From ccfe3ea22e3d0d063a3d39706b88fed03ce5878f Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Mon, 9 Sep 2024 15:54:57 +0000 Subject: [PATCH 01/26] kernel: upgrade from 6.6 to 6.10 --- .../coreos-kernel/coreos-kernel-6.10.9.ebuild | 102 ++++++++++++++++++ ...d64_defconfig-6.6 => amd64_defconfig-6.10} | 0 ...m64_defconfig-6.6 => arm64_defconfig-6.10} | 0 .../{commonconfig-6.6 => commonconfig-6.10} | 0 .../coreos-sources-6.10.9.ebuild | 41 +++++++ ...elative-path-for-srctree-from-CURDIR.patch | 0 .../z0002-revert-pahole-flags.patch | 0 ...6-boot-Remove-the-bugger-off-message.patch | 0 ...ECURE_BOOT-flag-to-indicate-secure-b.patch | 0 ...e-kernel-if-booted-in-secure-boot-mo.patch | 0 ...Disable-when-the-kernel-is-locked-do.patch | 0 ...-config-option-to-lock-down-when-in-.patch | 0 12 files changed, 143 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.10.9.ebuild rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/{amd64_defconfig-6.6 => amd64_defconfig-6.10} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/{arm64_defconfig-6.6 => arm64_defconfig-6.10} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/{commonconfig-6.6 => commonconfig-6.10} (100%) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.6 => 6.10}/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.6 => 6.10}/z0002-revert-pahole-flags.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.6 => 6.10}/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.6 => 6.10}/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.6 => 6.10}/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.6 => 6.10}/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.6 => 6.10}/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.10.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.10.9.ebuild new file mode 100644 index 00000000000..5aad6bb2865 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.10.9.ebuild @@ -0,0 +1,102 @@ +# Copyright 2014-2016 CoreOS, Inc. +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +COREOS_SOURCE_REVISION="" +inherit coreos-kernel + +DESCRIPTION="CoreOS Linux kernel" +KEYWORDS="amd64 arm64" + +RDEPEND="=sys-kernel/coreos-modules-${PVR}" +DEPEND="${RDEPEND} + app-arch/gzip + app-arch/zstd + app-crypt/clevis + app-shells/bash + coreos-base/coreos-init:= + sys-apps/coreutils + sys-apps/findutils + sys-apps/grep + sys-apps/ignition:= + sys-apps/less + sys-apps/nvme-cli + sys-apps/sed + sys-apps/shadow + sys-apps/systemd[cryptsetup] + sys-apps/seismograph + sys-apps/util-linux + sys-fs/btrfs-progs + sys-fs/e2fsprogs + sys-fs/mdadm + sys-fs/xfsprogs + >=sys-kernel/coreos-firmware-20180103-r1:= + >=sys-kernel/bootengine-0.0.4:= + sys-kernel/dracut + virtual/udev + amd64? ( sys-firmware/intel-microcode:= )" + +# We are bad, we want to get around the sandbox. So do the creation of the +# cpio image in pkg_setup() where we are free to mount filesystems, chroot, +# and other fun stuff. +pkg_setup() { + coreos-kernel_pkg_setup + + [[ "${MERGE_TYPE}" == binary ]] && return + + # Fail early if we didn't detect the build installed by coreos-modules + [[ -n "${KV_OUT_DIR}" ]] || die "Failed to detect modules build tree" + + if [[ "${ROOT:-/}" != / ]]; then + # TMPDIR needs to be corrected for chroot + TMPDIR=${TMPDIR#${ROOT}} ${ROOT}/usr/sbin/update-bootengine -m -c ${ROOT} -k "${KV_FULL}" || die + else + update-bootengine -k "${KV_FULL}" || die + fi +} + +src_prepare() { + default + # KV_OUT_DIR points to the minimal build tree installed by coreos-modules + # Pull in the config and public module signing key + KV_OUT_DIR="${SYSROOT%/}/lib/modules/${COREOS_SOURCE_NAME#linux-}/build" + cp -v "${KV_OUT_DIR}/.config" build/ || die + local sig_key="$(getconfig MODULE_SIG_KEY)" + mkdir -p "build/${sig_key%/*}" || die + cp -v "${KV_OUT_DIR}/${sig_key}" "build/${sig_key}" || die + + # Symlink to bootengine.cpio so we can stick with relative paths in .config + ln -sv "${SYSROOT%/}"/usr/share/bootengine/bootengine.cpio build/ || die + config_update 'CONFIG_INITRAMFS_SOURCE="bootengine.cpio"' + + # include all intel and amd microcode files, avoiding the signatures + local fw_dir="${SYSROOT%/}/lib/firmware" + use amd64 && config_update "CONFIG_EXTRA_FIRMWARE=\"$(find ${fw_dir} -type f \ + \( -path ${fw_dir}'/intel-ucode/*' -o -path ${fw_dir}'/amd-ucode/*' \) -printf '%P ')\"" + use amd64 && config_update "CONFIG_EXTRA_FIRMWARE_DIR=\"${fw_dir}\"" +} + +src_compile() { + kmake "$(kernel_target)" + + # sanity check :) + [[ -e build/certs/signing_key.pem ]] && die "created a new key!" +} + +src_install() { + # coreos-postinst expects to find the kernel in /usr/boot + insinto "/usr/boot" + newins "$(kernel_path)" "vmlinuz-${KV_FULL}" + dosym "vmlinuz-${KV_FULL}" "/usr/boot/vmlinuz" + + insinto "/usr/lib/modules/${KV_FULL}/build" + doins build/System.map + + insinto "/usr/lib/debug/usr/boot" + newins build/vmlinux "vmlinux-${KV_FULL}" + dosym "../../../boot/vmlinux-${KV_FULL}" "/usr/lib/debug/usr/lib/modules/${KV_FULL}/vmlinux" + + # For easy access to vdso debug symbols in gdb: + # set debug-file-directory /usr/lib/debug/usr/lib/modules/${KV_FULL}/vdso/ + kmake INSTALL_MOD_PATH="${D}/usr/lib/debug/usr" vdso_install +} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.6 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.10 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.6 rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.10 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.6 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.10 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.6 rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.10 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.10 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.6 rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.10 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild new file mode 100644 index 00000000000..fceb4414e31 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild @@ -0,0 +1,41 @@ +# Copyright 2014 CoreOS, Inc. +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +ETYPE="sources" + +# -rc releases should be versioned L.M_rcN +# Final releases should be versioned L.M.N, even for N == 0 + +# Only needed for RCs +K_BASE_VER="5.15" + +inherit kernel-2 +EXTRAVERSION="-flatcar" +detect_version + +DESCRIPTION="Full sources for the CoreOS Linux kernel" +HOMEPAGE="http://www.kernel.org" +if [[ "${PV%%_rc*}" != "${PV}" ]]; then + SRC_URI="https://git.kernel.org/torvalds/p/v${KV%-coreos}/v${OKV} -> patch-${KV%-coreos}.patch ${KERNEL_BASE_URI}/linux-${OKV}.tar.xz" + PATCH_DIR="${FILESDIR}/${KV_MAJOR}.${KV_PATCH}" +else + SRC_URI="${KERNEL_URI}" + PATCH_DIR="${FILESDIR}/${KV_MAJOR}.${KV_MINOR}" +fi + +# make modules_prepare depends on pahole +RDEPEND="dev-util/pahole" + +KEYWORDS="amd64 arm64" +IUSE="" + +# XXX: Note we must prefix the patch filenames with "z" to ensure they are +# applied _after_ a potential patch-${KV}.patch file, present when building a +# patchlevel revision. We mustn't apply our patches first, it fails when the +# local patches overlap with the upstream patch. +UNIPATCH_LIST=" + ${PATCH_DIR}/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch \ + ${PATCH_DIR}/z0002-revert-pahole-flags.patch \ + ${PATCH_DIR}/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch \ +" diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0002-revert-pahole-flags.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-revert-pahole-flags.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0002-revert-pahole-flags.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-revert-pahole-flags.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.6/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch From 4563b0ed6febb82683e06c51baf6cd88935aee38 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Mon, 9 Sep 2024 16:03:38 +0000 Subject: [PATCH 02/26] kernel: add corect checksums --- .../coreos-overlay/sys-kernel/coreos-sources/Manifest | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest index f2b4d2c0976..1350d61c4bd 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest @@ -1,2 +1,2 @@ -DIST linux-6.6.tar.xz 140064536 BLAKE2B 5f02fd8696d42f7ec8c5fbadec8e7270bdcfcb1f9844a6c4db3e1fd461c93ce1ccda650ca72dceb4890ebcbbf768ba8fba0bce91efc49fbd2c307b04e95665f2 SHA512 458b2c34d46206f9b4ccbac54cc57aeca1eaecaf831bc441e59701bac6eadffc17f6ce24af6eadd0454964e843186539ac0d63295ad2cc32d112b60360c39a35 -DIST patch-6.6.65.xz 3509748 BLAKE2B 283131de510d6808e38aeee592bf7ba72b188b1784a4804d04061cde6741508598572353580148fe7915f61a3e4eaa5f67e4462e49d5d187b3fa3248957f151c SHA512 11c09a36f616703614d801af155f2fe7df81061ce9a8c3ec2119cb49da55b53b21dc10387f376d9e042b5fd0faedc03ecb1f11527ec48e7f02f67a0348f45d28 +DIST linux-6.10.tar.xz 145142812 BLAKE2B bb243ea7493b9d63aa2df2050a3f1ae2b89ee84a20015239cf157e3f4f51c7ac5efedc8a51132b2d7482f9276ac418de6624831c8a3b806130d9c2d2124c539b SHA512 baa2487954044f991d2ae254d77d14a1f0185dd62c9f0fcaff69f586c9f906823017b8db1c4588f27b076dfa3ebb606929fec859f60ea419e7974330b9289cc2 +DIST patch-6.10.9.xz 561612 BLAKE2B 0c37b127c396a98cbf15fb1008caa1bfa81b8fe353417a4411d219df572be9df8b5ffceca4351daa9fe7f61f9dfec412bac0fe5b8dc0043c43380378d73c30fe SHA512 f2536d794c9250be1fe763fadad711619f181f0c938e8de1f510bf4a6cd79f7c43ce400f659c53dc6fd38081966724d7b8bdd433f8cab43e7faa09d775da6f69 From 3edf8feebdc8dec4aa7da7507e72d0ed4edf7611 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Tue, 10 Sep 2024 06:19:25 +0000 Subject: [PATCH 03/26] linux: add coreos-modules for 6.10.9 --- .../coreos-modules-6.10.9.ebuild | 68 +++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.10.9.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.10.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.10.9.ebuild new file mode 100644 index 00000000000..d68540c22ad --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.10.9.ebuild @@ -0,0 +1,68 @@ +# Copyright 2014-2016 CoreOS, Inc. +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 +COREOS_SOURCE_REVISION="" +inherit coreos-kernel savedconfig + +DESCRIPTION="CoreOS Linux kernel modules" +KEYWORDS="amd64 arm64" +RDEPEND="!> build/.config || die + fi + cpio -ov build/bootengine.cpio + + # Check that an old pre-ebuild-split config didn't leak in. + grep -q "^CONFIG_INITRAMFS_SOURCE=" build/.config && \ + die "CONFIG_INITRAMFS_SOURCE must be removed from kernel config" + config_update 'CONFIG_INITRAMFS_SOURCE="bootengine.cpio"' +} + +src_compile() { + # Generate module signing key + setup_keys + + # Build both vmlinux and modules (moddep checks symbols in vmlinux) + kmake vmlinux modules +} + +src_install() { + # Install modules to /usr. + # Install firmware to a temporary (bogus) location. + # The linux-firmware package will be used instead. + # Stripping must be done here, not portage, to preserve sigs. + kmake INSTALL_MOD_PATH="${D}/usr" \ + INSTALL_MOD_STRIP="--strip-debug" \ + INSTALL_FW_PATH="${T}/fw" \ + modules_install + + # Install to /usr/lib/debug with debug symbols intact + kmake INSTALL_MOD_PATH="${D}/usr/lib/debug/usr" \ + INSTALL_FW_PATH="${T}/fw" \ + modules_install + rm "${D}/usr/lib/debug/usr/lib/modules/${KV_FULL}/"modules.