From 1f123ac2359cd923e9144f944a4bddf597fddbb5 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 11 Dec 2020 18:12:36 -0500 Subject: Try to kick the github PR workflow... Signed-off-by: Peter Jones --- .github/workflows/pullrequest.yml | 109 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 .github/workflows/pullrequest.yml (limited to '.github/workflows/pullrequest.yml') diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml new file mode 100644 index 00000000..46cd50de --- /dev/null +++ b/.github/workflows/pullrequest.yml @@ -0,0 +1,109 @@ +name: pull-request-builds + +on: + pull_request: + branches: + - main + +jobs: + pull-request-f34-x64: + runs-on: ubuntu-20.04 + container: vathpela/efi-ci:f34 + name: f34 build + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + # otherwise we are testing target branch instead of the PR branch (see pull_request_target trigger) + ref: ${{ github.event.pull_request.head.sha }} + fetch-depth: 0 + - name: fetch-origin + run: git fetch origin + id: fetch-origin + - name: dammit0 + run: git remote -v + id: dammit0 + - name: dammit1 + run: ls .git/refs/heads/ + id: dammit1 + - name: Do the build + run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true clean all + id: build + - name: Install in /destdir + run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true install + id: install +# - name: Archive production artifacts +# uses: actions/upload-artifact@v2 +# with: +# name: shim +# path: | +# /destdir + pull-request-f33-x64: + runs-on: ubuntu-20.04 + container: vathpela/efi-ci:f33 + name: f33 build + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + # otherwise we are testing target branch instead of the PR branch (see pull_request_target trigger) + ref: ${{ github.event.pull_request.head.sha }} + fetch-depth: 0 + - name: Do the build + run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true clean all + id: build + - name: Install in /destdir + run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true install + id: install +# - name: Archive production artifacts +# uses: actions/upload-artifact@v2 +# with: +# name: shim +# path: | +# /destdir + pull-request-f32-x64: + runs-on: ubuntu-20.04 + container: vathpela/efi-ci:f32 + name: f32 build + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + # otherwise we are testing target branch instead of the PR branch (see pull_request_target trigger) + ref: ${{ github.event.pull_request.head.sha }} + fetch-depth: 0 + - name: Do the build + run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true clean all + id: build + - name: Install in /destdir + run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true install + id: install +# - name: Archive production artifacts +# uses: actions/upload-artifact@v2 +# with: +# name: shim +# path: | +# /destdir + pull-request-f31-x64: + runs-on: ubuntu-20.04 + container: vathpela/efi-ci:f31 + name: f31 build + steps: + - name: Checkout + uses: actions/checkout@v2 + with: + # otherwise we are testing target branch instead of the PR branch (see pull_request_target trigger) + ref: ${{ github.event.pull_request.head.sha }} + fetch-depth: 0 + - name: Do the build + run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true clean all + id: build + - name: Install in /destdir + run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true install + id: install +# - name: Archive production artifacts +# uses: actions/upload-artifact@v2 +# with: +# name: shim +# path: | +# /destdir -- cgit v1.2.3 From 2b53e3d35602fd2bbb8f6162187f6ec5073cae8c Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 5 Feb 2021 16:00:15 -0500 Subject: github workflows: Unify the x86 pull request build rules steps This makes each of the f32/f33/f34 distro builds use the same steps to do the build, as well as making each of them build both x64 and ia32 targets. Signed-off-by: Peter Jones --- .github/workflows/pullrequest.yml | 130 +++++++++++++------------------------- 1 file changed, 44 insertions(+), 86 deletions(-) (limited to '.github/workflows/pullrequest.yml') diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml index 46cd50de..635c7f0b 100644 --- a/.github/workflows/pullrequest.yml +++ b/.github/workflows/pullrequest.yml @@ -6,88 +6,45 @@ on: - main jobs: - pull-request-f34-x64: + pull-request-intel: runs-on: ubuntu-20.04 - container: vathpela/efi-ci:f34 - name: f34 build - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - # otherwise we are testing target branch instead of the PR branch (see pull_request_target trigger) - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 0 - - name: fetch-origin - run: git fetch origin - id: fetch-origin - - name: dammit0 - run: git remote -v - id: dammit0 - - name: dammit1 - run: ls .git/refs/heads/ - id: dammit1 - - name: Do the build - run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true clean all - id: build - - name: Install in /destdir - run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true install - id: install -# - name: Archive production artifacts -# uses: actions/upload-artifact@v2 -# with: -# name: shim -# path: | -# /destdir - pull-request-f33-x64: - runs-on: ubuntu-20.04 - container: vathpela/efi-ci:f33 - name: f33 build - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - # otherwise we are testing target branch instead of the PR branch (see pull_request_target trigger) - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 0 - - name: Do the build - run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true clean all - id: build - - name: Install in /destdir - run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true install - id: install -# - name: Archive production artifacts -# uses: actions/upload-artifact@v2 -# with: -# name: shim -# path: | -# /destdir - pull-request-f32-x64: - runs-on: ubuntu-20.04 - container: vathpela/efi-ci:f32 - name: f32 build - steps: - - name: Checkout - uses: actions/checkout@v2 - with: - # otherwise we are testing target branch instead of the PR branch (see pull_request_target trigger) - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 0 - - name: Do the build - run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true clean all - id: build - - name: Install in /destdir - run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true install - id: install -# - name: Archive production artifacts -# uses: actions/upload-artifact@v2 -# with: -# name: shim -# path: | -# /destdir - pull-request-f31-x64: - runs-on: ubuntu-20.04 - container: vathpela/efi-ci:f31 - name: f31 build + container: vathpela/efi-ci:f34-x64 + name: ${{ matrix.distro }} ${{ matrix.efiarch }} build + + strategy: + matrix: + include: + - arch: amd64 + efiarch: x64 + makearch: x86_64 + distro: efi-ci-f34 + libdir: /usr/lib64 + - arch: amd64 + efiarch: x64 + makearch: x86_64 + distro: efi-ci-f33 + libdir: /usr/lib64 + - arch: amd64 + efiarch: x64 + makearch: x86_64 + distro: efi-ci-f32 + libdir: /usr/lib64 + - arch: amd64 + efiarch: ia32 + makearch: ia32 + distro: efi-ci-f34 + libdir: /usr/lib + - arch: amd64 + efiarch: ia32 + makearch: ia32 + distro: efi-ci-f33 + libdir: /usr/lib + - arch: amd64 + efiarch: ia32 + makearch: ia32 + distro: efi-ci-f32 + libdir: /usr/lib + steps: - name: Checkout uses: actions/checkout@v2 @@ -95,12 +52,13 @@ jobs: # otherwise we are testing target branch instead of the PR branch (see pull_request_target trigger) ref: ${{ github.event.pull_request.head.sha }} fetch-depth: 0 - - name: Do the build - run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true clean all + - name: Do the build on ${{ matrix.distro }} for ${{ matrix.efiarch }} id: build - - name: Install in /destdir - run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true install - id: install + run: | + make -s ARCH=${{ matrix.makearch }} PREFIX=/usr LIBDIR=${{ matrix.libdir }} DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true clean all + make -s ARCH=${{ matrix.makearch }} PREFIX=/usr LIBDIR=${{ matrix.libdir }} DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true install + echo 'results:' + find /destdir -type f # - name: Archive production artifacts # uses: actions/upload-artifact@v2 # with: -- cgit v1.2.3 From aed06cd1b8539dc03119eb57ade9913d361c9822 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 5 Feb 2021 16:00:26 -0500 Subject: github workflows: add the sbat branch to one PR builds run for This adds the "sbat" branch to the list of branches where a build is done if a PR is submitted against that branch. Signed-off-by: Peter Jones --- .github/workflows/pullrequest.yml | 1 + 1 file changed, 1 insertion(+) (limited to '.github/workflows/pullrequest.yml') diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml index 635c7f0b..3f68cbbf 100644 --- a/.github/workflows/pullrequest.yml +++ b/.github/workflows/pullrequest.yml @@ -4,6 +4,7 @@ on: pull_request: branches: - main + - sbat jobs: pull-request-intel: -- cgit v1.2.3 From 9b0c281db4ca94ef4299911bd966eac8f75877f2 Mon Sep 17 00:00:00 2001 From: Peter Jones Date: Fri, 22 Nov 2019 15:14:22 -0500 Subject: Make httpboot.c always get built. This is a backport from devel of: commit 634fd72ac6a6c6c9010c32506d524586826a8637 Author: Peter Jones Date: Fri Nov 22 15:14:22 2019 -0500 Make httpboot.c always get built. Signed-off-by: Peter Jones --- .github/workflows/pullrequest.yml | 4 ++-- .github/workflows/push.yml | 16 ++++++++-------- BUILDING | 2 -- Make.defaults | 4 ---- Makefile | 9 ++------- shim.c | 2 -- 6 files changed, 12 insertions(+), 25 deletions(-) (limited to '.github/workflows/pullrequest.yml') diff --git a/.github/workflows/pullrequest.yml b/.github/workflows/pullrequest.yml index 3f68cbbf..2821b2f4 100644 --- a/.github/workflows/pullrequest.yml +++ b/.github/workflows/pullrequest.yml @@ -56,8 +56,8 @@ jobs: - name: Do the build on ${{ matrix.distro }} for ${{ matrix.efiarch }} id: build run: | - make -s ARCH=${{ matrix.makearch }} PREFIX=/usr LIBDIR=${{ matrix.libdir }} DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true clean all - make -s ARCH=${{ matrix.makearch }} PREFIX=/usr LIBDIR=${{ matrix.libdir }} DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true install + make -s ARCH=${{ matrix.makearch }} PREFIX=/usr LIBDIR=${{ matrix.libdir }} DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true clean all + make -s ARCH=${{ matrix.makearch }} PREFIX=/usr LIBDIR=${{ matrix.libdir }} DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true install echo 'results:' find /destdir -type f # - name: Archive production artifacts diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml index d3ebbbf8..f4e59355 100644 --- a/.github/workflows/push.yml +++ b/.github/workflows/push.yml @@ -16,10 +16,10 @@ jobs: - name: Checkout uses: actions/checkout@v2 - name: Do the build - run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true clean all + run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true clean all id: build - name: Install in /destdir - run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true install + run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true install id: install # - name: Archive production artifacts # uses: actions/upload-artifact@v2 @@ -35,10 +35,10 @@ jobs: - name: Checkout uses: actions/checkout@v2 - name: Do the build - run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true clean all + run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true clean all id: build - name: Install in /destdir - run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true install + run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true install id: install # - name: Archive production artifacts # uses: actions/upload-artifact@v2 @@ -54,10 +54,10 @@ jobs: - name: Checkout uses: actions/checkout@v2 - name: Do the build - run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true clean all + run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true clean all id: build - name: Install in /destdir - run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true install + run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true install id: install # - name: Archive production artifacts # uses: actions/upload-artifact@v2 @@ -73,10 +73,10 @@ jobs: - name: Checkout uses: actions/checkout@v2 - name: Do the build - run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true clean all + run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true clean all id: build - name: Install in /destdir - run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true install + run: make PREFIX=/usr LIBDIR=/usr/lib64 DESTDIR=/destdir EFIDIR=test ENABLE_SHIM_HASH=true install id: install # - name: Archive production artifacts # uses: actions/upload-artifact@v2 diff --git a/BUILDING b/BUILDING index 5cc176be..456c9b4a 100644 --- a/BUILDING +++ b/BUILDING @@ -31,8 +31,6 @@ Variables you could set to customize the build: generate keys during the build and sign MokManager and fallback with them, and the signed version will be what gets installed with the install targets -- ENABLE_HTTPBOOT - build support for http booting - DISABLE_EBS_PROTECTION On systems where a second stage bootloader is not used, and the Linux Kernel is embedded in the same EFI image as shim and booted directly diff --git a/Make.defaults b/Make.defaults index 8bfcf7e0..e58a2810 100644 --- a/Make.defaults +++ b/Make.defaults @@ -99,10 +99,6 @@ ifneq ($(origin OVERRIDE_SECURITY_POLICY), undefined) CFLAGS += -DOVERRIDE_SECURITY_POLICY endif -ifneq ($(origin ENABLE_HTTPBOOT), undefined) - CFLAGS += -DENABLE_HTTPBOOT -endif - ifneq ($(origin REQUIRE_TPM), undefined) CFLAGS += -DREQUIRE_TPM endif diff --git a/Makefile b/Makefile index fe860e23..226f08d3 100644 --- a/Makefile +++ b/Makefile @@ -33,20 +33,15 @@ CFLAGS += -DENABLE_SHIM_CERT else TARGETS += $(MMNAME) $(FBNAME) endif -OBJS = shim.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o pe.o +OBJS = shim.o mok.o netboot.o cert.o replacements.o tpm.o version.o errlog.o sbat.o sbat_data.o pe.o httpboot.o KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer -ORIG_SOURCES = shim.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c shim.h version.h $(wildcard include/*.h) +ORIG_SOURCES = shim.c mok.c netboot.c replacements.c tpm.c errlog.c sbat.c pe.c httpboot.c shim.h version.h $(wildcard include/*.h) MOK_OBJS = MokManager.o PasswordCrypt.o crypt_blowfish.o errlog.o sbat_data.o ORIG_MOK_SOURCES = MokManager.c PasswordCrypt.c crypt_blowfish.c shim.h $(wildcard include/*.h) FALLBACK_OBJS = fallback.o tpm.o errlog.o sbat_data.o ORIG_FALLBACK_SRCS = fallback.c SBATPATH = data/sbat.csv -ifneq ($(origin ENABLE_HTTPBOOT), undefined) - OBJS += httpboot.o - SOURCES += httpboot.c include/httpboot.h -endif - ifeq ($(SOURCE_DATE_EPOCH),) UNAME=$(shell uname -s -m -p -i -o) else diff --git a/shim.c b/shim.c index 1cd9584c..630550b5 100644 --- a/shim.c +++ b/shim.c @@ -1118,7 +1118,6 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) } data = sourcebuffer; datasize = sourcesize; -#if defined(ENABLE_HTTPBOOT) } else if (find_httpboot(li->DeviceHandle)) { efi_status = httpboot_fetch_buffer (image_handle, &sourcebuffer, @@ -1130,7 +1129,6 @@ EFI_STATUS start_image(EFI_HANDLE image_handle, CHAR16 *ImagePath) } data = sourcebuffer; datasize = sourcesize; -#endif } else { /* * Read the new executable off disk -- cgit v1.2.3