Sync changes to SLFO-1.2 branch

OBS-URL: https://build.opensuse.org/request/show/1298953
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/shim?expand=0&rev=132

SIGNATURE_UPDATE.txt

@@ -1,25 +0,0 @@
-==== openSUSE ====
-For openSUSE, the devel project of shim is devel:openSUSE:Factory. ALWAYS
-use the latest Leap to build shim-opensuse.efi for UEFI CA. Tumbleweed
-shares the same binary with Leap, so do the older Leap releases.
-
-The steps to udpate signature-opensuse.asc:
-1) Branch devel:openSUSE:Factory/shim.
-2) Add the latest Leap, e.g. 42.2, to the build target.
-3) Build shim-opensuse.efi against the latest Leap.
-4) Strip the signature from shim-opensuse.efi with strip_signature.sh.
-5) Send shim-opensuse.efi to UEFI CA to request a new signature.
-6) Extract the signature from the signed shim.efi with extract_signature.sh
-7) Update signature-opensuse.asc.
-
-==== SLES ===
-Since there is no devel project for shim in SLES, just build shim-sles.efi with
-the latest SLES and then send it to UEFI CA for a new signature.
-
-The steps to update signature-sles.asc:
-1) Branch shim from the latest SLES and apply the update/fix.
-2) Build shim-sles.efi against the latest SLES.
-3) Strip the signature from shim-sles.efi with strip_signature.sh.
-4) Send shim-sles.efi to UEFI CA to request a new signature.
-5) Extract the signature from the signed shim.efi with extract_signature.sh
-6) Update signature-sles.asc.

SLES-UEFI-CA-Certificate.crt

@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE5TCCA82gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjEtMCsGA1UEAwwkU1VT
-RSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTES
-MBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3Rz
-IEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxk
-QHN1c2UuZGUwHhcNMTMwNDE4MTQzMzQxWhcNMzUwMzE0MTQzMzQxWjCBpjEtMCsG
-A1UEAwwkU1VTRSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYD
-VQQGEwJERTESMBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4
-IFByb2R1Y3RzIEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0B
-CQEWDWJ1aWxkQHN1c2UuZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
-AQDN/avXKoT4gcM2NVA1LMfsBPH01sxgS8gTs3SbvfbEP2M+ZlHyfj9ufHZ7cZ1p
-ISoVm6ql5VbIeZgSNc17Y4y4Nynud1C8t2SP/iZK5YMYHGxdtIfv1zPE+Bo/KZqE
-WgHg2YFtMXdiKfXBZRTfSh37t0pGO/OQi6K4JioKw55UtQNggePZWDXtsAviT2vv
-abqLR9+kxdrQ0iWqhWM+LwXbTGkCpg41s8KucLD/JYAxxw05dKPApFDNnz+Ft2L7
-e5JtyB4S0u4PlvQBMNHt4hDs0rK4oeHFLbOxHvjF+nloneWhkg9eT0VCfpAYVYz+
-whMxuCHerDCdmeFrRGEMQz11AgMBAAGjggEaMIIBFjAPBgNVHRMBAf8EBTADAQH/
-MB0GA1UdDgQWBBTsqw1CxFbPdwQ2uXOZOGKWXocmLzCB0wYDVR0jBIHLMIHIgBTs
-qw1CxFbPdwQ2uXOZOGKWXocmL6GBrKSBqTCBpjEtMCsGA1UEAwwkU1VTRSBMaW51
-eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTESMBAGA1UE
-BwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3RzIEdtYkgx
-EzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxkQHN1c2Uu
-ZGWCAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4IBAQASviyFhVqU
-Wc1JUQgXwdljJynTnp0/FQOZJBSe7XdBGPmy91+3ITqrXgyqo/218KISiQl53Qlw
-pq+cIiGRAia1D7p7wbg7wsg+Trt0zZFXes30wfYq5pjfWadEBAgNCffkBz10TSjL
-jQrVwW5N+yUJMoq+r843TzV56Huy6LBOVhI5yTz7X7i2rSJYfyQWM8oeHLj8Yl5M
-rOB9gyTumxB4mOLmSqwKzJiUB0ppGPohdLUSSEKDdo6KSH/GjR7M7uBicwnzwJD3
-SVfT9nx9HKF2nXZlHvs5ViQQru3qP1tc6i0eXEnPTYW2+zkZcN0e5iHyozEZHsO0
-rvc1p6G0YWtO
------END CERTIFICATE-----

attach_signature.sh

@@ -1,14 +0,0 @@
-#!/bin/bash
-# attach ascii armored signature to a PE binary
-set -e
-
-sig="$1"
-infile="$2"
-if [ -z "$sig" -o ! -e "$sig" -o -z "$infile" -o ! -e "$infile" ]; then
-	echo "USAGE: $0 sig.asc file.efi"
-	exit 1
-fi
-
-outfile="${infile%.efi}-signed.efi"
-
-pesign -m "$sig" -i "$infile" -o "$outfile"

extract_signature.sh

@@ -1,15 +0,0 @@
-#!/bin/bash
-# extract ascii armored signature from a PE binary
-set -e
-
-infile="$1"
-
-if [ -z "$infile" -o ! -e "$infile" ]; then
-	echo "USAGE: $0 file.efi"
-	exit 1
-fi
-
-# wtf?
-(pesign -h -P -i "$infile";
-perl $(dirname $0)/timestamp.pl "$infile";
-pesign -a -f -e /dev/stdout -i "$infile")|cat

generate-vendor-dbx.sh

@@ -1,22 +0,0 @@
-#!/bin/bash
-
-set -e
-
-# random UUID for SUSE
-owner=353f0911-0788-451c-aaf7-31688391e8fd
-
-: > vendor-dbx-opensuse.esl
-: > vendor-dbx-sles.esl
-# vendor dbx file with all certs for testing environment
-: > vendor-dbx.esl
-
-for cert in "$@"; do
-	esl="${cert##*/}"
-	esl="${cert%.crt}.esl"
-	cert-to-efi-sig-list -g "$owner" "$cert" "$esl"
-	case "$cert" in
-		*openSUSE*) cat "$esl" >> "vendor-dbx-opensuse.esl" ;;
-		*SLES*) cat "$esl" >> "vendor-dbx-sles.esl" ;;
-	esac
-	cat "$esl" >> "vendor-dbx.esl"
-done

openSUSE-UEFI-CA-Certificate.crt

@@ -1,26 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEdDCCA1ygAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgTEgMB4GA1UEAwwXb3Bl
-blNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJl
-bWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEW
-EmJ1aWxkQG9wZW5zdXNlLm9yZzAeFw0xMzA4MjYxNjEyMDdaFw0zNTA3MjIxNjEy
-MDdaMIGBMSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UE
-BhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJv
-amVjdDEhMB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3t9hknqk/oPRfTtoDrGn8E6Sk/xHPnAt
-Tojcmp76M7Sm2w4jwQ2owdVlBIQE/zpIGE85MuTKTvkEnp8PzSBdYaunANil/yt/
-vuhHwy9bAsi73o4a6UbThu//iJmQ6xCJuIs/PqgHxlV6btNf/IM8PRbtJsUTc5Kx
-cB4ilcgAbCV2RvGi2dCwmGgPpy2xDWeJypRK6hLFkVV2f2x6LvkYiZ/49CRD1TVq
-ywAOLu1L4l0J2BuXcJmeWm+mgaidqVh2fWlxgtO6OpZDm/DaFcZO6cgVuenLx+Rx
-zuoQG2vEKnABqVK0F94AUs995P0PTQMYspAo1G/Erla8NmBJRotrCwIDAQABo4H0
-MIHxMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFGhCYA3iLExHfpW+I9/qlRPl
-lxdiMIGuBgNVHSMEgaYwgaOAFGhCYA3iLExHfpW+I9/qlRPllxdioYGHpIGEMIGB
-MSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMCREUx
-EjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJvamVjdDEh
-MB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnggEBMA4GA1UdDwEB/wQE
-AwIBhjANBgkqhkiG9w0BAQsFAAOCAQEAiqOJwo7Z+YIL8zPO6RkXF6NlgM0zrgZR
-Vim2OId79J38KI6q4FMSDjpgxwbYOmF2O3cI9JSkjHxHOpnYhJsXzCBiLuJ25MY2
-DSbpLlM1Cvs6NZNFw5OCwQvzCOlXH1k3qdBsafto6n87r9P3WSeO1MeWc/QMCvc+
-5K9sjMd6bwl59EEf428R+z5ssaB75JK3yvky9d7DsHN947OCXc3sYdz+DD7Gteds
-LV2Sc//tqmqpm2aeXjptcLAxwM7fLyEQaAyH83egMzEKDxX27jKIxZpTcc0NGqEo
-idC/9lasSzs2BisBxevl3HKDPZSsKIMT+8FdJ5wT9jJf9h9Ktz5Tig==
------END CERTIFICATE-----

remove_build_id.patch

@@ -1,26 +0,0 @@
-Index: shim-15.8/gnu-efi/Make.defaults
-===================================================================
---- shim-15.8.orig/gnu-efi/Make.defaults
-+++ shim-15.8/gnu-efi/Make.defaults
-@@ -205,7 +205,7 @@ endif
- 
- ASFLAGS += $(ARCH3264)
- LDFLAGS	+= -nostdlib --warn-common --no-undefined --fatal-warnings \
--	   --build-id=sha1 --no-warn-rwx-segments
-+	   --no-warn-rwx-segments
- 
- ifneq ($(ARCH),arm)
- export LIBGCC=$(shell $(CC) $(CFLAGS) $(ARCH3264) -print-libgcc-file-name)
-Index: shim-15.8/Make.defaults
-===================================================================
---- shim-15.8.orig/Make.defaults
-+++ shim-15.8/Make.defaults
-@@ -192,7 +192,7 @@ ifneq ($(origin SBAT_AUTOMATIC_DATE), un
- DEFINES		+= -DSBAT_AUTOMATIC_DATE=$(SBAT_AUTOMATIC_DATE)
- endif
- 
--LDFLAGS		= --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(LOCAL_EFI_PATH) -L$(LIBDIR) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1 $(ARCH_LDFLAGS) --no-undefined
-+LDFLAGS		= --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(LOCAL_EFI_PATH) -L$(LIBDIR) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) $(ARCH_LDFLAGS) --no-undefined
- 
- ifneq ($(DEBUG),)
- export DEBUG

revoked-SLES-UEFI-SIGN-Certificate-2013-01.crt

@@ -1,34 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIF/DCCA+SgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjEtMCsGA1UEAwwkU1VT
-RSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTES
-MBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3Rz
-IEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxk
-QHN1c2UuZGUwHhcNMTMwMTIyMTQ1ODUxWhcNMjIxMjAxMTQ1ODUxWjCBqzEyMDAG
-A1UEAwwpU1VTRSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IFNpZ25rZXkx
-CzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0Ug
-TGludXggUHJvZHVjdHMgR21iSDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqG
-SIb3DQEJARYNYnVpbGRAc3VzZS5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAOVY/g3+3Bsa1JZ2hfU+7Fy28h0CKF0Sjqy8J4m9a8yKFoY6rb4hG9MK
-o4wnCJfPab9flWXRk4PFiouI+0nmLJX74U0sq8nKw3Ijl0UojuthXc6CeZH4hIF5
-HDoVhig3SfkUxdT1zZVF4mcYZ3Pf+UlROJ7JpY4sEhtYMY/DJW5qv2HwrzSw427V
-R1upA18U7ddMF5fKoN8vjKVihUFSNK/Up0tOWalxfcG5s9ugjbJgZULsjfcs2+8t
-og46QBjTaR7CtpmPbsaOJb1Z6BGDXsHV5GmaZG00TS0BwRn8mAQ1ske1eIpcqmBN
-q5Mlh6BVaufBot0nXJp9Vnnuib4napkCAwEAAaOCASwwggEoMAwGA1UdEwEB/wQC
-MAAwHQYDVR0OBBYEFD+wd7bOvG/yUi4cFIxXx3fHiOPnMIHTBgNVHSMEgcswgciA
-FD1NQM+ThTkCSxz8WhLe3+ixfnVfoYGspIGpMIGmMS0wKwYDVQQDDCRTVVNFIExp
-bnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYD
-VQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0UgTGludXggUHJvZHVjdHMgR21i
-SDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqGSIb3DQEJARYNYnVpbGRAc3Vz
-ZS5kZYIBATAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJ
-KoZIhvcNAQELBQADggIBAFs0xW7Uzi3a52ho92ninU9yy1doEodWf8f37zmq3Kxf
-v/y+mFCFuMw5zps4xyK1xfDBmVZ6f5GMolfkPnioYzKujqTgFCmKDZXjXIgHEej5
-h+xzCalIYT3XT+JsmKvvZKcFMV9/py7+okEhekyFdak6WbxinisyEh6a7I+edNzB
-2/dPkbIS7x2UmlFzXvAYTCwOqMwCuOWsICK/NRrPlCEdkPJFq2HU11umtZ+U4eCM
-bJcCY2pqIVLxrDgRIMoUeJ7N2XIcfKlP8cHn9eHVWRd+n/v3nlJRvBjlw2d9oTm2
-EB0vfpp01ihr6yvkckLwWHdrRcmiy6OmtTScAEwpMGPmBcFiHIb1nxhPbKqqw9Xb
-t/y8tLRf6HvuhaApJhj3/ZBNLTLRSHk4O4DO4p3GpupPTvfxkx9cg/TxcF0kabPF
-+dwu5cbRZpvBmkQ947aul0y+3QRHgIhmyqdZzC2OuL6Sl74zZc3BgsQsBFeIN4gz
-YBsXtzyEVFsmSSj2ci+9JM8HCfeL0Ux7TeyoN5jAW5F7c8BSBBSSafZYUtq3DZHR
-8ILtz5L7cCLkZY3da5a/csVz3zicnrAG8uiU91Jy6hVh+Y83vARz6hp8O/tX4o00
-9ff5zunFUwyN3/krDEoX6dXMcSh8UftjzvFOYCUfF+cDt9eV8Ix0dcfP/cenyv/t
------END CERTIFICATE-----

revoked-SLES-UEFI-SIGN-Certificate-2013-04.crt

@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE/DCCA+SgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjEtMCsGA1UEAwwkU1VT
-RSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTES
-MBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3Rz
-IEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxk
-QHN1c2UuZGUwHhcNMTMwNDE4MTQzNDM0WhcNMjMwMjI1MTQzNDM0WjCBqzEyMDAG
-A1UEAwwpU1VTRSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IFNpZ25rZXkx
-CzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0Ug
-TGludXggUHJvZHVjdHMgR21iSDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqG
-SIb3DQEJARYNYnVpbGRAc3VzZS5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAOVY/g3+3Bsa1JZ2hfU+7Fy28h0CKF0Sjqy8J4m9a8yKFoY6rb4hG9MK
-o4wnCJfPab9flWXRk4PFiouI+0nmLJX74U0sq8nKw3Ijl0UojuthXc6CeZH4hIF5
-HDoVhig3SfkUxdT1zZVF4mcYZ3Pf+UlROJ7JpY4sEhtYMY/DJW5qv2HwrzSw427V
-R1upA18U7ddMF5fKoN8vjKVihUFSNK/Up0tOWalxfcG5s9ugjbJgZULsjfcs2+8t
-og46QBjTaR7CtpmPbsaOJb1Z6BGDXsHV5GmaZG00TS0BwRn8mAQ1ske1eIpcqmBN
-q5Mlh6BVaufBot0nXJp9Vnnuib4napkCAwEAAaOCASwwggEoMAwGA1UdEwEB/wQC
-MAAwHQYDVR0OBBYEFD+wd7bOvG/yUi4cFIxXx3fHiOPnMIHTBgNVHSMEgcswgciA
-FOyrDULEVs93BDa5c5k4YpZehyYvoYGspIGpMIGmMS0wKwYDVQQDDCRTVVNFIExp
-bnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYD
-VQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0UgTGludXggUHJvZHVjdHMgR21i
-SDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqGSIb3DQEJARYNYnVpbGRAc3Vz
-ZS5kZYIBATAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJ
-KoZIhvcNAQELBQADggEBAFEYo0sWgMCODHZEHWcoltp5RMcVj2DAYfw2NePbPqxW
-AmIgpMU0yG01JPbwJZu6dcuNeYoytgfDrSRLuloKm0JR8oR3+G7/oxbKQCxtMubB
-Qdflq7PIz73b/JSGiV5Pi77f9oAHijgnKEZrz4obs6sFp2gvuMvJ4w9jteCaofpq
-IDNhu7i2KFx4rC6FYF/p6V9xnVwOnZS1G56cJALfP/7kOD4k3TVSMiE2FCS3wLwR
-RI7VE0I/3oJHsi8CR++CT1BI02PI+EWgRcuW8jOzJ3+tYa77HCKpXNyIi7/L5QAK
-N5ZinPyv68tae+GHkL5U2FxLY365gABSXqXUA9mTquU=
------END CERTIFICATE-----

revoked-SLES-UEFI-SIGN-Certificate-2016-02.crt

@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIE/DCCA+SgAwIBAgIBAjANBgkqhkiG9w0BAQsFADCBpjEtMCsGA1UEAwwkU1VT
-RSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTES
-MBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3Rz
-IEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxk
-QHN1c2UuZGUwHhcNMTYwMjI0MTUzMDI3WhcNMjYwMTAyMTUzMDI3WjCBqzEyMDAG
-A1UEAwwpU1VTRSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IFNpZ25rZXkx
-CzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0Ug
-TGludXggUHJvZHVjdHMgR21iSDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqG
-SIb3DQEJARYNYnVpbGRAc3VzZS5kZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAOVY/g3+3Bsa1JZ2hfU+7Fy28h0CKF0Sjqy8J4m9a8yKFoY6rb4hG9MK
-o4wnCJfPab9flWXRk4PFiouI+0nmLJX74U0sq8nKw3Ijl0UojuthXc6CeZH4hIF5
-HDoVhig3SfkUxdT1zZVF4mcYZ3Pf+UlROJ7JpY4sEhtYMY/DJW5qv2HwrzSw427V
-R1upA18U7ddMF5fKoN8vjKVihUFSNK/Up0tOWalxfcG5s9ugjbJgZULsjfcs2+8t
-og46QBjTaR7CtpmPbsaOJb1Z6BGDXsHV5GmaZG00TS0BwRn8mAQ1ske1eIpcqmBN
-q5Mlh6BVaufBot0nXJp9Vnnuib4napkCAwEAAaOCASwwggEoMAwGA1UdEwEB/wQC
-MAAwHQYDVR0OBBYEFD+wd7bOvG/yUi4cFIxXx3fHiOPnMIHTBgNVHSMEgcswgciA
-FOyrDULEVs93BDa5c5k4YpZehyYvoYGspIGpMIGmMS0wKwYDVQQDDCRTVVNFIExp
-bnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYD
-VQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0UgTGludXggUHJvZHVjdHMgR21i
-SDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqGSIb3DQEJARYNYnVpbGRAc3Vz
-ZS5kZYIBATAOBgNVHQ8BAf8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJ
-KoZIhvcNAQELBQADggEBAKMaX+dWtp9Y9SW1XvV3xc/sAURe1uZfEBcd7g+yu9ff
-q/n9pbWW4gz9LtuIudi/CmltNlKHEQnB/RSgAd4VB28g7GeJNKVTn+5z7evgWUOz
-tEB0tHgTfVCx6dYoIsNxT9atIVHREDPXef/s2TARKfpd77BG+X0+ZsvQe8NuooP1
-B+qwl1rXR+cw46Q7dgM5XG418OPZsqHhk/AyC4/slHx65rQ//PBsgSANx8bBUr5Z
-nDzy1X/0aZqB56/e2sscuhjs7IcXNftztewsNB7w4XtmOuVZpj2obAhbWshPaMLY
-4PSS6JTVT/vhDJUJknm4XqbE16d0dSZPn8y1t6Ua0PM=
------END CERTIFICATE-----

revoked-SLES-UEFI-SIGN-Certificate-2020-07.crt

@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFBDCCA+ygAwIBAgIJAO2HhbeP/BJ0MA0GCSqGSIb3DQEBCwUAMIGmMS0wKwYD
-VQQDDCRTVVNFIExpbnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNV
-BAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0UgTGludXgg
-UHJvZHVjdHMgR21iSDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqGSIb3DQEJ
-ARYNYnVpbGRAc3VzZS5kZTAeFw0yMDA3MjMxNDA3MThaFw0yNDA3MjIxNDA3MTha
-MIGrMTIwMAYDVQQDDClTVVNFIExpbnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3Qg
-U2lnbmtleTELMAkGA1UEBhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEhMB8GA1UE
-CgwYU1VTRSBMaW51eCBQcm9kdWN0cyBHbWJIMRMwEQYDVQQLDApCdWlsZCBUZWFt
-MRwwGgYJKoZIhvcNAQkBFg1idWlsZEBzdXNlLmRlMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAwrRYIcn7XQ2/nQfdCUM7EUzIfYB5Lra03/q9nggEfUke
-N5O9qmA9uFWTvgdq2Nh8hia16TawyHMFyUd/PsdU2/pVydC6+OGDxE1sRJvu0pzP
-3wvr+QQXnDjBYon+AGkuw/K8baUInl/1He2idCIB7pH3tGjj6jcorK70yZHU5Hl1
-UwuQXlfQpG3zEJy1yZ7fg3RxAQ/716BOy1CceK0qCLi/qgR8w5GE92Xg1CHZe62u
-I+9EmhXBbY2UcsfxRGEtdCU55L0R/MtHztfVHZw9Vazw8rCCvBjwPOxxjUx5It5N
-yG0JaYXgAXqRXE88Gwo9VlEWNOKrC0vUUfxA63IZ0wIDAQABo4IBLDCCASgwDAYD
-VR0TAQH/BAIwADAdBgNVHQ4EFgQUSrDGl8kQcydsJ97/PCIPsAfh3mEwgdMGA1Ud
-IwSByzCByIAU7KsNQsRWz3cENrlzmThill6HJi+hgaykgakwgaYxLTArBgNVBAMM
-JFNVU0UgTGludXggRW50ZXJwcmlzZSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMC
-REUxEjAQBgNVBAcMCU51cmVtYmVyZzEhMB8GA1UECgwYU1VTRSBMaW51eCBQcm9k
-dWN0cyBHbWJIMRMwEQYDVQQLDApCdWlsZCBUZWFtMRwwGgYJKoZIhvcNAQkBFg1i
-dWlsZEBzdXNlLmRlggEBMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEF
-BQcDAzANBgkqhkiG9w0BAQsFAAOCAQEAazJCs7IIjYUma9ZT1NLJZ7QSy/d6oAaW
-E6JI1u3LHancnU3kXH19U7z1mni74OQdlsbIyfddR+AIvIu1RrepQ6BHNVrXO90J
-LxvORpholbgeXk/FdIHWFu6AhL2jg8UM4Jxq/P3FxckGj25LxCPgd5C/L5ITufhf
-1yPQ3CDxqfUiqlfdrQCROJ21sErLoYXoZim5pd1kT5vimyVrdaLM7eTq6G5LbKZ3
-/TqRXPpVzwZGXXeZvM5s55kGKqNTUIZ2Cft5g9CBkRZujJ5gLGToxUHYbb6Fj5UT
-Xr5Yh68j1IgvhQz+abALb/87Z3r2V+BWh1icc0rnCli1ulmZMd0H8A==
------END CERTIFICATE-----

revoked-SLES-UEFI-SIGN-Certificate-2021-05.crt

@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFBDCCA+ygAwIBAgIJAO2HhbeP/BJ+MA0GCSqGSIb3DQEBCwUAMIGmMS0wKwYD
-VQQDDCRTVVNFIExpbnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNV
-BAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxITAfBgNVBAoMGFNVU0UgTGludXgg
-UHJvZHVjdHMgR21iSDETMBEGA1UECwwKQnVpbGQgVGVhbTEcMBoGCSqGSIb3DQEJ
-ARYNYnVpbGRAc3VzZS5kZTAeFw0yMTAzMDgxMDE1MDhaFw0zMDEyMzExMDE1MDha
-MIGrMTIwMAYDVQQDDClTVVNFIExpbnV4IEVudGVycHJpc2UgU2VjdXJlIEJvb3Qg
-U2lnbmtleTELMAkGA1UEBhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEhMB8GA1UE
-CgwYU1VTRSBMaW51eCBQcm9kdWN0cyBHbWJIMRMwEQYDVQQLDApCdWlsZCBUZWFt
-MRwwGgYJKoZIhvcNAQkBFg1idWlsZEBzdXNlLmRlMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAtvApQ4qgxDibOpYufFyQG3HDsQvwjPfrQHdYqkcKDZvz
-hKFJSpAu4gulkuKnOeMO1+ecpOC9f0G6mbIwYCsM/GKBCUKRQZPOB5eSeGU+NJaI
-XV6IimhfYi3MXmheVrP64Xd6pvcn/iplk2IPLbbdjIeiSImg1xtfnrcaWa+tzOMu
-MAQfF4wUlVnFF4Pnh0goS2sv2Lj3fVQ4XV7d8bsB9gwdWSQQMwbSb5SXoiLZOIrZ
-iI/n6DD5UL8Yap+2f5sBXA1MtonX91MSUu68Vh7l/9UXEntkx5byOdRAKxndIpnP
-QQazhXtQoFskPtVzKs+8jIemDOosn7cTkBgOEP49iQIDAQABo4IBLDCCASgwDAYD
-VR0TAQH/BAIwADAdBgNVHQ4EFgQUWiQESdKf0NinoYfm/A4muV0aqHswgdMGA1Ud
-IwSByzCByIAU7KsNQsRWz3cENrlzmThill6HJi+hgaykgakwgaYxLTArBgNVBAMM
-JFNVU0UgTGludXggRW50ZXJwcmlzZSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMC
-REUxEjAQBgNVBAcMCU51cmVtYmVyZzEhMB8GA1UECgwYU1VTRSBMaW51eCBQcm9k
-dWN0cyBHbWJIMRMwEQYDVQQLDApCdWlsZCBUZWFtMRwwGgYJKoZIhvcNAQkBFg1i
-dWlsZEBzdXNlLmRlggEBMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEF
-BQcDAzANBgkqhkiG9w0BAQsFAAOCAQEAqFI4lVQf3heh0TWrZwc0ej30p1EhVJms
-NxCy/mtn6IDkRzmzAe9F/Tx5B6Kytjtj2WvU2mOhjDW61Tdvk2UBqlapTbT0X2oF
-Co4ww8gm2uDyY3nCEM0jdPj8XnA+T+raxwcw6NosK3J6g+bEWjkX0lWryl1jgxuA
-q3zup4t2rl792z+nAUAmCSrsYeQQxnKIeCvZCYMGgixSoYrv2SxD8hTFC8XW606v
-ITVb9fxaYF1cCjCLjhkQpnegViT0mV5QcPW/IIjqKla1N9sH26buFwcJIHXQRB4h
-1boVtIqiQZOe4BjGRTvRILGOa/WXn8UhQvMc39bCr1SxMRvpCV7zKw==
------END CERTIFICATE-----

revoked-openSUSE-UEFI-SIGN-Certificate-2013-01.crt

@@ -1,32 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIFjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgTEgMB4GA1UEAwwXb3Bl
-blNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJl
-bWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEW
-EmJ1aWxkQG9wZW5zdXNlLm9yZzAeFw0xMzAxMjgxNTEwMjhaFw0yMjEyMDcxNTEw
-MjhaMIGGMSUwIwYDVQQDDBxvcGVuU1VTRSBTZWN1cmUgQm9vdCBTaWdua2V5MQsw
-CQYDVQQGEwJERTESMBAGA1UEBwwJTnVyZW1iZXJnMRkwFwYDVQQKDBBvcGVuU1VT
-RSBQcm9qZWN0MSEwHwYJKoZIhvcNAQkBFhJidWlsZEBvcGVuc3VzZS5vcmcwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLNeCcz9j3S+vjlCzyEXczhpwo
-HRneRWkhXqCUSgu1QS5nAWuRdjqFZipji4cr6JSKEm4lE7AHPygrdiU+KbJVQuc7
-RCQdt5kyy0TStIjLqU+nswa+XKruKwQJquxYY1rIYsfZaEP7vQ6S/0zsAkS8lcmf
-0b4h+PSybVoK1U2YZczBjO/f8p/aRQV2+RrAi9UcBfLAuEqwEt9DytULGEazA77N
-p9cBgPHFyu7ZOh9KM31QAavXOkhuYllzYh447zIx7lgYfVkFivt91A1enUeb2K+2
-EZ885xOE5ADsCpeJIpDzFObfwXUHrSQ42OCP9rnA20XjboFcHinQeK5sp0sfAgMB
-AAGjggEHMIIBAzAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQDMvqcvw2IvyGSSw3o
-KgmlTV3vyDCBrgYDVR0jBIGmMIGjgBSZDSa38E3ZzmTn0Y79aHtKXeKGpaGBh6SB
-hDCBgTEgMB4GA1UEAwwXb3BlblNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYT
-AkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2pl
-Y3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNlLm9yZ4IBATAOBgNVHQ8B
-Af8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggIB
-AK25J4ntAoU8yF37KEUEFnh0WElBVYinTCB3VVNq0nJbcLq2Ak/yPb4/hVJGvUQx
-M2EgafGBfjA6sVvqvZEqbn0bQnSTJqjlwAUpzVB9ll3vanT0SwwmRdbHtFLfkmfc
-6sv7dUsizScXeth2C7vf2rxqJKBIdCs7EkUWibKm34y59wJYqsZT/jLeFraLi/+R
-NWeiWY9AlyXm5QzNqEr3qqhVQohKI0gRUwJS0dx3xSMFd8td+q+22iYuNMx2Dk3A
-D9HenFMZiSw4r+8R5mm8Dn6DJEB7Y5mJhR1zZk7Q3gVhwjeR/sdrIF9K8tSkyIHt
-T4f+qNF1vBfQ9+8zHqQ/X2o2Cky/eyW9rx3V/fYLOXzOdbxIy5nDOd5gbXIDoZNV
-cJn/af+MgMrUI7vqDZ1A1UmwKSAJRZjIJCX+2mjrAtQl9W7h8qZt2Hgq/4zCCNSH
-v4gGoDtYEtcvs1kqS56/XQRyZikDfEUkBE1hXOW4hepuS9Zs6LihGpKSffqQH0Oy
-gvCaWjLNzErjx5Hl9pTvH2qkLLX6P1i/YubW+3E6AuDks9u6eF78GkKb6ALsczQf
-jHf22C1rl9y3Ex+9q3vKzeo9HtIBv/FEyt+GEzdCXdf4Lmjmf1l1uBX6+EJFAVsG
-UPxqiJZLOo8dEbWIDzoxE8vXjZTNFBA9mkYmipdZwGaV
------END CERTIFICATE-----

revoked-openSUSE-UEFI-SIGN-Certificate-2013-08.crt

@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEjTCCA3WgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgTEgMB4GA1UEAwwXb3Bl
-blNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJl
-bWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEW
-EmJ1aWxkQG9wZW5zdXNlLm9yZzAeFw0xMzA4MjYxNjE4MzdaFw0yMzA3MDUxNjE4
-MzdaMIGGMSUwIwYDVQQDDBxvcGVuU1VTRSBTZWN1cmUgQm9vdCBTaWdua2V5MQsw
-CQYDVQQGEwJERTESMBAGA1UEBwwJTnVyZW1iZXJnMRkwFwYDVQQKDBBvcGVuU1VT
-RSBQcm9qZWN0MSEwHwYJKoZIhvcNAQkBFhJidWlsZEBvcGVuc3VzZS5vcmcwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDLNeCcz9j3S+vjlCzyEXczhpwo
-HRneRWkhXqCUSgu1QS5nAWuRdjqFZipji4cr6JSKEm4lE7AHPygrdiU+KbJVQuc7
-RCQdt5kyy0TStIjLqU+nswa+XKruKwQJquxYY1rIYsfZaEP7vQ6S/0zsAkS8lcmf
-0b4h+PSybVoK1U2YZczBjO/f8p/aRQV2+RrAi9UcBfLAuEqwEt9DytULGEazA77N
-p9cBgPHFyu7ZOh9KM31QAavXOkhuYllzYh447zIx7lgYfVkFivt91A1enUeb2K+2
-EZ885xOE5ADsCpeJIpDzFObfwXUHrSQ42OCP9rnA20XjboFcHinQeK5sp0sfAgMB
-AAGjggEHMIIBAzAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBQDMvqcvw2IvyGSSw3o
-KgmlTV3vyDCBrgYDVR0jBIGmMIGjgBRoQmAN4ixMR36VviPf6pUT5ZcXYqGBh6SB
-hDCBgTEgMB4GA1UEAwwXb3BlblNVU0UgU2VjdXJlIEJvb3QgQ0ExCzAJBgNVBAYT
-AkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoMEG9wZW5TVVNFIFByb2pl
-Y3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNlLm9yZ4IBATAOBgNVHQ8B
-Af8EBAMCB4AwEwYDVR0lBAwwCgYIKwYBBQUHAwMwDQYJKoZIhvcNAQELBQADggEB
-AI3sxNvPFB/+Cjj9GVCvNbaOGFV+5X6Dd7ZMJat0xI93GS+FvUOO1i53iCpnfSld
-gE+2chifX2W3u6RyiJTTfwke4EVU4GWjFy78WwwszCih0byVa/YSQguvPuMjvQY6
-mw+exom0ri68328yWb1oCDaPOhI9Fr51hj50yUWWBbmpu2YPi5blN6CBE+9B2cbp
-HVDPxoUWjYJ9leK951nfSu0E1+cLNYDpZ39h4dBHNvU1a3AueVKIXyEYaiwy0VDS
-8CQJluUCE4eLlt/cbJqMs0/iY7nRnbVOOyZUYTYxq7ACvDrMyStkfdR4KLDzvLWo
-8Gu+1aY2qw6wZ+TKiiRRYjQ=
------END CERTIFICATE-----

revoked-openSUSE-UEFI-SIGN-Certificate-2020-01.crt

@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIElTCCA32gAwIBAgIJAPq+2L9Aml5gMA0GCSqGSIb3DQEBCwUAMIGBMSAwHgYD
-VQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMCREUxEjAQBgNV
-BAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJvamVjdDEhMB8GCSqG
-SIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnMB4XDTIwMDEwODE2MjU1NFoXDTI5
-MTExNjE2MjU1NFowgYYxJTAjBgNVBAMMHG9wZW5TVVNFIFNlY3VyZSBCb290IFNp
-Z25rZXkxCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoM
-EG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNl
-Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMs14JzP2PdL6+OU
-LPIRdzOGnCgdGd5FaSFeoJRKC7VBLmcBa5F2OoVmKmOLhyvolIoSbiUTsAc/KCt2
-JT4pslVC5ztEJB23mTLLRNK0iMupT6ezBr5cqu4rBAmq7FhjWshix9loQ/u9DpL/
-TOwCRLyVyZ/RviH49LJtWgrVTZhlzMGM79/yn9pFBXb5GsCL1RwF8sC4SrAS30PK
-1QsYRrMDvs2n1wGA8cXK7tk6H0ozfVABq9c6SG5iWXNiHjjvMjHuWBh9WQWK+33U
-DV6dR5vYr7YRnzznE4TkAOwKl4kikPMU5t/BdQetJDjY4I/2ucDbReNugVweKdB4
-rmynSx8CAwEAAaOCAQcwggEDMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFAMy+py/
-DYi/IZJLDegqCaVNXe/IMIGuBgNVHSMEgaYwgaOAFGhCYA3iLExHfpW+I9/qlRPl
-lxdioYGHpIGEMIGBMSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTEL
-MAkGA1UEBhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNV
-U0UgUHJvamVjdDEhMB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnggEB
-MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0B
-AQsFAAOCAQEAUWNziRn2X/uOcFWaCkKqIVa0xlk8joaztllVkRLoDpv97O6p087k
-OOfqNsv1gUgIHqQvZ9Z2woQcpd2gUa0uj5yqpqSGp0eSEtBOOKApVuybplTDSyC3
-6ENwF5BKMJ8ysURsIx6ZGCq1PbaruA28sG/XFrhxjezLwN9mcmLd6nCd4xmPuH78
-IsHPP6c6VzrFtNN3yP5ZIs9bIzDHTf2qGXvVYhLBrNuTczTwUzeSfKG+qpP/dO1I
-EGtd7tTFPTqNwXkWq3oat9TVYMdPLRWWZ2zzE65k0rdSSJTgc/1Z4WSKb55J6FMP
-8MJRwgi62+9JF6hsBy7WuBE8cWvtIwbyYA==
------END CERTIFICATE-----

revoked-openSUSE-UEFI-SIGN-Certificate-2020-07.crt

@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIElTCCA32gAwIBAgIJAPq+2L9Aml5jMA0GCSqGSIb3DQEBCwUAMIGBMSAwHgYD
-VQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMCREUxEjAQBgNV
-BAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJvamVjdDEhMB8GCSqG
-SIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnMB4XDTIwMDgwMzEyMzUzOVoXDTMw
-MDYxMjEyMzUzOVowgYYxJTAjBgNVBAMMHG9wZW5TVVNFIFNlY3VyZSBCb290IFNp
-Z25rZXkxCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoM
-EG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNl
-Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKVKfWLm7OvwYpDO
-4s0qzbUDWG2GTlxFOkZe4XaFsjxAnmuXZTVm1SJ3N12zSdRH60YMqcns7yuISYQz
-0K79shGDOfktO8iqxSE0JdUvhEFnJUECaXYAq+ioiSwkm7QQWhHAUE3htshJeMt4
-SK4dTGmTQNQBKCZ3xQTTHi1sOl8wYt0QdhkucqvgDUyPaxHrI4LV1OV9R3XjGclG
-ZD6QEkXLhVcir2yLIA9G1qPZDXpNbrdfSx3GDEnSsD+GS0D/k5oe32w1KGMnEM/S
-fYrY1nsP6/k0hVO1KH9WJWV/DUoyO/4U75C6swg7SVTxyigT3s92/UV4N9Es5kZv
-aHhsuncCAwEAAaOCAQcwggEDMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFMi9x6wa
-HYWWYhf9k+v8FPSiALgUMIGuBgNVHSMEgaYwgaOAFGhCYA3iLExHfpW+I9/qlRPl
-lxdioYGHpIGEMIGBMSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTEL
-MAkGA1UEBhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNV
-U0UgUHJvamVjdDEhMB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnggEB
-MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0B
-AQsFAAOCAQEAS1NWAHYBV1uaK7wE6c+Xz8t4c2hgTkFR4E0iVZ+2aTz8OFzztQZq
-CyZ9QYgSpApmvwmgFEQog6UUzw2f19W7qhIskDHfhBmK2uQtazHZ/Pd8oXyHrbgK
-TVh7GDc9OjrZe2wg03Q0N/KVUHD5lKYXY4rfAqKdc1XKfo7t8GIu+TnWDLXWVI40
-oDIXwSmg+JOZFXpf9cxZ2zENZnsaH0KTKNk6bNq8wjum4W54Tgk7UbDE6roJp5C3
-7cUt/j+dL00gyFK66PFR1wXflZFtKixxVbMOLa13ZldsuNs0ye6whPqIKZ9ev4M4
-rjWQD5k14Ui+48/MDJt4Nc2Sm1LYrdXJMw==
------END CERTIFICATE-----

revoked-openSUSE-UEFI-SIGN-Certificate-2021-05.crt

@@ -1,27 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIElTCCA32gAwIBAgIJAPq+2L9Aml5kMA0GCSqGSIb3DQEBCwUAMIGBMSAwHgYD
-VQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTELMAkGA1UEBhMCREUxEjAQBgNV
-BAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNVU0UgUHJvamVjdDEhMB8GCSqG
-SIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnMB4XDTIxMDMwMjEzMDE1NFoXDTMx
-MDEwOTEzMDE1NFowgYYxJTAjBgNVBAMMHG9wZW5TVVNFIFNlY3VyZSBCb290IFNp
-Z25rZXkxCzAJBgNVBAYTAkRFMRIwEAYDVQQHDAlOdXJlbWJlcmcxGTAXBgNVBAoM
-EG9wZW5TVVNFIFByb2plY3QxITAfBgkqhkiG9w0BCQEWEmJ1aWxkQG9wZW5zdXNl
-Lm9yZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPLI9AESuA0aqXLg
-RwX7lU1td6HhC3Oj+kwKJJvF/kwA+1viW/1cC4vS9muigFHe3b4CPwZ9WRxb5Wyi
-3nxP1fjYwFmygBnqWvzMTxGZBFuhcQQpSPDbjWOEiFspVZbvkBF7t0cu1EcpKaHl
-+pPqVdWrh11mk7bSjnYGAZ0BFHQ3bnhCuH1+p4PIMLAFZIRQ9suW9t5caOoHK6pi
-fisOYy+WR3a/2AFTCZIdZIueVpvPHhGgjEDoE0wnoAg5lKDn+SAUS7JiWy/hdT2U
-c/OjH1onXi99kTWDOMwQA+g2d7JAPtLuepcKpiUbFaR+7KJYWhkfit6WYz40sC6Q
-PMAHIj8CAwEAAaOCAQcwggEDMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFJ3fQ9nx
-oCcnP1LGwHdZCO4BZxMlMIGuBgNVHSMEgaYwgaOAFGhCYA3iLExHfpW+I9/qlRPl
-lxdioYGHpIGEMIGBMSAwHgYDVQQDDBdvcGVuU1VTRSBTZWN1cmUgQm9vdCBDQTEL
-MAkGA1UEBhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEZMBcGA1UECgwQb3BlblNV
-U0UgUHJvamVjdDEhMB8GCSqGSIb3DQEJARYSYnVpbGRAb3BlbnN1c2Uub3JnggEB
-MA4GA1UdDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzANBgkqhkiG9w0B
-AQsFAAOCAQEAnjK7rL3T/Fu443EQSB3cV2V84pQcOcQf3dCSx8VT14ZTgkp1RGM4
-qr4V8foA7Fyr9UE+x2zEMzcVy2eZ2aihO/qaQ/JGZi8cp1pjq0nNMUQjgXF0YGyn
-Qanjb/48V5eOF9Z1h/wQ0HISTdkwsvGUS0leHT3LjXWNRL9QBp1Qi5A5IE5t8vpX
-OxAvHNTsKsx6x2p8R3yVLX7rY84xvBJCqHDY9tYDQ2VbVX7CEw5x9FffobYpY/s1
-lCV/fhOThm/q/p9Pr3hydxKP4PoxxwBtII/p0zJTMWEEfOsK/zAS3v8Ltlz83gTk
-WX+2oXpj/WRFsYWIEXTPwEm4MwYWxw5rMw==
------END CERTIFICATE-----

shim-15.8.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:a79f0a9b89f3681ab384865b1a46ab3f79d88b11b4ca59aa040ab03fffae80a9
-size 2315201

shim-arch-independent-names.patch

@@ -1,61 +0,0 @@
-From 71ca8f761fb5434ef65895345d96ccf063da7d66 Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin@suse.com>
-Date: Tue, 22 Aug 2017 12:43:36 +0800
-Subject: [PATCH] Make the names of EFI binaries arch-independent
-
-Since we only build the 64-bit binaries, we don't have the issue of the
-mixed architecture binaries in the same directory. Besides, we will use
-the same install script for x86_64 and AArch64. It's easier to maintain
-the script with the same names.
-
-Signed-off-by: Gary Lin <glin@suse.com>
----
- fallback.c | 2 +-
- shim.c     | 2 +-
- shim.h     | 4 ++--
- 3 files changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/fallback.c b/fallback.c
-index fc81c5e4..44b2d464 100644
---- a/fallback.c
-+++ b/fallback.c
-@@ -1058,7 +1058,7 @@ debug_hook(void)
- 
- 	x = 1;
- 	console_print(L"add-symbol-file "DEBUGDIR
--		      L"fb" EFI_ARCH L".efi.debug %p -s .data %p\n",
-+		      L"fallback.efi.debug %p -s .data %p\n",
- 		      &_etext, &_edata);
- }
- 
-diff --git a/shim.c b/shim.c
-index 765c9254..6751a2bc 100644
---- a/shim.c
-+++ b/shim.c
-@@ -1811,7 +1811,7 @@ debug_hook(void)
- 	FreePool(data);
- 
- 	console_print(L"add-symbol-file "DEBUGDIR
--		      L"shim" EFI_ARCH L".efi.debug 0x%08x -s .data 0x%08x\n",
-+		      L"shim.efi.debug 0x%08x -s .data 0x%08x\n",
- 		      &_text, &_data);
- 
- 	console_print(L"Pausing for debugger attachment.\n");
-diff --git a/shim.h b/shim.h
-index 0a6c8cfa..b9c3c4d8 100644
---- a/shim.h
-+++ b/shim.h
-@@ -105,8 +105,8 @@
- #define DEBUGSRC L"/usr/src/debug/shim-" VERSIONSTR "." EFI_ARCH
- #endif
- 
--#define FALLBACK L"\\fb" EFI_ARCH L".efi"
--#define MOK_MANAGER L"\\mm" EFI_ARCH L".efi"
-+#define FALLBACK L"\\fallback.efi"
-+#define MOK_MANAGER L"\\MokManager.efi"
- 
- #if defined(VENDOR_DB_FILE)
- # define vendor_authorized vendor_db
--- 
-2.29.2
-

shim-bsc1177315-verify-eku-codesign.patch

@@ -1,696 +0,0 @@
-From 6ff890bf0af9d37acc6ea8ad64f597060e8bb143 Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin@suse.com>
-Date: Wed, 14 Oct 2020 14:31:12 +0800
-Subject: [PATCH] Enforce EKU CodeSign extension check
-
-Per NIAP OS_PP, the signer certificate of the UEFI image has to contain
-"CodeSign" extension in its Extended Key Usage(EKU).
-
-This commit borrows VerifyEKUsInPkcs7Signature() from edk2 and enforces
-the CodeSign check in Pkcs7Verify().
-+ Also merged the buffer use-after-free fix (*)
-
-(*) https://bugzilla.tianocore.org/show_bug.cgi?id=2459
-
-Signed-off-by: Gary Lin <glin@suse.com>
----
- Cryptlib/InternalCryptLib.h       |  32 ++
- Cryptlib/Library/BaseCryptLib.h   |  40 +++
- Cryptlib/Makefile                 |   1 +
- Cryptlib/Pk/CryptPkcs7Verify.c    |  10 +
- Cryptlib/Pk/CryptPkcs7VerifyEku.c | 516 ++++++++++++++++++++++++++++++
- 5 files changed, 599 insertions(+)
- create mode 100644 Cryptlib/Pk/CryptPkcs7VerifyEku.c
-
-diff --git a/Cryptlib/InternalCryptLib.h b/Cryptlib/InternalCryptLib.h
-index e9a4c20..8c9a2a4 100644
---- a/Cryptlib/InternalCryptLib.h
-+++ b/Cryptlib/InternalCryptLib.h
-@@ -30,5 +30,37 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
- #define OBJ_length(o) ((o)->length)
- #endif
- 
-+/**
-+  Check input P7Data is a wrapped ContentInfo structure or not. If not construct
-+  a new structure to wrap P7Data.
-+
-+  Caution: This function may receive untrusted input.
-+  UEFI Authenticated Variable is external input, so this function will do basic
-+  check for PKCS#7 data structure.
-+
-+  @param[in]  P7Data       Pointer to the PKCS#7 message to verify.
-+  @param[in]  P7Length     Length of the PKCS#7 message in bytes.
-+  @param[out] WrapFlag     If TRUE P7Data is a ContentInfo structure, otherwise
-+                           return FALSE.
-+  @param[out] WrapData     If return status of this function is TRUE:
-+                           1) when WrapFlag is TRUE, pointer to P7Data.
-+                           2) when WrapFlag is FALSE, pointer to a new ContentInfo
-+                           structure. It's caller's responsibility to free this
-+                           buffer.
-+  @param[out] WrapDataSize Length of ContentInfo structure in bytes.
-+
-+  @retval     TRUE         The operation is finished successfully.
-+  @retval     FALSE        The operation is failed due to lack of resources.
-+
-+**/
-+BOOLEAN
-+WrapPkcs7Data (
-+  IN  CONST UINT8  *P7Data,
-+  IN  UINTN        P7Length,
-+  OUT BOOLEAN      *WrapFlag,
-+  OUT UINT8        **WrapData,
-+  OUT UINTN        *WrapDataSize
-+  );
-+
- #endif
- 
-diff --git a/Cryptlib/Library/BaseCryptLib.h b/Cryptlib/Library/BaseCryptLib.h
-index 2df8bd2..ed482d3 100644
---- a/Cryptlib/Library/BaseCryptLib.h
-+++ b/Cryptlib/Library/BaseCryptLib.h
-@@ -2403,6 +2403,46 @@ Pkcs7Verify (
-   IN  UINTN        DataLength
-   );
- 
-+/**
-+  This function receives a PKCS#7 formatted signature blob,
-+  looks for the EKU SEQUENCE blob, and if found then looks
-+  for all the required EKUs. This function was created so that
-+  the Surface team can cut down on the number of Certificate
-+  Authorities (CA's) by checking EKU's on leaf signers for
-+  a specific product. This prevents one product's certificate
-+  from signing another product's firmware or unlock blobs.
-+
-+  Note that this function does not validate the certificate chain.
-+  That needs to be done before using this function.
-+
-+  @param[in]  Pkcs7Signature       The PKCS#7 signed information content block. An array
-+                                   containing the content block with both the signature,
-+                                   the signer's certificate, and any necessary intermediate
-+                                   certificates.
-+  @param[in]  Pkcs7SignatureSize   Number of bytes in Pkcs7Signature.
-+  @param[in]  RequiredEKUs         Array of null-terminated strings listing OIDs of
-+                                   required EKUs that must be present in the signature.
-+  @param[in]  RequiredEKUsSize     Number of elements in the RequiredEKUs string array.
-+  @param[in]  RequireAllPresent    If this is TRUE, then all of the specified EKU's
-+                                   must be present in the leaf signer.  If it is
-+                                   FALSE, then we will succeed if we find any
-+                                   of the specified EKU's.
-+
-+  @retval EFI_SUCCESS              The required EKUs were found in the signature.
-+  @retval EFI_INVALID_PARAMETER    A parameter was invalid.
-+  @retval EFI_NOT_FOUND            One or more EKU's were not found in the signature.
-+
-+**/
-+EFI_STATUS
-+EFIAPI
-+VerifyEKUsInPkcs7Signature (
-+  IN CONST UINT8    *Pkcs7Signature,
-+  IN CONST UINT32   SignatureSize,
-+  IN CONST CHAR8    *RequiredEKUs[],
-+  IN CONST UINT32   RequiredEKUsSize,
-+  IN BOOLEAN        RequireAllPresent
-+  );
-+
- /**
-   Extracts the attached content from a PKCS#7 signed data if existed. The input signed
-   data could be wrapped in a ContentInfo structure.
-diff --git a/Cryptlib/Makefile b/Cryptlib/Makefile
-index 18a33b1..a1d8b02 100644
---- a/Cryptlib/Makefile
-+++ b/Cryptlib/Makefile
-@@ -41,6 +41,7 @@ OBJS		=   Hash/CryptMd4Null.o \
- 		    Pk/CryptRsaExtNull.o \
- 		    Pk/CryptPkcs7SignNull.o \
- 		    Pk/CryptPkcs7Verify.o \
-+		    Pk/CryptPkcs7VerifyEku.o \
- 		    Pk/CryptDhNull.o \
- 		    Pk/CryptTs.o \
- 		    Pk/CryptX509.o \
-diff --git a/Cryptlib/Pk/CryptPkcs7Verify.c b/Cryptlib/Pk/CryptPkcs7Verify.c
-index 09895d8..da15be2 100644
---- a/Cryptlib/Pk/CryptPkcs7Verify.c
-+++ b/Cryptlib/Pk/CryptPkcs7Verify.c
-@@ -29,6 +29,8 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
- #include <openssl/pkcs7.h>
- 
- UINT8 mOidValue[9] = { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02 };
-+/* EKU CodeSign */
-+CHAR8 mOidCodeSign[] = "1.3.6.1.5.5.7.3.3";
- 
- #if 1
- #if OPENSSL_VERSION_NUMBER < 0x10100000L
-@@ -846,6 +848,8 @@ Pkcs7Verify (
-   CONST UINT8 *Temp;
-   UINTN       SignedDataSize;
-   BOOLEAN     Wrapped;
-+  CONST CHAR8 *Ekus[1];
-+  EFI_STATUS  EFI_Status;
- 
-   //
-   // Check input parameters.
-@@ -859,6 +863,7 @@ Pkcs7Verify (
-   DataBio   = NULL;
-   Cert      = NULL;
-   CertStore = NULL;
-+  Ekus[0]   = mOidCodeSign;
- 
-   //
-   // Register & Initialize necessary digest algorithms for PKCS#7 Handling
-@@ -958,6 +963,11 @@ Pkcs7Verify (
-   //
-   X509_STORE_set_purpose (CertStore, X509_PURPOSE_ANY);
- 
-+  EFI_Status = VerifyEKUsInPkcs7Signature(P7Data, P7Length, Ekus, 1, TRUE);
-+  if (EFI_Status != EFI_SUCCESS) {
-+	  goto _Exit;
-+  }
-+
-   //
-   // Verifies the PKCS#7 signedData structure
-   //
-diff --git a/Cryptlib/Pk/CryptPkcs7VerifyEku.c b/Cryptlib/Pk/CryptPkcs7VerifyEku.c
-new file mode 100644
-index 0000000..2c172e2
---- /dev/null
-+++ b/Cryptlib/Pk/CryptPkcs7VerifyEku.c
-@@ -0,0 +1,516 @@
-+/** @file
-+  This module verifies that Enhanced Key Usages (EKU's) are present within
-+  a PKCS7 signature blob using OpenSSL.
-+
-+  Copyright (C) Microsoft Corporation. All Rights Reserved.
-+  Copyright (c) 2019, Intel Corporation. All rights reserved.<BR>
-+
-+  SPDX-License-Identifier: BSD-2-Clause-Patent
-+
-+**/
-+
-+#include <Base.h>
-+#include "InternalCryptLib.h"
-+#include <openssl/x509v3.h>
-+#include <openssl/asn1.h>
-+#include <openssl/x509.h>
-+#include <openssl/bio.h>
-+#include <openssl/x509.h>
-+#include <openssl/pkcs7.h>
-+#include <openssl/bn.h>
-+#include <openssl/x509_vfy.h>
-+#include <openssl/pem.h>
-+#include <openssl/evp.h>
-+#include <openssl/asn1.h>
-+
-+/**
-+  This function will return the leaf signer certificate in a chain.  This is
-+  required because certificate chains are not guaranteed to have the
-+  certificates in the order that they were issued.
-+
-+  A typical certificate chain looks like this:
-+
-+
-+                 ----------------------------
-+                |            Root            |
-+                 ----------------------------
-+                               ^
-+                               |
-+                 ----------------------------
-+                |          Policy CA         | <-- Typical Trust Anchor.
-+                 ----------------------------
-+                               ^
-+                               |
-+                 ----------------------------
-+                |         Issuing CA         |
-+                 ----------------------------
-+                               ^
-+                               |
-+                 -----------------------------
-+                /  End-Entity (leaf) signer  / <-- Bottom certificate.
-+                -----------------------------  EKU: "1.3.6.1.4.1.311.76.9.21.1"
-+                                                    (Firmware Signing)
-+
-+
-+  @param[in]   CertChain            Certificate chain.
-+
-+  @param[out]  SignerCert           Last certificate in the chain.  For PKCS7 signatures,
-+                                    this will be the end-entity (leaf) signer cert.
-+
-+  @retval EFI_SUCCESS               The required EKUs were found in the signature.
-+  @retval EFI_INVALID_PARAMETER     A parameter was invalid.
-+  @retval EFI_NOT_FOUND             The number of signers found was not 1.
-+
-+**/
-+EFI_STATUS
-+GetSignerCertificate (
-+  IN CONST PKCS7 *CertChain,
-+  OUT X509       **SignerCert
-+  )
-+{
-+  EFI_STATUS      Status;
-+  STACK_OF(X509)  *Signers;
-+  INT32           NumberSigners;
-+
-+  Status         = EFI_SUCCESS;
-+  Signers        = NULL;
-+  NumberSigners  = 0;
-+
-+  if (CertChain == NULL || SignerCert == NULL) {
-+    Status = EFI_INVALID_PARAMETER;
-+    goto Exit;
-+  }
-+
-+  //
-+  // Get the signers from the chain.
-+  //
-+  Signers = PKCS7_get0_signers ((PKCS7*) CertChain, NULL, PKCS7_BINARY);
-+  if (Signers == NULL) {
-+    //
-+    // Fail to get signers form PKCS7
-+    //
-+    Status = EFI_INVALID_PARAMETER;
-+    goto Exit;
-+  }
-+
-+  //
-+  // There should only be one signer in the PKCS7 stack.
-+  //
-+  NumberSigners = sk_X509_num (Signers);
-+  if (NumberSigners != 1) {
-+    //
-+    // The number of singers should have been 1
-+    //
-+    Status = EFI_NOT_FOUND;
-+    goto Exit;
-+  }
-+
-+  *SignerCert = sk_X509_value (Signers, 0);
-+
-+Exit:
-+  //
-+  // Release Resources
-+  //
-+  if (Signers != NULL) {
-+    sk_X509_free (Signers);
-+  }
-+
-+  return Status;
-+}
-+
-+
-+/**
-+  Determines if the specified EKU represented in ASN1 form is present
-+  in a given certificate.
-+
-+  @param[in]  Cert                  The certificate to check.
-+
-+  @param[in]  Asn1ToFind            The EKU to look for.
-+
-+  @retval EFI_SUCCESS               We successfully identified the signing type.
-+  @retval EFI_INVALID_PARAMETER     A parameter was invalid.
-+  @retval EFI_NOT_FOUND             One or more EKU's were not found in the signature.
-+
-+**/
-+EFI_STATUS
-+IsEkuInCertificate (
-+  IN CONST X509  *Cert,
-+  IN ASN1_OBJECT *Asn1ToFind
-+  )
-+{
-+  EFI_STATUS          Status;
-+  X509                *ClonedCert;
-+  X509_EXTENSION      *Extension;
-+  EXTENDED_KEY_USAGE  *Eku;
-+  INT32               ExtensionIndex;
-+  INTN                NumExtensions;
-+  ASN1_OBJECT         *Asn1InCert;
-+  INTN                Index;
-+
-+  Status            = EFI_NOT_FOUND;
-+  ClonedCert        = NULL;
-+  Extension         = NULL;
-+  Eku               = NULL;
-+  ExtensionIndex    = -1;
-+  NumExtensions     = 0;
-+  Asn1InCert        = NULL;
-+
-+  if (Cert == NULL || Asn1ToFind == NULL) {
-+    Status = EFI_INVALID_PARAMETER;
-+    goto Exit;
-+  }
-+
-+  //
-+  // Clone the certificate.  This is required because the Extension API's
-+  // only work once per instance of an X509 object.
-+  //
-+  ClonedCert = X509_dup ((X509*)Cert);
-+  if (ClonedCert == NULL) {
-+    //
-+    // Fail to duplicate cert.
-+    //
-+    Status = EFI_INVALID_PARAMETER;
-+    goto Exit;
-+  }
-+
-+  //
-+  // Look for the extended key usage.
-+  //
-+  ExtensionIndex = X509_get_ext_by_NID (ClonedCert, NID_ext_key_usage, -1);
-+
-+  if (ExtensionIndex < 0) {
-+    //
-+    // Fail to find 'NID_ext_key_usage' in Cert.
-+    //
-+    goto Exit;
-+  }
-+
-+  Extension = X509_get_ext (ClonedCert, ExtensionIndex);
-+  if (Extension == NULL) {
-+    //
-+    // Fail to get Extension form cert.
-+    //
-+    goto Exit;
-+  }
-+
-+  Eku = (EXTENDED_KEY_USAGE*)X509V3_EXT_d2i (Extension);
-+  if (Eku == NULL) {
-+    //
-+    // Fail to get Eku from extension.
-+    //
-+    goto Exit;
-+  }
-+
-+  NumExtensions = sk_ASN1_OBJECT_num (Eku);
-+
-+  //
-+  // Now loop through the extensions, looking for the specified Eku.
-+  //
-+  for (Index = 0; Index < NumExtensions; Index++) {
-+    Asn1InCert = sk_ASN1_OBJECT_value (Eku, (INT32)Index);
-+    if (Asn1InCert == NULL) {
-+      //
-+      // Fail to get ASN object from Eku.
-+      //
-+      goto Exit;
-+    }
-+
-+    if (OBJ_cmp(Asn1InCert, Asn1ToFind) == 0) {
-+      //
-+      // Found Eku in certificate.
-+      //
-+      Status = EFI_SUCCESS;
-+      goto Exit;
-+    }
-+  }
-+
-+Exit:
-+
-+  //
-+  // Release Resources
-+  //
-+  if (ClonedCert != NULL) {
-+    X509_free (ClonedCert);
-+  }
-+
-+  if (Eku != NULL) {
-+    sk_ASN1_OBJECT_pop_free (Eku, ASN1_OBJECT_free);
-+  }
-+
-+  return Status;
-+}
-+
-+
-+/**
-+  Determines if the specified EKUs are present in a signing certificate.
-+
-+  @param[in]  SignerCert            The certificate to check.
-+  @param[in]  RequiredEKUs          The EKUs to look for.
-+  @param[in]  RequiredEKUsSize      The number of EKUs
-+  @param[in]  RequireAllPresent     If TRUE, then all the specified EKUs
-+                                    must be present in the certificate.
-+
-+  @retval EFI_SUCCESS               We successfully identified the signing type.
-+  @retval EFI_INVALID_PARAMETER     A parameter was invalid.
-+  @retval EFI_NOT_FOUND             One or more EKU's were not found in the signature.
-+**/
-+EFI_STATUS
-+CheckEKUs(
-+  IN CONST X509     *SignerCert,
-+  IN CONST CHAR8    *RequiredEKUs[],
-+  IN CONST UINT32   RequiredEKUsSize,
-+  IN BOOLEAN        RequireAllPresent
-+  )
-+{
-+  EFI_STATUS    Status;
-+  ASN1_OBJECT   *Asn1ToFind;
-+  UINT32        NumEkusFound;
-+  UINT32        Index;
-+
-+  Status       = EFI_NOT_FOUND;
-+  Asn1ToFind   = NULL;
-+  NumEkusFound = 0;
-+
-+  if (SignerCert == NULL || RequiredEKUs == NULL || RequiredEKUsSize == 0) {
-+    Status = EFI_INVALID_PARAMETER;
-+    goto Exit;
-+  }
-+
-+  for (Index = 0; Index < RequiredEKUsSize; Index++) {
-+    //
-+    // Finding required EKU in cert.
-+    //
-+    if (Asn1ToFind != NULL) {
-+      ASN1_OBJECT_free(Asn1ToFind);
-+      Asn1ToFind = NULL;
-+    }
-+
-+    Asn1ToFind = OBJ_txt2obj (RequiredEKUs[Index], 0);
-+    if (Asn1ToFind == NULL) {
-+      //
-+      // Fail to convert required EKU to ASN1.
-+      //
-+      Status = EFI_INVALID_PARAMETER;
-+      goto Exit;
-+    }
-+
-+    Status = IsEkuInCertificate (SignerCert, Asn1ToFind);
-+    if (Status == EFI_SUCCESS) {
-+      NumEkusFound++;
-+      if (!RequireAllPresent) {
-+        //
-+        // Found at least one, so we are done.
-+        //
-+        goto Exit;
-+      }
-+    } else {
-+      //
-+      // Fail to find Eku in cert
-+      break;
-+    }
-+  }
-+
-+Exit:
-+
-+  if (Asn1ToFind != NULL) {
-+    ASN1_OBJECT_free(Asn1ToFind);
-+  }
-+
-+  if (RequireAllPresent &&
-+      NumEkusFound == RequiredEKUsSize) {
-+    //
-+    // Found all required EKUs in certificate.
-+    //
-+    Status = EFI_SUCCESS;
-+  }
-+
-+  return Status;
-+}
-+
-+/**
-+  This function receives a PKCS#7 formatted signature blob,
-+  looks for the EKU SEQUENCE blob, and if found then looks
-+  for all the required EKUs. This function was created so that
-+  the Surface team can cut down on the number of Certificate
-+  Authorities (CA's) by checking EKU's on leaf signers for
-+  a specific product. This prevents one product's certificate
-+  from signing another product's firmware or unlock blobs.
-+
-+  Note that this function does not validate the certificate chain.
-+  That needs to be done before using this function.
-+
-+  @param[in]  Pkcs7Signature       The PKCS#7 signed information content block. An array
-+                                   containing the content block with both the signature,
-+                                   the signer's certificate, and any necessary intermediate
-+                                   certificates.
-+  @param[in]  Pkcs7SignatureSize   Number of bytes in Pkcs7Signature.
-+  @param[in]  RequiredEKUs         Array of null-terminated strings listing OIDs of
-+                                   required EKUs that must be present in the signature.
-+  @param[in]  RequiredEKUsSize     Number of elements in the RequiredEKUs string array.
-+  @param[in]  RequireAllPresent    If this is TRUE, then all of the specified EKU's
-+                                   must be present in the leaf signer.  If it is
-+                                   FALSE, then we will succeed if we find any
-+                                   of the specified EKU's.
-+
-+  @retval EFI_SUCCESS              The required EKUs were found in the signature.
-+  @retval EFI_INVALID_PARAMETER    A parameter was invalid.
-+  @retval EFI_NOT_FOUND            One or more EKU's were not found in the signature.
-+
-+**/
-+EFI_STATUS
-+EFIAPI
-+VerifyEKUsInPkcs7Signature (
-+  IN CONST UINT8    *Pkcs7Signature,
-+  IN CONST UINT32   SignatureSize,
-+  IN CONST CHAR8    *RequiredEKUs[],
-+  IN CONST UINT32   RequiredEKUsSize,
-+  IN BOOLEAN        RequireAllPresent
-+  )
-+{
-+  EFI_STATUS        Status;
-+  PKCS7             *Pkcs7;
-+  STACK_OF(X509)    *CertChain;
-+  INT32             SignatureType;
-+  INT32             NumberCertsInSignature;
-+  X509              *SignerCert;
-+  UINT8             *SignedData;
-+  UINT8             *Temp;
-+  UINTN             SignedDataSize;
-+  BOOLEAN           IsWrapped;
-+  BOOLEAN           Ok;
-+
-+  Status                    = EFI_SUCCESS;
-+  Pkcs7                     = NULL;
-+  CertChain                 = NULL;
-+  SignatureType             = 0;
-+  NumberCertsInSignature    = 0;
-+  SignerCert                = NULL;
-+  SignedData                = NULL;
-+  SignedDataSize            = 0;
-+  IsWrapped                 = FALSE;
-+  Ok                        = FALSE;
-+
-+  //
-+  //Validate the input parameters.
-+  //
-+  if (Pkcs7Signature   == NULL ||
-+      SignatureSize    == 0    ||
-+      RequiredEKUs     == NULL ||
-+      RequiredEKUsSize == 0) {
-+    Status = EFI_INVALID_PARAMETER;
-+    goto Exit;
-+  }
-+
-+  if (RequiredEKUsSize == 1) {
-+    RequireAllPresent = TRUE;
-+  }
-+
-+  //
-+  // Wrap the PKCS7 data if needed.
-+  //
-+  Ok = WrapPkcs7Data (Pkcs7Signature,
-+                      SignatureSize,
-+                      &IsWrapped,
-+                      &SignedData,
-+                      &SignedDataSize);
-+  if (!Ok) {
-+    //
-+    // Fail to Wrap the PKCS7 data.
-+    //
-+    Status = EFI_INVALID_PARAMETER;
-+    goto Exit;
-+  }
-+
-+  Temp = SignedData;
-+
-+  //
-+  // Create the PKCS7 object.
-+  //
-+  Pkcs7 = d2i_PKCS7 (NULL, (const unsigned char **)&Temp, (INT32)SignedDataSize);
-+  if (Pkcs7 == NULL) {
-+    //
-+    // Fail to read PKCS7 data.
-+    //
-+    Status = EFI_INVALID_PARAMETER;
-+    goto Exit;
-+  }
-+
-+  //
-+  // Get the certificate chain.
-+  //
-+  SignatureType = OBJ_obj2nid (Pkcs7->type);
-+  switch (SignatureType) {
-+  case NID_pkcs7_signed:
-+    if (Pkcs7->d.sign != NULL) {
-+      CertChain = Pkcs7->d.sign->cert;
-+    }
-+    break;
-+  case NID_pkcs7_signedAndEnveloped:
-+    if (Pkcs7->d.signed_and_enveloped != NULL) {
-+      CertChain = Pkcs7->d.signed_and_enveloped->cert;
-+    }
-+    break;
-+  default:
-+    break;
-+  }
-+
-+  //
-+  // Ensure we have a certificate stack
-+  //
-+  if (CertChain == NULL) {
-+    //
-+    // Fail to get the certificate stack from signature.
-+    //
-+    Status = EFI_INVALID_PARAMETER;
-+    goto Exit;
-+  }
-+
-+  //
-+  // Find out how many certificates were in the PKCS7 signature.
-+  //
-+  NumberCertsInSignature = sk_X509_num (CertChain);
-+
-+  if (NumberCertsInSignature == 0) {
-+    //
-+    // Fail to find any certificates in signature.
-+    //
-+    Status = EFI_INVALID_PARAMETER;
-+    goto Exit;
-+  }
-+
-+  //
-+  // Get the leaf signer.
-+  //
-+  Status = GetSignerCertificate (Pkcs7, &SignerCert);
-+  if (Status != EFI_SUCCESS || SignerCert == NULL) {
-+    //
-+    // Fail to get the end-entity leaf signer certificate.
-+    //
-+    Status = EFI_INVALID_PARAMETER;
-+    goto Exit;
-+  }
-+
-+  Status = CheckEKUs (SignerCert, RequiredEKUs, RequiredEKUsSize, RequireAllPresent);
-+  if (Status != EFI_SUCCESS) {
-+    goto Exit;
-+  }
-+
-+Exit:
-+
-+  //
-+  // Release Resources
-+  //
-+  // If the signature was not wrapped, then the call to WrapData() will allocate
-+  // the data and add a header to it
-+  //
-+  if (!IsWrapped && SignedData) {
-+    free (SignedData);
-+  }
-+
-+  if (Pkcs7 != NULL) {
-+    PKCS7_free (Pkcs7);
-+  }
-+
-+  return Status;
-+}
-+
--- 
-2.29.2
-

