Bug#1122408: efitools: FTBFS: objcopy: HelloWorld.so: file format not recognized
Package: src:efitools
Version: 1.9.2-3.6
Severity: serious
Tags: ftbfs forky sid
Dear maintainer:
During a rebuild of all packages in unstable, this package failed to build.
Below you will find the last part of the build log (probably the most
relevant part, but not necessarily). If required, the full build log
is available here:
https://people.debian.org/~sanvila/build-logs/202512/
About the archive rebuild: The build was made on virtual machines from AWS,
using sbuild and a reduced chroot with only build-essential packages.
If you cannot reproduce the bug please contact me privately, as I
am willing to provide ssh access to a virtual machine where the bug is
fully reproducible.
If this is really a bug in one of the build-depends, please use
reassign and add an affects on src:efitools, so that this is still
visible in the BTS web page for this package.
Thanks.
--------------------------------------------------------------------------------
[...]
debian/rules clean
dh clean
dh_auto_clean
make -j2 clean
make[1]: Entering directory '/<<PKGBUILDDIR>>'
rm -f PK.* KEK.* DB.* HelloWorld.efi LockDown.efi Loader.efi ReadVars.efi UpdateVars.efi KeyTool.efi HashTool.efi SetNull.efi ShimReplace.efi HelloWorld-signed.efi LockDown-signed.efi Loader-signed.efi ReadVars-signed.efi UpdateVars-signed.efi KeyTool-signed.efi HashTool-signed.efi SetNull-signed.efi ShimReplace-signed.efi cert-to-efi-sig-list sig-list-to-certs sign-efi-sig-list hash-to-efi-sig-list efi-readvar efi-updatevar cert-to-efi-hash-list flash-var *.o *.so
rm -f noPK.*
rm -f doc/*.1
make -C lib clean
make[2]: Entering directory '/<<PKGBUILDDIR>>/lib'
rm -f lib.a
rm -f lib-efi.a
rm -f simple_file.o pecoff.o guid.o sha256.o console.o execute.o configtable.o shell.o security_policy.o shim_protocol.o pkcs7verify.o kernel_efivars.o openssl_sign.o
rm -f simple_file.efi.o pecoff.efi.o guid.efi.o sha256.efi.o console.efi.o execute.efi.o configtable.efi.o shell.efi.o security_policy.efi.o shim_protocol.efi.o pkcs7verify.efi.o variables.o
make[2]: Leaving directory '/<<PKGBUILDDIR>>/lib'
[... snipped ...]
x509.c:13:18: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
13 | { 2, "serialNumber", ASN1_INTEGER, ASN1_BODY }, /* 4 */
| ^~~~~~~~~~~~~~
x509.c:13:18: note: (near initialization for â??x509_certObjects[4].nameâ??)
x509.c:14:18: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
14 | { 2, "signature", ASN1_EOC, ASN1_RAW }, /* 5 */
| ^~~~~~~~~~~
x509.c:14:18: note: (near initialization for â??x509_certObjects[5].nameâ??)
x509.c:15:18: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
15 | { 2, "issuer", ASN1_SEQUENCE, ASN1_OBJ }, /* 6 */
| ^~~~~~~~
x509.c:15:18: note: (near initialization for â??x509_certObjects[6].nameâ??)
x509.c:16:18: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
16 | { 2, "validity", ASN1_SEQUENCE, ASN1_NONE }, /* 7 */
| ^~~~~~~~~~
x509.c:16:18: note: (near initialization for â??x509_certObjects[7].nameâ??)
x509.c:17:20: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
17 | { 3, "notBefore", ASN1_EOC, ASN1_RAW }, /* 8 */
| ^~~~~~~~~~~
x509.c:17:20: note: (near initialization for â??x509_certObjects[8].nameâ??)
x509.c:18:20: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
18 | { 3, "notAfter", ASN1_EOC, ASN1_RAW }, /* 9 */
| ^~~~~~~~~~
x509.c:18:20: note: (near initialization for â??x509_certObjects[9].nameâ??)
x509.c:19:18: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
19 | { 2, "subject", ASN1_SEQUENCE, ASN1_OBJ }, /* 10 */
| ^~~~~~~~~
x509.c:19:18: note: (near initialization for â??x509_certObjects[10].nameâ??)
x509.c:20:18: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
20 | { 2, "subjectPublicKeyInfo",ASN1_SEQUENCE, ASN1_RAW }, /* 11 */
| ^~~~~~~~~~~~~~~~~~~~~~
x509.c:20:18: note: (near initialization for â??x509_certObjects[11].nameâ??)
x509.c:21:18: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
21 | { 2, "issuerUniqueID", ASN1_CONTEXT_C_1, ASN1_OPT }, /* 12 */
| ^~~~~~~~~~~~~~~~
x509.c:21:18: note: (near initialization for â??x509_certObjects[12].nameâ??)
x509.c:22:18: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
22 | { 2, "end opt", ASN1_EOC, ASN1_END }, /* 13 */
| ^~~~~~~~~
x509.c:22:18: note: (near initialization for â??x509_certObjects[13].nameâ??)
x509.c:23:18: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
23 | { 2, "subjectUniqueID", ASN1_CONTEXT_C_2, ASN1_OPT }, /* 14 */
| ^~~~~~~~~~~~~~~~~
x509.c:23:18: note: (near initialization for â??x509_certObjects[14].nameâ??)
x509.c:24:18: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
24 | { 2, "end opt", ASN1_EOC, ASN1_END }, /* 15 */
| ^~~~~~~~~
x509.c:24:18: note: (near initialization for â??x509_certObjects[15].nameâ??)
x509.c:25:18: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
25 | { 2, "optional extensions", ASN1_CONTEXT_C_3, ASN1_OPT }, /* 16 */
| ^~~~~~~~~~~~~~~~~~~~~
x509.c:25:18: note: (near initialization for â??x509_certObjects[16].nameâ??)
x509.c:26:20: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
26 | { 3, "extensions", ASN1_SEQUENCE, ASN1_LOOP }, /* 17 */
| ^~~~~~~~~~~~
x509.c:26:20: note: (near initialization for â??x509_certObjects[17].nameâ??)
x509.c:27:22: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
27 | { 4, "extension", ASN1_SEQUENCE, ASN1_NONE }, /* 18 */
| ^~~~~~~~~~~
x509.c:27:22: note: (near initialization for â??x509_certObjects[18].nameâ??)
x509.c:28:24: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
28 | { 5, "extnID", ASN1_OID, ASN1_BODY }, /* 19 */
| ^~~~~~~~
x509.c:28:24: note: (near initialization for â??x509_certObjects[19].nameâ??)
x509.c:29:24: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
29 | { 5, "critical", ASN1_BOOLEAN, ASN1_DEF|ASN1_BODY }, /* 20 */
| ^~~~~~~~~~
x509.c:29:24: note: (near initialization for â??x509_certObjects[20].nameâ??)
x509.c:30:24: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
30 | { 5, "extnValue", ASN1_OCTET_STRING, ASN1_BODY }, /* 21 */
| ^~~~~~~~~~~
x509.c:30:24: note: (near initialization for â??x509_certObjects[21].nameâ??)
x509.c:31:20: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
31 | { 3, "end loop", ASN1_EOC, ASN1_END }, /* 22 */
| ^~~~~~~~~~
x509.c:31:20: note: (near initialization for â??x509_certObjects[22].nameâ??)
x509.c:32:18: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
32 | { 2, "end opt", ASN1_EOC, ASN1_END }, /* 23 */
| ^~~~~~~~~
x509.c:32:18: note: (near initialization for â??x509_certObjects[23].nameâ??)
x509.c:33:16: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
33 | { 1, "signatureAlgorithm", ASN1_EOC, ASN1_RAW }, /* 24 */
| ^~~~~~~~~~~~~~~~~~~~
x509.c:33:16: note: (near initialization for â??x509_certObjects[24].nameâ??)
x509.c:34:16: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
34 | { 1, "signatureValue", ASN1_BIT_STRING, ASN1_BODY }, /* 25 */
| ^~~~~~~~~~~~~~~~
x509.c:34:16: note: (near initialization for â??x509_certObjects[25].nameâ??)
x509.c:35:14: warning: pointer targets in initialization of â??const u_char *â?? {aka â??const unsigned char *â??} from â??char *â?? differ in signedness [-Wpointer-sign]
35 | { 0, "exit", ASN1_EOC, ASN1_EXIT }
| ^~~~~~
x509.c:35:14: note: (near initialization for â??x509_certObjects[26].nameâ??)
ar rcv libasn1-efi.a asn1.efi.o asn1_parser.efi.o enumerator.efi.o chunk.efi.o oid.efi.o identification.efi.o x509.efi.o
a - asn1.efi.o
a - asn1_parser.efi.o
a - enumerator.efi.o
a - chunk.efi.o
a - oid.efi.o
a - identification.efi.o
a - x509.efi.o
make[2]: Leaving directory '/<<PKGBUILDDIR>>/lib/asn1'
cc -I/<<PKGBUILDDIR>>/include/ -I/usr/include/efi -I/usr/include/efi/x86_64 -I/usr/include/efi/protocol -O2 -g -fno-stack-protector -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -D_XOPEN_SOURCE=700 -DGNU_EFI_USE_MS_ABI -DEFI_FUNCTION_WRAPPER -mno-red-zone -DCONFIG_x86_64 -c HashTool.c -o HashTool.o
cc -I/<<PKGBUILDDIR>>/include/ -I/usr/include/efi -I/usr/include/efi/x86_64 -I/usr/include/efi/protocol -O2 -g -fno-stack-protector -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -D_XOPEN_SOURCE=700 -DGNU_EFI_USE_MS_ABI -DEFI_FUNCTION_WRAPPER -mno-red-zone -DCONFIG_x86_64 -c SetNull.c -o SetNull.o
HashTool.c: In function â??efi_mainâ??:
HashTool.c:187:25: warning: variable â??setup_mode_argâ?? set but not used [-Wunused-but-set-variable]
187 | setup_mode_arg = 0, keytool = NOSEL;
| ^~~~~~~~~~~~~~
HashTool.c:185:28: warning: variable â??setup_modeâ?? set but not used [-Wunused-but-set-variable]
185 | int c = 0, setup_mode = NOSEL, uefi_reboot = NOSEL,
| ^~~~~~~~~~
cc -I/<<PKGBUILDDIR>>/include/ -I/usr/include/efi -I/usr/include/efi/x86_64 -I/usr/include/efi/protocol -O2 -g -fno-stack-protector -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -D_XOPEN_SOURCE=700 -DGNU_EFI_USE_MS_ABI -DEFI_FUNCTION_WRAPPER -mno-red-zone -DCONFIG_x86_64 -c ShimReplace.c -o ShimReplace.o
cc -I/<<PKGBUILDDIR>>/include/ -I/usr/include/efi -I/usr/include/efi/x86_64 -I/usr/include/efi/protocol -O2 -g -fno-stack-protector -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -D_XOPEN_SOURCE=700 -DGNU_EFI_USE_MS_ABI -DEFI_FUNCTION_WRAPPER -mno-red-zone -DCONFIG_x86_64 -c sig-list-to-certs.c -o sig-list-to-certs.o
ShimReplace.c: In function â??efi_mainâ??:
ShimReplace.c:51:37: warning: passing argument 2 of â??executeâ?? discards â??constâ?? qualifier from pointer target type [-Wdiscarded-qualifiers]
51 | efi_status = execute(image, loader);
| ^~~~~~
In file included from ShimReplace.c:17:
/<<PKGBUILDDIR>>/include/execute.h:5:35: note: expected â??CHAR16 *â?? {aka â??short unsigned int *â??} but argument is of type â??const CHAR16 *â?? {aka â??const short unsigned int *â??}
5 | execute(EFI_HANDLE image, CHAR16 *name);
| ~~~~~~~~^~~~
ShimReplace.c:57:37: warning: passing argument 2 of â??executeâ?? discards â??constâ?? qualifier from pointer target type [-Wdiscarded-qualifiers]
57 | efi_status = execute(image, fallback);
| ^~~~~~~~
/<<PKGBUILDDIR>>/include/execute.h:5:35: note: expected â??CHAR16 *â?? {aka â??short unsigned int *â??} but argument is of type â??const CHAR16 *â?? {aka â??const short unsigned int *â??}
5 | execute(EFI_HANDLE image, CHAR16 *name);
| ~~~~~~~~^~~~
cc -I/<<PKGBUILDDIR>>/include/ -I/usr/include/efi -I/usr/include/efi/x86_64 -I/usr/include/efi/protocol -O2 -g -fno-stack-protector -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -D_XOPEN_SOURCE=700 -DGNU_EFI_USE_MS_ABI -DEFI_FUNCTION_WRAPPER -mno-red-zone -DCONFIG_x86_64 -c hash-to-efi-sig-list.c -o hash-to-efi-sig-list.o
hash-to-efi-sig-list.c: In function â??mainâ??:
hash-to-efi-sig-list.c:96:60: warning: format â??%dâ?? expects argument of type â??intâ??, but argument 3 has type â??EFI_STATUSâ?? {aka â??long unsigned intâ??} [-Wformat=]
96 | printf("Failed to get hash of %s: %d\n", argv[i+1],
| ~^
| |
| int
| %ld
97 | status);
| ~~~~~~
| |
| EFI_STATUS {aka long unsigned int}
cc -I/<<PKGBUILDDIR>>/include/ -I/usr/include/efi -I/usr/include/efi/x86_64 -I/usr/include/efi/protocol -O2 -g -fno-stack-protector -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -D_XOPEN_SOURCE=700 -DGNU_EFI_USE_MS_ABI -DEFI_FUNCTION_WRAPPER -mno-red-zone -DCONFIG_x86_64 -c efi-readvar.c -o efi-readvar.o
cc -I/<<PKGBUILDDIR>>/include/ -I/usr/include/efi -I/usr/include/efi/x86_64 -I/usr/include/efi/protocol -O2 -g -fno-stack-protector -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -D_XOPEN_SOURCE=700 -DGNU_EFI_USE_MS_ABI -DEFI_FUNCTION_WRAPPER -mno-red-zone -DCONFIG_x86_64 -c efi-updatevar.c -o efi-updatevar.o
cc -I/<<PKGBUILDDIR>>/include/ -I/usr/include/efi -I/usr/include/efi/x86_64 -I/usr/include/efi/protocol -O2 -g -fno-stack-protector -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -D_XOPEN_SOURCE=700 -DGNU_EFI_USE_MS_ABI -DEFI_FUNCTION_WRAPPER -mno-red-zone -DCONFIG_x86_64 -c cert-to-efi-hash-list.c -o cert-to-efi-hash-list.o
cert-to-efi-hash-list.c:9:9: warning: â??_XOPEN_SOURCEâ?? redefined
9 | #define _XOPEN_SOURCE
| ^~~~~~~~~~~~~
<command-line>: note: this is the location of the previous definition
cc -I/<<PKGBUILDDIR>>/include/ -I/usr/include/efi -I/usr/include/efi/x86_64 -I/usr/include/efi/protocol -O2 -g -fno-stack-protector -fpic -Wall -fshort-wchar -fno-strict-aliasing -fno-merge-constants -D_XOPEN_SOURCE=700 -DGNU_EFI_USE_MS_ABI -DEFI_FUNCTION_WRAPPER -mno-red-zone -DCONFIG_x86_64 -c flash-var.c -o flash-var.o
> noPK.esl
openssl req -new -x509 -newkey rsa:2048 -subj "/CN=DB1/" -keyout DB1.key -out DB1.crt -days 3650 -nodes -sha256
flash-var.c: In function â??mainâ??:
flash-var.c:185:9: warning: â??memsetâ?? offset [0, 56] is out of the bounds [0, 0] [-Warray-bounds=]
185 | memset(vh, 0, sizeof(*vh));
| ^~~~~~~~~~~~~~~~~~~~~~~~~~
...........+...+............+...+..........+..+....+...+........+...+.+...+...........+....+...+...+......+...........+....+...............+...+........+.........+.............+++++++++++++++++++++++++++++++++++++++*.+++++++++++++++++++++++++++++++++++++++*...+.....................+.+...............+.....+.........+.........+....+.....+...+.......+..+.+...+.....+................+...+...........+....+........+...+....+......+..+....+...........+...+....+......+.....+....+......+.....+.........+...............+openssl req -new -x509 -newkey rsa:2048 -subj "/CN=DB2/" -keyout DB2.key -out DB2.crt -days 3650 -nodes -sha256
...+....+...+......+..+...+.........+...+............+...+....+...+...+...+.....+.+...+..+.+..+......+.......+............+..+.........+....+......+.....+......+.+..+.+..............+...+....+......+.......................+......+.+.....+...+.+........+...+...+.......+.....+.........+.+..+.....................+..........+..+..........+...+..............+.+......+......+..+...+....+.....+.++++++++++.+...+..+++++++...+....+.+++++++++++++.++...+++++++*..+......+......+......+.+..+............+.+...............+.......+..+.....++++++++++++++.+++++++++....+++++...+++++.+...++++++++*.....+......+..+....+............+.....+..........+........++.......+...+.+.........+......+..+.........+...+.....+.............+..+...........+..+++++..+...........++
....+.....+.++++++++++++.............+++++++++++++++++++.....++++++++++*.......+..+.........++.+...........+..........+..+...+....+...+.....+...+...+.+..............+....+.....+.........+................+....+.++++++++++++++++++++++++++++++++++++++*..+..........+......+....+.....+.......++.......++......+..........+...+........+............+.+....+..........++....+.......+...+....+.......+......+................+.........+....+...+.......+......+..+...+.............+.+.................+.+...+........+.......+....................+..........+...++.....++...++.......++...++
.........+.+...............+...+.............+..+..+.......+.........+..++++.........+++++++++++++++++++...++++++++++++++++++*..............+.+...........+..........+........+...+...+....+.........+......+.+.............+.+..+............++...+...+.+...+......++++++++++++++++++++++
+++++++++++++++++++*...+......+.........+......+...+...+.........+...+.......+.-----
.....+.....+...++++++
-----
ld -nostdlib -shared -Bsymbolic /lib/crt0-efi-x86_64.o -L /lib -L /usr/lib -L /usr/lib64 -T elf_x86_64_efi.lds HelloWorld.o lib/lib-efi.a -o HelloWorld.so -lefi -lgnuefi /usr/lib/gcc/x86_64-linux-gnu/15/libgcc.a
cc -o cert-to-efi-sig-list cert-to-efi-sig-list.o -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wl,-z,relro lib/lib.a -lcrypto
# check we have no undefined symbols
nm -D HelloWorld.so | grep ' U ' && exit 1 || exit 0
cc -o sign-efi-sig-list sign-efi-sig-list.o -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wl,-z,relro lib/lib.a -lcrypto
ld -nostdlib -shared -Bsymbolic /lib/crt0-efi-x86_64.o -L /lib -L /usr/lib -L /usr/lib64 -T elf_x86_64_efi.lds Loader.o lib/lib-efi.a -o Loader.so -lefi -lgnuefi /usr/lib/gcc/x86_64-linux-gnu/15/libgcc.a
# check we have no undefined symbols
nm -D Loader.so | grep ' U ' && exit 1 || exit 0
ld -nostdlib -shared -Bsymbolic /lib/crt0-efi-x86_64.o -L /lib -L /usr/lib -L /usr/lib64 -T elf_x86_64_efi.lds ReadVars.o lib/lib-efi.a lib/asn1/libasn1-efi.a -o ReadVars.so -lefi -lgnuefi /usr/lib/gcc/x86_64-linux-gnu/15/libgcc.a
# check we have no undefined symbols
nm -D ReadVars.so | grep ' U ' && exit 1 || exit 0
ld -nostdlib -shared -Bsymbolic /lib/crt0-efi-x86_64.o -L /lib -L /usr/lib -L /usr/lib64 -T elf_x86_64_efi.lds UpdateVars.o lib/lib-efi.a -o UpdateVars.so -lefi -lgnuefi /usr/lib/gcc/x86_64-linux-gnu/15/libgcc.a
# check we have no undefined symbols
nm -D UpdateVars.so | grep ' U ' && exit 1 || exit 0
ld -nostdlib -shared -Bsymbolic /lib/crt0-efi-x86_64.o -L /lib -L /usr/lib -L /usr/lib64 -T elf_x86_64_efi.lds KeyTool.o lib/lib-efi.a lib/asn1/libasn1-efi.a -o KeyTool.so -lefi -lgnuefi /usr/lib/gcc/x86_64-linux-gnu/15/libgcc.a
# check we have no undefined symbols
nm -D KeyTool.so | grep ' U ' && exit 1 || exit 0
ld -nostdlib -shared -Bsymbolic /lib/crt0-efi-x86_64.o -L /lib -L /usr/lib -L /usr/lib64 -T elf_x86_64_efi.lds HashTool.o lib/lib-efi.a -o HashTool.so -lefi -lgnuefi /usr/lib/gcc/x86_64-linux-gnu/15/libgcc.a
# check we have no undefined symbols
nm -D HashTool.so | grep ' U ' && exit 1 || exit 0
ld -nostdlib -shared -Bsymbolic /lib/crt0-efi-x86_64.o -L /lib -L /usr/lib -L /usr/lib64 -T elf_x86_64_efi.lds SetNull.o -o SetNull.so -lefi -lgnuefi /usr/lib/gcc/x86_64-linux-gnu/15/libgcc.a
# check we have no undefined symbols
nm -D SetNull.so | grep ' U ' && exit 1 || exit 0
ld -nostdlib -shared -Bsymbolic /lib/crt0-efi-x86_64.o -L /lib -L /usr/lib -L /usr/lib64 -T elf_x86_64_efi.lds ShimReplace.o lib/lib-efi.a -o ShimReplace.so -lefi -lgnuefi /usr/lib/gcc/x86_64-linux-gnu/15/libgcc.a
cc -o sig-list-to-certs sig-list-to-certs.o -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wl,-z,relro lib/lib.a -lcrypto
# check we have no undefined symbols
nm -D ShimReplace.so | grep ' U ' && exit 1 || exit 0
cc -o hash-to-efi-sig-list hash-to-efi-sig-list.o -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wl,-z,relro lib/lib.a
cc -o efi-readvar efi-readvar.o -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wl,-z,relro lib/lib.a -lcrypto
cc -o efi-updatevar efi-updatevar.o -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wl,-z,relro lib/lib.a -lcrypto
cc -o cert-to-efi-hash-list cert-to-efi-hash-list.o -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wl,-z,relro lib/lib.a -lcrypto
cc -o flash-var flash-var.o -g -O2 -Werror=implicit-function-declaration -ffile-prefix-map=/<<PKGBUILDDIR>>=. -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wl,-z,relro lib/lib.a
help2man --no-info -i doc/cert-to-efi-sig-list.1.in -o doc/cert-to-efi-sig-list.1 ./cert-to-efi-sig-list
help2man --no-info -i doc/efi-readvar.1.in -o doc/efi-readvar.1 ./efi-readvar
help2man --no-info -i doc/efi-updatevar.1.in -o doc/efi-updatevar.1 ./efi-updatevar
help2man --no-info -i doc/hash-to-efi-sig-list.1.in -o doc/hash-to-efi-sig-list.1 ./hash-to-efi-sig-list
help2man --no-info -i doc/sig-list-to-certs.1.in -o doc/sig-list-to-certs.1 ./sig-list-to-certs
help2man --no-info -i doc/sign-efi-sig-list.1.in -o doc/sign-efi-sig-list.1 ./sign-efi-sig-list
./sign-efi-sig-list -t "2025-12-10 17:30:43" -c PK.crt -k PK.key PK noPK.esl noPK.auth
./cert-to-efi-sig-list -g 11111111-2222-3333-4444-123456789abc DB1.crt DB1.esl
Timestamp is 2025-12-10 17:30:43
Authentication Payload size 40
Signature of size 1148
Signature at: 40
./cert-to-efi-sig-list -g 11111111-2222-3333-4444-123456789abc DB2.crt DB2.esl
./cert-to-efi-sig-list -g 77FA9ABD-0359-4D32-BD60-28F4E78F784B ms-uefi.crt ms-uefi.esl
./cert-to-efi-sig-list -g 77FA9ABD-0359-4D32-BD60-28F4E78F784B ms-kek.crt ms-kek.esl
./sign-efi-sig-list -a -c KEK.crt -k KEK.key db DB1.esl DB1-update.auth
Timestamp is 0-0-0 00:00:00
Authentication Payload size 853
Signature of size 1151
Signature at: 40
./sign-efi-sig-list -a -c KEK.crt -k KEK.key db DB2.esl DB2-update.auth
Timestamp is 0-0-0 00:00:00
Authentication Payload size 853
Signature of size 1151
Signature at: 40
./sign-efi-sig-list -a -c KEK.crt -k KEK.key db ms-uefi.esl ms-uefi-update.auth
Timestamp is 0-0-0 00:00:00
Authentication Payload size 1640
Signature of size 1151
Signature at: 40
./sign-efi-sig-list -a -c KEK.crt -k KEK.key db ms-kek.esl ms-kek-update.auth
Timestamp is 0-0-0 00:00:00
Authentication Payload size 1600
Signature of size 1151
Signature at: 40
./sign-efi-sig-list -a -c PK.crt -k PK.key db DB1.esl DB1-pkupdate.auth
Timestamp is 0-0-0 00:00:00
Authentication Payload size 853
Signature of size 1148
Signature at: 40
./sign-efi-sig-list -a -c PK.crt -k PK.key db DB2.esl DB2-pkupdate.auth
Timestamp is 0-0-0 00:00:00
Authentication Payload size 853
Signature of size 1148
Signature at: 40
./sign-efi-sig-list -a -c PK.crt -k PK.key db ms-uefi.esl ms-uefi-pkupdate.auth
Timestamp is 0-0-0 00:00:00
Authentication Payload size 1640
Signature of size 1148
Signature at: 40
./sign-efi-sig-list -a -c PK.crt -k PK.key db ms-kek.esl ms-kek-pkupdate.auth
./cert-to-efi-sig-list PK.crt PK-blacklist.esl
Timestamp is 0-0-0 00:00:00
Authentication Payload size 1600
Signature of size 1148
Signature at: 40
./cert-to-efi-sig-list KEK.crt KEK-blacklist.esl
./cert-to-efi-sig-list DB.crt DB-blacklist.esl
./cert-to-efi-sig-list DB1.crt DB1-blacklist.esl
./cert-to-efi-sig-list DB2.crt DB2-blacklist.esl
./cert-to-efi-sig-list ms-uefi.crt ms-uefi-blacklist.esl
./cert-to-efi-sig-list ms-kek.crt ms-kek-blacklist.esl
./cert-to-efi-hash-list PK.crt PK-hash-blacklist.esl
./cert-to-efi-hash-list KEK.crt KEK-hash-blacklist.esl
TimeOfRevocation is 0-0-0 00:00:00
./cert-to-efi-hash-list DB.crt DB-hash-blacklist.esl
TimeOfRevocation is 0-0-0 00:00:00
./cert-to-efi-hash-list DB1.crt DB1-hash-blacklist.esl
TimeOfRevocation is 0-0-0 00:00:00
./cert-to-efi-hash-list DB2.crt DB2-hash-blacklist.esl
TimeOfRevocation is 0-0-0 00:00:00
./cert-to-efi-hash-list ms-uefi.crt ms-uefi-hash-blacklist.esl
TimeOfRevocation is 0-0-0 00:00:00
./cert-to-efi-hash-list ms-kek.crt ms-kek-hash-blacklist.esl
TimeOfRevocation is 0-0-0 00:00:00
TimeOfRevocation is 0-0-0 00:00:00
objcopy -j .text -j .sdata -j .data -j .dynamic -j .dynsym \
-j .rel -j .rela -j .rel.* -j .rela.* -j .rel* -j .rela* \
-j .reloc --target=efi-app-x86_64 HelloWorld.so HelloWorld.efi
./cert-to-efi-sig-list -g 11111111-2222-3333-4444-123456789abc PK.crt PK.esl
objcopy: HelloWorld.so: file format not recognized
make[1]: *** [Make.rules:73: HelloWorld.efi] Error 1
rm KEK-blacklist.esl SetNull.so KeyTool.o ms-kek.esl DB1.crt DB1.esl PK-hash-blacklist.esl ShimReplace.o ReadVars.o DB2-blacklist.esl ms-kek-blacklist.esl SetNull.o ms-uefi-hash-blacklist.esl HelloWorld.o ms-uefi-blacklist.esl UpdateVars.o KEK-hash-blacklist.esl DB-blacklist.esl HashTool.o DB1-hash-blacklist.esl ms-uefi.esl DB2.esl Loader.o DB2.crt ms-kek-hash-blacklist.esl PK-blacklist.esl DB2-hash-blacklist.esl DB-hash-blacklist.esl DB1-blacklist.esl
make[1]: Leaving directory '/<<PKGBUILDDIR>>'
dh_auto_build: error: make -j2 INSTALL="install --strip-program=true" returned exit code 2
make: *** [debian/rules:11: binary] Error 25
dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2
--------------------------------------------------------------------------------
Reply to: