kernel-4.18.0-479.el8
* Fri Mar 17 2023 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-479.el8] - x86/cpu: Add CPU model numbers for Meteor Lake (Prarit Bhargava) [2153936] - redhat: require grub2 >= 2.02-99 (Denys Vlasenko) [2179095] - redhat: delete unused script and file (Denys Vlasenko) [2179095] - redhat: drop certificates that were deprecated after GRUB's BootHole flaw (Denys Vlasenko) [2179095] - redhat: align file names with names of signing keys for ppc and s390 (Denys Vlasenko) [2179095] Resolves: rhbz#2153936, rhbz#2179095 Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
This commit is contained in:
parent
581db46301
commit
9eca8a6d9f
35
kernel.spec
Executable file → Normal file
35
kernel.spec
Executable file → Normal file
@ -12,7 +12,7 @@
|
||||
# change below to w4T.xzdio):
|
||||
%define _binary_payload w3T.xzdio
|
||||
|
||||
%global distro_build 478
|
||||
%global distro_build 479
|
||||
|
||||
# Sign the x86_64 kernel for secure boot authentication
|
||||
%ifarch x86_64 aarch64 s390x ppc64le
|
||||
@ -38,10 +38,10 @@
|
||||
# define buildid .local
|
||||
|
||||
%define rpmversion 4.18.0
|
||||
%define pkgrelease 478.el8
|
||||
%define pkgrelease 479.el8
|
||||
|
||||
# allow pkg_release to have configurable %%{?dist} tag
|
||||
%define specrelease 478%{?dist}
|
||||
%define specrelease 479%{?dist}
|
||||
|
||||
%define pkg_release %{specrelease}%{?buildid}
|
||||
|
||||
@ -448,10 +448,9 @@ Source9: x509.genkey
|
||||
|
||||
Source10: redhatsecurebootca3.cer
|
||||
Source11: redhatsecurebootca5.cer
|
||||
Source12: redhatsecureboot301.cer
|
||||
Source13: redhatsecureboot501.cer
|
||||
Source14: secureboot_s390.cer
|
||||
Source15: secureboot_ppc.cer
|
||||
Source14: redhatsecureboot302.cer
|
||||
Source15: redhatsecureboot303.cer
|
||||
Source16: redhatsecurebootca7.cer
|
||||
|
||||
%define secureboot_ca_0 %{SOURCE10}
|
||||
@ -459,10 +458,8 @@ Source16: redhatsecurebootca7.cer
|
||||
%define secureboot_ca_2 %{SOURCE16}
|
||||
|
||||
%ifarch x86_64 aarch64
|
||||
%define secureboot_key_0 %{SOURCE12}
|
||||
%define pesign_name_0 redhatsecureboot301
|
||||
%define secureboot_key_1 %{SOURCE13}
|
||||
%define pesign_name_1 redhatsecureboot501
|
||||
%define secureboot_key_0 %{SOURCE13}
|
||||
%define pesign_name_0 redhatsecureboot501
|
||||
%endif
|
||||
|
||||
%ifarch s390x
|
||||
@ -572,6 +569,7 @@ Provides: %{name}-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
|
||||
Requires(pre): %{kernel_prereq}\
|
||||
Requires(pre): %{initrd_prereq}\
|
||||
Requires(pre): linux-firmware >= 20200619-99.git3890db36\
|
||||
Requires(pre): grub2 >= 2.02-99\
|
||||
Requires(preun): systemd >= 200\
|
||||
Conflicts: xfsprogs < 4.3.0-1\
|
||||
Conflicts: xorg-x11-drv-vmmouse < 13.0.99\
|
||||
@ -1316,9 +1314,7 @@ BuildKernel() {
|
||||
fi
|
||||
|
||||
%ifarch x86_64 aarch64
|
||||
%pesign -s -i $SignImage -o vmlinuz.tmp -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0}
|
||||
%pesign -s -i vmlinuz.tmp -o vmlinuz.signed -a %{secureboot_ca_1} -c %{secureboot_key_1} -n %{pesign_name_1}
|
||||
rm vmlinuz.tmp
|
||||
%pesign -s -i $SignImage -o vmlinuz.signed -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0}
|
||||
%endif
|
||||
%ifarch s390x ppc64le
|
||||
if [ -x /usr/bin/rpm-sign ]; then
|
||||
@ -1744,17 +1740,11 @@ BuildKernel() {
|
||||
|
||||
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
||||
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
|
||||
%ifarch x86_64 aarch64
|
||||
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20200609.cer
|
||||
install -m 0644 %{secureboot_ca_1} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20140212.cer
|
||||
ln -s kernel-signing-ca-20200609.cer $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
||||
%else
|
||||
%ifarch ppc64le
|
||||
install -m 0644 %{secureboot_ca_2} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
||||
%else
|
||||
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
||||
%endif
|
||||
%endif
|
||||
%ifarch s390x ppc64le
|
||||
if [ $DoModules -eq 1 ]; then
|
||||
if [ -x /usr/bin/rpm-sign ]; then
|
||||
@ -2698,6 +2688,13 @@ fi
|
||||
#
|
||||
#
|
||||
%changelog
|
||||
* Fri Mar 17 2023 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-479.el8]
|
||||
- x86/cpu: Add CPU model numbers for Meteor Lake (Prarit Bhargava) [2153936]
|
||||
- redhat: require grub2 >= 2.02-99 (Denys Vlasenko) [2179095]
|
||||
- redhat: delete unused script and file (Denys Vlasenko) [2179095]
|
||||
- redhat: drop certificates that were deprecated after GRUB's BootHole flaw (Denys Vlasenko) [2179095]
|
||||
- redhat: align file names with names of signing keys for ppc and s390 (Denys Vlasenko) [2179095]
|
||||
|
||||
* Thu Mar 16 2023 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-478.el8]
|
||||
- net/tunnel: wait until all sk_user_data reader finish before releasing the sock (Hangbin Liu) [2176344]
|
||||
- powerpc/pseries: unregister VPA when hot unplugging a CPU (Mamatha Inamdar) [2143007]
|
||||
|
Binary file not shown.
6
sources
6
sources
@ -1,3 +1,3 @@
|
||||
SHA512 (linux-4.18.0-478.el8.tar.xz) = b03724bc29c2b64cca56feba5e4eeeb433d65882c9032e08840fbbe98769289fd9db6a2fc066b06324a4c9c8d1676e5bda829355512882636307717aa33bef9a
|
||||
SHA512 (kernel-abi-stablelists-4.18.0-478.tar.bz2) = 20421438c7acdc6ca8a6d35159a681fafad36e20f8979036fedd62e13a4b9389e6e8a77380d8f31adbe2dfc43b08f3afb0ab8adc884395b1f3344504c07cfefb
|
||||
SHA512 (kernel-kabi-dw-4.18.0-478.tar.bz2) = e91527cddef81a7b0e90403b890ca444975ff0f59aae5b99e93ffc187b3e8031e4e09cacaed4d667d25eaa149919b08580f9132e5684229f15d03e21b988439a
|
||||
SHA512 (linux-4.18.0-479.el8.tar.xz) = 869dedc389501dc314ff6a50c3550956e29bbb205b4db33c0c19f9fdc044aaaf2f9e71a8cec30de32487ff55a37f9de2cd188b44d53f19ec1f9fbae15864ded2
|
||||
SHA512 (kernel-abi-stablelists-4.18.0-479.tar.bz2) = dba639a523d927e581d1df43b0b94024a42692f2be79a5e827b3ab971395ac25e7738eba848dc537baec3b7eabdec707ab3fbed9e01e262ecb47bcf544fa4f66
|
||||
SHA512 (kernel-kabi-dw-4.18.0-479.tar.bz2) = e91527cddef81a7b0e90403b890ca444975ff0f59aae5b99e93ffc187b3e8031e4e09cacaed4d667d25eaa149919b08580f9132e5684229f15d03e21b988439a
|
||||
|
Loading…
Reference in New Issue
Block a user