[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2-ovmf/ - gentoo-commits

From:	Matthias Maier <tamiko@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2-ovmf/
Date:	Tue, 04 Jan 2022 00:02:29
Message-Id:	`1641254531.9e44e430b7bf879f821301b93fa5006e9d625097.tamiko@gentoo`

1

commit:     9e44e430b7bf879f821301b93fa5006e9d625097

2

Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>

3

AuthorDate: Tue Jan  4 00:01:49 2022 +0000

4

Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>

5

CommitDate: Tue Jan  4 00:02:11 2022 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e44e430

7

8

sys-firmware/edk2-ovmf: workaround: do not install broken qemu config

9

10

As a temporary workaround do not install

11

12

  /usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json

13

14

We are currently not shipping the necessary OVMF_VARS.secboot.fd file

15

16

Bug: https://bugs.gentoo.org/830006

17

Package-Manager: Portage-3.0.30, Repoman-3.0.3

18

RepoMan-Options: --force

19

Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>

20

21

 sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild | 177 ++++++++++++++++++++++

22

 1 file changed, 177 insertions(+)

23

24

diff --git a/sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild b/sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild

25

new file mode 100644

26

index 000000000000..238999b462bb

27

--- /dev/null

28

+++ b/sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild

29

@@ -0,0 +1,177 @@

30

+# Copyright 1999-2022 Gentoo Authors

31

+# Distributed under the terms of the GNU General Public License v2

32

+

33

+EAPI=7

34

+

35

+PYTHON_REQ_USE="sqlite"

36

+PYTHON_COMPAT=( python3_{8,9,10} )

37

+

38

+inherit python-any-r1 readme.gentoo-r1

39

+

40

+DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines"

41

+HOMEPAGE="https://github.com/tianocore/edk2"

42

+

43

+BUNDLED_OPENSSL_SUBMODULE_SHA="e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72"

44

+BUNDLED_BROTLI_SUBMODULE_SHA="666c3280cc11dc433c303d79a83d4ffbdd12cc8d"

45

+

46

+# TODO: talk with tamiko about unbundling (mva)

47

+

48

+# TODO: the binary 202105 package currently lacks the preseeded

49

+#       OVMF_VARS.secboot.fd file (that we typically get from fedora)

50

+

51

+SRC_URI="

52

+	!binary? (

53

+		https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> ${P}.tar.gz

54

+		https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz

55

+		https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz

56

+	)

57

+	binary? ( https://dev.gentoo.org/~tamiko/distfiles/${P}-r1-bin.tar.xz )

58

+	https://dev.gentoo.org/~tamiko/distfiles/${P}-qemu-firmware.tar.xz

59

+"

60

+

61

+LICENSE="BSD-2 MIT"

62

+SLOT="0"

63

+KEYWORDS="amd64 arm64 ~ppc ppc64 x86"

64

+

65

+IUSE="+binary"

66

+REQUIRED_USE+="

67

+	!amd64? ( binary )

68

+"

69

+

70

+NON_BINARY_DEPEND="

71

+	app-emulation/qemu

72

+	>=dev-lang/nasm-2.0.7

73

+	>=sys-power/iasl-20160729

74

+	${PYTHON_DEPS}

75

+"

76

+

77

+DEPEND+="

78

+	!binary? (

79

+		amd64? (

80

+			${NON_BINARY_DEPEND}

81

+		)

82

+	)"

83

+RDEPEND=""

84

+

85

+PATCHES=(

86

+	"${FILESDIR}/${PN}-202105-werror.patch"

87

+)

88

+

89

+S="${WORKDIR}/edk2-edk2-stable${PV}"

90

+

91

+DISABLE_AUTOFORMATTING=true

92

+DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86

93

+virtual machines. The firmware is located under

94

+	/usr/share/edk2-ovmf/OVMF_CODE.fd

95

+	/usr/share/edk2-ovmf/OVMF_VARS.fd

96

+	/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd

97

+

98

+If USE=binary is enabled, we also install an OVMF variables file (coming from

99

+fedora) that contains secureboot default keys

100

+

101

+	/usr/share/edk2-ovmf/OVMF_VARS.secboot.fd

102

+

103

+If you have compiled this package by hand, you need to either populate all

104

+necessary EFI variables by hand by booting

105

+	/usr/share/edk2-ovmf/UefiShell.(iso|img)

106

+or creating OVMF_VARS.secboot.fd by hand:

107

+	https://github.com/puiterwijk/qemu-ovmf-secureboot

108

+

109

+The firmware does not support csm (due to no free csm implementation

110

+available). If you need a firmware with csm support you have to download

111

+one for yourself. Firmware blobs are commonly labeled

112

+	OVMF{,_CODE,_VARS}-with-csm.fd

113

+

114

+In order to use the firmware you can run qemu the following way

115

+

116

+	$ qemu-system-x86_64 \

117

+		-drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \

118

+		..."

119

+

120

+pkg_setup() {

121

+	[[ ${PV} != "999999" ]] && use binary || python-any-r1_pkg_setup

122

+}

123

+

124

+src_prepare() {

125

+	if use binary; then

126

+		eapply_user

127

+	else

128

+		# Bundled submodules

129

+		cp -rl "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}"/* "CryptoPkg/Library/OpensslLib/openssl/"

130

+		cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "BaseTools/Source/C/BrotliCompress/brotli/"

131

+		cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/"

132

+

133

+		sed -i -r \

134

+			-e "/function SetupPython3/,/\}/{s,\\\$\(whereis python3\),${EPYTHON},g}" \

135

+			"${S}"/edksetup.sh || die "Fixing for correct Python3 support failed"

136

+

137

+		default

138

+	fi

139

+}

140

+

141

+src_compile() {

142

+	TARGET_ARCH=X64

143

+	TARGET_NAME=RELEASE

144

+	TARGET_TOOLS=GCC49

145

+

146

+	BUILD_FLAGS="-D TLS_ENABLE \

147

+		-D HTTP_BOOT_ENABLE \

148

+		-D NETWORK_IP6_ENABLE \

149

+		-D TPM_ENABLE \

150

+		-D TPM2_ENABLE -D TPM2_CONFIG_ENABLE \

151

+		-D FD_SIZE_2MB"

152

+

153

+	SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \

154

+		-D SECURE_BOOT_ENABLE \

155

+		-D SMM_REQUIRE \

156

+		-D EXCLUDE_SHELL_FROM_FD"

157

+

158

+	[[ ${PV} != "999999" ]] && use binary && return

159

+

160

+	emake ARCH=${TARGET_ARCH} -C BaseTools

161

+

162

+	. ./edksetup.sh

163

+

164

+	# Build all EFI firmware blobs:

165

+

166

+	mkdir -p ovmf

167

+

168

+	./OvmfPkg/build.sh \

169

+		-a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \

170

+		${BUILD_FLAGS} || die "OvmfPkg/build.sh failed"

171

+

172

+	cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/

173

+	rm -rf Build/OvmfX64

174

+

175

+	./OvmfPkg/build.sh \

176

+		-a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \

177

+		${SECUREBOOT_BUILD_FLAGS} || die "OvmfPkg/build.sh failed"

178

+

179

+	cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd || die "cp failed"

180

+	cp Build/OvmfX64/*/X64/Shell.efi ovmf/ || die "cp failed"

181

+	cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf || die "cp failed"

182

+

183

+	# Build a convenience UefiShell.img:

184

+

185

+	mkdir -p iso_image/efi/boot || die "mkdir failed"

186

+	cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi || die "cp failed"

187

+	cp ovmf/EnrollDefaultKeys.efi iso_image || die "cp failed"

188

+	qemu-img convert --image-opts \

189

+		driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \

190

+		ovmf/UefiShell.img || die "qemu-img failed"

191

+}

192

+

193

+src_install() {

194

+	insinto /usr/share/${PN}

195

+	doins ovmf/*

196

+

197

+	insinto /usr/share/qemu/firmware

198

+	doins qemu/*

199

+	rm "${ED}"/usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json || die "rm failed"

200

+

201

+	readme.gentoo_create_doc

202

+}

203

+

204

+pkg_postinst() {

205

+	readme.gentoo_print_elog

206

+}

1	commit: 9e44e430b7bf879f821301b93fa5006e9d625097
2	Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
3	AuthorDate: Tue Jan 4 00:01:49 2022 +0000
4	Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
5	CommitDate: Tue Jan 4 00:02:11 2022 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9e44e430
7
8	sys-firmware/edk2-ovmf: workaround: do not install broken qemu config
9
10	As a temporary workaround do not install
11
12	/usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json
13
14	We are currently not shipping the necessary OVMF_VARS.secboot.fd file
15
16	Bug: https://bugs.gentoo.org/830006
17	Package-Manager: Portage-3.0.30, Repoman-3.0.3
18	RepoMan-Options: --force
19	Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>
20
21	sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild \| 177 ++++++++++++++++++++++
22	1 file changed, 177 insertions(+)
23
24	diff --git a/sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild b/sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild
25	new file mode 100644
26	index 000000000000..238999b462bb
27	--- /dev/null
28	+++ b/sys-firmware/edk2-ovmf/edk2-ovmf-202105-r2.ebuild
29	@@ -0,0 +1,177 @@
30	+# Copyright 1999-2022 Gentoo Authors
31	+# Distributed under the terms of the GNU General Public License v2
32	+
33	+EAPI=7
34	+
35	+PYTHON_REQ_USE="sqlite"
36	+PYTHON_COMPAT=( python3_{8,9,10} )
37	+
38	+inherit python-any-r1 readme.gentoo-r1
39	+
40	+DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines"
41	+HOMEPAGE="https://github.com/tianocore/edk2"
42	+
43	+BUNDLED_OPENSSL_SUBMODULE_SHA="e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72"
44	+BUNDLED_BROTLI_SUBMODULE_SHA="666c3280cc11dc433c303d79a83d4ffbdd12cc8d"
45	+
46	+# TODO: talk with tamiko about unbundling (mva)
47	+
48	+# TODO: the binary 202105 package currently lacks the preseeded
49	+# OVMF_VARS.secboot.fd file (that we typically get from fedora)
50	+
51	+SRC_URI="
52	+ !binary? (
53	+ https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> ${P}.tar.gz
54	+ https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz
55	+ https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz
56	+ )
57	+ binary? ( https://dev.gentoo.org/~tamiko/distfiles/${P}-r1-bin.tar.xz )
58	+ https://dev.gentoo.org/~tamiko/distfiles/${P}-qemu-firmware.tar.xz
59	+"
60	+
61	+LICENSE="BSD-2 MIT"
62	+SLOT="0"
63	+KEYWORDS="amd64 arm64 ~ppc ppc64 x86"
64	+
65	+IUSE="+binary"
66	+REQUIRED_USE+="
67	+ !amd64? ( binary )
68	+"
69	+
70	+NON_BINARY_DEPEND="
71	+ app-emulation/qemu
72	+ >=dev-lang/nasm-2.0.7
73	+ >=sys-power/iasl-20160729
74	+ ${PYTHON_DEPS}
75	+"
76	+
77	+DEPEND+="
78	+ !binary? (
79	+ amd64? (
80	+ ${NON_BINARY_DEPEND}
81	+ )
82	+ )"
83	+RDEPEND=""
84	+
85	+PATCHES=(
86	+ "${FILESDIR}/${PN}-202105-werror.patch"
87	+)
88	+
89	+S="${WORKDIR}/edk2-edk2-stable${PV}"
90	+
91	+DISABLE_AUTOFORMATTING=true
92	+DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86
93	+virtual machines. The firmware is located under
94	+ /usr/share/edk2-ovmf/OVMF_CODE.fd
95	+ /usr/share/edk2-ovmf/OVMF_VARS.fd
96	+ /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd
97	+
98	+If USE=binary is enabled, we also install an OVMF variables file (coming from
99	+fedora) that contains secureboot default keys
100	+
101	+ /usr/share/edk2-ovmf/OVMF_VARS.secboot.fd
102	+
103	+If you have compiled this package by hand, you need to either populate all
104	+necessary EFI variables by hand by booting
105	+ /usr/share/edk2-ovmf/UefiShell.(iso\|img)
106	+or creating OVMF_VARS.secboot.fd by hand:
107	+ https://github.com/puiterwijk/qemu-ovmf-secureboot
108	+
109	+The firmware does not support csm (due to no free csm implementation
110	+available). If you need a firmware with csm support you have to download
111	+one for yourself. Firmware blobs are commonly labeled
112	+ OVMF{,_CODE,_VARS}-with-csm.fd
113	+
114	+In order to use the firmware you can run qemu the following way
115	+
116	+ $ qemu-system-x86_64 \
117	+ -drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \
118	+ ..."
119	+
120	+pkg_setup() {
121	+ [[ ${PV} != "999999" ]] && use binary \|\| python-any-r1_pkg_setup
122	+}
123	+
124	+src_prepare() {
125	+ if use binary; then
126	+ eapply_user
127	+ else
128	+ # Bundled submodules
129	+ cp -rl "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}"/* "CryptoPkg/Library/OpensslLib/openssl/"
130	+ cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "BaseTools/Source/C/BrotliCompress/brotli/"
131	+ cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/"
132	+
133	+ sed -i -r \
134	+ -e "/function SetupPython3/,/\}/{s,\\\$\(whereis python3\),${EPYTHON},g}" \
135	+ "${S}"/edksetup.sh \|\| die "Fixing for correct Python3 support failed"
136	+
137	+ default
138	+ fi
139	+}
140	+
141	+src_compile() {
142	+ TARGET_ARCH=X64
143	+ TARGET_NAME=RELEASE
144	+ TARGET_TOOLS=GCC49
145	+
146	+ BUILD_FLAGS="-D TLS_ENABLE \
147	+ -D HTTP_BOOT_ENABLE \
148	+ -D NETWORK_IP6_ENABLE \
149	+ -D TPM_ENABLE \
150	+ -D TPM2_ENABLE -D TPM2_CONFIG_ENABLE \
151	+ -D FD_SIZE_2MB"
152	+
153	+ SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \
154	+ -D SECURE_BOOT_ENABLE \
155	+ -D SMM_REQUIRE \
156	+ -D EXCLUDE_SHELL_FROM_FD"
157	+
158	+ [[ ${PV} != "999999" ]] && use binary && return
159	+
160	+ emake ARCH=${TARGET_ARCH} -C BaseTools
161	+
162	+ . ./edksetup.sh
163	+
164	+ # Build all EFI firmware blobs:
165	+
166	+ mkdir -p ovmf
167	+
168	+ ./OvmfPkg/build.sh \
169	+ -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \
170	+ ${BUILD_FLAGS} \|\| die "OvmfPkg/build.sh failed"
171	+
172	+ cp Build/OvmfX64//FV/OVMF_.fd ovmf/
173	+ rm -rf Build/OvmfX64
174	+
175	+ ./OvmfPkg/build.sh \
176	+ -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \
177	+ ${SECUREBOOT_BUILD_FLAGS} \|\| die "OvmfPkg/build.sh failed"
178	+
179	+ cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd \|\| die "cp failed"
180	+ cp Build/OvmfX64/*/X64/Shell.efi ovmf/ \|\| die "cp failed"
181	+ cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf \|\| die "cp failed"
182	+
183	+ # Build a convenience UefiShell.img:
184	+
185	+ mkdir -p iso_image/efi/boot \|\| die "mkdir failed"
186	+ cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi \|\| die "cp failed"
187	+ cp ovmf/EnrollDefaultKeys.efi iso_image \|\| die "cp failed"
188	+ qemu-img convert --image-opts \
189	+ driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \
190	+ ovmf/UefiShell.img \|\| die "qemu-img failed"
191	+}
192	+
193	+src_install() {
194	+ insinto /usr/share/${PN}
195	+ doins ovmf/*
196	+
197	+ insinto /usr/share/qemu/firmware
198	+ doins qemu/*
199	+ rm "${ED}"/usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json \|\| die "rm failed"
200	+
201	+ readme.gentoo_create_doc
202	+}
203	+
204	+pkg_postinst() {
205	+ readme.gentoo_print_elog
206	+}

Gentoo Archives: gentoo-commits