diff options
| author | Steve Langasek <steve.langasek@canonical.com> | 2012-12-13 18:42:34 -0800 |
|---|---|---|
| committer | Steve Langasek <steve.langasek@canonical.com> | 2012-12-13 18:42:34 -0800 |
| commit | c37196e74688dc2d1b3bb2049ea4df99baba9fa5 (patch) | |
| tree | 52c40777d944e60ea459230a7c3e04aa25400214 /debian | |
| parent | 0565508e532548ace1d42678f3518b2ed0ca842a (diff) | |
| download | efi-boot-shim-c37196e74688dc2d1b3bb2049ea4df99baba9fa5.tar.gz efi-boot-shim-c37196e74688dc2d1b3bb2049ea4df99baba9fa5.zip | |
debian/patches/sbsigntool-not-pesign: Sign MokManager with
sbsigntool instead of pesign.
Diffstat (limited to 'debian')
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/control | 2 | ||||
| -rw-r--r-- | debian/patches/sbsigntool-not-pesign | 22 | ||||
| -rw-r--r-- | debian/patches/series | 1 |
4 files changed, 26 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index e43b513a..62c3aa4f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -3,6 +3,8 @@ shim (0.2+20121127.9c0c64eb-0ubuntu1) UNRELEASED; urgency=low * New upstream snapshot. * Drop debian/patches/shim-before-loadimage; upstream has changed this to not call loadimage at all. + * debian/patches/sbsigntool-not-pesign: Sign MokManager with + sbsigntool instead of pesign. -- Steve Langasek <steve.langasek@ubuntu.com> Wed, 12 Dec 2012 16:36:12 -0800 diff --git a/debian/control b/debian/control index 0e27bb52..ef0b876e 100644 --- a/debian/control +++ b/debian/control @@ -4,7 +4,7 @@ Priority: optional Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com> XSBC-Original-Maintainer: Steve Langasek <vorlon@debian.org> Standards-Version: 3.9.3 -Build-Depends: debhelper (>= 9), gnu-efi +Build-Depends: debhelper (>= 9), gnu-efi, sbsigntool Vcs-Bzr: lp:ubuntu/shim Package: shim diff --git a/debian/patches/sbsigntool-not-pesign b/debian/patches/sbsigntool-not-pesign new file mode 100644 index 00000000..66b0f121 --- /dev/null +++ b/debian/patches/sbsigntool-not-pesign @@ -0,0 +1,22 @@ +Description: Sign MokManager with sbsigntool instead of pesign + Ubuntu infrastructure uses sbsigntool for all other EFI signing, so we use + the same thing for signing MokManager with our ephemeral key. This also + avoids an additional build dependency on libnss3-tools. +Author: Steve Langasek <steve.langasek@canonical.com> +Forwarded: not-needed + +Index: shim/Makefile +=================================================================== +--- shim.orig/Makefile ++++ shim/Makefile +@@ -88,8 +88,8 @@ + -j .debug_line -j .debug_str -j .debug_ranges \ + --target=efi-app-$(ARCH) $^ $@.debug + +-%.efi.signed: %.efi certdb/secmod.db +- pesign -n certdb -i $< -c "shim" -s -o $@ -f ++%.efi.signed: %.efi shim.crt ++ sbsign --key shim.key --cert shim.crt $< + + clean: + $(MAKE) -C Cryptlib clean diff --git a/debian/patches/series b/debian/patches/series index 42f8afa0..78756329 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,3 @@ prototypes second-stage-path +sbsigntool-not-pesign |