AlmaLinux changes

This commit is contained in:
Andrew Lukoshko 2022-04-13 15:58:54 +02:00
parent d62eacdb3c
commit a235f0c761
4 changed files with 13 additions and 26 deletions

BIN
SOURCES/almalinuxdup1.x509 Normal file

Binary file not shown.

Binary file not shown.

View File

@ -5,9 +5,9 @@ prompt = no
x509_extensions = myexts x509_extensions = myexts
[ req_distinguished_name ] [ req_distinguished_name ]
O = Red Hat O = AlmaLinux
CN = Red Hat Enterprise Linux kernel signing key CN = AlmaLinux kernel signing key
emailAddress = secalert@redhat.com emailAddress = security@almalinux.org
[ myexts ] [ myexts ]
basicConstraints=critical,CA:FALSE basicConstraints=critical,CA:FALSE

View File

@ -721,20 +721,7 @@ Source1: Makefile.rhelver
%define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer %define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
%define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer %define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer
%define pesign_name_0 clsecureboot001
%if 0%{?centos}
%define pesign_name_0 centossecureboot201
%else
%ifarch x86_64 aarch64
%define pesign_name_0 redhatsecureboot501
%endif
%ifarch s390x
%define pesign_name_0 redhatsecureboot302
%endif
%ifarch ppc64le
%define pesign_name_0 redhatsecureboot601
%endif
%endif
# signkernel # signkernel
%endif %endif
@ -809,8 +796,8 @@ Source82: update_scripts.sh
Source84: mod-internal.list Source84: mod-internal.list
Source100: rheldup3.x509 Source100: almalinuxdup1.x509
Source101: rhelkpatch1.x509 Source101: almalinuxkpatch1.x509
Source200: check-kabi Source200: check-kabi
@ -1087,11 +1074,11 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
%endif %endif
%package -n kernel-abi-stablelists %package -n kernel-abi-stablelists
Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists Summary: The AlmaLinux kernel ABI symbol stablelists
AutoReqProv: no AutoReqProv: no
%description -n kernel-abi-stablelists %description -n kernel-abi-stablelists
The kABI package contains information pertaining to the Red Hat Enterprise The kABI package contains information pertaining to the AlmaLinux
Linux kernel ABI, including lists of kernel symbols that are needed by kernel ABI, including lists of kernel symbols that are needed by
external Linux kernel modules, and a yum plugin to aid enforcement. external Linux kernel modules, and a yum plugin to aid enforcement.
%if %{with_kabidw_base} %if %{with_kabidw_base}
@ -1100,8 +1087,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
Group: System Environment/Kernel Group: System Environment/Kernel
AutoReqProv: no AutoReqProv: no
%description kernel-kabidw-base-internal %description kernel-kabidw-base-internal
The package contains data describing the current ABI of the Red Hat Enterprise The package contains data describing the current ABI of the AlmaLinux
Linux kernel, suitable for the kabi-dw tool. kernel, suitable for the kabi-dw tool.
%endif %endif
# #
@ -1199,7 +1186,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?1:+%{1}}\
AutoReq: no\ AutoReq: no\
AutoProv: yes\ AutoProv: yes\
%description %{?1:%{1}-}modules-internal\ %description %{?1:%{1}-}modules-internal\
This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\ This package provides kernel modules for the %{?2:%{2} }kernel package for AlmaLinux internal usage.\
%{nil} %{nil}
# #
@ -2168,7 +2155,7 @@ BuildKernel() {
# prune junk from kernel-devel # prune junk from kernel-devel
find $RPM_BUILD_ROOT/usr/src/kernels -name ".*.cmd" -delete find $RPM_BUILD_ROOT/usr/src/kernels -name ".*.cmd" -delete
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel # AlmaLinux UEFI Secure Boot CA cert, which can be used to authenticate the kernel
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
%if %{signkernel} %if %{signkernel}
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer