From 150f4d6fa754dbc95e0128b7f9f92df8a27a8a89 Mon Sep 17 00:00:00 2001 From: Karanbir Singh Date: Jun 27 2014 15:21:18 +0000 Subject: Patch in CentOS SecureBoot Keys --- diff --git a/SOURCES/centos.cer b/SOURCES/centos.cer new file mode 100644 index 0000000..00a5580 Binary files /dev/null and b/SOURCES/centos.cer differ diff --git a/SOURCES/secureboot.cer b/SOURCES/secureboot.cer deleted file mode 100644 index 4ff8b79..0000000 Binary files a/SOURCES/secureboot.cer and /dev/null differ diff --git a/SOURCES/securebootca.cer b/SOURCES/securebootca.cer deleted file mode 100644 index b235400..0000000 Binary files a/SOURCES/securebootca.cer and /dev/null differ diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 20b43d9..24280b8 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -338,8 +338,7 @@ Source10: sign-modules %define modsign_cmd %{SOURCE10} Source11: x509.genkey Source12: extra_certificates -Source13: securebootca.cer -Source14: secureboot.cer +Source13: centos.cer Source15: rheldup3.x509 Source16: rhelkpatch1.x509 @@ -819,7 +818,7 @@ BuildKernel() { fi # EFI SecureBoot signing, x86_64-only %ifarch x86_64 - %pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE14} -n redhatsecureboot301 + %pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE13}-n redhatsecureboot301 mv $KernelImage.signed $KernelImage %endif $CopyKernel $KernelImage $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer @@ -1474,6 +1473,9 @@ fi %kernel_variant_files %{with_kdump} kdump %changelog +* Tue Jun 27 2014 Karanbir Singh [3.10.0-123.4.2.el7.centos] +- Patch in CentOS SecureBoot certs + * Thu Jun 05 2014 Phillip Lougher [3.10.0-123.4.2.el7] - [fs] aio: fix plug memory disclosure and fix reqs_active accounting backport (Jeff Moyer) [1094604 1094605] {CVE-2014-0206} - [fs] aio: plug memory disclosure and fix reqs_active accounting (Mateusz Guzik) [1094604 1094605] {CVE-2014-0206}