Accepting request 459945 from devel:openSUSE:Factory

Automatic submission by obs-autosubmit OBS-URL: https://build.opensuse.org/request/show/459945 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=55
2017-02-26 16:00:27 +00:00 · 2017-02-26 16:00:27 +00:00 · d60ff6b061
commit d60ff6b061
parent f90ab72042 649c608132
4 changed files with 57 additions and 4 deletions
--- a/SIGNATURE_UPDATE.txt
+++ b/SIGNATURE_UPDATE.txt
@ -0,0 +1,25 @@
+==== openSUSE ====
+For openSUSE, the devel project of shim is devel:openSUSE:Factory. ALWAYS
+use the latest Leap to build shim-opensuse.efi for UEFI CA. Tumbleweed
+shares the same binary with Leap, so do the older Leap releases.
+
+The steps to udpate signature-opensuse.asc:
+1) Branch devel:openSUSE:Factory/shim.
+2) Add the latest Leap, e.g. 42.2, to the build target.
+3) Build shim-opensuse.efi against the latest Leap.
+4) Strip the signature from shim-opensuse.efi with strip_signature.sh.
+5) Send shim-opensuse.efi to UEFI CA to request a new signature.
+6) Extract the signature from the signed shim.efi with extract_signature.sh
+7) Update signature-opensuse.asc.
+
+==== SLES ===
+Since there is no devel project for shim in SLES, just build shim-sles.efi with
+the latest SLES and then send it to UEFI CA for a new signature.
+
+The steps to update signature-sles.asc:
+1) Branch shim from the latest SLES and apply the update/fix.
+2) Build shim-sles.efi against the latest SLES.
+3) Strip the signature from shim-sles.efi with strip_signature.sh.
+4) Send shim-sles.efi to UEFI CA to request a new signature.
+5) Extract the signature from the signed shim.efi with extract_signature.sh
+6) Update signature-sles.asc.
--- a/shim.changes
+++ b/shim.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Fri Jan 13 09:21:49 UTC 2017 - mchang@suse.com
+
+- Support %posttrans with marcos provided by update-bootloader-rpm-macros
+  package (bsc#997317)
+
+-------------------------------------------------------------------
+Fri Nov 18 09:23:01 UTC 2016 - glin@suse.com
+
+- Add SIGNATURE_UPDATE.txt to state the steps to update
+  signature-*.asc
+- Update the comment of strip_signature.sh
+
 -------------------------------------------------------------------
 Wed Sep 21 09:55:40 UTC 2016 - mchang@suse.com

--- a/shim.spec
+++ b/shim.spec
@ -1,7 +1,7 @@
 #
 # spec file for package shim
 #
-# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
+# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -14,10 +14,9 @@

 # Please submit bugfixes or comments via http://bugs.opensuse.org/
 #
-
-
 # needssslcertforbuild

+
 %undefine _build_create_debug

 Name:           shim
@ -30,6 +29,7 @@ Url:            https://github.com/mjg59/shim
 Source:         %{name}-%{version}.tar.bz2
 # run "extract_signature.sh shim.efi" where shim.efi is the binary
 # with the signature from the UEFI signing service.
+# Note: For signature requesting, check SIGNATURE_UPDATE.txt
 Source1:        signature-opensuse.asc
 Source2:        openSUSE-UEFI-CA-Certificate.crt
 Source3:        shim-install
@ -42,6 +42,7 @@ Source9:        openSUSE-UEFI-CA-Certificate-4096.crt
 Source10:       timestamp.pl
 Source11:       strip_signature.sh
 Source12:       signature-sles.asc
+Source99:       SIGNATURE_UPDATE.txt
 # PATCH-FIX-SUSE shim-only-os-name.patch glin@suse.com -- Only include the OS name in version.c
 Patch1:         shim-only-os-name.patch
 # PATCH-FIX-UPSTREAM FATE#320129 shim-httpboot-support.patch glin@suse.com -- Add HTTPBoot support
@ -63,7 +64,14 @@ BuildRequires:  mozilla-nss-tools
 BuildRequires:  openssl >= 0.9.8
 BuildRequires:  pesign
 BuildRequires:  pesign-obs-integration
+%if 0%{?suse_version} > 1320
+BuildRequires:  update-bootloader-rpm-macros
+%endif
+%if 0%{?update_bootloader_requires:1}
+%update_bootloader_requires
+%else
 Requires:       perl-Bootloader
+%endif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 # For shim-install script
 Requires:       grub2-efi
@ -233,7 +241,14 @@ cp -r source/* %{buildroot}/usr/src/debug/%{name}-%{version}
 %{?buildroot:%__rm -rf "%{buildroot}"}

 %post
+%if 0%{?update_bootloader_check_type_reinit_post:1} 
+%update_bootloader_check_type_reinit_post grub2-efi
+%else
 /sbin/update-bootloader --reinit || true
+%endif
+
+%posttrans
+%{?update_bootloader_posttrans}

 %files
 %defattr(-,root,root)
--- a/strip_signature.sh
+++ b/strip_signature.sh
@ -1,5 +1,5 @@
 #!/bin/bash
-# attach ascii armored signature to a PE binary
+# strip the signature from a PE binary
 set -e

 infile="$1"