From b2289143eccb46524607d6282823edb86f1d77b0 Mon Sep 17 00:00:00 2001 From: Johnny Hughes Date: May 12 2020 16:25:46 +0000 Subject: Manual CentOS Debranding --- diff --git a/SOURCES/centos-ca-secureboot.der b/SOURCES/centos-ca-secureboot.der new file mode 100644 index 0000000..44a2563 Binary files /dev/null and b/SOURCES/centos-ca-secureboot.der differ diff --git a/SOURCES/debrand-single-cpu.patch b/SOURCES/debrand-single-cpu.patch index 9d2e08b..afd0e0c 100644 --- a/SOURCES/debrand-single-cpu.patch +++ b/SOURCES/debrand-single-cpu.patch @@ -1,25 +1,12 @@ -From 66185f5c6f881847776702e3a7956c504400f4f2 Mon Sep 17 00:00:00 2001 -From: Jim Perrin -Date: Thu, 19 Jun 2014 09:53:13 -0500 -Subject: [PATCH] branding patch for single-cpu systems - ---- - arch/x86/kernel/setup.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index b289118..9d25982 100644 ---- a/arch/x86/kernel/setup.c -+++ b/arch/x86/kernel/setup.c -@@ -846,7 +846,7 @@ static void rh_check_supported(void) +diff -uNrp linux-3.10.0-957.27.2.el7.x86_64.orig/arch/x86/kernel/setup.c linux-3.10.0-957.27.2.el7.x86_64/arch/x86/kernel/setup.c +--- linux-3.10.0-957.27.2.el7.x86_64.orig/arch/x86/kernel/setup.c 2019-07-09 16:13:02.000000000 +0000 ++++ linux-3.10.0-957.27.2.el7.x86_64/arch/x86/kernel/setup.c 2019-07-29 17:32:40.018405430 +0000 +@@ -963,7 +963,7 @@ static void rh_check_supported(void) if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) && - !x86_hyper && !cpu_has_hypervisor && !is_kdump_kernel()) { + !guest && !is_kdump_kernel()) { pr_crit("Detected single cpu native boot.\n"); - pr_crit("Important: In Red Hat Enterprise Linux 7, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems."); -+ pr_crit("Important: In CentOS 7, single threaded, single CPU 64-bit physical systems are unsupported. Please see http://wiki.centos.org/FAQ for more information"); ++ pr_crit("Important: In CentOS Linux 7, single threaded, single CPU 64-bit physical systems are unsupported."); } /* The RHEL7 kernel does not support this hardware. The kernel will --- -1.8.3.1 - diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index d140aa4..966500b 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -281,7 +281,7 @@ Summary: The Linux kernel # problems with the newer kernel or lack certain things that make # integration in the distro harder than needed. # -%define package_conflicts initscripts < 7.23, udev < 063-6, iptables < 1.3.2-1, ipw2200-firmware < 2.4, iwl4965-firmware < 228.57.2, selinux-policy-targeted < 3.13.1-201, squashfs-tools < 4.0, wireless-tools < 29-3, xfsprogs < 4.3.0, kmod < 20-9, kexec-tools < 2.0.14-3 +%define package_conflicts initscripts < 7.23, udev < 063-6, iptables < 1.3.2-1, ipw2200-firmware < 2.4, iwl4965-firmware < 228.57.2, selinux-policy-targeted < 3.13.1-201, squashfs-tools < 4.0, wireless-tools < 29-3, xfsprogs < 4.3.0, kmod < 20-9, kexec-tools < 2.0.14-3, shim-x64 < 12-2 # We moved the drm include files into kernel-headers, make sure there's # a recent enough libdrm-devel on the system that doesn't have those. @@ -396,13 +396,13 @@ Source10: sign-modules Source11: x509.genkey Source12: extra_certificates %if %{?released_kernel} -Source13: centos.cer -Source14: secureboot.cer -%define pesign_name redhatsecureboot301 +Source13: centos-ca-secureboot.der +Source14: centossecureboot001.crt +%define pesign_name centossecureboot001 %else -Source13: centos.cer -Source14: secureboot.cer -%define pesign_name redhatsecureboot003 +Source13: centos-ca-secureboot.der +Source14: centossecureboot001.crt +%define pesign_name centossecureboot001 %endif Source15: centos-ldup.x509 Source16: centos-kpatch.x509 @@ -953,7 +953,7 @@ BuildKernel() { fi # EFI SecureBoot signing, x86_64-only %ifarch x86_64 - %pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE13} + %pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE14} -n %{pesign_name} mv $KernelImage.signed $KernelImage %endif $CopyKernel $KernelImage $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer