|
|
|
@ -812,19 +812,7 @@ Source1: Makefile.rhelver
|
|
|
|
%define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
|
|
|
|
%define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
|
|
|
|
%define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer
|
|
|
|
%define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer
|
|
|
|
|
|
|
|
|
|
|
|
%if 0%{?centos}
|
|
|
|
%define pesign_name_0 spheresecureboot001
|
|
|
|
%define pesign_name_0 centossecureboot201
|
|
|
|
|
|
|
|
%else
|
|
|
|
|
|
|
|
%ifarch x86_64 aarch64
|
|
|
|
|
|
|
|
%define pesign_name_0 redhatsecureboot501
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%ifarch s390x
|
|
|
|
|
|
|
|
%define pesign_name_0 redhatsecureboot302
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%ifarch ppc64le
|
|
|
|
|
|
|
|
%define pesign_name_0 redhatsecureboot701
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# signkernel
|
|
|
|
# signkernel
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
@ -903,8 +891,8 @@ Source84: mod-internal.list
|
|
|
|
Source85: mod-partner.list
|
|
|
|
Source85: mod-partner.list
|
|
|
|
Source86: mod-kvm.list
|
|
|
|
Source86: mod-kvm.list
|
|
|
|
|
|
|
|
|
|
|
|
Source100: rheldup3.x509
|
|
|
|
Source100: msvspheredup1.x509
|
|
|
|
Source101: rhelkpatch1.x509
|
|
|
|
Source101: msvspherepatch1.x509
|
|
|
|
Source102: rhelimaca1.x509
|
|
|
|
Source102: rhelimaca1.x509
|
|
|
|
Source103: rhelima.x509
|
|
|
|
Source103: rhelima.x509
|
|
|
|
Source104: rhelima_centos.x509
|
|
|
|
Source104: rhelima_centos.x509
|
|
|
|
@ -1247,11 +1235,11 @@ Summary: gcov graph and source files for coverage data collection.\
|
|
|
|
%{nil}
|
|
|
|
%{nil}
|
|
|
|
|
|
|
|
|
|
|
|
%package -n kernel-abi-stablelists
|
|
|
|
%package -n kernel-abi-stablelists
|
|
|
|
Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
|
|
|
|
Summary: The MSVSphere kernel ABI symbol stablelists
|
|
|
|
AutoReqProv: no
|
|
|
|
AutoReqProv: no
|
|
|
|
%description -n kernel-abi-stablelists
|
|
|
|
%description -n kernel-abi-stablelists
|
|
|
|
The kABI package contains information pertaining to the Red Hat Enterprise
|
|
|
|
The kABI package contains information pertaining to the MSVSphere
|
|
|
|
Linux kernel ABI, including lists of kernel symbols that are needed by
|
|
|
|
kernel ABI, including lists of kernel symbols that are needed by
|
|
|
|
external Linux kernel modules, and a yum plugin to aid enforcement.
|
|
|
|
external Linux kernel modules, and a yum plugin to aid enforcement.
|
|
|
|
|
|
|
|
|
|
|
|
%if %{with_kabidw_base}
|
|
|
|
%if %{with_kabidw_base}
|
|
|
|
@ -1260,8 +1248,8 @@ Summary: The baseline dataset for kABI verification using DWARF data
|
|
|
|
Group: System Environment/Kernel
|
|
|
|
Group: System Environment/Kernel
|
|
|
|
AutoReqProv: no
|
|
|
|
AutoReqProv: no
|
|
|
|
%description kernel-kabidw-base-internal
|
|
|
|
%description kernel-kabidw-base-internal
|
|
|
|
The package contains data describing the current ABI of the Red Hat Enterprise
|
|
|
|
The package contains data describing the current ABI of the MSVSphere
|
|
|
|
Linux kernel, suitable for the kabi-dw tool.
|
|
|
|
kernel, suitable for the kabi-dw tool.
