Commit Graph

192 Commits

Author SHA1 Message Date
Cole Robinson
b9bff0b089 Re-enable secureboot enrollment
Follow Laszlo's suggestions from:
https://bugzilla.redhat.com/show_bug.cgi?id=1701710#c12
2019-07-15 13:15:28 -04:00
Cole Robinson
eb71155bd5 spec: License is now BSD-2-Clause-Patent
https://bugzilla.redhat.com/show_bug.cgi?id=1701710#c12
2019-07-15 11:37:24 -04:00
Cole Robinson
167eadb8ba Give all json file categories a unique matchable prefix
So we can easily use wildcards to catch them for subpackage file lists

...and a bunch of other small cleanups to get things fully working
2019-07-12 15:20:23 -04:00
Cole Robinson
429a2758cc Copy VARS from plain ovmf/ to ovmf-ia32/
Apparently that works fine, but let's use explicit dirs
2019-07-12 14:08:23 -04:00
Kashyap Chamarthy
674b3c8a27 Ship the JSON firmware "descriptor files"
From version 4.1 (due in August 2019) onwards, QEMU ships the so-called
firmware "descriptor files".  These are small JSON files that describe
details about UEFI firmware binaries — such as the fimware binary path,
its architecture, supported machine type, NVRAM template and so forth.

You can see examples of these files from the QEMU upstream Git:
https://git.qemu.org/?p=qemu.git;a=tree;f=pc-bios/descriptors

    $> tree descriptors/
    descriptors/
    ├── 50-edk2-i386-secure.json
    ├── 50-edk2-x86_64-secure.json
    ├── 60-edk2-aarch64.json
    ├── 60-edk2-arm.json
    ├── 60-edk2-i386.json
    └── 60-edk2-x86_64.json

QEMU 4.1 itself will ship the above files.  However, Fedora needs to
ship these file as part of its EDK2 package.

Why?
----

(1) Quoting (with minor formatting edits) Laszlo Ersek:

      Distributions providing their own EDK2 packages would not include
      the descriptors from upstream QEMU, even if they otherwise package
      QEMU.  That's beause the descriptor files in QEMU match the
      firmware bundled with QEMU -- but the firmware images in the
      distros' own EDK2 packages are different.  So, if a distro
      provides an EDK2 package, then the same EDK2 package should offer
      matching descriptors.  QEMU offers descriptors (soon) because QEMU
      technically distributes edk2 firmware binaries (soon).  [Where
      "soon" == QEMU 4.1]

(2) And as Dan Berrangé reminded on IRC:

      In Fedora, we need to ship them [the "descriptor files"] as part
      of the EDK2 package, because Fedora throws away all the firmware
      files that QEMU bundles, because we're [Fedora] required to
      rebuild everything from pristine source.

                    - - -

In this patch:

(*) Use the firmware descriptor files provided by Laszlo (thanks!) in
    this comment here:
    https://bugzilla.redhat.com/show_bug.cgi?id=1728652#c2 ("RFE: Ship
    the JSON firmware "descriptor files" as part of EDK2").

    On the double-digit priority prefixes, refer to the rationale here:
    https://src.fedoraproject.org/rpms/edk2/pull-request/3#comment-27523

(*) Install the JSON files for the relevant architectures in
    `/usr/share/qemu/firmware`, as required by specification[+].  And
    make each EDK2 own this directory; multiple RPMs owning the same
    directory is no problem.

[+] https://git.qemu.org/?p=qemu.git;a=blob;f=docs/interop/firmware.json

Resolves: rhbz#1728652

Signed-off-by: Kashyap Chamarthy <kchamart@redhat.com>
2019-07-12 13:40:09 -04:00
Cole Robinson
1b8f6277e4 spec: Ship VARS file for ovmf-ia32 (bug 1688596) 2019-07-12 13:39:28 -04:00
Cole Robinson
43c2e03bab spec: Add comment about skip_enroll 2019-07-12 12:52:11 -04:00
Cole Robinson
7407978c03 Update to edkstable201905
* Temporarily disable secureboot enrollment, it's hanging
* Update to openssl 1.1.1b
* Add bundled softfloat
2019-07-12 12:39:20 -04:00
Cole Robinson
e9ffba62f9 Fix changelog 2019-03-18 11:03:41 -04:00
Cole Robinson
cb95e514ad Use version 20190308stable, to fix package upgrade path 2019-03-18 11:01:35 -04:00
Cole Robinson
b846ca0e27 Update to stable-201903
Update to openssl-1.1.0j
Move to python3 deps
2019-03-15 15:50:22 -04:00
Fedora Release Engineering
bffed9bfae - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-01-31 18:22:54 +00:00
Igor Gnatenko
2f11edb7c8 Remove obsolete Group tag
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:24:00 +01:00
Cole Robinson
625a40b277 Merge #2 Add -qosb dependency on python3 2018-11-15 18:26:39 +00:00
Cole Robinson
7e5715af86 Only use py_byte_compile on f29+
Fixes virt-preview copr builds
2018-11-15 08:39:59 -05:00
Patrick Uiterwijk
a2a5397767 Add -qosb dependency on python3
Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2018-11-14 17:10:37 +01:00
Paolo Bonzini
84f43e5ff6 fix buildrequires for py-byte-compile 2018-11-09 22:05:41 +01:00
Paolo Bonzini
ec71addf69 Fix network boot via grub (bz 1648476) 2018-11-09 21:13:58 +01:00
Paolo Bonzini
3aa0957f99 Explicitly compile the scripts using py_byte_compile 2018-09-12 15:50:36 +02:00
Cole Robinson
f2ed1ffdc0 Bump release 2018-08-31 13:22:10 -04:00
Cole Robinson
285b943a5f Fix passing through RPM build flags (bz 1540244) 2018-08-31 13:10:10 -04:00
Cole Robinson
2941706e8b Remove mail formatting from patches 2018-08-31 13:06:06 -04:00
Cole Robinson
3c653134d5 Fix 0099 patch
And enable TPM2
2018-08-22 19:04:30 -04:00
Cole Robinson
9fc821a3d0 Update to edk2 git cb5f4f45ce
- Remove upstreamed patches
- Update to qemu qemu-ovmf-secureboot-1.1.3
2018-08-22 16:37:23 -04:00
Paolo Bonzini
83f3ca8d0b Fixes for AMD SEV on OVMF_CODE.fd; add Provides for bundled OpenSSL 2018-07-23 12:55:18 +02:00
Paolo Bonzini
720bc3e5a3 Enable IPv6 2018-07-18 17:35:24 +02:00
Fedora Release Engineering
20639a2a72 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-07-12 23:41:16 +00:00
Paolo Bonzini
9fbea3b0dd Backport two bug fixes from RHEL
Connect again virtio-rng devices, and connect consoles unconditionally
in OVMF (ARM firmware already did it).
2018-06-20 10:35:44 +02:00
Paolo Bonzini
7ae6f1596c update to upstream commit ee3198e672e2 2018-05-30 00:31:55 +02:00
Cole Robinson
b7103cb49a Bump release for new build 2018-05-01 13:58:41 -04:00
Cole Robinson
48f745a9ce Add qemu-ovmf-secureboot sources, tweak qemu dep 2018-04-30 11:45:47 -04:00
Patrick Uiterwijk
0792202285 Add qosb to generate pre-enrolled Secure Boot VARS files
Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
Reviewed-by: Laszlo Ersek <lersek@redhat.com>
2018-04-30 11:03:39 -04:00
Peter Robinson
d173a3b48a add gcc/gcc-c++ build deps 2018-03-30 14:04:15 +01:00
Paolo Bonzini
8af31ea2ba bump release 2018-03-08 13:44:13 +01:00
Paolo Bonzini
6ea72cd31f Fix GCC 8 compilation, replace obsolete tools as build-time dependencies 2018-03-08 13:42:34 +01:00
Fedora Release Engineering
d3e5a8dc6e - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2018-02-07 08:12:29 +00:00
Paolo Bonzini
91c79aab4c add openssl patches from Fedora, enable TLS mode
Since edk2 does not compile the apps/ subdirectory, the only other patches
that might apply are openssl-1.1.0-no-md5-verify.patch (but edk2 does not have
secure_getenv) and of course FIPS 140-2 mode.
2018-01-19 10:16:19 +01:00
Paolo Bonzini
2e34e081c6 Add patches 19-24 and fedora conditionals 2017-11-17 10:15:09 +01:00
Paolo Bonzini
750d890cac add missing files 2017-11-14 18:16:25 +01:00
Paolo Bonzini
3485002d46 Import source and patches from RHEL version, update OpenSSL to 1.1.0e 2017-11-14 17:51:34 +01:00
Paolo Bonzini
ede8d7f7db update-tarball.sh: allow passing hardcoded date and hash 2017-11-14 17:51:06 +01:00
Paolo Bonzini
498742e649 add OVMF_VARS.fd 2017-11-14 17:50:25 +01:00
Paolo Bonzini
568a37b4b7 Allow non-cross builds, install /usr/share/OVMF and /usr/share/AAVMF
Libvirt's default uses /usr/share/OVMF and /usr/share/AAVMF instead
of /usr/share/edk2/ovmf and /usr/share/edk2/aarch64.  Install symbolic
links that match.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2017-11-14 11:54:33 +01:00
Fedora Release Engineering
c356e99b22 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild 2017-08-02 19:57:57 +00:00
Fedora Release Engineering
3f09d522ea - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild 2017-07-26 07:12:50 +00:00
Cole Robinson
410bf18174 Force 2MB rom size
Suggested by Laszlo, upstream will be changing the default to 4MB, so
this is a preventative measure to ensure the rom size doesn't change
on the next rebase. Right now it's a no-op though
2017-05-09 13:04:52 -04:00
Cole Robinson
ad70d15d1c Ship ovmf-ia32 package (bz 1424722) 2017-03-15 18:36:24 -04:00
Cole Robinson
ed852eca75 Update EnrollDefaultKeys patch (bz #1398743) 2017-02-16 14:15:14 -05:00
Cole Robinson
b9b16bb3b3 sources: Drop unused old archive 2017-02-16 14:06:14 -05:00
Paolo Bonzini
d7ad69217c Update to git master 20170209git296153c5
New patch 0010 fixes failure to build from source.
2017-02-13 13:52:16 +01:00