Re: [OS-BUILD PATCH 0/2] gitlab-ci: disable Rawhide clang pipelines
From: Michael Hofmann on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2919#note_1754889444 @scweaver as the clang pipelines are green again, feel free to close the issue and MR without merging. -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCH 1/2] gitlab-ci: simplify enabling/disable ELN clang pipelines
From: Michael Hofmann gitlab-ci: simplify enabling/disable ELN clang pipelines Use one consistent style for temporarily disabling pipelines. Signed-off-by: Michael Hofmann diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index blahblah..blahblah 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -337,13 +337,14 @@ eln_debug_merge_request: extends: [.merge_request, .trigger_eln, .no_tests, .manual_for_bot, .eln_up_debug] -# eln_clang_merge_request: -# extends: [.merge_request, .trigger_eln, .no_tests, .manual_for_bot, -# .eln_clang_up] -# -# eln_clang_debug_merge_request: -# extends: [.merge_request, .trigger_eln, .no_tests, .manual_for_bot, -# .eln_clang_up_debug] +# disabled because clang pipelines are broken atm, remove leading dot to enable +.eln_clang_merge_request: + extends: [.merge_request, .trigger_eln, .no_tests, .manual_for_bot, +.eln_clang_up] + +.eln_clang_debug_merge_request: + extends: [.merge_request, .trigger_eln, .no_tests, .manual_for_bot, +.eln_clang_up_debug] eln_realtime_merge_request: extends: [.merge_request, .trigger_eln, .no_tests, .manual_for_bot, @@ -370,13 +371,14 @@ eln_debug_baseline: extends: [.baseline, .trigger_eln, .reported_tests, .ark_latest_head, .eln_up_debug] -# eln_clang_baseline: -# extends: [.baseline, .trigger_eln, .reported_tests_clang, .ark_latest_head, -# .eln_clang_up] -# -# eln_clang_debug_baseline: -# extends: [.baseline, .trigger_eln, .reported_tests_clang, .ark_latest_head, -# .eln_clang_up_debug] +# disabled because clang pipelines are broken atm, remove leading dot to enable +.eln_clang_baseline: + extends: [.baseline, .trigger_eln, .reported_tests_clang, .ark_latest_head, +.eln_clang_up] + +.eln_clang_debug_baseline: + extends: [.baseline, .trigger_eln, .reported_tests_clang, .ark_latest_head, +.eln_clang_up_debug] eln_realtime_baseline: # no tests as realtime code not present upstream extends: [.baseline, .trigger_eln, .no_tests, .ark_latest_head, -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2919 -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCH 2/2] gitlab-ci: disable Rawhide clang pipelines
From: Michael Hofmann gitlab-ci: disable Rawhide clang pipelines Fixes https://gitlab.com/cki-project/kernel-ark/-/issues/142 Signed-off-by: Michael Hofmann diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index blahblah..blahblah 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -274,19 +274,20 @@ ark_16k_debug_merge_request: extends: [.merge_request, .trigger_rawhide, .no_tests, .merge_ark_latest, .manual_for_bot, .rawhide_16k_debug] -ark_clang_merge_request: +# disabled because clang pipelines are broken atm, remove leading dot to enable +.ark_clang_merge_request: extends: [.merge_request, .trigger_rawhide, .no_tests, .merge_ark_latest, .manual_for_bot, .rawhide_clang_up] -ark_clang_debug_merge_request: +.ark_clang_debug_merge_request: extends: [.merge_request, .trigger_rawhide, .no_tests, .merge_ark_latest, .manual_for_bot, .rawhide_clang_up_debug] -ark_clanglto_merge_request: +.ark_clanglto_merge_request: extends: [.merge_request, .trigger_rawhide, .no_tests, .merge_ark_latest, .manual_for_bot, .rawhide_clanglto_up] -ark_clanglto_debug_merge_request: +.ark_clanglto_debug_merge_request: extends: [.merge_request, .trigger_rawhide, .no_tests, .merge_ark_latest, .manual_for_bot, .rawhide_clanglto_up_debug] @@ -307,19 +308,20 @@ ark_16k_debug_baseline: extends: [.baseline, .trigger_rawhide, .no_tests, .ark_latest_head, .rawhide_16k_debug] -ark_clang_baseline: +# disabled because clang pipelines are broken atm, remove leading dot to enable +.ark_clang_baseline: extends: [.baseline, .trigger_rawhide, .reported_tests_clang, .ark_latest_head, .rawhide_clang_up] -ark_clang_debug_baseline: +.ark_clang_debug_baseline: extends: [.baseline, .trigger_rawhide, .reported_tests_clang, .ark_latest_head, .rawhide_clang_up_debug] -ark_clanglto_baseline: +.ark_clanglto_baseline: extends: [.baseline, .trigger_rawhide, .reported_tests_clang, .ark_latest_head, .rawhide_clanglto_up] -ark_clanglto_debug_baseline: +.ark_clanglto_debug_baseline: extends: [.baseline, .trigger_rawhide, .reported_tests_clang, .ark_latest_head, .rawhide_clanglto_up_debug] -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2919 -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCH 0/2] gitlab-ci: disable Rawhide clang pipelines
