edk2/edk2.spec

%global edk2_date   202308
%global edk2_githash    819cfc6
%global openssl_version 1.1.0e
%global mipi_version v1.1+edk2
%global mipi_commit 370b5944c046bab043dd8b133727b2135af7747a
%global ssl_version 3.0.9
%global __python %{__python38}

%bcond_without build_ovmf_ia32
%ifarch x86_64
%bcond_without build_ovmf_x64
%else
%bcond_with build_ovmf_x64
%endif

# Disable ARM firmware until its build process is fixed.
%bcond_with build_aavmf_aarch64
%bcond_with build_aavmf_arm


Name:		edk2
Version:	%{edk2_date}
Release:	1.git%{edk2_githash}
Summary:	EFI Development Kit II
License:	BSD
Group:		Emulators
URL:		https://github.com/tianocore/tianocore.github.io/wiki/EDK-II/

#Source0:	edk2-%{edk2_date}-%{edk2_githash}.tar.xz
Source0:    https://github.com/tianocore/edk2/archive/%{name}-stable%{edk2_date}/%{name}-stable%{edk2_date}.tar.gz
#Source1:	openssl-%{openssl_version}-hobbled.tar.xz
Source2:	ovmf-whitepaper-c770f8c.txt
Source10:	hobble-openssl
Source11:	build-iso.sh
Source12:	update-tarball.sh
Source13:	openssl-patch-to-tarball.sh
Source14:   https://github.com/google/brotli/archive/v1.1.0/brotli-1.1.0.tar.gz
Source15:   https://github.com/MIPI-Alliance/public-mipi-sys-t/archive/%{mipi_version}/mipi-%{mipi_version}.tar.gz
#Source16:   https://github.com/openssl/openssl/archive/%{ssl_version}/openssl-%{ssl_version}.tar.gz
Source16:   https://github.com/openssl/openssl/releases/download/openssl-%{ssl_version}/openssl-%{ssl_version}.tar.gz
Source1000: %{name}.rpmlintrc
# non-upstream patches
Patch0006:	0006-advertise-OpenSSL-on-TianoCore-splash-screen-boot-lo.patch
Patch0014:	0014-OvmfPkg-allow-exclusion-of-the-shell-from-the-firmwa.patch
# TODO: Enroll ROSA certs, if possible, instead of the RedHat's.
Patch0015:	0015-OvmfPkg-EnrollDefaultKeys-application-for-enrolling-.patch

# upstream backports
Patch0019:	0019-MdeModulePkg-PciBus-Fix-bug-that-PCI-BUS-claims-too-much-resource.patch
Patch0020:	0020-MdeModulePkg-Bds-Remove-assertion-in-BmCharToUint.patch
Patch0021:	0021-MdeModulePkg-Bds-Check-variable-name-even-if-OptionNumber-is-NULL.patch

# submitted upstream by Fedora
Patch0022:	0022-OvmfPkg-make-it-a-proper-BASE-library.patch
Patch0023:	0023-OvmfPkg-create-a-separate-PlatformDebugLibIoPort-ins.patch
Patch0024:	0024-OvmfPkg-save-on-I-O-port-accesses-when-the-debug-por.patch

# openssl patches from Fedora
Patch1021:	openssl-1.1.0-issuer-hash.patch
Patch1039:	openssl-1.1.0-cc-reqs.patch
Patch1040:	openssl-1.1.0-disable-ssl3.patch
Patch1044:	openssl-1.1.0-bio-fd-preserve-nl.patch

BuildRequires:	python-devel
BuildRequires:	pkgconfig(uuid)
BuildRequires:	iasl
BuildRequires:	nasm
BuildRequires:	dosfstools
BuildRequires:	mtools
BuildRequires:	genisoimage
BuildRequires:  git-core

Requires:	edk2-tools = %{EVRD}
Requires:	edk2-tools-doc = %{EVRD}

%description
EDK II is a development code base for creating UEFI drivers, applications
and firmware images.

#---------------------------------------------------------------------------

%package tools
Summary:	EFI Development Kit II Tools
Group:		Development/Tools
Requires:	edk2-tools-python = %{EVRD}

%description tools
This package provides tools that are needed to
build EFI executables and ROMs using the GNU tools.

%files tools
%doc License.txt
%{_bindir}/BootSectImage
%{_bindir}/Brotli
%{_bindir}/EfiLdrImage
%{_bindir}/EfiRom
%{_bindir}/GenCrc32
%{_bindir}/GenFfs
%{_bindir}/GenFv
%{_bindir}/GenFw
%{_bindir}/GenPage
%{_bindir}/GenSec
%{_bindir}/GenVtf
%{_bindir}/GnuGenBootSector
%{_bindir}/LzmaCompress
%{_bindir}/LzmaF86Compress
%{_bindir}/Split
%{_bindir}/TianoCompress
%{_bindir}/VfrCompile
%{_bindir}/VolInfo
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/BuildEnv
%{_datadir}/%{name}/Conf
%{_datadir}/%{name}/Scripts

#---------------------------------------------------------------------------

%package tools-python
Summary:	EFI Development Kit II Tools
Group:		Development/Tools
Requires:	python
BuildArch:      noarch

%description tools-python
This package provides tools that are needed to build EFI executables
and ROMs using the GNU tools.  You do not need to install this package;
you probably want to install edk2-tools only.

%files tools-python
%{_bindir}/build
%{_bindir}/BPDG
%{_bindir}/Ecc
%{_bindir}/GenDepex
%{_bindir}/GenFds
%{_bindir}/GenPatchPcdTable
%{_bindir}/PatchPcdValue
%{_bindir}/TargetTool
%{_bindir}/Trim
%{_bindir}/UPT
%dir %{_datadir}/%{name}
%{_datadir}/%{name}/Python

#---------------------------------------------------------------------------

%package tools-doc
Summary:	Documentation for EFI Development Kit II Tools
Group:		Development/Tools

%description tools-doc
This package documents the tools that are needed to
build EFI executables and ROMs using the GNU tools.

%files tools-doc
%doc BaseTools/UserManuals/*.rtf

#---------------------------------------------------------------------------

%if %{with build_ovmf_x64}
%package ovmf
Summary:	Open Virtual Machine Firmware
License:	BSD and OpenSSL
Provides:	OVMF = %{version}-%{release}
Obsoletes:	OVMF < %{version}-%{release}
BuildArch:	noarch

%description ovmf
EFI Development Kit II.
Open Virtual Machine Firmware (x64).

%files ovmf
%doc OvmfPkg/License.txt
%doc LICENSE.openssl
%doc OvmfPkg/README
%doc ovmf-whitepaper-c770f8c.txt
%dir %{_datadir}/%{name}
%dir %{_datadir}/%{name}/ovmf
%{_datadir}/%{name}/ovmf/OVMF*.fd
%{_datadir}/%{name}/ovmf/*.efi
%{_datadir}/%{name}/ovmf/*.iso
%{_datadir}/OVMF
%endif

#---------------------------------------------------------------------------

%if %{with build_ovmf_ia32}
%package ovmf-ia32
Summary:	Open Virtual Machine Firmware
License:	BSD and OpenSSL
Provides:	OVMF = %{version}-%{release}
Obsoletes:	OVMF < %{version}-%{release}
BuildArch:	noarch

%description ovmf-ia32
EFI Development Kit II.
Open Virtual Machine Firmware (ia32).

%files ovmf-ia32
%doc OvmfPkg/License.txt
%doc LICENSE.openssl
%doc OvmfPkg/README
%doc ovmf-whitepaper-c770f8c.txt
%dir %{_datadir}/%{name}
%dir %{_datadir}/%{name}/ovmf-ia32
%{_datadir}/%{name}/ovmf-ia32/OVMF*.fd
%{_datadir}/%{name}/ovmf-ia32/*.efi
%{_datadir}/%{name}/ovmf-ia32/*.iso
%endif

#---------------------------------------------------------------------------

%if %{with build_aavmf_aarch64}
%package aarch64
Summary:	AARCH64 Virtual Machine Firmware
Provides:	AAVMF = %{version}-%{release}
Obsoletes:	AAVMF < %{version}-%{release}
BuildArch:	noarch

%description aarch64
EFI Development Kit II.
AARCH64 UEFI Firmware.

%files aarch64
%doc OvmfPkg/License.txt
%doc LICENSE.openssl
%dir %{_datadir}/%{name}
%dir %{_datadir}/%{name}/aarch64
%{_datadir}/%{name}/aarch64/QEMU*.fd
%{_datadir}/%{name}/aarch64/*.raw
%{_datadir}/AAVMF/AAVMF_*
%endif

#---------------------------------------------------------------------------

%if %{with build_aavmf_arm}
%package arm
Summary:	ARM Virtual Machine Firmware
BuildArch:	noarch

%description arm
EFI Development Kit II.
armv7 UEFI Firmware.

%files arm
%doc OvmfPkg/License.txt
%doc LICENSE.openssl
%dir %{_datadir}/%{name}
%dir %{_datadir}/%{name}/arm
%{_datadir}/%{name}/arm/QEMU*.fd
%{_datadir}/%{name}/arm/*.raw
%{_datadir}/AAVMF/AAVMF32_*
%endif

#---------------------------------------------------------------------------

%prep
%setup -qn %{name}-%{name}-stable%{edk2_date}


# Ensure old shell and binary packages are not used
rm -rf EdkShellBinPkg
rm -rf EdkShellPkg
rm -rf FatBinPkg
rm -rf ShellBinPkg

cp -a -- %{SOURCE2} .

# add openssl
#(cd .. && tar -xvf %{SOURCE1})
#mv ../tianocore-edk2-92d07e4/CryptoPkg/Library/OpensslLib/openssl/* CryptoPkg/Library/OpensslLib/openssl/
#cp CryptoPkg/Library/OpensslLib/openssl/LICENSE LICENSE.openssl

(tar -xvf %{SOURCE14} \
    && mv brotli-1.1.0/* BaseTools/Source/C/BrotliCompress/brotli/ \
    && rm -rf brotli-1.1.0 )
    
(tar -xvf %{SOURCE15} \
    && mv public-mipi-sys-t-1.1-edk2/* MdePkg/Library/MipiSysTLib/mipisyst/ \
    && rm -rf public-mipi-sys-t-1.1-edk2 )

(tar -xvf %{SOURCE16} \
    && mv openssl-%{ssl_version}/* CryptoPkg/Library/OpensslLib/openssl/ \
    && rm -rf openssl-%{ssl_version} )


pushd MdeModulePkg/Library/BrotliCustomDecompressLib
rm -rf brotli
ln -s ../../../BaseTools/Source/C/BrotliCompress/brotli brotli
popd


#apply_patches

#base64 --decode < MdeModulePkg/Logo/Logo-OpenSSL.bmp.b64 > MdeModulePkg/Logo/Logo-OpenSSL.bmp
sed -i '/PYTHON_COMMAND/s/python3/\/usr\/libexec\/python3.8/g' ./edksetup.sh



%build
#echo $PYTHON $Python $python $PYTHON_COMMAND
#env | grep PYTHON
#exit 1

source ./edksetup.sh

# compiler
#CC_FLAGS="-t GCC49"
CC_FLAGS="-t GCC5"

# parallel builds
JOBS="%{?_smp_mflags}"
JOBS="${JOBS#-j}"
if test "$JOBS" != ""; then
        CC_FLAGS="${CC_FLAGS} -n $JOBS"
fi

# common features
CC_FLAGS="${CC_FLAGS} -b DEBUG"
CC_FLAGS="${CC_FLAGS} --cmd-len=65536"

# ovmf features
OVMF_FLAGS="${CC_FLAGS}"
OVMF_FLAGS="${OVMF_FLAGS} -D TLS_ENABLE"
OVMF_FLAGS="${OVMF_FLAGS} -D HTTP_BOOT_ENABLE"
OVMF_FLAGS="${OVMF_FLAGS} -D NETWORK_IP6_ENABLE"
OVMF_FLAGS="${OVMF_FLAGS} -D FD_SIZE_2MB"

# ovmf + secure boot features
OVMF_SB_FLAGS="${OVMF_FLAGS}"
OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D SECURE_BOOT_ENABLE"
OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D SMM_REQUIRE"
OVMF_SB_FLAGS="${OVMF_SB_FLAGS} -D EXCLUDE_SHELL_FROM_FD"

# arm firmware features
ARM_FLAGS="${CC_FLAGS}"

unset MAKEFLAGS
make -C BaseTools #%{?_smp_mflags}
sed -i -e 's/-Werror//' Conf/tools_def.txt

# build ovmf (x64)
%if %{with build_ovmf_x64}
mkdir -p ovmf
build ${OVMF_FLAGS} -a X64 -p OvmfPkg/OvmfPkgX64.dsc
cp Build/OvmfX64/*/FV/OVMF_*.fd ovmf/
rm -rf Build/OvmfX64

# build ovmf (x64) with secure boot
build ${OVMF_SB_FLAGS} -a IA32 -a X64 -p OvmfPkg/OvmfPkgIa32X64.dsc
cp Build/Ovmf3264/*/FV/OVMF_CODE.fd ovmf/OVMF_CODE.secboot.fd

# build ovmf (x64) shell iso with EnrollDefaultKeys
cp Build/Ovmf3264/*/X64/Shell.efi ovmf/
cp Build/Ovmf3264/*/X64/EnrollDefaultKeys.efi ovmf
sh %{SOURCE11} ovmf/
%endif


# build ovmf-ia32
%if %{with build_ovmf_ia32}
mkdir -p ovmf-ia32
build ${OVMF_FLAGS} -a IA32 -p OvmfPkg/OvmfPkgIa32.dsc
cp Build/OvmfIa32/*/FV/OVMF_CODE.fd ovmf-ia32/
rm -rf Build/OvmfIa32

# build ovmf-ia32 with secure boot
build ${OVMF_SB_FLAGS} -a IA32 -p OvmfPkg/OvmfPkgIa32.dsc
cp Build/OvmfIa32/*/FV/OVMF_CODE.fd ovmf-ia32/OVMF_CODE.secboot.fd

# build ovmf-ia32 shell iso with EnrollDefaultKeys
cp Build/OvmfIa32/*/IA32/Shell.efi ovmf-ia32/Shell.efi
cp Build/OvmfIa32/*/IA32/EnrollDefaultKeys.efi ovmf-ia32/EnrollDefaultKeys.efi
sh %{SOURCE11} ovmf-ia32/
%endif


# build aarch64 firmware
%if %{with build_aavmf_aarch64}
mkdir -p aarch64
build $ARM_FLAGS -a AARCH64 -p ArmVirtPkg/ArmVirtQemu.dsc
cp Build/ArmVirtQemu-AARCH64/DEBUG_*/FV/*.fd aarch64
dd of="aarch64/QEMU_EFI-pflash.raw" if="/dev/zero" bs=1M count=64
dd of="aarch64/QEMU_EFI-pflash.raw" if="aarch64/QEMU_EFI.fd" conv=notrunc
dd of="aarch64/vars-template-pflash.raw" if="/dev/zero" bs=1M count=64
%endif


# build aarch64 firmware
%if %{with build_aavmf_arm}
mkdir -p arm
build $ARM_FLAGS -a ARM -p ArmVirtPkg/ArmVirtQemu.dsc
cp Build/ArmVirtQemu-ARM/DEBUG_*/FV/*.fd arm
dd of="arm/QEMU_EFI-pflash.raw" if="/dev/zero" bs=1M count=64
dd of="arm/QEMU_EFI-pflash.raw" if="arm/QEMU_EFI.fd" conv=notrunc
dd of="arm/vars-template-pflash.raw" if="/dev/zero" bs=1M count=64
%endif

%install
mkdir -p %{buildroot}%{_bindir} \
         %{buildroot}%{_datadir}/%{name}/Conf \
         %{buildroot}%{_datadir}/%{name}/Scripts
install BaseTools/Source/C/bin/* \
        %{buildroot}%{_bindir}
install BaseTools/BinWrappers/PosixLike/LzmaF86Compress \
        %{buildroot}%{_bindir}
install BaseTools/BuildEnv \
        %{buildroot}%{_datadir}/%{name}
install BaseTools/Conf/*.template \
        %{buildroot}%{_datadir}/%{name}/Conf
install BaseTools/Scripts/GccBase.lds \
        %{buildroot}%{_datadir}/%{name}/Scripts

cp -R BaseTools/Source/Python %{buildroot}%{_datadir}/%{name}/Python
for i in build BPDG Ecc GenDepex GenFds GenPatchPcdTable PatchPcdValue TargetTool Trim UPT; do
echo '#!/bin/sh
export PYTHONPATH=%{_datadir}/%{name}/Python
exec python '%{_datadir}/%{name}/Python/$i/$i.py' "$@"' > %{buildroot}%{_bindir}/$i
  chmod +x %{buildroot}%{_bindir}/$i
done

mkdir -p %{buildroot}/usr/share/%{name}

%if %{with build_ovmf_x64}
cp -a ovmf %{buildroot}/usr/share/%{name}
# Libvirt hardcodes this directory name
mkdir %{buildroot}/usr/share/OVMF
ln -sf ../%{name}/ovmf/OVMF_CODE.fd                %{buildroot}/usr/share/OVMF
ln -sf ../%{name}/ovmf/OVMF_CODE.secboot.fd        %{buildroot}/usr/share/OVMF
ln -sf ../%{name}/ovmf/OVMF_VARS.fd                %{buildroot}/usr/share/OVMF
ln -sf ../%{name}/ovmf/UefiShell.iso               %{buildroot}/usr/share/OVMF
%endif

%if %{with build_ovmf_ia32}
cp -a ovmf-ia32 %{buildroot}/usr/share/%{name}
%endif

%if %{with build_aavmf_aarch64}
cp -a aarch64 %{buildroot}/usr/share/%{name}
# Libvirt hardcodes this directory name
mkdir %{buildroot}/usr/share/AAVMF
ln -sf ../%{name}/aarch64/QEMU_EFI-pflash.raw      %{buildroot}/usr/share/AAVMF/AAVMF_CODE.fd
ln -sf ../%{name}/aarch64/vars-template-pflash.raw %{buildroot}/usr/share/AAVMF/AAVMF_VARS.fd
%endif

%if %{with build_aavmf_arm}
cp -a arm %{buildroot}/usr/share/%{name}
ln -sf ../%{name}/arm/QEMU_EFI-pflash.raw          %{buildroot}/usr/share/AAVMF/AAVMF32_CODE.fd
%endif