* New upstream release.debian/15+1533136590.3beb971-1

- debian/patches/second-stage-path: dropped; the default loader path now includes an arch suffix. - debian/patches/sbsigntool-no-pesign: dropped; no longer needed. * Drop remaining patches that were not being applied. * Sync packaging from Ubuntu: - debian/copyright: Update upstream source location. - debian/control: add a Build-Depends on libelf-dev. - Enable arm64 build. - debian/patches/fixup_git.patch: don't run git in clean; we're not really in a git tree. - debian/rules, debian/shim.install: use the upstream install target as intended, and move files to the target directory using dh_install. - define RELEASE and COMMIT_ID for the snapshot. - Set ENABLE_HTTPBOOT to enable the HTTP Boot feature. - Update dh_auto_build/dh_auto_clean/dh_auto_install for new upstream options: set MAKELEVEL. - Define an EFI_ARCH variable, and use that for paths to shim. This makes it possible to build a shim for other architectures than amd64. - Set EFIDIR=$distro for dh_auto_install; that will let files be installed in the "right" final directories, and makes boot.csv for us. - Set ENABLE_SHIM_CERT, to keep using ephemeral self-signed certs built at compile-time for MokManager and fallback. - Set ENABLE_SBSIGN, to use sbsign instead of pesign for signing fallback and MokManager.
author: Steve Langasek <steve.langasek@canonical.com> 2019-02-09 21:28:06 -0800
committer: Steve Langasek <steve.langasek@canonical.com> 2019-02-09 21:32:44 -0800
commit: ab4c731c1dd379acd3e95971af57401fb0a650a1 (patch)
tree: 6a26fb8d0746cbbaa6c2d4b242c73442bcc1df06 /Make.defaults
parent: 0d63079c7da8e86104ce4bbdae2f6cb8d2ea40c6 (diff)
parent: 9c12130f9cd2ae11a9336813dd1f1669c0b64ad0 (diff)
download: efi-boot-shim-debian/15+1533136590.3beb971-1.tar.gz
efi-boot-shim-debian/15+1533136590.3beb971-1.zip
1 files changed, 131 insertions, 0 deletions
diff --git a/Make.defaults b/Make.defaults
new file mode 100644
index 00000000..bbfc1d7f
--- /dev/null
+++ b/Make.defaults
@@ -0,0 +1,131 @@
+COMPILER	?= gcc
+CC		= $(CROSS_COMPILE)$(COMPILER)
+LD		= $(CROSS_COMPILE)ld
+OBJCOPY		= $(CROSS_COMPILE)objcopy
+OPENSSL		?= openssl
+HEXDUMP		?= hexdump
+INSTALL		?= install
+PK12UTIL	?= pk12util
+CERTUTIL	?= certutil
+PESIGN		?= pesign
+SBSIGN		?= sbsign
+prefix		?= /usr
+prefix		:= $(abspath $(prefix))
+datadir		?= $(prefix)/share/
+PKGNAME		?= shim
+ESPROOTDIR	?= boot/efi/
+EFIBOOTDIR	?= $(ESPROOTDIR)EFI/BOOT/
+TARGETDIR	?= $(ESPROOTDIR)EFI/$(EFIDIR)/
+DATATARGETDIR	?= $(datadir)/$(PKGNAME)/$(VERSION)$(DASHRELEASE)/$(ARCH_SUFFIX)/
+DEBUGINFO	?= $(prefix)/lib/debug/
+DEBUGSOURCE	?= $(prefix)/src/debug/
+OSLABEL		?= $(EFIDIR)
+DEFAULT_LOADER	?= \\\\grub$(ARCH_SUFFIX).efi
+DASHJ		?= -j$(shell echo $$(($$(grep -c "^model name" /proc/cpuinfo) + 1)))
+
+ARCH		?= $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,)
+OBJCOPY_GTE224	= $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.*\((.*)\|version\) //g' | cut -f1-2 -d.` \>= 2.24)
+
+SUBDIRS		= $(TOPDIR)/Cryptlib $(TOPDIR)/lib
+
+EFI_INCLUDE	?= /usr/include/efi
+EFI_INCLUDES	= -nostdinc -I$(TOPDIR)/Cryptlib -I$(TOPDIR)/Cryptlib/Include \
+		  -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol \
+		  -I$(TOPDIR)/include -iquote $(TOPDIR) -iquote $(shell pwd)
+
+EFI_CRT_OBJS 	= $(EFI_PATH)/crt0-efi-$(ARCH).o
+EFI_LDS		= $(TOPDIR)/elf_$(ARCH)_efi.lds
+
+CLANG_BUGS	= $(if $(findstring gcc,$(CC)),-maccumulate-outgoing-args,)
+
+COMMIT_ID ?= $(shell if [ -e .git ] ; then git log -1 --pretty=format:%H ; elif [ -f commit ]; then cat commit ; else echo master; fi)
