From 7a79706489535d2cbb1bb7bb995ec74581f1b8e2 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Thu, 21 Sep 2023 17:02:48 -0700 Subject: [PATCH 01/47] Upgrade libwebp to 1.3.2 to address CVE-2023-4863 (#6265) --- SPECS/libwebp/libwebp.signatures.json | 6 +++--- SPECS/libwebp/libwebp.spec | 7 +++++-- cgmanifest.json | 4 ++-- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/SPECS/libwebp/libwebp.signatures.json b/SPECS/libwebp/libwebp.signatures.json index eb1746bea3f..a80bf3312ca 100644 --- a/SPECS/libwebp/libwebp.signatures.json +++ b/SPECS/libwebp/libwebp.signatures.json @@ -1,5 +1,5 @@ { - "Signatures": { - "libwebp-1.2.2.tar.gz": "51e9297aadb7d9eb99129fe0050f53a11fcce38a0848fb2b0389e385ad93695e" - } + "Signatures": { + "libwebp-1.3.2.tar.gz": "c2c2f521fa468e3c5949ab698c2da410f5dce1c5e99f5ad9e70e0e8446b86505" + } } \ No newline at end of file diff --git a/SPECS/libwebp/libwebp.spec b/SPECS/libwebp/libwebp.spec index fd32016833c..8c13b1ea3b4 100644 --- a/SPECS/libwebp/libwebp.spec +++ b/SPECS/libwebp/libwebp.spec @@ -1,7 +1,7 @@ Summary: Library to encode and decode webP format images Name: libwebp -Version: 1.2.2 -Release: 2%{?dist} +Version: 1.3.2 +Release: 1%{?dist} License: BSD Vendor: Microsoft Corporation Distribution: Mariner @@ -63,6 +63,9 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_libdir}/pkgconfig/*.pc %changelog +* Thu Sep 21 2023 CBL-Mariner Servicing Account - 1.3.2-1 +- Auto-upgrade to 1.3.2 - Upgrade to address CVE-2023-4863 + * Fri Mar 31 2023 Pawel Winogrodzki - 1.2.2-2 - Bumping release to re-build with newer 'libtiff' libraries. diff --git a/cgmanifest.json b/cgmanifest.json index 9518e791360..71e1fca0e92 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -11541,8 +11541,8 @@ "type": "other", "other": { "name": "libwebp", - "version": "1.2.2", - "downloadUrl": "https://github.com/webmproject/libwebp/archive/v1.2.2.tar.gz" + "version": "1.3.2", + "downloadUrl": "https://github.com/webmproject/libwebp/archive/v1.3.2.tar.gz" } } }, From aa5a23f030f33b3d4d27bc90c2823a8ab8fdaa34 Mon Sep 17 00:00:00 2001 From: Archana Choudhary <36061892+arc9693@users.noreply.github.com> Date: Fri, 22 Sep 2023 14:19:58 +0530 Subject: [PATCH 02/47] Add gdal package to specs-extended (#6230) * Adds package gdal * Adds license info * Update cgmanifest * Update license map * Refactor spec file --- SPECS-EXTENDED/gdal/cpl-config.h | 11 + SPECS-EXTENDED/gdal/gdal-config | 11 + SPECS-EXTENDED/gdal/gdal.signatures.json | 8 + SPECS-EXTENDED/gdal/gdal.spec | 1247 +++++++++++++++++ SPECS-EXTENDED/gdal/gdal_utils.patch | 39 + SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md | 2 +- SPECS/LICENSES-AND-NOTICES/data/licenses.json | 1 + cgmanifest.json | 10 + 8 files changed, 1328 insertions(+), 1 deletion(-) create mode 100644 SPECS-EXTENDED/gdal/cpl-config.h create mode 100755 SPECS-EXTENDED/gdal/gdal-config create mode 100644 SPECS-EXTENDED/gdal/gdal.signatures.json create mode 100644 SPECS-EXTENDED/gdal/gdal.spec create mode 100644 SPECS-EXTENDED/gdal/gdal_utils.patch diff --git a/SPECS-EXTENDED/gdal/cpl-config.h b/SPECS-EXTENDED/gdal/cpl-config.h new file mode 100644 index 00000000000..456693f96b3 --- /dev/null +++ b/SPECS-EXTENDED/gdal/cpl-config.h @@ -0,0 +1,11 @@ +#include + +#if __WORDSIZE == 32 +#include "gdal/cpl_config-32.h" +#else +#if __WORDSIZE == 64 +#include "gdal/cpl_config-64.h" +#else +#error "Unknown word size" +#endif +#endif diff --git a/SPECS-EXTENDED/gdal/gdal-config b/SPECS-EXTENDED/gdal/gdal-config new file mode 100755 index 00000000000..37a3f663558 --- /dev/null +++ b/SPECS-EXTENDED/gdal/gdal-config @@ -0,0 +1,11 @@ +#!/bin/bash + +ARCH=$(uname -m) +case $ARCH in +x86_64 | ppc64 | ppc64le | ia64 | s390x | sparc64 | alpha | alphaev6 | aarch64 ) +gdal-config-64 ${*} +;; +*) +gdal-config-32 ${*} +;; +esac diff --git a/SPECS-EXTENDED/gdal/gdal.signatures.json b/SPECS-EXTENDED/gdal/gdal.signatures.json new file mode 100644 index 00000000000..c8eca65dc52 --- /dev/null +++ b/SPECS-EXTENDED/gdal/gdal.signatures.json @@ -0,0 +1,8 @@ +{ + "Signatures": { + "cpl-config.h": "a59d47f3092bf0026a982b90a18d9b99c4a089c7651544d398a403947d198b9c", + "gdal-3.6.3.tar.gz": "1c271c08b7161227384833ddc24febd8d012a44c6de93a5912051784e3247506", + "gdal-config": "696f44e42c98aa369c96418a9ebf497aa854ca9f6a45dfd55e4f231bae7b193f", + "gdalautotest-3.6.3.tar.gz": "44299ceae9066d8518441dad729eaf05f6dd996c4dbe4719015a63495860270d" + } +} \ No newline at end of file diff --git a/SPECS-EXTENDED/gdal/gdal.spec b/SPECS-EXTENDED/gdal/gdal.spec new file mode 100644 index 00000000000..10f2aa1b573 --- /dev/null +++ b/SPECS-EXTENDED/gdal/gdal.spec @@ -0,0 +1,1247 @@ +%global bashcompletiondir %(pkg-config --variable=compatdir bash-completion) +%global cpuarch 64 +%global with_mysql 0 +%global mysql --without-mysql +%global with_poppler 0 +%global poppler --without-poppler +%global with_spatialite 0 +%global spatialite --without-spatialite +%global with_python3 1 +%global python3 --with-python3 +%global with_java 0 +%global java --without-java + +Summary: GIS file format library +#global pre rc1 +Name: gdal +Version: 3.6.3 +Release: 2%{?dist} +License: MIT +Vendor: Microsoft Corporation +Distribution: Mariner +URL: https://www.gdal.org +Source0: https://github.com/OSGeo/gdal/releases/download/v3.6.3/%{name}-%{version}.tar.gz +Source1: %{name}autotest-%{version}.tar.gz +# Multilib compatible cpl-config.h header +Source2: cpl-config.h +# Multilib compatible gdal-config script +Source3: gdal-config +# Add some utils to the default install target +Patch0: gdal_utils.patch + +BuildRequires: CharLS-devel +BuildRequires: bison +BuildRequires: cfitsio-devel +BuildRequires: cmake +BuildRequires: curl-devel +BuildRequires: expat-devel +BuildRequires: freexl-devel +BuildRequires: gcc-c++ +BuildRequires: geos-devel +BuildRequires: giflib-devel +BuildRequires: gtest-devel +BuildRequires: hdf-devel +BuildRequires: hdf5-devel +BuildRequires: json-c-devel +BuildRequires: libdap-devel +BuildRequires: libgeotiff-devel +BuildRequires: libgta-devel +BuildRequires: libjpeg-devel +BuildRequires: libkml-devel +BuildRequires: liblerc-devel +BuildRequires: libpng-devel +BuildRequires: libpq-devel +BuildRequires: libtiff-devel +BuildRequires: libtirpc-devel +BuildRequires: libwebp-devel +BuildRequires: libzstd-devel +BuildRequires: netcdf-devel +BuildRequires: ogdi-devel +BuildRequires: openexr-devel +BuildRequires: openjpeg2-devel +BuildRequires: pcre2-devel +BuildRequires: proj >= 5.2.0 +BuildRequires: proj-devel >= 5.2.0 +BuildRequires: qhull-devel +BuildRequires: sqlite-devel +BuildRequires: swig +BuildRequires: unixODBC-devel +BuildRequires: xerces-c-devel +BuildRequires: xz-devel +BuildRequires: zlib-devel +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +# Run time dependency for gpsbabel driver +Requires: gpsbabel +%if %{with_spatialite} +BuildRequires: libspatialite-devel +%endif +%if 0%{?with_mysql} +BuildRequires: mariadb-connector-c-devel +%endif +%if 0%{?with_poppler} +BuildRequires: poppler-devel +%endif +# Python +%if 0%{?with_python3} +BuildRequires: python3-devel +BuildRequires: python3-numpy +BuildRequires: python3-setuptools +BuildRequires: python3dist(lxml) >= 4.5.1 +BuildRequires: python3dist(pytest) >= 3.6 +%endif +# Java +%if 0%{?with_java} +# For 'mvn_artifact' and 'mvn_install' +BuildRequires: ant +BuildRequires: java-devel >= 1:1.6.0 +BuildRequires: javapackages-local +BuildRequires: jpackage-utils +%endif + +%description +Geospatial Data Abstraction Library (GDAL/OGR) is a cross platform +C++ translator library for raster and vector geospatial data formats. +As a library, it presents a single abstract data model to the calling +application for all supported formats. It also comes with a variety of +useful commandline utilities for data translation and processing. + +It provides the primary data access engine for many applications. +GDAL/OGR is the most widely used geospatial data access library. + +%package devel +Summary: Development files for the GDAL file format library +Requires: %{name}-libs%{?_isa} = %{version}-%{release} + +%description devel +This package contains development files for GDAL. + +%package libs +Summary: GDAL file format library +# See frmts/grib/degrib/README.TXT +Provides: bundled(g2lib) = 1.6.0 +Provides: bundled(degrib) = 2.14 + +%description libs +This package contains the GDAL file format library. + +# No complete java yet in EL8 +%if 0%{?with_java} +%package java +Summary: Java modules for the GDAL file format library +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires: jpackage-utils + +%description java +The GDAL Java modules provide support to handle multiple GIS file formats. + +%package javadoc +Summary: Javadocs for %{name} +Requires: jpackage-utils +BuildArch: noarch + +%description javadoc +This package contains the API documentation for %{name}. +%endif + + +%if 0%{?with_python3} +%package -n python3-gdal +Summary: Python modules for the GDAL file format library +%{?python_provide:%python_provide python3-gdal} +Requires: %{name}-libs%{?_isa} = %{version}-%{release} +Requires: python3-numpy + +%description -n python3-gdal +The GDAL Python 3 modules provide support to handle multiple GIS file formats. + +%package python-tools +Summary: Python tools for the GDAL file format library +Requires: python3-gdal + +%description python-tools +The GDAL Python package provides number of tools for programming and +manipulating GDAL file format library + +# We don't want to provide private Python extension libs +%global __provides_exclude_from ^%{python3_sitearch}/.*\.so$ +%endif + + +%prep +%autosetup -N -p1 -n %{name}-%{version} + +# Delete bundled libraries +rm -rf frmts/zlib +rm -rf frmts/png/libpng +rm -rf frmts/gif/giflib +rm -rf frmts/jpeg/libjpeg +rm -rf frmts/jpeg/libjpeg12 +rm -rf frmts/gtiff/libgeotiff +rm -rf frmts/gtiff/libtiff +rm -rf mrf/LERCV1 +rm -rf third_party/LercLib + +# Setup autotest directory +tar xf %{SOURCE1} +mv %{name}autotest-%{version} autotest + +# Need to patch autotest +%autopatch -p1 + + +%build +%cmake \ + -DCMAKE_INSTALL_INCLUDEDIR=include/gdal \ + -DGDAL_JAVA_INSTALL_DIR=%{_jnidir}/%{name} \ + -DGDAL_USE_JPEG12_INTERNAL=OFF \ +%cmake_build + +%install +%cmake_install + + +# List of manpages for python scripts +for file in %{buildroot}%{_bindir}/*.py; do + if [ -f %{buildroot}%{_mandir}/man1/`basename ${file/.py/.1*}` ]; then + echo "%{_mandir}/man1/`basename ${file/.py/.1*}`" >> gdal_python_manpages.txt + echo "%exclude %{_mandir}/man1/`basename ${file/.py/.1*}`" >> gdal_python_manpages_excludes.txt + fi +done + +# Multilib +# - cpl_config.h is arch-dependent (contains various SIZEOF defines) +# - gdal-config stores arch-specific information +mv %{buildroot}%{_includedir}/%{name}/cpl_config.h %{buildroot}%{_includedir}/%{name}/cpl_config-%{cpuarch}.h +cp -a %{SOURCE2} %{buildroot}%{_includedir}/%{name}/cpl_config.h +mv %{buildroot}%{_bindir}/%{name}-config %{buildroot}%{_bindir}/%{name}-config-%{cpuarch} +cp -a %{SOURCE3} %{buildroot}%{_bindir}/%{name}-config + +%check +ctest -E "autotest_osr|autotest_alg|autotest_gdrivers|autotest_gcore" + + +%files -f gdal_python_manpages_excludes.txt +%{_bindir}/8211* +%{_bindir}/gdal_contour +%{_bindir}/gdal_create +%{_bindir}/gdal_grid +%{_bindir}/gdal_rasterize +%{_bindir}/gdal_translate +%{_bindir}/gdal_viewshed +%{_bindir}/gdaladdo +%{_bindir}/gdalbuildvrt +%{_bindir}/gdaldem +%{_bindir}/gdalenhance +%{_bindir}/gdalinfo +%{_bindir}/gdallocationinfo +%{_bindir}/gdalmanage +%{_bindir}/gdalmdiminfo +%{_bindir}/gdalmdimtranslate +%{_bindir}/gdalsrsinfo +%{_bindir}/gdaltindex +%{_bindir}/gdaltransform +%{_bindir}/gdalwarp +%{_bindir}/gnmanalyse +%{_bindir}/gnmmanage +%{_bindir}/nearblack +%{_bindir}/ogr2ogr +%{_bindir}/ogrinfo +%{_bindir}/ogrlineref +%{_bindir}/ogrtindex +%{_bindir}/s57dump +%{_datadir}/bash-completion/completions/* +%exclude %{_datadir}/bash-completion/completions/*.py +%{_mandir}/man1/* +%exclude %{_mandir}/man1/gdal-config.1* +# Python manpages excluded in -f gdal_python_manpages_excludes.txt + +%files libs +%license LICENSE.TXT +%doc NEWS.md PROVENANCE.TXT COMMITTERS +%{_libdir}/libgdal.so.32 +%{_libdir}/libgdal.so.32.* +%{_datadir}/%{name}/ +%{_libdir}/gdalplugins/ + +%files devel +%{_bindir}/%{name}-config +%{_bindir}/%{name}-config-%{cpuarch} +%{_includedir}/%{name}/ +%{_libdir}/lib%{name}.so +%{_libdir}/cmake/gdal/ +%{_libdir}/pkgconfig/%{name}.pc +%{_mandir}/man1/gdal-config.1* + +%if 0%{?with_python3} +%files -n python3-gdal +%doc swig/python/README.rst +%{python3_sitearch}/GDAL-%{version}-py*.egg-info/ +%{python3_sitearch}/osgeo/ +%{python3_sitearch}/osgeo_utils/ + +%files python-tools -f gdal_python_manpages.txt +%{_bindir}/gdal_calc.py +%{_bindir}/gdal_edit.py +%{_bindir}/gdal_fillnodata.py +%{_bindir}/gdal_merge.py +%{_bindir}/gdal_pansharpen.py +%{_bindir}/gdal_polygonize.py +%{_bindir}/gdal_proximity.py +%{_bindir}/gdal_retile.py +%{_bindir}/gdal_sieve.py +%{_bindir}/gdal2tiles.py +%{_bindir}/gdal2xyz.py +%{_bindir}/gdalattachpct.py +%{_bindir}/gdalcompare.py +%{_bindir}/gdalmove.py +%{_bindir}/ogr_layer_algebra.py +%{_bindir}/ogrmerge.py +%{_bindir}/pct2rgb.py +%{_bindir}/rgb2pct.py +%{_datadir}/bash-completion/completions/*.py + +%endif + +%if 0%{?with_java} +%files java +%{_jnidir}/%{name}/gdal-%{version}-sources.jar +%{_jnidir}/%{name}/gdal-%{version}.jar +%{_jnidir}/%{name}/gdal-%{version}.pom +%{_jnidir}/%{name}/libgdalalljni.so + +%files javadoc +%{_jnidir}/%{name}/gdal-%{version}-javadoc.jar +%endif + + +%changelog +* Thu Aug 17 2023 Archana Choudhary - 3.6.3-2 +- Initial CBL-Mariner import from Fedora 38 (license: MIT). +- License verified. +- Excludes osr test suite as the test file incorrectly replaces assertion +- Excludes gcore test suite as 'tmp_path' fixture not present +- Excludes alg and gdrivers test suite due to TypeError in pluggy requirement + +* Tue Mar 14 2023 Sandro Mani - 3.6.3-1 +- Update to 3.6.3 + +* Sat Mar 04 2023 Sandro Mani - 3.6.2-6 +- Rebuild (proj) + +* Tue Feb 07 2023 Sandro Mani - 3.6.2-5 +- Rebuild (mingw-poppler) + +* Sat Feb 04 2023 Sandro Mani - 3.6.2-4 +- Rebuild (poppler) + +* Thu Jan 19 2023 Fedora Release Engineering - 3.6.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Thu Jan 12 2023 Maxwell G - 3.6.2-2 +- Rebuild for cfitsio 4.2 + +* Thu Jan 05 2023 Sandro Mani - 3.6.2-1 +- Update to 3.6.2 + +* Mon Jan 02 2023 Sandro Mani - 3.6.1-3 +- Rebuild (mingw-cfitsio) + +* Thu Dec 29 2022 Maxwell G - 3.6.1-2 +- Rebuild for cfitsio 4.2 + +* Thu Dec 15 2022 Sandro Mani - 3.6.1-1 +- Update to 3.6.1 + +* Mon Dec 05 2022 Sandro Mani - 3.6.0-4 +- Rebuild (mingw-xerces-c) + +* Mon Dec 05 2022 Sandro Mani - 3.6.0-3 +- Switch to pcre2 for mingw build + +* Fri Nov 18 2022 Sandro Mani - 3.6.0-2 +- Rebuild (mingw-postgresql) + +* Fri Nov 11 2022 Sandro Mani - 3.6.0-1 +- Update to 3.6.0 + +* Thu Nov 03 2022 Sandro Mani - 3.6.0-0.1.rc1 +- Update to 3.6.0-rc1 + +* Thu Nov 03 2022 Sandro Mani - 3.5.3-2 +- Re-enable java + +* Tue Nov 01 2022 Sandro Mani - 3.5.3-1 +- Update to 3.5.3 + +* Wed Oct 19 2022 Sandro Mani - 3.5.2-3 +- Rebuild (python-3.11) + +* Fri Oct 7 2022 Tom Rix - 3.5.2-2 +- Add mingw build conditional +- Reduce java build condition to rhel 8 + +* Tue Sep 13 2022 Sandro Mani - 3.5.2-1 +- Update to 3.5.2 + +* Sun Sep 04 2022 Sandro Mani - 3.5.1-6 +- Rebuild (proj) + +* Tue Aug 02 2022 Sandro Mani - 3.5.1-5 +- Rebuild (poppler) + +* Wed Jul 27 2022 Sandro Mani - 3.5.1-4 +- Rebuild (liblerc) + +* Thu Jul 21 2022 Sandro Mani - 3.5.1-3 +- Rebuild (liblerc) + +* Thu Jul 21 2022 Fedora Release Engineering - 3.5.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Wed Jul 06 2022 Sandro Mani - 3.5.1-1 +- Update to 3.5.1 +- Limit -java subpackage to %%java_arches + +* Mon Jun 13 2022 Python Maint - 3.5.0-5 +- Rebuilt for Python 3.11 + +* Mon May 30 2022 Jitka Plesnikova - 3.5.0-4 +- Perl 5.36 rebuild + +* Sat May 21 2022 Sandro Mani - 3.5.0-3 +- Fix gdal-config take two + +* Fri May 20 2022 Sandro Mani - 3.5.0-2 +- Fix gdal-config + +* Fri May 13 2022 Sandro Mani - 3.5.0-1 +- Update to 3.5.0 + +* Wed May 04 2022 Sandro Mani - 3.4.3-1 +- Update to 3.4.3 + +* Mon Mar 14 2022 Sandro Mani - 3.4.2-1 +- Update to 3.4.2 + +* Thu Mar 10 2022 Sandro Mani - 3.4.1-6 +- Rebuild for proj-9.0.0 + +* Sun Feb 13 2022 Josef Ridky - 3.4.1-5 +- Rebuilt for libjasper.so.6 + +* Sat Feb 05 2022 Jiri Vanek - 3.4.1-4 +- Rebuilt for java-17-openjdk as system jdk + +* Thu Jan 20 2022 Fedora Release Engineering - 3.4.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jan 13 2022 Sandro Mani - 3.4.1-2 +- Rebuild (poppler) + +* Tue Jan 04 2022 Sandro Mani - 3.4.1-1 +- Update to 3.4.1 + +* Sun Nov 21 2021 Orion Poplawski - 3.4.0-2 +- Rebuild for hdf5 1.12.1 + +* Mon Nov 08 2021 Sandro Mani - 3.4.0-1 +- Update to 3.4.0 + +* Fri Oct 29 2021 Sandro Mani - 3.3.3-1 +- Update to 3.3.3 + +* Thu Oct 21 2021 Sandro Mani - 3.3.2-3 +- Rebuild (geos) + +* Tue Sep 14 2021 Sahana Prasad - 3.3.2-2 +- Rebuilt with OpenSSL 3.0.0 + +* Tue Sep 07 2021 Sandro Mani - 3.3.2-1 +- Update to 3.3.2 + +* Tue Aug 10 2021 Orion Poplawski - 3.3.1-5 +- Rebuild for hdf5 1.10.7/netcdf 4.8.0 + +* Mon Aug 02 2021 Sandro Mani - 3.3.1-4 +- Rebuild (poppler) + +* Wed Jul 21 2021 Fedora Release Engineering - 3.3.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Sat Jul 10 2021 Björn Esser - 3.3.1-2 +- Rebuild for versioned symbols in json-c + +* Mon Jul 05 2021 Sandro Mani - 3.3.1-1 +- Update to 3.3.1 + +* Fri Jun 04 2021 Python Maint - 3.3.0-7 +- Rebuilt for Python 3.10 + +* Mon May 24 2021 Jitka Plesnikova - 3.3.0-6 +- Perl 5.34 re-rebuild updated packages + +* Fri May 21 2021 Sandro Mani - 3.3.0-5 +- Rebuild (libgta) + +* Fri May 21 2021 Jitka Plesnikova - 3.3.0-4 +- Perl 5.34 rebuild + +* Thu May 20 2021 Richard Shaw - 3.3.0-3 +- Rebuilding for libgta 1.2.1. + +* Fri May 07 2021 Sandro Mani - 3.3.0-2 +- Rebuild (gdal) + +* Mon May 03 2021 Sandro Mani - 3.3.0-1 +- Update to 3.3.0 + +* Wed Mar 24 2021 Sandro Mani - 3.2.2-1 +- Update to 3.2.2 + +* Sun Mar 07 2021 Sandro Mani - 3.2.1-10 +- Rebuild (proj) + +* Tue Feb 23 2021 Elliott Sales de Andrade - 3.2.1-9 +- Fix compile against GEOS on s390x + +* Sat Feb 13 2021 Sandro Mani - 3.2.1-8 +- Rebuild (geos) + +* Sat Feb 13 2021 Sandro Mani - 3.2.1-7 +- Rebuild (geos) + +* Mon Feb 08 2021 Pavel Raiskup - 3.2.1-6 +- rebuild for libpq ABI fix rhbz#1908268 + +* Mon Feb 01 2021 Orion Poplawski - 3.2.1-5 +- Rebuild for cfitsio 3.490 + +* Tue Jan 26 2021 Fedora Release Engineering - 3.2.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Fri Jan 15 11:51:40 CET 2021 Sandro Mani - 3.2.1-3 +- Rebuild (poppler) + +* Tue Jan 5 18:08:07 WET 2021 José Matos - 3.2.1-2 +- rebuild for armadillo 10 + +* Mon Jan 04 2021 Sandro Mani - 3.2.1-1 +- Update to 3.2.1 + +* Thu Nov 05 2020 Sandro Mani - 3.2.0-1 +- Update to 3.2.0 + +* Mon Nov 02 2020 Sandro Mani - 3.1.4-1 +- Update to 3.1.4 + +* Wed Oct 28 2020 Jeff Law - 3.1.3-3 +- Fix missing #include for gcc-11 + +* Fri Oct 16 21:25:24 CEST 2020 Sandro Mani - 3.1.3-2 +- Rebuild (jasper) + +* Mon Sep 07 2020 Sandro Mani - 3.1.3-1 +- Update to 3.1.3 + +* Mon Jul 27 2020 Fedora Release Engineering - 3.1.2-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jul 22 09:48:50 GMT 2020 Sandro Mani - 3.1.2-5 +- Rebuild (poppler) + +* Thu Jul 16 2020 Jiri Vanek - 3.1.2-4 +- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11 + +* Wed Jul 15 15:55:55 GMT 2020 Sandro Mani - 3.1.2-3 +- Rebuild (poppler) + +* Fri Jul 10 2020 Jiri Vanek - 3.1.2-2 +- Rebuilt for JDK-11, see https://fedoraproject.org/wiki/Changes/Java11 + +* Tue Jul 07 2020 Sandro Mani - 3.1.2-1 +- Update to 3.1.2 + +* Tue Jun 30 2020 Sandro Mani - 3.1.1-1 +- Update to 3.1.1 + +* Sat Jun 27 2020 Jitka Plesnikova - 3.1.0-5 +- Perl 5.32 re-rebuild updated packages + +* Fri Jun 26 2020 Orion Poplawski - 3.1.0-4 +- Rebuild for hdf5 1.10.6 + +* Thu Jun 25 2020 Jitka Plesnikova - 3.1.0-3 +- Perl 5.32 rebuild + +* Tue May 26 2020 Miro Hrončok - 3.1.0-2 +- Rebuilt for Python 3.9 + +* Tue May 12 2020 Sandro Mani - 3.1.0-1 +- Update to 3.1.0 + +* Sat May 09 2020 Markus Neteler - 3.0.4-5 + +* disabled JAVA and LaTeX support for EPEL8, due to (yet) missing dependencies + +* Wed Apr 22 2020 Björn Esser - 3.0.4-4 +- Re-enable annobin + +* Tue Apr 21 2020 Björn Esser - 3.0.4-3 +- Rebuild (json-c) +- Temporarily disable annobin, as it is broken + +* Tue Mar 03 2020 Sandro Mani - 3.0.4-2 +- Fix libtool wrappers installed for gdal utilities instead of actual binaries + +* Wed Feb 05 2020 Sandro Mani - 3.0.4-1 +- Update to 3.0.4 + +* Tue Jan 28 2020 Fedora Release Engineering - 2.3.2-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Sat Jan 18 2020 Rich Mattes - 2.3.2-15 +- Patch out include that was removed in newer poppler +- Remove comment following an endif in the specfile + +* Sat Jan 18 2020 Mamoru TASAKA - 2.3.2-15 +- F-32: rebuild against new poppler + +* Tue Sep 17 2019 Elliott Sales de Andrade - 2.3.2-14 +- Fix linkage against Proj + +* Mon Sep 16 2019 Sandro Mani - 2.3.2-13 +- Bump proj_somaj for proj 6 + +* Wed Sep 4 2019 Devrim Gündüz - 2.3.2-12 +- Rebuild for new Proj + +* Mon Aug 19 2019 Miro Hrončok - 2.3.2-11 +- Rebuilt for Python 3.8 + +* Thu Jul 25 2019 Fedora Release Engineering - 2.3.2-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Sat Jun 01 2019 Jitka Plesnikova - 2.3.2-9 +- Perl 5.30 rebuild + +* Sat Mar 16 2019 Orion Poplawski +- Rebuild for hdf5 1.10.5 + +* Tue Feb 05 2019 Miro Hrončok - 2.3.2-7 +- Drop Python 2 subpackage for mass Python 2 packages removal + +* Mon Feb 04 2019 Pavel Raiskup - 2.3.2-6 +- modernize java packaging (PR#9) + +* Mon Feb 04 2019 Devrim Gündüz - 2.3.2-6 +- Rebuild for new GeOS and Proj + +* Thu Jan 31 2019 Fedora Release Engineering - 2.3.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Sat Jan 26 2019 Marek Kasik - 2.3.2-4 +- Additional fixes for the rebuild + +* Fri Jan 25 2019 Marek Kasik - 2.3.2-3 +- Rebuild for poppler-0.73.0 + +* Thu Oct 04 2018 Pavel Raiskup - 2.3.2-2 +- Python 3 is the default Python now + +* Mon Oct 1 2018 Volker Fröhlich - 2.3.2-1 +- New upstream release + +* Mon Aug 27 2018 José Abílio Matos - 2.3.1-3 +- rebuild for armadillo soname bump (take 2) + +* Fri Aug 17 2018 José Abílio Matos - 2.3.1-2 +- rebuild for armadillo soname bump + +* Tue Aug 14 2018 Volker Fröhlich - 2.3.1-1 +- New upstream release + +* Tue Aug 14 2018 Marek Kasik - 2.2.4-10 +- Rebuild for poppler-0.67.0 + +* Wed Jul 25 2018 Devrim Gündüz - 2.2.4-9 +- Fix #1606875 + +* Fri Jul 13 2018 Fedora Release Engineering - 2.2.4-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jul 03 2018 Petr Pisar - 2.2.4-7 +- Perl 5.28 rebuild + +* Fri Jun 29 2018 Jitka Plesnikova - 2.2.4-6 +- Perl 5.28 rebuild + +* Fri Jun 22 2018 Orion Poplawski - 2.2.4-5 +- Rebuild for libdap 3.19.1 + +* Tue Jun 19 2018 Miro Hrončok - 2.2.4-4 +- Rebuilt for Python 3.7 + +* Sat May 26 2018 Christian Dersch - 2.2.4-3 +- rebuilt for cfitsio 3.450 + +* Tue Mar 27 2018 Björn Esser - 2.2.4-2 +- Rebuilt for libjson-c.so.4 (json-c v0.13.1) on fc28 + +* Mon Mar 26 2018 Volker Fröhlich - 2.2.4-1 +- New upstream release + +* Fri Mar 23 2018 Adam Williamson - 2.2.3-14 +- Rebuild for poppler 0.63.0 + +* Tue Mar 06 2018 Björn Esser - 2.2.3-13 +- Rebuilt for libjson-c.so.4 (json-c v0.13.1) + +* Fri Feb 23 2018 Christian Dersch - 2.2.3-12 +- rebuilt for cfitsio 3.420 (so version bump) + +* Wed Feb 14 2018 David Tardon - 2.2.3-11 +- rebuild for poppler 0.62.0 + +* Wed Feb 14 2018 Volker Fröhlich - 2.2.3-10 +- Don't own /etc/bash_completion.d (BZ#1545012) + +* Tue Feb 13 2018 Pavel Raiskup - 2.2.3-9 +- silence some rpmlint warnings + +* Tue Feb 13 2018 Tom Hughes - 2.2.3-8 +- Add patch for bug by node-gdal tests and fixed upstream + +* Tue Feb 13 2018 Tom Hughes - 2.2.3-7 +- Use libtirpc for RPC routines + +* Wed Feb 07 2018 Fedora Release Engineering - 2.2.3-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Sat Jan 27 2018 Than Ngo - - 2.2.3-6 +- cleanup condition + +* Thu Dec 14 2017 Merlin Mathesius - 2.2.3-5 +- Cleanup spec file conditionals + +* Thu Dec 14 2017 Pavel Raiskup - 2.2.3-4 +- drop bootstrap mode +- build-require mariadb-connector-c-devel (rhbz#1494096) + +* Mon Dec 11 2017 Björn Esser - 2.2.3-3.1.bootstrap +- Add patch to cleanly build against json-c v0.13 + +* Sun Dec 10 2017 Björn Esser - 2.2.3-2.1.bootstrap +- Rebuilt for libjson-c.so.3 + +* Mon Dec 04 2017 Volker Froehlich - 2.2.3-1 +- New upstream release + +* Wed Nov 29 2017 Volker Froehlich - 2.2.2-2 +- Re-enable bsb format (BZ#1432330) + +* Fri Sep 22 2017 Volker Froehlich - 2.2.2-1 +- New upstream release +- Add new entries to the files sections + +* Sun Sep 17 2017 Rex Dieter - 2.1.4-11 +- rebuild (armadillo) + +* Mon Sep 11 2017 Rex Dieter - 2.1.4-10 +- support %%bootstrap mode, enable for rawhide (#1490492) +- segment POPPLER_OPTS, makes buildable on f25 + +* Fri Sep 08 2017 David Tardon - 2.1.4-9 +- rebuild for poppler 0.59.0 + +* Sun Aug 20 2017 Zbigniew Jędrzejewski-Szmek - 2.1.4-8 +- Add Provides for the old name without %%_isa + +* Sat Aug 19 2017 Orion Poplawski - 2.1.4-7 +- Handle new g2clib name in Fedora 27+ + +* Sat Aug 19 2017 Zbigniew Jędrzejewski-Szmek - 2.1.4-6 +- Python 2 binary package renamed to python2-gdal + See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3 + +* Thu Aug 03 2017 David Tardon - 2.1.4-5 +- rebuild for poppler 0.57.0 + +* Wed Aug 02 2017 Fedora Release Engineering - 2.1.4-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 2.1.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Jul 19 2017 Adam Williamson - 2.1.4-2 +- Rebuild against MariaDB 10.2 +- BuildRequires: javapackages-local, for a macro that got moved there + +* Sat Jul 01 2017 Volker Froehlich - 2.1.4-1 +- New upstream release + +* Sun Jun 04 2017 Jitka Plesnikova - 2.1.3-4 +- Perl 5.26 rebuild + +* Tue Mar 28 2017 David Tardon - 2.1.3-3 +- rebuild for poppler 0.53.0 + +* Wed Feb 01 2017 Sandro Mani - 2.1.3-2 +- Rebuild (libwebp) + +* Fri Jan 27 2017 Volker Froehlich - 2.1.3-1 +- New upstream release +- Don't run tests by default (BZ #1260151) + +* Tue Jan 24 2017 Devrim Gündüz - 2.1.2-6 +- Rebuilt for proj 4.9.3 +- Fix many rpmlint warnings/errors. +- Add a workaround for the pkg-config change in rawhide. + +* Mon Dec 19 2016 Miro Hrončok - 2.1.2-5 +- Rebuild for Python 3.6 + +* Fri Dec 16 2016 David Tardon - 2.1.2-4 +- rebuild for poppler 0.50.0 + +* Thu Dec 01 2016 Orion Poplawski - 2.1.2-3 +- Rebuild for jasper 2.0 +- Add patch to fix build with jasper 2.0 + +* Wed Nov 23 2016 David Tardon - 2.1.2-2 +- rebuild for poppler 0.49.0 + +* Sun Oct 30 2016 Volker Froehlich - 2.1.2-1 +- New upstream release + +* Sat Oct 22 2016 Orion Poplawski - 2.1.1-2 +- Use system libjson-c + +* Fri Oct 21 2016 Marek Kasik - 2.1.1-2 +- Rebuild for poppler-0.48.0 + +* Fri Aug 12 2016 Orion Poplawski - 2.1.1-1 +- Update to 2.1.1 +- Add patch to fix bash-completion installation and install it (bug #1337143) + +* Tue Jul 19 2016 Fedora Release Engineering - 2.1.0-8 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Mon Jul 18 2016 Marek Kasik - 2.1.0-7 +- Rebuild for poppler-0.45.0 + +* Tue May 17 2016 Jitka Plesnikova - 2.1.0-6 +- Perl 5.24 rebuild + +* Mon May 09 2016 Volker Froehlich - 2.1.0-5 +- Add missing BR for libkml + +* Fri May 06 2016 Sandro Mani - 2.1.0-4 +- Enable libKML support + Resolves: #1332008 + +* Tue May 03 2016 Adam Williamson - 2.1.0-3 +- rebuild for updated poppler + +* Tue May 3 2016 Marek Kasik - 2.1.0-2 +- Rebuild for poppler-0.43.0 + +* Mon May 02 2016 Jozef Mlich - 2.1.0-1 +- New upstream release + +* Mon Apr 18 2016 Tom Hughes - 2.0.2-5 +- Rebuild for libdap change Resoloves: #1328104 + +* Tue Feb 16 2016 Elliott Sales de Andrade - 2.0.2-4 +- Add Python 3 support + +* Sun Feb 14 2016 Volker Froehlich - 2.0.2-3 +- Add patch for GDAL issue #6360 + +* Mon Feb 08 2016 Volker Froehlich - 2.0.2-2 +- Rebuild for armadillo 6 + +* Thu Feb 04 2016 Volker Froehlich - 2.0.2-1 +- New upstream release +- Fix geos support (BZ #1284714) + +* Wed Feb 03 2016 Fedora Release Engineering - 2.0.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Fri Jan 22 2016 Marek Kasik 2.0.1-5 +- Rebuild for poppler-0.40.0 + +* Fri Jan 15 2016 Adam Jackson 2.0.1-4 +- Rebuild for libdap soname bump + +* Mon Dec 28 2015 Igor Gnatenko - 2.0.1-3 +- Rebuilt for libwebp soname bump + +* Sun Oct 18 2015 Volker Froehlich - 2.0.1-2 +- Solve BZ #1271906 (Build iso8211 and s57 utilities) + +* Thu Sep 24 2015 Volker Froehlich - 2.0.1-1 +- Updated for 2.0.1; Add Perl module manpage + +* Wed Sep 23 2015 Orion Poplawski - 2.0.0-5 +- Rebuild for libdap 3.15.1 + +* Sun Sep 20 2015 Volker Froehlich - 2.0.0-4 +- Support openjpeg2 + +* Thu Aug 27 2015 Jonathan Wakely - 2.0.0-3 +- Rebuilt for Boost 1.59 + +* Sun Aug 09 2015 Jonathan Wakely 2.0.0-2 +- Patch to set _XOPEN_SOURCE correctly (bug #1249703) + +* Sun Jul 26 2015 Volker Froehlich - 2.0.0-1 +- Disable charls support due to build issues +- Solve a string formatting and comment errors in the Perl swig template + +* Wed Jul 22 2015 Marek Kasik - 1.11.2-12 +- Rebuild (poppler-0.34.0) + +* Fri Jul 3 2015 José Matos - 1.11.2-11 +- Rebuild for armadillo 5(.xxx.y) + +* Wed Jun 17 2015 Fedora Release Engineering - 1.11.2-10 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Fri Jun 12 2015 Volker Fröhlich - 1.11.2-9 +- Rebuild for Perl's dropped module_compat_5.20.* + +* Tue Jun 09 2015 Dan Horák - 1.11.2-8 +- add upstream patch for poppler >= 31 + +* Sat Jun 06 2015 Jitka Plesnikova - 1.11.2-7 +- Perl 5.22 rebuild + +* Thu May 21 2015 Devrim Gündüz - 1.11.2-6 +- Fix proj soname in ogr/ogrct.cpp. Patch from Sandro Mani + Fixes #1212215. + +* Sun May 17 2015 Orion Poplawski - 1.11.2-5 +- Rebuild for hdf5 1.8.15 + +* Sat Apr 18 2015 Ralf Corsépius - 1.11.2-4 +- Rebuild for gcc-5.0.1 ABI changes. + +* Tue Mar 31 2015 Orion Poplawski - 1.11.2-3 +- Rebuild for g2clib fix + +* Wed Mar 11 2015 Devrim Gündüz - 1.11.2-2 +- Rebuilt for proj 4.9.1 + +* Tue Feb 17 2015 Volker Fröhlich - 1.11.2-1 +- New release +- Remove obsolete sqlite patch + +* Fri Jan 23 2015 Marek Kasik - 1.11.1-6 +- Rebuild (poppler-0.30.0) + +* Wed Jan 07 2015 Orion Poplawski - 1.11.1-5 +- Rebuild for hdf5 1.8.4 + +* Sat Dec 6 2014 Volker Fröhlich - 1.11.1-4 +- Apply upstream changeset 27949 to prevent a crash when using sqlite 3.8.7 + +* Tue Dec 2 2014 Jerry James - 1.11.1-3 +- Don't try to install perllocal.pod (bz 1161231) + +* Thu Nov 27 2014 Marek Kasik - 1.11.1-3 +- Rebuild (poppler-0.28.1) + +* Fri Nov 14 2014 Dan Horák - 1.11.1-2 +- update gdal-config for ppc64le + +* Thu Oct 2 2014 Volker Fröhlich - 1.11.1-1 +- New release +- Correct test suite source URL + +* Thu Aug 28 2014 Jitka Plesnikova - 1.11.0-9 +- Perl 5.20 rebuild + +* Mon Aug 25 2014 Devrim Gündüz - 1.11.0-7 +- Rebuilt for libgeotiff + +* Sat Aug 16 2014 Fedora Release Engineering - 1.11.0-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Thu Aug 14 2014 Volker Fröhlich - 1.11.0-6 +- Add aarch64 to gdal-config script (BZ#1129295) + +* Fri Jul 25 2014 Peter Robinson 1.11.0-5 +- rebuild (libspatialite) + +* Mon Jul 14 2014 Orion Poplawski - 1.11.0-4 +- Rebuild for libgeotiff 1.4.0 + +* Fri Jul 11 2014 Orion Poplawski - 1.11.0-3 +- Rebuild for libdap 3.13.1 + +* Sat Jun 07 2014 Fedora Release Engineering - 1.11.0-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Fri Apr 25 2014 Volker Fröhlich - 1.11.0-1 +- New upstream release +- Remove libgcj as BR, as it no longer exists in F21 +- Re-enable ogdi and spatialite where possible +- Adapt Python-BR to python2-devel +- Obsolete Ruby bindings, due to the suggestion of Even Rouault +- Preserve timestamp of Fedora README file +- Explicitly create HTML documentation with Doxygen +- Make test execution conditional +- Truncate changelog + +* Thu Apr 24 2014 Vít Ondruch - 1.10.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Changes/Ruby_2.1 + +* Fri Mar 28 2014 Michael Simacek - 1.10.1-6 +- Use Requires: java-headless rebuild (#1067528) + +* Fri Jan 10 2014 Orion Poplawski - 1.10.1-5 +- Rebuild for armadillo soname bump + +* Wed Jan 08 2014 Orion Poplawski - 1.10.1-4 +- Rebuild for cfitsio 3.360 + +* Thu Jan 02 2014 Orion Poplawski - 1.10.1-3 +- Rebuild for libwebp soname bump + +* Sat Sep 21 2013 Orion Poplawski - 1.10.1-2 +- Rebuild to pick up atlas 3.10 changes + +* Sun Sep 8 2013 Volker Fröhlich - 1.10.1-1 +- New upstream release + +* Fri Aug 23 2013 Orion Poplawski - 1.10.0-1 +- Update to 1.10.0 +- Enable PCRE support +- Drop man patch applied upstream +- Drop dods patch fixed upstream +- Add more tex BRs to handle changes in texlive packaging +- Fix man page install location + +* Mon Aug 19 2013 Marek Kasik - 1.9.2-12 +- Rebuild (poppler-0.24.0) + +* Sat Aug 03 2013 Fedora Release Engineering - 1.9.2-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Jul 17 2013 Petr Pisar - 1.9.2-10 +- Perl 5.18 rebuild + +* Thu Jul 11 2013 Orion Poplawski - 1.9.2-9 +- Rebuild for cfitsio 3.350 + +* Mon Jun 24 2013 Volker Fröhlich - 1.9.2-8 +- Rebuild for poppler 0.22.5 + +* Wed Jun 12 2013 Orion Poplawski - 1.9.2-7 +- Update Java/JNI for new guidelines, also fixes bug #908065 + +* Thu May 16 2013 Orion Poplawski - 1.9.2-6 +- Rebuild for hdf5 1.8.11 + +* Mon Apr 29 2013 Peter Robinson - 1.9.2-5 +- Rebuild for ARM libspatialite issue + +* Tue Mar 26 2013 Volker Fröhlich - 1.9.2-4 +- Rebuild for cfitsio 3.340 + +* Sun Mar 24 2013 Peter Robinson - 1.9.2-3 +- rebuild (libcfitsio) + +* Wed Mar 13 2013 Vít Ondruch - 1.9.2-2 +- Rebuild for https://fedoraproject.org/wiki/Features/Ruby_2.0.0 + +* Sun Mar 10 2013 Orion Poplawski - 1.9.2-1 +- Update to 1.9.2 +- Drop poppler and java-swig patches applied upstream + +* Fri Jan 25 2013 Devrim GÜNDÜZ - 1.9.1-18 +- Rebuild with geos 3.3.7. + +* Mon Jan 21 2013 Volker Fröhlich - 1.9.1-17 +- Rebuild due to libpoppler 0.22 + +* Fri Jan 18 2013 Adam Tkac - 1.9.1-16 +- rebuild due to "jpeg8-ABI" feature drop + +* Fri Dec 28 2012 Richard W.M. Jones - 1.9.1-15 +- Rebuild, see + http://lists.fedoraproject.org/pipermail/devel/2012-December/175685.html + +* Thu Dec 13 2012 Peter Robinson - 1.9.1-14 +- Tweak -fpic CFLAGS to fix FTBFS on ARM + +* Mon Dec 3 2012 Orion Poplawski - 1.9.1-13 +- Rebuild for hdf5 1.8.10 + +* Sun Dec 2 2012 Bruno Wolff III - 1.9.1-12 +- Rebuild for libspatialite soname bump + +* Thu Aug 9 2012 Volker Fröhlich - 1.9.1-11 +- Correct and extend conditionals for ppc andd ppc64, considering libspatialite + Related to BZ #846301 + +* Sun Jul 29 2012 José Matos - 1.9.1-10 +- Use the correct shell idiom "if true" instead of "if 1" + +* Sun Jul 29 2012 José Matos - 1.9.1-9 +- Ignore for the moment the test for armadillo (to be removed after gcc 4.7.2 release) + +* Fri Jul 27 2012 José Matos - 1.9.1-8 +- Rebuild for new armadillo + +* Fri Jul 20 2012 Peter Robinson - 1.9.1-7 +- Build with PIC + +* Thu Jul 19 2012 Fedora Release Engineering - 1.9.1-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Tue Jul 10 2012 Petr Pisar - 1.9.1-5 +- Perl 5.16 rebuild + +* Sat Jul 7 2012 Volker Fröhlich - 1.9.1-4 +- Delete unnecessary manpage, that seems to be created with + new Doxygen (1.8.1 or 1.8.1.1) + +* Mon Jul 2 2012 Marek Kasik - 1.9.1-3 +- Rebuild (poppler-0.20.1) + +* Mon Jun 11 2012 Petr Pisar - 1.9.1-2 +- Perl 5.16 rebuild + +* Wed May 23 2012 Volker Fröhlich - 1.9.1-1 +- New upstream release +- Update poppler patch +- Add cleaner script + +* Sun May 20 2012 Volker Fröhlich - 1.9.0-5 +- Patches for libpoppler 0.20, libdap 3.11.3 and swig 2.0.6 + +* Thu May 10 2012 Volker Fröhlich - 1.9.0-4 +- Correct provides-filtering as of https://fedoraproject.org/wiki/Packaging:AutoProvidesAndRequiresFiltering#Usage +- Support webp +- Remove bogus libjpeg-turbo conditional +- Update Ruby ABI version to 1.9.1 +- Install Ruby bindings to vendorarchdir on F17 and later +- Conditionals for Ruby specific elements for versions prior F17 and for EPEL +- Correct quotes for CFLAGS and Ruby +- Disable ogdi, until BZ#816282 is resolved + +* Wed Apr 25 2012 Orion Poplawski - 1.9.0-2 +- Rebuild for cfitsio 3.300 + +* Sun Feb 26 2012 Volker Fröhlich - 1.9.0-1 +- Completely re-work the original spec-file + The major changes are: +- Add a libs sub-package +- Move Python scripts to python sub-package +- Install the documentation in a better way and with less slack +- jar's filename is versionless +- Update the version in the Maven pom automatically +- Add a plugins directory +- Add javadoc package and make the man sub-package noarch +- Support many additional formats +- Drop static sub-package as no other package uses it as BR +- Delete included libs before building +- Drop all patches, switch to a patch for the manpages, patch for JAVA path +- Harmonize the use of buildroot and RPM_BUILD_ROOT +- Introduce testversion macro + +* Sun Feb 19 2012 Volker Fröhlich - 1.7.3-14 +- Require Ruby abi +- Add patch for Ruby 1.9 include dir, back-ported from GDAL 1.9 +- Change version string for gdal-config from -fedora to + +- Revert installation path for Ruby modules, as it proofed wrong +- Use libjpeg-turbo + +* Thu Feb 9 2012 Volker Fröhlich - 1.7.3-13 +- Rebuild for Ruby 1.9 + http://lists.fedoraproject.org/pipermail/ruby-sig/2012-January/000805.html + +* Tue Jan 10 2012 Volker Fröhlich - 1.7.3-12 +- Remove FC10 specific patch0 +- Versioned MODULE_COMPAT_ Requires for Perl (BZ 768265) +- Add isa macro to base package Requires +- Remove conditional for xerces_c in EL6, as EL6 has xerces_c + even for ppc64 via EPEL +- Remove EL4 conditionals +- Replace the python_lib macro definition and install Python bindings + to sitearch directory, where they belong +- Use correct dap library names for linking +- Correct Ruby installation path in the Makefile instead of moving it later +- Use libdir variable in ppc64 Python path +- Delete obsolete chmod for Python libraries +- Move correction for Doxygen footer to prep section +- Delete bundled libraries before building +- Build without bsb and remove it from the tarball +- Use mavenpomdir macro and be a bit more precise on manpages in + the files section +- Remove elements for grass support --> Will be replaced by plug-in +- Remove unnecessary defattr +- Correct version number in POM +- Allow for libpng 1.5 + +* Tue Dec 06 2011 Adam Jackson - 1.7.3-11 +- Rebuild for new libpng + +* Tue May 17 2011 Orion Poplawski - 1.7.3-10 +- Rebuild for hdf5 1.8.7 + +* Fri Apr 22 2011 Volker Fröhlich - 1.7.3-9 +- Patched spaces problem for Mapinfo files (mif) + (http://trac.osgeo.org/gdal/ticket/3694) +- Replaced all define macros with global +- Corrected ruby_sitelib to ruby_sitearch +- Use python_lib and ruby_sitearch instead of generating lists +- Added man-pages for binaries +- Replaced mkdir and install macros +- Removed Python files from main package files section, that + effectively already belonged to the Python sub-package + +* Mon Apr 11 2011 Volker Fröhlich - 1.7.3-8 +- Solved image path problem with Latex +- Removed with-tiff and updated with-sqlite to with-sqlite3 +- Add more refman documents +- Adapted refman loop to actual directories +- Harmonized buildroot macro use + +* Thu Mar 31 2011 Orion Poplawski - 1.7.3-7 +- Rebuild for netcdf 4.1.2 + +* Wed Mar 23 2011 Dan Horák - 1.7.3-6 +- rebuilt for mysql 5.5.10 (soname bump in libmysqlclient) + +* Sun Mar 20 2011 Volker Fröhlich - 1.7.3-5 +- Dropped unnecessary encoding conversion for Russian refman +- Install Russian refman +- Don't try to install refman for sdts and dgn, as they fail to compile +- Added -p to post and postun +- Remove private-shared-object-provides for Python and Perl +- Remove installdox scripts +- gcc 4.6 doesn't accept -Xcompiler + +* Thu Mar 10 2011 Kalev Lember - 1.7.3-4 +- Rebuilt with xerces-c 3.1 + +* Tue Feb 08 2011 Fedora Release Engineering - 1.7.3-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Sun Nov 21 2010 Viji Nair - 1.7.3-2 +- Install all the generated pdf documentation. +- Build documentation as a separate package. +- Spec cleanup + +* Fri Nov 19 2010 Viji Nair - 1.7.3-1 +- Update to latest upstream version +- Added jnis +- Patches updated with proper version info +- Added suggestions from Ralph Apel + + Versionless symlink for gdal.jar + + Maven2 pom + + JPP-style depmap + + Use -f XX.files for ruby and python diff --git a/SPECS-EXTENDED/gdal/gdal_utils.patch b/SPECS-EXTENDED/gdal/gdal_utils.patch new file mode 100644 index 00000000000..e9bde4c3dfc --- /dev/null +++ b/SPECS-EXTENDED/gdal/gdal_utils.patch @@ -0,0 +1,39 @@ +diff -rupN --no-dereference gdal-3.6.3-fedora/frmts/iso8211/CMakeLists.txt gdal-3.6.3-fedora-new/frmts/iso8211/CMakeLists.txt +--- gdal-3.6.3-fedora/frmts/iso8211/CMakeLists.txt 2023-03-07 18:14:55.000000000 +0100 ++++ gdal-3.6.3-fedora-new/frmts/iso8211/CMakeLists.txt 2023-03-14 09:21:05.455845507 +0100 +@@ -15,15 +15,18 @@ gdal_standard_includes(gdal_iso8211) + + # Because linking an OBJECT library + if (CMAKE_VERSION VERSION_GREATER_EQUAL 3.12) +- add_executable(8211dump EXCLUDE_FROM_ALL 8211dump.cpp) ++ add_executable(8211dump 8211dump.cpp) + target_include_directories(8211dump PRIVATE $) + target_link_libraries(8211dump PRIVATE $ gdal_iso8211) ++ install(TARGETS 8211dump RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) + +- add_executable(8211view EXCLUDE_FROM_ALL 8211view.cpp) ++ add_executable(8211view 8211view.cpp) + target_include_directories(8211view PRIVATE $) + target_link_libraries(8211view PRIVATE $ gdal_iso8211) ++ install(TARGETS 8211view RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) + +- add_executable(8211createfromxml EXCLUDE_FROM_ALL 8211createfromxml.cpp) ++ add_executable(8211createfromxml 8211createfromxml.cpp) + target_include_directories(8211createfromxml PRIVATE $) + target_link_libraries(8211createfromxml PRIVATE $ gdal_iso8211) ++ install(TARGETS 8211createfromxml RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) + endif () +diff -rupN --no-dereference gdal-3.6.3-fedora/ogr/ogrsf_frmts/s57/CMakeLists.txt gdal-3.6.3-fedora-new/ogr/ogrsf_frmts/s57/CMakeLists.txt +--- gdal-3.6.3-fedora/ogr/ogrsf_frmts/s57/CMakeLists.txt 2023-03-07 18:14:55.000000000 +0100 ++++ gdal-3.6.3-fedora-new/ogr/ogrsf_frmts/s57/CMakeLists.txt 2023-03-14 09:21:05.455845507 +0100 +@@ -17,8 +17,9 @@ target_include_directories(ogr_S57 PRIVA + gdal_standard_includes(ogr_S57) + + if (CMAKE_VERSION VERSION_GREATER_EQUAL 3.12) +- add_executable(s57dump EXCLUDE_FROM_ALL s57dump.cpp) ++ add_executable(s57dump s57dump.cpp) + gdal_standard_includes(s57dump) + target_include_directories(s57dump PRIVATE $) + target_link_libraries(s57dump PRIVATE $ ogr_S57 gdal_iso8211) ++ install(TARGETS s57dump RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}) + endif () diff --git a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md index d3d7c5c58d1..145eab5bedf 100644 --- a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md +++ b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md @@ -5,7 +5,7 @@ The CBL-Mariner SPEC files originated from a variety of sources with varying lic | CentOS | [MIT](https://www.centos.org/legal/#licensing-policy) | crash-ptdump-command
delve
fstrm
nodejs-nodemon
rhnlib
rt-setup
rt-tests
rtctl
tuned | | Ceph source | [LGPL2.1](https://github.com/ceph/ceph/blob/master/COPYING-LGPL2.1) | ceph | | Debian | [MIT](https://opensource.org/licenses/MIT) | prometheus-process-exporter | -| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | a52dec
abseil-cpp
accountsservice
acpica-tools
acpid
adcli
adobe-mappings-cmap
adobe-mappings-pdf
advancecomp
adwaita-icon-theme
afflib
aide
alsa-firmware
alsa-plugins
amtk
amtterm
annobin
ansible-freeipa
archivemount
argparse-manpage
arptables
arpwatch
asio
aspell
aspell-en
at
at-spi2-atk
at-spi2-core
atf
atk
atop
attr
audiofile
augeas
authbind
authd
authselect
autoconf213
avahi
babeltrace
babeltrace2
babl
baekmuk-ttf-fonts
bats
bcache-tools
biosdevname
blosc
bluez
bmake
bogofilter
bolt
boom-boot
booth
botan2
breezy
brotli
buildah
busybox
bwidget
byacc
ca-certificates
cachefilesd
cairomm
calamares
capstone
catatonit
catch
catch1
cdrdao
celt051
cereal
certmonger
cfitsio
cgdcbxd
chan
CharLS
checkpolicy
checksec
chrony
cim-schema
cjkuni-uming-fonts
cjose
cldr-emoji-annotation
clucene
clutter
clutter-gst3
clutter-gtk
cmocka
cogl
collectd
colm
color-filesystem
colord
colorize
compat-lua
compiler-rt
conda
conmon
conntrack-tools
console-setup
container-exception-logger
containernetworking-plugins
convmv
corosync
corosync-qdevice
cpp-hocon
cppcheck
cpprest
cpptest
cpuid
criu
crypto-policies
cryptsetup
cscope
ctags
CUnit
cups
custodia
Cython
dbus-c++
dbus-python
dbxtool
dconf
dcraw
debootstrap
deltarpm
desktop-file-utils
device-mapper-persistent-data
dietlibc
diffstat
ding-libs
discount
distribution-gpg-keys
dleyna-connector-dbus
dleyna-core
dmraid
dnf
dnf-plugins-core
docbook-dtds
docbook-simple
docbook-slides
docbook-style-dsssl
docbook-utils
docbook2X
docbook5-schemas
docbook5-style-xsl
dogtail
dos2unix
dotconf
dovecot
dpdk
dpkg
driverctl
dropwatch
drpm
dumpet
dvd+rw-tools
dwarves
dwz
dyninst
ebtables
edac-utils
edk2
efax
efi-rpm-macros
egl-wayland
eglexternalplatform
elinks
enca
enchant
enchant2
enscript
environment-modules
evemu
execstack
exempi
exiv2
extra-cmake-modules
fabtests
facter
fakechroot
fakeroot
fapolicyd
fdk-aac-free
fdupes
fence-virt
fetchmail
fftw
filebench
fio
fipscheck
firewalld
fish
flac
flatbuffers
flite
fltk
fmt
fontawesome-fonts
fontpackages
fonts-rpm-macros
foomatic-db
freeglut
freeipmi
freeradius
freetds
freexl
fribidi
fros
frr
fsverity-utils
fuse-overlayfs
fuse-sshfs
fuse-zip
fuse3
future
fxload
gavl
gconf-editor
GConf2
gcovr
gcr
gdisk
gdk-pixbuf2
generic-logos
genwqe-tools
geoclue2
GeoIP
GeoIP-GeoLite-data
geolite2
geos
gfs2-utils
ghc-srpm-macros
giflib
gl-manpages
glew
glm
glog
glusterfs
gnome-desktop-testing
gnome-doc-utils
gnome-icon-theme
gnome-keyring
gnu-efi
go-rpm-macros
gom
google-api-python-client
google-crosextra-caladea-fonts
google-crosextra-carlito-fonts
google-guice
google-noto-cjk-fonts
google-noto-emoji-fonts
google-roboto-slab-fonts
gphoto2
gpm
gpsbabel
graphene
graphite2
graphviz
grubby
gsettings-desktop-schemas
gsl
gsm
gspell
gssdp
gssntlmssp
gstreamer1
gstreamer1-plugins-base
gtk-vnc
gtk2
gtk3
gtkspell
gupnp
gupnp-av
gupnp-dlna
gupnp-igd
hardening-check
hdf
hdf5
heimdal
help2man
hexedit
hicolor-icon-theme
hiera
highlight
hivex
hostname
hsakmt
htop
hunspell
hunspell-af
hunspell-ar
hunspell-as
hunspell-ast
hunspell-az
hunspell-be
hunspell-bg
hunspell-bn
hunspell-br
hunspell-ca
hunspell-cop
hunspell-csb
hunspell-cv
hunspell-cy
hunspell-da
hunspell-de
hunspell-dsb
hunspell-el
hunspell-en
hunspell-eo
hunspell-es
hunspell-et
hunspell-eu
hunspell-fa
hunspell-fj
hunspell-fo
hunspell-fr
hunspell-fur
hunspell-fy
hunspell-ga
hunspell-gd
hunspell-gl
hunspell-grc
hunspell-gu
hunspell-gv
hunspell-haw
hunspell-hi
hunspell-hil
hunspell-hr
hunspell-hsb
hunspell-ht
hunspell-hu
hunspell-hy
hunspell-ia
hunspell-id
hunspell-is
hunspell-it
hunspell-kk
hunspell-km
hunspell-kn
hunspell-ko
hunspell-ku
hunspell-ky
hunspell-la
hunspell-lb
hunspell-ln
hunspell-mai
hunspell-mg
hunspell-mi
hunspell-mk
hunspell-ml
hunspell-mn
hunspell-mos
hunspell-mr
hunspell-ms
hunspell-mt
hunspell-nds
hunspell-ne
hunspell-nl
hunspell-no
hunspell-nr
hunspell-nso
hunspell-ny
hunspell-om
hunspell-or
hunspell-pa
hunspell-pl
hunspell-pt
hunspell-quh
hunspell-ro
hunspell-ru
hunspell-rw
hunspell-se
hunspell-shs
hunspell-si
hunspell-sk
hunspell-sl
hunspell-smj
hunspell-so
hunspell-sq
hunspell-sr
hunspell-sv
hunspell-sw
hunspell-ta
hunspell-te
hunspell-tet
hunspell-th
hunspell-tk
hunspell-tl
hunspell-tn
hunspell-tpi
hunspell-ts
hunspell-uk
hunspell-uz
hunspell-ve
hunspell-vi
hunspell-wa
hunspell-xh
hunspell-yi
hwdata
hwloc
hyperscan
hyperv-daemons
hyphen
hyphen-as
hyphen-bg
hyphen-bn
hyphen-ca
hyphen-da
hyphen-de
hyphen-el
hyphen-es
hyphen-fa
hyphen-fo
hyphen-fr
hyphen-ga
hyphen-gl
hyphen-grc
hyphen-gu
hyphen-hi
hyphen-hsb
hyphen-hu
hyphen-ia
hyphen-id
hyphen-is
hyphen-it
hyphen-kn
hyphen-ku
hyphen-lt
hyphen-mi
hyphen-ml
hyphen-mn
hyphen-mr
hyphen-nl
hyphen-or
hyphen-pa
hyphen-pl
hyphen-pt
hyphen-ro
hyphen-ru
hyphen-sa
hyphen-sk
hyphen-sl
hyphen-sv
hyphen-ta
hyphen-te
hyphen-tk
hyphen-uk
ibus
ibus-chewing
ibus-hangul
ibus-kkc
ibus-libzhuyin
ibus-m17n
ibus-rawcode
ibus-sayura
ibus-table
ibus-table-chinese
icc-profiles-openicc
icon-naming-utils
icoutils
iftop
iio-sensor-proxy
ilmbase
im-chooser
imaptest
imsettings
indent
infinipath-psm
inih
iniparser
intel-cmt-cat
intel-ipsec-mb
ioping
IP2Location
ipa-pgothic-fonts
ipcalc
ipmitool
iprutils
iptraf-ng
iptstate
irssi
iscsi-initiator-utils
isns-utils
iso-codes
isomd5sum
iw
iwd
jabberpy
jasper
javapackages-bootstrap
javapackages-tools
jbigkit
jdom2
jemalloc
jfsutils
jimtcl
jose
js-jquery
jsoncpp
Judy
kata-containers
kde-filesystem
kde-settings
kexec-tools
keybinder3
keycloak-httpd-client-install
kf5
kf5-kconfig
kf5-kcoreaddons
kf5-ki18n
kf5-kwidgetsaddons
kpmcore
kronosnet
ksh
kyotocabinet
kyua
ladspa
lame
langtable
lapack
lasso
latencytop
lato-fonts
lcms2
lcov
ldns
leatherman
ledmon
lensfun
leveldb
lftp
libabw
libaec
libao
libappstream-glib
libart_lgpl
libasyncns
libatasmart
libavc1394
libblockdev
libbpf
libbsd
libburn
libbytesize
libcacard
libcanberra
libcdio
libcdio-paranoia
libcdr
libcgroup
libchewing
libcli
libcmis
libcmpiutil
libcomps
libcroco
libdaemon
libdap
libdatrie
libdazzle
libdbi
libdbi-drivers
libdbusmenu
libdc1394
libdeflate
libdmx
libdnf
libdrm
libdvdnav
libdvdread
libdwarf
libeasyfc
libecap
libecb
libell
libEMF
libeot
libepoxy
libepubgen
libesmtp
libetonyek
libev
libevdev
libewf
libexif
libexttextcat
libfabric
libfontenc
libfreehand
libftdi
libgadu
libgdither
libgee
libgee06
libgeotiff
libgexiv2
libgit2
libgit2-glib
libglade2
libglvnd
libgovirt
libgphoto2
libgsf
libgta
libguestfs
libgusb
libgxim
libgxps
libhangul
libhugetlbfs
libibcommon
libical
libICE
libicns
libid3tag
libIDL
libidn2
libiec61883
libieee1284
libimobiledevice
libindicator
libinput
libiodbc
libipt
libiptcdata
libiscsi
libisoburn
libisofs
libjcat
libkcapi
libkeepalive
libkkc
libkkc-data
libkml
liblangtag
libldb
libldm
liblerc
liblockfile
liblognorm
liblouis
liblqr-1
liblzf
libmad
libmediaart
libmicrohttpd
libmikmod
libmodman
libmodplug
libmodulemd1
libmpcdec
libmspub
libmtp
libmusicbrainz5
libmwaw
libnbd
libnet
libnetfilter_log
libnfs
libnotify
libntlm
libnumbertext
liboauth
libodfgen
libofa
libogg
liboggz
liboil
libomxil-bellagio
libopenraw
liboping
libosinfo
libotf
libotr
libpagemaker
libpaper
libpciaccess
libpeas
libpfm
libpinyin
libplist
libpmemobj-cpp
libpng12
libpng15
libproxy
libpsm2
libpwquality
libqb
libqxp
libraqm
LibRaw
libraw1394
libreport
libreswan
librevenge
librsvg2
librx
libsamplerate
libsass
libsecret
libsemanage
libsigc++20
libsigsegv
libslirp
libSM
libsmbios
libsmi
libsndfile
libsodium
libspiro
libsrtp
libssh
libstaroffice
libstemmer
libstoragemgmt
libtdb
libteam
libtevent
libthai
libtnc
libtomcrypt
libtommath
libtraceevent
libtranslit
libucil
libunicap
libuninameslist
liburing
libusbmuxd
libuser
libutempter
libvarlink
libverto
libvirt-dbus
libvirt-glib
libvirt-java
libvirt-python
libvisio
libvisual
libvoikko
libvorbis
libvpx
libwacom
libwnck3
libwpd
libwpe
libwpg
libwps
libwvstreams
libX11
libXau
libXaw
libxcb
libXcomposite
libxcrypt
libXcursor
libXdamage
libXdmcp
libXext
libxfce4util
libXfixes
libXfont2
libXft
libXi
libXinerama
libxkbcommon
libxkbfile
libxklavier
libxmlb
libXmu
libXpm
libXrandr
libXrender
libXres
libXScrnSaver
libxshmfence
libXt
libXtst
libXv
libXxf86vm
libyami
libyang
libyubikey
libzip
libzmf
lilv
linuxconsoletools
linuxptp
lksctp-tools
lldpd
lockdev
logwatch
lpsolve
lrzsz
lua
lua-expat
lua-filesystem
lua-json
lua-lpeg
lua-lunit
lua-rpm-macros
lua-term
luajit
luksmeta
lutok
lv2
lzip
lzop
m17n-db
m17n-lib
mac-robber
mailcap
mailx
malaga
malaga-suomi-voikko
mallard-rng
man-pages-cs
man-pages-es
man-pages-it
man-pages-ja
man-pages-ko
man-pages-pl
man-pages-ru
man-pages-zh-CN
mariadb-connector-c
mariadb-connector-odbc
marisa
maven-compiler-plugin
maven-jar-plugin
maven-resolver
maven-resources-plugin
maven-surefire
maven-wagon
mcelog
mcpp
mcstrans
mdadm
mdds
meanwhile
mecab
mecab-ipadic
media-player-info
memcached
memkind
mesa
mesa-libGLU
metis
microcode_ctl
microdnf
minicom
minizip
mksh
mobile-broadband-provider-info
mock
mock-core-configs
mod_auth_gssapi
mod_auth_mellon
mod_auth_openidc
mod_authnz_pam
mod_fcgid
mod_http2
mod_intercept_form_submit
mod_lookup_identity
mod_md
mod_security
mod_security_crs
mod_wsgi
mokutil
mpage
mrtg
mstflint
mt-st
mtdev
mtools
mtr
mtx
multilib-rpm-config
munge
mutt
mythes
mythes-bg
mythes-ca
mythes-cs
mythes-da
mythes-de
mythes-el
mythes-en
mythes-eo
mythes-es
mythes-fr
mythes-ga
mythes-hu
mythes-mi
mythes-ne
mythes-nl
mythes-pl
mythes-pt
mythes-ro
mythes-ru
mythes-sk
mythes-sl
mythes-sv
mythes-uk
nbd
nbdkit
neon
netavark
netcdf
netcf
netlabel_tools
netpbm
netsniff-ng
nfs4-acl-tools
nftables
nilfs-utils
nkf
nload
nlopt
nodejs-packaging
nss-pam-ldapd
nss_nis
nss_wrapper
ntfs-3g
ntfs-3g-system-compression
numad
numatop
numpy
nvmetcli
nvml
oath-toolkit
ocaml
ocaml-alcotest
ocaml-astring
ocaml-base
ocaml-bigarray-compat
ocaml-bisect-ppx
ocaml-calendar
ocaml-camlp5
ocaml-camomile
ocaml-cinaps
ocaml-cmdliner
ocaml-compiler-libs-janestreet
