File ovmf.spec of Package ovmf
#
# spec file for package ovmf
#
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# needssslcertforbuild
%undefine _build_create_debug
%define openssl_version 1.0.2h
Name: ovmf
Url: http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=EDK2
Summary: Open Virtual Machine Firmware
License: BSD-2-Clause
Group: System/Emulators/PC
Version: 2015+git1462940744.321151f
Release: 0
Source0: %{name}-%{version}.tar.xz
Source1: https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz
Source111: https://www.openssl.org/source/openssl-%{openssl_version}.tar.gz.asc
Source112: openssl.keyring
Source2: README
Source3: SLES-UEFI-CA-Certificate-2048.crt
Source4: SLES-UEFI-SIGN-Certificate-2048.crt
Source5: MicCorKEKCA2011_2011-06-24.crt
Source6: MicCorUEFCA2011_2011-06-27.crt
Source7: openSUSE-UEFI-CA-Certificate-2048.crt
Source8: openSUSE-UEFI-SIGN-Certificate-2048.crt
Source9: openSUSE-UEFI-CA-Certificate-4096.crt
Source10: openSUSE-UEFI-SIGN-Certificate-4096.crt
Source11: http://www.uefi.org/sites/default/files/resources/dbxupdate.zip
Source12: strip_authinfo.pl
Source13: MicWinProPCA2011_2011-10-19.crt
Source100: %{name}-rpmlintrc
Source101: gdb_uefi.py.in
Patch2: %{name}-embed-default-keys.patch
Patch3: %{name}-gdb-symbols.patch
Patch4: ArmVirtPkg-Enable-PCI-bus-probing-again.patch
Patch5: %{name}-dxe-10mb.patch
Patch6: %{name}-bsc976253-postpone-shell.patch
Patch7: %{name}-bsc980635-fix-http-crash.patch
Patch8: %{name}-bsc982193-dont-restore-readonly-var.patch
Patch9: %{name}-bsc982193-connect-xen-drivers.patch
# NOTE: edk2 retired NO_BUILTIN_VA_FUNCS right after the 1.0.2h patch, so the
# following commits may be necessary for the next openssl update:
# b2dc04a87fab89307240dc0f30b9a23bb5726c81 CryptoPkg: set new define to avoid MS ABI VA_LIST on GCC/X64
# 48d5f9a551a93acb45f272dda879b0ab5a504e36 MdePkg: Enable new MS VA intrinsics for GNUC x86 64bits build
# 0676c285ba518ae81ca7f06278d4cc4958660864 EdkCompatibilityPkg: Enable new MS VA intrinsics for GNUC x86 64bits build
# 247093f45d94a3956cdd15c357fe7d6dca878df9 BaseTools/tools_def: enable Os optimization for GCC X64 builds
# 17ab1ec5accc866b77446f4e336e982bb5e1cc9f MdePkg CryptoPkg EdkCompatibilityPkg: retire NO_BUILTIN_VA_FUNCS define
Patch10: %{name}-bsc990612-update-openssl-1.0.2h.patch
Patch11: %{name}-bsc990773-remove-stale-boot-options.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: fdupes
BuildRequires: gcc
BuildRequires: gcc-c++
BuildRequires: libuuid-devel
BuildRequires: python
%ifnarch aarch64 %arm
BuildRequires: iasl
BuildRequires: nasm
%endif
%ifarch x86_64
BuildRequires: openssl
BuildRequires: unzip
%if 0%{?suse_version}
BuildRequires: vim-base
%else
BuildRequires: vim-common
%endif
%endif
ExclusiveArch: %ix86 x86_64 aarch64 %arm
%description
The Open Virtual Machine Firmware (OVMF) project aims to support
firmware for Virtual Machines using the edk2 code base.
%package tools
Summary: The BaseTools from edk2
Group: System/Emulators/PC
%description tools
The Open Virtual Machine Firmware (OVMF) project aims to support
firmware for Virtual Machines using the edk2 code base.
