forked from rpms/raspberrypi2
Compare commits
No commits in common. "a10-6.11.y" and "c9" have entirely different histories.
a10-6.11.y
...
c9
@ -1,2 +1,3 @@
|
||||
ac72e2f196857ecf73167250e87d33838a3859f7 SOURCES/1.20241008.tar.gz
|
||||
7c13fdfb9aeaad427d53500612a49849afb9cc7a SOURCES/efda653d39a46aa5ed2d5f8af420c1e4eddb2dca.tar.gz
|
||||
62f4117436e8eaa59e4974300a4481174a4ef1af SOURCES/cb9500d6021e083a182ba168fe4424e3db2494cf.tar.gz
|
||||
30996d7c1c59ddbd495bd9eb37c8dfdb1a67c1c3 SOURCES/linux-6.1.tar.xz
|
||||
7fb75dae049c3687780b214931dca33820ebddc9 SOURCES/patch-6.1.31.xz
|
||||
|
@ -1,34 +1,31 @@
|
||||
From 8bdc23947dfc60f7c1e277dc4f87a8bc5fc645c6 Mon Sep 17 00:00:00 2001
|
||||
From: Koichiro Iwao <meta@almalinux.org>
|
||||
Date: Tue, 28 May 2024 15:11:20 +0900
|
||||
Subject: [PATCH 1/2] Apply config patch for Raspberry Pi (BCM2711)
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Pablo Greco <pgreco@centosproject.org>
|
||||
Date: Fri, 7 Aug 2020 02:59:05 +0000
|
||||
Subject: [PATCH 1/2] configs 2709
|
||||
|
||||
The patch is originally provided by Pablo Greco <pgreco@centosproject.org>.
|
||||
|
||||
Signed-off-by: Koichiro Iwao <meta@almalinux.org>
|
||||
---
|
||||
arch/arm64/configs/bcm2711_defconfig | 38 ++++++++++++++++++++++++++--
|
||||
1 file changed, 36 insertions(+), 2 deletions(-)
|
||||
arch/arm/configs/bcm2709_defconfig | 40 ++++++++++++++++++++++++++++--
|
||||
1 file changed, 38 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/arm64/configs/bcm2711_defconfig b/arch/arm64/configs/bcm2711_defconfig
|
||||
index e87791286ab4..6fda5b261683 100644
|
||||
--- a/arch/arm64/configs/bcm2711_defconfig
|
||||
+++ b/arch/arm64/configs/bcm2711_defconfig
|
||||
@@ -1622,8 +1622,6 @@ CONFIG_NLS_KOI8_U=m
|
||||
diff --git a/arch/arm/configs/bcm2709_defconfig b/arch/arm/configs/bcm2709_defconfig
|
||||
index 4b1f46c..537c622 100644
|
||||
--- a/arch/arm/configs/bcm2709_defconfig
|
||||
+++ b/arch/arm/configs/bcm2709_defconfig
|
||||
@@ -1530,8 +1530,6 @@ CONFIG_NLS_KOI8_R=m
|
||||
CONFIG_NLS_KOI8_U=m
|
||||
CONFIG_DLM=m
|
||||
CONFIG_KEY_DH_OPERATIONS=y
|
||||
CONFIG_SECURITY=y
|
||||
-CONFIG_SECURITY_APPARMOR=y
|
||||
-CONFIG_LSM=""
|
||||
CONFIG_CRYPTO_USER=m
|
||||
CONFIG_CRYPTO_CRYPTD=m
|
||||
CONFIG_CRYPTO_AES=m
|
||||
@@ -1674,3 +1672,39 @@ CONFIG_SCHED_TRACER=y
|
||||
CONFIG_CRYPTO_CAST5=m
|
||||
CONFIG_CRYPTO_DES=y
|
||||
@@ -1569,3 +1567,38 @@ CONFIG_IRQSOFF_TRACER=y
|
||||
CONFIG_SCHED_TRACER=y
|
||||
CONFIG_BLK_DEV_IO_TRACE=y
|
||||
# CONFIG_UPROBE_EVENTS is not set
|
||||
# CONFIG_STRICT_DEVMEM is not set
|
||||
+
|
||||
+# CentOS/AlmaLinux added
|
||||
+# CentOS added
|
||||
+CONFIG_AUDIT=y
|
||||
+CONFIG_NETLABEL=y
|
||||
+CONFIG_NETFILTER_XT_TARGET_AUDIT=m
|
||||
@ -50,19 +47,18 @@ index e87791286ab4..6fda5b261683 100644
|
||||
+CONFIG_NET_TEAM_MODE_ROUNDROBIN=m
|
||||
+CONFIG_CRYPTO_BLAKE2S=m
|
||||
+CONFIG_CRYPTO_CURVE25519=m
|
||||
+CONFIG_CRYPTO_CURVE25519_NEON=m
|
||||
+CONFIG_CRYPTO_LIB_BLAKE2S=m
|
||||
+CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m
|
||||
+CONFIG_CRYPTO_LIB_CHACHA=m
|
||||
+CONFIG_CRYPTO_LIB_CURVE25519=m
|
||||
+CONFIG_CRYPTO_LIB_POLY1305=m
|
||||
+CONFIG_CRYPTO_POLY1305_NEON=m
|
||||
+# CONFIG_EFI_CUSTOM_SSDT_OVERLAYS is not set
|
||||
+CONFIG_CRYPTO_POLY1305_ARM=m
|
||||
+# CONFIG_WIREGUARD_DEBUG is not set
|
||||
+CONFIG_WIREGUARD=m
|
||||
+CONFIG_BLK_DEV_RBD=m
|
||||
+CONFIG_FW_LOADER_COMPRESS=y
|
||||
+CONFIG_FW_LOADER_COMPRESS_XZ=y
|
||||
+CONFIG_FW_LOADER_COMPRESS_ZSTD=y
|
||||
--
|
||||
2.45.1
|
||||
2.39.0
|
||||
|
118
SOURCES/bcm2711_selinux_config.patch
Normal file
118
SOURCES/bcm2711_selinux_config.patch
Normal file
@ -0,0 +1,118 @@
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Pablo Greco <pgreco@centosproject.org>
|
||||
Date: Fri, 7 Aug 2020 02:59:05 +0000
|
||||
Subject: [PATCH 2/2] configs 2711
|
||||
|
||||
---
|
||||
arch/arm/configs/bcm2711_defconfig | 35 +++++++++++++++++++++++++--
|
||||
arch/arm64/configs/bcm2711_defconfig | 36 ++++++++++++++++++++++++++--
|
||||
2 files changed, 67 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/arch/arm/configs/bcm2711_defconfig b/arch/arm/configs/bcm2711_defconfig
|
||||
index d31636c..28e0bbd 100644
|
||||
--- a/arch/arm/configs/bcm2711_defconfig
|
||||
+++ b/arch/arm/configs/bcm2711_defconfig
|
||||
@@ -1556,8 +1556,6 @@ CONFIG_NLS_KOI8_R=m
|
||||
CONFIG_NLS_KOI8_U=m
|
||||
CONFIG_DLM=m
|
||||
CONFIG_SECURITY=y
|
||||
-CONFIG_SECURITY_APPARMOR=y
|
||||
-CONFIG_LSM=""
|
||||
CONFIG_CRYPTO_USER=m
|
||||
CONFIG_CRYPTO_CAST5=m
|
||||
CONFIG_CRYPTO_DES=y
|
||||
@@ -1595,3 +1593,38 @@ CONFIG_IRQSOFF_TRACER=y
|
||||
CONFIG_SCHED_TRACER=y
|
||||
CONFIG_BLK_DEV_IO_TRACE=y
|
||||
# CONFIG_UPROBE_EVENTS is not set
|
||||
+
|
||||
+# CentOS added
|
||||
+CONFIG_AUDIT=y
|
||||
+CONFIG_NETLABEL=y
|
||||
+CONFIG_NETFILTER_XT_TARGET_AUDIT=m
|
||||
+CONFIG_IP_NF_SECURITY=m
|
||||
+CONFIG_IP6_NF_SECURITY=m
|
||||
+CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
|
||||
+CONFIG_NFSD_V4_SECURITY_LABEL=y
|
||||
+CONFIG_SECURITY_NETWORK=y
|
||||
+CONFIG_SECURITY_PATH=y
|
||||
+CONFIG_SECURITY_SELINUX=y
|
||||
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
|
||||
+CONFIG_SECURITY_SELINUX_DISABLE=y
|
||||
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
|
||||
+CONFIG_NET_TEAM=m
|
||||
+CONFIG_NET_TEAM_MODE_ACTIVEBACKUP=m
|
||||
+CONFIG_NET_TEAM_MODE_BROADCAST=m
|
||||
+CONFIG_NET_TEAM_MODE_LOADBALANCE=m
|
||||
+CONFIG_NET_TEAM_MODE_RANDOM=m
|
||||
+CONFIG_NET_TEAM_MODE_ROUNDROBIN=m
|
||||
+CONFIG_CRYPTO_BLAKE2S=m
|
||||
+CONFIG_CRYPTO_CURVE25519=m
|
||||
+CONFIG_CRYPTO_CURVE25519_NEON=m
|
||||
+CONFIG_CRYPTO_LIB_BLAKE2S=m
|
||||
+CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m
|
||||
+CONFIG_CRYPTO_LIB_CHACHA=m
|
||||
+CONFIG_CRYPTO_LIB_CURVE25519=m
|
||||
+CONFIG_CRYPTO_LIB_POLY1305=m
|
||||
+CONFIG_CRYPTO_POLY1305_ARM=m
|
||||
+# CONFIG_WIREGUARD_DEBUG is not set
|
||||
+CONFIG_WIREGUARD=m
|
||||
+CONFIG_FW_LOADER_COMPRESS=y
