pool/kernel-source
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

commit 31c3eb05148afc6a33f31fea09ea99e1f9cd9bd6

Browse Source 
OBS-URL: https://build.opensuse.org/package/show/Kernel:HEAD/kernel-source?expand=0&rev=7493
This commit is contained in:
Michal Marek 2013-03-29 07:03:08 +00:00 committed by Git OBS Bridge
parent 46e6139177
commit 1dce566b98
30 changed files with 973 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
kernel-binary.spec.in
View File

@ -481,6 +481,24 @@ add_vmlinux()
# end of build_kdump
%endif
# Package the compiled-in certificates as DER files in /etc/uefi/certs
# and have mokutil enroll them when the kernel is installed
certs=()
if test %CONFIG_MODULE_SIG = "y"; then
for f in *.x509; do
if ! test -s "$f"; then
continue
fi
h=$(openssl x509 -inform DER -fingerprint -noout -in "$f")
test -n "$h"
cert=/etc/uefi/certs/$(echo "$h" | \
sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
mkdir -p %buildroot/etc/uefi/certs
cp "$f" %buildroot/"$cert"
certs=("${certs[@]}" "$cert")
done
fi
for sub in '-base' '' '-extra'; do
case "$sub" in
'-base' | '') base_package=1 ;;
@ -497,6 +515,18 @@ for sub in '-base' '' '-extra'; do
-e "s:@CPU_ARCH_FLAVOR@:%cpu_arch_flavor:g" \
-e "s:@SRCVARIANT@:%variant:g" \
%_sourcedir/$script.sh > %my_builddir/$script$sub.sh
if test "$base_package" -eq 0 -o "${#certs[@]}" -eq 0; then
continue
fi
case "$script" in
preun | postun | post)
;;
*)
continue
esac
# Copy the respective scriptlet from kernel-cert-subpackage
sed "1,/^%%$script / d; /^%%[^%%]/,\$ d; s:@CERTS@:${certs[*]}:g" \
%_sourcedir/kernel-cert-subpackage >>"%my_builddir/$script$sub.sh"
done
done
@ -697,6 +727,9 @@ done
-o -name '*.ko' -prune -o -printf '/%%p\n'
cat %my_builddir/base-modules
fi
if test %CONFIG_MODULE_SIG = "y"; then
find etc/uefi/certs -type f -printf '/%%p\n'
fi
test -d lib/firmware/%kernelrelease-%build_flavor && \
find lib/firmware/%kernelrelease-%build_flavor \
-type d -o \

49
kernel-cert-subpackage Normal file
View File

@ -0,0 +1,49 @@
%package -n %{-n*}-ueficert
Summary: UEFI Secure Boot Certificate For Package %{-n*}-kmp
Group: System/Kernel
%description -n %{-n*}-ueficert
This package contains the UEFI Secure Boot certificate used to sign
modules in the %{-n*}-kmp packages.
# The scriptlets are reused in kernel-binary.spec.in by a sed script that
# stops at the next line that starts with a percent sign
%post -n %{-n*}-ueficert
# Make the -cert subpackage scriptlets non-fatal and verbose in the
# Beta phase
set -x +e
if ! command -v mokutil >/dev/null; then
exit 0
fi
# XXX: Only call mokutil if UEFI and shim are used
for cert in @CERTS@; do
mokutil --import "$cert" --root-pw
done
exit 0
%preun -n %{-n*}-ueficert
set -x +e
if ! command -v mokutil >/dev/null; then
exit 0
fi
for cert in @CERTS@; do
ln "$cert" "$cert.delete"
done
exit 0
%postun -n %{-n*}-ueficert
set -x +e
if ! command -v mokutil >/dev/null; then
exit 0
fi
for cert in @CERTS@; do
if ! test -e "$cert"; then
mokutil --delete "$cert.delete" --root-pw
fi
rm "$cert.delete"
done
exit 0
%files -n %{-n*}-ueficert
%defattr(-, root, root)
%dir /etc/uefi
/etc/uefi/certs

40
kernel-cubox.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Mar 27 22:11:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Fix description and summary.
- commit a4cd5e1
-------------------------------------------------------------------
Tue Mar 26 12:35:11 CET 2013 - agraf@suse.de
@ -39,6 +45,26 @@ Mon Mar 18 16:38:35 CET 2013 - jeffm@suse.com
that. DMRAID45 and Rich ACLs also needed updating.
- commit 228c5dd
-------------------------------------------------------------------
Mon Mar 18 10:14:30 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Fix sed command with multiple certificates
- commit 59405a2
-------------------------------------------------------------------
Fri Mar 15 16:10:07 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Install the used certificates below
/etc/uefi/certs (fate#314507).
- commit 19b4300
-------------------------------------------------------------------
Fri Mar 15 15:34:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Make the template work with multiple
certificates.
- commit 3bf5898
-------------------------------------------------------------------
Thu Mar 14 17:22:32 CET 2013 - jeffm@suse.com
@ -108,6 +134,20 @@ Mon Mar 11 11:57:40 CET 2013 - rw@suse.de
(fate#314095, bnc#807237)
- commit 09836cb
-------------------------------------------------------------------
Sun Mar 10 22:47:15 CET 2013 - mmarek@suse.cz
- KMP: Add -c <cert> option to the %kernel_module_package macro
This produces an -ueficert subpackage that imports the certificate into
the MokList when installed (fate#314511)
- commit d8f177c
-------------------------------------------------------------------
Fri Mar 8 11:16:27 CET 2013 - mmarek@suse.cz
- KMP: Add the -kmp suffix inside the subpackage definition
- commit 7c6395d
-------------------------------------------------------------------
Tue Mar 5 21:44:13 CET 2013 - mmarek@suse.cz

34
kernel-cubox.spec
View File

@ -178,6 +178,7 @@ Source53: kernel-source.spec.in
Source54: kernel-binary.spec.in
Source55: kernel-syms.spec.in
Source56: kernel-docs.spec.in
Source57: kernel-cert-subpackage
Source60: config.sh
Source61: compute-PATCHVERSION.sh
Source62: old-packages.conf
@ -557,6 +558,24 @@ add_vmlinux()
# end of build_kdump
%endif
# Package the compiled-in certificates as DER files in /etc/uefi/certs
# and have mokutil enroll them when the kernel is installed
certs=()
if test %CONFIG_MODULE_SIG = "y"; then
for f in *.x509; do
if ! test -s "$f"; then
continue
fi
h=$(openssl x509 -inform DER -fingerprint -noout -in "$f")
test -n "$h"
cert=/etc/uefi/certs/$(echo "$h" | \
sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
mkdir -p %buildroot/etc/uefi/certs
cp "$f" %buildroot/"$cert"
certs=("${certs[@]}" "$cert")
done
fi
for sub in '-base' '' '-extra'; do
case "$sub" in
'-base' | '') base_package=1 ;;
@ -573,6 +592,18 @@ for sub in '-base' '' '-extra'; do
-e "s:@CPU_ARCH_FLAVOR@:%cpu_arch_flavor:g" \
-e "s:@SRCVARIANT@:%variant:g" \
%_sourcedir/$script.sh > %my_builddir/$script$sub.sh
if test "$base_package" -eq 0 -o "${#certs[@]}" -eq 0; then
continue
fi
case "$script" in
preun | postun | post)
;;
*)
continue
esac
# Copy the respective scriptlet from kernel-cert-subpackage
sed "1,/^%%$script / d; /^%%[^%%]/,\$ d; s:@CERTS@:${certs[*]}:g" \
%_sourcedir/kernel-cert-subpackage >>"%my_builddir/$script$sub.sh"
done
done
@ -773,6 +804,9 @@ done
-o -name '*.ko' -prune -o -printf '/%%p\n'
cat %my_builddir/base-modules
fi
if test %CONFIG_MODULE_SIG = "y"; then
find etc/uefi/certs -type f -printf '/%%p\n'
fi
test -d lib/firmware/%kernelrelease-%build_flavor && \
find lib/firmware/%kernelrelease-%build_flavor \
-type d -o \

