Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
ovmf
ovmf.spec
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File ovmf.spec of Package ovmf
# # spec file for package ovmf # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # # needssslcertforbuild %undefine _build_create_debug %global openssl_version 1.1.0h Name: ovmf Url: http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=EDK2 Summary: Open Virtual Machine Firmware License: BSD-2-Clause Group: System/Emulators/PC Version: 2017+git1510945757.b2662641d5 Release: 0 Source0: %{name}-%{version}.tar.xz Source1: https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz Source111: https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz.asc Source112: openssl.keyring Source2: README Source3: SLES-UEFI-CA-Certificate-2048.crt Source5: MicCorKEKCA2011_2011-06-24.crt Source6: MicCorUEFCA2011_2011-06-27.crt Source7: openSUSE-UEFI-CA-Certificate-2048.crt Source8: openSUSE-UEFI-SIGN-Certificate-2048.crt Source9: openSUSE-UEFI-CA-Certificate-4096.crt Source10: openSUSE-UEFI-SIGN-Certificate-4096.crt Source11: http://www.uefi.org/sites/default/files/resources/dbxupdate.zip Source12: strip_authinfo.pl Source13: MicWinProPCA2011_2011-10-19.crt Source14: owner-guid-zero.h Source100: %{name}-rpmlintrc Source101: gdb_uefi.py.in Patch2: %{name}-embed-default-keys.patch Patch3: %{name}-gdb-symbols.patch Patch4: %{name}-pie.patch Patch5: %{name}-disable-ia32-firmware-piepic.patch Patch6: %{name}-bsc1092943-fix-attributes-table.patch Patch7: %{name}-bsc1099193-fix-sev-flash-variables.patch Patch8: %{name}-bsc1115916-fix-timestamp-zeroing.patch Patch9: %{name}-bsc1115917-bounds-checking-for-ueficompress.patch Patch10: %{name}-bsc1127820-fix-blockio-buffer-overflow.patch Patch11: %{name}-bsc1127821-dns-check-packet-size.patch Patch12: %{name}-bsc1127822-fix-fv-parsing.patch Patch13: %{name}-bsc1128503-fix-stack-overflow-in-HiiImage-and-HiiDatabase.patch Patch14: %{name}-bsc1130267-overflow-in-partition-and-udf.patch Patch15: %{name}-bsc1131361-fix-stack-overflow-xhci.patch Patch16: %{name}-bsc1163959-PiDxeS3BootScriptLib-fix-numeric-truncation.patch Patch17: %{name}-bsc1153072-fix-openssllib.patch Patch18: %{name}-bsc1153072-fix-http-cert-verification.patch Patch19: %{name}-bsc1163969-fix-DxeImageVerificationHandler.patch Patch20: %{name}-bsc1163927-fix-ip4dxe-and-arpdxe.patch Patch21: %{name}-bsc1163927-fix-ping-and-ip6dxe.patch Patch22: %{name}-bsc1175476-fix-DxeImageVerificationLib-overflow.patch Patch23: %{name}-bsc1177789-cryptopkg-fix-null-dereference.patch Patch24: %{name}-bsc1183578-lzma-catch-4GB.patch Patch25: %{name}-bsc1183579-fix-fv-recursion.patch Patch26: %{name}-bsc1186151-fix-iscsi-overflows.patch Patch27: %{name}-bsc1196741-MdeModulePkg-PiSmmCore-SmmEntryPoint-underflow-CVE-2.patch Patch28: %{name}-bsc1174246-SecurityPkg-DxeImageVerificationLib-Check-result-of-.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: fdupes BuildRequires: gcc BuildRequires: gcc-c++ BuildRequires: iasl BuildRequires: libuuid-devel BuildRequires: python %ifnarch %arm BuildRequires: nasm %endif %ifarch x86_64 BuildRequires: openssl BuildRequires: unzip %if 0%{?suse_version} BuildRequires: vim-base %else BuildRequires: vim-common %endif %endif ExclusiveArch: %ix86 x86_64 aarch64 %arm %description The Open Virtual Machine Firmware (OVMF) project aims to support firmware for Virtual Machines using the edk2 code base. %package tools Summary: The BaseTools from edk2 Group: System/Emulators/PC %description tools The Open Virtual Machine Firmware (OVMF) project aims to support firmware for Virtual Machines using the edk2 code base. This package contains the tools from edk2. %ifarch %ix86 %package -n qemu-ovmf-ia32 Summary: Open Virtual Machine Firmware - QEMU rom images (IA32) Group: System/Emulators/PC BuildArch: noarch Requires: qemu %description -n qemu-ovmf-ia32 The Open Virtual Machine Firmware (OVMF) project aims to support firmware for Virtual Machines using the edk2 code base. This package contains UEFI rom images for exercising UEFI secure boot in a qemu environment (IA32) %endif %ifarch x86_64 %package -n qemu-ovmf-x86_64 Summary: Open Virtual Machine Firmware - QEMU rom images (x86_64) Group: System/Emulators/PC BuildArch: noarch Requires: qemu %description -n qemu-ovmf-x86_64 The Open Virtual Machine Firmware (OVMF) project aims to support firmware for Virtual Machines using the edk2 code base. This package contains UEFI rom images for exercising UEFI secure boot in a qemu environment (x86_64) %package -n qemu-ovmf-x86_64-debug Summary: Open Virtual Machine Firmware - debug symbols (x86_64) Group: Development/Debug Requires: qemu %description -n qemu-ovmf-x86_64-debug The Open Virtual Machine Firmware (OVMF) project aims to support firmware for Virtual Machines using the edk2 code base. This package contains the debug symbols for UEFI rom images (x86_64) %endif %ifarch aarch64 %package -n qemu-uefi-aarch64 Summary: UEFI QEMU rom image (AArch64) Group: System/Emulators/PC BuildArch: noarch %description -n qemu-uefi-aarch64 This package contains the UEFI rom image (AArch64) for QEMU cortex-a57 virt board. %endif %ifarch %arm %package -n qemu-uefi-aarch32 Summary: UEFI QEMU rom image (AArch32) Group: System/Emulators/PC BuildArch: noarch %description -n qemu-uefi-aarch32 This package contains the UEFI rom image (AArch32) for QEMU cortex-a15 virt board. %endif %prep %setup -q -n %{name}-%{version} # bsc#973038 Remove the packages we don't need to avoid any potential # license issue. PKG_TO_REMOVE="AppPkg DuetPkg CorebootModulePkg CorebootPayloadPkg \ EmulatorPkg Nt32Pkg Omap35xxPkg QuarkPlatformPkg QuarkSocPkg StdLib \ StdLibPrivateInternalFiles UnixPkg Vlv2DeviceRefCodePkg Vlv2TbltDevicePkg" rm -rf $PKG_TO_REMOVE %ifarch x86_64 %patch2 -p1 %endif %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 %patch11 -p1 %patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1 %patch16 -p1 %patch17 -p1 %patch18 -p1 %patch19 -p1 %patch20 -p1 %patch21 -p1 %patch22 -p1 %patch23 -p1 %patch24 -p1 %patch25 -p1 %patch26 -p1 %patch27 -p1 %patch28 -p1 # add openssl pushd CryptoPkg/Library/OpensslLib tar -xf %{SOURCE1} mv openssl-%{openssl_version} openssl popd %build OVMF_FLAGS="-D SECURE_BOOT_ENABLE -D NETWORK_IP6_ENABLE -D HTTP_BOOT_ENABLE -D TLS_ENABLE" %if 0%{?suse_version} > 1320 TOOL_CHAIN_TAG=GCC5 %else echo `gcc -dumpversion` TOOL_CHAIN_TAG=GCC$(gcc -dumpversion|sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/') %endif %ifarch %ix86 OVMF_FLAGS="$OVMF_FLAGS -D FD_SIZE_2MB" BUILD_OPTIONS="$OVMF_FLAGS -a IA32 -p OvmfPkg/OvmfPkgIa32.dsc -b DEBUG -t $TOOL_CHAIN_TAG" make -C BaseTools %else %ifarch x86_64 BUILD_OPTIONS="$OVMF_FLAGS -a X64 -p OvmfPkg/OvmfPkgX64.dsc -b DEBUG -t $TOOL_CHAIN_TAG" make -C BaseTools %else %ifarch aarch64 BUILD_OPTIONS="$OVMF_FLAGS -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc -b DEBUG -t $TOOL_CHAIN_TAG" ARCH=AARCH64 make -C BaseTools %else %ifarch %arm BUILD_OPTIONS="-a ARM -p ArmVirtPkg/ArmVirtQemu.dsc -b RELEASE -t $TOOL_CHAIN_TAG" ARCH=ARM make -C BaseTools %else echo "ERROR: unsupported architecture" false %endif #arm %endif #aarch64 %endif #x86_64 %endif #ix86 . ./edksetup.sh %ifarch %ix86 # Build the UEFI image build $BUILD_OPTIONS cp Build/OvmfIa32/DEBUG_*/FV/OVMF.fd ovmf-ia32.bin cp Build/OvmfIa32/DEBUG_*/FV/OVMF_CODE.fd ovmf-ia32-code.bin cp Build/OvmfIa32/DEBUG_*/FV/OVMF_VARS.fd ovmf-ia32-vars.bin %else %ifarch x86_64 # Build the 2MB UEFI image for the backward compatibility build $BUILD_OPTIONS -D FD_SIZE_2MB collect_debug_files() { target="$1" out_dir="debug/$target" abs_path="`pwd`/$out_dir/" source_path="`pwd`" gdb_src_path="/usr/src/debug/ovmf-x86_64" # copy the debug symbols mkdir -p $out_dir pushd Build/OvmfX64/DEBUG_GCC*/X64/ find . -mindepth 2 -type f -name "*.debug" -exec cp --parents -a {} $abs_path \; cp --parents -a DebugPkg/GdbSyms/GdbSyms/DEBUG/GdbSyms.dll $abs_path build_path=`pwd` popd # Change the path in the python gdb script sed "s:__BUILD_PATH__:$build_path:;s:__SOURCE_PATH__:$source_path:;s:__GDB_SRC_PATH__:$gdb_src_path:;s/__FLAVOR__/$target/" \ %{SOURCE101} > gdb_uefi-$target.py } cp Build/OvmfX64/DEBUG_*/FV/OVMF.fd ovmf-x86_64.bin cp Build/OvmfX64/DEBUG_*/FV/OVMF_CODE.fd ovmf-x86_64-code.bin cp Build/OvmfX64/DEBUG_*/FV/OVMF_VARS.fd ovmf-x86_64-vars.bin # Collect the debug files collect_debug_files ovmf-x86_64 # Collect the source mkdir -p source/ovmf-x86_64 # TODO get the source list from debug files src_list=`find Build/OvmfX64/DEBUG_GCC*/X64/ -mindepth 1 -maxdepth 1 -type d -exec basename {} \;` find $src_list \( -name "*.c" -o -name "*.h" \) -type f -exec cp --parents -a {} source/ovmf-x86_64 \; find source/ovmf-x86_64 -name *.c -type f -exec chmod 0644 {} \; # Build the 4MB UEFI image build $BUILD_OPTIONS -D FD_SIZE_4MB cp Build/OvmfX64/DEBUG_*/FV/OVMF.fd ovmf-x86_64-4m.bin cp Build/OvmfX64/DEBUG_*/FV/OVMF_CODE.fd ovmf-x86_64-4m-code.bin cp Build/OvmfX64/DEBUG_*/FV/OVMF_VARS.fd ovmf-x86_64-4m-vars.bin collect_debug_files ovmf-x86_64-4m build_with_keys() { suffix_base="$1" xxd -i Default_PK > SecurityPkg/Library/AuthVariableLib/Default_PK.h xxd -i