From: "Joonas Niilola" <juippis@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Subject: [gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2-ovmf/
Date: Sun, 4 Aug 2024 07:44:08 +0000 (UTC) [thread overview]
Message-ID: <1722757444.cda2fe4a323784b9be9b5a5d22469aa921ca97a1.juippis@gentoo> (raw)
commit: cda2fe4a323784b9be9b5a5d22469aa921ca97a1
Author: Takaki Suzuki <takaki-s <AT> users <DOT> noreply <DOT> github <DOT> com>
AuthorDate: Wed Jul 24 13:59:43 2024 +0000
Commit: Joonas Niilola <juippis <AT> gentoo <DOT> org>
CommitDate: Sun Aug 4 07:44:04 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cda2fe4a
sys-firmware/edk2-ovmf: add 202405
Signed-off-by: Takaki Suzuki <takaki-s <AT> users.noreply.github.com>
Closes: https://github.com/gentoo/gentoo/pull/37704
Signed-off-by: Joonas Niilola <juippis <AT> gentoo.org>
sys-firmware/edk2-ovmf/Manifest | 5 +
sys-firmware/edk2-ovmf/edk2-ovmf-202405.ebuild | 169 +++++++++++++++++++++++++
2 files changed, 174 insertions(+)
diff --git a/sys-firmware/edk2-ovmf/Manifest b/sys-firmware/edk2-ovmf/Manifest
index 91c1fe2e832c..ee6f263902a0 100644
--- a/sys-firmware/edk2-ovmf/Manifest
+++ b/sys-firmware/edk2-ovmf/Manifest
@@ -5,5 +5,10 @@ DIST edk2-ovmf-202105-r1-bin.tar.xz 2633188 BLAKE2B 93b4bd1c75da69406b5d27ac32d8
DIST edk2-ovmf-202105.tar.gz 13702868 BLAKE2B 3ec01d467562380ca2fd3bd807d2f6c55e4637c1afd71533f8f5b22cc634dc4c8cb63dab921677f8b315d17b3c9d0b6b00a0e2f3f8da61107033e9e81bf5a64d SHA512 c263345cbb243c63985f974a61f37c577a139d6a7099d2b8c9e1a553e5ebf16de12fb711b72624081c6bf637f8084bbf71731ab99e5747d81da460388ac25791
DIST edk2-ovmf-202202-qemu-firmware.tar.xz 664 BLAKE2B 1aa4e25804ce0f3c967c80999315de24eaef6682e42dddd81c274ce4603ec3d15186de752de49e2527c6bd5517080c002a357ed6bc389b5afd6f7a4d93edeb44 SHA512 f9a29212274a99796784673d873e0eee7d3e2a5cf9e63192453841ee3a4ef4b813c7b2357fc7000f39c71ed6c66636daab772abb51d3972a2a56ade8a4c68faf
DIST edk2-ovmf-202202.tar.gz 14208170 BLAKE2B d8411e6808b335ccd551349a10c983b9448a357e73273fa6c30a07785e27feffed0224950ee98b668712c33f6739a9b006e5043b7dfd014f48dba9fd449b3354 SHA512 200690a4867331de06e0478869b85577bc510213ebe679f2103160efb84d94c82ac8481ef1f15c3e42c1e9f22b7c5ef0d6c8f2c655bce7702ce843551cf9bb83
+DIST edk2-ovmf-202405.tar.gz 17091190 BLAKE2B ee2f4c8674ecd7a17e4ee1b067cf1caffb46c3345f39ab15b715964b8e114d01538ae4d4152ab6a3eeebdae602128604d57c02fc0da83f46c291559fe39f49d2 SHA512 3bad4c8417b0c9b68fc6b6b85a4b15c5be8daf672177ce66d7b224b1da7a90f643021adbdd6bc96f95417fc8654c4c6b191cd39f6c1be955946360bfa8e2cb5f
+DIST libspdm-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 1962880 BLAKE2B 89606315fadcf00b2909f264a6edcb2b900dfe248357ea45c37c5a9c947a4d684866627d85132cc51d44d90853d63814eaf9d2b4acdd1a9621b1d6600ca4a0a4 SHA512 07b2b376a84e86647d7a831ee6686d1cf647033ac339afb7c4ea7846cf4e9f7f529a2866bc68ea172d44f1f1efadc8bf1646c3d7fe7e6b6175286ef9c743b206
+DIST mbedtls-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 4587796 BLAKE2B c28df5c52ac3ed5ef6a2b9eba29f3894d3f5f11083869e8b137cd66d4f72b2a0971c91636ce4626869bd06eeb5e661d90160021f92564b9449fb13001b8e379f SHA512 a421c03c740867210f9e30457bc951928cafec3622e1e304f8c18ce5c5e27c5c8e6c7715180ecb74c6a997e4b91ee160e52b357e1bb65ff76ce8414a87ec4889
+DIST mipi-sys-t-370b5944c046bab043dd8b133727b2135af7747a.tar.gz 378522 BLAKE2B d3f1033e78ad814ebb991e66d8c1437aa3583e91481af9785b97b6021c7c45fb9dcb8d2d58d0a0fe84fbd9f108d24a27234df298eb8a2ba2340e5c9c85c89c40 SHA512 de6888577ceab7ab6915d792f3c48248cfa53357ccd310fc7f7eae4d25a932de8c7c23e5b898c9ebf61cf86cb538277273f2eb131a628b3bf0d46c9a3b9b6686
DIST openssl-d82e959e621a3d597f1e0d50ff8c2d8b96915fd7.tar.gz 10034310 BLAKE2B 6996979dc12a523d565830e7b0943feb682a376f71ddb6f20cb8b9976bb7f12e39f088abaa45d514933ef79c0e4a2933dc6f1af4774fedaa16e74c0081c358e7 SHA512 a89bc652dc4318c5e8a9c594a43d890ca05dfc1acd6b15e2a8ab8b5628b5f33994143ff8024230e07b9e67556b28ea3a5e36763aa72dec20b52022ca8c6f2a7e
+DIST openssl-de90e54bbe82e5be4fb9608b6f5c308bb837d355.tar.gz 15337569 BLAKE2B bb0b2f4ee7838178e8e23317b6c63048611d805e20c81d6c875d9b515e6dbcf981cda38f031965c9ec45bcab3ac4725cfa793718b0212e92bf53b4c7fc3f4e32 SHA512 4bba15075dacc8c1772a95759cfe8620ff3a9d535e5d3d29bb15e4790cc543555ab45f0b239195361e534eca26249ae1b491b63cbf6b7ecda6f0840c7f6253ac
DIST openssl-e2e09d9fba1187f8d6aafaa34d4172f56f1ffb72.tar.gz 9981169 BLAKE2B 33aac7364cdd45fec5654ab6caef84e1a829464380419c8a6bb311055c5a01c0aaff6e046a7c541a87e908fa9d26bae652f5be901461d03df36f2522f9c34b0c SHA512 db2087c04f0b428b3f4e1c8b3ac53cce69e0fd331ed2b86ba00facafd1685864d73f71c13eee48f4fe0af2bddad848f84a2b8ed2a17fabdf7fa2ed7d9eb39371
diff --git a/sys-firmware/edk2-ovmf/edk2-ovmf-202405.ebuild b/sys-firmware/edk2-ovmf/edk2-ovmf-202405.ebuild
new file mode 100644
index 000000000000..19628bba00c5
--- /dev/null
+++ b/sys-firmware/edk2-ovmf/edk2-ovmf-202405.ebuild
@@ -0,0 +1,169 @@
+# Copyright 1999-2024 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+PYTHON_REQ_USE="sqlite"
+PYTHON_COMPAT=( python3_12 )
+
+inherit python-any-r1 readme.gentoo-r1 secureboot
+
+DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines"
+HOMEPAGE="https://github.com/tianocore/edk2"
+
+BUNDLED_OPENSSL_SUBMODULE_SHA="de90e54bbe82e5be4fb9608b6f5c308bb837d355"
+BUNDLED_BROTLI_SUBMODULE_SHA="f4153a09f87cbb9c826d8fc12c74642bb2d879ea"
+BUNDLED_MIPI_SYS_T_SUBMODULE_SHA="370b5944c046bab043dd8b133727b2135af7747a"
+BUNDLED_MBEDTLS_SUBMODULE_SHA="8c89224991adff88d53cd380f42a2baa36f91454"
+BUNDLED_LIBSPDM_SUBMODULE_SHA="828ef62524bcaeca4e90d0c021221e714872e2b5"
+
+# TODO: talk with tamiko about unbundling (mva)
+
+# TODO: the binary 202105 package currently lacks the preseeded
+# OVMF_VARS.secboot.fd file (that we typically get from fedora)
+SRC_URI="https://github.com/tianocore/edk2/archive/edk2-stable${PV}.tar.gz -> ${P}.tar.gz
+ https://github.com/openssl/openssl/archive/${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz -> openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}.tar.gz
+ https://github.com/google/brotli/archive/${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz -> brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}.tar.gz
+ https://github.com/MIPI-Alliance/public-mipi-sys-t/archive/${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz -> mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz
+ https://github.com/Mbed-TLS/mbedtls/archive/${BUNDLED_MBEDTLS_SUBMODULE_SHA}.tar.gz -> mbedtls-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz
+ https://github.com/DMTF/libspdm/archive/${BUNDLED_LIBSPDM_SUBMODULE_SHA}.tar.gz -> libspdm-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}.tar.gz
+ https://dev.gentoo.org/~ajak/distfiles/${PN}-202202-qemu-firmware.tar.xz"
+
+S="${WORKDIR}/edk2-edk2-stable${PV}"
+
+LICENSE="BSD-2 MIT"
+SLOT="0"
+KEYWORDS="-* ~amd64"
+
+BDEPEND="app-emulation/qemu
+ >=dev-lang/nasm-2.0.7
+ >=sys-power/iasl-20160729
+ ${PYTHON_DEPS}"
+RDEPEND="!sys-firmware/edk2-ovmf-bin"
+
+DISABLE_AUTOFORMATTING=true
+DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86
+virtual machines. The firmware is located under
+ /usr/share/edk2-ovmf/OVMF_CODE.fd
+ /usr/share/edk2-ovmf/OVMF_VARS.fd
+ /usr/share/edk2-ovmf/OVMF_CODE.secboot.fd
+
+If USE=binary is enabled, we also install an OVMF variables file (coming from
+fedora) that contains secureboot default keys
+
+ /usr/share/edk2-ovmf/OVMF_VARS.secboot.fd
+
+If you have compiled this package by hand, you need to either populate all
+necessary EFI variables by hand by booting
+ /usr/share/edk2-ovmf/UefiShell.(iso|img)
+or creating OVMF_VARS.secboot.fd by hand:
+ https://github.com/puiterwijk/qemu-ovmf-secureboot
+
+The firmware does not support csm (due to no free csm implementation
+available). If you need a firmware with csm support you have to download
+one for yourself. Firmware blobs are commonly labeled
+ OVMF{,_CODE,_VARS}-with-csm.fd
+
+In order to use the firmware you can run qemu the following way
+
+ $ qemu-system-x86_64 \
+ -drive file=/usr/share/edk2-ovmf/OVMF.fd,if=pflash,format=raw,unit=0,readonly=on \
+ ..."
+
+pkg_setup() {
+ python-any-r1_pkg_setup
+ secureboot_pkg_setup
+}
+
+src_prepare() {
+ # Bundled submodules
+ cp -rl "${WORKDIR}/openssl-${BUNDLED_OPENSSL_SUBMODULE_SHA}"/* "CryptoPkg/Library/OpensslLib/openssl/" \
+ || die "copying openssl failed"
+ cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* "BaseTools/Source/C/BrotliCompress/brotli/" \
+ || die "copying brotli failed"
+ cp -rl "${WORKDIR}/brotli-${BUNDLED_BROTLI_SUBMODULE_SHA}"/* \
+ "MdeModulePkg/Library/BrotliCustomDecompressLib/brotli/" || die "copying brotli failed"
+ cp -rl "${WORKDIR}/public-mipi-sys-t-${BUNDLED_MIPI_SYS_T_SUBMODULE_SHA}"/* "MdePkg/Library/MipiSysTLib/mipisyst/" \
+ || die "copying mipi-sys-t failed"
+ cp -rl "${WORKDIR}/mbedtls-${BUNDLED_MBEDTLS_SUBMODULE_SHA}"/* "CryptoPkg/Library/MbedTlsLib/mbedtls/" \
+ || die "copying mbedtls failed"
+ cp -rl "${WORKDIR}/libspdm-${BUNDLED_LIBSPDM_SUBMODULE_SHA}"/* "SecurityPkg/DeviceSecurity/SpdmLib/libspdm" \
+ || die "copying libspdm failed"
+
+ sed -i -r \
+ -e "/function SetupPython3/,/\}/{s,\\\$\(whereis python3\),${EPYTHON},g}" \
+ "${S}"/edksetup.sh || die "Fixing for correct Python3 support failed"
+
+ default
+}
+
+src_compile() {
+ TARGET_ARCH=X64
+ TARGET_NAME=RELEASE
+ TARGET_TOOLS=GCC5
+
+ BUILD_FLAGS="-D TLS_ENABLE \
+ -D HTTP_BOOT_ENABLE \
+ -D NETWORK_IP6_ENABLE \
+ -D TPM_ENABLE \
+ -D TPM2_ENABLE -D TPM2_CONFIG_ENABLE \
+ -D FD_SIZE_2MB"
+
+ SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \
+ -D SECURE_BOOT_ENABLE \
+ -D SMM_REQUIRE \
+ -D EXCLUDE_SHELL_FROM_FD"
+
+ export LDFLAGS="-z notext"
+ export EXTRA_LDFLAGS="-z notext"
+ export DLINK_FLAGS="-z notext"
+
+ emake ARCH=${TARGET_ARCH} -C BaseTools
+
+ . ./edksetup.sh
+
+ # Build all EFI firmware blobs:
+
+ mkdir -p ovmf
+
+ ./OvmfPkg/build.sh \
+ -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \
+ ${BUILD_FLAGS} || die "OvmfPkg/build.sh failed"
+
+ cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/
+ rm -rf Build/OvmfX64
+
+ ./OvmfPkg/build.sh \
+ -a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \
+ ${SECUREBOOT_BUILD_FLAGS} || die "OvmfPkg/build.sh failed"
+
+ cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd || die "cp failed"
+ cp Build/OvmfX64/*/X64/Shell.efi ovmf/ || die "cp failed"
+ cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf || die "cp failed"
+
+ # Build a convenience UefiShell.img:
+
+ mkdir -p iso_image/efi/boot || die "mkdir failed"
+ cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi || die "cp failed"
+ cp ovmf/EnrollDefaultKeys.efi iso_image || die "cp failed"
+ qemu-img convert --image-opts \
+ driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \
+ ovmf/UefiShell.img || die "qemu-img failed"
+}
+
+src_install() {
+ insinto /usr/share/${PN}
+ doins ovmf/*
+
+ insinto /usr/share/qemu/firmware
+ doins "${S}"/../edk2-edk2-stable202202/qemu/*
+ rm "${ED}"/usr/share/qemu/firmware/40-edk2-ovmf-x64-sb-enrolled.json || die "rm failed"
+
+ secureboot_auto_sign --in-place
+
+ readme.gentoo_create_doc
+}
+
+pkg_postinst() {
+ readme.gentoo_print_elog
+}
next reply other threads:[~2024-08-04 7:44 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-04 7:44 Joonas Niilola [this message]
-- strict thread matches above, loose matches on Subject: below --
2024-10-10 16:33 [gentoo-commits] repo/gentoo:master commit in: sys-firmware/edk2-ovmf/ James Le Cuirot
2024-10-10 16:33 James Le Cuirot
2024-08-13 12:41 Joonas Niilola
2024-07-03 21:08 Matthias Maier
2023-08-28 19:32 Sam James
2023-08-28 19:10 Sam James
2023-08-17 7:49 Andrew Ammerlaan
2022-12-08 22:25 John Helmert III
2022-12-05 19:48 Arthur Zamarin
2022-12-02 19:27 Arthur Zamarin
2022-12-02 18:50 Arthur Zamarin
2022-12-02 18:50 Arthur Zamarin
2022-09-27 3:27 John Helmert III
2022-09-27 3:27 John Helmert III
2022-09-27 3:27 John Helmert III
2022-09-06 22:39 John Helmert III
2022-05-19 12:19 WANG Xuerui
2022-01-23 8:05 Yixun Lan
2022-01-04 0:02 Matthias Maier
2022-01-04 0:02 Matthias Maier
2021-10-08 18:49 Agostino Sarubbo
2021-10-08 1:57 Sam James
2021-10-07 19:44 Sam James
2021-10-07 6:02 Agostino Sarubbo
2021-06-27 7:52 Matthias Maier
2021-06-27 7:52 Matthias Maier
2021-06-26 22:23 Matthias Maier
2021-05-31 20:18 Michał Górny
2021-04-04 23:09 Matthias Maier
2021-04-04 23:07 Matthias Maier
2021-03-11 17:03 Ben Kohler
2020-12-23 1:30 Thomas Deutschmann
2020-12-23 1:28 Thomas Deutschmann
2020-11-07 3:49 Georgy Yakovlev
2020-10-13 10:01 Agostino Sarubbo
2020-10-13 9:26 Agostino Sarubbo
2020-10-11 23:44 Sam James
2020-10-02 13:56 Vadim Misbakh-Soloviov
2020-10-02 11:06 Vadim Misbakh-Soloviov
2020-10-02 10:53 Vadim Misbakh-Soloviov
2020-10-02 10:38 Vadim Misbakh-Soloviov
2020-08-19 22:40 Sam James
2020-02-10 13:26 Michał Górny
2019-08-19 11:37 Agostino Sarubbo
2019-08-18 21:51 Agostino Sarubbo
2019-07-28 23:17 Matthias Maier
2019-07-28 23:17 Matthias Maier
2019-07-28 23:17 Matthias Maier
2019-07-28 23:17 Matthias Maier
2019-07-22 9:28 Michał Górny
2018-03-30 16:51 Aaron Bauman
2018-02-12 0:42 Matthias Maier
2018-02-12 0:42 Matthias Maier
2017-12-12 18:01 Matthias Maier
2017-09-01 1:09 Matthias Maier
2017-08-13 12:36 David Seifert
2017-05-06 6:09 Matthias Maier
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1722757444.cda2fe4a323784b9be9b5a5d22469aa921ca97a1.juippis@gentoo \
--to=juippis@gentoo.org \
--cc=gentoo-commits@lists.gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox