Modified to use MSVSphere Secure Boot certificates

i8 changed/i8/grub2-2.02-150.el8.inferit
Arkady L. Shane 1 year ago
parent fb4952d551
commit 1b8ef8a8a2
Signed by: tigro
GPG Key ID: 1EC08A25C9DB2503

@ -1,9 +1,5 @@
3d7eb6eaab28b88cb969ba9ab24af959f4d1b178 SOURCES/grub-2.02.tar.xz
4a07b56e28741884b86da6ac91f8f9929541a1e4 SOURCES/redhatsecureboot301.cer
3f94c47f1d08bacc7cb29bdd912e286b8d2f6fcf SOURCES/redhatsecureboot502.cer
039357ef97aab3e484d1119edd4528156f5859e6 SOURCES/redhatsecureboot601.cer
e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot701.cer
cf9230e69000076727e5b784ec871d22716dc5da SOURCES/redhatsecurebootca3.cer
e6f506462069aa17d2e8610503635c20f3a995c3 SOURCES/redhatsecurebootca5.cer
cf0b7763c528902da7e8b05cfa248f20c8825ce5 SOURCES/theme.tar.bz2
87f8600ba24e521b5d20bdf6c4b71af8ae861e3a SOURCES/unifont-5.1.20080820.pcf.gz
57720b361064834b4878229b61aa0a74b66e1037 SOURCES/spheresecureboot001.cer
5dfa9ba02dc64f6bf3275f2a150e369a181b9e02 SOURCES/spheresecurebootca.cer

@ -285,7 +285,13 @@ Requires: %{name}-common = %{evr} \
Requires: %{name}-tools-minimal >= %{evr} \
Requires: %{name}-tools-extra = %{evr} \
Requires: %{name}-tools = %{evr} \
Requires: %{efi_esp_dir}/shim%%(echo %{1} | cut -d- -f2).efi \
Provides: %{name}-efi = %{evr} \
Provides: msvsphere(grub2-sig-key) = 202303 \
%{expand:%%ifarch x86_64 \
Conflicts: shim-x64 <= 15.6-1.el8.inferit \
Conflicts: shim-ia32 <= 15.6-1.el8.inferit \
%%endif} \
%{?legacy_provides:Provides: %{name} = %{evr}} \
%{-o:Obsoletes: %{name}-efi < %{evr}} \
\
@ -540,7 +546,7 @@ install -D -m 700 unicode.pf2 \\\
$RPM_BUILD_ROOT%{efi_esp_dir}/fonts/unicode.pf2 \
${RPM_BUILD_ROOT}/%{_bindir}/%{name}-editenv \\\
${RPM_BUILD_ROOT}%{efi_esp_dir}/grubenv create \
ln -sf ../efi/EFI/%{efi_vendor}/grubenv \\\
ln -sf ../efi/EFI/%{efidir}/grubenv \\\
$RPM_BUILD_ROOT/boot/grub2/grubenv \
cd .. \
%{nil}

@ -1,3 +1,4 @@
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
grub,3,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/
grub.rh,2,Red Hat,grub2,@@VERSION_RELEASE@@,mailto:secalert@redhat.com
grub.rh,2,Red Hat,grub2,@@RHEL_VERSION_RELEASE@@,mailto:secalert@redhat.com
grub.msvsphere,2,MSVSphere,grub2,@@VERSION_RELEASE@@,mailto:security@msvsphere-os.ru

@ -1,3 +1,7 @@
%global efi_vendor msvsphere
%global efidir msvsphere
%global efi_esp_dir /boot/efi/EFI/%{efidir}
%undefine _hardened_build
%global tarversion 2.02
@ -24,12 +28,8 @@ Source6: gitignore
Source8: strtoull_test.c
Source9: 20-grub.install
Source12: 99-grub-mkconfig.install
Source13: redhatsecurebootca3.cer
Source14: redhatsecureboot301.cer
Source15: redhatsecurebootca5.cer
Source16: redhatsecureboot502.cer
Source17: redhatsecureboot601.cer
Source18: redhatsecureboot701.cer
Source13: spheresecurebootca.cer
Source14: spheresecureboot001.cer
Source19: sbat.csv.in
%include %{SOURCE1}
@ -37,17 +37,14 @@ Source19: sbat.csv.in
%if 0%{with_efi_arch}
%define old_sb_ca %{SOURCE13}
%define old_sb_cer %{SOURCE14}
%define old_sb_key redhatsecureboot301
%define sb_ca %{SOURCE15}
%define sb_cer %{SOURCE16}
%define sb_key redhatsecureboot502
%define old_sb_key spheresecureboot001
%define sb_ca %{SOURCE13}
%define sb_cer %{SOURCE14}
%define sb_key spheresecureboot001
%endif
%ifarch ppc64le
%define old_sb_cer %{SOURCE17}
%define sb_cer %{SOURCE18}
%define sb_key redhatsecureboot702
%endif
# MSVSphere: keep upstream EVR for RHEL SBAT entry
%define rhel_version_release $(echo %{version}-%{release} | sed 's/\.inferit.*//')
# generate with do-rebase
%include %{SOURCE2}
@ -166,7 +163,7 @@ This subpackage provides tools for support of all platforms.
mkdir grub-%{grubefiarch}-%{tarversion}
grep -A100000 '# stuff "make" creates' .gitignore > grub-%{grubefiarch}-%{tarversion}/.gitignore
cp %{SOURCE4} grub-%{grubefiarch}-%{tarversion}/unifont.pcf.gz
sed -e "s,@@VERSION@@,%{version},g" -e "s,@@VERSION_RELEASE@@,%{version}-%{release},g" \
sed -e "s,@@VERSION@@,%{version},g" -e "s,@@VERSION_RELEASE@@,%{version}-%{release},g" -e "s,@@RHEL_VERSION_RELEASE@@,%{rhel_version_release},g" \
%{SOURCE19} > grub-%{grubefiarch}-%{tarversion}/sbat.csv
git add grub-%{grubefiarch}-%{tarversion}
%endif
@ -341,6 +338,20 @@ if [ "$1" = 0 ]; then
/sbin/install-info --delete --info-dir=%{_infodir} %{_infodir}/%{name}-dev.info.gz || :
fi
%if 0%{with_efi_arch}
%posttrans %{package_arch}
if [ -d /sys/firmware/efi ] && [ ! -f %{efi_esp_dir}/grub.cfg ]; then
grub2-mkconfig -o %{efi_esp_dir}/grub.cfg || :
fi
%endif
%if 0%{with_alt_efi_arch}
%posttrans %{alt_package_arch}
if [ -d /sys/firmware/efi ] && [ ! -f %{efi_esp_dir}/grub.cfg ]; then
grub2-mkconfig -o %{efi_esp_dir}/grub.cfg || :
fi
%endif
%files common -f grub.lang
%dir %{_libdir}/grub/
%dir %{_datarootdir}/grub/
@ -511,6 +522,7 @@ fi
%changelog
* Wed Dec 20 2023 Arkady L. Shane <tigro@msvsphere-os.ru> - 2.02-150.inferit
- Modified to use MSVSphere Secure Boot certificates
- Drop brackets from grub menu (INF-738)
* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 2.02-150

Loading…
Cancel
Save