From 87a717bc5bcd0a6359888cf9c3aa9f9449947b34 Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Mon, 19 May 2025 22:16:24 +0000 Subject: [PATCH 01/14] Do not enable frame pointers --- config.yaml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/config.yaml b/config.yaml index 3226076..66b25e1 100644 --- a/config.yaml +++ b/config.yaml @@ -89,16 +89,6 @@ actions: CONFIG_MLX4_CORE_GEN2=y CONFIG_MLX4_CORE=m count: 1 - - target: "spec" - find: | - # Disable frame pointers - %undefine _include_frame_pointers - replace: | - # Disable frame pointers - %if 0%{?almalinux} < 10 - %undefine _include_frame_pointers - %endif - count: 1 - target: "spec" find: | %ifnarch noarch From c902be2fd2404962a2c1028302c3a465a47be09e Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Sat, 24 May 2025 17:08:21 +0200 Subject: [PATCH 02/14] Add almalinuxnvidia1.x509 cert --- config.yaml | 12 ++++++++++++ files/almalinuxnvidia1.x509 | Bin 0 -> 992 bytes 2 files changed, 12 insertions(+) create mode 100644 files/almalinuxnvidia1.x509 diff --git a/config.yaml b/config.yaml index 66b25e1..0cf4af7 100644 --- a/config.yaml +++ b/config.yaml @@ -13,6 +13,9 @@ actions: - type: "source" name: "almalinuxima.x509" number: 104 + - type: "source" + name: "almalinuxnvidia1.x509" + number: 107 - type: "patch" name: "0001-Enable-all-disabled-pci-devices-by-moving-to-unmaint.patch" number: 2001 @@ -142,6 +145,15 @@ actions: Source105: almalinuxima.x509 Source106: almalinuxima.x509 count: 1 + - target: "spec" + find: | + openssl x509 -inform der -in %{SOURCE102} -out nvidiagpuoot001.pem + cat rheldup3.pem rhelkpatch1.pem nvidiagpuoot001.pem > ../certs/rhel.pem + replace: | + openssl x509 -inform der -in %{SOURCE102} -out nvidiagpuoot001.pem + openssl x509 -inform der -in %{SOURCE107} -out almalinuxnvidia.pem + cat rheldup3.pem rhelkpatch1.pem nvidiagpuoot001.pem almalinuxnvidia.pem > ../certs/rhel.pem + count: 1 - target: "spec" find: | %package doc diff --git a/files/almalinuxnvidia1.x509 b/files/almalinuxnvidia1.x509 new file mode 100644 index 0000000000000000000000000000000000000000..eb6248fc7b782d7ecae0f5fc46049c0d348874fa GIT binary patch literal 992 zcmXqLV!mV0#B^iS*(+s|eByS>zamyJ`a&724_sPGH(bn$dl@Xb#t%}G^ob~KO^=QT1lFf}qUG%+?X zFpL6n&5*bT#nf|;hJhNyJ@UBR6P%fzmzkGt(8Q>O94?Hk49rc8{0u;GE~X|%Muzzp zUO3JDuH=#1Qzl!+D6%VF<(Pw=T%P%3Nu5~5S%T}Hi?uRq2cGi2DLqlf;B8Bt^j`mG z^(N61Y-fIMU#+x%=0%&G7uHDL@QChxllp9_HZPydww#@No+$*p;o&LnSLzB$p z-7Kw7+;m|=YHZ1oUz|FA#o`5yZ`lJkUhg~Qp73c|lIV-|?Y;+E9~FMISfqEXYE?z% zU%_6Mx?7*+3Og0g|LNv_WB$=&Z5h)Idnd6AzjhV=d3pTdJ=E_;2I_~av+N)o3@ zc;sBoVqVL{%*epFxX>WqKpq&PvdSzH24W2&N7mT8SZy(9nr!DQk2i%io?lwuccw{3MXFm{$TKH~3qkp2J9 zcLIAWc9!=}Ua_)-p^xpui_m@ZPqIfUd^ozOE=KpryWbY;_q}MUp}mHL78uXY~Sz k<(|s@KQTuX9%)T$yRhna+wz3h3{v}K+&R+Hy?7@90G#r4nE(I) literal 0 HcmV?d00001 From e53fa2bba7e1b64ccc813271a8e2b3528b44c7e7 Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Fri, 30 May 2025 21:15:06 +0200 Subject: [PATCH 03/14] Enable Btrfs support for all kernel variants --- config.yaml | 70 +++++++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 65 insertions(+), 5 deletions(-) diff --git a/config.yaml b/config.yaml index 0cf4af7..6fd098c 100644 --- a/config.yaml +++ b/config.yaml @@ -92,6 +92,56 @@ actions: CONFIG_MLX4_CORE_GEN2=y CONFIG_MLX4_CORE=m count: 1 + - target: "kernel*.config" + find: | + # CONFIG_BTRFS_FS is not set + replace: | + # CONFIG_BTRFS_ASSERT is not set + # CONFIG_BTRFS_DEBUG is not set + CONFIG_BTRFS_FS=m + # CONFIG_BTRFS_FS_CHECK_INTEGRITY is not set + CONFIG_BTRFS_FS_POSIX_ACL=y + # CONFIG_BTRFS_FS_REF_VERIFY is not set + # CONFIG_BTRFS_FS_RUN_SANITY_TESTS is not set + count: 1 + - target: "kernel*.config" + find: | + CONFIG_FS_ENCRYPTION=y + replace: | + CONFIG_FS_ENCRYPTION=y + CONFIG_FS_POSIX_ACL=y + count: 1 + - target: "kernel*.config" + find: | + # CONFIG_RAID6_PQ_BENCHMARK is not set + replace: | + CONFIG_RAID6_PQ=m + # CONFIG_RAID6_PQ_BENCHMARK is not set + count: 1 + - target: "kernel*debug*.config" + find: | + # CONFIG_BTRFS_ASSERT is not set + replace: | + CONFIG_BTRFS_ASSERT=y + count: 1 + - target: "kernel*zfcpdump*.config" + find: | + CONFIG_BTRFS_FS=m + replace: | + CONFIG_BTRFS_FS=y + count: 1 + - target: "kernel*zfcpdump*.config" + find: | + CONFIG_RAID6_PQ=m + replace: | + CONFIG_RAID6_PQ=y + count: 1 + - target: "kernel*zfcpdump*.config" + find: | + # CONFIG_LIBCRC32C is not set + replace: | + CONFIG_LIBCRC32C=y + count: 1 - target: "spec" find: | %ifnarch noarch @@ -306,8 +356,23 @@ actions: Source104: rhelima.x509 Source105: rhelima_centos.x509 Source106: fedoraimaca.x509 + - target: "kernel*zfcpdump*.config" + lines: + - "# CONFIG_FS_POSIX_ACL is not set" + - target: "kernel*automotive*.config" + lines: + - "# CONFIG_RAID6_PQ is not set" - changelog_entry: + - name: "Eduard Abdullin" + email: "eabdullin@almalinux.org" + line: + - "Debrand for AlmaLinux OS" + - "Use AlmaLinux OS secure boot cert" + - name: "Neal Gompa" + email: "ngompa@almalinux.org" + line: + - "Enable Btrfs support for all kernel variants" - name: "Andrei Lukoshko" email: "alukoshko@almalinux.org" line: @@ -319,8 +384,3 @@ actions: - "lpfc: bring back deprecated PCI ids" - "be2iscsi: bring back deprecated PCI ids" - "kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained" - - name: "Eduard Abdullin" - email: "eabdullin@almalinux.org" - line: - - "Use AlmaLinux OS secure boot cert" - - "Debrand for AlmaLinux OS" From 2705e57ce700e837f9818f9bc158440bde0bc751 Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Fri, 30 May 2025 21:22:56 +0200 Subject: [PATCH 04/14] Fix applying config changes to kernel-s390x-zfcpdump-rhel.config --- config.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config.yaml b/config.yaml index 6fd098c..57a6208 100644 --- a/config.yaml +++ b/config.yaml @@ -106,10 +106,10 @@ actions: count: 1 - target: "kernel*.config" find: | - CONFIG_FS_ENCRYPTION=y + # CONFIG_FSI is not set replace: | - CONFIG_FS_ENCRYPTION=y CONFIG_FS_POSIX_ACL=y + # CONFIG_FSI is not set count: 1 - target: "kernel*.config" find: | From 62829d6cbce8ee1e32a88e520180d615af24ef62 Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Fri, 30 May 2025 21:44:48 +0200 Subject: [PATCH 05/14] Try again to remove # CONFIG_RAID6_PQ is not set --- config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.yaml b/config.yaml index 57a6208..b03ea37 100644 --- a/config.yaml +++ b/config.yaml @@ -359,7 +359,7 @@ actions: - target: "kernel*zfcpdump*.config" lines: - "# CONFIG_FS_POSIX_ACL is not set" - - target: "kernel*automotive*.config" + - target: "kernel*.config" lines: - "# CONFIG_RAID6_PQ is not set" From 730020c194103894d9ba5478b406287577c3425f Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Fri, 30 May 2025 21:47:39 +0200 Subject: [PATCH 06/14] Andrei -> Andrew --- config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.yaml b/config.yaml index b03ea37..506a957 100644 --- a/config.yaml +++ b/config.yaml @@ -373,7 +373,7 @@ actions: email: "ngompa@almalinux.org" line: - "Enable Btrfs support for all kernel variants" - - name: "Andrei Lukoshko" + - name: "Andrew Lukoshko" email: "alukoshko@almalinux.org" line: - "hpsa: bring back deprecated PCI ids #CFHack #CFHack2024" From 39106df4643cde2f63c762dc564bdfb62806ef0a Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Fri, 30 May 2025 21:55:48 +0200 Subject: [PATCH 07/14] Try again to remove # CONFIG_RAID6_PQ is not set --- config.yaml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/config.yaml b/config.yaml index 506a957..4a415bb 