Johnny Hughes
2018-05-19 347793a8a99b11fa730a0d47f405ff9b4215efeb
Manual CentOS Branding
2 files added
3 files modified
46 ■■■■■ changed files
SOURCES/centos-kpatch.x509 patch | view | raw | blame | history
SOURCES/centos-ldup.x509 patch | view | raw | blame | history
SOURCES/kernel-alt-4.14.0-aarch64.config 4 ●●●● patch | view | raw | blame | history
SOURCES/x509.genkey 6 ●●●● patch | view | raw | blame | history
SPECS/kernel-alt.spec 36 ●●●● patch | view | raw | blame | history
SOURCES/centos-kpatch.x509
Binary files differ
SOURCES/centos-ldup.x509
Binary files differ
SOURCES/kernel-alt-4.14.0-aarch64.config
@@ -726,10 +726,10 @@
CONFIG_CPU_FREQ_GOV_ATTR_SET=y
CONFIG_CPU_FREQ_GOV_COMMON=y
CONFIG_CPU_FREQ_STAT=y
# CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE is not set
CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y
# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set
# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set
CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND=y
# CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND is not set
# CONFIG_CPU_FREQ_DEFAULT_GOV_CONSERVATIVE is not set
# CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL is not set
CONFIG_CPU_FREQ_GOV_PERFORMANCE=y
SOURCES/x509.genkey
@@ -5,9 +5,9 @@
x509_extensions = myexts
[ req_distinguished_name ]
O = Red Hat
CN = Red Hat Enterprise Linux kernel signing key
emailAddress = secalert@redhat.com
O = CentOS
CN = CentOS Linux kernel signing key
emailAddress = security@centos.org
[ myexts ]
basicConstraints=critical,CA:FALSE
SPECS/kernel-alt.spec
@@ -320,6 +320,7 @@
BuildRequires: openssl openssl-devel
BuildRequires: hmaccalc
BuildRequires: python-devel, newt-devel, perl(ExtUtils::Embed)
BuildRequires: git
%ifarch x86_64
BuildRequires: pesign >= 0.109-4
%endif
@@ -362,12 +363,12 @@
Source14: secureboot.cer
%define pesign_name redhatsecureboot301
%else
Source13: redhatsecurebootca2.cer
Source14: redhatsecureboot003.cer
Source13: securebootca.cer
Source14: secureboot.cer
%define pesign_name redhatsecureboot003
%endif
Source15: rheldup3.x509
Source16: rhelkpatch1.x509
Source15: centos-ldup.x509
Source16: centos-kpatch.x509
Source18: check-kabi
@@ -399,6 +400,7 @@
# empty final patch to facilitate testing of kernel patches
Patch999999: linux-kernel-test.patch
BuildRoot: %{_tmppath}/%{src_pkg_name}-%{KVRA}-root
@@ -720,6 +722,17 @@
# Any further pre-build tree manipulations happen here.
if [ ! -d .git ]; then
  git init
  git config user.email "noreply@centos.org"
  git config user.name "AltArch Kernel"
  git config gc.auto 0
  git add .
  git commit -a -q -m "baseline"
fi
#Altarch patches
chmod +x scripts/checkpatch.pl
# This Prevents scripts/setlocalversion from mucking with our version numbers.
@@ -752,16 +765,16 @@
done
%endif
# Setup CONFIG_SYSTEM_TRUSTED_KEYS="certs/rhel.pem" for module signing. And make
# Setup CONFIG_SYSTEM_TRUSTED_KEYS="certs/centos.pem" for module signing. And make
# sure we create the file with certificates and copy key generation configuration
for i in *.config
do
  sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS=.*@CONFIG_SYSTEM_TRUSTED_KEYS="certs/rhel.pem"@' $i
  sed -i 's@CONFIG_SYSTEM_TRUSTED_KEYS=.*@CONFIG_SYSTEM_TRUSTED_KEYS="certs/centos.pem"@' $i
done
cp %{SOURCE11} ./certs # x509.genkey
openssl x509 -inform der -in %{_sourcedir}/rheldup3.x509 -out rheldup3.pem
openssl x509 -inform der -in %{_sourcedir}/rhelkpatch1.x509 -out rhelkpatch1.pem
cat rheldup3.pem rhelkpatch1.pem > ./certs/rhel.pem
openssl x509 -inform der -in %{_sourcedir}/centos-ldup.x509 -out centos-ldup.pem
openssl x509 -inform der -in %{_sourcedir}/centos-kpatch.x509 -out centos-kpatch.pem
cat centos-ldup.pem centos-kpatch.pem > ./certs/centos.pem
# now run oldconfig over all the config files
for i in *.config
@@ -1572,6 +1585,11 @@
%kernel_variant_files %{with_kdump} kdump
%changelog
* Sat May 19 2018 Johnny Hughes <johnny@centos.org> [4.14.0-49.2.2.el7a]
- Rolled in CentOS certificates and signed modules with a CentOS certificate.
- Turned off CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND and turned on CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE
- added git as buildrequirement to do patches (if/when required)
* Fri Apr 27 2018 Frantisek Hrbata <fhrbata@hrbata.com> [4.14.0-49.2.2.el7a]
- [perf] hwbp: Simplify the perf-hwbp code, fix documentation (Eugene Syromiatnikov) [1569877 1569875] {CVE-2018-1000199}