diff options
| author | Josh Boyer <jwboyer@redhat.com> | 2012-03-21 15:09:49 -0400 |
|---|---|---|
| committer | Josh Boyer <jwboyer@redhat.com> | 2012-03-21 15:33:32 -0400 |
| commit | 70f8133b7196205f2d5d745d69eb8e62027ff650 (patch) | |
| tree | 0144b57e42faff73ad8aed50ec38f060ad60d7c1 /kernel.spec | |
| parent | 364473e5c59b1d2a2a8c2dd053f9a0013d37110e (diff) | |
| download | kernel-70f8133b7196205f2d5d745d69eb8e62027ff650.tar.gz kernel-70f8133b7196205f2d5d745d69eb8e62027ff650.tar.xz kernel-70f8133b7196205f2d5d745d69eb8e62027ff650.zip | |
Ship hmac file for vmlinuz for FIPS-140 (rhbz 805538)
Diffstat (limited to 'kernel.spec')
| -rw-r--r-- | kernel.spec | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/kernel.spec b/kernel.spec index 5526525a8..ecfce6ce3 100644 --- a/kernel.spec +++ b/kernel.spec @@ -529,7 +529,7 @@ ExclusiveOS: Linux # BuildRequires: module-init-tools, patch >= 2.5.4, bash >= 2.03, sh-utils, tar BuildRequires: bzip2, xz, findutils, gzip, m4, perl, make >= 3.78, diffutils, gawk -BuildRequires: gcc >= 3.4.2, binutils >= 2.12, redhat-rpm-config +BuildRequires: gcc >= 3.4.2, binutils >= 2.12, redhat-rpm-config, hmaccalc BuildRequires: net-tools BuildRequires: xmlto, asciidoc %if %{with_sparse} @@ -1665,6 +1665,11 @@ BuildKernel() { $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer chmod 755 $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer + # hmac sign the kernel for FIPS + echo "Creating hmac file: $RPM_BUILD_ROOT/%{image_install_path}/.vmlinuz-$KernelVer.hmac" + ls -l $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer + sha512hmac $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer | sed -e "s,$RPM_BUILD_ROOT,," > $RPM_BUILD_ROOT/%{image_install_path}/.vmlinuz-$KernelVer.hmac; + mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer # Override $(mod-fw) because we don't want it to install any firmware # we'll get it from the linux-firmware package and we don't want conflicts @@ -2294,6 +2299,7 @@ fi %{expand:%%files %{?2}}\ %defattr(-,root,root)\ /%{image_install_path}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?2:.%{2}}\ +/%{image_install_path}/.vmlinuz-%{KVERREL}%{?2:.%{2}}.hmac \ %attr(600,root,root) /boot/System.map-%{KVERREL}%{?2:.%{2}}\ /boot/config-%{KVERREL}%{?2:.%{2}}\ %dir /lib/modules/%{KVERREL}%{?2:.%{2}}\ @@ -2347,6 +2353,9 @@ fi # ||----w | # || || %changelog +* Wed Mar 21 2012 Josh Boyer <jwboyer@redhat.com> +- Ship hmac file for vmlinuz for FIPS-140 (rhbz 805538) + * Tue Mar 20 2012 Josh Boyer <jwboyer@redhat.com> - CVE-2012-1568: execshield: predictable ascii armour base address (rhbz 804957) - mac80211: fix possible tid_rx->reorder_timer use after free |