commit
44388c009c
@ -0,0 +1,12 @@
|
||||
SOURCES/fedoraimaca.x509
|
||||
SOURCES/kernel-abi-stablelists-6.11.0-25.el10.tar.xz
|
||||
SOURCES/kernel-kabi-dw-6.11.0-25.el10.tar.xz
|
||||
SOURCES/linux-6.11.0-25.el10.tar.xz
|
||||
SOURCES/nvidiagpuoot001.x509
|
||||
SOURCES/redhatsecureboot501.cer
|
||||
SOURCES/redhatsecurebootca5.cer
|
||||
SOURCES/rheldup3.x509
|
||||
SOURCES/rhelima.x509
|
||||
SOURCES/rhelima_centos.x509
|
||||
SOURCES/rhelimaca1.x509
|
||||
SOURCES/rhelkpatch1.x509
|
@ -0,0 +1,12 @@
|
||||
9b16961bd5da2dc805f1b73414c201d4371613f1 SOURCES/fedoraimaca.x509
|
||||
1e8092e900080df3e921dd003239e8f07739a512 SOURCES/kernel-abi-stablelists-6.11.0-25.el10.tar.xz
|
||||
d7b7a086dd2153df7f6925140f1c285c13d02673 SOURCES/kernel-kabi-dw-6.11.0-25.el10.tar.xz
|
||||
72824366d0d7b3b2a043bd89d155702f25143fd5 SOURCES/linux-6.11.0-25.el10.tar.xz
|
||||
4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509
|
||||
ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer
|
||||
e6f506462069aa17d2e8610503635c20f3a995c3 SOURCES/redhatsecurebootca5.cer
|
||||
95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
|
||||
99e571f9de4188f3b5fdf1f84ff73f6cc4bb6a0e SOURCES/rhelima.x509
|
||||
61d5a223ff0c79189505abae77e0087c4b2d2b47 SOURCES/rhelima_centos.x509
|
||||
f882610d2554fef65703e5d3c342f005af0390ad SOURCES/rhelimaca1.x509
|
||||
d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509
|
@ -0,0 +1,80 @@
|
||||
RHEL_MAJOR = 10
|
||||
RHEL_MINOR = 0
|
||||
|
||||
#
|
||||
# RHEL_RELEASE
|
||||
# -------------
|
||||
#
|
||||
# Represents build number in 'release' part of RPM's name-version-release.
|
||||
# name is <package_name>, e.g. kernel
|
||||
# version is upstream kernel version this kernel is based on, e.g. 4.18.0
|
||||
# release is <RHEL_RELEASE>.<dist_tag>[<buildid>], e.g. 100.el8
|
||||
#
|
||||
# Use this spot to avoid future merge conflicts.
|
||||
# Do not trim this comment.
|
||||
RHEL_RELEASE = 25
|
||||
|
||||
#
|
||||
# RHEL_REBASE_NUM
|
||||
# ----------------
|
||||
#
|
||||
# Used in RPM version string for Gemini kernels, which dont use upstream
|
||||
# VERSION/PATCHLEVEL/SUBLEVEL. The number represents rebase number for
|
||||
# current MAJOR release.
|
||||
#
|
||||
# Use this spot to avoid future merge conflicts.
|
||||
# Do not trim this comment.
|
||||
RHEL_REBASE_NUM = 1
|
||||
|
||||
|
||||
#
|
||||
# ZSTREAM
|
||||
# -------
|
||||
#
|
||||
# This variable controls whether we use zstream numbering or not for the
|
||||
# package release. The zstream release keeps the build number of the last
|
||||
# build done for ystream for the Beta milestone, and increments a second
|
||||
# number for each build. The third number is used for branched builds
|
||||
# (eg.: for builds with security fixes or hot fixes done outside of the
|
||||
# batch release process).
|
||||
#
|
||||
# For example, with ZSTREAM unset or set to "no", all builds will contain
|
||||
# a release with only the build number, eg.: kernel-<kernel version>-X.el*,
|
||||
# where X is the build number. With ZSTREAM set to "yes", we will have
|
||||
# builds with kernel-<kernel version>-X.Y.Z.el*, where X is the last
|
||||
# RHEL_RELEASE number before ZSTREAM flag was set to yes, Y will now be the
|
||||
# build number and Z will always be 1 except if you're doing a branched build
|
||||
# (when you give RHDISTGIT_BRANCH on the command line, in which case the Z
|
||||
# number will be incremented instead of the Y).
|
||||
#
|
||||
ZSTREAM ?= no
|
||||
|
||||
#
|
||||
# Early y+1 numbering
|
||||
# --------------------
|
||||
#
|
||||
# In early y+1 process, RHEL_RELEASE consists of 2 numbers: x.y
|
||||
# First is RHEL_RELEASE inherited/merged from y as-is, second number
|
||||
# is incremented with each build starting from 1. After merge from y,
|
||||
# it resets back to 1. This way y+1 nvr reflects status of last merge.
|
||||
#
|
||||
# Example:
|
||||
#
|
||||
# rhel8.0 rhel-8.1
|
||||
# kernel-4.18.0-58.el8 --> kernel-4.18.0-58.1.el8
|
||||
# kernel-4.18.0-58.2.el8
|
||||
# kernel-4.18.0-59.el8 kernel-4.18.0-59.1.el8
|
||||
# kernel-4.18.0-60.el8
|
||||
# kernel-4.18.0-61.el8 --> kernel-4.18.0-61.1.el8
|
||||
#
|
||||
#
|
||||
# Use this spot to avoid future merge conflicts.
|
||||
# Do not trim this comment.
|
||||
EARLY_YSTREAM ?= no
|
||||
EARLY_YBUILD:=
|
||||
EARLY_YRELEASE:=
|
||||
ifneq ("$(ZSTREAM)", "yes")
|
||||
ifeq ("$(EARLY_YSTREAM)","yes")
|
||||
RHEL_RELEASE:=$(RHEL_RELEASE).$(EARLY_YRELEASE)
|
||||
endif
|
||||
endif
|
@ -0,0 +1,25 @@
|
||||
===================
|
||||
The Kernel dist-git
|
||||
===================
|
||||
|
||||
The kernel is maintained in a `source tree`_ rather than directly in dist-git.
|
||||
The specfile is maintained as a `template`_ in the source tree along with a set
|
||||
of build scripts to generate configurations, (S)RPMs, and to populate the
|
||||
dist-git repository.
|
||||
|
||||
The `documentation`_ for the source tree covers how to contribute and maintain
|
||||
the tree.
|
||||
|
||||
If you're looking for the downstream patch set it's available in the source
|
||||
tree with "git log master..ark-patches" or
|
||||
`online`_.
|
||||
|
||||
Each release in dist-git is tagged in the source repository so you can easily
|
||||
check out the source tree for a build. The tags are in the format
|
||||
name-version-release, but note release doesn't contain the dist tag since the
|
||||
source can be built in different build roots (Fedora, CentOS, etc.)
|
||||
|
||||
.. _source tree: https://gitlab.com/cki-project/kernel-ark.git
|
||||
.. _template: https://gitlab.com/cki-project/kernel-ark/-/blob/os-build/redhat/kernel.spec.template
|
||||
.. _documentation: https://gitlab.com/cki-project/kernel-ark/-/wikis/home
|
||||
.. _online: https://gitlab.com/cki-project/kernel-ark/-/commits/ark-patches
|
@ -0,0 +1,166 @@
|
||||
#!/usr/bin/python3
|
||||
#
|
||||
# check-kabi - Red Hat kABI reference checking tool
|
||||
#
|
||||
# We use this script to check against reference Module.kabi files.
|
||||
#
|
||||
# Author: Jon Masters <jcm@redhat.com>
|
||||
# Copyright (C) 2007-2009 Red Hat, Inc.
|
||||
#
|
||||
# This software may be freely redistributed under the terms of the GNU
|
||||
# General Public License (GPL).
|
||||
|
||||
# Changelog:
|
||||
#
|
||||
# 2018/06/01 - Update for python3 by Petr Oros.
|
||||
# 2009/08/15 - Updated for use in RHEL6.
|
||||
# 2007/06/13 - Initial rewrite in python by Jon Masters.
|
||||
|
||||
__author__ = "Jon Masters <jcm@redhat.com>"
|
||||
__version__ = "2.0"
|
||||
__date__ = "2009/08/15"
|
||||
__copyright__ = "Copyright (C) 2007-2009 Red Hat, Inc"
|
||||
__license__ = "GPL"
|
||||
|
||||
import getopt
|
||||
import string
|
||||
import sys
|
||||
|
||||
true = 1
|
||||
false = 0
|
||||
|
||||
|
||||
def load_symvers(symvers, filename):
|
||||
"""Load a Module.symvers file."""
|
||||
|
||||
symvers_file = open(filename, "r")
|
||||
|
||||
while true:
|
||||
in_line = symvers_file.readline()
|
||||
if in_line == "":
|
||||
break
|
||||
if in_line == "\n":
|
||||
continue
|
||||
checksum, symbol, directory, type, *ns = in_line.split()
|
||||
ns = ns[0] if ns else None
|
||||
|
||||
symvers[symbol] = in_line[0:-1]
|
||||
|
||||
|
||||
def load_kabi(kabi, filename):
|
||||
"""Load a Module.kabi file."""
|
||||
|
||||
kabi_file = open(filename, "r")
|
||||
|
||||
while true:
|
||||
in_line = kabi_file.readline()
|
||||
if in_line == "":
|
||||
break
|
||||
if in_line == "\n":
|
||||
continue
|
||||
checksum, symbol, directory, type, *ns = in_line.split()
|
||||
ns = ns[0] if ns else None
|
||||
|
||||
kabi[symbol] = in_line[0:-1]
|
||||
|
||||
|
||||
def check_kabi(symvers, kabi):
|
||||
"""Check Module.kabi and Module.symvers files."""
