actions: - add_files: - type: "patch" name: "0001-Enable-all-disabled-pci-devices-by-moving-to-unmaint.patch" number: 2001 - type: "patch" name: "0002-Bring-back-deprecated-pci-ids-to-mptsas-mptspi-drive.patch" number: 2002 - type: "patch" name: "0003-Bring-back-deprecated-pci-ids-to-hpsa-driver.patch" number: 2003 - type: "patch" name: "0004-Bring-back-deprecated-pci-ids-to-qla2xxx-driver.patch" number: 2004 - type: "patch" name: "0005-Bring-back-deprecated-pci-ids-to-lpfc-driver.patch" number: 2005 - type: "patch" name: "0006-Bring-back-deprecated-pci-ids-to-qla4xxx-driver.patch" number: 2006 - type: "patch" name: "0007-Bring-back-deprecated-pci-ids-to-be2iscsi-driver.patch" number: 2007 - type: "source" name: "almalinuxdup1.x509" number: 100 - type: "source" name: "almalinuxkpatch1.x509" number: 101 - type: "source" name: "almalinuximaca1.x509" number: 102 - type: "source" name: "almalinuxima.x509" number: 103 - type: "source" name: "almalinuxnvidia1.x509" number: 106 - type: "patch" name: "ppc64le-kvm-support.patch" number: "Latest" modify_spec: false - replace: - target: "kernel*rhel.config" find: | # CONFIG_BE2NET_BE2 is not set # CONFIG_BE2NET_BE3 is not set replace: | CONFIG_BE2NET_BE2=y CONFIG_BE2NET_BE3=y count: 1 - target: "kernel*rhel.config" find: "# CONFIG_MLX4_CORE_GEN2 is not set" replace: "CONFIG_MLX4_CORE_GEN2=y" count: 1 - target: "x509.genkey.centos" find: | O = The CentOS Project CN = CentOS Stream kernel signing key emailAddress = security@centos.org replace: | O = AlmaLinux CN = AlmaLinux kernel signing key emailAddress = security@almalinux.org count: 1 - target: "x509.genkey.rhel" find: | O = Red Hat CN = Red Hat Enterprise Linux kernel signing key emailAddress = secalert@redhat.com replace: | O = AlmaLinux CN = AlmaLinux kernel signing key emailAddress = security@almalinux.org count: 1 - target: "spec" find: "%ifnarch noarch" replace: "%ifnarch x86_64" count: 2 - target: "spec" find: | %if 0%{?centos} %define pesign_name_0 centossecureboot201 %else %ifarch x86_64 aarch64 %define pesign_name_0 redhatsecureboot501 %endif %ifarch s390x %define pesign_name_0 redhatsecureboot302 %endif %ifarch ppc64le %define pesign_name_0 redhatsecureboot701 %endif %endif replace: "%define pesign_name_0 almalinuxsecurebootca0" count: 1 - target: "spec" find: "Source103: almalinuxima.x509" replace: | Source103: almalinuxima.x509 Source104: almalinuxima.x509 count: 1 - target: "spec" find: | openssl x509 -inform der -in %{SOURCE105} -out nvidiagpuoot001.pem cat rheldup3.pem rhelkpatch1.pem rhelimaca1.pem nvidiagpuoot001.pem > ../certs/rhel.pem replace: | openssl x509 -inform der -in %{SOURCE105} -out nvidiagpuoot001.pem openssl x509 -inform der -in %{SOURCE106} -out almalinuxnvidia.pem cat rheldup3.pem rhelkpatch1.pem rhelimaca1.pem nvidiagpuoot001.pem almalinuxnvidia.pem > ../certs/rhel.pem count: 1 - target: "spec" find: "Summary: Various documentation bits found in the kernel source" replace: | Summary: Various documentation bits found in the kernel source BuildArch: noarch count: 1 - target: "spec" find: "Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists" replace: | Summary: The AlmaLinux kernel ABI symbol stablelists BuildArch: noarch count: 1 - target: "spec" find: | The kABI package contains information pertaining to the Red Hat Enterprise Linux kernel ABI, including lists of kernel symbols that are needed by replace: | The kABI package contains information pertaining to the AlmaLinux kernel ABI, including lists of kernel symbols that are needed by count: 1 - target: "spec" find: | The package contains data describing the current ABI of the Red Hat Enterprise Linux kernel, suitable for the kabi-dw tool. replace: | The package contains data describing the current ABI of the AlmaLinux kernel, suitable for the kabi-dw tool. count: 1 - target: "spec" find: "This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\\" replace: "This package provides kernel modules for the %{?2:%{2} }kernel package for AlmaLinux internal usage.\\" count: 1 - target: "spec" find: "%{expand:%%kernel_reqprovconf %{?1:%{1}} %{-o:%{-o}}}\\" replace: | %if "%{1}" == "rt" || "%{?1}" == ""\ Provides: almalinux(kernel-sig-key) = 202303\ Conflicts: shim-ia32 < 15.8-4.el9_3.alma.2\ Conflicts: shim-x64 < 15.8-4.el9_3.alma.2\ %endif\ %{expand:%%kernel_reqprovconf %{?1:%{1}} %{-o:%{-o}}}\ count: 1 - target: "spec" find: " sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME=\"Red Hat Enterprise Linux %{rhel} - Kernel Cryptographic API\"/' $i" replace: " sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME=\"AlmaLinux %{rhel} - Kernel Cryptographic API\"/' $i" count: 1 - target: "spec" find: "SBATsuffix=\"centos\"" replace: "SBATsuffix=\"rhel\"" count: 1 - target: "spec" find: | linux,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com replace: | linux,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com linux,1,AlmaLinux,linux,$KernelVer,mailto:security@almalinux.org linux.$SBATsuffix,1,Red Hat,linux,$KernelVer,mailto:secalert@redhat.com linux.almalinux,1,AlmaLinux,linux,$KernelVer,mailto:security@almalinux.org kernel-uki-virt.$SBATsuffix,1,Red Hat,kernel-uki-virt,$KernelVer,mailto:secalert@redhat.com kernel-uki-virt.almalinux,1,AlmaLinux,kernel-uki-virt,$KernelVer,mailto:security@almalinux.org count: 1 - target: "spec" find: "UKI_secureboot_name=centossecureboot204" replace: "UKI_secureboot_name=alsecureboot001" count: 1 - target: "spec" find: "UKI_secureboot_name=redhatsecureboot504" replace: "UKI_secureboot_name=alsecureboot001" count: 1 - target: "spec" find: "# Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel" replace: "# AlmaLinux UEFI Secure Boot CA cert, which can be used to authenticate the kernel" count: 1 - target: "spec" find: | # kernel-64k (aarch64 kernel with 64K page_size) %define with_arm64_64k %{?_without_arm64_64k: 0} %{?!_without_arm64_64k: 1} replace: | # kernel-64k (aarch64 kernel with 64K page_size) %define with_arm64_64k %{?_without_arm64_64k: 0} %{?!_without_arm64_64k: 1} # kernel-kvm ppc64le kernel with kvm support) %define with_ppc_kvm %{?_without_ppc_kvm: 0} %{?!_without_ppc_kvm: 1} count: 1 - target: "spec" find: | # 64k variant only for aarch64 %ifnarch aarch64 %define with_arm64_64k 0 %define with_realtime_arm64_64k 0 %endif replace: | # 64k variant only for aarch64 %ifnarch aarch64 %define with_arm64_64k 0 %define with_realtime_arm64_64k 0 %endif # kvm variant only for ppc64le %ifnarch ppc64le %define with_ppc_kvm 0 %endif count: 1 - target: "spec" find: | %ifarch %nobuildarches # disable BuildKernel commands %define with_up 0 %define with_debug 0 %define with_pae 0 %define with_zfcpdump 0 %define with_arm64_64k 0 replace: | %ifarch %nobuildarches # disable BuildKernel commands %define with_up 0 %define with_debug 0 %define with_pae 0 %define with_zfcpdump 0 %define with_arm64_64k 0 %define with_ppc_kvm 0 count: 1 - target: "spec" find: | Source47: kernel-aarch64-rt-debug-rhel.config replace: | Source47: kernel-aarch64-rt-debug-rhel.config # PPC64le KVM support config Source10001: kernel-ppc64le-kvm-rhel.config Source10002: kernel-ppc64le-kvm-debug-rhel.config count: 1 - target: "spec" find: | # END OF PATCH DEFINITIONS replace: | Patch11111: ppc64le-kvm-support.patch # END OF PATCH DEFINITIONS count: 1 - target: "spec" find: | %if %{with_arm64_64k} %define variant_summary The Linux kernel compiled for 64k pagesize usage %kernel_variant_package 64k %description 64k-core The kernel package contains a variant of the ARM64 Linux kernel using a 64K page size. %endif replace: | %if %{with_arm64_64k} %define variant_summary The Linux kernel compiled for 64k pagesize usage %kernel_variant_package 64k %description 64k-core The kernel package contains a variant of the ARM64 Linux kernel using a 64K page size. %endif %if %{with_ppc_kvm} %define variant_summary The Linux kernel compiled for KVM usage on ppc64le %kernel_variant_package kvm %description kvm-core The kernel package contains a variant of the PPC64le Linux kernel with KVM support. %endif %if %{with_ppc_kvm} && %{with_debug} %define variant_summary The Linux kernel compiled with extra debugging enabled %if !%{debugbuildsenabled} %kernel_variant_package -m kvm-debug %else %kernel_variant_package kvm-debug %endif %description kvm-debug-core The debug kernel package contains a variant of the PPC64le Linux kernel with KVM support. This variant of the kernel has numerous debugging options enabled. It should only be installed when trying to gather additional information on kernel bugs, as some of these options impact performance noticably. %endif count: 1 - target: "spec" find: | %if %{with_up} BuildKernel %make_target %kernel_image %{_use_vdso} %endif replace: | %if %{with_up} BuildKernel %make_target %kernel_image %{_use_vdso} %endif %if %{with_ppc_kvm} git apply $RPM_SOURCE_DIR/ppc64le-kvm-support.patch %if %{with_debug} BuildKernel %make_target %kernel_image %{_use_vdso} kvm-debug %endif BuildKernel %make_target %kernel_image %{_use_vdso} kvm %endif count: 1 - target: "spec" find: | %if !