import CS sbsigntools-0.9.5-10.el10

.gitignore

@@ -0,0 +1 @@
+sbsigntools-0.9.5.tar.xz

sbsigntools-gnuefi.patch

@@ -0,0 +1,65 @@
+--- a/configure.ac
++++ b/configure.ac
+@@ -68,18 +68,29 @@ PKG_CHECK_MODULES(uuid, uuid,
+ 
+ dnl gnu-efi headers require extra include dirs
+ EFI_ARCH=$(uname -m | sed 's/i.86/ia32/;s/arm.*/arm/')
+-AM_CONDITIONAL(TEST_BINARY_FORMAT, [ test "$EFI_ARCH" = "arm" -o "$EFI_ARCH" = "aarch64" -o "$EFI_ARCH" = riscv64 ])
++AM_CONDITIONAL(TEST_BINARY_FORMAT, [ test "$EFI_ARCH" = "arm" -o "$EFI_ARCH" = riscv64 ])
+ 
+ ##
+ # no consistent view of where gnu-efi should dump the efi stuff, so find it
+ ##
+-for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi ; do
+-    if test -e $path/crt0-efi-$EFI_ARCH.o; then
++AC_MSG_CHECKING([gnu-efi crt path])
++for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi /usr/lib/gnuefi/$EFI_ARCH ; do
++    if test -e $path/crt0.o; then
+        CRTPATH=$path
++       CRT=crt0.o
++       LDS=efi.lds
++       EFI_PATH=$path
++    elif test -e $path/crt0-efi-$EFI_ARCH.o; then
++       CRTPATH=$path
++       CRT=crt0-efi-${EFI_ARCH}.o
++       LDS=elf_${EFI_ARCH}_efi.lds
++       EFI_PATH=$path
+     fi
+ done
+ if test -z "$CRTPATH"; then
+    AC_MSG_ERROR([cannot find the gnu-efi crt path])
++else
++   AC_MSG_RESULT($CRTPATH)
+ fi
+ 
+ EFI_CPPFLAGS="-I/usr/include/efi -I/usr/include/efi/$EFI_ARCH \
+@@ -91,6 +102,9 @@ CPPFLAGS="$CPPFLAGS_save"
+ AC_SUBST(EFI_CPPFLAGS, $EFI_CPPFLAGS)
+ AC_SUBST(EFI_ARCH, $EFI_ARCH)
+ AC_SUBST(CRTPATH, $CRTPATH)
++AC_SUBST(CRT, $CRT)
++AC_SUBST(LDS, $LDS)
++AC_SUBST(EFI_PATH, $EFI_PATH)
+ 
+ AC_CONFIG_FILES([Makefile src/Makefile lib/ccan/Makefile]
+ 		[docs/Makefile tests/Makefile])
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -18,7 +18,7 @@ if TEST_BINARY_FORMAT
+ EFILDFLAGS = --defsym=EFI_SUBSYSTEM=0x0a
+ FORMAT = -O binary
+ else
+-FORMAT = --target=efi-app-$(EFI_ARCH)
++FORMAT = --target=efi-app-$(EFI_ARCH:x64=x86_64)
+ endif
+ check_DATA = $(test_key) $(test_cert)
+ check_SCRIPTS = test-wrapper.sh
+@@ -31,7 +31,7 @@ check_SCRIPTS = test-wrapper.sh
+ 		$(FORMAT) $^ $@
+ 
+ .$(OBJEXT).elf:
+-	$(LD) $(EFILDFLAGS) -nostdlib -L /usr/lib -L /usr/lib64 -L $(CRTPATH) -shared -Bsymbolic $(CRTPATH)/crt0-efi-$(EFI_ARCH).o -T elf_$(EFI_ARCH)_efi.lds $< -o $@ -lefi -lgnuefi
++	$(LD) $(EFILDFLAGS) -nostdlib -L /usr/lib -L /usr/lib64 -L $(CRTPATH) -shared -Bsymbolic $(CRTPATH)/$(CRT) -T $(LDS) $< -o $@ $(EFI_PATH)/libefi.a $(EFI_PATH)/libgnuefi.a
+ 
+ AM_CFLAGS=-fpic -I/usr/include/efi -I/usr/include/efi/$(EFI_ARCH)
+ 

