diff --git a/redhatsecureboot502.cer b/redhatsecureboot502.cer deleted file mode 100644 index be0b5e2..0000000 Binary files a/redhatsecureboot502.cer and /dev/null differ diff --git a/redhatsecurebootca5.cer b/redhatsecurebootca5.cer deleted file mode 100644 index dfb0284..0000000 Binary files a/redhatsecurebootca5.cer and /dev/null differ diff --git a/redhatsecurebootca8.cer b/redhatsecurebootca8.cer deleted file mode 100644 index 75bc46b..0000000 Binary files a/redhatsecurebootca8.cer and /dev/null differ diff --git a/sbat.centos.csv b/sbat.centos.csv new file mode 100644 index 0000000..23fbdf3 --- /dev/null +++ b/sbat.centos.csv @@ -0,0 +1 @@ +shim.centos,3,The CentOS Project,shim,15.8,security@centos.org diff --git a/sbat.redhat.csv b/sbat.redhat.csv deleted file mode 100644 index be9e036..0000000 --- a/sbat.redhat.csv +++ /dev/null @@ -1 +0,0 @@ -shim.redhat,3,Red Hat Inc,shim,15.8,secalert@redhat.com diff --git a/shim-unsigned-x64.spec b/shim-unsigned-x64.spec index df27ed3..0994e5f 100644 --- a/shim-unsigned-x64.spec +++ b/shim-unsigned-x64.spec @@ -20,7 +20,7 @@ Name: shim-unsigned-%{efiarch} Version: 15.8 -Release: 2.el9 +Release: 3.el10.centos Summary: First-stage UEFI bootloader ExclusiveArch: x86_64 License: BSD @@ -30,7 +30,7 @@ Source1: vendordb.esl %if 0%{?dbxfile} Source2: %{dbxfile} %endif -Source3: sbat.redhat.csv +Source3: sbat.centos.csv Source4: shim.patches Source100: shim-find-debuginfo.sh @@ -42,6 +42,7 @@ BuildRequires: elfutils-libelf-devel BuildRequires: git openssl-devel openssl BuildRequires: pesign >= %{pesign_vre} BuildRequires: dos2unix findutils +BuildRequires: system-sb-certs # Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not # compatible with SysV (there's no red zone under UEFI) and there isn't a @@ -109,8 +110,8 @@ MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} " MAKEFLAGS+="ENABLE_SHIM_HASH=true " MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 " MAKEFLAGS+="%{_smp_mflags}" -if [ -f "%{SOURCE1}" ]; then - MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=%{SOURCE1}" +if [ -f "/etc/pki/sb-certs/secureboot-ca-x86_64.cer" ]; then + MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=/etc/pki/sb-certs/secureboot-ca-x86_64.cer" fi %if 0%{?dbxfile} if [ -f "%{SOURCE2}" ]; then @@ -130,8 +131,8 @@ MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMIT_ID=${COMMIT_ID} " MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} " MAKEFLAGS+="ENABLE_SHIM_HASH=true " MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 " -if [ -f "%{SOURCE1}" ]; then - MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=%{SOURCE1} " +if [ -f "/etc/pki/sb-certs/secureboot-ca-x86_64.cer" ]; then + MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=/etc/pki/sb-certs/secureboot-ca-x86_64.cer" fi %if 0%{?dbxfile} if [ -f "%{SOURCE2}" ]; then @@ -160,6 +161,10 @@ cd .. %files debugsource -f build-%{efiarch}/debugsource.list %changelog +* Mon Nov 18 2024 Brian Stinson - 15.8-3.el10.centos +- Build shim-unsigned for CentOS Stream 10 + Related: RHEL-4391 + * Wed Feb 07 2024 Peter Jones - 15.8-2.el9 - Rebuild to fix the commit ident and MAKEFLAGS Resolves: RHEL-56466 diff --git a/vendordb.esl b/vendordb.esl index 8991b3e..e69de29 100644 Binary files a/vendordb.esl and b/vendordb.esl differ