Hello community, here is the log from the commit of package shim for openSUSE:Factory checked in at 2017-08-24 18:23:17 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/shim (Old) and /work/SRC/openSUSE:Factory/.shim.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shim" Thu Aug 24 18:23:17 2017 rev:60 rq:518043 version:12 Changes: -------- --- /work/SRC/openSUSE:Factory/shim/shim.changes 2017-08-01 09:24:32.706751144 +0200 +++ /work/SRC/openSUSE:Factory/.shim.new/shim.changes 2017-08-24 18:23:21.550846588 +0200 @@ -1,0 +2,9 @@ +Tue Aug 22 04:51:08 UTC 2017 - [email protected] + +- Add shim-arch-independent-names.patch to use the Arch-independent + names. (bsc#1054712) +- Refresh shim-change-debug-file-path.patch +- Disable shim-opensuse-cert-prompt.patch automatically in SLE +- Diable AArch64 until we have a real user and aarch64 signature + +------------------------------------------------------------------- New: ---- shim-arch-independent-names.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shim.spec ++++++ --- /var/tmp/diff_new_pack.crmXDz/_old 2017-08-24 18:23:22.478715939 +0200 +++ /var/tmp/diff_new_pack.crmXDz/_new 2017-08-24 18:23:22.482715376 +0200 @@ -45,6 +45,8 @@ Source99: SIGNATURE_UPDATE.txt # PATCH-FIX-SUSE shim-only-os-name.patch [email protected] -- Only include the OS name in version.c Patch1: shim-only-os-name.patch +# PATCH-FIX-SUSE shim-only-os-name.patch [email protected] -- Use the Arch-independent names +Patch2: shim-arch-independent-names.patch # PATCH-FIX-OPENSUSE shim-change-debug-file-path.patch [email protected] -- Change the default debug file path Patch50: shim-change-debug-file-path.patch # PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch [email protected] -- Show the prompt to ask whether the user trusts openSUSE certificate or not @@ -65,7 +67,8 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-build # For shim-install script Requires: grub2-efi -ExclusiveArch: x86_64 aarch64 +# Disable AArch64 until we have the signature +ExclusiveArch: x86_64 %description shim is a trivial EFI application that, when run, attempts to open and @@ -92,14 +95,15 @@ %prep %setup -q %patch1 -p1 +%patch2 -p1 %patch50 -p1 +%if 0%{?is_opensuse} == 1 %patch100 -p1 +%endif %build # first, build MokManager and fallback as they don't depend on a # specific certificate -make EFI_PATH=/usr/lib64 RELEASE=0 mmx64.efi fbx64.efi 2>/dev/null -rename mmx64 MokManager mmx64.* -rename fbx64 fallback fbx64.* +make EFI_PATH=/usr/lib64 RELEASE=0 MokManager.efi fallback.efi 2>/dev/null # now build variants of shim that embed different certificates default='' @@ -154,8 +158,7 @@ cp $cert2 shim.crt fi # make sure cast warnings don't trigger post build check - make EFI_PATH=/usr/lib64 RELEASE=0 VENDOR_CERT_FILE=shim-$suffix.der ENABLE_HTTPBOOT=1 shimx64.efi - rename shimx64 shim shimx64.* + make EFI_PATH=/usr/lib64 RELEASE=0 VENDOR_CERT_FILE=shim-$suffix.der ENABLE_HTTPBOOT=1 shim.efi # # assert correct certificate embedded grep -q "$verify" shim.efi ++++++ shim-arch-independent-names.patch ++++++ >From 927d98bacff515fdbac1ba13c6ca655385f3d6a7 Mon Sep 17 00:00:00 2001 From: Gary Lin <[email protected]> Date: Tue, 22 Aug 2017 12:43:36 +0800 Subject: [PATCH] Make the names of EFI binaries arch-independent Since we only build the 64-bit binaries, we don't have the issue of the mixed architecture binaries in the same directory. Besides, we will use the same install script for x86_64 and AArch64. It's easier to maintain the script with the same names. Signed-off-by: Gary Lin <[email protected]> --- Makefile | 9 --------- fallback.c | 2 +- shim.c | 6 +++--- 3 files changed, 4 insertions(+), 13 deletions(-) diff --git a/Makefile b/Makefile index 6ece282..d518615 100644 --- a/Makefile +++ b/Makefile @@ -51,9 +51,6 @@ ifeq ($(ARCH),x86_64) -DNO_BUILTIN_VA_FUNCS \ -DMDE_CPU_X64 "-DEFI_ARCH=L\"x64\"" -DPAGE_SIZE=4096 \ "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/x64-$(VERSION)$(RELEASE)/\"" - MMNAME = mmx64 - FBNAME = fbx64 - SHIMNAME= shimx64 EFI_PATH:=/usr/lib64/gnuefi LIB_PATH:=/usr/lib64 @@ -63,18 +60,12 @@ ifeq ($(ARCH),ia32) -maccumulate-outgoing-args -m32 \ -DMDE_CPU_IA32 "-DEFI_ARCH=L\"ia32\"" -DPAGE_SIZE=4096 \ "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/ia32-$(VERSION)$(RELEASE)/\"" - MMNAME = mmia32 - FBNAME = fbia32 - SHIMNAME= shimia32 EFI_PATH:=/usr/lib/gnuefi LIB_PATH:=/usr/lib endif ifeq ($(ARCH),aarch64) CFLAGS += -DMDE_CPU_AARCH64 "-DEFI_ARCH=L\"aa64\"" -DPAGE_SIZE=4096 \ "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/aa64-$(VERSION)$(RELEASE)/\"" - MMNAME = mmaa64 - FBNAME = fbaa64 - SHIMNAME= shimaa64 EFI_PATH:=/usr/lib64/gnuefi LIB_PATH:=/usr/lib64 endif diff --git a/fallback.c b/fallback.c index 5e4a396..c80652a 100644 --- a/fallback.c +++ b/fallback.c @@ -835,7 +835,7 @@ debug_hook(void) x = 1; Print(L"add-symbol-file "DEBUGDIR - L"fb" EFI_ARCH L".efi.debug %p -s .data %p\n", &_etext, + L"fallback.efi.debug %p -s .data %p\n", &_etext, &_edata); } diff --git a/shim.c b/shim.c index f8a1e67..48c8797 100644 --- a/shim.c +++ b/shim.c @@ -56,8 +56,8 @@ #include <openssl/x509.h> #include <openssl/x509v3.h> -#define FALLBACK L"\\fb" EFI_ARCH L".efi" -#define MOK_MANAGER L"\\mm" EFI_ARCH L".efi" +#define FALLBACK L"\\fallback.efi" +#define MOK_MANAGER L"\\MokManager.efi" #define OID_EKU_MODSIGN "1.3.6.1.4.1.2312.16.1.2" @@ -2671,7 +2671,7 @@ debug_hook(void) } Print(L"add-symbol-file "DEBUGDIR - L"shim" EFI_ARCH L".efi.debug 0x%08x -s .data 0x%08x\n", &_text, + L"shim.efi.debug 0x%08x -s .data 0x%08x\n", &_text, &_data); Print(L"Pausing for debugger attachment.\n"); -- 2.14.0 ++++++ shim-change-debug-file-path.patch ++++++ --- /var/tmp/diff_new_pack.crmXDz/_old 2017-08-24 18:23:22.630694540 +0200 +++ /var/tmp/diff_new_pack.crmXDz/_new 2017-08-24 18:23:22.630694540 +0200 @@ -18,6 +18,6 @@ -DMDE_CPU_X64 "-DEFI_ARCH=L\"x64\"" -DPAGE_SIZE=4096 \ - "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/x64-$(VERSION)$(RELEASE)/\"" + "-DDEBUGDIR=L\"/usr/lib/debug/usr/lib64/efi/shim.debug\"" - MMNAME = mmx64 - FBNAME = fbx64 - SHIMNAME= shimx64 + EFI_PATH:=/usr/lib64/gnuefi + LIB_PATH:=/usr/lib64 +
