From e19e05691642395d744b10e442736e6d72970697 Mon Sep 17 00:00:00 2001 From: Carl George Date: Mar 02 2021 20:35:33 +0000 Subject: CentOS debranding and secureboot --- diff --git a/README.debrand b/README.debrand deleted file mode 100644 index 01c46d2..0000000 --- a/README.debrand +++ /dev/null @@ -1,2 +0,0 @@ -Warning: This package was configured for automatic debranding, but the changes -failed to apply. diff --git a/SOURCES/centos-ca-secureboot.der b/SOURCES/centos-ca-secureboot.der new file mode 100644 index 0000000..44a2563 Binary files /dev/null and b/SOURCES/centos-ca-secureboot.der differ diff --git a/SOURCES/centossecureboot001.der b/SOURCES/centossecureboot001.der new file mode 100644 index 0000000..e8216b1 Binary files /dev/null and b/SOURCES/centossecureboot001.der differ diff --git a/SOURCES/centossecureboot202.der b/SOURCES/centossecureboot202.der new file mode 100644 index 0000000..ab8213c Binary files /dev/null and b/SOURCES/centossecureboot202.der differ diff --git a/SOURCES/centossecurebootca2.der b/SOURCES/centossecurebootca2.der new file mode 100644 index 0000000..42bdfcf Binary files /dev/null and b/SOURCES/centossecurebootca2.der differ diff --git a/SOURCES/redhatsecureboot301.cer b/SOURCES/redhatsecureboot301.cer deleted file mode 100644 index 4ff8b79..0000000 Binary files a/SOURCES/redhatsecureboot301.cer and /dev/null differ diff --git a/SOURCES/redhatsecureboot502.cer b/SOURCES/redhatsecureboot502.cer deleted file mode 100644 index be0b5e2..0000000 Binary files a/SOURCES/redhatsecureboot502.cer and /dev/null differ diff --git a/SOURCES/redhatsecurebootca3.cer b/SOURCES/redhatsecurebootca3.cer deleted file mode 100644 index b235400..0000000 Binary files a/SOURCES/redhatsecurebootca3.cer and /dev/null differ diff --git a/SOURCES/redhatsecurebootca5.cer b/SOURCES/redhatsecurebootca5.cer deleted file mode 100644 index dfb0284..0000000 Binary files a/SOURCES/redhatsecurebootca5.cer and /dev/null differ diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec index c64e97c..d1e1aa6 100644 --- a/SPECS/grub2.spec +++ b/SPECS/grub2.spec @@ -24,10 +24,10 @@ Source6: gitignore Source8: strtoull_test.c Source9: 20-grub.install Source12: 99-grub-mkconfig.install -Source13: redhatsecurebootca3.cer -Source14: redhatsecureboot301.cer -Source15: redhatsecurebootca5.cer -Source16: redhatsecureboot502.cer +Source13: centos-ca-secureboot.der +Source14: centossecureboot001.der +Source15: centossecurebootca2.der +Source16: centossecureboot202.der Source17: sbat.csv.in %include %{SOURCE1} @@ -55,7 +55,11 @@ BuildRequires: pesign >= 0.99-8 BuildRequires: ccache %endif -ExcludeArch: s390 s390x %{arm} +%if 0%{?centos} +%global efidir centos +%endif + +ExcludeArch: s390 s390x Obsoletes: %{name} <= %{evr} %if 0%{with_legacy_arch} @@ -169,10 +173,10 @@ git commit -m "After making subdirs" %build %if 0%{with_efi_arch} -%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{SOURCE13} %{SOURCE14} redhatsecureboot301 %{SOURCE15} %{SOURCE16} redhatsecureboot502} +%{expand:%do_primary_efi_build %%{grubefiarch} %%{grubefiname} %%{grubeficdname} %%{_target_platform} %%{efi_target_cflags} %%{efi_host_cflags} %{SOURCE13} %{SOURCE14} centossecureboot001 %{SOURCE15} %{SOURCE16} centossecureboot202} %endif %if 0%{with_alt_efi_arch} -%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{SOURCE13} %{SOURCE14} redhatsecureboot301 %{SOURCE15} %{SOURCE16} redhatsecureboot502} +%{expand:%do_alt_efi_build %%{grubaltefiarch} %%{grubaltefiname} %%{grubalteficdname} %%{_alt_target_platform} %%{alt_efi_target_cflags} %%{alt_efi_host_cflags} %{SOURCE13} %{SOURCE14} centossecureboot001 %{SOURCE15} %{SOURCE16} centossecureboot202} %endif %if 0%{with_legacy_arch} %{expand:%do_legacy_build %%{grublegacyarch}} @@ -503,9 +507,6 @@ fi %endif %changelog -* Tue Mar 02 2021 CentOS Sources - 2.02-90.el8.centos.1 -- Apply debranding changes - * Thu Feb 25 2021 Javier Martinez Canillas - 2.02-90.el8_3.1 - Fix another batch of CVEs Resolves: CVE-2020-14372