AlmaLinux changes
This commit is contained in:
parent
053c791356
commit
1cc2bb6932
BIN
SOURCES/almalinuxdup1.x509
Normal file
BIN
SOURCES/almalinuxdup1.x509
Normal file
Binary file not shown.
BIN
SOURCES/almalinuxkpatch1.x509
Normal file
BIN
SOURCES/almalinuxkpatch1.x509
Normal file
Binary file not shown.
BIN
SOURCES/clsecureboot001.cer
Normal file
BIN
SOURCES/clsecureboot001.cer
Normal file
Binary file not shown.
@ -5,9 +5,9 @@ prompt = no
|
||||
x509_extensions = myexts
|
||||
|
||||
[ req_distinguished_name ]
|
||||
O = Red Hat
|
||||
CN = Red Hat Enterprise Linux kernel signing key
|
||||
emailAddress = secalert@redhat.com
|
||||
O = AlmaLinux
|
||||
CN = AlmaLinux kernel signing key
|
||||
emailAddress = security@almalinux.org
|
||||
|
||||
[ myexts ]
|
||||
basicConstraints=critical,CA:FALSE
|
||||
|
@ -452,44 +452,36 @@ Source9: x509.genkey
|
||||
|
||||
%if %{?released_kernel}
|
||||
|
||||
Source10: redhatsecurebootca5.cer
|
||||
Source11: redhatsecurebootca3.cer
|
||||
Source12: redhatsecureboot501.cer
|
||||
Source13: redhatsecureboot301.cer
|
||||
Source14: secureboot_s390.cer
|
||||
Source15: secureboot_ppc.cer
|
||||
Source10: clsecureboot001.cer
|
||||
|
||||
%define secureboot_ca_0 %{SOURCE11}
|
||||
%define secureboot_ca_0 %{SOURCE10}
|
||||
%define secureboot_ca_1 %{SOURCE10}
|
||||
%ifarch x86_64 aarch64
|
||||
%define secureboot_key_0 %{SOURCE13}
|
||||
%define pesign_name_0 redhatsecureboot301
|
||||
%define secureboot_key_1 %{SOURCE12}
|
||||
%define pesign_name_1 redhatsecureboot501
|
||||
%define secureboot_key_0 %{SOURCE10}
|
||||
%define pesign_name_0 clsecureboot001
|
||||
%define secureboot_key_1 %{SOURCE10}
|
||||
%define pesign_name_1 clsecureboot001
|
||||
%endif
|
||||
%ifarch s390x
|
||||
%define secureboot_key_0 %{SOURCE14}
|
||||
%define pesign_name_0 redhatsecureboot302
|
||||
%define secureboot_key_0 %{SOURCE10}
|
||||
%define pesign_name_0 clsecureboot001
|
||||
%endif
|
||||
%ifarch ppc64le
|
||||
%define secureboot_key_0 %{SOURCE15}
|
||||
%define pesign_name_0 redhatsecureboot303
|
||||
%define secureboot_key_0 %{SOURCE10}
|
||||
%define pesign_name_0 clsecureboot001
|
||||
%endif
|
||||
|
||||
# released_kernel
|
||||
%else
|
||||
|
||||
Source11: redhatsecurebootca4.cer
|
||||
Source12: redhatsecurebootca2.cer
|
||||
Source13: redhatsecureboot401.cer
|
||||
Source14: redhatsecureboot003.cer
|
||||
Source10: clsecureboot001.cer
|
||||
|
||||
%define secureboot_ca_0 %{SOURCE12}
|
||||
%define secureboot_ca_1 %{SOURCE11}
|
||||
%define secureboot_key_0 %{SOURCE14}
|
||||
%define pesign_name_0 redhatsecureboot003
|
||||
%define secureboot_key_1 %{SOURCE13}
|
||||
%define pesign_name_1 redhatsecureboot401
|
||||
%define secureboot_ca_0 %{SOURCE10}
|
||||
%define secureboot_ca_1 %{SOURCE10}
|
||||
%define secureboot_key_0 %{SOURCE10}
|
||||
%define pesign_name_0 clsecureboot001
|
||||
%define secureboot_key_1 %{SOURCE10}
|
||||
%define pesign_name_1 clsecureboot001
|
||||
|
||||
# released_kernel
|
||||
%endif
|
||||
@ -521,8 +513,8 @@ Source43: generate_bls_conf.sh
|
||||
|
||||
Source44: mod-internal.list
|
||||
|
||||
Source100: rheldup3.x509
|
||||
Source101: rhelkpatch1.x509
|
||||
Source100: almalinuxdup1.x509
|
||||
Source101: almalinuxkpatch1.x509
|
||||
|
||||
%if %{with_kabichk}
|
||||
Source200: check-kabi
|
||||
@ -560,8 +552,8 @@ Patch999999: linux-kernel-test.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root
|
||||
|
||||
%description
|
||||
This is the package which provides the Linux %{name} for Red Hat Enterprise
|
||||
Linux. It is based on upstream Linux at version %{version} and maintains kABI
|
||||
This is the package which provides the Linux %{name} for AlmaLinux.
|
||||
It is based on upstream Linux at version %{version} and maintains kABI
|
||||
compatibility of a set of approved symbols, however it is heavily modified with
|
||||
backports and fixes pulled from newer upstream Linux %{name} releases. This means
|
||||
this is not a %{version} kernel anymore: it includes several components which come
|
||||
@ -569,7 +561,7 @@ from newer upstream linux versions, while maintaining a well tested and stable
|
||||
core. Some of the components/backports that may be pulled in are: changes like
|
||||
updates to the core kernel (eg.: scheduler, cgroups, memory management, security
|
||||
fixes and features), updates to block layer, supported filesystems, major driver
|
||||
updates for supported hardware in Red Hat Enterprise Linux, enhancements for
|
||||
updates for supported hardware in AlmaLinux, enhancements for
|
||||
enterprise customers, etc.
|
||||
|
||||
#
|
||||
@ -811,14 +803,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
|
||||
%endif
|
||||
|
||||
%package -n %{name}-abi-stablelists
|
||||
Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
|
||||
Summary: The AlmaLinux kernel ABI symbol stablelists
|
||||
Group: System Environment/Kernel
|
||||
AutoReqProv: no
|
||||
Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release}
|
||||
Provides: %{name}-abi-whitelists
|
||||
%description -n %{name}-abi-stablelists
|
||||
The kABI package contains information pertaining to the Red Hat Enterprise
|
||||
Linux kernel ABI, including lists of kernel symbols that are needed by
|
||||
The kABI package contains information pertaining to the AlmaLinux
|
||||
kernel ABI, including lists of kernel symbols that are needed by
|
||||
external Linux kernel modules, and a yum plugin to aid enforcement.
|
||||
|
||||
%if %{with_kabidw_base}
|
||||
@ -827,8 +819,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
|
||||
Group: System Environment/Kernel
|
||||
AutoReqProv: no
|
||||
%description kernel-kabidw-base-internal
|
||||
The package contains data describing the current ABI of the Red Hat Enterprise
|
||||
Linux kernel, suitable for the kabi-dw tool.
|
||||
The package contains data describing the current ABI of the AlmaLinux
|
||||
kernel, suitable for the kabi-dw tool.
|
||||
%endif
|
||||
|
||||
#
|
||||
@ -900,7 +892,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
|
||||
AutoReq: no\
|
||||
AutoProv: yes\
|
||||
%description %{?1:%{1}-}modules-internal\
|
||||
This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
|
||||
This package provides kernel modules for the %{?2:%{2} }kernel package for AlmaLinux internal usage.\
|
||||
%{nil}
|
||||
|
||||
#
|
||||
@ -1747,7 +1739,7 @@ BuildKernel() {
|
||||
# build a BLS config for this kernel
|
||||
%{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}"
|
||||
|
||||
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
||||
# AlmaLinux UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
||||
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
|
||||
%ifarch x86_64 aarch64
|
||||
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20200609.cer
|
||||
|
Loading…
Reference in New Issue
Block a user