Compare commits
19 Commits
Author | SHA1 | Date |
---|---|---|
Andrew Lukoshko | 0ff23ef177 | |
Andrew Lukoshko | 011d713f39 | |
Andrew Lukoshko | b1333d4a56 | |
Andrew Lukoshko | 57fb2819f5 | |
Andrew Lukoshko | effc079040 | |
Andrew Lukoshko | cc5fe84c80 | |
Stepan Oksanichenko | e4af49d5de | |
eabdullin | 58152561c0 | |
Stepan Oksanichenko | 40a6d92f88 | |
Stepan Oksanichenko | 201944f3e1 | |
Stepan Oksanichenko | 995aa1331d | |
Stepan Oksanichenko | 4efc3db07c | |
Andrew Lukoshko | 580c65dcae | |
root | 2a928414a4 | |
Stepan Oksanichenko | 12652f502b | |
Stepan Oksanichenko | a13467c89f | |
Stepan Oksanichenko | b96859087e | |
root | 51d285a0c8 | |
Andrew Lukoshko | 1cc2bb6932 |
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -5,9 +5,9 @@ prompt = no
|
|||
x509_extensions = myexts
|
||||
|
||||
[ req_distinguished_name ]
|
||||
O = Red Hat
|
||||
CN = Red Hat Enterprise Linux kernel signing key
|
||||
emailAddress = secalert@redhat.com
|
||||
O = AlmaLinux
|
||||
CN = AlmaLinux kernel signing key
|
||||
emailAddress = security@almalinux.org
|
||||
|
||||
[ myexts ]
|
||||
basicConstraints=critical,CA:FALSE
|
||||
|
|
|
@ -346,7 +346,6 @@ Requires: rt-setup
|
|||
%endif
|
||||
%endif
|
||||
|
||||
|
||||
#
|
||||
# List the packages used during the kernel build
|
||||
#
|
||||
|
@ -446,36 +445,19 @@ Source9: x509.genkey
|
|||
%define signing_key_filename kernel-signing-s390.cer
|
||||
%endif
|
||||
|
||||
Source10: redhatsecurebootca3.cer
|
||||
Source11: centossecurebootca2.cer
|
||||
Source12: centossecureboot201.cer
|
||||
Source13: redhatsecureboot501.cer
|
||||
Source14: redhatsecureboot302.cer
|
||||
Source15: redhatsecureboot303.cer
|
||||
Source16: redhatsecurebootca7.cer
|
||||
%if 0%{?centos}
|
||||
%define secureboot_ca_0 %{SOURCE11}
|
||||
%define secureboot_key_0 %{SOURCE12}
|
||||
%define pesign_name_0 centossecureboot201
|
||||
%else
|
||||
Source10: almalinuxsecurebootca0.cer
|
||||
Source11: almalinuxsecurebootca0.cer
|
||||
|
||||
%define secureboot_ca_0 %{SOURCE10}
|
||||
%define secureboot_ca_1 %{SOURCE11}
|
||||
%define secureboot_ca_2 %{SOURCE11}
|
||||
|
||||
%define secureboot_key_0 %{SOURCE10}
|
||||
%define pesign_name_0 almalinuxsecurebootca0
|
||||
|
||||
%ifarch x86_64 aarch64
|
||||
%define secureboot_ca_0 %{SOURCE10}
|
||||
%define secureboot_key_0 %{SOURCE13}
|
||||
%define pesign_name_0 redhatsecureboot501
|
||||
%endif
|
||||
|
||||
%ifarch s390x
|
||||
%define secureboot_ca_0 %{SOURCE10}
|
||||
%define secureboot_key_0 %{SOURCE14}
|
||||
%define pesign_name_0 redhatsecureboot302
|
||||
%endif
|
||||
|
||||
%ifarch ppc64le
|
||||
%define secureboot_ca_0 %{SOURCE16}
|
||||
%define secureboot_key_0 %{SOURCE15}
|
||||
%define pesign_name_0 redhatsecureboot701
|
||||
%endif
|
||||
%define secureboot_key_1 %{SOURCE11}
|
||||
%define pesign_name_1 almalinuxsecurebootca0
|
||||
%endif
|
||||
|
||||
Source17: mod-blacklist.sh
|
||||
|
@ -505,8 +487,8 @@ Source43: generate_bls_conf.sh
|
|||
|
||||
Source44: mod-internal.list
|
||||
|
||||
Source100: rheldup3.x509
|
||||
Source101: rhelkpatch1.x509
|
||||
Source100: almalinuxdup1.x509
|
||||
Source101: almalinuxkpatch1.x509
|
||||
|
||||
%if %{with_kabichk}
|
||||
Source200: check-kabi
|
||||
|
@ -549,8 +531,8 @@ Patch999999: linux-kernel-test.patch
|
|||
BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root
|
||||
|
||||
%description
|
||||
This is the package which provides the Linux %{name} for Red Hat Enterprise
|
||||
Linux. It is based on upstream Linux at version %{version} and maintains kABI
|
||||
This is the package which provides the Linux %{name} for AlmaLinux.
