Bug#851994: grub2: build unsigned efi monolithic packages
Luca Boccassi
luca.boccassi at gmail.com
Fri Jan 20 16:26:13 UTC 2017
Source: grub2
Version: 2.02~beta3-3
Severity: wishlist
Tags: patch
Dear maintainer,
It would be very useful for users wanting to self-sign their EFI
binaries to be able to get the unsigned packages through apt (gpg
authenticated etc etc) to have monolithic unsigned EFI images.
The attached very trivial patch implements just that, following the
model of linux and linux-signed. The .tar.gz archive is still built
together with the package as I understand it will be needed for DAK.
Kind regards,
Luca Boccassi
From 7471c4807c82957adbc538a81fc681a3e9d2eebd Mon Sep 17 00:00:00 2001
From: Luca Boccassi <lboccass at brocade.com>
Date: Fri, 6 Jan 2017 14:51:12 +0000
Subject: [PATCH] Build unsigned efi monolithic packages
Following the linux and linux-signed model, -unsigned efi packages
for arm64 and amd64 are added and built together with the existing
.tar.gz archive.
This is useful for example to be able to get the unsigned packages
through apt (gpg authenticated etc etc) for users wanting to
self-sign their EFI binaries.
---
debian/control | 36 ++++++++++++++++++++++++++++++++++++
debian/rules | 19 +++++++++++--------
2 files changed, 47 insertions(+), 8 deletions(-)
diff --git a/debian/control b/debian/control
index 821e2cd..eeb4578 100644
--- a/debian/control
+++ b/debian/control
@@ -342,6 +342,24 @@ Description: GRand Unified Bootloader, version 2 (EFI-AMD64 version)
EFI-AMD64 architecture, such as the one provided by Intel Macs (that is, unless
a BIOS interface has been activated).
+Package: grub-efi-amd64-unsigned
+Architecture: any-amd64
+Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version}), efibootmgr [linux-any]
+Replaces: grub2 (<< ${source:Version}), grub-common (<= 1.97~beta2-1), grub-efi-amd64 (<< 1.99-1)
+Multi-Arch: foreign
+Description: GRand Unified Bootloader, version 2 (EFI-AMD64 binaries)
+ GRUB is a portable, powerful bootloader. This version of GRUB is based on a
+ cleaner design than its predecessors, and provides the following new features:
+ .
+ - Scripting in grub.cfg using BASH-like syntax.
+ - Support for modern partition maps such as GPT.
+ - Modular generation of grub.cfg via update-grub. Packages providing GRUB
+ add-ons can plug in their own script rules and trigger updates by invoking
+ update-grub.
+ .
+ This package contains a version of GRUB that has been built as a monolithic EFI
+ image for use with EFI-AMD64 architecture.
+
Package: grub-efi-ia64-bin
Architecture: any-ia64
Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version})
@@ -482,6 +500,24 @@ Description: GRand Unified Bootloader, version 2 (ARM64 UEFI version)
This package contains a version of GRUB that has been built for use on
ARM64 systems with UEFI.
+Package: grub-efi-arm64-unsigned
+Architecture: any-arm64
+Pre-Depends: ${misc:Pre-Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, grub2-common (= ${binary:Version}), grub-efi-arm64-bin (= ${binary:Version}), ucf
+Multi-Arch: foreign
+Description: GRand Unified Bootloader, version 2 (ARM64 UEFI version)
+ GRUB is a portable, powerful bootloader. This version of GRUB is based on a
+ cleaner design than its predecessors, and provides the following new features:
+ .
+ - Scripting in grub.cfg using BASH-like syntax.
+ - Support for modern partition maps such as GPT.
+ - Modular generation of grub.cfg via update-grub. Packages providing GRUB
+ add-ons can plug in their own script rules and trigger updates by invoking
+ update-grub.
+ .
+ This package contains a version of GRUB that has been built as a monolithic EFI
+ image for use on ARM64 systems with UEFI.
+
Package: grub-ieee1275-bin
Architecture: any-i386 any-amd64 any-powerpc any-ppc64 any-ppc64el any-sparc any-sparc64
Depends: ${shlibs:Depends}, ${misc:Depends}, grub-common (= ${binary:Version})
diff --git a/debian/rules b/debian/rules
index dad1863..a9e1460 100755
--- a/debian/rules
+++ b/debian/rules
@@ -447,6 +447,16 @@ ifneq (,$(filter grub-pc,$(BUILD_PACKAGES)))
< debian/legacy/update-grub.ubuntu.patch
endif
endif
+ifneq (,$(SB_PACKAGE))
+ mkdir -p debian/$(SB_PACKAGE)-unsigned/usr/lib/grub/$(SB_PLATFORM)-signed/
+ debian/build-efi-images \
+ obj/grub-$(COMMON_PLATFORM)/grub-mkimage \
+ obj/$(SB_PACKAGE)/grub-core \
+ debian/$(SB_PACKAGE)-unsigned/usr/lib/grub/$(SB_PLATFORM)-signed \
+ $(SB_PLATFORM) $(SB_EFI_NAME)
+ echo $(deb_version) \
+ > debian/$(SB_PACKAGE)-unsigned/usr/lib/grub/$(SB_PLATFORM)-signed/version
+endif
override_dh_installdocs:
dh_installdocs $(patsubst %,-p%,$(filter grub-common grub-rescue-pc grub-firmware-qemu grub-xen-host,$(BUILD_PACKAGES))) -A AUTHORS NEWS README THANKS TODO
@@ -483,14 +493,7 @@ TARNAME := grub2_$(deb_version)_$(DEB_HOST_ARCH).tar.gz
override_dh_builddeb:
dh_builddeb -- -Zxz
ifneq (,$(SB_PACKAGE))
- debian/build-efi-images \
- obj/grub-$(COMMON_PLATFORM)/grub-mkimage \
- obj/$(SB_PACKAGE)/grub-core \
- debian/grub2-images/$(deb_version) \
- $(SB_PLATFORM) $(SB_EFI_NAME)
- echo $(deb_version) \
- > debian/grub2-images/$(deb_version)/version
- cd debian/grub2-images && tar czvf ../../../$(TARNAME) .
+ cd debian/$(SB_PACKAGE)-unsigned/usr/lib/grub/$(SB_PLATFORM)-signed/ && tar czvf ../../../../../../../$(TARNAME) .
dpkg-distaddfile $(TARNAME) raw-uefi -
endif
--
2.1.4
More information about the Pkg-grub-devel
mailing list