From: "Herton R. Krzesinski" <herton@xxxxxxxxxx>
When we create the src.rpm, we don't need to copy all certificate files,
only a set of them are needed depending on the RELEASED_KERNEL status.
This is necessary because when you do a make dist-git, the script
rh-dist-git.sh will create a diff to compare what was copied against what
is on dist-git clone, and this report will be bogus if we copy uneeded
files (it'll show in the diff that some files are not in the dist-git
copy, since the src.rpm created doesn't contain all certificate files,
because it's conditionally added based on released_kernel value).
Also while at it, delete old certificate files (secureboot.cer,
securebootca.cer) which are not used anymore since last grub related
security update.
Signed-off-by: Herton R. Krzesinski <herton@xxxxxxxxxx>
---
redhat/Makefile | 7 ++++++-
redhat/keys/secureboot.cer | Bin 899 -> 0 bytes
redhat/keys/securebootca.cer | Bin 977 -> 0 bytes
3 files changed, 6 insertions(+), 1 deletion(-)
delete mode 100644 redhat/keys/secureboot.cer
delete mode 100644 redhat/keys/securebootca.cer
diff --git a/redhat/Makefile b/redhat/Makefile
index 8f3c41738551..21e2aff49746 100644
--- a/redhat/Makefile
+++ b/redhat/Makefile
@@ -241,7 +241,6 @@ sources-rh: $(TARBALL) generate-testpatch-tmp
keys/rhel*.x509 \
kabi/check-kabi \
configs/$(PACKAGE_NAME)-*.config \
- keys/*.cer \
update_scripts.sh \
mod-blacklist.sh \
mod-internal.list \
@@ -255,6 +254,12 @@ sources-rh: $(TARBALL) generate-testpatch-tmp
../Makefile.rhelver \
README.rst \
$(SOURCES)/
+ @if [ "$(RELEASED_KERNEL)" -ne 0 ]; then \
+ cp keys/redhatsecureboot{301,501,ca5,ca1}.cer $(SOURCES)/; \
+ cp keys/secureboot_{ppc,s390}.cer $(SOURCES)/; \
+ else \
+ cp keys/redhatsecureboot{003,401,ca2,ca4}.cer $(SOURCES)/; \
+ fi
@for KABIARCH in $(ARCH_LIST); do \
cp kabi/Module.kabi_$$KABIARCH $(SOURCES)/; \
cp kabi/Module.kabi_dup_$$KABIARCH $(SOURCES)/; \
diff --git a/redhat/keys/secureboot.cer b/redhat/keys/secureboot.cer
deleted file mode 100644
index 20e660479db920c9af073ef60dfd52cfcd55ef35..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 899
zcmXqLVy-u6VoG1Y%*4pV#L4h}zvyHQr&ERoylk9WZ60mkc^MhGSs4s`4b=@)*_cCF
zn1$tnQd1N>5=#_<Q<F=JQWc!?^Gg&ooE;UiQ!5n=H4T*v6ySO}8O4N)Q<D>OQj1C)
