Rebuilt to use redhatsecureboot503 signatures
Resolves: rhbz#2007520
This commit is contained in:
Richard Hughes
parent
a9dc0aac7b
commit
6a2b4a0cfd
6
.gitignore
vendored
6
.gitignore
vendored
@ -75,3 +75,9 @@
|
||||
/fwupd-1.5.4.tar.xz
|
||||
/fwupd-1.5.5.tar.xz
|
||||
/fwupd-1.5.9.tar.xz
|
||||
/DBXUpdate-20100307-x64.cab
|
||||
/DBXUpdate-20140413-x64.cab
|
||||
/DBXUpdate-20160809-x64.cab
|
||||
/DBXUpdate-20200729-aa64.cab
|
||||
/DBXUpdate-20200729-ia32.cab
|
||||
/DBXUpdate-20200729-x64.cab
|
||||
|
||||
39
0001-Do-not-use-the-LVFS.patch
Normal file
39
0001-Do-not-use-the-LVFS.patch
Normal file
@ -0,0 +1,39 @@
|
||||
From 945ef070f2095eac32c9438a30f73acd3fda420c Mon Sep 17 00:00:00 2001
|
||||
From: Richard Hughes <richard@hughsie.com>
|
||||
Date: Fri, 24 Sep 2021 09:41:09 +0100
|
||||
Subject: [PATCH] Do not use the LVFS
|
||||
|
||||
---
|
||||
data/remotes.d/lvfs.conf | 2 +-
|
||||
libfwupd/fwupd-self-test.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/data/remotes.d/lvfs.conf b/data/remotes.d/lvfs.conf
|
||||
index f956bc97..f993b970 100644
|
||||
--- a/data/remotes.d/lvfs.conf
|
||||
+++ b/data/remotes.d/lvfs.conf
|
||||
@@ -1,7 +1,7 @@
|
||||
[fwupd Remote]
|
||||
|
||||
# this remote provides metadata and firmware marked as 'stable' from the LVFS
|
||||
-Enabled=true
|
||||
+Enabled=false
|
||||
Title=Linux Vendor Firmware Service
|
||||
MetadataURI=https://cdn.fwupd.org/downloads/firmware.xml.gz
|
||||
ReportURI=https://fwupd.org/lvfs/firmware/report
|
||||
diff --git a/libfwupd/fwupd-self-test.c b/libfwupd/fwupd-self-test.c
|
||||
index 089bfafe..606ceefc 100644
|
||||
--- a/libfwupd/fwupd-self-test.c
|
||||
+++ b/libfwupd/fwupd-self-test.c
|
||||
@@ -190,7 +190,7 @@ fwupd_remote_download_func (void)
|
||||
g_assert_cmpint (fwupd_remote_get_kind (remote), ==, FWUPD_REMOTE_KIND_DOWNLOAD);
|
||||
g_assert_cmpint (fwupd_remote_get_keyring_kind (remote), ==, FWUPD_KEYRING_KIND_JCAT);
|
||||
g_assert_cmpint (fwupd_remote_get_priority (remote), ==, 0);
|
||||
- g_assert (fwupd_remote_get_enabled (remote));
|
||||
+ //g_assert (fwupd_remote_get_enabled (remote));
|
||||
g_assert (fwupd_remote_get_metadata_uri (remote) != NULL);
|
||||
g_assert (fwupd_remote_get_metadata_uri_sig (remote) != NULL);
|
||||
g_assert_cmpstr (fwupd_remote_get_title (remote), ==, "Linux Vendor Firmware Service");
|
||||
--
|
||||
2.32.0
|
||||
|
||||
41
fwupd.spec
41
fwupd.spec
@ -44,13 +44,27 @@
|
||||
Summary: Firmware update daemon
|
||||
Name: fwupd
|
||||
Version: 1.5.9
|
||||
Release: 3%{?dist}
|
||||
Release: 4%{?dist}
|
||||
License: LGPLv2+
|
||||
URL: https://github.com/fwupd/fwupd
|
||||
Source0: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz
|
||||
|
||||
# backport from upstream
|
||||
Source10: http://people.redhat.com/rhughes/dbx/DBXUpdate-20100307-x64.cab
|
||||
Source11: http://people.redhat.com/rhughes/dbx/DBXUpdate-20140413-x64.cab
|
||||
Source12: http://people.redhat.com/rhughes/dbx/DBXUpdate-20160809-x64.cab
|
||||
Source13: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-aa64.cab
|
||||
Source14: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-ia32.cab
|
||||
Source15: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-x64.cab
|
||||
|
||||
# these are numbered high just to keep them wildly away from colliding with
|
||||
# the real package sources, in order to reduce churn.
|
||||
Source300: redhatsecurebootca3.cer
|
||||
Source301: redhatsecureboot301.cer
|
||||
Source500: redhatsecurebootca5.cer
|
||||
Source503: redhatsecureboot503.cer
|
||||
|
||||
Patch0: 13524af2029c2a8a3fb32ef27c39c214d9b5b13c.patch
|
||||
Patch2: 0001-Do-not-use-the-LVFS.patch
|
||||
|
||||
BuildRequires: gettext
|
||||
BuildRequires: glib2-devel >= %{glib2_version}
|
||||
@ -240,6 +254,10 @@ can be flashed using flashrom. It is probably not required on servers.
|
||||
%install
|
||||
%meson_install
|
||||
|
||||
# on RHEL the LVFS is disabled by default
|
||||
mkdir -p %{buildroot}/%{_datadir}/dbxtool
|
||||
install %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} %{buildroot}/%{_datadir}/dbxtool
|
||||
|
||||
# sign fwupd.efi loader
|
||||
%if 0%{?have_uefi}
|
||||
%ifarch x86_64
|
||||
@ -249,10 +267,9 @@ can be flashed using flashrom. It is probably not required on servers.
|
||||
%global efiarch aa64
|
||||
%endif
|
||||
%global fwup_efi_fn $RPM_BUILD_ROOT%{_libexecdir}/fwupd/efi/fwupd%{efiarch}.efi
|
||||
%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp
|
||||
%define __pesign_client_cert fwupd-signer
|
||||
%pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed
|
||||
rm -vf %{fwup_efi_fn}.tmp
|
||||
%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp -a %{SOURCE300} -c %{SOURCE301} -n redhatsecureboot301
|
||||
%pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed -a %{SOURCE500} -c %{SOURCE503} -n redhatsecureboot503
|
||||
rm -fv %{fwup_efi_fn}.tmp
|
||||
%endif
|
||||
|
||||
mkdir -p --mode=0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/fwupd/gnupg
|
||||
@ -336,6 +353,13 @@ done
|
||||
%{_datadir}/polkit-1/actions/org.freedesktop.fwupd.policy
|
||||
%{_datadir}/polkit-1/rules.d/org.freedesktop.fwupd.rules
|
||||
%{_datadir}/dbus-1/system-services/org.freedesktop.fwupd.service
|
||||
%dir %{_datadir}/dbxtool
|
||||
%{_datadir}/dbxtool/DBXUpdate-20100307-x64.cab
|
||||
%{_datadir}/dbxtool/DBXUpdate-20140413-x64.cab
|
||||
%{_datadir}/dbxtool/DBXUpdate-20160809-x64.cab
|
||||
%{_datadir}/dbxtool/DBXUpdate-20200729-aa64.cab
|
||||
%{_datadir}/dbxtool/DBXUpdate-20200729-ia32.cab
|
||||
%{_datadir}/dbxtool/DBXUpdate-20200729-x64.cab
|
||||
%{_mandir}/man1/fwupdtool.1*
|
||||
%{_mandir}/man1/fwupdagent.1*
|
||||
%{_mandir}/man1/dfu-tool.1*
|
||||
@ -481,6 +505,11 @@ done
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Sep 24 2021 Richard Hughes <richard@hughsie.com> 1.5.9-4
|
||||
- Rebuilt to use redhatsecureboot503 signatures
|
||||
- Undo last Fedora sync to use the RHEL-specific patches
|
||||
- Resolves: rhbz#2007520
|
||||
|
||||
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.5.9-3
|
||||
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
|
||||
Related: rhbz#1991688
|
||||
|
||||
BIN
redhatsecureboot301.cer
Normal file
BIN
redhatsecureboot301.cer
Normal file
Binary file not shown.
BIN
redhatsecureboot503.cer
Normal file
BIN
redhatsecureboot503.cer
Normal file
Binary file not shown.
BIN
redhatsecurebootca3.cer
Normal file
BIN
redhatsecurebootca3.cer
Normal file
Binary file not shown.
BIN
redhatsecurebootca5.cer
Normal file
BIN
redhatsecurebootca5.cer
Normal file
Binary file not shown.
6
sources
6
sources
@ -1 +1,7 @@
|
||||
SHA512 (fwupd-1.5.9.tar.xz) = 1d22bb9759bb0fa6a9030c83b3372ffd02f812c34e4d60f83cbacf5793d68dd846b353a3f127eccfb8f2cdcd329ba09320465cd2f0fe422dea13738e5b0b47ed
|
||||
SHA512 (DBXUpdate-20100307-x64.cab) = f8ad56cf015f4cdc5c305856ff1f7a8589c25a2a671708c61883f427f38eb9b6a7abd3f2c8d79ef9d5076222255e42585917f8705a2a4b13f860bad4e02ec409
|
||||
SHA512 (DBXUpdate-20140413-x64.cab) = 75771876a2309fa8ca083c2e76520173d434229b7cacf1e7636bd9b1bc4f871d745c348b9792bfb65fd9f40ef54c25bb427b1431151e817e7050b7829456731a
|
||||
SHA512 (DBXUpdate-20160809-x64.cab) = c27c564999ae84515540f1a598cd0fd9ef3a80cdfaaf439f1c4cb04eaee0e73074548b6d76c21ca3af1ba9c4c0625907e821582998eb5617e33ecd412e6c8a13
|
||||
SHA512 (DBXUpdate-20200729-aa64.cab) = 7a0cea13ed9b645fd9f1d5e3410a451d83643a75f5dc603272b0771b093f2c012f9a19419160403631c250cf64127ad2ce1c8fa2079b04064af73fe85b9add33
|
||||
SHA512 (DBXUpdate-20200729-ia32.cab) = 578ec9cccf2001b8bfa54b66809a1662269677050e74bd3225536fbd2be56a8162c48669bd16ea553723580195df1693a28dc01fc1cf62ff06e36a2c5568f74f
|
||||
SHA512 (DBXUpdate-20200729-x64.cab) = b8b195167d286a3f16aaa7c89149a0d5b4c8f53080e3265758b912f250fa655533c603359b7d1c989ebad6953ce443809b3317ec1d00f750326945ee0537e43b
|
||||
|
||||
Loading…
Reference in New Issue
Block a user