| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2024-05-06 | Release 15.8-1~deb11u1 for bullseyedebian/15.8-1_deb11u1bullseye/updates | Steve McIntyre | |
| 2024-05-05 | check_nx: ignore arm64 binaries | Steve McIntyre | |
| the toolchain is too old | |||
| 2024-05-05 | Tweak arm64 patch | Steve McIntyre | |
| 2024-05-05 | Clean up better after build. Closes: #1046268 | Steve McIntyre | |
| 2024-05-05 | Install a copy of the Debian CA certificate into /usr/share/shim. | Steve McIntyre | |
| Closes: #1069054 | |||
| 2024-05-05 | Force usage of newest revocations at build time | Steve McIntyre | |
| Force shim to use the latest revocations by default to block some older grub / peimage issues. This is: "shim,4\ngrub,4\ngrub.peimage,2\n" This should work with the current released grub builds in all of buster, bullseye, bookwork and trixie/unstable. Let's not leave known security holes in the wild. | |||
| 2024-05-05 | Cherry-pick latest grub revocation patches from upstream shim | Steve McIntyre | |
| 0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch | |||
| 2024-05-05 | Log if the build is nx-compatible or not | Steve McIntyre | |
| Add a new simple script to do this: check_nx | |||
| 2024-05-05 | Switch to 15.8 upstream and drop old patches | Steve McIntyre | |
| 2023-01-31 | Release 15.7-1~deb11u1debian/15.7-1_deb11u1 | Steve McIntyre | |
| 2023-01-31 | Block Debian grub binaries with sbat < 4 (see #1024617) | Steve McIntyre | |
| 2023-01-31 | Enable NX support at build time | Steve McIntyre | |
| As required by policy for signing new shim binaries. | |||
| 2023-01-31 | Import upstream patch to deal with buggy binutils | Steve McIntyre | |
| 2023-01-31 | Port 15.7-1 back to bullseye too | Steve McIntyre | |
| Fold in our other changes, and test | |||
| 2022-07-28 | Release 15.6-1~deb11u1debian/15.6-1_deb11u1 | Steve McIntyre | |
| 2022-07-28 | Add new patches reverting arm64 build system changes | Steve McIntyre | |
| so we can build using older binutils | |||
| 2022-07-24 | Port 15.6-1 back to bullseye too | Steve McIntyre | |
| Fold in our other changes, and test | |||
| 2021-07-12 | Tweak how we call grub-install; don't abort on errordebian/15.4-7 | Steve McIntyre | |
| Not ideal behaviour either, but don't break upgrades. Copy the behaviour from the grub packages here. Closes: #990966 | |||
| 2021-06-23 | Release 15.4-6debian/15.4-6 | Steve McIntyre | |
| 2021-06-22 | In insecure mode, don't abort if we can't create the MokListXRT var | Steve McIntyre | |
| Upstream issue #372. Closes: #989962, #990158 | |||
| 2021-06-22 | Add arm64 patch to tweak section layout and stop crashing problems | Steve McIntyre | |
| Upstream issue #371. Closes: #990082, #990190 | |||
| 2021-05-06 | Add defensive code around calls to db_getdebian/15.4-5 | Steve McIntyre | |
| Don't fail if they return errors. | |||
| 2021-05-04 | Fix up the template maintainer scriptsdebian/15.4-4 | Steve McIntyre | |
| if we're not running on an EFI system then exit cleanly | |||
| 2021-05-03 | Add maintainer scripts to the template packagesdebian/15.4-3 | Steve McIntyre | |
| Manage installing and removing fbXXX.efi and mmXXX.efi when we install/remove the shim-helpers-$arch-signed packages. Closes: #966845 | |||
| 2021-04-21 | Add changelog for 15.4-2 with new patchesdebian/15.4-2 | Steve McIntyre | |
| 2021-04-21 | Don't call QueryVariableInfo() on EFI 1.10 machines | Steve McIntyre | |
| New patch from upstream, don't break old Macs | |||
| 2021-04-21 | Fix handling of ignore_db and user_insecure_mode | Steve McIntyre | |
| Extra patch from upstream | |||
| 2021-04-17 | Stop hardcoding the release version in the rules filedebian/15.4-1 | Steve McIntyre | |
| We can grab it from the changelog already | |||
| 2021-04-17 | Clean more things | Steve McIntyre | |
| 2021-04-17 | Prep for releasing based on 15.4 | Steve McIntyre | |
| 2021-04-14 | allocate MOK config table as BootServicesData | Steve McIntyre | |
| Another patch from upstream, needed with newer kernels on x86 | |||
| 2021-03-31 | Add one more patch from upstream to fix i386 binary relocations | Steve McIntyre | |
| 2021-03-31 | Move the sha256sum call to the end of the install phase | Steve McIntyre | |
| Make the output easier to find | |||
| 2021-03-31 | Override dh_auto_build setting INSTALL, cut down on build noise | Steve McIntyre | |
| 2021-03-31 | Update to the 15.4 release | Steve McIntyre | |
| 2021-03-24 | Print sha256 checksums of the EFI binaries when the build is done | Steve McIntyre | |
| 2021-03-24 | Tweak the SBAT data to keep reproducibilitydebian/15.3-3 | Steve McIntyre | |
| Only include the upstream version in the Debian SBAT metadata, so we don't break reproducibility on every minor packaging change. | |||
| 2021-03-24 | Add missing build-dep on xxd for build-time unit testsdebian/15.3-2 | Steve McIntyre | |
| 2021-03-23 | Switch to using the 15.3 release from upstream | Steve McIntyre | |
| 2021-03-23 | Remove all out outstanding patches | Steve McIntyre | |
| * cast-CHAR8-string-handling.patch no longer needed * fix-Make.coverity-bashisms.patch went upstream | |||
| 2021-03-23 | Update copyright file | Steve McIntyre | |
| Update a couple of top-level changes, copy in gnu-efi information from the gnu-efi package | |||
| 2021-03-23 | Fix up some of the options we're using at build time | Steve McIntyre | |
| Definitely don't want to be setting EFI_PATH, as that over-rides the vendored gnu-efi. Argh | |||
| 2021-03-23 | Improve how the dbx hashes are handled | Steve McIntyre | |
| Only include the hashes for the architecture we're building for - no point in adding bloat and delay here. Add a script "block_signed_deb" to scan a set of .deb files, extract the hashes for .efi binaries and list them in the format wanted for the dbx hashes file. Split out the code to use that file from the rules file into a separate helper. | |||
| 2021-03-23 | Tweak the gnu-efi tarball code | Steve McIntyre | |
| 2021-03-23 | Add an extra rule to generate the extra gnu-efi tarball | Steve McIntyre | |
| Thanks to Dmitri John Ledkov for help | |||
| 2021-03-23 | Add Debian SBAT data to the shim build | Steve McIntyre | |
| Add a Debian SBAT template, and rules to use it Adds a build-dep on dos2unix | |||
| 2021-03-23 | Add dbx entries for all our existing grub binaries | Steve McIntyre | |
| They're insecure, let's break the chainloading hole | |||
| 2021-02-21 | Change changelog to shut lintian up | Steve McIntyre | |
| 2021-02-21 | Remove artifacts that upstream installs that we don't use | Steve McIntyre | |
| ... to keep debhelper from complaining | |||
| 2021-02-21 | Add new patch cast-CHAR8-string-handling.patch | Steve McIntyre | |
| Cast CHAR8 strings to use (const char *) when using string functions Looks like gnu-efi definitions of CHAR8 are problematic | |||
 |
index : efi-boot-shim.git | |
| (mirror of https://github.com/vyos/efi-boot-shim.git) |
| summaryrefslogtreecommitdiff |