Compare commits
4 Commits
c8
...
a9-depreca
Author | SHA1 | Date | |
---|---|---|---|
30f1d2b312 | |||
7986ff7460 | |||
80e5cf5b3c | |||
09b7c524d4 |
@ -1,3 +1,3 @@
|
|||||||
8ab193ad7addd71e4a820081f36d47e5ef727d28 SOURCES/shimaa64.efi
|
bfee65ae45498fefd64b16edf9993415b625cb3c SOURCES/shimaa64.efi
|
||||||
d3178fb0a2d662e2457e4a5cd13d1224e2aac1c2 SOURCES/shimia32.efi
|
ea800341a41765d0a06611220063d3aef8453dab SOURCES/shimia32.efi
|
||||||
9fb692b46fc70fd07a9acbbabc8e1c50d0e9a481 SOURCES/shimx64.efi
|
9f0ee5b4f212db7d228c8f985d4f15410c4922ed SOURCES/shimx64.efi
|
||||||
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
BIN
SOURCES/clsecureboot001.cer
Normal file
BIN
SOURCES/clsecureboot001.cer
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -13,9 +13,9 @@
|
|||||||
%global shimefix64 %{expand:%{SOURCE22}}
|
%global shimefix64 %{expand:%{SOURCE22}}
|
||||||
#%%global shimefiarm %%{expand:%%{SOURCE23}
|
#%%global shimefiarm %%{expand:%%{SOURCE23}
|
||||||
|
|
||||||
%global shimveraa64 15-7.el8_1
|
%global shimveraa64 15-6.el9.alma
|
||||||
%global shimveria32 15.4-4.el8_1
|
%global shimveria32 15.4-4.el9.alma
|
||||||
%global shimverx64 15.4-4.el8_1
|
%global shimverx64 15.4-4.el9.alma
|
||||||
#%%global shimverarm 15-1.el8
|
#%%global shimverarm 15-1.el8
|
||||||
|
|
||||||
%global shimdiraa64 %{_datadir}/shim/%{shimveraa64}/aa64
|
%global shimdiraa64 %{_datadir}/shim/%{shimveraa64}/aa64
|
||||||
@ -48,6 +48,7 @@ Requires: mokutil >= 1:0.3.0-1 \
|
|||||||
Requires: efi-filesystem \
|
Requires: efi-filesystem \
|
||||||
Provides: shim-signed-%{-a*} = %{version}-%{release} \
|
Provides: shim-signed-%{-a*} = %{version}-%{release} \
|
||||||
Requires: dbxtool >= 0.6-3 \
|
Requires: dbxtool >= 0.6-3 \
|
||||||
|
Requires: %{efi_esp_dir}/grub%{-a*}.efi \
|
||||||
%{expand:%%if 0%%{-p*} \
|
%{expand:%%if 0%%{-p*} \
|
||||||
Provides: shim = %{version}-%{release} \
|
Provides: shim = %{version}-%{release} \
|
||||||
Provides: shim-signed = %{version}-%{release} \
|
Provides: shim-signed = %{version}-%{release} \
|
||||||
@ -90,7 +91,7 @@ version signed by the UEFI signing service. \
|
|||||||
# -i <input>
|
# -i <input>
|
||||||
%define distrosign(b:a:d:) \
|
%define distrosign(b:a:d:) \
|
||||||
cp -av %{-d*}/%{-b*}%{-a*}.efi %{-b*}%{-a*}-unsigned.efi \
|
cp -av %{-d*}/%{-b*}%{-a*}.efi %{-b*}%{-a*}-unsigned.efi \
|
||||||
%{expand:%%sign -i %{-b*}%{-a*}-unsigned.efi -o %{-b*}%{-a*}-signed.efi -n redhatsecureboot501 -a %{SOURCE2} -c %{SOURCE1} }\
|
%{expand:%%sign -i %{-b*}%{-a*}-unsigned.efi -o %{-b*}%{-a*}-signed.efi -n clsecureboot001 -a %{SOURCE1} -c %{SOURCE1} }\
