Tree - rpms/shim-unsigned-x64 - CentOS Git server

l30013671 / rpms / shim-unsigned-x64

Forked from rpms/shim-unsigned-x64 a year ago

Source
Stats

Blame SPECS/shim-unsigned-x64.spec

Blob History Raw

		2e2de3	`%global pesign_vre 0.106-1`
		d586fa	`%global gnuefi_vre 1:3.0.5-6`
		2e2de3	`%global openssl_vre 1.0.2j`
		2e2de3
		d586fa	`%global debug_package %{nil}`
		d586fa	`%global __debug_package 1`
		d586fa	`%global _binaries_in_noarch_packages_terminate_build 0`
		d586fa	`%global __debug_install_post %{SOURCE100} x64 ia32`
		d586fa	`%undefine _debuginfo_subpackages`
		d586fa
		2e2de3	`%global efidir %(eval echo $(grep ^ID= /etc/os-release \| sed -e 's/^ID=//' -e 's/rhel/redhat/'))`
		2e2de3	`%global shimrootdir %{_datadir}/shim/`
		2e2de3	`%global shimversiondir %{shimrootdir}/%{version}-%{release}`
		2e2de3	`%global efiarch x64`
		2e2de3	`%global shimdir %{shimversiondir}/%{efiarch}`
		2e2de3	`%global efialtarch ia32`
		2e2de3	`%global shimaltdir %{shimversiondir}/%{efialtarch}`
		2e2de3
		2e2de3	`Name: shim-unsigned-%{efiarch}`
		d586fa	`Version: 15.6`
		d586fa	`Release: 1.el8`
		2e2de3	`Summary: First-stage UEFI bootloader`
		2e2de3	`ExclusiveArch: x86_64`
		2e2de3	`License: BSD`
		2e2de3	`URL: https://github.com/rhboot/shim`
		2e2de3	`Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2`
		6a35ff	`Source1: redhatsecurebootca5.cer`
		d586fa	`# currently here's what's in our dbx:`
		d586fa	`# nothing.`
		d586fa	`Source2: dbx.esl`
		c634ca	`Source3: sbat.redhat.csv`
		d586fa	`Source4: shim.patches`
		2e2de3
		2e2de3	`Source100: shim-find-debuginfo.sh`
		2e2de3
		d586fa	`%include %{SOURCE4}`
		12f6e9
		c634ca	`BuildRequires: gcc make`
		2e2de3	`BuildRequires: elfutils-libelf-devel`
		2e2de3	`BuildRequires: git openssl-devel openssl`
		2e2de3	`BuildRequires: pesign >= %{pesign_vre}`
		c634ca	`BuildRequires: dos2unix findutils`
		2e2de3
		2e2de3	`# Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not`
		2e2de3	`# compatible with SysV (there's no red zone under UEFI) and there isn't a`
		2e2de3	`# POSIX-style C library.`
		2e2de3	`# BuildRequires: OpenSSL`
		2e2de3	`Provides: bundled(openssl) = %{openssl_vre}`
		2e2de3
		2e2de3	`%global desc \`
		2e2de3	`Initial UEFI bootloader that handles chaining to a trusted full \`
		2e2de3	`bootloader under secure boot environments.`
		2e2de3	`%global debug_desc \`
		2e2de3	`This package provides debug information for package %{expand:%%{name}} \`
		2e2de3	`Debug information is useful when developing applications that \`
		2e2de3	`use this package or when debugging this package.`
		2e2de3
		2e2de3	`%description`
		2e2de3	`%desc`
		2e2de3
		2e2de3	`%package -n shim-unsigned-%{efialtarch}`
		2e2de3	`Summary: First-stage UEFI bootloader (unsigned data)`
		2e2de3	`Provides: bundled(openssl) = %{openssl_vre}`
		2e2de3
		2e2de3	`%description -n shim-unsigned-%{efialtarch}`
		2e2de3	`%desc`
		2e2de3
		2e2de3	`%package debuginfo`
		2e2de3	`Summary: Debug information for shim-unsigned-%{efiarch}`
		d586fa	`Requires: %{name}-debugsource = %{version}-%{release}`
		2e2de3	`Group: Development/Debug`
		2e2de3	`AutoReqProv: 0`
		2e2de3	`BuildArch: noarch`
		2e2de3
		2e2de3	`%description debuginfo`
		2e2de3	`%debug_desc`
		2e2de3
		2e2de3	`%package -n shim-unsigned-%{efialtarch}-debuginfo`
