Hello community,
here is the log from the commit of package shim-leap.12215 for
openSUSE:Leap:15.1:Update checked in at 2020-04-06 09:19:03
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Leap:15.1:Update/shim-leap.12215 (Old)
and /work/SRC/openSUSE:Leap:15.1:Update/.shim-leap.12215.new.3248 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shim-leap.12215"
Mon Apr 6 09:19:03 2020 rev:1 rq:790535 version:14
Changes:
--------
New Changes file:
--- /dev/null 2020-04-01 01:12:57.297512941 +0200
+++
/work/SRC/openSUSE:Leap:15.1:Update/.shim-leap.12215.new.3248/shim-leap.changes
2020-04-06 09:19:04.368503222 +0200
@@ -0,0 +1,724 @@
+-------------------------------------------------------------------
+Tue Mar 31 08:38:56 UTC 2020 - Gary Ching-Pang Lin <[email protected]>
+
+- Use the full path of efibootmgr to avoid errors when invoking
+ shim-install from packagekitd (bsc#1168104)
+
+-------------------------------------------------------------------
+Mon Mar 30 06:05:58 UTC 2020 - Gary Ching-Pang Lin <[email protected]>
+
+- Use "suse_version" instead of "sle_version" to avoid
+ shim_lib64_share_compat being set in Tumbleweed forever.
+
+-------------------------------------------------------------------
+Fri Mar 27 05:32:11 UTC 2020 - Gary Ching-Pang Lin <[email protected]>
+
+- Move 'efi'-executables to '/usr/share/efi'
+ (FATE#326960, bsc#1166523)
+
+-------------------------------------------------------------------
+Thu Dec 6 03:23:04 UTC 2018 - Gary Ching-Pang Lin <[email protected]>
+
+- Update shim-install to set the grub2-install target explicitly
+ for some special cases. (bsc#1118363)
+
+-------------------------------------------------------------------
+Fri Jun 8 10:39:42 UTC 2018 - [email protected]
+
+- Update shim to 14-lp150.8.5.1
+ + Replace shim-bsc1092000-fallback-always-try-first-option.patch
+ with shim-bsc1092000-fallback-menu.patch to show a countdown
+ menu before reset (bsc#1092000)
+
+-------------------------------------------------------------------
+Mon May 14 08:52:34 UTC 2018 - [email protected]
+
+- Update shim to 14-lp150.7.3
+ + Amend fallback.efi to avoid being trapped in the infinite reset
+ loop (bsc#1092000)
+
+-------------------------------------------------------------------
+Wed Apr 25 08:17:45 UTC 2018 - [email protected]
+
+- Update shim to 14-lp150.4.1
+- New signature from Microsoft
+
+-------------------------------------------------------------------
+Tue Apr 25 03:44:04 UTC 2017 - [email protected]
+
+- Update shim to 0.9-15.3.1
+ + shim-install: add option --suse-enable-tpm (fate#315831)
+ (Fix from [email protected])
+
+-------------------------------------------------------------------
+Tue Dec 27 05:47:23 UTC 2016 - [email protected]
+
+- Update shim to 0.9-13.1
+ + Update shim-install to support "--no-nvram" and improve
+ removable media and fallback mode handling (bsc#985568,
+ bsc#999818) (Fix from [email protected])
+
+-------------------------------------------------------------------
+Fri Oct 7 09:31:29 UTC 2016 - [email protected]
+
+- New signature from Microsoft
+
+-------------------------------------------------------------------
+Fri Aug 19 06:46:59 UTC 2016 - [email protected]
+
+- shim-install : fix regression of password prompt (bsc#993764)
+
+-------------------------------------------------------------------
+Fri Aug 5 02:53:54 UTC 2016 - [email protected]
+
+- Add shim-bsc991885-fix-sig-length.patch to fix the signature
+ length passed to Authenticode (bsc#991885)
+
+-------------------------------------------------------------------
+Wed Aug 3 09:10:25 UTC 2016 - [email protected]
+
+- Update shim-bsc973496-mokmanager-no-append-write.patch to try
+ append write first
+
+-------------------------------------------------------------------
+Tue Aug 2 02:59:46 UTC 2016 - [email protected]
+
+- Add shim-update-openssl-1.0.2h.patch to update openssl to 1.0.2h
+- Bump the requirement of gnu-efi due to the HTTPBoot support
+
+-------------------------------------------------------------------
+Mon Aug 1 09:01:59 UTC 2016 - [email protected]
+
+- Add shim-httpboot-support.patch to support HTTPBoot
+- Add shim-update-openssl-1.0.2g.patch to update openssl to 1.0.2g
+ and Cryptlib to 5e2318dd37a51948aaf845c7d920b11f47cdcfe6
+- Drop patches since they are merged into
+ shim-update-openssl-1.0.2g.patch
+ + shim-update-openssl-1.0.2d.patch
+ + shim-gcc5.patch
+ + shim-bsc950569-fix-cryptlib-va-functions.patch
+ + shim-fix-aarch64.patch
+- Refresh shim-change-debug-file-path.patch
+- Add shim-bsc973496-mokmanager-no-append-write.patch to work
+ around the firmware that doesn't support APPEND_WRITE (bsc973496)
+- shim-install : remove '\n' from the help message (bsc#991188)
+- shim-install : print a message if there is no valid EFI partition
+ (bsc#991187)
+
+-------------------------------------------------------------------
+Mon May 9 11:20:56 UTC 2016 - [email protected]
+
+- shim-install : support simple MD RAID1 target devices (FATE#314829)
+
+-------------------------------------------------------------------
+Wed May 4 10:40:52 UTC 2016 - [email protected]
+
+- Add shim-fix-aarch64.patch to fix compilation on AArch64 (bsc#978438)
+
+-------------------------------------------------------------------
+Wed Mar 9 07:15:52 UTC 2016 - [email protected]
+
+- shim-install : fix typing ESC can escape to parent config which is
+ in command mode and cannot return back (bsc#966701)
+- shim-install : fix no which command for JeOS (bsc#968264)
+
+-------------------------------------------------------------------
+Thu Dec 3 10:26:14 UTC 2015 - [email protected]
+
+- acquired updated signature from Microsoft
+
+-------------------------------------------------------------------
+Mon Nov 9 08:22:43 UTC 2015 - [email protected]
+
+- Add shim-bsc950569-fix-cryptlib-va-functions.patch to fix the
+ definition of va functions to avoid the potential crash
+ (bsc#950569)
+- Update shim-opensuse-cert-prompt.patch to avoid setting NULL to
+ MokListRT (bsc#950801)
+- Drop shim-fix-mokmanager-sections.patch as we are using the
+ newer binutils now
+- Refresh shim-change-debug-file-path.patch
+
+-------------------------------------------------------------------
+Thu Oct 8 06:49:43 UTC 2015 - [email protected]
+
+- acquired updated signature from Microsoft
+
+-------------------------------------------------------------------
+Tue Sep 15 05:03:10 UTC 2015 - [email protected]
+
+- shim-install : set default GRUB_DISTRIBUTOR from /etc/os-release
+ if it is empty or not set by user (bsc#942519)
+
+-------------------------------------------------------------------
+Thu Jul 16 06:49:01 UTC 2015 - [email protected]
+
+- Add shim-update-openssl-1.0.2d.patch to update openssl to 1.0.2d
+- Refresh shim-gcc5.patch and add it back since we really need it
+- Add shim-change-debug-file-path.patch to change the debug file
+ path in shim.efi
+ + also add the debuginfo and debugsource subpackages
+- Drop shim-fix-gnu-efi-30w.patch which is not necessary anymore
+
+-------------------------------------------------------------------
+Mon Jul 6 09:06:02 UTC 2015 - [email protected]
+
+- Update to 0.9
+- Refresh patches
+ + shim-fix-gnu-efi-30w.patch
+ + shim-fix-mokmanager-sections.patch
+ + shim-opensuse-cert-prompt.patch
+- Drop upstreamed patches
+ + shim-bsc920515-fix-fallback-buffer-length.patch
+ + shim-mokx-support.patch
+ + shim-update-cryptlib.patch
+- Drop shim-bsc919675-uninstall-shim-protocols.patch since
+ upstream fixed the bug in another way.
+- Drop shim-gcc5.patch which was fixed in another way
+
+-------------------------------------------------------------------
+Wed Apr 8 07:10:39 UTC 2015 - [email protected]
+
+- Fix tags in the spec file
+
+-------------------------------------------------------------------
+Tue Apr 7 07:42:06 UTC 2015 - [email protected]
+
+- Add shim-update-cryptlib.patch to update Cryptlib to r16559 and
+ openssl to 0.9.8zf
+- Add shim-bsc919675-uninstall-shim-protocols.patch to uninstall
+ the shim protocols at Exit (bsc#919675)
+- Add shim-bsc920515-fix-fallback-buffer-length.patch to adjust
+ the buffer size for the boot options (bsc#920515)
+- Refresh shim-opensuse-cert-prompt.patch
+
+-------------------------------------------------------------------
+Thu Apr 2 16:31:28 UTC 2015 - [email protected]
+
++++ 527 more lines (skipped)
++++ between /dev/null
++++ and
/work/SRC/openSUSE:Leap:15.1:Update/.shim-leap.12215.new.3248/shim-leap.changes
New:
----
shim-14-lp150.8.5.1.x86_64.rpm
shim-install
shim-leap.changes
shim-leap.spec
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ shim-leap.spec ++++++
#
# spec file for package shim-leap
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# Move 'efi'-executables to '/usr/share/efi' (FATE#326960, bsc#1166523)
%define sysefibasedir %{_datadir}/efi
%define sysefidir %{sysefibasedir}/%{_target_cpu}
%if 0%{?suse_version} < 1600
# provide compatibility sym-link for residual kiwi, etc.
%define shim_lib64_share_compat 1
%endif
Name: shim-leap
Version: 14
Release: 0
Summary: UEFI shim loader
License: BSD-2-Clause
Group: System/Boot
Source: shim-14-lp150.8.5.1.x86_64.rpm
Source1: shim-install
BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExclusiveArch: x86_64
%description
does not exist
%package -n shim
Summary: UEFI shim loader
Group: System/Boot
Requires: perl-Bootloader
%description -n shim
shim is a trivial EFI application that, when run, attempts to open and
execute another application.
%prep
rpm2cpio %{SOURCE0} | cpio --extract --unconditional
--preserve-modification-time --make-directories
%build
%install
# purely repackaged
cp -a * %{buildroot}
install -m 755 %{SOURCE1} %{buildroot}/%{_sbindir}
# Move 'efi'-executables to '/usr/share/efi' (FATE#326960, bsc#1166523)
install -d %{buildroot}/%{sysefidir}
mv %{buildroot}/usr/lib64/efi/* %{buildroot}/%{sysefidir}
%if %{defined shim_lib64_share_compat}
ln -srf %{buildroot}/%{sysefidir}/*.efi %{buildroot}/usr/lib64/efi/
%endif
%post -n shim
/sbin/update-bootloader --reinit || true
%files -n shim
%dir %{?sysefibasedir}
%dir %{sysefidir}
%{sysefidir}/shim.efi
%{sysefidir}/shim-*.efi
%{sysefidir}/shim-*.der
%{sysefidir}/MokManager.efi
%{sysefidir}/fallback.efi
%if %{defined shim_lib64_share_compat}
# provide compatibility sym-link for previous kiwi, etc.
%dir /usr/lib64/efi
/usr/lib64/efi/*.efi
%endif
/etc/uefi
/usr/sbin/shim-install
/usr/share/doc/packages/shim
%changelog
++++++ shim-install ++++++
#! /bin/bash -e
rootdir=
bootdir=
efidir=
install_device=
efibootdir=
ca_string=
no_nvram=no
removable=no
clean=no
sysconfdir="/etc"
libdir="/usr/lib64"
source_dir="$libdir/efi"
efibootmgr="/usr/sbin/efibootmgr"
grub_probe="/usr/sbin/grub2-probe"
grub_mkrelpath="/usr/bin/grub2-mkrelpath"
grub_install="/usr/sbin/grub2-install"
grub_install_target=
self="`basename $0`"
grub_cfg="/boot/grub2/grub.cfg"
update_boot=no
def_grub_efi="${source_dir}/grub.efi"
def_boot_efi=
arch=`uname -m`
if [ x${arch} = xx86_64 ] ; then
grub_install_target="x86_64-efi"
def_boot_efi="bootx64.efi"
elif [ x${arch} = xaarch64 ] ; then
grub_install_target="arm64-efi"
def_boot_efi="bootaa64.efi"
else
echo "Unsupported architecture: ${arch}"
exit 1
fi
# Get GRUB_DISTRIBUTOR.
if test -f "${sysconfdir}/default/grub" ; then
. "${sysconfdir}/default/grub"
fi
if [ x"${GRUB_DISTRIBUTOR}" = x ] && [ -f "${sysconfdir}/os-release" ] ; then
. "${sysconfdir}/os-release"
GRUB_DISTRIBUTOR="${NAME} ${VERSION}"
fi
bootloader_id="$(echo "$GRUB_DISTRIBUTOR" | tr 'A-Z' 'a-z' | cut -d' ' -f1)"
if test -z "$bootloader_id"; then
bootloader_id=grub
fi
efi_distributor="$bootloader_id"
bootloader_id="${bootloader_id}-secureboot"
case "$bootloader_id" in
"sle"*)
ca_string='SUSE Linux Enterprise Secure Boot CA1';;
"opensuse"*)
ca_string='openSUSE Secure Boot CA1';;
*) ca_string="";;
esac
usage () {
echo "Usage: $self [OPTION] [INSTALL_DEVICE]"
echo
echo "Install Secure Boot Loaders on your drive."
echo
echo "--directory=DIR use images from DIR."
echo "--grub-probe=FILE use FILE as grub-probe."
echo "--removable the installation device is removable."
echo "--no-nvram don't update the NVRAM variable."
echo "--bootloader-id=ID the ID of bootloader."
echo "--efi-directory=DIR use DIR as the EFI System Partition root."
echo "--config-file=FILE use FILE as config file, default is $grub_cfg."
echo "--clean remove all installed files and configs."
echo "--suse-enable-tpm install grub.efi with TPM support."
echo
echo "INSTALL_DEVICE must be system device filename."
}
argument () {
opt="$1"
shift
if test $# -eq 0; then
echo "$0: option requires an argument -- \`$opt'" 1>&2
exit 1
fi
echo "$1"
}
# Check the arguments.
while test $# -gt 0
do
option=$1
shift
case "$option" in
-h | --help)
usage
exit 0 ;;
--root-directory)
rootdir="`argument $option "$@"`"; shift;;
--root-directory=*)
rootdir="`echo "$option" | sed 's/--root-directory=//'`" ;;
--efi-directory)
efidir="`argument $option "$@"`"; shift;;
--efi-directory=*)
efidir="`echo "$option" | sed 's/--efi-directory=//'`" ;;
--directory | -d)
source_dir="`argument $option "$@"`"; shift;;
--directory=*)
source_dir="`echo "$option" | sed 's/--directory=//'`" ;;
--bootloader-id)
bootloader_id="`argument $option "$@"`"; shift;;
--bootloader-id=*)
bootloader_id="`echo "$option" | sed 's/--bootloader-id=//'`" ;;
--grub-probe)
grub_probe="`argument "$option" "$@"`"; shift;;
--grub-probe=*)
grub_probe="`echo "$option" | sed 's/--grub-probe=//'`" ;;
--config-file)
grub_cfg="`argument "$option" "$@"`"; shift;;
--config-file=*)
grub_cfg="`echo "$option" | sed 's/--config-file=//'`" ;;
--removable)
no_nvram=yes
removable=yes ;;
--no-nvram)
no_nvram=yes ;;
--suse-enable-tpm)
source_grub_efi="/usr/lib/grub2/${grub_install_target}/grub-tpm.efi" ;;
--clean)
clean=yes ;;
-*)
echo "Unrecognized option \`$option'" 1>&2
usage
exit 1
;;
*)
if test "x$install_device" != x; then
echo "More than one install device?" 1>&2
usage
exit 1
fi
install_device="${option}" ;;
esac
done
if test -n "$efidir"; then
efi_fs=`"$grub_probe" --target=fs "${efidir}"`
if test "x$efi_fs" = xfat; then :; else
echo "$efidir doesn't look like an EFI partition." 1>&2
efidir=
fi
fi
if [ -z "$bootdir" ]; then
bootdir="/boot"
if [ -n "$rootdir" ] ; then
# Initialize bootdir if rootdir was initialized.
bootdir="${rootdir}/boot"
fi
fi
# Find the EFI System Partition.
if test -n "$efidir"; then
install_device="`"$grub_probe" --target=device --device-map= "${efidir}"`"
else
if test -d "${bootdir}/efi"; then
install_device="`"$grub_probe" --target=device --device-map=
"${bootdir}/efi"`"
# Is it a mount point?
if test "x$install_device" != "x`"$grub_probe" --target=device
--device-map= "${bootdir}"`"; then
efidir="${bootdir}/efi"
fi
elif test -d "${bootdir}/EFI"; then
install_device="`"$grub_probe" --target=device --device-map=
"${bootdir}/EFI"`"
# Is it a mount point?
if test "x$install_device" != "x`"$grub_probe" --target=device
--device-map= "${bootdir}"`"; then
efidir="${bootdir}/EFI"
fi
elif test -n "$rootdir" && test "x$rootdir" != "x/"; then
# The EFI System Partition may have been given directly using
# --root-directory.
install_device="`"$grub_probe" --target=device --device-map=
"${rootdir}"`"
# Is it a mount point?
if test "x$install_device" != "x`"$grub_probe" --target=device
--device-map= "${rootdir}/.."`"; then
efidir="${rootdir}"
fi
fi
if test -n "$efidir"; then
efi_fs=`"$grub_probe" --target=fs "${efidir}"`
if test "x$efi_fs" = xfat; then :; else
echo "$efidir doesn't look like an EFI partition." 1>&2
efidir=
fi
fi
fi
if test -n "$efidir"; then
efi_file=shim.efi
efibootdir="$efidir/EFI/boot"
mkdir -p "$efibootdir" || exit 1
if test "$removable" = "yes" ; then
efidir="$efibootdir"
else
efidir="$efidir/EFI/$efi_distributor"
mkdir -p "$efidir" || exit 1
fi
else
echo "No valid EFI partition" 1>&2
exit 1;
fi
if test "$removable" = "no" -a -f "$efibootdir/$def_boot_efi"; then
if test -n "$ca_string" && (grep -q "$ca_string"
"$efibootdir/$def_boot_efi"); then
update_boot=yes
fi
else
update_boot=yes
fi
if test "$clean" = "yes"; then
rm -f "${efidir}/shim.efi"
rm -f "${efidir}/MokManager.efi"
rm -f "${efidir}/grub.efi"
rm -f "${efidir}/grub.cfg"
rm -f "${efidir}/boot.csv"
if test "$update_boot" = "yes"; then
rm -f "${efibootdir}/${def_boot_efi}"
rm -f "${efibootdir}/fallback.efi"
fi
if test "$no_nvram" = no && test -n "$bootloader_id"; then
# Delete old entries from the same distributor.
for bootnum in `$efibootmgr | grep '^Boot[0-9]' | \
fgrep -i " $bootloader_id" | cut -b5-8`; do
$efibootmgr -b "$bootnum" -B
done
fi
exit 0
fi
cp "${source_dir}/MokManager.efi" "${efidir}"
if test -n "$source_grub_efi" && ! test -f "$source_grub_efi"; then
echo "File $source_grub_efi doesn't exist, fallback to default one" 1>&2
source_grub_efi=""
fi
if test -z "$source_grub_efi"; then
source_grub_efi="$def_grub_efi"
fi
echo "copying $source_grub_efi to ${efidir}/grub.efi"
cp "$source_grub_efi" "${efidir}/grub.efi"
if test "$efidir" != "$efibootdir" ; then
cp "${source_dir}/shim.efi" "${efidir}"
if test -n "$bootloader_id"; then
echo "shim.efi,${bootloader_id}" | iconv -f ascii -t ucs2 >
"${efidir}/boot.csv"
fi
fi
if test "$update_boot" = "yes"; then
cp "${source_dir}/shim.efi" "${efibootdir}/${def_boot_efi}"
if test "$removable" = "no"; then
cp "${source_dir}/fallback.efi" "${efibootdir}"
fi
fi
make_grubcfg () {
grub_cfg_dirname=`dirname $grub_cfg`
grub_cfg_basename=`basename $grub_cfg`
cfg_fs_uuid=`"$grub_probe" --target=fs_uuid "$grub_cfg_dirname"`
if test "x$SUSE_BTRFS_SNAPSHOT_BOOTING" = "xtrue"; then
cat <<EOF
set btrfs_relative_path="yes"
EOF
if ${grub_mkrelpath} --usage | grep -q -e '--relative'; then
grub_mkrelpath="${grub_mkrelpath} -r"
fi
fi
if [ x$GRUB_ENABLE_CRYPTODISK = xy ]; then
for uuid in `"${grub_probe}" --target=cryptodisk_uuid --device-map=
"${grub_cfg_dirname}"`; do
echo "cryptomount -u $uuid"
done
fi
cat <<EOF
search --fs-uuid --set=root ${cfg_fs_uuid}
set prefix=(\${root})`${grub_mkrelpath} ${grub_cfg_dirname}`
source "\${prefix}/${grub_cfg_basename}"
EOF
}
make_grubcfg > "${efidir}/grub.cfg"
# bnc#889765 GRUB shows broken letters at boot
# invoke grub_install to initialize /boot/grub2 directory with files needed by
grub.cfg
# bsc#1118363 shim-install didn't specify the target for grub2-install
# set the target explicitly for some special cases
${grub_install} --target=${grub_install_target} --no-nvram
if test "$no_nvram" = no && test -n "$bootloader_id"; then
modprobe -q efivars 2>/dev/null || true
# Delete old entries from the same distributor.
for bootnum in `$efibootmgr | grep '^Boot[0-9]' | \
fgrep -i " $bootloader_id" | cut -b5-8`; do
$efibootmgr -b "$bootnum" -B
done
efidir_drive="$("$grub_probe" --target=drive --device-map= "$efidir")"
efidir_disk="$("$grub_probe" --target=disk --device-map= "$efidir")"
if test -z "$efidir_drive" || test -z "$efidir_disk"; then
echo "Can't find GRUB drive for $efidir; unable to create EFI Boot
Manager entry." >&2
elif [[ "$efidir_drive" == \(mduuid/* ]]; then
eval $(mdadm --detail --export "$efidir_disk" |
perl -ne 'print if m{^MD_LEVEL=}; push( @D, $1) if
(m{^MD_DEVICE_\S+_DEV=(\S+)$});
sub END() {print "MD_DEVS=\"", join( " ", @D), "\"\n";};')
if [ "$MD_LEVEL" != "raid1" ]; then
echo "GRUB drive for $efidir not on RAID1; unable to create EFI
Boot Manager entry." >&2
fi
for mddev in $MD_DEVS; do
efidir_drive="$("$grub_probe" --target=drive --device-map= -d
"$mddev")"
efidir_disk="$("$grub_probe" --target=disk --device-map= -d
"$mddev")"
efidir_part="$(echo "$efidir_drive" | sed 's/^([^,]*,[^0-9]*//;
s/[^0-9].*//')"
efidir_d=${mddev#/dev/}
$efibootmgr -c -d "$efidir_disk" -p "$efidir_part" -w \
-L "$bootloader_id ($efidir_d)" -l
"\\EFI\\$efi_distributor\\$efi_file"
done
else
efidir_part="$(echo "$efidir_drive" | sed 's/^([^,]*,[^0-9]*//;
s/[^0-9].*//')"
$efibootmgr -c -d "$efidir_disk" -p "$efidir_part" -w \
-L "$bootloader_id" -l "\\EFI\\$efi_distributor\\$efi_file"
fi
fi
