edk2/edk2.spec

783 lines
26 KiB
RPMSpec
Raw Normal View History

2022-01-21 12:45:59 +00:00
# https://fedoraproject.org/wiki/Changes/SetBuildFlagsBuildCheck
# breaks cross-building
%undefine _auto_set_build_flags
# actual firmware builds support cross-compiling. edk2-tools
# in theory should build everywhere without much trouble, but
# in practice the edk2 build system barfs on archs it doesn't know
# (such as ppc), so lets limit things to the known-good ones.
2023-09-11 08:17:40 +00:00
ExclusiveArch: x86_64 aarch64 riscv64
# edk2-stable202308
2023-11-17 11:19:49 +00:00
%define GITDATE 20231122
%define GITCOMMIT 8736b8fdca85
%define TOOLCHAIN GCC
2023-11-17 11:19:49 +00:00
%define PLATFORMS_COMMIT 10e2eb030de3
%define OPENSSL_VER 3.0.7
2023-12-06 12:30:25 +00:00
%define OPENSSL_COMMIT db0287935122edceb91dcda8dfb53b4090734e22
2023-05-12 12:04:56 +00:00
%define DBXDATE 20230509
2023-03-15 11:11:22 +00:00
# Undefine this to get *HUGE* (50MB+) verbose build logs
%define silent --silent
%if %{defined rhel}
%define build_ovmf 0
%define build_aarch64 0
%ifarch x86_64
%define build_ovmf 1
%endif
%ifarch aarch64
%define build_aarch64 1
%endif
2023-03-02 11:57:19 +00:00
%define build_riscv64 0
%else
%define build_ovmf 1
%define build_aarch64 1
2023-03-02 11:57:19 +00:00
%define build_riscv64 1
%endif
%global softfloat_version 20180726-gitb64af41
%define cross %{defined fedora}
%define disable_werror %{defined fedora}
Name: edk2
2023-05-24 07:28:07 +00:00
Version: %{GITDATE}
Release: %autorelease
Summary: UEFI firmware for 64-bit virtual machines
License: Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-3-Clause AND BSD-4-Clause AND ISC AND MIT AND LicenseRef-Fedora-Public-Domain
URL: http://www.tianocore.org
# The source tarball is created using following commands:
# COMMIT=bb1bba3d7767
# git archive --format=tar --prefix=edk2-$COMMIT/ $COMMIT \
# | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
Source0: edk2-%{GITCOMMIT}.tar.xz
Source1: ovmf-whitepaper-c770f8c.txt
Source2: openssl-rhel-%{OPENSSL_COMMIT}.tar.xz
Source3: softfloat-%{softfloat_version}.tar.xz
Source4: edk2-platforms-%{PLATFORMS_COMMIT}.tar.xz
2023-01-25 10:32:23 +00:00
Source5: jansson-2.13.1.tar.bz2
2023-09-05 16:19:36 +00:00
Source6: README.experimental
# json description files
Source10: 50-edk2-aarch64-qcow2.json
Source11: 51-edk2-aarch64-raw.json
Source12: 52-edk2-aarch64-verbose-qcow2.json
Source13: 53-edk2-aarch64-verbose-raw.json
Source20: 50-edk2-arm-verbose.json
Source30: 30-edk2-ovmf-ia32-sb-enrolled.json
Source31: 40-edk2-ovmf-ia32-sb.json
Source32: 50-edk2-ovmf-ia32-nosb.json
Source40: 30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json
Source41: 31-edk2-ovmf-2m-raw-x64-sb-enrolled.json
Source42: 40-edk2-ovmf-4m-qcow2-x64-sb.json
Source43: 41-edk2-ovmf-2m-raw-x64-sb.json
Source44: 50-edk2-ovmf-x64-microvm.json
Source45: 50-edk2-ovmf-4m-qcow2-x64-nosb.json
Source46: 51-edk2-ovmf-2m-raw-x64-nosb.json
Source47: 60-edk2-ovmf-x64-amdsev.json
Source48: 60-edk2-ovmf-x64-inteltdx.json
Ship the JSON firmware "descriptor files" From version 4.1 (due in August 2019) onwards, QEMU ships the so-called firmware "descriptor files". These are small JSON files that describe details about UEFI firmware binaries — such as the fimware binary path, its architecture, supported machine type, NVRAM template and so forth. You can see examples of these files from the QEMU upstream Git: https://git.qemu.org/?p=qemu.git;a=tree;f=pc-bios/descriptors $> tree descriptors/ descriptors/ ├── 50-edk2-i386-secure.json ├── 50-edk2-x86_64-secure.json ├── 60-edk2-aarch64.json ├── 60-edk2-arm.json ├── 60-edk2-i386.json └── 60-edk2-x86_64.json QEMU 4.1 itself will ship the above files. However, Fedora needs to ship these file as part of its EDK2 package. Why? ---- (1) Quoting (with minor formatting edits) Laszlo Ersek: Distributions providing their own EDK2 packages would not include the