diff options
| author | Thorsten Leemhuis <fedora@leemhuis.info> | 2021-08-23 20:23:43 +0200 |
|---|---|---|
| committer | Thorsten Leemhuis <fedora@leemhuis.info> | 2021-08-23 20:23:43 +0200 |
| commit | 8634aa00a4da93f2dede7b352bde9716672b24ef (patch) | |
| tree | a0350120acc620896be5a6e3970115766769bfe2 /kernel.spec | |
| parent | 333d69ae6e07dc063c4313fadffa7ed3e2fd5d77 (diff) | |
| parent | fab840e687dce6f1dfab027f9f28af218cf67e63 (diff) | |
| download | kernel-8634aa00a4da93f2dede7b352bde9716672b24ef.tar.gz kernel-8634aa00a4da93f2dede7b352bde9716672b24ef.tar.xz kernel-8634aa00a4da93f2dede7b352bde9716672b24ef.zip | |
Merge remote-tracking branch 'origin/rawhide' into rawhide-user-thl-vanilla-fedorakernel-5.14.0-0.rc7.54.vanilla.1.fc36kernel-5.14.0-0.rc7.54.vanilla.1.fc35kernel-5.14.0-0.rc7.54.vanilla.1.fc34kernel-5.14.0-0.rc7.54.vanilla.1.fc33
Diffstat (limited to 'kernel.spec')
| -rwxr-xr-x | kernel.spec | 68 |
1 files changed, 28 insertions, 40 deletions
diff --git a/kernel.spec b/kernel.spec index 72b5c02d8..22bf0bbf9 100755 --- a/kernel.spec +++ b/kernel.spec @@ -80,7 +80,7 @@ Summary: The Linux kernel # the --with-release option overrides this setting.) %define debugbuildsenabled 1 -%global distro_build 0.rc6.20210820gitd992fe5318d8.50 +%global distro_build 0.rc7.54 %if 0%{?fedora} %define secure_boot_arch x86_64 @@ -126,13 +126,13 @@ Summary: The Linux kernel %define kversion 5.14 %define rpmversion 5.14.0 -%define pkgrelease 0.rc6.20210820gitd992fe5318d8.50 +%define pkgrelease 0.rc7.54 # This is needed to do merge window version magic %define patchlevel 14 # allow pkg_release to have configurable %%{?dist} tag -%define specrelease 0.rc6.20210820gitd992fe5318d8.50%{?buildid}%{?dist} +%define specrelease 0.rc7.54%{?buildid}%{?dist} %define pkg_release %{specrelease} @@ -673,7 +673,7 @@ BuildRequires: lld # exact git commit you can run # # xzcat -qq ${TARBALL} | git get-tar-commit-id -Source0: linux-5.14-rc6-125-gd992fe5318d8.tar.xz +Source0: linux-5.14-rc7.tar.xz Source1: Makefile.rhelver @@ -692,26 +692,21 @@ Source9: x509.genkey.fedora %if %{?released_kernel} Source10: redhatsecurebootca5.cer -Source11: redhatsecurebootca1.cer -Source12: redhatsecureboot501.cer -Source13: redhatsecureboot301.cer -Source14: secureboot_s390.cer -Source15: secureboot_ppc.cer - -%define secureboot_ca_1 %{SOURCE10} -%define secureboot_ca_0 %{SOURCE11} +Source11: redhatsecureboot501.cer +Source12: secureboot_s390.cer +Source13: secureboot_ppc.cer + +%define secureboot_ca_0 %{SOURCE10} %ifarch x86_64 aarch64 -%define secureboot_key_1 %{SOURCE12} -%define pesign_name_1 redhatsecureboot501 -%define secureboot_key_0 %{SOURCE13} -%define pesign_name_0 redhatsecureboot301 +%define secureboot_key_0 %{SOURCE11} +%define pesign_name_0 redhatsecureboot501 %endif %ifarch s390x -%define secureboot_key_0 %{SOURCE14} +%define secureboot_key_0 %{SOURCE12} %define pesign_name_0 redhatsecureboot302 %endif %ifarch ppc64le -%define secureboot_key_0 %{SOURCE15} +%define secureboot_key_0 %{SOURCE13} %define pesign_name_0 redhatsecureboot303 %endif @@ -719,16 +714,11 @@ Source15: secureboot_ppc.cer %else Source10: redhatsecurebootca4.cer -Source11: redhatsecurebootca2.cer -Source12: redhatsecureboot401.cer -Source13: redhatsecureboot003.cer - -%define secureboot_ca_1 %{SOURCE10} -%define secureboot_ca_0 %{SOURCE11} -%define secureboot_key_1 %{SOURCE12} -%define pesign_name_1 redhatsecureboot401 -%define secureboot_key_0 %{SOURCE13} -%define pesign_name_0 redhatsecureboot003 +Source11: redhatsecureboot401.cer + +%define secureboot_ca_0 %{SOURCE10} +%define secureboot_key_0 %{SOURCE11} +%define pesign_name_0 redhatsecureboot401 # released_kernel %endif @@ -1359,8 +1349,8 @@ ApplyOptionalPatch() fi } -%setup -q -n kernel-5.14-rc6-125-gd992fe5318d8 -c -mv linux-5.14-rc6-125-gd992fe5318d8 linux-%{KVERREL} +%setup -q -n kernel-5.14-rc7 -c +mv linux-5.14-rc7 linux-%{KVERREL} cd linux-%{KVERREL} # cp -a %{SOURCE1} . @@ -1632,9 +1622,7 @@ BuildKernel() { fi %ifarch x86_64 aarch64 - %pesign -s -i $SignImage -o vmlinuz.tmp -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0} - %pesign -s -i vmlinuz.tmp -o vmlinuz.signed -a %{secureboot_ca_1} -c %{secureboot_key_1} -n %{pesign_name_1} - rm vmlinuz.tmp + %pesign -s -i $SignImage -o vmlinuz.signed -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0} %endif %ifarch s390x ppc64le if [ -x /usr/bin/rpm-sign ]; then @@ -2103,13 +2091,7 @@ BuildKernel() { # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer - %ifarch x86_64 aarch64 - install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20200609.cer - install -m 0644 %{secureboot_ca_1} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20140212.cer - ln -s kernel-signing-ca-20200609.cer $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer - %else - install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer - %endif + install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer %ifarch s390x ppc64le if [ $DoModules -eq 1 ]; then if [ -x /usr/bin/rpm-sign ]; then @@ -2958,6 +2940,12 @@ fi # # %changelog +* Mon Aug 23 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.14.0-0.rc7.54] +- redhat: drop certificates that were deprecated after GRUB's BootHole flaw (Herton R. Krzesinski) [1994849] + +* Sat Aug 21 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.14.0-0.rc6.20210821gitfa54d366a6e4.51] +- More Fedora config updates (Justin M. Forbes) + * Fri Aug 20 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.14.0-0.rc6.20210820gitd992fe5318d8.50] - Fedora config updates for 5.14 (Justin M. Forbes) |