sbsigntools-mktarball.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+
+set -e
+
+tmp=$(mktemp -d)
+
+#trap cleanup EXIT
+#cleanup() {
+#    set +e
+#    [ -z "$tmp" -o ! -d "$tmp" ] || rm -rf "$tmp"
+#}
+
+unset CDPATH
+pwd=$(pwd)
+version=0.9.5
+commit=9cfca9fe7aa7a8e29b92fe33ce8433e212c9a8ba
+
+pushd "$tmp"
+git clone git://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git
+cd sbsigntools
+git checkout ${commit}
+ccan_modules="talloc read_write_all build_assert array_size endian"
+git submodule init
+git submodule update
+lib/ccan.git/tools/create-ccan-tree --build-type=automake lib/ccan $ccan_modules
+rm -r lib/ccan.git
+(
+	echo "Authors of sbsigntool:"
+	echo
+	git log --format='%an' | sort -u | sed 's,^,\t,'
+) > AUTHORS
+git log --date=short --format='%ad %t %an <%ae>%n%n  * %s%n' > ChangeLog
+cd ..
+mv sbsigntools sbsigntools-${version}
+tar cJf "$pwd"/sbsigntools-${version}.tar.xz --exclude=.git sbsigntools-${version}
+popd

sbsigntools-no-git.patch

@@ -0,0 +1,35 @@
+diff -up sbsigntools-0.8/autogen.sh.nogit sbsigntools-0.8/autogen.sh
+--- sbsigntools-0.8/autogen.sh.nogit	2017-09-04 18:22:49.244640635 +0200
++++ sbsigntools-0.8/autogen.sh	2017-09-04 18:31:49.136838666 +0200
+@@ -1,31 +1,5 @@
+ #!/bin/bash
+ 
+-ccan_modules="talloc read_write_all build_assert array_size endian"
+-
+-# Add ccan upstream sources
+-if [ ! -e lib/ccan.git/Makefile ]
+-then
+-	git submodule init
+-	git submodule update
+-fi
+-
+-# create ccan build tree
+-if [ ! -e lib/ccan ]
+-then
+-	lib/ccan.git/tools/create-ccan-tree \
+-		--build-type=automake lib/ccan $ccan_modules
+-fi
+-
+-# Create generatable docs from git
+-(
+-	echo "Authors of sbsigntool:"
+-	echo
+-	git log --format='%an' | sort -u | sed 's,^,\t,'
+-) > AUTHORS
+-
+-# Generate simple ChangeLog
+-git log --date=short --format='%ad %t %an <%ae>%n%n  * %s%n' > ChangeLog
+-
+ # automagic
+ aclocal
+ autoheader

