| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-05-12 | Switch distribution to buster-securitydebian/15.8-1_deb10u1buster/updates | Steve McIntyre | |
| 2024-05-06 | Release 15.8-1~deb10u1 for buster | Steve McIntyre | |
| 2024-05-06 | Clean up better after build. Closes: #1046268 | Steve McIntyre | |
| 2024-05-06 | Install a copy of the Debian CA certificate into /usr/share/shim. | Steve McIntyre | |
| Closes: #1069054 | |||
| 2024-05-06 | Force usage of newest revocations at build time | Steve McIntyre | |
| Force shim to use the latest revocations by default to block some older grub / peimage issues. This is: "shim,4\ngrub,4\ngrub.peimage,2\n" This should work with the current released grub builds in all of buster, bullseye, bookwork and trixie/unstable. Let's not leave known security holes in the wild. | |||
| 2024-05-06 | Cherry-pick latest grub revocation patches from upstream shim | Steve McIntyre | |
| 0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch | |||
| 2024-05-06 | Log if the build is nx-compatible or not | Steve McIntyre | |
| Add a new simple script to do this: check_nx | |||
| 2024-05-06 | Switch to 15.8 upstream and drop old patches | Steve McIntyre | |
| 2023-01-31 | Retarget to buster-securitydebian/15.7-1_deb10u1 | Steve McIntyre | |
| 2023-01-31 | Release 15.7-1~deb10u1 | Steve McIntyre | |
| 2023-01-31 | Block Debian grub binaries with sbat < 4 (see #1024617) | Steve McIntyre | |
| 2023-01-31 | Enable NX support at build time | Steve McIntyre | |
| As required by policy for signing new shim binaries. | |||
| 2023-01-31 | Import upstream patch to deal with buggy binutils | Steve McIntyre | |
| 2023-01-31 | Port 15.7-1 back to buster too | Steve McIntyre | |
| Fold in our other changes, and test | |||
| 2022-07-28 | Release 15.6-1~deb10u1debian/15.6-1_deb10u1 | Steve McIntyre | |
| 2022-07-26 | Add new patches reverting arm64 build system changes | Steve McIntyre | |
| so we can build using older binutils | |||
| 2022-07-24 | Port 15.6-1 back to buster too | Steve McIntyre | |
| Fold in our other changes, and test | |||
| 2021-07-12 | Tweak how we call grub-install; don't abort on errordebian/15.4-7_deb10u1 | Steve McIntyre | |
| Not ideal behaviour either, but don't break upgrades. Copy the behaviour from the grub packages here. Closes: #990966 | |||
| 2021-06-23 | Release 15.4-6~deb10u1debian/15.4-6_deb10u1 | Steve McIntyre | |
| 2021-06-22 | In insecure mode, don't abort if we can't create the MokListXRT var | Steve McIntyre | |
| Upstream issue #372. Closes: #989962, #990158 | |||
| 2021-06-22 | Add arm64 patch to tweak section layout and stop crashing problems | Steve McIntyre | |
| Upstream issue #371. Closes: #990082 | |||
| 2021-05-08 | Add defensive code around calls to db_getdebian/15.4-5_deb10u1 | Steve McIntyre | |
| Don't fail if they return errors. | |||
| 2021-05-08 | Fix up the template maintainer scripts | Steve McIntyre | |
| if we're not running on an EFI system then exit cleanly | |||
| 2021-05-03 | Add maintainer scripts to the template packagesdebian/15.4-3_deb10u1 | Steve McIntyre | |
| Manage installing and removing fbXXX.efi and mmXXX.efi when we install/remove the shim-helpers-$arch-signed packages. Closes: #966845 | |||
| 2021-04-21 | Use a better version number for the buster builddebian/15.4-2_deb10u1 | Steve McIntyre | |
| 2021-04-21 | Add changelog for 15.4-1_deb10u2 with new patches | Steve McIntyre | |
| 2021-04-14 | allocate MOK config table as BootServicesData | Steve McIntyre | |