Default_KEK > SecurityPkg/Library/AuthVariableLib/Default_KEK.h xxd -i Default_DB > SecurityPkg/Library/AuthVariableLib/Default_DB.h xxd -i Default_DB_EX > SecurityPkg/Library/AuthVariableLib/Default_DB_EX.h xxd -i Default_DBX > SecurityPkg/Library/AuthVariableLib/Default_DBX.h cat Default_Owner > SecurityPkg/Library/AuthVariableLib/Default_Owner.h for suffix in $suffix_base $suffix_base-4m; do if [ "$suffix" = "$suffix_base-4m" ]; then build $BUILD_OPTIONS -D FD_SIZE_4MB else build $BUILD_OPTIONS -D FD_SIZE_2MB fi cp Build/OvmfX64/DEBUG_*/FV/OVMF.fd ovmf-x86_64-$suffix.bin cp Build/OvmfX64/DEBUG_*/FV/OVMF_CODE.fd ovmf-x86_64-$suffix-code.bin cp Build/OvmfX64/DEBUG_*/FV/OVMF_VARS.fd ovmf-x86_64-$suffix-vars.bin collect_debug_files ovmf-x86_64-$suffix done } # OVMF with SUSE keys openssl x509 -in %{SOURCE3} -outform DER > Default_PK openssl x509 -in %{SOURCE3} -outform DER > Default_KEK openssl x509 -in %{SOURCE3} -outform DER > Default_DB truncate -s 0 Default_DB_EX truncate -s 0 Default_DBX cat %{SOURCE14} > Default_Owner build_with_keys suse #unpack the UEFI revocation list unzip %{SOURCE11} # OVMF with MS keys cat %{SOURCE5} > Default_PK cat %{SOURCE5} > Default_KEK cat %{SOURCE6} > Default_DB cat %{SOURCE13} > Default_DB_EX chmod 755 %{SOURCE12} %{SOURCE12} dbxupdate.bin Default_DBX echo "EFI_GUID DefaultOwnerGUID = {0x77fa9abd, 0x0359, 0x4d32, {0xbd, 0x60, 0x28, 0xf4, 0xe7, 0x8f, 0x78, 0x4b}};" > \ Default_Owner build_with_keys ms # OVMF with openSUSE keys openssl x509 -in %{SOURCE7} -outform DER > Default_PK openssl x509 -in %{SOURCE7} -outform DER > Default_KEK openssl x509 -in %{SOURCE7} -outform DER > Default_DB truncate -s 0 Default_DB_EX truncate -s 0 Default_DBX cat %{SOURCE14} > Default_Owner build_with_keys opensuse # OVMF with openSUSE keys (4096 bit CA) openssl x509 -in %{SOURCE9} -outform DER > Default_PK openssl x509 -in %{SOURCE9} -outform DER > Default_KEK openssl x509 -in %{SOURCE9} -outform DER > Default_DB truncate -s 0 Default_DB_EX truncate -s 0 Default_DBX cat %{SOURCE14} > Default_Owner build_with_keys opensuse-4096 if [ -e %{_sourcedir}/_projectcert.crt ]; then prjissuer=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -issuer_hash) opensusesubject=$(openssl x509 -in %{SOURCE7} -noout -subject_hash) slessubject=$(openssl x509 -in %{SOURCE3} -noout -subject_hash) if [ "$prjissuer" != "$opensusesubject" -a "$prjissuer" != "$slessubject" ]; then openssl x509 -in %{_sourcedir}/_projectcert.crt -outform DER > Default_PK openssl x509 -in %{_sourcedir}/_projectcert.crt -outform DER > Default_KEK openssl x509 -in %{_sourcedir}/_projectcert.crt -outform DER > Default_DB truncate -s 0 Default_DB_EX truncate -s 0 Default_DBX cat %{SOURCE14} > Default_Owner build_with_keys devel fi fi %else %ifarch aarch64 # Build the UEFI image build $BUILD_OPTIONS cp Build/ArmVirtQemu-AARCH64/DEBUG_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch64.bin dd of="aavmf-aarch64-code.bin" if="/dev/zero" bs=1M count=64 dd of="aavmf-aarch64-code.bin" if="qemu-uefi-aarch64.bin" conv=notrunc dd