100644 --- a/config.yaml +++ b/config.yaml @@ -359,7 +359,16 @@ actions: - target: "kernel*zfcpdump*.config" lines: - "# CONFIG_FS_POSIX_ACL is not set" - - target: "kernel*.config" + - target: "kernel-aarch64-automotive-debug-rhel.config" + lines: + - "# CONFIG_RAID6_PQ is not set" + - target: "kernel-aarch64-automotive-rhel.config" + lines: + - "# CONFIG_RAID6_PQ is not set" + - target: "kernel-x86_64-automotive-debug-rhel.config" + lines: + - "# CONFIG_RAID6_PQ is not set" + - target: "kernel-x86_64-automotive-rhel.config" lines: - "# CONFIG_RAID6_PQ is not set" From 3d5c3e4f6cb0a4957863f05262dc61afa60fb05c Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Wed, 18 Jun 2025 09:07:40 +0000 Subject: [PATCH 08/14] Fix 0004-Bring-back-deprecated-pci-ids-to-qla2xxx-driver.patch --- .../0004-Bring-back-deprecated-pci-ids-to-qla2xxx-driver.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/0004-Bring-back-deprecated-pci-ids-to-qla2xxx-driver.patch b/files/0004-Bring-back-deprecated-pci-ids-to-qla2xxx-driver.patch index 93c90bf..5c97a98 100644 --- a/files/0004-Bring-back-deprecated-pci-ids-to-qla2xxx-driver.patch +++ b/files/0004-Bring-back-deprecated-pci-ids-to-qla2xxx-driver.patch @@ -14,7 +14,7 @@ index 26089872a..8018c68f2 100644 @@ -8123,7 +8123,7 @@ static const struct pci_error_handlers qla2xxx_err_handler = { }; - static struct pci_device_id qla2xxx_pci_tbl[] = { + static const struct pci_device_id qla2xxx_pci_tbl[] = { -#ifndef CONFIG_RHEL_DIFFERENCES +#ifndef CONFIG_ALMALINUX_DIFFERENCES { PCI_DEVICE(PCI_VENDOR_ID_QLOGIC, PCI_DEVICE_ID_QLOGIC_ISP2100) }, From d730699a10d16704be2120a5b5658f68627a49ea Mon Sep 17 00:00:00 2001 From: Andrew Lukoshko Date: Wed, 18 Jun 2025 09:29:40 +0000 Subject: [PATCH 09/14] Fix 0008-Bring-back-deprecated-pci-ids-to-megaraid_sas-driver.patch --- ...8-Bring-back-deprecated-pci-ids-to-megaraid_sas-driver.patch | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/0008-Bring-back-deprecated-pci-ids-to-megaraid_sas-driver.patch b/files/0008-Bring-back-deprecated-pci-ids-to-megaraid_sas-driver.patch index 3939775..5ca01f9 100644 --- a/files/0008-Bring-back-deprecated-pci-ids-to-megaraid_sas-driver.patch +++ b/files/0008-Bring-back-deprecated-pci-ids-to-megaraid_sas-driver.patch @@ -13,7 +13,7 @@ index bf57fd3b9..0eaed98ac 100644 +++ b/drivers/scsi/megaraid/megaraid_sas_base.c @@ -149,7 +149,7 @@ megasas_set_ld_removed_by_fw(struct megasas_instance *instance); */ - static struct pci_device_id megasas_pci_table[] = { + static const struct pci_device_id megasas_pci_table[] = { -#ifndef CONFIG_RHEL_DIFFERENCES +#ifndef CONFIG_ALMALINUX_DIFFERENCES From 1a11d06cfe18e8e5c4e902efad9c50aaf999342e Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 12 Aug 2025 17:44:35 +0300 Subject: [PATCH 10/14] Add pre clean --- config.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/config.yaml b/config.yaml index 4a415bb..3608580 100644 --- a/config.yaml +++ b/config.yaml @@ -1,3 +1,6 @@ +parameters: + pre_clean: true + actions: - add_files: From 927acdd12ad6f466917a07fb8e4ce44eae54b702 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 12 Aug 2025 18:19:49 +0300 Subject: [PATCH 11/14] Remove automotive config --- config.yaml | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/config.yaml b/config.yaml index 3608580..8c3a819 100644 --- a/config.yaml +++ b/config.yaml @@ -362,18 +362,6 @@ actions: - target: "kernel*zfcpdump*.config" lines: - "# CONFIG_FS_POSIX_ACL is not set" - - target: "kernel-aarch64-automotive-debug-rhel.config" - lines: - - "# CONFIG_RAID6_PQ is not set" - - target: "kernel-aarch64-automotive-rhel.config" - lines: - - "# CONFIG_RAID6_PQ is not set" - - target: "kernel-x86_64-automotive-debug-rhel.config" - lines: - - "# CONFIG_RAID6_PQ is not set" - - target: "kernel-x86_64-automotive-rhel.config" - lines: - - "# CONFIG_RAID6_PQ is not set" - changelog_entry: - name: "Eduard Abdullin" From 2fdce1725bd9d3a7f10eac6bd7c51fa1f49d47f0 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Tue, 12 Aug 2025 18:33:15 +0300 Subject: [PATCH 12/14] Remove automotive from v2 --- scripts/create_symlinks.sh | 3 --- 1 file changed, 3 deletions(-) diff --git a/scripts/create_symlinks.sh b/scripts/create_symlinks.sh index 6b9b614..32f0e51 100644 --- a/scripts/create_symlinks.sh +++ b/scripts/create_symlinks.sh @@ -6,6 +6,3 @@ ln -s kernel-x86_64-debug-rhel.config kernel-x86_64_v2-debug-rhel.config ln -s kernel-x86_64-rt-rhel.config kernel-x86_64_v2-rt-rhel.config ln -s kernel-x86_64-rt-debug-rhel.config kernel-x86_64_v2-rt-debug-rhel.config - -ln -s kernel-x86_64-automotive-rhel.config kernel-x86_64_v2-automotive-rhel.config -ln -s kernel-x86_64-automotive-debug-rhel.config kernel-x86_64_v2-automotive-debug-rhel.config From 1b7fbfb24d1dc47334fda7313d0766b69692ce13 Mon Sep 17 00:00:00 2001 From: eabdullin Date: Fri, 15 Aug 2025 10:52:34 +0300 Subject: [PATCH 13/14] Update config --- config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.yaml b/config.yaml index 8c3a819..713b543 100644 --- a/config.yaml +++ b/config.yaml @@ -201,7 +201,7 @@ actions: - target: "spec" find: | openssl x509 -inform der -in %{SOURCE102} -out nvidiagpuoot001.pem - cat rheldup3.pem rhelkpatch1.pem nvidiagpuoot001.pem > ../certs/rhel.pem + cat rheldup3.pem rhelkpatch1.pem nvidiagpuoot001.pem >> ../certs/rhel.pem replace: | openssl x509 -inform der -in %{SOURCE102} -out nvidiagpuoot001.pem openssl x509 -inform der -in %{SOURCE107} -out almalinuxnvidia.pem From b2609bbb242a4f729f52295fe074a5c8e9bd216e Mon Sep 17 00:00:00 2001 From: eabdullin Date: Wed, 24 Sep 2025 17:46:08 +0300 Subject: [PATCH 14/14] Add uki.sbat.template patching --- config.yaml | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/config.yaml b/config.yaml index 713b543..3672eed 100644 --- a/config.yaml +++ b/config.yaml @@ -273,18 +273,24 @@ actions: SBATsuffix="rhel" %else count: 1 - - target: "spec" + - target: "uki.sbat.template" find: | - linux,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com - linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com - kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com + sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md + kernel-uki-virt.@SBAT_SUFFIX,1,Red Hat,kernel-uki-virt,@KVER,mailto:secalert@redhat.com replace: | - linux,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com - linux,1,AlmaLinux,linux,$KernelVer,mailto:security@almalinux.org - linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com - linux.almalinux,1,AlmaLinux,linux,$KernelVer,mailto:security@almalinux.org - kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com - kernel-uki-virt,almalinux,1,AlmaLinux,kernel-uki-virt,$KernelVer,mailto:security@almalinux.org + sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md + kernel-uki-virt.@SBAT_SUFFIX,1,Red Hat,kernel-uki-virt,@KVER,mailto:secalert@redhat.com + kernel-uki-virt.almalinux,1,AlmaLinux,kernel-uki-virt,@KVER,mailto:security@almalinux.org + count: 1 + - target: "uki-addons.sbat.template" + find: | + sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md + kernel-uki-virt-addons.@SBAT_SUFFIX,1,Red Hat,kernel-uki-virt-addons,@KVER,mailto:secalert@redhat.com + replace: | + sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md + kernel-uki-virt-addons.@SBAT_SUFFIX,1,Red Hat,kernel-uki-virt-addons,@KVER,mailto:secalert@redhat.com + kernel-uki-virt-addons.almalinux,1,AlmaLinux,kernel-uki-virt-addons,@KVER,mailto:security@almalinux.org + count: 1 - target: "x509.genkey.centos" find: |