[shim] Update to produce shim-unsigned.
Peter Jones
pjones at fedoraproject.org
Thu Oct 18 19:58:52 UTC 2012
commit c4760862098aff3d0a2e225fdb8da97f300f4873
Author: Peter Jones <pjones at redhat.com>
Date: Thu Oct 18 15:27:54 2012 -0400
Update to produce shim-unsigned.
This makes the package produced be named "shim-unsigned", and moves the
output to be /usr/share/shim/shim.{efi,sig}.
Signed-off-by: Peter Jones <pjones at redhat.com>
shim.spec | 33 +++++++++++++++++++--------------
1 files changed, 19 insertions(+), 14 deletions(-)
---
diff --git a/shim.spec b/shim.spec
index 853257f..8b91550 100644
--- a/shim.spec
+++ b/shim.spec
@@ -8,8 +8,7 @@ URL: http://www.codon.org.uk/~mjg59/shim/
Source0: http://www.codon.org.uk/~mjg59/shim/shim-%{version}.tar.bz2
BuildRequires: gnu-efi git
-BuildRequires: pesign >= 0.10-2
-Requires: gnu-efi
+BuildRequires: pesign >= 0.99-6
# Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
# compatible with SysV (there's no red zone under UEFI) and there isn't a
@@ -21,11 +20,6 @@ Requires: gnu-efi
# Adding further platforms will require adding appropriate relocation code.
ExclusiveArch: x86_64
-# Fix wrong expectation about the "image size" PE header field
-Patch0: shim-image-size.patch
-# Allow specifying the vendor certificate on the command line
-Patch1: shim-vendor-cert-file.patch
-
# Shim generates no binaries that run under the installed OS, so debuginfo
# is useless
%global debug_package %{nil}
@@ -42,8 +36,15 @@ Patch1: shim-vendor-cert-file.patch
Initial UEFI bootloader that handles chaining to a trusted full bootloader
under secure boot environments.
+%package -n shim-unsigned
+Summary: First-stage UEFI bootloader (unsigned data)
+
+%description -n shim-unsigned
+Initial UEFI bootloader that handles chaining to a trusted full bootloader
+under secure boot environments.
+
%prep
-%setup -q
+%setup -q -n shim-%{version}
git init
git config user.email "shim-owner at fedoraproject.org"
git config user.name "Fedora Ninjas"
@@ -65,16 +66,20 @@ make %{?_smp_mflags} ${MAKEFLAGS}
%install
rm -rf $RPM_BUILD_ROOT
-mv shim.efi shim.orig
-%pesign -s -i shim.orig -o shim.efi
-install -m 0755 -D shim.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim.efi
+%pesign -s -i shim.efi -e shim.sig
+install -D -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/shim/
+install -m 0644 shim.efi $RPM_BUILD_ROOT%{_datadir}/shim/shim.efi
+install -m 0644 shim.sig $RPM_BUILD_ROOT%{_datadir}/shim/shim.sig
-%files
+%files -n shim-unsigned
%doc
-/boot/efi/EFI/%{efidir}/shim.efi
-
+%dir %{_datadir}/shim
+%{_datadir}/shim/*
%changelog
+* Thu Oct 18 2012 Peter Jones <pjones at redhat.com>
+- Produce an unsigned shim
+
* Tue Aug 14 2012 Peter Jones <pjones at redhat.com> - 0.1-3
- Update how embedded cert and signing work.
More information about the scm-commits
mailing list