shim-change-debug-file-path.patch

@@ -1,54 +0,0 @@
-From ac7e88b1f2219ec2b09c9596e6f7d5911e5f6ffd Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin@suse.com>
-Date: Thu, 4 Jan 2018 12:28:37 +0800
-Subject: [PATCH] Use our own debug path
-
-Signed-off-by: Gary Lin <glin@suse.com>
----
- Make.defaults | 2 +-
- fallback.c    | 2 +-
- shim.c        | 2 +-
- 3 files changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/Make.defaults b/Make.defaults
-index bef3cb51..d88367e3 100644
---- a/Make.defaults
-+++ b/Make.defaults
-@@ -167,7 +167,7 @@ BOOTEFINAME	?= BOOT$(ARCH_SUFFIX_UPPER).EFI
- BOOTCSVNAME	?= BOOT$(ARCH_SUFFIX_UPPER).CSV
- 
- DEFINES		+= -DEFI_ARCH='L"$(ARCH_SUFFIX)"' \
--		   -DDEBUGDIR='L"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/"'
-+		   -DDEBUGDIR=L\"/usr/lib/debug/usr/share/efi/"$(ARCH)/"\"
- 
- ifneq ($(origin VENDOR_DB_FILE), undefined)
- DEFINES		+= -DVENDOR_DB_FILE=\"$(VENDOR_DB_FILE)\"
-diff --git a/fallback.c b/fallback.c
-index 44b2d464..8e0de901 100644
---- a/fallback.c
-+++ b/fallback.c
-@@ -1058,7 +1058,7 @@ debug_hook(void)
- 
- 	x = 1;
- 	console_print(L"add-symbol-file "DEBUGDIR
--		      L"fallback.efi.debug %p -s .data %p\n",
-+		      L"fallback.debug %p -s .data %p\n",
- 		      &_etext, &_edata);
- }
- 
-diff --git a/shim.c b/shim.c
-index 1d539855..f8d2ba5f 100644
---- a/shim.c
-+++ b/shim.c
-@@ -1818,7 +1818,7 @@ debug_hook(void)
- 	FreePool(data);
- 
- 	console_print(L"add-symbol-file "DEBUGDIR
--		      L"shim.efi.debug 0x%08x -s .data 0x%08x\n",
-+		      L"shim.debug 0x%08x -s .data 0x%08x\n",
- 		      &_text, &_data);
- 
- 	console_print(L"Pausing for debugger attachment.\n");
--- 
-2.29.2
-

shim-disable-export-vendor-dbx.patch

@@ -1,36 +0,0 @@
-From 41da21f1f9d4af213f9f235a864772b99ce85fc7 Mon Sep 17 00:00:00 2001
-From: Gary Lin <glin@suse.com>
-Date: Fri, 18 Jun 2021 17:54:46 +0800
-Subject: [PATCH] Disable exporting vendor-dbx to MokListXRT
-
-As the vendor-dbx grows, it caused some problems when writing such
-a large variable. Some firmwares lie the avaiable space(*1) , and
-some even crash(*2) for no good reason after the writing of
-MokListXRT. Both shim and kernel don't rely on MokListXRT to block
-anything, so we just stop exporting vendor-dbx to MokListXRT to
-avoid the potential hassles.
-
-(*1) https://bugzilla.suse.com/show_bug.cgi?id=1185261
-(*2) https://github.com/rhboot/shim/pull/369#issuecomment-855275115
-
-Signed-off-by: Gary Lin <glin@suse.com>
----
- mok.c | 2 --
- 1 file changed, 2 deletions(-)
-
-diff --git a/mok.c b/mok.c
-index beac0ff6..a687a92b 100644
---- a/mok.c
-+++ b/mok.c
-@@ -194,8 +194,6 @@ struct mok_state_variable mok_state_variables[] = {
- 		     EFI_VARIABLE_NON_VOLATILE,
- 	 .no_attr = EFI_VARIABLE_RUNTIME_ACCESS,
- 	 .categorize_addend = categorize_deauthorized,
--	 .addend = &vendor_deauthorized,
--	 .addend_size = &vendor_deauthorized_size,
- 	 .flags = MOK_MIRROR_KEYDB |
- 		  MOK_MIRROR_DELETE_FIRST |
- 		  MOK_VARIABLE_LOG,
--- 
-2.31.1
-

shim-install

@@ -60,6 +60,7 @@ fi
 if [ x"${GRUB_DISTRIBUTOR}" = x ] && [ -f "${sysconfdir}/os-release" ] ; then
     . "${sysconfdir}/os-release"
     GRUB_DISTRIBUTOR="${NAME} ${VERSION}"
+    OS_ID="${ID}"
 fi
 
 bootloader_id="$(echo "$GRUB_DISTRIBUTOR" | tr 'A-Z' 'a-z' | cut -d' ' -f1)"
@@ -78,6 +79,27 @@ case "$bootloader_id" in
     *) ca_string="";;
 esac
 
+case "$OS_ID" in
+    "opensuse-leap")
+        ca_string='SUSE Linux Enterprise Secure Boot CA1';;
+esac
+
+# bsc#1230316 Check if the system is encrypted SL-Micro
+is_encrypted_slm () {
+   if test "$GRUB_DISTRIBUTOR" = "SL Micro" && test -n "$GRUB_TPM2_SEALED_KEY" ; then
+       # return true
+       return 0
+   fi
+
+   # return false
+   return 1
+}
+
+# bsc#1230316 For encrypted SL-Micro, always install shim/grub2 with the "removable" way
+if is_encrypted_slm; then
+    removable=yes
+fi
+
 is_azure () {
     local bios_vendor;
     local product_name;
@@ -465,32 +487,36 @@ if test "$no_nvram" = no && test -n "$bootloader_id"; then
         $efibootmgr -b "$bootnum" -B
     done
 
-    efidir_drive="$("$grub_probe" --target=drive --device-map= "$efidir")"
-    efidir_disk="$("$grub_probe" --target=disk --device-map= "$efidir")"
-    if test -z "$efidir_drive" || test -z "$efidir_disk"; then
-        echo "Can't find GRUB drive for $efidir; unable to create EFI Boot Manager entry." >&2
-    # bsc#1119762 If the MD device is partitioned, we just need to create one
-    # boot entry since the partitions are nested partitions and the mirrored
-    # partitions share the same UUID.
-    elif [[ "$efidir_drive" == \(mduuid/* && "$efidir_drive" != \(mduuid/*,* ]]; then
-        eval $(mdadm --detail --export "$efidir_disk" |
-          perl -ne 'print if m{^MD_LEVEL=}; push( @D, $1) if (m{^MD_DEVICE_\S+_DEV=(\S+)$});
-                    sub END() {print "MD_DEVS=\"", join( " ", @D), "\"\n";};')
-        if [ "$MD_LEVEL" != "raid1" ]; then
-            echo "GRUB drive for $efidir not on RAID1; unable to create EFI Boot Manager entry." >&2
-        fi
-        for mddev in $MD_DEVS; do
-            efidir_drive="$("$grub_probe" --target=drive --device-map= -d "$mddev")"
-            efidir_disk="$("$grub_probe" --target=disk --device-map= -d "$mddev")"
+    # bsc#1230316 Skip the creation of the boot option for encrypted SL-Micro to make
+    # the system always boot from the default boot path (\EFI\BOOT\boot<arch>.efi)
+    if ! is_encrypted_slm; then
+        efidir_drive="$("$grub_probe" --target=drive --device-map= "$efidir")"
+        efidir_disk="$("$grub_probe" --target=disk --device-map= "$efidir")"
+        if test -z "$efidir_drive" || test -z "$efidir_disk"; then
+            echo "Can't find GRUB drive for $efidir; unable to create EFI Boot Manager entry." >&2
+        # bsc#1119762 If the MD device is partitioned, we just need to create one
+        # boot entry since the partitions are nested partitions and the mirrored
+        # partitions share the same UUID.
+        elif [[ "$efidir_drive" == \(mduuid/* && "$efidir_drive" != \(mduuid/*,* ]]; then
+            eval $(mdadm --detail --export "$efidir_disk" |
+              perl -ne 'print if m{^MD_LEVEL=}; push( @D, $1) if (m{^MD_DEVICE_\S+_DEV=(\S+)$});
+                        sub END() {print "MD_DEVS=\"", join( " ", @D), "\"\n";};')
+            if [ "$MD_LEVEL" != "raid1" ]; then
+                echo "GRUB drive for $efidir not on RAID1; unable to create EFI Boot Manager entry." >&2
+            fi
+            for mddev in $MD_DEVS; do
+                efidir_drive="$("$grub_probe" --target=drive --device-map= -d "$mddev")"
+                efidir_disk="$("$grub_probe" --target=disk --device-map= -d "$mddev")"
+                efidir_part="$(echo "$efidir_drive" | sed 's/^([^,]*,[^0-9]*//; s/[^0-9].*//')"
+                efidir_d=${mddev#/dev/}
+                $efibootmgr -c -d "$efidir_disk" -p "$efidir_part" -w \
+                  -L "$bootloader_id ($efidir_d)" -l "\\EFI\\$efi_distributor\\$efi_file"
+            done
+        else
             efidir_part="$(echo "$efidir_drive" | sed 's/^([^,]*,[^0-9]*//; s/[^0-9].*//')"
-            efidir_d=${mddev#/dev/}
             $efibootmgr -c -d "$efidir_disk" -p "$efidir_part" -w \
-              -L "$bootloader_id ($efidir_d)" -l "\\EFI\\$efi_distributor\\$efi_file"
-        done
-    else
-        efidir_part="$(echo "$efidir_drive" | sed 's/^([^,]*,[^0-9]*//; s/[^0-9].*//')"
-        $efibootmgr -c -d "$efidir_disk" -p "$efidir_part" -w \
-    	-L "$bootloader_id" -l "\\EFI\\$efi_distributor\\$efi_file"
+              -L "$bootloader_id" -l "\\EFI\\$efi_distributor\\$efi_file"
+        fi
     fi
 fi
 

shim.changes

@@ -1,70 +1,27 @@
 -------------------------------------------------------------------
-Tue Apr  2 03:09:15 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
+Tue Apr 22 20:39:33 UTC 2025 - Eugenio Paolantonio <eugenio.paolantonio@suse.com>
 
-- Introduce %shim_use_fde_tpm_helper macro so that the project
-  can include the fde-tpm-helper-macros for the build targets
-  other than Tumbleweed
+- Undefine %_enable_debug_packages to fix building with rpm-4.20
+  (backport of the fix from Factory in SR#1232808)
+- Fix build with rpm 4.20 by copying the extracted directories
+  explicitly
 
 -------------------------------------------------------------------
-Mon Feb 26 13:09:29 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
+Thu Sep 19 06:27:27 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
 
-- Use %autosetup macro. Allows to eliminate the usage of deprecated
-  PatchN.
+- Update shim-install to limit the scope of the 'removable'
+  SL-Micro to the image booting with TPM2 unsealing (bsc#1210382)
+  * 769e41d Limit the removable option to encrypted SL-Micro
 
 -------------------------------------------------------------------
-Sat Feb 17 07:51:01 UTC 2024 - Joey Lee <jlee@suse.com>
+Mon Sep 16 07:28:57 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
 
-- Modified shim.spec file to add suffix string of project to filename
-  of included certificates. e.g.
-    rpm -pql shim-15.8-lp155.6.1.x86_64.rpm
-        /etc/uefi
-        /etc/uefi/certs
-        /etc/uefi/certs/2B697CB1-shim-devel.crt
-        /etc/uefi/certs/4659838C-shim-opensuse.crt
-        /etc/uefi/certs/BCA4E38E-shim-sles.crt
-
-  The original name of crt files are:
-        /etc/uefi/certs/2B697CB1-shim.crt
-        /etc/uefi/certs/4659838C-shim.crt
-        /etc/uefi/certs/BCA4E38E-shim.crt
-
-  It can indicate the souce project of certificates.
+- Update shim-install to use the 'removable' way for SL-Micro
+  (bsc#1230316)
+  * 433cc4e Always use the removable way for SL-Micro
 
 -------------------------------------------------------------------
-Thu Feb 15 09:46:09 UTC 2024 - Joey Lee <jlee@suse.com>
-
-- Sometimes SLE shim signature be Microsoft updated before openSUSE shim
-  signature. When submit request on IBS for updating SLE shim, the submitreq
-  project be generated, but it always be blocked by checking the signature
-  of openSUSE shim.
-  It doesn't make sense checking openSUSE shim signature when building
-  SLE shim on SLE platform, and vice versa. So the following change adds the
-  logic to compare suffix (sles, opensuse) with distro_id (sle, opensuse).
-  When and only when hash mismatch and distro_id match with suffix, stop
-  building.
-        # compare suffix (sles, opensuse) with distro_id (sle, opensuse)
-        # when hash mismatch and distro_id match with suffix, stop building 
-- Sync the changelog between openSUSE:Factory/shim with SLE-15-SP3/shim
-    - Add CVE-2022-28737 number to "Mon Mar 27 09:26:02 UTC 2023" record
-    - Add "Thu Apr 13 05:28:10 UTC 2023" record for updating shim-install
-      for bsc#1210382.
-    - Add "Thu Apr 13 09:13:22 UTC 2023" record for changing the logic of
-      checking shim signature. 
-
--------------------------------------------------------------------
-Wed Feb  7 08:54:52 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Update shim-install to set the TPM2 SRK algorithm (bsc#1213945)
-  92d0f4305df73 Set the SRK algorithm for the TPM2 protector
-
--------------------------------------------------------------------
-Fri Feb  2 05:57:07 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Limit the requirement of fde-tpm-helper-macros to the distro with
-  suse_version 1600 and above (bsc#1219460)
-
--------------------------------------------------------------------
-Sun Jan 28 09:32:32 UTC 2024 - Dennis Tseng <dennis.tseng@suse.com>
+Sun May 19 15:08:27 UTC 2024 - Dennis Tseng <dennis.tseng@suse.com>
 
 -- Update to version 15.8
     - Various CVE fixes are already merged into this version
@@ -145,51 +102,53 @@ Sun Jan 28 09:32:32 UTC 2024 - Dennis Tseng <dennis.tseng@suse.com>
         5914984 (HEAD -> main, tag: latest-release, tag: 15.8, origin/main, origin/HEAD) Bump version to 15.8 
 
 -------------------------------------------------------------------
-Wed Jan 24 12:40:36 UTC 2024 - Ludwig Nussel <lnussel@suse.com>
+Thu Mar 14 06:05:12 UTC 2024 - Gary Ching-Pang Lin <glin@suse.com>
 
-- Generate dbx during build so we don't include binary files in sources
+- Update shim-install to set the SRK algorithm for the grub2
+  TPM2 key protector (bsc#1213945)
+  92d0f4305df73  Set the SRK algorithm for the TPM2 protector
+- Add the missing BuildRequires: update-bootloader-rpm-macros
+  for the update_bootloader_* macros in %post and %posttrans
 
 -------------------------------------------------------------------
-Thu Oct  5 13:19:48 UTC 2023 - Ludwig Nussel <lnussel@suse.com>
-
-- Don't require grub so shim can still be used with systemd-boot
-
--------------------------------------------------------------------
-Wed Sep 20 04:33:59 UTC 2023 - Michael Chang <mchang@suse.com>
+Wed Sep 20 09:00:36 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
 
 - Update shim-install to fix boot failure of ext4 root file system
   on RAID10 (bsc#1205855)
    226c94ca5cfca  Use hint in looking for root if possible
-
--------------------------------------------------------------------
-Tue Sep 19 08:36:17 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
-
 - Adopt the macros from fde-tpm-helper-macros to update the
   signature in the sealed key after a bootloader upgrade
 
 -------------------------------------------------------------------
-Mon May 15 03:28:47 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
+Thu Jul 13 07:20:50 UTC 2023 - Gary Ching-Pang Lin <glin@suse.com>
 
-- Update shim-install to amend full disk encryption support
-    b540061e041b  Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
-    f2e8143ce831  Use the long name to specify the grub2 key protector
-    72830120e5ea  cryptodisk: support TPM authorized policies
-    49e7a0d307f3  Do not use tpm_record_pcrs unless the command is in command.lst
+- Upgrade shim-install to support TPM 2.0 Key File
+  b540061 Adopt TPM 2.0 Key File for grub2 TPM 2.0 protector
 
 -------------------------------------------------------------------
-Thu Apr 13 09:13:22 UTC 2023 - Joey Lee <jlee@suse.com>
+Tue Jul 11 14:02:16 UTC 2023 - Marcus Meissner <meissner@suse.com>
 
-- Sometimes SLE shim signature be Microsoft updated before openSUSE shim
-  signature. When submit request on IBS for updating SLE shim, the submitreq
-  project be generated, but it always be blocked by checking the signature
-  of openSUSE shim.
-  It doesn't make sense checking openSUSE shim signature when building
-  SLE shim on SLE platform, and vice versa. So the following change adds the
-  logic to compare suffix (sles, opensuse) with distro_id (sle, opensuse).
-  When and only when hash mismatch and distro_id match with suffix, stop
-  building.
-        # compare suffix (sles, opensuse) with distro_id (sle, opensuse)
-        # when hash mismatch and distro_id match with suffix, stop building 
+- remove compat efi dir and binaries
+
+-------------------------------------------------------------------
+Mon Jun 12 11:12:36 UTC 2023 - Marcus Meissner <meissner@suse.com>
+
+- Update shim to 15.7-150300.4.16.1 from SLE15-SP3
+  - include aarch64 shims.
+  - do not require shim-susesigned, was a workaround on 15-sp2.
+
+- quieten factory-auto bot as we are not buiding from source:
+  - shim-arch-independent-names.patch removed
+  - shim-change-debug-file-path.patch removed
+
+-------------------------------------------------------------------
+Wed Apr 26 07:09:48 UTC 2023 - Dennis Tseng <dennis.tseng@suse.com>
+
+- Update shim to 15.7-150300.4.11.1 from SLE15-SP3
+  + Version: 15.7, "Thu Mar 17 2023"
+  + Update the SLE signatures
+  + Include the fixes for bsc#1205588, bsc#1202120, bsc#1201066,
+    (bsc#1198458, CVE-2022-28737), bsc#1198101, bsc#1193315, bsc#1193282
 
 -------------------------------------------------------------------
 Thu Apr 13 05:28:10 UTC 2023 - Joey Lee <jlee@suse.com>
@@ -204,489 +163,39 @@ Thu Apr 13 05:28:10 UTC 2023 - Joey Lee <jlee@suse.com>
   checking Leap distro and set ca_string to 'SUSE Linux Enterprise Secure
   Boot CA1'. Then /boot/efi/EFI/boot/* can also be updated.
 - https://github.com/SUSE/shim-resources (git log --oneline)
-	86b73d1 Fix that bootx64.efi is not updated on Leap
-	f2e8143 Use the long name to specify the grub2 key protector
-	7283012 cryptodisk: support TPM authorized policies
-	49e7a0d Do not use tpm_record_pcrs unless the command is in command.lst
-	26c6bd5 Have grub take a snapshot of "relevant" TPM PCRs
-	5c2c3ad Handle different cases of controlling cryptomount volumes during first stage boot
-	a5c5734 Introduce --no-grub-install option
+       86b73d1 Fix that bootx64.efi is not updated on Leap
+       f2e8143 Use the long name to specify the grub2 key protector
+       7283012 cryptodisk: support TPM authorized policies
+       49e7a0d Do not use tpm_record_pcrs unless the command is in command.lst
+       26c6bd5 Have grub take a snapshot of "relevant" TPM PCRs
+       5c2c3ad Handle different cases of controlling cryptomount volumes during first stage boot
+       a5c5734 Introduce --no-grub-install option
+ 
+-------------------------------------------------------------------
+Tue Aug 17 09:29:05 UTC 2021 - Marcus Meissner <meissner@suse.com>
+
+- restore the shim-susesigned installation via buildrequires here.
 