|
||||
|
||||
fail = 0
|
||||
warn = 0
|
||||
changed_symbols = []
|
||||
moved_symbols = []
|
||||
ns_symbols = []
|
||||
|
||||
for symbol in kabi:
|
||||
abi_hash, abi_sym, abi_dir, abi_type, *abi_ns = kabi[symbol].split()
|
||||
abi_ns = abi_ns[0] if abi_ns else None
|
||||
if symbol in symvers:
|
||||
sym_hash, sym_sym, sym_dir, sym_type, *sym_ns = symvers[symbol].split()
|
||||
sym_ns = sym_ns[0] if sym_ns else None
|
||||
if abi_hash != sym_hash:
|
||||
fail = 1
|
||||
changed_symbols.append(symbol)
|
||||
|
||||
if abi_dir != sym_dir:
|
||||
warn = 1
|
||||
moved_symbols.append(symbol)
|
||||
|
||||
if abi_ns != sym_ns:
|
||||
warn = 1
|
||||
ns_symbols.append(symbol)
|
||||
else:
|
||||
fail = 1
|
||||
changed_symbols.append(symbol)
|
||||
|
||||
if fail:
|
||||
print("*** ERROR - ABI BREAKAGE WAS DETECTED ***")
|
||||
print("")
|
||||
print("The following symbols have been changed (this will cause an ABI breakage):")
|
||||
print("")
|
||||
for symbol in changed_symbols:
|
||||
print(symbol)
|
||||
print("")
|
||||
|
||||
if warn:
|
||||
print("*** WARNING - ABI SYMBOLS MOVED ***")
|
||||
if moved_symbols:
|
||||
print("")
|
||||
print("The following symbols moved (typically caused by moving a symbol from being")
|
||||
print("provided by the kernel vmlinux out to a loadable module):")
|
||||
print("")
|
||||
for symbol in moved_symbols:
|
||||
print(symbol)
|
||||
print("")
|
||||
if ns_symbols:
|
||||
print("")
|
||||
print("The following symbols changed symbol namespaces:")
|
||||
print("")
|
||||
for symbol in ns_symbols:
|
||||
print(symbol)
|
||||
print("")
|
||||
|
||||
"""Halt the build, if we got errors and/or warnings. In either case,
|
||||
double-checkig is required to avoid introducing / concealing
|
||||
KABI inconsistencies."""
|
||||
if fail or warn:
|
||||
sys.exit(1)
|
||||
sys.exit(0)
|
||||
|
||||
|
||||
def usage():
|
||||
print("""
|
||||
check-kabi: check Module.kabi and Module.symvers files.
|
||||
|
||||
check-kabi [ -k Module.kabi ] [ -s Module.symvers ]
|
||||
|
||||
""")
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
||||
symvers_file = ""
|
||||
kabi_file = ""
|
||||
|
||||
opts, args = getopt.getopt(sys.argv[1:], 'hk:s:')
|
||||
|
||||
for o, v in opts:
|
||||
if o == "-s":
|
||||
symvers_file = v
|
||||
if o == "-h":
|
||||
usage()
|
||||
sys.exit(0)
|
||||
if o == "-k":
|
||||
kabi_file = v
|
||||
|
||||
if (symvers_file == "") or (kabi_file == ""):
|
||||
usage()
|
||||
sys.exit(1)
|
||||
|
||||
symvers = {}
|
||||
kabi = {}
|
||||
|
||||
load_symvers(symvers, symvers_file)
|
||||
load_kabi(kabi, kabi_file)
|
||||
check_kabi(symvers, kabi)
|
@ -0,0 +1,523 @@
|
||||
packages:
|
||||
- name: modules-core
|
||||
depends-on: []
|
||||
- name: modules
|
||||
depends-on:
|
||||
- modules-core
|
||||
- name: modules-internal
|
||||
depends-on:
|
||||
- modules-core
|
||||
- modules
|
||||
- name: modules-extra
|
||||
depends-on:
|
||||
- modules-core
|
||||
- modules
|
||||
- name: modules-rt-kvm
|
||||
if_variant_in: ["rt"]
|
||||
depends-on:
|
||||
- modules-core
|
||||
- name: modules-partner
|
||||
depends-on:
|
||||
- modules-core
|
||||
- modules
|
||||
|
||||
rules:
|
||||
- arch/x86/kvm/kvm(-amd|-intel|\.).*: modules-rt-kvm
|
||||
if_variant_in: ["rt"]
|
||||
|
||||
- arch/.*: modules-core
|
||||
- block/t10-pi.ko: modules-core
|
||||
- crypto/.*: modules-core
|
||||
|
||||
- drivers/accel/.*: modules-core
|
||||
- drivers/accessibility/.*: modules-core
|
||||
- drivers/acpi/video.*: modules
|
||||
- drivers/acpi/.*: modules-core
|
||||
- drivers/ata/.*: modules-core
|
||||
|
||||
- drivers/base/.*(kunit|test).*: modules-internal
|
||||
- drivers/base/regmap/regmap-sdw.*: modules
|
||||
- drivers/base/.*: modules-core
|
||||
- drivers/block/floppy.*: modules-extra
|
||||
- drivers/block/rnbd.*: modules
|
||||
- drivers/block/.*: modules-core
|
||||
- drivers/bus/.*: modules-core
|
||||
|
||||
- drivers/cdrom/.*: modules-core
|
||||
- drivers/cdx/.*: modules-core
|
||||
- drivers/char/mwave.*: modules
|
||||
- drivers/char/.*: modules-core
|
||||
- drivers/clk/.*test.*: modules-internal
|
||||
- drivers/clk/.*: modules-core
|
||||
- drivers/counter/.*: modules-core
|
||||
- drivers/cpufreq/amd-pstate-ut.ko: modules-internal
|
||||
- drivers/cpufreq/.*: modules-core
|
||||
- drivers/crypto/caam/.*: modules
|
||||
- drivers/crypto/cavium/.*: modules
|
||||
- drivers/crypto/chelsio/.*: modules
|
||||
- drivers/crypto/hisilicon/.*: modules
|
||||
- drivers/crypto/marvell/.*: modules
|
||||
- drivers/crypto/.*: modules-core
|
||||
- drivers/cxl/.*: modules-core
|
||||
|
||||
- drivers/dax/.*: modules-core
|
||||
- drivers/dca/.*: modules-core
|
||||
- drivers/devfreq/.*: modules-core
|
||||
- drivers/dma/dmatest.*: modules-internal
|
||||
- drivers/dma/.*: modules-core
|
||||
|
||||
- drivers/edac/.*: modules-core
|
||||
- drivers/extcon/.*: modules-core
|
||||
|
||||
- drivers/firmware/iscsi_ibft.*: modules
|
||||
- drivers/firmware/.*: modules-core
|
||||
- drivers/fsi/.*: modules-core
|
||||
|
||||
- drivers/gnss/.*: modules-core
|
||||
- drivers/gpio/gpio-dln2.*: modules-extra
|
||||
- drivers/gpio/gpio-ljca.*: modules
|
||||
- drivers/gpio/.*: modules-core
|
||||
- drivers/gpu/drm/i915/kvmgt.*: modules-rt-kvm
|
||||
if_variant_in: ["rt"]
|
||||
- drivers/gpu/drm/display/drm_.*: modules-core
|
||||
- drivers/gpu/drm/drm.*: modules-core
|
||||
- drivers/gpu/drm/etnaviv/.*: modules-core
|
||||
- drivers/gpu/drm/gud/.*: modules-core
|
||||
- drivers/gpu/drm/hyperv/.*: modules-core
|
||||
- drivers/gpu/drm/imagination/.*: modules-core
|
||||
- drivers/gpu/drm/lima/.*: modules-core
|
||||
- drivers/gpu/drm/mxsfb/.*: modules-core
|
||||
- drivers/gpu/drm/panfrost/.*: modules-core
|
||||
- drivers/gpu/drm/qxl/.*: modules-core
|
||||
- drivers/gpu/drm/scheduler/.*: modules-core
|
||||
- drivers/gpu/drm/solomon/.*: modules-core
|
||||
- drivers/gpu/drm/tests/.*: modules-internal
|
||||
- drivers/gpu/drm/tidss/.*: modules-core
|
||||
- drivers/gpu/drm/tiny/.*: modules-core
|
||||
- drivers/gpu/drm/ttm/.*: modules-core
|
||||
- drivers/gpu/drm/udl/.*: modules-core
|
||||
- drivers/gpu/drm/v3d/.*: modules-core
|
||||
- drivers/gpu/drm/vgem/.*: modules-core
|
||||
- drivers/gpu/drm/virtio/.*: modules-core
|
||||
- drivers/gpu/drm/vkms/.*: modules-core
|
||||
- drivers/gpu/drm/vmwgfx/.*: modules-core
|
||||
- drivers/gpu/drm/xlnx/.*: modules-core
|
||||
- drivers/gpu/host1x/.*: modules-core
|
||||
|
||||
- drivers/hid/.*test.*: modules-internal
|
||||
- drivers/hid/hid-asus.*: modules
|
||||
- drivers/hid/hid-nintendo.*: modules
|
||||
- drivers/hid/hid-picolcd.*: modules
|
||||
- drivers/hid/hid-playstation.*: modules
|
||||
- drivers/hid/surface-hid.*: modules
|
||||
- drivers/hid/hid-prodikeys.*: modules
|
||||
- drivers/hid/.*: modules-core
|
||||
- drivers/hte/.*: modules-core
|
||||
- drivers/hv/.*: modules-core
|
||||
- drivers/hwmon/asus_wmi_sensors.*: modules
|
||||
- drivers/hwmon/dell-smm-hwmon.*: modules
|
||||
- drivers/hwmon/hp-wmi-sensors.*: modules
|
||||
- drivers/hwmon/intel-m10-bmc-hwmon.*: modules
|
||||
- drivers/hwmon/nct6775.*: modules
|
||||
- drivers/hwmon/ntc_thermistor.*: modules
|
||||
- drivers/hwmon/.*: modules-core
|
||||
- drivers/hwspinlock/.*: modules-core
|
||||
- drivers/hwtracing/.*: modules-core
|
||||
|
||||
- drivers/i2c/busses/i2c-dln2.*: modules-extra
|
||||
- drivers/i2c/busses/i2c-ljca.*: modules
|
||||
- drivers/i2c/.*: modules-core
|
||||
- drivers/i3c/.*: modules-core
|
||||
- drivers/iio/adc/dln2-adc.*: modules-extra
|
||||
- drivers/iio/test/.*: modules-internal
|
||||
- drivers/input/gameport/.*: modules
|
||||
- drivers/input/joystick/.*: modules-extra
|
||||
- drivers/input/tablet/.*: modules
|
||||
- drivers/input/tests/.*: modules-internal
|
||||
- drivers/input/touchscreen/.*: modules
|
||||
- drivers/input/.*: modules-core
|
||||
- drivers/interconnect/.*: modules-core
|
||||
- drivers/iommu/.*test.ko: modules-internal
|
||||
- drivers/iommu/.*: modules-core
|
||||
- drivers/irqchip/.*: modules-core
|
||||
|
||||
- drivers/mailbox/.*: modules-core
|
||||
- drivers/md/.*: modules-core
|
||||
- drivers/memory/dfl-emif.*: modules
|
||||
- drivers/memory/.*: modules-core
|
||||
- drivers/message/fusion/mptctl.*: modules-extra
|
||||
- drivers/message/fusion/mptfc.*: modules-extra
|
||||
- drivers/message/fusion/.*: modules
|
||||
- drivers/message/.*: modules-core
|
||||
- drivers/mfd/dln2.*: modules-extra
|
||||
- drivers/misc/.*: modules-core
|
||||
- drivers/mux/.*: modules-core
|
||||
|
||||
- drivers/net/amt.ko: modules-core
|
||||
- drivers/net/bareudp.ko: modules-core
|
||||
- drivers/net/bonding/.*: modules-core
|
||||
- drivers/net/can/slcan/slcan.*: modules-extra
|
||||
- drivers/net/can/usb/ems_usb.*: modules-extra
|
||||
- drivers/net/can/vcan.*: modules-extra
|
||||
- drivers/net/dummy.ko: modules-core
|
||||
- drivers/net/eql.ko: modules-core
|
||||
|
||||
- drivers/net/ethernet/8390/.*: modules-core
|
||||
- drivers/net/ethernet/adi/.*: modules-core
|
||||
- drivers/net/ethernet/agere/.*: modules-core
|
||||
- drivers/net/ethernet/altera/.*: modules-core
|
||||
- drivers/net/ethernet/amazon/.*: modules-core
|
||||
- drivers/net/ethernet/amd/.*: modules-core
|
||||
- drivers/net/ethernet/apm/.*: modules-core
|
||||
- drivers/net/ethernet/asix/.*: modules-core
|
||||
- drivers/net/ethernet/brocade/.*: modules-core
|
||||
- drivers/net/ethernet/cavium/.*: modules-core
|
||||
- drivers/net/ethernet/dnet.ko: modules-core
|
||||
- drivers/net/ethernet/engleder/.*: modules-core
|
||||
- drivers/net/ethernet/ethoc.ko: modules-core
|
||||
- drivers/net/ethernet/fealnx.ko: modules-core
|
||||
- drivers/net/ethernet/freescale/.*: modules-core
|
||||
- drivers/net/ethernet/fungible/.*: modules-core
|
||||
- drivers/net/ethernet/google/.*: modules-core
|
||||
- drivers/net/ethernet/hisilicon/.*: modules-core
|
||||
- drivers/net/ethernet/huawei/.*: modules-core
|
||||
- drivers/net/ethernet/ibm/.*: modules-core
|
||||
- drivers/net/ethernet/intel/.*: modules-core
|
||||
- drivers/net/ethernet/jme.ko: modules-core
|
||||
- drivers/net/ethernet/litex/.*: modules-core
|
||||
- drivers/net/ethernet/mellanox/.*: modules-core
|
||||
- drivers/net/ethernet/microsoft/.*: modules-core
|
||||
- drivers/net/ethernet/myricom/.*: modules-core
|
||||
- drivers/net/ethernet/natsemi/.*: modules-core
|
||||
- drivers/net/ethernet/netronome/.*: modules-core
|
||||
- drivers/net/ethernet/pensando/.*: modules-core
|
||||
- drivers/net/ethernet/rocker/rocker.*: modules-internal
|
||||
- drivers/net/ethernet/qualcomm/.*: modules-core
|
||||
- drivers/net/ethernet/realtek/.*: modules-core
|
||||
- drivers/net/ethernet/renesas/.*: modules-core
|
||||
- drivers/net/ethernet/socionext/.*: modules-core
|
||||
- drivers/net/ethernet/vertexcom/.*: modules-core
|
||||
- drivers/net/ethernet/wangxun/.*: modules-core
|
||||
- drivers/net/ethernet/xilinx/.*: modules-core
|
||||
|
||||
- drivers/net/fjes/.*: modules-core
|
||||
- drivers/net/geneve.ko: modules-core
|
||||
- drivers/net/gtp.ko: modules-core
|
||||
- drivers/net/hamradio/.*: modules-extra
|
||||
- drivers/net/hyperv/.*: modules-core
|
||||
- drivers/net/ifb.ko: modules-core
|
||||
- drivers/net/ipa/.*: modules-core
|
||||
- drivers/net/ipvlan/.*: modules-core
|
||||
- drivers/net/macsec.ko: modules-core
|
||||
- drivers/net/macvlan.ko: modules-core
|
||||
- drivers/net/macvtap.ko: modules-core
|
||||
- drivers/net/mctp/.*: modules-core
|
||||
- drivers/net/mdio.*: modules-core
|
||||
- drivers/net/mhi_net.ko: modules-core
|
||||
- drivers/net/mii.ko: modules-core
|
||||
- drivers/net/net_failover.ko: modules-core
|
||||
- drivers/net/netdevsim/netdevsim.*: modules-internal
|
||||
- drivers/net/netconsole.ko: modules-core
|
||||
- drivers/net/nlmon.ko: modules-core
|
||||
- drivers/net/pcs/.*: modules-core
|
||||
- drivers/net/phy/.*: modules-core
|
||||
- drivers/net/rionet.ko: modules-core
|
||||
- drivers/net/slip/slip.*: modules-extra
|
||||
- drivers/net/sungem_phy.ko: modules-core
|
||||
- drivers/net/tap.ko: modules-core
|
||||
- drivers/net/team/.*: modules-core
|
||||
- drivers/net/thunderbolt/.*: modules-core
|
||||
- drivers/net/tun.ko: modules-core
|
||||
- drivers/net/veth.ko: modules-core
|
||||
- drivers/net/virtio_net.ko: modules-core
|
||||
- drivers/net/vmxnet3/.*: modules-core
|
||||
- drivers/net/vrf.ko: modules-core
|
||||
- drivers/net/vsockmon.ko: modules-core
|
||||
- drivers/net/vxlan/.*: modules-core
|
||||
- drivers/net/wan/hdlc.*: modules-core
|
||||
- drivers/net/wireguard/.*: modules-core
|
||||
- drivers/net/wireless/virtual/mac80211_hwsim.*: modules-internal
|
||||
- drivers/net/wwan/wwan_hwsim.*: modules-internal
|
||||
- drivers/net/wwan/.*: modules-core
|
||||
- drivers/net/xen.*: modules-core
|
||||
|
||||
- drivers/nvdimm/.*: modules-core
|
||||
- drivers/nvme/host/nvme-rdma.*: modules
|
||||
- drivers/nvme/target/nvmet-rdma.*: modules
|
||||
- drivers/nvme/.*: modules-core
|
||||
- drivers/nvmem/nvmem_u-boot-env.*: modules
|
||||
- drivers/nvmem/.*: modules-core
|
||||
|
||||
- drivers/parport/parport_serial.*: modules
|
||||
- drivers/parport/.*: modules-core
|
||||
- drivers/pci/pcie/aer_inject.*: modules-extra
|
||||
- drivers/pci/.*: modules-core
|
||||
- drivers/perf/.*: modules-core
|
||||
- drivers/phy/.*: modules-core
|
||||
- drivers/pinctrl/.*: modules-core
|
||||
- drivers/platform/chrome/.*test.*: modules-internal
|
||||
- drivers/platform/x86/intel/intel_vsec.*: modules-core
|
||||
- drivers/pmdomain/.*: modules-core
|
||||
- drivers/powercap/intel_rapl_tpmi.*: modules
|
||||
- drivers/powercap/.*: modules-core
|
||||
- drivers/pps/.*: modules-core
|
||||
- drivers/ptp/ptp_kvm.*: modules-rt-kvm
|
||||
if_variant_in: ["rt"]
|
||||
- drivers/ptp/ptp_mock.*: modules-internal
|
||||
- drivers/ptp/ptp_dfl_tod.*: modules
|
||||
- drivers/ptp/.*: modules-core
|
||||
- drivers/pwm/.*: modules-core
|
||||
|
||||
- drivers/rapidio/.*: modules-core
|
||||
- drivers/regulator/arizona-micsupp.*: modules
|
||||
- drivers/regulator/.*: modules-core
|
||||
- drivers/remoteproc/.*: modules-core
|
||||
- drivers/reset/.*: modules-core
|
||||
- drivers/rpmsg/.*: modules-core
|
||||
- drivers/rtc/.*test.*: modules-internal
|
||||
- drivers/rtc/.*: modules-core
|
||||
|
||||
- drivers/s390/net/ism.*: modules
|
||||
- drivers/s390/.*: modules-core
|
||||
|
||||
- drivers/scsi/3w.*: modules-core
|
||||
- drivers/scsi/BusLogic.ko: modules-core
|
||||
- drivers/scsi/a100u2w.ko: modules-core
|
||||
- drivers/scsi/advansys.ko: modules-core
|
||||
- drivers/scsi/am53c974.ko: modules-core
|
||||
- drivers/scsi/arcmsr.*: modules-core
|
||||
- drivers/scsi/atp870u.ko: modules-core
|
||||
- drivers/scsi/ch.ko: modules-core
|
||||
- drivers/scsi/cxlflash/.*: modules-core
|
||||
- drivers/scsi/dc395x.ko: modules-core
|
||||
- drivers/scsi/device_handler/.*: modules-core
|
||||
- drivers/scsi/dmx3191d.ko: modules-core
|
||||
- drivers/scsi/elx/.*: modules-core
|
||||
- drivers/scsi/esp_scsi.ko: modules-core
|
||||
- drivers/scsi/fdomain.*: modules-core
|
||||
- drivers/scsi/hpsa.ko: modules-core
|
||||
- drivers/scsi/hptiop.ko: modules-core
|
||||
- drivers/scsi/hv_storvsc.ko: modules-core
|
||||
- drivers/scsi/ibmvscsi.*: modules-core
|
||||
- drivers/scsi/initio.ko: modules-core
|
||||
- drivers/scsi/ipr.ko: modules-core
|
||||
- drivers/scsi/ips.ko: modules-core
|
||||
- drivers/scsi/iscsi_tcp.ko: modules-core
|
||||
- drivers/scsi/libfc/.*: modules-core
|
||||
- drivers/scsi/libiscsi.*: modules-core
|
||||
- drivers/scsi/mpi3mr/.*: modules-core
|
||||
- drivers/scsi/mvumi.ko: modules-core
|
||||
- drivers/scsi/myrb.ko: modules-core
|
||||
- drivers/scsi/myrs.ko: modules-core
|
||||
- drivers/scsi/raid_class.ko: modules-core
|
||||
- drivers/scsi/scsi_debug.ko: modules-core
|
||||
- drivers/scsi/scsi_transport_.*: modules-core
|
||||
- drivers/scsi/sd_mod.ko: modules-core
|
||||
- drivers/scsi/ses.ko: modules-core
|
||||
- drivers/scsi/sg.ko: modules-core
|
||||
- drivers/scsi/smartpqi/.*: modules-core
|
||||
- drivers/scsi/snic/.*: modules-core
|
||||
- drivers/scsi/sr_mod.ko: modules-core
|
||||
- drivers/scsi/st.ko: modules-core
|
||||
- drivers/scsi/stex.ko: modules-core
|
||||
- drivers/scsi/virtio_scsi.ko: modules-core
|
||||
- drivers/scsi/vmw_pvscsi.ko: modules-core
|
||||
- drivers/scsi/wd719x.ko: modules-core
|
||||