descriptors from upstream QEMU, even if they otherwise package QEMU. That's beause the descriptor files in QEMU match the firmware bundled with QEMU -- but the firmware images in the distros' own EDK2 packages are different. So, if a distro provides an EDK2 package, then the same EDK2 package should offer matching descriptors. QEMU offers descriptors (soon) because QEMU technically distributes edk2 firmware binaries (soon). [Where "soon" == QEMU 4.1] (2) And as Dan Berrangé reminded on IRC: In Fedora, we need to ship them [the "descriptor files"] as part of the EDK2 package, because Fedora throws away all the firmware files that QEMU bundles, because we're [Fedora] required to rebuild everything from pristine source. - - - In this patch: (*) Use the firmware descriptor files provided by Laszlo (thanks!) in this comment here: https://bugzilla.redhat.com/show_bug.cgi?id=1728652#c2 ("RFE: Ship the JSON firmware "descriptor files" as part of EDK2"). On the double-digit priority prefixes, refer to the rationale here: https://src.fedoraproject.org/rpms/edk2/pull-request/3#comment-27523 (*) Install the JSON files for the relevant architectures in `/usr/share/qemu/firmware`, as required by specification[+]. And make each EDK2 own this directory; multiple RPMs owning the same directory is no problem. [+] https://git.qemu.org/?p=qemu.git;a=blob;f=docs/interop/firmware.json Resolves: rhbz#1728652 Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
2019-07-12 09:20:38 +00:00
2023-09-05 16:27:23 +00:00
Source50: 50-edk2-riscv-qcow2.json
# https://gitlab.com/kraxel/edk2-build-config
Source80: edk2-build.py
Source81: edk2-build.fedora
2023-01-25 10:32:23 +00:00
Source82: edk2-build.fedora.platforms
Source83: edk2-build.rhel-9
2023-03-15 11:11:22 +00:00
Source90: DBXUpdate-%{DBXDATE}.x64.bin
Source91: DBXUpdate-%{DBXDATE}.ia32.bin
2022-12-02 11:39:42 +00:00
2022-03-23 08:15:34 +00:00
Patch0001: 0001-BaseTools-do-not-build-BrotliCompress-RH-only.patch
Patch0002: 0002-MdeModulePkg-remove-package-private-Brotli-include-p.patch
2023-03-02 12:01:18 +00:00
Patch0003: 0003-MdeModulePkg-TerminalDxe-set-xterm-resolution-on-mod.patch
Patch0004: 0004-OvmfPkg-take-PcdResizeXterm-from-the-QEMU-command-li.patch
Patch0005: 0005-ArmVirtPkg-take-PcdResizeXterm-from-the-QEMU-command.patch
Patch0006: 0006-OvmfPkg-enable-DEBUG_VERBOSE-RHEL-only.patch
Patch0007: 0007-OvmfPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuVide.patch
Patch0008: 0008-ArmVirtPkg-silence-DEBUG_VERBOSE-0x00400000-in-QemuR.patch
Patch0009: 0009-OvmfPkg-QemuRamfbDxe-Do-not-report-DXE-failure-on-Aa.patch
Patch0010: 0010-OvmfPkg-silence-EFI_D_VERBOSE-0x00400000-in-NvmExpre.patch
Patch0011: 0011-OvmfPkg-QemuKernelLoaderFsDxe-suppress-error-on-no-k.patch
Patch0012: 0012-SecurityPkg-Tcg2Dxe-suppress-error-on-no-swtpm-in-si.patch
Patch0013: 0013-UefiCpuPkg-MpInitLib-fix-apic-mode-for-cpu-hotplug.patch
Patch0015: 0015-CryptoPkg-CrtLib-add-stat.h.patch
Patch0016: 0016-CryptoPkg-CrtLib-add-access-open-read-write-close-sy.patch
2023-11-17 11:19:49 +00:00
Patch0017: 0017-OvmfPkg-set-PcdVariableStoreSize-PcdMaxVolatileVaria.patch
%if 0%{?fedora} >= 38 || 0%{?rhel} >= 10
Patch0018: 0018-silence-.-has-a-LOAD-segment-with-RWX-permissions-wa.patch
%endif
2023-12-06 12:13:53 +00:00
Patch0019: 0019-ArmVirtPkg-add-runtime-option-to-enable-disable-Memo.patch
2023-06-01 05:26:54 +00:00
# python3-devel and libuuid-devel are required for building tools.
# python3-devel is also needed for varstore template generation and
# verification with "ovmf-vars-generator".
BuildRequires: python3-devel
BuildRequires: libuuid-devel
BuildRequires: /usr/bin/iasl
BuildRequires: binutils gcc git gcc-c++ make
2023-01-12 14:21:49 +00:00
BuildRequires: qemu-img
# openssl configure
BuildRequires: perl(FindBin)
BuildRequires: perl(IPC::Cmd)
BuildRequires: perl(File::Compare)
BuildRequires: perl(File::Copy)
BuildRequires: perl(JSON)
