import rteval-loads-1.6-12.el10

3 months ago · 13e5bc0dfd
commit 13e5bc0dfd
6 changed files with 755 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+SOURCES/linux-6.10.5-rteval.tar.xz
--- a/.rteval-loads.metadata
+++ b/.rteval-loads.metadata
@ -0,0 +1 @@
+86869a64075433195608c9836da2f949c67f2a69 SOURCES/linux-6.10.5-rteval.tar.xz
--- a/SOURCES/0001_sign_file_extract_cert_move_common_ssl_helper_functions_to_a_header.patch
+++ b/SOURCES/0001_sign_file_extract_cert_move_common_ssl_helper_functions_to_a_header.patch
@ -0,0 +1,199 @@
+From: Jan Stancek <jstancek@redhat.com>
+Subject: sign-file,extract-cert: move common SSL helper functions to a header
+Date: Fri, 12 Jul 2024 09:11:14 +0200
+
+Couple error handling helpers are repeated in both tools, so
+move them to a common header.
+
+Signed-off-by: Jan Stancek <jstancek@redhat.com>
+Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
+Reviewed-by: Neal Gompa <neal@gompa.dev>
+---
+ MAINTAINERS          |  1 +
+ certs/Makefile       |  2 +-
+ certs/extract-cert.c | 37 ++-----------------------------------
+ scripts/sign-file.c  | 37 ++-----------------------------------
+ scripts/ssl-common.h | 39 +++++++++++++++++++++++++++++++++++++++
+ 5 files changed, 45 insertions(+), 71 deletions(-)
+ create mode 100644 scripts/ssl-common.h
+
+diff --git a/MAINTAINERS b/MAINTAINERS
+index 2a4d4b3a9b40..4681e3cd0d20 100644
+--- a/MAINTAINERS
+++ b/MAINTAINERS
+@@ -5042,6 +5042,7 @@ S:	Maintained
+ F:	Documentation/admin-guide/module-signing.rst
+ F:	certs/
+ F:	scripts/sign-file.c
+F:	scripts/ssl-common.h
+ F:	tools/certs/
+ 
+ CFAG12864B LCD DRIVER
+diff --git a/certs/Makefile b/certs/Makefile
+index 1094e3860c2a..f6fa4d8d75e0 100644
+--- a/certs/Makefile
+++ b/certs/Makefile
+@@ -84,5 +84,5 @@ targets += x509_revocation_list
+ 
+ hostprogs := extract-cert
+ 
+-HOSTCFLAGS_extract-cert.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null)
+HOSTCFLAGS_extract-cert.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null) -I$(srctree)/scripts
+ HOSTLDLIBS_extract-cert = $(shell $(HOSTPKG_CONFIG) --libs libcrypto 2> /dev/null || echo -lcrypto)
+diff --git a/certs/extract-cert.c b/certs/extract-cert.c
+index 70e9ec89d87d..8e7ba9974a1f 100644
+--- a/certs/extract-cert.c
+++ b/certs/extract-cert.c
+@@ -23,6 +23,8 @@
+ #include <openssl/err.h>
+ #include <openssl/engine.h>
+ 
+#include "ssl-common.h"
+
+ /*
+  * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
+  *
+@@ -40,41 +42,6 @@ void format(void)
+ 	exit(2);
+ }
+ 
+-static void display_openssl_errors(int l)
+-{
+-	const char *file;
+-	char buf[120];
+-	int e, line;
+-
+-	if (ERR_peek_error() == 0)
+-		return;
+-	fprintf(stderr, "At main.c:%d:\n", l);
+-
+-	while ((e = ERR_get_error_line(&file, &line))) {
+-		ERR_error_string(e, buf);
+-		fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
+-	}
+-}
+-
+-static void drain_openssl_errors(void)
+-{
+-	const char *file;
+-	int line;
+-
+-	if (ERR_peek_error() == 0)
+-		return;
+-	while (ERR_get_error_line(&file, &line)) {}
+-}
+-
+-#define ERR(cond, fmt, ...)				\
