pool/shim
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
144 Commits 2 Branches 0 Tags 16 MiB
4e7f70bc3a
Commit Graph

144 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Gary Ching-Pang Lin
cb72e488f1 Accepting request 224988 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-mokmanager-delete-bs-var-right.patch to delete the BS+NV
  variables the right way
- Update shim-opensuse-cert-prompt.patch to delete openSUSE_Verify
  correctly

OBS-URL: https://build.opensuse.org/request/show/224988
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=66
 2014-03-07 09:40:50 +00:00
Gary Ching-Pang Lin
2d5468ae12 Accepting request 224833 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-fallback-avoid-duplicate-bootorder.patch to fix the
  duplicate entries in BootOrder
- Add shim-allow-fallback-use-system-loadimage.patch to handle the
  shim protocol properly to keep only one protocol entity
- Refresh shim-opensuse-cert-prompt.patch

OBS-URL: https://build.opensuse.org/request/show/224833
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=65
 2014-03-06 07:55:56 +00:00
Gary Ching-Pang Lin
466149ebe7 Accepting request 224828 from home:michael-chang:branches:devel:openSUSE:Factory 
- shim-install: fix the $prefix to use grub2-mkrelpath for paths
  on btrfs subvolume (bnc#866690).

OBS-URL: https://build.opensuse.org/request/show/224828
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=64
 2014-03-06 04:08:12 +00:00
Gary Ching-Pang Lin
898a347233 Accepting request 224565 from home:gary_lin:branches:devel:openSUSE:Factory 
- Update signature-sles.asc: shim signed by UEFI signing service,
  based on code from "Thu Feb 20 11:57:01 UTC 2014"

OBS-URL: https://build.opensuse.org/request/show/224565
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=63
 2014-03-04 06:40:16 +00:00
Gary Ching-Pang Lin
ac40989026 Accepting request 224563 from home:gary_lin:branches:devel:openSUSE:Factory 
FATE#315002: Update shim-install to install shim.efi as the EFI default bootloader when none exists in \EFI\boot.

OBS-URL: https://build.opensuse.org/request/show/224563
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=62
 2014-03-04 04:32:46 +00:00
Tomáš Chvátal
48acea1e89 Accepting request 223346 from home:gary_lin:branches:devel:openSUSE:Factory 
Show the prompt to ask whether the user trusts the openSUSE certificate or not

OBS-URL: https://build.opensuse.org/request/show/223346
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=61
 2014-02-28 10:04:44 +00:00
Gary Ching-Pang Lin
358e7af8a4 Accepting request 223224 from home:lnussel:branches:devel:openSUSE:Factory 
- allow package to carry multiple signatures
- check correct certificate is embedded

OBS-URL: https://build.opensuse.org/request/show/223224
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=60
 2014-02-21 02:21:37 +00:00
Gary Ching-Pang Lin
12d61956b5 Accepting request 223204 from home:lnussel:branches:devel:openSUSE:Factory 
- always clean up generated files that embed certificates
  (shim_cert.h shim.cer shim.crt) to make sure next build loop
  rebuilds them properly

OBS-URL: https://build.opensuse.org/request/show/223204
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=59
 2014-02-20 10:26:49 +00:00
Gary Ching-Pang Lin
18c5d7ff47 Accepting request 222658 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bnc863205-mokmanager-fix-hash-delete.patch to fix the
  hash deletion operation to avoid ruining the whole list
  (bnc#863205)

OBS-URL: https://build.opensuse.org/request/show/222658
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=58
 2014-02-18 03:46:55 +00:00
Gary Ching-Pang Lin
63a3d1b717 Accepting request 221745 from home:gary_lin:branches:devel:openSUSE:Factory 
- Update shim-mokx-support.patch to support the resetting of MOK blacklist
- Fix the variable checking in get_variable_attr
- Improve the boot entry pathes and avoid generating the boot entries that are already there
- Update SUSE certificate
- Update scritps to remove the creation of the temporary nss database
- Remove the kernel version of the build server
- Match the the prefix of the project name properly by escaping the percent sign.

OBS-URL: https://build.opensuse.org/request/show/221745
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=57
 2014-02-13 01:57:08 +00:00
Frederic Crozat
f46b6f113f Accepting request 214707 from home:lnussel:branches:devel:openSUSE:Factory 
- enable signature assertion also in SUSE: hierarchy

OBS-URL: https://build.opensuse.org/request/show/214707
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=55
 2014-01-29 10:49:44 +00:00
Gary Ching-Pang Lin
1e4680c8fe Accepting request 209582 from home:gary_lin:branches:devel:openSUSE:Factory 
handle the error status from ReadKeyStroke to avoid unexpected keys

OBS-URL: https://build.opensuse.org/request/show/209582
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=53
 2013-12-06 07:16:12 +00:00
Gary Ching-Pang Lin
1640d5b323 Accepting request 209456 from home:gary_lin:branches:devel:openSUSE:Factory 
Update to 0.7, include upstream patches, and support MOK blacklist

OBS-URL: https://build.opensuse.org/request/show/209456
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=52
 2013-12-05 02:46:29 +00:00
Gary Ching-Pang Lin
123cf8931f Accepting request 205333 from home:fcrozat:branches:devel:openSUSE:Factory 
- Update microsoft.asc: shim signed by UEFI signing service, based
  on code from "Tue Oct  1 04:29:29 UTC 2013".

OBS-URL: https://build.opensuse.org/request/show/205333
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=50
 2013-10-31 10:33:54 +00:00
Gary Ching-Pang Lin
fe27947fc0 Accepting request 201531 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-netboot-fixes.patch to include upstream netboot fixes
- Add shim-mokmanager-disable-gfx-console.patch to disable the
  graphics console to avoid system hang on some machines
- Add shim-bnc841426-silence-shim-protocols.patch to silence the
  shim protocols (bnc#841426)

OBS-URL: https://build.opensuse.org/request/show/201531
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=48
 2013-10-01 07:06:21 +00:00
Gary Ching-Pang Lin
abecbcfee6 Accepting request 200505 from home:gary_lin:branches:devel:openSUSE:Factory 
Create boot.csv in ESP for fallback.efi to restore the boot entry

OBS-URL: https://build.opensuse.org/request/show/200505
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=46
 2013-09-25 08:08:02 +00:00
Frederic Crozat
7d754a1d6f Accepting request 199366 from home:fcrozat:branches:devel:openSUSE:Factory 
- Update microsoft.asc: shim signed by UEFI signing service, based
  on code from "Fri Sep  6 13:57:36 UTC 2013".
- Improve extract_signature.sh to work on current path.

OBS-URL: https://build.opensuse.org/request/show/199366
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=44
 2013-09-17 09:17:43 +00:00
Gary Ching-Pang Lin
23b0639b8c Accepting request 197604 from home:lnussel:branches:devel:openSUSE:Factory 
- set timestamp of PE file to time of the binary the signature was
  made for.
- make sure cert.o get's rebuilt for each target

- Update microsoft.asc: shim signed by UEFI signing service, based
  on code from "Wed Aug 28 15:54:38 UTC 2013"

OBS-URL: https://build.opensuse.org/request/show/197604
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=42
 2013-09-09 03:29:33 +00:00
Gary Ching-Pang Lin
3436d7ba57 Accepting request 196735 from home:lnussel:branches:devel:openSUSE:Factory 
- always build a shim that embeds the distro's certificate (e.g.
  shim-opensuse.efi). If the package is built in the devel project
  additionally shim-devel.efi is created. That allows us to either
  load grub2/kernel signed by the distro or signed by the devel
  project, depending on use case. Also shim-$distro.efi from the
  devel project can be used to request additional signatures.

