diff --git a/fedora-38-ima.cert b/fedora-38-ima.cert new file mode 100644 index 0000000..e0d2819 --- /dev/null +++ b/fedora-38-ima.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBpzCCASygAwIBAgIBKjAKBggqhkjOPQQDAzAbMRkwFwYDVQQDExBGZWRvcmEg +MzggSU1BIENBMCAXDTIzMDIxODE4MDMxNloYDzIwNTMwMjE4MTgwMzE2WjAcMRow +GAYDVQQDExFGZWRvcmEgMzggSU1BIEtleTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABI+RFc41GuD1tyN2P0U5C4H4z9xJbuAMinV18SJXVulVYt0DBKT+Xme5WZpQ +dvPdkBaW1jCzSeI15T3oTIKjYL6jXjBcMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgw +FoAU7MSMKFJGsKYZxjsInt2Dp7i3db8wKwYJYIZIAYb4QgENBB5JTUEgc2lnbmF0 +dXJlIHZlcmlmaWNhdGlvbiBrZXkwCgYIKoZIzj0EAwMDaQAwZgIxAKMa1pxV4PM9 +BSRqnYWpLg2bfunWRo2fsqn/HaI7qdLZZTUivtSWcTJFif7c5YHWggIxAIgZnzog +XLA6WvFbmimjFNjQCKnxuvo/f2OzbK2JPj7XofpJrhf0frL2Cb1r7novgw== +-----END CERTIFICATE----- diff --git a/fedora-38-ima.der b/fedora-38-ima.der new file mode 100644 index 0000000..238ae6c Binary files /dev/null and b/fedora-38-ima.der differ diff --git a/fedora-38-ima.pem b/fedora-38-ima.pem new file mode 100644 index 0000000..e323fa2 --- /dev/null +++ b/fedora-38-ima.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEj5EVzjUa4PW3I3Y/RTkLgfjP3Elu +4AyKdXXxIldW6VVi3QMEpP5eZ7lZmlB2892QFpbWMLNJ4jXlPehMgqNgvg== +-----END PUBLIC KEY----- diff --git a/fedora-39-ima.cert b/fedora-39-ima.cert new file mode 100644 index 0000000..78c7bb4 --- /dev/null +++ b/fedora-39-ima.cert @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBpjCCASygAwIBAgIBKjAKBggqhkjOPQQDAzAbMRkwFwYDVQQDExBGZWRvcmEg +MzkgSU1BIENBMCAXDTIzMDIxODE4MDQxNloYDzIwNTMwMjE4MTgwNDE2WjAcMRow +GAYDVQQDExFGZWRvcmEgMzkgSU1BIEtleTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABPVBlbhn8Lz9PLD0LqpySa9jgxZTdImp2xbyMes+L91MntWFKj5hR86He9kN +87KphPuso6WdRPDLf4ouarSaNdGjXjBcMAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgw +FoAUpxQ+y2TQxMrznQx9xDhFRthT/1IwKwYJYIZIAYb4QgENBB5JTUEgc2lnbmF0 +dXJlIHZlcmlmaWNhdGlvbiBrZXkwCgYIKoZIzj0EAwMDaAAwZQIxALJAz24hm4Lu +P9eFeAyCGKjWdqrBIAh2Ec7kUpkALqvfZHZhP/qhhqAxKEOO6v66ZgIwYObLdWmX +TGN2JGRLY6KwcUoprXAECTYGX9HjGqv2/7xrt7hCSwqjpIr29XXOi2mv +-----END CERTIFICATE----- diff --git a/fedora-39-ima.der b/fedora-39-ima.der new file mode 100644 index 0000000..0d13baa Binary files /dev/null and b/fedora-39-ima.der differ diff --git a/fedora-39-ima.pem b/fedora-39-ima.pem new file mode 100644 index 0000000..2856eb1 --- /dev/null +++ b/fedora-39-ima.pem @@ -0,0 +1,4 @@ +-----BEGIN PUBLIC KEY----- +MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE9UGVuGfwvP08sPQuqnJJr2ODFlN0 +ianbFvIx6z4v3Uye1YUqPmFHzod72Q3zsqmE+6yjpZ1E8Mt/ii5qtJo10Q== +-----END PUBLIC KEY----- diff --git a/fedora-repos.spec b/fedora-repos.spec index 9fdda40..d8e41e0 100644 --- a/fedora-repos.spec +++ b/fedora-repos.spec @@ -4,7 +4,7 @@ Summary: Fedora package repositories Name: fedora-repos Version: 39 -Release: 0.1%{?eln:.eln%{eln}} +Release: 0.2%{?eln:.eln%{eln}} License: MIT URL: https://fedoraproject.org/ @@ -93,6 +93,14 @@ Source150: RPM-GPG-KEY-fedora-iot-2019 Source151: fedora.conf Source152: fedora-compose.conf +# ima certs +Source500: fedora-38-ima.cert +Source501: fedora-38-ima.der +Source502: fedora-38-ima.pem +Source503: fedora-39-ima.cert +Source504: fedora-39-ima.der +Source505: fedora-39-ima.pem + %description Fedora package repository files for yum and dnf along with gpg public keys. @@ -192,6 +200,10 @@ done ln -s RPM-GPG-KEY-fedora-%{version}-primary RPM-GPG-KEY-%{version}-fedora popd +# Install the ima keys +install -d -m 755 $RPM_BUILD_ROOT/etc/pki/rpm-ima +install -m 644 %{_sourcedir}/fedora*ima.* $RPM_BUILD_ROOT/etc/pki/rpm-ima/ + # Install repo files install -d -m 755 $RPM_BUILD_ROOT/etc/yum.repos.d for file in %{_sourcedir}/fedora*repo ; do @@ -400,6 +412,7 @@ rm -f "$TMPRING" %files -n fedora-gpg-keys %dir /etc/pki/rpm-gpg /etc/pki/rpm-gpg/RPM-GPG-KEY-* +/etc/pki/rpm-ima/fedora*ima* %files ostree @@ -412,6 +425,9 @@ rm -f "$TMPRING" %changelog +* Sat Feb 18 2023 Kevin Fenzi - 39-0.2 +- Include IMA public certs. + * Wed Feb 08 2023 Tomas Hrcka - 39-0.1 - Setup for rawhide being F39