From 320f280d337d90df052d4381f9e1a60c49d231ee Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Fri, 18 Jul 2025 16:32:26 +0000 Subject: [PATCH] import CS sbsigntools-0.9.5-10.el10 --- .gitignore | 1 + sbsigntools-gnuefi.patch | 65 ++++++++ sbsigntools-mktarball.sh | 36 +++++ sbsigntools-no-git.patch | 35 ++++ sbsigntools-no-openssl-engines.patch | 230 +++++++++++++++++++++++++++ sbsigntools-no-wchar_t.patch | 34 ++++ sbsigntools.spec | 218 +++++++++++++++++++++++++ sources | 1 + 8 files changed, 620 insertions(+) create mode 100644 .gitignore create mode 100644 sbsigntools-gnuefi.patch create mode 100755 sbsigntools-mktarball.sh create mode 100644 sbsigntools-no-git.patch create mode 100644 sbsigntools-no-openssl-engines.patch create mode 100644 sbsigntools-no-wchar_t.patch create mode 100644 sbsigntools.spec create mode 100644 sources diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..2f36511 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +sbsigntools-0.9.5.tar.xz diff --git a/sbsigntools-gnuefi.patch b/sbsigntools-gnuefi.patch new file mode 100644 index 0000000..349fe46 --- /dev/null +++ b/sbsigntools-gnuefi.patch @@ -0,0 +1,65 @@ +--- a/configure.ac ++++ b/configure.ac +@@ -68,18 +68,29 @@ PKG_CHECK_MODULES(uuid, uuid, + + dnl gnu-efi headers require extra include dirs + EFI_ARCH=$(uname -m | sed 's/i.86/ia32/;s/arm.*/arm/') +-AM_CONDITIONAL(TEST_BINARY_FORMAT, [ test "$EFI_ARCH" = "arm" -o "$EFI_ARCH" = "aarch64" -o "$EFI_ARCH" = riscv64 ]) ++AM_CONDITIONAL(TEST_BINARY_FORMAT, [ test "$EFI_ARCH" = "arm" -o "$EFI_ARCH" = riscv64 ]) + + ## + # no consistent view of where gnu-efi should dump the efi stuff, so find it + ## +-for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi ; do +- if test -e $path/crt0-efi-$EFI_ARCH.o; then ++AC_MSG_CHECKING([gnu-efi crt path]) ++for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi /usr/lib/gnuefi/$EFI_ARCH ; do ++ if test -e $path/crt0.o; then + CRTPATH=$path ++ CRT=crt0.o ++ LDS=efi.lds ++ EFI_PATH=$path ++ elif test -e $path/crt0-efi-$EFI_ARCH.o; then ++ CRTPATH=$path ++ CRT=crt0-efi-${EFI_ARCH}.o ++ LDS=elf_${EFI_ARCH}_efi.lds ++ EFI_PATH=$path + fi + done + if test -z "$CRTPATH"; then + AC_MSG_ERROR([cannot find the gnu-efi crt path]) ++else ++ AC_MSG_RESULT($CRTPATH) + fi + + EFI_CPPFLAGS="-I/usr/include/efi -I/usr/include/efi/$EFI_ARCH \ +@@ -91,6 +102,9 @@ CPPFLAGS="$CPPFLAGS_save" + AC_SUBST(EFI_CPPFLAGS, $EFI_CPPFLAGS) + AC_SUBST(EFI_ARCH, $EFI_ARCH) + AC_SUBST(CRTPATH, $CRTPATH) ++AC_SUBST(CRT, $CRT) ++AC_SUBST(LDS, $LDS) ++AC_SUBST(EFI_PATH, $EFI_PATH) + + AC_CONFIG_FILES([Makefile src/Makefile lib/ccan/Makefile] + [docs/Makefile tests/Makefile]) +--- a/tests/Makefile.am ++++ b/tests/Makefile.am +@@ -18,7 +18,7 @@ if TEST_BINARY_FORMAT + EFILDFLAGS = --defsym=EFI_SUBSYSTEM=0x0a + FORMAT = -O binary + else +-FORMAT = --target=efi-app-$(EFI_ARCH) ++FORMAT = --target=efi-app-$(EFI_ARCH:x64=x86_64) + endif + check_DATA = $(test_key) $(test_cert) + check_SCRIPTS = test-wrapper.sh +@@ -31,7 +31,7 @@ check_SCRIPTS = test-wrapper.sh + $(FORMAT) $^ $@ + + .$(OBJEXT).elf: +- $(LD) $(EFILDFLAGS) -nostdlib -L /usr/lib -L /usr/lib64 -L $(CRTPATH) -shared -Bsymbolic $(CRTPATH)/crt0-efi-$(EFI_ARCH).o -T elf_$(EFI_ARCH)_efi.lds $< -o $@ -lefi -lgnuefi ++ $(LD) $(EFILDFLAGS) -nostdlib -L /usr/lib -L /usr/lib64 -L $(CRTPATH) -shared -Bsymbolic $(CRTPATH)/$(CRT) -T $(LDS) $< -o $@ $(EFI_PATH)/libefi.a $(EFI_PATH)/libgnuefi.a + + AM_CFLAGS=-fpic -I/usr/include/efi -I/usr/include/efi/$(EFI_ARCH) + diff --git a/sbsigntools-mktarball.sh b/sbsigntools-mktarball.sh new file mode 100755 index 0000000..b6e6f0f --- /dev/null +++ b/sbsigntools-mktarball.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +set -e + +tmp=$(mktemp -d) + +#trap cleanup EXIT +#cleanup() { +# set +e +# [ -z "$tmp" -o ! -d "$tmp" ] || rm -rf "$tmp" +#} + +unset CDPATH +pwd=$(pwd) +version=0.9.5 +commit=9cfca9fe7aa7a8e29b92fe33ce8433e212c9a8ba + +pushd "$tmp" +git clone git://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git +cd sbsigntools +git checkout ${commit} +ccan_modules="talloc read_write_all build_assert array_size endian" +git submodule init +git submodule update +lib/ccan.git/tools/create-ccan-tree --build-type=automake lib/ccan $ccan_modules +rm -r lib/ccan.git +( + echo "Authors of sbsigntool:" + echo + git log --format='%an' | sort -u | sed 's,^,\t,' +) > AUTHORS +git log --date=short --format='%ad %t %an <%ae>%n%n * %s%n' > ChangeLog +cd .. +mv sbsigntools sbsigntools-${version} +tar cJf "$pwd"/sbsigntools-${version}.tar.xz --exclude=.git sbsigntools-${version} +popd diff --git a/sbsigntools-no-git.patch b/sbsigntools-no-git.patch new file mode 100644 index 0000000..ec83377 --- /dev/null +++ b/sbsigntools-no-git.patch @@ -0,0 +1,35 @@ +diff -up sbsigntools-0.8/autogen.sh.nogit sbsigntools-0.8/autogen.sh +--- sbsigntools-0.8/autogen.sh.nogit 2017-09-04 18:22:49.244640635 +0200 ++++ sbsigntools-0.8/autogen.sh 2017-09-04 18:31:49.136838666 +0200 +@@ -1,31 +1,5 @@ + #!/bin/bash + +-ccan_modules="talloc read_write_all build_assert array_size endian" +- +-# Add ccan upstream sources +-if [ ! -e lib/ccan.git/Makefile ] +-then +- git submodule init +- git submodule update +-fi +- +-# create ccan build tree +-if [ ! -e lib/ccan ] +-then +- lib/ccan.git/tools/create-ccan-tree \ +- --build-type=automake lib/ccan $ccan_modules +-fi +- +-# Create generatable docs from git +-( +- echo "Authors of sbsigntool:" +- echo +- git log --format='%an' | sort -u | sed 's,^,\t,' +-) > AUTHORS +- +-# Generate simple ChangeLog +-git log --date=short --format='%ad %t %an <%ae>%n%n * %s%n' > ChangeLog +- + # automagic + aclocal + autoheader diff --git a/sbsigntools-no-openssl-engines.patch b/sbsigntools-no-openssl-engines.patch new file mode 100644 index 0000000..a0477d3 --- /dev/null +++ b/sbsigntools-no-openssl-engines.patch @@ -0,0 +1,230 @@ +From 4b6f88a0ad6f1069f3597087058dce028bf67433 Mon Sep 17 00:00:00 2001 +From: Carl George +Date: Wed, 9 Apr 2025 22:51:12 -0500 +Subject: [PATCH] Revert "sbsign, sbvarsign: support engine based private keys" + +This reverts commit efc424c8eea2c398e4371320b4d7266898675ac8. +--- + src/fileio.c | 50 ------------------------------------------------- + src/fileio.h | 1 - + src/sbsign.c | 16 +++------------- + src/sbvarsign.c | 15 +++------------ + 4 files changed, 6 insertions(+), 76 deletions(-) + +diff --git a/src/fileio.c b/src/fileio.c +index 032eb1e..faab3b7 100644 +--- a/src/fileio.c ++++ b/src/fileio.c +@@ -39,7 +39,6 @@ + #include + #include + #include +-#include + + #include + #include +@@ -48,55 +47,6 @@ + + #define FLAG_NOERROR (1<<0) + +-static int ui_read(UI *ui, UI_STRING *uis) +-{ +- char password[128]; +- +- if (UI_get_string_type(uis) != UIT_PROMPT) +- return 0; +- +- EVP_read_pw_string(password, sizeof(password), "Enter engine key pass phrase:", 0); +- UI_set_result(ui, uis, password); +- return 1; +-} +- +-EVP_PKEY *fileio_read_engine_key(const char *engine, const char *filename) +-{ +- UI_METHOD *ui; +- ENGINE *e; +- EVP_PKEY *pkey = NULL; +- +- ENGINE_load_builtin_engines(); +- e = ENGINE_by_id(engine); +- +- if (!e) { +- fprintf(stderr, "Failed to load engine: %s\n", engine); +- ERR_print_errors_fp(stderr); +- return NULL; +- } +- +- ui = UI_create_method("sbsigntools"); +- if (!ui) { +- fprintf(stderr, "Failed to create UI method\n"); +- ERR_print_errors_fp(stderr); +- goto out_free; +- } +- UI_method_set_reader(ui, ui_read); +- +- if (!ENGINE_init(e)) { +- fprintf(stderr, "Failed to initialize engine %s\n", engine); +- ERR_print_errors_fp(stderr); +- goto out_free; +- } +- +- pkey = ENGINE_load_private_key(e, filename, ui, NULL); +- ENGINE_finish(e); +- +- out_free: +- ENGINE_free(e); +- return pkey; +-} +- + EVP_PKEY *fileio_read_pkey(const char *filename) + { + EVP_PKEY *key = NULL; +diff --git a/src/fileio.h b/src/fileio.h +index b3ed22c..52c3c12 100644 +--- a/src/fileio.h ++++ b/src/fileio.h +@@ -38,7 +38,6 @@ + #include + + EVP_PKEY *fileio_read_pkey(const char *filename); +-EVP_PKEY *fileio_read_engine_key(const char *engine, const char *filename); + X509 *fileio_read_cert(const char *filename); + + int fileio_read_file(void *ctx, const char *filename, +diff --git a/src/sbsign.c b/src/sbsign.c +index 898fe66..3bb42c2 100644 +--- a/src/sbsign.c ++++ b/src/sbsign.c +@@ -76,7 +76,6 @@ static struct option options[] = { + { "verbose", no_argument, NULL, 'v' }, + { "help", no_argument, NULL, 'h' }, + { "version", no_argument, NULL, 'V' }, +- { "engine", required_argument, NULL, 'e'}, + { "addcert", required_argument, NULL, 'a'}, + { NULL, 0, NULL, 0 }, + }; +@@ -87,7 +86,6 @@ static void usage(void) + "\n" + "Sign an EFI boot image for use with secure boot.\n\n" + "Options:\n" +- "\t--engine use the specified engine to load the key\n" + "\t--key signing key (PEM-encoded RSA " + "private key)\n" + "\t--cert certificate (x509 certificate)\n" +@@ -152,22 +150,20 @@ static int add_intermediate_certs(PKCS7 *p7, const char *filename) + + int main(int argc, char **argv) + { +- const char *keyfilename, *certfilename, *addcertfilename, *engine; ++ const char *keyfilename, *certfilename, *addcertfilename; + struct sign_context *ctx; + uint8_t *buf, *tmp; + int rc, c, sigsize; +- EVP_PKEY *pkey; + + ctx = talloc_zero(NULL, struct sign_context); + + keyfilename = NULL; + certfilename = NULL; + addcertfilename = NULL; +- engine = NULL; + + for (;;) { + int idx; +- c = getopt_long(argc, argv, "o:c:k:dvVhe:a:", options, &idx); ++ c = getopt_long(argc, argv, "o:c:k:dvVha:", options, &idx); + if (c == -1) + break; + +@@ -193,9 +189,6 @@ int main(int argc, char **argv) + case 'h': + usage(); + return EXIT_SUCCESS; +- case 'e': +- engine = optarg; +- break; + case 'a': + addcertfilename = optarg; + break; +@@ -244,10 +237,7 @@ int main(int argc, char **argv) + * module isn't present). In either case ignore the errors + * (malloc will cause other failures out lower down */ + ERR_clear_error(); +- if (engine) +- pkey = fileio_read_engine_key(engine, keyfilename); +- else +- pkey = fileio_read_pkey(keyfilename); ++ EVP_PKEY *pkey = fileio_read_pkey(keyfilename); + if (!pkey) + return EXIT_FAILURE; + +diff --git a/src/sbvarsign.c b/src/sbvarsign.c +index 58031ec..db43054 100644 +--- a/src/sbvarsign.c ++++ b/src/sbvarsign.c +@@ -397,7 +397,6 @@ static struct option options[] = { + { "verbose", no_argument, NULL, 'v' }, + { "help", no_argument, NULL, 'h' }, + { "version", no_argument, NULL, 'V' }, +- { "engine", required_argument, NULL, 'e'}, + { NULL, 0, NULL, 0 }, + }; + +@@ -409,7 +408,6 @@ void usage(void) + " \n" + "Sign a blob of data for use in SetVariable().\n\n" + "Options:\n" +- "\t--engine use the specified engine to load the key\n" + "\t--key signing key (PEM-encoded RSA " + "private key)\n" + "\t--cert certificate (x509 certificate)\n" +@@ -438,7 +436,7 @@ static void version(void) + + int main(int argc, char **argv) + { +- const char *guid_str, *attr_str, *varname, *engine; ++ const char *guid_str, *attr_str, *varname; + const char *keyfilename, *certfilename; + struct varsign_context *ctx; + bool include_attrs; +@@ -448,14 +446,13 @@ int main(int argc, char **argv) + + keyfilename = NULL; + certfilename = NULL; +- engine = NULL; + guid_str = NULL; + attr_str= NULL; + include_attrs = false; + + for (;;) { + int idx; +- c = getopt_long(argc, argv, "o:g:a:k:c:ivVhe:", options, &idx); ++ c = getopt_long(argc, argv, "o:g:a:k:c:ivVh", options, &idx); + if (c == -1) + break; + +@@ -487,9 +484,6 @@ int main(int argc, char **argv) + case 'h': + usage(); + return EXIT_SUCCESS; +- case 'e': +- engine = optarg; +- break; + } + } + +@@ -551,10 +545,7 @@ int main(int argc, char **argv) + if (fileio_read_file(ctx, ctx->infilename, &ctx->data, &ctx->data_len)) + return EXIT_FAILURE; + +- if (engine) +- ctx->key = fileio_read_engine_key(engine, keyfilename); +- else +- ctx->key = fileio_read_pkey(keyfilename); ++ ctx->key = fileio_read_pkey(keyfilename); + if (!ctx->key) + return EXIT_FAILURE; + +-- +2.49.0 + diff --git a/sbsigntools-no-wchar_t.patch b/sbsigntools-no-wchar_t.patch new file mode 100644 index 0000000..1ac6763 --- /dev/null +++ b/sbsigntools-no-wchar_t.patch @@ -0,0 +1,34 @@ +diff -up sbsigntools-0.9.5/src/sbvarsign.c.orig sbsigntools-0.9.5/src/sbvarsign.c +--- sbsigntools-0.9.5/src/sbvarsign.c.orig 2023-05-05 12:56:50.000000000 +0200 ++++ sbsigntools-0.9.5/src/sbvarsign.c 2024-11-18 23:53:08.764976485 +0100 +@@ -67,7 +67,7 @@ struct varsign_context { + uint8_t *data; + size_t data_len; + +- CHAR16 *var_name; ++ uint16_t *var_name; + int var_name_bytes; + EFI_GUID var_guid; + uint32_t var_attrs; +@@ -163,18 +163,18 @@ static uint32_t parse_attrs(const char * + + static int set_varname(struct varsign_context *ctx, const char *str) + { +- CHAR16 *wstr; ++ uint16_t *wstr; + int i, len; + + len = strlen(str); + +- wstr = talloc_array(ctx, CHAR16, len); ++ wstr = talloc_array(ctx, uint16_t, len); + + for (i = 0; i < len; i++) + wstr[i] = str[i]; + + ctx->var_name = wstr; +- ctx->var_name_bytes = len * sizeof(CHAR16); ++ ctx->var_name_bytes = len * sizeof(uint16_t); + + return 0; + } diff --git a/sbsigntools.spec b/sbsigntools.spec new file mode 100644 index 0000000..550d0d9 --- /dev/null +++ b/sbsigntools.spec @@ -0,0 +1,218 @@ +%bcond_without check +%define _warning_options -Wall -Werror=format-security -Wno-deprecated-declarations -Wno-maybe-uninitialized + +Name: sbsigntools +Version: 0.9.5 +Release: 10%{?dist} +Summary: Signing utility for UEFI secure boot +# Most source code is GPL-3.0-or-later, except: +# LicenseRef-Fedora-Public-Domain: +# lib/ccan/ccan/array_size +# lib/ccan/ccan/build_assert +# lib/ccan/ccan/check_type +# lib/ccan/ccan/compiler +# lib/ccan/ccan/container_of +# lib/ccan/ccan/hash +# lib/ccan/ccan/str +# lib/ccan/ccan/tcon +# LGPL-2.1-or-later: +# lib/ccan/ccan/endian +# lib/ccan/ccan/htable +# lib/ccan/ccan/list +# lib/ccan/ccan/read_write_all +# lib/ccan/ccan/talloc +# lib/ccan/ccan/typesafe_cb +# LGPL-3.0-only: +# lib/ccan/ccan/failtest +# lib/ccan/ccan/tlist +# MIT: +# lib/ccan/ccan/time +License: GPL-3.0-or-later AND LicenseRef-Fedora-Public-Domain AND LGPL-2.1-or-later AND LGPL-3.0-only AND MIT +URL: https://build.opensuse.org/package/show/home:jejb1:UEFI/sbsigntools +# upstream tarballs don't include bundled ccan +# run sbsigntools-mktarball.sh +Source0: %{name}-%{version}.tar.xz +Source1: %{name}-mktarball.sh +# don't fetch ccan or run git from autogen.sh, already done by mktarball.sh +Patch0: %{name}-no-git.patch +# add Fedora gnu-efi path and link statically against libefi.a/libgnuefi.a +Patch1: %{name}-gnuefi.patch +# fix wchar_t (a.k.a. CHAR16) abuse +Patch2: %{name}-no-wchar_t.patch +# revert addition of openssl engine support +Patch3: %{name}-no-openssl-engines.patch +# same as gnu-efi +ExclusiveArch: %{efi} +BuildRequires: make +BuildRequires: automake +BuildRequires: binutils-devel +BuildRequires: gcc +BuildRequires: gnu-efi-devel >= 1:3.0.18-1 +BuildRequires: help2man +BuildRequires: libuuid-devel +%if %{with check} +BuildRequires: openssl +%endif +BuildRequires: openssl-devel +%if 0%{?fedora} >= 41 +# https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine +BuildRequires: openssl-devel-engine +%endif +Provides: bundled(ccan-array_size) +Provides: bundled(ccan-build_assert) +Provides: bundled(ccan-check_type) +Provides: bundled(ccan-compiler) +Provides: bundled(ccan-container_of) +Provides: bundled(ccan-endian) +Provides: bundled(ccan-failtest) +Provides: bundled(ccan-hash) +Provides: bundled(ccan-htable) +Provides: bundled(ccan-list) +Provides: bundled(ccan-read_write_all) +Provides: bundled(ccan-str) +Provides: bundled(ccan-talloc) +Provides: bundled(ccan-tcon) +Provides: bundled(ccan-time) +Provides: bundled(ccan-tlist) +Provides: bundled(ccan-typesafe_cb) + +%description +Tools to add signatures to EFI binaries and Drivers. + +%prep +%setup -q +%patch -p 1 -P 0 +%patch -p 1 -P 1 +%patch -p 1 -P 2 +%if %{defined el10} +# EL10 disables openssl engines +%patch -p 1 -P 3 +%endif + +%build +./autogen.sh +%configure +%make_build + +%install +%make_install + +%if %{with check} +%check +make check +%endif + +%files +%license COPYING LICENSE.GPLv3 lib/ccan/licenses/* +%doc AUTHORS ChangeLog +%{_bindir}/sbattach +%{_bindir}/sbkeysync +%{_bindir}/sbsiglist +%{_bindir}/sbsign +%{_bindir}/sbvarsign +%{_bindir}/sbverify +%{_mandir}/man1/sbattach.1.* +%{_mandir}/man1/sbkeysync.1.* +%{_mandir}/man1/sbsiglist.1.* +%{_mandir}/man1/sbsign.1.* +%{_mandir}/man1/sbvarsign.1.* +%{_mandir}/man1/sbverify.1.* + +%changelog +* Thu Apr 10 2025 Carl George - 0.9.5-10 +- Remove openssl engine support on EL10 + +* Wed Apr 09 2025 Carl George - 0.9.5-9 +- Add missing SPDX identifiers to license field + +* Sun Jan 19 2025 Fedora Release Engineering - 0.9.5-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild + +* Mon Nov 18 2024 Dominik Mierzejewski - 0.9.5-7 +- fix wchar_t usage in sbvarsign (fixes rhbz#2310759) + +* Wed Aug 21 2024 Michel Lind - 0.9.5-6 +- Fix building with gnu-efi 3.0.18 +- Fix building on Fedora 41+ due to OpenSSL engine deprecation +- Fix building on aarch64, need to use non-TEST_BINARY_FORMAT codepath like x86_64 +- FIxes: RHBZ#2301267 + +* Thu Jul 25 2024 Miroslav Suchý - 0.9.5-5 +- convert license to SPDX + +* Sat Jul 20 2024 Fedora Release Engineering - 0.9.5-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild + +* Sat Jan 27 2024 Fedora Release Engineering - 0.9.5-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild + +* Sat Jul 22 2023 Fedora Release Engineering - 0.9.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Fri May 05 2023 Dominik Mierzejewski - 0.9.5-1 +- update to 0.9.5 (#2179697) +- drop obsolete patches + +* Sat Jan 21 2023 Fedora Release Engineering - 0.9.4-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Tue Jan 17 2023 Dominik Mierzejewski - 0.9.4-10 +- fix build with GCC 13 + +* Sat Jul 23 2022 Fedora Release Engineering - 0.9.4-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Sat Jan 22 2022 Fedora Release Engineering - 0.9.4-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Fri Nov 19 2021 Dominik Mierzejewski - 0.9.4-7 +- fix build with OpenSSL 3.0.0 (fixes rhbz#2021909) + +* Tue Sep 14 2021 Sahana Prasad - 0.9.4-6 +- Rebuilt with OpenSSL 3.0.0 + +* Fri Jul 23 2021 Fedora Release Engineering - 0.9.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon May 17 2021 Dominik Mierzejewski - 0.9.4-4 +- don't ignore errors from sbkeysync (fixes rhbz#1955828) + +* Wed Jan 27 2021 Fedora Release Engineering - 0.9.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Jul 29 2020 Fedora Release Engineering - 0.9.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Jul 03 2020 Dominik Mierzejewski - 0.9.4-1 +- update to 0.9.4 (#1846578) + +* Mon Feb 03 2020 Dominik Mierzejewski - 0.9.3-1 +- update to 0.9.3 +- update bundled CCAN components list +- support building with gnu-efi 3.0.11 + +* Thu Jan 30 2020 Fedora Release Engineering - 0.9.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Fri Jul 26 2019 Fedora Release Engineering - 0.9.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Thu Feb 28 2019 Dominik Mierzejewski - 0.9.2-1 +- update to 0.9.2 + +* Sat Feb 02 2019 Fedora Release Engineering - 0.9.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Wed Jul 25 2018 Dominik Mierzejewski - 0.9.1-3 +- fix paths to gnu-efi (work around #1608293) + +* Sat Jul 14 2018 Fedora Release Engineering - 0.9.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Thu Feb 22 2018 Dominik Mierzejewski - 0.9.1-1 +- update to 0.9.1 +- add Fedora gnu-efi libs location to search path +- link tests statically against gnu-efi libs, there are no shared versions + +* Mon Sep 4 2017 Dominik Mierzejewski - 0.8-1 +- initial build diff --git a/sources b/sources new file mode 100644 index 0000000..fe6a9a5 --- /dev/null +++ b/sources @@ -0,0 +1 @@ +SHA512 (sbsigntools-0.9.5.tar.xz) = dbe52b709724eaaa0d5859ca0088190ee417e721a626681ea84cae3f04a7484e5caf64eb469094d3e373724c1f530cc75fa8ac63eaa91f803db2fda2f46c594f