FS#66567 - [archiso] install EFI shell from edk2-shell package rather than directly downloading it

Attached to Project: Release Engineering
Opened by David P. (Megver83) - Wednesday, 06 May 2020, 19:11 GMT
Last edited by David Runge (dvzrv) - Saturday, 30 May 2020, 17:53 GMT
Task Type Bug Report
Category ArchISO
Status Closed
Assigned To David Runge (dvzrv)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
make_efi in build.sh installs Tianocore's EFI shell v1 and v2 by downloading them from their old UDK2018 branch. This leads to the following issues I've identified:

* v2 binary in that branch is not up-to-date
* the downloaded binaries' integrity are not verified through a checksum

A more secure way to install the EFI shell in the ISOs is by installing it through the edk2-shell package from [extra]. It has, however, only v2 afaik. Idk if nowadays the latest EFI shell supports non UEFI 2.3+, but if you still want to include v1, then the following should be done:

a.- create a package with EFI shell v1, built from binary if you can't do it from source (I haven't been able to compile it in Arch), or
b.- if downloading it from git, at least make it a checksum verification to avoid a possible corruption (please use a strong one like sha256 or sha512)
This task depends upon

Closed by  David Runge (dvzrv)
Saturday, 30 May 2020, 17:53 GMT
Reason for closing:  Fixed
Additional comments about closing:  Merged in https://gitlab.archlinux.org/archlinux/a rchiso/-/merge_requests/1/diffs

Will be part of v44
Comment by David Runge (dvzrv) - Thursday, 07 May 2020, 09:24 GMT
@Megver83: This is in the making (and the reason for edk2-shell being added): https://lists.archlinux.org/pipermail/arch-releng/2020-April/003954.html
Comment by David Runge (dvzrv) - Saturday, 23 May 2020, 14:45 GMT
I have opened an upstream merge-request [1] for this and the changes will be available in an upcoming version.

[1] https://gitlab.archlinux.org/archlinux/archiso/-/merge_requests/1

Loading...