| Another patch from upstream, needed with newer kernels on x86 | |||
| 2021-03-31 | Add one more patch from upstream to fix i386 binary relocations | Steve McIntyre | |
| 2021-03-31 | Print sha256 checksums of the EFI binaries when the build is done | Steve McIntyre | |
| 2021-03-31 | Update to the 15.4 release | Steve McIntyre | |
| 2021-03-24 | Tweak the SBAT data to keep reproducibilitydebian/15.3-1_deb10u3 | Steve McIntyre | |
| Only include the upstream version in the Debian SBAT metadata, so we don't break reproducibility on every minor packaging change. | |||
| 2021-03-24 | Add missing build-dep on xxd for build-time unit testsdebian/15.3-1_deb10u2 | Steve McIntyre | |
| 2021-03-24 | Rebuild the new upstream version for busterdebian/15.3-1_deb10u1 | Steve McIntyre | |
| 2021-03-24 | Merge the new upstream version into buster | Steve McIntyre | |
| Merge branch 'master' into buster/updates | |||
| 2021-03-23 | Switch to using the 15.3 release from upstream | Steve McIntyre | |
| 2021-03-23 | Update copyright file | Steve McIntyre | |
| Update a couple of top-level changes, copy in gnu-efi information from the gnu-efi package | |||
| 2021-03-23 | Add an extra rule to generate the extra gnu-efi tarball | Steve McIntyre | |
| Thanks to Dmitri John Ledkov for help | |||
| 2021-03-23 | Add Debian SBAT data to the shim build | Steve McIntyre | |
| Add a Debian SBAT template, and rules to use it Adds a build-dep on dos2unix | |||
| 2021-03-23 | Add dbx entries for all our existing grub binaries | Steve McIntyre | |
| They're insecure, let's break the chainloading hole | |||
| 2021-02-21 | Change changelog to shut lintian up | Steve McIntyre | |
| 2021-02-21 | Add new patch cast-CHAR8-string-handling.patch | Steve McIntyre | |
| Cast CHAR8 strings to use (const char *) when using string functions Looks like gnu-efi definitions of CHAR8 are problematic | |||
| 2021-02-21 | Trivial change to remove bashisms in Make.coverity | Steve McIntyre | |
| 2021-02-21 | Remove all our old patches, no longer needed: | Steve McIntyre | |
| - avoid_null_vsprint.patch - check_null_sn_ln.patch - fixup_git.patch - uname.patch - use_compare_mem_gcc9.patch | |||
| 2021-02-21 | Switch to using gcc-10 rather than gcc-9. Closes: #978521 | Steve McIntyre | |
| 2021-02-21 | Switch to newer upstream "release" 15+1613861442.888f5b5 | Steve McIntyre | |
| Many many updates, but caring mainly about SBAT support | |||
| 2020-07-24 | Prepare 15+1533136590.3beb971-10 uploaddebian/15+1533136590.3beb971-10 | Steve McIntyre | |
| 2020-07-24 | Minimal-change upload to pick up rotated Debian signing keys | Steve McIntyre | |
| 2020-07-24 | Update changelog for a buster uploaddebian/15+1533136590.3beb971-7+deb10u1 | Steve McIntyre | |
| 2020-07-06 | Tweak the version dependency of the -helpers-ARCH-signed packages | Steve McIntyre | |
| Change the version dependency on shim-unsigned to be >= and not =. This will allow for installation to still work in the window while we wait for the template package to do its second trip through the archive. Closes: #955356 | |||
| 2020-07-06 | Use --padding when calling pesign to generate hashes | Steve McIntyre | |
| for the dbx list, as recommended by Peter Jones. No actual changes needed in our list of hashes at this point - they work out the same either way. | |||
 |
index : efi-boot-shim.git | |
| (mirror of https://github.com/vyos/efi-boot-shim.git) |
| summaryrefslogtreecommitdiff |