rpms/shim
7
0
Fork 1
Code Issues Pull Requests Releases Activity

import CS shim-15.8-5.el10

Browse Source
This commit is contained in:
eabdullin 2025-07-08 07:41:47 +00:00
parent 06e79079e0
commit fd1c0c9c9d
5 changed files with 27 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@ -1,10 +1,10 @@
BOOTAA64.CSV
BOOTX64.CSV
centossecureboot201.cer
centossecurebootca2.cer
fbaa64.efi
fbx64.efi
mmaa64.efi
mmx64.efi
redhatsecureboot501.cer
redhatsecurebootca5.cer
shimaa64.efi
shimx64.efi

4
shim.conf Normal file
View File

@ -0,0 +1,4 @@
shim-aa64
shim-arm
shim-ia32
shim-x64

4
shim.rpmmacros
View File

@ -3,7 +3,7 @@
%global vendor_token_str %{expand:%%{nil}%%{?vendor_token_name:-t "%{vendor_token_name}"}}
%global vendor_cert_str %{expand:%%{!?vendor_cert_nickname:-c "Red Hat Test Certificate"}%%{?vendor_cert_nickname:-c "%%{vendor_cert_nickname}"}}
%global grub_version 2.06-27.el9_0.12
%global grub_version 2.12-1.el10_0
%global bootcsvaa64 %{expand:%{SOURCE10}}
%global bootcsvx64 %{expand:%{SOURCE12}}
@ -118,7 +118,7 @@ version signed by the UEFI signing service. \
else \
cp -av %{-d*}/%{-b*}%{-a*}.efi %{-b*}%{-a*}-unsigned.efi \
fi \
%{expand:%%sign -i %{-b*}%{-a*}-unsigned.efi -o %{-b*}%{-a*}-signed.efi -n redhatsecureboot501 -a %{SOURCE2} -c %{SOURCE1} } \
%{expand:%%sign -i %{-b*}%{-a*}-unsigned.efi -o %{-b*}%{-a*}-signed.efi -n centossecureboot201 -a %{SOURCE2} -c %{SOURCE1} } \
%{nil}
# -a <efiarch>

