kernel-4.18.0-479.el8

* Fri Mar 17 2023 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-479.el8]
- x86/cpu: Add CPU model numbers for Meteor Lake (Prarit Bhargava) [2153936]
- redhat: require grub2 >= 2.02-99 (Denys Vlasenko) [2179095]
- redhat: delete unused script and file (Denys Vlasenko) [2179095]
- redhat: drop certificates that were deprecated after GRUB's BootHole flaw (Denys Vlasenko) [2179095]
- redhat: align file names with names of signing keys for ppc and s390 (Denys Vlasenko) [2179095]
Resolves: rhbz#2153936, rhbz#2179095

Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
This commit is contained in:
Denys Vlasenko 2023-03-17 17:01:33 +01:00
parent 581db46301
commit 9eca8a6d9f
5 changed files with 22 additions and 25 deletions

35
kernel.spec Executable file → Normal file
View File

@ -12,7 +12,7 @@
# change below to w4T.xzdio):
%define _binary_payload w3T.xzdio
%global distro_build 478
%global distro_build 479
# Sign the x86_64 kernel for secure boot authentication
%ifarch x86_64 aarch64 s390x ppc64le
@ -38,10 +38,10 @@
# define buildid .local
%define rpmversion 4.18.0
%define pkgrelease 478.el8
%define pkgrelease 479.el8
# allow pkg_release to have configurable %%{?dist} tag
%define specrelease 478%{?dist}
%define specrelease 479%{?dist}
%define pkg_release %{specrelease}%{?buildid}
@ -448,10 +448,9 @@ Source9: x509.genkey
Source10: redhatsecurebootca3.cer
Source11: redhatsecurebootca5.cer
Source12: redhatsecureboot301.cer
Source13: redhatsecureboot501.cer
Source14: secureboot_s390.cer
Source15: secureboot_ppc.cer
Source14: redhatsecureboot302.cer
Source15: redhatsecureboot303.cer
Source16: redhatsecurebootca7.cer
%define secureboot_ca_0 %{SOURCE10}
@ -459,10 +458,8 @@ Source16: redhatsecurebootca7.cer
%define secureboot_ca_2 %{SOURCE16}
%ifarch x86_64 aarch64
%define secureboot_key_0 %{SOURCE12}
%define pesign_name_0 redhatsecureboot301
%define secureboot_key_1 %{SOURCE13}
%define pesign_name_1 redhatsecureboot501
%define secureboot_key_0 %{SOURCE13}
%define pesign_name_0 redhatsecureboot501
%endif
%ifarch s390x
@ -572,6 +569,7 @@ Provides: %{name}-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\
Requires(pre): %{kernel_prereq}\
Requires(pre): %{initrd_prereq}\
Requires(pre): linux-firmware >= 20200619-99.git3890db36\
Requires(pre): grub2 >= 2.02-99\
Requires(preun): systemd >= 200\
Conflicts: xfsprogs < 4.3.0-1\
Conflicts: xorg-x11-drv-vmmouse < 13.0.99\
@ -1316,9 +1314,7 @@ BuildKernel() {
fi
%ifarch x86_64 aarch64
%pesign -s -i $SignImage -o vmlinuz.tmp -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0}
%pesign -s -i vmlinuz.tmp -o vmlinuz.signed -a %{secureboot_ca_1} -c %{secureboot_key_1} -n %{pesign_name_1}
rm vmlinuz.tmp
%pesign -s -i $SignImage -o vmlinuz.signed -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0}
%endif
%ifarch s390x ppc64le
if [ -x /usr/bin/rpm-sign ]; then
@ -1744,17 +1740,11 @@ BuildKernel() {
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
%ifarch x86_64 aarch64
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20200609.cer
install -m 0644 %{secureboot_ca_1} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20140212.cer
ln -s kernel-signing-ca-20200609.cer $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
%else
%ifarch ppc64le
install -m 0644 %{secureboot_ca_2} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
%else
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
%endif
%endif
%ifarch s390x ppc64le
if [ $DoModules -eq 1 ]; then
if [ -x /usr/bin/rpm-sign ]; then
@ -2698,6 +2688,13 @@ fi
#
#
%changelog
* Fri Mar 17 2023 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-479.el8]
- x86/cpu: Add CPU model numbers for Meteor Lake (Prarit Bhargava) [2153936]
- redhat: require grub2 >= 2.02-99 (Denys Vlasenko) [2179095]
- redhat: delete unused script and file (Denys Vlasenko) [2179095]
- redhat: drop certificates that were deprecated after GRUB's BootHole flaw (Denys Vlasenko) [2179095]
- redhat: align file names with names of signing keys for ppc and s390 (Denys Vlasenko) [2179095]
* Thu Mar 16 2023 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-478.el8]
- net/tunnel: wait until all sk_user_data reader finish before releasing the sock (Hangbin Liu) [2176344]
- powerpc/pseries: unregister VPA when hot unplugging a CPU (Mamatha Inamdar) [2143007]

Binary file not shown.

View File

@ -1,3 +1,3 @@
SHA512 (linux-4.18.0-478.el8.tar.xz) = b03724bc29c2b64cca56feba5e4eeeb433d65882c9032e08840fbbe98769289fd9db6a2fc066b06324a4c9c8d1676e5bda829355512882636307717aa33bef9a
SHA512 (kernel-abi-stablelists-4.18.0-478.tar.bz2) = 20421438c7acdc6ca8a6d35159a681fafad36e20f8979036fedd62e13a4b9389e6e8a77380d8f31adbe2dfc43b08f3afb0ab8adc884395b1f3344504c07cfefb
SHA512 (kernel-kabi-dw-4.18.0-478.tar.bz2) = e91527cddef81a7b0e90403b890ca444975ff0f59aae5b99e93ffc187b3e8031e4e09cacaed4d667d25eaa149919b08580f9132e5684229f15d03e21b988439a
SHA512 (linux-4.18.0-479.el8.tar.xz) = 869dedc389501dc314ff6a50c3550956e29bbb205b4db33c0c19f9fdc044aaaf2f9e71a8cec30de32487ff55a37f9de2cd188b44d53f19ec1f9fbae15864ded2
SHA512 (kernel-abi-stablelists-4.18.0-479.tar.bz2) = dba639a523d927e581d1df43b0b94024a42692f2be79a5e827b3ab971395ac25e7738eba848dc537baec3b7eabdec707ab3fbed9e01e262ecb47bcf544fa4f66
SHA512 (kernel-kabi-dw-4.18.0-479.tar.bz2) = e91527cddef81a7b0e90403b890ca444975ff0f59aae5b99e93ffc187b3e8031e4e09cacaed4d667d25eaa149919b08580f9132e5684229f15d03e21b988439a