|
||||
+CONFIG_FW_LOADER_COMPRESS_XZ=y
|
||||
+CONFIG_FW_LOADER_COMPRESS_ZSTD=y
|
||||
diff --git a/arch/arm64/configs/bcm2711_defconfig b/arch/arm64/configs/bcm2711_defconfig
|
||||
index 55e6082..b9acdbc 100644
|
||||
--- a/arch/arm64/configs/bcm2711_defconfig
|
||||
+++ b/arch/arm64/configs/bcm2711_defconfig
|
||||
@@ -1573,8 +1573,6 @@ CONFIG_NLS_KOI8_R=m
|
||||
CONFIG_NLS_KOI8_U=m
|
||||
CONFIG_DLM=m
|
||||
CONFIG_SECURITY=y
|
||||
-CONFIG_SECURITY_APPARMOR=y
|
||||
-CONFIG_LSM=""
|
||||
CONFIG_CRYPTO_USER=m
|
||||
CONFIG_CRYPTO_CRYPTD=m
|
||||
CONFIG_CRYPTO_AES=m
|
||||
@@ -1614,3 +1612,39 @@ CONFIG_IRQSOFF_TRACER=y
|
||||
CONFIG_SCHED_TRACER=y
|
||||
CONFIG_BLK_DEV_IO_TRACE=y
|
||||
# CONFIG_UPROBE_EVENTS is not set
|
||||
+
|
||||
+# CentOS added
|
||||
+CONFIG_AUDIT=y
|
||||
+CONFIG_NETLABEL=y
|
||||
+CONFIG_NETFILTER_XT_TARGET_AUDIT=m
|
||||
+CONFIG_IP_NF_SECURITY=m
|
||||
+CONFIG_IP6_NF_SECURITY=m
|
||||
+CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
|
||||
+CONFIG_NFSD_V4_SECURITY_LABEL=y
|
||||
+CONFIG_SECURITY_NETWORK=y
|
||||
+CONFIG_SECURITY_PATH=y
|
||||
+CONFIG_SECURITY_SELINUX=y
|
||||
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
|
||||
+CONFIG_SECURITY_SELINUX_DISABLE=y
|
||||
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
|
||||
+CONFIG_NET_TEAM=m
|
||||
+CONFIG_NET_TEAM_MODE_ACTIVEBACKUP=m
|
||||
+CONFIG_NET_TEAM_MODE_BROADCAST=m
|
||||
+CONFIG_NET_TEAM_MODE_LOADBALANCE=m
|
||||
+CONFIG_NET_TEAM_MODE_RANDOM=m
|
||||
+CONFIG_NET_TEAM_MODE_ROUNDROBIN=m
|
||||
+CONFIG_CRYPTO_BLAKE2S=m
|
||||
+CONFIG_CRYPTO_CURVE25519=m
|
||||
+CONFIG_CRYPTO_LIB_BLAKE2S=m
|
||||
+CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m
|
||||
+CONFIG_CRYPTO_LIB_CHACHA=m
|
||||
+CONFIG_CRYPTO_LIB_CURVE25519=m
|
||||
+CONFIG_CRYPTO_LIB_POLY1305=m
|
||||
+CONFIG_CRYPTO_POLY1305_NEON=m
|
||||
+# CONFIG_EFI_CUSTOM_SSDT_OVERLAYS is not set
|
||||
+# CONFIG_WIREGUARD_DEBUG is not set
|
||||
+CONFIG_WIREGUARD=m
|
||||
+CONFIG_BLK_DEV_RBD=m
|
||||
+CONFIG_FW_LOADER_COMPRESS=y
|
||||
+CONFIG_FW_LOADER_COMPRESS_XZ=y
|
||||
+CONFIG_FW_LOADER_COMPRESS_ZSTD=y
|
||||
--
|
||||
2.39.0
|
||||
|
@ -1,68 +0,0 @@
|
||||
From 5ae1f73a82e6ba1203d031c5c82943865dce8174 Mon Sep 17 00:00:00 2001
|
||||
From: Koichiro Iwao <meta@almalinux.org>
|
||||
Date: Tue, 28 May 2024 15:14:02 +0900
|
||||
Subject: [PATCH 2/2] Apply config patch for Raspberry Pi (BCM2712)
|
||||
|
||||
The patch is originally provided by Pablo Greco <pgreco@centosproject.org>.
|
||||
|
||||
Signed-off-by: Koichiro Iwao <meta@almalinux.org>
|
||||
---
|
||||
arch/arm64/configs/bcm2712_defconfig | 38 ++++++++++++++++++++++++++--
|
||||
1 file changed, 36 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/arch/arm64/configs/bcm2712_defconfig b/arch/arm64/configs/bcm2712_defconfig
|
||||
index 79c4332581eb..7b63683ff687 100644
|
||||
--- a/arch/arm64/configs/bcm2712_defconfig
|
||||
+++ b/arch/arm64/configs/bcm2712_defconfig
|
||||
@@ -1625,8 +1625,6 @@ CONFIG_NLS_KOI8_U=m
|
||||
CONFIG_DLM=m
|
||||
CONFIG_KEY_DH_OPERATIONS=y
|
||||
CONFIG_SECURITY=y
|
||||
-CONFIG_SECURITY_APPARMOR=y
|
||||
-CONFIG_LSM=""
|
||||
CONFIG_CRYPTO_USER=m
|
||||
CONFIG_CRYPTO_CRYPTD=m
|
||||
CONFIG_CRYPTO_AES=m
|
||||
@@ -1677,3 +1675,39 @@ CONFIG_SCHED_TRACER=y
|
||||
CONFIG_BLK_DEV_IO_TRACE=y
|
||||
# CONFIG_UPROBE_EVENTS is not set
|
||||
# CONFIG_STRICT_DEVMEM is not set
|
||||
+
|
||||
+# CentOS/AlmaLinux added
|
||||
+CONFIG_AUDIT=y
|
||||
+CONFIG_NETLABEL=y
|
||||
+CONFIG_NETFILTER_XT_TARGET_AUDIT=m
|
||||
+CONFIG_IP_NF_SECURITY=m
|
||||
+CONFIG_IP6_NF_SECURITY=m
|
||||
+CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
|
||||
+CONFIG_NFSD_V4_SECURITY_LABEL=y
|
||||
+CONFIG_SECURITY_NETWORK=y
|
||||
+CONFIG_SECURITY_PATH=y
|
||||
+CONFIG_SECURITY_SELINUX=y
|
||||
+CONFIG_SECURITY_SELINUX_BOOTPARAM=y
|
||||
+CONFIG_SECURITY_SELINUX_DISABLE=y
|
||||
+CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
|
||||
+CONFIG_NET_TEAM=m
|
||||
+CONFIG_NET_TEAM_MODE_ACTIVEBACKUP=m
|
||||
+CONFIG_NET_TEAM_MODE_BROADCAST=m
|
||||
+CONFIG_NET_TEAM_MODE_LOADBALANCE=m
|
||||
+CONFIG_NET_TEAM_MODE_RANDOM=m
|
||||
+CONFIG_NET_TEAM_MODE_ROUNDROBIN=m
|
||||
+CONFIG_CRYPTO_BLAKE2S=m
|
||||
+CONFIG_CRYPTO_CURVE25519=m
|
||||
+CONFIG_CRYPTO_LIB_BLAKE2S=m
|
||||
+CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m
|
||||
+CONFIG_CRYPTO_LIB_CHACHA=m
|
||||
+CONFIG_CRYPTO_LIB_CURVE25519=m
|
||||
+CONFIG_CRYPTO_LIB_POLY1305=m
|
||||
+CONFIG_CRYPTO_POLY1305_NEON=m
|
||||
+# CONFIG_EFI_CUSTOM_SSDT_OVERLAYS is not set
|
||||
+# CONFIG_WIREGUARD_DEBUG is not set
|
||||
+CONFIG_WIREGUARD=m
|
||||
+CONFIG_BLK_DEV_RBD=m
|
||||
+CONFIG_FW_LOADER_COMPRESS=y
|
||||
+CONFIG_FW_LOADER_COMPRESS_XZ=y
|
||||
+CONFIG_FW_LOADER_COMPRESS_ZSTD=y
|
||||
--
|
||||
2.45.1
|
||||
|
@ -1,3 +0,0 @@
|
||||
# See 'cpupower help' and cpupower(1) for more info
|
||||
CPUPOWER_START_OPTS="frequency-set -g ondemand"
|
||||
CPUPOWER_STOP_OPTS="frequency-set -g powersave"
|
@ -1,13 +0,0 @@
|
||||
[Unit]
|
||||
Description=Configure CPU power related settings
|
||||
After=syslog.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
EnvironmentFile=/etc/sysconfig/cpupower
|
||||
ExecStart=/usr/bin/cpupower $CPUPOWER_START_OPTS
|
||||
ExecStop=/usr/bin/cpupower $CPUPOWER_STOP_OPTS
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
@ -1,11 +0,0 @@
|
||||
/var/log/kvm_stat.csv {
|
||||
size 10M
|
||||
missingok
|
||||
compress
|
||||
maxage 30
|
||||
rotate 5
|
||||
nodateext
|
||||
postrotate
|
||||
/usr/bin/systemctl try-restart kvm_stat.service
|
||||
endscript
|
||||
}
|
@ -1,613 +0,0 @@
|
||||
From 1fdf61d4739f818edb85e50f7fa4c474196a0b0a Mon Sep 17 00:00:00 2001
|
||||
From: Jan Stancek <jstancek@redhat.com>
|
||||
Date: Fri, 12 Jul 2024 09:11:14 +0200
|
||||
Subject: [PATCH 1/3] sign-file,extract-cert: move common SSL helper functions
|
||||
to a header
|
||||
|
||||
Couple error handling helpers are repeated in both tools, so
|
||||
move them to a common header.
|
||||
|
||||
Signed-off-by: Jan Stancek <jstancek@redhat.com>
|
||||
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
|
||||
Tested-by: R Nageswara Sastry <rnsastry@linux.ibm.com>
|
||||
Reviewed-by: Neal Gompa <neal@gompa.dev>
|
||||
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
|
||||
---
|
||||
MAINTAINERS | 1 +
|
||||
certs/Makefile | 2 +-
|
||||
certs/extract-cert.c | 37 ++-----------------------------------
|
||||
scripts/sign-file.c | 37 ++-----------------------------------
|
||||
scripts/ssl-common.h | 39 +++++++++++++++++++++++++++++++++++++++
|
||||
5 files changed, 45 insertions(+), 71 deletions(-)
|
||||
create mode 100644 scripts/ssl-common.h
|
||||
|
||||
diff --git a/MAINTAINERS b/MAINTAINERS
|
||||
index 6a6e2941c497..7aa208b18267 100644
|
||||
--- a/MAINTAINERS
|
||||
+++ b/MAINTAINERS
|
||||
@@ -4823,6 +4823,7 @@ S: Maintained
|
||||
F: Documentation/admin-guide/module-signing.rst
|
||||
F: certs/
|
||||
F: scripts/sign-file.c
|
||||
+F: scripts/ssl-common.h
|
||||
F: tools/certs/
|
||||
|
||||
CFAG12864B LCD DRIVER
|
||||
diff --git a/certs/Makefile b/certs/Makefile
|
||||
index 799ad7b9e68a..67e1f2707c2f 100644
|
||||
--- a/certs/Makefile
|
||||
+++ b/certs/Makefile
|
||||
@@ -84,5 +84,5 @@ targets += x509_revocation_list
|
||||
|
||||
hostprogs := extract-cert
|
||||
|
||||
-HOSTCFLAGS_extract-cert.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null)
|
||||
+HOSTCFLAGS_extract-cert.o = $(shell $(HOSTPKG_CONFIG) --cflags libcrypto 2> /dev/null) -I$(srctree)/scripts
|
||||
HOSTLDLIBS_extract-cert = $(shell $(HOSTPKG_CONFIG) --libs libcrypto 2> /dev/null || echo -lcrypto)
|
||||
diff --git a/certs/extract-cert.c b/certs/extract-cert.c
|
||||
index 70e9ec89d87d..8e7ba9974a1f 100644
|
||||
--- a/certs/extract-cert.c
|
||||
+++ b/certs/extract-cert.c
|
||||
@@ -23,6 +23,8 @@
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
+#include "ssl-common.h"
|
||||
+
|
||||
/*
|
||||
* OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
|
||||
*
|
||||
@@ -40,41 +42,6 @@ void format(void)
|
||||
exit(2);
|
||||
}
|
||||
|
||||
-static void display_openssl_errors(int l)
|
||||
-{
|
||||
- const char *file;
|
||||
- char buf[120];
|
||||
- int e, line;
|
||||
-
|
||||
- if (ERR_peek_error() == 0)
|
||||
- return;
|
||||
- fprintf(stderr, "At main.c:%d:\n", l);
|
||||
-
|
||||
- while ((e = ERR_get_error_line(&file, &line))) {
|
||||
- ERR_error_string(e, buf);
|
||||
- fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
|
||||
- }
|
||||
-}
|
||||
-
|
||||
-static void drain_openssl_errors(void)
|
||||
-{
|
||||
- const char *file;
|
||||
- int line;
|
||||
-
|
||||
- if (ERR_peek_error() == 0)
|
||||
- return;
|
||||
- while (ERR_get_error_line(&file, &line)) {}
|
||||
-}
|
||||
-
|
||||
-#define ERR(cond, fmt, ...) \
|
||||
- do { \
|
||||
- bool __cond = (cond); \
|
||||
- display_openssl_errors(__LINE__); \
|
||||
- if (__cond) { \
|
||||
- err(1, fmt, ## __VA_ARGS__); \
|
||||
- } \
|
||||
- } while(0)
|
||||
-
|
||||
static const char *key_pass;
|
||||
static BIO *wb;
|
||||
static char *cert_dst;
|
||||
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
|
||||
index 3edb156ae52c..39ba58db5d4e 100644
|
||||
--- a/scripts/sign-file.c
|
||||
+++ b/scripts/sign-file.c
|
||||
@@ -29,6 +29,8 @@
|
||||
#include <openssl/err.h>
|
||||
#include <openssl/engine.h>
|
||||
|
||||
+#include "ssl-common.h"
|
||||
+
|
||||
/*
|
||||
* OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
|
||||
*
|
||||
@@ -83,41 +85,6 @@ void format(void)
|
||||
exit(2);
|
||||
}
|
||||
|
||||
-static void display_openssl_errors(int l)
|
||||
-{
|
||||
- const char *file;
|
||||
- char buf[120];
|
||||
- int e, line;
|
||||
-
|
||||
- if (ERR_peek_error() == 0)
|
||||
- return;
|
||||
- fprintf(stderr, "At main.c:%d:\n", l);
|
||||
-
|
||||
- while ((e = ERR_get_error_line(&file, &line))) {
|
||||
- ERR_error_string(e, buf);
|
||||
- fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
|
||||
- }
|
||||
-}
|
||||
-
|
||||
-static void drain_openssl_errors(void)
|
||||
-{
|
||||
- const char *file;
|
||||
- int line;
|
||||
-
|
||||
- if (ERR_peek_error() == 0)
|
||||
- return;
|
||||
- while (ERR_get_error_line(&file, &line)) {}
|
||||
-}
|
||||
-
|
||||
-#define ERR(cond, fmt, ...) \
|
||||
- do { \
|
||||
- bool __cond = (cond); \
|
||||
- display_openssl_errors(__LINE__); \
|
||||
- if (__cond) { \
|
||||
- errx(1, fmt, ## __VA_ARGS__); \
|
||||
- } \
|
||||
- } while(0)
|
||||
-
|
||||
static const char *key_pass;
|
||||
|
||||
static int pem_pw_cb(char *buf, int len, int w, void *v)
|
||||
diff --git a/scripts/ssl-common.h b/scripts/ssl-common.h
|
||||
new file mode 100644
|
||||
index 000000000000..e6711c75ed91
|
||||
--- /dev/null
|
||||
+++ b/scripts/ssl-common.h
|
||||
@@ -0,0 +1,39 @@
|
||||
+/* SPDX-License-Identifier: LGPL-2.1+ */
|
||||
+/*
|
||||
+ * SSL helper functions shared by sign-file and extract-cert.
|
||||
+ */
|
||||
+
|
||||
+static void display_openssl_errors(int l)
|
||||
+{
|
||||
+ const char *file;
|
||||
+ char buf[120];
|
||||
+ int e, line;
|
||||
+
|
||||
+ if (ERR_peek_error() == 0)
|
||||
+ return;
|
||||
+ fprintf(stderr, "At main.c:%d:\n", l);
|
||||
+
|
||||
+ while ((e = ERR_get_error_line(&file, &line))) {
|
||||
+ ERR_error_string(e, buf);
|
||||
+ fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void drain_openssl_errors(void)
|
||||
+{
|
||||
+ const char *file;
|
||||
+ int line;
|
||||
+
|
||||
+ if (ERR_peek_error() == 0)
|
||||
+ return;
|
||||
+ while (ERR_get_error_line(&file, &line)) {}
|
||||
+}
|
||||
+
|
||||
+#define ERR(cond, fmt, ...) \
|
||||
+ do { \
|
||||
+ bool __cond = (cond); \
|
||||
+ display_openssl_errors(__LINE__); \
|
||||
+ if (__cond) { \
|
||||
+ errx(1, fmt, ## __VA_ARGS__); \
|
||||
+ } \
|
||||
+ } while (0)
|
||||
--
|
||||
2.46.2
|
||||
|
||||
|
||||
From 98dbd2b45aa5185d63b839f482d43c16b71f31a5 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Stancek <jstancek@redhat.com>
|
||||
Date: Fri, 12 Jul 2024 09:11:15 +0200
|
||||
Subject: [PATCH 2/3] sign-file,extract-cert: avoid using deprecated
|
||||
ERR_get_error_line()
|
||||
|
||||
ERR_get_error_line() is deprecated since OpenSSL 3.0.
|
||||
|
||||
Use ERR_peek_error_line() instead, and combine display_openssl_errors()
|
||||
and drain_openssl_errors() to a single function where parameter decides
|
||||
if it should consume errors silently.
|
||||
|
||||
Signed-off-by: Jan Stancek <jstancek@redhat.com>
|
||||
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
|
||||
Tested-by: R Nageswara Sastry <rnsastry@linux.ibm.com>
|
||||
Reviewed-by: Neal Gompa <neal@gompa.dev>
|
||||
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
|
||||
---
|
||||
certs/extract-cert.c | 4 ++--
|
||||
scripts/sign-file.c | 6 +++---
|
||||
scripts/ssl-common.h | 23 ++++++++---------------
|
||||
3 files changed, 13 insertions(+), 20 deletions(-)
|
||||
|
||||
diff --git a/certs/extract-cert.c b/certs/extract-cert.c
|
||||
index 8e7ba9974a1f..61bbe0085671 100644
|
||||
--- a/certs/extract-cert.c
|
||||
+++ b/certs/extract-cert.c
|
||||
@@ -99,11 +99,11 @@ int main(int argc, char **argv)
|
||||
parms.cert = NULL;
|
||||
|
||||
ENGINE_load_builtin_engines();
|
||||
- drain_openssl_errors();
|
||||
+ drain_openssl_errors(__LINE__, 1);
|
||||
e = ENGINE_by_id("pkcs11");
|
||||
ERR(!e, "Load PKCS#11 ENGINE");
|
||||
if (ENGINE_init(e))
|
||||
- drain_openssl_errors();
|
||||
+ drain_openssl_errors(__LINE__, 1);
|
||||
else
|
||||
ERR(1, "ENGINE_init");
|
||||
if (key_pass)
|
||||
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
|
||||
index 39ba58db5d4e..bb3fdf1a617c 100644
|
||||
--- a/scripts/sign-file.c
|
||||
+++ b/scripts/sign-file.c
|
||||
@@ -114,11 +114,11 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
|
||||
ENGINE *e;
|
||||
|
||||
ENGINE_load_builtin_engines();
|
||||
- drain_openssl_errors();
|
||||
+ drain_openssl_errors(__LINE__, 1);
|
||||
e = ENGINE_by_id("pkcs11");
|
||||
ERR(!e, "Load PKCS#11 ENGINE");
|
||||
if (ENGINE_init(e))
|
||||
- drain_openssl_errors();
|
||||
+ drain_openssl_errors(__LINE__, 1);
|
||||
else
|
||||
ERR(1, "ENGINE_init");
|
||||
if (key_pass)
|
||||
@@ -273,7 +273,7 @@ int main(int argc, char **argv)
|
||||
|
||||
/* Digest the module data. */
|
||||
OpenSSL_add_all_digests();
|
||||
- display_openssl_errors(__LINE__);
|
||||
+ drain_openssl_errors(__LINE__, 0);
|
||||
digest_algo = EVP_get_digestbyname(hash_algo);
|
||||
ERR(!digest_algo, "EVP_get_digestbyname");
|
||||
|
||||
diff --git a/scripts/ssl-common.h b/scripts/ssl-common.h
|
||||
index e6711c75ed91..2db0e181143c 100644
|
||||
--- a/scripts/ssl-common.h
|
||||
+++ b/scripts/ssl-common.h
|
||||
@@ -3,7 +3,7 @@
|
||||
* SSL helper functions shared by sign-file and extract-cert.
|
||||
*/
|
||||
|
||||
-static void display_openssl_errors(int l)
|
||||
+static void drain_openssl_errors(int l, int silent)
|
||||
{
|
||||
const char *file;
|
||||
char buf[120];
|
||||
@@ -11,28 +11,21 @@ static void display_openssl_errors(int l)
|
||||
|
||||
if (ERR_peek_error() == 0)
|
||||
return;
|
||||
- fprintf(stderr, "At main.c:%d:\n", l);
|
||||
+ if (!silent)
|
||||
+ fprintf(stderr, "At main.c:%d:\n", l);
|
||||
|
||||
- while ((e = ERR_get_error_line(&file, &line))) {
|
||||
+ while ((e = ERR_peek_error_line(&file, &line))) {
|
||||
ERR_error_string(e, buf);
|
||||
- fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
|
||||
+ if (!silent)
|
||||
+ fprintf(stderr, "- SSL %s: %s:%d\n", buf, file, line);
|
||||
+ ERR_get_error();
|
||||
}
|
||||
}
|
||||
|
||||
-static void drain_openssl_errors(void)
|
||||
-{
|
||||
- const char *file;
|
||||
- int line;
|
||||
-
|
||||
- if (ERR_peek_error() == 0)
|
||||
- return;
|
||||
- while (ERR_get_error_line(&file, &line)) {}
|
||||
-}
|
||||
-
|
||||
#define ERR(cond, fmt, ...) \
|
||||
do { \
|
||||
bool __cond = (cond); \
|
||||
- display_openssl_errors(__LINE__); \
|
||||
+ drain_openssl_errors(__LINE__, 0); \
|
||||
if (__cond) { \
|
||||
errx(1, fmt, ## __VA_ARGS__); \
|
||||
} \
|
||||
--
|
||||
2.46.2
|
||||
|
||||
|
||||
From eeffebeb081fcb81ae8a85b6a774dc14791dbc56 Mon Sep 17 00:00:00 2001
|
||||
From: Jan Stancek <jstancek@redhat.com>
|
||||
Date: Fri, 20 Sep 2024 19:52:48 +0300
|
||||
Subject: [PATCH 3/3] sign-file,extract-cert: use pkcs11 provider for OPENSSL
|
||||
MAJOR >= 3
|
||||
|
||||
ENGINE API has been deprecated since OpenSSL version 3.0 [1].
|
||||
Distros have started dropping support from headers and in future
|
||||
it will likely disappear also from library.
|
||||
|
||||
It has been superseded by the PROVIDER API, so use it instead
|
||||
for OPENSSL MAJOR >= 3.
|
||||
|
||||
[1] https://github.com/openssl/openssl/blob/master/README-ENGINES.md
|
||||
|
||||
[jarkko: fixed up alignment issues reported by checkpatch.pl --strict]
|
||||
|
||||
Signed-off-by: Jan Stancek <jstancek@redhat.com>
|
||||
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
|
||||
Tested-by: R Nageswara Sastry <rnsastry@linux.ibm.com>
|
||||
Reviewed-by: Neal Gompa <neal@gompa.dev>
|
||||
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
|
||||
---
|
||||
certs/extract-cert.c | 103 ++++++++++++++++++++++++++++++-------------
|
||||
scripts/sign-file.c | 93 ++++++++++++++++++++++++++------------
|
||||
2 files changed, 138 insertions(+), 58 deletions(-)
|
||||
|
||||
diff --git a/certs/extract-cert.c b/certs/extract-cert.c
|
||||
index 61bbe0085671..7d6d468ed612 100644
|
||||
--- a/certs/extract-cert.c
|
||||
+++ b/certs/extract-cert.c
|
||||
@@ -21,17 +21,18 @@
|
||||
#include <openssl/bio.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/err.h>
|
||||
-#include <openssl/engine.h>
|
||||
-
|
||||
+#if OPENSSL_VERSION_MAJOR >= 3
|
||||
+# define USE_PKCS11_PROVIDER
|
||||
+# include <openssl/provider.h>
|
||||
+# include <openssl/store.h>
|
||||
+#else
|
||||
+# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
|
||||
+# define USE_PKCS11_ENGINE
|
||||
+# include <openssl/engine.h>
|
||||
+# endif
|
||||
+#endif
|
||||
#include "ssl-common.h"
|
||||
|
||||
-/*
|
||||
- * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
|
||||
- *
|
||||
- * Remove this if/when that API is no longer used
|
||||
- */
|
||||
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
|
||||
-
|
||||
#define PKEY_ID_PKCS7 2
|
||||
|
||||
static __attribute__((noreturn))
|
||||
@@ -61,6 +62,66 @@ static void write_cert(X509 *x509)
|
||||
fprintf(stderr, "Extracted cert: %s\n", buf);
|
||||
}
|
||||
|
||||
+static X509 *load_cert_pkcs11(const char *cert_src)
|
||||
+{
|
||||
+ X509 *cert = NULL;
|
||||
+#ifdef USE_PKCS11_PROVIDER
|
||||
+ OSSL_STORE_CTX *store;
|
||||
+
|
||||
+ if (!OSSL_PROVIDER_try_load(NULL, "pkcs11", true))
|
||||
+ ERR(1, "OSSL_PROVIDER_try_load(pkcs11)");
|
||||
+ if (!OSSL_PROVIDER_try_load(NULL, "default", true))
|
||||
+ ERR(1, "OSSL_PROVIDER_try_load(default)");
|
||||
+
|
||||
+ store = OSSL_STORE_open(cert_src, NULL, NULL, NULL, NULL);
|
||||
+ ERR(!store, "OSSL_STORE_open");
|
||||
+
|
||||
+ while (!OSSL_STORE_eof(store)) {
|
||||
+ OSSL_STORE_INFO *info = OSSL_STORE_load(store);
|
||||
+
|
||||
+ if (!info) {
|
||||
+ drain_openssl_errors(__LINE__, 0);
|
||||
+ continue;
|
||||
+ }
|
||||
+ if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_CERT) {
|
||||
+ cert = OSSL_STORE_INFO_get1_CERT(info);
|
||||
+ ERR(!cert, "OSSL_STORE_INFO_get1_CERT");
|
||||
+ }
|
||||
+ OSSL_STORE_INFO_free(info);
|
||||
+ if (cert)
|
||||
+ break;
|
||||
+ }
|
||||
+ OSSL_STORE_close(store);
|
||||
+#elif defined(USE_PKCS11_ENGINE)
|
||||
+ ENGINE *e;
|
||||
+ struct {
|
||||
+ const char *cert_id;
|
||||
+ X509 *cert;
|
||||
+ } parms;
|
||||
+
|
||||
+ parms.cert_id = cert_src;
|
||||
+ parms.cert = NULL;
|
||||
+
|
||||
+ ENGINE_load_builtin_engines();
|
||||
+ drain_openssl_errors(__LINE__, 1);
|
||||
+ e = ENGINE_by_id("pkcs11");
|
||||
+ ERR(!e, "Load PKCS#11 ENGINE");
|
||||
+ if (ENGINE_init(e))
|
||||
+ drain_openssl_errors(__LINE__, 1);
|
||||
+ else
|
||||
+ ERR(1, "ENGINE_init");
|
||||
+ if (key_pass)
|
||||
+ ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
|
||||
+ ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
|
||||
+ ERR(!parms.cert, "Get X.509 from PKCS#11");
|
||||
+ cert = parms.cert;
|
||||
+#else
|
||||
+ fprintf(stderr, "no pkcs11 engine/provider available\n");
|
||||
+ exit(1);
|
||||
+#endif
|
||||
+ return cert;
|
||||
+}
|
||||
+
|
||||
int main(int argc, char **argv)
|
||||
{
|
||||
char *cert_src;
|
||||
@@ -89,28 +150,10 @@ int main(int argc, char **argv)
|
||||
fclose(f);
|
||||
exit(0);
|
||||
} else if (!strncmp(cert_src, "pkcs11:", 7)) {
|
||||
- ENGINE *e;
|
||||
- struct {
|
||||
- const char *cert_id;
|
||||
- X509 *cert;
|
||||
- } parms;
|
||||
+ X509 *cert = load_cert_pkcs11(cert_src);
|
||||
|
||||
- parms.cert_id = cert_src;
|
||||
- parms.cert = NULL;
|
||||
-
|
||||
- ENGINE_load_builtin_engines();
|
||||
- drain_openssl_errors(__LINE__, 1);
|
||||
- e = ENGINE_by_id("pkcs11");
|
||||
- ERR(!e, "Load PKCS#11 ENGINE");
|
||||
- if (ENGINE_init(e))
|
||||
- drain_openssl_errors(__LINE__, 1);
|
||||
- else
|
||||
- ERR(1, "ENGINE_init");
|
||||
- if (key_pass)
|
||||
- ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
|
||||
- ENGINE_ctrl_cmd(e, "LOAD_CERT_CTRL", 0, &parms, NULL, 1);
|
||||
- ERR(!parms.cert, "Get X.509 from PKCS#11");
|
||||
- write_cert(parms.cert);
|
||||
+ ERR(!cert, "load_cert_pkcs11 failed");
|
||||
+ write_cert(cert);
|
||||
} else {
|
||||
BIO *b;
|
||||
X509 *x509;
|
||||
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
|
||||
index bb3fdf1a617c..7070245edfc1 100644
|
||||
--- a/scripts/sign-file.c
|
||||
+++ b/scripts/sign-file.c
|
||||
@@ -27,17 +27,18 @@
|
||||
#include <openssl/evp.h>
|
||||
#include <openssl/pem.h>
|
||||
#include <openssl/err.h>
|
||||
-#include <openssl/engine.h>
|
||||
-
|
||||
+#if OPENSSL_VERSION_MAJOR >= 3
|
||||
+# define USE_PKCS11_PROVIDER
|
||||
+# include <openssl/provider.h>
|
||||
+# include <openssl/store.h>
|
||||
+#else
|
||||
+# if !defined(OPENSSL_NO_ENGINE) && !defined(OPENSSL_NO_DEPRECATED_3_0)
|
||||
+# define USE_PKCS11_ENGINE
|
||||
+# include <openssl/engine.h>
|
||||
+# endif
|
||||
+#endif
|
||||
#include "ssl-common.h"
|
||||
|
||||
-/*
|
||||
- * OpenSSL 3.0 deprecates the OpenSSL's ENGINE API.
|
||||
- *
|
||||
- * Remove this if/when that API is no longer used
|
||||
- */
|
||||
-#pragma GCC diagnostic ignored "-Wdeprecated-declarations"
|
||||
-
|
||||
/*
|
||||
* Use CMS if we have openssl-1.0.0 or newer available - otherwise we have to
|
||||
* assume that it's not available and its header file is missing and that we
|
||||
@@ -106,28 +107,64 @@ static int pem_pw_cb(char *buf, int len, int w, void *v)
|
||||
return pwlen;
|
||||
}
|
||||
|
||||
-static EVP_PKEY *read_private_key(const char *private_key_name)
|
||||
+static EVP_PKEY *read_private_key_pkcs11(const char *private_key_name)
|
||||
{
|
||||
- EVP_PKEY *private_key;
|
||||
+ EVP_PKEY *private_key = NULL;
|
||||
+#ifdef USE_PKCS11_PROVIDER
|
||||
+ OSSL_STORE_CTX *store;
|
||||
|
||||
- if (!strncmp(private_key_name, "pkcs11:", 7)) {
|
||||
- ENGINE *e;
|
||||
+ if (!OSSL_PROVIDER_try_load(NULL, "pkcs11", true))
|
||||
+ ERR(1, "OSSL_PROVIDER_try_load(pkcs11)");
|
||||
+ if (!OSSL_PROVIDER_try_load(NULL, "default", true))
|
||||
+ ERR(1, "OSSL_PROVIDER_try_load(default)");
|
||||
+
|
||||
+ store = OSSL_STORE_open(private_key_name, NULL, NULL, NULL, NULL);
|
||||
+ ERR(!store, "OSSL_STORE_open");
|
||||
|
||||
- ENGINE_load_builtin_engines();
|
||||
+ while (!OSSL_STORE_eof(store)) {
|
||||
+ OSSL_STORE_INFO *info = OSSL_STORE_load(store);
|
||||
+
|
||||
+ if (!info) {
|
||||
+ drain_openssl_errors(__LINE__, 0);
|
||||
+ continue;
|
||||
+ }
|
||||
+ if (OSSL_STORE_INFO_get_type(info) == OSSL_STORE_INFO_PKEY) {
|
||||
+ private_key = OSSL_STORE_INFO_get1_PKEY(info);
|
||||
+ ERR(!private_key, "OSSL_STORE_INFO_get1_PKEY");
|
||||
+ }
|
||||
+ OSSL_STORE_INFO_free(info);
|
||||
+ if (private_key)
|
||||
+ break;
|
||||
+ }
|
||||
+ OSSL_STORE_close(store);
|
||||
+#elif defined(USE_PKCS11_ENGINE)
|
||||
+ ENGINE *e;
|
||||
+
|
||||
+ ENGINE_load_builtin_engines();
|
||||
+ drain_openssl_errors(__LINE__, 1);
|
||||
+ e = ENGINE_by_id("pkcs11");
|
||||
+ ERR(!e, "Load PKCS#11 ENGINE");
|
||||
+ if (ENGINE_init(e))
|
||||
drain_openssl_errors(__LINE__, 1);
|
||||
- e = ENGINE_by_id("pkcs11");
|
||||
- ERR(!e, "Load PKCS#11 ENGINE");
|
||||
- if (ENGINE_init(e))
|
||||
- drain_openssl_errors(__LINE__, 1);
|
||||
- else
|
||||
- ERR(1, "ENGINE_init");
|
||||
- if (key_pass)
|
||||
- ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0),
|
||||
- "Set PKCS#11 PIN");
|
||||
- private_key = ENGINE_load_private_key(e, private_key_name,
|
||||
- NULL, NULL);
|
||||
- ERR(!private_key, "%s", private_key_name);
|
||||
+ else
|
||||
+ ERR(1, "ENGINE_init");
|
||||
+ if (key_pass)
|
||||
+ ERR(!ENGINE_ctrl_cmd_string(e, "PIN", key_pass, 0), "Set PKCS#11 PIN");
|
||||
+ private_key = ENGINE_load_private_key(e, private_key_name, NULL, NULL);
|
||||
+ ERR(!private_key, "%s", private_key_name);
|
||||
+#else
|
||||
+ fprintf(stderr, "no pkcs11 engine/provider available\n");
|
||||
+ exit(1);
|
||||
+#endif
|
||||
+ return private_key;
|
||||
+}
|
||||
+
|
||||
+static EVP_PKEY *read_private_key(const char *private_key_name)
|
||||
+{
|
||||
+ if (!strncmp(private_key_name, "pkcs11:", 7)) {
|
||||
+ return read_private_key_pkcs11(private_key_name);
|
||||
} else {
|
||||
+ EVP_PKEY *private_key;
|
||||
BIO *b;
|
||||
|
||||
b = BIO_new_file(private_key_name, "rb");
|
||||
@@ -136,9 +173,9 @@ static EVP_PKEY *read_private_key(const char *private_key_name)
|
||||
NULL);
|
||||
ERR(!private_key, "%s", private_key_name);
|
||||
BIO_free(b);
|
||||
- }
|
||||
|
||||
- return private_key;
|
||||
+ return private_key;
|
||||
+ }
|
||||
}
|
||||
|
||||
static X509 *read_x509(const char *x509_name)
