Change .s.0 to .s.1 for newer kernel, and add SIG cert

This commit is contained in:
Mustafa Gezen 2023-12-21 16:45:02 +01:00
parent 90871a3baf
commit 021646197c
Signed by: mustafa
GPG Key ID: DCDF010D946438C1
5 changed files with 55 additions and 26 deletions

View File

@ -17,6 +17,7 @@ go_library(
"data/kvm_stat.logrotate",
"data/mod-denylist.sh",
"data/mod-sign.sh",
"data/rocky-sigkernel.cer",
"data/rockykpatch1.x509",
"data/x509.genkey",
"data/rockydup1.x509",

View File

@ -55,13 +55,6 @@
%global signmodules 0
%endif
### BCAT
# Further investigation is required before these features
# are enabled for the ELRepo Project kernels.
%global signkernel 0
%global signmodules 0
### BCAT
# Compress modules on all architectures that build modules.
%ifarch x86_64 || aarch64
%global zipmodules 1
@ -247,11 +240,13 @@ Source2000: cpupower.service
Source2001: cpupower.config
Source2002: kvm_stat.logrotate
Source3000: rocky-sigkernel.cer
%if %{signkernel}
%define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
%define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer
%define secureboot_key_0 %{SOURCE3000}
%define pesign_name_0 redhatsecureboot501
%define pesign_name_0 rockybootsigningsigkernelcert
%endif
%description
@ -707,6 +702,7 @@ popd > /dev/null
%install
%define __modsign_install_post \
pushd linux-%{KVERREL} > /dev/null \
if [ "%{signmodules}" -eq "1" ]; then \
if [ "%{with_std}" -ne "0" ]; then \
%{SOURCE21} certs/signing_key.pem.sign certs/signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
@ -1404,7 +1400,7 @@ fi
### BCAT
%files -n %{name}-tools-libs
%{_libdir}/libcpupower.so.0
%{_libdir}/libcpupower.so.1
%{_libdir}/libcpupower.so.0.0.1
%files -n %{name}-tools-libs-devel
@ -1488,3 +1484,7 @@ fi
%kernel_ml_variant_files %{_use_vdso} %{with_std}
%changelog
{{range $val := .Changelog}}
* {{$val.Date}} {{$val.Name}} - {{$val.Version}}-{{$val.BuildID}}
- {{$val.Text}}
{{end}}

View File

@ -0,0 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIBFTANBgkqhkiG9w0BAQsFADCB1DELMAkGA1UEBhMCVVMx
ETAPBgNVBAgMCERlbGF3YXJlMQ4wDAYDVQQHDAVEb3ZlcjEtMCsGA1UECgwkUm9j
a3kgRW50ZXJwcmlzZSBTb2Z0d2FyZSBGb3VuZGF0aW9uMSEwHwYDVQQLDBhSZWxl
YXNlIGVuZ2luZWVyaW5nIHRlYW0xKDAmBgNVBAMMH1JvY2t5IExpbnV4IFNlY3Vy
ZSBCb290IFJvb3QgQ0ExJjAkBgkqhkiG9w0BCQEWF3NlY3VyaXR5QHJvY2t5bGlu
dXgub3JnMB4XDTIzMTAxOTE5MzczNloXDTI0MTAxODE5MzczNlowgeMxCzAJBgNV
BAYTAlVTMREwDwYDVQQIDAhEZWxhd2FyZTEOMAwGA1UEBwwFRG92ZXIxLTArBgNV
BAoMJFJvY2t5IEVudGVycHJpc2UgU29mdHdhcmUgRm91bmRhdGlvbjEhMB8GA1UE
CwwYUmVsZWFzZSBlbmdpbmVlcmluZyB0ZWFtMTcwNQYDVQQDDC5Sb2NreSBMaW51
eCBLZXJuZWwgU0lHIEtlcm5lbCBTaWduaW5nIENlcnQgMTAxMSYwJAYJKoZIhvcN
AQkBFhdzZWN1cml0eUByb2NreWxpbnV4Lm9yZzCCAaIwDQYJKoZIhvcNAQEBBQAD
ggGPADCCAYoCggGBALd7czYlm7KN34SFNxIYktTHMMfw5TdOTB9tm8IDN8YVvCMP
nigAE0i+BjtgMPPd7lQPMy46ZYIqtg4/jLceQGpyjFm6UI676fTN4te7HC/nAFC0
IszCQgLgj3QAUF00+9ffjtgsU6tiX5pp246aMUAjvN8rI1bjJ+N4G9PC58D4FDRm
x6iik7IrK4fL2TUGZG24M5BiI1NsjUroNkLZ9o/iZAYTq6Ff6cAJZcXqnc+vS7ve
MiEqKpAeO4SQSnyoNzYK/ApTJB4vegfbvCPx0W00ZhNMqO73/zjXE95dbT18jZx/
b6XNhnsqODolGbK7IInNJNnkSwV7nXEC4YYfhNu4BK7v/v94xG53ruwdkKJDV/D0
fpHo0KccGr9HwgZnqVO7aQrSPuI42B7+2R6QPFYNynwVtlJ1iNyZloiyA4DgmWBg
caGhXVnJcobqw/KjBFZsmH3sYEIoUbihXHsgvFtqPs/YORrBADy5Wnt0ZGHJN9xg
yMRw1fO1Wv/17an2DQIDAQABo3gwdjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
AwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUE5nV9l42MZKa
Ujwu5B9Vg+L4eI8wHwYDVR0jBBgwFoAUTCxr19ZO6BWByrjphmYfZeIWb8QwDQYJ
KoZIhvcNAQELBQADggEBAK82djaZ4M5LOdlAE9Q6Ry2YypdmZ31c8eqpExNHxUeD
IV7KmYNByhu95bmkunAJMdnYVkCIrAgDhM3WYuzB9Fg2kgrOBW2ZNFdyn2VtayLA
ng1gFfYf22yLBhEYVwvTOmM9WxIwjoSIo9rskkFL5BKwjwPwHcoH6rw1kEqOB1TW
LStbQ6q78y3EDwEOTudO/WAjejR4d5sYil6tPtRxq6Nt0g8W9rsc8cTpKbsYBkZA
OrnmfkSprUh13BLj5fbjtQaDRsQXz9EPRIASrAT7nphPJKI8VkXHVtVDorr2VovA
MvVRhQTw4nXpYZXvFETDkwCKtumjZWbgKL8mcjUxI24=
-----END CERTIFICATE-----

