From aaaac0bfbcf1f6efb6eeb91559f370a2ea355408 Mon Sep 17 00:00:00 2001 From: Richard Hughes Date: Mon, 3 Jun 2024 10:52:58 +0100 Subject: [PATCH] Rebase to latest upstream version Resolves: #RHEL-39728 --- .gitignore | 2 ++ fwupd-efi.spec | 36 +++++++++++++++++------------------- gating.yaml | 6 ++++++ redhatsecureboot301.cer | 0 redhatsecureboot503.cer | 0 redhatsecurebootca3.cer | 0 redhatsecurebootca5.cer | 0 sources | 2 +- 8 files changed, 26 insertions(+), 20 deletions(-) create mode 100644 gating.yaml create mode 100644 redhatsecureboot301.cer create mode 100644 redhatsecureboot503.cer create mode 100644 redhatsecurebootca3.cer create mode 100644 redhatsecurebootca5.cer diff --git a/.gitignore b/.gitignore index c7344f6..45e2acb 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,5 @@ /fwupd-efi-1.2.tar.xz /fwupd-efi-1.3.tar.xz /fwupd-efi-1.4.tar.xz +/fwupd-efi-1.5.tar.xz +/fwupd-efi-1.6.tar.xz diff --git a/fwupd-efi.spec b/fwupd-efi.spec index d7bb7b1..bff1a6a 100644 --- a/fwupd-efi.spec +++ b/fwupd-efi.spec @@ -2,19 +2,24 @@ Summary: Firmware update EFI binaries Name: fwupd-efi -Version: 1.4 +Version: 1.6 Release: %autorelease License: LGPL-2.1-or-later URL: https://github.com/fwupd/fwupd-efi -Source0: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz +Source0: https://github.com/fwupd/fwupd-efi/releases/download/%{version}/%{name}-%{version}.tar.xz + +Source300: redhatsecurebootca3.cer +Source301: redhatsecureboot301.cer +Source500: redhatsecurebootca5.cer +Source503: redhatsecureboot503.cer # these are the only architectures supporting UEFI UpdateCapsule ExclusiveArch: x86_64 aarch64 BuildRequires: gcc BuildRequires: meson -BuildRequires: gnu-efi-devel -BuildRequires: pesign +BuildRequires: gnu-efi-devel >= 3.0.18 +BuildRequires: pesign >= 113-20 BuildRequires: python3-pefile %description @@ -23,23 +28,10 @@ the EFI binary that is used for updating using UpdateCapsule. %prep %autosetup -p1 -# gnu-efi linker scripts (lds) are missing SBAT, included scripts are used -# instead but the build system expects the name to match -%ifarch x86_64 -%global efiarch x64 -%endif -%ifarch aarch64 -%global efiarch aa64 -%endif -ln -s elf_%{_arch}_efi.lds efi/lds/efi.lds -%ifarch aarch64 -ln -s crt0-efi-%{_arch}.S efi/crt0/crt0-efi-%{efiarch}.S -%endif %build %meson \ - -Defi-libdir=%{_prefix}/lib \ -Defi_sbat_distro_id="fedora" \ -Defi_sbat_distro_summary="The Fedora Project" \ -Defi_sbat_distro_pkgname="%{name}" \ @@ -52,10 +44,16 @@ ln -s crt0-efi-%{_arch}.S efi/crt0/crt0-efi-%{efiarch}.S %meson_install # sign fwupd.efi loader +%ifarch x86_64 +%global efiarch x64 +%endif +%ifarch aarch64 +%global efiarch aa64 +%endif %global fwup_efi_fn $RPM_BUILD_ROOT%{_libexecdir}/fwupd/efi/fwupd%{efiarch}.efi -%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp +%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp -a %{SOURCE300} -c %{SOURCE301} -n redhatsecureboot301 %define __pesign_client_cert fwupd-signer -%pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed +%pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed -a %{SOURCE500} -c %{SOURCE503} -n redhatsecureboot503 rm -vf %{fwup_efi_fn}.tmp %files diff --git a/gating.yaml b/gating.yaml new file mode 100644 index 0000000..c0b63dd --- /dev/null +++ b/gating.yaml @@ -0,0 +1,6 @@ +--- !Policy +product_versions: + - rhel-10 +decision_context: osci_compose_gate +rules: + - !PassingTestCaseRule {test_case_name: kernel-qe.kernel-ci.hardware-fwupd.tier0.functional} diff --git a/redhatsecureboot301.cer b/redhatsecureboot301.cer new file mode 100644 index 0000000..e69de29 diff --git a/redhatsecureboot503.cer b/redhatsecureboot503.cer new file mode 100644 index 0000000..e69de29 diff --git a/redhatsecurebootca3.cer b/redhatsecurebootca3.cer new file mode 100644 index 0000000..e69de29 diff --git a/redhatsecurebootca5.cer b/redhatsecurebootca5.cer new file mode 100644 index 0000000..e69de29 diff --git a/sources b/sources index e92430f..18730b1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (fwupd-efi-1.4.tar.xz) = c330409861a8c1e332a0d4fd49c54ef2c5bf7cdaca99d14de39b50fb35f0c490e9f7f7a4c9dd48181bd509cd358c43eb23659536aea93408c1fefb47629e4991 +SHA512 (fwupd-efi-1.6.tar.xz) = 37d3c1348bdead620e626a3e602dc6cd774c47d24ca18a3bf6aee071300d658bc4d37e6ec74fcd20f9b345141d69ea3343d44b9408af4759ad65ef10b72ead69