Compare commits

..

No commits in common. "c10s" and "c8" have entirely different histories.
c10s ... c8

33 changed files with 179509 additions and 2 deletions

12
.gitignore vendored
View File

@ -1,2 +1,10 @@
*.xz
*.bz2
SOURCES/centossecureboot201.cer
SOURCES/centossecurebootca2.cer
SOURCES/linux-4.18.0-553.30.1.rt7.371.el8_10.tar.xz
SOURCES/redhatsecureboot302.cer
SOURCES/redhatsecureboot303.cer
SOURCES/redhatsecureboot501.cer
SOURCES/redhatsecurebootca3.cer
SOURCES/redhatsecurebootca7.cer
SOURCES/rheldup3.x509
SOURCES/rhelkpatch1.x509

10
.kernel-rt.metadata Normal file
View File

@ -0,0 +1,10 @@
2ba40bf9138b48311e5aa1b737b7f0a8ad66066f SOURCES/centossecureboot201.cer
bfdb3d7cffc43f579655af5155d50c08671d95e5 SOURCES/centossecurebootca2.cer
928c694f90de62818f208f6d5a816f9f65de2244 SOURCES/linux-4.18.0-553.30.1.rt7.371.el8_10.tar.xz
13e5cd3f856b472fde80a4deb75f4c18dfb5b255 SOURCES/redhatsecureboot302.cer
e89890ca0ded2f9058651cc5fa838b78db2e6cc2 SOURCES/redhatsecureboot303.cer
ba0b760e594ff668ee72ae348adf3e49b97f75fb SOURCES/redhatsecureboot501.cer
cf9230e69000076727e5b784ec871d22716dc5da SOURCES/redhatsecurebootca3.cer
905d91a282727c7f5ad433a49ac42a0772311c6a SOURCES/redhatsecurebootca7.cer
95b9b811c7b0a6c98b2eafc4e7d6d24f2cb63289 SOURCES/rheldup3.x509
d90885108d225a234a5a9d054fc80893a5bd54d0 SOURCES/rhelkpatch1.x509

3
SOURCES/cpupower.config Normal file
View File

@ -0,0 +1,3 @@
# See 'cpupower help' and cpupower(1) for more info
CPUPOWER_START_OPTS="frequency-set -g performance"
CPUPOWER_STOP_OPTS="frequency-set -g ondemand"

13
SOURCES/cpupower.service Normal file
View File

@ -0,0 +1,13 @@
[Unit]
Description=Configure CPU power related settings
After=syslog.target
[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/sysconfig/cpupower
ExecStart=/usr/bin/cpupower $CPUPOWER_START_OPTS
ExecStop=/usr/bin/cpupower $CPUPOWER_STOP_OPTS
[Install]
WantedBy=multi-user.target

18
SOURCES/filter-aarch64.sh Normal file
View File

@ -0,0 +1,18 @@
#! /bin/bash
# This is the aarch64 override file for the core/drivers package split. The
# module directories listed here and in the generic list in filter-modules.sh
# will be moved to the resulting kernel-modules package for this arch.
# Anything not listed in those files will be in the kernel-core package.
#
# Please review the default list in filter-modules.sh before making
# modifications to the overrides below. If something should be removed across
# all arches, remove it in the default instead of per-arch.
driverdirs="atm auxdisplay bcma bluetooth firewire fmc infiniband isdn leds media memstick message mmc mtd mwave nfc ntb pcmcia platform power ssb staging tty uio uwb w1"
ethdrvs="3com adaptec arc alteon atheros broadcom cadence calxeda chelsio cisco dec dlink emulex icplus marvell micrel myricom neterion nvidia oki-semi packetengines qlogic rdc renesas sfc silan sis smsc stmicro sun tehuti ti via wiznet xircom"
drmdrvs="amd arm bridge ast exynos hisilicon i2c imx mgag200 meson msm nouveau panel radeon rockchip tegra sun4i tinydrm vc4"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qedi qla1280 9pnet_rdma rpcrdma nvmet-rdma nvme-rdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user sbp_target cxgbit iw_cxgb3 iw_cxgb4 cxgb3i cxgb3i cxgb3i_ddp cxgb4i chcr"

154
SOURCES/filter-modules.sh Executable file
View File

@ -0,0 +1,154 @@
#! /bin/bash
#
# Called as filter-modules.sh list-of-modules Arch
# This script filters the modules into the kernel-core and kernel-modules
# subpackages. We list out subsystems/subdirs to prune from the installed
# module directory. What is left is put into the kernel-core package. What is
# pruned is contained in the kernel-modules package.
#
# This file contains the default subsys/subdirs to prune from all architectures.
# If an architecture needs to differ, we source a per-arch filter-<arch>.sh file
# that contains the set of override lists to be used instead. If a module or
# subsys should be in kernel-modules on all arches, please change the defaults
# listed here.
# Set the default dirs/modules to filter out
driverdirs="atm auxdisplay bcma bluetooth firewire fmc iio infiniband isdn leds media memstick mfd mmc mtd nfc ntb pcmcia platform power ssb staging tty uio uwb w1 virt"
chardrvs="mwave pcmcia"
netdrvs="appletalk can dsa hamradio ieee802154 irda ppp slip usb wireless"
ethdrvs="3com adaptec alteon amd aquantia atheros broadcom cadence calxeda chelsio cisco dec dlink emulex icplus marvell neterion nvidia oki-semi packetengines qlogic rdc renesas sfc silan sis smsc stmicro sun tehuti ti wiznet xircom"
inputdrvs="gameport tablet touchscreen"
scsidrvs="aacraid aic7xxx aic94xx be2iscsi bfa bnx2i bnx2fc csiostor cxgbi esas2r fcoe fnic hisi_sas isci libsas lpfc megaraid mpt2sas mpt3sas mvsas pm8001 qla2xxx qla4xxx sym53c8xx_2 ufs qedf"
usbdrvs="atm image misc serial wusbcore"
fsdrvs="affs befs cifs coda cramfs ecryptfs hfs hfsplus jfs minix ncpfs nilfs2 ocfs2 reiserfs romfs squashfs sysv ubifs ufs"
netprots="6lowpan appletalk atm ax25 batman-adv bluetooth can dccp dsa ieee802154 irda l2tp mac80211 mac802154 mpls netrom nfc rds rfkill rose sctp smc wireless"
drmdrvs="amd ast gma500 i2c i915 mgag200 nouveau radeon via "
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qedi qla1280 9pnet_rdma rpcrdma nvmet-rdma nvme-rdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject hid-sensor-hub target_core_user sbp_target cxgbit iw_cxgb3 iw_cxgb4 cxgb3i cxgb3i cxgb3i_ddp cxgb4i chcr parport_serial ism xt_u32 act_ct"
# Grab the arch-specific filter list overrides
source ./filter-$2.sh
filter_dir() {
filelist=$1
dir=$2
grep -v -e "${dir}/" ${filelist} > ${filelist}.tmp
if [ $? -ne 0 ]
then
echo "Couldn't remove ${dir}. Skipping."
else
grep -e "${dir}/" ${filelist} >> k-d.list
mv ${filelist}.tmp $filelist
fi
return 0
}
filter_ko() {
filelist=$1
mod=$2
grep -v -e "${mod}.ko" ${filelist} > ${filelist}.tmp
if [ $? -ne 0 ]
then
echo "Couldn't remove ${mod}.ko Skipping."
else
grep -e "${mod}.ko" ${filelist} >> k-d.list
mv ${filelist}.tmp $filelist
fi
return 0
}
# Filter the drivers/ subsystems
for subsys in ${driverdirs}
do
filter_dir $1 drivers/${subsys}
done
# Filter the networking drivers
for netdrv in ${netdrvs}
do
filter_dir $1 drivers/net/${netdrv}
done
# Filter the char drivers
for char in ${chardrvs}
do
filter_dir $1 drivers/char/${input}
done
# Filter the ethernet drivers
for eth in ${ethdrvs}
do
filter_dir $1 drivers/net/ethernet/${eth}
done
# SCSI
for scsi in ${scsidrvs}
do
filter_dir $1 drivers/scsi/${scsi}
done
# Input
for input in ${inputdrvs}
do
filter_dir $1 drivers/input/${input}
done
# USB
for usb in ${usbdrvs}
do
filter_dir $1 drivers/usb/${usb}
done
# Filesystems
for fs in ${fsdrvs}
do
filter_dir $1 fs/${fs}
done
# Network protocols
for prot in ${netprots}
do
filter_dir $1 kernel/net/${prot}
done
# DRM
for drm in ${drmdrvs}
do
filter_dir $1 drivers/gpu/drm/${drm}
done
# Just kill sound.
filter_dir $1 kernel/sound
filter_ko $1 drivers/base/regmap/regmap-sdw
filter_ko $1 drivers/base/regmap/regmap-sdw-mbq
filter_dir $1 drivers/soundwire
# Now go through and filter any single .ko files that might have deps on the
# things we filtered above
for mod in ${singlemods}
do
filter_ko $1 ${mod}
done
# Go through our generated drivers list and remove the .ko files. We'll
# restore them later.
for mod in `cat k-d.list`
do
rm -rf $mod
done