ocaml-cppo
ocaml-csexp
ocaml-csv
ocaml-ctypes
ocaml-curses
ocaml-dune
ocaml-extlib
ocaml-fileutils
ocaml-findlib
ocaml-fmt
ocaml-fpath
ocaml-gettext
ocaml-integers
ocaml-libvirt
ocaml-luv
ocaml-lwt
ocaml-markup
ocaml-migrate-parsetree
ocaml-mmap
ocaml-num
ocaml-ocamlbuild
ocaml-ocplib-endian
ocaml-ounit
ocaml-parsexp
ocaml-ppx-derivers
ocaml-ppxlib
ocaml-re
ocaml-react
ocaml-result
ocaml-seq
ocaml-sexplib
ocaml-sexplib0
ocaml-stdio
ocaml-topkg
ocaml-tyxml
ocaml-uuidm
ocaml-uutf
ocaml-xml-light
ocaml-zarith
ocl-icd
oddjob
ogdi
omping
opa
opal
open-vm-tools
openblas
opencc
opencl-filesystem
opencl-headers
opencryptoki
opencsd
opendnssec
OpenEXR
openjade
openjpeg2
openmpi
openobex
openoffice-lv
openrdate
opensc
openslp
opensm
opensp
openssl
openssl-ibmpkcs11
openssl-pkcs11
openwsman
optipng
opus
opusfile
orangefs
ORBit2
orc
os-prober
osinfo-db
osinfo-db-tools
overpass-fonts
p11-kit
p7zip
pacemaker
pacrunner
pakchois
pam_krb5
pam_wrapper
papi
paps
parallel
patchelf
patchutils
pbzip2
pcp
pcsc-lite
pcsc-lite-ccid
PEGTL
perl
perl-Algorithm-C3
perl-Algorithm-Diff
perl-Alien-Build
perl-Alien-pkgconf
perl-AnyEvent
perl-AnyEvent-AIO
perl-AnyEvent-BDB
perl-App-cpanminus
perl-App-FatPacker
perl-AppConfig
perl-Archive-Extract
perl-Archive-Zip
perl-Authen-SASL
perl-B-Debug
perl-B-Hooks-EndOfScope
perl-B-Hooks-OP-Check
perl-B-Keywords
perl-B-Lint
perl-bareword-filehandles
perl-BDB
perl-Bit-Vector
perl-boolean
perl-Browser-Open
perl-BSD-Resource
perl-Business-ISBN
perl-Business-ISBN-Data
perl-Bytes-Random-Secure
perl-Capture-Tiny
perl-Carp-Clan
perl-CBOR-XS
perl-Class-Accessor
perl-Class-C3
perl-Class-C3-XS
perl-Class-Data-Inheritable
perl-Class-Factory-Util
perl-Class-Inspector
perl-Class-ISA
perl-Class-Load
perl-Class-Load-XS
perl-Class-Method-Modifiers
perl-Class-Singleton
perl-Class-Tiny
perl-Class-XSAccessor
perl-Clone
perl-Color-ANSI-Util
perl-Color-RGB-Util
perl-ColorThemeBase-Static
perl-ColorThemeRole-ANSI
perl-ColorThemes-Standard
perl-ColorThemeUtil-ANSI
perl-Compress-Bzip2
perl-Compress-LZF
perl-Compress-Raw-Lzma
perl-Config-AutoConf
perl-Config-INI
perl-Config-INI-Reader-Multiline
perl-Config-IniFiles
perl-Config-Simple
perl-Config-Tiny
perl-Const-Fast
perl-Convert-ASN1
perl-Convert-Bencode
perl-Coro
perl-Coro-Multicore
perl-CPAN-Changes
perl-CPAN-DistnameInfo
perl-CPAN-Meta-Check
perl-Cpanel-JSON-XS
perl-Crypt-CBC
perl-Crypt-DES
perl-Crypt-IDEA
perl-Crypt-OpenSSL-Bignum
perl-Crypt-OpenSSL-Guess
perl-Crypt-OpenSSL-Random
perl-Crypt-OpenSSL-RSA
perl-Crypt-PasswdMD5
perl-Crypt-Random-Seed
perl-CSS-Tiny
perl-Data-Dump
perl-Data-Munge
perl-Data-OptList
perl-Data-Peek
perl-Data-Section
perl-Data-UUID
perl-Date-Calc
perl-Date-ISO8601
perl-Date-Manip
perl-DateTime
perl-DateTime-Format-Builder
perl-DateTime-Format-DateParse
perl-DateTime-Format-HTTP
perl-DateTime-Format-IBeat
perl-DateTime-Format-ISO8601
perl-DateTime-Format-Mail
perl-DateTime-Format-Strptime
perl-DateTime-Locale
perl-DateTime-TimeZone
perl-DateTime-TimeZone-SystemV
perl-DateTime-TimeZone-Tzfile
perl-DBD-MySQL
perl-Devel-CallChecker
perl-Devel-Caller
perl-Devel-CheckBin
perl-Devel-CheckLib
perl-Devel-Cycle
perl-Devel-EnforceEncapsulation
perl-Devel-GlobalDestruction
perl-Devel-GlobalDestruction-XS
perl-Devel-Hide
perl-Devel-Leak
perl-Devel-LexAlias
perl-Devel-Size
perl-Devel-StackTrace
perl-Devel-Symdump
perl-Digest-BubbleBabble
perl-Digest-CRC
perl-Digest-HMAC
perl-Digest-SHA1
perl-Dist-CheckConflicts
perl-DynaLoader-Functions
perl-Email-Address
perl-Email-Date-Format
perl-Encode-Detect
perl-Encode-EUCJPASCII
perl-Encode-IMAPUTF7
perl-Encode-Locale
perl-Env-ShellWords
perl-Error
perl-EV
perl-Eval-Closure
perl-Event
perl-Exception-Class
perl-Expect
perl-ExtUtils-Config
perl-ExtUtils-Depends
perl-ExtUtils-Helpers
perl-ExtUtils-InstallPaths
perl-ExtUtils-PkgConfig
perl-FCGI
perl-Fedora-VSP
perl-FFI-CheckLib
perl-File-BaseDir
perl-File-BOM
perl-File-chdir
perl-File-CheckTree
perl-File-Copy-Recursive
perl-File-DesktopEntry
perl-File-Find-Object
perl-File-Find-Object-Rule
perl-File-Find-Rule
perl-File-Find-Rule-Perl
perl-File-Inplace
perl-File-Listing
perl-File-MimeInfo
perl-File-pushd
perl-File-ReadBackwards
perl-File-Remove
perl-File-ShareDir
perl-File-ShareDir-Install
perl-File-Slurp
perl-File-Slurp-Tiny
perl-File-Slurper
perl-File-Type
perl-Font-TTF
perl-FreezeThaw
perl-GD
perl-GD-Barcode
perl-generators
perl-Getopt-ArgvFile
perl-gettext
perl-Graphics-ColorNamesLite-WWW
perl-GSSAPI
perl-Guard
perl-Hook-LexWrap
perl-HTML-Parser
perl-HTML-Tagset
perl-HTML-Tree
perl-HTTP-Cookies
perl-HTTP-Daemon
perl-HTTP-Date
perl-HTTP-Message
perl-HTTP-Negotiate
perl-Image-Base
perl-Image-Info
perl-Image-Xbm
perl-Image-Xpm
perl-Import-Into
perl-Importer
perl-inc-latest
perl-indirect
perl-Inline-Files
perl-IO-AIO
perl-IO-All
perl-IO-CaptureOutput
perl-IO-Compress-Lzma
perl-IO-HTML
perl-IO-Multiplex
perl-IO-SessionData
perl-IO-Socket-INET6
perl-IO-String
perl-IO-stringy
perl-IO-Tty
perl-IPC-Run
perl-IPC-Run3
perl-IPC-System-Simple
perl-JSON
perl-JSON-Color
perl-JSON-MaybeXS
perl-LDAP
perl-libnet
perl-libwww-perl
perl-libxml-perl
perl-Lingua-EN-Inflect
perl-List-MoreUtils-XS
perl-local-lib
perl-Locale-Codes
perl-Locale-Maketext-Gettext
perl-Locale-Msgfmt
perl-Locale-PO
perl-Log-Message
perl-Log-Message-Simple
perl-LWP-MediaTypes
perl-LWP-Protocol-https
perl-Mail-AuthenticationResults
perl-Mail-DKIM
perl-Mail-IMAPTalk
perl-Mail-SPF
perl-MailTools
perl-Math-Int64
perl-Math-Random-ISAAC
perl-MIME-Charset
perl-MIME-Lite
perl-MIME-Types
perl-Mixin-Linewise
perl-MLDBM
perl-Mock-Config
perl-Module-Build-Tiny
perl-Module-CPANfile
perl-Module-Implementation
perl-Module-Install-AuthorRequires
perl-Module-Install-AuthorTests
perl-Module-Install-AutoLicense
perl-Module-Install-GithubMeta
perl-Module-Install-ManifestSkip
perl-Module-Install-ReadmeFromPod
perl-Module-Install-ReadmeMarkdownFromPod
perl-Module-Install-Repository
perl-Module-Install-TestBase
perl-Module-Load-Util
perl-Module-Manifest
perl-Module-Manifest-Skip
perl-Module-Package
perl-Module-Package-Au
perl-Module-Pluggable
perl-Module-Runtime
perl-Module-Signature
perl-Mojolicious
perl-Moo
perl-Mozilla-CA
perl-Mozilla-LDAP
perl-MRO-Compat
perl-multidimensional
perl-namespace-autoclean
perl-namespace-clean
perl-Net-CIDR-Lite
perl-Net-Daemon
perl-Net-DNS
perl-Net-DNS-Resolver-Mock
perl-Net-DNS-Resolver-Programmable
perl-Net-HTTP
perl-Net-IMAP-Simple
perl-Net-IMAP-Simple-SSL
perl-Net-LibIDN2
perl-Net-Patricia
perl-Net-SMTP-SSL
perl-Net-SNMP
perl-Net-Telnet
perl-Newt
perl-NNTPClient
perl-NTLM
perl-Number-Compare
perl-Object-Deadly
perl-Object-HashBase
perl-Package-Anon
perl-Package-Constants
perl-Package-DeprecationManager
perl-Package-Generator
perl-Package-Stash
perl-Package-Stash-XS
perl-PadWalker
perl-Paper-Specs
perl-PAR-Dist
perl-Parallel-Iterator
perl-Params-Classify
perl-Params-Util
perl-Params-Validate
perl-Params-ValidationCompiler
perl-Parse-PMFile
perl-Parse-RecDescent
perl-Parse-Yapp
perl-Path-Tiny
perl-Perl-Critic
perl-Perl-Critic-More
perl-Perl-Destruct-Level
perl-Perl-MinimumVersion
perl-Perl4-CoreLibs
perl-PerlIO-gzip
perl-PerlIO-utf8_strict
perl-PkgConfig-LibPkgConf
perl-Pod-Coverage
perl-Pod-Coverage-TrustPod
perl-Pod-Escapes
perl-Pod-Eventual
perl-Pod-LaTeX
perl-Pod-Markdown
perl-Pod-Parser
perl-Pod-Plainer
perl-Pod-POM
perl-Pod-Spell
perl-PPI
perl-PPI-HTML
perl-PPIx-QuoteLike
perl-PPIx-Regexp
perl-PPIx-Utilities
perl-prefork
perl-Probe-Perl
perl-Razor-Agent
perl-Readonly
perl-Readonly-XS
perl-Ref-Util
perl-Ref-Util-XS
perl-Regexp-Pattern-Perl
perl-Return-MultiLevel
perl-Role-Tiny
perl-Scope-Guard
perl-Scope-Upper
perl-SGMLSpm
perl-SNMP_Session
perl-Socket6
perl-Software-License
perl-Sort-Versions
perl-Specio
perl-Spiffy
perl-strictures
perl-String-CRC32
perl-String-Format
perl-String-ShellQuote
perl-String-Similarity
perl-Sub-Exporter
perl-Sub-Exporter-Progressive
perl-Sub-Identify
perl-Sub-Info
perl-Sub-Install
perl-Sub-Name
perl-Sub-Quote
perl-Sub-Uplevel
perl-SUPER
perl-Switch
perl-Syntax-Highlight-Engine-Kate
perl-Sys-CPU
perl-Sys-MemInfo
perl-Sys-Virt
perl-Taint-Runtime
perl-Task-Weaken
perl-Term-Size-Any
perl-Term-Size-Perl
perl-Term-Table
perl-Term-UI
perl-TermReadKey
perl-Test-Base
perl-Test-ClassAPI
perl-Test-CPAN-Meta
perl-Test-CPAN-Meta-JSON
perl-Test-Deep
perl-Test-Differences
perl-Test-DistManifest
perl-Test-Distribution
perl-Test-EOL
perl-Test-Exception
perl-Test-Exit
perl-Test-FailWarnings
perl-Test-Fatal
perl-Test-File
perl-Test-File-ShareDir
perl-Test-Harness
perl-Test-HasVersion
perl-Test-InDistDir
perl-Test-Inter
perl-Test-LeakTrace
perl-Test-LongString
perl-Test-Manifest
perl-Test-Memory-Cycle
perl-Test-MinimumVersion
perl-Test-MockObject
perl-Test-MockRandom
perl-Test-Needs
perl-Test-NoTabs
perl-Test-NoWarnings
perl-Test-Object
perl-Test-Output
perl-Test-Pod
perl-Test-Pod-Coverage
perl-Test-Portability-Files
perl-Test-Requires
perl-Test-RequiresInternet
perl-Test-Script
perl-Test-Simple
perl-Test-SubCalls
perl-Test-Synopsis
perl-Test-Taint
perl-Test-TrailingSpace
perl-Test-utf8
perl-Test-Vars
perl-Test-Warn
perl-Test-Without-Module
perl-Test2-Plugin-NoWarnings
perl-Test2-Suite
perl-Test2-Tools-Explain
perl-Text-CharWidth
perl-Text-CSV_XS
perl-Text-Diff
perl-Text-Glob
perl-Text-Iconv
perl-Text-Soundex
perl-Text-Unidecode
perl-Text-WrapI18N
perl-Tie-IxHash
perl-TimeDate
perl-Tree-DAG_Node
perl-Unicode-EastAsianWidth
perl-Unicode-LineBreak
perl-Unicode-Map8
perl-Unicode-String
perl-Unicode-UTF8
perl-UNIVERSAL-can
perl-UNIVERSAL-isa
perl-Unix-Syslog
perl-URI
perl-Variable-Magic
perl-Version-Requirements
perl-WWW-RobotRules
perl-XML-Catalog
perl-XML-DOM
perl-XML-Dumper
perl-XML-Filter-BufferText
perl-XML-Generator
perl-XML-Grove
perl-XML-Handler-YAWriter
perl-XML-LibXML
perl-XML-LibXSLT
perl-XML-NamespaceSupport
perl-XML-Parser-Lite
perl-XML-RegExp
perl-XML-SAX
perl-XML-SAX-Base
perl-XML-SAX-Writer
perl-XML-Simple
perl-XML-TokeParser
perl-XML-TreeBuilder
perl-XML-Twig
perl-XML-Writer
perl-XML-XPath
perl-XML-XPathEngine
perl-XString
perl-YAML-LibYAML
perl-YAML-PP
perl-YAML-Syck
perltidy
pesign
phodav
php
php-pear
php-pecl-zip
physfs
picosat
pinfo
pipewire
pixman
pkcs11-helper
pkgconf
plexus-cipher
plexus-containers
plexus-sec-dispatcher
plotutils
pmdk-convert
pmix
pngcrush
pngnq
po4a
podman
poetry
policycoreutils
polkit-pkla-compat
portreserve
postfix
potrace
powertop
ppp
pps-tools
pptp
priv_wrapper
procmail
prometheus
prometheus-node-exporter
ps_mem
psacct
psutils
ptlib
publicsuffix-list
pugixml
pulseaudio
puppet
pwgen
pyatspi
pybind11
pycairo
pyelftools
pyflakes
pygobject3
PyGreSQL
pykickstart
pylint
pyparted
pyproject-rpm-macros
pyserial
python-absl-py
python-aiodns
python-aiohttp
python-alsa
python-argcomplete
python-astroid
python-astunparse
python-async-generator
python-augeas
python-azure-sdk
python-beautifulsoup4
python-betamax
python-blinker
python-blivet
python-cached_property
python-charset-normalizer
python-cheetah
python-click
python-cmd2
python-colorama
python-CommonMark
python-conda-package-handling
python-configshell
python-cpuinfo
python-cups
python-curio
python-cytoolz
python-d2to1
python-dbus-client-gen
python-dbus-python-client-gen
python-dbus-signature-pyparsing
python-dbusmock
python-ddt
python-debtcollector
python-decorator
python-distlib
python-dmidecode
python-dns
python-dtopt
python-dulwich
python-enchant
python-entrypoints
python-ethtool
python-evdev
python-extras
python-faker
python-fasteners
python-fields
python-filelock
python-fixtures
python-flake8
python-flask
python-flit
python-flit-core
python-fluidity-sm
python-frozendict
python-funcsigs
python-gast
python-genshi
python-google-auth
python-google-auth-oauthlib
python-greenlet
python-gssapi
python-h5py
python-hs-dbus-signature
python-html5lib
python-httplib2
python-humanize
python-hwdata
python-importlib-metadata
python-inotify
python-into-dbus-python
python-IPy
python-iso8601
python-isodate
python-isort
python-itsdangerous
python-justbases
python-justbytes
python-jwcrypto
python-jwt
python-kdcproxy
python-kerberos
python-kmod
python-kubernetes
python-lazy-object-proxy
python-ldap
python-linux-procfs
python-lit
python-markdown
python-mccabe
python-memcached
python-mimeparse
python-mock
python-monotonic
python-more-itertools
python-mpmath
python-msal
python-msrestazure
python-mutagen
python-networkx
python-nose2
python-ntlm-auth
python-oauth2client
python-openpyxl
python-openstackdocstheme
python-oslo-i18n
python-oslo-sphinx
python-paramiko
python-pefile
python-pexpect
python-pkgconfig
python-platformdirs
python-pluggy
python-podman-api
python-process-tests
python-productmd
python-ptyprocess
python-pycares
python-pycosat
python-pydbus
python-pymongo
python-PyMySQL
python-pyperclip
python-pyroute2
python-pyrsistent
python-pysocks
python-pytest-benchmark
python-pytest-cov
python-pytest-expect
python-pytest-flake8
python-pytest-forked
python-pytest-mock
python-pytest-relaxed
python-pytest-runner
python-pytest-subtests
python-pytest-timeout
python-pytest-xdist
python-pytoml
python-pyudev
python-pywbem
python-qrcode
python-rdflib
python-recommonmark
python-redis
python-requests-file
python-requests-ftp
python-requests-kerberos
python-requests-mock
python-requests-oauthlib
python-requests-toolbelt
python-requests_ntlm
python-responses
python-retrying
python-rfc3986
python-rpm-generators
python-rpmfluff
python-rtslib
python-ruamel-yaml
python-ruamel-yaml-clib
python-s3transfer
python-schedutils
python-semantic_version
python-should_dsl
python-simpleline
python-slip
python-sniffio
python-soupsieve
python-sphinx
python-sphinx-epytext
python-sphinx-theme-py3doc-enhanced
python-sphinx_rtd_theme
python-sphinxcontrib-apidoc
python-sphinxcontrib-applehelp
python-sphinxcontrib-devhelp
python-sphinxcontrib-htmlhelp
python-sphinxcontrib-httpdomain
python-sphinxcontrib-jsmath
python-sphinxcontrib-qthelp
python-sphinxcontrib-serializinghtml
python-sqlalchemy
python-suds
python-systemd
python-tempita
python-templated-dictionary
python-termcolor
python-testpath
python-testresources
python-testscenarios
python-testtools
python-tidy
python-toml
python-tomli
python-toolz
python-tornado
python-tox
python-tox-current-env
python-tqdm
python-trio
python-typing-extensions
python-uamqp
python-unittest2
python-uritemplate
python-urwid
python-varlink
python-virt-firmware
python-voluptuous
python-waitress
python-webencodings
python-webtest
python-wheel
python-whoosh
python-winrm
python-wrapt
python-xmltodict
python-yubico
python-zipp
python-zmq
python3-mallard-ducktype
python3-pytest-asyncio
python3-typed_ast
pyusb
pywbem
pyxattr
qemu
qhull
qpdf
qperf
qr-code-generator
qt5-qtbase
qt5-qtconnectivity
qt5-qtdeclarative
qt5-qtsensors
qt5-qtserialport
qt5-qtsvg
qt5-qttools
qt5-rpm-macros
quagga
quota
radvd
ragel
raptor2
rarian
rasdaemon
rasqal
rcs
rdist
rdma-core
re2
re2c
realmd
rear
recode
redland
resource-agents
rest
rhash
rlwrap
rp-pppoe
rpm-mpi-hooks
rpmdevtools
rpmlint
rtkit
rtl-sdr
ruby-augeas
rubygem-bson
rubygem-coderay
rubygem-diff-lcs
rubygem-flexmock
rubygem-hpricot
rubygem-introspection
rubygem-liquid
rubygem-maruku
rubygem-metaclass
rubygem-mongo
rubygem-mustache
rubygem-mysql2
rubygem-pkg-config
rubygem-rake
rubygem-rake-compiler
rubygem-ronn
rubygem-rouge
rubygem-rspec
rubygem-rspec-expectations
rubygem-rspec-mocks
rubygem-rspec-support
rubygem-thread_order
rusers
samba
sanlock
sassist
satyr
sbc
sblim-cim-client2
sblim-cmpi-base
sblim-cmpi-devel
sblim-cmpi-fsvol
sblim-cmpi-network
sblim-cmpi-nfsv3
sblim-cmpi-nfsv4
sblim-cmpi-params
sblim-cmpi-sysfs
sblim-cmpi-syslog
sblim-indication_helper
sblim-sfcb
sblim-sfcc
sblim-sfcCommon
sblim-testsuite
sblim-wbemcli
scl-utils
scotch
screen
scrub
SDL
SDL2
SDL_sound
sdparm
seabios
secilc
selinux-policy
sendmail
serd
setools
setserial
setuptool
sgabios
sgml-common
sgpio
shared-mime-info
sharutils
sip
sisu
skkdic
sleuthkit
slirp4netns
smartmontools
smc-tools
socket_wrapper
softhsm
sombok
sord
sos
sound-theme-freedesktop
soundtouch
sox
soxr
sparsehash
spausedd
speex
speexdsp
spice-protocol
spice-vdagent
spirv-headers
spirv-tools
splix
squashfs-tools
squid
sratom
sscg
star
startup-notification
stunnel
subscription-manager
suitesparse
SuperLU
supermin
switcheroo-control
symlinks
sympy
sysfsutils
systemd-bootchart
t1lib
t1utils
taglib
tang
targetcli
tbb
tcl-pgtcl
tclx
teckit
telnet
tidy
time
tini
tinycdb
tix
tk
tlog
tmpwatch
tn5250
tofrodos
tokyocabinet
tpm-quote-tools
tpm-tools
tss2
ttembed
ttmkfdir
tuna
twolame
uchardet
uclibc-ng
ucpp
ucs-miscfixed-fonts
ucx
udftools
udica
udisks2
uglify-js
uid_wrapper
unicode-emoji
unicode-ucd
unique3
units
upower
uriparser
urlview
usb_modeswitch
usb_modeswitch-data
usbguard
usbip
usbmuxd
usbredir
usermode
ustr
uthash
uuid
uw-imap
v4l-utils
vhostmd
vino
virglrenderer
virt-p2v
virt-top
virt-what
virt-who
vitess
vmem
volume_key
vorbis-tools
vte291
vulkan-headers
vulkan-loader
watchdog
wavpack
wayland
wayland-protocols
web-assets
webrtc-audio-processing
websocketpp
whois
wireguard-tools
wireless-regdb
wireshark
woff2
wordnet
words
wpebackend-fdo
wsmancli
wvdial
x3270
xapian-core
Xaw3d
xcb-proto
xcb-util
xcb-util-image
xcb-util-keysyms
xcb-util-renderutil
xcb-util-wm
xdelta
xdg-dbus-proxy
xdg-utils
xerces-c
xfconf
xfsdump
xhtml1-dtds
xkeyboard-config
xmlstarlet
xmltoman
xmvn
xorg-x11-apps
xorg-x11-drv-libinput
xorg-x11-font-utils
xorg-x11-fonts
xorg-x11-proto-devel
xorg-x11-server
xorg-x11-server-utils
xorg-x11-util-macros
xorg-x11-utils
xorg-x11-xauth
xorg-x11-xbitmaps
xorg-x11-xinit
xorg-x11-xkb-utils
xorg-x11-xtrans-devel
xrestop
xterm
xxhash
yajl
yaml-cpp
yasm
yelp-tools
yelp-xsl
ykclient
yp-tools
ypbind
ypserv
z3
zenity
zerofree
zfs-fuse
zipper
zopfli
zziplib | +| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | a52dec
abseil-cpp
accountsservice
acpica-tools
acpid
adcli
adobe-mappings-cmap
adobe-mappings-pdf
advancecomp
adwaita-icon-theme
afflib
aide
alsa-firmware
alsa-plugins
amtk
amtterm
annobin
ansible-freeipa
archivemount
argparse-manpage
arptables
arpwatch
asio
aspell
aspell-en
at
at-spi2-atk
at-spi2-core
atf
atk
atop
attr
audiofile
augeas
authbind
authd
authselect
autoconf213
avahi
babeltrace
babeltrace2
babl
baekmuk-ttf-fonts
bats
bcache-tools
biosdevname
blosc
bluez
bmake
bogofilter
bolt
boom-boot
booth
botan2
breezy
brotli
buildah
busybox
bwidget
byacc
ca-certificates
cachefilesd
cairomm
calamares
capstone
catatonit
catch
catch1
cdrdao
celt051
cereal
certmonger
cfitsio
cgdcbxd
chan
CharLS
checkpolicy
checksec
chrony
cim-schema
cjkuni-uming-fonts
cjose
cldr-emoji-annotation
clucene
clutter
clutter-gst3
clutter-gtk
cmocka
cogl
collectd
colm
color-filesystem
colord
colorize
compat-lua
compiler-rt
conda
conmon
conntrack-tools
console-setup
container-exception-logger
containernetworking-plugins
convmv
corosync
corosync-qdevice
cpp-hocon
cppcheck
cpprest
cpptest
cpuid
criu
crypto-policies
cryptsetup
cscope
ctags
CUnit
cups
custodia
Cython
dbus-c++
dbus-python
dbxtool
dconf
dcraw
debootstrap
deltarpm
desktop-file-utils
device-mapper-persistent-data
dietlibc
diffstat
ding-libs
discount
distribution-gpg-keys
dleyna-connector-dbus
dleyna-core
dmraid
dnf
dnf-plugins-core
docbook-dtds
docbook-simple
docbook-slides
docbook-style-dsssl
docbook-utils
docbook2X
docbook5-schemas
docbook5-style-xsl
dogtail
dos2unix
dotconf
dovecot
dpdk
dpkg
driverctl
dropwatch
drpm
dumpet
dvd+rw-tools
dwarves
dwz
dyninst
ebtables
edac-utils
edk2
efax
efi-rpm-macros
egl-wayland
eglexternalplatform
elinks
enca
enchant
enchant2
enscript
environment-modules
evemu
execstack
exempi
exiv2
extra-cmake-modules
fabtests
facter
fakechroot
fakeroot
fapolicyd
fdk-aac-free
fdupes
fence-virt
fetchmail
fftw
filebench
fio
fipscheck
firewalld
fish
flac
flatbuffers
flite
fltk
fmt
fontawesome-fonts
fontpackages
fonts-rpm-macros
foomatic-db
freeglut
freeipmi
freeradius
freetds
freexl
fribidi
fros
frr
fsverity-utils
fuse-overlayfs
fuse-sshfs
fuse-zip
fuse3
future
fxload
gavl
gconf-editor
GConf2
gcovr
gcr
gdal
gdisk
gdk-pixbuf2
generic-logos
genwqe-tools
geoclue2
GeoIP
GeoIP-GeoLite-data
geolite2
geos
gfs2-utils
ghc-srpm-macros
giflib
gl-manpages
glew
glm
glog
glusterfs
gnome-desktop-testing
gnome-doc-utils
gnome-icon-theme
gnome-keyring
gnu-efi
go-rpm-macros
gom
google-api-python-client
google-crosextra-caladea-fonts
google-crosextra-carlito-fonts
google-guice
google-noto-cjk-fonts
google-noto-emoji-fonts
google-roboto-slab-fonts
gphoto2
gpm
gpsbabel
graphene
graphite2
graphviz
grubby
gsettings-desktop-schemas
gsl
gsm
gspell
gssdp
gssntlmssp
gstreamer1
gstreamer1-plugins-base
gtk-vnc
gtk2
gtk3
gtkspell
gupnp
gupnp-av
gupnp-dlna
gupnp-igd
hardening-check
hdf
hdf5
heimdal
help2man
hexedit
hicolor-icon-theme
hiera
highlight
hivex
hostname
hsakmt
htop
hunspell
hunspell-af
hunspell-ar
hunspell-as
hunspell-ast
hunspell-az
hunspell-be
hunspell-bg
hunspell-bn
hunspell-br
hunspell-ca
hunspell-cop
hunspell-csb
hunspell-cv
hunspell-cy
hunspell-da
hunspell-de
hunspell-dsb
hunspell-el
hunspell-en
hunspell-eo
hunspell-es
hunspell-et
hunspell-eu
hunspell-fa
hunspell-fj
hunspell-fo
hunspell-fr
hunspell-fur
hunspell-fy
hunspell-ga
hunspell-gd
hunspell-gl
hunspell-grc
hunspell-gu
hunspell-gv
hunspell-haw
hunspell-hi
hunspell-hil
hunspell-hr
hunspell-hsb
hunspell-ht
hunspell-hu
hunspell-hy
hunspell-ia
hunspell-id
hunspell-is
hunspell-it
hunspell-kk
hunspell-km
hunspell-kn
hunspell-ko
hunspell-ku
hunspell-ky
hunspell-la
hunspell-lb
hunspell-ln
hunspell-mai
hunspell-mg
hunspell-mi
hunspell-mk
hunspell-ml
hunspell-mn
hunspell-mos
hunspell-mr
hunspell-ms
hunspell-mt
hunspell-nds
hunspell-ne
hunspell-nl
hunspell-no
hunspell-nr
hunspell-nso
hunspell-ny
hunspell-om
hunspell-or
hunspell-pa
hunspell-pl
hunspell-pt
hunspell-quh
hunspell-ro
hunspell-ru
hunspell-rw
hunspell-se
hunspell-shs
hunspell-si
hunspell-sk
hunspell-sl
hunspell-smj
hunspell-so
hunspell-sq
hunspell-sr
hunspell-sv
hunspell-sw
hunspell-ta
hunspell-te
hunspell-tet
hunspell-th
hunspell-tk
hunspell-tl
hunspell-tn
hunspell-tpi
hunspell-ts
hunspell-uk
hunspell-uz
hunspell-ve
hunspell-vi
hunspell-wa
hunspell-xh
hunspell-yi
hwdata
hwloc
hyperscan
hyperv-daemons
hyphen
hyphen-as
hyphen-bg
hyphen-bn
hyphen-ca
hyphen-da
hyphen-de
hyphen-el
hyphen-es
hyphen-fa
hyphen-fo
hyphen-fr
hyphen-ga
hyphen-gl
hyphen-grc
hyphen-gu
hyphen-hi
hyphen-hsb
hyphen-hu
hyphen-ia
hyphen-id
hyphen-is
hyphen-it
hyphen-kn
hyphen-ku
hyphen-lt
hyphen-mi
hyphen-ml
hyphen-mn
hyphen-mr
hyphen-nl
hyphen-or
hyphen-pa
hyphen-pl
hyphen-pt
hyphen-ro
hyphen-ru
hyphen-sa
hyphen-sk
hyphen-sl
hyphen-sv
hyphen-ta
hyphen-te
hyphen-tk
hyphen-uk
ibus
ibus-chewing
ibus-hangul
ibus-kkc
ibus-libzhuyin
ibus-m17n
ibus-rawcode
ibus-sayura
ibus-table
ibus-table-chinese
icc-profiles-openicc
icon-naming-utils
icoutils
iftop
iio-sensor-proxy
ilmbase
im-chooser
imaptest
imsettings
indent
infinipath-psm
inih
iniparser
intel-cmt-cat
intel-ipsec-mb
ioping
IP2Location
ipa-pgothic-fonts
ipcalc
ipmitool
iprutils
iptraf-ng
iptstate
irssi
iscsi-initiator-utils
isns-utils
iso-codes
isomd5sum
iw
iwd
jabberpy
jasper
javapackages-bootstrap
javapackages-tools
jbigkit
jdom2
jemalloc
jfsutils
jimtcl
jose
js-jquery
jsoncpp
Judy
kata-containers
kde-filesystem
kde-settings
kexec-tools
keybinder3
keycloak-httpd-client-install
kf5
kf5-kconfig
kf5-kcoreaddons
kf5-ki18n
kf5-kwidgetsaddons
kpmcore
kronosnet
ksh
kyotocabinet
kyua
ladspa
lame
langtable
lapack
lasso
latencytop
lato-fonts
lcms2
lcov
ldns
leatherman
ledmon
lensfun
leveldb
lftp
libabw
libaec
libao
libappstream-glib
libart_lgpl
libasyncns
libatasmart
libavc1394
libblockdev
libbpf
libbsd
libburn
libbytesize
libcacard
libcanberra
libcdio
libcdio-paranoia
libcdr
libcgroup
libchewing
libcli
libcmis
libcmpiutil
libcomps
libcroco
libdaemon
libdap
libdatrie
libdazzle
libdbi
libdbi-drivers
libdbusmenu
libdc1394
libdeflate
libdmx
libdnf
libdrm
libdvdnav
libdvdread
libdwarf
libeasyfc
libecap
libecb
libell
libEMF
libeot
libepoxy
libepubgen
libesmtp
libetonyek
libev
libevdev
libewf
libexif
libexttextcat
libfabric
libfontenc
libfreehand
libftdi
libgadu
libgdither
libgee
libgee06
libgeotiff
libgexiv2
libgit2
libgit2-glib
libglade2
libglvnd
libgovirt
libgphoto2
libgsf
libgta
libguestfs
libgusb
libgxim
libgxps
libhangul
libhugetlbfs
libibcommon
libical
libICE
libicns
libid3tag
libIDL
libidn2
libiec61883
libieee1284
libimobiledevice
libindicator
libinput
libiodbc
libipt
libiptcdata
libiscsi
libisoburn
libisofs
libjcat
libkcapi
libkeepalive
libkkc
libkkc-data
libkml
liblangtag
libldb
libldm
liblerc
liblockfile
liblognorm
liblouis
liblqr-1
liblzf
libmad
libmediaart
libmicrohttpd
libmikmod
libmodman
libmodplug
libmodulemd1
libmpcdec
libmspub
libmtp
libmusicbrainz5
libmwaw
libnbd
libnet
libnetfilter_log
libnfs
libnotify
libntlm
libnumbertext
liboauth
libodfgen
libofa
libogg
liboggz
liboil
libomxil-bellagio
libopenraw
liboping
libosinfo
libotf
libotr
libpagemaker
libpaper
libpciaccess
libpeas
libpfm
libpinyin
libplist
libpmemobj-cpp
libpng12
libpng15
libproxy
libpsm2
libpwquality
libqb
libqxp
libraqm
LibRaw
libraw1394
libreport
libreswan
librevenge
librsvg2
librx
libsamplerate
libsass
libsecret
libsemanage
libsigc++20
libsigsegv
libslirp
libSM
libsmbios
libsmi
libsndfile
libsodium
libspiro
libsrtp
libssh
libstaroffice
libstemmer
libstoragemgmt
libtdb
libteam
libtevent
libthai
libtnc
libtomcrypt
libtommath
libtraceevent
libtranslit
libucil
libunicap
libuninameslist
liburing
libusbmuxd
libuser
libutempter
libvarlink
libverto
libvirt-dbus
libvirt-glib
libvirt-java
libvirt-python
libvisio
libvisual
libvoikko
libvorbis
libvpx
libwacom
libwnck3
libwpd
libwpe
libwpg
libwps
libwvstreams
libX11
libXau
libXaw
libxcb
libXcomposite
libxcrypt
libXcursor
libXdamage
libXdmcp
libXext
libxfce4util
libXfixes
libXfont2
libXft
libXi
libXinerama
libxkbcommon
libxkbfile
libxklavier
libxmlb
libXmu
libXpm
libXrandr
libXrender
libXres
libXScrnSaver
libxshmfence
libXt
libXtst
libXv
libXxf86vm
libyami
libyang
libyubikey
libzip
libzmf
lilv
linuxconsoletools
linuxptp
lksctp-tools
lldpd
lockdev
logwatch
lpsolve
lrzsz
lua
lua-expat
lua-filesystem
lua-json
lua-lpeg
lua-lunit
lua-rpm-macros
lua-term
luajit
luksmeta
lutok
lv2
lzip
lzop
m17n-db
m17n-lib
mac-robber
mailcap
mailx
malaga
malaga-suomi-voikko
mallard-rng
man-pages-cs
man-pages-es
man-pages-it
man-pages-ja
man-pages-ko
man-pages-pl
man-pages-ru
man-pages-zh-CN
mariadb-connector-c
mariadb-connector-odbc
marisa
maven-compiler-plugin
maven-jar-plugin
maven-resolver
maven-resources-plugin
maven-surefire
maven-wagon
mcelog
mcpp
mcstrans
mdadm
mdds
meanwhile
mecab
mecab-ipadic
media-player-info
memcached
memkind
mesa
mesa-libGLU
metis
microcode_ctl
microdnf
minicom
minizip
mksh
mobile-broadband-provider-info
mock
mock-core-configs
mod_auth_gssapi
mod_auth_mellon
mod_auth_openidc
mod_authnz_pam
mod_fcgid
mod_http2
mod_intercept_form_submit
mod_lookup_identity
mod_md
mod_security
mod_security_crs
mod_wsgi
mokutil
mpage
mrtg
mstflint
mt-st
mtdev
mtools
mtr
mtx
multilib-rpm-config
munge
mutt
mythes
mythes-bg
mythes-ca
mythes-cs
mythes-da
mythes-de
mythes-el
mythes-en
mythes-eo
mythes-es
mythes-fr
mythes-ga
mythes-hu
mythes-mi
mythes-ne
mythes-nl
mythes-pl
mythes-pt
mythes-ro
mythes-ru
mythes-sk
mythes-sl
mythes-sv
mythes-uk
nbd
nbdkit
neon
netavark
netcdf
netcf
netlabel_tools
netpbm
netsniff-ng
nfs4-acl-tools
nftables
nilfs-utils
nkf
nload
nlopt
nodejs-packaging
nss-pam-ldapd
nss_nis
nss_wrapper
ntfs-3g
ntfs-3g-system-compression
numad
numatop
numpy
nvmetcli
nvml
oath-toolkit
ocaml
ocaml-alcotest
ocaml-astring
ocaml-base
ocaml-bigarray-compat
ocaml-bisect-ppx
ocaml-calendar
ocaml-camlp5
ocaml-camomile
ocaml-cinaps
ocaml-cmdliner
ocaml-compiler-libs-janestreet
ocaml-cppo
ocaml-csexp
ocaml-csv
ocaml-ctypes
ocaml-curses
ocaml-dune
ocaml-extlib
ocaml-fileutils
ocaml-findlib
ocaml-fmt
ocaml-fpath
ocaml-gettext
ocaml-integers
ocaml-libvirt
ocaml-luv
ocaml-lwt
ocaml-markup
ocaml-migrate-parsetree
ocaml-mmap
ocaml-num
ocaml-ocamlbuild
ocaml-ocplib-endian
ocaml-ounit
ocaml-parsexp
ocaml-ppx-derivers
ocaml-ppxlib
ocaml-re
ocaml-react
ocaml-result
ocaml-seq
ocaml-sexplib
ocaml-sexplib0
ocaml-stdio
ocaml-topkg
ocaml-tyxml
ocaml-uuidm
ocaml-uutf
ocaml-xml-light
ocaml-zarith
ocl-icd
oddjob
ogdi
omping
opa
opal
open-vm-tools
openblas
opencc
opencl-filesystem
opencl-headers
opencryptoki
opencsd
opendnssec
OpenEXR
openjade
openjpeg2
openmpi
openobex
openoffice-lv
openrdate
opensc
openslp
opensm
opensp
openssl
openssl-ibmpkcs11
openssl-pkcs11
openwsman
optipng
opus
opusfile
orangefs
ORBit2
orc
os-prober
osinfo-db
osinfo-db-tools
overpass-fonts
p11-kit
p7zip
pacemaker
pacrunner
pakchois
pam_krb5
pam_wrapper
papi
paps
parallel
patchelf
patchutils
pbzip2
pcp
pcsc-lite
pcsc-lite-ccid
PEGTL
perl
perl-Algorithm-C3
perl-Algorithm-Diff
perl-Alien-Build
perl-Alien-pkgconf
perl-AnyEvent
perl-AnyEvent-AIO
perl-AnyEvent-BDB
perl-App-cpanminus
perl-App-FatPacker
perl-AppConfig
perl-Archive-Extract
perl-Archive-Zip
perl-Authen-SASL
perl-B-Debug
perl-B-Hooks-EndOfScope
perl-B-Hooks-OP-Check
perl-B-Keywords
perl-B-Lint
perl-bareword-filehandles
perl-BDB
perl-Bit-Vector
perl-boolean
perl-Browser-Open
perl-BSD-Resource
perl-Business-ISBN
perl-Business-ISBN-Data
perl-Bytes-Random-Secure
perl-Capture-Tiny
perl-Carp-Clan
perl-CBOR-XS
perl-Class-Accessor
perl-Class-C3
perl-Class-C3-XS
perl-Class-Data-Inheritable
perl-Class-Factory-Util
perl-Class-Inspector
perl-Class-ISA
perl-Class-Load
perl-Class-Load-XS
perl-Class-Method-Modifiers
perl-Class-Singleton
perl-Class-Tiny
perl-Class-XSAccessor
perl-Clone
perl-Color-ANSI-Util
perl-Color-RGB-Util
perl-ColorThemeBase-Static
perl-ColorThemeRole-ANSI
perl-ColorThemes-Standard
perl-ColorThemeUtil-ANSI
perl-Compress-Bzip2
perl-Compress-LZF
perl-Compress-Raw-Lzma
perl-Config-AutoConf
perl-Config-INI
perl-Config-INI-Reader-Multiline
perl-Config-IniFiles
perl-Config-Simple
perl-Config-Tiny
perl-Const-Fast
perl-Convert-ASN1
perl-Convert-Bencode
perl-Coro
perl-Coro-Multicore
perl-CPAN-Changes
perl-CPAN-DistnameInfo
perl-CPAN-Meta-Check
perl-Cpanel-JSON-XS
perl-Crypt-CBC
perl-Crypt-DES
perl-Crypt-IDEA
perl-Crypt-OpenSSL-Bignum
perl-Crypt-OpenSSL-Guess
perl-Crypt-OpenSSL-Random
perl-Crypt-OpenSSL-RSA
perl-Crypt-PasswdMD5
perl-Crypt-Random-Seed
perl-CSS-Tiny
perl-Data-Dump
perl-Data-Munge
perl-Data-OptList
perl-Data-Peek
perl-Data-Section
perl-Data-UUID
perl-Date-Calc
perl-Date-ISO8601
perl-Date-Manip
perl-DateTime
perl-DateTime-Format-Builder
perl-DateTime-Format-DateParse
perl-DateTime-Format-HTTP
perl-DateTime-Format-IBeat
perl-DateTime-Format-ISO8601
perl-DateTime-Format-Mail
perl-DateTime-Format-Strptime
perl-DateTime-Locale
perl-DateTime-TimeZone
perl-DateTime-TimeZone-SystemV
perl-DateTime-TimeZone-Tzfile
perl-DBD-MySQL
perl-Devel-CallChecker
perl-Devel-Caller
perl-Devel-CheckBin
perl-Devel-CheckLib
perl-Devel-Cycle
perl-Devel-EnforceEncapsulation
perl-Devel-GlobalDestruction
perl-Devel-GlobalDestruction-XS
perl-Devel-Hide
perl-Devel-Leak
perl-Devel-LexAlias
perl-Devel-Size
perl-Devel-StackTrace
perl-Devel-Symdump
perl-Digest-BubbleBabble
perl-Digest-CRC
perl-Digest-HMAC
perl-Digest-SHA1
perl-Dist-CheckConflicts
perl-DynaLoader-Functions
perl-Email-Address
perl-Email-Date-Format
perl-Encode-Detect
perl-Encode-EUCJPASCII
perl-Encode-IMAPUTF7
perl-Encode-Locale
perl-Env-ShellWords
perl-Error
perl-EV
perl-Eval-Closure
perl-Event
perl-Exception-Class
perl-Expect
perl-ExtUtils-Config
perl-ExtUtils-Depends
perl-ExtUtils-Helpers
perl-ExtUtils-InstallPaths
perl-ExtUtils-PkgConfig
perl-FCGI
perl-Fedora-VSP
perl-FFI-CheckLib
perl-File-BaseDir
perl-File-BOM
perl-File-chdir
perl-File-CheckTree
perl-File-Copy-Recursive
perl-File-DesktopEntry
perl-File-Find-Object
perl-File-Find-Object-Rule
perl-File-Find-Rule
perl-File-Find-Rule-Perl
perl-File-Inplace
perl-File-Listing
perl-File-MimeInfo
perl-File-pushd
perl-File-ReadBackwards
perl-File-Remove
perl-File-ShareDir
perl-File-ShareDir-Install
perl-File-Slurp
perl-File-Slurp-Tiny
perl-File-Slurper
perl-File-Type
perl-Font-TTF
perl-FreezeThaw
perl-GD
perl-GD-Barcode
perl-generators
perl-Getopt-ArgvFile
perl-gettext
perl-Graphics-ColorNamesLite-WWW
perl-GSSAPI
perl-Guard
perl-Hook-LexWrap
perl-HTML-Parser
perl-HTML-Tagset
perl-HTML-Tree
perl-HTTP-Cookies
perl-HTTP-Daemon
perl-HTTP-Date
perl-HTTP-Message
perl-HTTP-Negotiate
perl-Image-Base
perl-Image-Info
perl-Image-Xbm
perl-Image-Xpm
perl-Import-Into
perl-Importer
perl-inc-latest
perl-indirect
perl-Inline-Files
perl-IO-AIO
perl-IO-All
perl-IO-CaptureOutput
perl-IO-Compress-Lzma
perl-IO-HTML
perl-IO-Multiplex
perl-IO-SessionData
perl-IO-Socket-INET6
perl-IO-String
perl-IO-stringy
perl-IO-Tty
perl-IPC-Run
perl-IPC-Run3
perl-IPC-System-Simple
perl-JSON
perl-JSON-Color
perl-JSON-MaybeXS
perl-LDAP
perl-libnet
perl-libwww-perl
perl-libxml-perl
perl-Lingua-EN-Inflect
perl-List-MoreUtils-XS
perl-local-lib
perl-Locale-Codes
perl-Locale-Maketext-Gettext
perl-Locale-Msgfmt
perl-Locale-PO
perl-Log-Message
perl-Log-Message-Simple
perl-LWP-MediaTypes
perl-LWP-Protocol-https
perl-Mail-AuthenticationResults
perl-Mail-DKIM
perl-Mail-IMAPTalk
perl-Mail-SPF
perl-MailTools
perl-Math-Int64
perl-Math-Random-ISAAC
perl-MIME-Charset
perl-MIME-Lite
perl-MIME-Types
perl-Mixin-Linewise
perl-MLDBM
perl-Mock-Config
perl-Module-Build-Tiny
perl-Module-CPANfile
perl-Module-Implementation
perl-Module-Install-AuthorRequires
perl-Module-Install-AuthorTests
perl-Module-Install-AutoLicense
perl-Module-Install-GithubMeta
perl-Module-Install-ManifestSkip
perl-Module-Install-ReadmeFromPod
perl-Module-Install-ReadmeMarkdownFromPod
perl-Module-Install-Repository
perl-Module-Install-TestBase
perl-Module-Load-Util
perl-Module-Manifest
perl-Module-Manifest-Skip
perl-Module-Package
perl-Module-Package-Au
perl-Module-Pluggable
perl-Module-Runtime
perl-Module-Signature
perl-Mojolicious
perl-Moo
perl-Mozilla-CA
perl-Mozilla-LDAP
perl-MRO-Compat
perl-multidimensional
perl-namespace-autoclean
perl-namespace-clean
perl-Net-CIDR-Lite
perl-Net-Daemon
perl-Net-DNS
perl-Net-DNS-Resolver-Mock
perl-Net-DNS-Resolver-Programmable
perl-Net-HTTP
perl-Net-IMAP-Simple
perl-Net-IMAP-Simple-SSL
perl-Net-LibIDN2
perl-Net-Patricia
perl-Net-SMTP-SSL
perl-Net-SNMP
perl-Net-Telnet
perl-Newt
perl-NNTPClient
perl-NTLM
perl-Number-Compare
perl-Object-Deadly
perl-Object-HashBase
perl-Package-Anon
perl-Package-Constants
perl-Package-DeprecationManager
perl-Package-Generator
perl-Package-Stash
perl-Package-Stash-XS
perl-PadWalker
perl-Paper-Specs
perl-PAR-Dist
perl-Parallel-Iterator
perl-Params-Classify
perl-Params-Util
perl-Params-Validate
perl-Params-ValidationCompiler
perl-Parse-PMFile
perl-Parse-RecDescent
perl-Parse-Yapp
perl-Path-Tiny
perl-Perl-Critic
perl-Perl-Critic-More
perl-Perl-Destruct-Level
perl-Perl-MinimumVersion
perl-Perl4-CoreLibs
perl-PerlIO-gzip
perl-PerlIO-utf8_strict
perl-PkgConfig-LibPkgConf
perl-Pod-Coverage
perl-Pod-Coverage-TrustPod
perl-Pod-Escapes
perl-Pod-Eventual
perl-Pod-LaTeX
perl-Pod-Markdown
perl-Pod-Parser
perl-Pod-Plainer
perl-Pod-POM
perl-Pod-Spell
perl-PPI
perl-PPI-HTML
perl-PPIx-QuoteLike
perl-PPIx-Regexp
perl-PPIx-Utilities
perl-prefork
perl-Probe-Perl
perl-Razor-Agent
perl-Readonly
perl-Readonly-XS
perl-Ref-Util
perl-Ref-Util-XS
perl-Regexp-Pattern-Perl
perl-Return-MultiLevel
perl-Role-Tiny
perl-Scope-Guard
perl-Scope-Upper
perl-SGMLSpm
perl-SNMP_Session
perl-Socket6
perl-Software-License
perl-Sort-Versions
perl-Specio
perl-Spiffy
perl-strictures
perl-String-CRC32
perl-String-Format
perl-String-ShellQuote
perl-String-Similarity
perl-Sub-Exporter
perl-Sub-Exporter-Progressive
perl-Sub-Identify
perl-Sub-Info
perl-Sub-Install
perl-Sub-Name
perl-Sub-Quote
perl-Sub-Uplevel
perl-SUPER
perl-Switch
perl-Syntax-Highlight-Engine-Kate
perl-Sys-CPU
perl-Sys-MemInfo
perl-Sys-Virt
perl-Taint-Runtime
perl-Task-Weaken
perl-Term-Size-Any
perl-Term-Size-Perl
perl-Term-Table
perl-Term-UI
perl-TermReadKey
perl-Test-Base
perl-Test-ClassAPI
perl-Test-CPAN-Meta
perl-Test-CPAN-Meta-JSON
perl-Test-Deep
perl-Test-Differences
perl-Test-DistManifest
perl-Test-Distribution
perl-Test-EOL
perl-Test-Exception
perl-Test-Exit
perl-Test-FailWarnings
perl-Test-Fatal
perl-Test-File
perl-Test-File-ShareDir
perl-Test-Harness
perl-Test-HasVersion
perl-Test-InDistDir
perl-Test-Inter
perl-Test-LeakTrace
perl-Test-LongString
perl-Test-Manifest
perl-Test-Memory-Cycle
perl-Test-MinimumVersion
perl-Test-MockObject
perl-Test-MockRandom
perl-Test-Needs
perl-Test-NoTabs
perl-Test-NoWarnings
perl-Test-Object
perl-Test-Output
perl-Test-Pod
perl-Test-Pod-Coverage
perl-Test-Portability-Files
perl-Test-Requires
perl-Test-RequiresInternet
perl-Test-Script
perl-Test-Simple
perl-Test-SubCalls
perl-Test-Synopsis
perl-Test-Taint
perl-Test-TrailingSpace
perl-Test-utf8
perl-Test-Vars
perl-Test-Warn
perl-Test-Without-Module
perl-Test2-Plugin-NoWarnings
perl-Test2-Suite
perl-Test2-Tools-Explain
perl-Text-CharWidth
perl-Text-CSV_XS
perl-Text-Diff
perl-Text-Glob
perl-Text-Iconv
perl-Text-Soundex
perl-Text-Unidecode
perl-Text-WrapI18N
perl-Tie-IxHash
perl-TimeDate
perl-Tree-DAG_Node
perl-Unicode-EastAsianWidth
perl-Unicode-LineBreak
perl-Unicode-Map8
perl-Unicode-String
perl-Unicode-UTF8
perl-UNIVERSAL-can
perl-UNIVERSAL-isa
perl-Unix-Syslog
perl-URI
perl-Variable-Magic
perl-Version-Requirements
perl-WWW-RobotRules
perl-XML-Catalog
perl-XML-DOM
perl-XML-Dumper
perl-XML-Filter-BufferText
perl-XML-Generator
perl-XML-Grove
perl-XML-Handler-YAWriter
perl-XML-LibXML
perl-XML-LibXSLT
perl-XML-NamespaceSupport
perl-XML-Parser-Lite
perl-XML-RegExp
perl-XML-SAX
perl-XML-SAX-Base
perl-XML-SAX-Writer
perl-XML-Simple
perl-XML-TokeParser
perl-XML-TreeBuilder
perl-XML-Twig
perl-XML-Writer
perl-XML-XPath
perl-XML-XPathEngine
perl-XString
perl-YAML-LibYAML
perl-YAML-PP
perl-YAML-Syck
perltidy
pesign
phodav
php
php-pear
php-pecl-zip
physfs
picosat
pinfo
pipewire
pixman
pkcs11-helper
pkgconf
plexus-cipher
plexus-containers
plexus-sec-dispatcher
plotutils
pmdk-convert
pmix
pngcrush
pngnq
po4a
podman
poetry
policycoreutils
polkit-pkla-compat
portreserve
postfix
potrace
powertop
ppp
pps-tools
pptp
priv_wrapper
procmail
prometheus
prometheus-node-exporter
ps_mem
psacct
psutils
ptlib
publicsuffix-list
pugixml
pulseaudio
puppet
pwgen
pyatspi
pybind11
pycairo
pyelftools
pyflakes
pygobject3
PyGreSQL
pykickstart
pylint
pyparted
pyproject-rpm-macros
pyserial
python-absl-py
python-aiodns
python-aiohttp
python-alsa
python-argcomplete
python-astroid
python-astunparse
python-async-generator
python-augeas
python-azure-sdk
python-beautifulsoup4
python-betamax
python-blinker
python-blivet
python-cached_property
python-charset-normalizer
python-cheetah
python-click
python-cmd2
python-colorama
python-CommonMark
python-conda-package-handling
python-configshell
python-cpuinfo
python-cups
python-curio
python-cytoolz
python-d2to1
python-dbus-client-gen
python-dbus-python-client-gen
python-dbus-signature-pyparsing
python-dbusmock
python-ddt
python-debtcollector
python-decorator
python-distlib
python-dmidecode
python-dns
python-dtopt
python-dulwich
python-enchant
python-entrypoints
python-ethtool
python-evdev
python-extras
python-faker
python-fasteners
python-fields
python-filelock
python-fixtures
python-flake8
python-flask
python-flit
python-flit-core
python-fluidity-sm
python-frozendict
python-funcsigs
python-gast
python-genshi
python-google-auth
python-google-auth-oauthlib
python-greenlet
python-gssapi
python-h5py
python-hs-dbus-signature
python-html5lib
python-httplib2
python-humanize
python-hwdata
python-importlib-metadata
python-inotify
python-into-dbus-python
python-IPy
python-iso8601
python-isodate
python-isort
python-itsdangerous
python-justbases
python-justbytes
python-jwcrypto
python-jwt
python-kdcproxy
python-kerberos
python-kmod
python-kubernetes
python-lazy-object-proxy
python-ldap
python-linux-procfs
python-lit
python-markdown
python-mccabe
python-memcached
python-mimeparse
python-mock
python-monotonic
python-more-itertools
python-mpmath
python-msal
python-msrestazure
python-mutagen
python-networkx
python-nose2
python-ntlm-auth
python-oauth2client
python-openpyxl
python-openstackdocstheme
python-oslo-i18n
python-oslo-sphinx
python-paramiko
python-pefile
python-pexpect
python-pkgconfig
python-platformdirs
python-pluggy
python-podman-api
python-process-tests
python-productmd
python-ptyprocess
python-pycares
python-pycosat
python-pydbus
python-pymongo
python-PyMySQL
python-pyperclip
python-pyroute2
python-pyrsistent
python-pysocks
python-pytest-benchmark
python-pytest-cov
python-pytest-expect
python-pytest-flake8
python-pytest-forked
python-pytest-mock
python-pytest-relaxed
python-pytest-runner
python-pytest-subtests
python-pytest-timeout
python-pytest-xdist
python-pytoml
python-pyudev
python-pywbem
python-qrcode
python-rdflib
python-recommonmark
python-redis
python-requests-file
python-requests-ftp
python-requests-kerberos
python-requests-mock
python-requests-oauthlib
python-requests-toolbelt
python-requests_ntlm
python-responses
python-retrying
python-rfc3986
python-rpm-generators
python-rpmfluff
python-rtslib
python-ruamel-yaml
python-ruamel-yaml-clib
python-s3transfer
python-schedutils
python-semantic_version
python-should_dsl
python-simpleline
python-slip
python-sniffio
python-soupsieve
python-sphinx
python-sphinx-epytext
python-sphinx-theme-py3doc-enhanced
python-sphinx_rtd_theme
python-sphinxcontrib-apidoc
python-sphinxcontrib-applehelp
python-sphinxcontrib-devhelp
python-sphinxcontrib-htmlhelp
python-sphinxcontrib-httpdomain
python-sphinxcontrib-jsmath
python-sphinxcontrib-qthelp
python-sphinxcontrib-serializinghtml
python-sqlalchemy
python-suds
python-systemd
python-tempita
python-templated-dictionary
python-termcolor
python-testpath
python-testresources
python-testscenarios
python-testtools
python-tidy
python-toml
python-tomli
python-toolz
python-tornado
python-tox
python-tox-current-env
python-tqdm
python-trio
python-typing-extensions
python-uamqp
python-unittest2
python-uritemplate
python-urwid
python-varlink
python-virt-firmware
python-voluptuous
python-waitress
python-webencodings
python-webtest
python-wheel
python-whoosh
python-winrm
python-wrapt
python-xmltodict
python-yubico
python-zipp
python-zmq
python3-mallard-ducktype
python3-pytest-asyncio
python3-typed_ast
pyusb
pywbem
pyxattr
qemu
qhull
qpdf
qperf
qr-code-generator
qt5-qtbase
qt5-qtconnectivity
qt5-qtdeclarative
qt5-qtsensors
qt5-qtserialport
qt5-qtsvg
qt5-qttools
qt5-rpm-macros
quagga
quota
radvd
ragel
raptor2
rarian
rasdaemon
rasqal
rcs
rdist
rdma-core
re2
re2c
realmd
rear
recode
redland
resource-agents
rest
rhash
rlwrap
rp-pppoe
rpm-mpi-hooks
rpmdevtools
rpmlint
rtkit
rtl-sdr
ruby-augeas
rubygem-bson
rubygem-coderay
rubygem-diff-lcs
rubygem-flexmock
rubygem-hpricot
rubygem-introspection
rubygem-liquid
rubygem-maruku
rubygem-metaclass
rubygem-mongo
rubygem-mustache
rubygem-mysql2
rubygem-pkg-config
rubygem-rake
rubygem-rake-compiler
rubygem-ronn
rubygem-rouge
rubygem-rspec
rubygem-rspec-expectations
rubygem-rspec-mocks
rubygem-rspec-support
rubygem-thread_order
rusers
samba
sanlock
sassist
satyr
sbc
sblim-cim-client2
sblim-cmpi-base
sblim-cmpi-devel
sblim-cmpi-fsvol
sblim-cmpi-network
sblim-cmpi-nfsv3
sblim-cmpi-nfsv4
sblim-cmpi-params
sblim-cmpi-sysfs
sblim-cmpi-syslog
sblim-indication_helper
sblim-sfcb
sblim-sfcc
sblim-sfcCommon
sblim-testsuite
sblim-wbemcli
scl-utils
scotch
screen
scrub
SDL
SDL2
SDL_sound
sdparm
seabios
secilc
selinux-policy
sendmail
serd
setools
setserial
setuptool
sgabios
sgml-common
sgpio
shared-mime-info
sharutils
sip
sisu
skkdic
sleuthkit
slirp4netns
smartmontools
smc-tools
socket_wrapper
softhsm
sombok
sord
sos
sound-theme-freedesktop
soundtouch
sox
soxr
sparsehash
spausedd
speex
speexdsp
spice-protocol
spice-vdagent
spirv-headers
spirv-tools
splix
squashfs-tools
squid
sratom
sscg
star
startup-notification
stunnel
subscription-manager
suitesparse
SuperLU
supermin
switcheroo-control
symlinks
sympy
sysfsutils
systemd-bootchart
t1lib
t1utils
taglib
tang
targetcli
tbb
tcl-pgtcl
tclx
teckit
telnet
tidy
time
tini
tinycdb
tix
tk
tlog
tmpwatch
tn5250
tofrodos
tokyocabinet
tpm-quote-tools
tpm-tools
tss2
ttembed
ttmkfdir
tuna
twolame
uchardet
uclibc-ng
ucpp
ucs-miscfixed-fonts
ucx
udftools
udica
udisks2
uglify-js
uid_wrapper
unicode-emoji
unicode-ucd
unique3
units
upower
uriparser
urlview
usb_modeswitch
usb_modeswitch-data
usbguard
usbip
usbmuxd
usbredir
usermode
ustr
uthash
uuid
uw-imap
v4l-utils
vhostmd
vino
virglrenderer
virt-p2v
virt-top
virt-what
virt-who
vitess
vmem
volume_key
vorbis-tools
vte291
vulkan-headers
vulkan-loader
watchdog
wavpack
wayland
wayland-protocols
web-assets
webrtc-audio-processing
websocketpp
whois
wireguard-tools
wireless-regdb
wireshark
woff2
wordnet
words
wpebackend-fdo
wsmancli
wvdial
x3270
xapian-core
Xaw3d
xcb-proto
xcb-util
xcb-util-image
xcb-util-keysyms
xcb-util-renderutil
xcb-util-wm
xdelta
xdg-dbus-proxy
xdg-utils
xerces-c
xfconf
xfsdump
xhtml1-dtds
xkeyboard-config
xmlstarlet
xmltoman
xmvn
xorg-x11-apps
xorg-x11-drv-libinput
xorg-x11-font-utils
xorg-x11-fonts
xorg-x11-proto-devel
xorg-x11-server
xorg-x11-server-utils
xorg-x11-util-macros
xorg-x11-utils
xorg-x11-xauth
xorg-x11-xbitmaps
xorg-x11-xinit
xorg-x11-xkb-utils
xorg-x11-xtrans-devel
xrestop
xterm
xxhash
yajl
yaml-cpp
yasm
yelp-tools
yelp-xsl
ykclient
yp-tools
ypbind
ypserv
z3
zenity
zerofree
zfs-fuse
zipper
zopfli
zziplib | | Fedora (Copyright Remi Collet) | [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode) | libmemcached-awesome
librabbitmq | | Fedora (ISC) | [ISC License](https://github.com/sarugaku/resolvelib/blob/main/LICENSE) | python-resolvelib | | Magnus Edenhill Open Source | [Magnus Edenhill Open Source BSD License](https://github.com/jemalloc/jemalloc/blob/dev/COPYING) | librdkafka | diff --git a/SPECS/LICENSES-AND-NOTICES/data/licenses.json b/SPECS/LICENSES-AND-NOTICES/data/licenses.json index 666bbdec166..6a9b2607731 100644 --- a/SPECS/LICENSES-AND-NOTICES/data/licenses.json +++ b/SPECS/LICENSES-AND-NOTICES/data/licenses.json @@ -257,6 +257,7 @@ "GConf2", "gcovr", "gcr", + "gdal", "gdisk", "gdk-pixbuf2", "generic-logos", diff --git a/cgmanifest.json b/cgmanifest.json index 71e1fca0e92..ed890eacc0c 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -4165,6 +4165,16 @@ } } }, + { + "component": { + "type": "other", + "other": { + "name": "gdal", + "version": "3.6.3", + "downloadUrl": "https://github.com/OSGeo/gdal/releases/download/v3.6.3/gdal-3.6.3.tar.gz" + } + } + }, { "component": { "type": "other", From f2ddb0e41a8c67c8e11789a5d0eac81d3172fddf Mon Sep 17 00:00:00 2001 From: Archana Choudhary <36061892+arc9693@users.noreply.github.com> Date: Fri, 22 Sep 2023 20:42:25 +0530 Subject: [PATCH 03/47] Upgrade freeradius 3.0.21 -> 3.2.3 to address 2 CVEs (#6169) * freeradius: upgrade 3.0.21 -> 3.2.3 to address 4 CVEs * Add license verification log * freeradius: update cgmanifest entry * Lint * Update changelog entry * Refactor spec file --- ...r-for-expansion-of-macro-in-thread.h.patch | 61 ++++ ...-Use-system-crypto-policy-by-default.patch | 38 +-- .../freeradius-no-buildtime-cert-gen.patch | 47 ++- .../freeradius/freeradius.signatures.json | 3 +- SPECS-EXTENDED/freeradius/freeradius.spec | 311 ++++++++++-------- SPECS-EXTENDED/freeradius/freeradius.sysusers | 3 + cgmanifest.json | 6 +- 7 files changed, 283 insertions(+), 186 deletions(-) create mode 100644 SPECS-EXTENDED/freeradius/fix-error-for-expansion-of-macro-in-thread.h.patch create mode 100644 SPECS-EXTENDED/freeradius/freeradius.sysusers diff --git a/SPECS-EXTENDED/freeradius/fix-error-for-expansion-of-macro-in-thread.h.patch b/SPECS-EXTENDED/freeradius/fix-error-for-expansion-of-macro-in-thread.h.patch new file mode 100644 index 00000000000..051b66af8fb --- /dev/null +++ b/SPECS-EXTENDED/freeradius/fix-error-for-expansion-of-macro-in-thread.h.patch @@ -0,0 +1,61 @@ +From 30ce5ccd62446349d432ff65d3fe8d46872423c8 Mon Sep 17 00:00:00 2001 +From: Yi Zhao +Date: Wed, 18 Jan 2017 14:59:39 +0800 +Subject: [PATCH] fix error for expansion of macro in thread.h + +The parameter declaration is missing in expansion of macro +which cause the build error: +| In file included from src/freeradius-devel/libradius.h:80:0, +| from src/lib/log.c:26: +| src/lib/log.c: In function '__fr_thread_local_destroy_fr_strerror_buffer': +| src/lib/log.c:37:31: error: 'fr_strerror_buffer' undeclared (first use in this function) +| fr_thread_local_setup(char *, fr_strerror_buffer) /* macro */ +| ^ + +Add the missing declaration in macro. + +Upstream-Status: Pending + +Signed-off-by: Yi Zhao +--- + src/include/threads.h | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/include/threads.h b/src/include/threads.h +index e36d81dac0..2bcb6aadcb 100644 +--- a/src/include/threads.h ++++ b/src/include/threads.h +@@ -89,7 +89,7 @@ static _t __fr_thread_local_init_##_n(pthread_destructor_t func)\ + # define fr_thread_local_get(_n) _n + #elif defined(HAVE_PTHREAD_H) + # include +-# define fr_thread_local_setup(_t, _n) \ ++# define fr_thread_local_setup(_t, _n) static __thread _t _n;\ + static pthread_key_t __fr_thread_local_key_##_n;\ + static pthread_once_t __fr_thread_local_once_##_n = PTHREAD_ONCE_INIT;\ + static pthread_destructor_t __fr_thread_local_destructor_##_n = NULL;\ +@@ -100,17 +100,17 @@ static void __fr_thread_local_destroy_##_n(UNUSED void *unused)\ + static void __fr_thread_local_key_init_##_n(void)\ + {\ + (void) pthread_key_create(&__fr_thread_local_key_##_n, __fr_thread_local_destroy_##_n);\ +- (void) pthread_setspecific(__fr_thread_local_key_##_n, &(_n));\ + }\ + static _t __fr_thread_local_init_##_n(pthread_destructor_t func)\ + {\ + __fr_thread_local_destructor_##_n = func;\ + if (_n) return _n; \ + (void) pthread_once(&__fr_thread_local_once_##_n, __fr_thread_local_key_init_##_n);\ ++ (void) pthread_setspecific(__fr_thread_local_key_##_n, &(_n));\ + return _n;\ + } +-# define fr_thread_local_init(_n, _f) __fr_thread_local_init_##_n(_f) +-# define fr_thread_local_set(_n, _v) __fr_thread_local_set_##_n(_v) +-# define fr_thread_local_get(_n) __fr_thread_local_get_##_n() ++# define fr_thread_local_init(_n, _f) __fr_thread_local_init_##_n(_f) ++# define fr_thread_local_set(_n, _v) ((int)!