sbsigntools-no-openssl-engines.patch

@@ -0,0 +1,230 @@
+From 4b6f88a0ad6f1069f3597087058dce028bf67433 Mon Sep 17 00:00:00 2001
+From: Carl George <carlwgeorge@gmail.com>
+Date: Wed, 9 Apr 2025 22:51:12 -0500
+Subject: [PATCH] Revert "sbsign, sbvarsign: support engine based private keys"
+
+This reverts commit efc424c8eea2c398e4371320b4d7266898675ac8.
+---
+ src/fileio.c    | 50 -------------------------------------------------
+ src/fileio.h    |  1 -
+ src/sbsign.c    | 16 +++-------------
+ src/sbvarsign.c | 15 +++------------
+ 4 files changed, 6 insertions(+), 76 deletions(-)
+
+diff --git a/src/fileio.c b/src/fileio.c
+index 032eb1e..faab3b7 100644
+--- a/src/fileio.c
++++ b/src/fileio.c
+@@ -39,7 +39,6 @@
+ #include <openssl/bio.h>
+ #include <openssl/pem.h>
+ #include <openssl/err.h>
+-#include <openssl/engine.h>
+ 
+ #include <ccan/talloc/talloc.h>
+ #include <ccan/read_write_all/read_write_all.h>
+@@ -48,55 +47,6 @@
+ 
+ #define FLAG_NOERROR	(1<<0)
+ 
+-static int ui_read(UI *ui, UI_STRING *uis)
+-{
+-	char password[128];
+-
+-	if (UI_get_string_type(uis) != UIT_PROMPT)
+-		return 0;
+-
+-	EVP_read_pw_string(password, sizeof(password), "Enter engine key pass phrase:", 0);
+-	UI_set_result(ui, uis, password);
+-	return 1;
+-}
+-
+-EVP_PKEY *fileio_read_engine_key(const char *engine, const char *filename)
+-{
+-	UI_METHOD *ui;
+-	ENGINE *e;
+-	EVP_PKEY *pkey = NULL;
+-
+-	ENGINE_load_builtin_engines();
+-	e = ENGINE_by_id(engine);
+-
+-	if (!e) {
+-		fprintf(stderr, "Failed to load engine: %s\n", engine);
+-		ERR_print_errors_fp(stderr);
+-		return NULL;
+-	}
+-
+-	ui = UI_create_method("sbsigntools");
+-	if (!ui) {
+-		fprintf(stderr, "Failed to create UI method\n");
+-		ERR_print_errors_fp(stderr);
+-		goto out_free;
+-	}
+-	UI_method_set_reader(ui, ui_read);
+-
+-	if (!ENGINE_init(e)) {
+-		fprintf(stderr, "Failed to initialize engine %s\n", engine);
+-		ERR_print_errors_fp(stderr);
+-		goto out_free;
+-	}
+-
+-	pkey = ENGINE_load_private_key(e, filename, ui, NULL);
+-	ENGINE_finish(e);
+-
+- out_free:
+-	ENGINE_free(e);
+-	return pkey;
+-}
+-
+ EVP_PKEY *fileio_read_pkey(const char *filename)
+ {
+ 	EVP_PKEY *key = NULL;
+diff --git a/src/fileio.h b/src/fileio.h
+index b3ed22c..52c3c12 100644
+--- a/src/fileio.h
++++ b/src/fileio.h
+@@ -38,7 +38,6 @@
+ #include <openssl/x509.h>
+ 
+ EVP_PKEY *fileio_read_pkey(const char *filename);
+-EVP_PKEY *fileio_read_engine_key(const char *engine, const char *filename);
+ X509 *fileio_read_cert(const char *filename);
+ 
+ int fileio_read_file(void *ctx, const char *filename,
+diff --git a/src/sbsign.c b/src/sbsign.c
+index 898fe66..3bb42c2 100644
+--- a/src/sbsign.c
++++ b/src/sbsign.c
+@@ -76,7 +76,6 @@ static struct option options[] = {
+ 	{ "verbose", no_argument, NULL, 'v' },
+ 	{ "help", no_argument, NULL, 'h' },
+ 	{ "version", no_argument, NULL, 'V' },
+-	{ "engine", required_argument, NULL, 'e'},
+ 	{ "addcert", required_argument, NULL, 'a'},
+ 	{ NULL, 0, NULL, 0 },
+ };
+@@ -87,7 +86,6 @@ static void usage(void)
+ 			"<efi-boot-image>\n"
+ 		"Sign an EFI boot image for use with secure boot.\n\n"
+ 		"Options:\n"
+-		"\t--engine <eng>     use the specified engine to load the key\n"
+ 		"\t--key <keyfile>    signing key (PEM-encoded RSA "
+ 						"private key)\n"
+ 		"\t--cert <certfile>  certificate (x509 certificate)\n"
