The switch_to_toplevel() function in process_configs.sh contains a buggy
loop. It tests whether $path is empty but should test whether $path
equals "/". (It repeatedly calls dirname on pwd's output, and since pwd
will return an absolute path this will, eventually, return "/" forever.)
So let's test for "/" here.
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
We disabled the gdb indexing a while ago because it was
broken with the kernel. It seems to be working okay now so re-enable it.
Signed-off-by: Laura Abbott <labbott@redhat.com>
The rule that generates kernel-ppc64le-debug.config visits
configs/generic/powerpc twice. Stop doing that.
Signed-off-by: Paul Bolle <pebolle@tiscali.nl>
Upstream has made a keyring to the platform keys. The "KEYS: Allow
unrestricted boot-time addition of keys to secondary keyring" is
available upstream for the platform keyring.
The only issue is that module signatures aren't checked with the
platform keyring, so this introduces a patch to add that which has been
sent upstream. At least our carried-patch count hasn't gone up.
Use the latest version of the kernel lockdown patch set. This includes a
few configuration renames:
CONFIG_KEXEC_VERIFY_SIG became CONFIG_KEXEC_SIG and
CONFIG_KEXEC_SIG_FORCE was added. CONFIG_KEXEC_SIG_FORCE=n because the
"kexec_file: Restrict at runtime if the kernel is locked down" patch
enforces the signature requirement when the kernel is locked down.
CONFIG_LOCK_DOWN_MANDATORY got renamed to CONFIG_LOCK_DOWN_KERNEL_FORCE
and remains false as LOCK_DOWN_IN_EFI_SECURE_BOOT covers enabling it for
EFI Secure Boot users.
Finally, the SysRq patches got dropped for the present.
OSTree is a far, far more sophisticated wrapper around the `link()`
system call than the `hardlink` package - it supports using
as a mechanism for transactional offline updates, fetching over
HTTP with GPG signatures and deltas, etc. rpm-ostree uses it
for everything.
Having the `kernel-devel` package run `hardlink` just adds
latency to `rpm-ostree compose tree` unnecessarily.