+-	do {						\
+-		bool __cond = (cond);			\
+-		display_openssl_errors(__LINE__);	\
+-		if (__cond) {				\
+-			err(1, fmt, ## __VA_ARGS__);	\
+-		}					\
+-	} while(0)
+-
+ static const char *key_pass;
+ static BIO *wb;
+ static char *cert_dst;
+diff --git a/scripts/sign-file.c b/scripts/sign-file.c
+index 3edb156ae52c..39ba58db5d4e 100644
+--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
+@@ -29,6 +29,8 @@
+ #include <openssl/err.h>
+ #include <openssl/engine.h>
+ 
+#include "ssl-common.h"
+
+ /*
+  * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
+  *
+@@ -83,41 +85,6 @@ void format(void)
+ 	exit(2);
+ }
+ 
+-static void display_openssl_errors(int l)
+-{
+-	const char *file;
+-	char buf[120];
+-	int e, line;
+-
+-	if (ERR_peek_error() == 0)
+-		return;
+-	fprintf(stderr, "At main.c:%d:\n", l);
+-
+-	while ((e = ERR_get_error_line(&file, &line))) {
+-		ERR_error_string(e, buf);
+-		fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
+-	}
+-}
+-
+-static void drain_openssl_errors(void)
+-{
+-	const char *file;
+-	int line;
+-
+-	if (ERR_peek_error() == 0)
+-		return;
+-	while (ERR_get_error_line(&file, &line)) {}
+-}
+-
+-#define ERR(cond, fmt, ...)				\
+-	do {						\
+-		bool __cond = (cond);			\
+-		display_openssl_errors(__LINE__);	\
+-		if (__cond) {				\
+-			errx(1, fmt, ## __VA_ARGS__);	\
+-		}					\
+-	} while(0)
+-
+ static const char *key_pass;
+ 
+ static int pem_pw_cb(char *buf, int len, int w, void *v)
+diff --git a/scripts/ssl-common.h b/scripts/ssl-common.h
+new file mode 100644
+index 000000000000..e6711c75ed91
+--- /dev/null
+++ b/scripts/ssl-common.h
+@@ -0,0 +1,39 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+/*
+ * SSL helper functions shared by sign-file and extract-cert.
+ */
+
+static void display_openssl_errors(int l)
+{
+	const char *file;
+	char buf[120];
+	int e, line;
+
+	if (ERR_peek_error() == 0)
+		return;
+	fprintf(stderr, "At main.c:%d:\n", l);
+
+	while ((e = ERR_get_error_line(&file, &line))) {
+		ERR_error_string(e, buf);
+		fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
+	}
+}
+
+static void drain_openssl_errors(void)
+{
+	const char *file;
+	int line;
+
+	if (ERR_peek_error() == 0)
+		return;
+	while (ERR_get_error_line(&file, &line)) {}
+}
+
+#define ERR(cond, fmt, ...)				\
+	do {						\
+		bool __cond = (cond);			\
+		display_openssl_errors(__LINE__);	\
+		if (__cond) {				\
+			errx(1, fmt, ## __VA_ARGS__);	\
+		}					\
+	} while (0)
+-- 
+2.39.3
--- a/SOURCES/0002_sign_file_extract_cert_avoid_using_deprecated_err_get_error_line.patch
+++ b/SOURCES/0002_sign_file_extract_cert_avoid_using_deprecated_err_get_error_line.patch
@ -0,0 +1,115 @@
+From: Jan Stancek <jstancek@redhat.com>
+Subject: sign-file,extract-cert: avoid using deprecated ERR_get_error_line()
+Date: Fri, 12 Jul 2024 09:11:15 +0200
+
+ERR_get_error_line() is deprecated since OpenSSL 3.0.
+
+Use ERR_peek_error_line() instead, and combine display_openssl_errors()
+and drain_openssl_errors() to a single function where parameter decides
+if it should consume errors silently.
