diff --git a/SOURCES/centos-fix-exported-sql-viewer.patch b/SOURCES/centos-fix-exported-sql-viewer.patch new file mode 100644 index 0000000..3b527cb --- /dev/null +++ b/SOURCES/centos-fix-exported-sql-viewer.patch @@ -0,0 +1,48 @@ +diff -aurp a/tools/perf/scripts/python/exported-sql-viewer.py b/tools/perf/scripts/python/exported-sql-viewer.py +--- a/tools/perf/scripts/python/exported-sql-viewer.py 2019-11-11 12:17:42.000000000 +0000 ++++ b/tools/perf/scripts/python/exported-sql-viewer.py 2019-12-10 18:16:19.027985531 +0000 +@@ -1573,7 +1573,7 @@ class SQLTableDialogDataItem(): + return str(lower_id) + + def ConvertRelativeTime(self, val): +- print "val ", val ++ print("val ", val) + mult = 1 + suffix = val[-2:] + if suffix == "ms": +@@ -1595,29 +1595,29 @@ class SQLTableDialogDataItem(): + return str(val) + + def ConvertTimeRange(self, vrange): +- print "vrange ", vrange ++ print("vrange ", vrange) + if vrange[0] == "": + vrange[0] = str(self.first_time) + if vrange[1] == "": + vrange[1] = str(self.last_time) + vrange[0] = self.ConvertRelativeTime(vrange[0]) + vrange[1] = self.ConvertRelativeTime(vrange[1]) +- print "vrange2 ", vrange ++ print("vrange2 ", vrange) + if not self.IsNumber(vrange[0]) or not self.IsNumber(vrange[1]): + return False +- print "ok1" ++ print("ok1") + beg_range = max(int(vrange[0]), self.first_time) + end_range = min(int(vrange[1]), self.last_time) + if beg_range > self.last_time or end_range < self.first_time: + return False +- print "ok2" ++ print("ok2") + vrange[0] = self.BinarySearchTime(0, self.last_id, beg_range, True) + vrange[1] = self.BinarySearchTime(1, self.last_id + 1, end_range, False) +- print "vrange3 ", vrange ++ print("vrange3 ", vrange) + return True + + def AddTimeRange(self, value, ranges): +- print "value ", value ++ print("value ", value) + n = value.count("-") + if n == 1: + pass diff --git a/SOURCES/centos.pem b/SOURCES/centos.pem new file mode 100644 index 0000000..82ad817 --- /dev/null +++ b/SOURCES/centos.pem @@ -0,0 +1,42 @@ +-----BEGIN CERTIFICATE----- +MIIDgTCCAmmgAwIBAgIJALYWFXFy+zGAMA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV +BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB +FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE5MDYwMzE0MjA0MFoXDTM4MDEwMTE0 +MjA0MFowVTEvMC0GA1UEAwwmQ2VudE9TIExpbnV4IERyaXZlciB1cGRhdGUgc2ln +bmluZyBrZXkxIjAgBgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEi +MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5ECuosQ4HKRRf+Kxfm+BcICBK +PGqB+E/qalqQ3CCM3LWezq0ns/GZTD0CtSAzmOObqJb3gJ9S5gcbaMVBc3JxLlQ+ +RwVy0oNy91uy9TKhYQ3lpHDyujxiFmXPSJLMKOYbOBNObJ7qF6+ptnmDWMu7GWDc +4UGdBdU/evt92LIxsi9ZQCEoZIqdyKBE/Y3V9gBZIZa/4oXMHfW9dWxhy9UszmR9 +hT7ZdgLFpWMFmJW+SS5QEWtp5CpRlcui4QJZl42bMp5JOrVWc+BlKPIsLdY8TqLp +9FdhQ5Ih4auT7zn2V89YgYpq6VMZnPsn/v5piB6i6RK8Falr6SP5SV0cwV/jAgMB +AAGjXTBbMAwGA1UdEwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBQpvUwN +BtLpkRBEtdyXMwkTm1HW1TAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q6 +8zANBgkqhkiG9w0BAQsFAAOCAQEAK+f4c4aP9TQDiQM4TDyw8iDapr7eBc+Yr0M5 +ELkWEQu55/OwLQrgCA5bdD86diaAXQAlUOXCtFRrbUQHQACEL77/32YdooHfVZZ7 +04CeE+JWxF/cQ3M5hhJnkyxaqFKC+B+bn7Z6eloMnYUPsXwfQEOuyxKaKergAJdq +KnC0pEG3NGgwlwvnD0dwUqbbEUUqL3UQh96hCYDidhCUmuap1E2OGoxGex3ekszf +ErCgwVYb46cv91ba2KqXVWl1FoO3c5MyZcxL46ihQgiY0BI975+HDFjpUZ69n+Um +OhSscRUiKeEQKMVtHzyQUp5t+HCeaZBRPy3rFoIjTEqijKZ6tQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIDejCCAmKgAwIBAgIJALYWFXFy+zF/MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV +BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB +FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE5MDYwMzE0MjAwMloXDTM4MDEwMTE0 +MjAwMlowTjEoMCYGA1UEAwwfQ2VudE9TIExpbnV4IGtwYXRjaCBzaWduaW5nIGtl +eTEiMCAGCSqGSIb3DQEJARYTc2VjdXJpdHlAY2VudG9zLm9yZzCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAMG+5OclqB0NE5azrGkSitqUFcZjpRk/rS2P +CetB6jwxOn06TrLGzqnhcE9VBKyEs7CXBLy6lfnORcYOybcR2XvrgqGa1txOZggl +hc8zCj9X7ZCMK2UsWglxQCOtbo0m/vdor/VO3SFbrf/W9+PXhvNtcxMP9yjydbP+ +lS1St8uQv952hu7C1TevyOQN3jpvWRD7DSJIU/2uRFcdIo2QCGokuB/xESXeuGJ2 +F2P9w0h74V18AlVTxtGp/RSJqZaQ2Gi5h4Oa7UsRmhmCoLdmdBe7xnYJrJ4GhxKQ +yG0kU1ikEhZW3YjoVPgBJzTsIhCAzFrOUq0d67a1wTVMiyL60fUCAwEAAaNdMFsw +DAYDVR0TAQH/BAIwADALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFLSfCGIFkJ3E2iz6 +mTdvsZHS8J54MB8GA1UdIwQYMBaAFFTsgYWJPuka2wj3RIhUfo4/dDrzMA0GCSqG +SIb3DQEBCwUAA4IBAQBcDnjWh8Mx6yaS/OvBOYZprYy5Su0tn+YHiN0czpjVw+zl +NUt2YmRSA/g6xks04CYx+UAL/xnvRcxXd17Ni7eWiROxvgQvBo5nScVkFPq2IIP5 +8aj7LoHR1MUeXfiNqf1JoSlgpRV47wv/+jZD0hmbt1rC2NJp0ZU8OHmt2GWk0jmM +MK72D/pyCUfHetBzPpU9M0cNiukjMUdIL+U7+CXDgKsfdFHcQ76ebWyka7vRSXTs +lBMa2g20Atwz2Hj7tEEAZ74ioQ9029RAlUSNipACe31YdT4/BBWIqHPpeDFkp8W0 +9v4jeTX/2kMBXkjzMfKjhpooa+bFFFLogLeX3P4W +-----END CERTIFICATE----- diff --git a/SOURCES/centossecureboot001.crt b/SOURCES/centossecureboot001.crt new file mode 100644 index 0000000..321c4ec --- /dev/null +++ b/SOURCES/centossecureboot001.crt @@ -0,0 +1,81 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + b6:16:15:71:72:fb:31:7e + Signature Algorithm: sha256WithRSAEncryption + Issuer: CN=CentOS Secure Boot (CA key 1)/emailAddress=security@centos.org + Validity + Not Before: Aug 1 11:47:30 2018 GMT + Not After : Dec 31 11:47:30 2037 GMT + Subject: CN=CentOS Secure Boot (key 1)/emailAddress=security@centos.org + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + RSA Public Key: (2048 bit) + Modulus (2048 bit): + 00:c1:a3:6a:f4:2d:71:83:6c:21:ca:0c:b7:ac:fa: + 76:80:43:03:40:87:5d:de:e9:1e:df:ad:e7:2b:51: + cb:f8:31:0f:9a:db:ab:23:25:04:11:05:57:7d:f2: + 4b:8d:1e:b3:75:78:1d:b9:57:8b:18:0b:bb:7e:e3: + 24:0f:6a:40:5f:2b:4f:03:a5:85:94:d2:f9:08:a0: + bc:db:a5:ea:4f:7f:e8:7c:d1:a9:f8:f0:9c:25:18: + 00:14:c4:c4:35:7d:1d:4c:8a:8d:95:f8:ed:65:97: + a5:a4:da:7d:cb:f0:33:3b:b7:03:94:68:47:05:57: + 6c:96:91:ac:14:f2:e3:f6:6d:4a:18:cf:68:8a:35: + 6f:8e:26:99:7f:db:c9:83:54:c2:c3:bf:ad:45:a0: + aa:a0:86:5f:20:b1:86:1b:ae:b7:28:15:11:f9:65: + 53:5d:70:33:9b:a3:c7:b5:c8:11:ff:55:3b:e7:46: + f1:6c:6b:8c:bb:f2:9f:36:23:b1:2d:23:2f:8f:4f: + 6c:a8:cc:ae:f5:56:9e:22:6c:0e:9a:4a:b1:bd:b2: + 76:15:5c:05:85:b8:5e:dc:8c:a5:c3:e0:75:51:a4: + 94:9b:03:2e:7b:f8:d3:b9:dd:7f:88:ce:2e:2f:28: + 4c:b4:92:2f:e6:e0:67:0a:d0:ff:c5:d2:79:a6:ef: + 94:0f + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Key Usage: + Digital Signature + X509v3 Subject Key Identifier: + F0:37:C6:EA:EC:36:D4:05:7A:52:6C:0E:C6:D5:A9:5B:32:4E:E1:29 + X509v3 Authority Key Identifier: + keyid:54:EC:81:85:89:3E:E9:1A:DB:08:F7:44:88:54:7E:8E:3F:74:3A:F3 + + Signature Algorithm: sha256WithRSAEncryption + 97:97:ba:a6:0b:5b:bb:84:39:2e:ef:8b:51:9a:89:bb:65:3c: + dc:15:d0:5a:88:c5:af:ce:93:f5:c1:74:98:15:59:a9:38:da: + 11:fd:46:d5:4f:23:7c:03:1f:ae:0c:70:93:94:a7:61:2f:4b: + 2f:5f:bb:cc:8a:d7:4a:24:66:73:85:b4:19:13:fc:6a:61:4a: + 28:1f:a2:38:f4:72:90:03:c4:3e:64:63:8b:fb:15:22:22:4e: + b9:43:d9:b4:3d:3a:60:c1:4d:3a:09:85:68:7a:bc:3b:f9:ef: + f3:f5:e9:c9:4f:80:8c:c6:e9:cb:ef:28:44:b0:5d:d4:9e:4f: + 0f:02:9a:65:aa:98:35:b4:6f:d2:80:e3:08:ef:12:d0:17:56: + a6:a1:42:1e:1d:ab:e5:33:c0:fd:88:0d:40:42:81:c8:27:30: + 17:07:57:3e:05:9d:aa:05:0e:5b:3a:79:b4:29:aa:7c:42:5a: + ad:43:59:fb:34:4d:dc:62:58:63:e4:fb:de:bb:fd:6c:4e:97: + 58:f4:b9:99:4a:71:fe:7f:16:50:55:25:46:39:96:9b:88:6c: + 75:19:33:9e:70:b3:04:82:fe:16:a8:8e:22:47:83:6d:16:77: + da:26:ad:31:d8:06:6d:c5:7e:46:4b:21:ab:ae:ec:2a:93:71: + da:7f:89:1d +-----BEGIN CERTIFICATE----- +MIIDdTCCAl2gAwIBAgIJALYWFXFy+zF+MA0GCSqGSIb3DQEBCwUAMEwxJjAkBgNV +BAMMHUNlbnRPUyBTZWN1cmUgQm9vdCAoQ0Ega2V5IDEpMSIwIAYJKoZIhvcNAQkB +FhNzZWN1cml0eUBjZW50b3Mub3JnMB4XDTE4MDgwMTExNDczMFoXDTM3MTIzMTEx +NDczMFowSTEjMCEGA1UEAxMaQ2VudE9TIFNlY3VyZSBCb290IChrZXkgMSkxIjAg +BgkqhkiG9w0BCQEWE3NlY3VyaXR5QGNlbnRvcy5vcmcwggEiMA0GCSqGSIb3DQEB +AQUAA4IBDwAwggEKAoIBAQDBo2r0LXGDbCHKDLes+naAQwNAh13e6R7frecrUcv4 +MQ+a26sjJQQRBVd98kuNHrN1eB25V4sYC7t+4yQPakBfK08DpYWU0vkIoLzbpepP +f+h80an48JwlGAAUxMQ1fR1Mio2V+O1ll6Wk2n3L8DM7twOUaEcFV2yWkawU8uP2 +bUoYz2iKNW+OJpl/28mDVMLDv61FoKqghl8gsYYbrrcoFRH5ZVNdcDObo8e1yBH/ +VTvnRvFsa4y78p82I7EtIy+PT2yozK71Vp4ibA6aSrG9snYVXAWFuF7cjKXD4HVR +pJSbAy57+NO53X+Izi4vKEy0ki/m4GcK0P/F0nmm75QPAgMBAAGjXTBbMAwGA1Ud +EwEB/wQCMAAwCwYDVR0PBAQDAgeAMB0GA1UdDgQWBBTwN8bq7DbUBXpSbA7G1alb +Mk7hKTAfBgNVHSMEGDAWgBRU7IGFiT7pGtsI90SIVH6OP3Q68zANBgkqhkiG9w0B +AQsFAAOCAQEAl5e6pgtbu4Q5Lu+LUZqJu2U83BXQWojFr86T9cF0mBVZqTjaEf1G +1U8jfAMfrgxwk5SnYS9LL1+7zIrXSiRmc4W0GRP8amFKKB+iOPRykAPEPmRji/sV +IiJOuUPZtD06YMFNOgmFaHq8O/nv8/XpyU+AjMbpy+8oRLBd1J5PDwKaZaqYNbRv +0oDjCO8S0BdWpqFCHh2r5TPA/YgNQEKByCcwFwdXPgWdqgUOWzp5tCmqfEJarUNZ ++zRN3GJYY+T73rv9bE6XWPS5mUpx/n8WUFUlRjmWm4hsdRkznnCzBIL+FqiOIkeD +bRZ32iatMdgGbcV+Rkshq67sKpNx2n+JHQ== +-----END CERTIFICATE----- diff --git a/SOURCES/debrand-rh_taint.patch b/SOURCES/debrand-rh_taint.patch new file mode 100644 index 0000000..c2ae3c4 --- /dev/null +++ b/SOURCES/debrand-rh_taint.patch @@ -0,0 +1,81 @@ +--- a/kernel/rh_taint.c 2019-05-25 14:06:27.474558423 -0700 ++++ b/kernel/rh_taint.c 2019-05-25 14:25:53.471345832 -0700 +@@ -2,12 +2,12 @@ + #include + + /* +- * The following functions are used by Red Hat to indicate to users that +- * hardware and drivers are unsupported, or have limited support in RHEL major ++ * The following functions are used by CentOS to indicate to users that ++ * hardware and drivers are unsupported, or have limited support in CentOS Linux major + * and minor releases. These functions output loud warning messages to the end + * user and should be USED WITH CAUTION. + * +- * Any use of these functions _MUST_ be documented in the RHEL Release Notes, ++ * Any use of these functions _MUST_ be documented in the CentOS Linux Release Notes, + * and have approval of management. + */ + +@@ -16,15 +16,15 @@ + * @msg: Hardware name, class, or type + * + * Called to mark a device, class of devices, or types of devices as not having +- * support in any RHEL minor release. This does not TAINT the kernel. Red Hat +- * will not fix bugs against this hardware in this minor release. Red Hat may ++ * support in any CentOS Linux minor release. This does not TAINT the kernel. CentOS ++ * will not fix bugs against this hardware in this minor release. CentOS may + * declare support in a future major or minor update release. This cannot be + * used to mark drivers unsupported. + */ + void mark_hardware_unsupported(const char *msg) + { + /* Print one single message */ +- pr_crit("Warning: %s - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware.\n", msg); ++ pr_crit("Warning: %s - this hardware has not undergone upstream testing. Please consult http://wiki.centos.org/FAQ for more information\n", msg); + } + EXPORT_SYMBOL(mark_hardware_unsupported); + +@@ -35,12 +35,12 @@ EXPORT_SYMBOL(mark_hardware_unsupported) + * Called to minimize the support status of a previously supported device in + * a minor release. This does not TAINT the kernel. Marking hardware + * deprecated is usually done in conjunction with the hardware vendor. Future +- * RHEL major releases may not include this driver. Driver updates and fixes ++ * CentOS Linux major releases may not include this driver. Driver updates and fixes + * for this device will be limited to critical issues in future minor releases. + */ + void mark_hardware_deprecated(const char *msg) + { +- pr_crit("Warning: %s - this hardware is not recommended for new deployments. It continues to be supported in this RHEL release, but it is likely to be removed in the next major release. Driver updates and fixes for this device will be limited to critical issues. Please contact Red Hat Support or your device's hardware vendor for additional information.\n", msg); ++ pr_crit("Warning: %s - this hardware is not recommended for new deployments. It continues to be supported in this CentOS Linux release, but it is likely to be removed in the next major release. Driver updates and fixes for this device will be limited to critical issues. Please contact CentOS Support or your device's hardware vendor for additional information.