diff --git a/SOURCES/sbat.csv.in b/SOURCES/sbat.csv.in index b338b5f..473ad95 100755 --- a/SOURCES/sbat.csv.in +++ b/SOURCES/sbat.csv.in @@ -1,3 +1,4 @@ sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md grub,3,Free Software Foundation,grub,@@VERSION@@,https//www.gnu.org/software/grub/ -grub.rh,2,Red Hat,grub2,@@VERSION_RELEASE@@,mailto:secalert@redhat.com +grub.rh,2,Red Hat,grub2,@@RHEL_VERSION_RELEASE@@,mailto:secalert@redhat.com +grub.msvsphere,2,MSVSphere,grub2,@@VERSION_RELEASE@@,mailto:security@msvsphere-os.ru diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec index c515893..547451d 100644 --- a/SPECS/grub2.spec +++ b/SPECS/grub2.spec @@ -1,3 +1,6 @@ +%global efi_vendor msvsphere +%global efidir msvsphere +%global efi_esp_dir /boot/efi/EFI/%{efidir} # This package calls binutils components directly and would need to pass # in flags to enable the LTO plugins # Disable LTO @@ -16,7 +19,7 @@ Name: grub2 Epoch: 1 Version: 2.06 -Release: 70%{?dist}.1 +Release: 70%{?dist}.1.inferit Summary: Bootloader with support for Linux, Multiboot and more License: GPLv3+ URL: http://www.gnu.org/software/grub/ @@ -37,25 +40,9 @@ Source12: sbat.csv.in %include %{SOURCE1} -%ifarch x86_64 aarch64 ppc64le %define sb_ca %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer %define sb_cer %{_datadir}/pki/sb-certs/secureboot-grub2-%{_arch}.cer -%endif - -%if 0%{?centos} - -%ifarch x86_64 aarch64 ppc64le -%define sb_key centossecureboot202 -%endif -%else -%ifarch x86_64 aarch64 -%define sb_key redhatsecureboot502 -%endif -%ifarch ppc64le -%define sb_key redhatsecureboot702 -%endif - -%endif +%define sb_key spheresecureboot001 BuildRequires: gcc efi-srpm-macros @@ -97,6 +84,9 @@ variety of kernel formats, file systems, computer architectures and \ hardware devices.\ %{nil} +# MSVSphere: keep upstream EVR for RHEL SBAT entry +%define rhel_version_release $(echo %{version}-%{release} | sed 's/\.inferit.*//') + # generate with do-rebase %include %{SOURCE11} @@ -189,7 +179,7 @@ This subpackage provides the GRUB user-space emulation modules. mkdir grub-%{grubefiarch}-%{tarversion} grep -A100000 '# stuff "make" creates' .gitignore > grub-%{grubefiarch}-%{tarversion}/.gitignore cp %{SOURCE4} grub-%{grubefiarch}-%{tarversion}/unifont.pcf.gz -sed -e "s,@@VERSION@@,%{version},g" -e "s,@@VERSION_RELEASE@@,%{version}-%{release},g" \ +sed -e "s,@@VERSION@@,%{version},g" -e "s,@@VERSION_RELEASE@@,%{version}-%{release},g" -e "s,@@RHEL_VERSION_RELEASE@@,%{rhel_version_release},g" \ %{SOURCE12} > grub-%{grubefiarch}-%{tarversion}/sbat.csv git add grub-%{grubefiarch}-%{tarversion} %endif @@ -533,6 +523,11 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg %endif %changelog +* Thu Oct 12 2023 Sergey Cherevko - 2.06-70.el9_3.1.inferit +- Modified to use MSVSphere Secure Boot certificates + (changes from Eugene Zamriy have been applied) +- Rebuilt for MSVSphere 9.3 + * Thu Sep 7 2023 Nicolas Frayer - 2.06-70.el9_3.1 - Bump spec release version - Related: #2203203