diff --git a/SPECS/kernel-ml-6.12.spec b/SPECS/kernel-ml-6.12.spec index 34eff02..67df778 100644 --- a/SPECS/kernel-ml-6.12.spec +++ b/SPECS/kernel-ml-6.12.spec @@ -38,7 +38,7 @@ %endif # Set pkg_release. -%global pkg_release 1%{?buildid}%{?dist} +%global pkg_release 1%{?buildid}%{?dist}.inferit # Architectures upon which we can sign the kernel # for secure boot authentication. @@ -55,12 +55,6 @@ %global signmodules 0 %endif -### BCAT -# Further investigation is required before these features -# are enabled for the ELRepo Project kernels. -%global signkernel 0 -%global signmodules 0 -### BCAT # Compress modules on all architectures that build modules. %ifarch x86_64 || aarch64 @@ -254,7 +248,7 @@ Source2002: kvm_stat.logrotate %define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer %define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer -%define pesign_name_0 redhatsecureboot501 +%define pesign_name_0 spheresecureboot001 %endif %description @@ -887,7 +881,7 @@ cp -a --parents tools/include/tools/le_byteshift.h $RPM_BUILD_ROOT/lib/modules/% cp -a --parents tools/include/linux/compiler* $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build cp -a --parents tools/include/linux/types.h $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build cp -a --parents tools/build/Build.include $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build -# cp --parents tools/build/Build $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build +cp --parents tools/build/Build $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build cp --parents tools/build/fixdep.c $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build cp --parents tools/objtool/sync-check.sh $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build cp -a --parents tools/bpf/resolve_btfids $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build @@ -1113,6 +1107,11 @@ mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/%{name}-keys/%{KVERREL} install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/%{name}-keys/%{KVERREL}/kernel-signing-ca.cer %endif +%if 0%{?rhel} + # Red Hat IMA code-signing cert, which is used to authenticate package files + install -m 0644 %{ima_signing_cert} $RPM_BUILD_ROOT%{_datadir}/doc/%{name}-keys/$KernelVer/%{ima_cert_name} +%endif + %if %{signmodules} # Save the signing keys so that we can sign the modules in __modsign_install_post. cp certs/signing_key.pem certs/signing_key.pem.sign @@ -1494,6 +1493,7 @@ fi /lib/modules/%{KVERREL}%{?3:+%{3}}/weak-updates\ /lib/modules/%{KVERREL}%{?3:+%{3}}/systemtap\ %{_datadir}/doc/%{name}-keys/%{KVERREL}%{?3:+%{3}}\ +%{_datadir}/doc/%{name}-keys/ima.cer\ %if %{1}\ /lib/modules/%{KVERREL}%{?3:+%{3}}/vdso\ %endif\