 -------------------------------------------------------------------
-Mon Apr 10 05:04:33 UTC 2023 - Joey Lee <jlee@suse.com>
+Thu Jul 22 06:47:20 UTC 2021 - jlee@suse.com
 
-- Removed POST_PROCESS_PE_FLAGS=-N from the build command in shim.spec to
-  enable the NX compatibility flag when using post-process-pe after
-  discussed with grub2 experts in mail. It's useful for further development
-  and testing. (bsc#1205588)
+- Update to shim to 15.4-4.7.1 from SLE15-SP3
+  + Version: 15.4, "Thu Jul 15 2021"
+  + Update the SLE signatures
+  + Include the fixes for bsc#1187696, bsc#1185261, bsc#1185441,
+    bsc#1187071, bsc#1185621, bsc#1185261, bsc#1185232, bsc#1185261,
+    bsc#1187260, bsc#1185232.
+- Remove shim-install because the shim-install is updated in SLE
+  15.4 RPM.
 
 -------------------------------------------------------------------
-Mon Mar 27 09:26:02 UTC 2023 - Joey Lee <jlee@suse.com>
+Wed May 26 11:50:43 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
 
-- Updated shim signature after shim 15.7 of SLE be signed back:
-  signature-sles.x86_64.asc, signature-sles.aarch64.asc (bsc#1198458, CVE-2022-28737)
+- shim-install: remove the unexpected residual "removable" label
+  for Azure (bsc#1185464, bsc#1185961)
 
 -------------------------------------------------------------------
-Thu Jan 12 07:00:19 UTC 2023 - Joey Lee <jlee@suse.com>
-
-- Removed shim-bsc1198101-opensuse-cert-prompt.patch (bsc#1198101) 
-   - Detail discussion is in bugzilla:
-	https://bugzilla.suse.com/show_bug.cgi?id=1198101
-   - The shim community review and challenge this prompt. No other
-     distro shows prompt (Have checked Fedora 37, CentOS 9 and Ubuntu 22.10).
-     Currently, it blocked the review process of openSUSE shim.
-   - Other distros lock-down kernel when secure boot is enabled. Some of
-     them used different key for signing kernel binary with In-tree kernel
-     module. And their build service does not provide signed Out-off-tree
-     module.
-
--------------------------------------------------------------------
-Fri Dec  9 08:38:14 UTC 2022 - Joey Lee <jlee@suse.com>
-
-- Modified shim-install, add the following Olaf Kirch's patches to support
-  full disk encryption: (jsc#PED-922)
-    a5c57340740c	Introduce --no-grub-install option
-    5c2c3addc51f	Handle different cases of controlling cryptomount volumes during first stage boot
-    26c6bd5df7ae	Have grub take a snapshot of "relevant" TPM PCRs 
-
--------------------------------------------------------------------
-Wed Nov 23 07:28:57 UTC 2022 - Joey Lee <jlee@suse.com>
-
-- Add POST_PROCESS_PE_FLAGS=-N to the build command in shim.spec to
-  disable the NX compatibility flag when using post-process-pe because
-  grub2 is not ready. (bsc#1205588)
-    - Kernel can boot with the NX compatibility flag since 82e0d6d76a2a7
-      be merged to v5.19. On the other hand, upstream is working on
-      improve compressed kernel stage for NX:
-        [PATCH v3 00/24] x86_64: Improvements at compressed kernel stage
-        https://www.spinics.net/lists/kernel/msg4599636.html
-
--------------------------------------------------------------------
-Fri Nov 18 04:52:49 UTC 2022 - Joey Lee <jlee@suse.com>
-
-- Add shim-Enable-the-NX-compatibility-flag-by-default.patch to
-  enable the NX compatibility flag by default. (jsc#PED-127) 
-
--------------------------------------------------------------------
-Fri Nov 18 03:17:46 UTC 2022 - Joey Lee <jlee@suse.com>
-
-- Drop upstreamed patch:
-    - shim-Enable-TDX-measurement-to-RTMR-register.patch
-        - Enable TDX measurement to RTMR register (jsc#PED-1273) 
-	- 4fd484e4c2	15.7
-
--------------------------------------------------------------------
-Thu Nov 17 05:17:34 UTC 2022 - Joey Lee <jlee@suse.com>
-
-- Update to 15.7 (bsc#1198458)(jsc#PED-127)
-    - Patches (git log --oneline --reverse 15.6..15.7)
-	0eb07e1 Make SBAT variable payload introspectable
-	092c2b2 Reference MokListRT instead of MokList
-	8b59b69 Add a link to the test plan in the readme.
-	4fd484e Enable TDX measurement to RTMR register
-	14d6339 Discard load-options that start with a NUL
-	5c537b3 shim: Flush the memory region from i-cache before execution
-	2d4ebb5 load_cert_file: Fix stack issue
-	ea4911c load_cert_file: Use EFI RT memory function
-	0cf43ac Add -malign-double to IA32 compiler flags
-	17f0233 pe: Fix image section entry-point validation
-	5169769 make-archive: Build reproducible tarball
-	aa1b289 mok: remove MokListTrusted from PCR 7
-	53509ea CryptoPkg/BaseCryptLib: fix NULL dereference
-	616c566 More coverity modeling
-	ea0d0a5 Update shim's .sbat to sbat,3
-	dd8be98 Bump grub's sbat requirement to grub,3
-	1149161 (HEAD -> main, tag: 15.7, origin/main, origin/HEAD) Update version to 15.7
-    - 15.7 release note https://github.com/rhboot/shim/releases
-	Make SBAT variable payload introspectable by @chrisccoulson in #483
-	Reference MokListRT instead of MokList by @esnowberg in #488
-	Add a link to the test plan in the readme. by @vathpela in #494
-	[V3] Enable TDX measurement to RTMR register by @kenplusplus in #485
-	Discard load-options that start with a NUL by @frozencemetery in #505
-	load_cert_file bugs by @esnowberg in #523
-	Add -malign-double to IA32 compiler flags by @nicholasbishop in #516
-	pe: Fix image section entry-point validation by @iokomin in #518
-	make-archive: Build reproducible tarball by @julian-klode in #527
-	mok: remove MokListTrusted from PCR 7 by @baloo in #519
-    - Drop upstreamed patch:
-	- shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
-	    - Cryptlib/CryptAuthenticode: fix NULL pointer dereference in  AuthenticodeVerify()
-	    - 53509eaf22	15.7
-	- shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch
-	    - For backporting the following patches between 15.6 with aa1b289a1a (jsc#PED-127)
-	    - The following patches are merged to 15.7
-		aa1b289a1a mok: remove MokListTrusted from PCR 7
-		0cf43ac6d7 Add -malign-double to IA32 compiler flags
-		ea4911c2f3 load_cert_file: Use EFI RT memory function
-		2d4ebb5a79 load_cert_file: Fix stack issue
-		5c537b3d0c shim: Flush the memory region from i-cache before execution
-		14d6339829 Discard load-options that start with a NUL
-		092c2b2bbe Reference MokListRT instead of MokList
-		0eb07e11b2 Make SBAT variable payload introspectable
-
--------------------------------------------------------------------
-Thu Nov 17 05:08:49 UTC 2022 - Joey Lee <jlee@suse.com>
-
-- Update shim.changes, added missed shim 15.6-rc1 and 15.6 changelog to
-  the item in Update to 15.6. (bsc#1198458)
-
--------------------------------------------------------------------
-Tue Nov 15 08:06:24 UTC 2022 - Joey Lee <jlee@suse.com>
-
-- Add shim-jscPED-127-upgrade-shim-in-SLE15-SP5.patch for backporting the following
-  patches between 15.6 with aa1b289a1a (jsc#PED-127):
-    aa1b289a1a16774afc3143b8948d97261f0872d0 mok: remove MokListTrusted from PCR 7
-    0cf43ac6d78c6f47f8b91210639ac1aa63665f0b Add -malign-double to IA32 compiler flags
-    ea4911c2f3ce8f8f703a1476febac86bb16b00fd load_cert_file: Use EFI RT memory function
-    2d4ebb5a798aafd3b06d2c3cb9c9840c1caa41ef load_cert_file: Fix stack issue
-    5c537b3d0cf8c393dad2e61d49aade68f3af1401 shim: Flush the memory region from i-cache before execution
-    14d63398298c8de23036a4cf61594108b7345863 Discard load-options that start with a NUL
-    092c2b2bbed950727e41cf450b61c794881c33e7 Reference MokListRT instead of MokList
-    0eb07e11b20680200d3ce9c5bc59299121a75388 Make SBAT variable payload introspectable
-
--------------------------------------------------------------------
-Tue Nov 15 08:06:05 UTC 2022 - Joey Lee <jlee@suse.com>
-
-- Add shim-Enable-TDX-measurement-to-RTMR-register.patch to support
-  enhance shim measurement to TD RTMR. (jsc#PED-1273) 
-
--------------------------------------------------------------------
-Tue Nov 15 07:53:59 UTC 2022 - Joey Lee <jlee@suse.com>
-
-- For pushing openSUSE:Factory/shim to SLE15-SP5, sync the shim.spec
-  and shim.changes: (jsc#PED-127)
-    - Add some change log from SLE shim.changes to Factory shim.changes
-      Those messages are added "(sync shim.changes from SLE)" tag.
-    - Add the following changes to shim.spec
-	- only apply Patch100, the shim-bsc1198101-opensuse-cert-prompt.patch
-          on openSUSE.
-	- Enable the AArch64 signature check for SLE:
-		# AArch64 signature
-		signature=%{SOURCE13} 
-
--------------------------------------------------------------------
-Thu Sep 29 02:42:35 UTC 2022 - Michael Chang <mchang@suse.com>
-
-- shim-install: ensure grub.cfg created is not overwritten after
-  installing grub related files
-
--------------------------------------------------------------------
-Mon Sep 12 12:30:54 UTC 2022 - Kilian Hanich <khanich.opensource@gmx.de>
-
-- Add logic to shim.spec to only set sbat policy when efivarfs is writeable.
-  (bsc#1201066)
-
--------------------------------------------------------------------
-Fri Aug  5 05:25:16 UTC 2022 - Joey Lee <jlee@suse.com>
-
-- Add logic to shim.spec for detecting --set-sbat-policy option before
-  using mokutil to set sbat policy. (bsc#1202120)
-
--------------------------------------------------------------------
-Fri Jul 29 02:36:36 UTC 2022 - Joey Lee <jlee@suse.com>
-
-- Change the URL in SBAT section to mail:security@suse.de. (bsc#1193282)
-
--------------------------------------------------------------------
-Mon Jul 25 12:44:24 UTC 2022 - Joey Lee <jlee@suse.com>
-
-- Revoked the change in shim.spec for "use common SBAT values (boo#1193282)"
-  - we need to build openSUSE Tumbleweed's shim on Leap 15.4 because Factory
-    is unstable for building out a stable shim binary for signing. (bsc#1198458)
-  - But the rpm-config-suse package in Leap 15.4 is direct copied from SLE 15.4
-    because closing-the-leap-gap. So sbat_distro_* variables are SLE version,
-    not for openSUSE. (bsc#1198458)
-
--------------------------------------------------------------------
-Tue Jun 28 04:03:45 UTC 2022 - Joey Lee <jlee@suse.com>
-
-- Update to 15.6 (bsc#1198458)
-    - shim-15.6.tar.bz2 is downloaded from bsc#1198458#c76
-      which is from upstream grub2.cve_2021_3695.ms keybase channel.
-    - For building 15.6~rc1 aarch64 image (d6eb9c6 Modernize aarch64), objcopy needs to
-      support efi-app-aarch64 target. So we need the following patches in bintuils:
-        - binutils-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
-                b69c9d41e8 AArch64: Add support for AArch64 EFI (efi-*-aarch64).
-        - binutils-Re-AArch64-Add-support-for-AArch64-EFI-efi-aarch64.patch
-                32384aa396 Re: AArch64: Add support for AArch64 EFI (efi-*-aarch64)
-        - binutils-Re-Add-support-for-AArch64-EFI-efi-aarch64.patch
-                d91c67e873 Re: Add support for AArch64 EFI (efi-*-aarch64)
-    - Patches (git log --oneline --reverse 15.5~..77144e5a4)
-        448f096 MokManager: removed Locate graphic output protocol fail error message (bsc#1193315, bsc#1198458)
-        a2da05f shim: implement SBAT verification for the shim_lock protocol
-        bda03b8 post-process-pe: Fix a missing return code check
-        af18810 CI: don't cancel testing when one fails
-        ba580f9 CI: remove EOL Fedoras from github actions
-        bfeb4b3 Remove aarch64 build tests before f35
-        38cc646 CI: Add f36 and centos9 CI build tests.
-        b5185cb post-process-pe: Fix format string warnings on 32-bit platforms
-        31094e5 tests: also look for system headers in multi-arch directories
-        4df989a mock-variables.c: fix gcc warning
-        6aac595 test-str.c: fix gcc warnings with FORTIFY_SOURCE enabled
-        2670c6a Allow MokListTrusted to be enabled by default
-        5c44aaf Add code of conduct
-        d6eb9c6 Modernize aarch64
-        9af50c1 Use ASCII as fallback if Unicode Box Drawing characters fail
-        de87985 make: don't treat cert.S specially
-        803dc5c shim: use SHIM_DEVEL_VERBOSE when built in devel mode
-        6402f1f SBAT matching: Break out of the inner sbat loop if we find the entry.
-        bb4b60e Add verify_image
-        acfd48f Abstract out image reading
-        35d7378 Load additional certs from a signed binary
-        8ce2832 post-process-pe: there is no 's' argument.
-        465663e Add some missing PE image flag definitions
-        226fee2 PE Loader: support and require NX
-        df96f48 Add MokPolicy variable and MOK_POLICY_REQUIRE_NX
-        b104fc4 post-process-pe: set EFI_IMAGE_DLLCHARACTERISTICS_NX_COMPAT
-        f81a7cc SBAT revocation management
-        abe41ab make: unbreak scan-build again for gnu-efi
-        610a1ac sbat.h: minor reformatting for legibility
-        f28833f peimage.h: make our signature macros force the type
-        5d789ca Always initialize data/datasize before calling read_image()
-        a50d364 sbat policy: make our policy change actions symbolic
-        5868789 load_certs: trust dir->Read() slightly less.
-        a78673b mok.c: fix a trivial dead assignment
-        759f061 Fix preserve_sbat_uefi_variable() logic
-        aa61fdf Give the Coverity scanner some more GCC blinders...
-        0214cd9 load_cert_file(): don't defererence NULL
-        1eca363 mok import: handle OOM case
-        75449bc sbat: Make nth_sbat_field() honor the size limit
-        c0bcd04 shim-15.6~rc1
-        77144e5 SBAT Policy latest should be a one-shot
-    - 15.5 release note https://github.com/rhboot/shim/releases
-	Broken ia32 relocs and an unimportant submodule change. by @vathpela in #357
-	mok: allocate MOK config table as BootServicesData by @lcp in #361
-	Don't call QueryVariableInfo() on EFI 1.10 machines by @vathpela in #364
-	Relax the check for import_mok_state() by @lcp in #372
-	SBAT.md: trivial changes by @hallyn in #389
-	shim: another attempt to fix load options handling by @chrisccoulson in #379
-	Add tests for our load options parsing. by @vathpela in #390
-	arm/aa64: fix the size of .rela* sections by @lcp in #383
-	mok: fix potential buffer overrun in import_mok_state by @jyong2 in #365
-	mok: relax the maximum variable size check by @lcp in #369
-	Don't unhook ExitBootServices when EBS protection is disabled by @sforshee in #378
-	fallback: find_boot_option() needs to return the index for the boot entry in optnum by @jsetje in #396
-	httpboot: Ignore case when checking HTTP headers by @frozencemetery in #403
-	Fallback allocation errors by @vathpela in #402
-	shim: avoid BOOTx64.EFI in message on other architectures by @xypron in #406
-	str: remove duplicate parameter check by @xypron in #408
-	fallback: add compile option FALLBACK_NONINTERACTIVE by @xnox in #359
-	Test mok mirror by @vathpela in #394
-	Modify sbat.md to help with readability. by @eshiman in #398
-	csv: detect end of csv file correctly by @xypron in #404
-	Specify that the .sbat section is ASCII not UTF-8 by @daxtens in #413
-	tests: add "include-fixed" GCC directory to include directories by @diabonas in #415
-	pe: simplify generate_hash() by @xypron in #411
-	Don't make shim abort when TPM log event fails (RHBZ #2002265) by @rmetrich in #414
-	Fallback to default loader if parsed one does not exist by @julian-klode in #393
-	fallback: Fix for BootOrder crash when index returned by find_boot_option() is not in current BootOrder list by @rmetrich in #422
-	Better console checks by @vathpela in #416
-	docs: update SBAT UEFI variable name by @nicholasbishop in #421
-	Don't parse load options if invoked from removable media path by @julian-klode in #399
-	fallback: fix fallback not passing arguments of the first boot option by @martinezjavier in #433
-	shim: Don't stop forever at "Secure Boot not enabled" notification by @rmetrich in #438
-	Shim 15.5 coverity by @vathpela in #439
-	Allocate mokvar table in runtime memory. by @vathpela in #447
-	Remove post-process-pe on 'make clean' by @vathpela in #448
-	pe: missing perror argument by @xypron in #443
-    - 15.6-rc1 release note https://github.com/rhboot/shim/releases
-	MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
-	shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
-	post-process-pe: Fix a missing return code check by @vathpela in #462
-	Update github actions matrix to be more useful by @frozencemetery in #469
-	Add f36 and centos9 CI builds by @vathpela in #470
-	post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
-	tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
-	tests: fix gcc warnings by @akodanev in #463
-	Allow MokListTrusted to be enabled by default by @esnowberg in #455
-	Add code of conduct by @frozencemetery in #427
-	Re-add ARM AArch64 support by @vathpela in #468
-	Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
-	make: don't treat cert.S specially by @vathpela in #475
-	shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
-	Break out of the inner sbat loop if we find the entry. by @vathpela in #476
-	Support loading additional certificates by @esnowberg in #446
-	Add support for NX (W^X) mitigations. by @vathpela in #459
-	Misc fixups from scan-build. by @vathpela in #477
-	Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
-    - 15.6 release note https://github.com/rhboot/shim/releases
-	MokManager: removed Locate graphic output protocol fail error message by @joeyli in #441
-	shim: implement SBAT verification for the shim_lock protocol by @chrisccoulson in #456
-	post-process-pe: Fix a missing return code check by @vathpela in #462
-	Update github actions matrix to be more useful by @frozencemetery in #469
-	Add f36 and centos9 CI builds by @vathpela in #470
-	post-process-pe: Fix format string warnings on 32-bit platforms by @steve-mcintyre in #464
-	tests: also look for system headers in multi-arch directories by @steve-mcintyre in #466
-	tests: fix gcc warnings by @akodanev in #463
-	Allow MokListTrusted to be enabled by default by @esnowberg in #455
-	Add code of conduct by @frozencemetery in #427
-	Re-add ARM AArch64 support by @vathpela in #468
-	Use ASCII as fallback if Unicode Box Drawing characters fail by @vathpela in #428
-	make: don't treat cert.S specially by @vathpela in #475
-	shim: use SHIM_DEVEL_VERBOSE when built in devel mode by @vathpela in #474
-	Break out of the inner sbat loop if we find the entry. by @vathpela in #476
-	Support loading additional certificates by @esnowberg in #446
-	Add support for NX (W^X) mitigations. by @vathpela in #459
-	Misc fixups from scan-build. by @vathpela in #477
-	Fix preserve_sbat_uefi_variable() logic by @jsetje in #478
-	SBAT Policy latest should be a one-shot by @jsetje in #481
-	pe: Fix a buffer overflow when SizeOfRawData > VirtualSize by @chriscoulson
-	pe: Perform image verification earlier when loading grub by @chriscoulson
-	Update advertised sbat generation number for shim by @jsetje
-	Update SBAT generation requirements for 05/24/22 by @jsetje
-	Also avoid CVE-2022-28737 in verify_image() by @vathpela
-    - Drop upstreamed patch:
-	- shim-bsc1184454-allocate-mok-config-table-BS.patch
-		- Allocate MOK config table as BootServicesData to avoid the error message
-		  from linux kernel
-		- 4068fd42c8		15.5-rc1~70
-	- shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
-		- Handle ignore_db and user_insecure_mode correctly
-		- 822d07ad4f07		15.5-rc1~73
-	- shim-bsc1185621-relax-max-var-sz-check.patch
-		- Relax the maximum variable size check for u-boot
-		- 3f327f546c219634b2	15.5-rc1~49
-	- shim-bsc1185261-relax-import_mok_state-check.patch
-		- Relax the check for import_mok_state() when Secure Boot is off
-		- 9f973e4e95b113	15.5-rc1~67
-	- shim-bsc1185232-relax-loadoptions-length-check.patch
-		- Relax the check for the LoadOptions length
-		- ada7ff69bd8a95	15.5-rc1~52
-	- shim-fix-aa64-relsz.patch
-		- Fix the size of rela* sections for AArch64
-		- 34e3ef205c5d65	15.5-rc1~51
-	- shim-bsc1187260-fix-efi-1.10-machines.patch
-		- Don't call QueryVariableInfo() on EFI 1.10 machines
-		- 493bd940e5		15.5-rc1~69
-	- shim-bsc1185232-fix-config-table-copying.patch
-		- Avoid buffer overflow when copying the MOK config table
-		- 7501b6bb44		15.5-rc1~50
-	- shim-bsc1187696-avoid-deleting-rt-variables.patch
-		- Avoid deleting the mirrored RT variables
-		- b1fead0f7c9		15.5-rc1~37
-    - Add "rm -f *.o" after building MokManager/fallback in shim.spec
-      to make sure all object files gets rebuilt
-        - reference: https://github.com/rhboot/shim/pull/461
-- The following fix-CVE-2022-28737-v6 patches against bsc#1198458 are included
-  in shim-15.6.tar.bz2 
-    - shim-bsc1198458-pe-Fix-a-buffer-overflow-when-SizeOfRawData-VirtualS.patch
-        pe: Fix a buffer overflow when SizeOfRawData VirtualSize 
-    - shim-bsc1198458-pe-Perform-image-verification-earlier-when-loading-g.patch
-        pe: Perform image verification earlier when loading grub
-    - shim-bsc1198458-Update-advertised-sbat-generation-number-for-shim.patch
-        Update advertised sbat generation number for shim
-    - shim-bsc1198458-Update-SBAT-generation-requirements-for-05-24-22.patch
-        Update SBAT generation requirements for 05/24/22
-    - shim-bsc1198458-Also-avoid-CVE-2022-28737-in-verify_image.patch
-        Also avoid CVE-2022-28737 in verify_image()
-    - 0006-shim-15.6-rc2.patch
-    - 0007-sbat-add-the-parsed-SBAT-variable-entries-to-the-deb.patch
-        sbat: add the parsed SBAT variable entries to the debug log
-    - 0008-bump-version-to-shim-15.6.patch
-- Add mokutil command to post script for setting sbat policy to latest mode
-  when the SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23 is not created.
-  (bsc#1198458)
-- Add shim-bsc1198101-opensuse-cert-prompt.patch back to openSUSE shim to
-  show the prompt to ask whether the user trusts openSUSE certificate or not
-  (bsc#1198101)
-- Updated vendor dbx binary and script (bsc#1198458)
-    - Updated dbx-cert.tar.xz and vendor-dbx-sles.bin for adding
-      SLES-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
-    - Updated dbx-cert.tar.xz and vendor-dbx-opensuse.bin for adding
-      openSUSE-UEFI-SIGN-Certificate-2021-05.crt to vendor dbx list.
-    - Updated vendor-dbx.bin for adding SLES-UEFI-SIGN-Certificate-2021-05.crt
-      and openSUSE-UEFI-SIGN-Certificate-2021-05.crt for testing environment.
-    - Updated generate-vendor-dbx.sh script for generating a vendor-dbx.bin
-      file which includes all .der for testing environment.
-
--------------------------------------------------------------------
-Tue Apr 12 06:35:16 UTC 2022 - Ludwig Nussel <lnussel@suse.de>
-
-- use common SBAT values (boo#1193282)
-
--------------------------------------------------------------------
-Thu Jul 15 08:13:26 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
-
-- Update the SLE signatures (sync shim.changes from SLE)
-
--------------------------------------------------------------------
-Thu Jul  1 04:07:03 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Add shim-bsc1187696-avoid-deleting-rt-variables.patch to avoid
-  deleting the mirrored RT variables (bsc#1187696)
-
--------------------------------------------------------------------
-Mon Jun 21 08:51:37 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-(sync shim.changes from SLE)
-- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
-  vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
-  the size of MokListXRT (bsc#1185261)
-  + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
-- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
-  to handle ignore_db and user_insecure_mode correctly
-  (bsc#1185441, bsc#1187071)
-- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
-  maximum variable size check for u-boot (bsc#1185621)
-  + Also drop AArch64 suse-signed shim since we merged this patch
-- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
-  the check for import_mok_state() when Secure Boot is off.
-  (bsc#1185261)
-- Add shim-bsc1185232-relax-loadoptions-length-check.patch to
-  ignore the odd LoadOptions length (bsc#1185232)
-- shim-install: reset def_shim_efi to "shim.efi" if the given
-  file doesn't exist
-- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
-  for AArch64
-  Fix: https://github.com/rhboot/shim/issues/371
-- Add shim-disable-export-vendor-dbx.patch to disable exporting
-  vendor-dbx to MokListXRT since writing a large RT variable
-  could crash some machines (bsc#1185261)
-- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
-  potential crash when calling QueryVariableInfo in EFI 1.10
-  machines (bsc#1187260)
-- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
-  buffer overflow when copying data to the MOK config table
-  (bsc#1185232)
-
--------------------------------------------------------------------
-Mon Jun 21 08:51:37 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Add shim-bsc1185232-fix-config-table-copying.patch to avoid
-  buffer overflow when copying data to the MOK config table
-  (bsc#1185232)
-
--------------------------------------------------------------------
-Mon Jun 21 01:58:00 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Add shim-disable-export-vendor-dbx.patch to disable exporting
-  vendor-dbx to MokListXRT since writing a large RT variable
-  could crash some machines (bsc#1185261)
-- Add shim-bsc1187260-fix-efi-1.10-machines.patch to avoid the
-  potential crash when calling QueryVariableInfo in EFI 1.10
-  machines (bsc#1187260)
-
--------------------------------------------------------------------
-Thu Jun 17 03:03:37 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Add shim-fix-aa64-relsz.patch to fix the size of rela sections
-  for AArch64
-  Fix: https://github.com/rhboot/shim/issues/371 
-
--------------------------------------------------------------------
-Fri Jun  4 09:22:51 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Add shim-bsc1185232-relax-loadoptions-length-check.patch to
-  ignore the odd LoadOptions length (bsc#1185232)
-
--------------------------------------------------------------------
-Fri Jun  4 07:02:03 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-- shim-install: reset def_shim_efi to "shim.efi" if the given
-  file doesn't exist
-
--------------------------------------------------------------------
-Wed May 19 01:07:43 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
+Wed May 19 01:31:02 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
 
 - shim-install: instead of assuming "removable" for Azure, remove
   fallback.efi from \EFI\Boot and copy grub.efi/cfg to \EFI\Boot
@@ -694,218 +203,58 @@ Wed May 19 01:07:43 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
   efibootmgr (bsc#1185464, bsc#1185961)
 
 -------------------------------------------------------------------
-Tue May 11 02:57:14 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Add shim-bsc1185261-relax-import_mok_state-check.patch to relax
-  the check for import_mok_state() when Secure Boot is off.
-  (bsc#1185261)
-
--------------------------------------------------------------------
-Fri May  7 08:33:49 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
+Fri May  7 08:46:32 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
 
 - shim-install: always assume "removable" for Azure to avoid the
   endless reset loop (bsc#1185464)
 
 -------------------------------------------------------------------
-Thu May  6 06:45:39 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
+Tue Apr 27 08:58:26 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
 
-- Include suse-signed shim for AArch64 (bsc#1185621)
-  (sync shim.changes from SLE)
+- Also package the debuginfo and debugsource
+- Drop COPYRIGHT file since it's already in the shim rpm package
 
 -------------------------------------------------------------------
-Thu May  6 03:18:32 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
+Tue Apr 27 01:33:36 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
 
-- Add shim-bsc1185621-relax-max-var-sz-check.patch to relax the
-  maximum variable size check for u-boot (bsc#1185621)
-
--------------------------------------------------------------------
-Mon May  3 03:46:27 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Add shim-bsc1185441-fix-handling-of-ignore_db-and-user_insecure_mode.patch
-  to handle ignore_db and user_insecure_mode correctly
-  (bsc#1185441, bsc#1187071)
-
--------------------------------------------------------------------
-Wed Apr 28 09:28:30 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Split the keys in vendor-dbx.bin to vendor-dbx-sles and
-  vendor-dbx-opensuse for shim-sles and shim-opensuse to reduce
-  the size of MokListXRT (bsc#1185261) 
-  + Also update generate-vendor-dbx.sh in dbx-cert.tar.xz
-
--------------------------------------------------------------------
-Thu Apr 22 03:26:48 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Enable the AArch64 signature check for SLE (sync shim.changes from SLE)
-
--------------------------------------------------------------------
-Wed Apr 21 05:44:35 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
-
-- Update the SLE signatures (sync shim.changes from SLE)
-
--------------------------------------------------------------------
-Thu Apr  8 08:44:27 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Add shim-bsc1184454-allocate-mok-config-table-BS.patch to avoid
-  the error message during linux system boot (bsc#1184454)
-
--------------------------------------------------------------------
-Wed Apr  7 12:25:02 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
-
-- Add remove_build_id.patch to prevent the build id being added to 
-  the binary. That can cause issues with the signature
-
--------------------------------------------------------------------
-Wed Mar 31 08:40:49 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Update to 15.4 (bsc#1182057)
-  + Rename the SBAT variable and fix the self-check of SBAT
-  + sbat: add more dprint()
-  + arm/aa64: Swizzle some sections to make old sbsign happier
-  + arm/aa64 targets: put .rel* and .dyn* in .rodata
-- Drop upstreamed patch:
-  + shim-bsc1182057-sbat-variable-enhancement.patch
-
--------------------------------------------------------------------
-Mon Mar 29 07:18:20 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Add shim-bsc1182057-sbat-variable-enhancement.patch to change
-  the SBAT variable name and enhance the handling of SBAT
+- Update to the unified shim binary from SLE15-SP3 for SBAT support
   (bsc#1182057)
-
--------------------------------------------------------------------
-Wed Mar 24 01:29:17 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Update to 15.3 for SBAT support (bsc#1182057)
-  + Drop gnu-efi from BuildRequires since upstream pull it into the
-    tar ball.
-- Generate vender-specific SBAT metadata
-  + Add dos2unix to BuildRequires since Makefile requires it for
-    vendor SBAT
-- Update dbx-cert.tar.xz and vendor-dbx.bin to block the following
-  sign keys:
-  + SLES-UEFI-SIGN-Certificate-2020-07.crt
-  + openSUSE-UEFI-SIGN-Certificate-2020-07.crt
-- Refresh patches
+  + Version: 15.4, "Thu Apr 22 03:26:48 UTC 2021"
+  + Merged EKU codesign check (bsc#1177315)
+- Drop merged patches
   + shim-arch-independent-names.patch
   + shim-change-debug-file-path.patch
-  + shim-bsc1177315-verify-eku-codesign.patch
-    - Unified with shim-bsc1177315-fix-buffer-use-after-free.patch
-- Drop upstreamed fixes
-  + shim-correct-license-in-headers.patch
+  + shim-bsc1092000-fallback-menu.patch
   + shim-always-mirror-mok-variables.patch
-  + shim-bsc1175509-more-tpm-fixes.patch
-  + shim-bsc1173411-only-check-efi-var-on-sb.patch
-  + shim-fix-verify-eku.patch
+  + shim-correct-license-in-headers.patch
   + gcc9-fix-warnings.patch
   + shim-fix-gnu-efi-3.0.11.patch
-  + shim-bsc1177404-fix-a-use-of-strlen.patch
-  + shim-do-not-write-string-literals.patch
-  + shim-VLogError-Avoid-Null-pointer-dereferences.patch
-  + shim-bsc1092000-fallback-menu.patch
-  + shim-bsc1175509-tpm2-fixes.patch
-  + shim-bsc1174512-correct-license-in-headers.patch
-  + shim-bsc1182776-fix-crash-at-exit.patch
-- Drop shim-opensuse-cert-prompt.patch
-  + All newly released openSUSE kernels enable kernel lockdown
-    and signature verification, so there is no need to add the
-    prompt anymore.
+  + shim-bsc1173411-only-check-efi-var-on-sb.patch
+- Drop shim-opensuse-cert-prompt.patch since the openSUSE kernel
+  enabled lockdown.
 