- drivers/scsi/xen-scsifront.ko: modules-core
|
||||
|
||||
- drivers/slimbus/.*: modules-core
|
||||
- drivers/soc/.*: modules-core
|
||||
- drivers/spi/spi-altera-dfl.*: modules
|
||||
- drivers/spi/spi-dln2.*: modules-extra
|
||||
- drivers/spi/spi-ljca.*: modules
|
||||
- drivers/spi/.*: modules-core
|
||||
- drivers/spmi/.*: modules-core
|
||||
|
||||
- drivers/target/iscsi/cxgbit/cxgbit.*: modules
|
||||
- drivers/target/sbp/sbp_target.*: modules
|
||||
- drivers/target/target_core_user.*: modules
|
||||
- drivers/target/.*: modules-core
|
||||
- drivers/tee/.*: modules-core
|
||||
- drivers/thermal/intel/int340x_thermal/int3406_thermal.*: modules
|
||||
- drivers/thermal/.*: modules-core
|
||||
- drivers/thunderbolt/.*: modules-core
|
||||
|
||||
- drivers/ufs/.*: modules-core
|
||||
- drivers/usb/atm/.*: modules
|
||||
- drivers/usb/gadget/function/usb_f_midi2.*: modules
|
||||
- drivers/usb/image/.*: modules
|
||||
- drivers/usb/misc/trancevibrator.*: modules-extra
|
||||
- drivers/usb/misc/.*: modules
|
||||
- drivers/usb/serial/.*: modules
|
||||
- drivers/usb/typec/mux/nb7vpq904m.*: modules
|
||||
- drivers/usb/usbip/.*: modules-extra
|
||||
- drivers/usb/.*: modules-core
|
||||
|
||||
- drivers/vdpa/mlx5/mlx5_vdpa.*: modules
|
||||
- drivers/vdpa/pds/pds_vdpa.*: modules
|
||||
- drivers/vdpa/.*: modules-core
|
||||
- drivers/vfio/pci/mlx5/mlx5-vfio-pci.*: modules
|
||||
- drivers/vfio/pci/pds/pds-vfio-pc.*: modules
|
||||
- drivers/vfio/.*: modules-core
|
||||
- drivers/vhost/.*: modules-core
|
||||
- drivers/video/backlight/apple_bl.*: modules
|
||||
- drivers/video/.*: modules-core
|
||||
- drivers/virt/.*: modules-core
|
||||
- drivers/virtio/.*: modules-core
|
||||
|
||||
- drivers/watchdog/.*: modules-core
|
||||
|
||||
- drivers/xen/.*: modules-core
|
||||
|
||||
- drivers/w1/masters/ds2482.*: modules-extra
|
||||
- drivers/w1/masters/ds2490.*: modules-extra
|
||||
- drivers/w1/slaves/w1_ds2408.*: modules-extra
|
||||
- drivers/w1/slaves/w1_ds2423.*: modules-extra
|
||||
- drivers/w1/slaves/w1_ds2431.*: modules-extra
|
||||
- drivers/w1/slaves/w1_ds2433.*: modules-extra
|
||||
- drivers/w1/slaves/w1_ds2780.*: modules-extra
|
||||
- drivers/w1/slaves/w1_ds2781.*: modules-extra
|
||||
- drivers/w1/slaves/w1_ds28e04.*: modules-extra
|
||||
- drivers/w1/slaves/w1_smem.*: modules-extra
|
||||
- drivers/w1/slaves/w1_therm.*: modules-extra
|
||||
|
||||
- fs/.*test.*: modules-internal
|
||||
- fs/9p/.*: modules-core
|
||||
- fs/afs/.*: modules-partner
|
||||
- fs/affs/affs.*: modules-extra
|
||||
- fs/bcachefs/.*: modules-core
|
||||
- fs/befs/befs.*: modules-extra
|
||||
- fs/binfmt_misc.ko: modules-core
|
||||
- fs/cachefiles/.*: modules-core
|
||||
- fs/ceph/.*: modules-core
|
||||
- fs/coda/coda.*: modules-extra
|
||||
- fs/dlm/.*: modules-core
|
||||
- fs/erofs/.*: modules-core
|
||||
- fs/exfat/.*: modules-core
|
||||
- fs/ext4/.*: modules-core
|
||||
- fs/f2fs/.*: modules-core
|
||||
- fs/fat/.*: modules-core
|
||||
- fs/fuse/cuse.*: modules-extra
|
||||
- fs/fuse/.*: modules-core
|
||||
- fs/gfs2/.*: modules-core
|
||||
- fs/isofs/.*: modules-core
|
||||
- fs/jbd2/.*: modules-core
|
||||
- fs/lockd/.*: modules-core
|
||||
- fs/mbcache.ko: modules-core
|
||||
- fs/netfs/.*: modules-core
|
||||
- fs/nfs.*: modules-core
|
||||
- fs/nilfs2/nilfs2.*: modules-extra
|
||||
- fs/nls/.*: modules-core
|
||||
- fs/ntfs3/.*: modules-core
|
||||
- fs/ocfs2/.*: modules-extra
|
||||
- fs/orangefs/.*: modules-core
|
||||
- fs/overlayfs/.*: modules-core
|
||||
- fs/pstore/.*: modules-core
|
||||
- fs/sysv/.*: modules-extra
|
||||
- fs/ubifs/.*: modules-extra
|
||||
- fs/udf/.*: modules-core
|
||||
- fs/ufs/.*: modules-extra
|
||||
- fs/vboxsf/.*: modules-core
|
||||
- fs/xfs/.*: modules-core
|
||||
- fs/zonefs/.*: modules-core
|
||||
|
||||
- kernel/.*test.*: modules-internal
|
||||
- kernel/locking/locktorture.*: modules-internal
|
||||
- kernel/rcu/rcuscale.*: modules-internal
|
||||
- kernel/rcu/rcutorture.*: modules-internal
|
||||
- kernel/rcu/refscale.*: modules-internal
|
||||
- kernel/resource_kunit.*: modules-internal
|
||||
- kernel/scftorture.*: modules-internal
|
||||
- kernel/torture.*: modules-internal
|
||||
- kernel/.*: modules-core
|
||||
|
||||
- lib/test_lockup.*: modules-extra
|
||||
- lib/.*(test|kunit).*: modules-internal
|
||||
- lib/.*: modules-core
|
||||
|
||||
- mm/kasan/kasan_test: modules-internal
|
||||
- mm/kfence/.*test.*: modules-internal
|
||||
- mm/zsmalloc.ko: modules-core
|
||||
|
||||
- net/.*test.*: modules-internal
|
||||
- net/802/.*: modules-core
|
||||
- net/8021q/.*: modules-core
|
||||
- net/9p/9pnet_rdma.ko: modules
|
||||
- net/9p/.*: modules-core
|
||||
- net/appletalk/appletalk.*: modules-extra
|
||||
- net/atm/br2684.*: modules-extra
|
||||
- net/atm/clip.*: modules-extra
|
||||
- net/atm/lec.*: modules-extra
|
||||
- net/atm/pppoatm.*: modules-extra
|
||||
- net/ax25/ax25.*: modules-extra
|
||||
- net/batman-adv/batman-adv.*: modules-extra
|
||||
- net/bridge/br_netfilter.*: modules-extra
|
||||
- net/bridge/netfilter/ebt.*: modules-extra
|
||||
- net/bridge/.*: modules-core
|
||||
- net/ceph/.*: modules-core
|
||||
- net/core/pktgen.*: modules-internal
|
||||
- net/core/.*: modules-core
|
||||
- net/dns_resolver/.*: modules-core
|
||||
- net/hsr/.*: modules-core
|
||||
- net/ife/.*: modules-core
|
||||
- net/ipv4/netfilter/arp.*: modules-extra
|
||||
- net/ipv4/netfilter/ip[_t].*: modules-extra
|
||||
- net/ipv4/tcp_bic.*: modules-extra
|
||||
- net/ipv4/tcp_highspeed.*: modules-extra
|
||||
- net/ipv4/tcp_htcp.*: modules-extra
|
||||
- net/ipv4/tcp_hybla.*: modules-extra
|
||||
- net/ipv4/tcp_illinois.*: modules-extra
|
||||
- net/ipv4/tcp_lp.*: modules-extra
|
||||
- net/ipv4/tcp_scalable.*: modules-extra
|
||||
- net/ipv4/tcp_vegas.*: modules-extra
|
||||
- net/ipv4/tcp_veno.*: modules-extra
|
||||
- net/ipv4/tcp_westwood.*: modules-extra
|
||||
- net/ipv4/tcp_yeah.*: modules-extra
|
||||
- net/ipv4/.*: modules-core
|
||||
- net/ipv6/netfilter/ebt.*: modules-extra
|
||||
- net/ipv6/netfilter/ip6[_t].*: modules-extra
|
||||
- net/ipv6/.*: modules-core
|
||||
- net/iucv/.*: modules-core
|
||||
- net/kcm/.*: modules-core
|
||||
- net/key/.*: modules-core
|
||||
- net/l2tp/.*: modules-extra
|
||||
- net/llc/.*: modules-core
|
||||
- net/netfilter/ipset/.*: modules-extra
|
||||
- net/netfilter/nft_compat.*: modules-extra
|
||||
- net/netfilter/xt_.*: modules-extra
|
||||
- net/netfilter/.*: modules-core
|
||||
- net/netrom/netrom.*: modules-extra
|
||||
- net/nsh/.*: modules-core
|
||||
- net/openvswitch/.*: modules-core
|
||||
- net/psample/.*: modules-core
|
||||
- net/qrtr/.*: modules-core
|
||||
- net/rds/rds.*: modules-extra
|
||||
- net/rose/rose.*: modules-extra
|
||||
- net/rxrpc/.*: modules-partner
|
||||
- net/sched/sch_choke.*: modules-extra
|
||||
- net/sched/sch_drr.*: modules-extra
|
||||
- net/sched/sch_gred.*: modules-extra
|
||||
- net/sched/sch_mqprio.ko: modules-extra
|
||||
- net/sched/sch_multiq.*: modules-extra
|
||||
- net/sched/sch_netem.*: modules-extra
|
||||
- net/sched/sch_qfq.*: modules-extra
|
||||
- net/sched/sch_red.*: modules-extra
|
||||
- net/sched/sch_sfb.*: modules-extra
|
||||
- net/sched/sch_teql.*: modules-extra
|
||||
- net/sched/.*: modules-core
|
||||
- net/sctp/.*: modules-extra
|
||||
- net/sunrpc/xprtrdma/rpcrdma.*: modules
|
||||
- net/sunrpc/.*: modules-core
|
||||
- net/tipc/.*: modules-extra
|
||||
- net/tls/.*: modules-core
|
||||
- net/vmw_vsock/.*: modules-core
|
||||
- net/xdp/.*: modules-core
|
||||
- net/xfrm/.*: modules-core
|
||||
|
||||
- samples/.*: modules-internal
|
||||
- sound/pci/.*test.*: modules-internal
|
||||
- sound/soc/.*test.*: modules-internal
|
||||
|
||||
- virt/.*: modules-core
|
||||
|
||||
- default: modules
|
@ -0,0 +1,48 @@
|
||||
# generic + compressed please
|
||||
hostonly="no"
|
||||
compress="xz"
|
||||
|
||||
# VMs can't update microcode anyway
|
||||
early_microcode="no"
|
||||
|
||||
# modules: basics
|
||||
dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus dbus-broker usrmount shutdown "
|
||||
|
||||
# modules: storage support
|
||||
dracutmodules+=" dm lvm rootfs-block fs-lib "
|
||||
|
||||
# modules: tpm and crypto
|
||||
dracutmodules+=" crypt crypt-loop tpm2-tss systemd-pcrphase "
|
||||
|
||||
# dracut >= 102 separated systemd-cryptsetup into its own module
|
||||
CSMODULE=`dracut --list-modules --no-kernel | grep '^systemd-cryptsetup$'`
|
||||
dracutmodules+=" $CSMODULE "
|
||||
|
||||
# modules: support root on virtiofs
|
||||
dracutmodules+=" virtiofs "
|
||||
|
||||
# modules: use sysext images (see 'man systemd-sysext')
|
||||
dracutmodules+=" systemd-sysext "
|
||||
|
||||
# modules: root disk integrity protection
|
||||
dracutmodules+=" systemd-veritysetup "
|
||||
|
||||
# drivers: virtual buses, pci
|
||||
drivers+=" virtio-pci virtio-mmio " # qemu-kvm
|
||||
drivers+=" hv-vmbus pci-hyperv " # hyperv
|
||||
drivers+=" xen-pcifront " # xen
|
||||
|
||||
# drivers: storage
|
||||
drivers+=" ahci nvme sd_mod sr_mod " # generic
|
||||
drivers+=" virtio-blk virtio-scsi " # qemu-kvm
|
||||
drivers+=" hv-storvsc " # hyperv
|
||||
drivers+=" xen-blkfront " # xen
|
||||
|
||||
# root encryption
|
||||
drivers+=" dm_crypt "
|
||||
|
||||
# root disk integrity protection
|
||||
drivers+=" dm_verity overlay "
|
||||
|
||||
# filesystems
|
||||
filesystems+=" vfat ext4 xfs overlay "
|
File diff suppressed because it is too large
Load Diff
@ -0,0 +1 @@
|
||||
rhel
|
@ -0,0 +1,14 @@
|
||||
--- !Policy
|
||||
product_versions:
|
||||
- rhel-10
|
||||
decision_context: osci_compose_gate
|
||||
rules:
|
||||
- !PassingTestCaseRule {test_case_name: cki.tier1-aarch64.functional}
|
||||
- !PassingTestCaseRule {test_case_name: cki.tier1-ppc64le.functional}
|
||||
- !PassingTestCaseRule {test_case_name: cki.tier1-s390x.functional}
|
||||
- !PassingTestCaseRule {test_case_name: cki.tier1-x86_64.functional}
|
||||
- !PassingTestCaseRule {test_case_name: s1-aws-ci_x86_64.brew-build.tier1.functional}
|
||||
- !PassingTestCaseRule {test_case_name: s1-aws-ci_aarch64.brew-build.tier1.functional}
|
||||
- !PassingTestCaseRule {test_case_name: s1-azure-ci_x86_64.brew-build.tier1.functional}
|
||||
- !PassingTestCaseRule {test_case_name: s1-azure-ci_aarch64.brew-build.tier1.functional}
|
||||
- !PassingTestCaseRule {test_case_name: s1-gcp-ci.brew-build.tier1.functional}
|
@ -0,0 +1,38 @@
|
||||
#!/bin/sh
|
||||
|
||||
# Adjusts the configuration options to build the variants correctly
|
||||
|
||||
test -n "$RHTEST" && exit 0
|
||||
|
||||
DEBUGBUILDSENABLED=$1
|
||||
if [ -z "$DEBUGBUILDSENABLED" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$FLAVOR" ]; then
|
||||
FLAVOR=rhel
|
||||
fi
|
||||
|
||||
if [ "$FLAVOR" = "fedora" ]; then
|
||||
SECONDARY=rhel
|
||||
else
|
||||
SECONDARY=fedora
|
||||
fi
|
||||
|
||||
# The +1 is to remove the - at the end of the SPECPACKAGE_NAME string
|
||||
specpackage_name_len=$((${#SPECPACKAGE_NAME} + 1))
|
||||
for i in "${SPECPACKAGE_NAME}"*-"$FLAVOR".config; do
|
||||
# shellcheck disable=SC3057
|
||||
NEW=${SPECPACKAGE_NAME}-"$SPECRPMVERSION"-$(echo "${i:$specpackage_name_len}" | sed s/-"$FLAVOR"//)
|
||||
mv "$i" "$NEW"
|
||||
done
|
||||
|
||||
rm -f kernel-*-"$SECONDARY".config
|
||||
|
||||
if [ "$DEBUGBUILDSENABLED" -eq 0 ]; then
|
||||
for i in "${SPECPACKAGE_NAME}"-*debug*.config; do
|
||||
base=$(echo "$i" | sed -r s/-?debug//g)
|
||||
NEW=${SPECPACKAGE_NAME}-$(echo "$base" | cut -d - -f2-)
|
||||
mv "$i" "$NEW"
|
||||
done
|
||||
fi
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,2 @@
|
||||
# This file is intentionally left empty in the stock kernel. Its a nicety
|
||||
# added for those wanting to do custom rebuilds with altered config opts.
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -0,0 +1,11 @@
|
||||
/var/log/kvm_stat.csv {
|
||||
size 10M
|
||||
missingok
|
||||
compress
|
||||
maxage 30
|
||||
rotate 5
|
||||
nodateext
|
||||
postrotate
|
||||
/usr/bin/systemctl try-restart kvm_stat.service
|
||||
endscript
|
||||
}
|
@ -0,0 +1,88 @@
|
||||
#!/usr/bin/python3
|
||||
# SPDX-License-Identifier: GPL-2.0
|
||||
# Author: Clark Williams <williams@redhat.com>
|
||||
# Copyright (C) 2022 Red Hat, Inc.
|
||||
#
|
||||
# merge.py - a direct replacement for merge.pl in the redhat/configs directory
|
||||
#
|
||||
# invocation: python merge.py overrides baseconfig [arch]
|
||||
#
|
||||
# This script merges two kernel configuration files, an override file and a
|
||||
# base config file and writes the results to stdout.
|
||||
#
|
||||
# The script reads the overrides into a dictionary, then reads the baseconfig
|
||||
# file, looking for overrides and replacing any found, then printing the result
|
||||
# to stdout. Finally any remaining (new) configs in the override are appended to the
|
||||
# end of the output
|
||||
|
||||
import sys
|
||||
import re
|
||||
import os.path
|
||||
|
||||
def usage(msg):
|
||||
'''print a usage message and exit'''
|
||||
sys.stderr.write(msg + "\n")
|
||||
sys.stderr.write("usage: merge.py overrides baseconfig [arch]\n")
|
||||
sys.exit(1)
|
||||
|
||||
isset = re.compile(r'^(CONFIG_\w+)=')
|
||||
notset = re.compile(r'^#\s+(CONFIG_\w+)\s+is not set')
|
||||
|
||||
# search an input line for a config (set or notset) pattern
|
||||
# if we get a match return the config that is being changed
|
||||
def find_config(line):
|
||||
'''find a configuration line in the input and return the config name'''
|
||||
m = isset.match(line)
|
||||
if (m is not None):
|
||||
return m.group(1)
|
||||
|
||||
m = notset.match(line)
|
||||
if (m is not None):
|
||||
return m.group(1)
|
||||
|
||||
return None
|
||||
|
||||
#########################################################
|
||||
|
||||
if len(sys.argv) < 3:
|
||||
usage("must have two input files")
|
||||
|
||||
override_file = sys.argv[1]
|
||||
baseconfig_file = sys.argv[2]
|
||||
|
||||
if not os.path.exists(override_file):
|
||||
usage(f"overrides config file {override_file:s} does not exist!")
|
||||
|
||||
if not os.path.exists(baseconfig_file):
|
||||
usage(f"base configs file {baseconfig_file:s} does not exist")
|
||||
|
||||
if len(sys.argv) == 4:
|
||||
print(f"# {sys.argv[3]:s}")
|
||||
|
||||
# read each line of the override file and store any configuration values
|
||||
# in the overrides dictionary, keyed by the configuration name.
|
||||
overrides = {}
|
||||
with open(override_file, "rt", encoding="utf-8") as f:
|
||||
for line in [l.strip() for l in f.readlines()]:
|
||||
c = find_config(line)
|
||||
if c and c not in overrides:
|
||||
overrides[c] = line
|
||||
|
||||
# now read and print the base config, checking each line
|
||||
# that defines a config value and printing the override if
|
||||
# it exists
|
||||
with open(baseconfig_file, "rt", encoding="utf-8") as f:
|
||||
for line in [ l.strip() for l in f.readlines() ]:
|
||||
c = find_config(line)
|
||||
if c and c in overrides:
|
||||
print(overrides[c])
|
||||
del overrides[c]
|
||||
else:
|
||||
print(line)
|
||||
|
||||
# print out the remaining configs (new values)
|
||||
# from the overrides file
|
||||
for v in overrides.values():
|
||||
print (v)
|
||||
|
||||
sys.exit(0)
|
@ -0,0 +1,67 @@
|
||||
#! /bin/bash
|
||||
# shellcheck disable=SC2164
|
||||
|
||||
rpm_buildroot="$1"
|
||||
module_dir="$2"
|
||||
module_list="$3"
|
||||
|
||||
blacklist_conf_files="$(mktemp)"
|
||||
|
||||
blacklist()
|
||||
{
|
||||
mkdir -p "$rpm_buildroot/etc/modprobe.d/"
|
||||
cat > "$rpm_buildroot/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__
|
||||
# This kernel module can be automatically loaded by non-root users. To
|
||||
# enhance system security, the module is blacklisted by default to ensure
|
||||
# system administrators make the module available for use as needed.
|
||||
# See https://access.redhat.com/articles/3760101 for more details.
|
||||
#
|
||||
# Remove the blacklist by adding a comment # at the start of the line.
|
||||
blacklist $1
|
||||
__EOF__
|
||||
echo "%config(noreplace) /etc/modprobe.d/$1-blacklist.conf" >> "$blacklist_conf_files"
|
||||
}
|
||||
|
||||
check_blacklist()
|
||||
{
|
||||
mod="$rpm_buildroot/$1"
|
||||
[ ! "$mod" ] && return 0
|
||||
if modinfo "$mod" | grep -q '^alias:\s\+net-'; then
|
||||
mod="${1##*/}"
|
||||
mod="${mod%.ko*}"
|
||||
echo "$mod has an alias that allows auto-loading. Blacklisting."
|
||||
blacklist "$mod"
|
||||
fi
|
||||
}
|
||||
|
||||
foreachp()
|
||||
{
|
||||
P=$(nproc)
|
||||
bgcount=0
|
||||
while read -r mod; do
|
||||
$1 "$mod" &
|
||||
|
||||
bgcount=$((bgcount + 1))
|
||||
if [ $bgcount -eq "$P" ]; then
|
||||
wait -n
|
||||
bgcount=$((bgcount - 1))
|
||||
fi
|
||||
done
|
||||
|
||||
wait
|
||||
}
|
||||
|
||||
# Many BIOS-es export a PNP-id which causes the floppy driver to autoload
|
||||
# even though most modern systems don't have a 3.5" floppy driver anymore
|
||||
# this replaces the old die_floppy_die.patch which removed the PNP-id from
|
||||
# the module
|
||||
|
||||
floppylist=("$rpm_buildroot"/"$module_dir"/kernel/drivers/block/floppy.ko*)
|
||||
if [[ -n ${floppylist[0]} && -f ${floppylist[0]} ]]; then
|
||||
blacklist "floppy"
|
||||
fi
|
||||
|
||||
foreachp check_blacklist < "$module_list"
|
||||
|
||||
cat "$blacklist_conf_files" >> "$module_list"
|
||||
rm -f "$blacklist_conf_files"
|
@ -0,0 +1,37 @@
|
||||
#! /bin/bash
|
||||
|
||||
# The modules_sign target checks for corresponding .o files for every .ko that
|
||||
# is signed. This doesn't work for package builds which re-use the same build
|
||||
# directory for every variant, and the .config may change between variants.
|
||||
# So instead of using this script to just sign lib/modules/$KernelVer/extra,
|
||||
# sign all .ko in the buildroot.
|
||||
|
||||
# This essentially duplicates the 'modules_sign' Kbuild target and runs the
|
||||
# same commands for those modules.
|
||||
|
||||
MODSECKEY=$1
|
||||
MODPUBKEY=$2
|
||||
moddir=$3
|
||||
|
||||
modules=$(find "$moddir" -type f -name '*.ko')
|
||||
|
||||
NPROC=$(nproc)
|
||||
[ -z "$NPROC" ] && NPROC=1
|
||||
|
||||
# NB: this loop runs 2000+ iterations. Try to be fast.
|
||||
echo "$modules" | xargs -r -n16 -P "$NPROC" sh -c "
|
||||
for mod; do
|
||||
./scripts/sign-file sha256 $MODSECKEY $MODPUBKEY \$mod
|
||||
rm -f \$mod.sig \$mod.dig
|
||||
done
|
||||
" DUMMYARG0 # xargs appends ARG1 ARG2..., which go into $mod in for loop.
|
||||
|
||||
RANDOMMOD=$(echo "$modules" | sort -R | head -n 1)
|
||||
if [ "~Module signature appended~" != "$(tail -c 28 "$RANDOMMOD")" ]; then
|
||||
echo "*****************************"
|
||||
echo "*** Modules are unsigned! ***"
|
||||
echo "*****************************"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
exit 0
|
@ -0,0 +1,4 @@
|
||||
# clang
|
||||
# CONFIG_DRM_WERROR is not set
|
||||
CONFIG_KASAN_STACK=y
|
||||
# CONFIG_KMSAN is not set
|
@ -0,0 +1,4 @@
|
||||
# clang
|
||||
# CONFIG_DRM_WERROR is not set
|
||||
# CONFIG_KASAN_STACK is not set
|
||||
# CONFIG_KMSAN is not set
|
@ -0,0 +1,4 @@
|
||||
# clang_lto
|
||||
# CONFIG_DRM_WERROR is not set
|
||||
CONFIG_KASAN_STACK=y
|
||||
# CONFIG_KMSAN is not set
|
@ -0,0 +1,6 @@
|
||||
# clang_lto
|
||||
# CONFIG_DRM_WERROR is not set
|
||||
# CONFIG_KASAN_STACK is not set
|
||||
# CONFIG_KMSAN is not set
|
||||
CONFIG_LTO_CLANG_THIN=y
|
||||
# CONFIG_LTO_NONE is not set
|
@ -0,0 +1,4 @@
|
||||
# clang_lto
|
||||
# CONFIG_DRM_WERROR is not set
|
||||
CONFIG_KASAN_STACK=y
|
||||
# CONFIG_KMSAN is not set
|
@ -0,0 +1,6 @@
|
||||
# clang_lto
|
||||
# CONFIG_DRM_WERROR is not set
|
||||
# CONFIG_KASAN_STACK is not set
|
||||
# CONFIG_KMSAN is not set
|
||||
CONFIG_LTO_CLANG_THIN=y
|
||||
# CONFIG_LTO_NONE is not set
|
@ -0,0 +1,4 @@
|
||||
# kgcov
|
||||
CONFIG_GCOV_KERNEL=y
|
||||
CONFIG_GCOV_PROFILE_ALL=y
|
||||
# CONFIG_GCOV_PROFILE_FTRACE is not set
|
@ -0,0 +1,4 @@
|
||||
# kgcov
|
||||
CONFIG_GCOV_KERNEL=y
|
||||
CONFIG_GCOV_PROFILE_ALL=y
|
||||
# CONFIG_GCOV_PROFILE_FTRACE is not set
|
@ -0,0 +1,424 @@
|
||||
#!/bin/bash
|
||||
#
|
||||
# This script takes the merged config files and processes them through oldconfig
|
||||
# and listnewconfig
|
||||
#
|
||||
# Globally disable suggestion of appending '|| exit' or '|| return' to cd/pushd/popd commands
|
||||
# shellcheck disable=SC2164
|
||||
|
||||
test -n "$RHTEST" && exit 0
|
||||
|
||||
usage()
|
||||
{
|
||||
# alphabetical order please
|
||||
echo "process_configs.sh [ options ] package_name kernel_version"
|
||||
echo " -a: report all errors, equivalent to [-c -n -w -i]"
|
||||
echo " -c: error on mismatched config options"
|
||||
echo " -i: continue on error"
|
||||
echo " -n: error on unset config options"
|
||||
echo " -t: test run, do not overwrite original config"
|
||||
echo " -w: error on misconfigured config options"
|
||||
echo " -z: commit new configs to pending directory"
|
||||
echo ""
|
||||
echo " A special CONFIG file tag, process_configs_known_broken can be added as a"
|
||||
echo " comment to any CONFIG file. This tag indicates that there is no way to "
|
||||
echo " fix a CONFIG's entry. This tag should only be used in extreme cases"
|
||||
echo " and is not to be used as a workaround to solve CONFIG problems."
|
||||
exit 1
|
||||
}
|
||||
|
||||
die()
|
||||
{
|
||||
echo "$1"
|
||||
exit 1
|
||||
}
|
||||
|
||||
get_cross_compile()
|
||||
{
|
||||
arch=$1
|
||||
if [[ "$CC_IS_CLANG" -eq 1 ]]; then
|
||||
echo "$arch"
|
||||
else
|
||||
echo "scripts/dummy-tools/"
|
||||
fi
|
||||
}
|
||||
|
||||
# stupid function to find top of tree to do kernel make configs
|
||||
switch_to_toplevel()
|
||||
{
|
||||
path="$(pwd)"
|
||||
while test -n "$path"
|
||||
do
|
||||
test -e "$path"/MAINTAINERS && \
|
||||
test -d "$path"/drivers && \
|
||||
break
|
||||
|
||||
path=$(dirname "$path")
|
||||
done
|
||||
|
||||
test -n "$path" || die "Can't find toplevel"
|
||||
echo "$path"
|
||||
}
|
||||
|
||||
checkoptions()
|
||||
{
|
||||
count=$3
|
||||
variant=$4
|
||||
|
||||
/usr/bin/awk '
|
||||
|
||||
/is not set/ {
|
||||
split ($0, a, "#");
|
||||
split(a[2], b);
|
||||
if (NR==FNR) {
|
||||
configs[b[1]]="is not set";
|
||||
} else {
|
||||
if (configs[b[1]] != "" && configs[b[1]] != "is not set")
|
||||
print "Found # "b[1] " is not set, after generation, had " b[1] " " configs[b[1]] " in Source tree";
|
||||
}
|
||||
}
|
||||
|
||||
/=/ {
|
||||
split ($0, a, "=");
|
||||
if (NR==FNR) {
|
||||
configs[a[1]]=a[2];
|
||||
} else {
|
||||
if (configs[a[1]] != "" && configs[a[1]] != a[2])
|
||||
print "Found "a[1]"="a[2]" after generation, had " a[1]"="configs[a[1]]" in Source tree";
|
||||
}
|
||||
}
|
||||
' "$1" "$2" > .mismatches"${count}"
|
||||
|
||||
checkoptions_error=false
|
||||
if test -s .mismatches"${count}"
|
||||
then
|
||||
while read -r LINE
|
||||
do
|
||||
if find "${REDHAT}"/configs -name "$(echo "$LINE" | awk -F "=" ' { print $1 } ' | awk ' { print $2 }')" -print0 | xargs -0 grep ^ | grep -q "process_configs_known_broken"; then
|
||||
# This is a known broken config.
|
||||
# See script help warning.
|
||||
checkoptions_error=false
|
||||
else
|
||||
checkoptions_error=true
|
||||
break
|
||||
fi
|
||||
done < .mismatches"${count}"
|
||||
|
||||
! $checkoptions_error && return
|
||||
|
||||
sed -i "1s/^/Error: Mismatches found in configuration files for ${arch} ${variant}\n/" .mismatches"${count}"
|
||||
else
|
||||
rm -f .mismatches"${count}"
|
||||
fi
|
||||
}
|
||||
|
||||
parsenewconfigs()
|
||||
{
|
||||
tmpdir=$(mktemp -d)
|
||||
|
||||
# This awk script reads the output of make listnewconfig
|
||||
# and puts it into CONFIG_FOO files. Using the output of
|
||||
# listnewconfig is much easier to ensure we get the default
|
||||
# output.
|
||||
/usr/bin/awk -v BASE="$tmpdir" '
|
||||
/is not set/ {
|
||||
split ($0, a, "#");
|
||||
split(a[2], b);
|
||||
OUT_FILE=BASE"/"b[1];
|
||||
print $0 >> OUT_FILE;
|
||||
}
|
||||
|
||||
/=/ {
|
||||
split ($0, a, "=");
|
||||
OUT_FILE=BASE"/"a[1];
|
||||
if (a[2] == "n")
|
||||
print "# " a[1] " is not set" >> OUT_FILE;
|
||||
else
|
||||
print $0 >> OUT_FILE;