+
+Signed-off-by: Jan Stancek <jstancek@redhat.com>
+Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
+Reviewed-by: Neal Gompa <neal@gompa.dev>
+---
+ certs/extract-cert.c |  4 ++--
+ scripts/sign-file.c  |  6 +++---
+ scripts/ssl-common.h | 23 ++++++++---------------
+ 3 files changed, 13 insertions(+), 20 deletions(-)
+
+diff --git a/certs/extract-cert.c b/certs/extract-cert.c
+index 8e7ba9974a1f..61bbe0085671 100644
+--- a/certs/extract-cert.c
+++ b/certs/extract-cert.c
+@@ -99,11 +99,11 @@ int main(int argc, char **argv)
+ 		parms.cert = NULL;
+ 
+ 		ENGINE_load_builtin_engines();
+-		drain_openssl_errors();
+		drain_openssl_errors(__LINE__, 1);
+ 		e = ENGINE_by_id("pkcs11");
+ 		ERR(!e, "Load PKCS#11 ENGINE");
+ 		if (ENGINE_init(e))
+-			drain_openssl_errors();
+			drain_openssl_errors(__LINE__, 1);
+ 		else
+ 			ERR(1, "ENGINE_init");
+ 		if (key_pass)
+diff --git a/scripts/sign-file.c b/scripts/sign-file.c
+index 39ba58db5d4e..bb3fdf1a617c 100644
+--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
+@@ -114,11 +114,11 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
+ 		ENGINE *e;
+ 
+ 		ENGINE_load_builtin_engines();
+-		drain_openssl_errors();
+		drain_openssl_errors(__LINE__, 1);
+ 		e = ENGINE_by_id("pkcs11");
+ 		ERR(!e, "Load PKCS#11 ENGINE");
+ 		if (ENGINE_init(e))
+-			drain_openssl_errors();
+			drain_openssl_errors(__LINE__, 1);
+ 		else
+ 			ERR(1, "ENGINE_init");
+ 		if (key_pass)
+@@ -273,7 +273,7 @@ int main(int argc, char **argv)
+ 
+ 		/* Digest the module data. */
+ 		OpenSSL_add_all_digests();
+-		display_openssl_errors(__LINE__);
+		drain_openssl_errors(__LINE__, 0);
+ 		digest_algo = EVP_get_digestbyname(hash_algo);
+ 		ERR(!digest_algo, "EVP_get_digestbyname");
+ 
+diff --git a/scripts/ssl-common.h b/scripts/ssl-common.h
+index e6711c75ed91..2db0e181143c 100644
+--- a/scripts/ssl-common.h
+++ b/scripts/ssl-common.h
+@@ -3,7 +3,7 @@
+  * SSL helper functions shared by sign-file and extract-cert.
+  */
+ 
+-static void display_openssl_errors(int l)
+static void drain_openssl_errors(int l, int silent)
+ {
+ 	const char *file;
+ 	char buf[120];
+@@ -11,28 +11,21 @@ static void display_openssl_errors(int l)
+ 
+ 	if (ERR_peek_error() == 0)
+ 		return;
+-	fprintf(stderr, "At main.c:%d:\n", l);
+	if (!silent)
+		fprintf(stderr, "At main.c:%d:\n", l);
+ 
+-	while ((e = ERR_get_error_line(&file, &line))) {
+	while ((e = ERR_peek_error_line(&file, &line))) {
+ 		ERR_error_string(e, buf);
+-		fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
+		if (!silent)
+			fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
+		ERR_get_error();
+ 	}
+ }
+ 
+-static void drain_openssl_errors(void)
+-{
+-	const char *file;
+-	int line;
+-
+-	if (ERR_peek_error() == 0)
+-		return;
+-	while (ERR_get_error_line(&file, &line)) {}
+-}
+-
+ #define ERR(cond, fmt, ...)				\
+ 	do {						\
+ 		bool __cond = (cond);			\
+-		display_openssl_errors(__LINE__);	\
+		drain_openssl_errors(__LINE__, 0);	\
+ 		if (__cond) {				\
+ 			errx(1, fmt, ## __VA_ARGS__);	\
+ 		}					\
+-- 
+2.39.3
--- a/SOURCES/0003_sign_file_extract_cert_use_pkcs11_provider_for_openssl_major_3.patch
+++ b/SOURCES/0003_sign_file_extract_cert_use_pkcs11_provider_for_openssl_major_3.patch
@ -0,0 +1,282 @@
+From: Jan Stancek <jstancek@redhat.com>
+Subject: sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3
+Date: Fri, 12 Jul 2024 09:11:16 +0200
+
+ENGINE API has been deprecated since OpenSSL version 3.0 [1].
+Distros have started dropping support from headers and in future
+it will likely disappear also from library.
+
+It has been superseded by the PROVIDER API, so use it instead
+for OPENSSL MAJOR >= 3.
+
+[1] https://github.com/openssl/openssl/blob/master/README-ENGINES.md
+
+Signed-off-by: Jan Stancek <jstancek@redhat.com>
+Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
+Reviewed-by: Neal Gompa <neal@gompa.dev>
+---
+ certs/extract-cert.c | 103 ++++++++++++++++++++++++++++++-------------
+ scripts/sign-file.c  |  95 +++++++++++++++++++++++++++------------
+ 2 files changed, 140 insertions(+), 58 deletions(-)
+
+diff --git a/certs/extract-cert.c b/certs/extract-cert.c
+index 61bbe0085671..7d6d468ed612 100644
+--- a/certs/extract-cert.c
+++ b/certs/extract-cert.c
+@@ -21,17 +21,18 @@
+ #include <openssl/bio.h>
+ #include <openssl/pem.h>
+ #include <openssl/err.h>
+-#include <openssl/engine.h>
+-
+#if OPENSSL_VERSION_MAJOR >= 3
+# define USE_PKCS11_PROVIDER
+# include <openssl/provider.h>
+# include <openssl/store.h>
+#else
+# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+#  define USE_PKCS11_ENGINE
+#  include <openssl/engine.h>
+# endif
+#endif
+ #include "ssl-common.h"
+ 
+-/*
+- * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
+- *
+- * Remove this if/when that API is no longer used
+- */
+-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+-
+ #define PKEY_ID_PKCS7 2
+ 
+ static __attribute__((noreturn))
+@@ -61,6 +62,66 @@ static void write_cert(X509 *x509)
+ 		fprintf(stderr, "Extracted cert: %s\n", buf);
+ }
+ 
+static X509 *load_cert_pkcs11(const char *cert_src)
+{
+	X509 *cert = NULL;
+#ifdef USE_PKCS11_PROVIDER
+	OSSL_STORE_CTX *store;
+
+	if (!OSSL_PROVIDER_try_load(NULL, "pkcs11", true))
+		ERR(1, "OSSL_PROVIDER_try_load(pkcs11)");
+	if (!OSSL_PROVIDER_try_load(NULL, "default", true))
+		ERR(1, "OSSL_PROVIDER_try_load(default)");
+
+	store = OSSL_STORE_open(cert_src, NULL, NULL, NULL, NULL);
+	ERR(!store, "OSSL_STORE_open");
+
+	while (!OSSL_STORE_eof(store)) {
+		OSSL_STORE_INFO *info = OSSL_STORE_load(store);
+
+		if (!info) {
+			drain_openssl_errors(__LINE__, 0);
+			continue;
+		}
+		if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_CERT) {
+			cert = OSSL_STORE_INFO_get1_CERT(info);
+			ERR(!cert, "OSSL_STORE_INFO_get1_CERT");
+		}
+		OSSL_STORE_INFO_free(info);
+		if (cert)
+			break;
+	}
+	OSSL_STORE_close(store);
+#elif defined(USE_PKCS11_ENGINE)
+		ENGINE *e;
+		struct {
+			const char *cert_id;
+			X509 *cert;
+		} parms;
+
+		parms.cert_id = cert_src;
+		parms.cert = NULL;
+
+		ENGINE_load_builtin_engines();
+		drain_openssl_errors(__LINE__, 1);
+		e = ENGINE_by_id("pkcs11");
+		ERR(!e, "Load PKCS#11 ENGINE");
+		if (ENGINE_init(e))
+			drain_openssl_errors(__LINE__, 1);
+		else
+			ERR(1, "ENGINE_init");
+		if (key_pass)
+			ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
+		ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
+		ERR(!parms.cert, "Get X.509 from PKCS#11");
+		cert = parms.cert;
+#else
+		fprintf(stderr, "no pkcs11 engine/provider available\n");
+		exit(1);
+#endif
+	return cert;
+}
+
+ int main(int argc, char **argv)
+ {
+ 	char *cert_src;
+@@ -89,28 +150,10 @@ int main(int argc, char **argv)
+ 		fclose(f);
+ 		exit(0);
+ 	} else if (!strncmp(cert_src, "pkcs11:", 7)) {
