Index: head/sysutils/shim/Makefile
===================================================================
--- head/sysutils/shim/Makefile
+++ head/sysutils/shim/Makefile
@@ -2,43 +2,40 @@
 # $FreeBSD$
 
 PORTNAME=	shim
-PORTVERSION=	0.8
-PORTREVISION=	6
+PORTVERSION=	0.9
 CATEGORIES=	sysutils
 
-MAINTAINER=	ports@FreeBSD.org
+MAINTAINER=	egypcio@googlemail.com
 COMMENT=	UEFI Secure Boot shim loader
 
 LICENSE=	BSD2CLAUSE
+LICENSE_FILE=	${WRKSRC}/COPYRIGHT
 
 BUILD_DEPENDS=	${LOCALBASE}/lib/libgnuefi.a:devel/gnu-efi \
 		bash:shells/bash
 
-USE_GITHUB=	yes
-GH_ACCOUNT=	mjg59
-
-USES=		gmake
+USES=		compiler gmake shebangfix
 USE_CSTD=	gnu89
 USE_GCC=	yes
+
+SHEBANG_FILES=	make-certs
+
 USE_GITHUB=	yes
+GH_ACCOUNT=	mjg59
+
 MAKE_ARGS=	CC="${CC} ${CFLAGS:M-std=*}" LD="${LD}" OBJCOPY="${OBJCOPY}"
 MAKE_JOBS_UNSAFE=	yes
-ONLY_FOR_ARCHS=	amd64
 
 PLIST_FILES=	lib/shim/shim.pem lib/shim/shim.key \
 		lib/shim/MokManager.efi lib/shim/fallback.efi lib/shim/shim.efi
 
-post-patch:
-	@${REINPLACE_CMD} -e "s|/bin/bash|${LOCALBASE}/bin/bash|" ${WRKSRC}/make-certs
-
 do-install:
 	# Note that before this step, the shim.pem contains the _private_ key.
 	openssl x509 -inform der -in ${WRKSRC}/shim.cer -outform pem -out ${WRKSRC}/shim.pem
-	${MKDIR} ${STAGEDIR}/${PREFIX}/lib/shim
-	${INSTALL_DATA} -m 600 ${WRKSRC}/shim.key ${STAGEDIR}/${PREFIX}/lib/shim
-	${INSTALL_DATA} ${WRKSRC}/shim.pem ${STAGEDIR}/${PREFIX}/lib/shim
-	${INSTALL_DATA} ${WRKSRC}/shim.efi ${STAGEDIR}/${PREFIX}/lib/shim
-	${INSTALL_DATA} ${WRKSRC}/MokManager.efi ${STAGEDIR}/${PREFIX}/lib/shim
-	${INSTALL_DATA} ${WRKSRC}/fallback.efi ${STAGEDIR}/${PREFIX}/lib/shim
+	${MKDIR} ${STAGEDIR}${PREFIX}/lib/shim
+	${INSTALL_DATA} -m 600 ${WRKSRC}/shim.key ${STAGEDIR}${PREFIX}/lib/shim
+.for file in shim.pem MokManager.efi fallback.efi shim.efi
+	${INSTALL_DATA} ${WRKSRC}/${file} ${STAGEDIR}${PREFIX}/lib/shim
+.endfor
 
 .include <bsd.port.mk>
Index: head/sysutils/shim/distinfo
===================================================================
--- head/sysutils/shim/distinfo
+++ head/sysutils/shim/distinfo
@@ -1,2 +1,3 @@
-SHA256 (mjg59-shim-0.8_GH0.tar.gz) = 668629b51179d4832415d5c3ebf0cdb28feaae16e7158d8fc6e3740a1a29cdd8
-SIZE (mjg59-shim-0.8_GH0.tar.gz) = 1251831
+TIMESTAMP = 1535569510
+SHA256 (mjg59-shim-0.9_GH0.tar.gz) = d277d7bea0b5d554dacf284d84252a5e995fb4ef54b6de5ec6296c6c2a9a21bd
+SIZE (mjg59-shim-0.9_GH0.tar.gz) = 1302211
Index: head/sysutils/shim/files/patch-Cryptlib-Makefile
===================================================================
--- head/sysutils/shim/files/patch-Cryptlib-Makefile
+++ head/sysutils/shim/files/patch-Cryptlib-Makefile
@@ -1,5 +1,5 @@
---- Cryptlib/Makefile.orig	2014-10-13 22:41:51.000000000 +0200
-+++ Cryptlib/Makefile	2014-11-30 20:23:01.000000000 +0100
+--- Cryptlib/Makefile.orig	2015-06-30 18:20:12 UTC
++++ Cryptlib/Makefile
 @@ -1,3 +1,6 @@
 +ifeq ($(ARCH),amd64)
 +	override ARCH	= x86_64
Index: head/sysutils/shim/files/patch-Cryptlib-OpenSSL-Makefile
===================================================================
--- head/sysutils/shim/files/patch-Cryptlib-OpenSSL-Makefile
+++ head/sysutils/shim/files/patch-Cryptlib-OpenSSL-Makefile
@@ -1,5 +1,5 @@
---- Cryptlib/OpenSSL/Makefile.orig	2014-11-30 20:31:14.000000000 +0100
-+++ Cryptlib/OpenSSL/Makefile	2014-11-30 20:31:23.000000000 +0100
+--- Cryptlib/OpenSSL/Makefile.orig	2015-06-30 18:20:12 UTC
++++ Cryptlib/OpenSSL/Makefile
 @@ -1,3 +1,6 @@
 +ifeq ($(ARCH),amd64)
 +	override ARCH	= x86_64
Index: head/sysutils/shim/files/patch-Makefile
===================================================================
--- head/sysutils/shim/files/patch-Makefile
+++ head/sysutils/shim/files/patch-Makefile
@@ -1,43 +1,53 @@
---- Makefile.orig	2014-10-13 22:41:51.000000000 +0200
-+++ Makefile	2014-12-21 16:18:40.000000000 +0100
-@@ -4,13 +1,17 @@
+--- Makefile.orig	2015-06-30 18:20:12 UTC
++++ Makefile
+@@ -1,5 +1,5 @@
+ VERSION		= 0.9
+-RELEASE		:=
++RELEASE		:= ""
+ ifneq ($(RELEASE),"")
+ 	RELEASE="-$(RELEASE)"
+ endif
+@@ -9,15 +9,20 @@ LD		= $(CROSS_COMPILE)ld
+ OBJCOPY		= $(CROSS_COMPILE)objcopy
  
  ARCH		= $(shell $(CC) -dumpmachine | cut -f1 -d- | sed s,i[3456789]86,ia32,)
- 
++
 +ifeq ($(ARCH),amd64)
-+  override ARCH := x86_64
++	override ARCH := x86_64
 +endif
 +
+ OBJCOPY_GTE224  = $(shell expr `$(OBJCOPY) --version |grep ^"GNU objcopy" | sed 's/^.* //g' | cut -f1-2 -d.` \>= 2.24)
+ 
  SUBDIRS		= Cryptlib lib
  
 -LIB_PATH	= /usr/lib64
-+LIB_PATH	= $(LOCALBASE)/lib
++LIB_PATH	= /usr/lib -L$(LOCALBASE)/lib
  
 -EFI_INCLUDE	:= /usr/include/efi
-+EFI_INCLUDE	:= $(LOCALBASE)/include/efi
- EFI_INCLUDES	= -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -Iinclude
+-EFI_INCLUDES	= -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I$(shell pwd)/include
 -EFI_PATH	:= /usr/lib64/gnuefi
++EFI_INCLUDE	:= $(LOCALBASE)/include/efi
++EFI_INCLUDES	= -nostdinc -ICryptlib -ICryptlib/Include -I$(EFI_INCLUDE) -I$(EFI_INCLUDE)/$(ARCH) -I$(EFI_INCLUDE)/protocol -I$(shell pwd)/include -I/usr/include
 +EFI_PATH	:= $(LOCALBASE)/lib
  
  LIB_GCC		= $(shell $(CC) -print-libgcc-file-name)
  EFI_LIBS	= -lefi -lgnuefi --start-group Cryptlib/libcryptlib.a Cryptlib/OpenSSL/libopenssl.a --end-group $(LIB_GCC) 
-@@ -57,7 +63,7 @@ LDFLAGS		= -nostdlib -znocombreloc -T $(
+@@ -65,7 +70,7 @@ endif
  
- VERSION		= 0.8
+ LDFLAGS		= --hash-style=sysv -nostdlib -znocombreloc -T $(EFI_LDS) -shared -Bsymbolic -L$(EFI_PATH) -L$(LIB_PATH) -LCryptlib -LCryptlib/OpenSSL $(EFI_CRT_OBJS) --build-id=sha1
  
 -TARGET	= shim.efi MokManager.efi.signed fallback.efi.signed
 +TARGET	= shim.efi MokManager.efi fallback.efi
  OBJS	= shim.o netboot.o cert.o replacements.o version.o
  KEYS	= shim_cert.h ocsp.* ca.* shim.crt shim.csr shim.p12 shim.pem shim.key shim.cer
  SOURCES	= shim.c shim.h netboot.c include/PeImage.h include/wincert.h include/console.h replacements.c replacements.h version.c version.h
-@@ -144,8 +150,8 @@ FORMAT		?= --target efi-app-$(ARCH)
- 		-j .debug_line -j .debug_str -j .debug_ranges \
+@@ -156,9 +161,6 @@ endif
+ 		-j .note.gnu.build-id \
  		$(FORMAT) $^ $@.debug
  
 -%.efi.signed: %.efi certdb/secmod.db
 -	pesign -n certdb -i $< -c "shim" -s -o $@ -f
-+#%.efi.signed: %.efi certdb/secmod.db
-+#	pesign -n certdb -i $< -c "shim" -s -o $@ -f
- 
+-
  clean:
  	$(MAKE) -C Cryptlib clean
+ 	$(MAKE) -C Cryptlib/OpenSSL clean
Index: head/sysutils/shim/files/patch-elf_x86_64_efi.lds
===================================================================
--- head/sysutils/shim/files/patch-elf_x86_64_efi.lds
+++ head/sysutils/shim/files/patch-elf_x86_64_efi.lds
@@ -1,5 +1,5 @@
---- elf_x86_64_efi.lds.orig	2014-12-21 16:01:08.000000000 +0100
-+++ elf_x86_64_efi.lds	2014-12-21 16:01:16.000000000 +0100
+--- elf_x86_64_efi.lds.orig	2015-06-30 18:20:12 UTC
++++ elf_x86_64_efi.lds
 @@ -1,5 +1,5 @@
 -/* Same as elf_x86_64_fbsd_efi.lds, except for OUTPUT_FORMAT below - KEEP IN SYNC */
 -OUTPUT_FORMAT("elf64-x86-64", "elf64-x86-64", "elf64-x86-64")
Index: head/sysutils/shim/files/patch-lib-Makefile
===================================================================
--- head/sysutils/shim/files/patch-lib-Makefile
+++ head/sysutils/shim/files/patch-lib-Makefile
@@ -1,5 +1,5 @@
---- lib/Makefile.orig	2014-11-30 20:34:06.000000000 +0100
-+++ lib/Makefile	2014-11-30 20:34:20.000000000 +0100
+--- lib/Makefile.orig	2015-06-30 18:20:12 UTC
++++ lib/Makefile
 @@ -1,3 +1,7 @@
 +ifeq ($(ARCH),amd64)
 +	override ARCH	= x86_64