|
|
@ -19,18 +19,17 @@
|
|
|
|
%global dbxfile %{nil}
|
|
|
|
%global dbxfile %{nil}
|
|
|
|
|
|
|
|
|
|
|
|
Name: shim-unsigned-%{efiarch}
|
|
|
|
Name: shim-unsigned-%{efiarch}
|
|
|
|
Version: 15.6
|
|
|
|
Version: 15.8
|
|
|
|
Release: 1.el9
|
|
|
|
Release: 1.el9.centos
|
|
|
|
Summary: First-stage UEFI bootloader
|
|
|
|
Summary: First-stage UEFI bootloader
|
|
|
|
ExclusiveArch: x86_64
|
|
|
|
ExclusiveArch: x86_64
|
|
|
|
License: BSD
|
|
|
|
License: BSD
|
|
|
|
URL: https://github.com/rhboot/shim
|
|
|
|
URL: https://github.com/rhboot/shim
|
|
|
|
Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
|
|
|
|
Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
|
|
|
|
Source1: redhatsecurebootca5.cer
|
|
|
|
|
|
|
|
%if 0%{?dbxfile}
|
|
|
|
%if 0%{?dbxfile}
|
|
|
|
Source2: %{dbxfile}
|
|
|
|
Source2: %{dbxfile}
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
Source3: sbat.redhat.csv
|
|
|
|
Source3: sbat.centos.csv
|
|
|
|
Source4: shim.patches
|
|
|
|
Source4: shim.patches
|
|
|
|
|
|
|
|
|
|
|
|
Source100: shim-find-debuginfo.sh
|
|
|
|
Source100: shim-find-debuginfo.sh
|
|
|
@ -42,6 +41,7 @@ BuildRequires: elfutils-libelf-devel
|
|
|
|
BuildRequires: git openssl-devel openssl
|
|
|
|
BuildRequires: git openssl-devel openssl
|
|
|
|
BuildRequires: pesign >= %{pesign_vre}
|
|
|
|
BuildRequires: pesign >= %{pesign_vre}
|
|
|
|
BuildRequires: dos2unix findutils
|
|
|
|
BuildRequires: dos2unix findutils
|
|
|
|
|
|
|
|
BuildRequires: system-sb-certs
|
|
|
|
|
|
|
|
|
|
|
|
# Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
|
|
|
|
# Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
|
|
|
|
# compatible with SysV (there's no red zone under UEFI) and there isn't a
|
|
|
|
# compatible with SysV (there's no red zone under UEFI) and there isn't a
|
|
|
@ -107,9 +107,10 @@ COMMITID=$(cat commit)
|
|
|
|
MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
|
|
|
|
MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
|
|
|
|
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
|
|
|
|
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
|
|
|
|
MAKEFLAGS+="ENABLE_SHIM_HASH=true "
|
|
|
|
MAKEFLAGS+="ENABLE_SHIM_HASH=true "
|
|
|
|
|
|
|
|
MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 "
|
|
|
|
MAKEFLAGS+="%{_smp_mflags}"
|
|
|
|
MAKEFLAGS+="%{_smp_mflags}"
|
|
|
|
if [ -f "%{SOURCE1}" ]; then
|
|
|
|
if [ -f "/etc/pki/sb-certs/secureboot-ca-x86_64.cer" ]; then
|
|
|
|
MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
|
|
|
|
MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=/etc/pki/sb-certs/secureboot-ca-x86_64.cer"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
%if 0%{?dbxfile}
|
|
|
|
%if 0%{?dbxfile}
|
|
|
|
if [ -f "%{SOURCE2}" ]; then
|
|
|
|
if [ -f "%{SOURCE2}" ]; then
|
|
|
@ -128,8 +129,9 @@ COMMITID=$(cat commit)
|
|
|
|
MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
|
|
|
|
MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
|
|
|
|
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
|
|
|
|
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
|
|
|
|
MAKEFLAGS+="ENABLE_SHIM_HASH=true "
|
|
|
|
MAKEFLAGS+="ENABLE_SHIM_HASH=true "
|
|
|
|
if [ -f "%{SOURCE1}" ]; then
|
|
|
|
MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 "
|
|
|
|
MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=%{SOURCE1}"
|
|
|
|
if [ -f "/etc/pki/sb-certs/secureboot-ca-x86_64.cer" ]; then
|
|
|
|
|
|
|
|
MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=/etc/pki/sb-certs/secureboot-ca-x86_64.cer"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
%if 0%{?dbxfile}
|
|
|
|
%if 0%{?dbxfile}
|
|
|
|
if [ -f "%{SOURCE2}" ]; then
|
|
|
|
if [ -f "%{SOURCE2}" ]; then
|
|
|
@ -158,6 +160,10 @@ cd ..
|
|
|
|
%files debugsource -f build-%{efiarch}/debugsource.list
|
|
|
|
%files debugsource -f build-%{efiarch}/debugsource.list
|
|
|
|
|
|
|
|
|
|
|
|
%changelog
|
|
|
|
%changelog
|
|
|
|
|
|
|
|
* Thu Feb 08 2024 Brian Stinson <bstinson@redhat.com> - 15.8-1.el9.centos
|
|
|
|
|
|
|
|
- Update to shim-15.8
|
|
|
|
|
|
|
|
Resolves: RHEL-4391
|
|
|
|
|
|
|
|
|
|
|
|
* Wed Jun 01 2022 Peter Jones <pjones@redhat.com> - 15.6-1.el9
|
|
|
|
* Wed Jun 01 2022 Peter Jones <pjones@redhat.com> - 15.6-1.el9
|
|
|
|
- Update to shim-15.6
|
|
|
|
- Update to shim-15.6
|
|
|
|
Resolves: CVE-2022-28737
|
|
|
|
Resolves: CVE-2022-28737
|
|
|
|