From: Michael Hofmann on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2919 Fixes https://gitlab.com/cki-project/kernel-ark/-/issues/142 Signed-off-by: Michael Hofmann --- .gitlab-ci.yml | 48 ++-- 1 files changed, 26 insertions(+), 22 deletions(-) -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv3 0/5] Add libperf packages and build kernel tools for Fedora
From: Scott Weaver on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2907#note_1754559257 I see now that if we want CKI to pass you'll have to rebase. It's missing `0b6eb15a24b2e ('gitlab-ci: merge ark-latest before building in MR pipelines')`. I'm not sure that's really required since we know why clang is failing. If we can get another ack we can just merge it IMHO. @hertonrk-rh or @jstancek could you take a look at this MR when you get time? Thanks! -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH 0/2] tools/rtla: Fix Makefile compiler options for clang
From: Don Zickus on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2918#note_1754196046 @scweaver @jmflinuxtx - this MR should address the clang issues until accepted upstream. -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCH 2/2] tools/rv: Fix Makefile compiler options for clang
From: Daniel Bristot de Oliveira tools/rv: Fix Makefile compiler options for clang The following errors are showing up when compiling rv with clang: $ make HOSTCC=clang CC=clang LLVM_IAS=1 [...] clang -O -g -DVERSION=\"6.8.0-rc1\" -flto=auto -ffat-lto-objects -fexceptions -fstack-protector-strong -fasynchronous-unwind-tables -fstack-clash-protection -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -Wno-maybe-uninitialized $(pkg-config --cflags libtracefs) -I include -c -o src/utils.o src/utils.c clang: warning: optimization flag '-ffat-lto-objects' is not supported [-Wignored-optimization-argument] warning: unknown warning option '-Wno-maybe-uninitialized'; did you mean '-Wno-uninitialized'? [-Wunknown-warning-option] 1 warning generated. clang -o rv -ggdb src/in_kernel.o src/rv.o src/trace.o src/utils.o $(pkg-config --libs libtracefs) src/in_kernel.o: file not recognized: file format not recognized clang: error: linker command failed with exit code 1 (use -v to see invocation) make: *** [Makefile:110: rv] Error 1 Solve these issues by: - removing -ffat-lto-objects and -Wno-maybe-uninitialized if using clang - informing the linker about -flto=auto Reported-by: Donald Zickus Signed-off-by: Daniel Bristot de Oliveira diff --git a/tools/verification/rv/Makefile b/tools/verification/rv/Makefile index blahblah..blahblah 100644 --- a/tools/verification/rv/Makefile +++ b/tools/verification/rv/Makefile @@ -28,10 +28,15 @@ FOPTS := -flto=auto -ffat-lto-objects -fexceptions -fstack-protector-strong \ -fasynchronous-unwind-tables -fstack-clash-protection WOPTS := -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -Wno-maybe-uninitialized +ifeq ($(CC),clang) + FOPTS := $(filter-out -ffat-lto-objects, $(FOPTS)) + WOPTS := $(filter-out -Wno-maybe-uninitialized, $(WOPTS)) +endif + TRACEFS_HEADERS:= $$($(PKG_CONFIG) --cflags libtracefs) CFLAGS := -O -g -DVERSION=\"$(VERSION)\" $(FOPTS) $(MOPTS) $(WOPTS) $(TRACEFS_HEADERS) $(EXTRA_CFLAGS) -I include -LDFLAGS:= -ggdb $(EXTRA_LDFLAGS) +LDFLAGS:= -flto=auto -ggdb $(EXTRA_LDFLAGS) LIBS := $$($(PKG_CONFIG) --libs libtracefs) SRC:= $(wildcard src/*.c) -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2918 -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCH 0/2] tools/rtla: Fix Makefile compiler options for clang