40
kernel-debug.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Mar 27 22:11:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Fix description and summary.
- commit a4cd5e1
-------------------------------------------------------------------
Tue Mar 26 12:35:11 CET 2013 - agraf@suse.de
@ -39,6 +45,26 @@ Mon Mar 18 16:38:35 CET 2013 - jeffm@suse.com
that. DMRAID45 and Rich ACLs also needed updating.
- commit 228c5dd
-------------------------------------------------------------------
Mon Mar 18 10:14:30 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Fix sed command with multiple certificates
- commit 59405a2
-------------------------------------------------------------------
Fri Mar 15 16:10:07 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Install the used certificates below
/etc/uefi/certs (fate#314507).
- commit 19b4300
-------------------------------------------------------------------
Fri Mar 15 15:34:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Make the template work with multiple
certificates.
- commit 3bf5898
-------------------------------------------------------------------
Thu Mar 14 17:22:32 CET 2013 - jeffm@suse.com
@ -108,6 +134,20 @@ Mon Mar 11 11:57:40 CET 2013 - rw@suse.de
(fate#314095, bnc#807237)
- commit 09836cb
-------------------------------------------------------------------
Sun Mar 10 22:47:15 CET 2013 - mmarek@suse.cz
- KMP: Add -c <cert> option to the %kernel_module_package macro
This produces an -ueficert subpackage that imports the certificate into
the MokList when installed (fate#314511)
- commit d8f177c
-------------------------------------------------------------------
Fri Mar 8 11:16:27 CET 2013 - mmarek@suse.cz
- KMP: Add the -kmp suffix inside the subpackage definition
- commit 7c6395d
-------------------------------------------------------------------
Tue Mar 5 21:44:13 CET 2013 - mmarek@suse.cz

34
kernel-debug.spec
View File

@ -181,6 +181,7 @@ Source53: kernel-source.spec.in
Source54: kernel-binary.spec.in
Source55: kernel-syms.spec.in
Source56: kernel-docs.spec.in
Source57: kernel-cert-subpackage
Source60: config.sh
Source61: compute-PATCHVERSION.sh
Source62: old-packages.conf
@ -560,6 +561,24 @@ add_vmlinux()
# end of build_kdump
%endif
# Package the compiled-in certificates as DER files in /etc/uefi/certs
# and have mokutil enroll them when the kernel is installed
certs=()
if test %CONFIG_MODULE_SIG = "y"; then
for f in *.x509; do
if ! test -s "$f"; then
continue
fi
h=$(openssl x509 -inform DER -fingerprint -noout -in "$f")
test -n "$h"
cert=/etc/uefi/certs/$(echo "$h" | \
sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
mkdir -p %buildroot/etc/uefi/certs
cp "$f" %buildroot/"$cert"
certs=("${certs[@]}" "$cert")
done
fi
for sub in '-base' '' '-extra'; do
case "$sub" in
'-base' | '') base_package=1 ;;
@ -576,6 +595,18 @@ for sub in '-base' '' '-extra'; do
-e "s:@CPU_ARCH_FLAVOR@:%cpu_arch_flavor:g" \
-e "s:@SRCVARIANT@:%variant:g" \
%_sourcedir/$script.sh > %my_builddir/$script$sub.sh
if test "$base_package" -eq 0 -o "${#certs[@]}" -eq 0; then
continue
fi
case "$script" in
preun | postun | post)
;;
*)
continue
esac
# Copy the respective scriptlet from kernel-cert-subpackage
sed "1,/^%%$script / d; /^%%[^%%]/,\$ d; s:@CERTS@:${certs[*]}:g" \
%_sourcedir/kernel-cert-subpackage >>"%my_builddir/$script$sub.sh"
done
done
@ -776,6 +807,9 @@ done
-o -name '*.ko' -prune -o -printf '/%%p\n'
cat %my_builddir/base-modules
fi
if test %CONFIG_MODULE_SIG = "y"; then
find etc/uefi/certs -type f -printf '/%%p\n'
fi
test -d lib/firmware/%kernelrelease-%build_flavor && \
find lib/firmware/%kernelrelease-%build_flavor \
-type d -o \

40
kernel-default.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Mar 27 22:11:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Fix description and summary.
- commit a4cd5e1
-------------------------------------------------------------------
Tue Mar 26 12:35:11 CET 2013 - agraf@suse.de
@ -39,6 +45,26 @@ Mon Mar 18 16:38:35 CET 2013 - jeffm@suse.com
that. DMRAID45 and Rich ACLs also needed updating.
- commit 228c5dd
-------------------------------------------------------------------
Mon Mar 18 10:14:30 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Fix sed command with multiple certificates
- commit 59405a2
-------------------------------------------------------------------
Fri Mar 15 16:10:07 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Install the used certificates below
/etc/uefi/certs (fate#314507).
- commit 19b4300
-------------------------------------------------------------------
Fri Mar 15 15:34:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Make the template work with multiple
certificates.
- commit 3bf5898
-------------------------------------------------------------------
Thu Mar 14 17:22:32 CET 2013 - jeffm@suse.com
@ -108,6 +134,20 @@ Mon Mar 11 11:57:40 CET 2013 - rw@suse.de
(fate#314095, bnc#807237)
- commit 09836cb
-------------------------------------------------------------------
Sun Mar 10 22:47:15 CET 2013 - mmarek@suse.cz
- KMP: Add -c <cert> option to the %kernel_module_package macro
This produces an -ueficert subpackage that imports the certificate into
the MokList when installed (fate#314511)
- commit d8f177c
-------------------------------------------------------------------
Fri Mar 8 11:16:27 CET 2013 - mmarek@suse.cz
- KMP: Add the -kmp suffix inside the subpackage definition
- commit 7c6395d
-------------------------------------------------------------------
Tue Mar 5 21:44:13 CET 2013 - mmarek@suse.cz

34
kernel-default.spec
View File

@ -197,6 +197,7 @@ Source53: kernel-source.spec.in
Source54: kernel-binary.spec.in
Source55: kernel-syms.spec.in
Source56: kernel-docs.spec.in
Source57: kernel-cert-subpackage
Source60: config.sh
Source61: compute-PATCHVERSION.sh
Source62: old-packages.conf
@ -575,6 +576,24 @@ add_vmlinux()
# end of build_kdump
%endif
# Package the compiled-in certificates as DER files in /etc/uefi/certs
# and have mokutil enroll them when the kernel is installed
certs=()
if test %CONFIG_MODULE_SIG = "y"; then
for f in *.x509; do
if ! test -s "$f"; then
continue
fi
h=$(openssl x509 -inform DER -fingerprint -noout -in "$f")
test -n "$h"
cert=/etc/uefi/certs/$(echo "$h" | \
sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
mkdir -p %buildroot/etc/uefi/certs
cp "$f" %buildroot/"$cert"
certs=("${certs[@]}" "$cert")
done
fi
for sub in '-base' '' '-extra'; do
case "$sub" in
'-base' | '') base_package=1 ;;
@ -591,6 +610,18 @@ for sub in '-base' '' '-extra'; do
-e "s:@CPU_ARCH_FLAVOR@:%cpu_arch_flavor:g" \
-e "s:@SRCVARIANT@:%variant:g" \
%_sourcedir/$script.sh > %my_builddir/$script$sub.sh
if test "$base_package" -eq 0 -o "${#certs[@]}" -eq 0; then
continue
fi
case "$script" in
preun | postun | post)
;;
*)
continue
esac
# Copy the respective scriptlet from kernel-cert-subpackage
sed "1,/^%%$script / d; /^%%[^%%]/,\$ d; s:@CERTS@:${certs[*]}:g" \
%_sourcedir/kernel-cert-subpackage >>"%my_builddir/$script$sub.sh"
done
done
@ -791,6 +822,9 @@ done
-o -name '*.ko' -prune -o -printf '/%%p\n'
cat %my_builddir/base-modules
fi
if test %CONFIG_MODULE_SIG = "y"; then
find etc/uefi/certs -type f -printf '/%%p\n'
fi
test -d lib/firmware/%kernelrelease-%build_flavor && \
find lib/firmware/%kernelrelease-%build_flavor \
-type d -o \

40
kernel-desktop.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Mar 27 22:11:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Fix description and summary.
- commit a4cd5e1
-------------------------------------------------------------------
Tue Mar 26 12:35:11 CET 2013 - agraf@suse.de
@ -39,6 +45,26 @@ Mon Mar 18 16:38:35 CET 2013 - jeffm@suse.com
that. DMRAID45 and Rich ACLs also needed updating.
- commit 228c5dd
-------------------------------------------------------------------
Mon Mar 18 10:14:30 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Fix sed command with multiple certificates
- commit 59405a2
-------------------------------------------------------------------
Fri Mar 15 16:10:07 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Install the used certificates below
/etc/uefi/certs (fate#314507).
- commit 19b4300
-------------------------------------------------------------------
Fri Mar 15 15:34:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Make the template work with multiple
certificates.
- commit 3bf5898
-------------------------------------------------------------------
Thu Mar 14 17:22:32 CET 2013 - jeffm@suse.com
@ -108,6 +134,20 @@ Mon Mar 11 11:57:40 CET 2013 - rw@suse.de
(fate#314095, bnc#807237)
- commit 09836cb
-------------------------------------------------------------------
Sun Mar 10 22:47:15 CET 2013 - mmarek@suse.cz
- KMP: Add -c <cert> option to the %kernel_module_package macro
This produces an -ueficert subpackage that imports the certificate into
the MokList when installed (fate#314511)
- commit d8f177c
-------------------------------------------------------------------
Fri Mar 8 11:16:27 CET 2013 - mmarek@suse.cz
- KMP: Add the -kmp suffix inside the subpackage definition
- commit 7c6395d
-------------------------------------------------------------------
Tue Mar 5 21:44:13 CET 2013 - mmarek@suse.cz

34
kernel-desktop.spec
View File

@ -178,6 +178,7 @@ Source53: kernel-source.spec.in
Source54: kernel-binary.spec.in
Source55: kernel-syms.spec.in
Source56: kernel-docs.spec.in
Source57: kernel-cert-subpackage
Source60: config.sh
Source61: compute-PATCHVERSION.sh
Source62: old-packages.conf
@ -569,6 +570,24 @@ add_vmlinux()
# end of build_kdump
%endif
# Package the compiled-in certificates as DER files in /etc/uefi/certs
# and have mokutil enroll them when the kernel is installed
certs=()
if test %CONFIG_MODULE_SIG = "y"; then
for f in *.x509; do
if ! test -s "$f"; then
continue
fi
h=$(openssl x509 -inform DER -fingerprint -noout -in "$f")
test -n "$h"
cert=/etc/uefi/certs/$(echo "$h" | \
sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
mkdir -p %buildroot/etc/uefi/certs
cp "$f" %buildroot/"$cert"
certs=("${certs[@]}" "$cert")
done
fi
for sub in '-base' '' '-extra'; do
case "$sub" in
'-base' | '') base_package=1 ;;
@ -585,6 +604,18 @@ for sub in '-base' '' '-extra'; do
-e "s:@CPU_ARCH_FLAVOR@:%cpu_arch_flavor:g" \
-e "s:@SRCVARIANT@:%variant:g" \
%_sourcedir/$script.sh > %my_builddir/$script$sub.sh
if test "$base_package" -eq 0 -o "${#certs[@]}" -eq 0; then
continue
fi
case "$script" in
preun | postun | post)
;;
*)
continue
esac
# Copy the respective scriptlet from kernel-cert-subpackage
sed "1,/^%%$script / d; /^%%[^%%]/,\$ d; s:@CERTS@:${certs[*]}:g" \
%_sourcedir/kernel-cert-subpackage >>"%my_builddir/$script$sub.sh"
done
done
@ -785,6 +816,9 @@ done
-o -name '*.ko' -prune -o -printf '/%%p\n'
cat %my_builddir/base-modules
fi
if test %CONFIG_MODULE_SIG = "y"; then
find etc/uefi/certs -type f -printf '/%%p\n'
fi
test -d lib/firmware/%kernelrelease-%build_flavor && \
find lib/firmware/%kernelrelease-%build_flavor \
-type d -o \

40
kernel-docs.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Mar 27 22:11:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Fix description and summary.
- commit a4cd5e1
-------------------------------------------------------------------
Tue Mar 26 12:35:11 CET 2013 - agraf@suse.de
@ -39,6 +45,26 @@ Mon Mar 18 16:38:35 CET 2013 - jeffm@suse.com
that. DMRAID45 and Rich ACLs also needed updating.
- commit 228c5dd
-------------------------------------------------------------------
Mon Mar 18 10:14:30 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Fix sed command with multiple certificates
- commit 59405a2
-------------------------------------------------------------------
Fri Mar 15 16:10:07 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Install the used certificates below
/etc/uefi/certs (fate#314507).
- commit 19b4300
-------------------------------------------------------------------
Fri Mar 15 15:34:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Make the template work with multiple
certificates.
- commit 3bf5898
-------------------------------------------------------------------
Thu Mar 14 17:22:32 CET 2013 - jeffm@suse.com
@ -108,6 +134,20 @@ Mon Mar 11 11:57:40 CET 2013 - rw@suse.de
(fate#314095, bnc#807237)
- commit 09836cb
-------------------------------------------------------------------
Sun Mar 10 22:47:15 CET 2013 - mmarek@suse.cz
- KMP: Add -c <cert> option to the %kernel_module_package macro
This produces an -ueficert subpackage that imports the certificate into
the MokList when installed (fate#314511)
- commit d8f177c
-------------------------------------------------------------------
Fri Mar 8 11:16:27 CET 2013 - mmarek@suse.cz
- KMP: Add the -kmp suffix inside the subpackage definition
- commit 7c6395d
-------------------------------------------------------------------
Tue Mar 5 21:44:13 CET 2013 - mmarek@suse.cz