|
||||
--
|
||||
2.46.2
|
||||
|
262290
SOURCES/rpi-6.1.x.patch
Normal file
262290
SOURCES/rpi-6.1.x.patch
Normal file
File diff suppressed because it is too large
Load Diff
@ -1,74 +1,72 @@
|
||||
%global firmware_tag 1.20241008
|
||||
%global version_tag efda653d39a46aa5ed2d5f8af420c1e4eddb2dca
|
||||
%global commit_firmware_long cb9500d6021e083a182ba168fe4424e3db2494cf
|
||||
%global commit_linux_long 4fc5a03ad1d2fb811d8652be67260312fa3125fc
|
||||
|
||||
ExclusiveArch: aarch64
|
||||
ExclusiveArch: aarch64 armv7hl
|
||||
|
||||
%undefine _debugsource_packages
|
||||
|
||||
%ifarch aarch64
|
||||
%define Arch arm64
|
||||
%define build_image Image.gz
|
||||
%define build_image Image
|
||||
%define armtarget 8
|
||||
|
||||
%define local_version v8
|
||||
%define bcmmodel 2711
|
||||
%define extra_version 1
|
||||
|
||||
# This originally implies Kernel 4.x for RPi 2 and is not appropriate now.
|
||||
# Be careful to change this not to disturb the seamless package update.
|
||||
%define rpisuffix 2
|
||||
%define ksuffix 4
|
||||
|
||||
%define kversion 6.11
|
||||
%define patchlevel 7
|
||||
|
||||
%if 0%{?rhel} >= 10
|
||||
%define pathfix %{__python3} %{_rpmconfigdir}/redhat/pathfix.py
|
||||
%define with_rpi4 1
|
||||
%else
|
||||
%define pathfix pathfix.py
|
||||
%define Arch arm
|
||||
%define build_image zImage
|
||||
%define armtarget 7
|
||||
%bcond_with rpi4
|
||||
%endif
|
||||
|
||||
# standard kernel
|
||||
%define with_up %{?_without_up: 0} %{?!_without_up: 1}
|
||||
# tools
|
||||
%define with_tools %{?_without_tools: 0} %{?!_without_tools: 1}
|
||||
# firmware
|
||||
%define with_firmware %{?_without_firmware: 0} %{?!_without_firmware: 1}
|
||||
# kernel-headers
|
||||
%define with_headers %{?_without_headers: 0} %{?!_without_headers: 1}
|
||||
%if %{with rpi4}
|
||||
%ifarch aarch64
|
||||
%define local_version v8
|
||||
%else
|
||||
%define local_version v7l
|
||||
%endif
|
||||
%define bcmmodel 2711
|
||||
%define ksuffix 4
|
||||
%else
|
||||
%define local_version v7
|
||||
%define bcmmodel 2709
|
||||
%endif
|
||||
%define extra_version 1
|
||||
|
||||
Name: raspberrypi%{rpisuffix}
|
||||
%define kversion 6.1
|
||||
%define patchlevel 31
|
||||
|
||||
Name: raspberrypi2
|
||||
Version: %{kversion}.%{patchlevel}
|
||||
Release: 20241110.%{local_version}.%{extra_version}%{?dist}
|
||||
Release: %{local_version}.%{extra_version}%{?dist}
|
||||
Summary: Specific kernel and bootcode for Raspberry Pi
|
||||
|
||||
License: GPLv2
|
||||
URL: https://github.com/raspberrypi/linux
|
||||
Source0: https://github.com/raspberrypi/linux/archive/%{version_tag}.tar.gz
|
||||
Source1: https://github.com/raspberrypi/firmware/archive/refs/tags/%{firmware_tag}.tar.gz
|
||||
Patch1: openssl-3.0.patch
|
||||
Patch100: config_2711.patch
|
||||
Patch101: config_2712.patch
|
||||
# Sources for kernel-tools
|
||||
Source2000: cpupower.service
|
||||
Source2001: cpupower.config
|
||||
Source2002: kvm_stat.logrotate
|
||||
Source0: https://www.kernel.org/pub/linux/kernel/v6.x/linux-%{kversion}.tar.xz
|
||||
Source1: https://github.com/raspberrypi/firmware/archive/%{commit_firmware_long}.tar.gz
|
||||
%if %{patchlevel} > 0
|
||||
Source2: https://cdn.kernel.org/pub/linux/kernel/v6.x/patch-%{version}.xz
|
||||
%endif
|
||||
Source3: rpi-6.1.x.patch
|
||||
|
||||
BuildRequires: kmod, patch, bash, coreutils, tar
|
||||
BuildRequires: bzip2, xz, findutils, gzip, m4, perl, perl-Carp, make, diffutils, gawk
|
||||
BuildRequires: gcc, binutils, redhat-rpm-config, hmaccalc
|
||||
BuildRequires: gcc, binutils, redhat-rpm-config, hmaccalc, git
|
||||
BuildRequires: net-tools, hostname, bc
|
||||
BuildRequires: elfutils-devel zlib-devel binutils-devel newt-devel python3-devel perl(ExtUtils::Embed) bison flex xz-devel
|
||||
BuildRequires: audit-libs-devel
|
||||
BuildRequires: pciutils-devel gettext ncurses-devel
|
||||
BuildRequires: openssl-devel
|
||||
%if %{with_tools}
|
||||
# kernel-tools
|
||||
BuildRequires: asciidoc
|
||||
%endif
|
||||
%if %{with_headers}
|
||||
BuildRequires: rsync
|
||||
%if 0%{?rhel} == 7
|
||||
BuildRequires: devtoolset-8-build
|
||||
BuildRequires: devtoolset-8-binutils
|
||||
BuildRequires: devtoolset-8-gcc
|
||||
BuildRequires: devtoolset-8-make
|
||||
%endif
|
||||
|
||||
# Compile with SELinux but disable per default
|
||||
Patch100: bcm2709_selinux_config.patch
|
||||
Patch101: bcm2711_selinux_config.patch
|
||||
|
||||
%description
|
||||
Specific kernel and bootcode for Raspberry Pi
|
||||
|
||||
@ -76,7 +74,6 @@ Specific kernel and bootcode for Raspberry Pi
|
||||
Group: System Environment/Kernel
|
||||
Summary: The Linux kernel
|
||||
Provides: kernel = %{version}-%{release}
|
||||
Provides: installonlypkg(kernel)
|
||||
Requires: coreutils
|
||||
#Requires: dracut
|
||||
|
||||
@ -86,12 +83,12 @@ Linux operating system. The kernel handles the basic functions
|
||||
of the operating system: memory allocation, process allocation, device
|
||||
input and output, etc.
|
||||
|
||||
|
||||
%package kernel%{?ksuffix}-devel
|
||||
Group: System Environment/Kernel
|
||||
Summary: Development package for building kernel modules to match the kernel
|
||||
Provides: kernel-devel = %{version}-%{release}
|
||||
Provides: kernel-devel-uname-r = %{version}-%{release}
|
||||
Provides: installonlypkg(kernel)
|
||||
Autoreq: no
|
||||
Requires(pre): findutils
|
||||
Requires: findutils
|
||||
@ -101,46 +98,7 @@ Requires: perl-interpreter
|
||||
This package provides kernel headers and makefiles sufficient to build modules
|
||||
against the kernel package.
|
||||
|
||||
%if %{with_tools}
|
||||
%package kernel%{?ksuffix}-tools
|
||||
Summary: Assortment of tools for the Linux kernel
|
||||
Provides: cpupowerutils = 1:009-0.6.p1
|
||||
Obsoletes: cpupowerutils < 1:009-0.6.p1
|
||||
Provides: cpufreq-utils = 1:009-0.6.p1
|
||||
Provides: cpufrequtils = 1:009-0.6.p1
|
||||
Obsoletes: cpufreq-utils < 1:009-0.6.p1
|
||||
Obsoletes: cpufrequtils < 1:009-0.6.p1
|
||||
Obsoletes: cpuspeed < 1:1.5-16
|
||||
Requires: %{name}-kernel%{?ksuffix}-tools-libs = %{version}-%{release}
|
||||
Obsoletes: kernel-tools < %{version}
|
||||
Provides: kernel-tools = %{version}-%{release}
|
||||
%define __requires_exclude ^%{_bindir}/python
|
||||
%description kernel%{?ksuffix}-tools
|
||||
This package contains the tools/ directory from the kernel source
|
||||
and the supporting documentation.
|
||||
|
||||
%package kernel%{?ksuffix}-tools-libs
|
||||
Summary: Libraries for the kernels-tools
|
||||
Obsoletes: kernel-tools-libs < %{version}
|
||||
Provides: kernel-tools-libs = %{version}-%{release}
|
||||
%description kernel%{?ksuffix}-tools-libs
|
||||
This package contains the libraries built from the tools/ directory
|
||||
from the kernel source.
