Compare commits

...

19 Commits

Author SHA1 Message Date
MSVSphere Packaging Team 96d8a82b1d
import kernel-5.14.0-503.19.1.el9_5
1 day ago
MSVSphere Packaging Team 7bcef0f1ce
import kernel-5.14.0-503.16.1.el9_5
1 day ago
MSVSphere Packaging Team efb2c6c577
import kernel-5.14.0-503.15.1.el9_5
1 month ago
MSVSphere Packaging Team ea8d5cf9d2
import kernel-5.14.0-503.14.1.el9_5
1 month ago
MSVSphere Packaging Team b4abdc45c6
import kernel-5.14.0-503.11.1.el9_5
1 month ago
MSVSphere Packaging Team a3d7802329
import kernel-5.14.0-427.42.1.el9_4
2 months ago
MSVSphere Packaging Team 3b439ca9f4
import kernel-5.14.0-427.40.1.el9_4
2 months ago
MSVSphere Packaging Team e68d155fcb
import kernel-5.14.0-427.37.1.el9_4
3 months ago
MSVSphere Packaging Team 41591083ff import kernel-5.14.0-427.35.1.el9_4
4 months ago
MSVSphere Packaging Team e945dadf4b import kernel-5.14.0-427.33.1.el9_4
4 months ago
MSVSphere Packaging Team f16094dcdd import kernel-5.14.0-427.31.1.el9_4
4 months ago
MSVSphere Packaging Team 17a0de1c13 import kernel-5.14.0-427.28.1.el9_4
5 months ago
MSVSphere Packaging Team a667fe740c import kernel-5.14.0-427.26.1.el9_4
5 months ago
MSVSphere Packaging Team c7933ba3f8 import kernel-5.14.0-427.24.1.el9_4
6 months ago
MSVSphere Packaging Team 77fda1867f import kernel-5.14.0-427.22.1.el9_4
6 months ago
MSVSphere Packaging Team 5f3d3f3fe3 import kernel-5.14.0-427.20.1.el9_4
7 months ago
MSVSphere Packaging Team 5d06cc1807 import kernel-5.14.0-427.18.1.el9_4
7 months ago
MSVSphere Packaging Team a9fa37c28a import kernel-5.14.0-427.16.1.el9_4
7 months ago
MSVSphere Packaging Team 62a8828e5f import kernel-5.14.0-427.13.1.el9_4
8 months ago

9
.gitignore vendored

@ -1,10 +1,9 @@
SOURCES/kernel-abi-stablelists-5.14.0-362.24.1.el9_3.tar.bz2 SOURCES/kernel-abi-stablelists-5.14.0-503.19.1.el9_5.tar.bz2
SOURCES/kernel-kabi-dw-5.14.0-362.24.1.el9_3.tar.bz2 SOURCES/kernel-kabi-dw-5.14.0-503.19.1.el9_5.tar.bz2
SOURCES/linux-5.14.0-362.24.1.el9_3.tar.xz SOURCES/linux-5.14.0-503.19.1.el9_5.tar.xz
SOURCES/nvidiagpuoot001.x509
SOURCES/rheldup3.x509 SOURCES/rheldup3.x509
SOURCES/rhelima.x509 SOURCES/rhelima.x509
SOURCES/rhelima_centos.x509 SOURCES/rhelima_centos.x509
SOURCES/rhelimaca1.x509 SOURCES/rhelimaca1.x509
SOURCES/rhelkpatch1.x509 SOURCES/rhelkpatch1.x509
SOURCES/uki-sb-cert-x86_64-centos.crt
SOURCES/uki-sb-cert-x86_64-rhel.crt

