Ship hmac file for vmlinuz for FIPS-140 (rhbz 805538)
This commit is contained in:
Josh Boyer
parent
3b5b9ca4f6
commit
98931fa9d1
13
kernel.spec
13
kernel.spec
|
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 3
|
||||
%global baserelease 4
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
|
|
@ -529,7 +529,7 @@ ExclusiveOS: Linux
|
|||
#
|
||||
BuildRequires: module-init-tools, patch >= 2.5.4, bash >= 2.03, sh-utils, tar
|
||||
BuildRequires: bzip2, xz, findutils, gzip, m4, perl, make >= 3.78, diffutils, gawk
|
||||
BuildRequires: gcc >= 3.4.2, binutils >= 2.12, redhat-rpm-config
|
||||
BuildRequires: gcc >= 3.4.2, binutils >= 2.12, redhat-rpm-config, hmaccalc
|
||||
BuildRequires: net-tools
|
||||
BuildRequires: xmlto, asciidoc
|
||||
%if %{with_sparse}
|
||||
|
|
@ -1640,6 +1640,11 @@ BuildKernel() {
|
|||
$RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer
|
||||
chmod 755 $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer
|
||||
|
||||
# hmac sign the kernel for FIPS
|
||||
echo "Creating hmac file: $RPM_BUILD_ROOT/%{image_install_path}/.vmlinuz-$KernelVer.hmac"
|
||||
ls -l $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer
|
||||
sha512hmac $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer | sed -e "s,$RPM_BUILD_ROOT,," > $RPM_BUILD_ROOT/%{image_install_path}/.vmlinuz-$KernelVer.hmac;
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer
|
||||
# Override $(mod-fw) because we don't want it to install any firmware
|
||||
# we'll get it from the linux-firmware package and we don't want conflicts
|
||||
|
|
@ -2261,6 +2266,7 @@ fi
|
|||
%{expand:%%files %{?2}}\
|
||||
%defattr(-,root,root)\
|
||||
/%{image_install_path}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?2:.%{2}}\
|
||||
/%{image_install_path}/.vmlinuz-%{KVERREL}%{?2:.%{2}}.hmac \
|
||||
%attr(600,root,root) /boot/System.map-%{KVERREL}%{?2:.%{2}}\
|
||||
/boot/config-%{KVERREL}%{?2:.%{2}}\
|
||||
%dir /lib/modules/%{KVERREL}%{?2:.%{2}}\
|
||||
|
|
@ -2324,6 +2330,9 @@ fi
|
|||
# '-' | |
|
||||
# '-'
|
||||
%changelog
|
||||
* Wed Mar 21 2012 Josh Boyer <jwboyer@redhat.com>
|
||||
- Ship hmac file for vmlinuz for FIPS-140 (rhbz 805538)
|
||||
|
||||
* Tue Mar 20 2012 Dave Jones <davej@redhat.com>
|
||||
- Don't bind the IPS driver if no irq is assigned (typically BIOS bug). (rhbz 804353)
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue