pool/shim
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
281 Commits 1 Branch 0 Tags 16 MiB
factory
Commit Graph

142 Commits

Author SHA256 Message Date
Joey Lee
4af5b3f4d4 Accepting request 1164001 from home:gary_lin:branches:devel:openSUSE:Factory 
- Introduce %shim_use_fde_tpm_helper macro so that the project
  can include the fde-tpm-helper-macros for the build targets
  other than Tumbleweed

OBS-URL: https://build.opensuse.org/request/show/1164001
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=212
 2024-04-02 04:26:58 +00:00
Dirk Mueller
b7db283760 Accepting request 1151489 from home:dimstar:rpm4.20:s 
Prepare for RPM 4.20

OBS-URL: https://build.opensuse.org/request/show/1151489
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=211
 2024-03-05 09:01:55 +00:00
Joey Lee
8f7d539eb7 Accepting request 1147310 from home:joeyli:branches:devel:openSUSE:Factory 
Add suffix string of project to filename of included certificates

OBS-URL: https://build.opensuse.org/request/show/1147310
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=210
 2024-02-17 10:35:28 +00:00
Joey Lee
e7152e6c04 Accepting request 1146844 from home:joeyli:branches:devel:openSUSE:Factory 
Sync shim.spec and changelog between openSUSE:Factory/shim with SLE-15-SP3/shim

OBS-URL: https://build.opensuse.org/request/show/1146844
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=209
 2024-02-15 13:09:03 +00:00
Joey Lee
e4f7469733 Accepting request 1141279 from home:lnussel:branches:devel:openSUSE:Factory 
- Generate dbx during build so we don't include binary files in sources

OBS-URL: https://build.opensuse.org/request/show/1141279
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=207
 2024-02-15 08:27:36 +00:00
Tseng
ffda8d5b51 Accepting request 1143635 from home:gary_lin:branches:devel:openSUSE:Factory 
- Limit the requirement of fde-tpm-helper-macros to the distro with
  suse_version 1600 and above (bsc#1219460)

OBS-URL: https://build.opensuse.org/request/show/1143635
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=206
 2024-02-05 08:55:58 +00:00
Joey Lee
6e9e2655ab Accepting request 1142576 from home:dtseng:branches:devel:openSUSE:Factory 
bugowner: dtseng
Submitting for upgrading shim to v15.8 (bsc#1215099, bsc#1215098,bsc#1215100,bsc#1215101,bsc#1215102,and bsc#1215103)

OBS-URL: https://build.opensuse.org/request/show/1142576
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=205
 2024-02-01 07:25:56 +00:00
Ludwig Nussel
a86220a02f Accepting request 1115842 from home:lnussel:branches:devel:openSUSE:Factory 
- Don't require grub so shim can still be used with systemd-boot

OBS-URL: https://build.opensuse.org/request/show/1115842
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=204
 2023-10-10 09:27:16 +00:00
Joey Lee
c5f457c08d Accepting request 1112452 from home:gary_lin:branches:devel:openSUSE:Factory 
- Update shim-install to fix boot failure of ext4 root file system
  on RAID10 (bsc#1205855)
   226c94ca5cfca  Use hint in looking for root if possible
- Adopt the macros from fde-tpm-helper-macros to update the
  signature in the sealed key after a bootloader upgrade

The macros package depends on the latest fde-tools:
https://build.opensuse.org/request/show/1112138

OBS-URL: https://build.opensuse.org/request/show/1112452
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=203
 2023-09-22 08:46:59 +00:00
Joey Lee
84a3ac6c45 Accepting request 1078223 from home:joeyli:branches:devel:openSUSE:Factory 
Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec (bsc#1205588)

OBS-URL: https://build.opensuse.org/request/show/1078223
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=201
 2023-04-10 06:10:02 +00:00
Joey Lee
8dffdb384c Accepting request 1057932 from home:joeyli:branches:devel:openSUSE:Factory 
Removed shim-bsc1198101-opensuse-cert-prompt.patch (bsc#1198101)

OBS-URL: https://build.opensuse.org/request/show/1057932
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=200
 2023-01-12 09:08:02 +00:00
Joey Lee
34a594d236 Accepting request 1037456 from home:joeyli:branches:devel:openSUSE:Factory 
Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to disable the NX compatibility flag when using post-process-pe because grub2 is not ready. (bsc#1205588)

OBS-URL: https://build.opensuse.org/request/show/1037456
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=198
 2022-11-23 07:50:36 +00:00
Joey Lee
ccd71ae517 Accepting request 1037005 from home:joeyli:branches:devel:openSUSE:Factory 
Add shim-Enable-the-NX-compatibility-flag-by-default.patch to enable the NX compatibility flag by default. (jsc#PED-127)

