pool/shim
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
260 Commits 2 Branches 0 Tags 16 MiB
6708fb2b48
Commit Graph

260 Commits

This Branch
This Branch
All Branches
Author SHA256 Message Date
Gary Ching-Pang Lin
358e7af8a4 Accepting request 223224 from home:lnussel:branches:devel:openSUSE:Factory 
- allow package to carry multiple signatures
- check correct certificate is embedded

OBS-URL: https://build.opensuse.org/request/show/223224
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=60
 2014-02-21 02:21:37 +00:00
Gary Ching-Pang Lin
12d61956b5 Accepting request 223204 from home:lnussel:branches:devel:openSUSE:Factory 
- always clean up generated files that embed certificates
  (shim_cert.h shim.cer shim.crt) to make sure next build loop
  rebuilds them properly

OBS-URL: https://build.opensuse.org/request/show/223204
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=59
 2014-02-20 10:26:49 +00:00
Gary Ching-Pang Lin
18c5d7ff47 Accepting request 222658 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-bnc863205-mokmanager-fix-hash-delete.patch to fix the
  hash deletion operation to avoid ruining the whole list
  (bnc#863205)

OBS-URL: https://build.opensuse.org/request/show/222658
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=58
 2014-02-18 03:46:55 +00:00
Gary Ching-Pang Lin
63a3d1b717 Accepting request 221745 from home:gary_lin:branches:devel:openSUSE:Factory 
- Update shim-mokx-support.patch to support the resetting of MOK blacklist
- Fix the variable checking in get_variable_attr
- Improve the boot entry pathes and avoid generating the boot entries that are already there
- Update SUSE certificate
- Update scritps to remove the creation of the temporary nss database
- Remove the kernel version of the build server
- Match the the prefix of the project name properly by escaping the percent sign.

OBS-URL: https://build.opensuse.org/request/show/221745
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=57
 2014-02-13 01:57:08 +00:00
Stephan Kulow
0615dc4f67 Accepting request 215490 from devel:openSUSE:Factory 
- enable signature assertion also in SUSE: hierarchy (forwarded request 214707 from lnussel)

OBS-URL: https://build.opensuse.org/request/show/215490
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=29
 2014-01-30 10:37:50 +00:00
Frederic Crozat
f46b6f113f Accepting request 214707 from home:lnussel:branches:devel:openSUSE:Factory 
- enable signature assertion also in SUSE: hierarchy

OBS-URL: https://build.opensuse.org/request/show/214707
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=55
 2014-01-29 10:49:44 +00:00
Stephan Kulow
d1b62e799b Accepting request 209583 from devel:openSUSE:Factory 
handle the error status from ReadKeyStroke to avoid unexpected keys (forwarded request 209582 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/209583
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=28
 2013-12-06 10:48:26 +00:00
Gary Ching-Pang Lin
1e4680c8fe Accepting request 209582 from home:gary_lin:branches:devel:openSUSE:Factory 
handle the error status from ReadKeyStroke to avoid unexpected keys

OBS-URL: https://build.opensuse.org/request/show/209582
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=53
 2013-12-06 07:16:12 +00:00
Gary Ching-Pang Lin
1640d5b323 Accepting request 209456 from home:gary_lin:branches:devel:openSUSE:Factory 
Update to 0.7, include upstream patches, and support MOK blacklist

OBS-URL: https://build.opensuse.org/request/show/209456
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=52
 2013-12-05 02:46:29 +00:00
Stephan Kulow
ebc9d1e0fd Accepting request 205340 from devel:openSUSE:Factory 
- Update microsoft.asc: shim signed by UEFI signing service, based
  on code from "Tue Oct  1 04:29:29 UTC 2013". (forwarded request 205333 from fcrozat)

OBS-URL: https://build.opensuse.org/request/show/205340
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=27
 2013-10-31 15:00:05 +00:00
Gary Ching-Pang Lin
123cf8931f Accepting request 205333 from home:fcrozat:branches:devel:openSUSE:Factory 
- Update microsoft.asc: shim signed by UEFI signing service, based
  on code from "Tue Oct  1 04:29:29 UTC 2013".

