From 6d4b00f5c278bce6bcd7829eb695bfe79b7fa1c7 Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Tue, 12 Apr 2022 14:41:51 +0200 Subject: [PATCH] AlmaLinux changes --- SOURCES/almalinuxdup1.x509 | Bin 0 -> 995 bytes SOURCES/almalinuxkpatch1.x509 | Bin 0 -> 988 bytes SOURCES/x509.genkey.rhel | 6 +++--- SPECS/kernel.spec | 33 ++++++++++----------------------- 4 files changed, 13 insertions(+), 26 deletions(-) create mode 100644 SOURCES/almalinuxdup1.x509 create mode 100644 SOURCES/almalinuxkpatch1.x509 diff --git a/SOURCES/almalinuxdup1.x509 b/SOURCES/almalinuxdup1.x509 new file mode 100644 index 0000000000000000000000000000000000000000..29720140fbee0cf2f4cf3f67c8397db54c22f071 GIT binary patch literal 995 zcmXqLV!m(C#B_WCGZP~dlR$FEyqw>8{>5GH$@aZzVZsKyY@Awc9&O)w85y}*84MB( zRSlHkLY$0ZV#TS+rA3(~l@5tHxrsTMd8HM4`9LUCq#US?jpLUwAUK@+1Avi})b8JL?G`5A!XTue=j zj123ZNKRR()t6VrVddXye^5T8T4B~o>%t$eKL;F|{3))^ed>HR7LiW}UMnsA9`^Sw z|573uISJ=GNYzjhqnq{+jdBI(n%NZQ$kw_C6L>+3w=I8uV2*)Ewl9ntQyUZsqn#M?`sVGMzYi z=gbS;?JNHV_Xx}runt`JU4Pfa;3*FZJ04{#v%M^t@KyE4?Pl@!`WDuc5bE zklZtyt7yWkt}nN*mAm(RxR=qtbgIMUp4_|h<7W4H_Wifo9c$3Dv(1hD%*>V__bhsH z-l$3k*H~%lH#B~jIy>yBm-n^%&jh=Dj9lKk|9{Fn=V#f{M?A`R{TUy68OpPSw&}&) Q>Flmr+o@R=wLI}A0G|SZ?f?J) literal 0 HcmV?d00001 diff --git a/SOURCES/almalinuxkpatch1.x509 b/SOURCES/almalinuxkpatch1.x509 new file mode 100644 index 0000000000000000000000000000000000000000..1292610292f7822b62040394efe0fac2dafa694b GIT binary patch literal 988 zcmXqLV!mO}#B^W*GZP~dlYoq&xXS67&Odh=mLz#4otb99%f_kI=F#?@mywa1mBApv zP}M*gF2u zJHGXK1atMXhiz20(loue!mCj*?5S+)#RDlD$_$e9g42(2J*()j?LXwd_Qq-j_n4iZ zX11RcaMIIVoA^YzB~o0EUgs?+etc(|;`beXUHVUU1<(3sS6Fd<=lOpV z*p&^JGchwVFfMNFHfZcHkOu~+tTKy)fmnmcj7x97e`VeDwEz7il}mf(wbtvoO*Rl^ z<4kDtU~K#0#0UicSy-8w89p#V^r?dMv2kd#F|x9RY%q`o@%dQ9SVS_H-F$cXo5IyY53OVsW!wU}qHcagjxS(B1;!U6gMr05Z-?gl z!MfHV%O8|P>|L=(Kl({AMCdaj;r1}Sbw-b<8e8UNn=LD3ZKZyd_5Zf zc~T_azVMYVxR_~K&2wShYrSVIm;8fY^cVPPe@|(Q=m{~?yAiru=IZNHEH7VgTeq=% zLWn9)X<^_p4S< zwz7w`MLnBVe(7q;?A#<1xqF4j&OEp#qbRvS>G+zR!fP|m#$5`0ab$Veg}WOqH5EPk HR-6O?x59Yr literal 0 HcmV?d00001 diff --git a/SOURCES/x509.genkey.rhel b/SOURCES/x509.genkey.rhel index b1bbe38..4c34491 100644 --- a/SOURCES/x509.genkey.rhel +++ b/SOURCES/x509.genkey.rhel @@ -5,9 +5,9 @@ prompt = no x509_extensions = myexts [ req_distinguished_name ] -O = Red Hat -CN = Red Hat Enterprise Linux kernel signing key -emailAddress = secalert@redhat.com +O = AlmaLinux +CN = AlmaLinux kernel signing key +emailAddress = security@almalinux.org [ myexts ] basicConstraints=critical,CA:FALSE diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index c0da3aa..81e2868 100755 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -693,20 +693,7 @@ Source1: Makefile.rhelver %define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer %define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer - -%if 0%{?centos} -%define pesign_name_0 centossecureboot201 -%else -%ifarch x86_64 aarch64 -%define pesign_name_0 redhatsecureboot501 -%endif -%ifarch s390x -%define pesign_name_0 redhatsecureboot302 -%endif -%ifarch ppc64le -%define pesign_name_0 redhatsecureboot601 -%endif -%endif +%define pesign_name_0 clsecureboot001 # signkernel %endif @@ -777,8 +764,8 @@ Source82: update_scripts.sh Source84: mod-internal.list -Source100: rheldup3.x509 -Source101: rhelkpatch1.x509 +Source100: almalinuxdup1.x509 +Source101: almalinuxkpatch1.x509 Source200: check-kabi @@ -1040,11 +1027,11 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio %endif %package -n kernel-abi-stablelists -Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists +Summary: The AlmaLinux kernel ABI symbol stablelists AutoReqProv: no %description -n kernel-abi-stablelists -The kABI package contains information pertaining to the Red Hat Enterprise -Linux kernel ABI, including lists of kernel symbols that are needed by +The kABI package contains information pertaining to the AlmaLinux +kernel ABI, including lists of kernel symbols that are needed by external Linux kernel modules, and a yum plugin to aid enforcement. %if %{with_kabidw_base} @@ -1053,8 +1040,8 @@ Summary: The baseline dataset for kABI verification using DWARF data Group: System Environment/Kernel AutoReqProv: no %description kernel-kabidw-base-internal -The package contains data describing the current ABI of the Red Hat Enterprise -Linux kernel, suitable for the kabi-dw tool. +The package contains data describing the current ABI of the AlmaLinux +kernel, suitable for the kabi-dw tool. %endif # @@ -1152,7 +1139,7 @@ Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?1:+%{1}}\ AutoReq: no\ AutoProv: yes\ %description %{?1:%{1}-}modules-internal\ -This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\ +This package provides kernel modules for the %{?2:%{2} }kernel package for AlmaLinux internal usage.\ %{nil} # @@ -2071,7 +2058,7 @@ BuildKernel() { # prune junk from kernel-devel find $RPM_BUILD_ROOT/usr/src/kernels -name ".*.cmd" -delete - # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel + # AlmaLinux UEFI Secure Boot CA cert, which can be used to authenticate the kernel mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer %if %{signkernel} install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer