* Re: [devel-distro] [#110111] DONE (try 8) srpm=refind-0.6.12-alt3.src.rpm srpm=elilo-3.14-alt1.5926535.src.rpm ...
@ 2013-12-18 22:17 ` Michael Shigorin
2013-12-23 0:30 ` Michael Shigorin
0 siblings, 1 reply; 2+ messages in thread
From: Michael Shigorin @ 2013-12-18 22:17 UTC (permalink / raw)
To: devel-distro
[-- Attachment #1: Type: text/plain, Size: 2209 bytes --]
Здравствуйте.
Вниманию всех собирающих образы с поддержкой EFI: после прохождения
этих заданий в сизиф (бишь с ближайшего утра) несколько изменяется
работа с mkimage в случае необходимости включения подписанных для
условий UEFI SB бинарников.
Для mkimage потребуется патч вроде приложенного коммита
относительно 0.2.10 (надеюсь, на днях будет опубликован
и упакован).
В случае применения mkimage-profiles также потребуется патч
вроде приложенного (который ещё будет изменён до включения
в публикуемый репозиторий) -- это поверх 1.1.17.
Дальнейшие детали -- в более разумное время суток.
On Wed, Dec 18, 2013 at 09:18:19PM +0000, Girar Builder pender robot wrote:
> http://git.altlinux.org/tasks/archive/done/_107/110111/logs/events.8.1.log
>
> 2013-Dec-18 21:10:17 :: task #110111 for sisyphus resumed by mike:
[...]
> #400 build refind-0.6.12-alt3.src.rpm
> #500 build elilo-3.14-alt1.5926535.src.rpm
> #600 build 2.00-alt20 from /people/mike/packages/grub2.git
[...]
> 2013-Dec-18 21:18:19 :: task #110111 for sisyphus DONE
On Wed, Dec 18, 2013 at 04:10:58PM +0000, Girar Builder awaiter robot wrote:
> http://git.altlinux.org/tasks/110111/logs/events.6.1.log
>
> 2013-Dec-18 15:52:44 :: test-only task #110111 for sisyphus resumed by mike:
[...]
> 2013-Dec-18 15:54:32 :: [x86_64] #400: pesigning approved by mike
> 2013-Dec-18 15:54:44 :: [x86_64] #400: refind: pesign OK
> 2013-Dec-18 15:55:17 :: [x86_64] #500: pesigning approved by mike
> 2013-Dec-18 15:55:28 :: [x86_64] #500: elilo: pesign OK
> 2013-Dec-18 16:05:18 :: [x86_64] #600: pesigning approved by mike
> 2013-Dec-18 16:05:31 :: [x86_64] #600: grub2-efi: pesign OK
> 2013-Dec-18 16:05:31 :: [x86_64] #600 grub2.git 2.00-alt20: build OK
On Wed, Dec 18, 2013 at 09:06:58PM +0000, Girar Builder pender robot wrote:
> http://git.altlinux.org/tasks/archive/done/_108/110658/logs/events.3.3.log
>
> 2013-Dec-18 20:59:40 :: task #110658 for sisyphus resumed by mike:
> #100 build shim-0.4-alt1.2.src.rpm
> #200 build 0.4-alt3 from /people/mike/packages/shim-signed.git
[...]
> 2013-Dec-18 21:06:57 :: task #110658 for sisyphus DONE
--
---- WBR, Michael Shigorin / http://altlinux.org
------ http://opennet.ru / http://anna-news.info
[-- Attachment #2: 0001-mki-copy-efiboot-drop-signed-subpackages.patch --]
[-- Type: text/plain, Size: 2019 bytes --]
>From d7c348de603ef11f63fb4d8a0ddcc51c3e7b44dc Mon Sep 17 00:00:00 2001
From: Michael Shigorin <mike@altlinux.org>
Date: Wed, 18 Dec 2013 02:23:47 +0400
Subject: [PATCH] mki-copy-efiboot: drop -signed subpackages
There are no (un)signed EFI subpackages now but presence
of a signature or the lack thereof is being determined
by the build environment or postprocessing; just drop
the code written to support the experimental state
of affairs.
