From: Michael Shigorin <mike@osdn.org.ua> To: devel-distro@lists.altlinux.org Subject: Re: [devel-distro] [#110111] DONE (try 8) srpm=refind-0.6.12-alt3.src.rpm srpm=elilo-3.14-alt1.5926535.src.rpm ... Date: Thu, 19 Dec 2013 00:17:12 +0200 Message-ID: <20131218221712.GC12432@osdn.org.ua> (raw) In-Reply-To: <20131218210658.GA28248@gitery.altlinux.org> <20131218161058.GA25957@gitery.altlinux.org> <20131218211819.GA12220@gitery.altlinux.org> [-- Attachment #1: Type: text/plain, Size: 2209 bytes --] Здравствуйте. Вниманию всех собирающих образы с поддержкой EFI: после прохождения этих заданий в сизиф (бишь с ближайшего утра) несколько изменяется работа с mkimage в случае необходимости включения подписанных для условий UEFI SB бинарников. Для mkimage потребуется патч вроде приложенного коммита относительно 0.2.10 (надеюсь, на днях будет опубликован и упакован). В случае применения mkimage-profiles также потребуется патч вроде приложенного (который ещё будет изменён до включения в публикуемый репозиторий) -- это поверх 1.1.17. Дальнейшие детали -- в более разумное время суток. On Wed, Dec 18, 2013 at 09:18:19PM +0000, Girar Builder pender robot wrote: > http://git.altlinux.org/tasks/archive/done/_107/110111/logs/events.8.1.log > > 2013-Dec-18 21:10:17 :: task #110111 for sisyphus resumed by mike: [...] > #400 build refind-0.6.12-alt3.src.rpm > #500 build elilo-3.14-alt1.5926535.src.rpm > #600 build 2.00-alt20 from /people/mike/packages/grub2.git [...] > 2013-Dec-18 21:18:19 :: task #110111 for sisyphus DONE On Wed, Dec 18, 2013 at 04:10:58PM +0000, Girar Builder awaiter robot wrote: > http://git.altlinux.org/tasks/110111/logs/events.6.1.log > > 2013-Dec-18 15:52:44 :: test-only task #110111 for sisyphus resumed by mike: [...] > 2013-Dec-18 15:54:32 :: [x86_64] #400: pesigning approved by mike > 2013-Dec-18 15:54:44 :: [x86_64] #400: refind: pesign OK > 2013-Dec-18 15:55:17 :: [x86_64] #500: pesigning approved by mike > 2013-Dec-18 15:55:28 :: [x86_64] #500: elilo: pesign OK > 2013-Dec-18 16:05:18 :: [x86_64] #600: pesigning approved by mike > 2013-Dec-18 16:05:31 :: [x86_64] #600: grub2-efi: pesign OK > 2013-Dec-18 16:05:31 :: [x86_64] #600 grub2.git 2.00-alt20: build OK On Wed, Dec 18, 2013 at 09:06:58PM +0000, Girar Builder pender robot wrote: > http://git.altlinux.org/tasks/archive/done/_108/110658/logs/events.3.3.log > > 2013-Dec-18 20:59:40 :: task #110658 for sisyphus resumed by mike: > #100 build shim-0.4-alt1.2.src.rpm > #200 build 0.4-alt3 from /people/mike/packages/shim-signed.git [...] > 2013-Dec-18 21:06:57 :: task #110658 for sisyphus DONE -- ---- WBR, Michael Shigorin / http://altlinux.org ------ http://opennet.ru / http://anna-news.info [-- Attachment #2: 0001-mki-copy-efiboot-drop-signed-subpackages.patch --] [-- Type: text/plain, Size: 2019 bytes --] >From d7c348de603ef11f63fb4d8a0ddcc51c3e7b44dc Mon Sep 17 00:00:00 2001 From: Michael Shigorin <mike@altlinux.org> Date: Wed, 18 Dec 2013 02:23:47 +0400 Subject: [PATCH] mki-copy-efiboot: drop -signed subpackages There are no (un)signed EFI subpackages now but presence of a signature or the lack thereof is being determined by the build environment or postprocessing; just drop the code written to support the experimental state of affairs. --- tools/mki-copy-efiboot | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/tools/mki-copy-efiboot b/tools/mki-copy-efiboot index 58f70a4..0116430 100755 --- a/tools/mki-copy-efiboot +++ b/tools/mki-copy-efiboot @@ -30,11 +30,11 @@ pkgs="$pkgs $EFI_BOOTLOADER" pkgs="$pkgs $EFI_SHELL" [ -z "${EFI_CERT:-}" ] || - pkgs="$pkgs alt-uefi-keys shim-signed $EFI_BOOTLOADER-signed" + pkgs="$pkgs alt-uefi-keys shim-signed" case "${EFI_BOOTLOADER:-}" in refind) # won't boot unsigned kernels in SB mode - pkgs="$pkgs elilo${EFI_CERT:+-signed}" + pkgs="$pkgs elilo" ;; esac @@ -69,11 +69,9 @@ mkdir $verbose -p -- \$boot if [ -n "${EFI_CERT:-}" ]; then shim_path=\$boot/bootx64.efi bin_path=\$boot/grubx64.efi - bin_suffix=-signed else shim_path= bin_path=\$boot/bootx64.efi - bin_suffix= fi stage2_size="\$[ \$(stat -c%s \$stage2) / 1024 + 1 ]" @@ -84,7 +82,7 @@ efi_bindir=/usr/lib64/efi copy_shell() { dest="\$efi/\$shell" - src="\$efi_bindir/shell${EFI_CERT:+-signed}.efi" + src="\$efi_bindir/shell.efi" [ ! -f "\$src" ] || cp $verbose -pLf "\$src" "\$dest" } @@ -115,7 +113,7 @@ copy_kernel() { copy_elilo() { copy_kernel - cp $verbose -pLf \$efi_bindir/elilo\$bin_suffix.efi \${1:-\$bin_path} + cp $verbose -pLf \$efi_bindir/elilo.efi \${1:-\$bin_path} cat > \$boot/elilo.conf <<- ELILO_EOF default="linux" image="vmlinuz" @@ -126,7 +124,6 @@ copy_elilo() { ELILO_EOF } -# refind is currently signed by default refind_aux=\$efi/refind refind_boot=\$refind_aux/refind_x64.efi -- 1.8.3.4 [-- Attachment #3: 0001-efi-drop-signed-subpackages.patch --] [-- Type: text/plain, Size: 1312 bytes --] >From 90429a850803cce7154755ffff74158053f62694 Mon Sep 17 00:00:00 2001 From: Michael Shigorin <mike@altlinux.org> Date: Tue, 17 Dec 2013 14:22:11 +0200 Subject: [PATCH] efi: drop -signed subpackages We chose to provide methods to sign packages but to avoid signing these by default (with some arbitrary test keys) the signatures are being added *after* the build by means of rpmrebuild-pesign; all of this is made significantly more complicated if there are separate -signed subpackages. So these are being dropped in the packages; account for that. --- features.in/efi/config.mk | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/features.in/efi/config.mk b/features.in/efi/config.mk index 68c46a5..cf1699f 100644 --- a/features.in/efi/config.mk +++ b/features.in/efi/config.mk @@ -18,11 +18,9 @@ use/efi/refind: use/efi @$(call set,EFI_BOOTLOADER,refind) use/efi/signed: use/efi - @$(call set,MKI_VER_MINIMAL,0.2.7) # refind->elilo handoff + @$(call set,MKI_VER_MINIMAL,0.2.7) # refind->elilo handoff ### 0.2.11 @$(call set,EFI_CERT,altlinux) @$(call add,THE_PACKAGES,shim-signed) - @$(call set,EFI_SHELL,efi-shell-signed) # even more useful - @$(call add,RESCUE_PACKAGES,refind-signed) @$(call add,RESCUE_PACKAGES,openssl sbsigntools) use/efi/shell: use/efi -- 1.8.3.4
next parent reply other threads:[~2013-12-18 22:17 UTC|newest] Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top 2013-12-18 22:17 ` Michael Shigorin [this message] 2013-12-23 0:30 ` Michael Shigorin
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20131218221712.GC12432@osdn.org.ua \ --to=mike@osdn.org.ua \ --cc=devel-distro@lists.altlinux.org \ --cc=mike@altlinux.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: link
ALT Linux Distributions development This inbox may be cloned and mirrored by anyone: git clone --mirror http://lore.altlinux.org/devel-distro/0 devel-distro/git/0.git # If you have public-inbox 1.1+ installed, you may # initialize and index your mirror using the following commands: public-inbox-init -V2 devel-distro devel-distro/ http://lore.altlinux.org/devel-distro \ devel-distro@lists.altlinux.org devel-distro@lists.altlinux.ru devel-distro@lists.altlinux.com public-inbox-index devel-distro Example config snippet for mirrors. Newsgroup available over NNTP: nntp://lore.altlinux.org/org.altlinux.lists.devel-distro AGPL code for this site: git clone https://public-inbox.org/public-inbox.git