Compare commits
10 Commits
Author | SHA1 | Date | |
---|---|---|---|
8828f9777f | |||
|
995aa1331d | ||
|
4efc3db07c | ||
580c65dcae | |||
|
2a928414a4 | ||
|
12652f502b | ||
|
a13467c89f | ||
|
b96859087e | ||
|
51d285a0c8 | ||
1cc2bb6932 |
BIN
SOURCES/almalinuxdup1.x509
Normal file
BIN
SOURCES/almalinuxdup1.x509
Normal file
Binary file not shown.
BIN
SOURCES/almalinuxkpatch1.x509
Normal file
BIN
SOURCES/almalinuxkpatch1.x509
Normal file
Binary file not shown.
BIN
SOURCES/almalinuxsecurebootca0.cer
Normal file
BIN
SOURCES/almalinuxsecurebootca0.cer
Normal file
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -5,9 +5,9 @@ prompt = no
|
|||||||
x509_extensions = myexts
|
x509_extensions = myexts
|
||||||
|
|
||||||
[ req_distinguished_name ]
|
[ req_distinguished_name ]
|
||||||
O = Red Hat
|
O = AlmaLinux
|
||||||
CN = Red Hat Enterprise Linux kernel signing key
|
CN = AlmaLinux kernel signing key
|
||||||
emailAddress = secalert@redhat.com
|
emailAddress = security@almalinux.org
|
||||||
|
|
||||||
[ myexts ]
|
[ myexts ]
|
||||||
basicConstraints=critical,CA:FALSE
|
basicConstraints=critical,CA:FALSE
|
||||||
|
@ -347,6 +347,9 @@ Requires: rt-setup
|
|||||||
%endif
|
%endif
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
Provides: almalinux(kernel-sig-key) = 202303
|
||||||
|
Conflicts: shim-ia32 <= 15.6-1.el8.alma
|
||||||
|
Conflicts: shim-x64 <= 15.6-1.el8.alma
|
||||||
|
|
||||||
#
|
#
|
||||||
# List the packages used during the kernel build
|
# List the packages used during the kernel build
|
||||||
@ -440,40 +443,22 @@ Source9: x509.genkey
|
|||||||
|
|
||||||
# Name of the packaged file containing signing key
|
# Name of the packaged file containing signing key
|
||||||
%ifarch ppc64le
|
%ifarch ppc64le
|
||||||
%define signing_key_filename kernel-signing-ppc.cer
|
%define signing_key_filename almalinuxsecurebootca0.cer
|
||||||
%endif
|
%endif
|
||||||
%ifarch s390x
|
%ifarch s390x
|
||||||
%define signing_key_filename kernel-signing-s390.cer
|
%define signing_key_filename almalinuxsecurebootca0.cer
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
Source10: redhatsecurebootca3.cer
|
Source10: almalinuxsecurebootca0.cer
|
||||||
Source11: redhatsecurebootca5.cer
|
|
||||||
Source12: redhatsecureboot301.cer
|
|
||||||
Source13: redhatsecureboot501.cer
|
|
||||||
Source14: secureboot_s390.cer
|
|
||||||
Source15: secureboot_ppc.cer
|
|
||||||
Source16: redhatsecurebootca7.cer
|
|
||||||
|
|
||||||
%define secureboot_ca_0 %{SOURCE10}
|
%define secureboot_ca_0 %{SOURCE10}
|
||||||
%define secureboot_ca_1 %{SOURCE11}
|
%define secureboot_ca_1 %{SOURCE10}
|
||||||
%define secureboot_ca_2 %{SOURCE16}
|
%define secureboot_ca_2 %{SOURCE10}
|
||||||
|
|
||||||
%ifarch x86_64 aarch64
|
%define secureboot_key_0 %{SOURCE10}
|
||||||
%define secureboot_key_0 %{SOURCE12}
|
%define pesign_name_0 almalinuxsecurebootca0
|
||||||
%define pesign_name_0 redhatsecureboot301
|
%define secureboot_key_1 %{SOURCE10}
|
||||||
%define secureboot_key_1 %{SOURCE13}
|
%define pesign_name_1 almalinuxsecurebootca0
|
||||||
%define pesign_name_1 redhatsecureboot501
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%ifarch s390x
|
|
||||||
%define secureboot_key_0 %{SOURCE14}
|
|
||||||
%define pesign_name_0 redhatsecureboot302
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%ifarch ppc64le
|
|
||||||
%define secureboot_key_0 %{SOURCE15}
|
|
||||||
%define pesign_name_0 redhatsecureboot701
|
|
||||||
%endif
|
|
||||||
|
|
||||||
Source17: mod-blacklist.sh
|
Source17: mod-blacklist.sh
|
||||||
Source18: mod-sign.sh
|
Source18: mod-sign.sh
|
||||||
@ -502,8 +487,8 @@ Source43: generate_bls_conf.sh
|
|||||||
|
|
||||||
Source44: mod-internal.list
|
Source44: mod-internal.list
|
||||||
|
|
||||||
Source100: rheldup3.x509
|
Source100: almalinuxdup1.x509
|
||||||
Source101: rhelkpatch1.x509
|
Source101: almalinuxkpatch1.x509
|
||||||
|
|
||||||
%if %{with_kabichk}
|
%if %{with_kabichk}
|
||||||
Source200: check-kabi
|
Source200: check-kabi
|
||||||
@ -546,8 +531,8 @@ Patch999999: linux-kernel-test.patch
|
|||||||
BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root
|
BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root
|
||||||
|
|
||||||
%description
|
%description
|
||||||
This is the package which provides the Linux %{name} for Red Hat Enterprise
|
This is the package which provides the Linux %{name} for AlmaLinux.
|
||||||
Linux. It is based on upstream Linux at version %{version} and maintains kABI
|
It is based on upstream Linux at version %{version} and maintains kABI
|
||||||
compatibility of a set of approved symbols, however it is heavily modified with
|
compatibility of a set of approved symbols, however it is heavily modified with
|
||||||
backports and fixes pulled from newer upstream Linux %{name} releases. This means
|
backports and fixes pulled from newer upstream Linux %{name} releases. This means
|
||||||
this is not a %{version} kernel anymore: it includes several components which come
|
this is not a %{version} kernel anymore: it includes several components which come
|
||||||
@ -555,7 +540,7 @@ from newer upstream linux versions, while maintaining a well tested and stable
|
|||||||
core. Some of the components/backports that may be pulled in are: changes like
|
core. Some of the components/backports that may be pulled in are: changes like
|
||||||
updates to the core kernel (eg.: scheduler, cgroups, memory management, security
|
updates to the core kernel (eg.: scheduler, cgroups, memory management, security
|
||||||
fixes and features), updates to block layer, supported filesystems, major driver
|
fixes and features), updates to block layer, supported filesystems, major driver
|
||||||
updates for supported hardware in Red Hat Enterprise Linux, enhancements for
|
updates for supported hardware in AlmaLinux, enhancements for
|
||||||
enterprise customers, etc.
|
enterprise customers, etc.
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -800,14 +785,14 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%package -n %{name}-abi-stablelists
|
%package -n %{name}-abi-stablelists
|
||||||
Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
|
Summary: The AlmaLinux kernel ABI symbol stablelists
|
||||||
Group: System Environment/Kernel
|
Group: System Environment/Kernel
|
||||||
AutoReqProv: no
|
AutoReqProv: no
|
||||||
Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release}
|
Obsoletes: %{name}-abi-whitelists < %{rpmversion}-%{pkg_release}
|
||||||
Provides: %{name}-abi-whitelists
|
Provides: %{name}-abi-whitelists
|
||||||
%description -n %{name}-abi-stablelists
|
%description -n %{name}-abi-stablelists
|
||||||
The kABI package contains information pertaining to the Red Hat Enterprise
|
The kABI package contains information pertaining to the AlmaLinux
|
||||||
Linux kernel ABI, including lists of kernel symbols that are needed by
|
kernel ABI, including lists of kernel symbols that are needed by
|
||||||
external Linux kernel modules, and a yum plugin to aid enforcement.
|
external Linux kernel modules, and a yum plugin to aid enforcement.
|
||||||
|
|
||||||
%if %{with_kabidw_base}
|
%if %{with_kabidw_base}
|
||||||
@ -816,8 +801,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
|
|||||||
Group: System Environment/Kernel
|
Group: System Environment/Kernel
|
||||||
AutoReqProv: no
|
AutoReqProv: no
|
||||||
%description kernel-kabidw-base-internal
|
%description kernel-kabidw-base-internal
|
||||||
The package contains data describing the current ABI of the Red Hat Enterprise
|
The package contains data describing the current ABI of the AlmaLinux
|
||||||
Linux kernel, suitable for the kabi-dw tool.
|
kernel, suitable for the kabi-dw tool.
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -891,7 +876,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
|
|||||||
AutoReq: no\
|
AutoReq: no\
|
||||||
AutoProv: yes\
|
AutoProv: yes\
|
||||||
%description %{?1:%{1}-}modules-internal\
|
%description %{?1:%{1}-}modules-internal\
|
||||||
This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
|
This package provides kernel modules for the %{?2:%{2} }kernel package for AlmaLinux internal usage.\
|
||||||
%{nil}
|
%{nil}
|
||||||
|
|
||||||
#
|
#
|
||||||
@ -1738,7 +1723,7 @@ BuildKernel() {
|
|||||||
# build a BLS config for this kernel
|
# build a BLS config for this kernel
|
||||||
%{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}"
|
%{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}"
|
||||||
|
|
||||||
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
# AlmaLinux UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
|
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
|
||||||
%ifarch x86_64 aarch64
|
%ifarch x86_64 aarch64
|
||||||
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20200609.cer
|
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20200609.cer
|
||||||
|
Loading…
Reference in New Issue
Block a user