Name: shim-signed Version: 0.2 Release: 2%{?dist} Summary: First-stage UEFI bootloader #Provides: shim = %{version}-%{release} License: BSD URL: http://www.codon.org.uk/~mjg59/shim/ Source0: shim-fedora.efi Requires: shim-unsigned >= %{version}-%{release} BuildRequires: shim-unsigned = %{version}-%{release} BuildRequires: pesign >= 0.100-1%{dist} # Shim uses OpenSSL, but cannot use the system copy as the UEFI ABI is not # compatible with SysV (there's no red zone under UEFI) and there isn't a # POSIX-style C library. # BuildRequires: OpenSSL Provides: bundled(openssl) = 0.9.8w # Shim is only required on platforms implementing the UEFI secure boot # protocol. The only one of those we currently wish to support is 64-bit x86. # Adding further platforms will require adding appropriate relocation code. ExclusiveArch: x86_64 %global debug_package %{nil} # Figure out the right file path to use %if 0%{?rhel} %global efidir redhat %endif %if 0%{?fedora} %global efidir fedora %endif %description Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. This package contains the version signed by the UEFI signing service. %package -n shim Summary: First-stage UEFI bootloader (signed) %description -n shim Initial UEFI bootloader that handles chaining to a trusted full bootloader under secure boot environments. This package contains the version signed by the UEFI signing service. %prep cd %{_builddir} rm -r shim-signed-%{version} mkdir shim-signed-%{version} %build cd shim-signed-%{version} pesign -i %{SOURCE0} -m %{_datadir}/shim/shim.sig -o shim-signed.efi -u 1 %install rm -rf $RPM_BUILD_ROOT cd shim-signed-%{version} install -D -d -m 0755 $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/ install -m 0644 shim-signed.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim.efi %files -n shim /boot/efi/EFI/%{efidir}/shim.efi %changelog * Mon Dec 03 2012 Peter Jones - 0.2-2 - Initial build