From 028a6e3cbd3121e627371ff9645b6923b69caa5e Mon Sep 17 00:00:00 2001 From: Sofia Boldyreva Date: Wed, 15 Jan 2025 22:28:20 +0100 Subject: [PATCH] Initial commit --- config.yaml | 52 +++++++++++++++++++++++++++++++ files/almalinuxsecurebootca0.cer | Bin 0 -> 1787 bytes 2 files changed, 52 insertions(+) create mode 100644 config.yaml create mode 100644 files/almalinuxsecurebootca0.cer diff --git a/config.yaml b/config.yaml new file mode 100644 index 0000000..43f5869 --- /dev/null +++ b/config.yaml @@ -0,0 +1,52 @@ +actions: + - replace: + - target: "spec" + find: "%global glib2_version 2.45.8" + replace: | + %global efi_vendor almalinux + %global efidir almalinux + %global efi_esp_dir /boot/efi/EFI/%{efidir} + + %global glib2_version 2.45.8 + count: 1 + - target: "spec" + find: | + -Dfwupd-efi:efi_sbat_distro_id="rhel" \ + -Dfwupd-efi:efi_sbat_distro_summary="Red Hat Enterprise Linux" \ + replace: | + -Dfwupd-efi:efi_sbat_distro_id="almalinux" \ + -Dfwupd-efi:efi_sbat_distro_summary="AlmaLinux" \ + count: 1 + - target: "spec" + find: "-Dfwupd-efi:efi_sbat_distro_url=\"mail:secalert@redhat.com\" \\" + replace: "-Dfwupd-efi:efi_sbat_distro_url=\"mailto:security@almalinux.org\" \\" + count: 1 + - target: "spec" + find: | + %pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp -a %{SOURCE300} -c %{SOURCE301} -n redhatsecureboot301 + %pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed -a %{SOURCE500} -c %{SOURCE503} -n redhatsecureboot503 + replace: | + %pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp -a %{SOURCE300} -c %{SOURCE301} -n almalinuxsecurebootca0 + %pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed -a %{SOURCE500} -c %{SOURCE503} -n almalinuxsecurebootca0 + count: 1 + + - modify_release: + - suffix: ".alma.1" + enabled: true + + - changelog_entry: + - name: "Eduard Abdullin" + email: "eabdullin@almalinux.org" + line: + - "Use AlmaLinux cert" + + - add_files: + - type: "source" + name: "almalinuxsecurebootca0.cer" + number: 300 + + - delete_files: + - file_name: "redhatsecurebootca3.cer" + - file_name: "redhatsecureboot301.cer" + - file_name: "redhatsecurebootca5.cer" + - file_name: "redhatsecureboot503.cer" diff --git a/files/almalinuxsecurebootca0.cer b/files/almalinuxsecurebootca0.cer new file mode 100644 index 0000000000000000000000000000000000000000..6a4e99b9ed921c4af3db55a619260f1ab76110dc GIT binary patch literal 1787 zcmb7Edpy%?9NzEu+YQ4qp+X~z$hNhS)Qi`TME^-dksg&-Xq2Cz{bpoK?*v3Lr+#1l0EMjD_^(GTMD zB!UPL)n5=TknqD$I+(55K`6BGoxr#aQ34*7AqwMDg9H&mfiQx~@Sw6ns4M2o1LnrM zj*bAGgM!g7R1KZf5ID|pa&dAA1xdG2GSJgV;wS_sr+Fwqoly#ygx9gdLs&@Wya0v} z3LG4SP65Uf7hwvK$&cd3bH#kr3{2A~=u->>#eywd37;Auj^GLf30#RlB%EMPEi-l+ zkwox{5{U(2T$BpTN6nIqJ))wy{sLj#R%$>H)k_p74EruH#z6j)0c5b{#3zMt7(@o^ zW7O-~undMU6>I1J?%P(;)EDTd~@7#vAD%qZ-ufkhh?j~ zapii8FZ6l4l2j4>$6Kvd%=FCfQ#Hi8bqZPzauDLVg0k(jF6nNqtfiz|Wxur8bX2ad zdVcV5sacnCY_nO@_S&kodX}Gu=_h9qjw-&C&Q?YW8|~hwL@-lYMZxo*mT|n_rq!Dq zNO?Kr*Z&ajuCl*+CptA}bH}3+sZUn7lNIOqU@O10Y8v~wWKcZqMh{nDsrrHAqC?Fn zC5Od?^TaPN9vZwE>ENKiT9WIkzve%`+%Pg-+wtWhW?EoI?ykMo1m;;krtqoqrdY(Z z>AG~nTPIVAdtr9e$os^OcI}Pat4B7uw#bZr_Ev0CoO20G4yS!W8C%*eNtWAYpL#d* zedparl{a8zs7XrL79O+)cgO3rRq(Xe?bv+=_YavC&C0sI{5@^Isw>gKnC3h)7Af**$k{YWr>DKj@ce|HuYY$w-4X7busAnE?sO0 z%rpc&tP$2Q5p}pRNtx`QBY$$Hy}hi^EzC7xG%sfQ5Hy0tA}}ElkTi6P2EzaYC>lh= zl7Kdzs16YhM?esDptRPfdPAw7JRwLkg(U+Y4UdZT1n$5IPa2Kec@%;nJOpT9#`r7@ z85u`PBr&nB4i2&3%Ye=kMLRG8g8%`Ki%23t2=LQLO~*2UT1>u3z97|AGoqg0iKFNf zr^ZU-duM1WW2`Y49;^^`UC`BhARRwieNz#L243SBz!P*O|5I1;uO$Gbj#^URPsEFj znJ5J48Yh#m)_^Ae=Lv|2+!#zIQG$c)nJj+~w#N#V{a95^486KX5gC+(`LS(LuYLx& zmK=g#7W3C{btC1qgXHu|&hAt1mVpg9@qz7)LQjirTbE=%tB>VaJ{w|W+SRlqtM=qq z`BZ#(0JZP>i7X28yp;YFwn*+V^|hB(LiOc)PaARBXXK%~jS_tFjUyY$QX;*+r0V45 zkE=pT=tBm1C+#j}43w`s`%TdlzpX-LE<>U=F6|4*<{yn&V-xIkW##-D?u9_i{=os1 zQ~fq=HHqcUdPH1KbNZa$#kq3WF+jPXnVa;%`a)vjg(LknHdCYpovzocJ`VZSGQKX% z9VuvTNmoc+L-8N(4b3q2QAF;sQhj@I*nzv-=TicK8=0_FUZQQx>WuhjaYMX_P|t&zHv TseG#v;Fg#3=RT@0&At3@_pP4Z literal 0 HcmV?d00001