[shim/f18] Automatically embed the Red Hat Test Certificate and sign with it.

Tue Aug 14 18:40:54 UTC 2012

commit 83155d74d230e4347194786322bde65386f94eee
Author: Peter Jones <pjones at redhat.com>
Date:   Tue Aug 14 11:54:28 2012 -0400

    Automatically embed the Red Hat Test Certificate and sign with it.

 shim.spec |   30 +++++++++++++++++++++---------
 1 files changed, 21 insertions(+), 9 deletions(-)
---

diff --git a/shim.spec b/shim.spec
index ec3dfce..40731e6 100644
--- a/shim.spec
+++ b/shim.spec
@@ -7,7 +7,8 @@ License:        BSD
 URL:            http://www.codon.org.uk/~mjg59/shim/
 Source0:        http://www.codon.org.uk/~mjg59/shim/shim-%{version}.tar.bz2
 
-BuildRequires: gnu-efi pesign
+BuildRequires: gnu-efi git
+BuildRequires: pesign >= 0.10-2
 Requires: gnu-efi
 
 # Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
@@ -20,10 +21,10 @@ Requires: gnu-efi
 # Adding further platforms will require adding appropriate relocation code.
 ExclusiveArch: x86_64
 
-# Temporary test key - update before final
-Patch0: shim-fedora.diff
-
-Patch1: shim-image-size.patch
+# Fix wrong expectation about the "image size" PE header field
+Patch0: shim-image-size.patch
+# Allow specifying the vendor certificate on the command line
+Patch1: shim-vendor-cert-file.patch
 
 # Shim generates no binaries that run under the installed OS, so debuginfo
 # is useless
@@ -41,14 +42,25 @@ Patch1: shim-image-size.patch
 Initial UEFI bootloader that handles chaining to a trusted full bootloader
 under secure boot environments.
 
-
 %prep
 %setup -q
-%patch0 -p1
-%patch1 -p1
+git init
+git config user.email "shim-owner at fedoraproject.org"
+git config user.name "Fedora Ninjas"
+git add .
+git commit -a -q -m "%{version} baseline."
+git am %{patches} </dev/null
 
 %build
-make %{?_smp_mflags}
+%define vendor_token_str %{expand:%%{nil}%%{?vendor_token_name:-t "%{vendor_token_name}"}}
+%define vendor_cert_str %{expand:%%{!?vendor_cert_nickname:-c "Red Hat Test Certificate"}%%{?vendor_cert_nickname:-c "%%{vendor_cert_nickname}"}}
+pesign %{vendor_token_str} %{vendor_cert_str} -C vendor.cer
+
+MAKEFLAGS=""
+if [ -f vendor.cer ]; then
+	MAKEFLAGS="VENDOR_CERT_FILE=vendor.cer"
+fi
+make %{?_smp_mflags} ${MAKEFLAGS}
 
 
 %install