\n", msg); + } + EXPORT_SYMBOL(mark_hardware_deprecated); + +@@ -50,9 +50,9 @@ EXPORT_SYMBOL(mark_hardware_deprecated); + * + * Called to minimize the support status of a new driver. This does TAINT the + * kernel. Calling this function indicates that the driver or subsystem has +- * had limited testing and is not marked for full support within this RHEL +- * minor release. The next RHEL minor release may contain full support for +- * this driver. Red Hat does not guarantee that bugs reported against this ++ * had limited testing and is not marked for full support within this CentOS Linux ++ * minor release. The next CentOS Linux minor release may contain full support for ++ * this driver. CentOS does not guarantee that bugs reported against this + * driver or subsystem will be resolved. + */ + void mark_tech_preview(const char *msg, struct module *mod) +@@ -81,13 +81,13 @@ EXPORT_SYMBOL(mark_tech_preview); + * mark_driver_unsupported - drivers that we know we don't want to support + * @name: the name of the driver + * +- * In some cases Red Hat has chosen to build a driver for internal QE ++ * In some cases CentOS has chosen to build a driver for internal QE + * use. Use this function to mark those drivers as unsupported for + * customers. + */ + void mark_driver_unsupported(const char *name) + { +- pr_crit("Warning: %s - This driver has not undergone sufficient testing by Red Hat for this release and therefore cannot be used in production systems.\n", ++ pr_crit("Warning: %s - This driver has not undergone sufficient testing by CentOS for this release and therefore cannot be used in production systems.\n", + name ? name : "kernel"); + } + EXPORT_SYMBOL(mark_driver_unsupported); diff --git a/SOURCES/debrand-single-cpu.patch b/SOURCES/debrand-single-cpu.patch new file mode 100644 index 0000000..b3eed51 --- /dev/null +++ b/SOURCES/debrand-single-cpu.patch @@ -0,0 +1,11 @@ +--- a/arch/x86/kernel/setup.c 2019-03-13 04:04:53.000000000 -0700 ++++ b/arch/x86/kernel/setup.c 2019-05-27 08:35:54.580595314 -0700 +@@ -900,7 +900,7 @@ static void rh_check_supported(void) + if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) && + !guest && is_kdump_kernel()) { + pr_crit("Detected single cpu native boot.\n"); +- pr_crit("Important: In Red Hat Enterprise Linux 8, single threaded, single CPU 64-bit physical systems are unsupported by Red Hat. Please contact your Red Hat support representative for a list of certified and supported systems."); ++ pr_crit("Important: In CentOS Linux 8, single threaded, single CPU 64-bit physical systems are unsupported. Please see http://wiki.centos.org/FAQ for more information"); + } + + /* diff --git a/SOURCES/x509.genkey b/SOURCES/x509.genkey index b1bbe38..d98f8fe 100644 --- a/SOURCES/x509.genkey +++ b/SOURCES/x509.genkey @@ -5,9 +5,9 @@ prompt = no x509_extensions = myexts [ req_distinguished_name ] -O = Red Hat -CN = Red Hat Enterprise Linux kernel signing key -emailAddress = secalert@redhat.com +O = CentOS +CN = CentOS Linux kernel signing key +emailAddress = security@centos.org [ myexts ] basicConstraints=critical,CA:FALSE diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index ccda39b..3a80a82 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec @@ -19,7 +19,7 @@ %global distro_build 147 # Sign the x86_64 kernel for secure boot authentication -%ifarch x86_64 aarch64 s390x ppc64le +%ifarch x86_64 aarch64 %global signkernel 1 %else %global signkernel 0 @@ -168,6 +168,10 @@ %define with_bpftool 0 %endif +%if %{?rhel}<=7 +%define with_kabichk 0 +%endif + # turn off kABI DUP check and DWARF-based check if kABI check is disabled %if !%{with_kabichk} %define with_kabidupchk 0 @@ -199,6 +203,10 @@ %define all_arch_configs kernel-%{version}-*.config %endif +%if 0%{?rhel} == 7 +%define with_bootwrapper 0 +%endif + # sparse blows up on ppc %ifnarch ppc64le %define with_sparse 0 @@ -228,6 +236,9 @@ %define make_target vmlinux %define kernel_image vmlinux %define kernel_image_elf 1 +%if 0%{?rhel} == 7 +%define with_bootwrapper 1 +%endif %define all_arch_configs kernel-%{version}-ppc64le*.config %define kcflags -O3 %endif @@ -275,7 +286,11 @@ # Packages that need to be installed before the kernel is, because the %%post # scripts use them. # +%if 0%{?rhel} == 7 +%define kernel_prereq fileutils, module-init-tools >= 3.16-2, initscripts >= 8.11.1-1, grubby >= 8.28-2 +%else %define kernel_prereq coreutils, systemd >= 203-2, /usr/bin/kernel-install +%endif %define initrd_prereq dracut >= 027 @@ -300,8 +315,19 @@ Requires: kernel-modules-uname-r = %{KVERREL}%{?variant} # List the packages