diff --git a/.fwupd.metadata b/.fwupd.metadata index 8ec6c19..7e31521 100644 --- a/.fwupd.metadata +++ b/.fwupd.metadata @@ -13,7 +13,3 @@ d3ae610f5b6e602feded54eae8d67ddb7c60e64f SOURCES/DBXUpdate-20220812-aa64.cab bc6a604b29918d67d5fef745ad4375ca3d43d05e SOURCES/DBXUpdate-20230509-x64.cab 0abed3cf70b97366f77616b908af66f7b4ac6f1f SOURCES/fwupd-1.8.16.tar.xz 147b36f75fca288fd01d9ed4150866344d57df27 SOURCES/fwupd-efi-1.4.tar.xz -4a07b56e28741884b86da6ac91f8f9929541a1e4 SOURCES/redhatsecureboot301.cer -33e260486f5c12e47b72b90dfb779ca892f56c45 SOURCES/redhatsecureboot503.cer -cf9230e69000076727e5b784ec871d22716dc5da SOURCES/redhatsecurebootca3.cer -e6f506462069aa17d2e8610503635c20f3a995c3 SOURCES/redhatsecurebootca5.cer diff --git a/SOURCES/spheresecureboot001.cer b/SOURCES/spheresecureboot001.cer new file mode 100644 index 0000000..1cdb65a Binary files /dev/null and b/SOURCES/spheresecureboot001.cer differ diff --git a/SOURCES/spheresecurebootca.cer b/SOURCES/spheresecurebootca.cer new file mode 100644 index 0000000..4db57d7 Binary files /dev/null and b/SOURCES/spheresecurebootca.cer differ diff --git a/SPECS/fwupd.spec b/SPECS/fwupd.spec index ca4283d..96abd30 100644 --- a/SPECS/fwupd.spec +++ b/SPECS/fwupd.spec @@ -54,7 +54,7 @@ Summary: Firmware update daemon Name: fwupd Version: 1.8.16 -Release: 1%{?dist} +Release: 1%{?dist}.inferit License: LGPLv2+ URL: https://github.com/fwupd/fwupd Source0: http://people.freedesktop.org/~hughsient/releases/%{name}-%{version}.tar.xz @@ -76,12 +76,9 @@ Source20: http://people.redhat.com/rhughes/dbx/DBXUpdate-20230509-aa64.cab Source21: http://people.redhat.com/rhughes/dbx/DBXUpdate-20230509-ia32.cab Source22: http://people.redhat.com/rhughes/dbx/DBXUpdate-20230509-x64.cab -# these are numbered high just to keep them wildly away from colliding with -# the real package sources, in order to reduce churn. -Source300: redhatsecurebootca3.cer -Source301: redhatsecureboot301.cer -Source500: redhatsecurebootca5.cer -Source503: redhatsecureboot503.cer +# MSVSphere secureboot certificates +Source1000: spheresecurebootca.cer +Source1001: spheresecureboot001.cer BuildRequires: gettext BuildRequires: glib2-devel >= %{glib2_version} @@ -248,11 +245,11 @@ cd - -Dplugin_tpm=enabled \ -Defi_os_dir=%{efi_vendor} \ %ifarch x86_64 - -Dfwupd-efi:efi_sbat_distro_id="rhel" \ - -Dfwupd-efi:efi_sbat_distro_summary="Red Hat Enterprise Linux" \ + -Dfwupd-efi:efi_sbat_distro_id="msvsphere" \ + -Dfwupd-efi:efi_sbat_distro_summary="MSVSphere" \ -Dfwupd-efi:efi_sbat_distro_pkgname="%{name}" \ -Dfwupd-efi:efi_sbat_distro_version="%{version}" \ - -Dfwupd-efi:efi_sbat_distro_url="mail:secalert@redhat.com" \ + -Dfwupd-efi:efi_sbat_distro_url="mailto:security@msvsphere-os.ru" \ -Dfwupd-efi:efi-libdir="/usr/lib64" \ %endif %else @@ -306,8 +303,7 @@ install \ %ifarch x86_64 %global efiarch x64 %global fwup_efi_fn $RPM_BUILD_ROOT%{_libexecdir}/fwupd/efi/fwupd%{efiarch}.efi -%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.tmp -a %{SOURCE300} -c %{SOURCE301} -n redhatsecureboot301 -%pesign -s -i %{fwup_efi_fn}.tmp -o %{fwup_efi_fn}.signed -a %{SOURCE500} -c %{SOURCE503} -n redhatsecureboot503 +%pesign -s -i %{fwup_efi_fn} -o %{fwup_efi_fn}.signed -a %{SOURCE1000} -c %{SOURCE1001} -n spheresecureboot001 rm -fv %{fwup_efi_fn}.tmp %endif @@ -490,6 +486,10 @@ done %endif %changelog +* Tue Oct 10 2023 Sergey Cherevko - 1.8.16-1.inferit +- Modified to use MSVSphere Secure Boot certificates +- Rebuilt for MSVSphere 9.3 + * Fri Jun 09 2023 Richard Hughes 1.8.16-1 - Update to latest stable upstream version. - Resolves: rhbz#2209944