Re: [OS-BUILD PATCHv12 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917#note_1843369137 (I apologize if I've missed some parts of the discussion) Allowing to install multiple `kernel-uki-virt` packages in parallel is a must as that's how we upgrade kernels today. With the introduction of `kernel-uki-virt-addons` this means several versions of `kernel-uki-virt-addons` should co-exist normally. It may happen that addons change between versions so files should not intersect (even if RPM allows that, not sure). My (probably silly) suggestion would be to use directory similar to what's going to be on the ESP and somewhat similar to /usr/lib/modules. E.g., ``` /usr/lib/linux/extra.d/6.9.0-0.rc0.a4145ce1e7bc.11.test.fc41.x86_64/fips- virt.fedora.x86_64.addon.efi ``` In this scheme, third party addons can live in `/usr/lib/linux/extra.d/` without any sub-dir, e.g. ``` /usr/lib/linux/extra.d/third-party-addon-mydistro.x86_64.addon.efi ``` -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv12 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917#note_1841630493 While separating addons into `kernel-uki-virt-addons` package may make perfect sense when we have a lot of them, we can probably postpone it and just package them in the same package with UKI while there's just a few. -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv12 2/2] redhat/uki_cmdline_addons.conf: add FIPS addon
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917#note_1841625716 It may make sense to avoid mentioning RHEL in ARK MRs. -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv12 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917#note_1841621091 @eesposit I'm looking at kernel-uki-virt- addons-6.9.0-0.rc0.a4145ce1e7bc.11.test.fc41.x86_64.rpm: ``` $ rpm -qpl /tmp/kernel-uki-virt- addons-6.9.0-0.rc0.a4145ce1e7bc.11.test.fc41.x86_64.rpm /usr/lib/linux/extra.d/fips-virt.fedora.x86_64.addon.efi ``` at the same time dependencies are stict: ``` $ rpm -qp --requires /tmp/kernel-uki-virt- addons-6.9.0-0.rc0.a4145ce1e7bc.11.test.fc41.x86_64.rpm kernel-uki-virt = 6.9.0-0.rc0.a4145ce1e7bc.11.test.fc41 ... ``` so imaging I want to install two UKI versions, it'll require to install two kernel-uki-virt-addons packages providing the same file. While it doesn't really matter for 'FIPS' addon we have, what if we ever decide to change the addon and thus the file won't be the same? I think we need to use a versioned location so two installed kernel-uki-virt-addons don't clash. -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv12 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917#note_1841621091 @eesposit I'm looking at kernel-uki-virt- addons-6.9.0-0.rc0.a4145ce1e7bc.11.test.fc41.x86_64.rpm: ` $ rpm -qpl /tmp/kernel-uki-virt- addons-6.9.0-0.rc0.a4145ce1e7bc.11.test.fc41.x86_64.rpm /usr/lib/linux/extra.d/fips-virt.fedora.x86_64.addon.efi ` at the same time dependencies are stict: ` $ rpm -qp --requires /tmp/kernel-uki-virt- addons-6.9.0-0.rc0.a4145ce1e7bc.11.test.fc41.x86_64.rpm kernel-uki-virt = 6.9.0-0.rc0.a4145ce1e7bc.11.test.fc41 ... ` so imaging I want to install two UKI versions, it'll require to install two kernel-uki-virt-addons packages providing the same file. While it doesn't really matter for 'FIPS' addon we have, what if we ever decide to change the addon and thus the file won't be the same? I think we need to use a versioned location so two installed kernel-uki-virt-addons don't clash. -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv12 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917#note_1841621091 @eesposit I'm looking at kernel-uki-virt- addons-6.9.0-0.rc0.a4145ce1e7bc.11.test.fc41.x86_64.rpm: ` $ rpm -qpl /tmp/kernel-uki-virt- addons-6.9.0-0.rc0.a4145ce1e7bc.11.test.fc41.x86_64.rpm /usr/lib/linux/extra.d/fips-virt.fedora.x86_64.addon.efi ` at the same time dependencies are stict: ` $ rpm -qp --requires /tmp/kernel-uki-virt- addons-6.9.0-0.rc0.a4145ce1e7bc.11.test.fc41.x86_64.rpm kernel-uki-virt = 6.9.0-0.rc0.a4145ce1e7bc.11.test.fc41 ... ` so imaging I want to install two UKI versions, it'll require to install two kernel-uki-virt-addons packages providing the same file. While it doesn't really matter for 'FIPS' addon we have, what if we ever decide to change the addon and thus the file won't be the same? I think we need to use a versioned location so two installed kernel-uki-virt-addons don't clash. -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv5 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917#note_1807239692 I think it would make sense to make it possible for an addon to target 'standard' UKI / 'debug' UKI / both in the infrastructure which Emanuele is trying to create. Personally, I would not be overthinking security issues of debug addons just **now** and wait until we get a request for an addon which we will consider 'unsafe'. As command line addons are currently rigid, i.e. it's impossible to have something like 'root=*', I don't think we have that many kernel options which require denylisting. For the extreme cases with very strong security requirements, adding other PCRs (e.g. PCR4) to the sealing policy might be a good option. -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv5 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917#note_1805661115 Exactly: we may want to have an infrastructure for 'external' addons and these should likely be global, but everything built from kernel srpm can just be versioned. -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv5 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917#note_1805638306 What I'm afraid of with "-common" addons is that at some point we will realize that the particular addon is not really "-common" and we want to update it only for new ukis but not for the already existing ones. I can't probably make a real world example but I can imagine something changing in the kernel in an incompatible way so the new addon won't work for the old kernel and vice versa. To avoid the need to make a judgement whether an addon is **really** common or not, we can just slash them for now. -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv5 0/2] redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917#note_1805606318 @eesposit @berrange personally, I'd suggest we don't over-complicate stuff **now**. Namely, we have only one UKI and only one signing SB key for it (which, in case of Fedora, is the same key as for the standard kernel). We don't know yet whether we will be building more UKIs and if yes, whether these UKIs will use different SB keys. Hopefully not, as to get distinct PCR7 fingerprints we will have to list all of them in SecureBoot DB. We can, of course, start by creating "kernel-uki-virt-addons-common" but in the absence of "kernel-uki-virt-addons" the "common" suffix is going to be a bit weird. Note, creating "-common" sub-package still doesn't give us a way to create kernel-version-independent addons, we will have to introduce a new srpm for that. Addons are, however, tiny, this means that if we have 3 copies of them when we have three UKIs installed, it is not a big deal. What is more important, is if we get an automated way to update them on the ESP with kernel updates. I.e. if I have an active addon for my UKI and I'm installing new UKI version (both kernel-uki-virt and kernel-uki-virt-addons), will the addon get updated on the ESP. In case the addon is global, this means the the cmdline gets updated for the already present UKIs is this is likely desirable. At the end, it may make sense to make all addons tied to the specific UKI version and teach kernel-install how to update the ESP when a new UKI version is installed. -- ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv8 0/4] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1541200681 @gnault @marcelo.leitner @psutter1 @bnemeth @pabeni @jbencrh @LorenzoBianconi @egarver @liuhangbin @ivecera @aclaudi @dcaratti @atenart @fleitner @fmaurer- rh @jwilsonrh @tohojo @lxin.redhat @fwestpha @sdubroca please take a look! The only net-related change is the commit which explicitly disables CONFIG_COPS (which is already disabled everywhere, I just make it explicit). Thanks! ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv8 0/4] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1539277829 OK, 'Redistributable' dropped! ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv8 4/4] redhat: Explicitly disable CONFIG_COPS
From: Vitaly Kuznetsov redhat: Explicitly disable CONFIG_COPS drivers/net/appletalk/cops_ffdrv.h/drivers/net/appletalk/cops_ltdrv.h files contain firmware under an unknown license, make sure CONFIG_COPS does not get enabled accidentially without considering licensing implications. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/configs/common/generic/CONFIG_COPS b/redhat/configs/common/generic/CONFIG_COPS new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/configs/common/generic/CONFIG_COPS @@ -0,0 +1,4 @@ +# WARNING: drivers/net/appletalk/cops_ffdrv.h, /drivers/net/appletalk/cops_ltdrv.h +# files contain firmware under an unknown license. +# +# CONFIG_COPS is not set -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv8 3/4] redhat: Add dist-check-licenses target
From: Vitaly Kuznetsov redhat: Add dist-check-licenses target Introduce a dedicated make target to check source code licenses without the need to run all other selftests which may be failing for some other reason. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -877,6 +877,13 @@ dist-self-test: dist-self-test-data: ./self-test/data/create-data.sh +dist-check-licenses: + @if test -x /usr/bin/bats; then \ + bats $(REDHAT)/self-test/1007-spdx-licenses.bats ; \ + else \ + echo "dist-check-licenses: The bats package is not installed" ; \ + fi + dist-help: @echo 'Cleaning targets:' @echo ' dist-clean - Clean redhat/configs/ and redhat/rpm/ directories.' @@ -1000,6 +1007,9 @@ dist-full-help: @echo ' dist-os-version - Displays the current Red Hat Enterprise Linux versioni' @echo 'target used by the current branch/tree.' @echo ' dist-self-test - Runs self-tests from the redhat/self-test directory' + @echo ' dist-check-licenses - Runs license selftest checking SPDX-License-Identifier:' + @echo 'tags in all source files against `License:` field in the' + @echo 'specfile template.' @echo '' export -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv8 1/4] redhat: Use kspdx-tool output for the License: field
From: Vitaly Kuznetsov redhat: Use kspdx-tool output for the License: field Use kspdx-tool (https://gitlab.com/vkuznets/kspdx-tool) to find all licenses in the source code and its output to the License: field of the specfile. Package the tool and its current output. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100644 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -636,7 +636,7 @@ Summary: The Linux kernel Name: %{package_name} -License: GPLv2 and Redistributable, no modification permitted +License: ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-2-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR CDDL-1.0) AND ((GPL-2.0-only WITH Linux-syscall-note) OR Linux-OpenIB) AND ((GPL-2.0-only WITH Linux-syscall-note) OR MIT) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND BSD-3-Clause-Clear AND GFDL-1.1-no-invariants-or-later AND GPL-1.0-or-later AND (GPL-1.0-or-later OR BSD-3-Clause) AND (GPL-1.0-or-later WITH Linux-syscall-note) AND GPL-2.0-only AND (GPL-2.0-only OR Apache-2.0) AND (GPL-2.0-only OR BSD-2-Clause) AND (GPL-2.0-only OR BSD-3-Clause) AND (GPL-2.0-only OR CDDL-1.0) AND (GPL-2.0-only OR GFDL-1.1-no-invariants-or-later) AND (GPL-2.0-only OR GFDL-1.2-no-invariants-only) AND (GPL-2.0-only WITH Linux-syscall-note) AND GPL-2.0-or-later AND (GPL-2.0-or-later OR BSD-2-Clause) AND (GPL-2.0-or-later OR BSD-3-Clause) AND (GPL-2.0-or-later OR CC-BY-4.0) AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH Linux-syscall-note) AND ISC AND LGPL-2.0-or-later AND (LGPL-2.0-or-later OR BSD-2-Clause) AND (LGPL-2.0-or-later WITH Linux-syscall-note) AND LGPL-2.1-only AND (LGPL-2.1-only OR BSD-2-Clause) AND (LGPL-2.1-only WITH Linux-syscall-note) AND LGPL-2.1-or-later AND (LGPL-2.1-or-later WITH Linux-syscall-note) AND (Linux-OpenIB OR GPL-2.0-only) AND (Linux-OpenIB OR GPL-2.0-only OR BSD-2-Clause) AND Linux-man-pages-copyleft AND MIT AND (MIT OR Apache-2.0) AND (MIT OR GPL-2.0-only) AND (MIT OR GPL-2.0-or-later) AND (MIT OR LGPL-2.1-only) AND (MPL-1.1 OR GPL-2.0-only) AND (X11 OR GPL-2.0-only) AND (X11 OR GPL-2.0-or-later) AND Zlib AND (copyleft-next-0.3.1 OR GPL-2.0-or-later) URL: https://www.kernel.org/ Version: %{specrpmversion} Release: %{pkg_release} @@ -1069,7 +1069,6 @@ Epoch: %{gemini} %endif Summary: Performance monitoring for the Linux kernel Requires: bzip2 -License: GPLv2 %description -n perf This package contains the perf tool, which enables performance monitoring of the Linux kernel. @@ -1119,7 +1118,6 @@ This package provides debug information for the perf python bindings. %if %{with_tools} %package -n %{package_name}-tools Summary: Assortment of tools for the Linux kernel -License: GPLv2 %ifarch %{cpupowerarchs} Provides: cpupowerutils = 1:009-0.6.p1 Obsoletes: cpupowerutils < 1:009-0.6.p1 @@ -1137,14 +1135,12 @@ and the supporting documentation. %package -n %{package_name}-tools-libs Summary: Libraries for the kernels-tools -License: GPLv2 %description -n %{package_name}-tools-libs This package contains the libraries built from the tools/ directory from the kernel source. %package -n %{package_name}-tools-libs-devel Summary: Assortment of tools for the Linux kernel -License: GPLv2 Requires: %{package_name}-tools = %{version}-%{release} %ifarch %{cpupowerarchs} Provides: cpupowerutils-devel = 1:009-0.6.p1 @@ -1183,7 +1179,6 @@ and root causes of unexpected results. %package -n rv Summary: RV: Runtime Verification -License: GPLv2 %description -n rv Runtime Verification (RV) is a lightweight (yet rigorous) method that complements classical exhaustive verification techniques (such as model @@ -1201,7 +1196,6 @@ analysing the logical and timing behavior of Linux. %package -n bpftool Summary: Inspection and simple manipulation of eBPF programs and maps -License: GPLv2 Version: %{bpftoolversion} %description -n bpftool This package contains the bpftool, which allows inspection and simple @@ -1229,7 +1223,6 @@ This package provides debug information for the bpftool package. %package selftests-internal Summary: Kernel samples and selftests -License: GPLv2 Requires: binutils, bpftool, iproute-tc, nmap-ncat, python3, fuse-libs %description selftests-internal Kernel sample programs and selftests. diff --git a/redhat/scripts/kspdx-tool/kspdx.py b/redhat/scripts/kspdx-tool/kspdx.py new file mode 100755 index blahblah..blahblah 100755 --- /dev/null +++ b/redhat/scripts/kspdx-tool/kspdx.py @@ -0,0 +1,231 @@ +#! /usr/bin/python3 + +# SPDX-License-Identifier: LGPL-2.1-or-later + +import argparse +import os +import re +import subprocess +import sys + +# Files to not search for SPDX patterns +ignored_files = [ +# license-rules.rst
[OS-BUILD PATCHv8 2/4] redhat: Introduce "Verify SPDX-License-Identifier tags" selftest
From: Vitaly Kuznetsov redhat: Introduce "Verify SPDX-License-Identifier tags" selftest Add a test to check that all SPDX-License-Identifier: specified licenses in the code match the License: tag in the specfile. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/self-test/1007-spdx-licenses.bats b/redhat/self-test/1007-spdx-licenses.bats new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/self-test/1007-spdx-licenses.bats @@ -0,0 +1,55 @@ +#!/usr/bin/env bats +# Purpose: This test checks SPDX-License-Identifier: tags in all source files against redhat/LICENSES. + +load test-lib.bash + +SPEC=$BATS_TEST_DIRNAME/../kernel.spec.template + +ERRMSG="ERROR: The kernel RPM spec file License: field does not match the licenses available in the source tree. +Fedora, Centos Stream, and RHEL require that the RPM License field match the licenses in the source tree. See +https://docs.fedoraproject.org/en-US/legal/license-approval/ for further information. +A list of licenses can be generated by executing the redhat/scripts/license/kspdx.py utility. New licenses can +be added to the RPM License field only if they are listed in the Allowed Licenses list +https://docs.fedoraproject.org/en-US/legal/allowed-licenses/). Licenses cannot be added if they are in the +'Not Allowed' Licenses (https://docs.fedoraproject.org/en-US/legal/not-allowed-licenses/). Licenses can be added +to the 'Allowed' or 'Not Allowed' Licenses by following the License Review Process +(https://docs.fedoraproject.org/en-US/legal/license-review-process/)." + +_verify_one_license_tag() { + if [[ $(grep -c '^License:' $SPEC) != "1" ]]; then + echo "ERROR: The specfile is supposed to have exactly one License: tag!" + return 1 + fi +} + +_verify_spdx_licenses() { + spec_licenses=`mktemp` + source_licenses=`mktemp` + grep '^License:' $SPEC | sed 's,License[[:space:]]*:[[:space:]]*,,' | sed 's, AND ,\n,g' | sed 's,^(\(.*\))$,\1,' | sort -u > $spec_licenses + + if ! $BATS_TEST_DIRNAME/../scripts/kspdx-tool/kspdx.py $BATS_TEST_DIRNAME/../../ > $source_licenses; then + echo "ERROR: Failed to gather SPDX-License-Identifier: information from source files!" + return 1 + fi + sort -o $source_licenses $source_licenses + if ! diff -u $spec_licenses $source_licenses; then + echo $ERRMSG + ret=1 + else + ret=0 + fi + rm -f $spec_licenses $source_licenses + return $ret +} + +@test "Verify SPDX-License-Identifier tags" { + if ! test -x $BATS_TEST_DIRNAME/../scripts/kspdx-tool/kspdx.py ; then + skip "kspdx-tool is missing" + fi + + run _verify_one_license_tag + check_status + + _verify_spdx_licenses + check_status +} -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv8 0/4] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 Be more picky about kernel's source code licenses: - Keep track of all currently used license in specfile template. - Add a selftest which checks all currently present license identifiers against License:. Signed-off-by: Vitaly Kuznetsov --- redhat/configs/common/generic/CONFIG_COPS |4 + redhat/scripts/kspdx-tool/kspdx.py| 231 ++ redhat/self-test/1007-spdx-licenses.bats | 55 +++ redhat/Makefile | 10 + redhat/kernel.spec.template |9 +- 5 files changed, 301 insertions(+), 8 deletions(-) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv7 0/3] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1539237073 Bottom line: I think we can converge on removing 'redistributable' and adding a sentinel to prevent accidental CONFIG_COPS/CONFIG_COPS_DAYNA enabling in the future (like an explicitly disabled config mentioning dubious license). @prarit @jstancek @berrange @knurd42 how does this sound? ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv7 0/3] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1539233445 OK, if we take Linux-libre as a source of truth, we may not have much to care about. I did the following: 1) Get all affected files from linux-libre log and check if they have a proper SPDX with kspdx.py. Filter the rest: ``` $ cat linux-libre-6.5-gnu.log | grep ':' | grep -v "VGX:Y61 sensor support" | cut -f 1 -d ':' | sort -u | while read fname; do kspdx.py -i -d NONE $fname; done | grep NONE > /tmp/nospdx $ wc -l /tmp/nospdx 158 /tmp/nospdx ``` 2) Filter out all files which have old style (non-SPDX) license identifier: ``` $ cat /tmp/nospdx | cut -f 1 -d ':' | while read fname; do if ! grep "This program is free software\|Permission is hereby granted\|Permission to use, copy, modify\|This file is free software\|General Public License\|GNU General Public" $fname > /dev/null; then echo $fname; fi; done arch/arm/boot/dts/ti/omap/am33xx-l4.dtsi arch/arm/boot/dts/ti/omap/am437x-l4.dtsi Documentation/ABI/testing/sysfs-driver-ge-achc Documentation/admin-guide/btmrvl.rst Documentation/arch/arm/ixp4xx.rst Documentation/arch/arm/keystone/knav-qmss.rst Documentation/devicetree/bindings/remoteproc/wkup_m3_rproc.txt Documentation/dontdiff Documentation/sound/alsa-configuration.rst drivers/net/appletalk/cops_ffdrv.h drivers/net/appletalk/cops_ltdrv.h drivers/net/ethernet/myricom/myri10ge/myri10ge.c drivers/net/wireless/intersil/orinoco/fw.c drivers/staging/media/atomisp/TODO README scripts/package/builddeb scripts/package/mkspec scripts/package/snapcraft.template ``` Manually check the result ``` arch/arm/boot/dts/ti/omap/am33xx-l4.dtsi arch/arm/boot/dts/ti/omap/am437x-l4.dtsi ``` No license specified but these are device trees, not firmware. ``` Documentation/ABI/testing/sysfs-driver-ge-achc Documentation/admin-guide/btmrvl.rst Documentation/arch/arm/ixp4xx.rst Documentation/arch/arm/keystone/knav-qmss.rst Documentation/devicetree/bindings/remoteproc/wkup_m3_rproc.txt Documentation/dontdiff Documentation/sound/alsa-configuration.rst ``` No license specified but nothing worrisome, just docs mentioning firmware binaries. ``` drivers/net/appletalk/cops_ffdrv.h drivers/net/appletalk/cops_ltdrv.h ``` We already know about these but even Fedora doesn't enable CONFIG_COPS/CONFIG_COPS_DAYNA ``` drivers/net/ethernet/myricom/myri10ge/myri10ge.c ``` Looks like 3-Clause BSD License. ``` drivers/net/wireless/intersil/orinoco/fw.c ``` Says "See copyright notice in main.c". main.c mentions MPL1.1 license. ``` drivers/staging/media/atomisp/TODO README ``` Can be ignored I guess. ``` scripts/package/builddeb scripts/package/mkspec scripts/package/snapcraft.template ``` Nothing to worry about. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv7 0/3] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1539028455 @knurd42 Linux-libre is a great source of information, thanks! Looking at their logs (git://linux-libre.fsfla.org/releases.git), I can see that mostly they remove mentions and loaders of non-free firmware but the code doing this is actually OK and mostly has valid SDPX tags. I'm going to run my kspdx.py against all files mentioned in the logs and see what comes out. Stay tuned! ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv7 0/3] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1538906908 We may need to do a research and try to find all places with dubious licensing. In case it's just a few places like 'appletalk' example above, we may opt for disabling the related code instead of carrying 'redistributable' tag. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv7 0/3] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1538899830 @berrange we added it manually, please see the thread https://gitlab.com/cki- project/kernel-ark/-/merge_requests/2648#note_1525439020 There's still some firmware in kernel, see e.g. drivers/net/appletalk/cops_ffdrv.h and its licensing is unclear. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv7 1/3] redhat: Use kspdx-tool output for the License: field
From: Vitaly Kuznetsov redhat: Use kspdx-tool output for the License: field Use kspdx-tool (https://gitlab.com/vkuznets/kspdx-tool) to find all licenses in the source code and its output to the License: field of the specfile. Package the tool and its current output. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100644 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -636,7 +636,7 @@ Summary: The Linux kernel Name: %{package_name} -License: GPLv2 and Redistributable, no modification permitted +License: ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-2-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR CDDL-1.0) AND ((GPL-2.0-only WITH Linux-syscall-note) OR Linux-OpenIB) AND ((GPL-2.0-only WITH Linux-syscall-note) OR MIT) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND BSD-3-Clause-Clear AND GFDL-1.1-no-invariants-or-later AND GPL-1.0-or-later AND (GPL-1.0-or-later OR BSD-3-Clause) AND (GPL-1.0-or-later WITH Linux-syscall-note) AND GPL-2.0-only AND (GPL-2.0-only OR Apache-2.0) AND (GPL-2.0-only OR BSD-2-Clause) AND (GPL-2.0-only OR BSD-3-Clause) AND (GPL-2.0-only OR CDDL-1.0) AND (GPL-2.0-only OR GFDL-1.1-no-invariants-or-later) AND (GPL-2.0-only OR GFDL-1.2-no-invariants-only) AND (GPL-2.0-only WITH Linux-syscall-note) AND GPL-2.0-or-later AND (GPL-2.0-or-later OR BSD-2-Clause) AND (GPL-2.0-or-later OR BSD-3-Clause) AND (GPL-2.0-or-later OR CC-BY-4.0) AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH Linux-syscall-note) AND ISC AND LGPL-2.0-or-later AND (LGPL-2.0-or-later OR BSD-2-Clause) AND (LGPL-2.0-or-later WITH Linux-syscall-note) AND LGPL-2.1-only AND (LGPL-2.1-only OR BSD-2-Clause) AND (LGPL-2.1-only WITH Linux-syscall-note) AND LGPL-2.1-or-later AND (LGPL-2.1-or-later WITH Linux-syscall-note) AND (Linux-OpenIB OR GPL-2.0-only) AND (Linux-OpenIB OR GPL-2.0-only OR BSD-2-Clause) AND Linux-man-pages-copyleft AND MIT AND (MIT OR Apache-2.0) AND (MIT OR GPL-2.0-only) AND (MIT OR GPL-2.0-or-later) AND (MIT OR LGPL-2.1-only) AND (MPL-1.1 OR GPL-2.0-only) AND (X11 OR GPL-2.0-only) AND (X11 OR GPL-2.0-or-later) AND Zlib AND (copyleft-next-0.3.1 OR GPL-2.0-or-later) AND (Redistributable, no modification permitted) URL: https://www.kernel.org/ Version: %{specrpmversion} Release: %{pkg_release} @@ -1069,7 +1069,6 @@ Epoch: %{gemini} %endif Summary: Performance monitoring for the Linux kernel Requires: bzip2 -License: GPLv2 %description -n perf This package contains the perf tool, which enables performance monitoring of the Linux kernel. @@ -1119,7 +1118,6 @@ This package provides debug information for the perf python bindings. %if %{with_tools} %package -n %{package_name}-tools Summary: Assortment of tools for the Linux kernel -License: GPLv2 %ifarch %{cpupowerarchs} Provides: cpupowerutils = 1:009-0.6.p1 Obsoletes: cpupowerutils < 1:009-0.6.p1 @@ -1137,14 +1135,12 @@ and the supporting documentation. %package -n %{package_name}-tools-libs Summary: Libraries for the kernels-tools -License: GPLv2 %description -n %{package_name}-tools-libs This package contains the libraries built from the tools/ directory from the kernel source. %package -n %{package_name}-tools-libs-devel Summary: Assortment of tools for the Linux kernel -License: GPLv2 Requires: %{package_name}-tools = %{version}-%{release} %ifarch %{cpupowerarchs} Provides: cpupowerutils-devel = 1:009-0.6.p1 @@ -1183,7 +1179,6 @@ and root causes of unexpected results. %package -n rv Summary: RV: Runtime Verification -License: GPLv2 %description -n rv Runtime Verification (RV) is a lightweight (yet rigorous) method that complements classical exhaustive verification techniques (such as model @@ -1201,7 +1196,6 @@ analysing the logical and timing behavior of Linux. %package -n bpftool Summary: Inspection and simple manipulation of eBPF programs and maps -License: GPLv2 Version: %{bpftoolversion} %description -n bpftool This package contains the bpftool, which allows inspection and simple @@ -1229,7 +1223,6 @@ This package provides debug information for the bpftool package. %package selftests-internal Summary: Kernel samples and selftests -License: GPLv2 Requires: binutils, bpftool, iproute-tc, nmap-ncat, python3, fuse-libs %description selftests-internal Kernel sample programs and selftests. diff --git a/redhat/scripts/kspdx-tool/kspdx.py b/redhat/scripts/kspdx-tool/kspdx.py new file mode 100755 index blahblah..blahblah 100755 --- /dev/null +++ b/redhat/scripts/kspdx-tool/kspdx.py @@ -0,0 +1,231 @@ +#! /usr/bin/python3 + +# SPDX-License-Identifier: LGPL-2.1-or-later + +import argparse +import os +import re +import subprocess +import sys + +# Files to not search for SPDX
[OS-BUILD PATCHv7 3/3] redhat: Add dist-check-licenses target
From: Vitaly Kuznetsov redhat: Add dist-check-licenses target Introduce a dedicated make target to check source code licenses without the need to run all other selftests which may be failing for some other reason. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -877,6 +877,13 @@ dist-self-test: dist-self-test-data: ./self-test/data/create-data.sh +dist-check-licenses: + @if test -x /usr/bin/bats; then \ + bats $(REDHAT)/self-test/1007-spdx-licenses.bats ; \ + else \ + echo "dist-check-licenses: The bats package is not installed" ; \ + fi + dist-help: @echo 'Cleaning targets:' @echo ' dist-clean - Clean redhat/configs/ and redhat/rpm/ directories.' @@ -1000,6 +1007,9 @@ dist-full-help: @echo ' dist-os-version - Displays the current Red Hat Enterprise Linux versioni' @echo 'target used by the current branch/tree.' @echo ' dist-self-test - Runs self-tests from the redhat/self-test directory' + @echo ' dist-check-licenses - Runs license selftest checking SPDX-License-Identifier:' + @echo 'tags in all source files against `License:` field in the' + @echo 'specfile template.' @echo '' export -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv7 2/3] redhat: Introduce "Verify SPDX-License-Identifier tags" selftest
From: Vitaly Kuznetsov redhat: Introduce "Verify SPDX-License-Identifier tags" selftest Add a test to check that all SPDX-License-Identifier: specified licenses in the code match the License: tag in the specfile. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/self-test/1007-spdx-licenses.bats b/redhat/self-test/1007-spdx-licenses.bats new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/self-test/1007-spdx-licenses.bats @@ -0,0 +1,60 @@ +#!/usr/bin/env bats +# Purpose: This test checks SPDX-License-Identifier: tags in all source files against redhat/LICENSES. + +load test-lib.bash + +SPEC=$BATS_TEST_DIRNAME/../kernel.spec.template + +ERRMSG="ERROR: The kernel RPM spec file License: field does not match the licenses available in the source tree. +Fedora, Centos Stream, and RHEL require that the RPM License field match the licenses in the source tree. See +https://docs.fedoraproject.org/en-US/legal/license-approval/ for further information. +A list of licenses can be generated by executing the redhat/scripts/license/kspdx.py utility. New licenses can +be added to the RPM License field only if they are listed in the Allowed Licenses list +https://docs.fedoraproject.org/en-US/legal/allowed-licenses/). Licenses cannot be added if they are in the +'Not Allowed' Licenses (https://docs.fedoraproject.org/en-US/legal/not-allowed-licenses/). Licenses can be added +to the 'Allowed' or 'Not Allowed' Licenses by following the License Review Process +(https://docs.fedoraproject.org/en-US/legal/license-review-process/)." + +_verify_one_license_tag() { + if [[ $(grep -c '^License:' $SPEC) != "1" ]]; then + echo "ERROR: The specfile is supposed to have exactly one License: tag!" + return 1 + fi +} + +_verify_spdx_licenses() { + spec_licenses=`mktemp` + source_licenses=`mktemp` + grep '^License:' $SPEC | sed 's,License[[:space:]]*:[[:space:]]*,,' | sed 's, AND ,\n,g' | sed 's,^(\(.*\))$,\1,' | sort -u > $spec_licenses + + # "Redistributable, no modification permitted" is not a valid SPDX license tag, + # it is manually added to account for the firmware shipped as part of the source + # code, see e.g. drivers/net/appletalk/cops_ffdrv.h + sed -i '/^Redistributable, no modification permitted$/d' $spec_licenses + + if ! $BATS_TEST_DIRNAME/../scripts/kspdx-tool/kspdx.py $BATS_TEST_DIRNAME/../../ > $source_licenses; then + echo "ERROR: Failed to gather SPDX-License-Identifier: information from source files!" + return 1 + fi + sort -o $source_licenses $source_licenses + if ! diff -u $spec_licenses $source_licenses; then + echo $ERRMSG + ret=1 + else + ret=0 + fi + rm -f $spec_licenses $source_licenses + return $ret +} + +@test "Verify SPDX-License-Identifier tags" { + if ! test -x $BATS_TEST_DIRNAME/../scripts/kspdx-tool/kspdx.py ; then + skip "kspdx-tool is missing" + fi + + run _verify_one_license_tag + check_status + + _verify_spdx_licenses + check_status +} -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv7 0/3] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 Be more picky about kernel's source code licenses: - Keep track of all currently used license in specfile template. - Add a selftest which checks all currently present license identifiers against License:. Signed-off-by: Vitaly Kuznetsov --- redhat/scripts/kspdx-tool/kspdx.py | 231 +++ redhat/self-test/1007-spdx-licenses.bats | 60 redhat/Makefile | 10 + redhat/kernel.spec.template |9 +- 4 files changed, 302 insertions(+), 8 deletions(-) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv6 1/3] redhat: Use kspdx-tool output for the License: field
From: Vitaly Kuznetsov redhat: Use kspdx-tool output for the License: field Use kspdx-tool (https://gitlab.com/vkuznets/kspdx-tool) to find all licenses in the source code and its output to the License: field of the specfile. Package the tool and its current output. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100644 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -636,7 +636,7 @@ Summary: The Linux kernel Name: %{package_name} -License: GPLv2 and Redistributable, no modification permitted +License: ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-2-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR CDDL-1.0) AND ((GPL-2.0-only WITH Linux-syscall-note) OR Linux-OpenIB) AND ((GPL-2.0-only WITH Linux-syscall-note) OR MIT) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND BSD-3-Clause-Clear AND GFDL-1.1-no-invariants-or-later AND GPL-1.0-or-later AND (GPL-1.0-or-later OR BSD-3-Clause) AND (GPL-1.0-or-later WITH Linux-syscall-note) AND GPL-2.0-only AND (GPL-2.0-only OR Apache-2.0) AND (GPL-2.0-only OR BSD-2-Clause) AND (GPL-2.0-only OR BSD-3-Clause) AND (GPL-2.0-only OR CDDL-1.0) AND (GPL-2.0-only OR GFDL-1.1-no-invariants-or-later) AND (GPL-2.0-only OR GFDL-1.2-no-invariants-only) AND (GPL-2.0-only OR Linux-OpenIB) AND (GPL-2.0-only OR MIT) AND (GPL-2.0-only OR X11) AND (GPL-2.0-only WITH Linux-syscall-note) AND GPL-2.0-or-later AND (GPL-2.0-or-later OR BSD-2-Clause) AND (GPL-2.0-or-later OR BSD-3-Clause) AND (GPL-2.0-or-later OR CC-BY-4.0) AND (GPL-2.0-or-later OR MIT) AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH Linux-syscall-note) AND ISC AND LGPL-2.0-or-later AND (LGPL-2.0-or-later OR BSD-2-Clause) AND (LGPL-2.0-or-later WITH Linux-syscall-note) AND LGPL-2.1-only AND (LGPL-2.1-only OR BSD-2-Clause) AND (LGPL-2.1-only WITH Linux-syscall-note) AND LGPL-2.1-or-later AND (LGPL-2.1-or-later WITH Linux-syscall-note) AND (Linux-OpenIB OR GPL-2.0-only) AND (Linux-OpenIB OR GPL-2.0-only OR BSD-2-Clause) AND Linux-man-pages-copyleft AND MIT AND (MIT OR Apache-2.0) AND (MIT OR GPL-2.0-only) AND (MIT OR GPL-2.0-or-later) AND (MIT OR LGPL-2.1-only) AND (MPL-1.1 OR GPL-2.0-only) AND (X11 OR GPL-2.0-only) AND (X11 OR GPL-2.0-or-later) AND Zlib AND (copyleft-next-0.3.1 OR GPL-2.0-or-later) AND (Redistributable, no modification permitted) URL: https://www.kernel.org/ Version: %{specrpmversion} Release: %{pkg_release} @@ -1069,7 +1069,6 @@ Epoch: %{gemini} %endif Summary: Performance monitoring for the Linux kernel Requires: bzip2 -License: GPLv2 %description -n perf This package contains the perf tool, which enables performance monitoring of the Linux kernel. @@ -1119,7 +1118,6 @@ This package provides debug information for the perf python bindings. %if %{with_tools} %package -n %{package_name}-tools Summary: Assortment of tools for the Linux kernel -License: GPLv2 %ifarch %{cpupowerarchs} Provides: cpupowerutils = 1:009-0.6.p1 Obsoletes: cpupowerutils < 1:009-0.6.p1 @@ -1137,14 +1135,12 @@ and the supporting documentation. %package -n %{package_name}-tools-libs Summary: Libraries for the kernels-tools -License: GPLv2 %description -n %{package_name}-tools-libs This package contains the libraries built from the tools/ directory from the kernel source. %package -n %{package_name}-tools-libs-devel Summary: Assortment of tools for the Linux kernel -License: GPLv2 Requires: %{package_name}-tools = %{version}-%{release} %ifarch %{cpupowerarchs} Provides: cpupowerutils-devel = 1:009-0.6.p1 @@ -1183,7 +1179,6 @@ and root causes of unexpected results. %package -n rv Summary: RV: Runtime Verification -License: GPLv2 %description -n rv Runtime Verification (RV) is a lightweight (yet rigorous) method that complements classical exhaustive verification techniques (such as model @@ -1201,7 +1196,6 @@ analysing the logical and timing behavior of Linux. %package -n bpftool Summary: Inspection and simple manipulation of eBPF programs and maps -License: GPLv2 Version: %{bpftoolversion} %description -n bpftool This package contains the bpftool, which allows inspection and simple @@ -1229,7 +1223,6 @@ This package provides debug information for the bpftool package. %package selftests-internal Summary: Kernel samples and selftests -License: GPLv2 Requires: binutils, bpftool, iproute-tc, nmap-ncat, python3, fuse-libs %description selftests-internal Kernel sample programs and selftests. diff --git a/redhat/scripts/kspdx-tool/kspdx.py b/redhat/scripts/kspdx-tool/kspdx.py new file mode 100755 index blahblah..blahblah 100755 --- /dev/null +++ b/redhat/scripts/kspdx-tool/kspdx.py @@ -0,0 +1,226 @@ +#! /usr/bin/python3 + +# SPDX-License-Identifier:
[OS-BUILD PATCHv6 3/3] redhat: Add dist-check-licenses target
From: Vitaly Kuznetsov redhat: Add dist-check-licenses target Introduce a dedicated make target to check source code licenses without the need to run all other selftests which may be failing for some other reason. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -877,6 +877,13 @@ dist-self-test: dist-self-test-data: ./self-test/data/create-data.sh +dist-check-licenses: + @if test -x /usr/bin/bats; then \ + bats $(REDHAT)/self-test/1007-spdx-licenses.bats ; \ + else \ + echo "dist-check-licenses: The bats package is not installed" ; \ + fi + dist-help: @echo 'Cleaning targets:' @echo ' dist-clean - Clean redhat/configs/ and redhat/rpm/ directories.' @@ -1000,6 +1007,9 @@ dist-full-help: @echo ' dist-os-version - Displays the current Red Hat Enterprise Linux versioni' @echo 'target used by the current branch/tree.' @echo ' dist-self-test - Runs self-tests from the redhat/self-test directory' + @echo ' dist-check-licenses - Runs license selftest checking SPDX-License-Identifier:' + @echo 'tags in all source files against `License:` field in the' + @echo 'specfile template.' @echo '' export -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv6 2/3] redhat: Introduce "Verify SPDX-License-Identifier tags" selftest
From: Vitaly Kuznetsov redhat: Introduce "Verify SPDX-License-Identifier tags" selftest Add a test to check that all SPDX-License-Identifier: specified licenses in the code match the License: tag in the specfile. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/self-test/1007-spdx-licenses.bats b/redhat/self-test/1007-spdx-licenses.bats new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/self-test/1007-spdx-licenses.bats @@ -0,0 +1,60 @@ +#!/usr/bin/env bats +# Purpose: This test checks SPDX-License-Identifier: tags in all source files against redhat/LICENSES. + +load test-lib.bash + +SPEC=$BATS_TEST_DIRNAME/../kernel.spec.template + +ERRMSG="ERROR: The kernel RPM spec file License: field does not match the licenses available in the source tree. +Fedora, Centos Stream, and RHEL require that the RPM License field match the licenses in the source tree. See +https://docs.fedoraproject.org/en-US/legal/license-approval/ for further information. +A list of licenses can be generated by executing the redhat/scripts/license/kspdx.py utility. New licenses can +be added to the RPM License field only if they are listed in the Allowed Licenses list +https://docs.fedoraproject.org/en-US/legal/allowed-licenses/). Licenses cannot be added if they are in the +'Not Allowed' Licenses (https://docs.fedoraproject.org/en-US/legal/not-allowed-licenses/). Licenses can be added +to the 'Allowed' or 'Not Allowed' Licenses by following the License Review Process +(https://docs.fedoraproject.org/en-US/legal/license-review-process/)." + +_verify_one_license_tag() { + if [[ $(grep -c '^License:' $SPEC) != "1" ]]; then + echo "ERROR: The specfile is supposed to have exactly one License: tag!" + return 1 + fi +} + +_verify_spdx_licenses() { + spec_licenses=`mktemp` + source_licenses=`mktemp` + grep '^License:' $SPEC | sed 's,License[[:space:]]*:[[:space:]]*,,' | sed 's, AND ,\n,g' | sed 's,^(\(.*\))$,\1,' | sort -u > $spec_licenses + + # "Redistributable, no modification permitted" is not a valid SPDX license tag, + # it is manually added to account for the firmware shipped as part of the source + # code, see e.g. drivers/net/appletalk/cops_ffdrv.h + sed -i '/^Redistributable, no modification permitted$/d' $spec_licenses + + if ! $BATS_TEST_DIRNAME/../scripts/kspdx-tool/kspdx.py $BATS_TEST_DIRNAME/../../ > $source_licenses; then + echo "ERROR: Failed to gather SPDX-License-Identifier: information from source files!" + return 1 + fi + sort -o $source_licenses $source_licenses + if ! diff -u $spec_licenses $source_licenses; then + echo $ERRMSG + ret=1 + else + ret=0 + fi + rm -f $spec_licenses $source_licenses + return $ret +} + +@test "Verify SPDX-License-Identifier tags" { + if ! test -x $BATS_TEST_DIRNAME/../scripts/kspdx-tool/kspdx.py ; then + skip "kspdx-tool is missing" + fi + + run _verify_one_license_tag + check_status + + _verify_spdx_licenses + check_status +} -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv6 0/3] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 Be more picky about kernel's source code licenses: - Keep track of all currently used license in specfile template. - Add a selftest which checks all currently present license identifiers against License:. Signed-off-by: Vitaly Kuznetsov --- redhat/scripts/kspdx-tool/kspdx.py | 226 +++ redhat/self-test/1007-spdx-licenses.bats | 60 redhat/Makefile | 10 + redhat/kernel.spec.template |9 +- 4 files changed, 297 insertions(+), 8 deletions(-) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv5 0/3] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1536934525 Just found out I'm missing some valid tags from Documentation/, namely ".. SPDX...". I'll update and re-test. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv5 0/3] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1535784742 @prarit @jstancek sorry, had to re-push to fix "CONFIG_MEMFD_CREATE" issue, no spdx related changes. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv5 3/3] redhat: Add dist-check-licenses target
From: Vitaly Kuznetsov redhat: Add dist-check-licenses target Introduce a dedicated make target to check source code licenses without the need to run all other selftests which may be failing for some other reason. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -877,6 +877,13 @@ dist-self-test: dist-self-test-data: ./self-test/data/create-data.sh +dist-check-licenses: + @if test -x /usr/bin/bats; then \ + bats $(REDHAT)/self-test/1007-spdx-licenses.bats ; \ + else \ + echo "dist-check-licenses: The bats package is not installed" ; \ + fi + dist-help: @echo 'Cleaning targets:' @echo ' dist-clean - Clean redhat/configs/ and redhat/rpm/ directories.' @@ -1000,6 +1007,9 @@ dist-full-help: @echo ' dist-os-version - Displays the current Red Hat Enterprise Linux versioni' @echo 'target used by the current branch/tree.' @echo ' dist-self-test - Runs self-tests from the redhat/self-test directory' + @echo ' dist-check-licenses - Runs license selftest checking SPDX-License-Identifier:' + @echo 'tags in all source files against `License:` field in the' + @echo 'specfile template.' @echo '' export -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv5 1/3] redhat: Use kspdx-tool output for the License: field
From: Vitaly Kuznetsov redhat: Use kspdx-tool output for the License: field Use kspdx-tool (https://gitlab.com/vkuznets/kspdx-tool) to find all licenses in the source code and its output to the License: field of the specfile. Package the tool and its current output. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100644 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -636,7 +636,7 @@ Summary: The Linux kernel Name: %{package_name} -License: GPLv2 and Redistributable, no modification permitted +License: ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-2-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR CDDL-1.0) AND ((GPL-2.0-only WITH Linux-syscall-note) OR Linux-OpenIB) AND ((GPL-2.0-only WITH Linux-syscall-note) OR MIT) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND BSD-3-Clause-Clear AND GPL-1.0-or-later AND (GPL-1.0-or-later OR BSD-3-Clause) AND (GPL-1.0-or-later WITH Linux-syscall-note) AND GPL-2.0-only AND (GPL-2.0-only OR Apache-2.0) AND (GPL-2.0-only OR BSD-2-Clause) AND (GPL-2.0-only OR BSD-3-Clause) AND (GPL-2.0-only OR CDDL-1.0) AND (GPL-2.0-only OR Linux-OpenIB) AND (GPL-2.0-only OR MIT) AND (GPL-2.0-only OR X11) AND (GPL-2.0-only WITH Linux-syscall-note) AND GPL-2.0-or-later AND (GPL-2.0-or-later OR BSD-2-Clause) AND (GPL-2.0-or-later OR BSD-3-Clause) AND (GPL-2.0-or-later OR MIT) AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH Linux-syscall-note) AND ISC AND LGPL-2.0-or-later AND (LGPL-2.0-or-later OR BSD-2-Clause) AND (LGPL-2.0-or-later WITH Linux-syscall-note) AND LGPL-2.1-only AND (LGPL-2.1-only OR BSD-2-Clause) AND (LGPL-2.1-only WITH Linux-syscall-note) AND LGPL-2.1-or-later AND (LGPL-2.1-or-later WITH Linux-syscall-note) AND (Linux-OpenIB OR GPL-2.0-only) AND (Linux-OpenIB OR GPL-2.0-only OR BSD-2-Clause) AND MIT AND (MIT OR Apache-2.0) AND (MIT OR GPL-2.0-only) AND (MIT OR GPL-2.0-or-later) AND (MIT OR LGPL-2.1-only) AND (MPL-1.1 OR GPL-2.0-only) AND (X11 OR GPL-2.0-only) AND (X11 OR GPL-2.0-or-later) AND Zlib AND (copyleft-next-0.3.1 OR GPL-2.0-or-later) AND (Redistributable, no modification permitted) URL: https://www.kernel.org/ Version: %{specrpmversion} Release: %{pkg_release} @@ -1069,7 +1069,6 @@ Epoch: %{gemini} %endif Summary: Performance monitoring for the Linux kernel Requires: bzip2 -License: GPLv2 %description -n perf This package contains the perf tool, which enables performance monitoring of the Linux kernel. @@ -1119,7 +1118,6 @@ This package provides debug information for the perf python bindings. %if %{with_tools} %package -n %{package_name}-tools Summary: Assortment of tools for the Linux kernel -License: GPLv2 %ifarch %{cpupowerarchs} Provides: cpupowerutils = 1:009-0.6.p1 Obsoletes: cpupowerutils < 1:009-0.6.p1 @@ -1137,14 +1135,12 @@ and the supporting documentation. %package -n %{package_name}-tools-libs Summary: Libraries for the kernels-tools -License: GPLv2 %description -n %{package_name}-tools-libs This package contains the libraries built from the tools/ directory from the kernel source. %package -n %{package_name}-tools-libs-devel Summary: Assortment of tools for the Linux kernel -License: GPLv2 Requires: %{package_name}-tools = %{version}-%{release} %ifarch %{cpupowerarchs} Provides: cpupowerutils-devel = 1:009-0.6.p1 @@ -1183,7 +1179,6 @@ and root causes of unexpected results. %package -n rv Summary: RV: Runtime Verification -License: GPLv2 %description -n rv Runtime Verification (RV) is a lightweight (yet rigorous) method that complements classical exhaustive verification techniques (such as model @@ -1201,7 +1196,6 @@ analysing the logical and timing behavior of Linux. %package -n bpftool Summary: Inspection and simple manipulation of eBPF programs and maps -License: GPLv2 Version: %{bpftoolversion} %description -n bpftool This package contains the bpftool, which allows inspection and simple @@ -1229,7 +1223,6 @@ This package provides debug information for the bpftool package. %package selftests-internal Summary: Kernel samples and selftests -License: GPLv2 Requires: binutils, bpftool, iproute-tc, nmap-ncat, python3, fuse-libs %description selftests-internal Kernel sample programs and selftests. diff --git a/redhat/scripts/kspdx-tool/kspdx.py b/redhat/scripts/kspdx-tool/kspdx.py new file mode 100755 index blahblah..blahblah 100755 --- /dev/null +++ b/redhat/scripts/kspdx-tool/kspdx.py @@ -0,0 +1,225 @@ +#! /usr/bin/python3 + +# SPDX-License-Identifier: LGPL-2.1-or-later + +import argparse +import os +import re +import subprocess +import sys + +# Files to not search for SPDX patterns +ignored_files = [ +# license-rules.rst describe how to write
[OS-BUILD PATCHv5 2/3] redhat: Introduce "Verify SPDX-License-Identifier tags" selftest
From: Vitaly Kuznetsov redhat: Introduce "Verify SPDX-License-Identifier tags" selftest Add a test to check that all SPDX-License-Identifier: specified licenses in the code match the License: tag in the specfile. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/self-test/1007-spdx-licenses.bats b/redhat/self-test/1007-spdx-licenses.bats new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/self-test/1007-spdx-licenses.bats @@ -0,0 +1,60 @@ +#!/usr/bin/env bats +# Purpose: This test checks SPDX-License-Identifier: tags in all source files against redhat/LICENSES. + +load test-lib.bash + +SPEC=$BATS_TEST_DIRNAME/../kernel.spec.template + +ERRMSG="ERROR: The kernel RPM spec file License: field does not match the licenses available in the source tree. +Fedora, Centos Stream, and RHEL require that the RPM License field match the licenses in the source tree. See +https://docs.fedoraproject.org/en-US/legal/license-approval/ for further information. +A list of licenses can be generated by executing the redhat/scripts/license/kspdx.py utility. New licenses can +be added to the RPM License field only if they are listed in the Allowed Licenses list +https://docs.fedoraproject.org/en-US/legal/allowed-licenses/). Licenses cannot be added if they are in the +'Not Allowed' Licenses (https://docs.fedoraproject.org/en-US/legal/not-allowed-licenses/). Licenses can be added +to the 'Allowed' or 'Not Allowed' Licenses by following the License Review Process +(https://docs.fedoraproject.org/en-US/legal/license-review-process/)." + +_verify_one_license_tag() { + if [[ $(grep -c '^License:' $SPEC) != "1" ]]; then + echo "ERROR: The specfile is supposed to have exactly one License: tag!" + return 1 + fi +} + +_verify_spdx_licenses() { + spec_licenses=`mktemp` + source_licenses=`mktemp` + grep '^License:' $SPEC | sed 's,License[[:space:]]*:[[:space:]]*,,' | sed 's, AND ,\n,g' | sed 's,^(\(.*\))$,\1,' | sort -u > $spec_licenses + + # "Redistributable, no modification permitted" is not a valid SPDX license tag, + # it is manually added to account for the firmware shipped as part of the source + # code, see e.g. drivers/net/appletalk/cops_ffdrv.h + sed -i '/^Redistributable, no modification permitted$/d' $spec_licenses + + if ! $BATS_TEST_DIRNAME/../scripts/kspdx-tool/kspdx.py $BATS_TEST_DIRNAME/../../ > $source_licenses; then + echo "ERROR: Failed to gather SPDX-License-Identifier: information from source files!" + return 1 + fi + sort -o $source_licenses $source_licenses + if ! diff -u $spec_licenses $source_licenses; then + echo $ERRMSG + ret=1 + else + ret=0 + fi + rm -f $spec_licenses $source_licenses + return $ret +} + +@test "Verify SPDX-License-Identifier tags" { + if ! test -x $BATS_TEST_DIRNAME/../scripts/kspdx-tool/kspdx.py ; then + skip "kspdx-tool is missing" + fi + + run _verify_one_license_tag + check_status + + _verify_spdx_licenses + check_status +} -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv5 0/3] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 Be more picky about kernel's source code licenses: - Keep track of all currently used license in specfile template. - Add a selftest which checks all currently present license identifiers against License:. Signed-off-by: Vitaly Kuznetsov --- redhat/scripts/kspdx-tool/kspdx.py | 225 +++ redhat/self-test/1007-spdx-licenses.bats | 60 redhat/Makefile | 10 + redhat/kernel.spec.template |9 +- 4 files changed, 296 insertions(+), 8 deletions(-) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv4 2/3] redhat: Introduce "Verify SPDX-License-Identifier tags" selftest
From: Vitaly Kuznetsov redhat: Introduce "Verify SPDX-License-Identifier tags" selftest Add a test to check that all SPDX-License-Identifier: specified licenses in the code match the License: tag in the specfile. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/self-test/1007-spdx-licenses.bats b/redhat/self-test/1007-spdx-licenses.bats new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/self-test/1007-spdx-licenses.bats @@ -0,0 +1,60 @@ +#!/usr/bin/env bats +# Purpose: This test checks SPDX-License-Identifier: tags in all source files against redhat/LICENSES. + +load test-lib.bash + +SPEC=$BATS_TEST_DIRNAME/../kernel.spec.template + +ERRMSG="ERROR: The kernel RPM spec file License: field does not match the licenses available in the source tree. +Fedora, Centos Stream, and RHEL require that the RPM License field match the licenses in the source tree. See +https://docs.fedoraproject.org/en-US/legal/license-approval/ for further information. +A list of licenses can be generated by executing the redhat/scripts/license/kspdx.py utility. New licenses can +be added to the RPM License field only if they are listed in the Allowed Licenses list +https://docs.fedoraproject.org/en-US/legal/allowed-licenses/). Licenses cannot be added if they are in the +'Not Allowed' Licenses (https://docs.fedoraproject.org/en-US/legal/not-allowed-licenses/). Licenses can be added +to the 'Allowed' or 'Not Allowed' Licenses by following the License Review Process +(https://docs.fedoraproject.org/en-US/legal/license-review-process/)." + +_verify_one_license_tag() { + if [[ $(grep -c '^License:' $SPEC) != "1" ]]; then + echo "ERROR: The specfile is supposed to have exactly one License: tag!" + return 1 + fi +} + +_verify_spdx_licenses() { + spec_licenses=`mktemp` + source_licenses=`mktemp` + grep '^License:' $SPEC | sed 's,License[[:space:]]*:[[:space:]]*,,' | sed 's, AND ,\n,g' | sed 's,^(\(.*\))$,\1,' | sort -u > $spec_licenses + + # "Redistributable, no modification permitted" is not a valid SPDX license tag, + # it is manually added to account for the firmware shipped as part of the source + # code, see e.g. drivers/net/appletalk/cops_ffdrv.h + sed -i '/^Redistributable, no modification permitted$/d' $spec_licenses + + if ! $BATS_TEST_DIRNAME/../scripts/kspdx-tool/kspdx.py $BATS_TEST_DIRNAME/../../ > $source_licenses; then + echo "ERROR: Failed to gather SPDX-License-Identifier: information from source files!" + return 1 + fi + sort -o $source_licenses $source_licenses + if ! diff -u $spec_licenses $source_licenses; then + echo $ERRMSG + ret=1 + else + ret=0 + fi + rm -f $spec_licenses $source_licenses + return $ret +} + +@test "Verify SPDX-License-Identifier tags" { + if ! test -x $BATS_TEST_DIRNAME/../scripts/kspdx-tool/kspdx.py ; then + skip "kspdx-tool is missing" + fi + + run _verify_one_license_tag + check_status + + _verify_spdx_licenses + check_status +} -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv4 3/3] redhat: Add dist-check-licenses target
From: Vitaly Kuznetsov redhat: Add dist-check-licenses target Introduce a dedicated make target to check source code licenses without the need to run all other selftests which may be failing for some other reason. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -877,6 +877,13 @@ dist-self-test: dist-self-test-data: ./self-test/data/create-data.sh +dist-check-licenses: + @if test -x /usr/bin/bats; then \ + bats $(REDHAT)/self-test/1007-spdx-licenses.bats ; \ + else \ + echo "dist-check-licenses: The bats package is not installed" ; \ + fi + dist-help: @echo 'Cleaning targets:' @echo ' dist-clean - Clean redhat/configs/ and redhat/rpm/ directories.' @@ -1000,6 +1007,9 @@ dist-full-help: @echo ' dist-os-version - Displays the current Red Hat Enterprise Linux versioni' @echo 'target used by the current branch/tree.' @echo ' dist-self-test - Runs self-tests from the redhat/self-test directory' + @echo ' dist-check-licenses - Runs license selftest checking SPDX-License-Identifier:' + @echo 'tags in all source files against `License:` field in the' + @echo 'specfile template.' @echo '' export -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv4 1/3] redhat: Use kspdx-tool output for the License: field
From: Vitaly Kuznetsov redhat: Use kspdx-tool output for the License: field Use kspdx-tool (https://gitlab.com/vkuznets/kspdx-tool) to find all licenses in the source code and its output to the License: field of the specfile. Package the tool and its current output. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100644 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -636,7 +636,7 @@ Summary: The Linux kernel Name: %{package_name} -License: GPLv2 and Redistributable, no modification permitted +License: ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-2-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR CDDL-1.0) AND ((GPL-2.0-only WITH Linux-syscall-note) OR Linux-OpenIB) AND ((GPL-2.0-only WITH Linux-syscall-note) OR MIT) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND BSD-3-Clause-Clear AND GPL-1.0-or-later AND (GPL-1.0-or-later OR BSD-3-Clause) AND (GPL-1.0-or-later WITH Linux-syscall-note) AND GPL-2.0-only AND (GPL-2.0-only OR Apache-2.0) AND (GPL-2.0-only OR BSD-2-Clause) AND (GPL-2.0-only OR BSD-3-Clause) AND (GPL-2.0-only OR CDDL-1.0) AND (GPL-2.0-only OR Linux-OpenIB) AND (GPL-2.0-only OR MIT) AND (GPL-2.0-only OR X11) AND (GPL-2.0-only WITH Linux-syscall-note) AND GPL-2.0-or-later AND (GPL-2.0-or-later OR BSD-2-Clause) AND (GPL-2.0-or-later OR BSD-3-Clause) AND (GPL-2.0-or-later OR MIT) AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH Linux-syscall-note) AND ISC AND LGPL-2.0-or-later AND (LGPL-2.0-or-later OR BSD-2-Clause) AND (LGPL-2.0-or-later WITH Linux-syscall-note) AND LGPL-2.1-only AND (LGPL-2.1-only OR BSD-2-Clause) AND (LGPL-2.1-only WITH Linux-syscall-note) AND LGPL-2.1-or-later AND (LGPL-2.1-or-later WITH Linux-syscall-note) AND (Linux-OpenIB OR GPL-2.0-only) AND (Linux-OpenIB OR GPL-2.0-only OR BSD-2-Clause) AND MIT AND (MIT OR Apache-2.0) AND (MIT OR GPL-2.0-only) AND (MIT OR GPL-2.0-or-later) AND (MIT OR LGPL-2.1-only) AND (MPL-1.1 OR GPL-2.0-only) AND (X11 OR GPL-2.0-only) AND (X11 OR GPL-2.0-or-later) AND Zlib AND (copyleft-next-0.3.1 OR GPL-2.0-or-later) AND (Redistributable, no modification permitted) URL: https://www.kernel.org/ Version: %{specrpmversion} Release: %{pkg_release} @@ -1069,7 +1069,6 @@ Epoch: %{gemini} %endif Summary: Performance monitoring for the Linux kernel Requires: bzip2 -License: GPLv2 %description -n perf This package contains the perf tool, which enables performance monitoring of the Linux kernel. @@ -1119,7 +1118,6 @@ This package provides debug information for the perf python bindings. %if %{with_tools} %package -n %{package_name}-tools Summary: Assortment of tools for the Linux kernel -License: GPLv2 %ifarch %{cpupowerarchs} Provides: cpupowerutils = 1:009-0.6.p1 Obsoletes: cpupowerutils < 1:009-0.6.p1 @@ -1137,14 +1135,12 @@ and the supporting documentation. %package -n %{package_name}-tools-libs Summary: Libraries for the kernels-tools -License: GPLv2 %description -n %{package_name}-tools-libs This package contains the libraries built from the tools/ directory from the kernel source. %package -n %{package_name}-tools-libs-devel Summary: Assortment of tools for the Linux kernel -License: GPLv2 Requires: %{package_name}-tools = %{version}-%{release} %ifarch %{cpupowerarchs} Provides: cpupowerutils-devel = 1:009-0.6.p1 @@ -1183,7 +1179,6 @@ and root causes of unexpected results. %package -n rv Summary: RV: Runtime Verification -License: GPLv2 %description -n rv Runtime Verification (RV) is a lightweight (yet rigorous) method that complements classical exhaustive verification techniques (such as model @@ -1201,7 +1196,6 @@ analysing the logical and timing behavior of Linux. %package -n bpftool Summary: Inspection and simple manipulation of eBPF programs and maps -License: GPLv2 Version: %{bpftoolversion} %description -n bpftool This package contains the bpftool, which allows inspection and simple @@ -1229,7 +1223,6 @@ This package provides debug information for the bpftool package. %package selftests-internal Summary: Kernel samples and selftests -License: GPLv2 Requires: binutils, bpftool, iproute-tc, nmap-ncat, python3, fuse-libs %description selftests-internal Kernel sample programs and selftests. diff --git a/redhat/scripts/kspdx-tool/kspdx.py b/redhat/scripts/kspdx-tool/kspdx.py new file mode 100755 index blahblah..blahblah 100755 --- /dev/null +++ b/redhat/scripts/kspdx-tool/kspdx.py @@ -0,0 +1,225 @@ +#! /usr/bin/python3 + +# SPDX-License-Identifier: LGPL-2.1-or-later + +import argparse +import os +import re +import subprocess +import sys + +# Files to not search for SPDX patterns +ignored_files = [ +# license-rules.rst describe how to write
[OS-BUILD PATCHv4 0/3] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 Be more picky about kernel's source code licenses: - Keep track of all currently used license in specfile template. - Add a selftest which checks all currently present license identifiers against License:. Signed-off-by: Vitaly Kuznetsov --- redhat/scripts/kspdx-tool/kspdx.py | 225 +++ redhat/self-test/1007-spdx-licenses.bats | 60 redhat/Makefile | 10 + redhat/kernel.spec.template |9 +- 4 files changed, 296 insertions(+), 8 deletions(-) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH 1/3] redhat: Use kspdx-tool output for the License: field
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1535110057 Added "Redistributable, no modification permitted" back, better safe than sorry. We may have some other firmware-looking pieces in the kernel. We need some audit to make sure we can get rid of it, this doesn't have to be done now, let's keep the status quo. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv3 2/3] redhat: Introduce "Verify SPDX-License-Identifier tags" selftest
From: Vitaly Kuznetsov redhat: Introduce "Verify SPDX-License-Identifier tags" selftest Add a test to check that all SPDX-License-Identifier: specified licenses in the code match the License: tag in the specfile. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/self-test/1007-spdx-licenses.bats b/redhat/self-test/1007-spdx-licenses.bats new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/self-test/1007-spdx-licenses.bats @@ -0,0 +1,60 @@ +#!/usr/bin/env bats +# Purpose: This test checks SPDX-License-Identifier: tags in all source files against redhat/LICENSES. + +load test-lib.bash + +SPEC=$BATS_TEST_DIRNAME/../kernel.spec.template + +ERRMSG="ERROR: The kernel RPM spec file License: field does not match the licenses available in the source tree. +Fedora, Centos Stream, and RHEL require that the RPM License field match the licenses in the source tree. See +https://docs.fedoraproject.org/en-US/legal/license-approval/ for further information. +A list of licenses can be generated by executing the redhat/scripts/license/kspdx.py utility. New licenses can +be added to the RPM License field only if they are listed in the Allowed Licenses list +https://docs.fedoraproject.org/en-US/legal/allowed-licenses/). Licenses cannot be added if they are in the +'Not Allowed' Licenses (https://docs.fedoraproject.org/en-US/legal/not-allowed-licenses/). Licenses can be added +to the 'Allowed' or 'Not Allowed' Licenses by following the License Review Process +(https://docs.fedoraproject.org/en-US/legal/license-review-process/)." + +_verify_one_license_tag() { + if [[ $(grep -c '^License:' $SPEC) != "1" ]]; then + echo "ERROR: The specfile is supposed to have exactly one License: tag!" + return 1 + fi +} + +_verify_spdx_licenses() { + spec_licenses=`mktemp` + source_licenses=`mktemp` + grep '^License:' $SPEC | sed 's,License[[:space:]]*:[[:space:]]*,,' | sed 's, AND ,\n,g' | sed 's,^(\(.*\))$,\1,' | sort -u > $spec_licenses + + # "Redistributable, no modification permitted" is not a valid SPDX license tag, + # it is manually added to account for the firmware shipped as part of the source + # code, see e.g. drivers/net/appletalk/cops_ffdrv.h + sed -i '/^Redistributable, no modification permitted$/d' $spec_licenses + + if ! $BATS_TEST_DIRNAME/../scripts/kspdx-tool/kspdx.py $BATS_TEST_DIRNAME/../../ > $source_licenses; then + echo "ERROR: Failed to gather SPDX-License-Identifier: information from source files!" + return 1 + fi + sort -o $source_licenses $source_licenses + if ! diff -u $spec_licenses $source_licenses; then + echo $ERRMSG + ret=1 + else + ret=0 + fi + rm -f $spec_licenses $source_licenses + return $ret +} + +@test "Verify SPDX-License-Identifier tags" { + if ! test -x $BATS_TEST_DIRNAME/../scripts/kspdx-tool/kspdx.py ; then + skip "kspdx-tool is missing" + fi + + run _verify_one_license_tag + check_status + + _verify_spdx_licenses + check_status +} -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv3 3/3] redhat: Add dist-check-licenses target
From: Vitaly Kuznetsov redhat: Add dist-check-licenses target Introduce a dedicated make target to check source code licenses without the need to run all other selftests which may be failing for some other reason. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -877,6 +877,13 @@ dist-self-test: dist-self-test-data: ./self-test/data/create-data.sh +dist-check-licenses: + @if test -x /usr/bin/bats; then \ + bats $(REDHAT)/self-test/1007-spdx-licenses.bats ; \ + else \ + echo "dist-check-licenses: The bats package is not installed" ; \ + fi + dist-help: @echo 'Cleaning targets:' @echo ' dist-clean - Clean redhat/configs/ and redhat/rpm/ directories.' @@ -1000,6 +1007,9 @@ dist-full-help: @echo ' dist-os-version - Displays the current Red Hat Enterprise Linux versioni' @echo 'target used by the current branch/tree.' @echo ' dist-self-test - Runs self-tests from the redhat/self-test directory' + @echo ' dist-check-licenses - Runs license selftest checking SPDX-License-Identifier:' + @echo 'tags in all source files against `License:` field in the' + @echo 'specfile template.' @echo '' export -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv3 1/3] redhat: Use kspdx-tool output for the License: field
From: Vitaly Kuznetsov redhat: Use kspdx-tool output for the License: field Use kspdx-tool (https://gitlab.com/vkuznets/kspdx-tool) to find all licenses in the source code and its output to the License: field of the specfile. Package the tool and its current output. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100644 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -636,7 +636,7 @@ Summary: The Linux kernel Name: %{package_name} -License: GPLv2 and Redistributable, no modification permitted +License: ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-2-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR CDDL-1.0) AND ((GPL-2.0-only WITH Linux-syscall-note) OR Linux-OpenIB) AND ((GPL-2.0-only WITH Linux-syscall-note) OR MIT) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND BSD-3-Clause-Clear AND GPL-1.0-or-later AND (GPL-1.0-or-later OR BSD-3-Clause) AND (GPL-1.0-or-later WITH Linux-syscall-note) AND GPL-2.0-only AND (GPL-2.0-only OR Apache-2.0) AND (GPL-2.0-only OR BSD-2-Clause) AND (GPL-2.0-only OR BSD-3-Clause) AND (GPL-2.0-only OR CDDL-1.0) AND (GPL-2.0-only OR Linux-OpenIB) AND (GPL-2.0-only OR MIT) AND (GPL-2.0-only OR X11) AND (GPL-2.0-only WITH Linux-syscall-note) AND GPL-2.0-or-later AND (GPL-2.0-or-later OR BSD-2-Clause) AND (GPL-2.0-or-later OR BSD-3-Clause) AND (GPL-2.0-or-later OR MIT) AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH Linux-syscall-note) AND ISC AND LGPL-2.0-or-later AND (LGPL-2.0-or-later OR BSD-2-Clause) AND (LGPL-2.0-or-later WITH Linux-syscall-note) AND LGPL-2.1-only AND (LGPL-2.1-only OR BSD-2-Clause) AND (LGPL-2.1-only WITH Linux-syscall-note) AND LGPL-2.1-or-later AND (LGPL-2.1-or-later WITH Linux-syscall-note) AND (Linux-OpenIB OR GPL-2.0-only) AND (Linux-OpenIB OR GPL-2.0-only OR BSD-2-Clause) AND MIT AND (MIT OR Apache-2.0) AND (MIT OR GPL-2.0-only) AND (MIT OR GPL-2.0-or-later) AND (MIT OR LGPL-2.1-only) AND (MPL-1.1 OR GPL-2.0-only) AND (X11 OR GPL-2.0-only) AND (X11 OR GPL-2.0-or-later) AND Zlib AND (copyleft-next-0.3.1 OR GPL-2.0-or-later) AND (Redistributable, no modification permitted) URL: https://www.kernel.org/ Version: %{specrpmversion} Release: %{pkg_release} @@ -1069,7 +1069,6 @@ Epoch: %{gemini} %endif Summary: Performance monitoring for the Linux kernel Requires: bzip2 -License: GPLv2 %description -n perf This package contains the perf tool, which enables performance monitoring of the Linux kernel. @@ -1119,7 +1118,6 @@ This package provides debug information for the perf python bindings. %if %{with_tools} %package -n %{package_name}-tools Summary: Assortment of tools for the Linux kernel -License: GPLv2 %ifarch %{cpupowerarchs} Provides: cpupowerutils = 1:009-0.6.p1 Obsoletes: cpupowerutils < 1:009-0.6.p1 @@ -1137,14 +1135,12 @@ and the supporting documentation. %package -n %{package_name}-tools-libs Summary: Libraries for the kernels-tools -License: GPLv2 %description -n %{package_name}-tools-libs This package contains the libraries built from the tools/ directory from the kernel source. %package -n %{package_name}-tools-libs-devel Summary: Assortment of tools for the Linux kernel -License: GPLv2 Requires: %{package_name}-tools = %{version}-%{release} %ifarch %{cpupowerarchs} Provides: cpupowerutils-devel = 1:009-0.6.p1 @@ -1183,7 +1179,6 @@ and root causes of unexpected results. %package -n rv Summary: RV: Runtime Verification -License: GPLv2 %description -n rv Runtime Verification (RV) is a lightweight (yet rigorous) method that complements classical exhaustive verification techniques (such as model @@ -1201,7 +1196,6 @@ analysing the logical and timing behavior of Linux. %package -n bpftool Summary: Inspection and simple manipulation of eBPF programs and maps -License: GPLv2 Version: %{bpftoolversion} %description -n bpftool This package contains the bpftool, which allows inspection and simple @@ -1229,7 +1223,6 @@ This package provides debug information for the bpftool package. %package selftests-internal Summary: Kernel samples and selftests -License: GPLv2 Requires: binutils, bpftool, iproute-tc, nmap-ncat, python3, fuse-libs %description selftests-internal Kernel sample programs and selftests. diff --git a/redhat/scripts/kspdx-tool/kspdx.py b/redhat/scripts/kspdx-tool/kspdx.py new file mode 100755 index blahblah..blahblah 100755 --- /dev/null +++ b/redhat/scripts/kspdx-tool/kspdx.py @@ -0,0 +1,225 @@ +#! /usr/bin/python3 + +# SPDX-License-Identifier: LGPL-2.1-or-later + +import argparse +import os +import re +import subprocess +import sys + +# Files to not search for SPDX patterns +ignored_files = [ +# license-rules.rst describe how to write
[OS-BUILD PATCHv3 0/3] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 Be more picky about kernel's source code licenses: - Keep track of all currently used license in specfile template. - Add a selftest which checks all currently present license identifiers against License:. Signed-off-by: Vitaly Kuznetsov --- redhat/scripts/kspdx-tool/kspdx.py | 225 +++ redhat/self-test/1007-spdx-licenses.bats | 60 redhat/Makefile | 10 + redhat/kernel.spec.template |9 +- 4 files changed, 296 insertions(+), 8 deletions(-) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH 1/3] redhat: Use kspdx-tool output for the License: field
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1535057039 @prarit We can add it manually, the question is how to make it a 'lesser hack'. Unfortunately, "Redistributable, no modification permitted" is not a valid SPDX tag so e.g. adding a file to redhat/ with ``` # SPDX-License-Identifier: Redistributable, no modification permitted ``` to make my script grab it would not be entirely correct. I can add it to "License:" manually and then filter it out when comparing with kspdx.py output I guess. Alternatively, we can reach out to legal asking if we really care: while 'CONFIG_DEV_APPLETALK' is enable in Fedora (but not in RHEL), CONFIG_COPS/CONFIG_COPS_DANYA are not but I'm not exactly sure about other hidden gems. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH 1/3] redhat: Use kspdx-tool output for the License: field
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1529889341 Fixed, pushed, MR updated. Thanks! ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv2 3/3] redhat: Add dist-check-licenses target
From: Vitaly Kuznetsov redhat: Add dist-check-licenses target Introduce a dedicated make target to check source code licenses without the need to run all other selftests which may be failing for some other reason. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -877,6 +877,13 @@ dist-self-test: dist-self-test-data: ./self-test/data/create-data.sh +dist-check-licenses: + @if test -x /usr/bin/bats; then \ + bats $(REDHAT)/self-test/1007-spdx-licenses.bats ; \ + else \ + echo "dist-check-licenses: The bats package is not installed" ; \ + fi + dist-help: @echo 'Cleaning targets:' @echo ' dist-clean - Clean redhat/configs/ and redhat/rpm/ directories.' @@ -1000,6 +1007,9 @@ dist-full-help: @echo ' dist-os-version - Displays the current Red Hat Enterprise Linux versioni' @echo 'target used by the current branch/tree.' @echo ' dist-self-test - Runs self-tests from the redhat/self-test directory' + @echo ' dist-check-licenses - Runs license selftest checking SPDX-License-Identifier:' + @echo 'tags in all source files against `License:` field in the' + @echo 'specfile template.' @echo '' export -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv2 2/3] redhat: Introduce "Verify SPDX-License-Identifier tags" selftest
From: Vitaly Kuznetsov redhat: Introduce "Verify SPDX-License-Identifier tags" selftest Add a test to check that all SPDX-License-Identifier: specified licenses in the code match the License: tag in the specfile. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/self-test/1007-spdx-licenses.bats b/redhat/self-test/1007-spdx-licenses.bats new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/self-test/1007-spdx-licenses.bats @@ -0,0 +1,54 @@ +#!/usr/bin/env bats +# Purpose: This test checks SPDX-License-Identifier: tags in all source files against redhat/LICENSES. + +load test-lib.bash + +SPEC=$BATS_TEST_DIRNAME/../kernel.spec.template + +ERRMSG="ERROR: The kernel RPM spec file License: field does not match the licenses available in the source tree. +Fedora, Centos Stream, and RHEL require that the RPM License field match the licenses in the source tree. See +https://docs.fedoraproject.org/en-US/legal/license-approval/ for further information. +A list of licenses can be generated by executing the redhat/scripts/license/kspdx.py utility. New licenses can +be added to the RPM License field only if they are listed in the Allowed Licenses list +https://docs.fedoraproject.org/en-US/legal/allowed-licenses/). Licenses cannot be added if they are in the +'Not Allowed' Licenses (https://docs.fedoraproject.org/en-US/legal/not-allowed-licenses/). Licenses can be added +to the 'Allowed' or 'Not Allowed' Licenses by following the License Review Process +(https://docs.fedoraproject.org/en-US/legal/license-review-process/)." + +_verify_one_license_tag() { + if [[ $(grep -c '^License:' $SPEC) != "1" ]]; then + echo "ERROR: The specfile is supposed to have exactly one License: tag!" + return 1 + fi +} + +_verify_spdx_licenses() { + spec_licenses=`mktemp` + source_licenses=`mktemp` + grep '^License:' $SPEC | sed 's,License[[:space:]]*:[[:space:]]*,,' | sed 's, AND ,\n,g' | sed 's,^(\(.*\))$,\1,' | sort -u > $spec_licenses + if ! $BATS_TEST_DIRNAME/../scripts/kspdx-tool/kspdx.py $BATS_TEST_DIRNAME/../../ > $source_licenses; then + echo "ERROR: Failed to gather SPDX-License-Identifier: information from source files!" + return 1 + fi + sort -o $source_licenses $source_licenses + if ! diff -u $spec_licenses $source_licenses; then + echo $ERRMSG + ret=1 + else + ret=0 + fi + rm -f $spec_licenses $source_licenses + return $ret +} + +@test "Verify SPDX-License-Identifier tags" { + if ! test -x $BATS_TEST_DIRNAME/../scripts/kspdx-tool/kspdx.py ; then + skip "kspdx-tool is missing" + fi + + run _verify_one_license_tag + check_status + + _verify_spdx_licenses + check_status +} -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv2 1/3] redhat: Use kspdx-tool output for the License: field
From: Vitaly Kuznetsov redhat: Use kspdx-tool output for the License: field Use kspdx-tool (https://gitlab.com/vkuznets/kspdx-tool) to find all licenses in the source code and its output to the License: field of the specfile. Package the tool and its current output. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100644 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -635,7 +635,7 @@ Summary: The Linux kernel Name: %{package_name} -License: GPLv2 and Redistributable, no modification permitted +License: ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-2-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR CDDL-1.0) AND ((GPL-2.0-only WITH Linux-syscall-note) OR Linux-OpenIB) AND ((GPL-2.0-only WITH Linux-syscall-note) OR MIT) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND BSD-3-Clause-Clear AND GPL-1.0-or-later AND (GPL-1.0-or-later OR BSD-3-Clause) AND (GPL-1.0-or-later WITH Linux-syscall-note) AND GPL-2.0-only AND (GPL-2.0-only OR Apache-2.0) AND (GPL-2.0-only OR BSD-2-Clause) AND (GPL-2.0-only OR BSD-3-Clause) AND (GPL-2.0-only OR CDDL-1.0) AND (GPL-2.0-only OR Linux-OpenIB) AND (GPL-2.0-only OR MIT) AND (GPL-2.0-only OR X11) AND (GPL-2.0-only WITH Linux-syscall-note) AND GPL-2.0-or-later AND (GPL-2.0-or-later OR BSD-2-Clause) AND (GPL-2.0-or-later OR BSD-3-Clause) AND (GPL-2.0-or-later OR MIT) AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH Linux-syscall-note) AND ISC AND LGPL-2.0-or-later AND (LGPL-2.0-or-later OR BSD-2-Clause) AND (LGPL-2.0-or-later WITH Linux-syscall-note) AND LGPL-2.1-only AND (LGPL-2.1-only OR BSD-2-Clause) AND (LGPL-2.1-only WITH Linux-syscall-note) AND LGPL-2.1-or-later AND (LGPL-2.1-or-later WITH Linux-syscall-note) AND (Linux-OpenIB OR GPL-2.0-only) AND (Linux-OpenIB OR GPL-2.0-only OR BSD-2-Clause) AND MIT AND (MIT OR Apache-2.0) AND (MIT OR GPL-2.0-only) AND (MIT OR GPL-2.0-or-later) AND (MIT OR LGPL-2.1-only) AND (MPL-1.1 OR GPL-2.0-only) AND (X11 OR GPL-2.0-only) AND (X11 OR GPL-2.0-or-later) AND Zlib AND (copyleft-next-0.3.1 OR GPL-2.0-or-later) URL: https://www.kernel.org/ Version: %{specrpmversion} Release: %{pkg_release} @@ -1069,7 +1069,6 @@ Epoch: %{gemini} %endif Summary: Performance monitoring for the Linux kernel Requires: bzip2 -License: GPLv2 %description -n perf This package contains the perf tool, which enables performance monitoring of the Linux kernel. @@ -1119,7 +1118,6 @@ This package provides debug information for the perf python bindings. %if %{with_tools} %package -n %{package_name}-tools Summary: Assortment of tools for the Linux kernel -License: GPLv2 %ifarch %{cpupowerarchs} Provides: cpupowerutils = 1:009-0.6.p1 Obsoletes: cpupowerutils < 1:009-0.6.p1 @@ -1137,14 +1135,12 @@ and the supporting documentation. %package -n %{package_name}-tools-libs Summary: Libraries for the kernels-tools -License: GPLv2 %description -n %{package_name}-tools-libs This package contains the libraries built from the tools/ directory from the kernel source. %package -n %{package_name}-tools-libs-devel Summary: Assortment of tools for the Linux kernel -License: GPLv2 Requires: %{package_name}-tools = %{version}-%{release} %ifarch %{cpupowerarchs} Provides: cpupowerutils-devel = 1:009-0.6.p1 @@ -1183,7 +1179,6 @@ and root causes of unexpected results. %package -n rv Summary: RV: Runtime Verification -License: GPLv2 %description -n rv Runtime Verification (RV) is a lightweight (yet rigorous) method that complements classical exhaustive verification techniques (such as model @@ -1201,7 +1196,6 @@ analysing the logical and timing behavior of Linux. %package -n bpftool Summary: Inspection and simple manipulation of eBPF programs and maps -License: GPLv2 Version: %{bpftoolversion} %description -n bpftool This package contains the bpftool, which allows inspection and simple @@ -1229,7 +1223,6 @@ This package provides debug information for the bpftool package. %package selftests-internal Summary: Kernel samples and selftests -License: GPLv2 Requires: binutils, bpftool, iproute-tc, nmap-ncat, python3, fuse-libs %description selftests-internal Kernel sample programs and selftests. diff --git a/redhat/scripts/kspdx-tool/kspdx.py b/redhat/scripts/kspdx-tool/kspdx.py new file mode 100755 index blahblah..blahblah 100755 --- /dev/null +++ b/redhat/scripts/kspdx-tool/kspdx.py @@ -0,0 +1,225 @@ +#! /usr/bin/python3 + +# SPDX-License-Identifier: LGPL-2.1-or-later + +import argparse +import os +import re +import subprocess +import sys + +# Files to not search for SPDX patterns +ignored_files = [ +# license-rules.rst describe how to write SPDX-License-Identifier tags, skip it +
[OS-BUILD PATCHv2 0/3] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 Be more picky about kernel's source code licenses: - Keep track of all currently used license in specfile template. - Add a selftest which checks all currently present license identifiers against License:. Signed-off-by: Vitaly Kuznetsov --- redhat/scripts/kspdx-tool/kspdx.py | 225 +++ redhat/self-test/1007-spdx-licenses.bats | 54 +++ redhat/Makefile | 10 + redhat/kernel.spec.template |9 +- 4 files changed, 290 insertions(+), 8 deletions(-) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH 1/3] redhat: Use kspdx-tool output for the License: field
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1529883107 Oh, this is very unfortunate and deserves an upstream discussion. Luckily, CONFIG_COPS/CONFIG_COPS_DANYA are not enabled on our configs. Post-MR, the list of licenses is formed from SPDX tags only. There's some code in the kernel which still wasn't converted to SPDX but I don't think there's much we can do about that. Fingers crossed all such code will get converted/removed eventually. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH 1/3] redhat: Use kspdx-tool output for the License: field
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1526606091 Indeed! ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH 1/3] redhat: Use kspdx-tool output for the License: field
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1526605878 Not that it is not allowed, just not present in the source :-) There's code to drop unneeded highest level parentheses so e.g. `(GPL-2.0-only)` becomes `GPL-2.0-only`, it can certainly be improved to cover this case, i.e. `(everythin-without-spaces)` == `everything-without-spaces`. FWIW, I have a repo for kspdx-tool here: https://gitlab.com/vkuznets/kspdx- tool and in the MR it's just a copy. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH 1/3] redhat: Use kspdx-tool output for the License: field
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1526314134 FWIW, there's an ongoing discussion on making the resulting list of licenses way more readable by ignoring dual licensing, e.g. if a file is licensed under "(GPL-2.0-only WITH Linux-syscall-note) OR BSD-2-Clause" we can pick the less permissive "GPL-2.0-only WITH Linux-syscall-note" from the two. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH 1/3] redhat: Use kspdx-tool output for the License: field
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648#note_1526295217 Yes, this is intentional. I (and the script which actually builds the 'License:' field now) didn't find anything under 'Redistributable' in the kernel. My guess is that this was a leftover from the times when kernel was also shipping firmware blobs. This is gone since 2017 with ``` commit 5620a0d1aacd554ebebcff373e31107bb1ef7769 Author: Greg Kroah-Hartman Date: Thu Sep 14 14:23:01 2017 -0700 firmware: delete in-kernel firmware ``` with all blobs moving to 'linux-firmware'. Secure Boot, as far as I understand, shouldn't have anything to do with licensing. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCH 1/3] redhat: Use kspdx-tool output for the License: field
From: Vitaly Kuznetsov redhat: Use kspdx-tool output for the License: field Use kspdx-tool (https://gitlab.com/vkuznets/kspdx-tool) to find all licenses in the source code and its output to the License: field of the specfile. Package the tool and its current output. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100644 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -635,7 +635,7 @@ Summary: The Linux kernel Name: %{package_name} -License: GPLv2 and Redistributable, no modification permitted +License: ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-2-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-only WITH Linux-syscall-note) OR CDDL-1.0) AND ((GPL-2.0-only WITH Linux-syscall-note) OR Linux-OpenIB) AND ((GPL-2.0-only WITH Linux-syscall-note) OR MIT) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR BSD-3-Clause) AND ((GPL-2.0-or-later WITH Linux-syscall-note) OR MIT) AND BSD-2-Clause AND BSD-3-Clause AND BSD-3-Clause-Clear AND GPL-1.0-or-later AND (GPL-1.0-or-later OR BSD-3-Clause) AND (GPL-1.0-or-later WITH Linux-syscall-note) AND GPL-2.0-only AND (GPL-2.0-only OR Apache-2.0) AND (GPL-2.0-only OR BSD-2-Clause) AND (GPL-2.0-only OR BSD-3-Clause) AND (GPL-2.0-only OR CDDL-1.0) AND (GPL-2.0-only OR Linux-OpenIB) AND (GPL-2.0-only OR MIT) AND (GPL-2.0-only OR X11) AND (GPL-2.0-only WITH Linux-syscall-note) AND GPL-2.0-or-later AND (GPL-2.0-or-later OR BSD-2-Clause) AND (GPL-2.0-or-later OR BSD-3-Clause) AND (GPL-2.0-or-later OR MIT) AND (GPL-2.0-or-later WITH GCC-exception-2.0) AND (GPL-2.0-or-later WITH Linux-syscall-note) AND ISC AND LGPL-2.0-or-later AND (LGPL-2.0-or-later OR BSD-2-Clause) AND (LGPL-2.0-or-later WITH Linux-syscall-note) AND LGPL-2.1-only AND (LGPL-2.1-only OR BSD-2-Clause) AND (LGPL-2.1-only WITH Linux-syscall-note) AND LGPL-2.1-or-later AND (LGPL-2.1-or-later WITH Linux-syscall-note) AND (Linux-OpenIB OR GPL-2.0-only) AND (Linux-OpenIB OR GPL-2.0-only OR BSD-2-Clause) AND MIT AND (MIT OR Apache-2.0) AND (MIT OR GPL-2.0-only) AND (MIT OR GPL-2.0-or-later) AND (MIT OR LGPL-2.1-only) AND (MPL-1.1 OR GPL-2.0-only) AND (X11 OR GPL-2.0-only) AND (X11 OR GPL-2.0-or-later) AND Zlib AND (copyleft-next-0.3.1 OR GPL-2.0-or-later) URL: https://www.kernel.org/ Version: %{specrpmversion} Release: %{pkg_release} @@ -1069,7 +1069,6 @@ Epoch: %{gemini} %endif Summary: Performance monitoring for the Linux kernel Requires: bzip2 -License: GPLv2 %description -n perf This package contains the perf tool, which enables performance monitoring of the Linux kernel. @@ -1119,7 +1118,6 @@ This package provides debug information for the perf python bindings. %if %{with_tools} %package -n %{package_name}-tools Summary: Assortment of tools for the Linux kernel -License: GPLv2 %ifarch %{cpupowerarchs} Provides: cpupowerutils = 1:009-0.6.p1 Obsoletes: cpupowerutils < 1:009-0.6.p1 @@ -1137,14 +1135,12 @@ and the supporting documentation. %package -n %{package_name}-tools-libs Summary: Libraries for the kernels-tools -License: GPLv2 %description -n %{package_name}-tools-libs This package contains the libraries built from the tools/ directory from the kernel source. %package -n %{package_name}-tools-libs-devel Summary: Assortment of tools for the Linux kernel -License: GPLv2 Requires: %{package_name}-tools = %{version}-%{release} %ifarch %{cpupowerarchs} Provides: cpupowerutils-devel = 1:009-0.6.p1 @@ -1183,7 +1179,6 @@ and root causes of unexpected results. %package -n rv Summary: RV: Runtime Verification -License: GPLv2 %description -n rv Runtime Verification (RV) is a lightweight (yet rigorous) method that complements classical exhaustive verification techniques (such as model @@ -1201,7 +1196,6 @@ analysing the logical and timing behavior of Linux. %package -n bpftool Summary: Inspection and simple manipulation of eBPF programs and maps -License: GPLv2 Version: %{bpftoolversion} %description -n bpftool This package contains the bpftool, which allows inspection and simple @@ -1229,7 +1223,6 @@ This package provides debug information for the bpftool package. %package selftests-internal Summary: Kernel samples and selftests -License: GPLv2 Requires: binutils, bpftool, iproute-tc, nmap-ncat, python3, fuse-libs %description selftests-internal Kernel sample programs and selftests. diff --git a/redhat/scripts/kspdx-tool/kspdx.py b/redhat/scripts/kspdx-tool/kspdx.py new file mode 100755 index blahblah..blahblah 100755 --- /dev/null +++ b/redhat/scripts/kspdx-tool/kspdx.py @@ -0,0 +1,224 @@ +#! /usr/bin/python3 + +# SPDX-License-Identifier: LGPL-2.1-or-later + +import argparse +import os +import re +import subprocess +import sys + +# Files to not search for SPDX patterns +ignored_files = [ +# license-rules.rst describe how to write SPDX-License-Identifier tags, skip it +
[OS-BUILD PATCH 2/3] redhat: Introduce "Verify SPDX-License-Identifier tags" selftest
From: Vitaly Kuznetsov redhat: Introduce "Verify SPDX-License-Identifier tags" selftest Add a test to check that all SPDX-License-Identifier: specified licenses in the code match the License: tag in the specfile. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/self-test/1007-spdx-licenses.bats b/redhat/self-test/1007-spdx-licenses.bats new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/self-test/1007-spdx-licenses.bats @@ -0,0 +1,54 @@ +#!/usr/bin/env bats +# Purpose: This test checks SPDX-License-Identifier: tags in all source files against redhat/LICENSES. + +load test-lib.bash + +SPEC=$BATS_TEST_DIRNAME/../kernel.spec.template + +ERRMSG="ERROR: The kernel RPM spec file License: field does not match the licenses available in the source tree. +Fedora, Centos Stream, and RHEL require that the RPM License field match the licenses in the source tree. See +https://docs.fedoraproject.org/en-US/legal/license-approval/ for further information. +A list of licenses can be generated by executing the redhat/scripts/license/kspdx.py utility. New licenses can +be added to the RPM License field only if they are listed in the Allowed Licenses list +https://docs.fedoraproject.org/en-US/legal/allowed-licenses/). Licenses cannot be added if they are in the +'Not Allowed' Licenses (https://docs.fedoraproject.org/en-US/legal/not-allowed-licenses/). Licenses can be added +to the 'Allowed' or 'Not Allowed' Licenses by following the License Review Process +(https://docs.fedoraproject.org/en-US/legal/license-review-process/)." + +_verify_one_license_tag() { + if [[ $(grep -c '^License:' $SPEC) != "1" ]]; then + echo "ERROR: The specfile is supposed to have exactly one License: tag!" + return 1 + fi +} + +_verify_spdx_licenses() { + spec_licenses=`mktemp` + source_licenses=`mktemp` + grep '^License:' $SPEC | sed 's,License[[:space:]]*:[[:space:]]*,,' | sed 's, AND ,\n,g' | sed 's,^(\(.*\))$,\1,' | sort -u > $spec_licenses + if ! $BATS_TEST_DIRNAME/../scripts/kspdx-tool/kspdx.py $BATS_TEST_DIRNAME/../../ > $source_licenses; then + echo "ERROR: Failed to gather SPDX-License-Identifier: information from source files!" + return 1 + fi + sort -o $source_licenses $source_licenses + if ! diff -u $spec_licenses $source_licenses; then + echo $ERRMSG + ret=1 + else + ret=0 + fi + rm -f $spec_licenses $source_licenses + return $ret +} + +@test "Verify SPDX-License-Identifier tags" { + if ! test -x $BATS_TEST_DIRNAME/../scripts/kspdx-tool/kspdx.py ; then + skip "kspdx-tool is missing" + fi + + run _verify_one_license_tag + check_status + + _verify_spdx_licenses + check_status +} -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCH 0/3] redhat: Keep track of SPDX-License-Identifier tags in the code
From: Vitaly Kuznetsov on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2648 Be more picky about kernel's source code licenses: - Keep track of all currently used license in redhat/LICENSES and use that for the License: fields in the specfile. - Add a selftest which checks all currently present license identifiers with redhat/LICENSES. Signed-off-by: Vitaly Kuznetsov --- redhat/scripts/kspdx-tool/kspdx.py | 224 +++ redhat/self-test/1007-spdx-licenses.bats | 54 +++ redhat/Makefile | 10 + redhat/kernel.spec.template |9 +- 4 files changed, 289 insertions(+), 8 deletions(-) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCH] redhat/configs: enable CONFIG_MANA_INFINIBAND=m for ARK
From: Vitaly Kuznetsov redhat/configs: enable CONFIG_MANA_INFINIBAND=m for ARK CONFIG_MANA_INFINIBAND is getting enabled for C9S: https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9/-/merge_requests/2436 and it is already enabled for Fedora. Enable it for ARK too. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/configs/fedora/generic/x86/CONFIG_MANA_INFINIBAND b/redhat/configs/common/generic/x86/CONFIG_MANA_INFINIBAND rename from redhat/configs/fedora/generic/x86/CONFIG_MANA_INFINIBAND rename to redhat/configs/common/generic/x86/CONFIG_MANA_INFINIBAND index blahblah..blahblah 100644 --- a/redhat/configs/fedora/generic/x86/CONFIG_MANA_INFINIBAND +++ b/redhat/configs/common/generic/x86/CONFIG_MANA_INFINIBAND -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2523 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH] Include the information about builtin symbols into kernel-uki-virt package too
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2408#note_1399257426 I see you've already fixed that: ``` commit b8eb5c3d6bce1fe1b6d5d4bbe4ee81b140f90f93 Author: Justin M. Forbes Date: Thu May 18 12:46:33 2023 -0500 Fix file listing for symvers in uki ``` thanks! ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH] Include the information about builtin symbols into kernel-uki-virt package too
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2408#note_1392220963 OK, worst case scenario we can introduce a new package with these files which is going to be required by both kernel-core and kernel-uki-virt ("kernel- builtin-info") but I'd really like to not do this without a good reason. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH] Include the information about builtin symbols into kernel-uki-virt package too
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2408#note_1392054667 Just a humble ping @jmflinuxtx @jstancek @hertonrk-rh ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH] Include the information about builtin symbols into kernel-uki-virt package too
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2408#note_130375 Yes, here's the koji build https://koji.fedoraproject.org/koji/taskinfo?taskID=100339642 My understanding is that we only get a bunch of kmod() and kernel() Provides: added (same as in kernel-core). ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH] Include the information about builtin symbols into kernel-uki-virt package too
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2408#note_1365997499 @jmflinuxtx @jstancek @hertonrk-rh please review! In particular, I'm not sure what the downsides of packaging System.map/ config/symvers/modules.builtin to **both** kernel-core and kernel-uki-virt might be. I've checked that these two packages can be installed in parallel without issues but there might be other implications of the added Provides I'm missing. Thanks! ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCH] Include the information about builtin symbols into kernel-uki-virt package too
From: Vitaly Kuznetsov Include the information about builtin symbols into kernel-uki-virt package too The information about builtin symbols: symvers, modules.builtin, System.map, config and the auto generated RPM "Provides" may be required by e.g. proprietary kernel modules and there's no reason why these can't be used with UKI. Include the information to kernel-uki-virt package in parallel with kernel-core so both these packages can be used to resolve the dependency if needed. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100644 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -3360,6 +3360,10 @@ fi %endif\ %if %{with_efiuki}\ %{expand:%%files %{?3:%{3}-}uki-virt}\ +%attr(0600, root, root) /lib/modules/%{KVERREL}%{?3:+%{3}}/System.map\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/symvers.gz\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/config\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/modules.builtin*\ /lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi\ %ghost /%{image_install_path}/efi/EFI/Linux/%{?-k:%{-k*}}%{!?-k:*}-%{KVERREL}%{?3:+%{3}}.efi\ %endif\ -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2408 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH] kernel.spec: Fix UKI naming to comply with BLS
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2391#note_1340821580 Oh, true, the file is '%ghost' so the build is not broken but we certanly want to have it fixed. Thanks! ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH] kernel.spec: Fix UKI naming to comply with BLS
