diff --git a/RPM-GPG-KEY-fedora-41-primary b/RPM-GPG-KEY-fedora-41-primary new file mode 100644 index 0000000..30afc1a --- /dev/null +++ b/RPM-GPG-KEY-fedora-41-primary @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGTSYSwBEACTHP7OFONk+1B1awJeYToUFMVbYZIjNvj9M7zwf5vzH52FlpXX +dsbs1AWh6NUe0zV1J5JjCGiI24Vjacysg7L2zsbgT48vVv3mXrXorjYOzT/cxsAh +7PNhEx+OevKzAx3oy0Ok27c11Dz0W4ynwVy80gB6XHI2rd04v74TiC0xQYlxj1Sh +j6irdLmHMD/NtTCWmCM7MRf91UcC4rk6JOap715UKey2fk1h/wylv0guMP3o+CpG +jxDHENkfl/GsWCSYBaHec7o5/qg5RoAkN5NImVI00CqiEO1WHPBaCJalgwbuQCiW +006jwVDHJHRoufS85PEKaY9yqd5Fr76kdqCLsf3Ys9yxGVfOTvCaKOa+ElWBo+i6 +yOtEO6Qp1Qd5spomBJ+FVPjU89lR9aDnvxIVX7X6zu638qV0K3Lb2HKmqiVG6ccJ +IdxNVXJAekvu7ypwvRzEc0mGgfkZ47flaj7X8SxiebbXhYWdqRBF0rMYc7ppkbCp +5NsD+KJilkfeOGb7VK6Rx5vXmySiNCb9GqN51KRl4Z1qllrc/Q1k5CCMt3AUq0hv +1fwK3eFGtd4/YgF9LoZ0tW8WFZ6h/zWnRvJ/SDBPhtovoSpxptCd18MWiakwvwW0 +sxueKFlctdDjW1a/gri3V4RdTOZbr0AqDjGGcYndt/oxMeLxaK9qvs2xIQARAQAB +tDFGZWRvcmEgKDQxKSA8ZmVkb3JhLTQxLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v +cmc+iQJOBBMBCAA4FiEERmzy2LYLwwV6qUU+0GIkYumdatEFAmTSYSwCGw8FCwkI +BwIGFQoJCAsCBBYCAwECHgECF4AACgkQ0GIkYumdatFHIQ//bTSVGDvJGmUxgHJw +MnGM2G6Rc9PNAKuXbh6t4qsrRKp22pWNnMmqqcGaoiBxKP989a2cJgIVP49SsC4C +ewaafEYhsitUtKagx6z3F7UObnvQpOz5U5iFcJCvRDtC4FXq+VkMdhT09zMZY4Ey +ia29bV1B1R7pe7yXh6l3WyVj9AAXUSEBR/OsakaYEMzScLnROBEU1YbWR9iHsc7M +rEsqju8tVUh1XAqIqJgLW3VrKs0g0nDVR0rBc8aDhrtVfylwWVl61gHsPFJfAkjj +OPgvQgThrhlCWo23EZSk/Hj8YRrnhUbEDnk+Z3Xv5Uyl1kxGRk5dGBnv+7u3CKvV +G6sU3tPtna/8rFblfKSMZIPhzTADdsUZ88Fn9pZkfqgPi8LZ4sS8vHtaykZmbfj6 +t9a2mBYJQ+/pxiH8olzyhKMdNyesLPeQmESgwM/qlJ+b2Hbogwuuzp8o2JMezxIe +CAwLoPh+hxMPGnBRklh6Vj5R5z29wIZd6pKCavVRfJ+ON94wuOSEofhBfQNZIIFV +jagEbk60iksysxsObfVEHFhtGnZCEgCRC87BfX6tzIIDv23Zs4Bv9gcaaRXTAml2 +kZXktduHkV9q3hhcoha5FgGSe244C4GsMUkWCsZtuN6tevUPo+n2ZZAA7ikQ768r +Iz9rPOI8/Ra7qnwSlNIVnkTb9bc= +=e2ew +-----END PGP PUBLIC KEY BLOCK----- diff --git a/RPM-GPG-KEY-fedora-42-primary b/RPM-GPG-KEY-fedora-42-primary new file mode 100644 index 0000000..c8da319 --- /dev/null +++ b/RPM-GPG-KEY-fedora-42-primary @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGXKg9EBEACvsAjRcllcH6mVReU/0hi5YnwqulP7gNgUM4jYPiqucF51g0oW +MbFk0VjDn3QXjrwLNLtj4oxsU+E6OW0jl1732qvjUJ9geEZBuidyFZgq0CCn9K8d +661dPDjN/DzWWogFhnDySFHRLdh6dYCuu75/HKSIVfCud2IFCvT7Bhk4AOpxv4c7 +mmX874LFgi49jkAYC0M6UbJ9o3KSCndipf/k0ra2g9dGacqlPfn3PMiTszPDr99d +o4qZ5dVZYC6Sna8GjNhN7b/2xLGQuzdd9LHgPHC/PX7XsvBLu42rqi3q0umJBtjZ +CyFxF5Dp0VMwmVfrKFZOHvVsGjPLrxomLU16/EDzIrw6cHikdQKLf4sl0rX0m8j0 +PNAGOSDmE9YgByiPo12CGMOuAvsDUI0JID4p4WqpBShTBuiIrITn8XVTCOQ+tKq9 +dE/qI+mm2hnZjJajM2UWfKE0mVH4SDOiSilgKR/h5HuLZqwtYXFExDZsAcxaLfRB +KCrIOyJdpV7YIj8PaP89XeycHM2MaIfwdHSx3Pz39zZNzi6vJkLj9SWdQT7lOvZx +xTQ3dK0Rcpjx+rGHgihMT4yBd+JO9mZS3ghNGbypYnNn/mohPOAxguXuPuPRj00o +C7C3lIEEL/hZXZbN1SuiopZjxbU/x/5lO8n0Un1GCzynObPDvpDLTjsdKQARAQAB +tDFGZWRvcmEgKDQyKSA8ZmVkb3JhLTQyLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v +cmc+iQJOBBMBCAA4FiEEsPSVBFj2nhFQxsXtyKxJFhBe+UQFAmXKg9ECGw8FCwkI +BwIGFQoJCAsCBBYCAwECHgECF4AACgkQyKxJFhBe+US4mQ//e4gIGhA6TJuEqrVP +gKtSnDawIj30TGbkXIywECtKCu9N8anTlkU2/XSKGyE3ZDdKDO77O11382Ci1xJg +CpdbqKg4G02ecEKT1Dtng37gt55SkhffQ0EeDb3Zl+Pu5qohHQUiMzio4B4q8n0H +D+L9klQ3I1rLmymguBRd34jQH/z025GE2SBbCpDnQCChZT7Fq1D/onOQgC6skN6Q +E2dvYqOnSlHkkfuVlRRYoLNmynxHKlL6VZkiM7m1zKi7cMEK63mKJQ3jH3Mc9grh ++OwBDxOjx5UoYMeYqq7oXyTPKvvf6ssuHtjWM3tNkyi5R1nB+4SHMttrbt2pLMSH +Jg6pNXoLAP8ahlvxdgVRjgN/6OMC/DwXnLxippelBXXDyBnwVd8/WohbJDcq7e5t +dymZpRsNxzhWSuwbHzeJY1DKtePhbjblShLjxTzLnS4GBPJV5TXpHkZWgQmz2aA0 +CHV47j37P6kAOEtsJkJUWWz+/Rx1N5Mm5lxvghaAzlTBtwQhRgl9Y8kCTznG40QQ +64N2FOrcExUJmujLRISDjM2Ps9MtBlbYs7H4JDziX4jpNyvhVAbEdjbzVfL5oi35 +l+K/QRtQJnt78qhLpNNB7SdQkNmD8eMeXF7mA/MH6eFM88hF4l6NeKklyMIa5thg +LFx0UyEgoLXDBg+thUzby61gnA8= +=OCXB +-----END PGP PUBLIC KEY BLOCK----- diff --git a/RPM-GPG-KEY-fedora-43-primary b/RPM-GPG-KEY-fedora-43-primary new file mode 100644 index 0000000..7be8eef --- /dev/null +++ b/RPM-GPG-KEY-fedora-43-primary @@ -0,0 +1,29 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGa23M8BEAC47NwKLi/g2S9I2p5JtUbJ0y3m2St9zqkSENmYw/+R+WKvaP3S +KSFQF3Qi6pqGXJ88ADJUkFYpOGGyoc0dieLCmIPqtWbwGvBVMxBRBeU3+hClwbSQ +sysVnr8VxUwidfsIjNJavCZwB0ZoZbxdCPMQMOgQyTLX4OI/uKlPUzeymDHwxjb/ +tllflSTOGtdYe3giRzidxN+xbCb6UoXkl0+lJEFbsmp41O5D/Ur5N05lBrsEXoDu +Fr99Kfv3Av7f3JfzDlkqC/EhmfxZEZvWj3hRdAfi2fFmtVcrdLfGIpQg6Y2Baphp +PhaHqKl9zD5GWqu5GSXGoLaGXusBvwBKjS/g+VLo7pJfMsUF3sUduJNG3UThAsrp +QLV3wQz0AMHVElRErOWdBDY0ddAKLPL7/mtxj39pGEpZ/dNtQkzgm7VCdP10QnQZ +rwR2l8k7CPu0pylPCXmXvKFWV1uv9RnztlWY6BRmufKn+lJsN3Blh7ndi5rlCjR6 +mHVrQD/l6+8VmSD3/mDnbEXPyzBkSY5D1wpR7M5VXN5jVHROc4ZA5M88SyI48ESG +NmeAwtGar45/X+wG47+EC4+JXpNO7BQrEvHgJxBdyoQ6KLDrEaqn/OQpxB4Gfmcv +SwkWDpSk8wFm/pGlFK6J4b+ba7eOetW+aXrWSiFB1sTAg0OY+gds67OpWQARAQAB +tDFGZWRvcmEgKDQzKSA8ZmVkb3JhLTQzLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v +cmc+iQJSBBMBCAA8FiEExufwgc+A4TFGZ26IgptgZjFkVTEFAma23M8CGw8FCwkI +BwIDIgIBBhUKCQgLAgQWAgMBAh4HAheAAAoJEIKbYGYxZFUxagQP/RYWw5j0Gfvv +lWkDQTjTVAnHtbKuQLYM13Lx5d3W1k0g6Xdrolf4yPjh4YPYVQDXksB4i6ULLbMo +8u46UCPMQwCXTd3Ax9imYn+V74Isl/CkBbKQD9YfSJjhW3mSlPa27jo2uhqpdV0S +xp05NWYnWrZN+GbtCUs1+rNTBevagOURtlZ8f0iPVRA/PxWzpjbRaGrCHlIYc3JO +GKLUuQueLvOUg2pP8dtpll7S3xUe5Abyq2ifT34T0wHi6hJA3bfpXo1uNXRvGrNw +gbJ7V6P7ioTcvyhS1h4zjelKFyvTnOKOy5D08HKmvTMWZQWEL7kDNymh1jMV7Abg +4TPp808EiPF1GGAzXU56feaURSvIuix3MkjhGZsSQQH2kkkEIzq6j/EwmpyEMW38 +dtql4T2bVS/cTk/hRaqUKZlyrsL657g/4mFA1wDDM3895fYkHOpYF4JZ9SeDrhuc +TgpC7/TW55l6vSiFtnQvcMfjpfCA6mCA4b75k+/xG9RxxBnYU0qVuUo/8pON31yQ +D2AM2v7WbJBYVRYLlqPrkAZU5fe7+2wY7P7N0IAPwVA0TFJ1x6as3Kezdi/304mg +oC98DBLjHaUpX2bTxKMtCzlmeqPiwtyNkA9O9IQO7qQzArBKxmAgof4wblN5SL8i +fsjiJUqsK/gTYwJ744I/tzxOy5FXjA7z +=Bqds +-----END PGP PUBLIC KEY BLOCK----- diff --git a/archmap b/archmap index ccfa584..9132863 100644 --- a/archmap +++ b/archmap @@ -87,3 +87,9 @@ fedora-38-primary: x86_64 aarch64 ppc64le s390x fedora-39-primary: x86_64 aarch64 ppc64le s390x fedora-40-primary: x86_64 aarch64 ppc64le s390x + +fedora-41-primary: x86_64 aarch64 ppc64le s390x + +fedora-42-primary: x86_64 aarch64 ppc64le s390x + +fedora-43-primary: x86_64 aarch64 ppc64le s390x diff --git a/fedora-39-ima.der b/fedora-39-ima.der index 0d13baa..7396f87 100644 Binary files a/fedora-39-ima.der and b/fedora-39-ima.der differ diff --git a/fedora-40-ima.der b/fedora-40-ima.der new file mode 100644 index 0000000..ae6c111 Binary files /dev/null and b/fedora-40-ima.der differ diff --git a/fedora-41-ima.der b/fedora-41-ima.der new file mode 100644 index 0000000..4f8787e Binary files /dev/null and b/fedora-41-ima.der differ diff --git a/fedora-42-ima.der b/fedora-42-ima.der new file mode 100644 index 0000000..11b8cd8 Binary files /dev/null and b/fedora-42-ima.der differ diff --git a/fedora-ima-ca.der b/fedora-ima-ca.der new file mode 100644 index 0000000..f75acb6 Binary files /dev/null and b/fedora-ima-ca.der differ diff --git a/fedora-repos.spec b/fedora-repos.spec index 9f294ce..0c3fc6c 100644 --- a/fedora-repos.spec +++ b/fedora-repos.spec @@ -1,10 +1,10 @@ -%global rawhide_release 39 +%global rawhide_release 42 %global updates_testing_enabled 0 Summary: Fedora package repositories Name: fedora-repos Version: 39 -Release: 0.4%{?eln:.eln%{eln}} +Release: 3%{?eln:.eln%{eln}} License: MIT URL: https://fedoraproject.org/ @@ -80,6 +80,10 @@ Source57: RPM-GPG-KEY-fedora-37-primary Source58: RPM-GPG-KEY-fedora-38-primary Source59: RPM-GPG-KEY-fedora-39-primary Source60: RPM-GPG-KEY-fedora-40-primary +Source61: RPM-GPG-KEY-fedora-41-primary +Source62: RPM-GPG-KEY-fedora-42-primary +Source63: RPM-GPG-KEY-fedora-43-primary + # When bumping Rawhide to fN, create N+1 key (and update archmap). (This # ensures users have the next future key installed and referenced, even if they # don't update very often. This will smooth out Rawhide N->N+1 transition for them). @@ -88,13 +92,12 @@ Source150: RPM-GPG-KEY-fedora-iot-2019 Source151: fedora.conf Source152: fedora-compose.conf -# ima certs -Source500: fedora-38-ima.cert -Source501: fedora-38-ima.der -Source502: fedora-38-ima.pem -Source503: fedora-39-ima.cert -Source504: fedora-39-ima.der -Source505: fedora-39-ima.pem +# IMA certs: dracut integrity module only recognizes DER format +Source500: fedora-ima-ca.der +Source501: fedora-39-ima.der +Source502: fedora-40-ima.der +Source503: fedora-41-ima.der +Source504: fedora-42-ima.der %description Fedora package repository files for yum and dnf along with gpg public keys. @@ -177,9 +180,11 @@ done ln -s RPM-GPG-KEY-fedora-%{version}-primary RPM-GPG-KEY-%{version}-fedora popd -# Install the ima keys +# Install the IMA certs install -d -m 755 $RPM_BUILD_ROOT/etc/keys/ima -install -m 644 %{_sourcedir}/fedora*ima.* $RPM_BUILD_ROOT/etc/keys/ima/ +install -m 644 %{_sourcedir}/fedora*ima.der $RPM_BUILD_ROOT/etc/keys/ima/ +install -d -m 755 $RPM_BUILD_ROOT/usr/share/ima/ +install -m 644 %{_sourcedir}/fedora-ima-ca.der $RPM_BUILD_ROOT/usr/share/ima/ca.der # Install repo files install -d -m 755 $RPM_BUILD_ROOT/etc/yum.repos.d @@ -380,7 +385,10 @@ rm -f "$TMPRING" %files -n fedora-gpg-keys %dir /etc/pki/rpm-gpg /etc/pki/rpm-gpg/RPM-GPG-KEY-* + +# ima-certs /etc/keys/ima/fedora*ima* +/usr/share/ima/ca.der %files ostree @@ -393,6 +401,25 @@ rm -f "$TMPRING" %changelog +======= +* Tue Aug 20 2024 Samyak Jain - 39-3 +- Add RPM-GPG-KEY-fedora-42-primary +- Add RPM-GPG-KEY-fedora-43-primary +- Setup for rawhide being F42 + +* Thu May 23 2024 Coiby Xu - 39-2 +- add/update IMA certs + +* Fri Oct 06 2023 Kevin Fenzi - 39-1 +- Disable updates_testing for release. + +* Wed Sep 06 2023 Tomas Hrcka - 39-0.6 +- added Fedora 41 keys +- enabled updates_testing repository + +* Tue Aug 08 2023 Samyak Jain - 39-0.5 +- Update Rawhide definition to F40 + * Fri Jul 21 2023 Peter Robinson - 39-0.4 - Update IMA keys location for kernel/dracut