autopatch/kernel
5
0
Fork 1
Code Issues Pull Requests Releases Activity
b8538eb351
kernel/config.yaml
root b8538eb351 fix(autopatch): auto-fix for kernel on c10s 
Updated ReplaceAction find/replace for nvidia cert block and changed almalinuxnvidia1.x509 source number from 107 to 109 to avoid conflict with new upstream Source107 (nvidiajetsonsoc.x509).
2026-04-01 02:11:48 +00:00

472 lines
17 KiB
YAML
Raw Blame History

parameters:
pre_clean: true
actions:
- add_files:
- type: "source"
name: "almalinuxdup1.x509"
number: 100
- type: "source"
name: "almalinuxkpatch1.x509"
number: 101
- type: "source"
name: "almalinuximaca1.x509"
number: 103
- type: "source"
name: "almalinuxima.x509"
number: 104
- type: "source"
name: "almalinuxnvidia1.x509"
number: 109
- type: "patch"
name: "0001-Enable-all-disabled-pci-devices-by-moving-to-unmaint.patch"
number: 2001
- type: "patch"
name: "0002-Bring-back-deprecated-pci-ids-to-mptsas-mptspi-drive.patch"
number: 2002
- type: "patch"
name: "0003-Bring-back-deprecated-pci-ids-to-hpsa-driver.patch"
number: 2003
- type: "patch"
name: "0004-Bring-back-deprecated-pci-ids-to-qla2xxx-driver.patch"
number: 2004
- type: "patch"
name: "0006-Bring-back-deprecated-pci-ids-to-qla4xxx-driver.patch"
number: 2006
- type: "patch"
name: "0007-Bring-back-deprecated-pci-ids-to-be2iscsi-driver.patch"
number: 2007
- type: "patch"
name: "0008-Bring-back-deprecated-pci-ids-to-megaraid_sas-driver.patch"
number: 2008
- type: "patch"
name: "0009-Bring-back-deprecated-pci-ids-to-mpt3sas-driver.patch"
number: 2009
- type: "patch"
name: "0001-Keep-fs-btrfs-files-in-modules-package.patch"
number: 2010
- replace:
- target: "kernel*.config"
find: |
# CONFIG_BE2NET_BE2 is not set
# CONFIG_BE2NET_BE3 is not set
replace: |
CONFIG_BE2NET_BE2=y
CONFIG_BE2NET_BE3=y
count: 1
- target: "kernel*aarch64*.config"
find: "# CONFIG_MLX4_CORE_GEN2 is not set"
replace: "CONFIG_MLX4_CORE_GEN2=y"
count: 1
- target: "kernel*.config"
find: |
# CONFIG_MLX4_EN is not set
# CONFIG_MLX4_INFINIBAND is not set
replace: |
CONFIG_MLX4_EN=m
CONFIG_MLX4_INFINIBAND=m
count: 1
- target: "kernel*ppc64le*.config"
find: |
# CONFIG_MLX4_CORE_GEN2 is not set
# CONFIG_MLX4_CORE is not set
replace: |
CONFIG_MLX4_CORE_GEN2=y
CONFIG_MLX4_CORE=m
count: 1
- target: "kernel*x86_64*.config"
find: |
# CONFIG_MLX4_CORE_GEN2 is not set
# CONFIG_MLX4_CORE is not set
replace: |
CONFIG_MLX4_CORE_GEN2=y
CONFIG_MLX4_CORE=m
count: 1
- target: "kernel*s390x*.config"
find: |
# CONFIG_MLX4_CORE_GEN2 is not set
# CONFIG_MLX4_CORE is not set
replace: |
CONFIG_MLX4_CORE_GEN2=y
CONFIG_MLX4_CORE=m
count: 1
- target: "kernel*riscv64*.config"
find: |
# CONFIG_MLX4_CORE_GEN2 is not set
# CONFIG_MLX4_CORE is not set
replace: |
CONFIG_MLX4_CORE_GEN2=y
CONFIG_MLX4_CORE=m
count: 1
- target: "kernel*aarch64*.config"
find: "# CONFIG_BTRFS_FS is not set"
replace: "CONFIG_BTRFS_FS=m"
count: 1
- target: "kernel*s390x-zfcpdump-rhel.config"
find: "# CONFIG_BTRFS_FS is not set"
replace: "CONFIG_BTRFS_FS=m"
count: 1
- target: "kernel-s390x-debug-rhel.config"
find: "# CONFIG_BTRFS_FS is not set"
replace: "CONFIG_BTRFS_FS=m"
count: 1
- target: "kernel-ppc64le-debug-rhel.config"
find: "# CONFIG_BTRFS_FS is not set"
replace: "CONFIG_BTRFS_FS=m"
count: 1
- target: "kernel-riscv64-debug-rhel.config"
find: "# CONFIG_BTRFS_FS is not set"
replace: "CONFIG_BTRFS_FS=m"
count: 1
- target: "kernel-x86_64-debug-rhel.config"
find: "# CONFIG_BTRFS_FS is not set"
replace: "CONFIG_BTRFS_FS=m"
count: 1
- target: "kernel-x86_64-rt*"
find: "# CONFIG_BTRFS_FS is not set"
replace: "CONFIG_BTRFS_FS=m"
count: 1
