Update to 0.2

This commit is contained in:
Matthew Garrett 2012-11-26 20:01:27 -05:00
parent 48a92b9e95
commit 3f38048252
4 changed files with 58 additions and 11 deletions

2
.gitignore vendored
View File

@ -1 +1,3 @@
/shim-0.1.tar.bz2 /shim-0.1.tar.bz2
/shim-0.2.tar.bz2
/mokutil-0.1.0.tar.bz2

25
0001-Fix-grub-path.patch Normal file
View File

@ -0,0 +1,25 @@
From aedb12117d5de52b3b2a49008e5e052f4369bda9 Mon Sep 17 00:00:00 2001
From: Matthew Garrett <mjg59@srcf.ucam.org>
Date: Mon, 26 Nov 2012 19:31:05 -0500
Subject: [PATCH] Fix grub path
---
shim.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/shim.c b/shim.c
index 4d490b9..88c8209 100644
--- a/shim.c
+++ b/shim.c
@@ -42,7 +42,7 @@
#include "netboot.h"
#include "shim_cert.h"
-#define SECOND_STAGE L"\\grub.efi"
+#define SECOND_STAGE L"\\grubx64.efi"
#define MOK_MANAGER L"\\MokManager.efi"
static EFI_SYSTEM_TABLE *systab;
--
1.8.0

View File

@ -1,6 +1,6 @@
Name: shim Name: shim
Version: 0.1 Version: 0.2
Release: 4%{?dist} Release: 1%{?dist}
Summary: First-stage UEFI bootloader Summary: First-stage UEFI bootloader
License: BSD License: BSD
@ -8,6 +8,10 @@ URL: http://www.codon.org.uk/~mjg59/shim/
Source0: http://www.codon.org.uk/~mjg59/shim/shim-%{version}.tar.bz2 Source0: http://www.codon.org.uk/~mjg59/shim/shim-%{version}.tar.bz2
Source1: fedora-ca.cer Source1: fedora-ca.cer
# incorporate mokutil for packaging simplicity
%global mokutilver 0.1.0
Source2: http://www.codon.org.uk/~mjg59/mokutil/mokutil-%{mokutilver}.tar.bz2
# currently here's what's in our dbx: # currently here's what's in our dbx:
# grub2-efi-2.00-11.fc18.x86_64: # grub2-efi-2.00-11.fc18.x86_64:
# grubx64.efi 6ac839881e73504047c06a1aac0c4763408ecb3642783c8acf77a2d393ea5cd7 # grubx64.efi 6ac839881e73504047c06a1aac0c4763408ecb3642783c8acf77a2d393ea5cd7
@ -16,25 +20,24 @@ Source1: fedora-ca.cer
# grubx64.efi 49ece9a10a9403b32c8e0c892fd9afe24a974323c96f2cc3dd63608754bf9b45 # grubx64.efi 49ece9a10a9403b32c8e0c892fd9afe24a974323c96f2cc3dd63608754bf9b45
# gcdx64.efi 99fcaa957786c155a92b40be9c981c4e4685b8c62b408cb0f6cb2df9c30b9978 # gcdx64.efi 99fcaa957786c155a92b40be9c981c4e4685b8c62b408cb0f6cb2df9c30b9978
# woops. # woops.
Source2: dbx.esl Source3: dbx.esl
BuildRequires: gnu-efi git Patch0: 0001-Fix-grub-path.patch
BuildRequires: pesign >= 0.99-8
BuildRequires: gnu-efi git openssl-devel
BuildRequires: pesign >= 0.99-9
# Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not # Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
# compatible with SysV (there's no red zone under UEFI) and there isn't a # compatible with SysV (there's no red zone under UEFI) and there isn't a
# POSIX-style C library. # POSIX-style C library.
# BuildRequires: OpenSSL # BuildRequires: OpenSSL
Provides: bundled(openssl) = 0.9.8w
# Shim is only required on platforms implementing the UEFI secure boot # Shim is only required on platforms implementing the UEFI secure boot
# protocol. The only one of those we currently wish to support is 64-bit x86. # protocol. The only one of those we currently wish to support is 64-bit x86.
# Adding further platforms will require adding appropriate relocation code. # Adding further platforms will require adding appropriate relocation code.
ExclusiveArch: x86_64 ExclusiveArch: x86_64
# Shim generates no binaries that run under the installed OS, so debuginfo
# is useless
%global debug_package %{nil}
# Figure out the right file path to use # Figure out the right file path to use
%if 0%{?rhel} %if 0%{?rhel}
%global efidir redhat %global efidir redhat
@ -62,6 +65,7 @@ git config user.name "Fedora Ninjas"
git add . git add .
git commit -a -q -m "%{version} baseline." git commit -a -q -m "%{version} baseline."
git am %{patches} </dev/null git am %{patches} </dev/null
%setup -q -a 2 -D -T
%build %build
%define vendor_token_str %{expand:%%{nil}%%{?vendor_token_name:-t "%{vendor_token_name}"}} %define vendor_token_str %{expand:%%{nil}%%{?vendor_token_name:-t "%{vendor_token_name}"}}
@ -73,7 +77,10 @@ if [ -f "%{SOURCE1}" ]; then
MAKEFLAGS="VENDOR_CERT_FILE=%{SOURCE1}" MAKEFLAGS="VENDOR_CERT_FILE=%{SOURCE1}"
fi fi
make %{?_smp_mflags} ${MAKEFLAGS} make %{?_smp_mflags} ${MAKEFLAGS}
cd mokutil-%{mokutilver}
%configure
make %{?_smp_mflags}
cd ..
%install %install
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
@ -83,6 +90,10 @@ install -m 0644 shim.efi $RPM_BUILD_ROOT%{_datadir}/shim/shim.efi
install -m 0644 shim.sig $RPM_BUILD_ROOT%{_datadir}/shim/shim.sig install -m 0644 shim.sig $RPM_BUILD_ROOT%{_datadir}/shim/shim.sig
install -D -d -m 0755 $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/ install -D -d -m 0755 $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/
%pesign -s -i shim.efi -o $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim.efi %pesign -s -i shim.efi -o $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim.efi
%pesign -s -i MokManager.efi -o $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/MokManager.efi
cd mokutil-%{mokutilver}
make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install
%files -n shim-unsigned %files -n shim-unsigned
%doc %doc
@ -91,8 +102,16 @@ install -D -d -m 0755 $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/
%files %files
/boot/efi/EFI/%{efidir}/shim.efi /boot/efi/EFI/%{efidir}/shim.efi
/boot/efi/EFI/%{efidir}/MokManager.efi
/usr/bin/mokutil
/usr/share/man/man1/mokutil.1.gz
%changelog %changelog
* Mon Nov 26 2012 Matthew Garrett <mjg59@srcf.ucam.org> - 0.2-1
- Update shim
- Include mokutil
- Add debuginfo package since mokutil is a userspace executable
* Mon Oct 22 2012 Peter Jones <pjones@redhat.com> - 0.1-4 * Mon Oct 22 2012 Peter Jones <pjones@redhat.com> - 0.1-4
- Produce an unsigned shim - Produce an unsigned shim

View File

@ -1 +1,2 @@
7c5286aae419ce82b6b2ab81f717d3b4 shim-0.1.tar.bz2 b13a2fa37897e1508e871a5bf0a87369 shim-0.2.tar.bz2
485218c423aef15de46d55d6de48c98b mokutil-0.1.0.tar.bz2