Commit Graph

83 Commits

Author SHA1 Message Date
Miroslav Suchý
f925443960 Migrate to SPDX license
This is part of https://fedoraproject.org/wiki/Changes/SPDX_Licenses_Phase_2
The license analysis is here http://miroslav.suchy.cz/fedora/spdx-reports/shim.html
2023-12-02 09:10:47 +00:00
Robbie Harwood
e9a64acb97 Fix aa64 unsigned rpm version
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-07-07 14:50:23 -04:00
Robbie Harwood
9de557d034 Update aarch64 (only) with relocation fixes
Resolves: #2101248
Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-07-07 14:21:49 -04:00
Peter Jones
1d32a64dc5 Fix my dumb release number.
Signed-off-by: Peter Jones <pjones@redhat.com>
2022-06-15 12:32:49 -04:00
Peter Jones
6e06d189e6 Update to shim-15.6
Resolves: CVE-2022-28737

Signed-off-by: Peter Jones <pjones@redhat.com>
2022-06-15 11:42:35 -04:00
Javier Martinez Canillas
ab9d95063e
Bump release to build for F35
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-05-05 03:02:55 +02:00
Javier Martinez Canillas
da8ecaa443
A few fixes for 15.4
- Fix handling of ignore_db and user_insecure_mode (pjones)
- Fix booting on pre-UEFI Macs (pjones)
- Fix mok variable storage allocation region (glin)
  Resolves: rhbz#1948432
- Fix the package version in the .sbat data (pjones)

Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2021-05-05 01:08:46 +02:00
Peter Jones
f4bf84f7c5
Minor updates to fix some minor bugs.
- Mark signed shim packages as protected in dnf.
  Resolves: rhbz#1874541
- Conflict with older fwupd, but don't require it.
  Resolves: rhbz#1877751

Signed-off-by: Peter Jones <pjones@redhat.com>
2021-05-05 01:08:46 +02:00
Peter Jones
4f5f869d14
Update to shim 15.4
- Support for revocations via the ".sbat" section and SBAT EFI variable
- A new unit test framework and a bunch of unit tests
- No external gnu-efi dependency
- Better CI
- No more "shim*-fedora.efi", as a second safety to avoid system vendors
  setting up the scenario for CVE-2020-15705
- enable (unsigned) arm v6 building as an aarch64 subpackage.

Resolves: CVE-2020-14372
Resolves: CVE-2020-25632
Resolves: CVE-2020-25647
Resolves: CVE-2020-27749
Resolves: CVE-2020-27779
Resolves: CVE-2021-20225
Resolves: CVE-2021-20233

Signed-off-by: Peter Jones <pjones@redhat.com>
2021-05-05 01:08:46 +02:00
Peter Jones
d8c3c8e392 Add a noautobuild file
Signed-off-by: Peter Jones <pjones@redhat.com>
2020-01-21 13:33:58 -05:00
Peter Jones
a2d56b69e7 Build a -8 because I can't tag -7 into f30 for pretty meh reasons.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-02 14:31:43 -04:00
Peter Jones
3506e57522 Revert "More %%dist shenanigans."
It's pointless, because doesn't actually get around the real problem.

This reverts commit aa0e9e6fd1.
2018-10-02 14:19:54 -04:00
Peter Jones
aa0e9e6fd1 More %%dist shenanigans.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-02 14:12:05 -04:00
Peter Jones
a069325bd5 Rebuild just because I'm dumb.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-02 13:58:10 -04:00
Peter Jones
f1083ad4d6 Put the legacy shim.efi binary in the right subpackage
Resolves: rhbz#1631989

