Update upstream source from tag 'upstream/15.3'debian/15.3-1

Update to upstream version '15.3' with Debian dir 1b484f1c1ac270604a5a1451b34de4b0865c6211
author: Steve McIntyre <steve@einval.com> 2021-03-23 23:49:46 +0000
committer: Steve McIntyre <steve@einval.com> 2021-03-23 23:49:46 +0000
commit: 1251a7ba86fc40a6aad8b4fecdbca2b61808d9fa (patch)
tree: 2125fda549aaca55cb49a48d54be77dec7fbf3df /Makefile
parent: 85b409232ce89b34626df9d72abedf5d4f5ccef6 (diff)
parent: 031e5cce385d3f96b1caa1d53495332a7eb03749 (diff)
download: efi-boot-shim-debian/15.3-1.tar.gz
efi-boot-shim-debian/15.3-1.zip
1 files changed, 78 insertions, 37 deletions
diff --git a/Makefile b/Makefile
index 02f380e0..e349c6f9 100644
--- a/Makefile
+++ b/Makefile
@@ -1,7 +1,7 @@
 default : all
 
 NAME		= shim
-VERSION		= 15
+VERSION		= 15.3
 ifneq ($(origin RELEASE),undefined)
 DASHRELEASE	?= -$(RELEASE)
 else
@@ -16,24 +16,29 @@ override TOPDIR := $(shell pwd)
 endif
 override TOPDIR	:= $(abspath $(TOPDIR))
 VPATH		= $(TOPDIR)
+export TOPDIR
 
-include $(TOPDIR)/Make.defaults
 include $(TOPDIR)/Make.rules
-include $(TOPDIR)/Make.coverity
-include $(TOPDIR)/Make.scan-build
+include $(TOPDIR)/Make.defaults
+include $(TOPDIR)/include/coverity.mk
+include $(TOPDIR)/include/scan-build.mk
+include $(TOPDIR)/include/fanalyzer.mk
 
 TARGETS	= $(SHIMNAME)
 TARGETS += $(SHIMNAME).debug $(MMNAME).debug $(FBNAME).debug
 ifneq ($(origin ENABLE_SHIM_HASH),undefined)
 TARGETS += $(SHIMHASHNAME)
 endif
+ifneq ($(origin ENABLE_SHIM_DEVEL),undefined)
+CFLAGS += -DENABLE_SHIM_DEVEL
+endif
 ifneq ($(origin ENABLE_SHIM_CERT),undefined)
 TARGETS	+= $(MMNAME).signed $(FBNAME).signed
 CFLAGS += -DENABLE_SHIM_CERT
 else
 TARGETS += $(MMNAME) $(FBNAME)
 endif
-OBJS	= shim.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o pe.o httpboot.o
+OBJS	= shim.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o pe.o httpboot.o csv.o
 KEYS	= shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
 ORIG_SOURCES	= shim.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c httpboot.c shim.h version.h $(wildcard include/*.h)
 MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat_data.o
@@ -52,7 +57,23 @@ SOURCES = $(foreach source,$(ORIG_SOURCES),$(TOPDIR)/$(source)) version.c
 MOK_SOURCES = $(foreach source,$(ORIG_MOK_SOURCES),$(TOPDIR)/$(source))
 FALLBACK_SRCS = $(foreach source,$(ORIG_FALLBACK_SRCS),$(TOPDIR)/$(source))
 
-all: $(TARGETS)
+ifneq ($(origin FALLBACK_VERBOSE), undefined)
+	CFLAGS += -DFALLBACK_VERBOSE
+endif
+
+ifneq ($(origin FALLBACK_VERBOSE_WAIT), undefined)
+	CFLAGS += -DFALLBACK_VERBOSE_WAIT=$(FALLBACK_VERBOSE_WAIT)
+endif
+
+all: confcheck $(TARGETS)
+
+confcheck:
+ifneq ($(origin EFI_PATH),undefined)
+	$(error EFI_PATH is no longer supported, you must build using the supplied copy of gnu-efi)
+endif
+
+update :
+	git submodule update --init --recursive
 
 shim.crt:
 	$(TOPDIR)/make-certs shim shim@xn--u4h.net all codesign 1.3.6.1.4.1.311.10.3.1 </dev/null
@@ -95,40 +116,54 @@ VENDOR_SBATS := $(foreach x,$(wildcard data/sbat.*.csv),$(notdir $(x)))
 sbat_data.o : | $(SBATPATH) $(VENDOR_SBATS)
 sbat_data.o : /dev/null
 	$(CC) $(CFLAGS) -x c -c -o $@ $<
-	$(OBJCOPY) --set-section-alignment '.sbat=512' --add-section .sbat=$(SBATPATH) $@
+	$(OBJCOPY) --add-section .sbat=$(SBATPATH) \
+		--set-section-flags .sbat=contents,alloc,load,readonly,data \
+		$@
 	$(foreach vs,$(VENDOR_SBATS),$(call add-vendor-sbat,$(vs),$@))
 
 $(SHIMNAME) : $(SHIMSONAME)
 $(MMNAME) : $(MMSONAME)
 $(FBNAME) : $(FBSONAME)
 
-$(SHIMSONAME): $(OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
-	$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)
+LIBS = Cryptlib/libcryptlib.a \
+       Cryptlib/OpenSSL/libopenssl.a \
+       lib/lib.a \
+       gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a \
+       gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a
+
+$(SHIMSONAME): $(OBJS) $(LIBS)
+	$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a
 
 fallback.o: $(FALLBACK_SRCS)
 
-$(FBSONAME): $(FALLBACK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
-	$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS)
+$(FBSONAME): $(FALLBACK_OBJS) $(LIBS)
+	$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a
 
 MokManager.o: $(MOK_SOURCES)
 
-$(MMSONAME): $(MOK_OBJS) Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a lib/lib.a
+$(MMSONAME): $(MOK_OBJS) $(LIBS)
 	$(LD) -o $@ $(LDFLAGS) $^ $(EFI_LIBS) lib/lib.a
 
+gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a: CFLAGS+=-DGNU_EFI_USE_EXTERNAL_STDARG
+gnu-efi/$(ARCH_GNUEFI)/gnuefi/libgnuefi.a gnu-efi/$(ARCH_GNUEFI)/lib/libefi.a:
+	$(MAKE) -C gnu-efi \
+		ARCH=$(ARCH_GNUEFI) TOPDIR=$(TOPDIR)/gnu-efi \
+		lib gnuefi inc
+
 Cryptlib/libcryptlib.a:
 	for i in Hash Hmac Cipher Rand Pk Pem SysCall; do mkdir -p Cryptlib/$$i; done
-	$(MAKE) VPATH=$(TOPDIR)/Cryptlib TOPDIR=$(TOPDIR)/Cryptlib -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile
+	$(MAKE) VPATH=$(TOPDIR)/Cryptlib -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile
 
 Cryptlib/OpenSSL/libopenssl.a:
 	for i in x509v3 x509 txt_db stack sha rsa rc4 rand pkcs7 pkcs12 pem ocsp objects modes md5 lhash kdf hmac evp err dso dh conf comp cmac buffer bn bio async/arch asn1 aes; do mkdir -p Cryptlib/OpenSSL/crypto/$$i; done
-	$(MAKE) VPATH=$(TOPDIR)/Cryptlib/OpenSSL TOPDIR=$(TOPDIR)/Cryptlib/OpenSSL -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile
+	$(MAKE) VPATH=$(TOPDIR)/Cryptlib/OpenSSL -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile
 
 lib/lib.a: | $(TOPDIR)/lib/Makefile $(wildcard $(TOPDIR)/include/*.[ch])
 	if [ ! -d lib ]; then mkdir lib ; fi
-	$(MAKE) VPATH=$(TOPDIR)/lib TOPDIR=$(TOPDIR) CFLAGS="$(CFLAGS)" -C lib -f $(TOPDIR)/lib/Makefile lib.a
+	$(MAKE) VPATH=$(TOPDIR)/lib -C lib -f $(TOPDIR)/lib/Makefile lib.a
 
 buildid : $(TOPDIR)/buildid.c
-	$(CC) -Og -g3 -Wall -Werror -Wextra -o $@ $< -lelf
+	$(HOSTCC) -I/usr/include -Og -g3 -Wall -Werror -Wextra -o $@ $< -lelf
 
 $(BOOTCSVNAME) :
 	@echo Making $@
@@ -239,6 +274,22 @@ else
 	$(PESIGN) -n certdb -i $< -c "shim" -s -o $@ -f
 endif
 
+test :
+	@make -f include/test.mk EFI_INCLUDES="$(EFI_INCLUDES)" ARCH_DEFINES="$(ARCH_DEFINES)" all
+
+$(patsubst %.c,%,$(wildcard test-*.c)) :
+	@make -f include/test.mk EFI_INCLUDES="$(EFI_INCLUDES)" ARCH_DEFINES="$(ARCH_DEFINES)" $@
+
+.PHONY : $(patsubst %.c,%,$(wildcard test-*.c)) test
+
+clean-test-objs:
+	@make -f include/test.mk EFI_INCLUDES="$(EFI_INCLUDES)" ARCH_DEFINES="$(ARCH_DEFINES)" clean
+
+clean-gnu-efi:
+	$(MAKE) -C gnu-efi \
+		ARCH=$(ARCH_GNUEFI) TOPDIR=$(TOPDIR)/gnu-efi \
+		clean
+
 clean-shim-objs:
 	$(MAKE) -C lib -f $(TOPDIR)/lib/Makefile clean
 	@rm -rvf $(TARGET) *.o $(SHIM_OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb $(BOOTCSVNAME)
@@ -246,37 +297,27 @@ clean-shim-objs:
 	@rm -vf Cryptlib/*.[oa] Cryptlib/*/*.[oa]
 	@if [ -d .git ] ; then git clean -f -d -e 'Cryptlib/OpenSSL/*'; fi
 
-clean: clean-shim-objs
-	$(MAKE) -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile clean
+clean-openssl-objs:
 	$(MAKE) -C Cryptlib/OpenSSL -f $(TOPDIR)/Cryptlib/OpenSSL/Makefile clean
 
+clean-cryptlib-objs:
+	$(MAKE) -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile clean
+
+clean: clean-shim-objs clean-test-objs clean-gnu-efi clean-openssl-objs clean-cryptlib-objs
+
 GITTAG = $(VERSION)
 
 test-archive:
-	@rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp
-	@mkdir -p /tmp/shim-$(VERSION)-tmp
-	@git archive --format=tar $(shell git branch | awk '/^*/ { print $$2 }') | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x )
-	@git diff | ( cd /tmp/shim-$(VERSION)-tmp/ ; patch -s -p1 -b -z .gitdiff )
-	@mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/
-	@git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit
-	@dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
-	@rm -rf /tmp/shim-$(VERSION)
-	@echo "The archive is in shim-$(VERSION).tar.bz2"
+	@./make-archive $(if $(call get-config,shim.origin),--origin "$(call get-config,shim.origin)") --test "$(VERSION)"
 
 tag:
-	git tag --sign $(GITTAG) refs/heads/master
+	git tag --sign $(GITTAG) refs/heads/main
 	git tag -f latest-release $(GITTAG)
 
 archive: tag
-	@rm -rf /tmp/shim-$(VERSION) /tmp/shim-$(VERSION)-tmp
-	@mkdir -p /tmp/shim-$(VERSION)-tmp
-	@git archive --format=tar $(GITTAG) | ( cd /tmp/shim-$(VERSION)-tmp/ ; tar x )
-	@mv /tmp/shim-$(VERSION)-tmp/ /tmp/shim-$(VERSION)/
-	@git log -1 --pretty=format:%H > /tmp/shim-$(VERSION)/commit
-	@dir=$$PWD; cd /tmp; tar -c --bzip2 -f $$dir/shim-$(VERSION).tar.bz2 shim-$(VERSION)
-	@rm -rf /tmp/shim-$(VERSION)
-	@echo "The archive is in shim-$(VERSION).tar.bz2"
+	@./make-archive $(if $(call get-config,shim.origin),--origin "$(call get-config,shim.origin)") --release "$(VERSION)" "$(GITTAG)" "shim-$(GITTAG)"
 
 .PHONY : install-deps shim.key
 
-export ARCH CC LD OBJCOPY EFI_INCLUDE OPTIMIZATIONS
+export ARCH CC CROSS_COMPILE LD OBJCOPY EFI_INCLUDE EFI_INCLUDES OPTIMIZATIONS
+export FEATUREFLAGS WARNFLAGS WERRFLAGS
author	Steve McIntyre <steve@einval.com>	2021-03-23 23:49:46 +0000
committer	Steve McIntyre <steve@einval.com>	2021-03-23 23:49:46 +0000
commit	1251a7ba86fc40a6aad8b4fecdbca2b61808d9fa (patch)
tree	2125fda549aaca55cb49a48d54be77dec7fbf3df /Makefile
parent	85b409232ce89b34626df9d72abedf5d4f5ccef6 (diff)
parent	031e5cce385d3f96b1caa1d53495332a7eb03749 (diff)
download	efi-boot-shim-debian/15.3-1.tar.gz efi-boot-shim-debian/15.3-1.zip