OBS-URL: https://build.opensuse.org/request/show/205333
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=50
 2013-10-31 10:33:54 +00:00
Stephan Kulow
1cd0c7adf2 Accepting request 201535 from devel:openSUSE:Factory 
- Add shim-netboot-fixes.patch to include upstream netboot fixes
- Add shim-mokmanager-disable-gfx-console.patch to disable the
  graphics console to avoid system hang on some machines
- Add shim-bnc841426-silence-shim-protocols.patch to silence the
  shim protocols (bnc#841426) (forwarded request 201531 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/201535
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=26
 2013-10-02 11:33:52 +00:00
Gary Ching-Pang Lin
fe27947fc0 Accepting request 201531 from home:gary_lin:branches:devel:openSUSE:Factory 
- Add shim-netboot-fixes.patch to include upstream netboot fixes
- Add shim-mokmanager-disable-gfx-console.patch to disable the
  graphics console to avoid system hang on some machines
- Add shim-bnc841426-silence-shim-protocols.patch to silence the
  shim protocols (bnc#841426)

OBS-URL: https://build.opensuse.org/request/show/201531
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=48
 2013-10-01 07:06:21 +00:00
Stephan Kulow
f0ace7e2ef Accepting request 200509 from devel:openSUSE:Factory 
Create boot.csv in ESP for fallback.efi to restore the boot entry (forwarded request 200505 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/200509
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=25
 2013-09-25 15:20:27 +00:00
Gary Ching-Pang Lin
abecbcfee6 Accepting request 200505 from home:gary_lin:branches:devel:openSUSE:Factory 
Create boot.csv in ESP for fallback.efi to restore the boot entry

OBS-URL: https://build.opensuse.org/request/show/200505
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=46
 2013-09-25 08:08:02 +00:00
Stephan Kulow
62821c12ac Accepting request 199392 from devel:openSUSE:Factory 
OBS-URL: https://build.opensuse.org/request/show/199392
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=23
 2013-09-17 13:03:17 +00:00
Frederic Crozat
7d754a1d6f Accepting request 199366 from home:fcrozat:branches:devel:openSUSE:Factory 
- Update microsoft.asc: shim signed by UEFI signing service, based
  on code from "Fri Sep  6 13:57:36 UTC 2013".
- Improve extract_signature.sh to work on current path.

OBS-URL: https://build.opensuse.org/request/show/199366
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=44
 2013-09-17 09:17:43 +00:00
Stephan Kulow
d3b40f81ac Accepting request 197952 from devel:openSUSE:Factory 
- set timestamp of PE file to time of the binary the signature was
  made for.
- make sure cert.o get's rebuilt for each target

- Update microsoft.asc: shim signed by UEFI signing service, based
  on code from "Wed Aug 28 15:54:38 UTC 2013" (forwarded request 197604 from lnussel)

OBS-URL: https://build.opensuse.org/request/show/197952
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=22
 2013-09-11 11:09:51 +00:00
Gary Ching-Pang Lin
23b0639b8c Accepting request 197604 from home:lnussel:branches:devel:openSUSE:Factory 
- set timestamp of PE file to time of the binary the signature was
  made for.
- make sure cert.o get's rebuilt for each target

- Update microsoft.asc: shim signed by UEFI signing service, based
  on code from "Wed Aug 28 15:54:38 UTC 2013"

OBS-URL: https://build.opensuse.org/request/show/197604
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=42
 2013-09-09 03:29:33 +00:00
Stephan Kulow
72ecfc0c8d Accepting request 196741 from devel:openSUSE:Factory 
- always build a shim that embeds the distro's certificate (e.g.
  shim-opensuse.efi). If the package is built in the devel project
  additionally shim-devel.efi is created. That allows us to either
  load grub2/kernel signed by the distro or signed by the devel
  project, depending on use case. Also shim-$distro.efi from the
  devel project can be used to request additional signatures. (forwarded request 196735 from lnussel)

OBS-URL: https://build.opensuse.org/request/show/196741
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=21
 2013-08-30 09:49:18 +00:00
Gary Ching-Pang Lin
3436d7ba57 Accepting request 196735 from home:lnussel:branches:devel:openSUSE:Factory 
- always build a shim that embeds the distro's certificate (e.g.
  shim-opensuse.efi). If the package is built in the devel project
  additionally shim-devel.efi is created. That allows us to either
  load grub2/kernel signed by the distro or signed by the devel
  project, depending on use case. Also shim-$distro.efi from the
  devel project can be used to request additional signatures.

OBS-URL: https://build.opensuse.org/request/show/196735
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=40
 2013-08-29 08:43:23 +00:00
Stephan Kulow
17697d55a4 Accepting request 196635 from devel:openSUSE:Factory 
- also include old openSUSE 4096 bit certificate to be able to still
  boot kernels signed with that key.
- add show_signatures script (forwarded request 196609 from lnussel)

OBS-URL: https://build.opensuse.org/request/show/196635
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=20
 2013-08-28 19:17:50 +00:00
Gary Ching-Pang Lin
f83d4083f6 Accepting request 196609 from home:lnussel:branches:devel:openSUSE:Factory 
- also include old openSUSE 4096 bit certificate to be able to still
  boot kernels signed with that key.
- add show_signatures script

OBS-URL: https://build.opensuse.org/request/show/196609
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=38
 2013-08-28 09:32:58 +00:00
Stephan Kulow
5f351b95fb Accepting request 196499 from devel:openSUSE:Factory 
- replace the 4096 bit openSUSE UEFI CA certificate with new a
  standard compliant 2048 bit one. (forwarded request 196493 from lnussel)

OBS-URL: https://build.opensuse.org/request/show/196499
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=19
 2013-08-27 19:11:58 +00:00
Gary Ching-Pang Lin
e60c1a0266 Accepting request 196493 from home:lnussel:branches:devel:openSUSE:Factory 
- replace the 4096 bit openSUSE UEFI CA certificate with new a
  standard compliant 2048 bit one.

OBS-URL: https://build.opensuse.org/request/show/196493
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=36
 2013-08-27 07:45:39 +00:00
Tomáš Chvátal
4ab739d4df Accepting request 195856 from devel:openSUSE:Factory 
- fix shell syntax error (forwarded request 195685 from lnussel)

OBS-URL: https://build.opensuse.org/request/show/195856
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=18
 2013-08-22 08:55:23 +00:00
Gary Ching-Pang Lin
79c0b9a33d Accepting request 195685 from home:lnussel:branches:devel:openSUSE:Factory 
- fix shell syntax error

OBS-URL: https://build.opensuse.org/request/show/195685
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=34
 2013-08-22 01:54:02 +00:00
Tomáš Chvátal
38991a68fe Accepting request 186559 from devel:openSUSE:Factory 
- don't include binary in the sources. Instead package the raw
  signature and attach it during build (bnc#813448). (forwarded request 186534 from lnussel)

OBS-URL: https://build.opensuse.org/request/show/186559
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=17
 2013-08-12 12:22:13 +00:00
Gary Ching-Pang Lin
dd00d3c666 Accepting request 186534 from home:lnussel:branches:devel:openSUSE:Factory 
- don't include binary in the sources. Instead package the raw
  signature and attach it during build (bnc#813448).

OBS-URL: https://build.opensuse.org/request/show/186534
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=32
 2013-08-09 09:33:45 +00:00
Stephan Kulow
14c300b041 Accepting request 185350 from devel:openSUSE:Factory 
- Update shim-mokmanager-ui-revamp.patch to include fixes for
  MokManager
  + reboot the system after clearing MOK password
  + fetch more info from X509 name
  + check the suffix of the key file (forwarded request 185349 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/185350
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=16
 2013-08-01 14:08:55 +00:00
Gary Ching-Pang Lin
125b3129ee Accepting request 185349 from home:gary_lin:branches:devel:openSUSE:Factory 
- Update shim-mokmanager-ui-revamp.patch to include fixes for
  MokManager
  + reboot the system after clearing MOK password
  + fetch more info from X509 name
  + check the suffix of the key file

OBS-URL: https://build.opensuse.org/request/show/185349
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=30
 2013-08-01 02:49:52 +00:00
Stephan Kulow
3611bcba62 Accepting request 184040 from devel:openSUSE:Factory 
- Update to 0.4
- Rebase patches
  + shim-suse-build.patch
  + shim-mokmanager-support-crypt-hash-method.patch
  + shim-bnc804631-fix-broken-bootpath.patch
  + shim-bnc798043-no-doulbe-separators.patch
  + shim-bnc807760-change-pxe-2nd-loader-name.patch
  + shim-bnc808106-correct-certcount.patch 
  + shim-mokmanager-ui-revamp.patch
- Add patches
  + shim-merge-lf-loader-code.patch: merge the Linux Foundation
    loader UI code
  + shim-fix-pointer-casting.patch: fix a casting issue and the
    size of an empty vendor cert
  + shim-fix-simple-file-selector.patch: fix the buffer allocation
    in the simple file selector
- Remove upstreamed patches
  + shim-support-mok-delete.patch
  + shim-reboot-after-changes.patch
  + shim-clear-queued-key.patch
  + shim-local-key-sign-mokmanager.patch
  + shim-get-2nd-stage-loader.patch
  + shim-fix-loadoptions.patch
- Remove unused patch: shim-mokmanager-new-pw-hash.patch and
  shim-keep-unsigned-mokmanager.patch
- Install the vendor certificate to /etc/uefi/certs (forwarded request 184039 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/184040
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=15
 2013-07-24 15:29:46 +00:00
Gary Ching-Pang Lin
16ab868efc Accepting request 184039 from home:gary_lin:branches:devel:openSUSE:Factory 
- Update to 0.4
- Rebase patches
  + shim-suse-build.patch
  + shim-mokmanager-support-crypt-hash-method.patch
  + shim-bnc804631-fix-broken-bootpath.patch
  + shim-bnc798043-no-doulbe-separators.patch
  + shim-bnc807760-change-pxe-2nd-loader-name.patch
  + shim-bnc808106-correct-certcount.patch 
  + shim-mokmanager-ui-revamp.patch
- Add patches
  + shim-merge-lf-loader-code.patch: merge the Linux Foundation
    loader UI code
  + shim-fix-pointer-casting.patch: fix a casting issue and the
    size of an empty vendor cert
  + shim-fix-simple-file-selector.patch: fix the buffer allocation
    in the simple file selector
- Remove upstreamed patches
  + shim-support-mok-delete.patch
  + shim-reboot-after-changes.patch
  + shim-clear-queued-key.patch
  + shim-local-key-sign-mokmanager.patch
  + shim-get-2nd-stage-loader.patch
  + shim-fix-loadoptions.patch
- Remove unused patch: shim-mokmanager-new-pw-hash.patch and
  shim-keep-unsigned-mokmanager.patch
- Install the vendor certificate to /etc/uefi/certs

OBS-URL: https://build.opensuse.org/request/show/184039
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=28
 2013-07-23 04:44:22 +00:00
Stephan Kulow
9475b8bd30 Accepting request 174779 from devel:openSUSE:Factory 
Revamp the MokManager UI (forwarded request 174778 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/174779
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=14
 2013-05-13 13:33:43 +00:00
Gary Ching-Pang Lin
e6e545b72a Accepting request 174778 from home:gary_lin:branches:devel:openSUSE:Factory 
Revamp the MokManager UI

