新增处理PGP子证书的脚本
This commit is contained in:
zhoushuiqing
parent
1a8f8a53d2
commit
1dc48d61ca
36
RPM-GPG-KEY-openEuler-22.03
Normal file
36
RPM-GPG-KEY-openEuler-22.03
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQENBF2tW88BCADLd+lT9DHVlEv3D0sNDeqjGDHLxaEsACfwUoDAf5Oj/GGBY5FT
|
||||||
|
Q0EmUYolx499koDHh6fPb4/T5Df8Bqe6y/1Qt839+ONRP8Ky3sxs/wPeq+37MdpJ
|
||||||
|
QFTl3srZRyy3MspG1YhFz6fdyppBa8GCVHd9joj7pZgySYia/MeTO0g69n8Fje6X
|
||||||
|
QfzOfx/KuYcerErDC7ISCu8xqVoA2qPNeLLizXnfc2ZE5msNWKI5VtQvMJ6N5wo9
|
||||||
|
XOJG/M7MvAir4rYitq76VdA5vNu/DMb9W9PoZ09nn12izVe/nVg0Y2MIli//HAaO
|
||||||
|
Ovda/lJFXBbiTSMfhrjGNJDf87YU3l2rX9TrABEBAAG0OnByaXZhdGUgT0JTIChr
|
||||||
|
ZXkgd2l0aG91dCBwYXNzcGhyYXNlKSA8ZGVmYXVsdGtleUBsb2NhbG9icz6JAU4E
|
||||||
|
EwEIADgWIQQS6nSsnfSNRsacoL7VVwZesl5/ZgUCXa1bzwIbLwULCQgHAgYVCgkI
|
||||||
|
CwIEFgIDAQIeAQIXgAAKCRDVVwZesl5/Zj9JCAC+kowvO4BsfuqFNyKKUSmtfRZn
|
||||||
|
+0AP0xm4JZN1436MK4p4iNMyfmbnXuEKz3mnj2f5O88vRbYKjpxiM3E9XZT+XfE2
|
||||||
|
fElMhizLz8f7y++noApI4x36Wxn/sDoLZT4L46EbVwLP/SqqnnLXFb3yGccy2hHu
|
||||||
|
P5B9BSWTjx0RS21NRVITwUHC2cuiSPD7S3S6i9O2XDYy7vjVZsJafoCoLBL6ugPe
|
||||||
|
J6hOceDQjZbqwg7cQc68fzxfagfXGTp5UkJkAbcpIEaoBK2bbnCOUypTMORdWtTS
|
||||||
|
q/cihP7xaPHBf0vVQL7Eixs+0uJUNuus8wnaBsMzuJ+we9aCOa+cXYR8buO1uQIN
|
||||||
|
BF2tW88QCAC48/XnZI9019P1IsBa6csrLFEHk8O4vNG7EUpKK02vnc+CzDt+mq+l
|
||||||
|
EBr7KEQfTKuJW4zZ1dOzAsjgkgk1Gb0pkuZBZDkQE/TZdO2+4F41b7h8dWpNDN/9
|
||||||
|
NiFaUt9r4V/Oq4Flz2sghMJ8EpqA7asREVhIrnsWlCgnhvAY4gkcLZpCb+VSFxUW
|
||||||
|
gzsf0VoJwT8e+o6BrV7XmK+7uFgPu9aFxdcGDuAfAjl/retFdk044Ktt3Ky/QFS8
|
||||||
|
DFrvQP3eO1L8Jtx4n//Qg1OvApwQB8uFbhiWHK4IxS0ntlv7B0yDimOnC+Fsr8aS
|
||||||
|
ONgdpnMdqBIpL3oaJ46Kz2q16TndX5/rAAMGB/0Rd1oYI0zmhGxNtvf9PHkemYRV
|
||||||
|
TLX3XZ7Z/BMITzlZ5Ckjkuq5jDVsX/tXxQJXJ5l8jLa8DxC+Yrr7r+Lzu01QeQPo
|
||||||
|
za3jSwXVhf+R5QdBkI/OD3NgimpcWbRpcHbgH2IPIKh/c/CQiXnr+KAcNB3DfAQt
|
||||||
|
TVI4k7u6ouQtnNCYDst3FW2nfwuUYxX/vMpUziWlUV7UmXD5jP/KrsZaq4gS9xZP
|
||||||
