forked from rpms/kernel
		
	Ship hmac file for vmlinuz for FIPS-140 (rhbz 805538)
This commit is contained in:
		
							parent
							
								
									364473e5c5
								
							
						
					
					
						commit
						70f8133b71
					
				
							
								
								
									
										11
									
								
								kernel.spec
									
									
									
									
									
								
							
							
						
						
									
										11
									
								
								kernel.spec
									
									
									
									
									
								
							| @ -529,7 +529,7 @@ ExclusiveOS: Linux | |||||||
| # | # | ||||||
| BuildRequires: module-init-tools, patch >= 2.5.4, bash >= 2.03, sh-utils, tar | BuildRequires: module-init-tools, patch >= 2.5.4, bash >= 2.03, sh-utils, tar | ||||||
| BuildRequires: bzip2, xz, findutils, gzip, m4, perl, make >= 3.78, diffutils, gawk | BuildRequires: bzip2, xz, findutils, gzip, m4, perl, make >= 3.78, diffutils, gawk | ||||||
| BuildRequires: gcc >= 3.4.2, binutils >= 2.12, redhat-rpm-config | BuildRequires: gcc >= 3.4.2, binutils >= 2.12, redhat-rpm-config, hmaccalc | ||||||
| BuildRequires: net-tools | BuildRequires: net-tools | ||||||
| BuildRequires: xmlto, asciidoc | BuildRequires: xmlto, asciidoc | ||||||
| %if %{with_sparse} | %if %{with_sparse} | ||||||
| @ -1665,6 +1665,11 @@ BuildKernel() { | |||||||
|     		$RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer |     		$RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer | ||||||
|     chmod 755 $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer |     chmod 755 $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer | ||||||
| 
 | 
 | ||||||
|  |     # hmac sign the kernel for FIPS | ||||||
|  |     echo "Creating hmac file: $RPM_BUILD_ROOT/%{image_install_path}/.vmlinuz-$KernelVer.hmac" | ||||||
|  |     ls -l $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer | ||||||
|  |     sha512hmac $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer | sed -e "s,$RPM_BUILD_ROOT,," > $RPM_BUILD_ROOT/%{image_install_path}/.vmlinuz-$KernelVer.hmac; | ||||||
|  | 
 | ||||||
|     mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer |     mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer | ||||||
|     # Override $(mod-fw) because we don't want it to install any firmware |     # Override $(mod-fw) because we don't want it to install any firmware | ||||||
|     # we'll get it from the linux-firmware package and we don't want conflicts |     # we'll get it from the linux-firmware package and we don't want conflicts | ||||||
| @ -2294,6 +2299,7 @@ fi | |||||||
| %{expand:%%files %{?2}}\ | %{expand:%%files %{?2}}\ | ||||||
| %defattr(-,root,root)\ | %defattr(-,root,root)\ | ||||||
| /%{image_install_path}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?2:.%{2}}\ | /%{image_install_path}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?2:.%{2}}\ | ||||||
|  | /%{image_install_path}/.vmlinuz-%{KVERREL}%{?2:.%{2}}.hmac \ | ||||||
| %attr(600,root,root) /boot/System.map-%{KVERREL}%{?2:.%{2}}\ | %attr(600,root,root) /boot/System.map-%{KVERREL}%{?2:.%{2}}\ | ||||||
| /boot/config-%{KVERREL}%{?2:.%{2}}\ | /boot/config-%{KVERREL}%{?2:.%{2}}\ | ||||||
| %dir /lib/modules/%{KVERREL}%{?2:.%{2}}\ | %dir /lib/modules/%{KVERREL}%{?2:.%{2}}\ | ||||||
| @ -2347,6 +2353,9 @@ fi | |||||||
| #                 ||----w | | #                 ||----w | | ||||||
| #                 ||     || | #                 ||     || | ||||||
| %changelog | %changelog | ||||||
|  | * Wed Mar 21 2012 Josh Boyer <jwboyer@redhat.com> | ||||||
|  | - Ship hmac file for vmlinuz for FIPS-140 (rhbz 805538) | ||||||
|  | 
 | ||||||
| * Tue Mar 20 2012 Josh Boyer <jwboyer@redhat.com> | * Tue Mar 20 2012 Josh Boyer <jwboyer@redhat.com> | ||||||
| - CVE-2012-1568: execshield: predictable ascii armour base address (rhbz 804957) | - CVE-2012-1568: execshield: predictable ascii armour base address (rhbz 804957) | ||||||
| - mac80211: fix possible tid_rx->reorder_timer use after free | - mac80211: fix possible tid_rx->reorder_timer use after free | ||||||
|  | |||||||
		Loading…
	
		Reference in New Issue
	
	Block a user