From 3e80f8f15098893a7f002e99bb990301742b3ea7 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Mon, 19 May 2025 11:21:35 +0300 Subject: [PATCH 1/4] 10.0 stable --- 90-default.preset | 15 ++++++++--- almalinux-release.spec | 55 +++++++++++++++++++++++++++-------------- alsecureboot001.cer | Bin 1787 -> 0 bytes alsecureboot1.cer | Bin 0 -> 999 bytes alsecurebootca1.cer | Bin 0 -> 970 bytes 5 files changed, 48 insertions(+), 22 deletions(-) delete mode 100644 alsecureboot001.cer create mode 100644 alsecureboot1.cer create mode 100644 alsecurebootca1.cer diff --git a/90-default.preset b/90-default.preset index c462b65..3abff62 100644 --- a/90-default.preset +++ b/90-default.preset @@ -56,7 +56,7 @@ enable avahi-daemon.* enable cups.socket enable cups.path -# RHELBLD-15232: We need the full service enabled to act as a print server +# RHEL-37762: We need the full service enabled to act as a print server enable cups.service # The various syslog implementations @@ -360,6 +360,10 @@ enable device_cio_free.service # https://bugzilla.redhat.com/show_bug.cgi?id=1630514 enable stratisd.service +# nvme auto connect +# RHEL-76850 +enable nvmefc-boot-connections.service + # Enable a service to finalize staged OSTree changes at shutdown # https://bugzilla.redhat.com/show_bug.cgi?id=1639372 enable ostree-finalize-staged.path @@ -419,9 +423,9 @@ enable thermald.service # https://pagure.io/fesco/issue/2457 enable uresourced.service -# enable power-profiles-daemon -# https://pagure.io/fedora-workstation/issue/191 -enable power-profiles-daemon.service +# enable tuned-ppd.service +# https://issues.redhat.com/browse/RHEL-68853 +enable tuned-ppd.service # Enable clevis-luks-askpass.path # https://bugzilla.redhat.com/show_bug.cgi?id=2101719 @@ -465,3 +469,6 @@ enable cockpit.socket # https://fedoraproject.org/wiki/Changes/EnableFwupdRefreshByDefault enable fwupd-refresh.timer + +# RHEL-67012 +enable fips-crypto-policy-overlay.service diff --git a/almalinux-release.spec b/almalinux-release.spec index f2bf688..fe82f10 100644 --- a/almalinux-release.spec +++ b/almalinux-release.spec @@ -3,12 +3,12 @@ %global major 10 %global minor 0 %global eol_date 2035-06-01 -%global beta Beta Name: almalinux-release Version: %{major}.%{minor} -Release: 14.4%{?dist} +Release: 30%{?dist} Summary: %{distro} release files +Group: System Environment/Base License: GPL-2.0-or-later URL: https://almalinux.org @@ -30,7 +30,8 @@ Provides: redhat-release = %{version}-%{release} # https://github.com/rpm-software-management/dnf/blob/4.2.23/dnf/const.py.in#L26 Provides: system-release = %{version}-%{release} Provides: system-release(releasever) = %{major} -Conflicts: system-release +Provides: system-release(releasever_major) = %{major} +Provides: system-release(releasever_minor) = %{minor} # required by libdnf # https://github.com/rpm-software-management/libdnf/blob/0.48.0/libdnf/module/ModulePackage.cpp#L472 @@ -45,7 +46,15 @@ Source302: 90-default-user.preset Source303: 99-default-disable.preset Source304: 50-redhat.conf -Source400: alsecureboot001.cer +Source400: alsecurebootca1.cer +# kernel signing certificate +Source401: alsecureboot1.cer +# grub2 signing certificate +Source402: alsecureboot1.cer +# Fwupd signing certificate +Source403: alsecureboot1.cer +# UKI signing certificate +Source404: alsecureboot1.cer Source500: almalinux-appstream.repo Source501: almalinux-baseos.repo @@ -186,6 +195,13 @@ cat > %{buildroot}%{_rpmmacrodir}/macros.dist << EOF %%dist_bug_report_url %{dist_bug_report_url} EOF +# make almalinux-release a protected package +install -p -d -m 755 %{buildroot}%{_sysconfdir}/dnf/protected.d/ +touch almalinux-release.conf +echo almalinux-release > almalinux-release.conf +install -p -c -m 0644 almalinux-release.conf %{buildroot}%{_sysconfdir}/dnf/protected.d/ +rm -f almalinux-release.conf + # use unbranded datadir install -d -m 0755 %{buildroot}%{_datadir}/almalinux-release ln -s almalinux-release %{buildroot}%{_datadir}/redhat-release @@ -216,29 +232,29 @@ install -d -m 0755 %{buildroot}%{_datadir}/pki/sb-certs/ # Install aarch64 certs install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-aarch64.cer -install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-aarch64.cer -install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-aarch64.cer -install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-aarch64.cer -install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-aarch64.cer +install -m 644 %{SOURCE401} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-aarch64.cer +install -m 644 %{SOURCE402} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-aarch64.cer +install -m 644 %{SOURCE403} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-aarch64.cer +install -m 644 %{SOURCE404} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-aarch64.cer # Install x86_64 certs install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-x86_64.cer -install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-x86_64.cer -install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-x86_64.cer -install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-x86_64.cer -install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-x86_64.cer +install -m 644 %{SOURCE401} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-x86_64.cer +install -m 644 %{SOURCE402} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-x86_64.cer +install -m 644 %{SOURCE403} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-x86_64.cer +install -m 644 %{SOURCE404} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-x86_64.cer # Install ppc64le certs install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-ppc64le.cer -install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-ppc64le.cer -install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-ppc64le.cer -install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-ppc64le.cer +install -m 644 %{SOURCE401} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-ppc64le.cer +install -m 644 %{SOURCE402} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-ppc64le.cer +install -m 644 %{SOURCE404} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-ppc64le.cer # Install s390x certs