OBS-URL: https://build.opensuse.org/request/show/174778
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=26
 2013-05-08 06:52:29 +00:00
Stephan Kulow
942ab24d55 Accepting request 162328 from devel:openSUSE:Factory 
bnc#813079: Call update-bootloader in %post to update *.efi in \efi\opensuse (forwarded request 162327 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/162328
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=13
 2013-04-03 11:06:28 +00:00
Gary Ching-Pang Lin
2e7d74adf8 Accepting request 162327 from home:gary_lin:branches:devel:openSUSE:Factory 
bnc#813079: Call update-bootloader in %post to update *.efi in \efi\opensuse

OBS-URL: https://build.opensuse.org/request/show/162327
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=24
 2013-04-03 06:25:09 +00:00
Stephan Kulow
42aa16d336 Accepting request 157971 from devel:openSUSE:Factory 
bnc#807760: change the PXE 2nd stage loader name
bnc#808106: certificate count of the signature list (forwarded request 157970 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/157971
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=12
 2013-03-08 12:40:37 +00:00
Gary Ching-Pang Lin
6c21f45551 Accepting request 157970 from home:gary_lin:branches:devel:openSUSE:Factory 
bnc#807760: change the PXE 2nd stage loader name
bnc#808106: certificate count of the signature list

OBS-URL: https://build.opensuse.org/request/show/157970
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=22
 2013-03-08 08:06:19 +00:00
Stephan Kulow
f95890ff3a Accepting request 157343 from devel:openSUSE:Factory 
(bnc#798043#c4) remove double seperators from the bootpath (forwarded request 157208 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/157343
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=11
 2013-03-05 12:08:08 +00:00
Gary Ching-Pang Lin
e356a6eeae Accepting request 157208 from home:gary_lin:branches:devel:openSUSE:Factory 
(bnc#798043#c4) remove double seperators from the bootpath

OBS-URL: https://build.opensuse.org/request/show/157208
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=20
 2013-03-05 10:12:49 +00:00
Stephan Kulow
8a311133c8 Accepting request 156904 from devel:openSUSE:Factory 
- sign shim also with openSUSE certificate (forwarded request 156849 from lnussel)

OBS-URL: https://build.opensuse.org/request/show/156904
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=10
 2013-03-01 09:55:08 +00:00
Gary Ching-Pang Lin
d1f2afa617 Accepting request 156849 from home:lnussel:sbtest 
- sign shim also with openSUSE certificate

OBS-URL: https://build.opensuse.org/request/show/156849
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=18
 2013-03-01 03:32:55 +00:00
Michael Schröder
54f4730c79 add changes 
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=17
 2013-02-27 16:19:41 +00:00
Michael Schröder
e60042f553 fix 
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=16
 2013-02-27 15:47:35 +00:00
Michael Schröder
667ecba987 ? 
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=15
 2013-02-27 15:40:36 +00:00
Michael Schröder
0e47eaad06 don't create extra keypair 
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=14
 2013-02-27 15:35:48 +00:00
Michael Schröder
da3221a823 argh 
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=13
 2013-02-27 14:55:04 +00:00
Michael Schröder
c0a6a69e10 - identify project, export certificate as DER file 
OBS-URL: https://build.opensuse.org/package/show/devel:openSUSE:Factory/shim?expand=0&rev=12
 2013-02-27 14:53:25 +00:00
Stephan Kulow
ad1806d035 Accepting request 156082 from devel:openSUSE:Factory 
bnc#804631: fix the broken bootpath generated in generate_path() (forwarded request 156025 from gary_lin)

OBS-URL: https://build.opensuse.org/request/show/156082
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=9
 2013-02-23 15:45:49 +00:00