@ -1,10 +1,9 @@
6b3b73a0e5ee8afc75ff184e7579cf193d12e333 SOURCES/kernel-abi-stablelists-5.14.0-362.24.1.el9_3.tar.bz2 a614816812a77eadc37c3e71e3b794d58ee62596 SOURCES/kernel-abi-stablelists-5.14.0-503.19.1.el9_5.tar.bz2
2dbea40d3654901f0bdc4bb48351f07d4590c1c4 SOURCES/kernel-kabi-dw-5.14.0-362.24.1.el9_3.tar.bz2 3125e053f6237338119f6f6c32eb3144b0fcbff3 SOURCES/kernel-kabi-dw-5.14.0-503.19.1.el9_5.tar.bz2
aa929675bd46443ba8d0036b9247514be09efc00 SOURCES/linux-5.14.0-362.24.1.el9_3.tar.xz cb25584103dd0b8aa392bac6d1dbf713dc975219 SOURCES/linux-5.14.0-503.19.1.el9_5.tar.xz
4fff8080e88afffc06d8ef5004db8d53bb21237f SOURCES/nvidiagpuoot001.x509
95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509 95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
99e571f9de4188f3b5fdf1f84ff73f6cc4bb6a0e SOURCES/rhelima.x509 99e571f9de4188f3b5fdf1f84ff73f6cc4bb6a0e SOURCES/rhelima.x509
61d5a223ff0c79189505abae77e0087c4b2d2b47 SOURCES/rhelima_centos.x509 61d5a223ff0c79189505abae77e0087c4b2d2b47 SOURCES/rhelima_centos.x509
f882610d2554fef65703e5d3c342f005af0390ad SOURCES/rhelimaca1.x509 f882610d2554fef65703e5d3c342f005af0390ad SOURCES/rhelimaca1.x509
d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509 d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509
20224d67a583b98009a1c1632bb4b639b0e8be6a SOURCES/uki-sb-cert-x86_64-centos.crt
1d51d3a037ad287095b0a13c4deeb1252d8ff0cc SOURCES/uki-sb-cert-x86_64-rhel.crt

@ -1,5 +1,5 @@
RHEL_MAJOR = 9 RHEL_MAJOR = 9
RHEL_MINOR = 3 RHEL_MINOR = 5
# #
# RHEL_RELEASE # RHEL_RELEASE
@ -12,7 +12,7 @@ RHEL_MINOR = 3
# #
# Use this spot to avoid future merge conflicts. # Use this spot to avoid future merge conflicts.
# Do not trim this comment. # Do not trim this comment.
RHEL_RELEASE = 362.24.1 RHEL_RELEASE = 503.19.1
# #
# ZSTREAM # ZSTREAM

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

@ -17,6 +17,9 @@ dracutmodules+=" crypt crypt-loop tpm2-tss "
# WALinuxagent-cvm with CVM specific udev rules # WALinuxagent-cvm with CVM specific udev rules
dracutmodules+=" walinuxagentcvm " dracutmodules+=" walinuxagentcvm "
# modules: root disk integrity protection
dracutmodules+=" systemd-veritysetup "
# drivers: virtual buses, pci # drivers: virtual buses, pci
drivers+=" virtio-pci virtio-mmio " # qemu-kvm drivers+=" virtio-pci virtio-mmio " # qemu-kvm
drivers+=" hv-vmbus pci-hyperv " # hyperv drivers+=" hv-vmbus pci-hyperv " # hyperv
@ -31,6 +34,9 @@ drivers+=" xen-blkfront " # xen
# root encryption # root encryption
drivers+=" dm_crypt " drivers+=" dm_crypt "
# root disk integrity protection
drivers+=" dm_verity overlay "
# filesystems # filesystems
filesystems+=" vfat ext4 xfs overlay " filesystems+=" vfat ext4 xfs overlay "

