From f14f7168bb20b74e88dd0ac9d2c9c4151481a312 Mon Sep 17 00:00:00 2001 From: Karanbir Singh Date: Jun 27 2014 14:21:24 +0000 Subject: roll in CentOS x509 for driver, kpatch and mod signing --- diff --git a/.gitignore b/.gitignore index 68b8f59..d8493c0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1 @@ SOURCES/linux-3.10.0-123.el7.tar.xz -SOURCES/rheldup3.x509 -SOURCES/rhelkpatch1.x509 diff --git a/.kernel.metadata b/.kernel.metadata index 696b7b1..c979551 100644 --- a/.kernel.metadata +++ b/.kernel.metadata @@ -1,3 +1 @@ a9c69f240cc89ea3c32fcb3b4a170f8d73b772fa SOURCES/linux-3.10.0-123.el7.tar.xz -95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509 -d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509 diff --git a/SOURCES/centos-kpatch.cer b/SOURCES/centos-kpatch.cer new file mode 100644 index 0000000..27ec44d Binary files /dev/null and b/SOURCES/centos-kpatch.cer differ diff --git a/SOURCES/centos-ldup.cer b/SOURCES/centos-ldup.cer new file mode 100644 index 0000000..0962d71 Binary files /dev/null and b/SOURCES/centos-ldup.cer differ diff --git a/SOURCES/x509.genkey b/SOURCES/x509.genkey index b1bbe38..d98f8fe 100644 --- a/SOURCES/x509.genkey +++ b/SOURCES/x509.genkey @@ -5,9 +5,9 @@ prompt = no x509_extensions = myexts [ req_distinguished_name ] -O = Red Hat -CN = Red Hat Enterprise Linux kernel signing key -emailAddress = secalert@redhat.com +O = CentOS +CN = CentOS Linux kernel signing key +emailAddress = security@centos.org [ myexts ] basicConstraints=critical,CA:FALSE diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index a0c09bf..7889abc 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -339,8 +339,8 @@ Source10: sign-modules Source11: x509.genkey Source12: extra_certificates Source13: centos.cer -Source15: rheldup3.x509 -Source16: rhelkpatch1.x509 +Source15: centos-ldup.cer +Source16: centos-kpatch.cer Source18: check-kabi @@ -1475,6 +1475,7 @@ fi * Tue Jun 24 2014 Karanbir Singh [3.10.0-123.el7.centos] - Patch in CentOS SecureBoot certs - Add in debranding patches +- Add in CentOS driver and kpatch certs * Mon May 05 2014 Jarod Wilson [3.10.0-123.el7] - [mm] rmap: try_to_unmap_cluster() should lock_page() before mlocking (Larry Woodman) [1078349] {CVE-2014-3122}