|
||||
It is based on upstream Linux at version %{version} and maintains kABI
|
||||
compatibility of a set of approved symbols, however it is heavily modified with
|
||||
backports and fixes pulled from newer upstream Linux %{name} releases. This means
|
||||
this is not a %{version} kernel anymore: it includes several components which come
|
||||
|
@ -558,7 +540,7 @@ from newer upstream linux versions, while maintaining a well tested and stable
|
|||
core. Some of the components/backports that may be pulled in are: changes like
|
||||
updates to the core kernel (eg.: scheduler, cgroups, memory management, security
|
||||
fixes and features), updates to block layer, supported filesystems, major driver
|
||||
updates for supported hardware in Red Hat Enterprise Linux, enhancements for
|
||||
updates for supported hardware in AlmaLinux, enhancements for
|
||||
enterprise customers, etc.
|
||||
|
||||
#
|
||||
|
@ -807,14 +789,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
|
|||
%endif
|
||||
|
||||
%package -n %{name}-abi-stablelists
|
||||
Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
|
||||
Summary: The AlmaLinux kernel ABI symbol stablelists
|
||||
Group: System Environment/Kernel
|
||||
AutoReqProv: no
|
||||
Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release}
|
||||
Provides: %{name}-abi-whitelists
|
||||
%description -n %{name}-abi-stablelists
|
||||
The kABI package contains information pertaining to the Red Hat Enterprise
|
||||
Linux kernel ABI, including lists of kernel symbols that are needed by
|
||||
The kABI package contains information pertaining to the AlmaLinux
|
||||
kernel ABI, including lists of kernel symbols that are needed by
|
||||
external Linux kernel modules, and a yum plugin to aid enforcement.
|
||||
|
||||
%if %{with_kabidw_base}
|
||||
|
@ -823,8 +805,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
|
|||
Group: System Environment/Kernel
|
||||
AutoReqProv: no
|
||||
%description kernel-kabidw-base-internal
|
||||
The package contains data describing the current ABI of the Red Hat Enterprise
|
||||
Linux kernel, suitable for the kabi-dw tool.
|
||||
The package contains data describing the current ABI of the AlmaLinux
|
||||
kernel, suitable for the kabi-dw tool.
|
||||
%endif
|
||||
|
||||
#
|
||||
|
@ -898,7 +880,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
|
|||
AutoReq: no\
|
||||
AutoProv: yes\
|
||||
%description %{?1:%{1}-}modules-internal\
|
||||
This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
|
||||
This package provides kernel modules for the %{?2:%{2} }kernel package for AlmaLinux internal usage.\
|
||||
%{nil}
|
||||
|
||||
#
|
||||
|
@ -989,6 +971,11 @@ Summary: %{variant_summary}\
|
|||
Group: System Environment/Kernel\
|
||||
Provides: %{name}-%{?1:%{1}-}core-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
|
||||
Provides: installonlypkg(kernel)\
|
||||
%if "%{?1}" == ""\
|
||||
Provides: almalinux(kernel-sig-key) = 202303\
|
||||
Conflicts: shim-ia32 <= 15.6-1.el8.alma\
|
||||
Conflicts: shim-x64 <= 15.6-1.el8.alma\
|
||||
%endif\
|
||||
%{expand:%%kernel_reqprovconf}\
|
||||
%if %{?1:1} %{!?1:0} \
|
||||
%{expand:%%kernel_meta_package %{?1:%{1}}}\
|
||||
|
@ -1750,7 +1737,7 @@ BuildKernel() {
|
|||
# build a BLS config for this kernel
|
||||
%{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}"
|
||||
|
||||
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
||||
# AlmaLinux UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
||||
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
|
||||
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
||||
%ifarch s390x ppc64le
|
||||
|
|
Loading…
Reference in New Issue