@ -14,7 +14,7 @@
# listed here. # listed here.
# Overrides is individual modules which need to remain in kernel-core due to deps. # Overrides is individual modules which need to remain in kernel-core due to deps.
overrides="cec" overrides="cec isst_if_common isst_tpmi_core isst_tpmi intel_vsec intel_vsec_tpmi"
# Set the default dirs/modules to filter out # Set the default dirs/modules to filter out
driverdirs="atm auxdisplay bcma bluetooth firewire fmc iio infiniband isdn leds media memstick mfd mmc mtd nfc ntb pcmcia platform power ssb staging tty uio uwb w1" driverdirs="atm auxdisplay bcma bluetooth firewire fmc iio infiniband isdn leds media memstick mfd mmc mtd nfc ntb pcmcia platform power ssb staging tty uio uwb w1"
@ -33,7 +33,7 @@ scsidrvs="aacraid aic7xxx aic94xx be2iscsi bfa bnx2i bnx2fc csiostor cxgbi esas2
usbdrvs="atm image misc serial wusbcore" usbdrvs="atm image misc serial wusbcore"
fsdrvs="affs befs cifs coda cramfs ecryptfs hfs hfsplus jfs minix ncpfs nilfs2 ocfs2 reiserfs romfs squashfs sysv ubifs ufs" fsdrvs="affs befs smb coda cramfs ecryptfs hfs hfsplus jfs minix ncpfs nilfs2 ocfs2 reiserfs romfs squashfs sysv ubifs ufs"
netprots="6lowpan appletalk atm ax25 batman-adv bluetooth can dccp dsa ieee802154 irda l2tp mac80211 mac802154 mpls netrom nfc rds rfkill rose sctp smc wireless" netprots="6lowpan appletalk atm ax25 batman-adv bluetooth can dccp dsa ieee802154 irda l2tp mac80211 mac802154 mpls netrom nfc rds rfkill rose sctp smc wireless"

@ -7,3 +7,8 @@ rules:
- !PassingTestCaseRule {test_case_name: cki.tier1-ppc64le.functional} - !PassingTestCaseRule {test_case_name: cki.tier1-ppc64le.functional}
- !PassingTestCaseRule {test_case_name: cki.tier1-s390x.functional} - !PassingTestCaseRule {test_case_name: cki.tier1-s390x.functional}
- !PassingTestCaseRule {test_case_name: cki.tier1-x86_64.functional} - !PassingTestCaseRule {test_case_name: cki.tier1-x86_64.functional}
- !PassingTestCaseRule {test_case_name: s1-aws-ci_x86_64.brew-build.tier1.functional}
- !PassingTestCaseRule {test_case_name: s1-aws-ci_aarch64.brew-build.tier1.functional}
- !PassingTestCaseRule {test_case_name: s1-azure-ci_x86_64.brew-build.tier1.functional}
- !PassingTestCaseRule {test_case_name: s1-azure-ci_aarch64.brew-build.tier1.functional}
- !PassingTestCaseRule {test_case_name: s1-gcp-ci.brew-build.tier1.functional}

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

@ -158,6 +158,7 @@ tcp_veno.ko
tcp_westwood.ko tcp_westwood.ko
tcp_yeah.ko tcp_yeah.ko
tekram-sir.ko tekram-sir.ko
test_lockup.ko
tmdc.ko tmdc.ko
toim3232-sir.ko toim3232-sir.ko
trancevibrator.ko trancevibrator.ko
@ -188,6 +189,5 @@ wanrouter.ko
warrior.ko warrior.ko
whci.ko whci.ko
wire.ko wire.ko
wwan_hwsim.ko
yam.ko yam.ko
zhenhua.ko zhenhua.ko

@ -16,7 +16,7 @@ soc-utils-test
string-stream-test string-stream-test
test_linear_ranges test_linear_ranges
test_bits test_bits
test_kasan kasan_test
time_test time_test
fat_test fat_test
lib_test lib_test
@ -68,6 +68,7 @@ drm_dp_mst_helper_test
drm_format_helper_test drm_format_helper_test
drm_format_test drm_format_test
drm_framebuffer_test drm_framebuffer_test
drm_gem_shmem_test
drm_kunit_helpers drm_kunit_helpers
drm_mm_test drm_mm_test
drm_plane_helper_test drm_plane_helper_test
@ -77,3 +78,20 @@ drm_connector_test
drm_managed_test drm_managed_test
drm_modes_test drm_modes_test
drm_probe_helper_test drm_probe_helper_test
input_test
hashtable_test
hid-uclogic-test
strcat_kunit
strscpy_kunit
siphash_kunit
handshake-test
drm_exec_test
regmap-kunit
cfg80211-tests
mac80211-tests
wwan_hwsim
checksum_kunit
arm-smmu-v3-test
iwlwifi-tests
sound_kunit
amd-pstate-ut

