From 8e678969ab502fad01db2386c1b830c52b9c0e29 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 17 May 2022 06:47:43 -0400 Subject: [PATCH] import shim-unsigned-x64-15.5-1.el9 --- .gitignore | 2 +- .shim-unsigned-x64.metadata | 2 +- SOURCES/clsecureboot001.cer | Bin 1561 -> 0 bytes SOURCES/redhatsecurebootca5.cer | Bin 0 -> 920 bytes SOURCES/sbat.cloudlinux.csv | 1 - SOURCES/sbat.redhat.csv | 1 + SPECS/shim-unsigned-x64.spec | 66 +++++++++++--------------------- 7 files changed, 26 insertions(+), 46 deletions(-) delete mode 100644 SOURCES/clsecureboot001.cer create mode 100644 SOURCES/redhatsecurebootca5.cer delete mode 100644 SOURCES/sbat.cloudlinux.csv create mode 100644 SOURCES/sbat.redhat.csv diff --git a/.gitignore b/.gitignore index 9b85752..296cdd7 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/shim-15.4.tar.bz2 +SOURCES/shim-15.5.tar.bz2 diff --git a/.shim-unsigned-x64.metadata b/.shim-unsigned-x64.metadata index 1a84976..e0f79e9 100644 --- a/.shim-unsigned-x64.metadata +++ b/.shim-unsigned-x64.metadata @@ -1 +1 @@ -d70485792a300bfa66f551adf7ae766451dfe7c0 SOURCES/shim-15.4.tar.bz2 +b91f5eaced7ba1dcaef266af10763461889be5df SOURCES/shim-15.5.tar.bz2 diff --git a/SOURCES/clsecureboot001.cer b/SOURCES/clsecureboot001.cer deleted file mode 100644 index ca9ce5d92a13320a2995ed90f173ea719a132d8f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1561 zcmZ`(Yfuwc6wXbS1jzzo5X>OBh=_zHxtj+9!bnI+p+=zweAJF{O%_-i65K3=V6`P` zg!+Oiw$+NM3{cvRbwp7M9c2G4W9CPDY!P9nY%kz?r;WtSRH=h8 zU|e*l3WsV{DvoP4TGbnDs9{5GAcS5Z!6h(4C{7Uq1bAm>@_|6YFE-;+7(G78M}rNd zop2L0iATV2PECX)*l5Dk>U3O<$HA#wY63bL*TU2^EXQ6+VmX8d(^It7PU5jJhO385 zA`5A%ieN~rfG#CiV@9QqDqzb&l8`jD9Hy((P@^7aCo5+n4C4+6Mny(D>xqpR~zVhEx6umhZ5RVFal3r5M(h>Ej0sf_MTi2%d}hSB1Z;Kcx_Vo?>QeGcGz_P@TPE#k$jU}t{ z=C4WMHPazOp*1PT3fm+ruI6lS_~q`^8L{y-bu+Gf%@__g=3FU^|HN|Z8E=KQmHrw0 zI*CrQY%Us>cb>W=8$P+bYgw+q?~#eYnR*Y9;aJhXnxTwk!v=F7YKwQfz8bV zV01@f!?{5q0>0>7n9VhhK+@rCzjllgEbu48Bs8(uEH~tubc=NhbLDzdL9qcd0ymIeCpOTfNz>=FRp+_ZMjPwTEfKR;4GdG@D`O}rr^ zO(!d6#<-~YhKw(p3S9X|dM{X}bRc;161eWzPCUA!^tNx{O73;zPg)%xE6 diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer new file mode 100644 index 0000000000000000000000000000000000000000..dfb0284954861282d1a0ce16c8c5cdc71c27659f GIT binary patch literal 920 zcmXqLVxD5q#8k6@nTe5!iIbtZm{+@~;bN2lFB_*;n@8JsUPeZ4RtAH3LoovpHs(+k zE*{>X)D#7e#1b6^&%9(kLq!95kT^4s1XNrhI5oMnC{@8JKfgr5*-^pNP{}|6ZW6NxP$#b?ru1p1aqn$3D)YB{Qqo zjCvjz?|=HkE#3AN-xTZpws*U~)f@DZ{t~uwMZy8<;F%jD%$u6!n#qYzp^Sryh{C;x9qf@!N=T4ui@b#({ zSD&^p3kNZ=9lAQ9%xdfP9doNToV+k2^LHOFD{5oE&78StJa^8n7$i2k94PWc<&xr*# z`sciS&XK#@>h!OC8{=mczNLHbADCJ+pE=-CsaDOF#s}?5Q)1qq&%R~#cz>QmiAiVx zk5XXYstAL9d+iK-w@u$FESybMIPOFY~9lmn~9nUf%vMc88@((p0B(#qL+!COmt7`j5IhPVzo{cRPw} Pd!}BnFF!b8N6JS4>O*3Z literal 0 HcmV?d00001 diff --git a/SOURCES/sbat.cloudlinux.csv b/SOURCES/sbat.cloudlinux.csv deleted file mode 100644 index c39de2e..0000000 --- a/SOURCES/sbat.cloudlinux.csv +++ /dev/null @@ -1 +0,0 @@ -shim.cloudlinux,1,CloudLinux,shim,15.4-4,security@cloudlinux.com diff --git a/SOURCES/sbat.redhat.csv b/SOURCES/sbat.redhat.csv new file mode 100644 index 0000000..2135543 --- /dev/null +++ b/SOURCES/sbat.redhat.csv @@ -0,0 +1 @@ +shim.redhat,1,Red Hat Inc,shim,15.5,secalert@redhat.com diff --git a/SPECS/shim-unsigned-x64.spec b/SPECS/shim-unsigned-x64.spec index b375f68..26331e2 100644 --- a/SPECS/shim-unsigned-x64.spec +++ b/SPECS/shim-unsigned-x64.spec @@ -1,7 +1,7 @@ %global pesign_vre 0.106-1 %global openssl_vre 1.0.2j -%global efidir almalinux +%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/')) %global shimrootdir %{_datadir}/shim/ %global shimversiondir %{shimrootdir}/%{version}-%{release} %global efiarch x64 @@ -19,23 +19,21 @@ %global dbxfile %{nil} Name: shim-unsigned-%{efiarch} -Version: 15.4 -Release: 4%{?dist}.alma +Version: 15.5 +Release: 1.el9 Summary: First-stage UEFI bootloader ExclusiveArch: x86_64 License: BSD URL: https://github.com/rhboot/shim Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2 -Source1: clsecureboot001.cer +Source1: redhatsecurebootca5.cer %if 0%{?dbxfile} Source2: %{dbxfile} %endif -Source3: sbat.cloudlinux.csv +Source3: sbat.redhat.csv Source100: shim-find-debuginfo.sh -Patch0001: 0001-Fix-a-broken-file-header-on-ia32.patch - BuildRequires: gcc make BuildRequires: elfutils-libelf-devel BuildRequires: git openssl-devel openssl @@ -122,13 +120,6 @@ make ${MAKEFLAGS} \ all cd .. -cd build-%{efialtarch} -setarch linux32 -B make ${MAKEFLAGS} \ - ARCH=%{efialtarch} \ - DEFAULT_LOADER='\\\\grub%{efialtarch}.efi' \ - all -cd .. - %install COMMITID=$(cat commit) MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} " @@ -150,14 +141,6 @@ make ${MAKEFLAGS} \ install-as-data install-debuginfo install-debugsource cd .. -cd build-%{efialtarch} -setarch linux32 make ${MAKEFLAGS} \ - ARCH=%{efialtarch} \ - DEFAULT_LOADER='\\\\grub%{efialtarch}.efi' \ - DESTDIR=${RPM_BUILD_ROOT} \ - install-as-data install-debuginfo install-debugsource -cd .. - %files %license COPYRIGHT %dir %{shimrootdir} @@ -167,24 +150,14 @@ cd .. %{shimdir}/*.hash %{shimdir}/*.CSV -%files -n shim-unsigned-%{efialtarch} -%license COPYRIGHT -%dir %{shimrootdir} -%dir %{shimversiondir} -%dir %{shimaltdir} -%{shimaltdir}/*.efi -%{shimaltdir}/*.hash -%{shimaltdir}/*.CSV - %files debuginfo -f build-%{efiarch}/debugfiles.list -%files -n shim-unsigned-%{efialtarch}-debuginfo -f build-%{efialtarch}/debugfiles.list - %files debugsource -f build-%{efiarch}/debugsource.list %changelog -* Fri Apr 02 2021 Andrew Lukoshko - 15.4-4.alma -- Use CloudLinux vendor cert and SBAT entry +* Wed Mar 09 2022 Peter Jones - 15.5-1 +- Update to shim-15.5 + Related: rhbz#1932057 * Thu Apr 01 2021 Peter Jones - 15.4-4 - Fix the sbat data to actually match /this/ product. @@ -254,17 +227,24 @@ cd .. - Fix MoK mirroring issue which breaks kdump without intervention Related: rhbz#1668966 -* Fri Jul 20 2018 Peter Jones - 15-1 +* Thu Apr 05 2018 Peter Jones - 15-1 - Update to shim 15 +- better checking for bad linker output +- flicker-free console if there's no error output +- improved http boot support +- better protocol re-installation +- dhcp proxy support +- tpm measurement even when verification is disabled +- REQUIRE_TPM build flag +- more reproducable builds +- measurement of everything verified through shim_verify() +- coverity and scan-build checker make targets +- misc cleanups -* Tue Sep 19 2017 Peter Jones - 13-3 -- Actually update to the *real* 13 final. - Related: rhbz#1489604 +* Fri Feb 09 2018 Fedora Release Engineering - 13-0.2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild -* Thu Aug 31 2017 Peter Jones - 13-2 -- Actually update to 13 final. - -* Fri Aug 18 2017 Peter Jones - 13-1 +* Fri Aug 18 2017 Peter Jones - 13-0.1 - Make a new shim-unsigned-x64 package like the shim-unsigned-aarch64 one. - This will (eventually) supersede what's in the "shim" package so we can make "shim" hold the signed one, which will confuse fewer people.