13 changed files with 32 additions and 14 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +1,2 @@
-SOURCES/shim-15.8.tar.bz2
+/shim-*.tar.bz2
+*.rpm
--- a/.shim-unsigned-aarch64.metadata
+++ b/.shim-unsigned-aarch64.metadata
@ -1 +0,0 @@
-cdec924ca437a4509dcb178396996ddf92c11183 SOURCES/shim-15.8.tar.bz2
--- a/8
+++ b/8
@ -0,0 +1,8 @@
+#!/bin/bash
+set -e
+if [ $# -ne 1 ]; then
+	echo "usage: ./build <release>" 1>&2
+	exit 1
+fi
+arm-koji build $1 `fedpkg giturl`
+
--- a/SOURCES/dbx.esl
+++ b/SOURCES/dbx.esl
--- a/gating.yaml
+++ b/gating.yaml
@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-10
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: manual.sst_desktop.shim.functional}
--- a/rhtest.cer
+++ b/rhtest.cer
--- a/SOURCES/sbat.redhat.csv
+++ b/SOURCES/sbat.redhat.csv
--- a/secureboot.cer
+++ b/secureboot.cer
--- a/SOURCES/securebootca.cer
+++ b/SOURCES/securebootca.cer
--- a/SOURCES/shim-find-debuginfo.sh
+++ b/SOURCES/shim-find-debuginfo.sh
--- a/SPECS/shim-unsigned-aarch64.spec
+++ b/SPECS/shim-unsigned-aarch64.spec
@ -16,18 +16,18 @@

 Name:		shim-unsigned-aarch64
 Version:	15.8
-Release:	2.el8
+Release:	4%{?dist}
 Summary:	First-stage UEFI bootloader
 ExclusiveArch:	aarch64
-License:	BSD
+License:	BSD-2-Clause AND OpenSSL
 URL:		https://github.com/rhboot/shim
 Source0:	https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
 Source1:	securebootca.cer
 # currently here's what's in our dbx:
 # nothing.
 Source2:	dbx.esl
-Source3:	sbat.redhat.csv
-Source4:	shim.patches
+Source3:        sbat.redhat.csv
+Source4:        shim.patches

 Source100:	shim-find-debuginfo.sh

@ -37,7 +37,7 @@ BuildRequires:	gcc make
 BuildRequires:	elfutils-libelf-devel
 BuildRequires:	git openssl-devel openssl
 BuildRequires:	pesign >= %{pesign_vre}
-BuildRequires:	dos2unix findutils
+BuildRequires: dos2unix findutils

 # Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
 # compatible with SysV (there's no red zone under UEFI) and there isn't a
@ -89,7 +89,7 @@ MAKEFLAGS+="ENABLE_SHIM_HASH=true "
 MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 "
 MAKEFLAGS+="%{_smp_mflags}"
 if [ -f "%{SOURCE1}" ]; then
-	MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1} "
+        MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1} "
 fi
 if [ -f "%{SOURCE2}" ]; then
 	MAKEFLAGS="$MAKEFLAGS VENDOR_DBX_FILE=%{SOURCE2} "
@ -133,13 +133,16 @@ cd ..
 %files debugsource -f build-%{efiarch}/debugsource.list

 %changelog
-* Wed Feb 07 2024 Peter Jones <pjones@redhat.com> - 15.8-2.el8
- Rebuild to fix the commit ident and MAKEFLAGS
-  Resolves: RHEL-11259
+* Wed Jun 4 2025 Nicolas Frayer <nfrayer@redhat.com> - 15.8-4.el10
+- spec: license migration to SPDX
+- Resolves: #RHEL-95022

-* Tue Dec 05 2023 Peter Jones <pjones@redhat.com> - 15.8-1.el8
- Update to shim-15.8 for CVE-2023-40547
-  Resolves: RHEL-11259
+* Thu Mar 13 2025 Nicolas Frayer <nfrayer@redhat.com> - 15.8-3.el10
+- Update gating.yaml for rhel-10
+- Resolves: #RHEL-83446
+
+* Thu Mar 6 2025 Nicolas Frayer <nfrayer@redhat.com> - 15.8-2.el10
+- Update to shim-15.8

 * Tue May 26 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-6
 - Fix a shim crash when attempting to netboot
--- a/SOURCES/shim.patches
+++ b/SOURCES/shim.patches
--- a/1
+++ b/1
@ -0,0 +1 @@
+SHA512 (shim-15.8.tar.bz2) = 30b3390ae935121ea6fe728d8f59d37ded7b918ad81bea06e213464298b4bdabbca881b30817965bd397facc596db1ad0b8462a84c87896ce6c1204b19371cd1
				`@ -1 +0,0 @@`
				`cdec924ca437a4509dcb178396996ddf92c11183 SOURCES/shim-15.8.tar.bz2`
				`@ -0,0 +1 @@`
				`SHA512 (shim-15.8.tar.bz2) = 30b3390ae935121ea6fe728d8f59d37ded7b918ad81bea06e213464298b4bdabbca881b30817965bd397facc596db1ad0b8462a84c87896ce6c1204b19371cd1`