Initial revision

2 files changed, 175 insertions, 0 deletions

diff --git a/shim-signed-fedora/build/shim-signed-fedora.SlackBuild b/shim-signed-fedora/build/shim-signed-fedora.SlackBuild
new file mode 100755
index 00000000..5ab4f7f3
--- /dev/null
+++ b/shim-signed-fedora/build/shim-signed-fedora.SlackBuild
@@ -0,0 +1,156 @@
+#!/bin/sh
+# $Id$
+# Copyright 2021  Eric Hameleers, Eindhoven, NL
+# All rights reserved.
+#
+#   Permission to use, copy, modify, and distribute this software for
+#   any purpose with or without fee is hereby granted, provided that
+#   the above copyright notice and this permission notice appear in all
+#   copies.
+#
+#   THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED
+#   WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+#   MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+#   IN NO EVENT SHALL THE AUTHORS AND COPYRIGHT HOLDERS AND THEIR
+#   CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+#   SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+#   LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF
+#   USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+#   ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+#   OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+#   OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+#   SUCH DAMAGE.
+# -----------------------------------------------------------------------------
+#
+# Slackware SlackBuild script 
+# ===========================
+# By:          Eric Hameleers <alien@slackware.com>
+# For:         shim-signed-fedora
+# Descr:       Fedora initial bootloader for SecureBoot UEFI
+# URL:         https://github.com/rhboot/shim/
+# Build needs: 
+# Needs:       
+# Changelog:   
+# 15.4_5-1:    31/oct/2021 by Eric Hameleers <alien@slackware.com>
+#              * Initial build.
+# 
+# Run 'sh shim-signed-fedora.SlackBuild' to build a Slackware package.
+# The package (.t?z) and .txt file as well as build logs are created in /tmp .
+# Install the package using 'installpkg' or 'upgradepkg --install-new'.
+#
+# -----------------------------------------------------------------------------
+
+PRGNAM=shim-signed-fedora
+MAJVER=${MAJVER:-15.4}
+MINVER=${MINVER:-5}
+VERSION=${MAJVER}_${MINVER}
+BUILD=${BUILD:-1}
+TAG=${TAG:-alien}
+
+# Where do we look for sources?
+SRCDIR=$(cd $(dirname $0); pwd)
+
+# Place to build (TMP) package (PKG) and output (OUTPUT) the program:
+TMP=${TMP:-/tmp/build}
+PKG=$TMP/package-$PRGNAM
+OUTPUT=${OUTPUT:-/tmp}
+
+SOURCE="$SRCDIR/shim-x64-${MAJVER}-${MINVER}.x86_64.rpm"
+SRCURL="https://kojipkgs.fedoraproject.org/packages/shim/${MAJVER}/${MINVER}/x86_64/shim-x64-${MAJVER}-${MINVER}.x86_64.rpm"
+
+##
+## --- with a little luck, you won't have to edit below this point --- ##
+##
+
+# Automatically determine the architecture we're building on:
+if [ -z "$ARCH" ]; then
+  case "$(uname -m)" in
+    x86_64) ARCH="x86_64" ;;
+    *) echo "Unsupported architecture '$(uname -m)'" ; exit 1 ;;
+  esac
+  export ARCH
+fi
+
+# Exit the script on errors:
+set -e
+trap 'echo "$0 FAILED at line ${LINENO}" | tee $OUTPUT/error-${PRGNAM}.log' ERR
+# Catch unitialized variables:
+set -u
+P1=${1:-1}
+
+# Save old umask and set to 0022:
+_UMASK_=$(umask)
+umask 0022
+
+# Create working directories:
+mkdir -p $OUTPUT          # place for the package to be saved
+mkdir -p $TMP/tmp-$PRGNAM # location to build the source
+mkdir -p $PKG             # place for the package to be built
+rm -rf $PKG/*             # always erase old package's contents
+rm -rf $TMP/tmp-$PRGNAM/* # remove the remnants of previous build
+rm -rf $OUTPUT/{checkout,configure,make,install,error,makepkg,patch}-$PRGNAM.log
+                          # remove old log files
+
+# Source file availability:
+if ! [ -f ${SOURCE} ]; then
+  echo "Source '$(basename ${SOURCE})' not available yet..."
