%ifarch aarch64
%global efi_arch aa64
%global bootcsv BOOTAA64.CSV
%global bootefi BOOTAA64.EFI
%endif

%ifarch x86_64
%global efi_arch x64
%global bootcsv BOOTX64.CSV
%global bootefi BOOTX64.EFI
%endif

%global debug_package %{nil}
%global __debug_package 1
%global _binaries_in_noarch_packages_terminate_build 0
%undefine _debuginfo_subpackages

%global efidir %{_vendor}
%global shimdir %{_datadir}/shim/%{version}-%{release}/%{efi_arch}
%global shimefivendor /boot/efi/EFI/%{efi_vendor}/
%global shimBOOT  /boot/efi/EFI/BOOT/

Name:	   	   shim
Version:	   15.6
Release:	   1
Summary:	   First-stage UEFI bootloader
ExclusiveArch:     x86_64 aarch64
License:	   BSD
URL:	 	   https://github.com/rhboot/shim
Source0:	   https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
Source1:	   BOOTAA64.CSV
Source2:	   BOOTX64.CSV

BuildRequires: elfutils-libelf-devel openssl-devel openssl git pesign gnu-efi gnu-efi-devel gcc
Requires:      dbxtool efi-filesystem mokutil
Provides:	   bundled(openssl) = 1.0.2j
Provides:      shim-%{efi_arch}
Obsoletes:     shim-%{efi_arch}

%description
Initial UEFI bootloader that handles chaining to a trusted full \
bootloader under secure boot environments.

%package debuginfo
Summary:	Debug information for shim-unsigned
Requires:	%{name}-debugsource = %{version}-%{release}
AutoReqProv:	0
BuildArch:	noarch

%description debuginfo
This package provides debug information for package %{expand:%%{name}} \
Debug information is useful when developing applications that \
use this package or when debugging this package.

%package debugsource
Summary:	Debug Source for shim-unsigned
AutoReqProv:	0
BuildArch:	noarch

%description debugsource
This package provides debug information for package %{expand:%%{name}} \
Debug information is useful when developing applications that \
use this package or when debugging this package.

%prep
#chmod +x %{SOURCE100}
%autosetup -n shim-%{version} -p1 -S git
git config --unset user.email
git config --unset user.name
mkdir build-%{efi_arch}

%build
COMMITID=$(cat commit)
MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
MAKEFLAGS+="ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true "
MAKEFLAGS+="%{_smp_mflags}"

cd build-%{efi_arch}
make ${MAKEFLAGS} DEFAULT_LOADER='\\\\grub%{efi_arch}.efi' all
cd ..

%install
COMMITID=$(cat commit)
MAKEFLAGS="TOPDIR=.. -f ../Makefile COMMITID=${COMMITID} "
MAKEFLAGS+="EFIDIR=%{efidir} PKGNAME=shim RELEASE=%{release} "
MAKEFLAGS+="ENABLE_HTTPBOOT=true ENABLE_SHIM_HASH=true "

cd build-%{efi_arch}
make ${MAKEFLAGS} \
	DEFAULT_LOADER='\\\\grub%{efi_arch}.efi' \
	DESTDIR=${RPM_BUILD_ROOT} \
	install-debuginfo install-debugsource

install -d -m 0700 ${RPM_BUILD_ROOT}/%{shimBOOT}
install -m 0700 fb%{efi_arch}.efi ${RPM_BUILD_ROOT}/%{shimBOOT}
install -m 0700 mm%{efi_arch}.efi ${RPM_BUILD_ROOT}/%{shimBOOT}
install -m 0700 shim%{efi_arch}.efi ${RPM_BUILD_ROOT}/%{shimBOOT}/%{bootefi}
install -d -m 0700 ${RPM_BUILD_ROOT}/%{shimefivendor}
install -m 0700 *.efi ${RPM_BUILD_ROOT}/%{shimefivendor}
install -m 0700 *.hash ${RPM_BUILD_ROOT}/%{shimefivendor}
%ifarch aarch64
install -m 0700 %{SOURCE1} ${RPM_BUILD_ROOT}/%{shimefivendor}
%endif
%ifarch x86_64
install -m 0700 %{SOURCE2} ${RPM_BUILD_ROOT}/%{shimefivendor}
%endif

# install the debug symbols
install -d ${RPM_BUILD_ROOT}/usr/lib/debug/%{shimefivendor}
install -m 644 fb%{efi_arch}.efi.debug ${RPM_BUILD_ROOT}/usr/lib/debug/%{shimefivendor}
install -m 644 mm%{efi_arch}.efi.debug ${RPM_BUILD_ROOT}/usr/lib/debug/%{shimefivendor}
install -m 644 shim%{efi_arch}.efi.debug ${RPM_BUILD_ROOT}/usr/lib/debug/%{shimefivendor}

cd ..

%files
%license COPYRIGHT
%{shimBOOT}/fb%{efi_arch}.efi
%{shimBOOT}/mm%{efi_arch}.efi
%{shimBOOT}/%{bootefi}
%{shimefivendor}/%{bootcsv}
%{shimefivendor}/*.efi
%{shimefivendor}/*.hash

%files debuginfo
%defattr(-,root,root,-)
/usr/lib/debug/*
%exclude /usr/lib/debug/.build-id

%files debugsource
%defattr(-,root,root,-)
%dir /usr/src/debug/%{name}-%{version}-%{release}
/usr/src/debug/%{name}-%{version}-%{release}/*

%changelog
* Fri Jul 15 2022 Chenxi Mao <chenxi.mao@suse.com> - 15.6-1
- Upgrade version to 15.6 to fix CVE-2022-28737

* Tue Jul 5 2022 Hugel <gengqihu1@h-partners.com> - 15.4-3
- fix shim occasionally crashes in _relocate() on AArch64

* Thu Mar 3 2022 panxiaohe <panxh.life@foxmail.com> - 15.4-2
- list files into debuginfo subpackage

* Tue Dec 21 2021 panxiaohe <panxiaohe@huawei.com> - 15.4-1
- update version to 15.4

* Tue Mar 9 2021 panxiaohe <panxiaohe@huawei.com> - 15-20
- modify efidir to _vendor

* Mon Jun 22 2020 leiju <leiju4@huawei.com> - 15-19
- fix unaligned point value with GCC9

* Tue Mar 10 2020 openEuler Buildteam <buildteam@openeuler.org> - 15-18
- fix wrong information

* Mon Feb 24 2020 openEuler Buildteam <buildteam@openeuler.org> - 15-17
- Remove excess packaged files

* Thu Feb 13 2020 openEuler Buildteam <buildteam@openeuler.org> - 15-16
- add BuildRequires: gcc

* Sun Jan 12 2020 openEuler Buildteam <buildteam@openeuler.org> - 15-15
- List debug files

* Wed Nov 27 2019 openEuler Buildteam <buildteam@openeuler.org> - 15-14
- Remove excess install

* Thu Nov 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 15-13
- Add defination of efi_arch

* Mon Nov 18 2019 openEuler Buildteam <buildteam@openeuler.org> - 15-12
- Add %{bootefi}

* Thu Nov 14 2019 openEuler Buildteam <buildteam@openeuler.org> - 15-11
- Add arch x86_64

* Thu Sep 26 2019 openEuler Buildteam <buildteam@openeuler.org> - 15-10
- Add missing BOOTAA64.CSV

* Thu Sep 26 2019 openEuler Buildteam <buildteam@openeuler.org> - 15-9
- Package init

* Tue Sep 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 15-8
- Package init