From 71536ffa39ce9569bd02812517ea2b2afb8578ad Mon Sep 17 00:00:00 2001 From: Johnny Hughes Date: Jan 10 2020 18:51:19 +0000 Subject: Manual CentOS Debranding --- diff --git a/SOURCES/x509.genkey b/SOURCES/x509.genkey index b1bbe38..d98f8fe 100644 --- a/SOURCES/x509.genkey +++ b/SOURCES/x509.genkey @@ -5,9 +5,9 @@ prompt = no x509_extensions = myexts [ req_distinguished_name ] -O = Red Hat -CN = Red Hat Enterprise Linux kernel signing key -emailAddress = secalert@redhat.com +O = CentOS +CN = CentOS Linux kernel signing key +emailAddress = security@centos.org [ myexts ] basicConstraints=critical,CA:FALSE diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 306d448..6f309f5 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -19,7 +19,7 @@ %global distro_build 168 # Sign the x86_64 kernel for secure boot authentication -%ifarch x86_64 aarch64 s390x ppc64le +%ifarch x86_64 aarch64 %global signkernel 1 %else %global signkernel 0 @@ -416,33 +416,23 @@ Source11: x509.genkey %if %{?released_kernel} -Source12: securebootca.cer -Source13: secureboot.cer -Source14: secureboot_s390.cer -Source15: secureboot_ppc.cer +Source12: centos-ca-secureboot.der +Source13: centossecureboot001.crt %define secureboot_ca %{SOURCE12} %ifarch x86_64 aarch64 %define secureboot_key %{SOURCE13} -%define pesign_name redhatsecureboot301 -%endif -%ifarch s390x -%define secureboot_key %{SOURCE14} -%define pesign_name redhatsecureboot302 -%endif -%ifarch ppc64le -%define secureboot_key %{SOURCE15} -%define pesign_name redhatsecureboot303 +%define pesign_name centossecureboot001 %endif %else # released_kernel -Source12: redhatsecurebootca2.cer -Source13: redhatsecureboot003.cer +Source12: centos-ca-secureboot.der +Source13: centossecureboot001.crt %define secureboot_ca %{SOURCE12} %define secureboot_key %{SOURCE13} -%define pesign_name redhatsecureboot003 +%define pesign_name centossecureboot001 %endif # released_kernel @@ -508,7 +498,7 @@ Patch999999: linux-kernel-test.patch BuildRoot: %{_tmppath}/%{name}-%{KVERREL}-root %description -This is the package which provides the Linux %{name} for Red Hat Enterprise +This is the package which provides the Linux %{name} for CentOS Linux. It is based on upstream Linux at version %{version} and maintains kABI compatibility of a set of approved symbols, however it is heavily modified with backports and fixes pulled from newer upstream Linux %{name} releases. This means @@ -517,7 +507,7 @@ from newer upstream linux versions, while maintaining a well tested and stable core. Some of the components/backports that may be pulled in are: changes like updates to the core kernel (eg.: scheduler, cgroups, memory management, security fixes and features), updates to block layer, supported filesystems, major driver -updates for supported hardware in Red Hat Enterprise Linux, enhancements for +updates for supported hardware in CentOS Linux, enhancements for enterprise customers, etc. # @@ -746,11 +736,11 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio %endif %package -n %{name}-abi-whitelists -Summary: The Red Hat Enterprise Linux kernel ABI symbol whitelists +Summary: The CentOS Linux kernel ABI symbol whitelists Group: System Environment/Kernel AutoReqProv: no %description -n %{name}-abi-whitelists -The kABI package contains information pertaining to the Red Hat Enterprise +The kABI package contains information pertaining to the CentOS Linux kernel ABI, including lists of kernel symbols that are needed by external Linux kernel modules, and a yum plugin to aid enforcement. @@ -760,7 +750,7 @@ Summary: The baseline dataset for kABI verification using DWARF data Group: System Environment/Kernel AutoReqProv: no %description kernel-kabidw-base-internal -The package contains data describing the current ABI of the Red Hat Enterprise +The package contains data describing the current ABI of the CentOS Linux kernel, suitable for the kabi-dw tool. %endif @@ -833,7 +823,7 @@ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ AutoReq: no\ AutoProv: yes\ %description %{?1:%{1}-}modules-internal\ -This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\ +This package provides kernel modules for the %{?2:%{2} }kernel package for CentOS internal usage.\ %{nil} #