[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2-ovmf/ - gentoo-commits

From:	Matthias Maier <tamiko@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2-ovmf/
Date:	Tue, 04 Jan 2022 00:02:38
Message-Id:	`1641254531.dee51fb9e273c98d521b6d7083030f89d8c13ad5.tamiko@gentoo`

1

commit:     dee51fb9e273c98d521b6d7083030f89d8c13ad5

2

Author:     Matthias Maier <tamiko <AT> gentoo <DOT> org>

3

AuthorDate: Mon Jan  3 23:51:34 2022 +0000

4

Commit:     Matthias Maier <tamiko <AT> gentoo <DOT> org>

5

CommitDate: Tue Jan  4 00:02:11 2022 +0000

6

URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dee51fb9

7

8

sys-firmware/edk2-ovmf: clean up vulnerable

9

10

Bug: https://bugs.gentoo.org/797232

11

Bug: https://bugs.gentoo.org/797703

12

Package-Manager: Portage-3.0.30, Repoman-3.0.3

13

Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>

14

15

 sys-firmware/edk2-ovmf/Manifest                |   3 -

16

 sys-firmware/edk2-ovmf/edk2-ovmf-202008.ebuild | 186 -------------------------

17

 2 files changed, 189 deletions(-)

18

19

diff --git a/sys-firmware/edk2-ovmf/Manifest b/sys-firmware/edk2-ovmf/Manifest

20

index 82d355e9d92e..109f312f8e6e 100644

21

--- a/sys-firmware/edk2-ovmf/Manifest

22

+++ b/sys-firmware/edk2-ovmf/Manifest

23

@@ -1,7 +1,4 @@

24

 DIST brotli-666c3280cc11dc433c303d79a83d4ffbdd12cc8d.tar.gz 23855739 BLAKE2B 7406ec5b29ac66afbcd7c1376bb3208f298d19b6592b2869c52173aa64947d58bd443f9a61c67deaf046be910a0e31c0b843e5508e97e0e1f5e7bce100d86904 SHA512 df8e90562c4fd7f0e787949df6bc4f5a165b39bd333f442d27874fe65640fbba268f9350d7113e6761a5acceb66d78e75f1a296e5a89b94574edf28109cdc812

25

-DIST edk2-ovmf-202008-bin.tar.xz 3486024 BLAKE2B 8283db554ad7024e3a55b62ed0a560ed9f729d728f1dee3806814b1eb8d89dabc4fd70433f7f77656b65d9af7919d036074a53a95190a1aa8b65ab7d73495ffc SHA512 d0c8b249a7a2124e8bb63a4358466e86a3a837e76586565dd4762351998d8561374eabb8a1303dbf71ac269c15552d9e8cff71d65bc6fe8a3a81fb4fb032e0d8

26

-DIST edk2-ovmf-202008-qemu-firmware.tar.xz 680 BLAKE2B 176f8e94a3f605acc72850634cbf155619490f5998125521a392a8e9c7d2b78841b841f0cb5ea860f14645b124cf1921256bbe46960efbe3401805d89bbfbed6 SHA512 b72f248ab4d49503c3e8e686e22beb77f0e48d2c6c9523f389f20504e0c30fa11fa0fcb5607d7d5bb1ba2433894fa458864c5761335e39de4b2a40b01203f043

27

-DIST edk2-ovmf-202008.tar.gz 13172590 BLAKE2B 10acf77d0e70e21ca425ea41c0062f8cebe2cc607b93a2a253bcd87cea1546e791776a34d43fbf4f1040f4fc32e3ee413d44873d0f00b9e523816519cfed634e SHA512 c32340104f27b9b85f79e934cc9eeb739d47b01e13975c88f39b053e9bc5a1ecfe579ab3b63fc7747cc328e104b337b53d41deb4470c3f20dbbd5552173a4666

28

 DIST edk2-ovmf-202105-qemu-firmware.tar.xz 672 BLAKE2B e87845a84c83f65db836fd054c81a4f3062d5e0fcc51aa0ecf9c2d23c8741f218d38ef737d140f5935ce8d9c34508e5f3b9f54bf9c547a391fa63cdc2ecf1233 SHA512 6100502f26db26e407dacce57c96b1abfd372bcb31767a068332afa09ac435a092fd2a73db27670d27c6e927c26e88315346bbac70578571108434b9683bd00c

29

 DIST edk2-ovmf-202105-r1-bin.tar.xz 2633188 BLAKE2B 93b4bd1c75da69406b5d27ac32d8b7c63dc8248bcd5d54832e520a4b009be4b7f215eb7d489ecb7cb16d31e02452dfa06b8fa709f37c44e59b4ff70a550076c7 SHA512 356c2110abce43da9c0654324e222cbbab7085e3aa23d1ba4c98011e4d4992a37d61fa45394305b748d119dba12f65d7c7d630b9f8038065ba4672d758c702be

30

 DIST edk2-ovmf-202105.tar.gz 13702868 BLAKE2B 3ec01d467562380ca2fd3bd807d2f6c55e4637c1afd71533f8f5b22cc634dc4c8cb63dab921677f8b315d17b3c9d0b6b00a0e2f3f8da61107033e9e81bf5a64d SHA512 c263345cbb243c63985f974a61f37c577a139d6a7099d2b8c9e1a553e5ebf16de12fb711b72624081c6bf637f8084bbf71731ab99e5747d81da460388ac25791

31

32

diff --git a/sys-firmware/edk2-ovmf/edk2-ovmf-202008.ebuild b/sys-firmware/edk2-ovmf/edk2-ovmf-202008.ebuild

33

deleted file mode 100644

34

index c02cae3b5fcf..000000000000

35

--- a/sys-firmware/edk2-ovmf/edk2-ovmf-202008.ebuild

36

+++ /dev/null

37

@@ -1,186 +0,0 @@

38

-# Copyright 1999-2021 Gentoo Authors

39

-# Distributed under the terms of the GNU General Public License v2

40

-

41

-EAPI=7

42

-

43

-PYTHON_REQ_USE="sqlite"

44

-PYTHON_COMPAT=( python3_{7,8,9} )

45

-

46

-inherit python-any-r1 readme.gentoo-r1

47

-

48

-DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines"

49

-HOMEPAGE="https://github.com/tianocore/edk2"

50

-

51

-NON_BINARY_DEPEND="

52

-	app-emulation/qemu

53

-	>=dev-lang/nasm-2.0.7

54

-	>=sys-power/iasl-20160729

55

-	${PYTHON_DEPS}

56

-"

57

-DEPEND=""

58

-RDEPEND=""

59

-if [[ ${PV} == "999999" ]] ; then

60

-	inherit git-r3

61

-	EGIT_REPO_URI="https://github.com/tianocore/edk2"

62

-	DEPEND+="

63

-		${NON_BINARY_DEPEND}

64

-	"

65

-else

66

-	BUNDLED_OPENSSL_SUBMODULE_SHA="e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72"

67

-	BUNDLED_BROTLI_SUBMODULE_SHA="666c3280cc11dc433c303d79a83d4ffbdd12cc8d"

68

-	# Binary versions taken from fedora:

69

-	# http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/e/

70

-	#   edk2-ovmf-20200801stable-1.fc34.noarch.rpm

71

-

72

-	# TODO: talk with tamiko about unbundling

73

-	SRC_URI="

74

-		!binary? (

75

-			https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> ${P}.tar.gz

76

-			https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz

77

-			https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz

78

-		)

79

-		binary? ( https://dev.gentoo.org/~mva/distfiles/${P}-bin.tar.xz )

80

-		https://dev.gentoo.org/~mva/distfiles/${P}-qemu-firmware.tar.xz

81

-	"

82

-	KEYWORDS="amd64 arm64 ~ppc ppc64 x86"

83

-	IUSE="+binary"

84

-	REQUIRED_USE+="

85

-		!amd64? ( binary )

86

-	"

87

-	DEPEND+="

88

-		!binary? (

89

-			amd64? (

90

-				${NON_BINARY_DEPEND}

91

-			)

92

-		)"

93

-	PATCHES=(

94

-	)

95

-fi

96

-

97

-LICENSE="BSD-2 MIT"

98

-SLOT="0"

99

-

100

-S="${WORKDIR}/edk2-edk2-stable${PV}"

101

-

102

-DISABLE_AUTOFORMATTING=true

103

-DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86

104

-virtual machines. The firmware is located under

105

-	/usr/share/edk2-ovmf/OVMF_CODE.fd

106

-	/usr/share/edk2-ovmf/OVMF_VARS.fd

107

-	/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd

108

-

109

-If USE=binary is enabled, we also install an OVMF variables file (coming from

110

-fedora) that contains secureboot default keys

111

-

112

-	/usr/share/edk2-ovmf/OVMF_VARS.secboot.fd

113

-

114

-If you have compiled this package by hand, you need to either populate all

115

-necessary EFI variables by hand by booting

116

-	/usr/share/edk2-ovmf/UefiShell.(iso|img)

