diff --git a/.gitignore b/.gitignore index 0a418333..f85246b0 100644 --- a/.gitignore +++ b/.gitignore @@ -18,3 +18,9 @@ *.run /tests Twoliter.override +packages/*/*.asc +packages/*/*-asc.txt +packages/*/*.sig +packages/*/*-sig.txt +packages/*/*.sign +!packages/*/gpgkey-*.asc diff --git a/packages/grub/gpgkey-B21C50FA44A99720EAA72F7FE951904AD832C631.asc b/packages/grub/gpgkey-B21C50FA44A99720EAA72F7FE951904AD832C631.asc new file mode 100644 index 00000000..da88e201 --- /dev/null +++ b/packages/grub/gpgkey-B21C50FA44A99720EAA72F7FE951904AD832C631.asc @@ -0,0 +1,32 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: B21C 50FA 44A9 9720 EAA7 2F7F E951 904A D832 C631 +Comment: Amazon Linux + +xsFNBGOSDXkBEADR0NT7Y5EHACoAUEEdT3J742u8zXftpjh3hwBMYCC9d5VtTDJ2 +MLjBQXljlm9byrd0aLEaa90zurhvnwuFJQlSdVHXsZEgyJIaONTw64lVUnwQmgV0 +iTasVSxK0inLODIxLa92kSebaGj6GOyGDMgRtu30dpTgrFosOILXu9trL1FN6czS +udq8fbsol6kx3Q7BknYs0F07af+1f7LVKGMA2o4TuTjs8i4HPChJ7Rvjffzb2NtP +3lfqh4HwzNgc2nRG7ftq1A9MbfpyouiXlTjeri66TpkRp7MvinnBzPznE6LxK/Vq +pK5IDEje1LRSA2Sz7Yxw5731/7cM2aVtnM99i98m2E93aaq9RqiHa2RrMamt/Qz0 +sMSMBXuztGJ8cpmUbMlq4sIfIMnU+bgNqBmEViJlFpAd34Ypn3DIxdFOAL2Hr1lA +c3DO/9OsrxZq346flmjoQw9R/Yigy2r9qwWNFNoMIL09VQm9jAk848c7EB6nyrFE +RBzIVtf8i3buOnLNA2Nj3yRB4JmIiGGr9lKppoSwfXd0SUFXQFDgRCU6c8y5M68A +MzvfeslMZyUjYYMHRk16cifwfDOXCRJf+igPedJLGPKsu2UYIYrVvAIxK1H6Db7m +2AiwX08Rhpd6pHzILr3INkogxY1v8IBIt2q1SDMOp5e4VS1IDcYC4+II6QARAQAB +zSZBbWF6b24gTGludXggPGFtYXpvbi1saW51eEBhbWF6b24uY29tPsLBvgQTAQoA +cgWCZRXIXgkQ6VGQStgyxjFHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9p +YS1wZ3Aub3JnVoQZ9CB5X7OFiIXWG972pn+O3yZ+RuNcZXkkP8SxIkcCmwMWIQSy +HFD6RKmXIOqnL3/pUZBK2DLGMQAA7FkQAJdU1Ktc6iMkhrvXMNRUVnudss49GYiW +IVRXhl7ZiZaha2s3JTdxK0VxIgrc+3tvny7WGDDKf5O85Io5GnL4fewL4ZCfqB/0 +sjG5OhgCD0WWtLeFrxc/Lay3+7xvKQxL9IgT7UpfnRm/iHlCWY7UEZelvQaE9uNN +XbYjbah1EzJExP1okVauOW0P3/BP8kRX976w11JOlvU+Z3CndumDRR7IegZexQrm +CNlV47uh5QFCbFt8m7+cS5PRTD3pB8vJyu8MZ3cbhxNZTwo2F7u0Y9SJRh+sjAuo +NSls/YdbWvuWJwpNbJU2KN0oo9B1uuRDjz/qh0HWnhYifWoisjg6VZTdQom1dcee +hjLmfH09pLNKR2uddjyJNjMuuAoOLMKbBoPwP459w/CcmakkP0v0mShi9MeoQOOb +EE6H2BnMw9RbveXFJ2uHCSK3BpJaGeWbMGAbPsSIRXDs0DY8g+gnGr5+CKOuubkb +Mwp7HYLHNR2m0Gvi2lqY3VMh/j+y4frKb2fwqPupkmYG0TEoCR1NuJhyG9GS046v +pBuIXMGNfIqwNl3IehGWMtZScfJncAyDcmqvlbUggG9lKYAT+8Dp3U8+a4BI0Kay +IfoH1wfyx0hjYeWqBjjY4W2Y1mgJ6QqATUp6yglC6/RTJZ0+0GlCS/EUxGFTRik6 +jE0MDu0zcISc +=4Nri +-----END PGP PUBLIC KEY BLOCK----- diff --git a/packages/grub/grub.spec b/packages/grub/grub.spec index c5b41a3c..f11dea02 100644 --- a/packages/grub/grub.spec +++ b/packages/grub/grub.spec @@ -17,9 +17,10 @@ Summary: Bootloader with support for Linux and more License: GPL-3.0-or-later AND Unicode-DFS-2015 URL: https://www.gnu.org/software/grub/ Source0: https://cdn.amazonlinux.com/al2023/blobstore/f4fa28cb4e1586d622925449b1e24748c6ab09ccebe0fd8ddfa20cf5e7ce182a/grub2-2.06-61.amzn2023.0.9.src.rpm -Source1: bios.cfg -Source2: efi.cfg -Source3: sbat.csv.in +Source1: gpgkey-B21C50FA44A99720EAA72F7FE951904AD832C631.asc +Source2: bios.cfg +Source3: efi.cfg +Source4: sbat.csv.in Patch0001: 0001-setup-Add-root-device-argument-to-grub-setup.patch Patch0002: 0002-gpt-start-new-GPT-module.patch Patch0003: 0003-gpt-rename-misnamed-header-location-fields.patch @@ -97,6 +98,9 @@ Summary: Tools for the bootloader with support for Linux and more %{summary}. %prep +rpmkeys --import %{S:1} --dbpath "${PWD}/rpmdb" +rpmkeys --checksig %{S:0} --dbpath "${PWD}/rpmdb" +rm -rf "${PWD}/rpmdb" rpm2cpio %{S:0} | cpio -iu grub-%{version}.tar.xz \ bootstrap bootstrap.conf \ gitignore %{gnulib_version}.tar.gz \ @@ -168,7 +172,7 @@ popd mkdir efi-build pushd efi-build -sed -e "s,__VERSION__,%{version},g" %{S:3} > sbat.csv +sed -e "s,__VERSION__,%{version},g" %{S:4} > sbat.csv %cross_configure \ CFLAGS="" \ @@ -199,7 +203,7 @@ pushd bios-build %make_install mkdir -p %{buildroot}%{biosdir} %{buildroot}%{_cross_bindir}/grub-mkimage \ - -c %{S:1} \ + -c %{S:2} \ -d ./grub-core/ \ -O "i386-pc" \ -o "%{buildroot}%{biosdir}/core.img" \ @@ -219,7 +223,7 @@ mkdir -p %{buildroot}%{efidir} truncate -s 4096 empty.pubkey %{buildroot}%{_cross_bindir}/grub-mkimage \ - -c %{S:2} \ + -c %{S:3} \ -d ./grub-core/ \ -O "%{_cross_grub_efi_format}" \ -o "%{buildroot}%{efidir}/%{efi_image}" \ diff --git a/packages/kernel-5.10/gpgkey-00FA2C1079260870A76D2C285749CAD8646D9185.asc b/packages/kernel-5.10/gpgkey-00FA2C1079260870A76D2C285749CAD8646D9185.asc new file mode 100644 index 00000000..92ecf439 --- /dev/null +++ b/packages/kernel-5.10/gpgkey-00FA2C1079260870A76D2C285749CAD8646D9185.asc @@ -0,0 +1,20 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.22 (GNU/Linux) + +mQENBF3JmncBCACyaaWVnTGnSbyHzQ4zNLgHe397CGDw0zJoimvedMkLpbTpqgnI +UCk09LoNb/F24X2GFDAcy2qFBFia1jY8cOwcOoVWshfSgLZ5b5fcLuE4cB/h63bI +3PRGsr5uVY98auLE4J6eXEWpuCPRN8CBr/pOEtvDX5fEkRIJstOWvC6vpAsVTK+g +jtB+05iiNjhQSYNCdlU89gBHNpNDx/DtYMW7rwPZtEkUQ5n2RTz5vNIiuYPMGiwp +cw7TR7N6kk4fVlyDiZf8BU4akVceAK+9EMh9UjjsmaKbcM/iUW+olavq1xbljMr6 +Hg/eVM0Hu78D62MV5JGoUOc8w78INRAwXt21ABEBAAG0MUFtYXpvbiBBV1MgTmV1 +cm9uIDxuZXVyb24tbWFpbnRhaW5lcnNAYW1hem9uLmNvbT6JATgEEwEIACICGwMG +CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJjc99RAAoJEFdJythkbZGFOYEIAIht +ydP6jaMc3oMFmzZYgkDXSFoC2TPij7wdpPJCgq6phMl8vOofT33jZ3RiTQX+2Qug +EvZUL/oVeSajsH7tki7uDyup+g2K8QnB+eYis37CBZmRFT/7Q6J09pJESDfdDXH9 +PnGlfHnKQ50AmO9chihGQxIxmkWzmpdrQdZUBMqlPsV40WktXToaZ8KIq6cLNHMs +uuZtPLDXcct8ylS25sRok2BZGQuwTr+Qh9ygJy3aEuhd3uVspNNeN/ia/hLAvn4L +n1rfiuYr9fmbOkEXsGOwfA+c5vH+74P/V3zlyJ1y+4ZYlCvdOgwsTj69OHS04NBD +8+oQTxomyao+dnYcoz0= +=iLMh +-----END PGP PUBLIC KEY BLOCK----- + diff --git a/packages/kernel-5.10/gpgkey-99E617FE5DB527C0D8BD5F8E11CF1F95C87F5B1A.asc b/packages/kernel-5.10/gpgkey-99E617FE5DB527C0D8BD5F8E11CF1F95C87F5B1A.asc new file mode 100644 index 00000000..8ab54881 --- /dev/null +++ b/packages/kernel-5.10/gpgkey-99E617FE5DB527C0D8BD5F8E11CF1F95C87F5B1A.asc @@ -0,0 +1,28 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFk4Y/gBEACo0PXWKPOeXB2BuxYOItNNX1GAJCSyIT5+tX28VilkpLtWZP0u +yXuxeZsIjtWm8ZKA81OxB9/+JauFnYkDIchcMIh7Dgh9h/RHOjc2tkvvq7Zq37aJ +SY29vTMPuWbc/tbqGOaNZfzGBqeWy/eqP4IrM3h7TuajjTHjhrumqUrCgnZUE7/K +eVowJYNOAAOadqb5vS6QMwbv6Ph3t/fCi7DP/FvgiQ0I/6aU5f4MiPO/W+0+F4du +7NnIwKmYsZsUtUW228CRKRFYzdoSzADj6K9hMmq4fN42uQujQdJ1tftWHafQVwU/ +jQ70dX1pAdAKQ3sEbShJcSmAjCjBJLhLK/0rbMXuErrhrxewXfPEgpzm+Fp+jlo2 +Ni2GTA3QPo21dOo4XL2SrVzc5Q+abYBRYncuZhZ7fwynG982BtDEZ066Q1G6eT1f +Q9YPlqrfw6Hq16kXfPWQTbkUa8oR36q1TQAF1oHiAkIruV/+O7VHlfECEApht2HD +eV87LbsN1TyYbtI8o9AQki77/9S6PPuWeN7QbgnmET/NXuPht2p69Kn/3DfJhKrn +dkujEFmhK0fWtEQk0SGrJcRJ6aD+ZB2DmtCv9Mki9pImkvjoxBBq1/ZNCFu/6BfM +R9X72/JyVWM1lWs77zhwJp5bRw5hYQqXO0x2ld91PNKRsTi5A6sykvJ7ewARAQAB +tCZBbWF6b24gTGludXggPGFtYXpvbi1saW51eEBhbWF6b24uY29tPokCNwQTAQgA +IQUCWThj+AIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRARzx+VyH9bGutz +D/9m4aF5W2uE5eI/IzTyjI9qPL8jKM0GISo4SKE8GeUgAlZ6/RfTKU1Wv2EicFTS +aKpX6oXDVfOumi2ZrooqlF7YdfREoVrn+dKHHXVzuMwJyFfd0t6FERLWNPeFAqWD +n1bmPBNJ5hP+FRRd4zNaje7ZnD2YHcpaTtnHP6jBTTOsJs675DswzqcwLJ4dIPmH +vkRbLc/1/7rjU2b29RyCVNsf+3hqx9hkk2I77nUCY8NHGxUvFhun98JmHG+xfyWk +W/Cv929+NKDsrdZLjVcVOvnZg2WPNz+F9SPV6fF5kTP/qh4Dalfzfq0fKG8csnQ9 +lXUhIBk3v/carfrF3ChMKZf6gHxEW0g0zFv2Dc+vNS1E5mBn3LlzxpryzBay4O6n +Zr+IZhIa5P2K0vqqzaYjmwPwm/sYulxbwPUrpN4kczCTBwqb/DfArS29w7UMTj/i +3V6/feFOFJMfF74irr0rYNBB6syINkVyTv3KiKgvlXeY6qCux47PQirRH68l08TI +MgXOAWjW6rOAlmZBiyzAC3GMytG2IccbHTEow407Oc5ElPbss7uIPHaQzG2MzCDM +ZaaM0bT64vu5yAV3c3EUYXg7v55XlkRYBFX6m/hSc0ug9WyQi71JkrQg6twWnXzx +wZ4hd0iTciWC5+mH4pxCMrCymz+x26UfvLdd7hbt4xEACw== +=fA1M +-----END PGP PUBLIC KEY BLOCK----- diff --git a/packages/kernel-5.10/kernel-5.10.spec b/packages/kernel-5.10/kernel-5.10.spec index 88d5ab8f..ed9b3f02 100644 --- a/packages/kernel-5.10/kernel-5.10.spec +++ b/packages/kernel-5.10/kernel-5.10.spec @@ -8,8 +8,10 @@ License: GPL-2.0 WITH Linux-syscall-note URL: https://www.kernel.org/ # Use latest-kernel-srpm-url.sh to get this. Source0: https://cdn.amazonlinux.com/blobstore/0af5f80d00a3d5a867d4959d74751bc7d24b1bcb0ab8a5de558ae301ae0fa52e/kernel-5.10.228-219.884.amzn2.src.rpm +Source1: gpgkey-99E617FE5DB527C0D8BD5F8E11CF1F95C87F5B1A.asc # Use latest-neuron-srpm-url.sh to get this. -Source1: https://yum.repos.neuron.amazonaws.com/aws-neuronx-dkms-2.18.12.0.noarch.rpm +Source2: https://yum.repos.neuron.amazonaws.com/aws-neuronx-dkms-2.18.12.0.noarch.rpm +Source3: gpgkey-00FA2C1079260870A76D2C285749CAD8646D9185.asc Source100: config-bottlerocket # Neuron-related drop-ins. @@ -102,7 +104,10 @@ Summary: Header files for the Linux kernel for use by glibc %{summary}. %prep -rpm2cpio %{SOURCE0} | cpio -iu linux-%{version}.tar config-%{_cross_arch} "*.patch" +rpmkeys --import %{S:1} --dbpath "${PWD}/rpmdb" +rpmkeys --checksig %{S:0} --dbpath "${PWD}/rpmdb" +rm -rf "${PWD}/rpmdb" +rpm2cpio %{S:0} | cpio -iu linux-%{version}.tar config-%{_cross_arch} "*.patch" tar -xof linux-%{version}.tar; rm linux-%{version}.tar %setup -TDn linux-%{version} # Patches from the Source0 SRPM @@ -129,13 +134,16 @@ scripts/kconfig/merge_config.sh \ %if "%{_cross_arch}" == "x86_64" ../config-microcode \ %endif - %{SOURCE100} + %{S:100} rm -f ../config-* ../*.patch %if "%{_cross_arch}" == "x86_64" cd %{_builddir} -rpm2cpio %{SOURCE1} | cpio -idmu './usr/src/aws-neuronx-*' +rpmkeys --import %{S:3} --dbpath "${PWD}/rpmdb" +rpmkeys --checksig %{S:2} --dbpath "${PWD}/rpmdb" +rm -rf "${PWD}/rpmdb" +rpm2cpio %{S:2} | cpio -idmu './usr/src/aws-neuronx-*' find usr/src/ -mindepth 1 -maxdepth 1 -type d -exec mv {} neuron \; rm -r usr %endif diff --git a/packages/kernel-5.15/gpgkey-00FA2C1079260870A76D2C285749CAD8646D9185.asc b/packages/kernel-5.15/gpgkey-00FA2C1079260870A76D2C285749CAD8646D9185.asc new file mode 100644 index 00000000..92ecf439 --- /dev/null +++ b/packages/kernel-5.15/gpgkey-00FA2C1079260870A76D2C285749CAD8646D9185.asc @@ -0,0 +1,20 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.22 (GNU/Linux) + +mQENBF3JmncBCACyaaWVnTGnSbyHzQ4zNLgHe397CGDw0zJoimvedMkLpbTpqgnI +UCk09LoNb/F24X2GFDAcy2qFBFia1jY8cOwcOoVWshfSgLZ5b5fcLuE4cB/h63bI +3PRGsr5uVY98auLE4J6eXEWpuCPRN8CBr/pOEtvDX5fEkRIJstOWvC6vpAsVTK+g +jtB+05iiNjhQSYNCdlU89gBHNpNDx/DtYMW7rwPZtEkUQ5n2RTz5vNIiuYPMGiwp +cw7TR7N6kk4fVlyDiZf8BU4akVceAK+9EMh9UjjsmaKbcM/iUW+olavq1xbljMr6 +Hg/eVM0Hu78D62MV5JGoUOc8w78INRAwXt21ABEBAAG0MUFtYXpvbiBBV1MgTmV1 +cm9uIDxuZXVyb24tbWFpbnRhaW5lcnNAYW1hem9uLmNvbT6JATgEEwEIACICGwMG +CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJjc99RAAoJEFdJythkbZGFOYEIAIht +ydP6jaMc3oMFmzZYgkDXSFoC2TPij7wdpPJCgq6phMl8vOofT33jZ3RiTQX+2Qug +EvZUL/oVeSajsH7tki7uDyup+g2K8QnB+eYis37CBZmRFT/7Q6J09pJESDfdDXH9 +PnGlfHnKQ50AmO9chihGQxIxmkWzmpdrQdZUBMqlPsV40WktXToaZ8KIq6cLNHMs +uuZtPLDXcct8ylS25sRok2BZGQuwTr+Qh9ygJy3aEuhd3uVspNNeN/ia/hLAvn4L +n1rfiuYr9fmbOkEXsGOwfA+c5vH+74P/V3zlyJ1y+4ZYlCvdOgwsTj69OHS04NBD +8+oQTxomyao+dnYcoz0= +=iLMh +-----END PGP PUBLIC KEY BLOCK----- + diff --git a/packages/kernel-5.15/gpgkey-99E617FE5DB527C0D8BD5F8E11CF1F95C87F5B1A.asc b/packages/kernel-5.15/gpgkey-99E617FE5DB527C0D8BD5F8E11CF1F95C87F5B1A.asc new file mode 100644 index 00000000..8ab54881 --- /dev/null +++ b/packages/kernel-5.15/gpgkey-99E617FE5DB527C0D8BD5F8E11CF1F95C87F5B1A.asc @@ -0,0 +1,28 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFk4Y/gBEACo0PXWKPOeXB2BuxYOItNNX1GAJCSyIT5+tX28VilkpLtWZP0u +yXuxeZsIjtWm8ZKA81OxB9/+JauFnYkDIchcMIh7Dgh9h/RHOjc2tkvvq7Zq37aJ +SY29vTMPuWbc/tbqGOaNZfzGBqeWy/eqP4IrM3h7TuajjTHjhrumqUrCgnZUE7/K +eVowJYNOAAOadqb5vS6QMwbv6Ph3t/fCi7DP/FvgiQ0I/6aU5f4MiPO/W+0+F4du +7NnIwKmYsZsUtUW228CRKRFYzdoSzADj6K9hMmq4fN42uQujQdJ1tftWHafQVwU/ +jQ70dX1pAdAKQ3sEbShJcSmAjCjBJLhLK/0rbMXuErrhrxewXfPEgpzm+Fp+jlo2 +Ni2GTA3QPo21dOo4XL2SrVzc5Q+abYBRYncuZhZ7fwynG982BtDEZ066Q1G6eT1f +Q9YPlqrfw6Hq16kXfPWQTbkUa8oR36q1TQAF1oHiAkIruV/+O7VHlfECEApht2HD +eV87LbsN1TyYbtI8o9AQki77/9S6PPuWeN7QbgnmET/NXuPht2p69Kn/3DfJhKrn +dkujEFmhK0fWtEQk0SGrJcRJ6aD+ZB2DmtCv9Mki9pImkvjoxBBq1/ZNCFu/6BfM +R9X72/JyVWM1lWs77zhwJp5bRw5hYQqXO0x2ld91PNKRsTi5A6sykvJ7ewARAQAB +tCZBbWF6b24gTGludXggPGFtYXpvbi1saW51eEBhbWF6b24uY29tPokCNwQTAQgA +IQUCWThj+AIbAwULCQgHAgYVCAkKCwIEFgIDAQIeAQIXgAAKCRARzx+VyH9bGutz +D/9m4aF5W2uE5eI/IzTyjI9qPL8jKM0GISo4SKE8GeUgAlZ6/RfTKU1Wv2EicFTS +aKpX6oXDVfOumi2ZrooqlF7YdfREoVrn+dKHHXVzuMwJyFfd0t6FERLWNPeFAqWD +n1bmPBNJ5hP+FRRd4zNaje7ZnD2YHcpaTtnHP6jBTTOsJs675DswzqcwLJ4dIPmH +vkRbLc/1/7rjU2b29RyCVNsf+3hqx9hkk2I77nUCY8NHGxUvFhun98JmHG+xfyWk +W/Cv929+NKDsrdZLjVcVOvnZg2WPNz+F9SPV6fF5kTP/qh4Dalfzfq0fKG8csnQ9 +lXUhIBk3v/carfrF3ChMKZf6gHxEW0g0zFv2Dc+vNS1E5mBn3LlzxpryzBay4O6n +Zr+IZhIa5P2K0vqqzaYjmwPwm/sYulxbwPUrpN4kczCTBwqb/DfArS29w7UMTj/i +3V6/feFOFJMfF74irr0rYNBB6syINkVyTv3KiKgvlXeY6qCux47PQirRH68l08TI +MgXOAWjW6rOAlmZBiyzAC3GMytG2IccbHTEow407Oc5ElPbss7uIPHaQzG2MzCDM +ZaaM0bT64vu5yAV3c3EUYXg7v55XlkRYBFX6m/hSc0ug9WyQi71JkrQg6twWnXzx +wZ4hd0iTciWC5+mH4pxCMrCymz+x26UfvLdd7hbt4xEACw== +=fA1M +-----END PGP PUBLIC KEY BLOCK----- diff --git a/packages/kernel-5.15/kernel-5.15.spec b/packages/kernel-5.15/kernel-5.15.spec index 90751b59..18490a6c 100644 --- a/packages/kernel-5.15/kernel-5.15.spec +++ b/packages/kernel-5.15/kernel-5.15.spec @@ -8,8 +8,10 @@ License: GPL-2.0 WITH Linux-syscall-note URL: https://www.kernel.org/ # Use latest-kernel-srpm-url.sh to get this. Source0: https://cdn.amazonlinux.com/blobstore/9cea3dae03703f3c4c78fcb1302eeee5fe4c07ebf53d783cf3aaf7e4f30a6d39/kernel-5.15.168-114.166.amzn2.src.rpm +Source1: gpgkey-99E617FE5DB527C0D8BD5F8E11CF1F95C87F5B1A.asc # Use latest-neuron-srpm-url.sh to get this. -Source1: https://yum.repos.neuron.amazonaws.com/aws-neuronx-dkms-2.18.12.0.noarch.rpm +Source2: https://yum.repos.neuron.amazonaws.com/aws-neuronx-dkms-2.18.12.0.noarch.rpm +Source3: gpgkey-00FA2C1079260870A76D2C285749CAD8646D9185.asc Source100: config-bottlerocket # Neuron-related drop-ins. @@ -100,7 +102,10 @@ Summary: Header files for the Linux kernel for use by glibc %{summary}. %prep -rpm2cpio %{SOURCE0} | cpio -iu linux-%{version}.tar config-%{_cross_arch} "*.patch" +rpmkeys --import %{S:1} --dbpath "${PWD}/rpmdb" +rpmkeys --checksig %{S:0} --dbpath "${PWD}/rpmdb" +rm -rf "${PWD}/rpmdb" +rpm2cpio %{S:0} | cpio -iu linux-%{version}.tar config-%{_cross_arch} "*.patch" tar -xof linux-%{version}.tar; rm linux-%{version}.tar %setup -TDn linux-%{version} # Patches from the Source0 SRPM @@ -127,13 +132,16 @@ scripts/kconfig/merge_config.sh \ %if "%{_cross_arch}" == "x86_64" ../config-microcode \ %endif - %{SOURCE100} + %{S:100} rm -f ../config-* ../*.patch %if "%{_cross_arch}" == "x86_64" cd %{_builddir} -rpm2cpio %{SOURCE1} | cpio -idmu './usr/src/aws-neuronx-*' +rpmkeys --import %{S:3} --dbpath "${PWD}/rpmdb" +rpmkeys --checksig %{S:2} --dbpath "${PWD}/rpmdb" +rm -rf "${PWD}/rpmdb" +rpm2cpio %{S:2} | cpio -idmu './usr/src/aws-neuronx-*' find usr/src/ -mindepth 1 -maxdepth 1 -type d -exec mv {} neuron \; rm -r usr %endif diff --git a/packages/kernel-6.1/gpgkey-00FA2C1079260870A76D2C285749CAD8646D9185.asc b/packages/kernel-6.1/gpgkey-00FA2C1079260870A76D2C285749CAD8646D9185.asc new file mode 100644 index 00000000..92ecf439 --- /dev/null +++ b/packages/kernel-6.1/gpgkey-00FA2C1079260870A76D2C285749CAD8646D9185.asc @@ -0,0 +1,20 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v2.0.22 (GNU/Linux) + +mQENBF3JmncBCACyaaWVnTGnSbyHzQ4zNLgHe397CGDw0zJoimvedMkLpbTpqgnI +UCk09LoNb/F24X2GFDAcy2qFBFia1jY8cOwcOoVWshfSgLZ5b5fcLuE4cB/h63bI +3PRGsr5uVY98auLE4J6eXEWpuCPRN8CBr/pOEtvDX5fEkRIJstOWvC6vpAsVTK+g +jtB+05iiNjhQSYNCdlU89gBHNpNDx/DtYMW7rwPZtEkUQ5n2RTz5vNIiuYPMGiwp +cw7TR7N6kk4fVlyDiZf8BU4akVceAK+9EMh9UjjsmaKbcM/iUW+olavq1xbljMr6 +Hg/eVM0Hu78D62MV5JGoUOc8w78INRAwXt21ABEBAAG0MUFtYXpvbiBBV1MgTmV1 +cm9uIDxuZXVyb24tbWFpbnRhaW5lcnNAYW1hem9uLmNvbT6JATgEEwEIACICGwMG +CwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJjc99RAAoJEFdJythkbZGFOYEIAIht +ydP6jaMc3oMFmzZYgkDXSFoC2TPij7wdpPJCgq6phMl8vOofT33jZ3RiTQX+2Qug +EvZUL/oVeSajsH7tki7uDyup+g2K8QnB+eYis37CBZmRFT/7Q6J09pJESDfdDXH9 +PnGlfHnKQ50AmO9chihGQxIxmkWzmpdrQdZUBMqlPsV40WktXToaZ8KIq6cLNHMs +uuZtPLDXcct8ylS25sRok2BZGQuwTr+Qh9ygJy3aEuhd3uVspNNeN/ia/hLAvn4L +n1rfiuYr9fmbOkEXsGOwfA+c5vH+74P/V3zlyJ1y+4ZYlCvdOgwsTj69OHS04NBD +8+oQTxomyao+dnYcoz0= +=iLMh +-----END PGP PUBLIC KEY BLOCK----- + diff --git a/packages/kernel-6.1/gpgkey-B21C50FA44A99720EAA72F7FE951904AD832C631.asc b/packages/kernel-6.1/gpgkey-B21C50FA44A99720EAA72F7FE951904AD832C631.asc new file mode 100644 index 00000000..da88e201 --- /dev/null +++ b/packages/kernel-6.1/gpgkey-B21C50FA44A99720EAA72F7FE951904AD832C631.asc @@ -0,0 +1,32 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: B21C 50FA 44A9 9720 EAA7 2F7F E951 904A D832 C631 +Comment: Amazon Linux + +xsFNBGOSDXkBEADR0NT7Y5EHACoAUEEdT3J742u8zXftpjh3hwBMYCC9d5VtTDJ2 +MLjBQXljlm9byrd0aLEaa90zurhvnwuFJQlSdVHXsZEgyJIaONTw64lVUnwQmgV0 +iTasVSxK0inLODIxLa92kSebaGj6GOyGDMgRtu30dpTgrFosOILXu9trL1FN6czS +udq8fbsol6kx3Q7BknYs0F07af+1f7LVKGMA2o4TuTjs8i4HPChJ7Rvjffzb2NtP +3lfqh4HwzNgc2nRG7ftq1A9MbfpyouiXlTjeri66TpkRp7MvinnBzPznE6LxK/Vq +pK5IDEje1LRSA2Sz7Yxw5731/7cM2aVtnM99i98m2E93aaq9RqiHa2RrMamt/Qz0 +sMSMBXuztGJ8cpmUbMlq4sIfIMnU+bgNqBmEViJlFpAd34Ypn3DIxdFOAL2Hr1lA +c3DO/9OsrxZq346flmjoQw9R/Yigy2r9qwWNFNoMIL09VQm9jAk848c7EB6nyrFE +RBzIVtf8i3buOnLNA2Nj3yRB4JmIiGGr9lKppoSwfXd0SUFXQFDgRCU6c8y5M68A +MzvfeslMZyUjYYMHRk16cifwfDOXCRJf+igPedJLGPKsu2UYIYrVvAIxK1H6Db7m +2AiwX08Rhpd6pHzILr3INkogxY1v8IBIt2q1SDMOp5e4VS1IDcYC4+II6QARAQAB +zSZBbWF6b24gTGludXggPGFtYXpvbi1saW51eEBhbWF6b24uY29tPsLBvgQTAQoA +cgWCZRXIXgkQ6VGQStgyxjFHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9p +YS1wZ3Aub3JnVoQZ9CB5X7OFiIXWG972pn+O3yZ+RuNcZXkkP8SxIkcCmwMWIQSy +HFD6RKmXIOqnL3/pUZBK2DLGMQAA7FkQAJdU1Ktc6iMkhrvXMNRUVnudss49GYiW +IVRXhl7ZiZaha2s3JTdxK0VxIgrc+3tvny7WGDDKf5O85Io5GnL4fewL4ZCfqB/0 +sjG5OhgCD0WWtLeFrxc/Lay3+7xvKQxL9IgT7UpfnRm/iHlCWY7UEZelvQaE9uNN +XbYjbah1EzJExP1okVauOW0P3/BP8kRX976w11JOlvU+Z3CndumDRR7IegZexQrm +CNlV47uh5QFCbFt8m7+cS5PRTD3pB8vJyu8MZ3cbhxNZTwo2F7u0Y9SJRh+sjAuo +NSls/YdbWvuWJwpNbJU2KN0oo9B1uuRDjz/qh0HWnhYifWoisjg6VZTdQom1dcee +hjLmfH09pLNKR2uddjyJNjMuuAoOLMKbBoPwP459w/CcmakkP0v0mShi9MeoQOOb +EE6H2BnMw9RbveXFJ2uHCSK3BpJaGeWbMGAbPsSIRXDs0DY8g+gnGr5+CKOuubkb +Mwp7HYLHNR2m0Gvi2lqY3VMh/j+y4frKb2fwqPupkmYG0TEoCR1NuJhyG9GS046v +pBuIXMGNfIqwNl3IehGWMtZScfJncAyDcmqvlbUggG9lKYAT+8Dp3U8+a4BI0Kay +IfoH1wfyx0hjYeWqBjjY4W2Y1mgJ6QqATUp6yglC6/RTJZ0+0GlCS/EUxGFTRik6 +jE0MDu0zcISc +=4Nri +-----END PGP PUBLIC KEY BLOCK----- diff --git a/packages/kernel-6.1/kernel-6.1.spec b/packages/kernel-6.1/kernel-6.1.spec index 7e083776..f10b7786 100644 --- a/packages/kernel-6.1/kernel-6.1.spec +++ b/packages/kernel-6.1/kernel-6.1.spec @@ -8,8 +8,10 @@ License: GPL-2.0 WITH Linux-syscall-note URL: https://www.kernel.org/ # Use latest-kernel-srpm-url.sh to get this. Source0: https://cdn.amazonlinux.com/al2023/blobstore/c5625ba4f37a38809773fa50b769735602f1e4e50d60cb7127ed6231d0695e95/kernel-6.1.119-129.201.amzn2023.src.rpm +Source1: gpgkey-B21C50FA44A99720EAA72F7FE951904AD832C631.asc # Use latest-neuron-srpm-url.sh to get this. -Source1: https://yum.repos.neuron.amazonaws.com/aws-neuronx-dkms-2.18.12.0.noarch.rpm +Source2: https://yum.repos.neuron.amazonaws.com/aws-neuronx-dkms-2.18.12.0.noarch.rpm +Source3: gpgkey-00FA2C1079260870A76D2C285749CAD8646D9185.asc Source100: config-bottlerocket @@ -167,7 +169,10 @@ Conflicts: %{_cross_os}image-feature(no-fips) %{summary}. %prep -rpm2cpio %{SOURCE0} | cpio -iu linux-%{version}.tar config-%{_cross_arch} "*.patch" +rpmkeys --import %{S:1} --dbpath "${PWD}/rpmdb" +rpmkeys --checksig %{S:0} --dbpath "${PWD}/rpmdb" +rm -rf "${PWD}/rpmdb" +rpm2cpio %{S:0} | cpio -iu linux-%{version}.tar config-%{_cross_arch} "*.patch" tar -xof linux-%{version}.tar; rm linux-%{version}.tar %setup -TDn linux-%{version} # Patches from the Source0 SRPM @@ -194,13 +199,16 @@ scripts/kconfig/merge_config.sh \ %if "%{_cross_arch}" == "x86_64" ../config-microcode \ %endif - %{SOURCE100} + %{S:100} rm -f ../config-* ../*.patch %if "%{_cross_arch}" == "x86_64" cd %{_builddir} -rpm2cpio %{SOURCE1} | cpio -idmu './usr/src/aws-neuronx-*' +rpmkeys --import %{S:3} --dbpath "${PWD}/rpmdb" +rpmkeys --checksig %{S:2} --dbpath "${PWD}/rpmdb" +rm -rf "${PWD}/rpmdb" +rpm2cpio %{S:2} | cpio -idmu './usr/src/aws-neuronx-*' find usr/src/ -mindepth 1 -maxdepth 1 -type d -exec mv {} neuron \; rm -r usr %endif diff --git a/packages/libkcapi/gpgkey-B21C50FA44A99720EAA72F7FE951904AD832C631.asc b/packages/libkcapi/gpgkey-B21C50FA44A99720EAA72F7FE951904AD832C631.asc new file mode 100644 index 00000000..da88e201 --- /dev/null +++ b/packages/libkcapi/gpgkey-B21C50FA44A99720EAA72F7FE951904AD832C631.asc @@ -0,0 +1,32 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: B21C 50FA 44A9 9720 EAA7 2F7F E951 904A D832 C631 +Comment: Amazon Linux + +xsFNBGOSDXkBEADR0NT7Y5EHACoAUEEdT3J742u8zXftpjh3hwBMYCC9d5VtTDJ2 +MLjBQXljlm9byrd0aLEaa90zurhvnwuFJQlSdVHXsZEgyJIaONTw64lVUnwQmgV0 +iTasVSxK0inLODIxLa92kSebaGj6GOyGDMgRtu30dpTgrFosOILXu9trL1FN6czS +udq8fbsol6kx3Q7BknYs0F07af+1f7LVKGMA2o4TuTjs8i4HPChJ7Rvjffzb2NtP +3lfqh4HwzNgc2nRG7ftq1A9MbfpyouiXlTjeri66TpkRp7MvinnBzPznE6LxK/Vq +pK5IDEje1LRSA2Sz7Yxw5731/7cM2aVtnM99i98m2E93aaq9RqiHa2RrMamt/Qz0 +sMSMBXuztGJ8cpmUbMlq4sIfIMnU+bgNqBmEViJlFpAd34Ypn3DIxdFOAL2Hr1lA +c3DO/9OsrxZq346flmjoQw9R/Yigy2r9qwWNFNoMIL09VQm9jAk848c7EB6nyrFE +RBzIVtf8i3buOnLNA2Nj3yRB4JmIiGGr9lKppoSwfXd0SUFXQFDgRCU6c8y5M68A +MzvfeslMZyUjYYMHRk16cifwfDOXCRJf+igPedJLGPKsu2UYIYrVvAIxK1H6Db7m +2AiwX08Rhpd6pHzILr3INkogxY1v8IBIt2q1SDMOp5e4VS1IDcYC4+II6QARAQAB +zSZBbWF6b24gTGludXggPGFtYXpvbi1saW51eEBhbWF6b24uY29tPsLBvgQTAQoA +cgWCZRXIXgkQ6VGQStgyxjFHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9p +YS1wZ3Aub3JnVoQZ9CB5X7OFiIXWG972pn+O3yZ+RuNcZXkkP8SxIkcCmwMWIQSy +HFD6RKmXIOqnL3/pUZBK2DLGMQAA7FkQAJdU1Ktc6iMkhrvXMNRUVnudss49GYiW +IVRXhl7ZiZaha2s3JTdxK0VxIgrc+3tvny7WGDDKf5O85Io5GnL4fewL4ZCfqB/0 +sjG5OhgCD0WWtLeFrxc/Lay3+7xvKQxL9IgT7UpfnRm/iHlCWY7UEZelvQaE9uNN +XbYjbah1EzJExP1okVauOW0P3/BP8kRX976w11JOlvU+Z3CndumDRR7IegZexQrm +CNlV47uh5QFCbFt8m7+cS5PRTD3pB8vJyu8MZ3cbhxNZTwo2F7u0Y9SJRh+sjAuo +NSls/YdbWvuWJwpNbJU2KN0oo9B1uuRDjz/qh0HWnhYifWoisjg6VZTdQom1dcee +hjLmfH09pLNKR2uddjyJNjMuuAoOLMKbBoPwP459w/CcmakkP0v0mShi9MeoQOOb +EE6H2BnMw9RbveXFJ2uHCSK3BpJaGeWbMGAbPsSIRXDs0DY8g+gnGr5+CKOuubkb +Mwp7HYLHNR2m0Gvi2lqY3VMh/j+y4frKb2fwqPupkmYG0TEoCR1NuJhyG9GS046v +pBuIXMGNfIqwNl3IehGWMtZScfJncAyDcmqvlbUggG9lKYAT+8Dp3U8+a4BI0Kay +IfoH1wfyx0hjYeWqBjjY4W2Y1mgJ6QqATUp6yglC6/RTJZ0+0GlCS/EUxGFTRik6 +jE0MDu0zcISc +=4Nri +-----END PGP PUBLIC KEY BLOCK----- diff --git a/packages/libkcapi/libkcapi.spec b/packages/libkcapi/libkcapi.spec index eb07d200..140a38ba 100644 --- a/packages/libkcapi/libkcapi.spec +++ b/packages/libkcapi/libkcapi.spec @@ -24,6 +24,7 @@ Summary: Library for kernel crypto API License: BSD-3-Clause OR GPL-2.0-only URL: https://www.chronox.de/libkcapi/html/index.html Source0: https://cdn.amazonlinux.com/al2023/blobstore/0eef74b3b4eb1ec321bab80f867aee89b94dc9fc95571da58ea5bba7a70e6224/libkcapi-1.4.0-105.amzn2023.0.1.src.rpm +Source1: gpgkey-B21C50FA44A99720EAA72F7FE951904AD832C631.asc %description %{summary}. @@ -36,7 +37,10 @@ Requires: %{name} %{summary}. %prep -rpm2cpio %{SOURCE0} | cpio -iu libkcapi-%{version}.tar.xz +rpmkeys --import %{S:1} --dbpath "${PWD}/rpmdb" +rpmkeys --checksig %{S:0} --dbpath "${PWD}/rpmdb" +rm -rf "${PWD}/rpmdb" +rpm2cpio %{S:0} | cpio -iu libkcapi-%{version}.tar.xz tar -xof libkcapi-%{version}.tar.xz; rm libkcapi-%{version}.tar.xz %setup -TDn libkcapi-%{version} diff --git a/packages/linux-firmware/Cargo.toml b/packages/linux-firmware/Cargo.toml index 6cfbb6b0..cc60e80a 100644 --- a/packages/linux-firmware/Cargo.toml +++ b/packages/linux-firmware/Cargo.toml @@ -14,3 +14,7 @@ path = "../packages.rs" [[package.metadata.build-package.external-files]] url = "https://www.kernel.org/pub/linux/kernel/firmware/linux-firmware-20230625.tar.xz" sha512 = "0e48aa7f63495485426d37491c7cb61843165625bd47f912c5d83628c6de871759f1a78be3af3d651f7c396bd87dff07e21ba7afc47896c1c143106d5f16d351" + +[[package.metadata.build-package.external-files]] +url = "https://www.kernel.org/pub/linux/kernel/firmware/linux-firmware-20230625.tar.sign" +sha512 = "dda47cc25d2d4eb15018493a162209f168a9dbf38536a8c554be0fad29bbad7854027e6bda1aa8bd6928bfa2805c8490d12a5ef4cf295cd708c9dccdaeb2dcc5" diff --git a/packages/linux-firmware/gpgkey-4CDE8575E547BF835FE15807A31B6BD72486CFD6.asc b/packages/linux-firmware/gpgkey-4CDE8575E547BF835FE15807A31B6BD72486CFD6.asc new file mode 100644 index 00000000..5f9ace98 --- /dev/null +++ b/packages/linux-firmware/gpgkey-4CDE8575E547BF835FE15807A31B6BD72486CFD6.asc @@ -0,0 +1,79 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE6HwcoBEADEsPaBiaRbGU2GLvWupHRLz7weXiVk21bFrh7lno2YPtvOqDR9 +TP4BIzk2+53AhWadF0dhzKI1NeG2od8fofEHMMbI467/7gzEB78Rv4+3Srwz1Zu0 +bMFJPcdtAvBaJvHB6wP6mCl0eGCFIX9dN2ktr3GW6Z+mxxCeD+7Sm43Lt7PXU6Ff +W9sMmwxgV/ytXGEsZjM0MIcxUpTKX1WAEAK6Sjlv5No7tphHGR6B4eWWRXTB+CUE +gYsVRfx0LI1cHiZCWYb5P65iy29IxSzy/8/jcTVuFKUyVMxNolfzF9HonL7iRCel +oGDRGcCSPhftuCVC6dfBT1/XDHC9LuYVVfJQ1lT/yooBDkWmFoT3HWW2OjCECCVe +wsTS0C42xGpNab6iytaG2L6AWZh27XMi4V9rGGjaskmbpa4Inu3/SIClxXqc68yz +u1MRwViH09mcQIk7PlpQEGVaNCi5/1/on78sqUFrM3RNVMP3vNWtpP3Pjhpi2uQm +nsheeOZ8A1kaQ33lg7aNnPO4FKk1Fs0C8/BCJsiaFZW7vKWkus0u3hubavUrfBaT +6nCUWijdKVzWdrlj4GAEHWnsDBYBqAXjOLwPX7LOIGFy9+gjdgCVY84YTQsKP1mF +cp7b7ZFI6MnTnZnlKdk3C4la4LFhWGRV6ULOvhDtyA9rZpYIGffMCd6f6QARAQAB +tB9Kb3NoIEJveWVyIDxqd2JveWVyQGtlcm5lbC5vcmc+iQJOBBMBCAA4FiEETN6F +deVHv4Nf4VgHoxtr1ySGz9YFAmQsF2YCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC +F4AACgkQoxtr1ySGz9amHw/+M09gNDF2H0uh/6UOhf9HD1l6DrDY9Av51Ben3VYz +e68zqGADIWhdSGQUUPKC5oG/vK7GqqBd0ZipkDroxgV8f2eWFfDg5IajRFr45nLs +5rGMWB3Xp3tvVPfogfnuFu5RJcQuODu4wIk0x9nX/z9YRsQbofrsS3WHJGgZTl1L +tIN6/FuCMarnEF+cSCLxYAUF/rEUkJpVw8x9khBFf1jdHJDCga2Q29FuAXWrNaDd +inc6jyN4Xuh/+KOtcr0ggvHplzi8y+neGY4OKk3GszIojbYI1z/xniKl3N8Sb5zC +u7ZEGE2F6WsijhdrtSl7iJPAUCY/FMk8z4SJVKKelxpIB/ggUl6O90YWDgmPepkk +YJMGxXAx/qgnPeBPKhuZotyUM/HmbA8+GSMuX9cMpUEYGDEy5EHwdER1kFldGD2m +h8VSy/oasjSuO1UPkS+dZAHIvVVRHI7Fu2JMbYmuUn3xdkHh4hGgkOPzYvVBh6MB +w/DJkb3oNA1aA2nSyOrpZ2M/9i7qO7+bqqktr1+ns0f4C07dqgHAROhoOyrRDnOW +6nmAeNjxUMjFyVBfx8pbEdCbo64vPwQihJydV2P9fi8P1o4PpTh1aINPsterhGyh +QAcFjKBwAO3YzCfwhPOzHi0fOE377oo4B6RQDmtUgeBWSPWnSoAlIjsYDumNoHd5 +PpK0Jkpvc2ggQm95ZXIgPGp3Ym95ZXJAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB +AgAiBQJOjbQ3AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCjG2vXJIbP +1iEFEAC9HKFw9obHCATY4yIfHV8+/W17qBkhyL/6jo1JWKacd4BxDRir3nP8OyCt +jbJ9f9XyRwg58ZDbjbeUPwCIU8a6OyMm61hi4HcrVaQTkflT1ZNN5uZXdxCsGPLr +SwvHdPbhBwtXNUk/7H087NU1zZf4Sv3rVxEhUpqVAuKPC+mQW7IC4wQPxo24XBRl +BfknJxuiOpuiCwD5N1Vcoqg/d4CVLiM3bnGQUyjDBJML6mTyJ7iMR96nBU8bdAxL +2AkcTS0CIQq6j+7EvlcLhWV4AsCGmVj6Wfs1lXP/vi4ZkQJkVdoBuViI8MVthh3o +2xS4QFiK4Opi48Lg7Ix75PHN0jr7laZojgrEgFv/U8aixc+piOVXmH30TTlFsZSl +44Kp/s7K9Ukgti5svmm9z1teDUZAIlZsVaATPHb2Ewgog/4SHLr7U/AGupKCEf/o +MM10IrS+6ID6o/A51h90DT7vR6wlszQ8Ip2djM1oVuA38nnXnQR8GPVIf15ZOPSR +KbR+VBiPZKR6Qjdtv7dvRdoH5vpvIvD7GoSkAdqY1WPlgDUKiCEIO2+iWOn9fG+O +00UxhVvmKHw+TFPimS7y5C8NL+TQYZp7rA0o1zOckyKajTCyzZXmoHGrCqmwCXEk +ncS8BNtDjjJo5bNpn1Xi6z4edunSaLsY0tnEVB74sChN3ZhbObQeSm9zaCBCb3ll +ciA8amJveWVyQHJlZGhhdC5jb20+iQI4BBMBAgAiBQJOibPYAhsDBgsJCAcDAgYV +CAIJCgsEFgIDAQIeAQIXgAAKCRCjG2vXJIbP1n14D/9iy/cBm55cRa8CM0gxhXQx +uKJpb1+yO0YywC3mg1m3E4FsxephMjqcKACSXp1PLlFbOgQg3K2NrQFvirPS8YPW +8YPfW1PhvnBA0Iik5vZjXyhdXzEuLsZraLoMu3u5BJJ3M/Vg4EmLYJiM0pndewat +nfBrmb/AZlllyjhhLIUparuOqYSutvGclzWOn+4pkN4nhkK/YjuCwsic+t8Lv2pl +BfxTTlxrWPnfkKdpSv4orVAEuiZwFkaoFrfHqPOP1qyjBWXrHfQPoqDoTVxzIn+F +TgnLuAQqU9LDMsLRHxz+dMfZubZUDul9tQndgM/nC4B3CGAil6BE4/Ad9fNao8eK +aWuLwnOBR2PHbThHvOLjfRfNcfH/BZaOhlBzk7M7vxrIIHv/2B1M5hkpepaeQNaD +O1gsgMzuFIYcvilWESW8V23W/cA95PsdneucAAwHeiJX7JxjR8wBTyKO7vIBBozw +WqS7eevkxyVd1qcyD/0w9JFl+zYlRLyo0LA4aK+eN5LjGhgC3+WyeHaZmF+ikq0y +I/FjiSIH71sm9RCwvnKST5HTkGjFypE5vQ7Un8Ned787/h1Y3dZvc/tpLztcv4Vp +tJq+uy3Oveqbup+Y38nbkxUPNmMZPXgPqRVmJ8Dl79h6KUcee7GAYI6GTLfE1YvT +CL9aihtrVOulNCNIPeJsOLQfSm9zaCBCb3llciA8andib3llckByZWRoYXQuY29t +PokCOAQTAQIAIgUCTomzwgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ +oxtr1ySGz9b87g/9E9lm2S8GiSQcqMmrreB405EyvbY2voozTA1UwBhgOzMsLOSb +ChzUg0ZhaFymacnEJY5I9TI9gt6SCPlMDR5iuZu4i9qO0dYEzUz7vJaVmJgZNZwW +j8uyWFzPQ+oAW34a+3LgnyuM1n1+wL8OkuzVjkAp/Ej+MiqdfLIdmejR5g/a0nAe +NQlCnrxQyG/zJ9h9taYHLzj4msxrYd5M4+2JbsBLLNx02/HM/qs4uR53hg4cELdL +8hh9CxGVZKA/IU4IZt7DbOhloNuRVXjJcd+367tp17gPUssbgVU71O6q4cb1RuQZ +UuFvKDK0yWugDikkRL7WplVTM2JT316V6DRce1m2RGBojklleK20Rwn4zJFxITBj +gP489vHFrMHQT/4+pKd2EokxNl2C3IIpDeWvRL4hDWzN06kWLun7whZLfUaqOkIV +t2uAFgGnOU81wTk+/INaI5NaTFEX3ZSTfKge+KQBO4tUx+vLH90PaZbPz3CHUlF3 +3gLlgcs9y+4E3CtUYq7VZzkkExsfP4YrilpH0Bfr8v5EtjG/W0E4Yp1kYWnQbYEQ +8JhxBF5lKyfNrH9joP6lBTCfyk6iV3w9BOs2R52+utXDAcnkQf1agHkNLDYhvh6b +6/GidXc29O/SfErNuso/D2Gbds0aTqsKovN+r4yQ9pT0mCKHqYo8P+4Pnqy0Hkpv +c2ggQm95ZXIgPGp3Ym95ZXJAZ21haWwuY29tPokCOAQTAQIAIgIbAwYLCQgHAwIG +FQgCCQoLBBYCAwECHgECF4AFAk6Ia58ACgkQoxtr1ySGz9ZXfw/8D9PqabtHKoHU +mNUY0SDRpRGdr/GryUu/y1JyCH7fEHRtUr/czK7vhRlC0C5FkjPGs1Uk5Clh8eEa +xqXapT5HXFyJCRaSZnXnxcES1gbwA83RagL1bhJg1tzkyfLuPFsaLz/xIlzzYyNR +iVyFowHGmH+gao3KpmjIVTESz/Cow989ABg9mgDyCsSP/1E8czr2AQ4sFHCp9gUj +aorON8gldwKzdueTe9Sm+mVbaMbnVbu7Wab6UH8lLWx7kFy+JSM/XXcyDtVu2nDd +f+2YJum7Uu6rRymzfdLFR0jQ2YTLypKy8ticUuhG4qKplea6Jep20WRftkEFwKF8 +IFjiLRjTRbO0rAmp+svGC29AOJKp6kbpEpcnfnQuMjQohhhiyYjbmRU7v0VH6Fwz +FRbY1LPJfjCVJzNNADMKz4gXfugOyKBoATY+3aFCC3aWynEubnM4+n2ferlAb8di +sBT/XYolypJcybODb/NgoHO2xtSFsrRqEPwIBlHieEgms0RJJoUYJ87V3jP5xcPV +ZqbBAseiToj/8nE31oDqQdA8iTpL47Oehe3ytoibkXbsFKLNVP7JUv0xFLkbcr0S +01M7pMptLUyxtf2Uhw5nTZ3YRJNmGmG0gsgACaT68yFVOJVhq4BBaxmGYKOKCUPX +Xm/7ct1BV6w7XEIFCedi2sSDTDckboU= +=YqbJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/packages/linux-firmware/linux-firmware.spec b/packages/linux-firmware/linux-firmware.spec index a70d43ab..47b631df 100644 --- a/packages/linux-firmware/linux-firmware.spec +++ b/packages/linux-firmware/linux-firmware.spec @@ -24,6 +24,8 @@ License: GPL-1.0-or-later AND GPL-2.0-or-later AND BSD-Source-Code AND LicenseRe URL: https://www.kernel.org/ Source0: https://www.kernel.org/pub/linux/kernel/firmware/linux-firmware-%{version}.tar.xz +Source1: https://www.kernel.org/pub/linux/kernel/firmware/linux-firmware-%{version}.tar.sign +Source2: gpgkey-4CDE8575E547BF835FE15807A31B6BD72486CFD6.asc Patch0001: 0001-linux-firmware-snd-remove-firmware-for-snd-audio-dev.patch Patch0002: 0002-linux-firmware-video-Remove-firmware-for-video-broad.patch @@ -40,6 +42,7 @@ Patch0010: 0010-linux-firmware-amd-ucode-Remove-amd-microcode.patch %{summary}. %prep +%{gpgverify} --data=<(xzcat %{S:0}) --signature=%{S:1} --keyring=%{S:2} %autosetup -n linux-firmware-%{version} -p1 %build diff --git a/packages/microcode/Cargo.toml b/packages/microcode/Cargo.toml index 7edbdc9b..95e393f5 100644 --- a/packages/microcode/Cargo.toml +++ b/packages/microcode/Cargo.toml @@ -14,6 +14,10 @@ path = "../packages.rs" url = "https://www.kernel.org/pub/linux/kernel/firmware/linux-firmware-20240909.tar.xz" sha512 = "d1918364f9925291da722075cf2d038082a6b6b5c6d7e5ab8b0888c5e87563718934f493fe172db21608d6eace92ade5c519b5f50b1fc7f25a328e45be059142" +[[package.metadata.build-package.external-files]] +url = "https://www.kernel.org/pub/linux/kernel/firmware/linux-firmware-20240909.tar.sign" +sha512 = "89f608c5e2afc645772f4b71289973344ce1d8d2ec5e9dde41ea31dcdada46b7cb875f9e6abaf05670d1428d191e65e96c3ee4bcf0e5bc9efbd4a716cec476cf" + [[package.metadata.build-package.external-files]] url = "https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/refs/tags/microcode-20240813.tar.gz" sha512 = "ba1fa7d9bed7d90756ea959f5878afca0deacc9b1e932a936a15d74a411b7efb6103a4af75dc3731d9cbb2e464439ce9a7d448f75bc6f38b616907ff6dec6ee3" diff --git a/packages/microcode/gpgkey-4CDE8575E547BF835FE15807A31B6BD72486CFD6.asc b/packages/microcode/gpgkey-4CDE8575E547BF835FE15807A31B6BD72486CFD6.asc new file mode 100644 index 00000000..5f9ace98 --- /dev/null +++ b/packages/microcode/gpgkey-4CDE8575E547BF835FE15807A31B6BD72486CFD6.asc @@ -0,0 +1,79 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBE6HwcoBEADEsPaBiaRbGU2GLvWupHRLz7weXiVk21bFrh7lno2YPtvOqDR9 +TP4BIzk2+53AhWadF0dhzKI1NeG2od8fofEHMMbI467/7gzEB78Rv4+3Srwz1Zu0 +bMFJPcdtAvBaJvHB6wP6mCl0eGCFIX9dN2ktr3GW6Z+mxxCeD+7Sm43Lt7PXU6Ff +W9sMmwxgV/ytXGEsZjM0MIcxUpTKX1WAEAK6Sjlv5No7tphHGR6B4eWWRXTB+CUE +gYsVRfx0LI1cHiZCWYb5P65iy29IxSzy/8/jcTVuFKUyVMxNolfzF9HonL7iRCel +oGDRGcCSPhftuCVC6dfBT1/XDHC9LuYVVfJQ1lT/yooBDkWmFoT3HWW2OjCECCVe +wsTS0C42xGpNab6iytaG2L6AWZh27XMi4V9rGGjaskmbpa4Inu3/SIClxXqc68yz +u1MRwViH09mcQIk7PlpQEGVaNCi5/1/on78sqUFrM3RNVMP3vNWtpP3Pjhpi2uQm +nsheeOZ8A1kaQ33lg7aNnPO4FKk1Fs0C8/BCJsiaFZW7vKWkus0u3hubavUrfBaT +6nCUWijdKVzWdrlj4GAEHWnsDBYBqAXjOLwPX7LOIGFy9+gjdgCVY84YTQsKP1mF +cp7b7ZFI6MnTnZnlKdk3C4la4LFhWGRV6ULOvhDtyA9rZpYIGffMCd6f6QARAQAB +tB9Kb3NoIEJveWVyIDxqd2JveWVyQGtlcm5lbC5vcmc+iQJOBBMBCAA4FiEETN6F +deVHv4Nf4VgHoxtr1ySGz9YFAmQsF2YCGwMFCwkIBwIGFQoJCAsCBBYCAwECHgEC +F4AACgkQoxtr1ySGz9amHw/+M09gNDF2H0uh/6UOhf9HD1l6DrDY9Av51Ben3VYz +e68zqGADIWhdSGQUUPKC5oG/vK7GqqBd0ZipkDroxgV8f2eWFfDg5IajRFr45nLs +5rGMWB3Xp3tvVPfogfnuFu5RJcQuODu4wIk0x9nX/z9YRsQbofrsS3WHJGgZTl1L +tIN6/FuCMarnEF+cSCLxYAUF/rEUkJpVw8x9khBFf1jdHJDCga2Q29FuAXWrNaDd +inc6jyN4Xuh/+KOtcr0ggvHplzi8y+neGY4OKk3GszIojbYI1z/xniKl3N8Sb5zC +u7ZEGE2F6WsijhdrtSl7iJPAUCY/FMk8z4SJVKKelxpIB/ggUl6O90YWDgmPepkk +YJMGxXAx/qgnPeBPKhuZotyUM/HmbA8+GSMuX9cMpUEYGDEy5EHwdER1kFldGD2m +h8VSy/oasjSuO1UPkS+dZAHIvVVRHI7Fu2JMbYmuUn3xdkHh4hGgkOPzYvVBh6MB +w/DJkb3oNA1aA2nSyOrpZ2M/9i7qO7+bqqktr1+ns0f4C07dqgHAROhoOyrRDnOW +6nmAeNjxUMjFyVBfx8pbEdCbo64vPwQihJydV2P9fi8P1o4PpTh1aINPsterhGyh +QAcFjKBwAO3YzCfwhPOzHi0fOE377oo4B6RQDmtUgeBWSPWnSoAlIjsYDumNoHd5 +PpK0Jkpvc2ggQm95ZXIgPGp3Ym95ZXJAZmVkb3JhcHJvamVjdC5vcmc+iQI4BBMB +AgAiBQJOjbQ3AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCjG2vXJIbP +1iEFEAC9HKFw9obHCATY4yIfHV8+/W17qBkhyL/6jo1JWKacd4BxDRir3nP8OyCt +jbJ9f9XyRwg58ZDbjbeUPwCIU8a6OyMm61hi4HcrVaQTkflT1ZNN5uZXdxCsGPLr +SwvHdPbhBwtXNUk/7H087NU1zZf4Sv3rVxEhUpqVAuKPC+mQW7IC4wQPxo24XBRl +BfknJxuiOpuiCwD5N1Vcoqg/d4CVLiM3bnGQUyjDBJML6mTyJ7iMR96nBU8bdAxL +2AkcTS0CIQq6j+7EvlcLhWV4AsCGmVj6Wfs1lXP/vi4ZkQJkVdoBuViI8MVthh3o +2xS4QFiK4Opi48Lg7Ix75PHN0jr7laZojgrEgFv/U8aixc+piOVXmH30TTlFsZSl +44Kp/s7K9Ukgti5svmm9z1teDUZAIlZsVaATPHb2Ewgog/4SHLr7U/AGupKCEf/o +MM10IrS+6ID6o/A51h90DT7vR6wlszQ8Ip2djM1oVuA38nnXnQR8GPVIf15ZOPSR +KbR+VBiPZKR6Qjdtv7dvRdoH5vpvIvD7GoSkAdqY1WPlgDUKiCEIO2+iWOn9fG+O +00UxhVvmKHw+TFPimS7y5C8NL+TQYZp7rA0o1zOckyKajTCyzZXmoHGrCqmwCXEk +ncS8BNtDjjJo5bNpn1Xi6z4edunSaLsY0tnEVB74sChN3ZhbObQeSm9zaCBCb3ll +ciA8amJveWVyQHJlZGhhdC5jb20+iQI4BBMBAgAiBQJOibPYAhsDBgsJCAcDAgYV +CAIJCgsEFgIDAQIeAQIXgAAKCRCjG2vXJIbP1n14D/9iy/cBm55cRa8CM0gxhXQx +uKJpb1+yO0YywC3mg1m3E4FsxephMjqcKACSXp1PLlFbOgQg3K2NrQFvirPS8YPW +8YPfW1PhvnBA0Iik5vZjXyhdXzEuLsZraLoMu3u5BJJ3M/Vg4EmLYJiM0pndewat +nfBrmb/AZlllyjhhLIUparuOqYSutvGclzWOn+4pkN4nhkK/YjuCwsic+t8Lv2pl +BfxTTlxrWPnfkKdpSv4orVAEuiZwFkaoFrfHqPOP1qyjBWXrHfQPoqDoTVxzIn+F +TgnLuAQqU9LDMsLRHxz+dMfZubZUDul9tQndgM/nC4B3CGAil6BE4/Ad9fNao8eK +aWuLwnOBR2PHbThHvOLjfRfNcfH/BZaOhlBzk7M7vxrIIHv/2B1M5hkpepaeQNaD +O1gsgMzuFIYcvilWESW8V23W/cA95PsdneucAAwHeiJX7JxjR8wBTyKO7vIBBozw +WqS7eevkxyVd1qcyD/0w9JFl+zYlRLyo0LA4aK+eN5LjGhgC3+WyeHaZmF+ikq0y +I/FjiSIH71sm9RCwvnKST5HTkGjFypE5vQ7Un8Ned787/h1Y3dZvc/tpLztcv4Vp +tJq+uy3Oveqbup+Y38nbkxUPNmMZPXgPqRVmJ8Dl79h6KUcee7GAYI6GTLfE1YvT +CL9aihtrVOulNCNIPeJsOLQfSm9zaCBCb3llciA8andib3llckByZWRoYXQuY29t +PokCOAQTAQIAIgUCTomzwgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQ +oxtr1ySGz9b87g/9E9lm2S8GiSQcqMmrreB405EyvbY2voozTA1UwBhgOzMsLOSb +ChzUg0ZhaFymacnEJY5I9TI9gt6SCPlMDR5iuZu4i9qO0dYEzUz7vJaVmJgZNZwW +j8uyWFzPQ+oAW34a+3LgnyuM1n1+wL8OkuzVjkAp/Ej+MiqdfLIdmejR5g/a0nAe +NQlCnrxQyG/zJ9h9taYHLzj4msxrYd5M4+2JbsBLLNx02/HM/qs4uR53hg4cELdL +8hh9CxGVZKA/IU4IZt7DbOhloNuRVXjJcd+367tp17gPUssbgVU71O6q4cb1RuQZ +UuFvKDK0yWugDikkRL7WplVTM2JT316V6DRce1m2RGBojklleK20Rwn4zJFxITBj +gP489vHFrMHQT/4+pKd2EokxNl2C3IIpDeWvRL4hDWzN06kWLun7whZLfUaqOkIV +t2uAFgGnOU81wTk+/INaI5NaTFEX3ZSTfKge+KQBO4tUx+vLH90PaZbPz3CHUlF3 +3gLlgcs9y+4E3CtUYq7VZzkkExsfP4YrilpH0Bfr8v5EtjG/W0E4Yp1kYWnQbYEQ +8JhxBF5lKyfNrH9joP6lBTCfyk6iV3w9BOs2R52+utXDAcnkQf1agHkNLDYhvh6b +6/GidXc29O/SfErNuso/D2Gbds0aTqsKovN+r4yQ9pT0mCKHqYo8P+4Pnqy0Hkpv +c2ggQm95ZXIgPGp3Ym95ZXJAZ21haWwuY29tPokCOAQTAQIAIgIbAwYLCQgHAwIG +FQgCCQoLBBYCAwECHgECF4AFAk6Ia58ACgkQoxtr1ySGz9ZXfw/8D9PqabtHKoHU +mNUY0SDRpRGdr/GryUu/y1JyCH7fEHRtUr/czK7vhRlC0C5FkjPGs1Uk5Clh8eEa +xqXapT5HXFyJCRaSZnXnxcES1gbwA83RagL1bhJg1tzkyfLuPFsaLz/xIlzzYyNR +iVyFowHGmH+gao3KpmjIVTESz/Cow989ABg9mgDyCsSP/1E8czr2AQ4sFHCp9gUj +aorON8gldwKzdueTe9Sm+mVbaMbnVbu7Wab6UH8lLWx7kFy+JSM/XXcyDtVu2nDd +f+2YJum7Uu6rRymzfdLFR0jQ2YTLypKy8ticUuhG4qKplea6Jep20WRftkEFwKF8 +IFjiLRjTRbO0rAmp+svGC29AOJKp6kbpEpcnfnQuMjQohhhiyYjbmRU7v0VH6Fwz +FRbY1LPJfjCVJzNNADMKz4gXfugOyKBoATY+3aFCC3aWynEubnM4+n2ferlAb8di +sBT/XYolypJcybODb/NgoHO2xtSFsrRqEPwIBlHieEgms0RJJoUYJ87V3jP5xcPV +ZqbBAseiToj/8nE31oDqQdA8iTpL47Oehe3ytoibkXbsFKLNVP7JUv0xFLkbcr0S +01M7pMptLUyxtf2Uhw5nTZ3YRJNmGmG0gsgACaT68yFVOJVhq4BBaxmGYKOKCUPX +Xm/7ct1BV6w7XEIFCedi2sSDTDckboU= +=YqbJ +-----END PGP PUBLIC KEY BLOCK----- diff --git a/packages/microcode/microcode.spec b/packages/microcode/microcode.spec index 5a8ad03a..bd2b5e91 100644 --- a/packages/microcode/microcode.spec +++ b/packages/microcode/microcode.spec @@ -20,7 +20,9 @@ License: LicenseRef-scancode-amd-linux-firmware-export AND LicenseRef-scancode-i URL: https://github.com/bottlerocket-os/bottlerocket/tree/develop/packages/microcode Source0: https://www.kernel.org/pub/linux/kernel/firmware/linux-firmware-%{amd_ucode_version}.tar.xz -Source1: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/refs/tags/microcode-%{intel_ucode_version}.tar.gz +Source1: https://www.kernel.org/pub/linux/kernel/firmware/linux-firmware-%{amd_ucode_version}.tar.sign +Source2: gpgkey-4CDE8575E547BF835FE15807A31B6BD72486CFD6.asc +Source3: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/refs/tags/microcode-%{intel_ucode_version}.tar.gz # Lets us install "microcode" to pull in the AMD and Intel updates. Requires: %{_cross_os}microcode-amd @@ -75,9 +77,10 @@ Requires: %{_cross_os}microcode-intel-license %{summary}. %prep +%{gpgverify} --data=<(xzcat %{S:0}) --signature=%{S:1} --keyring=%{S:2} mkdir amd intel -tar -C amd --strip-components=1 -xof %{SOURCE0} -tar -C intel --strip-components=1 -xof %{SOURCE1} +tar -C amd --strip-components=1 -xof %{S:0} +tar -C intel --strip-components=1 -xof %{S:3} # CVE-2023-20569 - "AMD Inception" # This is adding new microcode for Zen3/Zen4 AMD cpus. The patch was taken # directly from the linux-firmware repository, but has not been part of a diff --git a/packages/shim/Cargo.toml b/packages/shim/Cargo.toml index c402f5bf..11c0f2f0 100644 --- a/packages/shim/Cargo.toml +++ b/packages/shim/Cargo.toml @@ -11,3 +11,7 @@ path = "../packages.rs" [[package.metadata.build-package.external-files]] url = "https://github.com/rhboot/shim/releases/download/15.8/shim-15.8.tar.bz2" sha512 = "30b3390ae935121ea6fe728d8f59d37ded7b918ad81bea06e213464298b4bdabbca881b30817965bd397facc596db1ad0b8462a84c87896ce6c1204b19371cd1" + +[[package.metadata.build-package.external-files]] +url = "https://github.com/rhboot/shim/releases/download/15.8/shim-15.8.tar.bz2.asc" +sha512 = "13479009185b1631874c0be8cd41a50ed80e17f8cf5541290bd2f00110533bdcf2eb57e20eb96e7055556a54121065faae01c9f31218ad55012e9ffc86f57676" diff --git a/packages/shim/gpgkey-8107B101A432AAC9FE8E547CA348D61BC2713E9F.asc b/packages/shim/gpgkey-8107B101A432AAC9FE8E547CA348D61BC2713E9F.asc new file mode 100644 index 00000000..780f1cfd --- /dev/null +++ b/packages/shim/gpgkey-8107B101A432AAC9FE8E547CA348D61BC2713E9F.asc @@ -0,0 +1,119 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBFCBftMBEACw6IS5AQzbED4FRDtBiEIoIJ4HIsz1TOsgLYp2w3lzcLEGCuf4 +4ZUMD3EF0PQELK4WdG4AgDES7yOGyiTwzEQQUG1h8nZ4IeEeOKEM+fdFjJ703mR+ +6RY3948qcUMKw/YHPcuajQKtNB+yl2EEDRJ/Co2aXn7fADoBjlO5H3GgfXNotJm8 +6pzEtvXSJB23hKVwbr4oerM712+fGIivjX5mwLgGBihLgsoxH7h531wcviEK5aTz +wb1vxxeJzcnoeR63LvAuBayFiEAeAWIjIMFzSPIcs1EIKt3rFQKCK55ydcwRdeqO +o+8F++3v3yH3BIigZgHSFyKqkdgv5fDssDCfnftD8s5NoedhDRkx4HMiYG00YiY8 +owtWob/8h8WWRCCmUGPz3JyDNOfpXDeq4R1inzNYfgYJD2uobfkUOQAimXb8fZto +XGibln3dNTO4LUg3+rL6hXrTw69R9vnsEJKHWEygmM8JZ0A00nnPGyGzsPQUinMg +bjsp1SfBlAmFYrRaDjLR1acqePMg+P5j2glcZytBNDq5PgGR0zVFIksOrGbqg3GH +HN+NP6d1dvu4qlRAXdWmglC5iIpdM65dl+zTu7yoKaYOWNWYW3whO8Evvy6hOeTk +a/rnZsMG8Zh2xBC52nyZGHiJfK+msh94xTI1m7i6JvIEyMhDVoKsvRCZnQARAQAB +tB9QZXRlciBKb25lcyA8cGpvbmVzQHJlZGhhdC5jb20+iQJYBBMBCgBCAhsDBgsJ +CAcDAgYVCAIJCgsEFgIDAQIeAQIXgAIZARYhBLALSLxzGqiED+2fsO7SZrcPT+8Q +BQJl1MhqBQkoH0yXAAoJEO7SZrcPT+8QR9oP/ibCr3H+aLmKswo2q49STzUbXzNp +3mYCvqXnzHpYV1iE+UjRZ19KvuGpv7w9ZpGlYbyIhp2R3VW05BkPXD3nmDZtxwiV +5xRa3VhjtR66C+aZ8WLnNNIIyW22/DuQKu3D6X5QzlIu7n2TGJw0lqZpAdMWEwmD +ggHeO8vaErhdwxWxAzWlSo3snmO208LhkavwR2SuqobiQ/CYCU7Hc3l/pZR8iiDv +MN8dPdIlsOFu1rAYWo94sTnhT14+NoghH6m8fGhq3MSDzYb0eyltKLR729kQghkq +iuu+LizWANWQfSQqoUM3hC5PkiYVovMAv+L62CjruuAPPFOOljlkWYp762q0R2iQ +Cln4sjzclE5uDo+uUsCkg7dxGU6V3LG2ANgKVHYJ8YS1XxNz7D3XIcjmYTrosO4y +wywXYnyegyV+waTME6wtK3gHwCtR/eQxTLj1bq+yDzcIAwKkc9yAhBpG5ofwaEDG +J73UAN5YFjcT2ltC7KLElxXkTlutn7jr9lXcXuAwk1ABBqYhX5698wrrt/h0rDIa +v58WaAltzt3b18kcRzca5Qz5//j1/lBkl7gd+6+APrgMHGmAHNWULLRdTswjP52b ++wAX8pnyTU2h/o6Ct4mMt53lIFVcy1/GpYomoN9E/Zx/VxLuhuBYWN6p1wxgowIh +pLAK3A36gd9HS1GUtB9QZXRlciBKb25lcyA8cG1qb25lc0BnbWFpbC5jb20+iQJV +BBMBCgA/AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgBYhBLALSLxzGqiED+2f +sO7SZrcPT+8QBQJl1MhrBQkoH0yXAAoJEO7SZrcPT+8QE8sQAK19uuJl76YYTRAo +sbzz4J05gKRhhcb6EUCZVNpWaPFTyGzlaBtM3reBqxQERAJWrOeaOX1T/hVg/kng ++VGArBq3rGoLpLhYAfyt1rQnFtFRv2UNVrC2uiLfLSF4JMsLqdDbzOBBwDOg6t2Q +S+yELNKI4kck6qdAITKXSQaZ8dw5+Ekfm3ZDAiYzmsVDofqz3DSXKFQX9QyeKJJJ +a0ypZs/BHobq5DmWvHvQWVydspeyvWcvps80zGJpzE59W8XJFKEUOl0RVydw5L7F +rClOMvO61l4gtF6ks1YaYfOGLmYMvHvkEVAZoaEBMVh1Sx/Pyuddp7cO8GZ8wmq4 +dsOE1PBSmXTrenOhyxKT628cGVCtxPfQ7S3RYQWAawaRe6KtJZ/N1PMTsS7g2XMy +c++dEmxrW0Qi4VZRWVu76tV8LkSh2kxdiHULvmzTs3L5jjhPQctFKMQOWqI0riO0 +ny3ASY9A9jh52uzvg1vMMR2HdpKCV15MoTB41qMumBeSHBrM39tPmqKEcHyvyXdd +MHPQY8OGxyb58fe6e0n+XlPjw+xkuwZd0HRyYlcqpZTcCzX6MY/BPwOomiTn9lER +s2Uz5d/dSB8FN1g2k614CEzBVj01UJcYc35Fjc8ZgNG145ZMSJ0jF7I5UJXCueAC +pa6KIVKnaIEoglSsBZbvG3QslWj+tCZQZXRlciBKb25lcyA8cGpvbmVzQGZlZG9y +YXByb2plY3Qub3JnPokCVQQTAQoAPwIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgEC +F4AWIQSwC0i8cxqohA/tn7Du0ma3D0/vEAUCZdTIagUJKB9MlwAKCRDu0ma3D0/v +EAT7D/sGusch9n3IWwv/VPBkrA0Cq5CVlbABUpMKf5ZDWOeG/WhiMO7j/NGrQf/p +Qnktisua/fH1oQ0NznUQgLnhU9+4XmzmCjtuHpBt6ahdLrultMWaZFtJAgidRHXS +f01VneE3g6p1UDZprLq1MI/mW+YhgI4LEKrCZmT9KFTW4VHupJYqxqXzTJioj7xL +GAvp4lt30M52Fj+XaNcNPGXBVpmH3uYErUfbdjAEu0NkuHuz4l5Ziqr+CiN2JIg3 +GP5yFwZa5CJlZrvzYh8YIU3fZZHDQ5oQR4Cx+KlAkzMeub6u8BhoF9+ftgvl30Ri +7vJqadDVHqLaXk3EeUJJkAS5rJb/O3C/4lppYPbr2yLd+CUuGLu3GNUDa+DvA/4n +YD9yuTE0yk471zmgBmUwOdYzkoGbPcLloz9LevE5C04SXz84QMDBlUmbvvgVJfVf +9tcFWlU4gXiM4jad71uuV9EGsXMMvZPvJBNbG+KvzvZk8mo6OXmPovE0iOoixGZ/ +dI9LGwneyeHNnlrN1w3LKz6eKbUZ/50XMTYR3AD/CQhf/ZnDUHrfxcHPD5vtXysu +VklSRxNnEUpomZIGtp5/Jyz/kN1Mh0N/lVlHxq88cyhuHy+HKldZo9XIj5Hj3mvT +MhNk38JT+ZzvFBtyq+H535ajANbDcAbjUxm9QBOgdfO9AXxKwbkCDQRl1MdmARAA +xThhoio5eHc1tn7P9uX9nL3wOJcDxlv2z42jUV4NiLRQysqTVVLVTb+dMLO+V0FY +iiHX7mYtt5G3xhjnqbEscM4Z78dMqiUYTWeJ27DeT8q4rAWuW7vljvS9r9P2Zp25 +N7f8w4b7ZBhfkuLM/iJQHbnS8hld0ET7xdNbvN0uXS5ZneabcoLcqw9ugLyUBXNL +3ZvktQ5mqYI7lI0bDYnmx1cXdXRZvhOndz1dvt1hX1Dn/PTAI7UqHau9H2sNFRmj +F5zIwK7loi3QZX3kemZk3ZSnAr+EZwPajtuU8oceG2z7gr8lIiUxymA4xw1nP99J +1Oo+MBrw8dHoJL2gIZVQMCq2ePIaWpaFyO/c6ZoXW4nJVrt2uOQHTjlEKqwVN/PR +S3p8agtJCv+/JraBgsx+uhq/vbUnnI88Lf7zKOBtbKBI4Cdd7YIqsodF1xKACNw9 +VSURv8C3BYawW6EStyxlqjSHgnUYfTvymQbwhW78teECG/WY41TFkW6yCIVpiazz +xoC9mCJ+0EdITlloRl49wL9fXfvTfa7LVVTvDo26+LekY5x1dvxpVhFNJcxe5pQg +XDZybFq6ci4vAGScVnHcONkw7EB/XlmSy3mLLoDOgXR03i0YdI+aY7WK5CwJptpW +Bcp3BvFVwEW+HaniUYtYkdO4ykypLMiUlQWtigA2xwsAEQEAAYkEcgQYAQoAJhYh +BLALSLxzGqiED+2fsO7SZrcPT+8QBQJl1MdmAhsCBQkSzAMAAkAJEO7SZrcPT+8Q +wXQgBBkBCgAdFiEEAgk+DRnd4Pff+7U8H9P1QCVqE3IFAmXUx2YACgkQH9P1QCVq +E3IQWBAAlzK9mpm8+V17Z9jgvDGylyIb4AxkoZ+Nl/byAp4FIRDwOve/g1ScaY45 +DvBOSeeNZJDzJlD8MArjv+9SiTjDQlqgVv5gpoWcJoLo2nZWq0ISnor162/S/aOZ +4WAjKWGKRdEOURictXjKCSwUYnf7oqzA5mSclCGtLrdeAbSVe7tEloaS3pOB0iqy +smuoldsnqGXAH9hf27uZ3E/r01Yyo0tGcsfO4aTHHFcjJzEuBewnDcVyzBPd3HOG +FaiI6Qyd235SA9+c9sr8UvEdYDBsKHgsPp0ChSUmFKCT1Fr6tAp/ypboB3/TUpj6 +Srnwt5IlvH83ROaRbZEsr9TkszauuNrDxgqmF7q+Y+7ZHEs7FA+qk7afriRpW1Ap +gxCtMxjjNevCUBBX8rNByQGjEwchBTHhIpdW9/M9fk9bzUKynLwI4dnvkqJCcqnX +amciNl4TmTNQSskPsdbEwcAK6PjS3NQTo7cPf6l3wkV72uG3Kcsmsi1PO1L2lptK +bmjeU+Tjv3+xLskNHKi5gpoqbt3CSmIT733Ck57lUyvwXNM7PeJnAJCw0HDPfuaz +JXyVRQPiQJH9A4Bu/nwhAmtRzI8IjguJA0koFe4h27BP6qp3xnKpaO7x9KXCwM63 +gZ+md8V0OpYHBVoUsIMmQ7in855btEVTzdI5Y0/4Npmdgbqc0bE9vQ//YV5JB+YG +4qCb6oLxKSyJANLtlQQEpOSIUxTAh0NiMXun9LZEgIFijQ6jpqc0iw/T9iQOaq3m +wk93VNPiZBLl+alceGEAJGwMfJZvUT1qCsKRUdPdJ6lGLng1ZfasmLM0EfNH8din +Qp6vL7nd38ruOHoctMEaDX8TKwpiqgCsb+6RI99BFb0sZmGUtLHR5N+NTKtyOZ55 +ZRPExfUPuhji/h9QXjVz39gs1LiyEgzRaUp0b9xadTYXqIDUbJVI0+iq31ALxsE3 +Aw0Ua/6pdcU0cBotcfMr5+JJ8Sa1zIUyNsjqSCsdn2/5VmW488G0NrgbYymAwWCK +YkOsjPbGn+tD+K2qDDWf0cBPdM3GOY5IwnXx3KZByu61XrB0aC8fjxd5wn0Ae2B7 +UIkTRExNpw/fus+mFKmyCmS1DzXtO8B/KfnfpO3P6c8+PXqgBO0sO4CXs+07E2CD +wGNpFd9BKQ3m/oPqXdiEnjKgb+XuExz2tRiiu5l1yfX28Wbb3KGielAHlxHcTcQ/ +5AkleoUJ7ZEDXU71YlVCX8P48/Ac4R0T4sNsi7mJPEBcz152mVnyi0VCvf9TSUkH +dHy+F1QIshFUuVY1sTwY9Q41c6mM41Fsn49eToVc0MSOvMsG2q7FG+sHOy1dm443 +evc0VDkVyywySJwLvC4yPglkEkQTHtlv48O4OARjd/xJEgorBgEEAZdVAQUBAQdA +3tt3vVEmB/HQnMBbxoBlAWV+Qbh0nFb1hMB//KQVV3cDAQgHiQI2BBgBCgAgFiEE +sAtIvHMaqIQP7Z+w7tJmtw9P7xAFAmN3/EkCGwwACgkQ7tJmtw9P7xCFxg/9H8jH +fX0QNNgFtZBddlaSk4wRoTtvMbA733wGtF3ly97GIIQHvHKKa4kj/ve2FAKClO+S +nM2g09K8vUWgSF87d+2IO+XeM6pHwI+dslsQsLCSWCiuI4mpDiwoa8SefUu9LsFb +q5C02yR3bfUNodqD7gVGfbSDloM+v/BTzmqwPyLV/OPm36nWoZK19YnsZSQkBBVy +GupDZoaU/8+UcxDhpixoflaWQDmgptoet7cis3uh8s1BUqLIt2/BrdeE8J5p3XhP +lVLKdbkZlg9EBdBnyNAPhc1T6bWvauAqpVFpYeA38pQO/QU9YHBR8DdwyNZm14Tg +HXNLPNXphA55mG4pAsB5wSvZjdKRyYfUIOzaEvKh/30Am+Xg0AT6nJ3hzDJfLnbv +LQvu7PtEmFq5xMMbK7cZ87d2iOUEDLGsxAEUJK62UtkA+ymzAmK+CNlehrPWydbW +kySbEaTad/mCxWmXtuRiU66Uids4miatTJg7P+8UTOCCRjA2+BLIZ5+BdACagp/W +sClX5pvQO5JuwZEtlvRfL1htQVXm0G6AjNuy6tSqrZ1L9pzR9GVIq910ZHwJKlpM +M5v6vbOEcoN7YoOipNlR6xXysWcZwDjsHafnnuwKquenAc/S0h8CjZCe6wv+usFT +3VMjFrGn3Rd21cznzwSd/hOrdyEWPkLKYooomQC4MwRjYoSpFgkrBgEEAdpHDwEB +B0A14ona1bYMFErfuk+/xVWClYaJSczvgtG52Je0DqPHoYkCswQYAQoAJhYhBLAL +SLxzGqiED+2fsO7SZrcPT+8QBQJjYoSpAhsCBQkSzAMAAIEJEO7SZrcPT+8QdiAE +GRYKAB0WIQSBB7EBpDKqyf6OVHyjSNYbwnE+nwUCY2KEqQAKCRCjSNYbwnE+nzUi +AP985Gth9wrJ3L+yGuHjZdQQmSZzGMV8rcnC9mJx91dPNAEA2bq3V3tChH3B/lBv +Ngwvz+PFw0CVbuz8x8kWixS8pQ2ZwQ//TGtWc/JqSBJq1bm2Rg7b7+6oERt202H3 +M4nl3zssGsoKI+nWx0V5W8lu3ujux5OUkZ2W1vPJGzncqHwjjLFg+2LRIqs4zLQE +KA7FmI0oRknLK7K7aX+83kBuKQQ5hqT9f3HvUQ45us641+ZIyR9U3QE3Ao4pu+ZG +gD8OD2y3lEx4Wj28rCnq1b+qkq6hHovIqljYpKJiRUdLcFDn5061vfFDVw/l2bXb +vwtks1blVTOKvHazeWiarsna7wkR7apSL3h3gx4sR3ScSsnMe9AtdA8Mvmili+Ye +3Xd2mLh7nJOEBMERJ8LkA4qIiAAde5GfA5nRarpOQoPIZl6X5NWwXTNIYoBuy8Yf +hx5ubzYz+l5gZ+q1EdhBm4Bic62NLpG1HhUYaJvbwKaDbG9Qy/VP33NJ0zjQ8nwz +xymb2tAyZFCjmAFoqRTMVNGjsTg055DSYe8R4eL6mHAkPr6zOQlb0dWzF6AXalvS +BeRu1S/4eLJhSIqX4etzRDZ29qYbOw0Zend6ZZfpOqUOFePwvtwX58inEVI8iHhj +7IvwLzXDUs8lKuwWE46VmB4uWTxbKVY/T7MOkJ3UukrbBHKM9Q1+cDl4FUkOMCTc +3dCbA/qPGj5YpNXZ3iWowGxJzMuNZF0Z+DqnJ0m1KFxw/ed4TBbb7b+lPcqpWdKu +sM9wneph+1M= +=yLlr +-----END PGP PUBLIC KEY BLOCK----- diff --git a/packages/shim/shim.spec b/packages/shim/shim.spec index 159e9992..92ea20cb 100644 --- a/packages/shim/shim.spec +++ b/packages/shim/shim.spec @@ -16,12 +16,15 @@ Release: 1%{?dist} Summary: UEFI shim loader License: BSD-3-Clause URL: https://github.com/rhboot/shim/ -Source0: https://github.com/rhboot/shim/archive/%{shimver}/shim-%{shimver}.tar.bz2 +Source0: https://github.com/rhboot/shim/releases/download/%{shimver}/shim-%{shimver}.tar.bz2 +Source1: https://github.com/rhboot/shim/releases/download/%{shimver}/shim-%{shimver}.tar.bz2.asc +Source2: gpgkey-8107B101A432AAC9FE8E547CA348D61BC2713E9F.asc %description %{summary}. %prep +%{gpgverify} --data=%{S:0} --signature=%{S:1} --keyring=%{S:2} %autosetup -n shim-%{shimver} -p1 # Make sure the `.vendor_cert` section is large enough to cover a replacement