+-		ENGINE *e;
+-		struct {
+-			const char *cert_id;
+-			X509 *cert;
+-		} parms;
+		X509 *cert = load_cert_pkcs11(cert_src);
+ 
+-		parms.cert_id = cert_src;
+-		parms.cert = NULL;
+-
+-		ENGINE_load_builtin_engines();
+-		drain_openssl_errors(__LINE__, 1);
+-		e = ENGINE_by_id("pkcs11");
+-		ERR(!e, "Load PKCS#11 ENGINE");
+-		if (ENGINE_init(e))
+-			drain_openssl_errors(__LINE__, 1);
+-		else
+-			ERR(1, "ENGINE_init");
+-		if (key_pass)
+-			ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
+-		ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
+-		ERR(!parms.cert, "Get X.509 from PKCS#11");
+-		write_cert(parms.cert);
+		ERR(!cert, "load_cert_pkcs11 failed");
+		write_cert(cert);
+ 	} else {
+ 		BIO *b;
+ 		X509 *x509;
+diff --git a/scripts/sign-file.c b/scripts/sign-file.c
+index bb3fdf1a617c..ba413dc69a20 100644
+--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
+@@ -27,17 +27,18 @@
+ #include <openssl/evp.h>
+ #include <openssl/pem.h>
+ #include <openssl/err.h>
+-#include <openssl/engine.h>
+-
+#if OPENSSL_VERSION_MAJOR >= 3
+# define USE_PKCS11_PROVIDER
+# include <openssl/provider.h>
+# include <openssl/store.h>
+#else
+# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+#  define USE_PKCS11_ENGINE
+#  include <openssl/engine.h>
+# endif
+#endif
+ #include "ssl-common.h"
+ 
+-/*
+- * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
+- *
+- * Remove this if/when that API is no longer used
+- */
+-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
+-
+ /*
+  * Use CMS if we have openssl-1.0.0 or newer available - otherwise we have to
+  * assume that it's not available and its header file is missing and that we
+@@ -106,28 +107,66 @@ static int pem_pw_cb(char *buf, int len, int w, void *v)
+ 	return pwlen;
+ }
+ 
+-static EVP_PKEY *read_private_key(const char *private_key_name)
+static EVP_PKEY *read_private_key_pkcs11(const char *private_key_name)
+ {
+-	EVP_PKEY *private_key;
+	EVP_PKEY *private_key = NULL;
+#ifdef USE_PKCS11_PROVIDER
+	OSSL_STORE_CTX *store;
+ 
+-	if (!strncmp(private_key_name, "pkcs11:", 7)) {
+-		ENGINE *e;
+	if (!OSSL_PROVIDER_try_load(NULL, "pkcs11", true))
+		ERR(1, "OSSL_PROVIDER_try_load(pkcs11)");
+	if (!OSSL_PROVIDER_try_load(NULL, "default", true))
+		ERR(1, "OSSL_PROVIDER_try_load(default)");
+
+	store = OSSL_STORE_open(private_key_name, NULL, NULL, NULL, NULL);
+	ERR(!store, "OSSL_STORE_open");
+ 
+-		ENGINE_load_builtin_engines();
+	while (!OSSL_STORE_eof(store)) {
+		OSSL_STORE_INFO *info = OSSL_STORE_load(store);
+
+		if (!info) {
+			drain_openssl_errors(__LINE__, 0);
+			continue;
+		}
+		if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) {
+			private_key = OSSL_STORE_INFO_get1_PKEY(info);
+			ERR(!private_key, "OSSL_STORE_INFO_get1_PKEY");
+		}
+		OSSL_STORE_INFO_free(info);
+		if (private_key)
+			break;
+	}
+	OSSL_STORE_close(store);
+#elif defined(USE_PKCS11_ENGINE)
+	ENGINE *e;
+
+	ENGINE_load_builtin_engines();
+	drain_openssl_errors(__LINE__, 1);
+	e = ENGINE_by_id("pkcs11");
+	ERR(!e, "Load PKCS#11 ENGINE");
+	if (ENGINE_init(e))
+ 		drain_openssl_errors(__LINE__, 1);
+-		e = ENGINE_by_id("pkcs11");
+-		ERR(!e, "Load PKCS#11 ENGINE");
+-		if (ENGINE_init(e))
+-			drain_openssl_errors(__LINE__, 1);
+-		else
+-			ERR(1, "ENGINE_init");
