Ship hmac file for vmlinuz for FIPS-140 (rhbz 805538)
This commit is contained in:
parent
8bc44875e2
commit
e9dfffad72
13
kernel.spec
13
kernel.spec
|
@ -54,7 +54,7 @@ Summary: The Linux kernel
|
|||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 4
|
||||
%global baserelease 5
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
|
@ -539,7 +539,7 @@ ExclusiveOS: Linux
|
|||
#
|
||||
BuildRequires: module-init-tools, patch >= 2.5.4, bash >= 2.03, sh-utils, tar
|
||||
BuildRequires: bzip2, xz, findutils, gzip, m4, perl, make >= 3.78, diffutils, gawk
|
||||
BuildRequires: gcc >= 3.4.2, binutils >= 2.12, redhat-rpm-config
|
||||
BuildRequires: gcc >= 3.4.2, binutils >= 2.12, redhat-rpm-config, hmaccalc
|
||||
BuildRequires: net-tools
|
||||
BuildRequires: xmlto, asciidoc
|
||||
%if %{with_sparse}
|
||||
|
@ -1585,6 +1585,11 @@ BuildKernel() {
|
|||
$RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer
|
||||
chmod 755 $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer
|
||||
|
||||
# hmac sign the kernel for FIPS
|
||||
echo "Creating hmac file: $RPM_BUILD_ROOT/%{image_install_path}/.vmlinuz-$KernelVer.hmac"
|
||||
ls -l $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer
|
||||
sha512hmac $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer | sed -e "s,$RPM_BUILD_ROOT,," > $RPM_BUILD_ROOT/%{image_install_path}/.vmlinuz-$KernelVer.hmac;
|
||||
|
||||
mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer
|
||||
# Override $(mod-fw) because we don't want it to install any firmware
|
||||
# We'll do that ourselves with 'make firmware_install'
|
||||
|
@ -2115,6 +2120,7 @@ fi
|
|||
%{expand:%%files %{?2}}\
|
||||
%defattr(-,root,root)\
|
||||
/%{image_install_path}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?2:.%{2}}\
|
||||
/%{image_install_path}/.vmlinuz-%{KVERREL}%{?2:.%{2}}.hmac \
|
||||
%attr(600,root,root) /boot/System.map-%{KVERREL}%{?2:.%{2}}\
|
||||
/boot/config-%{KVERREL}%{?2:.%{2}}\
|
||||
%dir /lib/modules/%{KVERREL}%{?2:.%{2}}\
|
||||
|
@ -2168,6 +2174,9 @@ fi
|
|||
# and build.
|
||||
|
||||
%changelog
|
||||
* Wed Mar 21 2012 Josh Boyer <jwboyer@redhat.com>
|
||||
- Ship hmac file for vmlinuz for FIPS-140 (rhbz 805538)
|
||||
|
||||
* Tue Mar 20 2012 Josh Boyer <jwboyer@redhat.com>
|
||||
- CVE-2012-1568: execshield: predictable ascii armour base address (rhbz 804957)
|
||||
- mac80211: fix possible tid_rx->reorder_timer use after free
|
||||
|
|
Loading…
Reference in New Issue