[OS-BUILD PATCH 0/0] A few updates to the module filtering files for the 6.9 merge window after experiences with -next
From: Thorsten Leemhuis on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2975 NOTE: Truncated patchset since committer email 'fed...@leemhuis.info' does not match the submitter's GitLab public email address 'li...@leemhuis.info'. In the past few weeks while building linux-next for my kernel vanilla repositories I noticed a few upstream changes that require changes to files like mod-internal.list or filter-modules.sh.fedora for kernel-ark builds to succeed. Changes like these will most likely be needed in kernel-ark/os-build soon, as the those upstream changes are heading towards mainline currently. I'm providing these changes here in advance in case they might helpful for @jmflinuxtx or somebody else (either for cherry-picking for for merging as a whole). --- redhat/scripts/mod/mod-internal.list | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv2 2/2] Octopus merges are too conservative, serialize instead
From: Don Zickus
Octopus merges are too conservative, serialize instead
There are some commits in an octous merge that may overlap and the
octopus merging is to conservative. Serializing the merges is more
successfull. Convert to that.
Signed-off-by: Don Zickus
diff --git a/redhat/scripts/ci/ark-ci-env.sh b/redhat/scripts/ci/ark-ci-env.sh
index blahblah..blahblah 100644
--- a/redhat/scripts/ci/ark-ci-env.sh
+++ b/redhat/scripts/ci/ark-ci-env.sh
@@ -56,23 +56,20 @@ ark_git_mirror()
# Merge wrapper in case issues arise
ark_git_merge()
{
- # support octopus merging with source_branch 1|2
-
target_branch="$1"
- source_branch1="$2"
- source_branch2="$3"
+ source_branch="$2"
prev_branch="$(git rev-parse --abbrev-ref HEAD)"
- ark_git_branch "$target_branch" "${source_branch1}"
+ ark_git_branch "$target_branch" "${source_branch}"
git checkout "$target_branch"
- msg="Merge '${source_branch1} ${source_branch2}' into '$target_branch'"
- if ! git merge -m "$msg" "${source_branch1}" "${source_branch2}"; then
+ msg="Merge '${source_branch}' into '$target_branch'"
+ if ! git merge -m "$msg" "${source_branch}"; then
git merge --abort
printf "Merge conflict; halting!\n"
printf "To reproduce:\n"
printf "* git checkout %s\n" "${target_branch}"
- printf "* git merge %s\n" "${source_branch1} ${source_branch2}"
+ printf "* git merge %s\n" "${source_branch}"
die "Merge conflicts"
fi
diff --git a/redhat/scripts/ci/ark-merge-rt.sh
b/redhat/scripts/ci/ark-merge-rt.sh
index blahblah..blahblah 100755
--- a/redhat/scripts/ci/ark-merge-rt.sh
+++ b/redhat/scripts/ci/ark-merge-rt.sh
@@ -125,7 +125,6 @@ if test "$UPSTREAM_RT_DEVEL_VER" != "$RT_DEVEL_VER" -o \
# rebases usually go from prev version to new version
# rebuild the prev merge base as it isn't saved.
# then rebuild the current merge base as it isn't saved either
- # because we use an octopus merge below.
prev_branch="$(git rev-parse --abbrev-ref HEAD)"
temp_prev_branch="_temp_prev_rt_devel_$(date +%F)"
git branch -D "$temp_prev_branch" 2>/dev/null
@@ -133,7 +132,7 @@ if test "$UPSTREAM_RT_DEVEL_VER" != "$RT_DEVEL_VER" -o \
git checkout -b "$temp_prev_branch" "kernel-${OS_BUILD_VER_prev}.0-0"
git merge "$UPSTREAM_RT_TREE_NAME/$UPSTREAM_RT_PREV_BRANCH"
- # create devel merge branch to base octopus merge on.
+ # create devel merge branch to base merge on.
temp_devel_branch="_temp_devel_rt_devel_$(date +%F)"
git branch -D "$temp_devel_branch" 2>/dev/null
git checkout -b "$temp_devel_branch" "$OS_BUILD_BASE_BRANCH"
@@ -148,14 +147,16 @@ if test "$UPSTREAM_RT_DEVEL_VER" != "$RT_DEVEL_VER" -o \
fi
## Build -rt-devel branch, generate pending-rhel configs
-ark_git_merge "$RT_DEVEL_BRANCH" "$OS_BUILD_BASE_BRANCH"
"$UPSTREAM_RT_TREE_NAME/$UPSTREAM_RT_DEVEL_BRANCH"
+ark_git_merge "$RT_DEVEL_BRANCH" "$OS_BUILD_BASE_BRANCH"
+ark_git_merge "$RT_DEVEL_BRANCH"
"$UPSTREAM_RT_TREE_NAME/$UPSTREAM_RT_DEVEL_BRANCH"
# don't care if configs were added or not hence '|| true'
ark_update_configs "$RT_DEVEL_BRANCH" || true
# skip pushing config update MRs, keep them in pending-rhel
ark_push_changes "$RT_DEVEL_BRANCH" "skip"
## Build -automotive-devel branch, generate pending-rhel configs
-ark_git_merge "$AUTOMOTIVE_DEVEL_BRANCH" "$OS_BUILD_BASE_BRANCH"
"$UPSTREAM_RT_TREE_NAME/$UPSTREAM_RT_DEVEL_BRANCH"
+ark_git_merge "$AUTOMOTIVE_DEVEL_BRANCH" "$OS_BUILD_BASE_BRANCH"
+ark_git_merge "$AUTOMOTIVE_DEVEL_BRANCH"
"$UPSTREAM_RT_TREE_NAME/$UPSTREAM_RT_DEVEL_BRANCH"
# don't care if configs were added or not hence '|| true'
ark_update_configs "$AUTOMOTIVE_DEVEL_BRANCH" || true
# skip pushing config update MRs, keep them in pending-rhel
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2972
--
___
kernel mailing list -- kernel@lists.fedoraproject.org
To unsubscribe send an email to kernel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv2 1/2] Add tracking branches for rt-devel
From: Don Zickus Add tracking branches for rt-devel Without the tracking branches, the branches are created from scratch which prevent a fast-forward merge later to rt-devel and automotive-devel. Signed-off-by: Don Zickus diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index blahblah..blahblah 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -506,6 +506,10 @@ merge_rt_automotive: extends: .scheduled_setup script: - git remote add linux-rt-devel git://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-rt-devel.git +- git checkout --track origin/os-build-rt-devel && git describe +- git checkout --track origin/os-build-automotive-devel && git describe +# make sure we are on correct code base before running script +- git checkout os-build && git describe - DIST_PUSH=1 redhat/scripts/ci/ark-merge-rt.sh retry: 2 rules: -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2972 -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv2 0/2] Cleanup fixes for rt-devel
From: Don Zickus on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2972 More cleanup fixes to handle daily merges for rt-devel and automotive-devel. Tested by simulating the two daily cronjob in test-os-builds. Signed-off-by: Don Zickus dzic...@redhat.com --- redhat/scripts/ci/ark-ci-env.sh | 13 + redhat/scripts/ci/ark-merge-rt.sh | 9 + .gitlab-ci.yml| 4 3 files changed, 14 insertions(+), 12 deletions(-) -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv10 2/2] redhat/uki_cmdline_addons.conf: add FIPS addon
From: Emanuele Giuseppe Esposito redhat/uki_cmdline_addons.conf: add FIPS addon Upstream Status: RHEL-Only The fips addon simply enable fips in the kernel command line. Signed-off-by: Emanuele Giuseppe Esposito diff --git a/redhat/addons/fedora/virt/aarch64/fips.addon b/redhat/addons/fedora/virt/aarch64/fips.addon new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/addons/fedora/virt/aarch64/fips.addon @@ -0,0 +1,2 @@ +# Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 diff --git a/redhat/addons/fedora/virt/x86_64/ciao.addon b/redhat/addons/fedora/virt/x86_64/ciao.addon deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/addons/fedora/virt/x86_64/ciao.addon +++ /dev/null @@ -1,7 +0,0 @@ -# noo - # n - -cmdline good -also good - also good - diff --git a/redhat/addons/fedora/virt/x86_64/fips.addon b/redhat/addons/fedora/virt/x86_64/fips.addon new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/addons/fedora/virt/x86_64/fips.addon @@ -0,0 +1,2 @@ +# Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 diff --git a/redhat/addons/rhel/virt/aarch64/fips.addon b/redhat/addons/rhel/virt/aarch64/fips.addon new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/addons/rhel/virt/aarch64/fips.addon @@ -0,0 +1,2 @@ +# Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 diff --git a/redhat/addons/rhel/virt/x86_64/ciao.addon b/redhat/addons/rhel/virt/x86_64/ciao.addon deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/addons/rhel/virt/x86_64/ciao.addon +++ /dev/null @@ -1,7 +0,0 @@ -# noo - # n - -cmdline good -also good - also good - diff --git a/redhat/addons/rhel/virt/x86_64/fips.addon b/redhat/addons/rhel/virt/x86_64/fips.addon new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/addons/rhel/virt/x86_64/fips.addon @@ -0,0 +1,2 @@ +# Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917 -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv10 1/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Emanuele Giuseppe Esposito
redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
Upstream Status: RHEL-Only
The folder redhat/addons will contain all addons configs specifying the
UKI kernel cmdline addons to be created in the next build. An addon
config is simply a .addon plain text file, where any line
is taken as kernel cmdline, except for the ones starting with '#',
which will be automatically ignored.
redhat/scripts/uki_addons.py will take care of parsing all configs and
folders in redhat/addons and call 'ukify' to create the actual addons.
The output addon filename will be a concatenation of all folders in
redhat/addons that are part of the addon config path.
The folder hierarchy inside of redhat/addons is similar to
redhat/configs: $distro/$UKI_NAME/%arch.
It is also possible to add .sbat to all the generated addons, by
populating redhat/addons/$distro/$UKI_NAME/%arch/sbat/sbat.conf.
Syntax is same as the addons config.
At build time, Makefile will create a tar.gz archive
($distro-$UKI_NAME-addons.tar.gz)
containing all the files in redhat/addons/$distro/$UKI_NAME. It will then
passed to the
kernel specfile that will extract the addons from it and generate the
UKI kernel cmdline addons.
Signed-off-by: Emanuele Giuseppe Esposito
diff --git a/redhat/Makefile b/redhat/Makefile
index blahblah..blahblah 100644
--- a/redhat/Makefile
+++ b/redhat/Makefile
@@ -679,6 +679,13 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source
dist-configs-check
@sed -e "s/%%SPECKVERSION%%/$(SPECKVERSION)/" \
-e "s/%%SPECKPATCHLEVEL%%/$(SPECKPATCHLEVEL)/" \
scripts/gating/rpminspect.yaml > $(SOURCES)/rpminspect.yaml
+ @for UKI_FLAVOR in addons/*; do \
+ FLAVOR_NAME=$$(basename $$UKI_FLAVOR); \
+ for UKI in $$UKI_FLAVOR/*; do \
+ UKI_NAME=$$(basename $$UKI); \
+ tar -czf $$FLAVOR_NAME-$$UKI_NAME-addons.tar.gz $$UKI; \
+ done; \
+ done
@cp scripts/kernel-tools/kvm_stat.logrotate \
keys/rhel*.x509 \
kabi/check-kabi \
@@ -690,6 +697,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source
dist-configs-check
scripts/mod/mod-partner.list \
scripts/mod/mod-sign.sh \
scripts/mod/mod-kvm.list \
+ scripts/uki_addons.py \
configs/flavors \
configs/generate_all_configs.sh \
configs/merge.py \
@@ -698,6 +706,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source
dist-configs-check
README.rst \
kernel-local \
dracut-virt.conf \
+ *-addons.tar.gz \
$(SOURCES)/
@cat $$(ls -1 $(SPECPACKAGE_NAME).changelog-* | sort -t '.' -k 3 -n -r)
\
> $(SOURCES)/kernel.changelog
diff --git a/redhat/addons/fedora/virt/aarch64/sbat/.gitkeep
b/redhat/addons/fedora/virt/aarch64/sbat/.gitkeep
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/addons/fedora/virt/aarch64/sbat/.gitkeep
diff --git a/redhat/addons/fedora/virt/x86_64/ciao.addon
b/redhat/addons/fedora/virt/x86_64/ciao.addon
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/addons/fedora/virt/x86_64/ciao.addon
@@ -0,0 +1,7 @@
+# noo
+ # n
+
+cmdline good
+also good
+ also good
+
diff --git a/redhat/addons/rhel/virt/aarch64/sbat/.gitkeep
b/redhat/addons/rhel/virt/aarch64/sbat/.gitkeep
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/addons/rhel/virt/aarch64/sbat/.gitkeep
diff --git a/redhat/addons/rhel/virt/x86_64/ciao.addon
b/redhat/addons/rhel/virt/x86_64/ciao.addon
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/addons/rhel/virt/x86_64/ciao.addon
@@ -0,0 +1,7 @@
+# noo
+ # n
+
+cmdline good
+also good
+ also good
+
diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template
index blahblah..blahblah 100644
--- a/redhat/kernel.spec.template
+++ b/redhat/kernel.spec.template
