%global _debugsource_packages 0 %global _debuginfo_packages 0 %global debug_package %{nil} %global corefreq_version 2.0.8 Name: corefreq Version: %{corefreq_version} Release: 4%{?dist} Summary: CPU monitoring software with DKMS kernel module License: GPL-2.0-only URL: https://github.com/cyring/CoreFreq Source0: %{url}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: corefreqd.service Source2: dkms.conf BuildRequires: gcc make kernel-devel dkms kmod systemd-rpm-macros BuildRequires: openssl mokutil Requires: dkms kernel-devel openssl mokutil %description CoreFreq is a CPU monitoring software designed for 64-bit Processors. This package provides the user-space tools and the DKMS source for the 'corefreqk' kernel module, which will be automatically built, signed, and loaded. %prep %autosetup -n CoreFreq-%{version} -p1 cp %{SOURCE2} . sed -i 's/@RPM_VERSION@/%{version}/' dkms.conf %build make %{?_smp_mflags} corefreqd corefreq-cli %install install -D -m 0755 build/corefreqd %{buildroot}%{_bindir}/corefreqd install -D -m 0755 build/corefreq-cli %{buildroot}%{_bindir}/corefreq-cli install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/corefreqd.service rm -rf build %global dkms_source_dir %{_usrsrc}/%{name}-%{version} install -d -m 755 %{buildroot}%{dkms_source_dir} cp -a . %{buildroot}%{dkms_source_dir}/ %post # --- LEVEL 3 AUTOMATION SCRIPT --- MOK_KEY_DIR="/etc/pki/corefreq" MOK_PRIV_KEY="${MOK_KEY_DIR}/private_key.priv" MOK_PUB_KEY="${MOK_KEY_DIR}/public_key.der" DKMS_CONF_HOOK="/etc/dkms/corefreq-signing.conf" # 1. Generate Key if it doesn't exist (First-time install) if [ ! -f "${MOK_PRIV_KEY}" ]; then echo "--- Secure Boot key not found. Generating a new key for CoreFreq ---" mkdir -p "${MOK_KEY_DIR}" openssl req -new -x509 -newkey rsa:2048 \ -keyout "${MOK_PRIV_KEY}" \ -outform DER -out "${MOK_PUB_KEY}" \ -nodes -days 36500 -subj "/CN=CoreFreq DKMS Signing Key/" >/dev/null 2>&1 # --- Create the DKMS signing hook for FULL automation --- echo "--- Creating DKMS signing hook for future kernel updates ---" cat > "${DKMS_CONF_HOOK}" << EOF # Configuration for CoreFreq DKMS module signing # This file was automatically generated by the corefreq RPM package. POST_BUILD_COMMAND="'/usr/src/kernels/\${kernelver}/scripts/sign-file' sha256 '${MOK_PRIV_KEY}' '${MOK_PUB_KEY}' '\${module_location}/\${module_name}.ko'" EOF echo "----------------------------------------------------------------------" echo "ATTENTION: SECURE BOOT FIRST-TIME SETUP" echo "A new key has been generated and auto-signing has been configured." echo "You must now enroll this key into your system's firmware (UEFI)." echo "1. Run: sudo mokutil --import ${MOK_PUB_KEY}" echo " (You will be asked to create a password for this one-time action.)" echo "2. Reboot your computer and complete enrollment at the blue MOK Manager screen." echo "----------------------------------------------------------------------" fi # 2. Rebuild and install the module via DKMS # This will now be automatically signed by the hook we just created if dkms status -m %{name} -v %{version} | grep -q installed; then dkms remove -m %{name} -v %{version} --all >/dev/null 2>&1 || : fi dkms add -m %{name} -v %{version} >/dev/null 2>&1 || : dkms autoinstall >/dev/null 2>&1 || : # NOTE: We no longer need the manual signing step here! DKMS does it now. # 3. Load the module and start the service /sbin/modprobe corefreqk >/dev/null 2>&1 || : %systemd_postun_with_restart corefreqd.service %preun %systemd_preun corefreqd.service if [ $1 -eq 0 ]; then # Final uninstall /sbin/rmmod corefreqk >/dev/null 2>&1 || : dkms remove -m %{name} -v %{version} --all >/dev/null 2>&1 || : # --- Also remove our signing hook on final uninstall --- rm -f /etc/dkms/corefreq-signing.conf # We still intentionally leave the key in /etc/pki/ for the user. fi %postun %systemd_postun_with_restart corefreqd.service %files %license LICENSE %doc README.md %{_bindir}/corefreq-cli %{_bindir}/corefreqd %{_unitdir}/corefreqd.service %{_usrsrc}/%{name}-%{version}/ # --- We don't list the conf hook in %files --- # It is created and removed by scripts, not owned by the package. This is safer. %changelog # ...