From 7b7c17dc74ba3f474269442ce55c175255f41408 Mon Sep 17 00:00:00 2001
From: eabdullin <ed.abdullin.1@gmail.com>
Date: Fri, 17 Jun 2022 16:15:44 +0300
Subject: [PATCH] AlmaLinux chages

---
 ...001-Fix-a-broken-file-header-on-ia32.patch |  32 ------------------
 SOURCES/clsecureboot001.cer                   | Bin 0 -> 1561 bytes
 SOURCES/redhatsecurebootca5.cer               | Bin 920 -> 0 bytes
 SOURCES/sbat.cloudlinux.csv                   |   1 +
 SOURCES/sbat.redhat.csv                       |   1 -
 SPECS/shim-unsigned-x64.spec                  |  11 +++---
 6 files changed, 8 insertions(+), 37 deletions(-)
 delete mode 100644 SOURCES/0001-Fix-a-broken-file-header-on-ia32.patch
 create mode 100644 SOURCES/clsecureboot001.cer
 delete mode 100644 SOURCES/redhatsecurebootca5.cer
 create mode 100644 SOURCES/sbat.cloudlinux.csv
 delete mode 100644 SOURCES/sbat.redhat.csv

diff --git a/SOURCES/0001-Fix-a-broken-file-header-on-ia32.patch b/SOURCES/0001-Fix-a-broken-file-header-on-ia32.patch
deleted file mode 100644
index 1fbcb33..0000000
--- a/SOURCES/0001-Fix-a-broken-file-header-on-ia32.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 1bea91ba72165d97c3b453cf769cb4bc5c07207a Mon Sep 17 00:00:00 2001
-From: Peter Jones <pjones@redhat.com>
-Date: Wed, 31 Mar 2021 14:54:52 -0400
-Subject: [PATCH] Fix a broken file header on ia32
-
-Commit c6281c6a195edee61185 needs to have included a ". = ALIGN(4096)"
-directive before .reloc, but fails to do so.
-
-As a result, binutils, which does not care about the actual binary
-format's constraints in any way, does not enforce the section alignment,
-and it will not load.
-
-Signed-off-by: Peter Jones <pjones@redhat.com>
----
- elf_ia32_efi.lds | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/elf_ia32_efi.lds b/elf_ia32_efi.lds
-index 742e0a47a73..497a3a15265 100644
---- a/elf_ia32_efi.lds
-+++ b/elf_ia32_efi.lds
-@@ -15,6 +15,7 @@ SECTIONS
-    *(.gnu.linkonce.t.*)
-    _etext = .;
-   }
-+  . = ALIGN(4096);
-   .reloc :
-   {
-    *(.reloc)
--- 
-2.30.2
-
diff --git a/SOURCES/clsecureboot001.cer b/SOURCES/clsecureboot001.cer
new file mode 100644
index 0000000000000000000000000000000000000000..ca9ce5d92a13320a2995ed90f173ea719a132d8f
GIT binary patch
literal 1561
zcmZ`(Yfuwc6wXbS1jzzo5X>OBh=_zHxtj+9!bnI+p+=zweAJF{O%_-i65K3=V6`P`
zg!+Oiw$+NM3{cvRbwp7M<Fi^Fr&c?izU+V&99!x@6`xhd?qX>9<FB1_&iCE(?RW0E
z&?}q_y~s1afDicmiPrXi7P+NN-Rg^uj^4IR2t$PvWWGG#!%zUkK|ENy6Bok?LP0Si
zl<*5p_;iSIK?o`>c2G4W<HU+cYnj7oca~D53o|Qp3OorWau_ihrzdHqvK-?+R0(Az
z7|Q9ubd^k*lcpFCo(5Anpa4|{fVtHS>9CPDY!P9nY%kz?r;WtSRH=h<lwx`vX3o>8
zU|e*l3WsV{DvoP4TGbnDs9{5GAcS5Z!6h(4C{7Uq1bAm>@_|6YFE-;+7(G78M}rNd
zop2L0iATV2PECX)*l5Dk>U3O<$HA#wY63bL*TU2^EXQ6+VmX8d(^It7PU5jJhO385
zA`5A%ieN~rfG#CiV@9QqDqzb&l8`jD9Hy((P@^7aCo5+n4C4+6Mny(D>xqpR<A~4@
zqmyQ^`5uyXjdNXZcUIak6XmF^#>~zVhEx6umhZ5RVFal3r5M(h>Ej0sf_MTi2<Nf+
z5WW`xUfsxU^u*bvD~p;BZT`ZlS{`kb44-UksA{RrQuYYu^$hfNSXL8{z3Jxm_5F?=
z<~F*2-+9$rbMCAi1d`_Zr}s=-r<7cKDqWaAboR!y?hlMv-_7Y>%d}hSB1Z;Kc<pEI
zo~_rU(~Ubq_aFXn;F5XqA%9oLTJwXR?&~1GwLE>x_Vo?>QeGcGz_P@TPE#k$jU}t{
z=C4WMHPazOp*1PT3fm+ruI6lS_~q`^8L{y-bu+Gf%@__g=3FU^|HN|Z8E=KQmHrw0
zI*CrQY%Us>cb>W=8$P+bYg<Ipp*uG-uRY9I)=;lh+*`M_f1Y7^OmN1n@88dtY`TB&
z&A#Sjt$r(C0C=Fq3;I|`u0fO?O{@ff=LjG2poWX4A##`kll@8lL|;M~!&GD_l~&rW
zu#R4IMTK2SR#{zE!c|776l?)j3WM1z7!)J|0HI(hl#j&__~HWxjH5WMt_peJFsrki
z-H!kr@_n)ZoF*%rE{bu|o|m*GX*i7&n}AG#QSV0XKPQV|<lQM6!;${WwM^NW&&X&P
z%K^fWC?s;@w!OA)=U3-;uM`$-Z10+y`}^@nFZh!<er@Fc^0NQ?P52te#}GZ#L6I=1
zv=#*dR;*aIp$zyQxcNaq1i5D*pq>w+q?~#eYnR*Y9;aJhXnxTwk!v=F7YKwQfz8bV
zV01@f!?{5q0>0>7n9VhhK+@rCzjllgEbu48Bs8(uEH~tubc=NhbLDzdL9qcd<u52+
zf|(19MO>0ymIeCpOTfNz>=FRp+_ZMjPwTEfKR;4G<Kvk*tA=j<{X^%7$o0qY(8gE4
zMR%(wK0mdkX;<}ikJ4&txj4N+v2)2|^j_8;%~IJBH?iv*pQS1Da&~s<<tNF1ZV-ox
zd5=;=BDJQ)G#DRaNUixX;k_%f4n#+mdpdf2_P0BAXx(kGW6*Q}bZ)=>dG@D`O}rr^
zO(!d6#<-~YhKw(p3S9X|dM{X}bRc<Q#{En72-1ke-=gM9=k_)XXUto3bVId`h?NYq
z5|?y&!&kM(x-dNSru2cWcW+$X;r_TP*<X5nNp2-D%e0u4Vj3;N<42<pz7yr&M!6Ax
W>;161eWzPCUA!^tNx{O73;zPg)%xE6

literal 0
HcmV?d00001

diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer
deleted file mode 100644
index dfb0284954861282d1a0ce16c8c5cdc71c27659f..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 920
zcmXqLVxD5q#8k6@nTe5!iIbtZm{+@~;bN2lFB_*;n@8JsUPeZ4RtAH3LoovpHs(+k
zE*{>X)D#7e#1b6^&%9(kLq!95kT^4s1XNrhI5oMnC{@8JKfgr5*-^pNP{}|6ZW<?}
zm~e4wa$-(uQHeuQYDz|8iC%Jku7R95uaSX)nSrH&g`ugjS(G@hv4w%5p#_vndj~Wz
zDj|ECk(GhDiIJbdpox)-sfm%1;oPoQj^Z+n3p+UXFTAqySFqmPd3*j?Ys@hSTEP8<
zf#2*zv*WjwCq+F|Q?70*n-_6VPwv(E$rjn}*LF=h`h($l`O@&r`;HrrOo-N1I9RfZ
zxvgQ_lF0WfJ6z&|9Ilj$E@Ww)^ZxU(`JeguueG>6NxP$#b?ru1p1aqn$3D)YB{Qqo
zjCvjz?|=HkE#3AN-xTZpws*U~)f@D<hHx*rr)(NEvzYZp!}C-TDRu*$;<gRCi<g-#
z^KFcsxIBILE9>Z{t~uwMZy8<;F%jD%$u6!n#qYzp^Sryh{C;x9qf@!N=T4ui@b#({
zSD&^p3kNZ=9lAQ9%xdfP9doNToV+k2^LHOF<JVRuW=00a#lZ%F2C~5TmgQp+V-Y!%
zzx26A#x764$+P!na8Gn8n>D{5oE&78StJa^8n7$i2k94PWc<&<YQPMnkb@nV)_}pz
z$RPVX&M7PHOp)E}n3L-lp9;}?o3i@APVs%}E9D|KM%wramRy`J6~x-Y+I90o>xr*#
z`sciS&XK#@>h!OC8{=mczNLHbADCJ+pE=-CsaDOF#s}?5Q)1qq&%R~#cz>QmiAiVx
zk5XXYstAL9d+iK-w@u$FES<YPN5Z<$i*sS8`10oxUvmRDUKTjPckPLhB$Kz)rb~A;
z7pqN`Wn_C2lv%-c*}%nRLuvV$khM?pl$8F*{-4ao^K*vP9Lw!IjTb)uU|-JJoj<4R
z;o3irGXj>ybMIPOFY~9lmn~9nUf%vMc88@((p0B(#qL+!COmt7`j5IhPVzo{cRPw}
Pd!}BnFF!b8N6JS4>O*3Z

diff --git a/SOURCES/sbat.cloudlinux.csv b/SOURCES/sbat.cloudlinux.csv
new file mode 100644
index 0000000..606757e
--- /dev/null
+++ b/SOURCES/sbat.cloudlinux.csv
@@ -0,0 +1 @@
+shim.cloudlinux,2,CloudLinux,shim,15.6,security@cloudlinux.com
diff --git a/SOURCES/sbat.redhat.csv b/SOURCES/sbat.redhat.csv
deleted file mode 100644
index 2135543..0000000
--- a/SOURCES/sbat.redhat.csv
+++ /dev/null
@@ -1 +0,0 @@
-shim.redhat,1,Red Hat Inc,shim,15.5,secalert@redhat.com
diff --git a/SPECS/shim-unsigned-x64.spec b/SPECS/shim-unsigned-x64.spec
index 6064d69..feb75a3 100644
--- a/SPECS/shim-unsigned-x64.spec
+++ b/SPECS/shim-unsigned-x64.spec
@@ -1,7 +1,7 @@
 %global pesign_vre 0.106-1
 %global openssl_vre 1.0.2j
 
-%global efidir %(eval echo $(grep ^ID= /etc/os-release | sed -e 's/^ID=//' -e 's/rhel/redhat/'))
+%global efidir almalinux
 %global shimrootdir %{_datadir}/shim/
 %global shimversiondir %{shimrootdir}/%{version}-%{release}
 %global efiarch x64
@@ -20,17 +20,17 @@
 
 Name:		shim-unsigned-%{efiarch}
 Version:	15.6
-Release:	1.el9
+Release:	1.el9.alma
 Summary:	First-stage UEFI bootloader
 ExclusiveArch:	x86_64
 License:	BSD
 URL:		https://github.com/rhboot/shim
 Source0:	https://github.com/rhboot/shim/releases/download/%{version}/shim-%{version}.tar.bz2
-Source1:	redhatsecurebootca5.cer
+Source1:	clsecureboot001.cer
 %if 0%{?dbxfile}
 Source2:	%{dbxfile}
 %endif
-Source3:	sbat.redhat.csv
+Source3:	sbat.cloudlinux.csv
 Source4:	shim.patches
 
 Source100:	shim-find-debuginfo.sh
@@ -158,6 +158,9 @@ cd ..
 %files debugsource -f build-%{efiarch}/debugsource.list
 
 %changelog
+* Fri Jun 17 2022 Eduard Abdullin <eabdullin@almalinux.org> - 15.6-1.el9.alma
+- Use CloudLinux vendor cert and SBAT entry
+
 * Wed Jun 01 2022 Peter Jones <pjones@redhat.com> - 15.6-1.el9
 - Update to shim-15.6
   Resolves: CVE-2022-28737