diff --git a/.fwupd.metadata b/.fwupd.metadata index 8488b53..dc7591b 100644 --- a/.fwupd.metadata +++ b/.fwupd.metadata @@ -7,7 +7,5 @@ b5b2dc87daca1d3f8081a323290432c141aa405d SOURCES/DBXUpdate-20200729-aa64.cab 59006fd556faeacc8185075c8fe7826249a2da32 SOURCES/fwupd-1.7.8.tar.xz 1a586c3634ef190e6128351ee60fd17d0e584f7c SOURCES/fwupd-efi-1.3.tar.xz a62a28924d26cd49b6441170795a237ba33ec192 SOURCES/libjcat-0.1.9.tar.xz -4a07b56e28741884b86da6ac91f8f9929541a1e4 SOURCES/redhatsecureboot301.cer -33e260486f5c12e47b72b90dfb779ca892f56c45 SOURCES/redhatsecureboot503.cer -cf9230e69000076727e5b784ec871d22716dc5da SOURCES/redhatsecurebootca3.cer -e6f506462069aa17d2e8610503635c20f3a995c3 SOURCES/redhatsecurebootca5.cer +57720b361064834b4878229b61aa0a74b66e1037 SOURCES/spheresecureboot001.cer +5dfa9ba02dc64f6bf3275f2a150e369a181b9e02 SOURCES/spheresecurebootca.cer diff --git a/.gitignore b/.gitignore index 828fc49..7601c00 100644 --- a/.gitignore +++ b/.gitignore @@ -7,7 +7,5 @@ SOURCES/DBXUpdate-20200729-x64.cab SOURCES/fwupd-1.7.8.tar.xz SOURCES/fwupd-efi-1.3.tar.xz SOURCES/libjcat-0.1.9.tar.xz -SOURCES/redhatsecureboot301.cer -SOURCES/redhatsecureboot503.cer -SOURCES/redhatsecurebootca3.cer -SOURCES/redhatsecurebootca5.cer +SOURCES/spheresecureboot001.cer +SOURCES/spheresecurebootca.cer diff --git a/SPECS/fwupd.spec b/SPECS/fwupd.spec index 4318f52..4ce38e8 100644 --- a/SPECS/fwupd.spec +++ b/SPECS/fwupd.spec @@ -40,7 +40,7 @@ Summary: Firmware update daemon Name: fwupd Version: 1.7.8 -Release: 2%{?dist} +Release: 2%{?dist}.inferit License: LGPLv2+ URL: https://github.com/fwupd/fwupd Source0: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz @@ -54,12 +54,9 @@ Source13: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-aa64.cab Source14: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-ia32.cab Source15: http://people.redhat.com/rhughes/dbx/DBXUpdate-20200729-x64.cab -# these are numbered high just to keep them wildly away from colliding with -# the real package sources, in order to reduce churn. -Source300: redhatsecurebootca3.cer -Source301: redhatsecureboot301.cer -Source500: redhatsecurebootca5.cer -Source503: redhatsecureboot503.cer +# MSVSphere secureboot certificates +Source1000: spheresecurebootca.cer +Source1001: spheresecureboot001.cer Patch1: 0001-redfish-Set-the-permissions-of-redfish.conf-at-insta.patch Patch2: 0002-redfish-Only-create-users-using-IPMI-when-we-know-it.patch @@ -220,11 +217,11 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1 -Dplugin_uefi_capsule=true \ -Dplugin_uefi_pk=false \ %ifarch x86_64 - -Dfwupd-efi:efi_sbat_distro_id="rhel" \ - -Dfwupd-efi:efi_sbat_distro_summary="Red Hat Enterprise Linux" \ + -Dfwupd-efi:efi_sbat_distro_id="msvsphere" \ + -Dfwupd-efi:efi_sbat_distro_summary="MSVSphere" \ -Dfwupd-efi:efi_sbat_distro_pkgname="%{name}" \ -Dfwupd-efi:efi_sbat_distro_version="%{version}" \ - -Dfwupd-efi:efi_sbat_distro_url="mail:secalert@redhat.com" \ + -Dfwupd-efi:efi_sbat_distro_url="mail:security@msvsphere-os.ru" \ -Dfwupd-efi:efi-libdir="/usr/lib64" \ %endif -Dplugin_tpm=false \ @@ -272,9 +269,7 @@ install %{SOURCE10} %{SOURCE11} %{SOURCE12} %{SOURCE13} %{SOURCE14} %{SOURCE15} %ifarch x86_64 %global efiarch x64 %global fwup_efi_fn $RPM_BUILD_ROOT%{_libexecdir}/fwupd/efi/fwupd%{efiarch}.efi -%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp -a %{SOURCE300} -c %{SOURCE301} -n redhatsecureboot301 -%pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed -a %{SOURCE500} -c %{SOURCE503} -n redhatsecureboot503 -rm -fv %{fwup_efi_fn}.tmp +%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.signed -a %{SOURCE1000} -c %{SOURCE1001} -n spheresecureboot001 %endif mkdir -p --mode=0700 $RPM_BUILD_ROOT%{_localstatedir}/lib/fwupd/gnupg @@ -531,6 +526,9 @@ done %endif %changelog +* Tue Dec 19 2023 Arkady L. Shane - 1.7.8-2.inferit +- Modified to use MSVSphere Secure Boot certificates + * Tue Jul 25 2023 MSVSphere Packaging Team - 1.7.8-2 - Rebuilt for MSVSphere 8.8