3 include /usr
/share
/dpkg
/architecture.mk
5 # Other vendors, add your certs here. No sense in using
6 # dpkg-vendor --derives-from, because only Canonical-generated binaries will
7 # be signed with this key; so if you are building your own shim binary you
8 # should be building the other binaries also.
9 ifeq ($(shell dpkg-vendor
--is ubuntu
&& echo yes
),yes
)
10 cert
=debian
/canonical-uefi-ca.der
12 COMMON_OPTIONS ?
= ENABLE_SHIM_CERT
=1 ENABLE_SBSIGN
=1
14 cert
=debian
/debian-uefi-ca.der
18 deb_version
:= $(shell dpkg-parsechangelog | sed
-ne
"s/^Version: \(.*\)/\1/p")
21 DBX_HASHES
= debian
/$(distributor
)-dbx.hashes
22 SBAT_IN
= debian
/sbat.
$(distributor
).csv.in
23 SBAT_DATA
= data
/sbat.
$(distributor
).csv
25 include /usr
/share
/dpkg
/architecture.mk
27 ifeq ($(DEB_HOST_ARCH
),amd64
)
28 export EFI_ARCH
:= x64
30 ifeq ($(DEB_HOST_ARCH
),arm64
)
31 export EFI_ARCH
:= aa64
33 ifeq ($(DEB_HOST_ARCH
),i386
)
34 export EFI_ARCH
:= ia32
39 COMMIT_ID
=888f5b544b7cce3cdae8074aa617b1d4add271a1 \
42 ENABLE_HTTPBOOT
=true \
43 VENDOR_CERT_FILE
=$(cert
) \
44 VENDOR_DBX_FILE
=$(DBX_LIST
) \
45 EFIDIR
=$(distributor
) \
46 CROSS_COMPILE
=$(DEB_HOST_GNU_TYPE
)- \
47 CC
=$(DEB_HOST_GNU_TYPE
)-gcc-10 \
50 $(DBX_LIST
): $(DBX_HASHES
)
53 for HASH in
$$(grep
-E
[[:xdigit
:]]{32} $< |
sort | uniq
); do \
54 echo efisiglist
-o
$@
-a
-h
$$HASH; \
55 efisiglist
-o
$@
-a
-h
$$HASH; \
57 # Support an empty $(DBX_HASHES)
60 $(SBAT_DATA
): $(SBAT_IN
)
63 sed
-e
"s/@DEB_VERSION@/$(deb_version)/g" \
64 -e
"s/@UPSTREAM_VERSION@/$(plain_upstream_version)/g" \
65 < $(SBAT_IN
) > $(SBAT_DATA
)
66 # If we have an empty $(SBAT_DATA), delete
67 if
[ ! -s
$(SBAT_DATA
) ]; then
rm -f
$(SBAT_DATA
); fi
72 override_dh_auto_clean
:
73 dh_auto_clean
-- MAKELEVEL
=0
74 rm -f
$(DBX_LIST
) $(SBAT_DATA
) sbat.
*.csv
76 override_dh_auto_build
: $(DBX_LIST
) $(SBAT_DATA
)
77 dh_auto_build
-- $(COMMON_OPTIONS
)
79 override_dh_auto_install
:
80 dh_auto_install
--destdir
=debian
/tmp
-- $(COMMON_OPTIONS
)
81 # Remove the copy of the source that's installed - we have git
84 # And remove the extra removable-media copy of shim too, it's
85 # not needed for our build and causes debhelper to complain
86 rm -f debian
/tmp
/boot
/efi
/EFI
/BOOT
/BOOT
*.EFI
87 .
/debian
/signing-template.generate