mirror of
https://git.rockylinux.org/staging/src/rocky-release.git
synced 2024-12-22 16:48:29 +00:00
backport sb-certs
This commit is contained in:
parent
6918d955ff
commit
abd05514c8
BIN
SOURCES/rocky-root-ca.der
Normal file
BIN
SOURCES/rocky-root-ca.der
Normal file
Binary file not shown.
BIN
SOURCES/rocky-signing.der
Normal file
BIN
SOURCES/rocky-signing.der
Normal file
Binary file not shown.
BIN
SOURCES/rockydup1.x509
Normal file
BIN
SOURCES/rockydup1.x509
Normal file
Binary file not shown.
BIN
SOURCES/rockykpatch1.x509
Normal file
BIN
SOURCES/rockykpatch1.x509
Normal file
Binary file not shown.
@ -20,8 +20,8 @@
|
||||
%define distro_code Green Obsidian
|
||||
%define major 8
|
||||
%define minor 8
|
||||
%define rocky_rel 1%{?rllh:.%{rllh}}%{!?rllh:.3}
|
||||
%define upstream_rel %{major}.%{minor}-0.1
|
||||
%define rocky_rel 1%{?rllh:.%{rllh}}%{!?rllh:.4}
|
||||
%define upstream_rel %{major}.%{minor}-0.2
|
||||
%define rpm_license BSD-3-Clause
|
||||
%define dist .el%{major}
|
||||
%define home_url https://rockylinux.org/
|
||||
@ -152,6 +152,12 @@ Source1223: Rocky-Devel.repo
|
||||
Source1226: Rocky-Plus.repo
|
||||
Source1300: rocky.1.gz
|
||||
|
||||
# rocky secureboot certs placeholder (1400-1499)
|
||||
Source1400: rockydup1.x509
|
||||
Source1401: rockykpatch1.x509
|
||||
Source1402: rocky-root-ca.der
|
||||
Source1403: rocky-signing.der
|
||||
|
||||
%description
|
||||
%{distro_name} release files.
|
||||
|
||||
@ -174,6 +180,14 @@ Conflicts: %{name} < 8.0
|
||||
%description -n rocky-gpg-keys%{?rltype}
|
||||
This package provides the RPM signature keys for Rocky.
|
||||
|
||||
%package -n rocky-sb-certs%{?rltype}
|
||||
Summary: %{distro_name} public secureboot certificates
|
||||
Group: System Environment/Base
|
||||
Provides: system-sb-certs = %{version}-%{release}
|
||||
|
||||
%description -n rocky-sb-certs%{?rltype}
|
||||
This package contains the %{distro_name} secureboot public certificates.
|
||||
|
||||
%prep
|
||||
%if %{with rllookahead} && %{with rlbeta}
|
||||
echo "!! WARNING !!"
|
||||
@ -270,21 +284,61 @@ install -d -m 0755 %{buildroot}%{_prefix}/lib/systemd/system-preset/
|
||||
install -m 0644 %{SOURCE300} %{buildroot}/%{_prefix}/lib/systemd/system-preset/
|
||||
install -m 0644 %{SOURCE301} %{buildroot}/%{_prefix}/lib/systemd/system-preset/
|
||||
install -m 0644 %{SOURCE302} %{buildroot}/%{_prefix}/lib/systemd/system-preset/
|
||||
# systemd section
|
||||
################################################################################
|
||||
|
||||
# dnf stuff
|
||||
install -d -m 0755 %{buildroot}%{_sysconfdir}/dnf/vars
|
||||
echo "%{contentdir}" > %{buildroot}%{_sysconfdir}/dnf/vars/contentdir
|
||||
echo "%{sigcontent}" > %{buildroot}%{_sysconfdir}/dnf/vars/sigcontentdir
|
||||
echo "%{?rltype}" > %{buildroot}%{_sysconfdir}/dnf/vars/rltype
|
||||
echo "%{major}-stream" > %{buildroot}%{_sysconfdir}/dnf/vars/stream
|
||||
################################################################################
|
||||
# start secureboot section
|
||||
install -d -m 0755 %{buildroot}%{_sysconfdir}/pki/sb-certs/
|
||||
install -d -m 0755 %{buildroot}%{_datadir}/pki/sb-certs/
|
||||
|
||||
# Copy out GPG keys
|
||||
install -d -m 0755 %{buildroot}%{_sysconfdir}/pki/rpm-gpg
|
||||
install -p -m 0644 %{SOURCE101} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/
|
||||
install -p -m 0644 %{SOURCE102} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/
|
||||
# Backported certs for now
|
||||
install -m 0644 %{SOURCE1400} %{buildroot}%{_datadir}/pki/sb-certs/
|
||||
install -m 0644 %{SOURCE1401} %{buildroot}%{_datadir}/pki/sb-certs/
|
||||
install -m 0644 %{SOURCE1402} %{buildroot}%{_datadir}/pki/sb-certs/
|
||||
install -m 0644 %{SOURCE1403} %{buildroot}%{_datadir}/pki/sb-certs/
|
||||
|
||||
# Placeholders
|
||||
# x86_64
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-root-ca.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-x86_64.cer
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-signing.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-x86_64.cer
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-signing.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-x86_64.cer
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-signing.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-x86_64.cer
|
||||
|
||||
# Copy our yum repos
|
||||
# aarch64
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-root-ca.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-aarch64.cer