install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-s390x.cer -install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-s390x.cer -install -m 644 %{SOURCE400} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-s390x.cer +install -m 644 %{SOURCE401} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-s390x.cer +install -m 644 %{SOURCE404} %{buildroot}%{_datadir}/pki/sb-certs/secureboot-uki-virt-s390x.cer # Link x86_64 certs ln -sr %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-x86_64.cer %{buildroot}%{_sysconfdir}/pki/sb-certs/secureboot-ca-x86_64.cer @@ -274,7 +290,6 @@ install -p -m 0644 %{SOURCE503} %{buildroot}%{_sysconfdir}/yum.repos.d/ install -p -m 0644 %{SOURCE504} %{buildroot}%{_sysconfdir}/yum.repos.d/ install -p -m 0644 %{SOURCE505} %{buildroot}%{_sysconfdir}/yum.repos.d/ install -p -m 0644 %{SOURCE506} %{buildroot}%{_sysconfdir}/yum.repos.d/ -install -p -m 0644 %{SOURCE507} %{buildroot}%{_sysconfdir}/yum.repos.d/ # RT and NFV are only for x86_64 %ifarch x86_64 install -p -m 0644 %{SOURCE510} %{buildroot}%{_sysconfdir}/yum.repos.d/ @@ -319,6 +334,7 @@ echo '%%x86_64_v2 1' >> %{buildroot}%{_sysconfdir}/rpm/macros.x86_64_v2 %config(noreplace) %{_sysconfdir}/issue %config(noreplace) %{_sysconfdir}/issue.net %dir %{_sysconfdir}/issue.d +%{_sysconfdir}/dnf/protected.d/almalinux-release.conf %dir %{_sysconfdir}/yum.repos.d %ghost %{_sysconfdir}/yum.repos.d/redhat.repo %{_rpmmacrodir}/macros.dist @@ -358,5 +374,8 @@ echo '%%x86_64_v2 1' >> %{buildroot}%{_sysconfdir}/rpm/macros.x86_64_v2 %{_sysconfdir}/pki/rpm-gpg %changelog +* Mon May 19 2025 Eduard Abdullin - 10.0-30 +- 10.0 stable release + * Mon Nov 25 2024 Eduard Abdullin - 10.0-14.4 - Initial release diff --git a/alsecureboot001.cer b/alsecureboot001.cer deleted file mode 100644 index 6a4e99b9ed921c4af3db55a619260f1ab76110dc..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1787 zcmb7Edpy%?9NzEu+YQ4qp+X~z$hNhS)Qi`TME^-dksg&-Xq2Cz{bpoK?*v3Lr+#1l0EMjD_^(GTMD zB!UPL)n5=TknqD$I+(55K`6BGoxr#aQ34*7AqwMDg9H&mfiQx~@Sw6ns4M2o1LnrM zj*bAGgM!g7R1KZf5ID|pa&dAA1xdG2GSJgV;wS_sr+Fwqoly#ygx9gdLs&@Wya0v} z3LG4SP65Uf7hwvK$&cd3bH#kr3{2A~=u->>#eywd37;Auj^GLf30#RlB%EMPEi-l+ zkwox{5{U(2T$BpTN6nIqJ))wy{sLj#R%$>H)k_p74EruH#z6j)0c5b{#3zMt7(@o^ zW7O-~undMU6>I1J?%P(;)EDTd~@7#vAD%qZ-ufkhh?j~ zapii8FZ6l4l2j4>$6Kvd%=FCfQ#Hi8bqZPzauDLVg0k(jF6nNqtfiz|Wxur8bX2ad zdVcV5sacnCY_nO@_S&kodX}Gu=_h9qjw-&C&Q?YW8|~hwL@-lYMZxo*mT|n_rq!Dq zNO?Kr*Z&ajuCl*+CptA}bH}3+sZUn7lNIOqU@O10Y8v~wWKcZqMh{nDsrrHAqC?Fn zC5Od?^TaPN9vZwE>ENKiT9WIkzve%`+%Pg-+wtWhW?EoI?ykMo1m;;krtqoqrdY(Z z>AG~nTPIVAdtr9e$os^OcI}Pat4B7uw#bZr_Ev0CoO20G4yS!W8C%*eNtWAYpL#d* zedparl{a8zs7XrL79O+)cgO3rRq(Xe?bv+=_YavC&C0sI{5@^Isw>gKnC3h)7Af**$k{YWr>DKj@ce|HuYY$w-4X7busAnE?sO0 z%rpc&tP$2Q5p}pRNtx`QBY$$Hy}hi^EzC7xG%sfQ5Hy0tA}}ElkTi6P2EzaYC>lh= zl7Kdzs16YhM?esDptRPfdPAw7JRwLkg(U+Y4UdZT1n$5IPa2Kec@%;nJOpT9#`r7@ z85u`PBr&nB4i2&3%Ye=kMLRG8g8%`Ki%23t2=LQLO~*2UT1>u3z97|AGoqg0iKFNf zr^ZU-duM1WW2`Y49;^^`UC`BhARRwieNz#L243SBz!P*O|5I1;uO$Gbj#^URPsEFj znJ5J48Yh#m)_^Ae=Lv|2+!#zIQG$c)nJj+~w#N#V{a95^486KX5gC+(`LS(LuYLx& zmK=g#7W3C{btC1qgXHu|&hAt1mVpg9@qz7)LQjirTbE=%tB>VaJ{w|W+SRlqtM=qq z`BZ#(0JZP>i7X28yp;YFwn*+V^|hB(LiOc)PaARBXXK%~jS_tFjUyY$QX;*+r0V45 zkE=pT=tBm1C+#j}43w`s`%TdlzpX-LE<>U=F6|4*<{yn&V-xIkW##-D?u9_i{=os1 zQ~fq=HHqcUdPH1KbNZa$#kq3WF+jPXnVa;%`a)vjg(LknHdCYpovzocJ`VZSGQKX% z9VuvTNmoc+L-8N(4b3q2QAF;sQhj@I*nzv-=TicK8=0_FUZQQx>WuhjaYMX_P|t&zHv TseG#v;Fg#3=RT@0&At3@_pP4Z diff --git a/alsecureboot1.cer b/alsecureboot1.cer new file mode 100644 index 0000000000000000000000000000000000000000..e6bb9db458dcdd38c1d601a5160ce8464ad028e0 GIT binary patch literal 999 zcmXqLVt#DU#B_QAGZP~dlSq=$x3`I_j%l#2FGy70?o}0&^C`xFmyJ`a&7`|WU>24@s0aobma5>CpI@Tj>}Vh-&TC|9U~Ft?Xklb& zVh|5{Q*3?l-?gr~{?8kbg0b5t?lBx5kIj7}g65w>>_kj-vx$A0zuP(QmrG2u2oc z48%ZuRS=)YfQyYon~jl`m7ST{Ko%s<$0Eie@_$b83%6N8)15EgoM>+NBkWY&gl=$> zkyU1qFc51HIoS8|=e1RqCd=#0HZEQp>z27>$v)(`0j5`A+%Ph@OKKIL-ult%`<1Av z5-(2v5nVsM&G$=Ot(U)hQd!P8?3PlTo-)sPC%) z%GRv~6F;VMvx!~hPrProZ&#m`UU0&*YmVC)`!Achh~HyQ{q4DbyFt~aQ_2ejlC}W= DeSwFp literal 0 HcmV?d00001 diff --git a/alsecurebootca1.cer b/alsecurebootca1.cer new file mode 100644 index 0000000000000000000000000000000000000000..d086cd53c500ca15c889ff2b32c5b6167e162cb5 GIT binary patch literal 970 zcmXqLVm@Zj#I$Y!GZP~dlOV(4Zs(9&d=69Em3g11sAkV^L6cZ~>O)f3UEU9!z%*jp6$;>OQ(917MH&if?V`C0w;Sv^i1d98B#1;I5 z72NVm^HLH^GV}8c6%FJ;Dwu^O5GsN}hNUVv<>!|uI6E51iSrtn7#JIx7#Nxw8X8B5 z^BN;_>Fk;&MkVCnU}R-rZerwTFlb`rVrpV!WY}_t7Ne;@l2>AiQadDHC2MrTVB zO(Lpfw^>Si%esGJa$bBkT4%~@SA&z4SLRpsX_nubYp1hTKIzu}WsAQ2p~ zvdSzH24W2&2m4H!6-7=Rf*=N89jCompM#ldvEWm`W}#J zxk}xi#o5);HktIgnC#)1`JOlE+oS{&KE=3)&u#8$74Y|m%cOL+Z;IVzN<(T-->Cg@tAgaZeR7U zoO6kLraH9v^FEAbn0rzC{=8|?{>9&=0(}ZDUbr5qpi+Ngkv!MxEhXG;4@Gr@<_V~8 hz1^Yl@Bi1C6W7#=r%k@Xm3H;jpD6o4&JuOO^8kV}d_DjG literal 0 HcmV?d00001 -- 2.47.3 From 4ad4fbd62a25032d5f11e665393d109b0f5ff9b8 Mon Sep 17 00:00:00 2001 From: Neal Gompa Date: Thu, 29 May 2025 19:11:18 -0400 Subject: [PATCH 2/4] Enable CRB repository by default --- almalinux-crb.repo | 2 +- almalinux-release.spec | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/almalinux-crb.repo b/almalinux-crb.repo index 2783373..0e4a896 100644 --- a/almalinux-crb.repo +++ b/almalinux-crb.repo @@ -2,7 +2,7 @@ name=AlmaLinux $releasever - CRB mirrorlist=https://mirrors.almalinux.org/mirrorlist/$releasever/crb # baseurl=https://repo.almalinux.org/almalinux/$releasever/CRB/$basearch/os/ -enabled=0 +enabled=1 gpgcheck=1 countme=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-AlmaLinux-10 diff --git a/almalinux-release.spec b/almalinux-release.spec index fe82f10..0874a11 100644 --- a/almalinux-release.spec +++ b/almalinux-release.spec @@ -6,7 +6,7 @@ Name: almalinux-release Version: %{major}.%{minor} -Release: 30%{?dist} +Release: 31%{?dist} Summary: %{distro} release files Group: System Environment/Base License: GPL-2.0-or-later @@ -374,6 +374,9 @@ echo '%%x86_64_v2 1' >> %{buildroot}%{_sysconfdir}/rpm/macros.x86_64_v2 %{_sysconfdir}/pki/rpm-gpg %changelog +* Thu May 29 2025 Neal Gompa - 10.0-31 +- Enable CRB repository by default + * Mon May 19 2025 Eduard Abdullin - 10.0-30 - 10.0 stable release -- 2.47.3 From 1a55e1eba8be1d825cb84524a14330c09fd9a6a1 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 27 Aug 2025 14:26:02 +0300 Subject: [PATCH 3/4] Redefine __cflags_arch_x86_64_level and __cflags_arch_x86_64 macroses for x86_64_v2 --- almalinux-release.spec | 10 +++++++--- macros.x86_64_v2 | 4 ++++ 2 files changed, 11 insertions(+), 3 deletions(-) create mode 100644 macros.x86_64_v2 diff --git a/almalinux-release.spec b/almalinux-release.spec index 0874a11..949e308 100644 --- a/almalinux-release.spec +++ b/almalinux-release.spec @@ -6,7 +6,7 @@ Name: almalinux-release Version: %{major}.%{minor} -Release: 31%{?dist} +Release: 31%{?dist}.0.1 Summary: %{distro} release files Group: System Environment/Base License: GPL-2.0-or-later @@ -69,6 +69,8 @@ Source511: almalinux-rt.repo Source600: RPM-GPG-KEY-AlmaLinux-10 +Source700: macros.x86_64_v2 + %package -n almalinux-sb-certs Summary: %{distro} public secureboot certificates Group: System Environment/Base @@ -319,8 +321,7 @@ install -p -m 0644 %{SOURCE600} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/ # These variables should be set in the build environment to change rpm names mkdir -p %{buildroot}%{_sysconfdir}/rpm %ifarch x86_64_v2 -echo '%%_target_platform x86_64-%%{_vendor}-%%{_target_os}%%{?_gnu}' >> %{buildroot}%{_sysconfdir}/rpm/macros.x86_64_v2 -echo '%%x86_64_v2 1' >> %{buildroot}%{_sysconfdir}/rpm/macros.x86_64_v2 +install -p -m 0644 %{SOURCE700} %{buildroot}%{_sysconfdir}/rpm/ %endif @@ -374,6 +375,9 @@ echo '%%x86_64_v2 1' >> %{buildroot}%{_sysconfdir}/rpm/macros.x86_64_v2 %{_sysconfdir}/pki/rpm-gpg %changelog +* Wed Aug 27 2025 Eduard Abdullin - 10.0-31.0.1 +- Redefine __cflags_arch_x86_64_level and __cflags_arch_x86_64 macroses for x86_64_v2 + * Thu May 29 2025 Neal Gompa - 10.0-31 - Enable CRB repository by default diff --git a/macros.x86_64_v2 b/macros.x86_64_v2 new file mode 100644 index 0000000..76e1942 --- /dev/null +++ b/macros.x86_64_v2 @@ -0,0 +1,4 @@ +%_target_platform x86_64-%{_vendor}-%{_target_os}%{?_gnu} +%x86_64_v2 1 +%__cflags_arch_x86_64_level %[0%{?x86_64_v2} ? "-v2" : ""]%[ (!0%{?x86_64_v2} && 0%{?rhel} == 9) ? "-v2" : ""]%[ (!0%{?x86_64_v2} && 0%{?rhel} > 9) ? "-v3" : ""] +%__cflags_arch_x86_64 -march=x86-64%{?__cflags_arch_x86_64_level:%{__cflags_arch_x86_64_level}} -- 2.47.3 From 217641c88d1287a03450caa947045a24a9244d51 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 9 Sep 2025 10:33:56 +0300 Subject: [PATCH 4/4] Bump release --- almalinux-release.spec | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/almalinux-release.spec b/almalinux-release.spec index 949e308..6d3dbff 100644 --- a/almalinux-release.spec +++ b/almalinux-release.spec @@ -6,7 +6,7 @@ Name: almalinux-release Version: %{major}.%{minor} -Release: 31%{?dist}.0.1 +Release: 32%{?dist} Summary: %{distro} release files Group: System Environment/Base License: GPL-2.0-or-later @@ -375,7 +375,7 @@ install -p -m 0644 %{SOURCE700} %{buildroot}%{_sysconfdir}/rpm/ %{_sysconfdir}/pki/rpm-gpg %changelog -* Wed Aug 27 2025 Eduard Abdullin - 10.0-31.0.1 +* Tue Sep 09 2025 Eduard Abdullin - 10.0-32 - Redefine __cflags_arch_x86_64_level and __cflags_arch_x86_64 macroses for x86_64_v2 * Thu May 29 2025 Neal Gompa - 10.0-31 -- 2.47.3