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2391#note_1340490866 Looks good to me, thanks! ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCH] redhat: Repair ELN build broken by the recent UKI changes
From: Vitaly Kuznetsov redhat: Repair ELN build broken by the recent UKI changes UKI build requires systemd-stub ('/usr/lib/systemd/boot/efi/linuxx64.efi.stub') to be present in buildroot. In F38, this was moved from 'systemd-udev' package to a newly introduced 'systemd-boot-unsigned'. ELN build requires it too. Add a note to redhat/rebase-notes.txt that 'systemd-boot-unsigned' builddep needs to be dropped for F37. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -711,9 +711,7 @@ BuildRequires: dracut BuildRequires: binutils # For the initrd BuildRequires: lvm2 -%if 0%{?fedora} > 37 BuildRequires: systemd-boot-unsigned -%endif # For systemd-stub and systemd-pcrphase BuildRequires: systemd-udev >= 252-1 # For TPM operations in UKI initramfs diff --git a/redhat/rebase-notes.txt b/redhat/rebase-notes.txt index blahblah..blahblah 100644 --- a/redhat/rebase-notes.txt +++ b/redhat/rebase-notes.txt @@ -3,3 +3,5 @@ Rebase notes for Fedora kernel rebases: 6.x: Apply both patches for the simple drm nvidia work-around. From 6.1: e020208cd83e397e47cf2b54c4471847ff09e2ee enable efifb for Nvidia 811fe0e4dcfd86a0db5135d3bfef4936794efdb6 drivers/firmware: skip simpledrm if nvidia-drm.modeset=1 is set + +Fedora 37: 'systemd-boot-unsigned' build dependency needs to be dropped. -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2284 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv7] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175#note_1272284950 OK, I've created https://gitlab.com/cki-project/kernel- ark/-/merge_requests/2284 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv7] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175#note_1271653012 Sorry about that! I wasn't exactly sure what's the buildroot for ELN. In CS9, systemd-stub (linuxx64.efi.stub) lives in 'systemd-udev' but in F38 it has traveled to 'systemd-boot-unsigned' so we have +%if 0%{?fedora} > 37 +BuildRequires: systemd-boot-unsigned +%endif apparently, this doesn't work for ELN. I guess something like the following should do the job +%if 0%{?fedora} > 37 || 0%{?eln} +BuildRequires: systemd-boot-unsigned +%endif do we need a new MR or can we just fix things up here? ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv7] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175#note_1267401590 I see @hertonrk-rh ACKed, thanks! We're sorting out a minor conflict in RHEL between UKI (https://gitlab.com/redhat/centos-stream/src/kernel/centos- stream-9/-/merge_requests/1736) and 64-k paging on ARM (https://gitlab.com/redhat/centos-stream/src/kernel/centos- stream-9/-/merge_requests/1820) -- which is RHEL-only. This will make things differ a bit between RHEL and ARK/Fedora but not much. I'll try my best to keep things synchronized whenever possible. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv7] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175#note_1267085165 @jmflinuxtx could you please take a look? Is there anything blocking this MR? ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv7] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov redhat: Add sub-RPM with a EFI unified kernel image for virtual machines The new 'kernel-unified-virt' sub-RPM is added on x86_64 targets. This contains an EFI application that provides a combined vmlinux, initrd and cmdline, as a so called 'unified kernel image'. The spec for this is defined by the boot loader specification https://uapi-group.org/specifications/specs/boot_loader_specification/ The key benefit of a unified kernel is that its secure boot signature covers the initrd and cmdline contents, allowing a trustworthy measured boot process with attestation, which is not practical with locally generated initrds/cmdlines. Since the initrd is pre-generated its contents have to be very generic, to be usable on a wide variety of deployments. To make this problem tractable, the sub-RPM targets only usage in virtual machines. With such a restriction, the initrd only needs a very small set of block driver modules present, in order to be usable across KVM, Hyper-V and Xen hypervisors which will cover essentially all common public and private clouds. Similarly the kernel cmdline cannot contain any host specific data, which means the root filesystem to mount needs to be able to be automatically detected. A virtual machine image intending to use this unified kernel package thus needs to comply with the discoverable partitions specification: https://uapi-group.org/specifications/specs/discoverable_partitions_specification/ Based-on-patch-by: Daniel P. Berrangé Based-on-patch-by: Gerd Hoffmann Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -639,6 +639,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check ../Makefile.rhelver \ README.rst \ kernel-local \ + dracut-virt.conf \ $(SOURCES)/ @if [ "$(RELEASED_KERNEL)" -ne 0 ]; then \ cp keys/redhatsecureboot{301,501,ca5,ca1}.cer $(SOURCES)/; \ diff --git a/redhat/dracut-virt.conf b/redhat/dracut-virt.conf new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/dracut-virt.conf @@ -0,0 +1,35 @@ +# generic + compressed please +hostonly="no" +compress="xz" + +# VMs can't update microcode anyway +early_microcode="no" + +# modules: basics +dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus dbus-broker usrmount shutdown " + +# modules: storage support +dracutmodules+=" dm lvm rootfs-block fs-lib " + +# modules: tpm and crypto +dracutmodules+=" crypt crypt-loop tpm2-tss " + +# drivers: virtual buses, pci +drivers+=" virtio-pci virtio-mmio " # qemu-kvm +drivers+=" hv-vmbus pci-hyperv " # hyperv +drivers+=" xen-pcifront "# xen + +# drivers: storage +drivers+=" ahci nvme sd_mod sr_mod " # generic +drivers+=" virtio-blk virtio-scsi " # qemu-kvm +drivers+=" hv-storvsc " # hyperv +drivers+=" xen-blkfront "# xen + +# root encryption +drivers+=" dm_crypt " + +# filesystems +filesystems+=" vfat ext4 xfs overlay " + +# systemd-pcrphase +install_items+=" /lib/systemd/system/systemd-pcrphase-initrd.service /usr/lib/systemd/systemd-pcrphase /usr/lib/systemd/system/initrd.target.wants/systemd-pcrphase-initrd.service " diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -91,6 +91,12 @@ Summary: The Linux kernel %global zipmodules 1 %endif +%ifarch x86_64 +%global efiuki 1 +%else +%global efiuki 0 +%endif + %if %{zipmodules} %global zipsed -e 's/\.ko$/\.ko.xz/' %endif @@ -699,6 +705,21 @@ BuildRequires: llvm BuildRequires: lld %endif +%if %{efiuki} +BuildRequires: dracut +# For dracut UEFI uki binaries +BuildRequires: binutils +# For the initrd +BuildRequires: lvm2 +%if 0%{?fedora} > 37 +BuildRequires: systemd-boot-unsigned +%endif +# For systemd-stub and systemd-pcrphase +BuildRequires: systemd-udev >= 252-1 +# For TPM operations in UKI initramfs +BuildRequires: tpm2-tools +%endif + # Because this is the kernel, it's hard to get a single upstream URL # to represent the base without needing to do a bunch of patching. This # tarball is generated from a src-git tree. If you want to see the @@ -826,6 +847,8 @@ Source82: update_scripts.sh Source84: mod-internal.list Source85: mod-partner.list +Source86: dracut-virt.conf + Source100: rheldup3.x509 Source101: rhelkpatch1.x509 @@ -1331,6 +1354,13 @@ Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ %endif\ %{expand:%%kernel_debuginfo_package %{?1:%{1}}}\ %endif\ +%if %{efiuki}\ +%package %{?1:%{1}-}uki-virt\ +Summary: %{variant_summary} unified kernel image for virtual machines\ +Provides: installonlypkg(kernel)\ +Provides: kernel-%{?1:%{1}-}uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires:
[OS-BUILD PATCHv6] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov redhat: Add sub-RPM with a EFI unified kernel image for virtual machines The new 'kernel-unified-virt' sub-RPM is added on x86_64 targets. This contains an EFI application that provides a combined vmlinux, initrd and cmdline, as a so called 'unified kernel image'. The spec for this is defined by the boot loader specification https://uapi-group.org/specifications/specs/boot_loader_specification/ The key benefit of a unified kernel is that its secure boot signature covers the initrd and cmdline contents, allowing a trustworthy measured boot process with attestation, which is not practical with locally generated initrds/cmdlines. Since the initrd is pre-generated its contents have to be very generic, to be usable on a wide variety of deployments. To make this problem tractable, the sub-RPM targets only usage in virtual machines. With such a restriction, the initrd only needs a very small set of block driver modules present, in order to be usable across KVM, Hyper-V and Xen hypervisors which will cover essentially all common public and private clouds. Similarly the kernel cmdline cannot contain any host specific data, which means the root filesystem to mount needs to be able to be automatically detected. A virtual machine image intending to use this unified kernel package thus needs to comply with the discoverable partitions specification: https://uapi-group.org/specifications/specs/discoverable_partitions_specification/ Based-on-patch-by: Daniel P. Berrangé Based-on-patch-by: Gerd Hoffmann Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -639,6 +639,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check ../Makefile.rhelver \ README.rst \ kernel-local \ + dracut-virt.conf \ $(SOURCES)/ @if [ "$(RELEASED_KERNEL)" -ne 0 ]; then \ cp keys/redhatsecureboot{301,501,ca5,ca1}.cer $(SOURCES)/; \ diff --git a/redhat/dracut-virt.conf b/redhat/dracut-virt.conf new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/dracut-virt.conf @@ -0,0 +1,35 @@ +# generic + compressed please +hostonly="no" +compress="xz" + +# VMs can't update microcode anyway +early_microcode="no" + +# modules: basics +dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus dbus-broker usrmount shutdown " + +# modules: storage support +dracutmodules+=" dm lvm rootfs-block fs-lib " + +# modules: tpm and crypto +dracutmodules+=" crypt crypt-loop tpm2-tss " + +# drivers: virtual buses, pci +drivers+=" virtio-pci virtio-mmio " # qemu-kvm +drivers+=" hv-vmbus pci-hyperv " # hyperv +drivers+=" xen-pcifront "# xen + +# drivers: storage +drivers+=" ahci nvme scsi-hd scsi-cd " # generic +drivers+=" virtio-blk virtio-scsi " # qemu-kvm +drivers+=" hv-storvsc sd_mod " # hyperv +drivers+=" xen-blkfront "# xen + +# root encryption +drivers+=" dm_crypt " + +# filesystems +filesystems+=" vfat ext4 xfs overlay " + +# systemd-pcrphase +install_items+=" /lib/systemd/system/systemd-pcrphase-initrd.service /usr/lib/systemd/systemd-pcrphase /usr/lib/systemd/system/initrd.target.wants/systemd-pcrphase-initrd.service " diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -91,6 +91,12 @@ Summary: The Linux kernel %global zipmodules 1 %endif +%ifarch x86_64 +%global efiuki 1 +%else +%global efiuki 0 +%endif + %if %{zipmodules} %global zipsed -e 's/\.ko$/\.ko.xz/' %endif @@ -699,6 +705,21 @@ BuildRequires: llvm BuildRequires: lld %endif +%if %{efiuki} +BuildRequires: dracut +# For dracut UEFI uki binaries +BuildRequires: binutils +# For the initrd +BuildRequires: lvm2 +%if 0%{?fedora} > 37 +BuildRequires: systemd-boot-unsigned +%endif +# For systemd-stub and systemd-pcrphase +BuildRequires: systemd-udev >= 252-1 +# For TPM operations in UKI initramfs +BuildRequires: tpm2-tools +%endif + # Because this is the kernel, it's hard to get a single upstream URL # to represent the base without needing to do a bunch of patching. This # tarball is generated from a src-git tree. If you want to see the @@ -826,6 +847,8 @@ Source82: update_scripts.sh Source84: mod-internal.list Source85: mod-partner.list +Source86: dracut-virt.conf + Source100: rheldup3.x509 Source101: rhelkpatch1.x509 @@ -1331,6 +1354,13 @@ Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ %endif\ %{expand:%%kernel_debuginfo_package %{?1:%{1}}}\ %endif\ +%if %{efiuki}\ +%package %{?1:%{1}-}uki-virt\ +Summary: %{variant_summary} unified kernel image for virtual machines\ +Provides: installonlypkg(kernel)\ +Provides: kernel-%{?1:%{1}-}uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires:
[OS-BUILD PATCHv5] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov redhat: Add sub-RPM with a EFI unified kernel image for virtual machines The new 'kernel-unified-virt' sub-RPM is added on x86_64 targets. This contains an EFI application that provides a combined vmlinux, initrd and cmdline, as a so called 'unified kernel image'. The spec for this is defined by the boot loader specification https://uapi-group.org/specifications/specs/boot_loader_specification/ The key benefit of a unified kernel is that its secure boot signature covers the initrd and cmdline contents, allowing a trustworthy measured boot process with attestation, which is not practical with locally generated initrds/cmdlines. Since the initrd is pre-generated its contents have to be very generic, to be usable on a wide variety of deployments. To make this problem tractable, the sub-RPM targets only usage in virtual machines. With such a restriction, the initrd only needs a very small set of block driver modules present, in order to be usable across KVM, Hyper-V and Xen hypervisors which will cover essentially all common public and private clouds. Similarly the kernel cmdline cannot contain any host specific data, which means the root filesystem to mount needs to be able to be automatically detected. A virtual machine image intending to use this unified kernel package thus needs to comply with the discoverable partitions specification: https://uapi-group.org/specifications/specs/discoverable_partitions_specification/ Based-on-patch-by: Daniel P. Berrangé Based-on-patch-by: Gerd Hoffmann Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -639,6 +639,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check ../Makefile.rhelver \ README.rst \ kernel-local \ + dracut-virt.conf \ $(SOURCES)/ @if [ "$(RELEASED_KERNEL)" -ne 0 ]; then \ cp keys/redhatsecureboot{301,501,ca5,ca1}.cer $(SOURCES)/; \ diff --git a/redhat/dracut-virt.conf b/redhat/dracut-virt.conf new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/dracut-virt.conf @@ -0,0 +1,35 @@ +# generic + compressed please +hostonly="no" +compress="xz" + +# VMs can't update microcode anyway +early_microcode="no" + +# modules: basics +dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus dbus-broker usrmount shutdown " + +# modules: storage support +dracutmodules+=" dm lvm rootfs-block fs-lib " + +# modules: tpm and crypto +dracutmodules+=" crypt crypt-loop tpm2-tss " + +# drivers: virtual buses, pci +drivers+=" virtio-pci virtio-mmio " # qemu-kvm +drivers+=" hv-vmbus pci-hyperv " # hyperv +drivers+=" xen-pcifront "# xen + +# drivers: storage +drivers+=" ahci nvme scsi-hd scsi-cd " # generic +drivers+=" virtio-blk virtio-scsi " # qemu-kvm +drivers+=" hv-storvsc " # hyperv +drivers+=" xen-blkfront "# xen + +# root encryption +drivers+=" dm_crypt " + +# filesystems +filesystems+=" vfat ext4 xfs overlay " + +# systemd-pcrphase +install_items+=" /lib/systemd/system/systemd-pcrphase-initrd.service /usr/lib/systemd/systemd-pcrphase /usr/lib/systemd/system/initrd.target.wants/systemd-pcrphase-initrd.service " diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -91,6 +91,12 @@ Summary: The Linux kernel %global zipmodules 1 %endif +%ifarch x86_64 +%global efiuki 1 +%else +%global efiuki 0 +%endif + %if %{zipmodules} %global zipsed -e 's/\.ko$/\.ko.xz/' %endif @@ -699,6 +705,21 @@ BuildRequires: llvm BuildRequires: lld %endif +%if %{efiuki} +BuildRequires: dracut +# For dracut UEFI uki binaries +BuildRequires: binutils +# For the initrd +BuildRequires: lvm2 +%if 0%{?fedora} > 37 +BuildRequires: systemd-boot-unsigned +%endif +# For systemd-stub and systemd-pcrphase +BuildRequires: systemd-udev >= 252-1 +# For TPM operations in UKI initramfs +BuildRequires: tpm2-tools +%endif + # Because this is the kernel, it's hard to get a single upstream URL # to represent the base without needing to do a bunch of patching. This # tarball is generated from a src-git tree. If you want to see the @@ -826,6 +847,8 @@ Source82: update_scripts.sh Source84: mod-internal.list Source85: mod-partner.list +Source86: dracut-virt.conf + Source100: rheldup3.x509 Source101: rhelkpatch1.x509 @@ -1331,6 +1354,13 @@ Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ %endif\ %{expand:%%kernel_debuginfo_package %{?1:%{1}}}\ %endif\ +%if %{efiuki}\ +%package %{?1:%{1}-}uki-virt\ +Summary: %{variant_summary} unified kernel image for virtual machines\ +Provides: installonlypkg(kernel)\ +Provides: kernel-%{?1:%{1}-}uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires:
[OS-BUILD PATCHv4] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov redhat: Add sub-RPM with a EFI unified kernel image for virtual machines The new 'kernel-unified-virt' sub-RPM is added on x86_64 targets. This contains an EFI application that provides a combined vmlinux, initrd and cmdline, as a so called 'unified kernel image'. The spec for this is defined by the boot loader specification https://uapi-group.org/specifications/specs/boot_loader_specification/ The key benefit of a unified kernel is that its secure boot signature covers the initrd and cmdline contents, allowing a trustworthy measured boot process with attestation, which is not practical with locally generated initrds/cmdlines. Since the initrd is pre-generated its contents have to be very generic, to be usable on a wide variety of deployments. To make this problem tractable, the sub-RPM targets only usage in virtual machines. With such a restriction, the initrd only needs a very small set of block driver modules present, in order to be usable across KVM, Hyper-V and Xen hypervisors which will cover essentially all common public and private clouds. Similarly the kernel cmdline cannot contain any host specific data, which means the root filesystem to mount needs to be able to be automatically detected. A virtual machine image intending to use this unified kernel package thus needs to comply with the discoverable partitions specification: https://uapi-group.org/specifications/specs/discoverable_partitions_specification/ Based-on-patch-by: Daniel P. Berrangé Based-on-patch-by: Gerd Hoffmann Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -639,6 +639,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check ../Makefile.rhelver \ README.rst \ kernel-local \ + dracut-virt.conf \ $(SOURCES)/ @if [ "$(RELEASED_KERNEL)" -ne 0 ]; then \ cp keys/redhatsecureboot{301,501,ca5,ca1}.cer $(SOURCES)/; \ diff --git a/redhat/dracut-virt.conf b/redhat/dracut-virt.conf new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/dracut-virt.conf @@ -0,0 +1,35 @@ +# generic + compressed please +hostonly="no" +compress="xz" + +# VMs can't update microcode anyway +early_microcode="no" + +# modules: basics +dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus dbus-broker usrmount shutdown " + +# modules: storage support +dracutmodules+=" dm lvm rootfs-block fs-lib " + +# modules: tpm and crypto +dracutmodules+=" crypt crypt-loop tpm2-tss " + +# drivers: virtual buses, pci +drivers+=" virtio-pci virtio-mmio " # qemu-kvm +drivers+=" hv-vmbus pci-hyperv " # hyperv +drivers+=" xen-pcifront "# xen + +# drivers: storage +drivers+=" ahci nvme scsi-hd scsi-cd " # generic +drivers+=" virtio-blk virtio-scsi " # qemu-kvm +drivers+=" hv-storvsc " # hyperv +drivers+=" xen-blkfront "# xen + +# root encryption +drivers+=" dm_crypt " + +# filesystems +filesystems+=" vfat ext4 xfs overlay " + +# systemd-pcrphase +install_items+=" /lib/systemd/system/systemd-pcrphase-initrd.service /usr/lib/systemd/systemd-pcrphase /usr/lib/systemd/system/initrd.target.wants/systemd-pcrphase-initrd.service " diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -91,6 +91,12 @@ Summary: The Linux kernel %global zipmodules 1 %endif +%ifarch x86_64 +%global efiuki 1 +%else +%global efiuki 0 +%endif + %if %{zipmodules} %global zipsed -e 's/\.ko$/\.ko.xz/' %endif @@ -699,6 +705,21 @@ BuildRequires: llvm BuildRequires: lld %endif +%if %{efiuki} +BuildRequires: dracut +# For dracut UEFI uki binaries +BuildRequires: binutils +# For the initrd +BuildRequires: lvm2 +%if 0%{?fedora} > 37 +BuildRequires: systemd-boot-unsigned +%endif +# For systemd-stub and systemd-pcrphase +BuildRequires: systemd-udev >= 252-1 +# For TPM operations in UKI initramfs +BuildRequires: tpm2-tools +%endif + # Because this is the kernel, it's hard to get a single upstream URL # to represent the base without needing to do a bunch of patching. This # tarball is generated from a src-git tree. If you want to see the @@ -826,6 +847,8 @@ Source82: update_scripts.sh Source84: mod-internal.list Source85: mod-partner.list +Source86: dracut-virt.conf + Source100: rheldup3.x509 Source101: rhelkpatch1.x509 @@ -1331,6 +1354,13 @@ Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ %endif\ %{expand:%%kernel_debuginfo_package %{?1:%{1}}}\ %endif\ +%if %{efiuki}\ +%package %{?1:%{1}-}uki-virt\ +Summary: %{variant_summary} unified kernel image for virtual machines\ +Provides: installonlypkg(kernel)\ +Provides: kernel-%{?1:%{1}-}uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires:
Re: [OS-BUILD PATCHv3] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175#note_1246175753 Well, kernel-uki-virt can always be installed explicitly, right? You don't have to have kernel-core installed. Along with kernel-modules-core, kernel- uki-virt should be enough. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv2] Enable TDX Guest driver
From: Vitaly Kuznetsov Enable TDX Guest driver Enable guest driver (attestation) for Intel TDX. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/configs/common/generic/CONFIG_TDX_GUEST_DRIVER b/redhat/configs/common/generic/CONFIG_TDX_GUEST_DRIVER new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/configs/common/generic/CONFIG_TDX_GUEST_DRIVER @@ -0,0 +1 @@ +CONFIG_TDX_GUEST_DRIVER=m diff --git a/redhat/configs/pending-ark/generic/CONFIG_TDX_GUEST_DRIVER b/redhat/configs/pending-ark/generic/CONFIG_TDX_GUEST_DRIVER deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/configs/pending-ark/generic/CONFIG_TDX_GUEST_DRIVER +++ /dev/null @@ -1,13 +0,0 @@ -# Symbol: TDX_GUEST_DRIVER [=n] -# Type : tristate -# Defined at drivers/virt/coco/tdx-guest/Kconfig:1 -# Prompt: TDX Guest driver -# Depends on: VIRT_DRIVERS [=y] && INTEL_TDX_GUEST [=y] -# Location: -# -> Device Drivers -# -> Virtualization drivers (VIRT_DRIVERS [=y]) -# -> TDX Guest driver (TDX_GUEST_DRIVER [=n]) -# -# -# -# CONFIG_TDX_GUEST_DRIVER is not set diff --git a/redhat/configs/pending-fedora/generic/CONFIG_TDX_GUEST_DRIVER b/redhat/configs/pending-fedora/generic/CONFIG_TDX_GUEST_DRIVER deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/configs/pending-fedora/generic/CONFIG_TDX_GUEST_DRIVER +++ /dev/null @@ -1,13 +0,0 @@ -# Symbol: TDX_GUEST_DRIVER [=n] -# Type : tristate -# Defined at drivers/virt/coco/tdx-guest/Kconfig:1 -# Prompt: TDX Guest driver -# Depends on: VIRT_DRIVERS [=y] && INTEL_TDX_GUEST [=y] -# Location: -# -> Device Drivers -# -> Virtualization drivers (VIRT_DRIVERS [=y]) -# -> TDX Guest driver (TDX_GUEST_DRIVER [=n]) -# -# -# -# CONFIG_TDX_GUEST_DRIVER is not set -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2250 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv3] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov redhat: Add sub-RPM with a EFI unified kernel image for virtual machines The new 'kernel-unified-virt' sub-RPM is added on x86_64 targets. This contains an EFI application that provides a combined vmlinux, initrd and cmdline, as a so called 'unified kernel image'. The spec for this is defined by the boot loader specification https://uapi-group.org/specifications/specs/boot_loader_specification/ The key benefit of a unified kernel is that its secure boot signature covers the initrd and cmdline contents, allowing a trustworthy measured boot process with attestation, which is not practical with locally generated initrds/cmdlines. Since the initrd is pre-generated its contents have to be very generic, to be usable on a wide variety of deployments. To make this problem tractable, the sub-RPM targets only usage in virtual machines. With such a restriction, the initrd only needs a very small set of block driver modules present, in order to be usable across KVM, Hyper-V and Xen hypervisors which will cover essentially all common public and private clouds. Similarly the kernel cmdline cannot contain any host specific data, which means the root filesystem to mount needs to be able to be automatically detected. A virtual machine image intending to use this unified kernel package thus needs to comply with the discoverable partitions specification: https://uapi-group.org/specifications/specs/discoverable_partitions_specification/ Based-on-patch-by: Daniel P. Berrangé Based-on-patch-by: Gerd Hoffmann Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -639,6 +639,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check ../Makefile.rhelver \ README.rst \ kernel-local \ + dracut-virt.conf \ $(SOURCES)/ @if [ "$(RELEASED_KERNEL)" -ne 0 ]; then \ cp keys/redhatsecureboot{301,501,ca5,ca1}.cer $(SOURCES)/; \ diff --git a/redhat/dracut-virt.conf b/redhat/dracut-virt.conf new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/dracut-virt.conf @@ -0,0 +1,35 @@ +# generic + compressed please +hostonly="no" +compress="xz" + +# VMs can't update microcode anyway +early_microcode="no" + +# modules: basics +dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus dbus-broker usrmount shutdown " + +# modules: storage support +dracutmodules+=" dm lvm rootfs-block fs-lib " + +# modules: tpm and crypto +dracutmodules+=" crypt crypt-loop tpm2-tss " + +# drivers: virtual buses, pci +drivers+=" virtio-pci virtio-mmio " # qemu-kvm +drivers+=" hv-vmbus pci-hyperv " # hyperv +drivers+=" xen-pcifront "# xen + +# drivers: storage +drivers+=" ahci nvme scsi-hd scsi-cd " # generic +drivers+=" virtio-blk virtio-scsi " # qemu-kvm +drivers+=" hv-storvsc " # hyperv +drivers+=" xen-blkfront "# xen + +# root encryption +drivers+=" dm_crypt " + +# filesystems +filesystems+=" vfat ext4 xfs overlay " + +# systemd-pcrphase +install_items+=" /lib/systemd/system/systemd-pcrphase-initrd.service /usr/lib/systemd/systemd-pcrphase /usr/lib/systemd/system/initrd.target.wants/systemd-pcrphase-initrd.service " diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -91,6 +91,12 @@ Summary: The Linux kernel %global zipmodules 1 %endif +%ifarch x86_64 +%global efiuki 1 +%else +%global efiuki 0 +%endif + %if %{zipmodules} %global zipsed -e 's/\.ko$/\.ko.xz/' %endif @@ -699,6 +705,21 @@ BuildRequires: llvm BuildRequires: lld %endif +%if %{efiuki} +BuildRequires: dracut +# For dracut UEFI uki binaries +BuildRequires: binutils +# For the initrd +BuildRequires: lvm2 +%if 0%{?fedora} > 37 +BuildRequires: systemd-boot-unsigned +%endif +# For systemd-stub and systemd-pcrphase +BuildRequires: systemd-udev >= 252-1 +# For TPM operations in UKI initramfs +BuildRequires: tpm2-tools +%endif + # Because this is the kernel, it's hard to get a single upstream URL # to represent the base without needing to do a bunch of patching. This # tarball is generated from a src-git tree. If you want to see the @@ -826,6 +847,8 @@ Source82: update_scripts.sh Source84: mod-internal.list Source85: mod-partner.list +Source86: dracut-virt.conf + Source100: rheldup3.x509 Source101: rhelkpatch1.x509 @@ -1331,6 +1354,13 @@ Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ %endif\ %{expand:%%kernel_debuginfo_package %{?1:%{1}}}\ %endif\ +%if %{efiuki}\ +%package %{?1:%{1}-}uki-virt\ +Summary: %{variant_summary} unified kernel image for virtual machines\ +Provides: installonlypkg(kernel)\ +Provides: kernel-%{?1:%{1}-}uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires:
Re: [OS-BUILD PATCHv2] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175#note_1245947988 Yea, I see, but I believe we're very far away from using UKI everywhere, especially on bare hardware where our initrd is certainly not going to be enough :-( My idea is to make switching to UKI very explicit and not anyhow intersect with the general audience at this point so whoever has kernel-core won't notice anything. Introducing a new virtual package sounds like a better idea to me but I think we can also do it later. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCHv2] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175#note_1245799843 https://pagure.io/fesco/issue/2926 was accepted so I'm dropping 'Draft:' here. @kraxel I've merged with https://gitlab.com/kraxel/virt- firmware/-/commits/master, main divergences are: - All commits squashed into 1 - Install scripts for -debug kernel - Dropped "Provides: kernel-core" from UKI as I couldn't convince myself this is safe :-) Namely, I don't want UKI to come as a replacement for kernel-core anywhere. I may be missing something. I'll also update https://gitlab.com/redhat/centos-stream/src/kernel/centos- stream-9/-/merge_requests/1736 to match. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCHv2] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov redhat: Add sub-RPM with a EFI unified kernel image for virtual machines The new 'kernel-unified-virt' sub-RPM is added on x86_64 targets. This contains an EFI application that provides a combined vmlinux, initrd and cmdline, as a so called 'unified kernel image'. The spec for this is defined by the boot loader specification https://uapi-group.org/specifications/specs/boot_loader_specification/ The key benefit of a unified kernel is that its secure boot signature covers the initrd and cmdline contents, allowing a trustworthy measured boot process with attestation, which is not practical with locally generated initrds/cmdlines. Since the initrd is pre-generated its contents have to be very generic, to be usable on a wide variety of deployments. To make this problem tractable, the sub-RPM targets only usage in virtual machines. With such a restriction, the initrd only needs a very small set of block driver modules present, in order to be usable across KVM, Hyper-V and Xen hypervisors which will cover essentially all common public and private clouds. Similarly the kernel cmdline cannot contain any host specific data, which means the root filesystem to mount needs to be able to be automatically detected. A virtual machine image intending to use this unified kernel package thus needs to comply with the discoverable partitions specification: https://uapi-group.org/specifications/specs/discoverable_partitions_specification/ Based-on-patch-by: Daniel P. Berrangé Based-on-patch-by: Gerd Hoffmann Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -639,6 +639,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check ../Makefile.rhelver \ README.rst \ kernel-local \ + dracut-virt.conf \ $(SOURCES)/ @if [ "$(RELEASED_KERNEL)" -ne 0 ]; then \ cp keys/redhatsecureboot{301,501,ca5,ca1}.cer $(SOURCES)/; \ diff --git a/redhat/dracut-virt.conf b/redhat/dracut-virt.conf new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/dracut-virt.conf @@ -0,0 +1,35 @@ +# generic + compressed please +hostonly="no" +compress="xz" + +# VMs can't update microcode anyway +early_microcode="no" + +# modules: basics +dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus dbus-broker usrmount shutdown " + +# modules: storage support +dracutmodules+=" dm lvm rootfs-block fs-lib " + +# modules: tpm and crypto +dracutmodules+=" crypt crypt-loop tpm2-tss " + +# drivers: virtual buses, pci +drivers+=" virtio-pci virtio-mmio " # qemu-kvm +drivers+=" hv-vmbus pci-hyperv " # hyperv +drivers+=" xen-pcifront "# xen + +# drivers: storage +drivers+=" ahci nvme scsi-hd scsi-cd " # generic +drivers+=" virtio-blk virtio-scsi " # qemu-kvm +drivers+=" hv-storvsc " # hyperv +drivers+=" xen-blkfront "# xen + +# root encryption +drivers+=" dm_crypt " + +# filesystems +filesystems+=" vfat ext4 xfs overlay " + +# systemd-pcrphase +install_items+=" /lib/systemd/system/systemd-pcrphase-initrd.service /usr/lib/systemd/systemd-pcrphase /usr/lib/systemd/system/initrd.target.wants/systemd-pcrphase-initrd.service " diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -91,6 +91,12 @@ Summary: The Linux kernel %global zipmodules 1 %endif +%ifarch x86_64 +%global efiuki 1 +%else +%global efiuki 0 +%endif + %if %{zipmodules} %global zipsed -e 's/\.ko$/\.ko.xz/' %endif @@ -699,6 +705,21 @@ BuildRequires: llvm BuildRequires: lld %endif +%if %{efiuki} +BuildRequires: dracut +# For dracut UEFI uki binaries +BuildRequires: binutils +# For the initrd +BuildRequires: lvm2 +%if 0%{?fedora} > 37 +BuildRequires: systemd-boot-unsigned +%endif +# For systemd-stub and systemd-pcrphase +BuildRequires: systemd-udev >= 252-1 +# For TPM operations in UKI initramfs +BuildRequires: tpm2-tools +%endif + # Because this is the kernel, it's hard to get a single upstream URL # to represent the base without needing to do a bunch of patching. This # tarball is generated from a src-git tree. If you want to see the @@ -826,6 +847,8 @@ Source82: update_scripts.sh Source84: mod-internal.list Source85: mod-partner.list +Source86: dracut-virt.conf + Source100: rheldup3.x509 Source101: rhelkpatch1.x509 @@ -1331,6 +1354,13 @@ Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ %endif\ %{expand:%%kernel_debuginfo_package %{?1:%{1}}}\ %endif\ +%if %{efiuki}\ +%package %{?1:%{1}-}uki-virt\ +Summary: %{variant_summary} unified kernel image for virtual machines\ +Provides: installonlypkg(kernel)\ +Provides: kernel-%{?1:%{1}-}uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires:
[OS-BUILD PATCH] Enable TDX Guest driver
From: Vitaly Kuznetsov Enable TDX Guest driver Enable guest driver (attestation) for Intel TDX. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/configs/common/generic/CONFIG_TDX_GUEST_DRIVER b/redhat/configs/common/generic/CONFIG_TDX_GUEST_DRIVER new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/configs/common/generic/CONFIG_TDX_GUEST_DRIVER @@ -0,0 +1 @@ +CONFIG_TDX_GUEST_DRIVER=m diff --git a/redhat/configs/pending-ark/generic/CONFIG_TDX_GUEST_DRIVER b/redhat/configs/pending-ark/generic/CONFIG_TDX_GUEST_DRIVER deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/configs/pending-ark/generic/CONFIG_TDX_GUEST_DRIVER +++ /dev/null @@ -1,13 +0,0 @@ -# Symbol: TDX_GUEST_DRIVER [=n] -# Type : tristate -# Defined at drivers/virt/coco/tdx-guest/Kconfig:1 -# Prompt: TDX Guest driver -# Depends on: VIRT_DRIVERS [=y] && INTEL_TDX_GUEST [=y] -# Location: -# -> Device Drivers -# -> Virtualization drivers (VIRT_DRIVERS [=y]) -# -> TDX Guest driver (TDX_GUEST_DRIVER [=n]) -# -# -# -# CONFIG_TDX_GUEST_DRIVER is not set diff --git a/redhat/configs/pending-fedora/generic/CONFIG_TDX_GUEST_DRIVER b/redhat/configs/pending-fedora/generic/CONFIG_TDX_GUEST_DRIVER deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/configs/pending-fedora/generic/CONFIG_TDX_GUEST_DRIVER +++ /dev/null @@ -1,13 +0,0 @@ -# Symbol: TDX_GUEST_DRIVER [=n] -# Type : tristate -# Defined at drivers/virt/coco/tdx-guest/Kconfig:1 -# Prompt: TDX Guest driver -# Depends on: VIRT_DRIVERS [=y] && INTEL_TDX_GUEST [=y] -# Location: -# -> Device Drivers -# -> Virtualization drivers (VIRT_DRIVERS [=y]) -# -> TDX Guest driver (TDX_GUEST_DRIVER [=n]) -# -# -# -# CONFIG_TDX_GUEST_DRIVER is not set -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2250 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH 0/3] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175#note_1226331752 Thanks for the pointer! Indeed, in case we still want the whole install to go under /usr, UKIs should be there too. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH 0/3] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175#note_1226261038 I've actually missed that Gerd dropped the renaming patch from his MR, updating here too. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH 0/3] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175#note_1226235007 Sure, I can move this back to Draft for the time being, no problem. Basically, I wanted ARK to match CS9 (https://gitlab.com/redhat/centos- stream/src/kernel/centos-stream-9/-/merge_requests/1736). Regarding 'kernel-modules' rename, I'll leave it to @kraxel :-) Personally, I think that 'kernel-modules-standard' is a bit less ambiguous after we introduce 'kernel-modules-core' but we can certainly live without the rename. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[OS-BUILD PATCH 3/3] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov redhat: Add sub-RPM with a EFI unified kernel image for virtual machines The new 'kernel-unified-virt' sub-RPM is added on x86_64 targets. This contains an EFI application that provides a combined vmlinux, initrd and cmdline, as a so called 'unified kernel image'. The spec for this is defined by the boot loader specification https://uapi-group.org/specifications/specs/boot_loader_specification/ The key benefit of a unified kernel is that its secure boot signature covers the initrd and cmdline contents, allowing a trustworthy measured boot process with attestation, which is not practical with locally generated initrds/cmdlines. Since the initrd is pre-generated its contents have to be very generic, to be usable on a wide variety of deployments. To make this problem tractable, the sub-RPM targets only usage in virtual machines. With such a restriction, the initrd only needs a very small set of block driver modules present, in order to be usable across KVM, Hyper-V and Xen hypervisors which will cover essentially all common public and private clouds. Similarly the kernel cmdline cannot contain any host specific data, which means the root filesystem to mount needs to be able to be automatically detected. A virtual machine image intending to use this unified kernel package thus needs to comply with the discoverable partitions specification: https://uapi-group.org/specifications/specs/discoverable_partitions_specification/ Based-on-patch-by: Daniel P. Berrangé Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/Makefile b/redhat/Makefile index blahblah..blahblah 100644 --- a/redhat/Makefile +++ b/redhat/Makefile @@ -639,6 +639,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check ../Makefile.rhelver \ README.rst \ kernel-local \ + dracut-virt.conf \ $(SOURCES)/ @if [ "$(RELEASED_KERNEL)" -ne 0 ]; then \ cp keys/redhatsecureboot{301,501,ca5,ca1}.cer $(SOURCES)/; \ diff --git a/redhat/dracut-virt.conf b/redhat/dracut-virt.conf new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/dracut-virt.conf @@ -0,0 +1,35 @@ +# generic + compressed please +hostonly="no" +compress="xz" + +# VMs can't update microcode anyway +early_microcode="no" + +# modules: basics +dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus dbus-broker usrmount shutdown " + +# modules: storage support +dracutmodules+=" dm lvm rootfs-block fs-lib " + +# modules: tpm and crypto +dracutmodules+=" crypt crypt-loop tpm2-tss " + +# drivers: virtual buses, pci +drivers+=" virtio-pci virtio-mmio " # qemu-kvm +drivers+=" hv-vmbus pci-hyperv " # hyperv +drivers+=" xen-pcifront "# xen + +# drivers: storage +drivers+=" ahci nvme scsi-hd scsi-cd " # generic +drivers+=" virtio-blk virtio-scsi " # qemu-kvm +drivers+=" hv-storvsc " # hyperv +drivers+=" xen-blkfront "# xen + +# root encryption +drivers+=" dm_crypt " + +# filesystems +filesystems+=" vfat ext4 xfs overlay " + +# systemd-pcrphase +install_items+=" /lib/systemd/system/systemd-pcrphase-initrd.service /usr/lib/systemd/systemd-pcrphase /usr/lib/systemd/system/initrd.target.wants/systemd-pcrphase-initrd.service " diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -91,6 +91,12 @@ Summary: The Linux kernel %global zipmodules 1 %endif +%ifarch x86_64 +%global efiunified 1 +%else +%global efiunified 0 +%endif + %if %{zipmodules} %global zipsed -e 's/\.ko$/\.ko.xz/' %endif @@ -698,6 +704,18 @@ BuildRequires: llvm BuildRequires: lld %endif +%if %{efiunified} +BuildRequires: dracut +# For dracut UEFI unified binaries +BuildRequires: binutils +# For the initrd +BuildRequires: lvm2 +# For systemd-stub +BuildRequires: systemd-udev >= 250-13 +# For TPM operations in UKI initramfs +BuildRequires: tpm2-tools +%endif + # Because this is the kernel, it's hard to get a single upstream URL # to represent the base without needing to do a bunch of patching. This # tarball is generated from a src-git tree. If you want to see the @@ -825,6 +843,8 @@ Source82: update_scripts.sh Source84: mod-internal.list Source85: mod-partner.list +Source86: dracut-virt.conf + Source100: rheldup3.x509 Source101: rhelkpatch1.x509 @@ -1333,6 +1353,13 @@ Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ %endif\ %{expand:%%kernel_debuginfo_package %{?1:%{1}}}\ %endif\ +%if %{efiunified}\ +%package %{?1:%{1}-}unified-virt\ +Summary: %{variant_summary} unified kernel image for virtual machines\ +Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ +Provides: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\ +Provides: installonlypkg(kernel)\ +%endif\ %{nil} # @@ -1402,6 +1429,14 @@
[OS-BUILD PATCH 1/3] redhat: rename sub-rpm: kernel-modules -> kernel-modules-standard
From: Gerd Hoffmann redhat: rename sub-rpm: kernel-modules -> kernel-modules-standard Makes all module sub-rpms follow the scheme kernel-modules-, which hopefully reduces naming confusion a bit. Signed-off-by: Gerd Hoffmann [vitaly: add 'Provides: kernel-modules' for backwards compatibility] Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -570,7 +570,7 @@ ExclusiveArch: noarch i386 i686 x86_64 s390x %{arm} aarch64 ppc64le ExclusiveOS: Linux %ifnarch %{nobuildarches} Requires: kernel-core-uname-r = %{KVERREL} -Requires: kernel-modules-uname-r = %{KVERREL} +Requires: kernel-modules-standard-uname-r = %{KVERREL} %endif @@ -1206,7 +1206,7 @@ Provides: kernel%{?1:-%{1}}-modules-internal = %{version}-%{release}%{?1:+%{1}}\ Provides: installonlypkg(kernel-module)\ Provides: kernel%{?1:-%{1}}-modules-internal-uname-r = %{KVERREL}%{?1:+%{1}}\ Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\ -Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires: kernel%{?1:-%{1}}-modules-standard-uname-r = %{KVERREL}%{?1:+%{1}}\ AutoReq: no\ AutoProv: yes\ %description %{?1:%{1}-}modules-internal\ @@ -1226,7 +1226,7 @@ Provides: kernel%{?1:-%{1}}-modules-extra = %{version}-%{release}%{?1:+%{1}}\ Provides: installonlypkg(kernel-module)\ Provides: kernel%{?1:-%{1}}-modules-extra-uname-r = %{KVERREL}%{?1:+%{1}}\ Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\ -Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires: kernel%{?1:-%{1}}-modules-standard-uname-r = %{KVERREL}%{?1:+%{1}}\ %if %{-m:1}%{!-m:0}\ Requires: kernel-modules-extra-uname-r = %{KVERREL}\ %endif\ @@ -1237,24 +1237,27 @@ This package provides less commonly used kernel modules for the %{?2:%{2} }kerne %{nil} # -# This macro creates a kernel--modules package. -# %%kernel_modules_package [-m] +# This macro creates a kernel--modules-standard package. +# %%kernel_modules_standard_package [-m] # -%define kernel_modules_package(m) \ -%package %{?1:%{1}-}modules\ -Summary: kernel modules to match the %{?2:%{2}-}core kernel\ +%define kernel_modules_standard_package(m) \ +%package %{?1:%{1}-}modules-standard\ +Summary: Standard kernel modules to match the %{?2:%{2}-}core kernel\ +Provides: kernel%{?1:-%{1}}-modules-standard-%{_target_cpu} = %{version}-%{release}\ +Provides: kernel-modules-standard-%{_target_cpu} = %{version}-%{release}%{?1:+%{1}}\ +Provides: kernel-modules-standard = %{version}-%{release}%{?1:+%{1}}\ Provides: kernel%{?1:-%{1}}-modules-%{_target_cpu} = %{version}-%{release}\ Provides: kernel-modules-%{_target_cpu} = %{version}-%{release}%{?1:+%{1}}\ Provides: kernel-modules = %{version}-%{release}%{?1:+%{1}}\ Provides: installonlypkg(kernel-module)\ -Provides: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?1:+%{1}}\ +Provides: kernel%{?1:-%{1}}-modules-standard-uname-r = %{KVERREL}%{?1:+%{1}}\ Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\ %if %{-m:1}%{!-m:0}\ -Requires: kernel-modules-uname-r = %{KVERREL}\ +Requires: kernel-modules-standard-uname-r = %{KVERREL}\ %endif\ AutoReq: no\ AutoProv: yes\ -%description %{?1:%{1}-}modules\ +%description %{?1:%{1}-}modules-standard\ This package provides commonly used kernel modules for the %{?2:%{2}-}core kernel package.\ %{nil} @@ -1266,7 +1269,7 @@ This package provides commonly used kernel modules for the %{?2:%{2}-}core kerne %package %{1}\ summary: kernel meta-package for the %{1} kernel\ Requires: kernel-%{1}-core-uname-r = %{KVERREL}+%{1}\ -Requires: kernel-%{1}-modules-uname-r = %{KVERREL}+%{1}\ +Requires: kernel-%{1}-modules-standard-uname-r = %{KVERREL}+%{1}\ Provides: installonlypkg(kernel)\ %description %{1}\ The meta-package for the %{1} kernel\ @@ -1291,7 +1294,7 @@ Requires: kernel-core-uname-r = %{KVERREL}\ %endif\ %{expand:%%kernel_devel_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\ %{expand:%%kernel_devel_matched_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\ -%{expand:%%kernel_modules_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\ +%{expand:%%kernel_modules_standard_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\ %{expand:%%kernel_modules_extra_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\ %if %{-m:0}%{!-m:1}\ %{expand:%%kernel_modules_internal_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\ @@ -1316,7 +1319,7 @@ Provides: kernel%{?1:-%{1}}-modules-partner = %{version}-%{release}%{?1:+%{1}}\ Provides: installonlypkg(kernel-module)\ Provides: kernel%{?1:-%{1}}-modules-partner-uname-r = %{KVERREL}%{?1:+%{1}}\ Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\ -Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires: kernel%{?1:-%{1}}-modules-standard-uname-r = %{KVERREL}%{?1:+%{1}}\ AutoReq: no\
[OS-BUILD PATCH 2/3] redhat: split sub-rpm kernel-modules-core from kernel-core
From: Gerd Hoffmann redhat: split sub-rpm kernel-modules-core from kernel-core All kernel modules plus support files (such as the files generated by depmod) are moved to the new kernel-modules-core sub-rpm. The kernel binary plus support files stay in the kernel-core sub-rpm. This essentially includes the files which are copied over to /boot by the kernel-install utility (vmlinuz, System.map, ...). With this in place we have a strict separation between sub-rpms carrying a kernel image and sub-rpms carrying kernel modules. This should make it easier to use alternative kernel image packages, for example an unified kernel. Signed-off-by: Gerd Hoffmann Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template index blahblah..blahblah 100755 --- a/redhat/kernel.spec.template +++ b/redhat/kernel.spec.template @@ -570,6 +570,7 @@ ExclusiveArch: noarch i386 i686 x86_64 s390x %{arm} aarch64 ppc64le ExclusiveOS: Linux %ifnarch %{nobuildarches} Requires: kernel-core-uname-r = %{KVERREL} +Requires: kernel-modules-core-uname-r = %{KVERREL} Requires: kernel-modules-standard-uname-r = %{KVERREL} %endif @@ -885,6 +886,7 @@ Provides: kernel = %{specversion}-%{pkg_release}\ %endif\ Provides: kernel-%{_target_cpu} = %{specversion}-%{pkg_release}%{?1:+%{1}}\ Provides: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ Requires(pre): %{kernel_prereq}\ Requires(pre): %{initrd_prereq}\ Requires(pre): ((linux-firmware >= 20150904-56.git6ebf5d57) if linux-firmware)\ @@ -1206,6 +1208,7 @@ Provides: kernel%{?1:-%{1}}-modules-internal = %{version}-%{release}%{?1:+%{1}}\ Provides: installonlypkg(kernel-module)\ Provides: kernel%{?1:-%{1}}-modules-internal-uname-r = %{KVERREL}%{?1:+%{1}}\ Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ Requires: kernel%{?1:-%{1}}-modules-standard-uname-r = %{KVERREL}%{?1:+%{1}}\ AutoReq: no\ AutoProv: yes\ @@ -1226,6 +1229,7 @@ Provides: kernel%{?1:-%{1}}-modules-extra = %{version}-%{release}%{?1:+%{1}}\ Provides: installonlypkg(kernel-module)\ Provides: kernel%{?1:-%{1}}-modules-extra-uname-r = %{KVERREL}%{?1:+%{1}}\ Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ Requires: kernel%{?1:-%{1}}-modules-standard-uname-r = %{KVERREL}%{?1:+%{1}}\ %if %{-m:1}%{!-m:0}\ Requires: kernel-modules-extra-uname-r = %{KVERREL}\ @@ -1252,6 +1256,7 @@ Provides: kernel-modules = %{version}-%{release}%{?1:+%{1}}\ Provides: installonlypkg(kernel-module)\ Provides: kernel%{?1:-%{1}}-modules-standard-uname-r = %{KVERREL}%{?1:+%{1}}\ Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ %if %{-m:1}%{!-m:0}\ Requires: kernel-modules-standard-uname-r = %{KVERREL}\ %endif\ @@ -1261,6 +1266,28 @@ AutoProv: yes\ This package provides commonly used kernel modules for the %{?2:%{2}-}core kernel package.\ %{nil} +# +# This macro creates a kernel--modules-core package. +# %%kernel_modules_core_package [-m] +# +%define kernel_modules_core_package(m) \ +%package %{?1:%{1}-}modules-core\ +Summary: Core kernel modules to match the %{?2:%{2}-}core kernel\ +Provides: kernel%{?1:-%{1}}-modules-core-%{_target_cpu} = %{version}-%{release}\ +Provides: kernel-modules-core-%{_target_cpu} = %{version}-%{release}%{?1:+%{1}}\ +Provides: kernel-modules-core = %{version}-%{release}%{?1:+%{1}}\ +Provides: installonlypkg(kernel-module)\ +Provides: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ +Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\ +%if %{-m:1}%{!-m:0}\ +Requires: kernel-modules-core-uname-r = %{KVERREL}\ +%endif\ +AutoReq: no\ +AutoProv: yes\ +%description %{?1:%{1}-}modules-core\ +This package provides essential kernel modules for the %{?2:%{2}-}core kernel package.\ +%{nil} + # # this macro creates a kernel- meta package. # %%kernel_meta_package @@ -1269,6 +1296,7 @@ This package provides commonly used kernel modules for the %{?2:%{2}-}core kerne %package %{1}\ summary: kernel meta-package for the %{1} kernel\ Requires: kernel-%{1}-core-uname-r = %{KVERREL}+%{1}\ +Requires: kernel-%{1}-modules-core-uname-r = %{KVERREL}+%{1}\ Requires: kernel-%{1}-modules-standard-uname-r = %{KVERREL}+%{1}\ Provides: installonlypkg(kernel)\ %description %{1}\ @@ -1287,6 +1315,7 @@ Provides: kernel-%{?1:%{1}-}core-uname-r = %{KVERREL}%{?1:+%{1}}\ Provides: installonlypkg(kernel)\ %if %{-m:1}%{!-m:0}\ Requires: kernel-core-uname-r = %{KVERREL}\ +Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\ %endif\ %{expand:%%kernel_reqprovconf %{?1:%{1}} %{-o:%{-o}}}\ %if %{?1:1} %{!?1:0} \ @@ -1294,6 +1323,7 @@ Requires: kernel-core-uname-r = %{KVERREL}\ %endif\ %{expand:%%kernel_devel_package %{?1:%{1}}
[OS-BUILD PATCH 0/3] redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
From: Vitaly Kuznetsov on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175 The new 'kernel-unified-virt' sub-RPM is added on x86_64 targets. This matches the following CS9 request: https://gitlab.com/redhat/centos-stream/src/kernel/centos- stream-9/-/merge_requests/1736 This contains an EFI application that provides a combined vmlinux, initrd and cmdline, as a so called 'unified kernel image'. The spec for this is defined by the boot loader specification https://systemd.io/BOOT_LOADER_SPECIFICATION/#type-2-efi-unified-kernel- images Note: the newly introduced sub-package just puts UKI to /boot/efi/EFI/Linux/, it is supposed to be booted directly from firmware or directly from shim and this part is environement specific and not (yet) automated. Based-on-patch-by: Daniel P. Berrangé Signed-off-by: Vitaly Kuznetsov --- redhat/Makefile |1 + redhat/dracut-virt.conf | 35 redhat/kernel.spec.template | 179 +-- 3 files changed, 190 insertions(+), 25 deletions(-) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: [OS-BUILD PATCH] redhat/configs: enable CONFIG_INPUT_KEYBOARD for AARCH64
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1529#note_806566804 Hyper-V uses its own hyperv-keyboard ('CONFIG_HYPERV_KEYBOARD') driver but it works through serio/atkbd (AFAIU). The suggestion to enable these options comes from Microsoft when non-functioning keyboard issue was investigated. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCHv2 0/2] redhat/configs: Enable HYPERV host support on aarch64
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1393#note_789450320 @ptalbert @jlinton I have to admit I don't know much about these option and I've only enabled what was essential to get Hyper-V guest working. My (shallow) understanding is that we're trying to keep ARK as close to C9S as possible and CONFIG_INPUT_MATRIXKMAP is disabled there. I, however, don't know if we have plans to enable it for future RHELs, it would make sense to enable it in ARK then. This can be a separate MR though. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCHv2 0/2] redhat/configs: Enable HYPERV host support on aarch64
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1393#note_777679588 Do we want Fedora and ARK to differ on these settings? How/why? ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[OS-BUILD PATCH] redhat/configs: enable CONFIG_INPUT_KEYBOARD for AARCH64
From: Vitaly Kuznetsov redhat/configs: enable CONFIG_INPUT_KEYBOARD for AARCH64 Hyper-V keyboard module (CONFIG_HYPERV_KEYBOARD) requires CONFIG_INPUT_KEYBOARD/CONFIG_KEYBOARD_ATKBD to work properly. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/configs/ark/generic/arm/aarch64/CONFIG_INPUT_KEYBOARD b/redhat/configs/ark/generic/arm/aarch64/CONFIG_INPUT_KEYBOARD deleted file mode 100644 index blahblah..blahblah 0 --- a/redhat/configs/ark/generic/arm/aarch64/CONFIG_INPUT_KEYBOARD +++ /dev/null @@ -1 +0,0 @@ -# CONFIG_INPUT_KEYBOARD is not set diff --git a/redhat/configs/common/generic/arm/aarch64/CONFIG_KEYBOARD_ATKBD b/redhat/configs/common/generic/arm/aarch64/CONFIG_KEYBOARD_ATKBD new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/configs/common/generic/arm/aarch64/CONFIG_KEYBOARD_ATKBD @@ -0,0 +1 @@ +CONFIG_KEYBOARD_ATKBD=y diff --git a/redhat/configs/common/generic/arm/aarch64/CONFIG_KEYBOARD_TEGRA b/redhat/configs/common/generic/arm/aarch64/CONFIG_KEYBOARD_TEGRA new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/configs/common/generic/arm/aarch64/CONFIG_KEYBOARD_TEGRA @@ -0,0 +1 @@ +# CONFIG_KEYBOARD_TEGRA is not set diff --git a/redhat/configs/common/generic/arm/aarch64/CONFIG_SERIO_LIBPS2 b/redhat/configs/common/generic/arm/aarch64/CONFIG_SERIO_LIBPS2 new file mode 100644 index blahblah..blahblah 100644 --- /dev/null +++ b/redhat/configs/common/generic/arm/aarch64/CONFIG_SERIO_LIBPS2 @@ -0,0 +1 @@ +CONFIG_SERIO_LIBPS2=y -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1529 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCHv2 0/2] redhat/configs: Enable HYPERV host support on aarch64
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1393#note_776928989 FWIW, I've opened https://gitlab.com/cki-project/kernel- ark/-/merge_requests/1529 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCHv2 0/2] redhat/configs: Enable HYPERV host support on aarch64
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1393#note_776909815 Hyper-V keyboard should be enabled. On ARK: ``` $ make dist-configs ... $ grep HYPERV redhat/configs/kernel-5.16.0-aarch64.config CONFIG_HYPERV_VSOCKETS=m CONFIG_HYPERV_STORAGE=m CONFIG_HYPERV_NET=m CONFIG_HYPERV_KEYBOARD=m CONFIG_DRM_HYPERV=m # CONFIG_FB_HYPERV is not set CONFIG_HID_HYPERV_MOUSE=m CONFIG_HYPERV=m CONFIG_HYPERV_UTILS=m CONFIG_HYPERV_BALLOON=m # CONFIG_HYPERV_TESTING is not set ``` What I completely forgot about is CONFIG_INPUT_KEYBOARD/CONFIG_KEYBOARD_ATKBD options which are also needed! I've enabled them in C9S but not in ARK. I'll submit a MR. Regarding fixes for the hypervisor, let's discuss in email. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: [OS-BUILD PATCHv2 0/2] redhat/configs: Enable HYPERV host support on aarch64
From: Vitaly Kuznetsov on gitlab.com https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1393#note_773942724 Config options should be already merged with https://gitlab.com/cki- project/kernel-ark/-/merge_requests/1394 and the non-upstream timer fix should not be needed with the updated Hyper-V, e.g. I have a MtJade system where things work well without it, I can provide access if needed. ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[OS-BUILD PATCH 1/2] redhat/configs: Enable Nitro Enclaves on aarch64
From: Vitaly Kuznetsov redhat/configs: Enable Nitro Enclaves on aarch64 Since commit: commit f7e55f05301e71af557c45224817438670225aa7 Author: Andra Paraschiv Date: Fri Aug 27 18:49:24 2021 +0300 nitro_enclaves: Enable Arm64 support Nitro Enclaves driver is also supported on aarch64. Enable it. Signed-off-by: Vitaly Kuznetsov diff --git a/redhat/configs/common/generic/x86/CONFIG_NITRO_ENCLAVES b/redhat/configs/common/generic/CONFIG_NITRO_ENCLAVES rename from redhat/configs/common/generic/x86/CONFIG_NITRO_ENCLAVES rename to redhat/configs/common/generic/CONFIG_NITRO_ENCLAVES index blahblah..blahblah 100644 --- a/redhat/configs/common/generic/x86/CONFIG_NITRO_ENCLAVES +++ b/redhat/configs/common/generic/CONFIG_NITRO_ENCLAVES -- https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1486 ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
[OS-BUILD PATCH 0/2] redhat/configs: Enable Nitro Enclaves on x86/aarch64
From: Vitaly Kuznetsov on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/1486 1) Enable Nitro Enclaves on x86_64 for real by enabling CONFIG_VIRT_DRIVERS. 2) Enable Nitro Enclaves on aarch64. Signed-off-by: Vitaly Kuznetsov --- redhat/configs/ark/generic/x86/CONFIG_VBOXGUEST | 1 + redhat/configs/common/generic/x86/CONFIG_NITRO_ENCLAVES => redhat/configs/common/generic/CONFIG_NITRO_ENCLAVES | 0 redhat/configs/common/generic/CONFIG_VIRT_DRIVERS | 2 +- redhat/configs/fedora/generic/x86/CONFIG_VIRT_DRIVERS | 1 - 4 files changed, 2 insertions(+), 2 deletions(-) ___ kernel mailing list -- kernel@lists.fedoraproject.org To unsubscribe send an email to kernel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure