efi-boot-shim

mirror of https://git.proxmox.com/git/efi-boot-shim synced 2025-10-04 11:23:32 +00:00

Author	SHA1	Message	Date
Steve McIntyre	c658a174b6	Remove artifacts imported by mistake	2024-05-04 22:06:17 +01:00
Steve McIntyre	9b91206a20	Install a copy of the Debian CA certificate into /usr/share/shim. Closes: #1069054	2024-05-04 22:05:56 +01:00
Steve McIntyre	91350387a8	Release 15.8-1~deb12u1 for bookworm	2024-05-04 14:21:09 +01:00
Steve McIntyre	00d057c5fd	Update version for bookworm	2024-05-03 16:18:29 +01:00
Steve McIntyre	bd9f3bf331	Force usage of newest revocations at build time Force shim to use the latest revocations by default to block some older grub / peimage issues. This is: "shim,4\ngrub,4\ngrub.peimage,2\n" This should work with the current released grub builds in all of buster, bullseye, bookwork and trixie/unstable. Let's not leave known security holes in the wild.	2024-05-03 16:06:30 +01:00
Steve McIntyre	bb0763da91	Cherry-pick latest grub revocation patches from upstream shim 0001-sbat-Add-grub.peimage-2-to-latest-CVE-2024-2312.patch 0002-sbat-Also-bump-latest-for-grub-4-and-to-todays-date.patch	2024-05-03 16:06:18 +01:00
Steve McIntyre	2c85966cf3	Log if the build is nx-compatible or not Add a new simple script to do this: check_nx	2024-05-03 16:03:35 +01:00
Steve McIntyre	487a9b02c1	Switch to 15.8 upstream and drop patches	2024-05-03 16:02:10 +01:00
Steve McIntyre	fd2d9f032c	New upstream version 15.8	2024-05-03 16:02:10 +01:00
Steve McIntyre	3cf4042d82	Tweak the UUID handling to be clearer	2024-05-02 22:13:14 +01:00
Bastien Roucariès	d6a5a165a3	Add salsa-ci.yml	2024-05-02 14:05:24 +00:00
Steve McIntyre	e341fd592a	Merge branch 'fixes20240429' into 'master' Apply multi-arch hints. + shim-unsigned: Add Multi-Arch: same. See merge request efi-team/shim!15	2024-04-29 09:59:09 +00:00
Bastien Roucariès	be3d8a28b3	Add changelog entry	2024-04-29 09:56:29 +00:00
Bastien Roucariès	4a964bbad9	Add verification of upstream release	2024-04-29 09:56:05 +00:00
Bastien Roucariès	afef7adbba	Fix d/watch	2024-04-29 09:55:58 +00:00
Bastien Roucariès	192a0b206a	Closes: #936009	2024-04-29 09:55:31 +00:00
Debian Janitor	13d3737c61	Apply multi-arch hints. + shim-unsigned: Add Multi-Arch: same. Changes-By: apply-multiarch-hints	2024-04-29 09:54:28 +00:00
Steve McIntyre	ee48d7e529	Merge branch 'tests' into 'master' Tests See merge request efi-team/shim!14	2024-04-17 20:21:14 +00:00
Bastien Roucariès	c62e4f08ea	Add machine smm=on	2024-04-16 15:05:51 +00:00
Bastien Roucariès	e5d065c169	Fix test failure	2024-04-15 20:07:29 +00:00
Bastien Roucariès	9f6871197e	Fix depreciation warnings	2024-04-15 14:59:47 +00:00
Bastien Roucariès	71205e8fc8	Use popen for lsb_release	2024-04-15 14:54:14 +00:00
Bastien Roucariès	560b61840b	Fix depends	2024-04-15 14:35:45 +00:00
Bastien Roucariès	5c55ced253	Update changelog	2024-04-15 14:35:31 +00:00
Bastien Roucariès	586dedee72	Port to debian	2024-04-15 14:15:23 +00:00
Bastien Roucariès	79b95f1092	Add ubuntu test	2024-04-15 14:15:22 +00:00