OBS-URL: https://build.opensuse.org/request/show/1037005
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=197
 2022-11-21 05:00:30 +00:00
Joey Lee
b7972463e9 Accepting request 1036423 from home:joeyli:branches:devel:openSUSE:Factory 
Update to 15.7 (bsc#1198458)(jsc#PED-127)

OBS-URL: https://build.opensuse.org/request/show/1036423
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=195
 2022-11-17 10:52:49 +00:00
Joey Lee
e8b8c97820 Accepting request 1035798 from home:joeyli:branches:devel:openSUSE:Factory 
Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127)

OBS-URL: https://build.opensuse.org/request/show/1035798
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=194
 2022-11-15 09:50:55 +00:00
Joey Lee
2386bd59cb Accepting request 1002927 from home:KHanich:branches:devel:openSUSE:Factory 
- Add logic to shim.spec to only set sbat policy when efivarfs is writeable.
  (bsc#1201066)

OBS-URL: https://build.opensuse.org/request/show/1002927
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=192
 2022-09-16 06:35:39 +00:00
Joey Lee
a379c7b18b Accepting request 993203 from home:joeyli:branches:devel:openSUSE:Factory 
Add logic to shim.spec for detecting --set-sbat-policy option before using mokutil to set sbat policy. (bsc#1202120)

OBS-URL: https://build.opensuse.org/request/show/993203
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=191
 2022-08-05 05:58:36 +00:00
Joey Lee
63fb624566 Accepting request 991618 from home:joeyli:branches:devel:openSUSE:Factory 
Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)

OBS-URL: https://build.opensuse.org/request/show/991618
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=190
 2022-07-29 02:47:14 +00:00
Joey Lee
3bb7cc18a5 Accepting request 991171 from home:joeyli:branches:devel:openSUSE:Factory 
Revoked the change in shim.spec for use common SBAT values (boo#1193282) (bsc#1198458)

OBS-URL: https://build.opensuse.org/request/show/991171
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=189
 2022-07-26 04:16:19 +00:00
Joey Lee
20e705b979 Accepting request 971203 from home:lnussel:branches:Base:System 
- use common SBAT values (boo#1193282)

OBS-URL: https://build.opensuse.org/request/show/971203
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=188
 2022-07-14 02:23:22 +00:00
Joey Lee
7410f7aef0 Accepting request 985418 from home:joeyli:branches:devel:openSUSE:Factory 
Update to 15.6 (bsc#1198458)

OBS-URL: https://build.opensuse.org/request/show/985418
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=187
 2022-06-28 05:59:27 +00:00
Gary Ching-Pang Lin
182fd24b7c Accepting request 903339 from home:gary_lin:branches:devel:openSUSE:Factory 
avoid deleting the mirrored RT variables (bsc#1187696)

OBS-URL: https://build.opensuse.org/request/show/903339
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=186
 2021-07-01 06:13:57 +00:00
Gary Ching-Pang Lin
4e7f70bc3a Accepting request 901235 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
  buffer overflow when copying data to the MOK config table
  (bsc#1185232)

OBS-URL: https://build.opensuse.org/request/show/901235
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=185
 2021-06-22 02:03:16 +00:00
Gary Ching-Pang Lin
32f6f1f55a Accepting request 901053 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-disable-export-vendor-dbx.patch to disable exporting
  vendor-dbx to MokListXRT since writing a large RT variable
  could crash some machines (bsc#1185261)
- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
  potential crash when calling QueryVariableInfo in EFI 1.10
  machines (bsc#1187260)

- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
  for AArch64
  Fix: https://github.com/rhboot/shim/issues/371

OBS-URL: https://build.opensuse.org/request/show/901053
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=184
 2021-06-21 02:58:46 +00:00
Gary Ching-Pang Lin
b128f342b9 Accepting request 900008 from home:gary_lin:branches:devel:openSUSE:Factory 
ignore the odd LoadOptions length (bsc#1185232)

OBS-URL: https://build.opensuse.org/request/show/900008
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=183
 2021-06-15 03:59:23 +00:00
Gary Ching-Pang Lin
7f83b4b531 Accepting request 894182 from home:gary_lin:branches:devel:openSUSE:Factory 
- shim-install: instead of assuming "removable" for Azure, remove
  fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot
  to make \EFI\Boot bootable and keep the boot option created by
  efibootmgr (bsc#1185464, bsc#1185961)

- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
  the check for import_mok_state() when Secure Boot is off.
  (bsc#1185261)

OBS-URL: https://build.opensuse.org/request/show/894182
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=181
 2021-05-19 01:26:58 +00:00
Gary Ching-Pang Lin
f94c2e5bcf Accepting request 890839 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
  maximum variable size check for u-boot (bsc#1185621)

- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
  to handle ignore_db and user_insecure_mode correctly
  (bsc#1185441)

OBS-URL: https://build.opensuse.org/request/show/890839
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=179
 2021-05-06 03:35:27 +00:00
Gary Ching-Pang Lin
14a92e6f61 Accepting request 888994 from home:gary_lin:branches:devel:openSUSE:Factory 
- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
  vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
  the size of MokListXRT (bsc#1185261) 
  + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz

OBS-URL: https://build.opensuse.org/request/show/888994
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=178
 2021-04-28 10:01:26 +00:00
Gary Ching-Pang Lin
0f47283b84 Accepting request 883796 from home:gary_lin:branches:devel:openSUSE:Factory 
- avoid the error message during linux system boot (bsc#1184454)
- prevent the build id being added to the binary. That can cause issues with the signature

OBS-URL: https://build.opensuse.org/request/show/883796
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=177
 2021-04-08 09:16:46 +00:00
Gary Ching-Pang Lin
1354ba095a Accepting request 882314 from home:gary_lin:branches:devel:openSUSE:Factory 
Update to 15.4 (bsc#1182057)

OBS-URL: https://build.opensuse.org/request/show/882314
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=176
 2021-03-31 08:55:10 +00:00
Gary Ching-Pang Lin
bbfcbff67b Accepting request 881822 from home:gary_lin:branches:devel:openSUSE:Factory 
change the SBAT variable name and enhance the handling of SBAT (bsc#1182057)

OBS-URL: https://build.opensuse.org/request/show/881822
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=175
 2021-03-29 07:54:46 +00:00
Gary Ching-Pang Lin
0fc0214e26 Accepting request 880833 from home:gary_lin:branches:devel:openSUSE:Factory 
- Update to 15.3 for SBAT support (bsc#1182057)

OBS-URL: https://build.opensuse.org/request/show/880833
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=173
 2021-03-24 03:16:20 +00:00
Gary Ching-Pang Lin
b9c4429460 Accepting request 878250 from home:gary_lin:branches:devel:openSUSE:Factory 
- Refresh shim-bsc1182776-fix-crash-at-exit.patch to do the cleanup
  also when Secure Boot is disabled (bsc#1183213, bsc#1182776)
- Merged linker-version.pl into timestamp.pl and add the linker
  version to signature files accordingly

OBS-URL: https://build.opensuse.org/request/show/878250
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=172
 2021-03-11 03:36:34 +00:00
Gary Ching-Pang Lin
cce479bdc0 Accepting request 877543 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bsc1182776-fix-crash-at-exit.patch to fix the potential
  crash at Exit() (bsc#1182776)

OBS-URL: https://build.opensuse.org/request/show/877543
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=171
 2021-03-08 03:42:43 +00:00
Gary Ching-Pang Lin
e3245db390 Accepting request 865543 from home:gary_lin:branches:devel:openSUSE:Factory 
- Update the SLE signature
- Exclude some patches from x86_64 to avoid breaking the signature
- Add shim-correct-license-in-headers.patch back for x86_64 to
  match the SLE signature
- Add linker-version.pl to modify the EFI/PE header to match the
  SLE signature

OBS-URL: https://build.opensuse.org/request/show/865543
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=170
 2021-01-22 04:22:49 +00:00
Gary Ching-Pang Lin
877a8b9828 Accepting request 845885 from home:gary_lin:branches:devel:openSUSE:Factory 
- Disable the signature attachment for AArch64 temporarily until we get a real one.

OBS-URL: https://build.opensuse.org/request/show/845885
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=169
 2020-11-04 06:15:49 +00:00
Gary Ching-Pang Lin
ad2aeff5ac Accepting request 845367 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bsc1177315-verify-eku-codesign.patch to check CodeSign
  in the signer's EKU (bsc#1177315)
- Add shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
  to fix NULL pointer dereference in AuthenticodeVerify()
  (bsc#1177789, CVE-2019-14584)
- shim-install: Support changing default shim efi binary in
  /usr/etc/default/shim and /etc/default/shim (bsc#1177315)
- Add shim-bsc1177315-fix-buffer-use-after-free.patch to fix buffer
  use-after-free at the end of the EKU verification (bsc#1177315)