+
+ifeq ($(ARCH),x86_64)
+	ARCH_CFLAGS		?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
+				   $(CLANG_BUGS) -m64 \
+				   -DEFI_FUNCTION_WRAPPER -DGNU_EFI_USE_MS_ABI \
+				   -DNO_BUILTIN_VA_FUNCS -DMDE_CPU_X64 \
+				   -DPAGE_SIZE=4096
+	LIBDIR			?= $(prefix)/lib64
+	ARCH_SUFFIX		?= x64
+	ARCH_SUFFIX_UPPER	?= X64
+	ARCH_LDFLAGS		?=
+endif
+ifeq ($(ARCH),ia32)
+	ARCH_CFLAGS		?= -mno-mmx -mno-sse -mno-red-zone -nostdinc \
+				   $(CLANG_BUGS) -m32 \
+				   -DMDE_CPU_IA32 -DPAGE_SIZE=4096
+	LIBDIR			?= $(prefix)/lib
+	ARCH_SUFFIX		?= ia32
+	ARCH_SUFFIX_UPPER	?= IA32
+	ARCH_LDFLAGS		?=
+	ARCH_CFLAGS		?= -m32
+endif
+ifeq ($(ARCH),aarch64)
+	ARCH_CFLAGS		?= -DMDE_CPU_AARCH64 -DPAGE_SIZE=4096 -mstrict-align
+	LIBDIR			?= $(prefix)/lib64
+	ARCH_SUFFIX		?= aa64
+	ARCH_SUFFIX_UPPER	?= AA64
+	FORMAT			:= -O binary
+	SUBSYSTEM		:= 0xa
+	ARCH_LDFLAGS		+= --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
+	ARCH_CFLAGS		?=
+endif
+ifeq ($(ARCH),arm)
+	ARCH_CFLAGS		?= -DMDE_CPU_ARM -DPAGE_SIZE=4096 -mstrict-align
+	LIBDIR			?= $(prefix)/lib
+	ARCH_SUFFIX		?= arm
+	ARCH_SUFFIX_UPPER	?= ARM
+	FORMAT			:= -O binary
+	SUBSYSTEM		:= 0xa
+	ARCH_LDFLAGS		+= --defsym=EFI_SUBSYSTEM=$(SUBSYSTEM)
+endif
+
+CFLAGS		= -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \
+		  -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \
+		  -Werror=sign-compare -ffreestanding -std=gnu89 \
+		  -I$(shell $(CC) $(ARCH_CFLAGS) -print-file-name=include) \
+		  "-DDEFAULT_LOADER=L\"$(DEFAULT_LOADER)\"" \
+		  "-DDEFAULT_LOADER_CHAR=\"$(DEFAULT_LOADER)\"" \
+		  $(EFI_INCLUDES) $(ARCH_CFLAGS)
+
+ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined)
+	CFLAGS	+= -DOVERRIDE_SECURITY_POLICY
+endif
+
+ifneq ($(origin ENABLE_HTTPBOOT), undefined)
+	CFLAGS	+= -DENABLE_HTTPBOOT
+endif
+
+ifneq ($(origin REQUIRE_TPM), undefined)
+	CFLAGS  += -DREQUIRE_TPM
+endif
+
+LIB_GCC		= $(shell $(CC) $(ARCH_CFLAGS) -print-libgcc-file-name)
+EFI_LIBS	= -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC)
+FORMAT		?= --target efi-app-$(ARCH)
+EFI_PATH	?= $(LIBDIR)/gnuefi
+
+MMSTEM		?= mm$(ARCH_SUFFIX)
+MMNAME		= $(MMSTEM).efi
+MMSONAME	= $(MMSTEM).so
+FBSTEM		?= fb$(ARCH_SUFFIX)
+FBNAME		= $(FBSTEM).efi
+FBSONAME	= $(FBSTEM).so
+SHIMSTEM	?= shim$(ARCH_SUFFIX)
+SHIMNAME	= $(SHIMSTEM).efi
+SHIMSONAME	= $(SHIMSTEM).so
+SHIMHASHNAME	= $(SHIMSTEM).hash
+BOOTEFINAME	?= BOOT$(ARCH_SUFFIX_UPPER).EFI
+BOOTCSVNAME	?= BOOT$(ARCH_SUFFIX_UPPER).CSV
+
+CFLAGS += "-DEFI_ARCH=L\"$(ARCH_SUFFIX)\"" "-DDEBUGDIR=L\"/usr/lib/debug/usr/share/shim/$(ARCH_SUFFIX)-$(VERSION)$(DASHRELEASE)/\""
+
+ifneq ($(origin VENDOR_CERT_FILE), undefined)
+	CFLAGS += -DVENDOR_CERT_FILE=\"$(VENDOR_CERT_FILE)\"
+endif
+ifneq ($(origin VENDOR_DBX_FILE), undefined)
+	CFLAGS += -DVENDOR_DBX_FILE=\"$(VENDOR_DBX_FILE)\"
+endif
+
+LDFLAGS		= --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIBDIR) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1 $(ARCH_LDFLAGS) --no-undefined
author	Steve Langasek <steve.langasek@canonical.com>	2019-02-09 21:28:06 -0800
committer	Steve Langasek <steve.langasek@canonical.com>	2019-02-09 21:32:44 -0800
commit	ab4c731c1dd379acd3e95971af57401fb0a650a1 (patch)
tree	6a26fb8d0746cbbaa6c2d4b242c73442bcc1df06 /Make.defaults
parent	0d63079c7da8e86104ce4bbdae2f6cb8d2ea40c6 (diff)
parent	9c12130f9cd2ae11a9336813dd1f1669c0b64ad0 (diff)
download	efi-boot-shim-debian/15+1533136590.3beb971-1.tar.gz efi-boot-shim-debian/15+1533136590.3beb971-1.zip