diff options
author | Edward Tomasz Napierala <trasz@FreeBSD.org> | 2015-01-15 10:09:35 +0000 |
---|---|---|
committer | Edward Tomasz Napierala <trasz@FreeBSD.org> | 2015-01-15 10:09:35 +0000 |
commit | 2fd2dc4da157964eecfc220933a2a05cd3bdc685 (patch) | |
tree | ac548a1d99207593268b01b33a019141dbfbb846 /sysutils/shim | |
parent | 3b3cea681c0ea0f90a2b5ec05c1c15abfa99adf0 (diff) | |
download | ports-2fd2dc4da157964eecfc220933a2a05cd3bdc685.tar.gz ports-2fd2dc4da157964eecfc220933a2a05cd3bdc685.zip |
Notes
Diffstat (limited to 'sysutils/shim')
-rw-r--r-- | sysutils/shim/Makefile | 37 | ||||
-rw-r--r-- | sysutils/shim/distinfo | 2 | ||||
-rw-r--r-- | sysutils/shim/files/patch-Cryptlib-Makefile | 9 | ||||
-rw-r--r-- | sysutils/shim/files/patch-Cryptlib-OpenSSL-Makefile | 9 | ||||
-rw-r--r-- | sysutils/shim/files/patch-Makefile | 49 | ||||
-rw-r--r-- | sysutils/shim/files/patch-elf_x86_64_efi.lds | 10 | ||||
-rw-r--r-- | sysutils/shim/files/patch-lib-Makefile | 10 | ||||
-rw-r--r-- | sysutils/shim/pkg-descr | 9 |
8 files changed, 135 insertions, 0 deletions
diff --git a/sysutils/shim/Makefile b/sysutils/shim/Makefile new file mode 100644 index 000000000000..72363f1f88fb --- /dev/null +++ b/sysutils/shim/Makefile @@ -0,0 +1,37 @@ +# Created by: Edward Tomasz Napierala <trasz@FreeBSD.org> +# $FreeBSD$ + +PORTNAME= shim +PORTVERSION= 0.8 +CATEGORIES= sysutils + +MAINTAINER= trasz@FreeBSD.org +COMMENT= UEFI Secure Boot shim loader + +LICENSE= BSD2CLAUSE + +BUILD_DEPENDS= ${NONEXISTENT}:${PORTSDIR}/devel/gnu-efi \ + bash:${PORTSDIR}/shells/bash + +USE_GITHUB= yes +GH_ACCOUNT= mjg59 +GH_COMMIT= 6f4d516 + +USES= gmake +USE_GCC= 4.8+ +USE_GITHUB= yes +MAKE_JOBS_UNSAFE= yes +ONLY_FOR_ARCHS= amd64 + +PLIST_FILES= lib/shim/MokManager.efi lib/shim/fallback.efi lib/shim/shim.efi + +post-patch: + @${REINPLACE_CMD} -e "s|/bin/bash|${LOCALBASE}/bin/bash|" ${WRKSRC}/make-certs + +do-install: + ${MKDIR} ${STAGEDIR}/${PREFIX}/lib/shim + ${INSTALL_PROGRAM} ${WRKSRC}/shim.efi ${STAGEDIR}/${PREFIX}/lib/shim + ${INSTALL_PROGRAM} ${WRKSRC}/MokManager.efi ${STAGEDIR}/${PREFIX}/lib/shim + ${INSTALL_PROGRAM} ${WRKSRC}/fallback.efi ${STAGEDIR}/${PREFIX}/lib/shim + +.include <bsd.port.mk> diff --git a/sysutils/shim/distinfo b/sysutils/shim/distinfo new file mode 100644 index 000000000000..b0e5f98656a0 --- /dev/null +++ b/sysutils/shim/distinfo @@ -0,0 +1,2 @@ +SHA256 (shim-0.8.tar.gz) = 150692b908c8502872a357025e70434c75bad8416d9a52e3e946fd75d3f6cf9e +SIZE (shim-0.8.tar.gz) = 1252057 diff --git a/sysutils/shim/files/patch-Cryptlib-Makefile b/sysutils/shim/files/patch-Cryptlib-Makefile new file mode 100644 index 000000000000..f383cb0b2728 --- /dev/null +++ b/sysutils/shim/files/patch-Cryptlib-Makefile @@ -0,0 +1,9 @@ +--- Cryptlib/Makefile.orig 2014-10-13 22:41:51.000000000 +0200 ++++ Cryptlib/Makefile 2014-11-30 20:23:01.000000000 +0100 +@@ -1,3 +1,6 @@ ++ifeq ($(ARCH),amd64) ++ override ARCH = x86_64 ++endif + + EFI_INCLUDES = -IInclude -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol + diff --git a/sysutils/shim/files/patch-Cryptlib-OpenSSL-Makefile b/sysutils/shim/files/patch-Cryptlib-OpenSSL-Makefile new file mode 100644 index 000000000000..89343408e159 --- /dev/null +++ b/sysutils/shim/files/patch-Cryptlib-OpenSSL-Makefile @@ -0,0 +1,9 @@ +--- Cryptlib/OpenSSL/Makefile.orig 2014-11-30 20:31:14.000000000 +0100 ++++ Cryptlib/OpenSSL/Makefile 2014-11-30 20:31:23.000000000 +0100 +@@ -1,3 +1,6 @@ ++ifeq ($(ARCH),amd64) ++ override ARCH = x86_64 ++endif + + EFI_INCLUDES = -I../Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol + diff --git a/sysutils/shim/files/patch-Makefile b/sysutils/shim/files/patch-Makefile new file mode 100644 index 000000000000..ff4383ff952c --- /dev/null +++ b/sysutils/shim/files/patch-Makefile @@ -0,0 +1,49 @@ +--- Makefile.orig 2014-10-13 22:41:51.000000000 +0200 ++++ Makefile 2014-12-21 16:18:40.000000000 +0100 +@@ -1,16 +1,22 @@ +-CC = $(CROSS_COMPILE)gcc ++CROSS_COMPILE = $(LOCALBASE)/bin/ ++ ++CC = $(CROSS_COMPILE)gcc48 + LD = $(CROSS_COMPILE)ld + OBJCOPY = $(CROSS_COMPILE)objcopy + + ARCH = $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,) + ++ifeq ($(ARCH),amd64) ++ override ARCH := x86_64 ++endif ++ + SUBDIRS = Cryptlib lib + +-LIB_PATH = /usr/lib64 ++LIB_PATH = $(LOCALBASE)/lib + +-EFI_INCLUDE := /usr/include/efi ++EFI_INCLUDE := $(LOCALBASE)/include/efi + EFI_INCLUDES = -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude +-EFI_PATH := /usr/lib64/gnuefi ++EFI_PATH := $(LOCALBASE)/lib + + LIB_GCC = $(shell $(CC) -print-libgcc-file-name) + EFI_LIBS = -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) +@@ -57,7 +63,7 @@ LDFLAGS = -nostdlib -znocombreloc -T $( + + VERSION = 0.8 + +-TARGET = shim.efi MokManager.efi.signed fallback.efi.signed ++TARGET = shim.efi MokManager.efi fallback.efi + OBJS = shim.o netboot.o cert.o replacements.o version.o + KEYS = shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer + SOURCES = shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h +@@ -144,8 +150,8 @@ FORMAT ?= --target efi-app-$(ARCH) + -j .debug_line -j .debug_str -j .debug_ranges \ + $(FORMAT) $^ $@.debug + +-%.efi.signed: %.efi certdb/secmod.db +- pesign -n certdb -i $< -c "shim" -s -o $@ -f ++#%.efi.signed: %.efi certdb/secmod.db ++# pesign -n certdb -i $< -c "shim" -s -o $@ -f + + clean: + $(MAKE) -C Cryptlib clean diff --git a/sysutils/shim/files/patch-elf_x86_64_efi.lds b/sysutils/shim/files/patch-elf_x86_64_efi.lds new file mode 100644 index 000000000000..4a876315a1fe --- /dev/null +++ b/sysutils/shim/files/patch-elf_x86_64_efi.lds @@ -0,0 +1,10 @@ +--- elf_x86_64_efi.lds.orig 2014-12-21 16:01:08.000000000 +0100 ++++ elf_x86_64_efi.lds 2014-12-21 16:01:16.000000000 +0100 +@@ -1,5 +1,5 @@ +-/* Same as elf_x86_64_fbsd_efi.lds, except for OUTPUT_FORMAT below - KEEP IN SYNC */ +-OUTPUT_FORMAT("elf64-x86-64", "elf64-x86-64", "elf64-x86-64") ++/* Same as elf_x86_64_efi.lds, except for OUTPUT_FORMAT below - KEEP IN SYNC */ ++OUTPUT_FORMAT("elf64-x86-64-freebsd", "elf64-x86-64-freebsd", "elf64-x86-64-freebsd") + OUTPUT_ARCH(i386:x86-64) + ENTRY(_start) + SECTIONS diff --git a/sysutils/shim/files/patch-lib-Makefile b/sysutils/shim/files/patch-lib-Makefile new file mode 100644 index 000000000000..d1d0b81bb99c --- /dev/null +++ b/sysutils/shim/files/patch-lib-Makefile @@ -0,0 +1,10 @@ +--- lib/Makefile.orig 2014-11-30 20:34:06.000000000 +0100 ++++ lib/Makefile 2014-11-30 20:34:20.000000000 +0100 +@@ -1,3 +1,7 @@ ++ifeq ($(ARCH),amd64) ++ override ARCH = x86_64 ++endif ++ + TARGET = lib.a + + LIBFILES = simple_file.o guid.o console.o execute.o configtable.o shell.o variables.o security_policy.o diff --git a/sysutils/shim/pkg-descr b/sysutils/shim/pkg-descr new file mode 100644 index 000000000000..e7025805b34e --- /dev/null +++ b/sysutils/shim/pkg-descr @@ -0,0 +1,9 @@ +shim is a trivial EFI application that, when run, attempts to open and +execute another application. It will initially attempt to do this via the +standard EFI LoadImage() and StartImage() calls. If these fail (because secure +boot is enabled and the binary is not signed with an appropriate key, for +instance) it will then validate the binary against a built-in certificate. If +this succeeds and if the binary or signing key are not blacklisted then shim +will relocate and execute the binary. + +WWW: https://github.com/mjg59/shim |