system/efitools: Added (Tools for manipulating UEFI secure boot).

Signed-off-by: Willy Sudiarto Raharjo <willysr@slackbuilds.org>
This commit is contained in:
Jonathan Li 2015-02-08 07:28:36 +07:00 committed by Willy Sudiarto Raharjo
parent 43f30994a6
commit 64212ca888
4 changed files with 157 additions and 0 deletions

17
system/efitools/README Normal file
View file

@ -0,0 +1,17 @@
efitools is a set of tools for manipulating EFI secure boot platforms.
If you ever plan to use LockDown.efi (it's an EFI program that
installs a predefined set of Secure Boot keys if you run it while your
machine is in setup mode) you will want to use your own Secure Boot
keys and maybe specify an owner GUID (in hex). The keys should be placed
in the SlackBuild directory and named:
Platform Key public/private keys - PK.crt, PK.key
Key Exchange public/private keys - KEK.crt, KEK.key
Signature Database public/private keys - DB.crt, DB.key
and the SlackBuild should be executed using:
GUID=xxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx USE_KEYS=yes ./efitools.SlackBuild
It's unlikely that you'll use LockDown.efi and there are alternate methods
to do what it does, so it's fine just to ignore it.

View file

@ -0,0 +1,111 @@
#!/bin/sh
# Slackware build script for efitools
# Copyright 2015 Jonathan Li
# All rights reserved.
#
# Redistribution and use of this script, with or without modification, is
# permitted provided that the following conditions are met:
#
# 1. Redistributions of this script must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
PRGNAM=efitools
VERSION=${VERSION:-1.5.2}
BUILD=${BUILD:-1}
TAG=${TAG:-_SBo}
MYGUID=${MYGUID:-11111111-2222-3333-4444-123456789abc}
USE_KEYS=${USE_KEYS:-no}
if [ -z "$ARCH" ]; then
case "$( uname -m )" in
i?86) ARCH=i486 ;;
arm*) ARCH=arm ;;
*) ARCH=$( uname -m ) ;;
esac
fi
CWD=$(pwd)
TMP=${TMP:-/tmp/SBo}
PKG=$TMP/package-$PRGNAM
OUTPUT=${OUTPUT:-/tmp}
# It's not safe to specify build flags since some EFI programs are built.
if [ "$ARCH" = "i486" ]; then
LIBDIRSUFFIX=""
EFI_ARCH=ia32
elif [ "$ARCH" = "i686" ]; then
LIBDIRSUFFIX=""
EFI_ARCH=ia32
elif [ "$ARCH" = "x86_64" ]; then
LIBDIRSUFFIX="64"
EFI_ARCH=x86_64
fi
set -e
rm -rf $PKG
mkdir -p $TMP $PKG $OUTPUT
cd $TMP
rm -rf $PRGNAM-$VERSION
tar xvf $CWD/$PRGNAM-$VERSION.tar.?z*
cd $PRGNAM-$VERSION
# Add library path so efi libraries are found.
sed -i "s:-nostdlib:-nostdlib -L /usr/lib${LIBDIRSUFFIX}:g" Make.rules
chown -R root:root .
if [ "$USE_KEYS" = "yes" ]; then
for i in DB.key DB.crt KEK.key KEK.crt PK.key PK.crt
do
if [ ! -f $CWD/$i ]; then
echo "$i missing. Aborting"
exit 1
fi
cp $CWD/$i .
done
fi
find -L . \
\( -perm 777 -o -perm 775 -o -perm 750 -o -perm 711 -o -perm 555 \
-o -perm 511 \) -exec chmod 755 {} \; -o \
\( -perm 666 -o -perm 664 -o -perm 640 -o -perm 600 -o -perm 444 \
-o -perm 440 -o -perm 400 \) -exec chmod 644 {} \;
make CRTPATH=/usr/lib${LIBDIRSUFFIX}/gnuefi MYGUID=${MYGUID} ARCH=$EFI_ARCH
make install DESTDIR=$PKG MANDIR=$PKG/usr/man/man1 ARCH=$EFI_ARCH
# Delete the private keys in $TMP. Especially important if the user doesn't
# clear $TMP themselves.
if [ "$USE_KEYS" = "yes" ]; then
rm DB.key KEK.key PK.key
fi
find $PKG -print0 | xargs -0 file | grep -e "executable" -e "shared object" | grep ELF \
| cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true
find $PKG/usr/man -type f -exec gzip -9 {} \;
for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done
mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
cd $PKG/usr/share/efitools
mv README COPYING $PKG/usr/doc/$PRGNAM-$VERSION
cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild
mkdir -p $PKG/install
cat $CWD/slack-desc > $PKG/install/slack-desc
cd $PKG
/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz}

View file

@ -0,0 +1,10 @@
PRGNAM="efitools"
VERSION="1.5.2"
HOMEPAGE="https://git.kernel.org/cgit/linux/kernel/git/jejb/efitools.git"
DOWNLOAD="https://build.opensuse.org/source/home:jejb1:UEFI/efitools/efitools-1.5.2.tar.gz"
MD5SUM="4feaaef124f9af902ecb448e3ec13c5f"
DOWNLOAD_x86_64=""
MD5SUM_x86_64=""
REQUIRES="perl-File-Slurp sbsigntools"
MAINTAINER="Jonathan Li"
EMAIL="jonathan dot li at hotmail dot co dot uk"

View file

@ -0,0 +1,19 @@
# HOW TO EDIT THIS FILE:
# The "handy ruler" below makes it easier to edit a package description.
# Line up the first '|' above the ':' following the base package name, and
# the '|' on the right side marks the last column you can put a character in.
# You must make exactly 11 lines for the formatting to be correct. It's also
# customary to leave one space after the ':' except on otherwise blank lines.
|-----handy-ruler------------------------------------------------------|
efitools: efitools (Tools for manipulating UEFI secure boot platforms)
efitools:
efitools: efitools is a set of tools for manipulating EFI secure boot platforms.
efitools:
efitools:
efitools:
efitools:
efitools:
efitools:
efitools:
efitools: