Hello community, here is the log from the commit of package shim.13675 for openSUSE:Leap:15.2:Update checked in at 2020-08-27 18:22:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/shim.13675 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.shim.13675.new.3399 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shim.13675" Thu Aug 27 18:22:30 2020 rev:1 rq:829012 version:15+git47 Changes: -------- New Changes file: --- /dev/null 2020-08-06 00:20:10.149648038 +0200 +++ /work/SRC/openSUSE:Leap:15.2:Update/.shim.13675.new.3399/shim.changes 2020-08-27 18:22:33.796177686 +0200 @@ -0,0 +1,955 @@ +------------------------------------------------------------------- +Mon Aug 24 07:48:59 UTC 2020 - Gary Ching-Pang Lin <[email protected]> + +- shim-install: install MokManager to \EFI\boot to process the + pending MOK request (bsc#1175626, bsc#1175656) + +------------------------------------------------------------------- +Fri Jul 31 07:41:26 UTC 2020 - Johannes Segitz <[email protected]> + +- Updated openSUSE signature + +------------------------------------------------------------------- +Wed Jul 22 09:23:02 UTC 2020 - Gary Ching-Pang Lin <[email protected]> + +- Update the path to grub-tpm.efi in shim-install (bsc#1174320) + +------------------------------------------------------------------- +Fri Jul 10 07:21:27 UTC 2020 - Gary Ching-Pang Lin <[email protected]> + +- Use vendor-dbx to block old SUSE/openSUSE signkeys (bsc#1168994) + + Add dbx-cert.tar.xz which contains the certificates to block + and a script, generate-vendor-dbx.sh, to generate + vendor-dbx.bin + + Add vendor-dbx.bin as the vendor dbx to block unwanted keys +- Drop shim-opensuse-signed.efi + + We don't need it anymore + +------------------------------------------------------------------- +Fri Jul 10 06:28:44 UTC 2020 - Gary Ching-Pang Lin <[email protected]> + +- Add shim-bsc1173411-only-check-efi-var-on-sb.patch to only check + EFI variable copying when Secure Boot is enabled (bsc#1173411) + +------------------------------------------------------------------- +Tue Mar 31 08:38:56 UTC 2020 - Gary Ching-Pang Lin <[email protected]> + +- Use the full path of efibootmgr to avoid errors when invoking + shim-install from packagekitd (bsc#1168104) + +------------------------------------------------------------------- +Mon Mar 30 06:20:47 UTC 2020 - Gary Ching-Pang Lin <[email protected]> + +- Use "suse_version" instead of "sle_version" to avoid + shim_lib64_share_compat being set in Tumbleweed forever. + +------------------------------------------------------------------- +Mon Mar 16 09:42:34 UTC 2020 - Gary Ching-Pang Lin <[email protected]> + +- Add shim-fix-gnu-efi-3.0.11.patch to fix the build error caused + by the upgrade of gnu-efi + +------------------------------------------------------------------- +Wed Nov 27 06:23:11 UTC 2019 - Michael Chang <[email protected]> + +- shim-install: add check for btrfs is used as root file system to enable + relative path lookup for file. (bsc#1153953) + +------------------------------------------------------------------- +Fri Aug 16 04:07:30 UTC 2019 - Gary Ching-Pang Lin <[email protected]> + +- Fix a typo in shim-install (bsc#1145802) + +------------------------------------------------------------------- +Fri Apr 19 10:32:11 UTC 2019 - Martin Liška <[email protected]> + +- Add gcc9-fix-warnings.patch (bsc#1121268). + +------------------------------------------------------------------- +Mon Apr 15 09:24:07 UTC 2019 - Gary Ching-Pang Lin <[email protected]> + +- Add shim-opensuse-signed.efi, the openSUSE shim-15+git47 binary + (bsc#1113225) + +------------------------------------------------------------------- +Fri Apr 12 08:50:49 UTC 2019 - Gary Ching-Pang Lin <[email protected]> + +- Disable AArch64 build (FATE#325971) + + AArch64 machines don't use UEFI CA, at least for now. + +------------------------------------------------------------------- +Thu Apr 11 15:52:47 UTC 2019 - [email protected] + +- Updated shim signature: signature-sles.x86_64.asc (bsc#1120026) + +------------------------------------------------------------------- +Thu Feb 14 17:03:00 UTC 2019 - [email protected] + +- Fix conditions for '/usr/share/efi'-move (FATE#326960) + +------------------------------------------------------------------- +Mon Jan 28 03:18:53 UTC 2019 - Gary Ching-Pang Lin <[email protected]> + +- Amend shim.spec to remove $RPM_BUILD_ROOT + +------------------------------------------------------------------- +Thu Jan 17 17:12:14 UTC 2019 - [email protected] + +- Move 'efi'-executables to '/usr/share/efi' (FATE#326960) + (preparing the move to 'noarch' for this package) + +------------------------------------------------------------------- +Mon Jan 14 09:48:59 UTC 2019 - Gary Ching-Pang Lin <[email protected]> + +- Update shim-install to handle the partitioned MD devices + (bsc#1119762, bsc#1119763) + +------------------------------------------------------------------- +Thu Dec 20 04:13:00 UTC 2018 - Gary Ching-Pang Lin <[email protected]> + +- Update to 15+git47 (bsc#1120026, FATE#325971) + + git commit: b3e4d1f7555aabbf5d54de5ea7cd7e839e7bd83d +- Retire the old openSUSE 4096 bit certificate + + Those programs are already out of maintenance. +- Add shim-always-mirror-mok-variables.patch to mirror MOK + variables correctly +- Add shim-correct-license-in-headers.patch to correct the license + declaration +- Refresh patches: + + shim-arch-independent-names.patch + + shim-change-debug-file-path.patch + + shim-bsc1092000-fallback-menu.patch + + shim-opensuse-cert-prompt.patch +- Drop upstreamed patches: + + shim-bsc1088585-handle-mok-allocations-better.patch + + shim-httpboot-amend-device-path.patch + + shim-httpboot-include-console.h.patch + + shim-only-os-name.patch + + shim-remove-cryptpem.patch + +------------------------------------------------------------------- +Wed Dec 5 10:28:00 UTC 2018 - Gary Ching-Pang Lin <[email protected]> + +- Update shim-install to specify the target for grub2-install and + change the boot efi file name according to the architecture + (bsc#1118363, FATE#325971) + +------------------------------------------------------------------- +Tue Aug 21 07:36:36 UTC 2018 - [email protected] + +- Enable AArch64 build (FATE#325971) + + Also add the aarch64 signature files and rename the x86_64 + signature files + +------------------------------------------------------------------- +Tue May 29 06:41:59 UTC 2018 - [email protected] + +- Add shim-bsc1092000-fallback-menu.patch to show a menu before + system reset ((bsc#1092000)) + +------------------------------------------------------------------- +Tue Apr 10 03:45:39 UTC 2018 - [email protected] + +- Add shim-bsc1088585-handle-mok-allocations-better.patch to avoid + double-freeing after enrolling a key from the disk (bsc#1088585) + + Also refresh shim-opensuse-cert-prompt.patch due to the change + in MokManager.c + +------------------------------------------------------------------- +Tue Apr 3 08:37:55 UTC 2018 - [email protected] + +- Install the certificates with a shim suffix to avoid conflicting + with other packages (bsc#1087847) + +------------------------------------------------------------------- +Fri Mar 23 04:47:35 UTC 2018 - [email protected] + +- Add the missing leading backlash to the DEFAULT_LOADER + (bsc#1086589) + +------------------------------------------------------------------- +Fri Jan 5 08:41:42 UTC 2018 - [email protected] + +- Add shim-httpboot-amend-device-path.patch to amend the device + path matching rule for httpboot (bsc#1065370) + +------------------------------------------------------------------- +Thu Jan 4 08:17:44 UTC 2018 - [email protected] + +- Update to 14 (bsc#1054712) +- Adjust make commands in spec +- Drop upstreamed fixes + + shim-add-fallback-verbose-print.patch + + shim-back-to-openssl-1.0.2e.patch + + shim-fallback-workaround-masked-ami-variables.patch + + shim-fix-fallback-double-free.patch + + shim-fix-httpboot-crash.patch + + shim-fix-openssl-flags.patch + + shim-more-tpm-measurement.patch +- Add shim-httpboot-include-console.h.patch to include console.h + in httpboot.c to avoid build failure +- Add shim-remove-cryptpem.patch to replace functions in CryptPem.c + with the null function +- Update SUSE/openSUSE specific patches + + shim-only-os-name.patch + + shim-arch-independent-names.patch + + shim-change-debug-file-path.patch + + shim-opensuse-cert-prompt.patch ++++ 758 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.2:Update/.shim.13675.new.3399/shim.changes New: ---- SIGNATURE_UPDATE.txt SLES-UEFI-CA-Certificate.crt attach_signature.sh dbx-cert.tar.xz extract_signature.sh gcc9-fix-warnings.patch openSUSE-UEFI-CA-Certificate.crt shim-15+git47.tar.bz2 shim-always-mirror-mok-variables.patch shim-arch-independent-names.patch shim-bsc1092000-fallback-menu.patch shim-bsc1173411-only-check-efi-var-on-sb.patch shim-change-debug-file-path.patch shim-correct-license-in-headers.patch shim-fix-gnu-efi-3.0.11.patch shim-install shim-opensuse-cert-prompt.patch shim.changes shim.spec show_hash.sh show_signatures.sh signature-opensuse.aarch64.asc signature-opensuse.x86_64.asc signature-sles.aarch64.asc signature-sles.x86_64.asc strip_signature.sh timestamp.pl vendor-dbx.bin ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ shim.spec ++++++ # # spec file for package shim # # Copyright (c) 2020 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # # needssslcertforbuild %undefine _debuginfo_subpackages %undefine _build_create_debug %ifarch aarch64 %define grubplatform arm64-efi %else %define grubplatform %{_target_cpu}-efi %endif %if %{defined sle_version} && 0%{?sle_version} <= 150000 %define sysefidir /usr/lib64/efi %else %define sysefibasedir %{_datadir}/efi %define sysefidir %{sysefibasedir}/%{_target_cpu} %if "%{grubplatform}" == "x86_64-efi" && 0%{?suse_version} < 1600 # provide compatibility sym-link for residual kiwi, etc. %define shim_lib64_share_compat 1 %endif %endif Name: shim Version: 15+git47 Release: 0 Summary: UEFI shim loader License: BSD-2-Clause Group: System/Boot URL: https://github.com/rhboot/shim Source: %{name}-%{version}.tar.bz2 # run "extract_signature.sh shim.efi" where shim.efi is the binary # with the signature from the UEFI signing service. # Note: For signature requesting, check SIGNATURE_UPDATE.txt Source1: signature-opensuse.x86_64.asc Source2: openSUSE-UEFI-CA-Certificate.crt Source3: shim-install Source4: SLES-UEFI-CA-Certificate.crt Source5: extract_signature.sh Source6: attach_signature.sh Source7: show_hash.sh Source8: show_signatures.sh Source9: timestamp.pl Source10: strip_signature.sh Source11: signature-sles.x86_64.asc Source12: signature-opensuse.aarch64.asc Source13: signature-sles.aarch64.asc Source50: dbx-cert.tar.xz # vendor-dbx.bin is generated by generate-vendor-dbx.sh in dbx-cert.tar.xz Source51: vendor-dbx.bin Source99: SIGNATURE_UPDATE.txt # PATCH-FIX-SUSE shim-arch-independent-names.patch [email protected] -- Use the Arch-independent names Patch1: shim-arch-independent-names.patch # PATCH-FIX-OPENSUSE shim-change-debug-file-path.patch [email protected] -- Change the default debug file path Patch2: shim-change-debug-file-path.patch # PATCH-FIX-UPSTREAM shim-bsc1092000-fallback-menu.patch bsc#1092000 [email protected] -- Show a menu before reset Patch3: shim-bsc1092000-fallback-menu.patch # PATCH-FIX-UPSTREAM shim-always-mirror-mok-variables.patch [email protected] -- Mirror MOK variables correctly Patch4: shim-always-mirror-mok-variables.patch Patch5: shim-correct-license-in-headers.patch # PATCH-FIX-UPSTREAM gcc9-fix-warnings.patch [email protected] -- MokManager: Use CompareMem on MokListNode.Type instead of CompareGuid Patch6: gcc9-fix-warnings.patch # PATCH-FIX-OPENSUSE shim-fix-gnu-efi-3.0.11.patch [email protected] -- Fix the build error caused by the typo fix in gnu-efi 3.0.11 Patch7: shim-fix-gnu-efi-3.0.11.patch # PATCH-FIX-UPSTREAM shim-bsc1173411-only-check-efi-var-on-sb.patch bsc#1173411 [email protected] -- Make EFI variable copying check only fatal on SB systems Patch8: shim-bsc1173411-only-check-efi-var-on-sb.patch # PATCH-FIX-OPENSUSE shim-opensuse-cert-prompt.patch [email protected] -- Show the prompt to ask whether the user trusts openSUSE certificate or not Patch100: shim-opensuse-cert-prompt.patch BuildRequires: gnu-efi >= 3.0.3 BuildRequires: mozilla-nss-tools BuildRequires: openssl >= 0.9.8 BuildRequires: pesign BuildRequires: pesign-obs-integration %if 0%{?suse_version} > 1320 BuildRequires: update-bootloader-rpm-macros %endif %if 0%{?update_bootloader_requires:1} %update_bootloader_requires %else Requires: perl-Bootloader %endif BuildRoot: %{_tmppath}/%{name}-%{version}-build # For shim-install script Requires: grub2-%{grubplatform} ExclusiveArch: x86_64 %description shim is a trivial EFI application that, when run, attempts to open and execute another application. %package -n shim-debuginfo Summary: UEFI shim loader - debug symbols Group: Development/Debug %description -n shim-debuginfo The debug symbols of UEFI shim loader %package -n shim-debugsource Summary: UEFI shim loader - debug source Group: Development/Debug %description -n shim-debugsource The source code of UEFI shim loader %prep %setup -q %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %if 0%{?is_opensuse} == 1 %patch100 -p1 %endif %build # first, build MokManager and fallback as they don't depend on a # specific certificate make EFI_PATH=/usr/lib64 RELEASE=0 \ MMSTEM=MokManager FBSTEM=fallback \ MokManager.efi.debug fallback.efi.debug \ MokManager.efi fallback.efi # now build variants of shim that embed different certificates default='' suffixes=(opensuse sles) # check whether the project cert is a known one. If it is we build # just one shim that embeds this specific cert. If it's a devel # project we build all variants to simplify testing. if test -e %{_sourcedir}/_projectcert.crt ; then prjsubject=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -subject_hash) prjissuer=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -issuer_hash) opensusesubject=$(openssl x509 -in %{SOURCE2} -noout -subject_hash) slessubject=$(openssl x509 -in %{SOURCE4} -noout -subject_hash) if test "$prjissuer" = "$opensusesubject" ; then suffixes=(opensuse) elif test "$prjissuer" = "$slessubject" ; then suffixes=(sles) elif test "$prjsubject" = "$prjissuer" ; then suffixes=(devel opensuse sles) fi fi for suffix in "${suffixes[@]}"; do if test "$suffix" = "opensuse"; then cert=%{SOURCE2} verify='openSUSE Secure Boot CA1' %ifarch x86_64 signature=%{SOURCE1} %else # AArch64 signature signature=%{SOURCE12} %endif elif test "$suffix" = "sles"; then cert=%{SOURCE4} verify='SUSE Linux Enterprise Secure Boot CA1' %ifarch x86_64 signature=%{SOURCE11} %else # AArch64 signature signature=%{SOURCE13} %endif elif test "$suffix" = "devel"; then cert=%{_sourcedir}/_projectcert.crt verify=`openssl x509 -in "$cert" -noout -email` signature='' test -e "$cert" || continue else echo "invalid suffix" false fi openssl x509 -in $cert -outform DER -out shim-$suffix.der make EFI_PATH=/usr/lib64 RELEASE=0 SHIMSTEM=shim \ VENDOR_CERT_FILE=shim-$suffix.der ENABLE_HTTPBOOT=1 \ DEFAULT_LOADER="\\\\\\\\grub.efi" \ VENDOR_DBX_FILE=%{SOURCE51} \ shim.efi.debug shim.efi # # assert correct certificate embedded grep -q "$verify" shim.efi # make VENDOR_CERT_FILE=cert.der VENDOR_DBX_FILE=dbx chmod 755 %{SOURCE9} # alternative: verify signature #sbverify --cert MicCorThiParMarRoo_2010-10-05.pem shim-signed.efi if test -n "$signature"; then head -1 "$signature" > hash1 cp shim.efi shim.efi.bak # pe header contains timestamp and checksum. we need to # restore that %{SOURCE9} --set-from-file "$signature" shim.efi pesign -h -P -i shim.efi > hash2 cat hash1 hash2 if ! cmp -s hash1 hash2; then echo "ERROR: $suffix binary changed, need to request new signature!" %if %{defined shim_enforce_ms_signature} false %endif mv shim.efi.bak shim-$suffix.efi rm shim.efi else # attach signature pesign -m "$signature" -i shim.efi -o shim-$suffix.efi rm -f shim.efi fi else mv shim.efi shim-$suffix.efi fi mv shim.efi.debug shim-$suffix.debug # remove the build cert if exists rm -f shim_cert.h shim.cer shim.crt # make sure all object files gets rebuilt rm -f *.o done ln -s shim-${suffixes[0]}.efi shim.efi mv shim-${suffixes[0]}.debug shim.debug # Collect the source for debugsource mkdir ../source find . \( -name "*.c" -o -name "*.h" \) -type f -exec cp --parents -a {} ../source/ \; mv ../source . %install export BRP_PESIGN_FILES='%{sysefidir}/shim*.efi %{sysefidir}/MokManager.efi %{sysefidir}/fallback.efi' install -d %{buildroot}/%{sysefidir} cp -a shim*.efi %{buildroot}/%{sysefidir} install -m 444 shim-*.der %{buildroot}/%{sysefidir} install -m 644 MokManager.efi %{buildroot}/%{sysefidir}/MokManager.efi install -m 644 fallback.efi %{buildroot}/%{sysefidir}/fallback.efi install -d %{buildroot}/%{_sbindir} install -m 755 %{SOURCE3} %{buildroot}/%{_sbindir}/ # install SUSE certificate install -d %{buildroot}/%{_sysconfdir}/uefi/certs/ for file in shim-*.der; do fpr=$(openssl x509 -sha1 -fingerprint -inform DER -noout -in $file | cut -c 18- | cut -d ":" -f 1,2,3,4 | sed 's/://g') install -m 644 $file %{buildroot}/%{_sysconfdir}/uefi/certs/${fpr}-shim.crt done %if %{defined shim_lib64_share_compat} [ "%{sysefidir}" != "/usr/lib64/efi" ] || exit 1 # provide compatibility sym-link for residual "consumers" install -d %{buildroot}/usr/lib64/efi ln -srf %{buildroot}/%{sysefidir}/*.efi %{buildroot}/usr/lib64/efi/ %endif # install the debug symbols install -d %{buildroot}/usr/lib/debug/%{sysefidir} install -m 644 shim.debug %{buildroot}/usr/lib/debug/%{sysefidir} install -m 644 MokManager.efi.debug %{buildroot}/usr/lib/debug/%{sysefidir}/MokManager.debug install -m 644 fallback.efi.debug %{buildroot}/usr/lib/debug/%{sysefidir}/fallback.debug # install the debug source install -d %{buildroot}/usr/src/debug/%{name}-%{version} cp -r source/* %{buildroot}/usr/src/debug/%{name}-%{version} %clean %{?buildroot:%__rm -rf "%{buildroot}"} %post %if 0%{?update_bootloader_check_type_reinit_post:1} %update_bootloader_check_type_reinit_post grub2-efi %else /sbin/update-bootloader --reinit || true %endif %if %{defined update_bootloader_posttrans} %posttrans %{?update_bootloader_posttrans} %endif %files %defattr(-,root,root) %doc COPYRIGHT %dir %{?sysefibasedir} %dir %{sysefidir} %{sysefidir}/shim.efi %{sysefidir}/shim-*.efi %{sysefidir}/shim-*.der %{sysefidir}/MokManager.efi %{sysefidir}/fallback.efi %{_sbindir}/shim-install %dir %{_sysconfdir}/uefi/ %dir %{_sysconfdir}/uefi/certs/ %{_sysconfdir}/uefi/certs/*.crt %if %{defined shim_lib64_share_compat} # provide compatibility sym-link for previous kiwi, etc. %dir /usr/lib64/efi /usr/lib64/efi/*.efi %endif %files -n shim-debuginfo %defattr(-,root,root,-) /usr/lib/debug%{sysefidir}/shim.debug /usr/lib/debug%{sysefidir}/MokManager.debug /usr/lib/debug%{sysefidir}/fallback.debug %files -n shim-debugsource %defattr(-,root,root,-) %dir /usr/src/debug/%{name}-%{version} /usr/src/debug/%{name}-%{version}/* %changelog ++++++ SIGNATURE_UPDATE.txt ++++++ ==== openSUSE ==== For openSUSE, the devel project of shim is devel:openSUSE:Factory. ALWAYS use the latest Leap to build shim-opensuse.efi for UEFI CA. Tumbleweed shares the same binary with Leap, so do the older Leap releases. The steps to udpate signature-opensuse.asc: 1) Branch devel:openSUSE:Factory/shim. 2) Add the latest Leap, e.g. 42.2, to the build target. 3) Build shim-opensuse.efi against the latest Leap. 4) Strip the signature from shim-opensuse.efi with strip_signature.sh. 5) Send shim-opensuse.efi to UEFI CA to request a new signature. 6) Extract the signature from the signed shim.efi with extract_signature.sh 7) Update signature-opensuse.asc. ==== SLES === Since there is no devel project for shim in SLES, just build shim-sles.efi with the latest SLES and then send it to UEFI CA for a new signature. The steps to update signature-sles.asc: 1) Branch shim from the latest SLES and apply the update/fix. 2) Build shim-sles.efi against the latest SLES. 3) Strip the signature from shim-sles.efi with strip_signature.sh. 4) Send shim-sles.efi to UEFI CA to request a new signature. 5) Extract the signature from the signed shim.efi with extract_signature.sh 6) Update signature-sles.asc. ++++++ attach_signature.sh ++++++ #!/bin/bash # attach ascii armored signature to a PE binary set -e sig="$1" infile="$2" if [ -z "$sig" -o ! -e "$sig" -o -z "$infile" -o ! -e "$infile" ]; then echo "USAGE: $0 sig.asc file.efi" exit 1 fi outfile="${infile%.efi}-signed.efi" pesign -m "$sig" -i "$infile" -o "$outfile" ++++++ extract_signature.sh ++++++ #!/bin/bash # extract ascii armored signature from a PE binary set -e infile="$1" if [ -z "$infile" -o ! -e "$infile" ]; then echo "USAGE: $0 file.efi" exit 1 fi # wtf? (pesign -h -P -i "$infile"; perl $(dirname $0)/timestamp.pl "$infile"; pesign -a -f -e /dev/stdout -i "$infile")|cat ++++++ gcc9-fix-warnings.patch ++++++ >From f30cd0b6330be8ea72a93bf25e43829c222ba611 Mon Sep 17 00:00:00 2001 From: Gary Lin <[email protected]> Date: Tue, 26 Feb 2019 11:33:53 +0800 Subject: [PATCH] MokManager: Use CompareMem on MokListNode.Type instead of CompareGuid Fix the errors from gcc9 '-Werror=address-of-packed-member' https://github.com/rhboot/shim/issues/161 Signed-off-by: Gary Lin <[email protected]> --- MokManager.c | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/MokManager.c b/MokManager.c index d69b4dbe..05dc1622 100644 --- a/MokManager.c +++ b/MokManager.c @@ -1053,7 +1053,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num, continue; DataSize += sizeof(EFI_SIGNATURE_LIST); - if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) + if (CompareMem(&(list[i].Type), &X509_GUID, + sizeof(EFI_GUID)) == 0) DataSize += sizeof(EFI_GUID); DataSize += list[i].MokSize; } @@ -1075,7 +1076,8 @@ static EFI_STATUS write_back_mok_list(MokListNode * list, INTN key_num, CertList->SignatureType = list[i].Type; CertList->SignatureHeaderSize = 0; - if (CompareGuid(&(list[i].Type), &X509_GUID) == 0) { + if (CompareMem(&(list[i].Type), &X509_GUID, + sizeof(EFI_GUID)) == 0) { CertList->SignatureListSize = list[i].MokSize + sizeof(EFI_SIGNATURE_LIST) + sizeof(EFI_GUID); CertList->SignatureSize = @@ -1116,7 +1118,8 @@ static void delete_cert(void *key, UINT32 key_size, int i; for (i = 0; i < mok_num; i++) { - if (CompareGuid(&(mok[i].Type), &X509_GUID) != 0) + if (CompareMem(&(mok[i].Type), &X509_GUID, + sizeof(EFI_GUID)) != 0) continue; if (mok[i].MokSize == key_size && @@ -1167,7 +1170,7 @@ static void delete_hash_in_list(EFI_GUID Type, UINT8 * hash, UINT32 hash_size, sig_size = hash_size + sizeof(EFI_GUID); for (i = 0; i < mok_num; i++) { - if ((CompareGuid(&(mok[i].Type), &Type) != 0) || + if ((CompareMem(&(mok[i].Type), &Type, sizeof(EFI_GUID)) != 0) || (mok[i].MokSize < sig_size)) continue; @@ -1331,7 +1334,8 @@ static EFI_STATUS delete_keys(void *MokDel, UINTN MokDelSize, BOOLEAN MokX) /* Search and destroy */ for (i = 0; i < del_num; i++) { - if (CompareGuid(&(del_key[i].Type), &X509_GUID) == 0) { + if (CompareMem(&(del_key[i].Type), &X509_GUID, + sizeof(EFI_GUID)) == 0) { delete_cert(del_key[i].Mok, del_key[i].MokSize, mok, mok_num); } else if (is_sha2_hash(del_key[i].Type)) { ++++++ shim-always-mirror-mok-variables.patch ++++++ >From e6ce8788f4a622da1ba5421a5eb11df163a56727 Mon Sep 17 00:00:00 2001 From: Gary Lin <[email protected]> Date: Wed, 21 Nov 2018 12:47:43 +0800 Subject: [PATCH] MOK: Fix the missing vendor cert in MokListRT When there is no key in MokList, import_mok_state() just skipped MokList even though it should always mirror the vendor cert. https://github.com/rhboot/shim/issues/154 Signed-off-by: Gary Lin <[email protected]> --- mok.c | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/mok.c b/mok.c index 3867521..0bcab32 100644 --- a/mok.c +++ b/mok.c @@ -223,11 +223,18 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle) UINT32 attrs = 0; BOOLEAN delete = FALSE, present, addend; + addend = (v->addend_source && v->addend_size && + *v->addend_source && *v->addend_size) + ? TRUE : FALSE; + efi_status = get_variable_attr(v->name, &v->data, &v->data_size, *v->guid, &attrs); - if (efi_status == EFI_NOT_FOUND) + if (efi_status == EFI_NOT_FOUND) { + if (addend) + goto mirror_addend; continue; + } if (EFI_ERROR(efi_status)) { perror(L"Could not verify %s: %r\n", v->name, efi_status); @@ -272,9 +279,6 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle) } present = (v->data && v->data_size) ? TRUE : FALSE; - addend = (v->addend_source && v->addend_size && - *v->addend_source && *v->addend_size) - ? TRUE : FALSE; if (v->flags & MOK_VARIABLE_MEASURE && present) { /* @@ -304,7 +308,8 @@ EFI_STATUS import_mok_state(EFI_HANDLE image_handle) } } - if (v->rtname && present && addend) { +mirror_addend: + if (v->rtname && (present || addend)) { if (v->flags & MOK_MIRROR_DELETE_FIRST) LibDeleteVariable(v->rtname, v->guid); -- 2.19.2 ++++++ shim-arch-independent-names.patch ++++++ >From b0fc750ab3af4883a7124229398a758837a4e7ce Mon Sep 17 00:00:00 2001 From: Gary Lin <[email protected]> Date: Tue, 22 Aug 2017 12:43:36 +0800 Subject: [PATCH] Make the names of EFI binaries arch-independent Since we only build the 64-bit binaries, we don't have the issue of the mixed architecture binaries in the same directory. Besides, we will use the same install script for x86_64 and AArch64. It's easier to maintain the script with the same names. Signed-off-by: Gary Lin <[email protected]> --- fallback.c | 2 +- shim.c | 2 +- shim.h | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/fallback.c b/fallback.c index c3f5583..01f2ae4 100644 --- a/fallback.c +++ b/fallback.c @@ -999,7 +999,7 @@ debug_hook(void) x = 1; console_print(L"add-symbol-file "DEBUGDIR - L"fb" EFI_ARCH L".efi.debug %p -s .data %p\n", + L"fallback.efi.debug %p -s .data %p\n", &_etext, &_edata); } diff --git a/shim.c b/shim.c index fcc11eb..248c946 100644 --- a/shim.c +++ b/shim.c @@ -2554,7 +2554,7 @@ debug_hook(void) FreePool(data); console_print(L"add-symbol-file "DEBUGDIR - L"shim" EFI_ARCH L".efi.debug 0x%08x -s .data 0x%08x\n", + L"shim.efi.debug 0x%08x -s .data 0x%08x\n", &_text, &_data); console_print(L"Pausing for debugger attachment.\n"); diff --git a/shim.h b/shim.h index 2b359d8..d9c60f5 100644 --- a/shim.h +++ b/shim.h @@ -92,8 +92,8 @@ #endif #endif -#define FALLBACK L"\\fb" EFI_ARCH L".efi" -#define MOK_MANAGER L"\\mm" EFI_ARCH L".efi" +#define FALLBACK L"\\fallback.efi" +#define MOK_MANAGER L"\\MokManager.efi" #include "include/configtable.h" #include "include/console.h" -- 2.19.2 ++++++ shim-bsc1092000-fallback-menu.patch ++++++ >From 407763d37cae353609b3f3ef78ff127745860357 Mon Sep 17 00:00:00 2001 From: Gary Lin <[email protected]> Date: Wed, 23 May 2018 16:58:31 +0800 Subject: [PATCH 1/2] console: Move the countdown function to console.c Move the countdown function from MokManager to console.c to make the function public Also make console_save_and_set_mode() and console_restore_mode() public Signed-off-by: Gary Lin <[email protected]> --- MokManager.c | 71 ++++--------------------------------------- include/console.h | 6 ++++ lib/console.c | 76 +++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 88 insertions(+), 65 deletions(-) diff --git a/MokManager.c b/MokManager.c index 2e55c50..1ab8e5e 100644 --- a/MokManager.c +++ b/MokManager.c @@ -733,30 +733,6 @@ done: return efi_status; } -static void console_save_and_set_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode) -{ - SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; - - if (!SavedMode) { - console_print(L"Invalid parameter: SavedMode\n"); - return; - } - - CopyMem(SavedMode, co->Mode, sizeof(SIMPLE_TEXT_OUTPUT_MODE)); - co->EnableCursor(co, FALSE); - co->SetAttribute(co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE); -} - -static void console_restore_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode) -{ - SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; - - co->EnableCursor(co, SavedMode->CursorVisible); - co->SetCursorPosition(co, SavedMode->CursorColumn, - SavedMode->CursorRow); - co->SetAttribute(co, SavedMode->Attribute); -} - static INTN reset_system() { gRT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL); @@ -2032,18 +2008,13 @@ static BOOLEAN verify_pw(BOOLEAN * protected) static int draw_countdown() { - SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; - SIMPLE_INPUT_INTERFACE *ci = ST->ConIn; - SIMPLE_TEXT_OUTPUT_MODE SavedMode; - EFI_INPUT_KEY key; - EFI_STATUS efi_status; - UINTN cols, rows; - CHAR16 *title[2]; CHAR16 *message = L"Press any key to perform MOK management"; + CHAR16 *title; + EFI_STATUS efi_status; void *MokTimeout = NULL; MokTimeoutvar *var; UINTN MokTimeoutSize = 0; - int timeout, wait = 10000000; + int timeout; efi_status = get_variable(L"MokTimeout", (UINT8 **) &MokTimeout, &MokTimeoutSize, SHIM_LOCK_GUID); @@ -2059,41 +2030,11 @@ static int draw_countdown() if (timeout < 0) return timeout; - console_save_and_set_mode(&SavedMode); - - title[0] = PoolPrint(L"%s UEFI key management", SHIM_VENDOR); - title[1] = NULL; - - console_print_box_at(title, -1, 0, 0, -1, -1, 1, 1); - - co->QueryMode(co, co->Mode->Mode, &cols, &rows); - - console_print_at((cols - StrLen(message)) / 2, rows / 2, message); - while (1) { - if (timeout > 1) - console_print_at(2, rows - 3, - L"Booting in %d seconds ", - timeout); - else if (timeout) - console_print_at(2, rows - 3, - L"Booting in %d second ", - timeout); + title = PoolPrint(L"%s UEFI key management", SHIM_VENDOR); - efi_status = WaitForSingleEvent(ci->WaitForKey, wait); - if (efi_status != EFI_TIMEOUT) { - /* Clear the key in the queue */ - ci->ReadKeyStroke(ci, &key); - break; - } + timeout = console_countdown(title, message, timeout); - timeout--; - if (!timeout) - break; - } - - FreePool(title[0]); - - console_restore_mode(&SavedMode); + FreePool(title); return timeout; } diff --git a/include/console.h b/include/console.h index deb4fa3..bd75eb5 100644 --- a/include/console.h +++ b/include/console.h @@ -33,6 +33,12 @@ console_alertbox(CHAR16 **title); void console_notify(CHAR16 *string); void +console_save_and_set_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode); +void +console_restore_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode); +int +console_countdown(CHAR16* title, const CHAR16* message, int timeout); +void console_reset(void); #define NOSEL 0x7fffffff diff --git a/lib/console.c b/lib/console.c index 3aee41c..2d421af 100644 --- a/lib/console.c +++ b/lib/console.c @@ -409,6 +409,82 @@ console_notify(CHAR16 *string) console_alertbox(str_arr); } +void +console_save_and_set_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode) +{ + SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; + + if (!SavedMode) { + console_print(L"Invalid parameter: SavedMode\n"); + return; + } + + CopyMem(SavedMode, co->Mode, sizeof(SIMPLE_TEXT_OUTPUT_MODE)); + co->EnableCursor(co, FALSE); + co->SetAttribute(co, EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE); +} + +void +console_restore_mode(SIMPLE_TEXT_OUTPUT_MODE * SavedMode) +{ + SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; + + co->EnableCursor(co, SavedMode->CursorVisible); + co->SetCursorPosition(co, SavedMode->CursorColumn, + SavedMode->CursorRow); + co->SetAttribute(co, SavedMode->Attribute); +} + +int +console_countdown(CHAR16* title, const CHAR16* message, + int timeout) +{ + SIMPLE_TEXT_OUTPUT_INTERFACE *co = ST->ConOut; + SIMPLE_INPUT_INTERFACE *ci = ST->ConIn; + SIMPLE_TEXT_OUTPUT_MODE SavedMode; + EFI_INPUT_KEY key; + EFI_STATUS efi_status; + UINTN cols, rows; + CHAR16 *titles[2]; + int wait = 10000000; + + console_save_and_set_mode(&SavedMode); + + titles[0] = title; + titles[1] = NULL; + + console_print_box_at(titles, -1, 0, 0, -1, -1, 1, 1); + + co->QueryMode(co, co->Mode->Mode, &cols, &rows); + + console_print_at((cols - StrLen(message)) / 2, rows / 2, message); + while (1) { + if (timeout > 1) + console_print_at(2, rows - 3, + L"Booting in %d seconds ", + timeout); + else if (timeout) + console_print_at(2, rows - 3, + L"Booting in %d second ", + timeout); + + efi_status = WaitForSingleEvent(ci->WaitForKey, wait); + if (efi_status != EFI_TIMEOUT) { + /* Clear the key in the queue */ + ci->ReadKeyStroke(ci, &key); + break; + } + + timeout--; + if (!timeout) + break; + } + + console_restore_mode(&SavedMode); + + return timeout; +} + #define ARRAY_SIZE(a) (sizeof (a) / sizeof ((a)[0])) /* Copy of gnu-efi-3.0 with the added secure boot strings */ -- 2.19.2 >From 9544a6dc75343059184d9dfb0cfdc4eda880afd0 Mon Sep 17 00:00:00 2001 From: Gary Lin <[email protected]> Date: Wed, 23 May 2018 18:13:05 +0800 Subject: [PATCH 2/2] fallback: show a countdown menu before reset Some machines with the faulty firmware may keep booting the default boot path instead of the boot option we create. To avoid the infinite reset loop, this commit introduce a countdown screen before fallback resets the system, so the user can interrupt the system reset and choose to boot the restored boot option. The "Always continue boot" option creates a BS+RT+NV variable, FB_NO_REBOOT, to make fallback boot the first boot option afterward without asking. The user can revert the behavior by removing the variable. https://github.com/rhboot/shim/issues/128 Signed-off-by: Gary Lin <[email protected]> --- fallback.c | 81 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 81 insertions(+) diff --git a/fallback.c b/fallback.c index 01f2ae4..33f104f 100644 --- a/fallback.c +++ b/fallback.c @@ -12,6 +12,8 @@ #include "shim.h" +#define NO_REBOOT L"FB_NO_REBOOT" + EFI_LOADED_IMAGE *this_image = NULL; int @@ -973,6 +975,65 @@ try_start_first_option(EFI_HANDLE parent_image_handle) return efi_status; } +static UINT32 +get_fallback_no_reboot(void) +{ + EFI_STATUS efi_status; + UINT32 no_reboot; + UINTN size = sizeof(UINT32); + + efi_status = gRT->GetVariable(NO_REBOOT, &SHIM_LOCK_GUID, + NULL, &size, &no_reboot); + if (!EFI_ERROR(efi_status)) { + return no_reboot; + } + return 0; +} + +static EFI_STATUS +set_fallback_no_reboot(void) +{ + EFI_STATUS efi_status; + UINT32 no_reboot = 1; + efi_status = gRT->SetVariable(NO_REBOOT, &SHIM_LOCK_GUID, + EFI_VARIABLE_NON_VOLATILE + | EFI_VARIABLE_BOOTSERVICE_ACCESS + | EFI_VARIABLE_RUNTIME_ACCESS, + sizeof(UINT32), &no_reboot); + return efi_status; +} + +static int +draw_countdown(void) +{ + CHAR16 *title = L"Boot Option Restoration"; + CHAR16 *message = L"Press any key to stop system reset"; + int timeout; + + timeout = console_countdown(title, message, 5); + + return timeout; +} + +static int +get_user_choice(void) +{ + int choice; + CHAR16 *title[] = {L"Boot Option Restored", NULL}; + CHAR16 *menu_strings[] = { + L"Reset system", + L"Continue boot", + L"Always continue boot", + NULL + }; + + do { + choice = console_select(title, menu_strings, 0); + } while (choice < 0 || choice > 2); + + return choice; +} + extern EFI_STATUS efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab); @@ -1039,6 +1100,26 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TABLE *systab) VerbosePrint(L"tpm not present, starting the first image\n"); try_start_first_option(image); } else { + if (get_fallback_no_reboot() == 1) { + VerbosePrint(L"NO_REBOOT is set, starting the first image\n"); + try_start_first_option(image); + } + + int timeout = draw_countdown(); + if (timeout == 0) + goto reset; + + int choice = get_user_choice(); + if (choice == 0) { + goto reset; + } else if (choice == 2) { + efi_status = set_fallback_no_reboot(); + if (EFI_ERROR(efi_status)) + goto reset; + } + VerbosePrint(L"tpm present, starting the first image\n"); + try_start_first_option(image); +reset: VerbosePrint(L"tpm present, resetting system\n"); } -- 2.19.2 ++++++ shim-bsc1173411-only-check-efi-var-on-sb.patch ++++++ >From 741c61abba7d5c74166f8d0c1b9ee8001ebcd186 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk <[email protected]> Date: Thu, 6 Dec 2018 10:08:45 +0100 Subject: [PATCH] Make EFI variable copying fatal only on secureboot enabled systems I have come across systems that are unwilling to reserve enough memory for a MokListRT big enough for big certificates. This seems to be the case with firmware implementations that do not support secureboot, which is probably the reason they went with much lower variable storage. This patch set makes sure we can still boot on those systems, by only making the copy action fatal if the system has secure boot enabled, or if the error was anything other than EFI_INVALID_PARAMETER. Signed-off-by: Patrick Uiterwijk <[email protected]> --- shim.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/shim.c b/shim.c index 7d25ad6..aee4727 100644 --- a/shim.c +++ b/shim.c @@ -2639,7 +2639,17 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab) * boot-services-only state variables are what we think they are. */ efi_status = import_mok_state(image_handle); - if (EFI_ERROR(efi_status)) { + if (!secure_mode() && efi_status == EFI_INVALID_PARAMETER) { + /* + * Make copy failures fatal only if secure_mode is enabled, or + * the error was anything else than EFI_INVALID_PARAMETER. + * There are non-secureboot firmware implementations that don't + * reserve enough EFI variable memory to fit the variable. + */ + console_print(L"Importing MOK states has failed: %s: %r\n", + msgs[msg], efi_status); + console_print(L"Continuing boot since secure mode is disabled"); + } else if (EFI_ERROR(efi_status)) { die: console_print(L"Something has gone seriously wrong: %s: %r\n", msgs[msg], efi_status); -- 2.25.1 ++++++ shim-change-debug-file-path.patch ++++++ >From e766e3943fa8513c1afe01e69e8aa6ec14067028 Mon Sep 17 00:00:00 2001 From: Gary Lin <[email protected]> Date: Thu, 4 Jan 2018 12:28:37 +0800 Subject: [PATCH] Use our own debug path Signed-off-by: Gary Lin <[email protected]> --- Make.defaults | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Make.defaults b/Make.defaults index bbfc1d7..1cec0e1 100644 --- a/Make.defaults +++ b/Make.defaults @@ -119,7 +119,7 @@ SHIMHASHNAME = $(SHIMSTEM).hash BOOTEFINAME ?= BOOT$(ARCH_SUFFIX_UPPER).EFI BOOTCSVNAME ?= BOOT$(ARCH_SUFFIX_UPPER).CSV -CFLAGS += "-DEFI_ARCH=L\"$(ARCH_SUFFIX)\"" "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/\"" +CFLAGS += "-DEFI_ARCH=L\"$(ARCH_SUFFIX)\"" "-DDEBUGDIR=L\"/usr/lib/debug/usr/lib64/efi/shim.debug\"" ifneq ($(origin VENDOR_CERT_FILE), undefined) CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\" -- 2.19.2 ++++++ shim-correct-license-in-headers.patch ++++++ >From 64492acf8b1d72cea0c3e203887bfe26fb840f1d Mon Sep 17 00:00:00 2001 From: Gary Lin <[email protected]> Date: Thu, 13 Dec 2018 17:19:36 +0800 Subject: [PATCH] Add the license change statement for errlog.c and mok.c --- errlog.c | 6 ++++++ mok.c | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/errlog.c b/errlog.c index 18be482..4a1fffb 100644 --- a/errlog.c +++ b/errlog.c @@ -3,6 +3,12 @@ * Copyright 2017 Peter Jones <[email protected]> * * Distributed under terms of the GPLv3 license. + * + * As Peter stated in issues#155: + * "I'll publicly state here that as the author of those files, you can + * treat them as dual-licensed with the GPLv3 text that accidentally + * made it in and the BSD license they should have borne." + * Ref: https://github.com/rhboot/shim/issues/155#issuecomment-443738252 */ #include "shim.h" diff --git a/mok.c b/mok.c index 3867521..903b3b4 100644 --- a/mok.c +++ b/mok.c @@ -3,6 +3,12 @@ * Copyright 2017 Peter Jones <[email protected]> * * Distributed under terms of the GPLv3 license. + * + * As Peter stated in issues#155: + * "I'll publicly state here that as the author of those files, you can + * treat them as dual-licensed with the GPLv3 text that accidentally + * made it in and the BSD license they should have borne." + * Ref: https://github.com/rhboot/shim/issues/155#issuecomment-443738252 */ #include "shim.h" -- 2.19.2 ++++++ shim-fix-gnu-efi-3.0.11.patch ++++++ diff --git a/lib/console.c b/lib/console.c index 2d421af..6e2a8ca 100644 --- a/lib/console.c +++ b/lib/console.c @@ -521,7 +521,11 @@ static struct { { EFI_SECURITY_VIOLATION, L"Security Violation"}, // warnings +#ifdef EFI_WARN_UNKOWN_GLYPH { EFI_WARN_UNKOWN_GLYPH, L"Warning Unknown Glyph"}, +#else + { EFI_WARN_UNKNOWN_GLYPH, L"Warning Unknown Glyph"}, +#endif { EFI_WARN_DELETE_FAILURE, L"Warning Delete Failure"}, { EFI_WARN_WRITE_FAILURE, L"Warning Write Failure"}, { EFI_WARN_BUFFER_TOO_SMALL, L"Warning Buffer Too Small"}, ++++++ shim-install ++++++ #! /bin/bash -e arch=`uname -m` rootdir= bootdir= efidir= install_device= efibootdir= ca_string= no_nvram=no removable=no clean=no sysconfdir="/etc" libdir="/usr/lib64" # Beware, this is arch dependent! datadir="/usr/share" source_dir="${datadir}/efi/${arch}" efibootmgr="/usr/sbin/efibootmgr" grub_probe="/usr/sbin/grub2-probe" grub_mkrelpath="/usr/bin/grub2-mkrelpath" grub_install="/usr/sbin/grub2-install" grub_install_target= self="`basename $0`" grub_cfg="/boot/grub2/grub.cfg" update_boot=no def_grub_efi="${source_dir}/grub.efi" def_boot_efi= if [ x${arch} = xx86_64 ] ; then grub_install_target="x86_64-efi" def_boot_efi="bootx64.efi" elif [ x${arch} = xaarch64 ] ; then grub_install_target="arm64-efi" def_boot_efi="bootaa64.efi" else echo "Unsupported architecture: ${arch}" exit 1 fi if [ ! -d "${source_dir}" -o ! -e "${def_grub_efi}" ] ; then # for outdated packages fall back to previous behavior source_dir="$libdir/efi" def_grub_efi="${source_dir}/grub.efi" fi # Get GRUB_DISTRIBUTOR. if test -f "${sysconfdir}/default/grub" ; then . "${sysconfdir}/default/grub" fi if [ x"${GRUB_DISTRIBUTOR}" = x ] && [ -f "${sysconfdir}/os-release" ] ; then . "${sysconfdir}/os-release" GRUB_DISTRIBUTOR="${NAME} ${VERSION}" fi bootloader_id="$(echo "$GRUB_DISTRIBUTOR" | tr 'A-Z' 'a-z' | cut -d' ' -f1)" if test -z "$bootloader_id"; then bootloader_id=grub fi efi_distributor="$bootloader_id" bootloader_id="${bootloader_id}-secureboot" case "$bootloader_id" in "sle"*) ca_string='SUSE Linux Enterprise Secure Boot CA1';; "opensuse"*) ca_string='openSUSE Secure Boot CA1';; *) ca_string="";; esac usage () { echo "Usage: $self [OPTION] [INSTALL_DEVICE]" echo echo "Install Secure Boot Loaders on your drive." echo echo "--directory=DIR use images from DIR." echo "--grub-probe=FILE use FILE as grub-probe." echo "--removable the installation device is removable." echo "--no-nvram don't update the NVRAM variable." echo "--bootloader-id=ID the ID of bootloader." echo "--efi-directory=DIR use DIR as the EFI System Partition root." echo "--config-file=FILE use FILE as config file, default is $grub_cfg." echo "--clean remove all installed files and configs." echo "--suse-enable-tpm install grub.efi with TPM support." echo echo "INSTALL_DEVICE must be system device filename." } argument () { opt="$1" shift if test $# -eq 0; then echo "$0: option requires an argument -- \`$opt'" 1>&2 exit 1 fi echo "$1" } # Check the arguments. while test $# -gt 0 do option=$1 shift case "$option" in -h | --help) usage exit 0 ;; --root-directory) rootdir="`argument $option "$@"`"; shift;; --root-directory=*) rootdir="`echo "$option" | sed 's/--root-directory=//'`" ;; --efi-directory) efidir="`argument $option "$@"`"; shift;; --efi-directory=*) efidir="`echo "$option" | sed 's/--efi-directory=//'`" ;; --directory | -d) source_dir="`argument $option "$@"`"; shift;; --directory=*) source_dir="`echo "$option" | sed 's/--directory=//'`" ;; --bootloader-id) bootloader_id="`argument $option "$@"`"; shift;; --bootloader-id=*) bootloader_id="`echo "$option" | sed 's/--bootloader-id=//'`" ;; --grub-probe) grub_probe="`argument "$option" "$@"`"; shift;; --grub-probe=*) grub_probe="`echo "$option" | sed 's/--grub-probe=//'`" ;; --config-file) grub_cfg="`argument "$option" "$@"`"; shift;; --config-file=*) grub_cfg="`echo "$option" | sed 's/--config-file=//'`" ;; --removable) no_nvram=yes removable=yes ;; --no-nvram) no_nvram=yes ;; --suse-enable-tpm) # bsc#1174320 shim-install uses wrong paths for EFI files # There are 3 possible locations of grub-tpm.efi and we will check them # one by one. if [ -e "${source_dir}/grub-tpm.efi" ]; then source_grub_efi="${source_dir}/grub-tpm.efi" elif [ -e "${datadir}/grub2/${grub_install_target}/grub-tpm.efi" ] ; then source_grub_efi="${datadir}/grub2/${grub_install_target}/grub-tpm.efi" else source_grub_efi="/usr/lib/grub2/${grub_install_target}/grub-tpm.efi" fi ;; --clean) clean=yes ;; -*) echo "Unrecognized option \`$option'" 1>&2 usage exit 1 ;; *) if test "x$install_device" != x; then echo "More than one install device?" 1>&2 usage exit 1 fi install_device="${option}" ;; esac done if test -n "$efidir"; then efi_fs=`"$grub_probe" --target=fs "${efidir}"` if test "x$efi_fs" = xfat; then :; else echo "$efidir doesn't look like an EFI partition." 1>&2 efidir= fi fi if [ -z "$bootdir" ]; then bootdir="/boot" if [ -n "$rootdir" ] ; then # Initialize bootdir if rootdir was initialized. bootdir="${rootdir}/boot" fi fi # Find the EFI System Partition. if test -n "$efidir"; then install_device="`"$grub_probe" --target=device --device-map= "${efidir}"`" else if test -d "${bootdir}/efi"; then install_device="`"$grub_probe" --target=device --device-map= "${bootdir}/efi"`" # Is it a mount point? if test "x$install_device" != "x`"$grub_probe" --target=device --device-map= "${bootdir}"`"; then efidir="${bootdir}/efi" fi elif test -d "${bootdir}/EFI"; then install_device="`"$grub_probe" --target=device --device-map= "${bootdir}/EFI"`" # Is it a mount point? if test "x$install_device" != "x`"$grub_probe" --target=device --device-map= "${bootdir}"`"; then efidir="${bootdir}/EFI" fi elif test -n "$rootdir" && test "x$rootdir" != "x/"; then # The EFI System Partition may have been given directly using # --root-directory. install_device="`"$grub_probe" --target=device --device-map= "${rootdir}"`" # Is it a mount point? if test "x$install_device" != "x`"$grub_probe" --target=device --device-map= "${rootdir}/.."`"; then efidir="${rootdir}" fi fi if test -n "$efidir"; then efi_fs=`"$grub_probe" --target=fs "${efidir}"` if test "x$efi_fs" = xfat; then :; else echo "$efidir doesn't look like an EFI partition." 1>&2 efidir= fi fi fi if test -n "$efidir"; then efi_file=shim.efi efibootdir="$efidir/EFI/boot" mkdir -p "$efibootdir" || exit 1 if test "$removable" = "yes" ; then efidir="$efibootdir" else efidir="$efidir/EFI/$efi_distributor" mkdir -p "$efidir" || exit 1 fi else echo "No valid EFI partition" 1>&2 exit 1; fi if test "$removable" = "no" -a -f "$efibootdir/$def_boot_efi"; then if test -n "$ca_string" && (grep -q "$ca_string" "$efibootdir/$def_boot_efi"); then update_boot=yes fi else update_boot=yes fi if test "$clean" = "yes"; then rm -f "${efidir}/shim.efi" rm -f "${efidir}/MokManager.efi" rm -f "${efidir}/grub.efi" rm -f "${efidir}/grub.cfg" rm -f "${efidir}/boot.csv" if test "$update_boot" = "yes"; then rm -f "${efibootdir}/${def_boot_efi}" rm -f "${efibootdir}/fallback.efi" # bsc#1175626, bsc#1175656 also clean up MokManager rm -f "${efibootdir}/MokManager.efi" fi if test "$no_nvram" = no && test -n "$bootloader_id"; then # Delete old entries from the same distributor. for bootnum in `$efibootmgr | grep '^Boot[0-9]' | \ fgrep -i " $bootloader_id" | cut -b5-8`; do $efibootmgr -b "$bootnum" -B done fi exit 0 fi cp "${source_dir}/MokManager.efi" "${efidir}" if test -n "$source_grub_efi" && ! test -f "$source_grub_efi"; then echo "File $source_grub_efi doesn't exist, fallback to default one" 1>&2 source_grub_efi="" fi if test -z "$source_grub_efi"; then source_grub_efi="$def_grub_efi" fi echo "copying $source_grub_efi to ${efidir}/grub.efi" cp "$source_grub_efi" "${efidir}/grub.efi" if test "$efidir" != "$efibootdir" ; then cp "${source_dir}/shim.efi" "${efidir}" if test -n "$bootloader_id"; then echo "shim.efi,${bootloader_id}" | iconv -f ascii -t ucs2 > "${efidir}/boot.csv" fi fi if test "$update_boot" = "yes"; then cp "${source_dir}/shim.efi" "${efibootdir}/${def_boot_efi}" if test "$removable" = "no"; then cp "${source_dir}/fallback.efi" "${efibootdir}" # bsc#1175626, bsc#1175656 Since shim 15, loading MokManager becomes # mandatory if a MOK request exists. Copy MokManager to \EFI\boot so # that boot*.efi can load MokManager to process the request instead # of shutting down the system immediately. cp "${source_dir}/MokManager.efi" "${efibootdir}" fi fi make_grubcfg () { grub_cfg_dirname=`dirname $grub_cfg` grub_cfg_basename=`basename $grub_cfg` cfg_fs_uuid=`"$grub_probe" --target=fs_uuid "$grub_cfg_dirname"` # bsc#1153953 - Leap 42.3 boot error snapshot missing # We have to check btrfs is used as root file system to enable relative path # lookup for file to be on par with other utility which also accounts for it. GRUB_FS="$(stat -f --printf=%T / || echo unknown)" if test "x$SUSE_BTRFS_SNAPSHOT_BOOTING" = "xtrue" && [ "x${GRUB_FS}" = "xbtrfs" ] ; then cat <<EOF set btrfs_relative_path="yes" EOF if ${grub_mkrelpath} --usage | grep -q -e '--relative'; then grub_mkrelpath="${grub_mkrelpath} -r" fi fi if [ x$GRUB_ENABLE_CRYPTODISK = xy ]; then for uuid in `"${grub_probe}" --target=cryptodisk_uuid --device-map= "${grub_cfg_dirname}"`; do echo "cryptomount -u $uuid" done fi cat <<EOF search --fs-uuid --set=root ${cfg_fs_uuid} set prefix=(\${root})`${grub_mkrelpath} ${grub_cfg_dirname}` source "\${prefix}/${grub_cfg_basename}" EOF } make_grubcfg > "${efidir}/grub.cfg" # bnc#889765 GRUB shows broken letters at boot # invoke grub_install to initialize /boot/grub2 directory with files needed by grub.cfg # bsc#1118363 shim-install didn't specify the target for grub2-install # set the target explicitly for some special cases ${grub_install} --target=${grub_install_target} --no-nvram if test "$no_nvram" = no && test -n "$bootloader_id"; then modprobe -q efivars 2>/dev/null || true # Delete old entries from the same distributor. for bootnum in `$efibootmgr | grep '^Boot[0-9]' | \ fgrep -i " $bootloader_id" | cut -b5-8`; do $efibootmgr -b "$bootnum" -B done efidir_drive="$("$grub_probe" --target=drive --device-map= "$efidir")" efidir_disk="$("$grub_probe" --target=disk --device-map= "$efidir")" if test -z "$efidir_drive" || test -z "$efidir_disk"; then echo "Can't find GRUB drive for $efidir; unable to create EFI Boot Manager entry." >&2 # bsc#1119762 If the MD device is partitioned, we just need to create one # boot entry since the partitions are nested partitions and the mirrored # partitions share the same UUID. elif [[ "$efidir_drive" == \(mduuid/* && "$efidir_drive" != \(mduuid/*,* ]]; then eval $(mdadm --detail --export "$efidir_disk" | perl -ne 'print if m{^MD_LEVEL=}; push( @D, $1) if (m{^MD_DEVICE_\S+_DEV=(\S+)$}); sub END() {print "MD_DEVS=\"", join( " ", @D), "\"\n";};') if [ "$MD_LEVEL" != "raid1" ]; then echo "GRUB drive for $efidir not on RAID1; unable to create EFI Boot Manager entry." >&2 fi for mddev in $MD_DEVS; do efidir_drive="$("$grub_probe" --target=drive --device-map= -d "$mddev")" efidir_disk="$("$grub_probe" --target=disk --device-map= -d "$mddev")" efidir_part="$(echo "$efidir_drive" | sed 's/^([^,]*,[^0-9]*//; s/[^0-9].*//')" efidir_d=${mddev#/dev/} $efibootmgr -c -d "$efidir_disk" -p "$efidir_part" -w \ -L "$bootloader_id ($efidir_d)" -l "\\EFI\\$efi_distributor\\$efi_file" done else efidir_part="$(echo "$efidir_drive" | sed 's/^([^,]*,[^0-9]*//; s/[^0-9].*//')" $efibootmgr -c -d "$efidir_disk" -p "$efidir_part" -w \ -L "$bootloader_id" -l "\\EFI\\$efi_distributor\\$efi_file" fi fi ++++++ shim-opensuse-cert-prompt.patch ++++++ >From 49355a83722494099caeb23b46637b2c94a6ab9e Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <[email protected]> Date: Tue, 18 Feb 2014 17:29:19 +0800 Subject: [PATCH 1/3] Show the build-in certificate prompt This is an openSUSE-only patch. Pop up a window to ask if the user is willing to trust the built-in openSUSE certificate. If yes, set openSUSE_Verify, a BootService variable, to 1, and shim won't bother the user afterward. If no, continue the booting process without using the built-in certificate to verify the EFI images, and the window will show up again after reboot. The state will store in use_openSUSE_cert, a volatile RT variable. --- mok.c | 3 ++- shim.c | 69 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- shim.h | 1 + 3 files changed, 71 insertions(+), 2 deletions(-) diff --git a/mok.c b/mok.c index 00dd1ad..1645d24 100644 --- a/mok.c +++ b/mok.c @@ -139,7 +139,8 @@ static EFI_STATUS mirror_one_mok_variable(struct mok_state_variable *v) if ((v->flags & MOK_MIRROR_KEYDB) && v->addend_source && *v->addend_source && - v->addend_size && *v->addend_size) { + v->addend_size && *v->addend_size && + use_builtin_cert) { EFI_SIGNATURE_LIST *CertList = NULL; EFI_SIGNATURE_DATA *CertData = NULL; FullDataSize = v->data_size diff --git a/shim.c b/shim.c index 248c946..d52f46f 100644 --- a/shim.c +++ b/shim.c @@ -83,6 +83,7 @@ UINT8 *vendor_dbx; */ verification_method_t verification_method; int loader_is_participating; +BOOLEAN use_builtin_cert; #define EFI_IMAGE_SECURITY_DATABASE_GUID { 0xd719b2cb, 0x3d3a, 0x4596, { 0xa3, 0xbc, 0xda, 0xd0, 0x0e, 0x67, 0x65, 0x6f }} @@ -1066,7 +1067,7 @@ static EFI_STATUS verify_buffer (char *data, int datasize, return efi_status; } - if (cert) { + if (cert && use_builtin_cert) { #if defined(ENABLE_SHIM_CERT) /* * Check against the shim build key @@ -2529,6 +2530,69 @@ shim_fini(void) console_fini(); } +#define VENDOR_VERIFY L"openSUSE_Verify" + +/* Show the built-in certificate prompt if necessary */ +static int builtin_cert_prompt(void) +{ + EFI_STATUS status; + UINT32 attributes; + UINTN len = sizeof(UINT8); + UINT8 data; + + use_builtin_cert = FALSE; + + if (vendor_cert_size == 0) + return 0; + + status = gRT->GetVariable(VENDOR_VERIFY, &SHIM_LOCK_GUID, + &attributes, &len, (void *)&data); + if (status != EFI_SUCCESS || + (attributes & EFI_VARIABLE_RUNTIME_ACCESS)) { + int choice; + + if (status != EFI_NOT_FOUND) + LibDeleteVariable(VENDOR_VERIFY, &SHIM_LOCK_GUID); + + CHAR16 *str[] = {L"Trust openSUSE Certificate", + L"", + L"Do you agree to use the built-in openSUSE certificate", + L"to verify boot loaders and kernels?", + NULL}; + choice = console_yes_no(str); + if (choice != 1) { + data = 0; + goto done; + } + + data = 1; + status = gRT->SetVariable(VENDOR_VERIFY, &SHIM_LOCK_GUID, + EFI_VARIABLE_NON_VOLATILE | + EFI_VARIABLE_BOOTSERVICE_ACCESS, + sizeof(UINT8), &data); + if (status != EFI_SUCCESS) { + console_error(L"Failed to set openSUSE_Verify", status); + return -1; + } + } + + use_builtin_cert = TRUE; + data = 1; + +done: + /* Setup a runtime variable to show the current state */ + status = gRT->SetVariable(L"use_openSUSE_cert", &SHIM_LOCK_GUID, + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_RUNTIME_ACCESS, + sizeof(UINT8), &data); + if (status != EFI_SUCCESS) { + console_error(L"Failed to set use_openSUSE_cert", status); + return -1; + } + + return 0; +} + extern EFI_STATUS efi_main(EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab); @@ -2623,6 +2687,9 @@ efi_main (EFI_HANDLE passed_image_handle, EFI_SYSTEM_TABLE *passed_systab) */ debug_hook(); + if (secure_mode() && (builtin_cert_prompt() != 0)) + return EFI_ABORTED; + /* * Before we do anything else, validate our non-volatile, * boot-services-only state variables are what we think they are. diff --git a/shim.h b/shim.h index d9c60f5..ab384d4 100644 --- a/shim.h +++ b/shim.h @@ -174,6 +174,7 @@ extern UINT8 *vendor_dbx; extern UINT8 user_insecure_mode; extern UINT8 ignore_db; extern UINT8 in_protocol; +extern BOOLEAN use_builtin_cert; #define perror_(file, line, func, fmt, ...) ({ \ UINTN __perror_ret = 0; \ -- 2.19.2 >From 18b6390f3193ebccad44cf1448ce54be512cd066 Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <[email protected]> Date: Thu, 20 Feb 2014 16:57:08 +0800 Subject: [PATCH 2/3] Support revoking the openSUSE cert This is an openSUSE-only patch. To revoke the openSUSE cert, create ClearVerify, a NV RT variable, and store the password hash in the variable, and then MokManager will show up with an additional option to clear openSUSE_Verify --- MokManager.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++++-- mok.c | 2 +- 2 files changed, 59 insertions(+), 3 deletions(-) diff --git a/MokManager.c b/MokManager.c index 1ab8e5e..fbb7d22 100644 --- a/MokManager.c +++ b/MokManager.c @@ -1715,6 +1715,31 @@ mokpw_done: return EFI_SUCCESS; } +static INTN mok_clear_verify_prompt(void *ClearVerify, UINTN ClearVerifySize) { + EFI_STATUS status; + + if (console_yes_no((CHAR16 *[]){L"Do you want to revoke openSUSE certificate?", NULL}) != 1) + return 0; + + if (ClearVerifySize == PASSWORD_CRYPT_SIZE) { + status = match_password((PASSWORD_CRYPT *)ClearVerify, NULL, 0, + NULL, NULL); + } + if (status != EFI_SUCCESS) + return -1; + + status = LibDeleteVariable(L"openSUSE_Verify", &SHIM_LOCK_GUID); + if (status != EFI_SUCCESS) { + console_error(L"Failed to delete openSUSE_Verify", status); + return -1; + } + + console_notify(L"The system must now be rebooted"); + gRT->ResetSystem(EfiResetWarm, EFI_SUCCESS, 0, NULL); + console_notify(L"Failed to reboot"); + return -1; +} + static BOOLEAN verify_certificate(UINT8 * cert, UINTN size) { X509 *X509Cert; @@ -2050,6 +2075,7 @@ typedef enum { MOK_CHANGE_SB, MOK_SET_PW, MOK_CHANGE_DB, + MOK_CLEAR_VERIFY, MOK_KEY_ENROLL, MOK_HASH_ENROLL } mok_menu_item; @@ -2070,7 +2096,8 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, void *MokPW, UINTN MokPWSize, void *MokDB, UINTN MokDBSize, void *MokXNew, UINTN MokXNewSize, - void *MokXDel, UINTN MokXDelSize) + void *MokXDel, UINTN MokXDelSize, + void *ClearVerify, UINTN ClearVerifySize) { CHAR16 **menu_strings = NULL; mok_menu_item *menu_item = NULL; @@ -2146,8 +2173,12 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, if (MokDB) menucount++; + if (ClearVerify) + menucount++; + menu_strings = AllocateZeroPool(sizeof(CHAR16 *) * (menucount + 1)); + if (!menu_strings) return EFI_OUT_OF_RESOURCES; @@ -2217,6 +2248,12 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, i++; } + if (ClearVerify) { + menu_strings[i] = L"Revoke openSUSE certificate"; + menu_item[i] = MOK_CLEAR_VERIFY; + i++; + } + menu_strings[i] = L"Enroll key from disk"; menu_item[i] = MOK_KEY_ENROLL; i++; @@ -2321,6 +2358,9 @@ static EFI_STATUS enter_mok_menu(EFI_HANDLE image_handle, if (!EFI_ERROR(efi_status)) MokDB = NULL; break; + case MOK_CLEAR_VERIFY: + mok_clear_verify_prompt(ClearVerify, ClearVerifySize); + break; case MOK_KEY_ENROLL: efi_status = mok_key_enroll(); break; @@ -2352,6 +2392,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) { UINTN MokNewSize = 0, MokDelSize = 0, MokSBSize = 0, MokPWSize = 0; UINTN MokDBSize = 0, MokXNewSize = 0, MokXDelSize = 0; + UINTN ClearVerifySize = 0; void *MokNew = NULL; void *MokDel = NULL; void *MokSB = NULL; @@ -2359,6 +2400,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) void *MokDB = NULL; void *MokXNew = NULL; void *MokXDel = NULL; + void *ClearVerify = NULL; EFI_STATUS efi_status; efi_status = get_variable(L"MokNew", (UINT8 **) & MokNew, &MokNewSize, @@ -2431,9 +2473,20 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) console_error(L"Could not retrieve MokXDel", efi_status); } + efi_status = get_variable(L"ClearVerify", (UINT8 **)&ClearVerify, + &ClearVerifySize, SHIM_LOCK_GUID); + if (!EFI_ERROR(efi_status)) { + efi_status = LibDeleteVariable(L"ClearVerify", &SHIM_LOCK_GUID); + if (EFI_ERROR(efi_status)) + console_notify(L"Failed to delete ClearVerify"); + } else if (EFI_ERROR(efi_status) && efi_status != EFI_NOT_FOUND) { + console_error(L"Could not retrieve ClearVerify", efi_status); + } + enter_mok_menu(image_handle, MokNew, MokNewSize, MokDel, MokDelSize, MokSB, MokSBSize, MokPW, MokPWSize, MokDB, MokDBSize, - MokXNew, MokXNewSize, MokXDel, MokXDelSize); + MokXNew, MokXNewSize, MokXDel, MokXDelSize, + ClearVerify, ClearVerifySize); if (MokNew) FreePool(MokNew); @@ -2456,6 +2509,9 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) if (MokXDel) FreePool(MokXDel); + if (ClearVerify) + FreePool (ClearVerify); + LibDeleteVariable(L"MokAuth", &SHIM_LOCK_GUID); LibDeleteVariable(L"MokDelAuth", &SHIM_LOCK_GUID); LibDeleteVariable(L"MokXAuth", &SHIM_LOCK_GUID); diff --git a/mok.c b/mok.c index 1645d24..45110cd 100644 --- a/mok.c +++ b/mok.c @@ -37,7 +37,7 @@ static EFI_STATUS check_mok_request(EFI_HANDLE image_handle) check_var(L"MokPW") || check_var(L"MokAuth") || check_var(L"MokDel") || check_var(L"MokDB") || check_var(L"MokXNew") || check_var(L"MokXDel") || - check_var(L"MokXAuth")) { + check_var(L"MokXAuth") || check_var(L"ClearVerify")) { efi_status = start_image(image_handle, MOK_MANAGER); if (EFI_ERROR(efi_status)) { -- 2.19.2 >From f16f00e47824722651e2e4f2b327dfbe4fb6367d Mon Sep 17 00:00:00 2001 From: Gary Ching-Pang Lin <[email protected]> Date: Fri, 7 Mar 2014 16:17:20 +0800 Subject: [PATCH 3/3] Delete openSUSE_Verify the right way This is an openSUSE-only patch. LibDeleteVariable only works on the runtime variables. --- MokManager.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/MokManager.c b/MokManager.c index fbb7d22..22336d4 100644 --- a/MokManager.c +++ b/MokManager.c @@ -1728,7 +1728,10 @@ static INTN mok_clear_verify_prompt(void *ClearVerify, UINTN ClearVerifySize) { if (status != EFI_SUCCESS) return -1; - status = LibDeleteVariable(L"openSUSE_Verify", &SHIM_LOCK_GUID); + status = gRT->SetVariable(L"openSUSE_Verify", &SHIM_LOCK_GUID, + EFI_VARIABLE_BOOTSERVICE_ACCESS | + EFI_VARIABLE_NON_VOLATILE, + 0, NULL); if (status != EFI_SUCCESS) { console_error(L"Failed to delete openSUSE_Verify", status); return -1; -- 2.19.2 ++++++ show_hash.sh ++++++ #!/bin/bash # show hash of PE binary set -e infile="$1" if [ -z "$infile" -o ! -e "$infile" ]; then echo "USAGE: $0 file.efi" exit 1 fi pesign -h -P -i "$infile" ++++++ show_signatures.sh ++++++ #!/bin/bash # show signatures on a PE binary set -e infile="$1" if [ -z "$infile" -o ! -e "$infile" ]; then echo "USAGE: $0 file.efi" exit 1 fi pesign -S -i "$infile" ++++++ signature-opensuse.aarch64.asc ++++++ hash: 96275dfd6282a522b011177ee049296952ac794832091f937fbbf92869028629 # 2069-04-10 06:07:54 timestamp: babababa checksum: ef25 -----BEGIN AUTHENTICODE SIGNATURE----- MIIhwQYJKoZIhvcNAQcCoIIhsjCCIa4CAQExDzANBglghkgBZQMEAgEFADBcBgor BgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgB ZQMEAgEFAAQglidd/WKCpSKwERd+4EkpaVKseUgyCR+Tf7v5KGkChimgggs8MIIF JDCCBAygAwIBAgITMwAAABjnMIN/Ryp7WwABAAAAGDANBgkqhkiG9w0BAQsFADCB gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTAeFw0xNTEwMjgyMDQz MzdaFw0xNzAxMjgyMDQzMzdaMIGVMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv cnBvcmF0aW9uMQ0wCwYDVQQLEwRNT1BSMTAwLgYDVQQDEydNaWNyb3NvZnQgV2lu ZG93cyBVRUZJIERyaXZlciBQdWJsaXNoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCxZkprRvykOB1+X8MMpDVlB36RVafGyaZ8Dsl5/8U92WKQvqdx T7SsnmbDv9TNSndVGzFvH5p4dn1Q/52kuDMpwpjGUqTWrx1+jrZOYrb02uTL/+QZ H/nxW96fPJqKIEnqe16lLp2WCjT6J7AzckF67KEW6voOzXITZLP8t3OCqNWIWXy3 ABLiZllI3O+VAwmRlosEmPYcD2qM3KxhPNvT+GZ2gb+FrLKvuRNxpHK0iZBxnrSg SnTlSfqzOAf9LWP6f4ajn04tdPOCRh3xuPM/bHJlCS40hBH2hYAV40s1vKTL8/Uf lTVdaBrq6f6NZAc4RFWnQgc/32xiYIcQ6AmjAgMBAAGjggF9MIIBeTAfBgNVHSUE GDAWBggrBgEFBQcDAwYKKwYBBAGCN1ACATAdBgNVHQ4EFgQUI3JhxfMYweN5Brdl fggzjB4hb1owUQYDVR0RBEowSKRGMEQxDTALBgNVBAsTBE1PUFIxMzAxBgNVBAUT KjMxNjE5K2UyOTg0YTM1LWNmNGYtNDEwZC04ZWMzLTcxOTYxNWJmOGMxYjAfBgNV HSMEGDAWgBQTrb9DCb2CcJyM1U8xbtUimIob1DBTBgNVHR8ETDBKMEigRqBEhkJo dHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb3JVRUZDQTIw MTFfMjAxMS0wNi0yNy5jcmwwYAYIKwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRo dHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvclVFRkNB MjAxMV8yMDExLTA2LTI3LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUA A4IBAQBxu75jhm/XBbQkp7pR8jykioQZc4KXLTqPQ1l/Z5KO1yY6oKImgbidhR3b ZV+cz5MqktoNxsf0Pt7WVxbuZe0nOe8UC7ldmH3NwbfukTSr0CNw4Sw+unFmLxDo g3BhCstsmP/yfDizuCkzPXVCjoBK3tCbNIZxfUEYjwSJAsFpeHvPEJlse2beTfpb ghe9sCMUOT2yiKjf+1tbY6FNeB6/DvpaxkBYX99jcLy1KHD5LWcoIjEREhFybILA mhoagQQ7upVbQLvJHAMyctmHUh432Kod0PpUUTwSrMChSAgB0t+l5DinGgowpoSj kjMiS55xRj22uZpnBzckogBCW0LGMIIGEDCCA/igAwIBAgIKYQjTxAAAAAAABDAN BgkqhkiG9w0BAQsFADCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0 b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3Jh dGlvbjE7MDkGA1UEAxMyTWljcm9zb2Z0IENvcnBvcmF0aW9uIFRoaXJkIFBhcnR5 IE1hcmtldHBsYWNlIFJvb3QwHhcNMTEwNjI3MjEyMjQ1WhcNMjYwNjI3MjEzMjQ1 WjCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UE AxMiTWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKUIbEzHRQlqSwykwId/BnUMQwFUZOAWfwft kn0LsnO/DArGSkVhoMUWLZbT9Sug+01Jm0GAkDy5VP3mvNGdxKQYin9BilxZg2gy u4xHye5xvCFPmop8/0Q/jY8ysiZIrnW17slMHkoZfuSCmh14d00MsL32D9MW07z6 K6VROF31+7rbeALb/+wKG5bVg7gZE+m2wHtAe+EfKCfJ+u9WXhzmfpR+wPBEsnk5 5dqyYotNvzhw4mgkFMkzpAg31VhpXtN87cEEUwjnTrAqh2MIYW9jFVnqsit51wxh Z4pb/V6th3+6hmdPcVgSIgQiIs6L71RxAM5QNVh2lQjuarGiAdUCAwEAAaOCAXYw ggFyMBIGCSsGAQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFPjBa7d/d1NK 8yU3HU6hJnsPIHCAMB0GA1UdDgQWBBQTrb9DCb2CcJyM1U8xbtUimIob1DAZBgkr BgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw AwEB/zAfBgNVHSMEGDAWgBRFZlJD4X5YEb/WTp4jVQg7OiJqqDBcBgNVHR8EVTBT MFGgT6BNhktodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0 cy9NaWNDb3JUaGlQYXJNYXJSb29fMjAxMC0xMC0wNS5jcmwwYAYIKwYBBQUHAQEE VDBSMFAGCCsGAQUFBzAChkRodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2Nl cnRzL01pY0NvclRoaVBhck1hclJvb18yMDEwLTEwLTA1LmNydDANBgkqhkiG9w0B AQsFAAOCAgEANQhC/zDMzvd2DK0QaFg1KUYydid87xJBJ0IbSqptgThIWRNV8+lY NKYWC4KqXa2C2oCDQQaPtB3yA7nzGl0b8VCQ+bNVhEIoHCC9sq5RFMXArJeVIRyQ 2w/8d56Vc5GIyr29UrkFUA3fV56gYe0N5W0l2UAPF0DIzqNKwk2vmhIdCFSPvce8 uSs9SSsfMvxqIWlPm8h+QjT8NgYXi48gQMCzmiV1J83JA6P2XdHnNlR6uVC10xLR B7+7dN/cHo+A1e0Y9C8UFmsv3maMsCPlx4TY7erBM4KtVksYLfFolQfNz/By8K67 3YaFmCwhTDMr8A9K8GiHtZJVMnWhaoJqPKMlEaTtrdcErsvYQFmghNGVTGKRIhp0 HYw9Rw5EpuSwmzQ1sfq2U6gsgeykBXHInbi66BtEZuRHVA6OVn+znxaYsobQaD6Q I7UvXo9QhY3GjYJfQaH0Lg3gmdJsdeS2abUhhvoH0fbiTdHarSx3Ux4lMjfHbFJy lYaw8TVhahn1sjuBUFamMi3+oon5QoYnGFWhgspam/gwmFQUpkeWJS/IJuRBlBpc Aj/lluOFWzw+P7tHFnJV4iUisdl75wMGKqP3HpBGwwAN1hmJ4w41J2IDcRWm79An oKBZN2D4OJS44Hhw+LpMhoeU9uCuAkXuZcK2o35pFnUHkpv1prxZg1gxghX4MIIV 9AIBATCBmTCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO BgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEr MCkGA1UEAxMiTWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMQITMwAA ABjnMIN/Ryp7WwABAAAAGDANBglghkgBZQMEAgEFAKCB4jAZBgkqhkiG9w0BCQMx DAYKKwYBBAGCNwIBBDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkq hkiG9w0BCQQxIgQgC5Mui2KqvNqQsTzZfuTIs4mo9KL7c0hG3k6fhLXdT1EwdgYK KwYBBAGCNwIBDDFoMGagMoAwAFMAVQBTAEUAIABMAGkAbgB1AHgAIABQAHIAbwBk AHUAYwB0AHMAIABHAG0AYgBIoTCALmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS93 aGRjL2hjbC9kZWZhdWx0Lm1zcHgwDQYJKoZIhvcNAQEBBQAEggEAUpAOjQut0b9l iTNUwPVDzKzJNK4v8eNc176xvOSLqKkMBj2DmciVbi6va9u6Lp72cGz/8ixIm/pJ wuObM/xSQdd6NI9DWy1O4/MtAyIgl56ynXplEm9/tGlbu19mQo4TFBG+DuMEFoq3 ZVg8s8n3upVrAOprYIQbhBenO8KgF9QOJ2er/+NyRlc/Kkdtlg5haN7QNhBxGl/z 0JFnDE7weUDqn4RFYkS6SKH7iIG6YZN5FgmrgrMbIqqKLK0Ro7N/BhI+WilX8kLU F4uuT9bvKAtc/fZkR8ncvUp9F9+zHevqWyYp6vA6O1fis4RPvfcPzsstInUOsyN/ LPeVYEqUK6GCE0owghNGBgorBgEEAYI3AwMBMYITNjCCEzIGCSqGSIb3DQEHAqCC EyMwghMfAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggE8BgsqhkiG9w0BCRABBKCCASsE ggEnMIIBIwIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFlAwQCAQUABCDYr609VK4b Nh7kCWgKnvrLUKV15/Hk9cQt/xPyRZoRyAIGVk82mzoxGBMyMDE1MTIwMzA3NTY0 MC44NzhaMAcCAQGAAgH0oIG4pIG1MIGyMQswCQYDVQQGEwJVUzETMBEGA1UECBMK V2FzaGluZ3RvbjEPMA0GA1UEBxMGUmVkbW9kMR4wHAYDVQQKExVNaWNyb3NvZnQg Q29ycG9yYXRpb24xDTALBgNVBAsTBE1PUFIxJzAlBgNVBAsTHm5DaXBoZXIgRFNF IEVTTjozMUM1LTMwQkEtN0M5MTElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3Rh bXAgU2VydmljZaCCDs4wggZxMIIEWaADAgECAgphCYEqAAAAAAACMA0GCSqGSIb3 DQEBCwUAMIGIMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4G A1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTIw MAYDVQQDEylNaWNyb3NvZnQgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgMjAx MDAeFw0xMDA3MDEyMTM2NTVaFw0yNTA3MDEyMTQ2NTVaMHwxCzAJBgNVBAYTAlVT MRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQK ExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBUaW1l LVN0YW1wIFBDQSAyMDEwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA qR0NvHcRijog7PwTl/X6f2mUa3RUENWlCgCChfvtfGhLLF/Fw+Vhwna3PmYrW/AV UycEMR9BGxqVHc4JE458YTBZsTBED/FgiIRUQwzXTbg4CLNC3ZOs1nMwVyaCo0UN 0Or1R4HNvyRgMlhgRvJYR4YyhB50YWeRX4FUsc+TTJLBxKZd0WETbijGGvmGgLvf YfxGwScdJGcSchohiq9LZIlQYrFd/XcfPfBXday9ikJNQFHRD5wGPmd/9WbAA5ZE fu/QS/1u5ZrKsajyeioKMfDaTgaRtogINeh4HLDpmc085y9Euqf03GS9pAHBIAmT eM38vMDJRF1eFpwBBU8iTQIDAQABo4IB5jCCAeIwEAYJKwYBBAGCNxUBBAMCAQAw HQYDVR0OBBYEFNVjOlyKMZDzQ3t8RhvFM2hahW1VMBkGCSsGAQQBgjcUAgQMHgoA UwB1AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQY MBaAFNX2VsuP6KJcYmjRPZSQW9fOmhjEMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6 Ly9jcmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1Jvb0NlckF1 dF8yMDEwLTA2LTIzLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0 dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljUm9vQ2VyQXV0XzIw MTAtMDYtMjMuY3J0MIGgBgNVHSABAf8EgZUwgZIwgY8GCSsGAQQBgjcuAzCBgTA9 BggrBgEFBQcCARYxaHR0cDovL3d3dy5taWNyb3NvZnQuY29tL1BLSS9kb2NzL0NQ Uy9kZWZhdWx0Lmh0bTBABggrBgEFBQcCAjA0HjIgHQBMAGUAZwBhAGwAXwBQAG8A bABpAGMAeQBfAFMAdABhAHQAZQBtAGUAbgB0AC4gHTANBgkqhkiG9w0BAQsFAAOC AgEAB+aIUQ3ixuCYP4FxAz2do6Ehb7Prpsz1Mb7PBeKp/vpXbRkws8LFZslq3/Xn 8Hi9x6ieJeP5vO1rVFcIK1GCRBL7uVOMzPRgEop2zEBAQZvcXBf/XPleFzWYJFZL dO9CEMivv3/Gf/I3fVo/HPKZeUqRUgCvOA8X9S95gWXZqbVr5MfO9sp6AG9LMEQk IjzP7QOllo9ZKby2/QThcJ8ySif9Va8v/rbljjO7Yl+a21dA6fHOmWaQjP9qYn/d xUoLkSbiOewZSnFjnXshbcOco6I8+n99lmqQeKZt0uGc+R38ONiU9MalCpaGpL2e Gq4EQoO4tYCbIjggtSXlZOz39L9+Y1klD3ouOVd2onGqBooPiRa6YacRy5rYDkea gMXQzafQ732D8OE7cQnfXXSYIghh2rBQHm+98eEA3+cxB6STOvdlR3jo+KhIq/fe cn5ha293qYHLpwmsObvsxsvYgrRyzR30uIUBHoD7G4kqVDmyW9rIDVWZeodzOwjm mC3qjeAzLhIp9cAvVCch98isTtoouLGp25ayp0Kiyc8ZQU3ghvkqmqMRZjDTu3Qy S99je/WZii8bxyGvWbWu3EQ8l1Bx16HSxVXjad5XwdHeMMD9zOZN+w2/XU/pnR4Z OC+8z1gFLu8NoFA12u8JJxzVs341Hgi62jbb01+P3nSISRIwggTZMIIDwaADAgEC AhMzAAAAdHTMrak+fLWsAAAAAAB0MA0GCSqGSIb3DQEBCwUAMHwxCzAJBgNVBAYT AlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYD VQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29mdCBU aW1lLVN0YW1wIFBDQSAyMDEwMB4XDTE1MTAwNzE4MTczOVoXDTE3MDEwNzE4MTcz OVowgbIxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMQ8wDQYDVQQH EwZSZWRtb2QxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjENMAsGA1UE CxMETU9QUjEnMCUGA1UECxMebkNpcGhlciBEU0UgRVNOOjMxQzUtMzBCQS03Qzkx MSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFtcCBTZXJ2aWNlMIIBIjANBgkq hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0PYY+WjQQ/lOgaRo5Mgrb0qrtute02o WF86BQnBS1hCFzokjm2o3UXklFIw4n72MBasIASRfHd5TbSTnr56E2p9aMTxQjPY 1GWNKLwnU3KcBwJWBIkW4qNgB06WO9ZTyvEVIjo/8pGgw9uJy2nqMv8/NEb8GaWS G8yM3Kyk982VsflslFjz2KFTaA2XMAuYaRZ+I6B0r+hE8575k9TjaLVq35Y4JF6h ZfZnya2w2fiAf3K3U2YrhwKgCAq6+42ZBV/Qv40YTb8vH2M8lLHnY1wJxuq0rrTJ ETzHzcr33jg0dv2LJBE5QPl+6r2u98RKXsHBU5Sha2C8xkTvsTPayQIDAQABo4IB GzCCARcwHQYDVR0OBBYEFDTGrFKKJ9PTHpe/DAN1d0q62OQxMB8GA1UdIwQYMBaA FNVjOlyKMZDzQ3t8RhvFM2hahW1VMFYGA1UdHwRPME0wS6BJoEeGRWh0dHA6Ly9j cmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY1RpbVN0YVBDQV8y MDEwLTA3LTAxLmNybDBaBggrBgEFBQcBAQROMEwwSgYIKwYBBQUHMAKGPmh0dHA6 Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljVGltU3RhUENBXzIwMTAt MDctMDEuY3J0MAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYIKwYBBQUHAwgwDQYJ KoZIhvcNAQELBQADggEBAFmRjC7DqKiHQ0UajpmTyERutHCRU0hPJ7X4RtdcbiyL Lk4IXiJdZFH12iaJ1e4Te4yxuOoeAd+ANhUCi8PQ6L1mrFuRzS88SFeqLzFFAwsv DLiMVKNMnpLnYOVwiv4QgFCPik5QWq9xF07xtIWwMgpRUnEIcOQMrIozBjTTxOM0 H44oG+FxA0Pr6dtA4ta1ScZgo5YRSBCk1XIqsS73R+rjK9u4SrrwIxAauEdMtdKl LLFKOsTWP45fP573kP+N5Szgbvfbe3HRDSiKE7yyb5omwLyIWZvlzxcdWYih/jAq ALMOQNMbB1Semcv6Q6zsVdCbTs2Zs+wcgojZYDvg6BKhggN4MIICYAIBATCB4qGB uKSBtTCBsjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xDzANBgNV BAcTBlJlZG1vZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMQ0wCwYD VQQLEwRNT1BSMScwJQYDVQQLEx5uQ2lwaGVyIERTRSBFU046MzFDNS0zMEJBLTdD OTExJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2WiJQoBATAJ BgUrDgMCGgUAAxUAEHYGrKIAUIRQppVzfxnEl04RHviggcIwgb+kgbwwgbkxCzAJ BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xDTALBgNVBAsTBE1PUFIx JzAlBgNVBAsTHm5DaXBoZXIgTlRTIEVTTjo1N0Y2LUMxRTAtNTU0QzErMCkGA1UE AxMiTWljcm9zb2Z0IFRpbWUgU291cmNlIE1hc3RlciBDbG9jazANBgkqhkiG9w0B AQUFAAIFANoKCl0wIhgPMjAxNTEyMDMwMDI1MDFaGA8yMDE1MTIwNDAwMjUwMVow dzA9BgorBgEEAYRZCgQBMS8wLTAKAgUA2goKXQIBADAKAgEAAgIGLwIB/zAHAgEA AgIYeTAKAgUA2gtb3QIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMB oAowCAIBAAIDFuNgoQowCAIBAAIDB6EgMA0GCSqGSIb3DQEBBQUAA4IBAQBfi7jb OH28d5BTlq3PO/ns6ICJZ1eq899EIhLxW8sYhVN3wC8OkhNt1RQDmokO6mRZ8Kq3 A8QoyBlE+6VeVUTV8PoqxKbTAC5ofTkBScsR1KJDquBQtOlfLhINpQfja9qkQ6HG WUZ/uYvGI0QR/Wn97p4lmY8Iu9t6B+h7lbbIfjonNz6RfuRnil83gZxwvuU0zsOV ujEpq+Xv+Qwpf84TZhop6R6745ns7mFx6oYqCzs64GlV+ro+UkaVU0ZBvQF0SrK0 Zg+7S+tR9ZbiswMvQgPaBRCaSxzYLwpE32DOy0M8kAw7C/sYUMIY+1UGeGEYqvYn Oua0wsgQq1Oj2nINMYIC9TCCAvECAQEwgZMwfDELMAkGA1UEBhMCVVMxEzARBgNV BAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jv c29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAg UENBIDIwMTACEzMAAAB0dMytqT58tawAAAAAAHQwDQYJYIZIAWUDBAIBBQCgggEy MBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQgXCsJ dbLlwyLiabpo8dTN0JlBzu+7PIYWpljIrRy+/r8wgeIGCyqGSIb3DQEJEAIMMYHS MIHPMIHMMIGxBBQQdgasogBQhFCmlXN/GcSXThEe+DCBmDCBgKR+MHwxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29m dCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAAdHTMrak+fLWsAAAAAAB0MBYEFKgc IScRN0miGsGgPdeTR+HhcRexMA0GCSqGSIb3DQEBCwUABIIBAGL830RGkR0nuISC 5jjekrT+mzuFqwNwbXkQpgeBCowS3A05GgVdCTMcCQ2/ZVN9VVdnqeC1gq5123Vz fPUkozcg+6ICjLE5tTATth9Q0IcvPohWBZ61huLCzt4bgVi7P1U7SuT+2xBWFhus Phqsd8+44ux6U+U1ld+ecE8dfupDXn4sDMeat4XPovqg82jyFe+doyyPMTY1N9oP H+w2dYb8a32s4G1kajK5D+7fRxNXpDK/UIOrKvrMbnr1mUq+O6DJxppX1Xxbgzqf vlhwmei7T2GSMuJQ4Kwn3tzCQK2bWoCAU13e0iB+D7OLk27Ye18PawcrWg6+DOWY nSEK9MEAAAA= -----END AUTHENTICODE SIGNATURE----- ++++++ signature-opensuse.x86_64.asc ++++++ hash: f5e892dd6ec4c2defa4a495c09219b621379b64da3d1b2e34adf4b5f1102bd39 # 1970-01-01 00:00:00 timestamp: 0 checksum: 65ba -----BEGIN AUTHENTICODE SIGNATURE----- MIIhVgYJKoZIhvcNAQcCoIIhRzCCIUMCAQExDzANBglghkgBZQMEAgEFADBcBgor BgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgB ZQMEAgEFAAQg9eiS3W7Ewt76SklcCSGbYhN5tk2j0bLjSt9LXxECvTmgggswMIIF GDCCBACgAwIBAgITMwAAADgHaPPBgpJ3JAABAAAAODANBgkqhkiG9w0BAQsFADCB gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTAeFw0yMDAzMDQxODMy MjdaFw0yMTAzMDMxODMyMjdaMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv cnBvcmF0aW9uMTAwLgYDVQQDEydNaWNyb3NvZnQgV2luZG93cyBVRUZJIERyaXZl ciBQdWJsaXNoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCqfvRc QxLmFCRHe3DjwdBfbK52UWAymynl8XOwnxFXQ3xXMjrYtV3xF7pBs0vTcuQEh1GC VrDe9DN1tIehwR94n63EbDwclRlnWg6J3R1gTYi2ID9h0UOVeF4ADrv9lnY56T6E FC5wBhhTSg9g5gOzjxv7OHJJtWAkGbOrEmkTSDNc3w7pqbKdgIC4kHUh16xsTA06 c1fIfZGg/BdRt/K9bp1gFNrI+gCP/HuxaKbj0whYPmyQ+F1ME10pp/ZXgKxU+Bfa XG/NMEzxkoXBThLquFSbmkhr2XKTLYbIdCk1Y9mSML5ei+2B4t4H8eNvVG3ZwEsn E7/HiLSdjRFWCuMRAgMBAAGjggGAMIIBfDAfBgNVHSUEGDAWBgorBgEEAYI3UAIB BggrBgEFBQcDAzAdBgNVHQ4EFgQUP/Rho+Fpo7FPkinO8OfIVSTDg/0wVAYDVR0R BE0wS6RJMEcxLTArBgNVBAsTJE1pY3Jvc29mdCBJcmVsYW5kIE9wZXJhdGlvbnMg TGltaXRlZDEWMBQGA1UEBRMNMjI5OTExKzQ1ODM2ODAfBgNVHSMEGDAWgBQTrb9D Cb2CcJyM1U8xbtUimIob1DBTBgNVHR8ETDBKMEigRqBEhkJodHRwOi8vd3d3Lm1p Y3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb3JVRUZDQTIwMTFfMjAxMS0wNi0y Ny5jcmwwYAYIKwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRodHRwOi8vd3d3Lm1p Y3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvclVFRkNBMjAxMV8yMDExLTA2 LTI3LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQAiK8d9dmvO MhRcgnO1k3THjsWQq8fuMLz3Dyb2frG0oAL1zvVyCbI8wHAkp/kMKlMvdw8FXbx2 a8y6t0Qzlde0x0Jj9WdL6cQzx0EBrej/JCSoOTg+h8UhnBmAflstoc2SQen/FigC NdJvxaurF1KlHk3W06OVlvUdFifjJvkfqlDWji/o05muR4iDE3R4HD/3plMTZcD7 /Z9oItK9y2NoyNxFZbyFS5FDqWwnqv4JliUA3FmbKLxALCScfjxPXYOsX/SDd6zt 2hNpoVkoDSDfk99aWv5SNfH1xozil3oHbO/CNpAif7MkyW/OFF1+xoBQyJtJadca lMa9x3gWJ0NuMIIGEDCCA/igAwIBAgIKYQjTxAAAAAAABDANBgkqhkiG9w0BAQsF ADCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjE7MDkGA1UE AxMyTWljcm9zb2Z0IENvcnBvcmF0aW9uIFRoaXJkIFBhcnR5IE1hcmtldHBsYWNl IFJvb3QwHhcNMTEwNjI3MjEyMjQ1WhcNMjYwNjI3MjEzMjQ1WjCBgTELMAkGA1UE BhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAc BgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiTWljcm9zb2Z0 IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQADggEP ADCCAQoCggEBAKUIbEzHRQlqSwykwId/BnUMQwFUZOAWfwftkn0LsnO/DArGSkVh oMUWLZbT9Sug+01Jm0GAkDy5VP3mvNGdxKQYin9BilxZg2gyu4xHye5xvCFPmop8 /0Q/jY8ysiZIrnW17slMHkoZfuSCmh14d00MsL32D9MW07z6K6VROF31+7rbeALb /+wKG5bVg7gZE+m2wHtAe+EfKCfJ+u9WXhzmfpR+wPBEsnk55dqyYotNvzhw4mgk FMkzpAg31VhpXtN87cEEUwjnTrAqh2MIYW9jFVnqsit51wxhZ4pb/V6th3+6hmdP cVgSIgQiIs6L71RxAM5QNVh2lQjuarGiAdUCAwEAAaOCAXYwggFyMBIGCSsGAQQB gjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFPjBa7d/d1NK8yU3HU6hJnsPIHCA MB0GA1UdDgQWBBQTrb9DCb2CcJyM1U8xbtUimIob1DAZBgkrBgEEAYI3FAIEDB4K AFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME GDAWgBRFZlJD4X5YEb/WTp4jVQg7OiJqqDBcBgNVHR8EVTBTMFGgT6BNhktodHRw Oi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNDb3JUaGlQ YXJNYXJSb29fMjAxMC0xMC0wNS5jcmwwYAYIKwYBBQUHAQEEVDBSMFAGCCsGAQUF BzAChkRodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY0NvclRo aVBhck1hclJvb18yMDEwLTEwLTA1LmNydDANBgkqhkiG9w0BAQsFAAOCAgEANQhC /zDMzvd2DK0QaFg1KUYydid87xJBJ0IbSqptgThIWRNV8+lYNKYWC4KqXa2C2oCD QQaPtB3yA7nzGl0b8VCQ+bNVhEIoHCC9sq5RFMXArJeVIRyQ2w/8d56Vc5GIyr29 UrkFUA3fV56gYe0N5W0l2UAPF0DIzqNKwk2vmhIdCFSPvce8uSs9SSsfMvxqIWlP m8h+QjT8NgYXi48gQMCzmiV1J83JA6P2XdHnNlR6uVC10xLRB7+7dN/cHo+A1e0Y 9C8UFmsv3maMsCPlx4TY7erBM4KtVksYLfFolQfNz/By8K673YaFmCwhTDMr8A9K 8GiHtZJVMnWhaoJqPKMlEaTtrdcErsvYQFmghNGVTGKRIhp0HYw9Rw5EpuSwmzQ1 sfq2U6gsgeykBXHInbi66BtEZuRHVA6OVn+znxaYsobQaD6QI7UvXo9QhY3GjYJf QaH0Lg3gmdJsdeS2abUhhvoH0fbiTdHarSx3Ux4lMjfHbFJylYaw8TVhahn1sjuB UFamMi3+oon5QoYnGFWhgspam/gwmFQUpkeWJS/IJuRBlBpcAj/lluOFWzw+P7tH FnJV4iUisdl75wMGKqP3HpBGwwAN1hmJ4w41J2IDcRWm79AnoKBZN2D4OJS44Hhw +LpMhoeU9uCuAkXuZcK2o35pFnUHkpv1prxZg1gxghWZMIIVlQIBATCBmTCBgTEL MAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1v bmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMiTWlj cm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMQITMwAAADgHaPPBgpJ3JAAB AAAAODANBglghkgBZQMEAgEFAKCB3DAZBgkqhkiG9w0BCQMxDAYKKwYBBAGCNwIB BDAcBgorBgEEAYI3AgELMQ4wDAYKKwYBBAGCNwIBFTAvBgkqhkiG9w0BCQQxIgQg iOz0cDx/prQlDkkSwqGZ+6dMZCSW1yjJ58QYmHdnoTUwcAYKKwYBBAGCNwIBDDFi MGCgMoAwAFMAVQBTAEUAIABMAGkAbgB1AHgAIABQAHIAbwBkAHUAYwB0AHMAIABH AG0AYgBIoSqAKGh0dHBzOi8vd3d3Lm1pY3Jvc29mdC5jb20vZW4tdXMvd2luZG93 cyAwDQYJKoZIhvcNAQEBBQAEggEAFww+AGBg9zP7Yy9PE8xVldGmNTeLiodrHRMQ KQ5xee9acyyQ14OX+SmRK/Et5xZOmAWcThwze8dhWw8828Rl0rk11DGPjcI3yvxT bZ6kC+IWvSbdMcVNjsSzvWPuV2fk0n+Gar0WtyevCcfF4mjGdycHTlu79XFHWJA1 HKAR15MKJgBLdEOSC7KMXhAtd+x4cYHw6q4ERhNsYlb0lQl0WGagTN3jSxL6BKpU e3b6qc8LKARWBskLQwChR4iXae1rxyVapzlaxd/1ARLfnwqQ8mdn5DBDJBMT8kmG 52eLHD4xWEG8vSk5po4Tvv3oXd36kb5zaveBpYjeMbe0R+l3z6GCEvEwghLtBgor BgEEAYI3AwMBMYIS3TCCEtkGCSqGSIb3DQEHAqCCEsowghLGAgEDMQ8wDQYJYIZI AWUDBAIBBQAwggFVBgsqhkiG9w0BCRABBKCCAUQEggFAMIIBPAIBAQYKKwYBBAGE WQoDATAxMA0GCWCGSAFlAwQCAQUABCDnp0m6Gp85jNi3+6XFl+PYlqGdnRnuUIz7 66oguVUesgIGXxcQeogEGBMyMDIwMDczMDIwMTEzMi4xODNaMASAAgH0oIHUpIHR MIHOMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQL EyBNaWNyb3NvZnQgT3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhh bGVzIFRTUyBFU046QzRCRC1FMzdGLTVGRkMxJTAjBgNVBAMTHE1pY3Jvc29mdCBU aW1lLVN0YW1wIFNlcnZpY2Wggg5EMIIE9TCCA92gAwIBAgITMwAAASM4sOSt2FqQ nQAAAAABIzANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMK V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0Eg MjAxMDAeFw0xOTEyMTkwMTE0NTZaFw0yMTAzMTcwMTE0NTZaMIHOMQswCQYDVQQG EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3NvZnQg T3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046 QzRCRC1FMzdGLTVGRkMxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNl cnZpY2UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCdvNDJsGSl3AEu 8dmbwOEzjgs8Put17PVCxlrXWQzd1ZfmhkBLDMBKyJIM0ItH0ztLDg/Td4TtR2k1 h6EvNDf0G+qC0dlgmZL/1TOFhZ04Tr98gOc0rfr7ijcK4xBxQtI5TAwiamlO0rel iW5f5AD+bIDNKraRBEIcbVWn/CKFeZavL4DCTa99DuK6i2BIv2GVkGWMEBwIlTLp wmKSYnHJzTjUUXYNg908rttnhCcD0D+g5HhIqDMvXoTJga5IwA1ToEFfk+Joq/oQ CXiDcrKbOsIETuao7lefo73MzUGtVpu48bKgb9OBgpSKeTR7610JmfZqWXY9648R bmWyo3dxAgMBAAGjggEbMIIBFzAdBgNVHQ4EFgQUgdRsFIDTjRv5EcKwaN4ZFfgM nh4wHwYDVR0jBBgwFoAU1WM6XIoxkPNDe3xGG8UzaFqFbVUwVgYDVR0fBE8wTTBL oEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMv TWljVGltU3RhUENBXzIwMTAtMDctMDEuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggr BgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNU aW1TdGFQQ0FfMjAxMC0wNy0wMS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAK BggrBgEFBQcDCDANBgkqhkiG9w0BAQsFAAOCAQEAW+UBt6pX6Fuq9VeJU/pDvC1M xd9kt31H4J/0tUEAT8zkbP+ro49PcrR1jQ3znsMJEsmtX/EvXvgW515Jx+Zd0ep0 tgZEUwDbU5l8bzC0wsr3mHvyUCH6LPmd4idG9ahw0pxI+kJnX9TMpqzwJOY8YcYY ol5cCC1I7x+esu6yx8StMJ7B9dhDvTJ5GkjVyTQpkpn4FBJAzc7udwt/ZelzUQD2 rs9v1rJSFGXF9zQwjIL+YWYtp4XffR8cmiSbHJ9X/IWVwPvn9RzW6vG3ZIdzmIEZ za+0HZzvhrr7bt3chqmHUDDBj5wLeC+xMPcpI8tFKM+uP69Em0CEWLcuXjPTNzCC BnEwggRZoAMCAQICCmEJgSoAAAAAAAIwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29m dCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTEwMDcwMTIxMzY1 NVoXDTI1MDcwMTIxNDY1NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hp bmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jw b3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAw ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpHQ28dxGKOiDs/BOX9fp/ aZRrdFQQ1aUKAIKF++18aEssX8XD5WHCdrc+Zitb8BVTJwQxH0EbGpUdzgkTjnxh MFmxMEQP8WCIhFRDDNdNuDgIs0Ldk6zWczBXJoKjRQ3Q6vVHgc2/JGAyWGBG8lhH hjKEHnRhZ5FfgVSxz5NMksHEpl3RYRNuKMYa+YaAu99h/EbBJx0kZxJyGiGKr0tk iVBisV39dx898Fd1rL2KQk1AUdEPnAY+Z3/1ZsADlkR+79BL/W7lmsqxqPJ6Kgox 8NpOBpG2iAg16HgcsOmZzTznL0S6p/TcZL2kAcEgCZN4zfy8wMlEXV4WnAEFTyJN AgMBAAGjggHmMIIB4jAQBgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQU1WM6XIox kPNDe3xGG8UzaFqFbVUwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0P BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9 lJBb186aGMQwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQu Y29tL3BraS9jcmwvcHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3Js MFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3Nv ZnQuY29tL3BraS9jZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwgaAG A1UdIAEB/wSBlTCBkjCBjwYJKwYBBAGCNy4DMIGBMD0GCCsGAQUFBwIBFjFodHRw Oi8vd3d3Lm1pY3Jvc29mdC5jb20vUEtJL2RvY3MvQ1BTL2RlZmF1bHQuaHRtMEAG CCsGAQUFBwICMDQeMiAdAEwAZQBnAGEAbABfAFAAbwBsAGkAYwB5AF8AUwB0AGEA dABlAG0AZQBuAHQALiAdMA0GCSqGSIb3DQEBCwUAA4ICAQAH5ohRDeLG4Jg/gXED PZ2joSFvs+umzPUxvs8F4qn++ldtGTCzwsVmyWrf9efweL3HqJ4l4/m87WtUVwgr UYJEEvu5U4zM9GASinbMQEBBm9xcF/9c+V4XNZgkVkt070IQyK+/f8Z/8jd9Wj8c 8pl5SpFSAK84Dxf1L3mBZdmptWvkx872ynoAb0swRCQiPM/tA6WWj1kpvLb9BOFw nzJKJ/1Vry/+tuWOM7tiX5rbV0Dp8c6ZZpCM/2pif93FSguRJuI57BlKcWOdeyFt w5yjojz6f32WapB4pm3S4Zz5Hfw42JT0xqUKloakvZ4argRCg7i1gJsiOCC1JeVk 7Pf0v35jWSUPei45V3aicaoGig+JFrphpxHLmtgOR5qAxdDNp9DvfYPw4TtxCd9d dJgiCGHasFAeb73x4QDf5zEHpJM692VHeOj4qEir995yfmFrb3epgcunCaw5u+zG y9iCtHLNHfS4hQEegPsbiSpUObJb2sgNVZl6h3M7COaYLeqN4DMuEin1wC9UJyH3 yKxO2ii4sanblrKnQqLJzxlBTeCG+SqaoxFmMNO7dDJL32N79ZmKLxvHIa9Zta7c RDyXUHHXodLFVeNp3lfB0d4wwP3M5k37Db9dT+mdHhk4L7zPWAUu7w2gUDXa7wkn HNWzfjUeCLraNtvTX4/edIhJEqGCAtIwggI7AgEBMIH8oYHUpIHRMIHOMQswCQYD VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSkwJwYDVQQLEyBNaWNyb3Nv ZnQgT3BlcmF0aW9ucyBQdWVydG8gUmljbzEmMCQGA1UECxMdVGhhbGVzIFRTUyBF U046QzRCRC1FMzdGLTVGRkMxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1w IFNlcnZpY2WiIwoBATAHBgUrDgMCGgMVALoXZo3g4p4Xwu4MNSgQnjP7+1eBoIGD MIGApH4wfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwDQYJKoZIhvcNAQEF BQACBQDizWwqMCIYDzIwMjAwNzMwMTk1NjI2WhgPMjAyMDA3MzExOTU2MjZaMHcw PQYKKwYBBAGEWQoEATEvMC0wCgIFAOLNbCoCAQAwCgIBAAICIwcCAf8wBwIBAAIC EJ8wCgIFAOLOvaoCAQAwNgYKKwYBBAGEWQoEAjEoMCYwDAYKKwYBBAGEWQoDAqAK MAgCAQACAwehIKEKMAgCAQACAwGGoDANBgkqhkiG9w0BAQUFAAOBgQBIx+XUDLw/ bUbclab0tWWRb8Ukbsl2Sd3YBf6zr8VGExBCanphwdLmiI3bCKUuH9G/jdHi5WIL psCIv6VH2T6bdeDGlzb5wscXzWcsdYTlawr6sravdQa3W6A2KvG1IYltFiWZSgJG jE3IjC1oCdqVGrphhAVezG5O5ZTukUjNoTGCAw0wggMJAgEBMIGTMHwxCzAJBgNV BAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4w HAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jvc29m dCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAABIziw5K3YWpCdAAAAAAEjMA0GCWCG SAFlAwQCAQUAoIIBSjAaBgkqhkiG9w0BCQMxDQYLKoZIhvcNAQkQAQQwLwYJKoZI hvcNAQkEMSIEIL4dYLhC7mXmDydlRqnugjBt2GcgSi3yOoW70+CoaR8AMIH6Bgsq hkiG9w0BCRACLzGB6jCB5zCB5DCBvQQgEZozgz/7RMzEDaOjrMSkAAy/KcCiZDOW J1yq6vsVgbMwgZgwgYCkfjB8MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGlu Z3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBv cmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGltZS1TdGFtcCBQQ0EgMjAxMAIT MwAAASM4sOSt2FqQnQAAAAABIzAiBCBfuRgdnySv61pNMlDeS68/+shdmtIxqXMr cVR1ETd4szANBgkqhkiG9w0BAQsFAASCAQBiZpUPFsONIt2Rj1MRnOnGRkWQnPHf KKE2dAuxSRCaL83GWfDh2NgqT26JnFbA0JjnqlNzaabi00JxChh3XGedQ/ZpVqmE O3EPp/b38Q78iriZgxl2QFAPZd4eaT6xrRQ1POL7GdZ9jgbBZ778eT44OdVNpfRT gNo8AS+8JOwSo8ZzK1mfyg09WYVCr3HhjRMpfWlB2SejSgg2w4Obdq/WauP7oXOL t2EuIaq0oF3+PIbgm0xaCBKtscsXTgdBdssN+jVWxUA+4ayVVjg6VuKs6fpSBsQB WBxu434HBGDx9aitPUXzK3XBi2UiWG1mbhCfZv7oYlBVRNmP3riUvks8AAAAAAAA -----END AUTHENTICODE SIGNATURE----- ++++++ signature-sles.aarch64.asc ++++++ hash: f31fd461c5e99510403fc97c1da2d8a9cbe270597d32badf8fd66b77495f8d94 # 2069-04-10 06:07:54 timestamp: babababa checksum: 61c9 -----BEGIN AUTHENTICODE SIGNATURE----- MIIh9AYJKoZIhvcNAQcCoIIh5TCCIeECAQExDzANBglghkgBZQMEAgEFADBcBgor BgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgB ZQMEAgEFAAQg8x/UYcXplRBAP8l8HaLYqcvicFl9Mrrfj9Zrd0lfjZSgggs8MIIF JDCCBAygAwIBAgITMwAAAApmQvP0n7c3lgABAAAACjANBgkqhkiG9w0BAQsFADCB gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTAeFw0xMzA5MjQxNzU0 MDNaFw0xNDEyMjQxNzU0MDNaMIGVMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv cnBvcmF0aW9uMQ0wCwYDVQQLEwRNT1BSMTAwLgYDVQQDEydNaWNyb3NvZnQgV2lu ZG93cyBVRUZJIERyaXZlciBQdWJsaXNoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCc2PZRP3t6i2DCLSAuWrFHZKfyD98yckc9yxqqqJACgekdZi4s ZEN1vYcVfiUhW4hFpdH3kcPah7wf+uqgyQa1hb/9AzDH63JYfaHLWA+Jx0leY0cG CsIFviaUHrCEgxhkeXdrGfHroDcWArv2yBBvj+zvePVE9/VpDoBK+2nAFxz0oG23 BzE5duVpHIZn96fNyoDKYvCf649VqjM+O5/b5jlDylkMWAIVTvWqE0r/7YnC1Vcc cgJDQk8IaIWSepRsjrvvf8C8uG3ZSxVjQeuPz7ETAryJIWvYdz240MzVAJD7SazH SbVJm1LPHfS2FEpx3uUNOuo3IJrrxqeals8FAgMBAAGjggF9MIIBeTAfBgNVHSUE GDAWBggrBgEFBQcDAwYKKwYBBAGCN1ACATAdBgNVHQ4EFgQU6t49RpSALGo0XSnP ixuEhp5y0NEwUQYDVR0RBEowSKRGMEQxDTALBgNVBAsTBE1PUFIxMzAxBgNVBAUT KjMxNjE5KzAxMjU1ZjQ2LTc0ZjUtNGZjNC1iYzcxLWU0ZGE5NzM2YmVlZTAfBgNV HSMEGDAWgBQTrb9DCb2CcJyM1U8xbtUimIob1DBTBgNVHR8ETDBKMEigRqBEhkJo dHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNDb3JVRUZDQTIw MTFfMjAxMS0wNi0yNy5jcmwwYAYIKwYBBQUHAQEEVDBSMFAGCCsGAQUFBzAChkRo dHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRzL01pY0NvclVFRkNB MjAxMV8yMDExLTA2LTI3LmNydDAMBgNVHRMBAf8EAjAAMA0GCSqGSIb3DQEBCwUA A4IBAQAqJ9a9LzTGipmJ7IVkSf5JNK1cBhXsWBlmQ5kFNzeoa+RskUuUeM45NTS3 We7F628BW3BrhT8dK+Uf6YB7F46qng+VWNal2RPFjHSSy60QartzlUJoAaQvNjhC 5gv3LQRmaIZdtdjOLJAclnMETQWrt0wXGsGYwPk3a7kYXsdSO7U+bSwRRkL/v74g 78bCVxwgBhWctw/yxCjpl/bOg79XrZpHxH3szpgwz4YaFWRxxiYAoCYLROKeqObj PEB8BG83vkpG3K84wBiyT5ab63FtjnbOvD0dGRNO1vIWzC41eEi0mYGW69cya8o+ Ot4bqI6YYSpWmkah9FhW9OLfoCpdMIIGEDCCA/igAwIBAgIKYQjTxAAAAAAABDAN BgkqhkiG9w0BAQsFADCBkTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0 b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3Jh dGlvbjE7MDkGA1UEAxMyTWljcm9zb2Z0IENvcnBvcmF0aW9uIFRoaXJkIFBhcnR5 IE1hcmtldHBsYWNlIFJvb3QwHhcNMTEwNjI3MjEyMjQ1WhcNMjYwNjI3MjEzMjQ1 WjCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcT B1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UE AxMiTWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTCCASIwDQYJKoZI hvcNAQEBBQADggEPADCCAQoCggEBAKUIbEzHRQlqSwykwId/BnUMQwFUZOAWfwft kn0LsnO/DArGSkVhoMUWLZbT9Sug+01Jm0GAkDy5VP3mvNGdxKQYin9BilxZg2gy u4xHye5xvCFPmop8/0Q/jY8ysiZIrnW17slMHkoZfuSCmh14d00MsL32D9MW07z6 K6VROF31+7rbeALb/+wKG5bVg7gZE+m2wHtAe+EfKCfJ+u9WXhzmfpR+wPBEsnk5 5dqyYotNvzhw4mgkFMkzpAg31VhpXtN87cEEUwjnTrAqh2MIYW9jFVnqsit51wxh Z4pb/V6th3+6hmdPcVgSIgQiIs6L71RxAM5QNVh2lQjuarGiAdUCAwEAAaOCAXYw ggFyMBIGCSsGAQQBgjcVAQQFAgMBAAEwIwYJKwYBBAGCNxUCBBYEFPjBa7d/d1NK 8yU3HU6hJnsPIHCAMB0GA1UdDgQWBBQTrb9DCb2CcJyM1U8xbtUimIob1DAZBgkr BgEEAYI3FAIEDB4KAFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw AwEB/zAfBgNVHSMEGDAWgBRFZlJD4X5YEb/WTp4jVQg7OiJqqDBcBgNVHR8EVTBT MFGgT6BNhktodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0 cy9NaWNDb3JUaGlQYXJNYXJSb29fMjAxMC0xMC0wNS5jcmwwYAYIKwYBBQUHAQEE VDBSMFAGCCsGAQUFBzAChkRodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2Nl cnRzL01pY0NvclRoaVBhck1hclJvb18yMDEwLTEwLTA1LmNydDANBgkqhkiG9w0B AQsFAAOCAgEANQhC/zDMzvd2DK0QaFg1KUYydid87xJBJ0IbSqptgThIWRNV8+lY NKYWC4KqXa2C2oCDQQaPtB3yA7nzGl0b8VCQ+bNVhEIoHCC9sq5RFMXArJeVIRyQ 2w/8d56Vc5GIyr29UrkFUA3fV56gYe0N5W0l2UAPF0DIzqNKwk2vmhIdCFSPvce8 uSs9SSsfMvxqIWlPm8h+QjT8NgYXi48gQMCzmiV1J83JA6P2XdHnNlR6uVC10xLR B7+7dN/cHo+A1e0Y9C8UFmsv3maMsCPlx4TY7erBM4KtVksYLfFolQfNz/By8K67 3YaFmCwhTDMr8A9K8GiHtZJVMnWhaoJqPKMlEaTtrdcErsvYQFmghNGVTGKRIhp0 HYw9Rw5EpuSwmzQ1sfq2U6gsgeykBXHInbi66BtEZuRHVA6OVn+znxaYsobQaD6Q I7UvXo9QhY3GjYJfQaH0Lg3gmdJsdeS2abUhhvoH0fbiTdHarSx3Ux4lMjfHbFJy lYaw8TVhahn1sjuBUFamMi3+oon5QoYnGFWhgspam/gwmFQUpkeWJS/IJuRBlBpc Aj/lluOFWzw+P7tHFnJV4iUisdl75wMGKqP3HpBGwwAN1hmJ4w41J2IDcRWm79An oKBZN2D4OJS44Hhw+LpMhoeU9uCuAkXuZcK2o35pFnUHkpv1prxZg1gxghYrMIIW JwIBATCBmTCBgTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO BgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEr MCkGA1UEAxMiTWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMQITMwAA AApmQvP0n7c3lgABAAAACjANBglghkgBZQMEAgEFAKCCAREwGQYJKoZIhvcNAQkD MQwGCisGAQQBgjcCAQQwHAYKKwYBBAGCNwIBCzEOMAwGCisGAQQBgjcCARUwLwYJ KoZIhvcNAQkEMSIEIJrzMZcr8o7z/mk2WCbI8fEz7nZbYeVPQtJjL0exXBCxMIGk BgorBgEEAYI3AgEMMYGVMIGSoF6AXABoAHQAdABwADoALwAvAHcAdwB3AC4AbQBp AGMAcgBvAHMAbwBmAHQALgBjAG8AbQAvAHcAaABkAGMALwBoAGMAbAAvAGQAZQBm AGEAdQBsAHQALgBtAHMAcAB4oTCALmh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS93 aGRjL2hjbC9kZWZhdWx0Lm1zcHgwDQYJKoZIhvcNAQEBBQAEggEAjHDQORfm8d8T eyJMiPDMRPFiO/aBL7UtF4rtDUeYi+c9UU6KDVXHi19Z9DNt3pkRRm4DxFVdDPXU P1TFD8HWbQPQ7YGGRjDOv1BwxZ+5F6xmNgoxUh0khKisi3l0LPq6Zauee7ebgly3 6A6GQSKlaXH7MXxMsgbvGFdXAQs/KVMb3xzuttby/jcQ9lxoMr4SVcM6Vu6fFZ24 DWhHFtONzHFSvJ3Sf10d8teTvikrIaXg7pzNU+T7+sMXsiyhVhWiFFFtetaaxtT4 vcKDuGHNP797WM1YYxZz+2sMbWyi81h+We6ReHn0V+UUW4b7i4yh0p2Vy3xPrzb6 TgGQIyi536GCE00wghNJBgorBgEEAYI3AwMBMYITOTCCEzUGCSqGSIb3DQEHAqCC EyYwghMiAgEDMQ8wDQYJYIZIAWUDBAIBBQAwggE9BgsqhkiG9w0BCRABBKCCASwE ggEoMIIBJAIBAQYKKwYBBAGEWQoDATAxMA0GCWCGSAFlAwQCAQUABCAqAR+tIZOx IQiET4LQ+OsCmH0VlrTUkAPePwl/JtC8pAIGUt6TDOrUGBMyMDE0MDIyNzAxMDcz My43NzNaMAcCAQGAAgH0oIG5pIG2MIGzMQswCQYDVQQGEwJVUzETMBEGA1UECBMK V2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0 IENvcnBvcmF0aW9uMQ0wCwYDVQQLEwRNT1BSMScwJQYDVQQLEx5uQ2lwaGVyIERT RSBFU046QzBGNC0zMDg2LURFRjgxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0 YW1wIFNlcnZpY2Wggg7QMIIGcTCCBFmgAwIBAgIKYQmBKgAAAAAAAjANBgkqhkiG 9w0BAQsFADCBiDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAO BgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEy MDAGA1UEAxMpTWljcm9zb2Z0IFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5IDIw MTAwHhcNMTAwNzAxMjEzNjU1WhcNMjUwNzAxMjE0NjU1WjB8MQswCQYDVQQGEwJV UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQgVGlt ZS1TdGFtcCBQQ0EgMjAxMDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB AKkdDbx3EYo6IOz8E5f1+n9plGt0VBDVpQoAgoX77XxoSyxfxcPlYcJ2tz5mK1vw FVMnBDEfQRsalR3OCROOfGEwWbEwRA/xYIiEVEMM1024OAizQt2TrNZzMFcmgqNF DdDq9UeBzb8kYDJYYEbyWEeGMoQedGFnkV+BVLHPk0ySwcSmXdFhE24oxhr5hoC7 32H8RsEnHSRnEnIaIYqvS2SJUGKxXf13Hz3wV3WsvYpCTUBR0Q+cBj5nf/VmwAOW RH7v0Ev9buWayrGo8noqCjHw2k4GkbaICDXoeByw6ZnNPOcvRLqn9NxkvaQBwSAJ k3jN/LzAyURdXhacAQVPIk0CAwEAAaOCAeYwggHiMBAGCSsGAQQBgjcVAQQDAgEA MB0GA1UdDgQWBBTVYzpcijGQ80N7fEYbxTNoWoVtVTAZBgkrBgEEAYI3FAIEDB4K AFMAdQBiAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSME GDAWgBTV9lbLj+iiXGJo0T2UkFvXzpoYxDBWBgNVHR8ETzBNMEugSaBHhkVodHRw Oi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpL2NybC9wcm9kdWN0cy9NaWNSb29DZXJB dXRfMjAxMC0wNi0yMy5jcmwwWgYIKwYBBQUHAQEETjBMMEoGCCsGAQUFBzAChj5o dHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpL2NlcnRzL01pY1Jvb0NlckF1dF8y MDEwLTA2LTIzLmNydDCBoAYDVR0gAQH/BIGVMIGSMIGPBgkrBgEEAYI3LgMwgYEw PQYIKwYBBQUHAgEWMWh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9QS0kvZG9jcy9D UFMvZGVmYXVsdC5odG0wQAYIKwYBBQUHAgIwNB4yIB0ATABlAGcAYQBsAF8AUABv AGwAaQBjAHkAXwBTAHQAYQB0AGUAbQBlAG4AdAAuIB0wDQYJKoZIhvcNAQELBQAD ggIBAAfmiFEN4sbgmD+BcQM9naOhIW+z66bM9TG+zwXiqf76V20ZMLPCxWbJat/1 5/B4vceoniXj+bzta1RXCCtRgkQS+7lTjMz0YBKKdsxAQEGb3FwX/1z5Xhc1mCRW S3TvQhDIr79/xn/yN31aPxzymXlKkVIArzgPF/UveYFl2am1a+THzvbKegBvSzBE JCI8z+0DpZaPWSm8tv0E4XCfMkon/VWvL/625Y4zu2JfmttXQOnxzplmkIz/amJ/ 3cVKC5Em4jnsGUpxY517IW3DnKOiPPp/fZZqkHimbdLhnPkd/DjYlPTGpQqWhqS9 nhquBEKDuLWAmyI4ILUl5WTs9/S/fmNZJQ96LjlXdqJxqgaKD4kWumGnEcua2A5H moDF0M2n0O99g/DhO3EJ3110mCIIYdqwUB5vvfHhAN/nMQekkzr3ZUd46PioSKv3 3nJ+YWtvd6mBy6cJrDm77MbL2IK0cs0d9LiFAR6A+xuJKlQ5slvayA1VmXqHczsI 5pgt6o3gMy4SKfXAL1QnIffIrE7aKLixqduWsqdCosnPGUFN4Ib5KpqjEWYw07t0 MkvfY3v1mYovG8chr1m1rtxEPJdQcdeh0sVV42neV8HR3jDA/czmTfsNv11P6Z0e GTgvvM9YBS7vDaBQNdrvCScc1bN+NR4Iuto229Nfj950iEkSMIIE2jCCA8KgAwIB AgITMwAAACiQZ7kEsDxuZgAAAAAAKDANBgkqhkiG9w0BAQsFADB8MQswCQYDVQQG EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQg VGltZS1TdGFtcCBQQ0EgMjAxMDAeFw0xMzAzMjcyMDEzMTNaFw0xNDA2MjcyMDEz MTNaMIGzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UE BxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMQ0wCwYD VQQLEwRNT1BSMScwJQYDVQQLEx5uQ2lwaGVyIERTRSBFU046QzBGNC0zMDg2LURF RjgxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDdpUi/akidSiGckmve4C3c5GP4zLmJ xMcbvee10/vtrs8x/vNmsEQD2plnCFq/dQYiEYnQZ1LM+s+SN0Xo+vG9M9PMc+O4 IaSgFX3LL8QDBdo/lnPTWeWYTQtWhi+dR9HWX52R6ceE2ZVrMky0awBS4EHTPGl0 qM7MfWidUlXmcH8UB6KeZ7CGRPMzP3Ndxij4F19SAS1EL9bteAi45TsvwLnDS8O3 Oy/TprWcsUhK3TIJVqEbS1rTqiYnDBJDYMVq19pADWCYiUG7k3Pdv/7EjFvO+lUn yk1Nmm99EWyxRyOwTHxsfwahdIIfUngY6QYaFlCawzrdgYH3mydyIX91AgMBAAGj ggEbMIIBFzAdBgNVHQ4EFgQU3JgInXnRBLKLR8Nx0Izns+awU50wHwYDVR0jBBgw FoAU1WM6XIoxkPNDe3xGG8UzaFqFbVUwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDov L2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljVGltU3RhUENB XzIwMTAtMDctMDEuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0 cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNUaW1TdGFQQ0FfMjAx MC0wNy0wMS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDCDAN BgkqhkiG9w0BAQsFAAOCAQEAgiLztz1kfhJL/Cb84OS30MQUTgn+q1aa0VqYpr6M QR6UtDK+hLS3RXbj72AYJIeoz+m00VQpvMrkyxJ7wPHUDp8xMxsRP3o73d0CqhjK yjz6luNsu6+7yYQ+x9gMhctyCwEbpPUxERAMRaVaSJl+2r5Fhte6TeSB/9NYCnZl Blkv9sJCzwTJqxv6YZ3185hJcLFJ0GTEIejuYBdTfusC2miVi/UKPAHbo7WYFFF0 nlPp2nKYZqBfKc+Prx+CnNPr5vFMG1T46DLcwRXDrCpudAUWg+NEmJ/L7+gweX+v UqU6H99lx43+J9hHGZIItIs0jmknNxoC9pGzlSL/CEgq/qGCA3kwggJhAgEBMIHj oYG5pIG2MIGzMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4G A1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMQ0w CwYDVQQLEwRNT1BSMScwJQYDVQQLEx5uQ2lwaGVyIERTRSBFU046QzBGNC0zMDg2 LURFRjgxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2WiJQoB ATAJBgUrDgMCGgUAAxUA8120HsdfO2ZOZQ7emART9hWnH0SggcIwgb+kgbwwgbkx CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xDTALBgNVBAsTBE1P UFIxJzAlBgNVBAsTHm5DaXBoZXIgTlRTIEVTTjpCMDI3LUM2RjgtMUQ4ODErMCkG A1UEAxMiTWljcm9zb2Z0IFRpbWUgU291cmNlIE1hc3RlciBDbG9jazANBgkqhkiG 9w0BAQUFAAIFANa4+LowIhgPMjAxNDAyMjYyMzM1MjJaGA8yMDE0MDIyNzIzMzUy MlowdzA9BgorBgEEAYRZCgQBMS8wLTAKAgUA1rj4ugIBADAKAgEAAgIM/AIB/zAH AgEAAgIV3zAKAgUA1rpKOgIBADA2BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZ CgMBoAowCAIBAAIDFuNgoQowCAIBAAIDB6EgMA0GCSqGSIb3DQEBBQUAA4IBAQBm lwBgKM7WFYZn7KoOxHuc0HCwn9KJ7P2+V1ixjuYcd9TJPbpom+P6TqrtdVyqC1qN P1ika8uTrueq+WIyDkpbBeRjgRPxywB8p6swJXn3a8FQJlYM8wZlX6k4DXOQ5a1I 8Df1MoZedlnFIJFCuailsPek9CZSuawhHvQu6tutrNrCtOJpHGwP/g7QhqDby6MU 9W08fcBbMQ+Q+NN9R+O5914iiyXTxNYply2O6zmRRXVV8Os49n6MAdLMQwlW/Hjf Qx9xsPgmOpnwA3IVmPCEtJnHbNPnmX23cB3zQ5HQ8Rgzh4a2iGFTUKVLQzP2XbJI GAt0fd2U/pFkRHTpexsrMYIC9TCCAvECAQEwgZMwfDELMAkGA1UEBhMCVVMxEzAR BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p Y3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3Rh bXAgUENBIDIwMTACEzMAAAAokGe5BLA8bmYAAAAAACgwDQYJYIZIAWUDBAIBBQCg ggEyMBoGCSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQg igCH0fhbYKLF4fSmxZObvVlmifs8MaWR0dGzScGuExwwgeIGCyqGSIb3DQEJEAIM MYHSMIHPMIHMMIGxBBTzXbQex187Zk5lDt6YBFP2FacfRDCBmDCBgKR+MHwxCzAJ BgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25k MR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMTHU1pY3Jv c29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAAKJBnuQSwPG5mAAAAAAAoMBYE FP/tXYkB9TLyFTNFAIYorcmDMtYiMA0GCSqGSIb3DQEBCwUABIIBABg8AdKpFO37 Mdc4SKY28D2Sff2uoRuCoLxMZPhC7rR14gC1sXKSBHIoNyMBR32mYJnJsTAgJRwT YTEmsHYl6l37/tkLAsRS21lt+YuynR9/fdGlwvqxc41HkUHdcTRjvsetVZ7v2HSz vpCBje4TsAaxblVCsyXiH94CyMR3Aq6brcoG+QJKh14NFLLLIxN2melZYivfcAJR ES78bXBRGa6hPqsvOIZ6USSC1rAwHodonNcp4Xb1QMPoXKcMPyUAYdzz0q673Mec hsP7HKqhezXDmpGe6Hg4RrO/In7qyRok6LZ4DH5hsp6dp0Omcgqm3kmcqTTNmtF6 0JelOr7e+os= -----END AUTHENTICODE SIGNATURE----- ++++++ signature-sles.x86_64.asc ++++++ hash: 06eb5badd26e4fae65f9a42358deef7c18e52cc05fbb7fc76776e69d1b982a14 # 1970-01-01 00:00:00 timestamp: 0 checksum: f349 -----BEGIN AUTHENTICODE SIGNATURE----- MIIhRgYJKoZIhvcNAQcCoIIhNzCCITMCAQExDzANBglghkgBZQMEAgEFADBcBgor BgEEAYI3AgEEoE4wTDAXBgorBgEEAYI3AgEPMAkDAQCgBKICgAAwMTANBglghkgB ZQMEAgEFAAQgButbrdJuT65l+aQjWN7vfBjlLMBfu3/HZ3bmnRuYKhSgggssMIIF FDCCA/ygAwIBAgITMwAAACtLebNpTRIRhwABAAAAKzANBgkqhkiG9w0BAQsFADCB gTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1Jl ZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjErMCkGA1UEAxMi TWljcm9zb2Z0IENvcnBvcmF0aW9uIFVFRkkgQ0EgMjAxMTAeFw0xODA3MDMyMDUz MDFaFw0xOTA3MjYyMDUzMDFaMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2Fz aGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENv cnBvcmF0aW9uMTAwLgYDVQQDEydNaWNyb3NvZnQgV2luZG93cyBVRUZJIERyaXZl ciBQdWJsaXNoZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvdKwb /nA6xOyJrEv4ooawjt0TKaVPYqrgbJYSJvc3KVdEhVlG+ruFyDOE+gNrAFwWd2n/ kr6WRjgiAi3YZxN6f88IxpBORWRWxQH1PRHO1/DbWxuvkDNDo004C36x/+P2KegW 6XtLaC+bGMOkz3Gr5aupL3mFCwYZ9BT1OeVXzCvgW56IWjnZdsLjMmWSqCaSweOP mUORFMbxb9HqNMk2bNXCeHGN/vJOTqrRFB5TzM8d7myYzCy3I71Zznp5edhJ17Pc Cff1sTevAsG6u5yvseFWvhuN4xqjYh9iCPpeeJPZF5kL2Id5WvbYoXdlK1Mae6tn hlIT/anAvqUySWFFAgMBAAGjggF8MIIBeDAfBgNVHSUEGDAWBgorBgEEAYI3UAIB BggrBgEFBQcDAzAdBgNVHQ4EFgQUXcTMqyC8vQlKJsRMb8/AmZ5aD3swUAYDVR0R BEkwR6RFMEMxKTAnBgNVBAsTIE1pY3Jvc29mdCBPcGVyYXRpb25zIFB1ZXJ0byBS aWNvMRYwFAYDVQQFEw0yMjk5MTErNDM3OTU2MB8GA1UdIwQYMBaAFBOtv0MJvYJw nIzVTzFu1SKYihvUMFMGA1UdHwRMMEowSKBGoESGQmh0dHA6Ly93d3cubWljcm9z b2Z0LmNvbS9wa2lvcHMvY3JsL01pY0NvclVFRkNBMjAxMV8yMDExLTA2LTI3LmNy bDBgBggrBgEFBQcBAQRUMFIwUAYIKwYBBQUHMAKGRGh0dHA6Ly93d3cubWljcm9z b2Z0LmNvbS9wa2lvcHMvY2VydHMvTWljQ29yVUVGQ0EyMDExXzIwMTEtMDYtMjcu Y3J0MAwGA1UdEwEB/wQCMAAwDQYJKoZIhvcNAQELBQADggEBAFS3cfPO8qOb7UpD WJ2QTBYr5/gbGU8Chzt00ByoiVUzMJZL5T/dX3bTRtIp4mpcjlOF5Lsxb/wHMXu+ nh61jCa2m3k8SIAaZ8da6REOaw1XBOGU8BSFR4rQiU6nvf0FOlS8TXF5uRApC9Mg BuHT5nDmLJAfz2iPWDHRRd3ErMgnwu3mpv72ElNM30U8D8oxXhx8bZ8adBjt3VOZ ZlfgsMrMqu5eV8VLB84zuFRH997pn8IieFxMRZfdqQWZ2utGryN7sslxT4s5ynMm 0c61dX0SUDS2Sb78vx9mbG4SRr/S2q6Wti7KqUIl4OSyYTO5j9ENTIH9/e+61n/7 ZFKQ3a4wggYQMIID+KADAgECAgphCNPEAAAAAAAEMA0GCSqGSIb3DQEBCwUAMIGR MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVk bW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMTswOQYDVQQDEzJN aWNyb3NvZnQgQ29ycG9yYXRpb24gVGhpcmQgUGFydHkgTWFya2V0cGxhY2UgUm9v dDAeFw0xMTA2MjcyMTIyNDVaFw0yNjA2MjcyMTMyNDVaMIGBMQswCQYDVQQGEwJV UzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UE ChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSswKQYDVQQDEyJNaWNyb3NvZnQgQ29y cG9yYXRpb24gVUVGSSBDQSAyMDExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEApQhsTMdFCWpLDKTAh38GdQxDAVRk4BZ/B+2SfQuyc78MCsZKRWGgxRYt ltP1K6D7TUmbQYCQPLlU/ea80Z3EpBiKf0GKXFmDaDK7jEfJ7nG8IU+ainz/RD+N jzKyJkiudbXuyUweShl+5IKaHXh3TQywvfYP0xbTvPorpVE4XfX7utt4Atv/7Aob ltWDuBkT6bbAe0B74R8oJ8n671ZeHOZ+lH7A8ESyeTnl2rJii02/OHDiaCQUyTOk CDfVWGle03ztwQRTCOdOsCqHYwhhb2MVWeqyK3nXDGFnilv9Xq2Hf7qGZ09xWBIi BCIizovvVHEAzlA1WHaVCO5qsaIB1QIDAQABo4IBdjCCAXIwEgYJKwYBBAGCNxUB BAUCAwEAATAjBgkrBgEEAYI3FQIEFgQU+MFrt393U0rzJTcdTqEmew8gcIAwHQYD VR0OBBYEFBOtv0MJvYJwnIzVTzFu1SKYihvUMBkGCSsGAQQBgjcUAgQMHgoAUwB1 AGIAQwBBMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaA FEVmUkPhflgRv9ZOniNVCDs6ImqoMFwGA1UdHwRVMFMwUaBPoE2GS2h0dHA6Ly9j cmwubWljcm9zb2Z0LmNvbS9wa2kvY3JsL3Byb2R1Y3RzL01pY0NvclRoaVBhck1h clJvb18yMDEwLTEwLTA1LmNybDBgBggrBgEFBQcBAQRUMFIwUAYIKwYBBQUHMAKG RGh0dHA6Ly93d3cubWljcm9zb2Z0LmNvbS9wa2kvY2VydHMvTWljQ29yVGhpUGFy TWFyUm9vXzIwMTAtMTAtMDUuY3J0MA0GCSqGSIb3DQEBCwUAA4ICAQA1CEL/MMzO 93YMrRBoWDUpRjJ2J3zvEkEnQhtKqm2BOEhZE1Xz6Vg0phYLgqpdrYLagINBBo+0 HfIDufMaXRvxUJD5s1WEQigcIL2yrlEUxcCsl5UhHJDbD/x3npVzkYjKvb1SuQVQ Dd9XnqBh7Q3lbSXZQA8XQMjOo0rCTa+aEh0IVI+9x7y5Kz1JKx8y/GohaU+byH5C NPw2BheLjyBAwLOaJXUnzckDo/Zd0ec2VHq5ULXTEtEHv7t039wej4DV7Rj0LxQW ay/eZoywI+XHhNjt6sEzgq1WSxgt8WiVB83P8HLwrrvdhoWYLCFMMyvwD0rwaIe1 klUydaFqgmo8oyURpO2t1wSuy9hAWaCE0ZVMYpEiGnQdjD1HDkSm5LCbNDWx+rZT qCyB7KQFcciduLroG0Rm5EdUDo5Wf7OfFpiyhtBoPpAjtS9ej1CFjcaNgl9BofQu DeCZ0mx15LZptSGG+gfR9uJN0dqtLHdTHiUyN8dsUnKVhrDxNWFqGfWyO4FQVqYy Lf6iiflChicYVaGCylqb+DCYVBSmR5YlL8gm5EGUGlwCP+WW44VbPD4/u0cWclXi JSKx2XvnAwYqo/cekEbDAA3WGYnjDjUnYgNxFabv0CegoFk3YPg4lLjgeHD4ukyG h5T24K4CRe5lwrajfmkWdQeSm/WmvFmDWDGCFY0wghWJAgEBMIGZMIGBMQswCQYD VQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEe MBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSswKQYDVQQDEyJNaWNyb3Nv ZnQgQ29ycG9yYXRpb24gVUVGSSBDQSAyMDExAhMzAAAAK0t5s2lNEhGHAAEAAAAr MA0GCWCGSAFlAwQCAQUAoIHcMBkGCSqGSIb3DQEJAzEMBgorBgEEAYI3AgEEMBwG CisGAQQBgjcCAQsxDjAMBgorBgEEAYI3AgEVMC8GCSqGSIb3DQEJBDEiBCD6ykwy 9WFgxYzOlShnIo9DZm2NSze7xGmix63B1OyYAzBwBgorBgEEAYI3AgEMMWIwYKAy gDAAUwBVAFMARQAgAEwAaQBuAHUAeAAgAFAAcgBvAGQAdQBjAHQAcwAgAEcAbQBi AEihKoAoaHR0cHM6Ly93d3cubWljcm9zb2Z0LmNvbS9lbi11cy93aW5kb3dzIDAN BgkqhkiG9w0BAQEFAASCAQAG1j/mfdzszjW/reGQrD0kqMnmHAgXwJtNFaaIQqM3 w4MkMCpJfN0eOZ/elQG6gR8dxel2pJryL9bEw8Mk//jXB82CKowVomvzcPMT0guz yNZT9fcAYNhuZqzCn4Aa7fFeMOHo85eUX43ytW+XiDe24X2jy215JJFaVpentAXM H2bh6HZZoq3TkRZI32mdxmIFXzwObInaPjEjwOqT0eVnV8AfZTqUndgFZuLxe3r4 UcsZVrhJ3FuWshMIILwuQDawqM6OL/efHixeeXtOMs7ibPMGOYr9RnQQxRvsyzMK /oUijHwIu6/9lV1loJsZKYNj4n6I5pTNhAp4lmnfBwF3oYIS5TCCEuEGCisGAQQB gjcDAwExghLRMIISzQYJKoZIhvcNAQcCoIISvjCCEroCAQMxDzANBglghkgBZQME AgEFADCCAVEGCyqGSIb3DQEJEAEEoIIBQASCATwwggE4AgEBBgorBgEEAYRZCgMB MDEwDQYJYIZIAWUDBAIBBQAEIMqRrTFRqu2dUKDPc+jkywto8W4UUxNEkcAu7lOG banGAgZclUjuk2YYEzIwMTkwNDA0MTk0MTM4LjczNFowBIACAfSggdCkgc0wgcox CzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRt b25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJTAjBgNVBAsTHE1p Y3Jvc29mdCBBbWVyaWNhIE9wZXJhdGlvbnMxJjAkBgNVBAsTHVRoYWxlcyBUU1Mg RVNOOkVBQ0UtRTMxNi1DOTFEMSUwIwYDVQQDExxNaWNyb3NvZnQgVGltZS1TdGFt cCBTZXJ2aWNloIIOPDCCBPEwggPZoAMCAQICEzMAAADxdMXRruM9mz0AAAAAAPEw DQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0 b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3Jh dGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwHhcN MTgxMDI0MjExNDIzWhcNMjAwMTEwMjExNDIzWjCByjELMAkGA1UEBhMCVVMxEzAR BgNVBAgTCldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1p Y3Jvc29mdCBDb3Jwb3JhdGlvbjElMCMGA1UECxMcTWljcm9zb2Z0IEFtZXJpY2Eg T3BlcmF0aW9uczEmMCQGA1UECxMdVGhhbGVzIFRTUyBFU046RUFDRS1FMzE2LUM5 MUQxJTAjBgNVBAMTHE1pY3Jvc29mdCBUaW1lLVN0YW1wIFNlcnZpY2UwggEiMA0G CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoq4WoWFgRw7nPLB1StrwYp//tsc3M WI2NwRPfoxHCtwpJHXR9mNsTkPG6fndeyO/cJRCeBH1BSggI1jlz8PVJ+SV4kTgO FIPez6ArJ8DfOLrds68NV0YSlbj7s8Z3MwItbB1DcqbGE+HAjhagpkvonI57o4FK fUUJsqbneG1Wpp+p11ibMiONcVr24PKoEK3Acg5WWScdrWPc9eOLxr7PX0nt+SfD f8QsQPpkK47Pv0LCRhp6hWh7jJn0B7ON3asDBxNhPAM3Qv5nPIOoMZ91OIhX3HqB sLzfiGFLKxbSAyIgliF+l7IzopZ9IXpxZr3mYIpEUoHd+yoCjoM1FRvNAgMBAAGj ggEbMIIBFzAdBgNVHQ4EFgQUZsTj6fTV/8ys+9ERmvuLxtq/l1IwHwYDVR0jBBgw FoAU1WM6XIoxkPNDe3xGG8UzaFqFbVUwVgYDVR0fBE8wTTBLoEmgR4ZFaHR0cDov L2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwvcHJvZHVjdHMvTWljVGltU3RhUENB XzIwMTAtMDctMDEuY3JsMFoGCCsGAQUFBwEBBE4wTDBKBggrBgEFBQcwAoY+aHR0 cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9jZXJ0cy9NaWNUaW1TdGFQQ0FfMjAx MC0wNy0wMS5jcnQwDAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDCDAN BgkqhkiG9w0BAQsFAAOCAQEAOrVnhwBI+vi/AD2MeRllHYwg1bUCP5sFOAA5kGAV GDiDcCDDPGeOiMjJPZDvAm3XCDQdkYJCzR18rRHK+/E76zs9+3/vApqAZVS+kJq9 qSeFvutjyh2FG42F/FUOa+4aV9Jqk8TW0Q9RBVCrw7lUxigBLn+X9BM7fJJrFtjp h7Gov+fcQj599R1Xgis9BfDX84h1DF9Cj10TV8lfRRaD4In0NT6vDVHsq/MF75l9 GI/ljEe+GRxaMtbu1riBT0pDRZk/LVY8iTwranl6t8aiV2TY+puKFCTbhUq1toAM Iz4RedpkAhnWN7Lxa7+1ICdhNBptJJDmGqoUu4XA1FCcfTCCBnEwggRZoAMCAQIC CmEJgSoAAAAAAAIwDQYJKoZIhvcNAQELBQAwgYgxCzAJBgNVBAYTAlVTMRMwEQYD VQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdSZWRtb25kMR4wHAYDVQQKExVNaWNy b3NvZnQgQ29ycG9yYXRpb24xMjAwBgNVBAMTKU1pY3Jvc29mdCBSb290IENlcnRp ZmljYXRlIEF1dGhvcml0eSAyMDEwMB4XDTEwMDcwMTIxMzY1NVoXDTI1MDcwMTIx NDY1NVowfDELMAkGA1UEBhMCVVMxEzARBgNVBAgTCldhc2hpbmd0b24xEDAOBgNV BAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEmMCQG A1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENBIDIwMTAwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCpHQ28dxGKOiDs/BOX9fp/aZRrdFQQ1aUKAIKF ++18aEssX8XD5WHCdrc+Zitb8BVTJwQxH0EbGpUdzgkTjnxhMFmxMEQP8WCIhFRD DNdNuDgIs0Ldk6zWczBXJoKjRQ3Q6vVHgc2/JGAyWGBG8lhHhjKEHnRhZ5FfgVSx z5NMksHEpl3RYRNuKMYa+YaAu99h/EbBJx0kZxJyGiGKr0tkiVBisV39dx898Fd1 rL2KQk1AUdEPnAY+Z3/1ZsADlkR+79BL/W7lmsqxqPJ6Kgox8NpOBpG2iAg16Hgc sOmZzTznL0S6p/TcZL2kAcEgCZN4zfy8wMlEXV4WnAEFTyJNAgMBAAGjggHmMIIB 4jAQBgkrBgEEAYI3FQEEAwIBADAdBgNVHQ4EFgQU1WM6XIoxkPNDe3xGG8UzaFqF bVUwGQYJKwYBBAGCNxQCBAweCgBTAHUAYgBDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud EwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAU1fZWy4/oolxiaNE9lJBb186aGMQwVgYD VR0fBE8wTTBLoEmgR4ZFaHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraS9jcmwv cHJvZHVjdHMvTWljUm9vQ2VyQXV0XzIwMTAtMDYtMjMuY3JsMFoGCCsGAQUFBwEB BE4wTDBKBggrBgEFBQcwAoY+aHR0cDovL3d3dy5taWNyb3NvZnQuY29tL3BraS9j ZXJ0cy9NaWNSb29DZXJBdXRfMjAxMC0wNi0yMy5jcnQwgaAGA1UdIAEB/wSBlTCB kjCBjwYJKwYBBAGCNy4DMIGBMD0GCCsGAQUFBwIBFjFodHRwOi8vd3d3Lm1pY3Jv c29mdC5jb20vUEtJL2RvY3MvQ1BTL2RlZmF1bHQuaHRtMEAGCCsGAQUFBwICMDQe MiAdAEwAZQBnAGEAbABfAFAAbwBsAGkAYwB5AF8AUwB0AGEAdABlAG0AZQBuAHQA LiAdMA0GCSqGSIb3DQEBCwUAA4ICAQAH5ohRDeLG4Jg/gXEDPZ2joSFvs+umzPUx vs8F4qn++ldtGTCzwsVmyWrf9efweL3HqJ4l4/m87WtUVwgrUYJEEvu5U4zM9GAS inbMQEBBm9xcF/9c+V4XNZgkVkt070IQyK+/f8Z/8jd9Wj8c8pl5SpFSAK84Dxf1 L3mBZdmptWvkx872ynoAb0swRCQiPM/tA6WWj1kpvLb9BOFwnzJKJ/1Vry/+tuWO M7tiX5rbV0Dp8c6ZZpCM/2pif93FSguRJuI57BlKcWOdeyFtw5yjojz6f32WapB4 pm3S4Zz5Hfw42JT0xqUKloakvZ4argRCg7i1gJsiOCC1JeVk7Pf0v35jWSUPei45 V3aicaoGig+JFrphpxHLmtgOR5qAxdDNp9DvfYPw4TtxCd9ddJgiCGHasFAeb73x 4QDf5zEHpJM692VHeOj4qEir995yfmFrb3epgcunCaw5u+zGy9iCtHLNHfS4hQEe gPsbiSpUObJb2sgNVZl6h3M7COaYLeqN4DMuEin1wC9UJyH3yKxO2ii4sanblrKn QqLJzxlBTeCG+SqaoxFmMNO7dDJL32N79ZmKLxvHIa9Zta7cRDyXUHHXodLFVeNp 3lfB0d4wwP3M5k37Db9dT+mdHhk4L7zPWAUu7w2gUDXa7wknHNWzfjUeCLraNtvT X4/edIhJEqGCAs4wggI3AgEBMIH4oYHQpIHNMIHKMQswCQYDVQQGEwJVUzETMBEG A1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWlj cm9zb2Z0IENvcnBvcmF0aW9uMSUwIwYDVQQLExxNaWNyb3NvZnQgQW1lcmljYSBP cGVyYXRpb25zMSYwJAYDVQQLEx1UaGFsZXMgVFNTIEVTTjpFQUNFLUUzMTYtQzkx RDElMCMGA1UEAxMcTWljcm9zb2Z0IFRpbWUtU3RhbXAgU2VydmljZaIjCgEBMAcG BSsOAwIaAxUAvFOdlKwnpU5hRdhHJCN8vFXyM1yggYMwgYCkfjB8MQswCQYDVQQG EwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwG A1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSYwJAYDVQQDEx1NaWNyb3NvZnQg VGltZS1TdGFtcCBQQ0EgMjAxMDANBgkqhkiG9w0BAQUFAAIFAOBQQd4wIhgPMjAx OTA0MDQxNjQyMDZaGA8yMDE5MDQwNTE2NDIwNlowdzA9BgorBgEEAYRZCgQBMS8w LTAKAgUA4FBB3gIBADAKAgEAAgILBwIB/zAHAgEAAgIRhTAKAgUA4FGTXgIBADA2 BgorBgEEAYRZCgQCMSgwJjAMBgorBgEEAYRZCgMCoAowCAIBAAIDB6EgoQowCAIB AAIDAYagMA0GCSqGSIb3DQEBBQUAA4GBABbfSUy1rOwrlY5AcrDnZQJZbQVNQUVe 1HOY2wlNCg1hPkNW60KZ7Dh01tHEYw03ZY1xk28inrgov3Lje00WNCkOFHlf4vME l+gnNUmJM6N8zs3QbWwh50+1OqH73goJ6R+EdM0rLX+EFWzKc3zUhrH3br9eN9FV x78E+YtQ5iN4MYIDDTCCAwkCAQEwgZMwfDELMAkGA1UEBhMCVVMxEzARBgNVBAgT Cldhc2hpbmd0b24xEDAOBgNVBAcTB1JlZG1vbmQxHjAcBgNVBAoTFU1pY3Jvc29m dCBDb3Jwb3JhdGlvbjEmMCQGA1UEAxMdTWljcm9zb2Z0IFRpbWUtU3RhbXAgUENB IDIwMTACEzMAAADxdMXRruM9mz0AAAAAAPEwDQYJYIZIAWUDBAIBBQCgggFKMBoG CSqGSIb3DQEJAzENBgsqhkiG9w0BCRABBDAvBgkqhkiG9w0BCQQxIgQgE6tuy4D1 PXn1YhmUzps8WzDfwptiqZocZPnsnXCOow0wgfoGCyqGSIb3DQEJEAIvMYHqMIHn MIHkMIG9BCCFwNmWqQLZ+8AirEdqKm+8XKE3IhrRpsJ0DGVl3zjYdzCBmDCBgKR+ MHwxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpXYXNoaW5ndG9uMRAwDgYDVQQHEwdS ZWRtb25kMR4wHAYDVQQKExVNaWNyb3NvZnQgQ29ycG9yYXRpb24xJjAkBgNVBAMT HU1pY3Jvc29mdCBUaW1lLVN0YW1wIFBDQSAyMDEwAhMzAAAA8XTF0a7jPZs9AAAA AADxMCIEIDXZRVq/WyX+CriQ1vQWHwOW6U7EWzCE/Xt0IO7z8fVnMA0GCSqGSIb3 DQEBCwUABIIBAJXITo0LjthoIafwWqo/stEzulrEQTfJPAN4euA39BdsJ6YoimTs 89XBhPqaNxwocYdyhOXCbblH/d87rcI/3+DbQ0DCHGmckTDpMhuouQNaFKNSlYmN 3Cv32ljomLxf4TD0zuG/YbUvIk5QXqDGNT8L5qFkKN6gsQrokGjv6GpD/FrGFd7/ kF6u2jTb1ngcUo7Eg5gL1uwkqTJha0gDvo4Fa5UDVxvqxcN+qQe45Ec/y8b9O40l f40iFEPUbJ2XypankZjuRLBl8u1AmZB8640USrQYIdEMPkQdG6gIvfezgAlojr1y kbXYkqaY1NrNj4ykEl43l2f7JE/kTHA5c3oAAAAAAAA= -----END AUTHENTICODE SIGNATURE----- ++++++ strip_signature.sh ++++++ #!/bin/bash # strip the signature from a PE binary set -e infile="$1" if [ -z "$infile" -o ! -e "$infile" ]; then echo "USAGE: $0 file.efi" exit 1 fi outfile="${infile%.efi}-unsigned.efi" pesign -r -i "$infile" -o "$outfile" ++++++ timestamp.pl ++++++ #!/usr/bin/perl -w # Copyright (c) 2012,2013 SUSE Linux Products GmbH # # Permission is hereby granted, free of charge, to any person obtaining a copy # of this software and associated documentation files (the "Software"), to deal # in the Software without restriction, including without limitation the rights # to use, copy, modify, merge, publish, distribute, sublicense, and/or sell # copies of the Software, and to permit persons to whom the Software is # furnished to do so, subject to the following conditions: # # The above copyright notice and this permission notice shall be included in # all copies or substantial portions of the Software. # # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR # IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, # FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE # AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER # LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, # OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE # SOFTWARE. =head1 timestamp.pl timestamp.pl - show or set pe timestamp in file =head1 SYNOPSIS timestamp.pl [OPTIONS] FILE... =head1 OPTIONS =over 4 =item B<--set-form-file=FILE> parse timestamp and checksum from file =item B<--help, -h> print help =back =head1 DESCRIPTION lorem ipsum ... =cut use strict; use Getopt::Long; Getopt::Long::Configure("no_ignore_case"); use POSIX qw/strftime/; my %options; sub usage($) { my $r = shift; eval "use Pod::Usage; pod2usage($r);"; if ($@) { die "cannot display help, install perl(Pod::Usage)\n"; } } GetOptions( \%options, "set-from-file=s", "verbose|v", "help|h", ) or usage(1); usage(1) unless @ARGV; usage(0) if ($options{'help'}); my $set_timestamp; my $set_checksum; if ($options{'set-from-file'}) { die "$options{'set-from-file'}: $!\n" unless open(my $fh, '<', $options{'set-from-file'}); while (<$fh>) { chomp; if (/^timestamp: ([0-9a-f]+)/) { $set_timestamp = pack('L', hex($1)); next; } elsif (/^checksum: ([0-9a-f]+)/) { $set_checksum = pack('S', hex($1)); next; } last if $set_timestamp && $set_checksum; } close($fh); die "file didn't contain timestamp and checksum\n" unless $set_timestamp && $set_checksum; } sub do_show($) { my $file = shift; die "$file: $!\n" unless open(my $fh, '<', $file); die "seek $file: $!\n" unless seek($fh, 136, 0); my $value; die "read $file: $!\n" unless read($fh, $value, 4); my $timestamp = unpack('L', $value); print strftime("# %Y-%m-%d %H:%M:%S\n", gmtime($timestamp)); printf ("timestamp: %x\n", $timestamp); die "seek $file: $!\n" unless seek($fh, 216, 0); die "read $file: $!\n" unless read($fh, $value, 2); printf ("checksum: %x\n", unpack('S', $value)); close($fh); } sub do_set($) { my $file = shift; die "$file: $!\n" unless open(my $fh, '+<', $file); die "seek $file: $!\n" unless seek($fh, 136, 0); die "write $file: $!\n" unless print $fh $set_timestamp; die "seek $file: $!\n" unless seek($fh, 216, 0); die "read $file: $!\n" unless print $fh $set_checksum; close($fh); } for my $file (@ARGV) { if ($options{'set-from-file'}) { do_set($file); } else { do_show($file); } }
