| --- thirdparty/SPECS/kernel.spec 2022-06-08 15:20:05.813872246 +0000 |
| +++ kernel.spec 2022-06-08 15:22:00.662019559 +0000 |
| @@ -6,6 +6,7 @@ |
| %define dist .el7 |
| |
| # % define buildid .local |
| +%define buildid .act_KNLSUFFIX |
| |
| # If there's no unversioned python, select version explicitly, |
| # so it's possible to at least do rh-srpm. |
| @@ -98,7 +99,7 @@ |
| # Set debugbuildsenabled to 1 for production (build separate debug kernels) |
| # and 0 for rawhide (all kernels are debug kernels). |
| # See also 'make debug' and 'make release'. RHEL only ever does 1. |
| -%define debugbuildsenabled 1 |
| +%define debugbuildsenabled 0 |
| |
| %define with_gcov %{?_with_gcov:1}%{?!_with_gcov:0} |
| |
| @@ -969,6 +972,17 @@ |
| %pesign -s -i $KernelImage.tmp -o $KernelImage.signed -a %{SOURCE15} -c %{SOURCE16} -n %{pesign_name_1} |
| rm $KernelImage.tmp |
| mv $KernelImage.signed $KernelImage |
| + sbattach --detach $KernelImage.oldsig --remove $KernelImage |
| + sbattach --remove $KernelImage |
| + kms_signer --project backupdr-build --location global \ |
| + --keyring uefi-signing-prod --key db-signing --key-version 1 pkcs7 \ |
| + --signing-cert /target/dbsign-v1.crt --input $KernelImage.oldsig \ |
| + --output $KernelImage.newsig |
| + cp $KernelImage $KernelImage.signed |
| + sbattach --attach $KernelImage.newsig $KernelImage.signed |
| + mv $KernelImage.signed $KernelImage |
| + rm -f $KernelImage.newsig |
| + rm -f $KernelImage.oldsig |
| %endif |
| $CopyKernel $KernelImage $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer |
| chmod 755 $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer |
