From 9b862d39a81029209484942079b36f58a5d00b6e Mon Sep 17 00:00:00 2001 From: James Le Cuirot Date: Wed, 2 Oct 2024 11:04:22 +0100 Subject: [PATCH] sys-firmware/edk2-ovmf-bin: Drop in favour of edk2-bin, bump to 202408 Gentoo has moved this package so that it can support multiple platforms. The newer version is needed for Secure Boot support on arm64. This is newer than the version that QEMU is currently pinned to so unpin it via the USE flag. Signed-off-by: James Le Cuirot --- .../workflows/portage-stable-packages-list | 2 +- ...50.ebuild => sdk-depends-0.0.1-r51.ebuild} | 0 .../sdk-depends/sdk-depends-0.0.1.ebuild | 2 +- .../coreos/base/package.accept_keywords | 5 ++ .../profiles/coreos/targets/sdk/package.use | 3 + .../sys-firmware/edk2-ovmf-bin/Manifest | 1 - .../edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild | 71 ------------------- .../sys-firmware/edk2-ovmf-bin/metadata.xml | 11 --- 8 files changed, 10 insertions(+), 85 deletions(-) rename sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/{sdk-depends-0.0.1-r50.ebuild => sdk-depends-0.0.1-r51.ebuild} (100%) delete mode 100644 sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/Manifest delete mode 100644 sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild delete mode 100644 sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/metadata.xml diff --git a/.github/workflows/portage-stable-packages-list b/.github/workflows/portage-stable-packages-list index 296ba03eac..89e859662e 100644 --- a/.github/workflows/portage-stable-packages-list +++ b/.github/workflows/portage-stable-packages-list @@ -624,7 +624,7 @@ sys-devel/gnuconfig sys-devel/m4 sys-devel/patch -sys-firmware/edk2-ovmf-bin +sys-firmware/edk2-bin sys-firmware/intel-microcode sys-firmware/ipxe sys-firmware/seabios-bin diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r50.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r51.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r50.ebuild rename to sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1-r51.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild b/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild index e36aeb5b0e..2d1778bc5c 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/coreos-devel/sdk-depends/sdk-depends-0.0.1.ebuild @@ -43,7 +43,7 @@ DEPEND=" sys-apps/seismograph sys-boot/grub amd64? ( sys-boot/shim ) - sys-firmware/edk2-ovmf-bin + sys-firmware/edk2-bin sys-fs/btrfs-progs sys-fs/cryptsetup dev-perl/Parse-Yapp diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords index f438fb831c..049fd4ce65 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/base/package.accept_keywords @@ -135,6 +135,11 @@ dev-util/catalyst ~amd64 ~arm64 # Keep versions on both arches in sync. =sys-devel/binutils-config-5.5.2 ~arm64 =sys-devel/gettext-0.22.5 ~arm64 + +# Needed in SDK for Secure Boot on arm64. +=sys-firmware/edk2-bin-202408 ~amd64 ~arm64 + +# Keep versions on both arches in sync. =sys-fs/btrfs-progs-6.10.1 ~arm64 =sys-fs/quota-4.09-r1 ~arm64 =sys-libs/cracklib-2.10.2 ~arm64 diff --git a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use index 27049b2d91..062e03cbe6 100644 --- a/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use +++ b/sdk_container/src/third_party/coreos-overlay/profiles/coreos/targets/sdk/package.use @@ -29,5 +29,8 @@ sys-libs/zlib static-libs virtual/jpeg static-libs x11-libs/pixman static-libs +# Get latest EDK2 firmware for Secure Boot on arm64. +app-emulation/qemu -pin-upstream-blobs + # Enable gssapi for SDK net-dns/bind-tools gssapi diff --git a/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/Manifest b/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/Manifest deleted file mode 100644 index 3acdd51ad6..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/Manifest +++ /dev/null @@ -1 +0,0 @@ -DIST edk2-ovmf-202202-1.xpak 2672386 BLAKE2B 75c15d4379610ab2af85b78166e350d52f4f1bc1fff5b2eb693ad0d7b1f6648e65d8ae3e2c5467f93f1557ad3b4fa664ab2d76ff10794667de22c2ea8cca6b2d SHA512 06783b89c96bada0fd025ff39eaee501a027abcb03c0bdcf3ff497d52be22927ab03013d90f145ee94a8662cfffe4f8c154dcd06db1bb1acef8a85ae43de14a3 diff --git a/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild b/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild deleted file mode 100644 index 2a1a7048cb..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/edk2-ovmf-bin-202202.ebuild +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 1999-2023 Gentoo Authors -# Distributed under the terms of the GNU General Public License v2 - -EAPI=8 - -inherit readme.gentoo-r1 secureboot - -BINPKG="${P/-bin/}-1" - -DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines" -HOMEPAGE="https://github.com/tianocore/edk2" -SRC_URI="https://dev.gentoo.org/~ajak/distfiles/${BINPKG}.xpak" -S="${WORKDIR}" - -# TODO: the binary 202105 package currently lacks the preseeded -# OVMF_VARS.secboot.fd file (that we typically get from fedora) - -LICENSE="BSD-2 MIT" -SLOT="0" -KEYWORDS="amd64 arm64 ~loong ~ppc ppc64 ~riscv x86" - -RDEPEND="!sys-firmware/edk2-ovmf" - -DISABLE_AUTOFORMATTING=true -DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86 -virtual machines. The firmware is located under - /usr/share/edk2-ovmf/OVMF_CODE.fd - /usr/share/edk2-ovmf/OVMF_VARS.fd - /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd - -If USE=binary is enabled, we also install an OVMF variables file (coming from -fedora) that contains secureboot default keys - - /usr/share/edk2-ovmf/OVMF_VARS.secboot.fd - -If you have compiled this package by hand, you need to either populate all -necessary EFI variables by hand by booting - /usr/share/edk2-ovmf/UefiShell.(iso|img) -or creating OVMF_VARS.secboot.fd by hand: - https://github.com/puiterwijk/qemu-ovmf-secureboot - -The firmware does not support csm (due to no free csm implementation -available). If you need a firmware with csm support you have to download -one for yourself. Firmware blobs are commonly labeled - OVMF{,_CODE,_VARS}-with-csm.fd - -In order to use the firmware you can run qemu the following way - - $ qemu-system-x86_64 \ - -drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \ - ..." - -src_unpack() { - tar -xf - < <(xz -c -d --single-stream "${DISTDIR}/${BINPKG}.xpak") || die "unpacking binpkg failed" -} - -src_install() { - mv "usr/share/doc/${P/-bin/}" "usr/share/doc/${PF}" || die - - # Don't want to try to install the readme from the source package - rm "usr/share/doc/${PF}/README.gentoo.bz2" - mv usr "${ED}" || die - - secureboot_auto_sign --in-place - - readme.gentoo_create_doc -} - -pkg_postinst() { - readme.gentoo_print_elog -} diff --git a/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/metadata.xml b/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/metadata.xml deleted file mode 100644 index 674a9e5d13..0000000000 --- a/sdk_container/src/third_party/portage-stable/sys-firmware/edk2-ovmf-bin/metadata.xml +++ /dev/null @@ -1,11 +0,0 @@ - - - - - virtualization@gentoo.org - Gentoo Virtualization Project - - - cpe:/a:tianocore:edk2 - -