 -------------------------------------------------------------------
-Thu Mar 11 03:15:03 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
+Fri Oct 16 02:00:45 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>
 
-- Refresh shim-bsc1182776-fix-crash-at-exit.patch to do the cleanup
-  also when Secure Boot is disabled (bsc#1183213, bsc#1182776)
-- Merged linker-version.pl into timestamp.pl and add the linker
-  version to signature files accordingly
-
--------------------------------------------------------------------
-Mon Mar  8 03:13:13 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Add shim-bsc1182776-fix-crash-at-exit.patch to fix the potential
-  crash at Exit() (bsc#1182776)
-
--------------------------------------------------------------------
-Fri Jan 22 03:29:56 UTC 2021 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Update the SLE signature
-- Exclude some patches from x86_64 to avoid breaking the signature
-- Add shim-correct-license-in-headers.patch back for x86_64 to
-  match the SLE signature
-- Add linker-version.pl to modify the EFI/PE header to match the
-  SLE signature
-
--------------------------------------------------------------------
-Wed Nov  4 05:53:35 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Disable the signature attachment for AArch64 temporarily until
-  we get a real one.
-
--------------------------------------------------------------------
-Mon Nov  2 06:52:13 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Add shim-bsc1177315-verify-eku-codesign.patch to check CodeSign
-  in the signer's EKU (bsc#1177315)
-- Add shim-bsc1177789-fix-null-pointer-deref-AuthenticodeVerify.patch
-  to fix NULL pointer dereference in AuthenticodeVerify()
-  (bsc#1177789, CVE-2019-14584)
+- Include suse-signed shim (bsc#1177315)
 - shim-install: Support changing default shim efi binary in
   /usr/etc/default/shim and /etc/default/shim (bsc#1177315)
-- Add shim-bsc1177315-fix-buffer-use-after-free.patch to fix buffer
-  use-after-free at the end of the EKU verification (bsc#1177315)
 
 -------------------------------------------------------------------
-Wed Oct 14 07:34:18 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Add shim-bsc1177404-fix-a-use-of-strlen.patch to fix the length
-  of the option data string to launch the program correctly
-  (bsc#1177404)
-- Add shim-bsc1175509-more-tpm-fixes.patch to fix the file path
-  in the tpm even log (bsc#1175509)
-
--------------------------------------------------------------------
-Mon Sep 14 08:06:27 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Add shim-VLogError-Avoid-Null-pointer-dereferences.patch to fix
-  VLogError crash in AArch64 (jsc#SLE-15824)
-- Add shim-fix-verify-eku.patch to fix the potential crash at
-  verify_eku() (jsc#SLE-15824)
-- Add shim-do-not-write-string-literals.patch to fix the potential
-  crash when accessing the DEFAULT_LOADER string (jsc#SLE-15824)
-
--------------------------------------------------------------------
-Fri Sep  4 15:08:19 UTC 2020 - Guillaume GARDET <guillaume.gardet@opensuse.org>
-
-- Enable build on aarch64
-
--------------------------------------------------------------------
-Mon Aug 24 03:20:52 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>
+Mon Aug 24 09:12:18 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>
 
 - shim-install: install MokManager to \EFI\boot to process the
   pending MOK request (bsc#1175626, bsc#1175656)
 
--------------------------------------------------------------------
-Fri Aug 21 04:00:39 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Add shim-bsc1175509-tpm2-fixes.patch to fix the TPM2 measurement
-  (bsc#1175509)
-
 -------------------------------------------------------------------
 Thu Aug  6 09:43:19 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>
 
 - Amend the check of %shim_enforce_ms_signature
 
 -------------------------------------------------------------------
-Fri Jul 31 07:41:26 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
+Fri Jul 31 08:05:05 UTC 2020 - Johannes Segitz <jsegitz@suse.com>
 
-- Updated openSUSE signature
-
--------------------------------------------------------------------
-Mon Jul 27 07:26:03 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>
-
-- Replace shim-correct-license-in-headers.patch with the upstream
-  commit: shim-bsc1174512-correct-license-in-headers.patch
-  (bsc#1174512)
+- Updated SUSE signature
 
 -------------------------------------------------------------------
 Wed Jul 22 09:23:02 UTC 2020 - Gary Ching-Pang Lin <glin@suse.com>

shim.spec

@@ -14,31 +14,20 @@
 
 # Please submit bugfixes or comments via https://bugs.opensuse.org/
 #
-# needssslcertforbuild
-
 
 %undefine _debuginfo_subpackages
 %undefine _build_create_debug
-%ifarch aarch64
-%define grubplatform arm64-efi
-%else
-%define grubplatform %{_target_cpu}-efi
-%endif
-%if %{defined sle_version} && 0%{?sle_version} <= 150000
-%define sysefidir      /usr/lib64/efi
-%else
+%undefine _enable_debug_packages
+# Move 'efi'-executables to '/usr/share/efi' (FATE#326960, bsc#1166523)
 %define sysefibasedir  %{_datadir}/efi
 %define sysefidir      %{sysefibasedir}/%{_target_cpu}
-%if "%{grubplatform}" == "x86_64-efi" && 0%{?suse_version} < 1600
+%if 0%{?suse_version} < 1600
+%ifarch x86_64
 # provide compatibility sym-link for residual kiwi, etc.
 %define shim_lib64_share_compat 1
 %endif
 %endif
 
-%if 0%{?suse_version} >= 1600
-%define shim_use_fde_tpm_helper 1
-%endif
-
 Name:           shim
 Version:        15.8
 Release:        0
@@ -46,307 +35,91 @@ Summary:        UEFI shim loader
 License:        BSD-2-Clause
 Group:          System/Boot
 URL:            https://github.com/rhboot/shim
-Source:         %{name}-%{version}.tar.bz2
-# run "extract_signature.sh shim.efi" where shim.efi is the binary
-# with the signature from the UEFI signing service.
-# Note: For signature requesting, check SIGNATURE_UPDATE.txt
-Source1:        signature-opensuse.x86_64.asc
-Source2:        openSUSE-UEFI-CA-Certificate.crt
-Source3:        shim-install
-Source4:        SLES-UEFI-CA-Certificate.crt
-Source5:        extract_signature.sh
-Source6:        attach_signature.sh
-Source7:        show_hash.sh
-Source8:        show_signatures.sh
-Source9:        timestamp.pl
-Source10:       strip_signature.sh
-Source11:       signature-sles.x86_64.asc
-Source12:       signature-opensuse.aarch64.asc
-Source13:       signature-sles.aarch64.asc
-Source14:       generate-vendor-dbx.sh
-# revoked certificates for dbx
-Source50:       revoked-openSUSE-UEFI-SIGN-Certificate-2013-01.crt
-Source51:       revoked-openSUSE-UEFI-SIGN-Certificate-2013-08.crt
-Source52:       revoked-openSUSE-UEFI-SIGN-Certificate-2020-01.crt
-Source53:       revoked-openSUSE-UEFI-SIGN-Certificate-2020-07.crt
-Source54:       revoked-openSUSE-UEFI-SIGN-Certificate-2021-05.crt
-Source55:       revoked-SLES-UEFI-SIGN-Certificate-2013-01.crt
-Source56:       revoked-SLES-UEFI-SIGN-Certificate-2013-04.crt
-Source57:       revoked-SLES-UEFI-SIGN-Certificate-2016-02.crt
-Source58:       revoked-SLES-UEFI-SIGN-Certificate-2020-07.crt
-Source59:       revoked-SLES-UEFI-SIGN-Certificate-2021-05.crt
-###
-Source99:       SIGNATURE_UPDATE.txt
-# PATCH-FIX-SUSE shim-arch-independent-names.patch glin@suse.com -- Use the Arch-independent names
-Patch1:         shim-arch-independent-names.patch
-# PATCH-FIX-OPENSUSE shim-change-debug-file-path.patch glin@suse.com -- Change the default debug file path
-Patch2:         shim-change-debug-file-path.patch
-# PATCH-FIX-SUSE shim-bsc1177315-verify-eku-codesign.patch bsc#1177315 glin@suse.com -- Verify CodeSign in the signer's EKU
-Patch3:         shim-bsc1177315-verify-eku-codesign.patch
-# PATCH-FIX-SUSE remove_build_id.patch -- Remove the build ID to make the binary reproducible when building with AArch64 container
-Patch4:         remove_build_id.patch
-# PATCH-FIX-SUSE shim-disable-export-vendor-dbx.patch bsc#1185261 glin@suse.com -- Disable exporting vendor-dbx to MokListXRT
-Patch5:         shim-disable-export-vendor-dbx.patch
-BuildRequires:  dos2unix
-BuildRequires:  efitools
-BuildRequires:  mozilla-nss-tools
-BuildRequires:  openssl >= 0.9.8
-BuildRequires:  pesign
-BuildRequires:  pesign-obs-integration
-%if 0%{?shim_use_fde_tpm_helper:1}
+Source:         shim-15.8-150300.4.20.2.x86_64.rpm
+Source1:        shim-debuginfo-15.8-150300.4.20.2.x86_64.rpm
+Source2:        shim-debugsource-15.8-150300.4.20.2.x86_64.rpm
+Source3:        shim-15.8-150300.4.20.2.aarch64.rpm
+Source4:        shim-debuginfo-15.8-150300.4.20.2.aarch64.rpm
+Source5:        shim-debugsource-15.8-150300.4.20.2.aarch64.rpm
+Source6:        shim-install
+#BuildRequires:	shim-susesigned
 BuildRequires:  fde-tpm-helper-rpm-macros
-%endif
-%if 0%{?suse_version} > 1320
 BuildRequires:  update-bootloader-rpm-macros
-%endif
-%if 0%{?update_bootloader_requires:1}
-%update_bootloader_requires
-%else
 Requires:       perl-Bootloader
-%endif
+BuildRoot:      %{_tmppath}/%{name}-%{version}-build
+# For shim-install script
+Requires:       grub2-efi
 %if 0%{?fde_tpm_update_requires:1}
 %fde_tpm_update_requires
 %endif
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
-# For shim-install script grub is needed but we also want to use
-# shim for systemd-boot where shim-install is not actually used.
-# Requires:       grub2-%{grubplatform}
-Requires:       mokutil
 ExclusiveArch:  x86_64 aarch64
 
 %description
 shim is a trivial EFI application that, when run, attempts to open and
 execute another application.
 
-%package -n shim-debuginfo
+%package debuginfo
 Summary:        UEFI shim loader - debug symbols
 Group:          Development/Debug
 
-%description -n shim-debuginfo
+%description debuginfo
 The debug symbols of UEFI shim loader
 
-%package -n shim-debugsource
+%package debugsource
 Summary:        UEFI shim loader - debug source
 Group:          Development/Debug
 
-%description -n shim-debugsource
+%description debugsource
 The source code of UEFI shim loader
 
 %prep
-%autosetup -p1
+%ifarch x86_64
+rpm2cpio %{SOURCE0} | cpio --extract --unconditional --preserve-modification-time --make-directories
+rpm2cpio %{SOURCE1} | cpio --extract --unconditional --preserve-modification-time --make-directories
+rpm2cpio %{SOURCE2} | cpio --extract --unconditional --preserve-modification-time --make-directories
+%endif
+%ifarch aarch64
+rpm2cpio %{SOURCE3} | cpio --extract --unconditional --preserve-modification-time --make-directories
+rpm2cpio %{SOURCE4} | cpio --extract --unconditional --preserve-modification-time --make-directories
+rpm2cpio %{SOURCE5} | cpio --extract --unconditional --preserve-modification-time --make-directories
+%endif
 
 %build
-# generate the vendor SBAT metadata
-%if 0%{?is_opensuse} == 1 || 0%{?sle_version} == 0
-distro_id="opensuse"
-distro_name="The openSUSE project"
-%else
-distro_id="sle"
-distro_name="SUSE Linux Enterprise"
-%endif
-distro_sbat=1
-sbat="shim.${distro_id},${distro_sbat},${distro_name},%{name},%{version},mail:security@suse.de"
-echo "${sbat}" > data/sbat.vendor.csv
-
-# generate dbx files based on revoked certs
-bash %{_sourcedir}/generate-vendor-dbx.sh %{_sourcedir}/revoked-*.crt
-ls -al *.esl
-
-# first, build MokManager and fallback as they don't depend on a
-# specific certificate
-make RELEASE=0 \
-     MMSTEM=MokManager FBSTEM=fallback \
-     MokManager.efi.debug fallback.efi.debug \
-     MokManager.efi fallback.efi
-# make sure all object files gets rebuilt
-rm -f *.o
-
-# now build variants of shim that embed different certificates
-default=''
-suffixes=(opensuse sles)
-# check whether the project cert is a known one. If it is we build
-# just one shim that embeds this specific cert. If it's a devel
-# project we build all variants to simplify testing.
-if test -e %{_sourcedir}/_projectcert.crt ; then
-    prjsubject=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -subject_hash)
-    prjissuer=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -issuer_hash)
-    opensusesubject=$(openssl x509 -in %{SOURCE2} -noout -subject_hash)
-    slessubject=$(openssl x509 -in %{SOURCE4} -noout -subject_hash)
-    if test "$prjissuer" = "$opensusesubject" ; then
-	suffixes=(opensuse)
-    elif test "$prjissuer" = "$slessubject" ; then
-	suffixes=(sles)
-    elif test "$prjsubject" = "$prjissuer" ; then
-	suffixes=(devel opensuse sles)
-    fi
-fi
-
-for suffix in "${suffixes[@]}"; do
-    if test "$suffix" = "opensuse"; then
-	cert=%{SOURCE2}
-	verify='openSUSE Secure Boot CA1'
-	vendor_dbx='vendor-dbx-opensuse.esl'
-%ifarch x86_64
-	signature=%{SOURCE1}
-%else
-	# AArch64 signature
-	# Disable AArch64 signature attachment temporarily
-	# until we get a real one.
-	#signature=%{SOURCE12}
-%endif
-    elif test "$suffix" = "sles"; then
-	cert=%{SOURCE4}
-	verify='SUSE Linux Enterprise Secure Boot CA1'
-	vendor_dbx='vendor-dbx-opensuse.esl'
-%ifarch x86_64
-	signature=%{SOURCE11}
-%else
-	# AArch64 signature
-	signature=%{SOURCE13}
-%endif
-    elif test "$suffix" = "devel"; then
-	cert=%{_sourcedir}/_projectcert.crt
-	verify=`openssl x509 -in "$cert" -noout -email`
-	vendor_dbx='vendor-dbx.esl'
-	signature=''
-	test -e "$cert" || continue
-    else
-	echo "invalid suffix"
-	false
-    fi
-
-    openssl x509 -in $cert -outform DER -out shim-$suffix.der
-    make RELEASE=0 SHIMSTEM=shim \
-         VENDOR_CERT_FILE=shim-$suffix.der ENABLE_HTTPBOOT=1 \
-         DEFAULT_LOADER="\\\\\\\\grub.efi" \
-         VENDOR_DBX_FILE=$vendor_dbx \
-         shim.efi.debug shim.efi
-    #
-    # assert correct certificate embedded
-    grep -q "$verify" shim.efi
-    # make VENDOR_CERT_FILE=cert.der VENDOR_DBX_FILE=dbx
-    chmod 755 %{SOURCE9}
-    # alternative: verify signature
-    #sbverify --cert MicCorThiParMarRoo_2010-10-05.pem shim-signed.efi
-    if test -n "$signature"; then
-	head -1 "$signature" > hash1
-	cp shim.efi shim.efi.bak
-	# pe header contains timestamp and checksum. we need to
-	# restore that
-	%{SOURCE9} --set-from-file "$signature" shim.efi
-	pesign -h -P -i shim.efi > hash2
-	cat hash1 hash2
-	if ! cmp -s hash1 hash2; then
-		echo "ERROR: $suffix binary changed, need to request new signature!"
-%if %{defined shim_enforce_ms_signature} && 0%{?shim_enforce_ms_signature} > 0
-		# compare suffix (sles, opensuse) with distro_id (sle, opensuse)
-		# when hash mismatch and distro_id match with suffix, stop building 
-		if test "$suffix" = "$distro_id" || test "$suffix" = "${distro_id}s"; then
-			false
-		fi
-%endif
-		mv shim.efi.bak shim-$suffix.efi
-		rm shim.efi
-	else
-		# attach signature
-		pesign -m "$signature" -i shim.efi -o shim-$suffix.efi
-		rm -f shim.efi
-	fi
-    else
-        mv shim.efi shim-$suffix.efi
-    fi
-    mv shim.efi.debug shim-$suffix.debug
-    # remove the build cert if exists
-    rm -f shim_cert.h shim.cer shim.crt
-    # make sure all object files gets rebuilt
-    rm -f *.o
-done
-
-ln -s shim-${suffixes[0]}.efi shim.efi
-mv shim-${suffixes[0]}.debug shim.debug
-
-# Collect the source for debugsource
-mkdir ../source
-find . \( -name "*.c" -o -name "*.h" \) -type f -exec cp --parents -a {} ../source/ \;
-mv ../source .
 
 %install
-export BRP_PESIGN_FILES='%{sysefidir}/shim*.efi %{sysefidir}/MokManager.efi %{sysefidir}/fallback.efi'
-install -d %{buildroot}/%{sysefidir}
-cp -a shim*.efi %{buildroot}/%{sysefidir}
-install -m 444 shim-*.der %{buildroot}/%{sysefidir}
-install -m 644 MokManager.efi %{buildroot}/%{sysefidir}/MokManager.efi
-install -m 644 fallback.efi %{buildroot}/%{sysefidir}/fallback.efi
-install -d %{buildroot}/%{_sbindir}
-install -m 755 %{SOURCE3} %{buildroot}/%{_sbindir}/
-# install SUSE certificate
-install -d %{buildroot}/%{_sysconfdir}/uefi/certs/
-for file in shim-*.der; do
-    filename=$(echo "$file" | cut -f 1 -d '.')
-    fpr=$(openssl x509 -sha1 -fingerprint -inform DER -noout -in $file | cut -c 18- | cut -d ":" -f 1,2,3,4 | sed 's/://g')
-    install -m 644 $file %{buildroot}/%{_sysconfdir}/uefi/certs/${fpr}-${filename}.crt
-done
+# purely repackaged
+cp -a etc usr %{buildroot}
+
 %if %{defined shim_lib64_share_compat}
-    [ "%{sysefidir}" != "/usr/lib64/efi" ] || exit 1
-    # provide compatibility sym-link for residual "consumers"
-    install -d %{buildroot}/usr/lib64/efi
-    ln -srf %{buildroot}/%{sysefidir}/*.efi %{buildroot}/usr/lib64/efi/
+echo old
+%else
+rm -rf %{buildroot}/usr/lib64/efi
 %endif
 
-# install the debug symbols
-install -d %{buildroot}/usr/lib/debug/%{sysefidir}
-install -m 644 shim.debug %{buildroot}/usr/lib/debug/%{sysefidir}
-install -m 644 MokManager.efi.debug %{buildroot}/usr/lib/debug/%{sysefidir}/MokManager.debug
-install -m 644 fallback.efi.debug %{buildroot}/usr/lib/debug/%{sysefidir}/fallback.debug
+# also copy over the susesigned shim
+# we did this to shortcut some cert work in 15-sp2, we currently do not need it
+#install -m 444 %{sysefidir}/shim-susesigned.* %{buildroot}/%{sysefidir}
 
-# install the debug source
-install -d %{buildroot}/usr/src/debug/%{name}-%{version}
-cp -r source/* %{buildroot}/usr/src/debug/%{name}-%{version}
-
-%clean
-%{?buildroot:%__rm -rf "%{buildroot}"}
+# Install the updated shim-install
+install -m 755 %{SOURCE6} %{buildroot}/%{_sbindir}
 
 %post
 %if 0%{?fde_tpm_update_post:1}
 %fde_tpm_update_post shim
 %endif
 
-%if 0%{?update_bootloader_check_type_reinit_post:1}
+%if 0%{?update_bootloader_check_type_reinit_post:1} 
 %update_bootloader_check_type_reinit_post grub2-efi
 %else
 /sbin/update-bootloader --reinit || true
 %endif
 
-# copy from kernel-scriptlets/cert-script
-is_efi () {
-    local msg rc=0
-# The below statement fails if mokutil isn't installed or UEFI is unsupported.
-# It doesn't fail if UEFI is available but secure boot is off.
-    msg="$(mokutil --sb-state 2>&1)" || rc=$?
-    return $rc
-}
-# run mokutil for setting sbat policy to latest mode
-EFIVARFS=/sys/firmware/efi/efivars
-SBAT_POLICY="$EFIVARFS/SbatPolicy-605dab50-e046-4300-abb6-3dd810dd8b23"
-if is_efi; then
-        if [ -w $EFIVARFS ] && \
-           [ ! -f "$SBAT_POLICY" ] && \
-           mokutil -h | grep -q "set-sbat-policy"; \
-        then
-        # Only apply CA check on the kernel package certs (bsc#1173115)
-                mokutil --set-sbat-policy latest
-        fi
-fi
-
-%if %{defined update_bootloader_posttrans}
 %posttrans
 %{?update_bootloader_posttrans}
 %{?fde_tpm_update_posttrans}
-%endif
 
 %files
 %defattr(-,root,root)
-%doc COPYRIGHT
 %dir %{?sysefibasedir}
 %dir %{sysefidir}
 %{sysefidir}/shim.efi
@@ -363,16 +136,13 @@ fi
 %dir /usr/lib64/efi
 /usr/lib64/efi/*.efi
 %endif
+/usr/share/doc/packages/shim
 
-%files -n shim-debuginfo
-%defattr(-,root,root,-)
-/usr/lib/debug%{sysefidir}/shim.debug
-/usr/lib/debug%{sysefidir}/MokManager.debug
-/usr/lib/debug%{sysefidir}/fallback.debug
+%files debuginfo
+/usr/lib/debug/%{sysefidir}/*.debug
 
-%files -n shim-debugsource
-%defattr(-,root,root,-)
-%dir /usr/src/debug/%{name}-%{version}
-/usr/src/debug/%{name}-%{version}/*
+%files debugsource
+%dir /usr/src/debug/shim-*
+/usr/src/debug/shim-*/*
 
 %changelog

show_hash.sh

@@ -1,12 +0,0 @@
-#!/bin/bash
-# show hash of PE binary
-set -e
-
-infile="$1"
-
-if [ -z "$infile" -o ! -e "$infile" ]; then
-	echo "USAGE: $0 file.efi"
-	exit 1
-fi
-
-pesign -h -P -i "$infile"

show_signatures.sh

@@ -1,12 +0,0 @@
-#!/bin/bash
-# show signatures on a PE binary
-set -e
-
-infile="$1"
-
-if [ -z "$infile" -o ! -e "$infile" ]; then
-	echo "USAGE: $0 file.efi"
-	exit 1
-fi
-
-pesign -S -i "$infile"

signature-opensuse.aarch64.asc

@@ -1,188 +0,0 @@
-hash: 96275dfd6282a522b011177ee049296952ac794832091f937fbbf92869028629
-# 2069-04-10 06:07:54
-timestamp: babababa
-linker: 2002
-checksum: ef25
------BEGIN AUTHENTICODE SIGNATURE-----
-MIIhwQYJKoZIhvcNAQcCoIIhsjCCIa4CAQExDzANBglghkgBZQMEAgEFADBcBgor
-BgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgB
-ZQMEAgEFAAQglidd/WKCpSKwERd+4EkpaVKseUgyCR+Tf7v5KGkChimgggs8MIIF
-JDCCBAygAwIBAgITMwAAABjnMIN/Ryp7WwABAAAAGDANBgkqhkiG9w0BAQsFADCB
-gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
-ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi
-TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTAeFw0xNTEwMjgyMDQz
-MzdaFw0xNzAxMjgyMDQzMzdaMIGVMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz
-aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv
-cnBvcmF0aW9uMQ0wCwYDVQQLEwRNT1BSMTAwLgYDVQQDEydNaWNyb3NvZnQgV2lu
-ZG93cyBVRUZJIERyaXZlciBQdWJsaXNoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQCxZkprRvykOB1+X8MMpDVlB36RVafGyaZ8Dsl5/8U92WKQvqdx
-T7SsnmbDv9TNSndVGzFvH5p4dn1Q/52kuDMpwpjGUqTWrx1+jrZOYrb02uTL/+QZ
-H/nxW96fPJqKIEnqe16lLp2WCjT6J7AzckF67KEW6voOzXITZLP8t3OCqNWIWXy3
-ABLiZllI3O+VAwmRlosEmPYcD2qM3KxhPNvT+GZ2gb+FrLKvuRNxpHK0iZBxnrSg
-SnTlSfqzOAf9LWP6f4ajn04tdPOCRh3xuPM/bHJlCS40hBH2hYAV40s1vKTL8/Uf
-lTVdaBrq6f6NZAc4RFWnQgc/32xiYIcQ6AmjAgMBAAGjggF9MIIBeTAfBgNVHSUE
-GDAWBggrBgEFBQcDAwYKKwYBBAGCN1ACATAdBgNVHQ4EFgQUI3JhxfMYweN5Brdl
-fggzjB4hb1owUQYDVR0RBEowSKRGMEQxDTALBgNVBAsTBE1PUFIxMzAxBgNVBAUT
-KjMxNjE5K2UyOTg0YTM1LWNmNGYtNDEwZC04ZWMzLTcxOTYxNWJmOGMxYjAfBgNV
-HSMEGDAWgBQTrb9DCb2CcJyM1U8xbtUimIob1DBTBgNVHR8ETDBKMEigRqBEhkJo
-dHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb3JVRUZDQTIw
-MTFfMjAxMS0wNi0yNy5jcmwwYAYIKwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRo
-dHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvclVFRkNB
-MjAxMV8yMDExLTA2LTI3LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUA
-A4IBAQBxu75jhm/XBbQkp7pR8jykioQZc4KXLTqPQ1l/Z5KO1yY6oKImgbidhR3b
-ZV+cz5MqktoNxsf0Pt7WVxbuZe0nOe8UC7ldmH3NwbfukTSr0CNw4Sw+unFmLxDo
-g3BhCstsmP/yfDizuCkzPXVCjoBK3tCbNIZxfUEYjwSJAsFpeHvPEJlse2beTfpb
-ghe9sCMUOT2yiKjf+1tbY6FNeB6/DvpaxkBYX99jcLy1KHD5LWcoIjEREhFybILA
-mhoagQQ7upVbQLvJHAMyctmHUh432Kod0PpUUTwSrMChSAgB0t+l5DinGgowpoSj
-kjMiS55xRj22uZpnBzckogBCW0LGMIIGEDCCA/igAwIBAgIKYQjTxAAAAAAABDAN
-BgkqhkiG9w0BAQsFADCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0
-b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3Jh
-dGlvbjE7MDkGA1UEAxMyTWljcm9zb2Z0IENvcnBvcmF0aW9uIFRoaXJkIFBhcnR5
-IE1hcmtldHBsYWNlIFJvb3QwHhcNMTEwNjI3MjEyMjQ1WhcNMjYwNjI3MjEzMjQ1
-WjCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
-B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UE
-AxMiTWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAKUIbEzHRQlqSwykwId/BnUMQwFUZOAWfwft
-kn0LsnO/DArGSkVhoMUWLZbT9Sug+01Jm0GAkDy5VP3mvNGdxKQYin9BilxZg2gy
-u4xHye5xvCFPmop8/0Q/jY8ysiZIrnW17slMHkoZfuSCmh14d00MsL32D9MW07z6
-K6VROF31+7rbeALb/+wKG5bVg7gZE+m2wHtAe+EfKCfJ+u9WXhzmfpR+wPBEsnk5
-5dqyYotNvzhw4mgkFMkzpAg31VhpXtN87cEEUwjnTrAqh2MIYW9jFVnqsit51wxh
-Z4pb/V6th3+6hmdPcVgSIgQiIs6L71RxAM5QNVh2lQjuarGiAdUCAwEAAaOCAXYw
-ggFyMBIGCSsGAQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFPjBa7d/d1NK
-8yU3HU6hJnsPIHCAMB0GA1UdDgQWBBQTrb9DCb2CcJyM1U8xbtUimIob1DAZBgkr
-BgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw
-AwEB/zAfBgNVHSMEGDAWgBRFZlJD4X5YEb/WTp4jVQg7OiJqqDBcBgNVHR8EVTBT
-MFGgT6BNhktodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0
-cy9NaWNDb3JUaGlQYXJNYXJSb29fMjAxMC0xMC0wNS5jcmwwYAYIKwYBBQUHAQEE
-VDBSMFAGCCsGAQUFBzAChkRodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2Nl
-cnRzL01pY0NvclRoaVBhck1hclJvb18yMDEwLTEwLTA1LmNydDANBgkqhkiG9w0B
-AQsFAAOCAgEANQhC/zDMzvd2DK0QaFg1KUYydid87xJBJ0IbSqptgThIWRNV8+lY
-NKYWC4KqXa2C2oCDQQaPtB3yA7nzGl0b8VCQ+bNVhEIoHCC9sq5RFMXArJeVIRyQ
-2w/8d56Vc5GIyr29UrkFUA3fV56gYe0N5W0l2UAPF0DIzqNKwk2vmhIdCFSPvce8
-uSs9SSsfMvxqIWlPm8h+QjT8NgYXi48gQMCzmiV1J83JA6P2XdHnNlR6uVC10xLR
-B7+7dN/cHo+A1e0Y9C8UFmsv3maMsCPlx4TY7erBM4KtVksYLfFolQfNz/By8K67
-3YaFmCwhTDMr8A9K8GiHtZJVMnWhaoJqPKMlEaTtrdcErsvYQFmghNGVTGKRIhp0
-HYw9Rw5EpuSwmzQ1sfq2U6gsgeykBXHInbi66BtEZuRHVA6OVn+znxaYsobQaD6Q
-I7UvXo9QhY3GjYJfQaH0Lg3gmdJsdeS2abUhhvoH0fbiTdHarSx3Ux4lMjfHbFJy
-lYaw8TVhahn1sjuBUFamMi3+oon5QoYnGFWhgspam/gwmFQUpkeWJS/IJuRBlBpc
-Aj/lluOFWzw+P7tHFnJV4iUisdl75wMGKqP3HpBGwwAN1hmJ4w41J2IDcRWm79An
-oKBZN2D4OJS44Hhw+LpMhoeU9uCuAkXuZcK2o35pFnUHkpv1prxZg1gxghX4MIIV
-9AIBATCBmTCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO
-BgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEr
-MCkGA1UEAxMiTWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMQITMwAA
-ABjnMIN/Ryp7WwABAAAAGDANBglghkgBZQMEAgEFAKCB4jAZBgkqhkiG9w0BCQMx
-DAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkq
-hkiG9w0BCQQxIgQgC5Mui2KqvNqQsTzZfuTIs4mo9KL7c0hG3k6fhLXdT1EwdgYK
-KwYBBAGCNwIBDDFoMGagMoAwAFMAVQBTAEUAIABMAGkAbgB1AHgAIABQAHIAbwBk
-AHUAYwB0AHMAIABHAG0AYgBIoTCALmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS93
-aGRjL2hjbC9kZWZhdWx0Lm1zcHgwDQYJKoZIhvcNAQEBBQAEggEAUpAOjQut0b9l
-iTNUwPVDzKzJNK4v8eNc176xvOSLqKkMBj2DmciVbi6va9u6Lp72cGz/8ixIm/pJ
-wuObM/xSQdd6NI9DWy1O4/MtAyIgl56ynXplEm9/tGlbu19mQo4TFBG+DuMEFoq3
-ZVg8s8n3upVrAOprYIQbhBenO8KgF9QOJ2er/+NyRlc/Kkdtlg5haN7QNhBxGl/z
-0JFnDE7weUDqn4RFYkS6SKH7iIG6YZN5FgmrgrMbIqqKLK0Ro7N/BhI+WilX8kLU
-F4uuT9bvKAtc/fZkR8ncvUp9F9+zHevqWyYp6vA6O1fis4RPvfcPzsstInUOsyN/
-LPeVYEqUK6GCE0owghNGBgorBgEEAYI3AwMBMYITNjCCEzIGCSqGSIb3DQEHAqCC
-EyMwghMfAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggE8BgsqhkiG9w0BCRABBKCCASsE
-ggEnMIIBIwIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFlAwQCAQUABCDYr609VK4b
-Nh7kCWgKnvrLUKV15/Hk9cQt/xPyRZoRyAIGVk82mzoxGBMyMDE1MTIwMzA3NTY0
-MC44NzhaMAcCAQGAAgH0oIG4pIG1MIGyMQswCQYDVQQGEwJVUzETMBEGA1UECBMK
-V2FzaGluZ3RvbjEPMA0GA1UEBxMGUmVkbW9kMR4wHAYDVQQKExVNaWNyb3NvZnQg
-Q29ycG9yYXRpb24xDTALBgNVBAsTBE1PUFIxJzAlBgNVBAsTHm5DaXBoZXIgRFNF
-IEVTTjozMUM1LTMwQkEtN0M5MTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3Rh
-bXAgU2VydmljZaCCDs4wggZxMIIEWaADAgECAgphCYEqAAAAAAACMA0GCSqGSIb3
-DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4G
-A1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIw
-MAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAx
-MDAeFw0xMDA3MDEyMTM2NTVaFw0yNTA3MDEyMTQ2NTVaMHwxCzAJBgNVBAYTAlVT
-MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQK
-ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1l
-LVN0YW1wIFBDQSAyMDEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-qR0NvHcRijog7PwTl/X6f2mUa3RUENWlCgCChfvtfGhLLF/Fw+Vhwna3PmYrW/AV
-UycEMR9BGxqVHc4JE458YTBZsTBED/FgiIRUQwzXTbg4CLNC3ZOs1nMwVyaCo0UN
-0Or1R4HNvyRgMlhgRvJYR4YyhB50YWeRX4FUsc+TTJLBxKZd0WETbijGGvmGgLvf
-YfxGwScdJGcSchohiq9LZIlQYrFd/XcfPfBXday9ikJNQFHRD5wGPmd/9WbAA5ZE
-fu/QS/1u5ZrKsajyeioKMfDaTgaRtogINeh4HLDpmc085y9Euqf03GS9pAHBIAmT
-eM38vMDJRF1eFpwBBU8iTQIDAQABo4IB5jCCAeIwEAYJKwYBBAGCNxUBBAMCAQAw
-HQYDVR0OBBYEFNVjOlyKMZDzQ3t8RhvFM2hahW1VMBkGCSsGAQQBgjcUAgQMHgoA
-UwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY
-MBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6
-Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1
-dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0
-dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0XzIw
-MTAtMDYtMjMuY3J0MIGgBgNVHSABAf8EgZUwgZIwgY8GCSsGAQQBgjcuAzCBgTA9
-BggrBgEFBQcCARYxaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL1BLSS9kb2NzL0NQ
-Uy9kZWZhdWx0Lmh0bTBABggrBgEFBQcCAjA0HjIgHQBMAGUAZwBhAGwAXwBQAG8A
-bABpAGMAeQBfAFMAdABhAHQAZQBtAGUAbgB0AC4gHTANBgkqhkiG9w0BAQsFAAOC
-AgEAB+aIUQ3ixuCYP4FxAz2do6Ehb7Prpsz1Mb7PBeKp/vpXbRkws8LFZslq3/Xn
-8Hi9x6ieJeP5vO1rVFcIK1GCRBL7uVOMzPRgEop2zEBAQZvcXBf/XPleFzWYJFZL
-dO9CEMivv3/Gf/I3fVo/HPKZeUqRUgCvOA8X9S95gWXZqbVr5MfO9sp6AG9LMEQk
-IjzP7QOllo9ZKby2/QThcJ8ySif9Va8v/rbljjO7Yl+a21dA6fHOmWaQjP9qYn/d
-xUoLkSbiOewZSnFjnXshbcOco6I8+n99lmqQeKZt0uGc+R38ONiU9MalCpaGpL2e
-Gq4EQoO4tYCbIjggtSXlZOz39L9+Y1klD3ouOVd2onGqBooPiRa6YacRy5rYDkea
-gMXQzafQ732D8OE7cQnfXXSYIghh2rBQHm+98eEA3+cxB6STOvdlR3jo+KhIq/fe
-cn5ha293qYHLpwmsObvsxsvYgrRyzR30uIUBHoD7G4kqVDmyW9rIDVWZeodzOwjm
-mC3qjeAzLhIp9cAvVCch98isTtoouLGp25ayp0Kiyc8ZQU3ghvkqmqMRZjDTu3Qy
-S99je/WZii8bxyGvWbWu3EQ8l1Bx16HSxVXjad5XwdHeMMD9zOZN+w2/XU/pnR4Z
-OC+8z1gFLu8NoFA12u8JJxzVs341Hgi62jbb01+P3nSISRIwggTZMIIDwaADAgEC
-AhMzAAAAdHTMrak+fLWsAAAAAAB0MA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYT
-AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYD
-VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBU
-aW1lLVN0YW1wIFBDQSAyMDEwMB4XDTE1MTAwNzE4MTczOVoXDTE3MDEwNzE4MTcz
-OVowgbIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMQ8wDQYDVQQH
-EwZSZWRtb2QxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjENMAsGA1UE
-CxMETU9QUjEnMCUGA1UECxMebkNpcGhlciBEU0UgRVNOOjMxQzUtMzBCQS03Qzkx
-MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNlMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0PYY+WjQQ/lOgaRo5Mgrb0qrtute02o
-WF86BQnBS1hCFzokjm2o3UXklFIw4n72MBasIASRfHd5TbSTnr56E2p9aMTxQjPY
-1GWNKLwnU3KcBwJWBIkW4qNgB06WO9ZTyvEVIjo/8pGgw9uJy2nqMv8/NEb8GaWS
-G8yM3Kyk982VsflslFjz2KFTaA2XMAuYaRZ+I6B0r+hE8575k9TjaLVq35Y4JF6h
-ZfZnya2w2fiAf3K3U2YrhwKgCAq6+42ZBV/Qv40YTb8vH2M8lLHnY1wJxuq0rrTJ
-ETzHzcr33jg0dv2LJBE5QPl+6r2u98RKXsHBU5Sha2C8xkTvsTPayQIDAQABo4IB
-GzCCARcwHQYDVR0OBBYEFDTGrFKKJ9PTHpe/DAN1d0q62OQxMB8GA1UdIwQYMBaA
-FNVjOlyKMZDzQ3t8RhvFM2hahW1VMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9j
-cmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1RpbVN0YVBDQV8y
-MDEwLTA3LTAxLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6
-Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljVGltU3RhUENBXzIwMTAt
-MDctMDEuY3J0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwgwDQYJ
-KoZIhvcNAQELBQADggEBAFmRjC7DqKiHQ0UajpmTyERutHCRU0hPJ7X4RtdcbiyL
-Lk4IXiJdZFH12iaJ1e4Te4yxuOoeAd+ANhUCi8PQ6L1mrFuRzS88SFeqLzFFAwsv
-DLiMVKNMnpLnYOVwiv4QgFCPik5QWq9xF07xtIWwMgpRUnEIcOQMrIozBjTTxOM0
-H44oG+FxA0Pr6dtA4ta1ScZgo5YRSBCk1XIqsS73R+rjK9u4SrrwIxAauEdMtdKl
-LLFKOsTWP45fP573kP+N5Szgbvfbe3HRDSiKE7yyb5omwLyIWZvlzxcdWYih/jAq
-ALMOQNMbB1Semcv6Q6zsVdCbTs2Zs+wcgojZYDvg6BKhggN4MIICYAIBATCB4qGB
-uKSBtTCBsjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xDzANBgNV
-BAcTBlJlZG1vZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMQ0wCwYD
-VQQLEwRNT1BSMScwJQYDVQQLEx5uQ2lwaGVyIERTRSBFU046MzFDNS0zMEJBLTdD
-OTExJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2WiJQoBATAJ
-BgUrDgMCGgUAAxUAEHYGrKIAUIRQppVzfxnEl04RHviggcIwgb+kgbwwgbkxCzAJ
-BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k
-MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xDTALBgNVBAsTBE1PUFIx
-JzAlBgNVBAsTHm5DaXBoZXIgTlRTIEVTTjo1N0Y2LUMxRTAtNTU0QzErMCkGA1UE
-AxMiTWljcm9zb2Z0IFRpbWUgU291cmNlIE1hc3RlciBDbG9jazANBgkqhkiG9w0B
-AQUFAAIFANoKCl0wIhgPMjAxNTEyMDMwMDI1MDFaGA8yMDE1MTIwNDAwMjUwMVow
-dzA9BgorBgEEAYRZCgQBMS8wLTAKAgUA2goKXQIBADAKAgEAAgIGLwIB/zAHAgEA
-AgIYeTAKAgUA2gtb3QIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMB
-oAowCAIBAAIDFuNgoQowCAIBAAIDB6EgMA0GCSqGSIb3DQEBBQUAA4IBAQBfi7jb
-OH28d5BTlq3PO/ns6ICJZ1eq899EIhLxW8sYhVN3wC8OkhNt1RQDmokO6mRZ8Kq3
-A8QoyBlE+6VeVUTV8PoqxKbTAC5ofTkBScsR1KJDquBQtOlfLhINpQfja9qkQ6HG
-WUZ/uYvGI0QR/Wn97p4lmY8Iu9t6B+h7lbbIfjonNz6RfuRnil83gZxwvuU0zsOV
-ujEpq+Xv+Qwpf84TZhop6R6745ns7mFx6oYqCzs64GlV+ro+UkaVU0ZBvQF0SrK0
-Zg+7S+tR9ZbiswMvQgPaBRCaSxzYLwpE32DOy0M8kAw7C/sYUMIY+1UGeGEYqvYn
-Oua0wsgQq1Oj2nINMYIC9TCCAvECAQEwgZMwfDELMAkGA1UEBhMCVVMxEzARBgNV
-BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv
-c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg
-UENBIDIwMTACEzMAAAB0dMytqT58tawAAAAAAHQwDQYJYIZIAWUDBAIBBQCgggEy
-MBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQgXCsJ
-dbLlwyLiabpo8dTN0JlBzu+7PIYWpljIrRy+/r8wgeIGCyqGSIb3DQEJEAIMMYHS
-MIHPMIHMMIGxBBQQdgasogBQhFCmlXN/GcSXThEe+DCBmDCBgKR+MHwxCzAJBgNV
-BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w
-HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29m
-dCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAAdHTMrak+fLWsAAAAAAB0MBYEFKgc
-IScRN0miGsGgPdeTR+HhcRexMA0GCSqGSIb3DQEBCwUABIIBAGL830RGkR0nuISC
-5jjekrT+mzuFqwNwbXkQpgeBCowS3A05GgVdCTMcCQ2/ZVN9VVdnqeC1gq5123Vz
-fPUkozcg+6ICjLE5tTATth9Q0IcvPohWBZ61huLCzt4bgVi7P1U7SuT+2xBWFhus
-Phqsd8+44ux6U+U1ld+ecE8dfupDXn4sDMeat4XPovqg82jyFe+doyyPMTY1N9oP
-H+w2dYb8a32s4G1kajK5D+7fRxNXpDK/UIOrKvrMbnr1mUq+O6DJxppX1Xxbgzqf
-vlhwmei7T2GSMuJQ4Kwn3tzCQK2bWoCAU13e0iB+D7OLk27Ye18PawcrWg6+DOWY
-nSEK9MEAAAA=
------END AUTHENTICODE SIGNATURE-----

signature-opensuse.x86_64.asc

@@ -1,185 +0,0 @@
-hash: f5e892dd6ec4c2defa4a495c09219b621379b64da3d1b2e34adf4b5f1102bd39
-# 1970-01-01 00:00:00
-timestamp: 0
-linker: 2002
-checksum: 65ba
------BEGIN AUTHENTICODE SIGNATURE-----
-MIIhVgYJKoZIhvcNAQcCoIIhRzCCIUMCAQExDzANBglghkgBZQMEAgEFADBcBgor
-BgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgB
-ZQMEAgEFAAQg9eiS3W7Ewt76SklcCSGbYhN5tk2j0bLjSt9LXxECvTmgggswMIIF
-GDCCBACgAwIBAgITMwAAADgHaPPBgpJ3JAABAAAAODANBgkqhkiG9w0BAQsFADCB
-gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
-ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi
-TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTAeFw0yMDAzMDQxODMy
-MjdaFw0yMTAzMDMxODMyMjdaMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz
-aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv
-cnBvcmF0aW9uMTAwLgYDVQQDEydNaWNyb3NvZnQgV2luZG93cyBVRUZJIERyaXZl
-ciBQdWJsaXNoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqfvRc
-QxLmFCRHe3DjwdBfbK52UWAymynl8XOwnxFXQ3xXMjrYtV3xF7pBs0vTcuQEh1GC
-VrDe9DN1tIehwR94n63EbDwclRlnWg6J3R1gTYi2ID9h0UOVeF4ADrv9lnY56T6E
-FC5wBhhTSg9g5gOzjxv7OHJJtWAkGbOrEmkTSDNc3w7pqbKdgIC4kHUh16xsTA06
-c1fIfZGg/BdRt/K9bp1gFNrI+gCP/HuxaKbj0whYPmyQ+F1ME10pp/ZXgKxU+Bfa
-XG/NMEzxkoXBThLquFSbmkhr2XKTLYbIdCk1Y9mSML5ei+2B4t4H8eNvVG3ZwEsn
-E7/HiLSdjRFWCuMRAgMBAAGjggGAMIIBfDAfBgNVHSUEGDAWBgorBgEEAYI3UAIB
-BggrBgEFBQcDAzAdBgNVHQ4EFgQUP/Rho+Fpo7FPkinO8OfIVSTDg/0wVAYDVR0R
-BE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlvbnMg
-TGltaXRlZDEWMBQGA1UEBRMNMjI5OTExKzQ1ODM2ODAfBgNVHSMEGDAWgBQTrb9D
-Cb2CcJyM1U8xbtUimIob1DBTBgNVHR8ETDBKMEigRqBEhkJodHRwOi8vd3d3Lm1p
-Y3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb3JVRUZDQTIwMTFfMjAxMS0wNi0y
-Ny5jcmwwYAYIKwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRodHRwOi8vd3d3Lm1p
-Y3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvclVFRkNBMjAxMV8yMDExLTA2
-LTI3LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAiK8d9dmvO
-MhRcgnO1k3THjsWQq8fuMLz3Dyb2frG0oAL1zvVyCbI8wHAkp/kMKlMvdw8FXbx2
-a8y6t0Qzlde0x0Jj9WdL6cQzx0EBrej/JCSoOTg+h8UhnBmAflstoc2SQen/FigC
-NdJvxaurF1KlHk3W06OVlvUdFifjJvkfqlDWji/o05muR4iDE3R4HD/3plMTZcD7
-/Z9oItK9y2NoyNxFZbyFS5FDqWwnqv4JliUA3FmbKLxALCScfjxPXYOsX/SDd6zt
-2hNpoVkoDSDfk99aWv5SNfH1xozil3oHbO/CNpAif7MkyW/OFF1+xoBQyJtJadca
-lMa9x3gWJ0NuMIIGEDCCA/igAwIBAgIKYQjTxAAAAAAABDANBgkqhkiG9w0BAQsF
-ADCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
-B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE7MDkGA1UE
-AxMyTWljcm9zb2Z0IENvcnBvcmF0aW9uIFRoaXJkIFBhcnR5IE1hcmtldHBsYWNl
-IFJvb3QwHhcNMTEwNjI3MjEyMjQ1WhcNMjYwNjI3MjEzMjQ1WjCBgTELMAkGA1UE
-BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc
-BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiTWljcm9zb2Z0
-IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAKUIbEzHRQlqSwykwId/BnUMQwFUZOAWfwftkn0LsnO/DArGSkVh
-oMUWLZbT9Sug+01Jm0GAkDy5VP3mvNGdxKQYin9BilxZg2gyu4xHye5xvCFPmop8
-/0Q/jY8ysiZIrnW17slMHkoZfuSCmh14d00MsL32D9MW07z6K6VROF31+7rbeALb
-/+wKG5bVg7gZE+m2wHtAe+EfKCfJ+u9WXhzmfpR+wPBEsnk55dqyYotNvzhw4mgk
-FMkzpAg31VhpXtN87cEEUwjnTrAqh2MIYW9jFVnqsit51wxhZ4pb/V6th3+6hmdP
-cVgSIgQiIs6L71RxAM5QNVh2lQjuarGiAdUCAwEAAaOCAXYwggFyMBIGCSsGAQQB
-gjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFPjBa7d/d1NK8yU3HU6hJnsPIHCA
-MB0GA1UdDgQWBBQTrb9DCb2CcJyM1U8xbtUimIob1DAZBgkrBgEEAYI3FAIEDB4K
-AFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME
-GDAWgBRFZlJD4X5YEb/WTp4jVQg7OiJqqDBcBgNVHR8EVTBTMFGgT6BNhktodHRw
-Oi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNDb3JUaGlQ
-YXJNYXJSb29fMjAxMC0xMC0wNS5jcmwwYAYIKwYBBQUHAQEEVDBSMFAGCCsGAQUF
-BzAChkRodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY0NvclRo
-aVBhck1hclJvb18yMDEwLTEwLTA1LmNydDANBgkqhkiG9w0BAQsFAAOCAgEANQhC
-/zDMzvd2DK0QaFg1KUYydid87xJBJ0IbSqptgThIWRNV8+lYNKYWC4KqXa2C2oCD
-QQaPtB3yA7nzGl0b8VCQ+bNVhEIoHCC9sq5RFMXArJeVIRyQ2w/8d56Vc5GIyr29
-UrkFUA3fV56gYe0N5W0l2UAPF0DIzqNKwk2vmhIdCFSPvce8uSs9SSsfMvxqIWlP
-m8h+QjT8NgYXi48gQMCzmiV1J83JA6P2XdHnNlR6uVC10xLRB7+7dN/cHo+A1e0Y
-9C8UFmsv3maMsCPlx4TY7erBM4KtVksYLfFolQfNz/By8K673YaFmCwhTDMr8A9K
-8GiHtZJVMnWhaoJqPKMlEaTtrdcErsvYQFmghNGVTGKRIhp0HYw9Rw5EpuSwmzQ1
-sfq2U6gsgeykBXHInbi66BtEZuRHVA6OVn+znxaYsobQaD6QI7UvXo9QhY3GjYJf
-QaH0Lg3gmdJsdeS2abUhhvoH0fbiTdHarSx3Ux4lMjfHbFJylYaw8TVhahn1sjuB
-UFamMi3+oon5QoYnGFWhgspam/gwmFQUpkeWJS/IJuRBlBpcAj/lluOFWzw+P7tH
-FnJV4iUisdl75wMGKqP3HpBGwwAN1hmJ4w41J2IDcRWm79AnoKBZN2D4OJS44Hhw
-+LpMhoeU9uCuAkXuZcK2o35pFnUHkpv1prxZg1gxghWZMIIVlQIBATCBmTCBgTEL
-MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v
-bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiTWlj
-cm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMQITMwAAADgHaPPBgpJ3JAAB
-AAAAODANBglghkgBZQMEAgEFAKCB3DAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIB
-BDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQg
-iOz0cDx/prQlDkkSwqGZ+6dMZCSW1yjJ58QYmHdnoTUwcAYKKwYBBAGCNwIBDDFi
-MGCgMoAwAFMAVQBTAEUAIABMAGkAbgB1AHgAIABQAHIAbwBkAHUAYwB0AHMAIABH
-AG0AYgBIoSqAKGh0dHBzOi8vd3d3Lm1pY3Jvc29mdC5jb20vZW4tdXMvd2luZG93
-cyAwDQYJKoZIhvcNAQEBBQAEggEAFww+AGBg9zP7Yy9PE8xVldGmNTeLiodrHRMQ
-KQ5xee9acyyQ14OX+SmRK/Et5xZOmAWcThwze8dhWw8828Rl0rk11DGPjcI3yvxT
-bZ6kC+IWvSbdMcVNjsSzvWPuV2fk0n+Gar0WtyevCcfF4mjGdycHTlu79XFHWJA1
-HKAR15MKJgBLdEOSC7KMXhAtd+x4cYHw6q4ERhNsYlb0lQl0WGagTN3jSxL6BKpU
-e3b6qc8LKARWBskLQwChR4iXae1rxyVapzlaxd/1ARLfnwqQ8mdn5DBDJBMT8kmG
-52eLHD4xWEG8vSk5po4Tvv3oXd36kb5zaveBpYjeMbe0R+l3z6GCEvEwghLtBgor
-BgEEAYI3AwMBMYIS3TCCEtkGCSqGSIb3DQEHAqCCEsowghLGAgEDMQ8wDQYJYIZI
-AWUDBAIBBQAwggFVBgsqhkiG9w0BCRABBKCCAUQEggFAMIIBPAIBAQYKKwYBBAGE
-WQoDATAxMA0GCWCGSAFlAwQCAQUABCDnp0m6Gp85jNi3+6XFl+PYlqGdnRnuUIz7
-66oguVUesgIGXxcQeogEGBMyMDIwMDczMDIwMTEzMi4xODNaMASAAgH0oIHUpIHR
-MIHOMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH
-UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQL
-EyBNaWNyb3NvZnQgT3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhh
-bGVzIFRTUyBFU046QzRCRC1FMzdGLTVGRkMxJTAjBgNVBAMTHE1pY3Jvc29mdCBU
-aW1lLVN0YW1wIFNlcnZpY2Wggg5EMIIE9TCCA92gAwIBAgITMwAAASM4sOSt2FqQ
-nQAAAAABIzANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMK
-V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0
-IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0Eg
-MjAxMDAeFw0xOTEyMTkwMTE0NTZaFw0yMTAzMTcwMTE0NTZaMIHOMQswCQYDVQQG
-EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG
-A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3NvZnQg
-T3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046
-QzRCRC1FMzdGLTVGRkMxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNl
-cnZpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdvNDJsGSl3AEu
-8dmbwOEzjgs8Put17PVCxlrXWQzd1ZfmhkBLDMBKyJIM0ItH0ztLDg/Td4TtR2k1
-h6EvNDf0G+qC0dlgmZL/1TOFhZ04Tr98gOc0rfr7ijcK4xBxQtI5TAwiamlO0rel
-iW5f5AD+bIDNKraRBEIcbVWn/CKFeZavL4DCTa99DuK6i2BIv2GVkGWMEBwIlTLp
-wmKSYnHJzTjUUXYNg908rttnhCcD0D+g5HhIqDMvXoTJga5IwA1ToEFfk+Joq/oQ
-CXiDcrKbOsIETuao7lefo73MzUGtVpu48bKgb9OBgpSKeTR7610JmfZqWXY9648R
-bmWyo3dxAgMBAAGjggEbMIIBFzAdBgNVHQ4EFgQUgdRsFIDTjRv5EcKwaN4ZFfgM
-nh4wHwYDVR0jBBgwFoAU1WM6XIoxkPNDe3xGG8UzaFqFbVUwVgYDVR0fBE8wTTBL
-oEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMv
-TWljVGltU3RhUENBXzIwMTAtMDctMDEuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggr
-BgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNU
-aW1TdGFQQ0FfMjAxMC0wNy0wMS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAK
-BggrBgEFBQcDCDANBgkqhkiG9w0BAQsFAAOCAQEAW+UBt6pX6Fuq9VeJU/pDvC1M
-xd9kt31H4J/0tUEAT8zkbP+ro49PcrR1jQ3znsMJEsmtX/EvXvgW515Jx+Zd0ep0
-tgZEUwDbU5l8bzC0wsr3mHvyUCH6LPmd4idG9ahw0pxI+kJnX9TMpqzwJOY8YcYY
-ol5cCC1I7x+esu6yx8StMJ7B9dhDvTJ5GkjVyTQpkpn4FBJAzc7udwt/ZelzUQD2
-rs9v1rJSFGXF9zQwjIL+YWYtp4XffR8cmiSbHJ9X/IWVwPvn9RzW6vG3ZIdzmIEZ
-za+0HZzvhrr7bt3chqmHUDDBj5wLeC+xMPcpI8tFKM+uP69Em0CEWLcuXjPTNzCC
-BnEwggRZoAMCAQICCmEJgSoAAAAAAAIwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNV
-BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w
-HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29m
-dCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTEwMDcwMTIxMzY1
-NVoXDTI1MDcwMTIxNDY1NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp
-bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw
-b3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpHQ28dxGKOiDs/BOX9fp/
-aZRrdFQQ1aUKAIKF++18aEssX8XD5WHCdrc+Zitb8BVTJwQxH0EbGpUdzgkTjnxh
-MFmxMEQP8WCIhFRDDNdNuDgIs0Ldk6zWczBXJoKjRQ3Q6vVHgc2/JGAyWGBG8lhH
-hjKEHnRhZ5FfgVSxz5NMksHEpl3RYRNuKMYa+YaAu99h/EbBJx0kZxJyGiGKr0tk
-iVBisV39dx898Fd1rL2KQk1AUdEPnAY+Z3/1ZsADlkR+79BL/W7lmsqxqPJ6Kgox
-8NpOBpG2iAg16HgcsOmZzTznL0S6p/TcZL2kAcEgCZN4zfy8wMlEXV4WnAEFTyJN
-AgMBAAGjggHmMIIB4jAQBgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQU1WM6XIox
-kPNDe3xGG8UzaFqFbVUwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0P
-BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9
-lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQu
-Y29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3Js
-MFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3Nv
-ZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwgaAG
-A1UdIAEB/wSBlTCBkjCBjwYJKwYBBAGCNy4DMIGBMD0GCCsGAQUFBwIBFjFodHRw
-Oi8vd3d3Lm1pY3Jvc29mdC5jb20vUEtJL2RvY3MvQ1BTL2RlZmF1bHQuaHRtMEAG
-CCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAFAAbwBsAGkAYwB5AF8AUwB0AGEA
-dABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQAH5ohRDeLG4Jg/gXED
-PZ2joSFvs+umzPUxvs8F4qn++ldtGTCzwsVmyWrf9efweL3HqJ4l4/m87WtUVwgr
-UYJEEvu5U4zM9GASinbMQEBBm9xcF/9c+V4XNZgkVkt070IQyK+/f8Z/8jd9Wj8c
-8pl5SpFSAK84Dxf1L3mBZdmptWvkx872ynoAb0swRCQiPM/tA6WWj1kpvLb9BOFw
-nzJKJ/1Vry/+tuWOM7tiX5rbV0Dp8c6ZZpCM/2pif93FSguRJuI57BlKcWOdeyFt
-w5yjojz6f32WapB4pm3S4Zz5Hfw42JT0xqUKloakvZ4argRCg7i1gJsiOCC1JeVk
-7Pf0v35jWSUPei45V3aicaoGig+JFrphpxHLmtgOR5qAxdDNp9DvfYPw4TtxCd9d
-dJgiCGHasFAeb73x4QDf5zEHpJM692VHeOj4qEir995yfmFrb3epgcunCaw5u+zG
-y9iCtHLNHfS4hQEegPsbiSpUObJb2sgNVZl6h3M7COaYLeqN4DMuEin1wC9UJyH3
-yKxO2ii4sanblrKnQqLJzxlBTeCG+SqaoxFmMNO7dDJL32N79ZmKLxvHIa9Zta7c
-RDyXUHHXodLFVeNp3lfB0d4wwP3M5k37Db9dT+mdHhk4L7zPWAUu7w2gUDXa7wkn
-HNWzfjUeCLraNtvTX4/edIhJEqGCAtIwggI7AgEBMIH8oYHUpIHRMIHOMQswCQYD
-VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe
-MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3Nv
-ZnQgT3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBF
-U046QzRCRC1FMzdGLTVGRkMxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1w
-IFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVALoXZo3g4p4Xwu4MNSgQnjP7+1eBoIGD
-MIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV
-BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG
-A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwDQYJKoZIhvcNAQEF
-BQACBQDizWwqMCIYDzIwMjAwNzMwMTk1NjI2WhgPMjAyMDA3MzExOTU2MjZaMHcw
-PQYKKwYBBAGEWQoEATEvMC0wCgIFAOLNbCoCAQAwCgIBAAICIwcCAf8wBwIBAAIC
-EJ8wCgIFAOLOvaoCAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAK
-MAgCAQACAwehIKEKMAgCAQACAwGGoDANBgkqhkiG9w0BAQUFAAOBgQBIx+XUDLw/
-bUbclab0tWWRb8Ukbsl2Sd3YBf6zr8VGExBCanphwdLmiI3bCKUuH9G/jdHi5WIL
-psCIv6VH2T6bdeDGlzb5wscXzWcsdYTlawr6sravdQa3W6A2KvG1IYltFiWZSgJG
-jE3IjC1oCdqVGrphhAVezG5O5ZTukUjNoTGCAw0wggMJAgEBMIGTMHwxCzAJBgNV
-BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w
-HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29m
-dCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAABIziw5K3YWpCdAAAAAAEjMA0GCWCG
-SAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZI
-hvcNAQkEMSIEIL4dYLhC7mXmDydlRqnugjBt2GcgSi3yOoW70+CoaR8AMIH6Bgsq
-hkiG9w0BCRACLzGB6jCB5zCB5DCBvQQgEZozgz/7RMzEDaOjrMSkAAy/KcCiZDOW
-J1yq6vsVgbMwgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu
-Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv
-cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAIT
-MwAAASM4sOSt2FqQnQAAAAABIzAiBCBfuRgdnySv61pNMlDeS68/+shdmtIxqXMr
-cVR1ETd4szANBgkqhkiG9w0BAQsFAASCAQBiZpUPFsONIt2Rj1MRnOnGRkWQnPHf
-KKE2dAuxSRCaL83GWfDh2NgqT26JnFbA0JjnqlNzaabi00JxChh3XGedQ/ZpVqmE
-O3EPp/b38Q78iriZgxl2QFAPZd4eaT6xrRQ1POL7GdZ9jgbBZ778eT44OdVNpfRT
-gNo8AS+8JOwSo8ZzK1mfyg09WYVCr3HhjRMpfWlB2SejSgg2w4Obdq/WauP7oXOL
-t2EuIaq0oF3+PIbgm0xaCBKtscsXTgdBdssN+jVWxUA+4ayVVjg6VuKs6fpSBsQB
-WBxu434HBGDx9aitPUXzK3XBi2UiWG1mbhCfZv7oYlBVRNmP3riUvks8AAAAAAAA
------END AUTHENTICODE SIGNATURE-----

