Compare commits

..

No commits in common. "a10-6.11.y" and "c9" have entirely different histories.

10 changed files with 262522 additions and 1009 deletions

View File

@ -1,2 +1,3 @@
ac72e2f196857ecf73167250e87d33838a3859f7 SOURCES/1.20241008.tar.gz
7c13fdfb9aeaad427d53500612a49849afb9cc7a SOURCES/efda653d39a46aa5ed2d5f8af420c1e4eddb2dca.tar.gz
62f4117436e8eaa59e4974300a4481174a4ef1af SOURCES/cb9500d6021e083a182ba168fe4424e3db2494cf.tar.gz
30996d7c1c59ddbd495bd9eb37c8dfdb1a67c1c3 SOURCES/linux-6.1.tar.xz
7fb75dae049c3687780b214931dca33820ebddc9 SOURCES/patch-6.1.31.xz

View File

@ -1,34 +1,31 @@
From 8bdc23947dfc60f7c1e277dc4f87a8bc5fc645c6 Mon Sep 17 00:00:00 2001
From: Koichiro Iwao <meta@almalinux.org>
Date: Tue, 28 May 2024 15:11:20 +0900
Subject: [PATCH 1/2] Apply config patch for Raspberry Pi (BCM2711)
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Pablo Greco <pgreco@centosproject.org>
Date: Fri, 7 Aug 2020 02:59:05 +0000
Subject: [PATCH 1/2] configs 2709
The patch is originally provided by Pablo Greco <pgreco@centosproject.org>.
Signed-off-by: Koichiro Iwao <meta@almalinux.org>
---
arch/arm64/configs/bcm2711_defconfig | 38 ++++++++++++++++++++++++++--
1 file changed, 36 insertions(+), 2 deletions(-)
arch/arm/configs/bcm2709_defconfig | 40 ++++++++++++++++++++++++++++--
1 file changed, 38 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/configs/bcm2711_defconfig b/arch/arm64/configs/bcm2711_defconfig
index e87791286ab4..6fda5b261683 100644
--- a/arch/arm64/configs/bcm2711_defconfig
+++ b/arch/arm64/configs/bcm2711_defconfig
@@ -1622,8 +1622,6 @@ CONFIG_NLS_KOI8_U=m
diff --git a/arch/arm/configs/bcm2709_defconfig b/arch/arm/configs/bcm2709_defconfig
index 4b1f46c..537c622 100644
--- a/arch/arm/configs/bcm2709_defconfig
+++ b/arch/arm/configs/bcm2709_defconfig
@@ -1530,8 +1530,6 @@ CONFIG_NLS_KOI8_R=m
CONFIG_NLS_KOI8_U=m
CONFIG_DLM=m
CONFIG_KEY_DH_OPERATIONS=y
CONFIG_SECURITY=y
-CONFIG_SECURITY_APPARMOR=y
-CONFIG_LSM=""
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_AES=m
@@ -1674,3 +1672,39 @@ CONFIG_SCHED_TRACER=y
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_DES=y
@@ -1569,3 +1567,38 @@ CONFIG_IRQSOFF_TRACER=y
CONFIG_SCHED_TRACER=y
CONFIG_BLK_DEV_IO_TRACE=y
# CONFIG_UPROBE_EVENTS is not set
# CONFIG_STRICT_DEVMEM is not set
+
+# CentOS/AlmaLinux added
+# CentOS added
+CONFIG_AUDIT=y
+CONFIG_NETLABEL=y
+CONFIG_NETFILTER_XT_TARGET_AUDIT=m
@ -50,19 +47,18 @@ index e87791286ab4..6fda5b261683 100644
+CONFIG_NET_TEAM_MODE_ROUNDROBIN=m
+CONFIG_CRYPTO_BLAKE2S=m
+CONFIG_CRYPTO_CURVE25519=m
+CONFIG_CRYPTO_CURVE25519_NEON=m
+CONFIG_CRYPTO_LIB_BLAKE2S=m
+CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m
+CONFIG_CRYPTO_LIB_CHACHA=m
+CONFIG_CRYPTO_LIB_CURVE25519=m
+CONFIG_CRYPTO_LIB_POLY1305=m
+CONFIG_CRYPTO_POLY1305_NEON=m
+# CONFIG_EFI_CUSTOM_SSDT_OVERLAYS is not set
+CONFIG_CRYPTO_POLY1305_ARM=m
+# CONFIG_WIREGUARD_DEBUG is not set
+CONFIG_WIREGUARD=m
+CONFIG_BLK_DEV_RBD=m
+CONFIG_FW_LOADER_COMPRESS=y
+CONFIG_FW_LOADER_COMPRESS_XZ=y
+CONFIG_FW_LOADER_COMPRESS_ZSTD=y
--
2.45.1
2.39.0

