|
|
|
@ -38,7 +38,7 @@
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
# Set pkg_release.
|
|
|
|
|
%global pkg_release 1%{?buildid}%{?dist}
|
|
|
|
|
%global pkg_release 1%{?buildid}%{?dist}.inferit
|
|
|
|
|
|
|
|
|
|
# Architectures upon which we can sign the kernel
|
|
|
|
|
# for secure boot authentication.
|
|
|
|
@ -55,12 +55,6 @@
|
|
|
|
|
%global signmodules 0
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
### BCAT
|
|
|
|
|
# Further investigation is required before these features
|
|
|
|
|
# are enabled for the ELRepo Project kernels.
|
|
|
|
|
%global signkernel 0
|
|
|
|
|
%global signmodules 0
|
|
|
|
|
### BCAT
|
|
|
|
|
|
|
|
|
|
# Compress modules on all architectures that build modules.
|
|
|
|
|
%ifarch x86_64 || aarch64
|
|
|
|
@ -254,7 +248,7 @@ Source2002: kvm_stat.logrotate
|
|
|
|
|
%define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
|
|
|
|
|
%define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer
|
|
|
|
|
|
|
|
|
|
%define pesign_name_0 redhatsecureboot501
|
|
|
|
|
%define pesign_name_0 spheresecureboot001
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%description
|
|
|
|
@ -887,7 +881,7 @@ cp -a --parents tools/include/tools/le_byteshift.h $RPM_BUILD_ROOT/lib/modules/%
|
|
|
|
|
cp -a --parents tools/include/linux/compiler* $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build
|
|
|
|
|
cp -a --parents tools/include/linux/types.h $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build
|
|
|
|
|
cp -a --parents tools/build/Build.include $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build
|
|
|
|
|
# cp --parents tools/build/Build $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build
|
|
|
|
|
cp --parents tools/build/Build $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build
|
|
|
|
|
cp --parents tools/build/fixdep.c $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build
|
|
|
|
|
cp --parents tools/objtool/sync-check.sh $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build
|
|
|
|
|
cp -a --parents tools/bpf/resolve_btfids $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build
|
|
|
|
@ -1113,6 +1107,11 @@ mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/%{name}-keys/%{KVERREL}
|
|
|
|
|
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/%{name}-keys/%{KVERREL}/kernel-signing-ca.cer
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%if 0%{?rhel}
|
|
|
|
|
# Red Hat IMA code-signing cert, which is used to authenticate package files
|
|
|
|
|
install -m 0644 %{ima_signing_cert} $RPM_BUILD_ROOT%{_datadir}/doc/%{name}-keys/$KernelVer/%{ima_cert_name}
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
%if %{signmodules}
|
|
|
|
|
# Save the signing keys so that we can sign the modules in __modsign_install_post.
|
|
|
|
|
cp certs/signing_key.pem certs/signing_key.pem.sign
|
|
|
|
@ -1494,6 +1493,7 @@ fi
|
|
|
|
|
/lib/modules/%{KVERREL}%{?3:+%{3}}/weak-updates\
|
|
|
|
|
/lib/modules/%{KVERREL}%{?3:+%{3}}/systemtap\
|
|
|
|
|
%{_datadir}/doc/%{name}-keys/%{KVERREL}%{?3:+%{3}}\
|
|
|
|
|
%{_datadir}/doc/%{name}-keys/ima.cer\
|
|
|
|
|
%if %{1}\
|
|
|
|
|
/lib/modules/%{KVERREL}%{?3:+%{3}}/vdso\
|
|
|
|
|
%endif\
|
|
|
|
|