Compare commits

..

No commits in common. "a9" and "c8" have entirely different histories.
a9 ... c8

4 changed files with 7 additions and 44 deletions

View File

@ -1,25 +0,0 @@
From 7e7fa748c8651ca3d9fdd55f0ad891c816949ff5 Mon Sep 17 00:00:00 2001
From: Peter Jones <pjones@redhat.com>
Date: Fri, 6 Aug 2021 16:43:37 -0400
Subject: [PATCH] RHEL-9: disable -Wpointer-sign for now
Signed-off-by: Peter Jones <pjones@redhat.com>
---
Make.defaults | 1 +
1 file changed, 1 insertion(+)
diff --git a/Make.defaults b/Make.defaults
index e11ab5a7f2c..9b28720d186 100644
--- a/Make.defaults
+++ b/Make.defaults
@@ -42,6 +42,7 @@ EFI_LDS = $(TOPDIR)/elf_$(ARCH)_efi.lds
CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
-fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
-Werror=sign-compare -ffreestanding -std=gnu89 \
+ -Wno-pointer-sign -Wno-address-of-packed-member \
-I$(shell $(CC) -print-file-name=include) \
"-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
"-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
--
2.31.1

Binary file not shown.

BIN
SOURCES/securebootca.cer Normal file

Binary file not shown.

View File

@ -8,7 +8,7 @@
%global __debug_install_post %{SOURCE100} aa64
%undefine _debuginfo_subpackages
%global efidir almalinux
%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/'))
%global shimrootdir %{_datadir}/shim/
%global shimversiondir %{shimrootdir}/%{version}-%{release}
%global efiarch aa64
@ -16,13 +16,13 @@
Name: shim-unsigned-aarch64
Version: 15
Release: 6%{?dist}.alma
Release: 7%{?dist}
Summary: First-stage UEFI bootloader
ExclusiveArch: aarch64
License: BSD
URL: https://github.com/rhboot/shim
Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
Source1: clsecureboot001.cer
Source1: securebootca.cer
# currently here's what's in our dbx:
# nothing.
Source2: dbx.esl
@ -39,9 +39,7 @@ Patch0007: 0007-shim-Properly-generate-absolute-paths-from-relative-.patch
Patch0008: 0008-shim-Prevent-shim-to-set-itself-as-a-second-stage-lo.patch
Patch0009: 0009-Fix-a-use-of-strlen-instead-of-Strlen.patch
Patch0010: 0010-translate_slashes-don-t-write-to-string-literals.patch
Patch0011: 0011-RHEL-9-disable-Wpointer-sign-for-now.patch
BuildRequires: gcc make
BuildRequires: elfutils-libelf-devel
BuildRequires: git openssl-devel openssl
BuildRequires: pesign >= %{pesign_vre}
@ -139,8 +137,9 @@ cd ..
%files debugsource -f build-%{efiarch}/debugsource.list
%changelog
* Thu May 18 2022 Eduard Abdullin <eabdullin@almalinux.org> - 15-6.alma
- Use AlmaLinux cert
* Tue Apr 06 2021 Peter Jones <pjones@redhat.com> - 15-7
- Backport this to EL 8 so we can build-dep on the right version.
Related: CVE-2020-14372 (and others)
* Tue May 26 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-6
- Fix a shim crash when attempting to netboot
@ -164,19 +163,8 @@ cd ..
- Fix MoK mirroring issue which breaks kdump without intervention
Related: rhbz#1668966
* Thu Apr 05 2018 Peter Jones <pjones@redhat.com> - 15-1
* Fri Jul 20 2018 Peter Jones <pjones@redhat.com> - 15-1
- Update to shim 15
- better checking for bad linker output
- flicker-free console if there's no error output
- improved http boot support
- better protocol re-installation
- dhcp proxy support
- tpm measurement even when verification is disabled
- REQUIRE_TPM build flag
- more reproducable builds
- measurement of everything verified through shim_verify()
- coverity and scan-build checker make targets
- misc cleanups
* Tue Sep 19 2017 Peter Jones <pjones@redhat.com> - 13-3
- Actually update to the *real* 13 final.