This package contains the tools from edk2.
%ifarch %ix86
%package -n qemu-ovmf-ia32
Summary: Open Virtual Machine Firmware - QEMU rom images (IA32)
Group: System/Emulators/PC
BuildArch: noarch
Requires: qemu
%description -n qemu-ovmf-ia32
The Open Virtual Machine Firmware (OVMF) project aims to support
firmware for Virtual Machines using the edk2 code base.
This package contains UEFI rom images for exercising UEFI secure
boot in a qemu environment (IA32)
%endif
%ifarch x86_64
%package -n qemu-ovmf-x86_64
Summary: Open Virtual Machine Firmware - QEMU rom images (x86_64)
Group: System/Emulators/PC
BuildArch: noarch
Requires: qemu
%description -n qemu-ovmf-x86_64
The Open Virtual Machine Firmware (OVMF) project aims to support
firmware for Virtual Machines using the edk2 code base.
This package contains UEFI rom images for exercising UEFI secure
boot in a qemu environment (x86_64)
%package -n qemu-ovmf-x86_64-debug
Summary: Open Virtual Machine Firmware - debug symbols (x86_64)
Group: Development/Debug
Requires: qemu
%description -n qemu-ovmf-x86_64-debug
The Open Virtual Machine Firmware (OVMF) project aims to support
firmware for Virtual Machines using the edk2 code base.
This package contains the debug symbols for UEFI rom images (x86_64)
%endif
%ifarch aarch64
%package -n qemu-uefi-aarch64
Summary: UEFI QEMU rom image (AArch64)
Group: System/Emulators/PC
BuildArch: noarch
%description -n qemu-uefi-aarch64
This package contains the UEFI rom image (AArch64) for QEMU cortex-a57
virt board.
%endif
%ifarch %arm
%package -n qemu-uefi-aarch32
Summary: UEFI QEMU rom image (AArch32)
Group: System/Emulators/PC
BuildArch: noarch
%description -n qemu-uefi-aarch32
This package contains the UEFI rom image (AArch32) for QEMU cortex-a15
virt board.
%endif
%prep
%setup -q -n %{name}-%{version}
%setup -T -D -n %{name}-%{version}/CryptoPkg/Library/OpensslLib -a 1
%setup -T -D -n %{name}-%{version}
# bsc#973038 Remove the packages we don't need to avoid any potential
# license issue.
PKG_TO_REMOVE="AppPkg DuetPkg CorebootModulePkg CorebootPayloadPkg \
EmulatorPkg Nt32Pkg Omap35xxPkg QuarkPlatformPkg QuarkSocPkg StdLib \
StdLibPrivateInternalFiles UnixPkg Vlv2DeviceRefCodePkg Vlv2TbltDevicePkg"
rm -rf $PKG_TO_REMOVE
%ifarch x86_64
%patch2 -p1
%endif
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
# Intel has special patches for openssl
pushd CryptoPkg/Library/OpensslLib/openssl-%{openssl_version}
patch -p1 -i ../EDKII_openssl-%{openssl_version}.patch
popd
%build
pushd CryptoPkg/Library/OpensslLib/
./Install.sh
popd
OVMF_FLAGS="-D FD_SIZE_2MB -D SECURE_BOOT_ENABLE -D NETWORK_IP6_ENABLE -D HTTP_BOOT_ENABLE"
%if 0%{?suse_version} > 1320
TOOL_CHAIN_TAG=GCC49
%else
echo `gcc -dumpversion`
TOOL_CHAIN_TAG=GCC$(gcc -dumpversion|sed 's/\([0-9]\)\.\([0-9]\).*/\1\2/')
%endif
%ifarch %ix86
BUILD_OPTIONS="$OVMF_FLAGS -a IA32 -p OvmfPkg/OvmfPkgIa32.dsc -b DEBUG -t $TOOL_CHAIN_TAG"
make -C BaseTools
%else
%ifarch x86_64
BUILD_OPTIONS="$OVMF_FLAGS -a X64 -p OvmfPkg/OvmfPkgX64.dsc -b DEBUG -t $TOOL_CHAIN_TAG"
make -C BaseTools
%else
%ifarch aarch64
BUILD_OPTIONS="-D SECURE_BOOT_ENABLE -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc -b RELEASE -t $TOOL_CHAIN_TAG"
ARCH=AARCH64 make -C BaseTools
%else
%ifarch %arm
BUILD_OPTIONS="-a ARM -p ArmVirtPkg/ArmVirtQemu.dsc -b RELEASE -t $TOOL_CHAIN_TAG"
ARCH=ARM make -C BaseTools
%else
echo "ERROR: unsupported architecture"
false
%endif #arm
%endif #aarch64
%endif #x86_64
%endif #ix86
. ./edksetup.sh
# Build the UEFI image
build $BUILD_OPTIONS
%ifarch %ix86
cp Build/OvmfIa32/DEBUG_*/FV/OVMF.fd ovmf-ia32.bin
cp Build/OvmfIa32/DEBUG_*/FV/OVMF_CODE.fd ovmf-ia32-code.bin
cp Build/OvmfIa32/DEBUG_*/FV/OVMF_VARS.fd ovmf-ia32-vars.bin
%else
%ifarch x86_64
collect_debug_files()
{
target="$1"
out_dir="debug/$target"
abs_path="`pwd`/$out_dir/"
source_path="`pwd`"
gdb_src_path="/usr/src/debug/ovmf-x86_64"
# copy the debug symbols
mkdir -p $out_dir
pushd Build/OvmfX64/DEBUG_GCC*/X64/
find . -mindepth 2 -type f -name "*.debug" -exec cp --parents -a {} $abs_path \;
cp --parents -a DebugPkg/GdbSyms/GdbSyms/DEBUG/GdbSyms.dll $abs_path
build_path=`pwd`
popd
# Change the path in the python gdb script
sed "s:__BUILD_PATH__:$build_path:;s:__SOURCE_PATH__:$source_path:;s:__GDB_SRC_PATH__:$gdb_src_path:;s/__FLAVOR__/$target/" \
%{SOURCE101} > gdb_uefi-$target.py
}
cp Build/OvmfX64/DEBUG_*/FV/OVMF.fd ovmf-x86_64.bin
cp Build/OvmfX64/DEBUG_*/FV/OVMF_CODE.fd ovmf-x86_64-code.bin
cp Build/OvmfX64/DEBUG_*/FV/OVMF_VARS.fd ovmf-x86_64-vars.bin
# Collect the debug files
collect_debug_files ovmf-x86_64
# Collect the source
mkdir -p source/ovmf-x86_64
# TODO get the source list from debug files
src_list=`find Build/OvmfX64/DEBUG_GCC*/X64/ -mindepth 1 -maxdepth 1 -type d -exec basename {} \;`
find $src_list \( -name "*.c" -o -name "*.h" \) -type f -exec cp --parents -a {} source/ovmf-x86_64 \;
build_with_keys()
{
suffix="$1"
xxd -i Default_PK > SecurityPkg/Library/AuthVariableLib/Default_PK.h
xxd -i Default_KEK > SecurityPkg/Library/AuthVariableLib/Default_KEK.h
xxd -i Default_DB > SecurityPkg/Library/AuthVariableLib/Default_DB.h
if [ -e Default_DB_EX ]; then
xxd -i Default_DB_EX > SecurityPkg/Library/AuthVariableLib/Default_DB_EX.h
fi
if [ -e Default_DBX ]; then
xxd -i Default_DBX > SecurityPkg/Library/AuthVariableLib/Default_DBX.h
fi
build $BUILD_OPTIONS
cp Build/OvmfX64/DEBUG_*/FV/OVMF.fd ovmf-x86_64-$suffix.bin
cp Build/OvmfX64/DEBUG_*/FV/OVMF_CODE.fd ovmf-x86_64-$suffix-code.bin
cp Build/OvmfX64/DEBUG_*/FV/OVMF_VARS.fd ovmf-x86_64-$suffix-vars.bin
collect_debug_files ovmf-x86_64-$suffix
}
# OVMF with SUSE keys
openssl x509 -in %{SOURCE3} -outform DER > Default_PK
openssl x509 -in %{SOURCE3} -outform DER > Default_KEK
openssl x509 -in %{SOURCE4} -outform DER > Default_DB
build_with_keys suse
#unpack the UEFI revocation list
unzip %{SOURCE11}
# OVMF with MS keys
cat %{SOURCE5} > Default_PK
cat %{SOURCE5} > Default_KEK
cat %{SOURCE6} > Default_DB
cat %{SOURCE13} > Default_DB_EX
chmod 755 %{SOURCE12}
%{SOURCE12} dbxupdate.bin Default_DBX
build_with_keys ms
rm -f Default_DBX
# OVMF with openSUSE keys
openssl x509 -in %{SOURCE7} -outform DER > Default_PK
openssl x509 -in %{SOURCE7} -outform DER > Default_KEK
openssl x509 -in %{SOURCE8} -outform DER > Default_DB
build_with_keys opensuse
# OVMF with openSUSE keys (4096 bit CA)
openssl x509 -in %{SOURCE9} -outform DER > Default_PK
openssl x509 -in %{SOURCE9} -outform DER > Default_KEK
openssl x509 -in %{SOURCE10} -outform DER > Default_DB
build_with_keys opensuse-4096
if [ -e %{_sourcedir}/_projectcert.crt ]; then
prjissuer=$(openssl x509 -in %{_sourcedir}/_projectcert.crt -noout -issuer_hash)
opensusesubject=$(openssl x509 -in %{SOURCE7} -noout -subject_hash)
slessubject=$(openssl x509 -in %{SOURCE3} -noout -subject_hash)
if [ "$prjissuer" != "$opensusesubject" -a "$prjissuer" != "$slessubject" ]; then
openssl x509 -in %{_sourcedir}/_projectcert.crt -outform DER > Default_PK
openssl x509 -in %{_sourcedir}/_projectcert.crt -outform DER > Default_KEK
openssl x509 -in %{_sourcedir}/_projectcert.crt -outform DER > Default_DB
build_with_keys devel
fi
fi
%else
%ifarch aarch64
cp Build/ArmVirtQemu-AARCH64/RELEASE_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch64.bin
dd of="aavmf-aarch64-code.bin" if="/dev/zero" bs=1M count=64
dd of="aavmf-aarch64-code.bin" if="qemu-uefi-aarch64.bin" conv=notrunc
dd of="aavmf-aarch64-vars.bin" if="/dev/zero" bs=1M count=64
%else
%ifarch %arm
cp Build/ArmVirtQemu-ARM/RELEASE_GCC*/FV/QEMU_EFI.fd qemu-uefi-aarch32.bin
%endif #arm
%endif #aarch64
%endif #x86_64
%endif #ix86
%install
rm -rf %{buildroot}
cp %{SOURCE2} README
tr -d '\r' < FatPkg/License.txt > License-fat-driver.txt
# Install BaseTools
install -d %{buildroot}/%{_bindir}
install -m 0755 --strip BaseTools/Source/C/bin/EfiRom %{buildroot}/%{_bindir}
%ifarch %ix86
tr -d '\r' < OvmfPkg/License.txt > License.txt
install -m 0644 -D ovmf-ia32.bin %{buildroot}/%{_datadir}/qemu/ovmf-ia32.bin
install -m 0644 -D ovmf-ia32-code.bin %{buildroot}/%{_datadir}/qemu/ovmf-ia32-code.bin
install -m 0644 -D ovmf-ia32-vars.bin %{buildroot}/%{_datadir}/qemu/ovmf-ia32-vars.bin
%else
%ifarch x86_64
tr -d '\r' < OvmfPkg/License.txt > License.txt
install -m 0644 -D ovmf-x86_64.bin %{buildroot}/%{_datadir}/qemu/ovmf-x86_64.bin
install -m 0644 ovmf-x86_64-*.bin %{buildroot}/%{_datadir}/qemu/
%fdupes %{buildroot}/%{_datadir}/qemu/
# Install debug symbols, gdb-uefi.py
install -d %{buildroot}/%{_datadir}/ovmf-x86_64/
install -m 0644 gdb_uefi-*.py %{buildroot}/%{_datadir}/ovmf-x86_64/
mkdir -p %{buildroot}/usr/lib/debug
mv debug/ovmf-x86_64* %{buildroot}/usr/lib/debug
%fdupes %{buildroot}/usr/lib/debug/ovmf-x86_64*
mkdir -p %{buildroot}/usr/src/debug
mv source/ovmf-x86_64* %{buildroot}/usr/src/debug
%fdupes -s %{buildroot}/usr/src/debug/ovmf-x86_64
%else
%ifarch aarch64
tr -d '\r' < ArmPlatformPkg/License.txt > License.txt
install -m 0644 -D qemu-uefi-aarch64.bin %{buildroot}/%{_datadir}/qemu/qemu-uefi-aarch64.bin
install -m 0644 -D aavmf-aarch64-code.bin %{buildroot}/%{_datadir}/qemu/aavmf-aarch64-code.bin
install -m 0644 -D aavmf-aarch64-vars.bin %{buildroot}/%{_datadir}/qemu/aavmf-aarch64-vars.bin
%else
%ifarch %arm
tr -d '\r' < ArmPlatformPkg/License.txt > License.txt
install -m 0644 -D qemu-uefi-aarch32.bin %{buildroot}/%{_datadir}/qemu/qemu-uefi-aarch32.bin
%endif #arm
%endif #aarch64
%endif #x86_64
%endif #ix86
%files
%defattr(-,root,root)
%doc README
%files tools
%defattr(-,root,root)
%doc BaseTools/UserManuals/EfiRom_Utility_Man_Page.rtf
%{_bindir}/EfiRom
%ifarch %ix86
%files -n qemu-ovmf-ia32
%defattr(-,root,root)
%doc License.txt License-fat-driver.txt
%dir %{_datadir}/qemu/
%{_datadir}/qemu/ovmf-ia32*.bin
%endif
%ifarch x86_64
%files -n qemu-ovmf-x86_64
%defattr(-,root,root)
%doc License.txt License-fat-driver.txt
%dir %{_datadir}/qemu/
%{_datadir}/qemu/ovmf-x86_64*.bin
%files -n qemu-ovmf-x86_64-debug
%defattr(-,root,root)
%{_datadir}/ovmf-x86_64/
%dir /usr/lib/debug/
/usr/lib/debug/ovmf-x86_64*
%dir /usr/src/debug/
/usr/src/debug/ovmf-x86_64*
%endif
%ifarch aarch64
%files -n qemu-uefi-aarch64
%defattr(-,root,root)
%doc License.txt License-fat-driver.txt
%dir %{_datadir}/qemu/
%{_datadir}/qemu/qemu-uefi-aarch64.bin
%{_datadir}/qemu/aavmf-aarch64-code.bin
%{_datadir}/qemu/aavmf-aarch64-vars.bin
%endif
%ifarch %arm
%files -n qemu-uefi-aarch32
%defattr(-,root,root)
%doc License.txt License-fat-driver.txt
%dir %{_datadir}/qemu/
%{_datadir}/qemu/qemu-uefi-aarch32.bin
%endif
%changelog
