commit: 6137d4c59ea47d77517e925d8bfd46b8b3b1f669 Author: Matthias Maier <tamiko <AT> gentoo <DOT> org> AuthorDate: Sun Jul 28 21:00:39 2019 +0000 Commit: Matthias Maier <tamiko <AT> gentoo <DOT> org> CommitDate: Sun Jul 28 23:17:16 2019 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6137d4c5
sys-firmware/edk2-ovmf: version bump to 201905 * switch to new upstream version number * add secure boot support * versions contains security fixes for all vulnerabilities identified in #678906c1 Closes: https://bugs.gentoo.org/680920 Closes: https://bugs.gentoo.org/681936 Closes: https://bugs.gentoo.org/665152 Bug: https://bugs.gentoo.org/678906 Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Matthias Maier <tamiko <AT> gentoo.org> sys-firmware/edk2-ovmf/Manifest | 5 +- sys-firmware/edk2-ovmf/edk2-ovmf-201905.ebuild | 153 +++++++++++++++++++++++++ 2 files changed, 156 insertions(+), 2 deletions(-) diff --git a/sys-firmware/edk2-ovmf/Manifest b/sys-firmware/edk2-ovmf/Manifest index a061a11c712..579051780e0 100644 --- a/sys-firmware/edk2-ovmf/Manifest +++ b/sys-firmware/edk2-ovmf/Manifest @@ -1,4 +1,5 @@ DIST edk2-ovmf-2017_p20180211-bin.tar.xz 910896 BLAKE2B 2d2ead282cebc1254cae2b10042f809e887a17a83fe67998ddcadf86cdf07e615594b243ab35d3fa8a6d6ce218f8f0bad758ee1db2ab4ff6c08d65419f4078b0 SHA512 88c3c4d7cecc2af1cc4dfa06686f34cc3a5facfb24750c766b47f53dec7267b95b58b391d23038e6a589d1687d2c117f1912d10118e26f99c0906c3d8e90deed DIST edk2-ovmf-2017_p20180211.tar.xz 22977736 BLAKE2B 4d95eaf3017668197632ab7e035ad6c9f1490bde3d27e575170541fd64773fef8676406c88451b8dc996d9d7dd625fa389279105951f02e08f6de025075bd172 SHA512 ee3d70da562ed7dc4647576da8605d25fd9f991b4a96c2ed106e0d1b697af9e0624ad161750ccba7ab3db553ab1c6177780dd9c29a70073eb17729e9ae24c5a7 -DIST edk2-ovmf-2017_pre20170505-bin.tar.xz 874904 BLAKE2B a381d3ca20cf0e1f3aff74335c1d783bb80f0b5c7a8716d8154f2e0a19255780e5b08fae37cab9fa484fc1cbe3bc3b5d40339634ee3b0808bd2b3a8b2849730a SHA512 c7a7d83758214b6ab63c6cefe827a601aaa7656b7f01e03413c84d913078a2b0d8037f70de34d42d8e1614aee794e0ffd7d9e62314eb4e04c21256b70338af5c -DIST edk2-ovmf-2017_pre20170505.tar.xz 22952060 BLAKE2B 7d4da1fed8e76f643e2856be2485f6c398896d61b7ad8fb013e891fd73f69c4acfd9980e7f95aec002cee647719a622711100f8cb6829edecae35ed31b3ef563 SHA512 6da859360448fd6d04d1492c88a7e935f7108c524f7ccfe6aa4c13bf9af9695dbc4a5b8efa274adc86d3105946aaa1ba80bcd9713facdca153f1a3d873797b63 +DIST edk2-ovmf-201905-bin.tar.xz 3017256 BLAKE2B 6a106f111a363f1c2de33c4e7eba48183da6047654512939c286c6d0369e3b4c7705c271e61fa95299ba2b629022be7b5ef665ff096d41373583f5409b5c32fb SHA512 4a174dc1d64769a93de3bf5f9d787e278bfab57e2317699d722aa772e64e8867b3998b7feee58d5e4c66adc79ba9c5023dae2ce786159db7a740b86cf35d923d +DIST edk2-ovmf-201905-bundled.tar.xz 3538508 BLAKE2B a1766180c84ee83987f50fdb6a6c9891dfb983ff78c98f7bc38635ffe484ebf29d4286ff97d7747080e28a655ff14b5939d4505d75ebe6655ecacc7f9d405469 SHA512 be3d8ef1ffb1ddce64883d9ef8dc598c7026d23d2e33c33949d28de81513b6a7f04f840ccb3d42664e918c6603487fbe594261c327921f3250c3998218572774 +DIST edk2-ovmf-201905.tar.gz 14551747 BLAKE2B 6fb3385445fd01c0dea26295a68de2691524e55c96d8a0e85aab1385a9abddc47c13ce3236b952c1299514e542ad0fa4bc9550cc4527945c05109d227a698293 SHA512 91188923f7d1ab83c0d6abf7ec6d59f357d0341a617ad6a3ae05f3d0e041dff43f62b014b0c5fc5d15e16d8f1c279c581a5cd64b31e3d52b340d7ef90adb50f1 diff --git a/sys-firmware/edk2-ovmf/edk2-ovmf-201905.ebuild b/sys-firmware/edk2-ovmf/edk2-ovmf-201905.ebuild new file mode 100644 index 00000000000..246a3853850 --- /dev/null +++ b/sys-firmware/edk2-ovmf/edk2-ovmf-201905.ebuild @@ -0,0 +1,153 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +PYTHON_REQ_USE="sqlite" +PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} ) + +inherit eutils python-any-r1 readme.gentoo-r1 + +DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines" +HOMEPAGE="https://github.com/tianocore/edk2"; + +NON_BINARY_DEPEND=" + >=dev-lang/nasm-2.0.7 + >=sys-power/iasl-20160729 + ${PYTHON_DEPS} +" +DEPEND="" +RDEPEND="" +if [[ ${PV} == "999999" ]] ; then + inherit git-r3 + EGIT_REPO_URI="https://github.com/tianocore/edk2"; + DEPEND+=" + ${NON_BINARY_DEPEND} + " +else + # Binary versions taken from fedora: + # http://download.