kernel-4.18.0-479.el8
* Sat Mar 18 2023 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-479.el8] - redhat: add centos signing certs (Denys Vlasenko) - redhat: fix "make rh-brew" not choosing _scratch_ build (Denys Vlasenko) - mfd: intel-lpss: Add Intel Meteor Lake-P PCI IDs (Prarit Bhargava) [2156843] Resolves: rhbz#2156843, rhbz#2153936, rhbz#2179095 Signed-off-by: Denys Vlasenko <dvlasenk@redhat.com>
This commit is contained in:
parent
9eca8a6d9f
commit
9f46c15088
BIN
centossecureboot201.cer
Normal file
BIN
centossecureboot201.cer
Normal file
Binary file not shown.
BIN
centossecurebootca2.cer
Normal file
BIN
centossecurebootca2.cer
Normal file
Binary file not shown.
27
kernel.spec
27
kernel.spec
@ -446,15 +446,26 @@ Source9: x509.genkey
|
|||||||
%define signing_key_filename kernel-signing-s390.cer
|
%define signing_key_filename kernel-signing-s390.cer
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
|
%if 0%{?centos}
|
||||||
|
Source10: centossecurebootca2.cer
|
||||||
|
Source13: centossecureboot201.cer
|
||||||
|
%define secureboot_ca_0 %{SOURCE10}
|
||||||
|
%define secureboot_key_0 %{SOURCE13}
|
||||||
|
%define pesign_name_0 centossecureboot201
|
||||||
|
%else
|
||||||
Source10: redhatsecurebootca3.cer
|
Source10: redhatsecurebootca3.cer
|
||||||
Source11: redhatsecurebootca5.cer
|
#UNUSED, delete file after confirming it works:
|
||||||
|
#Source11: redhatsecurebootca5.cer
|
||||||
Source13: redhatsecureboot501.cer
|
Source13: redhatsecureboot501.cer
|
||||||
Source14: redhatsecureboot302.cer
|
Source14: redhatsecureboot302.cer
|
||||||
Source15: redhatsecureboot303.cer
|
Source15: redhatsecureboot303.cer
|
||||||
Source16: redhatsecurebootca7.cer
|
Source16: redhatsecurebootca7.cer
|
||||||
|
|
||||||
%define secureboot_ca_0 %{SOURCE10}
|
%define secureboot_ca_0 %{SOURCE10}
|
||||||
%define secureboot_ca_1 %{SOURCE11}
|
# TODO: secureboot_ca_2 is only for ppc64le on rhel -
|
||||||
|
# why doesn't it just define secureboot_ca_0 differently
|
||||||
|
# instead of using this separate _ca_2 variable?
|
||||||
|
# This would simplify some really nasty "if" blocks
|
||||||
%define secureboot_ca_2 %{SOURCE16}
|
%define secureboot_ca_2 %{SOURCE16}
|
||||||
|
|
||||||
%ifarch x86_64 aarch64
|
%ifarch x86_64 aarch64
|
||||||
@ -471,6 +482,7 @@ Source16: redhatsecurebootca7.cer
|
|||||||
%define secureboot_key_0 %{SOURCE15}
|
%define secureboot_key_0 %{SOURCE15}
|
||||||
%define pesign_name_0 redhatsecureboot701
|
%define pesign_name_0 redhatsecureboot701
|
||||||
%endif
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
Source17: mod-blacklist.sh
|
Source17: mod-blacklist.sh
|
||||||
Source18: mod-sign.sh
|
Source18: mod-sign.sh
|
||||||
@ -1158,6 +1170,7 @@ done
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Add DUP and kpatch certificates to system trusted keys for RHEL
|
# Add DUP and kpatch certificates to system trusted keys for RHEL
|
||||||
|
%if 0%{?rhel}
|
||||||
%if %{signkernel}%{signmodules}
|
%if %{signkernel}%{signmodules}
|
||||||
openssl x509 -inform der -in %{SOURCE100} -out rheldup3.pem
|
openssl x509 -inform der -in %{SOURCE100} -out rheldup3.pem
|
||||||
openssl x509 -inform der -in %{SOURCE101} -out rhelkpatch1.pem
|
openssl x509 -inform der -in %{SOURCE101} -out rhelkpatch1.pem
|
||||||
@ -1170,6 +1183,7 @@ for i in *.config; do
|
|||||||
sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS=""@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rhel.pem"@' $i
|
sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS=""@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rhel.pem"@' $i
|
||||||
done
|
done
|
||||||
%endif
|
%endif
|
||||||
|
%endif
|
||||||
|
|
||||||
cp %{SOURCE42} .
|
cp %{SOURCE42} .
|
||||||
./process_configs.sh -w -c %{name} %{rpmversion} %{?cross_opts}
|
./process_configs.sh -w -c %{name} %{rpmversion} %{?cross_opts}
|
||||||
@ -1740,11 +1754,15 @@ BuildKernel() {
|
|||||||
|
|
||||||
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
|
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
|
||||||
|
%if 0%{?rhel}
|
||||||
%ifarch ppc64le
|
%ifarch ppc64le
|
||||||
install -m 0644 %{secureboot_ca_2} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
install -m 0644 %{secureboot_ca_2} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
||||||
%else
|
%else
|
||||||
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
||||||
%endif
|
%endif
|
||||||
|
%else
|
||||||
|
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
||||||
|
%endif
|
||||||
%ifarch s390x ppc64le
|
%ifarch s390x ppc64le
|
||||||
if [ $DoModules -eq 1 ]; then
|
if [ $DoModules -eq 1 ]; then
|
||||||
if [ -x /usr/bin/rpm-sign ]; then
|
if [ -x /usr/bin/rpm-sign ]; then
|
||||||
@ -2688,7 +2706,10 @@ fi
|
|||||||
#
|
#
|
||||||
#
|
#
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Mar 17 2023 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-479.el8]
|
* Sat Mar 18 2023 Denys Vlasenko <dvlasenk@redhat.com> [4.18.0-479.el8]
|
||||||
|
- redhat: add centos signing certs (Denys Vlasenko)
|
||||||
|
- redhat: fix "make rh-brew" not choosing _scratch_ build (Denys Vlasenko)
|
||||||
|
- mfd: intel-lpss: Add Intel Meteor Lake-P PCI IDs (Prarit Bhargava) [2156843]
|
||||||
- x86/cpu: Add CPU model numbers for Meteor Lake (Prarit Bhargava) [2153936]
|
- x86/cpu: Add CPU model numbers for Meteor Lake (Prarit Bhargava) [2153936]
|
||||||
- redhat: require grub2 >= 2.02-99 (Denys Vlasenko) [2179095]
|
- redhat: require grub2 >= 2.02-99 (Denys Vlasenko) [2179095]
|
||||||
- redhat: delete unused script and file (Denys Vlasenko) [2179095]
|
- redhat: delete unused script and file (Denys Vlasenko) [2179095]
|
||||||
|
6
sources
6
sources
@ -1,3 +1,3 @@
|
|||||||
SHA512 (linux-4.18.0-479.el8.tar.xz) = 869dedc389501dc314ff6a50c3550956e29bbb205b4db33c0c19f9fdc044aaaf2f9e71a8cec30de32487ff55a37f9de2cd188b44d53f19ec1f9fbae15864ded2
|
SHA512 (linux-4.18.0-479.el8.tar.xz) = 3f1cd8c8c2b2a48bf7509fbf137f66e0685e5e911b8775b4588f77aaa825a456fbbf568e261c3802a193fee70b2f063cce384ceb6ba54d051960c44d3570631b
|
||||||
SHA512 (kernel-abi-stablelists-4.18.0-479.tar.bz2) = dba639a523d927e581d1df43b0b94024a42692f2be79a5e827b3ab971395ac25e7738eba848dc537baec3b7eabdec707ab3fbed9e01e262ecb47bcf544fa4f66
|
SHA512 (kernel-abi-stablelists-4.18.0-479.tar.bz2) = 6696893e336830ea1c7108e69f72704dc884507a355f87a545e03ac0ad6046490f264d7a1c1ab159fad2b4714f04b81817a1794064c52cca2265aadfb381b729
|
||||||
SHA512 (kernel-kabi-dw-4.18.0-479.tar.bz2) = e91527cddef81a7b0e90403b890ca444975ff0f59aae5b99e93ffc187b3e8031e4e09cacaed4d667d25eaa149919b08580f9132e5684229f15d03e21b988439a
|
SHA512 (kernel-kabi-dw-4.18.0-479.tar.bz2) = e4acc8a0d2babc3874870a8ff95917dc5741b897f32a9e4b6475430d5da3c1a8f75b194961d1c3054ae9a0dff7751e5f25ea4c6228d69a0ae604f5283cfd9ca6
|
||||||
|
Loading…
Reference in New Issue
Block a user