+  # Check if the $SRCDIR is writable at all - if not, download to $OUTPUT
+  [ -w "$SRCDIR" ] || SOURCE="$OUTPUT/$(basename $SOURCE)"
+  if [ -f ${SOURCE} ]; then echo "Ah, found it!"; continue; fi
+  if ! [ "x${SRCURL}" == "x" ]; then
+    echo "Will download file to $(dirname $SOURCE)"
+    wget --no-check-certificate -nv -T 20 -O "${SOURCE}" "${SRCURL}" || true
+    if [ $? -ne 0 -o ! -s "${SOURCE}" ]; then
+      echo "Downloading '$(basename ${SOURCE})' failed... aborting the build."
+      mv -f "${SOURCE}" "${SOURCE}".FAIL
+      exit 1
+    fi
+  else
+    echo "File '$(basename ${SOURCE})' not available... aborting the build."
+    exit 1
+  fi
+fi
+
+if [ "$P1" == "--download" ]; then
+  echo "Download complete."
+  exit 0
+fi
+
+# --- PACKAGE BUILDING ---
+
+echo "++"
+echo "|| $PRGNAM-$VERSION"
+echo "++"
+
+cd $TMP/tmp-$PRGNAM
+echo "Extracting the source archive(s) for $PRGNAM..."
+rpm2cpio ${SOURCE} | cpio -dvim
+chown -R root:root .
+chmod -R u+w,go+r-w,a+rX-st .
+
+# Install the Fedora signed binaries into the package:
+install -D -m0644 -t ${PKG}/usr/share/${PRGNAM}/ boot/efi/EFI/fedora/shimx64.efi
+install -D -m0644 -t ${PKG}/usr/share/${PRGNAM}/ boot/efi/EFI/fedora/mmx64.efi
+install -D -m0644 -t ${PKG}/usr/share/${PRGNAM}/ boot/efi/EFI/BOOT/fbx64.efi
+
+# Add documentation:
+mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
+cat $SRCDIR/$(basename $0) > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
+chown -R root:root $PKG/usr/doc/$PRGNAM-$VERSION
+find $PKG/usr/doc -type f -exec chmod 644 {} \;
+
+# Add a package description:
+mkdir -p $PKG/install
+cat $SRCDIR/slack-desc > $PKG/install/slack-desc
+
+# Build the package:
+cd $PKG
+makepkg --linkadd y --chown n $OUTPUT/${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.${PKGTYPE:-txz} 2>&1 | tee $OUTPUT/makepkg-${PRGNAM}.log
+cd $OUTPUT
+md5sum ${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.${PKGTYPE:-txz} > ${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.${PKGTYPE:-txz}.md5
+cd -
+cat $PKG/install/slack-desc | grep "^${PRGNAM}" > $OUTPUT/${PRGNAM}-${VERSION}-${ARCH}-${BUILD}${TAG}.txt
+
+# Restore the original umask:
+umask ${_UMASK_}
+
diff --git a/shim-signed-fedora/build/slack-desc b/shim-signed-fedora/build/slack-desc
new file mode 100644
index 00000000..ba5792ef
--- /dev/null
+++ b/shim-signed-fedora/build/slack-desc
@@ -0,0 +1,19 @@
+# HOW TO EDIT THIS FILE:
+# The "handy ruler" below makes it easier to edit a package description.  Line
+# up the first '|' above the ':' following the base package name, and the '|'
+# on the right side marks the last column you can put a character in.  You must
+# make exactly 11 lines for the formatting to be correct.  It's also
+# customary to leave one space after the ':' except on otherwise blank lines.
+
+                  |-----handy-ruler------------------------------------------------------|
+shim-signed-fedora: shim-signed-fedora (Fedora initial bootloader for SecureBoot UEFI)
+shim-signed-fedora:
+shim-signed-fedora: shim is an initial UEFI bootloader that handles chaining
+shim-signed-fedora: to a trusted full bootloader under secure boot environments.
+shim-signed-fedora: This package contains prebuilt X64 EFI binaries from Fedora
+shim-signed-fedora: which were signed by 'Microsoft UEFI CA'.
+shim-signed-fedora:
+shim-signed-fedora:
+shim-signed-fedora:
+shim-signed-fedora: shim home: https://github.com/rhboot/shim/
+shim-signed-fedora: