diff --git a/kernel.spec b/kernel.spec index 85a0dcff79943da1908dd606baf3166e0ac6f400..f9e0fa06fdce79e20ecf8fdc83169e26e9ac5bf7 100644 --- a/kernel.spec +++ b/kernel.spec @@ -12,7 +12,7 @@ %global upstream_sublevel 0 %global devel_release 166 %global maintenance_release .0.0 -%global pkg_release .80 +%global pkg_release .81 %define with_debuginfo 1 # Do not recompute the build-id of vmlinux in find-debuginfo.sh @@ -99,6 +99,11 @@ BuildRequires: pciutils-devel gettext BuildRequires: rpm-build, elfutils BuildRequires: numactl-devel python3-devel glibc-static python3-docutils BuildRequires: perl-generators perl(Carp) libunwind-devel gtk2-devel libbabeltrace-devel java-1.8.0-openjdk perl-devel + +%if 0%{?openEuler_sign_rsa} +BuildRequires: sign-openEuler +%endif + AutoReq: no AutoProv: yes @@ -454,6 +459,23 @@ mkdir -p $RPM_BUILD_ROOT/boot dd if=/dev/zero of=$RPM_BUILD_ROOT/boot/initramfs-%{KernelVer}.img bs=1M count=20 install -m 755 $(make -s image_name) $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer} + +%if 0%{?openEuler_sign_rsa} + echo "start sign" + %ifarch %arm aarch64 + gunzip -c $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}>$RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.unzip.efi + /opt/sign-openEuler/client --config /opt/sign-openEuler/config.toml add --key-name default-x509ee --file-type efi-image --key-type x509ee --sign-type authenticode $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.unzip.efi + mv $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.unzip.efi $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.unzip + gzip -c $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.unzip>$RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer} + rm -f $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.unzip + %endif + %ifarch x86_64 + mv $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer} $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.efi + /opt/sign-openEuler/client --config /opt/sign-openEuler/config.toml add --key-name default-x509ee --file-type efi-image --key-type x509ee --sign-type authenticode $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.efi + mv $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.efi $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer} + %endif +%endif + pushd $RPM_BUILD_ROOT/boot sha512hmac ./vmlinuz-%{KernelVer} >./.vmlinuz-%{KernelVer}.hmac popd @@ -897,6 +919,9 @@ fi %endif %changelog +* Thu Nov 16 2023 huangzq6 - 5.10.0-166.0.0.81 +- add signature for vmlinux + * Tue Nov 07 2023 Liu Jian - 5.10.0-166.0.0.80 - And net-acc tool to kernel-tools.