[shim] Update to produce shim-unsigned.

Thu Oct 18 19:58:52 UTC 2012

commit c4760862098aff3d0a2e225fdb8da97f300f4873
Author: Peter Jones <pjones at redhat.com>
Date:   Thu Oct 18 15:27:54 2012 -0400

    Update to produce shim-unsigned.
    
    This makes the package produced be named "shim-unsigned", and moves the
    output to be /usr/share/shim/shim.{efi,sig}.
    
    Signed-off-by: Peter Jones <pjones at redhat.com>

 shim.spec |   33 +++++++++++++++++++--------------
 1 files changed, 19 insertions(+), 14 deletions(-)
---

diff --git a/shim.spec b/shim.spec
index 853257f..8b91550 100644
--- a/shim.spec
+++ b/shim.spec
@@ -8,8 +8,7 @@ URL:            http://www.codon.org.uk/~mjg59/shim/
 Source0:        http://www.codon.org.uk/~mjg59/shim/shim-%{version}.tar.bz2
 
 BuildRequires: gnu-efi git
-BuildRequires: pesign >= 0.10-2
-Requires: gnu-efi
+BuildRequires: pesign >= 0.99-6
 
 # Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not
 # compatible with SysV (there's no red zone under UEFI) and there isn't a
@@ -21,11 +20,6 @@ Requires: gnu-efi
 # Adding further platforms will require adding appropriate relocation code.
 ExclusiveArch: x86_64
 
-# Fix wrong expectation about the "image size" PE header field
-Patch0: shim-image-size.patch
-# Allow specifying the vendor certificate on the command line
-Patch1: shim-vendor-cert-file.patch
-
 # Shim generates no binaries that run under the installed OS, so debuginfo
 # is useless
 %global debug_package %{nil}
@@ -42,8 +36,15 @@ Patch1: shim-vendor-cert-file.patch
 Initial UEFI bootloader that handles chaining to a trusted full bootloader
 under secure boot environments.
 
+%package -n shim-unsigned
+Summary: First-stage UEFI bootloader (unsigned data)
+
+%description -n shim-unsigned
+Initial UEFI bootloader that handles chaining to a trusted full bootloader
+under secure boot environments.
+
 %prep
-%setup -q
+%setup -q -n shim-%{version}
 git init
 git config user.email "shim-owner at fedoraproject.org"
 git config user.name "Fedora Ninjas"
@@ -65,16 +66,20 @@ make %{?_smp_mflags} ${MAKEFLAGS}
 
 %install
 rm -rf $RPM_BUILD_ROOT
-mv shim.efi shim.orig
-%pesign -s -i shim.orig -o shim.efi
-install -m 0755 -D shim.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim.efi
+%pesign -s -i shim.efi -e shim.sig
+install -D -d -m 0755 $RPM_BUILD_ROOT%{_datadir}/shim/
+install -m 0644 shim.efi $RPM_BUILD_ROOT%{_datadir}/shim/shim.efi
+install -m 0644 shim.sig $RPM_BUILD_ROOT%{_datadir}/shim/shim.sig
 
-%files
+%files -n shim-unsigned
 %doc
-/boot/efi/EFI/%{efidir}/shim.efi
-
+%dir %{_datadir}/shim
+%{_datadir}/shim/*
 
 %changelog
+* Thu Oct 18 2012 Peter Jones <pjones at redhat.com>
+- Produce an unsigned shim
+
 * Tue Aug 14 2012 Peter Jones <pjones at redhat.com> - 0.1-3
 - Update how embedded cert and signing work.
 
