debian/rules

   1 #!/usr/bin/make -f
   2
   3 include /usr/share/dpkg/architecture.mk
   4
   5 # Other vendors, add your certs here.  No sense in using
   6 # dpkg-vendor --derives-from, because only Canonical-generated binaries will
   7 # be signed with this key; so if you are building your own shim binary you
   8 # should be building the other binaries also.
   9 ifeq ($(shell dpkg-vendor --is ubuntu && echo yes),yes)
  10         cert=debian/canonical-uefi-ca.der
  11         distributor=ubuntu
  12 COMMON_OPTIONS ?= ENABLE_SHIM_CERT=1 ENABLE_SBSIGN=1
  13 else
  14         cert=debian/debian-uefi-ca.der
  15         distributor=debian
  16 endif
  17
  18 DBX_LIST = dbx.esl
  19 DBX_HASHES = debian/$(distributor)-dbx.hashes
  20
  21 include /usr/share/dpkg/architecture.mk
  22
  23 ifeq ($(DEB_HOST_ARCH),amd64)
  24 export EFI_ARCH := x64
  25 endif
  26 ifeq ($(DEB_HOST_ARCH),arm64)
  27 export EFI_ARCH := aa64
  28 endif
  29 ifeq ($(DEB_HOST_ARCH),i386)
  30 export EFI_ARCH := ia32
  31 endif
  32
  33 COMMON_OPTIONS += \
  34         RELEASE=15 \
  35         COMMIT_ID=888f5b544b7cce3cdae8074aa617b1d4add271a1 \
  36         MAKELEVEL=0 \
  37         EFI_PATH=/usr/lib \
  38         ENABLE_HTTPBOOT=true \
  39         VENDOR_CERT_FILE=$(cert) \
  40         VENDOR_DBX_FILE=$(DBX_LIST) \
  41         EFIDIR=$(distributor) \
  42         CROSS_COMPILE=$(DEB_HOST_GNU_TYPE)- \
  43         CC=$(DEB_HOST_GNU_TYPE)-gcc-10 \
  44         $(NULL)
  45
  46 $(DBX_LIST): $(DBX_HASHES)
  47         rm -f $@
  48         set -e; \
  49         for HASH in $$(grep -E [[:xdigit:]]{32} $< | sort | uniq); do \
  50             echo efisiglist -o $@ -a -h $$HASH; \
  51             efisiglist -o $@ -a -h $$HASH; \
  52         done
  53         # Support an empty $(DBX_HASHES)
  54         touch $@
  55
  56 %:
  57         dh $@
  58
  59 override_dh_auto_clean:
  60         dh_auto_clean -- MAKELEVEL=0
  61         rm -f $(DBX_LIST)
  62
  63 override_dh_auto_build: $(DBX_LIST)
  64         dh_auto_build -- $(COMMON_OPTIONS)
  65
  66 override_dh_auto_install:
  67         dh_auto_install --destdir=debian/tmp -- $(COMMON_OPTIONS)
  68         # Remove the copy of the source that's installed - we have git
  69         # already...
  70         rm -rf debian/tmp/usr
  71         # And remove the extra removable-media copy of shim too, it's
  72         # not needed for our build and causes debhelper to complain
  73         rm -f debian/tmp/boot/efi/EFI/BOOT/BOOT*.EFI
  74         ./debian/signing-template.generate