signature-sles.aarch64.asc

@@ -1,207 +0,0 @@
-hash: 04478d49dfa6c5f8442ec919568e1eda59de99cc1b5192f18028084409bbebe5
-# 1970-01-01 00:00:00
-timestamp: 0
-linker: 2702
-checksum: dfaa
------BEGIN AUTHENTICODE SIGNATURE-----
-MIIlYgYJKoZIhvcNAQcCoIIlUzCCJU8CAQExDzANBglghkgBZQMEAgEFADBcBgor
-BgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgB
-ZQMEAgEFAAQgBEeNSd+mxfhELskZVo4e2lnemcwbUZLxgCgIRAm76+WgggswMIIF
-GDCCBACgAwIBAgITMwAAAFRJgAequ/NAsgABAAAAVDANBgkqhkiG9w0BAQsFADCB
-gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
-ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi
-TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTAeFw0yMzAyMTYyMDE5
-NTdaFw0yNDAxMzEyMDE5NTdaMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz
-aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv
-cnBvcmF0aW9uMTAwLgYDVQQDEydNaWNyb3NvZnQgV2luZG93cyBVRUZJIERyaXZl
-ciBQdWJsaXNoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3LnZl
-au6xJ+i9ZwLUwgOvwO/GIwWKO+IH0DJ07A2CPNJdQcBMu/p31gmVejU1i+FviW71
-IbBCKAyzFaOo9u0RquGymx04bLP+437N2ztW0pLth71fqp0b1DGjEj9u/E1SQaLP
-0MwQ/ooKo9co87S2C8CwX5EosLjQ8UZ016d3CG6Dh8Kqkc3Y1moN7dkDrLzonJsi
-8CfNFcJlj0YaFgsbEROFc6TB+MXsPXHDfjJLKjZxmc5goBKDNXkxbJrtyVGyb+RR
-+LpKlf7aP3zPfTMuRi31Wjnm1qKo7Jd8VlAXXesvrW2ZmzUKijEY5gQLyyjfTuNb
-eiZ4KaO5qGE4oNxNAgMBAAGjggGAMIIBfDAfBgNVHSUEGDAWBgorBgEEAYI3UAIB
-BggrBgEFBQcDAzAdBgNVHQ4EFgQUSWrbGag0281IoZ3+KJt6pFkKC+8wVAYDVR0R
-BE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlvbnMg
-TGltaXRlZDEWMBQGA1UEBRMNMjI5OTExKzUwMDE3OTAfBgNVHSMEGDAWgBQTrb9D
-Cb2CcJyM1U8xbtUimIob1DBTBgNVHR8ETDBKMEigRqBEhkJodHRwOi8vd3d3Lm1p
-Y3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb3JVRUZDQTIwMTFfMjAxMS0wNi0y
-Ny5jcmwwYAYIKwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRodHRwOi8vd3d3Lm1p
-Y3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvclVFRkNBMjAxMV8yMDExLTA2
-LTI3LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQA8Xv+zvV/0
-jUxVVYztqDGphqsTbqaSzI93AMXhV/9xJRGrP8+pX/9LW7cDLBQHWAddeeP/bQRC
-yBeIGYhu7P9kuocvgW8pOD7ivj5JZdNYn8v0V7+T0boFkp+fEF0Ljc00VZf1yPWU
-DS5AiYUqqSL/ihu3NZFgRwJ6ia/Du72uLB5YPQ/4Icyr3VsUWafgZSl4J9QmmAmr
-rCa0U79ofm1Yfu1HnN76u84K+NQ30LBvPaA35JrcSI/OHKGxbD25lTCU65+yb0vI
-zYfFgvbG8VfrALOT6GhvN4NKGQzCQFLm7DMaibz7qcM8bKujdp9WL+Zb8MqxostZ
-05x9av9mlH22MIIGEDCCA/igAwIBAgIKYQjTxAAAAAAABDANBgkqhkiG9w0BAQsF
-ADCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
-B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE7MDkGA1UE
-AxMyTWljcm9zb2Z0IENvcnBvcmF0aW9uIFRoaXJkIFBhcnR5IE1hcmtldHBsYWNl
-IFJvb3QwHhcNMTEwNjI3MjEyMjQ1WhcNMjYwNjI3MjEzMjQ1WjCBgTELMAkGA1UE
-BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc
-BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiTWljcm9zb2Z0
-IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAKUIbEzHRQlqSwykwId/BnUMQwFUZOAWfwftkn0LsnO/DArGSkVh
-oMUWLZbT9Sug+01Jm0GAkDy5VP3mvNGdxKQYin9BilxZg2gyu4xHye5xvCFPmop8
-/0Q/jY8ysiZIrnW17slMHkoZfuSCmh14d00MsL32D9MW07z6K6VROF31+7rbeALb
-/+wKG5bVg7gZE+m2wHtAe+EfKCfJ+u9WXhzmfpR+wPBEsnk55dqyYotNvzhw4mgk
-FMkzpAg31VhpXtN87cEEUwjnTrAqh2MIYW9jFVnqsit51wxhZ4pb/V6th3+6hmdP
-cVgSIgQiIs6L71RxAM5QNVh2lQjuarGiAdUCAwEAAaOCAXYwggFyMBIGCSsGAQQB
-gjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFPjBa7d/d1NK8yU3HU6hJnsPIHCA
-MB0GA1UdDgQWBBQTrb9DCb2CcJyM1U8xbtUimIob1DAZBgkrBgEEAYI3FAIEDB4K
-AFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME
-GDAWgBRFZlJD4X5YEb/WTp4jVQg7OiJqqDBcBgNVHR8EVTBTMFGgT6BNhktodHRw
-Oi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNDb3JUaGlQ
-YXJNYXJSb29fMjAxMC0xMC0wNS5jcmwwYAYIKwYBBQUHAQEEVDBSMFAGCCsGAQUF
-BzAChkRodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY0NvclRo
-aVBhck1hclJvb18yMDEwLTEwLTA1LmNydDANBgkqhkiG9w0BAQsFAAOCAgEANQhC
-/zDMzvd2DK0QaFg1KUYydid87xJBJ0IbSqptgThIWRNV8+lYNKYWC4KqXa2C2oCD
-QQaPtB3yA7nzGl0b8VCQ+bNVhEIoHCC9sq5RFMXArJeVIRyQ2w/8d56Vc5GIyr29
-UrkFUA3fV56gYe0N5W0l2UAPF0DIzqNKwk2vmhIdCFSPvce8uSs9SSsfMvxqIWlP
-m8h+QjT8NgYXi48gQMCzmiV1J83JA6P2XdHnNlR6uVC10xLRB7+7dN/cHo+A1e0Y
-9C8UFmsv3maMsCPlx4TY7erBM4KtVksYLfFolQfNz/By8K673YaFmCwhTDMr8A9K
-8GiHtZJVMnWhaoJqPKMlEaTtrdcErsvYQFmghNGVTGKRIhp0HYw9Rw5EpuSwmzQ1
-sfq2U6gsgeykBXHInbi66BtEZuRHVA6OVn+znxaYsobQaD6QI7UvXo9QhY3GjYJf
-QaH0Lg3gmdJsdeS2abUhhvoH0fbiTdHarSx3Ux4lMjfHbFJylYaw8TVhahn1sjuB
-UFamMi3+oon5QoYnGFWhgspam/gwmFQUpkeWJS/IJuRBlBpcAj/lluOFWzw+P7tH
-FnJV4iUisdl75wMGKqP3HpBGwwAN1hmJ4w41J2IDcRWm79AnoKBZN2D4OJS44Hhw
-+LpMhoeU9uCuAkXuZcK2o35pFnUHkpv1prxZg1gxghmlMIIZoQIBATCBmTCBgTEL
-MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v
-bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiTWlj
-cm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMQITMwAAAFRJgAequ/NAsgAB
-AAAAVDANBglghkgBZQMEAgEFAKCB3DAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIB
-BDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQg
-LcYGMAvB0idkCnQM+G+IMQt0fJORIvSY6QOYFPiyFVswcAYKKwYBBAGCNwIBDDFi
-MGCgMoAwAFMAVQBTAEUAIABMAGkAbgB1AHgAIABQAHIAbwBkAHUAYwB0AHMAIABH
-AG0AYgBIoSqAKGh0dHBzOi8vd3d3Lm1pY3Jvc29mdC5jb20vZW4tdXMvd2luZG93
-cyAwDQYJKoZIhvcNAQEBBQAEggEAif9/Js94QQLbY+n2RgCcN8AdDm6nRry1GdUZ
-YLjS0sIPKj8S8q8G8yl+OF2JwJClycVAB+klCnbYOxAuF6kZ4Zs6i76E9MFolY7V
-f6UycXb6gjKvU1jIJx+kd65Jlf5tzWex/T5grkxdvkpYzQjES3qGYKbRwZOsTjQG
-2RjXmYjVzCqxbLK6B8iMn590nBzkrF5eYFYj9HAHSuhXNc7IQfGNudbh6IO2roIp
-JUnEyryEGCuWlMboNT5uPmelxRlTcxHIqgjWHLqV7OgJW7Bgm1nOWSYnSyX0bNpm
-ZuaKGctaZaADxRrJfUb7JviGCWu6kQnXXf+qsUT61V43X+5N/6GCFv0wghb5Bgor
-BgEEAYI3AwMBMYIW6TCCFuUGCSqGSIb3DQEHAqCCFtYwghbSAgEDMQ8wDQYJYIZI
-AWUDBAIBBQAwggFRBgsqhkiG9w0BCRABBKCCAUAEggE8MIIBOAIBAQYKKwYBBAGE
-WQoDATAxMA0GCWCGSAFlAwQCAQUABCBr89EEDYEQ89Gcyjti1xGsTdSvHYU+NslR
-c5cDNSX5ZAIGZBMUoZOGGBMyMDIzMDMyMDIxMTEwNi4yMTFaMASAAgH0oIHQpIHN
-MIHKMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH
-UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQL
-ExxNaWNyb3NvZnQgQW1lcmljYSBPcGVyYXRpb25zMSYwJAYDVQQLEx1UaGFsZXMg
-VFNTIEVTTjpENkJELUUzRTctMTY4NTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUt
-U3RhbXAgU2VydmljZaCCEVQwggcMMIIE9KADAgECAhMzAAABx/sAoEpb8ifcAAEA
-AAHHMA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNo
-aW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29y
-cG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEw
-MB4XDTIyMTEwNDE5MDEzNVoXDTI0MDIwMjE5MDEzNVowgcoxCzAJBgNVBAYTAlVT
-MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQK
-ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJTAjBgNVBAsTHE1pY3Jvc29mdCBBbWVy
-aWNhIE9wZXJhdGlvbnMxJjAkBgNVBAsTHVRoYWxlcyBUU1MgRVNOOkQ2QkQtRTNF
-Ny0xNjg1MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNlMIIC
-IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAr0LcVtnatNFMBrQTtG9P8ISA
-PyyGmxNfhEzaOVlt088pBUFAIasmN/eOijE6Ucaf3c2bVnN/02ih0smSqYkm5P3Z
-wU7ZW202b6cPDJjXcrjJj0qfnuccBtE3WU0vZ8CiQD7qrKxeF8YBNcS+PVtvsqhd
-5YW6AwhWqhjw1mYuLetF5b6aPif/3RzlyqG3SV7QPiSJends7gG435Rsy1HJ4Xnq
-ztOJR41I0j3EQ05JMF5QNRi7kT6vXTT+MHVj27FVQ7bef/U+2EAbFj2X2AOWbvgl
-YaYnM3m/I/OWDHUgGw8KIdsDh3W1eusnF2D7oenGgtahs+S1G5Uolf5ESg/9Z+38
-rhQwLgokY5k6p8k5arYWtszdJK6JiIRl843H74k7+QqlT2LbAQPq8ivQv0gdclW2
-aJun1KrW+v52R3vAHCOtbUmxvD1eNGHqGqLagtlq9UFXKXuXnqXJqruCYmfwdFMD
-0UP6ii1lFdeKL87PdjdAwyCiVcCEoLnvDzyvjNjxtkTdz6R4yF1N/X4PSQH4Flgs
-lyBIXggaSlPtvPuxAtuac/ITj4k0IRShGiYLBM2Dw6oesLOoxe07OUPO+qXXOcJM
-VHhE0MlhhnxfN2B1JWFPWwQ6ooWiqAOQDqzcDx+79shxA1Cx0K70eOBplMog27gY
-oLpBv7nRz4tHqoTyvA0CAwEAAaOCATYwggEyMB0GA1UdDgQWBBQFUNLdHD7BAF/V
-U/X/eEHLiUSSIDAfBgNVHSMEGDAWgBSfpxVdAF5iXYP05dJlpxtTNRnpcjBfBgNV
-HR8EWDBWMFSgUqBQhk5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2Ny
-bC9NaWNyb3NvZnQlMjBUaW1lLVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcmwwbAYI
-KwYBBQUHAQEEYDBeMFwGCCsGAQUFBzAChlBodHRwOi8vd3d3Lm1pY3Jvc29mdC5j
-b20vcGtpb3BzL2NlcnRzL01pY3Jvc29mdCUyMFRpbWUtU3RhbXAlMjBQQ0ElMjAy
-MDEwKDEpLmNydDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMIMA0G
-CSqGSIb3DQEBCwUAA4ICAQDQy5c8ogP0y8xAsLVca07wWy1mT+nqYgAFnz2972kN
-O+KJ7AE4f+SVbvOnkeeuOPq3xc+6TS8g3FuKKYEwYqvnRHxX58tjlscZsZeKnu7f
-GNUlpNT9bOQFHWALURuoXp8TLHhxj3PEq9jzFYBP2YNMLol70ojY1qpze3nMMJfp
-durdBBpaOLlJmRNTLhxd+RJGJQbY1XAcx6p/FigwqBasSDUxp+0yFPEBB9uBE3KI
-LAtq6fczGp4EMeon6YmkyCGAtXMKDFQQgdP/ITe7VghAVbPTVlP3hY1dFgc+t8YK
-2obFSFVKslkASATDHulCMht+WrIsukclEUP9DaMmpq7S0RLODMicI6PtqqGOhdna
-RltA0d+Wf+0tPt9SUVtrPJyO7WMPKbykCRXzmHK06zr0kn1YiUYNXCsOgaHF5ImO
-2ZwQ54UE1I55jjUdldyjy/UPJgxRm9NyXeO7adYr8K8f6Q2nPF0vWqFG7ewwaAl5
-ClKerzshfhB8zujVR0d1Ra7Z01lnXYhWuPqVZayFl7JHr6i6huhpU6BQ6/VgY0cB
-iksX4mNM+ISY81T1RYt7fWATNu/zkjINczipzbfg5S+3fCAo8gVB6+6A5L0vBg39
-dsFITv6MWJuQ8ZZy7fwlFBZE4d5IFbRudakNwKGdyLGM2otaNq7wm3ku7x41UGAm
-kDCCB3EwggVZoAMCAQICEzMAAAAVxedrngKbSZkAAAAAABUwDQYJKoZIhvcNAQEL
-BQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
-EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNV
-BAMTKU1pY3Jvc29mdCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4X
-DTIxMDkzMDE4MjIyNVoXDTMwMDkzMDE4MzIyNVowfDELMAkGA1UEBhMCVVMxEzAR
-BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p
-Y3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3Rh
-bXAgUENBIDIwMTAwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDk4aZM
-57RyIQt5osvXJHm9DtWC0/3unAcH0qlsTnXIyjVX9gF/bErg4r25PhdgM/9cT8dm
-95VTcVrifkpa/rg2Z4VGIwy1jRPPdzLAEBjoYH1qUoNEt6aORmsHFPPFdvWGUNzB
-RMhxXFExN6AKOG6N7dcP2CZTfDlhAnrEqv1yaa8dq6z2Nr41JmTamDu6GnszrYBb
-fowQHJ1S/rboYiXcag/PXfT+jlPP1uyFVk3v3byNpOORj7I5LFGc6XBpDco2LXCO
-Mcg1KL3jtIckw+DJj361VI/c+gVVmG1oO5pGve2krnopN6zL64NF50ZuyjLVwIYw
-XE8s4mKyzbnijYjklqwBSru+cakXW2dg3viSkR4dPf0gz3N9QZpGdc3EXzTdEonW
-/aUgfX782Z5F37ZyL9t9X4C626p+Nuw2TPYrbqgSUei/BQOj0XOmTTd0lBw0gg/w
-EPK3Rxjtp+iZfD9M269ewvPV2HM9Q07BMzlMjgK8QmguEOqEUUbi0b1qGFphAXPK
-Z6Je1yh2AuIzGHLXpyDwwvoSCtdjbwzJNmSLW6CmgyFdXzB0kZSU2LlQ+QuJYfM2
-BjUYhEfb3BvR/bLUHMVr9lxSUV0S2yW6r1AFemzFER1y7435UsSFF5PAPBXbGjfH
-CBUYP3irRbb1Hode2o+eFnJpxq57t7c+auIurQIDAQABo4IB3TCCAdkwEgYJKwYB
-BAGCNxUBBAUCAwEAATAjBgkrBgEEAYI3FQIEFgQUKqdS/mTEmr6CkTxGNSnPEP8v
-BO4wHQYDVR0OBBYEFJ+nFV0AXmJdg/Tl0mWnG1M1GelyMFwGA1UdIARVMFMwUQYM
-KwYBBAGCN0yDfQEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly93d3cubWljcm9zb2Z0
-LmNvbS9wa2lvcHMvRG9jcy9SZXBvc2l0b3J5Lmh0bTATBgNVHSUEDDAKBggrBgEF
-BQcDCDAZBgkrBgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYD
-VR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBW
-BgNVHR8ETzBNMEugSaBHhkVodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2Ny
-bC9wcm9kdWN0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUH
-AQEETjBMMEoGCCsGAQUFBzAChj5odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtp
-L2NlcnRzL01pY1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNydDANBgkqhkiG9w0BAQsF
-AAOCAgEAnVV9/Cqt4SwfZwExJFvhnnJL/Klv6lwUtj5OR2R4sQaTlz0xM7U518Jx
-Nj/aZGx80HU5bbsPMeTCj/ts0aGUGCLu6WZnOlNN3Zi6th542DYunKmCVgADsAW+
-iehp4LoJ7nvfam++Kctu2D9IdQHZGN5tggz1bSNU5HhTdSRXud2f8449xvNo32X2
-pFaq95W2KFUn0CS9QKC/GbYSEhFdPSfgQJY4rPf5KYnDvBewVIVCs/wMnosZiefw
-C2qBwoEZQhlSdYo2wh3DYXMuLGt7bj8sCXgU6ZGyqVvfSaN0DLzskYDSPeZKPmY7
-T7uG+jIa2Zb0j/aRAfbOxnT99kxybxCrdTDFNLB62FD+CljdQDzHVG2dY3RILLFO
-Ry3BFARxv2T5JL5zbcqOCb2zAVdJVGTZc9d/HltEAY5aGZFrDZ+kKNxnGSgkujhL
-mm77IVRrakURR6nxt67I6IleT53S0Ex2tVdUCbFpAUR+fKFhbHP+CrvsQWY9af3L
-wUFJfn6Tvsv4O+S3Fb+0zj6lMVGEvL8CwYKiexcdFYmNcP7ntdAoGokLjzbaukz5
-m/8K6TT4JDVnK+ANuOaMmdbhIurwJ0I9JZTmdHRbatGePu1+oDEzfbzL6Xu/OHBE
-0ZDxyKs6ijoIYn/ZcGNTTY3ugm2lBRDBcQZqELQdVTNYs6FwZvKhggLLMIICNAIB
-ATCB+KGB0KSBzTCByjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24x
-EDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlv
-bjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2EgT3BlcmF0aW9uczEmMCQGA1UE
-CxMdVGhhbGVzIFRTUyBFU046RDZCRC1FM0U3LTE2ODUxJTAjBgNVBAMTHE1pY3Jv
-c29mdCBUaW1lLVN0YW1wIFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVAOIASP0JSbv5
-R23wxciQivHyckYooIGDMIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldh
-c2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBD
-b3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIw
-MTAwDQYJKoZIhvcNAQEFBQACBQDnwtiGMCIYDzIwMjMwMzIwMjEwNTEwWhgPMjAy
-MzAzMjEyMTA1MTBaMHQwOgYKKwYBBAGEWQoEATEsMCowCgIFAOfC2IYCAQAwBwIB
-AAICAkYwBwIBAAICEbMwCgIFAOfEKgYCAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYK
-KwYBBAGEWQoDAqAKMAgCAQACAwehIKEKMAgCAQACAwGGoDANBgkqhkiG9w0BAQUF
-AAOBgQA3o66z40T47h4wEcnqjCErmCuDisVa7cvd4+ElidY8OUGeUpbEytUwVA0a
-xpeO6wSolRKjfvRNw+CI19gwd6jJuTxs2zEFwPhVv1LRHdRMA1e880yUIuyW8Gol
-i0AnXV9rG70hHJp3CmPJ07EM6PaTlGAQhtOSnZmt3EbpOa8PyDGCBA0wggQJAgEB
-MIGTMHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQH
-EwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNV
-BAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAABx/sAoEpb8ifc
-AAEAAAHHMA0GCWCGSAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcN
-AQkQAQQwLwYJKoZIhvcNAQkEMSIEIMb7y9eYTXD51JKOcZroyxATiy9HALXVe+p+
-Gpxn3HAeMIH6BgsqhkiG9w0BCRACLzGB6jCB5zCB5DCBvQQgR+fl2+JSskULOeVY
-LbeMgk7HdIbREmAsjwtcy6MJkskwgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEG
-A1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWlj
-cm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFt
-cCBQQ0EgMjAxMAITMwAAAcf7AKBKW/In3AABAAABxzAiBCDawC6YVvLZ6RoyguNo
-tb7bPYiDNi1Lq3AJJTSBUXXuRzANBgkqhkiG9w0BAQsFAASCAgBuabic21jN5mcr
-JSSjkx1wLBYeWML4O4k28Yl45QEPKriORVt/+MkFUZYl2gZpRNbXmeFDXzh5H882
-rUeFQrL0MKfD/VthS7WbgHkt2ARKNQQjme8OONhPmY9Z9bbli6pDibfh0+GskgWh
-wZEjiiepJATXh4vl4aNC2Pt0AykSYo/ccLNcE7M2Id26uOUGTafyaY3NjBjzAiLh
-iuQlS/F+snuJe021UXj/Pokl1Ancp0bdxHSTBxGpu1oQVaBg1YmfaVAaqWYTUUdj
-vuohlQZuk+bUayC7Mi3xnAqOlVMIDaVfbS4j3RbVAC6KPwNBytGCfKUlPs0FqGjO
-i1Sd7Ifd6UbHVoaq1wfFbCapH4NQ/1oqlMSfGaRXAg9Z8IiI87JLTO7lfob/zT7F
-jbFiHDZDiZcODf8Lxa58hgyn35h/8aYvDf98gMN1MrTy4yZkSTVxxz0+cZdAMjeg
-DyXB6A3cqZvpL3fmM88CNKRrnJo5IYK9BU4QqLu5XGIChYdsJEjdDaG1+hFjaXzC
-1cpasZcNF9EDFprVmIHxJjJljxthMhU+JeDBGfvHqH+DQldaodALY7exjGPjhPBU
-qKjxF8AcoRdTdBTX9K6zL1sARYUKoOjQu4GJRXVlEqXStbVy0zSoaUYAXsGWiIgN
-+KppwX5z9ek02RqPcQksSamyAJOcaQAA
------END AUTHENTICODE SIGNATURE-----

signature-sles.x86_64.asc

@@ -1,208 +0,0 @@
-hash: 2b0d7d00e2d5ef27605375da81690afaab91d19ea4cc129ced8dfb34d9c5c2d3
-# 1970-01-01 00:00:00
-timestamp: 0
-linker: 2702
-checksum: c766
------BEGIN AUTHENTICODE SIGNATURE-----
-MIIljgYJKoZIhvcNAQcCoIIlfzCCJXsCAQExDzANBglghkgBZQMEAgEFADBcBgor
-BgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgB
-ZQMEAgEFAAQgKw19AOLV7ydgU3XagWkK+quR0Z6kzBKc7Y37NNnFwtOgggswMIIF
-GDCCBACgAwIBAgITMwAAAFRJgAequ/NAsgABAAAAVDANBgkqhkiG9w0BAQsFADCB
-gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
-ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi
-TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTAeFw0yMzAyMTYyMDE5
-NTdaFw0yNDAxMzEyMDE5NTdaMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz
-aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv
-cnBvcmF0aW9uMTAwLgYDVQQDEydNaWNyb3NvZnQgV2luZG93cyBVRUZJIERyaXZl
-ciBQdWJsaXNoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3LnZl
-au6xJ+i9ZwLUwgOvwO/GIwWKO+IH0DJ07A2CPNJdQcBMu/p31gmVejU1i+FviW71
-IbBCKAyzFaOo9u0RquGymx04bLP+437N2ztW0pLth71fqp0b1DGjEj9u/E1SQaLP
-0MwQ/ooKo9co87S2C8CwX5EosLjQ8UZ016d3CG6Dh8Kqkc3Y1moN7dkDrLzonJsi
-8CfNFcJlj0YaFgsbEROFc6TB+MXsPXHDfjJLKjZxmc5goBKDNXkxbJrtyVGyb+RR
-+LpKlf7aP3zPfTMuRi31Wjnm1qKo7Jd8VlAXXesvrW2ZmzUKijEY5gQLyyjfTuNb
-eiZ4KaO5qGE4oNxNAgMBAAGjggGAMIIBfDAfBgNVHSUEGDAWBgorBgEEAYI3UAIB
-BggrBgEFBQcDAzAdBgNVHQ4EFgQUSWrbGag0281IoZ3+KJt6pFkKC+8wVAYDVR0R
-BE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlvbnMg
-TGltaXRlZDEWMBQGA1UEBRMNMjI5OTExKzUwMDE3OTAfBgNVHSMEGDAWgBQTrb9D
-Cb2CcJyM1U8xbtUimIob1DBTBgNVHR8ETDBKMEigRqBEhkJodHRwOi8vd3d3Lm1p
-Y3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb3JVRUZDQTIwMTFfMjAxMS0wNi0y
-Ny5jcmwwYAYIKwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRodHRwOi8vd3d3Lm1p
-Y3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvclVFRkNBMjAxMV8yMDExLTA2
-LTI3LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQA8Xv+zvV/0
-jUxVVYztqDGphqsTbqaSzI93AMXhV/9xJRGrP8+pX/9LW7cDLBQHWAddeeP/bQRC
-yBeIGYhu7P9kuocvgW8pOD7ivj5JZdNYn8v0V7+T0boFkp+fEF0Ljc00VZf1yPWU
-DS5AiYUqqSL/ihu3NZFgRwJ6ia/Du72uLB5YPQ/4Icyr3VsUWafgZSl4J9QmmAmr
-rCa0U79ofm1Yfu1HnN76u84K+NQ30LBvPaA35JrcSI/OHKGxbD25lTCU65+yb0vI
-zYfFgvbG8VfrALOT6GhvN4NKGQzCQFLm7DMaibz7qcM8bKujdp9WL+Zb8MqxostZ
-05x9av9mlH22MIIGEDCCA/igAwIBAgIKYQjTxAAAAAAABDANBgkqhkiG9w0BAQsF
-ADCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT
-B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE7MDkGA1UE
-AxMyTWljcm9zb2Z0IENvcnBvcmF0aW9uIFRoaXJkIFBhcnR5IE1hcmtldHBsYWNl
-IFJvb3QwHhcNMTEwNjI3MjEyMjQ1WhcNMjYwNjI3MjEzMjQ1WjCBgTELMAkGA1UE
-BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc
-BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiTWljcm9zb2Z0
-IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBAKUIbEzHRQlqSwykwId/BnUMQwFUZOAWfwftkn0LsnO/DArGSkVh
-oMUWLZbT9Sug+01Jm0GAkDy5VP3mvNGdxKQYin9BilxZg2gyu4xHye5xvCFPmop8
-/0Q/jY8ysiZIrnW17slMHkoZfuSCmh14d00MsL32D9MW07z6K6VROF31+7rbeALb
-/+wKG5bVg7gZE+m2wHtAe+EfKCfJ+u9WXhzmfpR+wPBEsnk55dqyYotNvzhw4mgk
-FMkzpAg31VhpXtN87cEEUwjnTrAqh2MIYW9jFVnqsit51wxhZ4pb/V6th3+6hmdP
-cVgSIgQiIs6L71RxAM5QNVh2lQjuarGiAdUCAwEAAaOCAXYwggFyMBIGCSsGAQQB
-gjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFPjBa7d/d1NK8yU3HU6hJnsPIHCA
-MB0GA1UdDgQWBBQTrb9DCb2CcJyM1U8xbtUimIob1DAZBgkrBgEEAYI3FAIEDB4K
-AFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME
-GDAWgBRFZlJD4X5YEb/WTp4jVQg7OiJqqDBcBgNVHR8EVTBTMFGgT6BNhktodHRw
-Oi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNDb3JUaGlQ
-YXJNYXJSb29fMjAxMC0xMC0wNS5jcmwwYAYIKwYBBQUHAQEEVDBSMFAGCCsGAQUF
-BzAChkRodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY0NvclRo
-aVBhck1hclJvb18yMDEwLTEwLTA1LmNydDANBgkqhkiG9w0BAQsFAAOCAgEANQhC
-/zDMzvd2DK0QaFg1KUYydid87xJBJ0IbSqptgThIWRNV8+lYNKYWC4KqXa2C2oCD
-QQaPtB3yA7nzGl0b8VCQ+bNVhEIoHCC9sq5RFMXArJeVIRyQ2w/8d56Vc5GIyr29
-UrkFUA3fV56gYe0N5W0l2UAPF0DIzqNKwk2vmhIdCFSPvce8uSs9SSsfMvxqIWlP
-m8h+QjT8NgYXi48gQMCzmiV1J83JA6P2XdHnNlR6uVC10xLRB7+7dN/cHo+A1e0Y
-9C8UFmsv3maMsCPlx4TY7erBM4KtVksYLfFolQfNz/By8K673YaFmCwhTDMr8A9K
-8GiHtZJVMnWhaoJqPKMlEaTtrdcErsvYQFmghNGVTGKRIhp0HYw9Rw5EpuSwmzQ1
-sfq2U6gsgeykBXHInbi66BtEZuRHVA6OVn+znxaYsobQaD6QI7UvXo9QhY3GjYJf
-QaH0Lg3gmdJsdeS2abUhhvoH0fbiTdHarSx3Ux4lMjfHbFJylYaw8TVhahn1sjuB
-UFamMi3+oon5QoYnGFWhgspam/gwmFQUpkeWJS/IJuRBlBpcAj/lluOFWzw+P7tH
-FnJV4iUisdl75wMGKqP3HpBGwwAN1hmJ4w41J2IDcRWm79AnoKBZN2D4OJS44Hhw
-+LpMhoeU9uCuAkXuZcK2o35pFnUHkpv1prxZg1gxghnRMIIZzQIBATCBmTCBgTEL
-MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v
-bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiTWlj
-cm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMQITMwAAAFRJgAequ/NAsgAB
-AAAAVDANBglghkgBZQMEAgEFAKCB3DAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIB
-BDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQg
-nl9Qe9t9Ct73RQ7L3246HC0dlQ8sxnBmAEwd2KVIiSMwcAYKKwYBBAGCNwIBDDFi
-MGCgMoAwAFMAVQBTAEUAIABMAGkAbgB1AHgAIABQAHIAbwBkAHUAYwB0AHMAIABH
-AG0AYgBIoSqAKGh0dHBzOi8vd3d3Lm1pY3Jvc29mdC5jb20vZW4tdXMvd2luZG93
-cyAwDQYJKoZIhvcNAQEBBQAEggEApEHFoAeD35yLRG+cqmAm+HpNsegwfxiROHWO
-D0JWTIrF4lPwhLwC6zkF6SPj+MxH1aJaGnfHLmPfHvPkHxr4aEQA1jMY5+IIUMpJ
-KyIN9sKGFRs3TMK5zYU9waOOOfSKnwf7tklge7ekTQM2uEr/ZAfU3GZpXyV0nI7i
-0iLTyRTwJ8uKob/6oRKuKqKJnpoymbr+8AhMF1IP8GbwINPfdN1T+Rn5+Q1+LXl6
-pEPwPmMFK4C4tGRlIXMs63uPwRDU/TghPZW/LmNWc8D4PGfUdht5M+yk/J/6s4fO
-dcP7D459SqlzVrEsk5pDTLHwLb1L8e7iYXJrQUf4Z3Y0GQfUGqGCFykwghclBgor
-BgEEAYI3AwMBMYIXFTCCFxEGCSqGSIb3DQEHAqCCFwIwghb+AgEDMQ8wDQYJYIZI
-AWUDBAIBBQAwggFZBgsqhkiG9w0BCRABBKCCAUgEggFEMIIBQAIBAQYKKwYBBAGE
-WQoDATAxMA0GCWCGSAFlAwQCAQUABCDWmLcKWCmN5uVF0nepDxHZfjFrUB7wcSG+
-TodKvtwaBQIGY/daGrubGBMyMDIzMDMyMDIxMTExNC4zMzFaMASAAgH0oIHYpIHV
-MIHSMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH
-UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMS0wKwYDVQQL
-EyRNaWNyb3NvZnQgSXJlbGFuZCBPcGVyYXRpb25zIExpbWl0ZWQxJjAkBgNVBAsT
-HVRoYWxlcyBUU1MgRVNOOkQwODItNEJGRC1FRUJBMSUwIwYDVQQDExxNaWNyb3Nv
-ZnQgVGltZS1TdGFtcCBTZXJ2aWNloIIReDCCBycwggUPoAMCAQICEzMAAAG6Hz8Z
-98F1vXwAAQAAAbowDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNV
-BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv
-c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg
-UENBIDIwMTAwHhcNMjIwOTIwMjAyMjE5WhcNMjMxMjE0MjAyMjE5WjCB0jELMAkG
-A1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQx
-HjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMkTWljcm9z
-b2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1UaGFsZXMg
-VFNTIEVTTjpEMDgyLTRCRkQtRUVCQTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUt
-U3RhbXAgU2VydmljZTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAIhO
-FYMzkjWAE9UVnXF9hRGv0xBRxc+I5Hu3hxVFXyK3u38xusEb0pLkwjgGtDsaLLbr
-lMxqX3tFb/3BgEPEC3L0wX76gD8zHt+wiBV5mq5BWop29qRrgMJKKCPcpQnSjs9B
-/4XMFFvrpdPicZDv43FLgz9fHqMq0LJDw5JAHGDS30TCY9OF43P4d44Z9lE7CaVS
-2pJMF3L453MXB5yYK/KDbilhERP1jxn2yl+tGCRguIAsMG0oeOhXaw8uSGOhS6AC
-SHb+ebi0038MFHyoTNhKf+SYo4OpSY3xP4+swBBTKDoYP1wH+CfxG6h9fymBJQPQ
-Zaqfl0riiDLjmDunQtH1GD64Air5k9Jdwhq5wLmSWXjyFVL+IDfOpdixJ6f5o+Mh
-E6H4t31w+prygHmd2UHQ657UGx6FNuzwC+SpAHmV76MZYac4uAhTgaP47P2eeS1o
-ckvyhl9ya+9JzPfMkug3xevzFADWiLRMr066EMV7q3JSRAsnCS9GQ08C4FKPbSh8
-OPM33Lng0ffxANnHAAX/DE7cHcx7l9jaV3Acmkj7oqir4Eh2u5YxwiaTE37XaMum
-X2ES3PJ5NBaXq7YdLJwySD+U9pk/tl4dQ1t/Eeo7uDTliOyQkD8I74xpVB0T31/6
-7KHfkBkFVvy6wye21V+9IC8uSD++RgD3RwtN2kE/AgMBAAGjggFJMIIBRTAdBgNV
-HQ4EFgQUimLm8QMeJa25j9MWeabI2HSvZOUwHwYDVR0jBBgwFoAUn6cVXQBeYl2D
-9OXSZacbUzUZ6XIwXwYDVR0fBFgwVjBUoFKgUIZOaHR0cDovL3d3dy5taWNyb3Nv
-ZnQuY29tL3BraW9wcy9jcmwvTWljcm9zb2Z0JTIwVGltZS1TdGFtcCUyMFBDQSUy
-MDIwMTAoMSkuY3JsMGwGCCsGAQUFBwEBBGAwXjBcBggrBgEFBQcwAoZQaHR0cDov
-L3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9jZXJ0cy9NaWNyb3NvZnQlMjBUaW1l
-LVN0YW1wJTIwUENBJTIwMjAxMCgxKS5jcnQwDAYDVR0TAQH/BAIwADAWBgNVHSUB
-Af8EDDAKBggrBgEFBQcDCDAOBgNVHQ8BAf8EBAMCB4AwDQYJKoZIhvcNAQELBQAD
-ggIBAF/I8U6hbZhvDcn96nZ6tkbSEjXPvKZ6wroaXcgstEhpgaeEwleLuPXHLzEW
-tuJuYz4eshmhXqFr49lbAcX5SN5/cEsP0xdFayb7U5P94JZd3HjFvpWRNoNBhF3S
-DM0A38sI2H+hjhB/VfX1XcZiei1ROPAyCHcBgHLyQrEu6mnb3HhbIdr8h0Ta7WFy
-lGhLSFW6wmzKusP6aOlmnGSac5NMfla6lRvTYHd28rbbCgfSm1RhTgoZj+W8DTKt
-iEMwubHJ3mIPKmo8xtJIWXPnXq6XKgldrL5cynLMX/0WX65OuWbHV5GTELdfWvGV
-3DaZrHPUQ/UP31Keqb2xjVCb30LVwgbjIvYS77N1dARkN8F/9pJ1gO4IvZWMwyMl
-KKFGojO1f1wbjSWcA/57tsc+t2blrMWgSNHgzDr01jbPSupRjy3Ht9ZZs4xN02ei
-X3eG297NrtC6l4c/gzn20eqoqWx/uHWxmTgB0F5osBuTHOe77DyEA0uhArGlgKP9
-1jghgt/OVHoH65g0QqCtgZ+36mnCEg6IOhFoFrCc0fJFGVmb1+17gEe+HRMM7jBk
-4O06J+IooFrI3e3PJjPrQano/MyE3h+zAuBWGMDRcUlNKCDU7dGnWvH3XWwLrCCI
-cz+3GwRUMsLsDdPW2OVv7v1eEJiMSIZ2P+M7L20Q8aznU4OAMIIHcTCCBVmgAwIB
-AgITMwAAABXF52ueAptJmQAAAAAAFTANBgkqhkiG9w0BAQsFADCBiDELMAkGA1UE
-BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc
-BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEyMDAGA1UEAxMpTWljcm9zb2Z0
-IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIwMTAwHhcNMjEwOTMwMTgyMjI1
-WhcNMzAwOTMwMTgzMjI1WjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu
-Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv
-cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDCC
-AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAOThpkzntHIhC3miy9ckeb0O
-1YLT/e6cBwfSqWxOdcjKNVf2AX9sSuDivbk+F2Az/1xPx2b3lVNxWuJ+Slr+uDZn
-hUYjDLWNE893MsAQGOhgfWpSg0S3po5GawcU88V29YZQ3MFEyHFcUTE3oAo4bo3t
-1w/YJlN8OWECesSq/XJprx2rrPY2vjUmZNqYO7oaezOtgFt+jBAcnVL+tuhiJdxq
-D89d9P6OU8/W7IVWTe/dvI2k45GPsjksUZzpcGkNyjYtcI4xyDUoveO0hyTD4MmP
-frVUj9z6BVWYbWg7mka97aSueik3rMvrg0XnRm7KMtXAhjBcTyziYrLNueKNiOSW
-rAFKu75xqRdbZ2De+JKRHh09/SDPc31BmkZ1zcRfNN0Sidb9pSB9fvzZnkXftnIv
-231fgLrbqn427DZM9ituqBJR6L8FA6PRc6ZNN3SUHDSCD/AQ8rdHGO2n6Jl8P0zb
-r17C89XYcz1DTsEzOUyOArxCaC4Q6oRRRuLRvWoYWmEBc8pnol7XKHYC4jMYcten
-IPDC+hIK12NvDMk2ZItboKaDIV1fMHSRlJTYuVD5C4lh8zYGNRiER9vcG9H9stQc
-xWv2XFJRXRLbJbqvUAV6bMURHXLvjflSxIUXk8A8FdsaN8cIFRg/eKtFtvUeh17a
-j54WcmnGrnu3tz5q4i6tAgMBAAGjggHdMIIB2TASBgkrBgEEAYI3FQEEBQIDAQAB
-MCMGCSsGAQQBgjcVAgQWBBQqp1L+ZMSavoKRPEY1Kc8Q/y8E7jAdBgNVHQ4EFgQU
-n6cVXQBeYl2D9OXSZacbUzUZ6XIwXAYDVR0gBFUwUzBRBgwrBgEEAYI3TIN9AQEw
-QTA/BggrBgEFBQcCARYzaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraW9wcy9E
-b2NzL1JlcG9zaXRvcnkuaHRtMBMGA1UdJQQMMAoGCCsGAQUFBwMIMBkGCSsGAQQB
-gjcUAgQMHgoAUwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/
-MB8GA1UdIwQYMBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRPME0wS6BJ
-oEeGRWh0dHA6Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01p
-Y1Jvb0NlckF1dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYB
-BQUHMAKGPmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9v
-Q2VyQXV0XzIwMTAtMDYtMjMuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQCdVX38Kq3h
-LB9nATEkW+Geckv8qW/qXBS2Pk5HZHixBpOXPTEztTnXwnE2P9pkbHzQdTltuw8x
-5MKP+2zRoZQYIu7pZmc6U03dmLq2HnjYNi6cqYJWAAOwBb6J6Gngugnue99qb74p
-y27YP0h1AdkY3m2CDPVtI1TkeFN1JFe53Z/zjj3G82jfZfakVqr3lbYoVSfQJL1A
-oL8ZthISEV09J+BAljis9/kpicO8F7BUhUKz/AyeixmJ5/ALaoHCgRlCGVJ1ijbC
-HcNhcy4sa3tuPywJeBTpkbKpW99Jo3QMvOyRgNI95ko+ZjtPu4b6MhrZlvSP9pEB
-9s7GdP32THJvEKt1MMU0sHrYUP4KWN1APMdUbZ1jdEgssU5HLcEUBHG/ZPkkvnNt
-yo4JvbMBV0lUZNlz138eW0QBjloZkWsNn6Qo3GcZKCS6OEuabvshVGtqRRFHqfG3
-rsjoiV5PndLQTHa1V1QJsWkBRH58oWFsc/4Ku+xBZj1p/cvBQUl+fpO+y/g75LcV
-v7TOPqUxUYS8vwLBgqJ7Fx0ViY1w/ue10CgaiQuPNtq6TPmb/wrpNPgkNWcr4A24
-5oyZ1uEi6vAnQj0llOZ0dFtq0Z4+7X6gMTN9vMvpe784cETRkPHIqzqKOghif9lw
-Y1NNje6CbaUFEMFxBmoQtB1VM1izoXBm8qGCAtQwggI9AgEBMIIBAKGB2KSB1TCB
-0jELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
-ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEtMCsGA1UECxMk
-TWljcm9zb2Z0IElyZWxhbmQgT3BlcmF0aW9ucyBMaW1pdGVkMSYwJAYDVQQLEx1U
-aGFsZXMgVFNTIEVTTjpEMDgyLTRCRkQtRUVCQTElMCMGA1UEAxMcTWljcm9zb2Z0
-IFRpbWUtU3RhbXAgU2VydmljZaIjCgEBMAcGBSsOAwIaAxUAdqNHe113gCJ87aZI
-Ga5QBUqIwvKggYMwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu
-Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv
-cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMDAN
-BgkqhkiG9w0BAQUFAAIFAOfCzGowIhgPMjAyMzAzMjAyMDEzMzBaGA8yMDIzMDMy
-MTIwMTMzMFowdDA6BgorBgEEAYRZCgQBMSwwKjAKAgUA58LMagIBADAHAgEAAgIo
-sTAHAgEAAgITWDAKAgUA58Qd6gIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEE
-AYRZCgMCoAowCAIBAAIDB6EgoQowCAIBAAIDAYagMA0GCSqGSIb3DQEBBQUAA4GB
-AFQv5G3OKjQK9etdeYFFznROY2X7c1SkMnQwwxm3+j0ifvXyI2sWUTXDSpw6500w
-NgkAw5aSKGdASAU86Guo+KChFeoPRFKEsd8vz5lkqD+ygzniQdZv9IwewyUKKEQp
-3tfj3jYfEAGHaviNrpKGRKX2JOvqTGBPFb9f1Ni9Zk6CMYIEDTCCBAkCAQEwgZMw
-fDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl
-ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMd
-TWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTACEzMAAAG6Hz8Z98F1vXwAAQAA
-AbowDQYJYIZIAWUDBAIBBQCgggFKMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRAB
-BDAvBgkqhkiG9w0BCQQxIgQg8iSGA5ZZFd75t8R/n+vXy/Xd8Hzr9NC5zXhiQqgn
-Gz8wgfoGCyqGSIb3DQEJEAIvMYHqMIHnMIHkMIG9BCApVb08M25w+tYGWsmlGtp1
-gy1nPcqWfqgMF3nlWYVzBTCBmDCBgKR+MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQI
-EwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNyb3Nv
-ZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBD
-QSAyMDEwAhMzAAABuh8/GffBdb18AAEAAAG6MCIEIJPReYCIzr/054P84PApGlAT
-MPM0RvB8udGeI69L54BFMA0GCSqGSIb3DQEBCwUABIICADU4cWidCUu/BiJ0NNqk
-qeqVjGfrmF/WRF4/wm6xtE/3zQk0fXwtn69aEHrw41TQEaZetk0SLeRtc9hiWLL/
-uP/MM2CkEJO1rbYXRa0HOURV3QOPzDG523o1qG1bx05MxNZKH+79xHAWKXWXYABL
-AR0QqSbm+WRGfjj6G6tg4i5TetX8Asxe3AozmopVqjI/Y0bQhySg7Rn1czGMzStO
-Da0Jj676MYbHrUwejdsjvSJ1NLrkQ144Fnun/BjLv8c3liOaUlK+F5YOnwwUvk//
-Gb1HZNo7zGug5LT/8a7WOnqtXWXL4Kk2wa/h3MlYEBM6TMjixvpY5aKbChCagi2x
-8deizMg1HuhYZlhCOpJnPkW+O7+z/89FIheAsQwUfJo/z/e+RPqdS8WE1Hr/vbUH
-7l/wQrIJpumK2B4aR7QRAAY+yUQxbARGn97BZh6sb5hX2MGYIs5uniuvi9IA8Gjt
-tIJdnecbWxVBa1pMtZuDKthgGc/IGSgMh2ckQ4k0466eMl/OkWsLVT0X46ZLdlt/
-+g9pnpFHBa5YSG+WbsiuSydYBzVmEc7dIcjIh6YRHcBOXuOr9SObW7ALOyCwOk7r
-kRcnmQvSVy6sbkzXVI9hdCp5vg5rsUnkCCfIqKeKNQUV0EugFLhY5J7LvowAuBFN
-nMkgl+w2bS05mxmBSrdLbAuOAAAAAAAA
------END AUTHENTICODE SIGNATURE-----

strip_signature.sh

@@ -1,13 +0,0 @@
-#!/bin/bash
-# strip the signature from a PE binary
-set -e
-
-infile="$1"
-if [ -z "$infile" -o ! -e "$infile" ]; then
-	echo "USAGE: $0 file.efi"
-	exit 1
-fi
-
-outfile="${infile%.efi}-unsigned.efi"
-
-pesign -r -i "$infile" -o "$outfile"

timestamp.pl

@@ -1,146 +0,0 @@
-#!/usr/bin/perl -w
-# Copyright (c) 2012-2021 SUSE LLC
-#
-# Permission is hereby granted, free of charge, to any person obtaining a copy
-# of this software and associated documentation files (the "Software"), to deal
-# in the Software without restriction, including without limitation the rights
-# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-# copies of the Software, and to permit persons to whom the Software is
-# furnished to do so, subject to the following conditions:
-#
-# The above copyright notice and this permission notice shall be included in
-# all copies or substantial portions of the Software.
-#
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-# SOFTWARE.
-
-=head1 timestamp.pl
-
-timestamp.pl - show or set pe timestamp in file
-
-=head1 SYNOPSIS
-
-timestamp.pl [OPTIONS] FILE...
-
-=head1 OPTIONS
-
-=over 4
-
-=item B<--set-form-file=FILE>
-
-parse timestamp, checksum, and linker version from file
-
-=item B<--help, -h>
-
-print help
-
-=back
-
-=head1 DESCRIPTION
-
-lorem ipsum ...
-
-=cut
-
-use strict;
-use Getopt::Long;
-Getopt::Long::Configure("no_ignore_case");
-use POSIX qw/strftime/;
-
-my %options;
-
-sub usage($) {
-	my $r = shift;
-	eval "use Pod::Usage; pod2usage($r);";
-	if ($@) {
-		die "cannot display help, install perl(Pod::Usage)\n";
-	}
-}
-
-GetOptions(
-	\%options,
-	"set-from-file=s",
-	"verbose|v",
-	"help|h",
-) or usage(1);
-
-usage(1) unless @ARGV;
-usage(0) if ($options{'help'});
-
-my $set_timestamp;
-my $set_checksum;
-my $set_linker;
-
-if ($options{'set-from-file'}) {
-	die "$options{'set-from-file'}: $!\n" unless open(my $fh, '<', $options{'set-from-file'});
-	while (<$fh>) {
-		chomp;
-		if (/^timestamp: ([0-9a-f]+)/) {
-			$set_timestamp = pack('L', hex($1));
-			next;
-		} elsif (/^linker: ([0-9a-f]+)/) {
-			$set_linker = pack('S', hex($1));
-			next;
-		} elsif (/^checksum: ([0-9a-f]+)/) {
-			$set_checksum = pack('S', hex($1));
-			next;
-		}
-		last if $set_timestamp && $set_checksum && $set_linker;
-	}
-	close($fh);
-	die "file didn't contain timestamp, checksum, or linker\n" unless $set_timestamp && $set_checksum && $set_linker;
-}
-
-sub do_show($)
-{
-	my $file = shift;
-	die "$file: $!\n" unless open(my $fh, '<', $file);
-	die "seek $file: $!\n" unless seek($fh, 136, 0);
-	my $value;
-	die "read $file: $!\n" unless read($fh, $value, 4);
-
-	my $timestamp = unpack('L', $value);
-	print strftime("# %Y-%m-%d %H:%M:%S\n", gmtime($timestamp));
-	printf ("timestamp: %x\n", $timestamp);
-
-	die "seek $file: $!\n" unless seek($fh, 154, 0);
-	die "read $file: $!\n" unless read($fh, $value, 2);
-
-	printf ("linker: %x\n", unpack('S', $value));
-
-	die "seek $file: $!\n" unless seek($fh, 216, 0);
-	die "read $file: $!\n" unless read($fh, $value, 2);
-
-	printf ("checksum: %x\n", unpack('S', $value));
-
-	close($fh);
-}
-
-sub do_set($)
-{
-	my $file = shift;
-	die "$file: $!\n" unless open(my $fh, '+<', $file);
-	die "seek $file: $!\n" unless seek($fh, 136, 0);
-	die "write $file: $!\n" unless print $fh $set_timestamp;
-
-	die "seek $file: $!\n" unless seek($fh, 154, 0);
-	die "write $file: $!\n" unless print $fh $set_linker;
-
-	die "seek $file: $!\n" unless seek($fh, 216, 0);
-	die "read $file: $!\n" unless print $fh $set_checksum;
-	close($fh);
-}
-
-for my $file (@ARGV) {
-	if ($options{'set-from-file'}) {
-		do_set($file);
-	} else {
-		do_show($file);
-	}
-
-}