rpms / fwupdate

Clone
Source Code
GIT

Files

  1.   a3e679344bd81baa21e55af336fcd6d5050baec0
  2.   SPECS
  3.   fwupdate.spec
Blob Blame History Raw 
%global efivar_version 36-1
%global efibootmgr_version 17-1
%global gnu_efi_version 1:3.0.8-1
%global pesign_version 0.109-10

Name:           fwupdate
Version:        12
Release:        6%{?dist}
Summary:        Tools to manage UEFI firmware updates
License:        GPLv2+
URL:            https://github.com/rhinstaller/fwupdate
Requires:       %{name}-libs%{?_isa} = %{version}-%{release}
BuildRequires:  efivar-devel >= %{efivar_version}
BuildRequires:  gnu-efi >= %{gnu_efi_version}
BuildRequires:  gnu-efi-devel >= %{gnu_efi_version}
BuildRequires:  pesign >= %{pesign_version}
BuildRequires:  elfutils popt-devel git gettext pkgconfig
BuildRequires:  systemd
ExclusiveArch:  x86_64 aarch64
Source0:        https://github.com/rhinstaller/fwupdate/releases/download/%{name}-%{version}/%{name}-%{version}.tar.bz2
Source1:        redhatsecurebootca1.cer
Source2:        redhatsecureboot301.cer
Source3:        redhatsecurebootca5.cer
Source4:        redhatsecureboot503.cer
Patch0001: 0001-Make-some-compiler-versions-ignore-missing-field-ini.patch
Patch0002: 0002-libfwup-set_up_boot_next-make-sure-we-check-if-our-f.patch
Patch0003: 0003-Actually-add-fwup_version-to-our-exposed-API-list.patch

%ifarch x86_64
%global efiarch x64
%endif
%ifarch aarch64
%global efiarch aa64
%endif

# Figure out the right file path to use
%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/'))

%description
fwupdate provides a simple command line interface to the UEFI firmware updates.

%package libs
Summary: Library to manage UEFI firmware updates
Requires: %{name}-efi = %{version}-%{release}

%description libs
Library to allow for the simple manipulation of UEFI firmware updates.

%package devel
Summary: Development headers for libfwup
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
Requires: efivar-devel >= %{efivar_version}

%description devel
development headers required to use libfwup.

%package efi
Summary: UEFI binaries used by libfwup
Requires: shim

%description efi
UEFI binaries used by libfwup.

%prep
%setup -q -n %{name}-%{version}
git init
git config user.email "%{name}-owner@fedoraproject.org"
git config user.name "Fedora Ninjas"
git add .
git commit -a -q -m "%{version} baseline."
git am %{patches} </dev/null
git config --unset user.email
git config --unset user.name

%build
git config --local --add fwupdate.efidir '%{efidir}'
%ifarch x86_64
setarch linux32 -B make CFLAGS="$RPM_OPT_FLAGS" libdir=%{_libdir} \
        bindir=%{_bindir} EFIDIR=%{efidir} %{?_smp_mflags} \
        SUBDIRS=efi ARCH=ia32
mv -v efi/fwupia32.efi fwupia32.unsigned.efi
%pesign -s -i fwupia32.unsigned.efi -o fwupia32.tmp.efi -a %{SOURCE1} -c %{SOURCE2} -n redhatsecureboot301
%pesign -s -i fwupia32.tmp.efi -o fwupia32.efi -a %{SOURCE3} -c %{SOURCE4} -n redhatsecureboot503
make clean
%endif
make CFLAGS="$RPM_OPT_FLAGS" libdir=%{_libdir} bindir=%{_bindir} \
     EFIDIR=%{efidir} %{?_smp_mflags}
mv -v efi/fwup%{efiarch}.efi efi/fwup%{efiarch}.unsigned.efi
%pesign -s -i efi/fwup%{efiarch}.unsigned.efi -o efi/fwup%{efiarch}.tmp.efi -a %{SOURCE1} -c %{SOURCE2} -n redhatsecureboot301
%pesign -s -i efi/fwup%{efiarch}.tmp.efi -o efi/fwup%{efiarch}.efi -a %{SOURCE3} -c %{SOURCE4} -n redhatsecureboot503

%install
rm -rf $RPM_BUILD_ROOT
install -d -m 0755 $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/
%make_install EFIDIR=%{efidir} libdir=%{_libdir} \
       bindir=%{_bindir} mandir=%{_mandir} localedir=%{_datadir}/locale/ \
       includedir=%{_includedir} libexecdir=%{_libexecdir} \
       datadir=%{_datadir}
%ifarch x86_64
mv fwupia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/
%endif

%ifnarch %{ix86}
%post libs
/sbin/ldconfig
%systemd_post fwupdate-cleanup.service

%preun libs
%systemd_preun fwupdate-cleanup.service

%postun libs
/sbin/ldconfig
%systemd_postun_with_restart pesign.service

%files
%defattr(-,root,root,-)
%{!?_licensedir:%global license %%doc}
%license COPYING
# %%doc README
%{_bindir}/fwupdate
%{_datadir}/locale/en/fwupdate.po
%doc %{_mandir}/man1/*
%dir %{_datadir}/bash-completion/completions
%{_datadir}/bash-completion/completions/fwupdate

%files devel
%defattr(-,root,root,-)
%doc %{_mandir}/man3/*
%{_includedir}/*
%{_libdir}/*.so
%{_libdir}/pkgconfig/*.pc

%files libs
%defattr(-,root,root,-)
%{_libdir}/*.so.*
%{_datadir}/locale/en/libfwup.po
%{_unitdir}/fwupdate-cleanup.service
%attr(0755,root,root) %dir %{_sharedstatedir}/fwupdate/
%config(noreplace) %ghost %{_sharedstatedir}/fwupdate/done
%attr(0755,root,root) %dir %{_libexecdir}/fwupdate/
%{_libexecdir}/fwupdate/cleanup
%endif

%files efi
%defattr(-,root,root,-)
%dir %attr(0700,root,root) %dir /boot/efi
%dir %attr(0700,root,root)/boot/efi/EFI/%{efidir}/
%dir %attr(0700,root,root)/boot/efi/EFI/%{efidir}/fw/
%attr(0700,root,root)/boot/efi/EFI/%{efidir}/fwup*.efi

%changelog
* Wed Jun 24 2020 Peter Jones <pjones@redhat.com> - 12-6
- Add signing by redhatsecureboot503
  Related: CVE-2020-10713

* Thu Jun 28 2018 Peter Jones <pjones@redhat.com> - 12-5
- Make sure fwup_version() gets exported correctly.
  Related: rhbz#1570032

* Thu Jun 21 2018 Peter Jones <pjones@redhat.com> - 12-4
- Fix permissions on /boot/efi/...
  Related: rhbz#1496952

* Thu Jun 14 2018 Peter Jones <pjones@redhat.com> - 12-3
- Fix some more covscan nits.
  Related: rhbz#1570032

* Wed Jun 13 2018 Peter Jones <pjones@redhat.com> - 12-2
- Fix some covscan nits.
  Related: rhbz#1570032

* Mon Jun 11 2018 Peter Jones <pjones@redhat.com> - 12-1
- Update to fwupdate-12
  Resolves: rhbz#1570032

* Fri May 19 2017 Peter Jones <pjones@redhat.com> - 9-8
- Hopefully the last TPS related rebuild.
  Related: rhbz#1380825

* Fri May 19 2017 Peter Jones <pjones@redhat.com> - 9-7
- One more TPS related rebuild...
  Related: rhbz#1380825

* Wed May 17 2017 Peter Jones <pjones@redhat.com> - 9-6
- Rebuild to make some dependencies versioned, in order to make TPS's really
  broken builder setup work.
  Related: rhbz#1380825

* Tue May 09 2017 Peter Jones <pjones@redhat.com> - 9-5
- Fix some more coverity issues
  Related: rhbz#1380825

* Mon May 08 2017 Peter Jones <pjones@redhat.com> - 9-4
- Fix some more coverity issues
  Related: rhbz#1380825

* Mon Apr 03 2017 Peter Jones <pjones@redhat.com> - 9-3
- Fix CFLAGS on make invocation
  Related: rhbz#1380825

* Tue Mar 28 2017 Peter Jones <pjones@redhat.com> - 9-2
- Fix a pile of coverity issues.
  Related: rhbz#1380825

* Mon Mar 13 2017 Peter Jones <pjones@redhat.com> - 9-1
- First build in RHEL 7
  Resolves: rhbz#1380825

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation