diff options
Diffstat (limited to 'SPECS/kernel.spec')
-rw-r--r-- | SPECS/kernel.spec | 104 |
1 files changed, 67 insertions, 37 deletions
diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 9edde19..74fd8e4 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -56,7 +56,7 @@ Summary: The Linux kernel %global zipsed -e 's/\.ko$/\.ko.xz/' %endif -# define buildid .local +%define buildid .fsync %if 0%{?fedora} %define primary_target fedora @@ -80,7 +80,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 202 +%global baserelease 201 %global fedora_build %{baserelease} # base_sublevel is the kernel version we're starting with and patching @@ -92,7 +92,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 8 +%define stable_update 9 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -203,8 +203,8 @@ Summary: The Linux kernel %define debugbuildsenabled 1 %if 0%{?fedora} -# Kernel headers are being normally split out into a separate package but I am lazy -%define with_headers 0 +# Kernel headers are being split out into a separate package +%define with_headers 1 %define with_cross_headers 0 # no selftests for now %define with_selftests 0 @@ -227,7 +227,7 @@ Summary: The Linux kernel # pkg_release is what we'll fill in for the rpm Release: field %if 0%{?released_kernel} -%define pkg_release fsync.%{fedora_build}%{?buildid}%{?dist} +%define pkg_release %{fedora_build}%{?buildid}%{?dist} %else @@ -242,7 +242,7 @@ Summary: The Linux kernel %else %define gittag .git0 %endif -%define pkg_release fsync.%{?rctag}%{?gittag}.%{fedora_build}%{?buildid}%{?dist} +%define pkg_release 0%{?rctag}%{?gittag}.%{fedora_build}%{?buildid}%{?dist} %endif @@ -637,41 +637,51 @@ Source10: x509.genkey.rhel Source11: x509.genkey.fedora %if %{?released_kernel} -Source12: securebootca.cer -Source13: secureboot.cer -Source14: secureboot_s390.cer -Source15: secureboot_ppc.cer +Source12: redhatsecurebootca5.cer +Source13: redhatsecurebootca1.cer +Source14: redhatsecureboot501.cer +Source15: redhatsecureboot301.cer +Source16: secureboot_s390.cer +Source17: secureboot_ppc.cer -%define secureboot_ca %{SOURCE12} +%define secureboot_ca_1 %{SOURCE12} +%define secureboot_ca_0 %{SOURCE13} %ifarch x86_64 aarch64 -%define secureboot_key %{SOURCE13} -%define pesign_name redhatsecureboot301 +%define secureboot_key_1 %{SOURCE14} +%define pesign_name_1 redhatsecureboot501 +%define secureboot_key_0 %{SOURCE15} +%define pesign_name_0 redhatsecureboot301 %endif %ifarch s390x -%define secureboot_key %{SOURCE14} -%define pesign_name redhatsecureboot302 +%define secureboot_key_0 %{SOURCE16} +%define pesign_name_0 redhatsecureboot302 %endif %ifarch ppc64le -%define secureboot_key %{SOURCE15} -%define pesign_name redhatsecureboot303 +%define secureboot_key_0 %{SOURCE17} +%define pesign_name_0 redhatsecureboot303 %endif # released_kernel %else -Source12: redhatsecurebootca2.cer -Source13: redhatsecureboot003.cer +Source12: redhatsecurebootca4.cer +Source13: redhatsecurebootca2.cer +Source14: redhatsecureboot401.cer +Source15: redhatsecureboot003.cer -%define secureboot_ca %{SOURCE12} -%define secureboot_key %{SOURCE13} -%define pesign_name redhatsecureboot003 +%define secureboot_ca_1 %{SOURCE12} +%define secureboot_ca_0 %{SOURCE13} +%define secureboot_key_1 %{SOURCE14} +%define pesign_name_1 redhatsecureboot401 +%define secureboot_key_0 %{SOURCE15} +%define pesign_name_0 redhatsecureboot003 # released_kernel %endif Source22: mod-extra.list.rhel -Source16: mod-extra.list.fedora -Source17: mod-extra.sh +Source23: mod-extra.list.fedora +Source24: mod-extra.sh Source18: mod-sign.sh Source19: mod-extra-blacklist.sh Source79: parallel_xz.sh @@ -853,6 +863,9 @@ Patch105: 0001-virt-vbox-Log-unknown-ioctl-requests-as-error.patch # Thinkpad dual fan control Patch107: 0001-platform-x86-thinkpad_acpi-Add-support-for-dual-fan-.patch +# https://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux.git/commit/?h=next&id=c8e222616c7e98305bdc861db3ccac520bc29921 +Patch108: selinux_allow_reading_labels_before_policy_is_loaded.patch + # Latest upstream screen driver - https://patchwork.kernel.org/patch/11627069/ Patch110: 0001-dt-bindings-vendor-prefixes-Add-Xingbangda.patch Patch111: 0002-dt-bindings-panel-Convert-rocktech-jh057n00900-to-ya.patch @@ -872,6 +885,9 @@ Patch123: 0001-usb-fusb302-Convert-to-use-GPIO-descriptors.patch # Tegra194 ACPI PCI quirk - http://patchwork.ozlabs.org/patch/1221384/ Patch124: 0001-PCI-Add-MCFG-quirks-for-Tegra194-host-controllers.patch +# Killer wireless headed to stable +Patch125: iwlwifi-make-some-killer-wireless-ac-1550-cards-work-again.patch + # Linux-tkg patches - https://github.com/Frogging-Family/linux-tkg/blob/master/linux57-tkg Patch202: 0003-glitched-base.patch Patch203: 0007-v5.7-fsync.patch @@ -1537,7 +1553,7 @@ git commit -a -m "Stable update" # Note: Even in the "nopatches" path some patches (build tweaks and compile # fixes) will always get applied; see patch defition above for details -git am --ignore-space-change --ignore-whitespace --whitespace=fix %{patches} +git am %{patches} # END OF PATCH APPLICATIONS @@ -1789,11 +1805,13 @@ BuildKernel() { fi %ifarch x86_64 aarch64 - %pesign -s -i $SignImage -o vmlinuz.signed -a %{secureboot_ca} -c %{secureboot_key} -n %{pesign_name} + %pesign -s -i $SignImage -o vmlinuz.tmp -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0} + %pesign -s -i vmlinuz.tmp -o vmlinuz.signed -a %{secureboot_ca_1} -c %{secureboot_key_1} -n %{pesign_name_1} + rm vmlinuz.tmp %endif %ifarch s390x ppc64le if [ -x /usr/bin/rpm-sign ]; then - rpm-sign --key "%{pesign_name}" --lkmsign $SignImage --output vmlinuz.signed + rpm-sign --key "%{pesign_name_0}" --lkmsign $SignImage --output vmlinuz.signed elif [ $DoModules -eq 1 ]; then chmod +x scripts/sign-file ./scripts/sign-file -p sha256 certs/signing_key.pem certs/signing_key.x509 $SignImage vmlinuz.signed @@ -2083,11 +2101,11 @@ BuildKernel() { popd # Call the modules-extra script to move things around - %{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer $RPM_SOURCE_DIR/mod-extra.list + %{SOURCE24} $RPM_BUILD_ROOT/lib/modules/$KernelVer $RPM_SOURCE_DIR/mod-extra.list # Blacklist net autoloadable modules in modules-extra %{SOURCE19} $RPM_BUILD_ROOT lib/modules/$KernelVer # Call the modules-extra script for internal modules - %{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE54} internal + %{SOURCE24} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE54} internal # # Generate the kernel-core and kernel-modules files lists @@ -2184,11 +2202,17 @@ BuildKernel() { # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer - install -m 0644 %{secureboot_ca} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer + %ifarch x86_64 aarch64 + install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20200609.cer + install -m 0644 %{secureboot_ca_1} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca-20140212.cer + ln -s kernel-signing-ca-20200609.cer $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer + %else + install -m 0644 %{secureboot_ca_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer + %endif %ifarch s390x ppc64le if [ $DoModules -eq 1 ]; then if [ -x /usr/bin/rpm-sign ]; then - install -m 0644 %{secureboot_key} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename} + install -m 0644 %{secureboot_key_0} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename} else install -m 0644 certs/signing_key.x509.sign${Flav} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer openssl x509 -in certs/signing_key.pem.sign${Flav} -outform der -out $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename} @@ -2918,7 +2942,7 @@ fi %if 0%{!?fedora:1}\ /lib/modules/%{KVERREL}%{?3:+%{3}}/weak-updates\ %endif\ -%{_datadir}/doc/kernel-keys/%{KVERREL}%{?3:+%{3}}/kernel-signing-ca.cer\ +%{_datadir}/doc/kernel-keys/%{KVERREL}%{?3:+%{3}}/kernel-signing-ca*.cer\ %ifarch s390x ppc64le\ %if 0%{!?4:1}\ %{_datadir}/doc/kernel-keys/%{KVERREL}%{?3:+%{3}}/%{signing_key_filename} \ @@ -2971,11 +2995,17 @@ fi # # %changelog -* Tue Jul 14 2020 Jan Drögehoff <sentrycraft123@gmail.com> - 5.7.8-fsync.202 -- Linux v5.7.8 add zen patches +* Tue Jul 21 2020 Jan Drögehoff <sentrycraft123@gmail.com> - 5.7.9-fsync.201 +- Linux v5.7.9 zen fsync + +* Fri Jul 17 2020 Justin M. Forbes <jforbes@fedoraproject.org> - 5.7.9-100 +- Linux v5.7.9 + +* Wed Jul 15 2020 Justin M. Forbes <jforbes@fedoraproject.org> +- Make some killer wireless ac 1550 cards work again -* Sun Jul 12 2020 Jan Drögehoff <sentrycraft123@gmail.com> - 5.7.8-fsync.201 -- Linux v5.7.8 fsync +* Sun Jul 12 2020 Peter Robinson <pbrobinson@fedoraproject.org> +- selinux: allow reading labels before policy is loaded (rhbz 1845210) * Thu Jul 09 2020 Justin M. Forbes <jforbes@fedoraproject.org> - 5.7.8-200 - Linux v5.7.8 |