| Age | Commit message (Collapse) | Author |
|---|
|
Only include the upstream version in the Debian SBAT metadata, so
we don't break reproducibility on every minor packaging change.
|
|
|
|
|
|
Merge branch 'master' into buster/updates
|
|
|
|
* cast-CHAR8-string-handling.patch no longer needed
* fix-Make.coverity-bashisms.patch went upstream
|
|
Update a couple of top-level changes, copy in gnu-efi information from
the gnu-efi package
|
|
Definitely don't want to be setting EFI_PATH, as that over-rides the
vendored gnu-efi. Argh
|
|
Only include the hashes for the architecture we're building for - no
point in adding bloat and delay here.
Add a script "block_signed_deb" to scan a set of .deb files, extract
the hashes for .efi binaries and list them in the format wanted for
the dbx hashes file.
Split out the code to use that file from the rules file into a
separate helper.
|
|
|
|
Thanks to Dmitri John Ledkov for help
|
|
Add a Debian SBAT template, and rules to use it
Adds a build-dep on dos2unix
|
|
They're insecure, let's break the chainloading hole
|
|
|
|
... to keep debhelper from complaining
|
|
Cast CHAR8 strings to use (const char *) when using string functions
Looks like gnu-efi definitions of CHAR8 are problematic
|
|
|
|
- avoid_null_vsprint.patch
- check_null_sn_ln.patch
- fixup_git.patch
- uname.patch
- use_compare_mem_gcc9.patch
|
|
|
|
Many many updates, but caring mainly about SBAT support
|
|
|
|
|
|
We may end up with duplicates, let's not include hashes twice in the
shim binary blacklist
|
|
|
|
|
|
|
|
Change the version dependency on shim-unsigned to be >= and not =.
This will allow for installation to still work in the window while we
wait for the template package to do its second trip through the
archive. Closes: #955356
|
|
for the dbx list, as recommended by Peter Jones. No actual changes
needed in our list of hashes at this point - they work out the same
either way.
|
|
Fixes: lintian: out-of-date-standards-version
See-also: https://lintian.debian.org/tags/out-of-date-standards-version.html
|
|
Fixes: lintian: upstream-metadata-file-is-missing
See-also: https://lintian.debian.org/tags/upstream-metadata-file-is-missing.html
|
|
Fixes: lintian: uses-debhelper-compat-file
See-also: https://lintian.debian.org/tags/uses-debhelper-compat-file.html
|
|
Fixes: lintian: package-uses-old-debhelper-compat-version
See-also: https://lintian.debian.org/tags/package-uses-old-debhelper-compat-version.html
|
|
Fixes: lintian: tab-in-license-text
See-also: https://lintian.debian.org/tags/tab-in-license-text.html
|
|
Fixes: lintian: insecure-copyright-format-uri
See-also: https://lintian.debian.org/tags/insecure-copyright-format-uri.html
|
|
Fixes: lintian: file-contains-trailing-whitespace
See-also: https://lintian.debian.org/tags/file-contains-trailing-whitespace.html
|
|
Change the version dependency on shim-unsigned to be >= and not =.
This will allow for installation to still work in the window while we
wait for the template package to do its second trip through the
archive. Closes: #955356
|
|
|
|
|
|
Pull upstream commit aaa09b35e73c4a35fc119d225e5241199d7cf5aa to fix
an FTBFS.
|
|
for the dbx list, as recommended by Peter Jones. No actual changes
needed in our list of hashes at this point - they work out the same
either way.
|
|
|
|
Not needed now.
|
|
so they'll get an empty dbs list rather than breaking the build
|
|
It wouldn't hurt to keep a record of them.
|
|
While it maybe convenient for a developer to be able to do a build
w/o any dbx hashes, it prevents the $(DBX_LIST) target from having
a proper dependency on the $(DBX_HASHES) file. If a developer were
to add a new hash in a built tree, make would not detect that on
a subsequent build and would not update the $(DBX_LIST) file.
Continue to support a NULL $(DBX_LIST) build by touching the
$(DBX_LIST) file in case no efisiglist commands ran. Developers
can now create an empty $(DBX_HASHES) file to get that.
|
|
|
|
Without this we would silently ignore an efisiglist command error.
|
|
|
|
Changes:
crash fixes
generate dbx file at runtime
|
|
signed arm64 grub binaries that allow use of the devicetree command,
as found in
grub-efi-arm64-signed_1+2.02+dfsg1+16_arm64.deb
grub-efi-arm64-signed_1+2.02+dfsg1+17_arm64.deb
|