Steve McIntyre	f4f4e39e16	generate_dbx_list: pick a fixed UUID otherwise our build won't be reproducible, doh!	2024-01-20 23:15:22 +00:00
Steve McIntyre	7686debad8	Tweak building with pesign changes We used to use efisiglist to generate the DBX list. Newer versions of the pesign package don't include it any more, and the recommended replacement tool is now efisecdb from efivar. Tweak the generate_dbx_list script to work with both old and new. Let's make backports easy...	2023-11-02 00:47:18 +00:00
Steve McIntyre	e02f5a2563	Release 15.7-1	2023-01-31 10:18:29 +00:00
Steve McIntyre	77729f4c4b	Swith to using the upstream "enable NX" patch	2023-01-30 18:12:20 +00:00
Steve McIntyre	ba98d1fec3	Block Debian grub binaries with sbat < 4 (see #1024617 )	2023-01-29 23:35:03 +00:00
Steve McIntyre	736533df5b	Enable NX support at build time As required by policy for signing new shim binaries.	2023-01-24 22:37:23 +00:00
Steve McIntyre	b82b07b854	Update upstream commit hash in build We're using 657b2483ca6e9fcf2ad8ac7ee577ff546d24c3aa, which is the 15.7 release plus the one patch we're applying.	2023-01-22 15:12:23 +00:00
Steve McIntyre	540e7f5455	Update to Standards-Version 4.6.2 (no changes needed)	2023-01-22 14:06:29 +00:00
Steve McIntyre	65f161eefe	Switch to using gcc-12 Closes: #1022180	2023-01-22 14:05:16 +00:00
Steve McIntyre	b61b8af886	Switch to new upstream (15.7) Also import patch to deal with buggy binutils	2023-01-22 13:14:06 +00:00
Steve McIntyre	621dd4fde1	Update upstream source from tag 'upstream/15.7' Update to upstream version '15.7' with Debian dir `f802105ae0`	2023-01-22 13:05:11 +00:00
Steve McIntyre	2dd2f7600d	New upstream version 15.7	2023-01-22 13:05:10 +00:00
Steve McIntyre	85e5473c58	Release 15.6-1	2022-07-21 13:04:36 +01:00
Steve McIntyre	84c2b7db29	Start packaging updates for the new 15.6 upstream release Remove all our patches, all upstream now	2022-06-23 00:23:21 +01:00
Steve McIntyre	e6ace38abd	New upstream version 15.6	2022-06-23 00:16:56 +01:00
Steve McIntyre	21378c99da	Update upstream source from tag 'upstream/15.6' Update to upstream version '15.6' with Debian dir `952ad3d5a9`	2022-06-23 00:16:56 +01:00
Steve McIntyre	64da2668f6	Update the 32-bit format patch after upstream review	2022-05-01 19:17:48 +01:00
Steve McIntyre	84d9f457b8	Add patch headers for our patches now I've pushed PRs	2022-04-28 12:51:50 +01:00
Steve McIntyre	9a9d0229ad	Try again on the string format fix	2022-04-28 00:58:55 +01:00
Steve McIntyre	c8efa9abf7	Fix format strings for 32-bit builds	2022-04-28 00:47:27 +01:00
Steve McIntyre	e4de724317	Add new build-dep on libefivar-dev for tests	2022-04-28 00:19:27 +01:00
Steve McIntyre	edae75636d	Try again with includes	2022-04-28 00:06:41 +01:00
Steve McIntyre	b947ca6ac0	Tweak setup for dh_auto_test so the tests work	2022-04-27 23:15:28 +01:00
Steve McIntyre	7c81b875e3	Start packaging updates for the new 15.51 upstream release Remove all our patches, all upstream now.	2022-04-27 22:57:39 +01:00

1 2 3 4 5 ...

1518 Commits