OBS-URL: https://build.opensuse.org/request/show/196735
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=40
 2013-08-29 08:43:23 +00:00
Gary Ching-Pang Lin
f83d4083f6 Accepting request 196609 from home:lnussel:branches:devel:openSUSE:Factory 
- also include old openSUSE 4096 bit certificate to be able to still
  boot kernels signed with that key.
- add show_signatures script

OBS-URL: https://build.opensuse.org/request/show/196609
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=38
 2013-08-28 09:32:58 +00:00
Gary Ching-Pang Lin
e60c1a0266 Accepting request 196493 from home:lnussel:branches:devel:openSUSE:Factory 
- replace the 4096 bit openSUSE UEFI CA certificate with new a
  standard compliant 2048 bit one.

OBS-URL: https://build.opensuse.org/request/show/196493
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=36
 2013-08-27 07:45:39 +00:00
Gary Ching-Pang Lin
79c0b9a33d Accepting request 195685 from home:lnussel:branches:devel:openSUSE:Factory 
- fix shell syntax error

OBS-URL: https://build.opensuse.org/request/show/195685
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=34
 2013-08-22 01:54:02 +00:00
Gary Ching-Pang Lin
dd00d3c666 Accepting request 186534 from home:lnussel:branches:devel:openSUSE:Factory 
- don't include binary in the sources. Instead package the raw
  signature and attach it during build (bnc#813448).

OBS-URL: https://build.opensuse.org/request/show/186534
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=32
 2013-08-09 09:33:45 +00:00
Gary Ching-Pang Lin
125b3129ee Accepting request 185349 from home:gary_lin:branches:devel:openSUSE:Factory 
- Update shim-mokmanager-ui-revamp.patch to include fixes for
  MokManager
  + reboot the system after clearing MOK password
  + fetch more info from X509 name
  + check the suffix of the key file

OBS-URL: https://build.opensuse.org/request/show/185349
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=30
 2013-08-01 02:49:52 +00:00
Gary Ching-Pang Lin
16ab868efc Accepting request 184039 from home:gary_lin:branches:devel:openSUSE:Factory 
- Update to 0.4
- Rebase patches
  + shim-suse-build.patch
  + shim-mokmanager-support-crypt-hash-method.patch
  + shim-bnc804631-fix-broken-bootpath.patch
  + shim-bnc798043-no-doulbe-separators.patch
  + shim-bnc807760-change-pxe-2nd-loader-name.patch
  + shim-bnc808106-correct-certcount.patch 
  + shim-mokmanager-ui-revamp.patch
- Add patches
  + shim-merge-lf-loader-code.patch: merge the Linux Foundation
    loader UI code
  + shim-fix-pointer-casting.patch: fix a casting issue and the
    size of an empty vendor cert
  + shim-fix-simple-file-selector.patch: fix the buffer allocation
    in the simple file selector
- Remove upstreamed patches
  + shim-support-mok-delete.patch
  + shim-reboot-after-changes.patch
  + shim-clear-queued-key.patch
  + shim-local-key-sign-mokmanager.patch
  + shim-get-2nd-stage-loader.patch
  + shim-fix-loadoptions.patch
- Remove unused patch: shim-mokmanager-new-pw-hash.patch and
  shim-keep-unsigned-mokmanager.patch
- Install the vendor certificate to /etc/uefi/certs

OBS-URL: https://build.opensuse.org/request/show/184039
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=28
 2013-07-23 04:44:22 +00:00
Gary Ching-Pang Lin
e6e545b72a Accepting request 174778 from home:gary_lin:branches:devel:openSUSE:Factory 
Revamp the MokManager UI

OBS-URL: https://build.opensuse.org/request/show/174778
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=26
 2013-05-08 06:52:29 +00:00
Gary Ching-Pang Lin
2e7d74adf8 Accepting request 162327 from home:gary_lin:branches:devel:openSUSE:Factory 
bnc#813079: Call update-bootloader in %post to update *.efi in \efi\opensuse

OBS-URL: https://build.opensuse.org/request/show/162327
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=24
 2013-04-03 06:25:09 +00:00
Gary Ching-Pang Lin
6c21f45551 Accepting request 157970 from home:gary_lin:branches:devel:openSUSE:Factory 
bnc#807760: change the PXE 2nd stage loader name
bnc#808106: certificate count of the signature list

OBS-URL: https://build.opensuse.org/request/show/157970
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=22
 2013-03-08 08:06:19 +00:00
Gary Ching-Pang Lin
e356a6eeae Accepting request 157208 from home:gary_lin:branches:devel:openSUSE:Factory 
(bnc#798043#c4) remove double seperators from the bootpath

OBS-URL: https://build.opensuse.org/request/show/157208
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=20
 2013-03-05 10:12:49 +00:00
Gary Ching-Pang Lin
d1f2afa617 Accepting request 156849 from home:lnussel:sbtest 
- sign shim also with openSUSE certificate

OBS-URL: https://build.opensuse.org/request/show/156849
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=18
 2013-03-01 03:32:55 +00:00
Michael Schröder
54f4730c79 add changes 
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=17
 2013-02-27 16:19:41 +00:00
Michael Schröder
e60042f553 fix 
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=16
 2013-02-27 15:47:35 +00:00
Michael Schröder
667ecba987 ? 
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=15
 2013-02-27 15:40:36 +00:00
Michael Schröder
0e47eaad06 don't create extra keypair 
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=14
 2013-02-27 15:35:48 +00:00
Michael Schröder
da3221a823 argh 
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=13
 2013-02-27 14:55:04 +00:00
Michael Schröder
c0a6a69e10 - identify project, export certificate as DER file 
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=12
 2013-02-27 14:53:25 +00:00
Gary Ching-Pang Lin
4f72d9c0de Accepting request 156025 from home:gary_lin:branches:devel:openSUSE:Factory 
bnc#804631: fix the broken bootpath generated in generate_path()

OBS-URL: https://build.opensuse.org/request/show/156025
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=10
 2013-02-22 10:31:48 +00:00
Stephan Kulow
eec41d4d52 Accepting request 155105 from home:fcrozat:branches:devel:openSUSE:Factory 
- Update with shim signed by UEFI signing service, based on code
  from "Thu Feb  7 06:56:19 UTC 2013".

OBS-URL: https://build.opensuse.org/request/show/155105
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=8
 2013-02-11 12:35:13 +00:00
Stephan Kulow
9f50c19371 Accepting request 151605 from home:lnussel:branches:devel:openSUSE:Factory 
- prepare for having a signed shim from the UEFI signing service

OBS-URL: https://build.opensuse.org/request/show/151605
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=6
 2013-02-07 16:09:29 +00:00
Stephan Kulow
0f6fe46307 Accepting request 151556 from devel:openSUSE:Factory 
- Sign shim-opensuse.efi and MokManager.efi with the openSUSE cert
- Add shim-keep-unsigned-mokmanager.patch to keep the unsigned
  MokManager and sign it later. (forwarded request 151555 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/151556
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=6
 2013-02-07 13:54:45 +00:00
Stephan Kulow
9239291420 Accepting request 150398 from Base:System 
Add shim-mokmanager-support-crypt-hash-method.patch to support password hash from /etc/shadow (FATE#314506) (forwarded request 150394 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/150398
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=5
 2013-01-30 10:19:49 +00:00
Stephan Kulow
d4ac6df770 Accepting request 150244 from Base:System 
- Embed openSUSE-UEFI-CA-Certificate.crt in shim
- Rename shim-unsigned.efi to shim-opensuse.efi. (forwarded request 150243 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/150244
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=4
 2013-01-29 13:42:18 +00:00
Stephan Kulow
718fa0d383 Accepting request 148928 from Base:System 
- Update shim-mokmanager-new-pw-hash.patch to extend the password
  hash format
- Rename shim.efi as shim-unsigned.efi (forwarded request 148926 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/148928
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=2
 2013-01-20 13:53:46 +00:00
Stephan Kulow
d7945289e5 Accepting request 148684 from Base:System 
the preboot loader for UEFI secureboot

OBS-URL: https://build.opensuse.org/request/show/148684
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=1
 2013-01-17 09:43:06 +00:00