@ -19,7 +19,7 @@ NPROC=$(nproc)
[ -z "$NPROC" ] && NPROC=1 [ -z "$NPROC" ] && NPROC=1
# NB: this loop runs 2000+ iterations. Try to be fast. # NB: this loop runs 2000+ iterations. Try to be fast.
echo "$modules" | xargs -r -n16 -P $NPROC sh -c " echo "$modules" | xargs -r -n16 -P "$NPROC" sh -c "
for mod; do for mod; do
./scripts/sign-file sha256 $MODSECKEY $MODPUBKEY \$mod ./scripts/sign-file sha256 $MODSECKEY $MODPUBKEY \$mod
rm -f \$mod.sig \$mod.dig rm -f \$mod.sig \$mod.dig

@ -311,12 +311,14 @@ function process_configs()
process_config "$cfg" "$count" process_config "$cfg" "$count"
fi fi
process_config "$cfg" "$count" & process_config "$cfg" "$count" &
# shellcheck disable=SC2004
waitpids[${count}]=$! waitpids[${count}]=$!
((count++)) ((count++))
while [ "$(jobs | grep -c Running)" -ge "$RHJOBS" ]; do :; done while [ "$(jobs | grep -c Running)" -ge "$RHJOBS" ]; do :; done
done done
# shellcheck disable=SC2048
for pid in ${waitpids[*]}; do for pid in ${waitpids[*]}; do
wait ${pid} wait "${pid}"
done done
rm "$SCRIPT_DIR"/*.config*.old rm "$SCRIPT_DIR"/*.config*.old

@ -6,6 +6,9 @@ inspections:
kmidiff: off kmidiff: off
upstream: off upstream: off
subpackages: off subpackages: off
license: off
debuginfo: off
removedfiles: off
badfuncs: badfuncs:
ignore: ignore:

@ -0,0 +1,12 @@
{
"virt": {
"common": {
"fips-disable.addon": [
"fips=0\n"
],
"fips-enable.addon": [
"fips=1\n"
]
}
}
}

