* New upstream release.debian/15+1533136590.3beb971-1

  - debian/patches/second-stage-path: dropped; the default loader path now
    includes an arch suffix.
  - debian/patches/sbsigntool-no-pesign: dropped; no longer needed.
* Drop remaining patches that were not being applied.
* Sync packaging from Ubuntu:
  - debian/copyright: Update upstream source location.
  - debian/control: add a Build-Depends on libelf-dev.
  - Enable arm64 build.
  - debian/patches/fixup_git.patch: don't run git in clean; we're not
    really in a git tree.
  - debian/rules, debian/shim.install: use the upstream install target as
    intended, and move files to the target directory using dh_install.
  - define RELEASE and COMMIT_ID for the snapshot.
  - Set ENABLE_HTTPBOOT to enable the HTTP Boot feature.
  - Update dh_auto_build/dh_auto_clean/dh_auto_install for new upstream
    options: set MAKELEVEL.
  - Define an EFI_ARCH variable, and use that for paths to shim. This
    makes it possible to build a shim for other architectures than amd64.
  - Set EFIDIR=$distro for dh_auto_install; that will let files be installed
    in the "right" final directories, and makes boot.csv for us.
  - Set ENABLE_SHIM_CERT, to keep using ephemeral self-signed certs built
    at compile-time for MokManager and fallback.
  - Set ENABLE_SBSIGN, to use sbsign instead of pesign for signing fallback
    and MokManager.

1 files changed, 63 insertions, 0 deletions

diff --git a/BUILDING b/BUILDING
new file mode 100644
index 00000000..533c646f
--- /dev/null
+++ b/BUILDING
@@ -0,0 +1,63 @@
+It's pretty straightforward:
+
+cp $MY_DER_ENCODED_CERT pub.cer
+make VENDOR_CERT_FILE=pub.cer
+make EFIDIR=my_esp_dir_name install
+
+There are a couple of ways to customize the build:
+
+Install targets:
+- install
+  installs shim as if to a hard drive, including installing MokManager and
+  fallback appropriately.
+- install-as-data
+  installs shim files to /usr/share/shim/$(EFI_ARCH)-$(VERSION)/
+
+Variables you should set to customize the build:
+- EFIDIR
+  This is the name of the ESP directory.  The install targets won't work
+  without it.
+- DESTDIR
+  This will be prepended to any install targets, so you don't have to
+  install to a live root directory.
+- DEFAULT_LOADER
+  defaults to \\\\grub$(EFI_ARCH).efi , but you could set it to whatever.
+  Be careful with the leading backslashes, they can be hard to get
+  correct.
+
+Variables you could set to customize the build:
+- ENABLE_SHIM_CERT
+  if this variable is defined on the make command line, shim will
+  generate keys during the build and sign MokManager and fallback with
+  them, and the signed version will be what gets installed with the
+  install targets
+- ENABLE_HTTPBOOT
+  build support for http booting
+- REQUIRE_TPM
+  if tpm logging or extends return an error code, treat that as a fatal error.
+- ARCH
+  This allows you to do a build for a different arch that we support.  For
+  instance, on x86_64 you could do "setarch linux32 make ARCH=ia32" to get
+  the ia32 build instead.  (DEFAULT_LOADER will be automatically adjusted
+  in that case.)
+- TOPDIR
+  You can use this along with make -f to build in a subdir.  For instance,
+  on an x86_64 machine you could do:
+
+    mkdir build-ia32 build-x64 inst
+    cd build-ia32
+    setarch linux32 make TOPDIR=.. ARCH=ia32 -f ../Makefile
+    setarch linux32 make TOPDIR=.. ARCH=ia32 \
+			 DESTDIR=../inst EFIDIR=debian \
+			 -f ../Makefile install
+    cd ../build-x64
+    make TOPDIR=.. -f ../Makefile
+    make TOPDIR=.. DESTDIR=../inst EFIDIR=debian \
+			-f ../Makefile install
+
+  That would get you x86_64 and ia32 builds in the "inst" subdir.
+- OSLABEL
+  This is the label that will be put in BOOT$(EFI_ARCH).CSV for your OS.
+  By default this is the same value as EFIDIR .
+
+# vim:filetype=mail:tw=74