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
#
|
|
|
|
#
|
|
|
|
@ -1360,7 +1348,7 @@ Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1
|
|
|
|
AutoReq: no\
|
|
|
|
AutoReq: no\
|
|
|
|
AutoProv: yes\
|
|
|
|
AutoProv: yes\
|
|
|
|
%description %{?1:%{1}-}modules-internal\
|
|
|
|
%description %{?1:%{1}-}modules-internal\
|
|
|
|
This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\
|
|
|
|
This package provides kernel modules for the %{?2:%{2} }kernel package for MSVSphere internal usage.\
|
|
|
|
%{nil}
|
|
|
|
%{nil}
|
|
|
|
|
|
|
|
|
|
|
|
%if %{with_realtime}
|
|
|
|
%if %{with_realtime}
|
|
|
|
@ -1533,7 +1521,7 @@ Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}
|
|
|
|
AutoReq: no\
|
|
|
|
AutoReq: no\
|
|
|
|
AutoProv: yes\
|
|
|
|
AutoProv: yes\
|
|
|
|
%description %{?1:%{1}-}modules-partner\
|
|
|
|
%description %{?1:%{1}-}modules-partner\
|
|
|
|
This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat partners usage.\
|
|
|
|
This package provides kernel modules for the %{?2:%{2} }kernel package for MSVSphere partners usage.\
|
|
|
|
%{nil}
|
|
|
|
%{nil}
|
|
|
|
|
|
|
|
|
|
|
|
# Now, each variant package.
|
|
|
|
# Now, each variant package.
|
|
|
|
@ -1792,7 +1780,7 @@ done
|
|
|
|
# Adjust FIPS module name for RHEL
|
|
|
|
# Adjust FIPS module name for RHEL
|
|
|
|
%if 0%{?rhel}
|
|
|
|
%if 0%{?rhel}
|
|
|
|
for i in *.config; do
|
|
|
|
for i in *.config; do
|
|
|
|
sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="Red Hat Enterprise Linux %{rhel} - Kernel Cryptographic API"/' $i
|
|
|
|
sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="MSVSphere %{rhel} - Kernel Cryptographic API"/' $i
|
|
|
|
done
|
|
|
|
done
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
@ -1811,18 +1799,6 @@ RHJOBS=$RPM_BUILD_NCPUS PACKAGE_NAME=kernel ./process_configs.sh $OPTS ${specver
|
|
|
|
cp %{SOURCE82} .
|
|
|
|
cp %{SOURCE82} .
|
|
|
|
RPM_SOURCE_DIR=$RPM_SOURCE_DIR ./update_scripts.sh %{primary_target}
|
|
|
|
RPM_SOURCE_DIR=$RPM_SOURCE_DIR ./update_scripts.sh %{primary_target}
|
|
|
|
|
|
|
|
|
|
|
|
# We may want to override files from the primary target in case of building
|
|
|
|
|
|
|
|
# against a flavour of it (eg. centos not rhel), thus override it here if
|
|
|
|
|
|
|
|
# necessary
|
|
|
|
|
|
|
|
if [ "%{primary_target}" == "rhel" ]; then
|
|
|
|
|
|
|
|
%if 0%{?centos}
|
|
|
|
|
|
|
|
echo "Updating scripts/sources to centos version"
|
|
|
|
|
|
|
|
RPM_SOURCE_DIR=$RPM_SOURCE_DIR ./update_scripts.sh centos
|
|
|
|
|
|
|
|
%else
|
|
|
|
|
|
|
|
echo "Not updating scripts/sources to centos version"
|
|
|
|
|
|
|
|
%endif
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# end of kernel config
|
|
|
|
# end of kernel config
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
@ -2458,9 +2434,9 @@ BuildKernel() {
|
|
|
|
%else
|
|
|
|
%else
|
|
|
|
SBATsuffix="rhel"
|
|
|
|
SBATsuffix="rhel"
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
echo "linux,1,Red Hat,linux,$KernelVer,https://bugzilla.redhat.com/" >> $KernelUnifiedImage.sbat
|
|
|
|
