Hello community, here is the log from the commit of package shim for openSUSE:13.1 checked in at 2013-10-28 09:41:10 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:13.1/shim (Old) and /work/SRC/openSUSE:13.1/.shim.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shim" Changes: -------- --- /work/SRC/openSUSE:13.1/shim/shim.changes 2013-10-25 13:50:02.000000000 +0200 +++ /work/SRC/openSUSE:13.1/.shim.new/shim.changes 2013-10-28 09:41:11.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Oct 28 08:34:58 UTC 2013 - [email protected] + +- replace the full content with 12.3's version as we can't get + signature from MS in time ;( + +------------------------------------------------------------------- Old: ---- SLES-UEFI-CA-Certificate.crt openSUSE-UEFI-CA-Certificate.crt shim-0.2.tar.bz2 shim-bnc804631-fix-broken-bootpath.patch shim-clear-queued-key.patch shim-fix-loadoptions.patch shim-get-2nd-stage-loader.patch shim-keep-unsigned-mokmanager.patch shim-local-key-sign-mokmanager.patch shim-mokmanager-new-pw-hash.patch shim-mokmanager-support-crypt-hash-method.patch shim-reboot-after-changes.patch shim-signed.efi shim-support-mok-delete.patch shim-suse-build.patch New: ---- shim-12.3.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shim.spec ++++++ --- /var/tmp/diff_new_pack.HSKDAT/_old 2013-10-28 09:41:11.000000000 +0100 +++ /var/tmp/diff_new_pack.HSKDAT/_new 2013-10-28 09:41:11.000000000 +0100 @@ -16,8 +16,6 @@ # -# needssslcertforbuild - Name: shim Version: 0.2 Release: 0 @@ -25,41 +23,8 @@ License: BSD-2-Clause Group: System/Boot Url: https://github.com/mjg59/shim -Source: %{name}-%{version}.tar.bz2 -# this binary has been signed by UEFI signing service -# FIXME: evaluate whether using signature only and attaching that -# to the built binary also works -Source1: shim-signed.efi -Source2: openSUSE-UEFI-CA-Certificate.crt +Source: shim-12.3.tar.xz Source3: shim-install -Source4: SLES-UEFI-CA-Certificate.crt -# PATCH-FIX-SUSE shim-suse-build.patch [email protected] -- Adjust Makefile for the build service -Patch0: shim-suse-build.patch -# PATCH-FIX-UPSTREAM shim-local-key-sign-mokmanager.patch [email protected] -- Sign MokManager.efi with the local generated certificate -Patch1: shim-local-key-sign-mokmanager.patch -# PATCH-FEATURE-UPSTREAM shim-get-2nd-stage-loader.patch [email protected] -- Get the second stage loader path from the load options -Patch2: shim-get-2nd-stage-loader.patch -# PATCH-FIX-UPSTREAM shim-reboot-after-changes.patch [email protected] -- Reboot the system after enrolling or erasing keys -Patch3: shim-reboot-after-changes.patch -# PATCH-FIX-UPSTREAM shim-clear-queued-key.patch [email protected] -- Clear the queued key to show the menu properly -Patch5: shim-clear-queued-key.patch -# PATCH-FIX-UPSTREAM shim-fix-loadoptions.patch bnc#798043 [email protected] -- Adopt the UEFI shell style LoadOptions -Patch6: shim-fix-loadoptions.patch -# PATCH-FIX-UPSTREAM shim-support-mok-delete.patch [email protected] -- Support for deleting specific keys -Patch7: shim-support-mok-delete.patch -# PATCH-FIX-UPSTREAM shim-mokmanager-new-pw-hash.patch [email protected] -- Support the new password hash -Patch8: shim-mokmanager-new-pw-hash.patch -# PATCH-FIX-UPSTREAM shim-mokmanager-support-crypt-hash-method.patch [email protected] -- Support the password hashes from /etc/shadow -Patch9: shim-mokmanager-support-crypt-hash-method.patch -# PATCH-FIX-OPENSUSE shim-keep-unsigned-mokmanager.patch [email protected] -- Keep MokManager.efi and sign it with the openSUSE key later -Patch10: shim-keep-unsigned-mokmanager.patch -# PATCH-FIX-UPSTREAM shim-bnc804631-fix-broken-bootpath.patch bnc#804631 [email protected] -- Fix the broken bootpath generated in generate_path() -Patch11: shim-bnc804631-fix-broken-bootpath.patch -BuildRequires: gnu-efi >= 3.0q -BuildRequires: mozilla-nss-tools -BuildRequires: openssl >= 0.9.8 -BuildRequires: pesign -BuildRequires: pesign-obs-integration BuildRoot: %{_tmppath}/%{name}-%{version}-build Recommends: grub2-efi ExclusiveArch: x86_64 @@ -75,73 +40,18 @@ Matthew Garrett <[email protected]> %prep -%setup -q -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 %build -chmod +x "make-certs" - -if test -e %{_sourcedir}/_projectcert.crt ; then - prjsubject=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -subject_hash) - prjissuer=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -issuer_hash) - opensusesubject=$(openssl x509 -in %{SOURCE2} -noout -subject_hash) - slessubject=$(openssl x509 -in %{SOURCE4} -noout -subject_hash) - if test "$prjissuer" = "$opensusesubject" ; then - suffix=opensuse - cert=%{SOURCE2} - fi - if test "$prjissuer" = "$slessubject" ; then - suffix=sles - cert=%{SOURCE4} - fi - if test "$prjsubject" = "$prjissuer" ; then - suffix=local - cert=%{_sourcedir}/_projectcert.crt - fi -fi -if test -z "$suffix" ; then - echo "cannot identify project, assuming openSUSE signing" - suffix=opensuse - cert=%{SOURCE2} -fi - -openssl x509 -in $cert -outform DER -out shim-$suffix.der -# create empty local cert file, we don't need a local key pair as we -# sign the mokmanager with our vendor key -touch shim.crt -touch shim.cer -# make sure cast warnings don't trigger post build check -make VENDOR_CERT_FILE=shim-$suffix.der shim.efi MokManager.efi 2>/dev/null -# make VENDOR_CERT_FILE=cert.der VENDOR_DBX_FILE=dbx -mv shim.efi shim-$suffix.efi %install -export BRP_PESIGN_FILES='%{_libdir}/efi/shim*.efi %{_libdir}/efi/MokManager.efi' -install -d %{buildroot}/%{_libdir}/efi -install -m 444 shim-*.efi %{buildroot}/%{_libdir}/efi -install -m 444 shim-*.der %{buildroot}/%{_libdir}/efi -# FIXME: install signed shim here -install -m 444 %{SOURCE1} %{buildroot}/%{_libdir}/efi/shim.efi -install -m 444 MokManager.efi %{buildroot}/%{_libdir}/efi/MokManager.efi install -d %{buildroot}/%{_sbindir} install -m 755 %{SOURCE3} %{buildroot}/%{_sbindir}/ - -%clean -%{?buildroot:%__rm -rf "%{buildroot}"} +cd %{buildroot} +tar xvf %{S:0} %files %defattr(-,root,root) -%doc COPYRIGHT +%_docdir/%name %dir %{_libdir}/efi %{_libdir}/efi/shim.efi %{_libdir}/efi/shim-*.efi -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
