]>
Commit | Line | Data |
---|---|---|
c86d9dac SL |
1 | #!/usr/bin/make -f |
2 | ||
aa19fc4d HG |
3 | include /usr/share/dpkg/architecture.mk |
4 | ||
21ebe035 SL |
5 | # Other vendors, add your certs here. No sense in using |
6 | # dpkg-vendor --derives-from, because only Canonical-generated binaries will | |
7 | # be signed with this key; so if you are building your own shim binary you | |
8 | # should be building the other binaries also. | |
9 | ifeq ($(shell dpkg-vendor --is ubuntu && echo yes),yes) | |
10 | cert=debian/canonical-uefi-ca.der | |
c3fa7299 | 11 | distributor=ubuntu |
e914483c | 12 | COMMON_OPTIONS ?= ENABLE_SHIM_CERT=1 ENABLE_SBSIGN=1 |
21ebe035 SL |
13 | else |
14 | cert=debian/debian-uefi-ca.der | |
c3fa7299 | 15 | distributor=debian |
21ebe035 SL |
16 | endif |
17 | ||
9b014236 SM |
18 | deb_version := $(shell dpkg-parsechangelog | sed -ne "s/^Version: \(.*\)/\1/p") |
19 | upstream_version := $(shell echo $(deb_version) | sed -e "s/-[^-]*$$//") | |
20 | plain_upstream_version := $(shell echo $(upstream_version) | sed -e "s/+dfsg.*//") | |
2e0a83e1 | 21 | |
55d55457 | 22 | DBX_LIST = dbx.esl |
23 | DBX_HASHES = debian/$(distributor)-dbx.hashes | |
2e0a83e1 SM |
24 | SBAT_IN = debian/sbat.$(distributor).csv.in |
25 | SBAT_DATA = data/sbat.$(distributor).csv | |
6cf246a5 | 26 | |
9bfbee89 | 27 | include /usr/share/dpkg/architecture.mk |
1d945f76 | 28 | |
5d42729f MTL |
29 | ifeq ($(DEB_HOST_ARCH),amd64) |
30 | export EFI_ARCH := x64 | |
cebae05a SL |
31 | endif |
32 | ifeq ($(DEB_HOST_ARCH),arm64) | |
3802e1ad | 33 | export EFI_ARCH := aa64 |
5d42729f | 34 | endif |
21efb35c SL |
35 | ifeq ($(DEB_HOST_ARCH),i386) |
36 | export EFI_ARCH := ia32 | |
37 | endif | |
5d42729f | 38 | |
e914483c | 39 | COMMON_OPTIONS += \ |
f42b58fc | 40 | RELEASE=15 \ |
371ed906 | 41 | COMMIT_ID=888f5b544b7cce3cdae8074aa617b1d4add271a1 \ |
c3fa7299 MTL |
42 | MAKELEVEL=0 \ |
43 | EFI_PATH=/usr/lib \ | |
f42b58fc | 44 | ENABLE_HTTPBOOT=true \ |
c3fa7299 | 45 | VENDOR_CERT_FILE=$(cert) \ |
6cf246a5 | 46 | VENDOR_DBX_FILE=$(DBX_LIST) \ |
c3fa7299 | 47 | EFIDIR=$(distributor) \ |
aa19fc4d | 48 | CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- \ |
334e9afa | 49 | CC=$(DEB_HOST_GNU_TYPE)-gcc-10 \ |
c3fa7299 MTL |
50 | $(NULL) |
51 | ||
a4273971 | 52 | $(DBX_LIST): $(DBX_HASHES) |
de3def7f | 53 | ./debian/generate_dbx_list $(EFI_ARCH) $< $@ |
6cf246a5 | 54 | |
2e0a83e1 SM |
55 | $(SBAT_DATA): $(SBAT_IN) |
56 | rm -f $@ | |
57 | set -e; \ | |
58 | sed -e "s/@DEB_VERSION@/$(deb_version)/g" \ | |
59 | -e "s/@UPSTREAM_VERSION@/$(plain_upstream_version)/g" \ | |
60 | < $(SBAT_IN) > $(SBAT_DATA) | |
61 | # If we have an empty $(SBAT_DATA), delete | |
62 | if [ ! -s $(SBAT_DATA) ]; then rm -f $(SBAT_DATA); fi | |
63 | ||
c86d9dac | 64 | %: |
f320bcac | 65 | dh $@ |
693c3089 | 66 | |
62a4fa2d MTL |
67 | override_dh_auto_clean: |
68 | dh_auto_clean -- MAKELEVEL=0 | |
2e0a83e1 | 69 | rm -f $(DBX_LIST) $(SBAT_DATA) sbat.*.csv |
ee22d425 | 70 | |
2e0a83e1 | 71 | override_dh_auto_build: $(DBX_LIST) $(SBAT_DATA) |
c3fa7299 | 72 | dh_auto_build -- $(COMMON_OPTIONS) |
21ebe035 | 73 | |
f841331c | 74 | override_dh_auto_install: |
c3fa7299 | 75 | dh_auto_install --destdir=debian/tmp -- $(COMMON_OPTIONS) |
bcc26d6d SM |
76 | # Remove the copy of the source that's installed - we have git |
77 | # already... | |
78 | rm -rf debian/tmp/usr | |
79 | # And remove the extra removable-media copy of shim too, it's | |
80 | # not needed for our build and causes debhelper to complain | |
81 | rm -f debian/tmp/boot/efi/EFI/BOOT/BOOT*.EFI | |
f7add225 | 82 | ./debian/signing-template.generate |
9b014236 SM |
83 | |
84 | generate-gnu-efi: | |
85 | git -C gnu-efi archive --prefix=gnu-efi/ HEAD | xz -9 \ | |
3139bb35 | 86 | > ../shim_$(plain_upstream_version).orig-gnu-efi.tar.xz |