df32f9
Patch in CentOS SecureBoot keys
Binary file
|
Binary file
|
@@ -338,8 +338,7 @@ Source10: sign-modules
|
|
338
338
|
%define modsign_cmd %{SOURCE10}
|
339
339
|
Source11: x509.genkey
|
340
340
|
Source12: extra_certificates
|
341
|
-
Source13:
|
341
|
+
Source13: centos.cer
|
342
|
-
Source14: secureboot.cer
|
343
342
|
Source15: rheldup3.x509
|
344
343
|
Source16: rhelkpatch1.x509
|
345
344
|
|
@@ -819,7 +818,7 @@ BuildKernel() {
|
|
819
818
|
fi
|
820
819
|
# EFI SecureBoot signing, x86_64-only
|
821
820
|
%ifarch x86_64
|
822
|
-
%pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{
|
821
|
+
%pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE13}-n redhatsecureboot301
|
823
822
|
mv $KernelImage.signed $KernelImage
|
824
823
|
%endif
|
825
824
|
$CopyKernel $KernelImage $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer
|
@@ -1464,6 +1463,9 @@ fi
|
|
1464
1463
|
%kernel_variant_files %{with_kdump} kdump
|
1465
1464
|
|
1466
1465
|
%changelog
|
1466
|
+
* Tue Jun 24 2014 Karanbir Singh <kbsingh@centos.org> [3.10.0-123.el7.centos]
|
1467
|
+
- Patch in CentOS SecureBoot certs
|
1468
|
+
|
1467
1469
|
* Mon May 05 2014 Jarod Wilson <jarod@redhat.com> [3.10.0-123.el7]
|
1468
1470
|
- [mm] rmap: try_to_unmap_cluster() should lock_page() before mlocking (Larry Woodman) [1078349] {CVE-2014-3122}
|
1469
1471
|
- [mm] huge_memory: Fix cpuset cgroups so all pages for a task remain on correct node (Larry Woodman) [1076613]
|