1 |
commit: 9e44e430b7bf879f821301b93fa5006e9d625097 |
2 |
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
3 |
AuthorDate: Tue Jan 4 00:01:49 2022 +0000 |
4 |
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Jan 4 00:02:11 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e44e430 |
7 |
|
8 |
sys-firmware/edk2-ovmf: workaround: do not install broken qemu config |
9 |
|
10 |
As a temporary workaround do not install |
11 |
|
12 |
/usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json |
13 |
|
14 |
We are currently not shipping the necessary OVMF_VARS.secboot.fd file |
15 |
|
16 |
Bug: https://bugs.gentoo.org/830006 |
17 |
Package-Manager: Portage-3.0.30, Repoman-3.0.3 |
18 |
RepoMan-Options: --force |
19 |
Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org> |
20 |
|
21 |
sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild | 177 ++++++++++++++++++++++ |
22 |
1 file changed, 177 insertions(+) |
23 |
|
24 |
diff --git a/sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild b/sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild |
25 |
new file mode 100644 |
26 |
index 000000000000..238999b462bb |
27 |
--- /dev/null |
28 |
+++ b/sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild |
29 |
@@ -0,0 +1,177 @@ |
30 |
+# Copyright 1999-2022 Gentoo Authors |
31 |
+# Distributed under the terms of the GNU General Public License v2 |
32 |
+ |
33 |
+EAPI=7 |
34 |
+ |
35 |
+PYTHON_REQ_USE="sqlite" |
36 |
+PYTHON_COMPAT=( python3_{8,9,10} ) |
37 |
+ |
38 |
+inherit python-any-r1 readme.gentoo-r1 |
39 |
+ |
40 |
+DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines" |
41 |
+HOMEPAGE="https://github.com/tianocore/edk2" |
42 |
+ |
43 |
+BUNDLED_OPENSSL_SUBMODULE_SHA="e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72" |
44 |
+BUNDLED_BROTLI_SUBMODULE_SHA="666c3280cc11dc433c303d79a83d4ffbdd12cc8d" |
45 |
+ |
46 |
+# TODO: talk with tamiko about unbundling (mva) |
47 |
+ |
48 |
+# TODO: the binary 202105 package currently lacks the preseeded |
49 |
+# OVMF_VARS.secboot.fd file (that we typically get from fedora) |
50 |
+ |
51 |
+SRC_URI=" |
52 |
+ !binary? ( |
53 |
+ https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> ${P}.tar.gz |
54 |
+ https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz |
55 |
+ https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz |
56 |
+ ) |
57 |
+ binary? ( https://dev.gentoo.org/~tamiko/distfiles/${P}-r1-bin.tar.xz ) |
58 |
+ https://dev.gentoo.org/~tamiko/distfiles/${P}-qemu-firmware.tar.xz |
59 |
+" |
60 |
+ |
61 |
+LICENSE="BSD-2 MIT" |
62 |
+SLOT="0" |
63 |
+KEYWORDS="amd64 arm64 ~ppc ppc64 x86" |
64 |
+ |
65 |
+IUSE="+binary" |
66 |
+REQUIRED_USE+=" |
67 |
+ !amd64? ( binary ) |
68 |
+" |
69 |
+ |
70 |
+NON_BINARY_DEPEND=" |
71 |
+ app-emulation/qemu |
72 |
+ >=dev-lang/nasm-2.0.7 |
73 |
+ >=sys-power/iasl-20160729 |
74 |
+ ${PYTHON_DEPS} |
75 |
+" |
76 |
+ |
77 |
+DEPEND+=" |
78 |
+ !binary? ( |
79 |
+ amd64? ( |
80 |
+ ${NON_BINARY_DEPEND} |
81 |
+ ) |
82 |
+ )" |
83 |
+RDEPEND="" |
84 |
+ |
85 |
+PATCHES=( |
86 |
+ "${FILESDIR}/${PN}-202105-werror.patch" |
87 |
+) |
88 |
+ |
89 |
+S="${WORKDIR}/edk2-edk2-stable${PV}" |
90 |
+ |
91 |
+DISABLE_AUTOFORMATTING=true |
92 |
+DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86 |
93 |
+virtual machines. The firmware is located under |
94 |
+ /usr/share/edk2-ovmf/OVMF_CODE.fd |
95 |
+ /usr/share/edk2-ovmf/OVMF_VARS.fd |
96 |
+ /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd |
97 |
+ |
98 |
+If USE=binary is enabled, we also install an OVMF variables file (coming from |
99 |
+fedora) that contains secureboot default keys |
100 |
+ |
101 |
+ /usr/share/edk2-ovmf/OVMF_VARS.secboot.fd |
102 |
+ |
103 |
+If you have compiled this package by hand, you need to either populate all |
104 |
+necessary EFI variables by hand by booting |
105 |
+ /usr/share/edk2-ovmf/UefiShell.(iso|img) |
106 |
+or creating OVMF_VARS.secboot.fd by hand: |
107 |
+ https://github.com/puiterwijk/qemu-ovmf-secureboot |
108 |
+ |
109 |
+The firmware does not support csm (due to no free csm implementation |
110 |
+available). If you need a firmware with csm support you have to download |
111 |
+one for yourself. Firmware blobs are commonly labeled |
112 |
+ OVMF{,_CODE,_VARS}-with-csm.fd |
113 |
+ |
114 |
+In order to use the firmware you can run qemu the following way |
115 |
+ |
116 |
+ $ qemu-system-x86_64 \ |
117 |
+ -drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \ |
118 |
+ ..." |
119 |
+ |
120 |
+pkg_setup() { |
121 |
+ [[ ${PV} != "999999" ]] && use binary || python-any-r1_pkg_setup |
122 |
+} |
123 |
+ |
124 |
+src_prepare() { |
125 |
+ if use binary; then |
126 |
+ eapply_user |
127 |
+ else |
128 |
+ # Bundled submodules |
129 |
+ cp -rl "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}"/* "CryptoPkg/Library/OpensslLib/openssl/" |
130 |
+ cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "BaseTools/Source/C/BrotliCompress/brotli/" |
131 |
+ cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/" |
132 |
+ |
133 |
+ sed -i -r \ |
134 |
+ -e "/function SetupPython3/,/\}/{s,\\\$\(whereis python3\),${EPYTHON},g}" \ |
135 |
+ "${S}"/edksetup.sh || die "Fixing for correct Python3 support failed" |
136 |
+ |
137 |
+ default |
138 |
+ fi |
139 |
+} |
140 |
+ |
141 |
+src_compile() { |
142 |
+ TARGET_ARCH=X64 |
143 |
+ TARGET_NAME=RELEASE |
144 |
+ TARGET_TOOLS=GCC49 |
145 |
+ |
146 |
+ BUILD_FLAGS="-D TLS_ENABLE \ |
147 |
+ -D HTTP_BOOT_ENABLE \ |
148 |
+ -D NETWORK_IP6_ENABLE \ |
149 |
+ -D TPM_ENABLE \ |
150 |
+ -D TPM2_ENABLE -D TPM2_CONFIG_ENABLE \ |
151 |
+ -D FD_SIZE_2MB" |
152 |
+ |
153 |
+ SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \ |
154 |
+ -D SECURE_BOOT_ENABLE \ |
155 |
+ -D SMM_REQUIRE \ |
156 |
+ -D EXCLUDE_SHELL_FROM_FD" |
157 |
+ |
158 |
+ [[ ${PV} != "999999" ]] && use binary && return |
159 |
+ |
160 |
+ emake ARCH=${TARGET_ARCH} -C BaseTools |
161 |
+ |
162 |
+ . ./edksetup.sh |
163 |
+ |
164 |
+ # Build all EFI firmware blobs: |
165 |
+ |
166 |
+ mkdir -p ovmf |
167 |
+ |
168 |
+ ./OvmfPkg/build.sh \ |
169 |
+ -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ |
170 |
+ ${BUILD_FLAGS} || die "OvmfPkg/build.sh failed" |
171 |
+ |
172 |
+ cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/ |
173 |
+ rm -rf Build/OvmfX64 |
174 |
+ |
175 |
+ ./OvmfPkg/build.sh \ |
176 |
+ -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ |
177 |
+ ${SECUREBOOT_BUILD_FLAGS} || die "OvmfPkg/build.sh failed" |
178 |
+ |
179 |
+ cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd || die "cp failed" |
180 |
+ cp Build/OvmfX64/*/X64/Shell.efi ovmf/ || die "cp failed" |
181 |
+ cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf || die "cp failed" |
182 |
+ |
183 |
+ # Build a convenience UefiShell.img: |
184 |
+ |
185 |
+ mkdir -p iso_image/efi/boot || die "mkdir failed" |
186 |
+ cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi || die "cp failed" |
187 |
+ cp ovmf/EnrollDefaultKeys.efi iso_image || die "cp failed" |
188 |
+ qemu-img convert --image-opts \ |
189 |
+ driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \ |
190 |
+ ovmf/UefiShell.img || die "qemu-img failed" |
191 |
+} |
192 |
+ |
193 |
+src_install() { |
194 |
+ insinto /usr/share/${PN} |
195 |
+ doins ovmf/* |
196 |
+ |
197 |
+ insinto /usr/share/qemu/firmware |
198 |
+ doins qemu/* |
199 |
+ rm "${ED}"/usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json || die "rm failed" |
200 |
+ |
201 |
+ readme.gentoo_create_doc |
202 |
+} |
203 |
+ |
204 |
+pkg_postinst() { |
205 |
+ readme.gentoo_print_elog |
206 |
+} |