|
||||
}
|
||||
|
||||
' .newoptions
|
||||
|
||||
# This awk script parses the output of helpnewconfig.
|
||||
# Each option is separated between ----- markers
|
||||
# The goal is to put all the help text as a comment in
|
||||
# each CONFIG_FOO file. Because of how awk works
|
||||
# there's a lot of moving files around and catting to
|
||||
# get what we need.
|
||||
/usr/bin/awk -v BASE="$tmpdir" '
|
||||
BEGIN { inpatch=0;
|
||||
outfile="none";
|
||||
symbol="none";
|
||||
commit=""; }
|
||||
/^Symbol: .*$/ {
|
||||
split($0, a, " ");
|
||||
symbol="CONFIG_"a[2];
|
||||
outfile=BASE "/fake_"symbol
|
||||
}
|
||||
/-----/ {
|
||||
if (inpatch == 0) {
|
||||
inpatch = 1;
|
||||
}
|
||||
else {
|
||||
if (symbol != "none") {
|
||||
print "# Commit: "commit >> outfile
|
||||
system("cat " outfile " " BASE "/" symbol " > " BASE "/tmpf");
|
||||
system("mv " BASE "/tmpf " BASE "/" symbol);
|
||||
symbol="none"
|
||||
commit=""
|
||||
}
|
||||
outfile="none"
|
||||
inpatch = 0;
|
||||
}
|
||||
}
|
||||
!/-----/ {
|
||||
if (inpatch == 1 && outfile != "none") {
|
||||
print "# "$0 >> outfile;
|
||||
}
|
||||
}
|
||||
/^Defined at .*$/ {
|
||||
split($0, x, " ");
|
||||
filenum=x[3];
|
||||
split(filenum, x, ":");
|
||||
file=x[1]
|
||||
line=x[2]
|
||||
cmd="git blame -L " line "," line " " file " | cut -d \" \" -f1 | xargs git log --pretty=format:\"%C(auto)%h %C(cyan)('%s')\" -1"
|
||||
cmd | getline commit
|
||||
}
|
||||
|
||||
|
||||
' .helpnewconfig
|
||||
|
||||
pushd "$tmpdir" &> /dev/null
|
||||
rm fake_*
|
||||
popd &> /dev/null
|
||||
for f in "$tmpdir"/*; do
|
||||
[[ -e "$f" ]] || break
|
||||
cp "$f" "$SCRIPT_DIR/pending$FLAVOR/generic/"
|
||||
done
|
||||
|
||||
rm -rf "$tmpdir"
|
||||
}
|
||||
|
||||
function commit_new_configs()
|
||||
{
|
||||
# assume we are in $source_tree/configs, need to get to top level
|
||||
pushd "$(switch_to_toplevel)" &>/dev/null
|
||||
|
||||
for cfg in "$SCRIPT_DIR/${SPECPACKAGE_NAME}${KVERREL}"*.config
|
||||
do
|
||||
arch=$(head -1 "$cfg" | cut -b 3-)
|
||||
cfgtmp="${cfg}.tmp"
|
||||
cfgorig="${cfg}.orig"
|
||||
cat "$cfg" > "$cfgorig"
|
||||
|
||||
if [ "$arch" = "EMPTY" ]
|
||||
then
|
||||
# This arch is intentionally left blank
|
||||
continue
|
||||
fi
|
||||
echo -n "Checking for new configs in $cfg ... "
|
||||
|
||||
# shellcheck disable=SC2086
|
||||
make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE="$(get_cross_compile "$arch")" KCONFIG_CONFIG="$cfgorig" listnewconfig >& .listnewconfig
|
||||
grep -E 'CONFIG_' .listnewconfig > .newoptions
|
||||
if test -s .newoptions
|
||||
then
|
||||
# shellcheck disable=SC2086
|
||||
make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE="$(get_cross_compile "$arch")" KCONFIG_CONFIG="$cfgorig" helpnewconfig >& .helpnewconfig
|
||||
parsenewconfigs
|
||||
fi
|
||||
rm .newoptions
|
||||
echo "done"
|
||||
done
|
||||
|
||||
git add "$SCRIPT_DIR/pending$FLAVOR"
|
||||
git commit -m "[redhat] AUTOMATIC: New configs"
|
||||
}
|
||||
|
||||
function process_config()
|
||||
{
|
||||
local cfg
|
||||
local arch
|
||||
local cfgtmp
|
||||
local cfgorig
|
||||
local count
|
||||
local variant
|
||||
|
||||
cfg=$1
|
||||
count=$2
|
||||
|
||||
arch=$(head -1 "$cfg" | cut -b 3-)
|
||||
|
||||
if [ "$arch" = "EMPTY" ]
|
||||
then
|
||||
# This arch is intentionally left blank
|
||||
return
|
||||
fi
|
||||
|
||||
variant=$(basename "$cfg" | cut -d"-" -f3- | cut -d"." -f1)
|
||||
|
||||
cfgtmp="${cfg}.tmp"
|
||||
cfgorig="${cfg}.orig"
|
||||
cat "$cfg" > "$cfgorig"
|
||||
|
||||
echo "Processing $cfg ... "
|
||||
|
||||
# shellcheck disable=SC2086
|
||||
make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE="$(get_cross_compile "$arch")" KCONFIG_CONFIG="$cfgorig" listnewconfig >& .listnewconfig"${count}"
|
||||
grep -E 'CONFIG_' .listnewconfig"${count}" > .newoptions"${count}"
|
||||
if test -n "$NEWOPTIONS" && test -s .newoptions"${count}"
|
||||
then
|
||||
echo "Found unset config items in ${arch} ${variant}, please set them to an appropriate value" >> .errors"${count}"
|
||||
cat .newoptions"${count}" >> .errors"${count}"
|
||||
rm .newoptions"${count}"
|
||||
RETURNCODE=1
|
||||
fi
|
||||
rm -f .newoptions"${count}"
|
||||
|
||||
grep -E 'config.*warning' .listnewconfig"${count}" > .warnings"${count}"
|
||||
if test -n "$CHECKWARNINGS" && test -s .warnings"${count}"
|
||||
then
|
||||
echo "Found misconfigured config items in ${arch} ${variant}, please set them to an appropriate value" >> .errors"${count}"
|
||||
cat .warnings"${count}" >> .errors"${count}"
|
||||
fi
|
||||
rm .warnings"${count}"
|
||||
|
||||
rm .listnewconfig"${count}"
|
||||
|
||||
# shellcheck disable=SC2086
|
||||
make ${MAKEOPTS} ARCH="$arch" CROSS_COMPILE="$(get_cross_compile "$arch")" KCONFIG_CONFIG="$cfgorig" olddefconfig > /dev/null || exit 1
|
||||
echo "# $arch" > "$cfgtmp"
|
||||
cat "$cfgorig" >> "$cfgtmp"
|
||||
if test -n "$CHECKOPTIONS"
|
||||
then
|
||||
checkoptions "$cfg" "$cfgtmp" "$count" "$variant"
|
||||
fi
|
||||
# if test run, don't overwrite original
|
||||
if test -n "$TESTRUN"
|
||||
then
|
||||
rm -f "$cfgtmp"
|
||||
else
|
||||
mv "$cfgtmp" "$cfg"
|
||||
fi
|
||||
rm -f "$cfgorig"
|
||||
echo "Processing $cfg complete"
|
||||
}
|
||||
|
||||
function process_configs()
|
||||
{
|
||||
# assume we are in $source_tree/configs, need to get to top level
|
||||
pushd "$(switch_to_toplevel)" &>/dev/null
|
||||
|
||||
# The next line is throwaway code for transition to parallel
|
||||
# processing. Leaving this line in place is harmless, but it can be
|
||||
# removed the next time anyone updates this function.
|
||||
[ -f .mismatches ] && rm -f .mismatches
|
||||
|
||||
count=0
|
||||
for cfg in "$SCRIPT_DIR/${SPECPACKAGE_NAME}${KVERREL}"*.config
|
||||
do
|
||||
if [ "$count" -eq 0 ]; then
|
||||
# do the first one by itself so that tools are built
|
||||
process_config "$cfg" "$count"
|
||||
fi
|
||||
process_config "$cfg" "$count" &
|
||||
# shellcheck disable=SC2004
|
||||
waitpids[${count}]=$!
|
||||
((count++))
|
||||
while [ "$(jobs | grep -c Running)" -ge "$RHJOBS" ]; do :; done
|
||||
done
|
||||
# shellcheck disable=SC2048
|
||||
for pid in ${waitpids[*]}; do
|
||||
wait "${pid}"
|
||||
done
|
||||
|
||||
rm "$SCRIPT_DIR"/*.config*.old
|
||||
|
||||
if ls .errors* 1> /dev/null 2>&1; then
|
||||
RETURNCODE=1
|
||||
cat .errors*
|
||||
rm .errors* -f
|
||||
fi
|
||||
if ls .mismatches* 1> /dev/null 2>&1; then
|
||||
RETURNCODE=1
|
||||
cat .mismatches*
|
||||
rm .mismatches* -f
|
||||
fi
|
||||
|
||||
popd > /dev/null
|
||||
|
||||
[ $RETURNCODE -eq 0 ] && echo "Processed config files are in $SCRIPT_DIR"
|
||||
}
|
||||
|
||||
CHECKOPTIONS=""
|
||||
NEWOPTIONS=""
|
||||
TESTRUN=""
|
||||
CHECKWARNINGS=""
|
||||
MAKEOPTS=""
|
||||
CC_IS_CLANG=0
|
||||
|
||||
RETURNCODE=0
|
||||
|
||||
while [[ $# -gt 0 ]]
|
||||
do
|
||||
key="$1"
|
||||
case $key in
|
||||
-a)
|
||||
CHECKOPTIONS="x"
|
||||
NEWOPTIONS="x"
|
||||
CHECKWARNINGS="x"
|
||||
;;
|
||||
-c)
|
||||
CHECKOPTIONS="x"
|
||||
;;
|
||||
-h)
|
||||
usage
|
||||
;;
|
||||
-n)
|
||||
NEWOPTIONS="x"
|
||||
;;
|
||||
-t)
|
||||
TESTRUN="x"
|
||||
;;
|
||||
-w)
|
||||
CHECKWARNINGS="x"
|
||||
;;
|
||||
-z)
|
||||
COMMITNEWCONFIGS="x"
|
||||
;;
|
||||
-m)
|
||||
shift
|
||||
if [ "$1" = "CC=clang" ] || [ "$1" = "LLVM=1" ]; then
|
||||
CC_IS_CLANG=1
|
||||
fi
|
||||
MAKEOPTS="$MAKEOPTS $1"
|
||||
;;
|
||||
*)
|
||||
break;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
KVERREL="$(test -n "$1" && echo "-$1" || echo "")"
|
||||
FLAVOR="$(test -n "$2" && echo "-$2" || echo "-rhel")"
|
||||
# shellcheck disable=SC2015
|
||||
SCRIPT=$(readlink -f "$0")
|
||||
SCRIPT_DIR=$(dirname "$SCRIPT")
