AlmaLinux changes

This commit is contained in:
Andrew Lukoshko 2022-04-27 15:24:45 +00:00
parent 053c791356
commit 1cc2bb6932
5 changed files with 32 additions and 40 deletions

BIN
SOURCES/almalinuxdup1.x509 Normal file

Binary file not shown.

Binary file not shown.

BIN
SOURCES/clsecureboot001.cer Normal file

Binary file not shown.

View File

@ -5,9 +5,9 @@ prompt = no
x509_extensions = myexts
[ req_distinguished_name ]
O = Red Hat
CN = Red Hat Enterprise Linux kernel signing key
emailAddress = secalert@redhat.com
O = AlmaLinux
CN = AlmaLinux kernel signing key
emailAddress = security@almalinux.org
[ myexts ]
basicConstraints=critical,CA:FALSE

View File

@ -452,44 +452,36 @@ Source9: x509.genkey
%if %{?released_kernel}
Source10: redhatsecurebootca5.cer
Source11: redhatsecurebootca3.cer
Source12: redhatsecureboot501.cer
Source13: redhatsecureboot301.cer
Source14: secureboot_s390.cer
Source15: secureboot_ppc.cer
Source10: clsecureboot001.cer
%define secureboot_ca_0 %{SOURCE11}
%define secureboot_ca_0 %{SOURCE10}
%define secureboot_ca_1 %{SOURCE10}
%ifarch x86_64 aarch64
%define secureboot_key_0 %{SOURCE13}
%define pesign_name_0 redhatsecureboot301
%define secureboot_key_1 %{SOURCE12}
%define pesign_name_1 redhatsecureboot501
%define secureboot_key_0 %{SOURCE10}
%define pesign_name_0 clsecureboot001
%define secureboot_key_1 %{SOURCE10}
%define pesign_name_1 clsecureboot001
%endif
%ifarch s390x
%define secureboot_key_0 %{SOURCE14}
%define pesign_name_0 redhatsecureboot302
%define secureboot_key_0 %{SOURCE10}
%define pesign_name_0 clsecureboot001
%endif
%ifarch ppc64le
%define secureboot_key_0 %{SOURCE15}
%define pesign_name_0 redhatsecureboot303
%define secureboot_key_0 %{SOURCE10}
%define pesign_name_0 clsecureboot001
%endif
# released_kernel
%else
Source11: redhatsecurebootca4.cer
Source12: redhatsecurebootca2.cer
Source13: redhatsecureboot401.cer
Source14: redhatsecureboot003.cer
Source10: clsecureboot001.cer
%define secureboot_ca_0 %{SOURCE12}
%define secureboot_ca_1 %{SOURCE11}
%define secureboot_key_0 %{SOURCE14}
%define pesign_name_0 redhatsecureboot003
%define secureboot_key_1 %{SOURCE13}
%define pesign_name_1 redhatsecureboot401
%define secureboot_ca_0 %{SOURCE10}
%define secureboot_ca_1 %{SOURCE10}
%define secureboot_key_0 %{SOURCE10}
%define pesign_name_0 clsecureboot001
%define secureboot_key_1 %{SOURCE10}
%define pesign_name_1 clsecureboot001
# released_kernel
%endif
@ -521,8 +513,8 @@ Source43: generate_bls_conf.sh
Source44: mod-internal.list
Source100: rheldup3.x509
Source101: rhelkpatch1.x509
Source100: almalinuxdup1.x509
Source101: almalinuxkpatch1.x509
%if %{with_kabichk}
Source200: check-kabi
@ -560,8 +552,8 @@ Patch999999: linux-kernel-test.patch
BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root
%description
This is the package which provides the Linux %{name} for Red Hat Enterprise
Linux. It is based on upstream Linux at version %{version} and maintains kABI
This is the package which provides the Linux %{name} for AlmaLinux.
It is based on upstream Linux at version %{version} and maintains kABI
compatibility of a set of approved symbols, however it is heavily modified with
backports and fixes pulled from newer upstream Linux %{name} releases. This means
this is not a %{version} kernel anymore: it includes several components which come
@ -569,7 +561,7 @@ from newer upstream linux versions, while maintaining a well tested and stable
core. Some of the components/backports that may be pulled in are: changes like
updates to the core kernel (eg.: scheduler, cgroups, memory management, security
fixes and features), updates to block layer, supported filesystems, major driver
updates for supported hardware in Red Hat Enterprise Linux, enhancements for
updates for supported hardware in AlmaLinux, enhancements for
enterprise customers, etc.
#
@ -811,14 +803,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
%endif
%package -n %{name}-abi-stablelists
Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
Summary: The AlmaLinux kernel ABI symbol stablelists
Group: System Environment/Kernel
AutoReqProv: no
Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release}
Provides: %{name}-abi-whitelists
%description -n %{name}-abi-stablelists
The kABI package contains information pertaining to the Red Hat Enterprise
Linux kernel ABI, including lists of kernel symbols that are needed by
The kABI package contains information pertaining to the AlmaLinux
kernel ABI, including lists of kernel symbols that are needed by
external Linux kernel modules, and a yum plugin to aid enforcement.
%if %{with_kabidw_base}
@ -827,8 +819,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
Group: System Environment/Kernel
AutoReqProv: no
%description kernel-kabidw-base-internal
The package contains data describing the current ABI of the Red Hat Enterprise
Linux kernel, suitable for the kabi-dw tool.
The package contains data describing the current ABI of the AlmaLinux
kernel, suitable for the kabi-dw tool.
%endif
#
@ -900,7 +892,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
AutoReq: no\
AutoProv: yes\
%description %{?1:%{1}-}modules-internal\
This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
This package provides kernel modules for the %{?2:%{2} }kernel package for AlmaLinux internal usage.\
%{nil}
#
@ -1747,7 +1739,7 @@ BuildKernel() {
# build a BLS config for this kernel
%{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}"
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
# AlmaLinux UEFI Secure Boot CA cert, which can be used to authenticate the kernel
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
%ifarch x86_64 aarch64
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20200609.cer