117

-or creating OVMF_VARS.secboot.fd by hand:

118

-	https://github.com/puiterwijk/qemu-ovmf-secureboot

119

-

120

-The firmware does not support csm (due to no free csm implementation

121

-available). If you need a firmware with csm support you have to download

122

-one for yourself. Firmware blobs are commonly labeled

123

-	OVMF{,_CODE,_VARS}-with-csm.fd

124

-

125

-In order to use the firmware you can run qemu the following way

126

-

127

-	$ qemu-system-x86_64 \

128

-		-drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \

129

-		...

130

-

131

-You can register the firmware for use in libvirt by adding to /etc/libvirt/qemu.conf:

132

-	nvram = [

133

-		\"/usr/share/edk2-ovmf/OVMF_CODE.fd:/usr/share/edk2-ovmf/OVMF_VARS.fd\"

134

-		\"/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd:/usr/share/edk2-ovmf/OVMF_VARS.fd\"

135

-	]"

136

-

137

-pkg_setup() {

138

-	[[ ${PV} != "999999" ]] && use binary || python-any-r1_pkg_setup

139

-}

140

-

141

-src_prepare() {

142

-	if ! use binary; then

143

-		sed -i -r \

144

-			-e "/function SetupPython3/,/\}/{s,\\\$\(whereis python3\),${EPYTHON},g}" \

145

-			"${S}"/edksetup.sh || die "Fixing for correct Python3 support failed"

146

-	fi

147

-	if  [[ ${PV} != "999999" ]]; then

148

-		if use binary; then

149

-			eapply_user

150

-			return

151

-		else

152

-			# Bundled submodules

153

-			cp -rl "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}"/* "CryptoPkg/Library/OpensslLib/openssl/"

154

-			cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "BaseTools/Source/C/BrotliCompress/brotli/"

155

-			cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/"

156

-		fi

157

-	fi

158

-	default

159

-}

160

-

161

-src_compile() {

162

-	TARGET_ARCH=X64

163

-	TARGET_NAME=RELEASE

164

-	TARGET_TOOLS=GCC49

165

-

166

-	BUILD_FLAGS="-D TLS_ENABLE \

167

-		-D HTTP_BOOT_ENABLE \

168

-		-D NETWORK_IP6_ENABLE \

169

-		-D FD_SIZE_2MB"

170

-

171

-	SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \

172

-		-D SECURE_BOOT_ENABLE \

173

-		-D SMM_REQUIRE \

174

-		-D EXCLUDE_SHELL_FROM_FD"

175

-

176

-	[[ ${PV} != "999999" ]] && use binary && return

177

-

178

-	emake ARCH=${TARGET_ARCH} -C BaseTools

179

-

180

-	. ./edksetup.sh

181

-

182

-	# Build all EFI firmware blobs:

183

-

184

-	mkdir -p ovmf

185

-

186

-	./OvmfPkg/build.sh \

187

-		-a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \

188

-		${BUILD_FLAGS} || die "OvmfPkg/build.sh failed"

189

-

190

-	cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/

191

-	rm -rf Build/OvmfX64

192

-

193

-	./OvmfPkg/build.sh \

194

-		-a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \

195

-		${SECUREBOOT_BUILD_FLAGS} || die "OvmfPkg/build.sh failed"

196

-

197

-	cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd || die "cp failed"

198

-	cp Build/OvmfX64/*/X64/Shell.efi ovmf/ || die "cp failed"

199

-	cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf || die "cp failed"

200

-

201

-	# Build a convenience UefiShell.img:

202

-

203

-	mkdir -p iso_image/efi/boot || die "mkdir failed"

204

-	cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi || die "cp failed"

205

-	cp ovmf/EnrollDefaultKeys.efi iso_image || die "cp failed"

206

-	qemu-img convert --image-opts \

207

-		driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \

208

-		ovmf/UefiShell.img || die "qemu-img failed"

