Skip to content

[CLK] Embed dist-git in source branch #959

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
bmastbergen wants to merge 7 commits into
base: ciq-6.12.y
Choose a base branch
from
+9,464 −0
Open

[CLK] Embed dist-git in source branch #959

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
39a9627
Import dist-git from 6.12.74 SRPM
bmastbergen Mar 3, 2026
6bc287c
kernel.spec: Remove kabi code
bmastbergen Mar 2, 2026
683b00d
kernel.spec: Move netfilter modules to core
bmastbergen Mar 5, 2026
4108b87
kernel.spec: Use configs from ciq/config
bmastbergen Feb 19, 2026
16ddf8c
Add generate_tarball.sh
bmastbergen Mar 5, 2026
4a020ab
Adding CIQ attributes to kernel mod signing cert
elguero Mar 11, 2026
5fa3033
Switch to zstd for source tarball
bmastbergen Mar 12, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions SOURCES/Makefile.rhelver
View file
Open in desktop
Copy link
Collaborator

@PlaidCat PlaidCat Mar 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do when know where or how this is used?

Copy link
Collaborator Author

@bmastbergen bmastbergen Mar 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe it is used in the kernel-ark infrastructure somehow. I'm not really sure why it is included in the srpm. We do not need it. Will remove.

Copy link
Collaborator

@PlaidCat PlaidCat Mar 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah this is a part of the make build which we're not explicitly doing.

Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
# Placeholder Makefile.rhelver for CIQ builds
RHEL_MAJOR = 6
RHEL_MINOR = 12
RHEL_RELEASE = 1
25 changes: 25 additions & 0 deletions SOURCES/README.rst
View file
Open in desktop
Copy link
Collaborator

@PlaidCat PlaidCat Mar 13, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should update this with basic instructions should anyone actually try to checkout a branch and build the RPM ... plus this calls out CKI all over the place.

We could also just remove it

Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
===================
The Kernel dist-git
===================

The kernel is maintained in a `source tree`_ rather than directly in dist-git.
The specfile is maintained as a `template`_ in the source tree along with a set
of build scripts to generate configurations, (S)RPMs, and to populate the
dist-git repository.

The `documentation`_ for the source tree covers how to contribute and maintain
the tree.

If you're looking for the downstream patch set it's available in the source
tree with "git log master..ark-patches" or
`online`_.

Each release in dist-git is tagged in the source repository so you can easily
check out the source tree for a build. The tags are in the format
name-version-release, but note release doesn't contain the dist tag since the
source can be built in different build roots (Fedora, CentOS, etc.)

