Modified to use MSVSphere Secure Boot certificates

i9-fuzzing changed/i9/kernel-5.14.0-162.6.1.el9_1
Eugene Zamriy 2 years ago
parent 468e477c80
commit 22e073b08f
Signed by untrusted user: ezamriy
GPG Key ID: 7EBF95C7DCFA496C

Binary file not shown.

Binary file not shown.

@ -5,9 +5,9 @@ prompt = no
x509_extensions = myexts
[ req_distinguished_name ]
O = The CentOS Project
CN = CentOS Stream kernel signing key
emailAddress = security@centos.org
O = NCSD LLC
CN = MSVSphere kernel signing key
emailAddress = security@msvsphere.ru
[ myexts ]
basicConstraints=critical,CA:FALSE

@ -5,9 +5,9 @@ prompt = no
x509_extensions = myexts
[ req_distinguished_name ]
O = Red Hat
CN = Red Hat Enterprise Linux kernel signing key
emailAddress = secalert@redhat.com
O = NCSD LLC
CN = MSVSphere kernel signing key
emailAddress = security@msvsphere.ru
[ myexts ]
basicConstraints=critical,CA:FALSE

@ -694,20 +694,7 @@ Source1: Makefile.rhelver
%define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
%define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer
%if 0%{?centos}
%define pesign_name_0 centossecureboot201
%else
%ifarch x86_64 aarch64
%define pesign_name_0 redhatsecureboot501
%endif
%ifarch s390x
%define pesign_name_0 redhatsecureboot302
%endif
%ifarch ppc64le
%define pesign_name_0 redhatsecureboot701
%endif
%endif
%define pesign_name_0 spheresecureboot001
# signkernel
%endif
@ -780,8 +767,8 @@ Source82: update_scripts.sh
Source84: mod-internal.list
Source100: rheldup3.x509
Source101: rhelkpatch1.x509
Source100: msvspheredup1.x509
Source101: msvspherepatch1.x509
Source200: check-kabi
@ -1045,12 +1032,12 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio
%endif
%package -n kernel-abi-stablelists
Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
Summary: The MSVSphere kernel ABI symbol stablelists
AutoReqProv: no
%description -n kernel-abi-stablelists
The kABI package contains information pertaining to the Red Hat Enterprise
Linux kernel ABI, including lists of kernel symbols that are needed by
external Linux kernel modules, and a yum plugin to aid enforcement.
The kABI package contains information pertaining to the MSVSphere kernel ABI,
including lists of kernel symbols that are needed by external Linux kernel
modules, and a yum plugin to aid enforcement.
%if %{with_kabidw_base}
%package kernel-kabidw-base-internal
@ -1058,8 +1045,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
Group: System Environment/Kernel
AutoReqProv: no
%description kernel-kabidw-base-internal
The package contains data describing the current ABI of the Red Hat Enterprise
Linux kernel, suitable for the kabi-dw tool.
The package contains data describing the current ABI of the MSVSphere kernel,
suitable for the kabi-dw tool.
%endif
#
@ -1157,7 +1144,7 @@ Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?1:+%{1}}\
AutoReq: no\
AutoProv: yes\
%description %{?1:%{1}-}modules-internal\
This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
This package provides kernel modules for the %{?2:%{2} }kernel package for MSVSphere internal usage.\
%{nil}
#
@ -1453,7 +1440,7 @@ done
# Adjust FIPS module name for RHEL
%if 0%{?rhel}
for i in *.config; do
sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="Red Hat Enterprise Linux %{rhel} - Kernel Cryptographic API"/' $i
sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="MSVSphere %{rhel} - Kernel Cryptographic API"/' $i
done
%endif
@ -1472,18 +1459,6 @@ done
cp %{SOURCE82} .
RPM_SOURCE_DIR=$RPM_SOURCE_DIR ./update_scripts.sh %{primary_target}
# We may want to override files from the primary target in case of building
# against a flavour of it (eg. centos not rhel), thus override it here if
# necessary
if [ "%{primary_target}" == "rhel" ]; then
%if 0%{?centos}
echo "Updating scripts/sources to centos version"
RPM_SOURCE_DIR=$RPM_SOURCE_DIR ./update_scripts.sh centos
%else
echo "Not updating scripts/sources to centos version"
%endif
fi
# end of kernel config
%endif
@ -2103,7 +2078,7 @@ BuildKernel() {
# prune junk from kernel-devel
find $RPM_BUILD_ROOT/usr/src/kernels -name ".*.cmd" -delete
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
# MSVSphere UEFI Secure Boot CA cert, which can be used to authenticate the kernel
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
%if %{signkernel}
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
@ -3017,8 +2992,9 @@ fi
#
#
%changelog
* Wed Mar 15 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 5.14.0-162.6.1
- Rebuilt for MSVSphere 9.1.
* Mon Mar 27 2023 Eugene Zamriy <ezamriy@msvsphere.ru> - 5.14.0-162.6.1.el9_1
- Modified to use MSVSphere Secure Boot certificates
- Rebuilt for MSVSphere 9.1
* Fri Sep 30 2022 Patrick Talbert <ptalbert@redhat.com> [5.14.0-162.6.1.el9_1]
- kabi: add symbol yield to stablelist (Čestmír Kalina) [2120286]

Loading…
Cancel
Save