* || die + rm "${D}/usr/lib/debug/usr/lib/modules/${KV_FULL}/build" || die + + # Clean up the build tree + shred_keys + kmake clean + find "build/" -type d -empty -delete || die + rm "build/.config.old" || die + + # Install /lib/modules/${KV_FULL}/{build,source} + install_build_source + + # Not strictly required but this is where we used to install the config. + dodir "/usr/boot" + local build="lib/modules/${KV_FULL}/build" + dosym "../${build}/.config" "/usr/boot/config-${KV_FULL}" + dosym "../${build}/.config" "/usr/boot/config" +} From b01e779a5259306cf5b796ab0dbcaf7872bcfa07 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Tue, 10 Sep 2024 07:42:06 +0000 Subject: [PATCH 04/26] linux: pahole flags moved to scripts/Makefile.btf --- .../sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild | 1 - 1 file changed, 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild index fceb4414e31..18ac3460644 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild @@ -36,6 +36,5 @@ IUSE="" # local patches overlap with the upstream patch. UNIPATCH_LIST=" ${PATCH_DIR}/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch \ - ${PATCH_DIR}/z0002-revert-pahole-flags.patch \ ${PATCH_DIR}/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch \ " From 8c91f0d32af94be0cf7dd5a792aab3ea063adc7e Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Tue, 10 Sep 2024 07:56:32 +0000 Subject: [PATCH 05/26] linux: remove CONFIG_AMD_IOMMU_V2 See: https://github.com/torvalds/linux/commit/5a0b11a180a9b82b4437a4be1cf73530053f139b --- .../sys-kernel/coreos-modules/files/amd64_defconfig-6.10 | 1 - 1 file changed, 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.10 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.10 index 0b2fee68c7b..9eae7e41da9 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.10 +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.10 @@ -12,7 +12,6 @@ CONFIG_ACPI_IPMI=m CONFIG_ACPI_PCI_SLOT=y CONFIG_ACPI_PROCESSOR_AGGREGATOR=y CONFIG_AMD_IOMMU=y -CONFIG_AMD_IOMMU_V2=m CONFIG_AQTION=m CONFIG_ARCH_MEMORY_PROBE=y CONFIG_AUTOFS_FS=y From 1d972a9cb55c71c0e384b2e5d2565f252485ea6c Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Tue, 10 Sep 2024 07:57:29 +0000 Subject: [PATCH 06/26] linux: remove CONFIG_MD_LINEAR See: https://github.com/torvalds/linux/commit/849d18e27be9a1253f2318cb4549cc857219d991 --- .../sys-kernel/coreos-modules/files/commonconfig-6.10 | 1 - 1 file changed, 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.10 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.10 index 4ceaee3005d..ca6b1721364 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.10 +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.10 @@ -434,7 +434,6 @@ CONFIG_MAGIC_SYSRQ=y CONFIG_MARVELL_PHY=m CONFIG_MAX_RAW_DEVS=8192 CONFIG_MD=y -CONFIG_MD_LINEAR=m CONFIG_MD_RAID0=m CONFIG_MEGARAID_MAILBOX=m CONFIG_MEGARAID_MM=m From 1632cd1c2e10779ee9d9703a062acb15f2ac244d Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Tue, 10 Sep 2024 07:58:26 +0000 Subject: [PATCH 07/26] linux: remove CONFIG_NET_ACT_IPT --- .../sys-kernel/coreos-modules/files/commonconfig-6.10 | 1 - 1 file changed, 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.10 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.10 index ca6b1721364..7535bf34de0 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.10 +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.10 @@ -554,7 +554,6 @@ CONFIG_NET_9P_RDMA=m CONFIG_NET_9P_VIRTIO=m CONFIG_NET_ACT_CSUM=m CONFIG_NET_ACT_GACT=m -CONFIG_NET_ACT_IPT=m CONFIG_NET_ACT_MIRRED=m CONFIG_NET_ACT_NAT=m CONFIG_NET_ACT_PEDIT=m From 103ce4d8fe7386b826ae9d6dd48cf6b19450c6ee Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Wed, 11 Sep 2024 11:20:07 +0000 Subject: [PATCH 08/26] pahole: added a revamped patch to remove the parallel implementation --- .../coreos-sources-6.10.9.ebuild | 1 + .../z0002-pahole-remove-parallel-j-flag.patch | 71 +++++++++++++++++++ .../6.10/z0002-revert-pahole-flags.patch | 53 -------------- 3 files changed, 72 insertions(+), 53 deletions(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-pahole-remove-parallel-j-flag.patch delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-revert-pahole-flags.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild index 18ac3460644..bf7c56e56e2 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild @@ -36,5 +36,6 @@ IUSE="" # local patches overlap with the upstream patch. UNIPATCH_LIST=" ${PATCH_DIR}/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch \ + ${PATCH_DIR}/z0002-pahole-remove-parallel-j-flag.patch \ ${PATCH_DIR}/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch \ " diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-pahole-remove-parallel-j-flag.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-pahole-remove-parallel-j-flag.patch new file mode 100644 index 00000000000..d193433a64f --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-pahole-remove-parallel-j-flag.patch @@ -0,0 +1,71 @@ +From e7593854f521ec21786fc7bfe5777b35dc627b9d Mon Sep 17 00:00:00 2001 +From: Adrian Vladu +Date: Wed, 11 Sep 2024 11:14:26 +0000 +Subject: [PATCH] pahole: remove parallel -j flag + +When pahole is executed with -j (parallel) then btf metadata order is +non-deterministic and the built kernel and modules don't match. +--- + init/Kconfig | 2 +- + lib/Kconfig.debug | 9 --------- + scripts/Makefile.btf | 4 +--- + 3 files changed, 2 insertions(+), 13 deletions(-) + +diff --git a/init/Kconfig b/init/Kconfig +index 9684e5d2b81c..c8544aa6856a 100644 +--- a/init/Kconfig ++++ b/init/Kconfig +@@ -1889,7 +1889,7 @@ config RUST + depends on !GCC_PLUGINS + depends on !RANDSTRUCT + depends on !SHADOW_CALL_STACK +- depends on !DEBUG_INFO_BTF || PAHOLE_HAS_LANG_EXCLUDE ++ depends on !DEBUG_INFO_BTF + help + Enables Rust support in the kernel. + +diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug +index 59b6765d86b8..611dfcce9335 100644 +--- a/lib/Kconfig.debug ++++ b/lib/Kconfig.debug +@@ -398,15 +398,6 @@ config PAHOLE_HAS_BTF_TAG + btf_decl_tag) or not. Currently only clang compiler implements + these attributes, so make the config depend on CC_IS_CLANG. + +-config PAHOLE_HAS_LANG_EXCLUDE +- def_bool PAHOLE_VERSION >= 124 +- help +- Support for the --lang_exclude flag which makes pahole exclude +- compilation units from the supplied language. Used in Kbuild to +- omit Rust CUs which are not supported in version 1.24 of pahole, +- otherwise it would emit malformed kernel and module binaries when +- using DEBUG_INFO_BTF_MODULES. +- + config DEBUG_INFO_BTF_MODULES + bool "Generate BTF type information for kernel modules" + default y +diff --git a/scripts/Makefile.btf b/scripts/Makefile.btf +index 2d6e5ed9081e..291bfdab7a9b 100644 +--- a/scripts/Makefile.btf ++++ b/scripts/Makefile.btf +@@ -12,8 +12,6 @@ endif + + pahole-flags-$(call test-ge, $(pahole-ver), 121) += --btf_gen_floats + +-pahole-flags-$(call test-ge, $(pahole-ver), 122) += -j +- + ifeq ($(pahole-ver), 125) + pahole-flags-y += --skip_encoding_btf_inconsistent_proto --btf_gen_optimized + endif +@@ -21,7 +19,7 @@ endif + else + + # Switch to using --btf_features for v1.26 and later. +-pahole-flags-$(call test-ge, $(pahole-ver), 126) = -j --btf_features=encode_force,var,float,enum64,decl_tag,type_tag,optimized_func,consistent_func ++pahole-flags-$(call test-ge, $(pahole-ver), 126) = --btf_features=encode_force,var,float,enum64,decl_tag,type_tag,optimized_func,consistent_func + + endif + +-- +2.34.1 + diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-revert-pahole-flags.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-revert-pahole-flags.patch deleted file mode 100644 index 2591ecf6e45..00000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-revert-pahole-flags.patch +++ /dev/null @@ -1,53 +0,0 @@ -diff --git a/init/Kconfig b/init/Kconfig -index e173364abd6c..cdc35682e03b 100644 ---- a/init/Kconfig -+++ b/init/Kconfig -@@ -1899,7 +1899,7 @@ config RUST - depends on !GCC_PLUGINS - depends on !RANDSTRUCT - depends on !SHADOW_CALL_STACK -- depends on !DEBUG_INFO_BTF || PAHOLE_HAS_LANG_EXCLUDE -+ depends on !DEBUG_INFO_BTF - help - Enables Rust support in the kernel. - -diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug -index da5513cfc125..f2b3aab6d4a1 100644 ---- a/lib/Kconfig.debug -+++ b/lib/Kconfig.debug -@@ -394,15 +394,6 @@ config PAHOLE_HAS_BTF_TAG - btf_decl_tag) or not. Currently only clang compiler implements - these attributes, so make the config depend on CC_IS_CLANG. - --config PAHOLE_HAS_LANG_EXCLUDE -- def_bool PAHOLE_VERSION >= 124 -- help -- Support for the --lang_exclude flag which makes pahole exclude -- compilation units from the supplied language. Used in Kbuild to -- omit Rust CUs which are not supported in version 1.24 of pahole, -- otherwise it would emit malformed kernel and module binaries when -- using DEBUG_INFO_BTF_MODULES. -- - config DEBUG_INFO_BTF_MODULES - bool "Generate BTF type information for kernel modules" - default y -diff --git a/scripts/pahole-flags.sh b/scripts/pahole-flags.sh -index 728d55190d97..c293941612e7 100755 ---- a/scripts/pahole-flags.sh -+++ b/scripts/pahole-flags.sh -@@ -16,15 +16,5 @@ fi - if [ "${pahole_ver}" -ge "121" ]; then - extra_paholeopt="${extra_paholeopt} --btf_gen_floats" - fi --if [ "${pahole_ver}" -ge "122" ]; then -- extra_paholeopt="${extra_paholeopt} -j" --fi --if [ "${pahole_ver}" -ge "124" ]; then -- # see PAHOLE_HAS_LANG_EXCLUDE -- extra_paholeopt="${extra_paholeopt} --lang_exclude=rust" --fi --if [ "${pahole_ver}" -ge "125" ]; then -- extra_paholeopt="${extra_paholeopt} --skip_encoding_btf_inconsistent_proto --btf_gen_optimized" --fi - - echo ${extra_paholeopt} From 912e96d8eb67df6416245f742a967452a7c5d9e0 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Wed, 11 Sep 2024 11:21:10 +0000 Subject: [PATCH 09/26] zfs: unmask 2.2.6 version compatible with linux kernel 6.10 --- .../portage-stable/sys-fs/zfs-kmod/zfs-kmod-2.2.6.ebuild | 2 +- .../src/third_party/portage-stable/sys-fs/zfs/zfs-2.2.6.ebuild | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/zfs-kmod/zfs-kmod-2.2.6.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/zfs-kmod/zfs-kmod-2.2.6.ebuild index 8f1c08d298b..ddfc36a5624 100644 --- a/sdk_container/src/third_party/portage-stable/sys-fs/zfs-kmod/zfs-kmod-2.2.6.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-fs/zfs-kmod/zfs-kmod-2.2.6.ebuild @@ -31,7 +31,7 @@ else ZFS_KERNEL_DEP="${ZFS_KERNEL_DEP%%.*}.$(( ${ZFS_KERNEL_DEP##*.} + 1))" if [[ ${PV} != *_rc* ]] ; then - KEYWORDS="~amd64 ~arm64 ~loong ~ppc64 ~riscv ~sparc" + KEYWORDS="amd64 arm64 ~loong ~ppc64 ~riscv ~sparc" fi fi diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/zfs/zfs-2.2.6.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/zfs/zfs-2.2.6.ebuild index 5264247e69a..eda194d59ab 100644 --- a/sdk_container/src/third_party/portage-stable/sys-fs/zfs/zfs-2.2.6.ebuild +++ b/sdk_container/src/third_party/portage-stable/sys-fs/zfs/zfs-2.2.6.ebuild @@ -25,7 +25,7 @@ else S="${WORKDIR}/${MY_P}" if [[ ${PV} != *_rc* ]]; then - KEYWORDS="~amd64 ~arm64 ~loong ~ppc64 ~riscv ~sparc" + KEYWORDS="amd64 arm64 ~loong ~ppc64 ~riscv ~sparc" fi fi From 388b190983e796b15795081da31632f1ffdbcc07 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Wed, 11 Sep 2024 11:37:05 +0000 Subject: [PATCH 10/26] linux: remove CONFIG_FB_ARMCLCD See: https://github.com/torvalds/linux/commit/dee56ccb468a832074397fdbf22bbd9bf6d710aa --- .../sys-kernel/coreos-modules/files/arm64_defconfig-6.10 | 1 - 1 file changed, 1 deletion(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.10 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.10 index 0ca2fb38973..e83ace56d3d 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.10 +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.10 @@ -32,7 +32,6 @@ CONFIG_CRYPTO_SHA1_ARM64_CE=y CONFIG_CRYPTO_SHA2_ARM64_CE=y # CONFIG_DEBUG_PREEMPT is not set CONFIG_DM_DEBUG=y -CONFIG_FB_ARMCLCD=y CONFIG_GPIO_PL061=y CONFIG_GPIO_XGENE=y CONFIG_GPIO_XGENE_SB=y From a429bc2f98ba14e489104e06908a7b30d8ba773c Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Wed, 11 Sep 2024 15:45:14 +0000 Subject: [PATCH 11/26] To be fixed: build_image: do not fail on cpio end of file --- build_library/build_image_util.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/build_library/build_image_util.sh b/build_library/build_image_util.sh index 2549e4667dc..bd26b5dab94 100755 --- a/build_library/build_image_util.sh +++ b/build_library/build_image_util.sh @@ -864,7 +864,8 @@ EOF write_contents_with_technical_details "${root_fs_dir}" "${BUILD_DIR}/${image_contents_wtd}" if [[ -n "${image_initrd_contents}" ]] || [[ -n "${image_initrd_contents_wtd}" ]]; then - "${BUILD_LIBRARY_DIR}/extract-initramfs-from-vmlinuz.sh" "${root_fs_dir}/boot/flatcar/vmlinuz-a" "${BUILD_DIR}/tmp_initrd_contents" + echo ">>>>DEBUG<<<${root_fs_dir}/boot/flatcar/vmlinuz-a" + "${BUILD_LIBRARY_DIR}/extract-initramfs-from-vmlinuz.sh" "${root_fs_dir}/boot/flatcar/vmlinuz-a" "${BUILD_DIR}/tmp_initrd_contents" || true if [[ -n "${image_initrd_contents}" ]]; then write_contents "${BUILD_DIR}/tmp_initrd_contents" "${BUILD_DIR}/${image_initrd_contents}" fi From 068aabf6f84a9c3e97fcfc013a153768f933780b Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Wed, 11 Sep 2024 15:52:11 +0000 Subject: [PATCH 12/26] build: force max load --- common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common.sh b/common.sh index 3dbb8040dc3..089ceefd396 100644 --- a/common.sh +++ b/common.sh @@ -17,7 +17,7 @@ if [[ -z ${NUM_JOBS} ]] || [[ ${NUM_JOBS} -eq 0 ]]; then NUM_JOBS=$(grep -c "^processor" /proc/cpuinfo) fi # Ensure that any sub scripts we invoke get the max proc count. -export NUM_JOBS +export NUM_JOBS=350 # Make sure we have the location and name of the calling script, using # the current value if it is already set. From 162bf91e008ce2c9c08c019c0833eba9fdb63f74 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Tue, 17 Sep 2024 12:08:37 +0000 Subject: [PATCH 13/26] kernel: remove rebased files --- ...6.6.65.ebuild => hv-daemons-6.10.9.ebuild} | 0 .../coreos-kernel/coreos-kernel-6.6.65.ebuild | 102 ------------------ .../coreos-modules-6.6.65.ebuild | 68 ------------ 3 files changed, 170 deletions(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/{hv-daemons-6.6.65.ebuild => hv-daemons-6.10.9.ebuild} (100%) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.65.ebuild delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.6.65.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.6.65.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.10.9.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.6.65.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.10.9.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.65.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.65.ebuild deleted file mode 100644 index 5aad6bb2865..00000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.6.65.ebuild +++ /dev/null @@ -1,102 +0,0 @@ -# Copyright 2014-2016 CoreOS, Inc. -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -COREOS_SOURCE_REVISION="" -inherit coreos-kernel - -DESCRIPTION="CoreOS Linux kernel" -KEYWORDS="amd64 arm64" - -RDEPEND="=sys-kernel/coreos-modules-${PVR}" -DEPEND="${RDEPEND} - app-arch/gzip - app-arch/zstd - app-crypt/clevis - app-shells/bash - coreos-base/coreos-init:= - sys-apps/coreutils - sys-apps/findutils - sys-apps/grep - sys-apps/ignition:= - sys-apps/less - sys-apps/nvme-cli - sys-apps/sed - sys-apps/shadow - sys-apps/systemd[cryptsetup] - sys-apps/seismograph - sys-apps/util-linux - sys-fs/btrfs-progs - sys-fs/e2fsprogs - sys-fs/mdadm - sys-fs/xfsprogs - >=sys-kernel/coreos-firmware-20180103-r1:= - >=sys-kernel/bootengine-0.0.4:= - sys-kernel/dracut - virtual/udev - amd64? ( sys-firmware/intel-microcode:= )" - -# We are bad, we want to get around the sandbox. So do the creation of the -# cpio image in pkg_setup() where we are free to mount filesystems, chroot, -# and other fun stuff. -pkg_setup() { - coreos-kernel_pkg_setup - - [[ "${MERGE_TYPE}" == binary ]] && return - - # Fail early if we didn't detect the build installed by coreos-modules - [[ -n "${KV_OUT_DIR}" ]] || die "Failed to detect modules build tree" - - if [[ "${ROOT:-/}" != / ]]; then - # TMPDIR needs to be corrected for chroot - TMPDIR=${TMPDIR#${ROOT}} ${ROOT}/usr/sbin/update-bootengine -m -c ${ROOT} -k "${KV_FULL}" || die - else - update-bootengine -k "${KV_FULL}" || die - fi -} - -src_prepare() { - default - # KV_OUT_DIR points to the minimal build tree installed by coreos-modules - # Pull in the config and public module signing key - KV_OUT_DIR="${SYSROOT%/}/lib/modules/${COREOS_SOURCE_NAME#linux-}/build" - cp -v "${KV_OUT_DIR}/.config" build/ || die - local sig_key="$(getconfig MODULE_SIG_KEY)" - mkdir -p "build/${sig_key%/*}" || die - cp -v "${KV_OUT_DIR}/${sig_key}" "build/${sig_key}" || die - - # Symlink to bootengine.cpio so we can stick with relative paths in .config - ln -sv "${SYSROOT%/}"/usr/share/bootengine/bootengine.cpio build/ || die - config_update 'CONFIG_INITRAMFS_SOURCE="bootengine.cpio"' - - # include all intel and amd microcode files, avoiding the signatures - local fw_dir="${SYSROOT%/}/lib/firmware" - use amd64 && config_update "CONFIG_EXTRA_FIRMWARE=\"$(find ${fw_dir} -type f \ - \( -path ${fw_dir}'/intel-ucode/*' -o -path ${fw_dir}'/amd-ucode/*' \) -printf '%P ')\"" - use amd64 && config_update "CONFIG_EXTRA_FIRMWARE_DIR=\"${fw_dir}\"" -} - -src_compile() { - kmake "$(kernel_target)" - - # sanity check :) - [[ -e build/certs/signing_key.pem ]] && die "created a new key!" -} - -src_install() { - # coreos-postinst expects to find the kernel in /usr/boot - insinto "/usr/boot" - newins "$(kernel_path)" "vmlinuz-${KV_FULL}" - dosym "vmlinuz-${KV_FULL}" "/usr/boot/vmlinuz" - - insinto "/usr/lib/modules/${KV_FULL}/build" - doins build/System.map - - insinto "/usr/lib/debug/usr/boot" - newins build/vmlinux "vmlinux-${KV_FULL}" - dosym "../../../boot/vmlinux-${KV_FULL}" "/usr/lib/debug/usr/lib/modules/${KV_FULL}/vmlinux" - - # For easy access to vdso debug symbols in gdb: - # set debug-file-directory /usr/lib/debug/usr/lib/modules/${KV_FULL}/vdso/ - kmake INSTALL_MOD_PATH="${D}/usr/lib/debug/usr" vdso_install -} diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.6.65.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.6.65.ebuild deleted file mode 100644 index d68540c22ad..00000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.6.65.ebuild +++ /dev/null @@ -1,68 +0,0 @@ -# Copyright 2014-2016 CoreOS, Inc. -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -COREOS_SOURCE_REVISION="" -inherit coreos-kernel savedconfig - -DESCRIPTION="CoreOS Linux kernel modules" -KEYWORDS="amd64 arm64" -RDEPEND="!> build/.config || die - fi - cpio -ov build/bootengine.cpio - - # Check that an old pre-ebuild-split config didn't leak in. - grep -q "^CONFIG_INITRAMFS_SOURCE=" build/.config && \ - die "CONFIG_INITRAMFS_SOURCE must be removed from kernel config" - config_update 'CONFIG_INITRAMFS_SOURCE="bootengine.cpio"' -} - -src_compile() { - # Generate module signing key - setup_keys - - # Build both vmlinux and modules (moddep checks symbols in vmlinux) - kmake vmlinux modules -} - -src_install() { - # Install modules to /usr. - # Install firmware to a temporary (bogus) location. - # The linux-firmware package will be used instead. - # Stripping must be done here, not portage, to preserve sigs. - kmake INSTALL_MOD_PATH="${D}/usr" \ - INSTALL_MOD_STRIP="--strip-debug" \ - INSTALL_FW_PATH="${T}/fw" \ - modules_install - - # Install to /usr/lib/debug with debug symbols intact - kmake INSTALL_MOD_PATH="${D}/usr/lib/debug/usr" \ - INSTALL_FW_PATH="${T}/fw" \ - modules_install - rm "${D}/usr/lib/debug/usr/lib/modules/${KV_FULL}/"modules.* || die - rm "${D}/usr/lib/debug/usr/lib/modules/${KV_FULL}/build" || die - - # Clean up the build tree - shred_keys - kmake clean - find "build/" -type d -empty -delete || die - rm "build/.config.old" || die - - # Install /lib/modules/${KV_FULL}/{build,source} - install_build_source - - # Not strictly required but this is where we used to install the config. - dodir "/usr/boot" - local build="lib/modules/${KV_FULL}/build" - dosym "../${build}/.config" "/usr/boot/config-${KV_FULL}" - dosym "../${build}/.config" "/usr/boot/config" -} From 317604d62c0187364a4a093b0856d5d491368793 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Tue, 17 Sep 2024 13:19:22 +0000 Subject: [PATCH 14/26] hv_daemons: update the hv_fcopy to hv_fcopy_uio See: https://github.com/torvalds/linux/commit/82b0945ce2c2d636d5e893ad50210875c929f257wq --- .../hv-daemons/hv-daemons-9999.ebuild | 27 ++++++++++--------- 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-9999.ebuild index 9b6b44dba91..52eec0223c2 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-9999.ebuild @@ -13,20 +13,23 @@ if [[ "${PV}" == 9999 ]]; then fi src_compile() { - # Build hv_vss_daemon, hv_kvp_daemon, hv_fcopy_daemon + # Build hv_vss_daemon, hv_kvp_daemon, hv_fcopy_daemon kmake tools/hv } src_install() { - dobin "${S}/build/tools/hv/hv_fcopy_daemon" - dobin "${S}/build/tools/hv/hv_kvp_daemon" - dobin "${S}/build/tools/hv/hv_vss_daemon" - - systemd_dounit "${FILESDIR}/hv_fcopy_daemon.service" - systemd_dounit "${FILESDIR}/hv_kvp_daemon.service" - systemd_dounit "${FILESDIR}/hv_vss_daemon.service" - - systemd_enable_service "multi-user.target" "hv_fcopy_daemon.service" - systemd_enable_service "multi-user.target" "hv_kvp_daemon.service" - systemd_enable_service "multi-user.target" "hv_vss_daemon.service" + if [ -f "${S}/build/tools/hv/hv_fcopy_uio_daemon" ]; then + cp "${S}/build/tools/hv/hv_fcopy_uio_daemon" "${S}/build/tools/hv/hv_fcopy_daemon" + fi + + + HV_DAEMONS=(hv_vss_daemon hv_kvp_daemon hv_fcopy_daemon) + for HV_DAEMON in "$HV_DAEMONS[@]" + do + if [ -f "${S}/build/tools/hv/${HV_DAEMON}" ]; then + dobin "${S}/build/tools/hv/${HV_DAEMON}" + systemd_dounit "${FILESDIR}/${HV_DAEMON}.service" + systemd_enable_service "multi-user.target" "${HV_DAEMON}.service" + fi + done } From b2f98bfdbce906dedc3ef797fed41a31542547d5 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Tue, 17 Sep 2024 13:47:24 +0000 Subject: [PATCH 15/26] kernel: use pahole 1.27 feature of reproducible builds --- .../coreos-sources-6.10.9.ebuild | 2 +- ...2-pahole-support-reproducible-builds.patch | 26 +++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-pahole-support-reproducible-builds.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild index bf7c56e56e2..09975a39347 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild @@ -36,6 +36,6 @@ IUSE="" # local patches overlap with the upstream patch. UNIPATCH_LIST=" ${PATCH_DIR}/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch \ - ${PATCH_DIR}/z0002-pahole-remove-parallel-j-flag.patch \ + ${PATCH_DIR}/z0002-pahole-support-reproducible-builds.patch \ ${PATCH_DIR}/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch \ " diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-pahole-support-reproducible-builds.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-pahole-support-reproducible-builds.patch new file mode 100644 index 00000000000..dbce2286a3d --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-pahole-support-reproducible-builds.patch @@ -0,0 +1,26 @@ +From 9faff3734e6456e7927c0914829a4764ec9f1b44 Mon Sep 17 00:00:00 2001 +From: Adrian Vladu +Date: Tue, 17 Sep 2024 13:44:14 +0000 +Subject: [PATCH] pahole: support reproducible builds + +--- + scripts/Makefile.btf | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/scripts/Makefile.btf b/scripts/Makefile.btf +index 2d6e5ed9081e..b2f88b0fcf37 100644 +--- a/scripts/Makefile.btf ++++ b/scripts/Makefile.btf +@@ -23,6 +23,9 @@ else + # Switch to using --btf_features for v1.26 and later. + pahole-flags-$(call test-ge, $(pahole-ver), 126) = -j --btf_features=encode_force,var,float,enum64,decl_tag,type_tag,optimized_func,consistent_func + ++# Support reproducible builds. ++pahole-flags-$(call test-ge, $(pahole-ver), 127) = -j --btf_features=encode_force,var,float,enum64,decl_tag,type_tag,optimized_func,consistent_func,reproducible_build ++ + endif + + pahole-flags-$(CONFIG_PAHOLE_HAS_LANG_EXCLUDE) += --lang_exclude=rust +-- +2.34.1 + From 9225cb071354bc12fb7d740bb14891bf9d096721 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Wed, 18 Sep 2024 10:12:40 +0000 Subject: [PATCH 16/26] Add the required patches --- .../coreos-sources-6.10.9.ebuild | 4 ++ .../coreos-sources-6.6.65.ebuild | 45 ------------------- 2 files changed, 4 insertions(+), 45 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.6.65.