Accepting request 443762 from home:gary_lin:branches:devel:openSUSE:Factory
- Add SIGNATURE_UPDATE.txt to state the steps to update signature-*.asc - Update the comment of strip_signature.sh OBS-URL: https://build.opensuse.org/request/show/443762 OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=123
This commit is contained in:
parent
da918f60a8
commit
ea8904665d
25
SIGNATURE_UPDATE.txt
Normal file
25
SIGNATURE_UPDATE.txt
Normal file
@ -0,0 +1,25 @@
|
||||
==== openSUSE ====
|
||||
For openSUSE, the devel project of shim is devel:openSUSE:Factory. ALWAYS
|
||||
use the latest Leap to build shim-opensuse.efi for UEFI CA. Tumbleweed
|
||||
shares the same binary with Leap, so do the older Leap releases.
|
||||
|
||||
The steps to udpate signature-opensuse.asc:
|
||||
1) Branch devel:openSUSE:Factory/shim.
|
||||
2) Add the latest Leap, e.g. 42.2, to the build target.
|
||||
3) Build shim-opensuse.efi against the latest Leap.
|
||||
4) Strip the signature from shim-opensuse.efi with strip_signature.sh.
|
||||
5) Send shim-opensuse.efi to UEFI CA to request a new signature.
|
||||
6) Extract the signature from the signed shim.efi with extract_signature.sh
|
||||
7) Update signature-opensuse.asc.
|
||||
|
||||
==== SLES ===
|
||||
Since there is no devel project for shim in SLES, just build shim-sles.efi with
|
||||
the latest SLES and then send it to UEFI CA for a new signature.
|
||||
|
||||
The steps to update signature-sles.asc:
|
||||
1) Branch shim from the latest SLES and apply the update/fix.
|
||||
2) Build shim-sles.efi against the latest SLES.
|
||||
3) Strip the signature from shim-sles.efi with strip_signature.sh.
|
||||
4) Send shim-sles.efi to UEFI CA to request a new signature.
|
||||
5) Extract the signature from the signed shim.efi with extract_signature.sh
|
||||
6) Update signature-sles.asc.
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 18 09:23:01 UTC 2016 - glin@suse.com
|
||||
|
||||
- Add SIGNATURE_UPDATE.txt to state the steps to update
|
||||
signature-*.asc
|
||||
- Update the comment of strip_signature.sh
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Sep 21 09:55:40 UTC 2016 - mchang@suse.com
|
||||
|
||||
|
@ -14,10 +14,9 @@
|
||||
|
||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
# needssslcertforbuild
|
||||
|
||||
|
||||
%undefine _build_create_debug
|
||||
|
||||
Name: shim
|
||||
@ -30,6 +29,7 @@ Url: https://github.com/mjg59/shim
|
||||
Source: %{name}-%{version}.tar.bz2
|
||||
# run "extract_signature.sh shim.efi" where shim.efi is the binary
|
||||
# with the signature from the UEFI signing service.
|
||||
# Note: For signature requesting, check SIGNATURE_UPDATE.txt
|
||||
Source1: signature-opensuse.asc
|
||||
Source2: openSUSE-UEFI-CA-Certificate.crt
|
||||
Source3: shim-install
|
||||
@ -42,6 +42,7 @@ Source9: openSUSE-UEFI-CA-Certificate-4096.crt
|
||||
Source10: timestamp.pl
|
||||
Source11: strip_signature.sh
|
||||
Source12: signature-sles.asc
|
||||
Source99: SIGNATURE_UPDATE.txt
|
||||
# PATCH-FIX-SUSE shim-only-os-name.patch glin@suse.com -- Only include the OS name in version.c
|
||||
Patch1: shim-only-os-name.patch
|
||||
# PATCH-FIX-UPSTREAM FATE#320129 shim-httpboot-support.patch glin@suse.com -- Add HTTPBoot support
|
||||
|
@ -1,5 +1,5 @@
|
||||
#!/bin/bash
|
||||
# attach ascii armored signature to a PE binary
|
||||
# strip the signature from a PE binary
|
||||
set -e
|
||||
|
||||
infile="$1"
|
||||
|
Loading…
Reference in New Issue
Block a user