@@ -792,6 +792,8 @@ BuildRequires: binutils
BuildRequires: lvm2
BuildRequires: systemd-boot-unsigned
# For systemd-stub and systemd-pcrphase
+BuildRequires: systemd-ukify
+# For UKI kernel cmdline addons
BuildRequires: systemd-udev >= 252-1
# For TPM operations in UKI initramfs
BuildRequires: tpm2-tools
@@ -913,6 +915,7 @@ Source63: filter-aarch64.sh.fedora
Source64: filter-ppc64le.sh.fedora
Source65: filter-s390x.sh.fedora
Source66: filter-modules.sh.fedora
+
%endif
Source70: partial-kgcov-snip.config
@@ -933,6 +936,9 @@ Source86: dracut-virt.conf
Source87: flavors
+Source151: uki_addons.py
+Source152: %{primary_target}-virt-addons.tar.gz
+
Source100: rheldup3.x509
Source101: rhelkpatch1.x509
@@ -1518,6 +1524,11 @@ Provides: kernel-%{?1:%{1}-}uname-r =
%{KVERREL}%{uname_suffix
[OS-BUILD PATCHv10 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Emanuele Giuseppe Esposito on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917 We want to enable kernel.spec to optionally ship UKI addons defined in a common config file in redhat folder. The folder redhat/addons will contain all addons configs specifying the UKI kernel cmdline addons to be created in the next build. An addon config is simply a .addon plain text file, where any line is taken as kernel cmdline, except for the ones starting with '#', which will be automatically ignored. redhat/scripts/uki_addons.py will take care of parsing all configs and folders in redhat/addons and call 'ukify' to create the actual addons. The output addon filename will be a concatenation of all folders in redhat/addons that are part of the addon config path. For example, an addon config redhat/addons/1/2/3/test.addon will result in generating redhat/addons_output/1-2-3-test.addon.efi. It is also possible to add .sbat to all the generated addons, by populating redhat/addons/sbat/sbat.conf. Syntax is same as the addons config. At build time, Makefile will create a tar.gz archive (addons.tar.gz) containing all the files in redhat/addons. It will then passed to the kernel specfile that will extract the addons from it and generate the UKI kernel cmdline addons. As an example of this feature, add the fips addon to optionally enable fips (https://issues.redhat.com/browse/RHEL-23049). --- redhat/addons/fedora/virt/aarch64/sbat/.gitkeep |0 redhat/addons/fedora/virt/aarch64/fips.addon|2 + redhat/addons/fedora/virt/x86_64/fips.addon |2 + redhat/addons/rhel/virt/aarch64/sbat/.gitkeep |0 redhat/addons/rhel/virt/aarch64/fips.addon |2 + redhat/addons/rhel/virt/x86_64/fips.addon |2 + redhat/scripts/uki_addons.py| 137 redhat/Makefile |9 + redhat/kernel.spec.template | 45 +++ 9 files changed, 199 insertions(+), 0 deletions(-) -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv9 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Emanuele Giuseppe Esposito on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917 We want to enable kernel.spec to optionally ship UKI addons defined in a common config file in redhat folder. The folder redhat/addons will contain all addons configs specifying the UKI kernel cmdline addons to be created in the next build. An addon config is simply a .addon plain text file, where any line is taken as kernel cmdline, except for the ones starting with '#', which will be automatically ignored. redhat/scripts/uki_addons.py will take care of parsing all configs and folders in redhat/addons and call 'ukify' to create the actual addons. The output addon filename will be a concatenation of all folders in redhat/addons that are part of the addon config path. For example, an addon config redhat/addons/1/2/3/test.addon will result in generating redhat/addons_output/1-2-3-test.addon.efi. It is also possible to add .sbat to all the generated addons, by populating redhat/addons/sbat/sbat.conf. Syntax is same as the addons config. At build time, Makefile will create a tar.gz archive (addons.tar.gz) containing all the files in redhat/addons. It will then passed to the kernel specfile that will extract the addons from it and generate the UKI kernel cmdline addons. As an example of this feature, add the fips addon to optionally enable fips (https://issues.redhat.com/browse/RHEL-23049). --- redhat/addons/fedora/virt/aarch64/sbat/.gitkeep |0 redhat/addons/fedora/virt/aarch64/fips.addon|2 + redhat/addons/fedora/virt/x86_64/fips.addon |2 + redhat/addons/rhel/virt/aarch64/sbat/.gitkeep |0 redhat/addons/rhel/virt/aarch64/fips.addon |2 + redhat/addons/rhel/virt/x86_64/fips.addon |2 + redhat/scripts/uki_addons.py| 137 redhat/Makefile |9 + redhat/kernel.spec.template | 45 +++ 9 files changed, 199 insertions(+), 0 deletions(-) -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv9 1/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Emanuele Giuseppe Esposito
redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
Upstream Status: RHEL-Only
The folder redhat/addons will contain all addons configs specifying the
UKI kernel cmdline addons to be created in the next build. An addon
config is simply a .addon plain text file, where any line
is taken as kernel cmdline, except for the ones starting with '#',
which will be automatically ignored.
redhat/scripts/uki_addons.py will take care of parsing all configs and
folders in redhat/addons and call 'ukify' to create the actual addons.
The output addon filename will be a concatenation of all folders in
redhat/addons that are part of the addon config path.
The folder hierarchy inside of redhat/addons is similar to
redhat/configs: $distro/$UKI_NAME/%arch.
It is also possible to add .sbat to all the generated addons, by
populating redhat/addons/$distro/$UKI_NAME/%arch/sbat/sbat.conf.
Syntax is same as the addons config.
At build time, Makefile will create a tar.gz archive
($distro-$UKI_NAME-addons.tar.gz)
containing all the files in redhat/addons/$distro/$UKI_NAME. It will then
passed to the
kernel specfile that will extract the addons from it and generate the
UKI kernel cmdline addons.
Signed-off-by: Emanuele Giuseppe Esposito
diff --git a/redhat/Makefile b/redhat/Makefile
index blahblah..blahblah 100644
--- a/redhat/Makefile
+++ b/redhat/Makefile
@@ -679,6 +679,13 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source
dist-configs-check
@sed -e "s/%%SPECKVERSION%%/$(SPECKVERSION)/" \
-e "s/%%SPECKPATCHLEVEL%%/$(SPECKPATCHLEVEL)/" \
scripts/gating/rpminspect.yaml > $(SOURCES)/rpminspect.yaml
+ @for UKI_FLAVOR in addons/*; do \
+ FLAVOR_NAME=$$(basename $$UKI_FLAVOR); \
+ for UKI in $$UKI_FLAVOR/*; do \
+ UKI_NAME=$$(basename $$UKI); \
+ tar -czf $$FLAVOR_NAME-$$UKI_NAME-addons.tar.gz $$UKI; \
+ done; \
+ done
@cp scripts/kernel-tools/kvm_stat.logrotate \
keys/rhel*.x509 \
kabi/check-kabi \
@@ -690,6 +697,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source
dist-configs-check
scripts/mod/mod-partner.list \
scripts/mod/mod-sign.sh \
scripts/mod/mod-kvm.list \
+ scripts/uki_addons.py \
configs/flavors \
configs/generate_all_configs.sh \
configs/merge.py \
@@ -698,6 +706,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source
dist-configs-check
README.rst \
kernel-local \
dracut-virt.conf \
+ *-addons.tar.gz \
$(SOURCES)/
@cat $$(ls -1 $(SPECPACKAGE_NAME).changelog-* | sort -t '.' -k 3 -n -r)
\
> $(SOURCES)/kernel.changelog
diff --git a/redhat/addons/fedora/virt/aarch64/sbat/.gitkeep
b/redhat/addons/fedora/virt/aarch64/sbat/.gitkeep
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/addons/fedora/virt/aarch64/sbat/.gitkeep
diff --git a/redhat/addons/fedora/virt/x86_64/ciao.addon
b/redhat/addons/fedora/virt/x86_64/ciao.addon
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/addons/fedora/virt/x86_64/ciao.addon
@@ -0,0 +1,7 @@
+# noo
+ # n
+
+cmdline good
+also good
+ also good
+
diff --git a/redhat/addons/rhel/virt/aarch64/sbat/.gitkeep
b/redhat/addons/rhel/virt/aarch64/sbat/.gitkeep
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/addons/rhel/virt/aarch64/sbat/.gitkeep
diff --git a/redhat/addons/rhel/virt/x86_64/ciao.addon
b/redhat/addons/rhel/virt/x86_64/ciao.addon
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/addons/rhel/virt/x86_64/ciao.addon
@@ -0,0 +1,7 @@
+# noo
+ # n
+
+cmdline good
+also good
+ also good
+
diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template
index blahblah..blahblah 100644
--- a/redhat/kernel.spec.template
+++ b/redhat/kernel.spec.template
@@ -792,6 +792,8 @@ BuildRequires: binutils
BuildRequires: lvm2
BuildRequires: systemd-boot-unsigned
# For systemd-stub and systemd-pcrphase
+BuildRequires: systemd-ukify
+# For UKI kernel cmdline addons
BuildRequires: systemd-udev >= 252-1
# For TPM operations in UKI initramfs
BuildRequires: tpm2-tools
@@ -913,6 +915,7 @@ Source63: filter-aarch64.sh.fedora
Source64: filter-ppc64le.sh.fedora
Source65: filter-s390x.sh.fedora
Source66: filter-modules.sh.fedora
+
%endif
Source70: partial-kgcov-snip.config
@@ -933,6 +936,9 @@ Source86: dracut-virt.conf
Source87: flavors
+Source151: uki_addons.py
+Source152: %{primary_target}-virt-addons.tar.gz
+
Source100: rheldup3.x509
Source101: rhelkpatch1.x509
@@ -1518,6 +1524,11 @@ Provides: kernel-%{?1:%{1}-}uname-r =
%{KVERREL}%{uname_suffix
[OS-BUILD PATCHv9 2/2] redhat/uki_cmdline_addons.conf: add FIPS addon
From: Emanuele Giuseppe Esposito redhat/uki_cmdline_addons.conf: add FIPS addon Upstream Status: RHEL-Only The fips addon simply enable fips in the kernel command line. Signed-off-by: Emanuele Giuseppe Esposito diff --git a/redhat/addons/fedora/virt/aarch64/fips.addon b/redhat/addons/fedora/virt/aarch64/fips.addon new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/addons/fedora/virt/aarch64/fips.addon @@ -0,0 +1,2 @@ +# Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 diff --git a/redhat/addons/fedora/virt/x86_64/ciao.addon b/redhat/addons/fedora/virt/x86_64/ciao.addon deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/addons/fedora/virt/x86_64/ciao.addon +++ /dev/null @@ -1,7 +0,0 @@ -# noo - # n - -cmdline good -also good - also good - diff --git a/redhat/addons/fedora/virt/x86_64/fips.addon b/redhat/addons/fedora/virt/x86_64/fips.addon new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/addons/fedora/virt/x86_64/fips.addon @@ -0,0 +1,2 @@ +# Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 diff --git a/redhat/addons/rhel/virt/aarch64/fips.addon b/redhat/addons/rhel/virt/aarch64/fips.addon new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/addons/rhel/virt/aarch64/fips.addon @@ -0,0 +1,2 @@ +# Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 diff --git a/redhat/addons/rhel/virt/x86_64/ciao.addon b/redhat/addons/rhel/virt/x86_64/ciao.addon deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/addons/rhel/virt/x86_64/ciao.addon +++ /dev/null @@ -1,7 +0,0 @@ -# noo - # n - -cmdline good -also good - also good - diff --git a/redhat/addons/rhel/virt/x86_64/fips.addon b/redhat/addons/rhel/virt/x86_64/fips.addon new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/addons/rhel/virt/x86_64/fips.addon @@ -0,0 +1,2 @@ +# Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917 -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv8 2/2] redhat/uki_cmdline_addons.conf: add FIPS addon
From: Emanuele Giuseppe Esposito redhat/uki_cmdline_addons.conf: add FIPS addon Upstream Status: RHEL-Only The fips addon simply enable fips in the kernel command line. Signed-off-by: Emanuele Giuseppe Esposito diff --git a/redhat/addons/fedora/virt/aarch64/fips.addon b/redhat/addons/fedora/virt/aarch64/fips.addon new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/addons/fedora/virt/aarch64/fips.addon @@ -0,0 +1,2 @@ +# Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 diff --git a/redhat/addons/fedora/virt/x86_64/ciao.addon b/redhat/addons/fedora/virt/x86_64/ciao.addon deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/addons/fedora/virt/x86_64/ciao.addon +++ /dev/null @@ -1,7 +0,0 @@ -# noo - # n - -cmdline good -also good - also good - diff --git a/redhat/addons/fedora/virt/x86_64/fips.addon b/redhat/addons/fedora/virt/x86_64/fips.addon new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/addons/fedora/virt/x86_64/fips.addon @@ -0,0 +1,2 @@ +# Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 diff --git a/redhat/addons/rhel/virt/aarch64/fips.addon b/redhat/addons/rhel/virt/aarch64/fips.addon new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/addons/rhel/virt/aarch64/fips.addon @@ -0,0 +1,2 @@ +# Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 diff --git a/redhat/addons/rhel/virt/x86_64/ciao.addon b/redhat/addons/rhel/virt/x86_64/ciao.addon deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/addons/rhel/virt/x86_64/ciao.addon +++ /dev/null @@ -1,7 +0,0 @@ -# noo - # n - -cmdline good -also good - also good - diff --git a/redhat/addons/rhel/virt/x86_64/fips.addon b/redhat/addons/rhel/virt/x86_64/fips.addon new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/addons/rhel/virt/x86_64/fips.addon @@ -0,0 +1,2 @@ +# Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917 -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv8 1/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Emanuele Giuseppe Esposito
redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
Upstream Status: RHEL-Only
The folder redhat/addons will contain all addons configs specifying the
UKI kernel cmdline addons to be created in the next build. An addon
config is simply a .addon plain text file, where any line
is taken as kernel cmdline, except for the ones starting with '#',
which will be automatically ignored.
redhat/scripts/uki_addons.py will take care of parsing all configs and
folders in redhat/addons and call 'ukify' to create the actual addons.
The output addon filename will be a concatenation of all folders in
redhat/addons that are part of the addon config path.
The folder hierarchy inside of redhat/addons is similar to
redhat/configs: $distro/$UKI_NAME/%arch.
It is also possible to add .sbat to all the generated addons, by
populating redhat/addons/$distro/$UKI_NAME/%arch/sbat/sbat.conf.
Syntax is same as the addons config.
At build time, Makefile will create a tar.gz archive
($distro-$UKI_NAME-addons.tar.gz)
containing all the files in redhat/addons/$distro/$UKI_NAME. It will then
passed to the
kernel specfile that will extract the addons from it and generate the
UKI kernel cmdline addons.
Signed-off-by: Emanuele Giuseppe Esposito
diff --git a/redhat/Makefile b/redhat/Makefile
index blahblah..blahblah 100644
--- a/redhat/Makefile
+++ b/redhat/Makefile
@@ -679,6 +679,13 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source
dist-configs-check
@sed -e "s/%%SPECKVERSION%%/$(SPECKVERSION)/" \
-e "s/%%SPECKPATCHLEVEL%%/$(SPECKPATCHLEVEL)/" \
scripts/gating/rpminspect.yaml > $(SOURCES)/rpminspect.yaml
+ @for UKI_FLAVOR in addons/*; do \
+ FLAVOR_NAME=$$(basename $$UKI_FLAVOR); \
+ for UKI in $$UKI_FLAVOR/*; do \
+ UKI_NAME=$$(basename $$UKI); \
+ tar -czf $$FLAVOR_NAME-$$UKI_NAME-addons.tar.gz $$UKI; \
+ done; \
+ done
@cp scripts/kernel-tools/kvm_stat.logrotate \
keys/rhel*.x509 \
kabi/check-kabi \
@@ -690,6 +697,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source
dist-configs-check
scripts/mod/mod-partner.list \
scripts/mod/mod-sign.sh \
scripts/mod/mod-kvm.list \
+ scripts/uki_addons.py \
configs/flavors \
configs/generate_all_configs.sh \
configs/merge.py \
@@ -698,6 +706,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source
dist-configs-check
README.rst \
kernel-local \
dracut-virt.conf \
+ *-addons.tar.gz \
$(SOURCES)/
@cat $$(ls -1 $(SPECPACKAGE_NAME).changelog-* | sort -t '.' -k 3 -n -r)
\
> $(SOURCES)/kernel.changelog
diff --git a/redhat/addons/fedora/virt/aarch64/sbat/.gitkeep
b/redhat/addons/fedora/virt/aarch64/sbat/.gitkeep
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/addons/fedora/virt/aarch64/sbat/.gitkeep
diff --git a/redhat/addons/fedora/virt/x86_64/ciao.addon
b/redhat/addons/fedora/virt/x86_64/ciao.addon
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/addons/fedora/virt/x86_64/ciao.addon
@@ -0,0 +1,7 @@
+# noo
+ # n
+
+cmdline good
+also good
+ also good
+
diff --git a/redhat/addons/rhel/virt/aarch64/sbat/.gitkeep
b/redhat/addons/rhel/virt/aarch64/sbat/.gitkeep
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/addons/rhel/virt/aarch64/sbat/.gitkeep
diff --git a/redhat/addons/rhel/virt/x86_64/ciao.addon
b/redhat/addons/rhel/virt/x86_64/ciao.addon
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/addons/rhel/virt/x86_64/ciao.addon
@@ -0,0 +1,7 @@
+# noo
+ # n
+
+cmdline good
+also good
+ also good
+
diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template
index blahblah..blahblah 100644
--- a/redhat/kernel.spec.template
+++ b/redhat/kernel.spec.template
@@ -792,6 +792,8 @@ BuildRequires: binutils
BuildRequires: lvm2
BuildRequires: systemd-boot-unsigned
# For systemd-stub and systemd-pcrphase
+BuildRequires: systemd-ukify
+# For UKI kernel cmdline addons
BuildRequires: systemd-udev >= 252-1
# For TPM operations in UKI initramfs
BuildRequires: tpm2-tools
@@ -913,6 +915,7 @@ Source63: filter-aarch64.sh.fedora
Source64: filter-ppc64le.sh.fedora
Source65: filter-s390x.sh.fedora
Source66: filter-modules.sh.fedora
+
%endif
Source70: partial-kgcov-snip.config
@@ -933,6 +936,9 @@ Source86: dracut-virt.conf
Source87: flavors
+Source151: uki_addons.py
+Source152: %{primary_target}-virt-addons.tar.gz
+
Source100: rheldup3.x509
Source101: rhelkpatch1.x509
@@ -1518,6 +1524,11 @@ Provides: kernel-%{?1:%{1}-}uname-r =
%{KVERREL}%{uname_suffix
[OS-BUILD PATCHv8 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Emanuele Giuseppe Esposito on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917 We want to enable kernel.spec to optionally ship UKI addons defined in a common config file in redhat folder. The folder redhat/addons will contain all addons configs specifying the UKI kernel cmdline addons to be created in the next build. An addon config is simply a .addon plain text file, where any line is taken as kernel cmdline, except for the ones starting with '#', which will be automatically ignored. redhat/scripts/uki_addons.py will take care of parsing all configs and folders in redhat/addons and call 'ukify' to create the actual addons. The output addon filename will be a concatenation of all folders in redhat/addons that are part of the addon config path. For example, an addon config redhat/addons/1/2/3/test.addon will result in generating redhat/addons_output/1-2-3-test.addon.efi. It is also possible to add .sbat to all the generated addons, by populating redhat/addons/sbat/sbat.conf. Syntax is same as the addons config. At build time, Makefile will create a tar.gz archive (addons.tar.gz) containing all the files in redhat/addons. It will then passed to the kernel specfile that will extract the addons from it and generate the UKI kernel cmdline addons. As an example of this feature, add the fips addon to optionally enable fips (https://issues.redhat.com/browse/RHEL-23049). --- redhat/addons/fedora/virt/aarch64/sbat/.gitkeep |0 redhat/addons/fedora/virt/aarch64/fips.addon|2 + redhat/addons/fedora/virt/x86_64/fips.addon |2 + redhat/addons/rhel/virt/aarch64/sbat/.gitkeep |0 redhat/addons/rhel/virt/aarch64/fips.addon |2 + redhat/addons/rhel/virt/x86_64/fips.addon |2 + redhat/scripts/uki_addons.py| 125 redhat/Makefile |9 + redhat/kernel.spec.template | 45 9 files changed, 187 insertions(+), 0 deletions(-) -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv7 1/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Emanuele Giuseppe Esposito
redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
Upstream Status: RHEL-Only
The folder redhat/addons will contain all addons configs specifying the
UKI kernel cmdline addons to be created in the next build. An addon
config is simply a .addon plain text file, where any line
is taken as kernel cmdline, except for the ones starting with '#',
which will be automatically ignored.
redhat/scripts/uki_addons.py will take care of parsing all configs and
folders in redhat/addons and call 'ukify' to create the actual addons.
The output addon filename will be a concatenation of all folders in
redhat/addons that are part of the addon config path.
The folder hierarchy inside of redhat/addons is similar to
redhat/configs: $distro/$UKI_NAME/%arch.
It is also possible to add .sbat to all the generated addons, by
populating redhat/addons/$distro/$UKI_NAME/%arch/sbat/sbat.conf.
Syntax is same as the addons config.
At build time, Makefile will create a tar.gz archive
($distro-$UKI_NAME-addons.tar.gz)
containing all the files in redhat/addons/$distro/$UKI_NAME. It will then
passed to the
kernel specfile that will extract the addons from it and generate the
UKI kernel cmdline addons.
Signed-off-by: Emanuele Giuseppe Esposito
diff --git a/redhat/Makefile b/redhat/Makefile
index blahblah..blahblah 100644
--- a/redhat/Makefile
+++ b/redhat/Makefile
@@ -679,6 +679,13 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source
dist-configs-check
@sed -e "s/%%SPECKVERSION%%/$(SPECKVERSION)/" \
-e "s/%%SPECKPATCHLEVEL%%/$(SPECKPATCHLEVEL)/" \
scripts/gating/rpminspect.yaml > $(SOURCES)/rpminspect.yaml
+ @for UKI_FLAVOR in addons/*; do \
+ FLAVOR_NAME=$$(basename $$UKI_FLAVOR); \
+ for UKI in $$UKI_FLAVOR/*; do \
+ UKI_NAME=$$(basename $$UKI); \
+ tar -czf $$FLAVOR_NAME-$$UKI_NAME-addons.tar.gz $$UKI; \
+ done; \
+ done
@cp scripts/kernel-tools/kvm_stat.logrotate \
keys/rhel*.x509 \
kabi/check-kabi \
@@ -690,6 +697,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source
dist-configs-check
scripts/mod/mod-partner.list \
scripts/mod/mod-sign.sh \
scripts/mod/mod-kvm.list \
+ scripts/uki_addons.py \
configs/flavors \
configs/generate_all_configs.sh \
configs/merge.py \
@@ -698,6 +706,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source
dist-configs-check
README.rst \
kernel-local \
dracut-virt.conf \
+ *-addons.tar.gz \
$(SOURCES)/
@cat $$(ls -1 $(SPECPACKAGE_NAME).changelog-* | sort -t '.' -k 3 -n -r)
\
> $(SOURCES)/kernel.changelog
diff --git a/redhat/addons/fedora/virt/x86_64/ciao.addon
b/redhat/addons/fedora/virt/x86_64/ciao.addon
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/addons/fedora/virt/x86_64/ciao.addon
@@ -0,0 +1,7 @@
+# noo
+ # n
+
+cmdline good
+also good
+ also good
+
diff --git a/redhat/addons/rhel/virt/x86_64/ciao.addon
b/redhat/addons/rhel/virt/x86_64/ciao.addon
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/addons/rhel/virt/x86_64/ciao.addon
@@ -0,0 +1,7 @@
+# noo
+ # n
+
+cmdline good
+also good
+ also good
+
diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template
index blahblah..blahblah 100644
--- a/redhat/kernel.spec.template
+++ b/redhat/kernel.spec.template
@@ -792,6 +792,8 @@ BuildRequires: binutils
BuildRequires: lvm2
BuildRequires: systemd-boot-unsigned
# For systemd-stub and systemd-pcrphase
+BuildRequires: systemd-ukify
+# For UKI kernel cmdline addons
BuildRequires: systemd-udev >= 252-1
# For TPM operations in UKI initramfs
BuildRequires: tpm2-tools
@@ -913,6 +915,7 @@ Source63: filter-aarch64.sh.fedora
Source64: filter-ppc64le.sh.fedora
Source65: filter-s390x.sh.fedora
Source66: filter-modules.sh.fedora
+
%endif
Source70: partial-kgcov-snip.config
@@ -933,6 +936,9 @@ Source86: dracut-virt.conf
Source87: flavors
+Source151: uki_addons.py
+Source152: %{primary_target}-virt-addons.tar.gz
+
Source100: rheldup3.x509
Source101: rhelkpatch1.x509
@@ -1518,6 +1524,11 @@ Provides: kernel-%{?1:%{1}-}uname-r =
%{KVERREL}%{uname_suffix %{?1:+%{1}}}\
Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix
%{?1:+%{1}}}\
Requires(pre): %{kernel_prereq}\
Requires(pre): systemd >= 254-1\
+%package %{?1:%{1}-}uki-virt-addons\
+Summary: %{variant_summary} unified kernel image addons for virtual machines\
+Provides: installonlypkg(kernel)\
+Requires: kernel%{?1:-%{1}}-uki-virt = %{specrpmversion}-%{release}\
+Requires(pre): systemd >= 254-1\
%endif\
%endif\
%if
[OS-BUILD PATCHv7 2/2] redhat/uki_cmdline_addons.conf: add FIPS addon
From: Emanuele Giuseppe Esposito redhat/uki_cmdline_addons.conf: add FIPS addon Upstream Status: RHEL-Only The fips addon simply enable fips in the kernel command line. Signed-off-by: Emanuele Giuseppe Esposito diff --git a/redhat/addons/fedora/virt/x86_64/ciao.addon b/redhat/addons/fedora/virt/x86_64/ciao.addon deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/addons/fedora/virt/x86_64/ciao.addon +++ /dev/null @@ -1,7 +0,0 @@ -# noo - # n - -cmdline good -also good - also good - diff --git a/redhat/addons/fedora/virt/x86_64/fips.addon b/redhat/addons/fedora/virt/x86_64/fips.addon new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/addons/fedora/virt/x86_64/fips.addon @@ -0,0 +1,2 @@ +# Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 diff --git a/redhat/addons/rhel/virt/x86_64/ciao.addon b/redhat/addons/rhel/virt/x86_64/ciao.addon deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/addons/rhel/virt/x86_64/ciao.addon +++ /dev/null @@ -1,7 +0,0 @@ -# noo - # n - -cmdline good -also good - also good - diff --git a/redhat/addons/rhel/virt/x86_64/fips.addon b/redhat/addons/rhel/virt/x86_64/fips.addon new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/addons/rhel/virt/x86_64/fips.addon @@ -0,0 +1,2 @@ +# Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917 -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv7 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Emanuele Giuseppe Esposito on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917 We want to enable kernel.spec to optionally ship UKI addons defined in a common config file in redhat folder. The folder redhat/addons will contain all addons configs specifying the UKI kernel cmdline addons to be created in the next build. An addon config is simply a .addon plain text file, where any line is taken as kernel cmdline, except for the ones starting with '#', which will be automatically ignored. redhat/scripts/uki_addons.py will take care of parsing all configs and folders in redhat/addons and call 'ukify' to create the actual addons. The output addon filename will be a concatenation of all folders in redhat/addons that are part of the addon config path. For example, an addon config redhat/addons/1/2/3/test.addon will result in generating redhat/addons_output/1-2-3-test.addon.efi. It is also possible to add .sbat to all the generated addons, by populating redhat/addons/sbat/sbat.conf. Syntax is same as the addons config. At build time, Makefile will create a tar.gz archive (addons.tar.gz) containing all the files in redhat/addons. It will then passed to the kernel specfile that will extract the addons from it and generate the UKI kernel cmdline addons. As an example of this feature, add the fips addon to optionally enable fips (https://issues.redhat.com/browse/RHEL-23049). --- redhat/addons/fedora/virt/x86_64/fips.addon |2 + redhat/addons/rhel/virt/x86_64/fips.addon |2 + redhat/scripts/uki_addons.py| 125 redhat/Makefile |9 ++ redhat/kernel.spec.template | 45 ++ 5 files changed, 183 insertions(+), 0 deletions(-) -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv6 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Emanuele Giuseppe Esposito on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917#note_1809308997 @vkuznets @berrange @prudo1 I sent another version. In this version, I use a config-like addons structure, split configs and create a sub-rpm depending on UKIs, arch and distro. This should be something more in the direction of Daniel's approach, but also keeping it simple as Vitaly suggested (code for virt uki in kernel.spec is unaltered basically). In addition, it is worth mentioning that there is a kernel-debug-virt-addons sub-rpm created automatically, that could also be used to ship non-signed addons and also make Phillip happy :smile: Let me know what do you think! -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv6 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Emanuele Giuseppe Esposito on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917 We want to enable kernel.spec to optionally ship UKI addons defined in a common config file in redhat folder. The folder redhat/addons will contain all addons configs specifying the UKI kernel cmdline addons to be created in the next build. An addon config is simply a .addon plain text file, where any line is taken as kernel cmdline, except for the ones starting with '#', which will be automatically ignored. redhat/scripts/uki_addons.py will take care of parsing all configs and folders in redhat/addons and call 'ukify' to create the actual addons. The output addon filename will be a concatenation of all folders in redhat/addons that are part of the addon config path. For example, an addon config redhat/addons/1/2/3/test.addon will result in generating redhat/addons_output/1-2-3-test.addon.efi. It is also possible to add .sbat to all the generated addons, by populating redhat/addons/sbat/sbat.conf. Syntax is same as the addons config. At build time, Makefile will create a tar.gz archive (addons.tar.gz) containing all the files in redhat/addons. It will then passed to the kernel specfile that will extract the addons from it and generate the UKI kernel cmdline addons. As an example of this feature, add the fips addon to optionally enable fips (https://issues.redhat.com/browse/RHEL-23049). --- redhat/addons/fedora/virt/x86_64/fips.addon |2 + redhat/addons/rhel/virt/x86_64/fips.addon |2 + redhat/scripts/uki_addons.py| 125 redhat/Makefile |9 ++ redhat/kernel.spec.template | 33 +++ 5 files changed, 171 insertions(+), 0 deletions(-) -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv6 1/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Emanuele Giuseppe Esposito
redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
Upstream Status: RHEL-Only
The folder redhat/addons will contain all addons configs specifying the
UKI kernel cmdline addons to be created in the next build. An addon
config is simply a .addon plain text file, where any line
is taken as kernel cmdline, except for the ones starting with '#',
which will be automatically ignored.
redhat/scripts/uki_addons.py will take care of parsing all configs and
folders in redhat/addons and call 'ukify' to create the actual addons.
The output addon filename will be a concatenation of all folders in
redhat/addons that are part of the addon config path.
The folder hierarchy inside of redhat/addons is similar to
redhat/configs: $distro/$UKI_NAME/%arch.
It is also possible to add .sbat to all the generated addons, by
populating redhat/addons/$distro/$UKI_NAME/%arch/sbat/sbat.conf.
Syntax is same as the addons config.
At build time, Makefile will create a tar.gz archive
($distro-$UKI_NAME-addons.tar.gz)
containing all the files in redhat/addons/$distro/$UKI_NAME. It will then
passed to the
kernel specfile that will extract the addons from it and generate the
UKI kernel cmdline addons.
Signed-off-by: Emanuele Giuseppe Esposito
diff --git a/redhat/Makefile b/redhat/Makefile
index blahblah..blahblah 100644
--- a/redhat/Makefile
+++ b/redhat/Makefile
@@ -679,6 +679,13 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source
dist-configs-check
@sed -e "s/%%SPECKVERSION%%/$(SPECKVERSION)/" \
-e "s/%%SPECKPATCHLEVEL%%/$(SPECKPATCHLEVEL)/" \
scripts/gating/rpminspect.yaml > $(SOURCES)/rpminspect.yaml
+ @for UKI_FLAVOR in addons/*; do \
+ FLAVOR_NAME=$$(basename $$UKI_FLAVOR); \
+ for UKI in $$UKI_FLAVOR/*; do \
+ UKI_NAME=$$(basename $$UKI); \
+ tar -czf $$FLAVOR_NAME-$$UKI_NAME-addons.tar.gz $$UKI; \
+ done; \
+ done
@cp scripts/kernel-tools/kvm_stat.logrotate \
keys/rhel*.x509 \
kabi/check-kabi \
@@ -690,6 +697,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source
dist-configs-check
scripts/mod/mod-partner.list \
scripts/mod/mod-sign.sh \
scripts/mod/mod-kvm.list \
+ scripts/uki_addons.py \
configs/flavors \
configs/generate_all_configs.sh \
configs/merge.py \
@@ -698,6 +706,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source
dist-configs-check
README.rst \
kernel-local \
dracut-virt.conf \
+ *-addons.tar.gz \
$(SOURCES)/
@cat $$(ls -1 $(SPECPACKAGE_NAME).changelog-* | sort -t '.' -k 3 -n -r)
\
> $(SOURCES)/kernel.changelog
diff --git a/redhat/addons/fedora/virt/x86_64/ciao.addon
b/redhat/addons/fedora/virt/x86_64/ciao.addon
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/addons/fedora/virt/x86_64/ciao.addon
@@ -0,0 +1,7 @@
+# noo
+ # n
+
+cmdline good
+also good
+ also good
+
diff --git a/redhat/addons/rhel/virt/x86_64/ciao.addon
b/redhat/addons/rhel/virt/x86_64/ciao.addon
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/addons/rhel/virt/x86_64/ciao.addon
@@ -0,0 +1,7 @@
+# noo
+ # n
+
+cmdline good
+also good
+ also good
+
diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template
index blahblah..blahblah 100644
--- a/redhat/kernel.spec.template
+++ b/redhat/kernel.spec.template
@@ -792,6 +792,8 @@ BuildRequires: binutils
BuildRequires: lvm2
BuildRequires: systemd-boot-unsigned
# For systemd-stub and systemd-pcrphase
+BuildRequires: systemd-ukify
+# For UKI kernel cmdline addons
BuildRequires: systemd-udev >= 252-1
# For TPM operations in UKI initramfs
BuildRequires: tpm2-tools
@@ -913,6 +915,7 @@ Source63: filter-aarch64.sh.fedora
Source64: filter-ppc64le.sh.fedora
Source65: filter-s390x.sh.fedora
Source66: filter-modules.sh.fedora
+
%endif
Source70: partial-kgcov-snip.config
@@ -933,6 +936,9 @@ Source86: dracut-virt.conf
Source87: flavors
+Source151: uki_addons.py
+Source152: %{primary_target}-virt-addons.tar.gz
+
Source100: rheldup3.x509
Source101: rhelkpatch1.x509
@@ -1518,6 +1524,11 @@ Provides: kernel-%{?1:%{1}-}uname-r =
%{KVERREL}%{uname_suffix %{?1:+%{1}}}\
Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix
%{?1:+%{1}}}\
Requires(pre): %{kernel_prereq}\
Requires(pre): systemd >= 254-1\
+%package %{?1:%{1}-}uki-virt-addons\
+Summary: %{variant_summary} unified kernel image addons for virtual machines\
+Provides: installonlypkg(kernel)\
+Requires: kernel%{?1:-%{1}}-uki-virt = %{specrpmversion}-%{release}\
+Requires(pre): systemd >= 254-1\
%endif\
%endif\
%if
[OS-BUILD PATCHv6 2/2] redhat/uki_cmdline_addons.conf: add FIPS addon
From: Emanuele Giuseppe Esposito redhat/uki_cmdline_addons.conf: add FIPS addon Upstream Status: RHEL-Only The fips addon simply enable fips in the kernel command line. Signed-off-by: Emanuele Giuseppe Esposito diff --git a/redhat/addons/fedora/virt/x86_64/ciao.addon b/redhat/addons/fedora/virt/x86_64/ciao.addon deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/addons/fedora/virt/x86_64/ciao.addon +++ /dev/null @@ -1,7 +0,0 @@ -# noo - # n - -cmdline good -also good - also good - diff --git a/redhat/addons/fedora/virt/x86_64/fips.addon b/redhat/addons/fedora/virt/x86_64/fips.addon new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/addons/fedora/virt/x86_64/fips.addon @@ -0,0 +1,2 @@ +# Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 diff --git a/redhat/addons/rhel/virt/x86_64/ciao.addon b/redhat/addons/rhel/virt/x86_64/ciao.addon deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/addons/rhel/virt/x86_64/ciao.addon +++ /dev/null @@ -1,7 +0,0 @@ -# noo - # n - -cmdline good -also good - also good - diff --git a/redhat/addons/rhel/virt/x86_64/fips.addon b/redhat/addons/rhel/virt/x86_64/fips.addon new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/addons/rhel/virt/x86_64/fips.addon @@ -0,0 +1,2 @@ +# Enable fips in RHEL (https://issues.redhat.com/browse/RHEL-23049) +fips=1 -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917 -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
