summaryrefslogtreecommitdiffstats
path: root/kernel.spec
diff options
context:
space:
mode:
Diffstat (limited to 'kernel.spec')
-rwxr-xr-xkernel.spec68
1 files changed, 28 insertions, 40 deletions
diff --git a/kernel.spec b/kernel.spec
index 72b5c02..22bf0bb 100755
--- a/kernel.spec
+++ b/kernel.spec
@@ -80,7 +80,7 @@ Summary: The Linux kernel
# the --with-release option overrides this setting.)
%define debugbuildsenabled 1
-%global distro_build 0.rc6.20210820gitd992fe5318d8.50
+%global distro_build 0.rc7.54
%if 0%{?fedora}
%define secure_boot_arch x86_64
@@ -126,13 +126,13 @@ Summary: The Linux kernel
%define kversion 5.14
%define rpmversion 5.14.0
-%define pkgrelease 0.rc6.20210820gitd992fe5318d8.50
+%define pkgrelease 0.rc7.54
# This is needed to do merge window version magic
%define patchlevel 14
# allow pkg_release to have configurable %%{?dist} tag
-%define specrelease 0.rc6.20210820gitd992fe5318d8.50%{?buildid}%{?dist}
+%define specrelease 0.rc7.54%{?buildid}%{?dist}
%define pkg_release %{specrelease}
@@ -673,7 +673,7 @@ BuildRequires: lld
# exact git commit you can run
#
# xzcat -qq ${TARBALL} | git get-tar-commit-id
-Source0: linux-5.14-rc6-125-gd992fe5318d8.tar.xz
+Source0: linux-5.14-rc7.tar.xz
Source1: Makefile.rhelver
@@ -692,26 +692,21 @@ Source9: x509.genkey.fedora
%if %{?released_kernel}
Source10: redhatsecurebootca5.cer
-Source11: redhatsecurebootca1.cer
-Source12: redhatsecureboot501.cer
-Source13: redhatsecureboot301.cer
-Source14: secureboot_s390.cer
-Source15: secureboot_ppc.cer
-
-%define secureboot_ca_1 %{SOURCE10}
-%define secureboot_ca_0 %{SOURCE11}
+Source11: redhatsecureboot501.cer
+Source12: secureboot_s390.cer
+Source13: secureboot_ppc.cer
+
+%define secureboot_ca_0 %{SOURCE10}
%ifarch x86_64 aarch64
-%define secureboot_key_1 %{SOURCE12}
-%define pesign_name_1 redhatsecureboot501
-%define secureboot_key_0 %{SOURCE13}
-%define pesign_name_0 redhatsecureboot301
+%define secureboot_key_0 %{SOURCE11}
+%define pesign_name_0 redhatsecureboot501
%endif
%ifarch s390x
-%define secureboot_key_0 %{SOURCE14}
+%define secureboot_key_0 %{SOURCE12}
%define pesign_name_0 redhatsecureboot302
%endif
%ifarch ppc64le
-%define secureboot_key_0 %{SOURCE15}
+%define secureboot_key_0 %{SOURCE13}
%define pesign_name_0 redhatsecureboot303
%endif
@@ -719,16 +714,11 @@ Source15: secureboot_ppc.cer
%else
Source10: redhatsecurebootca4.cer
-Source11: redhatsecurebootca2.cer
-Source12: redhatsecureboot401.cer
-Source13: redhatsecureboot003.cer
-
-%define secureboot_ca_1 %{SOURCE10}
-%define secureboot_ca_0 %{SOURCE11}
-%define secureboot_key_1 %{SOURCE12}
-%define pesign_name_1 redhatsecureboot401
-%define secureboot_key_0 %{SOURCE13}
-%define pesign_name_0 redhatsecureboot003
+Source11: redhatsecureboot401.cer
+
+%define secureboot_ca_0 %{SOURCE10}
+%define secureboot_key_0 %{SOURCE11}
+%define pesign_name_0 redhatsecureboot401
# released_kernel
%endif
@@ -1359,8 +1349,8 @@ ApplyOptionalPatch()
fi
}
-%setup -q -n kernel-5.14-rc6-125-gd992fe5318d8 -c
-mv linux-5.14-rc6-125-gd992fe5318d8 linux-%{KVERREL}
+%setup -q -n kernel-5.14-rc7 -c
+mv linux-5.14-rc7 linux-%{KVERREL}
cd linux-%{KVERREL}
# cp -a %{SOURCE1} .
@@ -1632,9 +1622,7 @@ BuildKernel() {
fi
%ifarch x86_64 aarch64
- %pesign -s -i $SignImage -o vmlinuz.tmp -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0}
- %pesign -s -i vmlinuz.tmp -o vmlinuz.signed -a %{secureboot_ca_1} -c %{secureboot_key_1} -n %{pesign_name_1}
- rm vmlinuz.tmp
+ %pesign -s -i $SignImage -o vmlinuz.signed -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0}
%endif
%ifarch s390x ppc64le
if [ -x /usr/bin/rpm-sign ]; then
@@ -2103,13 +2091,7 @@ BuildKernel() {
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
- %ifarch x86_64 aarch64
- install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20200609.cer
- install -m 0644 %{secureboot_ca_1} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20140212.cer
- ln -s kernel-signing-ca-20200609.cer $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
- %else
- install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
- %endif
+ install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
%ifarch s390x ppc64le
if [ $DoModules -eq 1 ]; then
if [ -x /usr/bin/rpm-sign ]; then
@@ -2958,6 +2940,12 @@ fi
#
#
%changelog
+* Mon Aug 23 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.14.0-0.rc7.54]
+- redhat: drop certificates that were deprecated after GRUB's BootHole flaw (Herton R. Krzesinski) [1994849]
+
+* Sat Aug 21 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.14.0-0.rc6.20210821gitfa54d366a6e4.51]
+- More Fedora config updates (Justin M. Forbes)
+
* Fri Aug 20 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.14.0-0.rc6.20210820gitd992fe5318d8.50]
- Fedora config updates for 5.14 (Justin M. Forbes)