|
 |
e59b1a |
Name: shim
|
|
|
e59b1a |
Version: 15.5
|
|
|
e59b1a |
Release: 2.el9
|
|
|
e59b1a |
Summary: First-stage UEFI bootloader
|
|
|
e59b1a |
License: BSD
|
|
|
e59b1a |
URL: https://github.com/rhboot/shim/
|
|
|
e59b1a |
BuildRequires: efi-filesystem
|
|
|
e59b1a |
BuildRequires: efi-srpm-macros >= 6
|
|
|
e59b1a |
|
|
|
e59b1a |
ExclusiveArch: %{efi}
|
|
|
e59b1a |
# and we don't have shim-unsigned-arm builds *yet*
|
|
|
e59b1a |
ExcludeArch: %{arm} %{ix86}
|
|
|
e59b1a |
|
|
|
e59b1a |
Source0: shim.rpmmacros
|
|
|
e59b1a |
Source1: redhatsecureboot501.cer
|
|
|
e59b1a |
Source2: redhatsecurebootca5.cer
|
|
|
e59b1a |
|
|
|
e59b1a |
# keep these two lists of sources synched up arch-wise. That is 0 and 10
|
|
|
e59b1a |
# match, 1 and 11 match, ...
|
|
|
e59b1a |
Source10: BOOTAA64.CSV
|
|
|
e59b1a |
Source20: shimaa64.efi
|
|
|
e59b1a |
Source30: mmaa64.efi
|
|
|
e59b1a |
Source40: fbaa64.efi
|
|
|
e59b1a |
Source12: BOOTX64.CSV
|
|
|
e59b1a |
Source22: shimx64.efi
|
|
|
e59b1a |
Source32: mmx64.efi
|
|
|
e59b1a |
Source42: fbx64.efi
|
|
|
e59b1a |
#Source13: BOOTARM.CSV
|
|
|
e59b1a |
#Source23: shimarm.efi
|
|
|
e59b1a |
#Source33: mmarm.efi
|
|
|
e59b1a |
#Source43: fbarm.efi
|
|
|
e59b1a |
|
|
|
e59b1a |
%include %{SOURCE0}
|
|
|
e59b1a |
|
|
|
e59b1a |
BuildRequires: pesign >= 0.112-20.fc27
|
|
|
e59b1a |
# We need this because %%{efi} won't expand before choosing where to make
|
|
|
e59b1a |
# the src.rpm in koji, and we could be on a non-efi architecture, in which
|
|
|
e59b1a |
# case we won't have a valid expansion here... To be solved in the future
|
|
|
e59b1a |
# (shim 16+) by making the unsigned packages all provide "shim-unsigned", so
|
|
|
e59b1a |
# we can just BuildRequires that.
|
|
|
e59b1a |
%ifarch x86_64
|
|
|
e59b1a |
## BuildRequires: %% {unsignedx64} = %% {shimverx64}
|
|
|
e59b1a |
BuildRequires: shim-unsigned-x64 = 15.5-1.el9
|
|
|
e59b1a |
%endif
|
|
|
e59b1a |
%ifarch aarch64
|
|
|
e59b1a |
BuildRequires: %{unsignedaa64} = %{shimveraa64}
|
|
|
e59b1a |
%endif
|
|
|
e59b1a |
#%%ifarch arm
|
|
|
e59b1a |
#BuildRequires: %%{unsignedarm} = %%{shimverarm}
|
|
|
e59b1a |
#%%endif
|
|
|
e59b1a |
|
|
|
e59b1a |
%description
|
|
|
e59b1a |
Initial UEFI bootloader that handles chaining to a trusted full bootloader
|
|
|
e59b1a |
under secure boot environments. This package contains the version signed by
|
|
|
e59b1a |
the UEFI signing service.
|
|
|
e59b1a |
|
|
|
e59b1a |
%define_pkg -a %{efi_arch} -p 1
|
|
|
e59b1a |
%if %{efi_has_alt_arch}
|
|
|
e59b1a |
%define_pkg -a %{efi_alt_arch}
|
|
|
e59b1a |
%endif
|
|
|
e59b1a |
|
|
|
e59b1a |
%prep
|
|
|
e59b1a |
cd %{_builddir}
|
|
|
e59b1a |
rm -rf shim-%{version}
|
|
|
e59b1a |
mkdir shim-%{version}
|
|
|
e59b1a |
|
|
|
e59b1a |
%build
|
|
|
e59b1a |
export PS4='${LINENO}: '
|
|
|
e59b1a |
|
|
|
e59b1a |
cd shim-%{version}
|
|
|
e59b1a |
%if %{efi_has_alt_arch}
|
|
|
e59b1a |
%define_build -a %{efi_alt_arch} -A %{efi_alt_arch_upper} -i %{shimefialt} -b yes -c %{is_alt_signed} -d %{shimdiralt}
|
|
|
e59b1a |
%endif
|
|
|
e59b1a |
%define_build -a %{efi_arch} -A %{efi_arch_upper} -i %{shimefi} -b yes -c %{is_signed} -d %{shimdir}
|
|
|
e59b1a |
|
|
|
e59b1a |
%install
|
|
|
e59b1a |
rm -rf $RPM_BUILD_ROOT
|
|
|
e59b1a |
cd shim-%{version}
|
|
|
e59b1a |
install -D -d -m 0755 $RPM_BUILD_ROOT/boot/
|
|
|
e59b1a |
install -D -d -m 0700 $RPM_BUILD_ROOT%{efi_esp_root}/
|
|
|
e59b1a |
install -D -d -m 0700 $RPM_BUILD_ROOT%{efi_esp_efi}/
|
|
|
e59b1a |
install -D -d -m 0700 $RPM_BUILD_ROOT%{efi_esp_dir}/
|
|
|
e59b1a |
install -D -d -m 0700 $RPM_BUILD_ROOT%{efi_esp_boot}/
|
|
|
e59b1a |
|
|
|
e59b1a |
%do_install -a %{efi_arch} -A %{efi_arch_upper} -b %{bootcsv}
|
|
|
e59b1a |
%if %{efi_has_alt_arch}
|
|
|
e59b1a |
%do_install -a %{efi_alt_arch} -A %{efi_alt_arch_upper} -b %{bootcsvalt}
|
|
|
e59b1a |
%endif
|
|
|
e59b1a |
|
|
|
e59b1a |
%if %{provide_legacy_shim}
|
|
|
e59b1a |
install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi
|
|
|
e59b1a |
%endif
|
|
|
e59b1a |
|
|
|
e59b1a |
( cd $RPM_BUILD_ROOT ; find .%{efi_esp_root} -type f ) \
|
|
|
e59b1a |
| sed -e 's/\./\^/' -e 's,^\\\./,.*/,' -e 's,$,$,' > %{__brp_mangle_shebangs_exclude_from_file}
|
|
|
e59b1a |
|
|
|
e59b1a |
%define_files -a %{efi_arch} -A %{efi_arch_upper}
|
|
|
e59b1a |
%if %{efi_has_alt_arch}
|
|
|
e59b1a |
%define_files -a %{efi_alt_arch} -A %{efi_alt_arch_upper}
|
|
|
e59b1a |
%endif
|
|
|
e59b1a |
|
|
|
e59b1a |
%if %{provide_legacy_shim}
|
|
|
e59b1a |
%{efi_esp_dir}/shim.efi
|
|
|
e59b1a |
%endif
|
|
|
e59b1a |
|
|
|
e59b1a |
%changelog
|
|
|
e59b1a |
* Thu Apr 14 2022 Peter Jones <pjones@redhat.com> - 15.5-2.el9
|
|
|
e59b1a |
- Attempt to make aarch64 build.
|
|
|
e59b1a |
Related: rhbz#1932057
|
|
|
e59b1a |
|
|
|
e59b1a |
* Thu Apr 14 2022 Peter Jones <pjones@redhat.com> - 15.5-1.el9
|
|
|
e59b1a |
- Rebuild for rhel-9.0.0
|
|
|
e59b1a |
Resolves: rhbz#1932057
|
|
|
e59b1a |
|
|
|
e59b1a |
* Mon Sep 21 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-16
|
|
|
e59b1a |
- Fix an incorrect allocation size
|
|
|
e59b1a |
|
|
|
e59b1a |
* Fri Jul 31 2020 Peter Jones <pjones@redhat.com> - 15-15
|
|
|
e59b1a |
- Update once again for new signed shim builds.
|
|
|
e59b1a |
|
|
|
e59b1a |
* Tue Jul 28 2020 Peter Jones <pjones@redhat.com> - 15-14
|
|
|
e59b1a |
- Get rid of our %%dist hack for now.
|
|
|
e59b1a |
|
|
|
e59b1a |
* Tue Jul 28 2020 Peter Jones <pjones@redhat.com> - 15-13
|
|
|
e59b1a |
- New signing keys
|
|
|
e59b1a |
|
|
|
e59b1a |
* Thu Jun 11 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-12
|
|
|
e59b1a |
- Fix firmware update bug in aarch64 caused by shim ignoring arguments
|
|
|
e59b1a |
- Fix a shim crash when attempting to netboot
|
|
|
e59b1a |
|
|
|
e59b1a |
* Fri Jun 07 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-11
|
|
|
e59b1a |
- Update the shim-unsigned-aarch64 version number
|
|
|
e59b1a |
|
|
|
e59b1a |
* Fri Jun 07 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-10
|
|
|
e59b1a |
- Add a gating.yaml file so the package can be properly gated
|
|
|
e59b1a |
|
|
|
e59b1a |
* Wed Jun 05 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-9
|
|
|
e59b1a |
- Bump the NVR
|
|
|
e59b1a |
|
|
|
e59b1a |
* Wed Jun 05 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-7
|
|
|
e59b1a |
- Make EFI variable copying fatal only on secureboot enabled systems
|
|
|
e59b1a |
- Fix booting shim from an EFI shell using a relative path
|
|
|
e59b1a |
|
|
|
e59b1a |
* Thu Mar 14 2019 Peter Jones <pjones@redhat.com> - 15-6
|
|
|
e59b1a |
- Fix MoK mirroring issue which breaks kdump without intervention
|
|
|
e59b1a |
|
|
|
e59b1a |
* Thu Jan 24 2019 Peter Jones <pjones@redhat.com> - 15-5
|
|
|
e59b1a |
- Rebuild for signing once again. If the signer actually works, then:
|
|
|
e59b1a |
|
|
|
e59b1a |
* Tue Oct 16 2018 Peter Jones <pjones@redhat.com> - 15-4
|
|
|
e59b1a |
- Rebuild for signing
|
|
|
e59b1a |
|
|
|
e59b1a |
* Mon Aug 13 2018 Troy Dawson <tdawson@redhat.com>
|
|
|
e59b1a |
- Release Bumped for el8 Mass Rebuild
|
|
|
e59b1a |
|
|
|
e59b1a |
* Sat Aug 11 2018 Troy Dawson <tdawson@redhat.com>
|
|
|
e59b1a |
- Release Bumped for el8+8 Mass Rebuild
|
|
|
e59b1a |
|
|
|
e59b1a |
* Mon Jul 23 2018 Peter Jones <pjones@redhat.com> - 15-1
|
|
|
e59b1a |
- Build for RHEL 8
|