Javier Martinez Canillas
b545ec432a
A few fixes for 15.4
...
- Fix handling of ignore_db and user_insecure_mode (pjones)
- Fix booting on pre-UEFI Macs (pjones)
- Fix mok variable storage allocation region (glin)
Resolves: rhbz#1948432
- Fix the package version in the .sbat data (pjones)
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-04-21 09:35:50 +02:00
Peter Jones
084e65441c
Update to shim 15.4
...
- Support for revocations via the ".sbat" section and SBAT EFI variable
- A new unit test framework and a bunch of unit tests
- No external gnu-efi dependency
- Better CI
- No more "shim*-fedora.efi", as a second safety to avoid system vendors
setting up the scenario for CVE-2020-15705
Resolves: CVE-2020-14372
Resolves: CVE-2020-25632
Resolves: CVE-2020-25647
Resolves: CVE-2020-27749
Resolves: CVE-2020-27779
Resolves: CVE-2021-20225
Resolves: CVE-2021-20233
Signed-off-by: Peter Jones <pjones@redhat.com>
2021-04-06 12:34:00 -04:00
Peter Jones
d8c3c8e392
Add a noautobuild file
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2020-01-21 13:33:58 -05:00
Peter Jones
a2d56b69e7
Build a -8 because I can't tag -7 into f30 for pretty meh reasons.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-02 14:31:43 -04:00
Peter Jones
3506e57522
Revert "More %%dist shenanigans."
...
It's pointless, because doesn't actually get around the real problem.
This reverts commit aa0e9e6fd1
.
2018-10-02 14:19:54 -04:00
Peter Jones
aa0e9e6fd1
More %%dist shenanigans.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-02 14:12:05 -04:00
Peter Jones
a069325bd5
Rebuild just because I'm dumb.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-02 13:58:10 -04:00
Peter Jones
f1083ad4d6
Put the legacy shim.efi binary in the right subpackage
...
Resolves: rhbz#1631989
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-02 13:52:49 -04:00
Peter Jones
44a06ee897
Fix a typo.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 15:36:01 -04:00
Peter Jones
3e21f6d5ec
Rework the .spec to use efi-rpm-macros.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 15:28:05 -04:00
Peter Jones
f54022bf7f
Make sure all of our macros always expand
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 15:07:21 -04:00
Peter Jones
a8752f8f14
Rework the .spec to use efi-rpm-macros.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 14:22:38 -04:00
Peter Jones
595703b86e
Fix directory permissions to be 0700 on FAT filesystems
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 14:05:34 -04:00
Peter Jones
b5087b89ef
Fix directory permissions to be 0700 on FAT filesystems
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 14:04:22 -04:00
Peter Jones
9d062d358d
Temporarily revert everything to the last build that worked
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 14:02:26 -04:00
Peter Jones
e2500aced2
still working on this...
2018-05-04 14:00:25 -04:00
Peter Jones
74e692706d
still working on this...
2018-05-04 10:30:18 -04:00
Peter Jones
35825dbe33
dammit
2018-05-03 17:25:10 -04:00
Peter Jones
de58e0d74e
try another small change...
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-03 16:32:59 -04:00
Peter Jones
11dee2e86f
Build with %trace and without the horrible hack, to see wth koji is doing.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-03 16:11:46 -04:00
Peter Jones
c0bacf937c
Move a lot of boilerplate to macros.shim
...
There's a bunch of boilerplate to determine filenames and such based on
which arch we're on; there's no reason to read it most of the time.
Move all that to macros.shim.
This makes the actual spec much more reasonable.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-03 15:34:31 -04:00
Peter Jones
240d9ca734
Pick a release value that'll be higher than what's in F28.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-30 14:38:59 -04:00
Peter Jones
eb9b0715fc
Fix BOOT*.CSV and update release to -1
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-30 11:01:07 -04:00
Peter Jones
d369b28d16
Update to shim 15.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-24 16:51:19 -04:00
Peter Jones
08e4c727b5
Get the shim-unsigned-aarch64 package version right.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-03-06 14:17:44 -05:00
Peter Jones
25cd900f0e
Slightly less nerfing...
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-03-06 14:12:18 -05:00
Peter Jones
fd0314c79d
Nerf the hell out of all the checks to make sure I got this process right. sigh.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-03-06 11:09:53 -05:00
Peter Jones
acc5812c8e
Back off to the thing we had in 13-0.8 until I get new signatures.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-03-06 10:56:38 -05:00
Peter Jones
99b1d687be
Fix an inverted test that crept in in the signing macro. (Woops.)
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-02-28 13:23:35 -05:00
Peter Jones
0abd456d3c
Rename the .spec file and fix some paths.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-02-28 12:21:42 -05:00
Peter Jones
a0656a4af3
Move the shim-signed package from f29 here.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-02-28 11:40:51 -05:00
Peter Jones
60deacd6ea
Boil the sea.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-02-28 11:34:24 -05:00
Petr Šabata
72c0daf8e4
Fix the sources file
2017-05-02 13:05:31 +02:00
Petr Šabata
5c4aeae5d0
Updating to 0.9 to enable building with gcc7
2017-05-02 12:36:15 +02:00
Peter Jones
1ecf8fe756
Fix bootloader path and whitelist certificates on ARM Aarch64.
...
Resolves: rhbz#1170289
Signed-off-by: Peter Jones <pjones@redhat.com>
2014-12-05 09:52:49 -05:00
Peter Jones
2d3b876a4b
Get rid of unused patches.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2014-12-05 09:51:13 -05:00
Peter Jones
b20ba9cc96
Don't use a distro tag here; it just confuses people.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2014-10-30 11:05:09 -04:00
Peter Jones
28fad42a38
Update to 0.8
...
Related: rhbz#1148230
Related: rhbz#1148231
Related: rhbz#1148232
Signed-off-by: Peter Jones <pjones@redhat.com>
2014-10-14 10:32:16 -04:00
Peter Jones
f12ea5ef3a
Adjust for newer gnu-efi.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2014-09-08 16:47:26 -04:00
Peter Jones
70e23bed96
Fix logic to handle SetupMode efi variable.
2013-11-06 14:32:15 -05:00
Peter Jones
7148df39f5
Fix a FreePool(NULL) call on machines too old for SB
2013-10-31 11:34:04 -04:00
Peter Jones
fecdfb1f13
Fix a FreePool(NULL) call on machines too old for SB
2013-10-30 16:45:13 -04:00
Peter Jones
ba65b5563e
Update to 0.5
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-10-04 17:20:31 -04:00
Peter Jones
fd458a376b
Use a release url github generates automatically.
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-08-07 15:40:25 -04:00
Peter Jones
732f24bf7f
Update to 0.4
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-06-11 15:25:33 -04:00
Peter Jones
57f3546846
Update to 0.4
2013-06-11 15:13:49 -04:00
Peter Jones
6abd8c8ccb
Fix a variable handling bug in 0.3/0.4
...
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-06-11 15:02:12 -04:00
Peter Jones
00ae24516c
Update to 0.4
2013-06-11 09:08:11 -04:00
Peter Jones
b03890160e
Use the right hash command line.
2013-06-07 17:17:26 -04:00
Peter Jones
6e8ffa5826
Require gnu-efi-3.0q for now.
...
- Don't allow mmx or sse during compilation.
- Re-organize this so all real signing happens in shim-signed instead.
- Split out mokutil
2013-06-07 16:56:37 -04:00