%{with_debug} && !%{with_zfcpdump} && !%{with_pae} && !%{with_up} && !%{with_arm64_64k} && !%{with_realtime} replace: | %if !%{with_debug} && !%{with_zfcpdump} && !%{with_pae} && !%{with_up} && !%{with_arm64_64k} && !%{with_realtime} && !%{with_ppc_kvm} count: 1 - target: "spec" find: | if [ "%{with_arm64_64k}" -ne "0" ] && [ "%{with_debug}" -ne "0" ]; then \ %{modsign_cmd} certs/signing_key.pem.sign+64k-debug certs/signing_key.x509.sign+64k-debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+64k-debug/ \ fi \ replace: | if [ "%{with_arm64_64k}" -ne "0" ] && [ "%{with_debug}" -ne "0" ]; then \ %{modsign_cmd} certs/signing_key.pem.sign+64k-debug certs/signing_key.x509.sign+64k-debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+64k-debug/ \ fi \ if [ "%{with_ppc_kvm}" -ne "0" ]; then \ %{modsign_cmd} certs/signing_key.pem.sign+kvm certs/signing_key.x509.sign+kvm $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+kvm/ \ fi \ if [ "%{with_ppc_kvm}" -ne "0" ] && [ "%{with_debug}" -ne "0" ]; then \ %{modsign_cmd} certs/signing_key.pem.sign+kvm-debug certs/signing_key.x509.sign+kvm-debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}+kvm-debug/ \ fi \ count: 1 - target: "spec" find: | %if %{with_arm64_64k} %kernel_variant_preun -v 64k %kernel_variant_post -v 64k %endif replace: | %if %{with_arm64_64k} %kernel_variant_preun -v 64k %kernel_variant_post -v 64k %endif %if %{with_ppc_kvm} %kernel_variant_preun -v kvm %kernel_variant_post -v kvm %endif %if %{with_ppc_kvm} && %{with_debug} %kernel_variant_preun -v kvm-debug %kernel_variant_post -v kvm-debug %endif count: 1 - target: "spec" find: | %if %{with_debug_meta} %files debug %files debug-core %files debug-devel %files debug-devel-matched %files debug-modules %files debug-modules-core %files debug-modules-extra %if %{with_arm64_64k} %files 64k-debug %files 64k-debug-core %files 64k-debug-devel %files 64k-debug-devel-matched %files 64k-debug-modules %files 64k-debug-modules-extra %endif replace: | %if %{with_debug_meta} %files debug %files debug-core %files debug-devel %files debug-devel-matched %files debug-modules %files debug-modules-core %files debug-modules-extra %if %{with_arm64_64k} %files 64k-debug %files 64k-debug-core %files 64k-debug-devel %files 64k-debug-devel-matched %files 64k-debug-modules %files 64k-debug-modules-extra %endif %if %{with_ppc_kvm} %files kvm-debug %files kvm-debug-core %files kvm-debug-devel %files kvm-debug-devel-matched %files kvm-debug-modules %files kvm-debug-modules-extra %endif count: 1 - target: "spec" find: | %kernel_variant_files %{_use_vdso} %{with_arm64_64k} 64k replace: | %kernel_variant_files %{_use_vdso} %{with_arm64_64k} 64k %if %{with_ppc_kvm} %kernel_variant_files %{_use_vdso} %{with_ppc_kvm} kvm %kernel_variant_files %{_use_vdso} %{with_debug} kvm-debug %endif count: 1 - delete_line: - target: "spec" lines: - | Source100: rheldup3.x509 Source101: rhelkpatch1.x509 Source102: rhelimaca1.x509 Source103: rhelima.x509 Source104: rhelima_centos.x509 - | # We may want to override files from the primary target in case of building # against a flavour of it (eg. centos not rhel), thus override it here if # necessary if [ "%{primary_target}" == "rhel" ]; then %if 0%{?centos} echo "Updating scripts/sources to centos version" RPM_SOURCE_DIR=$RPM_SOURCE_DIR ./update_scripts.sh centos %else echo "Not updating scripts/sources to centos version" %endif fi - | if [ "$KernelExtension" == "gz" ]; then gzip -f9 $SignImage fi - run_script: - script: "copy_ppc64le_config.sh" cwd: "rpms" - changelog_entry: - name: "Andrei Lukoshko" email: "alukoshko@almalinux.org" line: - "hpsa: bring back deprecated PCI ids #CFHack #CFHack2024" - "mptsas: bring back deprecated PCI ids #CFHack #CFHack2024" - "megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024" - "qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024" - "qla4xxx: bring back deprecated PCI ids" - "lpfc: bring back deprecated PCI ids" - "be2iscsi: bring back deprecated PCI ids" - "kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained" - name: "Eduard Abdullin" email: "eabdullin@almalinux.org" line: - "Use AlmaLinux OS secure boot cert" - "Debrand for AlmaLinux OS" - "Add KVM support for ppc64le"