.. _source tree: https://gitlab.com/cki-project/kernel-ark.git
.. _template: https://gitlab.com/cki-project/kernel-ark/-/blob/os-build/redhat/kernel.spec.template
.. _documentation: https://gitlab.com/cki-project/kernel-ark/-/wikis/home
.. _online: https://gitlab.com/cki-project/kernel-ark/-/commits/ark-patches
Binary file added SOURCES/ciq_sb_ca.der
View file
Open in desktop
Binary file not shown.
35 changes: 35 additions & 0 deletions SOURCES/ciq_sb_kernel.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
-----BEGIN CERTIFICATE-----
MIIGKTCCBBGgAwIBAgIQBuHLnP2DI5tJ8WThx9fEQDANBgkqhkiG9w0BAQwFADBo
MQswCQYDVQQGEwJVUzEPMA0GA1UECBMGTmV2YWRhMQ0wCwYDVQQHEwRSZW5vMRYw
FAYDVQQKEw1DdHJsIElRLCBJbmMuMSEwHwYDVQQDExhDdHJsIElRLCBJbmMuIElz
c3VpbmcgQ0EwHhcNMjMwODIxMjAxNzEyWhcNMjgwODE5MjAxNzEyWjBMMQswCQYD
VQQGEwJVUzEPMA0GA1UECBMGTmV2YWRhMRUwEwYDVQQKEwxDVFJMIElRLCBJTkMx
FTATBgNVBAMTDENUUkwgSVEsIElOQzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCC
AYoCggGBAKi3bPwtjk01ULYuyZYjnooCshJv+e0L+4i01zu7dXYf/Z9D1d+DoD30
o8ZgOJ9Xn6kl/0sKNKxETbwGOt1j3uZcJ1okcCMZEUTtBAfbbZ/R2aPjZRGiZVkI
shOKINMEWMumbJAyUJfBLt8DlojGX/gw1/53eTgZ8mcuPaRvDdrwm9u4OTQVEAN0
JlTft9JFzRiqkTAdcaIjLtKJ9zmTTX5KAre61rNtLs8ihWUR+yY/RYaVpY/rZy6P
dPfkkbo1nf6Ck5F4e+NY/hEudeAjjNC0dCTOWB+2CKTAqJyJQXTuyGSRubZre6Dd
aYNQHQc1yegHBqk0z9XMXspSLpMxcwEJqe8KoX6zvO39YK8yJoU1z0vAI7Y4Ls7e
ILoykYaMCLiZjqKT01nOPIz7ml7f9uXfogPMmyu29j6xV2pvJ92/8fLa3dX+RN1c
muS3f/Yyed6Qj4GHPUxnlwY5yjDtzNs95zOdlnuStjRMFWBi1Kn9wfux1O+LCf6c
P0HlDQ32YQIDAQABo4IBaTCCAWUwHwYDVR0jBBgwFoAUkyKuYIju74ifnwWqc0Kd
LwiHqc0wDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwEwYDVR0lBAwwCgYI
KwYBBQUHAwMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5lbnRlcnByaXNl
LnNlY3RpZ28uY29tL0N0cmxJUUluY0lzc3VpbmdDQS5jcmwwgYQGCCsGAQUFBwEB
BHgwdjBEBggrBgEFBQcwAoY4aHR0cDovL2NydC5lbnRlcnByaXNlLnNlY3RpZ28u
Y29tL0N0cmxJUUluY0lzc3VpbmdDQS5jcnQwLgYIKwYBBQUHMAGGImh0dHA6Ly9v
Y3NwLmVudGVycHJpc2Uuc2VjdGlnby5jb20wHgYDVR0RBBcwFYETaXRfc2VjdXJp
dHlAY2lxLmNvbTAdBgNVHQ4EFgQUgOMDv07QE1FaAYKmTq+zh/BYqi4wDQYJKoZI
hvcNAQEMBQADggIBADL5fpy9bWjc2E+VEj8+Rj93qS6/duMxbA3hhOX9bbG8jCOR
Hy9Pi6tDzi4zVkix/evmk2vdasEbeIBJZ4lNkko5CHkRut85JGjuPTkmb9TSG0Fw
5GgfhVcDP70Jx7hH/9wFcdZABRW5yTRQudKCLOpC5IySMDwNNJWP1s4iex+i5YDD
6rhAP75w8alQMyUy0gScLkpbk7Vdr3Bd9Dkd2XkRht5PzZFLN+J+RtfqbKPlAYi5
6ccrHVilSoJslG4+Kz2TPyEQ02atsuvgQMKg3eNnFxnWV5sijR2GILM5DKlmKUf5
WGhaH4Ky/SNGqEBf6gXBIkHMGivHaGygfJK2Lq+X5L2UOe4nTEBDqo5Jnd1b1rBa
odASb91BtwPE7hzsBF9iPIaDevxlS4WW7WMJCCnAwg4zSnBe48NtqyPDrZfRQwbY
V4DdrP77ZnG76D4ih6E6EHP9V93T2noSAnz1pvNt/z07MGWTYqUEnstwttHhTgDo
i6n6d1U5c3uHQuS0QsvLJoRiVhlna1b1RQXJQkpMm7eXYyXD2A72qffrQ5YK/+yB