		2e2de3	`Summary: Debug information for shim-unsigned-%{efialtarch}`
		2e2de3	`Group: Development/Debug`
		d586fa	`Requires: %{name}-debugsource = %{version}-%{release}`
		2e2de3	`AutoReqProv: 0`
		2e2de3	`BuildArch: noarch`
		2e2de3
		2e2de3	`%description -n shim-unsigned-%{efialtarch}-debuginfo`
		2e2de3	`%debug_desc`
		2e2de3
		2e2de3	`%package debugsource`
		2e2de3	`Summary: Debug Source for shim-unsigned`
		2e2de3	`Group: Development/Debug`
		2e2de3	`AutoReqProv: 0`
		2e2de3	`BuildArch: noarch`
		2e2de3
		2e2de3	`%description debugsource`
		2e2de3	`%debug_desc`
		2e2de3
		2e2de3	`%prep`
		d586fa	`%autosetup -S git_am -n shim-%{version}`
		2e2de3	`git config --unset user.email`
		2e2de3	`git config --unset user.name`
		2e2de3	`mkdir build-%{efiarch}`
		2e2de3	`mkdir build-%{efialtarch}`
		c634ca	`cp %{SOURCE3} data/`
		2e2de3
		2e2de3	`%build`
		2e2de3	`COMMITID=$(cat commit)`
		2e2de3	`MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "`
		2e2de3	`MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "`
		c634ca	`MAKEFLAGS+="ENABLE_SHIM_HASH=true "`
		2e2de3	`MAKEFLAGS+="%{_smp_mflags}"`
		d586fa	`if [ -s "%{SOURCE1}" ]; then`
		2e2de3	`MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"`
		2e2de3	`fi`
		d586fa	`if [ -s "%{SOURCE2}" ]; then`
		2e2de3	`MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2}"`
		2e2de3	`fi`
		2e2de3
		2e2de3	`cd build-%{efiarch}`
		c634ca	`make ${MAKEFLAGS} \`
		c634ca	`DEFAULT_LOADER='\\\\grub%{efiarch}.efi' \`
		c634ca	`all`
		2e2de3	`cd ..`
		2e2de3
		2e2de3	`cd build-%{efialtarch}`
		d586fa	`setarch linux32 -B make ${MAKEFLAGS} ARCH=%{efialtarch} \`
		c634ca	`DEFAULT_LOADER='\\\\grub%{efialtarch}.efi' \`
		c634ca	`all`
		2e2de3	`cd ..`
		2e2de3
		2e2de3	`%install`
		2e2de3	`COMMITID=$(cat commit)`
		2e2de3	`MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "`
		2e2de3	`MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "`
		d586fa	`MAKEFLAGS+="ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true "`
		d586fa	`if [ -s "%{SOURCE1}" ]; then`
		2e2de3	`MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"`
		2e2de3	`fi`
		d586fa	`if [ -s "%{SOURCE2}" ]; then`
		2e2de3	`MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2}"`
		2e2de3	`fi`
		2e2de3
		2e2de3	`cd build-%{efiarch}`
		2e2de3	`make ${MAKEFLAGS} \`
		2e2de3	`DEFAULT_LOADER='\\\\grub%{efiarch}.efi' \`
		2e2de3	`DESTDIR=${RPM_BUILD_ROOT} \`
		2e2de3	`install-as-data install-debuginfo install-debugsource`
		2e2de3	`cd ..`
		2e2de3
		2e2de3	`cd build-%{efialtarch}`
		d586fa	`setarch linux32 make ${MAKEFLAGS} ARCH=%{efialtarch} \`
		2e2de3	`DEFAULT_LOADER='\\\\grub%{efialtarch}.efi' \`
		2e2de3	`DESTDIR=${RPM_BUILD_ROOT} \`
		2e2de3	`install-as-data install-debuginfo install-debugsource`
		2e2de3	`cd ..`
		2e2de3
		2e2de3	`%files`
		2e2de3	`%license COPYRIGHT`
		2e2de3	`%dir %{shimrootdir}`
		2e2de3	`%dir %{shimversiondir}`
		2e2de3	`%dir %{shimdir}`
		d586fa	`%{shimdir}/*.CSV`
		2e2de3	`%{shimdir}/*.efi`
		2e2de3	`%{shimdir}/*.hash`
		2e2de3
		2e2de3	`%files -n shim-unsigned-%{efialtarch}`
		2e2de3	`%license COPYRIGHT`
		2e2de3	`%dir %{shimrootdir}`
		2e2de3	`%dir %{shimversiondir}`
		2e2de3	`%dir %{shimaltdir}`
		d586fa	`%{shimaltdir}/*.CSV`
		2e2de3	`%{shimaltdir}/*.efi`
		2e2de3	`%{shimaltdir}/*.hash`
		2e2de3
		2e2de3	`%files debuginfo -f build-%{efiarch}/debugfiles.list`
		2e2de3
		2e2de3	`%files -n shim-unsigned-%{efialtarch}-debuginfo -f build-%{efialtarch}/debugfiles.list`
		2e2de3
		2e2de3	`%files debugsource -f build-%{efiarch}/debugsource.list`
		2e2de3
		2e2de3	`%changelog`
		d586fa	`* Wed Jun 01 2022 Peter Jones <pjones@redhat.com> - 15.6-1.el8`
		d586fa	`- Update to shim-15.6`
		d586fa	`Resolves: CVE-2022-28737`
		d586fa
		d586fa	`* Thu Sep 17 2020 Peter Jones <pjones@redhat.com> - 15-9.el8`
		d586fa	`- Fix an incorrect allocation size.`
		d586fa	`Related: rhbz#1877253`
		d586fa
		d586fa	`* Thu Jul 30 2020 Peter Jones <pjones@redhat.com> - 15-8`
		d586fa	`- Fix a load-address-dependent forever loop.`
		d586fa	`Resolves: rhbz#1861977`
		d586fa	`Related: CVE-2020-10713`
		d586fa	`Related: CVE-2020-14308`
		d586fa	`Related: CVE-2020-14309`
		d586fa	`Related: CVE-2020-14310`
		d586fa	`Related: CVE-2020-14311`
		d586fa	`Related: CVE-2020-15705`
		d586fa	`Related: CVE-2020-15706`
		d586fa	`Related: CVE-2020-15707`
		d586fa
		d586fa	`* Sat Jul 25 2020 Peter Jones <pjones@redhat.com> - 15-7`
		d586fa	`- Implement Lenny's workaround`
		d586fa	`Related: CVE-2020-10713`
		d586fa	`Related: CVE-2020-14308`
		d586fa	`Related: CVE-2020-14309`
		d586fa	`Related: CVE-2020-14310`
		d586fa	`Related: CVE-2020-14311`
		d586fa
		d586fa	`* Fri Jul 24 2020 Peter Jones <pjones@redhat.com> - 15-5`
		d586fa	`- Once more with the MokListRT config table patch added.`
		d586fa	`Related: CVE-2020-10713`
		d586fa	`Related: CVE-2020-14308`
		d586fa	`Related: CVE-2020-14309`
		d586fa	`Related: CVE-2020-14310`
		d586fa	`Related: CVE-2020-14311`
		d586fa
		d586fa	`* Thu Jul 23 2020 Peter Jones <pjones@redhat.com> - 15-4`
		d586fa	`- Rebuild for bug fixes and new signing keys`
		d586fa	`Related: CVE-2020-10713`
		d586fa	`Related: CVE-2020-14308`
		d586fa	`Related: CVE-2020-14309`
		d586fa	`Related: CVE-2020-14310`
		d586fa	`Related: CVE-2020-14311`
		6a35ff
		6a35ff	`* Wed Jun 05 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-3`
		6a35ff	`- Make EFI variable copying fatal only on secureboot enabled systems`
		6a35ff	`Resolves: rhbz#1715878`
		6a35ff	`- Fix booting shim from an EFI shell using a relative path`
		6a35ff	`Resolves: rhbz#1717064`
		6a35ff
		12f6e9	`* Tue Feb 12 2019 Peter Jones <pjones@redhat.com> - 15-2`
		12f6e9	`- Fix MoK mirroring issue which breaks kdump without intervention`
		12f6e9	`Related: rhbz#1668966`
		12f6e9
		2e2de3	`* Fri Jul 20 2018 Peter Jones <pjones@redhat.com> - 15-1`
		2e2de3	`- Update to shim 15`
		2e2de3
		2e2de3	`* Tue Sep 19 2017 Peter Jones <pjones@redhat.com> - 13-3`
		2e2de3	`- Actually update to the real 13 final.`
		2e2de3	`Related: rhbz#1489604`
		2e2de3
		2e2de3	`* Thu Aug 31 2017 Peter Jones <pjones@redhat.com> - 13-2`
		2e2de3	`- Actually update to 13 final.`
		2e2de3
		2e2de3	`* Fri Aug 18 2017 Peter Jones <pjones@redhat.com> - 13-1`
		2e2de3	`- Make a new shim-unsigned-x64 package like the shim-unsigned-aarch64 one.`
		2e2de3	`- This will (eventually) supersede what's in the "shim" package so we can`
		2e2de3	`make "shim" hold the signed one, which will confuse fewer people.`

l30013671 / rpms / shim-unsigned-x64

Source Code

Blame SPECS/shim-unsigned-x64.spec