diff --git a/SOURCES/redhatsecureboot301.cer b/SOURCES/redhatsecureboot301.cer deleted file mode 100644 index 4ff8b79..0000000 Binary files a/SOURCES/redhatsecureboot301.cer and /dev/null differ diff --git a/SOURCES/redhatsecureboot503.cer b/SOURCES/redhatsecureboot503.cer deleted file mode 100644 index 50e375c..0000000 Binary files a/SOURCES/redhatsecureboot503.cer and /dev/null differ diff --git a/SOURCES/redhatsecurebootca3.cer b/SOURCES/redhatsecurebootca3.cer deleted file mode 100644 index b235400..0000000 Binary files a/SOURCES/redhatsecurebootca3.cer and /dev/null differ diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer deleted file mode 100644 index dfb0284..0000000 Binary files a/SOURCES/redhatsecurebootca5.cer and /dev/null differ diff --git a/SPECS/fwupd.spec b/SPECS/fwupd.spec index 5b57d00..f614eed 100644 --- a/SPECS/fwupd.spec +++ b/SPECS/fwupd.spec @@ -1,3 +1,8 @@ +%global dist %{?dist}.alma +%global efi_vendor almalinux +%global efidir almalinux +%global efi_esp_dir /boot/efi/EFI/%{efidir} + %global glib2_version 2.45.8 %global libxmlb_version 0.1.3 %global libgusb_version 0.3.5 @@ -58,12 +63,6 @@ Source13: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-aa64.cab Source14: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-ia32.cab Source15: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-x64.cab -# these are numbered high just to keep them wildly away from colliding with -# the real package sources, in order to reduce churn. -Source300: redhatsecurebootca3.cer -Source301: redhatsecureboot301.cer -Source500: redhatsecurebootca5.cer -Source503: redhatsecureboot503.cer # Backported from upstream Patch1: 0001-Fix-compiling-with-new-versions-of-efivar.patch @@ -228,11 +227,11 @@ tar xfvs %{SOURCE2} -C subprojects/fwupd-efi --strip-components=1 -Dplugin_uefi_pk=true \ -Defi_os_dir=%{efi_vendor} \ %ifarch x86_64 - -Dfwupd-efi:efi_sbat_distro_id="rhel" \ - -Dfwupd-efi:efi_sbat_distro_summary="Red Hat Enterprise Linux" \ + -Dfwupd-efi:efi_sbat_distro_id="almalinux" \ + -Dfwupd-efi:efi_sbat_distro_summary="AlmaLinux" \ -Dfwupd-efi:efi_sbat_distro_pkgname="%{name}" \ -Dfwupd-efi:efi_sbat_distro_version="%{version}" \ - -Dfwupd-efi:efi_sbat_distro_url="mail:secalert@redhat.com" \ + -Dfwupd-efi:efi_sbat_distro_url="security@almalinux.org" \ -Dfwupd-efi:efi-libdir="/usr/lib64" \ %endif -Dplugin_tpm=true \ @@ -276,12 +275,18 @@ mkdir -p %{buildroot}/%{_datadir}/dbxtool install %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} %{buildroot}/%{_datadir}/dbxtool # sign fwupd.efi loader +%if 0%{?have_uefi} %ifarch x86_64 %global efiarch x64 +%endif +%ifarch aarch64 +%global efiarch aa64 +%endif %global fwup_efi_fn $RPM_BUILD_ROOT%{_libexecdir}/fwupd/efi/fwupd%{efiarch}.efi -%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp -a %{SOURCE300} -c %{SOURCE301} -n redhatsecureboot301 -%pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed -a %{SOURCE500} -c %{SOURCE503} -n redhatsecureboot503 -rm -fv %{fwup_efi_fn}.tmp +%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp +%define __pesign_client_cert fwupd-signer +%pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed +rm -vf %{fwup_efi_fn}.tmp %endif mkdir -p --mode=0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/fwupd/gnupg @@ -538,6 +543,9 @@ done %endif %changelog +* Tue May 17 2022 Eduard Abdullin - 1.7.4-2.alma +- AlmaLinux changes + * Thu Mar 31 2022 Richard Hughes 1.7.4-2 - Use the efi_vendor variable from EFI-RPM - Resolves: rhbz#2007520