Hello community, here is the log from the commit of package shim for openSUSE:Factory checked in at 2017-02-26 17:00:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shim (Old) and /work/SRC/openSUSE:Factory/.shim.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shim" Changes: -------- --- /work/SRC/openSUSE:Factory/shim/shim.changes 2016-12-13 17:41:16.961301951 +0100 +++ /work/SRC/openSUSE:Factory/.shim.new/shim.changes 2017-02-26 17:00:27.919908628 +0100 @@ -1,0 +2,13 @@ +Fri Jan 13 09:21:49 UTC 2017 - [email protected] + +- Support %posttrans with marcos provided by update-bootloader-rpm-macros + package (bsc#997317) + +------------------------------------------------------------------- +Fri Nov 18 09:23:01 UTC 2016 - [email protected] + +- Add SIGNATURE_UPDATE.txt to state the steps to update + signature-*.asc +- Update the comment of strip_signature.sh + +------------------------------------------------------------------- New: ---- SIGNATURE_UPDATE.txt ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shim.spec ++++++ --- /var/tmp/diff_new_pack.ncwN5S/_old 2017-02-26 17:00:29.395684776 +0100 +++ /var/tmp/diff_new_pack.ncwN5S/_new 2017-02-26 17:00:29.399684169 +0100 @@ -1,7 +1,7 @@ # # spec file for package shim # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -14,10 +14,9 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # - - # needssslcertforbuild + %undefine _build_create_debug Name: shim @@ -30,6 +29,7 @@ Source: %{name}-%{version}.tar.bz2 # run "extract_signature.sh shim.efi" where shim.efi is the binary # with the signature from the UEFI signing service. +# Note: For signature requesting, check SIGNATURE_UPDATE.txt Source1: signature-opensuse.asc Source2: openSUSE-UEFI-CA-Certificate.crt Source3: shim-install @@ -42,6 +42,7 @@ Source10: timestamp.pl Source11: strip_signature.sh Source12: signature-sles.asc +Source99: SIGNATURE_UPDATE.txt # PATCH-FIX-SUSE shim-only-os-name.patch [email protected] -- Only include the OS name in version.c Patch1: shim-only-os-name.patch # PATCH-FIX-UPSTREAM FATE#320129 shim-httpboot-support.patch [email protected] -- Add HTTPBoot support @@ -63,7 +64,14 @@ BuildRequires: openssl >= 0.9.8 BuildRequires: pesign BuildRequires: pesign-obs-integration +%if 0%{?suse_version} > 1320 +BuildRequires: update-bootloader-rpm-macros +%endif +%if 0%{?update_bootloader_requires:1} +%update_bootloader_requires +%else Requires: perl-Bootloader +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-build # For shim-install script Requires: grub2-efi @@ -233,7 +241,14 @@ %{?buildroot:%__rm -rf "%{buildroot}"} %post +%if 0%{?update_bootloader_check_type_reinit_post:1} +%update_bootloader_check_type_reinit_post grub2-efi +%else /sbin/update-bootloader --reinit || true +%endif + +%posttrans +%{?update_bootloader_posttrans} %files %defattr(-,root,root) ++++++ SIGNATURE_UPDATE.txt ++++++ ==== openSUSE ==== For openSUSE, the devel project of shim is devel:openSUSE:Factory. ALWAYS use the latest Leap to build shim-opensuse.efi for UEFI CA. Tumbleweed shares the same binary with Leap, so do the older Leap releases. The steps to udpate signature-opensuse.asc: 1) Branch devel:openSUSE:Factory/shim. 2) Add the latest Leap, e.g. 42.2, to the build target. 3) Build shim-opensuse.efi against the latest Leap. 4) Strip the signature from shim-opensuse.efi with strip_signature.sh. 5) Send shim-opensuse.efi to UEFI CA to request a new signature. 6) Extract the signature from the signed shim.efi with extract_signature.sh 7) Update signature-opensuse.asc. ==== SLES === Since there is no devel project for shim in SLES, just build shim-sles.efi with the latest SLES and then send it to UEFI CA for a new signature. The steps to update signature-sles.asc: 1) Branch shim from the latest SLES and apply the update/fix. 2) Build shim-sles.efi against the latest SLES. 3) Strip the signature from shim-sles.efi with strip_signature.sh. 4) Send shim-sles.efi to UEFI CA to request a new signature. 5) Extract the signature from the signed shim.efi with extract_signature.sh 6) Update signature-sles.asc. ++++++ strip_signature.sh ++++++ --- /var/tmp/diff_new_pack.ncwN5S/_old 2017-02-26 17:00:29.599653837 +0100 +++ /var/tmp/diff_new_pack.ncwN5S/_new 2017-02-26 17:00:29.603653231 +0100 @@ -1,5 +1,5 @@ #!/bin/bash -# attach ascii armored signature to a PE binary +# strip the signature from a PE binary set -e infile="$1"