40
kernel-exynos.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Mar 27 22:11:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Fix description and summary.
- commit a4cd5e1
-------------------------------------------------------------------
Tue Mar 26 12:35:11 CET 2013 - agraf@suse.de
@ -39,6 +45,26 @@ Mon Mar 18 16:38:35 CET 2013 - jeffm@suse.com
that. DMRAID45 and Rich ACLs also needed updating.
- commit 228c5dd
-------------------------------------------------------------------
Mon Mar 18 10:14:30 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Fix sed command with multiple certificates
- commit 59405a2
-------------------------------------------------------------------
Fri Mar 15 16:10:07 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Install the used certificates below
/etc/uefi/certs (fate#314507).
- commit 19b4300
-------------------------------------------------------------------
Fri Mar 15 15:34:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Make the template work with multiple
certificates.
- commit 3bf5898
-------------------------------------------------------------------
Thu Mar 14 17:22:32 CET 2013 - jeffm@suse.com
@ -108,6 +134,20 @@ Mon Mar 11 11:57:40 CET 2013 - rw@suse.de
(fate#314095, bnc#807237)
- commit 09836cb
-------------------------------------------------------------------
Sun Mar 10 22:47:15 CET 2013 - mmarek@suse.cz
- KMP: Add -c <cert> option to the %kernel_module_package macro
This produces an -ueficert subpackage that imports the certificate into
the MokList when installed (fate#314511)
- commit d8f177c
-------------------------------------------------------------------
Fri Mar 8 11:16:27 CET 2013 - mmarek@suse.cz
- KMP: Add the -kmp suffix inside the subpackage definition
- commit 7c6395d
-------------------------------------------------------------------
Tue Mar 5 21:44:13 CET 2013 - mmarek@suse.cz

34
kernel-exynos.spec
View File

@ -178,6 +178,7 @@ Source53: kernel-source.spec.in
Source54: kernel-binary.spec.in
Source55: kernel-syms.spec.in
Source56: kernel-docs.spec.in
Source57: kernel-cert-subpackage
Source60: config.sh
Source61: compute-PATCHVERSION.sh
Source62: old-packages.conf
@ -556,6 +557,24 @@ add_vmlinux()
# end of build_kdump
%endif
# Package the compiled-in certificates as DER files in /etc/uefi/certs
# and have mokutil enroll them when the kernel is installed
certs=()
if test %CONFIG_MODULE_SIG = "y"; then
for f in *.x509; do
if ! test -s "$f"; then
continue
fi
h=$(openssl x509 -inform DER -fingerprint -noout -in "$f")
test -n "$h"
cert=/etc/uefi/certs/$(echo "$h" | \
sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
mkdir -p %buildroot/etc/uefi/certs
cp "$f" %buildroot/"$cert"
certs=("${certs[@]}" "$cert")
done
fi
for sub in '-base' '' '-extra'; do
case "$sub" in
'-base' | '') base_package=1 ;;
@ -572,6 +591,18 @@ for sub in '-base' '' '-extra'; do
-e "s:@CPU_ARCH_FLAVOR@:%cpu_arch_flavor:g" \
-e "s:@SRCVARIANT@:%variant:g" \
%_sourcedir/$script.sh > %my_builddir/$script$sub.sh
if test "$base_package" -eq 0 -o "${#certs[@]}" -eq 0; then
continue
fi
case "$script" in
preun | postun | post)
;;
*)
continue
esac
# Copy the respective scriptlet from kernel-cert-subpackage
sed "1,/^%%$script / d; /^%%[^%%]/,\$ d; s:@CERTS@:${certs[*]}:g" \
%_sourcedir/kernel-cert-subpackage >>"%my_builddir/$script$sub.sh"
done
done
@ -772,6 +803,9 @@ done
-o -name '*.ko' -prune -o -printf '/%%p\n'
cat %my_builddir/base-modules
fi
if test %CONFIG_MODULE_SIG = "y"; then
find etc/uefi/certs -type f -printf '/%%p\n'
fi
test -d lib/firmware/%kernelrelease-%build_flavor && \
find lib/firmware/%kernelrelease-%build_flavor \
-type d -o \

23
kernel-module-subpackage
View File

@ -1,4 +1,4 @@
%package -n %{-n*}-%1
%package -n %{-n*}-kmp-%1
%define _this_kmp_version %{-v*}_k%(echo %2 | sed -r 'y/-/_/; s/^(2\.6\.[0-9]+)_/\\1.0_/; # use 2.6.x.0 for mainline kernels')
Version: %_this_kmp_version
Release: %{-r*}
@ -20,14 +20,15 @@ END { print tags["summary"]
print tags["group"] }
' $spec
)
Provides: %{-n*} = %_this_kmp_version
Provides: %{-n*} = %{-v*}
Provides: %{-n*}-kmp = %_this_kmp_version
Provides: %{-n*}-kmp = %{-v*}
Provides: multiversion(kernel)
Requires: coreutils grep
%{-c:Requires: %{-n*}-ueficert}
Enhances: kernel-%1
AutoReqProv: on
%{-p:%{expand:%(cd %_sourcedir; cat %{-p*})}}
%description -n %{-n*}-%1
%description -n %{-n*}-kmp-%1
%(
for spec in {%_sourcedir,%_specdir}/%name.spec /dev/null; do
[ -e $spec ] && break
@ -49,17 +50,17 @@ in_desc { print; good = 1 }
END { exit(! good) }
' $spec
)
%post -n %{-n*}-%1
nvr=%{-n*}-%1-%_this_kmp_version-%{-r*}
%post -n %{-n*}-kmp-%1
nvr=%{-n*}-kmp-%1-%_this_kmp_version-%{-r*}
wm2=/usr/lib/module-init-tools/weak-modules2
if [ -x $wm2 ]; then
%{-b:KMP_NEEDS_MKINITRD=1} /bin/bash -${-/e/} $wm2 --add-kmp $nvr
fi
%preun -n %{-n*}-%1
nvr=%{-n*}-%1-%_this_kmp_version-%{-r*}
%preun -n %{-n*}-kmp-%1
nvr=%{-n*}-kmp-%1-%_this_kmp_version-%{-r*}
rpm -ql $nvr | sed -n '/\.ko$/p' > /var/run/rpm-$nvr-modules
%postun -n %{-n*}-%1
nvr=%{-n*}-%1-%_this_kmp_version-%{-r*}
%postun -n %{-n*}-kmp-%1
nvr=%{-n*}-kmp-%1-%_this_kmp_version-%{-r*}
modules=( $(cat /var/run/rpm-$nvr-modules) )
rm -f /var/run/rpm-$nvr-modules
if [ ${#modules[*]} = 0 ]; then
@ -70,7 +71,7 @@ wm2=/usr/lib/module-init-tools/weak-modules2
if [ -x $wm2 ]; then
printf '%s\n' "${modules[@]}" | /bin/bash -${-/e/} $wm2 --remove-kmp $nvr
fi
%files -n %{-n*}-%1
%files -n %{-n*}-kmp-%1
%{-f:%{expand:%(cd %_sourcedir; cat %{-f*})}}
%{!-f:%defattr (-,root,root)}
%{!-f:/lib/modules/%2-%1}