|
j/Jap4y4mziO7o9DUkA+ZKqsvK7m6cs8eE6FfONRMoo1S27S0tbcX66FcJVXGnc7
|
||||||
|
hnFvanTec1x2blAXLHI8EbglYqJx01+cy7UicP+sIjaV0Z5TaTtO6U2E4ahwiQE2
|
||||||
|
BBgBCAAgFiEEEup0rJ30jUbGnKC+1VcGXrJef2YFAl2tW88CGwwACgkQ1VcGXrJe
|
||||||
|
f2Y6cQf/RXfYFUd9mu28TmqZmknSFqWPMM3dzNiWYCLeZc7thgRX77zsuI7EGna8
|
||||||
|
Bn8SIRfgx1nloJp2rO6mGlaOaxbbvXhO+GShRXFYXfsBKEN0F8AItFtqp+Ak5fE4
|
||||||
|
CyAeOO/EJJN1bcZo7lEBEMIHt9h5DmSr0VCCdW2j8Wt7Y43NwtM0ixKozyEST0VA
|
||||||
|
jlNOKvdi+X23PUXED9atY/aMMixx+ExUs9qJaqBNUevOn/eHU4LhktpFQU+z0Uvc
|
||||||
|
3zQ4+9aqqGLiw8dCgtvDi088zzenTL77uVhFzpFEWMh2Z84dQesbxYQ3M3FSgO5m
|
||||||
|
TaxhI5TkXbUYDXarb5NSmVU25sFtVQ==
|
||||||
|
=zbZz
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
50
RPM-GPG-KEY-openEuler-22.03-SP1
Normal file
50
RPM-GPG-KEY-openEuler-22.03-SP1
Normal file
@ -0,0 +1,50 @@
|
|||||||
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||||
|
|
||||||
|
mQGNBGOROkcBDAC2S6JpeU5YFzMDp5zqpWoTQmDaVnNh4dsbCEJp+Z6p2v7Y7NmM
|
||||||
|
iGzDYvScsa0nhM15SVJsrWYFkJB1rX+ESy7RRb1qGS5FznobzgUbhmMhpE0U/5+u
|
||||||
|
hTcvjk7wpFn04+FHugvIZ5gjP0G48gYkJoOtKKtMYA5Uvl/w0uRI6++Vme6m4W/K
|
||||||
|
Y2igg/JmRXSHhJHLQFICtQSZWw0kvWr6EUhmnFayzB6teKwJivJzJKHBTOgiSq5h
|
||||||
|
Q4BEcOJz0jmF4xOvpXIBB2mIb191DSXm9kadyRBZMDfw1Nqgmhhw40BRlt4hsV8k
|
||||||
|
yKymCFqm9M48NwY99/8Cfms4IXfD9XiF7nVj8+e5CcXeEGFWatZD2nCHTAkyah2L
|
||||||
|
Ukqe372pnQyCBvDIwkxTha/LWIVXU3eIMbSOz2dLht55yb+TNhOgK1b4xjhq6RWz
|
||||||
|
BpGjReU8RDtghVZkelt+mBZA8HPR81DoUuAm4vQuaxKecl44FdhzeUkCVDyA6ubh
|
||||||
|
kY5LQQBwIR7X+68AEQEAAbQkb3BlbmV1bGVyIDxvcGVuZXVsZXJAY29tcGFzcy1j
|
||||||
|
aS5jb20+iQHNBBMBCAA3FiEEiqFr+fLKUkQBDcqWO0d8YLZ1YAsFAmOROkcCGwMF
|
||||||
|
CwkIBwIGFQoJCAsCAxYCAQIeAQIXgAAKCRA7R3xgtnVgCzyEC/9L7TMRYC6xK2Dn
|
||||||
|
BetWLGBYag2YQmIIPUqZLFmq7RDiyAeVgFfk3TQj7AQryp3Cg63pxGH3YEOmU2B+
|
||||||
|
6s9advYUzEokd9DpiZoOKnNRK7EXb1aDw1Ujgd9xH4FgTNiUUxnkrb5Rlf3U5uSI
|
||||||
|
moqTwHuagBm9JP3xDllFFyo++w/23pQpoFMza4DiGrfVRor/oqfkmuKnimxg2naU
|
||||||
|
iAD4kO25O9Css9cgKrKNN06iuLPW0txqV9t2WfUsP28Lj+QE0yFaxlCokVbD0PSy
|
||||||
|
L1GKZszWMN+95NuEwrD8VeEzOrji7MqTjpWmzq70O4tyzyEHlCXizhQo/6HrDVPF
|
||||||
|
2npcCFYkxd53LmfW0MuRdEETf7hbIC0+ViD7mX55i3Z3x4MWb2X2zPl+r8yHiQsZ
|
||||||
|
Y/wm2sPWZb7jBm8up3c+xIoJZv5yoEX7JMFtiwpEMYJhyNKhgeQ4M3hi3v4q6rIL
|
||||||
|
QoCyujyENpr/opHL0EXFkUVvA3AUh+DR8cUiAo7X1pmJjKuRdEW5AY0EY5E6ygEM
|
||||||
|
AMj+qR7eLSdfDkcuPkSYqvzVcaYHpBwKn6ax9QTtR6UfONbg5CGQOU90RGH8xBix
|
||||||
|
bHf3VvIqt00x9dRW36mwLR/+CP/FJyqchC6Wh2k0SEJ5HR4frsWmOOHcT7wK150D
|
||||||
|
uTsyuWF4DidtvWtV1sgMZQcg66iFsPbdyTGaIolXij+4tv2TJgo9468MI0gFOY+0
|
||||||
|
2B6vluyB9k9nKNwEzH1cQCcDXa1r3P0f8iMNoojvSHZPKF9uAtUrnWULd3At+Nui
|
||||||
|
AI3H6rc7MEp/mVGnGWbNEfpHcwHqafRuJsdQgYu0AYNPyh+NT82n+clNSh0RoYGI
|
||||||
|
YLmPX+QBIIlsgcK3P8AZWjISKWtBRo5IJQWeB2BkMNrAKWpKUKn+nsWVaG4TZ8c+
|
||||||
|
2oqpuO+6ol4lFhk0G7cVqW09OOQ/UNopEiXHbJvpAqzSKbuzmK+kLB67pp4/wS+w
|
||||||
|
Os09t1o/m9qynMCCGmisNvVrWWmEiG/KaeFcQzzs9jVr9piGeGcxva70PbJew1hz
|
||||||
|
qwARAQABiQNsBBgBCAAgFiEEiqFr+fLKUkQBDcqWO0d8YLZ1YAsFAmOROsoCGwIB
|
||||||
|
wAkQO0d8YLZ1YAvA9CAEGQEIAB0WIQSBLhvcto+bdWqkjO8Af7dH+ze8bwUCY5E6
|
||||||
|
ygAKCRAAf7dH+ze8b57HC/4sHZk0yhBlwMWdu0vQGE+e8W1FTkL6uF2TTsTAVmAX
|
||||||
|
aIT3PrZJGiCfuqvdaYzArpEjWg6mk63esVs3//iGqsfQBKA6KhJgy4/daSKDnUlv
|
||||||
|
RbzJXWFi2gd2FBvGZUvRb/otdA34UvdhHr5q5A6DqPsKu++lj6rqMdDI1RFPr70T
|
||||||
|
N2Hd7xGevIWo620N/Hv884dkZ1QiJJ7d+BLavvLWwYy/l/c7NkwdMwFfqS1KMmLU
|
||||||
|
Nw5opyBi57I9lhYQTqexa6Fvs5lSvtK+C6YRI6PDn+7tRyqYYQdDANeNzUkn5rBV
|
||||||
|
ZGo5FuHlkyk0oKWX0kkYGLwaTV1BdTraeoYYywAJ59PC73pzCe4yBiQmDi6hsZ6D
|
||||||
|
DJtrngrGwrYhq87cjBAhK94FpgPSN8CK2XiLcMjmOi8KmVnjb0F6jKH6G0sadNi5
|
||||||
|
wm13Ec9XyrcggJUXmGBHQirHTyM3rkyI3C6xC2ZPbl6YxFyTbPruVJuFw2Cfivnk
|
||||||
|
b0nMdbfgyoNpOr+BiPqasGzwOgwAogZCFEHPamnOov/Wk/iodTYpR3rV4IAJWBxy
|
||||||
|
KLxZYZSf41cgTEZvOKIE2vP8jPnm/ag3T+qTEAsBSf1Y6w1ohLbifF4APq9WmJ8g
|
||||||
|
kFuexEyHJUeivojUX2j1V+qDwLJU4EjRsAaLC5dkTf5nF04nwbdnF+qiBsG0bsVK
