rpms/ignition
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Add patch for fixing the vmware kernel lockdown

Browse Source
This commit is contained in:
Sohan Kunkerkar 2022-03-17 11:05:39 -04:00 committed by Sohan Kunkerkar
parent d9634e2f56
commit 14ad4c5490
2 changed files with 47 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ignition.spec
View File

@ -19,7 +19,7 @@ Version: 2.13.0
%global dracutlibdir %{_prefix}/lib/dracut %global dracutlibdir %{_prefix}/lib/dracut
Name: ignition Name: ignition
Release: 4%{?dist} Release: 5%{?dist}
Summary: First boot installer and configuration tool Summary: First boot installer and configuration tool
# Upstream license specification: Apache-2.0 # Upstream license specification: Apache-2.0
@ -28,6 +28,9 @@ URL: %{gourl}
Source0: %{gosource} Source0: %{gosource}
# https://github.com/coreos/ignition/pull/1307 # https://github.com/coreos/ignition/pull/1307
Patch0: luks-volume-reuse.patch Patch0: luks-volume-reuse.patch
# vmware: kernel_lockdown breaks guestinfo fetching
# https://github.com/coreos/ignition/issues/1092
Patch1: vendor-vmw-guestinfo-quickfix-to-skip-performing-iop.patch
BuildRequires: libblkid-devel BuildRequires: libblkid-devel
@ -329,6 +332,9 @@ install -p -m 0755 ./ignition %{buildroot}/%{dracutlibdir}/modules.d/30ignition
%endif %endif
%changelog %changelog
* Thu Mar 17 2022 Sohan Kunkerkar <skunkerk@redhat.com> - 2.13.0-5
- Avoid kernel lockdown on VMware when running with secure boot
* Fri Jan 28 2022 Benjamin Gilbert <bgilbert@redhat.com> - 2.13.0-4 * Fri Jan 28 2022 Benjamin Gilbert <bgilbert@redhat.com> - 2.13.0-4
- Rename -validate-nonlinux subpackage to -validate-redistributable - Rename -validate-nonlinux subpackage to -validate-redistributable
- Add static Linux binaries to -redistributable - Add static Linux binaries to -redistributable

40
vendor-vmw-guestinfo-quickfix-to-skip-performing-iop.patch Normal file
View File

@ -0,0 +1,40 @@
From 069ab246129be6860aed3389c526543afa87e712 Mon Sep 17 00:00:00 2001
From: Luca BRUNO <luca.bruno@coreos.com>
Date: Thu, 17 Sep 2020 16:07:59 +0000
Subject: [PATCH] vendor/vmw-guestinfo: quickfix to skip performing iopl
This is a quickfix to avoid performing an `iopl`, which is blocked by
kernel_lockdown under SecureBoot.
Refs:
* https://bugzilla.redhat.com/show_bug.cgi?id=1877995
* https://github.com/lucab/vmw_backdoor-rs/issues/6
* https://github.com/coreos/ignition/issues/1092
---
.../vmware/vmw-guestinfo/vmcheck/vmcheck.go | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck.go b/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck.go
index c46cc5e4..ffd866c0 100644
--- a/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck.go
+++ b/vendor/github.com/vmware/vmw-guestinfo/vmcheck/vmcheck.go
@@ -41,10 +41,13 @@ func IsVirtualWorld() (bool, error) {
// hypervisorPortCheck tests the availability of the HV port.
func hypervisorPortCheck() (bool, error) {
- // Privilege level 3 to access all ports above 0x3ff
- if err := openPortsAccess(); err != nil {
- return false, err
- }
+ // XXX(lucab): quickfix for https://github.com/coreos/ignition/issues/1092.
+ /*
+ // Privilege level 3 to access all ports above 0x3ff
+ if err := openPortsAccess(); err != nil {
+ return false, err
+ }
+ */
p := &bdoor.BackdoorProto{}
--
2.21.1