diff options
| author | Taylor Smock | 2018-01-01 06:05:05 -0700 |
|---|---|---|
| committer | Taylor Smock | 2018-01-01 06:05:05 -0700 |
| commit | 716eae8ef7589373ebf5c433d2b0d6e1b679e09f (patch) | |
| tree | fd8d03f08b44d72376d3eb3bc5bf5ef3001a318c | |
| parent | 36997dfa886d7493e3a600d82774e2b5b508cc09 (diff) | |
| download | aur-716eae8ef7589373ebf5c433d2b0d6e1b679e09f.tar.gz | |
UPDATE: New version (v14) along with some additional fixups
| -rw-r--r-- | .SRCINFO | 18 | ||||
| -rw-r--r-- | PKGBUILD | 22 | ||||
| -rw-r--r-- | shim.changelog | 32 | ||||
| -rw-r--r-- | shim.patch | 20 |
4 files changed, 63 insertions, 29 deletions
@@ -1,9 +1,9 @@ # Generated by mksrcinfo v8 -# Tue Jun 6 11:27:29 UTC 2017 +# Mon Jan 1 13:04:17 UTC 2018 pkgbase = shim-efi pkgdesc = Simple bootloader for x86_64 UEFI Secure Boot - pkgver = 12 - pkgrel = 4 + pkgver = 14 + pkgrel = 1 url = https://github.com/rhinstaller/shim install = shim.install changelog = shim.changelog @@ -15,17 +15,17 @@ pkgbase = shim-efi depends = efivar depends = efibootmgr optdepends = mactel-boot: For bless command in Apple Mac systems - provides = shim-efi=12 - provides = shim-efi-x86_64=12 - provides = shim-efi-x86_64-git=12 + provides = shim-efi=14 + provides = shim-efi-x86_64=14 + provides = shim-efi-x86_64-git=14 conflicts = shim-efi-git conflicts = shim-efi-x86_64 conflicts = shim-efi-x86_64-git options = !strip - source = https://github.com/rhinstaller/shim/releases/download/12/shim-12.tar.bz2 + source = https://github.com/rhinstaller/shim/releases/download/14/shim-14.tar.bz2 source = shim.patch - sha256sums = d9364983ef91ab09dc231c8d979b413cfa36d4744830ba59f5d3e52b616048b0 - sha256sums = e2715a7aef5ee4d7c6f428d09ab387ce86bdf83969921e2b36eb92696752ebc0 + sha256sums = 11584881af2cb990a5a782747558ebd3a182b766f2747bd0c0955cbf4786285e + sha256sums = 40f2592eb37ccd7ab79c448f725f36a8ea560f26a10cad11c778a776980e3e7d pkgname = shim-efi @@ -5,8 +5,8 @@ __pkgname="shim" pkgname="${__pkgname}-efi" -pkgver=12 -pkgrel=4 +pkgver=14 +pkgrel=1 pkgdesc="Simple bootloader for x86_64 UEFI Secure Boot" url="https://github.com/rhinstaller/${__pkgname}" arch=('x86_64') @@ -24,8 +24,8 @@ install="${__pkgname}.install" changelog="${__pkgname}.changelog" source=("${url}/releases/download/${pkgver}/${__pkgname}-${pkgver}.tar.bz2" ${__pkgname}.patch) -sha256sums=('d9364983ef91ab09dc231c8d979b413cfa36d4744830ba59f5d3e52b616048b0' - 'e2715a7aef5ee4d7c6f428d09ab387ce86bdf83969921e2b36eb92696752ebc0') +sha256sums=('11584881af2cb990a5a782747558ebd3a182b766f2747bd0c0955cbf4786285e' + '40f2592eb37ccd7ab79c448f725f36a8ea560f26a10cad11c778a776980e3e7d') # Change to path for your own certificate @@ -51,20 +51,22 @@ build() { local __vendorCertFile="${__certfile}" local __makeArgs - if [ -f ${__vendorCertFile} ]; then + if [ -f "${__vendorCertFile}" ]; then __makeArgs="VENDOR_CERT_FILE=${__certfile}" fi make ${__makeArgs} } package() { - cd "${srcdir}/${__pkgname}-${pkgver}/" install -d "${pkgdir}/usr/lib/shim/" install -D -m0644 "${srcdir}/${__pkgname}-${pkgver}/shimx64.efi" "${pkgdir}/usr/lib/shim" - install -D -m0644 "${srcdir}/${__pkgname}-${pkgver}/mmx64.efi.signed" "${pkgdir}/usr/lib/shim" - install -D -m0644 "${srcdir}/${__pkgname}-${pkgver}/fbx64.efi.signed" "${pkgdir}/usr/lib/shim" - + install -D -m0644 "${srcdir}/${__pkgname}-${pkgver}/mmx64.efi.signed" "${pkgdir}/usr/lib/shim" || echo "No cert at: ${__certfile}" + install -D -m0644 "${srcdir}/${__pkgname}-${pkgver}/fbx64.efi.signed" "${pkgdir}/usr/lib/shim" || echo "No cert at: ${__certfile}" + if [ ! -f "${__certfile}" ]; then + echo "Certificates required for \${FILE}.signed" + echo "Current set location: ${__certfile}" + echo "If you want to make your own certificates, use \"make-certs\" in the source directory" + fi } - diff --git a/shim.changelog b/shim.changelog index efa968953e4a..af6af45855fa 100644 --- a/shim.changelog +++ b/shim.changelog @@ -1,3 +1,35 @@ +14 + The shim EFI binary cannot have sections whose offset is not a multiple of the + file header offset, or else signtool.exe will generate an incorrect signature + that cannot be verified. Currently we generate a PLT section that is + incorrectly aligned, due to an error in rebasing OpenSSL to fix a different + issue. This version rectifies that error, as well as adding --no-undefined to + the final link, so that any such missing symbol will cause a build error. This + doesn't necessarily solve the file offset problem in all cases, but it does + solve it in all the cases we've actually seen so far. + +13 + * OpenSSL reverted to 1.0.2k to make the cert chaining of existing deployments stay working + * Better PCR usage for TPM + * TPM documentation in README.tpm + * More configurable build via make variables: + ENABLE_SHIM_CERT + ENABLE_SHIM_HASH + ENABLE_SBSIGN + LIBDIR + EFIDIR + VENDOR_CERT_FILE + VENDOR_DB_FILE + Better MoK documentation in MokVars.txt + Better debuginfo generation + Lots of minor bug fixes. + +12 + * OpenSSL 1.1.0e (glin) + * Workaround for signtool.exe bugs (pjones) + * Bug fix for wrong options passed to second stage (jsgruber) + * Requested that tar.gz/zip downloads not used for this version + 11 * generate_hash(): fix the regression (Lans Zhang) * Ignore BDS when it tells us we got our own path on the command line. diff --git a/shim.patch b/shim.patch index ad674bc90ee3..77dcc60a5a05 100644 --- a/shim.patch +++ b/shim.patch @@ -1,11 +1,11 @@ ---- Makefile.old 2017-04-12 15:20:45.296682169 -0600 -+++ Makefile 2017-04-12 15:20:52.366768324 -0600 -@@ -52,7 +52,7 @@ - MMNAME = mmx64 - FBNAME = fbx64 - SHIMNAME= shimx64 -- EFI_PATH:=/usr/lib64/gnuefi -+ EFI_PATH:=/usr/lib64 - LIB_PATH:=/usr/lib64 - +--- Makefile 2018-01-01 05:35:14.249320339 -0700 ++++ src/shim-14/Makefile 2018-01-01 05:36:50.531466485 -0700 +@@ -107,7 +107,7 @@ endif + + FORMAT ?= --target efi-app-$(ARCH) +-EFI_PATH ?= $(LIBDIR)/gnuefi ++EFI_PATH ?= $(LIBDIR) + + MMSTEM ?= mm$(ARCH_SUFFIX) + MMNAME = $(MMSTEM).efi |