From 518575240fd3741427a66060171d71b03c768fdd Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 2 Jul 2024 13:32:18 +0300 Subject: [PATCH 1/9] - Add bootstrap var to not build almalinux-sb-certs package - Add macros.arch_fp and macros.arch_v2 files to %files --- SPECS/almalinux-release.spec | 27 +++++++++++++++++++-------- 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/SPECS/almalinux-release.spec b/SPECS/almalinux-release.spec index 803ec93..3e0b769 100644 --- a/SPECS/almalinux-release.spec +++ b/SPECS/almalinux-release.spec @@ -2,6 +2,7 @@ # Also baseurl for regular repos should be changed to repo.almalinux.org # and mirrorlist should be set as default %bcond_without beta +%bcond_with bootstrap # Needs only for first build, because we should have right arch names %if 0%{?x86_64_v2} == 1 @@ -92,6 +93,7 @@ Source512: almalinux-beta.repo Source600: RPM-GPG-KEY-AlmaLinux-10 +%if %{without bootstrap} %package -n almalinux-sb-certs Summary: %{distro} public secureboot certificates Group: System Environment/Base @@ -106,11 +108,12 @@ Requires: almalinux-gpg-keys = %{version}-%{release} %package -n almalinux-gpg-keys Summary: %{distro} RPM keys - +%endif %description %{distro} release files. +%if %{without bootstrap} %description -n almalinux-sb-certs %{distro} secureboot certificates @@ -119,7 +122,7 @@ This package provides the package repository files for %{distro}. %description -n almalinux-gpg-keys This package provides the RPM signature keys for %{distro}. - +%endif %install # copy license and contributors doc here for %%license and %%doc macros @@ -239,6 +242,7 @@ install -m 0644 %{SOURCE304} %{buildroot}/%{_prefix}/lib/sysctl.d/ mkdir %{buildroot}%{_sysconfdir}/yum.repos.d touch %{buildroot}%{_sysconfdir}/yum.repos.d/redhat.repo +%if %{without bootstrap} # Copy secureboot certificates install -d -m 0755 %{buildroot}%{_sysconfdir}/pki/sb-certs/ install -d -m 0755 %{buildroot}%{_datadir}/pki/sb-certs/ @@ -319,6 +323,11 @@ install -p -m 0644 %{SOURCE512} %{buildroot}%{_sysconfdir}/yum.repos.d/ install -d -m 0755 %{buildroot}%{_sysconfdir}/dnf/vars echo "%{major}-stream" > %{buildroot}%{_sysconfdir}/dnf/vars/stream +# copy GPG keys +install -d -m 0755 %{buildroot}%{_sysconfdir}/pki/rpm-gpg +install -p -m 0644 %{SOURCE600} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/ +%endif + # These variables should be set in the build environment to change rpm names %if 0%{?x86_64_v2} == 1 echo '%%_build_name_fmt %%{ARCH}_v2/%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}_v2.rpm' > %{buildroot}%{_sysconfdir}/rpm/macros.arch_v2 @@ -329,11 +338,6 @@ echo '%%_build_name_fmt %%{ARCH}_fp/%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}_fp echo '%x86_64_fp 1' >> %{buildroot}%{_sysconfdir}/rpm/macros.arch_fp %endif -# copy GPG keys -install -d -m 0755 %{buildroot}%{_sysconfdir}/pki/rpm-gpg -install -p -m 0644 %{SOURCE600} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/ - - %files %license docs/LICENSE @@ -354,7 +358,14 @@ install -p -m 0644 %{SOURCE600} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/ %{_prefix}/lib/systemd/system-preset/* %{_prefix}/lib/systemd/user-preset/* %{_prefix}/lib/sysctl.d/50-redhat.conf +%if 0%{?x86_64_fp} == 1 +%config(noreplace) %{_sysconfdir}/rpm/macros.arch_fp +%endif +%if 0%{?x86_64_v2} == 1 +%config(noreplace) %{_sysconfdir}/rpm/macros.arch_v2 +%endif +%if %{without bootstrap} %files -n almalinux-sb-certs # Note to future packagers: # resetting the symlinks in /etc/pki/sb-certs on upgrade is the intended behavior here @@ -385,7 +396,7 @@ install -p -m 0644 %{SOURCE600} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/ %files -n almalinux-gpg-keys %{_sysconfdir}/pki/rpm-gpg - +%endif %changelog * Tue Jul 02 2024 Eduard Abdullin - 10.0-0.14 From 7c772d5bbfb194505ec5d0e5a65c22d76e0b503b Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 2 Jul 2024 13:39:36 +0300 Subject: [PATCH 2/9] Remove bootstreap var --- SPECS/almalinux-release.spec | 9 --------- 1 file changed, 9 deletions(-) diff --git a/SPECS/almalinux-release.spec b/SPECS/almalinux-release.spec index 3e0b769..8120579 100644 --- a/SPECS/almalinux-release.spec +++ b/SPECS/almalinux-release.spec @@ -2,7 +2,6 @@ # Also baseurl for regular repos should be changed to repo.almalinux.org # and mirrorlist should be set as default %bcond_without beta -%bcond_with bootstrap # Needs only for first build, because we should have right arch names %if 0%{?x86_64_v2} == 1 @@ -93,7 +92,6 @@ Source512: almalinux-beta.repo Source600: RPM-GPG-KEY-AlmaLinux-10 -%if %{without bootstrap} %package -n almalinux-sb-certs Summary: %{distro} public secureboot certificates Group: System Environment/Base @@ -108,12 +106,10 @@ Requires: almalinux-gpg-keys = %{version}-%{release} %package -n almalinux-gpg-keys Summary: %{distro} RPM keys -%endif %description %{distro} release files. -%if %{without bootstrap} %description -n almalinux-sb-certs %{distro} secureboot certificates @@ -122,7 +118,6 @@ This package provides the package repository files for %{distro}. %description -n almalinux-gpg-keys This package provides the RPM signature keys for %{distro}. -%endif %install # copy license and contributors doc here for %%license and %%doc macros @@ -242,7 +237,6 @@ install -m 0644 %{SOURCE304} %{buildroot}/%{_prefix}/lib/sysctl.d/ mkdir %{buildroot}%{_sysconfdir}/yum.repos.d touch %{buildroot}%{_sysconfdir}/yum.repos.d/redhat.repo -%if %{without bootstrap} # Copy secureboot certificates install -d -m 0755 %{buildroot}%{_sysconfdir}/pki/sb-certs/ install -d -m 0755 %{buildroot}%{_datadir}/pki/sb-certs/ @@ -326,7 +320,6 @@ echo "%{major}-stream" > %{buildroot}%{_sysconfdir}/dnf/vars/stream # copy GPG keys install -d -m 0755 %{buildroot}%{_sysconfdir}/pki/rpm-gpg install -p -m 0644 %{SOURCE600} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/ -%endif # These variables should be set in the build environment to change rpm names %if 0%{?x86_64_v2} == 1 @@ -365,7 +358,6 @@ echo '%x86_64_fp 1' >> %{buildroot}%{_sysconfdir}/rpm/macros.arch_fp %config(noreplace) %{_sysconfdir}/rpm/macros.arch_v2 %endif -%if %{without bootstrap} %files -n almalinux-sb-certs # Note to future packagers: # resetting the symlinks in /etc/pki/sb-certs on upgrade is the intended behavior here @@ -396,7 +388,6 @@ echo '%x86_64_fp 1' >> %{buildroot}%{_sysconfdir}/rpm/macros.arch_fp %files -n almalinux-gpg-keys %{_sysconfdir}/pki/rpm-gpg -%endif %changelog * Tue Jul 02 2024 Eduard Abdullin - 10.0-0.14 From ebeb6cbaacda4bd70abbae2f8f7486aeda81cde2 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 2 Jul 2024 14:10:34 +0300 Subject: [PATCH 3/9] Remove Source202 --- SPECS/almalinux-release.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/almalinux-release.spec b/SPECS/almalinux-release.spec index 8120579..e43d96c 100644 --- a/SPECS/almalinux-release.spec +++ b/SPECS/almalinux-release.spec @@ -122,7 +122,7 @@ This package provides the RPM signature keys for %{distro}. %install # copy license and contributors doc here for %%license and %%doc macros mkdir -p ./docs -cp %{SOURCE201} %{SOURCE202} ./docs +cp %{SOURCE201} ./docs # create /etc/system-release and /etc/redhat-release install -d -m 0755 %{buildroot}%{_sysconfdir} From a5121d10bf665a76a41def845002eb774de4c01c Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 2 Jul 2024 14:29:55 +0300 Subject: [PATCH 4/9] add %{_sysconfdir}/almalinux-release --- SPECS/almalinux-release.spec | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/SPECS/almalinux-release.spec b/SPECS/almalinux-release.spec index e43d96c..c53045b 100644 --- a/SPECS/almalinux-release.spec +++ b/SPECS/almalinux-release.spec @@ -126,9 +126,9 @@ cp %{SOURCE201} ./docs # create /etc/system-release and /etc/redhat-release install -d -m 0755 %{buildroot}%{_sysconfdir} -echo "%{distro} release %{major}" > %{buildroot}%{_sysconfdir}/centos-release -ln -s centos-release %{buildroot}%{_sysconfdir}/system-release -ln -s centos-release %{buildroot}%{_sysconfdir}/redhat-release +echo "%{distro} release %{major}.