ExclusiveArch: x86_64

# edk2-stable202111
%define GITDATE        20220211
%define GITCOMMIT      da8529d5aaa
%define TOOLCHAIN      GCC5
%define OPENSSL_VER    1.1.1k

%define disable_werror 0

%if %{defined fedora} || %{defined eln}
%define qemu_package qemu-system-x86-core
%define qemu_binary /usr/bin/qemu-system-x86_64
%else
%define qemu_package qemu-kvm-core >= 2.12.0-89
%define qemu_binary /usr/libexec/qemu-kvm
%endif

%global debug_package %{nil}

%global __scm_setup_git(q) \
%{__git} init %{-q} \
%{__git} config --local user.name "%{__scm_username}" \
%{__git} config --local user.email "%{__scm_usermail}" \
%{__git} config --local gc.auto 0 \
%{__git} add --force . \
%{__git} commit %{-q} --allow-empty -a \\\
        --author "%{__scm_author}" -m "%{NAME}-%{VERSION} base"

Name:       mu-qemuq35
Version:    %{GITDATE}git%{GITCOMMIT}
Release:    ~1.24%{?dist}.35
Summary:    UEFI firmware for 64-bit virtual machines
License:    BSD-2-Clause-Patent and OpenSSL and MIT
URL:        http://www.tianocore.org

# The source tarball is created using following commands:
# COMMIT=bb1bba3d7767
# git archive --format=tar --prefix=edk2-$COMMIT/ $COMMIT \
# | xz -9ev >/tmp/edk2-$COMMIT.tar.xz
# Source0: %% {name}-%% {GITCOMMIT}.tar.xz
Source0: mu-tiano-platforms.git.tar.xz
Patch0001: 0001-Use-640x480-instead-of-1024x768.patch

Source100: mu-basecore.git.tar.xz

Source200: mu-plus.git.tar.xz

Source300: mu-oem-sample.git.tar.xz

Source400: mu-tiano.git.tar.xz
Source401: 0401-CryptoPkg-OpensslLib-list-RHEL8-specific-OpenSSL-fil.patch

Source500: edk2-prm.git.tar.xz

Source2: openssl-rhel-bdd048e929dcfcf2f046d74e812e0e3d5fc58504.tar.xz
Source3: ovmf-vars-generator
Source5: RedHatSecureBootPkKek1.pem
Source6: azureca.pem
Source7: 30-mu-qemuq35.json

BuildRequires: dosfstools
BuildRequires: gcc
BuildRequires: git
BuildRequires: gcc-c++
BuildRequires: iasl
BuildRequires: libuuid-devel
BuildRequires: make
BuildRequires: mono-complete
BuildRequires: mono-devel
BuildRequires: mtools
BuildRequires: nasm
BuildRequires: nodejs
BuildRequires: npm
BuildRequires: python3-devel
BuildRequires: %{qemu_package}
BuildRequires: rust
BuildRequires: xorriso

