY
- endif
-- 
-2.1.4
-
--- a/shim-gcc5.patch
+++ b/shim-gcc5.patch
@ -0,0 +1,62 @@
+From a508082e41339d929ae598c964562946287c1938 Mon Sep 17 00:00:00 2001
+From: Gary Ching-Pang Lin <glin@suse.com>
+Date: Mon, 13 Jul 2015 16:33:52 +0800
+Subject: [PATCH] Specify the gnu89 standard
+
+According to the gcc5 porting guideline (*), gcc5 defaults to
+-std=gnu11 instead of -std=gnu89. Append -std=gnu89 to CFLAGS
+to avoid the potential problems.
+
+(*) https://gcc.gnu.org/gcc-5/porting_to.html
+
+Based on the patch from Cristian Rodriguez <crrodriguez@opensuse.org>
+
+Signed-off-by: Gary Ching-Pang Lin <glin@suse.com>
+---
+ Cryptlib/Makefile         | 2 +-
+ Cryptlib/OpenSSL/Makefile | 2 +-
+ Makefile                  | 2 +-
+ 3 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
+index cb18440..9a92304 100644
+--- a/Cryptlib/Makefile
+++ b/Cryptlib/Makefile
+@@ -2,7 +2,7 @@
+ EFI_INCLUDES	= -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol
+ 
+ CFLAGS		= -ggdb -O0 -I. -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar \
+-		  -Wall $(EFI_INCLUDES) \
+		  -Wall $(EFI_INCLUDES) -std=gnu89 \
+ 		  -ffreestanding -I$(shell $(CC) -print-file-name=include)
+ 
+ ifeq ($(ARCH),x86_64)
+diff --git a/Cryptlib/OpenSSL/Makefile b/Cryptlib/OpenSSL/Makefile
+index 3f87a94..ab6e7dd 100644
+--- a/Cryptlib/OpenSSL/Makefile
+++ b/Cryptlib/OpenSSL/Makefile
+@@ -2,7 +2,7 @@
+ EFI_INCLUDES	= -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Icrypto/asn1 -Icrypto/evp -Icrypto/modes
+ 
+ CFLAGS		= -ggdb -O0 -I. -I.. -I../Include/ -Icrypto -fno-stack-protector -fno-strict-aliasing -fpic -fshort-wchar -nostdinc \
+-		  -ffreestanding -I$(shell $(CC) -print-file-name=include) \
+		  -ffreestanding -std=gnu89 -I$(shell $(CC) -print-file-name=include) \
+ 		  -Wall $(EFI_INCLUDES) -DOPENSSL_SYSNAME_UWIN -DOPENSSL_SYS_UEFI -DL_ENDIAN -D_CRT_SECURE_NO_DEPRECATE -D_CRT_NONSTDC_NO_DEPRECATE -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_SEED -DOPENSSL_NO_RC5 -DOPENSSL_NO_MDC2 -DOPENSSL_NO_SOCK -DOPENSSL_NO_CMS -DOPENSSL_NO_JPAKE -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_ERR -DOPENSSL_NO_KRB5 -DOPENSSL_NO_DYNAMIC_ENGINE -DGETPID_IS_MEANINGLESS -DOPENSSL_NO_STDIO -DOPENSSL_NO_POSIX_IO -DOPENSSL_NO_FP_API -DOPENSSL_NO_DGRAM -DOPENSSL_NO_SHA0 -DOPENSSL_NO_LHASH -DOPENSSL_NO_HW -DOPENSSL_NO_OCSP -DOPENSSL_NO_LOCKING -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_RIPEMD -DOPENSSL_NO_RC2 -DOPENSSL_NO_IDEA -DOPENSSL_NO_BF -DOPENSSL_NO_CAST -DOPENSSL_NO_WHIRLPOOL -DOPENSSL_NO_DSA -DOPENSSL_NO_EC -DOPENSSL_NO_ECDH -DOPENSSL_NO_ECDSA -DOPENSSL_NO_SRP -DOPENSSL_NO_ENGINE -DOPENSSL_SMALL_FOOTPRINT -DPEDANTIC
+ 
+ ifeq ($(ARCH),x86_64)
+diff --git a/Makefile b/Makefile
+index 1181b8a..48e2a7d 100644
+--- a/Makefile
+++ b/Makefile
+@@ -28,7 +28,7 @@ EFI_LDS		= elf_$(ARCH)_efi.lds
+ DEFAULT_LOADER	:= \\\\grub.efi
+ CFLAGS		= -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
+ 		  -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
+-		  -Werror=sign-compare -ffreestanding \
+		  -Werror=sign-compare -ffreestanding -std=gnu89 \
+ 		  -I$(shell $(CC) -print-file-name=include) \
+ 		  "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
+ 		  "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
+-- 
+2.1.4
+
--- a/shim-update-openssl-1.0.2d.patch
+++ b/shim-update-openssl-1.0.2d.patch
--- a/shim.changes
+++ b/shim.changes
@ -1,3 +1,13 @@
+-------------------------------------------------------------------
+Thu Jul 16 06:49:01 UTC 2015 - glin@suse.com
+
+- Add shim-update-openssl-1.0.2d.patch to update openssl to 1.0.2d
+- Refresh shim-gcc5.patch and add it back since we really need it
+- Add shim-change-debug-file-path.patch to change the debug file
+  path in shim.efi
+  + also add the debuginfo and debugsource subpackages
+- Drop shim-fix-gnu-efi-30w.patch which is not necessary anymore
+
 -------------------------------------------------------------------
 Mon Jul  6 09:06:02 UTC 2015 - glin@suse.com

--- a/shim.spec
+++ b/shim.spec
@ -18,6 +18,8 @@

 # needssslcertforbuild

+%undefine _build_create_debug
+
 Name:           shim
 Version:        0.9
 Release:        0
@ -42,10 +44,14 @@ Source11:       strip_signature.sh
 Source12:       signature-sles.asc
 # PATCH-FIX-SUSE shim-only-os-name.patch glin@suse.com -- Only include the OS name in version.c
 Patch1:         shim-only-os-name.patch
-# PATCH-FIX-UPSTREAM shim-fix-gnu-efi-30w.patch glin@suse.com -- Adapt the change in gnu-efi 3.0w
-Patch2:         shim-fix-gnu-efi-30w.patch
 # PATCH-FIX-UPSTREAM shim-fix-mokmanager-sections.patch glin@suse.com -- Fix the objcopy parameters for the EFI files
 Patch3:         shim-fix-mokmanager-sections.patch
+# PATCH-FIX-UPSTREAM shim-update-openssl-1.0.2d.patch glin@suse.com -- Update openssl to 1.0.2d
+Patch4:         shim-update-openssl-1.0.2d.patch
+# PATCH-FIX-UPSTREAM shim-gcc5.patch glin@suse.com -- Specify the gnu89 standard
+Patch5:         shim-gcc5.patch
+# PATCH-FIX-OPENSUSE shim-change-debug-file-path.patch glin@suse.com -- Change the default debug file path
+Patch50:        shim-change-debug-file-path.patch
 # PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch glin@suse.com -- Show the prompt to ask whether the user trusts openSUSE certificate or not
 Patch100:       shim-opensuse-cert-prompt.patch
 BuildRequires:  gnu-efi >= 3.0t
@ -63,7 +69,19 @@ ExclusiveArch:  x86_64 aarch64
 shim is a trivial EFI application that, when run, attempts to open and
 execute another application.

+%package -n shim-debuginfo
+Summary:        UEFI shim loader - debug symbols
+Group:          System/Boot

+%description -n shim-debuginfo
+The debug symbols of UEFI shim loader
+
+%package -n shim-debugsource
+Summary:        UEFI shim loader - debug source
+Group:          System/Boot
+
+%description -n shim-debugsource
+The source code of UEFI shim loader

 Authors:
 --------
@ -72,8 +90,10 @@ Authors:
 %prep
 %setup -q
 %patch1 -p1
-%patch2 -p1
 %patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch50 -p1
 %patch100 -p1
 %build
 # first, build MokManager and fallback as they don't depend on a
@ -164,12 +184,18 @@ for suffix in "${suffixes[@]}"; do
    else
        mv shim.efi shim-$suffix.efi
    fi
+    mv shim.efi.debug shim-$suffix.debug
    rm -f shim.cer shim.crt
    # make sure cert.o gets rebuilt
    rm -f cert.o
 done

 ln -s shim-${suffixes[0]}.efi shim.efi
+mv shim-${suffixes[0]}.debug shim.debug
+
+# Collect the source for debugsource
+mkdir source
+find . \( -name "*.c" -o -name "*.h" \) -type f -exec cp --parents -a {} source/ \;

 %install
 export BRP_PESIGN_FILES='%{_libdir}/efi/shim*.efi %{_libdir}/efi/MokManager.efi %{_libdir}/efi/fallback.efi'
@ -187,6 +213,16 @@ for file in shim-*.der; do
    install -m 644 $file %{buildroot}/%{_sysconfdir}/uefi/certs/$fpr.crt
 done

+# install the debug symbols
+install -d %{buildroot}/usr/lib/debug/%{_libdir}/efi
+install -m 644 shim.debug %{buildroot}/usr/lib/debug/%{_libdir}/efi
+install -m 644 MokManager.efi.debug %{buildroot}/usr/lib/debug/%{_libdir}/efi/MokManager.debug
+install -m 644 fallback.efi.debug %{buildroot}/usr/lib/debug/%{_libdir}/efi/fallback.debug
+
+# install the debug source
+install -d %{buildroot}/usr/src/debug/%{name}-%{version}
+cp -r source/* %{buildroot}/usr/src/debug/%{name}-%{version}
+
 %clean
 %{?buildroot:%__rm -rf "%{buildroot}"}

@ -207,4 +243,15 @@ done
 %dir %{_sysconfdir}/uefi/certs/
 %{_sysconfdir}/uefi/certs/*.crt

+%files -n shim-debuginfo
+%defattr(-,root,root,-)
+/usr/lib/debug/%{_libdir}/efi/shim.debug
+/usr/lib/debug/%{_libdir}/efi/MokManager.debug
+/usr/lib/debug/%{_libdir}/efi/fallback.debug
+
+%files -n shim-debugsource
+%defattr(-,root,root,-)
+%dir /usr/src/debug/%{name}-%{version}
+/usr/src/debug/%{name}-%{version}/*
+
 %changelog