|
||||||
|
V7sdKpbOEfFDQKe66bQ2n2t7jTVjOuS7sLRUx7bGLIEzj8mxhRNmxbXf/gb/Q0bw
|
||||||
|
r9T5WxkQnTI6ZwH8t/dYDhMvwpWPCkPqwvY/JAzY3J++AE9oGVdBOu+q9xIkWX7w
|
||||||
|
cy5VeGx2n/SLa+aNFXFi9FxyPHAozRnIM9ET8NuhEBncSgvlY1yjURmay8l0zCin
|
||||||
|
TOmyCewwVi8TVz9wdrqrHAoItamu+y5mQgU4jinbxWBytzaQ6gmZUsoKHMNOYpOQ
|
||||||
|
sg4mugUPR5Gv0xNn+1nZcVyL7nSGlxp7C0ujMVlBugKVR4091KizlHjfVrtuwRHG
|
||||||
|
RvdQJiP2pHXAQpBJduIgGAQsGDCk
|
||||||
|
=WmUf
|
||||||
|
-----END PGP PUBLIC KEY BLOCK-----
|
||||||
19
kernel.spec
19
kernel.spec
@ -12,7 +12,7 @@
|
|||||||
%global upstream_sublevel 0
|
%global upstream_sublevel 0
|
||||||
%global devel_release 146
|
%global devel_release 146
|
||||||
%global maintenance_release .0.0
|
%global maintenance_release .0.0
|
||||||
%global pkg_release .75
|
%global pkg_release .76
|
||||||
|
|
||||||
%define with_debuginfo 1
|
%define with_debuginfo 1
|
||||||
# Do not recompute the build-id of vmlinux in find-debuginfo.sh
|
# Do not recompute the build-id of vmlinux in find-debuginfo.sh
|
||||||
@ -51,7 +51,12 @@ Source0: kernel.tar.gz
|
|||||||
Source10: sign-modules
|
Source10: sign-modules
|
||||||
Source11: x509.genkey
|
Source11: x509.genkey
|
||||||
Source12: extra_certificates
|
Source12: extra_certificates
|
||||||
Source13: pubring.gpg
|
# openEuler RPM PGP certificates:
|
||||||
|
# 1. openeuler <openeuler@compass-ci.com>
|
||||||
|
Source13: RPM-GPG-KEY-openEuler-22.03-SP1
|
||||||
|
# 2. private OBS <defaultkey@localobs>
|
||||||
|
Source14: RPM-GPG-KEY-openEuler-22.03
|
||||||
|
Source15: process_pgp_certs.sh
|
||||||
|
|
||||||
%if 0%{?with_kabichk}
|
%if 0%{?with_kabichk}
|
||||||
Source18: check-kabi
|
Source18: check-kabi
|
||||||
@ -263,7 +268,12 @@ tar -xjf %{SOURCE9998}
|
|||||||
mv kernel linux-%{KernelVer}
|
mv kernel linux-%{KernelVer}
|
||||||
cd linux-%{KernelVer}
|
cd linux-%{KernelVer}
|
||||||
|
|
||||||
cp %{SOURCE13} certs
|
# process PGP certs
|
||||||
|
cp %{SOURCE13} .