echo "linux,1,MSVSphere,linux,$KernelVer,https://bugs.msvsphere-os.ru/" >> $KernelUnifiedImage.sbat
|
|
|
|
echo "linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,https://bugzilla.redhat.com/" >> $KernelUnifiedImage.sbat
|
|
|
|
echo "linux.$SBATsuffix,1,MSVSphere,linux,$KernelVer,https://bugs.msvsphere-os.ru/" >> $KernelUnifiedImage.sbat
|
|
|
|
echo "kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,https://bugzilla.redhat.com/" >> $KernelUnifiedImage.sbat
|
|
|
|
echo "kernel-uki-virt.$SBATsuffix,1,MSVSphere,kernel-uki-virt,$KernelVer,https://bugs.msvsphere-os.ru/" >> $KernelUnifiedImage.sbat
|
|
|
|
# Remove the original .sbat section
|
|
|
|
# Remove the original .sbat section
|
|
|
|
objcopy --remove-section .sbat $KernelUnifiedImage
|
|
|
|
objcopy --remove-section .sbat $KernelUnifiedImage
|
|
|
|
# Get the end of the last section
|
|
|
|
# Get the end of the last section
|
|
|
|
@ -2577,7 +2553,7 @@ BuildKernel() {
|
|
|
|
# prune junk from kernel-devel
|
|
|
|
# prune junk from kernel-devel
|
|
|
|
find $RPM_BUILD_ROOT/usr/src/kernels -name ".*.cmd" -delete
|
|
|
|
find $RPM_BUILD_ROOT/usr/src/kernels -name ".*.cmd" -delete
|
|
|
|
|
|
|
|
|
|
|
|
# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
|
|
|
# MSVSphere UEFI Secure Boot CA cert, which can be used to authenticate the kernel
|
|
|
|
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
|
|
|
|
mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer
|
|
|
|
%if %{signkernel}
|
|
|
|
%if %{signkernel}
|
|
|
|
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
|
|
|
install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer
|
|
|
|
@ -2589,7 +2565,7 @@ BuildKernel() {
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
%if 0%{?rhel}
|
|
|
|
%if 0%{?rhel}
|
|
|
|
# Red Hat IMA code-signing cert, which is used to authenticate package files
|
|
|
|
# MSVSphere IMA code-signing cert, which is used to authenticate package files
|
|
|
|
install -m 0644 %{ima_signing_cert} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{ima_cert_name}
|
|
|
|
install -m 0644 %{ima_signing_cert} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{ima_cert_name}
|
|
|
|
%endif
|
|
|
|
%endif
|
|
|
|
|
|
|
|
|
|
|
|
@ -3756,6 +3732,9 @@ fi
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#
|
|
|
|
#
|
|
|
|
%changelog
|
|
|
|
%changelog
|
|
|
|
|
|
|
|
* Mon Oct 9 2023 Arkady L. Shane <tigro@msvsphere-os.ru> - [5.14.0-362.2.1.el9_3]
|
|
|
|
|
|
|
|
- Modified to use MSVSphere Secure Boot certificates
|
|
|
|
|
|
|
|
|
|
|
|
* Fri Sep 08 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.2.1.el9_3]
|
|
|
|
* Fri Sep 08 2023 Jan Stancek <jstancek@redhat.com> [5.14.0-362.2.1.el9_3]
|
|
|
|
- PCI: hv: Fix a crash in hv_pci_restore_msi_msg() during hibernation (Vitaly Kuznetsov) [2211797]
|
|
|
|
- PCI: hv: Fix a crash in hv_pci_restore_msi_msg() during hibernation (Vitaly Kuznetsov) [2211797]
|
|
|
|
- rhel: Re-add can-dev features that were removed accidentally (Radu Rendec) [2213891]
|
|
|
|
- rhel: Re-add can-dev features that were removed accidentally (Radu Rendec) [2213891]
|
|
|
|
|