|
||||
|
||||
%package kernel%{?ksuffix}-tools-libs-devel
|
||||
Summary: Assortment of tools for the Linux kernel
|
||||
Requires: %{name}-kernel%{?ksuffix}-tools = %{version}-%{release}
|
||||
Provides: cpupowerutils-devel = 1:009-0.6.p1
|
||||
Obsoletes: cpupowerutils-devel < 1:009-0.6.p1
|
||||
Requires: %{name}-kernel%{?ksuffix}-tools-libs = %{version}-%{release}
|
||||
Obsoletes: kernel-tools-libs-devel < %{version}
|
||||
Provides: kernel-tools-libs-devel = %{version}-%{release}
|
||||
%description kernel%{?ksuffix}-tools-libs-devel
|
||||
This package contains the development files for the tools/ directory from
|
||||
the kernel source.
|
||||
%endif
|
||||
|
||||
%if %{with_firmware}
|
||||
%package firmware
|
||||
Summary: GPU firmware for the Raspberry Pi computer
|
||||
License: Redistributable, with restrictions; see LICENSE.broadcom
|
||||
@ -152,32 +110,30 @@ Provides: grubby=8.40-10
|
||||
%description firmware
|
||||
This package contains the GPU firmware for the Raspberry Pi BCM2835 SOC
|
||||
including the kernel bootloader.
|
||||
%endif
|
||||
|
||||
%if %{with_headers}
|
||||
%package kernel%{?ksuffix}-headers
|
||||
Obsoletes: kernel-headers < %{version}
|
||||
Provides: kernel-headers = %{version}-%{release}
|
||||
Obsoletes: glibc-kernheaders < 3.0-46
|
||||
Provides: glibc-kernheaders = 3.0-46
|
||||
Summary: Header files for the Linux kernel for use by glibc
|
||||
|
||||
%description kernel%{?ksuffix}-headers
|
||||
Kernel-headers includes the C header files that specify the interface
|
||||
between the Linux kernel and userspace libraries and programs. The
|
||||
header files define structures and constants that are needed for
|
||||
building most standard programs and are also needed for rebuilding the
|
||||
glibc package.
|
||||
%endif
|
||||
|
||||
%prep
|
||||
%setup -q -n linux-%{version_tag}
|
||||
%patch -P 1 -p1
|
||||
%patch -P 100 -p1
|
||||
%patch -P 101 -p1
|
||||
%if 0%{?rhel} == 7
|
||||
source scl_source enable devtoolset-8 || :
|
||||
%endif
|
||||
%setup -q -n linux-%{kversion}
|
||||
git init
|
||||
git config user.email "kernel-team@fedoraproject.org"
|
||||
git config user.name "Fedora Kernel Team"
|
||||
git config gc.auto 0
|
||||
git add .
|
||||
git commit -a -q -m "baseline"
|
||||
%if %{patchlevel} > 0
|
||||
xzcat %{SOURCE2} | patch -p1 -F1 -s
|
||||
git commit -a -q -m "%{version}"
|
||||
%endif
|
||||
git am %{SOURCE3}
|
||||
|
||||
git am %{PATCH100}
|
||||
git am %{PATCH101}
|
||||
|
||||
perl -p -i -e "s/^EXTRAVERSION.*/EXTRAVERSION = -%{release}/" Makefile
|
||||
perl -p -i -e "s/^CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION=/" arch/%{Arch}/configs/bcm2711_defconfig
|
||||
perl -p -i -e "s/^CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION=/" arch/%{Arch}/configs/bcm2712_defconfig
|
||||
perl -p -i -e "s/^CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION=/" arch/%{Arch}/configs/bcm%{bcmmodel}_defconfig
|
||||
|
||||
%if 0%{?rhel} >= 8
|
||||
# Mangle /usr/bin/python shebangs to /usr/bin/python3
|
||||
@ -185,50 +141,39 @@ perl -p -i -e "s/^CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION=/" arch/%{Arch}/con
|
||||
# -p preserves timestamps
|
||||
# -n prevents creating ~backup files
|
||||
# -i specifies the interpreter for the shebang
|
||||
%{pathfix} -pni "%{__python3} %{py3_shbang_opts}" scripts/
|
||||
%{pathfix} -pni "%{__python3} %{py3_shbang_opts}" scripts/diffconfig scripts/bloat-o-meter scripts/show_delta scripts/jobserver-exec
|
||||
%{pathfix} -pni "%{__python3} %{py3_shbang_opts}" tools/ tools/perf/scripts/python/*.py tools/kvm/kvm_stat/kvm_stat scripts/clang-tools/*.py
|
||||
pathfix.py -pni "%{__python3} %{py3_shbang_opts}" scripts/
|
||||
pathfix.py -pni "%{__python3} %{py3_shbang_opts}" scripts/diffconfig scripts/bloat-o-meter scripts/show_delta scripts/jobserver-exec
|
||||
pathfix.py -pni "%{__python3} %{py3_shbang_opts}" tools/ tools/perf/scripts/python/*.py tools/kvm/kvm_stat/kvm_stat scripts/clang-tools/*.py
|
||||
%endif
|
||||
|
||||
# This Prevents scripts/setlocalversion from mucking with our version numbers.
|
||||
touch .scmversion
|
||||
git commit -a -q -m "modifs"
|
||||
|
||||
%build
|
||||
# 16K page-size kernel optimized (bcmmodel=2712) for RPi 5 is not built at the moment
|
||||
# to support both RPi 4 and 5.
|
||||
%if 0%{?rhel} == 7
|
||||
source scl_source enable devtoolset-8 || :
|
||||
%endif
|
||||
export KERNEL=kernel%{armtarget}
|
||||
make bcm%{bcmmodel}_defconfig
|
||||
%if %{with_up}
|
||||
make %{?_smp_mflags} HOSTCFLAGS="%{?build_cflags}" HOSTLDFLAGS="%{?build_ldflags}" %{build_image} modules dtbs
|
||||
%endif
|
||||
|
||||
# kernel-tools
|
||||
%if %{with_tools}
|
||||
make %{?_smp_mflags} -C tools/power/cpupower CPUFREQ_BENCH=false DEBUG=false
|
||||
pushd tools/thermal/tmon/
|
||||
make %{?_smp_mflags} HOSTCFLAGS="%{?build_cflags}" HOSTLDFLAGS="%{?build_ldflags}"
|
||||
popd
|
||||
pushd tools/iio/
|
||||
make %{?_smp_mflags} HOSTCFLAGS="%{?build_cflags}" HOSTLDFLAGS="%{?build_ldflags}"
|
||||
popd
|
||||
pushd tools/gpio/
|
||||
make %{?_smp_mflags} HOSTCFLAGS="%{?build_cflags}" HOSTLDFLAGS="%{?build_ldflags}"
|
||||
popd
|
||||
pushd tools/mm/
|
||||
make %{?_smp_mflags} HOSTCFLAGS="%{?build_cflags}" HOSTLDFLAGS="%{?build_ldflags}" slabinfo page_owner_sort
|
||||
popd
|
||||
%endif
|
||||
|
||||
%install
|
||||
%if %{with_up}
|
||||
%if 0%{?rhel} == 7
|
||||
source scl_source enable devtoolset-8 || :
|
||||
%endif
|
||||
# kernel
|
||||
mkdir -p %{buildroot}/boot/overlays/
|
||||
mkdir -p %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot/overlays
|
||||
cp -p -v COPYING %{buildroot}/boot/COPYING.linux-%{kversion}
|
||||
cp -p -v arch/%{Arch}/boot/dts/overlays/README %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot/overlays
|
||||
%ifarch aarch64
|
||||
cp -p -v arch/%{Arch}/boot/dts/broadcom/*.dtb %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot
|
||||
%else
|
||||
cp -p -v arch/%{Arch}/boot/dts/*.dtb %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot
|
||||
%endif
|
||||
cp -p -v arch/%{Arch}/boot/dts/overlays/*.dtb* %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot/overlays
|
||||
cp -p -v arch/%{Arch}/boot/dts/overlays/README %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot/overlays
|
||||
#scripts/mkknlimg arch/%{Arch}/boot/zImage %{buildroot}/boot/kernel-%{version}-%{release}.img
|
||||
cp -p -v arch/%{Arch}/boot/%{build_image} %{buildroot}/boot/kernel-%{version}-%{release}.img
|
||||
make INSTALL_MOD_PATH=%{buildroot} modules_install
|
||||
cat > %{buildroot}/boot/config-kernel-%{version}-%{release}.inc <<__EOF__
|
||||
@ -275,77 +220,21 @@ touch -r %{buildroot}$DevelDir/Makefile %{buildroot}$DevelDir/include/linux/vers
|
||||
ln -T -s $DevelDir %{buildroot}/lib/modules/%{version}-%{release}/build --force
|
||||
ln -T -s build %{buildroot}/lib/modules/%{version}-%{release}/source --force
|
||||
|
||||
%endif
|
||||
# kernel-firmware
|
||||
#rm .config
|
||||
#make INSTALL_FW_PATH=%{buildroot}/lib/firmware firmware_install
|
||||
|
||||
%if %{with_firmware}
|
||||
# firmware
|
||||
# precompiled GPU firmware and bootloader
|
||||
pushd %{buildroot}
|
||||
tar -xf %{_sourcedir}/%{firmware_tag}.tar.gz \
|
||||
firmware-%{firmware_tag}/boot/start* \
|
||||
firmware-%{firmware_tag}/boot/fixup* \
|
||||
firmware-%{firmware_tag}/boot/LICENCE.broadcom \
|
||||
firmware-%{firmware_tag}/boot/bootcode.bin \
|
||||
tar -xf %{_sourcedir}/%{commit_firmware_long}.tar.gz \
|
||||
firmware-%{commit_firmware_long}/boot/start* \
|
||||
firmware-%{commit_firmware_long}/boot/fixup* \
|
||||
firmware-%{commit_firmware_long}/boot/LICENCE.broadcom \
|
||||
firmware-%{commit_firmware_long}/boot/bootcode.bin \
|
||||
--strip-components=1
|
||||
%{__chmod} -x %{buildroot}/boot/start*.elf
|
||||
popd
|
||||
%endif
|
||||
|
||||
%if %{with_tools}
|
||||
# kernel-tools
|
||||
make -C tools/power/cpupower DESTDIR=$RPM_BUILD_ROOT libdir=%{_libdir} mandir=%{_mandir} CPUFREQ_BENCH=false install
|
||||
rm -f %{buildroot}%{_libdir}/*.{a,la}
|
||||
%find_lang cpupower
|
||||
|
||||
install -D -m644 %{SOURCE2000} %{buildroot}%{_unitdir}/cpupower.service
|
||||
install -D -m644 %{SOURCE2001} %{buildroot}%{_sysconfdir}/sysconfig/cpupower
|
||||
pushd tools/thermal/tmon
|
||||
make INSTALL_ROOT=%{buildroot} install
|
||||
popd
|
||||
pushd tools/iio
|
||||
make DESTDIR=%{buildroot} install
|
||||
popd
|
||||
pushd tools/gpio
|
||||
make DESTDIR=%{buildroot} install
|
||||
popd
|
||||
install -m644 -D %{SOURCE2002} %{buildroot}%{_sysconfdir}/logrotate.d/kvm_stat
|
||||
pushd tools/kvm/kvm_stat
|
||||
%{__make} INSTALL_ROOT=%{buildroot} install-tools
|
||||
%{__make} INSTALL_ROOT=%{buildroot} install-man
|
||||
install -m644 -D kvm_stat.service %{buildroot}%{_unitdir}/kvm_stat.service
|
||||
popd
|
||||
pushd tools/mm/
|
||||
install -m755 slabinfo %{buildroot}%{_bindir}/slabinfo
|
||||
install -m755 page_owner_sort %{buildroot}%{_bindir}/page_owner_sort
|
||||
popd
|
||||
%endif
|
||||
|
||||
%if %{with_headers}
|
||||
%{__make} ARCH=%{Arch} INSTALL_HDR_PATH=%{buildroot}/usr headers_install
|
||||
|
||||
find %{buildroot}/usr/include \
|
||||
\( -name .install -o -name .check -o \
|
||||
-name ..install.cmd -o -name ..check.cmd \) -delete
|
||||
%endif
|
||||
|
||||
%if %{with_tools}
|
||||
%post kernel%{?ksuffix}-tools
|
||||
%systemd_post cpupower.service
|
||||
|
||||
%preun kernel%{?ksuffix}-tools
|
||||
%systemd_preun cpupower.service
|
||||
|
||||
%postun kernel%{?ksuffix}-tools
|
||||
%systemd_postun cpupower.service
|
||||
|
||||
%post kernel%{?ksuffix}-tools-libs
|
||||
/sbin/ldconfig
|
||||
|
||||
%postun kernel%{?ksuffix}-tools-libs
|
||||
/sbin/ldconfig
|
||||
%endif
|
||||
|
||||
%if %{with_up}
|
||||
%files kernel%{?ksuffix}
|
||||
%defattr(-,root,root,-)
|
||||
/lib/modules/%{version}-%{release}
|
||||
@ -387,94 +276,21 @@ cp $(ls -1 /boot/config-kernel-*-*|sort -V|tail -1) /boot/config-kernel.inc
|
||||
%files kernel%{?ksuffix}-devel
|
||||
%defattr(-,root,root)
|
||||
/usr/src/kernels/%{version}-%{release}
|
||||
%endif
|
||||
|
||||
%if %{with_tools}
|
||||
%files kernel%{?ksuffix}-tools -f cpupower.lang
|
||||
%{_bindir}/cpupower
|
||||
%{_datadir}/bash-completion/completions/cpupower
|
||||
%{_unitdir}/cpupower.service
|
||||
%{_mandir}/man[1-8]/cpupower*
|
||||
%config(noreplace) %{_sysconfdir}/sysconfig/cpupower
|
||||
%{_bindir}/tmon
|
||||
%{_bindir}/iio_event_monitor
|
||||
%{_bindir}/iio_generic_buffer
|
||||
%{_bindir}/lsiio
|
||||
%{_bindir}/lsgpio
|
||||
%{_bindir}/gpio-hammer
|
||||
%{_bindir}/gpio-event-mon
|
||||
%{_bindir}/gpio-watch
|
||||
%{_mandir}/man1/kvm_stat*
|
||||
%{_bindir}/kvm_stat
|
||||
%{_unitdir}/kvm_stat.service
|
||||
%config(noreplace) %{_sysconfdir}/logrotate.d/kvm_stat
|
||||
%{_bindir}/page_owner_sort
|
||||
%{_bindir}/slabinfo
|
||||
|
||||
%files kernel%{?ksuffix}-tools-libs
|
||||
%{_libdir}/libcpupower.so.1
|
||||
%{_libdir}/libcpupower.so.0.0.1
|
||||
#%files kernel-firmware
|
||||
#%defattr(-,root,root)
|
||||
#/lib/firmware/*
|
||||
|
||||
%files kernel%{?ksuffix}-tools-libs-devel
|
||||
%{_libdir}/libcpupower.so
|
||||
%{_includedir}/cpufreq.h
|
||||
%{_includedir}/cpuidle.h
|
||||
%{_includedir}/powercap.h
|
||||
%endif
|
||||
|
||||
%if %{with_firmware}
|
||||
%files firmware
|
||||
%defattr(-,root,root,-)
|
||||
/boot/bootcode.bin
|
||||
/boot/fixup*
|
||||
/boot/start*
|
||||
%doc /boot/LICENCE.broadcom
|
||||
%endif
|
||||
|
||||
%if %{with_headers}
|
||||
%files kernel%{?ksuffix}-headers
|
||||
/usr/include/*
|
||||
%exclude %{_includedir}/cpufreq.h
|
||||
%exclude %{_includedir}/internal/
|
||||
%exclude %{_includedir}/perf/
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Nov 12 2024 Koichiro Iwao <meta@almalinux.org> - 6.11.7-20241110.v8.1
|
||||
- Update kernel to v6.11.7 20241110 efda653d
|
||||
|
||||
* Fri Nov 08 2024 Koichiro Iwao <meta@almalinux.org> - 6.6.51-20241008.v8.2
|
||||
- Fix build for AL10 Kitten
|
||||
|
||||
* Mon Oct 21 2024 Koichiro Iwao <meta@almalinux.org> - 6.6.51-20241008.v8.1
|
||||
- Update kernel to version v6.6.51 stable_20241008
|
||||
- Update firmware to 1.20241008
|
||||
|
||||
* Thu Sep 05 2024 Koichiro Iwao <meta@almalinux.org> - 6.6.31-20240529.v8.4
|
||||
- Add kernel-headers subpackage
|
||||
|
||||
* Fri Aug 30 2024 Andrew Lukoshko <alukoshko@almalinux.org> - 6.6.31-20240529.v8.3
|
||||
- Fix kernel-tools dependencies
|
||||
|
||||
* Thu Jun 20 2024 Koichiro Iwao <meta@almalinux.org> - 6.6.31-20240529.v8.2
|
||||
- Add kernel-tools to optimize CPU clock (cpupower.service)
|
||||
|
||||
* Mon Jun 10 2024 Koichiro Iwao <meta@almalinux.org> - 6.6.31-20240529.v8.1
|
||||
- Update to v6.6.31 stable_20240529
|
||||
|
||||
* Tue Jun 04 2024 Koichiro Iwao <meta@almalinux.org> - 6.6.28-20240423.v8.2
|
||||
- Add installonlypkg(kernel) to kernel and -devel subpackages
|
||||
Resolves: https://github.com/AlmaLinux/raspberry-pi/issues/39
|
||||
See also: https://src.fedoraproject.org/rpms/kernel/c/aba3940
|
||||
|
||||
* Thu May 30 2024 Koichiro Iwao <meta@almalinux.org> - 6.6.28-20240423.v8.1
|
||||
- Update to version v6.6.28
|
||||
- Support both Raspberry Pi 4 and 5
|
||||
- Refine package based on Linux for Raspberry Pi (raspberrypi/linux)
|
||||
- Generate gzip compressed kernel image
|
||||
- Drop armv7hl support
|
||||
- Drop EL7 support
|
||||
|
||||
* Sun Jun 04 2023 Pablo Greco <pgreco@centosproject.org> - 6.1.31
|
||||
- Update to version v6.1.31
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user