[efi-boot-shim.git] / debian / rules

#!/usr/bin/make -f

include /usr/share/dpkg/architecture.mk

# Other vendors, add your certs here.  No sense in using
# dpkg-vendor --derives-from, because only Canonical-generated binaries will
# be signed with this key; so if you are building your own shim binary you
# should be building the other binaries also.
ifeq ($(shell dpkg-vendor --is ubuntu && echo yes),yes)
	cert=debian/canonical-uefi-ca.der
	distributor=ubuntu
COMMON_OPTIONS ?= ENABLE_SHIM_CERT=1 ENABLE_SBSIGN=1
else
	cert=debian/debian-uefi-ca.der
	distributor=debian
endif

deb_version             := $(shell dpkg-parsechangelog | sed -ne "s/^Version: \(.*\)/\1/p")
upstream_version        := $(shell echo $(deb_version) | sed -e "s/-[^-]*$$//")
plain_upstream_version  := $(shell echo $(upstream_version) | sed -e "s/+dfsg.*//")

DBX_LIST = dbx.esl
DBX_HASHES = debian/$(distributor)-dbx.hashes
SBAT_IN = debian/sbat.$(distributor).csv.in
SBAT_DATA = data/sbat.$(distributor).csv

include /usr/share/dpkg/architecture.mk

ifeq ($(DEB_HOST_ARCH),amd64)
export EFI_ARCH := x64
endif
ifeq ($(DEB_HOST_ARCH),arm64)
export EFI_ARCH := aa64
endif
ifeq ($(DEB_HOST_ARCH),i386)
export EFI_ARCH := ia32
endif

COMMON_OPTIONS += \
	RELEASE=15 \
	COMMIT_ID=888f5b544b7cce3cdae8074aa617b1d4add271a1 \
	MAKELEVEL=0 \
	EFI_PATH=/usr/lib \
	ENABLE_HTTPBOOT=true \
	VENDOR_CERT_FILE=$(cert) \
	VENDOR_DBX_FILE=$(DBX_LIST) \
	EFIDIR=$(distributor) \
	CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- \
	CC=$(DEB_HOST_GNU_TYPE)-gcc-10 \
	$(NULL)

$(DBX_LIST): $(DBX_HASHES)
	./debian/generate_dbx_list $(EFI_ARCH) $< $@

$(SBAT_DATA): $(SBAT_IN)
	rm -f $@
	set -e; \
	sed -e "s/@DEB_VERSION@/$(deb_version)/g" \
		-e "s/@UPSTREAM_VERSION@/$(plain_upstream_version)/g" \
		< $(SBAT_IN) > $(SBAT_DATA)
	# If we have an empty $(SBAT_DATA), delete
	if [ ! -s $(SBAT_DATA) ]; then rm -f $(SBAT_DATA); fi

%:
	dh $@

override_dh_auto_clean:
	dh_auto_clean -- MAKELEVEL=0
	rm -f $(DBX_LIST) $(SBAT_DATA) sbat.*.csv

override_dh_auto_build: $(DBX_LIST) $(SBAT_DATA)
	dh_auto_build -- $(COMMON_OPTIONS)

override_dh_auto_install:
	dh_auto_install --destdir=debian/tmp -- $(COMMON_OPTIONS)
	# Remove the copy of the source that's installed - we have git
	# already...
	rm -rf debian/tmp/usr
	# And remove the extra removable-media copy of shim too, it's
	# not needed for our build and causes debhelper to complain
	rm -f debian/tmp/boot/efi/EFI/BOOT/BOOT*.EFI
	./debian/signing-template.generate

generate-gnu-efi:
	git -C gnu-efi archive --prefix=gnu-efi/ HEAD | xz -9 \
		> ../shim_$(plain_upstream_version).orig-gnu-efi.tar.xz
Commit	Line	Data
c86d9dac SL	1	#!/usr/bin/make -f
c86d9dac SL	2
aa19fc4d HG	3	include /usr/share/dpkg/architecture.mk
aa19fc4d HG	4
21ebe035 SL	5	# Other vendors, add your certs here. No sense in using
	6	# dpkg-vendor --derives-from, because only Canonical-generated binaries will
	7	# be signed with this key; so if you are building your own shim binary you
	8	# should be building the other binaries also.
	9	ifeq ($(shell dpkg-vendor --is ubuntu && echo yes),yes)
	10	cert=debian/canonical-uefi-ca.der
c3fa7299	11	distributor=ubuntu
e914483c	12	COMMON_OPTIONS ?= ENABLE_SHIM_CERT=1 ENABLE_SBSIGN=1
21ebe035 SL	13	else
21ebe035 SL	14	cert=debian/debian-uefi-ca.der
c3fa7299	15	distributor=debian
21ebe035 SL	16	endif
21ebe035 SL	17
9b014236 SM	18	deb_version := $(shell dpkg-parsechangelog \| sed -ne "s/^Version: \(.*\)/\1/p")
	19	upstream_version := $(shell echo $(deb_version) \| sed -e "s/-[^-]*$$//")
	20	plain_upstream_version := $(shell echo $(upstream_version) \| sed -e "s/+dfsg.*//")
2e0a83e1	21
55d55457	22	DBX_LIST = dbx.esl
55d55457	23	DBX_HASHES = debian/$(distributor)-dbx.hashes
2e0a83e1 SM	24	SBAT_IN = debian/sbat.$(distributor).csv.in
2e0a83e1 SM	25	SBAT_DATA = data/sbat.$(distributor).csv
6cf246a5	26
9bfbee89	27	include /usr/share/dpkg/architecture.mk
1d945f76	28
5d42729f MTL	29	ifeq ($(DEB_HOST_ARCH),amd64)
5d42729f MTL	30	export EFI_ARCH := x64
cebae05a SL	31	endif
cebae05a SL	32	ifeq ($(DEB_HOST_ARCH),arm64)
3802e1ad	33	export EFI_ARCH := aa64
5d42729f	34	endif
21efb35c SL	35	ifeq ($(DEB_HOST_ARCH),i386)
	36	export EFI_ARCH := ia32
	37	endif
5d42729f	38
e914483c	39	COMMON_OPTIONS += \
f42b58fc	40	RELEASE=15 \
371ed906	41	COMMIT_ID=888f5b544b7cce3cdae8074aa617b1d4add271a1 \
c3fa7299 MTL	42	MAKELEVEL=0 \
c3fa7299 MTL	43	EFI_PATH=/usr/lib \
f42b58fc	44	ENABLE_HTTPBOOT=true \
c3fa7299	45	VENDOR_CERT_FILE=$(cert) \
6cf246a5	46	VENDOR_DBX_FILE=$(DBX_LIST) \
c3fa7299	47	EFIDIR=$(distributor) \
aa19fc4d	48	CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- \
334e9afa	49	CC=$(DEB_HOST_GNU_TYPE)-gcc-10 \
c3fa7299 MTL	50	$(NULL)
c3fa7299 MTL	51
a4273971	52	$(DBX_LIST): $(DBX_HASHES)
de3def7f	53	./debian/generate_dbx_list $(EFI_ARCH) $< $@
6cf246a5	54
2e0a83e1 SM	55	$(SBAT_DATA): $(SBAT_IN)
	56	rm -f $@
	57	set -e; \
	58	sed -e "s/@DEB_VERSION@/$(deb_version)/g" \
	59	-e "s/@UPSTREAM_VERSION@/$(plain_upstream_version)/g" \
	60	< $(SBAT_IN) > $(SBAT_DATA)
	61	# If we have an empty $(SBAT_DATA), delete
	62	if [ ! -s $(SBAT_DATA) ]; then rm -f $(SBAT_DATA); fi
	63
c86d9dac	64	%:
f320bcac	65	dh $@
693c3089	66
62a4fa2d MTL	67	override_dh_auto_clean:
62a4fa2d MTL	68	dh_auto_clean -- MAKELEVEL=0
2e0a83e1	69	rm -f $(DBX_LIST) $(SBAT_DATA) sbat.*.csv
ee22d425	70
2e0a83e1	71	override_dh_auto_build: $(DBX_LIST) $(SBAT_DATA)
c3fa7299	72	dh_auto_build -- $(COMMON_OPTIONS)
21ebe035	73
f841331c	74	override_dh_auto_install:
c3fa7299	75	dh_auto_install --destdir=debian/tmp -- $(COMMON_OPTIONS)
bcc26d6d SM	76	# Remove the copy of the source that's installed - we have git
	77	# already...
	78	rm -rf debian/tmp/usr
	79	# And remove the extra removable-media copy of shim too, it's
	80	# not needed for our build and causes debhelper to complain
	81	rm -f debian/tmp/boot/efi/EFI/BOOT/BOOT*.EFI
f7add225	82	./debian/signing-template.generate
9b014236 SM	83
	84	generate-gnu-efi:
	85	git -C gnu-efi archive --prefix=gnu-efi/ HEAD \| xz -9 \
3139bb35	86	> ../shim_$(plain_upstream_version).orig-gnu-efi.tar.xz