From c9650486f6b63bfd02336d6b076d19e9b46f97df Mon Sep 17 00:00:00 2001
From: jinlun <jinlun@huawei.com>
Date: Fri, 22 Mar 2024 16:58:10 +0800
Subject: [PATCH] Interface for replacing the EFI signature

(cherry picked from commit 4f336add1a901d239d7e16bae7a6de767b1eb020)
---
 shim.spec | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/shim.spec b/shim.spec
index 37168ba..be999e9 100644
--- a/shim.spec
+++ b/shim.spec
@@ -25,7 +25,7 @@
 
 Name:	   	   shim
 Version:	   15.7
-Release:	   8
+Release:	   9
 Summary:	   First-stage UEFI bootloader
 ExclusiveArch:     x86_64 aarch64
 License:	   BSD
@@ -63,10 +63,6 @@ Patch9005:Feature-add-tpcm-support-with-ipmi-channel.patch
 
 BuildRequires: elfutils-libelf-devel openssl-devel openssl git pesign gnu-efi gnu-efi-devel gcc vim-common efivar-devel
 
-%if 0%{?openEuler_sign_rsa}
-BuildRequires: sign-openEuler
-%endif
-
 %ifarch aarch64
 BuildRequires: binutils >= 2.37-7
 %endif
@@ -124,10 +120,12 @@ cd ..
 
 %if 0%{?openEuler_sign_rsa}
 echo "start sign"
-
-/opt/sign-openEuler/client --config /opt/sign-openEuler/config.toml add --key-name default-x509ee --file-type efi-image --key-type x509ee --sign-type authenticode %{_builddir}/shim-%{version}/build-%{efi_arch}/shim%{efi_arch}.efi
-/opt/sign-openEuler/client --config /opt/sign-openEuler/config.toml add --key-name default-x509ee --file-type efi-image --key-type x509ee --sign-type authenticode %{_builddir}/shim-%{version}/build-%{efi_arch}/fb%{efi_arch}.efi
-/opt/sign-openEuler/client --config /opt/sign-openEuler/config.toml add --key-name default-x509ee --file-type efi-image --key-type x509ee --sign-type authenticode %{_builddir}/shim-%{version}/build-%{efi_arch}/mm%{efi_arch}.efi
+sh /usr/lib/rpm/brp-ebs-sign --efi %{_builddir}/shim-%{version}/build-%{efi_arch}/shim%{efi_arch}.efi
+sh /usr/lib/rpm/brp-ebs-sign --efi %{_builddir}/shim-%{version}/build-%{efi_arch}/fb%{efi_arch}.efi
+sh /usr/lib/rpm/brp-ebs-sign --efi %{_builddir}/shim-%{version}/build-%{efi_arch}/mm%{efi_arch}.efi
+mv %{_builddir}/shim-%{version}/build-%{efi_arch}/shim%{efi_arch}.efi.sig %{_builddir}/shim-%{version}/build-%{efi_arch}/shim%{efi_arch}.efi
+mv %{_builddir}/shim-%{version}/build-%{efi_arch}/fb%{efi_arch}.efi.sig %{_builddir}/shim-%{version}/build-%{efi_arch}/fb%{efi_arch}.efi
+mv %{_builddir}/shim-%{version}/build-%{efi_arch}/mm%{efi_arch}.efi.sig %{_builddir}/shim-%{version}/build-%{efi_arch}/mm%{efi_arch}.efi
 %endif
 
 %install
@@ -187,6 +185,9 @@ make test
 /usr/src/debug/%{name}-%{version}-%{release}/*
 
 %changelog
+* Mon Apr 1 2024 jinlun <jinlun@huawei.com> - 15.7-9
+- Interface for replacing the EFI signature
+
 * Mon Mar 25 2024 yixiangzhike <yixiangzhike007@163.com> - 15.7-8
 - backport patch from upstream
 
-- 
Gitee