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild index 09975a39347..05f06fac9e0 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild @@ -38,4 +38,8 @@ UNIPATCH_LIST=" ${PATCH_DIR}/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch \ ${PATCH_DIR}/z0002-pahole-support-reproducible-builds.patch \ ${PATCH_DIR}/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch \ + ${PATCH_DIR}/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch \ + ${PATCH_DIR}/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch \ + ${PATCH_DIR}/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch \ + ${PATCH_DIR}/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch \ " diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.6.65.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.6.65.ebuild deleted file mode 100644 index 68ef261b9d2..00000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.6.65.ebuild +++ /dev/null @@ -1,45 +0,0 @@ -# Copyright 2014 CoreOS, Inc. -# Distributed under the terms of the GNU General Public License v2 - -EAPI=7 -ETYPE="sources" - -# -rc releases should be versioned L.M_rcN -# Final releases should be versioned L.M.N, even for N == 0 - -# Only needed for RCs -K_BASE_VER="5.15" - -inherit kernel-2 -EXTRAVERSION="-flatcar" -detect_version - -DESCRIPTION="Full sources for the CoreOS Linux kernel" -HOMEPAGE="http://www.kernel.org" -if [[ "${PV%%_rc*}" != "${PV}" ]]; then - SRC_URI="https://git.kernel.org/torvalds/p/v${KV%-coreos}/v${OKV} -> patch-${KV%-coreos}.patch ${KERNEL_BASE_URI}/linux-${OKV}.tar.xz" - PATCH_DIR="${FILESDIR}/${KV_MAJOR}.${KV_PATCH}" -else - SRC_URI="${KERNEL_URI}" - PATCH_DIR="${FILESDIR}/${KV_MAJOR}.${KV_MINOR}" -fi - -# make modules_prepare depends on pahole -RDEPEND="dev-util/pahole" - -KEYWORDS="amd64 arm64" -IUSE="" - -# XXX: Note we must prefix the patch filenames with "z" to ensure they are -# applied _after_ a potential patch-${KV}.patch file, present when building a -# patchlevel revision. We mustn't apply our patches first, it fails when the -# local patches overlap with the upstream patch. -UNIPATCH_LIST=" - ${PATCH_DIR}/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch \ - ${PATCH_DIR}/z0002-revert-pahole-flags.patch \ - ${PATCH_DIR}/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch \ - ${PATCH_DIR}/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch \ - ${PATCH_DIR}/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch \ - ${PATCH_DIR}/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch \ - ${PATCH_DIR}/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch \ -" From 9c0114eeba194f23a0d73d150bcc9cc8cc4ce465 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Wed, 18 Sep 2024 10:14:47 +0000 Subject: [PATCH 17/26] kernel: update patch for secureboot Source: https://sources.debian.org/data/main/l/linux/6.10.6-1~bpo12+1/debian/patches/features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch --- ...e-kernel-if-booted-in-secure-boot-mo.patch | 48 +++++++------------ 1 file changed, 17 insertions(+), 31 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch index 36df3994114..f836c8b83d9 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch @@ -1,7 +1,6 @@ -From fa96a2ef86466da0a43756ee39ce3b1cb555a55a Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Tue, 10 Sep 2019 11:54:28 +0100 -Subject: [PATCH 2/4] efi: Lock down the kernel if booted in secure boot mode +Subject: efi: Lock down the kernel if booted in secure boot mode Based on an earlier patch by David Howells, who wrote the following description: @@ -18,18 +17,16 @@ help text for LOCK_DOWN_IN_EFI_SECURE_BOOT was adjusted to mention that lockdown is triggered in integrity mode (https://bugs.debian.org/1025417)] Signed-off-by: Salvatore Bonaccorso --- - arch/x86/kernel/setup.c | 4 ++-- - drivers/firmware/efi/secureboot.c | 5 +++++ - include/linux/security.h | 6 ++++++ - security/lockdown/Kconfig | 15 +++++++++++++++ - security/lockdown/lockdown.c | 2 +- - 5 files changed, 29 insertions(+), 3 deletions(-) + arch/x86/kernel/setup.c | 4 ++-- + drivers/firmware/efi/secureboot.c | 3 +++ + include/linux/security.h | 6 ++++++ + security/lockdown/Kconfig | 15 +++++++++++++++ + security/lockdown/lockdown.c | 2 +- + 5 files changed, 27 insertions(+), 3 deletions(-) -diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index 7c4a6697e39d..04e73973098e 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1028,6 +1028,8 @@ void __init setup_arch(char **cmdline_p) +@@ -900,6 +900,8 @@ void __init setup_arch(char **cmdline_p) if (efi_enabled(EFI_BOOT)) efi_init(); @@ -38,7 +35,7 @@ index 7c4a6697e39d..04e73973098e 100644 reserve_ibft_region(); x86_init.resources.dmi_setup(); -@@ -1190,8 +1192,6 @@ void __init setup_arch(char **cmdline_p) +@@ -1061,8 +1063,6 @@ void __init setup_arch(char **cmdline_p) /* Allocate bigger log buffer */ setup_log_buf(1); @@ -47,8 +44,6 @@ index 7c4a6697e39d..04e73973098e 100644 reserve_initrd(); acpi_table_upgrade(); -diff --git a/drivers/firmware/efi/secureboot.c b/drivers/firmware/efi/secureboot.c -index b6620669e32b..8f2554291fb1 100644 --- a/drivers/firmware/efi/secureboot.c +++ b/drivers/firmware/efi/secureboot.c @@ -15,6 +15,7 @@ @@ -59,7 +54,7 @@ index b6620669e32b..8f2554291fb1 100644 /* * Decide what to do when UEFI secure boot mode is enabled. -@@ -28,6 +29,10 @@ void __init efi_set_secure_boot(enum efi_secureboot_mode mode) +@@ -28,6 +29,10 @@ void __init efi_set_secure_boot(enum efi break; case efi_secureboot_mode_enabled: set_bit(EFI_SECURE_BOOT, &efi.flags); @@ -70,21 +65,19 @@ index b6620669e32b..8f2554291fb1 100644 pr_info("Secure boot enabled\n"); break; default: -diff --git a/include/linux/security.h b/include/linux/security.h -index 4bd0f6fc553e..08258ecbb5f9 100644 --- a/include/linux/security.h +++ b/include/linux/security.h -@@ -486,6 +486,7 @@ int security_inode_notifysecctx(struct inode *inode, void *ctx, u32 ctxlen); - int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); - int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); +@@ -509,6 +509,7 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); + int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len, + void *val, size_t val_len, u64 id, u64 flags); +int lock_kernel_down(const char *where, enum lockdown_reason level); #else /* CONFIG_SECURITY */ static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) -@@ -1404,6 +1405,11 @@ static inline int security_locked_down(enum lockdown_reason what) +@@ -1483,6 +1484,11 @@ static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, { - return 0; + return -EOPNOTSUPP; } +static inline int +lock_kernel_down(const char *where, enum lockdown_reason level) @@ -94,11 +87,9 @@ index 4bd0f6fc553e..08258ecbb5f9 100644 #endif /* CONFIG_SECURITY */ #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) -diff --git a/security/lockdown/Kconfig b/security/lockdown/Kconfig -index e84ddf484010..4175b50b1e6e 100644 --- a/security/lockdown/Kconfig +++ b/security/lockdown/Kconfig -@@ -45,3 +45,18 @@ config LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY +@@ -45,3 +45,18 @@ config LOCK_DOWN_KERNEL_FORCE_CONFIDENTI disabled. endchoice @@ -117,11 +108,9 @@ index e84ddf484010..4175b50b1e6e 100644 + + Enabling this option results in kernel lockdown being + triggered in integrity mode if EFI Secure Boot is set. -diff --git a/security/lockdown/lockdown.c b/security/lockdown/lockdown.c -index 68d19632aeb7..67cc9839952f 100644 --- a/security/lockdown/lockdown.c +++ b/security/lockdown/lockdown.c -@@ -23,7 +23,7 @@ static const enum lockdown_reason lockdown_levels[] = {LOCKDOWN_NONE, +@@ -24,7 +24,7 @@ static const enum lockdown_reason lockdo /* * Put the kernel into lock-down mode. */ @@ -130,6 +119,3 @@ index 68d19632aeb7..67cc9839952f 100644 { if (kernel_locked_down >= level) return -EPERM; --- -2.39.2 - From 2be94c25d6472a168a26d76661fd021cdae3d9b1 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Wed, 18 Sep 2024 14:46:44 +0000 Subject: [PATCH 18/26] cpio: show all the rootfs found --- build_library/extract-initramfs-from-vmlinuz.sh | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/build_library/extract-initramfs-from-vmlinuz.sh b/build_library/extract-initramfs-from-vmlinuz.sh index 9c1ffb6952b..0552c89fecd 100755 --- a/build_library/extract-initramfs-from-vmlinuz.sh +++ b/build_library/extract-initramfs-from-vmlinuz.sh @@ -81,11 +81,9 @@ perform_round() { for rnd in "${round_prefix}"*; do if [[ $(file --brief "${rnd}") =~ 'cpio archive' ]]; then mkdir -p "${out}/rootfs-${ROOTFS_IDX}" - while cpio --quiet --extract --make-directories --directory="${out}/rootfs-${ROOTFS_IDX}" --nonmatching 'dev/*'; do - ROOTFS_IDX=$(( ROOTFS_IDX + 1 )) - mkdir -p "${out}/rootfs-${ROOTFS_IDX}" - done <${rnd} - rmdir "${out}/rootfs-${ROOTFS_IDX}" + # On Linux 6.10, the first rootfs is an extra ghost rootfs of 336K, that has a corrupted CPIO + cpio --quiet --extract --make-directories --directory="${out}/rootfs-${ROOTFS_IDX}" --nonmatching 'dev/*' < $rnd || true + ROOTFS_IDX=$(( ROOTFS_IDX + 1 )) fi done } From 47b94951865939123c85aeddef4050ca8eef4026 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Thu, 19 Sep 2024 08:05:32 +0000 Subject: [PATCH 19/26] kernel: fix hv tools build for arm64 --- .../coreos-sources-6.10.9.ebuild | 1 + ...s-hv-fix-cross-compilation-for-ARM64.patch | 35 +++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild index 05f06fac9e0..4680e07f285 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild @@ -42,4 +42,5 @@ UNIPATCH_LIST=" ${PATCH_DIR}/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch \ ${PATCH_DIR}/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch \ ${PATCH_DIR}/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch \ + ${PATCH_DIR}/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch \ " diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch new file mode 100644 index 00000000000..b06e6564756 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch @@ -0,0 +1,35 @@ +From 0890eb69da82aec12518a5c2998afea467a0e9d7 Mon Sep 17 00:00:00 2001 +From: Adrian Vladu +Date: Thu, 19 Sep 2024 07:59:59 +0000 +Subject: [PATCH] tools: hv: fix cross-compilation for ARM64 + +--- + tools/hv/Makefile | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tools/hv/Makefile b/tools/hv/Makefile +index 2e60e2c212cd..d72554cedbf6 100644 +--- a/tools/hv/Makefile ++++ b/tools/hv/Makefile +@@ -2,7 +2,9 @@ + # Makefile for Hyper-V tools + include ../scripts/Makefile.include + ++ifeq ($(ARCH),) + ARCH := $(shell uname -m 2>/dev/null) ++endif + sbindir ?= /usr/sbin + libexecdir ?= /usr/libexec + sharedstatedir ?= /var/lib +@@ -20,7 +22,7 @@ override CFLAGS += -O2 -Wall -g -D_GNU_SOURCE -I$(OUTPUT)include + override CFLAGS += -Wno-address-of-packed-member + + ALL_TARGETS := hv_kvp_daemon hv_vss_daemon +-ifneq ($(ARCH), aarch64) ++ifeq ($(filter $(ARCH),aarch64 arm64),) + ALL_TARGETS += hv_fcopy_uio_daemon + endif + ALL_PROGRAMS := $(patsubst %,$(OUTPUT)%,$(ALL_TARGETS)) +-- +2.34.1 + From ca8a7dab8c1f91b84c3ca5820ffe477a7690f7c8 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Thu, 19 Sep 2024 08:19:11 +0000 Subject: [PATCH 20/26] app-emulation/hv-daemons: add hv_fcopy_uio_daemon --- .../hv-daemons/files/hv_fcopy_uio_daemon.service | 9 +++++++++ .../app-emulation/hv-daemons/hv-daemons-9999.ebuild | 7 +------ 2 files changed, 10 insertions(+), 6 deletions(-) create mode 100644 sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/files/hv_fcopy_uio_daemon.service diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/files/hv_fcopy_uio_daemon.service b/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/files/hv_fcopy_uio_daemon.service new file mode 100644 index 00000000000..f12c7ea1bd6 --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/files/hv_fcopy_uio_daemon.service @@ -0,0 +1,9 @@ +[Unit] +Description=Hyper-V FCOPY UIO daemon +ConditionPathExists=/sys/bus/vmbus/devices/eb765408-105f-49b6-b4aa-c123b64d17d4/uio + +[Service] +ExecStart=/usr/bin/hv_fcopy_uio_daemon --no-daemon + +[Install] +WantedBy=multi-user.target diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-9999.