-
Notifications
You must be signed in to change notification settings - Fork 541
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
817838b
commit 8f7362e
Showing
5 changed files
with
297 additions
and
0 deletions.
There are no files selected for viewing
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
diff -up sbsigntools-0.9.5/configure.ac.gnu-efi sbsigntools-0.9.5/configure.ac | ||
--- sbsigntools-0.9.5/configure.ac.gnu-efi 2023-05-05 12:56:50.000000000 +0200 | ||
+++ sbsigntools-0.9.5/configure.ac 2023-05-05 13:06:47.495361241 +0200 | ||
@@ -67,19 +67,30 @@ PKG_CHECK_MODULES(uuid, uuid, | ||
AC_MSG_ERROR([libuuid (from the uuid package) is required])) | ||
|
||
dnl gnu-efi headers require extra include dirs | ||
-EFI_ARCH=$(uname -m | sed 's/i.86/ia32/;s/arm.*/arm/') | ||
-AM_CONDITIONAL(TEST_BINARY_FORMAT, [ test "$EFI_ARCH" = "arm" -o "$EFI_ARCH" = "aarch64" -o "$EFI_ARCH" = riscv64 ]) | ||
+EFI_ARCH=$(uname -m | sed -e 's/i.86/ia32/;s/arm.*/arm/' -e 's/x86_64/x64/' -e 's/aarch64/aa64/') | ||
+AM_CONDITIONAL(TEST_BINARY_FORMAT, [ test "$EFI_ARCH" = "arm" -o "$EFI_ARCH" = "aa64" -o "$EFI_ARCH" = riscv64 ]) | ||
|
||
## | ||
# no consistent view of where gnu-efi should dump the efi stuff, so find it | ||
## | ||
-for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi ; do | ||
- if test -e $path/crt0-efi-$EFI_ARCH.o; then | ||
+AC_MSG_CHECKING([gnu-efi crt path]) | ||
+for path in /lib /lib64 /usr/lib /usr/lib64 /usr/lib32 /lib/efi /lib64/efi /usr/lib/efi /usr/lib64/efi /usr/lib/gnuefi /usr/lib64/gnuefi /usr/lib/gnuefi/$EFI_ARCH ; do | ||
+ if test -e $path/crt0.o; then | ||
CRTPATH=$path | ||
+ CRT=crt0.o | ||
+ LDS=efi.lds | ||
+ EFI_PATH=$path | ||
+ elif test -e $path/crt0-efi-$EFI_ARCH.o; then | ||
+ CRTPATH=$path | ||
+ CRT=crt0-efi-${EFI_ARCH}.o | ||
+ LDS=elf_${EFI_ARCH}_efi.lds | ||
+ EFI_PATH=$libdir | ||
fi | ||
done | ||
if test -z "$CRTPATH"; then | ||
AC_MSG_ERROR([cannot find the gnu-efi crt path]) | ||
+else | ||
+ AC_MSG_RESULT($CRTPATH) | ||
fi | ||
|
||
EFI_CPPFLAGS="-I/usr/include/efi -I/usr/include/efi/$EFI_ARCH \ | ||
@@ -91,6 +102,9 @@ CPPFLAGS="$CPPFLAGS_save" | ||
AC_SUBST(EFI_CPPFLAGS, $EFI_CPPFLAGS) | ||
AC_SUBST(EFI_ARCH, $EFI_ARCH) | ||
AC_SUBST(CRTPATH, $CRTPATH) | ||
+AC_SUBST(CRT, $CRT) | ||
+AC_SUBST(LDS, $LDS) | ||
+AC_SUBST(EFI_PATH, $EFI_PATH) | ||
|
||
AC_CONFIG_FILES([Makefile src/Makefile lib/ccan/Makefile] | ||
[docs/Makefile tests/Makefile]) | ||
diff -up sbsigntools-0.9.5/tests/Makefile.am.gnu-efi sbsigntools-0.9.5/tests/Makefile.am | ||
--- sbsigntools-0.9.5/tests/Makefile.am.gnu-efi 2023-05-05 12:56:50.000000000 +0200 | ||
+++ sbsigntools-0.9.5/tests/Makefile.am 2023-05-05 12:57:50.674915069 +0200 | ||
@@ -18,7 +18,7 @@ if TEST_BINARY_FORMAT | ||
EFILDFLAGS = --defsym=EFI_SUBSYSTEM=0x0a | ||
FORMAT = -O binary | ||
else | ||
-FORMAT = --target=efi-app-$(EFI_ARCH) | ||
+FORMAT = --target=efi-app-$(EFI_ARCH:x64=x86_64) | ||
endif | ||
check_DATA = $(test_key) $(test_cert) | ||
check_SCRIPTS = test-wrapper.sh | ||
@@ -31,7 +31,7 @@ check_SCRIPTS = test-wrapper.sh | ||
$(FORMAT) $^ $@ | ||
|
||
.$(OBJEXT).elf: | ||
- $(LD) $(EFILDFLAGS) -nostdlib -L /usr/lib -L /usr/lib64 -L $(CRTPATH) -shared -Bsymbolic $(CRTPATH)/crt0-efi-$(EFI_ARCH).o -T elf_$(EFI_ARCH)_efi.lds $< -o $@ -lefi -lgnuefi | ||
+ $(LD) $(EFILDFLAGS) -nostdlib -L /usr/lib -L /usr/lib64 -L $(CRTPATH) -shared -Bsymbolic $(CRTPATH)/$(CRT) -T $(LDS) $< -o $@ $(EFI_PATH)/libefi.a $(EFI_PATH)/libgnuefi.a | ||
|
||
AM_CFLAGS=-fpic -I/usr/include/efi -I/usr/include/efi/$(EFI_ARCH) | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
#!/bin/bash | ||
|
||
set -e | ||
|
||
tmp=$(mktemp -d) | ||
|
||
#trap cleanup EXIT | ||
#cleanup() { | ||
# set +e | ||
# [ -z "$tmp" -o ! -d "$tmp" ] || rm -rf "$tmp" | ||
#} | ||
|
||
unset CDPATH | ||
pwd=$(pwd) | ||
version=0.9.5 | ||
commit=9cfca9fe7aa7a8e29b92fe33ce8433e212c9a8ba | ||
|
||
pushd "$tmp" | ||
git clone git://git.kernel.org/pub/scm/linux/kernel/git/jejb/sbsigntools.git | ||
cd sbsigntools | ||
git checkout ${commit} | ||
ccan_modules="talloc read_write_all build_assert array_size endian" | ||
git submodule init | ||
git submodule update | ||
lib/ccan.git/tools/create-ccan-tree --build-type=automake lib/ccan $ccan_modules | ||
rm -r lib/ccan.git | ||
( | ||
echo "Authors of sbsigntool:" | ||
echo | ||
git log --format='%an' | sort -u | sed 's,^,\t,' | ||
) > AUTHORS | ||
git log --date=short --format='%ad %t %an <%ae>%n%n * %s%n' > ChangeLog | ||
cd .. | ||
mv sbsigntools sbsigntools-${version} | ||
tar cJf "$pwd"/sbsigntools-${version}.tar.xz --exclude=.git sbsigntools-${version} | ||
popd |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
diff -up sbsigntools-0.8/autogen.sh.nogit sbsigntools-0.8/autogen.sh | ||
--- sbsigntools-0.8/autogen.sh.nogit 2017-09-04 18:22:49.244640635 +0200 | ||
+++ sbsigntools-0.8/autogen.sh 2017-09-04 18:31:49.136838666 +0200 | ||
@@ -1,31 +1,5 @@ | ||
#!/bin/bash | ||
|
||
-ccan_modules="talloc read_write_all build_assert array_size endian" | ||
- | ||
-# Add ccan upstream sources | ||
-if [ ! -e lib/ccan.git/Makefile ] | ||
-then | ||
- git submodule init | ||
- git submodule update | ||
-fi | ||
- | ||
-# create ccan build tree | ||
-if [ ! -e lib/ccan ] | ||
-then | ||
- lib/ccan.git/tools/create-ccan-tree \ | ||
- --build-type=automake lib/ccan $ccan_modules | ||
-fi | ||
- | ||
-# Create generatable docs from git | ||
-( | ||
- echo "Authors of sbsigntool:" | ||
- echo | ||
- git log --format='%an' | sort -u | sed 's,^,\t,' | ||
-) > AUTHORS | ||
- | ||
-# Generate simple ChangeLog | ||
-git log --date=short --format='%ad %t %an <%ae>%n%n * %s%n' > ChangeLog | ||
- | ||
# automagic | ||
aclocal | ||
autoheader |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,157 @@ | ||
%bcond_without check | ||
%define _warning_options -Wall -Werror=format-security -Wno-deprecated-declarations -Wno-maybe-uninitialized | ||
|
||
Name: sbsigntools | ||
Version: 0.9.5 | ||
Release: 3%{?dist} | ||
Summary: Signing utility for UEFI secure boot | ||
License: GPLv3+ | ||
URL: https://build.opensuse.org/package/show/home:jejb1:UEFI/sbsigntools | ||
# upstream tarballs don't include bundled ccan | ||
# run sbsigntools-mktarball.sh | ||
Source0: %{name}-%{version}.tar.xz | ||
Source1: %{name}-mktarball.sh | ||
# don't fetch ccan or run git from autogen.sh, already done by mktarball.sh | ||
Patch0: %{name}-no-git.patch | ||
# add Fedora gnu-efi path and link statically against libefi.a/libgnuefi.a | ||
Patch1: %{name}-gnuefi.patch | ||
# same as gnu-efi | ||
ExclusiveArch: x86_64 aarch64 %{arm} %{ix86} | ||
BuildRequires: make | ||
BuildRequires: automake | ||
BuildRequires: binutils-devel | ||
BuildRequires: gcc | ||
BuildRequires: gnu-efi-devel >= 1:3.0.8-3 | ||
BuildRequires: help2man | ||
BuildRequires: libuuid-devel | ||
%if %{with check} | ||
BuildRequires: openssl | ||
%endif | ||
BuildRequires: openssl-devel | ||
Provides: bundled(ccan-array_size) | ||
Provides: bundled(ccan-build_assert) | ||
Provides: bundled(ccan-check_type) | ||
Provides: bundled(ccan-compiler) | ||
Provides: bundled(ccan-container_of) | ||
Provides: bundled(ccan-endian) | ||
Provides: bundled(ccan-failtest) | ||
Provides: bundled(ccan-hash) | ||
Provides: bundled(ccan-htable) | ||
Provides: bundled(ccan-list) | ||
Provides: bundled(ccan-read_write_all) | ||
Provides: bundled(ccan-str) | ||
Provides: bundled(ccan-talloc) | ||
Provides: bundled(ccan-tcon) | ||
Provides: bundled(ccan-time) | ||
Provides: bundled(ccan-tlist) | ||
Provides: bundled(ccan-typesafe_cb) | ||
|
||
%description | ||
Tools to add signatures to EFI binaries and Drivers. | ||
|
||