WLHvPk+wawC0AVtnUHElASb6NSCBNO5Xz7vA4TfUjvS2yOgAbfAzA2uhc8yKW2o8
lodjo+qZvFfW9SZ0RPwfCiCzpbkfMSdg/+DiD/OvS80OHvG1wG2unGJleGe2
-----END CERTIFICATE-----
36 changes: 36 additions & 0 deletions SOURCES/ciq_sb_kernel_aarch64.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
-----BEGIN CERTIFICATE-----
MIIGPDCCBCSgAwIBAgIQEE/9vIoQ8YsKely2cBs0oTANBgkqhkiG9w0BAQwFADBo
MQswCQYDVQQGEwJVUzEPMA0GA1UECBMGTmV2YWRhMQ0wCwYDVQQHEwRSZW5vMRYw
FAYDVQQKEw1DdHJsIElRLCBJbmMuMSEwHwYDVQQDExhDdHJsIElRLCBJbmMuIElz
c3VpbmcgQ0EwHhcNMjQxMTIwMDIxMzUyWhcNMzQxMTE4MDIxMzUyWjBfMQswCQYD
VQQGEwJVUzEPMA0GA1UECBMGTmV2YWRhMRUwEwYDVQQKEwxDVFJMIElRLCBJTkMx
KDAmBgNVBAMTH0NJUSBLZXJuZWwgU2VjdXJlQm9vdCAtIGFhcmNoNjQwggGiMA0G
CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQDFWa+XIhW3pcq/C2rfkdQbBknUVagW
OtO0Ei2QfmP5OXNE6nyIZObeq8Lqz/TK2UHcYMW+n1Jzne8wFWxum8IwDUc9zoeI
5G7kY/euTo1W1G9Q64O4nLHuUIe6Z0gfqfJzvdWD9SI+xojRirMtlXh6BFd4WdCf
FwNtquKoqbsoeheG0KQdwlRLHglSDBS36UscZE5WDzu+6fMXQug+BovYfgXcVNLg
80tjYFaYEKvaBzyqWW+Ife0tE0WTMYCqrrfA0O4+wUDAQUF3F27zcKcwHLMlm/eN
7Y20gzj+t2MkegZOWOcUSqgp5FCJinmi1Xdsv9r3uIznSYcgGYoCxj4tDSc8TR6R
N5Cb7OwsnghBnNxTqzVM0ufBZnRBqvyeOCGhGqaSr0UkODVlKq8o7b7D5ww4sGMZ
6piyJg1a1QhNY62g8NKKu+PhCRjAyBMBNdyvQoiBXw+3V8W3+WCfiIc4A+Z7zduJ
kYj+LpVQ7WAUCnIkE7cOsm8YyJVKm4jio00CAwEAAaOCAWkwggFlMB8GA1UdIwQY
MBaAFJMirmCI7u+In58FqnNCnS8Ih6nNMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMB
Af8EAjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMEkGA1UdHwRCMEAwPqA8oDqGOGh0
dHA6Ly9jcmwuZW50ZXJwcmlzZS5zZWN0aWdvLmNvbS9DdHJsSVFJbmNJc3N1aW5n
Q0EuY3JsMIGEBggrBgEFBQcBAQR4MHYwRAYIKwYBBQUHMAKGOGh0dHA6Ly9jcnQu
ZW50ZXJwcmlzZS5zZWN0aWdvLmNvbS9DdHJsSVFJbmNJc3N1aW5nQ0EuY3J0MC4G
CCsGAQUFBzABhiJodHRwOi8vb2NzcC5lbnRlcnByaXNlLnNlY3RpZ28uY29tMB4G
A1UdEQQXMBWBE2l0X3NlY3VyaXR5QGNpcS5jb20wHQYDVR0OBBYEFARF4PsHwNoP
7cVvzUT+wDIryZC2MA0GCSqGSIb3DQEBDAUAA4ICAQBcFulRNYN+zGSFVZnC15Lm
2ZtZKdbi35A6AcK7Pfwc2bhYOBKPDSJKUv5w+Sf4NT5OhIeq0jTkaM58QOj3qbrz
hEVz59Oj11fXN2kzQiRa3FTbHrue8SxGvv2W//ihAyQ1dmN8EX2RovZyoqmGMefo
3WIeZXs55mTltED73q1bYk7pG8ACjcuBaZGGrd7XKKht9jo+eSM46Z+OZN/NEAy6
r5Y3T0DcG5nmqZf0abYwa9UxMdyLFF0eI701/wONZXQmjVLr7OS9s+jDd6p8Dfia
0O54/o6AI37y+fu9fbhw/s5h1v55uHPphErpGiUOULMdNtuBuRNITYoI9dEYijQ9
QLQxCZLl6QqTX2zTWhnABOS56/Ty5wk94Nf3erZkyUrNT67s0Bd77GLzpRocpAz9
Zj8cLXVeVGqqmylhI0ZICyIfDQnVwgiEx0tBhk0hAwkAZ5guYuzCAbkuMX8StSZR
AfswiQtMbKZXm9X5TRnGWkgN6RxQkkzJPI7DRihS3uRBnGhVLDLdX5VXtnCLMemb
LusHeUtwapiAbizGklMshJ61z8l20aPPl1fT5X/QwZ4iFt3TOjC0awHMkygrpNa2
i0hVYQmx5L2D8ZrQyqP9K6g7TF0lgtPM9IrpRXn2b7ujZ6vspTo4X7lasBKnYRPZ
Go5p1YwxzfogGYAAWkfSLA==
-----END CERTIFICATE-----
Binary file added SOURCES/ciq_sb_kernel_driver.der
View file
Open in desktop
Binary file not shown.
Binary file added SOURCES/ciq_sb_kernel_driver_aarch64.der
View file
Open in desktop
Binary file not shown.
Binary file added SOURCES/ciq_sb_kernel_kpatch.der
View file
Open in desktop
Binary file not shown.
Binary file added SOURCES/ciq_sb_kernel_kpatch_aarch64.der
View file
Open in desktop
Binary file not shown.
36 changes: 36 additions & 0 deletions SOURCES/ciq_sb_uki.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
-----BEGIN CERTIFICATE-----
MIIGLzCCBBegAwIBAgIQK+ld4YweKUSD+K6ct0JGOjANBgkqhkiG9w0BAQwFADBo
MQswCQYDVQQGEwJVUzEPMA0GA1UECBMGTmV2YWRhMQ0wCwYDVQQHEwRSZW5vMRYw
FAYDVQQKEw1DdHJsIElRLCBJbmMuMSEwHwYDVQQDExhDdHJsIElRLCBJbmMuIElz
c3VpbmcgQ0EwHhcNMjUwMzEyMTcxMTM5WhcNMzUwMzEwMTcxMTM5WjBSMQswCQYD
VQQGEwJVUzEPMA0GA1UECBMGTmV2YWRhMRUwEwYDVQQKEwxDVFJMIElRLCBJTkMx
GzAZBgNVBAMTEkNJUSBVS0kgU2VjdXJlQm9vdDCCAaIwDQYJKoZIhvcNAQEBBQAD
ggGPADCCAYoCggGBAOtBsf2cd/Kc+GRfSy4yTm0+LDOJb1v2xZL0y242yxyf8uRF
Wa6BJ582LESXbMnXwnEzgmXKFYcOi/0hQ6vUUU4+Ag7dV1ndcYFfMX0wQlflm7ag
cFxPn/bLcW9OCv+DNMLL/wYoj0Reyu4Hfu2al82B4SSN0beC3e9NWrw81I+mLLoj
pM8hKVFt0yxMa+5gcR4YI3SMIcu7JUTZ5J/9C5SH59Rvqu/S/8V8o7B9mJnQ1qVC
5ryznUvY1Q8SAGgkKBO4ENmM3G/0my4UrzybtfAOlKRvR9YB94OfTgkW1Vdi7twy
x+wQMljfVGUh2NWbMnWBAE++3qe4NTDwlu6wRrcXMepsO26dg3s5zT+se8lb6J/K
AJNTnJZcMR7aO2K5EeTNAUCLC4/J4G+a6q8/fBNnzej8EaBYE3FWg9FNjb82wvG7
BFMfbi6hZ1bSdHILt3z0dKkoVgEAAKdiPtZ2ywIOIuaFgA5ITP+R3n/NpiV7lqsH
zgYpie8H9ahIjTSwbwIDAQABo4IBaTCCAWUwHwYDVR0jBBgwFoAUkyKuYIju74if
nwWqc0KdLwiHqc0wDgYDVR0PAQH/BAQDAgeAMAwGA1UdEwEB/wQCMAAwEwYDVR0l
BAwwCgYIKwYBBQUHAwMwSQYDVR0fBEIwQDA+oDygOoY4aHR0cDovL2NybC5lbnRl
cnByaXNlLnNlY3RpZ28uY29tL0N0cmxJUUluY0lzc3VpbmdDQS5jcmwwgYQGCCsG
AQUFBwEBBHgwdjBEBggrBgEFBQcwAoY4aHR0cDovL2NydC5lbnRlcnByaXNlLnNl
Y3RpZ28uY29tL0N0cmxJUUluY0lzc3VpbmdDQS5jcnQwLgYIKwYBBQUHMAGGImh0
dHA6Ly9vY3NwLmVudGVycHJpc2Uuc2VjdGlnby5jb20wHgYDVR0RBBcwFYETaXRf
c2VjdXJpdHlAY2lxLmNvbTAdBgNVHQ4EFgQUuCH7X0+hiQLhi1Ok9dJsKwZgitMw
DQYJKoZIhvcNAQEMBQADggIBAI+taTOjPIMfwnVeUruMHQOnYhqUUXQehqe7eTlP
UJDs60fOAeVY4mbgjMHBlnzuQPd4HCrGT4uSR3q014TpSGCGzaadM8kzyP+cjSrW
uOFeWUKlMAWU8POIW0io91EBayLR0vGfhBsnAaB/9SKcurYgffeN42khws6jXlPB
ve+hy7QUD095CEcB+Q1LZJ0sdgUOFROaKjkyIH7Qjj+of7CC3rvHUyKSKB5LwyDT
si05g2VVH6vkM+qUsXYmPsDRAJJiaxH40OeXBu0WsJsC1wqMet6qeF2E3DdF2KVK
NtxWi6h7AxgC8lfXwrYIgKmuguxNYQdLIBCqMqka/hrGGygb7hM8EjGwfodL6yJo
pu8IVzZztNXCQzIQcXUAoRsCzpVwN5rrZeevrAaP+ZIDwSTddNMl9H0mb9TzHw/X
S9usl4jCk4lsoOGs/JqyxMsegAA/cMCu8Z9Q6dPYVJav5RWWVoigvzgOrLUpD6Tq
WvSUn73AG3Jg3CcbDmuWrU23pe7qGmaXvjS2G+VNd+eyiwTzzq9xwZ5LVInp2u+d
A7qrGMktr0x8B2WiW8tzkzhhjoK9tlIJma4U+2txLGQ2ZHg+ump2R6BVPYGvpCi5
g4WivXBAj+gCR38USq9D/hZDlBJb2sC2icoCGxEm9j9/YHDHXy23j+/Zbra8eUsc
weey
-----END CERTIFICATE-----
36 changes: 36 additions & 0 deletions SOURCES/ciq_sb_uki_aarch64.crt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
-----BEGIN CERTIFICATE-----
MIIGOTCCBCGgAwIBAgIQQpB12H0ITZVQxQbXRJdF3TANBgkqhkiG9w0BAQwFADBo
MQswCQYDVQQGEwJVUzEPMA0GA1UECBMGTmV2YWRhMQ0wCwYDVQQHEwRSZW5vMRYw
FAYDVQQKEw1DdHJsIElRLCBJbmMuMSEwHwYDVQQDExhDdHJsIElRLCBJbmMuIElz
c3VpbmcgQ0EwHhcNMjUwMzEyMjEzMDM3WhcNMzUwMzEwMjEzMDM3WjBcMQswCQYD
VQQGEwJVUzEPMA0GA1UECBMGTmV2YWRhMRUwEwYDVQQKEwxDVFJMIElRLCBJTkMx
JTAjBgNVBAMTHENJUSBVS0kgU2VjdXJlQm9vdCAtIGFhcmNoNjQwggGiMA0GCSqG
SIb3DQEBAQUAA4IBjwAwggGKAoIBgQCkHNxK77Ho2rXAMMX69pGUnspomCGqhtIk
1NJqQMJRG7/UYqDWfDPjUn4BcY5RPPML9INeGnXgcabokeAD6qia5XuJbbCWaAdp
nnkh+6WrH7hZ5O2QdYZ4Q14273DSmVjPlSmtW1GOHLcQt0S1zlBUguM/4tXp4vhp
FXiH0S8rUImJSvUmaCEi5xPy1zfYhG3sqykddRQddTbpURwO/6f+QhQKv4+DosDL
asFXKrMN1tKf6c/EBsktA9gSf8VfkgRNOqGMDlqnwEl7w/d0l4xdpEUgJkvTHhYS
WXZyM+Oo6kEDdioKmZmX4jIm9ZNQyp9YS1sZWkM9jRIBEUhvOfSa521rPFa27kFP
O0s0lX3bv601CmBQxoRln9fgZxdPtpjeKzfgr+N5Gcx++xhnesJMIKOMfxvLv33v
hG+cqywSJcA875uWHz5YFvWg2gg7Z2oWg9pG2fUBfV2gBOn6yRZsGUuohPTk6Aom
IBCi0ukvf+WtIcvovFbanw3BwfPO0JsCAwEAAaOCAWkwggFlMB8GA1UdIwQYMBaA
FJMirmCI7u+In58FqnNCnS8Ih6nNMA4GA1UdDwEB/wQEAwIHgDAMBgNVHRMBAf8E
AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMDMEkGA1UdHwRCMEAwPqA8oDqGOGh0dHA6
Ly9jcmwuZW50ZXJwcmlzZS5zZWN0aWdvLmNvbS9DdHJsSVFJbmNJc3N1aW5nQ0Eu
Y3JsMIGEBggrBgEFBQcBAQR4MHYwRAYIKwYBBQUHMAKGOGh0dHA6Ly9jcnQuZW50
ZXJwcmlzZS5zZWN0aWdvLmNvbS9DdHJsSVFJbmNJc3N1aW5nQ0EuY3J0MC4GCCsG
AQUFBzABhiJodHRwOi8vb2NzcC5lbnRlcnByaXNlLnNlY3RpZ28uY29tMB4GA1Ud
EQQXMBWBE2l0X3NlY3VyaXR5QGNpcS5jb20wHQYDVR0OBBYEFJ3iA+Sj/RHagSq3
YUAleOAA4J2PMA0GCSqGSIb3DQEBDAUAA4ICAQB3zYLgLtVMwqLtX6sTqhzrLDyL
p0+TkR0Nm8d35A3Ai2P6rR1/WSJdaVHUBCWMFUvMPSAMoQWDXiHko3Lfk3a9HXtD
i5nCzTOmfVUMbdf0JOY/Kpb6itolAiE+5OsvZ1KQYkfqCSWbM9xQSQxctkxkTBLV
3RzZ2Z1ne2PkfRgVUjbuMK058lCK7SkCQFkxD5P8s8eoovnl93pmiY2EZeeFVWzL
8e79lxav6NxvW5yVA+RDgSBwcc2I8lFxuFK3TLMvQBTo/nUywFU9dNh7UZ/fTCSF
ZsI9yo/WCoXdx5PwBwe9WOJ10hXJReo2SZuS9TM7xXxNWOE5bYB4Xj90iTBU8+gv
r/sQ0U+z5Thy/VlPRp2D7/xtXWLXHLFljmNxbIFW56/GltWYMJn7ESI5uea+WY9H
H6eAckdXmrbpS+NWwwCHNTp9NPItaLIc5h6KJLfroIH71GnsSzEQMP6cVJvYXvIq
U3fA50b2Ngg0EDjDiBx317Fkl4rwkrAnsrzLPWFx4ui3ACIe9Ahwv4Wod/AKlz39
EuzOLHcLALTVzHfB0Ec2fRBOLHFGix5dcUNy91H2h+UYBKhLmNaUDuY5APZ1o9DB
x6Ptmb6AdhWyX91D+kr2/mUCLGzMbLSuUrwouhhp7l1Bh67dQimRndhl6ajKgb5T
gpIPH8+jV7TZJQl9tw==
-----END CERTIFICATE-----
22 changes: 22 additions & 0 deletions SOURCES/ciq_sbsign.macros
View file
Open in desktop
Copy link

@elguero elguero Mar 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We did make a change on the SB side which removed the need for this file. We should consider removing this file and making any necessary changes to the SPEC file.

Copy link
Collaborator Author

@bmastbergen bmastbergen Mar 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent, will do!

Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
# CIQ-specific sbsign override
# If pe_signing_certkeyslot is defined, we assume we want to do a proper secureboot signing as part of the build
# This macro overrides the "new" Rocky way of using a Python wrapper, and simply makes the pesign macro call sbsign instead with the specified cert, key slot and openssl conf file

%if 0%{?pe_signing_certkeyslot:1}
%define __certkeyslot %{?pe_signing_certkeyslot:%{pe_signing_certkeyslot}}

%define _sbsign /usr/bin/sbsign

%define __opensslcnf %{?pe_signing_opensslcnf:%{pe_signing_opensslcnf}}

%define pesign(i:o:C:e:c:n:a:s) \
OPENSSL_CONF=%{__opensslcnf} %{_sbsign} --engine pkcs11 --key 'pkcs11:token=YubiHSM;id=%{__certkeyslot}' %{?-c:--cert "%{-c*}"} %{?-i: "%{-i*}"} %{?-o:--output "%{-o*}"}

%if 0%{?pe_uki_signing_certkeyslot:1}
%define __uki_certkeyslot %{?pe_uki_signing_certkeyslot:%{pe_uki_signing_certkeyslot}}

%define pesign_uki(i:o:C:e:c:n:a:s) \
OPENSSL_CONF=%{__opensslcnf} %{_sbsign} --engine pkcs11 --key 'pkcs11:token=YubiHSM;id=%{__uki_certkeyslot}' %{?-c:--cert "%{-c*}"} %{?-i: "%{-i*}"} %{?-o:--output "%{-o*}"}
%endif

%endif
Loading
Loading