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-9999.ebuild index 52eec0223c2..6aa38618939 100644 --- a/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-9999.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-9999.ebuild @@ -18,12 +18,7 @@ src_compile() { } src_install() { - if [ -f "${S}/build/tools/hv/hv_fcopy_uio_daemon" ]; then - cp "${S}/build/tools/hv/hv_fcopy_uio_daemon" "${S}/build/tools/hv/hv_fcopy_daemon" - fi - - - HV_DAEMONS=(hv_vss_daemon hv_kvp_daemon hv_fcopy_daemon) + HV_DAEMONS=(hv_vss_daemon hv_kvp_daemon hv_fcopy_daemon hv_fcopy_uio_daemon) for HV_DAEMON in "$HV_DAEMONS[@]" do if [ -f "${S}/build/tools/hv/${HV_DAEMON}" ]; then From 218f211483017bd810d25a2ac9a2611612666e6f Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Tue, 29 Oct 2024 11:02:00 +0000 Subject: [PATCH 21/26] kernel: upgrade from 6.10 to 6.11 --- .../{hv-daemons-6.10.9.ebuild => hv-daemons-6.11.5.ebuild} | 0 ...oreos-kernel-6.10.9.ebuild => coreos-kernel-6.11.5.ebuild} | 0 ...eos-modules-6.10.9.ebuild => coreos-modules-6.11.5.ebuild} | 0 .../files/{amd64_defconfig-6.10 => amd64_defconfig-6.11} | 0 .../files/{arm64_defconfig-6.10 => arm64_defconfig-6.11} | 0 .../files/{commonconfig-6.10 => commonconfig-6.11} | 0 .../coreos-overlay/sys-kernel/coreos-sources/Manifest | 4 ++-- ...eos-sources-6.10.9.ebuild => coreos-sources-6.11.5.ebuild} | 0 ...-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch | 0 .../{6.10 => 6.11}/z0002-pahole-remove-parallel-j-flag.patch | 0 .../z0002-pahole-support-reproducible-builds.patch | 0 .../z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch | 0 ...efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch | 0 ...efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch | 0 ...mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch | 0 ...arm64-add-kernel-config-option-to-lock-down-when-in-.patch | 0 .../z0008-tools-hv-fix-cross-compilation-for-ARM64.patch | 0 17 files changed, 2 insertions(+), 2 deletions(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/{hv-daemons-6.10.9.ebuild => hv-daemons-6.11.5.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/{coreos-kernel-6.10.9.ebuild => coreos-kernel-6.11.5.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/{coreos-modules-6.10.9.ebuild => coreos-modules-6.11.5.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/{amd64_defconfig-6.10 => amd64_defconfig-6.11} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/{arm64_defconfig-6.10 => arm64_defconfig-6.11} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/{commonconfig-6.10 => commonconfig-6.11} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/{coreos-sources-6.10.9.ebuild => coreos-sources-6.11.5.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.10 => 6.11}/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.10 => 6.11}/z0002-pahole-remove-parallel-j-flag.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.10 => 6.11}/z0002-pahole-support-reproducible-builds.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.10 => 6.11}/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.10 => 6.11}/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.10 => 6.11}/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.10 => 6.11}/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.10 => 6.11}/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.10 => 6.11}/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.10.9.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.11.5.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.10.9.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.11.5.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.10.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.11.5.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.10.9.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.11.5.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.10.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.11.5.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.10.9.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.11.5.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.10 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.11 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.10 rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.11 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.10 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.11 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.10 rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.11 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.10 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.11 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.10 rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.11 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest index 1350d61c4bd..1c3130b1d63 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest @@ -1,2 +1,2 @@ -DIST linux-6.10.tar.xz 145142812 BLAKE2B bb243ea7493b9d63aa2df2050a3f1ae2b89ee84a20015239cf157e3f4f51c7ac5efedc8a51132b2d7482f9276ac418de6624831c8a3b806130d9c2d2124c539b SHA512 baa2487954044f991d2ae254d77d14a1f0185dd62c9f0fcaff69f586c9f906823017b8db1c4588f27b076dfa3ebb606929fec859f60ea419e7974330b9289cc2 -DIST patch-6.10.9.xz 561612 BLAKE2B 0c37b127c396a98cbf15fb1008caa1bfa81b8fe353417a4411d219df572be9df8b5ffceca4351daa9fe7f61f9dfec412bac0fe5b8dc0043c43380378d73c30fe SHA512 f2536d794c9250be1fe763fadad711619f181f0c938e8de1f510bf4a6cd79f7c43ce400f659c53dc6fd38081966724d7b8bdd433f8cab43e7faa09d775da6f69 +DIST linux-6.11.tar.xz 146900704 BLAKE2B e7750c0878d71a56a0ce52d4c4c912199dad5bf5e2e8f872585a6494afbb37cbd852e612a6858936d2dc9b7776a3933818f540db408d57e90d18ea5249bba7ab SHA512 329c1f94008742e3f0c2ce7e591a16316d1b2cb9ea4596d4f45604097e07b7aa2f64afa40630a07f321a858455c77aa32ba57b271932ddcf4dc27863f9081cea +DIST patch-6.11.5.xz 531688 BLAKE2B b69478bddd46a471474cc6a2cbf5feb0a52b4856314e1f237cfae0fb60fccab075a38405dc9c0f230faad609637a71e0e091c5533c6afc042faa6c612a437c3c SHA512 8425ebb7c60d4dd723ed0ee36ff5a81b269e3b23973c829ad48ba5c7789288958042143d2614255d90aa0852ad198183320b64b674304fd0c81091688941238c diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.11.5.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.10.9.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.11.5.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-pahole-remove-parallel-j-flag.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0002-pahole-remove-parallel-j-flag.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-pahole-remove-parallel-j-flag.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0002-pahole-remove-parallel-j-flag.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-pahole-support-reproducible-builds.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0002-pahole-support-reproducible-builds.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0002-pahole-support-reproducible-builds.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0002-pahole-support-reproducible-builds.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.10/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch From b1578e95d922a67061ac7d18282344a916c3f99d Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Tue, 19 Nov 2024 07:32:18 +0000 Subject: [PATCH 22/26] kernel: use kernel 6.12 --- .../{hv-daemons-6.11.5.ebuild => hv-daemons-6.12.0.ebuild} | 0 ...coreos-kernel-6.11.5.ebuild => coreos-kernel-6.12.0.ebuild} | 0 ...reos-modules-6.11.5.ebuild => coreos-modules-6.12.0.ebuild} | 0 .../files/{amd64_defconfig-6.11 => amd64_defconfig-6.12} | 0 .../files/{arm64_defconfig-6.11 => arm64_defconfig-6.12} | 0 .../files/{commonconfig-6.11 => commonconfig-6.12} | 0 .../coreos-overlay/sys-kernel/coreos-sources/Manifest | 3 +-- ...reos-sources-6.11.5.ebuild => coreos-sources-6.12.0.ebuild} | 0 ...1-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch | 0 .../{6.11 => 6.12}/z0002-pahole-remove-parallel-j-flag.patch | 0 .../z0002-pahole-support-reproducible-builds.patch | 0 .../z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch | 0 ...-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch | 0 ...-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch | 0 ...-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch | 0 ...-arm64-add-kernel-config-option-to-lock-down-when-in-.patch | 0 .../z0008-tools-hv-fix-cross-compilation-for-ARM64.patch | 0 17 files changed, 1 insertion(+), 2 deletions(-) rename sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/{hv-daemons-6.11.5.ebuild => hv-daemons-6.12.0.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/{coreos-kernel-6.11.5.ebuild => coreos-kernel-6.12.0.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/{coreos-modules-6.11.5.ebuild => coreos-modules-6.12.0.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/{amd64_defconfig-6.11 => amd64_defconfig-6.12} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/{arm64_defconfig-6.11 => arm64_defconfig-6.12} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/{commonconfig-6.11 => commonconfig-6.12} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/{coreos-sources-6.11.5.ebuild => coreos-sources-6.12.0.ebuild} (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.11 => 6.12}/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.11 => 6.12}/z0002-pahole-remove-parallel-j-flag.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.11 => 6.12}/z0002-pahole-support-reproducible-builds.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.11 => 6.12}/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.11 => 6.12}/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.11 => 6.12}/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.11 => 6.12}/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.11 => 6.12}/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch (100%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/{6.11 => 6.12}/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch (100%) diff --git a/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.11.5.ebuild b/sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.12.0.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.11.5.ebuild rename to sdk_container/src/third_party/coreos-overlay/app-emulation/hv-daemons/hv-daemons-6.12.0.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.11.5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.0.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.11.5.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.12.0.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.11.5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.12.0.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.11.5.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/coreos-modules-6.12.0.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.11 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.12 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.11 rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/amd64_defconfig-6.12 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.11 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.12 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.11 rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.12 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.11 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12 similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.11 rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest index 1c3130b1d63..1665932d7ad 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/Manifest @@ -1,2 +1 @@ -DIST linux-6.11.tar.xz 146900704 BLAKE2B e7750c0878d71a56a0ce52d4c4c912199dad5bf5e2e8f872585a6494afbb37cbd852e612a6858936d2dc9b7776a3933818f540db408d57e90d18ea5249bba7ab SHA512 329c1f94008742e3f0c2ce7e591a16316d1b2cb9ea4596d4f45604097e07b7aa2f64afa40630a07f321a858455c77aa32ba57b271932ddcf4dc27863f9081cea -DIST patch-6.11.5.xz 531688 BLAKE2B b69478bddd46a471474cc6a2cbf5feb0a52b4856314e1f237cfae0fb60fccab075a38405dc9c0f230faad609637a71e0e091c5533c6afc042faa6c612a437c3c SHA512 8425ebb7c60d4dd723ed0ee36ff5a81b269e3b23973c829ad48ba5c7789288958042143d2614255d90aa0852ad198183320b64b674304fd0c81091688941238c +DIST linux-6.12.tar.xz 147906904 BLAKE2B b2ec2fc69218cacabbbe49f78384a5d259ca581b717617c12b000b16f4a4c59ee348ea886b37147f5f70fb9a7a01c1e2c8f19021078f6b23f5bc62d1c48d5e5e SHA512 a37b1823df7b4f72542f689b65882634740ba0401a42fdcf6601d9efd2e132e5a7650e70450ba76f6cd1f13ca31180f2ccee9d54fe4df89bc0000ade4380a548 diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.11.5.