starlingx/integ
Code Issues Proposed changes
2705f4934d
integ/extended/shim-signed/centos/meta_patches/0002-Use-presigned-binaries.patch
jmckenna 647a218f25 Uprev shim to version 12 
Update the shim package to version 12.  This change requires
regeneration of the patch and meta-patch files.

Depends-On: https://review.openstack.org/#/c/578440
Change-Id: Ic6a61b7aad02d8931a9fa854679a0c6490144a8d
2018-06-27 11:33:23 -04:00

148 lines
6.5 KiB
Diff
Raw Blame History

diff --git a/SPECS/shim-signed.spec b/SPECS/shim-signed.spec
old mode 100644
new mode 100755
index 9cfcb2f..f6ce87e
--- a/SPECS/shim-signed.spec
+++ b/SPECS/shim-signed.spec
@@ -2,7 +2,6 @@ Name: shim-signed
Version: 12
Release: 1%{?_tis_dist}.%{tis_patch_ver}
Summary: First-stage UEFI bootloader
-%define unsigned_release 1%{?dist}
License: BSD
URL: http://www.codon.org.uk/~mjg59/shim/
@@ -16,10 +15,12 @@ Patch0004: 0004-Don-t-allow-sha1-on-the-mokutil-command-line.patch
Patch0005: 0005-Make-all-efi_guid_t-const.patch
Patch0006: 0006-mokutil-be-explicit-about-file-modes-in-all-cases.patch
Patch0007: 0007-Add-bash-completion-file.patch
+%global srcbasename shimx64
+%global srcbasenameia32 shimia32
Source1: centos.crt
-Source10: shimx64.efi
-Source11: shimia32.efi
+Source10: %{srcbasename}.efi
+Source11: %{srcbasenameia32}.efi
#Source12: shimaa64.efi
Source20: BOOTX64.CSV
Source21: BOOTIA32.CSV
@@ -47,11 +48,17 @@ BuildRequires: git
BuildRequires: openssl-devel openssl
BuildRequires: pesign >= 0.106-5%{dist}
BuildRequires: efivar-devel
-BuildRequires: shim-unsigned-%{efiarchlc} = %{version}-%{unsigned_release}
+BuildRequires: shim-unsigned-%{efiarchlc}
%ifarch x86_64
-BuildRequires: shim-unsigned-ia32 = %{version}-%{unsigned_release}
+BuildRequires: shim-unsigned-ia32
%endif
+# Rather than hardcode a release, we get the release from the installed shim-unsigned package
+%define unsigned_release %(rpm -q shim-unsigned-x64 --info | grep Release | awk '{print $3}')
+%define unsigned_dir "%{_datadir}/shim/%{efiarchlc}-%{version}-%{unsigned_release}/"
+%define unsigned_release_ia32 %(rpm -q shim-unsigned-ia32 --info | grep Release | awk '{print $3}')
+%define unsigned_dir_ia32 "%{_datadir}/shim/ia32-%{version}-%{unsigned_release_ia32}/"
+
# for mokutil's configure
BuildRequires: autoconf automake
@@ -143,39 +150,34 @@ cd ..
%define vendor_cert_str %{expand:%%{!?vendor_cert_nickname:-c "Red Hat Test Certificate"}%%{?vendor_cert_nickname:-c "%%{vendor_cert_nickname}"}}
%ifarch %{ca_signed_arches}
-pesign -i %{shimsrc} -h -P > shim%{efiarchlc}.hash
-if ! cmp shim%{efiarchlc}.hash %{unsigned_dir}shim%{efiarchlc}.hash ; then
- echo Invalid signature\! > /dev/stderr
- echo saved hash is $(cat %{unsigned_dir}shim%{efiarchlc}.hash) > /dev/stderr
- echo shim%{efiarchlc}.efi hash is $(cat shim%{efiarchlc}.hash) > /dev/stderr
- exit 1
+
+# if we already have a presigned EFI image, then do not do signing -- just
+# use the presigned one.
+if [ -e %{unsigned_dir}%{srcbasename}-presigned.efi ]; then
+ cp %{unsigned_dir}%{srcbasename}-presigned.efi %{srcbasename}.efi
+ cp %{unsigned_dir}%{srcbasename}-presigned.efi shim%{efiarchlc}.efi
+else
+ cp %{shimsrc} shim%{efiarchlc}.efi
fi
-cp %{shimsrc} shim%{efiarchlc}.efi
%ifarch x86_64
-pesign -i %{shimsrcia32} -h -P > shimia32.hash
-if ! cmp shimia32.hash %{unsigned_dir_ia32}shimia32.hash ; then
- echo Invalid signature\! > /dev/stderr
- echo saved hash is $(cat %{unsigned_dir_ia32}shimia32.hash) > /dev/stderr
- echo shimia32.efi hash is $(cat shimia32.hash) > /dev/stderr
- exit 1
+if [ -e %{unsigned_dir_ia32}%{srcbasenameia32}-presigned.efi ]; then
+ cp %{unsigned_dir_ia32}%{srcbasenameia32}-presigned.efi %{srcbasenameia32}.efi
+else
+ cp %{shimsrcia32} %{srcbasenameia32}.efi
fi
-cp %{shimsrcia32} shimia32.efi
-%endif
-%endif
-%ifarch %{rh_signed_arches}
-%pesign -s -i %{unsigned_dir}shim%{efiarchlc}.efi -a %{SOURCE1} -c %{SOURCE1} -o shim%{efiarchlc}-%{efidir}.efi
-%ifarch x86_64
-%pesign -s -i %{unsigned_dir_ia32}shimia32.efi -a %{SOURCE1} -c %{SOURCE1} -o shimia32-%{efidir}.efi
-%endif
-%endif
-%ifarch %{rh_signed_arches}
-%ifnarch %{ca_signed_arches}
-cp shim%{efiarchlc}-%{efidir}.efi shim%{efiarchlc}.efi
%endif
%endif
-%pesign -s -i %{unsigned_dir}mm%{efiarchlc}.efi -o mm%{efiarchlc}.efi -a %{SOURCE1} -c %{SOURCE1}
-%pesign -s -i %{unsigned_dir}fb%{efiarchlc}.efi -o fb%{efiarchlc}.efi -a %{SOURCE1} -c %{SOURCE1}
+if [ -e %{unsigned_dir}mm%{efiarchlc}-presigned.efi ]; then
+ cp %{unsigned_dir}mm%{efiarchlc}-presigned.efi mm%{efiarchlc}.efi
+else
+ %pesign -s -i %{unsigned_dir}mm%{efiarchlc}.efi -o mm%{efiarchlc}.efi -a %{SOURCE1} -c %{SOURCE1}
+fi
+if [ -e %{unsigned_dir}fb%{efiarchlc}-presigned.efi ]; then
+ cp %{unsigned_dir}fb%{efiarchlc}-presigned.efi fb%{efiarchlc}.efi
+else
+ %pesign -s -i %{unsigned_dir}fb%{efiarchlc}.efi -o fb%{efiarchlc}.efi -a %{SOURCE1} -c %{SOURCE1}
+fi
%ifarch x86_64
%pesign -s -i %{unsigned_dir_ia32}mmia32.efi -o mmia32.efi -a %{SOURCE1} -c %{SOURCE1}
@@ -191,7 +193,7 @@ make %{?_smp_mflags}
rm -rf $RPM_BUILD_ROOT
install -D -d -m 0755 $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/
install -m 0644 shim%{efiarchlc}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarchlc}.efi
-install -m 0644 shim%{efiarchlc}-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi
+#install -m 0644 shim%{efiarchlc}-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi
install -m 0644 mm%{efiarchlc}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/mm%{efiarchlc}.efi
install -m 0644 %{bootsrc} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOT%{efiarch}.CSV
@@ -211,7 +213,7 @@ install -m 0644 %{bootsrc} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOT.CSV
install -m 0644 shimia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32.efi
install -m 0644 shimia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32.efi
-install -m 0644 shimia32-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi
+#install -m 0644 shimia32-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi
install -m 0644 mmia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/mmia32.efi
install -m 0644 %{bootsrcia32} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOTIA32.CSV
@@ -224,7 +226,7 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install
%files -n shim-%{efiarchlc}
/boot/efi/EFI/%{efidir}/shim%{efiarchlc}.efi
-/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi
+#/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi
/boot/efi/EFI/%{efidir}/mm%{efiarchlc}.efi
/boot/efi/EFI/%{efidir}/BOOT%{efiarch}.CSV
/boot/efi/EFI/BOOT/BOOT%{efiarch}.EFI
@@ -236,7 +238,7 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install
%files -n shim-ia32
/boot/efi/EFI/%{efidir}/shimia32.efi
-/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi
+#/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi
/boot/efi/EFI/%{efidir}/mmia32.efi
/boot/efi/EFI/%{efidir}/BOOTIA32.CSV
/boot/efi/EFI/BOOT/BOOTIA32.EFI
View Git Blame Copy Permalink