Fix .spec for signature

pull/1/head
ebasov 4 weeks ago
parent 90287a24c1
commit cec00ed4db
Signed by: ebasov
GPG Key ID: 3DE9E7A44B2D38F6

@ -38,7 +38,7 @@
%endif %endif
# Set pkg_release. # Set pkg_release.
%global pkg_release 1%{?buildid}%{?dist} %global pkg_release 1%{?buildid}%{?dist}.inferit
# Architectures upon which we can sign the kernel # Architectures upon which we can sign the kernel
# for secure boot authentication. # for secure boot authentication.
@ -55,12 +55,6 @@
%global signmodules 0 %global signmodules 0
%endif %endif
### BCAT
# Further investigation is required before these features
# are enabled for the ELRepo Project kernels.
%global signkernel 0
%global signmodules 0
### BCAT
# Compress modules on all architectures that build modules. # Compress modules on all architectures that build modules.
%ifarch x86_64 || aarch64 %ifarch x86_64 || aarch64
@ -254,7 +248,7 @@ Source2002: kvm_stat.logrotate
%define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer %define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
%define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer %define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer
%define pesign_name_0 redhatsecureboot501 %define pesign_name_0 spheresecureboot001
%endif %endif
%description %description
@ -887,7 +881,7 @@ cp -a --parents tools/include/tools/le_byteshift.h $RPM_BUILD_ROOT/lib/modules/%
cp -a --parents tools/include/linux/compiler* $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build cp -a --parents tools/include/linux/compiler* $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build
cp -a --parents tools/include/linux/types.h $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build cp -a --parents tools/include/linux/types.h $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build
cp -a --parents tools/build/Build.include $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build cp -a --parents tools/build/Build.include $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build
# cp --parents tools/build/Build $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build cp --parents tools/build/Build $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build
cp --parents tools/build/fixdep.c $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build cp --parents tools/build/fixdep.c $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build
cp --parents tools/objtool/sync-check.sh $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build cp --parents tools/objtool/sync-check.sh $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build
cp -a --parents tools/bpf/resolve_btfids $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build cp -a --parents tools/bpf/resolve_btfids $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/build
@ -1113,6 +1107,11 @@ mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/%{name}-keys/%{KVERREL}
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/%{name}-keys/%{KVERREL}/kernel-signing-ca.cer install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/%{name}-keys/%{KVERREL}/kernel-signing-ca.cer
%endif %endif
%if 0%{?rhel}
# Red Hat IMA code-signing cert, which is used to authenticate package files
install -m 0644 %{ima_signing_cert} $RPM_BUILD_ROOT%{_datadir}/doc/%{name}-keys/$KernelVer/%{ima_cert_name}
%endif
%if %{signmodules} %if %{signmodules}
# Save the signing keys so that we can sign the modules in __modsign_install_post. # Save the signing keys so that we can sign the modules in __modsign_install_post.
cp certs/signing_key.pem certs/signing_key.pem.sign cp certs/signing_key.pem certs/signing_key.pem.sign
@ -1494,6 +1493,7 @@ fi
/lib/modules/%{KVERREL}%{?3:+%{3}}/weak-updates\ /lib/modules/%{KVERREL}%{?3:+%{3}}/weak-updates\
/lib/modules/%{KVERREL}%{?3:+%{3}}/systemtap\ /lib/modules/%{KVERREL}%{?3:+%{3}}/systemtap\
%{_datadir}/doc/%{name}-keys/%{KVERREL}%{?3:+%{3}}\ %{_datadir}/doc/%{name}-keys/%{KVERREL}%{?3:+%{3}}\
%{_datadir}/doc/%{name}-keys/ima.cer\
%if %{1}\ %if %{1}\
/lib/modules/%{KVERREL}%{?3:+%{3}}/vdso\ /lib/modules/%{KVERREL}%{?3:+%{3}}/vdso\
%endif\ %endif\

Loading…
Cancel
Save