From 589b54f9df9f159ff2ef67f4375a7f54d47b697a Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Wed, 29 Mar 2023 14:00:18 +0300
Subject: [PATCH] Use AlmaLinux cert

---
 SOURCES/almalinuxsecurebootca0.cer | Bin 0 -> 1787 bytes
 SOURCES/securebootca.cer           | Bin 977 -> 0 bytes
 SPECS/shim-unsigned-aarch64.spec   |   9 ++++++---
 3 files changed, 6 insertions(+), 3 deletions(-)
 create mode 100644 SOURCES/almalinuxsecurebootca0.cer
 delete mode 100644 SOURCES/securebootca.cer

diff --git a/SOURCES/almalinuxsecurebootca0.cer b/SOURCES/almalinuxsecurebootca0.cer
new file mode 100644
index 0000000000000000000000000000000000000000..6a4e99b9ed921c4af3db55a619260f1ab76110dc
GIT binary patch
literal 1787
zcmb7Edpy%?9NzEu+YQ4qp+X~z$h<!#p$oRjtthe5I<;n4v1uk{onoRAK8{FoFx^gc
z)hd-rIu)nr?ozG9NGF_fI7Am`6X*En{BeH&J@5N`pZ9&<&+mDF3_l2DxOH*_hG3YC
zc63{K)Mc`VR1X->NhS)Qi`TME^-dksg&-Xq2Cz{bpoK?*v3Lr+#1l0EMjD_^(GTMD
zB!UPL)n5=TknqD$I+(55K`6BGoxr#aQ34*7AqwMDg9H&mfiQx~@Sw6ns4M2o1LnrM
zj*bAGgM!g7R1KZf5ID|pa&dAA1xdG2GSJgV;wS_sr+Fwqoly#ygx9gdLs&@Wya0v}
z3LG4SP65Uf7hwvK$&cd3bH#kr3{2A~=u->>#eywd37;Auj^GLf30#RlB%EMPEi-l+
zkwox{5{U(2T$BpTN6nIqJ))wy{sLj#R%$>H)k_p74EruH#z6j)0c5b{#3zMt7(@o^
zW7O-~undMU6>I1J?%P(;)EDT<J`&<=PqZm?Eh+Gdc^{X>d~@7#vAD%qZ-ufkhh?j~
zapii8FZ6l4l2j4>$6Kvd%=FCfQ#Hi8bqZPzauDLVg0k(jF6nNqtfiz|Wxur8bX2ad
zdVcV5sacnCY_nO@_S&kodX}Gu=_h9qjw-&C&Q?YW8|~hwL@-lYMZxo*mT|n_rq!Dq
zNO?Kr*Z&ajuCl*+CptA}bH}3+sZUn7lNIOqU@O10Y8v~wWKcZqMh{nDsrrHAqC?Fn
zC5Od?^TaPN9vZwE>ENKiT9WIkzve%`+%Pg-+wtWhW?EoI?ykMo1m;;krtqoqrdY(Z
z>AG~nTPIVAdtr9e$os^OcI}Pat4B7uw#bZr_Ev0CoO20G4yS!W8C%*eNtWAYpL#d*
zedparl{a8zs7XrL79O+)cgO3rRq(Xe?bv+=_YavC&C0sI{5@^Is<rr7Q~oQL=9Ko_
zd&TbxFV50?)oW08?yPU9{?yXi;q$0tf$3uhOWxNtF#$EN9$(nj61mrZXRg<?fO5Aq
z{IFK_+_a`mJHJLPzOu2$``0#6NiXkuM_k_1)xDklhX*R_Aot#YOpZ%PWJx`Hvwv(+
zUSn91q<LmM;ZwJ8FJ8nt5r4k_e%;mzeMQkS+dKS(UD8v&r=*?B&+x(vVcja{*!1E*
zR`nr|@2-+JzzBqaj>w>gKnC3h)7Af**$k{YWr>DKj@ce|HuYY$w-4X7busAnE?sO0
z%rpc&tP$2Q5p}pRNtx`QBY$$Hy}hi^EzC7xG%sfQ5Hy0tA}}ElkTi6P2EzaYC>lh=
zl7Kdzs16YhM?esDptRPfdPAw7JRwLkg(U+Y4UdZT1n$5IPa2Kec@%;nJOpT9#`r7@
z85u`PBr&nB4i2&3%Ye=kMLRG8g8%`Ki%23t2=LQLO~*2UT1>u3z97|AGoqg0iKFNf
zr^ZU-duM1WW2`Y49;^^`UC`BhARRwieNz#L243SBz!P*O|5I1;uO$Gbj#^URPsEFj
znJ5J48Yh#m)_^Ae=Lv|2+!#zIQG$c)nJj+~w#N#V{a95^486KX5gC+(`LS(LuYLx&
zmK=g#7W3C{btC1qgXHu|&hAt1mVpg9@qz7)LQjirTbE=%tB>VaJ{w|W+SRlqtM=qq
z`BZ#(0JZP>i7X28yp;YFwn*+V^|hB(LiOc)PaARBXXK%~jS_tFjUyY$QX;*+r0V45
zkE=pT=tBm1C+#j}43w`s`%TdlzpX-LE<>U=F6|4*<{yn&V-xIkW##-D?u9_i{=os1
zQ~fq=HHqcUdPH1KbNZa$#kq3WF+jPXnVa;%`a)vjg(LknHdCYpovzocJ`VZSGQKX%
z9VuvTNmoc+L-8N(4b3q2QAF;sQhj@I<v<*0Ht?VN<knFg<}yq{?haG<fv+xMZkq1G
zfMeB!j>*nzv-=TicK8=0<z{!5STDIQowYE}{M!p%v*XagiZ@#a*rpBp-pFlw$j1cA
zMbdL^7Fn6pu1Ds+4F;K(`~A_^c|ytX^;TAfXxKtf>_FUZQQx>WuhjaYMX_P|t&zHv
TseG#v;Fg#3=RT@0&At3@_pP4Z

literal 0
HcmV?d00001

diff --git a/SOURCES/securebootca.cer b/SOURCES/securebootca.cer
deleted file mode 100644
index b2354007b9668258683b99a68fa5bdd3067c31b1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 977
zcmXqLVm@oo#I$t*GZP~d6DPykKFO2}lmD>>ylk9WZ60mkc^MhGSs4s`4b=@)*_cCF
zn1$tnQd1N>5=#_<Q<F=JQWc!?^Gg&ooE;UiQ!5n=H4T*v6ySO}8O4N)Q<D>OQj1C)
zic(WD5=-=w^K%X4#CZ)(42%qc(8R>VG)kP;*xbO#zzoWzwslR6O2{5!WMyD(V&rEq
zXkz4IYGPz$nC+~<?2{)QQnbB!-tOilfvp!W+5DVoSG#L+<>vi6EDouC4!V-;tv&JA
zN}nf->iaHo2tM8rAb&8=Njdj{a^${=Z?aE)&k<1VH{Q3Wx7jKD-_5CYum4K4d~JV`
z`ccOE*<7!m22LI4&u3g0F3h!NN?ysm?c*7~^lIfF3D-Xhnr_&uU!bJ$?ZS8WW+A0-
zr9raw{Iep~On)hDAUrqc*pZy>@YoE^;z#ABPp))utMY{K9XOZuN+87Vv97^}gccFK
z6&c%&T=rzVyKuJ1S>c?R<K#PxtGGq~?cMg~=gYe$SJ$!S^;`(O<ep~wX+Qso!rIJ(
zZL23GL@b?{ZqYAz@%i~&roT+gj0}v68`m2&t}&1W#<DCQix`WDgIJ50%Q>q?77kYS
zv==`X%}M<cV^9l{R%R(PC~3f|U}4}Ae=0{`6H>C|0a-81!fL?G$oL;QPJxLO7^jR3
zp{b9(0{X(lQ;+K%h_CKtxc%nd+9kH!CBia&JkgcqO9LvF9(I1~^2+p(_fBqs&+@+g
zjZG)^b(y8?lr#NV`RkoR|I-BpaSiJiPBV7drX0Bbe!0fPB95K&)ygj1YM5%bK;(6L
z=7Y@r2hM%A`uyr;o|A^(c{icYtu_B=WuE^MZ_<<d&TsQv+iB;vWxkm>i|1QMhsQHT
z<L>4}wg*#%C!d<*ePQAKPyWoS|9R;jPUx*P-5Ksuo_~6c3tyKHzf+y+r*{_;vOAw>
zmv4Wk&h*1hGe;ze)#t#BH;PsH)$e|FOmna8+@9jW!^ymRMf{q+C84h)mppfN*sxn6
NnfI|Q%N6m!6aeL$dME$@

diff --git a/SPECS/shim-unsigned-aarch64.spec b/SPECS/shim-unsigned-aarch64.spec
index afa01e7..768f36c 100644
--- a/SPECS/shim-unsigned-aarch64.spec
+++ b/SPECS/shim-unsigned-aarch64.spec
@@ -8,7 +8,7 @@
 %global __debug_install_post %{SOURCE100} aa64
 %undefine _debuginfo_subpackages
 
-%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/'))
+%global efidir almalinux
 %global shimrootdir %{_datadir}/shim/
 %global shimversiondir %{shimrootdir}/%{version}-%{release}
 %global efiarch aa64
@@ -16,13 +16,13 @@
 
 Name:		shim-unsigned-aarch64
 Version:	15
-Release:	7%{?dist}
+Release:	7%{?dist}.alma.1
 Summary:	First-stage UEFI bootloader
 ExclusiveArch:	aarch64
 License:	BSD
 URL:		https://github.com/rhboot/shim
 Source0:	https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
-Source1:	securebootca.cer
+Source1:	almalinuxsecurebootca0.cer
 # currently here's what's in our dbx:
 # nothing.
 Source2:	dbx.esl
@@ -137,6 +137,9 @@ cd ..
 %files debugsource -f build-%{efiarch}/debugsource.list
 
 %changelog
+* Mon Jun 21 2021 Eduard Abdullin <eabdullin@almalinux.org> - 15-7.alma.1
+- Use AlmaLinux cert
+
 * Tue Apr 06 2021 Peter Jones <pjones@redhat.com> - 15-7
 - Backport this to EL 8 so we can build-dep on the right version.
   Related: CVE-2020-14372 (and others)