From 07d128096bbaaebb1f5cb487148bd50dca12622b Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Fri, 3 Nov 2023 12:53:25 +0530
Subject: [PATCH] sys-boot/shim: Add from Gentoo

It's from Gentoo commit 62abff9d0e4a8fef2be0184cff5e32ab7a50d315.
---
 build_library/grub_install.sh                 | 10 ++---
 .../coreos-overlay/sys-boot/shim/metadata.xml |  4 --
 .../sys-boot/shim/shim-15.7.ebuild            |  1 -
 .../sys-boot/shim/shim-9999.ebuild            | 43 -------------------
 .../portage-stable/sys-boot/shim/Manifest     |  3 ++
 .../portage-stable/sys-boot/shim/metadata.xml | 12 ++++++
 .../sys-boot/shim/shim-15.6.ebuild            | 30 +++++++++++++
 7 files changed, 50 insertions(+), 53 deletions(-)
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-boot/shim/metadata.xml
 delete mode 120000 sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.7.ebuild
 delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-9999.ebuild
 create mode 100644 sdk_container/src/third_party/portage-stable/sys-boot/shim/Manifest
 create mode 100644 sdk_container/src/third_party/portage-stable/sys-boot/shim/metadata.xml
 create mode 100644 sdk_container/src/third_party/portage-stable/sys-boot/shim/shim-15.6.ebuild

diff --git a/build_library/grub_install.sh b/build_library/grub_install.sh
index 9b4c82f8c1..2b0241a0f4 100755
--- a/build_library/grub_install.sh
+++ b/build_library/grub_install.sh
@@ -195,14 +195,14 @@ case "${FLAGS_target}" in
 	# Use the test keys for signing unofficial builds
 	if [[ ${COREOS_OFFICIAL:-0} -ne 1 ]]; then
             sudo sbsign --key /usr/share/sb_keys/DB.key \
-		--cert /usr/share/sb_keys/DB.crt \
+                    --cert /usr/share/sb_keys/DB.crt \
                     "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}"
             sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}.signed" \
-                "${ESP_DIR}/EFI/boot/grub.efi"
+                "${ESP_DIR}/EFI/boot/grubx64.efi"
             sudo sbsign --key /usr/share/sb_keys/DB.key \
-                 --cert /usr/share/sb_keys/DB.crt \
-                 --output "${ESP_DIR}/EFI/boot/bootx64.efi" \
-                 "/usr/lib/shim/shim.efi"
+                --cert /usr/share/sb_keys/DB.crt \
+                --output "${ESP_DIR}/EFI/boot/bootx64.efi" \
+                "/usr/lib/shim/shim.efi"
         else
             sudo cp "${ESP_DIR}/${GRUB_DIR}/${CORE_NAME}" \
                 "${ESP_DIR}/EFI/boot/grub.efi"
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/metadata.xml b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/metadata.xml
deleted file mode 100644
index 097975e3ad..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/metadata.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
-<pkgmetadata>
-</pkgmetadata>
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.7.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.7.ebuild
deleted file mode 120000
index ac0bdc5b80..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-15.7.ebuild
+++ /dev/null
@@ -1 +0,0 @@
-shim-9999.ebuild
\ No newline at end of file
diff --git a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-9999.ebuild
deleted file mode 100644
index 50673ef721..0000000000
--- a/sdk_container/src/third_party/coreos-overlay/sys-boot/shim/shim-9999.ebuild
+++ /dev/null
@@ -1,43 +0,0 @@
-# Copyright 2015 CoreOS, Inc.
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-CROS_WORKON_PROJECT="flatcar/shim"
-CROS_WORKON_REPO="https://github.com"
-
-if [[ "${PV}" == 9999 ]]; then
-	KEYWORDS="~amd64 ~arm64"
-else
-	CROS_WORKON_COMMIT="7ba7440c49d32f911fb9e1c213307947a777085d"
-	KEYWORDS="amd64 arm64"
-fi
-
-inherit cros-workon multilib
-
-DESCRIPTION="UEFI Shim loader"
-HOMEPAGE="https://github.com/rhboot/shim"
-
-LICENSE="BSD"
-SLOT="0"
-IUSE=""
-
-RDEPEND=""
-DEPEND="sys-boot/gnu-efi dev-libs/openssl"
-
-src_unpack() {
-	cros-workon_src_unpack
-	default_src_unpack
-}
-
-src_compile() {
-	emake \
-		CROSS_COMPILE="${CHOST}-" \
-		EFI_INCLUDE="${SYSROOT%/}"/usr/include/efi \
-		EFI_PATH="${SYSROOT%/}"/usr/$(get_libdir) \
-		shim.efi || die
-}
-
-src_install() {
-	insinto /usr/lib/shim
-	doins "shim.efi"
-}
diff --git a/sdk_container/src/third_party/portage-stable/sys-boot/shim/Manifest b/sdk_container/src/third_party/portage-stable/sys-boot/shim/Manifest
new file mode 100644
index 0000000000..954368dcbe
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-boot/shim/Manifest
@@ -0,0 +1,3 @@
+DIST shim-aa64-15.6-2.aarch64.rpm 466804 BLAKE2B 706f31835be24fee7202b8f8eb49204741d7726f106fad993ff524f475434ab3f23bebcd427f8a2aa4cd9a9c2494fdec9c2a49c29025364f0ebe989786f74c2f SHA512 72c2a62f380e76c3ea0fe5b13ef4e4bcd5e62e1b26b0b277c6ed8dd5d5e76f0f92770497da09e8ce12e6c60ee57d679d134f960a10639644dd751811563f1f29
+DIST shim-ia32-15.6-2.x86_64.rpm 419081 BLAKE2B f7160dd1330bfd7ad2d64cfe370750f576f1e3291aa8bc8313d52869f3dd23228db8514e7578c2609428479e430a1d39c1992450f4f42197216c00c420a0a150 SHA512 045325802474f53c6e86eff1166f1a966268c9ad706fac4c08966f211dbc32fba21ed3a07c46445ec579ac1e2819a1313ff54d6169737806954962945c61bdc2
+DIST shim-x64-15.6-2.x86_64.rpm 479835 BLAKE2B 7d12b97275c25659f94a8dd4c8678eb7df9e11fd3258966cb65c762467f28744b9403e13d5b5c98d6d6a5244ce4d81ef31b9d802040be99da03c1bb56be21275 SHA512 971978bddee95a6a134ef05c4d88cf5df41926e631de863b74ef772307f3e106c82c8f6889c18280d47187986abd774d8671c5be4b85b1b0bb3d1858b65d02cf
diff --git a/sdk_container/src/third_party/portage-stable/sys-boot/shim/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-boot/shim/metadata.xml
new file mode 100644
index 0000000000..be6f6f5712
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-boot/shim/metadata.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>zerochaos@gentoo.org</email>
+		<name>Rick Farina</name>
+	</maintainer>
+	<upstream>
+		<remote-id type="cpe">cpe:/a:redhat:shim</remote-id>
+		<remote-id type="github">rhboot/shim</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/sdk_container/src/third_party/portage-stable/sys-boot/shim/shim-15.6.ebuild b/sdk_container/src/third_party/portage-stable/sys-boot/shim/shim-15.6.ebuild
new file mode 100644
index 0000000000..c4f33913bd
--- /dev/null
+++ b/sdk_container/src/third_party/portage-stable/sys-boot/shim/shim-15.6.ebuild
@@ -0,0 +1,30 @@
+# Copyright 1999-2023 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit rpm secureboot
+
+DESCRIPTION="Fedora's signed UEFI shim"
+HOMEPAGE="https://src.fedoraproject.org/rpms/shim"
+SRC_URI="amd64? ( https://kojipkgs.fedoraproject.org/packages/shim/${PV}/2/x86_64/shim-x64-${PV}-2.x86_64.rpm
+				https://kojipkgs.fedoraproject.org/packages/shim/${PV}/2/x86_64/shim-ia32-${PV}-2.x86_64.rpm )
+		x86? ( https://kojipkgs.fedoraproject.org/packages/shim/${PV}/2/x86_64/shim-x64-${PV}-2.x86_64.rpm
+				https://kojipkgs.fedoraproject.org/packages/shim/${PV}/2/x86_64/shim-ia32-${PV}-2.x86_64.rpm )
+		arm64? ( https://kojipkgs.fedoraproject.org/packages/shim/${PV}/2/aarch64/shim-aa64-${PV}-2.aarch64.rpm )"
+
+LICENSE="BSD"
+SLOT="0"
+KEYWORDS="amd64 arm64 x86"
+
+S="${WORKDIR}/boot/efi/EFI"
+
+src_install() {
+	insinto /usr/share/${PN}
+	doins BOOT/BOOT*.EFI
+	doins fedora/mm*.efi
+
+	# Shim is already signed with Microsoft keys, but MokManager still needs
+	# signing with our key otherwise we have to enrol the Fedora key in Mok list
+	secureboot_auto_sign --in-place
+}