|
||||
|
||||
# Config options for RHEL should target the pending-rhel directory, not pending-common.
|
||||
if [ "$FLAVOR" = "-rhel" ]
|
||||
then
|
||||
FLAVOR="-rhel"
|
||||
fi
|
||||
|
||||
# to handle this script being a symlink
|
||||
cd "$SCRIPT_DIR"
|
||||
|
||||
if test -n "$COMMITNEWCONFIGS"; then
|
||||
commit_new_configs
|
||||
else
|
||||
process_configs
|
||||
fi
|
||||
|
||||
exit $RETURNCODE
|
@ -0,0 +1,53 @@
|
||||
# additional rpminspect configuration for this branch
|
||||
|
||||
---
|
||||
inspections:
|
||||
abidiff: off
|
||||
kmidiff: off
|
||||
upstream: off
|
||||
subpackages: off
|
||||
license: off
|
||||
debuginfo: off
|
||||
removedfiles: off
|
||||
|
||||
badfuncs:
|
||||
ignore:
|
||||
- /usr/libexec/ksamples/*
|
||||
- /usr/libexec/kselftests/*
|
||||
|
||||
emptyrpm:
|
||||
expected_empty:
|
||||
- kernel
|
||||
- kernel-debug
|
||||
- kernel-debug-devel-matched
|
||||
- kernel-devel-matched
|
||||
- kernel-lpae
|
||||
- kernel-zfcpdump
|
||||
- kernel-zfcpdump-devel-matched
|
||||
- kernel-zfcpdump-modules
|
||||
|
||||
patches:
|
||||
ignore_list:
|
||||
- linux-kernel-test.patch
|
||||
- patch-6.11-redhat.patch
|
||||
- patch-%{patchversion}-redhat.patch
|
||||
|
||||
runpath:
|
||||
ignore:
|
||||
- /usr/libexec/kselftests/bpf/urandom_read
|
||||
- /usr/libexec/kselftests/bpf/no_alu32/urandom_read
|
||||
|
||||
debuginfo:
|
||||
ignore:
|
||||
- /usr/libexec/kselftests/bpf/*
|
||||
- /usr/lib/debug/usr/libexec/perf-core/tests/shell/coresight/*
|
||||
|
||||
elf:
|
||||
ignore:
|
||||
- /usr/libexec/kselftests/*
|
||||
- /usr/libexec/perf-core/tests/shell/coresight/*
|
||||
- /usr/lib/debug/usr/libexec/perf-core/tests/shell/coresight/*
|
||||
|
||||
annocheck:
|
||||
ignore:
|
||||
- /usr/libexec/kselftests/*
|
@ -0,0 +1,12 @@
|
||||
{
|
||||
"virt": {
|
||||
"common": {
|
||||
"fips-disable.addon": [
|
||||
"fips=0\n"
|
||||
],
|
||||
"fips-enable.addon": [
|
||||
"fips=1\n"
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
@ -0,0 +1,151 @@
|
||||
#!/usr/bin/env python3
|
||||
#
|
||||
# This script inspects a given json proving a list of addons, and
|
||||
# creates an addon for each key/value pair matching the given uki, distro and
|
||||
# arch provided in input.
|
||||
#
|
||||
# Usage: python uki_create_addons.py input_json out_dir uki distro arch
|
||||
#
|
||||
# This tool requires the systemd-ukify and systemd-boot packages.
|
||||
#
|
||||
# Addon file
|
||||
#-----------
|
||||
# Each addon terminates with .addon
|
||||
# Each addon contains only two types of lines:
|
||||
# Lines beginning with '#' are description and thus ignored
|
||||
# All other lines are command line to be added.
|
||||
# The name of the end resulting addon is taken from the json hierarchy.
|
||||
# For example, and addon in json['virt']['rhel']['x86_64']['hello.addon'] will
|
||||
# result in an UKI addon file generated in out_dir called
|
||||
# hello-virt.rhel.x86_64.addon.efi
|
||||
#
|
||||
# The common key, present in any sub-dict in the provided json (except the leaf dict)
|
||||
# is used as place for default addons when the same addon is not defined deep
|
||||
# in the hierarchy. For example, if we define test.addon (text: 'test1\n') in
|
||||
# json['common']['test.addon'] = ['test1\n'] and another test.addon (text: test2) in
|
||||
# json['virt']['common']['test.addon'] = ['test2'], any other uki except virt
|
||||
# will have a test.addon.efi with text "test1", and virt will have a
|
||||
# test.addon.efi with "test2"
|
||||
#
|
||||
# sbat.conf
|
||||
#----------
|
||||
# This dict is containing the sbat string for *all* addons being created.
|
||||
# This dict is optional, but when used has to be put in a sub-dict with
|
||||
# { 'sbat' : { 'sbat.conf' : ['your text here'] }}
|
||||
# It follows the same syntax as the addon files, meaning '#' is comment and
|
||||
# the rest is taken as sbat string and feed to ukify.
|
||||
|
||||
import os
|
||||
import sys
|
||||
import json
|
||||
import collections
|
||||
import subprocess
|
||||
|
||||
|
||||
UKIFY_PATH = '/usr/lib/systemd/ukify'
|
||||
|
||||
def usage(err):
|
||||
print(f'Usage: {os.path.basename(__file__)} input_json output_dir uki distro arch')
|
||||
print(f'Error:{err}')
|
||||
sys.exit(1)
|
||||
|
||||
def check_clean_arguments(input_json, out_dir):
|
||||
# Remove end '/'
|
||||
if out_dir[-1:] == '/':
|
||||
out_dir = out_dir[:-1]
|
||||
if not os.path.isfile(input_json):
|
||||
usage(f'input_json {input_json} is not a file, or does not exist!')
|
||||
if not os.path.isdir(out_dir):
|
||||
usage(f'out_dir_dir {out_dir} is not a dir, or does not exist!')
|
||||
return out_dir
|
||||
|
||||
UKICmdlineAddon = collections.namedtuple('UKICmdlineAddon', ['name', 'cmdline'])
|
||||
uki_addons_list = []
|
||||
uki_addons = {}
|
||||
addon_sbat_string = None
|
||||
|
||||
def parse_lines(lines, rstrip=True):
|
||||
cmdline = ''
|
||||
for l in lines:
|
||||
l = l.lstrip()
|
||||
if not l:
|
||||
continue
|
||||
if l[0] == '#':
|
||||
continue
|
||||
# rstrip is used only for addons cmdline, not sbat.conf, as it replaces
|
||||
# return lines with spaces.
|
||||
if rstrip:
|
||||
l = l.rstrip() + ' '
|
||||
cmdline += l
|
||||
if cmdline == '':
|
||||
return ''
|
||||
return cmdline
|
||||
|
||||
def parse_all_addons(in_obj):
|
||||
global addon_sbat_string
|
||||
|
||||
for el in in_obj.keys():
|
||||
# addon found: copy it in our global dict uki_addons
|
||||
if el.endswith('.addon'):
|
||||
uki_addons[el] = in_obj[el]
|
||||
|
||||
if 'sbat' in in_obj and 'sbat.conf' in in_obj['sbat']:
|
||||
# sbat.conf found: override sbat with the most specific one found
|
||||
addon_sbat_string = parse_lines(in_obj['sbat']['sbat.conf'], rstrip=False)
|
||||
|
||||
def recursively_find_addons(in_obj, folder_list):
|
||||
# end of recursion, leaf directory. Search all addons here
|
||||
if len(folder_list) == 0:
|
||||
parse_all_addons(in_obj)
|
||||
return
|
||||
|
||||
# first, check for common folder
|
||||
if 'common' in in_obj:
|
||||
parse_all_addons(in_obj['common'])
|
||||
|
||||
# second, check if there is a match with the searched folder
|
||||
if folder_list[0] in in_obj:
|
||||
folder_next = in_obj[folder_list[0]]
|
||||
folder_list = folder_list[1:]
|
||||
recursively_find_addons(folder_next, folder_list)
|
||||
|
||||
def parse_in_json(in_json, uki_name, distro, arch):
|
||||
with open(in_json, 'r') as f:
|
||||
in_obj = json.load(f)
|
||||
recursively_find_addons(in_obj, [uki_name, distro, arch])
|
||||
|
||||
for addon_name, cmdline in uki_addons.items():
|
||||
addon_name = addon_name.replace(".addon","")
|
||||
addon_full_name = f'{addon_name}-{uki_name}.{distro}.{arch}.addon.efi'
|
||||
cmdline = parse_lines(cmdline).rstrip()
|
||||
if cmdline:
|
||||
uki_addons_list.append(UKICmdlineAddon(addon_full_name, cmdline))
|
||||
|
||||
def create_addons(out_dir):
|
||||
for uki_addon in uki_addons_list:
|
||||
out_path = os.path.join(out_dir, uki_addon.name)
|
||||
cmd = [
|
||||
f'{UKIFY_PATH}', 'build',
|
||||
f'--cmdline="{uki_addon.cmdline}"',
|
||||
f'--output={out_path}']
|
||||
if addon_sbat_string:
|
||||
cmd.append('--sbat="' + addon_sbat_string.rstrip() +'"')
|
||||
|
||||
subprocess.check_call(cmd, text=True)
|
||||
|
||||
if __name__ == "__main__":
|
||||
argc = len(sys.argv) - 1
|
||||
if argc != 5:
|
||||
usage('too few or too many parameters!')
|
||||
|
||||
input_json = sys.argv[1]
|
||||
out_dir = sys.argv[2]
|
||||
uki_name = sys.argv[3]
|
||||
distro = sys.argv[4]
|
||||
arch = sys.argv[5]
|
||||
|
||||
out_dir = check_clean_arguments(input_json, out_dir)
|
||||
parse_in_json(input_json, uki_name, distro, arch)
|
||||
create_addons(out_dir)
|
||||
|
||||
|
@ -0,0 +1,16 @@
|
||||
[ req ]
|
||||
default_bits = 3072
|
||||
distinguished_name = req_distinguished_name
|
||||
prompt = no
|
||||
x509_extensions = myexts
|
||||
|
||||
[ req_distinguished_name ]
|
||||
O = The CentOS Project
|
||||
CN = CentOS Stream kernel signing key
|
||||
emailAddress = security@centos.org
|
||||
|
||||
[ myexts ]
|
||||
basicConstraints=critical,CA:FALSE
|
||||
keyUsage=digitalSignature
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid
|
@ -0,0 +1,16 @@
|
||||
[ req ]
|
||||
default_bits = 3072
|
||||
distinguished_name = req_distinguished_name
|
||||
prompt = no
|
||||
x509_extensions = myexts
|
||||
|
||||
[ req_distinguished_name ]
|
||||
O = Red Hat
|
||||
CN = Red Hat Enterprise Linux kernel signing key
|
||||
emailAddress = secalert@redhat.com
|
||||
|
||||
[ myexts ]
|
||||
basicConstraints=critical,CA:FALSE
|
||||
keyUsage=digitalSignature
|
||||
subjectKeyIdentifier=hash
|
||||
authorityKeyIdentifier=keyid
|
File diff suppressed because it is too large
Load Diff
Loading…
Reference in new issue