Accepting request 459945 from devel:openSUSE:Factory
Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/459945 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=55
This commit is contained in:
Dominique Leuenberger
Git OBS Bridge
commit
d60ff6b061
25
SIGNATURE_UPDATE.txt
Normal file
25
SIGNATURE_UPDATE.txt
Normal file
@ -0,0 +1,25 @@
|
||||
==== openSUSE ====
|
||||
For openSUSE, the devel project of shim is devel:openSUSE:Factory. ALWAYS
|
||||
use the latest Leap to build shim-opensuse.efi for UEFI CA. Tumbleweed
|
||||
shares the same binary with Leap, so do the older Leap releases.
|
||||
|
||||
The steps to udpate signature-opensuse.asc:
|
||||
1) Branch devel:openSUSE:Factory/shim.
|
||||
2) Add the latest Leap, e.g. 42.2, to the build target.
|
||||
3) Build shim-opensuse.efi against the latest Leap.
|
||||
4) Strip the signature from shim-opensuse.efi with strip_signature.sh.
|
||||
5) Send shim-opensuse.efi to UEFI CA to request a new signature.
|
||||
6) Extract the signature from the signed shim.efi with extract_signature.sh
|
||||
7) Update signature-opensuse.asc.
|
||||
|
||||
==== SLES ===
|
||||
Since there is no devel project for shim in SLES, just build shim-sles.efi with
|
||||
the latest SLES and then send it to UEFI CA for a new signature.
|
||||
|
||||
The steps to update signature-sles.asc:
|
||||
1) Branch shim from the latest SLES and apply the update/fix.
|
||||
2) Build shim-sles.efi against the latest SLES.
|
||||
3) Strip the signature from shim-sles.efi with strip_signature.sh.
|
||||
4) Send shim-sles.efi to UEFI CA to request a new signature.
|
||||
5) Extract the signature from the signed shim.efi with extract_signature.sh
|
||||
6) Update signature-sles.asc.
|
||||
13
shim.changes
13
shim.changes
@ -1,3 +1,16 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 13 09:21:49 UTC 2017 - mchang@suse.com
|
||||
|
||||
- Support %posttrans with marcos provided by update-bootloader-rpm-macros
|
||||
package (bsc#997317)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 18 09:23:01 UTC 2016 - glin@suse.com
|
||||
|
||||
- Add SIGNATURE_UPDATE.txt to state the steps to update
|
||||
signature-*.asc
|
||||
- Update the comment of strip_signature.sh
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 21 09:55:40 UTC 2016 - mchang@suse.com
|
||||
|
||||
|
||||
21
shim.spec
21
shim.spec
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package shim
|
||||
#
|
||||
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -14,10 +14,9 @@
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
# needssslcertforbuild
|
||||
|
||||
|
||||
%undefine _build_create_debug
|
||||
|
||||
Name: shim
|
||||
@ -30,6 +29,7 @@ Url: https://github.com/mjg59/shim
|
||||
Source: %{name}-%{version}.tar.bz2
|
||||
# run "extract_signature.sh shim.efi" where shim.efi is the binary
|
||||
# with the signature from the UEFI signing service.
|
||||
# Note: For signature requesting, check SIGNATURE_UPDATE.txt
|
||||
Source1: signature-opensuse.asc
|
||||
Source2: openSUSE-UEFI-CA-Certificate.crt
|
||||
Source3: shim-install
|
||||
@ -42,6 +42,7 @@ Source9: openSUSE-UEFI-CA-Certificate-4096.crt
|
||||
Source10: timestamp.pl
|
||||
Source11: strip_signature.sh
|
||||
Source12: signature-sles.asc
|
||||
Source99: SIGNATURE_UPDATE.txt
|
||||
# PATCH-FIX-SUSE shim-only-os-name.patch glin@suse.com -- Only include the OS name in version.c
|
||||
Patch1: shim-only-os-name.patch
|
||||
# PATCH-FIX-UPSTREAM FATE#320129 shim-httpboot-support.patch glin@suse.com -- Add HTTPBoot support
|
||||
@ -63,7 +64,14 @@ BuildRequires: mozilla-nss-tools
|
||||
BuildRequires: openssl >= 0.9.8
|
||||
BuildRequires: pesign
|
||||
BuildRequires: pesign-obs-integration
|
||||
%if 0%{?suse_version} > 1320
|
||||
BuildRequires: update-bootloader-rpm-macros
|
||||
%endif
|
||||
%if 0%{?update_bootloader_requires:1}
|
||||
%update_bootloader_requires
|
||||
%else
|
||||
Requires: perl-Bootloader
|
||||
%endif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
# For shim-install script
|
||||
Requires: grub2-efi
|
||||
@ -233,7 +241,14 @@ cp -r source/* %{buildroot}/usr/src/debug/%{name}-%{version}
|
||||
%{?buildroot:%__rm -rf "%{buildroot}"}
|
||||
|
||||
%post
|
||||
%if 0%{?update_bootloader_check_type_reinit_post:1}
|
||||
%update_bootloader_check_type_reinit_post grub2-efi
|
||||
%else
|
||||
/sbin/update-bootloader --reinit || true
|
||||
%endif
|
||||
|
||||
%posttrans
|
||||
%{?update_bootloader_posttrans}
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
#!/bin/bash
|
||||
# attach ascii armored signature to a PE binary
|
||||
# strip the signature from a PE binary
|
||||
set -e
|
||||
|
||||
infile="$1"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user