of="aavmf-aarch64-vars.bin" if="/dev/zero" bs=1M count=64 %else %ifarch %arm # Build the UEFI image build $BUILD_OPTIONS cp Build/ArmVirtQemu-ARM/RELEASE_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch32.bin %endif #arm %endif #aarch64 %endif #x86_64 %endif #ix86 %install rm -rf %{buildroot} cp %{SOURCE2} README sed -i s/'\r'// License.txt # Install BaseTools install -d %{buildroot}/%{_bindir} install -m 0755 --strip BaseTools/Source/C/bin/EfiRom %{buildroot}/%{_bindir} %ifarch %ix86 tr -d '\r' < OvmfPkg/License.txt > License-ovmf.txt install -m 0644 -D ovmf-ia32.bin %{buildroot}/%{_datadir}/qemu/ovmf-ia32.bin install -m 0644 -D ovmf-ia32-code.bin %{buildroot}/%{_datadir}/qemu/ovmf-ia32-code.bin install -m 0644 -D ovmf-ia32-vars.bin %{buildroot}/%{_datadir}/qemu/ovmf-ia32-vars.bin %else %ifarch x86_64 tr -d '\r' < OvmfPkg/License.txt > License-ovmf.txt install -m 0644 -D ovmf-x86_64.bin %{buildroot}/%{_datadir}/qemu/ovmf-x86_64.bin install -m 0644 ovmf-x86_64-*.bin %{buildroot}/%{_datadir}/qemu/ %fdupes %{buildroot}/%{_datadir}/qemu/ # Install debug symbols, gdb-uefi.py install -d %{buildroot}/%{_datadir}/ovmf-x86_64/ install -m 0644 gdb_uefi-*.py %{buildroot}/%{_datadir}/ovmf-x86_64/ mkdir -p %{buildroot}/usr/lib/debug mv debug/ovmf-x86_64* %{buildroot}/usr/lib/debug %fdupes %{buildroot}/usr/lib/debug/ovmf-x86_64* mkdir -p %{buildroot}/usr/src/debug mv source/ovmf-x86_64* %{buildroot}/usr/src/debug %fdupes -s %{buildroot}/usr/src/debug/ovmf-x86_64 %else %ifarch aarch64 install -m 0644 -D qemu-uefi-aarch64.bin %{buildroot}/%{_datadir}/qemu/qemu-uefi-aarch64.bin install -m 0644 -D aavmf-aarch64-code.bin %{buildroot}/%{_datadir}/qemu/aavmf-aarch64-code.bin install -m 0644 -D aavmf-aarch64-vars.bin %{buildroot}/%{_datadir}/qemu/aavmf-aarch64-vars.bin %else %ifarch %arm install -m 0644 -D qemu-uefi-aarch32.bin %{buildroot}/%{_datadir}/qemu/qemu-uefi-aarch32.bin %endif #arm %endif #aarch64 %endif #x86_64 %endif #ix86 %files %defattr(-,root,root) %doc README %files tools %defattr(-,root,root) %doc BaseTools/UserManuals/EfiRom_Utility_Man_Page.rtf %{_bindir}/EfiRom %ifarch %ix86 %files -n qemu-ovmf-ia32 %defattr(-,root,root) %doc License.txt License-ovmf.txt %dir %{_datadir}/qemu/ %{_datadir}/qemu/ovmf-ia32*.bin %endif %ifarch x86_64 %files -n qemu-ovmf-x86_64 %defattr(-,root,root) %doc License.txt License-ovmf.txt %dir %{_datadir}/qemu/ %{_datadir}/qemu/ovmf-x86_64*.bin %files -n qemu-ovmf-x86_64-debug %defattr(-,root,root) %{_datadir}/ovmf-x86_64/ %dir /usr/lib/debug/ /usr/lib/debug/ovmf-x86_64* %dir /usr/src/debug/ /usr/src/debug/ovmf-x86_64* %endif %ifarch aarch64 %files -n qemu-uefi-aarch64 %defattr(-,root,root) %doc License.txt %dir %{_datadir}/qemu/ %{_datadir}/qemu/qemu-uefi-aarch64.bin %{_datadir}/qemu/aavmf-aarch64-code.bin %{_datadir}/qemu/aavmf-aarch64-vars.bin %endif %ifarch %arm %files -n qemu-uefi-aarch32 %defattr(-,root,root) %doc License.txt %dir %{_datadir}/qemu/ %{_datadir}/qemu/qemu-uefi-aarch32.bin %endif %changelog
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor