From 8711a2b25df666009d81a03f477e4e4f06814a44 Mon Sep 17 00:00:00 2001 From: Johnny Hughes Date: Jun 08 2023 15:31:34 +0000 Subject: Manual CentOS Debranding --- diff --git a/SOURCES/x509.genkey b/SOURCES/x509.genkey index b1bbe38..d98f8fe 100644 --- a/SOURCES/x509.genkey +++ b/SOURCES/x509.genkey @@ -5,9 +5,9 @@ prompt = no x509_extensions = myexts [ req_distinguished_name ] -O = Red Hat -CN = Red Hat Enterprise Linux kernel signing key -emailAddress = secalert@redhat.com +O = CentOS +CN = CentOS Linux kernel signing key +emailAddress = security@centos.org [ myexts ] basicConstraints=critical,CA:FALSE diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 2509e2a..b6e71a7 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -402,22 +402,22 @@ Source10: sign-modules Source11: x509.genkey Source12: extra_certificates %if %{?released_kernel} -Source13: redhatsecurebootca3.cer -Source14: redhatsecureboot301.cer -Source15: redhatsecurebootca5.cer -Source16: redhatsecureboot501.cer -%define pesign_name_0 redhatsecureboot301 -%define pesign_name_1 redhatsecureboot501 +Source13: centos-ca-secureboot.der +Source14: centossecureboot001.crt +Source15: centossecurebootca2.der +Source16: centossecureboot201.crt +%define pesign_name_0 centossecureboot001 +%define pesign_name_1 centossecureboot201 %else -Source13: redhatsecurebootca2.cer -Source14: redhatsecureboot003.cer -Source15: redhatsecurebootca4.cer -Source16: redhatsecureboot401.cer -%define pesign_name_0 redhatsecureboot003 -%define pesign_name_1 redhatsecureboot401 +Source13: centos-ca-secureboot.der +Source14: centossecureboot001.crt +Source15: centossecurebootca2.der +Source16: centossecureboot201.crt +%define pesign_name_0 centossecureboot001 +%define pesign_name_1 centossecureboot201 %endif -Source17: rheldup3.x509 -Source18: rhelkpatch1.x509 +Source17: centos-ldup.x509 +Source18: centos-kpatch.x509 Source19: check-kabi @@ -461,6 +461,9 @@ Source9999: lastcommit.stat # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch +Patch1000: debrand-single-cpu.patch +Patch1001: debrand-rh_taint.patch +Patch1002: debrand-rh-i686-cpu.patch BuildRoot: %{_tmppath}/kernel-%{KVRA}-root @@ -644,11 +647,11 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio %endif %package -n kernel-abi-whitelists -Summary: The Red Hat Enterprise Linux kernel ABI symbol whitelists +Summary: The CentOS Linux kernel ABI symbol whitelists Group: System Environment/Kernel AutoReqProv: no %description -n kernel-abi-whitelists -The kABI package contains information pertaining to the Red Hat Enterprise +The kABI package contains information pertaining to the CentOS Linux kernel ABI, including lists of kernel symbols that are needed by external Linux kernel modules, and a yum plugin to aid enforcement. @@ -658,8 +661,8 @@ Summary: The baseline dataset for kABI verification using DWARF data Group: System Environment/Kernel AutoReqProv: no %description kabidw-base -The kabidw-base package contains data describing the current ABI of the Red Hat -Enterprise Linux kernel, suitable for the kabi-dw tool. +The kabidw-base package contains data describing the current ABI of the CentOS +Linux kernel, suitable for the kabi-dw tool. %endif # @@ -801,6 +804,9 @@ cd linux-%{KVRA} cp $RPM_SOURCE_DIR/kernel-%{version}-*.config . ApplyOptionalPatch linux-kernel-test.patch +ApplyOptionalPatch debrand-single-cpu.patch +ApplyOptionalPatch debrand-rh_taint.patch +ApplyOptionalPatch debrand-rh-i686-cpu.patch # Any further pre-build tree manipulations happen here.