rpms/shim-unsigned-x64
5
0
Fork 0
Code Issues Pull Requests Releases Activity

Build shim-unsigned for CentOS Stream 10

Browse Source 
Related: RHEL-4391

Signed-off-by: Brian Stinson <bstinson@redhat.com>
This commit is contained in:
Brian Stinson 2024-11-18 08:41:21 -06:00
parent 93bc040f9f
commit 211a1650fe
7 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
redhatsecureboot502.cer
View File

Binary file not shown.

BIN
redhatsecurebootca5.cer
View File

Binary file not shown.

BIN
redhatsecurebootca8.cer
View File

Binary file not shown.

1
sbat.centos.csv Normal file
View File

@ -0,0 +1 @@
shim.centos,3,The CentOS Project,shim,15.8,security@centos.org
1 shim.centos 3 The CentOS Project shim 15.8 security@centos.org

1
sbat.redhat.csv
View File

@ -1 +0,0 @@
shim.redhat,3,Red Hat Inc,shim,15.8,secalert@redhat.com
1 shim.redhat 3 Red Hat Inc shim 15.8 secalert@redhat.com

17
shim-unsigned-x64.spec
View File

@ -20,7 +20,7 @@
Name: shim-unsigned-%{efiarch} Name: shim-unsigned-%{efiarch}
Version: 15.8 Version: 15.8
Release: 2.el9 Release: 3.el10.centos
Summary: First-stage UEFI bootloader Summary: First-stage UEFI bootloader
ExclusiveArch: x86_64 ExclusiveArch: x86_64
License: BSD License: BSD
@ -30,7 +30,7 @@ Source1: vendordb.esl
%if 0%{?dbxfile} %if 0%{?dbxfile}
Source2: %{dbxfile} Source2: %{dbxfile}
%endif %endif
Source3: sbat.redhat.csv Source3: sbat.centos.csv
Source4: shim.patches Source4: shim.patches
Source100: shim-find-debuginfo.sh Source100: shim-find-debuginfo.sh
@ -42,6 +42,7 @@ BuildRequires: elfutils-libelf-devel
BuildRequires: git openssl-devel openssl BuildRequires: git openssl-devel openssl
BuildRequires: pesign >= %{pesign_vre} BuildRequires: pesign >= %{pesign_vre}
BuildRequires: dos2unix findutils BuildRequires: dos2unix findutils
BuildRequires: system-sb-certs
# Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not # Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
# compatible with SysV (there's no red zone under UEFI) and there isn't a # compatible with SysV (there's no red zone under UEFI) and there isn't a
@ -109,8 +110,8 @@ MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
MAKEFLAGS+="ENABLE_SHIM_HASH=true " MAKEFLAGS+="ENABLE_SHIM_HASH=true "
MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 " MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 "
MAKEFLAGS+="%{_smp_mflags}" MAKEFLAGS+="%{_smp_mflags}"
if [ -f "%{SOURCE1}" ]; then if [ -f "/etc/pki/sb-certs/secureboot-ca-x86_64.cer" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=%{SOURCE1}" MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=/etc/pki/sb-certs/secureboot-ca-x86_64.cer"
fi fi
%if 0%{?dbxfile} %if 0%{?dbxfile}
if [ -f "%{SOURCE2}" ]; then if [ -f "%{SOURCE2}" ]; then
@ -130,8 +131,8 @@ MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMIT_ID=${COMMIT_ID} "
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} " MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
MAKEFLAGS+="ENABLE_SHIM_HASH=true " MAKEFLAGS+="ENABLE_SHIM_HASH=true "
MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 " MAKEFLAGS+="SBAT_AUTOMATIC_DATE=2023012900 "
if [ -f "%{SOURCE1}" ]; then if [ -f "/etc/pki/sb-certs/secureboot-ca-x86_64.cer" ]; then
MAKEFLAGS="$MAKEFLAGS VENDOR_DB_FILE=%{SOURCE1} " MAKEFLAGS="$MAKEFLAGS VENDOR_CERT_FILE=/etc/pki/sb-certs/secureboot-ca-x86_64.cer"
fi fi
%if 0%{?dbxfile} %if 0%{?dbxfile}
if [ -f "%{SOURCE2}" ]; then if [ -f "%{SOURCE2}" ]; then
@ -160,6 +161,10 @@ cd ..
%files debugsource -f build-%{efiarch}/debugsource.list %files debugsource -f build-%{efiarch}/debugsource.list
%changelog %changelog
* Mon Nov 18 2024 Brian Stinson <bstinson@redhat.com> - 15.8-3.el10.centos
- Build shim-unsigned for CentOS Stream 10
Related: RHEL-4391
* Wed Feb 07 2024 Peter Jones <pjones@redhat.com> - 15.8-2.el9 * Wed Feb 07 2024 Peter Jones <pjones@redhat.com> - 15.8-2.el9
- Rebuild to fix the commit ident and MAKEFLAGS - Rebuild to fix the commit ident and MAKEFLAGS
Resolves: RHEL-56466 Resolves: RHEL-56466

BIN
vendordb.esl
View File

Binary file not shown.