From 9853d9e248de3095d2febd841267908187e407ff Mon Sep 17 00:00:00 2001 From: Qin Fandong Date: Wed, 13 Aug 2025 16:30:22 +0800 Subject: [PATCH] Add shim to dnf protected packages list --- shim.conf | 1 + shim.spec | 11 ++++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) create mode 100644 shim.conf diff --git a/shim.conf b/shim.conf new file mode 100644 index 0000000..39cc4ff --- /dev/null +++ b/shim.conf @@ -0,0 +1 @@ +shim diff --git a/shim.spec b/shim.spec index 9b02edf..b169460 100644 --- a/shim.spec +++ b/shim.spec @@ -25,7 +25,7 @@ Name: shim Version: 15.6 -Release: 25 +Release: 26 Summary: First-stage UEFI bootloader ExclusiveArch: x86_64 aarch64 License: BSD @@ -34,6 +34,7 @@ Source0: https://github.com/rhboot/shim/releases/download/%{version}/shim-%{v Source1: BOOTAA64.CSV Source2: BOOTX64.CSV Source3: default-x509ca.der +Source4: shim.conf Patch1:backport-CVE-2017-3735.patch Patch2:backport-CVE-2017-3737.patch @@ -207,6 +208,10 @@ install -m 644 fb%{efi_arch}.efi.debug ${RPM_BUILD_ROOT}/usr/lib/debug/%{shimefi install -m 644 mm%{efi_arch}.efi.debug ${RPM_BUILD_ROOT}/usr/lib/debug/%{shimefivendor} install -m 644 shim%{efi_arch}.efi.debug ${RPM_BUILD_ROOT}/usr/lib/debug/%{shimefivendor} +# install dnf protection config +install -d $RPM_BUILD_ROOT%{_sysconfdir}/dnf/protected.d/ +install -m 0644 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/dnf/protected.d/ + cd .. %check @@ -220,6 +225,7 @@ make test %{shimefivendor}/%{bootcsv} %{shimefivendor}/*.efi %{shimefivendor}/*.hash +%{_sysconfdir}/dnf/protected.d/shim.conf %files debuginfo %defattr(-,root,root,-) @@ -232,6 +238,9 @@ make test /usr/src/debug/%{name}-%{version}-%{release}/* %changelog +* Thu Jul 31 2025 Qin Fandong - 15.6-26 +- Add shim to dnf protected packages list + * Tue Feb 11 2025 fuanan -15.6-25 - fix the issue that the gBS->LoadImage pointer was empty. -- Gitee