|
||||||
|
cp %{SOURCE14} .
|
||||||
|
cp %{SOURCE15} .
|
||||||
|
sh %{SOURCE15}
|
||||||
|
cp pubring.gpg certs
|
||||||
|
|
||||||
%if 0%{?with_patch}
|
%if 0%{?with_patch}
|
||||||
cp %{SOURCE9000} .
|
cp %{SOURCE9000} .
|
||||||
@ -879,6 +889,9 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 06 2023 zhoushuiqing <zhoushuiqing2@huawei.com> - 5.10.0-146.0.0.76
|
||||||
|
- Process PGP certs before kernel building
|
||||||
|
|
||||||
* Sat Apr 01 2023 Jialin Zhang <zhangjialin11@huawei.com> - 5.10.0-146.0.0.75
|
* Sat Apr 01 2023 Jialin Zhang <zhangjialin11@huawei.com> - 5.10.0-146.0.0.75
|
||||||
- !540 fix CVE-2023-0266
|
- !540 fix CVE-2023-0266
|
||||||
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
|
- ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF
|
||||||
|
|||||||
36
process_pgp_certs.sh
Normal file
36
process_pgp_certs.sh
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# from: https://repo.openeuler.org/openEuler-22.03-LTS/source/RPM-GPG-KEY-openEuler
|
||||||
|
# sh256: b09bf8bf7dae9aa6b24b170b6b85dd1717e14e674f270d14da0436e8dfc4260e
|
||||||
|
CERT_2203="RPM-GPG-KEY-openEuler-22.03"
|
||||||
|
# from: https://repo.openeuler.org/openEuler-22.03-LTS-SP1/source/RPM-GPG-KEY-openEuler
|
||||||
|
# sha256: 006e79d37c10e74c24df6d07c4efc4176515cec009daa5ed493b06f5b6ef39c1
|
||||||
|
CERT_2203_SP1="RPM-GPG-KEY-openEuler-22.03-SP1"
|
||||||
|
# process result for kernel building
|
||||||
|
CERT_OUT="pubring.gpg"
|
||||||
|
|
||||||
|
# base64 decode with removing prefix and suffix
|
||||||
|
for cert in $CERT_2203 $CERT_2203_SP1; do
|
||||||
|
cat $cert | head -n -2 | tail -n +2 | base64 -d > $cert.gpg
|
||||||
|
done
|
||||||
|
|
||||||
|
# 22.03 SP1 use subkey to sign, but kernel can only parse main key. So we need to
|
||||||
|
# extract subkey information and wrap to a main key format.
|
||||||
|
|
||||||
|
# The PGP data can be parsered with https://cirw.in/gpg-decoder/
|
||||||
|
|
||||||
|
# Extra User ID Packet
|
||||||
|
# start: 400; length: 38
|
||||||
|
dd if=$CERT_2203_SP1.gpg of=$CERT_2203_SP1.userid.gpg skip=400 bs=1c count=38
|
||||||
|
# Extra Public-Subkey Packet
|
||||||
|
# start: 902 + 1(wrap cipherTypeByte); length: 400 - 1
|
||||||
|
# cipherTypeByte: 0x99 = 10 0110(wrap to a main key) 01
|
||||||
|
echo -en "\x99" > $CERT_2203_SP1.subkey.gpg
|
||||||
|
dd if=$CERT_2203_SP1.gpg of=$CERT_2203_SP1.subkey.gpg skip=903 bs=1c count=399 seek=1
|
||||||
|
|
||||||
|
# 22.03 use main key to sign, so we dont need to deal it.
|
||||||
|
|
||||||
|
# merge all cert information
|
||||||
|
cat $CERT_2203_SP1.subkey.gpg $CERT_2203_SP1.userid.gpg $CERT_2203.gpg > $CERT_OUT
|
||||||
|
# cleanup
|
||||||
|
rm -f RPM-GPG-KEY-openEuler-*
|
||||||
Loading…
x
Reference in New Issue
Block a user