diff options
| -rw-r--r-- | debian/changelog | 1 | ||||
| -rwxr-xr-x | debian/check_nx | 32 | ||||
| -rwxr-xr-x | debian/rules | 5 |
3 files changed, 38 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 84f0fee5..768c5540 100644 --- a/debian/changelog +++ b/debian/changelog @@ -13,6 +13,7 @@ shim (15.8-1) UNRELEASED; urgency=medium * NOTE: Stop building for i386 + Debian kernels are no longer signed for i386, it's time to stop supporting i386 SB. + * Log if the build is nx-compatible or not [ Bastien Roucariès ] * Port autopkgtest from ubuntu diff --git a/debian/check_nx b/debian/check_nx new file mode 100755 index 00000000..061064d0 --- /dev/null +++ b/debian/check_nx @@ -0,0 +1,32 @@ +#!/bin/sh +# +# Helper script - check if a binary is tagged as NX-compatible or not. + +set -e + +for FILE in "$@"; do + + if [ ! -f "${FILE}" ]; then + echo "${FILE} does not exist. ABORT." + exit 1 + fi + + echo "Checking NX bit on ${FILE}:" + DLL_CHARACTERISTICS=$(objdump -x "${FILE}" | awk '/DllCharacteristics/ {print $2}') + + echo " DllCharacteristics $DLL_CHARACTERISTICS" + case $DLL_CHARACTERISTICS in + 00000000) + echo " NOT tagged as NX-compatible" + ;; + 00000100) + echo " tagged as NX-compatible" + ;; + *) + echo " UNRECOGNISED value, ABORT"; + exit 1 + ;; + esac + +done + diff --git a/debian/rules b/debian/rules index a6e97448..39d0357e 100755 --- a/debian/rules +++ b/debian/rules @@ -81,7 +81,12 @@ override_dh_auto_install: # And remove the extra removable-media copy of shim too, it's # not needed for our build and causes debhelper to complain rm -f debian/tmp/boot/efi/EFI/BOOT/BOOT*.EFI + + # Generate the template packages that we'll use for SB signing later ./debian/signing-template.generate + + # Log some useful things about the build here + ./debian/check_nx shim*.efi sha256sum *.efi generate-gnu-efi: |