Update Dockerfile to build from tarball

Update Dockerfile to build from release tarball instead of git branch
cisco · Jun 13, 2024 · 6d6deb6 · 6d6deb6
1 parent 7a106eb
commit 6d6deb6
Showing 1 changed file with 9 additions and 5 deletions.
diff --git a/shim-review/Dockerfile b/shim-review/Dockerfile
@@ -4,11 +4,13 @@ FROM ubuntu:jammy
 RUN sed -i 's/# deb-src/deb-src/' /etc/apt/sources.list && \
     apt update -y && \
     DEBIAN_FRONTEND=noninteractive apt install -y devscripts git-buildpackage software-properties-common && \
-    apt build-dep -y shim
+    apt build-dep -y shim tar wget
 
-# Clone shim
-RUN git clone -b "15.8" https://github.com/rhboot/shim.git /shim-build
-WORKDIR /shim-build
+# Download and extract the upstream source tarball for shim
+RUN wget https://github.com/rhboot/shim/releases/download/15.8/shim-15.8.tar.bz2
+RUN mkdir /shim-build
+RUN tar -xvf shim-15.8.tar.bz2 --directory /shim-build
+WORKDIR /shim-build/shim-15.8
 
 # Add our public certificate
 ADD Cisco_Virtual_UEFI_SubCA_v3.der .
@@ -20,10 +22,12 @@ RUN mkdir build-x64
 ADD sbat.csv data/sbat.csv
 
 # Build 64-bit
-RUN make update
 RUN make -C build-x64 ARCH=x86_64 VENDOR_CERT_FILE=../Cisco_Virtual_UEFI_SubCA_v3.der \
     TOPDIR=.. -f ../Makefile
 
+# Output hash of shimx64.efi
+RUN sha256sum build-x64/shimx64.efi
+
 # Final shim for installation
 RUN mkdir /shim-build/install
 RUN cp build-x64/shimx64.efi /shim-build/install