From c6723ce6812d821cf4d05bab1e1fc353683395f3 Mon Sep 17 00:00:00 2001 From: Louis Abel Date: Wed, 3 Apr 2024 10:14:20 -0700 Subject: [PATCH] prepare spec for sb update --- SOURCES/rockydup1-aarch64.x509 | Bin 0 -> 1303 bytes SOURCES/rockykpatch1-aarch64.x509 | Bin 0 -> 1303 bytes SPECS/rocky-release.spec | 110 +++++++++++++++++------------- 3 files changed, 64 insertions(+), 46 deletions(-) create mode 100644 SOURCES/rockydup1-aarch64.x509 create mode 100644 SOURCES/rockykpatch1-aarch64.x509 diff --git a/SOURCES/rockydup1-aarch64.x509 b/SOURCES/rockydup1-aarch64.x509 new file mode 100644 index 0000000000000000000000000000000000000000..58dc51dbe75072ad1e38fc890ec1b2d81f110768 GIT binary patch literal 1303 zcmXqLVih)MV*b5=nTe5!iBa5umyJ`a&72u@8d1sdg)pI@R71R|Ur4b==(;O^&S6caB7smUy3iqhK`NY2U%zGXKlb!~_P5&DiC0$jnE%{%`TmsnC##PqJ^M5v(P7rPy49-6 z{Z}_>Z};FbHVf=nIsdn9>%7xJKaT#(X3Q?Q=ehQJ$m^F`wML3&JCy9YGcT%`cH8f` z8uYgKu+V~kO*?KsT&SUYqJDjc#1Z4GQ(RqE9I~oZo6vh&Fy{cn5%UJ|Hl5a&8#ajZ zJz#0QW1h$rcy-4lWwn~3R<<8rCCguJFaPx4M`h=d*RDze8k#BZH(CAr)XdFR+gIw# zrqKR^$(T8LnRdj(RL;dd>%;#>ZFiq^X-e8x;j7Z>O6iws)J`!oF*7nSE>19r17|Q< zVMfOPEKCLr27JI&AHoUzR+n#fy&O4` zm&@s|cS>JrK5e`Dcf-z@$);@~(JO>ZY;%N<*v|Fw=YP+5WvWft*TMr`pI-PH->O&4 z+PKw7_OIr4w>0Ys6|-+m->qh5sTbI~NLIOdS|+RX?C`%WGuA4G$4~oqJHOLWmR;n| zQ;FS=<8z;_eEQMMdEc(yzM!m literal 0 HcmV?d00001 diff --git a/SOURCES/rockykpatch1-aarch64.x509 b/SOURCES/rockykpatch1-aarch64.x509 new file mode 100644 index 0000000000000000000000000000000000000000..b13959d12b76c0c0fa6aa96f0b8624f9d38e615a GIT binary patch literal 1303 zcmXqLVih)MV*b5=nTe5!iBZ~smyJ`a&72u@8d1sdg)pI@R71R|Ur4b==(;O^&S6caB7smUy&Z$Ku3P7hTXe1^UC1;qKXc8R=O^l0>qnnYHfw_sXpTVGsv5TpRv611Z z?zcw@YquTzqp~+((*3v-Yqj}OG})T&r&+fC@|@i#ZEbSwo~X3Kk$XG;@J*;&mN?0N zopnrrfv~BG=?@-d&+_1l%bb0d*6rTyt*DzliEZMtmPzxkoZq{Fx!{$pua=GSh1!z1 zT-j|?s&v%kXWq$~Iyd3D@X}OWcPj%PFD{nH#~K9gdbh{!OzLGweU*JTQE?5w!ioTg z*t2#O8w{BRd1hXJ?!HtiWNkyWEsK`Ioyv#7$@i=^ro~?O4ZpJ9>eaM{UFq$jeMdN! z3f5PIPcb&rXN7<-oqG5F z_xinJ4@Y&fk2`URdd=t#Qtd`>>Vrbf*(3v8faC*|!|FU}&q|J)t^rgIf9a zIOU_fA>98z_g{4Qw|t3$`Rlr7$y*1#GPjgiU)#~L|G;dfO0y-OeUfh_pYNTjSaWf* zaw_w*y^qVAthBq+7itB#ZT~Kp=A!UC=Ca|k_-n_4Zd*rWU1VZrWMEvJU=Rn+V6wuD zjQ?4f3>XaffT=>3AH-u}W@2wJkOlGiSj1RF=9Z+h{@iYM!S(l!wrg4T)AzUd8~|r8 zS!EUp1F;4XAD!&$*Zf|HHlEt?vMo(M^^sWq5#%%g%<{lAz{oK3@ix2PpC4y(OJC!4 zzRdeEn(gpDKJDuXjf^EH)yr0HUw+ze-Q~v*`um%6XA4~_6UjQVbVi}u%@BEJtLKk1 z#dRwuI=q~krn&Fj^U1s%_Onj#Ysfsb@%SaR|9|AAGKL*7^Ee*F$<3`;bv(spZ}^!V zUpF30;WwFiuzJc7p1WeVq!OH`2Cl3wHJkcj_T6$jQ&tT@#)`DrkLKK-+WKr|o&HnB zY1%T3l0D_Oef2C(J5Ezv`*5SBew_eEmF?V>eDRC!ToY>qC8Z&INSW)+>9RTW? B;FJIW literal 0 HcmV?d00001 diff --git a/SPECS/rocky-release.spec b/SPECS/rocky-release.spec index 9f5f239..18c8d6c 100644 --- a/SPECS/rocky-release.spec +++ b/SPECS/rocky-release.spec @@ -21,7 +21,7 @@ %define distro_code Blue Onyx %define major 9 %define minor 4 -%define rocky_rel 1%{?rllh:.