From the original RHEL patch:
This extra '+' causes problems with the regular expression used with
/usr/lib/rpm/find-debuginfo.sh script from rpm-build, which is used to filter
the debug files to the corresponding debuginfo packages. The '+' character
in the release is interpreted as a regular expression operator and the
debuginfo filter fails, with the build failing on an empty debuginfo file list.
Which means we need to escape the extra '+' character if we want debuginfo
filter to work. I tried to use '\' to escape, but rpm "eats" that, in testing
'[+]' worked so is what I'm using to fix/workaround this problem. When RHEL 8
drops the the extra +<number> in the future, we can remove this fix/workaround.
This problem is likely to come up so just add it in now.
Fedora does some validation on config options to catch
errors. There may be cases when we want to turn off that
checking because it doesn't actually matter. Make this a
full --with option to make it easier to turn off.
Some of the downstream users want to package some modules for
internal use only. While Fedora isn't internal, it's still
useful to have packaging aligned. Add a few modules to this
package.
Other products downstream of Fedora offer kernel ABI guarantees.
Fedora doesn't offer this and have no plans to do so but it's
useful to at least have the packaging in our tree. Add support.
Fedora currently only supports x86_64 secureboot signing.
There's ongoing work to enable other arches though. For now,
just bring in the packaging support with some of it commented
out.
While Fedora doesn't officially support kpatch, there's work
being done to enable kpatch elsewhere. Add the packaging work
but don't actually build anything.
The kernel currently builds the headers in a separate repository but
rebuilds may want to build it from the same srpm. Make sure the
cross command actually works.
The gcc-plugin-devel was a noble experiment that doesn't seem to be
something we'll shipp anytime soon. Remove it.
Building the headers now requires rsync
The driver is needed for testing purposes, enable it on the architectures
where EFI is supported. Also, disallow access to the registered device if
the kernel is locked down.
Fedora has been carrying this patch for a very long time as
a workaround for MacBook Airs1,1. We've also gotten smarter
about detection (see d79e141c1c6e ("Input: i8042 - Trust
firmware a bit more when probing on X86")) so let's try
dropping this.
Upstream finally merged the lockdown patches, adjust the SysRq patch to
work with the upstreamed version.
Signed-off-by: Jeremy Cline <jcline@redhat.com>
This is a first pass at getting the secureboot patches working with the
upstream lockdown patches that got merged. The final patch from our
lockdown set is the sysrq patch which also needs work. For the present
it is not applied.
This patch from 2013 stops the i915 driver from spitting out WARNs in
some cases, but nearly the same thing can be achieved with the
``verbose_state_checks=false`` module option added in 2014. With the
module setting the issue results in a log message at error level rather
than the debug level set by this patch. However, it's not known if this
is still a common issue. It seems worth the cost of (maybe) a few more
bug reports about new error-level logs to drop the patch.
To start with, we're going to leave ``verbose_state_checks=true`` (the
default), but if we run into a lot of WARNs we will turn it off.
We've come a long way. Let's just leave these drivers alone.
Banish the drivers to mod-extra to ensure they really don't
get loaded.
Signed-off-by: Laura Abbott <labbott@redhat.com>
We've been carrying this patch for years. If someone wants to
do the work to get it upstream, they are welcome to do so.
Signed-off-by: Laura Abbott <labbott@redhat.com>
We've been carrying a patch to make CPUMASK_OFFSTACK selectable
without debugging for a long time now. The comment said this was
going to be replaced with something else but that never seemed
to happen. We're carrying it to have a higher number of CPUs but
at this point, adjusting NR_CPUS doesn't really get us that much
benfit. Drop the patch and just use 8192 or NR_CPUS on x86.
Signed-off-by: Laura Abbott <labbott@redhat.com>
We've come a long way for namespaces since 2013 and
all arches now enable namespaces. Drop the patch where
we can turn it off and on.
Signed-off-by: Laura Abbott <labbott@redhat.com>