((_n = _v) || 1)) ++# define fr_thread_local_get(_n) _n + #endif + #endif +-- +2.25.1 + diff --git a/SPECS-EXTENDED/freeradius/freeradius-Use-system-crypto-policy-by-default.patch b/SPECS-EXTENDED/freeradius/freeradius-Use-system-crypto-policy-by-default.patch index 199e5831550..975a205b32f 100644 --- a/SPECS-EXTENDED/freeradius/freeradius-Use-system-crypto-policy-by-default.patch +++ b/SPECS-EXTENDED/freeradius/freeradius-Use-system-crypto-policy-by-default.patch @@ -4,6 +4,7 @@ Date: Wed, 8 May 2019 10:16:31 -0400 Subject: [PATCH] Use system-provided crypto-policies by default Signed-off-by: Alexander Scheel +[antorres@redhat.com]: update patch to 3.2.1 state --- raddb/mods-available/eap | 4 ++-- raddb/mods-available/inner-eap | 2 +- @@ -12,21 +13,21 @@ Signed-off-by: Alexander Scheel 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap -index 36849e10f2..b28c0f19c6 100644 +index 62152a6dfc..9f64963034 100644 --- a/raddb/mods-available/eap +++ b/raddb/mods-available/eap -@@ -368,7 +368,7 @@ eap { - # - # For EAP-FAST, use "ALL:!EXPORT:!eNULL:!SSLv2" +@@ -400,7 +400,7 @@ eap { + # TLS cipher suites. The format is listed + # in "man 1 ciphers". # - cipher_list = "DEFAULT" + cipher_list = "PROFILE=SYSTEM" - # If enabled, OpenSSL will use server cipher list - # (possibly defined by cipher_list option above) -@@ -912,7 +912,7 @@ eap { - # Note - for OpenSSL 1.1.0 and above you may need - # to add ":@SECLEVEL=0" + # Set this option to specify the allowed + # TLS signature algorithms for OpenSSL 1.1.1 and above. +@@ -1082,7 +1082,7 @@ eap { + # "DEFAULT" as "DEFAULT" contains "!aNULL" so instead it is + # recommended "ALL:!EXPORT:!eNULL:!SSLv2" is used # - # cipher_list = "ALL:!EXPORT:!eNULL:!SSLv2" + # cipher_list = "PROFILE=SYSTEM" @@ -47,23 +48,23 @@ index 576eb7739e..ffa07188e2 100644 # You may want to set a very small fragment size. # The TLS data here needs to go inside of the diff --git a/raddb/sites-available/abfab-tls b/raddb/sites-available/abfab-tls -index 92f1d6330e..cd69b3905a 100644 +index b8d0626bbe..073b2933c2 100644 --- a/raddb/sites-available/abfab-tls +++ b/raddb/sites-available/abfab-tls -@@ -19,7 +19,7 @@ listen { +@@ -20,7 +20,7 @@ listen { dh_file = ${certdir}/dh fragment_size = 8192 ca_path = ${cadir} - cipher_list = "DEFAULT" + cipher_list = "PROFILE=SYSTEM" - cache { enable = no + lifetime = 24 # hours diff --git a/raddb/sites-available/tls b/raddb/sites-available/tls -index bbc761b1c5..83cd35b851 100644 +index 137fcbc6cc..a65f8a8711 100644 --- a/raddb/sites-available/tls +++ b/raddb/sites-available/tls -@@ -215,7 +215,7 @@ listen { +@@ -292,7 +292,7 @@ listen { # Set this option to specify the allowed # TLS cipher suites. The format is listed # in "man 1 ciphers". @@ -72,15 +73,14 @@ index bbc761b1c5..83cd35b851 100644 # If enabled, OpenSSL will use server cipher list # (possibly defined by cipher_list option above) -@@ -517,7 +517,7 @@ home_server tls { +@@ -676,7 +676,7 @@ home_server tls { # Set this option to specify the allowed # TLS cipher suites. The format is listed # in "man 1 ciphers". - cipher_list = "DEFAULT" + cipher_list = "PROFILE=SYSTEM" - } - } + # + # Connection timeout for outgoing TLS connections. -- -2.21.0 - +2.21.0 \ No newline at end of file diff --git a/SPECS-EXTENDED/freeradius/freeradius-no-buildtime-cert-gen.patch b/SPECS-EXTENDED/freeradius/freeradius-no-buildtime-cert-gen.patch index aa3be664870..0d551385df0 100644 --- a/SPECS-EXTENDED/freeradius/freeradius-no-buildtime-cert-gen.patch +++ b/SPECS-EXTENDED/freeradius/freeradius-no-buildtime-cert-gen.patch @@ -6,45 +6,48 @@ Subject: [PATCH] Don't generate certificates in reproducible builds Signed-off-by: Alexander Scheel --- Make.inc.in | 5 +++++ - configure | 4 ++++ + configure | 3 +++ configure.ac | 3 +++ raddb/all.mk | 4 ++++ - 4 files changed, 16 insertions(+) + 4 files changed, 15 insertions(+) diff --git a/Make.inc.in b/Make.inc.in index 0b2cd74de8..8c623cf95c 100644 --- a/Make.inc.in +++ b/Make.inc.in -@@ -173,3 +173,8 @@ else - TESTBINDIR = ./$(BUILD_DIR)/bin +@@ -174,6 +174,10 @@ else TESTBIN = ./$(BUILD_DIR)/bin endif -+ + +# +# With reproducible builds, do not generate certificates during installation +# +ENABLE_REPRODUCIBLE_BUILDS = @ENABLE_REPRODUCIBLE_BUILDS@ + + # + # For creating documentation via doc/all.mk diff --git a/configure b/configure -index c2c599c92b..3d4403a844 100755 +index 77a1436510..74ff9a1fd4 100755 --- a/configure +++ b/configure -@@ -655,6 +655,7 @@ RUSERS +@@ -652,6 +652,7 @@ AUTOCONF + ACLOCAL + RUSERS SNMPWALK - SNMPGET - PERL +ENABLE_REPRODUCIBLE_BUILDS + SNMPGET openssl_version_check_config WITH_DHCP - modconfdir -@@ -5586,6 +5587,7 @@ else +@@ -5961,7 +5962,7 @@ else + openssl_version_check_config= fi - +- +ENABLE_REPRODUCIBLE_BUILDS=yes # Check whether --enable-reproducible-builds was given. if test "${enable_reproducible_builds+set}" = set; then : enableval=$enable_reproducible_builds; case "$enableval" in -@@ -5597,6 +5599,7 @@ $as_echo "#define ENABLE_REPRODUCIBLE_BUILDS 1" >>confdefs.h +@@ -5973,6 +5974,7 @@ $as_echo "#define ENABLE_REPRODUCIBLE_BUILDS 1" >>confdefs.h ;; *) reproducible_builds=no @@ -52,19 +55,11 @@ index c2c599c92b..3d4403a844 100755 esac fi -@@ -5604,6 +5607,7 @@ fi - - - -+ - CHECKRAD=checkrad - # Extract the first word of "perl", so it can be a program name with args. - set dummy perl; ac_word=$2 diff --git a/configure.ac b/configure.ac -index a7abf0025a..35b013f4af 100644 +index ce4d9b0ae5..790cbf02a0 100644 --- a/configure.ac +++ b/configure.ac -@@ -619,6 +619,7 @@ AC_SUBST([openssl_version_check_config]) +@@ -697,6 +697,7 @@ AC_SUBST([openssl_version_check_config]) dnl # dnl # extra argument: --enable-reproducible-builds dnl # @@ -72,7 +67,7 @@ index a7abf0025a..35b013f4af 100644 AC_ARG_ENABLE(reproducible-builds, [AS_HELP_STRING([--enable-reproducible-builds], [ensure the build does not change each time])], -@@ -630,8 +631,10 @@ AC_ARG_ENABLE(reproducible-builds, +@@ -708,8 +709,10 @@ AC_ARG_ENABLE(reproducible-builds, ;; *) reproducible_builds=no @@ -81,6 +76,10 @@ index a7abf0025a..35b013f4af 100644 ) +AC_SUBST(ENABLE_REPRODUCIBLE_BUILDS) + dnl # + dnl # Enable the -fsanitize=fuzzer and link in the address sanitizer + + dnl ############################################################# diff --git a/raddb/all.mk b/raddb/all.mk diff --git a/SPECS-EXTENDED/freeradius/freeradius.signatures.json b/SPECS-EXTENDED/freeradius/freeradius.signatures.json index d216f5ddd9c..292f509e502 100644 --- a/SPECS-EXTENDED/freeradius/freeradius.signatures.json +++ b/SPECS-EXTENDED/freeradius/freeradius.signatures.json @@ -2,8 +2,9 @@ "Signatures": { "freeradius-logrotate": "d9f040861ee70def0c6fd6bad8b901503e1b48b5283cd319f72b28c6493ba29d", "freeradius-pam-conf": "5e7dc31dd832ee6365c32bbe8042863ef8381cb1f076dfad72caa2e86d7050d7", - "freeradius-server-3.0.21.tar.bz2": "c22dad43954b0cbc957564d3f8cbb942ff09853852d2c2155d54e6bd641a4e7d", + "freeradius-server-3.2.3.tar.bz2": "4a16aeffbfa1424e1f317fdf71d17e5523a4fd9564d87c747a60595ef93c5d1f", "freeradius-tmpfiles.conf": "125b30adfdee54a4ae3865e7a75ad71b91c1385190a2d3fb876cf20cfc923a08", + "freeradius.sysusers": "313b1c8868c014ae368861a92356818f16fabae594ba6483981097b2d815efe2", "radiusd.service": "300647599fcd3f96d2a8065dd49bfeab086a6353c6f97bd32edc698e3550e312" } } \ No newline at end of file diff --git a/SPECS-EXTENDED/freeradius/freeradius.spec b/SPECS-EXTENDED/freeradius/freeradius.spec index c46468dae67..6062f55b42e 100644 --- a/SPECS-EXTENDED/freeradius/freeradius.spec +++ b/SPECS-EXTENDED/freeradius/freeradius.spec @@ -1,52 +1,45 @@ -Vendor: Microsoft Corporation -Distribution: Mariner -Summary: High-performance and highly configurable free RADIUS server -Name: freeradius -Version: 3.0.21 -Release: 9%{?dist} -License: GPLv2+ and LGPLv2+ -URL: http://www.freeradius.org/ - +%global _default_patch_fuzz 2 # Is elliptic curve cryptography supported? %global HAVE_EC_CRYPTO 1 -%global dist_base freeradius-server-%{version} - -Source0: ftp://ftp.freeradius.org/pub/radius/%{dist_base}.tar.bz2 -Source100: radiusd.service -Source102: freeradius-logrotate -Source103: freeradius-pam-conf -Source104: freeradius-tmpfiles.conf - -Patch1: freeradius-Adjust-configuration-to-fit-Red-Hat-specifics.patch -Patch2: freeradius-Use-system-crypto-policy-by-default.patch -Patch3: freeradius-bootstrap-create-only.patch -Patch4: freeradius-no-buildtime-cert-gen.patch -Patch5: freeradius-bootstrap-make-permissions.patch +Summary: High-performance and highly configurable free RADIUS server +Name: freeradius +Version: 3.2.3 +Release: 1%{?dist} +License: GPLv2+ AND LGPLv2+ +Vendor: Microsoft Corporation +Distribution: Mariner +URL: https://freeradius.org/ +%global dist_base freeradius-server-%{version} %global docdir %{?_pkgdocdir}%{!?_pkgdocdir:%{_docdir}/%{name}-%{version}} - -BuildRequires: autoconf -BuildRequires: make -BuildRequires: gcc -BuildRequires: gdbm-devel -BuildRequires: openssl -BuildRequires: openssl-devel -BuildRequires: pam-devel -BuildRequires: zlib-devel -BuildRequires: net-snmp-devel -BuildRequires: net-snmp-utils -BuildRequires: readline-devel -BuildRequires: libpcap-devel -BuildRequires: systemd-units -BuildRequires: libtalloc-devel -BuildRequires: pcre-devel - -%if ! 0%{?rhel} -BuildRequires: libyubikey-devel -BuildRequires: ykclient-devel -%endif - +Source0: ftp://ftp.freeradius.org/pub/radius/%{dist_base}.tar.bz2 +Source100: radiusd.service +Source102: freeradius-logrotate +Source103: freeradius-pam-conf +Source104: freeradius-tmpfiles.conf +Source105: freeradius.sysusers +Patch1: freeradius-Adjust-configuration-to-fit-Red-Hat-specifics.patch +Patch2: freeradius-Use-system-crypto-policy-by-default.patch +Patch3: freeradius-bootstrap-create-only.patch +Patch4: freeradius-no-buildtime-cert-gen.patch +Patch5: freeradius-bootstrap-make-permissions.patch +Patch6: fix-error-for-expansion-of-macro-in-thread.h.patch +BuildRequires: autoconf +BuildRequires: gcc +BuildRequires: gdbm-devel +BuildRequires: libpcap-devel +BuildRequires: libtalloc-devel +BuildRequires: make +BuildRequires: net-snmp-devel +BuildRequires: net-snmp-utils +BuildRequires: openssl +BuildRequires: openssl-devel +BuildRequires: pam-devel +BuildRequires: pcre-devel +BuildRequires: readline-devel +BuildRequires: systemd-units +BuildRequires: zlib-devel # Require OpenSSL version we built with, or newer, to avoid startup failures # due to runtime OpenSSL version checks. Requires: openssl >= %(rpm -q --queryformat '%%{VERSION}' openssl) @@ -74,16 +67,16 @@ be centralized, and minimizes the amount of re-configuration which has to be done when adding or deleting new users. %package doc -Summary: FreeRADIUS documentation +Summary: FreeRADIUS documentation %description doc All documentation supplied by the FreeRADIUS project is included in this package. %package utils -Summary: FreeRADIUS utilities -Requires: %{name} = %{version}-%{release} -Requires: libpcap >= 0.9.4 +Summary: FreeRADIUS utilities +Requires: %{name} = %{version}-%{release} +Requires: libpcap >= 0.9.4 %description utils The FreeRADIUS server has a number of features found in other servers, @@ -95,99 +88,92 @@ Support for RFC and VSA Attributes Additional server configuration attributes Selecting a particular configuration Authentication methods %package devel -Summary: FreeRADIUS development files -Requires: %{name} = %{version}-%{release} +Summary: FreeRADIUS development files +Requires: %{name} = %{version}-%{release} %description devel Development headers and libraries for FreeRADIUS. %package ldap -Summary: LDAP support for freeradius -Requires: %{name} = %{version}-%{release} -BuildRequires: openldap-devel +Summary: LDAP support for freeradius +BuildRequires: openldap-devel +Requires: %{name} = %{version}-%{release} %description ldap This plugin provides the LDAP support for the FreeRADIUS server project. %package krb5 -Summary: Kerberos 5 support for freeradius -Requires: %{name} = %{version}-%{release} -BuildRequires: krb5-devel +Summary: Kerberos 5 support for freeradius +BuildRequires: krb5-devel +Requires: %{name} = %{version}-%{release} %description krb5 This plugin provides the Kerberos 5 support for the FreeRADIUS server project. %package perl -Summary: Perl support for freeradius -Requires: %{name} = %{version}-%{release} -Requires: perl(:MODULE_COMPAT_%(eval "`%{__perl} -V:version`"; echo $version)) +Summary: Perl support for freeradius %{?fedora:BuildRequires: perl-devel} -BuildRequires: perl-devel -BuildRequires: perl-generators -BuildRequires: perl(ExtUtils::Embed) +BuildRequires: perl-devel +BuildRequires: perl-generators +BuildRequires: perl(ExtUtils::Embed) +Requires: %{name} = %{version}-%{release} +Requires: perl(:MODULE_COMPAT_%(eval "`perl -V:version`"; echo $version)) %description perl This plugin provides the Perl support for the FreeRADIUS server project. %package -n python3-freeradius -Summary: Python 3 support for freeradius -Requires: %{name} = %{version}-%{release} -BuildRequires: python3-devel +Summary: Python 3 support for freeradius %{?python_provide:%python_provide python3-freeradius} +BuildRequires: python3-devel +Requires: %{name} = %{version}-%{release} %description -n python3-freeradius This plugin provides the Python 3 support for the FreeRADIUS server project. %package mysql -Summary: MySQL support for freeradius -Requires: %{name} = %{version}-%{release} -BuildRequires: mariadb-connector-c-devel +Summary: MySQL support for freeradius +BuildRequires: mariadb-connector-c-devel +Requires: %{name} = %{version}-%{release} %description mysql This plugin provides the MySQL support for the FreeRADIUS server project. %package postgresql -Summary: Postgresql support for freeradius -Requires: %{name} = %{version}-%{release} -BuildRequires: libpq-devel +Summary: Postgresql support for freeradius +BuildRequires: libpq-devel +Requires: %{name} = %{version}-%{release} %description postgresql This plugin provides the postgresql support for the FreeRADIUS server project. %package sqlite -Summary: SQLite support for freeradius -Requires: %{name} = %{version}-%{release} -BuildRequires: sqlite-devel +Summary: SQLite support for freeradius +BuildRequires: sqlite-devel +Requires: %{name} = %{version}-%{release} %description sqlite This plugin provides the SQLite support for the FreeRADIUS server project. %package unixODBC -Summary: Unix ODBC support for freeradius -Requires: %{name} = %{version}-%{release} -BuildRequires: unixODBC-devel +Summary: Unix ODBC support for freeradius +BuildRequires: unixODBC-devel +Requires: %{name} = %{version}-%{release} %description unixODBC This plugin provides the unixODBC support for the FreeRADIUS server project. %package rest -Summary: REST support for freeradius -Requires: %{name} = %{version}-%{release} -BuildRequires: libcurl-devel -BuildRequires: json-c-devel +Summary: REST support for freeradius +BuildRequires: json-c-devel +BuildRequires: libcurl-devel +Requires: %{name} = %{version}-%{release} %description rest This plugin provides the REST support for the FreeRADIUS server project. %prep -%setup -q -n %{dist_base} -# Note: We explicitly do not make patch backup files because 'make install' -# mistakenly includes the backup files, especially problematic for raddb config files. -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 +%autosetup -p1 -n %{dist_base} %build # Force compile/link options, extra security for network facing daemon @@ -254,6 +240,7 @@ mkdir -p %{buildroot}%{_localstatedir}/run/ install -d -m 0710 %{buildroot}%{_localstatedir}/run/radiusd/ install -d -m 0700 %{buildroot}%{_localstatedir}/run/radiusd/tmp install -m 0644 %{SOURCE104} %{buildroot}%{_tmpfilesdir}/radiusd.conf +install -p -D -m 0644 %{SOURCE105} %{buildroot}%{_sysusersdir}/freeradius.conf # install SNMP MIB files mkdir -p $RPM_BUILD_ROOT%{_datadir}/snmp/mibs/ @@ -328,24 +315,16 @@ EOF # Make sure our user/group is present prior to any package or subpackage installation %pre -getent group radiusd >/dev/null || /usr/sbin/groupadd -r -g 95 radiusd > /dev/null 2>&1 -getent passwd radiusd >/dev/null || /usr/sbin/useradd -r -g radiusd -u 95 -c "radiusd user" -d %{_localstatedir}/lib/radiusd -s /usr/sbin/nologin radiusd > /dev/null 2>&1 -exit 0 +%sysusers_create_compat %{SOURCE105} %preun %systemd_preun radiusd.service %postun %systemd_postun_with_restart radiusd.service -if [ $1 -eq 0 ]; then # uninstall - getent passwd radiusd >/dev/null && /usr/sbin/userdel radiusd > /dev/null 2>&1 - getent group radiusd >/dev/null && /usr/sbin/groupdel radiusd > /dev/null 2>&1 -fi -exit 0 /bin/systemctl try-restart radiusd.service >/dev/null 2>&1 || : - %files # doc @@ -359,6 +338,7 @@ exit 0 %config(noreplace) %{_sysconfdir}/logrotate.d/radiusd %{_unitdir}/radiusd.service %{_tmpfilesdir}/radiusd.conf +%{_sysusersdir}/freeradius.conf %dir %attr(710,radiusd,radiusd) %{_localstatedir}/run/radiusd %dir %attr(700,radiusd,radiusd) %{_localstatedir}/run/radiusd/tmp %dir %attr(755,radiusd,radiusd) %{_localstatedir}/lib/radiusd @@ -391,7 +371,7 @@ exit 0 %dir %attr(770,root,radiusd) /etc/raddb/certs %config(noreplace) /etc/raddb/certs/Makefile %config(noreplace) /etc/raddb/certs/passwords.mk -/etc/raddb/certs/README +/etc/raddb/certs/README.md %config(noreplace) /etc/raddb/certs/xpextensions %attr(640,root,radiusd) %config(noreplace) /etc/raddb/certs/*.cnf %attr(750,root,radiusd) /etc/raddb/certs/bootstrap @@ -405,6 +385,7 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/files/* %dir %attr(750,root,radiusd) /etc/raddb/mods-config/preprocess %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/preprocess/* +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/realm/freeradius-naptr-to-home-server.sh %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter @@ -416,6 +397,8 @@ exit 0 # sites-available %dir %attr(750,root,radiusd) /etc/raddb/sites-available /etc/raddb/sites-available/README +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/aws-nlb +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/resource-check %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/control-socket %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/decoupled-accounting %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/robust-proxy-accounting @@ -437,8 +420,11 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/copy-acct-to-home-server %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/buffered-sql %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/tls +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/totp %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/channel_bindings %attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/challenge +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/google-ldap-auth +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/sites-available/tls-cache # sites-enabled # symlink: /etc/raddb/sites-enabled/xxx -> ../sites-available/xxx @@ -452,7 +438,7 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/always %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/attr_filter %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cache -%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cache_eap +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cache_auth %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/chap %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/counter %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/cui @@ -461,6 +447,9 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/detail.example.com %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/detail.log %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dhcp +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dhcp_files +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dhcp_passwd +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dhcp_sql %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dhcp_sqlippool %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/digest %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/dynamic_clients @@ -474,6 +463,8 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/idn %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/inner-eap %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/ippool +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/json +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/ldap_google %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/linelog %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/logintime %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/mac2ip @@ -481,7 +472,6 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/mschap %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/ntlm_auth %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/opendirectory -%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/otp %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/pam %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/pap %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/passwd @@ -498,9 +488,11 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/soh %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sometimes %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sql +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sql_map %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sqlcounter %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sqlippool %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/sradutmp +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/totp %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/unix %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/unpack %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/utf8 @@ -512,7 +504,6 @@ exit 0 %dir %attr(750,root,radiusd) /etc/raddb/mods-enabled %config(missingok) /etc/raddb/mods-enabled/always %config(missingok) /etc/raddb/mods-enabled/attr_filter -%config(missingok) /etc/raddb/mods-enabled/cache_eap %config(missingok) /etc/raddb/mods-enabled/chap %config(missingok) /etc/raddb/mods-enabled/date %config(missingok) /etc/raddb/mods-enabled/detail @@ -537,6 +528,7 @@ exit 0 %config(missingok) /etc/raddb/mods-enabled/replicate %config(missingok) /etc/raddb/mods-enabled/soh %config(missingok) /etc/raddb/mods-enabled/sradutmp +%config(missingok) /etc/raddb/mods-enabled/totp %config(missingok) /etc/raddb/mods-enabled/unix %config(missingok) /etc/raddb/mods-enabled/unpack %config(missingok) /etc/raddb/mods-enabled/utf8 @@ -585,7 +577,6 @@ exit 0 %{_libdir}/freeradius/rlm_cache_rbtree.so %{_libdir}/freeradius/rlm_chap.so %{_libdir}/freeradius/rlm_counter.so -%{_libdir}/freeradius/rlm_cram.so %{_libdir}/freeradius/rlm_date.so %{_libdir}/freeradius/rlm_detail.so %{_libdir}/freeradius/rlm_dhcp.so @@ -594,7 +585,6 @@ exit 0 %{_libdir}/freeradius/rlm_eap.so %{_libdir}/freeradius/rlm_eap_fast.so %{_libdir}/freeradius/rlm_eap_gtc.so -%{_libdir}/freeradius/rlm_eap_leap.so %{_libdir}/freeradius/rlm_eap_md5.so %{_libdir}/freeradius/rlm_eap_mschapv2.so %{_libdir}/freeradius/rlm_eap_peap.so @@ -609,10 +599,10 @@ exit 0 %{_libdir}/freeradius/rlm_expr.so %{_libdir}/freeradius/rlm_files.so %{_libdir}/freeradius/rlm_ippool.so +%{_libdir}/freeradius/rlm_json.so %{_libdir}/freeradius/rlm_linelog.so %{_libdir}/freeradius/rlm_logintime.so %{_libdir}/freeradius/rlm_mschap.so -%{_libdir}/freeradius/rlm_otp.so %{_libdir}/freeradius/rlm_pam.so %{_libdir}/freeradius/rlm_pap.so %{_libdir}/freeradius/rlm_passwd.so @@ -625,7 +615,9 @@ exit 0 %{_libdir}/freeradius/rlm_sql.so %{_libdir}/freeradius/rlm_sqlcounter.so %{_libdir}/freeradius/rlm_sqlippool.so +%{_libdir}/freeradius/rlm_sql_map.so %{_libdir}/freeradius/rlm_sql_null.so +%{_libdir}/freeradius/rlm_totp.so %{_libdir}/freeradius/rlm_unix.so %{_libdir}/freeradius/rlm_unpack.so %{_libdir}/freeradius/rlm_utf8.so @@ -633,31 +625,33 @@ exit 0 %{_libdir}/freeradius/rlm_yubikey.so # main man pages -%doc %{_mandir}/man5/clients.conf.5.gz -%doc %{_mandir}/man5/dictionary.5.gz -%doc %{_mandir}/man5/radiusd.conf.5.gz -%doc %{_mandir}/man5/radrelay.conf.5.gz -%doc %{_mandir}/man5/rlm_always.5.gz -%doc %{_mandir}/man5/rlm_attr_filter.5.gz -%doc %{_mandir}/man5/rlm_chap.5.gz -%doc %{_mandir}/man5/rlm_counter.5.gz -%doc %{_mandir}/man5/rlm_detail.5.gz -%doc %{_mandir}/man5/rlm_digest.5.gz -%doc %{_mandir}/man5/rlm_expr.5.gz -%doc %{_mandir}/man5/rlm_files.5.gz -%doc %{_mandir}/man5/rlm_idn.5.gz -%doc %{_mandir}/man5/rlm_mschap.5.gz -%doc %{_mandir}/man5/rlm_pap.5.gz -%doc %{_mandir}/man5/rlm_passwd.5.gz -%doc %{_mandir}/man5/rlm_realm.5.gz -%doc %{_mandir}/man5/rlm_sql.5.gz -%doc %{_mandir}/man5/rlm_unix.5.gz -%doc %{_mandir}/man5/unlang.5.gz -%doc %{_mandir}/man5/users.5.gz -%doc %{_mandir}/man8/raddebug.8.gz -%doc %{_mandir}/man8/radiusd.8.gz -%doc %{_mandir}/man8/radmin.8.gz -%doc %{_mandir}/man8/radrelay.8.gz +%{_mandir}/man5/clients.conf.5.gz +%{_mandir}/man5/dictionary.5.gz +%{_mandir}/man5/radiusd.conf.5.gz +%{_mandir}/man5/radrelay.conf.5.gz +%{_mandir}/man5/rlm_always.5.gz +%{_mandir}/man5/rlm_attr_filter.5.gz +%{_mandir}/man5/rlm_chap.5.gz +%{_mandir}/man5/rlm_counter.5.gz +%{_mandir}/man5/rlm_detail.5.gz +%{_mandir}/man5/rlm_digest.5.gz +%{_mandir}/man5/rlm_expr.5.gz +%{_mandir}/man5/rlm_files.5.gz +%{_mandir}/man5/rlm_idn.5.gz +%{_mandir}/man5/rlm_mschap.5.gz +%{_mandir}/man5/rlm_pap.5.gz +%{_mandir}/man5/rlm_passwd.5.gz +%{_mandir}/man5/rlm_realm.5.gz +%{_mandir}/man5/rlm_sql.5.gz +%{_mandir}/man5/rlm_unbound.5.gz +%{_mandir}/man5/rlm_unix.5.gz +%{_mandir}/man5/unlang.5.gz +%{_mandir}/man5/users.5.gz +%{_mandir}/man8/raddebug.8.gz +%{_mandir}/man8/radiusd.8.gz +%{_mandir}/man8/radmin.8.gz +%{_mandir}/man8/radrelay.8.gz +%{_mandir}/man8/rlm_sqlippool_tool.8.gz # MIB files %{_datadir}/snmp/mibs/*RADIUS*.mib @@ -666,7 +660,6 @@ exit 0 %doc %{docdir}/ - %files utils /usr/bin/* @@ -711,6 +704,7 @@ exit 0 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter/mysql %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/mysql/dailycounter.conf %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/mysql/expire_on_login.conf +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/mysql/weeklycounter.conf %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/mysql/monthlycounter.conf %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/mysql/noresetcounter.conf @@ -718,14 +712,49 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/mysql/queries.conf %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/cui/mysql/schema.sql +%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/dhcp/mssql +%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/mssql/queries.conf +%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/mssql/schema.sql + +%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/dhcp/mysql +%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/mysql/queries.conf +%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/mysql/schema.sql +%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/mysql/setup.sql + +%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/dhcp/oracle +%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/oracle/queries.conf +%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/oracle/schema.sql + +%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/dhcp/postgresql +%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/postgresql/queries.conf +%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/postgresql/schema.sql +%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/postgresql/setup.sql + +%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/dhcp/sqlite +%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/sqlite/queries.conf +%attr(640,root,radiusd) /etc/raddb/mods-config/sql/dhcp/sqlite/schema.sql + %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool/mysql %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/mysql/queries.conf %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/mysql/schema.sql %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/mysql/procedure.sql +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool/mysql/procedure-no-skip-locked.sql %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp/mysql %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mysql/queries.conf %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mysql/schema.sql +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mysql/procedure.sql +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mysql/procedure-no-skip-locked.sql + +%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp/mssql +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mssql/procedure.sql +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mssql/queries.conf +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/mssql/schema.sql + +%dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/ippool-dhcp/postgresql +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/postgresql/procedure.sql +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/postgresql/queries.conf +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/ippool-dhcp/postgresql/schema.sql %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/mysql %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/mysql/setup.sql @@ -749,6 +778,7 @@ exit 0 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter/postgresql %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/dailycounter.conf %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/expire_on_login.conf +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/weeklycounter.conf %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/monthlycounter.conf %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/postgresql/noresetcounter.conf @@ -777,6 +807,7 @@ exit 0 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/counter/sqlite %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/sqlite/dailycounter.conf %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/sqlite/expire_on_login.conf +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/sqlite/weeklycounter.conf %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/sqlite/monthlycounter.conf %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/counter/sqlite/noresetcounter.conf @@ -795,8 +826,9 @@ exit 0 %dir %attr(750,root,radiusd) /etc/raddb/mods-config/sql/main/sqlite %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/sqlite/queries.conf %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/sqlite/schema.sql -%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/sqlite/process-radacct-refresh.sh %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/sqlite/process-radacct-schema.sql +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/sqlite/process-radacct-close-after-reload.pl +%attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-config/sql/main/sqlite/process-radacct-new-data-usage-period.sh %{_libdir}/freeradius/rlm_sql_sqlite.so @@ -812,6 +844,14 @@ exit 0 %attr(640,root,radiusd) %config(noreplace) /etc/raddb/mods-available/rest %changelog +* Tue Sep 05 2023 Archana Choudhary - 3.2.3-1 +- Upgrade to 3.2.3 +- Address CVE-2022-41860, CVE-2022-41861 +- Update Patch2 & Patch4 +- Add Patch6 to address build error +- Add Source105 for user management during installation +- License verified + * Fri Apr 30 2021 Pawel Winogrodzki - 3.0.21-9 - Making binaries paths compatible with CBL-Mariner's paths. @@ -1291,7 +1331,6 @@ exit 0 config test on restart. * Added cache config item to rlm_krb5. When set to "no" ticket caching is disabled which may increase performance. - Bug fixes * Fix CVE-2012-3547. All users of 2.1.10, 2.1.11, 2.1.12, and 802.1X should upgrade immediately. @@ -1411,7 +1450,6 @@ exit 0 radclient continues to be more flexible. * Updated Oracle schema and queries * Added SecurID module. See src/modules/rlm_securid/README - Bug fixes * Fix memory leak in rlm_detail * Fix "failed to insert event" @@ -1485,7 +1523,6 @@ exit 0 "foo", "authorize" method. * Produce errors in more situations when the configuration files have invalid syntax. - Bug fixes * Ignore pre/post-proxy sections if proxying is disabled * Add configure checks for pcap_fopen*. @@ -1631,7 +1668,6 @@ exit 0 in sql{} section. * Added %%{tolower: ...string ... }, which returns the lowercase version of the string. Also added %%{toupper: ... } for uppercase. - Bug fixes * Fix endless loop when there are multiple sub-options for DHCP option 82. @@ -1748,7 +1784,6 @@ exit 0 * Added documentation for CoA. See raddb/sites-available/coa * Add sub-option support for Option 82. See dictionary.dhcp * Add "server" field to default SQL NAS table, and documented it. - Bug fixes * Reset "received ping" counter for Status-Server checks. In some corner cases it was not getting reset. @@ -1834,7 +1869,6 @@ exit 0 * Allow accounting packets to be written to a detail file, even if they were read from a different detail file. * Added OpenSSL license exception (src/LICENSE.openssl) - Bug fixes * DHCP sockets can now set the broadcast flag before binding to a socket. You need to set "broadcast = yes" in the DHCP listener. @@ -2086,7 +2120,6 @@ exit 0 * Remove macro that was causing build issues on some platforms. * Fixed issues with dead home servers. Bug noted by Chris Moules. * Fixed "access after free" with some dynamic clients. - - fix packaging bug, some directories missing execute permission /etc/raddb/dictionary now readable by all. diff --git a/SPECS-EXTENDED/freeradius/freeradius.sysusers b/SPECS-EXTENDED/freeradius/freeradius.sysusers new file mode 100644 index 00000000000..af912e0493d --- /dev/null +++ b/SPECS-EXTENDED/freeradius/freeradius.sysusers @@ -0,0 +1,3 @@ +#Type Name ID GECOS Home directory Shell +u radiusd 95 "radiusd user" /var/lib/radiusd /sbin/nologin +g radiusd 95 - - - diff --git a/cgmanifest.json b/cgmanifest.json index ed890eacc0c..74ff7da3c4d 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -3920,8 +3920,8 @@ "type": "other", "other": { "name": "freeradius", - "version": "3.0.21", - "downloadUrl": "ftp://ftp.freeradius.org/pub/radius/freeradius-server-3.0.21.tar.bz2" + "version": "3.2.3", + "downloadUrl": "ftp://ftp.freeradius.org/pub/radius/freeradius-server-3.2.3.tar.bz2" } } }, @@ -30887,4 +30887,4 @@ } ], "Version": 1 -} \ No newline at end of file +} From 6a8f378cad9babb595bfd5e1bccf7a8771dd817e Mon Sep 17 00:00:00 2001 From: Maxwell McKee <66395252+mamckee@users.noreply.github.com> Date: Fri, 22 Sep 2023 10:07:32 -0700 Subject: [PATCH 04/47] Update KeysInUse-OpenSSL package to 0.3.4 (#5968) Co-authored-by: Olivia Crain --- .../KeysInUse-OpenSSL.signatures.json | 2 +- SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.spec | 12 +++++++----- cgmanifest.json | 4 ++-- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.signatures.json b/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.signatures.json index d035e46a775..2dce6524eb6 100644 --- a/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.signatures.json +++ b/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "KeysInUse-OpenSSL-0.3.3.tar.gz": "afb692e47aa1b58c04f2613546926682d19dcddcff4870f7a7d98123b7b9b01d" + "KeysInUse-OpenSSL-0.3.4.tar.gz": "350c2ec3521ff711e7451f16e17ebbdf731e28dbd93df35faa0950e0b776e246" } } \ No newline at end of file diff --git a/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.spec b/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.spec index 8ba59e772ef..b122be1bd8d 100644 --- a/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.spec +++ b/SPECS/KeysInUse-OpenSSL/KeysInUse-OpenSSL.spec @@ -1,14 +1,13 @@ Summary: The KeysInUse Engine for OpenSSL allows the logging of private key usage through OpenSSL Name: KeysInUse-OpenSSL -Version: 0.3.3 -Release: 5%{?dist} +Version: 0.3.4 +Release: 1%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner Group: System/Libraries URL: https://github.com/microsoft/KeysInUse-OpenSSL -#Source0: https://github.com/microsoft/KeysInUse-OpenSSL/archive/v%{version}.tar.gz -Source0: %{name}-%{version}.tar.gz +Source0: https://github.com/microsoft/KeysInUse-OpenSSL/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz BuildRequires: cmake BuildRequires: gcc BuildRequires: golang >= 1.16.6 @@ -18,7 +17,7 @@ Requires: openssl < 1.1.2 Requires: openssl >= 1.1.1 %description - The KeysInUse Engine for OpenSSL allows the logging of private key usage through OpenSSL +The KeysInUse Engine for OpenSSL allows the logging of private key usage through OpenSSL %ifarch x86_64 %define keysinuse_arch amd64 @@ -75,6 +74,9 @@ if [ -x %{_bindir}/keysinuseutil ]; then fi %changelog +* Fri Sep 22 2023 Maxwell Moyer-McKee - 0.3.4-1 +- Fix memory leak for high reload public keys + * Wed Sep 20 2023 Jon Slobodzian - 0.3.3-5 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) diff --git a/cgmanifest.json b/cgmanifest.json index 74ff7da3c4d..2c721b95e4b 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -8281,8 +8281,8 @@ "type": "other", "other": { "name": "KeysInUse-OpenSSL", - "version": "0.3.3", - "downloadUrl": "https://github.com/microsoft/KeysInUse-OpenSSL/archive/v0.3.3.tar.gz" + "version": "0.3.4", + "downloadUrl": "https://github.com/microsoft/KeysInUse-OpenSSL/archive/v0.3.4.tar.gz" } } }, From fa6a4db8f33681ebb3d9c7ba8bf37c8d5b8ac150 Mon Sep 17 00:00:00 2001 From: Archana Choudhary <36061892+arc9693@users.noreply.github.com> Date: Mon, 25 Sep 2023 11:03:51 +0530 Subject: [PATCH 05/47] Upgrade libvorbis 1.3.6->1.3.7 to address CVE-2018-10392 CVE-2018-10393 (#6257) * Upgrade libvorbis to 1.3.7 CVE-2018-10392 CVE-2018-10393 * Remove 1.3.6 patch * Add license verification --- .../libvorbis/libvorbis-1.3.6-git.patch | 215 ------------------ .../libvorbis/libvorbis.signatures.json | 6 +- SPECS-EXTENDED/libvorbis/libvorbis.spec | 24 +- cgmanifest.json | 4 +- 4 files changed, 12 insertions(+), 237 deletions(-) delete mode 100644 SPECS-EXTENDED/libvorbis/libvorbis-1.3.6-git.patch diff --git a/SPECS-EXTENDED/libvorbis/libvorbis-1.3.6-git.patch b/SPECS-EXTENDED/libvorbis/libvorbis-1.3.6-git.patch deleted file mode 100644 index e7714d200a5..00000000000 --- a/SPECS-EXTENDED/libvorbis/libvorbis-1.3.6-git.patch +++ /dev/null @@ -1,215 +0,0 @@ -diff --git a/Brewfile b/Brewfile -new file mode 100644 -index 0000000..af81e5b ---- /dev/null -+++ b/Brewfile -@@ -0,0 +1,3 @@ -+brew 'doxygen' -+brew 'libogg' -+brew 'xz' -diff --git a/Makefile.am b/Makefile.am -index c35131a..3feaf72 100644 ---- a/Makefile.am -+++ b/Makefile.am -@@ -26,7 +26,7 @@ EXTRA_DIST = \ - vorbisenc-uninstalled.pc.in \ - vorbisfile-uninstalled.pc.in \ - symbian \ -- macosx win32 -+ macosx win32 CMakeLists.txt - - - DISTCHECK_CONFIGURE_FLAGS = --enable-docs -diff --git a/contrib/oss-fuzz/build.sh b/contrib/oss-fuzz/build.sh -new file mode 100755 -index 0000000..29e7f38 ---- /dev/null -+++ b/contrib/oss-fuzz/build.sh -@@ -0,0 +1,23 @@ -+#!/bin/bash -eu -+ -+pushd $SRC -+mv people.xiph.org/*.ogg decode_corpus/ -+zip -r "$OUT/decode_fuzzer_seed_corpus.zip" decode_corpus/ -+popd -+ -+pushd $SRC/ogg -+./autogen.sh -+./configure --prefix="$WORK" --enable-static --disable-shared --disable-crc -+make clean -+make -j$(nproc) -+make install -+popd -+ -+ -+./autogen.sh -+./configure --prefix="$WORK" --enable-static --disable-shared -+make clean -+make -j$(nproc) -+make install -+ -+$CXX $CXXFLAGS $SRC/vorbis/contrib/oss-fuzz/decode_fuzzer.cc -o $OUT/decode_fuzzer -L"$WORK/lib" -I"$WORK/include" -lFuzzingEngine -lvorbisfile -lvorbis -logg -diff --git a/contrib/oss-fuzz/decode_fuzzer.cc b/contrib/oss-fuzz/decode_fuzzer.cc -new file mode 100644 -index 0000000..b8840c1 ---- /dev/null -+++ b/contrib/oss-fuzz/decode_fuzzer.cc -@@ -0,0 +1,48 @@ -+#include -+#include -+#include -+#include -+ -+struct vorbis_data { -+ const uint8_t *current; -+ const uint8_t *data; -+ size_t size; -+}; -+ -+size_t read_func(void *ptr, size_t size1, size_t size2, void *datasource) { -+ vorbis_data* vd = (vorbis_data *)(datasource); -+ size_t len = size1 * size2; -+ if (vd->current + len > vd->data + vd->size) { -+ len = vd->data + vd->size - vd->current; -+ } -+ memcpy(ptr, vd->current, len); -+ vd->current += len; -+ return len; -+} -+ -+ -+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { -+ ov_callbacks memory_callbacks = {0}; -+ memory_callbacks.read_func = read_func; -+ vorbis_data data_st; -+ data_st.size = Size; -+ data_st.current = Data; -+ data_st.data = Data; -+ OggVorbis_File vf; -+ int result = ov_open_callbacks(&data_st, &vf, NULL, 0, memory_callbacks); -+ if (result < 0) { -+ return 0; -+ } -+ int current_section = 0; -+ int eof = 0; -+ char buf[4096]; -+ int read_result; -+ while (!eof) { -+ read_result = ov_read(&vf, buf, sizeof(buf), 0, 2, 1, ¤t_section); -+ if (read_result != OV_HOLE && read_result <= 0) { -+ eof = 1; -+ } -+ } -+ ov_clear(&vf); -+ return 0; -+} -diff --git a/lib/Makefile.am b/lib/Makefile.am -index cd5afdf..e22895e 100644 ---- a/lib/Makefile.am -+++ b/lib/Makefile.am -@@ -35,7 +35,7 @@ psytune_SOURCES = psytune.c - psytune_LDFLAGS = -static - psytune_LDADD = libvorbis.la - --EXTRA_DIST = lookups.pl -+EXTRA_DIST = lookups.pl CMakeLists.txt - - # build and run the self tests on 'make check' - -diff --git a/lib/info.c b/lib/info.c -index 3fbb7c7..23efa25 100644 ---- a/lib/info.c -+++ b/lib/info.c -@@ -203,6 +203,7 @@ void vorbis_info_clear(vorbis_info *vi){ - - static int _vorbis_unpack_info(vorbis_info *vi,oggpack_buffer *opb){ - codec_setup_info *ci=vi->codec_setup; -+ int bs; - if(!ci)return(OV_EFAULT); - - vi->version=oggpack_read(opb,32); -@@ -215,8 +216,12 @@ static int _vorbis_unpack_info(vorbis_info *vi,oggpack_buffer *opb){ - vi->bitrate_nominal=(ogg_int32_t)oggpack_read(opb,32); - vi->bitrate_lower=(ogg_int32_t)oggpack_read(opb,32); - -- ci->blocksizes[0]=1<blocksizes[1]=1<blocksizes[0]=1<blocksizes[1]=1<rate<1)goto err_out; - if(vi->channels<1)goto err_out; -diff --git a/lib/os.h b/lib/os.h -index 416a401..e098926 100644 ---- a/lib/os.h -+++ b/lib/os.h -@@ -120,7 +120,7 @@ static inline int vorbis_ftoi(double f){ /* yes, double! Otherwise, - /* MSVC inline assembly. 32 bit only; inline ASM isn't implemented in the - * 64 bit compiler and doesn't work on arm. */ - #if defined(_MSC_VER) && !defined(_WIN64) && \ -- !defined(_WIN32_WCE) && !defined(_M_ARM) -+ !defined(_WIN32_WCE) && !defined(_M_ARM) && !defined(_M_ARM64) - # define VORBIS_FPU_CONTROL - - typedef ogg_int16_t vorbis_fpu_control; -diff --git a/lib/psy.c b/lib/psy.c -index 422c6f1..1310123 100644 ---- a/lib/psy.c -+++ b/lib/psy.c -@@ -602,8 +602,9 @@ static void bark_noise_hybridmp(int n,const long *b, - for (i = 0, x = 0.f;; i++, x += 1.f) { - - lo = b[i] >> 16; -- if( lo>=0 ) break; - hi = b[i] & 0xffff; -+ if( lo>=0 ) break; -+ if( hi>=n ) break; - - tN = N[hi] + N[-lo]; - tX = X[hi] - X[-lo]; -diff --git a/lib/sharedbook.c b/lib/sharedbook.c -index 4545d4f..8d73daa 100644 ---- a/lib/sharedbook.c -+++ b/lib/sharedbook.c -@@ -62,7 +62,15 @@ float _float32_unpack(long val){ - int sign=val&0x80000000; - long exp =(val&0x7fe00000L)>>VQ_FMAN; - if(sign)mant= -mant; -- return(ldexp(mant,exp-(VQ_FMAN-1)-VQ_FEXP_BIAS)); -+ exp=exp-(VQ_FMAN-1)-VQ_FEXP_BIAS; -+ /* clamp excessive exponent values */ -+ if (exp>63){ -+ exp=63; -+ } -+ if (exp<-63){ -+ exp-63; -+ } -+ return(ldexp(mant,exp)); - } - - /* given a list of word lengths, generate a list of codewords. Works -diff --git a/lib/vorbisenc.c b/lib/vorbisenc.c -index 4a4607c..64a51b5 100644 ---- a/lib/vorbisenc.c -+++ b/lib/vorbisenc.c -@@ -684,6 +684,7 @@ int vorbis_encode_setup_init(vorbis_info *vi){ - highlevel_encode_setup *hi=&ci->hi; - - if(ci==NULL)return(OV_EINVAL); -+ if(vi->channels<1||vi->channels>255)return(OV_EINVAL); - if(!hi->impulse_block_p)i0=1; - - /* too low/high an ATH floater is nonsensical, but doesn't break anything */ -@@ -1210,7 +1211,7 @@ int vorbis_encode_ctl(vorbis_info *vi,int number,void *arg){ - hi->req, - hi->managed, - &new_base); -- if(!hi->setup)return OV_EIMPL; -+ if(!new_template)return OV_EIMPL; - hi->setup=new_template; - hi->base_setting=new_base; - vorbis_encode_setup_setting(vi,vi->channels,vi->rate); diff --git a/SPECS-EXTENDED/libvorbis/libvorbis.signatures.json b/SPECS-EXTENDED/libvorbis/libvorbis.signatures.json index 2046c80d55b..bc71e752486 100644 --- a/SPECS-EXTENDED/libvorbis/libvorbis.signatures.json +++ b/SPECS-EXTENDED/libvorbis/libvorbis.signatures.json @@ -1,5 +1,5 @@ { - "Signatures": { - "libvorbis-1.3.6.tar.xz": "af00bb5a784e7c9e69f56823de4637c350643deedaf333d0fa86ecdba6fcb415" - } + "Signatures": { + "libvorbis-1.3.7.tar.xz": "b33cc4934322bcbf6efcbacf49e3ca01aadbea4114ec9589d1b1e9d20f72954b" + } } \ No newline at end of file diff --git a/SPECS-EXTENDED/libvorbis/libvorbis.spec b/SPECS-EXTENDED/libvorbis/libvorbis.spec index 23596e4e3b2..88302abe096 100644 --- a/SPECS-EXTENDED/libvorbis/libvorbis.spec +++ b/SPECS-EXTENDED/libvorbis/libvorbis.spec @@ -4,28 +4,14 @@ Distribution: Mariner Summary: The Vorbis General Audio Compression Codec Name: libvorbis -Version: 1.3.6 -Release: 8%{?dist} +Version: 1.3.7 +Release: 1%{?dist} License: BSD URL: https://www.xiph.org/ Source: https://downloads.xiph.org/releases/vorbis/%{name}-%{version}.tar.xz BuildRequires: gcc BuildRequires: pkgconfig(ogg) >= 1.0 -# sync with git as of -# -# commit 46e70fa6573e206c2555cd99a53204ffd6bf58fd -# Author: Minmin Gong -# Date: Wed Jul 4 21:37:54 2018 -0700 -# -# Fix the compiling errors on msvc ARM64 configuration. -# -# Fixes: -# CVE-2017-14160 -# CVE-2018-10392 -# CVE-2018-10393 -Patch0: libvorbis-1.3.6-git.patch - %description Ogg Vorbis is a fully open, non-proprietary, patent- and royalty-free, general-purpose compressed audio format for audio and music at fixed @@ -53,7 +39,6 @@ Documentation for developing applications with libvorbis. %prep %setup -q -%patch0 -p1 sed -i "s|-O20|$RPM_OPT_FLAGS|" configure sed -i "s/-ffast-math//" configure sed -i "s/-mcpu=750//" configure @@ -92,6 +77,11 @@ make check %ldconfig_scriptlets %changelog +* Wed Sep 06 2023 Archana Choudhary - 1.3.7-1 +- Upgrade to 1.3.7 - CVE-2018-10392 CVE-2018-10393 +- Remove patch libvorbis-1.3.6-git.patch +- License verified + * Mon Nov 01 2021 Muhammad Falak - 1.3.6-8 - Remove epoch diff --git a/cgmanifest.json b/cgmanifest.json index 2c721b95e4b..8cd56220799 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -11521,8 +11521,8 @@ "type": "other", "other": { "name": "libvorbis", - "version": "1.3.6", - "downloadUrl": "https://downloads.xiph.org/releases/vorbis/libvorbis-1.3.6.tar.xz" + "version": "1.3.7", + "downloadUrl": "https://downloads.xiph.org/releases/vorbis/libvorbis-1.3.7.tar.xz" } } }, From cb5b8d92500536729779627c5b84a29aa5155b4f Mon Sep 17 00:00:00 2001 From: Andrew Phelps Date: Mon, 25 Sep 2023 11:14:41 -0700 Subject: [PATCH 06/47] util-linux: add su-l file for PAM (#6254) * add su-l file to util-linux * update manifests * bump to release 8 after merging with main * linting --- SPECS/util-linux/su-l | 6 ++++++ SPECS/util-linux/util-linux.signatures.json | 1 + SPECS/util-linux/util-linux.spec | 8 +++++++- .../manifests/package/pkggen_core_aarch64.txt | 6 +++--- .../resources/manifests/package/pkggen_core_x86_64.txt | 6 +++--- .../resources/manifests/package/toolchain_aarch64.txt | 10 +++++----- .../resources/manifests/package/toolchain_x86_64.txt | 10 +++++----- 7 files changed, 30 insertions(+), 17 deletions(-) create mode 100644 SPECS/util-linux/su-l diff --git a/SPECS/util-linux/su-l b/SPECS/util-linux/su-l new file mode 100644 index 00000000000..656a139a8b5 --- /dev/null +++ b/SPECS/util-linux/su-l @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include su +account include su +password include su +session optional pam_keyinit.so force revoke +session include su diff --git a/SPECS/util-linux/util-linux.signatures.json b/SPECS/util-linux/util-linux.signatures.json index 04a78d31d30..59b2fdce8b9 100644 --- a/SPECS/util-linux/util-linux.signatures.json +++ b/SPECS/util-linux/util-linux.signatures.json @@ -3,6 +3,7 @@ "runuser": "eeae2dbb15691906da1a45e6b952fa0ebf8323c75a5a32d7fe53904625f48b49", "runuser-l": "406d5056ad272301d0523c35c0b4608dfd388db895656fa1a04e20d13fff9340", "su": "95d3c92017809b11a24f456cc5bc16bf2174380f97942d435314ef24fab75885", + "su-l": "4d10241676e97e5e8d8935e5c8e8f6cb2f871afb881059715f155909be9ebd77", "util-linux-2.37.4.tar.xz": "634e6916ad913366c3536b6468e7844769549b99a7b2bf80314de78ab5655b83" } } \ No newline at end of file diff --git a/SPECS/util-linux/util-linux.spec b/SPECS/util-linux/util-linux.spec index 54b75dd3df9..a2b0ad0d8d5 100644 --- a/SPECS/util-linux/util-linux.spec +++ b/SPECS/util-linux/util-linux.spec @@ -1,7 +1,7 @@ Summary: Utilities for file systems, consoles, partitions, and messages Name: util-linux Version: 2.37.4 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -11,6 +11,7 @@ Source0: https://mirrors.edge.kernel.org/pub/linux/utils/%{name}/v2.37/%{ Source1: runuser Source2: runuser-l Source3: su +Source4: su-l Patch0: libblkid-src-probe-check-for-ENOMEDIUM.patch BuildRequires: audit-devel BuildRequires: libcap-ng-devel @@ -97,6 +98,7 @@ install -vdm755 %{buildroot}%{_sysconfdir}/pam.d install -vm644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pam.d/ install -vm644 %{SOURCE3} %{buildroot}%{_sysconfdir}/pam.d/ +install -vm644 %{SOURCE4} %{buildroot}%{_sysconfdir}/pam.d/ %check chown -Rv nobody . @@ -126,6 +128,7 @@ rm -rf %{buildroot}/lib/systemd/system %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/runuser %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/runuser-l %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/su +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/su-l %files lang -f %{name}.lang %defattr(-,root,root) @@ -148,6 +151,9 @@ rm -rf %{buildroot}/lib/systemd/system %{_mandir}/man3/* %changelog +* Thu Sep 21 2023 Andrew Phelps - 2.37.4-8 +- Add su-l file for PAM + * Wed Sep 20 2023 Jon Slobodzian - 2.37.4-7 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index d7df26a436e..c892700c1a9 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -66,9 +66,9 @@ make-4.3-3.cm2.aarch64.rpm patch-2.7.6-8.cm2.aarch64.rpm libcap-ng-0.8.2-2.cm2.aarch64.rpm libcap-ng-devel-0.8.2-2.cm2.aarch64.rpm -util-linux-2.37.4-7.cm2.aarch64.rpm -util-linux-devel-2.37.4-7.cm2.aarch64.rpm -util-linux-libs-2.37.4-7.cm2.aarch64.rpm +util-linux-2.37.4-8.cm2.aarch64.rpm +util-linux-devel-2.37.4-8.cm2.aarch64.rpm +util-linux-libs-2.37.4-8.cm2.aarch64.rpm tar-1.34-2.cm2.aarch64.rpm xz-5.2.5-1.cm2.aarch64.rpm xz-devel-5.2.5-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 5f7dbae7587..d33ae333a9b 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -66,9 +66,9 @@ make-4.3-3.cm2.x86_64.rpm patch-2.7.6-8.cm2.x86_64.rpm libcap-ng-0.8.2-2.cm2.x86_64.rpm libcap-ng-devel-0.8.2-2.cm2.x86_64.rpm -util-linux-2.37.4-7.cm2.x86_64.rpm -util-linux-devel-2.37.4-7.cm2.x86_64.rpm -util-linux-libs-2.37.4-7.cm2.x86_64.rpm +util-linux-2.37.4-8.cm2.x86_64.rpm +util-linux-devel-2.37.4-8.cm2.x86_64.rpm +util-linux-libs-2.37.4-8.cm2.x86_64.rpm tar-1.34-2.cm2.x86_64.rpm xz-5.2.5-1.cm2.x86_64.rpm xz-devel-5.2.5-1.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index f2f52e07b93..9cf2412c398 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -570,11 +570,11 @@ texinfo-6.8-1.cm2.aarch64.rpm texinfo-debuginfo-6.8-1.cm2.aarch64.rpm unzip-6.0-20.cm2.aarch64.rpm unzip-debuginfo-6.0-20.cm2.aarch64.rpm -util-linux-2.37.4-7.cm2.aarch64.rpm -util-linux-debuginfo-2.37.4-7.cm2.aarch64.rpm -util-linux-devel-2.37.4-7.cm2.aarch64.rpm -util-linux-lang-2.37.4-7.cm2.aarch64.rpm -util-linux-libs-2.37.4-7.cm2.aarch64.rpm +util-linux-2.37.4-8.cm2.aarch64.rpm +util-linux-debuginfo-2.37.4-8.cm2.aarch64.rpm +util-linux-devel-2.37.4-8.cm2.aarch64.rpm +util-linux-lang-2.37.4-8.cm2.aarch64.rpm +util-linux-libs-2.37.4-8.cm2.aarch64.rpm which-2.21-8.cm2.aarch64.rpm which-debuginfo-2.21-8.cm2.aarch64.rpm xz-5.2.5-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index a8f4d1879a7..6f1bd18d6ac 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -570,11 +570,11 @@ texinfo-6.8-1.cm2.x86_64.rpm texinfo-debuginfo-6.8-1.cm2.x86_64.rpm unzip-6.0-20.cm2.x86_64.rpm unzip-debuginfo-6.0-20.cm2.x86_64.rpm -util-linux-2.37.4-7.cm2.x86_64.rpm -util-linux-debuginfo-2.37.4-7.cm2.x86_64.rpm -util-linux-devel-2.37.4-7.cm2.x86_64.rpm -util-linux-lang-2.37.4-7.cm2.x86_64.rpm -util-linux-libs-2.37.4-7.cm2.x86_64.rpm +util-linux-2.37.4-8.cm2.x86_64.rpm +util-linux-debuginfo-2.37.4-8.cm2.x86_64.rpm +util-linux-devel-2.37.4-8.cm2.x86_64.rpm +util-linux-lang-2.37.4-8.cm2.x86_64.rpm +util-linux-libs-2.37.4-8.cm2.x86_64.rpm which-2.21-8.cm2.x86_64.rpm which-debuginfo-2.21-8.cm2.x86_64.rpm xz-5.2.5-1.cm2.x86_64.rpm From b8d0cb188cfce573c758b7379fe239932190c134 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Mon, 25 Sep 2023 11:19:41 -0700 Subject: [PATCH 07/47] Upgrade curl to 8.3.0 CVE-2023-38039 (#6261) --- SPECS/curl/curl.signatures.json | 2 +- SPECS/curl/curl.spec | 5 ++++- cgmanifest.json | 4 ++-- .../resources/manifests/package/pkggen_core_aarch64.txt | 6 +++--- .../resources/manifests/package/pkggen_core_x86_64.txt | 6 +++--- toolkit/resources/manifests/package/toolchain_aarch64.txt | 8 ++++---- toolkit/resources/manifests/package/toolchain_x86_64.txt | 8 ++++---- 7 files changed, 21 insertions(+), 18 deletions(-) diff --git a/SPECS/curl/curl.signatures.json b/SPECS/curl/curl.signatures.json index 884280e51ad..09cf9a3c71e 100644 --- a/SPECS/curl/curl.signatures.json +++ b/SPECS/curl/curl.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "curl-8.2.1.tar.gz": "f98bdb06c0f52bdd19e63c4a77b5eb19b243bcbbd0f5b002b9f3cba7295a3a42" + "curl-8.3.0.tar.gz": "d3a19aeea301085a56c32bc0f7d924a818a7893af253e41505d1e26d7db8e95a" } } \ No newline at end of file diff --git a/SPECS/curl/curl.spec b/SPECS/curl/curl.spec index d141226b548..aba1f2bd9ff 100644 --- a/SPECS/curl/curl.spec +++ b/SPECS/curl/curl.spec @@ -1,6 +1,6 @@ Summary: An URL retrieval utility and library Name: curl -Version: 8.2.1 +Version: 8.3.0 Release: 1%{?dist} License: curl Vendor: Microsoft Corporation @@ -85,6 +85,9 @@ find %{buildroot} -type f -name "*.la" -delete -print %{_libdir}/libcurl.so.* %changelog +* Thu Sep 21 2023 CBL-Mariner Servicing Account - 8.3.0-1 +- Auto-upgrade to 8.3.0 - CVE-2023-38039 + * Tue Aug 08 2023 Muhammad Falak - 8.2.1-1 - Bump curl to 8.2.1 to address CVE-2023-32001 - Drop un-needed patch diff --git a/cgmanifest.json b/cgmanifest.json index 8cd56220799..f23d1f5623b 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -2397,8 +2397,8 @@ "type": "other", "other": { "name": "curl", - "version": "8.2.1", - "downloadUrl": "https://curl.haxx.se/download/curl-8.2.1.tar.gz" + "version": "8.3.0", + "downloadUrl": "https://curl.haxx.se/download/curl-8.3.0.tar.gz" } } }, diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index c892700c1a9..11ee772c79f 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -190,9 +190,9 @@ libssh2-1.9.0-3.cm2.aarch64.rpm libssh2-devel-1.9.0-3.cm2.aarch64.rpm krb5-1.19.4-2.cm2.aarch64.rpm nghttp2-1.46.0-3.cm2.aarch64.rpm -curl-8.2.1-1.cm2.aarch64.rpm -curl-devel-8.2.1-1.cm2.aarch64.rpm -curl-libs-8.2.1-1.cm2.aarch64.rpm +curl-8.3.0-1.cm2.aarch64.rpm +curl-devel-8.3.0-1.cm2.aarch64.rpm +curl-libs-8.3.0-1.cm2.aarch64.rpm createrepo_c-0.17.5-1.cm2.aarch64.rpm libxml2-2.10.4-1.cm2.aarch64.rpm libxml2-devel-2.10.4-1.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index d33ae333a9b..b5db9c00bc8 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -190,9 +190,9 @@ libssh2-1.9.0-3.cm2.x86_64.rpm libssh2-devel-1.9.0-3.cm2.x86_64.rpm krb5-1.19.4-2.cm2.x86_64.rpm nghttp2-1.46.0-3.cm2.x86_64.rpm -curl-8.2.1-1.cm2.x86_64.rpm -curl-devel-8.2.1-1.cm2.x86_64.rpm -curl-libs-8.2.1-1.cm2.x86_64.rpm +curl-8.3.0-1.cm2.x86_64.rpm +curl-devel-8.3.0-1.cm2.x86_64.rpm +curl-libs-8.3.0-1.cm2.x86_64.rpm createrepo_c-0.17.5-1.cm2.x86_64.rpm libxml2-2.10.4-1.cm2.x86_64.rpm libxml2-devel-2.10.4-1.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 9cf2412c398..6cd0b2eba29 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -46,10 +46,10 @@ cracklib-lang-2.9.7-5.cm2.aarch64.rpm createrepo_c-0.17.5-1.cm2.aarch64.rpm createrepo_c-debuginfo-0.17.5-1.cm2.aarch64.rpm createrepo_c-devel-0.17.5-1.cm2.aarch64.rpm -curl-8.2.1-1.cm2.aarch64.rpm -curl-debuginfo-8.2.1-1.cm2.aarch64.rpm -curl-devel-8.2.1-1.cm2.aarch64.rpm -curl-libs-8.2.1-1.cm2.aarch64.rpm +curl-8.3.0-1.cm2.aarch64.rpm +curl-debuginfo-8.3.0-1.cm2.aarch64.rpm +curl-devel-8.3.0-1.cm2.aarch64.rpm +curl-libs-8.3.0-1.cm2.aarch64.rpm Cython-debuginfo-0.29.33-1.cm2.aarch64.rpm debugedit-5.0-2.cm2.aarch64.rpm debugedit-debuginfo-5.0-2.