|
|
245cbb |
Name: dbxtool
|
|
|
245cbb |
Version: 8
|
|
|
245cbb |
Release: 5%{?dist}
|
|
|
245cbb |
Summary: Secure Boot DBX updater
|
|
|
245cbb |
License: GPLv2
|
|
|
245cbb |
URL: https://github.com/vathpela/dbxtool
|
|
|
245cbb |
ExclusiveArch: i386 x86_64 aarch64
|
|
|
245cbb |
BuildRequires: popt-devel git systemd
|
|
|
245cbb |
BuildRequires: efivar-devel >= 31-3
|
|
|
245cbb |
Requires: efivar >= 31-3
|
|
|
245cbb |
Requires(post): systemd
|
|
|
245cbb |
Requires(preun):systemd
|
|
|
245cbb |
Source0: https://github.com/vathpela/dbxtool/releases/download/dbxtool-%{version}/dbxtool-%{version}.tar.bz2
|
|
|
245cbb |
Patch0000: %{name}-8-ccldflags.patch
|
|
|
245cbb |
Patch0001: 0001-don-t-use-f-in-dbxtool.service.patch
|
|
|
245cbb |
Patch0002: 0002-Make-quiet-exit-on-missing-PK-KEK-not-return-error-s.patch
|
|
|
245cbb |
|
|
|
245cbb |
%description
|
|
|
245cbb |
This package contains DBX updates for UEFI Secure Boot.
|
|
|
245cbb |
|
|
|
245cbb |
%prep
|
|
|
245cbb |
%setup -q -n %{name}-%{version}
|
|
|
245cbb |
git init
|
|
|
245cbb |
git config user.email "%{name}-owner@fedoraproject.org"
|
|
|
245cbb |
git config user.name "Fedora Ninjas"
|
|
|
245cbb |
git add .
|
|
|
245cbb |
git commit -a -q -m "%{version} baseline."
|
|
|
245cbb |
git am %{patches}
|
|
|
245cbb |
git config --unset user.email
|
|
|
245cbb |
git config --unset user.name
|
|
|
245cbb |
|
|
|
245cbb |
%build
|
|
|
245cbb |
make PREFIX=%{_prefix} LIBDIR=%{_libdir} CFLAGS="$RPM_OPT_FLAGS" CCLDFLAGS="%{__global_ldflags}"
|
|
|
245cbb |
|
|
|
245cbb |
%install
|
|
|
245cbb |
rm -rf $RPM_BUILD_ROOT
|
|
|
245cbb |
mkdir -p %{buildroot}/%{_libdir}
|
|
|
245cbb |
make PREFIX=%{_prefix} LIBDIR=%{_libdir} INSTALLROOT=%{buildroot} \
|
|
|
245cbb |
install
|
|
|
245cbb |
rm -f %{buildroot}/%{_docdir}/%{name}/COPYING
|
|
|
245cbb |
|
|
|
245cbb |
%post
|
|
|
245cbb |
%systemd_post dbxtool.service
|
|
|
245cbb |
|
|
|
245cbb |
%preun
|
|
|
245cbb |
%systemd_preun dbxtool.service
|
|
|
245cbb |
|
|
|
245cbb |
%files
|
|
|
245cbb |
%{!?_licensedir:%global license %%doc}
|
|
|
245cbb |
%license COPYING
|
|
|
245cbb |
%{_bindir}/dbxtool
|
|
|
245cbb |
%doc %{_mandir}/man1/*
|
|
|
245cbb |
%dir %{_datadir}/dbxtool/
|
|
|
245cbb |
%{_datadir}/dbxtool/*.bin
|
|
|
245cbb |
%{_unitdir}/dbxtool.service
|
|
|
245cbb |
|
|
|
245cbb |
%changelog
|
|
|
245cbb |
* Thu Apr 12 2018 Petr Šabata <contyk@redhat.com> - 8-5
|
|
|
245cbb |
- Fix build flags injection (rhbz#1548123)
|
|
|
245cbb |
|
|
|
245cbb |
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 8-4
|
|
|
245cbb |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
|
|
|
245cbb |
|
|
|
245cbb |
* Mon Oct 23 2017 Peter Jones <pjones@redhat.com> - 8-3
|
|
|
245cbb |
- Also don't return error if we're using --quiet and PK/KEK are absent.
|
|
|
245cbb |
Resolves: rhbz#1489942
|
|
|
245cbb |
|
|
|
245cbb |
* Thu Oct 19 2017 Peter Jones <pjones@redhat.com> - 8-2
|
|
|
245cbb |
- Don't use -f in dbxtool.service; that'll make it do the thing we're
|
|
|
245cbb |
trying to avoid.
|
|
|
245cbb |
Resolves: rhbz#1489942
|
|
|
245cbb |
|
|
|
245cbb |
* Wed Oct 18 2017 Peter Jones <pjones@redhat.com> - 8-1
|
|
|
245cbb |
- Update to dbxtool 8
|
|
|
245cbb |
- Make a "make coverity" rule to scan the source
|
|
|
245cbb |
Results at: https://scan.coverity.com/projects/rhboot-dbxtool
|
|
|
245cbb |
- Don't try to apply anything if PK and KEK aren't enrolled
|
|
|
245cbb |
- Add --force and --quiet for the PK/KEK checker, and use them in the
|
|
|
245cbb |
systemd service.
|
|
|
245cbb |
Resolves: rhbz#1489942
|
|
|
245cbb |
- Add a .syntastic_c_config for vim's Syntastic modules
|
|
|
245cbb |
- Use tsearch()/tfind()/tdestroy() from libc instead of ccan htables
|
|
|
245cbb |
- Don't open the dbx file with O_RDWR|O_CREAT, use O_RDONLY.
|
|
|
245cbb |
- Lots of minor bug fixes gcc -Wextra and friends found.
|
|
|
245cbb |
|
|
|
245cbb |
* Wed Aug 02 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7-6
|
|
|
245cbb |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
|
|
|
245cbb |
|
|
|
245cbb |
* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7-5
|
|
|
245cbb |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
|
|
|
245cbb |
|
|
|
245cbb |
* Sat Jul 08 2017 Peter Jones <pjones@redhat.com> - 7-4
|
|
|
245cbb |
- Rebuild for efivar-31-1.fc26
|
|
|
245cbb |
Related: rhbz#1468841
|
|
|
245cbb |
|
|
|
245cbb |
* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 7-3
|
|
|
245cbb |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
|
|
|
245cbb |
|
|
|
245cbb |
* Wed Aug 17 2016 Peter Jones <pjones@redhat.com> - 7-2
|
|
|
245cbb |
- Rebuild for newer efivar.
|
|
|
245cbb |
|
|
|
245cbb |
* Wed Aug 10 2016 Peter Jones <pjones@redhat.com> - 7-1
|
|
|
245cbb |
- Update to version 7
|
|
|
245cbb |
- Add new dbxupdate.bin for CVE-2016-3320 and
|
|
|
245cbb |
https://support.microsoft.com/en-us/kb/3179577
|
|
|
245cbb |
|
|
|
245cbb |
* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 0.6-6
|
|
|
245cbb |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
|
|
|
245cbb |
|
|
|
245cbb |
* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.6-5
|
|
|
245cbb |
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
|
|
|
245cbb |
|
|
|
245cbb |
* Mon Feb 23 2015 Peter Jones <pjones@redhat.com> - 0.6-4
|
|
|
245cbb |
- Zbigniew Jędrzejewski-Szmek was kind enough to audit the systemd service,
|
|
|
245cbb |
and had some suggestions, as did Harald Hoyer and Lennart Poettering.
|
|
|
245cbb |
Related: rhbz#1181568
|
|
|
245cbb |
|
|
|
245cbb |
* Tue Dec 09 2014 Peter Jones <pjones@redhat.com> - 0.6-3
|
|
|
245cbb |
- Add systemd scriptlets for the service.
|
|
|
245cbb |
|
|
|
245cbb |
* Thu Oct 09 2014 Peter Jones <pjones@redhat.com> - 0.6-2
|
|
|
245cbb |
- Require efivar >= 0.14-1 specifically.
|
|
|
245cbb |
|
|
|
245cbb |
* Wed Oct 08 2014 Peter Jones <pjones@redhat.com> - 0.6-1
|
|
|
245cbb |
- Update to 0.6
|
|
|
245cbb |
- make "dbxtool -l" correctly show not-well-known guids.
|
|
|
245cbb |
|
|
|
245cbb |
* Tue Oct 07 2014 Peter Jones <pjones@redhat.com> - 0.5-1
|
|
|
245cbb |
- Update to 0.5:
|
|
|
245cbb |
- make applying to dbx when it doesn't exist work (lersek)
|
|
|
245cbb |
- make displaying KEK work right
|
|
|
245cbb |
|
|
|
245cbb |
* Wed Aug 20 2014 Peter Jones <pjones@redhat.com> - 0.4-1
|
|
|
245cbb |
- First packaging attempt.
|