View File

@ -0,0 +1,118 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Pablo Greco <pgreco@centosproject.org>
Date: Fri, 7 Aug 2020 02:59:05 +0000
Subject: [PATCH 2/2] configs 2711
---
arch/arm/configs/bcm2711_defconfig | 35 +++++++++++++++++++++++++--
arch/arm64/configs/bcm2711_defconfig | 36 ++++++++++++++++++++++++++--
2 files changed, 67 insertions(+), 4 deletions(-)
diff --git a/arch/arm/configs/bcm2711_defconfig b/arch/arm/configs/bcm2711_defconfig
index d31636c..28e0bbd 100644
--- a/arch/arm/configs/bcm2711_defconfig
+++ b/arch/arm/configs/bcm2711_defconfig
@@ -1556,8 +1556,6 @@ CONFIG_NLS_KOI8_R=m
CONFIG_NLS_KOI8_U=m
CONFIG_DLM=m
CONFIG_SECURITY=y
-CONFIG_SECURITY_APPARMOR=y
-CONFIG_LSM=""
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_CAST5=m
CONFIG_CRYPTO_DES=y
@@ -1595,3 +1593,38 @@ CONFIG_IRQSOFF_TRACER=y
CONFIG_SCHED_TRACER=y
CONFIG_BLK_DEV_IO_TRACE=y
# CONFIG_UPROBE_EVENTS is not set
+
+# CentOS added
+CONFIG_AUDIT=y
+CONFIG_NETLABEL=y
+CONFIG_NETFILTER_XT_TARGET_AUDIT=m
+CONFIG_IP_NF_SECURITY=m
+CONFIG_IP6_NF_SECURITY=m
+CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
+CONFIG_NFSD_V4_SECURITY_LABEL=y
+CONFIG_SECURITY_NETWORK=y
+CONFIG_SECURITY_PATH=y
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+CONFIG_NET_TEAM=m
+CONFIG_NET_TEAM_MODE_ACTIVEBACKUP=m
+CONFIG_NET_TEAM_MODE_BROADCAST=m
+CONFIG_NET_TEAM_MODE_LOADBALANCE=m
+CONFIG_NET_TEAM_MODE_RANDOM=m
+CONFIG_NET_TEAM_MODE_ROUNDROBIN=m
+CONFIG_CRYPTO_BLAKE2S=m
+CONFIG_CRYPTO_CURVE25519=m
+CONFIG_CRYPTO_CURVE25519_NEON=m
+CONFIG_CRYPTO_LIB_BLAKE2S=m
+CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m
+CONFIG_CRYPTO_LIB_CHACHA=m
+CONFIG_CRYPTO_LIB_CURVE25519=m
+CONFIG_CRYPTO_LIB_POLY1305=m
+CONFIG_CRYPTO_POLY1305_ARM=m
+# CONFIG_WIREGUARD_DEBUG is not set
+CONFIG_WIREGUARD=m
+CONFIG_FW_LOADER_COMPRESS=y
+CONFIG_FW_LOADER_COMPRESS_XZ=y
+CONFIG_FW_LOADER_COMPRESS_ZSTD=y
diff --git a/arch/arm64/configs/bcm2711_defconfig b/arch/arm64/configs/bcm2711_defconfig
index 55e6082..b9acdbc 100644
--- a/arch/arm64/configs/bcm2711_defconfig
+++ b/arch/arm64/configs/bcm2711_defconfig
@@ -1573,8 +1573,6 @@ CONFIG_NLS_KOI8_R=m
CONFIG_NLS_KOI8_U=m
CONFIG_DLM=m
CONFIG_SECURITY=y
-CONFIG_SECURITY_APPARMOR=y
-CONFIG_LSM=""
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_AES=m
@@ -1614,3 +1612,39 @@ CONFIG_IRQSOFF_TRACER=y
CONFIG_SCHED_TRACER=y
CONFIG_BLK_DEV_IO_TRACE=y
# CONFIG_UPROBE_EVENTS is not set
+
+# CentOS added
+CONFIG_AUDIT=y
+CONFIG_NETLABEL=y
+CONFIG_NETFILTER_XT_TARGET_AUDIT=m
+CONFIG_IP_NF_SECURITY=m
+CONFIG_IP6_NF_SECURITY=m
+CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
+CONFIG_NFSD_V4_SECURITY_LABEL=y
+CONFIG_SECURITY_NETWORK=y
+CONFIG_SECURITY_PATH=y
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+CONFIG_NET_TEAM=m
+CONFIG_NET_TEAM_MODE_ACTIVEBACKUP=m
+CONFIG_NET_TEAM_MODE_BROADCAST=m
+CONFIG_NET_TEAM_MODE_LOADBALANCE=m
+CONFIG_NET_TEAM_MODE_RANDOM=m
+CONFIG_NET_TEAM_MODE_ROUNDROBIN=m
+CONFIG_CRYPTO_BLAKE2S=m
+CONFIG_CRYPTO_CURVE25519=m
+CONFIG_CRYPTO_LIB_BLAKE2S=m
+CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m
+CONFIG_CRYPTO_LIB_CHACHA=m
+CONFIG_CRYPTO_LIB_CURVE25519=m
+CONFIG_CRYPTO_LIB_POLY1305=m
+CONFIG_CRYPTO_POLY1305_NEON=m
+# CONFIG_EFI_CUSTOM_SSDT_OVERLAYS is not set
+# CONFIG_WIREGUARD_DEBUG is not set
+CONFIG_WIREGUARD=m
+CONFIG_BLK_DEV_RBD=m
+CONFIG_FW_LOADER_COMPRESS=y
+CONFIG_FW_LOADER_COMPRESS_XZ=y
+CONFIG_FW_LOADER_COMPRESS_ZSTD=y
--
2.39.0

View File

@ -1,68 +0,0 @@
From 5ae1f73a82e6ba1203d031c5c82943865dce8174 Mon Sep 17 00:00:00 2001
From: Koichiro Iwao <meta@almalinux.org>
Date: Tue, 28 May 2024 15:14:02 +0900
Subject: [PATCH 2/2] Apply config patch for Raspberry Pi (BCM2712)
The patch is originally provided by Pablo Greco <pgreco@centosproject.org>.
Signed-off-by: Koichiro Iwao <meta@almalinux.org>
---
arch/arm64/configs/bcm2712_defconfig | 38 ++++++++++++++++++++++++++--
1 file changed, 36 insertions(+), 2 deletions(-)
diff --git a/arch/arm64/configs/bcm2712_defconfig b/arch/arm64/configs/bcm2712_defconfig
index 79c4332581eb..7b63683ff687 100644
--- a/arch/arm64/configs/bcm2712_defconfig
+++ b/arch/arm64/configs/bcm2712_defconfig
@@ -1625,8 +1625,6 @@ CONFIG_NLS_KOI8_U=m
CONFIG_DLM=m
CONFIG_KEY_DH_OPERATIONS=y
CONFIG_SECURITY=y
-CONFIG_SECURITY_APPARMOR=y
-CONFIG_LSM=""
CONFIG_CRYPTO_USER=m
CONFIG_CRYPTO_CRYPTD=m
CONFIG_CRYPTO_AES=m
@@ -1677,3 +1675,39 @@ CONFIG_SCHED_TRACER=y
CONFIG_BLK_DEV_IO_TRACE=y
# CONFIG_UPROBE_EVENTS is not set
# CONFIG_STRICT_DEVMEM is not set
+
+# CentOS/AlmaLinux added
+CONFIG_AUDIT=y
+CONFIG_NETLABEL=y
+CONFIG_NETFILTER_XT_TARGET_AUDIT=m
+CONFIG_IP_NF_SECURITY=m
+CONFIG_IP6_NF_SECURITY=m
+CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
+CONFIG_NFSD_V4_SECURITY_LABEL=y
+CONFIG_SECURITY_NETWORK=y
+CONFIG_SECURITY_PATH=y
+CONFIG_SECURITY_SELINUX=y
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
+CONFIG_SECURITY_SELINUX_DISABLE=y
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
+CONFIG_NET_TEAM=m
+CONFIG_NET_TEAM_MODE_ACTIVEBACKUP=m
+CONFIG_NET_TEAM_MODE_BROADCAST=m
+CONFIG_NET_TEAM_MODE_LOADBALANCE=m
+CONFIG_NET_TEAM_MODE_RANDOM=m
+CONFIG_NET_TEAM_MODE_ROUNDROBIN=m
+CONFIG_CRYPTO_BLAKE2S=m
+CONFIG_CRYPTO_CURVE25519=m
+CONFIG_CRYPTO_LIB_BLAKE2S=m
+CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m
+CONFIG_CRYPTO_LIB_CHACHA=m
+CONFIG_CRYPTO_LIB_CURVE25519=m
+CONFIG_CRYPTO_LIB_POLY1305=m
+CONFIG_CRYPTO_POLY1305_NEON=m
+# CONFIG_EFI_CUSTOM_SSDT_OVERLAYS is not set
+# CONFIG_WIREGUARD_DEBUG is not set
+CONFIG_WIREGUARD=m
+CONFIG_BLK_DEV_RBD=m
+CONFIG_FW_LOADER_COMPRESS=y
+CONFIG_FW_LOADER_COMPRESS_XZ=y
+CONFIG_FW_LOADER_COMPRESS_ZSTD=y
--
2.45.1

View File

@ -1,3 +0,0 @@
# See 'cpupower help' and cpupower(1) for more info
CPUPOWER_START_OPTS="frequency-set -g ondemand"
CPUPOWER_STOP_OPTS="frequency-set -g powersave"

View File

@ -1,13 +0,0 @@
[Unit]
Description=Configure CPU power related settings
After=syslog.target
[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/sysconfig/cpupower
ExecStart=/usr/bin/cpupower $CPUPOWER_START_OPTS
ExecStop=/usr/bin/cpupower $CPUPOWER_STOP_OPTS
[Install]
WantedBy=multi-user.target

View File

@ -1,11 +0,0 @@
/var/log/kvm_stat.csv {
size 10M
missingok
compress
maxage 30
rotate 5
nodateext
postrotate
/usr/bin/systemctl try-restart kvm_stat.service
endscript
}

View File

@ -1,613 +0,0 @@
From 1fdf61d4739f818edb85e50f7fa4c474196a0b0a Mon Sep 17 00:00:00 2001
From: Jan Stancek <jstancek@redhat.com>
Date: Fri, 12 Jul 2024 09:11:14 +0200
Subject: [PATCH 1/3] sign-file,extract-cert: move common SSL helper functions
to a header
Couple error handling helpers are repeated in both tools, so
move them to a common header.
Signed-off-by: Jan Stancek <jstancek@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: R Nageswara Sastry <rnsastry@linux.ibm.com>
Reviewed-by: Neal Gompa <neal@gompa.dev>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
MAINTAINERS | 1 +
certs/Makefile | 2 +-
certs/extract-cert.c | 37 ++-----------------------------------
scripts/sign-file.c | 37 ++-----------------------------------
scripts/ssl-common.h | 39 +++++++++++++++++++++++++++++++++++++++
5 files changed, 45 insertions(+), 71 deletions(-)
create mode 100644 scripts/ssl-common.h
diff --git a/MAINTAINERS b/MAINTAINERS
index 6a6e2941c497..7aa208b18267 100644
--- a/MAINTAINERS
+++ b/MAINTAINERS
@@ -4823,6 +4823,7 @@ S: Maintained
F: Documentation/admin-guide/module-signing.rst
F: certs/
F: scripts/sign-file.c
+F: scripts/ssl-common.h
F: tools/certs/
CFAG12864B LCD DRIVER
diff --git a/certs/Makefile b/certs/Makefile
index 799ad7b9e68a..67e1f2707c2f 100644
--- a/certs/Makefile
+++ b/certs/Makefile
@@ -84,5 +84,5 @@ targets += x509_revocation_list
hostprogs := extract-cert
-HOSTCFLAGS_extract-cert.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null)
+HOSTCFLAGS_extract-cert.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null) -I$(srctree)/scripts
HOSTLDLIBS_extract-cert = $(shell $(HOSTPKG_CONFIG) --libs libcrypto 2> /dev/null || echo -lcrypto)
diff --git a/certs/extract-cert.c b/certs/extract-cert.c
index 70e9ec89d87d..8e7ba9974a1f 100644
--- a/certs/extract-cert.c
+++ b/certs/extract-cert.c
@@ -23,6 +23,8 @@
#include <openssl/err.h>
#include <openssl/engine.h>
+#include "ssl-common.h"
+
/*
* OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
*
@@ -40,41 +42,6 @@ void format(void)
exit(2);
}
-static void display_openssl_errors(int l)
-{
- const char *file;
- char buf[120];
- int e, line;
-
- if (ERR_peek_error() == 0)
- return;
- fprintf(stderr, "At main.c:%d:\n", l);
-
- while ((e = ERR_get_error_line(&file, &line))) {
- ERR_error_string(e, buf);
- fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
- }
-}
-
-static void drain_openssl_errors(void)
-{
- const char *file;
- int line;
-
- if (ERR_peek_error() == 0)
- return;
- while (ERR_get_error_line(&file, &line)) {}
-}
-
-#define ERR(cond, fmt, ...) \
- do { \
- bool __cond = (cond); \
- display_openssl_errors(__LINE__); \
- if (__cond) { \
- err(1, fmt, ## __VA_ARGS__); \
- } \
- } while(0)
-
static const char *key_pass;
static BIO *wb;
static char *cert_dst;
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 3edb156ae52c..39ba58db5d4e 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -29,6 +29,8 @@
#include <openssl/err.h>
#include <openssl/engine.h>
+#include "ssl-common.h"
+
/*
* OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
*
@@ -83,41 +85,6 @@ void format(void)
exit(2);
}
-static void display_openssl_errors(int l)
-{
- const char *file;
- char buf[120];
- int e, line;
-
- if (ERR_peek_error() == 0)
- return;
- fprintf(stderr, "At main.c:%d:\n", l);
-
- while ((e = ERR_get_error_line(&file, &line))) {
- ERR_error_string(e, buf);
- fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
- }
-}
-
-static void drain_openssl_errors(void)
-{
- const char *file;
- int line;
-
- if (ERR_peek_error() == 0)
- return;
- while (ERR_get_error_line(&file, &line)) {}
-}
-
-#define ERR(cond, fmt, ...) \
- do { \
- bool __cond = (cond); \
- display_openssl_errors(__LINE__); \
- if (__cond) { \
- errx(1, fmt, ## __VA_ARGS__); \
- } \
- } while(0)
-
static const char *key_pass;
static int pem_pw_cb(char *buf, int len, int w, void *v)
diff --git a/scripts/ssl-common.h b/scripts/ssl-common.h
new file mode 100644
index 000000000000..e6711c75ed91
--- /dev/null
+++ b/scripts/ssl-common.h
@@ -0,0 +1,39 @@
+/* SPDX-License-Identifier: LGPL-2.1+ */
+/*
+ * SSL helper functions shared by sign-file and extract-cert.
+ */
+
+static void display_openssl_errors(int l)
+{
+ const char *file;
+ char buf[120];
+ int e, line;
+
+ if (ERR_peek_error() == 0)
+ return;
+ fprintf(stderr, "At main.c:%d:\n", l);
+
+ while ((e = ERR_get_error_line(&file, &line))) {
+ ERR_error_string(e, buf);
+ fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
+ }
+}
+
+static void drain_openssl_errors(void)
+{
+ const char *file;
+ int line;
+
+ if (ERR_peek_error() == 0)
+ return;
+ while (ERR_get_error_line(&file, &line)) {}
+}
+
+#define ERR(cond, fmt, ...) \
+ do { \
+ bool __cond = (cond); \
+ display_openssl_errors(__LINE__); \
+ if (__cond) { \
+ errx(1, fmt, ## __VA_ARGS__); \
+ } \
+ } while (0)
--
2.46.2
