# # spec file for package shim # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: shim Version: 0.2 Release: 0 Summary: UEFI shim loader License: BSD-2-Clause Group: System/Boot Url: https://github.com/mjg59/shim Source: %{name}-%{version}.tar.bz2 # PATCH-FIX-SUSE shim-suse-build.patch glin@suse.com -- Adjust Makefile for the build service Patch0: shim-suse-build.patch # PATCH-FIX-UPSTREAM shim-local-key-sign-mokmanager.patch glin@suse.com -- Sign MokManager.efi with the local generated certificate Patch1: shim-local-key-sign-mokmanager.patch # PATCH-FEATURE-UPSTREAM shim-get-2nd-stage-loader.patch glin@suse.com -- Get the second stage loader path from the load options Patch2: shim-get-2nd-stage-loader.patch # PATCH-FIX-UPSTREAM shim-reboot-after-changes.patch glin@suse.com -- Reboot the system after enrolling or erasing keys Patch3: shim-reboot-after-changes.patch # PATCH-FIX-UPSTREAM shim-clear-queued-key.patch glin@suse.com -- Clear the queued key to show the menu properly Patch5: shim-clear-queued-key.patch # PATCH-FIX-UPSTREAM shim-fix-loadoptions.patch bnc#798043 glin@suse.com -- Adopt the UEFI shell style LoadOptions Patch6: shim-fix-loadoptions.patch # PATCH-FIX-UPSTREAM shim-support-mok-delete.patch glin@suse.com -- Support for deleting specific keys Patch7: shim-support-mok-delete.patch # PATCH-FIX-UPSTREAM shim-mokmanager-new-pw-hash.patch glin@suse.com -- Support the new password hash Patch8: shim-mokmanager-new-pw-hash.patch BuildRequires: gnu-efi >= 3.0q BuildRequires: mozilla-nss-tools BuildRequires: openssl >= 0.9.8 BuildRequires: pesign BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: x86_64 %description shim is a trivial EFI application that, when run, attempts to open and execute another application. Authors: -------- Matthew Garrett %prep %setup -q %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %build chmod +x "make-certs" # make sure cast warnings don't trigger post build check make 2>/dev/null # make VENDOR_CERT_FILE=cert.der VENDOR_DBX_FILE=dbx mv shim.efi shim-unsigned.efi %install install -d %{buildroot}/%{_libdir}/efi install -m 444 shim-unsigned.efi %{buildroot}/%{_libdir}/efi install -m 444 MokManager.efi.signed %{buildroot}/%{_libdir}/efi/MokManager.efi %clean %{?buildroot:%__rm -rf "%{buildroot}"} %files %defattr(-,root,root) %doc COPYRIGHT %dir %{_libdir}/efi %{_libdir}/efi/shim-unsigned.efi %{_libdir}/efi/MokManager.efi %changelog