Add uname.patch to avoid architecture variability

Signed-off-by: Luca Boccassi <bluca@debian.org>

debian/changelog

@@ -9,6 +9,8 @@ shim (15+1533136590.3beb971-3) UNRELEASED; urgency=medium
   [ Luca Boccassi ]
   * Override lintian error about template rules file.
   * Include /usr/share/dpkg/architecture.mk instead of shelling out.
+  * Add uname.patch to avoid embedding the kernel architecture in the
+    binary and to use a fixed string instead.
 
  -- Luca Boccassi <bluca@debian.org>  Fri, 15 Feb 2019 19:50:10 +0000
 

debian/patches/series

@@ -1 +1,2 @@
 fixup_git.patch
+uname.patch

debian/patches/uname.patch

@@ -0,0 +1,32 @@
+Author: Luca Boccassi <bluca@debian.org>
+Description: Makefile: use fixed build host if SOURCE_DATE_EPOCH is defined
+ If SOURCE_DATE_EPOCH is defined then we can be reasonably sure the
+ user wants the build to be fully reproducible, so use a fixed string.
+ In case of a cross build, using uname -s -m -p -i o will still report
+ the host's kernel architecture, which will trip some CIs like
+ Debian's.
+Forwarded: https://github.com/rhboot/shim/pull/169
+--- a/Makefile
++++ b/Makefile
+@@ -46,6 +46,12 @@ ifneq ($(origin ENABLE_HTTPBOOT), undefined)
+ 	SOURCES += httpboot.c include/httpboot.h
+ endif
+ 
++ifeq ($(SOURCE_DATE_EPOCH),)
++	UNAME=$(shell uname -s -m -p -i -o)
++else
++	UNAME=buildhost
++endif
++
+ SOURCES = $(foreach source,$(ORIG_SOURCES),$(TOPDIR)/$(source)) version.c
+ MOK_SOURCES = $(foreach source,$(ORIG_MOK_SOURCES),$(TOPDIR)/$(source))
+ FALLBACK_SRCS = $(foreach source,$(ORIG_FALLBACK_SRCS),$(TOPDIR)/$(source))
+@@ -66,7 +72,7 @@ shim_cert.h: shim.cer
+ 
+ version.c : $(TOPDIR)/version.c.in
+ 	sed	-e "s,@@VERSION@@,$(VERSION)," \
+-		-e "s,@@UNAME@@,$(shell uname -s -m -p -i -o)," \
++		-e "s,@@UNAME@@,$(UNAME)," \
+ 		-e "s,@@COMMIT@@,$(COMMIT_ID)," \
+ 		< $< > $@
+