1 |
commit: dee51fb9e273c98d521b6d7083030f89d8c13ad5 |
2 |
Author: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Jan 3 23:51:34 2022 +0000 |
4 |
Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org> |
5 |
CommitDate: Tue Jan 4 00:02:11 2022 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dee51fb9 |
7 |
|
8 |
sys-firmware/edk2-ovmf: clean up vulnerable |
9 |
|
10 |
Bug: https://bugs.gentoo.org/797232 |
11 |
Bug: https://bugs.gentoo.org/797703 |
12 |
Package-Manager: Portage-3.0.30, Repoman-3.0.3 |
13 |
Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org> |
14 |
|
15 |
sys-firmware/edk2-ovmf/Manifest | 3 - |
16 |
sys-firmware/edk2-ovmf/edk2-ovmf-202008.ebuild | 186 ------------------------- |
17 |
2 files changed, 189 deletions(-) |
18 |
|
19 |
diff --git a/sys-firmware/edk2-ovmf/Manifest b/sys-firmware/edk2-ovmf/Manifest |
20 |
index 82d355e9d92e..109f312f8e6e 100644 |
21 |
--- a/sys-firmware/edk2-ovmf/Manifest |
22 |
+++ b/sys-firmware/edk2-ovmf/Manifest |
23 |
@@ -1,7 +1,4 @@ |
24 |
DIST brotli-666c3280cc11dc433c303d79a83d4ffbdd12cc8d.tar.gz 23855739 BLAKE2B 7406ec5b29ac66afbcd7c1376bb3208f298d19b6592b2869c52173aa64947d58bd443f9a61c67deaf046be910a0e31c0b843e5508e97e0e1f5e7bce100d86904 SHA512 df8e90562c4fd7f0e787949df6bc4f5a165b39bd333f442d27874fe65640fbba268f9350d7113e6761a5acceb66d78e75f1a296e5a89b94574edf28109cdc812 |
25 |
-DIST edk2-ovmf-202008-bin.tar.xz 3486024 BLAKE2B 8283db554ad7024e3a55b62ed0a560ed9f729d728f1dee3806814b1eb8d89dabc4fd70433f7f77656b65d9af7919d036074a53a95190a1aa8b65ab7d73495ffc SHA512 d0c8b249a7a2124e8bb63a4358466e86a3a837e76586565dd4762351998d8561374eabb8a1303dbf71ac269c15552d9e8cff71d65bc6fe8a3a81fb4fb032e0d8 |
26 |
-DIST edk2-ovmf-202008-qemu-firmware.tar.xz 680 BLAKE2B 176f8e94a3f605acc72850634cbf155619490f5998125521a392a8e9c7d2b78841b841f0cb5ea860f14645b124cf1921256bbe46960efbe3401805d89bbfbed6 SHA512 b72f248ab4d49503c3e8e686e22beb77f0e48d2c6c9523f389f20504e0c30fa11fa0fcb5607d7d5bb1ba2433894fa458864c5761335e39de4b2a40b01203f043 |
27 |
-DIST edk2-ovmf-202008.tar.gz 13172590 BLAKE2B 10acf77d0e70e21ca425ea41c0062f8cebe2cc607b93a2a253bcd87cea1546e791776a34d43fbf4f1040f4fc32e3ee413d44873d0f00b9e523816519cfed634e SHA512 c32340104f27b9b85f79e934cc9eeb739d47b01e13975c88f39b053e9bc5a1ecfe579ab3b63fc7747cc328e104b337b53d41deb4470c3f20dbbd5552173a4666 |
28 |
DIST edk2-ovmf-202105-qemu-firmware.tar.xz 672 BLAKE2B e87845a84c83f65db836fd054c81a4f3062d5e0fcc51aa0ecf9c2d23c8741f218d38ef737d140f5935ce8d9c34508e5f3b9f54bf9c547a391fa63cdc2ecf1233 SHA512 6100502f26db26e407dacce57c96b1abfd372bcb31767a068332afa09ac435a092fd2a73db27670d27c6e927c26e88315346bbac70578571108434b9683bd00c |
29 |
DIST edk2-ovmf-202105-r1-bin.tar.xz 2633188 BLAKE2B 93b4bd1c75da69406b5d27ac32d8b7c63dc8248bcd5d54832e520a4b009be4b7f215eb7d489ecb7cb16d31e02452dfa06b8fa709f37c44e59b4ff70a550076c7 SHA512 356c2110abce43da9c0654324e222cbbab7085e3aa23d1ba4c98011e4d4992a37d61fa45394305b748d119dba12f65d7c7d630b9f8038065ba4672d758c702be |
30 |
DIST edk2-ovmf-202105.tar.gz 13702868 BLAKE2B 3ec01d467562380ca2fd3bd807d2f6c55e4637c1afd71533f8f5b22cc634dc4c8cb63dab921677f8b315d17b3c9d0b6b00a0e2f3f8da61107033e9e81bf5a64d SHA512 c263345cbb243c63985f974a61f37c577a139d6a7099d2b8c9e1a553e5ebf16de12fb711b72624081c6bf637f8084bbf71731ab99e5747d81da460388ac25791 |
31 |
|
32 |
diff --git a/sys-firmware/edk2-ovmf/edk2-ovmf-202008.ebuild b/sys-firmware/edk2-ovmf/edk2-ovmf-202008.ebuild |
33 |
deleted file mode 100644 |
