From b870f95097db0d887f39c02eaff8e003b08b9253 Mon Sep 17 00:00:00 2001 From: Carl George Date: Jun 29 2021 16:11:39 +0000 Subject: CentOS debranding and secureboot --- diff --git a/README.debrand b/README.debrand deleted file mode 100644 index 01c46d2..0000000 --- a/README.debrand +++ /dev/null @@ -1,2 +0,0 @@ -Warning: This package was configured for automatic debranding, but the changes -failed to apply. diff --git a/SOURCES/centos-ca-secureboot.der b/SOURCES/centos-ca-secureboot.der new file mode 100644 index 0000000..44a2563 Binary files /dev/null and b/SOURCES/centos-ca-secureboot.der differ diff --git a/SOURCES/centos-dup.x509 b/SOURCES/centos-dup.x509 new file mode 100644 index 0000000..9c65dd3 Binary files /dev/null and b/SOURCES/centos-dup.x509 differ diff --git a/SOURCES/centos-kpatch.x509 b/SOURCES/centos-kpatch.x509 new file mode 100644 index 0000000..ca57a43 Binary files /dev/null and b/SOURCES/centos-kpatch.x509 differ diff --git a/SOURCES/centos.pem b/SOURCES/centos.pem new file mode 100644 index 0000000..82ad817 --- /dev/null +++ b/SOURCES/centos.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDgTCCAmmgAwIBAgIJALYWFXFy+zGAMA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV +BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB +FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE5MDYwMzE0MjA0MFoXDTM4MDEwMTE0 +MjA0MFowVTEvMC0GA1UEAwwmQ2VudE9TIExpbnV4IERyaXZlciB1cGRhdGUgc2ln +bmluZyBrZXkxIjAgBgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5ECuosQ4HKRRf+Kxfm+BcICBK +PGqB+E/qalqQ3CCM3LWezq0ns/GZTD0CtSAzmOObqJb3gJ9S5gcbaMVBc3JxLlQ+ +RwVy0oNy91uy9TKhYQ3lpHDyujxiFmXPSJLMKOYbOBNObJ7qF6+ptnmDWMu7GWDc +4UGdBdU/evt92LIxsi9ZQCEoZIqdyKBE/Y3V9gBZIZa/4oXMHfW9dWxhy9UszmR9 +hT7ZdgLFpWMFmJW+SS5QEWtp5CpRlcui4QJZl42bMp5JOrVWc+BlKPIsLdY8TqLp +9FdhQ5Ih4auT7zn2V89YgYpq6VMZnPsn/v5piB6i6RK8Falr6SP5SV0cwV/jAgMB +AAGjXTBbMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBQpvUwN +BtLpkRBEtdyXMwkTm1HW1TAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q6 +8zANBgkqhkiG9w0BAQsFAAOCAQEAK+f4c4aP9TQDiQM4TDyw8iDapr7eBc+Yr0M5 +ELkWEQu55/OwLQrgCA5bdD86diaAXQAlUOXCtFRrbUQHQACEL77/32YdooHfVZZ7 +04CeE+JWxF/cQ3M5hhJnkyxaqFKC+B+bn7Z6eloMnYUPsXwfQEOuyxKaKergAJdq +KnC0pEG3NGgwlwvnD0dwUqbbEUUqL3UQh96hCYDidhCUmuap1E2OGoxGex3ekszf +ErCgwVYb46cv91ba2KqXVWl1FoO3c5MyZcxL46ihQgiY0BI975+HDFjpUZ69n+Um +OhSscRUiKeEQKMVtHzyQUp5t+HCeaZBRPy3rFoIjTEqijKZ6tQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDejCCAmKgAwIBAgIJALYWFXFy+zF/MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV +BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB +FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE5MDYwMzE0MjAwMloXDTM4MDEwMTE0 +MjAwMlowTjEoMCYGA1UEAwwfQ2VudE9TIExpbnV4IGtwYXRjaCBzaWduaW5nIGtl +eTEiMCAGCSqGSIb3DQEJARYTc2VjdXJpdHlAY2VudG9zLm9yZzCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMG+5OclqB0NE5azrGkSitqUFcZjpRk/rS2P +CetB6jwxOn06TrLGzqnhcE9VBKyEs7CXBLy6lfnORcYOybcR2XvrgqGa1txOZggl +hc8zCj9X7ZCMK2UsWglxQCOtbo0m/vdor/VO3SFbrf/W9+PXhvNtcxMP9yjydbP+ +lS1St8uQv952hu7C1TevyOQN3jpvWRD7DSJIU/2uRFcdIo2QCGokuB/xESXeuGJ2 +F2P9w0h74V18AlVTxtGp/RSJqZaQ2Gi5h4Oa7UsRmhmCoLdmdBe7xnYJrJ4GhxKQ +yG0kU1ikEhZW3YjoVPgBJzTsIhCAzFrOUq0d67a1wTVMiyL60fUCAwEAAaNdMFsw +DAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFLSfCGIFkJ3E2iz6 +mTdvsZHS8J54MB8GA1UdIwQYMBaAFFTsgYWJPuka2wj3RIhUfo4/dDrzMA0GCSqG +SIb3DQEBCwUAA4IBAQBcDnjWh8Mx6yaS/OvBOYZprYy5Su0tn+YHiN0czpjVw+zl +NUt2YmRSA/g6xks04CYx+UAL/xnvRcxXd17Ni7eWiROxvgQvBo5nScVkFPq2IIP5 +8aj7LoHR1MUeXfiNqf1JoSlgpRV47wv/+jZD0hmbt1rC2NJp0ZU8OHmt2GWk0jmM +MK72D/pyCUfHetBzPpU9M0cNiukjMUdIL+U7+CXDgKsfdFHcQ76ebWyka7vRSXTs +lBMa2g20Atwz2Hj7tEEAZ74ioQ9029RAlUSNipACe31YdT4/BBWIqHPpeDFkp8W0 +9v4jeTX/2kMBXkjzMfKjhpooa+bFFFLogLeX3P4W +-----END CERTIFICATE----- diff --git a/SOURCES/centossecureboot001.der b/SOURCES/centossecureboot001.der new file mode 100644 index 0000000..e8216b1 Binary files /dev/null and b/SOURCES/centossecureboot001.der differ diff --git a/SOURCES/centossecureboot201.der b/SOURCES/centossecureboot201.der new file mode 100644 index 0000000..ca3c134 Binary files /dev/null and b/SOURCES/centossecureboot201.der differ diff --git a/SOURCES/centossecurebootca2.der b/SOURCES/centossecurebootca2.der new file mode 100644 index 0000000..42bdfcf Binary files /dev/null and b/SOURCES/centossecurebootca2.der differ diff --git a/SOURCES/debrand-rh-i686-cpu.patch b/SOURCES/debrand-rh-i686-cpu.patch new file mode 100644 index 0000000..5592a59 --- /dev/null +++ b/SOURCES/debrand-rh-i686-cpu.patch @@ -0,0 +1,11 @@ +--- a/arch/x86/boot/main.c 2019-03-13 04:04:53.000000000 -0700 ++++ b/arch/x86/boot/main.c 2019-05-25 14:31:21.043272496 -0700 +@@ -147,7 +147,7 @@ void main(void) + + /* Make sure we have all the proper CPU support */ + if (validate_cpu()) { +- puts("This processor is not supported in this version of RHEL.\n"); ++ puts("This processor is not supported in this version of CentOS Linux.\n"); + die(); + } + diff --git a/SOURCES/debrand-rh_taint.patch b/SOURCES/debrand-rh_taint.patch new file mode 100644 index 0000000..74f2e15 --- /dev/null +++ b/SOURCES/debrand-rh_taint.patch @@ -0,0 +1,81 @@ +--- a/kernel/rh_taint.c 2020-10-16 10:41:51.000000000 -0500 ++++ b/kernel/rh_taint.c 2020-11-19 10:50:24.853039167 -0600 +@@ -2,12 +2,12 @@ + #include + + /* +- * The following functions are used by Red Hat to indicate to users that +- * hardware and drivers are unsupported, or have limited support in RHEL major ++ * The following functions are used by CentOS Linux to indicate to users that ++ * hardware and drivers are unsupported, or have limited support in CentOS Linux major + * and minor releases. These functions output loud warning messages to the end + * user and should be USED WITH CAUTION. + * +- * Any use of these functions _MUST_ be documented in the RHEL Release Notes, ++ * Any use of these functions _MUST_ be documented in the CentOS Linux Release Notes, + * and have approval of management. + */ + +@@ -16,15 +16,15 @@ + * @msg: Hardware name, class, or type + * + * Called to mark a device, class of devices, or types of devices as not having +- * support in any RHEL minor release. This does not TAINT the kernel. Red Hat +- * will not fix bugs against this hardware in this minor release. Red Hat may ++ * support in any CentOS Linux minor release. This does not TAINT the kernel. CentOS Linux ++ * will not fix bugs against this hardware in this minor release. CentOS Linux may + * declare support in a future major or minor update release. This cannot be + * used to mark drivers unsupported. + */ + void mark_hardware_unsupported(const char *msg) + { + /* Print one single message */ +- pr_crit("Warning: %s - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://catalog.redhat.com for certified hardware.\n", msg); ++ pr_crit("Warning: %s - this hardware has not undergone testing by CentOS Linux and might not be certified. Please consult https://catalog.redhat.com for certified hardware.\n", msg); + } + EXPORT_SYMBOL(mark_hardware_unsupported); + +@@ -35,12 +35,12 @@ EXPORT_SYMBOL(mark_hardware_unsupported) + * Called to minimize the support status of a previously supported device in + * a minor release. This does not TAINT the kernel. Marking hardware + * deprecated is usually done in conjunction with the hardware vendor. Future +- * RHEL major releases may not include this driver. Driver updates and fixes ++ * CentOS Linux major releases may not include this driver. Driver updates and fixes + * for this device will be limited to critical issues in future minor releases. + */ + void mark_hardware_deprecated(const char *msg) + { +- pr_crit("Warning: %s - this hardware is not recommended for new deployments. It continues to be supported in this RHEL release, but it is likely to be removed in the next major release. Driver updates and fixes for this device will be limited to critical issues. Please contact Red Hat Support or your device's hardware vendor for additional information.\n", msg); ++ pr_crit("Warning: %s - this hardware is not recommended for new deployments. It continues to be supported in this CentOS Linux release, but it is likely to be removed in the next major release. Driver updates and fixes for this device will be limited to critical issues. Please contact CentOS Linux Support or your device's hardware vendor for additional information.\n", msg); + } + EXPORT_SYMBOL(mark_hardware_deprecated); + +@@ -50,9 +50,9 @@ EXPORT_SYMBOL(mark_hardware_deprecated); + * + * Called to minimize the support status of a new driver. This does TAINT the + * kernel. Calling this function indicates that the driver or subsystem has +- * had limited testing and is not marked for full support within this RHEL +- * minor release. The next RHEL minor release may contain full support for +- * this driver. Red Hat does not guarantee that bugs reported against this ++ * had limited testing and is not marked for full support within this CentOS Linux ++ * minor release. The next CentOS Linux minor release may contain full support for ++ * this driver. CentOS Linux does not guarantee that bugs reported against this + * driver or subsystem will be resolved. + */ + void mark_tech_preview(const char *msg, struct module *mod) +@@ -81,13 +81,13 @@ EXPORT_SYMBOL(mark_tech_preview); + * mark_driver_unsupported - drivers that we know we don't want to support + * @name: the name of the driver + * +- * In some cases Red Hat has chosen to build a driver for internal QE ++ * In some cases CentOS Linux has chosen to build a driver for internal QE + * use. Use this function to mark those drivers as unsupported for + * customers. + */ + void mark_driver_unsupported(const char *name) + { +- pr_crit("Warning: %s - This driver has not undergone sufficient testing by Red Hat for this release and therefore cannot be used in production systems.\n", ++ pr_crit("Warning: %s - This driver has not undergone sufficient testing by CentOS Linux for this release and therefore cannot be used in production systems.\n", + name ? name : "kernel"); + } + EXPORT_SYMBOL(mark_driver_unsupported); diff --git a/SOURCES/debrand-single-cpu.patch b/SOURCES/debrand-single-cpu.patch new file mode 100644 index 0000000..b3eed51 --- /dev/null +++ b/SOURCES/debrand-single-cpu.patch @@ -0,0 +1,11 @@ +--- a/arch/x86/kernel/setup.c 2019-03-13 04:04:53.000000000 -0700 ++++ b/arch/x86/kernel/setup.c 2019-05-27 08:35:54.580595314 -0700 +@@ -900,7 +900,7 @@ static void rh_check_supported(void) + if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) && + !guest && is_kdump_kernel()) { + pr_crit("Detected single cpu native boot.\n"); +- pr_crit("Important: In Red Hat Enterprise Linux 8, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems."); ++ pr_crit("Important: In CentOS Linux 8, single threaded, single CPU 64-bit physical systems are unsupported. Please see http://wiki.centos.org/FAQ for more information"); + } + + /* diff --git a/SOURCES/generate_bls_conf.sh b/SOURCES/generate_bls_conf.sh index f8415db..bdb52a6 100755 --- a/SOURCES/generate_bls_conf.sh +++ b/SOURCES/generate_bls_conf.sh @@ -19,7 +19,7 @@ else fi cat >${output} <