209

-}

210

-

211

-src_install() {

212

-	insinto /usr/share/${PN}

213

-	doins ovmf/*

214

-

215

-	insinto /usr/share/qemu/firmware

216

-	doins qemu/*

217

-

218

-	readme.gentoo_create_doc

219

-}

220

-

221

-pkg_postinst() {

222

-	readme.gentoo_print_elog

223

-}

1	commit: dee51fb9e273c98d521b6d7083030f89d8c13ad5
2	Author: Matthias Maier <tamiko <AT> gentoo <DOT> org>
3	AuthorDate: Mon Jan 3 23:51:34 2022 +0000
4	Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org>
5	CommitDate: Tue Jan 4 00:02:11 2022 +0000
6	URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dee51fb9
7
8	sys-firmware/edk2-ovmf: clean up vulnerable
9
10	Bug: https://bugs.gentoo.org/797232
11	Bug: https://bugs.gentoo.org/797703
12	Package-Manager: Portage-3.0.30, Repoman-3.0.3
13	Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org>
14
15	sys-firmware/edk2-ovmf/Manifest \| 3 -
16	sys-firmware/edk2-ovmf/edk2-ovmf-202008.ebuild \| 186 -------------------------
17	2 files changed, 189 deletions(-)
18
19	diff --git a/sys-firmware/edk2-ovmf/Manifest b/sys-firmware/edk2-ovmf/Manifest
20	index 82d355e9d92e..109f312f8e6e 100644
21	--- a/sys-firmware/edk2-ovmf/Manifest
22	+++ b/sys-firmware/edk2-ovmf/Manifest
23	@@ -1,7 +1,4 @@
24	DIST brotli-666c3280cc11dc433c303d79a83d4ffbdd12cc8d.tar.gz 23855739 BLAKE2B 7406ec5b29ac66afbcd7c1376bb3208f298d19b6592b2869c52173aa64947d58bd443f9a61c67deaf046be910a0e31c0b843e5508e97e0e1f5e7bce100d86904 SHA512 df8e90562c4fd7f0e787949df6bc4f5a165b39bd333f442d27874fe65640fbba268f9350d7113e6761a5acceb66d78e75f1a296e5a89b94574edf28109cdc812
25	-DIST edk2-ovmf-202008-bin.tar.xz 3486024 BLAKE2B 8283db554ad7024e3a55b62ed0a560ed9f729d728f1dee3806814b1eb8d89dabc4fd70433f7f77656b65d9af7919d036074a53a95190a1aa8b65ab7d73495ffc SHA512 d0c8b249a7a2124e8bb63a4358466e86a3a837e76586565dd4762351998d8561374eabb8a1303dbf71ac269c15552d9e8cff71d65bc6fe8a3a81fb4fb032e0d8
26	-DIST edk2-ovmf-202008-qemu-firmware.tar.xz 680 BLAKE2B 176f8e94a3f605acc72850634cbf155619490f5998125521a392a8e9c7d2b78841b841f0cb5ea860f14645b124cf1921256bbe46960efbe3401805d89bbfbed6 SHA512 b72f248ab4d49503c3e8e686e22beb77f0e48d2c6c9523f389f20504e0c30fa11fa0fcb5607d7d5bb1ba2433894fa458864c5761335e39de4b2a40b01203f043
27	-DIST edk2-ovmf-202008.tar.gz 13172590 BLAKE2B 10acf77d0e70e21ca425ea41c0062f8cebe2cc607b93a2a253bcd87cea1546e791776a34d43fbf4f1040f4fc32e3ee413d44873d0f00b9e523816519cfed634e SHA512 c32340104f27b9b85f79e934cc9eeb739d47b01e13975c88f39b053e9bc5a1ecfe579ab3b63fc7747cc328e104b337b53d41deb4470c3f20dbbd5552173a4666
28	DIST edk2-ovmf-202105-qemu-firmware.tar.xz 672 BLAKE2B e87845a84c83f65db836fd054c81a4f3062d5e0fcc51aa0ecf9c2d23c8741f218d38ef737d140f5935ce8d9c34508e5f3b9f54bf9c547a391fa63cdc2ecf1233 SHA512 6100502f26db26e407dacce57c96b1abfd372bcb31767a068332afa09ac435a092fd2a73db27670d27c6e927c26e88315346bbac70578571108434b9683bd00c
29	DIST edk2-ovmf-202105-r1-bin.tar.xz 2633188 BLAKE2B 93b4bd1c75da69406b5d27ac32d8b7c63dc8248bcd5d54832e520a4b009be4b7f215eb7d489ecb7cb16d31e02452dfa06b8fa709f37c44e59b4ff70a550076c7 SHA512 356c2110abce43da9c0654324e222cbbab7085e3aa23d1ba4c98011e4d4992a37d61fa45394305b748d119dba12f65d7c7d630b9f8038065ba4672d758c702be
30	DIST edk2-ovmf-202105.tar.gz 13702868 BLAKE2B 3ec01d467562380ca2fd3bd807d2f6c55e4637c1afd71533f8f5b22cc634dc4c8cb63dab921677f8b315d17b3c9d0b6b00a0e2f3f8da61107033e9e81bf5a64d SHA512 c263345cbb243c63985f974a61f37c577a139d6a7099d2b8c9e1a553e5ebf16de12fb711b72624081c6bf637f8084bbf71731ab99e5747d81da460388ac25791
31
32	diff --git a/sys-firmware/edk2-ovmf/edk2-ovmf-202008.ebuild b/sys-firmware/edk2-ovmf/edk2-ovmf-202008.ebuild
33	deleted file mode 100644
34	index c02cae3b5fcf..000000000000
35	--- a/sys-firmware/edk2-ovmf/edk2-ovmf-202008.ebuild
36	+++ /dev/null
37	@@ -1,186 +0,0 @@
38	-# Copyright 1999-2021 Gentoo Authors
39	-# Distributed under the terms of the GNU General Public License v2
40	-
41	-EAPI=7
42	-
43	-PYTHON_REQ_USE="sqlite"
44	-PYTHON_COMPAT=( python3_{7,8,9} )
45	-
46	-inherit python-any-r1 readme.gentoo-r1
47	-
48	-DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines"
49	-HOMEPAGE="https://github.com/tianocore/edk2"
50	-
51	-NON_BINARY_DEPEND="
52	- app-emulation/qemu
53	- >=dev-lang/nasm-2.0.7
54	- >=sys-power/iasl-20160729
55	- ${PYTHON_DEPS}
56	-"
57	-DEPEND=""
58	-RDEPEND=""
59	-if [[ ${PV} == "999999" ]] ; then
60	- inherit git-r3
61	- EGIT_REPO_URI="https://github.com/tianocore/edk2"
62	- DEPEND+="
63	- ${NON_BINARY_DEPEND}
64	- "
65	-else
66	- BUNDLED_OPENSSL_SUBMODULE_SHA="e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72"
67	- BUNDLED_BROTLI_SUBMODULE_SHA="666c3280cc11dc433c303d79a83d4ffbdd12cc8d"
68	- # Binary versions taken from fedora:
69	- # http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/e/
70	- # edk2-ovmf-20200801stable-1.fc34.noarch.rpm
71	-
72	- # TODO: talk with tamiko about unbundling
73	- SRC_URI="
74	- !binary? (
75	- https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> ${P}.tar.gz
76	- https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz
77	- https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz
78	- )
79	- binary? ( https://dev.gentoo.org/~mva/distfiles/${P}-bin.tar.xz )
80	- https://dev.gentoo.org/~mva/distfiles/${P}-qemu-firmware.tar.xz
81	- "
82	- KEYWORDS="amd64 arm64 ~ppc ppc64 x86"
83	- IUSE="+binary"
84	- REQUIRED_USE+="
85	- !amd64? ( binary )
86	- "
87	- DEPEND+="
88	- !binary? (
89	- amd64? (
90	- ${NON_BINARY_DEPEND}
91	- )
92	- )"
93	- PATCHES=(
94	- )
95	-fi
96	-
97	-LICENSE="BSD-2 MIT"
98	-SLOT="0"
99	-
100	-S="${WORKDIR}/edk2-edk2-stable${PV}"
101	-
102	-DISABLE_AUTOFORMATTING=true
103	-DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86
104	-virtual machines. The firmware is located under
105	- /usr/share/edk2-ovmf/OVMF_CODE.fd
106	- /usr/share/edk2-ovmf/OVMF_VARS.fd
107	- /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd
108	-
109	-If USE=binary is enabled, we also install an OVMF variables file (coming from
110	-fedora) that contains secureboot default keys
111	-
112	- /usr/share/edk2-ovmf/OVMF_VARS.secboot.fd
113	-
114	-If you have compiled this package by hand, you need to either populate all
115	-necessary EFI variables by hand by booting
116	- /usr/share/edk2-ovmf/UefiShell.(iso\|img)
117	-or creating OVMF_VARS.secboot.fd by hand:
118	- https://github.com/puiterwijk/qemu-ovmf-secureboot
119	-
120	-The firmware does not support csm (due to no free csm implementation
121	-available). If you need a firmware with csm support you have to download
