Commit 4e9b37e2 authored by Rocky Automation's avatar Rocky Automation 📺
Browse files

import kernel-4.18.0-305.el8

parent 2e78cd0d
bf2922872b49aeeb6fe4cdb149d4061604ed7488 SOURCES/kernel-abi-stablelists-4.18.0-305.tar.bz2
4d18d659f47e29331ec86f06d9bd64b93dbac657 SOURCES/kernel-kabi-dw-4.18.0-305.tar.bz2
6bdc275637da0e0f5f48955c500fd6464c3ce244 SOURCES/linux-4.18.0-305.el8.tar.xz
95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509
......@@ -19,7 +19,7 @@
%global distro_build 305
 
# Sign the x86_64 kernel for secure boot authentication
%ifarch x86_64 aarch64
%ifarch x86_64 aarch64 s390x ppc64le
%global signkernel 1
%else
%global signkernel 0
......@@ -433,7 +433,10 @@ BuildRequires: asciidoc
Source0: linux-%{rpmversion}-%{pkgrelease}.tar.xz
 
Source9: x509.genkey
Source90000: rocky.pem
Source90000: rockylinuxsecurebootca101test.der
Source90001: rockylinuxsecurebootcert101test.der
Source90002: rockydup1.x509
Source90003: rockykpatch1.x509
 
# Name of the packaged file containing signing key
%ifarch ppc64le
......@@ -445,23 +448,27 @@ Source90000: rocky.pem
 
%if %{?released_kernel}
 
Source11: rockylinuxsecurebootca101test.der
Source13: rockylinuxsecurebootcert101test.der
 
%define secureboot_ca_0 %{SOURCE11}
%define secureboot_ca_0 %{SOURCE90000}
%ifarch x86_64 aarch64
%define secureboot_key_0 %{SOURCE13}
%define secureboot_key_0 %{SOURCE90001}
%define pesign_name_0 rockylinuxsecurebootcert101test
%endif
%ifarch s390x
%define secureboot_key_0 %{SOURCE90001}
%define pesign_name_0 rockylinuxsecurebootcert101test
%endif
%ifarch ppc64le
%define secureboot_key_0 %{SOURCE90001}
%define pesign_name_0 rockylinuxsecurebootcert101test
%endif
 
# released_kernel
%else
 
Source12: rockylinuxsecurebootca101test.der
Source14: rockylinuxsecurebootcert101test.der
 
%define secureboot_ca_0 %{SOURCE12}
%define secureboot_key_0 %{SOURCE14}
%define secureboot_ca_0 %{SOURCE90000}
%define secureboot_key_0 %{SOURCE90001}
%define pesign_name_0 rockylinuxsecurebootcert101test
 
# released_kernel
......@@ -494,8 +501,6 @@ Source43: generate_bls_conf.sh
 
Source44: mod-internal.list
 
Source100: rheldup3.x509
Source101: rhelkpatch1.x509
 
%if %{with_kabichk}
Source200: check-kabi
......@@ -1074,7 +1079,6 @@ ApplyOptionalPatch()
}
 
%setup -q -n %{name}-%{rpmversion}-%{pkgrelease} -c
cp -v %{SOURCE90000} linux-%{rpmversion}-%{pkgrelease}/certs/rhel.pem
mv linux-%{rpmversion}-%{pkgrelease} linux-%{KVERREL}
 
cd linux-%{KVERREL}
......@@ -1148,15 +1152,15 @@ done
 
# Add DUP and kpatch certificates to system trusted keys for RHEL
%if %{signkernel}%{signmodules}
openssl x509 -inform der -in %{SOURCE100} -out rheldup3.pem
openssl x509 -inform der -in %{SOURCE101} -out rhelkpatch1.pem
cat rheldup3.pem rhelkpatch1.pem > ../certs/rhel.pem
openssl x509 -inform der -in %{SOURCE90002} -out rockydup1.pem
openssl x509 -inform der -in %{SOURCE90003} -out rockylpatch1.pem
cat rockydup1.pem rockylpatch1.pem > ../certs/rocky.pem
%ifarch ppc64le
openssl x509 -inform der -in %{secureboot_ca_0} -out secureboot.pem
cat secureboot.pem >> ../certs/rhel.pem
cat secureboot.pem >> ../certs/rocky.pem
%endif
for i in *.config; do
sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS=""@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rhel.pem"@' $i
sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS=""@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rocky.pem"@' $i
done
%endif
 
......@@ -1712,8 +1716,8 @@ BuildKernel() {
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
%ifarch x86_64 aarch64
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20210428.cer
ln -s kernel-signing-ca-20210428.cer $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20210519.cer
ln -s kernel-signing-ca-20210519.cer $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
%else
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
%endif
......@@ -2594,13 +2598,22 @@ fi
#
#
%changelog
* Tue May 18 2021 Sherif Nagy <sherif@rockylinux.org> - 4.18.0-305
* Wed May 19 2021 Sherif Nagy <sherif@rockylinux.org> - 4.18.0-305
- Fixing vmlinuz removal
* Wed May 19 2021 Sherif Nagy <sherif@rockylinux.org> - 4.18.0-305
- Fixing pesign_key_name values
* Wed May 19 2021 Sherif Nagy <sherif@rockylinux.org> - 4.18.0-305
- Porting to 8.4, debranding and Rocky branding
* Wed May 19 2021 Sherif Nagy <sherif@rockylinux.org> - 4.18.0-305
- Fixing UEFI CA path
 
* Tue May 18 2021 Sherif Nagy <sherif@rockylinux.org> - 4.18.0-305
* Wed May 19 2021 Sherif Nagy <sherif@rockylinux.org> - 4.18.0-305
- Adding Rocky secure boot certs
 
* Tue May 18 2021 Louis Abel <label@rockylinux.org> - 4.18.0-305
* Wed May 19 2021 Louis Abel <label@rockylinux.org> - 4.18.0-305
- Debrand the kernel
 
* Thu Apr 29 2021 Jan Stancek <jstancek@redhat.com> [4.18.0-305.el8]
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment