diff --git a/SOURCES/bcm2711_selinux_config.patch b/SOURCES/bcm2711_selinux_config.patch index 3333f54..a7bd4c9 100644 --- a/SOURCES/bcm2711_selinux_config.patch +++ b/SOURCES/bcm2711_selinux_config.patch @@ -71,3 +71,76 @@ diff -aurp a/arch/arm/configs/bcm2711_defconfig b/arch/arm/configs/bcm2711_defco CONFIG_CRYPTO_USER=m CONFIG_CRYPTO_CBC=y CONFIG_CRYPTO_CTS=m +diff -aurp a/arch/arm64/configs/bcm2711_defconfig b/arch/arm64/configs/bcm2711_defconfig +--- a/arch/arm64/configs/bcm2711_defconfig 2019-11-16 13:47:33.867996642 +0000 ++++ b/arch/arm64/configs/bcm2711_defconfig 2019-11-16 13:55:19.882362227 +0000 +@@ -2,6 +2,7 @@ CONFIG_LOCALVERSION= + # CONFIG_LOCALVERSION_AUTO is not set + CONFIG_SYSVIPC=y + CONFIG_POSIX_MQUEUE=y ++CONFIG_AUDIT=y + CONFIG_GENERIC_IRQ_DEBUGFS=y + CONFIG_NO_HZ=y + CONFIG_HIGH_RES_TIMERS=y +@@ -119,6 +120,7 @@ CONFIG_IPV6_SUBTREES=y + CONFIG_IPV6_MROUTE=y + CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y + CONFIG_IPV6_PIMSM_V2=y ++CONFIG_NETLABEL=y + CONFIG_NETFILTER=y + CONFIG_NF_CONNTRACK=m + CONFIG_NF_CONNTRACK_ZONES=y +@@ -166,6 +168,7 @@ CONFIG_NFT_FIB_NETDEV=m + CONFIG_NF_FLOW_TABLE_INET=m + CONFIG_NF_FLOW_TABLE=m + CONFIG_NETFILTER_XT_SET=m ++CONFIG_NETFILTER_XT_TARGET_AUDIT=m + CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m + CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m + CONFIG_NETFILTER_XT_TARGET_CONNMARK=m +@@ -277,6 +280,7 @@ CONFIG_IP_NF_TARGET_CLUSTERIP=m + CONFIG_IP_NF_TARGET_ECN=m + CONFIG_IP_NF_TARGET_TTL=m + CONFIG_IP_NF_RAW=m ++CONFIG_IP_NF_SECURITY=m + CONFIG_IP_NF_ARPTABLES=m + CONFIG_IP_NF_ARPFILTER=m + CONFIG_IP_NF_ARP_MANGLE=m +@@ -302,6 +306,7 @@ CONFIG_IP6_NF_FILTER=m + CONFIG_IP6_NF_TARGET_REJECT=m + CONFIG_IP6_NF_MANGLE=m + CONFIG_IP6_NF_RAW=m ++CONFIG_IP6_NF_SECURITY=m + CONFIG_IP6_NF_NAT=m + CONFIG_IP6_NF_TARGET_MASQUERADE=m + CONFIG_IP6_NF_TARGET_NPT=m +@@ -1365,6 +1370,7 @@ CONFIG_BTRFS_FS_POSIX_ACL=y + CONFIG_NILFS2_FS=m + CONFIG_F2FS_FS=y + CONFIG_FANOTIFY=y ++CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y + CONFIG_QFMT_V1=m + CONFIG_QFMT_V2=m + CONFIG_AUTOFS4_FS=y +@@ -1406,6 +1412,7 @@ CONFIG_NFS_FSCACHE=y + CONFIG_NFSD=m + CONFIG_NFSD_V3_ACL=y + CONFIG_NFSD_V4=y ++CONFIG_NFSD_V4_SECURITY_LABEL=y + CONFIG_CIFS=m + CONFIG_CIFS_WEAK_PW_HASH=y + CONFIG_CIFS_UPCALL=y +@@ -1455,6 +1462,13 @@ CONFIG_NLS_ISO8859_15=m + CONFIG_NLS_KOI8_R=m + CONFIG_NLS_KOI8_U=m + CONFIG_DLM=m ++CONFIG_SECURITY=y ++CONFIG_SECURITY_NETWORK=y ++CONFIG_SECURITY_PATH=y ++CONFIG_SECURITY_SELINUX=y ++CONFIG_SECURITY_SELINUX_BOOTPARAM=y ++CONFIG_SECURITY_SELINUX_DISABLE=y ++CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 + CONFIG_CRYPTO_USER=m + CONFIG_CRYPTO_CBC=y + CONFIG_CRYPTO_CTS=m diff --git a/SPECS/raspberrypi2.spec b/SPECS/raspberrypi2.spec index 0d8f1cc..d81d3ff 100644 --- a/SPECS/raspberrypi2.spec +++ b/SPECS/raspberrypi2.spec @@ -3,13 +3,27 @@ %global commit_linux_long 3c235dcfe80a7c7ba360219e4a3ecb256f294376 #%global commit_linux_short %(c=%{commit_linux_long}; echo ${c:0:7}) -ExclusiveArch: armv7hl +ExclusiveArch: aarch64 armv7hl -%bcond_with rpi4 +%ifarch aarch64 +%define Arch arm64 +%define build_image Image +%define armtarget 8 +%define with_rpi4 1 +%else %define Arch arm +%define build_image zImage +%define armtarget 7 +%bcond_with rpi4 +%endif + %if %{with rpi4} +%ifarch aarch64 +%define local_version v8 +%else %define local_version v7l +%endif %define bcmmodel 2711 %define ksuffix 4 %else @@ -106,20 +120,24 @@ perl -p -i -e "s/^EXTRAVERSION.*/EXTRAVERSION = -%{release}/" Makefile perl -p -i -e "s/^CONFIG_LOCALVERSION=.*/CONFIG_LOCALVERSION=/" arch/%{Arch}/configs/bcm%{bcmmodel}_defconfig %build -export KERNEL=kernel7 +export KERNEL=kernel%{armtarget} make bcm%{bcmmodel}_defconfig -make %{?_smp_mflags} zImage modules dtbs +make %{?_smp_mflags} %{build_image} modules dtbs %install # kernel mkdir -p %{buildroot}/boot/overlays/ mkdir -p %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot/overlays cp -p -v COPYING %{buildroot}/boot/COPYING.linux-4.19 +%ifarch aarch64 +cp -p -v arch/%{Arch}/boot/dts/broadcom/*.dtb %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot +%else cp -p -v arch/%{Arch}/boot/dts/*.dtb %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot +%endif cp -p -v arch/%{Arch}/boot/dts/overlays/*.dtb* %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot/overlays cp -p -v arch/%{Arch}/boot/dts/overlays/README %{buildroot}/usr/share/%{name}-kernel/%{version}-%{release}/boot/overlays #scripts/mkknlimg arch/%{Arch}/boot/zImage %{buildroot}/boot/kernel-%{version}-%{release}.img -cp -p -v arch/%{Arch}/boot/zImage %{buildroot}/boot/kernel-%{version}-%{release}.img +cp -p -v arch/%{Arch}/boot/%{build_image} %{buildroot}/boot/kernel-%{version}-%{release}.img make INSTALL_MOD_PATH=%{buildroot} modules_install # kernel-devel @@ -182,14 +200,14 @@ popd %posttrans kernel%{?ksuffix} -cp /boot/kernel-%{version}-%{release}.img /boot/kernel7.img +cp /boot/kernel-%{version}-%{release}.img /boot/kernel%{armtarget}.img cp /usr/share/%{name}-kernel/%{version}-%{release}/boot/*.dtb /boot/ cp /usr/share/%{name}-kernel/%{version}-%{release}/boot/overlays/*.dtb* /boot/overlays/ cp /usr/share/%{name}-kernel/%{version}-%{release}/boot/overlays/README /boot/overlays/ #/usr/sbin/dracut /boot/initramfs-%{version}-%{release}.img %{version}-%{release} %postun kernel%{?ksuffix} -cp $(ls -1 /boot/kernel-*-*|sort -V|tail -1) /boot/kernel7.img +cp $(ls -1 /boot/kernel-*-*|sort -V|tail -1) /boot/kernel%{armtarget}.img cp $(ls -1d /usr/share/%{name}-kernel/*-*/|sort -V|tail -1)/boot/*.dtb /boot/ cp $(ls -1d /usr/share/%{name}-kernel/*-*/|sort -V|tail -1)/boot/overlays/*.dtb* /boot/overlays/ cp $(ls -1d /usr/share/%{name}-kernel/*-*/|sort -V|tail -1)/boot/overlays/README /boot/overlays/ @@ -215,6 +233,7 @@ cp $(ls -1d /usr/share/%{name}-kernel/*-*/|sort -V|tail -1)/boot/overlays/README %changelog * Sat Nov 16 2019 Pablo Greco - 4.19.84-v7.1.el7 - Update to version v4.19.84 +- Build for aarch64 * Tue Sep 10 2019 Pablo Greco - 4.19.72-v7.1.el7 - Update to version v4.19.72