* Switch to using gcc-10 rather than gcc-9. Closes: #978521
* Add dbx entries for all our existing grub binaries
+ They're insecure, let's break the chainloading hole.
+ * Add Debian SBAT data
+ + Add a Debian SBAT template, and rules to use it
+ + Adds a build-dep on dos2unix
-- Steve McIntyre <93sam@debian.org> Sun, 21 Feb 2021 13:50:16 +0100
distributor=debian
endif
+deb_version := $(shell dpkg-parsechangelog | sed -ne "s/^Version: \(.*\)/\1/p")
+
DBX_LIST = dbx.esl
DBX_HASHES = debian/$(distributor)-dbx.hashes
+SBAT_IN = debian/sbat.$(distributor).csv.in
+SBAT_DATA = data/sbat.$(distributor).csv
include /usr/share/dpkg/architecture.mk
# Support an empty $(DBX_HASHES)
touch $@
+$(SBAT_DATA): $(SBAT_IN)
+ rm -f $@
+ set -e; \
+ sed -e "s/@DEB_VERSION@/$(deb_version)/g" \
+ -e "s/@UPSTREAM_VERSION@/$(plain_upstream_version)/g" \
+ < $(SBAT_IN) > $(SBAT_DATA)
+ # If we have an empty $(SBAT_DATA), delete
+ if [ ! -s $(SBAT_DATA) ]; then rm -f $(SBAT_DATA); fi
+
%:
dh $@
override_dh_auto_clean:
dh_auto_clean -- MAKELEVEL=0
- rm -f $(DBX_LIST)
+ rm -f $(DBX_LIST) $(SBAT_DATA) sbat.*.csv
-override_dh_auto_build: $(DBX_LIST)
+override_dh_auto_build: $(DBX_LIST) $(SBAT_DATA)
dh_auto_build -- $(COMMON_OPTIONS)
override_dh_auto_install:
--- /dev/null
+shim.debian,1,Debian,shim,@DEB_VERSION@,https://tracker.debian.org/pkg/shim
projects / efi-boot-shim.git / commitdiff