From 98dbd2b45aa5185d63b839f482d43c16b71f31a5 Mon Sep 17 00:00:00 2001
From: Jan Stancek <jstancek@redhat.com>
Date: Fri, 12 Jul 2024 09:11:15 +0200
Subject: [PATCH 2/3] sign-file,extract-cert: avoid using deprecated
ERR_get_error_line()
ERR_get_error_line() is deprecated since OpenSSL 3.0.
Use ERR_peek_error_line() instead, and combine display_openssl_errors()
and drain_openssl_errors() to a single function where parameter decides
if it should consume errors silently.
Signed-off-by: Jan Stancek <jstancek@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: R Nageswara Sastry <rnsastry@linux.ibm.com>
Reviewed-by: Neal Gompa <neal@gompa.dev>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
certs/extract-cert.c | 4 ++--
scripts/sign-file.c | 6 +++---
scripts/ssl-common.h | 23 ++++++++---------------
3 files changed, 13 insertions(+), 20 deletions(-)
diff --git a/certs/extract-cert.c b/certs/extract-cert.c
index 8e7ba9974a1f..61bbe0085671 100644
--- a/certs/extract-cert.c
+++ b/certs/extract-cert.c
@@ -99,11 +99,11 @@ int main(int argc, char **argv)
parms.cert = NULL;
ENGINE_load_builtin_engines();
- drain_openssl_errors();
+ drain_openssl_errors(__LINE__, 1);
e = ENGINE_by_id("pkcs11");
ERR(!e, "Load PKCS#11 ENGINE");
if (ENGINE_init(e))
- drain_openssl_errors();
+ drain_openssl_errors(__LINE__, 1);
else
ERR(1, "ENGINE_init");
if (key_pass)
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 39ba58db5d4e..bb3fdf1a617c 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -114,11 +114,11 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
ENGINE *e;
ENGINE_load_builtin_engines();
- drain_openssl_errors();
+ drain_openssl_errors(__LINE__, 1);
e = ENGINE_by_id("pkcs11");
ERR(!e, "Load PKCS#11 ENGINE");
if (ENGINE_init(e))
- drain_openssl_errors();
+ drain_openssl_errors(__LINE__, 1);
else
ERR(1, "ENGINE_init");
if (key_pass)
@@ -273,7 +273,7 @@ int main(int argc, char **argv)
/* Digest the module data. */
OpenSSL_add_all_digests();
- display_openssl_errors(__LINE__);
+ drain_openssl_errors(__LINE__, 0);
digest_algo = EVP_get_digestbyname(hash_algo);
ERR(!digest_algo, "EVP_get_digestbyname");
diff --git a/scripts/ssl-common.h b/scripts/ssl-common.h
index e6711c75ed91..2db0e181143c 100644
--- a/scripts/ssl-common.h
+++ b/scripts/ssl-common.h
@@ -3,7 +3,7 @@
* SSL helper functions shared by sign-file and extract-cert.
*/
-static void display_openssl_errors(int l)
+static void drain_openssl_errors(int l, int silent)
{
const char *file;
char buf[120];
@@ -11,28 +11,21 @@ static void display_openssl_errors(int l)
if (ERR_peek_error() == 0)
return;
- fprintf(stderr, "At main.c:%d:\n", l);
+ if (!silent)
+ fprintf(stderr, "At main.c:%d:\n", l);
- while ((e = ERR_get_error_line(&file, &line))) {
+ while ((e = ERR_peek_error_line(&file, &line))) {
ERR_error_string(e, buf);
- fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
+ if (!silent)
+ fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
+ ERR_get_error();
}
}
-static void drain_openssl_errors(void)
-{
- const char *file;
- int line;
-
- if (ERR_peek_error() == 0)
- return;
- while (ERR_get_error_line(&file, &line)) {}
-}
-
#define ERR(cond, fmt, ...) \
do { \
bool __cond = (cond); \
- display_openssl_errors(__LINE__); \
+ drain_openssl_errors(__LINE__, 0); \
if (__cond) { \
errx(1, fmt, ## __VA_ARGS__); \
} \
--
2.46.2
From eeffebeb081fcb81ae8a85b6a774dc14791dbc56 Mon Sep 17 00:00:00 2001
From: Jan Stancek <jstancek@redhat.com>
Date: Fri, 20 Sep 2024 19:52:48 +0300
Subject: [PATCH 3/3] sign-file,extract-cert: use pkcs11 provider for OPENSSL
MAJOR >= 3
ENGINE API has been deprecated since OpenSSL version 3.0 [1].
Distros have started dropping support from headers and in future
it will likely disappear also from library.
It has been superseded by the PROVIDER API, so use it instead
for OPENSSL MAJOR >= 3.
[1] https://github.com/openssl/openssl/blob/master/README-ENGINES.md
[jarkko: fixed up alignment issues reported by checkpatch.pl --strict]
Signed-off-by: Jan Stancek <jstancek@redhat.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: R Nageswara Sastry <rnsastry@linux.ibm.com>
Reviewed-by: Neal Gompa <neal@gompa.dev>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
certs/extract-cert.c | 103 ++++++++++++++++++++++++++++++-------------
scripts/sign-file.c | 93 ++++++++++++++++++++++++++------------
2 files changed, 138 insertions(+), 58 deletions(-)
diff --git a/certs/extract-cert.c b/certs/extract-cert.c
index 61bbe0085671..7d6d468ed612 100644
--- a/certs/extract-cert.c
+++ b/certs/extract-cert.c
@@ -21,17 +21,18 @@
#include <openssl/bio.h>
#include <openssl/pem.h>
#include <openssl/err.h>
-#include <openssl/engine.h>
-
+#if OPENSSL_VERSION_MAJOR >= 3
+# define USE_PKCS11_PROVIDER
+# include <openssl/provider.h>
+# include <openssl/store.h>
+#else
+# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+# define USE_PKCS11_ENGINE
+# include <openssl/engine.h>
+# endif
+#endif
#include "ssl-common.h"
-/*
- * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
- *
- * Remove this if/when that API is no longer used
- */
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-
#define PKEY_ID_PKCS7 2
static __attribute__((noreturn))
@@ -61,6 +62,66 @@ static void write_cert(X509 *x509)
fprintf(stderr, "Extracted cert: %s\n", buf);
}
+static X509 *load_cert_pkcs11(const char *cert_src)
+{
+ X509 *cert = NULL;
+#ifdef USE_PKCS11_PROVIDER
+ OSSL_STORE_CTX *store;
+
+ if (!OSSL_PROVIDER_try_load(NULL, "pkcs11", true))
+ ERR(1, "OSSL_PROVIDER_try_load(pkcs11)");
+ if (!OSSL_PROVIDER_try_load(NULL, "default", true))
+ ERR(1, "OSSL_PROVIDER_try_load(default)");
+
+ store = OSSL_STORE_open(cert_src, NULL, NULL, NULL, NULL);
+ ERR(!store, "OSSL_STORE_open");
+
+ while (!OSSL_STORE_eof(store)) {
+ OSSL_STORE_INFO *info = OSSL_STORE_load(store);
+
+ if (!info) {
+ drain_openssl_errors(__LINE__, 0);
+ continue;
+ }
+ if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_CERT) {
+ cert = OSSL_STORE_INFO_get1_CERT(info);
+ ERR(!cert, "OSSL_STORE_INFO_get1_CERT");
+ }
+ OSSL_STORE_INFO_free(info);
+ if (cert)
+ break;
+ }
+ OSSL_STORE_close(store);
+#elif defined(USE_PKCS11_ENGINE)
+ ENGINE *e;
+ struct {
+ const char *cert_id;
+ X509 *cert;
+ } parms;
+
+ parms.cert_id = cert_src;
+ parms.cert = NULL;
+
+ ENGINE_load_builtin_engines();
+ drain_openssl_errors(__LINE__, 1);
+ e = ENGINE_by_id("pkcs11");
+ ERR(!e, "Load PKCS#11 ENGINE");
+ if (ENGINE_init(e))
+ drain_openssl_errors(__LINE__, 1);
+ else
+ ERR(1, "ENGINE_init");
+ if (key_pass)
+ ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
+ ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
+ ERR(!parms.cert, "Get X.509 from PKCS#11");
+ cert = parms.cert;
+#else
+ fprintf(stderr, "no pkcs11 engine/provider available\n");
+ exit(1);
+#endif
+ return cert;
+}
+
int main(int argc, char **argv)
{
char *cert_src;
@@ -89,28 +150,10 @@ int main(int argc, char **argv)
fclose(f);
exit(0);
} else if (!strncmp(cert_src, "pkcs11:", 7)) {
- ENGINE *e;
- struct {
- const char *cert_id;
- X509 *cert;
- } parms;
+ X509 *cert = load_cert_pkcs11(cert_src);
- parms.cert_id = cert_src;
- parms.cert = NULL;
-
- ENGINE_load_builtin_engines();
- drain_openssl_errors(__LINE__, 1);
- e = ENGINE_by_id("pkcs11");
- ERR(!e, "Load PKCS#11 ENGINE");
- if (ENGINE_init(e))
- drain_openssl_errors(__LINE__, 1);
- else
- ERR(1, "ENGINE_init");
- if (key_pass)
- ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
- ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
- ERR(!parms.cert, "Get X.509 from PKCS#11");
- write_cert(parms.cert);
+ ERR(!cert, "load_cert_pkcs11 failed");
+ write_cert(cert);
} else {
BIO *b;
X509 *x509;
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index bb3fdf1a617c..7070245edfc1 100644
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -27,17 +27,18 @@
#include <openssl/evp.h>
#include <openssl/pem.h>
#include <openssl/err.h>
-#include <openssl/engine.h>
-
+#if OPENSSL_VERSION_MAJOR >= 3
+# define USE_PKCS11_PROVIDER
+# include <openssl/provider.h>
+# include <openssl/store.h>
+#else
+# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
+# define USE_PKCS11_ENGINE
+# include <openssl/engine.h>
+# endif
+#endif
#include "ssl-common.h"
-/*
- * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
- *
- * Remove this if/when that API is no longer used
- */
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
-
/*
* Use CMS if we have openssl-1.0.0 or newer available - otherwise we have to
* assume that it's not available and its header file is missing and that we
@@ -106,28 +107,64 @@ static int pem_pw_cb(char *buf, int len, int w, void *v)
return pwlen;
}
-static EVP_PKEY *read_private_key(const char *private_key_name)
+static EVP_PKEY *read_private_key_pkcs11(const char *private_key_name)
{
- EVP_PKEY *private_key;
+ EVP_PKEY *private_key = NULL;
+#ifdef USE_PKCS11_PROVIDER
+ OSSL_STORE_CTX *store;
- if (!strncmp(private_key_name, "pkcs11:", 7)) {
- ENGINE *e;
+ if (!OSSL_PROVIDER_try_load(NULL, "pkcs11", true))
+ ERR(1, "OSSL_PROVIDER_try_load(pkcs11)");
+ if (!OSSL_PROVIDER_try_load(NULL, "default", true))
+ ERR(1, "OSSL_PROVIDER_try_load(default)");
+
+ store = OSSL_STORE_open(private_key_name, NULL, NULL, NULL, NULL);
+ ERR(!store, "OSSL_STORE_open");
- ENGINE_load_builtin_engines();
+ while (!OSSL_STORE_eof(store)) {
+ OSSL_STORE_INFO *info = OSSL_STORE_load(store);
+
+ if (!info) {
+ drain_openssl_errors(__LINE__, 0);
+ continue;
+ }
+ if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) {
+ private_key = OSSL_STORE_INFO_get1_PKEY(info);
+ ERR(!private_key, "OSSL_STORE_INFO_get1_PKEY");
+ }
+ OSSL_STORE_INFO_free(info);
+ if (private_key)
+ break;
+ }
+ OSSL_STORE_close(store);
+#elif defined(USE_PKCS11_ENGINE)
+ ENGINE *e;
+
+ ENGINE_load_builtin_engines();
+ drain_openssl_errors(__LINE__, 1);
+ e = ENGINE_by_id("pkcs11");
+ ERR(!e, "Load PKCS#11 ENGINE");
+ if (ENGINE_init(e))
drain_openssl_errors(__LINE__, 1);
- e = ENGINE_by_id("pkcs11");
- ERR(!e, "Load PKCS#11 ENGINE");
- if (ENGINE_init(e))
- drain_openssl_errors(__LINE__, 1);
- else
- ERR(1, "ENGINE_init");
- if (key_pass)
- ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0),
- "Set PKCS#11 PIN");
- private_key = ENGINE_load_private_key(e, private_key_name,
- NULL, NULL);
- ERR(!private_key, "%s", private_key_name);
+ else
+ ERR(1, "ENGINE_init");
+ if (key_pass)
+ ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
+ private_key = ENGINE_load_private_key(e, private_key_name, NULL, NULL);
+ ERR(!private_key, "%s", private_key_name);
+#else
+ fprintf(stderr, "no pkcs11 engine/provider available\n");
+ exit(1);
+#endif
+ return private_key;
+}
+
+static EVP_PKEY *read_private_key(const char *private_key_name)
+{
+ if (!strncmp(private_key_name, "pkcs11:", 7)) {
+ return read_private_key_pkcs11(private_key_name);
} else {
+ EVP_PKEY *private_key;
BIO *b;
b = BIO_new_file(private_key_name, "rb");
@@ -136,9 +173,9 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
NULL);
ERR(!private_key, "%s", private_key_name);
BIO_free(b);
- }
- return private_key;
+ return private_key;
+ }
}
static X509 *read_x509(const char *x509_name)
--
2.46.2

262290
SOURCES/rpi-6.1.x.patch Normal file

File diff suppressed because it is too large Load Diff

View File

@ -1,74 +1,72 @@
%global firmware_tag 1.20241008
%global version_tag efda653d39a46aa5ed2d5f8af420c1e4eddb2dca
%global commit_firmware_long cb9500d6021e083a182ba168fe4424e3db2494cf
%global commit_linux_long 4fc5a03ad1d2fb811d8652be67260312fa3125fc
ExclusiveArch: aarch64
ExclusiveArch: aarch64 armv7hl
%undefine _debugsource_packages
%ifarch aarch64
%define Arch arm64
%define build_image Image.gz
%define build_image Image
%define armtarget 8
%define local_version v8
%define bcmmodel 2711
%define extra_version 1
# This originally implies Kernel 4.x for RPi 2 and is not appropriate now.
# Be careful to change this not to disturb the seamless package update.
%define rpisuffix 2
%define ksuffix 4
%define kversion 6.11
%define patchlevel 7
%if 0%{?rhel} >= 10
%define pathfix %{__python3} %{_rpmconfigdir}/redhat/pathfix.py
%define with_rpi4 1
%else
%define pathfix pathfix.py
%define Arch arm
%define build_image zImage
%define armtarget 7
%bcond_with rpi4
%endif
# standard kernel
%define with_up %{?_without_up: 0} %{?!_without_up: 1}
# tools
%define with_tools %{?_without_tools: 0} %{?!_without_tools: 1}
# firmware
%define with_firmware %{?_without_firmware: 0} %{?!_without_firmware: 1}
# kernel-headers
%define with_headers %{?_without_headers: 0} %{?!_without_headers: 1}
%if %{with rpi4}
%ifarch aarch64
%define local_version v8
%else
%define local_version v7l
%endif
%define bcmmodel 2711
%define ksuffix 4
%else
%define local_version v7
%define bcmmodel 2709
%endif
%define extra_version 1
Name: raspberrypi%{rpisuffix}
%define kversion 6.1
%define patchlevel 31
Name: raspberrypi2
Version: %{kversion}.%{patchlevel}
Release: 20241110.%{local_version}.%{extra_version}%{?dist}
Release: %{local_version}.%{extra_version}%{?dist}
Summary: Specific kernel and bootcode for Raspberry Pi
License: GPLv2
URL: https://github.com/raspberrypi/linux
Source0: https://github.com/raspberrypi/linux/archive/%{version_tag}.tar.gz
Source1: https://github.com/raspberrypi/firmware/archive/refs/tags/%{firmware_tag}.tar.gz
Patch1: openssl-3.0.patch
Patch100: config_2711.patch
Patch101: config_2712.patch
# Sources for kernel-tools
Source2000: cpupower.service
Source2001: cpupower.config
Source2002: kvm_stat.logrotate
Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%{kversion}.tar.xz
Source1: https://github.com/raspberrypi/firmware/archive/%{commit_firmware_long}.tar.gz
%if %{patchlevel} > 0
Source2: https://cdn.kernel.org/pub/linux/kernel/v6.x/patch-%{version}.xz
%endif
Source3: rpi-6.1.x.patch
BuildRequires: kmod, patch, bash, coreutils, tar
BuildRequires: bzip2, xz, findutils, gzip, m4, perl, perl-Carp, make, diffutils, gawk
BuildRequires: gcc, binutils, redhat-rpm-config, hmaccalc
BuildRequires: gcc, binutils, redhat-rpm-config, hmaccalc, git
BuildRequires: net-tools, hostname, bc
BuildRequires: elfutils-devel zlib-devel binutils-devel newt-devel python3-devel perl(ExtUtils::Embed) bison flex xz-devel
BuildRequires: audit-libs-devel
BuildRequires: pciutils-devel gettext ncurses-devel
BuildRequires: openssl-devel
%if %{with_tools}
# kernel-tools
BuildRequires: asciidoc
%endif
%if %{with_headers}
BuildRequires: rsync
%if 0%{?rhel} == 7
BuildRequires: devtoolset-8-build
BuildRequires: devtoolset-8-binutils
BuildRequires: devtoolset-8-gcc
BuildRequires: devtoolset-8-make
%endif
# Compile with SELinux but disable per default
Patch100: bcm2709_selinux_config.patch
Patch101: bcm2711_selinux_config.patch
%description
Specific kernel and bootcode for Raspberry Pi
@ -76,7 +74,6 @@ Specific kernel and bootcode for Raspberry Pi
Group: System Environment/Kernel
Summary: The Linux kernel
Provides: kernel = %{version}-%{release}
Provides: installonlypkg(kernel)
Requires: coreutils
#Requires: dracut
@ -86,12 +83,12 @@ Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
%package kernel%{?ksuffix}-devel
Group: System Environment/Kernel
Summary: Development package for building kernel modules to match the kernel
Provides: kernel-devel = %{version}-%{release}
Provides: kernel-devel-uname-r = %{version}-%{release}
Provides: installonlypkg(kernel)
Autoreq: no
Requires(pre): findutils
Requires: findutils
@ -101,46 +98,7 @@ Requires: perl-interpreter
This package provides kernel headers and makefiles sufficient to build modules
against the kernel package.
%if %{with_tools}
%package kernel%{?ksuffix}-tools
Summary: Assortment of tools for the Linux kernel
Provides: cpupowerutils = 1:009-0.6.p1
Obsoletes: cpupowerutils < 1:009-0.6.p1
Provides: cpufreq-utils = 1:009-0.6.p1
Provides: cpufrequtils = 1:009-0.6.p1
Obsoletes: cpufreq-utils < 1:009-0.6.p1
Obsoletes: cpufrequtils < 1:009-0.6.p1
Obsoletes: cpuspeed < 1:1.5-16
Requires: %{name}-kernel%{?ksuffix}-tools-libs = %{version}-%{release}
Obsoletes: kernel-tools < %{version}
Provides: kernel-tools = %{version}-%{release}
%define __requires_exclude ^%{_bindir}/python
%description kernel%{?ksuffix}-tools
This package contains the tools/ directory from the kernel source
and the supporting documentation.
%package kernel%{?ksuffix}-tools-libs
Summary: Libraries for the kernels-tools
Obsoletes: kernel-tools-libs < %{version}
Provides: kernel-tools-libs = %{version}-%{release}
%description kernel%{?ksuffix}-tools-libs
This package contains the libraries built from the tools/ directory
from the kernel source.
%package kernel%{?ksuffix}-tools-libs-devel
Summary: Assortment of tools for the Linux kernel
Requires: %{name}-kernel%{?ksuffix}-tools = %{version}-%{release}
Provides: cpupowerutils-devel = 1:009-0.6.p1
Obsoletes: cpupowerutils-devel < 1:009-0.6.p1
Requires: %{name}-kernel%{?ksuffix}-tools-libs = %{version}-%{release}
Obsoletes: kernel-tools-libs-devel < %{version}
Provides: kernel-tools-libs-devel = %{version}-%{release}
%description kernel%{?ksuffix}-tools-libs-devel
This package contains the development files for the tools/ directory from
the kernel source.
%endif
%if %{with_firmware}
%package firmware
Summary: GPU firmware for the Raspberry Pi computer
License: Redistributable, with restrictions; see LICENSE.broadcom
@ -152,32 +110,30 @@ Provides: grubby=8.40-10
%description firmware
This package contains the GPU firmware for the Raspberry Pi BCM2835 SOC
including the kernel bootloader.
%endif
%if %{with_headers}
%package kernel%{?ksuffix}-headers
Obsoletes: kernel-headers < %{version}
Provides: kernel-headers = %{version}-%{release}
Obsoletes: glibc-kernheaders < 3.0-46
Provides: glibc-kernheaders = 3.0-46
Summary: Header files for the Linux kernel for use by glibc
%description kernel%{?ksuffix}-headers
Kernel-headers includes the C header files that specify the interface
between the Linux kernel and userspace libraries and programs. The
header files define structures and constants that are needed for
building most standard programs and are also needed for rebuilding the
glibc package.
%endif
%prep
%setup -q -n linux-%{version_tag}
%patch -P 1 -p1
%patch -P 100 -p1
%patch -P 101 -p1
%if 0%{?rhel} == 7
source scl_source enable devtoolset-8 || :
%endif
%setup -q -n linux-%{kversion}
git init
git config user.email "kernel-team@fedoraproject.org"
git config user.name "Fedora Kernel Team"
git config gc.auto 0
git add .
git commit -a -q -m "baseline"
%if %{patchlevel} > 0
xzcat %{SOURCE2} | patch -p1 -F1 -s
git commit -a -q -m "%{version}"
%endif
git am %{SOURCE3}
git am %{PATCH100}
git am %{PATCH101}
perl -p -i -e "s/^EXTRAVERSION.*/EXTRAVERSION = -%{release}/" Makefile
perl -p -i -e "s/^CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION=/" arch/%{Arch}/configs/bcm2711_defconfig
perl -p -i -e "s/^CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION=/" arch/%{Arch}/configs/bcm2712_defconfig
perl -p -i -e "s/^CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION=/" arch/%{Arch}/configs/bcm%{bcmmodel}_defconfig
%if 0%{?rhel} >= 8
# Mangle /usr/bin/python shebangs to /usr/bin/python3
@ -185,50 +141,39 @@ perl -p -i -e "s/^CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION=/" arch/%{Arch}/con
# -p preserves timestamps
# -n prevents creating ~backup files
# -i specifies the interpreter for the shebang
%{pathfix} -pni "%{__python3} %{py3_shbang_opts}" scripts/
%{pathfix} -pni "%{__python3} %{py3_shbang_opts}" scripts/diffconfig scripts/bloat-o-meter scripts/show_delta scripts/jobserver-exec
%{pathfix} -pni "%{__python3} %{py3_shbang_opts}" tools/ tools/perf/scripts/python/*.py tools/kvm/kvm_stat/kvm_stat scripts/clang-tools/*.py
pathfix.py -pni "%{__python3} %{py3_shbang_opts}" scripts/
pathfix.py -pni "%{__python3} %{py3_shbang_opts}" scripts/diffconfig scripts/bloat-o-meter scripts/show_delta scripts/jobserver-exec
pathfix.py -pni "%{__python3} %{py3_shbang_opts}" tools/ tools/perf/scripts/python/*.py tools/kvm/kvm_stat/kvm_stat scripts/clang-tools/*.py
%endif
# This Prevents scripts/setlocalversion from mucking with our version numbers.
touch .scmversion
git commit -a -q -m "modifs"
%build
# 16K page-size kernel optimized (bcmmodel=2712) for RPi 5 is not built at the moment
# to support both RPi 4 and 5.
%if 0%{?rhel} == 7
source scl_source enable devtoolset-8 || :
%endif
export KERNEL=kernel%{armtarget}
make bcm%{bcmmodel}_defconfig
%if %{with_up}
make %{?_smp_mflags} HOSTCFLAGS="%{?build_cflags}" HOSTLDFLAGS="%{?build_ldflags}" %{build_image} modules dtbs
%endif
# kernel-tools
%if %{with_tools}
make %{?_smp_mflags} -C tools/power/cpupower CPUFREQ_BENCH=false DEBUG=false
pushd tools/thermal/tmon/
make %{?_smp_mflags} HOSTCFLAGS="%{?build_cflags}" HOSTLDFLAGS="%{?build_ldflags}"
popd
pushd tools/iio/
make %{?_smp_mflags} HOSTCFLAGS="%{?build_cflags}" HOSTLDFLAGS="%{?build_ldflags}"
popd
pushd tools/gpio/
make %{?_smp_mflags} HOSTCFLAGS="%{?build_cflags}" HOSTLDFLAGS="%{?build_ldflags}"
popd
pushd tools/mm/
make %{?_smp_mflags} HOSTCFLAGS="%{?build_cflags}" HOSTLDFLAGS="%{?build_ldflags}" slabinfo page_owner_sort
popd
%endif
%install
%if %{with_up}
%if 0%{?rhel} == 7
source scl_source enable devtoolset-8 || :
%endif
# kernel
mkdir -p %{buildroot}/boot/overlays/
mkdir -p %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot/overlays
cp -p -v COPYING %{buildroot}/boot/COPYING.linux-%{kversion}
cp -p -v arch/%{Arch}/boot/dts/overlays/README %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot/overlays
%ifarch aarch64
cp -p -v arch/%{Arch}/boot/dts/broadcom/*.dtb %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot
%else
cp -p -v arch/%{Arch}/boot/dts/*.dtb %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot
%endif
cp -p -v arch/%{Arch}/boot/dts/overlays/*.dtb* %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot/overlays
cp -p -v arch/%{Arch}/boot/dts/overlays/README %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot/overlays
#scripts/mkknlimg arch/%{Arch}/boot/zImage %{buildroot}/boot/kernel-%{version}-%{release}.img
cp -p -v arch/%{Arch}/boot/%{build_image} %{buildroot}/boot/kernel-%{version}-%{release}.img
make INSTALL_MOD_PATH=%{buildroot} modules_install
cat > %{buildroot}/boot/config-kernel-%{version}-%{release}.inc <<__EOF__
