commit shim for openSUSE:Factory

Fri, 01 Mar 2013 01:55:14 -0800 

Hello community,

here is the log from the commit of package shim for openSUSE:Factory checked in 
at 2013-03-01 10:55:08
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/shim (Old)
 and      /work/SRC/openSUSE:Factory/.shim.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "shim", Maintainer is "[email protected]"

Changes:
--------
--- /work/SRC/openSUSE:Factory/shim/shim.changes        2013-02-23 
16:45:51.000000000 +0100
+++ /work/SRC/openSUSE:Factory/.shim.new/shim.changes   2013-03-01 
10:55:10.000000000 +0100
@@ -1,0 +2,11 @@
+Thu Feb 28 08:57:48 UTC 2013 - [email protected]
+
+- sign shim also with openSUSE certificate
+
+-------------------------------------------------------------------
+Wed Feb 27 15:52:53 CET 2013 - [email protected]
+
+- identify project, export certificate as DER file
+- don't create an unused extra keypair
+
+-------------------------------------------------------------------

New:
----
  SLES-UEFI-CA-Certificate.crt

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ shim.spec ++++++
--- /var/tmp/diff_new_pack.jeFSgE/_old  2013-03-01 10:55:11.000000000 +0100
+++ /var/tmp/diff_new_pack.jeFSgE/_new  2013-03-01 10:55:11.000000000 +0100
@@ -32,6 +32,7 @@
 Source1:        shim-signed.efi
 Source2:        openSUSE-UEFI-CA-Certificate.crt
 Source3:        shim-install
+Source4:        SLES-UEFI-CA-Certificate.crt
 # PATCH-FIX-SUSE shim-suse-build.patch [email protected] -- Adjust Makefile for 
the build service
 Patch0:         shim-suse-build.patch
 # PATCH-FIX-UPSTREAM shim-local-key-sign-mokmanager.patch [email protected] -- 
Sign MokManager.efi with the local generated certificate
@@ -89,16 +90,46 @@
 
 %build
 chmod +x "make-certs"
-openssl x509 -in %{S:2} -outform DER -out openSUSE-UEFI-CA-Certificate.der
+
+if test -e %{_sourcedir}/_projectcert.crt ; then
+    prjsubject=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout 
-subject_hash)
+    prjissuer=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout 
-issuer_hash)
+    opensusesubject=$(openssl x509 -in %{SOURCE2} -noout -subject_hash)
+    slessubject=$(openssl x509 -in %{SOURCE4} -noout -subject_hash)
+    if test "$prjissuer" = "$opensusesubject" ; then
+        suffix=opensuse
+        cert=%{SOURCE2}
+    fi
+    if test "$prjissuer" = "$slessubject" ; then
+        suffix=sles
+        cert=%{SOURCE4}
+    fi
+    if test "$prjsubject" = "$prjissuer" ; then
+        suffix=local
+        cert=%{_sourcedir}/_projectcert.crt
+    fi
+fi
+if test -z "$suffix" ; then
+    echo "cannot identify project, assuming openSUSE signing"
+    suffix=opensuse
+    cert=%{SOURCE2}
+fi
+
+openssl x509 -in $cert -outform DER -out shim-$suffix.der
+# create empty local cert file, we don't need a local key pair as we
+# sign the mokmanager with our vendor key
+touch shim.crt
+touch shim.cer
 # make sure cast warnings don't trigger post build check
-make VENDOR_CERT_FILE=openSUSE-UEFI-CA-Certificate.der 2>/dev/null
+make VENDOR_CERT_FILE=shim-$suffix.der shim.efi MokManager.efi 2>/dev/null
 # make VENDOR_CERT_FILE=cert.der VENDOR_DBX_FILE=dbx
-mv shim.efi shim-opensuse.efi
+mv shim.efi shim-$suffix.efi
 
 %install
-export BRP_PESIGN_FILES='%{_libdir}/efi/shim-opensuse.efi 
%{_libdir}/efi/MokManager.efi'
+export BRP_PESIGN_FILES='%{_libdir}/efi/shim*.efi 
%{_libdir}/efi/MokManager.efi'
 install -d %{buildroot}/%{_libdir}/efi
-install -m 444 shim-opensuse.efi %{buildroot}/%{_libdir}/efi
+install -m 444 shim-*.efi %{buildroot}/%{_libdir}/efi
+install -m 444 shim-*.der %{buildroot}/%{_libdir}/efi
 # FIXME: install signed shim here
 install -m 444 %{SOURCE1} %{buildroot}/%{_libdir}/efi/shim.efi
 install -m 444 MokManager.efi %{buildroot}/%{_libdir}/efi/MokManager.efi
@@ -113,7 +144,8 @@
 %doc COPYRIGHT
 %dir %{_libdir}/efi
 %{_libdir}/efi/shim.efi
-%{_libdir}/efi/shim-opensuse.efi
+%{_libdir}/efi/shim-*.efi
+%{_libdir}/efi/shim-*.der
 %{_libdir}/efi/MokManager.efi
 %{_sbindir}/shim-install
 

++++++ SLES-UEFI-CA-Certificate.crt ++++++
-----BEGIN CERTIFICATE-----
MIIG5TCCBM2gAwIBAgIBATANBgkqhkiG9w0BAQsFADCBpjEtMCsGA1UEAwwkU1VT
RSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYDVQQGEwJERTES
MBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4IFByb2R1Y3Rz
IEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0BCQEWDWJ1aWxk
QHN1c2UuZGUwHhcNMTMwMTIyMTQyMDA4WhcNMzQxMjE4MTQyMDA4WjCBpjEtMCsG
A1UEAwwkU1VTRSBMaW51eCBFbnRlcnByaXNlIFNlY3VyZSBCb290IENBMQswCQYD
VQQGEwJERTESMBAGA1UEBwwJTnVyZW1iZXJnMSEwHwYDVQQKDBhTVVNFIExpbnV4
IFByb2R1Y3RzIEdtYkgxEzARBgNVBAsMCkJ1aWxkIFRlYW0xHDAaBgkqhkiG9w0B
CQEWDWJ1aWxkQHN1c2UuZGUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
AQCrLYL1Uq02iIgro6x6PFESFDtUKU7xO/bJanI7+AQAroowFuLBI67BBSmoq3hR
QnH3OtQusGV8y+wvjaaunppvWMfjViZ88zssj5fKXrDr5U6BB566DJgHreWaEs2d
FD13XpKRr3Nk9zdjAJu5YsR7hI1NMXsnj1X8w71OY9HLjv+Kq9917PJwZQjOGnAJ
BQTi0ogHuLiwDqMKgg5rrYD4cJDPzoLEmEXnwHDIOSiWdD0bCzhN6GQDKldIxQ2O
d/mjUgzB+dWslIb+bUKaoJgDtyPV20W74t7Y2uwoaEVr9QkPoM3tOPttf4qsWo8B
J1TgeoF01ZeKcvSyvOXCKbfAN9sqURK2ZUTNThqZ//VPQmJP6fByrMJsbvTOSsQt
HI+fFPrg1DC2KT8SzuGtWDRscHZ7MofvUKEQolVgkGwp8u68t/RAAwDpUdqIajzi
yfp9qSDD+9uMeyiLa4rrAr2ATGohNBa0qha95slgvSepXbYKuHG5b4fWMsG7z4Uc
dqE2vK8cQma1nsAeQBaq2/89294TOHEzKyspesfCBCnKQ3q+l9xelYRdvapj1CH/
cfUZf2/6X3VHN1P88RfRrPubswmrcOCEBT41upa2WKRDJ1GS6YhL6LJnrZSTjfe+
KsfNVS1D+KqSKiK0hfk6YK6O88mMGeAKQs3Ap8WthBLf0QIDAQABo4IBGjCCARYw
DwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUPU1Az5OFOQJLHPxaEt7f6LF+dV8w
gdMGA1UdIwSByzCByIAUPU1Az5OFOQJLHPxaEt7f6LF+dV+hgaykgakwgaYxLTAr
BgNVBAMMJFNVU0UgTGludXggRW50ZXJwcmlzZSBTZWN1cmUgQm9vdCBDQTELMAkG
A1UEBhMCREUxEjAQBgNVBAcMCU51cmVtYmVyZzEhMB8GA1UECgwYU1VTRSBMaW51
eCBQcm9kdWN0cyBHbWJIMRMwEQYDVQQLDApCdWlsZCBUZWFtMRwwGgYJKoZIhvcN
AQkBFg1idWlsZEBzdXNlLmRlggEBMA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0B
AQsFAAOCAgEANtdMT47CjQtuERYa5jfygIO5F+urB4fl8pYcQQ/hTPE0KtAnAtrS
1strtMrVQ1t7Wu3fVbWYA6MZMXXkcwyyNbaWfj6roaSC6G5ZqCJ69oSyzaCbyaTI
eOgzIIiVGOAj7tiM6T88Xp9qx4Xa3F6UQHF6xfwBT3nNKerGKOG01p7mBfBewwO5
Hxp7OAZmennUxV1uuT5/AsArxw9lMlawXhIAS7tRYHW+32D4tjHPDycldOw1hBjt
z5JdehBiTmxhJ6onl0HSpsX84IMSbkeFIxLfxIF0TNas1pGnSGmh8FcV+ck9js3P
yamJcNkgCstIwo3QZ2D5YdtQjOusyEuGjCIpDIQx36OMzeOo0SayOdzb2dSmcrHv
4DIkXDUELyIzu79A2R2KR7OQaGL6HGAVy6+yXHHygTbbUrb6ck2+aOG8913ChABc
ZAiSFFRKVZzzj7FeIxZNA8GBUbhd20eQB2fUXDypeAnTG6P3dtTs84xNb1qGm3VC
OAKjkWYQijLWmAOs9Q4NM/AXOeDTgXxA7iX7kWHRNeDbACirp7zM2ZOIP5ObIS6z
yMqcG9DecSVbXiH3MJDTBoB1idQTTyreqpM/l6N8xNNVjEiLJGMEM1SeYq6S1lFV
a+GcdOaLYkh7ya3I42l/tDOqH2OLIf7FEtocnc1xU6jTz8au1tZxec8=
-----END CERTIFICATE-----

-- 
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to