zic(WD5=-=w^K%X4#CZ)(3=Iv;4Gj!U4NRlNd5z71To3|r4T21H474EDDPy&+I5Ryj
zGcTPKJDV7lkbT9-%D~*j$j@NV#K^_e#K_37NxkdnB-fbdAp)7dSWBPZtXrYb5w*C@
z@r&`BZ02)^7x}9-F_f-vdj9zHex2s374i`=>Kunka%XeJpYTcWnYOXcua#Nzv{P2r
z{{KfRpNsxBUvPxw_cT2h+pJ?Ab^$YP&OhK@vBdbb{H<AE?$7S)IveG4{NthMn|XI;
zuZ~$}9hb8?RNwy6d`WHPPcK7HM6SQ)@0IpFYTa&`doJbY%S^-$TDZTkzjLIcd>gCD
zgVUK-5>__PZZU-1nmGUR*MJSDB-cbvx6RHHnXKVwU9@H2#x6FkEt|?~dgtD8aoSb6
z`P$`cNzxNN-!l}2zMhj&w=>05mb+)gq|2XQRV^~E`;)lfwmuUxBLm~&Sc7N-9$?7J
z3NtePXJIm6FyIF9_*qz(nb;c)WI-H07BLo)aL4})TlQq;>8I$gIMsYUAgZGz$Uq(>
zt;`}}Al4w_Al4%0a?Yxeg@ctn?ZuBpb5eiAAV&Z&Spg$}kwNnVx9_f&sUPlII<6Po
zwsYpDLfs|_*M8fGuUk4-m%YAz`?d3h%8P~vysm29RsQ!WK%@63*E<IDDw)7}u3mi>
zY;yV?ieH$Xp0GJ~>}cV)`v*$4n0`ogx_k24UDm?Lu%<V?r}j)=!KiSkIWaTTT(E6J
zl&5{qJLWl6&n(_{UMpOZB^hw)L4)<lzSK?Je}t;1oIAXyE|xhc$VZjuf<xvW$IzuB
z-!E&6{=dE^>T{WiSI>r}MgeY{-MAm@j(GO|_ezzhSNC%m_dopoSNWyMX47EzS*y|}
z3cr~?y=&H&a;tfp6<SM;jutGBzV*%9YlTe7k=I)%x5n#*@uYqED=_(L67SN(09G1h
A-2eap
diff --git a/redhat/keys/securebootca.cer b/redhat/keys/securebootca.cer
deleted file mode 100644
index b2354007b9668258683b99a68fa5bdd3067c31b1..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 977
zcmXqLVm@oo#I$t*GZP~d6DPykKFO2}lmD>>ylk9WZ60mkc^MhGSs4s`4b=@)*_cCF
zn1$tnQd1N>5=#_<Q<F=JQWc!?^Gg&ooE;UiQ!5n=H4T*v6ySO}8O4N)Q<D>OQj1C)
zic(WD5=-=w^K%X4#CZ)(42%qc(8R>VG)kP;*xbO#zzoWzwslR6O2{5!WMyD(V&rEq
zXkz4IYGPz$nC+~<?2{)QQnbB!-tOilfvp!W+5DVoSG#L+<>vi6EDouC4!V-;tv&JA
zN}nf->iaHo2tM8rAb&8=Njdj{a^${=Z?aE)&k<1VH{Q3Wx7jKD-_5CYum4K4d~JV`
z`ccOE*<7!m22LI4&u3g0F3h!NN?ysm?c*7~^lIfF3D-Xhnr_&uU!bJ$?ZS8WW+A0-
zr9raw{Iep~On)hDAUrqc*pZy>@YoE^;z#ABPp))utMY{K9XOZuN+87Vv97^}gccFK
z6&c%&T=rzVyKuJ1S>c?R<K#PxtGGq~?cMg~=gYe$SJ$!S^;`(O<ep~wX+Qso!rIJ(
zZL23GL@b?{ZqYAz@%i~&roT+gj0}v68`m2&t}&1W#<DCQix`WDgIJ50%Q>q?77kYS
zv==`X%}M<cV^9l{R%R(PC~3f|U}4}Ae=0{`6H>C|0a-81!fL?G$oL;QPJxLO7^jR3
zp{b9(0{X(lQ;+K%h_CKtxc%nd+9kH!CBia&JkgcqO9LvF9(I1~^2+p(_fBqs&+@+g
zjZG)^b(y8?lr#NV`RkoR|I-BpaSiJiPBV7drX0Bbe!0fPB95K&)ygj1YM5%bK;(6L
z=7Y@r2hM%A`uyr;o|A^(c{icYtu_B=WuE^MZ_<<d&TsQv+iB;vWxkm>i|1QMhsQHT
z<L>4}wg*#%C!d<*ePQAKPyWoS|9R;jPUx*P-5Ksuo_~6c3tyKHzf+y+r*{_;vOAw>
zmv4Wk&h*1hGe;ze)#t#BH;PsH)$e|FOmna8+@9jW!^ymRMf{q+C84h)mppfN*sxn6
NnfI|Q%N6m!6aeL$dME$@
--
GitLab
_______________________________________________
kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx
