Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package shim-leap for openSUSE:Factory
checked in at 2024-08-05 17:22:14
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/shim-leap (Old)
and /work/SRC/openSUSE:Factory/.shim-leap.new.7232 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "shim-leap"
Mon Aug 5 17:22:14 2024 rev:22 rq:1191593 version:15.8
Changes:
--------
--- /work/SRC/openSUSE:Factory/shim-leap/shim-leap.changes 2024-03-19
17:32:55.677157596 +0100
+++ /work/SRC/openSUSE:Factory/.shim-leap.new.7232/shim-leap.changes
2024-08-05 17:23:16.268032076 +0200
@@ -1,0 +2,13 @@
+Tue Jul 23 03:27:56 UTC 2024 - Dennis Tseng <dennis.ts...@suse.com>
+
+- Update to shim to 15.8-shim-15.8-lp155.8.2.x86_64.rpm from
+ openSUSE secure-boot 15.5
+ + Version: 15.8, "Jan 23 2024"
+ + Align the outside shim-install with the one in RPM file.
+ This is because all important fixes in outside shim-install are
+ also fixed in shim-install of RPM file. For consistency purposes,
+ the outside shim-install is updated in this version.
+ + Include the bug fixes for bsc#1215099,bsc#1215098,bsc#1215100,bsc#1215101,
+ bsc#1215102, and bsc#1215103.
+
+-------------------------------------------------------------------
Old:
----
shim-15.4-lp152.4.17.1.x86_64.rpm
New:
----
shim-15.8-lp155.8.2.x86_64.rpm
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ shim-leap.spec ++++++
--- /var/tmp/diff_new_pack.xQ2FKh/_old 2024-08-05 17:23:17.096066031 +0200
+++ /var/tmp/diff_new_pack.xQ2FKh/_new 2024-08-05 17:23:17.096066031 +0200
@@ -25,12 +25,12 @@
%endif
Name: shim-leap
-Version: 15.4
+Version: 15.8
Release: 0
Summary: UEFI shim loader
License: BSD-2-Clause
Group: System/Boot
-Source: shim-15.4-lp152.4.17.1.x86_64.rpm
+Source: shim-15.8-lp155.8.2.x86_64.rpm
Source1: README
Source2: shim-install
BuildRequires: fde-tpm-helper-rpm-macros
++++++ shim-15.4-lp152.4.17.1.x86_64.rpm -> shim-15.8-lp155.8.2.x86_64.rpm
++++++
Binary files old/etc/uefi/certs/4659838C-shim-opensuse.crt and
new/etc/uefi/certs/4659838C-shim-opensuse.crt differ
Binary files old/etc/uefi/certs/4659838C-shim.crt and
new/etc/uefi/certs/4659838C-shim.crt differ
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/usr/sbin/shim-install new/usr/sbin/shim-install
--- old/usr/sbin/shim-install 2021-07-15 12:12:57.000000000 +0200
+++ new/usr/sbin/shim-install 2024-07-04 16:26:35.000000000 +0200
@@ -17,6 +17,7 @@
efibootmgr="/usr/sbin/efibootmgr"
grub_probe="/usr/sbin/grub2-probe"
grub_mkrelpath="/usr/bin/grub2-mkrelpath"
+no_grub_install=no
grub_install="/usr/sbin/grub2-install"
grub_install_target=
self="`basename $0`"
@@ -28,7 +29,7 @@
[ ! -r /usr/etc/default/shim ] || . /usr/etc/default/shim
[ ! -r /etc/default/shim ] || . /etc/default/shim
-if [ -z "$def_shim_efi" ] ; then
+if [ -z "$def_shim_efi" -o ! -e ${source_dir}/${def_shim_efi} ] ; then
def_shim_efi="shim.efi"
fi
@@ -127,6 +128,7 @@
echo "--config-file=FILE use FILE as config file, default is $grub_cfg."
echo "--clean remove all installed files and configs."
echo "--suse-enable-tpm install grub.efi with TPM support."
+ echo "--no-grub-install Do not run grub2-install."
echo
echo "INSTALL_DEVICE must be system device filename."
}
@@ -206,6 +208,9 @@
--clean)
clean=yes ;;
+ --no-grub-install)
+ no_grub_install=yes ;;
+
-*)
echo "Unrecognized option \`$option'" 1>&2
usage
@@ -352,6 +357,48 @@
fi
+prepare_cryptodisk () {
+ uuid="$1"
+
+ if [ "x$GRUB_CRYPTODISK_PASSWORD" != x ]; then
+ echo "cryptomount -u $uuid -p \"$GRUB_CRYPTODISK_PASSWORD\""
+ return
+ fi
+
+ if [ "x$GRUB_TPM2_SEALED_KEY" = x ]; then
+ echo "cryptomount -u $uuid"
+ return
+ fi
+
+ tpm_sealed_key="${GRUB_TPM2_SEALED_KEY}"
+
+ declare -g TPM_PCR_SNAPSHOT_TAKEN
+
+ if [ -z "$TPM_PCR_SNAPSHOT_TAKEN" ]; then
+ TPM_PCR_SNAPSHOT_TAKEN=1
+
+ # Check if tpm_record_pcrs is available and set the command to
+ # grub.cfg.
+ if grep -q "tpm_record_pcrs" ${datadir}/grub2/${arch}-efi/command.lst ;
then
+ echo "tpm_record_pcrs 0-9"
+ fi
+ fi
+
+ tpm_srk_alg="${GRUB_TPM2_SRK_ALG}"
+
+ if [ -z "$tpm_srk_alg" ]; then
+ tpm_srk_alg="RSA"
+ fi
+
+ cat <<EOF
+tpm2_key_protector_init -a $tpm_srk_alg -T \$prefix/$tpm_sealed_key
+if ! cryptomount -u $uuid --protector tpm2; then
+ cryptomount -u $uuid
+fi
+EOF
+}
+
+
make_grubcfg () {
grub_cfg_dirname=`dirname $grub_cfg`
@@ -374,24 +421,39 @@
if [ x$GRUB_ENABLE_CRYPTODISK = xy ]; then
for uuid in `"${grub_probe}" --target=cryptodisk_uuid --device-map=
"${grub_cfg_dirname}"`; do
- echo "cryptomount -u $uuid"
+ prepare_cryptodisk "$uuid"
done
fi
+hints="`"${grub_probe}" --target=hints_string "${grub_cfg_dirname}" 2>
/dev/null`"
+
+if [ "x$hints" != x ]; then
+ echo "if [ x\$feature_platform_search_hint = xy ]; then"
+ echo " search --no-floppy --fs-uuid --set=root ${hints} ${cfg_fs_uuid}"
+ echo "else"
+ echo " search --no-floppy --fs-uuid --set=root ${cfg_fs_uuid}"
+ echo "fi"
+else
+ echo "search --no-floppy --fs-uuid --set=root ${cfg_fs_uuid}"
+fi
+
cat <<EOF
-search --fs-uuid --set=root ${cfg_fs_uuid}
set prefix=(\${root})`${grub_mkrelpath} ${grub_cfg_dirname}`
source "\${prefix}/${grub_cfg_basename}"
EOF
}
-make_grubcfg > "${efidir}/grub.cfg"
# bnc#889765 GRUB shows broken letters at boot
# invoke grub_install to initialize /boot/grub2 directory with files needed by
grub.cfg
# bsc#1118363 shim-install didn't specify the target for grub2-install
# set the target explicitly for some special cases
-${grub_install} --target=${grub_install_target} --no-nvram
+if test "$no_grub_install" != "yes"; then
+ ${grub_install} --target=${grub_install_target} --no-nvram
+fi
+
+# Making sure grub.cfg not overwritten by grub-install above
+make_grubcfg > "${efidir}/grub.cfg"
if test "$no_nvram" = no && test -n "$bootloader_id"; then
Binary files old/usr/share/efi/x86_64/MokManager.efi and
new/usr/share/efi/x86_64/MokManager.efi differ
Binary files old/usr/share/efi/x86_64/fallback.efi and
new/usr/share/efi/x86_64/fallback.efi differ
Binary files old/usr/share/efi/x86_64/shim-opensuse.efi and
new/usr/share/efi/x86_64/shim-opensuse.efi differ
++++++ shim-install ++++++
--- /var/tmp/diff_new_pack.xQ2FKh/_old 2024-08-05 17:23:17.384077841 +0200
+++ /var/tmp/diff_new_pack.xQ2FKh/_new 2024-08-05 17:23:17.388078005 +0200
@@ -60,7 +60,6 @@
if [ x"${GRUB_DISTRIBUTOR}" = x ] && [ -f "${sysconfdir}/os-release" ] ; then
. "${sysconfdir}/os-release"
GRUB_DISTRIBUTOR="${NAME} ${VERSION}"
- OS_ID="${ID}"
fi
bootloader_id="$(echo "$GRUB_DISTRIBUTOR" | tr 'A-Z' 'a-z' | cut -d' ' -f1)"
@@ -79,11 +78,6 @@
*) ca_string="";;
esac
-case "$OS_ID" in
- "opensuse-leap")
- ca_string='SUSE Linux Enterprise Secure Boot CA1';;
-esac
-
is_azure () {
local bios_vendor;
local product_name;
@@ -431,8 +425,19 @@
done
fi
+hints="`"${grub_probe}" --target=hints_string "${grub_cfg_dirname}" 2>
/dev/null`"
+
+if [ "x$hints" != x ]; then
+ echo "if [ x\$feature_platform_search_hint = xy ]; then"
+ echo " search --no-floppy --fs-uuid --set=root ${hints} ${cfg_fs_uuid}"
+ echo "else"
+ echo " search --no-floppy --fs-uuid --set=root ${cfg_fs_uuid}"
+ echo "fi"
+else
+ echo "search --no-floppy --fs-uuid --set=root ${cfg_fs_uuid}"
+fi
+
cat <<EOF
-search --fs-uuid --set=root ${cfg_fs_uuid}
set prefix=(\${root})`${grub_mkrelpath} ${grub_cfg_dirname}`
source "\${prefix}/${grub_cfg_basename}"
EOF
