From f87e90c13f925351bf6af6c94e2ae3617179313c Mon Sep 17 00:00:00 2001 From: srs5694 Date: Tue, 3 Mar 2015 22:19:49 -0500 Subject: [PATCH] Modified Debian postinst and RPM scripts to sign binaries locally if possible even when not copying a shim file. Updated package description for RPMs and Debian packages. --- NEWS.txt | 10 ++++++++++ debian/control | 17 +++++++++-------- debian/postinst | 8 ++++++-- docs/refind/themes.html | 4 +++- refind.spec | 38 +++++++++++++++++++++----------------- 5 files changed, 49 insertions(+), 28 deletions(-) diff --git a/NEWS.txt b/NEWS.txt index bf04e43..89fae21 100644 --- a/NEWS.txt +++ b/NEWS.txt @@ -1,3 +1,13 @@ +0.8.8 (3/??/2015): +------------------ + +- Modified Debian postinst file to call install.sh with --localkeys option + if sbsign and openssl are available, even when NOT in Secure Boot mode or + if shim is not detected. This helps with my Ubuntu PPA when using custom + Secure Boot keys, since the PPA is delivered unsigned. (Users will have + to have added their own local keys to their firmware's db.) For + consistency, I've made the same change to the RPM .spec file. + 0.8.7 (3/1/2015): ----------------- diff --git a/debian/control b/debian/control index f20e4cd..344ebdb 100644 --- a/debian/control +++ b/debian/control @@ -12,11 +12,12 @@ Description: boot manager for EFI-based computers A graphical boot manager for EFI- and UEFI-based computers, such as all Intel-based Macs and recent (most 2011 and later) PCs. rEFInd presents a boot menu showing all the EFI boot loaders on the EFI-accessible - partitions, and optionally BIOS-bootable partitions on Macs. - EFI-compatbile OSes, including Linux, provide boot loaders that rEFInd can - detect and launch. rEFInd can launch Linux EFI boot loaders such as ELILO, - GRUB Legacy, GRUB 2, and 3.3.0 and later kernels with EFI stub support. - EFI filesystem drivers for ext2/3/4fs, ReiserFS, Btrfs, HFS+, and ISO-9660 - enable rEFInd to read boot loaders from these filesystems, too. rEFInd's - ability to detect boot loaders at runtime makes it very easy to use, - particularly when paired with Linux kernels that provide EFI stub support. + partitions, and optionally BIOS-bootable partitions on Macs and BIOS boot + entries on UEFI PCs with CSMs. EFI-compatbile OSes, including Linux, + provide boot loaders that rEFInd can detect and launch. rEFInd can launch + Linux EFI boot loaders such as ELILO, GRUB Legacy, GRUB 2, and 3.3.0 and + later kernels with EFI stub support. EFI filesystem drivers for ext2/3/4fs, + ReiserFS, Btrfs, NTFS, HFS+, and ISO-9660 enable rEFInd to read boot + loaders from these filesystems, too. rEFInd's ability to detect boot + loaders at runtime makes it very easy to use, particularly when paired with + Linux kernels that provide EFI stub support. diff --git a/debian/postinst b/debian/postinst index e78bd9d..af54dbe 100755 --- a/debian/postinst +++ b/debian/postinst @@ -7,7 +7,7 @@ set -e # Remove any existing NVRAM entry for rEFInd, to avoid creating a duplicate. ExistingEntry=`efibootmgr | grep "rEFInd Boot Manager" | cut -c 5-8` if [[ -n $ExistingEntry ]] ; then - efibootmgr --bootnum $ExistingEntry --delete-bootnum + efibootmgr --bootnum $ExistingEntry --delete-bootnum &> /dev/null fi cd /usr/share/refind @@ -42,5 +42,9 @@ if [[ $IsSecureBoot == "1" && -n $ShimFile ]] ; then ./install.sh --shim $ShimFile --yes fi else - ./install.sh --yes + if [[ -n $SBSign && -n $OpenSSL ]] ; then + ./install.sh --localkeys --yes + else + ./install.sh --yes + fi fi diff --git a/docs/refind/themes.html b/docs/refind/themes.html index 4870dcb..91e2c0a 100644 --- a/docs/refind/themes.html +++ b/docs/refind/themes.html @@ -15,7 +15,7 @@ href="mailto:rodsmith@rodsbooks.com">rodsmith@rodsbooks.com

Originally written: 4/19/2012; last Web page update: -3/1/2015, referencing rEFInd 0.8.7

+3/2/2015, referencing rEFInd 0.8.7

This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running. Thanks!

@@ -296,6 +296,8 @@ to be tedious.

  • User munlik has created a theme called Regular-theme on Deviantart.
    • +
  • Nitrofurano has posted a 1970s-inspired theme on opendesktop.org.
    • +

    If you've created or discovered another rEFInd theme, please tell me about it so that I can provide a link to it from this page.

    diff --git a/refind.spec b/refind.spec index aa889b1..a65424b 100644 --- a/refind.spec +++ b/refind.spec @@ -36,14 +36,15 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) A graphical boot manager for EFI- and UEFI-based computers, such as all Intel-based Macs and recent (most 2011 and later) PCs. rEFInd presents a boot menu showing all the EFI boot loaders on the EFI-accessible -partitions, and optionally BIOS-bootable partitions on Macs. EFI-compatbile -OSes, including Linux, provide boot loaders that rEFInd can detect and -launch. rEFInd can launch Linux EFI boot loaders such as ELILO, GRUB -Legacy, GRUB 2, and 3.3.0 and later kernels with EFI stub support. EFI -filesystem drivers for ext2/3/4fs, ReiserFS, HFS+, and ISO-9660 enable -rEFInd to read boot loaders from these filesystems, too. rEFInd's ability -to detect boot loaders at runtime makes it very easy to use, particularly -when paired with Linux kernels that provide EFI stub support. +partitions, and optionally BIOS-bootable partitions on Macs and BIOS boot +entries on UEFI PCs with CSMs. EFI-compatbile OSes, including Linux, +provide boot loaders that rEFInd can detect and launch. rEFInd can launch +Linux EFI boot loaders such as ELILO, GRUB Legacy, GRUB 2, and 3.3.0 and +later kernels with EFI stub support. EFI filesystem drivers for ext2/3/4fs, +ReiserFS, Btrfs, NTFS, HFS+, and ISO-9660 enable rEFInd to read boot +loaders from these filesystems, too. rEFInd's ability to detect boot +loaders at runtime makes it very easy to use, particularly when paired with +Linux kernels that provide EFI stub support. %prep %setup -q @@ -120,7 +121,7 @@ PATH=$PATH:/usr/local/bin # Remove any existing NVRAM entry for rEFInd, to avoid creating a duplicate. ExistingEntry=`efibootmgr | grep "rEFInd Boot Manager" | cut -c 5-8` if [[ -n $ExistingEntry ]] ; then - efibootmgr --bootnum $ExistingEntry --delete-bootnum + efibootmgr --bootnum $ExistingEntry --delete-bootnum &> /dev/null fi cd /usr/share/refind-%{version} @@ -141,13 +142,12 @@ declare OpenSSL=`which openssl 2> /dev/null` # Run the rEFInd installation script. Do so with the --shim option # if Secure Boot mode is suspected and if a shim program can be -# found, or without it if not. If a shim installation is attempted -# and the sbsign and openssl programs can be found, do the install -# using a local signing key. Note that this option is undesirable -# for a distribution, since it would then require the user to -# enroll an extra MOK. I'm including it here because I'm NOT a -# distribution maintainer, and I want to encourage users to use -# their own local keys. +# found, or without it if not. If the sbsign and openssl programs +# can be found, do the install using a local signing key. Note that +# this option is undesirable for a distribution, since it would +# then require the user to enroll an extra MOK. I'm including it +# here because I'm NOT a distribution maintainer, and I want to +# encourage users to use their own local keys. if [[ $IsSecureBoot == "1" && -n $ShimFile ]] ; then if [[ -n $SBSign && -n $OpenSSL ]] ; then ./install.sh --shim $ShimFile --localkeys --yes @@ -155,7 +155,11 @@ if [[ $IsSecureBoot == "1" && -n $ShimFile ]] ; then ./install.sh --shim $ShimFile --yes fi else - ./install.sh --yes + if [[ -n $SBSign && -n $OpenSSL ]] ; then + ./install.sh --localkeys --yes + else + ./install.sh --yes + fi fi # CAUTION: Don't create a %preun or a %postun script that deletes the files -- 2.39.2