# BuildRequires: GConf2
# BuildRequires: audit-libs
# BuildRequires: bash
# BuildRequires: bzip2-libs
# BuildRequires: ca-certificates
# BuildRequires: ccache
# BuildRequires: color-filesystem
# BuildRequires: coreutils
# BuildRequires: crypto-policies
# BuildRequires: cyrus-sasl-lib
# BuildRequires: diffutils
# BuildRequires: elfutils
# BuildRequires: elfutils-debuginfod-client
# BuildRequires: elfutils-libelf
# BuildRequires: elfutils-libs
# BuildRequires: expat
# BuildRequires: file
# BuildRequires: file-libs
# BuildRequires: filesystem
# BuildRequires: findutils
# BuildRequires: firewalld-filesystem
# BuildRequires: gc
# BuildRequires: gcc
# BuildRequires: gettext
# BuildRequires: git
# BuildRequires: git-core
# BuildRequires: glibc
# BuildRequires: glibc-all-langpacks
# BuildRequires: glibc-common
# BuildRequires: glibc-headers-x86
# BuildRequires: gmp
# BuildRequires: grep
# BuildRequires: gstreamer1
# BuildRequires: guile22
# BuildRequires: javapackages-filesystem
# BuildRequires: javapackages-tools
# BuildRequires: kde-filesystem
# BuildRequires: kde-settings
# BuildRequires: keyutils-libs
# BuildRequires: krb5-libs
# BuildRequires: libacl
# BuildRequires: libattr
# BuildRequires: libbrotli
# BuildRequires: libcap
# BuildRequires: libcap-ng
# BuildRequires: libcom_err
# BuildRequires: libcurl
# BuildRequires: libedit
# BuildRequires: libffi
# BuildRequires: libidn2
# BuildRequires: libnghttp2
# BuildRequires: libpsl
# BuildRequires: libselinux
# BuildRequires: libsigsegv
# BuildRequires: libssh
# BuildRequires: libstdc++
# BuildRequires: libtool-ltdl
# BuildRequires: libunistring
# BuildRequires: libuuid
# BuildRequires: libuv
# BuildRequires: libvmaf-devel
# BuildRequires: libxcrypt
# BuildRequires: lld
# BuildRequires: llvm-libs
# BuildRequires: lua-libs
# BuildRequires: mailcap
# BuildRequires: meson
# BuildRequires: mingw-filesystem-base
# BuildRequires: mingw32-filesystem
# BuildRequires: mingw64-filesystem
# BuildRequires: mono-core
# BuildRequires: mono-data
# BuildRequires: mono-devel
# BuildRequires: mono-wcf
# BuildRequires: mono-web
# BuildRequires: mono-winfx
# BuildRequires: mpdecimal
# BuildRequires: ncurses-base
# BuildRequires: ncurses-libs
# BuildRequires: ninja-build
# BuildRequires: nodejs
# BuildRequires: nodejs-full-i18n
# BuildRequires: nodejs-libs
# BuildRequires: nodejs-packaging
# BuildRequires: npm
# BuildRequires: nuget
# BuildRequires: openldap
# BuildRequires: openssl-libs
# BuildRequires: pam
# BuildRequires: pcre
# BuildRequires: pcre2
# BuildRequires: perl-generators
# BuildRequires: perl-macros
# BuildRequires: pesign
# BuildRequires: pkgconf
# BuildRequires: popt
# BuildRequires: python-pip-wheel
# BuildRequires: python-setuptools-wheel
# BuildRequires: python2.7
# BuildRequires: python3
# BuildRequires: python3-cups
# BuildRequires: python3-google-api-core
# BuildRequires: python3-google-auth
# BuildRequires: python3-googleapis-common-protos
# BuildRequires: python3-lazr-restfulclient
# BuildRequires: python3-lazr-uri
# BuildRequires: python3-libs
# BuildRequires: python3-matplotlib
# BuildRequires: python3-moksha-common
# BuildRequires: python3-moksha-hub
# BuildRequires: python3-paste
# BuildRequires: python3-protobuf
# BuildRequires: python3-rpm-generators
# BuildRequires: python3-ruamel-yaml
# BuildRequires: python3-setuptools
# BuildRequires: python3-straight-plugin
# BuildRequires: python3-zope-event
# BuildRequires: python3-zope-interface
# BuildRequires: qt3
# BuildRequires: qt5-qtbase-common
# BuildRequires: qt6-qtbase-common
# BuildRequires: qtchooser
# BuildRequires: redhat-rpm-config
# BuildRequires: rpm
# BuildRequires: rpm-build
# BuildRequires: rpm-build-libs
# BuildRequires: rpm-libs
# BuildRequires: rust
# BuildRequires: sed
# BuildRequires: selinux-policy
# BuildRequires: selinux-policy-targeted
# BuildRequires: setup
# BuildRequires: sip
# BuildRequires: sqlite-libs
# BuildRequires: systemd
# BuildRequires: systemd-libs
# BuildRequires: systemtap-sdt-devel
# BuildRequires: tar
# BuildRequires: texlive-base
# BuildRequires: tzdata
# BuildRequires: util-linux
# BuildRequires: vim-filesystem
# BuildRequires: xz
# BuildRequires: xz-libs

%description
Q35 images for QEMU

%prep
npm install cspell

# We needs some special git config --local options that %%autosetup won't give us.
# We init the git dir ourselves, then tell %%autosetup not to blow it away.
%setup -q -n %{name}-%{GITCOMMIT}
git reset --hard
git config --local core.whitespace cr-at-eol
git config --local am.keepcr true
git config --local user.email "%{__scm_usermail}"
git config --local user.name "%{__scm_username}"
git fetch origin
git branch efi_memory_attributes origin/feature/202102/efi_memory_attributes
git checkout --force efi_memory_attributes
git reset --hard

cp -a -- %{SOURCE3} .
#cp -a -- %% {SOURCE10} %% {SOURCE11} %% {SOURCE12} %% {SOURCE13} %% {SOURCE14} .

# -T is passed to %%setup to not re-extract the archive
# -D is passed to %%setup to not delete the existing archive dir
%autosetup -T -D -n %{name}-%{GITCOMMIT} -S git_am

git fetch
git rebase
git cherry-pick 0e84c00d0b568040fca0c58dda2fb63f0b4a86bb || :
git commit -m "cherry-pick 0e84c00d0b568040fca0c58dda2fb63f0b4a86bb" --allow-empty

cd ..
for x in \
  %{SOURCE100} \
  %{SOURCE200} \
  %{SOURCE300} \
  %{SOURCE400} \
  %{SOURCE500} \
; do
  tar xf ${x}
done
cd -
cd MU_BASECORE
git reset --hard
git config --local core.whitespace cr-at-eol
git config --local am.keepcr true
git config --local user.email "%{__scm_usermail}"
git config --local user.name "%{__scm_username}"
# git remote add origin https://github.com/microsoft/mu_basecore.git
git fetch origin
git remote add github https://github.com/vathpela/mu_basecore.git
git fetch github
git branch -f efi_mem_attributes github/efi_mem_attributes
git checkout efi_mem_attributes
git reset --hard
cd -
cd Common/MU_TIANO
git reset --hard
git config --local core.whitespace cr-at-eol
git config --local am.keepcr true
git config --local user.email "%{__scm_usermail}"
git config --local user.name "%{__scm_username}"
git reset --hard
git fetch origin
git checkout release/202102
git reset --hard
cd -
cd Common/MU
git reset --hard
git config --local core.whitespace cr-at-eol
git config --local am.keepcr true
git config --local user.email "%{__scm_usermail}"
git config --local user.name "%{__scm_username}"
git reset --hard
git fetch origin
git checkout release/202102
git reset --hard
cd -
cd Common/MU_OEM_SAMPLE
git reset --hard
git config --local core.whitespace cr-at-eol
git config --local am.keepcr true
git config --local user.email "%{__scm_usermail}"
git config --local user.name "%{__scm_username}"
git fetch origin
git checkout release/202102
git reset --hard
cd -
cd Common/PRM
git reset --hard
git config --local core.whitespace cr-at-eol
git config --local am.keepcr true
git config --local user.email "%{__scm_usermail}"
git config --local user.name "%{__scm_username}"
git fetch origin
git checkout PlatformRuntimeMechanism
git reset --hard
cd -
# cd Common/MU_TIANO/CryptoPkg/Library/OpensslLib/openssl
# git checkout master
# git reset --hard
# cd -

#rmdir MU_BASECORE Common/MU_TIANO Common/MU Common/MU_OEM_SAMPLE Common/PRM
#git submodule add -b poc/efi_mem_attributes https://github.com/microsoft/mu_basecore.git MU_BASECORE
#git submodule add -b release/202102 https://github.com/microsoft/mu_tiano_plus.git Common/MU_TIANO
#git submodule add -b release/202102 https://github.com/microsoft/mu_plus.git Common/MU
#git submodule add -b release/202102 https://github.com/microsoft/mu_oem_sample.git Common/MU_OEM_SAMPLE
#git submodule add -b PlatformRuntimeMechanism https://github.com/tianocore/edk2-staging.git Common/PRM

#cd MU_BASECORE
#git init .
#git remote add -t poc/efi_mem_attributes origin https://github.com/microsoft/mu_basecore.git
#git fetch
#git checkout poc/efi_mem_attributes
#cd -
#cd Common/MU_TIANO
#git init .
#git remote add -t release/202102 origin https://github.com/microsoft/mu_tiano_plus.git
#git fetch
#git checkout release/202102
#cd -
#cd Common/MU
#git init .
#git remote add -t release/202102 origin https://github.com/microsoft/mu_plus.git
#git fetch
#git checkout release/202102
#cd -
#cd Common/MU_OEM_SAMPLE
#git init .
#git remote add -t release/202102 origin https://github.com/microsoft/mu_oem_sample.git
#git fetch
#git checkout release/202102
#cd -
#cd Common/PRM
#git init .
#git remote add -t PlatformRuntimeMechanism origin https://github.com/tianocore/edk2-staging.git
#git fetch
#git checkout PlatformRuntimeMechanism
#cd -
#

git submodule init
git submodule update --recursive
git add .
git commit -m "Update submodules" --allow-empty

tar -C Common/MU_TIANO/CryptoPkg/Library/OpensslLib -a -f %{SOURCE2} -x
cd Common/MU_TIANO/CryptoPkg/Library/OpensslLib/openssl
git init .
git add .
git config --local core.whitespace cr-at-eol
git config --local am.keepcr true
git config --local user.email "%{__scm_usermail}"
git config --local user.name "%{__scm_username}"
git commit -a -m "Add openssl" --allow-empty
cd -
cd Common/MU_TIANO
git am %{SOURCE401}
cd -
cd MU_BASECORE
git cherry-pick origin/poc/efi_mem_attributes..github/efi_mem_attributes
git commit -a -m "cherry-pick origin/poc/efi_mem_attributes..github/efi_mem_attributes" --allow-empty
cd -

# Format the Red Hat-issued certificate that is to be enrolled as both Platform
# Key and first Key Exchange Key, as an SMBIOS OEM String. This means stripping
# the PEM header and footer, and prepending the textual representation of the
# GUID that identifies this particular OEM String to "EnrollDefaultKeys.efi",
# plus the separator ":". For details, see
# <https://bugzilla.tianocore.org/show_bug.cgi?id=1747> comments 2, 7, 14.
sed \
  -e 's/^-----BEGIN CERTIFICATE-----$/4e32566d-8e9e-4f52-81d3-5bb9715f9727:/' \
  -e '/^-----END CERTIFICATE-----$/d' \
  %{SOURCE5} \
  > PkKek1.oemstr
git add .
git commit -m "PK stuff" --allow-empty

sed -i -e 's/-Werror//' MU_BASECORE/BaseTools/Conf/tools_def.template MU_BASECORE/BaseTools/Source/C/Makefiles/header.makefile
cd MU_BASECORE
git commit -a -m "Disable werror" --allow-empty
cd -
git commit -a -m "Disable werror" --allow-empty

# Done by %% setup, but we do not use it for the auxiliary tarballs
chmod -Rf a+rX,u+w,g-w,o-w .
git commit -a -m "Fix file perms" --allow-empty

#cp %% {SOURCE6} /etc/pki/ca-trust/source/azureca.crt
#update-ca-trust --fresh
cert-sync --user /etc/pki/tls/certs/ca-bundle.crt
cert-sync --user "%{SOURCE6}"

%build
export PYTHON_COMMAND=%{__python3}
python3 -m venv mu-qemuq35
source mu-qemuq35/bin/activate
pip install --upgrade -r pip-requirements.txt
stuart_setup -c Platforms/QemuQ35Pkg/PlatformBuild.py TOOL_CHAIN_TAG=GCC5
stuart_update -c Platforms/QemuQ35Pkg/PlatformBuild.py TOOL_CHAIN_TAG=GCC5
stuart_build -c Platforms/QemuQ35Pkg/PlatformBuild.py TOOL_CHAIN_TAG=GCC5

%if 0
# Enroll the default certificates in a separate variable store template.
%{__python3} ovmf-vars-generator --verbose --verbose \
  --qemu-binary        %{qemu_binary} \
  --ovmf-binary        Build/QemuQ35Pkg/DEBUG_%{TOOLCHAIN}/FV/QEMUQ35_CODE.fd \
  --ovmf-template-vars Build/QemuQ35Pkg/DEBUG_%{TOOLCHAIN}/FV/QEMUQ35_VARS.fd \
  --uefi-shell-iso     Build/QemuQ35Pkg/DEBUG_%{TOOLCHAIN}/X64/UefiShell.iso \
  --oem-string         "$(< PkKek1.oemstr)" \
  --skip-testing \
  Build/QemuQ35Pkg/DEBUG_%{TOOLCHAIN}/FV/QEMUQ35_VARS.secboot.fd
%endif

%install
mkdir -p %{buildroot}%{_datadir}/edk2/qemuq35
install -t %{buildroot}%{_datadir}/edk2/qemuq35 Build/QemuQ35Pkg/DEBUG_GCC5/FV/QEMUQ35_*
cp LICENSE license.mu_tiano_platforms
cp ./Common/MU/LICENSE.txt LICENSE.mu_plus
cp ./Common/MU_OEM_SAMPLE/LICENSE.txt LICENSE.mu_oem_sample
cp ./Common/MU_TIANO/License.txt LICENSE.mu_tiano
cp ./Common/MU_TIANO/CryptoPkg/Library/OpensslLib/openssl/LICENSE LICENSE.openssl
mkdir -p %{buildroot}%{_datadir}/qemu/firmware
cp %{SOURCE7} %{buildroot}%{_datadir}/qemu/firmware


%files
%license LICENSE.*
%dir %{_datadir}/edk2/
%dir %{_datadir}/edk2/qemuq35
%{_datadir}/edk2/qemuq35/QEMUQ35_CODE.fd
%{_datadir}/edk2/qemuq35/QEMUQ35_VARS.fd
%dir %{_datadir}/qemu/firmware
%{_datadir}/qemu/firmware/30-mu-qemuq35.json

%changelog
* Wed Nov 02 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.35
- rebuilt

* Thu Oct 13 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.34
- rebuilt

* Thu Oct 13 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.33
- rebuilt

* Thu Oct 13 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.32
- rebuilt

* Thu Oct 13 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.31
- rebuilt

* Thu Oct 13 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.30
- rebuilt

* Thu Oct 13 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.29
- rebuilt

* Thu Oct 13 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.28
- rebuilt

* Thu Oct 13 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.27
- rebuilt

* Mon May 09 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.26
- rebuilt

* Tue Mar 29 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.25
- rebuilt

* Tue Mar 22 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.24
- rebuilt

* Tue Mar 15 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.23
- rebuilt

* Tue Mar 15 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.22
- rebuilt

* Tue Mar 15 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.21
- rebuilt

* Fri Mar 11 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.20
- rebuilt

* Fri Mar 11 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.19
- rebuilt

* Fri Mar 11 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.18
- rebuilt

* Fri Mar 11 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.17
- rebuilt

* Fri Mar 11 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.16
- rebuilt

* Fri Mar 11 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.15
- rebuilt

* Fri Mar 11 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.14
- rebuilt

* Wed Mar 09 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.13
- rebuilt

* Wed Mar 09 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.12
- rebuilt

* Wed Mar 09 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.11
- rebuilt

* Wed Mar 09 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.10
- rebuilt

* Wed Mar 09 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.9
- rebuilt

* Wed Mar 09 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.8
- rebuilt

* Fri Mar 04 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.7
- rebuilt

* Thu Mar 03 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.6
- rebuilt

* Thu Mar 03 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.5
- rebuilt

* Thu Mar 03 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.4
- rebuilt

* Thu Mar 03 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.3
- rebuilt

* Thu Mar 03 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.2
- rebuilt

* Thu Mar 03 2022 pjones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1.24.1
- rebuilt

* Fri Feb 11 2022 Peter Jones <pjones@redhat.com> - 20220211gitda8529d5aaa-~1
- First horrifying attempt