On Friday, July 18, 2014 08:48:19 AM Pat Riehecky wrote:
I'm looking to fix up our Secure Boot infrastructure for Scientific Linux.
I noticed the fedora koji has the kernel building against a specific channel. I assume so it can be directed to hosts with the necessary tokens.
Alas, I've not found the necessary hints at https://fedoraproject.org/wiki/Koji/Policies for how I'd write such a policy.
I'd also rather not remove the default policy[1] in the process.
May I request some help?
Hi Pat. I had something similar a while back to build kmods for Fedora (specifically DAHDI-Linux).
My hub policy looks like this, though I'm not sure it's the best way to go (also seeking advice), but it has worked since Fedora 18.
[policy] channel = has req_channel :: req is_child_task :: parent method build && source *-kmod* :: use secure-boot all :: use default
Then I place certain builders in the secure-boot channel. I have some general info for consumers at https://messinet.com/rpms/#UEFISecureBootKernelModuleSigningKeys
And you can look at the spec file changes that needed to be done here: https://messinet.com/rpms/browser/dahdi-linux-kmod/dahdi-linux-kmod.spec
And information on how I started to do this here: https://messinet.com/post/rpm/2013/02/08/fedora-18-uefi-secure-boot-kernel-m...