%{rllh}}%{!?rllh:.1} +%define rocky_rel 1%{?rllh:.%{rllh}}%{!?rllh:.2} %define rpm_license BSD-3-Clause %define dist .el%{major} %define home_url https://rockylinux.org/ @@ -152,32 +152,40 @@ Source1203: rocky-devel.repo Source1300: rocky.1.gz # rocky secureboot certs placeholder (1400-1499) -Source1400: rockydup1.x509 -Source1401: rockykpatch1.x509 -Source1402: rocky-root-ca.der -# -Source1403: rocky-fwupd.cer -Source1404: rocky-grub2.cer -Source1405: rocky-kernel.cer -Source1406: rocky-shim.cer -Source1407: rocky-uki-virt.cer -Source1408: rocky-fwupd-aarch64.cer -Source1409: rocky-grub2-aarch64.cer -Source1410: rocky-kernel-aarch64.cer -Source1411: rocky-shim-aarch64.cer -Source1412: rocky-uki-virt-aarch64.cer -# all certs in DER format -Source1433: rocky-fwupd.der -Source1434: rocky-grub2.der -Source1435: rocky-kernel.der -Source1436: rocky-shim.der -Source1437: rocky-uki-virt.der -Source1438: rocky-fwupd-aarch64.der -Source1439: rocky-grub2-aarch64.der -Source1440: rocky-kernel-aarch64.der -Source1441: rocky-shim-aarch64.der -Source1442: rocky-uki-virt-aarch64.der - +# 1400 is the root +# 1401-1420 are dedicated to the kernel +# 1421-1440 is dedicated to x86_64 +# 1441-1460 is dedicated to aarch64 +Source1400: rocky-root-ca.der +Source1401: rockydup1.x509 +Source1402: rockykpatch1.x509 +Source1403: rockydup1-aarch64.x509 +Source1404: rockykpatch1-aarch64.x509 +# x86_64 +Source1421: rocky-fwupd.cer +Source1422: rocky-grub2.cer +Source1423: rocky-kernel.cer +Source1424: rocky-shim.cer +Source1425: rocky-uki-virt.cer +# x86_64 in der +Source1426: rocky-fwupd.der +Source1427: rocky-grub2.der +Source1428: rocky-kernel.der +Source1429: rocky-shim.der +Source1430: rocky-uki-virt.der +# aarch64 +Source1441: rocky-fwupd-aarch64.cer +Source1442: rocky-grub2-aarch64.cer +Source1443: rocky-kernel-aarch64.cer +Source1444: rocky-shim-aarch64.cer +Source1445: rocky-uki-virt-aarch64.cer +# aarch64 in der +Source1446: rocky-fwupd-aarch64.der +Source1447: rocky-grub2-aarch64.der +Source1448: rocky-kernel-aarch64.der +Source1449: rocky-shim-aarch64.der +Source1450: rocky-uki-virt-aarch64.der + %description %{distro_name} release files. @@ -324,32 +332,39 @@ install -d -m 0755 %{buildroot}%{_sysconfdir}/pki/sb-certs/ install -d -m 0755 %{buildroot}%{_datadir}/pki/sb-certs/ # Backported certs for now -## all cer +## root and kernel install -m 0644 %{SOURCE1400} %{buildroot}%{_datadir}/pki/sb-certs/ install -m 0644 %{SOURCE1401} %{buildroot}%{_datadir}/pki/sb-certs/ install -m 0644 %{SOURCE1402} %{buildroot}%{_datadir}/pki/sb-certs/ install -m 0644 %{SOURCE1403} %{buildroot}%{_datadir}/pki/sb-certs/ install -m 0644 %{SOURCE1404} %{buildroot}%{_datadir}/pki/sb-certs/ -install -m 0644 %{SOURCE1405} %{buildroot}%{_datadir}/pki/sb-certs/ -install -m 0644 %{SOURCE1406} %{buildroot}%{_datadir}/pki/sb-certs/ -install -m 0644 %{SOURCE1407} %{buildroot}%{_datadir}/pki/sb-certs/ -install -m 0644 %{SOURCE1408} %{buildroot}%{_datadir}/pki/sb-certs/ -install -m 0644 %{SOURCE1409} %{buildroot}%{_datadir}/pki/sb-certs/ -install -m 0644 %{SOURCE1410} %{buildroot}%{_datadir}/pki/sb-certs/ -install -m 0644 %{SOURCE1411} %{buildroot}%{_datadir}/pki/sb-certs/ -install -m 0644 %{SOURCE1412} %{buildroot}%{_datadir}/pki/sb-certs/ -## all der -install -m 0644 %{SOURCE1433} %{buildroot}%{_datadir}/pki/sb-certs/ -install -m 0644 %{SOURCE1434} %{buildroot}%{_datadir}/pki/sb-certs/ -install -m 0644 %{SOURCE1435} %{buildroot}%{_datadir}/pki/sb-certs/ -install -m 0644 %{SOURCE1436} %{buildroot}%{_datadir}/pki/sb-certs/ -install -m 0644 %{SOURCE1437} %{buildroot}%{_datadir}/pki/sb-certs/ -install -m 0644 %{SOURCE1438} %{buildroot}%{_datadir}/pki/sb-certs/ -install -m 0644 %{SOURCE1439} %{buildroot}%{_datadir}/pki/sb-certs/ -install -m 0644 %{SOURCE1440} %{buildroot}%{_datadir}/pki/sb-certs/ +## x86_64 +# cer +install -m 0644 %{SOURCE1421} %{buildroot}%{_datadir}/pki/sb-certs/ +install -m 0644 %{SOURCE1422} %{buildroot}%{_datadir}/pki/sb-certs/ +install -m 0644 %{SOURCE1423} %{buildroot}%{_datadir}/pki/sb-certs/ +install -m 0644 %{SOURCE1424} %{buildroot}%{_datadir}/pki/sb-certs/ +install -m 0644 %{SOURCE1425} %{buildroot}%{_datadir}/pki/sb-certs/ +# der +install -m 0644 %{SOURCE1426} %{buildroot}%{_datadir}/pki/sb-certs/ +install -m 0644 %{SOURCE1427} %{buildroot}%{_datadir}/pki/sb-certs/ +install -m 0644 %{SOURCE1428} %{buildroot}%{_datadir}/pki/sb-certs/ +install -m 0644 %{SOURCE1429} %{buildroot}%{_datadir}/pki/sb-certs/ +install -m 0644 %{SOURCE1430} %{buildroot}%{_datadir}/pki/sb-certs/ +## aarch64 +# cer install -m 0644 %{SOURCE1441} %{buildroot}%{_datadir}/pki/sb-certs/ install -m 0644 %{SOURCE1442} %{buildroot}%{_datadir}/pki/sb-certs/ - +install -m 0644 %{SOURCE1443} %{buildroot}%{_datadir}/pki/sb-certs/ +install -m 0644 %{SOURCE1444} %{buildroot}%{_datadir}/pki/sb-certs/ +install -m 0644 %{SOURCE1445} %{buildroot}%{_datadir}/pki/sb-certs/ +# der +install -m 0644 %{SOURCE1446} %{buildroot}%{_datadir}/pki/sb-certs/ +install -m 0644 %{SOURCE1447} %{buildroot}%{_datadir}/pki/sb-certs/ +install -m 0644 %{SOURCE1448} %{buildroot}%{_datadir}/pki/sb-certs/ +install -m 0644 %{SOURCE1449} %{buildroot}%{_datadir}/pki/sb-certs/ +install -m 0644 %{SOURCE1450} %{buildroot}%{_datadir}/pki/sb-certs/ + # Placeholders # x86_64 ln -sr %{buildroot}%{_datadir}/pki/sb-certs/rocky-root-ca.der %{buildroot}%{_datadir}/pki/sb-certs/secureboot-ca-x86_64.cer @@ -480,6 +495,9 @@ install -m 0644 %{SOURCE404} %{buildroot}/%{_prefix}/lib/sysctl.d/50-redhat.conf %{_datadir}/pki/sb-certs/* %changelog +* Wed Apr 03 2024 Louis Abel - 9.4-1.2 +- Update SB certs + * Wed Mar 27 2024 Louis Abel - 9.4-1.1 - Preparation for 9.4