From: Herton R. Krzesinski <herton(a)redhat.com>
redhat: use centos x509.genkey file if building under centos
Upstream Status: RHEL only
When doing modinfo against a kernel built under centos, it'll show the
signer as Red Hat Enterprise Linux kernel. To avoid this, switch the
module signing to use a centos x509.genkey file provided by Brian
Stinson.
This was requested for centos-stream-9 in BZ 2029952.
v2: fix build issue due empty if/then clause
Signed-off-by: Herton R. Krzesinski <herton(a)redhat.com>
diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template
index blahblah..blahblah 100755
--- a/redhat/kernel.spec.template
+++ b/redhat/kernel.spec.template
@@ -777,6 +777,8 @@ Source37: filter-aarch64.sh.rhel
Source38: filter-ppc64le.sh.rhel
Source39: filter-s390x.sh.rhel
Source40: filter-modules.sh.rhel
+
+Source41: x509.genkey.centos
%endif
%if 0%{?include_fedora}
@@ -1499,6 +1501,18 @@ done
cp %{SOURCE82} .
RPM_SOURCE_DIR=$RPM_SOURCE_DIR ./update_scripts.sh %{primary_target}
+# We may want to override files from the primary target in case of building
+# against a flavour of it (eg. centos not rhel), thus override it here if
+# necessary
+if [ "%{primary_target}" == "rhel" ]; then
+%if 0%{?centos}
+ echo "Updating scripts/sources to centos version"
+ RPM_SOURCE_DIR=$RPM_SOURCE_DIR ./update_scripts.sh centos
+%else
+ echo "Not updating scripts/sources to centos version"
+%endif
+fi
+
# end of kernel config
%endif
diff --git a/redhat/rhel_files/x509.genkey.centos b/redhat/rhel_files/x509.genkey.centos
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/rhel_files/x509.genkey.centos
@@ -0,0 +1,16 @@
+[ req ]
+default_bits = 3072
+distinguished_name = req_distinguished_name
+prompt = no
+x509_extensions = myexts
+
+[ req_distinguished_name ]
+O = The CentOS Project
+CN = CentOS Stream kernel signing key
+emailAddress = security(a)centos.org
+
+[ myexts ]
+basicConstraints=critical,CA:FALSE
+keyUsage=digitalSignature
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1588