sys-firmware/edk2-ovmf: update live ebuild

Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Matthias Maier <tamiko@gentoo.org>
author: Matthias Maier <tamiko@gentoo.org> 2019-07-28 16:11:51 -0500
committer: Matthias Maier <tamiko@gentoo.org> 2019-07-28 18:17:26 -0500
commit: fff18dae2f07b0bf7b885912abfdc49fa283055e (patch)
tree: a6df3347130236deb46550ebac4082da6530725f /sys-firmware
parent: sys-firmware/edk2-ovmf: drop vulnerable (diff)
download: gentoo-fff18dae2f07b0bf7b885912abfdc49fa283055e.tar.gz
gentoo-fff18dae2f07b0bf7b885912abfdc49fa283055e.tar.bz2
gentoo-fff18dae2f07b0bf7b885912abfdc49fa283055e.zip
1 files changed, 57 insertions, 16 deletions
diff --git a/sys-firmware/edk2-ovmf/edk2-ovmf-9999.ebuild b/sys-firmware/edk2-ovmf/edk2-ovmf-999999.ebuild
index a3779c68d3dd..8bd303ef2cbd 100644
--- a/sys-firmware/edk2-ovmf/edk2-ovmf-9999.ebuild
+++ b/sys-firmware/edk2-ovmf/edk2-ovmf-999999.ebuild
@@ -1,10 +1,10 @@
 # Copyright 1999-2019 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
-EAPI=6
+EAPI=7
 
 PYTHON_REQ_USE="sqlite"
-PYTHON_COMPAT=( python2_7 )
+PYTHON_COMPAT=( python{2_7,3_5,3_6,3_7} )
 
 inherit eutils python-any-r1 readme.gentoo-r1
 
@@ -12,22 +12,21 @@ DESCRIPTION="UEFI firmware for 64-bit x86 virtual machines"
 HOMEPAGE="https://github.com/tianocore/edk2"
 
 NON_BINARY_DEPEND="
+	app-emulation/qemu
 	>=dev-lang/nasm-2.0.7
 	>=sys-power/iasl-20160729
 	${PYTHON_DEPS}
 "
 DEPEND=""
 RDEPEND=""
-if [[ ${PV} == "9999" ]] ; then
+if [[ ${PV} == "999999" ]] ; then
 	inherit git-r3
 	EGIT_REPO_URI="https://github.com/tianocore/edk2"
 	DEPEND+="
 		${NON_BINARY_DEPEND}
 	"
 else
-	SRC_URI="
-		binary? ( https://dev.gentoo.org/~tamiko/distfiles/${P}-bin.tar.xz )
-		!binary? ( https://dev.gentoo.org/~tamiko/distfiles/${P}.tar.xz )"
+	SRC_URI=""
 	KEYWORDS="~amd64 ~arm64 ~ppc ~ppc64 ~x86 ~x86-fbsd"
 	IUSE="+binary"
 	REQUIRED_USE+="
@@ -40,7 +39,6 @@ else
 			)
 		)"
 	PATCHES=(
-		"${FILESDIR}"/${P}-build_system_fixes.patch
 	)
 fi
 
@@ -50,9 +48,20 @@ SLOT="0"
 DISABLE_AUTOFORMATTING=true
 DOC_CONTENTS="This package contains the tianocore edk2 UEFI firmware for 64-bit x86
 virtual machines. The firmware is located under
-	/usr/share/edk2-ovmf/OVMF.fd
 	/usr/share/edk2-ovmf/OVMF_CODE.fd
 	/usr/share/edk2-ovmf/OVMF_VARS.fd
+	/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd
+
+If USE=binary is enabled, we also install an OVMF variables file (coming from
+fedora) that contains secureboot default keys
+
+	/usr/share/edk2-ovmf/OVMF_VARS.secboot.fd
+
+If you have compiled this package by hand, you need to either populate all
+necessary EFI variables by hand by booting
+	/usr/share/edk2-ovmf/UefiShell.(iso|img)
+or creating OVMF_VARS.secboot.fd by hand:
+	https://github.com/puiterwijk/qemu-ovmf-secureboot
 
 The firmware does not support csm (due to no free csm implementation
 available). If you need a firmware with csm support you have to download
@@ -68,14 +77,15 @@ In order to use the firmware you can run qemu the following way
 You can register the firmware for use in libvirt by adding to /etc/libvirt/qemu.conf:
 	nvram = [
 		\"/usr/share/edk2-ovmf/OVMF_CODE.fd:/usr/share/edk2-ovmf/OVMF_VARS.fd\"
+		\"/usr/share/edk2-ovmf/OVMF_CODE.secboot.fd:/usr/share/edk2-ovmf/OVMF_VARS.fd\"
 	]"
 
 pkg_setup() {
-	 [[ ${PV} != "9999" ]] && use binary || python-any-r1_pkg_setup
+	[[ ${PV} != "999999" ]] && use binary || python-any-r1_pkg_setup
 }
 
 src_prepare() {
-	if  [[ ${PV} != "9999" ]] && use binary; then
+	if  [[ ${PV} != "999999" ]] && use binary; then
 		eapply_user
 		return
 	fi
@@ -87,23 +97,54 @@ src_compile() {
 	TARGET_NAME=RELEASE
 	TARGET_TOOLS=GCC49
 
-	[[ ${PV} != "9999" ]] && use binary && return
+	BUILD_FLAGS="-D TLS_ENABLE \
+		-D HTTP_BOOT_ENABLE \
+		-D NETWORK_IP6_ENABLE \
+		-D FD_SIZE_2MB"
+
+	SECUREBOOT_BUILD_FLAGS="${BUILD_FLAGS} \
+		-D SECURE_BOOT_ENABLE \
+		-D SMM_REQUIRE \
+		-D EXCLUDE_SHELL_FROM_FD"
+
+	[[ ${PV} != "999999" ]] && use binary && return
 
 	emake ARCH=${TARGET_ARCH} -C BaseTools
 
 	. ./edksetup.sh
 
+	# Build all EFI firmware blobs:
+
+	mkdir -p ovmf
+
 	./OvmfPkg/build.sh \
 		-a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \
-		-D FD_SIZE_2MB \
-		|| die "OvmfPkg/build.sh failed"
+		${BUILD_FLAGS} || die "OvmfPkg/build.sh failed"
+
+	cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/
+	rm -rf Build/OvmfX64
+
+	./OvmfPkg/build.sh \
+		-a "${TARGET_ARCH}" -b "${TARGET_NAME}" -t "${TARGET_TOOLS}" \
+		${SECUREBOOT_BUILD_FLAGS} || die "OvmfPkg/build.sh failed"
+
+	cp Build/OvmfX64/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd || die "cp failed"
+	cp Build/OvmfX64/*/X64/Shell.efi ovmf/ || die "cp failed"
+	cp Build/OvmfX64/*/X64/EnrollDefaultKeys.efi ovmf || die "cp failed"
+
+	# Build a convenience UefiShell.img:
+
+	mkdir -p iso_image/efi/boot || die "mkdir failed"
+	cp ovmf/Shell.efi iso_image/efi/boot/bootx64.efi || die "cp failed"
+	cp ovmf/EnrollDefaultKeys.efi iso_image || die "cp failed"
+	qemu-img convert --image-opts \
+		driver=vvfat,floppy=on,fat-type=12,label=UEFI_SHELL,dir=iso_image \
+		ovmf/UefiShell.img || die "qemu-img failed"
 }
 
 src_install() {
-	local builddir="Build/OvmfX64/${TARGET_NAME}_${TARGET_TOOLS}/FV"
-
 	insinto /usr/share/${PN}
-	doins "${builddir}"/OVMF{,_CODE,_VARS}.fd
+	doins ovmf/*
 
 	readme.gentoo_create_doc
 }
author	Matthias Maier <tamiko@gentoo.org>	2019-07-28 16:11:51 -0500
committer	Matthias Maier <tamiko@gentoo.org>	2019-07-28 18:17:26 -0500
commit	fff18dae2f07b0bf7b885912abfdc49fa283055e (patch)
tree	a6df3347130236deb46550ebac4082da6530725f /sys-firmware
parent	sys-firmware/edk2-ovmf: drop vulnerable (diff)
download	gentoo-fff18dae2f07b0bf7b885912abfdc49fa283055e.tar.gz gentoo-fff18dae2f07b0bf7b885912abfdc49fa283055e.tar.bz2 gentoo-fff18dae2f07b0bf7b885912abfdc49fa283055e.zip