- Use AlmaLinux cert

2023-03-29 12:37:04 +03:00 · 2023-03-29 12:37:04 +03:00 · 68d9b1a40d
parent 7a9d84ae86
commit 68d9b1a40d
9 changed files with 24 additions and 9 deletions
--- a/.shim.metadata
+++ b/.shim.metadata
@ -1,3 +1,3 @@
-8ab193ad7addd71e4a820081f36d47e5ef727d28 SOURCES/shimaa64.efi
-c04dd5db5d91e8d1f597f2bfd878f55eba05a125 SOURCES/shimia32.efi
-9a08a40a69ba8ad6292a19aca367d819e875d789 SOURCES/shimx64.efi
+8f61bdc72cf582e2fdf094eac3bd911464857d89 SOURCES/shimaa64.efi
+cf0dc84373d0036f0420255baaa5a3b4760563ed SOURCES/shimia32.efi
+5957bbccac9f22c1738039679204be0bb57c3812 SOURCES/shimx64.efi
--- a/SOURCES/BOOTAA64.CSV
+++ b/SOURCES/BOOTAA64.CSV
--- a/SOURCES/BOOTIA32.CSV
+++ b/SOURCES/BOOTIA32.CSV
--- a/SOURCES/BOOTX64.CSV
+++ b/SOURCES/BOOTX64.CSV
--- a/SOURCES/almalinuxsecurebootca0.cer
+++ b/SOURCES/almalinuxsecurebootca0.cer
--- a/SOURCES/redhatsecureboot501.cer
+++ b/SOURCES/redhatsecureboot501.cer
--- a/SOURCES/redhatsecurebootca5.cer
+++ b/SOURCES/redhatsecurebootca5.cer
--- a/SOURCES/shim.rpmmacros
+++ b/SOURCES/shim.rpmmacros
@ -13,9 +13,9 @@
 %global shimefix64 %{expand:%{SOURCE22}}
 #%%global shimefiarm %%{expand:%%{SOURCE23}

-%global shimveraa64 15-7.el8_1
-%global shimveria32 15.6-1.el8
-%global shimverx64 15.6-1.el8
+%global shimveraa64 15-7.el8_1.alma.1
+%global shimveria32 15.6-1.el8.alma.1
+%global shimverx64 15.6-1.el8.alma.1
 #%%global shimverarm 15-1.el8

 %global shimdiraa64 %{_datadir}/shim/%{shimveraa64}/aa64
@ -48,6 +48,12 @@ Requires: mokutil >= 1:0.3.0-1						\
 Requires: efi-filesystem						\
 Provides: shim-signed-%{-a*} = %{version}-%{release}			\
 Requires: dbxtool >= 0.6-3						\
+Requires: %{efi_esp_dir}/grub%{-a*}.efi					\
+%{expand:%ifarch x86_64						\
+# SecureBoot keys dependencies						\
+Requires: almalinux(grub2-sig-key) >= 202303				\
+Requires: almalinux(kernel-sig-key) >= 202303				\
+%endif}											\
 %{expand:%%if 0%%{-p*}							\
 Provides: shim = %{version}-%{release}					\
 Provides: shim-signed = %{version}-%{release}				\
--- a/SPECS/shim.spec
+++ b/SPECS/shim.spec
@ -1,6 +1,10 @@
+%global efi_vendor almalinux
+%global efidir almalinux
+%global efi_esp_dir /boot/efi/EFI/%{efidir}
+
 Name:		shim
 Version:	15.6
-Release:	1%{?dist}
+Release:	1%{?dist}.alma.1
 Summary:	First-stage UEFI bootloader
 License:	BSD
 URL:		https://github.com/rhboot/shim/
@ -14,8 +18,7 @@ ExcludeArch:	%{ix86}
 ExcludeArch:	%{arm}

 Source0:	shim.rpmmacros
-Source1:	redhatsecureboot501.cer
-Source2:	redhatsecurebootca5.cer
+Source1:	almalinuxsecurebootca0.cer

 # keep these two lists of sources synched up arch-wise.  That is 0 and 10
 # match, 1 and 11 match, ...
@ -101,6 +104,12 @@ install -m 0700 %{shimefi} $RPM_BUILD_ROOT%{efi_esp_dir}/shim.efi
 %endif

 %changelog
+* Mon Feb 27 2023 Eduard Abdullin <eabdullin@almalinux.org> - 15.6-1.alma.1
+- Use AlmaLinux cert
+
+* Tue Aug 23 2022 Andrew Lukoshko <alukoshko@almalinux.org> - 15.6-1.alma
+- AlmaLinux changes
+
 * Mon Jun 06 2022 Peter Jones <pjones@redhat.com> - 15.6-1
 - Update to shim-15.6
  Resolves: CVE-2022-28737