---
tools/mki-copy-efiboot | 11 ++++-------
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/tools/mki-copy-efiboot b/tools/mki-copy-efiboot
index 58f70a4..0116430 100755
--- a/tools/mki-copy-efiboot
+++ b/tools/mki-copy-efiboot
@@ -30,11 +30,11 @@ pkgs="$pkgs $EFI_BOOTLOADER"
pkgs="$pkgs $EFI_SHELL"
[ -z "${EFI_CERT:-}" ] ||
- pkgs="$pkgs alt-uefi-keys shim-signed $EFI_BOOTLOADER-signed"
+ pkgs="$pkgs alt-uefi-keys shim-signed"
case "${EFI_BOOTLOADER:-}" in
refind) # won't boot unsigned kernels in SB mode
- pkgs="$pkgs elilo${EFI_CERT:+-signed}"
+ pkgs="$pkgs elilo"
;;
esac
@@ -69,11 +69,9 @@ mkdir $verbose -p -- \$boot
if [ -n "${EFI_CERT:-}" ]; then
shim_path=\$boot/bootx64.efi
bin_path=\$boot/grubx64.efi
- bin_suffix=-signed
else
shim_path=
bin_path=\$boot/bootx64.efi
- bin_suffix=
fi
stage2_size="\$[ \$(stat -c%s \$stage2) / 1024 + 1 ]"
@@ -84,7 +82,7 @@ efi_bindir=/usr/lib64/efi
copy_shell() {
dest="\$efi/\$shell"
- src="\$efi_bindir/shell${EFI_CERT:+-signed}.efi"
+ src="\$efi_bindir/shell.efi"
[ ! -f "\$src" ] ||
cp $verbose -pLf "\$src" "\$dest"
}
@@ -115,7 +113,7 @@ copy_kernel() {
copy_elilo() {
copy_kernel
- cp $verbose -pLf \$efi_bindir/elilo\$bin_suffix.efi \${1:-\$bin_path}
+ cp $verbose -pLf \$efi_bindir/elilo.efi \${1:-\$bin_path}
cat > \$boot/elilo.conf <<- ELILO_EOF
default="linux"
image="vmlinuz"
@@ -126,7 +124,6 @@ copy_elilo() {
ELILO_EOF
}
-# refind is currently signed by default
refind_aux=\$efi/refind
refind_boot=\$refind_aux/refind_x64.efi
--
1.8.3.4
[-- Attachment #3: 0001-efi-drop-signed-subpackages.patch --]
[-- Type: text/plain, Size: 1312 bytes --]
>From 90429a850803cce7154755ffff74158053f62694 Mon Sep 17 00:00:00 2001
From: Michael Shigorin <mike@altlinux.org>
Date: Tue, 17 Dec 2013 14:22:11 +0200
Subject: [PATCH] efi: drop -signed subpackages
We chose to provide methods to sign packages but to avoid
signing these by default (with some arbitrary test keys)
the signatures are being added *after* the build by means
of rpmrebuild-pesign; all of this is made significantly
more complicated if there are separate -signed subpackages.
So these are being dropped in the packages; account for that.
---
features.in/efi/config.mk | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/features.in/efi/config.mk b/features.in/efi/config.mk
index 68c46a5..cf1699f 100644
--- a/features.in/efi/config.mk
+++ b/features.in/efi/config.mk
@@ -18,11 +18,9 @@ use/efi/refind: use/efi
@$(call set,EFI_BOOTLOADER,refind)
use/efi/signed: use/efi
- @$(call set,MKI_VER_MINIMAL,0.2.7) # refind->elilo handoff
+ @$(call set,MKI_VER_MINIMAL,0.2.7) # refind->elilo handoff ### 0.2.11
@$(call set,EFI_CERT,altlinux)
@$(call add,THE_PACKAGES,shim-signed)
- @$(call set,EFI_SHELL,efi-shell-signed) # even more useful
- @$(call add,RESCUE_PACKAGES,refind-signed)
@$(call add,RESCUE_PACKAGES,openssl sbsigntools)
use/efi/shell: use/efi
--
1.8.3.4
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [devel-distro] [#110111] DONE (try 8) srpm=refind-0.6.12-alt3.src.rpm srpm=elilo-3.14-alt1.5926535.src.rpm ...
2013-12-18 22:17 ` [devel-distro] [#110111] DONE (try 8) srpm=refind-0.6.12-alt3.src.rpm srpm=elilo-3.14-alt1.5926535.src.rpm Michael Shigorin
@ 2013-12-23 0:30 ` Michael Shigorin
0 siblings, 0 replies; 2+ messages in thread
From: Michael Shigorin @ 2013-12-23 0:30 UTC (permalink / raw)
To: devel-distro
On Thu, Dec 19, 2013 at 12:17:12AM +0200, I wrote:
> Для mkimage потребуется патч вроде приложенного коммита
> относительно 0.2.10 (надеюсь, на днях будет опубликован
> и упакован).
В тестовом задании #110730 доступен mkimage-0.2.12,
исправляющий минимум два неприятных ляпа в 0.2.11
(который и не спешил отправлять в сизиф до более
тщательной перепроверки/вычитки).
Думаю, сегодня будет опубликован нынешний mkimage-profiles,
но затрагивающие EFI коммиты кроме упоминавшегося там по части
regular-rescue.
Также выяснилось (#29662), что критически важны исправления
в xorriso-1.3.4; соответствующие задания уже в сизифе
и --test-only для t7/branch (110882) с тем, чтобы можно
было собираться с ним, а к вечеру отправить и в p7/branch.
--
---- WBR, Michael Shigorin / http://altlinux.org
------ http://opennet.ru / http://anna-news.info
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-12-23 0:30 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-12-18 22:17 ` [devel-distro] [#110111] DONE (try 8) srpm=refind-0.6.12-alt3.src.rpm srpm=elilo-3.14-alt1.5926535.src.rpm Michael Shigorin
2013-12-23 0:30 ` Michael Shigorin
ALT Linux Distributions development
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/devel-distro/0 devel-distro/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 devel-distro devel-distro/ http://lore.altlinux.org/devel-distro \
devel-distro@lists.altlinux.org devel-distro@lists.altlinux.ru devel-distro@lists.altlinux.com
public-inbox-index devel-distro
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.devel-distro
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git