%prep | ||
%autosetup -p1 | ||
|
||
%build | ||
./autogen.sh | ||
%configure | ||
%make_build | ||
|
||
%install | ||
%make_install | ||
|
||
%if %{with check} | ||
%check | ||
make check | ||
%endif | ||
|
||
%files | ||
%license COPYING LICENSE.GPLv3 lib/ccan/licenses/* | ||
%doc AUTHORS ChangeLog | ||
%{_bindir}/sbattach | ||
%{_bindir}/sbkeysync | ||
%{_bindir}/sbsiglist | ||
%{_bindir}/sbsign | ||
%{_bindir}/sbvarsign | ||
%{_bindir}/sbverify | ||
%{_mandir}/man1/sbattach.1.* | ||
%{_mandir}/man1/sbkeysync.1.* | ||
%{_mandir}/man1/sbsiglist.1.* | ||
%{_mandir}/man1/sbsign.1.* | ||
%{_mandir}/man1/sbvarsign.1.* | ||
%{_mandir}/man1/sbverify.1.* | ||
|
||
%changelog | ||
* Sat Jan 27 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-3 | ||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild | ||
|
||
* Sat Jul 22 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.5-2 | ||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild | ||
|
||
* Fri May 05 2023 Dominik Mierzejewski <dominik@greysector.net> - 0.9.5-1 | ||
- update to 0.9.5 (#2179697) | ||
- drop obsolete patches | ||
|
||
* Sat Jan 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.4-11 | ||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild | ||
|
||
* Tue Jan 17 2023 Dominik Mierzejewski <dominik@greysector.net> - 0.9.4-10 | ||
- fix build with GCC 13 | ||
|
||
* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.4-9 | ||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild | ||
|
||
* Sat Jan 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.4-8 | ||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild | ||
|
||
* Fri Nov 19 2021 Dominik Mierzejewski <dominik@greysector.net> - 0.9.4-7 | ||
- fix build with OpenSSL 3.0.0 (fixes rhbz#2021909) | ||
|
||
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 0.9.4-6 | ||
- Rebuilt with OpenSSL 3.0.0 | ||
|
||
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.4-5 | ||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild | ||
|
||
* Mon May 17 2021 Dominik Mierzejewski <dominik@greysector.net> - 0.9.4-4 | ||
- don't ignore errors from sbkeysync (fixes rhbz#1955828) | ||
|
||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.4-3 | ||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild | ||
|
||
* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.4-2 | ||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild | ||
|
||
* Fri Jul 03 2020 Dominik Mierzejewski <dominik@greysector.net> - 0.9.4-1 | ||
- update to 0.9.4 (#1846578) | ||
|
||
* Mon Feb 03 2020 Dominik Mierzejewski <dominik@greysector.net> - 0.9.3-1 | ||
- update to 0.9.3 | ||
- update bundled CCAN components list | ||
- support building with gnu-efi 3.0.11 | ||
|
||
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.2-3 | ||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild | ||
|
||
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.2-2 | ||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild | ||
|
||
* Thu Feb 28 2019 Dominik Mierzejewski <dominik@greysector.net> - 0.9.2-1 | ||
- update to 0.9.2 | ||
|
||
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.1-4 | ||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild | ||
|
||
* Wed Jul 25 2018 Dominik Mierzejewski <dominik@greysector.net> - 0.9.1-3 | ||
- fix paths to gnu-efi (work around #1608293) | ||
|
||
* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 0.9.1-2 | ||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild | ||
|
||
* Thu Feb 22 2018 Dominik Mierzejewski <dominik@greysector.net> - 0.9.1-1 | ||
- update to 0.9.1 | ||
- add Fedora gnu-efi libs location to search path | ||
- link tests statically against gnu-efi libs, there are no shared versions | ||
|
||
* Mon Sep 4 2017 Dominik Mierzejewski <dominik@greysector.net> - 0.8-1 | ||
- initial build |