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.0.ebuild similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.11.5.ebuild rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.0.ebuild diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0002-pahole-remove-parallel-j-flag.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-pahole-remove-parallel-j-flag.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0002-pahole-remove-parallel-j-flag.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-pahole-remove-parallel-j-flag.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0002-pahole-support-reproducible-builds.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-pahole-support-reproducible-builds.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0002-pahole-support-reproducible-builds.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-pahole-support-reproducible-builds.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch similarity index 100% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.11/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch From 354489d7ee1be31a4b271242948de296f68ee907 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Tue, 19 Nov 2024 09:53:14 +0000 Subject: [PATCH 23/26] kernel: use new patches for secure boot From: https://sources.debian.org/data/main/l/linux/6.12~rc6-1~exp1/debian/patches/features/all/lockdown/ --- .../coreos-sources-6.12.0.ebuild | 8 +-- .../z0002-pahole-remove-parallel-j-flag.patch | 71 ------------------- ...cure_boot-flag-to-indicate-secure-b.patch} | 33 +++------ ...-kernel-if-booted-in-secure-boot-mo.patch} | 24 +++---- ...le-slram-and-phram-when-locked-down.patch} | 13 +--- ...nel-config-option-to-lock-down-when.patch} | 45 +++++------- 6 files changed, 46 insertions(+), 148 deletions(-) delete mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-pahole-remove-parallel-j-flag.patch rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/{z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch => z0004-efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch} (79%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/{z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch => z0005-efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch} (85%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/{z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch => z0006-mtd-disable-slram-and-phram-when-locked-down.patch} (81%) rename sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/{z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch => z0007-arm64-add-kernel-config-option-to-lock-down-when.patch} (73%) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.0.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.0.ebuild index 4680e07f285..5e33b6ee4d7 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.0.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-6.12.0.ebuild @@ -38,9 +38,9 @@ UNIPATCH_LIST=" ${PATCH_DIR}/z0001-kbuild-derive-relative-path-for-srctree-from-CURDIR.patch \ ${PATCH_DIR}/z0002-pahole-support-reproducible-builds.patch \ ${PATCH_DIR}/z0003-Revert-x86-boot-Remove-the-bugger-off-message.patch \ - ${PATCH_DIR}/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch \ - ${PATCH_DIR}/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch \ - ${PATCH_DIR}/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch \ - ${PATCH_DIR}/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch \ + ${PATCH_DIR}/z0004-efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch \ + ${PATCH_DIR}/z0005-efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch \ + ${PATCH_DIR}/z0006-mtd-disable-slram-and-phram-when-locked-down.patch \ + ${PATCH_DIR}/z0007-arm64-add-kernel-config-option-to-lock-down-when.patch \ ${PATCH_DIR}/z0008-tools-hv-fix-cross-compilation-for-ARM64.patch \ " diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-pahole-remove-parallel-j-flag.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-pahole-remove-parallel-j-flag.patch deleted file mode 100644 index d193433a64f..00000000000 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0002-pahole-remove-parallel-j-flag.patch +++ /dev/null @@ -1,71 +0,0 @@ -From e7593854f521ec21786fc7bfe5777b35dc627b9d Mon Sep 17 00:00:00 2001 -From: Adrian Vladu -Date: Wed, 11 Sep 2024 11:14:26 +0000 -Subject: [PATCH] pahole: remove parallel -j flag - -When pahole is executed with -j (parallel) then btf metadata order is -non-deterministic and the built kernel and modules don't match. ---- - init/Kconfig | 2 +- - lib/Kconfig.debug | 9 --------- - scripts/Makefile.btf | 4 +--- - 3 files changed, 2 insertions(+), 13 deletions(-) - -diff --git a/init/Kconfig b/init/Kconfig -index 9684e5d2b81c..c8544aa6856a 100644 ---- a/init/Kconfig -+++ b/init/Kconfig -@@ -1889,7 +1889,7 @@ config RUST - depends on !GCC_PLUGINS - depends on !RANDSTRUCT - depends on !SHADOW_CALL_STACK -- depends on !DEBUG_INFO_BTF || PAHOLE_HAS_LANG_EXCLUDE -+ depends on !DEBUG_INFO_BTF - help - Enables Rust support in the kernel. - -diff --git a/lib/Kconfig.debug b/lib/Kconfig.debug -index 59b6765d86b8..611dfcce9335 100644 ---- a/lib/Kconfig.debug -+++ b/lib/Kconfig.debug -@@ -398,15 +398,6 @@ config PAHOLE_HAS_BTF_TAG - btf_decl_tag) or not. Currently only clang compiler implements - these attributes, so make the config depend on CC_IS_CLANG. - --config PAHOLE_HAS_LANG_EXCLUDE -- def_bool PAHOLE_VERSION >= 124 -- help -- Support for the --lang_exclude flag which makes pahole exclude -- compilation units from the supplied language. Used in Kbuild to -- omit Rust CUs which are not supported in version 1.24 of pahole, -- otherwise it would emit malformed kernel and module binaries when -- using DEBUG_INFO_BTF_MODULES. -- - config DEBUG_INFO_BTF_MODULES - bool "Generate BTF type information for kernel modules" - default y -diff --git a/scripts/Makefile.btf b/scripts/Makefile.btf -index 2d6e5ed9081e..291bfdab7a9b 100644 ---- a/scripts/Makefile.btf -+++ b/scripts/Makefile.btf -@@ -12,8 +12,6 @@ endif - - pahole-flags-$(call test-ge, $(pahole-ver), 121) += --btf_gen_floats - --pahole-flags-$(call test-ge, $(pahole-ver), 122) += -j -- - ifeq ($(pahole-ver), 125) - pahole-flags-y += --skip_encoding_btf_inconsistent_proto --btf_gen_optimized - endif -@@ -21,7 +19,7 @@ endif - else - - # Switch to using --btf_features for v1.26 and later. --pahole-flags-$(call test-ge, $(pahole-ver), 126) = -j --btf_features=encode_force,var,float,enum64,decl_tag,type_tag,optimized_func,consistent_func -+pahole-flags-$(call test-ge, $(pahole-ver), 126) = --btf_features=encode_force,var,float,enum64,decl_tag,type_tag,optimized_func,consistent_func - - endif - --- -2.34.1 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0004-efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch similarity index 79% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0004-efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch index 8876e43904a..822beab21c1 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0004-efi-Add-an-EFI_SECURE_BOOT-flag-to-indicate-secure-b.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0004-efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch @@ -1,8 +1,7 @@ -From 1e2ffbec195c89d887bc088691ebb19c9173ecad Mon Sep 17 00:00:00 2001 From: David Howells Date: Mon, 18 Feb 2019 12:45:03 +0000 -Subject: [PATCH 1/4] efi: Add an EFI_SECURE_BOOT flag to indicate secure boot - mode +Subject: [28/30] efi: Add an EFI_SECURE_BOOT flag to indicate secure boot mode +Origin: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=a5d70c55c603233c192b375f72116a395909da28 UEFI machines can be booted in Secure Boot mode. Add an EFI_SECURE_BOOT flag that can be passed to efi_enabled() to find out whether secure boot is @@ -26,15 +25,13 @@ cc: linux-efi@vger.kernel.org arch/x86/kernel/setup.c | 14 +---------- drivers/firmware/efi/Makefile | 1 + drivers/firmware/efi/secureboot.c | 39 +++++++++++++++++++++++++++++++ - include/linux/efi.h | 17 ++++++++------ - 4 files changed, 51 insertions(+), 20 deletions(-) + include/linux/efi.h | 16 ++++++++----- + 4 files changed, 51 insertions(+), 19 deletions(-) create mode 100644 drivers/firmware/efi/secureboot.c -diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c -index eb129277dcdd..7c4a6697e39d 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1190,19 +1190,7 @@ void __init setup_arch(char **cmdline_p) +@@ -1193,19 +1193,7 @@ void __init setup_arch(char **cmdline_p) /* Allocate bigger log buffer */ setup_log_buf(1); @@ -55,11 +52,9 @@ index eb129277dcdd..7c4a6697e39d 100644 reserve_initrd(); -diff --git a/drivers/firmware/efi/Makefile b/drivers/firmware/efi/Makefile -index e489fefd23da..f2dfae764fb5 100644 --- a/drivers/firmware/efi/Makefile +++ b/drivers/firmware/efi/Makefile -@@ -25,6 +25,7 @@ subdir-$(CONFIG_EFI_STUB) += libstub +@@ -25,6 +25,7 @@ obj-$(CONFIG_EFI_FAKE_MEMMAP) += fake_m obj-$(CONFIG_EFI_BOOTLOADER_CONTROL) += efibc.o obj-$(CONFIG_EFI_TEST) += test/ obj-$(CONFIG_EFI_DEV_PATH_PARSER) += dev-path-parser.o @@ -67,9 +62,6 @@ index e489fefd23da..f2dfae764fb5 100644 obj-$(CONFIG_APPLE_PROPERTIES) += apple-properties.o obj-$(CONFIG_EFI_RCI2_TABLE) += rci2-table.o obj-$(CONFIG_EFI_EMBEDDED_FIRMWARE) += embedded-firmware.o -diff --git a/drivers/firmware/efi/secureboot.c b/drivers/firmware/efi/secureboot.c -new file mode 100644 -index 000000000000..b6620669e32b --- /dev/null +++ b/drivers/firmware/efi/secureboot.c @@ -0,0 +1,39 @@ @@ -112,11 +104,9 @@ index 000000000000..b6620669e32b + } + } +} -diff --git a/include/linux/efi.h b/include/linux/efi.h -index 80b21d1c6eaf..d267ddba8369 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -871,6 +871,14 @@ extern int __init efi_setup_pcdp_console(char *); +@@ -871,6 +871,14 @@ extern int __init efi_setup_pcdp_console #define EFI_MEM_ATTR 10 /* Did firmware publish an EFI_MEMORY_ATTRIBUTES table? */ #define EFI_MEM_NO_SOFT_RESERVE 11 /* Is the kernel configured to ignore soft reservations? */ #define EFI_PRESERVE_BS_REGIONS 12 /* Are EFI boot-services memory segments available? */ @@ -131,7 +121,7 @@ index 80b21d1c6eaf..d267ddba8369 100644 #ifdef CONFIG_EFI /* -@@ -895,6 +903,7 @@ static inline bool efi_rt_services_supported(unsigned int mask) +@@ -895,6 +903,7 @@ static inline bool efi_rt_services_suppo return (efi.runtime_supported_mask & mask) == mask; } extern void efi_find_mirror(void); @@ -139,7 +129,7 @@ index 80b21d1c6eaf..d267ddba8369 100644 #else static inline bool efi_enabled(int feature) { -@@ -914,6 +923,7 @@ static inline bool efi_rt_services_supported(unsigned int mask) +@@ -914,6 +923,7 @@ static inline bool efi_rt_services_suppo } static inline void efi_find_mirror(void) {} @@ -147,7 +137,7 @@ index 80b21d1c6eaf..d267ddba8369 100644 #endif extern int efi_status_to_err(efi_status_t status); -@@ -1133,13 +1143,6 @@ static inline bool efi_runtime_disabled(void) { return true; } +@@ -1133,13 +1143,6 @@ static inline bool efi_runtime_disabled( extern void efi_call_virt_check_flags(unsigned long flags, const void *caller); extern unsigned long efi_call_virt_save_flags(void); @@ -161,6 +151,3 @@ index 80b21d1c6eaf..d267ddba8369 100644 static inline enum efi_secureboot_mode efi_get_secureboot_mode(efi_get_variable_t *get_var) { --- -2.39.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0005-efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch similarity index 85% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0005-efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch index f836c8b83d9..6fff3f89675 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0005-efi-Lock-down-the-kernel-if-booted-in-secure-boot-mo.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0005-efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch @@ -26,7 +26,7 @@ Signed-off-by: Salvatore Bonaccorso --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -900,6 +900,8 @@ void __init setup_arch(char **cmdline_p) +@@ -904,6 +904,8 @@ void __init setup_arch(char **cmdline_p) if (efi_enabled(EFI_BOOT)) efi_init(); @@ -35,7 +35,7 @@ Signed-off-by: Salvatore Bonaccorso reserve_ibft_region(); x86_init.resources.dmi_setup(); -@@ -1061,8 +1063,6 @@ void __init setup_arch(char **cmdline_p) +@@ -1070,8 +1072,6 @@ void __init setup_arch(char **cmdline_p) /* Allocate bigger log buffer */ setup_log_buf(1); @@ -67,26 +67,26 @@ Signed-off-by: Salvatore Bonaccorso default: --- a/include/linux/security.h +++ b/include/linux/security.h -@@ -509,6 +509,7 @@ int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); +@@ -522,6 +522,7 @@ int security_inode_notifysecctx(struct i + int security_inode_setsecctx(struct dentry *dentry, void *ctx, u32 ctxlen); + int security_inode_getsecctx(struct inode *inode, void **ctx, u32 *ctxlen); int security_locked_down(enum lockdown_reason what); ++int lock_kernel_down(const char *where, enum lockdown_reason level); int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, u32 *uctx_len, void *val, size_t val_len, u64 id, u64 flags); -+int lock_kernel_down(const char *where, enum lockdown_reason level); - #else /* CONFIG_SECURITY */ - - static inline int call_blocking_lsm_notifier(enum lsm_event event, void *data) -@@ -1483,6 +1484,11 @@ static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, + int security_bdev_alloc(struct block_device *bdev); +@@ -1504,6 +1505,11 @@ static inline int security_locked_down(e { - return -EOPNOTSUPP; + return 0; } +static inline int +lock_kernel_down(const char *where, enum lockdown_reason level) +{ + return -EOPNOTSUPP; +} - #endif /* CONFIG_SECURITY */ - - #if defined(CONFIG_SECURITY) && defined(CONFIG_WATCH_QUEUE) + static inline int lsm_fill_user_ctx(struct lsm_ctx __user *uctx, + u32 *uctx_len, void *val, size_t val_len, + u64 id, u64 flags) --- a/security/lockdown/Kconfig +++ b/security/lockdown/Kconfig @@ -45,3 +45,18 @@ config LOCK_DOWN_KERNEL_FORCE_CONFIDENTI diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0006-mtd-disable-slram-and-phram-when-locked-down.patch similarity index 81% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0006-mtd-disable-slram-and-phram-when-locked-down.patch index 7346036e80e..c718e7e2f02 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0006-mtd-phram-slram-Disable-when-the-kernel-is-locked-do.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0006-mtd-disable-slram-and-phram-when-locked-down.patch @@ -1,7 +1,7 @@ -From bb8912cf807feab56cf8e924d33229d800ae71a6 Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Fri, 30 Aug 2019 15:54:24 +0100 -Subject: [PATCH 3/4] mtd: phram,slram: Disable when the kernel is locked down +Subject: mtd: phram,slram: Disable when the kernel is locked down +Forwarded: https://lore.kernel.org/linux-security-module/20190830154720.eekfjt6c4jzvlbfz@decadent.org.uk/ These drivers allow mapping arbitrary memory ranges as MTD devices. This should be disabled to preserve the kernel's integrity when it is @@ -21,11 +21,9 @@ Cc: linux-mtd@lists.infradead.org drivers/mtd/devices/slram.c | 9 ++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) -diff --git a/drivers/mtd/devices/phram.c b/drivers/mtd/devices/phram.c -index 208bd4d871f4..30f84a91692d 100644 --- a/drivers/mtd/devices/phram.c +++ b/drivers/mtd/devices/phram.c -@@ -364,7 +364,11 @@ static int phram_param_call(const char *val, const struct kernel_param *kp) +@@ -364,7 +364,11 @@ static int phram_param_call(const char * #endif } @@ -38,8 +36,6 @@ index 208bd4d871f4..30f84a91692d 100644 MODULE_PARM_DESC(phram, "Memory region to map. \"phram=,,[,]\""); #ifdef CONFIG_OF -diff --git a/drivers/mtd/devices/slram.c b/drivers/mtd/devices/slram.c -index 28131a127d06..d92a2461e2ce 100644 --- a/drivers/mtd/devices/slram.c +++ b/drivers/mtd/devices/slram.c @@ -43,6 +43,7 @@ @@ -77,6 +73,3 @@ index 28131a127d06..d92a2461e2ce 100644 while (map) { devname = devstart = devlength = NULL; --- -2.39.2 - diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0007-arm64-add-kernel-config-option-to-lock-down-when.patch similarity index 73% rename from sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch rename to sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0007-arm64-add-kernel-config-option-to-lock-down-when.patch index 7661674404f..61b7040971f 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0007-arm64-add-kernel-config-option-to-lock-down-when-in-.patch +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/files/6.12/z0007-arm64-add-kernel-config-option-to-lock-down-when.patch @@ -1,8 +1,8 @@ -From 8598238a38a333fed5ec0c8287f99813578370ab Mon Sep 17 00:00:00 2001 From: Linn Crosetto Date: Tue, 30 Aug 2016 11:54:38 -0600 -Subject: [PATCH 4/4] arm64: add kernel config option to lock down when in - Secure Boot mode +Subject: arm64: add kernel config option to lock down when in Secure Boot mode +Bug-Debian: https://bugs.debian.org/831827 +Forwarded: no Add a kernel configuration option to lock down the kernel, to restrict userspace's ability to modify the running kernel when UEFI Secure Boot is @@ -32,17 +32,15 @@ Signed-off-by: Linn Crosetto [Salvatore Bonaccorso: Forward-ported to 5.10: f30f242fb131 ("efi: Rename arm-init to efi-init common for all arch") renamed arm-init.c to efi-init.c] --- - drivers/firmware/efi/efi-init.c | 5 ++++- - drivers/firmware/efi/fdtparams.c | 12 +++++++++++- - drivers/firmware/efi/libstub/fdt.c | 6 ++++++ - include/linux/efi.h | 3 ++- + drivers/firmware/efi/efi-init.c | 5 ++++- + drivers/firmware/efi/fdtparams.c | 12 +++++++++++- + drivers/firmware/efi/libstub/fdt.c | 6 ++++++ + include/linux/efi.h | 3 ++- 4 files changed, 23 insertions(+), 3 deletions(-) -diff --git a/drivers/firmware/efi/efi-init.c b/drivers/firmware/efi/efi-init.c -index 59b0d7197b68..e63f8a82d9f4 100644 --- a/drivers/firmware/efi/efi-init.c +++ b/drivers/firmware/efi/efi-init.c -@@ -204,9 +204,10 @@ void __init efi_init(void) +@@ -213,9 +213,10 @@ void __init efi_init(void) { struct efi_memory_map_data data; u64 efi_system_table; @@ -54,7 +52,7 @@ index 59b0d7197b68..e63f8a82d9f4 100644 if (!efi_system_table) return; -@@ -228,6 +229,8 @@ void __init efi_init(void) +@@ -237,6 +238,8 @@ void __init efi_init(void) return; } @@ -63,8 +61,6 @@ index 59b0d7197b68..e63f8a82d9f4 100644 reserve_regions(); /* * For memblock manipulation, the cap should come after the memblock_add(). -diff --git a/drivers/firmware/efi/fdtparams.c b/drivers/firmware/efi/fdtparams.c -index 0ec83ba58097..81a0ac408cf5 100644 --- a/drivers/firmware/efi/fdtparams.c +++ b/drivers/firmware/efi/fdtparams.c @@ -16,6 +16,7 @@ enum { @@ -75,7 +71,7 @@ index 0ec83ba58097..81a0ac408cf5 100644 PARAMCOUNT }; -@@ -26,6 +27,7 @@ static __initconst const char name[][22] = { +@@ -26,6 +27,7 @@ static __initconst const char name[][22] [MMSIZE] = "MemMap Size ", [DCSIZE] = "MemMap Desc. Size ", [DCVERS] = "MemMap Desc. Version ", @@ -99,7 +95,7 @@ index 0ec83ba58097..81a0ac408cf5 100644 } } }; -@@ -64,6 +68,11 @@ static int __init efi_get_fdt_prop(const void *fdt, int node, const char *pname, +@@ -64,6 +68,11 @@ static int __init efi_get_fdt_prop(const int len; u64 val; @@ -111,7 +107,7 @@ index 0ec83ba58097..81a0ac408cf5 100644 prop = fdt_getprop(fdt, node, pname, &len); if (!prop) return 1; -@@ -81,7 +90,7 @@ static int __init efi_get_fdt_prop(const void *fdt, int node, const char *pname, +@@ -81,7 +90,7 @@ static int __init efi_get_fdt_prop(const return 0; } @@ -120,7 +116,7 @@ index 0ec83ba58097..81a0ac408cf5 100644 { const void *fdt = initial_boot_params; unsigned long systab; -@@ -95,6 +104,7 @@ u64 __init efi_get_fdt_params(struct efi_memory_map_data *mm) +@@ -95,6 +104,7 @@ u64 __init efi_get_fdt_params(struct efi [MMSIZE] = { &mm->size, sizeof(mm->size) }, [DCSIZE] = { &mm->desc_size, sizeof(mm->desc_size) }, [DCVERS] = { &mm->desc_version, sizeof(mm->desc_version) }, @@ -128,11 +124,9 @@ index 0ec83ba58097..81a0ac408cf5 100644 }; BUILD_BUG_ON(ARRAY_SIZE(target) != ARRAY_SIZE(name)); -diff --git a/drivers/firmware/efi/libstub/fdt.c b/drivers/firmware/efi/libstub/fdt.c -index 6a337f1f8787..6c679da644dd 100644 --- a/drivers/firmware/efi/libstub/fdt.c +++ b/drivers/firmware/efi/libstub/fdt.c -@@ -132,6 +132,12 @@ static efi_status_t update_fdt(void *orig_fdt, unsigned long orig_fdt_size, +@@ -132,6 +132,12 @@ static efi_status_t update_fdt(void *ori } } @@ -145,20 +139,15 @@ index 6a337f1f8787..6c679da644dd 100644 /* Shrink the FDT back to its minimum size: */ fdt_pack(fdt); -diff --git a/include/linux/efi.h b/include/linux/efi.h -index d267ddba8369..fbce526768d3 100644 --- a/include/linux/efi.h +++ b/include/linux/efi.h -@@ -756,7 +756,8 @@ extern void efi_mem_reserve(phys_addr_t addr, u64 size); +@@ -764,7 +764,8 @@ extern int efi_mem_desc_lookup(u64 phys_ + extern int __efi_mem_desc_lookup(u64 phys_addr, efi_memory_desc_t *out_md); + extern void efi_mem_reserve(phys_addr_t addr, u64 size); extern int efi_mem_reserve_persistent(phys_addr_t addr, u64 size); - extern void efi_initialize_iomem_resources(struct resource *code_resource, - struct resource *data_resource, struct resource *bss_resource); -extern u64 efi_get_fdt_params(struct efi_memory_map_data *data); +extern u64 efi_get_fdt_params(struct efi_memory_map_data *data, + u32 *secure_boot); extern struct kobject *efi_kobj; extern int efi_reboot_quirk_mode; --- -2.39.2 - From c9f97942ac0c337ac01894470a5c26a5f40b6063 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Tue, 19 Nov 2024 09:54:07 +0000 Subject: [PATCH 24/26] kernel: add required CONFIG_MODULE_COMPRESS=y --- .../sys-kernel/coreos-modules/files/commonconfig-6.12 | 1 + 1 file changed, 1 insertion(+) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12 index 7535bf34de0..def6990de88 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12 +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/commonconfig-6.12 @@ -456,6 +456,7 @@ CONFIG_MMC_BLOCK_MINORS=16 CONFIG_MMC_SDHCI=m CONFIG_MMC_SDHCI_PCI=m CONFIG_MODULES=y +CONFIG_MODULE_COMPRESS=y CONFIG_MODULE_COMPRESS_XZ=y CONFIG_MODULE_SIG=y CONFIG_MODULE_SIG_KEY="certs/modules.pem" From 582883ab580fb0e4eda6a81ee7256a7d2441f210 Mon Sep 17 00:00:00 2001 From: Adrian Vladu Date: Thu, 19 Dec 2024 09:38:46 +0000 Subject: [PATCH 25/26] sys-fs/zfs: add and enable 2.2.7 which is compatible with kernel 6.12 --- .../portage-stable/sys-fs/zfs-kmod/Manifest | 6 + .../sys-fs/zfs-kmod/zfs-kmod-2.2.7.ebuild | 207 ++++++++++++ .../portage-stable/sys-fs/zfs/Manifest | 6 + .../sys-fs/zfs/zfs-2.2.7.ebuild | 310 ++++++++++++++++++ 4 files changed, 529 insertions(+) create mode 100644 sdk_container/src/third_party/portage-stable/sys-fs/zfs-kmod/zfs-kmod-2.2.7.ebuild create mode 100644 sdk_container/src/third_party/portage-stable/sys-fs/zfs/zfs-2.2.7.ebuild diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/zfs-kmod/Manifest b/sdk_container/src/third_party/portage-stable/sys-fs/zfs-kmod/Manifest index 9b9fdd0b90e..2f6207229ee 100644 --- a/sdk_container/src/third_party/portage-stable/sys-fs/zfs-kmod/Manifest +++ b/sdk_container/src/third_party/portage-stable/sys-fs/zfs-kmod/Manifest @@ -1,8 +1,14 @@ DIST zfs-2.1.15.tar.gz 35209038 BLAKE2B 61f9e14c54d43d1c51269917bb3ffde0530166126ea0467103ff1171dffc537315fd21c270d12f73d677e121b8094af39dd0a1fe3f80986bb42dc16d627dff52 SHA512 24096f2a6ecb3cc51f3d2f11cc69ad134d6fc33667007277c50cf798be2b19b6ddfa9be6923ca53d8b09f0bebae14c44d74811ec776e5aaf4ea0e810844c1f3d DIST zfs-2.1.15.tar.gz.asc 836 BLAKE2B 897c05a8870cd0418493b42fe854ef5b28f9a31513ac262a25631089defa59190808b51bd31e43412b01171bcac0dff0608d417dfdacfeee0b0f067e0627d48f SHA512 a6c5a9d214070a220716075455eb1cb85a53fb20b5fe4319f112cde0653a25f87b66d0f0bcf0ca641e3ac38239759cb9df6ed7f4700056a2732cc8c1ccd9ce05 +DIST zfs-2.1.16.tar.gz 35187215 BLAKE2B 8bb90903f3747589fff94a810584de54d7f598b0aa9d0b364cc679779d401a9a76f6914cbfbdd007e2066f02230ed4cac4f3735830ea70eb3bcc449af8229c5d SHA512 68e62015e44eeb997166418bf769afa3e96c037a9282dcfd08a8f01d935fa48076483158f628d70b0aed258427510996d4c4ee7d2644ff561163c76f776635d2 +DIST zfs-2.1.16.tar.gz.asc 836 BLAKE2B b46614399ca63d9c88216c55bb2177cc0c28f4da2cb6be3ee361efca994309abff46fdf6ad6b0bad448c44e9e84ee40e2183d1b482e04844317f14744bab5c1f SHA512 d2d94a4e3ffe182e86fa3319cb9661688125f378ffa1e5768ee89033f796a1f52f877c382588fb1f434686e30bc4e65e3f08ceac0dd3dd7f8f751ba6182c3317 DIST zfs-2.2.5.tar.gz 33896824 BLAKE2B ec73c866bf931e4af63a35b3e61e1254d681d21aadba304ea95c147a3911c3d92db686591147036848ceae1683f31f6f81e04a24df6cb11a91a8abaed179567f SHA512 8e288620ce78fb235fa0c9929fc97150987a64091a8a5209209f1e0975d4d6213b8b307e32b3c89d934e83dc8468a1998b797fcdff5bbbbd023f07674877b0c6 DIST zfs-2.2.5.tar.gz.asc 836 BLAKE2B ae6e47ce82ffda8834047e03f361ca096448f98ea811a09c0c68b202996c613e6524501cda49873acc4bca9f60c298635f89e5d7fe8f00ffa05b192fc98e16ef SHA512 0a397471c3f1ee9675eb9fcd589409c5085f8692930275ea15d92042fadaf1d3772666a3cca5adb1730c953464e0ec00f501cc5333a303d322c636020c2a7060 DIST zfs-2.2.6.tar.gz 33900138 BLAKE2B 0bbe36df779aaf19460a75725af9c9b13e64e77a6020974ad18d60d9fd52db2ddd6ea98b3e6c7451195bdfb347b8aab51db9b3f9a7c15c77bff47329bbd07dd2 SHA512 c217a3397b67d7239bc30bc492d58fff96bb29c9cf73e390d1787a4fb787cb297557e594a926453fed11faaab80363d40853af271f8ee18ce9a317dfde4c6745 DIST zfs-2.2.6.tar.gz.asc 836 BLAKE2B db66f3e2e629ab8a344a8e0c2609bcbb98d69d110fc9e064760ee0c5c25cd67421a71764c4b65d7005e8ff66167bf24beb4be2560a47318eabffa888c1539f26 SHA512 d09f343b3acc3a81e96c069072cfb16d0b490ee77562f50e14524faf05560f9e1d1325ec4bc1760c86ed29186d5860d59646d4ea07385ee3b28d879f2374b9b4 +DIST zfs-2.2.7.tar.gz 33852602 BLAKE2B 31a066d5d543e3328d1afd065a8da4f9b4c52433d585cdbb41936900fd1453431585c6bc4b6e6d9a497a03e79969bae883e17cf4677099686feb3e32577d2777 SHA512 6493faa8e31d9c042c4e8f748d32cb9243212fdf4e0341c19568b47bcf302e60beb89940b80374610b71e1dca1ca5813f3efaddbf1a2453ceabb38381165b271 +DIST zfs-2.2.7.tar.gz.asc 836 BLAKE2B e8fc5e04f5b37a22c741bda46b4573e0cebe85da051c73cf3c5fc267de3c313399b235fc346ca06f4c22d37d2500044a26adb3ea241a65fbcf8760d0ef880039 SHA512 8d22a64c920c2a983429688a340f4ae281decdd30e465591e6b40af9f3016b8f168f4e8ea460600c832a2f46b383ff307986649a645585fb25c34fdfda75ad6e DIST zfs-2.3.0-rc1.tar.gz 33887119 BLAKE2B dd4e159bef6de216cc51c1dd22620e6edb5b7503d95402022d0b9439471fe432181b1e5df2142e63cdac812a74b62657a96573b3bf48ad78bd6fd885a5f8913e SHA512 fe7de046dd48dbb67545726482a501788a1d5601e6e9a17deeb29047946689d9c8deb95f72b2b47c26a205a3c94fa1f0123437479a06b1376b9dac3dd6faf463 DIST zfs-2.3.0-rc1.tar.gz.asc 195 BLAKE2B f70e6223e94a3f79d6d685b2b06254fba845d79768c82b7a3fedb865b6e6c97499c497def0f4c3e4a2869fed88b0965650ae88d5eb72c0ffaed43c4479d3bf96 SHA512 26b395feaf03e2be20b75ef64e573aa98a0706c46a1eb57503925731bf0cb9bf7fef8a2cdcf163233bccd7da9f5aedc0cae73f0183f39e0f13dcf315b4a5d809 +DIST zfs-2.3.0-rc3.tar.gz 33897910 BLAKE2B 518e2c56130a71d4c35f27328184e882815e2ca5b0524e660e174176bee4fdc554e4d1c8264d71f84b6c9641c08088f96a5c35adb5ef6f21b814ccadf093a256 SHA512 1ac53d3a006580f4a32fa33dddd6600d8abac401ed9fc86a2950a8241e0a9dc4a8954a32c44b28b10f22ba7c5cbd8871d9f21c13ccc291c366e9745e83431723 +DIST zfs-2.3.0-rc3.tar.gz.asc 195 BLAKE2B 34685869cb8d4f911b3ce0a5098411ce4cb346310564b7ad5fbe9cfc50a3bbe7665c8daa36384b2d5f3ee1dad4b98d6d5bad5a6b8e2f45da35354428853f748d SHA512 1f32119b24c703dd5dbdcce63ddc97cd24f2052522cf1f2f9a4228691d0db7c136262d98b38f2d795a4edfce1d25b423c5bc4f65dbc008bd12f64acc24f3406e diff --git a/sdk_container/src/third_party/portage-stable/sys-fs/zfs-kmod/zfs-kmod-2.2.7.ebuild b/sdk_container/src/third_party/portage-stable/sys-fs/zfs-kmod/zfs-kmod-2.2.7.ebuild new file mode 100644 index 00000000000..81feefdd394 --- /dev/null +++ b/sdk_container/src/third_party/portage-stable/sys-fs/zfs-kmod/zfs-kmod-2.2.7.ebuild @@ -0,0 +1,207 @@ +# Copyright 1999-2024 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=8 + +MODULES_INITRAMFS_IUSE=+initramfs +inherit autotools flag-o-matic linux-mod-r1 multiprocessing + +DESCRIPTION="Linux ZFS kernel module for sys-fs/zfs" +HOMEPAGE="https://github.com/openzfs/zfs" + +MODULES_KERNEL_MAX=6.12 +MODULES_KERNEL_MIN=4.18 + +if [[ ${PV} == 9999 ]] ; then + EGIT_REPO_URI="https://github.com/openzfs/zfs.git" + inherit git-r3 + unset MODULES_KERNEL_MAX +else + VERIFY_SIG_OPENPGP_KEY_PATH=/usr/share/openpgp-keys/openzfs.asc + inherit verify-sig + + MY_PV=${PV/_rc/-rc} + SRC_URI="https://github.com/openzfs/zfs/releases/download/zfs-${MY_PV}/zfs-${MY_PV}.tar.gz" + SRC_URI+=" verify-sig? ( https://github.com/openzfs/zfs/releases/download/zfs-${MY_PV}/zfs-${MY_PV}.tar.gz.asc )" + S="${WORKDIR}/zfs-${MY_PV}" + + ZFS_KERNEL_COMPAT="${MODULES_KERNEL_MAX}" + # Increments minor eg 5.14 -> 5.15, and still supports override. + ZFS_KERNEL_DEP="${ZFS_KERNEL_COMPAT_OVERRIDE:-${ZFS_KERNEL_COMPAT}}" + ZFS_KERNEL_DEP="${ZFS_KERNEL_DEP%%.*}.$(( ${ZFS_KERNEL_DEP##*.} + 1))" + + if [[ ${PV} != *_rc* ]] ; then + KEYWORDS="amd64 arm64 ~loong ~ppc64 ~riscv ~sparc" + fi +fi + +LICENSE="CDDL MIT debug? ( GPL-2+ )" +SLOT="0/${PVR}" +IUSE="custom-cflags debug +rootfs" +RESTRICT="test" + +BDEPEND=" + app-alternatives/awk + dev-lang/perl +" + +if [[ ${PV} != 9999 ]] ; then + BDEPEND+=" verify-sig? ( sec-keys/openpgp-keys-openzfs )" + + IUSE+=" +dist-kernel-cap" + RDEPEND=" + dist-kernel-cap? ( dist-kernel? ( + " + eerror " Block devices --->" + eerror " [X] Loopback device support" + fi + fi + fi + fi +} + +libsoversion_check() { + local bugurl libzfs_sover + bugurl="https://bugs.gentoo.org/enter_bug.cgi?form_name=enter_bug&product=Gentoo+Linux&component=Current+packages" + + libzfs_sover="$(grep 'libzfs_la_LDFLAGS += -version-info' lib/libzfs/Makefile.am \ + | grep -Eo '[0-9]+:[0-9]+:[0-9]+')" + libzfs_sover="${libzfs_sover%%:*}" + + if [[ ${libzfs_sover} -ne $(ver_cut 2 ${SLOT}) ]]; then + echo + eerror "BUG BUG BUG BUG BUG BUG BUG BUG" + eerror "ebuild subslot does not match libzfs soversion!" + eerror "libzfs soversion: ${libzfs_sover}" + eerror "ebuild value: $(ver_cut 2 ${SLOT})" + eerror "This is a bug in the ebuild, please use the following URL to report it" + eerror "${bugurl}&short_desc=${CATEGORY}%2F${P}+update+subslot" + echo + # we want to abort for releases, but just print a warning for live ebuild + # to keep package installable + [[ ${PV} == "9999" ]] || die + fi +} + +src_prepare() { + default + libsoversion_check + + # Run unconditionally (bug #792627) + eautoreconf + + if [[ ${PV} != "9999" ]]; then + # Set revision number + sed -i "s/\(Release:\)\(.*\)1/\1\2${PR}-gentoo/" META || die "Could not set Gentoo release" + fi + + if use python; then + pushd contrib/pyzfs >/dev/null || die + distutils-r1_src_prepare + popd >/dev/null || die + fi + + # Tries to use /etc/conf.d which we reserve for OpenRC + sed -i -e '/EnvironmentFile/d' etc/systemd/system/zfs*.in || die + + # prevent errors showing up on zfs-mount stop, #647688 + # openrc will unmount all filesystems anyway. + sed -i "/^ZFS_UNMOUNT=/ s/yes/no/" "etc/default/zfs.in" || die +} + +src_configure() { + use custom-cflags || strip-flags + use minimal || python_setup + + local myconf=( + --bindir="${EPREFIX}/bin" + --enable-shared + --enable-sysvinit + --localstatedir="${EPREFIX}/var" + --sbindir="${EPREFIX}/sbin" + --with-config=user + --with-dracutdir="${EPREFIX}/usr/lib/dracut" + --with-linux="${KV_DIR}" + --with-linux-obj="${KV_OUT_DIR}" + --with-udevdir="$(get_udevdir)" + --with-pamconfigsdir="${EPREFIX}/unwanted_files" + --with-pammoduledir="$(getpam_mod_dir)" + --with-systemdunitdir="$(systemd_get_systemunitdir)" + --with-systemdpresetdir="$(systemd_get_systempresetdir)" + --with-vendor=gentoo + # Building zfs-mount-generator.c on musl breaks as strndupa + # isn't available. But systemd doesn't support musl anyway, so + # just disable building it. + # UPDATE: it has been fixed since, + # https://github.com/openzfs/zfs/commit/1f19826c9ac85835cbde61a7439d9d1fefe43a4a + # but we still leave it as this for now. + $(use_enable !elibc_musl systemd) + $(use_enable debug) + $(use_enable nls) + $(use_enable pam) + $(use_enable python pyzfs) + $(use_with unwind libunwind) + --disable-static + $(usex minimal --without-python --with-python="${EPYTHON}") + ) + + econf "${myconf[@]}" +} + +src_compile() { + default + if use python; then + pushd contrib/pyzfs >/dev/null || die + distutils-r1_src_compile + popd >/dev/null || die + fi +} + +src_install() { + default + + gen_usr_ldscript -a nvpair uutil zfsbootenv zfs zfs_core zpool + + use pam && { rm -rv "${ED}/unwanted_files" || die ; } + + use test-suite || { rm -r "${ED}"/usr/share/zfs/{test-runner,zfs-tests,runfiles,*sh} || die ; } + + find "${ED}" -name '*.la' -delete || die + + dobashcomp contrib/bash_completion.d/zfs + bashcomp_alias zfs zpool + + # strip executable bit from conf.d file + fperms 0644 /etc/conf.d/zfs + + if use python; then + pushd contrib/pyzfs >/dev/null || die + distutils-r1_src_install + popd >/dev/null || die + fi + + # enforce best available python implementation + use minimal || python_fix_shebang "${ED}/bin" +} + +pkg_postinst() { + udev_reload + + # we always need userspace utils in sync with zfs-kmod + # so force initrd update for userspace as well, to avoid + # situation when zfs-kmod trigger initrd rebuild before + # userspace component is rebuilt + # KV_* variables are provided by linux-info.eclass + if [[ -z ${ROOT} ]] && use dist-kernel; then + dist-kernel_reinstall_initramfs "${KV_DIR}" "${KV_FULL}" + fi + + if use rootfs; then + if ! has_version sys-kernel/genkernel && ! has_version sys-kernel/dracut; then + elog "Root on zfs requires an initramfs to boot" + elog "The following packages provide one and are tested on a regular basis:" + elog " sys-kernel/dracut ( preferred, module maintained by zfs developers )" + elog " sys-kernel/genkernel" + fi + fi + + if systemd_is_booted || has_version sys-apps/systemd; then + einfo "Please refer to ${EROOT}/$(systemd_get_systempresetdir)/50-zfs.preset" + einfo "for default zfs systemd service configuration" + else + [[ -e "${EROOT}/etc/runlevels/boot/zfs-import" ]] || \ + einfo "You should add zfs-import to the boot runlevel." + [[ -e "${EROOT}/etc/runlevels/boot/zfs-load-key" ]] || \ + einfo "You should add zfs-load-key to the boot runlevel." + [[ -e "${EROOT}/etc/runlevels/boot/zfs-mount" ]]|| \ + einfo "You should add zfs-mount to the boot runlevel." + [[ -e "${EROOT}/etc/runlevels/default/zfs-share" ]] || \ + einfo "You should add zfs-share to the default runlevel." + [[ -e "${EROOT}/etc/runlevels/default/zfs-zed" ]] || \ + einfo "You should add zfs-zed to the default runlevel." + fi +} + +pkg_postrm() { + udev_reload +} From 87bc1d51866ba629a48d620d63e007e056a46c15 Mon Sep 17 00:00:00 2001 From: Sam Date: Sun, 26 Jan 2025 16:38:12 +0100 Subject: [PATCH 26/26] kernel: set CONFIG_ARCH_ROCKCHIP --- .../sys-kernel/coreos-modules/files/arm64_defconfig-6.12 | 1 + 1 file changed, 1 insertion(+) diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.12 b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.12 index e83ace56d3d..a6c8269d509 100644 --- a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.12 +++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-modules/files/arm64_defconfig-6.12 @@ -5,6 +5,7 @@ CONFIG_ARCH_BCM2835=y CONFIG_ARCH_BCM_IPROC=y # CONFIG_ARCH_MEDIATEK is not set # CONFIG_ARCH_QCOM is not set +CONFIG_ARCH_ROCKCHIP=y CONFIG_ARCH_SEATTLE=y CONFIG_ARCH_SPRD=y CONFIG_ARCH_TEGRA=y