82
shim.spec
View File

@ -1,6 +1,6 @@
Name: shim
Version: 15.8
Release: 4%{?dist}
Release: 5%{?dist}
Summary: First-stage UEFI bootloader
License: BSD
URL: https://github.com/rhboot/shim/
@ -12,8 +12,9 @@ ExclusiveArch: %{efi}
ExcludeArch: %{arm} %{ix86}
Source0: shim.rpmmacros
Source1: redhatsecureboot501.cer
Source2: redhatsecurebootca5.cer
Source1: centossecureboot201.cer
Source2: centossecurebootca2.cer
Source5: shim.conf
# keep these two lists of sources synched up arch-wise. That is 0 and 10
# match, 1 and 11 match, ...
@ -90,6 +91,8 @@ install -D -d -m 0700 $RPM_BUILD_ROOT%{efi_esp_boot}/
%if %{provide_legacy_shim}
install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi
%endif
install -D -d -m 0755 $RPM_BUILD_ROOT%{_sysconfdir}/dnf/protected.d/
install -m 0644 %{SOURCE5} $RPM_BUILD_ROOT%{_sysconfdir}/dnf/protected.d/
( cd $RPM_BUILD_ROOT ; find .%{efi_esp_root} -type f ) \
| sed -e 's/\./\^/' -e 's,^\\\./,.*/,' -e 's,$,$,' > %{__brp_mangle_shebangs_exclude_from_file}
@ -98,79 +101,14 @@ install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi
%if %{efi_has_alt_arch}
%define_files -a %{efi_alt_arch} -A %{efi_alt_arch_upper}
%endif
%{_sysconfdir}/dnf/protected.d/shim.conf
%if %{provide_legacy_shim}
%verify(not mtime) %{efi_esp_dir}/shim.efi
%endif
%changelog
* Tue Apr 16 2024 Peter Jones <pjones@redhat.com> - 15.8-4
- Rebuild to work around build system quirks.
Related: RHEL-11262
* Wed Jul 2 2025 Nicolas Frayer <nfrayer@redhat.com> - 15.8-5
- First build for Centos Stream 10
- Resolves: #RHEL-45014
* Wed Apr 03 2024 Peter Jones <pjones@redhat.com> - 15.8-3.el9
- Fix rpm verification due to mtime granularity on FAT.
Related: RHEL-11262
* Thu Mar 21 2024 Peter Jones <pjones@redhat.com> - 15.8-2.el9
- Add the grub2-efi-ARCH conflict for SBAT.
Resolves: RHEL-11262
* Thu Mar 21 2024 Peter Jones <pjones@redhat.com> - 15.8-1.el9
- Update to shim-15.8 for CVE-2023-40547
Resolves: RHEL-11262
* Thu Apr 14 2022 Peter Jones <pjones@redhat.com> - 15.5-2.el9
- Attempt to make aarch64 build.
Related: rhbz#1932057
* Thu Apr 14 2022 Peter Jones <pjones@redhat.com> - 15.5-1.el9
- Rebuild for rhel-9.0.0
Resolves: rhbz#1932057
* Mon Sep 21 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-16
- Fix an incorrect allocation size
* Fri Jul 31 2020 Peter Jones <pjones@redhat.com> - 15-15
- Update once again for new signed shim builds.
* Tue Jul 28 2020 Peter Jones <pjones@redhat.com> - 15-14
- Get rid of our %%dist hack for now.
* Tue Jul 28 2020 Peter Jones <pjones@redhat.com> - 15-13
- New signing keys
* Thu Jun 11 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-12
- Fix firmware update bug in aarch64 caused by shim ignoring arguments
- Fix a shim crash when attempting to netboot
* Fri Jun 07 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-11
- Update the shim-unsigned-aarch64 version number
* Fri Jun 07 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-10
- Add a gating.yaml file so the package can be properly gated
* Wed Jun 05 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-9
- Bump the NVR
* Wed Jun 05 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-7
- Make EFI variable copying fatal only on secureboot enabled systems
- Fix booting shim from an EFI shell using a relative path
* Thu Mar 14 2019 Peter Jones <pjones@redhat.com> - 15-6
- Fix MoK mirroring issue which breaks kdump without intervention
* Thu Jan 24 2019 Peter Jones <pjones@redhat.com> - 15-5
- Rebuild for signing once again. If the signer actually works, then:
* Tue Oct 16 2018 Peter Jones <pjones@redhat.com> - 15-4
- Rebuild for signing
* Mon Aug 13 2018 Troy Dawson <tdawson@redhat.com>
- Release Bumped for el8 Mass Rebuild
* Sat Aug 11 2018 Troy Dawson <tdawson@redhat.com>
- Release Bumped for el8+8 Mass Rebuild
* Mon Jul 23 2018 Peter Jones <pjones@redhat.com> - 15-1
- Build for RHEL 8

18
sources
View File

@ -1,10 +1,10 @@
SHA512 (BOOTAA64.CSV) = 1c1bac8c2627b704e8b091d2e0c81d55a8bd7420450fe429e20efe8830fa377fdf48c51c2e658e3d0ecee491845bf5cc696ba848669dc26d23687ed5fe5efa76
SHA512 (BOOTX64.CSV) = 3ed565c94bfc6f94136780ebbfebc0b19cb408b80e459bfece5de2e478d66605c1c7dd9f4186864cedbd420626945ae7b86e938e2d67f0163de596d05d859e0b
SHA512 (fbaa64.efi) = daf5aa484238aa4718ad72dadb9693fa3779ba611b354e078499b80ae50ea278bbbfca6015240549ad2aed77cea188b16f951a952b0ce7bbcbd2f665cf7b71ce
SHA512 (fbx64.efi) = 5da196c917fb8aca45adf054fc11db299bbcc1b95e8574776840aa3977f6a3ce59cc1afc3d2e8b1f1412446a80e76541eb0333747990ca7f2cd526066a69d2d1
SHA512 (mmaa64.efi) = fd14191f19f3e31b7191d4ee3c52549f9f32012a51e723a6006ff4a59d4da70687337bbb82e852631534ac4e1098f3ef1c493596509aa64c9f6b08b3c1d83ae2
SHA512 (mmx64.efi) = f63a76e7abd72d90e5a24649960f2918bc1f3a18c40f04e3c2264301ba88738a68e7817b9d2e23f45771ecbda628ed2b281c960a9e2e1852d505b166bda54e3c
SHA512 (redhatsecureboot501.cer) = eb2c2d342680d4c3453d3e4f30abdd1f6b0e98292e1be0410d0163afd01552a863b70ffaabeecd6e3981cd4d167198091a837c7d70f96a3a06de2d28b3355308
SHA512 (redhatsecurebootca5.cer) = 0285fd7cb1755b399cdd2d848d9eba51b72ef2dd8ea5d40d7061c29685a12e15bf8eb083cb2f8c14eb69d248cb3af2c2332e06f80e19ed4cc029070198c0d522
SHA512 (shimaa64.efi) = 7eb1d50589134636e1eb28b2282676a37cd1fa1b5334b629e16c7ffd9b2b77c4617a6dfe855161f6578b8d76663b60a00788261974fed76488006d9c965c9a3f
SHA512 (shimx64.efi) = 29079c05ee529d981f5c16d4a68a84bfde40945da3b06b1cb4779a38668f43102138f8e5a9210834d2c426e50736cc3dc81f988334e0f817872b2926b5f1d909
SHA512 (BOOTX64.CSV) = 16936301ec1b098022aac2428d31a4849a585e047493a64916427a235287b8d81bc285b0371a270e77ed476b71c741b8d7e7158986b167c3d6bb982705764e16
SHA512 (centossecureboot201.cer) = 9f7ae7ab43e4453df062c081fa111a79f2e0cb1901992583f6de4a93fb99730df095bfe129639720d534d318b6811750dd05ff207866397d96431a4ba7a1169e
SHA512 (centossecurebootca2.cer) = 0241bc6293ff2d51f84453fdcda969dbab7c37ddd394ae15c9bed8d1ec157fc646671640c118df4d4c174c92771fef16b9c5e622021ef60a7aaa314f4901255b
SHA512 (fbaa64.efi) = 5816080369a5fa47bed503b1fad4c31d35c88be2fc2a3c513c6bae7159bc95d989dfe3cb773fd6a452360040b6035689179bf29c5d68cc912d7272c7472c7d5d
SHA512 (fbx64.efi) = 1bbf117734d042d92e331a9e619b0f48a7da1016c5fbc3ec5461247e9bb599df200b98ad9ffe82300550f884e8e3b2457763c7f3fd9cf142fbef76aa3b10d0a5
SHA512 (mmaa64.efi) = c422b693831aee23bdf4224a6996edad9c6a91ebc66eeb9bc1bc5d98942a963fad2db077d0804d2b3382b483c7d39a0fb37987214810b4e14d193a97c3c2debe
SHA512 (mmx64.efi) = caabd963f6a8a05bbb48f0298c683d1f97d3fe4bc68eee4521b2e8bc2c5cdb6ef405b7188031b8ff250b7a1ddafbdc5da241ac30545bfabca42ee2bc45507499
SHA512 (shimaa64.efi) = 8ded3a96b6b02afb39e5df829913c1536afb1e711239f5f58620d4dec622a722725cdd8764830da0a93acce7f9741f6e9235a67254da12e240dc3ff032c536fb
SHA512 (shimx64.efi) = b4dc7ff94feec631d63e496b72d9ea333179204407ba91399d7c5e2c762172a3ab91001604727641ac5b0eaf79fa350d981b05c101c523897987e12b494b03cd