#!/bin/sh # $Id: shim-signed-fedora.SlackBuild,v 1.1 2021/11/01 12:04:40 root Exp root $ # Copyright 2021 Eric Hameleers, Eindhoven, NL # All rights reserved. # # Permission to use, copy, modify, and distribute this software for # any purpose with or without fee is hereby granted, provided that # the above copyright notice and this permission notice appear in all # copies. # # THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. # IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR # CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT # LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF # USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND # ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, # OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT # OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # ----------------------------------------------------------------------------- # # Slackware SlackBuild script # =========================== # By: Eric Hameleers # For: shim-signed-fedora # Descr: Fedora initial bootloader for SecureBoot UEFI # URL: https://github.com/rhboot/shim/ # Build needs: # Needs: # Changelog: # 15.4_5-1: 31/oct/2021 by Eric Hameleers # * Initial build. # # Run 'sh shim-signed-fedora.SlackBuild' to build a Slackware package. # The package (.t?z) and .txt file as well as build logs are created in /tmp . # Install the package using 'installpkg' or 'upgradepkg --install-new'. # # ----------------------------------------------------------------------------- PRGNAM=shim-signed-fedora MAJVER=${MAJVER:-15.4} MINVER=${MINVER:-5} VERSION=${MAJVER}_${MINVER} BUILD=${BUILD:-1} TAG=${TAG:-alien} # Where do we look for sources? SRCDIR=$(cd $(dirname $0); pwd) # Place to build (TMP) package (PKG) and output (OUTPUT) the program: TMP=${TMP:-/tmp/build} PKG=$TMP/package-$PRGNAM OUTPUT=${OUTPUT:-/tmp} SOURCE="$SRCDIR/shim-x64-${MAJVER}-${MINVER}.x86_64.rpm" SRCURL="https://kojipkgs.fedoraproject.org/packages/shim/${MAJVER}/${MINVER}/x86_64/shim-x64-${MAJVER}-${MINVER}.x86_64.rpm" ## ## --- with a little luck, you won't have to edit below this point --- ## ## # Automatically determine the architecture we're building on: if [ -z "$ARCH" ]; then case "$(uname -m)" in x86_64) ARCH="x86_64" ;; *) echo "Unsupported architecture '$(uname -m)'" ; exit 1 ;; esac export ARCH fi # Exit the script on errors: set -e trap 'echo "$0 FAILED at line ${LINENO}" | tee $OUTPUT/error-${PRGNAM}.log' ERR # Catch unitialized variables: set -u P1=${1:-1} # Save old umask and set to 0022: _UMASK_=$(umask) umask 0022 # Create working directories: mkdir -p $OUTPUT # place for the package to be saved mkdir -p $TMP/tmp-$PRGNAM # location to build the source mkdir -p $PKG # place for the package to be built rm -rf $PKG/* # always erase old package's contents rm -rf $TMP/tmp-$PRGNAM/* # remove the remnants of previous build rm -rf $OUTPUT/{checkout,configure,make,install,error,makepkg,patch}-$PRGNAM.log # remove old log files # Source file availability: if ! [ -f ${SOURCE} ]; then echo "Source '$(basename ${SOURCE})' not available yet..." # Check if the $SRCDIR is writable at all - if not, download to $OUTPUT [ -w "$SRCDIR" ] || SOURCE="$OUTPUT/$(basename $SOURCE)" if [ -f ${SOURCE} ]; then echo "Ah, found it!"; continue; fi if ! [ "x${SRCURL}" == "x" ]; then echo "Will download file to $(dirname $SOURCE)" wget --no-check-certificate -nv -T 20 -O "${SOURCE}" "${SRCURL}" || true if [ $? -ne 0 -o ! -s "${SOURCE}" ]; then echo "Downloading '$(basename ${SOURCE})' failed... aborting the build." mv -f "${SOURCE}" "${SOURCE}".FAIL exit 1 fi else echo "File '$(basename ${SOURCE})' not available... aborting the build." exit 1 fi fi if [ "$P1" == "--download" ]; then echo "Download complete." exit 0 fi # --- PACKAGE BUILDING --- echo "++" echo "|| $PRGNAM-$VERSION" echo "++" cd $TMP/tmp-$PRGNAM echo "Extracting the source archive(s) for $PRGNAM..." rpm2cpio ${SOURCE} | cpio -dvim chown -R root:root . chmod -R u+w,go+r-w,a+rX-st . # Install the Fedora signed binaries into the package: install -D -m0644 -t ${PKG}/usr/share/${PRGNAM}/ boot/efi/EFI/fedora/shimx64.efi install -D -m0644 -t ${PKG}/usr/share/${PRGNAM}/ boot/efi/EFI/fedora/mmx64.efi install -D -m0644 -t ${PKG}/usr/share/${PRGNAM}/ boot/efi/EFI/BOOT/fbx64.efi # Add documentation: mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION cat $SRCDIR/$(basename $0) > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild chown -R root:root $PKG/usr/doc/$PRGNAM-$VERSION find $PKG/usr/doc -type f -exec chmod 644 {} \; # Add a package description: mkdir -p $PKG/install cat $SRCDIR/slack-desc > $PKG/install/slack-desc # Build the package: cd $PKG makepkg --linkadd y --chown n $OUTPUT/${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.${PKGTYPE:-txz} 2>&1 | tee $OUTPUT/makepkg-${PRGNAM}.log cd $OUTPUT md5sum ${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.${PKGTYPE:-txz} > ${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.${PKGTYPE:-txz}.md5 cd - cat $PKG/install/slack-desc | grep "^${PRGNAM}" > $OUTPUT/${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.txt # Restore the original umask: umask ${_UMASK_}