pool/shim
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 459945 from devel:openSUSE:Factory

Browse Source 
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/459945
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=55
This commit is contained in:
Dominique Leuenberger 2017-02-26 16:00:27 +00:00 committed by Git OBS Bridge
commit d60ff6b061
4 changed files with 57 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
SIGNATURE_UPDATE.txt Normal file
View File

@ -0,0 +1,25 @@
==== openSUSE ====
For openSUSE, the devel project of shim is devel:openSUSE:Factory. ALWAYS
use the latest Leap to build shim-opensuse.efi for UEFI CA. Tumbleweed
shares the same binary with Leap, so do the older Leap releases.
The steps to udpate signature-opensuse.asc:
1) Branch devel:openSUSE:Factory/shim.
2) Add the latest Leap, e.g. 42.2, to the build target.
3) Build shim-opensuse.efi against the latest Leap.
4) Strip the signature from shim-opensuse.efi with strip_signature.sh.
5) Send shim-opensuse.efi to UEFI CA to request a new signature.
6) Extract the signature from the signed shim.efi with extract_signature.sh
7) Update signature-opensuse.asc.
==== SLES ===
Since there is no devel project for shim in SLES, just build shim-sles.efi with
the latest SLES and then send it to UEFI CA for a new signature.
The steps to update signature-sles.asc:
1) Branch shim from the latest SLES and apply the update/fix.
2) Build shim-sles.efi against the latest SLES.
3) Strip the signature from shim-sles.efi with strip_signature.sh.
4) Send shim-sles.efi to UEFI CA to request a new signature.
5) Extract the signature from the signed shim.efi with extract_signature.sh
6) Update signature-sles.asc.

13
shim.changes
View File

@ -1,3 +1,16 @@
-------------------------------------------------------------------
Fri Jan 13 09:21:49 UTC 2017 - mchang@suse.com
- Support %posttrans with marcos provided by update-bootloader-rpm-macros
package (bsc#997317)
-------------------------------------------------------------------
Fri Nov 18 09:23:01 UTC 2016 - glin@suse.com
- Add SIGNATURE_UPDATE.txt to state the steps to update
signature-*.asc
- Update the comment of strip_signature.sh
------------------------------------------------------------------- -------------------------------------------------------------------
Wed Sep 21 09:55:40 UTC 2016 - mchang@suse.com Wed Sep 21 09:55:40 UTC 2016 - mchang@suse.com

21
shim.spec
View File

@ -1,7 +1,7 @@
# #
# spec file for package shim # spec file for package shim
# #
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
# #
# All modifications and additions to the file contributed by third parties # All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed # remain the property of their copyright owners, unless otherwise agreed
@ -14,10 +14,9 @@
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via http://bugs.opensuse.org/
# #
# needssslcertforbuild # needssslcertforbuild
%undefine _build_create_debug %undefine _build_create_debug
Name: shim Name: shim
@ -30,6 +29,7 @@ Url: https://github.com/mjg59/shim
Source: %{name}-%{version}.tar.bz2 Source: %{name}-%{version}.tar.bz2
# run "extract_signature.sh shim.efi" where shim.efi is the binary # run "extract_signature.sh shim.efi" where shim.efi is the binary
# with the signature from the UEFI signing service. # with the signature from the UEFI signing service.
# Note: For signature requesting, check SIGNATURE_UPDATE.txt
Source1: signature-opensuse.asc Source1: signature-opensuse.asc
Source2: openSUSE-UEFI-CA-Certificate.crt Source2: openSUSE-UEFI-CA-Certificate.crt
Source3: shim-install Source3: shim-install
@ -42,6 +42,7 @@ Source9: openSUSE-UEFI-CA-Certificate-4096.crt
Source10: timestamp.pl Source10: timestamp.pl
Source11: strip_signature.sh Source11: strip_signature.sh
Source12: signature-sles.asc Source12: signature-sles.asc
Source99: SIGNATURE_UPDATE.txt
# PATCH-FIX-SUSE shim-only-os-name.patch glin@suse.com -- Only include the OS name in version.c # PATCH-FIX-SUSE shim-only-os-name.patch glin@suse.com -- Only include the OS name in version.c
Patch1: shim-only-os-name.patch Patch1: shim-only-os-name.patch
# PATCH-FIX-UPSTREAM FATE#320129 shim-httpboot-support.patch glin@suse.com -- Add HTTPBoot support # PATCH-FIX-UPSTREAM FATE#320129 shim-httpboot-support.patch glin@suse.com -- Add HTTPBoot support
@ -63,7 +64,14 @@ BuildRequires: mozilla-nss-tools
BuildRequires: openssl >= 0.9.8 BuildRequires: openssl >= 0.9.8
BuildRequires: pesign BuildRequires: pesign
BuildRequires: pesign-obs-integration BuildRequires: pesign-obs-integration
%if 0%{?suse_version} > 1320
BuildRequires: update-bootloader-rpm-macros
%endif
%if 0%{?update_bootloader_requires:1}
%update_bootloader_requires
%else
Requires: perl-Bootloader Requires: perl-Bootloader
%endif
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
# For shim-install script # For shim-install script
Requires: grub2-efi Requires: grub2-efi
@ -233,7 +241,14 @@ cp -r source/* %{buildroot}/usr/src/debug/%{name}-%{version}
%{?buildroot:%__rm -rf "%{buildroot}"} %{?buildroot:%__rm -rf "%{buildroot}"}
%post %post
%if 0%{?update_bootloader_check_type_reinit_post:1}
%update_bootloader_check_type_reinit_post grub2-efi
%else
/sbin/update-bootloader --reinit || true /sbin/update-bootloader --reinit || true
%endif
%posttrans
%{?update_bootloader_posttrans}
%files %files
%defattr(-,root,root) %defattr(-,root,root)

2
strip_signature.sh
View File

@ -1,5 +1,5 @@
#!/bin/bash #!/bin/bash
# attach ascii armored signature to a PE binary # strip the signature from a PE binary
set -e set -e
infile="$1" infile="$1"