View File

@ -14,7 +14,6 @@ go_library(
"//base/go/kv",
"//third_party/googleapis/google/longrunning:longrunning_go_proto",
"//tools/kernelmanager/proto/v1:pb",
"//tools/mothership/proto/v1:pb",
"//vendor/go.temporal.io/api/enums/v1:enums",
"//vendor/go.temporal.io/api/serviceerror",
"//vendor/go.temporal.io/api/workflowservice/v1:workflowservice",

View File

@ -15,20 +15,19 @@
package kernelmanager_rpc
import (
"context"
base "go.resf.org/peridot/base/go"
kernelmanagerpb "go.resf.org/peridot/tools/kernelmanager/pb"
mothershippb "go.resf.org/peridot/tools/mothership/pb"
v11 "go.temporal.io/api/enums/v1"
"go.temporal.io/api/serviceerror"
"go.temporal.io/api/workflowservice/v1"
"google.golang.org/genproto/googleapis/longrunning"
rpccode "google.golang.org/genproto/googleapis/rpc/code"
rpcstatus "google.golang.org/genproto/googleapis/rpc/status"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"google.golang.org/protobuf/types/known/anypb"
"google.golang.org/protobuf/types/known/timestamppb"
"context"
base "go.resf.org/peridot/base/go"
kernelmanagerpb "go.resf.org/peridot/tools/kernelmanager/pb"
v11 "go.temporal.io/api/enums/v1"
"go.temporal.io/api/serviceerror"
"go.temporal.io/api/workflowservice/v1"
"google.golang.org/genproto/googleapis/longrunning"
rpccode "google.golang.org/genproto/googleapis/rpc/code"
rpcstatus "google.golang.org/genproto/googleapis/rpc/status"
"google.golang.org/grpc/codes"
"google.golang.org/grpc/status"
"google.golang.org/protobuf/types/known/anypb"
"google.golang.org/protobuf/types/known/timestamppb"
)
func (s *Server) describeWorkflowToOperation(ctx context.Context, res *workflowservice.DescribeWorkflowExecutionResponse) (*longrunning.Operation, error) {
@ -75,7 +74,7 @@ func (s *Server) describeWorkflowToOperation(ctx context.Context, res *workflows
// Complete, we need to get the result using GetWorkflow
run := s.temporal.GetWorkflow(ctx, op.Name, "")
var res mothershippb.ProcessRPMResponse
var res kernelmanagerpb.TriggerKernelUpdateResponse
if err := run.Get(ctx, &res); err != nil {
return nil, err
}