- target: "kernel*.config"
find: |
# CONFIG_FSI is not set
replace: |
CONFIG_FS_POSIX_ACL=y
# CONFIG_FSI is not set
count: 1
- target: "kernel*.config"
find: |
# CONFIG_RAID6_PQ_BENCHMARK is not set
replace: |
CONFIG_RAID6_PQ=m
# CONFIG_RAID6_PQ_BENCHMARK is not set
count: 1
- target: "kernel*debug*.config"
find: |
# CONFIG_BTRFS_ASSERT is not set
replace: |
CONFIG_BTRFS_ASSERT=y
count: 1
- target: "kernel*zfcpdump*.config"
find: |
CONFIG_BTRFS_FS=m
replace: |
CONFIG_BTRFS_FS=y
count: 1
- target: "kernel*zfcpdump*.config"
find: |
CONFIG_RAID6_PQ=m
replace: |
CONFIG_RAID6_PQ=y
count: 1
- target: "kernel*zfcpdump*.config"
find: |
# CONFIG_LIBCRC32C is not set
replace: |
CONFIG_LIBCRC32C=y
count: 1
- target: "spec"
find: |
%ifnarch noarch
%define with_kernel_abi_stablelists 0
%endif
replace: |
%ifnarch aarch64
%define with_kernel_abi_stablelists 0
%endif
count: 1
- target: "spec"
find: |
# only package docs noarch
%ifnarch noarch
%define with_doc 0
%define doc_build_fail true
%endif
replace: |
# only package docs noarch
%ifnarch aarch64
%define with_doc 0
%define doc_build_fail true
%endif
count: 1
- target: "spec"
find: |
%ifarch x86_64
%define asmarch x86
%define kernel_image arch/x86/boot/bzImage
%endif
replace: |
%ifarch x86_64
%define asmarch x86
%define kernel_image arch/x86/boot/bzImage
%endif
%ifarch x86_64_v2
%define hdrarch x86_64
%define asmarch x86
%define kernel_image arch/x86/boot/bzImage
%endif
count: 1
- target: "spec"
find: "ExclusiveArch: noarch i386 i686 x86_64 s390x aarch64 ppc64le riscv64"
replace: "ExclusiveArch: noarch i386 i686 x86_64 s390x aarch64 ppc64le riscv64 x86_64_v2"
count: 1
- target: "spec"
find: "Source104: almalinuxima.x509"
replace: |
Source104: almalinuxima.x509
Source105: almalinuxima.x509
Source106: almalinuxima.x509
count: 1
- target: "spec"
find: |
openssl x509 -inform der -in %{SOURCE102} -out nvidiagpuoot001.pem
openssl x509 -inform der -in %{SOURCE107} -out nvidiajetsonsoc.pem
openssl x509 -inform der -in %{SOURCE108} -out nvidiabfdpu.pem
cat rheldup3.pem rhelkpatch1.pem nvidiagpuoot001.pem nvidiajetsonsoc.pem nvidiabfdpu.pem >> ../certs/rhel.pem
replace: |
openssl x509 -inform der -in %{SOURCE102} -out nvidiagpuoot001.pem
openssl x509 -inform der -in %{SOURCE107} -out nvidiajetsonsoc.pem
openssl x509 -inform der -in %{SOURCE108} -out nvidiabfdpu.pem
openssl x509 -inform der -in %{SOURCE109} -out almalinuxnvidia.pem
cat rheldup3.pem rhelkpatch1.pem nvidiagpuoot001.pem nvidiajetsonsoc.pem nvidiabfdpu.pem almalinuxnvidia.pem > ../certs/rhel.pem
count: 1
- target: "spec"
find: |
%package doc
Summary: Various documentation bits found in the kernel source
Group: Documentation
%description doc
replace: |
%package doc
Summary: Various documentation bits found in the kernel source
BuildArch: noarch
Group: Documentation
%description doc
count: 1
- target: "spec"
find: |
%package -n %{package_name}-abi-stablelists
Summary: The Red Hat Enterprise Linux kernel ABI symbol stablelists
replace: |
%package -n %{package_name}-abi-stablelists
Summary: The AlmaLinux kernel ABI symbol stablelists
BuildArch: noarch
count: 1
- target: "spec"
find: |
The kABI package contains information pertaining to the Red Hat Enterprise
Linux kernel ABI, including lists of kernel symbols that are needed by
replace: |
The kABI package contains information pertaining to the AlmaLinux
kernel ABI, including lists of kernel symbols that are needed by
count: 1
- target: "spec"
find: |
The package contains data describing the current ABI of the Red Hat Enterprise
Linux kernel, suitable for the kabi-dw tool.
replace: |
The package contains data describing the current ABI of the AlmaLinux
kernel, suitable for the kabi-dw tool.
count: 1
- target: "spec"
find: "This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\\"
replace: "This package provides kernel modules for the %{?2:%{2} }kernel package for AlmaLinux internal usage.\\"
count: 1
- target: "spec"
find: "This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat partners usage.\\"
replace: "This package provides kernel modules for the %{?2:%{2} }kernel package for AlmaLinux partners usage.\\"
count: 1
- target: "spec"
find: |
for i in *.config; do
sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="Red Hat Enterprise Linux %{rhel} - Kernel Cryptographic API"/' $i
done
replace: |
for i in *.config; do
sed -i 's/CONFIG_CRYPTO_FIPS_NAME=.*/CONFIG_CRYPTO_FIPS_NAME="AlmaLinux %{rhel} - Kernel Cryptographic API"/' $i
done
count: 1
- target: "spec"
find: |
%if 0%{?centos}
%global sbat_suffix centos
%else
replace: |
%if 0%{?centos}
%global sbat_suffix rhel
%else
count: 1
- target: "uki.sbat.template"
find: |
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
kernel-uki-virt.@SBAT_SUFFIX,1,Red Hat,kernel-uki-virt,@KVER,mailto:secalert@redhat.com
replace: |
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
kernel-uki-virt.@SBAT_SUFFIX,1,Red Hat,kernel-uki-virt,@KVER,mailto:secalert@redhat.com
kernel-uki-virt.almalinux,1,AlmaLinux,kernel-uki-virt,@KVER,mailto:security@almalinux.org
count: 1
- target: "uki-addons.sbat.template"
find: |
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
kernel-uki-virt-addons.@SBAT_SUFFIX,1,Red Hat,kernel-uki-virt-addons,@KVER,mailto:secalert@redhat.com
replace: |
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
kernel-uki-virt-addons.@SBAT_SUFFIX,1,Red Hat,kernel-uki-virt-addons,@KVER,mailto:secalert@redhat.com
kernel-uki-virt-addons.almalinux,1,AlmaLinux,kernel-uki-virt-addons,@KVER,mailto:security@almalinux.org
count: 1
- target: "kernel.sbat.template"
find: |
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
kernel.@SBAT_SUFFIX,1,Red Hat,kernel-core,@KVER,mailto:secalert@redhat.com
replace: |
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
kernel.@SBAT_SUFFIX,1,Red Hat,kernel-core,@KVER,mailto:secalert@redhat.com
kernel.almalinux,1,AlmaLinux,kernel-core,@KVER,mailto:security@almalinux.org
count: 1
- target: "x509.genkey.centos"
find: |
O = The CentOS Project
CN = CentOS Stream kernel signing key
emailAddress = security@centos.org
replace: |
O = AlmaLinux
CN = AlmaLinux kernel signing key
emailAddress = security@almalinux.org
count: 1
- target: "x509.genkey.rhel"
find: |
O = Red Hat
CN = Red Hat Enterprise Linux kernel signing key
emailAddress = secalert@redhat.com
replace: |
O = AlmaLinux
CN = AlmaLinux kernel signing key
emailAddress = security@almalinux.org
count: 1
- target: "spec"
find: |
Source32: %{name}-x86_64-rhel.config
Source33: %{name}-x86_64-debug-rhel.config
replace: |
Source32: %{name}-x86_64-rhel.config
Source33: %{name}-x86_64-debug-rhel.config
Source10001: %{name}-x86_64_v2-rhel.config
Source10002: %{name}-x86_64_v2-debug-rhel.config
count: 1
- target: "spec"
find: |
Source204: Module.kabi_x86_64
Source205: Module.kabi_riscv64
replace: |
Source204: Module.kabi_x86_64
Source205: Module.kabi_riscv64
Source206: Module.kabi_x86_64_v2
count: 1
- target: "spec"
find: |
Source213: Module.kabi_dup_x86_64
Source214: Module.kabi_dup_riscv64
replace: |
Source213: Module.kabi_dup_x86_64
Source214: Module.kabi_dup_riscv64
Source215: Module.kabi_dup_x86_64_v2
count: 1
- target: "spec"
find: |
Source478: %{name}-x86_64-rt-rhel.config
Source479: %{name}-x86_64-rt-debug-rhel.config
replace: |
Source478: %{name}-x86_64-rt-rhel.config
Source479: %{name}-x86_64-rt-debug-rhel.config
Source480: %{name}-x86_64_v2-rt-rhel.config
Source481: %{name}-x86_64_v2-rt-debug-rhel.config
count: 1
- target: "spec"
find: |
%if 0%{?centos}
%define pesign_name_0 centossecureboot201
%else
%ifarch x86_64 aarch64
%define pesign_name_0 redhatsecureboot801
%endif
%ifarch s390x
%define pesign_name_0 redhatsecureboot302
%endif
%ifarch ppc64le
%define pesign_name_0 redhatsecureboot701
%endif
%endif
replace: |
%define pesign_name_0 almalinuxsecureboot0
count: 1
- target: "spec"
find: |
%if 0%{?centos}
UKI_secureboot_name=centossecureboot204
UKI_secureboot_cert=%{_datadir}/pki/sb-certs/secureboot-uki-virt-%{_arch}.cer
%else
# RHEL only builds UKI for x86
UKI_secureboot_name=redhatsecureboot504
UKI_secureboot_cert=%{SOURCE153}
%endif
replace: |
UKI_secureboot_name=%{pesign_name_0}
UKI_secureboot_cert=%{_datadir}/pki/sb-certs/secureboot-uki-virt-%{_arch}.cer
count: 1
- run_script:
- script: "create_symlinks.sh"
- delete_line:
- target: "spec"
lines:
- |
Source100: rheldup3.x509
Source101: rhelkpatch1.x509
- |
Source103: rhelimaca1.x509
Source104: rhelima.x509
Source105: rhelima_centos.x509
Source106: fedoraimaca.x509
- |
# Temporary use redhatsecureboot504 for x86 UKI, see RHEL-122230
Source153: redhatsecureboot504.cer
- target: "kernel*zfcpdump*.config"
lines:
- "# CONFIG_FS_POSIX_ACL is not set"
- target: "def_variants.yaml.rhel"
lines:
- "- fs/btrfs/.*: modules-internal"
- delete_files:
- file_name: "redhatsecureboot504.cer"
- changelog_entry:
- name: "Eduard Abdullin"
email: "eabdullin@almalinux.org"
line:
- "Debrand for AlmaLinux OS"
- "Use AlmaLinux OS secure boot cert"
- name: "Neal Gompa"
email: "ngompa@almalinux.org"
line:
- "Enable Btrfs support for all kernel variants"
- name: "Andrew Lukoshko"
email: "alukoshko@almalinux.org"
line:
- "hpsa: bring back deprecated PCI ids #CFHack #CFHack2024"
- "mptsas: bring back deprecated PCI ids #CFHack #CFHack2024"
- "megaraid_sas: bring back deprecated PCI ids #CFHack #CFHack2024"
- "qla2xxx: bring back deprecated PCI ids #CFHack #CFHack2024"
- "qla4xxx: bring back deprecated PCI ids"
- "be2iscsi: bring back deprecated PCI ids"
- "kernel/rh_messages.h: enable all disabled pci devices by moving to unmaintained"
Reference in New Issue View Git Blame Copy Permalink