@ -275,77 +220,21 @@ touch -r %{buildroot}$DevelDir/Makefile %{buildroot}$DevelDir/include/linux/vers
ln -T -s $DevelDir %{buildroot}/lib/modules/%{version}-%{release}/build --force
ln -T -s build %{buildroot}/lib/modules/%{version}-%{release}/source --force
%endif
# kernel-firmware
#rm .config
#make INSTALL_FW_PATH=%{buildroot}/lib/firmware firmware_install
%if %{with_firmware}
# firmware
# precompiled GPU firmware and bootloader
pushd %{buildroot}
tar -xf %{_sourcedir}/%{firmware_tag}.tar.gz \
firmware-%{firmware_tag}/boot/start* \
firmware-%{firmware_tag}/boot/fixup* \
firmware-%{firmware_tag}/boot/LICENCE.broadcom \
firmware-%{firmware_tag}/boot/bootcode.bin \
tar -xf %{_sourcedir}/%{commit_firmware_long}.tar.gz \
firmware-%{commit_firmware_long}/boot/start* \
firmware-%{commit_firmware_long}/boot/fixup* \
firmware-%{commit_firmware_long}/boot/LICENCE.broadcom \
firmware-%{commit_firmware_long}/boot/bootcode.bin \
--strip-components=1
%{__chmod} -x %{buildroot}/boot/start*.elf
popd
%endif
%if %{with_tools}
# kernel-tools
make -C tools/power/cpupower DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} mandir=%{_mandir} CPUFREQ_BENCH=false install
rm -f %{buildroot}%{_libdir}/*.{a,la}
%find_lang cpupower
install -D -m644 %{SOURCE2000} %{buildroot}%{_unitdir}/cpupower.service
install -D -m644 %{SOURCE2001} %{buildroot}%{_sysconfdir}/sysconfig/cpupower
pushd tools/thermal/tmon
make INSTALL_ROOT=%{buildroot} install
popd
pushd tools/iio
make DESTDIR=%{buildroot} install
popd
pushd tools/gpio
make DESTDIR=%{buildroot} install
popd
install -m644 -D %{SOURCE2002} %{buildroot}%{_sysconfdir}/logrotate.d/kvm_stat
pushd tools/kvm/kvm_stat
%{__make} INSTALL_ROOT=%{buildroot} install-tools
%{__make} INSTALL_ROOT=%{buildroot} install-man
install -m644 -D kvm_stat.service %{buildroot}%{_unitdir}/kvm_stat.service
popd
pushd tools/mm/
install -m755 slabinfo %{buildroot}%{_bindir}/slabinfo
install -m755 page_owner_sort %{buildroot}%{_bindir}/page_owner_sort
popd
%endif
%if %{with_headers}
%{__make} ARCH=%{Arch} INSTALL_HDR_PATH=%{buildroot}/usr headers_install
find %{buildroot}/usr/include \
\( -name .install -o -name .check -o \
-name ..install.cmd -o -name ..check.cmd \) -delete
%endif
%if %{with_tools}
%post kernel%{?ksuffix}-tools
%systemd_post cpupower.service
%preun kernel%{?ksuffix}-tools
%systemd_preun cpupower.service
%postun kernel%{?ksuffix}-tools
%systemd_postun cpupower.service
%post kernel%{?ksuffix}-tools-libs
/sbin/ldconfig
%postun kernel%{?ksuffix}-tools-libs
/sbin/ldconfig
%endif
%if %{with_up}
%files kernel%{?ksuffix}
%defattr(-,root,root,-)
/lib/modules/%{version}-%{release}
@ -387,94 +276,21 @@ cp $(ls -1 /boot/config-kernel-*-*|sort -V|tail -1) /boot/config-kernel.inc
%files kernel%{?ksuffix}-devel
%defattr(-,root,root)
/usr/src/kernels/%{version}-%{release}
%endif
%if %{with_tools}
%files kernel%{?ksuffix}-tools -f cpupower.lang
%{_bindir}/cpupower
%{_datadir}/bash-completion/completions/cpupower
%{_unitdir}/cpupower.service
%{_mandir}/man[1-8]/cpupower*
%config(noreplace) %{_sysconfdir}/sysconfig/cpupower
%{_bindir}/tmon
%{_bindir}/iio_event_monitor
%{_bindir}/iio_generic_buffer
%{_bindir}/lsiio
%{_bindir}/lsgpio
%{_bindir}/gpio-hammer
%{_bindir}/gpio-event-mon
%{_bindir}/gpio-watch
%{_mandir}/man1/kvm_stat*
%{_bindir}/kvm_stat
%{_unitdir}/kvm_stat.service
%config(noreplace) %{_sysconfdir}/logrotate.d/kvm_stat
%{_bindir}/page_owner_sort
%{_bindir}/slabinfo
%files kernel%{?ksuffix}-tools-libs
%{_libdir}/libcpupower.so.1
%{_libdir}/libcpupower.so.0.0.1
#%files kernel-firmware
#%defattr(-,root,root)
#/lib/firmware/*
%files kernel%{?ksuffix}-tools-libs-devel
%{_libdir}/libcpupower.so
%{_includedir}/cpufreq.h
%{_includedir}/cpuidle.h
%{_includedir}/powercap.h
%endif
%if %{with_firmware}
%files firmware
%defattr(-,root,root,-)
/boot/bootcode.bin
/boot/fixup*
/boot/start*
%doc /boot/LICENCE.broadcom
%endif
%if %{with_headers}
%files kernel%{?ksuffix}-headers
/usr/include/*
%exclude %{_includedir}/cpufreq.h
%exclude %{_includedir}/internal/
%exclude %{_includedir}/perf/
%endif
%changelog
* Tue Nov 12 2024 Koichiro Iwao <meta@almalinux.org> - 6.11.7-20241110.v8.1
- Update kernel to v6.11.7 20241110 efda653d
* Fri Nov 08 2024 Koichiro Iwao <meta@almalinux.org> - 6.6.51-20241008.v8.2
- Fix build for AL10 Kitten
* Mon Oct 21 2024 Koichiro Iwao <meta@almalinux.org> - 6.6.51-20241008.v8.1
- Update kernel to version v6.6.51 stable_20241008
- Update firmware to 1.20241008
* Thu Sep 05 2024 Koichiro Iwao <meta@almalinux.org> - 6.6.31-20240529.v8.4
- Add kernel-headers subpackage
* Fri Aug 30 2024 Andrew Lukoshko <alukoshko@almalinux.org> - 6.6.31-20240529.v8.3
- Fix kernel-tools dependencies
* Thu Jun 20 2024 Koichiro Iwao <meta@almalinux.org> - 6.6.31-20240529.v8.2
- Add kernel-tools to optimize CPU clock (cpupower.service)
* Mon Jun 10 2024 Koichiro Iwao <meta@almalinux.org> - 6.6.31-20240529.v8.1
- Update to v6.6.31 stable_20240529
* Tue Jun 04 2024 Koichiro Iwao <meta@almalinux.org> - 6.6.28-20240423.v8.2
- Add installonlypkg(kernel) to kernel and -devel subpackages
Resolves: https://github.com/AlmaLinux/raspberry-pi/issues/39
See also: https://src.fedoraproject.org/rpms/kernel/c/aba3940
* Thu May 30 2024 Koichiro Iwao <meta@almalinux.org> - 6.6.28-20240423.v8.1
- Update to version v6.6.28
- Support both Raspberry Pi 4 and 5
- Refine package based on Linux for Raspberry Pi (raspberrypi/linux)
- Generate gzip compressed kernel image
- Drop armv7hl support
- Drop EL7 support
* Sun Jun 04 2023 Pablo Greco <pgreco@centosproject.org> - 6.1.31
- Update to version v6.1.31