From bd98c8fd1c1bd2eeb4b1c84c861e59e8ccf25111 Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Mon, 7 Aug 2017 17:24:36 -0400 Subject: Update changelog/changes for released 0.9+1474479173.6c180c6-1ubuntu1 --- debian/patches/series | 1 + 1 file changed, 1 insertion(+) (limited to 'debian/patches/series') diff --git a/debian/patches/series b/debian/patches/series index a5f3392d..34c3f92b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1,3 @@ second-stage-path sbsigntool-not-pesign +0001-shim-fix-the-mirroring-MokSBState-fail.patch -- cgit v1.2.3 From 94190a1cd8faa7217ac9c83f0b3e6bcad302ca53 Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Mon, 7 Aug 2017 17:39:45 -0400 Subject: Set DEFAULT_LOADER; this makes second-stage-path unnecessary. --- debian/changelog | 3 +++ debian/patches/second-stage-path | 24 ------------------------ debian/patches/series | 1 - debian/rules | 1 + 4 files changed, 4 insertions(+), 25 deletions(-) delete mode 100644 debian/patches/second-stage-path (limited to 'debian/patches/series') diff --git a/debian/changelog b/debian/changelog index d59d15cb..e697abf1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,9 @@ shim (12+1501864225.b586175-0) UNRELEASED; urgency=medium * debian/rules: - Update dh_auto_build/dh_auto_clean for new upstream options: set MAKELEVEL. + - Set DEFAULT_LOADER; this makes second-stage-path unnecessary. + * debian/patches/second-stage-path: dropped. + -- Mathieu Trudel-Lapierre Fri, 04 Aug 2017 12:33:22 -0400 diff --git a/debian/patches/second-stage-path b/debian/patches/second-stage-path deleted file mode 100644 index da53af8e..00000000 --- a/debian/patches/second-stage-path +++ /dev/null @@ -1,24 +0,0 @@ -Description: Chainload grubx64.efi, not grub.efi - We qualify the second stage bootloader image with the architecture name, - so we're forwards-compatible with any future 32-bit implementations. - (Non-SB grub doesn't conflict, since the image will be named bootia32.efi - anyway, not grub.efi.) -Author: Steve Langasek - ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: b/Makefile -=================================================================== ---- a/Makefile -+++ b/Makefile -@@ -25,7 +25,7 @@ EFI_LIBS = -lefi -lgnuefi --start-group - EFI_CRT_OBJS = $(EFI_PATH)/crt0-efi-$(ARCH).o - EFI_LDS = elf_$(ARCH)_efi.lds - --DEFAULT_LOADER := \\\\grub.efi -+DEFAULT_LOADER := \\\\grubx64.efi - CFLAGS = -ggdb -O0 -fno-stack-protector -fno-strict-aliasing -fpic \ - -fshort-wchar -Wall -Wsign-compare -Werror -fno-builtin \ - -Werror=sign-compare -ffreestanding -std=gnu89 \ diff --git a/debian/patches/series b/debian/patches/series index 34c3f92b..20fe73c2 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,2 @@ -second-stage-path sbsigntool-not-pesign 0001-shim-fix-the-mirroring-MokSBState-fail.patch diff --git a/debian/rules b/debian/rules index db3ca61f..e51de0b7 100755 --- a/debian/rules +++ b/debian/rules @@ -19,6 +19,7 @@ override_dh_auto_build: dh_auto_build -- \ MAKELEVEL=0 \ EFI_PATH=/usr/lib \ + DEFAULT_LOADER=\\\grubx64.efi \ VENDOR_CERT_FILE=$(cert) override_dh_fixperms: -- cgit v1.2.3 From 5ca483b97b9d1c1373fd17346dbf207c18455019 Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Mon, 7 Aug 2017 17:43:08 -0400 Subject: debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch: dropped, included upstream. --- debian/changelog | 2 + ...01-shim-fix-the-mirroring-MokSBState-fail.patch | 71 ---------------------- debian/patches/series | 1 - 3 files changed, 2 insertions(+), 72 deletions(-) delete mode 100644 debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch (limited to 'debian/patches/series') diff --git a/debian/changelog b/debian/changelog index 147cdbc3..9ee00d3b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -10,6 +10,8 @@ shim (12+1501864225.b586175-0) UNRELEASED; urgency=medium makes it possible to build a shim for other architectures than amd64. * debian/patches/second-stage-path: dropped. * debian/patches/sbsigntool-no-pesign: refreshed. + * debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch: dropped, + included upstream. -- Mathieu Trudel-Lapierre Fri, 04 Aug 2017 12:33:22 -0400 diff --git a/debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch b/debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch deleted file mode 100644 index 61117d80..00000000 --- a/debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 1681bd7282e606e961c0d1bfafcf807a32bc912d Mon Sep 17 00:00:00 2001 -From: Ivan Hu -Date: Tue, 22 Nov 2016 06:26:01 +0800 -Subject: [PATCH] shim: fix the mirroring MokSBState fail -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1644806 - -Some machines have already embedded MokSBStateRT varaible with -EFI_VARIABLE_NON_VOLATILE attribute, and some users might disable shim -vailidation manually by creating MokSBStateRT. It causes mirroring MokSBState -fail because the variable cannot be set with different attribute again, and gets -error massage every time when booting. - -Fix it with checking the MokSBStateRT existence and deleting it before -mirroring it. - -Signed-off-by: Ivan Hu -Signed-off-by: Mathieu Trudel-Lapierre ---- - shim.c | 34 ++++++++++++++++++++++++---------- - 1 file changed, 24 insertions(+), 10 deletions(-) - -diff --git a/shim.c b/shim.c -index c69961b..90ea784 100644 ---- a/shim.c -+++ b/shim.c -@@ -2013,18 +2013,32 @@ EFI_STATUS mirror_mok_sb_state() - UINTN DataSize = 0; - - efi_status = get_variable(L"MokSBState", &Data, &DataSize, shim_lock_guid); -- if (efi_status != EFI_SUCCESS) -- return efi_status; -+ if (efi_status == EFI_SUCCESS) { -+ UINT8 *Data_RT = NULL; -+ UINTN DataSize_RT = 0; -+ -+ efi_status = get_variable(L"MokSBStateRT", &Data_RT, -+ &DataSize_RT, shim_lock_guid); -+ if (efi_status == EFI_SUCCESS) { -+ efi_status = uefi_call_wrapper(RT->SetVariable, 5, -+ L"MokSBStateRT", -+ &shim_lock_guid, -+ EFI_VARIABLE_BOOTSERVICE_ACCESS -+ | EFI_VARIABLE_RUNTIME_ACCESS -+ | EFI_VARIABLE_NON_VOLATILE, -+ 0, NULL); -+ } - -- efi_status = uefi_call_wrapper(RT->SetVariable, 5, L"MokSBStateRT", -- &shim_lock_guid, -- EFI_VARIABLE_BOOTSERVICE_ACCESS -- | EFI_VARIABLE_RUNTIME_ACCESS, -- DataSize, Data); -- if (efi_status != EFI_SUCCESS) { -- console_error(L"Failed to set MokSBStateRT", efi_status); -+ efi_status = uefi_call_wrapper(RT->SetVariable, 5, -+ L"MokSBStateRT", -+ &shim_lock_guid, -+ EFI_VARIABLE_BOOTSERVICE_ACCESS -+ | EFI_VARIABLE_RUNTIME_ACCESS, -+ DataSize, Data); -+ if (efi_status != EFI_SUCCESS) { -+ console_error(L"Failed to set MokSBStateRT", efi_status); -+ } - } -- - return efi_status; - } - --- -2.7.4 - diff --git a/debian/patches/series b/debian/patches/series index 20fe73c2..b8e0e105 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1 @@ sbsigntool-not-pesign -0001-shim-fix-the-mirroring-MokSBState-fail.patch -- cgit v1.2.3 From 402fafb47564efc2281966aa39f9d2d25d73aec4 Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Tue, 29 Aug 2017 13:58:39 -0400 Subject: Set ENABLE_SBSIGN, to use sbsign instead of pesign for signing fallback and MokManager. Also drop debian/patches/sbsigntool-no-pesign: with this change from upstream it is no longer needed.. --- debian/changelog | 4 +++- debian/patches/sbsigntool-not-pesign | 26 -------------------------- debian/patches/series | 1 - debian/rules | 1 + 4 files changed, 4 insertions(+), 28 deletions(-) delete mode 100644 debian/patches/sbsigntool-not-pesign (limited to 'debian/patches/series') diff --git a/debian/changelog b/debian/changelog index 79d7966e..4afcdf19 100644 --- a/debian/changelog +++ b/debian/changelog @@ -9,9 +9,11 @@ shim (12+1503074702.5202f80-0ubuntu1) UNRELEASED; urgency=medium makes it possible to build a shim for other architectures than amd64. - Set ENABLE_SHIM_CERT, to keep using ephemeral self-signed certs built at compile-time for MokManager and fallback. + - Set ENABLE_SBSIGN, to use sbsign instead of pesign for signing fallback + and MokManager. * debian/patches/second-stage-path: dropped; the default loader path now includes an arch suffix. - * debian/patches/sbsigntool-no-pesign: refreshed. + * debian/patches/sbsigntool-no-pesign: dropped; no longer needed.. * debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch: dropped, included upstream. diff --git a/debian/patches/sbsigntool-not-pesign b/debian/patches/sbsigntool-not-pesign deleted file mode 100644 index 1220cabd..00000000 --- a/debian/patches/sbsigntool-not-pesign +++ /dev/null @@ -1,26 +0,0 @@ -Description: Sign MokManager with sbsigntool instead of pesign - Ubuntu infrastructure uses sbsigntool for all other EFI signing, so we use - the same thing for signing MokManager with our ephemeral key. This also - avoids an additional build dependency on libnss3-tools. -Author: Steve Langasek -Forwarded: not-needed - ---- - Makefile | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -Index: b/Makefile -=================================================================== ---- a/Makefile -+++ b/Makefile -@@ -206,8 +206,8 @@ endif - -j .note.gnu.build-id \ - $(FORMAT) $^ $@.debug - --%.efi.signed: %.efi certdb/secmod.db -- $(PESIGN) -n certdb -i $< -c "shim" -s -o $@ -f -+%.efi.signed: %.efi shim.crt -+ sbsign --key shim.key --cert shim.crt $< - - clean: - $(MAKE) -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile clean diff --git a/debian/patches/series b/debian/patches/series index b8e0e105..e69de29b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +0,0 @@ -sbsigntool-not-pesign diff --git a/debian/rules b/debian/rules index b5f21367..3dc47aee 100755 --- a/debian/rules +++ b/debian/rules @@ -24,6 +24,7 @@ override_dh_auto_build: MAKELEVEL=0 \ EFI_PATH=/usr/lib \ ENABLE_SHIM_CERT=1 \ + ENABLE_SBSIGN=1 \ VENDOR_CERT_FILE=$(cert) override_dh_fixperms: -- cgit v1.2.3 From 2993c0ee31017782413e48980f8380881cdbd137 Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Tue, 29 Aug 2017 21:23:41 -0400 Subject: debian/patches/fix_makefile_phony.patch: fix a makefile bug causing shim to fail to build, because it gets confused about the .signed efi files. --- debian/changelog | 2 ++ debian/patches/fix_makefile_phony.patch | 22 ++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 25 insertions(+) create mode 100644 debian/patches/fix_makefile_phony.patch (limited to 'debian/patches/series') diff --git a/debian/changelog b/debian/changelog index 4afcdf19..6cd52d7f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -16,6 +16,8 @@ shim (12+1503074702.5202f80-0ubuntu1) UNRELEASED; urgency=medium * debian/patches/sbsigntool-no-pesign: dropped; no longer needed.. * debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch: dropped, included upstream. + * debian/patches/fix_makefile_phony.patch: fix a makefile bug causing shim + to fail to build, because it gets confused about the .signed efi files. -- Mathieu Trudel-Lapierre Tue, 29 Aug 2017 13:55:45 -0400 diff --git a/debian/patches/fix_makefile_phony.patch b/debian/patches/fix_makefile_phony.patch new file mode 100644 index 00000000..8a8d4749 --- /dev/null +++ b/debian/patches/fix_makefile_phony.patch @@ -0,0 +1,22 @@ +From: Mathieu Trudel-Lapierre +Subject: Fix Makefile to successfully build for shim with cert and sbsign + +sbsign needs shim.key and shim.crt, but the only target that exists in +makefile is shim.crt. shim.key is a side-effect building shim.crt. + +--- + Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +Index: b/Makefile +=================================================================== +--- a/Makefile ++++ b/Makefile +@@ -362,6 +362,6 @@ archive: tag + @rm -rf /tmp/shim-$(VERSION) + @echo "The archive is in shim-$(VERSION).tar.bz2" + +-.PHONY : install-deps ++.PHONY : install-deps shim.key + + export ARCH CC LD OBJCOPY EFI_INCLUDE diff --git a/debian/patches/series b/debian/patches/series index e69de29b..268dc0e6 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -0,0 +1 @@ +fix_makefile_phony.patch -- cgit v1.2.3 From 0e7f9a71d62abba31357b842825d38fd3fa3f18b Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Thu, 31 Aug 2017 19:08:49 -0400 Subject: debian/patches/buildid_write_return.patch: workaround our strict compile rules failing the build: make sure write calls check the return value. --- debian/changelog | 2 ++ debian/patches/buildid_write_return.patch | 35 +++++++++++++++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 38 insertions(+) create mode 100644 debian/patches/buildid_write_return.patch (limited to 'debian/patches/series') diff --git a/debian/changelog b/debian/changelog index 830e763d..806465b0 100644 --- a/debian/changelog +++ b/debian/changelog @@ -24,6 +24,8 @@ shim (12+1503074702.5202f80-0ubuntu1~test3) artful; urgency=medium * debian/rules: clean up after *.signed files. * debian/shim.install: update paths in light of using shim's upstream install target. + * debian/patches/buildid_write_return.patch: workaround our strict compile + rules failing the build: make sure write calls check the return value. -- Mathieu Trudel-Lapierre Tue, 29 Aug 2017 22:45:30 -0400 diff --git a/debian/patches/buildid_write_return.patch b/debian/patches/buildid_write_return.patch new file mode 100644 index 00000000..268cbd33 --- /dev/null +++ b/debian/patches/buildid_write_return.patch @@ -0,0 +1,35 @@ +--- + buildid.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +Index: b/buildid.c +=================================================================== +--- a/buildid.c ++++ b/buildid.c +@@ -113,6 +113,7 @@ static void handle_one(char *f) + char *b = NULL; + size_t sz; + uint8_t *data; ++ ssize_t written; + + if (!strcmp(f, "-")) { + fd = STDIN_FILENO; +@@ -132,10 +133,14 @@ static void handle_one(char *f) + b = alloca(sz * 2 + 1); + data2hex(data, sz, b); + if (b) { +- write(1, f, strlen(f)); +- write(1, " ", 1); +- write(1, b, strlen(b)); +- write(1, "\n", 1); ++ written = write(1, f, strlen(f)); ++ if (written < 0) ++ errx(1, "Error writing build id"); ++ written = write(1, " ", 1); ++ written = write(1, b, strlen(b)); ++ if (written < 0) ++ errx(1, "Error writing build id"); ++ written = write(1, "\n", 1); + } + } + elf_end(elf); diff --git a/debian/patches/series b/debian/patches/series index 268dc0e6..0f0fda43 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +1,2 @@ fix_makefile_phony.patch +buildid_write_return.patch -- cgit v1.2.3 From 544696f3ade15d70a5d8389c481e964a164cd3de Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Wed, 13 Sep 2017 12:11:21 -0700 Subject: Drop PHONY fix patch; merged upstream. --- debian/changelog | 2 -- debian/patches/fix_makefile_phony.patch | 22 ---------------------- debian/patches/series | 1 - 3 files changed, 25 deletions(-) delete mode 100644 debian/patches/fix_makefile_phony.patch (limited to 'debian/patches/series') diff --git a/debian/changelog b/debian/changelog index e7cfd4f1..bef19f35 100644 --- a/debian/changelog +++ b/debian/changelog @@ -19,8 +19,6 @@ shim (12+1503074702.5202f80-0ubuntu1~test4) UNRELEASED; urgency=medium * debian/patches/sbsigntool-no-pesign: dropped; no longer needed.. * debian/patches/0001-shim-fix-the-mirroring-MokSBState-fail.patch: dropped, included upstream. - * debian/patches/fix_makefile_phony.patch: fix a makefile bug causing shim - to fail to build, because it gets confused about the .signed efi files. * debian/rules: clean up after *.signed files. * debian/shim.install: update paths in light of using shim's upstream install target. diff --git a/debian/patches/fix_makefile_phony.patch b/debian/patches/fix_makefile_phony.patch deleted file mode 100644 index 8a8d4749..00000000 --- a/debian/patches/fix_makefile_phony.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: Mathieu Trudel-Lapierre -Subject: Fix Makefile to successfully build for shim with cert and sbsign - -sbsign needs shim.key and shim.crt, but the only target that exists in -makefile is shim.crt. shim.key is a side-effect building shim.crt. - ---- - Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -Index: b/Makefile -=================================================================== ---- a/Makefile -+++ b/Makefile -@@ -362,6 +362,6 @@ archive: tag - @rm -rf /tmp/shim-$(VERSION) - @echo "The archive is in shim-$(VERSION).tar.bz2" - --.PHONY : install-deps -+.PHONY : install-deps shim.key - - export ARCH CC LD OBJCOPY EFI_INCLUDE diff --git a/debian/patches/series b/debian/patches/series index 0f0fda43..db9eed12 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,2 +1 @@ -fix_makefile_phony.patch buildid_write_return.patch -- cgit v1.2.3 From 560a356bc7fd03341c7ff7ce9560e9e32cfb264c Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Fri, 29 Sep 2017 11:26:01 -0400 Subject: Drop buildid_write_return.patch; no longer needed. Signed-off-by: Mathieu Trudel-Lapierre --- debian/changelog | 2 -- debian/patches/buildid_write_return.patch | 35 ------------------------------- debian/patches/series | 1 - 3 files changed, 38 deletions(-) delete mode 100644 debian/patches/buildid_write_return.patch (limited to 'debian/patches/series') diff --git a/debian/changelog b/debian/changelog index a849dca5..7048958f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -23,8 +23,6 @@ shim (13-0ubuntu1) UNRELEASED; urgency=medium * debian/rules: clean up after *.signed files. * debian/shim.install: update paths in light of using shim's upstream install target. - * debian/patches/buildid_write_return.patch: workaround our strict compile - rules failing the build: make sure write calls check the return value. * debian/rules, debian/shim.install: make sure the 'make install' step does what it's meant to do by upstream: we can easily make use of the end result to have the files we need. diff --git a/debian/patches/buildid_write_return.patch b/debian/patches/buildid_write_return.patch deleted file mode 100644 index 268cbd33..00000000 --- a/debian/patches/buildid_write_return.patch +++ /dev/null @@ -1,35 +0,0 @@ ---- - buildid.c | 13 +++++++++---- - 1 file changed, 9 insertions(+), 4 deletions(-) - -Index: b/buildid.c -=================================================================== ---- a/buildid.c -+++ b/buildid.c -@@ -113,6 +113,7 @@ static void handle_one(char *f) - char *b = NULL; - size_t sz; - uint8_t *data; -+ ssize_t written; - - if (!strcmp(f, "-")) { - fd = STDIN_FILENO; -@@ -132,10 +133,14 @@ static void handle_one(char *f) - b = alloca(sz * 2 + 1); - data2hex(data, sz, b); - if (b) { -- write(1, f, strlen(f)); -- write(1, " ", 1); -- write(1, b, strlen(b)); -- write(1, "\n", 1); -+ written = write(1, f, strlen(f)); -+ if (written < 0) -+ errx(1, "Error writing build id"); -+ written = write(1, " ", 1); -+ written = write(1, b, strlen(b)); -+ if (written < 0) -+ errx(1, "Error writing build id"); -+ written = write(1, "\n", 1); - } - } - elf_end(elf); diff --git a/debian/patches/series b/debian/patches/series index db9eed12..e69de29b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +0,0 @@ -buildid_write_return.patch -- cgit v1.2.3 From 81b34c16318358dda4aaf8701250dab3b0401b7d Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Mon, 6 Nov 2017 09:18:08 -0500 Subject: debian/patches/abort_abort_abort.patch: signtool.exe isn't happy with some of the structure of our binary, partly because abort() is thought to be an external symbol, which causes some relocalisations to appear. --- debian/changelog | 8 ++++++++ debian/patches/abort_abort_abort.patch | 18 ++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 27 insertions(+) create mode 100644 debian/patches/abort_abort_abort.patch (limited to 'debian/patches/series') diff --git a/debian/changelog b/debian/changelog index f55cf3c3..c5832328 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +shim (13-0ubuntu2) UNRELEASED; urgency=medium + + * debian/patches/abort_abort_abort.patch: signtool.exe isn't happy with some + of the structure of our binary, partly because abort() is thought to be an + external symbol, which causes some relocalisations to appear. + + -- Mathieu Trudel-Lapierre Mon, 06 Nov 2017 09:13:01 -0500 + shim (13-0ubuntu1) artful; urgency=medium * New upstream release: 13 diff --git a/debian/patches/abort_abort_abort.patch b/debian/patches/abort_abort_abort.patch new file mode 100644 index 00000000..2afdac4c --- /dev/null +++ b/debian/patches/abort_abort_abort.patch @@ -0,0 +1,18 @@ +From: Peter Jones +Subject: define abort to avoid an unnecessary reloc. + +--- + Cryptlib/Include/OpenSslSupport.h | 1 + + 1 file changed, 1 insertion(+) + +Index: b/Cryptlib/Include/OpenSslSupport.h +=================================================================== +--- a/Cryptlib/Include/OpenSslSupport.h ++++ b/Cryptlib/Include/OpenSslSupport.h +@@ -380,5 +380,6 @@ extern FILE *stdout; + #define atoi(nptr) AsciiStrDecimalToUintn(nptr) + #define gettimeofday(tvp,tz) do { (tvp)->tv_sec = time(NULL); (tvp)->tv_usec = 0; } while (0) + #define gmtime_r(timer,result) (result = NULL) ++#define abort() + + #endif diff --git a/debian/patches/series b/debian/patches/series index e69de29b..ae84c759 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -0,0 +1 @@ +abort_abort_abort.patch -- cgit v1.2.3 From 0283a7456e3c16c3c2430160e57ea4f838dc94dc Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Tue, 24 Jul 2018 16:26:53 -0400 Subject: debian/patches/abort_abort_abort.patch: dropped patch, included upstream. --- debian/changelog | 1 + debian/patches/abort_abort_abort.patch | 18 ------------------ debian/patches/series | 1 - 3 files changed, 1 insertion(+), 19 deletions(-) delete mode 100644 debian/patches/abort_abort_abort.patch (limited to 'debian/patches/series') diff --git a/debian/changelog b/debian/changelog index d1162720..5ea26c7d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -8,6 +8,7 @@ shim (15+1531942534.dd3230d-0ubuntu1) UNRELEASED; urgency=medium [ Mathieu Trudel-Lapierre ] * New upstream snapshot. + * debian/patches/abort_abort_abort.patch: dropped patch, included upstream. -- Mathieu Trudel-Lapierre Tue, 24 Jul 2018 16:24:51 -0400 diff --git a/debian/patches/abort_abort_abort.patch b/debian/patches/abort_abort_abort.patch deleted file mode 100644 index 2afdac4c..00000000 --- a/debian/patches/abort_abort_abort.patch +++ /dev/null @@ -1,18 +0,0 @@ -From: Peter Jones -Subject: define abort to avoid an unnecessary reloc. - ---- - Cryptlib/Include/OpenSslSupport.h | 1 + - 1 file changed, 1 insertion(+) - -Index: b/Cryptlib/Include/OpenSslSupport.h -=================================================================== ---- a/Cryptlib/Include/OpenSslSupport.h -+++ b/Cryptlib/Include/OpenSslSupport.h -@@ -380,5 +380,6 @@ extern FILE *stdout; - #define atoi(nptr) AsciiStrDecimalToUintn(nptr) - #define gettimeofday(tvp,tz) do { (tvp)->tv_sec = time(NULL); (tvp)->tv_usec = 0; } while (0) - #define gmtime_r(timer,result) (result = NULL) -+#define abort() - - #endif diff --git a/debian/patches/series b/debian/patches/series index ae84c759..e69de29b 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1 +0,0 @@ -abort_abort_abort.patch -- cgit v1.2.3 From ad536b8717e068bed101ed8f495e7f7eb93a713d Mon Sep 17 00:00:00 2001 From: Mathieu Trudel-Lapierre Date: Tue, 24 Jul 2018 18:13:48 -0400 Subject: debian/patches/fixup_git.patch: don't run git in clean; we're not really in a git tree. --- debian/changelog | 2 ++ debian/patches/fixup_git.patch | 19 +++++++++++++++++++ debian/patches/series | 1 + 3 files changed, 22 insertions(+) create mode 100644 debian/patches/fixup_git.patch (limited to 'debian/patches/series') diff --git a/debian/changelog b/debian/changelog index 5630d819..7253cb18 100644 --- a/debian/changelog +++ b/debian/changelog @@ -12,6 +12,8 @@ shim (15+1531942534.dd3230d-0ubuntu1) UNRELEASED; urgency=medium * debian/rules: - define RELEASE and COMMIT_ID for the snapshot. - Set ENABLE_HTTPBOOT to enable the HTTP Boot feature. + * debian/patches/fixup_git.patch: don't run git in clean; we're not really + in a git tree. -- Mathieu Trudel-Lapierre Tue, 24 Jul 2018 16:24:51 -0400 diff --git a/debian/patches/fixup_git.patch b/debian/patches/fixup_git.patch new file mode 100644 index 00000000..33e9305d --- /dev/null +++ b/debian/patches/fixup_git.patch @@ -0,0 +1,19 @@ +From: Mathieu Trudel-Lapierre +Subject: We're not in a git tree, don't try to git clean. + +--- + Makefile | 1 - + 1 file changed, 1 deletion(-) + +Index: b/Makefile +=================================================================== +--- a/Makefile ++++ b/Makefile +@@ -225,7 +225,6 @@ clean-shim-objs: + @rm -rvf $(TARGET) *.o $(SHIM_OBJS) $(MOK_OBJS) $(FALLBACK_OBJS) $(KEYS) certdb $(BOOTCSVNAME) + @rm -vf *.debug *.so *.efi *.efi.* *.tar.* version.c buildid + @rm -vf Cryptlib/*.[oa] Cryptlib/*/*.[oa] +- @git clean -f -d -e 'Cryptlib/OpenSSL/*' + + clean: clean-shim-objs + $(MAKE) -C Cryptlib -f $(TOPDIR)/Cryptlib/Makefile clean diff --git a/debian/patches/series b/debian/patches/series index e69de29b..767bfb59 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -0,0 +1 @@ +fixup_git.patch -- cgit v1.2.3