+@@ -152,22 +150,20 @@ static int add_intermediate_certs(PKCS7 *p7, const char *filename)
+ 
+ int main(int argc, char **argv)
+ {
+-	const char *keyfilename, *certfilename, *addcertfilename, *engine;
++	const char *keyfilename, *certfilename, *addcertfilename;
+ 	struct sign_context *ctx;
+ 	uint8_t *buf, *tmp;
+ 	int rc, c, sigsize;
+-	EVP_PKEY *pkey;
+ 
+ 	ctx = talloc_zero(NULL, struct sign_context);
+ 
+ 	keyfilename = NULL;
+ 	certfilename = NULL;
+ 	addcertfilename = NULL;
+-	engine = NULL;
+ 
+ 	for (;;) {
+ 		int idx;
+-		c = getopt_long(argc, argv, "o:c:k:dvVhe:a:", options, &idx);
++		c = getopt_long(argc, argv, "o:c:k:dvVha:", options, &idx);
+ 		if (c == -1)
+ 			break;
+ 
+@@ -193,9 +189,6 @@ int main(int argc, char **argv)
+ 		case 'h':
+ 			usage();
+ 			return EXIT_SUCCESS;
+-		case 'e':
+-			engine = optarg;
+-			break;
+ 		case 'a':
+ 			addcertfilename = optarg;
+ 			break;
+@@ -244,10 +237,7 @@ int main(int argc, char **argv)
+ 	 * module isn't present).  In either case ignore the errors
+ 	 * (malloc will cause other failures out lower down */
+ 	ERR_clear_error();
+-	if (engine)
+-		pkey = fileio_read_engine_key(engine, keyfilename);
+-	else
+-		pkey = fileio_read_pkey(keyfilename);
++	EVP_PKEY *pkey = fileio_read_pkey(keyfilename);
+ 	if (!pkey)
+ 		return EXIT_FAILURE;
+ 
+diff --git a/src/sbvarsign.c b/src/sbvarsign.c
+index 58031ec..db43054 100644
+--- a/src/sbvarsign.c
++++ b/src/sbvarsign.c
+@@ -397,7 +397,6 @@ static struct option options[] = {
+ 	{ "verbose", no_argument, NULL, 'v' },
+ 	{ "help", no_argument, NULL, 'h' },
+ 	{ "version", no_argument, NULL, 'V' },
+-	{ "engine", required_argument, NULL, 'e'},
+ 	{ NULL, 0, NULL, 0 },
+ };
+ 
+@@ -409,7 +408,6 @@ void usage(void)
+ 			"<var-name> <var-data-file>\n"
+ 		"Sign a blob of data for use in SetVariable().\n\n"
+ 		"Options:\n"
+-		"\t--engine <eng>     use the specified engine to load the key\n"
+ 		"\t--key <keyfile>    signing key (PEM-encoded RSA "
+ 						"private key)\n"
+ 		"\t--cert <certfile>  certificate (x509 certificate)\n"
+@@ -438,7 +436,7 @@ static void version(void)
+ 
+ int main(int argc, char **argv)
+ {
+-	const char *guid_str, *attr_str, *varname, *engine;
++	const char *guid_str, *attr_str, *varname;
+ 	const char *keyfilename, *certfilename;
+ 	struct varsign_context *ctx;
+ 	bool include_attrs;
+@@ -448,14 +446,13 @@ int main(int argc, char **argv)
+ 
+ 	keyfilename = NULL;
+ 	certfilename = NULL;
+-	engine = NULL;
+ 	guid_str = NULL;
+ 	attr_str= NULL;
+ 	include_attrs = false;
+ 
+ 	for (;;) {
+ 		int idx;
+-		c = getopt_long(argc, argv, "o:g:a:k:c:ivVhe:", options, &idx);
++		c = getopt_long(argc, argv, "o:g:a:k:c:ivVh", options, &idx);
+ 		if (c == -1)
+ 			break;
+ 
+@@ -487,9 +484,6 @@ int main(int argc, char **argv)
+ 		case 'h':
+ 			usage();
+ 			return EXIT_SUCCESS;
+-		case 'e':
+-			engine = optarg;
+-			break;
+ 		}
+ 	}
+ 
+@@ -551,10 +545,7 @@ int main(int argc, char **argv)
+ 	if (fileio_read_file(ctx, ctx->infilename, &ctx->data, &ctx->data_len))
+ 		return EXIT_FAILURE;
+ 
+-	if (engine)
+-		ctx->key = fileio_read_engine_key(engine, keyfilename);
+-	else
+-		ctx->key = fileio_read_pkey(keyfilename);
++	ctx->key = fileio_read_pkey(keyfilename);
+ 	if (!ctx->key)
+ 		return EXIT_FAILURE;
+ 
+-- 
+2.49.0
+

sbsigntools-no-wchar_t.patch

@@ -0,0 +1,34 @@
+diff -up sbsigntools-0.9.5/src/sbvarsign.c.orig sbsigntools-0.9.5/src/sbvarsign.c
+--- sbsigntools-0.9.5/src/sbvarsign.c.orig	2023-05-05 12:56:50.000000000 +0200
++++ sbsigntools-0.9.5/src/sbvarsign.c	2024-11-18 23:53:08.764976485 +0100
+@@ -67,7 +67,7 @@ struct varsign_context {
+ 	uint8_t				*data;
+ 	size_t				data_len;
+ 
+-	CHAR16				*var_name;
++	uint16_t			*var_name;
+ 	int				var_name_bytes;
+ 	EFI_GUID			var_guid;
+ 	uint32_t			var_attrs;
+@@ -163,18 +163,18 @@ static uint32_t parse_attrs(const char *
+ 
+ static int set_varname(struct varsign_context *ctx, const char *str)
+ {
+-	CHAR16 *wstr;
++	uint16_t *wstr;
+ 	int i, len;
+ 
+ 	len = strlen(str);
+ 
+-	wstr = talloc_array(ctx, CHAR16, len);
++	wstr = talloc_array(ctx, uint16_t, len);
+ 
+ 	for (i = 0; i < len; i++)
+ 		wstr[i] = str[i];
+ 
+ 	ctx->var_name = wstr;
+-	ctx->var_name_bytes = len * sizeof(CHAR16);
++	ctx->var_name_bytes = len * sizeof(uint16_t);
+ 
+ 	return 0;
+ }