OBS-URL: https://build.opensuse.org/request/show/845367
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=168
 2020-11-03 06:49:18 +00:00
Gary Ching-Pang Lin
a14628c7b5 Accepting request 841727 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bsc1177404-fix-a-use-of-strlen.patch to fix the length
  of the option data string to launch the program correctly
  (bsc#1177404)
- Add shim-bsc1175509-more-tpm-fixes.patch to fix the file path
  in the tpm even log (bsc#1175509)

OBS-URL: https://build.opensuse.org/request/show/841727
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=167
 2020-10-14 09:22:20 +00:00
Gary Ching-Pang Lin
6cefe7b10f Accepting request 834242 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-VLogError-Avoid-Null-pointer-dereferences.patch to fix
  VLogError crash in AArch64 (jsc#SLE-15824)
- Add shim-fix-verify-eku.patch to fix the potential crash at
  verify_eku() (jsc#SLE-15824)
- Add shim-do-not-write-string-literals.patch to fix the potential
  crash when accessing the DEFAULT_LOADER string (jsc#SLE-15824)

OBS-URL: https://build.opensuse.org/request/show/834242
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=166
 2020-09-14 08:23:32 +00:00
Gary Ching-Pang Lin
0e2b985c49 Accepting request 832350 from home:Guillaume_G:branches:devel:openSUSE:Factory 
- Enable build on aarch64

OBS-URL: https://build.opensuse.org/request/show/832350
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=165
 2020-09-07 01:45:46 +00:00
Gary Ching-Pang Lin
4e169f6be0 Accepting request 828385 from home:gary_lin:branches:devel:openSUSE:Factory 
fix the TPM2 measurement (bsc#1175509)

OBS-URL: https://build.opensuse.org/request/show/828385
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=163
 2020-08-21 06:24:52 +00:00
Gary Ching-Pang Lin
ca285f90f5 Accepting request 824673 from home:gary_lin:branches:devel:openSUSE:Factory 
Amend the check of %shim_enforce_ms_signature so that we can disable the signature check by defining shim_enforce_ms_signature as 0

OBS-URL: https://build.opensuse.org/request/show/824673
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=162
 2020-08-06 10:25:36 +00:00
Gary Ching-Pang Lin
761179927f Accepting request 824566 from home:gary_lin:branches:devel:openSUSE:Factory 
Updated openSUSE signature

OBS-URL: https://build.opensuse.org/request/show/824566
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=161
 2020-08-06 03:10:22 +00:00
Gary Ching-Pang Lin
1a492cd8bd Accepting request 822928 from home:gary_lin:branches:devel:openSUSE:Factory 
Update the license header patch (bsc#1174512)

OBS-URL: https://build.opensuse.org/request/show/822928
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=160
 2020-07-27 07:40:45 +00:00
Gary Ching-Pang Lin
f0bb3978c4 Accepting request 819890 from home:gary_lin:branches:devel:openSUSE:Factory 
only check EFI variable copying when Secure Boot is enabled (bsc#1173411)

OBS-URL: https://build.opensuse.org/request/show/819890
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=158
 2020-07-10 07:26:45 +00:00
Gary Ching-Pang Lin
d2c2a9d07b Accepting request 789643 from home:gary_lin:branches:devel:openSUSE:Factory 
Use "suse_version" instead of "sle_version" to avoid shim_lib64_share_compat being set in Tumbleweed forever.

OBS-URL: https://build.opensuse.org/request/show/789643
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=156
 2020-03-30 06:34:16 +00:00
Gary Ching-Pang Lin
e0cafca96d - Add shim-fix-gnu-efi-3.0.11.patch to fix the build error caused 
by the upgrade of gnu-efi

OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=155
 2020-03-16 09:43:20 +00:00
Gary Ching-Pang Lin
441cbe7c4c Accepting request 723852 from home:gary_lin:branches:devel:openSUSE:Factory 
Fix a typo in shim-install (bsc#1145802)

OBS-URL: https://build.opensuse.org/request/show/723852
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=153
 2019-08-16 04:12:38 +00:00
Gary Ching-Pang Lin
283ffe9359 - Add gcc9-fix-warnings.patch (bsc#1121268). 
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=152
 2019-04-19 10:33:47 +00:00
Gary Ching-Pang Lin
63fdae9097 Accepting request 679210 from home:marxin:branches:devel:openSUSE:Factory 
- Add gcc9-fix-warnings.patch (bsc#1121268).

OBS-URL: https://build.opensuse.org/request/show/679210
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=151
 2019-04-19 10:28:20 +00:00