From a70d3fc51f28f84df5044a0320c2954bf599e0ec Mon Sep 17 00:00:00 2001
From: "Luis Claudio R. Goncalves" <lgoncalv@redhat.com>
Date: Wed, 5 Apr 2023 10:55:54 -0300
Subject: [PATCH] kernel-rt-4.18.0-480.rt7.269.el8

* Wed Apr 05 2023 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [4.18.0-480.rt7.269.el8]
- [rt] build kernel-rt-4.18.0-480.rt7.269.el8 [2180997]
- redhat: fix the signing failure on ppc64el on centos (Denys Vlasenko) [2179095]
Resolves: rhbz#2180997

Signed-off-by: Luis Claudio R. Goncalves <lgoncalv@redhat.com>
---
 kernel.spec | 34 +++++++++++++---------------------
 sources     |  2 +-
 2 files changed, 14 insertions(+), 22 deletions(-)

diff --git a/kernel.spec b/kernel.spec
index 04c3e4b..8f3030b 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -12,7 +12,7 @@
 # change below to w4T.xzdio):
 %define _binary_payload w3T.xzdio
 
-%global distro_build 479
+%global distro_build 480
 
 # Sign the x86_64 kernel for secure boot authentication
 %ifarch x86_64 aarch64 s390x ppc64le
@@ -38,10 +38,10 @@
 # define buildid .local
 
 %define rpmversion 4.18.0
-%define pkgrelease 479.rt7.268.el8
+%define pkgrelease 480.rt7.269.el8
 
 # allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 479.rt7.268%{?dist}
+%define specrelease 480.rt7.269%{?dist}
 
 %define pkg_release %{specrelease}%{?buildid}
 
@@ -147,7 +147,7 @@
 # The preempt RT patch level
 %global rttag .rt7
 # realtimeN
-%global rtbuild .268
+%global rtbuild .269
 %define with_doc 0
 %define with_headers 0
 %define with_cross_headers 0
@@ -461,24 +461,20 @@ Source14: redhatsecureboot302.cer
 Source15: redhatsecureboot303.cer
 Source16: redhatsecurebootca7.cer
 
-%define secureboot_ca_0 %{SOURCE10}
-# TODO: secureboot_ca_2 is only for ppc64le on rhel -
-# why doesn't it just define secureboot_ca_0 differently
-# instead of using this separate _ca_2 variable?
-# This would simplify some really nasty "if" blocks
-%define secureboot_ca_2 %{SOURCE16}
-
 %ifarch x86_64 aarch64
+%define secureboot_ca_0 %{SOURCE10}
 %define secureboot_key_0 %{SOURCE13}
 %define pesign_name_0 redhatsecureboot501
 %endif
 
 %ifarch s390x
+%define secureboot_ca_0 %{SOURCE10}
 %define secureboot_key_0 %{SOURCE14}
 %define pesign_name_0 redhatsecureboot302
 %endif
 
 %ifarch ppc64le
+%define secureboot_ca_0 %{SOURCE16}
 %define secureboot_key_0 %{SOURCE15}
 %define pesign_name_0 redhatsecureboot701
 %endif
@@ -1177,7 +1173,7 @@ openssl x509 -inform der -in %{SOURCE100} -out rheldup3.pem
 openssl x509 -inform der -in %{SOURCE101} -out rhelkpatch1.pem
 cat rheldup3.pem rhelkpatch1.pem > ../certs/rhel.pem
 %ifarch ppc64le
-openssl x509 -inform der -in %{secureboot_ca_2} -out secureboot.pem
+openssl x509 -inform der -in %{secureboot_ca_0} -out secureboot.pem
 cat secureboot.pem >> ../certs/rhel.pem
 %endif
 for i in *.config; do
@@ -1755,15 +1751,7 @@ BuildKernel() {
 
     # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
     mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
-    %if 0%{?rhel}
-        %ifarch ppc64le
-            install -m 0644 %{secureboot_ca_2} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
-        %else
-            install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
-        %endif
-    %else
-        install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
-    %endif
+    install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
     %ifarch s390x ppc64le
     if [ $DoModules -eq 1 ]; then
 	if [ -x /usr/bin/rpm-sign ]; then
@@ -2709,6 +2697,10 @@ fi
 #
 #
 %changelog
+* Wed Apr 05 2023 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [4.18.0-480.rt7.269.el8]
+- [rt] build kernel-rt-4.18.0-480.rt7.269.el8 [2180997]
+- redhat: fix the signing failure on ppc64el on centos (Denys Vlasenko) [2179095]
+
 * Thu Mar 30 2023 Luis Claudio R. Goncalves <lgoncalv@redhat.com> [4.18.0-479.rt7.268.el8]
 - [rt] build kernel-rt-4.18.0-479.rt7.268.el8 [2180997]
 - redhat: add centos signing certs (Denys Vlasenko)
diff --git a/sources b/sources
index 6923605..3c51a15 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (linux-4.18.0-479.rt7.268.el8.tar.xz) = 16417987fd4e3113b97f9da43a27e095d4fd152f29742a95039ebfbe8faacd02db038fccfdf18f2e00e277f4a7f4b93ab544d7c284add4521b9bb8dbe2e69433
+SHA512 (linux-4.18.0-480.rt7.269.el8.tar.xz) = e923c4494fdff0cc28111adfa1c5a8bb9efddacede5ae0df22a9f5de1cfcd764a8e7dd7f15683fe6b9f3a58b96859e7f15f893c5b37f67b2629457be046fa56d