14
SOURCES/filter-ppc64le.sh Normal file
View File

@ -0,0 +1,14 @@
#! /bin/bash
# This is the ppc64le override file for the core/drivers package split. The
# module directories listed here and in the generic list in filter-modules.sh
# will be moved to the resulting kernel-modules package for this arch.
# Anything not listed in those files will be in the kernel-core package.
#
# Please review the default list in filter-modules.sh before making
# modifications to the overrides below. If something should be removed across
# all arches, remove it in the default instead of per-arch.
driverdirs="atm auxdisplay bcma bluetooth firewire fmc infiniband isdn leds media memstick message mmc mtd mwave nfc ntb pcmcia platform power ssb staging tty uio uwb w1"
singlemods="ntb_netdev iscsi_ibft iscsi_boot_sysfs megaraid pmcraid qedi qla1280 9pnet_rdma rpcrdma nvmet-rdma nvme-rdma hid-picolcd hid-prodikeys hwa-hc hwpoison-inject target_core_user sbp_target cxgbit iw_cxgb3 iw_cxgb4 cxgb3i cxgb3i cxgb3i_ddp cxgb4i chcr"

12
SOURCES/filter-s390x.sh Normal file
View File

@ -0,0 +1,12 @@
#! /bin/bash
# This is the s390x override file for the core/drivers package split. The
# module directories listed here and in the generic list in filter-modules.sh
# will be moved to the resulting kernel-modules package for this arch.
# Anything not listed in those files will be in the kernel-core package.
#
# Please review the default list in filter-modules.sh before making
# modifications to the overrides below. If something should be removed across
# all arches, remove it in the default instead of per-arch.
# Defaults work so no need to override

12
SOURCES/filter-x86_64.sh Normal file
View File

@ -0,0 +1,12 @@
#! /bin/bash
# This is the x86_64 override file for the core/drivers package split. The
# module directories listed here and in the generic list in filter-modules.sh
# will be moved to the resulting kernel-modules package for this arch.
# Anything not listed in those files will be in the kernel-core package.
#
# Please review the default list in filter-modules.sh before making
# modifications to the overrides below. If something should be removed across
# all arches, remove it in the default instead of per-arch.
# Defaults work so no need to override

6
SOURCES/gating.yaml Normal file
View File

@ -0,0 +1,6 @@
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: cki.tier1-x86_64.functional}

View File

@ -0,0 +1,6 @@
#!/bin/sh
for i in ${NAME}-*.config; do
NEW=${NAME}-${VERSION}-$(echo $i | sed -e "s/${NAME}//" | cut -d - -f2-)
mv ${i} ${NEW}
done

31
SOURCES/generate_bls_conf.sh Executable file
View File

@ -0,0 +1,31 @@
#!/bin/bash
set -e
. /etc/os-release
kernelver=$1 && shift
rootfs=$1 && shift
variant=$1 && shift
output="${rootfs}/lib/modules/${kernelver}/bls.conf"
date=$(date -u +%Y%m%d%H%M%S)
if [ "${variant:-5}" = "debug" ]; then
debugname=" with debugging"
debugid="-debug"
else
debugname=""
debugid=""
fi
cat >${output} <<EOF
title ${NAME} (${kernelver}) ${VERSION}${debugname}
version ${kernelver}${debugid}
linux ${bootprefix}/vmlinuz-${kernelver}
initrd ${bootprefix}/initramfs-${kernelver}.img
options \$kernelopts
id ${ID}-${date}-${kernelver}${debugid}
grub_users \$grub_users
grub_arg --unrestricted
grub_class kernel${variant}
EOF

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@ -0,0 +1,11 @@
/var/log/kvm_stat.csv {
size 10M
missingok
compress
maxage 30
rotate 5
nodateext
postrotate
/usr/bin/systemctl try-restart kvm_stat.service
endscript
}

View File

152
SOURCES/mod-blacklist.sh Executable file
View File

@ -0,0 +1,152 @@
#! /bin/bash
RpmDir=$1
ModDir=$2
Dir="$1/$2"
# Note the list filename must have the format mod-[PACKAGE].list, for example,
# mod-internal.list or mod-extra.list. The PACKAGE is used to create a
# override directory for the modules.
List=$3
Dest="$4"
blacklist()
{
cat > "$RpmDir/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__
# This kernel module can be automatically loaded by non-root users. To
# enhance system security, the module is blacklisted by default to ensure
# system administrators make the module available for use as needed.
# See https://access.redhat.com/articles/3760101 for more details.
#
# Remove the blacklist by adding a comment # at the start of the line.
blacklist $1
__EOF__
}
check_blacklist()
{
mod=$(find $RpmDir/$ModDir -name "$1")
[ ! "$mod" ] && return 0
if modinfo $mod | grep -q '^alias:\s\+net-'; then
mod="${1##*/}"
mod="${mod%.ko*}"
echo "$mod has an alias that allows auto-loading. Blacklisting."
blacklist "$mod"
fi
}
find_depends()
{
dep=$1
depends=`modinfo $dep | sed -n -e "/^depends/ s/^depends:[ \t]*//p"`
[ -z "$depends" ] && exit
for mod in ${depends//,/ }
do
match=$(grep "^$mod.ko" "$ListName")
[ -z "$match" ] && continue
# check if the module we are looking at is in mod-* too.
# if so we do not need to mark the dep as required.
mod2=${dep##*/} # same as `basename $dep`, but faster
match2=$(grep "^$mod2" "$ListName")
if [ -n "$match2" ]
then
#echo $mod2 >> notreq.list
continue
fi
echo $mod.ko >> req.list
done
}
foreachp()
{
P=$(nproc)
bgcount=0
while read mod; do
$1 "$mod" &
bgcount=$((bgcount + 1))
if [ $bgcount -eq $P ]; then
wait -n
bgcount=$((bgcount - 1))
fi
done
wait
}
# Destination was specified on the command line
test -n "$4" && echo "$0: Override Destination $Dest has been specified."
pushd $Dir
OverrideDir=$(basename $List)
OverrideDir=${OverrideDir%.*}
OverrideDir=${OverrideDir#*-}
mkdir -p $OverrideDir
rm -rf modnames
find . -name "*.ko" -type f > modnames
# Look through all of the modules, and throw any that have a dependency in
# our list into the list as well.
rm -rf dep.list dep2.list
rm -rf req.list req2.list
touch dep.list req.list
cp "$List" .
# This variable needs to be exported because it is used in sub-script
# executed by xargs
export ListName=$(basename "$List")
foreachp find_depends < modnames
sort -u req.list > req2.list
sort -u "$ListName" > modules2.list
join -v 1 modules2.list req2.list > modules3.list
for mod in $(cat modules3.list)
do
# get the path for the module
modpath=`grep /$mod modnames`
[ -z "$modpath" ] && continue
echo $modpath >> dep.list
done
sort -u dep.list > dep2.list
if [ -n "$Dest" ]; then
# now move the modules into the $Dest directory
for mod in `cat dep2.list`
do
newpath=`dirname $mod | sed -e "s/kernel\\//$Dest\//"`
mkdir -p $newpath
mv $mod $newpath
echo $mod | sed -e "s/kernel\\//$Dest\//" | sed -e "s|^.|${ModDir}|g" >> $RpmDir/$ListName
done
fi
popd
# If we're signing modules, we can't leave the .mod files for the .ko files
# we've moved in .tmp_versions/. Remove them so the Kbuild 'modules_sign'
# target doesn't try to sign a non-existent file. This is kinda ugly, but
# so are the modules-* packages.
for mod in `cat ${Dir}/dep2.list`
do
modfile=`basename $mod | sed -e 's/.ko/.mod/'`
rm .tmp_versions/$modfile
done
if [ ! -n "$Dest" ]; then
sed -e "s|^.|${ModDir}|g" ${Dir}/dep2.list > $RpmDir/$ListName
echo "./$RpmDir/$ListName created."
[ -d "$RpmDir/etc/modprobe.d/" ] || mkdir -p "$RpmDir/etc/modprobe.d/"
foreachp check_blacklist < $List
fi
# avoid an empty kernel-extra package
echo "$ModDir/$OverrideDir" >> $RpmDir/$ListName
pushd $Dir
rm modnames dep.list dep2.list req.list req2.list
rm "$ListName" modules2.list modules3.list
popd

