| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2025-07-07 | T861: add VyOS UEFI CA alongside Debian UEFI CAHEADvyos/current | Christian Breunig | |
| 2024-05-04 | Clean up better after build. Closes: #1046268 | Steve McIntyre | |
| 2024-05-04 | Install a copy of the Debian CA certificate into /usr/share/shim. | Steve McIntyre | |
| Closes: #1069054 | |||
| 2024-05-03 | Force usage of newest revocations at build time | Steve McIntyre | |
| Force shim to use the latest revocations by default to block some older grub / peimage issues. This is: "shim,4\ngrub,4\ngrub.peimage,2\n" This should work with the current released grub builds in all of buster, bullseye, bookwork and trixie/unstable. Let's not leave known security holes in the wild. | |||
| 2024-05-03 | Log if the build is nx-compatible or not | Steve McIntyre | |
| Add a new simple script to do this: check_nx | |||
| 2023-01-22 | Update upstream commit hash in build | Steve McIntyre | |
| We're using 657b2483ca6e9fcf2ad8ac7ee577ff546d24c3aa, which is the 15.7 release plus the one patch we're applying. | |||
| 2023-01-22 | Switch to using gcc-12 | Steve McIntyre | |
| Closes: #1022180 | |||
| 2022-04-27 | Tweak setup for dh_auto_test so the tests work | Steve McIntyre | |
| 2021-04-17 | Stop hardcoding the release version in the rules filedebian/15.4-1 | Steve McIntyre | |
| We can grab it from the changelog already | |||
| 2021-04-17 | Clean more things | Steve McIntyre | |
| 2021-04-17 | Prep for releasing based on 15.4 | Steve McIntyre | |
| 2021-03-31 | Move the sha256sum call to the end of the install phase | Steve McIntyre | |
| Make the output easier to find | |||
| 2021-03-31 | Override dh_auto_build setting INSTALL, cut down on build noise | Steve McIntyre | |
| 2021-03-24 | Print sha256 checksums of the EFI binaries when the build is done | Steve McIntyre | |
| 2021-03-23 | Switch to using the 15.3 release from upstream | Steve McIntyre | |
| 2021-03-23 | Fix up some of the options we're using at build time | Steve McIntyre | |
| Definitely don't want to be setting EFI_PATH, as that over-rides the vendored gnu-efi. Argh | |||
| 2021-03-23 | Improve how the dbx hashes are handled | Steve McIntyre | |
| Only include the hashes for the architecture we're building for - no point in adding bloat and delay here. Add a script "block_signed_deb" to scan a set of .deb files, extract the hashes for .efi binaries and list them in the format wanted for the dbx hashes file. Split out the code to use that file from the rules file into a separate helper. | |||
| 2021-03-23 | Tweak the gnu-efi tarball code | Steve McIntyre | |
| 2021-03-23 | Add an extra rule to generate the extra gnu-efi tarball | Steve McIntyre | |
| Thanks to Dmitri John Ledkov for help | |||
| 2021-03-23 | Add Debian SBAT data to the shim build | Steve McIntyre | |
| Add a Debian SBAT template, and rules to use it Adds a build-dep on dos2unix | |||
| 2021-02-21 | Remove artifacts that upstream installs that we don't use | Steve McIntyre | |
| ... to keep debhelper from complaining | |||
| 2021-02-21 | Switch to using gcc-10 rather than gcc-9. Closes: #978521 | Steve McIntyre | |
| 2021-02-21 | Switch to newer upstream "release" 15+1613861442.888f5b5 | Steve McIntyre | |
| Many many updates, but caring mainly about SBAT support | |||
| 2020-07-24 | Use sort and uniq - minimise the size of the list here | Steve McIntyre | |
| We may end up with duplicates, let's not include hashes twice in the shim binary blacklist | |||
| 2020-03-24 | Update debhelper compat level to 11 | Steve McIntyre | |
| 2020-03-24 | Switch to using gcc-9 for builds. Closes: #925826 | Steve McIntyre | |
| Pull upstream commit aaa09b35e73c4a35fc119d225e5241199d7cf5aa to fix an FTBFS. | |||
| 2019-05-06 | Output efisiglist commands to the build log | dann frazier | |
| It wouldn't hurt to keep a record of them. | |||
| 2019-05-06 | Require dbx hashes | dann frazier | |
| While it maybe convenient for a developer to be able to do a build w/o any dbx hashes, it prevents the $(DBX_LIST) target from having a proper dependency on the $(DBX_HASHES) file. If a developer were to add a new hash in a built tree, make would not detect that on a subsequent build and would not update the $(DBX_LIST) file. Continue to support a NULL $(DBX_LIST) build by touching the $(DBX_LIST) file in case no efisiglist commands ran. Developers can now create an empty $(DBX_HASHES) file to get that. | |||
| 2019-05-06 | Use $@ instead of referencing ${DBX_LIST} in multiple places | dann frazier | |
| 2019-05-06 | 'set -e' the code that generates the dbx list | dann frazier | |
| Without this we would silently ignore an efisiglist command error. | |||
| 2019-05-06 | Remove unnecessary exports | dann frazier | |
| 2019-05-04 | Generate a vendor dbx file at build time | Steve McIntyre | |
| This allow us to block executing binaries with specific checksums. Generate the dbx list at runtime from a simple list of sha256 hashes, so we can update this easily. If we need to also blacklist a cert later, we'll need to update this code to add that option too. Add a build-dep on pesign to get the needed efisiglist program. | |||
| 2019-05-03 | Build using gcc-7 | Steve McIntyre | |
| To get better control of reproducibility during the lifetime of Buster | |||
| 2019-03-23 | Fix FTCBFS: Set CROSS_COMPILE. (Closes: #922152) | Helmut Grohne | |
| 2019-02-15 | Include /usr/share/dpkg/architecture.mk instead of shelling out. | Luca Boccassi | |
| 2019-02-15 | Add shim-$arch-signed-template support | Philipp Hahn | |
| for getting the MOK-manager and fall-back binary to be signed by Debians singing service instead of using an ephemeral key. Closes: #922228 | |||
| 2019-02-15 | Disable ephemeral key on Debian | Philipp Hahn | |
| shim creates an ephemeral key, which gets embedded into shim and is used to sign the corresponding mok-manager (mm*.efi) and fall-back-manager (fb*.efi). This makes the build unreproducible. For Debian we will get those two binaries signed by our Debian-UEFI-CA, which is the primary (and only) key embedded in shim. | |||
| 2019-02-15 | debian/rules: fixing permissions no longer required | Philipp Hahn | |
| as Makefiles used "install -m 0644" by now. | |||
| 2019-02-10 | Ensure DEB_HOST_ARCH is set even if not present in the environment. | Steve Langasek | |
| 2019-02-10 | Enable build for i386. | Steve Langasek | |
| 2019-02-10 | Fix debian/rules syntax for arm64 build. | Steve Langasek | |
| 2018-08-22 | Make sure we pass the right COMMIT_ID to build | Mathieu Trudel-Lapierre | |
| 2018-07-24 | * debian/rules: | Mathieu Trudel-Lapierre | |
| - define RELEASE and COMMIT_ID for the snapshot. - Set ENABLE_HTTPBOOT to enable the HTTP Boot feature. | |||
| 2018-04-24 | Enable arm64 build. | dann frazier | |
| 2017-09-29 | Don't need to clean after .signed files, upstream Makefile does it now. | Mathieu Trudel-Lapierre | |
| Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com> | |||
| 2017-09-29 | Don't need to set -Wno-error=unused-variable anymore | Mathieu Trudel-Lapierre | |
| Signed-off-by: Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com> | |||
| 2017-09-27 | Ignore unused-variable errors. | Mathieu Trudel-Lapierre | |
| 2017-08-31 | debian/rules, debian/shim.install: make sure the 'make install' step does ↵ | Mathieu Trudel-Lapierre | |
| what it's meant to do by upstream: we can easily make use of the end result to have the files we need. | |||
| 2017-08-29 | Set EFIDIR=ubuntu for dh_auto_install; that will let files be installed in ↵ | Mathieu Trudel-Lapierre | |
| the "right" final directories, and makes boot.csv for us. | |||
| 2017-08-29 | Update dh_auto_build/dh_auto_clean/dh_auto_install for new upstream options: ↵ | Mathieu Trudel-Lapierre | |
| set MAKELEVEL. | |||
 |
index : efi-boot-shim.git | |
| (mirror of https://github.com/vyos/efi-boot-shim.git) |
| summaryrefslogtreecommitdiff |