3 include /usr
/share
/dpkg
/architecture.mk
5 # Other vendors, add your certs here. No sense in using
6 # dpkg-vendor --derives-from, because only Canonical-generated binaries will
7 # be signed with this key; so if you are building your own shim binary you
8 # should be building the other binaries also.
9 ifeq ($(shell dpkg-vendor
--is ubuntu
&& echo yes
),yes
)
10 cert
=debian
/canonical-uefi-ca.der
12 COMMON_OPTIONS ?
= ENABLE_SHIM_CERT
=1 ENABLE_SBSIGN
=1
14 cert
=debian
/debian-uefi-ca.der
19 DBX_HASHES
= debian
/$(distributor
)-dbx.hashes
21 include /usr
/share
/dpkg
/architecture.mk
23 ifeq ($(DEB_HOST_ARCH
),amd64
)
24 export EFI_ARCH
:= x64
26 ifeq ($(DEB_HOST_ARCH
),arm64
)
27 export EFI_ARCH
:= aa64
29 ifeq ($(DEB_HOST_ARCH
),i386
)
30 export EFI_ARCH
:= ia32
35 COMMIT_ID
=888f5b544b7cce3cdae8074aa617b1d4add271a1 \
38 ENABLE_HTTPBOOT
=true \
39 VENDOR_CERT_FILE
=$(cert
) \
40 VENDOR_DBX_FILE
=$(DBX_LIST
) \
41 EFIDIR
=$(distributor
) \
42 CROSS_COMPILE
=$(DEB_HOST_GNU_TYPE
)- \
43 CC
=$(DEB_HOST_GNU_TYPE
)-gcc-10 \
46 $(DBX_LIST
): $(DBX_HASHES
)
49 for HASH in
$$(grep
-E
[[:xdigit
:]]{32} $< |
sort | uniq
); do \
50 echo efisiglist
-o
$@
-a
-h
$$HASH; \
51 efisiglist
-o
$@
-a
-h
$$HASH; \
53 # Support an empty $(DBX_HASHES)
59 override_dh_auto_clean
:
60 dh_auto_clean
-- MAKELEVEL
=0
63 override_dh_auto_build
: $(DBX_LIST
)
64 dh_auto_build
-- $(COMMON_OPTIONS
)
66 override_dh_auto_install
:
67 dh_auto_install
--destdir
=debian
/tmp
-- $(COMMON_OPTIONS
)
68 # Remove the copy of the source that's installed - we have git
71 # And remove the extra removable-media copy of shim too, it's
72 # not needed for our build and causes debhelper to complain
73 rm -f debian
/tmp
/boot
/efi
/EFI
/BOOT
/BOOT
*.EFI
74 .
/debian
/signing-template.generate