From 3f2870e16dc941ba0d3e48109195415187c201e9 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Mon, 30 Apr 2018 11:16:48 -0400 Subject: [PATCH] replace stuff with a README to make it clearer what's going on. Signed-off-by: Peter Jones --- README | 3 + dbx.esl | Bin 304 -> 0 bytes fedora-ca.cer | Bin 876 -> 0 bytes shim.spec | 151 -------------------------------------------------- sources | 2 - 5 files changed, 3 insertions(+), 153 deletions(-) create mode 100644 README delete mode 100644 dbx.esl delete mode 100644 fedora-ca.cer delete mode 100644 shim.spec delete mode 100644 sources diff --git a/README b/README new file mode 100644 index 0000000..62887ec --- /dev/null +++ b/README @@ -0,0 +1,3 @@ +There was no build of this for f28 - the unsigned build was moved to +shim-unsigned-aarch64 and shim-unsigned-x64. For f29, shim-signed moves +to here. diff --git a/dbx.esl b/dbx.esl deleted file mode 100644 index 2ea555ccebee3c3fd2a8c73a78a90af156dbcd37..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 304 zcmY!rJ95w`V3Na{m5x8nCOc~wFfxFF0g&u}@^bBtInQPouHW*EVV?fuG$rE>!SYZS z7o{{o1_qZjh)M*hhGrJjCNHNRB#f5=kCWD|- i2SbOFF$0i;3P>?)W+=nV@(!g?1|=84nKK13%mM&)^i^5_ diff --git a/fedora-ca.cer b/fedora-ca.cer deleted file mode 100644 index b81707b175f2205af35ba9903eae779db0e84069..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 876 zcmXqLV$LvVVhUKm%*4pV#L6(U?9&$mUN%mxHjlRNyo`+8tPBPUhH?fnY|No7%)+8> zsVVtIi3-7~$)!c93Qqa?B?``t26E!OhDL@)2IhulMy94FQR2KtAg(EtON0qcj7rGX zGO{u-H!<=v7&I|*F*PwVGOYXhJ*aVIjGgv(+0ZXh87;bdy33}u@~ZEUSbFwg^QIp4 zSY@t@LR_UY7Cnn)?D}$Z{-1(9hmVL?Gi?<<5;*C>0oIb8dbTPR3o47J95|%CscHF_ z)#+YJpHt2r{>h`pxL^9Jt>ylczkbIB?OfvVTX=uFCRfUP#p*qBV$~h~A04!BDv7%L zwR}^N@eLM>+NilZuD1Tbl}A@A*GCpJ-P!K3f1P&0!Cxiym0#Z}Utnh4SSjKE*I)lp zvZQbMu7f(=n{Tq}-Mq0aPG59{C%uC^UyWfjr$|mjbp17o}8U#?PMSfQlQGhW55NoiJ93z79_~W zBF2JU4{90$MkXVJdHDw`$3-&p3$3rsp1M`^zSp)d7Xx?kvfP@pN%_NPlgQp3S7w!# zq&A2rS{bXxfHT|dm}{$^H&q=<-*=Kv zkY7wsZsn)Ee=K`n&HJ))^UW)X;T-KpX53gbGv%IWNN;$hi2N^J-|Vw9OuzE5?fqx3XS&*z?&Hm;YVX`O+Q$9`soS diff --git a/shim.spec b/shim.spec deleted file mode 100644 index e8b29e1..0000000 --- a/shim.spec +++ /dev/null @@ -1,151 +0,0 @@ -Name: shim -Version: 0.9 -Release: 1%{?dist} -Summary: First-stage UEFI bootloader - -License: BSD -URL: https://github.com/rhinstaller/shim -Source0: https://github.com/rhinstaller/shim/releases/download/%{version}/shim-%{version}.tar.bz2 -Source1: fedora-ca.cer - -# currently here's what's in our dbx: -# grub2-efi-2.00-11.fc18.x86_64: -# grubx64.efi 6ac839881e73504047c06a1aac0c4763408ecb3642783c8acf77a2d393ea5cd7 -# gcdx64.efi 065cd63bab696ad2f4732af9634d66f2c0d48f8a3134b8808750d378550be151 -# grub2-efi-2.00-11.fc19.x86_64: -# grubx64.efi 49ece9a10a9403b32c8e0c892fd9afe24a974323c96f2cc3dd63608754bf9b45 -# gcdx64.efi 99fcaa957786c155a92b40be9c981c4e4685b8c62b408cb0f6cb2df9c30b9978 -# woops. -Source2: dbx.esl -Source3: rhtest.cer - -BuildRequires: git openssl-devel openssl -BuildRequires: pesign >= 0.106-1 -BuildRequires: gnu-efi >= 3.0.3-3 -BuildRequires: gnu-efi-devel >= 3.0.3-3 - -# Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not -# compatible with SysV (there's no red zone under UEFI) and there isn't a -# POSIX-style C library. -# BuildRequires: OpenSSL -Provides: bundled(openssl) = 0.9.8zb - -# Shim is only required on platforms implementing the UEFI secure boot -# protocol. The only one of those we currently wish to support is 64-bit x86. -# Adding further platforms will require adding appropriate relocation code. -ExclusiveArch: x86_64 - -%global efiarch x64 - -# Figure out the right file path to use -%if 0%{?rhel} -%global efidir redhat -%endif -%if 0%{?fedora} -%global efidir fedora -%endif - -%description -Initial UEFI bootloader that handles chaining to a trusted full bootloader -under secure boot environments. - -%package -n shim-unsigned -Summary: First-stage UEFI bootloader (unsigned data) - -%description -n shim-unsigned -Initial UEFI bootloader that handles chaining to a trusted full bootloader -under secure boot environments. - -%prep -%setup -q -git init -git config user.email "%{name}-owner@fedoraproject.org" -git config user.name "Fedora Ninjas" -git add . -git commit -a -q -m "%{version} baseline." -git am --ignore-whitespace %{patches} shim.hash -install -D -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/shim/ -install -m 0644 shim.efi $RPM_BUILD_ROOT%{_datadir}/shim/shim.efi -install -m 0644 shim.hash $RPM_BUILD_ROOT%{_datadir}/shim/shim.hash -install -m 0644 fallback.efi $RPM_BUILD_ROOT%{_datadir}/shim/fallback.efi -install -m 0644 MokManager.efi $RPM_BUILD_ROOT%{_datadir}/shim/MokManager.efi -# now install our .debug files... -install -D -d -m 0755 $RPM_BUILD_ROOT/usr/lib/debug/%{_datadir}/shim/ -install -m 0644 shim.efi.debug $RPM_BUILD_ROOT/usr/lib/debug/%{_datadir}/shim/shim.efi.debug -install -m 0644 fallback.efi.debug $RPM_BUILD_ROOT/usr/lib/debug/%{_datadir}/shim/fallback.efi.debug -install -m 0644 MokManager.efi.debug $RPM_BUILD_ROOT/usr/lib/debug/%{_datadir}/shim/MokManager.efi.debug - -%files -n shim-unsigned -%doc -%dir %{_datadir}/shim -%{_datadir}/shim/* - -%changelog -* Fri Apr 28 2017 Petr Ĺ abata - 0.9-1 -- Updating to 0.9 to enable building with gcc7 -- Mostly mirroring the key shim-unsigned-aarch64 0.9 changes - -* Wed Dec 03 2014 Peter Jones - 0.8-2 -- Fix bootloader path and whitelist certificates on ARM Aarch64. - Resolves: rhbz#1170289 - -* Tue Oct 14 2014 Peter Jones - 0.8-1 -- Update to 0.8 - Related: rhbz#1148230 - Related: rhbz#1148231 - Related: rhbz#1148232 - -* Wed Nov 06 2013 Peter Jones - 0.7-1 -- Fix logic to handle SetupMode efi variable. - -* Thu Oct 31 2013 Peter Jones - 0.6-1 -- Fix a FreePool(NULL) call on machines too old for SB - -* Fri Oct 04 2013 Peter Jones - 0.5-1 -- Update to 0.5 - -* Tue Jun 11 2013 Peter Jones - 0.4-1 -- Update to 0.4 - -* Fri Jun 07 2013 Peter Jones - 0.3-2 -- Require gnu-efi-3.0q for now. -- Don't allow mmx or sse during compilation. -- Re-organize this so all real signing happens in shim-signed instead. -- Split out mokutil - -* Wed Dec 12 2012 Peter Jones - 0.2-3 -- Fix mokutil's idea of signature sizes. - -* Wed Nov 28 2012 Matthew Garrett - 0.2-2 -- Fix secure_mode() always returning true - -* Mon Nov 26 2012 Matthew Garrett - 0.2-1 -- Update shim -- Include mokutil -- Add debuginfo package since mokutil is a userspace executable - -* Mon Oct 22 2012 Peter Jones - 0.1-4 -- Produce an unsigned shim - -* Tue Aug 14 2012 Peter Jones - 0.1-3 -- Update how embedded cert and signing work. - -* Mon Aug 13 2012 Josh Boyer - 0.1-2 -- Add patch to fix image size calculation - -* Mon Aug 13 2012 Matthew Garrett - 0.1-1 -- initial release diff --git a/sources b/sources deleted file mode 100644 index 86c6569..0000000 --- a/sources +++ /dev/null @@ -1,2 +0,0 @@ -SHA512 (shim-0.9.tar.bz2) = 780f3eb3bfae366f25591eb5c46f7853614c03d79f88f0890f5e1bd614f2a9e859b355faa333894a16c048f50cbe9dc65ebe414e8fe07ce0657edec42836be0c -SHA512 (rhtest.cer) = 33d20ec3540e75aca39d92971b65c7d0b6e35fde85dda2426f097fa4a8506d95693201de13e231fa06afce3bc0e05faf05976a7481ed3db1b9795b8fc045d468