1
0
forked from rpms/shim

Compare commits

...

4 Commits

Author SHA1 Message Date
30f1d2b312 Update shimaa64.efi 2022-05-19 19:15:00 +00:00
7986ff7460 Update for new shim-unsigned-aarch64 2022-05-19 18:32:33 +00:00
80e5cf5b3c Update for AlmaLinux 9 2022-05-18 14:22:28 +00:00
09b7c524d4 AlmaLinux changes 2021-09-15 12:46:23 +00:00
9 changed files with 26 additions and 26 deletions

View File

@ -1,3 +1,3 @@
8ab193ad7addd71e4a820081f36d47e5ef727d28 SOURCES/shimaa64.efi bfee65ae45498fefd64b16edf9993415b625cb3c SOURCES/shimaa64.efi
d3178fb0a2d662e2457e4a5cd13d1224e2aac1c2 SOURCES/shimia32.efi ea800341a41765d0a06611220063d3aef8453dab SOURCES/shimia32.efi
9fb692b46fc70fd07a9acbbabc8e1c50d0e9a481 SOURCES/shimx64.efi 9f0ee5b4f212db7d228c8f985d4f15410c4922ed SOURCES/shimx64.efi

Binary file not shown.

Binary file not shown.

Binary file not shown.

BIN
SOURCES/clsecureboot001.cer Normal file

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -13,9 +13,9 @@
%global shimefix64 %{expand:%{SOURCE22}} %global shimefix64 %{expand:%{SOURCE22}}
#%%global shimefiarm %%{expand:%%{SOURCE23} #%%global shimefiarm %%{expand:%%{SOURCE23}
%global shimveraa64 15-7.el8_1 %global shimveraa64 15-6.el9.alma
%global shimveria32 15.4-4.el8_1 %global shimveria32 15.4-4.el9.alma
%global shimverx64 15.4-4.el8_1 %global shimverx64 15.4-4.el9.alma
#%%global shimverarm 15-1.el8 #%%global shimverarm 15-1.el8
%global shimdiraa64 %{_datadir}/shim/%{shimveraa64}/aa64 %global shimdiraa64 %{_datadir}/shim/%{shimveraa64}/aa64
@ -48,6 +48,7 @@ Requires: mokutil >= 1:0.3.0-1 \
Requires: efi-filesystem \ Requires: efi-filesystem \
Provides: shim-signed-%{-a*} = %{version}-%{release} \ Provides: shim-signed-%{-a*} = %{version}-%{release} \
Requires: dbxtool >= 0.6-3 \ Requires: dbxtool >= 0.6-3 \
Requires: %{efi_esp_dir}/grub%{-a*}.efi \
%{expand:%%if 0%%{-p*} \ %{expand:%%if 0%%{-p*} \
Provides: shim = %{version}-%{release} \ Provides: shim = %{version}-%{release} \
Provides: shim-signed = %{version}-%{release} \ Provides: shim-signed = %{version}-%{release} \
@ -90,7 +91,7 @@ version signed by the UEFI signing service. \
# -i <input> # -i <input>
%define distrosign(b:a:d:) \ %define distrosign(b:a:d:) \
cp -av %{-d*}/%{-b*}%{-a*}.efi %{-b*}%{-a*}-unsigned.efi \ cp -av %{-d*}/%{-b*}%{-a*}.efi %{-b*}%{-a*}-unsigned.efi \
%{expand:%%sign -i %{-b*}%{-a*}-unsigned.efi -o %{-b*}%{-a*}-signed.efi -n redhatsecureboot501 -a %{SOURCE2} -c %{SOURCE1} }\ %{expand:%%sign -i %{-b*}%{-a*}-unsigned.efi -o %{-b*}%{-a*}-signed.efi -n clsecureboot001 -a %{SOURCE1} -c %{SOURCE1} }\
%{nil} %{nil}
# -a <efiarch> # -a <efiarch>

View File

@ -1,3 +1,8 @@
%global dist %{?dist}.alma
%global efi_vendor almalinux
%global efidir almalinux
%global efi_esp_dir /boot/efi/EFI/%{efidir}
Name: shim Name: shim
Version: 15.4 Version: 15.4
Release: 2%{?dist} Release: 2%{?dist}
@ -14,8 +19,7 @@ ExcludeArch: %{ix86}
ExcludeArch: %{arm} ExcludeArch: %{arm}
Source0: shim.rpmmacros Source0: shim.rpmmacros
Source1: redhatsecureboot501.cer Source1: clsecureboot001.cer
Source2: redhatsecurebootca5.cer
# keep these two lists of sources synched up arch-wise. That is 0 and 10 # keep these two lists of sources synched up arch-wise. That is 0 and 10
# match, 1 and 11 match, ... # match, 1 and 11 match, ...
@ -101,27 +105,20 @@ install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi
%endif %endif
%changelog %changelog
* Tue Apr 06 2021 Peter Jones <pjones@redhat.com> - 15.4-2 * Wed Apr 21 2021 Andrew Lukoshko <alukoshko@almalinux.org> - 15.4-2.alma
- Fix build-deps on our shim-unsigned-* packages. - Update to upstream 15.4 version
Related: CVE-2020-14372 (and others) - Add support for Secure Boot
* Mon Apr 05 2021 Peter Jones <pjones@redhat.com> - 15.4-1 * Mon Mar 15 2021 Andrei Lukoshko <alukoshko@almalinux.org> - 15-16.alma.1
- Update to shim 15.4 - AlmaLinux changes
- Support for revocations via the ".sbat" section and SBAT EFI variable
- A new unit test framework and a bunch of unit tests * Mon Sep 21 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-16
- No external gnu-efi dependency - Fix an incorrect allocation size
- Better CI Resolves: rhbz#1877253
Resolves: CVE-2020-14372
Resolves: CVE-2020-25632
Resolves: CVE-2020-25647
Resolves: CVE-2020-27749
Resolves: CVE-2020-27779
Resolves: CVE-2021-20225
Resolves: CVE-2021-20233
* Fri Jul 31 2020 Peter Jones <pjones@redhat.com> - 15-15 * Fri Jul 31 2020 Peter Jones <pjones@redhat.com> - 15-15
- Update once again for new signed shim builds. - Update once again for new signed shim builds.
Resolves: rhbz#1862231 Resolves: rhbz#1861977
* Tue Jul 28 2020 Peter Jones <pjones@redhat.com> - 15-14 * Tue Jul 28 2020 Peter Jones <pjones@redhat.com> - 15-14
- Get rid of our %%dist hack for now. - Get rid of our %%dist hack for now.
@ -136,7 +133,9 @@ install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi
* Thu Jun 11 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-12 * Thu Jun 11 2020 Javier Martinez Canillas <javierm@redhat.com> - 15-12
- Fix firmware update bug in aarch64 caused by shim ignoring arguments - Fix firmware update bug in aarch64 caused by shim ignoring arguments
Resolves: rhbz#1830871
- Fix a shim crash when attempting to netboot - Fix a shim crash when attempting to netboot
Resolves: rhbz#1795654
* Fri Jun 07 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-11 * Fri Jun 07 2019 Javier Martinez Canillas <javierm@redhat.com> - 15-11
- Update the shim-unsigned-aarch64 version number - Update the shim-unsigned-aarch64 version number