|
||||||
%{nil}
|
%{nil}
|
||||||
|
|
||||||
# -a <efiarch>
|
# -a <efiarch>
|
||||||
|
@ -1,3 +1,8 @@
|
|||||||
|
%global dist %{?dist}.alma
|
||||||
|
%global efi_vendor almalinux
|
||||||
|
%global efidir almalinux
|
||||||
|
%global efi_esp_dir /boot/efi/EFI/%{efidir}
|
||||||
|
|
||||||
Name: shim
|
Name: shim
|
||||||
Version: 15.4
|
Version: 15.4
|
||||||
Release: 2%{?dist}
|
Release: 2%{?dist}
|
||||||
@ -14,8 +19,7 @@ ExcludeArch: %{ix86}
|
|||||||
ExcludeArch: %{arm}
|
ExcludeArch: %{arm}
|
||||||
|
|
||||||
Source0: shim.rpmmacros
|
Source0: shim.rpmmacros
|
||||||
Source1: redhatsecureboot501.cer
|
Source1: clsecureboot001.cer
|
||||||
Source2: redhatsecurebootca5.cer
|
|
||||||
|
|
||||||
# keep these two lists of sources synched up arch-wise. That is 0 and 10
|
# keep these two lists of sources synched up arch-wise. That is 0 and 10
|
||||||
# match, 1 and 11 match, ...
|
# match, 1 and 11 match, ...
|
||||||
@ -101,27 +105,20 @@ install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Apr 06 2021 Peter Jones <pjones@redhat.com> - 15.4-2
|
* Wed Apr 21 2021 Andrew Lukoshko <alukoshko@almalinux.org> - 15.4-2.alma
|
||||||
- Fix build-deps on our shim-unsigned-* packages.
|
- Update to upstream 15.4 version
|
||||||
Related: CVE-2020-14372 (and others)
|
- Add support for Secure Boot
|
||||||
|
|
||||||
* Mon Apr 05 2021 Peter Jones <pjones@redhat.com> - 15.4-1
|
* Mon Mar 15 2021 Andrei Lukoshko <alukoshko@almalinux.org> - 15-16.alma.1
|
||||||
- Update to shim 15.4
|
- AlmaLinux changes
|
||||||
- Support for revocations via the ".sbat" section and SBAT EFI variable
|
|
||||||
- A new unit test framework and a bunch of unit tests
|
* Mon Sep 21 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-16
|
||||||
- No external gnu-efi dependency
|
- Fix an incorrect allocation size
|
||||||
- Better CI
|
Resolves: rhbz#1877253
|
||||||
Resolves: CVE-2020-14372
|
|
||||||
Resolves: CVE-2020-25632
|
|
||||||
Resolves: CVE-2020-25647
|
|
||||||
Resolves: CVE-2020-27749
|
|
||||||
Resolves: CVE-2020-27779
|
|
||||||
Resolves: CVE-2021-20225
|
|
||||||
Resolves: CVE-2021-20233
|
|
||||||
|
|
||||||
* Fri Jul 31 2020 Peter Jones <pjones@redhat.com> - 15-15
|
* Fri Jul 31 2020 Peter Jones <pjones@redhat.com> - 15-15
|
||||||
- Update once again for new signed shim builds.
|
- Update once again for new signed shim builds.
|
||||||
Resolves: rhbz#1862231
|
Resolves: rhbz#1861977
|
||||||
|
|
||||||
* Tue Jul 28 2020 Peter Jones <pjones@redhat.com> - 15-14
|
* Tue Jul 28 2020 Peter Jones <pjones@redhat.com> - 15-14
|
||||||
- Get rid of our %%dist hack for now.
|
- Get rid of our %%dist hack for now.
|
||||||
@ -136,7 +133,9 @@ install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi
|
|||||||
|
|
||||||
* Thu Jun 11 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-12
|
* Thu Jun 11 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-12
|
||||||
- Fix firmware update bug in aarch64 caused by shim ignoring arguments
|
- Fix firmware update bug in aarch64 caused by shim ignoring arguments
|
||||||
|
Resolves: rhbz#1830871
|
||||||
- Fix a shim crash when attempting to netboot
|
- Fix a shim crash when attempting to netboot
|
||||||
|
Resolves: rhbz#1795654
|
||||||
|
|
||||||
* Fri Jun 07 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-11
|
* Fri Jun 07 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-11
|
||||||
- Update the shim-unsigned-aarch64 version number
|
- Update the shim-unsigned-aarch64 version number
|
||||||
|
Loading…
Reference in New Issue
Block a user