40
kernel-pae.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Mar 27 22:11:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Fix description and summary.
- commit a4cd5e1
-------------------------------------------------------------------
Tue Mar 26 12:35:11 CET 2013 - agraf@suse.de
@ -39,6 +45,26 @@ Mon Mar 18 16:38:35 CET 2013 - jeffm@suse.com
that. DMRAID45 and Rich ACLs also needed updating.
- commit 228c5dd
-------------------------------------------------------------------
Mon Mar 18 10:14:30 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Fix sed command with multiple certificates
- commit 59405a2
-------------------------------------------------------------------
Fri Mar 15 16:10:07 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Install the used certificates below
/etc/uefi/certs (fate#314507).
- commit 19b4300
-------------------------------------------------------------------
Fri Mar 15 15:34:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Make the template work with multiple
certificates.
- commit 3bf5898
-------------------------------------------------------------------
Thu Mar 14 17:22:32 CET 2013 - jeffm@suse.com
@ -108,6 +134,20 @@ Mon Mar 11 11:57:40 CET 2013 - rw@suse.de
(fate#314095, bnc#807237)
- commit 09836cb
-------------------------------------------------------------------
Sun Mar 10 22:47:15 CET 2013 - mmarek@suse.cz
- KMP: Add -c <cert> option to the %kernel_module_package macro
This produces an -ueficert subpackage that imports the certificate into
the MokList when installed (fate#314511)
- commit d8f177c
-------------------------------------------------------------------
Fri Mar 8 11:16:27 CET 2013 - mmarek@suse.cz
- KMP: Add the -kmp suffix inside the subpackage definition
- commit 7c6395d
-------------------------------------------------------------------
Tue Mar 5 21:44:13 CET 2013 - mmarek@suse.cz

34
kernel-pae.spec
View File

@ -181,6 +181,7 @@ Source53: kernel-source.spec.in
Source54: kernel-binary.spec.in
Source55: kernel-syms.spec.in
Source56: kernel-docs.spec.in
Source57: kernel-cert-subpackage
Source60: config.sh
Source61: compute-PATCHVERSION.sh
Source62: old-packages.conf
@ -566,6 +567,24 @@ add_vmlinux()
# end of build_kdump
%endif
# Package the compiled-in certificates as DER files in /etc/uefi/certs
# and have mokutil enroll them when the kernel is installed
certs=()
if test %CONFIG_MODULE_SIG = "y"; then
for f in *.x509; do
if ! test -s "$f"; then
continue
fi
h=$(openssl x509 -inform DER -fingerprint -noout -in "$f")
test -n "$h"
cert=/etc/uefi/certs/$(echo "$h" | \
sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
mkdir -p %buildroot/etc/uefi/certs
cp "$f" %buildroot/"$cert"
certs=("${certs[@]}" "$cert")
done
fi
for sub in '-base' '' '-extra'; do
case "$sub" in
'-base' | '') base_package=1 ;;
@ -582,6 +601,18 @@ for sub in '-base' '' '-extra'; do
-e "s:@CPU_ARCH_FLAVOR@:%cpu_arch_flavor:g" \
-e "s:@SRCVARIANT@:%variant:g" \
%_sourcedir/$script.sh > %my_builddir/$script$sub.sh
if test "$base_package" -eq 0 -o "${#certs[@]}" -eq 0; then
continue
fi
case "$script" in
preun | postun | post)
;;
*)
continue
esac
# Copy the respective scriptlet from kernel-cert-subpackage
sed "1,/^%%$script / d; /^%%[^%%]/,\$ d; s:@CERTS@:${certs[*]}:g" \
%_sourcedir/kernel-cert-subpackage >>"%my_builddir/$script$sub.sh"
done
done
@ -782,6 +813,9 @@ done
-o -name '*.ko' -prune -o -printf '/%%p\n'
cat %my_builddir/base-modules
fi
if test %CONFIG_MODULE_SIG = "y"; then
find etc/uefi/certs -type f -printf '/%%p\n'
fi
test -d lib/firmware/%kernelrelease-%build_flavor && \
find lib/firmware/%kernelrelease-%build_flavor \
-type d -o \

40
kernel-s390.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Mar 27 22:11:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Fix description and summary.
- commit a4cd5e1
-------------------------------------------------------------------
Tue Mar 26 12:35:11 CET 2013 - agraf@suse.de
@ -39,6 +45,26 @@ Mon Mar 18 16:38:35 CET 2013 - jeffm@suse.com
that. DMRAID45 and Rich ACLs also needed updating.
- commit 228c5dd
-------------------------------------------------------------------
Mon Mar 18 10:14:30 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Fix sed command with multiple certificates
- commit 59405a2
-------------------------------------------------------------------
Fri Mar 15 16:10:07 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Install the used certificates below
/etc/uefi/certs (fate#314507).
- commit 19b4300
-------------------------------------------------------------------
Fri Mar 15 15:34:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Make the template work with multiple
certificates.
- commit 3bf5898
-------------------------------------------------------------------
Thu Mar 14 17:22:32 CET 2013 - jeffm@suse.com
@ -108,6 +134,20 @@ Mon Mar 11 11:57:40 CET 2013 - rw@suse.de
(fate#314095, bnc#807237)
- commit 09836cb
-------------------------------------------------------------------
Sun Mar 10 22:47:15 CET 2013 - mmarek@suse.cz
- KMP: Add -c <cert> option to the %kernel_module_package macro
This produces an -ueficert subpackage that imports the certificate into
the MokList when installed (fate#314511)
- commit d8f177c
-------------------------------------------------------------------
Fri Mar 8 11:16:27 CET 2013 - mmarek@suse.cz
- KMP: Add the -kmp suffix inside the subpackage definition
- commit 7c6395d
-------------------------------------------------------------------
Tue Mar 5 21:44:13 CET 2013 - mmarek@suse.cz

34
kernel-s390.spec
View File

@ -181,6 +181,7 @@ Source53: kernel-source.spec.in
Source54: kernel-binary.spec.in
Source55: kernel-syms.spec.in
Source56: kernel-docs.spec.in
Source57: kernel-cert-subpackage
Source60: config.sh
Source61: compute-PATCHVERSION.sh
Source62: old-packages.conf
@ -559,6 +560,24 @@ add_vmlinux()
# end of build_kdump
%endif
# Package the compiled-in certificates as DER files in /etc/uefi/certs
# and have mokutil enroll them when the kernel is installed
certs=()
if test %CONFIG_MODULE_SIG = "y"; then
for f in *.x509; do
if ! test -s "$f"; then
continue
fi
h=$(openssl x509 -inform DER -fingerprint -noout -in "$f")
test -n "$h"
cert=/etc/uefi/certs/$(echo "$h" | \
sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
mkdir -p %buildroot/etc/uefi/certs
cp "$f" %buildroot/"$cert"
certs=("${certs[@]}" "$cert")
done
fi
for sub in '-base' '' '-extra'; do
case "$sub" in
'-base' | '') base_package=1 ;;
@ -575,6 +594,18 @@ for sub in '-base' '' '-extra'; do
-e "s:@CPU_ARCH_FLAVOR@:%cpu_arch_flavor:g" \
-e "s:@SRCVARIANT@:%variant:g" \
%_sourcedir/$script.sh > %my_builddir/$script$sub.sh
if test "$base_package" -eq 0 -o "${#certs[@]}" -eq 0; then
continue
fi
case "$script" in
preun | postun | post)
;;
*)
continue
esac
# Copy the respective scriptlet from kernel-cert-subpackage
sed "1,/^%%$script / d; /^%%[^%%]/,\$ d; s:@CERTS@:${certs[*]}:g" \
%_sourcedir/kernel-cert-subpackage >>"%my_builddir/$script$sub.sh"
done
done
@ -775,6 +806,9 @@ done
-o -name '*.ko' -prune -o -printf '/%%p\n'
cat %my_builddir/base-modules
fi
if test %CONFIG_MODULE_SIG = "y"; then
find etc/uefi/certs -type f -printf '/%%p\n'
fi
test -d lib/firmware/%kernelrelease-%build_flavor && \
find lib/firmware/%kernelrelease-%build_flavor \
-type d -o \

40
kernel-source.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Mar 27 22:11:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Fix description and summary.
- commit a4cd5e1
-------------------------------------------------------------------
Tue Mar 26 12:35:11 CET 2013 - agraf@suse.de
@ -39,6 +45,26 @@ Mon Mar 18 16:38:35 CET 2013 - jeffm@suse.com
that. DMRAID45 and Rich ACLs also needed updating.
- commit 228c5dd
-------------------------------------------------------------------
Mon Mar 18 10:14:30 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Fix sed command with multiple certificates
- commit 59405a2
-------------------------------------------------------------------
Fri Mar 15 16:10:07 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Install the used certificates below
/etc/uefi/certs (fate#314507).
- commit 19b4300
-------------------------------------------------------------------
Fri Mar 15 15:34:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Make the template work with multiple
certificates.
- commit 3bf5898
-------------------------------------------------------------------
Thu Mar 14 17:22:32 CET 2013 - jeffm@suse.com
@ -108,6 +134,20 @@ Mon Mar 11 11:57:40 CET 2013 - rw@suse.de
(fate#314095, bnc#807237)
- commit 09836cb
-------------------------------------------------------------------
Sun Mar 10 22:47:15 CET 2013 - mmarek@suse.cz
- KMP: Add -c <cert> option to the %kernel_module_package macro
This produces an -ueficert subpackage that imports the certificate into
the MokList when installed (fate#314511)
- commit d8f177c
-------------------------------------------------------------------
Fri Mar 8 11:16:27 CET 2013 - mmarek@suse.cz
- KMP: Add the -kmp suffix inside the subpackage definition
- commit 7c6395d
-------------------------------------------------------------------
Tue Mar 5 21:44:13 CET 2013 - mmarek@suse.cz

5
kernel-source.spec
View File

@ -74,6 +74,7 @@ Source53: kernel-source.spec.in
Source54: kernel-binary.spec.in
Source55: kernel-syms.spec.in
Source56: kernel-docs.spec.in
Source57: kernel-cert-subpackage
Source60: config.sh
Source61: compute-PATCHVERSION.sh
Source62: old-packages.conf
@ -203,7 +204,7 @@ ln -s /usr/share/doc/packages/%name/README.SUSE %buildroot/%src_install_dir/
install -m 755 -d $RPM_BUILD_ROOT/etc/rpm
install -m 644 %_sourcedir/macros.kernel-source $RPM_BUILD_ROOT/etc/rpm/
install -m 755 -d $RPM_BUILD_ROOT/usr/lib/rpm
install -m 644 %_sourcedir/kernel-module-subpackage \
install -m 644 %_sourcedir/kernel-{module,cert}-subpackage \
$RPM_BUILD_ROOT/usr/lib/rpm/
for script in post; do
@ -239,7 +240,7 @@ find %buildroot/usr/src/linux* ! -type l | xargs touch -d "$ts"
%ghost /usr/src/linux%variant
/usr/share/doc/packages/%name
/etc/rpm/macros.kernel-source
/usr/lib/rpm/kernel-module-subpackage
/usr/lib/rpm/kernel-*-subpackage
%endif
%if %do_vanilla

5
kernel-source.spec.in
View File

@ -74,6 +74,7 @@ Source53: kernel-source.spec.in
Source54: kernel-binary.spec.in
Source55: kernel-syms.spec.in
Source56: kernel-docs.spec.in
Source57: kernel-cert-subpackage
Source60: config.sh
Source61: compute-PATCHVERSION.sh
Source62: old-packages.conf
@ -203,7 +204,7 @@ ln -s /usr/share/doc/packages/%name/README.SUSE %buildroot/%src_install_dir/
install -m 755 -d $RPM_BUILD_ROOT/etc/rpm
install -m 644 %_sourcedir/macros.kernel-source $RPM_BUILD_ROOT/etc/rpm/
install -m 755 -d $RPM_BUILD_ROOT/usr/lib/rpm
install -m 644 %_sourcedir/kernel-module-subpackage \
install -m 644 %_sourcedir/kernel-{module,cert}-subpackage \
$RPM_BUILD_ROOT/usr/lib/rpm/
for script in post; do
@ -239,7 +240,7 @@ find %buildroot/usr/src/linux* ! -type l | xargs touch -d "$ts"
%ghost /usr/src/linux%variant
/usr/share/doc/packages/%name
/etc/rpm/macros.kernel-source
/usr/lib/rpm/kernel-module-subpackage
/usr/lib/rpm/kernel-*-subpackage
%endif
%if %do_vanilla

40
kernel-syms.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Mar 27 22:11:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Fix description and summary.
- commit a4cd5e1
-------------------------------------------------------------------
Tue Mar 26 12:35:11 CET 2013 - agraf@suse.de
@ -39,6 +45,26 @@ Mon Mar 18 16:38:35 CET 2013 - jeffm@suse.com
that. DMRAID45 and Rich ACLs also needed updating.
- commit 228c5dd
-------------------------------------------------------------------
Mon Mar 18 10:14:30 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Fix sed command with multiple certificates
- commit 59405a2
-------------------------------------------------------------------
Fri Mar 15 16:10:07 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Install the used certificates below
/etc/uefi/certs (fate#314507).
- commit 19b4300
-------------------------------------------------------------------
Fri Mar 15 15:34:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Make the template work with multiple
certificates.
- commit 3bf5898
-------------------------------------------------------------------
Thu Mar 14 17:22:32 CET 2013 - jeffm@suse.com
@ -108,6 +134,20 @@ Mon Mar 11 11:57:40 CET 2013 - rw@suse.de
(fate#314095, bnc#807237)
- commit 09836cb
-------------------------------------------------------------------
Sun Mar 10 22:47:15 CET 2013 - mmarek@suse.cz
- KMP: Add -c <cert> option to the %kernel_module_package macro
This produces an -ueficert subpackage that imports the certificate into
the MokList when installed (fate#314511)
- commit d8f177c
-------------------------------------------------------------------
Fri Mar 8 11:16:27 CET 2013 - mmarek@suse.cz
- KMP: Add the -kmp suffix inside the subpackage definition
- commit 7c6395d
-------------------------------------------------------------------
Tue Mar 5 21:44:13 CET 2013 - mmarek@suse.cz

40
kernel-trace.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Mar 27 22:11:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Fix description and summary.
- commit a4cd5e1
-------------------------------------------------------------------
Tue Mar 26 12:35:11 CET 2013 - agraf@suse.de
@ -39,6 +45,26 @@ Mon Mar 18 16:38:35 CET 2013 - jeffm@suse.com
that. DMRAID45 and Rich ACLs also needed updating.
- commit 228c5dd
-------------------------------------------------------------------
Mon Mar 18 10:14:30 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Fix sed command with multiple certificates
- commit 59405a2
-------------------------------------------------------------------
Fri Mar 15 16:10:07 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Install the used certificates below
/etc/uefi/certs (fate#314507).
- commit 19b4300
-------------------------------------------------------------------
Fri Mar 15 15:34:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Make the template work with multiple
certificates.
- commit 3bf5898
-------------------------------------------------------------------
Thu Mar 14 17:22:32 CET 2013 - jeffm@suse.com
@ -108,6 +134,20 @@ Mon Mar 11 11:57:40 CET 2013 - rw@suse.de
(fate#314095, bnc#807237)
- commit 09836cb
-------------------------------------------------------------------
Sun Mar 10 22:47:15 CET 2013 - mmarek@suse.cz
- KMP: Add -c <cert> option to the %kernel_module_package macro
This produces an -ueficert subpackage that imports the certificate into
the MokList when installed (fate#314511)
- commit d8f177c
-------------------------------------------------------------------
Fri Mar 8 11:16:27 CET 2013 - mmarek@suse.cz
- KMP: Add the -kmp suffix inside the subpackage definition
- commit 7c6395d
-------------------------------------------------------------------
Tue Mar 5 21:44:13 CET 2013 - mmarek@suse.cz

34
kernel-trace.spec
View File

@ -189,6 +189,7 @@ Source53: kernel-source.spec.in
Source54: kernel-binary.spec.in
Source55: kernel-syms.spec.in
Source56: kernel-docs.spec.in
Source57: kernel-cert-subpackage
Source60: config.sh
Source61: compute-PATCHVERSION.sh
Source62: old-packages.conf
@ -567,6 +568,24 @@ add_vmlinux()
# end of build_kdump
%endif
# Package the compiled-in certificates as DER files in /etc/uefi/certs
# and have mokutil enroll them when the kernel is installed
certs=()
if test %CONFIG_MODULE_SIG = "y"; then
for f in *.x509; do
if ! test -s "$f"; then
continue
fi
h=$(openssl x509 -inform DER -fingerprint -noout -in "$f")
test -n "$h"
cert=/etc/uefi/certs/$(echo "$h" | \
sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
mkdir -p %buildroot/etc/uefi/certs
cp "$f" %buildroot/"$cert"
certs=("${certs[@]}" "$cert")
done
fi
for sub in '-base' '' '-extra'; do
case "$sub" in
'-base' | '') base_package=1 ;;
@ -583,6 +602,18 @@ for sub in '-base' '' '-extra'; do
-e "s:@CPU_ARCH_FLAVOR@:%cpu_arch_flavor:g" \
-e "s:@SRCVARIANT@:%variant:g" \
%_sourcedir/$script.sh > %my_builddir/$script$sub.sh
if test "$base_package" -eq 0 -o "${#certs[@]}" -eq 0; then
continue
fi
case "$script" in
preun | postun | post)
;;
*)
continue
esac
# Copy the respective scriptlet from kernel-cert-subpackage
sed "1,/^%%$script / d; /^%%[^%%]/,\$ d; s:@CERTS@:${certs[*]}:g" \
%_sourcedir/kernel-cert-subpackage >>"%my_builddir/$script$sub.sh"
done
done
@ -783,6 +814,9 @@ done
-o -name '*.ko' -prune -o -printf '/%%p\n'
cat %my_builddir/base-modules
fi
if test %CONFIG_MODULE_SIG = "y"; then
find etc/uefi/certs -type f -printf '/%%p\n'
fi
test -d lib/firmware/%kernelrelease-%build_flavor && \
find lib/firmware/%kernelrelease-%build_flavor \
-type d -o \

40
kernel-vanilla.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Mar 27 22:11:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Fix description and summary.
- commit a4cd5e1
-------------------------------------------------------------------
Tue Mar 26 12:35:11 CET 2013 - agraf@suse.de
@ -39,6 +45,26 @@ Mon Mar 18 16:38:35 CET 2013 - jeffm@suse.com
that. DMRAID45 and Rich ACLs also needed updating.
- commit 228c5dd
-------------------------------------------------------------------
Mon Mar 18 10:14:30 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Fix sed command with multiple certificates
- commit 59405a2
-------------------------------------------------------------------
Fri Mar 15 16:10:07 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Install the used certificates below
/etc/uefi/certs (fate#314507).
- commit 19b4300
-------------------------------------------------------------------
Fri Mar 15 15:34:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Make the template work with multiple
certificates.
- commit 3bf5898
-------------------------------------------------------------------
Thu Mar 14 17:22:32 CET 2013 - jeffm@suse.com
@ -108,6 +134,20 @@ Mon Mar 11 11:57:40 CET 2013 - rw@suse.de
(fate#314095, bnc#807237)
- commit 09836cb
-------------------------------------------------------------------
Sun Mar 10 22:47:15 CET 2013 - mmarek@suse.cz
- KMP: Add -c <cert> option to the %kernel_module_package macro
This produces an -ueficert subpackage that imports the certificate into
the MokList when installed (fate#314511)
- commit d8f177c
-------------------------------------------------------------------
Fri Mar 8 11:16:27 CET 2013 - mmarek@suse.cz
- KMP: Add the -kmp suffix inside the subpackage definition
- commit 7c6395d
-------------------------------------------------------------------
Tue Mar 5 21:44:13 CET 2013 - mmarek@suse.cz

34
kernel-vanilla.spec
View File

@ -185,6 +185,7 @@ Source53: kernel-source.spec.in
Source54: kernel-binary.spec.in
Source55: kernel-syms.spec.in
Source56: kernel-docs.spec.in
Source57: kernel-cert-subpackage
Source60: config.sh
Source61: compute-PATCHVERSION.sh
Source62: old-packages.conf
@ -563,6 +564,24 @@ add_vmlinux()
# end of build_kdump
%endif
# Package the compiled-in certificates as DER files in /etc/uefi/certs
# and have mokutil enroll them when the kernel is installed
certs=()
if test %CONFIG_MODULE_SIG = "y"; then
for f in *.x509; do
if ! test -s "$f"; then
continue
fi
h=$(openssl x509 -inform DER -fingerprint -noout -in "$f")
test -n "$h"
cert=/etc/uefi/certs/$(echo "$h" | \
sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
mkdir -p %buildroot/etc/uefi/certs
cp "$f" %buildroot/"$cert"
certs=("${certs[@]}" "$cert")
done
fi
for sub in '-base' '' '-extra'; do
case "$sub" in
'-base' | '') base_package=1 ;;
@ -579,6 +598,18 @@ for sub in '-base' '' '-extra'; do
-e "s:@CPU_ARCH_FLAVOR@:%cpu_arch_flavor:g" \
-e "s:@SRCVARIANT@:%variant:g" \
%_sourcedir/$script.sh > %my_builddir/$script$sub.sh
if test "$base_package" -eq 0 -o "${#certs[@]}" -eq 0; then
continue
fi
case "$script" in
preun | postun | post)
;;
*)
continue
esac
# Copy the respective scriptlet from kernel-cert-subpackage
sed "1,/^%%$script / d; /^%%[^%%]/,\$ d; s:@CERTS@:${certs[*]}:g" \
%_sourcedir/kernel-cert-subpackage >>"%my_builddir/$script$sub.sh"
done
done
@ -779,6 +810,9 @@ done
-o -name '*.ko' -prune -o -printf '/%%p\n'
cat %my_builddir/base-modules
fi
if test %CONFIG_MODULE_SIG = "y"; then
find etc/uefi/certs -type f -printf '/%%p\n'
fi
test -d lib/firmware/%kernelrelease-%build_flavor && \
find lib/firmware/%kernelrelease-%build_flavor \
-type d -o \

40
kernel-versatile.changes
View File

@ -1,3 +1,9 @@
-------------------------------------------------------------------
Wed Mar 27 22:11:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Fix description and summary.
- commit a4cd5e1
-------------------------------------------------------------------
Tue Mar 26 12:35:11 CET 2013 - agraf@suse.de
@ -39,6 +45,26 @@ Mon Mar 18 16:38:35 CET 2013 - jeffm@suse.com
that. DMRAID45 and Rich ACLs also needed updating.
- commit 228c5dd
-------------------------------------------------------------------
Mon Mar 18 10:14:30 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Fix sed command with multiple certificates
- commit 59405a2
-------------------------------------------------------------------
Fri Mar 15 16:10:07 CET 2013 - mmarek@suse.cz
- rpm/kernel-binary.spec.in: Install the used certificates below
/etc/uefi/certs (fate#314507).
- commit 19b4300
-------------------------------------------------------------------
Fri Mar 15 15:34:11 CET 2013 - mmarek@suse.cz
- rpm/kernel-cert-subpackage: Make the template work with multiple
certificates.
- commit 3bf5898
-------------------------------------------------------------------
Thu Mar 14 17:22:32 CET 2013 - jeffm@suse.com
@ -108,6 +134,20 @@ Mon Mar 11 11:57:40 CET 2013 - rw@suse.de
(fate#314095, bnc#807237)
- commit 09836cb
-------------------------------------------------------------------
Sun Mar 10 22:47:15 CET 2013 - mmarek@suse.cz
- KMP: Add -c <cert> option to the %kernel_module_package macro
This produces an -ueficert subpackage that imports the certificate into
the MokList when installed (fate#314511)
- commit d8f177c
-------------------------------------------------------------------
Fri Mar 8 11:16:27 CET 2013 - mmarek@suse.cz
- KMP: Add the -kmp suffix inside the subpackage definition
- commit 7c6395d
-------------------------------------------------------------------
Tue Mar 5 21:44:13 CET 2013 - mmarek@suse.cz

34
kernel-versatile.spec
View File

@ -178,6 +178,7 @@ Source53: kernel-source.spec.in
Source54: kernel-binary.spec.in
Source55: kernel-syms.spec.in
Source56: kernel-docs.spec.in
Source57: kernel-cert-subpackage
Source60: config.sh
Source61: compute-PATCHVERSION.sh
Source62: old-packages.conf
@ -556,6 +557,24 @@ add_vmlinux()
# end of build_kdump
%endif
# Package the compiled-in certificates as DER files in /etc/uefi/certs
# and have mokutil enroll them when the kernel is installed
certs=()
if test %CONFIG_MODULE_SIG = "y"; then
for f in *.x509; do
if ! test -s "$f"; then
continue
fi
h=$(openssl x509 -inform DER -fingerprint -noout -in "$f")
test -n "$h"
cert=/etc/uefi/certs/$(echo "$h" | \
sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\1/p').crt
mkdir -p %buildroot/etc/uefi/certs
cp "$f" %buildroot/"$cert"
certs=("${certs[@]}" "$cert")
done
fi
for sub in '-base' '' '-extra'; do
case "$sub" in
'-base' | '') base_package=1 ;;
@ -572,6 +591,18 @@ for sub in '-base' '' '-extra'; do
-e "s:@CPU_ARCH_FLAVOR@:%cpu_arch_flavor:g" \
-e "s:@SRCVARIANT@:%variant:g" \
%_sourcedir/$script.sh > %my_builddir/$script$sub.sh
if test "$base_package" -eq 0 -o "${#certs[@]}" -eq 0; then
continue
fi
case "$script" in
preun | postun | post)
;;
*)
continue
esac
# Copy the respective scriptlet from kernel-cert-subpackage
sed "1,/^%%$script / d; /^%%[^%%]/,\$ d; s:@CERTS@:${certs[*]}:g" \
%_sourcedir/kernel-cert-subpackage >>"%my_builddir/$script$sub.sh"
done
done
@ -772,6 +803,9 @@ done
-o -name '*.ko' -prune -o -printf '/%%p\n'
cat %my_builddir/base-modules
fi
if test %CONFIG_MODULE_SIG = "y"; then
find etc/uefi/certs -type f -printf '/%%p\n'
fi
test -d lib/firmware/%kernelrelease-%build_flavor && \
find lib/firmware/%kernelrelease-%build_flavor \
-type d -o \

17
macros.kernel-source
View File

@ -3,10 +3,10 @@
%kernel_module_package_buildreqs module-init-tools kernel-syms
# Defines %flavors_to_build and %kernel_source() as a side effect.
%_kernel_module_package(n:v:r:t:f:Xp:b) \
%{expand:%( \
%_kernel_module_package(n:v:r:t:f:Xp:bc:) \
%{expand:%( set -x \
subpkg=%{-t*}%{!-t:/usr/lib/rpm/kernel-module-subpackage} \
echo "%%define _suse_kernel_module_subpackage(n:v:r:f:p:b) %%{expand:%%(cd %_sourcedir; cat $subpkg; echo %%%%nil)}" \
echo "%%define _suse_kernel_module_subpackage(n:v:r:f:p:bc) %%{expand:%%(cd %_sourcedir; cat $subpkg; echo %%%%nil)}" \
flavors_to_build= \
flavors="%*" \
for flavor in $(ls /usr/src/linux-obj/%_target_cpu 2>/dev/null); do \
@ -19,7 +19,7 @@
krel=$(make -s -C /usr/src/linux-obj/%_target_cpu/$flavor kernelrelease) \
kver=${krel%%-*} \
flavors_to_build="$flavors_to_build $flavor" \
echo "%%_suse_kernel_module_subpackage -n %{-n*}%{!-n:%name}-kmp -v %{-v*}%{!-v:%version} -r %{-r*}%{!-r:%release} %{-p} %{-b} $flavor $kver" \
echo "%%_suse_kernel_module_subpackage -n %{-n*}%{!-n:%name} -v %{-v*}%{!-v:%version} -r %{-r*}%{!-r:%release} %{-p} %{-b} %{-c:-c} $flavor $kver" \
done \
echo "%%global flavors_to_build${flavors_to_build:-%%nil}" \
echo "%%{expand:%%(test -z '%flavors_to_build' && echo %%%%internal_kmp_error)}" \
@ -31,13 +31,18 @@
echo "Summary: %summary" \
echo "Group: %group" \
echo "%description -n %{-n*}%{!-n:%name}-kmp-_dummy_" \
%{-c:
for fmt in DER PEM; do h=$(openssl x509 -inform $fmt -fingerprint -noout -in %{-c*}); if test -n "$h"; then break; fi; done \
cert=/etc/uefi/certs/$(echo "$h" | sed -rn 's/^SHA1 Fingerprint=//; T; s/://g; s/(.{8}).*/\\1/p').crt
sed "s:@CERTS@:$cert:g" /usr/lib/rpm/kernel-cert-subpackage \
echo "%%global __spec_build_pre %%__spec_build_pre mkdir -p %%buildroot/etc/uefi/certs; openssl x509 -in %{-c*} -inform $fmt -out %%buildroot/$cert -outform DER" } \
)}
# kernel_module_package: simply pass on all options and arguments.
%kernel_module_package(n:v:r:t:f:xp:b) \
%kernel_module_package(n:v:r:t:f:xp:bc:) \
%{expand:%%_kernel_module_package %{-x:-X} %{-n} %{-v} %{-r} %{-t} %{-f} %{-p} %*}
# suse_kernel_module_package: invert the meaning of the -x flag. (You are not
# supposed to understand why a simple %{-x:}%{!-x:-x} won't work.)
%suse_kernel_module_package(n:v:r:s:f:xp:b) \
%suse_kernel_module_package(n:v:r:s:f:xp:bc:) \
%{expand:%%_kernel_module_package %{-x: }%{!-x:-X} %{-n} %{-v} %{-r} %{-s:-t %{-s*}} %{-f} %{-p} %*}

4
source-timestamp
View File

@ -1,3 +1,3 @@
2013-03-26 12:35:11 +0100
GIT Revision: 801a982f0b2d10eddfce094248d17ac6cad65bea
2013-03-28 10:01:13 +0100
GIT Revision: 31c3eb05148afc6a33f31fea09ea99e1f9cd9bd6
GIT Branch: master