sys-boot/shim: Add from Gentoo

It's from Gentoo commit 62abff9d0e4a8fef2be0184cff5e32ab7a50d315.
2026-05-04 11:51:14 +02:00 · 2023-11-03 12:53:25 +05:30 · 2023-11-03 12:53:25 +05:30 · 07d128096b
commit 07d128096b
parent f70b538880
7 changed files with 50 additions and 53 deletions
--- a/build_library/grub_install.sh
+++ b/build_library/grub_install.sh
@ -195,14 +195,14 @@ case "${FLAGS_target}" in
 	# Use the test keys for signing unofficial builds
 	if [[ ${COREOS_OFFICIAL:-0} -ne 1 ]]; then
            sudo sbsign --key /usr/share/sb_keys/DB.key \
-		--cert /usr/share/sb_keys/DB.crt \
+                    --cert /usr/share/sb_keys/DB.crt \
                    "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}"
            sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}.signed" \
-                "${ESP_DIR}/EFI/boot/grub.efi"
+                "${ESP_DIR}/EFI/boot/grubx64.efi"
            sudo sbsign --key /usr/share/sb_keys/DB.key \
-                 --cert /usr/share/sb_keys/DB.crt \
-                 --output "${ESP_DIR}/EFI/boot/bootx64.efi" \
-                 "/usr/lib/shim/shim.efi"
+                --cert /usr/share/sb_keys/DB.crt \
+                --output "${ESP_DIR}/EFI/boot/bootx64.efi" \
+                "/usr/lib/shim/shim.efi"
        else
            sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}" \
                "${ESP_DIR}/EFI/boot/grub.efi"
--- a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/metadata.xml
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/metadata.xml
@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-</pkgmetadata>
--- a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.7.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.7.ebuild
@ -1 +0,0 @@
-shim-9999.ebuild
--- a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-9999.ebuild
+++ b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-9999.ebuild
@ -1,43 +0,0 @@
-# Copyright 2015 CoreOS, Inc.
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-CROS_WORKON_PROJECT="flatcar/shim"
-CROS_WORKON_REPO="https://github.com"
-
-if [[ "${PV}" == 9999 ]]; then
-	KEYWORDS="~amd64 ~arm64"
-else
-	CROS_WORKON_COMMIT="7ba7440c49d32f911fb9e1c213307947a777085d"
-	KEYWORDS="amd64 arm64"
-fi
-
-inherit cros-workon multilib
-
-DESCRIPTION="UEFI Shim loader"
-HOMEPAGE="https://github.com/rhboot/shim"
-
-LICENSE="BSD"
-SLOT="0"
-IUSE=""
-
-RDEPEND=""
-DEPEND="sys-boot/gnu-efi dev-libs/openssl"
-
-src_unpack() {
-	cros-workon_src_unpack
-	default_src_unpack
-}
-
-src_compile() {
-	emake \
-		CROSS_COMPILE="${CHOST}-" \
-		EFI_INCLUDE="${SYSROOT%/}"/usr/include/efi \
-		EFI_PATH="${SYSROOT%/}"/usr/$(get_libdir) \
-		shim.efi || die
-}
-
-src_install() {
-	insinto /usr/lib/shim
-	doins "shim.efi"
-}
--- a/sdk_container/src/third_party/portage-stable/sys-boot/shim/Manifest
+++ b/sdk_container/src/third_party/portage-stable/sys-boot/shim/Manifest
@ -0,0 +1,3 @@
+DIST shim-aa64-15.6-2.aarch64.rpm 466804 BLAKE2B 706f31835be24fee7202b8f8eb49204741d7726f106fad993ff524f475434ab3f23bebcd427f8a2aa4cd9a9c2494fdec9c2a49c29025364f0ebe989786f74c2f SHA512 72c2a62f380e76c3ea0fe5b13ef4e4bcd5e62e1b26b0b277c6ed8dd5d5e76f0f92770497da09e8ce12e6c60ee57d679d134f960a10639644dd751811563f1f29
+DIST shim-ia32-15.6-2.x86_64.rpm 419081 BLAKE2B f7160dd1330bfd7ad2d64cfe370750f576f1e3291aa8bc8313d52869f3dd23228db8514e7578c2609428479e430a1d39c1992450f4f42197216c00c420a0a150 SHA512 045325802474f53c6e86eff1166f1a966268c9ad706fac4c08966f211dbc32fba21ed3a07c46445ec579ac1e2819a1313ff54d6169737806954962945c61bdc2
+DIST shim-x64-15.6-2.x86_64.rpm 479835 BLAKE2B 7d12b97275c25659f94a8dd4c8678eb7df9e11fd3258966cb65c762467f28744b9403e13d5b5c98d6d6a5244ce4d81ef31b9d802040be99da03c1bb56be21275 SHA512 971978bddee95a6a134ef05c4d88cf5df41926e631de863b74ef772307f3e106c82c8f6889c18280d47187986abd774d8671c5be4b85b1b0bb3d1858b65d02cf
--- a/sdk_container/src/third_party/portage-stable/sys-boot/shim/metadata.xml
+++ b/sdk_container/src/third_party/portage-stable/sys-boot/shim/metadata.xml
@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>zerochaos@gentoo.org</email>
+		<name>Rick Farina</name>
+	</maintainer>
+	<upstream>
+		<remote-id type="cpe">cpe:/a:redhat:shim</remote-id>
+		<remote-id type="github">rhboot/shim</remote-id>
+	</upstream>
+</pkgmetadata>
--- a/sdk_container/src/third_party/portage-stable/sys-boot/shim/shim-15.6.ebuild
+++ b/sdk_container/src/third_party/portage-stable/sys-boot/shim/shim-15.6.ebuild
@ -0,0 +1,30 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit rpm secureboot
+
+DESCRIPTION="Fedora's signed UEFI shim"
+HOMEPAGE="https://src.fedoraproject.org/rpms/shim"
+SRC_URI="amd64? ( https://kojipkgs.fedoraproject.org/packages/shim/${PV}/2/x86_64/shim-x64-${PV}-2.x86_64.rpm
+				https://kojipkgs.fedoraproject.org/packages/shim/${PV}/2/x86_64/shim-ia32-${PV}-2.x86_64.rpm )
+		x86? ( https://kojipkgs.fedoraproject.org/packages/shim/${PV}/2/x86_64/shim-x64-${PV}-2.x86_64.rpm
+				https://kojipkgs.fedoraproject.org/packages/shim/${PV}/2/x86_64/shim-ia32-${PV}-2.x86_64.rpm )
+		arm64? ( https://kojipkgs.fedoraproject.org/packages/shim/${PV}/2/aarch64/shim-aa64-${PV}-2.aarch64.rpm )"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="amd64 arm64 x86"
+
+S="${WORKDIR}/boot/efi/EFI"
+
+src_install() {
+	insinto /usr/share/${PN}
+	doins BOOT/BOOT*.EFI
+	doins fedora/mm*.efi
+
+	# Shim is already signed with Microsoft keys, but MokManager still needs
+	# signing with our key otherwise we have to enrol the Fedora key in Mok list
+	secureboot_auto_sign --in-place
+}