used during the kernel build # BuildRequires: kmod, patch, bash, sh-utils, tar, git +%if 0%{?rhel} == 7 +BuildRequires: bzip2, xz, findutils, gzip, m4, perl-interpreter, perl-Carp, perl-devel, perl, make, diffutils, gawk, python-devel, python2-rpm-macros +%else BuildRequires: bzip2, xz, findutils, gzip, m4, perl-interpreter, perl-Carp, perl-devel, perl-generators, make, diffutils, gawk +%endif BuildRequires: gcc, binutils, redhat-rpm-config, hmaccalc, python3-devel +%if 0%{?rhel} == 7 +BuildRequires: devtoolset-8-build +BuildRequires: devtoolset-8-binutils +BuildRequires: devtoolset-8-gcc +BuildRequires: devtoolset-8-make +BuildRequires: python3-rpm-macros +%endif BuildRequires: net-tools, hostname, bc, bison, flex, elfutils-devel %if %{with_doc} BuildRequires: xmlto, asciidoc, python3-sphinx @@ -324,12 +350,20 @@ BuildRequires: pciutils-devel %endif %endif %if %{with_bpftool} +%if %{?rhel}>7 BuildRequires: python3-docutils +%else +BuildRequires: python-docutils +%endif BuildRequires: zlib-devel binutils-devel %endif %if %{with_selftests} +%if 0%{?rhel} == 7 +BuildRequires: libcap-devel libcap-ng-devel llvm-toolset-7.0 numactl-devel rsync +%else BuildRequires: libcap-devel libcap-ng-devel llvm-toolset numactl-devel rsync %endif +%endif BuildConflicts: rhbuildsys(DiskFree) < 500Mb %if %{with_debuginfo} BuildRequires: rpm-build, elfutils @@ -387,33 +421,23 @@ Source11: x509.genkey %if %{?released_kernel} -Source12: securebootca.cer -Source13: secureboot.cer -Source14: secureboot_s390.cer -Source15: secureboot_ppc.cer +Source12: centos-ca-secureboot.der +Source13: centossecureboot001.crt %define secureboot_ca %{SOURCE12} %ifarch x86_64 aarch64 %define secureboot_key %{SOURCE13} -%define pesign_name redhatsecureboot301 -%endif -%ifarch s390x -%define secureboot_key %{SOURCE14} -%define pesign_name redhatsecureboot302 -%endif -%ifarch ppc64le -%define secureboot_key %{SOURCE15} -%define pesign_name redhatsecureboot303 +%define pesign_name centossecureboot001 %endif %else # released_kernel -Source12: redhatsecurebootca2.cer -Source13: redhatsecureboot003.cer +Source12: centos-ca-secureboot.der +Source13: centossecureboot001.crt %define secureboot_ca %{SOURCE12} %define secureboot_key %{SOURCE13} -%define pesign_name redhatsecureboot003 +%define pesign_name centossecureboot001 %endif # released_kernel @@ -463,8 +487,16 @@ Source301: kernel-kabi-dw-%{rpmversion}-%{distro_build}.tar.bz2 Source2000: cpupower.service Source2001: cpupower.config +# Sources for CentOS debranding +Source9000: centos.pem + ## Patches needed for building this package +Patch1000: debrand-single-cpu.patch +Patch1001: debrand-rh_taint.patch +#Patch1002: debrand-rh-i686-cpu.patch +Patch1003: centos-fix-exported-sql-viewer.patch + # empty final patch to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch @@ -473,7 +505,7 @@ Patch999999: linux-kernel-test.patch BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root %description -This is the package which provides the Linux kernel for Red Hat Enterprise +This is the package which provides the Linux kernel for CentOS Linux. It is based on upstream Linux at version %{version} and maintains kABI compatibility of a set of approved symbols, however it is heavily modified with backports and fixes pulled from newer upstream Linux kernel releases. This means @@ -482,7 +514,7 @@ from newer upstream linux versions, while maintaining a well tested and stable core. Some of the components/backports that may be pulled in are: changes like updates to the core kernel (eg.: scheduler, cgroups, memory management, security fixes and features), updates to block layer, supported filesystems, major driver -updates for supported hardware in Red Hat Enterprise Linux, enhancements for +updates for supported hardware in CentOS Linux, enhancements for enterprise customers, etc. # @@ -583,24 +615,57 @@ This package provides debug information for the perf package. # of matching the pattern against the symlinks file. %{expand:%%global _find_debuginfo_opts %{?_find_debuginfo_opts} -p '.*%%{_bindir}/perf(\.debug)?|.*%%{_libexecdir}/perf-core/.*|.*%%{_libdir}/traceevent/plugins/.*|.*%%{_libdir}/libperf-jvmti.so(\.debug)?|XXX' -o perf-debuginfo.list} +%if 0%{?rhel} == 7 +%package -n python-perf +%else %package -n python3-perf +%endif Summary: Python bindings for apps which will manipulate perf events Group: Development/Libraries +%if 0%{?rhel} == 7 +%description -n python-perf +The python-perf package contains a module that permits applications +%else %description -n python3-perf The python3-perf package contains a module that permits applications +%endif written in the Python programming language to use the interface to manipulate perf events. +%if 0%{?rhel} == 7 +%package -n python-perf-debuginfo +%else %package -n python3-perf-debuginfo +%endif Summary: Debug information for package perf python bindings Group: Development/Debug Requires: %{name}-debuginfo-common-%{_target_cpu} = %{version}-%{release} AutoReqProv: no +%if 0%{?rhel} == 7 +%description -n python-perf-debuginfo +%else %description -n python3-perf-debuginfo +%endif This package provides debug information for the perf python bindings. +%if 0%{?rhel} == 7 +%if %{with_bootwrapper} +%package bootwrapper +Summary: Boot wrapper files for generating combined kernel + initrd images +Group: Development/System +Requires: gzip binutils +%description bootwrapper +kernel-bootwrapper contains the wrapper code which makes bootable "zImage" +files combining both kernel and initial ramdisk. +%endif +%endif + # the python_sitearch macro should already be defined from above +%if 0%{?rhel} == 7 +%{expand:%%global _find_debuginfo_opts %{?_find_debuginfo_opts} -p '.*%%{python_sitearch}/perf.*so(\.debug)?|XXX' -o python-perf-debuginfo.list} +%else %{expand:%%global _find_debuginfo_opts %{?_find_debuginfo_opts} -p '.*%%{python3_sitearch}/perf.*so(\.debug)?|XXX' -o python3-perf-debuginfo.list} +%endif %endif # with_perf @@ -711,11 +776,11 @@ kernel-gcov includes the gcov graph and source files for gcov coverage collectio %endif %package -n kernel-abi-whitelists -Summary: The Red Hat Enterprise Linux kernel ABI symbol whitelists +Summary: The CentOS Linux kernel ABI symbol whitelists Group: System Environment/Kernel AutoReqProv: no %description -n kernel-abi-whitelists -The kABI package contains information pertaining to the Red Hat Enterprise +The kABI package contains information pertaining to the CentOS Linux kernel ABI, including lists of kernel symbols that are needed by external Linux kernel modules, and a yum plugin to aid enforcement. @@ -725,8 +790,8 @@ Summary: The baseline dataset for kABI verification using DWARF data Group: System Environment/Kernel AutoReqProv: no %description kabidw-base -The kabidw-base package contains data describing the current ABI of the Red Hat -Enterprise Linux kernel, suitable for the kabi-dw tool. +The kabidw-base package contains data describing the current ABI of the CentOS + Linux kernel, suitable for the kabi-dw tool. %endif # @@ -798,7 +863,7 @@ Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ AutoReq: no\ AutoProv: yes\ %description %{?1:%{1}-}modules-internal\ -This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\ +This package provides kernel modules for the %{?2:%{2} }kernel package for CentOS internal usage.\ %{nil} # @@ -916,6 +981,11 @@ input and output, etc. %endif %prep +%if 0%{?rhel} == 7 +source scl_source enable devtoolset-8 || : +source scl_source enable llvm-toolset-7.0 || : +%endif + # do a few sanity-checks for --with *only builds %if %{with_baseonly} %if !%{with_up} @@ -971,11 +1041,21 @@ ApplyOptionalPatch() } %setup -q -n kernel-%{rpmversion}-%{pkgrelease} -c + +cp -v %{SOURCE9000} linux-%{rpmversion}-%{pkgrelease}/certs/rhel.pem mv linux-%{rpmversion}-%{pkgrelease} linux-%{KVERREL} cd linux-%{KVERREL} ApplyOptionalPatch linux-kernel-test.patch +ApplyOptionalPatch debrand-single-cpu.patch +ApplyOptionalPatch debrand-rh_taint.patch +#ApplyOptionalPatch debrand-rh-i686-cpu.patch + +%if 0%{?rhel} == 7 +ApplyOptionalPatch centos-fix-exported-sql-viewer.patch +sed -i 's/strip_size=.*/strip_size=$(stat -c %s $vmz.$$)/g' arch/powerpc/boot/wrapper +%endif # END OF PATCH APPLICATIONS @@ -987,6 +1067,7 @@ mv COPYING COPYING-%{version} # This Prevents scripts/setlocalversion from mucking with our version numbers. touch .scmversion +%if 0%{?rhel}>7 # Do not use "ambiguous" python shebangs. RHEL 8 now has a new script # (/usr/lib/rpm/redhat/brp-mangle-shebangs), which forces us to specify a # "non-ambiguous" python shebang for scripts we ship in buildroot. This @@ -1001,6 +1082,7 @@ pathfix.py -i %{__python3} -p -n \ tools/perf/scripts/python/stat-cpi.py \ tools/perf/scripts/python/sched-migration.py \ Documentation +%endif %define make make %{?cross_opts} HOSTCFLAGS="%{?build_hostcflags}" HOSTLDFLAGS="%{?build_hostldflags}" @@ -1055,6 +1137,10 @@ cd .. ### build ### %build +%if 0%{?rhel} == 7 +source scl_source enable devtoolset-8 || : +source scl_source enable llvm-toolset-7.0 || : +%endif %if %{with_sparse} %define sparse_mflags C=1 @@ -1545,7 +1631,7 @@ BuildKernel() { # build a BLS config for this kernel %{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}" - # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel + # CentOS UEFI Secure Boot CA cert, which can be used to authenticate the kernel mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer install -m 0644 %{secureboot_ca} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer %ifarch s390x ppc64le @@ -1597,8 +1683,13 @@ BuildKernel %make_target %kernel_image %{with_vdso_install} zfcpdump BuildKernel %make_target %kernel_image %{with_vdso_install} %endif +%if 0%{?rhel} == 7 +%global perf_make \ + make EXTRA_CFLAGS="${RPM_OPT_FLAGS}" LDFLAGS="%{__global_ldflags}" %{?cross_opts} -C tools/perf V=1 NO_PERF_READ_VDSO32=1 NO_PERF_READ_VDSOX32=1 WERROR=0 NO_LIBUNWIND=1 HAVE_CPLUS_DEMANGLE=1 NO_GTK2=1 NO_STRLCPY=1 NO_BIONIC=1 prefix=%{_prefix} PYTHON=%{__python} +%else %global perf_make \ make EXTRA_CFLAGS="${RPM_OPT_FLAGS}" LDFLAGS="%{__global_ldflags}" %{?cross_opts} -C tools/perf V=1 NO_PERF_READ_VDSO32=1 NO_PERF_READ_VDSOX32=1 WERROR=0 NO_LIBUNWIND=1 HAVE_CPLUS_DEMANGLE=1 NO_GTK2=1 NO_STRLCPY=1 NO_BIONIC=1 prefix=%{_prefix} PYTHON=%{__python3} +%endif %if %{with_perf} # perf # make sure check-headers.sh is executable @@ -1741,6 +1832,10 @@ find Documentation -type d | xargs chmod u+w ### %install +%if 0%{?rhel} == 7 +source scl_source enable devtoolset-8 || : +source scl_source enable llvm-toolset-7.0 || : +%endif cd linux-%{KVERREL} @@ -1863,6 +1958,7 @@ popd pushd tools/iio %{tools_make} DESTDIR=%{buildroot} install popd +%if 0%{?rhel} > 7 pushd tools/gpio %{tools_make} DESTDIR=%{buildroot} install popd @@ -1871,6 +1967,7 @@ make INSTALL_ROOT=%{buildroot} install-tools make INSTALL_ROOT=%{buildroot} install-man popd %endif +%endif %if %{with_bpftool} pushd tools/bpf/bpftool @@ -1930,6 +2027,11 @@ HEADERS_CHKSUM=$(export LC_ALL=C; find $RPM_BUILD_ROOT/usr/include -type f -name # find-provides can grab the hash to update it accordingly echo "#define KERNEL_HEADERS_CHECKSUM \"$HEADERS_CHKSUM\"" >> $RPM_BUILD_ROOT/usr/include/linux/version.h %endif +%if 0%{?rhel} == 7 +%if %{with_bootwrapper} +make %{?cross_opts} ARCH=%{hdrarch} DESTDIR=$RPM_BUILD_ROOT bootwrapper_install WRAPPER_OBJDIR=%{_libdir}/kernel-wrapper WRAPPER_DTSDIR=%{_libdir}/kernel-wrapper/dts +%endif +%endif ### ### clean @@ -2012,6 +2114,17 @@ fi\ # %%kernel_variant_posttrans [] # More text can follow to go at the end of this variant's %%post. # +%if 0%{?rhel} == 7 +%define kernel_variant_posttrans() \ +%{expand:%%posttrans %{?1:%{1}-}core}\ +if [ -x %{_sbindir}/weak-modules ]\ +then\ + %{_sbindir}/weak-modules --add-kernel %{KVERREL}%{?1:.%{1}} || exit $?\ +fi\ +%{_sbindir}/new-kernel-pkg --package kernel%{?-v:-%{-v*}} --mkinitrd --dracut --depmod --update %{KVERREL}%{?-v:.%{-v*}} || exit $?\ +%{_sbindir}/new-kernel-pkg --package kernel%{?1:-%{1}} --rpmposttrans %{KVERREL}%{?1:.%{1}} || exit $?\ +%{nil} +%else %define kernel_variant_posttrans() \ %{expand:%%posttrans %{?1:%{1}-}core}\ if [ -x %{_sbindir}/weak-modules ]\ @@ -2020,6 +2133,7 @@ then\ fi\ /bin/kernel-install add %{KVERREL}%{?1:+%{1}} /lib/modules/%{KVERREL}%{?1:+%{1}}/vmlinuz || exit $?