From: Don Zickus on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2918 The following errors are showing up when compiling rtla with clang: $ make HOSTCC=clang CC=clang LLVM_IAS=1 [...] clang -O -g -DVERSION=\"6.8.0-rc1\" -flto=auto -ffat-lto-objects -fexceptions -fstack-protector-strong -fasynchronous-unwind-tables -fstack-clash-protection -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -Wno-maybe-uninitialized $(pkg-config --cflags libtracefs)-c -o src/utils.o src/utils.c clang: warning: optimization flag '-ffat-lto-objects' is not supported [-Wignored-optimization-argument] warning: unknown warning option '-Wno-maybe-uninitialized'; did you mean '-Wno-uninitialized'? [-Wunknown-warning-option] 1 warning generated. clang -o rtla -ggdb src/osnoise.o src/osnoise_hist.o src/osnoise_top.o src/rtla.o src/timerlat_aa.o src/timerlat.o src/timerlat_hist.o src/timerlat_top.o src/timerlat_u.o src/trace.o src/utils.o $(pkg-config --libs libtracefs) src/osnoise.o: file not recognized: file format not recognized clang: error: linker command failed with exit code 1 (use -v to see invocation) make: *** [Makefile:110: rtla] Error 1 Solve these issues by: - removing -ffat-lto-objects and -Wno-maybe-uninitialized if using clang - informing the linker about -flto=auto Reported-by: Donald Zickus Signed-off-by: Daniel Bristot de Oliveira --- tools/tracing/rtla/Makefile| 7 ++- tools/verification/rv/Makefile | 7 ++- 2 files changed, 12 insertions(+), 2 deletions(-) -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCH 1/2] tools/rtla: Fix Makefile compiler options for clang
From: Daniel Bristot de Oliveira tools/rtla: Fix Makefile compiler options for clang The following errors are showing up when compiling rtla with clang: $ make HOSTCC=clang CC=clang LLVM_IAS=1 [...] clang -O -g -DVERSION=\"6.8.0-rc1\" -flto=auto -ffat-lto-objects -fexceptions -fstack-protector-strong -fasynchronous-unwind-tables -fstack-clash-protection -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -Wno-maybe-uninitialized $(pkg-config --cflags libtracefs)-c -o src/utils.o src/utils.c clang: warning: optimization flag '-ffat-lto-objects' is not supported [-Wignored-optimization-argument] warning: unknown warning option '-Wno-maybe-uninitialized'; did you mean '-Wno-uninitialized'? [-Wunknown-warning-option] 1 warning generated. clang -o rtla -ggdb src/osnoise.o src/osnoise_hist.o src/osnoise_top.o src/rtla.o src/timerlat_aa.o src/timerlat.o src/timerlat_hist.o src/timerlat_top.o src/timerlat_u.o src/trace.o src/utils.o $(pkg-config --libs libtracefs) src/osnoise.o: file not recognized: file format not recognized clang: error: linker command failed with exit code 1 (use -v to see invocation) make: *** [Makefile:110: rtla] Error 1 Solve these issues by: - removing -ffat-lto-objects and -Wno-maybe-uninitialized if using clang - informing the linker about -flto=auto Reported-by: Donald Zickus Signed-off-by: Daniel Bristot de Oliveira diff --git a/tools/tracing/rtla/Makefile b/tools/tracing/rtla/Makefile index blahblah..blahblah 100644 --- a/tools/tracing/rtla/Makefile +++ b/tools/tracing/rtla/Makefile @@ -28,10 +28,15 @@ FOPTS := -flto=auto -ffat-lto-objects -fexceptions -fstack-protector-strong \ -fasynchronous-unwind-tables -fstack-clash-protection WOPTS := -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -Wno-maybe-uninitialized +ifeq ($(CC),clang) + FOPTS := $(filter-out -ffat-lto-objects, $(FOPTS)) + WOPTS := $(filter-out -Wno-maybe-uninitialized, $(WOPTS)) +endif + TRACEFS_HEADERS:= $$($(PKG_CONFIG) --cflags libtracefs) CFLAGS := -O -g -DVERSION=\"$(VERSION)\" $(FOPTS) $(MOPTS) $(WOPTS) $(TRACEFS_HEADERS) $(EXTRA_CFLAGS) -LDFLAGS:= -ggdb $(EXTRA_LDFLAGS) +LDFLAGS:= -flto=auto -ggdb $(EXTRA_LDFLAGS) LIBS := $$($(PKG_CONFIG) --libs libtracefs) SRC:= $(wildcard src/*.c) -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2918 -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv2 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Michael Hofmann on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917#note_1753957414 @eesposit this is not in the CKI buildroot yet - where is this supposed to be needed going forward? -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv2 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Daniel P. Berrangé on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917#note_1753784734 But at that point we might as well just use the ukify tool directly. -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv2 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Daniel P. Berrangé on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917#note_1753782383 Looking at this config file, I'm not entirely convinced that we benefit from having this in a config file, and it has downsides in lack of flexibility. For example, consider that as we expand UKIs to multiple architectures, we'll almost certainly need to have different addons on each arch. We could create extra config files per arch for those, but the amount of info in the file doesn't appear all that compelling. Consider if the python tool just accepted the data on the cli: ``` # Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) python3 ukiaddon.py --output $KernelAddonsDir/fips.addon --cmdline "fips=1" ``` Then each invokation of ukiaddon.py can be conditionalized based on whatever rpm spec conditions are needed. -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv2 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Emanuele Giuseppe Esposito on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917 We want to enable kernel.spec to optionally ship UKI addons defined in a common config file in redhat folder. If that file is populated, and the kernel-uki-virt is built, kernel-uki-virt rpm will also contain a folder called addons that will contain the uki addons. Signed-off-by: Emanuele Giuseppe Esposito --- redhat/scripts/uki_addons.py | 137 + redhat/Makefile|2 + redhat/kernel.spec.template| 15 redhat/uki_cmdline_addons.conf |3 + 4 files changed, 157 insertions(+), 0 deletions(-) -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv2 1/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Emanuele Giuseppe Esposito redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons Upstream Status: RHEL-Only By defininig an addon in uki_cmdline_addons.conf, the script uki_addons.py will automatically create an UKI addon to be shipped together in the same package. For additional info on how to format uki_cmdline_addons.conf, check uki_addons.py head comment. Signed-off-by: Emanuele Giuseppe Esposito diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -690,6 +690,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check scripts/mod/mod-partner.list \ scripts/mod/mod-sign.sh \ scripts/mod/mod-kvm.list \ + scripts/uki_addons.py \ configs/flavors \ configs/generate_all_configs.sh \ configs/merge.py \ @@ -698,6 +699,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check README.rst \ kernel-local \ dracut-virt.conf \ + uki_cmdline_addons.conf \ $(SOURCES)/ @cat $$(ls -1 $(SPECPACKAGE_NAME).changelog-* | sort -t '.' -k 3 -n -r) \ > $(SOURCES)/kernel.changelog diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100644 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -792,6 +792,8 @@ BuildRequires: binutils BuildRequires: lvm2 BuildRequires: systemd-boot-unsigned # For systemd-stub and systemd-pcrphase +BuildRequires: systemd-ukify +# For UKI kernel cmdline addons BuildRequires: systemd-udev >= 252-1 # For TPM operations in UKI initramfs BuildRequires: tpm2-tools @@ -933,6 +935,9 @@ Source86: dracut-virt.conf Source87: flavors +Source151: uki_addons.py +Source152: uki_cmdline_addons.conf + Source100: rheldup3.x509 Source101: rhelkpatch1.x509 @@ -2537,6 +2542,15 @@ BuildKernel() { fi mv $KernelUnifiedImage.signed $KernelUnifiedImage + KernelAddonsDir="$KernelUnifiedImageDir/addons" + mkdir -p $KernelAddonsDir + python3 %{SOURCE151} %{SOURCE152} $KernelAddonsDir + for addon in "$KernelAddonsDir"/*; do +%pesign -s -i $addon -o $addon.signed -a %{secureboot_ca_1} -c %{secureboot_key_1} -n %{pesign_name_1} +rm -f $addon +mv $addon.signed $addon + done + # signkernel %endif @@ -3692,6 +3706,7 @@ fi\ /lib/modules/%{KVERREL}%{?3:+%{3}}/config\ /lib/modules/%{KVERREL}%{?3:+%{3}}/modules.builtin*\ %attr(0644, root, root) /lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/addons/*.addon.efi\ %ghost /%{image_install_path}/efi/EFI/Linux/%{?-k:%{-k*}}%{!?-k:*}-%{KVERREL}%{?3:+%{3}}.efi\ %endif\ %endif\ diff --git a/redhat/scripts/uki_addons.py b/redhat/scripts/uki_addons.py new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/scripts/uki_addons.py @@ -0,0 +1,137 @@ +#!/bin/bash +# +# This script reads a given uki addons config file list, and creates an addon +# for each definition given. +# +# Usage: python uki_addons.py cfgfile cert.pem key output_dir +# +# This tool requires the systemd-ukify and systemd-boot yum packages. +# +# Cfgfile definition +#--- +# Each addon is separate from the next by an empty line. +# Each addon has 3 mandatory fields, plus one optional (sbat). +# Each field (except the fourth) is terminated by a single newline. +# No multiline fields! If a cmdline starts to be too long, maybe it's time to +# create multiple addons. +# +# Cfgfile fields +#--- +# - Name: name of the addon. This tool will create an addon called .addon.efi +# and put it in @output_dir. Name might or might not contain .addon.efi. +# If it is missing, it will be added automatically. +# - Description: human readable description of the addon. Not included in the +#generated file. +# - Command line: the command line to be inserted into the addon. +# - SBAT (optional): If this field is specified, replace .sbat with the provided +#one. This field can be multiline, but must have an additional +#newline (or EOF) to separate from the next addon. + +import os +import sys +import collections +import subprocess + +SYSTEMD_STUB_PATH = '/usr/lib/systemd/boot/efi/addonx64.efi.stub' +UKIFY_PATH = '/usr/lib/systemd/ukify' + +def usage(err): +print(f'Usage: {os.path.basename(__file__)} cfgfile cert.pem key output_dir') +if err: +print(f'Error:{err}') +sys.exit(1) + +def cfgfile_fields_help(): +print("Cfgfile fields") +print("---") +print(" - Name: name of the addon. This tool will create an addon called .addon.efi") +print(" and put it in @output_dir. Name might or might not
[OS-BUILD PATCHv2 2/2] redhat/uki_cmdline_addons.conf: add FIPS addon
From: Emanuele Giuseppe Esposito redhat/uki_cmdline_addons.conf: add FIPS addon Upstream Status: RHEL-Only The fips addon simply enable fips in the kernel command line. Signed-off-by: Emanuele Giuseppe Esposito diff --git a/redhat/uki_cmdline_addons.conf b/redhat/uki_cmdline_addons.conf index blahblah..blahblah 100644 --- a/redhat/uki_cmdline_addons.conf +++ b/redhat/uki_cmdline_addons.conf @@ -0,0 +1,3 @@ +fips +Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 \ No newline at end of file -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917 -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCH] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Emanuele Giuseppe Esposito redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons Upstream Status: RHEL-Only By defininig an addon in uki_cmdline_addons.conf, the script uki_addons.py will automatically create an UKI addon to be shipped together in the same package. For additional info on how to format uki_cmdline_addons.conf, check uki_addons.py head comment. Signed-off-by: Emanuele Giuseppe Esposito diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -690,6 +690,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check scripts/mod/mod-partner.list \ scripts/mod/mod-sign.sh \ scripts/mod/mod-kvm.list \ + scripts/uki_addons.py \ configs/flavors \ configs/generate_all_configs.sh \ configs/merge.py \ @@ -698,6 +699,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check README.rst \ kernel-local \ dracut-virt.conf \ + uki_cmdline_addons.conf \ $(SOURCES)/ @cat $$(ls -1 $(SPECPACKAGE_NAME).changelog-* | sort -t '.' -k 3 -n -r) \ > $(SOURCES)/kernel.changelog diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100644 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -792,6 +792,8 @@ BuildRequires: binutils BuildRequires: lvm2 BuildRequires: systemd-boot-unsigned # For systemd-stub and systemd-pcrphase +BuildRequires: systemd-ukify +# For UKI kernel cmdline addons BuildRequires: systemd-udev >= 252-1 # For TPM operations in UKI initramfs BuildRequires: tpm2-tools @@ -933,6 +935,9 @@ Source86: dracut-virt.conf Source87: flavors +Source151: uki_addons.py +Source152: uki_cmdline_addons.conf + Source100: rheldup3.x509 Source101: rhelkpatch1.x509 @@ -2537,6 +2542,15 @@ BuildKernel() { fi mv $KernelUnifiedImage.signed $KernelUnifiedImage + KernelAddonsDir="$KernelUnifiedImageDir/addons" + mkdir -p $KernelAddonsDir + python3 %{SOURCE151} %{SOURCE152} $KernelAddonsDir + for addon in "$KernelAddonsDir"/*; do +%pesign -s -i $addon -o $addon.signed -a %{secureboot_ca_1} -c %{secureboot_key_1} -n %{pesign_name_1} +rm -f $addon +mv $addon.signed $addon + done + # signkernel %endif @@ -3692,6 +3706,7 @@ fi\ /lib/modules/%{KVERREL}%{?3:+%{3}}/config\ /lib/modules/%{KVERREL}%{?3:+%{3}}/modules.builtin*\ %attr(0644, root, root) /lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/addons/*.addon.efi\ %ghost /%{image_install_path}/efi/EFI/Linux/%{?-k:%{-k*}}%{!?-k:*}-%{KVERREL}%{?3:+%{3}}.efi\ %endif\ %endif\ diff --git a/redhat/scripts/uki_addons.py b/redhat/scripts/uki_addons.py new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/scripts/uki_addons.py @@ -0,0 +1,137 @@ +#!/bin/bash +# +# This script reads a given uki addons config file list, and creates an addon +# for each definition given. +# +# Usage: python uki_addons.py cfgfile cert.pem key output_dir +# +# This tool requires the systemd-ukify and systemd-boot yum packages. +# +# Cfgfile definition +#--- +# Each addon is separate from the next by an empty line. +# Each addon has 3 mandatory fields, plus one optional (sbat). +# Each field (except the fourth) is terminated by a single newline. +# No multiline fields! If a cmdline starts to be too long, maybe it's time to +# create multiple addons. +# +# Cfgfile fields +#--- +# - Name: name of the addon. This tool will create an addon called .addon.efi +# and put it in @output_dir. Name might or might not contain .addon.efi. +# If it is missing, it will be added automatically. +# - Description: human readable description of the addon. Not included in the +#generated file. +# - Command line: the command line to be inserted into the addon. +# - SBAT (optional): If this field is specified, replace .sbat with the provided +#one. This field can be multiline, but must have an additional +#newline (or EOF) to separate from the next addon. + +import os +import sys +import collections +import subprocess + +SYSTEMD_STUB_PATH = '/usr/lib/systemd/boot/efi/addonx64.efi.stub' +UKIFY_PATH = '/usr/lib/systemd/ukify' + +def usage(err): +print(f'Usage: {os.path.basename(__file__)} cfgfile cert.pem key output_dir') +if err: +print(f'Error:{err}') +sys.exit(1) + +def cfgfile_fields_help(): +print("Cfgfile fields") +print("---") +print(" - Name: name of the addon. This tool will create an addon called .addon.efi") +print(" and put it in @output_dir. Name might or might not
Re: [OS-BUILD PATCH] [redhat] configs: Disable CONFIG_XFS_SUPPORT_V4
From: Eric Sandeen on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2916#note_1753682876 Ok - I'm not sure about the release notes process for Fedora...? -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH] [redhat] configs: Disable CONFIG_XFS_SUPPORT_V4
From: pbrobinson on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2916#note_1753667766 I think it should be fine, I think we should at least get something into release notes so people are aware, we can always turn it back on if there are complaints. I think my big request is primarily documentation :) -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH] [redhat] configs: Disable CONFIG_XFS_SUPPORT_V4
From: Eric Sandeen on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2916#note_1753625598 If there is a strong desire to leave it on for another year in Fedora, I'm happy to let Fedora manage that timing if preferred, but we do need to get it turned off for the next RHEL. Thanks, \-Eric -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH] [redhat] configs: Disable CONFIG_XFS_SUPPORT_V4
From: Eric Sandeen on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2916#note_1753622935 Sounds about right. So 7 years ago. V4 support **will** go away upstream. The upstream commit says more: ``` commit b96cb835 Author: Darrick J. Wong darrick.w...@oracle.com Date: Thu Sep 10 10:57:17 2020 -0700 xfs: deprecate the V4 format The V4 filesystem format contains known weaknesses in the on-disk format that make metadata verification diffiult. In addition, the format does not support dates past 2038 and will not be upgraded to do so. We should start the process of retiring the old format to close off attack surfaces and to encourage users to migrate onto V5. Therefore, make XFS V4 support a configurable option. For the first period it will be default Y in case some distributors want to withdraw support early; for the second period it will be default N so that anyone who wishes to continue support can do so; and after that, support will be removed from the kernel. Dates for these events have been added to the upstream kernel. Signed-off-by: Darrick J. Wong Reviewed-by: Dave Chinner Reviewed-by: Eric Sandeen ``` and it adds this documentation: ``` +Deprecation of V4 Format + + +The V4 filesystem format lacks certain features that are supported by +the V5 format, such as metadata checksumming, strengthened metadata +verification, and the ability to store timestamps past the year 2038. +Because of this, the V4 format is deprecated. All users should upgrade +by backing up their files, reformatting, and restoring from the backup. + +Administrators and users can detect a V4 filesystem by running xfs_info +against a filesystem mountpoint and checking for a string containing +"crc=". If no such string is found, please upgrade xfsprogs to the +latest version and try again. + +The deprecation will take place in two parts. Support for mounting V4 +filesystems can now be disabled at kernel build time via Kconfig option. +The option will default to yes until September 2025, at which time it +will be changed to default to no. In September 2030, support will be +removed from the codebase entirely. + +Note: Distributors may choose to withdraw V4 format support earlier than +the dates listed above. ``` Fedora could wait until upstream kills it, but we need to get out in front of this for RHEL due to its long lifetime. Disabling V4 also greatly reduces the fuzzing attack surface for XFS, which has in the past generated a lot of CVE activity. -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
✅ PASS (MISSED 8 of 118): Test report for 6.7.3-200.fc39 (kernel-fedora)
Hi, we tested your kernel and here are the results: Overall result: PASSED Merge: OK Compile: OK Test: OK Tested-by: CKI Project Kernel information: Brew / Koji Task ID: 112707366 You can find all the details about the test run at https://datawarehouse.cki-project.org/kcidb/checkouts/126830 One or more kernel tests failed: We also see the following known issues which are not related to your changes: Issue: NFS Connectathon: SELinux prevents rpcbind URL: https://bugzilla.redhat.com/1758147 Affected tests: ppc64le - Filesystem - NFS Connectathon x86_64 - Filesystem - NFS Connectathon Tests that were not ran because of internal issues: aarch64 - Hardware - IPMI driver test aarch64 - Hardware - IPMItool loop stress test aarch64 - Storage - swraid scsi_raid aarch64 - stress: stress-ng - interrupt aarch64 - stress: stress-ng - cpu aarch64 - stress: stress-ng - cpu-cache aarch64 - stress: stress-ng - memory aarch64 - Reboot test If you find a failure unrelated to your changes, please ask the test maintainer to review it. This will prevent the failures from being incorrectly reported in the future. Please reply to this email if you have any questions about the tests that we ran or if you have any suggestions on how to make future tests more effective. ,-. ,-. ( C ) ( K ) Continuous `-',-.`-' Kernel ( I ) Integration `-' __ -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH] [redhat] configs: Disable CONFIG_XFS_SUPPORT_V4
From: pbrobinson on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2916#note_1753238184 To partially answer my own question it seems v5 became default with xfsprogs 4.9 which landed in Fedora 26 in 2017. -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH] [redhat] configs: Disable CONFIG_XFS_SUPPORT_V4
From: pbrobinson on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2916#note_1753212884 When was this last default for XFS filesystem creation? How will users know if they're affected? How can they upgrade/migrate to a newer version of XFS? -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue