rpms/shim
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update to produce shim-unsigned.

Browse Source 
This makes the package produced be named "shim-unsigned", and moves the
output to be /usr/share/shim/shim.{efi,sig}.

Signed-off-by: Peter Jones <pjones@redhat.com>
This commit is contained in:
Peter Jones 2012-10-18 15:27:54 -04:00
parent efdbd820ed
commit c476086209
1 changed files with 19 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
shim.spec
View File

@ -8,8 +8,7 @@ URL: http://www.codon.org.uk/~mjg59/shim/
Source0: http://www.codon.org.uk/~mjg59/shim/shim-%{version}.tar.bz2 Source0: http://www.codon.org.uk/~mjg59/shim/shim-%{version}.tar.bz2
BuildRequires: gnu-efi git BuildRequires: gnu-efi git
BuildRequires: pesign >= 0.10-2 BuildRequires: pesign >= 0.99-6
Requires: gnu-efi
# Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not # Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
# compatible with SysV (there's no red zone under UEFI) and there isn't a # compatible with SysV (there's no red zone under UEFI) and there isn't a
@ -21,11 +20,6 @@ Requires: gnu-efi
# Adding further platforms will require adding appropriate relocation code. # Adding further platforms will require adding appropriate relocation code.
ExclusiveArch: x86_64 ExclusiveArch: x86_64
# Fix wrong expectation about the "image size" PE header field
Patch0: shim-image-size.patch
# Allow specifying the vendor certificate on the command line
Patch1: shim-vendor-cert-file.patch
# Shim generates no binaries that run under the installed OS, so debuginfo # Shim generates no binaries that run under the installed OS, so debuginfo
# is useless # is useless
%global debug_package %{nil} %global debug_package %{nil}
@ -42,8 +36,15 @@ Patch1: shim-vendor-cert-file.patch
Initial UEFI bootloader that handles chaining to a trusted full bootloader Initial UEFI bootloader that handles chaining to a trusted full bootloader
under secure boot environments. under secure boot environments.
%package -n shim-unsigned
Summary: First-stage UEFI bootloader (unsigned data)
%description -n shim-unsigned
Initial UEFI bootloader that handles chaining to a trusted full bootloader
under secure boot environments.
%prep %prep
%setup -q %setup -q -n shim-%{version}
git init git init
git config user.email "shim-owner@fedoraproject.org" git config user.email "shim-owner@fedoraproject.org"
git config user.name "Fedora Ninjas" git config user.name "Fedora Ninjas"
@ -65,16 +66,20 @@ make %{?_smp_mflags} ${MAKEFLAGS}
%install %install
rm -rf $RPM_BUILD_ROOT rm -rf $RPM_BUILD_ROOT
mv shim.efi shim.orig %pesign -s -i shim.efi -e shim.sig
%pesign -s -i shim.orig -o shim.efi install -D -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/shim/
install -m 0755 -D shim.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim.efi install -m 0644 shim.efi $RPM_BUILD_ROOT%{_datadir}/shim/shim.efi
install -m 0644 shim.sig $RPM_BUILD_ROOT%{_datadir}/shim/shim.sig
%files %files -n shim-unsigned
%doc %doc
/boot/efi/EFI/%{efidir}/shim.efi %dir %{_datadir}/shim
%{_datadir}/shim/*
%changelog %changelog
* Thu Oct 18 2012 Peter Jones <pjones@redhat.com>
- Produce an unsigned shim
* Tue Aug 14 2012 Peter Jones <pjones@redhat.com> - 0.1-3 * Tue Aug 14 2012 Peter Jones <pjones@redhat.com> - 0.1-3
- Update how embedded cert and signing work. - Update how embedded cert and signing work.