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/Packages/s/ + # edk2-ovmf-20190501stable-2.fc31.noarch.rpm + SRC_URI=" + !binary? ( + https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> ${P}.tar.gz + https://dev.gentoo.org/~tamiko/distfiles/${P}-bundled.tar.xz + ) + binary? ( https://dev.gentoo.org/~tamiko/distfiles/${P}-bin.tar.xz ) + " + KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd" + IUSE="+binary" + REQUIRED_USE+=" + !amd64? ( binary ) + " + DEPEND+=" + !binary? ( + amd64? ( + ${NON_BINARY_DEPEND} + ) + )" + PATCHES=( + ) +fi + +LICENSE="BSD-2 MIT" +SLOT="0" + +S="${WORKDIR}/edk2-edk2-stable${PV}" + +DISABLE_AUTOFORMATTING=true +DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86 +virtual machines. The firmware is located under + /usr/share/edk2-ovmf/OVMF_CODE.fd + /usr/share/edk2-ovmf/OVMF_VARS.fd + /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd + +If USE=binary is enabled, we also install an OVMF variables file (coming from +fedora) that contains secureboot default keys + + /usr/share/edk2-ovmf/OVMF_VARS.secboot.fd + +If you have compiled this package by hand, you need to either populate all +necessary EFI variables by hand by booting + /usr/share/edk2-ovmf/UefiShell.(iso|img) +or creating OVMF_VARS.secboot.fd by hand: + https://github.com/puiterwijk/qemu-ovmf-secureboot + +The firmware does not support csm (due to no free csm implementation +available). If you need a firmware with csm support you have to download +one for yourself. Firmware blobs are commonly labeled + OVMF{,_CODE,_VARS}-with-csm.fd + +In order to use the firmware you can run qemu the following way + + $ qemu-system-x86_64 \ + -drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \ + ... + +You can register the firmware for use in libvirt by adding to /etc/libvirt/qemu.conf: + nvram = [ + \"/usr/share/edk2-ovmf/OVMF_CODE.fd:/usr/share/edk2-ovmf/OVMF_VARS.fd\" + \"/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd:/usr/share/edk2-ovmf/OVMF_VARS.fd\" + ]" + +pkg_setup() { + [[ ${PV} != "999999" ]] && use binary || python-any-r1_pkg_setup +} + +src_prepare() { + if [[ ${PV} != "999999" ]] && use binary; then + eapply_user + return + fi + default +} + +src_compile() { + TARGET_ARCH=X64 + TARGET_NAME=RELEASE + TARGET_TOOLS=GCC49 + + BUILD_FLAGS="-D TLS_ENABLE \ + -D HTTP_BOOT_ENABLE \ + -D NETWORK_IP6_ENABLE \ + -D FD_SIZE_2MB" + + SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \ + -D SECURE_BOOT_ENABLE \ + -D SMM_REQUIRE \ + -D EXCLUDE_SHELL_FROM_FD" + + [[ ${PV} != "999999" ]] && use binary && return + + emake ARCH=${TARGET_ARCH} -C BaseTools + + . ./edksetup.sh + + mkdir -p ovmf + + ./OvmfPkg/build.sh \ + -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ + ${BUILD_FLAGS} || die "OvmfPkg/build.sh failed" + + cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/ + rm -rf Build/OvmfX64 + + ./OvmfPkg/build.sh \ + -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \ + ${SECUREBOOT_BUILD_FLAGS} || die "OvmfPkg/build.sh failed" + + cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd || die "cp failed" + cp Build/OvmfX64/*/X64/Shell.efi ovmf/ || dies "cp failed" + cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf || dies "cp failed" +} + +src_install() { + insinto /usr/share/${PN} + doins ovmf/* + + readme.gentoo_create_doc +} + +pkg_postinst() { + readme.gentoo_print_elog +}
