On 8/3/20 10:19 AM, Johnny Hughes wrote:
On 8/3/20 9:43 AM, Antal Nemeš wrote:
-----Original Message----- From: CentOS-devel centos-devel-bounces@centos.org On Behalf Of Brian Stinson Sent: Monday, 3 August 2020 16:14
I believe 14.3 is exactly the same as 14.2 except that RH needed to adjust the signing order of their certificates and since those are RH specific, 14.2 == 14.3 for the intents and purposes of non-RHEL builds.
Trevor
This is the correct answer. The difference between 14.2 and 14.3 is only applicable to RHEL, and is not a change in the underlying content. The CentOS kernels were dual-signed in the right order for us in 14.2
--Brian
Great, thanks for confirmation. This throws a gigantic monkey wrench in my attempts at automating src.rpm generation from git.centos.org, so I hope this was an exceptional occurrence?
Yes .. one could say that an embargoed, 'named' sescureboot/kernel fix that requires a signature from Microsoft before release AND requires hiding embargoed content (which CentOS is not set up to do ..we build everythign in the open) .. is VERY MUCH an exceptional occurrence.
Then throw in the fact the both RHEL and CentOS installs could no longer BOOT .. I think you are it the most unbelievable and most complicated build we have ever done in as the CentOS Project.
NOTE: I have built, signed, and released about 90% of ALL content for CentOS Linux since 2004 // this is by far the most complicated thing I have ever built.
Brian Stinson is a genius :) So is Peter Jones.