Uprev shim to version 12

Update the shim package to version 12.  This change requires
regeneration of the patch and meta-patch files.

Depends-On: https://review.openstack.org/#/c/578440
Change-Id: Ic6a61b7aad02d8931a9fa854679a0c6490144a8d

extended/shim-signed/centos/meta_patches/0001-Titanium-release-info.patch

@@ -0,0 +1,24 @@
+From a19b16baa019609714fb741db4e3c73d67f2adf1 Mon Sep 17 00:00:00 2001
+From: jmckenna <jason.mckenna@windriver.com>
+Date: Tue, 16 Jan 2018 08:14:08 -0500
+Subject: [PATCH 1/2] Titanium release info
+
+---
+ SPECS/shim-signed.spec | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/SPECS/shim-signed.spec b/SPECS/shim-signed.spec
+index d2a13b1..9cfcb2f 100644
+--- a/SPECS/shim-signed.spec
++++ b/SPECS/shim-signed.spec
+@@ -1,6 +1,6 @@
+ Name:           shim-signed
+ Version:        12
+-Release:        1%{?dist}%{?buildid}
++Release:        1%{?_tis_dist}.%{tis_patch_ver}
+ Summary:        First-stage UEFI bootloader
+ %define unsigned_release 1%{?dist}
+ 
+-- 
+1.8.3.1
+

extended/shim-signed/centos/meta_patches/0001-Use-presigned-binary.patch

@@ -1,66 +0,0 @@
---- a/SPECS/shim-signed.spec	2017-01-05 14:12:11.584037112 -0500
-+++ b/SPECS/shim-signed.spec	2017-01-05 14:20:57.281934890 -0500
-@@ -1,9 +1,13 @@
- Name:           shim-signed
- Version:        0.9
--Release:        2%{?dist}
-+Release:        2%{?_tis_dist}.%{tis_patch_ver}
- Summary:        First-stage UEFI bootloader
- Provides:	shim = %{version}-%{release}
--%define unsigned_release 1.el7.centos
-+
-+# note that tis_patch_ver cannot be used in the unsigned_release definition,
-+# as the variable represents the patch level of shim-signed, and we have to
-+# specifiy the patch of shim-unsigned
-+%define unsigned_release 1.el7%{_tis_dist}.1
- 
- License:        BSD
- URL:            http://www.codon.org.uk/~mjg59/shim/
-@@ -112,25 +116,35 @@
- %define vendor_token_str %{expand:%%{nil}%%{?vendor_token_name:-t "%{vendor_token_name}"}}
- %define vendor_cert_str %{expand:%%{!?vendor_cert_nickname:-c "Red Hat Test Certificate"}%%{?vendor_cert_nickname:-c "%%{vendor_cert_nickname}"}}
- 
-+# if we already have a presigned EFI image, then do not do signing -- just
-+# use the presigned one.
-+
-+if [ -e %{unsigned_dir}shim-presigned.efi ]; then
-+	cp %{unsigned_dir}shim-presigned.efi shim.efi
-+	cp %{unsigned_dir}shim-presigned.efi shim-%{efidir}.efi
-+else
- %ifarch %{ca_signed_arches}
--pesign -i %{shimsrc} -h -P > shim.hash
--if ! cmp shim.hash %{unsigned_dir}shim.hash ; then
--	echo Invalid signature\! > /dev/stderr
--	exit 1
--fi
--cp %{shimsrc} shim.efi
-+	cp %{unsigned_dir}shim.efi shim-unsigned.efi
- %endif
- %ifarch %{rh_signed_arches}
--%pesign -s -i %{unsigned_dir}shim.efi -a %{SOURCE3} -c %{SOURCE3} -o shim-%{efidir}.efi
-+	%pesign -s -i %{unsigned_dir}shim.efi -a %{SOURCE3} -c %{SOURCE3} -o shim-%{efidir}.efi
- %endif
- %ifarch %{rh_signed_arches}
--%ifnarch %{ca_signed_arches}
--cp shim-%{efidir}.efi shim.efi
--%endif
-+	cp shim-%{efidir}.efi shim.efi
- %endif
-+fi # end "if shim-presigned.efi exists"
- 
--%pesign -s -i %{unsigned_dir}MokManager.efi -o MokManager.efi -a %{SOURCE3} -c %{SOURCE3}
--%pesign -s -i %{unsigned_dir}fallback.efi -o fallback.efi -a %{SOURCE3} -c %{SOURCE3} 
-+if [ -e %{unsigned_dir}MokManager-presigned.efi ]; then
-+	cp %{unsigned_dir}MokManager-presigned.efi MokManager.efi
-+else
-+	%pesign -s -i %{unsigned_dir}MokManager.efi -o MokManager.efi -a %{SOURCE3} -c %{SOURCE3}
-+fi
-+
-+if [ -e %{unsigned_dir}fallback-presigned.efi ]; then
-+	cp %{unsigned_dir}fallback-presigned.efi fallback.efi
-+else
-+	%pesign -s -i %{unsigned_dir}fallback.efi -o fallback.efi -a %{SOURCE3} -c %{SOURCE3}
-+fi
- 
- cd mokutil-%{mokutil_version}
- ./autogen.sh

extended/shim-signed/centos/meta_patches/0001-calculate-rather-than-hardcode-shim-unsigned-version.patch

@@ -1,55 +0,0 @@
-From 1c898dfc32b11e94ad90ab76fcff2ba2b65dfa6d Mon Sep 17 00:00:00 2001
-From: Scott Little <scott.little@windriver.com>
-Date: Tue, 31 Jan 2017 16:51:23 -0500
-Subject: [PATCH] calculate rather than hardcode shim-unsigned version
-
----
- SPECS/shim-signed.spec | 13 ++++++-------
- 1 file changed, 6 insertions(+), 7 deletions(-)
-
-diff --git a/SPECS/shim-signed.spec b/SPECS/shim-signed.spec
-index f271a05..1b00621 100644
---- a/SPECS/shim-signed.spec
-+++ b/SPECS/shim-signed.spec
-@@ -4,10 +4,6 @@ Release:        2%{?_tis_dist}.%{tis_patch_ver}
- Summary:        First-stage UEFI bootloader
- Provides:	shim = %{version}-%{release}
- 
--# note that tis_patch_ver cannot be used in the unsigned_release definition,
--# as the variable represents the patch level of shim-signed, and we have to
--# specifiy the patch of shim-unsigned
--%define unsigned_release 1.el7%{_tis_dist}.1
- 
- License:        BSD
- URL:            http://www.codon.org.uk/~mjg59/shim/
-@@ -32,14 +28,13 @@ Source5:	BOOT.CSV
- %global efiarchlc aa64
- %global shimsrc %{SOURCE2}
- %endif
--%define unsigned_dir %{_datadir}/shim/%{efiarchlc}-%{version}-%{unsigned_release}/
-+
- 
- BuildRequires: git
- BuildRequires: openssl-devel openssl
- BuildRequires: pesign >= 0.106-5%{dist}
- BuildRequires: efivar-devel
--# BuildRequires: shim-unsigned = %{version}-%{unsigned_release}
--BuildRequires: shim-unsigned = %{version}-%{unsigned_release}
-+BuildRequires: shim-unsigned 
- 
- # for mokutil's configure
- BuildRequires: autoconf automake
-@@ -119,6 +114,10 @@ git config --unset user.name
- # if we already have a presigned EFI image, then do not do signing -- just
- # use the presigned one.
- 
-+# %define unsigned_release 1.el7%{_tis_dist}.1
-+%global unsigned_release %(rpm -q --queryformat '%%{RELEASE}' shim-unsigned | sort --version-sort | tail -1)
-+%define unsigned_dir %{_datadir}/shim/%{efiarchlc}-%{version}-%{unsigned_release}/
-+
- if [ -e %{unsigned_dir}shim-presigned.efi ]; then
- 	cp %{unsigned_dir}shim-presigned.efi shim.efi
- 	cp %{unsigned_dir}shim-presigned.efi shim-%{efidir}.efi
--- 
-1.8.3.1
-

extended/shim-signed/centos/meta_patches/0002-Use-presigned-binaries.patch

@@ -0,0 +1,147 @@
+diff --git a/SPECS/shim-signed.spec b/SPECS/shim-signed.spec
+old mode 100644
+new mode 100755
+index 9cfcb2f..f6ce87e
+--- a/SPECS/shim-signed.spec
++++ b/SPECS/shim-signed.spec
+@@ -2,7 +2,6 @@ Name:           shim-signed
+ Version:        12
+ Release:        1%{?_tis_dist}.%{tis_patch_ver}
+ Summary:        First-stage UEFI bootloader
+-%define unsigned_release 1%{?dist}
+ 
+ License:        BSD
+ URL:            http://www.codon.org.uk/~mjg59/shim/
+@@ -16,10 +15,12 @@ Patch0004: 0004-Don-t-allow-sha1-on-the-mokutil-command-line.patch
+ Patch0005: 0005-Make-all-efi_guid_t-const.patch
+ Patch0006: 0006-mokutil-be-explicit-about-file-modes-in-all-cases.patch
+ Patch0007: 0007-Add-bash-completion-file.patch
++%global srcbasename shimx64
++%global srcbasenameia32 shimia32
+ 
+ Source1:	centos.crt
+-Source10:	shimx64.efi
+-Source11:	shimia32.efi
++Source10:	%{srcbasename}.efi
++Source11:	%{srcbasenameia32}.efi
+ #Source12:	shimaa64.efi
+ Source20:	BOOTX64.CSV
+ Source21:	BOOTIA32.CSV
+@@ -47,11 +48,17 @@ BuildRequires: git
+ BuildRequires: openssl-devel openssl
+ BuildRequires: pesign >= 0.106-5%{dist}
+ BuildRequires: efivar-devel
+-BuildRequires: shim-unsigned-%{efiarchlc} = %{version}-%{unsigned_release}
++BuildRequires: shim-unsigned-%{efiarchlc}
+ %ifarch x86_64
+-BuildRequires: shim-unsigned-ia32 = %{version}-%{unsigned_release}
++BuildRequires: shim-unsigned-ia32
+ %endif
+ 
++# Rather than hardcode a release, we get the release from the installed shim-unsigned package
++%define unsigned_release %(rpm -q shim-unsigned-x64 --info | grep Release | awk '{print $3}')
++%define unsigned_dir "%{_datadir}/shim/%{efiarchlc}-%{version}-%{unsigned_release}/"
++%define unsigned_release_ia32 %(rpm -q shim-unsigned-ia32 --info | grep Release | awk '{print $3}')
++%define unsigned_dir_ia32 "%{_datadir}/shim/ia32-%{version}-%{unsigned_release_ia32}/"
++
+ # for mokutil's configure
+ BuildRequires: autoconf automake
+ 
+@@ -143,39 +150,34 @@ cd ..
+ %define vendor_cert_str %{expand:%%{!?vendor_cert_nickname:-c "Red Hat Test Certificate"}%%{?vendor_cert_nickname:-c "%%{vendor_cert_nickname}"}}
+ 
+ %ifarch %{ca_signed_arches}
+-pesign -i %{shimsrc} -h -P > shim%{efiarchlc}.hash
+-if ! cmp shim%{efiarchlc}.hash %{unsigned_dir}shim%{efiarchlc}.hash ; then
+-	echo Invalid signature\! > /dev/stderr
+-	echo saved hash is $(cat %{unsigned_dir}shim%{efiarchlc}.hash) > /dev/stderr
+-	echo shim%{efiarchlc}.efi hash is $(cat shim%{efiarchlc}.hash) > /dev/stderr
+-	exit 1
++
++# if we already have a presigned EFI image, then do not do signing -- just
++# use the presigned one.
++if  [ -e %{unsigned_dir}%{srcbasename}-presigned.efi ]; then
++        cp %{unsigned_dir}%{srcbasename}-presigned.efi %{srcbasename}.efi
++        cp %{unsigned_dir}%{srcbasename}-presigned.efi shim%{efiarchlc}.efi
++else
++        cp %{shimsrc} shim%{efiarchlc}.efi
+ fi
+-cp %{shimsrc} shim%{efiarchlc}.efi
+ %ifarch x86_64
+-pesign -i %{shimsrcia32} -h -P > shimia32.hash
+-if ! cmp shimia32.hash %{unsigned_dir_ia32}shimia32.hash ; then
+-	echo Invalid signature\! > /dev/stderr
+-	echo saved hash is $(cat %{unsigned_dir_ia32}shimia32.hash) > /dev/stderr
+-	echo shimia32.efi hash is $(cat shimia32.hash) > /dev/stderr
+-	exit 1
++if  [ -e %{unsigned_dir_ia32}%{srcbasenameia32}-presigned.efi ]; then
++        cp %{unsigned_dir_ia32}%{srcbasenameia32}-presigned.efi %{srcbasenameia32}.efi
++else
++	cp %{shimsrcia32} %{srcbasenameia32}.efi
+ fi
+-cp %{shimsrcia32} shimia32.efi
+-%endif
+-%endif
+-%ifarch %{rh_signed_arches}
+-%pesign -s -i %{unsigned_dir}shim%{efiarchlc}.efi -a %{SOURCE1} -c %{SOURCE1}  -o shim%{efiarchlc}-%{efidir}.efi
+-%ifarch x86_64
+-%pesign -s -i %{unsigned_dir_ia32}shimia32.efi -a %{SOURCE1} -c %{SOURCE1}  -o shimia32-%{efidir}.efi
+-%endif
+-%endif
+-%ifarch %{rh_signed_arches}
+-%ifnarch %{ca_signed_arches}
+-cp shim%{efiarchlc}-%{efidir}.efi shim%{efiarchlc}.efi
+ %endif
+ %endif
+ 
+-%pesign -s -i %{unsigned_dir}mm%{efiarchlc}.efi -o mm%{efiarchlc}.efi -a %{SOURCE1} -c %{SOURCE1}
+-%pesign -s -i %{unsigned_dir}fb%{efiarchlc}.efi -o fb%{efiarchlc}.efi -a %{SOURCE1} -c %{SOURCE1}
++if  [ -e %{unsigned_dir}mm%{efiarchlc}-presigned.efi ]; then
++	cp %{unsigned_dir}mm%{efiarchlc}-presigned.efi mm%{efiarchlc}.efi
++else
++	%pesign -s -i %{unsigned_dir}mm%{efiarchlc}.efi -o mm%{efiarchlc}.efi -a %{SOURCE1} -c %{SOURCE1}
++fi
++if  [ -e %{unsigned_dir}fb%{efiarchlc}-presigned.efi ]; then
++	cp %{unsigned_dir}fb%{efiarchlc}-presigned.efi fb%{efiarchlc}.efi
++else
++	%pesign -s -i %{unsigned_dir}fb%{efiarchlc}.efi -o fb%{efiarchlc}.efi -a %{SOURCE1} -c %{SOURCE1}
++fi
+ 
+ %ifarch x86_64
+ %pesign -s -i %{unsigned_dir_ia32}mmia32.efi -o mmia32.efi -a %{SOURCE1} -c %{SOURCE1} 
+@@ -191,7 +193,7 @@ make %{?_smp_mflags}
+ rm -rf $RPM_BUILD_ROOT
+ install -D -d -m 0755 $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/
+ install -m 0644 shim%{efiarchlc}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarchlc}.efi
+-install -m 0644 shim%{efiarchlc}-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi
++#install -m 0644 shim%{efiarchlc}-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi
+ install -m 0644 mm%{efiarchlc}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/mm%{efiarchlc}.efi
+ install -m 0644 %{bootsrc} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOT%{efiarch}.CSV
+ 
+@@ -211,7 +213,7 @@ install -m 0644 %{bootsrc} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOT.CSV
+ 
+ install -m 0644 shimia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32.efi
+ install -m 0644 shimia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32.efi
+-install -m 0644 shimia32-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi
++#install -m 0644 shimia32-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi
+ install -m 0644 mmia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/mmia32.efi
+ install -m 0644 %{bootsrcia32} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOTIA32.CSV
+ 
+@@ -224,7 +226,7 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install
+ 
+ %files -n shim-%{efiarchlc}
+ /boot/efi/EFI/%{efidir}/shim%{efiarchlc}.efi
+-/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi
++#/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi
+ /boot/efi/EFI/%{efidir}/mm%{efiarchlc}.efi
+ /boot/efi/EFI/%{efidir}/BOOT%{efiarch}.CSV
+ /boot/efi/EFI/BOOT/BOOT%{efiarch}.EFI
+@@ -236,7 +238,7 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install
+ 
+ %files -n shim-ia32
+ /boot/efi/EFI/%{efidir}/shimia32.efi
+-/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi
++#/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi
+ /boot/efi/EFI/%{efidir}/mmia32.efi
+ /boot/efi/EFI/%{efidir}/BOOTIA32.CSV
+ /boot/efi/EFI/BOOT/BOOTIA32.EFI

