svn commit: r377720 - head/sysutils/shim

Fri Jan 23 10:35:09 UTC 2015

Author: trasz
Date: Fri Jan 23 10:35:08 2015
New Revision: 377720
URL: https://svnweb.freebsd.org/changeset/ports/377720
QAT: https://qat.redports.org/buildarchive/r377720/

Log:
  Install certificate and key matching what's embedded in the shim itself.
  
  Sponsored by:	The FreeBSD Foundation

Modified:
  head/sysutils/shim/Makefile

Modified: head/sysutils/shim/Makefile
==============================================================================

--- head/sysutils/shim/Makefile	Fri Jan 23 10:20:17 2015	(r377719)
+++ head/sysutils/shim/Makefile	Fri Jan 23 10:35:08 2015	(r377720)
@@ -3,6 +3,7 @@
 
 PORTNAME=	shim
 PORTVERSION=	0.8
+PORTREVISION=	1
 CATEGORIES=	sysutils
 
 MAINTAINER=	trasz at FreeBSD.org
@@ -23,14 +24,19 @@ USE_GITHUB=	yes
 MAKE_JOBS_UNSAFE=	yes
 ONLY_FOR_ARCHS=	amd64
 
-PLIST_FILES=	lib/shim/MokManager.efi lib/shim/fallback.efi lib/shim/shim.efi
+PLIST_FILES=	lib/shim/shim.pem lib/shim/shim.key \
+		lib/shim/MokManager.efi lib/shim/fallback.efi lib/shim/shim.efi
 
 post-patch:
 	@${REINPLACE_CMD} -e "s|/bin/bash|${LOCALBASE}/bin/bash|" ${WRKSRC}/make-certs
 	@${REINPLACE_CMD} -e 's|%%CC%%|${CC}|g' ${WRKSRC}/Makefile
 
 do-install:
+	# Note that before this step, the shim.pem contains the _private_ key.
+	openssl x509 -inform der -in ${WRKSRC}/shim.cer -outform pem -out ${WRKSRC}/shim.pem
 	${MKDIR} ${STAGEDIR}/${PREFIX}/lib/shim
+	${INSTALL_DATA} -m 600 ${WRKSRC}/shim.key ${STAGEDIR}/${PREFIX}/lib/shim
+	${INSTALL_DATA} ${WRKSRC}/shim.pem ${STAGEDIR}/${PREFIX}/lib/shim
 	${INSTALL_DATA} ${WRKSRC}/shim.efi ${STAGEDIR}/${PREFIX}/lib/shim
 	${INSTALL_DATA} ${WRKSRC}/MokManager.efi ${STAGEDIR}/${PREFIX}/lib/shim
 	${INSTALL_DATA} ${WRKSRC}/fallback.efi ${STAGEDIR}/${PREFIX}/lib/shim