+-		if (key_pass)
+-			ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0),
+-			    "Set PKCS#11 PIN");
+-		private_key = ENGINE_load_private_key(e, private_key_name,
+-						      NULL, NULL);
+-		ERR(!private_key, "%s", private_key_name);
+	else
+		ERR(1, "ENGINE_init");
+	if (key_pass)
+		ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0),
+				"Set PKCS#11 PIN");
+	private_key = ENGINE_load_private_key(e, private_key_name,
+			NULL, NULL);
+	ERR(!private_key, "%s", private_key_name);
+#else
+	fprintf(stderr, "no pkcs11 engine/provider available\n");
+	exit(1);
+#endif
+	return private_key;
+}
+
+static EVP_PKEY *read_private_key(const char *private_key_name)
+{
+	if (!strncmp(private_key_name, "pkcs11:", 7)) {
+		return read_private_key_pkcs11(private_key_name);
+ 	} else {
+		EVP_PKEY *private_key;
+ 		BIO *b;
+ 
+ 		b = BIO_new_file(private_key_name, "rb");
+@@ -136,9 +175,9 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
+ 						      NULL);
+ 		ERR(!private_key, "%s", private_key_name);
+ 		BIO_free(b);
+-	}
+ 
+-	return private_key;
+		return private_key;
+	}
+ }
+ 
+ static X509 *read_x509(const char *x509_name)
+-- 
+2.39.3
--- a/SPECS/rteval-loads.spec
+++ b/SPECS/rteval-loads.spec
@ -0,0 +1,157 @@
+Name:		rteval-loads
+Version:	1.6
+Release:	12%{?dist}
+Summary:	Source files for rteval loads
+Group:		Development/Tools
+License:	GPL-2.0-only
+URL:		https://git.kernel.org/pub/scm/utils/rteval/rteval.git
+Source0:	https://www.kernel.org/pub/linux/kernel/v6.x/linux-6.10.5-rteval.tar.xz
+
+BuildRoot:	%{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
+BuildArch:	noarch
+
+# Patches
+Patch1: 0001_sign_file_extract_cert_move_common_ssl_helper_functions_to_a_header.patch
+Patch2: 0002_sign_file_extract_cert_avoid_using_deprecated_err_get_error_line.patch
+Patch3: 0003_sign_file_extract_cert_use_pkcs11_provider_for_openssl_major_3.patch
+
+%description
+This package provides source code for system loads used by the rteval package
+
+%prep
+
+%build
+
+%install
+mkdir -p %{buildroot}%{_datadir}/rteval/loadsource
+install -m 644 %{SOURCE0} %{buildroot}%{_datadir}/rteval/loadsource
+
+%files
+%defattr(-,root,root,-)
+%dir %{_datadir}/rteval/loadsource
+%{_datadir}/rteval/loadsource/*
+
+%changelog
+* Mon Aug 19 2024 John Kacur <jkacur@redhat.com> - 1.6-12
+- Create a kernel based off of linux-6.10.5 and three upstream patches
+  to remove a dependency on deprecated <openssl/engine.h>
+Resolves: RHEL-47107
+
+* Fri Aug 09 2024 John Kacur <jkacur@redhat.com> - 1.6-11
+- Remove code using deprectated engine.h until a better solution available
+Resolves: RHEL-47107
+
+* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.6-10
+- Bump release for June 2024 mass rebuild
+
+* Mon Jun 17 2024 John Kacur <jkacur@redhat.com> - 1.6-9
+- Change the gating.yaml from rhel-9 to rhel-10
+Resolves: RHEL-42982
+
+* Tue Mar 26 2024 John Kacur <jkacur@redhat.com> - 1.6-8
+- Add gating.yaml
+- Add tests
+Resolves: RHEL-30432
+
+* Fri Jan 26 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.6-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.6-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+
+* Fri Dec 01 2023 John Kacur <jkacur@redhat.com> - 1.6-5
+- Upgrade the kernel to linux-6.6.1
+
+* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.6-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Feb 17 2023 John Kacur <jkacur@redhat.com> - 1.6-3
+- Upgrade the kernel to linux-6.1.8
+
+* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Thu Aug 18 2022 John Kacur <jkacur@redhat.com> - 1.6-1
+-Upgrade the kernel to linux-5.18.1.tar.xz
+- Update the version number to sync more closely with rhel and CENTOS
+
+* Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.4-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.4-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.4-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Thu Jan 28 2021 John Kacur <jkacur@redhat.com> - 1.4-12
+- Since this package only delivers kernel, moving the spec requires
+  for building it to the rteval packages
+
+* Sun Jan 10 2021 John Kacur <jkacur@redhat.com> - 1.4-11
+- Remove stress-ng since it is already packaged with Fedora
+
+* Thu Jul 23 2020 John Kacur <jkacur@redhat.com> - 1.4-10
+- Rebuild bumping up both packages release number to avoid
+- brew clashes
+Resolves: rhbz#1859763
+
+* Thu Jul 23 2020 John Kacur <jkacur@redhat.com> - 1.4-9
+- Rebuild excluding aarch64 since stress-ng already exists there
+Resolves: rhbz#1859763
+
+* Thu Jul 23 2020 John Kacur <jkacur@redhat.com> - 1.4-8
+- Upgrade to kernel linux-5.7
+- Removing old "Obsoletes" from spec file
+Resolves: rhbz#1859763
+
+* Fri May 22 2020 John Kacur <jkacur@redhat.com> - 1.4-7
+- Add stress-ng as a subpackage
+Resolves: rhbz#1816357
+
+* Thu Nov 21 2019 John Kacur <jkacur@redhat.com> - 1.4-6
+- Update the gating test run_tests.sh for the kernel linux-5.1
+Resolves: rhbz#1775202
+
+* Fri Nov 08 2019 John Kacur <jkacur@redhat.com> - 1.4-5
+- Upgrade to using kernel linux-5.1
+Resolves: rhbz#1724827
+
+* Mon Apr 01 2019 Clark Williams <williams@redhat.com> - 1.4-4
+- OSCI gating framework
+Resolves: rhbz#1682425
+
+* Tue Jun 12 2018 John Kacur <jkacur@redhat.com> - 1.4-3
+- Trigger a rebuild for rhel-8.0
+
+* Thu Oct 19 2017 John Kacur <jkacur@redhat.com> - 1.4-2
+- updated the url of the linux kernel in this spec file
+Resolves: rhbz1504141
+
+* Tue Jan 10 2017 Clark Williams <williams@redhat.com> - 1.4-1
+- updated kernel tarball to 4.9 [1432625]
+
+* Fri Jun  5 2015 Clark Williams <williams@redhat.com> - 1.3-3
+- add requires for kernel-header package [1228740]
+
+* Mon Nov 10 2014 Luis Claudio R. Goncalves <lgoncalv@redhat.com> - 1.3-2
+-  rebuild for RHEL-7.1 (1151569)
+
+* Fri May 20 2011 Clark Williams <williams@redhat.com> - 1.3-1
+- updated kernel tarball to 2.6.39
+
+* Mon Feb  7 2011 Clark Williams <williams@redhat.com> - 1.2-3
+- initial build for MRG 2.0 (RHEL6)
+
+* Thu Jul 15 2010 Clark Williams <williams@redhat.com> - 1.2-2
+- removed rteval require from specfile (caused circular dependency)
+
+* Thu Jul  8 2010 Clark Williams <williams@redhat.com> - 1.2-1
+- removed hackbench tarball (now using rt-tests hackbench)
+
+* Fri Feb 19 2010 Clark Williams <williams@redhat.com> - 1.1-1
+- updated hackbench source with fixes from David Sommerseth
+  <davids@redhat.com> to cleanup child processes
+
+* Thu Nov  5 2009 Clark Williams <williams@redhat.com> - 1.0-1
+- initial packaging effort
				`@ -0,0 +1 @@`
				`86869a64075433195608c9836da2f949c67f2a69 SOURCES/linux-6.10.5-rteval.tar.xz`