34 |
index c02cae3b5fcf..000000000000 |
35 |
--- a/sys-firmware/edk2-ovmf/edk2-ovmf-202008.ebuild |
36 |
+++ /dev/null |
37 |
@@ -1,186 +0,0 @@ |
38 |
-# Copyright 1999-2021 Gentoo Authors |
39 |
-# Distributed under the terms of the GNU General Public License v2 |
40 |
- |
41 |
-EAPI=7 |
42 |
- |
43 |
-PYTHON_REQ_USE="sqlite" |
44 |
-PYTHON_COMPAT=( python3_{7,8,9} ) |
45 |
- |
46 |
-inherit python-any-r1 readme.gentoo-r1 |
47 |
- |
48 |
-DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines" |
49 |
-HOMEPAGE="https://github.com/tianocore/edk2" |
50 |
- |
51 |
-NON_BINARY_DEPEND=" |
52 |
- app-emulation/qemu |
53 |
- >=dev-lang/nasm-2.0.7 |
54 |
- >=sys-power/iasl-20160729 |
55 |
- ${PYTHON_DEPS} |
56 |
-" |
57 |
-DEPEND="" |
58 |
-RDEPEND="" |
59 |
-if [[ ${PV} == "999999" ]] ; then |
60 |
- inherit git-r3 |
61 |
- EGIT_REPO_URI="https://github.com/tianocore/edk2" |
62 |
- DEPEND+=" |
63 |
- ${NON_BINARY_DEPEND} |
64 |
- " |
65 |
-else |
66 |
- BUNDLED_OPENSSL_SUBMODULE_SHA="e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72" |
67 |
- BUNDLED_BROTLI_SUBMODULE_SHA="666c3280cc11dc433c303d79a83d4ffbdd12cc8d" |
68 |
- # Binary versions taken from fedora: |
69 |
- # http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/e/ |
70 |
- # edk2-ovmf-20200801stable-1.fc34.noarch.rpm |
71 |
- |
72 |
- # TODO: talk with tamiko about unbundling |
73 |
- SRC_URI=" |
74 |
- !binary? ( |
75 |
- https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> ${P}.tar.gz |
76 |
- https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz |
77 |
- https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz |
78 |
- ) |
79 |
- binary? ( https://dev.gentoo.org/~mva/distfiles/${P}-bin.tar.xz ) |
80 |
- https://dev.gentoo.org/~mva/distfiles/${P}-qemu-firmware.tar.xz |
81 |
- " |
82 |
- KEYWORDS="amd64 arm64 ~ppc ppc64 x86" |
83 |
- IUSE="+binary" |
84 |
- REQUIRED_USE+=" |
85 |
- !amd64? ( binary ) |
86 |
- " |
87 |
- DEPEND+=" |
88 |
- !binary? ( |
89 |
- amd64? ( |
90 |
- ${NON_BINARY_DEPEND} |
91 |
- ) |
92 |
- )" |
93 |
- PATCHES=( |
94 |
- ) |
95 |
-fi |
96 |
- |
97 |
-LICENSE="BSD-2 MIT" |
98 |
-SLOT="0" |
99 |
- |
100 |
-S="${WORKDIR}/edk2-edk2-stable${PV}" |
101 |
- |
102 |
-DISABLE_AUTOFORMATTING=true |
103 |
-DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86 |
104 |
-virtual machines. The firmware is located under |
105 |
- /usr/share/edk2-ovmf/OVMF_CODE.fd |
106 |
- /usr/share/edk2-ovmf/OVMF_VARS.fd |
107 |
- /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd |
108 |
- |
109 |
-If USE=binary is enabled, we also install an OVMF variables file (coming from |
110 |
-fedora) that contains secureboot default keys |
111 |
- |
112 |
- /usr/share/edk2-ovmf/OVMF_VARS.secboot.fd |
113 |
- |
114 |
-If you have compiled this package by hand, you need to either populate all |
115 |
-necessary EFI variables by hand by booting |
116 |
- /usr/share/edk2-ovmf/UefiShell.(iso|img) |
117 |
-or creating OVMF_VARS.secboot.fd by hand: |
118 |
- https://github.com/puiterwijk/qemu-ovmf-secureboot |
119 |
- |
120 |
-The firmware does not support csm (due to no free csm implementation |
121 |
-available). If you need a firmware with csm support you have to download |
122 |
-one for yourself. Firmware blobs are commonly labeled |
123 |
- OVMF{,_CODE,_VARS}-with-csm.fd |
124 |
- |
125 |
-In order to use the firmware you can run qemu the following way |
126 |
- |
127 |
- $ qemu-system-x86_64 \ |
128 |
- -drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \ |
129 |
- ... |
130 |
- |
131 |
-You can register the firmware for use in libvirt by adding to /etc/libvirt/qemu.conf: |
132 |
- nvram = [ |
133 |
- \"/usr/share/edk2-ovmf/OVMF_CODE.fd:/usr/share/edk2-ovmf/OVMF_VARS.fd\" |
134 |
- \"/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd:/usr/share/edk2-ovmf/OVMF_VARS.fd\" |
135 |
- ]" |
136 |
- |
137 |
-pkg_setup() { |
138 |
- [[ ${PV} != "999999" ]] && use binary || python-any-r1_pkg_setup |
139 |
-} |
140 |
- |
141 |
-src_prepare() { |
142 |
- if ! use binary; then |
143 |
- sed -i -r \ |
144 |
- -e "/function SetupPython3/,/\}/{s,\\\$\(whereis python3\),${EPYTHON},g}" \ |
145 |
- "${S}"/edksetup.sh || die "Fixing for correct Python3 support failed" |
146 |
- fi |
147 |
- if [[ ${PV} != "999999" ]]; then |
148 |
- if use binary; then |
149 |
- eapply_user |
150 |
- return |
151 |
- else |
152 |
- # Bundled submodules |
153 |
- cp -rl "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}"/* "CryptoPkg/Library/OpensslLib/openssl/" |
154 |
- cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "BaseTools/Source/C/BrotliCompress/brotli/" |
155 |
- cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/" |
156 |
- fi |
157 |
- fi |
158 |
- default |
159 |
-} |
160 |
- |
161 |
-src_compile() { |
162 |
- TARGET_ARCH=X64 |
163 |
- TARGET_NAME=RELEASE |
164 |
- TARGET_TOOLS=GCC49 |
165 |
- |
166 |
- BUILD_FLAGS="-D TLS_ENABLE \ |
167 |
- -D HTTP_BOOT_ENABLE \ |
168 |
- -D NETWORK_IP6_ENABLE \ |
169 |
- -D FD_SIZE_2MB" |
170 |
- |
171 |
- SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \ |
172 |
- -D SECURE_BOOT_ENABLE \ |
173 |
- -D SMM_REQUIRE \ |
174 |
- -D EXCLUDE_SHELL_FROM_FD" |
175 |
- |
176 |
- [[ ${PV} != "999999" ]] && use binary && return |
177 |
- |
178 |
- emake ARCH=${TARGET_ARCH} -C BaseTools |
179 |
- |
180 |
- . ./edksetup.sh |
181 |
- |
182 |
- # Build all EFI firmware blobs: |
183 |
- |
184 |
- mkdir -p ovmf |
185 |
- |
186 |
- ./OvmfPkg/build.sh \ |
187 |
- -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ |
188 |
- ${BUILD_FLAGS} || die "OvmfPkg/build.sh failed" |
189 |
- |
190 |
- cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/ |
191 |
- rm -rf Build/OvmfX64 |
192 |
- |
193 |
- ./OvmfPkg/build.sh \ |
194 |
- -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ |
195 |
- ${SECUREBOOT_BUILD_FLAGS} || die "OvmfPkg/build.sh failed" |
196 |
- |
197 |
- cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd || die "cp failed" |
198 |
- cp Build/OvmfX64/*/X64/Shell.efi ovmf/ || die "cp failed" |
199 |
- cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf || die "cp failed" |
200 |
- |
201 |
- # Build a convenience UefiShell.img: |
202 |
- |
203 |
- mkdir -p iso_image/efi/boot || die "mkdir failed" |
204 |
- cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi || die "cp failed" |
205 |
- cp ovmf/EnrollDefaultKeys.efi iso_image || die "cp failed" |
206 |
- qemu-img convert --image-opts \ |
207 |
- driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \ |
208 |
- ovmf/UefiShell.img || die "qemu-img failed" |
209 |
-} |
210 |
- |
211 |
-src_install() { |
212 |
- insinto /usr/share/${PN} |
213 |
- doins ovmf/* |
214 |
- |
215 |
- insinto /usr/share/qemu/firmware |
216 |
- doins qemu/* |
217 |
- |
218 |
- readme.gentoo_create_doc |
219 |
-} |
220 |
- |
221 |
-pkg_postinst() { |
222 |
- readme.gentoo_print_elog |
223 |
-} |