@ -0,0 +1,151 @@
#!/usr/bin/env python3
#
# This script inspects a given json proving a list of addons, and
# creates an addon for each key/value pair matching the given uki, distro and
# arch provided in input.
#
# Usage: python uki_create_addons.py input_json out_dir uki distro arch
#
# This tool requires the systemd-ukify and systemd-boot packages.
#
# Addon file
#-----------
# Each addon terminates with .addon
# Each addon contains only two types of lines:
# Lines beginning with '#' are description and thus ignored
# All other lines are command line to be added.
# The name of the end resulting addon is taken from the json hierarchy.
# For example, and addon in json['virt']['rhel']['x86_64']['hello.addon'] will
# result in an UKI addon file generated in out_dir called
# hello-virt.rhel.x86_64.addon.efi
#
# The common key, present in any sub-dict in the provided json (except the leaf dict)
# is used as place for default addons when the same addon is not defined deep
# in the hierarchy. For example, if we define test.addon (text: 'test1\n') in
# json['common']['test.addon'] = ['test1\n'] and another test.addon (text: test2) in
# json['virt']['common']['test.addon'] = ['test2'], any other uki except virt
# will have a test.addon.efi with text "test1", and virt will have a
# test.addon.efi with "test2"
#
# sbat.conf
#----------
# This dict is containing the sbat string for *all* addons being created.
# This dict is optional, but when used has to be put in a sub-dict with
# { 'sbat' : { 'sbat.conf' : ['your text here'] }}
# It follows the same syntax as the addon files, meaning '#' is comment and
# the rest is taken as sbat string and feed to ukify.
import os
import sys
import json
import collections
import subprocess
UKIFY_PATH = '/usr/lib/systemd/ukify'
def usage(err):
print(f'Usage: {os.path.basename(__file__)} input_json output_dir uki distro arch')
print(f'Error:{err}')
sys.exit(1)
def check_clean_arguments(input_json, out_dir):
# Remove end '/'
if out_dir[-1:] == '/':
out_dir = out_dir[:-1]
if not os.path.isfile(input_json):
usage(f'input_json {input_json} is not a file, or does not exist!')
if not os.path.isdir(out_dir):
usage(f'out_dir_dir {out_dir} is not a dir, or does not exist!')
return out_dir
UKICmdlineAddon = collections.namedtuple('UKICmdlineAddon', ['name', 'cmdline'])
uki_addons_list = []
uki_addons = {}
addon_sbat_string = None
def parse_lines(lines, rstrip=True):
cmdline = ''
for l in lines:
l = l.lstrip()
if not l:
continue
if l[0] == '#':
continue
# rstrip is used only for addons cmdline, not sbat.conf, as it replaces
# return lines with spaces.
if rstrip:
l = l.rstrip() + ' '
cmdline += l
if cmdline == '':
return ''
return cmdline
def parse_all_addons(in_obj):
global addon_sbat_string
for el in in_obj.keys():
# addon found: copy it in our global dict uki_addons
if el.endswith('.addon'):
uki_addons[el] = in_obj[el]
if 'sbat' in in_obj and 'sbat.conf' in in_obj['sbat']:
# sbat.conf found: override sbat with the most specific one found
addon_sbat_string = parse_lines(in_obj['sbat']['sbat.conf'], rstrip=False)
def recursively_find_addons(in_obj, folder_list):
# end of recursion, leaf directory. Search all addons here
if len(folder_list) == 0:
parse_all_addons(in_obj)
return
# first, check for common folder
if 'common' in in_obj:
parse_all_addons(in_obj['common'])
# second, check if there is a match with the searched folder
if folder_list[0] in in_obj:
folder_next = in_obj[folder_list[0]]
folder_list = folder_list[1:]
recursively_find_addons(folder_next, folder_list)
def parse_in_json(in_json, uki_name, distro, arch):
with open(in_json, 'r') as f:
in_obj = json.load(f)
recursively_find_addons(in_obj, [uki_name, distro, arch])
for addon_name, cmdline in uki_addons.items():
addon_name = addon_name.replace(".addon","")
addon_full_name = f'{addon_name}-{uki_name}.{distro}.{arch}.addon.efi'
cmdline = parse_lines(cmdline).rstrip()
if cmdline:
uki_addons_list.append(UKICmdlineAddon(addon_full_name, cmdline))
def create_addons(out_dir):
for uki_addon in uki_addons_list:
out_path = os.path.join(out_dir, uki_addon.name)
cmd = [
f'{UKIFY_PATH}', 'build',
f'--cmdline="{uki_addon.cmdline}"',
f'--output={out_path}']
if addon_sbat_string:
cmd.append('--sbat="' + addon_sbat_string.rstrip() +'"')
subprocess.check_call(cmd, text=True)
if __name__ == "__main__":
argc = len(sys.argv) - 1
if argc != 5:
usage('too few or too many parameters!')
input_json = sys.argv[1]
out_dir = sys.argv[2]
uki_name = sys.argv[3]
distro = sys.argv[4]
arch = sys.argv[5]
out_dir = check_clean_arguments(input_json, out_dir)
parse_in_json(input_json, uki_name, distro, arch)
create_addons(out_dir)

@ -7,6 +7,6 @@ fi
TARGET="$1" TARGET="$1"
for i in "$RPM_SOURCE_DIR"/*."$TARGET"; do for i in "$RPM_SOURCE_DIR"/*."$TARGET"; do
NEW=${i%.$TARGET} NEW=${i%."$TARGET"}
cp "$i" "$(basename "$NEW")" cp "$i" "$(basename "$NEW")"
done done

File diff suppressed because it is too large Load Diff
Loading…
Cancel
Save