Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package shim-leap for openSUSE:Factory checked in at 2021-04-27 21:35:09 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shim-leap (Old) and /work/SRC/openSUSE:Factory/.shim-leap.new.12324 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shim-leap" Tue Apr 27 21:35:09 2021 rev:15 rq:888708 version:15.4 Changes: -------- --- /work/SRC/openSUSE:Factory/shim-leap/shim-leap.changes 2020-08-29 20:39:00.913381202 +0200 +++ /work/SRC/openSUSE:Factory/.shim-leap.new.12324/shim-leap.changes 2021-04-27 21:35:35.104074937 +0200 @@ -1,0 +2,10 @@ +Tue Apr 27 07:45:26 UTC 2021 - Gary Ching-Pang Lin <[email protected]> + +- Update to shim to 15.4-lp152.4.8.1 from openSUSE Leap 15.2 for + SBAT support (bsc#1182057) + + Version: 15.4, "Wed Apr 21 05:46:19 UTC 2021" + + Include the fixes for bsc#1177789, CVE-2019-14584, bsc#1177315, + bsc#1175509, bsc#1173411, bsc#1177404, bsc#1174512, bsc#1184454 +- Add README to note why we need shim-leap for Tumbleweed + +------------------------------------------------------------------- Old: ---- shim-15+git47-lp152.4.5.1.x86_64.rpm New: ---- README shim-15.4-lp152.4.8.1.x86_64.rpm ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shim-leap.spec ++++++ --- /var/tmp/diff_new_pack.odUu2y/_old 2021-04-27 21:35:35.568075701 +0200 +++ /var/tmp/diff_new_pack.odUu2y/_new 2021-04-27 21:35:35.572075708 +0200 @@ -1,7 +1,7 @@ # # spec file for package shim-leap # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -25,12 +25,13 @@ %endif Name: shim-leap -Version: 15+git47 +Version: 15.4 Release: 0 Summary: UEFI shim loader License: BSD-2-Clause Group: System/Boot -Source: shim-15+git47-lp152.4.5.1.x86_64.rpm +Source: shim-15.4-lp152.4.8.1.x86_64.rpm +Source1: README BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: x86_64 @@ -54,12 +55,13 @@ %install # purely repackaged cp -a * %{buildroot} -# NOTE: shim-15+git47 already contains the sym-link to /usr/lib64/efi. +cp %{S:1} . %post -n shim /sbin/update-bootloader --reinit || true %files -n shim +%doc README %dir %{?sysefibasedir} %dir %{sysefidir} %{sysefidir}/shim.efi ++++++ README ++++++ Since shim needs a "stable" environment to reproduce the binary to match the signature from UEFI CA, it's difficult to maintain shim in Tumbleweed due to the nature of a rolling release distro. Instead of compiling shim for Tumbleweed, we directly import the binary the latest stable Leap release to maintain a stable and reproducible shim binary. ++++++ shim-15+git47-lp152.4.5.1.x86_64.rpm -> shim-15.4-lp152.4.8.1.x86_64.rpm ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/usr/sbin/shim-install new/usr/sbin/shim-install --- old/usr/sbin/shim-install 2020-08-24 17:48:08.000000000 +0200 +++ new/usr/sbin/shim-install 2021-04-22 14:21:29.000000000 +0200 @@ -25,6 +25,15 @@ def_grub_efi="${source_dir}/grub.efi" def_boot_efi= +[ ! -r /usr/etc/default/shim ] || . /usr/etc/default/shim +[ ! -r /etc/default/shim ] || . /etc/default/shim + +if [ -z "$def_shim_efi" ] ; then + def_shim_efi="shim.efi" +fi + +source_shim_efi="${source_dir}/${def_shim_efi}" + if [ x${arch} = xx86_64 ] ; then grub_install_target="x86_64-efi" def_boot_efi="bootx64.efi" @@ -288,14 +297,14 @@ cp "$source_grub_efi" "${efidir}/grub.efi" if test "$efidir" != "$efibootdir" ; then - cp "${source_dir}/shim.efi" "${efidir}" + cp "${source_shim_efi}" "${efidir}/shim.efi" if test -n "$bootloader_id"; then echo "shim.efi,${bootloader_id}" | iconv -f ascii -t ucs2 > "${efidir}/boot.csv" fi fi if test "$update_boot" = "yes"; then - cp "${source_dir}/shim.efi" "${efibootdir}/${def_boot_efi}" + cp "$source_shim_efi" "${efibootdir}/${def_boot_efi}" if test "$removable" = "no"; then cp "${source_dir}/fallback.efi" "${efibootdir}" # bsc#1175626, bsc#1175656 Since shim 15, loading MokManager becomes Binary files old/usr/share/efi/x86_64/MokManager.efi and new/usr/share/efi/x86_64/MokManager.efi differ Binary files old/usr/share/efi/x86_64/fallback.efi and new/usr/share/efi/x86_64/fallback.efi differ Binary files old/usr/share/efi/x86_64/shim-opensuse.efi and new/usr/share/efi/x86_64/shim-opensuse.efi differ
