forked from rhboot/shim-review
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathdockerfile
34 lines (24 loc) · 1.21 KB
/
dockerfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
FROM ubuntu:22.04
RUN apt-get update -y && apt-get install -y --no-install-recommends dos2unix build-essential binutils gcc gnu-efi bsdmainutils \
# for `git clone`
ca-certificates git \
# for `wget`
wget
# Print installed packages and versions
RUN dpkg -l
RUN wget https://github.com/rhboot/shim/releases/download/15.8/shim-15.8.tar.bz2
RUN tar -xvf shim-15.8.tar.bz2
RUN git clone https://github.com/opsi-org/shim-review.git
WORKDIR /shim-15.8
RUN cp /shim-review/data/sbat.opsi.csv /shim-15.8/data/sbat.csv
RUN rm -rf gnu-efi
RUN git clone -b shim-15.9 https://github.com/rhboot/gnu-efi.git
RUN patch < /shim-review/0001-shim-Allow-data-after-the-end-of-device-path-node-in.patch
RUN patch < /shim-review/0001-Fall-back-to-default-loader-when-encountering-errors.patch
RUN make 'DEFAULT_LOADER=\\\\opsi-netboot.efi' VENDOR_CERT_FILE=/shim-review/opsi-uefi-ca.der
RUN sha256sum /shim-review/shimx64.efi /shim-15.8/shimx64.efi
RUN objdump -j .sbat -s /shim-review/shimx64.efi
RUN objdump -j .sbat -s /shim-15.8/shimx64.efi
RUN hexdump -Cv /shim-review/shimx64.efi > shim-review.hexdump
RUN hexdump -Cv /shim-15.8/shimx64.efi > shim-build.hexdump
RUN diff -u shim-review.hexdump shim-build.hexdump