[libvirt] [PATCH] libvirt.spec.in: Add the Secure Boot-variant OVMF binaries

[Michal Privoznik]

On 9/10/19 8:56 PM, Cole Robinson wrote:
> On 7/30/19 12:11 PM, Kashyap Chamarthy wrote:
>> Currently the RPM spec doesn't add the 'secboot'-variant OVMF binaries
>> (an unintentional omission, checking with Cole on #virt, OFTC) for
>> 'x86_64' and 'ia32'.  Add them.
>>
>> This way, getDomainCapabilities() will report all the OVMF binaries that
>> are present on the system.  E.g. on Fedora 29, if you only have the
>> edk2-ovmf-20190308stable-1.fc29.noarch package installed, then running
>> `virsh domcapabilities` will enumerate _both_ the OVMF binaries (instead
>> of just the OVMF_CODE.fd):
>>
>>    $> virsh getdomcapabilities
>>      ...
>>      <loader supported='yes'>
>>        <value>/usr/share/edk2/ovmf/OVMF_CODE.fd</value>
>>        <value>/usr/share/edk2/ovmf/OVMF_CODE.secboot.fd</value>
>>      ...
>>
>> (
>> Learnt this from a discussion with Michal Privoznik in this bug,
>> comment#2:
>>
>>      https://bugzilla.redhat.com/show_bug.cgi?id=1733940 -- RFE: Report
>>      firmware (FW) paths in domainCapabilities based on FW descriptor
>>      files
>> )
>>
>> Signed-off-by: Kashyap Chamarthy <kchamart at redhat.com>
>> ---
>> I only did a cursory check on if I missed to add any other valid paths
>> for other architectures.
>> ---
> 
> For the change:
> 
> Reviewed-by: Cole Robinson <crobinso at redhat.com>
> 
> But I'm not sure how much we care now that firmware.repo is in the mix.
> I'll leave it up to Michal whether to apply

The only concern I had with this patch is that we will start putting 
"*.secboot.fd" images into domcaps XML even if secboot might not be 
available for given combination of arguments (machine type + arch).
However, after my series gets merged we will report only those FW image 
paths that we found FW descriptors for and this will be used only as a 
fallback:

https://www.redhat.com/archives/libvir-list/2019-August/msg00109.html

So after all, ACK from me too. And pushed.

Michal