extended/shim-signed/centos/meta_patches/PATCH_ORDER

@@ -1,2 +1,2 @@
-0001-Use-presigned-binary.patch
-0001-calculate-rather-than-hardcode-shim-unsigned-version.patch
+0001-Titanium-release-info.patch
+0002-Use-presigned-binaries.patch

extended/shim-signed/centos/srpm_path

@@ -1 +1 @@
-mirror:Source/shim-signed-0.9-2.el7.src.rpm
+mirror:Source/shim-signed-12-1.el7.centos.src.rpm

extended/shim-unsigned/centos/meta_patches/0001-Embed-TiS-cert.patch

@@ -1,31 +0,0 @@
-diff --git a/SPECS/shim.spec b/SPECS/shim.spec
-index 6aa8346..a8945ab 100644
---- a/SPECS/shim.spec
-+++ b/SPECS/shim.spec
-@@ -1,6 +1,6 @@
- Name:           shim
- Version:        0.9
--Release:        1.el7.centos
-+Release:        1.el7%{?_tis_dist}.%{tis_patch_ver}
- Summary:        First-stage UEFI bootloader
- 
- License:        BSD
-@@ -10,8 +10,10 @@ Source1:	centos.crt
- # currently here's what's in our dbx: # nothing.
- #Source2:	dbx.esl
- Source3:	shim-find-debuginfo.sh
-+Source4:	tis-shim.crt
- 
- Patch0001:	0001-Typo-on-aarch64.patch
-+Patch0002:	0001-Use-TiS-cert.patch
- 
- BuildRequires: git openssl-devel openssl
- BuildRequires: pesign >= 0.106-1
-@@ -81,6 +83,7 @@ git commit -a -q -m "%{version} baseline."
- git am --ignore-whitespace %{patches} </dev/null
- git config --unset user.email
- git config --unset user.name
-+cp %{SOURCE4} .
- 
- %build
- MAKEFLAGS="VENDOR_CERT_FILE=%{SOURCE1}"

extended/shim-unsigned/centos/meta_patches/0001-Objcopy-version.patch

@@ -1,12 +0,0 @@
-diff --git a/SPECS/shim.spec b/SPECS/shim.spec
-index 901e861..b6a6d0e 100644
---- a/SPECS/shim.spec
-+++ b/SPECS/shim.spec
-@@ -14,6 +14,7 @@ Source4:	tis-shim.crt
- 
- Patch0001:	0001-Typo-on-aarch64.patch
- Patch0002:	0001-Use-TiS-cert.patch
-+Patch0003:      0001-Objcopy-version.patch
- 
- BuildRequires: git openssl-devel openssl
- BuildRequires: pesign >= 0.106-1

extended/shim-unsigned/centos/meta_patches/0001-Ti-version-string.patch

@@ -0,0 +1,27 @@
+From fc1f1853e99c5afaae334b0c37296e34e9cf19fd Mon Sep 17 00:00:00 2001
+From: root <root@yow-cgts4-lx.wrs.com>
+Date: Mon, 15 Jan 2018 13:09:41 -0500
+Subject: [PATCH 1/2] Ti version string
+
+---
+ SPECS/shim.spec | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+ mode change 100755 => 100644 SPECS/shim.spec
+
+diff --git a/SPECS/shim.spec b/SPECS/shim.spec
+old mode 100755
+new mode 100644
+index afd533b..de216b6
+--- a/SPECS/shim.spec
++++ b/SPECS/shim.spec
+@@ -1,6 +1,6 @@
+ Name:           shim
+ Version:        12
+-Release:        1%{?dist}
++Release:        1.el7%{?_tis_dist}.%{tis_patch_ver}
+ Summary:        First-stage UEFI bootloader
+ 
+ License:        BSD
+-- 
+1.8.3.1
+

extended/shim-unsigned/centos/meta_patches/0002-Add-Ti-certificate.patch

@@ -0,0 +1,45 @@
+From fb4da7f4d7d8e8565371ed236150de2e4bb47b95 Mon Sep 17 00:00:00 2001
+From: root <root@yow-cgts4-lx.wrs.com>
+Date: Mon, 15 Jan 2018 13:22:09 -0500
+Subject: [PATCH 2/2] Add Ti certificate
+
+---
+ SPECS/shim.spec | 5 +++++
+ 1 file changed, 5 insertions(+)
+ mode change 100644 => 100755 SPECS/shim.spec
+
+diff --git a/SPECS/shim.spec b/SPECS/shim.spec
+old mode 100644
+new mode 100755
+index de216b6..83da6cd
+--- a/SPECS/shim.spec
++++ b/SPECS/shim.spec
+@@ -11,6 +11,9 @@ Source1:	centos.crt
+ #Source2:	dbx-x64.esl
+ #Source3:	dbx-aa64.esl
+ Source4:	shim-find-debuginfo.sh
++Source1000:     tis-shim.crt
++
++Patch1000:      0001-Use-Titanium-certificate.patch
+ 
+ BuildRequires: git openssl-devel openssl
+ BuildRequires: pesign >= 0.106-1
+@@ -101,6 +104,7 @@ git commit -a -q -m "%{version} baseline."
+ git am --ignore-whitespace %{patches} </dev/null
+ git config --unset user.email
+ git config --unset user.name
++cp %{SOURCE1000} .
+ 
+ %ifarch x86_64
+ cd ..
+@@ -115,6 +119,7 @@ git commit -a -q -m "%{version} baseline."
+ git am --ignore-whitespace %{patches} </dev/null
+ git config --unset user.email
+ git config --unset user.name
++cp %{SOURCE1000} .
+ %endif
+ 
+ %build
+-- 
+1.8.3.1
+

extended/shim-unsigned/centos/meta_patches/PATCH_ORDER

@@ -1,3 +1,2 @@
-0001-Embed-TiS-cert.patch
-0001-Objcopy-version.patch
-spec.arch.patch
+0001-Ti-version-string.patch
+0002-Add-Ti-certificate.patch

extended/shim-unsigned/centos/meta_patches/spec.arch.patch

@@ -1,12 +0,0 @@
-diff --git a/SPECS/shim.spec b/SPECS/shim.spec
-index b6a6d0e..dcfb66e 100644
---- a/SPECS/shim.spec
-+++ b/SPECS/shim.spec
-@@ -65,7 +65,6 @@ Obsoletes: shim-debuginfo < 0.9
- Summary: Debug information for package %{name}
- Group: Development/Debug
- AutoReqProv: 0
--BuildArch: noarch
- 
- %description -n shim-unsigned-%{efiarch}-debuginfo
- This package provides debug information for package %{name}.

extended/shim-unsigned/centos/patches/0001-Objcopy-version.patch

@@ -1,19 +0,0 @@
-From 551015b9e0a7b226840ccb758d2fcbd4430d83d5 Mon Sep 17 00:00:00 2001
-From: jmckenna <jason.mckenna@windriver.com>
-Date: Thu, 19 Jan 2017 15:05:16 -0500
-Subject: [PATCH] Better parting of objcopy version
-
-
-diff --git a/Makefile b/Makefile
-index e8b291e..02388ac 100644
---- a/Makefile
-+++ b/Makefile
-@@ -9,7 +9,7 @@ LD		= $(CROSS_COMPILE)ld
- OBJCOPY		= $(CROSS_COMPILE)objcopy
- 
- ARCH		= $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,)
--OBJCOPY_GTE224  = $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.* //g' | cut -f1-2 -d.` \>= 2.24)
-+OBJCOPY_GTE224  = $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.*version //g' | cut -f1-2 -d.` \>= 2.24)
- 
- SUBDIRS		= Cryptlib lib
- 

extended/shim-unsigned/centos/patches/0001-Use-Titanium-certificate.patch

@@ -1,16 +1,19 @@
-From 6a0a1ea93362b7f9f2f5242e847ae1e0ef15de04 Mon Sep 17 00:00:00 2001
-From: jmckenna <jason.mckenna@windriver.com>
-Date: Thu, 5 Jan 2017 08:54:32 -0500
-Subject: [PATCH] Use Titanium Cloud certificate
+From 057532ac6c77d20ae8d6ce0354e7ef67b1870eb6 Mon Sep 17 00:00:00 2001
+From: root <root@yow-cgts4-lx.wrs.com>
+Date: Mon, 15 Jan 2018 13:25:04 -0500
+Subject: [PATCH] Use Titanium certificate
 
+---
+ Makefile | 26 ++++++++++++++++++--------
+ 1 file changed, 18 insertions(+), 8 deletions(-)
 
 diff --git a/Makefile b/Makefile
-index 1181b8a..e8b291e 100644
+index 6ece282..bb4f7f9 100644
 --- a/Makefile
 +++ b/Makefile
-@@ -34,6 +34,12 @@ CFLAGS		= -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
- 		  "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
- 		  $(EFI_INCLUDES)
+@@ -36,6 +36,12 @@ FBNAME		= fallback
+ 
+ COMMITID ?= $(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi)
  
 +# We compile a certificate into shim.  Usually this is a one-time generated
 +# certificate (make-certs script) however we want to include a custom
@@ -21,16 +24,16 @@ index 1181b8a..e8b291e 100644
  ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
  	CFLAGS	+= -DOVERRIDE_SECURITY_POLICY
  endif
-@@ -67,7 +73,7 @@ LDFLAGS		= --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsym
+@@ -90,7 +96,7 @@ LDFLAGS		= --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsym
  
- TARGET	= shim.efi MokManager.efi.signed fallback.efi.signed
- OBJS	= shim.o netboot.o cert.o replacements.o version.o
+ TARGET	= $(SHIMNAME).efi $(MMNAME).efi.signed $(FBNAME).efi.signed
+ OBJS	= shim.o netboot.o cert.o replacements.o tpm.o version.o
 -KEYS	= shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
-+KEYS	= shim_cert.h ocsp.* ca.* $(INTERNAL_CERT).crt $(INTERNAL_CERT).csr $(INTERNAL_CERT).p12 $(INTERNAL_CERT).pem $(INTERNAL_CERT).key $(INTERNAL_CERT).cer
- SOURCES	= shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h
++KEYS    = shim_cert.h ocsp.* ca.* $(INTERNAL_CERT).crt $(INTERNAL_CERT).csr $(INTERNAL_CERT).p12 $(INTERNAL_CERT).pem $(INTERNAL_CERT).key $(INTERNAL_CERT).cer
+ SOURCES	= shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h tpm.c tpm.h version.c version.h
  MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o
  MOK_SOURCES = MokManager.c shim.h include/console.h PasswordCrypt.c PasswordCrypt.h crypt_blowfish.c crypt_blowfish.h
-@@ -76,13 +82,17 @@ FALLBACK_SRCS = fallback.c
+@@ -104,13 +110,17 @@ endif
  
  all: $(TARGET)
  
@@ -52,8 +55,8 @@ index 1181b8a..e8b291e 100644
  	echo "static UINT8 shim_cert[] = {" > $@
  	hexdump -v -e '1/1 "0x%02x, "' $< >> $@
  	echo "};" >> $@
-@@ -93,10 +103,10 @@ version.c : version.c.in
- 		-e "s,@@COMMIT@@,$(shell if [ -d .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo commit id not available; fi)," \
+@@ -121,10 +131,10 @@ version.c : version.c.in
+ 		-e "s,@@COMMIT@@,$(COMMITID)," \
  		< version.c.in > version.c
  
 -certdb/secmod.db: shim.crt
@@ -65,4 +68,7 @@ index 1181b8a..e8b291e 100644
 +	certutil -d certdb/ -A -i $(INTERNAL_CERT).crt -n shim -t u
  
  shim.o: $(SOURCES) shim_cert.h
- 
+ shim.o: $(wildcard *.h)
+-- 
+1.8.3.1
+

extended/shim-unsigned/centos/srpm_path

@@ -1 +1 @@
-mirror:Source/shim-0.9-1.el7.centos.src.rpm
+mirror:Source/shim-12-1.el7.centos.src.rpm