%if %{build_ovmf}
# Only OVMF includes 80x86 assembly files (*.nasm*).
BuildRequires: nasm
# Only OVMF includes the Secure Boot feature, for which we need to separate out
# the UEFI shell.
BuildRequires: dosfstools
BuildRequires: mtools
BuildRequires: xorriso
2013-05-02 12:46:06 +00:00
# For generating the variable store template with the default certificates
# enrolled.
2023-05-04 07:58:36 +00:00
BuildRequires: python3-virt-firmware >= 23.5
# endif build_ovmf
%endif
%if %{cross}
BuildRequires: gcc-aarch64-linux-gnu
BuildRequires: gcc-arm-linux-gnu
BuildRequires: gcc-x86_64-linux-gnu
2023-03-02 11:57:19 +00:00
BuildRequires: gcc-riscv64-linux-gnu
%endif
%package ovmf
Summary: UEFI firmware for x86_64 virtual machines
BuildArch: noarch
Provides: OVMF = %{version}-%{release}
Obsoletes: OVMF < 20180508-100.gitee3198e672e2.el7
# need libvirt version with qcow2 support
Conflicts: libvirt-daemon-driver-qemu < 9.7.0
# OVMF includes the Secure Boot and IPv6 features; it has a builtin OpenSSL
# library.
Provides: bundled(openssl) = %{OPENSSL_VER}
License: Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-4-Clause AND ISC AND LicenseRef-Fedora-Public-Domain
# URL taken from the Maintainers.txt file.
URL: http://www.tianocore.org/ovmf/
%description ovmf
OVMF (Open Virtual Machine Firmware) is a project to enable UEFI support for
Virtual Machines. This package contains a sample 64-bit UEFI firmware for QEMU
and KVM.
%package aarch64
Summary: UEFI firmware for aarch64 virtual machines
BuildArch: noarch
Provides: AAVMF = %{version}-%{release}
Obsoletes: AAVMF < 20180508-100.gitee3198e672e2.el7
# need libvirt version with qcow2 support
Conflicts: libvirt-daemon-driver-qemu < 9.7.0
# No Secure Boot for AAVMF yet, but we include OpenSSL for the IPv6 stack.
Provides: bundled(openssl) = %{OPENSSL_VER}
License: Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-4-Clause AND ISC AND LicenseRef-Fedora-Public-Domain
# URL taken from the Maintainers.txt file.
URL: https://github.com/tianocore/tianocore.github.io/wiki/ArmVirtPkg
%description aarch64
AAVMF (ARM Architecture Virtual Machine Firmware) is an EFI Development Kit II
platform that enables UEFI support for QEMU/KVM ARM Virtual Machines. This
package contains a 64-bit build.
2013-05-02 12:46:06 +00:00
%package tools
Summary: EFI Development Kit II Tools
License: BSD-2-Clause-Patent AND LicenseRef-Fedora-Public-Domain
URL: https://github.com/tianocore/tianocore.github.io/wiki/BaseTools
2013-05-02 12:46:06 +00:00
%description tools
This package provides tools that are needed to
build EFI executables and ROMs using the GNU tools.
%package tools-doc
Summary: Documentation for EFI Development Kit II Tools
BuildArch: noarch
License: BSD-2-Clause-Patent
URL: https://github.com/tianocore/tianocore.github.io/wiki/BaseTools
2013-05-02 12:46:06 +00:00
%description tools-doc
This package documents the tools that are needed to
build EFI executables and ROMs using the GNU tools.
%description
EDK II is a modern, feature-rich, cross-platform firmware development
environment for the UEFI and PI specifications. This package contains sample
64-bit UEFI firmware builds for QEMU and KVM.
%if %{defined fedora}
2017-03-15 21:56:49 +00:00
%package ovmf-ia32
Summary: Open Virtual Machine Firmware
License: Apache-2.0 AND BSD-2-Clause-Patent AND BSD-4-Clause AND ISC AND LicenseRef-Fedora-Public-Domain
Provides: bundled(openssl)
2017-03-15 21:56:49 +00:00
BuildArch: noarch
%description ovmf-ia32
EFI Development Kit II
Open Virtual Machine Firmware (ia32)
2023-02-17 10:40:37 +00:00
%package ovmf-xen
Summary: Open Virtual Machine Firmware, Xen build
License: Apache-2.0 AND BSD-2-Clause-Patent AND BSD-4-Clause AND ISC AND LicenseRef-Fedora-Public-Domain
2023-02-17 10:40:37 +00:00
Provides: bundled(openssl)
BuildArch: noarch
%description ovmf-xen
EFI Development Kit II
Open Virtual Machine Firmware (Xen build)
%package experimental
2022-11-17 13:20:21 +00:00
Summary: Open Virtual Machine Firmware, experimental builds
License: Apache-2.0 AND BSD-2-Clause-Patent AND BSD-4-Clause AND ISC AND LicenseRef-Fedora-Public-Domain
2022-11-17 13:20:21 +00:00
Provides: bundled(openssl)
Obsoletes: edk2-ovmf-experimental < 20230825
2022-11-17 13:20:21 +00:00
BuildArch: noarch
%description experimental
2022-11-17 13:20:21 +00:00
EFI Development Kit II
Open Virtual Machine Firmware (experimental builds)
2016-07-21 21:47:43 +00:00
%package arm
Summary: ARM Virtual Machine Firmware
BuildArch: noarch
License: Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND BSD-3-Clause AND BSD-4-Clause AND ISC AND LicenseRef-Fedora-Public-Domain
2016-07-21 21:47:43 +00:00
%description arm
EFI Development Kit II
ARMv7 UEFI Firmware
2023-03-02 11:57:19 +00:00
%package riscv64
Summary: RISC-V Virtual Machine Firmware
BuildArch: noarch
License: Apache-2.0 AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-Patent AND LicenseRef-Fedora-Public-Domain
# need libvirt version with qcow2 support
Conflicts: libvirt-daemon-driver-qemu < 9.7.0
2023-03-02 11:57:19 +00:00
%description riscv64
EFI Development Kit II
RISC-V UEFI Firmware
2023-01-25 10:32:23 +00:00
%package ext4
Summary: Ext4 filesystem driver
License: Apache-2.0 AND BSD-2-Clause-Patent
2023-01-25 10:32:23 +00:00
BuildArch: noarch
%description ext4
EFI Development Kit II
Ext4 filesystem driver
%package tools-python
Summary: EFI Development Kit II Tools
Requires: python3
BuildArch: noarch
%description tools-python
This package provides tools that are needed to build EFI executables
and ROMs using the GNU tools. You do not need to install this package;
you probably want to install edk2-tools only.
# endif fedora
%endif
2016-07-21 21:47:43 +00:00
2013-05-02 12:46:06 +00:00
%prep
# We needs some special git config options that %%autosetup won't give us.
# We init the git dir ourselves, then tell %%autosetup not to blow it away.
%setup -q -n edk2-%{GITCOMMIT}
git init -q
git config core.whitespace cr-at-eol
git config am.keepcr true
# -T is passed to %%setup to not re-extract the archive
# -D is passed to %%setup to not delete the existing archive dir
%autosetup -T -D -n edk2-%{GITCOMMIT} -S git_am
cp -a -- %{SOURCE1} .
tar -C CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
# extract softfloat into place
tar -xf %{SOURCE3} --strip-components=1 --directory ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3/
2023-01-25 10:32:23 +00:00
tar -xf %{SOURCE4} --strip-components=1 "*/Drivers" "*/Features" "*/Platform" "*/Silicon"
tar -xf %{SOURCE5} --strip-components=1 --directory RedfishPkg/Library/JsonLib/jansson
2023-05-24 07:27:31 +00:00
# include paths pointing to unused submodules
mkdir -p MdePkg/Library/MipiSysTLib/mipisyst/library/include
2023-11-17 11:19:49 +00:00
mkdir -p CryptoPkg/Library/MbedTlsLib/mbedtls/include
mkdir -p CryptoPkg/Library/MbedTlsLib/mbedtls/include/mbedtls
mkdir -p CryptoPkg/Library/MbedTlsLib/mbedtls/library
# Done by %setup, but we do not use it for the auxiliary tarballs
chmod -Rf a+rX,u+w,g-w,o-w .
cp -a -- \
2023-09-05 16:19:36 +00:00
%{SOURCE6} \
%{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} \
%{SOURCE20} \
%{SOURCE30} %{SOURCE31} %{SOURCE32} \
%{SOURCE40} %{SOURCE41} %{SOURCE42} %{SOURCE43} %{SOURCE44} \
%{SOURCE45} %{SOURCE46} %{SOURCE47} %{SOURCE48} \
2023-09-05 16:27:23 +00:00
%{SOURCE50} \
2023-01-25 10:32:23 +00:00
%{SOURCE80} %{SOURCE81} %{SOURCE82} %{SOURCE83} \
2023-03-02 13:34:20 +00:00
%{SOURCE90} %{SOURCE91} \
.
%build
build_iso() {
dir="$1"
UEFI_SHELL_BINARY=${dir}/Shell.efi
ENROLLER_BINARY=${dir}/EnrollDefaultKeys.efi
UEFI_SHELL_IMAGE=uefi_shell.img
ISO_IMAGE=${dir}/UefiShell.iso
UEFI_SHELL_BINARY_BNAME=$(basename -- "$UEFI_SHELL_BINARY")
UEFI_SHELL_SIZE=$(stat --format=%s -- "$UEFI_SHELL_BINARY")
ENROLLER_SIZE=$(stat --format=%s -- "$ENROLLER_BINARY")
# add 1MB then 10% for metadata
UEFI_SHELL_IMAGE_KB=$((
(UEFI_SHELL_SIZE + ENROLLER_SIZE + 1 * 1024 * 1024) * 11 / 10 / 1024
))
# create non-partitioned FAT image
rm -f -- "$UEFI_SHELL_IMAGE"
mkdosfs -C "$UEFI_SHELL_IMAGE" -n UEFI_SHELL -- "$UEFI_SHELL_IMAGE_KB"
# copy the shell binary into the FAT image
export MTOOLS_SKIP_CHECK=1
mmd -i "$UEFI_SHELL_IMAGE" ::efi
mmd -i "$UEFI_SHELL_IMAGE" ::efi/boot
mcopy -i "$UEFI_SHELL_IMAGE" "$UEFI_SHELL_BINARY" ::efi/boot/bootx64.efi
mcopy -i "$UEFI_SHELL_IMAGE" "$ENROLLER_BINARY" ::
mdir -i "$UEFI_SHELL_IMAGE" -/ ::
# build ISO with FAT image file as El Torito EFI boot image
mkisofs -input-charset ASCII -J -rational-rock \
-e "$UEFI_SHELL_IMAGE" -no-emul-boot \
-o "$ISO_IMAGE" "$UEFI_SHELL_IMAGE"
}
export EXTRA_OPTFLAGS="%{optflags}"
export EXTRA_LDFLAGS="%{__global_ldflags}"
2023-01-13 05:23:00 +00:00
export RELEASE_DATE="$(echo %{GITDATE} | sed -e 's|\(....\)\(..\)\(..\)|\2/\3/\1|')"
2022-05-31 06:57:40 +00:00
touch OvmfPkg/AmdSev/Grub/grub.efi # dummy
python3 CryptoPkg/Library/OpensslLib/configure.py
2022-05-31 06:57:40 +00:00
%if %{build_ovmf}
%if %{defined rhel}
./edk2-build.py --config edk2-build.rhel-9 %{?silent} --release-date "$RELEASE_DATE" -m ovmf
2022-12-02 11:39:42 +00:00
virt-fw-vars --input RHEL-9/ovmf/OVMF_VARS.fd \
--output RHEL-9/ovmf/OVMF_VARS.secboot.fd \
2023-03-15 11:11:22 +00:00
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot
2023-11-27 10:05:52 +00:00
virt-fw-vars --input RHEL-9/ovmf/OVMF.inteltdx.fd \
--output RHEL-9/ovmf/OVMF.inteltdx.secboot.fd \
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot
2022-11-17 13:06:42 +00:00
build_iso RHEL-9/ovmf
cp DBXUpdate-%{DBXDATE}.x64.bin RHEL-9/ovmf
%else
./edk2-build.py --config edk2-build.fedora %{?silent} --release-date "$RELEASE_DATE" -m ovmf
./edk2-build.py --config edk2-build.fedora.platforms %{?silent} -m x64
2022-12-02 11:39:42 +00:00
virt-fw-vars --input Fedora/ovmf/OVMF_VARS.fd \
--output Fedora/ovmf/OVMF_VARS.secboot.fd \
2023-03-15 11:11:22 +00:00
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot
virt-fw-vars --input Fedora/ovmf/OVMF_VARS_4M.fd \
--output Fedora/ovmf/OVMF_VARS_4M.secboot.fd \
2023-03-15 11:11:22 +00:00
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot
2023-11-27 10:05:52 +00:00
virt-fw-vars --input Fedora/ovmf/OVMF.inteltdx.fd \
--output Fedora/ovmf/OVMF.inteltdx.secboot.fd \
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot
2022-12-02 11:39:42 +00:00
virt-fw-vars --input Fedora/ovmf-ia32/OVMF_VARS.fd \
--output Fedora/ovmf-ia32/OVMF_VARS.secboot.fd \
2023-03-15 11:11:22 +00:00
--set-dbx DBXUpdate-%{DBXDATE}.ia32.bin \
--enroll-redhat --secure-boot
2022-11-17 13:06:42 +00:00
build_iso Fedora/ovmf
build_iso Fedora/ovmf-ia32
cp DBXUpdate-%{DBXDATE}.x64.bin Fedora/ovmf
cp DBXUpdate-%{DBXDATE}.ia32.bin Fedora/ovmf-ia32
for raw in */ovmf/*_4M*.fd; do
2023-05-03 11:05:55 +00:00
qcow2="${raw%.fd}.qcow2"
qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "$raw" "$qcow2"
2023-05-04 07:31:28 +00:00
rm -f "$raw"
2023-05-03 11:05:55 +00:00
done
2022-11-17 13:20:21 +00:00
# experimental stateless builds
2022-12-02 11:39:42 +00:00
virt-fw-vars --input Fedora/experimental/OVMF.stateless.fd \
--output Fedora/experimental/OVMF.stateless.secboot.fd \
2023-03-15 11:11:22 +00:00
--set-dbx DBXUpdate-%{DBXDATE}.x64.bin \
--enroll-redhat --secure-boot \
--set-fallback-no-reboot
2022-11-17 13:20:21 +00:00
2023-03-02 14:06:15 +00:00
for image in \
Fedora/ovmf/OVMF_CODE.secboot.fd \
Fedora/ovmf/OVMF_CODE_4M.secboot.qcow2 \
2023-03-02 14:06:15 +00:00
Fedora/experimental/OVMF.stateless.secboot.fd \
; do
pcr="${image}"
pcr="${pcr%.fd}"
pcr="${pcr%.qcow2}"
pcr="${pcr}.pcr"
2023-03-02 14:06:15 +00:00
python3 /usr/share/doc/python3-virt-firmware/experimental/measure.py \
--image "$image" \
--version "%{name}-%{version}-%{release}" \
--no-shim \
> "$pcr"
done
%endif
%endif
2017-03-15 21:56:49 +00:00
%if %{build_aarch64}
%if %{defined rhel}
./edk2-build.py --config edk2-build.rhel-9 %{?silent} --release-date "$RELEASE_DATE" -m armvirt
%else
./edk2-build.py --config edk2-build.fedora %{?silent} --release-date "$RELEASE_DATE" -m armvirt
./edk2-build.py --config edk2-build.fedora.platforms %{?silent} -m aa64
virt-fw-vars --input Fedora/aarch64/vars-template-pflash.raw \
--output Fedora/experimental/vars-template-secboot-testonly-pflash.raw \
--enroll-redhat --secure-boot --distro-keys rhel
%endif
2023-01-12 14:21:49 +00:00
for raw in */aarch64/*.raw; do
qcow2="${raw%.raw}.qcow2"
qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "$raw" "$qcow2"
done
%endif
2023-03-02 11:57:19 +00:00
%if %{build_riscv64}
./edk2-build.py --config edk2-build.fedora %{?silent} --release-date "$RELEASE_DATE" -m riscv
./edk2-build.py --config edk2-build.fedora.platforms %{?silent} -m riscv
2023-09-05 11:41:15 +00:00
for raw in */riscv/*.raw; do
qcow2="${raw%.raw}.qcow2"
qemu-img convert -f raw -O qcow2 -o cluster_size=4096 -S 4096 "$raw" "$qcow2"
rm -f "$raw"
done
2023-03-02 11:57:19 +00:00
%endif
2013-05-02 12:46:06 +00:00
%install
cp -a OvmfPkg/License.txt License.OvmfPkg.txt
cp -a CryptoPkg/Library/OpensslLib/openssl/LICENSE.txt LICENSE.openssl
mkdir -p %{buildroot}%{_datadir}/qemu/firmware
# install the tools
mkdir -p %{buildroot}%{_bindir} \
%{buildroot}%{_datadir}/%{name}/Conf \
%{buildroot}%{_datadir}/%{name}/Scripts
install BaseTools/Source/C/bin/* \
%{buildroot}%{_bindir}
install BaseTools/BinWrappers/PosixLike/LzmaF86Compress \
%{buildroot}%{_bindir}
install BaseTools/BuildEnv \
2014-06-24 07:50:13 +00:00
%{buildroot}%{_datadir}/%{name}
install BaseTools/Conf/*.template \
%{buildroot}%{_datadir}/%{name}/Conf
install BaseTools/Scripts/GccBase.lds \
%{buildroot}%{_datadir}/%{name}/Scripts
# install firmware images
mkdir -p %{buildroot}%{_datadir}/%{name}
%if %{defined rhel}
cp -av RHEL-9/* %{buildroot}%{_datadir}/%{name}
%else
cp -av Fedora/* %{buildroot}%{_datadir}/%{name}
%endif
2013-05-02 12:46:06 +00:00
%if %{build_ovmf}
2022-09-20 07:22:56 +00:00
# compat symlinks
mkdir -p %{buildroot}%{_datadir}/OVMF
ln -s ../%{name}/ovmf/OVMF_CODE.fd %{buildroot}%{_datadir}/OVMF/
ln -s ../%{name}/ovmf/OVMF_CODE.secboot.fd %{buildroot}%{_datadir}/OVMF/
ln -s ../%{name}/ovmf/OVMF_VARS.fd %{buildroot}%{_datadir}/OVMF/
ln -s ../%{name}/ovmf/OVMF_VARS.secboot.fd %{buildroot}%{_datadir}/OVMF/
ln -s ../%{name}/ovmf/UefiShell.iso %{buildroot}%{_datadir}/OVMF/
ln -s OVMF_CODE.fd %{buildroot}%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd
# json description files
mkdir -p %{buildroot}%{_datadir}/qemu/firmware
install -m 0644 \
30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json \
31-edk2-ovmf-2m-raw-x64-sb-enrolled.json \
40-edk2-ovmf-4m-qcow2-x64-sb.json \
41-edk2-ovmf-2m-raw-x64-sb.json \
50-edk2-ovmf-4m-qcow2-x64-nosb.json \
51-edk2-ovmf-2m-raw-x64-nosb.json \
60-edk2-ovmf-x64-amdsev.json \
60-edk2-ovmf-x64-inteltdx.json \
%{buildroot}%{_datadir}/qemu/firmware
%if %{defined fedora}
install -m 0644 \
50-edk2-ovmf-x64-microvm.json \
30-edk2-ovmf-ia32-sb-enrolled.json \
40-edk2-ovmf-ia32-sb.json \
50-edk2-ovmf-ia32-nosb.json \
%{buildroot}%{_datadir}/qemu/firmware
%endif
# endif build_ovmf
%endif
%if %{build_aarch64}
# compat symlinks
mkdir -p %{buildroot}%{_datadir}/AAVMF
ln -s ../%{name}/aarch64/QEMU_EFI-pflash.raw \
%{buildroot}%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd
ln -s ../%{name}/aarch64/QEMU_EFI-silent-pflash.raw \
%{buildroot}%{_datadir}/AAVMF/AAVMF_CODE.fd
ln -s ../%{name}/aarch64/vars-template-pflash.raw \
%{buildroot}%{_datadir}/AAVMF/AAVMF_VARS.fd
%if %{defined fedora}
ln -s ../%{name}/arm/QEMU_EFI-pflash.raw \
%{buildroot}%{_datadir}/AAVMF/AAVMF32_CODE.fd
%endif
# json description files
install -m 0644 \
50-edk2-aarch64-qcow2.json \
51-edk2-aarch64-raw.json \
52-edk2-aarch64-verbose-qcow2.json \
53-edk2-aarch64-verbose-raw.json \
%{buildroot}%{_datadir}/qemu/firmware
%if %{defined fedora}
install -m 0644 \
50-edk2-arm-verbose.json \
%{buildroot}%{_datadir}/qemu/firmware
%endif
# endif build_aarch64
%endif
2023-09-05 16:27:23 +00:00
%if %{build_riscv64}
install -m 0644 \
50-edk2-riscv-qcow2.json \
%{buildroot}%{_datadir}/qemu/firmware
# endif build_riscv64
%endif
%if %{defined fedora}
# edk2-tools-python install
cp -R BaseTools/Source/Python %{buildroot}%{_datadir}/%{name}/Python
for i in build BPDG Ecc GenDepex GenFds GenPatchPcdTable PatchPcdValue TargetTool Trim UPT; do
echo '#!/bin/sh
export PYTHONPATH=%{_datadir}/%{name}/Python
exec python3 '%{_datadir}/%{name}/Python/$i/$i.py' "$@"' > %{buildroot}%{_bindir}/$i
chmod +x %{buildroot}%{_bindir}/$i
done
%if 0%{?py_byte_compile:1}
# https://docs.fedoraproject.org/en-US/packaging-guidelines/Python_Appendix/#manual-bytecompilation
%py_byte_compile %{python3} %{buildroot}%{_datadir}/edk2/Python
%endif
%endif
%check
2023-03-02 14:06:15 +00:00
for file in %{buildroot}%{_datadir}/%{name}/*/*VARS.secboot.fd; do
test -f "$file" || continue
virt-fw-vars --input $file --print | grep "SecureBootEnable.*ON" || exit 1
done
%global common_files \
%%license License.txt License.OvmfPkg.txt License-History.txt LICENSE.openssl \
%%dir %%{_datadir}/%%{name}/ \
%%dir %%{_datadir}/qemu \
%%dir %%{_datadir}/qemu/firmware
%if %{build_ovmf}
%files ovmf
%common_files
%doc OvmfPkg/README
%doc ovmf-whitepaper-c770f8c.txt
%dir %{_datadir}/OVMF/
%{_datadir}/OVMF/OVMF_CODE.fd
%{_datadir}/OVMF/OVMF_CODE.secboot.fd
%{_datadir}/OVMF/OVMF_VARS.fd
%{_datadir}/OVMF/OVMF_VARS.secboot.fd
%{_datadir}/OVMF/UefiShell.iso
%dir %{_datadir}/%{name}/ovmf/
%{_datadir}/%{name}/ovmf/OVMF_CODE.fd
%{_datadir}/%{name}/ovmf/OVMF_CODE.cc.fd
%{_datadir}/%{name}/ovmf/OVMF_CODE.secboot.fd
%{_datadir}/%{name}/ovmf/OVMF_VARS.fd
%{_datadir}/%{name}/ovmf/OVMF_VARS.secboot.fd
2022-05-31 06:57:40 +00:00
%{_datadir}/%{name}/ovmf/OVMF.amdsev.fd
%{_datadir}/%{name}/ovmf/OVMF.inteltdx.fd
2023-11-27 10:05:52 +00:00
%{_datadir}/%{name}/ovmf/OVMF.inteltdx.secboot.fd
%{_datadir}/%{name}/ovmf/UefiShell.iso
%{_datadir}/%{name}/ovmf/Shell.efi
%{_datadir}/%{name}/ovmf/EnrollDefaultKeys.efi
%{_datadir}/%{name}/ovmf/DBXUpdate*.bin
%{_datadir}/qemu/firmware/30-edk2-ovmf-4m-qcow2-x64-sb-enrolled.json
%{_datadir}/qemu/firmware/31-edk2-ovmf-2m-raw-x64-sb-enrolled.json
%{_datadir}/qemu/firmware/40-edk2-ovmf-4m-qcow2-x64-sb.json
%{_datadir}/qemu/firmware/41-edk2-ovmf-2m-raw-x64-sb.json
%{_datadir}/qemu/firmware/50-edk2-ovmf-4m-qcow2-x64-nosb.json
%{_datadir}/qemu/firmware/51-edk2-ovmf-2m-raw-x64-nosb.json
%{_datadir}/qemu/firmware/60-edk2-ovmf-x64-amdsev.json
%{_datadir}/qemu/firmware/60-edk2-ovmf-x64-inteltdx.json
%if %{defined fedora}
%{_datadir}/%{name}/ovmf/MICROVM.fd
%{_datadir}/qemu/firmware/50-edk2-ovmf-x64-microvm.json
%{_datadir}/%{name}/ovmf/OVMF_CODE_4M.qcow2
%{_datadir}/%{name}/ovmf/OVMF_CODE_4M.secboot.qcow2
%{_datadir}/%{name}/ovmf/OVMF_VARS_4M.qcow2
%{_datadir}/%{name}/ovmf/OVMF_VARS_4M.secboot.qcow2
2023-03-02 14:06:15 +00:00
%{_datadir}/%{name}/ovmf/*.pcr
2022-09-20 07:22:56 +00:00
%endif
# endif build_ovmf
%endif
%if %{build_aarch64}
%files aarch64
%common_files
%dir %{_datadir}/AAVMF/
%{_datadir}/AAVMF/AAVMF_CODE.verbose.fd
%{_datadir}/AAVMF/AAVMF_CODE.fd
%{_datadir}/AAVMF/AAVMF_VARS.fd
%dir %{_datadir}/%{name}/aarch64/
2023-01-12 14:21:49 +00:00
%{_datadir}/%{name}/aarch64/QEMU_EFI-pflash.*
%{_datadir}/%{name}/aarch64/QEMU_EFI-silent-pflash.*
%{_datadir}/%{name}/aarch64/vars-template-pflash.*
%{_datadir}/%{name}/aarch64/QEMU_EFI.fd
%{_datadir}/%{name}/aarch64/QEMU_EFI.silent.fd
%{_datadir}/%{name}/aarch64/QEMU_VARS.fd
2023-03-28 09:04:29 +00:00
%if %{defined fedora}
%{_datadir}/%{name}/aarch64/BL32_AP_MM.fd
2023-03-28 12:11:34 +00:00
%{_datadir}/%{name}/aarch64/QEMU_EFI.kernel.fd
2023-03-28 09:04:29 +00:00
%endif
%{_datadir}/qemu/firmware/50-edk2-aarch64-qcow2.json
%{_datadir}/qemu/firmware/51-edk2-aarch64-raw.json
%{_datadir}/qemu/firmware/52-edk2-aarch64-verbose-qcow2.json
%{_datadir}/qemu/firmware/53-edk2-aarch64-verbose-raw.json
# endif build_aarch64
%endif
2013-05-02 12:46:06 +00:00
%files tools
%license License.txt
%license License-History.txt
2018-05-29 21:06:35 +00:00
%{_bindir}/DevicePath
2013-05-02 12:46:06 +00:00
%{_bindir}/EfiRom
%{_bindir}/GenCrc32
%{_bindir}/GenFfs
%{_bindir}/GenFv
%{_bindir}/GenFw
%{_bindir}/GenSec
%{_bindir}/LzmaCompress
%{_bindir}/LzmaF86Compress
%{_bindir}/TianoCompress
2013-05-02 12:46:06 +00:00
%{_bindir}/VfrCompile
%{_bindir}/VolInfo
%dir %{_datadir}/%{name}
2014-06-24 07:50:13 +00:00
%{_datadir}/%{name}/BuildEnv
%{_datadir}/%{name}/Conf
%{_datadir}/%{name}/Scripts
2013-05-02 12:46:06 +00:00
%files tools-doc
%doc BaseTools/UserManuals/*.rtf
%if %{defined fedora}
%if %{build_ovmf}
%files ovmf-ia32
%common_files
%dir %{_datadir}/%{name}/ovmf-ia32
%{_datadir}/%{name}/ovmf-ia32/EnrollDefaultKeys.efi
%{_datadir}/%{name}/ovmf-ia32/OVMF_CODE.fd
%{_datadir}/%{name}/ovmf-ia32/OVMF_CODE.secboot.fd
%{_datadir}/%{name}/ovmf-ia32/OVMF_VARS.fd
%{_datadir}/%{name}/ovmf-ia32/OVMF_VARS.secboot.fd
%{_datadir}/%{name}/ovmf-ia32/Shell.efi
%{_datadir}/%{name}/ovmf-ia32/UefiShell.iso
%{_datadir}/%{name}/ovmf-ia32/DBXUpdate*.bin
%{_datadir}/qemu/firmware/30-edk2-ovmf-ia32-sb-enrolled.json
%{_datadir}/qemu/firmware/40-edk2-ovmf-ia32-sb.json
%{_datadir}/qemu/firmware/50-edk2-ovmf-ia32-nosb.json
2022-11-17 13:20:21 +00:00
%files experimental
2022-11-17 13:20:21 +00:00
%common_files
2023-09-05 16:19:36 +00:00
%doc README.experimental
2022-11-17 13:20:21 +00:00
%dir %{_datadir}/%{name}/experimental
%{_datadir}/%{name}/experimental/*.fd
2023-01-06 12:38:52 +00:00
%{_datadir}/%{name}/experimental/*.raw
2023-03-02 14:06:15 +00:00
%{_datadir}/%{name}/experimental/*.pcr
2023-02-17 10:40:37 +00:00
%files ovmf-xen
%common_files
%dir %{_datadir}/%{name}/xen
%{_datadir}/%{name}/xen/*.fd
%endif
%files arm
%common_files
%dir %{_datadir}/AAVMF/
%{_datadir}/AAVMF/AAVMF32_CODE.fd
%dir %{_datadir}/%{name}/arm
%{_datadir}/%{name}/arm/QEMU_EFI-pflash.raw
%{_datadir}/%{name}/arm/QEMU_EFI.fd
%{_datadir}/%{name}/arm/QEMU_VARS.fd
%{_datadir}/%{name}/arm/vars-template-pflash.raw
%{_datadir}/qemu/firmware/50-edk2-arm-verbose.json
2023-03-02 11:57:19 +00:00
%files riscv64
%common_files
%{_datadir}/%{name}/riscv/*.fd
2023-09-05 11:41:15 +00:00
%{_datadir}/%{name}/riscv/*.qcow2
2023-09-05 16:27:23 +00:00
%{_datadir}/qemu/firmware/50-edk2-riscv-qcow2.json
2023-03-02 11:57:19 +00:00
2023-01-25 10:32:23 +00:00
%files ext4
%common_files
%dir %{_datadir}/%{name}/drivers
%{_datadir}/%{name}/drivers/ext4*.efi
2013-05-02 12:46:06 +00:00
%files tools-python
%{_bindir}/build
2013-05-02 12:46:06 +00:00
%{_bindir}/BPDG
%{_bindir}/Ecc
2013-05-02 12:46:06 +00:00
%{_bindir}/GenDepex
%{_bindir}/GenFds
%{_bindir}/GenPatchPcdTable
%{_bindir}/PatchPcdValue
%{_bindir}/TargetTool
%{_bindir}/Trim
%{_bindir}/UPT
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/Python
2013-05-02 12:46:06 +00:00
# endif fedora
%endif
2016-07-21 21:47:43 +00:00
2013-05-02 12:46:06 +00:00
%changelog
%autochangelog