From df32f99a8ae50a981434bbc858262c81b032a151 Mon Sep 17 00:00:00 2001 From: Karanbir Singh Date: Jun 24 2014 00:19:44 +0000 Subject: Patch in CentOS SecureBoot keys --- diff --git a/SOURCES/centos.cer b/SOURCES/centos.cer new file mode 100644 index 0000000..00a5580 Binary files /dev/null and b/SOURCES/centos.cer differ diff --git a/SOURCES/secureboot.cer b/SOURCES/secureboot.cer deleted file mode 100644 index 4ff8b79..0000000 Binary files a/SOURCES/secureboot.cer and /dev/null differ diff --git a/SOURCES/securebootca.cer b/SOURCES/securebootca.cer deleted file mode 100644 index b235400..0000000 Binary files a/SOURCES/securebootca.cer and /dev/null differ diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 5e7e3c4..8f1e411 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -338,8 +338,7 @@ Source10: sign-modules %define modsign_cmd %{SOURCE10} Source11: x509.genkey Source12: extra_certificates -Source13: securebootca.cer -Source14: secureboot.cer +Source13: centos.cer Source15: rheldup3.x509 Source16: rhelkpatch1.x509 @@ -819,7 +818,7 @@ BuildKernel() { fi # EFI SecureBoot signing, x86_64-only %ifarch x86_64 - %pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE14} -n redhatsecureboot301 + %pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE13}-n redhatsecureboot301 mv $KernelImage.signed $KernelImage %endif $CopyKernel $KernelImage $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer @@ -1464,6 +1463,9 @@ fi %kernel_variant_files %{with_kdump} kdump %changelog +* Tue Jun 24 2014 Karanbir Singh [3.10.0-123.el7.centos] +- Patch in CentOS SecureBoot certs + * Mon May 05 2014 Jarod Wilson [3.10.0-123.el7] - [mm] rmap: try_to_unmap_cluster() should lock_page() before mlocking (Larry Woodman) [1078349] {CVE-2014-3122} - [mm] huge_memory: Fix cpuset cgroups so all pages for a task remain on correct node (Larry Woodman) [1076613]