AlmaLinux changes

This commit is contained in:
Andrew Lukoshko 2021-09-15 08:30:34 +00:00
parent d5b4a2602d
commit 657b8ce019
6 changed files with 17 additions and 11 deletions

BIN
SOURCES/clsecureboot001.cer Normal file

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -1,3 +1,8 @@
%global dist %{?dist}.alma
%global efi_vendor almalinux
%global efidir almalinux
%global efi_esp_dir /boot/efi/EFI/%{efidir}
%global glib2_version 2.45.8 %global glib2_version 2.45.8
%global libxmlb_version 0.1.3 %global libxmlb_version 0.1.3
%global libgusb_version 0.2.11 %global libgusb_version 0.2.11
@ -54,10 +59,7 @@ Source15: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-x64.cab
# these are numbered high just to keep them wildly away from colliding with # these are numbered high just to keep them wildly away from colliding with
# the real package sources, in order to reduce churn. # the real package sources, in order to reduce churn.
Source300: redhatsecurebootca3.cer Source300: clsecureboot001.cer
Source301: redhatsecureboot301.cer
Source500: redhatsecurebootca5.cer
Source503: redhatsecureboot503.cer
Patch2: 0001-Do-not-use-the-LVFS.patch Patch2: 0001-Do-not-use-the-LVFS.patch
Patch4: deps.patch Patch4: deps.patch
@ -208,11 +210,11 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
%if 0%{?have_uefi} %if 0%{?have_uefi}
-Dplugin_uefi_capsule=true \ -Dplugin_uefi_capsule=true \
-Dplugin_uefi_pk=false \ -Dplugin_uefi_pk=false \
-Defi_sbat_distro_id="rhel" \ -Defi_sbat_distro_id="almalinux" \
-Defi_sbat_distro_summary="Red Hat Enterprise Linux" \ -Defi_sbat_distro_summary="AlmaLinux" \
-Defi_sbat_distro_pkgname="%{name}" \ -Defi_sbat_distro_pkgname="%{name}" \
-Defi_sbat_distro_version="%{version}" \ -Defi_sbat_distro_version="%{version}" \
-Defi_sbat_distro_url="mail:secalert@redhat.com" \ -Defi_sbat_distro_url="mail:security@almalinux.org" \
-Dplugin_tpm=false \ -Dplugin_tpm=false \
%else %else
-Dplugin_uefi_capsule=false \ -Dplugin_uefi_capsule=false \
@ -258,9 +260,7 @@ install %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15}
%global efiarch aa64 %global efiarch aa64
%endif %endif
%global fwup_efi_fn $RPM_BUILD_ROOT%{_libexecdir}/fwupd/efi/fwupd%{efiarch}.efi %global fwup_efi_fn $RPM_BUILD_ROOT%{_libexecdir}/fwupd/efi/fwupd%{efiarch}.efi
%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp -a %{SOURCE300} -c %{SOURCE301} -n redhatsecureboot301 %pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.signed -a %{SOURCE300} -c %{SOURCE301} -n clsecureboot001
%pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed -a %{SOURCE500} -c %{SOURCE503} -n redhatsecureboot503
rm -fv %{fwup_efi_fn}.tmp
%endif %endif
mkdir -p --mode=0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/fwupd/gnupg mkdir -p --mode=0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/fwupd/gnupg
@ -465,6 +465,9 @@ done
%if 0%{?have_uefi} %if 0%{?have_uefi}
%{_datadir}/fwupd/uefi-capsule-ux.tar.xz %{_datadir}/fwupd/uefi-capsule-ux.tar.xz
%endif %endif
%if 0%{?have_modem_manager}
%{_libdir}/fwupd-plugins-3/libfu_plugin_modem_manager.so
%endif
%files devel %files devel
%{_datadir}/gir-1.0/Fwupd-2.0.gir %{_datadir}/gir-1.0/Fwupd-2.0.gir
@ -492,6 +495,9 @@ done
%endif %endif
%changelog %changelog
* Wed Jun 30 2021 Andrew Lukoshko <alukoshko@almalinux.org> - 1.5.9-1.alma
- AlmaLinux changes
* Tue Apr 13 2021 Richard Hughes <richard@hughsie.com> 1.5.9-1 * Tue Apr 13 2021 Richard Hughes <richard@hughsie.com> 1.5.9-1
- Rebase to include the SBAT metadata section to allow fixing BootHole - Rebase to include the SBAT metadata section to allow fixing BootHole
- Resolves: rhbz#1933010 - Resolves: rhbz#1933010
@ -601,7 +607,7 @@ done
* Wed Aug 29 2018 Richard Hughes <richard@hughsie.com> 1.1.1-5 * Wed Aug 29 2018 Richard Hughes <richard@hughsie.com> 1.1.1-5
- Include the certificates for secure boot signing - Include the certificates for secure boot signing
* Tue Aug 23 2018 Richard Hughes <richard@hughsie.com> 1.1.1-4 * Thu Aug 23 2018 Richard Hughes <richard@hughsie.com> 1.1.1-4
- Rebuild to get the EFI executable signed with the Red Hat key - Rebuild to get the EFI executable signed with the Red Hat key
* Thu Aug 23 2018 Richard Hughes <richard@hughsie.com> 1.1.1-3 * Thu Aug 23 2018 Richard Hughes <richard@hughsie.com> 1.1.1-3