diff --git a/SOURCES/90-default.preset b/SOURCES/90-default.preset index fd37daf..3ad5d81 100644 --- a/SOURCES/90-default.preset +++ b/SOURCES/90-default.preset @@ -196,3 +196,7 @@ enable iscsi.service enable iscsid.socket enable iscsiuio.socket enable iscsi-onboot.service + +# Enable preset for low-memory-monitor +# https://bugzilla.redhat.com/show_bug.cgi?id=2013299 +enable low-memory-monitor.service diff --git a/SPECS/rocky-release.spec b/SPECS/rocky-release.spec index 835ca89..7fe8873 100644 --- a/SPECS/rocky-release.spec +++ b/SPECS/rocky-release.spec @@ -88,6 +88,8 @@ Source1223: Rocky-Devel.repo Source1226: Rocky-Plus.repo Source1300: rocky.1.gz +# rocky secureboot certs placeholder + %description %{distro_name} release files. @@ -109,6 +111,14 @@ Conflicts: %{name} < 8.0 %description -n rocky-gpg-keys This package provides the RPM signature keys for Rocky. +%package -n rocky-sb-certs +Summary: %{distro_name} public secureboot certificates +Group: System Environment/Base +Provides: system-sb-certs = %{version}-%{release} + +%description -n rocky-sb-certs +This package contains the %{distro_name} secureboot public certificates. + %prep echo Good. @@ -116,10 +126,11 @@ echo Good. echo Good. %install -# copy license and contributors doc here for %%license and %%doc macros -cp %{SOURCE201} %{SOURCE202} %{SOURCE203} . +# docs dir for license and contributors +mkdir ./docs +cp %{SOURCE201} %{SOURCE202} %{SOURCE203} ./docs -# create /etc/system-release and /etc/redhat-release +# system-release install -d -m 0755 %{buildroot}%{_sysconfdir} echo "%{distro_name} release %{version} (%{distro_code})" > %{buildroot}%{_sysconfdir}/rocky-release echo "Derived from Red Hat Enterprise Linux %{version}" > %{buildroot}%{_sysconfdir}/rocky-release-upstream @@ -178,30 +189,55 @@ install -d -m 0755 %{buildroot}%{_datadir}/rocky-release ln -s rocky-release %{buildroot}%{_datadir}/redhat-release install -p -m 0644 %{SOURCE200} %{buildroot}%{_datadir}/rocky-release/ -# systemd presets +################################################################################ +# systemd section install -d -m 0755 %{buildroot}%{_prefix}/lib/systemd/system-preset/ install -d -m 0755 %{buildroot}%{_prefix}/lib/systemd/user-preset/ install -m 0644 %{SOURCE300} %{buildroot}/%{_prefix}/lib/systemd/system-preset/ install -m 0644 %{SOURCE301} %{buildroot}/%{_prefix}/lib/systemd/system-preset/ install -m 0644 %{SOURCE302} %{buildroot}/%{_prefix}/lib/systemd/system-preset/ +# same behavior for both presets +install -m 0644 %{SOURCE303} %{buildroot}/%{_prefix}/lib/systemd/system-preset/ install -m 0644 %{SOURCE303} %{buildroot}/%{_prefix}/lib/systemd/user-preset/ -install -m 0644 %{SOURCE303} %{buildroot}/%{_prefix}/lib/systemd/user-preset/ + +# systemd section +################################################################################ # sysctl presets install -d -m 0755 %{buildroot}%{_prefix}/lib/sysctl.d/ install -m 0644 %{SOURCE304} %{buildroot}/%{_prefix}/lib/sysctl.d/ -# dnf stuff -install -d -m 0755 %{buildroot}%{_sysconfdir}/dnf/vars -echo "pub/rocky" > %{buildroot}%{_sysconfdir}/dnf/vars/contentdir +################################################################################ +# start secureboot section +install -d -m 0755 %{buildroot}%{_sysconfdir}/pki/sb-certs/ +install -d -m 0755 %{buildroot}%{_datadir}/pki/sb-certs/ -# Copy out GPG keys -install -d -m 0755 %{buildroot}%{_sysconfdir}/pki/rpm-gpg -#install -p -m 0644 %{SOURCE101} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/ -install -p -m 0644 %{SOURCE102} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/ +# x86_64 +echo "placeholder" > %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-x86_64.crt -# Copy our yum repos +# aarch64 +echo "placeholder" > %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-aarch64.crt + +# ppc64le +echo "placeholder" > %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-ppc64le.crt + +# armhfp +echo "placeholder" > %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-armhfp.crt + +# s390x +echo "placeholder" > %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-s390x.crt + +# symlinks for everybody +for x in $(ls %{buildroot}%{_datadir}/pki/sb-certs); do + ln -sr %{buildroot}%{_datadir}/pki/sb-certs/${x} %{buildroot}%{_sysconfdir}/pki/sb-certs/${x} +done + +# end secureboot section +################################################################################ + +################################################################################ +# dnf repo section install -d -m 0755 %{buildroot}%{_sysconfdir}/yum.repos.d install -p -m 0644 %{SOURCE1200} %{buildroot}%{_sysconfdir}/yum.repos.d/ install -p -m 0644 %{SOURCE1201} %{buildroot}%{_sysconfdir}/yum.repos.d/ @@ -217,9 +253,21 @@ install -p -m 0644 %{SOURCE1222} %{buildroot}%{_sysconfdir}/yum.repos.d/ install -p -m 0644 %{SOURCE1223} %{buildroot}%{_sysconfdir}/yum.repos.d/ install -p -m 0644 %{SOURCE1226} %{buildroot}%{_sysconfdir}/yum.repos.d/ +# dnf stuff +install -d -m 0755 %{buildroot}%{_sysconfdir}/dnf/vars +echo "pub/rocky" > %{buildroot}%{_sysconfdir}/dnf/vars/contentdir + +# Copy out GPG keys +install -d -m 0755 %{buildroot}%{_sysconfdir}/pki/rpm-gpg +#install -p -m 0644 %{SOURCE101} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/ +install -p -m 0644 %{SOURCE102} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/ +# end dnf repo section +################################################################################ + %files -%license LICENSE -%doc Contributors COMMUNITY-CHARTER +%license docs/LICENSE +%doc docs/Contributors docs/COMMUNITY-CHARTER +%dir %{_sysconfdir}/yum.repos.d %{_sysconfdir}/redhat-release %{_sysconfdir}/centos-release %{_sysconfdir}/system-release @@ -235,6 +283,7 @@ install -p -m 0644 %{SOURCE1226} %{buildroot}%{_sysconfdir}/yum.repos.d/ %{_prefix}/lib/os-release %{_prefix}/lib/systemd/system-preset/* %{_prefix}/lib/systemd/user-preset/* +%{_prefix}/lib/sysctl.d/50-redhat.conf %{_mandir}/man1/rocky.1.gz %files -n rocky-repos @@ -245,6 +294,13 @@ install -p -m 0644 %{SOURCE1226} %{buildroot}%{_sysconfdir}/yum.repos.d/ %files -n rocky-gpg-keys %{_sysconfdir}/pki/rpm-gpg/ +%files -n rocky-sb-certs +# care: resetting symlinks is intended +%dir %{_sysconfdir}/pki/sb-certs +%dir %{_datadir}/pki/sb-certs +%{_sysconfdir}/pki/sb-certs/*.crt +%{_datadir}/pki/sb-certs/*.crt + %changelog * Tue Oct 05 2021 Louis Abel - 9.0-1 - Init for Rocky Linux 9 (Blue Onyx)