198
SOURCES/mod-extra.list Normal file
View File

@ -0,0 +1,198 @@
6pack.ko
a3d.ko
act200l-sir.ko
actisys-sir.ko
act_mpls.ko
act_ct.ko
adi.ko
aer_inject.ko
af_802154.ko
affs.ko
ali-ircc.ko
analog.ko
appletalk.ko
atm.ko
avma1_cs.ko
avm_cs.ko
avmfritz.ko
ax25.ko
b1.ko
bareudp.ko
bas_gigaset.ko
batman-adv.ko
baycom_par.ko
baycom_ser_fdx.ko
baycom_ser_hdx.ko
befs.ko
bpqether.ko
br2684.ko
capi.ko
c_can.ko
c_can_platform.ko
clip.ko
cobra.ko
coda.ko
cuse.ko
db9.ko
dccp_diag.ko
dccp_ipv4.ko
dccp_ipv6.ko
dccp.ko
dccp_probe.ko
diva_idi.ko
divas.ko
ds1wm.ko
ds2482.ko
ds2490.ko
dss1_divert.ko
elsa_cs.ko
ems_pci.ko
ems_usb.ko
esd_usb2.ko
esi-sir.ko
gamecon.ko
gf2k.ko
gigaset.ko
girbil-sir.ko
grip.ko
grip_mp.ko
guillemot.ko
hdlcdrv.ko
hfc4s8s_l1.ko
hfcmulti.ko
hfcpci.ko
hisax.ko
hwa-rc.ko
hysdn.ko
i2400m.ko
i2400m-sdio.ko
i2400m-usb.ko
ieee802154.ko
iforce.ko
interact.ko
ipddp.ko
ipx.ko
ip_vs_mh.ko
isdn.ko
joydump.ko
kingsun-sir.ko
ks959-sir.ko
ksdazzle-sir.ko
kvaser_pci.ko
l2tp_core.ko
l2tp_debugfs.ko
l2tp_eth.ko
l2tp_ip.ko
l2tp_netlink.ko
l2tp_ppp.ko
lec.ko
ma600-sir.ko
magellan.ko
mcp2120-sir.ko
mISDN_core.ko
mISDN_dsp.ko
mkiss.ko
mptbase.ko
mptctl.ko
mptfc.ko
nci.ko
ncpfs.ko
netjet.ko
netrom.ko
nfc.ko
nilfs2.ko
ocfs2_dlmfs.ko
ocfs2_dlm.ko
ocfs2.ko
ocfs2_nodemanager.ko
ocfs2_stackglue.ko
ocfs2_stack_o2cb.ko
ocfs2_stack_user.ko
old_belkin-sir.ko
orinoco_cs.ko
orinoco.ko
orinoco_nortel.ko
orinoco_pci.ko
orinoco_plx.ko
orinoco_usb.ko
plx_pci.ko
pn_pep.ko
pppoatm.ko
rds.ko
rds_rdma.ko
rds_tcp.ko
rose.ko
sch_atm.ko
sch_cbq.ko
sch_cbs.ko
sch_choke.ko
sch_drr.ko
sch_dsmark.ko
sch_ets.ko
sch_gred.ko
sch_mqprio.ko
sch_multiq.ko
sch_netem.ko
sch_qfq.ko
sch_red.ko
sch_sfb.ko
sch_teql.ko
sctp.ko
sctp_diag.ko
sidewinder.ko
sja1000.ko
sja1000_platform.ko
slcan.ko
slip.ko
softing_cs.ko
softing.ko
spaceball.ko
spaceorb.ko
stinger.ko
sysv.ko
tcp_bic.ko
tcp_highspeed.ko
tcp_htcp.ko
tcp_hybla.ko
tcp_illinois.ko
tcp_lp.ko
tcp_scalable.ko
tcp_vegas.ko
tcp_veno.ko
tcp_westwood.ko
tcp_yeah.ko
tekram-sir.ko
tmdc.ko
toim3232-sir.ko
trancevibrator.ko
turbografx.ko
twidjoy.ko
ubifs.ko
ufs.ko
umc.ko
usbip-core.ko
usbip-host.ko
uwb.ko
vcan.ko
vhci-hcd.ko
w1_bq27000.ko
w1_ds2408.ko
w1_ds2423.ko
w1_ds2431.ko
w1_ds2433.ko
w1_ds2760.ko
w1_ds2780.ko
w1_ds2781.ko
w1_ds28e04.ko
w1_smem.ko
w1_therm.ko
w6692.ko
walkera0701.ko
wanrouter.ko
warrior.ko
whci.ko
wire.ko
xpad.ko
xt_u32.ko
yam.ko
zhenhua.ko

66
SOURCES/mod-internal.list Normal file
View File

@ -0,0 +1,66 @@
dmatest
kunit
kunit-test
ext4-inode-test
list-test
sysctl-test
mptcp_crypto_test
mptcp_token_test
bitfield_kunit
cmdline_kunit
property-entry-test
qos-test
resource_kunit
soc-topology-test
soc-utils-test
stackinit_kunit
string-stream-test
test_linear_ranges
test_bits
test_kasan
fat_test
test_list_sort
slub_kunit
memcpy_kunit
time_test
drm_format_helper_test
drm_damage_helper_test
drm_cmdline_parser_test
drm_kunit_helpers
drm_rect_test
drm_format_test
drm_plane_helper_test
drm_dp_mst_helper_test
drm_framebuffer_test
drm_buddy_test
drm_mm_test
drm_connector_test
drm_managed_test
drm_modes_test
drm_probe_helper_test
lib_test
dev_addr_lists_test
rational-test
test_hash
locktorture
mac80211_hwsim
netdevsim
pktgen
rcutorture
rocker
scftorture
torture
test_bpf
test_klp_atomic_replace
test_klp_callbacks_demo
test_klp_callbacks_demo2
test_klp_callbacks_busy
test_klp_callbacks_mod
test_klp_livepatch
test_klp_shadow_vars
test_klp_state
test_klp_state2
test_klp_state3
test_hmm
test_vmalloc
mtty