122	-one for yourself. Firmware blobs are commonly labeled
123	- OVMF{,_CODE,_VARS}-with-csm.fd
124	-
125	-In order to use the firmware you can run qemu the following way
126	-
127	- $ qemu-system-x86_64 \
128	- -drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \
129	- ...
130	-
131	-You can register the firmware for use in libvirt by adding to /etc/libvirt/qemu.conf:
132	- nvram = [
133	- \"/usr/share/edk2-ovmf/OVMF_CODE.fd:/usr/share/edk2-ovmf/OVMF_VARS.fd\"
134	- \"/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd:/usr/share/edk2-ovmf/OVMF_VARS.fd\"
135	- ]"
136	-
137	-pkg_setup() {
138	- [[ ${PV} != "999999" ]] && use binary \|\| python-any-r1_pkg_setup
139	-}
140	-
141	-src_prepare() {
142	- if ! use binary; then
143	- sed -i -r \
144	- -e "/function SetupPython3/,/\}/{s,\\\$\(whereis python3\),${EPYTHON},g}" \
145	- "${S}"/edksetup.sh \|\| die "Fixing for correct Python3 support failed"
146	- fi
147	- if [[ ${PV} != "999999" ]]; then
148	- if use binary; then
149	- eapply_user
150	- return
151	- else
152	- # Bundled submodules
153	- cp -rl "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}"/* "CryptoPkg/Library/OpensslLib/openssl/"
154	- cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "BaseTools/Source/C/BrotliCompress/brotli/"
155	- cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/"
156	- fi
157	- fi
158	- default
159	-}
160	-
161	-src_compile() {
162	- TARGET_ARCH=X64
163	- TARGET_NAME=RELEASE
164	- TARGET_TOOLS=GCC49
165	-
166	- BUILD_FLAGS="-D TLS_ENABLE \
167	- -D HTTP_BOOT_ENABLE \
168	- -D NETWORK_IP6_ENABLE \
169	- -D FD_SIZE_2MB"
170	-
171	- SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \
172	- -D SECURE_BOOT_ENABLE \
173	- -D SMM_REQUIRE \
174	- -D EXCLUDE_SHELL_FROM_FD"
175	-
176	- [[ ${PV} != "999999" ]] && use binary && return
177	-
178	- emake ARCH=${TARGET_ARCH} -C BaseTools
179	-
180	- . ./edksetup.sh
181	-
182	- # Build all EFI firmware blobs:
183	-
184	- mkdir -p ovmf
185	-
186	- ./OvmfPkg/build.sh \
187	- -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \
188	- ${BUILD_FLAGS} \|\| die "OvmfPkg/build.sh failed"
189	-
190	- cp Build/OvmfX64//FV/OVMF_.fd ovmf/
191	- rm -rf Build/OvmfX64
192	-
193	- ./OvmfPkg/build.sh \
194	- -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \
195	- ${SECUREBOOT_BUILD_FLAGS} \|\| die "OvmfPkg/build.sh failed"
196	-
197	- cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd \|\| die "cp failed"
198	- cp Build/OvmfX64/*/X64/Shell.efi ovmf/ \|\| die "cp failed"
199	- cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf \|\| die "cp failed"
200	-
201	- # Build a convenience UefiShell.img:
202	-
203	- mkdir -p iso_image/efi/boot \|\| die "mkdir failed"
204	- cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi \|\| die "cp failed"
205	- cp ovmf/EnrollDefaultKeys.efi iso_image \|\| die "cp failed"
206	- qemu-img convert --image-opts \
207	- driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \
208	- ovmf/UefiShell.img \|\| die "qemu-img failed"
209	-}
210	-
211	-src_install() {
212	- insinto /usr/share/${PN}
213	- doins ovmf/*
214	-
215	- insinto /usr/share/qemu/firmware
216	- doins qemu/*
217	-
218	- readme.gentoo_create_doc
219	-}
220	-
221	-pkg_postinst() {
222	- readme.gentoo_print_elog
223	-}

Gentoo Archives: gentoo-commits