\ %{nil} +%endif # # This macro defines a %%post script for a kernel package and its devel package. @@ -2038,12 +2152,31 @@ if [ `uname -i` == "x86_64" -o `uname -i` == "i386" ] &&\ [ -f /etc/sysconfig/kernel ]; then\ /bin/sed -r -i -e 's/^DEFAULTKERNEL=%{-r*}$/DEFAULTKERNEL=kernel%{?-v:-%{-v*}}/' /etc/sysconfig/kernel || exit $?\ fi}\ +%if 0%{?rhel} == 7 \ +%{expand:\ +if [ -f /etc/sysconfig/kernel ]; then\ + /bin/sed -r -i -e 's/^DEFAULTKERNEL=kernel%{?-v:-%{-v*}}-core$/DEFAULTKERNEL=kernel%{?-v:-%{-v*}}/' /etc/sysconfig/kernel || exit $?\ +fi}\ +%{expand:\ +%{_sbindir}/new-kernel-pkg --package kernel%{?-v:-%{-v*}} --install %{KVERREL}%{?-v:.%{-v*}} || exit $?\ +}\ +%endif \ %{nil} # # This macro defines a %%preun script for a kernel package. # %%kernel_variant_preun # +%if 0%{?rhel} == 7 +%define kernel_variant_preun() \ +%{expand:%%preun %{?1:%{1}-}core}\ +%{_sbindir}/new-kernel-pkg --rminitrd --rmmoddep --remove %{KVERREL}%{?1:.%{1}} || exit $?\ +if [ -x %{_sbindir}/weak-modules ]\ +then\ + %{_sbindir}/weak-modules --remove-kernel %{KVERREL}%{?1:.%{1}} || exit $?\ +fi\ +%{nil} +%else %define kernel_variant_preun() \ %{expand:%%preun %{?1:%{1}-}core}\ /bin/kernel-install remove %{KVERREL}%{?1:+%{1}} /lib/modules/%{KVERREL}%{?1:+%{1}}/vmlinuz || exit $?\ @@ -2052,6 +2185,7 @@ then\ %{_sbindir}/weak-modules --remove-kernel %{KVERREL}%{?1:+%{1}} || exit $?\ fi\ %{nil} +%endif %kernel_variant_preun %kernel_variant_post -r kernel-smp @@ -2123,15 +2257,25 @@ fi %doc linux-%{KVERREL}/tools/perf/Documentation/examples.txt %{_docdir}/perf-tip/tips.txt +%if 0%{?rhel} == 7 +%files -n python-perf +%defattr(-,root,root) +%{python_sitearch}/* +%else %files -n python3-perf %defattr(-,root,root) %{python3_sitearch}/* +%endif %if %{with_debuginfo} %files -f perf-debuginfo.list -n perf-debuginfo %defattr(-,root,root) +%if 0%{?rhel} == 7 +%files -f python-perf-debuginfo.list -n python-perf-debuginfo +%else %files -f python3-perf-debuginfo.list -n python3-perf-debuginfo +%endif %defattr(-,root,root) %endif %endif # with_perf @@ -2162,11 +2306,13 @@ fi %{_bindir}/iio_event_monitor %{_bindir}/iio_generic_buffer %{_bindir}/lsiio +%if 0%{?rhel} > 7 %{_bindir}/lsgpio %{_bindir}/gpio-hammer %{_bindir}/gpio-event-mon %{_mandir}/man1/kvm_stat* %{_bindir}/kvm_stat +%endif %if %{with_debuginfo} %files -f kernel-tools-debuginfo.list -n kernel-tools-debuginfo @@ -2209,6 +2355,16 @@ fi %{_libexecdir}/kselftests %endif +%if 0%{?rhel} == 7 +%if %{with_bootwrapper} +%files bootwrapper +%defattr(-,root,root) +/usr/sbin/* +%exclude /usr/sbin/bpftool +%{_libdir}/kernel-wrapper +%endif +%endif + # empty meta-package %ifnarch %nobuildarches noarch %files @@ -2239,20 +2395,35 @@ fi %{!?_licensedir:%global license %%doc}\ %license linux-%{KVERREL}/COPYING-%{version}\ /lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}\ +%if 0%{?rhel} == 7\ +/%{image_install_path}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?3:+%{3}}\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/.vmlinuz.hmac \ +/%{image_install_path}/.vmlinuz-%{KVERREL}%{?3:+%{3}}.hmac \ +%else\ %ghost /%{image_install_path}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?3:+%{3}}\ /lib/modules/%{KVERREL}%{?3:+%{3}}/.vmlinuz.hmac \ %ghost /%{image_install_path}/.vmlinuz-%{KVERREL}%{?3:+%{3}}.hmac \ +%endif\ %ifarch aarch64\ /lib/modules/%{KVERREL}%{?3:+%{3}}/dtb \ %ghost /%{image_install_path}/dtb-%{KVERREL}%{?3:+%{3}} \ %endif\ %attr(0600, root, root) /lib/modules/%{KVERREL}%{?3:+%{3}}/System.map\ +%if 0%{?rhel} == 7\ +/boot/System.map-%{KVERREL}%{?3:+%{3}}\ +%else\ %ghost %attr(0600, root, root) /boot/System.map-%{KVERREL}%{?3:+%{3}}\ +%endif\ /lib/modules/%{KVERREL}%{?3:+%{3}}/symvers.gz\ /lib/modules/%{KVERREL}%{?3:+%{3}}/config\ +%if 0%{?rhel} == 7\ +/boot/symvers-%{KVERREL}%{?3:+%{3}}.gz\ +/boot/config-%{KVERREL}%{?3:+%{3}}\ +%else\ %ghost %attr(0600, root, root) /boot/symvers-%{KVERREL}%{?3:+%{3}}.gz\ -%ghost %attr(0600, root, root) /boot/initramfs-%{KVERREL}%{?3:+%{3}}.img\ %ghost %attr(0644, root, root) /boot/config-%{KVERREL}%{?3:+%{3}}\ +%endif\ +%ghost %attr(0600, root, root) /boot/initramfs-%{KVERREL}%{?3:+%{3}}.img\ %dir /lib/modules\ %dir /lib/modules/%{KVERREL}%{?3:+%{3}}\ %dir /lib/modules/%{KVERREL}%{?3:+%{3}}/kernel\