5
SOURCES/mod-kvm.list Normal file
View File

@ -0,0 +1,5 @@
kvm-amd
kvm-intel
kvm
kvmgt
ptp_kvm

37
SOURCES/mod-sign.sh Executable file
View File

@ -0,0 +1,37 @@
#! /bin/bash
# The modules_sign target checks for corresponding .o files for every .ko that
# is signed. This doesn't work for package builds which re-use the same build
# directory for every flavour, and the .config may change between flavours.
# So instead of using this script to just sign lib/modules/$KernelVer/extra,
# sign all .ko in the buildroot.
# This essentially duplicates the 'modules_sign' Kbuild target and runs the
# same commands for those modules.
MODSECKEY=$1
MODPUBKEY=$2
moddir=$3
modules=`find $moddir -type f -name '*.ko'`
NPROC=`nproc`
[ -z "$NPROC" ] && NPROC=1
# NB: this loop runs 2000+ iterations. Try to be fast.
echo "$modules" | xargs -r -n16 -P $NPROC sh -c "
for mod; do
./scripts/sign-file sha256 $MODSECKEY $MODPUBKEY \$mod
rm -f \$mod.sig \$mod.dig
done
" DUMMYARG0 # xargs appends ARG1 ARG2..., which go into $mod in for loop.
RANDOMMOD=$(echo "$modules" | sort -R | head -n 1)
if [ "~Module signature appended~" != "$(tail -c 28 $RANDOMMOD)" ]; then
echo "*****************************"
echo "*** Modules are unsigned! ***"
echo "*****************************"
exit 1
fi
exit 0

26
SOURCES/parallel_xz.sh Executable file
View File

@ -0,0 +1,26 @@
#!/bin/sh
# Reads filenames on stdin, xz-compresses each in place.
# Not optimal for "compress relatively few, large files" scenario!
# How many xz's to run in parallel:
procgroup=""
while test "$#" != 0; do
# Get it from -jNUM
N="${1#-j}"
if test "$N" = "$1"; then
# Not -j<something> - warn and ignore
echo "parallel_xz: warning: unrecognized argument: '$1'"
else
procgroup="$N"
fi
shift
done
# If told to use only one cpu:
test "$procgroup" || exec xargs -r xz
test "$procgroup" = 1 && exec xargs -r xz
# xz has some startup cost. If files are really small,
# this cost might be significant. To combat this,
# process several files (in sequence) by each xz process via -n 16:
exec xargs -r -n 16 -P $procgroup xz

175
SOURCES/process_configs.sh Executable file
View File

@ -0,0 +1,175 @@
#!/bin/bash
#
# This script takes the merged config files and processes them through oldconfig
# and listnewconfig
#
usage()
{
echo "process_configs.sh [ -n|-c|-t ] package_name kernel_version [cross_opts]"
echo " -n: error on unset config options"
echo " -c: error on mismatched config options"
echo " -t: test run, do not overwrite original config"
echo " -w: error on misconfigured config options"
exit 1
}
die()
{
echo "$1"
exit 1
}
# stupid function to find top of tree to do kernel make configs
switch_to_toplevel()
{
path="$(pwd)"
while test -n "$path"
do
test -d $path/firmware && \
test -e $path/MAINTAINERS && \
test -d $path/drivers && \
break
path="$(dirname $path)"
done
test -n "$path" || die "Can't find toplevel"
echo "$path"
}
checkoptions()
{
/usr/bin/awk '
/is not set/ {
split ($0, a, "#");
split(a[2], b);
if (NR==FNR) {
configs[b[1]]="is not set";
} else {
if (configs[b[1]] != "" && configs[b[1]] != "is not set")
print "Found # "b[1] " is not set, after generation, had " b[1] " " configs[b[1]] " in Source tree";
}
}
/=/ {
split ($0, a, "=");
if (NR==FNR) {
configs[a[1]]=a[2];
} else {
if (configs[a[1]] != "" && configs[a[1]] != a[2])
print "Found "a[1]"="a[2]" after generation, had " a[1]"="configs[a[1]]" in Source tree";
}
}
' $1 $2 > .mismatches
if test -s .mismatches
then
echo "Error: Mismatches found in configuration files"
cat .mismatches
exit 1
fi
}
function process_configs()
{
# assume we are in $source_tree/configs, need to get to top level
pushd $(switch_to_toplevel) &>/dev/null
for cfg in $SCRIPT_DIR/${PACKAGE_NAME}${KVERREL}*.config
do
arch=$(head -1 $cfg | cut -b 3-)
cfgtmp="${cfg}.tmp"
cfgorig="${cfg}.orig"
cat $cfg > $cfgorig
echo -n "Processing $cfg ... "
make ARCH=$arch ${CROSSOPTS} KCONFIG_CONFIG=$cfgorig listnewconfig >& .listnewconfig
grep -E 'CONFIG_' .listnewconfig > .newoptions
if test -n "$NEWOPTIONS" && test -s .newoptions
then
echo "Found unset config items, please set them to an appropriate value"
cat .newoptions
rm .newoptions
exit 1
fi
rm .newoptions
grep -E 'config.*warning' .listnewconfig > .warnings
if test -n "$CHECKWARNINGS" && test -s .warnings
then
echo "Found misconfigured config items, please set them to an appropriate value"
cat .warnings
rm .warnings
exit 1
fi
rm .warnings
rm .listnewconfig
make ARCH=$arch ${CROSSOPTS} KCONFIG_CONFIG=$cfgorig oldnoconfig > /dev/null || exit 1
echo "# $arch" > ${cfgtmp}
cat "${cfgorig}" >> ${cfgtmp}
if test -n "$CHECKOPTIONS"
then
checkoptions $cfg $cfgtmp
fi
# if test run, don't overwrite original
if test -n "$TESTRUN"
then
rm ${cfgtmp}
else
mv ${cfgtmp} ${cfg}
fi
rm ${cfgorig}
echo "done"
done
rm "$SCRIPT_DIR"/*.config*.old
popd > /dev/null
echo "Processed config files are in $SCRIPT_DIR"
}
NEWOPTIONS=""
CHECKOPTIONS=""
CHECKWARNINGS=""
TESTRUN=""
while [[ $# -gt 0 ]]
do
key="$1"
case $key in
-h)
usage
;;
-n)
NEWOPTIONS="x"
;;
-c)
CHECKOPTIONS="x"
;;
-t)
TESTRUN="x"
;;
-w)
CHECKWARNINGS="x"
;;
*)
break;;
esac
shift
done
PACKAGE_NAME="${1:-kernel}" # defines the package name used
KVERREL="$(test -n "$2" && echo "-$2" || echo "")"
CROSSOPTS="$3"
SCRIPT="$(readlink -f $0)"
OUTPUT_DIR="$PWD"
SCRIPT_DIR="$(dirname $SCRIPT)"
# to handle this script being a symlink
cd $SCRIPT_DIR
process_configs

40
SOURCES/rpminspect.yaml Normal file
View File

@ -0,0 +1,40 @@
# additional rpminspect configuration for this branch
---
inspections:
abidiff: off
addedfiles: off
badfuncs: off
changedfiles: off
kmidiff: off
kmod: off
manpage: off
movedfiles: off
permissions: off
removedfiles: off
rpmdeps: off
upstream: off
elf:
ignore:
- /usr/libexec/ksamples/*
- /usr/libexec/kselftests/*
emptyrpm:
expected_empty:
- kernel
- kernel-debug
- kernel-zfcpdump
- kernel-zfcpdump-modules
specname:
match: prefix
primary: filename
patches:
ignore_list:
- linux-kernel-test.patch
types:
ignore:
- /usr/src/kernel/*

16
SOURCES/x509.genkey Normal file
View File

@ -0,0 +1,16 @@
[ req ]
default_bits = 3072
distinguished_name = req_distinguished_name
prompt = no
x509_extensions = myexts
[ req_distinguished_name ]
O = Red Hat
CN = Red Hat Enterprise Linux kernel signing key
emailAddress = secalert@redhat.com
[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid

128403
SPECS/kernel.spec Normal file

File diff suppressed because it is too large Load Diff