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-signing.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-aarch64.cer
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-signing.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-aarch64.cer
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-signing.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-aarch64.cer
|
||||
|
||||
# ppc64le
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-root-ca.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-ppc64le.cer
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-signing.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-ppc64le.cer
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-signing.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-ppc64le.cer
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-signing.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-ppc64le.cer
|
||||
|
||||
# armhfp
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-root-ca.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-armhfp.cer
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-signing.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-armhfp.cer
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-signing.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-armhfp.cer
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-signing.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-armhfp.cer
|
||||
|
||||
# s390x
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-root-ca.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-s390x.cer
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-signing.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-kernel-s390x.cer
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-signing.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-grub2-s390x.cer
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-signing.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-fwupd-s390x.cer
|
||||
|
||||
# symlinks for everybody
|
||||
for x in $(ls %{buildroot}%{_datadir}/pki/sb-certs); do
|
||||
ln -sr %{buildroot}%{_datadir}/pki/sb-certs/${x} %{buildroot}%{_sysconfdir}/pki/sb-certs/${x}
|
||||
done
|
||||
|
||||
# end secureboot section
|
||||
################################################################################
|
||||
|
||||
################################################################################
|
||||
# dnf repo section
|
||||
install -d -m 0755 %{buildroot}%{_sysconfdir}/yum.repos.d
|
||||
install -p -m 0644 %{SOURCE1200} %{buildroot}%{_sysconfdir}/yum.repos.d/
|
||||
install -p -m 0644 %{SOURCE1201} %{buildroot}%{_sysconfdir}/yum.repos.d/
|
||||
@ -300,6 +354,20 @@ install -p -m 0644 %{SOURCE1222} %{buildroot}%{_sysconfdir}/yum.repos.d/
|
||||
install -p -m 0644 %{SOURCE1223} %{buildroot}%{_sysconfdir}/yum.repos.d/
|
||||
install -p -m 0644 %{SOURCE1226} %{buildroot}%{_sysconfdir}/yum.repos.d/
|
||||
|
||||
# dnf stuff
|
||||
install -d -m 0755 %{buildroot}%{_sysconfdir}/dnf/vars
|
||||
echo "%{contentdir}" > %{buildroot}%{_sysconfdir}/dnf/vars/contentdir
|
||||
echo "%{sigcontent}" > %{buildroot}%{_sysconfdir}/dnf/vars/sigcontentdir
|
||||
echo "%{?rltype}" > %{buildroot}%{_sysconfdir}/dnf/vars/rltype
|
||||
echo "%{major}-stream" > %{buildroot}%{_sysconfdir}/dnf/vars/stream
|
||||
|
||||
# Copy out GPG keys
|
||||
install -d -m 0755 %{buildroot}%{_sysconfdir}/pki/rpm-gpg
|
||||
install -p -m 0644 %{SOURCE101} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/
|
||||
install -p -m 0644 %{SOURCE102} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/
|
||||
# end dnf repo section
|
||||
################################################################################
|
||||
|
||||
%files
|
||||
%license LICENSE
|
||||
%doc Contributors COMMUNITY-CHARTER
|
||||
@ -330,7 +398,17 @@ install -p -m 0644 %{SOURCE1226} %{buildroot}%{_sysconfdir}/yum.repos.d/
|
||||
%files -n rocky-gpg-keys%{?rltype}
|
||||
%{_sysconfdir}/pki/rpm-gpg/
|
||||
|
||||
%files -n rocky-sb-certs%{?rltype}
|
||||
# care: resetting symlinks is intended
|
||||
%dir %{_sysconfdir}/pki/sb-certs
|
||||
%dir %{_datadir}/pki/sb-certs
|
||||
%{_sysconfdir}/pki/sb-certs/*
|
||||
%{_datadir}/pki/sb-certs/*
|
||||
|
||||
%changelog
|
||||
* Fri Mar 17 2023 Louis Abel <label@rockylinux.org> - 8.8-1.4
|
||||
- Backport rocky-sb-certs to Rocky Linux 8
|
||||
|
||||
* Wed Jan 01 2023 Louis Abel <label@rockylinux.org> - 8.8-1.3
|
||||
- Move macros to a proper location
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user