%{minor}%{?beta: %{beta}} (%{release_name})" > %{buildroot}%{_sysconfdir}/almalinux-release +ln -s almalinux-release %{buildroot}%{_sysconfdir}/system-release +ln -s almalinux-release %{buildroot}%{_sysconfdir}/redhat-release # ------------------------------------------------------------------------- # Definitions for /etc/os-release and for macros in macros.dist. These From 1f0fa03229a18588a2348d18931532806245a0cb Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 2 Jul 2024 14:49:28 +0300 Subject: [PATCH 5/9] Change arch from noarch --- SPECS/almalinux-release.spec | 1 - 1 file changed, 1 deletion(-) diff --git a/SPECS/almalinux-release.spec b/SPECS/almalinux-release.spec index c53045b..e0afe50 100644 --- a/SPECS/almalinux-release.spec +++ b/SPECS/almalinux-release.spec @@ -24,7 +24,6 @@ Release: 0.14%{?dist} Summary: %{distro} release files License: GPLv2 URL: https://almalinux.org -BuildArch: noarch Provides: centos-release = %{version}-%{release} From 45660eb3f8e785ce40554d35062f95ae8c7f09dc Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 2 Jul 2024 16:20:36 +0300 Subject: [PATCH 6/9] Fix x86_64_v2 definition --- SPECS/almalinux-release.spec | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/SPECS/almalinux-release.spec b/SPECS/almalinux-release.spec index e0afe50..fd9a00f 100644 --- a/SPECS/almalinux-release.spec +++ b/SPECS/almalinux-release.spec @@ -323,11 +323,12 @@ install -p -m 0644 %{SOURCE600} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/ # These variables should be set in the build environment to change rpm names %if 0%{?x86_64_v2} == 1 echo '%%_build_name_fmt %%{ARCH}_v2/%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}_v2.rpm' > %{buildroot}%{_sysconfdir}/rpm/macros.arch_v2 -echo '%x86_64_v2 1' >> %{buildroot}%{_sysconfdir}/rpm/macros.arch_v2 +echo '%%x86_64_v2 1' >> %{buildroot}%{_sysconfdir}/rpm/macros.arch_v2 +echo '%%__cflags_arch_x86_64_level -v2' >> %{buildroot}%{_sysconfdir}/rpm/macros.arch_v2 %endif %if 0%{?x86_64_fp} == 1 echo '%%_build_name_fmt %%{ARCH}_fp/%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}_fp.rpm' > %{buildroot}%{_sysconfdir}/rpm/macros.arch_fp -echo '%x86_64_fp 1' >> %{buildroot}%{_sysconfdir}/rpm/macros.arch_fp +echo '%%x86_64_fp 1' >> %{buildroot}%{_sysconfdir}/rpm/macros.arch_fp %endif From 7a034e877a5dc8ed41d657c9f618559883fe8def Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 2 Jul 2024 16:30:51 +0300 Subject: [PATCH 7/9] Create /etc/rpm dir --- SPECS/almalinux-release.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/SPECS/almalinux-release.spec b/SPECS/almalinux-release.spec index fd9a00f..74ebb1b 100644 --- a/SPECS/almalinux-release.spec +++ b/SPECS/almalinux-release.spec @@ -322,11 +322,13 @@ install -p -m 0644 %{SOURCE600} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/ # These variables should be set in the build environment to change rpm names %if 0%{?x86_64_v2} == 1 +mkdir -p %{buildroot}%{_sysconfdir}/rpm echo '%%_build_name_fmt %%{ARCH}_v2/%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}_v2.rpm' > %{buildroot}%{_sysconfdir}/rpm/macros.arch_v2 echo '%%x86_64_v2 1' >> %{buildroot}%{_sysconfdir}/rpm/macros.arch_v2 echo '%%__cflags_arch_x86_64_level -v2' >> %{buildroot}%{_sysconfdir}/rpm/macros.arch_v2 %endif %if 0%{?x86_64_fp} == 1 +mkdir -p %{buildroot}%{_sysconfdir}/rpm echo '%%_build_name_fmt %%{ARCH}_fp/%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}_fp.rpm' > %{buildroot}%{_sysconfdir}/rpm/macros.arch_fp echo '%%x86_64_fp 1' >> %{buildroot}%{_sysconfdir}/rpm/macros.arch_fp %endif From ef18dbd67ad950581fd9725c052f30976c34a597 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 2 Jul 2024 17:26:04 +0300 Subject: [PATCH 8/9] Use only one source for SB --- SPECS/almalinux-release.spec | 36 ++++++++++++++---------------------- 1 file changed, 14 insertions(+), 22 deletions(-) diff --git a/SPECS/almalinux-release.spec b/SPECS/almalinux-release.spec index 74ebb1b..504f11f 100644 --- a/SPECS/almalinux-release.spec +++ b/SPECS/almalinux-release.spec @@ -1,4 +1,4 @@ -# Should be deleted or changed to "%bcond_with beta" before the release +# Should be deleted or changed to "%%bcond_with beta" before the release # Also baseurl for regular repos should be changed to repo.almalinux.org # and mirrorlist should be set as default %bcond_without beta @@ -60,14 +60,6 @@ Source303: 99-default-disable.preset Source304: 50-redhat.conf Source400: alsecureboot001.cer -# kernel signing certificate -Source401: alsecureboot001.cer -# grub2 signing certificate -Source402: alsecureboot001.cer -# Fwupd signing certificate -Source403: alsecureboot001.cer -# UKI signing certificate -Source404: alsecureboot001.cer Source500: almalinux-appstream.repo Source501: almalinux-baseos.repo @@ -242,29 +234,29 @@ install -d -m 0755 %{buildroot}%{_datadir}/pki/sb-certs/ # Install aarch64 certs install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-aarch64.cer -install -m 644 %{SOURCE401} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-aarch64.cer -install -m 644 %{SOURCE402} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-aarch64.cer -install -m 644 %{SOURCE403} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-aarch64.cer -install -m 644 %{SOURCE404} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-aarch64.cer +install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-aarch64.cer +install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-aarch64.cer +install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-aarch64.cer +install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-aarch64.cer # Install x86_64 certs install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-x86_64.cer -install -m 644 %{SOURCE401} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-x86_64.cer -install -m 644 %{SOURCE402} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-x86_64.cer -install -m 644 %{SOURCE403} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-x86_64.cer -install -m 644 %{SOURCE404} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-x86_64.cer +install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-x86_64.cer +install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-x86_64.cer +install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-x86_64.cer +install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-x86_64.cer # Install ppc64le certs install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-ppc64le.cer -install -m 644 %{SOURCE401} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-ppc64le.cer -install -m 644 %{SOURCE402} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-ppc64le.cer -install -m 644 %{SOURCE404} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-ppc64le.cer +install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-ppc64le.cer +install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-ppc64le.cer +install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-ppc64le.cer # Install s390x certs install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-s390x.cer -install -m 644 %{SOURCE401} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-s390x.cer -install -m 644 %{SOURCE404} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-s390x.cer +install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-s390x.cer +install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-s390x.cer # Link x86_64 certs ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-x86_64.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-ca-x86_64.cer From 546568910fddc392ad2edabe2bb2aa4af485406e Mon Sep 17 00:00:00 2001 From: eabdullin Date: Thu, 4 Jul 2024 14:15:56 +0300 Subject: [PATCH 9/9] Add -fno-omit-frame-pointer to macros.arch_fp --- SPECS/almalinux-release.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/SPECS/almalinux-release.spec b/SPECS/almalinux-release.spec index 504f11f..ba4b084 100644 --- a/SPECS/almalinux-release.spec +++ b/SPECS/almalinux-release.spec @@ -323,6 +323,7 @@ echo '%%__cflags_arch_x86_64_level -v2' >> %{buildroot}%{_sysconfdir}/rpm/macros mkdir -p %{buildroot}%{_sysconfdir}/rpm echo '%%_build_name_fmt %%{ARCH}_fp/%%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}_fp.rpm' > %{buildroot}%{_sysconfdir}/rpm/macros.arch_fp echo '%%x86_64_fp 1' >> %{buildroot}%{_sysconfdir}/rpm/macros.arch_fp +echo '%%optflags %%{optflags} -fno-omit-frame-pointer' >> %{buildroot}%{_sysconfdir}/rpm/macros.arch_fp %endif