sbsigntools.spec

@@ -0,0 +1,218 @@
+%bcond_without check
+%define _warning_options -Wall -Werror=format-security -Wno-deprecated-declarations -Wno-maybe-uninitialized
+
+Name:          sbsigntools
+Version:       0.9.5
+Release:       10%{?dist}
+Summary:       Signing utility for UEFI secure boot
+# Most source code is GPL-3.0-or-later, except:
+# LicenseRef-Fedora-Public-Domain:
+#   lib/ccan/ccan/array_size
+#   lib/ccan/ccan/build_assert
+#   lib/ccan/ccan/check_type
+#   lib/ccan/ccan/compiler
+#   lib/ccan/ccan/container_of
+#   lib/ccan/ccan/hash
+#   lib/ccan/ccan/str
+#   lib/ccan/ccan/tcon
+# LGPL-2.1-or-later:
+#   lib/ccan/ccan/endian
+#   lib/ccan/ccan/htable
+#   lib/ccan/ccan/list
+#   lib/ccan/ccan/read_write_all
+#   lib/ccan/ccan/talloc
+#   lib/ccan/ccan/typesafe_cb
+# LGPL-3.0-only:
+#   lib/ccan/ccan/failtest
+#   lib/ccan/ccan/tlist
+# MIT:
+#   lib/ccan/ccan/time
+License:       GPL-3.0-or-later AND LicenseRef-Fedora-Public-Domain AND LGPL-2.1-or-later AND LGPL-3.0-only AND MIT
+URL:           https://build.opensuse.org/package/show/home:jejb1:UEFI/sbsigntools
+# upstream tarballs don't include bundled ccan
+# run sbsigntools-mktarball.sh
+Source0:       %{name}-%{version}.tar.xz
+Source1:       %{name}-mktarball.sh
+# don't fetch ccan or run git from autogen.sh, already done by mktarball.sh
+Patch0:        %{name}-no-git.patch
+# add Fedora gnu-efi path and link statically against libefi.a/libgnuefi.a
+Patch1:        %{name}-gnuefi.patch
+# fix wchar_t (a.k.a. CHAR16) abuse
+Patch2:        %{name}-no-wchar_t.patch
+# revert addition of openssl engine support
+Patch3:        %{name}-no-openssl-engines.patch
+# same as gnu-efi
+ExclusiveArch: %{efi}
+BuildRequires: make
+BuildRequires: automake
+BuildRequires: binutils-devel
+BuildRequires: gcc
+BuildRequires: gnu-efi-devel >= 1:3.0.18-1
+BuildRequires: help2man
+BuildRequires: libuuid-devel
+%if %{with check}
+BuildRequires: openssl
+%endif
+BuildRequires: openssl-devel
+%if 0%{?fedora} >= 41
+# https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine
+BuildRequires: openssl-devel-engine
+%endif
+Provides: bundled(ccan-array_size)
+Provides: bundled(ccan-build_assert)
+Provides: bundled(ccan-check_type)
+Provides: bundled(ccan-compiler)
+Provides: bundled(ccan-container_of)
+Provides: bundled(ccan-endian)
+Provides: bundled(ccan-failtest)
+Provides: bundled(ccan-hash)
+Provides: bundled(ccan-htable)
+Provides: bundled(ccan-list)
+Provides: bundled(ccan-read_write_all)
+Provides: bundled(ccan-str)
+Provides: bundled(ccan-talloc)
+Provides: bundled(ccan-tcon)
+Provides: bundled(ccan-time)
+Provides: bundled(ccan-tlist)
+Provides: bundled(ccan-typesafe_cb)
+
+%description
+Tools to add signatures to EFI binaries and Drivers.
+
+%prep
+%setup -q
+%patch -p 1 -P 0
+%patch -p 1 -P 1
+%patch -p 1 -P 2
+%if %{defined el10}
+# EL10 disables openssl engines
+%patch -p 1 -P 3
+%endif
+
+%build
+./autogen.sh
+%configure
+%make_build
+
+%install
+%make_install
+
+%if %{with check}
+%check
+make check
+%endif
+
+%files
+%license COPYING LICENSE.GPLv3 lib/ccan/licenses/*
+%doc AUTHORS ChangeLog
+%{_bindir}/sbattach
+%{_bindir}/sbkeysync
+%{_bindir}/sbsiglist
+%{_bindir}/sbsign
+%{_bindir}/sbvarsign
+%{_bindir}/sbverify
+%{_mandir}/man1/sbattach.1.*
+%{_mandir}/man1/sbkeysync.1.*
+%{_mandir}/man1/sbsiglist.1.*
+%{_mandir}/man1/sbsign.1.*
+%{_mandir}/man1/sbvarsign.1.*
+%{_mandir}/man1/sbverify.1.*
+
+%changelog
+* Thu Apr 10 2025 Carl George <carlwgeorge@fedoraproject.org> - 0.9.5-10
+- Remove openssl engine support on EL10
+
+* Wed Apr 09 2025 Carl George <carlwgeorge@fedoraproject.org> - 0.9.5-9
+- Add missing SPDX identifiers to license field
+
+* Sun Jan 19 2025 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
+
+* Mon Nov 18 2024 Dominik Mierzejewski <dominik@greysector.net> - 0.9.5-7
+- fix wchar_t usage in sbvarsign (fixes rhbz#2310759)
+
+* Wed Aug 21 2024 Michel Lind <salimma@fedoraproject.org> - 0.9.5-6
+- Fix building with gnu-efi 3.0.18
+- Fix building on Fedora 41+ due to OpenSSL engine deprecation
+- Fix building on aarch64, need to use non-TEST_BINARY_FORMAT codepath like x86_64
+- FIxes: RHBZ#2301267
+
+* Thu Jul 25 2024 Miroslav Suchý <msuchy@redhat.com> - 0.9.5-5
+- convert license to SPDX
+
+* Sat Jul 20 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild
+
+* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri May 05 2023 Dominik Mierzejewski <dominik@greysector.net> - 0.9.5-1
+- update to 0.9.5 (#2179697)
+- drop obsolete patches
+
+* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.4-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Tue Jan 17 2023 Dominik Mierzejewski <dominik@greysector.net> - 0.9.4-10
+- fix build with GCC 13
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.4-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.4-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Nov 19 2021 Dominik Mierzejewski <dominik@greysector.net> - 0.9.4-7
+- fix build with OpenSSL 3.0.0 (fixes rhbz#2021909)
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.9.4-6
+- Rebuilt with OpenSSL 3.0.0
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.4-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Mon May 17 2021 Dominik Mierzejewski <dominik@greysector.net> - 0.9.4-4
+- don't ignore errors from sbkeysync (fixes rhbz#1955828)
+
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Fri Jul 03 2020 Dominik Mierzejewski <dominik@greysector.net> - 0.9.4-1
+- update to 0.9.4 (#1846578)
+
+* Mon Feb 03 2020 Dominik Mierzejewski <dominik@greysector.net> - 0.9.3-1
+- update to 0.9.3
+- update bundled CCAN components list
+- support building with gnu-efi 3.0.11
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.2-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Feb 28 2019 Dominik Mierzejewski <dominik@greysector.net> - 0.9.2-1
+- update to 0.9.2
+
+* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.1-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Wed Jul 25 2018 Dominik Mierzejewski <dominik@greysector.net> - 0.9.1-3
+- fix paths to gnu-efi (work around #1608293)
+
+* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Thu Feb 22 2018 Dominik Mierzejewski <dominik@greysector.net> - 0.9.1-1
+- update to 0.9.1
+- add Fedora gnu-efi libs location to search path
+- link tests statically against gnu-efi libs, there are no shared versions
+
+* Mon Sep  4 2017 Dominik Mierzejewski <dominik@greysector.net> - 0.8-1
+- initial build

sources

@@ -0,0 +1 @@
+SHA512 (sbsigntools-0.9.5.tar.xz) = dbe52b709724eaaa0d5859ca0088190ee417e721a626681ea84cae3f04a7484e5caf64eb469094d3e373724c1f530cc75fa8ac63eaa91f803db2fda2f46c594f