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-10-02 13:52:49 -04:00
Peter Jones
44a06ee897 Fix a typo.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 15:36:01 -04:00
Peter Jones
3e21f6d5ec Rework the .spec to use efi-rpm-macros.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 15:28:05 -04:00
Peter Jones
f54022bf7f Make sure all of our macros always expand
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 15:07:21 -04:00
Peter Jones
a8752f8f14 Rework the .spec to use efi-rpm-macros.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 14:22:38 -04:00
Peter Jones
595703b86e Fix directory permissions to be 0700 on FAT filesystems
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 14:05:34 -04:00
Peter Jones
b5087b89ef Fix directory permissions to be 0700 on FAT filesystems
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 14:04:22 -04:00
Peter Jones
9d062d358d Temporarily revert everything to the last build that worked
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-04 14:02:26 -04:00
Peter Jones
e2500aced2 still working on this... 2018-05-04 14:00:25 -04:00
Peter Jones
74e692706d still working on this... 2018-05-04 10:30:18 -04:00
Peter Jones
35825dbe33 dammit 2018-05-03 17:25:10 -04:00
Peter Jones
de58e0d74e try another small change...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-03 16:32:59 -04:00
Peter Jones
11dee2e86f Build with %trace and without the horrible hack, to see wth koji is doing.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-03 16:11:46 -04:00
Peter Jones
c0bacf937c Move a lot of boilerplate to macros.shim
There's a bunch of boilerplate to determine filenames and such based on
which arch we're on; there's no reason to read it most of the time.
Move all that to macros.shim.

This makes the actual spec much more reasonable.

Signed-off-by: Peter Jones <pjones@redhat.com>
2018-05-03 15:34:31 -04:00
Peter Jones
240d9ca734 Pick a release value that'll be higher than what's in F28.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-30 14:38:59 -04:00
Peter Jones
eb9b0715fc Fix BOOT*.CSV and update release to -1
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-30 11:01:07 -04:00
Peter Jones
d369b28d16 Update to shim 15.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-04-24 16:51:19 -04:00
Peter Jones
08e4c727b5 Get the shim-unsigned-aarch64 package version right.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-03-06 14:17:44 -05:00
Peter Jones
25cd900f0e Slightly less nerfing...
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-03-06 14:12:18 -05:00
Peter Jones
fd0314c79d Nerf the hell out of all the checks to make sure I got this process right. sigh.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-03-06 11:09:53 -05:00
Peter Jones
acc5812c8e Back off to the thing we had in 13-0.8 until I get new signatures.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-03-06 10:56:38 -05:00
Peter Jones
99b1d687be Fix an inverted test that crept in in the signing macro. (Woops.)
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-02-28 13:23:35 -05:00
Peter Jones
0abd456d3c Rename the .spec file and fix some paths.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-02-28 12:21:42 -05:00
Peter Jones
a0656a4af3 Move the shim-signed package from f29 here.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-02-28 11:40:51 -05:00
Peter Jones
60deacd6ea Boil the sea.
Signed-off-by: Peter Jones <pjones@redhat.com>
2018-02-28 11:34:24 -05:00
Petr Šabata
72c0daf8e4 Fix the sources file 2017-05-02 13:05:31 +02:00
Petr Šabata
5c4aeae5d0 Updating to 0.9 to enable building with gcc7 2017-05-02 12:36:15 +02:00
Peter Jones
1ecf8fe756 Fix bootloader path and whitelist certificates on ARM Aarch64.
Resolves: rhbz#1170289

Signed-off-by: Peter Jones <pjones@redhat.com>
2014-12-05 09:52:49 -05:00
Peter Jones
2d3b876a4b Get rid of unused patches.
Signed-off-by: Peter Jones <pjones@redhat.com>
2014-12-05 09:51:13 -05:00
Peter Jones
b20ba9cc96 Don't use a distro tag here; it just confuses people.
Signed-off-by: Peter Jones <pjones@redhat.com>
2014-10-30 11:05:09 -04:00
Peter Jones
28fad42a38 Update to 0.8
Related: rhbz#1148230
  Related: rhbz#1148231
  Related: rhbz#1148232

Signed-off-by: Peter Jones <pjones@redhat.com>
2014-10-14 10:32:16 -04:00
Peter Jones
f12ea5ef3a Adjust for newer gnu-efi.
Signed-off-by: Peter Jones <pjones@redhat.com>
2014-09-08 16:47:26 -04:00
Peter Jones
70e23bed96 Fix logic to handle SetupMode efi variable. 2013-11-06 14:32:15 -05:00
Peter Jones
7148df39f5 Fix a FreePool(NULL) call on machines too old for SB 2013-10-31 11:34:04 -04:00
Peter Jones
fecdfb1f13 Fix a FreePool(NULL) call on machines too old for SB 2013-10-30 16:45:13 -04:00
Peter Jones
ba65b5563e Update to 0.5
Signed-off-by: Peter Jones <pjones@redhat.com>
2013-10-04 17:20:31 -04:00