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 6f1bd18d6ac..d386b1f03d7 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -46,10 +46,10 @@ cracklib-lang-2.9.7-5.cm2.x86_64.rpm createrepo_c-0.17.5-1.cm2.x86_64.rpm createrepo_c-debuginfo-0.17.5-1.cm2.x86_64.rpm createrepo_c-devel-0.17.5-1.cm2.x86_64.rpm -curl-8.2.1-1.cm2.x86_64.rpm -curl-debuginfo-8.2.1-1.cm2.x86_64.rpm -curl-devel-8.2.1-1.cm2.x86_64.rpm -curl-libs-8.2.1-1.cm2.x86_64.rpm +curl-8.3.0-1.cm2.x86_64.rpm +curl-debuginfo-8.3.0-1.cm2.x86_64.rpm +curl-devel-8.3.0-1.cm2.x86_64.rpm +curl-libs-8.3.0-1.cm2.x86_64.rpm Cython-debuginfo-0.29.33-1.cm2.x86_64.rpm debugedit-5.0-2.cm2.x86_64.rpm debugedit-debuginfo-5.0-2.cm2.x86_64.rpm From f7721321acaf331de20303afb8e06dab0f63fba5 Mon Sep 17 00:00:00 2001 From: Cameron E Baird Date: Mon, 25 Sep 2023 12:56:58 -0700 Subject: [PATCH 08/47] feat: Enable grub2-mkconfig generation of grub config (#5989) * Implement grub2-mkconfig generation * Introduce grub2-rpm-macros * Remove mkconfig systemd behavior, move it to grub template. Make grub2-rpm-macros a subpackage under grub2 * Pack AzureLinux-specific grub configuration directory in its own subpackage * Enable mkconfig flow for kernel-hci * +kernel-hci-signed * stop packaging macros in configuration rpm Signed-Off-By: Cameron Baird --- .../grub2-efi-binary-signed.spec | 5 +- .../kernel-azure-signed.spec | 5 +- .../kernel-hci-signed/kernel-hci-signed.spec | 5 +- SPECS-SIGNED/kernel-signed/kernel-signed.spec | 5 +- SPECS/grub2/grub2.signatures.json | 1 + SPECS/grub2/grub2.spec | 40 +++++- SPECS/grub2/macros.grub2 | 21 +++ SPECS/kernel-azure/kernel-azure.spec | 9 +- SPECS/kernel-hci/kernel-hci.spec | 9 +- SPECS/kernel-headers/kernel-headers.spec | 5 +- SPECS/kernel-mshv/50_mariner_mshv.cfg | 5 + SPECS/kernel-mshv/kernel-mshv.signatures.json | 3 +- SPECS/kernel-mshv/kernel-mshv.spec | 20 ++- SPECS/kernel/kernel.spec | 9 +- toolkit/resources/assets/grub2/grub | 22 +++ .../manifests/package/pkggen_core_aarch64.txt | 2 +- .../manifests/package/pkggen_core_x86_64.txt | 2 +- .../manifests/package/toolchain_aarch64.txt | 2 +- .../manifests/package/toolchain_x86_64.txt | 2 +- .../imagegen/installutils/installutils.go | 130 ++++++++++-------- 20 files changed, 226 insertions(+), 76 deletions(-) create mode 100644 SPECS/grub2/macros.grub2 create mode 100644 SPECS/kernel-mshv/50_mariner_mshv.cfg create mode 100644 toolkit/resources/assets/grub2/grub diff --git a/SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec b/SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec index decf9ea0c32..7441f899ee9 100644 --- a/SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec +++ b/SPECS-SIGNED/grub2-efi-binary-signed/grub2-efi-binary-signed.spec @@ -12,7 +12,7 @@ Summary: Signed GRand Unified Bootloader for %{buildarch} systems Name: grub2-efi-binary-signed-%{buildarch} Version: 2.06 -Release: 10%{?dist} +Release: 11%{?dist} License: GPLv3+ Vendor: Microsoft Corporation Distribution: Mariner @@ -77,6 +77,9 @@ cp %{SOURCE3} %{buildroot}/boot/efi/EFI/BOOT/%{grubpxeefiname} /boot/efi/EFI/BOOT/%{grubpxeefiname} %changelog +* Tue Aug 29 2023 Cameron Baird - 2.06-11 +- Bump release number to match grub release number + * Thu Jun 08 2023 Daniel McIlvaney - 2.06-10 - CVE-2022-3775 diff --git a/SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec b/SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec index 6f8c87cd8a4..3a68de37c9c 100644 --- a/SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec +++ b/SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec @@ -10,7 +10,7 @@ Summary: Signed Linux Kernel for Azure Name: kernel-azure-signed-%{buildarch} Version: 5.15.131.1 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %exclude /module_info.ld %changelog +* Tue Sep 22 2023 Cameron Baird - 5.15.131.1-3 +- Bump release to match kernel + * Wed Sep 20 2023 Jon Slobodzian - 5.15.131.1-2 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) diff --git a/SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec b/SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec index eec70b7ae23..7ad92233a0c 100644 --- a/SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec +++ b/SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec @@ -5,7 +5,7 @@ Summary: Signed Linux Kernel for HCI Name: kernel-hci-signed-%{buildarch} Version: 5.15.131.1 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -149,6 +149,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %exclude /module_info.ld %changelog +* Tue Sep 22 2023 Cameron Baird - 5.15.131.1-3 +- Bump release to match kernel + * Wed Sep 20 2023 Jon Slobodzian - 5.15.131.1-2 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec index 5e0248af3c0..781312a6d75 100644 --- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec +++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec @@ -10,7 +10,7 @@ Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-signed-%{buildarch} Version: 5.15.131.1 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %exclude /module_info.ld %changelog +* Tue Sep 22 2023 Cameron Baird - 5.15.131.1-3 +- Bump release to match kernel + * Wed Sep 20 2023 Jon Slobodzian - 5.15.131.1-2 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) diff --git a/SPECS/grub2/grub2.signatures.json b/SPECS/grub2/grub2.signatures.json index 27fda835a21..93dba410181 100644 --- a/SPECS/grub2/grub2.signatures.json +++ b/SPECS/grub2/grub2.signatures.json @@ -2,6 +2,7 @@ "Signatures": { "gnulib-d271f868a8df9bbec29049d01e056481b7a1a263.tar.gz": "4e23415ae2977ffca15e07419ceff3e9334d0369eafc9e7ae2578f8dd9a4839c", "grub-2.06.tar.gz": "660eaa2355a4045d8d0cdb5765169d1cad9912ec07873b86c9c6d55dbaa9dfca", + "macros.grub2": "b03f6f713601214406971de53538dfc25136bf836f09a663eaffc4332a72c38b", "sbat.csv.in": "dc2ec1f12c4ff3167e5168d4ed8c908913bc70b8ce2e5faf790405b3dc1cf8e8" } } \ No newline at end of file diff --git a/SPECS/grub2/grub2.spec b/SPECS/grub2/grub2.spec index 667d5c877b6..78d09851c82 100644 --- a/SPECS/grub2/grub2.spec +++ b/SPECS/grub2/grub2.spec @@ -6,7 +6,7 @@ Summary: GRand Unified Bootloader Name: grub2 Version: 2.06 -Release: 10%{?dist} +Release: 11%{?dist} License: GPLv3+ Vendor: Microsoft Corporation Distribution: Mariner @@ -15,6 +15,7 @@ URL: https://www.gnu.org/software/grub Source0: https://git.savannah.gnu.org/cgit/grub.git/snapshot/grub-%{version}.tar.gz Source1: https://git.savannah.gnu.org/cgit/gnulib.git/snapshot/gnulib-%{gnulibversion}.tar.gz Source2: sbat.csv.in +Source3: macros.grub2 # Incorporate relevant patches from Fedora 34 # EFI Secure Boot / Handover Protocol patches Patch0001: 0001-Add-support-for-Linux-EFI-stub-loading.patch @@ -136,6 +137,22 @@ Group: System Environment/Base %description efi-binary-noprefix GRUB UEFI bootloader binaries with no prefix directory set +%package rpm-macros +Summary: GRUB RPM Macros +Group: System Environment/Base + +%description rpm-macros +GRUB RPM Macros for enabling package updates supporting +the grub2-mkconfig flow on AzureLinux + +%package configuration +Summary: Location for local grub configurations +Group: System Environment/Base + +%description configuration +Directory for package-specific boot configurations +to be persistently stored on AzureLinux + %prep # Remove module_info.ld script due to error "grub2-install: error: Decompressor is too big" LDFLAGS="`echo " %{build_ldflags} " | sed 's#-Wl,-dT,%{_topdir}/BUILD/module_info.ld##'`" @@ -224,6 +241,7 @@ cp -a install-for-pc/. %{buildroot}/. %endif mkdir %{buildroot}%{_sysconfdir}/default touch %{buildroot}%{_sysconfdir}/default/grub +mkdir %{buildroot}%{_sysconfdir}/default/grub.d mkdir %{buildroot}%{_sysconfdir}/sysconfig ln -sf %{_sysconfdir}/default/grub %{buildroot}%{_sysconfdir}/sysconfig/grub install -vdm 700 %{buildroot}/boot/%{name} @@ -253,6 +271,10 @@ GRUB_MODULE_SOURCE= install -d $EFI_BOOT_DIR +# Install grub2 macros +mkdir -p %{buildroot}%{_rpmconfigdir}/macros.d +install -m 644 %{SOURCE3} %{buildroot}/%{_rpmconfigdir}/macros.d + %ifarch x86_64 GRUB_MODULE_NAME=grubx64.efi GRUB_PXE_MODULE_NAME=grubx64-noprefix.efi @@ -291,7 +313,7 @@ cp $GRUB_PXE_MODULE_SOURCE $EFI_BOOT_DIR/$GRUB_PXE_MODULE_NAME %{_bindir}/* %{_datarootdir}/grub/* %{_sysconfdir}/sysconfig/grub -%{_sysconfdir}/default/grub +%attr(0644,root,root) %ghost %config(noreplace) %{_sysconfdir}/default/grub %ghost %config(noreplace) /boot/%{name}/grub.cfg %ifarch x86_64 @@ -326,7 +348,21 @@ cp $GRUB_PXE_MODULE_SOURCE $EFI_BOOT_DIR/$GRUB_PXE_MODULE_NAME %{_libdir}/grub/* %endif +%files rpm-macros +%{_rpmconfigdir}/macros.d/macros.grub2 + +%files configuration +%{_sysconfdir}/default/grub.d + %changelog +* Fri Aug 11 2023 Cameron Baird - 2.06-11 +- Enable support for grub2-mkconfig grub.cfg generation +- Introduce rpm-macros, configuration subpackage +- The Mariner /etc/default/grub now sources files from /etc/default/grub.d + before the remainder of grub2-mkconfig runs. This allows RPM to + install package-specific configurations that the users can safely + override. + * Thu Jun 08 2023 Daniel McIlvaney - 2.06-10 - CVE-2022-3775 diff --git a/SPECS/grub2/macros.grub2 b/SPECS/grub2/macros.grub2 new file mode 100644 index 00000000000..adb890e50f8 --- /dev/null +++ b/SPECS/grub2/macros.grub2 @@ -0,0 +1,21 @@ +# RPM macros for packages updating boot behavior in AzureLinux. +# grub2-mkconfig should be used to regenerate /boot/grub2/grub.cfg +# iff: grub2-mkconfig is installed && the existing /boot/grub2/grub.cfg +# seems to have been generated by mkconfig previously. + +%grub2_configuration_requires \ +Requires(post): grub2-configuration \ +Requires(postun): grub2-configuration \ +%{nil} + +%grub2_post() \ +if [ -x /usr/sbin/grub2-mkconfig ] && grep -q -e "automatically generated by grub2-mkconfig" /boot/grub2/grub.cfg; then \ + /usr/sbin/grub2-mkconfig > /boot/grub2/grub.cfg || : \ +fi \ +%{nil} + +%grub2_postun() \ +if [ -x /usr/sbin/grub2-mkconfig ] && grep -q -e "automatically generated by grub2-mkconfig" /boot/grub2/grub.cfg; then \ + /usr/sbin/grub2-mkconfig > /boot/grub2/grub.cfg || : \ +fi \ +%{nil} \ No newline at end of file diff --git a/SPECS/kernel-azure/kernel-azure.spec b/SPECS/kernel-azure/kernel-azure.spec index 0a823189fcf..3884a21267f 100644 --- a/SPECS/kernel-azure/kernel-azure.spec +++ b/SPECS/kernel-azure/kernel-azure.spec @@ -28,7 +28,7 @@ Summary: Linux Kernel Name: kernel-azure Version: 5.15.131.1 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -46,6 +46,7 @@ BuildRequires: diffutils BuildRequires: dwarves BuildRequires: elfutils-libelf-devel BuildRequires: glib-devel +BuildRequires: grub2-rpm-macros BuildRequires: kbd BuildRequires: kmod-devel BuildRequires: libdnet-devel @@ -320,10 +321,12 @@ then test -n "$list" && ln -sf "$list" /boot/mariner.cfg fi fi +%grub2_postun %post /sbin/depmod -a %{uname_r} ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg +%grub2_post %post drivers-accessibility /sbin/depmod -a %{uname_r} @@ -416,6 +419,10 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Tue Sep 22 2023 Cameron Baird - 5.15.131.1-3 +- Call grub2-mkconfig to regenerate configs only if the user has + previously used grub2-mkconfig for boot configuration. + * Wed Sep 20 2023 Jon Slobodzian - 5.15.131.1-2 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) diff --git a/SPECS/kernel-hci/kernel-hci.spec b/SPECS/kernel-hci/kernel-hci.spec index 42d669faf4a..f67ac6e160a 100644 --- a/SPECS/kernel-hci/kernel-hci.spec +++ b/SPECS/kernel-hci/kernel-hci.spec @@ -18,7 +18,7 @@ Summary: Linux Kernel for HCI Name: kernel-hci Version: 5.15.131.1 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -62,6 +62,7 @@ BuildRequires: diffutils BuildRequires: dwarves BuildRequires: elfutils-libelf-devel BuildRequires: glib-devel +BuildRequires: grub2-rpm-macros BuildRequires: kbd BuildRequires: kmod-devel BuildRequires: libdnet-devel @@ -346,10 +347,12 @@ then test -n "$list" && ln -sf "$list" /boot/mariner.cfg fi fi +%grub2_postun %post /sbin/depmod -a %{uname_r} ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg +%grub2_post %post drivers-accessibility /sbin/depmod -a %{uname_r} @@ -431,6 +434,10 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Tue Sep 22 2023 Cameron Baird - 5.15.131.1-3 +- Call grub2-mkconfig to regenerate configs only if the user has + previously used grub2-mkconfig for boot configuration. + * Wed Sep 20 2023 Jon Slobodzian - 5.15.131.1-2 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index 80876424e5e..a81b1400006 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -1,7 +1,7 @@ Summary: Linux API header files Name: kernel-headers Version: 5.15.131.1 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -36,6 +36,9 @@ cp -rv usr/include/* /%{buildroot}%{_includedir} %{_includedir}/* %changelog +* Tue Sep 22 2023 Cameron Baird - 5.15.131.1-3 +- Bump release to match kernel + * Wed Sep 20 2023 Jon Slobodzian - 5.15.131.1-2 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) diff --git a/SPECS/kernel-mshv/50_mariner_mshv.cfg b/SPECS/kernel-mshv/50_mariner_mshv.cfg new file mode 100644 index 00000000000..73bbabf368f --- /dev/null +++ b/SPECS/kernel-mshv/50_mariner_mshv.cfg @@ -0,0 +1,5 @@ +#!/bin/bash + +GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX audit=0" +GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX console=ttyS0,115200n8" +GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX earlyprintk" diff --git a/SPECS/kernel-mshv/kernel-mshv.signatures.json b/SPECS/kernel-mshv/kernel-mshv.signatures.json index f55e5e591f5..a017062e753 100644 --- a/SPECS/kernel-mshv/kernel-mshv.signatures.json +++ b/SPECS/kernel-mshv/kernel-mshv.signatures.json @@ -1,7 +1,8 @@ { "Signatures": { "kernel-mshv-5.15.110.mshv2.tar.gz": "380928fa07ff5007734898f111ad95282db29052726017088259a6314f77ab78", + "50_mariner_mshv.cfg": "0a5fcad1efb1fd37f910f675c5303210a2aeeef9e089d804510ce40ff9b26369", "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", "config": "1fa929c177355df4e85bb59f3ef0e1c87077db887b89f5ebfb0725268197eb3b" } -} +} \ No newline at end of file diff --git a/SPECS/kernel-mshv/kernel-mshv.spec b/SPECS/kernel-mshv/kernel-mshv.spec index b161944b6e3..fffebdea189 100644 --- a/SPECS/kernel-mshv/kernel-mshv.spec +++ b/SPECS/kernel-mshv/kernel-mshv.spec @@ -11,7 +11,7 @@ Summary: Mariner kernel that has MSHV Host support Name: kernel-mshv Version: 5.15.110.mshv2 -Release: 4%{?dist} +Release: 5%{?dist} License: GPLv2 Group: Development/Tools Vendor: Microsoft Corporation @@ -19,6 +19,7 @@ Distribution: Mariner Source0: %{_mariner_sources_url}/%{name}-%{version}.tar.gz Source1: config Source2: cbl-mariner-ca-20211013.pem +Source3: 50_mariner_mshv.cfg Patch0: 0001-Implement-dom0-kernel-patch-for-loader-as-of-0524.patch ExclusiveArch: x86_64 BuildRequires: audit-devel @@ -28,6 +29,7 @@ BuildRequires: diffutils BuildRequires: dwarves BuildRequires: elfutils-libelf-devel BuildRequires: glib-devel +BuildRequires: grub2-rpm-macros BuildRequires: kbd BuildRequires: kmod-devel BuildRequires: libdnet-devel @@ -42,6 +44,7 @@ Requires: filesystem Requires: kmod Requires(post): coreutils Requires(postun): coreutils +%{?grub2_configuration_requires} %description The Mariner kernel that has MSHV Host support @@ -114,6 +117,12 @@ install -vdm 755 %{buildroot}%{_prefix}/src/linux-headers-%{uname_r} install -vdm 755 %{buildroot}%{_libdir}/debug/lib/modules/%{uname_r} make INSTALL_MOD_PATH=%{buildroot} modules_install +# Add kernel-mshv-specific boot configurations to /etc/default/grub.d +# This configuration contains additional boot parameters required in our +# Linux-Dom0-based images. +mkdir -p %{buildroot}%{_sysconfdir}/default/grub.d +install -m 750 %{SOURCE3} %{buildroot}%{_sysconfdir}/default/grub.d/50_mariner_mshv.cfg + %ifarch x86_64 install -vm 600 arch/x86/boot/bzImage %{buildroot}/boot/vmlinuz-%{uname_r} mkdir -p %{buildroot}/boot/efi @@ -192,10 +201,12 @@ then test -n "$list" && ln -sf "$list" /boot/mariner-mshv.cfg fi fi +%grub2_postun %post /sbin/depmod -a %{uname_r} ln -sf linux-%{uname_r}.cfg /boot/mariner-mshv.cfg +%grub2_post %files %defattr(-,root,root) @@ -206,6 +217,7 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner-mshv.cfg /boot/vmlinuz-%{uname_r} /boot/efi/vmlinuz-%{uname_r} %config(noreplace) /boot/linux-%{uname_r}.cfg +%config(noreplace) %{_sysconfdir}/default/grub.d/50_mariner_mshv.cfg %config %{_localstatedir}/lib/initramfs/kernel/%{uname_r} %defattr(0644,root,root) /lib/modules/%{uname_r}/* @@ -236,6 +248,12 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner-mshv.cfg %{_includedir}/perf/perf_dlfilter.h %changelog +* Tue Sep 19 2023 Cameron Baird - 5.15.110.mshv2-5 +- Enable grub2-mkconfig-based boot path by installing + 50_mariner_mshv.cfg +- Call grub2-mkconfig to regenerate configs only if the user has + previously used grub2-mkconfig for boot configuration. + * Thu Jun 22 2023 Cameron Baird - 5.15.110.mshv2-4 - Don't include duplicate systemd parameters in mariner-mshv.cfg; should be read from systemd.cfg which is packaged in systemd diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index 82c53731caa..40bdbb0bb44 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -28,7 +28,7 @@ Summary: Linux Kernel Name: kernel Version: 5.15.131.1 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -50,6 +50,7 @@ BuildRequires: elfutils-libelf-devel BuildRequires: flex BuildRequires: gettext BuildRequires: glib-devel +BuildRequires: grub2-rpm-macros BuildRequires: kbd BuildRequires: kmod-devel BuildRequires: libcap-devel @@ -326,10 +327,12 @@ then test -n "$list" && ln -sf "$list" /boot/mariner.cfg fi fi +%grub2_postun %post /sbin/depmod -a %{uname_r} ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg +%grub2_post %post drivers-accessibility /sbin/depmod -a %{uname_r} @@ -422,6 +425,10 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Tue Sep 19 2023 Cameron Baird - 5.15.131.1-3 +- Call grub2-mkconfig to regenerate configs only if the user has + previously used grub2-mkconfig for boot configuration. + * Wed Sep 20 2023 Jon Slobodzian - 5.15.131.1-2 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) diff --git a/toolkit/resources/assets/grub2/grub b/toolkit/resources/assets/grub2/grub new file mode 100644 index 00000000000..1e8d796cb4c --- /dev/null +++ b/toolkit/resources/assets/grub2/grub @@ -0,0 +1,22 @@ +GRUB_TIMEOUT=0 +GRUB_DISTRIBUTOR="AzureLinux" +GRUB_DISABLE_SUBMENU=y +GRUB_TERMINAL_OUTPUT="console" +GRUB_CMDLINE_LINUX="{{.LuksUUID}} {{.LVM}} {{.IMAPolicy}} {{.ReadOnlyVerityRoot}} {{.SELinux}} {{.FIPS}} rd.auto=1 init=/lib/systemd/systemd net.ifnames=0 plymouth.enable=0 systemd.legacy_systemd_cgroup_controller=yes systemd.unified_cgroup_hierarchy=0 lockdown=integrity sysctl.kernel.unprivileged_bpf_disabled=1 loglevel=3 {{.CGroup}}" +GRUB_CMDLINE_LINUX_DEFAULT="{{.ExtraCommandLine}} $kernelopts" + +# =============================notice=============================== +# IMPORTANT: package and feature-specific behaviors are defined in +# /etc/default/grub.d/*.cfg. The cfg files are sourced last +# before grub2-mkconfig is called and hence have higher precedence +# than this file's GRUB_CMDLINE_LINUX. The order as it appears in the +# Linux commandline is: +# - first GRUB_CMDLINE_LINUX +# - then /etc/default/grub.d/*.cfg +# - and finally GRUB_CMDLINE_LINUX_DEFAULT +# =============================notice=============================== +for x in /etc/default/grub.d/*.cfg ; do + if [ -e "${x}" ]; then + . "${x}" + fi +done \ No newline at end of file diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 11ee772c79f..552d904bb98 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-15.cm2.aarch64.rpm -kernel-headers-5.15.131.1-2.cm2.noarch.rpm +kernel-headers-5.15.131.1-3.cm2.noarch.rpm glibc-2.35-4.cm2.aarch64.rpm glibc-devel-2.35-4.cm2.aarch64.rpm glibc-i18n-2.35-4.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index b5db9c00bc8..8aee19842d3 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-15.cm2.x86_64.rpm -kernel-headers-5.15.131.1-2.cm2.noarch.rpm +kernel-headers-5.15.131.1-3.cm2.noarch.rpm glibc-2.35-4.cm2.x86_64.rpm glibc-devel-2.35-4.cm2.x86_64.rpm glibc-i18n-2.35-4.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 6cd0b2eba29..28bb5874cf6 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -136,7 +136,7 @@ intltool-0.51.0-7.cm2.noarch.rpm itstool-2.0.6-4.cm2.noarch.rpm kbd-2.2.0-1.cm2.aarch64.rpm kbd-debuginfo-2.2.0-1.cm2.aarch64.rpm -kernel-headers-5.15.131.1-2.cm2.noarch.rpm +kernel-headers-5.15.131.1-3.cm2.noarch.rpm kmod-29-2.cm2.aarch64.rpm kmod-debuginfo-29-2.cm2.aarch64.rpm kmod-devel-29-2.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index d386b1f03d7..f2f8c4b1637 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -136,7 +136,7 @@ intltool-0.51.0-7.cm2.noarch.rpm itstool-2.0.6-4.cm2.noarch.rpm kbd-2.2.0-1.cm2.x86_64.rpm kbd-debuginfo-2.2.0-1.cm2.x86_64.rpm -kernel-headers-5.15.131.1-2.cm2.noarch.rpm +kernel-headers-5.15.131.1-3.cm2.noarch.rpm kmod-29-2.cm2.x86_64.rpm kmod-debuginfo-29-2.cm2.x86_64.rpm kmod-devel-29-2.cm2.x86_64.rpm diff --git a/toolkit/tools/imagegen/installutils/installutils.go b/toolkit/tools/imagegen/installutils/installutils.go index 1e681ace552..0ac533571bd 100644 --- a/toolkit/tools/imagegen/installutils/installutils.go +++ b/toolkit/tools/imagegen/installutils/installutils.go @@ -966,87 +966,97 @@ func InstallGrubCfg(installRoot, rootDevice, bootUUID, bootPrefix string, encryp const ( assetGrubcfgFile = "/installer/grub2/grub.cfg" grubCfgFile = "boot/grub2/grub.cfg" + assetGrubDefFile = "/installer/grub2/grub" + grubDefFile = "etc/default/grub" ) // Copy the bootloader's grub.cfg and set the file permission installGrubCfgFile := filepath.Join(installRoot, grubCfgFile) + installGrubDefFile := filepath.Join(installRoot, grubDefFile) + err = file.CopyAndChangeMode(assetGrubcfgFile, installGrubCfgFile, bootDirectoryDirMode, bootDirectoryFileMode) if err != nil { return } - - // Add in bootUUID - err = setGrubCfgBootUUID(bootUUID, installGrubCfgFile) + err = file.CopyAndChangeMode(assetGrubDefFile, installGrubDefFile, bootDirectoryDirMode, bootDirectoryFileMode) if err != nil { - logger.Log.Warnf("Failed to set bootUUID in grub.cfg: %v", err) return } - // Add in bootPrefix - err = setGrubCfgBootPrefix(bootPrefix, installGrubCfgFile) - if err != nil { - logger.Log.Warnf("Failed to set bootPrefix in grub.cfg: %v", err) - return - } + for _, installedFile := range []string{installGrubCfgFile, installGrubDefFile} { + // Add in bootUUID + err = setGrubCfgBootUUID(bootUUID, installedFile) + if err != nil { + logger.Log.Warnf("Failed to set bootUUID in grub.cfg: %v", err) + return + } - // Add in rootDevice - err = setGrubCfgRootDevice(rootDevice, installGrubCfgFile, encryptedRoot.LuksUUID) - if err != nil { - logger.Log.Warnf("Failed to set rootDevice in grub.cfg: %v", err) - return - } + // Add in bootPrefix + err = setGrubCfgBootPrefix(bootPrefix, installedFile) + if err != nil { + logger.Log.Warnf("Failed to set bootPrefix in grub.cfg: %v", err) + return + } - // Add in rootLuksUUID - err = setGrubCfgLuksUUID(installGrubCfgFile, encryptedRoot.LuksUUID) - if err != nil { - logger.Log.Warnf("Failed to set luksUUID in grub.cfg: %v", err) - return - } + // Add in rootDevice + err = setGrubCfgRootDevice(rootDevice, installedFile, encryptedRoot.LuksUUID) + if err != nil { + logger.Log.Warnf("Failed to set rootDevice in grub.cfg: %v", err) + return + } - // Add in logical volumes to active - err = setGrubCfgLVM(installGrubCfgFile, encryptedRoot.LuksUUID) - if err != nil { - logger.Log.Warnf("Failed to set lvm.lv in grub.cfg: %v", err) - return - } + // Add in rootLuksUUID + err = setGrubCfgLuksUUID(installedFile, encryptedRoot.LuksUUID) + if err != nil { + logger.Log.Warnf("Failed to set luksUUID in grub.cfg: %v", err) + return + } - // Configure IMA policy - err = setGrubCfgIMA(installGrubCfgFile, kernelCommandLine) - if err != nil { - logger.Log.Warnf("Failed to set ima_policy in grub.cfg: %v", err) - return - } + // Add in logical volumes to active + err = setGrubCfgLVM(installedFile, encryptedRoot.LuksUUID) + if err != nil { + logger.Log.Warnf("Failed to set lvm.lv in grub.cfg: %v", err) + return + } - err = setGrubCfgReadOnlyVerityRoot(installGrubCfgFile, readOnlyRoot) - if err != nil { - logger.Log.Warnf("Failed to set verity root in grub.cfg: %v", err) - return - } + // Configure IMA policy + err = setGrubCfgIMA(installedFile, kernelCommandLine) + if err != nil { + logger.Log.Warnf("Failed to set ima_policy in grub.cfg: %v", err) + return + } - err = setGrubCfgSELinux(installGrubCfgFile, kernelCommandLine) - if err != nil { - logger.Log.Warnf("Failed to set SELinux in grub.cfg: %v", err) - return - } + err = setGrubCfgReadOnlyVerityRoot(installedFile, readOnlyRoot) + if err != nil { + logger.Log.Warnf("Failed to set verity root in grub.cfg: %v", err) + return + } - // Configure FIPS - err = setGrubCfgFIPS(isBootPartitionSeparate, bootUUID, installGrubCfgFile, kernelCommandLine) - if err != nil { - logger.Log.Warnf("Failed to set FIPS in grub.cfg: %v", err) - return - } + err = setGrubCfgSELinux(installedFile, kernelCommandLine) + if err != nil { + logger.Log.Warnf("Failed to set SELinux in grub.cfg: %v", err) + return + } - err = setGrubCfgCGroup(installGrubCfgFile, kernelCommandLine) - if err != nil { - logger.Log.Warnf("Failed to set CGroup configuration in grub.cfg: %v", err) - return - } + // Configure FIPS + err = setGrubCfgFIPS(isBootPartitionSeparate, bootUUID, installedFile, kernelCommandLine) + if err != nil { + logger.Log.Warnf("Failed to set FIPS in grub.cfg: %v", err) + return + } - // Append any additional command line parameters - err = setGrubCfgAdditionalCmdLine(installGrubCfgFile, kernelCommandLine) - if err != nil { - logger.Log.Warnf("Failed to append extra command line parameterse in grub.cfg: %v", err) - return + err = setGrubCfgCGroup(installedFile, kernelCommandLine) + if err != nil { + logger.Log.Warnf("Failed to set CGroup configuration in grub.cfg: %v", err) + return + } + + // Append any additional command line parameters + err = setGrubCfgAdditionalCmdLine(installedFile, kernelCommandLine) + if err != nil { + logger.Log.Warnf("Failed to append extra command line parameters in grub.cfg: %v", err) + return + } } return From 474001faf73eeb48ac351d97872989d9f890ec5a Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Mon, 25 Sep 2023 14:26:45 -0700 Subject: [PATCH 09/47] Add shell.ExecuteInDirectory() (#6056) --- toolkit/tools/internal/shell/shell.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/toolkit/tools/internal/shell/shell.go b/toolkit/tools/internal/shell/shell.go index 4a4bdfc89e3..6f8885c8c18 100644 --- a/toolkit/tools/internal/shell/shell.go +++ b/toolkit/tools/internal/shell/shell.go @@ -72,6 +72,11 @@ func PermanentlyStopAllProcesses(signal unix.Signal) { // Execute runs the provided command. func Execute(program string, args ...string) (stdout, stderr string, err error) { + return ExecuteInDirectory("", program, args...) +} + +// Execute runs the provided command in a specific working directory. +func ExecuteInDirectory(workingDirectory, program string, args ...string) (stdout, stderr string, err error) { var ( outBuf bytes.Buffer errBuf bytes.Buffer @@ -81,6 +86,10 @@ func Execute(program string, args ...string) (stdout, stderr string, err error) cmd.Stdout = &outBuf cmd.Stderr = &errBuf + if workingDirectory != "" { + cmd.Dir = workingDirectory + } + err = trackAndStartProcess(cmd) if err != nil { return From d2fd0f6c6ab1847cc66cde9671000f1136bc219d Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Mon, 25 Sep 2023 14:28:14 -0700 Subject: [PATCH 10/47] Misc tidying of go code (#6055) --- toolkit/tools/depsearch/depsearch.go | 2 +- .../tools/internal/pkggraph/pkggraph_test.go | 27 ++++++++++--------- 2 files changed, 15 insertions(+), 14 deletions(-) diff --git a/toolkit/tools/depsearch/depsearch.go b/toolkit/tools/depsearch/depsearch.go index 15122730e22..307aa93e0b5 100644 --- a/toolkit/tools/depsearch/depsearch.go +++ b/toolkit/tools/depsearch/depsearch.go @@ -231,7 +231,7 @@ func formatNode(n *pkggraph.PkgNode, verbosity int) string { case 3: return fmt.Sprintf("'%s' from node '%s'", filepath.Base(n.RpmPath), n.FriendlyName()) case 4: - return fmt.Sprintf("'%s'", n) + return fmt.Sprintf("(%v)'%#v'", n.VersionedPkg, *n) default: logger.Log.Fatalf("Invalid verbosity level %v", verbosity) } diff --git a/toolkit/tools/internal/pkggraph/pkggraph_test.go b/toolkit/tools/internal/pkggraph/pkggraph_test.go index f3c37b5ab92..1fb4df53401 100644 --- a/toolkit/tools/internal/pkggraph/pkggraph_test.go +++ b/toolkit/tools/internal/pkggraph/pkggraph_test.go @@ -6,7 +6,7 @@ package pkggraph import ( "bytes" "fmt" - "io/ioutil" + "io" "os" "testing" @@ -98,8 +98,7 @@ func TestMain(m *testing.M) { // buildRunNode creates a new 'Run' PkgNode based on a PackageVer struct func buildRunNodeHelper(pkg *pkgjson.PackageVer) (node *PkgNode) { - var pkgCopy pkgjson.PackageVer - pkgCopy = *pkg + pkgCopy := *pkg node = &PkgNode{ VersionedPkg: &pkgCopy, State: StateMeta, @@ -117,8 +116,7 @@ func buildRunNodeHelper(pkg *pkgjson.PackageVer) (node *PkgNode) { // buildBuildNode creates a new 'Build' PkgNode based on a PackageVer struct func buildBuildNodeHelper(pkg *pkgjson.PackageVer) (node *PkgNode) { - var pkgCopy pkgjson.PackageVer - pkgCopy = *pkg + pkgCopy := *pkg node = &PkgNode{ VersionedPkg: &pkgCopy, State: StateBuild, @@ -136,8 +134,7 @@ func buildBuildNodeHelper(pkg *pkgjson.PackageVer) (node *PkgNode) { // buildBuildNode creates a new 'Unresolved' PkgNode based on a PackageVer struct func buildUnresolvedNodeHelper(pkg *pkgjson.PackageVer) (node *PkgNode) { - var pkgCopy pkgjson.PackageVer - pkgCopy = *pkg + pkgCopy := *pkg node = &PkgNode{ VersionedPkg: &pkgCopy, State: StateUnresolved, @@ -723,8 +720,8 @@ func TestGoalWithPackages(t *testing.T) { assert.Equal(t, len(runNodes)+len(unresolvedNodes), len(goalNodes)) goal, err = g.AddGoalNode("test2", []*pkgjson.PackageVer{ - &pkgjson.PackageVer{Name: "A"}, - &pkgjson.PackageVer{Name: "B"}, + {Name: "A"}, + {Name: "B"}, }, nil, false) assert.NoError(t, err) assert.NotNil(t, goal) @@ -740,7 +737,7 @@ func TestStrictGoalNodes(t *testing.T) { assert.NoError(t, err) assert.NotNil(t, g) - _, err = g.AddGoalNode("test", []*pkgjson.PackageVer{&pkgjson.PackageVer{Name: "Not a package"}}, nil, true) + _, err = g.AddGoalNode("test", []*pkgjson.PackageVer{{Name: "Not a package"}}, nil, true) assert.Error(t, err) } @@ -891,6 +888,7 @@ func TestEncodeDecodeMultiDOT(t *testing.T) { gFinal := NewPkgGraph() err = ReadDOTGraph(gFinal, &buf2) + assert.NoError(t, err) checkTestGraph(t, gFinal) } @@ -932,13 +930,15 @@ func TestReferenceDOTFile(t *testing.T) { assert.NoError(t, err) f, err := os.Open("test_graph_reference.dot") - defer f.Close() + if err == nil { + defer f.Close() + } assert.NoError(t, err) // Compare the bytes from the reference file against a fresh encoding - bytesFromCode, err := ioutil.ReadAll(&buf) + bytesFromCode, err := io.ReadAll(&buf) assert.NoError(t, err) - bytesFromFile, err := ioutil.ReadAll(f) + bytesFromFile, err := io.ReadAll(f) assert.NoError(t, err) assert.True(t, len(bytesFromCode) > 0) assert.True(t, len(bytesFromFile) > 0) @@ -990,6 +990,7 @@ func TestEncodingSubGraph(t *testing.T) { // Copy uses the encode/decode flow gCopy, err := subGraph.DeepCopy() + assert.NoError(t, err) component := []*PkgNode{ pkgCRun, From 0d837d5c6f6c344ae84e71dc0431593efc100318 Mon Sep 17 00:00:00 2001 From: Chris Gunn Date: Mon, 25 Sep 2023 15:34:50 -0700 Subject: [PATCH 11/47] Skip TestCustomizeImageEmptyConfig test (#6278) * Skip unreliable TestCustomizeImageEmptyConfig test * Disable test in container builds --- .../tools/pkg/imagecustomizerlib/imagecustomizer_test.go | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go index 5afc0d32ad8..5ff38c22414 100644 --- a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go +++ b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go @@ -13,6 +13,7 @@ import ( "github.com/microsoft/CBL-Mariner/toolkit/tools/imagecustomizerapi" "github.com/microsoft/CBL-Mariner/toolkit/tools/imagegen/configuration" "github.com/microsoft/CBL-Mariner/toolkit/tools/imagegen/diskutils" + "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/buildpipeline" "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/safechroot" "github.com/stretchr/testify/assert" ) @@ -20,6 +21,10 @@ import ( func TestCustomizeImageEmptyConfig(t *testing.T) { var err error + if !buildpipeline.IsRegularBuild() { + t.Skip("loopback block device not available") + } + buildDir := filepath.Join(tmpDir, "TestCustomizeImageEmptyConfig") outImageFilePath := filepath.Join(buildDir, "image.vhd") @@ -44,6 +49,10 @@ func TestCustomizeImageCopyFiles(t *testing.T) { t.Skip("Unreliable test") + if !buildpipeline.IsRegularBuild() { + t.Skip("loopback block device not available") + } + buildDir := filepath.Join(tmpDir, "TestCustomizeImageCopyFiles") configFile := filepath.Join(testDir, "addfiles-config.yaml") outImageFilePath := filepath.Join(buildDir, "image.qcow2") From 9847e2e1b8e6523b56c3cbbe25467081e292f174 Mon Sep 17 00:00:00 2001 From: Sumynwa <80809794+Sumynwa@users.noreply.github.com> Date: Tue, 26 Sep 2023 10:52:26 +0530 Subject: [PATCH 12/47] openmpi: Bump version to rebuild with pmix for CVE-2023-41915 (#6285) --- SPECS/openmpi/openmpi.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/SPECS/openmpi/openmpi.spec b/SPECS/openmpi/openmpi.spec index 37496dcd94b..4bd5e275495 100644 --- a/SPECS/openmpi/openmpi.spec +++ b/SPECS/openmpi/openmpi.spec @@ -28,7 +28,7 @@ Summary: Open Message Passing Interface Name: openmpi%{?_cc_name_suffix} Version: 4.1.4 -Release: 10%{?dist} +Release: 11%{?dist} License: BSD AND MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -303,6 +303,9 @@ make check %{python3_sitearch}/openmpi.pth %changelog +* Tue Sep 26 2023 Sumedh Sharma - 4.1.4-11 +- Bump version to recompile with pmix update for CVE-2023-41915 + * Wed Sep 20 2023 Jon Slobodzian - 4.1.4-10 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) From 687ab3caba130faa18a80e190489a754137b47ce Mon Sep 17 00:00:00 2001 From: Muhammad Falak R Wani Date: Tue, 26 Sep 2023 11:15:52 +0530 Subject: [PATCH 13/47] docs: nvidia: update pmc link to 2.0 (#6284) Signed-off-by: Muhammad Falak R Wani --- toolkit/docs/nvidia/nvidia.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolkit/docs/nvidia/nvidia.md b/toolkit/docs/nvidia/nvidia.md index 8e39e78520e..75651ec5290 100644 --- a/toolkit/docs/nvidia/nvidia.md +++ b/toolkit/docs/nvidia/nvidia.md @@ -1,7 +1,7 @@ # Nvidia Repository Configuration ## Overview -The following documentation describes how to access CBL-Mariner packages from the NVIDIA RPM repository at [packages.microsoft.com](https://packages.microsoft.com/cbl-mariner/1.0/prod/NVIDIA/) +The following documentation describes how to access CBL-Mariner packages from the NVIDIA RPM repository at [packages.microsoft.com](https://packages.microsoft.com/cbl-mariner/2.0/prod/nvidia/) ## Licensing The software in the NVIDIA RPM repository is subject to the following: From 9dcaa9f7159d254f16b7e12acf6bbe6a8002b066 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Tue, 26 Sep 2023 10:58:28 -0700 Subject: [PATCH 14/47] Made package test name configurable. (#6268) --- .pipelines/prchecks/PackageBuildPRCheck.yml | 1 + .pipelines/templates/PackageBuild.yml | 5 +++++ .pipelines/templates/PackageTestResultsAnalysis.yml | 6 +++++- 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.pipelines/prchecks/PackageBuildPRCheck.yml b/.pipelines/prchecks/PackageBuildPRCheck.yml index a5de2e79b8d..dd1d5d20651 100644 --- a/.pipelines/prchecks/PackageBuildPRCheck.yml +++ b/.pipelines/prchecks/PackageBuildPRCheck.yml @@ -97,6 +97,7 @@ extends: outputArtifactsFolder: $(ob_outputDirectory) pipArtifactFeeds: "mariner/Mariner-Pypi-Feed" selfRepoName: self + testSuiteName: "[${{ configuration.name }}] Package test" - task: PublishPipelineArtifact@1 inputs: diff --git a/.pipelines/templates/PackageBuild.yml b/.pipelines/templates/PackageBuild.yml index c4418f3e948..116525ac840 100644 --- a/.pipelines/templates/PackageBuild.yml +++ b/.pipelines/templates/PackageBuild.yml @@ -98,6 +98,10 @@ parameters: type: string default: "srpms.tar.gz" + - name: testSuiteName + type: string + default: "Package test" + steps: - template: ToolkitCheck.yml@${{ parameters.selfRepoName }} parameters: @@ -220,3 +224,4 @@ steps: buildRepoRoot: ${{ parameters.buildRepoRoot }} failOnTestFailures: ${{ parameters.failOnTestFailures }} outputArtifactsFolder: ${{ parameters.outputArtifactsFolder }} + testSuiteName: ${{ parameters.testSuiteName }} diff --git a/.pipelines/templates/PackageTestResultsAnalysis.yml b/.pipelines/templates/PackageTestResultsAnalysis.yml index 496e37b0f62..406b9484f25 100644 --- a/.pipelines/templates/PackageTestResultsAnalysis.yml +++ b/.pipelines/templates/PackageTestResultsAnalysis.yml @@ -14,6 +14,10 @@ parameters: type: string default: "$(Build.ArtifactStagingDirectory)" + - name: testSuiteName + type: string + default: "Package test" + # Local constants. Can't use variables in a template without jobs or stages. - name: reportFileName type: string @@ -245,7 +249,7 @@ steps: logs_dir_path = "${{ parameters.buildRepoRoot }}/build/logs/pkggen/rpmbuilding" report_path = "${{ parameters.testsWorkspace }}/${{ parameters.reportFileName }}" - test_suit_name = f"[{machine()}] Package test" + test_suit_name = "${{ parameters.testSuiteName }}" logger = ADOPipelineLogger() logger.log(f"Analyzing tests results inside '{logs_dir_path}'.") From cae9dd7dc36a3bf70664b9c2ae9b40a835346f0c Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Tue, 26 Sep 2023 12:18:04 -0700 Subject: [PATCH 15/47] Reverted "Cleaned-up invalid edges from duplicate nodes. #6143" (#6288) * Revert "Cleaned-up invalid edges from duplicate nodes. (#6143)" This reverts commit 47c831d5b1fae3b0a2816e95d2ed5921083cc8bb. * Keeping unrelated changes. --- toolkit/tools/grapher/grapher.go | 64 ++++++++++++++++++-------------- 1 file changed, 37 insertions(+), 27 deletions(-) diff --git a/toolkit/tools/grapher/grapher.go b/toolkit/tools/grapher/grapher.go index 05e283729dc..929824e3da3 100644 --- a/toolkit/tools/grapher/grapher.go +++ b/toolkit/tools/grapher/grapher.go @@ -137,7 +137,7 @@ func addUnresolvedPackage(g *pkggraph.PkgGraph, pkgVer *pkgjson.PackageVer) (new return } - logger.Log.Infof("Adding unresolved node '%s'.", newRunNode.FriendlyName()) + logger.Log.Infof("Adding unresolved node %s\n", newRunNode.FriendlyName()) return } @@ -145,7 +145,7 @@ func addUnresolvedPackage(g *pkggraph.PkgGraph, pkgVer *pkgjson.PackageVer) (new // addNodesForPackage creates a "Run", "Build", and "Test" node for the package described // in the Package structure. Returns pointers to the build and run Nodes // created, or an error if one of the nodes could not be created. -func addNodesForPackage(g *pkggraph.PkgGraph, pkg *pkgjson.Package) (foundDuplicate bool, err error) { +func addNodesForPackage(g *pkggraph.PkgGraph, pkg *pkgjson.Package) (err error) { var ( newRunNode *pkggraph.PkgNode newBuildNode *pkggraph.PkgNode @@ -157,23 +157,34 @@ func addNodesForPackage(g *pkggraph.PkgGraph, pkg *pkgjson.Package) (foundDuplic return } + skipNewTestNode := false if nodes != nil { - logger.Log.Warnf(`Skipping duplicate package name for package %+v read from SRPM "%s". Original: %+v.`, pkg.Provides, pkg.SrpmPath, nodes.RunNode) - foundDuplicate = true - return + logger.Log.Warnf(`Duplicate package name for package %+v read from SRPM "%s" (Previous: %+v)`, pkg.Provides, pkg.SrpmPath, nodes.RunNode) + newRunNode = nodes.RunNode + newBuildNode = nodes.BuildNode + newTestNode = nodes.TestNode + + // Test nodes must be assigned to the build nodes of their true origin and not a duplicate from a potentially different SRPM. + skipNewTestNode = true } - newRunNode, err = g.AddPkgNode(pkg.Provides, pkggraph.StateMeta, pkggraph.TypeLocalRun, pkg.SrpmPath, pkg.RpmPath, pkg.SpecPath, pkg.SourceDir, pkg.Architecture, pkggraph.LocalRepo) - if err != nil { - return + if newRunNode == nil { + // Add "Run" node + newRunNode, err = g.AddPkgNode(pkg.Provides, pkggraph.StateMeta, pkggraph.TypeLocalRun, pkg.SrpmPath, pkg.RpmPath, pkg.SpecPath, pkg.SourceDir, pkg.Architecture, pkggraph.LocalRepo) + if err != nil { + return + } + logger.Log.Debugf("Adding run node %s with id %d\n", newRunNode.FriendlyName(), newRunNode.ID()) } - logger.Log.Debugf("Adding run node '%s' with id %d.", newRunNode.FriendlyName(), newRunNode.ID()) - newBuildNode, err = g.AddPkgNode(pkg.Provides, pkggraph.StateBuild, pkggraph.TypeLocalBuild, pkg.SrpmPath, pkg.RpmPath, pkg.SpecPath, pkg.SourceDir, pkg.Architecture, pkggraph.LocalRepo) - if err != nil { - return + if newBuildNode == nil { + // Add "Build" node + newBuildNode, err = g.AddPkgNode(pkg.Provides, pkggraph.StateBuild, pkggraph.TypeLocalBuild, pkg.SrpmPath, pkg.RpmPath, pkg.SpecPath, pkg.SourceDir, pkg.Architecture, pkggraph.LocalRepo) + if err != nil { + return + } + logger.Log.Debugf("Adding build node %s with id %d\n", newBuildNode.FriendlyName(), newBuildNode.ID()) } - logger.Log.Debugf("Adding build node '%s' with id %d.", newBuildNode.FriendlyName(), newBuildNode.ID()) // A "run" node has an implicit dependency on its corresponding "build" node, encode that here. err = g.AddEdge(newRunNode, newBuildNode) @@ -182,16 +193,19 @@ func addNodesForPackage(g *pkggraph.PkgGraph, pkg *pkgjson.Package) (foundDuplic return } - if !pkg.RunTests { + if skipNewTestNode || !pkg.RunTests { logger.Log.Debugf("Skipping adding a test node for package %+v", pkg) return } - newTestNode, err = g.AddPkgNode(pkg.Provides, pkggraph.StateBuild, pkggraph.TypeTest, pkg.SrpmPath, pkggraph.NoRPMPath, pkg.SpecPath, pkg.SourceDir, pkg.Architecture, pkggraph.LocalRepo) - if err != nil { - return + if newTestNode == nil { + // Add "Test" node + newTestNode, err = g.AddPkgNode(pkg.Provides, pkggraph.StateBuild, pkggraph.TypeTest, pkg.SrpmPath, pkggraph.NoRPMPath, pkg.SpecPath, pkg.SourceDir, pkg.Architecture, pkggraph.LocalRepo) + if err != nil { + return + } + logger.Log.Debugf("Adding test node %s with id %d\n", newTestNode.FriendlyName(), newTestNode.ID()) } - logger.Log.Debugf("Adding test node '%s' with id %d.", newTestNode.FriendlyName(), newTestNode.ID()) // A "test" node has a dependency on its corresponding "build" node. This dependency is required // to guarantee we will first check if the build node needs to be built or not before we make @@ -318,17 +332,12 @@ func populateGraph(graph *pkggraph.PkgGraph, repo *pkgjson.PackageRepo) (err err // Scan and add each package we know about logger.Log.Infof("Adding all packages from %s", *input) - uniquePackages := make(map[*pkgjson.Package]bool) for _, pkg := range packages { - foundDuplicate, err := addNodesForPackage(graph, pkg) + err = addNodesForPackage(graph, pkg) if err != nil { logger.Log.Errorf("Failed to add local package %+v", pkg) return err } - - if !foundDuplicate { - uniquePackages[pkg] = true - } } logger.Log.Infof("\tAdded %d packages", len(packages)) @@ -338,10 +347,11 @@ func populateGraph(graph *pkggraph.PkgGraph, repo *pkgjson.PackageRepo) (err err // Rescan and add all the dependencies logger.Log.Infof("Adding all dependencies from %s", *input) dependenciesAdded := 0 - for uniquePkg := range uniquePackages { - num, err := addPkgDependencies(graph, uniquePkg) + for idx := range packages { + pkg := packages[idx] + num, err := addPkgDependencies(graph, pkg) if err != nil { - logger.Log.Errorf("Failed to add dependency %+v", uniquePkg) + logger.Log.Errorf("Failed to add dependency %+v", pkg) return err } dependenciesAdded += num From 7c42eb3b92b2f1445e9ac395987b234f1fd7d729 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Tue, 26 Sep 2023 15:16:06 -0700 Subject: [PATCH 16/47] Restored "Cleaned-up invalid edges from duplicate nodes. #6143" (#6291) This reverts commit cae9dd7dc36a3bf70664b9c2ae9b40a835346f0c. --- toolkit/tools/grapher/grapher.go | 64 ++++++++++++++------------------ 1 file changed, 27 insertions(+), 37 deletions(-) diff --git a/toolkit/tools/grapher/grapher.go b/toolkit/tools/grapher/grapher.go index 929824e3da3..05e283729dc 100644 --- a/toolkit/tools/grapher/grapher.go +++ b/toolkit/tools/grapher/grapher.go @@ -137,7 +137,7 @@ func addUnresolvedPackage(g *pkggraph.PkgGraph, pkgVer *pkgjson.PackageVer) (new return } - logger.Log.Infof("Adding unresolved node %s\n", newRunNode.FriendlyName()) + logger.Log.Infof("Adding unresolved node '%s'.", newRunNode.FriendlyName()) return } @@ -145,7 +145,7 @@ func addUnresolvedPackage(g *pkggraph.PkgGraph, pkgVer *pkgjson.PackageVer) (new // addNodesForPackage creates a "Run", "Build", and "Test" node for the package described // in the Package structure. Returns pointers to the build and run Nodes // created, or an error if one of the nodes could not be created. -func addNodesForPackage(g *pkggraph.PkgGraph, pkg *pkgjson.Package) (err error) { +func addNodesForPackage(g *pkggraph.PkgGraph, pkg *pkgjson.Package) (foundDuplicate bool, err error) { var ( newRunNode *pkggraph.PkgNode newBuildNode *pkggraph.PkgNode @@ -157,34 +157,23 @@ func addNodesForPackage(g *pkggraph.PkgGraph, pkg *pkgjson.Package) (err error) return } - skipNewTestNode := false if nodes != nil { - logger.Log.Warnf(`Duplicate package name for package %+v read from SRPM "%s" (Previous: %+v)`, pkg.Provides, pkg.SrpmPath, nodes.RunNode) - newRunNode = nodes.RunNode - newBuildNode = nodes.BuildNode - newTestNode = nodes.TestNode - - // Test nodes must be assigned to the build nodes of their true origin and not a duplicate from a potentially different SRPM. - skipNewTestNode = true + logger.Log.Warnf(`Skipping duplicate package name for package %+v read from SRPM "%s". Original: %+v.`, pkg.Provides, pkg.SrpmPath, nodes.RunNode) + foundDuplicate = true + return } - if newRunNode == nil { - // Add "Run" node - newRunNode, err = g.AddPkgNode(pkg.Provides, pkggraph.StateMeta, pkggraph.TypeLocalRun, pkg.SrpmPath, pkg.RpmPath, pkg.SpecPath, pkg.SourceDir, pkg.Architecture, pkggraph.LocalRepo) - if err != nil { - return - } - logger.Log.Debugf("Adding run node %s with id %d\n", newRunNode.FriendlyName(), newRunNode.ID()) + newRunNode, err = g.AddPkgNode(pkg.Provides, pkggraph.StateMeta, pkggraph.TypeLocalRun, pkg.SrpmPath, pkg.RpmPath, pkg.SpecPath, pkg.SourceDir, pkg.Architecture, pkggraph.LocalRepo) + if err != nil { + return } + logger.Log.Debugf("Adding run node '%s' with id %d.", newRunNode.FriendlyName(), newRunNode.ID()) - if newBuildNode == nil { - // Add "Build" node - newBuildNode, err = g.AddPkgNode(pkg.Provides, pkggraph.StateBuild, pkggraph.TypeLocalBuild, pkg.SrpmPath, pkg.RpmPath, pkg.SpecPath, pkg.SourceDir, pkg.Architecture, pkggraph.LocalRepo) - if err != nil { - return - } - logger.Log.Debugf("Adding build node %s with id %d\n", newBuildNode.FriendlyName(), newBuildNode.ID()) + newBuildNode, err = g.AddPkgNode(pkg.Provides, pkggraph.StateBuild, pkggraph.TypeLocalBuild, pkg.SrpmPath, pkg.RpmPath, pkg.SpecPath, pkg.SourceDir, pkg.Architecture, pkggraph.LocalRepo) + if err != nil { + return } + logger.Log.Debugf("Adding build node '%s' with id %d.", newBuildNode.FriendlyName(), newBuildNode.ID()) // A "run" node has an implicit dependency on its corresponding "build" node, encode that here. err = g.AddEdge(newRunNode, newBuildNode) @@ -193,19 +182,16 @@ func addNodesForPackage(g *pkggraph.PkgGraph, pkg *pkgjson.Package) (err error) return } - if skipNewTestNode || !pkg.RunTests { + if !pkg.RunTests { logger.Log.Debugf("Skipping adding a test node for package %+v", pkg) return } - if newTestNode == nil { - // Add "Test" node - newTestNode, err = g.AddPkgNode(pkg.Provides, pkggraph.StateBuild, pkggraph.TypeTest, pkg.SrpmPath, pkggraph.NoRPMPath, pkg.SpecPath, pkg.SourceDir, pkg.Architecture, pkggraph.LocalRepo) - if err != nil { - return - } - logger.Log.Debugf("Adding test node %s with id %d\n", newTestNode.FriendlyName(), newTestNode.ID()) + newTestNode, err = g.AddPkgNode(pkg.Provides, pkggraph.StateBuild, pkggraph.TypeTest, pkg.SrpmPath, pkggraph.NoRPMPath, pkg.SpecPath, pkg.SourceDir, pkg.Architecture, pkggraph.LocalRepo) + if err != nil { + return } + logger.Log.Debugf("Adding test node '%s' with id %d.", newTestNode.FriendlyName(), newTestNode.ID()) // A "test" node has a dependency on its corresponding "build" node. This dependency is required // to guarantee we will first check if the build node needs to be built or not before we make @@ -332,12 +318,17 @@ func populateGraph(graph *pkggraph.PkgGraph, repo *pkgjson.PackageRepo) (err err // Scan and add each package we know about logger.Log.Infof("Adding all packages from %s", *input) + uniquePackages := make(map[*pkgjson.Package]bool) for _, pkg := range packages { - err = addNodesForPackage(graph, pkg) + foundDuplicate, err := addNodesForPackage(graph, pkg) if err != nil { logger.Log.Errorf("Failed to add local package %+v", pkg) return err } + + if !foundDuplicate { + uniquePackages[pkg] = true + } } logger.Log.Infof("\tAdded %d packages", len(packages)) @@ -347,11 +338,10 @@ func populateGraph(graph *pkggraph.PkgGraph, repo *pkgjson.PackageRepo) (err err // Rescan and add all the dependencies logger.Log.Infof("Adding all dependencies from %s", *input) dependenciesAdded := 0 - for idx := range packages { - pkg := packages[idx] - num, err := addPkgDependencies(graph, pkg) + for uniquePkg := range uniquePackages { + num, err := addPkgDependencies(graph, uniquePkg) if err != nil { - logger.Log.Errorf("Failed to add dependency %+v", pkg) + logger.Log.Errorf("Failed to add dependency %+v", uniquePkg) return err } dependenciesAdded += num From fd8251113b6038dd84ad13b5348ab5ecc55deb0b Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Tue, 26 Sep 2023 15:26:45 -0700 Subject: [PATCH 17/47] Disabled ACLs for toolchain builds. (#6272) --- toolkit/scripts/containerized-build.mk | 2 +- toolkit/scripts/pkggen.mk | 2 +- toolkit/scripts/toolchain.mk | 2 +- toolkit/scripts/utils.mk | 15 ++++++++++++--- 4 files changed, 15 insertions(+), 6 deletions(-) diff --git a/toolkit/scripts/containerized-build.mk b/toolkit/scripts/containerized-build.mk index ac8bb2ecf52..88f49a25860 100644 --- a/toolkit/scripts/containerized-build.mk +++ b/toolkit/scripts/containerized-build.mk @@ -35,7 +35,7 @@ containerized_build_args += -r endif ##help:target:containerized-rpmbuild=Launch containerized shell for inner-loop RPM building/testing. -containerized-rpmbuild: no_repo_acl +containerized-rpmbuild: $(no_repo_acl) $(SCRIPTS_DIR)/containerized-build/create_container_build.sh $(containerized_build_args) containerized-rpmbuild-help: diff --git a/toolkit/scripts/pkggen.mk b/toolkit/scripts/pkggen.mk index ee0ee60704d..38fce550203 100644 --- a/toolkit/scripts/pkggen.mk +++ b/toolkit/scripts/pkggen.mk @@ -259,7 +259,7 @@ $(RPMS_DIR): @touch $@ endif -$(STATUS_FLAGS_DIR)/build-rpms.flag: no_repo_acl $(preprocessed_file) $(chroot_worker) $(go-scheduler) $(go-pkgworker) $(depend_STOP_ON_PKG_FAIL) $(CONFIG_FILE) $(depend_CONFIG_FILE) $(depend_PACKAGE_BUILD_LIST) $(depend_PACKAGE_REBUILD_LIST) $(depend_PACKAGE_IGNORE_LIST) $(depend_MAX_CASCADING_REBUILDS) $(depend_TEST_RUN_LIST) $(depend_TEST_RERUN_LIST) $(depend_TEST_IGNORE_LIST) $(pkggen_rpms) $(srpms) $(BUILD_SRPMS_DIR) +$(STATUS_FLAGS_DIR)/build-rpms.flag: $(no_repo_acl) $(preprocessed_file) $(chroot_worker) $(go-scheduler) $(go-pkgworker) $(depend_STOP_ON_PKG_FAIL) $(CONFIG_FILE) $(depend_CONFIG_FILE) $(depend_PACKAGE_BUILD_LIST) $(depend_PACKAGE_REBUILD_LIST) $(depend_PACKAGE_IGNORE_LIST) $(depend_MAX_CASCADING_REBUILDS) $(depend_TEST_RUN_LIST) $(depend_TEST_RERUN_LIST) $(depend_TEST_IGNORE_LIST) $(pkggen_rpms) $(srpms) $(BUILD_SRPMS_DIR) $(go-scheduler) \ --input="$(preprocessed_file)" \ --output="$(built_file)" \ diff --git a/toolkit/scripts/toolchain.mk b/toolkit/scripts/toolchain.mk index 0a42474883b..f097599559f 100644 --- a/toolkit/scripts/toolchain.mk +++ b/toolkit/scripts/toolchain.mk @@ -212,7 +212,7 @@ endif # Output: # out/toolchain/built_rpms # out/toolchain/toolchain_built_rpms.tar.gz -$(final_toolchain): $(raw_toolchain) $(toolchain_rpms_rehydrated) $(STATUS_FLAGS_DIR)/build_toolchain_srpms.flag +$(final_toolchain): $(no_repo_acl) $(raw_toolchain) $(toolchain_rpms_rehydrated) $(STATUS_FLAGS_DIR)/build_toolchain_srpms.flag @echo "Building base packages" # Clean the existing chroot if not doing an incremental build $(if $(filter y,$(INCREMENTAL_TOOLCHAIN)),,$(SCRIPTS_DIR)/safeunmount.sh "$(populated_toolchain_chroot)" || $(call print_error,failed to clean mounts for toolchain build)) diff --git a/toolkit/scripts/utils.mk b/toolkit/scripts/utils.mk index 597956b39de..ff2f930aae9 100644 --- a/toolkit/scripts/utils.mk +++ b/toolkit/scripts/utils.mk @@ -13,6 +13,8 @@ ARCHIVE_TOOL ?= $(shell if command -v pigz 1>/dev/null 2>&1 ; then echo pigz ; e # Host and target architecture build_arch := $(shell uname -m) +no_repo_acl = $(STATUS_FLAGS_DIR)/no_repo_acl.flag + ######## MISC. MAKEFILE Functions ######## # Creates a folder if it doesn't exist. Also sets the timestamp to 0 if it is @@ -58,7 +60,7 @@ watch_vars=PACKAGE_BUILD_LIST PACKAGE_REBUILD_LIST PACKAGE_IGNORE_LIST REPO_LIST # $(depend_TOOLCHAIN_ARCHIVE) $(depend_REBUILD_TOOLCHAIN) $(depend_SRPM_PACK_LIST) $(depend_SPECS_DIR) $(depend_MAX_CASCADING_REBUILDS) $(depend_RUN_CHECK) $(depend_TEST_RUN_LIST) # $(depend_TEST_RERUN_LIST) $(depend_TEST_IGNORE_LIST) -.PHONY: variable_depends_on_phony clean-variable_depends_on_phony no_repo_acl +.PHONY: variable_depends_on_phony clean-variable_depends_on_phony setfacl_always_run_phony clean: clean-variable_depends_on_phony $(call create_folder,$(STATUS_FLAGS_DIR)) @@ -93,5 +95,12 @@ $(foreach var,$(watch_vars),$(eval $(call depend_on_var,$(var)))) # Host's ACLs influence the default permissions of the # files inside the built RPMs. Disabling them for the repository. -no_repo_acl: - @setfacl -bnR $(PROJECT_ROOT) &>/dev/null +# +# NOTE: we depend on a phony target and create the flag only once becase we want +# to always run the "setfacl" command but not trigger a re-run of the targets +# depending on this target. +$(no_repo_acl): setfacl_always_run_phony + @setfacl -bnR $(PROJECT_ROOT) &>/dev/null && \ + if [ ! -f $@ ]; then \ + touch $@; \ + fi From 5d3fbb49a57b209d5694c4776290d383b4ac782b Mon Sep 17 00:00:00 2001 From: Minghe Ren Date: Tue, 26 Sep 2023 15:32:54 -0700 Subject: [PATCH 18/47] Cloud init datasource bug (#6279) * add patch for cloud-init overrideDatasourceDetection * remove 23.2 * add upstream background content in patch --------- Co-authored-by: minghe --- SPECS/cloud-init/cloud-init.spec | 6 +++- .../overrideDatasourceDetection.patch | 35 +++++++++++++++++++ 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 SPECS/cloud-init/overrideDatasourceDetection.patch diff --git a/SPECS/cloud-init/cloud-init.spec b/SPECS/cloud-init/cloud-init.spec index 0727d30b43d..8d6b4571e23 100644 --- a/SPECS/cloud-init/cloud-init.spec +++ b/SPECS/cloud-init/cloud-init.spec @@ -1,7 +1,7 @@ Summary: Cloud instance init scripts Name: cloud-init Version: 23.2 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv3 Vendor: Microsoft Corporation Distribution: Mariner @@ -10,6 +10,7 @@ URL: https://launchpad.net/cloud-init Source0: https://launchpad.net/cloud-init/trunk/%{version}/+download/%{name}-%{version}.tar.gz Source1: 10-azure-kvp.cfg Patch0: testGetInterfacesUnitTest.patch +Patch1: overrideDatasourceDetection.patch %define cl_services cloud-config.service cloud-config.target cloud-final.service cloud-init.service cloud-init.target cloud-init-local.service BuildRequires: automake BuildRequires: dbus @@ -143,6 +144,9 @@ make check %{?_smp_mflags} %config(noreplace) %{_sysconfdir}/cloud/cloud.cfg.d/10-azure-kvp.cfg %changelog +* Wed Sep 13 2023 Minghe Ren - 23.2-4 +- Add patch overrideDatasourceDetection bug from upstream + * Thu Aug 24 2023 Minghe Ren - 23.2-3 - Remove the line prohibits cloud-init log dumping to serial console diff --git a/SPECS/cloud-init/overrideDatasourceDetection.patch b/SPECS/cloud-init/overrideDatasourceDetection.patch new file mode 100644 index 00000000000..dc6ed5b5cee --- /dev/null +++ b/SPECS/cloud-init/overrideDatasourceDetection.patch @@ -0,0 +1,35 @@ +From 35988cc4452f7df42e3c1b462731489bd33dade6 Mon Sep 17 00:00:00 2001 +From: Chris Patterson +Date: Mon, 11 Sep 2023 16:56:06 -0400 +Subject: [PATCH] sources: do not override datasource detection if None is in + list + +Users with datasource_list = [Azure, None] started failing to boot +properly outside of Azure with the changes to override datasource detection. + +If the fallback "None" is included in the datasource_list, do not treat +the system as configured with a single datasource. + +If users want to force a single datasource regardless of detection, +they can do so by removing None from the list. + +Signed-off-by: Chris Patterson +--- + cloudinit/sources/__init__.py | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff -ruN a/cloudinit/sources/__init__.py b/cloudinit/sources/__init__.py +--- a/cloudinit/sources/__init__.py 2023-08-28 09:20:24.000000000 -0700 ++++ b/cloudinit/sources/__init__.py 2023-09-13 15:00:23.287549869 -0700 +@@ -352,10 +352,7 @@ + self, + ) + return True +- elif self.sys_cfg.get("datasource_list", []) in ( +- [self.dsname], +- [self.dsname, "None"], +- ): ++ elif self.sys_cfg.get("datasource_list", []) == [self.dsname]: + LOG.debug( + "Machine is configured to run on single datasource %s.", self + ) From f7f740b2e0822b2a803d1fd5ef32c9b92ba1c7b5 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Wed, 27 Sep 2023 09:53:14 -0700 Subject: [PATCH 19/47] Allow scheduler to update cached implicit nodes (#6287) * Allow scheduler to update cached implicit nodes Allow the scheduler to update cached nodes even after we enable useCachedImplicit mode. --- .../scheduler/schedulerutils/implicitprovides.go | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/toolkit/tools/scheduler/schedulerutils/implicitprovides.go b/toolkit/tools/scheduler/schedulerutils/implicitprovides.go index 89a885d3785..e56fa489e0f 100644 --- a/toolkit/tools/scheduler/schedulerutils/implicitprovides.go +++ b/toolkit/tools/scheduler/schedulerutils/implicitprovides.go @@ -79,8 +79,9 @@ func replaceNodesWithProvides(res *BuildResult, pkgGraph *pkggraph.PkgGraph, pro return } -// implicitPackagesToUnresolvedNodesInGraph returns a map of package names to unresolved implicit nodes. -func implicitPackagesToUnresolvedNodesInGraph(pkgGraph *pkggraph.PkgGraph, useCachedImplicit bool) (nameToNodes map[string][]*pkggraph.PkgNode) { +// implicitPackageNamesToNodesInGraph returns a map of package names to implicit nodes. These nodes will either be unresolved, +// or in the cache. +func implicitPackageNamesToNodesInGraph(pkgGraph *pkggraph.PkgGraph, useCachedImplicit bool) (nameToNodes map[string][]*pkggraph.PkgNode) { nameToNodes = make(map[string][]*pkggraph.PkgNode) // Depending on the node order that the graph was created, there may be multiple unresolved nodes for a single package. @@ -107,11 +108,13 @@ func implicitPackagesToUnresolvedNodesInGraph(pkgGraph *pkggraph.PkgGraph, useCa } // When graphpkgfetcher runs, it will attempt to resolve all unresolved nodes. - // Some of these may be implicit and it may find an upstream package that satisfies it. - // Only consider these as resolved if useCachedImplicit is set. + // Some of these may be implicit and it may find an upstream package that satisfies it. The scheduler will have + // done its best to avoid using these nodes, but may eventually have to use them if there are no other options. + // We will allow these nodes to be switched even after the scheduler starts to use them since some packages may + // end up needing to install multiple versions of the same package if we don't unify them. if n.State == pkggraph.StateCached { if useCachedImplicit { - continue + logger.Log.Warnf("Implicit node (%s) was already cached and may have been used to satisfy another node (useCachedImplicit=true). Updating implicit path regardless!", n.FriendlyName()) } } else if n.State != pkggraph.StateUnresolved { continue @@ -126,7 +129,7 @@ func implicitPackagesToUnresolvedNodesInGraph(pkgGraph *pkggraph.PkgGraph, useCa // matchProvidesToUnresolvedNodes matches a list of provides to unresolved nodes that they satisfy in the graph. func matchProvidesToUnresolvedNodes(provides []*pkgjson.PackageVer, pkgGraph *pkggraph.PkgGraph, useCachedImplicit bool) (matches map[*pkgjson.PackageVer][]*pkggraph.PkgNode, err error) { matches = make(map[*pkgjson.PackageVer][]*pkggraph.PkgNode) - implicitPackagesToUnresolvedNodes := implicitPackagesToUnresolvedNodesInGraph(pkgGraph, useCachedImplicit) + implicitPackagesToUnresolvedNodes := implicitPackageNamesToNodesInGraph(pkgGraph, useCachedImplicit) // An unresolved node can only be satisfied by a single provide, prevent duplicate matching nodeToSatisfier := make(map[*pkggraph.PkgNode]*pkgjson.PackageVer) From e9ebc8d3e63c1fb9a6d072ea4c4d4500802ecc25 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Wed, 27 Sep 2023 09:57:33 -0700 Subject: [PATCH 20/47] Add handy graph make targets, fix go-deps circular dependency, fix clean-input-srpms (#6052) * Add handy graph make targets, fix go-deps circular dependency, fix clean-input-srpms --- toolkit/scripts/pkggen.mk | 11 ++++++++--- toolkit/scripts/srpm_pack.mk | 1 + toolkit/scripts/tools.mk | 2 +- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/toolkit/scripts/pkggen.mk b/toolkit/scripts/pkggen.mk index 38fce550203..4ee2a01b84a 100644 --- a/toolkit/scripts/pkggen.mk +++ b/toolkit/scripts/pkggen.mk @@ -43,10 +43,15 @@ logging_command = --log-file=$(LOGS_DIR)/pkggen/workplan/$(notdir $@).log --log- $(call create_folder,$(LOGS_DIR)/pkggen/workplan) $(call create_folder,$(rpmbuilding_logs_dir)) -.PHONY: clean-workplan clean-cache clean-cache-worker clean-grapher-cache-worker clean-spec-parse clean-ccache graph-cache analyze-built-graph workplan +.PHONY: clean-workplan clean-cache clean-cache-worker clean-grapher-cache-worker clean-spec-parse clean-ccache graph graph-cache graph-preprocessed analyze-built-graph workplan +##help:target:parsed-specs=Parse package specs and generate a specs.json file encoding all dependency information. +parse-specs: $(specs_file) +##help:target:graph-cache=Resolve package dependencies and cache the results. graph-cache: $(cached_file) -##help:target:workplan=Create the package build workplan. -workplan: $(graph_file) +##help:target:graph=Create the initial package build graph. +workplan graph: $(graph_file) +graph-preprocessed: $(preprocessed_file) + clean: clean-workplan clean-cache clean-spec-parse clean-workplan: clean-cache clean-spec-parse clean-grapher-cache-worker rm -rf $(PKGBUILD_DIR) diff --git a/toolkit/scripts/srpm_pack.mk b/toolkit/scripts/srpm_pack.mk index f360e872e90..22941135b81 100644 --- a/toolkit/scripts/srpm_pack.mk +++ b/toolkit/scripts/srpm_pack.mk @@ -49,6 +49,7 @@ clean: clean-input-srpms clean-input-srpms: rm -rf $(BUILD_SRPMS_DIR) rm -rf $(STATUS_FLAGS_DIR)/build_srpms.flag + rm -rf $(STATUS_FLAGS_DIR)/build_toolchain_srpms.flag @echo Verifying no mountpoints present in $(SRPM_BUILD_CHROOT_DIR) $(SCRIPTS_DIR)/safeunmount.sh "$(SRPM_BUILD_CHROOT_DIR)" && \ rm -rf $(SRPM_BUILD_CHROOT_DIR) diff --git a/toolkit/scripts/tools.mk b/toolkit/scripts/tools.mk index 754aa10374a..cc69f33be3f 100644 --- a/toolkit/scripts/tools.mk +++ b/toolkit/scripts/tools.mk @@ -102,7 +102,7 @@ $(TOOL_BINS_DIR)/%: touch $@ else # Rebuild the go tools as needed -$(TOOL_BINS_DIR)/%: $(go_common_files) $(STATUS_FLAGS_DIR)/got_go_deps.flag +$(TOOL_BINS_DIR)/%: $(go_common_files) cd $(TOOLS_DIR)/$* && \ go test -covermode=atomic -coverprofile=$(BUILD_DIR)/tools/$*.test_coverage ./... && \ CGO_ENABLED=0 go build \ From 920f32a12300bf665d1a6c3fd8e5ce7bd0fb8d0a Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Wed, 27 Sep 2023 09:59:44 -0700 Subject: [PATCH 21/47] Make safeunmount.sh run in parallel (#6262) * Make safeunmount.sh run in parallel --- toolkit/scripts/pkggen.mk | 11 ++++--- toolkit/scripts/safeunmount.sh | 56 ++++++++++++++++++++++++---------- 2 files changed, 46 insertions(+), 21 deletions(-) diff --git a/toolkit/scripts/pkggen.mk b/toolkit/scripts/pkggen.mk index 4ee2a01b84a..d32d6fcb8c9 100644 --- a/toolkit/scripts/pkggen.mk +++ b/toolkit/scripts/pkggen.mk @@ -235,21 +235,22 @@ $(preprocessed_file): $(cached_file) $(go-graphPreprocessor) pkggen_archive = $(OUT_DIR)/rpms.tar.gz srpms_archive = $(OUT_DIR)/srpms.tar.gz -.PHONY: build-packages clean-build-packages hydrate-rpms compress-rpms clean-compress-rpms compress-srpms clean-compress-srpms +.PHONY: build-packages clean-build-packages hydrate-rpms compress-rpms clean-compress-rpms compress-srpms clean-compress-srpms clean-build-packages-workers ##help:target:build-packages=Build .rpm packages selected by PACKAGE_(RE)BUILD_LIST= and IMAGE_CONFIG=. # Execute the package build scheduler. build-packages: $(RPMS_DIR) clean: clean-build-packages clean-compress-rpms clean-compress-srpms -clean-build-packages: +clean-build-packages-workers: + @echo Verifying no mountpoints present in $(CHROOT_DIR) + $(SCRIPTS_DIR)/safeunmount.sh "$(CHROOT_DIR)"/* && \ + rm -rf $(CHROOT_DIR) +clean-build-packages: clean-build-packages-workers rm -rf $(RPMS_DIR) rm -rf $(LOGS_DIR)/pkggen/failures.txt rm -rf $(rpmbuilding_logs_dir) rm -rf $(STATUS_FLAGS_DIR)/build-rpms.flag - @echo Verifying no mountpoints present in $(CHROOT_DIR) - $(SCRIPTS_DIR)/safeunmount.sh "$(CHROOT_DIR)" && \ - rm -rf $(CHROOT_DIR) clean-compress-rpms: rm -rf $(pkggen_archive) clean-compress-srpms: diff --git a/toolkit/scripts/safeunmount.sh b/toolkit/scripts/safeunmount.sh index 4a2f37f0507..986e5027968 100755 --- a/toolkit/scripts/safeunmount.sh +++ b/toolkit/scripts/safeunmount.sh @@ -2,23 +2,47 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. -# $1 path to recursively scan for mount points which must be cleaned up -dir=${1} -for dir in $(find ${dir} -type d | sort) ; do - if [[ -d $dir ]]; then - if mountpoint -q ${dir} ; then - echo "WARNING: Removing mountpoint at $dir" - umount -l ${dir} - sleep 0.5 +# Usage: safeunmount.sh ... +# e.g. +# `safeunmount.sh /mnt/resource /mnt/scratch` will attempt to unmount all mount points under /mnt/resource and /mnt/scratch in parallel +# `safeunmount.sh "/mnt/"*` will use bash expansion to unmount all mount points under /mnt/ in parallel + +function clean_dir { + dir=${1} + for dir in $(find "${dir}" -type d | sort) ; do + if [[ -d $dir ]]; then + if mountpoint -q "${dir}" ; then + echo "WARNING: Removing mountpoint at '$dir'" + umount -l "${dir}" + sleep 0.5 + fi + retries=10 + while mountpoint -q "${dir}" ; do + echo "ERROR: Mountpoint still present at '$dir', retrying unmount ${retries} times" + umount -l "${dir}" + retries=$(( "${retries}" - 1)) + sleep 1 + if [ ${retries} -eq 0 ] ; then echo "ERROR: Unable to unmount '$dir'"; return 1 ; fi + done fi - retries=10 - while mountpoint -q ${dir} ; do - echo "ERROR: Mountpoint still present at $dir, retrying unmount ${retries} times" - umount -l ${dir} - retries=$(( ${retries} - 1)) - sleep 1 - if [ ${retries} -eq 0 ] ; then exit 1 ; fi - done + done || ( echo "ERROR: failed to unmount directories under '$dir'" ; return 1) + + return 0 +} + +# For each argument, pass it to clean_dir in parallel then wait for all to finish and return the exit code +pids=() +for dir in "$@" ; do + if [[ ! -d $dir ]]; then + echo "Warning: $dir is not a directory, skipping safe unmount" + else + echo "Cleaning $dir" + (clean_dir "${dir}") & pids+=( $! ) fi done + +for pid in "${pids[@]}" ; do + wait "${pid}" || (echo "ERROR: Failed to unmount a directory" ; exit 1) +done + exit 0 \ No newline at end of file From 7488fe8670491dd19914e4dde7fee365de762f78 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Wed, 27 Sep 2023 11:56:09 -0700 Subject: [PATCH 22/47] Add scheduler stuck debug code (#6290) * Add debug output if the scheduler is blocked. * Switch to debug * Move final to debug * Update toolkit/tools/scheduler/scheduler.go Co-authored-by: Pawel Winogrodzki * Update toolkit/tools/scheduler/scheduler.go Co-authored-by: Pawel Winogrodzki --------- Co-authored-by: Pawel Winogrodzki --- toolkit/tools/scheduler/scheduler.go | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/toolkit/tools/scheduler/scheduler.go b/toolkit/tools/scheduler/scheduler.go index ffbb70c7ffe..56a20f32aa2 100644 --- a/toolkit/tools/scheduler/scheduler.go +++ b/toolkit/tools/scheduler/scheduler.go @@ -277,6 +277,23 @@ func startWorkerPool(agent buildagents.BuildAgent, workers, buildAttempts, check return } +// debugStuckNode is a debugging function that will print out the stuck node and all nodes that are blocking it. +func debugStuckNode(buildState *schedulerutils.GraphBuildState, pkgGraph *pkggraph.PkgGraph, stuckNode *pkggraph.PkgNode, indent int) { + if buildState.IsNodeAvailable(stuckNode) { + return + } + + nodeName := fmt.Sprintf("(%s)", stuckNode.FriendlyName()) + logger.Log.Debugf("%*s", indent, nodeName) + + // Iterate over all the nodes that are blocking the stuck node. + dependency := pkgGraph.From(stuckNode.ID()) + for dependency.Next() { + dependent := dependency.Node().(*pkggraph.PkgNode) + debugStuckNode(buildState, pkgGraph, dependent, indent+1) + } +} + // buildAllNodes will build all nodes in a given dependency graph. // This routine only contains control flow logic for build scheduling. // It iteratively: @@ -346,6 +363,8 @@ func buildAllNodes(stopOnFailure, canUseCache bool, packagesToRebuild, testsToRe if len(buildState.ActiveBuilds()) == 0 && len(channels.Results) == 0 { if useCachedImplicit { err = fmt.Errorf("could not build all packages") + // Temporarily print debug information about the stuck node. + debugStuckNode(buildState, pkgGraph, goalNode, 0) break } else { logger.Log.Warn("Enabling cached packages to satisfy unresolved dynamic dependencies.") From bd43083f65e61541b8c9ac74c5fe47967b549c18 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Wed, 27 Sep 2023 14:32:23 -0700 Subject: [PATCH 23/47] Add a fallback lazy mode to chroot unmount (#6216) * Add a fallback lazy mode to chroot unmount --- toolkit/tools/go.mod | 1 + toolkit/tools/go.sum | 3 + .../tools/internal/safechroot/safechroot.go | 62 +++++++++++++++---- 3 files changed, 54 insertions(+), 12 deletions(-) diff --git a/toolkit/tools/go.mod b/toolkit/tools/go.mod index eccd1a2de86..d5c674cf824 100644 --- a/toolkit/tools/go.mod +++ b/toolkit/tools/go.mod @@ -10,6 +10,7 @@ require ( github.com/jinzhu/copier v0.3.2 github.com/juliangruber/go-intersect v1.1.0 github.com/klauspost/pgzip v1.2.5 + github.com/moby/sys/mountinfo v0.6.2 github.com/muesli/crunchy v0.4.0 github.com/rivo/tview v0.0.0-20200219135020-0ba8301b415c github.com/sirupsen/logrus v1.9.3 diff --git a/toolkit/tools/go.sum b/toolkit/tools/go.sum index 0ead06de291..067f238f4bc 100644 --- a/toolkit/tools/go.sum +++ b/toolkit/tools/go.sum @@ -41,6 +41,8 @@ github.com/lucasb-eyer/go-colorful v1.0.3/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= github.com/mattn/go-runewidth v0.0.7 h1:Ei8KR0497xHyKJPAv59M1dkC+rOZCMBJ+t3fZ+twI54= github.com/mattn/go-runewidth v0.0.7/go.mod h1:H031xJmbD/WCDINGzjvQ9THkh0rPKHF+m2gUSrubnMI= +github.com/moby/sys/mountinfo v0.6.2 h1:BzJjoreD5BMFNmD9Rus6gdd1pLuecOFPt8wC+Vygl78= +github.com/moby/sys/mountinfo v0.6.2/go.mod h1:IJb6JQeOklcdMU9F5xQ8ZALD+CUr5VlGpwtX+VE0rpI= github.com/muesli/crunchy v0.4.0 h1:qdiml8gywULHBsztiSAf6rrE6EyuNasNKZ104mAaahM= github.com/muesli/crunchy v0.4.0/go.mod h1:9k4x6xdSbb7WwtAVy0iDjaiDjIk6Wa5AgUIqp+HqOpU= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= @@ -79,6 +81,7 @@ golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190626150813-e07cf5db2756/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191018095205-727590c5006e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f h1:v4INt8xihDGvnrfjMDVXGxw9wrfxYyCjk0KbXjhR55s= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= diff --git a/toolkit/tools/internal/safechroot/safechroot.go b/toolkit/tools/internal/safechroot/safechroot.go index 4d14260fce8..e33a7a14cdf 100644 --- a/toolkit/tools/internal/safechroot/safechroot.go +++ b/toolkit/tools/internal/safechroot/safechroot.go @@ -19,6 +19,7 @@ import ( "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/shell" "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/systemdependency" + "github.com/moby/sys/mountinfo" "github.com/sirupsen/logrus" "golang.org/x/sys/unix" ) @@ -82,6 +83,11 @@ var defaultChrootEnv = []string{ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", } +const ( + unmountTypeLazy = true + unmountTypeNormal = !unmountTypeLazy +) + // init will always be called if this package is loaded func init() { registerSIGTERMCleanup() @@ -207,8 +213,8 @@ func (c *Chroot) Initialize(tarPath string, extraDirectories []string, extraMoun if err != nil { if buildpipeline.IsRegularBuild() { // mount/unmount is only supported in regular pipeline - // Best effort cleanup in case mountpoint creation failed mid-way through - cleanupErr := c.unmountAndRemove(leaveChrootOnDisk) + // Best effort cleanup in case mountpoint creation failed mid-way through. We will not try again so treat as final attempt. + cleanupErr := c.unmountAndRemove(leaveChrootOnDisk, unmountTypeLazy) if cleanupErr != nil { logger.Log.Warnf("Failed to cleanup chroot (%s) during failed initialization. Error: %s", c.rootDir, cleanupErr) } @@ -398,7 +404,11 @@ func (c *Chroot) Close(leaveOnDisk bool) (err error) { if buildpipeline.IsRegularBuild() { // mount is only supported in regular pipeline - err = c.unmountAndRemove(leaveOnDisk) + err = c.unmountAndRemove(leaveOnDisk, unmountTypeNormal) + if err != nil { + logger.Log.Warnf("Chroot cleanup failed, will retry with lazy unmount. Error: %s", err) + err = c.unmountAndRemove(leaveOnDisk, unmountTypeLazy) + } if err == nil { const emptyLen = 0 // Remove this chroot from the list of active ones since it has now been cleaned up. @@ -469,37 +479,63 @@ func cleanupAllChroots() { inChrootMutex.Lock() // mount is only supported in regular pipeline + failedToUnmount := false if buildpipeline.IsRegularBuild() { // Cleanup chroots in LIFO order incase any are interdependent (e.g. nested safe chroots) logger.Log.Info("Cleaning up all active chroots") for i := len(activeChroots) - 1; i >= 0; i-- { logger.Log.Infof("Cleaning up chroot (%s)", activeChroots[i].rootDir) - err := activeChroots[i].unmountAndRemove(leaveChrootOnDisk) + err := activeChroots[i].unmountAndRemove(leaveChrootOnDisk, unmountTypeLazy) // Perform best effort cleanup: unmount as many chroots as possible, // even if one fails. if err != nil { logger.Log.Errorf("Failed to unmount chroot (%s)", activeChroots[i].rootDir) + failedToUnmount = true } } } - logger.Log.Info("Cleanup finished") + if failedToUnmount { + logger.Log.Fatalf("Failed to unmount a chroot, manual unmount required. See above errors for details on which mounts failed.") + } else { + logger.Log.Info("Cleanup finished") + } } // unmountAndRemove retries to unmount directories that were mounted into // the chroot until the unmounts succeed or too many failed attempts. // This is to avoid leaving folders like /dev mounted when the chroot folder is forcefully deleted in cleanup. // Iff all mounts were successfully unmounted, the chroot's root directory will be removed if requested. -func (c *Chroot) unmountAndRemove(leaveOnDisk bool) (err error) { +// If doLazyUnmount is true, use the lazy unmount flag which will allow the unmount to succeed even if the mount point is busy. +func (c *Chroot) unmountAndRemove(leaveOnDisk, lazyUnmount bool) (err error) { const ( - totalAttempts = 3 - retryDuration = time.Second - unmountFlags = 0 + retryDuration = time.Second + totalAttempts = 3 + unmountFlagsNormal = 0 + // Do a lazy unmount as a fallback. This will allow the unmount to succeed even if the mount point is busy. + // This is to avoid leaving folders like /dev mounted if the chroot folder is forcefully deleted by the user. Even + // if the mount is busy at least it will be detached from the filesystem and will not damage the host. + unmountFlagsLazy = unix.MNT_DETACH ) + unmountFlags := unmountFlagsNormal + if lazyUnmount { + unmountFlags = unmountFlagsLazy + } for _, mountPoint := range c.mountPoints { fullPath := filepath.Join(c.rootDir, mountPoint.target) + var isMounted bool + isMounted, err = mountinfo.Mounted(fullPath) + if err != nil { + err = fmt.Errorf("failed to check if mount point (%s) is mounted. Error: %s", fullPath, err) + return + } + if !isMounted { + logger.Log.Debugf("Skipping unmount of (%s) because it is not mounted", fullPath) + continue + } + logger.Log.Debugf("Unmounting (%s)", fullPath) // Skip mount points if they were not successfully created @@ -507,9 +543,11 @@ func (c *Chroot) unmountAndRemove(leaveOnDisk bool) (err error) { continue } - err = retry.Run(func() error { - return unix.Unmount(fullPath, unmountFlags) - }, totalAttempts, retryDuration) + _, err = retry.RunWithExpBackoff(func() error { + logger.Log.Debugf("Calling unmount on path(%s) with flags (%v)", fullPath, unmountFlags) + umountErr := unix.Unmount(fullPath, unmountFlags) + return umountErr + }, totalAttempts, retryDuration, 2.0, nil) if err != nil { logger.Log.Warnf("Failed to unmount (%s). Error: %s", fullPath, err) From a013c3843259a0fa17689f2b87c886c910b730da Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Wed, 27 Sep 2023 16:57:14 -0700 Subject: [PATCH 24/47] Support repofiles in precacher tool (#6228) * Support repofiles in precacher --------- Co-authored-by: Pawel Winogrodzki --- toolkit/scripts/precache.mk | 2 +- toolkit/tools/precacher/precacher.go | 127 ++++++++++++++++++++------- 2 files changed, 94 insertions(+), 35 deletions(-) diff --git a/toolkit/scripts/precache.mk b/toolkit/scripts/precache.mk index 86a8ae16aab..2fb347eb450 100644 --- a/toolkit/scripts/precache.mk +++ b/toolkit/scripts/precache.mk @@ -12,7 +12,6 @@ repo_urls_file = $(precache_state_dir)/repo_urls.txt precache_chroot_dir = $(precache_state_dir)/chroot $(call create_folder,$(precache_state_dir)) -$(call create_folder,$(precache_chroot_dir)) $(call create_folder,$(remote_rpms_cache_dir)) clean-cache: clean-precache @@ -37,6 +36,7 @@ $(STATUS_FLAGS_DIR)/precache.flag: $(go-precacher) $(chroot_worker) $(rpms_snaps --output-summary-file "$(precache_downloaded_files)" \ --repo-urls-file "$(repo_urls_file)" \ $(foreach url,$(PACKAGE_URL_LIST), --repo-url "$(url)") \ + $(foreach repofile,$(REPO_LIST), --repo-file "$(repofile)") \ --worker-tar $(chroot_worker) \ --worker-dir $(precache_chroot_dir) \ --log-file=$(SRPM_BUILD_LOGS_DIR)/precacher.log \ diff --git a/toolkit/tools/precacher/precacher.go b/toolkit/tools/precacher/precacher.go index f81cbe3e04f..8d1f0056038 100644 --- a/toolkit/tools/precacher/precacher.go +++ b/toolkit/tools/precacher/precacher.go @@ -23,6 +23,7 @@ import ( "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/retry" "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/safechroot" "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/shell" + "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/sliceutils" "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/timestamp" "github.com/microsoft/CBL-Mariner/toolkit/tools/pkg/profile" "github.com/sirupsen/logrus" @@ -32,6 +33,7 @@ import ( const ( defaultNetOpsCount = "20" + chrootRepoDir = "/etc/yum.repos.d/" ) type downloadResultType int @@ -40,7 +42,7 @@ const ( downloadResultTypeSuccess downloadResultType = iota downloadResultTypeFailure downloadResultTypeSkipped - donwloadResultTypeUnavailable + downloadResultTypeUnavailable ) type downloadResult struct { @@ -61,8 +63,9 @@ var ( outputSummaryFile = app.Flag("output-summary-file", "Path to save the summary of packages downloaded").String() repoUrlsFile = app.Flag("repo-urls-file", "Path to save the list of package URLs available in the repos").String() repoUrls = app.Flag("repo-url", "URLs of the repos to download from.").Strings() + repoFiles = app.Flag("repo-file", "Files containing URLs of the repos to download from.").ExistingFiles() workerTar = app.Flag("worker-tar", "Full path to worker_chroot.tar.gz").Required().ExistingFile() - buildDir = app.Flag("worker-dir", "Directory to store chroot while running repo query.").Required().ExistingDir() + buildDir = app.Flag("worker-dir", "Directory to store chroot while running repo query.").Required().String() concurrentNetOps = app.Flag("concurrent-net-ops", "Number of concurrent network operations to perform.").Default(defaultNetOpsCount).Uint() ) @@ -86,7 +89,7 @@ func main() { logger.PanicOnError(err) } - packagesAvailableFromRepos, err := getAllRepoData(*repoUrls, *workerTar, *buildDir, *repoUrlsFile) + packagesAvailableFromRepos, err := getAllRepoData(*repoUrls, *repoFiles, *workerTar, *buildDir, *repoUrlsFile) if err != nil { logger.PanicOnError(err) } @@ -126,7 +129,7 @@ func rpmSnapshotFromFile(snapshotFile string) (rpmSnapshot *repocloner.RepoConte // getAllRepoData returns a map of package names to URLs for all packages available in the given repos. It uses // a chroot to run repoquery. -func getAllRepoData(repoURLs []string, workerTar, buildDir, repoUrlsFile string) (namesToURLs map[string]string, err error) { +func getAllRepoData(repoURLs, repoFiles []string, workerTar, buildDir, repoUrlsFile string) (namesToURLs map[string]string, err error) { const ( leaveChrootOnDisk = false ) @@ -141,31 +144,56 @@ func getAllRepoData(repoURLs []string, workerTar, buildDir, repoUrlsFile string) defer queryChroot.Close(leaveChrootOnDisk) namesToURLs = make(map[string]string) - URLList := []string{} + allPackageURLs := []string{} for _, repoURL := range repoURLs { // Use the chroot to query each repo for the packages it contains - var packageRepoPaths []string + var packageRepoURLs []string err = queryChroot.Run(func() (chrootErr error) { - packageRepoPaths, chrootErr = getPackageRepoPaths(repoURL) + packageRepoURLs, chrootErr = getPackageRepoPathsFromUrl(repoURL) return chrootErr }) if err != nil { return nil, err } + allPackageURLs = append(allPackageURLs, packageRepoURLs...) + } - // We will be searching by the name: "-..", the results from the repoquery will be - // in the form of "/-...rpm" - for _, packageRepoPath := range packageRepoPaths { - packageName := path.Base(packageRepoPath) - packageName = strings.TrimSuffix(packageName, ".rpm") - - // We need to prepend the repoURL to the partial URL to get the full URL - packageRepoPath = fmt.Sprintf("%s/%s", repoURL, packageRepoPath) - namesToURLs[packageName] = packageRepoPath - URLList = append(URLList, packageRepoPath) + // Use the chroot to query each repo for the packages it contains + for _, repoFile := range repoFiles { + // Replace the existing repo file (if it exists) with the one that we want to query + logger.Log.Infof("Will query package data from %s", repoFile) + destFile := path.Join(chrootRepoDir, path.Base(repoFile)) + chrootRepoFile := []safechroot.FileToCopy{ + {Src: repoFile, Dest: destFile}, } + err = queryChroot.AddFiles(chrootRepoFile...) + if err != nil { + err = fmt.Errorf("failed to add files to chroot:\n%w", err) + return + } + } + + var packageRepoUrls []string + err = queryChroot.Run(func() (chrootErr error) { + packageRepoUrls, chrootErr = getPackageRepoUrlsFromRepoFiles() + return chrootErr + }) + if err != nil { + return nil, err } - err = file.WriteLines(URLList, repoUrlsFile) + allPackageURLs = append(allPackageURLs, packageRepoUrls...) + + // We will be searching by the name: "-..", the results from the repoquery will be + // in the form of "/-...rpm" + allPackageURLs = sliceutils.RemoveDuplicatesFromSlice(allPackageURLs) + for _, packageURL := range allPackageURLs { + packageName := path.Base(packageURL) + packageName = strings.TrimSuffix(packageName, ".rpm") + + namesToURLs[packageName] = packageURL + } + + err = file.WriteLines(allPackageURLs, repoUrlsFile) return } @@ -181,7 +209,7 @@ func createChroot(workerTar, chrootDir string, leaveChrootOnDisk bool) (queryChr defer timestamp.StopEvent(nil) logger.Log.Info("Creating chroot for repoquery") - queryChroot = safechroot.NewChroot(chrootDir, true) + queryChroot = safechroot.NewChroot(chrootDir, false) err = queryChroot.Initialize(workerTar, nil, nil) if err != nil { err = fmt.Errorf("failed to initialize chroot:\n%w", err) @@ -207,14 +235,18 @@ func createChroot(workerTar, chrootDir string, leaveChrootOnDisk bool) (queryChr return } - // Install the repoquery package from upstream + // Install the repoquery package from upstream, then clean up any existing repos logger.Log.Infof("Installing '%s' package to get 'repoquery' command", dnfUtilsPackageName) - queryChroot.Run(func() error { - _, err = installutils.TdnfInstall(dnfUtilsPackageName, rootDir) - if err != nil { - err = fmt.Errorf("failed to install '%s':\n%w", dnfUtilsPackageName, err) + err = queryChroot.Run(func() error { + _, chrootErr := installutils.TdnfInstall(dnfUtilsPackageName, rootDir) + if chrootErr != nil { + chrootErr = fmt.Errorf("failed to install '%s':\n%w", dnfUtilsPackageName, err) + return chrootErr } - return err + + // Remove all existing repos, we will be adding the repo files we want to query later + chrootErr = os.RemoveAll("/etc/yum.repos.d") + return chrootErr }) if err != nil { err = fmt.Errorf("failed to install '%s' in chroot:\n%w", dnfUtilsPackageName, err) @@ -223,14 +255,14 @@ func createChroot(workerTar, chrootDir string, leaveChrootOnDisk bool) (queryChr return } -// getPackageRepoPaths returns a list of packages available in the given repoUrl by running repoquery -func getPackageRepoPaths(repoUrl string) (packages []string, err error) { +// getPackageRepoPathsFromUrl returns a list of packages available in the given repoUrl by running repoquery +func getPackageRepoPathsFromUrl(repoUrl string) (packageURLs []string, err error) { const ( reqoqueryTool = "repoquery" randomNameLength = 10 printErrorOutput = true ) - var queryCommonArgList = []string{"-y", "-q", "--disablerepo=*", "-a", "--qf", "%{location}"} + var queryCommonArgList = []string{"-y", "-q", "--disablerepo=*", "-a", "--location"} logger.Log.Infof("Getting package data from %s", repoUrl) @@ -245,7 +277,7 @@ func getPackageRepoPaths(repoUrl string) (packages []string, err error) { onStdout := func(args ...interface{}) { line := args[0].(string) - packages = append(packages, line) + packageURLs = append(packageURLs, line) } // Run the repoquery command @@ -258,7 +290,34 @@ func getPackageRepoPaths(repoUrl string) (packages []string, err error) { return } -// downloadMissingPackages will attemp to download each package listed in rpmSnapshot that is not already present in the +// getPackageRepoUrlsFromRepoFiles returns a list of packages available in all RPM repos listed in the system's .repo files. +func getPackageRepoUrlsFromRepoFiles() (packageURLs []string, err error) { + const ( + reqoqueryTool = "repoquery" + randomNameLength = 10 + printErrorOutput = true + ) + // We have removed all other repo files from the chroot, so we can blindly enable all repos to get the full list of packages + var queryCommonArgList = []string{"-y", "-q", "--enablerepo=*", "-a", "--location"} + + logger.Log.Info("Getting package data from repo files") + + onStdout := func(args ...interface{}) { + line := args[0].(string) + packageURLs = append(packageURLs, line) + } + + // Run the repoquery command + err = shell.ExecuteLiveWithCallback(onStdout, logger.Log.Warn, printErrorOutput, reqoqueryTool, queryCommonArgList...) + if err != nil { + err = fmt.Errorf("failed to run repoquery command:\n%w", err) + return + } + + return +} + +// downloadMissingPackages will attempt to download each package listed in rpmSnapshot that is not already present in the // outDir. It will return a list of the packages that were downloaded. It will use concurrentNetOps to limit the number of // concurrent network operations used to download the missing packages. It will also monitor the results and print periodic // progress updates to the console. @@ -320,7 +379,7 @@ func monitorProgress(total int, results chan downloadResult, doneChannel chan st case downloadResultTypeFailure: logger.Log.Warnf("Failed to download: %s", result.pkgName) failed++ - case donwloadResultTypeUnavailable: + case downloadResultTypeUnavailable: logger.Log.Warnf("Could not find '%s' in any repos", result.pkgName) unavailable++ } @@ -344,9 +403,9 @@ func monitorProgress(total int, results chan downloadResult, doneChannel chan st // This function runs with best effort, so it will return all errors via the results channel. rather than returning an error. // The results may be one of: // - downloadResultTypeSuccess: The package was downloaded successfully -// - downloadResultTypeFailure: The package failed to download (ie error occured) +// - downloadResultTypeFailure: The package failed to download (ie error occurred) // - downloadResultTypeSkipped: The package was not downloaded because it already exists -// - donwloadResultTypeUnavailable: The package was not downloaded because it was not found in any of the repos +// - downloadResultTypeUnavailable: The package was not downloaded because it was not found in any of the repos // // The caller is expected to have added to the provided wait group, while this function is // responsible for removing itself from the wait group. As much processing as possible is done before acquiring the @@ -388,7 +447,7 @@ func precachePackage(pkg *repocloner.RepoPackage, packagesAvailableFromRepos map // Get the URL for the package, or bail out if it is not available. url, ok := packagesAvailableFromRepos[pkgName] if !ok { - result.resultType = donwloadResultTypeUnavailable + result.resultType = downloadResultTypeUnavailable return } From 3a3d4b24c2707600af79f026ba96dd22a7adac49 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Thu, 28 Sep 2023 10:28:50 -0700 Subject: [PATCH 25/47] Prepare October 2023 Release (#6301) --- SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md | 2 +- SPECS/LICENSES-AND-NOTICES/data/licenses.json | 1 + .../config-5.15.131.1-3.cm2 | 7624 +++++++++++++++++ ...livepatch-5.15.131.1-3.cm2.signatures.json | 7 + .../livepatch-5.15.131.1-3.cm2.spec | 196 + .../mariner-5.15.131.1-3.cm2.pem | 29 + SPECS/mariner-release/mariner-release.spec | 5 +- cgmanifest.json | 10 + 8 files changed, 7872 insertions(+), 2 deletions(-) create mode 100644 SPECS/livepatch-5.15.131.1-3.cm2/config-5.15.131.1-3.cm2 create mode 100644 SPECS/livepatch-5.15.131.1-3.cm2/livepatch-5.15.131.1-3.cm2.signatures.json create mode 100644 SPECS/livepatch-5.15.131.1-3.cm2/livepatch-5.15.131.1-3.cm2.spec create mode 100644 SPECS/livepatch-5.15.131.1-3.cm2/mariner-5.15.131.1-3.cm2.pem diff --git a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md index 145eab5bedf..deb80fde906 100644 --- a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md +++ b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md @@ -9,7 +9,7 @@ The CBL-Mariner SPEC files originated from a variety of sources with varying lic | Fedora (Copyright Remi Collet) | [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode) | libmemcached-awesome
librabbitmq | | Fedora (ISC) | [ISC License](https://github.com/sarugaku/resolvelib/blob/main/LICENSE) | python-resolvelib | | Magnus Edenhill Open Source | [Magnus Edenhill Open Source BSD License](https://github.com/jemalloc/jemalloc/blob/dev/COPYING) | librdkafka | -| Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | application-gateway-kubernetes-ingress
asc
azcopy
azure-iot-sdk-c
azure-storage-cpp
bazel
blobfuse
blobfuse2
bmon
bpftrace
ccache
cert-manager
cf-cli
check-restart
clamav
cloud-hypervisor
cmake-fedora
coredns-1.8.0
coredns-1.8.4
coredns-1.8.6
coredns-1.9.3
csi-driver-lvm
dcos-cli
debugedit
dejavu-fonts
distroless-packages
doxygen
dtc
elixir
espeak-ng
espeakup
flannel
fluent-bit
freefont
gflags
gh
go-md2man
grpc
grub2-efi-binary-signed
GSL
gtk-update-icon-cache
helm
hvloader
installkernel
intel-pf-bb-config
ivykis
jsonbuilder
jx
kata-containers-cc
keda
keras
kernel-azure-signed
kernel-hci-signed
kernel-signed
KeysInUse-OpenSSL
kpatch
kube-vip-cloud-provider
kubernetes-1.18.14
kubernetes-1.18.17
kubernetes-1.19.7
kubernetes-1.19.9
kubernetes-1.20.2
kubernetes-1.20.5
libacvp
libconfini
libconfuse
libgdiplus
libmaxminddb
libmetalink
libsafec
libuv
libxml++
livepatch-5.15.102.1-1.cm2
livepatch-5.15.102.1-3.cm2
livepatch-5.15.107.1-1.cm2
livepatch-5.15.110.1-1.cm2
livepatch-5.15.111.1-1.cm2
livepatch-5.15.112.1-1.cm2
livepatch-5.15.112.1-2.cm2
livepatch-5.15.116.1-1.cm2
livepatch-5.15.116.1-2.cm2
livepatch-5.15.122.1-2.cm2
livepatch-5.15.125.1-1.cm2
livepatch-5.15.125.1-2.cm2
livepatch-5.15.126.1-1.cm2
livepatch-5.15.131.1-1.cm2
livepatch-5.15.94.1-1.cm2
livepatch-5.15.94.1-1.cm2-signed
livepatch-5.15.95.1-1.cm2
livepatch-5.15.98.1-1.cm2
livepatching
lld
lld16
local-path-provisioner
lsb-release
ltp
lttng-consume
mariner-release
mariner-repos
mariner-rpm-macros
maven3
mm-common
moby-buildx
moby-cli
moby-compose
moby-containerd
moby-containerd-cc
moby-engine
moby-runc
msgpack
ncompress
networkd-dispatcher
nlohmann-json
nmap
nmi
node-problem-detector
ntopng
opentelemetry-cpp
packer
pcaudiolib
pcre2
perl-Test-Warnings
perl-Text-Template
pigz
prebuilt-ca-certificates
prebuilt-ca-certificates-base
prometheus-adapter
python-cachetools
python-cherrypy
python-cstruct
python-execnet
python-google-pasta
python-libclang
python-logutils
python-nocasedict
python-opt-einsum
python-pecan
python-pyrpm
python-remoto
python-repoze-lru
python-routes
python-rsa
python-sphinxcontrib-websupport
python-tensorboard
python-tensorboard-plugin-wit
python-tensorflow-estimator
python-yamlloader
R
rabbitmq-server
reaper
rocksdb
rubygem-addressable
rubygem-asciidoctor
rubygem-async
rubygem-async-http
rubygem-async-io
rubygem-async-pool
rubygem-aws-eventstream
rubygem-aws-partitions
rubygem-aws-sdk-core
rubygem-aws-sdk-kms
rubygem-aws-sdk-s3
rubygem-aws-sdk-sqs
rubygem-aws-sigv4
rubygem-bigdecimal
rubygem-bindata
rubygem-concurrent-ruby
rubygem-connection_pool
rubygem-console
rubygem-cool.io
rubygem-deep_merge
rubygem-digest-crc
rubygem-elastic-transport
rubygem-elasticsearch
rubygem-elasticsearch-api
rubygem-eventmachine
rubygem-excon
rubygem-faraday
rubygem-faraday-em_http
rubygem-faraday-em_synchrony
rubygem-faraday-excon
rubygem-faraday-httpclient
rubygem-faraday-multipart
rubygem-faraday-net_http
rubygem-faraday-net_http_persistent
rubygem-faraday-patron
rubygem-faraday-rack
rubygem-faraday-retry
rubygem-ffi
rubygem-fiber-local
rubygem-fluent-config-regexp-type
rubygem-fluent-logger
rubygem-fluent-plugin-elasticsearch
rubygem-fluent-plugin-kafka
rubygem-fluent-plugin-prometheus
rubygem-fluent-plugin-prometheus_pushgateway
rubygem-fluent-plugin-record-modifier
rubygem-fluent-plugin-rewrite-tag-filter
rubygem-fluent-plugin-s3
rubygem-fluent-plugin-systemd
rubygem-fluent-plugin-td
rubygem-fluent-plugin-webhdfs
rubygem-fluent-plugin-windows-exporter
rubygem-fluentd
rubygem-hirb
rubygem-hocon
rubygem-hoe
rubygem-http_parser.rb
rubygem-httpclient
rubygem-io-event
rubygem-jmespath
rubygem-ltsv
rubygem-mini_portile2
rubygem-minitest
rubygem-mocha
rubygem-msgpack
rubygem-multi_json
rubygem-multipart-post
rubygem-net-http-persistent
rubygem-nio4r
rubygem-nokogiri
rubygem-oj
rubygem-parallel
rubygem-power_assert
rubygem-prometheus-client
rubygem-protocol-hpack
rubygem-protocol-http
rubygem-protocol-http1
rubygem-protocol-http2
rubygem-public_suffix
rubygem-puppet-resource_api
rubygem-rdiscount
rubygem-rdkafka
rubygem-rexml
rubygem-ruby-kafka
rubygem-ruby-progressbar
rubygem-rubyzip
rubygem-semantic_puppet
rubygem-serverengine
rubygem-sigdump
rubygem-strptime
rubygem-systemd-journal
rubygem-td
rubygem-td-client
rubygem-td-logger
rubygem-test-unit
rubygem-thor
rubygem-timers
rubygem-tzinfo
rubygem-tzinfo-data
rubygem-webhdfs
rubygem-webrick
rubygem-yajl-ruby
rubygem-zip-zip
sdbus-cpp
sgx-backwards-compatability
shim
shim-unsigned
shim-unsigned-aarch64
shim-unsigned-x64
skopeo
span-lite
sriov-network-device-plugin
swupdate
SymCrypt
SymCrypt-OpenSSL
tensorflow
terraform
tinyxml2
toml11
tracelogging
umoci
usrsctp
vala
verity-read-only-root
vnstat
zstd | +| Microsoft | [Microsoft MIT License](/LICENSES-AND-NOTICES/LICENSE.md) | application-gateway-kubernetes-ingress
asc
azcopy
azure-iot-sdk-c
azure-storage-cpp
bazel
blobfuse
blobfuse2
bmon
bpftrace
ccache
cert-manager
cf-cli
check-restart
clamav
cloud-hypervisor
cmake-fedora
coredns-1.8.0
coredns-1.8.4
coredns-1.8.6
coredns-1.9.3
csi-driver-lvm
dcos-cli
debugedit
dejavu-fonts
distroless-packages
doxygen
dtc
elixir
espeak-ng
espeakup
flannel
fluent-bit
freefont
gflags
gh
go-md2man
grpc
grub2-efi-binary-signed
GSL
gtk-update-icon-cache
helm
hvloader
installkernel
intel-pf-bb-config
ivykis
jsonbuilder
jx
kata-containers-cc
keda
keras
kernel-azure-signed
kernel-hci-signed
kernel-signed
KeysInUse-OpenSSL
kpatch
kube-vip-cloud-provider
kubernetes-1.18.14
kubernetes-1.18.17
kubernetes-1.19.7
kubernetes-1.19.9
kubernetes-1.20.2
kubernetes-1.20.5
libacvp
libconfini
libconfuse
libgdiplus
libmaxminddb
libmetalink
libsafec
libuv
libxml++
livepatch-5.15.102.1-1.cm2
livepatch-5.15.102.1-3.cm2
livepatch-5.15.107.1-1.cm2
livepatch-5.15.110.1-1.cm2
livepatch-5.15.111.1-1.cm2
livepatch-5.15.112.1-1.cm2
livepatch-5.15.112.1-2.cm2
livepatch-5.15.116.1-1.cm2
livepatch-5.15.116.1-2.cm2
livepatch-5.15.122.1-2.cm2
livepatch-5.15.125.1-1.cm2
livepatch-5.15.125.1-2.cm2
livepatch-5.15.126.1-1.cm2
livepatch-5.15.131.1-1.cm2
livepatch-5.15.131.1-3.cm2
livepatch-5.15.94.1-1.cm2
livepatch-5.15.94.1-1.cm2-signed
livepatch-5.15.95.1-1.cm2
livepatch-5.15.98.1-1.cm2
livepatching
lld
lld16
local-path-provisioner
lsb-release
ltp
lttng-consume
mariner-release
mariner-repos
mariner-rpm-macros
maven3
mm-common
moby-buildx
moby-cli
moby-compose
moby-containerd
moby-containerd-cc
moby-engine
moby-runc
msgpack
ncompress
networkd-dispatcher
nlohmann-json
nmap
nmi
node-problem-detector
ntopng
opentelemetry-cpp
packer
pcaudiolib
pcre2
perl-Test-Warnings
perl-Text-Template
pigz
prebuilt-ca-certificates
prebuilt-ca-certificates-base
prometheus-adapter
python-cachetools
python-cherrypy
python-cstruct
python-execnet
python-google-pasta
python-libclang
python-logutils
python-nocasedict
python-opt-einsum
python-pecan
python-pyrpm
python-remoto
python-repoze-lru
python-routes
python-rsa
python-sphinxcontrib-websupport
python-tensorboard
python-tensorboard-plugin-wit
python-tensorflow-estimator
python-yamlloader
R
rabbitmq-server
reaper
rocksdb
rubygem-addressable
rubygem-asciidoctor
rubygem-async
rubygem-async-http
rubygem-async-io
rubygem-async-pool
rubygem-aws-eventstream
rubygem-aws-partitions
rubygem-aws-sdk-core
rubygem-aws-sdk-kms
rubygem-aws-sdk-s3
rubygem-aws-sdk-sqs
rubygem-aws-sigv4
rubygem-bigdecimal
rubygem-bindata
rubygem-concurrent-ruby
rubygem-connection_pool
rubygem-console
rubygem-cool.io
rubygem-deep_merge
rubygem-digest-crc
rubygem-elastic-transport
rubygem-elasticsearch
rubygem-elasticsearch-api
rubygem-eventmachine
rubygem-excon
rubygem-faraday
rubygem-faraday-em_http
rubygem-faraday-em_synchrony
rubygem-faraday-excon
rubygem-faraday-httpclient
rubygem-faraday-multipart
rubygem-faraday-net_http
rubygem-faraday-net_http_persistent
rubygem-faraday-patron
rubygem-faraday-rack
rubygem-faraday-retry
rubygem-ffi
rubygem-fiber-local
rubygem-fluent-config-regexp-type
rubygem-fluent-logger
rubygem-fluent-plugin-elasticsearch
rubygem-fluent-plugin-kafka
rubygem-fluent-plugin-prometheus
rubygem-fluent-plugin-prometheus_pushgateway
rubygem-fluent-plugin-record-modifier
rubygem-fluent-plugin-rewrite-tag-filter
rubygem-fluent-plugin-s3
rubygem-fluent-plugin-systemd
rubygem-fluent-plugin-td
rubygem-fluent-plugin-webhdfs
rubygem-fluent-plugin-windows-exporter
rubygem-fluentd
rubygem-hirb
rubygem-hocon
rubygem-hoe
rubygem-http_parser.rb
rubygem-httpclient
rubygem-io-event
rubygem-jmespath
rubygem-ltsv
rubygem-mini_portile2
rubygem-minitest
rubygem-mocha
rubygem-msgpack
rubygem-multi_json
rubygem-multipart-post
rubygem-net-http-persistent
rubygem-nio4r
rubygem-nokogiri
rubygem-oj
rubygem-parallel
rubygem-power_assert
rubygem-prometheus-client
rubygem-protocol-hpack
rubygem-protocol-http
rubygem-protocol-http1
rubygem-protocol-http2
rubygem-public_suffix
rubygem-puppet-resource_api
rubygem-rdiscount
rubygem-rdkafka
rubygem-rexml
rubygem-ruby-kafka
rubygem-ruby-progressbar
rubygem-rubyzip
rubygem-semantic_puppet
rubygem-serverengine
rubygem-sigdump
rubygem-strptime
rubygem-systemd-journal
rubygem-td
rubygem-td-client
rubygem-td-logger
rubygem-test-unit
rubygem-thor
rubygem-timers
rubygem-tzinfo
rubygem-tzinfo-data
rubygem-webhdfs
rubygem-webrick
rubygem-yajl-ruby
rubygem-zip-zip
sdbus-cpp
sgx-backwards-compatability
shim
shim-unsigned
shim-unsigned-aarch64
shim-unsigned-x64
skopeo
span-lite
sriov-network-device-plugin
swupdate
SymCrypt
SymCrypt-OpenSSL
tensorflow
terraform
tinyxml2
toml11
tracelogging
umoci
usrsctp
vala
verity-read-only-root
vnstat
zstd | | Netplan source | [GPLv3](https://github.com/canonical/netplan/blob/main/COPYING) | netplan | | Numad source | [LGPLv2 License](https://www.gnu.org/licenses/old-licenses/lgpl-2.1.txt) | numad | | NVIDIA | [ASL 2.0 License and spec specific licenses](http://www.apache.org/licenses/LICENSE-2.0) | knem
libnvidia-container
mlnx-ofa_kernel
mlnx-tools
mlx-bootctl
nvidia-container-runtime
nvidia-container-toolkit
nvidia-docker2
ofed-scripts
perftest | diff --git a/SPECS/LICENSES-AND-NOTICES/data/licenses.json b/SPECS/LICENSES-AND-NOTICES/data/licenses.json index 6a9b2607731..7b3c3e028f2 100644 --- a/SPECS/LICENSES-AND-NOTICES/data/licenses.json +++ b/SPECS/LICENSES-AND-NOTICES/data/licenses.json @@ -2222,6 +2222,7 @@ "livepatch-5.15.125.1-2.cm2", "livepatch-5.15.126.1-1.cm2", "livepatch-5.15.131.1-1.cm2", + "livepatch-5.15.131.1-3.cm2", "livepatch-5.15.94.1-1.cm2", "livepatch-5.15.94.1-1.cm2-signed", "livepatch-5.15.95.1-1.cm2", diff --git a/SPECS/livepatch-5.15.131.1-3.cm2/config-5.15.131.1-3.cm2 b/SPECS/livepatch-5.15.131.1-3.cm2/config-5.15.131.1-3.cm2 new file mode 100644 index 00000000000..fc6039acb66 --- /dev/null +++ b/SPECS/livepatch-5.15.131.1-3.cm2/config-5.15.131.1-3.cm2 @@ -0,0 +1,7624 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86_64 5.15.131.1 Kernel Configuration +# +CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" +CONFIG_CC_IS_GCC=y +CONFIG_GCC_VERSION=110200 +CONFIG_CLANG_VERSION=0 +CONFIG_AS_IS_GNU=y +CONFIG_AS_VERSION=23700 +CONFIG_LD_IS_BFD=y +CONFIG_LD_VERSION=23700 +CONFIG_LLD_VERSION=0 +CONFIG_CC_CAN_LINK=y +CONFIG_CC_HAS_ASM_GOTO=y +CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y +CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y +CONFIG_CC_HAS_ASM_INLINE=y +CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y +CONFIG_PAHOLE_VERSION=121 +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_TABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +# +# General setup +# +CONFIG_INIT_ENV_ARG_LIMIT=32 +# CONFIG_COMPILE_TEST is not set +# CONFIG_WERROR is not set +CONFIG_LOCALVERSION="" +# CONFIG_LOCALVERSION_AUTO is not set +CONFIG_BUILD_SALT="" +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_HAVE_KERNEL_ZSTD=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +# CONFIG_KERNEL_ZSTD is not set +CONFIG_DEFAULT_INIT="" +CONFIG_DEFAULT_HOSTNAME="" +CONFIG_SWAP=y +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +# CONFIG_WATCH_QUEUE is not set +CONFIG_CROSS_MEMORY_ATTACH=y +# CONFIG_USELIB is not set +CONFIG_AUDIT=y +CONFIG_HAVE_ARCH_AUDITSYSCALL=y +CONFIG_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y +CONFIG_GENERIC_PENDING_IRQ=y +CONFIG_GENERIC_IRQ_MIGRATION=y +CONFIG_HARDIRQS_SW_RESEND=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_IRQ_MSI_IOMMU=y +CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y +CONFIG_GENERIC_IRQ_RESERVATION_MODE=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +# CONFIG_GENERIC_IRQ_DEBUGFS is not set +# end of IRQ subsystem + +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_INIT=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y +CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +CONFIG_NO_HZ_IDLE=y +# CONFIG_NO_HZ_FULL is not set +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y +# end of Timers subsystem + +CONFIG_BPF=y +CONFIG_HAVE_EBPF_JIT=y +CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y + +# +# BPF subsystem +# +CONFIG_BPF_SYSCALL=y +CONFIG_BPF_JIT=y +CONFIG_BPF_JIT_ALWAYS_ON=y +CONFIG_BPF_JIT_DEFAULT_ON=y +CONFIG_BPF_UNPRIV_DEFAULT_OFF=y +# CONFIG_BPF_PRELOAD is not set +# CONFIG_BPF_LSM is not set +# end of BPF subsystem + +CONFIG_PREEMPT_NONE=y +# CONFIG_PREEMPT_VOLUNTARY is not set +# CONFIG_PREEMPT is not set +# CONFIG_SCHED_CORE is not set + +# +# CPU/Task time and stats accounting +# +CONFIG_TICK_CPU_ACCOUNTING=y +# CONFIG_VIRT_CPU_ACCOUNTING_GEN is not set +# CONFIG_IRQ_TIME_ACCOUNTING is not set +CONFIG_BSD_PROCESS_ACCT=y +CONFIG_BSD_PROCESS_ACCT_V3=y +CONFIG_TASKSTATS=y +CONFIG_TASK_DELAY_ACCT=y +CONFIG_TASK_XACCT=y +CONFIG_TASK_IO_ACCOUNTING=y +CONFIG_PSI=y +# CONFIG_PSI_DEFAULT_DISABLED is not set +# end of CPU/Task time and stats accounting + +CONFIG_CPU_ISOLATION=y + +# +# RCU Subsystem +# +CONFIG_TREE_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +CONFIG_TREE_SRCU=y +CONFIG_TASKS_RCU_GENERIC=y +CONFIG_TASKS_RUDE_RCU=y +CONFIG_TASKS_TRACE_RCU=y +CONFIG_RCU_STALL_COMMON=y +CONFIG_RCU_NEED_SEGCBLIST=y +# end of RCU Subsystem + +CONFIG_BUILD_BIN2C=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_IKHEADERS=m +CONFIG_LOG_BUF_SHIFT=18 +CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 +CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 +# CONFIG_PRINTK_INDEX is not set +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y + +# +# Scheduler features +# +# CONFIG_UCLAMP_TASK is not set +# end of Scheduler features + +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y +CONFIG_CC_HAS_INT128=y +CONFIG_ARCH_SUPPORTS_INT128=y +# CONFIG_NUMA_BALANCING is not set +CONFIG_CGROUPS=y +CONFIG_PAGE_COUNTER=y +CONFIG_MEMCG=y +CONFIG_MEMCG_SWAP=y +CONFIG_MEMCG_KMEM=y +CONFIG_BLK_CGROUP=y +CONFIG_CGROUP_WRITEBACK=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +# CONFIG_RT_GROUP_SCHED is not set +CONFIG_CGROUP_PIDS=y +CONFIG_CGROUP_RDMA=y +CONFIG_CGROUP_FREEZER=y +CONFIG_CGROUP_HUGETLB=y +CONFIG_CPUSETS=y +CONFIG_PROC_PID_CPUSET=y +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +CONFIG_CGROUP_BPF=y +# CONFIG_CGROUP_MISC is not set +# CONFIG_CGROUP_DEBUG is not set +CONFIG_SOCK_CGROUP_DATA=y +CONFIG_NAMESPACES=y +CONFIG_UTS_NS=y +CONFIG_TIME_NS=y +CONFIG_IPC_NS=y +CONFIG_USER_NS=y +CONFIG_PID_NS=y +CONFIG_NET_NS=y +CONFIG_CHECKPOINT_RESTORE=y +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +CONFIG_RELAY=y +CONFIG_BLK_DEV_INITRD=y +CONFIG_INITRAMFS_SOURCE="" +CONFIG_RD_GZIP=y +CONFIG_RD_BZIP2=y +CONFIG_RD_LZMA=y +CONFIG_RD_XZ=y +CONFIG_RD_LZO=y +CONFIG_RD_LZ4=y +CONFIG_RD_ZSTD=y +# CONFIG_BOOT_CONFIG is not set +CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y +# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set +CONFIG_LD_ORPHAN_WARN=y +CONFIG_SYSCTL=y +CONFIG_HAVE_UID16=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +CONFIG_EXPERT=y +CONFIG_UID16=y +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +CONFIG_FHANDLE=y +CONFIG_POSIX_TIMERS=y +CONFIG_PRINTK=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +# CONFIG_PCSPKR_PLATFORM is not set +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_FUTEX_PI=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_IO_URING=y +CONFIG_ADVISE_SYSCALLS=y +CONFIG_HAVE_ARCH_USERFAULTFD_WP=y +CONFIG_HAVE_ARCH_USERFAULTFD_MINOR=y +CONFIG_MEMBARRIER=y +CONFIG_KALLSYMS=y +CONFIG_KALLSYMS_ALL=y +CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y +CONFIG_KALLSYMS_BASE_RELATIVE=y +CONFIG_USERFAULTFD=y +CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +CONFIG_KCMP=y +CONFIG_RSEQ=y +# CONFIG_DEBUG_RSEQ is not set +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y +CONFIG_PC104=y + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +# end of Kernel Performance Events And Counters + +CONFIG_VM_EVENT_COUNTERS=y +CONFIG_SLUB_DEBUG=y +# CONFIG_COMPAT_BRK is not set +# CONFIG_SLAB is not set +CONFIG_SLUB=y +# CONFIG_SLOB is not set +# CONFIG_SLAB_MERGE_DEFAULT is not set +CONFIG_SLAB_FREELIST_RANDOM=y +CONFIG_SLAB_FREELIST_HARDENED=y +CONFIG_SHUFFLE_PAGE_ALLOCATOR=y +CONFIG_SLUB_CPU_PARTIAL=y +CONFIG_SYSTEM_DATA_VERIFICATION=y +CONFIG_PROFILING=y +CONFIG_TRACEPOINTS=y +# end of General setup + +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HAS_FILTER_PGPROT=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_NR_GPIO=1024 +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_AUDIT_ARCH=y +CONFIG_HAVE_INTEL_TXT=y +CONFIG_X86_64_SMP=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_CC_HAS_SANE_STACKPROTECTOR=y + +# +# Processor type and features +# +CONFIG_SMP=y +CONFIG_X86_FEATURE_NAMES=y +CONFIG_X86_X2APIC=y +# CONFIG_X86_MPPARSE is not set +# CONFIG_GOLDFISH is not set +# CONFIG_X86_CPU_RESCTRL is not set +CONFIG_X86_EXTENDED_PLATFORM=y +# CONFIG_X86_NUMACHIP is not set +# CONFIG_X86_VSMP is not set +# CONFIG_X86_UV is not set +# CONFIG_X86_GOLDFISH is not set +CONFIG_X86_INTEL_MID=y +CONFIG_X86_INTEL_LPSS=y +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +CONFIG_IOSF_MBI=y +# CONFIG_IOSF_MBI_DEBUG is not set +CONFIG_X86_SUPPORTS_MEMORY_FAILURE=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +CONFIG_HYPERVISOR_GUEST=y +CONFIG_PARAVIRT=y +CONFIG_PARAVIRT_XXL=y +# CONFIG_PARAVIRT_DEBUG is not set +# CONFIG_PARAVIRT_SPINLOCKS is not set +CONFIG_X86_HV_CALLBACK_VECTOR=y +CONFIG_XEN=y +CONFIG_XEN_PV=y +CONFIG_XEN_512GB=y +CONFIG_XEN_PV_SMP=y +CONFIG_XEN_PV_DOM0=y +CONFIG_XEN_PVHVM=y +CONFIG_XEN_PVHVM_SMP=y +# CONFIG_XEN_PVHVM_GUEST is not set +CONFIG_XEN_SAVE_RESTORE=y +CONFIG_XEN_DEBUG_FS=y +# CONFIG_XEN_PVH is not set +CONFIG_XEN_DOM0=y +CONFIG_KVM_GUEST=y +CONFIG_ARCH_CPUIDLE_HALTPOLL=y +# CONFIG_PVH is not set +# CONFIG_PARAVIRT_TIME_ACCOUNTING is not set +CONFIG_PARAVIRT_CLOCK=y +# CONFIG_JAILHOUSE_GUEST is not set +# CONFIG_ACRN_GUEST is not set +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +# CONFIG_MCORE2 is not set +# CONFIG_MATOM is not set +CONFIG_GENERIC_CPU=y +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_IA32_FEAT_CTL=y +CONFIG_X86_VMX_FEATURE_NAMES=y +# CONFIG_PROCESSOR_SELECT is not set +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_HYGON=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_CPU_SUP_ZHAOXIN=y +CONFIG_HPET_TIMER=y +CONFIG_HPET_EMULATE_RTC=y +CONFIG_DMI=y +CONFIG_GART_IOMMU=y +CONFIG_MAXSMP=y +CONFIG_NR_CPUS_RANGE_BEGIN=8192 +CONFIG_NR_CPUS_RANGE_END=8192 +CONFIG_NR_CPUS_DEFAULT=8192 +CONFIG_NR_CPUS=8192 +CONFIG_SCHED_SMT=y +CONFIG_SCHED_MC=y +CONFIG_SCHED_MC_PRIO=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS=y +CONFIG_X86_MCE=y +CONFIG_X86_MCELOG_LEGACY=y +CONFIG_X86_MCE_INTEL=y +CONFIG_X86_MCE_AMD=y +CONFIG_X86_MCE_THRESHOLD=y +# CONFIG_X86_MCE_INJECT is not set + +# +# Performance monitoring +# +CONFIG_PERF_EVENTS_INTEL_UNCORE=y +CONFIG_PERF_EVENTS_INTEL_RAPL=y +CONFIG_PERF_EVENTS_INTEL_CSTATE=y +# CONFIG_PERF_EVENTS_AMD_POWER is not set +CONFIG_PERF_EVENTS_AMD_UNCORE=y +# end of Performance monitoring + +# CONFIG_X86_VSYSCALL_EMULATION is not set +# CONFIG_X86_IOPL_IOPERM is not set +# CONFIG_I8K is not set +CONFIG_MICROCODE=y +CONFIG_MICROCODE_INTEL=y +CONFIG_MICROCODE_AMD=y +# CONFIG_MICROCODE_LATE_LOADING is not set +CONFIG_X86_MSR=m +# CONFIG_X86_CPUID is not set +# CONFIG_X86_5LEVEL is not set +CONFIG_X86_DIRECT_GBPAGES=y +# CONFIG_X86_CPA_STATISTICS is not set +# CONFIG_AMD_MEM_ENCRYPT is not set +CONFIG_NUMA=y +CONFIG_AMD_NUMA=y +CONFIG_X86_64_ACPI_NUMA=y +# CONFIG_NUMA_EMU is not set +CONFIG_NODES_SHIFT=10 +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +CONFIG_ARCH_SELECT_MEMORY_MODEL=y +CONFIG_ARCH_MEMORY_PROBE=y +CONFIG_ARCH_PROC_KCORE_TEXT=y +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +CONFIG_X86_PMEM_LEGACY_DEVICE=y +CONFIG_X86_PMEM_LEGACY=y +CONFIG_X86_CHECK_BIOS_CORRUPTION=y +# CONFIG_X86_BOOTPARAM_MEMORY_CORRUPTION_CHECK is not set +CONFIG_MTRR=y +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +CONFIG_ARCH_RANDOM=y +CONFIG_X86_SMAP=y +CONFIG_X86_UMIP=y +CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS=y +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set +CONFIG_X86_SGX=y +CONFIG_EFI=y +CONFIG_EFI_STUB=y +# CONFIG_EFI_MIXED is not set +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +CONFIG_KEXEC=y +CONFIG_KEXEC_FILE=y +CONFIG_ARCH_HAS_KEXEC_PURGATORY=y +# CONFIG_KEXEC_SIG is not set +CONFIG_CRASH_DUMP=y +# CONFIG_KEXEC_JUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +CONFIG_RELOCATABLE=y +CONFIG_RANDOMIZE_BASE=y +CONFIG_X86_NEED_RELOCS=y +CONFIG_PHYSICAL_ALIGN=0x1000000 +CONFIG_DYNAMIC_MEMORY_LAYOUT=y +CONFIG_RANDOMIZE_MEMORY=y +CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa +CONFIG_HOTPLUG_CPU=y +# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set +# CONFIG_DEBUG_HOTPLUG_CPU0 is not set +# CONFIG_COMPAT_VDSO is not set +# CONFIG_LEGACY_VSYSCALL_EMULATE is not set +# CONFIG_LEGACY_VSYSCALL_XONLY is not set +CONFIG_LEGACY_VSYSCALL_NONE=y +# CONFIG_CMDLINE_BOOL is not set +# CONFIG_MODIFY_LDT_SYSCALL is not set +CONFIG_HAVE_LIVEPATCH=y +CONFIG_LIVEPATCH=y +# end of Processor type and features + +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_RETPOLINE=y +CONFIG_RETHUNK=y +CONFIG_CPU_UNRET_ENTRY=y +CONFIG_CPU_IBPB_ENTRY=y +CONFIG_CPU_IBRS_ENTRY=y +CONFIG_CPU_SRSO=y +# CONFIG_GDS_FORCE_MITIGATION is not set +CONFIG_ARCH_HAS_ADD_PAGES=y +CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y +CONFIG_USE_PERCPU_NUMA_NODE_ID=y + +# +# Power management and ACPI options +# +CONFIG_ARCH_HIBERNATION_HEADER=y +CONFIG_SUSPEND=y +CONFIG_SUSPEND_FREEZER=y +# CONFIG_SUSPEND_SKIP_SYNC is not set +CONFIG_HIBERNATE_CALLBACKS=y +CONFIG_HIBERNATION=y +CONFIG_HIBERNATION_SNAPSHOT_DEV=y +CONFIG_PM_STD_PARTITION="" +CONFIG_PM_SLEEP=y +CONFIG_PM_SLEEP_SMP=y +# CONFIG_PM_AUTOSLEEP is not set +# CONFIG_PM_WAKELOCKS is not set +CONFIG_PM=y +# CONFIG_PM_DEBUG is not set +CONFIG_PM_CLK=y +# CONFIG_WQ_POWER_EFFICIENT_DEFAULT is not set +# CONFIG_ENERGY_MODEL is not set +CONFIG_ARCH_SUPPORTS_ACPI=y +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +CONFIG_ACPI_SPCR_TABLE=y +# CONFIG_ACPI_FPDT is not set +CONFIG_ACPI_LPIT=y +CONFIG_ACPI_SLEEP=y +CONFIG_ACPI_REV_OVERRIDE_POSSIBLE=y +# CONFIG_ACPI_EC_DEBUGFS is not set +CONFIG_ACPI_AC=m +CONFIG_ACPI_BATTERY=m +CONFIG_ACPI_BUTTON=m +# CONFIG_ACPI_TINY_POWER_BUTTON is not set +CONFIG_ACPI_VIDEO=m +CONFIG_ACPI_FAN=m +# CONFIG_ACPI_TAD is not set +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_CPPC_LIB=y +CONFIG_ACPI_PROCESSOR=y +CONFIG_ACPI_IPMI=m +CONFIG_ACPI_HOTPLUG_CPU=y +CONFIG_ACPI_PROCESSOR_AGGREGATOR=y +CONFIG_ACPI_THERMAL=y +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_TABLE_UPGRADE is not set +# CONFIG_ACPI_DEBUG is not set +CONFIG_ACPI_PCI_SLOT=y +CONFIG_ACPI_CONTAINER=y +CONFIG_ACPI_HOTPLUG_MEMORY=y +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +CONFIG_ACPI_HED=y +# CONFIG_ACPI_CUSTOM_METHOD is not set +# CONFIG_ACPI_BGRT is not set +# CONFIG_ACPI_REDUCED_HARDWARE_ONLY is not set +CONFIG_ACPI_NFIT=m +# CONFIG_NFIT_SECURITY_DEBUG is not set +CONFIG_ACPI_NUMA=y +# CONFIG_ACPI_HMAT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +CONFIG_ACPI_APEI=y +CONFIG_ACPI_APEI_GHES=y +CONFIG_ACPI_APEI_PCIEAER=y +CONFIG_ACPI_APEI_MEMORY_FAILURE=y +# CONFIG_ACPI_APEI_EINJ is not set +CONFIG_ACPI_APEI_ERST_DEBUG=m +# CONFIG_ACPI_DPTF is not set +# CONFIG_ACPI_EXTLOG is not set +CONFIG_ACPI_ADXL=y +# CONFIG_ACPI_CONFIGFS is not set +CONFIG_PMIC_OPREGION=y +CONFIG_X86_PM_TIMER=y +CONFIG_ACPI_PRMT=y + +# +# CPU Frequency scaling +# +CONFIG_CPU_FREQ=y +CONFIG_CPU_FREQ_GOV_ATTR_SET=y +CONFIG_CPU_FREQ_GOV_COMMON=y +CONFIG_CPU_FREQ_STAT=y +CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y +# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL is not set +CONFIG_CPU_FREQ_GOV_PERFORMANCE=y +CONFIG_CPU_FREQ_GOV_POWERSAVE=m +CONFIG_CPU_FREQ_GOV_USERSPACE=m +CONFIG_CPU_FREQ_GOV_ONDEMAND=m +CONFIG_CPU_FREQ_GOV_CONSERVATIVE=m +CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y + +# +# CPU frequency scaling drivers +# +CONFIG_X86_INTEL_PSTATE=y +CONFIG_X86_PCC_CPUFREQ=m +CONFIG_X86_ACPI_CPUFREQ=m +# CONFIG_X86_ACPI_CPUFREQ_CPB is not set +# CONFIG_X86_POWERNOW_K8 is not set +CONFIG_X86_AMD_FREQ_SENSITIVITY=m +# CONFIG_X86_SPEEDSTEP_CENTRINO is not set +# CONFIG_X86_P4_CLOCKMOD is not set + +# +# shared options +# +# end of CPU Frequency scaling + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +CONFIG_CPU_IDLE_GOV_LADDER=y +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_CPU_IDLE_GOV_TEO is not set +# CONFIG_CPU_IDLE_GOV_HALTPOLL is not set +CONFIG_HALTPOLL_CPUIDLE=y +# end of CPU Idle + +CONFIG_INTEL_IDLE=y +# end of Power management and ACPI options + +# +# Bus options (PCI etc.) +# +CONFIG_PCI_DIRECT=y +CONFIG_PCI_MMCONFIG=y +CONFIG_PCI_XEN=y +CONFIG_MMCONF_FAM10H=y +# CONFIG_PCI_CNB20LE_QUIRK is not set +# CONFIG_ISA_BUS is not set +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# end of Bus options (PCI etc.) + +# +# Binary Emulations +# +CONFIG_IA32_EMULATION=y +# CONFIG_X86_X32 is not set +CONFIG_COMPAT_32=y +CONFIG_COMPAT=y +CONFIG_COMPAT_FOR_U64_ALIGNMENT=y +CONFIG_SYSVIPC_COMPAT=y +# end of Binary Emulations + +CONFIG_HAVE_KVM=y +CONFIG_HAVE_KVM_IRQCHIP=y +CONFIG_HAVE_KVM_IRQFD=y +CONFIG_HAVE_KVM_IRQ_ROUTING=y +CONFIG_HAVE_KVM_EVENTFD=y +CONFIG_KVM_MMIO=y +CONFIG_KVM_ASYNC_PF=y +CONFIG_HAVE_KVM_MSI=y +CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y +CONFIG_KVM_VFIO=y +CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT=y +CONFIG_KVM_COMPAT=y +CONFIG_HAVE_KVM_IRQ_BYPASS=y +CONFIG_HAVE_KVM_NO_POLL=y +CONFIG_KVM_XFER_TO_GUEST_WORK=y +CONFIG_HAVE_KVM_PM_NOTIFIER=y +CONFIG_VIRTUALIZATION=y +CONFIG_KVM=m +CONFIG_KVM_WERROR=y +CONFIG_KVM_INTEL=m +CONFIG_X86_SGX_KVM=y +CONFIG_KVM_AMD=m +# CONFIG_KVM_XEN is not set +# CONFIG_KVM_MMU_AUDIT is not set +CONFIG_AS_AVX512=y +CONFIG_AS_SHA1_NI=y +CONFIG_AS_SHA256_NI=y +CONFIG_AS_TPAUSE=y + +# +# General architecture-dependent options +# +CONFIG_CRASH_CORE=y +CONFIG_KEXEC_CORE=y +CONFIG_HOTPLUG_SMT=y +CONFIG_GENERIC_ENTRY=y +CONFIG_KPROBES=y +CONFIG_JUMP_LABEL=y +# CONFIG_STATIC_KEYS_SELFTEST is not set +# CONFIG_STATIC_CALL_SELFTEST is not set +CONFIG_OPTPROBES=y +CONFIG_KPROBES_ON_FTRACE=y +CONFIG_UPROBES=y +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_KRETPROBES=y +CONFIG_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y +CONFIG_HAVE_NMI=y +CONFIG_TRACE_IRQFLAGS_SUPPORT=y +CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_HAS_FORTIFY_SOURCE=y +CONFIG_ARCH_HAS_SET_MEMORY=y +CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y +CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_ARCH_WANTS_NO_INSTR=y +CONFIG_HAVE_ASM_MODVERSIONS=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_RSEQ=y +CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y +CONFIG_MMU_GATHER_TABLE_FREE=y +CONFIG_MMU_GATHER_RCU_TABLE_FREE=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_ARCH_WANT_COMPAT_IPC_PARSE_VERSION=y +CONFIG_ARCH_WANT_OLD_COMPAT_IPC=y +CONFIG_HAVE_ARCH_SECCOMP=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP=y +CONFIG_SECCOMP_FILTER=y +# CONFIG_SECCOMP_CACHE_DEBUG is not set +CONFIG_HAVE_ARCH_STACKLEAK=y +CONFIG_HAVE_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR_STRONG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN=y +CONFIG_LTO_NONE=y +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y +CONFIG_HAVE_CONTEXT_TRACKING=y +CONFIG_HAVE_CONTEXT_TRACKING_OFFSTACK=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_MOVE_PUD=y +CONFIG_HAVE_MOVE_PMD=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_HAVE_MOD_ARCH_SPECIFIC=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_HAVE_SOFTIRQ_ON_OWN_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=32 +CONFIG_HAVE_ARCH_MMAP_RND_COMPAT_BITS=y +CONFIG_ARCH_MMAP_RND_COMPAT_BITS=8 +CONFIG_HAVE_ARCH_COMPAT_MMAP_BASES=y +CONFIG_HAVE_STACK_VALIDATION=y +CONFIG_HAVE_RELIABLE_STACKTRACE=y +CONFIG_OLD_SIGSUSPEND3=y +CONFIG_COMPAT_OLD_SIGACTION=y +CONFIG_COMPAT_32BIT_TIME=y +CONFIG_HAVE_ARCH_VMAP_STACK=y +CONFIG_VMAP_STACK=y +CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET=y +CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT=y +CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y +CONFIG_STRICT_KERNEL_RWX=y +CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y +CONFIG_STRICT_MODULE_RWX=y +CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y +CONFIG_ARCH_USE_MEMREMAP_PROT=y +# CONFIG_LOCK_EVENT_COUNTS is not set +CONFIG_ARCH_HAS_MEM_ENCRYPT=y +CONFIG_HAVE_STATIC_CALL=y +CONFIG_HAVE_STATIC_CALL_INLINE=y +CONFIG_HAVE_PREEMPT_DYNAMIC=y +CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_HAS_ELFCORE_COMPAT=y +CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=y + +# +# GCOV-based kernel profiling +# +# CONFIG_GCOV_KERNEL is not set +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# end of GCOV-based kernel profiling + +CONFIG_HAVE_GCC_PLUGINS=y +CONFIG_GCC_PLUGINS=y +# CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set +# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set +# end of General architecture-dependent options + +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +CONFIG_MODULE_SIG_FORMAT=y +CONFIG_MODULES=y +CONFIG_MODULE_FORCE_LOAD=y +CONFIG_MODULE_UNLOAD=y +# CONFIG_MODULE_FORCE_UNLOAD is not set +CONFIG_MODVERSIONS=y +CONFIG_ASM_MODVERSIONS=y +# CONFIG_MODULE_SRCVERSION_ALL is not set +CONFIG_MODULE_SIG=y +# CONFIG_MODULE_SIG_FORCE is not set +CONFIG_MODULE_SIG_ALL=y +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=y +CONFIG_MODULE_SIG_HASH="sha512" +CONFIG_MODULE_COMPRESS_NONE=y +# CONFIG_MODULE_COMPRESS_GZIP is not set +# CONFIG_MODULE_COMPRESS_XZ is not set +# CONFIG_MODULE_COMPRESS_ZSTD is not set +# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set +CONFIG_MODPROBE_PATH="/sbin/modprobe" +# CONFIG_TRIM_UNUSED_KSYMS is not set +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +CONFIG_BLK_CGROUP_RWSTAT=y +CONFIG_BLK_DEV_BSG_COMMON=y +CONFIG_BLK_DEV_BSGLIB=y +CONFIG_BLK_DEV_INTEGRITY=y +CONFIG_BLK_DEV_INTEGRITY_T10=y +CONFIG_BLK_DEV_ZONED=y +CONFIG_BLK_DEV_THROTTLING=y +# CONFIG_BLK_DEV_THROTTLING_LOW is not set +# CONFIG_BLK_WBT is not set +# CONFIG_BLK_CGROUP_IOLATENCY is not set +# CONFIG_BLK_CGROUP_FC_APPID is not set +# CONFIG_BLK_CGROUP_IOCOST is not set +# CONFIG_BLK_CGROUP_IOPRIO is not set +CONFIG_BLK_DEBUG_FS=y +CONFIG_BLK_DEBUG_FS_ZONED=y +# CONFIG_BLK_SED_OPAL is not set +# CONFIG_BLK_INLINE_ENCRYPTION is not set + +# +# Partition Types +# +CONFIG_PARTITION_ADVANCED=y +# CONFIG_ACORN_PARTITION is not set +# CONFIG_AIX_PARTITION is not set +# CONFIG_OSF_PARTITION is not set +# CONFIG_AMIGA_PARTITION is not set +# CONFIG_ATARI_PARTITION is not set +# CONFIG_MAC_PARTITION is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_BSD_DISKLABEL=y +CONFIG_MINIX_SUBPARTITION=y +CONFIG_SOLARIS_X86_PARTITION=y +CONFIG_UNIXWARE_DISKLABEL=y +# CONFIG_LDM_PARTITION is not set +# CONFIG_SGI_PARTITION is not set +# CONFIG_ULTRIX_PARTITION is not set +# CONFIG_SUN_PARTITION is not set +# CONFIG_KARMA_PARTITION is not set +CONFIG_EFI_PARTITION=y +# CONFIG_SYSV68_PARTITION is not set +# CONFIG_CMDLINE_PARTITION is not set +# end of Partition Types + +CONFIG_BLOCK_COMPAT=y +CONFIG_BLK_MQ_PCI=y +CONFIG_BLK_MQ_VIRTIO=y +CONFIG_BLK_MQ_RDMA=y +CONFIG_BLK_PM=y +CONFIG_BLOCK_HOLDER_DEPRECATED=y + +# +# IO Schedulers +# +CONFIG_MQ_IOSCHED_DEADLINE=y +CONFIG_MQ_IOSCHED_KYBER=y +CONFIG_IOSCHED_BFQ=m +CONFIG_BFQ_GROUP_IOSCHED=y +# CONFIG_BFQ_CGROUP_DEBUG is not set +# end of IO Schedulers + +CONFIG_PREEMPT_NOTIFIERS=y +CONFIG_ASN1=y +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_MUTEX_SPIN_ON_OWNER=y +CONFIG_RWSEM_SPIN_ON_OWNER=y +CONFIG_LOCK_SPIN_ON_OWNER=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_QUEUED_RWLOCKS=y +CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y +CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y +CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y +CONFIG_FREEZER=y + +# +# Executable file formats +# +CONFIG_BINFMT_ELF=y +CONFIG_COMPAT_BINFMT_ELF=y +CONFIG_ELFCORE=y +CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y +CONFIG_BINFMT_SCRIPT=y +CONFIG_BINFMT_MISC=y +CONFIG_COREDUMP=y +# end of Executable file formats + +# +# Memory Management options +# +CONFIG_SELECT_MEMORY_MODEL=y +CONFIG_SPARSEMEM_MANUAL=y +CONFIG_SPARSEMEM=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_FAST_GUP=y +CONFIG_NUMA_KEEP_MEMINFO=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_HAVE_BOOTMEM_INFO_NODE=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_SPARSE=y +CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_MHP_MEMMAP_ON_MEMORY=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +CONFIG_BALLOON_COMPACTION=y +CONFIG_COMPACTION=y +CONFIG_PAGE_REPORTING=y +CONFIG_MIGRATION=y +CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y +CONFIG_ARCH_ENABLE_THP_MIGRATION=y +CONFIG_CONTIG_ALLOC=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_VIRT_TO_BUS=y +CONFIG_MMU_NOTIFIER=y +CONFIG_KSM=y +CONFIG_DEFAULT_MMAP_MIN_ADDR=65536 +CONFIG_ARCH_SUPPORTS_MEMORY_FAILURE=y +CONFIG_MEMORY_FAILURE=y +# CONFIG_HWPOISON_INJECT is not set +CONFIG_TRANSPARENT_HUGEPAGE=y +CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=y +# CONFIG_TRANSPARENT_HUGEPAGE_MADVISE is not set +CONFIG_ARCH_WANTS_THP_SWAP=y +CONFIG_THP_SWAP=y +CONFIG_CLEANCACHE=y +# CONFIG_FRONTSWAP is not set +# CONFIG_CMA is not set +CONFIG_MEM_SOFT_DIRTY=y +# CONFIG_ZPOOL is not set +# CONFIG_ZSMALLOC is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_ARCH_HAS_PTE_DEVMAP=y +CONFIG_ARCH_HAS_ZONE_DMA_SET=y +# CONFIG_ZONE_DMA is not set +CONFIG_ZONE_DMA32=y +CONFIG_ZONE_DEVICE=y +CONFIG_DEV_PAGEMAP_OPS=y +CONFIG_HMM_MIRROR=y +# CONFIG_DEVICE_PRIVATE is not set +CONFIG_VMAP_PFN=y +CONFIG_ARCH_USES_HIGH_VMA_FLAGS=y +CONFIG_ARCH_HAS_PKEYS=y +# CONFIG_PERCPU_STATS is not set +# CONFIG_GUP_TEST is not set +# CONFIG_READ_ONLY_THP_FOR_FS is not set +CONFIG_ARCH_HAS_PTE_SPECIAL=y +CONFIG_MAPPING_DIRTY_HELPERS=y +CONFIG_SECRETMEM=y + +# +# Data Access Monitoring +# +# CONFIG_DAMON is not set +# end of Data Access Monitoring +# end of Memory Management options + +CONFIG_NET=y +CONFIG_COMPAT_NETLINK_MESSAGES=y +CONFIG_NET_INGRESS=y +CONFIG_NET_EGRESS=y +CONFIG_NET_REDIRECT=y +CONFIG_SKB_EXTENSIONS=y + +# +# Networking options +# +CONFIG_PACKET=y +CONFIG_PACKET_DIAG=y +CONFIG_UNIX=y +CONFIG_UNIX_SCM=y +CONFIG_AF_UNIX_OOB=y +CONFIG_UNIX_DIAG=y +CONFIG_TLS=m +# CONFIG_TLS_DEVICE is not set +# CONFIG_TLS_TOE is not set +CONFIG_XFRM=y +CONFIG_XFRM_OFFLOAD=y +CONFIG_XFRM_ALGO=m +CONFIG_XFRM_USER=m +# CONFIG_XFRM_USER_COMPAT is not set +# CONFIG_XFRM_INTERFACE is not set +CONFIG_XFRM_SUB_POLICY=y +CONFIG_XFRM_MIGRATE=y +CONFIG_XFRM_STATISTICS=y +CONFIG_XFRM_AH=m +CONFIG_XFRM_ESP=m +CONFIG_XFRM_IPCOMP=m +CONFIG_NET_KEY=m +# CONFIG_NET_KEY_MIGRATE is not set +CONFIG_SMC=m +CONFIG_SMC_DIAG=m +CONFIG_XDP_SOCKETS=y +CONFIG_XDP_SOCKETS_DIAG=m +CONFIG_INET=y +CONFIG_IP_MULTICAST=y +CONFIG_IP_ADVANCED_ROUTER=y +CONFIG_IP_FIB_TRIE_STATS=y +CONFIG_IP_MULTIPLE_TABLES=y +CONFIG_IP_ROUTE_MULTIPATH=y +CONFIG_IP_ROUTE_VERBOSE=y +CONFIG_IP_ROUTE_CLASSID=y +# CONFIG_IP_PNP is not set +CONFIG_NET_IPIP=m +CONFIG_NET_IPGRE_DEMUX=m +CONFIG_NET_IP_TUNNEL=m +CONFIG_NET_IPGRE=m +CONFIG_NET_IPGRE_BROADCAST=y +CONFIG_IP_MROUTE_COMMON=y +CONFIG_IP_MROUTE=y +CONFIG_IP_MROUTE_MULTIPLE_TABLES=y +CONFIG_IP_PIMSM_V1=y +CONFIG_IP_PIMSM_V2=y +CONFIG_SYN_COOKIES=y +CONFIG_NET_IPVTI=m +CONFIG_NET_UDP_TUNNEL=m +# CONFIG_NET_FOU is not set +# CONFIG_NET_FOU_IP_TUNNELS is not set +CONFIG_INET_AH=m +CONFIG_INET_ESP=m +CONFIG_INET_ESP_OFFLOAD=m +# CONFIG_INET_ESPINTCP is not set +CONFIG_INET_IPCOMP=m +CONFIG_INET_TABLE_PERTURB_ORDER=16 +CONFIG_INET_XFRM_TUNNEL=m +CONFIG_INET_TUNNEL=m +CONFIG_INET_DIAG=y +CONFIG_INET_TCP_DIAG=y +CONFIG_INET_UDP_DIAG=y +# CONFIG_INET_RAW_DIAG is not set +# CONFIG_INET_DIAG_DESTROY is not set +CONFIG_TCP_CONG_ADVANCED=y +CONFIG_TCP_CONG_BIC=m +CONFIG_TCP_CONG_CUBIC=y +CONFIG_TCP_CONG_WESTWOOD=m +CONFIG_TCP_CONG_HTCP=m +CONFIG_TCP_CONG_HSTCP=m +CONFIG_TCP_CONG_HYBLA=m +CONFIG_TCP_CONG_VEGAS=m +CONFIG_TCP_CONG_NV=m +CONFIG_TCP_CONG_SCALABLE=m +CONFIG_TCP_CONG_LP=m +CONFIG_TCP_CONG_VENO=m +CONFIG_TCP_CONG_YEAH=m +CONFIG_TCP_CONG_ILLINOIS=m +CONFIG_TCP_CONG_DCTCP=m +CONFIG_TCP_CONG_CDG=m +CONFIG_TCP_CONG_BBR=m +CONFIG_DEFAULT_CUBIC=y +# CONFIG_DEFAULT_RENO is not set +CONFIG_DEFAULT_TCP_CONG="cubic" +CONFIG_TCP_MD5SIG=y +CONFIG_IPV6=y +CONFIG_IPV6_ROUTER_PREF=y +CONFIG_IPV6_ROUTE_INFO=y +CONFIG_IPV6_OPTIMISTIC_DAD=y +CONFIG_INET6_AH=m +CONFIG_INET6_ESP=m +CONFIG_INET6_ESP_OFFLOAD=m +# CONFIG_INET6_ESPINTCP is not set +CONFIG_INET6_IPCOMP=m +CONFIG_IPV6_MIP6=m +# CONFIG_IPV6_ILA is not set +CONFIG_INET6_XFRM_TUNNEL=m +CONFIG_INET6_TUNNEL=m +CONFIG_IPV6_VTI=m +CONFIG_IPV6_SIT=m +CONFIG_IPV6_SIT_6RD=y +CONFIG_IPV6_NDISC_NODETYPE=y +CONFIG_IPV6_TUNNEL=m +CONFIG_IPV6_GRE=m +CONFIG_IPV6_MULTIPLE_TABLES=y +CONFIG_IPV6_SUBTREES=y +CONFIG_IPV6_MROUTE=y +CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y +CONFIG_IPV6_PIMSM_V2=y +# CONFIG_IPV6_SEG6_LWTUNNEL is not set +# CONFIG_IPV6_SEG6_HMAC is not set +# CONFIG_IPV6_RPL_LWTUNNEL is not set +# CONFIG_IPV6_IOAM6_LWTUNNEL is not set +CONFIG_NETLABEL=y +# CONFIG_MPTCP is not set +CONFIG_NETWORK_SECMARK=y +CONFIG_NET_PTP_CLASSIFY=y +CONFIG_NETWORK_PHY_TIMESTAMPING=y +CONFIG_NETFILTER=y +CONFIG_NETFILTER_ADVANCED=y +CONFIG_BRIDGE_NETFILTER=m + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_NETLINK=m +CONFIG_NETFILTER_FAMILY_BRIDGE=y +CONFIG_NETFILTER_FAMILY_ARP=y +# CONFIG_NETFILTER_NETLINK_HOOK is not set +CONFIG_NETFILTER_NETLINK_ACCT=m +CONFIG_NETFILTER_NETLINK_QUEUE=m +CONFIG_NETFILTER_NETLINK_LOG=m +CONFIG_NETFILTER_NETLINK_OSF=m +CONFIG_NF_CONNTRACK=m +CONFIG_NF_LOG_SYSLOG=m +CONFIG_NETFILTER_CONNCOUNT=m +CONFIG_NF_CONNTRACK_MARK=y +CONFIG_NF_CONNTRACK_SECMARK=y +CONFIG_NF_CONNTRACK_ZONES=y +CONFIG_NF_CONNTRACK_PROCFS=y +CONFIG_NF_CONNTRACK_EVENTS=y +CONFIG_NF_CONNTRACK_TIMEOUT=y +CONFIG_NF_CONNTRACK_TIMESTAMP=y +CONFIG_NF_CONNTRACK_LABELS=y +CONFIG_NF_CT_PROTO_DCCP=y +CONFIG_NF_CT_PROTO_GRE=y +CONFIG_NF_CT_PROTO_SCTP=y +CONFIG_NF_CT_PROTO_UDPLITE=y +CONFIG_NF_CONNTRACK_AMANDA=m +CONFIG_NF_CONNTRACK_FTP=m +CONFIG_NF_CONNTRACK_H323=m +CONFIG_NF_CONNTRACK_IRC=m +CONFIG_NF_CONNTRACK_BROADCAST=m +CONFIG_NF_CONNTRACK_NETBIOS_NS=m +CONFIG_NF_CONNTRACK_SNMP=m +CONFIG_NF_CONNTRACK_PPTP=m +CONFIG_NF_CONNTRACK_SANE=m +CONFIG_NF_CONNTRACK_SIP=m +CONFIG_NF_CONNTRACK_TFTP=m +CONFIG_NF_CT_NETLINK=m +CONFIG_NF_CT_NETLINK_TIMEOUT=m +# CONFIG_NETFILTER_NETLINK_GLUE_CT is not set +CONFIG_NF_NAT=m +CONFIG_NF_NAT_AMANDA=m +CONFIG_NF_NAT_FTP=m +CONFIG_NF_NAT_IRC=m +CONFIG_NF_NAT_SIP=m +CONFIG_NF_NAT_TFTP=m +CONFIG_NF_NAT_REDIRECT=y +CONFIG_NF_NAT_MASQUERADE=y +CONFIG_NETFILTER_SYNPROXY=m +CONFIG_NF_TABLES=m +CONFIG_NF_TABLES_INET=y +# CONFIG_NF_TABLES_NETDEV is not set +CONFIG_NFT_NUMGEN=m +CONFIG_NFT_CT=m +CONFIG_NFT_COUNTER=m +# CONFIG_NFT_CONNLIMIT is not set +CONFIG_NFT_LOG=m +CONFIG_NFT_LIMIT=m +CONFIG_NFT_MASQ=m +CONFIG_NFT_REDIR=m +CONFIG_NFT_NAT=m +CONFIG_NFT_TUNNEL=m +# CONFIG_NFT_OBJREF is not set +CONFIG_NFT_QUEUE=m +CONFIG_NFT_QUOTA=m +CONFIG_NFT_REJECT=m +CONFIG_NFT_REJECT_INET=m +CONFIG_NFT_COMPAT=m +CONFIG_NFT_HASH=m +# CONFIG_NFT_XFRM is not set +# CONFIG_NFT_SOCKET is not set +# CONFIG_NFT_OSF is not set +CONFIG_NFT_TPROXY=m +# CONFIG_NFT_SYNPROXY is not set +# CONFIG_NF_FLOW_TABLE is not set +CONFIG_NETFILTER_XTABLES=y +CONFIG_NETFILTER_XTABLES_COMPAT=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=m +CONFIG_NETFILTER_XT_SET=m + +# +# Xtables targets +# +# CONFIG_NETFILTER_XT_TARGET_AUDIT is not set +CONFIG_NETFILTER_XT_TARGET_CHECKSUM=m +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=m +CONFIG_NETFILTER_XT_TARGET_CONNMARK=m +CONFIG_NETFILTER_XT_TARGET_CONNSECMARK=m +CONFIG_NETFILTER_XT_TARGET_CT=m +CONFIG_NETFILTER_XT_TARGET_DSCP=m +CONFIG_NETFILTER_XT_TARGET_HL=m +CONFIG_NETFILTER_XT_TARGET_HMARK=m +CONFIG_NETFILTER_XT_TARGET_IDLETIMER=m +# CONFIG_NETFILTER_XT_TARGET_LED is not set +CONFIG_NETFILTER_XT_TARGET_LOG=m +CONFIG_NETFILTER_XT_TARGET_MARK=m +CONFIG_NETFILTER_XT_NAT=m +CONFIG_NETFILTER_XT_TARGET_NETMAP=m +CONFIG_NETFILTER_XT_TARGET_NFLOG=m +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=m +# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set +CONFIG_NETFILTER_XT_TARGET_RATEEST=m +CONFIG_NETFILTER_XT_TARGET_REDIRECT=m +CONFIG_NETFILTER_XT_TARGET_MASQUERADE=m +CONFIG_NETFILTER_XT_TARGET_TEE=m +CONFIG_NETFILTER_XT_TARGET_TPROXY=m +CONFIG_NETFILTER_XT_TARGET_TRACE=m +CONFIG_NETFILTER_XT_TARGET_SECMARK=m +CONFIG_NETFILTER_XT_TARGET_TCPMSS=m +CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=m + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=m +CONFIG_NETFILTER_XT_MATCH_BPF=m +CONFIG_NETFILTER_XT_MATCH_CGROUP=m +CONFIG_NETFILTER_XT_MATCH_CLUSTER=m +CONFIG_NETFILTER_XT_MATCH_COMMENT=m +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=m +CONFIG_NETFILTER_XT_MATCH_CONNLABEL=m +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=m +CONFIG_NETFILTER_XT_MATCH_CONNMARK=m +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=m +CONFIG_NETFILTER_XT_MATCH_CPU=m +CONFIG_NETFILTER_XT_MATCH_DCCP=m +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=m +CONFIG_NETFILTER_XT_MATCH_DSCP=m +CONFIG_NETFILTER_XT_MATCH_ECN=m +CONFIG_NETFILTER_XT_MATCH_ESP=m +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=m +CONFIG_NETFILTER_XT_MATCH_HELPER=m +CONFIG_NETFILTER_XT_MATCH_HL=m +# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set +CONFIG_NETFILTER_XT_MATCH_IPRANGE=m +CONFIG_NETFILTER_XT_MATCH_IPVS=m +# CONFIG_NETFILTER_XT_MATCH_L2TP is not set +CONFIG_NETFILTER_XT_MATCH_LENGTH=m +CONFIG_NETFILTER_XT_MATCH_LIMIT=m +CONFIG_NETFILTER_XT_MATCH_MAC=m +CONFIG_NETFILTER_XT_MATCH_MARK=m +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=m +CONFIG_NETFILTER_XT_MATCH_NFACCT=m +CONFIG_NETFILTER_XT_MATCH_OSF=m +CONFIG_NETFILTER_XT_MATCH_OWNER=m +CONFIG_NETFILTER_XT_MATCH_POLICY=m +CONFIG_NETFILTER_XT_MATCH_PHYSDEV=m +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=m +CONFIG_NETFILTER_XT_MATCH_QUOTA=m +CONFIG_NETFILTER_XT_MATCH_RATEEST=m +CONFIG_NETFILTER_XT_MATCH_REALM=m +CONFIG_NETFILTER_XT_MATCH_RECENT=m +CONFIG_NETFILTER_XT_MATCH_SCTP=m +CONFIG_NETFILTER_XT_MATCH_SOCKET=m +CONFIG_NETFILTER_XT_MATCH_STATE=m +CONFIG_NETFILTER_XT_MATCH_STATISTIC=m +CONFIG_NETFILTER_XT_MATCH_STRING=m +CONFIG_NETFILTER_XT_MATCH_TCPMSS=m +CONFIG_NETFILTER_XT_MATCH_TIME=m +CONFIG_NETFILTER_XT_MATCH_U32=m +# end of Core Netfilter Configuration + +CONFIG_IP_SET=m +CONFIG_IP_SET_MAX=256 +CONFIG_IP_SET_BITMAP_IP=m +CONFIG_IP_SET_BITMAP_IPMAC=m +CONFIG_IP_SET_BITMAP_PORT=m +CONFIG_IP_SET_HASH_IP=m +CONFIG_IP_SET_HASH_IPMARK=m +CONFIG_IP_SET_HASH_IPPORT=m +CONFIG_IP_SET_HASH_IPPORTIP=m +CONFIG_IP_SET_HASH_IPPORTNET=m +CONFIG_IP_SET_HASH_IPMAC=m +CONFIG_IP_SET_HASH_MAC=m +CONFIG_IP_SET_HASH_NETPORTNET=m +CONFIG_IP_SET_HASH_NET=m +CONFIG_IP_SET_HASH_NETNET=m +CONFIG_IP_SET_HASH_NETPORT=m +CONFIG_IP_SET_HASH_NETIFACE=m +CONFIG_IP_SET_LIST_SET=m +CONFIG_IP_VS=m +CONFIG_IP_VS_IPV6=y +# CONFIG_IP_VS_DEBUG is not set +CONFIG_IP_VS_TAB_BITS=12 + +# +# IPVS transport protocol load balancing support +# +CONFIG_IP_VS_PROTO_TCP=y +CONFIG_IP_VS_PROTO_UDP=y +CONFIG_IP_VS_PROTO_AH_ESP=y +CONFIG_IP_VS_PROTO_ESP=y +CONFIG_IP_VS_PROTO_AH=y +CONFIG_IP_VS_PROTO_SCTP=y + +# +# IPVS scheduler +# +CONFIG_IP_VS_RR=m +CONFIG_IP_VS_WRR=m +CONFIG_IP_VS_LC=m +CONFIG_IP_VS_WLC=m +# CONFIG_IP_VS_FO is not set +# CONFIG_IP_VS_OVF is not set +CONFIG_IP_VS_LBLC=m +CONFIG_IP_VS_LBLCR=m +CONFIG_IP_VS_DH=m +CONFIG_IP_VS_SH=m +CONFIG_IP_VS_MH=m +CONFIG_IP_VS_SED=m +CONFIG_IP_VS_NQ=m +# CONFIG_IP_VS_TWOS is not set + +# +# IPVS SH scheduler +# +CONFIG_IP_VS_SH_TAB_BITS=8 + +# +# IPVS MH scheduler +# +CONFIG_IP_VS_MH_TAB_INDEX=12 + +# +# IPVS application helper +# +CONFIG_IP_VS_FTP=m +CONFIG_IP_VS_NFCT=y +CONFIG_IP_VS_PE_SIP=m + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=m +CONFIG_NF_SOCKET_IPV4=m +CONFIG_NF_TPROXY_IPV4=m +CONFIG_NF_TABLES_IPV4=y +CONFIG_NFT_REJECT_IPV4=m +CONFIG_NFT_DUP_IPV4=m +# CONFIG_NFT_FIB_IPV4 is not set +# CONFIG_NF_TABLES_ARP is not set +CONFIG_NF_DUP_IPV4=m +# CONFIG_NF_LOG_ARP is not set +CONFIG_NF_LOG_IPV4=m +CONFIG_NF_REJECT_IPV4=m +CONFIG_NF_NAT_SNMP_BASIC=m +CONFIG_NF_NAT_PPTP=m +CONFIG_NF_NAT_H323=m +CONFIG_IP_NF_IPTABLES=m +CONFIG_IP_NF_MATCH_AH=m +CONFIG_IP_NF_MATCH_ECN=m +CONFIG_IP_NF_MATCH_RPFILTER=m +CONFIG_IP_NF_MATCH_TTL=m +CONFIG_IP_NF_FILTER=m +CONFIG_IP_NF_TARGET_REJECT=m +CONFIG_IP_NF_TARGET_SYNPROXY=m +CONFIG_IP_NF_NAT=m +CONFIG_IP_NF_TARGET_MASQUERADE=m +CONFIG_IP_NF_TARGET_NETMAP=m +CONFIG_IP_NF_TARGET_REDIRECT=m +CONFIG_IP_NF_MANGLE=m +CONFIG_IP_NF_TARGET_CLUSTERIP=m +CONFIG_IP_NF_TARGET_ECN=m +CONFIG_IP_NF_TARGET_TTL=m +CONFIG_IP_NF_RAW=m +CONFIG_IP_NF_SECURITY=m +CONFIG_IP_NF_ARPTABLES=m +CONFIG_IP_NF_ARPFILTER=m +CONFIG_IP_NF_ARP_MANGLE=m +# end of IP: Netfilter Configuration + +# +# IPv6: Netfilter Configuration +# +CONFIG_NF_SOCKET_IPV6=m +CONFIG_NF_TPROXY_IPV6=m +CONFIG_NF_TABLES_IPV6=y +CONFIG_NFT_REJECT_IPV6=m +CONFIG_NFT_DUP_IPV6=m +# CONFIG_NFT_FIB_IPV6 is not set +CONFIG_NF_DUP_IPV6=m +CONFIG_NF_REJECT_IPV6=m +CONFIG_NF_LOG_IPV6=m +CONFIG_IP6_NF_IPTABLES=m +CONFIG_IP6_NF_MATCH_AH=m +CONFIG_IP6_NF_MATCH_EUI64=m +CONFIG_IP6_NF_MATCH_FRAG=m +CONFIG_IP6_NF_MATCH_OPTS=m +CONFIG_IP6_NF_MATCH_HL=m +CONFIG_IP6_NF_MATCH_IPV6HEADER=m +CONFIG_IP6_NF_MATCH_MH=m +CONFIG_IP6_NF_MATCH_RPFILTER=m +CONFIG_IP6_NF_MATCH_RT=m +# CONFIG_IP6_NF_MATCH_SRH is not set +CONFIG_IP6_NF_TARGET_HL=m +CONFIG_IP6_NF_FILTER=m +CONFIG_IP6_NF_TARGET_REJECT=m +CONFIG_IP6_NF_TARGET_SYNPROXY=m +CONFIG_IP6_NF_MANGLE=m +CONFIG_IP6_NF_RAW=m +CONFIG_IP6_NF_SECURITY=m +CONFIG_IP6_NF_NAT=m +CONFIG_IP6_NF_TARGET_MASQUERADE=m +CONFIG_IP6_NF_TARGET_NPT=m +# end of IPv6: Netfilter Configuration + +CONFIG_NF_DEFRAG_IPV6=m +# CONFIG_NF_TABLES_BRIDGE is not set +# CONFIG_NF_CONNTRACK_BRIDGE is not set +CONFIG_BRIDGE_NF_EBTABLES=m +CONFIG_BRIDGE_EBT_BROUTE=m +CONFIG_BRIDGE_EBT_T_FILTER=m +CONFIG_BRIDGE_EBT_T_NAT=m +CONFIG_BRIDGE_EBT_802_3=m +CONFIG_BRIDGE_EBT_AMONG=m +CONFIG_BRIDGE_EBT_ARP=m +CONFIG_BRIDGE_EBT_IP=m +CONFIG_BRIDGE_EBT_IP6=m +CONFIG_BRIDGE_EBT_LIMIT=m +CONFIG_BRIDGE_EBT_MARK=m +CONFIG_BRIDGE_EBT_PKTTYPE=m +CONFIG_BRIDGE_EBT_STP=m +CONFIG_BRIDGE_EBT_VLAN=m +CONFIG_BRIDGE_EBT_ARPREPLY=m +CONFIG_BRIDGE_EBT_DNAT=m +CONFIG_BRIDGE_EBT_MARK_T=m +CONFIG_BRIDGE_EBT_REDIRECT=m +CONFIG_BRIDGE_EBT_SNAT=m +CONFIG_BRIDGE_EBT_LOG=m +CONFIG_BRIDGE_EBT_NFLOG=m +# CONFIG_BPFILTER is not set +# CONFIG_IP_DCCP is not set +CONFIG_IP_SCTP=m +# CONFIG_SCTP_DBG_OBJCNT is not set +CONFIG_SCTP_DEFAULT_COOKIE_HMAC_MD5=y +# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_SHA1 is not set +# CONFIG_SCTP_DEFAULT_COOKIE_HMAC_NONE is not set +CONFIG_SCTP_COOKIE_HMAC_MD5=y +CONFIG_SCTP_COOKIE_HMAC_SHA1=y +CONFIG_INET_SCTP_DIAG=m +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +# CONFIG_L2TP is not set +CONFIG_STP=y +CONFIG_GARP=m +CONFIG_MRP=m +CONFIG_BRIDGE=y +CONFIG_BRIDGE_IGMP_SNOOPING=y +CONFIG_BRIDGE_VLAN_FILTERING=y +# CONFIG_BRIDGE_MRP is not set +# CONFIG_BRIDGE_CFM is not set +# CONFIG_NET_DSA is not set +CONFIG_VLAN_8021Q=m +CONFIG_VLAN_8021Q_GVRP=y +CONFIG_VLAN_8021Q_MVRP=y +CONFIG_LLC=y +# CONFIG_LLC2 is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +CONFIG_NET_SCHED=y + +# +# Queueing/Scheduling +# +CONFIG_NET_SCH_CBQ=m +CONFIG_NET_SCH_HTB=m +CONFIG_NET_SCH_HFSC=m +CONFIG_NET_SCH_PRIO=m +CONFIG_NET_SCH_MULTIQ=m +CONFIG_NET_SCH_RED=m +CONFIG_NET_SCH_SFB=m +CONFIG_NET_SCH_SFQ=m +CONFIG_NET_SCH_TEQL=m +CONFIG_NET_SCH_TBF=m +# CONFIG_NET_SCH_CBS is not set +CONFIG_NET_SCH_ETF=m +# CONFIG_NET_SCH_TAPRIO is not set +CONFIG_NET_SCH_GRED=m +CONFIG_NET_SCH_DSMARK=m +CONFIG_NET_SCH_NETEM=m +CONFIG_NET_SCH_DRR=m +CONFIG_NET_SCH_MQPRIO=m +# CONFIG_NET_SCH_SKBPRIO is not set +CONFIG_NET_SCH_CHOKE=m +CONFIG_NET_SCH_QFQ=m +CONFIG_NET_SCH_CODEL=m +CONFIG_NET_SCH_FQ_CODEL=m +# CONFIG_NET_SCH_CAKE is not set +CONFIG_NET_SCH_FQ=m +# CONFIG_NET_SCH_HHF is not set +# CONFIG_NET_SCH_PIE is not set +CONFIG_NET_SCH_INGRESS=m +CONFIG_NET_SCH_PLUG=m +# CONFIG_NET_SCH_ETS is not set +# CONFIG_NET_SCH_DEFAULT is not set + +# +# Classification +# +CONFIG_NET_CLS=y +CONFIG_NET_CLS_BASIC=m +CONFIG_NET_CLS_ROUTE4=m +CONFIG_NET_CLS_FW=m +CONFIG_NET_CLS_U32=m +CONFIG_CLS_U32_PERF=y +CONFIG_CLS_U32_MARK=y +CONFIG_NET_CLS_RSVP=m +CONFIG_NET_CLS_RSVP6=m +CONFIG_NET_CLS_FLOW=m +CONFIG_NET_CLS_CGROUP=m +CONFIG_NET_CLS_BPF=m +CONFIG_NET_CLS_FLOWER=m +CONFIG_NET_CLS_MATCHALL=m +CONFIG_NET_EMATCH=y +CONFIG_NET_EMATCH_STACK=32 +CONFIG_NET_EMATCH_CMP=m +CONFIG_NET_EMATCH_NBYTE=m +CONFIG_NET_EMATCH_U32=m +CONFIG_NET_EMATCH_META=m +CONFIG_NET_EMATCH_TEXT=m +# CONFIG_NET_EMATCH_CANID is not set +CONFIG_NET_EMATCH_IPSET=m +# CONFIG_NET_EMATCH_IPT is not set +CONFIG_NET_CLS_ACT=y +CONFIG_NET_ACT_POLICE=m +CONFIG_NET_ACT_GACT=m +CONFIG_GACT_PROB=y +CONFIG_NET_ACT_MIRRED=m +# CONFIG_NET_ACT_SAMPLE is not set +CONFIG_NET_ACT_IPT=m +CONFIG_NET_ACT_NAT=m +CONFIG_NET_ACT_PEDIT=m +# CONFIG_NET_ACT_SIMP is not set +CONFIG_NET_ACT_SKBEDIT=m +CONFIG_NET_ACT_CSUM=m +# CONFIG_NET_ACT_MPLS is not set +# CONFIG_NET_ACT_VLAN is not set +CONFIG_NET_ACT_BPF=m +# CONFIG_NET_ACT_CONNMARK is not set +# CONFIG_NET_ACT_CTINFO is not set +# CONFIG_NET_ACT_SKBMOD is not set +# CONFIG_NET_ACT_IFE is not set +CONFIG_NET_ACT_TUNNEL_KEY=m +# CONFIG_NET_ACT_GATE is not set +# CONFIG_NET_TC_SKB_EXT is not set +CONFIG_NET_SCH_FIFO=y +CONFIG_DCB=y +CONFIG_DNS_RESOLVER=m +# CONFIG_BATMAN_ADV is not set +CONFIG_OPENVSWITCH=m +CONFIG_OPENVSWITCH_GRE=m +CONFIG_OPENVSWITCH_VXLAN=m +CONFIG_OPENVSWITCH_GENEVE=m +CONFIG_VSOCKETS=m +# CONFIG_VSOCKETS_DIAG is not set +CONFIG_VSOCKETS_LOOPBACK=m +CONFIG_VMWARE_VMCI_VSOCKETS=m +CONFIG_VIRTIO_VSOCKETS=m +CONFIG_VIRTIO_VSOCKETS_COMMON=m +CONFIG_HYPERV_VSOCKETS=m +CONFIG_NETLINK_DIAG=y +CONFIG_MPLS=y +CONFIG_NET_MPLS_GSO=m +# CONFIG_MPLS_ROUTING is not set +CONFIG_NET_NSH=m +# CONFIG_HSR is not set +CONFIG_NET_SWITCHDEV=y +CONFIG_NET_L3_MASTER_DEV=y +# CONFIG_QRTR is not set +# CONFIG_NET_NCSI is not set +CONFIG_PCPU_DEV_REFCNT=y +CONFIG_RPS=y +CONFIG_RFS_ACCEL=y +CONFIG_SOCK_RX_QUEUE_MAPPING=y +CONFIG_XPS=y +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y +# CONFIG_BPF_STREAM_PARSER is not set +CONFIG_NET_FLOW_LIMIT=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +CONFIG_NET_DROP_MONITOR=y +# end of Network testing +# end of Networking options + +# CONFIG_HAMRADIO is not set +CONFIG_CAN=m +CONFIG_CAN_RAW=m +CONFIG_CAN_BCM=m +CONFIG_CAN_GW=m +# CONFIG_CAN_J1939 is not set +# CONFIG_CAN_ISOTP is not set + +# +# CAN Device Drivers +# +# CONFIG_CAN_VCAN is not set +# CONFIG_CAN_VXCAN is not set +# CONFIG_CAN_SLCAN is not set +CONFIG_CAN_DEV=m +CONFIG_CAN_CALC_BITTIMING=y +# CONFIG_CAN_KVASER_PCIEFD is not set +# CONFIG_CAN_C_CAN is not set +# CONFIG_CAN_CC770 is not set +# CONFIG_CAN_IFI_CANFD is not set +# CONFIG_CAN_M_CAN is not set +# CONFIG_CAN_PEAK_PCIEFD is not set +# CONFIG_CAN_SJA1000 is not set +# CONFIG_CAN_SOFTING is not set + +# +# CAN USB interfaces +# +# CONFIG_CAN_8DEV_USB is not set +# CONFIG_CAN_EMS_USB is not set +# CONFIG_CAN_ESD_USB2 is not set +# CONFIG_CAN_ETAS_ES58X is not set +# CONFIG_CAN_GS_USB is not set +# CONFIG_CAN_KVASER_USB is not set +# CONFIG_CAN_MCBA_USB is not set +# CONFIG_CAN_PEAK_USB is not set +# CONFIG_CAN_UCAN is not set +# end of CAN USB interfaces + +# CONFIG_CAN_DEBUG_DEVICES is not set +# end of CAN Device Drivers + +CONFIG_BT=m +CONFIG_BT_BREDR=y +CONFIG_BT_RFCOMM=m +CONFIG_BT_RFCOMM_TTY=y +CONFIG_BT_BNEP=m +# CONFIG_BT_BNEP_MC_FILTER is not set +# CONFIG_BT_BNEP_PROTO_FILTER is not set +CONFIG_BT_HIDP=m +CONFIG_BT_HS=y +CONFIG_BT_LE=y +# CONFIG_BT_LEDS is not set +# CONFIG_BT_MSFTEXT is not set +# CONFIG_BT_AOSPEXT is not set +CONFIG_BT_DEBUGFS=y +# CONFIG_BT_SELFTEST is not set + +# +# Bluetooth device drivers +# +CONFIG_BT_INTEL=m +CONFIG_BT_BCM=m +CONFIG_BT_RTL=m +CONFIG_BT_HCIBTUSB=m +# CONFIG_BT_HCIBTUSB_AUTOSUSPEND is not set +CONFIG_BT_HCIBTUSB_BCM=y +# CONFIG_BT_HCIBTUSB_MTK is not set +CONFIG_BT_HCIBTUSB_RTL=y +CONFIG_BT_HCIBTSDIO=m +# CONFIG_BT_HCIUART is not set +CONFIG_BT_HCIBCM203X=m +# CONFIG_BT_HCIBPA10X is not set +# CONFIG_BT_HCIBFUSB is not set +# CONFIG_BT_HCIVHCI is not set +# CONFIG_BT_MRVL is not set +# CONFIG_BT_ATH3K is not set +# CONFIG_BT_MTKSDIO is not set +# CONFIG_BT_MTKUART is not set +CONFIG_BT_HCIRSI=m +# CONFIG_BT_VIRTIO is not set +# end of Bluetooth device drivers + +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +CONFIG_STREAM_PARSER=y +# CONFIG_MCTP is not set +CONFIG_FIB_RULES=y +CONFIG_WIRELESS=y +CONFIG_WEXT_CORE=y +CONFIG_WEXT_PROC=y +CONFIG_CFG80211=m +# CONFIG_NL80211_TESTMODE is not set +# CONFIG_CFG80211_DEVELOPER_WARNINGS is not set +# CONFIG_CFG80211_CERTIFICATION_ONUS is not set +CONFIG_CFG80211_REQUIRE_SIGNED_REGDB=y +CONFIG_CFG80211_USE_KERNEL_REGDB_KEYS=y +CONFIG_CFG80211_DEFAULT_PS=y +# CONFIG_CFG80211_DEBUGFS is not set +CONFIG_CFG80211_CRDA_SUPPORT=y +CONFIG_CFG80211_WEXT=y +CONFIG_MAC80211=m +CONFIG_MAC80211_HAS_RC=y +CONFIG_MAC80211_RC_MINSTREL=y +CONFIG_MAC80211_RC_DEFAULT_MINSTREL=y +CONFIG_MAC80211_RC_DEFAULT="minstrel_ht" +# CONFIG_MAC80211_MESH is not set +CONFIG_MAC80211_LEDS=y +# CONFIG_MAC80211_DEBUGFS is not set +# CONFIG_MAC80211_MESSAGE_TRACING is not set +# CONFIG_MAC80211_DEBUG_MENU is not set +CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 +# CONFIG_RFKILL is not set +CONFIG_NET_9P=m +CONFIG_NET_9P_VIRTIO=m +CONFIG_NET_9P_XEN=m +# CONFIG_NET_9P_RDMA is not set +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +CONFIG_CEPH_LIB=m +# CONFIG_CEPH_LIB_PRETTYDEBUG is not set +# CONFIG_CEPH_LIB_USE_DNS_RESOLVER is not set +# CONFIG_NFC is not set +# CONFIG_PSAMPLE is not set +# CONFIG_NET_IFE is not set +# CONFIG_LWTUNNEL is not set +CONFIG_DST_CACHE=y +CONFIG_GRO_CELLS=y +CONFIG_NET_SELFTESTS=y +CONFIG_NET_SOCK_MSG=y +CONFIG_NET_DEVLINK=y +CONFIG_PAGE_POOL=y +CONFIG_FAILOVER=y +CONFIG_ETHTOOL_NETLINK=y + +# +# Device Drivers +# +CONFIG_HAVE_EISA=y +# CONFIG_EISA is not set +CONFIG_HAVE_PCI=y +CONFIG_PCI=y +CONFIG_PCI_DOMAINS=y +CONFIG_PCIEPORTBUS=y +CONFIG_HOTPLUG_PCI_PCIE=y +CONFIG_PCIEAER=y +# CONFIG_PCIEAER_INJECT is not set +CONFIG_PCIE_ECRC=y +CONFIG_PCIEASPM=y +CONFIG_PCIEASPM_DEFAULT=y +# CONFIG_PCIEASPM_POWERSAVE is not set +# CONFIG_PCIEASPM_POWER_SUPERSAVE is not set +# CONFIG_PCIEASPM_PERFORMANCE is not set +CONFIG_PCIE_PME=y +# CONFIG_PCIE_DPC is not set +# CONFIG_PCIE_PTM is not set +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +CONFIG_PCI_QUIRKS=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_REALLOC_ENABLE_AUTO is not set +# CONFIG_PCI_STUB is not set +# CONFIG_PCI_PF_STUB is not set +CONFIG_XEN_PCIDEV_FRONTEND=m +CONFIG_PCI_ATS=y +CONFIG_PCI_LOCKLESS_CONFIG=y +CONFIG_PCI_IOV=y +CONFIG_PCI_PRI=y +CONFIG_PCI_PASID=y +# CONFIG_PCI_P2PDMA is not set +CONFIG_PCI_LABEL=y +CONFIG_PCI_HYPERV=m +# CONFIG_PCIE_BUS_TUNE_OFF is not set +CONFIG_PCIE_BUS_DEFAULT=y +# CONFIG_PCIE_BUS_SAFE is not set +# CONFIG_PCIE_BUS_PERFORMANCE is not set +# CONFIG_PCIE_BUS_PEER2PEER is not set +CONFIG_HOTPLUG_PCI=y +CONFIG_HOTPLUG_PCI_ACPI=y +CONFIG_HOTPLUG_PCI_ACPI_IBM=m +# CONFIG_HOTPLUG_PCI_CPCI is not set +# CONFIG_HOTPLUG_PCI_SHPC is not set + +# +# PCI controller drivers +# +CONFIG_VMD=y +CONFIG_PCI_HYPERV_INTERFACE=m + +# +# DesignWare PCI Core Support +# +# CONFIG_PCIE_DW_PLAT_HOST is not set +# CONFIG_PCI_MESON is not set +# end of DesignWare PCI Core Support + +# +# Mobiveil PCIe Core Support +# +# end of Mobiveil PCIe Core Support + +# +# Cadence PCIe controllers support +# +# end of Cadence PCIe controllers support +# end of PCI controller drivers + +# +# PCI Endpoint +# +# CONFIG_PCI_ENDPOINT is not set +# end of PCI Endpoint + +# +# PCI switch controller drivers +# +# CONFIG_PCI_SW_SWITCHTEC is not set +# end of PCI switch controller drivers + +# CONFIG_CXL_BUS is not set +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set + +# +# Generic Driver Options +# +CONFIG_AUXILIARY_BUS=y +CONFIG_UEVENT_HELPER=y +CONFIG_UEVENT_HELPER_PATH="" +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_STANDALONE=y +CONFIG_PREVENT_FIRMWARE_BUILD=y + +# +# Firmware loader +# +CONFIG_FW_LOADER=y +CONFIG_FW_LOADER_PAGED_BUF=y +CONFIG_EXTRA_FIRMWARE="" +CONFIG_FW_LOADER_USER_HELPER=y +# CONFIG_FW_LOADER_USER_HELPER_FALLBACK is not set +CONFIG_FW_LOADER_COMPRESS=y +CONFIG_FW_CACHE=y +# end of Firmware loader + +CONFIG_WANT_DEV_COREDUMP=y +CONFIG_ALLOW_DEV_COREDUMP=y +CONFIG_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set +# CONFIG_TEST_ASYNC_DRIVER_PROBE is not set +CONFIG_SYS_HYPERVISOR=y +CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y +CONFIG_REGMAP=y +CONFIG_REGMAP_I2C=m +CONFIG_DMA_SHARED_BUFFER=y +# CONFIG_DMA_FENCE_TRACE is not set +# end of Generic Driver Options + +# +# Bus devices +# +# CONFIG_MHI_BUS is not set +# end of Bus devices + +CONFIG_CONNECTOR=y +CONFIG_PROC_EVENTS=y + +# +# Firmware Drivers +# + +# +# ARM System Control and Management Interface Protocol +# +# end of ARM System Control and Management Interface Protocol + +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +CONFIG_DMIID=y +# CONFIG_DMI_SYSFS is not set +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT is not set +# CONFIG_FW_CFG_SYSFS is not set +CONFIG_SYSFB=y +# CONFIG_SYSFB_SIMPLEFB is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# EFI (Extensible Firmware Interface) Support +# +# CONFIG_EFI_VARS is not set +CONFIG_EFI_ESRT=y +CONFIG_EFI_VARS_PSTORE=y +# CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE is not set +CONFIG_EFI_RUNTIME_MAP=y +# CONFIG_EFI_FAKE_MEMMAP is not set +CONFIG_EFI_RUNTIME_WRAPPERS=y +CONFIG_EFI_GENERIC_STUB_INITRD_CMDLINE_LOADER=y +# CONFIG_EFI_BOOTLOADER_CONTROL is not set +# CONFIG_EFI_CAPSULE_LOADER is not set +# CONFIG_EFI_TEST is not set +# CONFIG_APPLE_PROPERTIES is not set +CONFIG_RESET_ATTACK_MITIGATION=y +# CONFIG_EFI_RCI2_TABLE is not set +# CONFIG_EFI_DISABLE_PCI_DMA is not set +# end of EFI (Extensible Firmware Interface) Support + +CONFIG_UEFI_CPER=y +CONFIG_UEFI_CPER_X86=y +CONFIG_EFI_EARLYCON=y +# CONFIG_EFI_CUSTOM_SSDT_OVERLAYS is not set + +# +# Tegra firmware driver +# +# end of Tegra firmware driver +# end of Firmware Drivers + +# CONFIG_GNSS is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +# CONFIG_PNP_DEBUG_MESSAGES is not set + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +CONFIG_CDROM=y +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_CRYPTOLOOP is not set +# CONFIG_BLK_DEV_DRBD is not set +CONFIG_BLK_DEV_NBD=m +CONFIG_BLK_DEV_RAM=y +CONFIG_BLK_DEV_RAM_COUNT=16 +CONFIG_BLK_DEV_RAM_SIZE=4096 +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_XEN_BLKDEV_FRONTEND=m +# CONFIG_XEN_BLKDEV_BACKEND is not set +CONFIG_VIRTIO_BLK=m +CONFIG_BLK_DEV_RBD=m +# CONFIG_BLK_DEV_RSXX is not set + +# +# NVME Support +# +CONFIG_NVME_CORE=y +CONFIG_BLK_DEV_NVME=y +CONFIG_NVME_MULTIPATH=y +# CONFIG_NVME_HWMON is not set +CONFIG_NVME_FABRICS=m +CONFIG_NVME_RDMA=m +CONFIG_NVME_FC=m +CONFIG_NVME_TCP=m +CONFIG_NVME_TARGET=m +# CONFIG_NVME_TARGET_PASSTHRU is not set +CONFIG_NVME_TARGET_LOOP=m +# CONFIG_NVME_TARGET_RDMA is not set +# CONFIG_NVME_TARGET_FC is not set +CONFIG_NVME_TARGET_TCP=m +# end of NVME Support + +# +# Misc devices +# +# CONFIG_AD525X_DPOT is not set +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ICS932S401 is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_APDS9802ALS is not set +# CONFIG_ISL29003 is not set +# CONFIG_ISL29020 is not set +# CONFIG_SENSORS_TSL2550 is not set +# CONFIG_SENSORS_BH1770 is not set +# CONFIG_SENSORS_APDS990X is not set +# CONFIG_HMC6352 is not set +# CONFIG_DS1682 is not set +CONFIG_VMWARE_BALLOON=m +# CONFIG_SRAM is not set +# CONFIG_DW_XDATA_PCIE is not set +# CONFIG_PCI_ENDPOINT_TEST is not set +# CONFIG_XILINX_SDFEC is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_AT24 is not set +# CONFIG_EEPROM_LEGACY is not set +# CONFIG_EEPROM_MAX6875 is not set +CONFIG_EEPROM_93CX6=m +# CONFIG_EEPROM_IDT_89HPESX is not set +# CONFIG_EEPROM_EE1004 is not set +# end of EEPROM support + +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# +# CONFIG_TI_ST is not set +# end of Texas Instruments shared transport line discipline + +# CONFIG_SENSORS_LIS3_I2C is not set +# CONFIG_ALTERA_STAPL is not set +CONFIG_INTEL_MEI=m +CONFIG_INTEL_MEI_ME=m +# CONFIG_INTEL_MEI_TXE is not set +# CONFIG_INTEL_MEI_HDCP is not set +CONFIG_VMWARE_VMCI=m +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_BCM_VK is not set +# CONFIG_MISC_ALCOR_PCI is not set +# CONFIG_MISC_RTSX_PCI is not set +# CONFIG_MISC_RTSX_USB is not set +# CONFIG_HABANA_AI is not set +# CONFIG_UACCE is not set +# CONFIG_PVPANIC is not set +# end of Misc devices + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +CONFIG_RAID_ATTRS=y +CONFIG_SCSI_COMMON=y +CONFIG_SCSI=y +CONFIG_SCSI_DMA=y +CONFIG_SCSI_NETLINK=y +CONFIG_SCSI_PROC_FS=y + +# +# SCSI support type (disk, tape, CD-ROM) +# +CONFIG_BLK_DEV_SD=y +# CONFIG_CHR_DEV_ST is not set +CONFIG_BLK_DEV_SR=y +CONFIG_CHR_DEV_SG=y +CONFIG_BLK_DEV_BSG=y +# CONFIG_CHR_DEV_SCH is not set +# CONFIG_SCSI_CONSTANTS is not set +CONFIG_SCSI_LOGGING=y +CONFIG_SCSI_SCAN_ASYNC=y + +# +# SCSI Transports +# +CONFIG_SCSI_SPI_ATTRS=y +CONFIG_SCSI_FC_ATTRS=m +CONFIG_SCSI_ISCSI_ATTRS=y +CONFIG_SCSI_SAS_ATTRS=y +CONFIG_SCSI_SAS_LIBSAS=m +CONFIG_SCSI_SAS_ATA=y +CONFIG_SCSI_SAS_HOST_SMP=y +CONFIG_SCSI_SRP_ATTRS=m +# end of SCSI Transports + +CONFIG_SCSI_LOWLEVEL=y +CONFIG_ISCSI_TCP=m +CONFIG_ISCSI_BOOT_SYSFS=m +CONFIG_SCSI_CXGB3_ISCSI=m +CONFIG_SCSI_CXGB4_ISCSI=m +CONFIG_SCSI_BNX2_ISCSI=m +# CONFIG_SCSI_BNX2X_FCOE is not set +CONFIG_BE2ISCSI=m +CONFIG_BLK_DEV_3W_XXXX_RAID=m +CONFIG_SCSI_HPSA=m +CONFIG_SCSI_3W_9XXX=m +CONFIG_SCSI_3W_SAS=m +CONFIG_SCSI_ACARD=m +CONFIG_SCSI_AACRAID=m +CONFIG_SCSI_AIC7XXX=m +CONFIG_AIC7XXX_CMDS_PER_DEVICE=32 +CONFIG_AIC7XXX_RESET_DELAY_MS=5000 +CONFIG_AIC7XXX_DEBUG_ENABLE=y +CONFIG_AIC7XXX_DEBUG_MASK=0 +CONFIG_AIC7XXX_REG_PRETTY_PRINT=y +CONFIG_SCSI_AIC79XX=m +CONFIG_AIC79XX_CMDS_PER_DEVICE=32 +CONFIG_AIC79XX_RESET_DELAY_MS=5000 +CONFIG_AIC79XX_DEBUG_ENABLE=y +CONFIG_AIC79XX_DEBUG_MASK=0 +CONFIG_AIC79XX_REG_PRETTY_PRINT=y +CONFIG_SCSI_AIC94XX=m +CONFIG_AIC94XX_DEBUG=y +CONFIG_SCSI_MVSAS=m +CONFIG_SCSI_MVSAS_DEBUG=y +CONFIG_SCSI_MVSAS_TASKLET=y +CONFIG_SCSI_MVUMI=m +CONFIG_SCSI_DPT_I2O=m +CONFIG_SCSI_ADVANSYS=m +CONFIG_SCSI_ARCMSR=m +CONFIG_SCSI_ESAS2R=m +CONFIG_MEGARAID_NEWGEN=y +CONFIG_MEGARAID_MM=m +CONFIG_MEGARAID_MAILBOX=m +CONFIG_MEGARAID_LEGACY=m +CONFIG_MEGARAID_SAS=m +CONFIG_SCSI_MPT3SAS=y +CONFIG_SCSI_MPT2SAS_MAX_SGE=128 +CONFIG_SCSI_MPT3SAS_MAX_SGE=128 +CONFIG_SCSI_MPT2SAS=y +# CONFIG_SCSI_MPI3MR is not set +CONFIG_SCSI_SMARTPQI=y +CONFIG_SCSI_UFSHCD=m +CONFIG_SCSI_UFSHCD_PCI=m +# CONFIG_SCSI_UFS_DWC_TC_PCI is not set +CONFIG_SCSI_UFSHCD_PLATFORM=m +# CONFIG_SCSI_UFS_CDNS_PLATFORM is not set +# CONFIG_SCSI_UFS_DWC_TC_PLATFORM is not set +# CONFIG_SCSI_UFS_BSG is not set +# CONFIG_SCSI_UFS_HPB is not set +CONFIG_SCSI_HPTIOP=m +CONFIG_SCSI_BUSLOGIC=m +CONFIG_SCSI_FLASHPOINT=y +# CONFIG_SCSI_MYRB is not set +# CONFIG_SCSI_MYRS is not set +CONFIG_VMWARE_PVSCSI=y +CONFIG_XEN_SCSI_FRONTEND=m +CONFIG_HYPERV_STORAGE=m +CONFIG_LIBFC=m +CONFIG_LIBFCOE=m +CONFIG_FCOE=m +CONFIG_FCOE_FNIC=m +# CONFIG_SCSI_SNIC is not set +CONFIG_SCSI_DMX3191D=m +# CONFIG_SCSI_FDOMAIN_PCI is not set +CONFIG_SCSI_ISCI=m +CONFIG_SCSI_IPS=m +CONFIG_SCSI_INITIO=m +CONFIG_SCSI_INIA100=m +CONFIG_SCSI_STEX=m +CONFIG_SCSI_SYM53C8XX_2=y +CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1 +CONFIG_SCSI_SYM53C8XX_DEFAULT_TAGS=16 +CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64 +CONFIG_SCSI_SYM53C8XX_MMIO=y +CONFIG_SCSI_IPR=m +CONFIG_SCSI_IPR_TRACE=y +CONFIG_SCSI_IPR_DUMP=y +CONFIG_SCSI_QLOGIC_1280=m +CONFIG_SCSI_QLA_FC=m +CONFIG_TCM_QLA2XXX=m +# CONFIG_TCM_QLA2XXX_DEBUG is not set +CONFIG_SCSI_QLA_ISCSI=m +# CONFIG_QEDI is not set +# CONFIG_QEDF is not set +CONFIG_SCSI_LPFC=m +CONFIG_SCSI_LPFC_DEBUG_FS=y +# CONFIG_SCSI_EFCT is not set +CONFIG_SCSI_DC395x=m +CONFIG_SCSI_AM53C974=m +CONFIG_SCSI_WD719X=m +CONFIG_SCSI_DEBUG=m +CONFIG_SCSI_PMCRAID=m +CONFIG_SCSI_PM8001=m +CONFIG_SCSI_BFA_FC=m +CONFIG_SCSI_VIRTIO=y +CONFIG_SCSI_CHELSIO_FCOE=m +CONFIG_SCSI_DH=y +CONFIG_SCSI_DH_RDAC=y +CONFIG_SCSI_DH_HP_SW=m +CONFIG_SCSI_DH_EMC=m +CONFIG_SCSI_DH_ALUA=m +# end of SCSI device support + +CONFIG_ATA=y +CONFIG_SATA_HOST=y +CONFIG_PATA_TIMINGS=y +CONFIG_ATA_VERBOSE_ERROR=y +CONFIG_ATA_FORCE=y +CONFIG_ATA_ACPI=y +# CONFIG_SATA_ZPODD is not set +CONFIG_SATA_PMP=y + +# +# Controllers with non-SFF native interface +# +CONFIG_SATA_AHCI=y +CONFIG_SATA_MOBILE_LPM_POLICY=0 +# CONFIG_SATA_AHCI_PLATFORM is not set +# CONFIG_SATA_INIC162X is not set +# CONFIG_SATA_ACARD_AHCI is not set +CONFIG_SATA_SIL24=y +CONFIG_ATA_SFF=y + +# +# SFF controllers with custom DMA interface +# +CONFIG_PDC_ADMA=y +CONFIG_SATA_QSTOR=y +CONFIG_SATA_SX4=y +CONFIG_ATA_BMDMA=y + +# +# SATA SFF controllers with BMDMA +# +CONFIG_ATA_PIIX=y +# CONFIG_SATA_DWC is not set +CONFIG_SATA_MV=y +CONFIG_SATA_NV=y +CONFIG_SATA_PROMISE=y +CONFIG_SATA_SIL=y +CONFIG_SATA_SIS=y +CONFIG_SATA_SVW=y +CONFIG_SATA_ULI=y +CONFIG_SATA_VIA=y +CONFIG_SATA_VITESSE=y + +# +# PATA SFF controllers with BMDMA +# +CONFIG_PATA_ALI=y +CONFIG_PATA_AMD=y +CONFIG_PATA_ARTOP=y +CONFIG_PATA_ATIIXP=y +CONFIG_PATA_ATP867X=y +CONFIG_PATA_CMD64X=y +CONFIG_PATA_CYPRESS=y +CONFIG_PATA_EFAR=y +CONFIG_PATA_HPT366=y +CONFIG_PATA_HPT37X=y +CONFIG_PATA_HPT3X2N=y +CONFIG_PATA_HPT3X3=y +CONFIG_PATA_HPT3X3_DMA=y +CONFIG_PATA_IT8213=y +CONFIG_PATA_IT821X=y +CONFIG_PATA_JMICRON=y +CONFIG_PATA_MARVELL=y +CONFIG_PATA_NETCELL=y +CONFIG_PATA_NINJA32=y +CONFIG_PATA_NS87415=y +CONFIG_PATA_OLDPIIX=y +# CONFIG_PATA_OPTIDMA is not set +CONFIG_PATA_PDC2027X=y +# CONFIG_PATA_PDC_OLD is not set +# CONFIG_PATA_RADISYS is not set +# CONFIG_PATA_RDC is not set +CONFIG_PATA_SCH=y +# CONFIG_PATA_SERVERWORKS is not set +# CONFIG_PATA_SIL680 is not set +CONFIG_PATA_SIS=y +# CONFIG_PATA_TOSHIBA is not set +# CONFIG_PATA_TRIFLEX is not set +CONFIG_PATA_VIA=y +# CONFIG_PATA_WINBOND is not set + +# +# PIO-only SFF controllers +# +CONFIG_PATA_CMD640_PCI=y +CONFIG_PATA_MPIIX=y +CONFIG_PATA_NS87410=y +CONFIG_PATA_OPTI=y +# CONFIG_PATA_PLATFORM is not set +CONFIG_PATA_RZ1000=y + +# +# Generic fallback / legacy drivers +# +CONFIG_PATA_ACPI=y +CONFIG_ATA_GENERIC=y +CONFIG_PATA_LEGACY=y +CONFIG_MD=y +CONFIG_BLK_DEV_MD=m +CONFIG_MD_LINEAR=m +CONFIG_MD_RAID0=m +CONFIG_MD_RAID1=m +CONFIG_MD_RAID10=m +CONFIG_MD_RAID456=m +CONFIG_MD_MULTIPATH=m +# CONFIG_MD_FAULTY is not set +# CONFIG_MD_CLUSTER is not set +# CONFIG_BCACHE is not set +CONFIG_BLK_DEV_DM_BUILTIN=y +CONFIG_BLK_DEV_DM=m +# CONFIG_DM_DEBUG is not set +CONFIG_DM_BUFIO=m +# CONFIG_DM_DEBUG_BLOCK_MANAGER_LOCKING is not set +CONFIG_DM_BIO_PRISON=m +CONFIG_DM_PERSISTENT_DATA=m +# CONFIG_DM_UNSTRIPED is not set +CONFIG_DM_CRYPT=m +CONFIG_DM_SNAPSHOT=m +CONFIG_DM_THIN_PROVISIONING=m +# CONFIG_DM_CACHE is not set +# CONFIG_DM_WRITECACHE is not set +# CONFIG_DM_EBS is not set +# CONFIG_DM_ERA is not set +# CONFIG_DM_CLONE is not set +CONFIG_DM_MIRROR=m +# CONFIG_DM_LOG_USERSPACE is not set +CONFIG_DM_RAID=m +CONFIG_DM_ZERO=m +CONFIG_DM_MULTIPATH=m +# CONFIG_DM_MULTIPATH_QL is not set +# CONFIG_DM_MULTIPATH_ST is not set +# CONFIG_DM_MULTIPATH_HST is not set +# CONFIG_DM_MULTIPATH_IOA is not set +CONFIG_DM_DELAY=m +# CONFIG_DM_DUST is not set +CONFIG_DM_UEVENT=y +CONFIG_DM_FLAKEY=m +CONFIG_DM_VERITY=m +# CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG is not set +CONFIG_DM_VERITY_FEC=y +# CONFIG_DM_SWITCH is not set +# CONFIG_DM_LOG_WRITES is not set +# CONFIG_DM_INTEGRITY is not set +# CONFIG_DM_ZONED is not set +CONFIG_TARGET_CORE=m +CONFIG_TCM_IBLOCK=m +CONFIG_TCM_FILEIO=m +CONFIG_TCM_PSCSI=m +CONFIG_TCM_USER2=m +CONFIG_LOOPBACK_TARGET=m +CONFIG_TCM_FC=m +CONFIG_ISCSI_TARGET=m +# CONFIG_ISCSI_TARGET_CXGB4 is not set +CONFIG_FUSION=y +CONFIG_FUSION_SPI=y +# CONFIG_FUSION_FC is not set +CONFIG_FUSION_SAS=y +CONFIG_FUSION_MAX_SGE=40 +CONFIG_FUSION_CTL=y +CONFIG_FUSION_LOGGING=y + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# end of IEEE 1394 (FireWire) support + +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_MII=m +CONFIG_NET_CORE=y +CONFIG_BONDING=m +CONFIG_DUMMY=m +CONFIG_WIREGUARD=m +# CONFIG_WIREGUARD_DEBUG is not set +# CONFIG_EQUALIZER is not set +# CONFIG_NET_FC is not set +CONFIG_IFB=m +# CONFIG_NET_TEAM is not set +CONFIG_MACVLAN=y +CONFIG_MACVTAP=m +CONFIG_IPVLAN_L3S=y +CONFIG_IPVLAN=m +# CONFIG_IPVTAP is not set +CONFIG_VXLAN=m +CONFIG_GENEVE=m +# CONFIG_BAREUDP is not set +# CONFIG_GTP is not set +# CONFIG_MACSEC is not set +CONFIG_NETCONSOLE=m +CONFIG_NETCONSOLE_DYNAMIC=y +CONFIG_NETPOLL=y +CONFIG_NET_POLL_CONTROLLER=y +CONFIG_TUN=y +CONFIG_TAP=m +# CONFIG_TUN_VNET_CROSS_LE is not set +CONFIG_VETH=y +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +CONFIG_NET_VRF=m +CONFIG_VSOCKMON=m +# CONFIG_ARCNET is not set +CONFIG_ETHERNET=y +CONFIG_MDIO=m +# CONFIG_NET_VENDOR_3COM is not set +# CONFIG_NET_VENDOR_ADAPTEC is not set +CONFIG_NET_VENDOR_AGERE=y +# CONFIG_ET131X is not set +CONFIG_NET_VENDOR_ALACRITECH=y +# CONFIG_SLICOSS is not set +CONFIG_NET_VENDOR_ALTEON=y +CONFIG_ACENIC=m +# CONFIG_ACENIC_OMIT_TIGON_I is not set +# CONFIG_ALTERA_TSE is not set +# CONFIG_NET_VENDOR_AMAZON is not set +CONFIG_NET_VENDOR_AMD=y +CONFIG_AMD8111_ETH=m +CONFIG_PCNET32=m +# CONFIG_AMD_XGBE is not set +# CONFIG_NET_VENDOR_AQUANTIA is not set +# CONFIG_NET_VENDOR_ARC is not set +CONFIG_NET_VENDOR_ATHEROS=y +CONFIG_ATL2=m +CONFIG_ATL1=m +CONFIG_ATL1E=m +CONFIG_ATL1C=m +CONFIG_ALX=m +# CONFIG_CX_ECAT is not set +CONFIG_NET_VENDOR_BROADCOM=y +CONFIG_B44=m +CONFIG_B44_PCI_AUTOSELECT=y +CONFIG_B44_PCICORE_AUTOSELECT=y +CONFIG_B44_PCI=y +# CONFIG_BCMGENET is not set +CONFIG_BNX2=m +CONFIG_CNIC=m +CONFIG_TIGON3=m +CONFIG_TIGON3_HWMON=y +CONFIG_BNX2X=m +CONFIG_BNX2X_SRIOV=y +# CONFIG_SYSTEMPORT is not set +CONFIG_BNXT=m +CONFIG_BNXT_SRIOV=y +CONFIG_BNXT_FLOWER_OFFLOAD=y +# CONFIG_BNXT_DCB is not set +CONFIG_BNXT_HWMON=y +CONFIG_NET_VENDOR_CADENCE=y +# CONFIG_MACB is not set +CONFIG_NET_VENDOR_CAVIUM=y +# CONFIG_THUNDER_NIC_PF is not set +# CONFIG_THUNDER_NIC_VF is not set +# CONFIG_THUNDER_NIC_BGX is not set +# CONFIG_THUNDER_NIC_RGX is not set +CONFIG_CAVIUM_PTP=m +# CONFIG_LIQUIDIO is not set +# CONFIG_LIQUIDIO_VF is not set +CONFIG_NET_VENDOR_CHELSIO=y +CONFIG_CHELSIO_T1=m +CONFIG_CHELSIO_T1_1G=y +CONFIG_CHELSIO_T3=m +CONFIG_CHELSIO_T4=m +# CONFIG_CHELSIO_T4_DCB is not set +CONFIG_CHELSIO_T4VF=m +CONFIG_CHELSIO_LIB=m +CONFIG_CHELSIO_INLINE_CRYPTO=y +# CONFIG_CHELSIO_IPSEC_INLINE is not set +CONFIG_NET_VENDOR_CISCO=y +CONFIG_ENIC=m +# CONFIG_NET_VENDOR_CORTINA is not set +# CONFIG_DNET is not set +CONFIG_NET_VENDOR_DEC=y +CONFIG_NET_TULIP=y +# CONFIG_DE2104X is not set +CONFIG_TULIP=m +# CONFIG_TULIP_MWI is not set +CONFIG_TULIP_MMIO=y +CONFIG_TULIP_NAPI=y +# CONFIG_TULIP_NAPI_HW_MITIGATION is not set +# CONFIG_DE4X5 is not set +# CONFIG_WINBOND_840 is not set +# CONFIG_DM9102 is not set +# CONFIG_ULI526X is not set +CONFIG_NET_VENDOR_DLINK=y +CONFIG_DL2K=m +CONFIG_SUNDANCE=m +# CONFIG_SUNDANCE_MMIO is not set +CONFIG_NET_VENDOR_EMULEX=y +CONFIG_BE2NET=m +CONFIG_BE2NET_HWMON=y +# CONFIG_BE2NET_BE2 is not set +# CONFIG_BE2NET_BE3 is not set +# CONFIG_BE2NET_LANCER is not set +# CONFIG_BE2NET_SKYHAWK is not set + +# +# WARNING: be2net is useless without any enabled chip +# +CONFIG_NET_VENDOR_EZCHIP=y +CONFIG_NET_VENDOR_GOOGLE=y +# CONFIG_GVE is not set +# CONFIG_NET_VENDOR_HUAWEI is not set +CONFIG_NET_VENDOR_I825XX=y +CONFIG_NET_VENDOR_INTEL=y +CONFIG_E100=m +CONFIG_E1000=y +CONFIG_E1000E=y +CONFIG_E1000E_HWTS=y +CONFIG_IGB=m +CONFIG_IGB_HWMON=y +CONFIG_IGB_DCA=y +CONFIG_IGBVF=m +CONFIG_IXGB=m +CONFIG_IXGBE=m +CONFIG_IXGBE_HWMON=y +CONFIG_IXGBE_DCA=y +CONFIG_IXGBE_DCB=y +CONFIG_IXGBE_IPSEC=y +CONFIG_IXGBEVF=m +CONFIG_IXGBEVF_IPSEC=y +CONFIG_I40E=m +CONFIG_I40E_DCB=y +CONFIG_IAVF=m +CONFIG_I40EVF=m +# CONFIG_ICE is not set +CONFIG_FM10K=m +# CONFIG_IGC is not set +CONFIG_JME=m +CONFIG_NET_VENDOR_LITEX=y +CONFIG_NET_VENDOR_MARVELL=y +# CONFIG_MVMDIO is not set +CONFIG_SKGE=m +# CONFIG_SKGE_DEBUG is not set +# CONFIG_SKGE_GENESIS is not set +CONFIG_SKY2=m +# CONFIG_SKY2_DEBUG is not set +# CONFIG_PRESTERA is not set +CONFIG_NET_VENDOR_MELLANOX=y +CONFIG_MLX4_EN=m +CONFIG_MLX4_EN_DCB=y +CONFIG_MLX4_CORE=m +CONFIG_MLX4_DEBUG=y +# CONFIG_MLX4_CORE_GEN2 is not set +CONFIG_MLX5_CORE=m +CONFIG_MLX5_ACCEL=y +CONFIG_MLX5_FPGA=y +CONFIG_MLX5_CORE_EN=y +CONFIG_MLX5_EN_ARFS=y +CONFIG_MLX5_EN_RXNFC=y +CONFIG_MLX5_MPFS=y +CONFIG_MLX5_ESWITCH=y +CONFIG_MLX5_BRIDGE=y +CONFIG_MLX5_CLS_ACT=y +CONFIG_MLX5_TC_SAMPLE=y +CONFIG_MLX5_CORE_EN_DCB=y +CONFIG_MLX5_CORE_IPOIB=y +CONFIG_MLX5_FPGA_IPSEC=y +# CONFIG_MLX5_IPSEC is not set +CONFIG_MLX5_EN_IPSEC=y +CONFIG_MLX5_SW_STEERING=y +# CONFIG_MLX5_SF is not set +CONFIG_MLXSW_CORE=m +CONFIG_MLXSW_CORE_HWMON=y +CONFIG_MLXSW_CORE_THERMAL=y +CONFIG_MLXSW_PCI=m +CONFIG_MLXSW_I2C=m +CONFIG_MLXSW_SPECTRUM=m +CONFIG_MLXSW_SPECTRUM_DCB=y +CONFIG_MLXSW_MINIMAL=m +CONFIG_MLXFW=m +# CONFIG_NET_VENDOR_MICREL is not set +CONFIG_NET_VENDOR_MICROCHIP=y +# CONFIG_LAN743X is not set +# CONFIG_NET_VENDOR_MICROSEMI is not set +CONFIG_NET_VENDOR_MICROSOFT=y +CONFIG_MICROSOFT_MANA=m +CONFIG_NET_VENDOR_MYRI=y +CONFIG_MYRI10GE=m +CONFIG_MYRI10GE_DCA=y +# CONFIG_FEALNX is not set +# CONFIG_NET_VENDOR_NI is not set +# CONFIG_NET_VENDOR_NATSEMI is not set +# CONFIG_NET_VENDOR_NETERION is not set +# CONFIG_NET_VENDOR_NETRONOME is not set +CONFIG_NET_VENDOR_NVIDIA=y +CONFIG_FORCEDETH=m +# CONFIG_NET_VENDOR_OKI is not set +# CONFIG_ETHOC is not set +# CONFIG_NET_VENDOR_PACKET_ENGINES is not set +CONFIG_NET_VENDOR_PENSANDO=y +# CONFIG_IONIC is not set +CONFIG_NET_VENDOR_QLOGIC=y +# CONFIG_QLA3XXX is not set +# CONFIG_QLCNIC is not set +CONFIG_NETXEN_NIC=m +CONFIG_QED=m +CONFIG_QED_SRIOV=y +CONFIG_QEDE=m +CONFIG_NET_VENDOR_BROCADE=y +CONFIG_BNA=m +CONFIG_NET_VENDOR_QUALCOMM=y +# CONFIG_QCOM_EMAC is not set +# CONFIG_RMNET is not set +# CONFIG_NET_VENDOR_RDC is not set +CONFIG_NET_VENDOR_REALTEK=y +CONFIG_8139CP=m +CONFIG_8139TOO=m +CONFIG_8139TOO_PIO=y +CONFIG_8139TOO_TUNE_TWISTER=y +CONFIG_8139TOO_8129=y +# CONFIG_8139_OLD_RX_RESET is not set +CONFIG_R8169=m +CONFIG_NET_VENDOR_RENESAS=y +CONFIG_NET_VENDOR_ROCKER=y +CONFIG_ROCKER=m +CONFIG_NET_VENDOR_SAMSUNG=y +# CONFIG_SXGBE_ETH is not set +# CONFIG_NET_VENDOR_SEEQ is not set +# CONFIG_NET_VENDOR_SILAN is not set +# CONFIG_NET_VENDOR_SIS is not set +# CONFIG_NET_VENDOR_SOLARFLARE is not set +# CONFIG_NET_VENDOR_SMSC is not set +# CONFIG_NET_VENDOR_SOCIONEXT is not set +# CONFIG_NET_VENDOR_STMICRO is not set +# CONFIG_NET_VENDOR_SUN is not set +# CONFIG_NET_VENDOR_SYNOPSYS is not set +# CONFIG_NET_VENDOR_TEHUTI is not set +# CONFIG_NET_VENDOR_TI is not set +# CONFIG_NET_VENDOR_VIA is not set +# CONFIG_NET_VENDOR_WIZNET is not set +CONFIG_NET_VENDOR_XILINX=y +# CONFIG_XILINX_EMACLITE is not set +# CONFIG_XILINX_AXI_EMAC is not set +# CONFIG_XILINX_LL_TEMAC is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +CONFIG_PHYLIB=y +CONFIG_SWPHY=y +# CONFIG_LED_TRIGGER_PHY is not set +CONFIG_FIXED_PHY=y + +# +# MII PHY device drivers +# +CONFIG_AMD_PHY=m +# CONFIG_ADIN_PHY is not set +# CONFIG_AQUANTIA_PHY is not set +CONFIG_AX88796B_PHY=m +CONFIG_BROADCOM_PHY=m +# CONFIG_BCM54140_PHY is not set +CONFIG_BCM7XXX_PHY=m +# CONFIG_BCM84881_PHY is not set +CONFIG_BCM87XX_PHY=m +CONFIG_BCM_NET_PHYLIB=m +# CONFIG_CICADA_PHY is not set +# CONFIG_CORTINA_PHY is not set +# CONFIG_DAVICOM_PHY is not set +# CONFIG_ICPLUS_PHY is not set +CONFIG_LXT_PHY=m +# CONFIG_INTEL_XWAY_PHY is not set +CONFIG_LSI_ET1011C_PHY=m +CONFIG_MARVELL_PHY=m +# CONFIG_MARVELL_10G_PHY is not set +# CONFIG_MARVELL_88X2222_PHY is not set +# CONFIG_MAXLINEAR_GPHY is not set +# CONFIG_MEDIATEK_GE_PHY is not set +CONFIG_MICREL_PHY=m +CONFIG_MICROCHIP_PHY=m +# CONFIG_MICROCHIP_T1_PHY is not set +# CONFIG_MICROSEMI_PHY is not set +# CONFIG_MOTORCOMM_PHY is not set +CONFIG_NATIONAL_PHY=m +# CONFIG_NXP_C45_TJA11XX_PHY is not set +# CONFIG_NXP_TJA11XX_PHY is not set +# CONFIG_QSEMI_PHY is not set +CONFIG_REALTEK_PHY=m +# CONFIG_RENESAS_PHY is not set +# CONFIG_ROCKCHIP_PHY is not set +# CONFIG_SMSC_PHY is not set +CONFIG_STE10XP=m +# CONFIG_TERANETICS_PHY is not set +# CONFIG_DP83822_PHY is not set +# CONFIG_DP83TC811_PHY is not set +# CONFIG_DP83848_PHY is not set +# CONFIG_DP83867_PHY is not set +# CONFIG_DP83869_PHY is not set +# CONFIG_VITESSE_PHY is not set +# CONFIG_XILINX_GMII2RGMII is not set +CONFIG_MDIO_DEVICE=y +CONFIG_MDIO_BUS=y +CONFIG_FWNODE_MDIO=y +CONFIG_ACPI_MDIO=y +CONFIG_MDIO_DEVRES=y +# CONFIG_MDIO_BITBANG is not set +# CONFIG_MDIO_BCM_UNIMAC is not set +# CONFIG_MDIO_MVUSB is not set +# CONFIG_MDIO_MSCC_MIIM is not set +# CONFIG_MDIO_THUNDER is not set + +# +# MDIO Multiplexers +# + +# +# PCS device drivers +# +# CONFIG_PCS_XPCS is not set +# end of PCS device drivers + +CONFIG_PPP=y +CONFIG_PPP_BSDCOMP=m +CONFIG_PPP_DEFLATE=m +CONFIG_PPP_FILTER=y +CONFIG_PPP_MPPE=m +CONFIG_PPP_MULTILINK=y +CONFIG_PPPOE=m +CONFIG_PPTP=m +CONFIG_PPP_ASYNC=m +CONFIG_PPP_SYNC_TTY=m +# CONFIG_SLIP is not set +CONFIG_SLHC=y + +# +# Host-side USB support is needed for USB Network Adapter support +# +CONFIG_USB_NET_DRIVERS=m +# CONFIG_USB_CATC is not set +# CONFIG_USB_KAWETH is not set +# CONFIG_USB_PEGASUS is not set +# CONFIG_USB_RTL8150 is not set +# CONFIG_USB_RTL8152 is not set +CONFIG_USB_LAN78XX=m +CONFIG_USB_USBNET=m +CONFIG_USB_NET_AX8817X=m +CONFIG_USB_NET_AX88179_178A=m +CONFIG_USB_NET_CDCETHER=m +# CONFIG_USB_NET_CDC_EEM is not set +CONFIG_USB_NET_CDC_NCM=m +CONFIG_USB_NET_HUAWEI_CDC_NCM=m +CONFIG_USB_NET_CDC_MBIM=m +# CONFIG_USB_NET_DM9601 is not set +# CONFIG_USB_NET_SR9700 is not set +# CONFIG_USB_NET_SR9800 is not set +# CONFIG_USB_NET_SMSC75XX is not set +# CONFIG_USB_NET_SMSC95XX is not set +# CONFIG_USB_NET_GL620A is not set +CONFIG_USB_NET_NET1080=m +# CONFIG_USB_NET_PLUSB is not set +# CONFIG_USB_NET_MCS7830 is not set +# CONFIG_USB_NET_RNDIS_HOST is not set +CONFIG_USB_NET_CDC_SUBSET_ENABLE=m +CONFIG_USB_NET_CDC_SUBSET=m +# CONFIG_USB_ALI_M5632 is not set +# CONFIG_USB_AN2720 is not set +CONFIG_USB_BELKIN=y +CONFIG_USB_ARMLINUX=y +# CONFIG_USB_EPSON2888 is not set +# CONFIG_USB_KC2190 is not set +CONFIG_USB_NET_ZAURUS=m +# CONFIG_USB_NET_CX82310_ETH is not set +# CONFIG_USB_NET_KALMIA is not set +CONFIG_USB_NET_QMI_WWAN=m +# CONFIG_USB_NET_INT51X1 is not set +# CONFIG_USB_IPHETH is not set +# CONFIG_USB_SIERRA_NET is not set +# CONFIG_USB_VL600 is not set +# CONFIG_USB_NET_CH9200 is not set +# CONFIG_USB_NET_AQC111 is not set +CONFIG_USB_RTL8153_ECM=m +CONFIG_WLAN=y +CONFIG_WLAN_VENDOR_ADMTEK=y +# CONFIG_ADM8211 is not set +CONFIG_WLAN_VENDOR_ATH=y +# CONFIG_ATH_DEBUG is not set +# CONFIG_ATH5K is not set +# CONFIG_ATH5K_PCI is not set +# CONFIG_ATH9K is not set +# CONFIG_ATH9K_HTC is not set +# CONFIG_CARL9170 is not set +# CONFIG_ATH6KL is not set +# CONFIG_AR5523 is not set +# CONFIG_WIL6210 is not set +# CONFIG_ATH10K is not set +# CONFIG_WCN36XX is not set +CONFIG_WLAN_VENDOR_ATMEL=y +# CONFIG_ATMEL is not set +# CONFIG_AT76C50X_USB is not set +CONFIG_WLAN_VENDOR_BROADCOM=y +# CONFIG_B43 is not set +# CONFIG_B43LEGACY is not set +# CONFIG_BRCMSMAC is not set +# CONFIG_BRCMFMAC is not set +CONFIG_WLAN_VENDOR_CISCO=y +# CONFIG_AIRO is not set +CONFIG_WLAN_VENDOR_INTEL=y +# CONFIG_IPW2100 is not set +# CONFIG_IPW2200 is not set +# CONFIG_IWL4965 is not set +# CONFIG_IWL3945 is not set +CONFIG_IWLWIFI=m +CONFIG_IWLWIFI_LEDS=y +# CONFIG_IWLDVM is not set +CONFIG_IWLMVM=m +CONFIG_IWLWIFI_OPMODE_MODULAR=y +# CONFIG_IWLWIFI_BCAST_FILTERING is not set + +# +# Debugging Options +# +# CONFIG_IWLWIFI_DEBUG is not set +CONFIG_IWLWIFI_DEVICE_TRACING=y +# end of Debugging Options + +CONFIG_WLAN_VENDOR_INTERSIL=y +# CONFIG_HOSTAP is not set +# CONFIG_HERMES is not set +# CONFIG_P54_COMMON is not set +CONFIG_WLAN_VENDOR_MARVELL=y +# CONFIG_LIBERTAS is not set +# CONFIG_LIBERTAS_THINFIRM is not set +# CONFIG_MWIFIEX is not set +# CONFIG_MWL8K is not set +CONFIG_WLAN_VENDOR_MEDIATEK=y +# CONFIG_MT7601U is not set +# CONFIG_MT76x0U is not set +# CONFIG_MT76x0E is not set +# CONFIG_MT76x2E is not set +# CONFIG_MT76x2U is not set +# CONFIG_MT7603E is not set +# CONFIG_MT7615E is not set +# CONFIG_MT7663U is not set +# CONFIG_MT7663S is not set +# CONFIG_MT7915E is not set +# CONFIG_MT7921E is not set +CONFIG_WLAN_VENDOR_MICROCHIP=y +# CONFIG_WILC1000_SDIO is not set +CONFIG_WLAN_VENDOR_RALINK=y +# CONFIG_RT2X00 is not set +CONFIG_WLAN_VENDOR_REALTEK=y +# CONFIG_RTL8180 is not set +# CONFIG_RTL8187 is not set +CONFIG_RTL_CARDS=m +# CONFIG_RTL8192CE is not set +# CONFIG_RTL8192SE is not set +# CONFIG_RTL8192DE is not set +# CONFIG_RTL8723AE is not set +# CONFIG_RTL8723BE is not set +# CONFIG_RTL8188EE is not set +# CONFIG_RTL8192EE is not set +# CONFIG_RTL8821AE is not set +# CONFIG_RTL8192CU is not set +# CONFIG_RTL8XXXU is not set +# CONFIG_RTW88 is not set +CONFIG_WLAN_VENDOR_RSI=y +CONFIG_RSI_91X=m +CONFIG_RSI_DEBUGFS=y +CONFIG_RSI_SDIO=m +CONFIG_RSI_USB=m +CONFIG_RSI_COEX=y +CONFIG_WLAN_VENDOR_ST=y +# CONFIG_CW1200 is not set +CONFIG_WLAN_VENDOR_TI=y +# CONFIG_WL1251 is not set +# CONFIG_WL12XX is not set +# CONFIG_WL18XX is not set +# CONFIG_WLCORE is not set +CONFIG_WLAN_VENDOR_ZYDAS=y +# CONFIG_USB_ZD1201 is not set +# CONFIG_ZD1211RW is not set +CONFIG_WLAN_VENDOR_QUANTENNA=y +# CONFIG_QTNFMAC_PCIE is not set +# CONFIG_MAC80211_HWSIM is not set +# CONFIG_USB_NET_RNDIS_WLAN is not set +# CONFIG_VIRT_WIFI is not set +# CONFIG_WAN is not set + +# +# Wireless WAN +# +# CONFIG_WWAN is not set +# end of Wireless WAN + +CONFIG_XEN_NETDEV_FRONTEND=m +# CONFIG_XEN_NETDEV_BACKEND is not set +CONFIG_VMXNET3=y +# CONFIG_FUJITSU_ES is not set +CONFIG_HYPERV_NET=m +# CONFIG_NETDEVSIM is not set +CONFIG_NET_FAILOVER=y +# CONFIG_ISDN is not set + +# +# Input device support +# +CONFIG_INPUT=y +CONFIG_INPUT_LEDS=m +CONFIG_INPUT_FF_MEMLESS=m +CONFIG_INPUT_SPARSEKMAP=m +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +CONFIG_INPUT_MOUSEDEV=m +# CONFIG_INPUT_MOUSEDEV_PSAUX is not set +CONFIG_INPUT_MOUSEDEV_SCREEN_X=1024 +CONFIG_INPUT_MOUSEDEV_SCREEN_Y=768 +# CONFIG_INPUT_JOYDEV is not set +CONFIG_INPUT_EVDEV=m +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +CONFIG_INPUT_KEYBOARD=y +# CONFIG_KEYBOARD_ADC is not set +# CONFIG_KEYBOARD_ADP5588 is not set +# CONFIG_KEYBOARD_ADP5589 is not set +CONFIG_KEYBOARD_ATKBD=y +# CONFIG_KEYBOARD_QT1050 is not set +# CONFIG_KEYBOARD_QT1070 is not set +# CONFIG_KEYBOARD_QT2160 is not set +# CONFIG_KEYBOARD_DLINK_DIR685 is not set +# CONFIG_KEYBOARD_LKKBD is not set +# CONFIG_KEYBOARD_GPIO is not set +# CONFIG_KEYBOARD_GPIO_POLLED is not set +# CONFIG_KEYBOARD_TCA6416 is not set +# CONFIG_KEYBOARD_TCA8418 is not set +# CONFIG_KEYBOARD_MATRIX is not set +# CONFIG_KEYBOARD_LM8323 is not set +# CONFIG_KEYBOARD_LM8333 is not set +# CONFIG_KEYBOARD_MAX7359 is not set +# CONFIG_KEYBOARD_MCS is not set +# CONFIG_KEYBOARD_MPR121 is not set +# CONFIG_KEYBOARD_NEWTON is not set +# CONFIG_KEYBOARD_OPENCORES is not set +# CONFIG_KEYBOARD_SAMSUNG is not set +# CONFIG_KEYBOARD_STOWAWAY is not set +# CONFIG_KEYBOARD_SUNKBD is not set +# CONFIG_KEYBOARD_TM2_TOUCHKEY is not set +# CONFIG_KEYBOARD_XTKBD is not set +CONFIG_INPUT_MOUSE=y +CONFIG_MOUSE_PS2=m +CONFIG_MOUSE_PS2_ALPS=y +# CONFIG_MOUSE_PS2_BYD is not set +CONFIG_MOUSE_PS2_LOGIPS2PP=y +CONFIG_MOUSE_PS2_SYNAPTICS=y +# CONFIG_MOUSE_PS2_SYNAPTICS_SMBUS is not set +CONFIG_MOUSE_PS2_CYPRESS=y +CONFIG_MOUSE_PS2_LIFEBOOK=y +CONFIG_MOUSE_PS2_TRACKPOINT=y +# CONFIG_MOUSE_PS2_ELANTECH is not set +# CONFIG_MOUSE_PS2_SENTELIC is not set +# CONFIG_MOUSE_PS2_TOUCHKIT is not set +CONFIG_MOUSE_PS2_FOCALTECH=y +# CONFIG_MOUSE_PS2_VMMOUSE is not set +# CONFIG_MOUSE_SERIAL is not set +# CONFIG_MOUSE_APPLETOUCH is not set +# CONFIG_MOUSE_BCM5974 is not set +# CONFIG_MOUSE_CYAPA is not set +# CONFIG_MOUSE_ELAN_I2C is not set +# CONFIG_MOUSE_VSXXXAA is not set +# CONFIG_MOUSE_GPIO is not set +# CONFIG_MOUSE_SYNAPTICS_I2C is not set +# CONFIG_MOUSE_SYNAPTICS_USB is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +CONFIG_INPUT_MISC=y +# CONFIG_INPUT_AD714X is not set +# CONFIG_INPUT_BMA150 is not set +# CONFIG_INPUT_E3X0_BUTTON is not set +# CONFIG_INPUT_MMA8450 is not set +# CONFIG_INPUT_APANEL is not set +# CONFIG_INPUT_GPIO_BEEPER is not set +# CONFIG_INPUT_GPIO_DECODER is not set +# CONFIG_INPUT_GPIO_VIBRA is not set +# CONFIG_INPUT_ATLAS_BTNS is not set +# CONFIG_INPUT_ATI_REMOTE2 is not set +# CONFIG_INPUT_KEYSPAN_REMOTE is not set +# CONFIG_INPUT_KXTJ9 is not set +# CONFIG_INPUT_POWERMATE is not set +# CONFIG_INPUT_YEALINK is not set +# CONFIG_INPUT_CM109 is not set +CONFIG_INPUT_UINPUT=m +# CONFIG_INPUT_PCF8574 is not set +# CONFIG_INPUT_PWM_BEEPER is not set +# CONFIG_INPUT_PWM_VIBRA is not set +# CONFIG_INPUT_GPIO_ROTARY_ENCODER is not set +# CONFIG_INPUT_DA7280_HAPTICS is not set +# CONFIG_INPUT_ADXL34X is not set +# CONFIG_INPUT_IMS_PCU is not set +# CONFIG_INPUT_IQS269A is not set +# CONFIG_INPUT_IQS626A is not set +# CONFIG_INPUT_CMA3000 is not set +CONFIG_INPUT_XEN_KBDDEV_FRONTEND=y +# CONFIG_INPUT_IDEAPAD_SLIDEBAR is not set +# CONFIG_INPUT_DRV260X_HAPTICS is not set +# CONFIG_INPUT_DRV2665_HAPTICS is not set +# CONFIG_INPUT_DRV2667_HAPTICS is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +CONFIG_SERIO=y +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +CONFIG_SERIO_I8042=y +# CONFIG_SERIO_SERPORT is not set +# CONFIG_SERIO_CT82C710 is not set +# CONFIG_SERIO_PCIPS2 is not set +CONFIG_SERIO_LIBPS2=y +# CONFIG_SERIO_RAW is not set +# CONFIG_SERIO_ALTERA_PS2 is not set +# CONFIG_SERIO_PS2MULT is not set +# CONFIG_SERIO_ARC_PS2 is not set +CONFIG_HYPERV_KEYBOARD=m +# CONFIG_SERIO_GPIO_PS2 is not set +# CONFIG_USERIO is not set +# CONFIG_GAMEPORT is not set +# end of Hardware I/O ports +# end of Input device support + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_VT_CONSOLE_SLEEP=y +CONFIG_HW_CONSOLE=y +CONFIG_VT_HW_CONSOLE_BINDING=y +CONFIG_UNIX98_PTYS=y +# CONFIG_LEGACY_PTYS is not set +# CONFIG_LDISC_AUTOLOAD is not set + +# +# Serial drivers +# +CONFIG_SERIAL_EARLYCON=y +CONFIG_SERIAL_8250=y +CONFIG_SERIAL_8250_DEPRECATED_OPTIONS=y +CONFIG_SERIAL_8250_PNP=y +# CONFIG_SERIAL_8250_16550A_VARIANTS is not set +# CONFIG_SERIAL_8250_FINTEK is not set +CONFIG_SERIAL_8250_CONSOLE=y +CONFIG_SERIAL_8250_DMA=y +CONFIG_SERIAL_8250_PCI=y +# CONFIG_SERIAL_8250_EXAR is not set +CONFIG_SERIAL_8250_NR_UARTS=32 +CONFIG_SERIAL_8250_RUNTIME_UARTS=8 +CONFIG_SERIAL_8250_EXTENDED=y +CONFIG_SERIAL_8250_MANY_PORTS=y +CONFIG_SERIAL_8250_SHARE_IRQ=y +# CONFIG_SERIAL_8250_DETECT_IRQ is not set +CONFIG_SERIAL_8250_RSA=y +CONFIG_SERIAL_8250_DWLIB=y +CONFIG_SERIAL_8250_DW=m +# CONFIG_SERIAL_8250_RT288X is not set +CONFIG_SERIAL_8250_LPSS=m +CONFIG_SERIAL_8250_MID=m + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_KGDB_NMI is not set +# CONFIG_SERIAL_UARTLITE is not set +CONFIG_SERIAL_CORE=y +CONFIG_SERIAL_CORE_CONSOLE=y +CONFIG_CONSOLE_POLL=y +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_LANTIQ is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_SC16IS7XX is not set +# CONFIG_SERIAL_BCM63XX is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +# CONFIG_SERIAL_FSL_LINFLEXUART is not set +# CONFIG_SERIAL_SPRD is not set +# end of Serial drivers + +CONFIG_SERIAL_MCTRL_GPIO=y +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_N_GSM is not set +# CONFIG_NOZOMI is not set +# CONFIG_NULL_TTY is not set +CONFIG_HVC_DRIVER=y +CONFIG_HVC_IRQ=y +CONFIG_HVC_XEN=y +CONFIG_HVC_XEN_FRONTEND=y +CONFIG_SERIAL_DEV_BUS=y +CONFIG_SERIAL_DEV_CTRL_TTYPORT=y +# CONFIG_TTY_PRINTK is not set +CONFIG_VIRTIO_CONSOLE=m +CONFIG_IPMI_HANDLER=m +CONFIG_IPMI_DMI_DECODE=y +CONFIG_IPMI_PLAT_DATA=y +CONFIG_IPMI_PANIC_EVENT=y +CONFIG_IPMI_PANIC_STRING=y +CONFIG_IPMI_DEVICE_INTERFACE=m +CONFIG_IPMI_SI=m +# CONFIG_IPMI_SSIF is not set +CONFIG_IPMI_WATCHDOG=m +CONFIG_IPMI_POWEROFF=m +CONFIG_HW_RANDOM=y +CONFIG_HW_RANDOM_TIMERIOMEM=m +CONFIG_HW_RANDOM_INTEL=m +CONFIG_HW_RANDOM_AMD=m +# CONFIG_HW_RANDOM_BA431 is not set +CONFIG_HW_RANDOM_VIA=m +CONFIG_HW_RANDOM_VIRTIO=m +# CONFIG_HW_RANDOM_XIPHERA is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +CONFIG_DEVMEM=y +CONFIG_NVRAM=m +# CONFIG_DEVPORT is not set +CONFIG_HPET=y +CONFIG_HPET_MMAP=y +CONFIG_HPET_MMAP_DEFAULT=y +CONFIG_HANGCHECK_TIMER=m +CONFIG_TCG_TPM=y +CONFIG_HW_RANDOM_TPM=y +CONFIG_TCG_TIS_CORE=y +CONFIG_TCG_TIS=y +# CONFIG_TCG_TIS_I2C_CR50 is not set +CONFIG_TCG_TIS_I2C_ATMEL=m +CONFIG_TCG_TIS_I2C_INFINEON=m +CONFIG_TCG_TIS_I2C_NUVOTON=m +CONFIG_TCG_NSC=m +CONFIG_TCG_ATMEL=m +CONFIG_TCG_INFINEON=m +CONFIG_TCG_XEN=m +CONFIG_TCG_CRB=y +# CONFIG_TCG_VTPM_PROXY is not set +# CONFIG_TCG_TIS_ST33ZP24_I2C is not set +# CONFIG_TELCLOCK is not set +# CONFIG_XILLYBUS is not set +# CONFIG_XILLYUSB is not set +CONFIG_RANDOM_TRUST_CPU=y +# CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices + +# +# I2C support +# +CONFIG_I2C=y +CONFIG_ACPI_I2C_OPREGION=y +CONFIG_I2C_BOARDINFO=y +# CONFIG_I2C_COMPAT is not set +CONFIG_I2C_CHARDEV=m +# CONFIG_I2C_MUX is not set +CONFIG_I2C_HELPER_AUTO=y +CONFIG_I2C_SMBUS=m +CONFIG_I2C_ALGOBIT=y + +# +# I2C Hardware Bus support +# + +# +# PC SMBus host controller drivers +# +# CONFIG_I2C_ALI1535 is not set +# CONFIG_I2C_ALI1563 is not set +# CONFIG_I2C_ALI15X3 is not set +CONFIG_I2C_AMD756=m +# CONFIG_I2C_AMD756_S4882 is not set +CONFIG_I2C_AMD8111=m +# CONFIG_I2C_AMD_MP2 is not set +CONFIG_I2C_I801=m +# CONFIG_I2C_ISCH is not set +# CONFIG_I2C_ISMT is not set +CONFIG_I2C_PIIX4=m +# CONFIG_I2C_NFORCE2 is not set +# CONFIG_I2C_NVIDIA_GPU is not set +# CONFIG_I2C_SIS5595 is not set +# CONFIG_I2C_SIS630 is not set +# CONFIG_I2C_SIS96X is not set +# CONFIG_I2C_VIA is not set +# CONFIG_I2C_VIAPRO is not set + +# +# ACPI drivers +# +# CONFIG_I2C_SCMI is not set + +# +# I2C system bus drivers (mostly embedded / system-on-chip) +# +# CONFIG_I2C_CBUS_GPIO is not set +CONFIG_I2C_DESIGNWARE_CORE=m +# CONFIG_I2C_DESIGNWARE_SLAVE is not set +CONFIG_I2C_DESIGNWARE_PLATFORM=m +CONFIG_I2C_DESIGNWARE_BAYTRAIL=y +# CONFIG_I2C_DESIGNWARE_PCI is not set +# CONFIG_I2C_EMEV2 is not set +# CONFIG_I2C_GPIO is not set +# CONFIG_I2C_OCORES is not set +# CONFIG_I2C_PCA_PLATFORM is not set +# CONFIG_I2C_SIMTEC is not set +# CONFIG_I2C_XILINX is not set + +# +# External I2C/SMBus adapter drivers +# +# CONFIG_I2C_DIOLAN_U2C is not set +# CONFIG_I2C_CP2615 is not set +# CONFIG_I2C_ROBOTFUZZ_OSIF is not set +# CONFIG_I2C_TAOS_EVM is not set +# CONFIG_I2C_TINY_USB is not set + +# +# Other I2C/SMBus bus drivers +# +# CONFIG_I2C_MLXCPLD is not set +# CONFIG_I2C_VIRTIO is not set +# end of I2C Hardware Bus support + +# CONFIG_I2C_STUB is not set +# CONFIG_I2C_SLAVE is not set +# CONFIG_I2C_DEBUG_CORE is not set +# CONFIG_I2C_DEBUG_ALGO is not set +# CONFIG_I2C_DEBUG_BUS is not set +# end of I2C support + +# CONFIG_I3C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set +CONFIG_PPS=y +# CONFIG_PPS_DEBUG is not set + +# +# PPS clients support +# +# CONFIG_PPS_CLIENT_KTIMER is not set +# CONFIG_PPS_CLIENT_LDISC is not set +# CONFIG_PPS_CLIENT_GPIO is not set + +# +# PPS generators support +# + +# +# PTP clock support +# +CONFIG_PTP_1588_CLOCK=y +CONFIG_PTP_1588_CLOCK_OPTIONAL=y +# CONFIG_DP83640_PHY is not set +# CONFIG_PTP_1588_CLOCK_INES is not set +CONFIG_PTP_1588_CLOCK_KVM=m +# CONFIG_PTP_1588_CLOCK_IDT82P33 is not set +# CONFIG_PTP_1588_CLOCK_IDTCM is not set +# CONFIG_PTP_1588_CLOCK_VMW is not set +# end of PTP clock support + +CONFIG_PINCTRL=y +CONFIG_PINMUX=y +CONFIG_PINCONF=y +CONFIG_GENERIC_PINCONF=y +# CONFIG_DEBUG_PINCTRL is not set +# CONFIG_PINCTRL_AMD is not set +# CONFIG_PINCTRL_MCP23S08 is not set +# CONFIG_PINCTRL_SX150X is not set +CONFIG_PINCTRL_BAYTRAIL=y +# CONFIG_PINCTRL_CHERRYVIEW is not set +# CONFIG_PINCTRL_LYNXPOINT is not set +# CONFIG_PINCTRL_MERRIFIELD is not set +CONFIG_PINCTRL_INTEL=y +# CONFIG_PINCTRL_ALDERLAKE is not set +CONFIG_PINCTRL_BROXTON=m +# CONFIG_PINCTRL_CANNONLAKE is not set +# CONFIG_PINCTRL_CEDARFORK is not set +# CONFIG_PINCTRL_DENVERTON is not set +# CONFIG_PINCTRL_ELKHARTLAKE is not set +# CONFIG_PINCTRL_EMMITSBURG is not set +# CONFIG_PINCTRL_GEMINILAKE is not set +# CONFIG_PINCTRL_ICELAKE is not set +# CONFIG_PINCTRL_JASPERLAKE is not set +# CONFIG_PINCTRL_LAKEFIELD is not set +# CONFIG_PINCTRL_LEWISBURG is not set +# CONFIG_PINCTRL_SUNRISEPOINT is not set +# CONFIG_PINCTRL_TIGERLAKE is not set + +# +# Renesas pinctrl drivers +# +# end of Renesas pinctrl drivers + +CONFIG_GPIOLIB=y +CONFIG_GPIOLIB_FASTPATH_LIMIT=512 +CONFIG_GPIO_ACPI=y +CONFIG_GPIOLIB_IRQCHIP=y +# CONFIG_DEBUG_GPIO is not set +CONFIG_GPIO_SYSFS=y +CONFIG_GPIO_CDEV=y +CONFIG_GPIO_CDEV_V1=y +CONFIG_GPIO_GENERIC=m + +# +# Memory mapped GPIO drivers +# +# CONFIG_GPIO_AMDPT is not set +# CONFIG_GPIO_DWAPB is not set +CONFIG_GPIO_GENERIC_PLATFORM=m +CONFIG_GPIO_ICH=m +# CONFIG_GPIO_MB86S7X is not set +# CONFIG_GPIO_VX855 is not set +# CONFIG_GPIO_AMD_FCH is not set +# end of Memory mapped GPIO drivers + +# +# Port-mapped I/O GPIO drivers +# +# CONFIG_GPIO_104_DIO_48E is not set +# CONFIG_GPIO_104_IDIO_16 is not set +# CONFIG_GPIO_104_IDI_48 is not set +# CONFIG_GPIO_F7188X is not set +# CONFIG_GPIO_GPIO_MM is not set +# CONFIG_GPIO_IT87 is not set +CONFIG_GPIO_SCH=m +# CONFIG_GPIO_SCH311X is not set +# CONFIG_GPIO_WINBOND is not set +# CONFIG_GPIO_WS16C48 is not set +# end of Port-mapped I/O GPIO drivers + +# +# I2C GPIO expanders +# +# CONFIG_GPIO_ADP5588 is not set +# CONFIG_GPIO_MAX7300 is not set +# CONFIG_GPIO_MAX732X is not set +# CONFIG_GPIO_PCA953X is not set +# CONFIG_GPIO_PCA9570 is not set +# CONFIG_GPIO_PCF857X is not set +# CONFIG_GPIO_TPIC2810 is not set +# end of I2C GPIO expanders + +# +# MFD GPIO expanders +# +# end of MFD GPIO expanders + +# +# PCI GPIO expanders +# +# CONFIG_GPIO_AMD8111 is not set +# CONFIG_GPIO_BT8XX is not set +# CONFIG_GPIO_MERRIFIELD is not set +# CONFIG_GPIO_ML_IOH is not set +# CONFIG_GPIO_PCI_IDIO_16 is not set +# CONFIG_GPIO_PCIE_IDIO_24 is not set +# CONFIG_GPIO_RDC321X is not set +# end of PCI GPIO expanders + +# +# USB GPIO expanders +# +# end of USB GPIO expanders + +# +# Virtual GPIO drivers +# +# CONFIG_GPIO_AGGREGATOR is not set +# CONFIG_GPIO_MOCKUP is not set +# CONFIG_GPIO_VIRTIO is not set +# end of Virtual GPIO drivers + +# CONFIG_W1 is not set +# CONFIG_POWER_RESET is not set +CONFIG_POWER_SUPPLY=y +# CONFIG_POWER_SUPPLY_DEBUG is not set +CONFIG_POWER_SUPPLY_HWMON=y +# CONFIG_PDA_POWER is not set +# CONFIG_GENERIC_ADC_BATTERY is not set +# CONFIG_TEST_POWER is not set +# CONFIG_CHARGER_ADP5061 is not set +# CONFIG_BATTERY_CW2015 is not set +# CONFIG_BATTERY_DS2780 is not set +# CONFIG_BATTERY_DS2781 is not set +# CONFIG_BATTERY_DS2782 is not set +# CONFIG_BATTERY_SBS is not set +# CONFIG_CHARGER_SBS is not set +# CONFIG_BATTERY_BQ27XXX is not set +# CONFIG_BATTERY_MAX17040 is not set +# CONFIG_BATTERY_MAX17042 is not set +# CONFIG_CHARGER_MAX8903 is not set +# CONFIG_CHARGER_LP8727 is not set +# CONFIG_CHARGER_GPIO is not set +# CONFIG_CHARGER_LT3651 is not set +# CONFIG_CHARGER_LTC4162L is not set +# CONFIG_CHARGER_BQ2415X is not set +# CONFIG_CHARGER_BQ24257 is not set +# CONFIG_CHARGER_BQ24735 is not set +# CONFIG_CHARGER_BQ2515X is not set +# CONFIG_CHARGER_BQ25890 is not set +# CONFIG_CHARGER_BQ25980 is not set +# CONFIG_CHARGER_BQ256XX is not set +# CONFIG_BATTERY_GAUGE_LTC2941 is not set +# CONFIG_BATTERY_GOLDFISH is not set +# CONFIG_BATTERY_RT5033 is not set +# CONFIG_CHARGER_RT9455 is not set +# CONFIG_CHARGER_BD99954 is not set +CONFIG_HWMON=y +# CONFIG_HWMON_DEBUG_CHIP is not set + +# +# Native drivers +# +# CONFIG_SENSORS_ABITUGURU is not set +# CONFIG_SENSORS_ABITUGURU3 is not set +# CONFIG_SENSORS_AD7414 is not set +# CONFIG_SENSORS_AD7418 is not set +# CONFIG_SENSORS_ADM1021 is not set +# CONFIG_SENSORS_ADM1025 is not set +# CONFIG_SENSORS_ADM1026 is not set +# CONFIG_SENSORS_ADM1029 is not set +# CONFIG_SENSORS_ADM1031 is not set +# CONFIG_SENSORS_ADM1177 is not set +# CONFIG_SENSORS_ADM9240 is not set +# CONFIG_SENSORS_ADT7410 is not set +# CONFIG_SENSORS_ADT7411 is not set +# CONFIG_SENSORS_ADT7462 is not set +# CONFIG_SENSORS_ADT7470 is not set +# CONFIG_SENSORS_ADT7475 is not set +# CONFIG_SENSORS_AHT10 is not set +# CONFIG_SENSORS_AQUACOMPUTER_D5NEXT is not set +# CONFIG_SENSORS_AS370 is not set +# CONFIG_SENSORS_ASC7621 is not set +# CONFIG_SENSORS_AXI_FAN_CONTROL is not set +CONFIG_SENSORS_K8TEMP=m +CONFIG_SENSORS_K10TEMP=m +CONFIG_SENSORS_FAM15H_POWER=m +# CONFIG_SENSORS_APPLESMC is not set +# CONFIG_SENSORS_ASB100 is not set +# CONFIG_SENSORS_ASPEED is not set +# CONFIG_SENSORS_ATXP1 is not set +# CONFIG_SENSORS_CORSAIR_CPRO is not set +# CONFIG_SENSORS_CORSAIR_PSU is not set +# CONFIG_SENSORS_DRIVETEMP is not set +# CONFIG_SENSORS_DS620 is not set +# CONFIG_SENSORS_DS1621 is not set +CONFIG_SENSORS_DELL_SMM=m +# CONFIG_SENSORS_I5K_AMB is not set +# CONFIG_SENSORS_F71805F is not set +# CONFIG_SENSORS_F71882FG is not set +# CONFIG_SENSORS_F75375S is not set +# CONFIG_SENSORS_FSCHMD is not set +# CONFIG_SENSORS_FTSTEUTATES is not set +# CONFIG_SENSORS_GL518SM is not set +# CONFIG_SENSORS_GL520SM is not set +# CONFIG_SENSORS_G760A is not set +# CONFIG_SENSORS_G762 is not set +# CONFIG_SENSORS_HIH6130 is not set +# CONFIG_SENSORS_IBMAEM is not set +# CONFIG_SENSORS_IBMPEX is not set +# CONFIG_SENSORS_IIO_HWMON is not set +# CONFIG_SENSORS_I5500 is not set +CONFIG_SENSORS_CORETEMP=m +# CONFIG_SENSORS_IT87 is not set +# CONFIG_SENSORS_JC42 is not set +# CONFIG_SENSORS_POWR1220 is not set +# CONFIG_SENSORS_LINEAGE is not set +# CONFIG_SENSORS_LTC2945 is not set +# CONFIG_SENSORS_LTC2947_I2C is not set +# CONFIG_SENSORS_LTC2990 is not set +# CONFIG_SENSORS_LTC2992 is not set +# CONFIG_SENSORS_LTC4151 is not set +# CONFIG_SENSORS_LTC4215 is not set +# CONFIG_SENSORS_LTC4222 is not set +# CONFIG_SENSORS_LTC4245 is not set +# CONFIG_SENSORS_LTC4260 is not set +# CONFIG_SENSORS_LTC4261 is not set +# CONFIG_SENSORS_MAX127 is not set +# CONFIG_SENSORS_MAX16065 is not set +# CONFIG_SENSORS_MAX1619 is not set +# CONFIG_SENSORS_MAX1668 is not set +# CONFIG_SENSORS_MAX197 is not set +# CONFIG_SENSORS_MAX31730 is not set +# CONFIG_SENSORS_MAX6621 is not set +# CONFIG_SENSORS_MAX6639 is not set +# CONFIG_SENSORS_MAX6642 is not set +# CONFIG_SENSORS_MAX6650 is not set +# CONFIG_SENSORS_MAX6697 is not set +# CONFIG_SENSORS_MAX31790 is not set +# CONFIG_SENSORS_MCP3021 is not set +# CONFIG_SENSORS_TC654 is not set +# CONFIG_SENSORS_TPS23861 is not set +# CONFIG_SENSORS_MR75203 is not set +# CONFIG_SENSORS_LM63 is not set +# CONFIG_SENSORS_LM73 is not set +# CONFIG_SENSORS_LM75 is not set +# CONFIG_SENSORS_LM77 is not set +# CONFIG_SENSORS_LM78 is not set +# CONFIG_SENSORS_LM80 is not set +# CONFIG_SENSORS_LM83 is not set +# CONFIG_SENSORS_LM85 is not set +# CONFIG_SENSORS_LM87 is not set +# CONFIG_SENSORS_LM90 is not set +# CONFIG_SENSORS_LM92 is not set +# CONFIG_SENSORS_LM93 is not set +# CONFIG_SENSORS_LM95234 is not set +# CONFIG_SENSORS_LM95241 is not set +# CONFIG_SENSORS_LM95245 is not set +# CONFIG_SENSORS_PC87360 is not set +# CONFIG_SENSORS_PC87427 is not set +# CONFIG_SENSORS_NTC_THERMISTOR is not set +# CONFIG_SENSORS_NCT6683 is not set +# CONFIG_SENSORS_NCT6775 is not set +# CONFIG_SENSORS_NCT7802 is not set +# CONFIG_SENSORS_NCT7904 is not set +# CONFIG_SENSORS_NPCM7XX is not set +# CONFIG_SENSORS_NZXT_KRAKEN2 is not set +# CONFIG_SENSORS_PCF8591 is not set +# CONFIG_PMBUS is not set +# CONFIG_SENSORS_SBTSI is not set +# CONFIG_SENSORS_SBRMI is not set +# CONFIG_SENSORS_SHT15 is not set +# CONFIG_SENSORS_SHT21 is not set +# CONFIG_SENSORS_SHT3x is not set +# CONFIG_SENSORS_SHT4x is not set +# CONFIG_SENSORS_SHTC1 is not set +# CONFIG_SENSORS_SIS5595 is not set +# CONFIG_SENSORS_DME1737 is not set +# CONFIG_SENSORS_EMC1403 is not set +# CONFIG_SENSORS_EMC2103 is not set +# CONFIG_SENSORS_EMC6W201 is not set +# CONFIG_SENSORS_SMSC47M1 is not set +# CONFIG_SENSORS_SMSC47M192 is not set +# CONFIG_SENSORS_SMSC47B397 is not set +# CONFIG_SENSORS_SCH5627 is not set +# CONFIG_SENSORS_SCH5636 is not set +# CONFIG_SENSORS_STTS751 is not set +# CONFIG_SENSORS_SMM665 is not set +# CONFIG_SENSORS_ADC128D818 is not set +# CONFIG_SENSORS_ADS7828 is not set +# CONFIG_SENSORS_AMC6821 is not set +# CONFIG_SENSORS_INA209 is not set +# CONFIG_SENSORS_INA2XX is not set +# CONFIG_SENSORS_INA3221 is not set +# CONFIG_SENSORS_TC74 is not set +# CONFIG_SENSORS_THMC50 is not set +# CONFIG_SENSORS_TMP102 is not set +# CONFIG_SENSORS_TMP103 is not set +# CONFIG_SENSORS_TMP108 is not set +# CONFIG_SENSORS_TMP401 is not set +# CONFIG_SENSORS_TMP421 is not set +# CONFIG_SENSORS_TMP513 is not set +# CONFIG_SENSORS_VIA_CPUTEMP is not set +# CONFIG_SENSORS_VIA686A is not set +# CONFIG_SENSORS_VT1211 is not set +# CONFIG_SENSORS_VT8231 is not set +# CONFIG_SENSORS_W83773G is not set +# CONFIG_SENSORS_W83781D is not set +# CONFIG_SENSORS_W83791D is not set +# CONFIG_SENSORS_W83792D is not set +# CONFIG_SENSORS_W83793 is not set +# CONFIG_SENSORS_W83795 is not set +# CONFIG_SENSORS_W83L785TS is not set +# CONFIG_SENSORS_W83L786NG is not set +# CONFIG_SENSORS_W83627HF is not set +# CONFIG_SENSORS_W83627EHF is not set +# CONFIG_SENSORS_XGENE is not set + +# +# ACPI drivers +# +# CONFIG_SENSORS_ACPI_POWER is not set +# CONFIG_SENSORS_ATK0110 is not set +CONFIG_THERMAL=y +# CONFIG_THERMAL_NETLINK is not set +# CONFIG_THERMAL_STATISTICS is not set +CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 +CONFIG_THERMAL_HWMON=y +CONFIG_THERMAL_WRITABLE_TRIPS=y +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +CONFIG_THERMAL_GOV_USER_SPACE=y +# CONFIG_DEVFREQ_THERMAL is not set +# CONFIG_THERMAL_EMULATION is not set + +# +# Intel thermal drivers +# +# CONFIG_INTEL_POWERCLAMP is not set +CONFIG_X86_THERMAL_VECTOR=y +CONFIG_X86_PKG_TEMP_THERMAL=m +# CONFIG_INTEL_SOC_DTS_THERMAL is not set + +# +# ACPI INT340X thermal drivers +# +# CONFIG_INT340X_THERMAL is not set +# end of ACPI INT340X thermal drivers + +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_INTEL_TCC_COOLING is not set +# CONFIG_INTEL_MENLOW is not set +# end of Intel thermal drivers + +# CONFIG_GENERIC_ADC_THERMAL is not set +CONFIG_WATCHDOG=y +CONFIG_WATCHDOG_CORE=y +# CONFIG_WATCHDOG_NOWAYOUT is not set +CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y +CONFIG_WATCHDOG_OPEN_TIMEOUT=0 +CONFIG_WATCHDOG_SYSFS=y +# CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT is not set + +# +# Watchdog Pretimeout Governors +# +# CONFIG_WATCHDOG_PRETIMEOUT_GOV is not set + +# +# Watchdog Device Drivers +# +CONFIG_SOFT_WATCHDOG=m +# CONFIG_WDAT_WDT is not set +# CONFIG_XILINX_WATCHDOG is not set +# CONFIG_ZIIRAVE_WATCHDOG is not set +# CONFIG_CADENCE_WATCHDOG is not set +# CONFIG_DW_WATCHDOG is not set +# CONFIG_MAX63XX_WATCHDOG is not set +# CONFIG_ACQUIRE_WDT is not set +# CONFIG_ADVANTECH_WDT is not set +# CONFIG_ALIM1535_WDT is not set +# CONFIG_ALIM7101_WDT is not set +# CONFIG_EBC_C384_WDT is not set +# CONFIG_F71808E_WDT is not set +# CONFIG_SP5100_TCO is not set +# CONFIG_SBC_FITPC2_WATCHDOG is not set +# CONFIG_EUROTECH_WDT is not set +# CONFIG_IB700_WDT is not set +# CONFIG_IBMASR is not set +# CONFIG_WAFER_WDT is not set +# CONFIG_I6300ESB_WDT is not set +# CONFIG_IE6XX_WDT is not set +# CONFIG_INTEL_MID_WATCHDOG is not set +CONFIG_ITCO_WDT=m +CONFIG_ITCO_VENDOR_SUPPORT=y +# CONFIG_IT8712F_WDT is not set +# CONFIG_IT87_WDT is not set +# CONFIG_HP_WATCHDOG is not set +# CONFIG_SC1200_WDT is not set +# CONFIG_PC87413_WDT is not set +# CONFIG_NV_TCO is not set +# CONFIG_60XX_WDT is not set +# CONFIG_CPU5_WDT is not set +# CONFIG_SMSC_SCH311X_WDT is not set +# CONFIG_SMSC37B787_WDT is not set +# CONFIG_TQMX86_WDT is not set +# CONFIG_VIA_WDT is not set +# CONFIG_W83627HF_WDT is not set +# CONFIG_W83877F_WDT is not set +# CONFIG_W83977F_WDT is not set +# CONFIG_MACHZ_WDT is not set +# CONFIG_SBC_EPX_C3_WATCHDOG is not set +# CONFIG_INTEL_MEI_WDT is not set +# CONFIG_NI903X_WDT is not set +# CONFIG_NIC7018_WDT is not set +# CONFIG_MEN_A21_WDT is not set +# CONFIG_XEN_WDT is not set + +# +# PCI-based Watchdog Cards +# +# CONFIG_PCIPCWATCHDOG is not set +# CONFIG_WDTPCI is not set + +# +# USB-based Watchdog Cards +# +# CONFIG_USBPCWATCHDOG is not set +CONFIG_SSB_POSSIBLE=y +CONFIG_SSB=m +CONFIG_SSB_SPROM=y +CONFIG_SSB_PCIHOST_POSSIBLE=y +CONFIG_SSB_PCIHOST=y +CONFIG_SSB_SDIOHOST_POSSIBLE=y +# CONFIG_SSB_SDIOHOST is not set +CONFIG_SSB_DRIVER_PCICORE_POSSIBLE=y +CONFIG_SSB_DRIVER_PCICORE=y +# CONFIG_SSB_DRIVER_GPIO is not set +CONFIG_BCMA_POSSIBLE=y +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +CONFIG_MFD_CORE=m +# CONFIG_MFD_AS3711 is not set +# CONFIG_PMIC_ADP5520 is not set +# CONFIG_MFD_AAT2870_CORE is not set +# CONFIG_MFD_BCM590XX is not set +# CONFIG_MFD_BD9571MWV is not set +# CONFIG_MFD_AXP20X_I2C is not set +# CONFIG_MFD_MADERA is not set +# CONFIG_PMIC_DA903X is not set +# CONFIG_MFD_DA9052_I2C is not set +# CONFIG_MFD_DA9055 is not set +# CONFIG_MFD_DA9062 is not set +# CONFIG_MFD_DA9063 is not set +# CONFIG_MFD_DA9150 is not set +# CONFIG_MFD_DLN2 is not set +# CONFIG_MFD_MC13XXX_I2C is not set +# CONFIG_MFD_MP2629 is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_HTC_I2CPLD is not set +# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set +CONFIG_LPC_ICH=m +CONFIG_LPC_SCH=m +# CONFIG_INTEL_SOC_PMIC_CHTDC_TI is not set +# CONFIG_INTEL_SOC_PMIC_MRFLD is not set +CONFIG_MFD_INTEL_LPSS=m +CONFIG_MFD_INTEL_LPSS_ACPI=m +CONFIG_MFD_INTEL_LPSS_PCI=m +# CONFIG_MFD_INTEL_PMC_BXT is not set +# CONFIG_MFD_INTEL_PMT is not set +# CONFIG_MFD_IQS62X is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_88PM800 is not set +# CONFIG_MFD_88PM805 is not set +# CONFIG_MFD_88PM860X is not set +# CONFIG_MFD_MAX14577 is not set +# CONFIG_MFD_MAX77693 is not set +# CONFIG_MFD_MAX77843 is not set +# CONFIG_MFD_MAX8907 is not set +# CONFIG_MFD_MAX8925 is not set +# CONFIG_MFD_MAX8997 is not set +# CONFIG_MFD_MAX8998 is not set +# CONFIG_MFD_MT6360 is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_MENF21BMC is not set +# CONFIG_MFD_VIPERBOARD is not set +# CONFIG_MFD_RETU is not set +# CONFIG_MFD_PCF50633 is not set +# CONFIG_UCB1400_CORE is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_RT4831 is not set +# CONFIG_MFD_RT5033 is not set +# CONFIG_MFD_RC5T583 is not set +# CONFIG_MFD_SI476X_CORE is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_MFD_SKY81452 is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_LP3943 is not set +# CONFIG_MFD_LP8788 is not set +# CONFIG_MFD_TI_LMU is not set +# CONFIG_MFD_PALMAS is not set +# CONFIG_TPS6105X is not set +# CONFIG_TPS65010 is not set +# CONFIG_TPS6507X is not set +# CONFIG_MFD_TPS65086 is not set +# CONFIG_MFD_TPS65090 is not set +# CONFIG_MFD_TI_LP873X is not set +# CONFIG_MFD_TPS6586X is not set +# CONFIG_MFD_TPS65910 is not set +# CONFIG_MFD_TPS65912_I2C is not set +# CONFIG_MFD_TPS80031 is not set +# CONFIG_TWL4030_CORE is not set +# CONFIG_TWL6040_CORE is not set +# CONFIG_MFD_WL1273_CORE is not set +# CONFIG_MFD_LM3533 is not set +# CONFIG_MFD_TQMX86 is not set +# CONFIG_MFD_VX855 is not set +# CONFIG_MFD_ARIZONA_I2C is not set +# CONFIG_MFD_WM8400 is not set +# CONFIG_MFD_WM831X_I2C is not set +# CONFIG_MFD_WM8350_I2C is not set +# CONFIG_MFD_WM8994 is not set +# CONFIG_MFD_ATC260X_I2C is not set +# CONFIG_RAVE_SP_CORE is not set +# end of Multifunction device drivers + +# CONFIG_REGULATOR is not set +# CONFIG_RC_CORE is not set +# CONFIG_MEDIA_CEC_SUPPORT is not set +CONFIG_MEDIA_SUPPORT=m +# CONFIG_MEDIA_SUPPORT_FILTER is not set +# CONFIG_MEDIA_SUBDRV_AUTOSELECT is not set + +# +# Media device types +# +CONFIG_MEDIA_CAMERA_SUPPORT=y +CONFIG_MEDIA_ANALOG_TV_SUPPORT=y +CONFIG_MEDIA_DIGITAL_TV_SUPPORT=y +CONFIG_MEDIA_RADIO_SUPPORT=y +CONFIG_MEDIA_SDR_SUPPORT=y +CONFIG_MEDIA_PLATFORM_SUPPORT=y +CONFIG_MEDIA_TEST_SUPPORT=y +# end of Media device types + +# +# Media core support +# +CONFIG_VIDEO_DEV=m +# CONFIG_MEDIA_CONTROLLER is not set +CONFIG_DVB_CORE=m +# end of Media core support + +# +# Video4Linux options +# +CONFIG_VIDEO_V4L2=m +CONFIG_VIDEO_V4L2_I2C=y +# CONFIG_VIDEO_ADV_DEBUG is not set +# CONFIG_VIDEO_FIXED_MINOR_RANGES is not set +# end of Video4Linux options + +# +# Digital TV options +# +# CONFIG_DVB_MMAP is not set +CONFIG_DVB_NET=y +CONFIG_DVB_MAX_ADAPTERS=16 +CONFIG_DVB_DYNAMIC_MINORS=y +# CONFIG_DVB_DEMUX_SECTION_LOSS_LOG is not set +# CONFIG_DVB_ULE_DEBUG is not set +# end of Digital TV options + +# +# Media drivers +# +CONFIG_MEDIA_USB_SUPPORT=y + +# +# Webcam devices +# +CONFIG_USB_VIDEO_CLASS=m +CONFIG_USB_VIDEO_CLASS_INPUT_EVDEV=y +CONFIG_USB_GSPCA=m +# CONFIG_USB_M5602 is not set +# CONFIG_USB_STV06XX is not set +# CONFIG_USB_GL860 is not set +# CONFIG_USB_GSPCA_BENQ is not set +# CONFIG_USB_GSPCA_CONEX is not set +# CONFIG_USB_GSPCA_CPIA1 is not set +# CONFIG_USB_GSPCA_DTCS033 is not set +# CONFIG_USB_GSPCA_ETOMS is not set +# CONFIG_USB_GSPCA_FINEPIX is not set +# CONFIG_USB_GSPCA_JEILINJ is not set +# CONFIG_USB_GSPCA_JL2005BCD is not set +# CONFIG_USB_GSPCA_KINECT is not set +# CONFIG_USB_GSPCA_KONICA is not set +# CONFIG_USB_GSPCA_MARS is not set +# CONFIG_USB_GSPCA_MR97310A is not set +# CONFIG_USB_GSPCA_NW80X is not set +# CONFIG_USB_GSPCA_OV519 is not set +# CONFIG_USB_GSPCA_OV534 is not set +# CONFIG_USB_GSPCA_OV534_9 is not set +# CONFIG_USB_GSPCA_PAC207 is not set +# CONFIG_USB_GSPCA_PAC7302 is not set +# CONFIG_USB_GSPCA_PAC7311 is not set +# CONFIG_USB_GSPCA_SE401 is not set +# CONFIG_USB_GSPCA_SN9C2028 is not set +# CONFIG_USB_GSPCA_SN9C20X is not set +# CONFIG_USB_GSPCA_SONIXB is not set +# CONFIG_USB_GSPCA_SONIXJ is not set +# CONFIG_USB_GSPCA_SPCA500 is not set +# CONFIG_USB_GSPCA_SPCA501 is not set +# CONFIG_USB_GSPCA_SPCA505 is not set +# CONFIG_USB_GSPCA_SPCA506 is not set +# CONFIG_USB_GSPCA_SPCA508 is not set +# CONFIG_USB_GSPCA_SPCA561 is not set +# CONFIG_USB_GSPCA_SPCA1528 is not set +# CONFIG_USB_GSPCA_SQ905 is not set +# CONFIG_USB_GSPCA_SQ905C is not set +# CONFIG_USB_GSPCA_SQ930X is not set +# CONFIG_USB_GSPCA_STK014 is not set +# CONFIG_USB_GSPCA_STK1135 is not set +# CONFIG_USB_GSPCA_STV0680 is not set +# CONFIG_USB_GSPCA_SUNPLUS is not set +# CONFIG_USB_GSPCA_T613 is not set +# CONFIG_USB_GSPCA_TOPRO is not set +# CONFIG_USB_GSPCA_TOUPTEK is not set +# CONFIG_USB_GSPCA_TV8532 is not set +# CONFIG_USB_GSPCA_VC032X is not set +# CONFIG_USB_GSPCA_VICAM is not set +# CONFIG_USB_GSPCA_XIRLINK_CIT is not set +# CONFIG_USB_GSPCA_ZC3XX is not set +# CONFIG_USB_PWC is not set +# CONFIG_VIDEO_CPIA2 is not set +# CONFIG_USB_ZR364XX is not set +# CONFIG_USB_STKWEBCAM is not set +# CONFIG_USB_S2255 is not set +# CONFIG_VIDEO_USBTV is not set + +# +# Analog TV USB devices +# +# CONFIG_VIDEO_PVRUSB2 is not set +# CONFIG_VIDEO_HDPVR is not set +# CONFIG_VIDEO_STK1160_COMMON is not set +# CONFIG_VIDEO_GO7007 is not set + +# +# Analog/digital TV USB devices +# +# CONFIG_VIDEO_AU0828 is not set + +# +# Digital TV USB devices +# +# CONFIG_DVB_USB_V2 is not set +# CONFIG_DVB_TTUSB_BUDGET is not set +# CONFIG_DVB_TTUSB_DEC is not set +# CONFIG_SMS_USB_DRV is not set +# CONFIG_DVB_B2C2_FLEXCOP_USB is not set +# CONFIG_DVB_AS102 is not set + +# +# Webcam, TV (analog/digital) USB devices +# +# CONFIG_VIDEO_EM28XX is not set + +# +# Software defined radio USB devices +# +# CONFIG_USB_AIRSPY is not set +# CONFIG_USB_HACKRF is not set +# CONFIG_MEDIA_PCI_SUPPORT is not set +CONFIG_RADIO_ADAPTERS=y +# CONFIG_RADIO_SI470X is not set +# CONFIG_RADIO_SI4713 is not set +# CONFIG_USB_MR800 is not set +# CONFIG_USB_DSBR is not set +# CONFIG_RADIO_MAXIRADIO is not set +# CONFIG_RADIO_SHARK is not set +# CONFIG_RADIO_SHARK2 is not set +# CONFIG_USB_KEENE is not set +# CONFIG_USB_RAREMONO is not set +# CONFIG_USB_MA901 is not set +# CONFIG_RADIO_TEA5764 is not set +# CONFIG_RADIO_SAA7706H is not set +# CONFIG_RADIO_TEF6862 is not set +# CONFIG_RADIO_WL1273 is not set +CONFIG_VIDEOBUF2_CORE=m +CONFIG_VIDEOBUF2_V4L2=m +CONFIG_VIDEOBUF2_MEMOPS=m +CONFIG_VIDEOBUF2_VMALLOC=m +# CONFIG_V4L_PLATFORM_DRIVERS is not set +# CONFIG_V4L_MEM2MEM_DRIVERS is not set +# CONFIG_DVB_PLATFORM_DRIVERS is not set +# CONFIG_SDR_PLATFORM_DRIVERS is not set + +# +# MMC/SDIO DVB adapters +# +# CONFIG_SMS_SDIO_DRV is not set +# CONFIG_V4L_TEST_DRIVERS is not set +# CONFIG_DVB_TEST_DRIVERS is not set +# end of Media drivers + +# +# Media ancillary drivers +# +CONFIG_MEDIA_ATTACH=y + +# +# Audio decoders, processors and mixers +# +# CONFIG_VIDEO_TVAUDIO is not set +# CONFIG_VIDEO_TDA7432 is not set +# CONFIG_VIDEO_TDA9840 is not set +# CONFIG_VIDEO_TDA1997X is not set +# CONFIG_VIDEO_TEA6415C is not set +# CONFIG_VIDEO_TEA6420 is not set +# CONFIG_VIDEO_MSP3400 is not set +# CONFIG_VIDEO_CS3308 is not set +# CONFIG_VIDEO_CS5345 is not set +# CONFIG_VIDEO_CS53L32A is not set +# CONFIG_VIDEO_TLV320AIC23B is not set +# CONFIG_VIDEO_UDA1342 is not set +# CONFIG_VIDEO_WM8775 is not set +# CONFIG_VIDEO_WM8739 is not set +# CONFIG_VIDEO_VP27SMPX is not set +# CONFIG_VIDEO_SONY_BTF_MPX is not set +# end of Audio decoders, processors and mixers + +# +# RDS decoders +# +# CONFIG_VIDEO_SAA6588 is not set +# end of RDS decoders + +# +# Video decoders +# +# CONFIG_VIDEO_ADV7180 is not set +# CONFIG_VIDEO_ADV7183 is not set +# CONFIG_VIDEO_ADV7604 is not set +# CONFIG_VIDEO_ADV7842 is not set +# CONFIG_VIDEO_BT819 is not set +# CONFIG_VIDEO_BT856 is not set +# CONFIG_VIDEO_BT866 is not set +# CONFIG_VIDEO_KS0127 is not set +# CONFIG_VIDEO_ML86V7667 is not set +# CONFIG_VIDEO_SAA7110 is not set +# CONFIG_VIDEO_SAA711X is not set +# CONFIG_VIDEO_TC358743 is not set +# CONFIG_VIDEO_TVP514X is not set +# CONFIG_VIDEO_TVP5150 is not set +# CONFIG_VIDEO_TVP7002 is not set +# CONFIG_VIDEO_TW2804 is not set +# CONFIG_VIDEO_TW9903 is not set +# CONFIG_VIDEO_TW9906 is not set +# CONFIG_VIDEO_TW9910 is not set +# CONFIG_VIDEO_VPX3220 is not set + +# +# Video and audio decoders +# +# CONFIG_VIDEO_SAA717X is not set +# CONFIG_VIDEO_CX25840 is not set +# end of Video decoders + +# +# Video encoders +# +# CONFIG_VIDEO_SAA7127 is not set +# CONFIG_VIDEO_SAA7185 is not set +# CONFIG_VIDEO_ADV7170 is not set +# CONFIG_VIDEO_ADV7175 is not set +# CONFIG_VIDEO_ADV7343 is not set +# CONFIG_VIDEO_ADV7393 is not set +# CONFIG_VIDEO_ADV7511 is not set +# CONFIG_VIDEO_AD9389B is not set +# CONFIG_VIDEO_AK881X is not set +# CONFIG_VIDEO_THS8200 is not set +# end of Video encoders + +# +# Video improvement chips +# +# CONFIG_VIDEO_UPD64031A is not set +# CONFIG_VIDEO_UPD64083 is not set +# end of Video improvement chips + +# +# Audio/Video compression chips +# +# CONFIG_VIDEO_SAA6752HS is not set +# end of Audio/Video compression chips + +# +# SDR tuner chips +# +# CONFIG_SDR_MAX2175 is not set +# end of SDR tuner chips + +# +# Miscellaneous helper chips +# +# CONFIG_VIDEO_THS7303 is not set +# CONFIG_VIDEO_M52790 is not set +# CONFIG_VIDEO_I2C is not set +# CONFIG_VIDEO_ST_MIPID02 is not set +# end of Miscellaneous helper chips + +# +# Camera sensor devices +# +# CONFIG_VIDEO_HI556 is not set +# CONFIG_VIDEO_IMX214 is not set +# CONFIG_VIDEO_IMX219 is not set +# CONFIG_VIDEO_IMX258 is not set +# CONFIG_VIDEO_IMX274 is not set +# CONFIG_VIDEO_IMX290 is not set +# CONFIG_VIDEO_IMX319 is not set +# CONFIG_VIDEO_IMX355 is not set +# CONFIG_VIDEO_OV02A10 is not set +# CONFIG_VIDEO_OV2640 is not set +# CONFIG_VIDEO_OV2659 is not set +# CONFIG_VIDEO_OV2680 is not set +# CONFIG_VIDEO_OV2685 is not set +# CONFIG_VIDEO_OV2740 is not set +# CONFIG_VIDEO_OV5647 is not set +# CONFIG_VIDEO_OV5648 is not set +# CONFIG_VIDEO_OV6650 is not set +# CONFIG_VIDEO_OV5670 is not set +# CONFIG_VIDEO_OV5675 is not set +# CONFIG_VIDEO_OV5695 is not set +# CONFIG_VIDEO_OV7251 is not set +# CONFIG_VIDEO_OV772X is not set +# CONFIG_VIDEO_OV7640 is not set +# CONFIG_VIDEO_OV7670 is not set +# CONFIG_VIDEO_OV7740 is not set +# CONFIG_VIDEO_OV8856 is not set +# CONFIG_VIDEO_OV8865 is not set +# CONFIG_VIDEO_OV9640 is not set +# CONFIG_VIDEO_OV9650 is not set +# CONFIG_VIDEO_OV9734 is not set +# CONFIG_VIDEO_OV13858 is not set +# CONFIG_VIDEO_VS6624 is not set +# CONFIG_VIDEO_MT9M001 is not set +# CONFIG_VIDEO_MT9M032 is not set +# CONFIG_VIDEO_MT9M111 is not set +# CONFIG_VIDEO_MT9P031 is not set +# CONFIG_VIDEO_MT9T001 is not set +# CONFIG_VIDEO_MT9T112 is not set +# CONFIG_VIDEO_MT9V011 is not set +# CONFIG_VIDEO_MT9V032 is not set +# CONFIG_VIDEO_MT9V111 is not set +# CONFIG_VIDEO_SR030PC30 is not set +# CONFIG_VIDEO_NOON010PC30 is not set +# CONFIG_VIDEO_M5MOLS is not set +# CONFIG_VIDEO_RDACM20 is not set +# CONFIG_VIDEO_RDACM21 is not set +# CONFIG_VIDEO_RJ54N1 is not set +# CONFIG_VIDEO_S5K6AA is not set +# CONFIG_VIDEO_S5K6A3 is not set +# CONFIG_VIDEO_S5K4ECGX is not set +# CONFIG_VIDEO_S5K5BAF is not set +# CONFIG_VIDEO_CCS is not set +# CONFIG_VIDEO_ET8EK8 is not set +# end of Camera sensor devices + +# +# Lens drivers +# +# CONFIG_VIDEO_AD5820 is not set +# CONFIG_VIDEO_AK7375 is not set +# CONFIG_VIDEO_DW9714 is not set +# CONFIG_VIDEO_DW9768 is not set +# CONFIG_VIDEO_DW9807_VCM is not set +# end of Lens drivers + +# +# Flash devices +# +# CONFIG_VIDEO_ADP1653 is not set +# CONFIG_VIDEO_LM3560 is not set +# CONFIG_VIDEO_LM3646 is not set +# end of Flash devices + +# +# SPI helper chips +# +# end of SPI helper chips + +CONFIG_MEDIA_TUNER=m + +# +# Customize TV tuners +# +CONFIG_MEDIA_TUNER_SIMPLE=m +CONFIG_MEDIA_TUNER_TDA18250=m +CONFIG_MEDIA_TUNER_TDA8290=m +CONFIG_MEDIA_TUNER_TDA827X=m +CONFIG_MEDIA_TUNER_TDA18271=m +CONFIG_MEDIA_TUNER_TDA9887=m +CONFIG_MEDIA_TUNER_TEA5761=m +CONFIG_MEDIA_TUNER_TEA5767=m +CONFIG_MEDIA_TUNER_MT20XX=m +CONFIG_MEDIA_TUNER_MT2060=m +CONFIG_MEDIA_TUNER_MT2063=m +CONFIG_MEDIA_TUNER_MT2266=m +CONFIG_MEDIA_TUNER_MT2131=m +CONFIG_MEDIA_TUNER_QT1010=m +CONFIG_MEDIA_TUNER_XC2028=m +CONFIG_MEDIA_TUNER_XC5000=m +CONFIG_MEDIA_TUNER_XC4000=m +CONFIG_MEDIA_TUNER_MXL5005S=m +CONFIG_MEDIA_TUNER_MXL5007T=m +CONFIG_MEDIA_TUNER_MC44S803=m +CONFIG_MEDIA_TUNER_MAX2165=m +CONFIG_MEDIA_TUNER_TDA18218=m +CONFIG_MEDIA_TUNER_FC0011=m +CONFIG_MEDIA_TUNER_FC0012=m +CONFIG_MEDIA_TUNER_FC0013=m +CONFIG_MEDIA_TUNER_TDA18212=m +CONFIG_MEDIA_TUNER_E4000=m +CONFIG_MEDIA_TUNER_FC2580=m +CONFIG_MEDIA_TUNER_M88RS6000T=m +CONFIG_MEDIA_TUNER_TUA9001=m +CONFIG_MEDIA_TUNER_SI2157=m +CONFIG_MEDIA_TUNER_IT913X=m +CONFIG_MEDIA_TUNER_R820T=m +CONFIG_MEDIA_TUNER_MXL301RF=m +CONFIG_MEDIA_TUNER_QM1D1C0042=m +CONFIG_MEDIA_TUNER_QM1D1B0004=m +# end of Customize TV tuners + +# +# Customise DVB Frontends +# + +# +# Multistandard (satellite) frontends +# +CONFIG_DVB_STB0899=m +CONFIG_DVB_STB6100=m +CONFIG_DVB_STV090x=m +CONFIG_DVB_STV0910=m +CONFIG_DVB_STV6110x=m +CONFIG_DVB_STV6111=m +CONFIG_DVB_MXL5XX=m + +# +# Multistandard (cable + terrestrial) frontends +# +CONFIG_DVB_DRXK=m +CONFIG_DVB_TDA18271C2DD=m +CONFIG_DVB_SI2165=m +CONFIG_DVB_MN88472=m +CONFIG_DVB_MN88473=m + +# +# DVB-S (satellite) frontends +# +CONFIG_DVB_CX24110=m +CONFIG_DVB_CX24123=m +CONFIG_DVB_MT312=m +CONFIG_DVB_ZL10036=m +CONFIG_DVB_ZL10039=m +CONFIG_DVB_S5H1420=m +CONFIG_DVB_STV0288=m +CONFIG_DVB_STB6000=m +CONFIG_DVB_STV0299=m +CONFIG_DVB_STV6110=m +CONFIG_DVB_STV0900=m +CONFIG_DVB_TDA8083=m +CONFIG_DVB_TDA10086=m +CONFIG_DVB_TDA8261=m +CONFIG_DVB_VES1X93=m +CONFIG_DVB_TUNER_ITD1000=m +CONFIG_DVB_TUNER_CX24113=m +CONFIG_DVB_TDA826X=m +CONFIG_DVB_TUA6100=m +CONFIG_DVB_CX24116=m +CONFIG_DVB_CX24117=m +CONFIG_DVB_CX24120=m +CONFIG_DVB_SI21XX=m +CONFIG_DVB_TS2020=m +CONFIG_DVB_DS3000=m +CONFIG_DVB_MB86A16=m +CONFIG_DVB_TDA10071=m + +# +# DVB-T (terrestrial) frontends +# +CONFIG_DVB_SP887X=m +CONFIG_DVB_CX22700=m +CONFIG_DVB_CX22702=m +CONFIG_DVB_S5H1432=m +CONFIG_DVB_DRXD=m +CONFIG_DVB_L64781=m +CONFIG_DVB_TDA1004X=m +CONFIG_DVB_NXT6000=m +CONFIG_DVB_MT352=m +CONFIG_DVB_ZL10353=m +CONFIG_DVB_DIB3000MB=m +CONFIG_DVB_DIB3000MC=m +CONFIG_DVB_DIB7000M=m +CONFIG_DVB_DIB7000P=m +CONFIG_DVB_DIB9000=m +CONFIG_DVB_TDA10048=m +CONFIG_DVB_EC100=m +CONFIG_DVB_STV0367=m +CONFIG_DVB_CXD2820R=m +CONFIG_DVB_CXD2841ER=m +CONFIG_DVB_ZD1301_DEMOD=m + +# +# DVB-C (cable) frontends +# +CONFIG_DVB_VES1820=m +CONFIG_DVB_TDA10021=m +CONFIG_DVB_TDA10023=m +CONFIG_DVB_STV0297=m + +# +# ATSC (North American/Korean Terrestrial/Cable DTV) frontends +# +CONFIG_DVB_NXT200X=m +CONFIG_DVB_OR51211=m +CONFIG_DVB_OR51132=m +CONFIG_DVB_BCM3510=m +CONFIG_DVB_LGDT330X=m +CONFIG_DVB_LGDT3305=m +CONFIG_DVB_LG2160=m +CONFIG_DVB_S5H1409=m +CONFIG_DVB_AU8522=m +CONFIG_DVB_AU8522_DTV=m +CONFIG_DVB_AU8522_V4L=m +CONFIG_DVB_S5H1411=m +CONFIG_DVB_MXL692=m + +# +# ISDB-T (terrestrial) frontends +# +CONFIG_DVB_S921=m +CONFIG_DVB_DIB8000=m +CONFIG_DVB_MB86A20S=m + +# +# ISDB-S (satellite) & ISDB-T (terrestrial) frontends +# +CONFIG_DVB_TC90522=m +CONFIG_DVB_MN88443X=m + +# +# Digital terrestrial only tuners/PLL +# +CONFIG_DVB_PLL=m +CONFIG_DVB_TUNER_DIB0070=m +CONFIG_DVB_TUNER_DIB0090=m + +# +# SEC control devices for DVB-S +# +CONFIG_DVB_DRX39XYJ=m +CONFIG_DVB_LNBH25=m +CONFIG_DVB_LNBH29=m +CONFIG_DVB_LNBP21=m +CONFIG_DVB_LNBP22=m +CONFIG_DVB_ISL6405=m +CONFIG_DVB_ISL6421=m +CONFIG_DVB_ISL6423=m +CONFIG_DVB_A8293=m +CONFIG_DVB_LGS8GL5=m +CONFIG_DVB_LGS8GXX=m +CONFIG_DVB_ATBM8830=m +CONFIG_DVB_TDA665x=m +CONFIG_DVB_IX2505V=m +CONFIG_DVB_M88RS2000=m +CONFIG_DVB_AF9033=m +CONFIG_DVB_HORUS3A=m +CONFIG_DVB_ASCOT2E=m +CONFIG_DVB_HELENE=m + +# +# Common Interface (EN50221) controller drivers +# +CONFIG_DVB_CXD2099=m +CONFIG_DVB_SP2=m +# end of Customise DVB Frontends + +# +# Tools to develop new frontends +# +# CONFIG_DVB_DUMMY_FE is not set +# end of Media ancillary drivers + +# +# Graphics support +# +CONFIG_AGP=y +# CONFIG_AGP_AMD64 is not set +CONFIG_AGP_INTEL=m +# CONFIG_AGP_SIS is not set +# CONFIG_AGP_VIA is not set +CONFIG_INTEL_GTT=m +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +# CONFIG_VGA_SWITCHEROO is not set +CONFIG_DRM=y +CONFIG_DRM_MIPI_DSI=y +# CONFIG_DRM_DP_AUX_CHARDEV is not set +# CONFIG_DRM_DEBUG_MM is not set +# CONFIG_DRM_DEBUG_SELFTEST is not set +CONFIG_DRM_KMS_HELPER=y +# CONFIG_DRM_DEBUG_DP_MST_TOPOLOGY_REFS is not set +CONFIG_DRM_FBDEV_EMULATION=y +CONFIG_DRM_FBDEV_OVERALLOC=100 +# CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set +# CONFIG_DRM_LOAD_EDID_FIRMWARE is not set +# CONFIG_DRM_DP_CEC is not set +CONFIG_DRM_TTM=y +CONFIG_DRM_TTM_HELPER=m +CONFIG_DRM_GEM_SHMEM_HELPER=y +CONFIG_DRM_SCHED=m + +# +# I2C encoder or helper chips +# +# CONFIG_DRM_I2C_CH7006 is not set +# CONFIG_DRM_I2C_SIL164 is not set +# CONFIG_DRM_I2C_NXP_TDA998X is not set +# CONFIG_DRM_I2C_NXP_TDA9950 is not set +# end of I2C encoder or helper chips + +# +# ARM devices +# +# end of ARM devices + +CONFIG_DRM_RADEON=m +# CONFIG_DRM_RADEON_USERPTR is not set +CONFIG_DRM_AMDGPU=m +CONFIG_DRM_AMDGPU_SI=y +CONFIG_DRM_AMDGPU_CIK=y +CONFIG_DRM_AMDGPU_USERPTR=y + +# +# ACP (Audio CoProcessor) Configuration +# +# CONFIG_DRM_AMD_ACP is not set +# end of ACP (Audio CoProcessor) Configuration + +# +# Display Engine Configuration +# +CONFIG_DRM_AMD_DC=y +CONFIG_DRM_AMD_DC_DCN=y +# CONFIG_DRM_AMD_DC_HDCP is not set +# CONFIG_DRM_AMD_DC_SI is not set +# CONFIG_DEBUG_KERNEL_DC is not set +# CONFIG_DRM_AMD_SECURE_DISPLAY is not set +# end of Display Engine Configuration + +# CONFIG_HSA_AMD is not set +CONFIG_DRM_NOUVEAU=m +# CONFIG_NOUVEAU_LEGACY_CTX_SUPPORT is not set +CONFIG_NOUVEAU_DEBUG=5 +CONFIG_NOUVEAU_DEBUG_DEFAULT=3 +# CONFIG_NOUVEAU_DEBUG_MMU is not set +# CONFIG_NOUVEAU_DEBUG_PUSH is not set +CONFIG_DRM_NOUVEAU_BACKLIGHT=y +CONFIG_DRM_I915=m +CONFIG_DRM_I915_FORCE_PROBE="" +# CONFIG_DRM_I915_CAPTURE_ERROR is not set +CONFIG_DRM_I915_USERPTR=y +# CONFIG_DRM_I915_GVT is not set + +# +# drm/i915 Debugging +# +# CONFIG_DRM_I915_WERROR is not set +# CONFIG_DRM_I915_DEBUG is not set +# CONFIG_DRM_I915_DEBUG_MMIO is not set +# CONFIG_DRM_I915_SW_FENCE_DEBUG_OBJECTS is not set +# CONFIG_DRM_I915_SW_FENCE_CHECK_DAG is not set +# CONFIG_DRM_I915_DEBUG_GUC is not set +# CONFIG_DRM_I915_SELFTEST is not set +# CONFIG_DRM_I915_LOW_LEVEL_TRACEPOINTS is not set +# CONFIG_DRM_I915_DEBUG_VBLANK_EVADE is not set +# CONFIG_DRM_I915_DEBUG_RUNTIME_PM is not set +# end of drm/i915 Debugging + +# +# drm/i915 Profile Guided Optimisation +# +CONFIG_DRM_I915_REQUEST_TIMEOUT=20000 +CONFIG_DRM_I915_FENCE_TIMEOUT=10000 +CONFIG_DRM_I915_USERFAULT_AUTOSUSPEND=250 +CONFIG_DRM_I915_HEARTBEAT_INTERVAL=2500 +CONFIG_DRM_I915_PREEMPT_TIMEOUT=640 +CONFIG_DRM_I915_MAX_REQUEST_BUSYWAIT=8000 +CONFIG_DRM_I915_STOP_TIMEOUT=100 +CONFIG_DRM_I915_TIMESLICE_DURATION=1 +# end of drm/i915 Profile Guided Optimisation + +CONFIG_DRM_VGEM=m +# CONFIG_DRM_VKMS is not set +CONFIG_DRM_VMWGFX=y +CONFIG_DRM_VMWGFX_FBCON=y +# CONFIG_DRM_VMWGFX_MKSSTATS is not set +# CONFIG_DRM_GMA500 is not set +# CONFIG_DRM_UDL is not set +# CONFIG_DRM_AST is not set +# CONFIG_DRM_MGAG200 is not set +# CONFIG_DRM_QXL is not set +# CONFIG_DRM_VIRTIO_GPU is not set +CONFIG_DRM_PANEL=y + +# +# Display Panels +# +# CONFIG_DRM_PANEL_RASPBERRYPI_TOUCHSCREEN is not set +# end of Display Panels + +CONFIG_DRM_BRIDGE=y +CONFIG_DRM_PANEL_BRIDGE=y + +# +# Display Interface Bridges +# +# CONFIG_DRM_ANALOGIX_ANX78XX is not set +# end of Display Interface Bridges + +# CONFIG_DRM_ETNAVIV is not set +# CONFIG_DRM_BOCHS is not set +CONFIG_DRM_CIRRUS_QEMU=m +# CONFIG_DRM_GM12U320 is not set +# CONFIG_DRM_SIMPLEDRM is not set +# CONFIG_DRM_XEN_FRONTEND is not set +# CONFIG_DRM_VBOXVIDEO is not set +# CONFIG_DRM_GUD is not set +# CONFIG_DRM_HYPERV is not set +# CONFIG_DRM_LEGACY is not set +CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y + +# +# Frame buffer Devices +# +CONFIG_FB_CMDLINE=y +CONFIG_FB_NOTIFY=y +CONFIG_FB=y +# CONFIG_FIRMWARE_EDID is not set +CONFIG_FB_DDC=m +CONFIG_FB_BOOT_VESA_SUPPORT=y +CONFIG_FB_CFB_FILLRECT=y +CONFIG_FB_CFB_COPYAREA=y +CONFIG_FB_CFB_IMAGEBLIT=y +CONFIG_FB_SYS_FILLRECT=y +CONFIG_FB_SYS_COPYAREA=y +CONFIG_FB_SYS_IMAGEBLIT=y +# CONFIG_FB_FOREIGN_ENDIAN is not set +CONFIG_FB_SYS_FOPS=y +CONFIG_FB_DEFERRED_IO=y +CONFIG_FB_BACKLIGHT=m +CONFIG_FB_MODE_HELPERS=y +# CONFIG_FB_TILEBLITTING is not set + +# +# Frame buffer hardware drivers +# +CONFIG_FB_CIRRUS=m +# CONFIG_FB_PM2 is not set +# CONFIG_FB_CYBER2000 is not set +# CONFIG_FB_ARC is not set +# CONFIG_FB_ASILIANT is not set +# CONFIG_FB_IMSTT is not set +# CONFIG_FB_VGA16 is not set +# CONFIG_FB_UVESA is not set +CONFIG_FB_VESA=y +CONFIG_FB_EFI=y +# CONFIG_FB_N411 is not set +# CONFIG_FB_HGA is not set +# CONFIG_FB_OPENCORES is not set +# CONFIG_FB_S1D13XXX is not set +CONFIG_FB_NVIDIA=m +# CONFIG_FB_NVIDIA_I2C is not set +# CONFIG_FB_NVIDIA_DEBUG is not set +CONFIG_FB_NVIDIA_BACKLIGHT=y +# CONFIG_FB_RIVA is not set +CONFIG_FB_I740=m +# CONFIG_FB_LE80578 is not set +# CONFIG_FB_INTEL is not set +# CONFIG_FB_MATROX is not set +CONFIG_FB_RADEON=m +CONFIG_FB_RADEON_I2C=y +CONFIG_FB_RADEON_BACKLIGHT=y +# CONFIG_FB_RADEON_DEBUG is not set +# CONFIG_FB_ATY128 is not set +# CONFIG_FB_ATY is not set +# CONFIG_FB_S3 is not set +# CONFIG_FB_SAVAGE is not set +# CONFIG_FB_SIS is not set +# CONFIG_FB_VIA is not set +# CONFIG_FB_NEOMAGIC is not set +# CONFIG_FB_KYRO is not set +# CONFIG_FB_3DFX is not set +# CONFIG_FB_VOODOO1 is not set +# CONFIG_FB_VT8623 is not set +# CONFIG_FB_TRIDENT is not set +# CONFIG_FB_ARK is not set +# CONFIG_FB_PM3 is not set +# CONFIG_FB_CARMINE is not set +# CONFIG_FB_SMSCUFX is not set +# CONFIG_FB_UDL is not set +# CONFIG_FB_IBM_GXT4500 is not set +# CONFIG_FB_VIRTUAL is not set +CONFIG_XEN_FBDEV_FRONTEND=m +# CONFIG_FB_METRONOME is not set +# CONFIG_FB_MB862XX is not set +CONFIG_FB_HYPERV=m +# CONFIG_FB_SIMPLE is not set +# CONFIG_FB_SSD1307 is not set +# CONFIG_FB_SM712 is not set +# end of Frame buffer Devices + +# +# Backlight & LCD device support +# +# CONFIG_LCD_CLASS_DEVICE is not set +CONFIG_BACKLIGHT_CLASS_DEVICE=y +# CONFIG_BACKLIGHT_KTD253 is not set +# CONFIG_BACKLIGHT_PWM is not set +# CONFIG_BACKLIGHT_APPLE is not set +# CONFIG_BACKLIGHT_QCOM_WLED is not set +# CONFIG_BACKLIGHT_SAHARA is not set +# CONFIG_BACKLIGHT_ADP8860 is not set +# CONFIG_BACKLIGHT_ADP8870 is not set +# CONFIG_BACKLIGHT_LM3630A is not set +# CONFIG_BACKLIGHT_LM3639 is not set +# CONFIG_BACKLIGHT_LP855X is not set +# CONFIG_BACKLIGHT_GPIO is not set +# CONFIG_BACKLIGHT_LV5207LP is not set +# CONFIG_BACKLIGHT_BD6107 is not set +# CONFIG_BACKLIGHT_ARCXCNN is not set +# end of Backlight & LCD device support + +CONFIG_VGASTATE=m +CONFIG_HDMI=y + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +CONFIG_FRAMEBUFFER_CONSOLE=y +# CONFIG_FRAMEBUFFER_CONSOLE_LEGACY_ACCELERATION is not set +CONFIG_FRAMEBUFFER_CONSOLE_DETECT_PRIMARY=y +CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y +# CONFIG_FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER is not set +# end of Console display driver support + +# CONFIG_LOGO is not set +# end of Graphics support + +CONFIG_SOUND=m +CONFIG_SND=m +CONFIG_SND_TIMER=m +CONFIG_SND_PCM=m +CONFIG_SND_HWDEP=m +CONFIG_SND_RAWMIDI=m +CONFIG_SND_COMPRESS_OFFLOAD=m +CONFIG_SND_JACK=y +CONFIG_SND_JACK_INPUT_DEV=y +# CONFIG_SND_OSSEMUL is not set +CONFIG_SND_PCM_TIMER=y +# CONFIG_SND_HRTIMER is not set +CONFIG_SND_DYNAMIC_MINORS=y +CONFIG_SND_MAX_CARDS=4 +CONFIG_SND_SUPPORT_OLD_API=y +CONFIG_SND_PROC_FS=y +CONFIG_SND_VERBOSE_PROCFS=y +# CONFIG_SND_VERBOSE_PRINTK is not set +# CONFIG_SND_DEBUG is not set +CONFIG_SND_VMASTER=y +CONFIG_SND_DMA_SGBUF=y +CONFIG_SND_CTL_LED=m +# CONFIG_SND_SEQUENCER is not set +CONFIG_SND_AC97_CODEC=m +CONFIG_SND_DRIVERS=y +# CONFIG_SND_DUMMY is not set +# CONFIG_SND_ALOOP is not set +# CONFIG_SND_MTPAV is not set +# CONFIG_SND_SERIAL_U16550 is not set +# CONFIG_SND_MPU401 is not set +# CONFIG_SND_AC97_POWER_SAVE is not set +CONFIG_SND_PCI=y +# CONFIG_SND_AD1889 is not set +# CONFIG_SND_ALS4000 is not set +# CONFIG_SND_ASIHPI is not set +# CONFIG_SND_ATIIXP is not set +# CONFIG_SND_ATIIXP_MODEM is not set +# CONFIG_SND_AU8810 is not set +# CONFIG_SND_AU8820 is not set +# CONFIG_SND_AU8830 is not set +# CONFIG_SND_AW2 is not set +# CONFIG_SND_BT87X is not set +# CONFIG_SND_CA0106 is not set +# CONFIG_SND_CMIPCI is not set +# CONFIG_SND_OXYGEN is not set +# CONFIG_SND_CS4281 is not set +# CONFIG_SND_CS46XX is not set +# CONFIG_SND_CTXFI is not set +# CONFIG_SND_DARLA20 is not set +# CONFIG_SND_GINA20 is not set +# CONFIG_SND_LAYLA20 is not set +# CONFIG_SND_DARLA24 is not set +# CONFIG_SND_GINA24 is not set +# CONFIG_SND_LAYLA24 is not set +# CONFIG_SND_MONA is not set +# CONFIG_SND_MIA is not set +# CONFIG_SND_ECHO3G is not set +# CONFIG_SND_INDIGO is not set +# CONFIG_SND_INDIGOIO is not set +# CONFIG_SND_INDIGODJ is not set +# CONFIG_SND_INDIGOIOX is not set +# CONFIG_SND_INDIGODJX is not set +# CONFIG_SND_ENS1370 is not set +CONFIG_SND_ENS1371=m +# CONFIG_SND_FM801 is not set +# CONFIG_SND_HDSP is not set +# CONFIG_SND_HDSPM is not set +# CONFIG_SND_ICE1724 is not set +# CONFIG_SND_INTEL8X0 is not set +# CONFIG_SND_INTEL8X0M is not set +# CONFIG_SND_KORG1212 is not set +# CONFIG_SND_LOLA is not set +# CONFIG_SND_LX6464ES is not set +# CONFIG_SND_MIXART is not set +# CONFIG_SND_NM256 is not set +# CONFIG_SND_PCXHR is not set +# CONFIG_SND_RIPTIDE is not set +# CONFIG_SND_RME32 is not set +# CONFIG_SND_RME96 is not set +# CONFIG_SND_RME9652 is not set +# CONFIG_SND_SE6X is not set +# CONFIG_SND_VIA82XX is not set +# CONFIG_SND_VIA82XX_MODEM is not set +# CONFIG_SND_VIRTUOSO is not set +# CONFIG_SND_VX222 is not set +# CONFIG_SND_YMFPCI is not set + +# +# HD-Audio +# +CONFIG_SND_HDA=m +CONFIG_SND_HDA_GENERIC_LEDS=y +CONFIG_SND_HDA_INTEL=m +# CONFIG_SND_HDA_HWDEP is not set +# CONFIG_SND_HDA_RECONFIG is not set +# CONFIG_SND_HDA_INPUT_BEEP is not set +# CONFIG_SND_HDA_PATCH_LOADER is not set +CONFIG_SND_HDA_CODEC_REALTEK=m +# CONFIG_SND_HDA_CODEC_ANALOG is not set +# CONFIG_SND_HDA_CODEC_SIGMATEL is not set +# CONFIG_SND_HDA_CODEC_VIA is not set +CONFIG_SND_HDA_CODEC_HDMI=m +# CONFIG_SND_HDA_CODEC_CIRRUS is not set +# CONFIG_SND_HDA_CODEC_CS8409 is not set +# CONFIG_SND_HDA_CODEC_CONEXANT is not set +# CONFIG_SND_HDA_CODEC_CA0110 is not set +# CONFIG_SND_HDA_CODEC_CA0132 is not set +# CONFIG_SND_HDA_CODEC_CMEDIA is not set +# CONFIG_SND_HDA_CODEC_SI3054 is not set +CONFIG_SND_HDA_GENERIC=m +CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 +# CONFIG_SND_HDA_INTEL_HDMI_SILENT_STREAM is not set +# end of HD-Audio + +CONFIG_SND_HDA_CORE=m +CONFIG_SND_HDA_DSP_LOADER=y +CONFIG_SND_HDA_COMPONENT=y +CONFIG_SND_HDA_I915=y +CONFIG_SND_HDA_EXT_CORE=m +CONFIG_SND_HDA_PREALLOC_SIZE=0 +CONFIG_SND_INTEL_NHLT=y +CONFIG_SND_INTEL_DSP_CONFIG=m +CONFIG_SND_INTEL_SOUNDWIRE_ACPI=m +CONFIG_SND_USB=y +CONFIG_SND_USB_AUDIO=m +# CONFIG_SND_USB_UA101 is not set +# CONFIG_SND_USB_USX2Y is not set +# CONFIG_SND_USB_CAIAQ is not set +# CONFIG_SND_USB_US122L is not set +# CONFIG_SND_USB_6FIRE is not set +# CONFIG_SND_USB_HIFACE is not set +# CONFIG_SND_BCD2000 is not set +# CONFIG_SND_USB_POD is not set +# CONFIG_SND_USB_PODHD is not set +# CONFIG_SND_USB_TONEPORT is not set +# CONFIG_SND_USB_VARIAX is not set +CONFIG_SND_SOC=m +CONFIG_SND_SOC_COMPRESS=y +CONFIG_SND_SOC_TOPOLOGY=y +CONFIG_SND_SOC_ACPI=m +# CONFIG_SND_SOC_ADI is not set +# CONFIG_SND_SOC_AMD_ACP is not set +# CONFIG_SND_SOC_AMD_ACP3x is not set +# CONFIG_SND_SOC_AMD_RENOIR is not set +# CONFIG_SND_SOC_AMD_ACP5x is not set +# CONFIG_SND_ATMEL_SOC is not set +# CONFIG_SND_BCM63XX_I2S_WHISTLER is not set +# CONFIG_SND_DESIGNWARE_I2S is not set + +# +# SoC Audio for Freescale CPUs +# + +# +# Common SoC Audio options for Freescale CPUs: +# +# CONFIG_SND_SOC_FSL_ASRC is not set +# CONFIG_SND_SOC_FSL_SAI is not set +# CONFIG_SND_SOC_FSL_AUDMIX is not set +# CONFIG_SND_SOC_FSL_SSI is not set +# CONFIG_SND_SOC_FSL_SPDIF is not set +# CONFIG_SND_SOC_FSL_ESAI is not set +# CONFIG_SND_SOC_FSL_MICFIL is not set +# CONFIG_SND_SOC_FSL_XCVR is not set +# CONFIG_SND_SOC_IMX_AUDMUX is not set +# end of SoC Audio for Freescale CPUs + +# CONFIG_SND_I2S_HI6210_I2S is not set +# CONFIG_SND_SOC_IMG is not set +CONFIG_SND_SOC_INTEL_SST_TOPLEVEL=y +CONFIG_SND_SOC_INTEL_SST=m +# CONFIG_SND_SOC_INTEL_CATPT is not set +CONFIG_SND_SST_ATOM_HIFI2_PLATFORM=m +# CONFIG_SND_SST_ATOM_HIFI2_PLATFORM_PCI is not set +CONFIG_SND_SST_ATOM_HIFI2_PLATFORM_ACPI=m +CONFIG_SND_SOC_INTEL_SKYLAKE=m +CONFIG_SND_SOC_INTEL_SKL=m +CONFIG_SND_SOC_INTEL_APL=m +CONFIG_SND_SOC_INTEL_KBL=m +CONFIG_SND_SOC_INTEL_GLK=m +CONFIG_SND_SOC_INTEL_CNL=m +CONFIG_SND_SOC_INTEL_CFL=m +# CONFIG_SND_SOC_INTEL_CML_H is not set +# CONFIG_SND_SOC_INTEL_CML_LP is not set +CONFIG_SND_SOC_INTEL_SKYLAKE_FAMILY=m +# CONFIG_SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC is not set +CONFIG_SND_SOC_INTEL_SKYLAKE_COMMON=m +CONFIG_SND_SOC_ACPI_INTEL_MATCH=m +CONFIG_SND_SOC_INTEL_MACH=y +# CONFIG_SND_SOC_INTEL_USER_FRIENDLY_LONG_NAMES is not set +# CONFIG_SND_SOC_INTEL_BYTCR_RT5640_MACH is not set +# CONFIG_SND_SOC_INTEL_BYTCR_RT5651_MACH is not set +# CONFIG_SND_SOC_INTEL_CHT_BSW_RT5672_MACH is not set +# CONFIG_SND_SOC_INTEL_CHT_BSW_RT5645_MACH is not set +# CONFIG_SND_SOC_INTEL_CHT_BSW_MAX98090_TI_MACH is not set +# CONFIG_SND_SOC_INTEL_CHT_BSW_NAU8824_MACH is not set +# CONFIG_SND_SOC_INTEL_BYT_CHT_CX2072X_MACH is not set +# CONFIG_SND_SOC_INTEL_BYT_CHT_DA7213_MACH is not set +# CONFIG_SND_SOC_INTEL_BYT_CHT_ES8316_MACH is not set +# CONFIG_SND_SOC_INTEL_BYT_CHT_NOCODEC_MACH is not set +# CONFIG_SND_SOC_INTEL_SKL_RT286_MACH is not set +# CONFIG_SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH is not set +# CONFIG_SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH is not set +# CONFIG_SND_SOC_INTEL_BXT_DA7219_MAX98357A_MACH is not set +# CONFIG_SND_SOC_INTEL_BXT_RT298_MACH is not set +# CONFIG_SND_SOC_INTEL_KBL_RT5663_MAX98927_MACH is not set +# CONFIG_SND_SOC_INTEL_KBL_DA7219_MAX98357A_MACH is not set +# CONFIG_SND_SOC_INTEL_KBL_DA7219_MAX98927_MACH is not set +# CONFIG_SND_SOC_INTEL_KBL_RT5660_MACH is not set +# CONFIG_SND_SOC_MTK_BTCVSD is not set +# CONFIG_SND_SOC_SOF_TOPLEVEL is not set + +# +# STMicroelectronics STM32 SOC audio support +# +# end of STMicroelectronics STM32 SOC audio support + +# CONFIG_SND_SOC_XILINX_I2S is not set +# CONFIG_SND_SOC_XILINX_AUDIO_FORMATTER is not set +# CONFIG_SND_SOC_XILINX_SPDIF is not set +# CONFIG_SND_SOC_XTFPGA_I2S is not set +CONFIG_SND_SOC_I2C_AND_SPI=m + +# +# CODEC drivers +# +# CONFIG_SND_SOC_AC97_CODEC is not set +# CONFIG_SND_SOC_ADAU1372_I2C is not set +# CONFIG_SND_SOC_ADAU1701 is not set +# CONFIG_SND_SOC_ADAU1761_I2C is not set +# CONFIG_SND_SOC_ADAU7002 is not set +# CONFIG_SND_SOC_ADAU7118_HW is not set +# CONFIG_SND_SOC_ADAU7118_I2C is not set +# CONFIG_SND_SOC_AK4118 is not set +# CONFIG_SND_SOC_AK4458 is not set +# CONFIG_SND_SOC_AK4554 is not set +# CONFIG_SND_SOC_AK4613 is not set +# CONFIG_SND_SOC_AK4642 is not set +# CONFIG_SND_SOC_AK5386 is not set +# CONFIG_SND_SOC_AK5558 is not set +# CONFIG_SND_SOC_ALC5623 is not set +# CONFIG_SND_SOC_BD28623 is not set +# CONFIG_SND_SOC_BT_SCO is not set +# CONFIG_SND_SOC_CS35L32 is not set +# CONFIG_SND_SOC_CS35L33 is not set +# CONFIG_SND_SOC_CS35L34 is not set +# CONFIG_SND_SOC_CS35L35 is not set +# CONFIG_SND_SOC_CS35L36 is not set +# CONFIG_SND_SOC_CS42L42 is not set +# CONFIG_SND_SOC_CS42L51_I2C is not set +# CONFIG_SND_SOC_CS42L52 is not set +# CONFIG_SND_SOC_CS42L56 is not set +# CONFIG_SND_SOC_CS42L73 is not set +# CONFIG_SND_SOC_CS4234 is not set +# CONFIG_SND_SOC_CS4265 is not set +# CONFIG_SND_SOC_CS4270 is not set +# CONFIG_SND_SOC_CS4271_I2C is not set +# CONFIG_SND_SOC_CS42XX8_I2C is not set +# CONFIG_SND_SOC_CS43130 is not set +# CONFIG_SND_SOC_CS4341 is not set +# CONFIG_SND_SOC_CS4349 is not set +# CONFIG_SND_SOC_CS53L30 is not set +# CONFIG_SND_SOC_CX2072X is not set +# CONFIG_SND_SOC_DA7213 is not set +# CONFIG_SND_SOC_DMIC is not set +# CONFIG_SND_SOC_ES7134 is not set +# CONFIG_SND_SOC_ES7241 is not set +# CONFIG_SND_SOC_ES8316 is not set +# CONFIG_SND_SOC_ES8328_I2C is not set +# CONFIG_SND_SOC_GTM601 is not set +# CONFIG_SND_SOC_ICS43432 is not set +# CONFIG_SND_SOC_INNO_RK3036 is not set +# CONFIG_SND_SOC_MAX98088 is not set +# CONFIG_SND_SOC_MAX98357A is not set +# CONFIG_SND_SOC_MAX98504 is not set +# CONFIG_SND_SOC_MAX9867 is not set +# CONFIG_SND_SOC_MAX98927 is not set +# CONFIG_SND_SOC_MAX98373_I2C is not set +# CONFIG_SND_SOC_MAX98390 is not set +# CONFIG_SND_SOC_MAX9860 is not set +# CONFIG_SND_SOC_MSM8916_WCD_DIGITAL is not set +# CONFIG_SND_SOC_PCM1681 is not set +# CONFIG_SND_SOC_PCM1789_I2C is not set +# CONFIG_SND_SOC_PCM179X_I2C is not set +# CONFIG_SND_SOC_PCM186X_I2C is not set +# CONFIG_SND_SOC_PCM3060_I2C is not set +# CONFIG_SND_SOC_PCM3168A_I2C is not set +# CONFIG_SND_SOC_PCM5102A is not set +# CONFIG_SND_SOC_PCM512x_I2C is not set +# CONFIG_SND_SOC_RK3328 is not set +# CONFIG_SND_SOC_RT5616 is not set +# CONFIG_SND_SOC_RT5631 is not set +# CONFIG_SND_SOC_RT5640 is not set +# CONFIG_SND_SOC_RT5659 is not set +# CONFIG_SND_SOC_SGTL5000 is not set +# CONFIG_SND_SOC_SIMPLE_AMPLIFIER is not set +# CONFIG_SND_SOC_SIMPLE_MUX is not set +# CONFIG_SND_SOC_SPDIF is not set +# CONFIG_SND_SOC_SSM2305 is not set +# CONFIG_SND_SOC_SSM2518 is not set +# CONFIG_SND_SOC_SSM2602_I2C is not set +# CONFIG_SND_SOC_SSM4567 is not set +# CONFIG_SND_SOC_STA32X is not set +# CONFIG_SND_SOC_STA350 is not set +# CONFIG_SND_SOC_STI_SAS is not set +# CONFIG_SND_SOC_TAS2552 is not set +# CONFIG_SND_SOC_TAS2562 is not set +# CONFIG_SND_SOC_TAS2764 is not set +# CONFIG_SND_SOC_TAS2770 is not set +# CONFIG_SND_SOC_TAS5086 is not set +# CONFIG_SND_SOC_TAS571X is not set +# CONFIG_SND_SOC_TAS5720 is not set +# CONFIG_SND_SOC_TAS6424 is not set +# CONFIG_SND_SOC_TDA7419 is not set +# CONFIG_SND_SOC_TFA9879 is not set +# CONFIG_SND_SOC_TFA989X is not set +# CONFIG_SND_SOC_TLV320AIC23_I2C is not set +# CONFIG_SND_SOC_TLV320AIC31XX is not set +# CONFIG_SND_SOC_TLV320AIC32X4_I2C is not set +# CONFIG_SND_SOC_TLV320AIC3X_I2C is not set +# CONFIG_SND_SOC_TLV320ADCX140 is not set +# CONFIG_SND_SOC_TS3A227E is not set +# CONFIG_SND_SOC_TSCS42XX is not set +# CONFIG_SND_SOC_TSCS454 is not set +# CONFIG_SND_SOC_UDA1334 is not set +# CONFIG_SND_SOC_WM8510 is not set +# CONFIG_SND_SOC_WM8523 is not set +# CONFIG_SND_SOC_WM8524 is not set +# CONFIG_SND_SOC_WM8580 is not set +# CONFIG_SND_SOC_WM8711 is not set +# CONFIG_SND_SOC_WM8728 is not set +# CONFIG_SND_SOC_WM8731 is not set +# CONFIG_SND_SOC_WM8737 is not set +# CONFIG_SND_SOC_WM8741 is not set +# CONFIG_SND_SOC_WM8750 is not set +# CONFIG_SND_SOC_WM8753 is not set +# CONFIG_SND_SOC_WM8776 is not set +# CONFIG_SND_SOC_WM8782 is not set +# CONFIG_SND_SOC_WM8804_I2C is not set +# CONFIG_SND_SOC_WM8903 is not set +# CONFIG_SND_SOC_WM8904 is not set +# CONFIG_SND_SOC_WM8960 is not set +# CONFIG_SND_SOC_WM8962 is not set +# CONFIG_SND_SOC_WM8974 is not set +# CONFIG_SND_SOC_WM8978 is not set +# CONFIG_SND_SOC_WM8985 is not set +# CONFIG_SND_SOC_MAX9759 is not set +# CONFIG_SND_SOC_MT6351 is not set +# CONFIG_SND_SOC_MT6358 is not set +# CONFIG_SND_SOC_MT6660 is not set +# CONFIG_SND_SOC_NAU8315 is not set +# CONFIG_SND_SOC_NAU8540 is not set +# CONFIG_SND_SOC_NAU8810 is not set +# CONFIG_SND_SOC_NAU8822 is not set +# CONFIG_SND_SOC_NAU8824 is not set +# CONFIG_SND_SOC_TPA6130A2 is not set +# CONFIG_SND_SOC_LPASS_WSA_MACRO is not set +# CONFIG_SND_SOC_LPASS_VA_MACRO is not set +# CONFIG_SND_SOC_LPASS_RX_MACRO is not set +# CONFIG_SND_SOC_LPASS_TX_MACRO is not set +# end of CODEC drivers + +# CONFIG_SND_SIMPLE_CARD is not set +# CONFIG_SND_X86 is not set +# CONFIG_SND_XEN_FRONTEND is not set +# CONFIG_SND_VIRTIO is not set +CONFIG_AC97_BUS=m + +# +# HID support +# +CONFIG_HID=m +# CONFIG_HID_BATTERY_STRENGTH is not set +# CONFIG_HIDRAW is not set +# CONFIG_UHID is not set +CONFIG_HID_GENERIC=m + +# +# Special HID drivers +# +CONFIG_HID_A4TECH=m +# CONFIG_HID_ACCUTOUCH is not set +# CONFIG_HID_ACRUX is not set +CONFIG_HID_APPLE=m +# CONFIG_HID_APPLEIR is not set +# CONFIG_HID_ASUS is not set +# CONFIG_HID_AUREAL is not set +CONFIG_HID_BELKIN=m +# CONFIG_HID_BETOP_FF is not set +# CONFIG_HID_BIGBEN_FF is not set +CONFIG_HID_CHERRY=m +# CONFIG_HID_CHICONY is not set +# CONFIG_HID_CORSAIR is not set +# CONFIG_HID_COUGAR is not set +# CONFIG_HID_MACALLY is not set +# CONFIG_HID_PRODIKEYS is not set +# CONFIG_HID_CMEDIA is not set +# CONFIG_HID_CREATIVE_SB0540 is not set +# CONFIG_HID_CYPRESS is not set +# CONFIG_HID_DRAGONRISE is not set +# CONFIG_HID_EMS_FF is not set +# CONFIG_HID_ELAN is not set +# CONFIG_HID_ELECOM is not set +# CONFIG_HID_ELO is not set +CONFIG_HID_EZKEY=m +# CONFIG_HID_GEMBIRD is not set +# CONFIG_HID_GFRM is not set +# CONFIG_HID_GLORIOUS is not set +# CONFIG_HID_HOLTEK is not set +# CONFIG_HID_VIVALDI is not set +# CONFIG_HID_GT683R is not set +# CONFIG_HID_KEYTOUCH is not set +# CONFIG_HID_KYE is not set +# CONFIG_HID_UCLOGIC is not set +# CONFIG_HID_WALTOP is not set +# CONFIG_HID_VIEWSONIC is not set +# CONFIG_HID_GYRATION is not set +# CONFIG_HID_ICADE is not set +# CONFIG_HID_ITE is not set +# CONFIG_HID_JABRA is not set +# CONFIG_HID_TWINHAN is not set +# CONFIG_HID_KENSINGTON is not set +# CONFIG_HID_LCPOWER is not set +# CONFIG_HID_LED is not set +# CONFIG_HID_LENOVO is not set +CONFIG_HID_LOGITECH=m +# CONFIG_HID_LOGITECH_HIDPP is not set +# CONFIG_LOGITECH_FF is not set +# CONFIG_LOGIRUMBLEPAD2_FF is not set +# CONFIG_LOGIG940_FF is not set +# CONFIG_LOGIWHEELS_FF is not set +# CONFIG_HID_MAGICMOUSE is not set +# CONFIG_HID_MALTRON is not set +# CONFIG_HID_MAYFLASH is not set +# CONFIG_HID_REDRAGON is not set +CONFIG_HID_MICROSOFT=m +CONFIG_HID_MONTEREY=m +# CONFIG_HID_MULTITOUCH is not set +# CONFIG_HID_NTI is not set +# CONFIG_HID_NTRIG is not set +# CONFIG_HID_ORTEK is not set +# CONFIG_HID_PANTHERLORD is not set +# CONFIG_HID_PENMOUNT is not set +# CONFIG_HID_PETALYNX is not set +# CONFIG_HID_PICOLCD is not set +# CONFIG_HID_PLANTRONICS is not set +# CONFIG_HID_PLAYSTATION is not set +# CONFIG_HID_PRIMAX is not set +# CONFIG_HID_RETRODE is not set +# CONFIG_HID_ROCCAT is not set +# CONFIG_HID_SAITEK is not set +# CONFIG_HID_SAMSUNG is not set +# CONFIG_HID_SEMITEK is not set +# CONFIG_HID_SONY is not set +# CONFIG_HID_SPEEDLINK is not set +# CONFIG_HID_STEAM is not set +# CONFIG_HID_STEELSERIES is not set +# CONFIG_HID_SUNPLUS is not set +# CONFIG_HID_RMI is not set +# CONFIG_HID_GREENASIA is not set +CONFIG_HID_HYPERV_MOUSE=m +# CONFIG_HID_SMARTJOYPLUS is not set +# CONFIG_HID_TIVO is not set +# CONFIG_HID_TOPSEED is not set +# CONFIG_HID_THINGM is not set +# CONFIG_HID_THRUSTMASTER is not set +# CONFIG_HID_UDRAW_PS3 is not set +# CONFIG_HID_U2FZERO is not set +# CONFIG_HID_WACOM is not set +# CONFIG_HID_WIIMOTE is not set +# CONFIG_HID_XINMO is not set +# CONFIG_HID_ZEROPLUS is not set +# CONFIG_HID_ZYDACRON is not set +# CONFIG_HID_SENSOR_HUB is not set +# CONFIG_HID_ALPS is not set +# CONFIG_HID_MCP2221 is not set +# end of Special HID drivers + +# +# USB HID support +# +CONFIG_USB_HID=m +# CONFIG_HID_PID is not set +# CONFIG_USB_HIDDEV is not set + +# +# USB HID Boot Protocol drivers +# +# CONFIG_USB_KBD is not set +# CONFIG_USB_MOUSE is not set +# end of USB HID Boot Protocol drivers +# end of USB HID support + +# +# I2C HID support +# +# CONFIG_I2C_HID_ACPI is not set +# end of I2C HID support + +# +# Intel ISH HID support +# +# CONFIG_INTEL_ISH_HID is not set +# end of Intel ISH HID support + +# +# AMD SFH HID Support +# +# CONFIG_AMD_SFH_HID is not set +# end of AMD SFH HID Support +# end of HID support + +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +CONFIG_USB_SUPPORT=y +CONFIG_USB_COMMON=m +# CONFIG_USB_LED_TRIG is not set +# CONFIG_USB_ULPI_BUS is not set +# CONFIG_USB_CONN_GPIO is not set +CONFIG_USB_ARCH_HAS_HCD=y +CONFIG_USB=m +CONFIG_USB_PCI=y +# CONFIG_USB_ANNOUNCE_NEW_DEVICES is not set + +# +# Miscellaneous USB options +# +CONFIG_USB_DEFAULT_PERSIST=y +# CONFIG_USB_FEW_INIT_RETRIES is not set +# CONFIG_USB_DYNAMIC_MINORS is not set +# CONFIG_USB_OTG is not set +# CONFIG_USB_OTG_PRODUCTLIST is not set +# CONFIG_USB_OTG_DISABLE_EXTERNAL_HUB is not set +# CONFIG_USB_LEDS_TRIGGER_USBPORT is not set +CONFIG_USB_AUTOSUSPEND_DELAY=2 +# CONFIG_USB_MON is not set + +# +# USB Host Controller Drivers +# +# CONFIG_USB_C67X00_HCD is not set +CONFIG_USB_XHCI_HCD=m +# CONFIG_USB_XHCI_DBGCAP is not set +CONFIG_USB_XHCI_PCI=m +# CONFIG_USB_XHCI_PCI_RENESAS is not set +# CONFIG_USB_XHCI_PLATFORM is not set +CONFIG_USB_EHCI_HCD=m +# CONFIG_USB_EHCI_ROOT_HUB_TT is not set +CONFIG_USB_EHCI_TT_NEWSCHED=y +CONFIG_USB_EHCI_PCI=m +# CONFIG_USB_EHCI_FSL is not set +CONFIG_USB_EHCI_HCD_PLATFORM=m +# CONFIG_USB_OXU210HP_HCD is not set +# CONFIG_USB_ISP116X_HCD is not set +# CONFIG_USB_FOTG210_HCD is not set +CONFIG_USB_OHCI_HCD=m +CONFIG_USB_OHCI_HCD_PCI=m +CONFIG_USB_OHCI_HCD_SSB=y +CONFIG_USB_OHCI_HCD_PLATFORM=m +CONFIG_USB_UHCI_HCD=m +# CONFIG_USB_SL811_HCD is not set +# CONFIG_USB_R8A66597_HCD is not set +CONFIG_USB_HCD_SSB=m +# CONFIG_USB_HCD_TEST_MODE is not set + +# +# USB Device Class drivers +# +CONFIG_USB_ACM=m +# CONFIG_USB_PRINTER is not set +CONFIG_USB_WDM=m +# CONFIG_USB_TMC is not set + +# +# NOTE: USB_STORAGE depends on SCSI but BLK_DEV_SD may +# + +# +# also be needed; see USB_STORAGE Help for more info +# +CONFIG_USB_STORAGE=m +# CONFIG_USB_STORAGE_DEBUG is not set +# CONFIG_USB_STORAGE_REALTEK is not set +# CONFIG_USB_STORAGE_DATAFAB is not set +# CONFIG_USB_STORAGE_FREECOM is not set +# CONFIG_USB_STORAGE_ISD200 is not set +# CONFIG_USB_STORAGE_USBAT is not set +# CONFIG_USB_STORAGE_SDDR09 is not set +# CONFIG_USB_STORAGE_SDDR55 is not set +# CONFIG_USB_STORAGE_JUMPSHOT is not set +# CONFIG_USB_STORAGE_ALAUDA is not set +# CONFIG_USB_STORAGE_ONETOUCH is not set +# CONFIG_USB_STORAGE_KARMA is not set +# CONFIG_USB_STORAGE_CYPRESS_ATACB is not set +# CONFIG_USB_STORAGE_ENE_UB6250 is not set +CONFIG_USB_UAS=m + +# +# USB Imaging devices +# +# CONFIG_USB_MDC800 is not set +# CONFIG_USB_MICROTEK is not set +CONFIG_USBIP_CORE=m +CONFIG_USBIP_VHCI_HCD=m +CONFIG_USBIP_VHCI_HC_PORTS=8 +CONFIG_USBIP_VHCI_NR_HCS=1 +CONFIG_USBIP_HOST=m +# CONFIG_USBIP_DEBUG is not set +# CONFIG_USB_CDNS_SUPPORT is not set +# CONFIG_USB_MUSB_HDRC is not set +# CONFIG_USB_DWC3 is not set +# CONFIG_USB_DWC2 is not set +# CONFIG_USB_CHIPIDEA is not set +# CONFIG_USB_ISP1760 is not set + +# +# USB port drivers +# +CONFIG_USB_SERIAL=m +CONFIG_USB_SERIAL_GENERIC=y +# CONFIG_USB_SERIAL_SIMPLE is not set +# CONFIG_USB_SERIAL_AIRCABLE is not set +# CONFIG_USB_SERIAL_ARK3116 is not set +# CONFIG_USB_SERIAL_BELKIN is not set +# CONFIG_USB_SERIAL_CH341 is not set +# CONFIG_USB_SERIAL_WHITEHEAT is not set +# CONFIG_USB_SERIAL_DIGI_ACCELEPORT is not set +CONFIG_USB_SERIAL_CP210X=m +# CONFIG_USB_SERIAL_CYPRESS_M8 is not set +# CONFIG_USB_SERIAL_EMPEG is not set +CONFIG_USB_SERIAL_FTDI_SIO=m +# CONFIG_USB_SERIAL_VISOR is not set +# CONFIG_USB_SERIAL_IPAQ is not set +# CONFIG_USB_SERIAL_IR is not set +# CONFIG_USB_SERIAL_EDGEPORT is not set +# CONFIG_USB_SERIAL_EDGEPORT_TI is not set +# CONFIG_USB_SERIAL_F81232 is not set +# CONFIG_USB_SERIAL_F8153X is not set +# CONFIG_USB_SERIAL_GARMIN is not set +# CONFIG_USB_SERIAL_IPW is not set +# CONFIG_USB_SERIAL_IUU is not set +# CONFIG_USB_SERIAL_KEYSPAN_PDA is not set +# CONFIG_USB_SERIAL_KEYSPAN is not set +# CONFIG_USB_SERIAL_KLSI is not set +# CONFIG_USB_SERIAL_KOBIL_SCT is not set +# CONFIG_USB_SERIAL_MCT_U232 is not set +# CONFIG_USB_SERIAL_METRO is not set +# CONFIG_USB_SERIAL_MOS7720 is not set +# CONFIG_USB_SERIAL_MOS7840 is not set +# CONFIG_USB_SERIAL_MXUPORT is not set +# CONFIG_USB_SERIAL_NAVMAN is not set +CONFIG_USB_SERIAL_PL2303=m +# CONFIG_USB_SERIAL_OTI6858 is not set +# CONFIG_USB_SERIAL_QCAUX is not set +CONFIG_USB_SERIAL_QUALCOMM=m +# CONFIG_USB_SERIAL_SPCP8X5 is not set +# CONFIG_USB_SERIAL_SAFE is not set +# CONFIG_USB_SERIAL_SIERRAWIRELESS is not set +# CONFIG_USB_SERIAL_SYMBOL is not set +# CONFIG_USB_SERIAL_TI is not set +# CONFIG_USB_SERIAL_CYBERJACK is not set +CONFIG_USB_SERIAL_WWAN=m +CONFIG_USB_SERIAL_OPTION=m +# CONFIG_USB_SERIAL_OMNINET is not set +# CONFIG_USB_SERIAL_OPTICON is not set +# CONFIG_USB_SERIAL_XSENS_MT is not set +# CONFIG_USB_SERIAL_WISHBONE is not set +# CONFIG_USB_SERIAL_SSU100 is not set +# CONFIG_USB_SERIAL_QT2 is not set +# CONFIG_USB_SERIAL_UPD78F0730 is not set +# CONFIG_USB_SERIAL_XR is not set +# CONFIG_USB_SERIAL_DEBUG is not set + +# +# USB Miscellaneous drivers +# +# CONFIG_USB_EMI62 is not set +# CONFIG_USB_EMI26 is not set +# CONFIG_USB_ADUTUX is not set +# CONFIG_USB_SEVSEG is not set +# CONFIG_USB_LEGOTOWER is not set +# CONFIG_USB_LCD is not set +# CONFIG_USB_CYPRESS_CY7C63 is not set +# CONFIG_USB_CYTHERM is not set +# CONFIG_USB_IDMOUSE is not set +# CONFIG_USB_FTDI_ELAN is not set +# CONFIG_USB_APPLEDISPLAY is not set +# CONFIG_APPLE_MFI_FASTCHARGE is not set +# CONFIG_USB_SISUSBVGA is not set +# CONFIG_USB_LD is not set +# CONFIG_USB_TRANCEVIBRATOR is not set +# CONFIG_USB_IOWARRIOR is not set +# CONFIG_USB_TEST is not set +# CONFIG_USB_EHSET_TEST_FIXTURE is not set +# CONFIG_USB_ISIGHTFW is not set +# CONFIG_USB_YUREX is not set +# CONFIG_USB_EZUSB_FX2 is not set +# CONFIG_USB_HUB_USB251XB is not set +# CONFIG_USB_HSIC_USB3503 is not set +# CONFIG_USB_HSIC_USB4604 is not set +# CONFIG_USB_LINK_LAYER_TEST is not set +# CONFIG_USB_CHAOSKEY is not set + +# +# USB Physical Layer drivers +# +# CONFIG_NOP_USB_XCEIV is not set +# CONFIG_USB_GPIO_VBUS is not set +# CONFIG_USB_ISP1301 is not set +# end of USB Physical Layer drivers + +# CONFIG_USB_GADGET is not set +# CONFIG_TYPEC is not set +# CONFIG_USB_ROLE_SWITCH is not set +CONFIG_MMC=m +CONFIG_MMC_BLOCK=m +CONFIG_MMC_BLOCK_MINORS=16 +# CONFIG_SDIO_UART is not set +# CONFIG_MMC_TEST is not set + +# +# MMC/SD/SDIO Host Controller Drivers +# +# CONFIG_MMC_DEBUG is not set +CONFIG_MMC_SDHCI=m +CONFIG_MMC_SDHCI_IO_ACCESSORS=y +CONFIG_MMC_SDHCI_PCI=m +# CONFIG_MMC_RICOH_MMC is not set +CONFIG_MMC_SDHCI_ACPI=m +# CONFIG_MMC_SDHCI_PLTFM is not set +# CONFIG_MMC_WBSD is not set +# CONFIG_MMC_TIFM_SD is not set +# CONFIG_MMC_CB710 is not set +# CONFIG_MMC_VIA_SDMMC is not set +# CONFIG_MMC_VUB300 is not set +# CONFIG_MMC_USHC is not set +# CONFIG_MMC_USDHI6ROL0 is not set +CONFIG_MMC_CQHCI=m +# CONFIG_MMC_HSQ is not set +# CONFIG_MMC_TOSHIBA_PCI is not set +# CONFIG_MMC_MTK is not set +# CONFIG_MEMSTICK is not set +CONFIG_NEW_LEDS=y +CONFIG_LEDS_CLASS=m +# CONFIG_LEDS_CLASS_FLASH is not set +# CONFIG_LEDS_CLASS_MULTICOLOR is not set +# CONFIG_LEDS_BRIGHTNESS_HW_CHANGED is not set + +# +# LED drivers +# +# CONFIG_LEDS_APU is not set +# CONFIG_LEDS_LM3530 is not set +# CONFIG_LEDS_LM3532 is not set +# CONFIG_LEDS_LM3642 is not set +# CONFIG_LEDS_PCA9532 is not set +# CONFIG_LEDS_GPIO is not set +# CONFIG_LEDS_LP3944 is not set +# CONFIG_LEDS_LP3952 is not set +# CONFIG_LEDS_LP50XX is not set +# CONFIG_LEDS_CLEVO_MAIL is not set +# CONFIG_LEDS_PCA955X is not set +# CONFIG_LEDS_PCA963X is not set +# CONFIG_LEDS_PWM is not set +# CONFIG_LEDS_BD2802 is not set +# CONFIG_LEDS_INTEL_SS4200 is not set +# CONFIG_LEDS_LT3593 is not set +# CONFIG_LEDS_TCA6507 is not set +# CONFIG_LEDS_TLC591XX is not set +# CONFIG_LEDS_LM355x is not set + +# +# LED driver for blink(1) USB RGB LED is under Special HID drivers (HID_THINGM) +# +# CONFIG_LEDS_BLINKM is not set +# CONFIG_LEDS_MLXCPLD is not set +# CONFIG_LEDS_MLXREG is not set +# CONFIG_LEDS_USER is not set +# CONFIG_LEDS_NIC78BX is not set +# CONFIG_LEDS_TI_LMU_COMMON is not set + +# +# Flash and Torch LED drivers +# + +# +# LED Triggers +# +CONFIG_LEDS_TRIGGERS=y +# CONFIG_LEDS_TRIGGER_TIMER is not set +# CONFIG_LEDS_TRIGGER_ONESHOT is not set +# CONFIG_LEDS_TRIGGER_DISK is not set +# CONFIG_LEDS_TRIGGER_HEARTBEAT is not set +# CONFIG_LEDS_TRIGGER_BACKLIGHT is not set +# CONFIG_LEDS_TRIGGER_CPU is not set +# CONFIG_LEDS_TRIGGER_ACTIVITY is not set +# CONFIG_LEDS_TRIGGER_GPIO is not set +# CONFIG_LEDS_TRIGGER_DEFAULT_ON is not set + +# +# iptables trigger is under Netfilter config (LED target) +# +# CONFIG_LEDS_TRIGGER_TRANSIENT is not set +# CONFIG_LEDS_TRIGGER_CAMERA is not set +# CONFIG_LEDS_TRIGGER_PANIC is not set +# CONFIG_LEDS_TRIGGER_NETDEV is not set +# CONFIG_LEDS_TRIGGER_PATTERN is not set +CONFIG_LEDS_TRIGGER_AUDIO=m +# CONFIG_LEDS_TRIGGER_TTY is not set +CONFIG_ACCESSIBILITY=y +# CONFIG_A11Y_BRAILLE_CONSOLE is not set + +# +# Speakup console speech +# +CONFIG_SPEAKUP=m +# CONFIG_SPEAKUP_SYNTH_ACNTSA is not set +# CONFIG_SPEAKUP_SYNTH_APOLLO is not set +# CONFIG_SPEAKUP_SYNTH_AUDPTR is not set +# CONFIG_SPEAKUP_SYNTH_BNS is not set +# CONFIG_SPEAKUP_SYNTH_DECTLK is not set +# CONFIG_SPEAKUP_SYNTH_DECEXT is not set +# CONFIG_SPEAKUP_SYNTH_LTLK is not set +CONFIG_SPEAKUP_SYNTH_SOFT=m +# CONFIG_SPEAKUP_SYNTH_SPKOUT is not set +# CONFIG_SPEAKUP_SYNTH_TXPRT is not set +# CONFIG_SPEAKUP_SYNTH_DUMMY is not set +# end of Speakup console speech + +CONFIG_INFINIBAND=m +CONFIG_INFINIBAND_USER_MAD=m +CONFIG_INFINIBAND_USER_ACCESS=m +CONFIG_INFINIBAND_USER_MEM=y +CONFIG_INFINIBAND_ON_DEMAND_PAGING=y +CONFIG_INFINIBAND_ADDR_TRANS=y +CONFIG_INFINIBAND_ADDR_TRANS_CONFIGFS=y +CONFIG_INFINIBAND_VIRT_DMA=y +# CONFIG_INFINIBAND_MTHCA is not set +# CONFIG_INFINIBAND_CXGB4 is not set +# CONFIG_INFINIBAND_EFA is not set +CONFIG_MLX4_INFINIBAND=m +CONFIG_MLX5_INFINIBAND=m +# CONFIG_INFINIBAND_OCRDMA is not set +# CONFIG_INFINIBAND_VMWARE_PVRDMA is not set +# CONFIG_INFINIBAND_USNIC is not set +CONFIG_INFINIBAND_BNXT_RE=m +# CONFIG_INFINIBAND_QEDR is not set +# CONFIG_INFINIBAND_RDMAVT is not set +# CONFIG_RDMA_RXE is not set +# CONFIG_RDMA_SIW is not set +CONFIG_INFINIBAND_IPOIB=m +# CONFIG_INFINIBAND_IPOIB_CM is not set +CONFIG_INFINIBAND_IPOIB_DEBUG=y +# CONFIG_INFINIBAND_IPOIB_DEBUG_DATA is not set +# CONFIG_INFINIBAND_SRP is not set +# CONFIG_INFINIBAND_SRPT is not set +# CONFIG_INFINIBAND_ISER is not set +# CONFIG_INFINIBAND_ISERT is not set +# CONFIG_INFINIBAND_RTRS_CLIENT is not set +# CONFIG_INFINIBAND_RTRS_SERVER is not set +# CONFIG_INFINIBAND_OPA_VNIC is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +CONFIG_EDAC=y +# CONFIG_EDAC_LEGACY_SYSFS is not set +# CONFIG_EDAC_DEBUG is not set +CONFIG_EDAC_DECODE_MCE=m +# CONFIG_EDAC_GHES is not set +CONFIG_EDAC_AMD64=m +CONFIG_EDAC_E752X=m +CONFIG_EDAC_I82975X=m +CONFIG_EDAC_I3000=m +CONFIG_EDAC_I3200=m +# CONFIG_EDAC_IE31200 is not set +CONFIG_EDAC_X38=m +CONFIG_EDAC_I5400=m +CONFIG_EDAC_I7CORE=m +CONFIG_EDAC_I5000=m +CONFIG_EDAC_I5100=m +CONFIG_EDAC_I7300=m +CONFIG_EDAC_SBRIDGE=m +CONFIG_EDAC_SKX=m +# CONFIG_EDAC_I10NM is not set +# CONFIG_EDAC_PND2 is not set +# CONFIG_EDAC_IGEN6 is not set +CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y +CONFIG_RTC_CLASS=y +CONFIG_RTC_HCTOSYS=y +CONFIG_RTC_HCTOSYS_DEVICE="rtc0" +CONFIG_RTC_SYSTOHC=y +CONFIG_RTC_SYSTOHC_DEVICE="rtc0" +# CONFIG_RTC_DEBUG is not set +CONFIG_RTC_NVMEM=y + +# +# RTC interfaces +# +CONFIG_RTC_INTF_SYSFS=y +CONFIG_RTC_INTF_PROC=y +CONFIG_RTC_INTF_DEV=y +# CONFIG_RTC_INTF_DEV_UIE_EMUL is not set +# CONFIG_RTC_DRV_TEST is not set + +# +# I2C RTC drivers +# +# CONFIG_RTC_DRV_ABB5ZES3 is not set +# CONFIG_RTC_DRV_ABEOZ9 is not set +# CONFIG_RTC_DRV_ABX80X is not set +# CONFIG_RTC_DRV_DS1307 is not set +# CONFIG_RTC_DRV_DS1374 is not set +# CONFIG_RTC_DRV_DS1672 is not set +# CONFIG_RTC_DRV_MAX6900 is not set +# CONFIG_RTC_DRV_RS5C372 is not set +# CONFIG_RTC_DRV_ISL1208 is not set +# CONFIG_RTC_DRV_ISL12022 is not set +# CONFIG_RTC_DRV_X1205 is not set +# CONFIG_RTC_DRV_PCF8523 is not set +# CONFIG_RTC_DRV_PCF85063 is not set +# CONFIG_RTC_DRV_PCF85363 is not set +# CONFIG_RTC_DRV_PCF8563 is not set +# CONFIG_RTC_DRV_PCF8583 is not set +# CONFIG_RTC_DRV_M41T80 is not set +# CONFIG_RTC_DRV_BQ32K is not set +# CONFIG_RTC_DRV_S35390A is not set +# CONFIG_RTC_DRV_FM3130 is not set +# CONFIG_RTC_DRV_RX8010 is not set +# CONFIG_RTC_DRV_RX8581 is not set +# CONFIG_RTC_DRV_RX8025 is not set +# CONFIG_RTC_DRV_EM3027 is not set +# CONFIG_RTC_DRV_RV3028 is not set +# CONFIG_RTC_DRV_RV3032 is not set +# CONFIG_RTC_DRV_RV8803 is not set +# CONFIG_RTC_DRV_SD3078 is not set + +# +# SPI RTC drivers +# +CONFIG_RTC_I2C_AND_SPI=y + +# +# SPI and I2C RTC drivers +# +# CONFIG_RTC_DRV_DS3232 is not set +# CONFIG_RTC_DRV_PCF2127 is not set +# CONFIG_RTC_DRV_RV3029C2 is not set +# CONFIG_RTC_DRV_RX6110 is not set + +# +# Platform RTC drivers +# +CONFIG_RTC_DRV_CMOS=y +# CONFIG_RTC_DRV_DS1286 is not set +# CONFIG_RTC_DRV_DS1511 is not set +# CONFIG_RTC_DRV_DS1553 is not set +# CONFIG_RTC_DRV_DS1685_FAMILY is not set +# CONFIG_RTC_DRV_DS1742 is not set +# CONFIG_RTC_DRV_DS2404 is not set +# CONFIG_RTC_DRV_STK17TA8 is not set +# CONFIG_RTC_DRV_M48T86 is not set +# CONFIG_RTC_DRV_M48T35 is not set +# CONFIG_RTC_DRV_M48T59 is not set +# CONFIG_RTC_DRV_MSM6242 is not set +# CONFIG_RTC_DRV_BQ4802 is not set +# CONFIG_RTC_DRV_RP5C01 is not set +# CONFIG_RTC_DRV_V3020 is not set + +# +# on-CPU RTC drivers +# +# CONFIG_RTC_DRV_FTRTC010 is not set + +# +# HID Sensor RTC drivers +# +# CONFIG_RTC_DRV_GOLDFISH is not set +CONFIG_DMADEVICES=y +# CONFIG_DMADEVICES_DEBUG is not set + +# +# DMA Devices +# +CONFIG_DMA_ENGINE=y +CONFIG_DMA_VIRTUAL_CHANNELS=m +CONFIG_DMA_ACPI=y +# CONFIG_ALTERA_MSGDMA is not set +CONFIG_INTEL_IDMA64=m +# CONFIG_INTEL_IDXD is not set +# CONFIG_INTEL_IDXD_COMPAT is not set +CONFIG_INTEL_IOATDMA=y +# CONFIG_PLX_DMA is not set +# CONFIG_AMD_PTDMA is not set +# CONFIG_QCOM_HIDMA_MGMT is not set +# CONFIG_QCOM_HIDMA is not set +CONFIG_DW_DMAC_CORE=y +# CONFIG_DW_DMAC is not set +CONFIG_DW_DMAC_PCI=y +# CONFIG_DW_EDMA is not set +# CONFIG_DW_EDMA_PCIE is not set +CONFIG_HSU_DMA=m +CONFIG_HSU_DMA_PCI=m +# CONFIG_SF_PDMA is not set +# CONFIG_INTEL_LDMA is not set + +# +# DMA Clients +# +# CONFIG_ASYNC_TX_DMA is not set +# CONFIG_DMATEST is not set +CONFIG_DMA_ENGINE_RAID=y + +# +# DMABUF options +# +CONFIG_SYNC_FILE=y +# CONFIG_SW_SYNC is not set +# CONFIG_UDMABUF is not set +# CONFIG_DMABUF_MOVE_NOTIFY is not set +# CONFIG_DMABUF_DEBUG is not set +# CONFIG_DMABUF_SELFTESTS is not set +# CONFIG_DMABUF_HEAPS is not set +# CONFIG_DMABUF_SYSFS_STATS is not set +# end of DMABUF options + +CONFIG_DCA=y +# CONFIG_AUXDISPLAY is not set +CONFIG_UIO=m +# CONFIG_UIO_CIF is not set +# CONFIG_UIO_PDRV_GENIRQ is not set +# CONFIG_UIO_DMEM_GENIRQ is not set +# CONFIG_UIO_AEC is not set +# CONFIG_UIO_SERCOS3 is not set +CONFIG_UIO_PCI_GENERIC=m +# CONFIG_UIO_NETX is not set +# CONFIG_UIO_PRUSS is not set +# CONFIG_UIO_MF624 is not set +CONFIG_UIO_HV_GENERIC=m +CONFIG_VFIO=m +CONFIG_VFIO_IOMMU_TYPE1=m +CONFIG_VFIO_VIRQFD=m +CONFIG_VFIO_NOIOMMU=y +CONFIG_VFIO_PCI_CORE=m +CONFIG_VFIO_PCI_MMAP=y +CONFIG_VFIO_PCI_INTX=y +CONFIG_VFIO_PCI=m +CONFIG_VFIO_PCI_VGA=y +CONFIG_VFIO_PCI_IGD=y +# CONFIG_VFIO_MDEV is not set +CONFIG_IRQ_BYPASS_MANAGER=m +CONFIG_VIRT_DRIVERS=y +# CONFIG_VBOXGUEST is not set +# CONFIG_NITRO_ENCLAVES is not set +CONFIG_VIRTIO=y +CONFIG_VIRTIO_PCI_LIB=y +CONFIG_VIRTIO_MENU=y +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +# CONFIG_VIRTIO_PMEM is not set +CONFIG_VIRTIO_BALLOON=y +CONFIG_VIRTIO_MEM=m +# CONFIG_VIRTIO_INPUT is not set +CONFIG_VIRTIO_MMIO=y +# CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES is not set +# CONFIG_VDPA is not set +CONFIG_VHOST_IOTLB=m +CONFIG_VHOST=m +CONFIG_VHOST_MENU=y +CONFIG_VHOST_NET=m +# CONFIG_VHOST_SCSI is not set +CONFIG_VHOST_VSOCK=m +# CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set + +# +# Microsoft Hyper-V guest support +# +CONFIG_HYPERV=m +CONFIG_HYPERV_TIMER=y +CONFIG_HYPERV_UTILS=m +CONFIG_HYPERV_BALLOON=m +CONFIG_DXGKRNL=m +# end of Microsoft Hyper-V guest support + +# +# Xen driver support +# +CONFIG_XEN_BALLOON=y +CONFIG_XEN_BALLOON_MEMORY_HOTPLUG=y +CONFIG_XEN_MEMORY_HOTPLUG_LIMIT=512 +CONFIG_XEN_SCRUB_PAGES_DEFAULT=y +CONFIG_XEN_DEV_EVTCHN=m +CONFIG_XEN_BACKEND=y +CONFIG_XENFS=m +CONFIG_XEN_COMPAT_XENFS=y +CONFIG_XEN_SYS_HYPERVISOR=y +CONFIG_XEN_XENBUS_FRONTEND=y +CONFIG_XEN_GNTDEV=m +CONFIG_XEN_GRANT_DEV_ALLOC=m +# CONFIG_XEN_GRANT_DMA_ALLOC is not set +CONFIG_SWIOTLB_XEN=y +CONFIG_XEN_PCIDEV_BACKEND=m +# CONFIG_XEN_PVCALLS_FRONTEND is not set +# CONFIG_XEN_PVCALLS_BACKEND is not set +# CONFIG_XEN_SCSI_BACKEND is not set +CONFIG_XEN_PRIVCMD=m +CONFIG_XEN_ACPI_PROCESSOR=m +CONFIG_XEN_MCE_LOG=y +CONFIG_XEN_HAVE_PVMMU=y +CONFIG_XEN_EFI=y +CONFIG_XEN_AUTO_XLATE=y +CONFIG_XEN_ACPI=y +# CONFIG_XEN_SYMS is not set +CONFIG_XEN_HAVE_VPMU=y +CONFIG_XEN_UNPOPULATED_ALLOC=y +# end of Xen driver support + +# CONFIG_GREYBUS is not set +# CONFIG_COMEDI is not set +# CONFIG_STAGING is not set +CONFIG_X86_PLATFORM_DEVICES=y +CONFIG_ACPI_WMI=m +CONFIG_WMI_BMOF=m +# CONFIG_HUAWEI_WMI is not set +CONFIG_MXM_WMI=m +# CONFIG_PEAQ_WMI is not set +# CONFIG_XIAOMI_WMI is not set +# CONFIG_GIGABYTE_WMI is not set +# CONFIG_ACERHDF is not set +# CONFIG_ACER_WIRELESS is not set +# CONFIG_ACER_WMI is not set +# CONFIG_AMD_PMC is not set +# CONFIG_ADV_SWBUTTON is not set +# CONFIG_APPLE_GMUX is not set +# CONFIG_ASUS_LAPTOP is not set +# CONFIG_ASUS_WIRELESS is not set +# CONFIG_ASUS_WMI is not set +# CONFIG_MERAKI_MX100 is not set +# CONFIG_EEEPC_LAPTOP is not set +CONFIG_X86_PLATFORM_DRIVERS_DELL=y +# CONFIG_ALIENWARE_WMI is not set +CONFIG_DCDBAS=m +# CONFIG_DELL_LAPTOP is not set +CONFIG_DELL_RBU=m +CONFIG_DELL_SMBIOS=m +CONFIG_DELL_SMBIOS_WMI=y +CONFIG_DELL_SMBIOS_SMM=y +CONFIG_DELL_SMO8800=m +CONFIG_DELL_WMI=m +CONFIG_DELL_WMI_PRIVACY=y +CONFIG_DELL_WMI_AIO=m +CONFIG_DELL_WMI_DESCRIPTOR=m +CONFIG_DELL_WMI_LED=m +CONFIG_DELL_WMI_SYSMAN=m +# CONFIG_FUJITSU_LAPTOP is not set +# CONFIG_FUJITSU_TABLET is not set +# CONFIG_GPD_POCKET_FAN is not set +# CONFIG_X86_PLATFORM_DRIVERS_HP is not set +# CONFIG_WIRELESS_HOTKEY is not set +# CONFIG_IBM_RTL is not set +# CONFIG_SENSORS_HDAPS is not set +# CONFIG_THINKPAD_ACPI is not set +# CONFIG_THINKPAD_LMI is not set +# CONFIG_INTEL_ATOMISP2_PM is not set +# CONFIG_INTEL_SAR_INT1092 is not set +# CONFIG_INTEL_PMC_CORE is not set + +# +# Intel Speed Select Technology interface support +# +# CONFIG_INTEL_SPEED_SELECT_INTERFACE is not set +# end of Intel Speed Select Technology interface support + +# CONFIG_INTEL_WMI_SBL_FW_UPDATE is not set +# CONFIG_INTEL_WMI_THUNDERBOLT is not set +# CONFIG_INTEL_HID_EVENT is not set +# CONFIG_INTEL_VBTN is not set +# CONFIG_INTEL_INT0002_VGPIO is not set +CONFIG_INTEL_PUNIT_IPC=m +# CONFIG_INTEL_RST is not set +# CONFIG_INTEL_SMARTCONNECT is not set +# CONFIG_INTEL_TURBO_MAX_3 is not set +# CONFIG_INTEL_UNCORE_FREQ_CONTROL is not set +# CONFIG_MSI_WMI is not set +# CONFIG_PCENGINES_APU2 is not set +# CONFIG_SAMSUNG_LAPTOP is not set +# CONFIG_SAMSUNG_Q10 is not set +# CONFIG_ACPI_TOSHIBA is not set +# CONFIG_TOSHIBA_BT_RFKILL is not set +# CONFIG_TOSHIBA_HAPS is not set +# CONFIG_TOSHIBA_WMI is not set +# CONFIG_ACPI_CMPC is not set +# CONFIG_LG_LAPTOP is not set +# CONFIG_PANASONIC_LAPTOP is not set +# CONFIG_SYSTEM76_ACPI is not set +# CONFIG_TOPSTAR_LAPTOP is not set +# CONFIG_I2C_MULTI_INSTANTIATE is not set +CONFIG_MLX_PLATFORM=m +CONFIG_FW_ATTR_CLASS=m +# CONFIG_INTEL_IPS is not set +CONFIG_INTEL_SCU_IPC=y +CONFIG_INTEL_SCU=y +CONFIG_INTEL_SCU_PCI=y +# CONFIG_INTEL_SCU_PLATFORM is not set +CONFIG_INTEL_SCU_IPC_UTIL=y +CONFIG_PMC_ATOM=y +# CONFIG_CHROME_PLATFORMS is not set +# CONFIG_MELLANOX_PLATFORM is not set +CONFIG_SURFACE_PLATFORMS=y +# CONFIG_SURFACE_3_POWER_OPREGION is not set +# CONFIG_SURFACE_GPE is not set +# CONFIG_SURFACE_HOTPLUG is not set +# CONFIG_SURFACE_PRO3_BUTTON is not set +# CONFIG_SURFACE_AGGREGATOR is not set +CONFIG_HAVE_CLK=y +CONFIG_HAVE_CLK_PREPARE=y +CONFIG_COMMON_CLK=y + +# +# Clock driver for ARM Reference designs +# +# CONFIG_ICST is not set +# CONFIG_CLK_SP810 is not set +# end of Clock driver for ARM Reference designs + +# CONFIG_COMMON_CLK_MAX9485 is not set +# CONFIG_COMMON_CLK_SI5341 is not set +# CONFIG_COMMON_CLK_SI5351 is not set +# CONFIG_COMMON_CLK_SI544 is not set +# CONFIG_COMMON_CLK_CDCE706 is not set +# CONFIG_COMMON_CLK_CS2000_CP is not set +# CONFIG_COMMON_CLK_PWM is not set +# CONFIG_XILINX_VCU is not set +# CONFIG_HWSPINLOCK is not set + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_CLKBLD_I8253=y +CONFIG_DW_APB_TIMER=y +# end of Clock Source drivers + +CONFIG_MAILBOX=y +CONFIG_PCC=y +# CONFIG_ALTERA_MBOX is not set +CONFIG_IOMMU_IOVA=y +CONFIG_IOASID=y +CONFIG_IOMMU_API=y +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +CONFIG_IOMMU_IO_PGTABLE=y +# end of Generic IOMMU Pagetable Support + +# CONFIG_IOMMU_DEBUGFS is not set +# CONFIG_IOMMU_DEFAULT_DMA_STRICT is not set +CONFIG_IOMMU_DEFAULT_DMA_LAZY=y +# CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set +CONFIG_IOMMU_DMA=y +CONFIG_IOMMU_SVA_LIB=y +CONFIG_AMD_IOMMU=y +CONFIG_AMD_IOMMU_V2=y +CONFIG_DMAR_TABLE=y +CONFIG_INTEL_IOMMU=y +CONFIG_INTEL_IOMMU_SVM=y +CONFIG_INTEL_IOMMU_DEFAULT_ON=y +CONFIG_INTEL_IOMMU_FLOPPY_WA=y +# CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON is not set +CONFIG_IRQ_REMAP=y +CONFIG_HYPERV_IOMMU=y +# CONFIG_VIRTIO_IOMMU is not set + +# +# Remoteproc drivers +# +# CONFIG_REMOTEPROC is not set +# end of Remoteproc drivers + +# +# Rpmsg drivers +# +# CONFIG_RPMSG_QCOM_GLINK_RPM is not set +# CONFIG_RPMSG_VIRTIO is not set +# end of Rpmsg drivers + +# CONFIG_SOUNDWIRE is not set + +# +# SOC (System On Chip) specific Drivers +# + +# +# Amlogic SoC drivers +# +# end of Amlogic SoC drivers + +# +# Broadcom SoC drivers +# +# end of Broadcom SoC drivers + +# +# NXP/Freescale QorIQ SoC drivers +# +# end of NXP/Freescale QorIQ SoC drivers + +# +# i.MX SoC drivers +# +# end of i.MX SoC drivers + +# +# Enable LiteX SoC Builder specific drivers +# +# end of Enable LiteX SoC Builder specific drivers + +# +# Qualcomm SoC drivers +# +# end of Qualcomm SoC drivers + +# CONFIG_SOC_TI is not set + +# +# Xilinx SoC drivers +# +# end of Xilinx SoC drivers +# end of SOC (System On Chip) specific Drivers + +CONFIG_PM_DEVFREQ=y + +# +# DEVFREQ Governors +# +CONFIG_DEVFREQ_GOV_SIMPLE_ONDEMAND=m +# CONFIG_DEVFREQ_GOV_PERFORMANCE is not set +# CONFIG_DEVFREQ_GOV_POWERSAVE is not set +# CONFIG_DEVFREQ_GOV_USERSPACE is not set +# CONFIG_DEVFREQ_GOV_PASSIVE is not set + +# +# DEVFREQ Drivers +# +# CONFIG_PM_DEVFREQ_EVENT is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +CONFIG_IIO=m +CONFIG_IIO_BUFFER=y +CONFIG_IIO_BUFFER_CB=m +# CONFIG_IIO_BUFFER_DMA is not set +# CONFIG_IIO_BUFFER_DMAENGINE is not set +# CONFIG_IIO_BUFFER_HW_CONSUMER is not set +CONFIG_IIO_KFIFO_BUF=m +CONFIG_IIO_TRIGGERED_BUFFER=m +# CONFIG_IIO_CONFIGFS is not set +CONFIG_IIO_TRIGGER=y +CONFIG_IIO_CONSUMERS_PER_TRIGGER=2 +# CONFIG_IIO_SW_DEVICE is not set +# CONFIG_IIO_SW_TRIGGER is not set +# CONFIG_IIO_TRIGGERED_EVENT is not set + +# +# Accelerometers +# +# CONFIG_ADXL345_I2C is not set +# CONFIG_ADXL372_I2C is not set +# CONFIG_BMA180 is not set +# CONFIG_BMA400 is not set +# CONFIG_BMC150_ACCEL is not set +# CONFIG_DA280 is not set +# CONFIG_DA311 is not set +# CONFIG_DMARD09 is not set +# CONFIG_DMARD10 is not set +# CONFIG_FXLS8962AF_I2C is not set +CONFIG_IIO_ST_ACCEL_3AXIS=m +CONFIG_IIO_ST_ACCEL_I2C_3AXIS=m +# CONFIG_KXSD9 is not set +# CONFIG_KXCJK1013 is not set +# CONFIG_MC3230 is not set +# CONFIG_MMA7455_I2C is not set +# CONFIG_MMA7660 is not set +# CONFIG_MMA8452 is not set +# CONFIG_MMA9551 is not set +# CONFIG_MMA9553 is not set +# CONFIG_MXC4005 is not set +# CONFIG_MXC6255 is not set +# CONFIG_STK8312 is not set +# CONFIG_STK8BA50 is not set +# end of Accelerometers + +# +# Analog to digital converters +# +# CONFIG_AD7091R5 is not set +# CONFIG_AD7291 is not set +# CONFIG_AD7606_IFACE_PARALLEL is not set +# CONFIG_AD799X is not set +# CONFIG_HX711 is not set +# CONFIG_INA2XX_ADC is not set +# CONFIG_LTC2471 is not set +# CONFIG_LTC2485 is not set +# CONFIG_LTC2497 is not set +# CONFIG_MAX1363 is not set +# CONFIG_MAX9611 is not set +# CONFIG_MCP3422 is not set +# CONFIG_NAU7802 is not set +# CONFIG_TI_ADC081C is not set +# CONFIG_TI_ADS1015 is not set +# CONFIG_XILINX_XADC is not set +# end of Analog to digital converters + +# +# Analog to digital and digital to analog converters +# +# CONFIG_STX104 is not set +# end of Analog to digital and digital to analog converters + +# +# Analog Front Ends +# +# end of Analog Front Ends + +# +# Amplifiers +# +# CONFIG_HMC425 is not set +# end of Amplifiers + +# +# Capacitance to digital converters +# +# CONFIG_AD7150 is not set +# end of Capacitance to digital converters + +# +# Chemical Sensors +# +# CONFIG_ATLAS_PH_SENSOR is not set +# CONFIG_ATLAS_EZO_SENSOR is not set +# CONFIG_BME680 is not set +# CONFIG_CCS811 is not set +# CONFIG_IAQCORE is not set +# CONFIG_PMS7003 is not set +# CONFIG_SCD30_CORE is not set +# CONFIG_SENSIRION_SGP30 is not set +# CONFIG_SENSIRION_SGP40 is not set +# CONFIG_SPS30_I2C is not set +# CONFIG_SPS30_SERIAL is not set +# CONFIG_VZ89X is not set +# end of Chemical Sensors + +# +# Hid Sensor IIO Common +# +# end of Hid Sensor IIO Common + +# +# IIO SCMI Sensors +# +# end of IIO SCMI Sensors + +# +# SSP Sensor Common +# +# end of SSP Sensor Common + +CONFIG_IIO_ST_SENSORS_I2C=m +CONFIG_IIO_ST_SENSORS_CORE=m + +# +# Digital to analog converters +# +# CONFIG_AD5064 is not set +# CONFIG_AD5380 is not set +# CONFIG_AD5446 is not set +# CONFIG_AD5593R is not set +# CONFIG_AD5696_I2C is not set +# CONFIG_CIO_DAC is not set +# CONFIG_DS4424 is not set +# CONFIG_M62332 is not set +# CONFIG_MAX517 is not set +# CONFIG_MCP4725 is not set +# CONFIG_TI_DAC5571 is not set +# end of Digital to analog converters + +# +# IIO dummy driver +# +# end of IIO dummy driver + +# +# Frequency Synthesizers DDS/PLL +# + +# +# Clock Generator/Distribution +# +# end of Clock Generator/Distribution + +# +# Phase-Locked Loop (PLL) frequency synthesizers +# +# end of Phase-Locked Loop (PLL) frequency synthesizers +# end of Frequency Synthesizers DDS/PLL + +# +# Digital gyroscope sensors +# +# CONFIG_BMG160 is not set +# CONFIG_FXAS21002C is not set +# CONFIG_MPU3050_I2C is not set +# CONFIG_IIO_ST_GYRO_3AXIS is not set +# CONFIG_ITG3200 is not set +# end of Digital gyroscope sensors + +# +# Health Sensors +# + +# +# Heart Rate Monitors +# +# CONFIG_AFE4404 is not set +# CONFIG_MAX30100 is not set +# CONFIG_MAX30102 is not set +# end of Heart Rate Monitors +# end of Health Sensors + +# +# Humidity sensors +# +# CONFIG_AM2315 is not set +# CONFIG_DHT11 is not set +# CONFIG_HDC100X is not set +# CONFIG_HDC2010 is not set +CONFIG_HTS221=m +CONFIG_HTS221_I2C=m +# CONFIG_HTU21 is not set +# CONFIG_SI7005 is not set +# CONFIG_SI7020 is not set +# end of Humidity sensors + +# +# Inertial measurement units +# +# CONFIG_BMI160_I2C is not set +# CONFIG_FXOS8700_I2C is not set +# CONFIG_KMX61 is not set +# CONFIG_INV_ICM42600_I2C is not set +# CONFIG_INV_MPU6050_I2C is not set +# CONFIG_IIO_ST_LSM6DSX is not set +# CONFIG_IIO_ST_LSM9DS0 is not set +# end of Inertial measurement units + +# +# Light sensors +# +# CONFIG_ACPI_ALS is not set +# CONFIG_ADJD_S311 is not set +# CONFIG_ADUX1020 is not set +# CONFIG_AL3010 is not set +# CONFIG_AL3320A is not set +# CONFIG_APDS9300 is not set +# CONFIG_APDS9960 is not set +# CONFIG_AS73211 is not set +# CONFIG_BH1750 is not set +# CONFIG_BH1780 is not set +# CONFIG_CM32181 is not set +# CONFIG_CM3232 is not set +# CONFIG_CM3323 is not set +# CONFIG_CM36651 is not set +# CONFIG_GP2AP002 is not set +# CONFIG_GP2AP020A00F is not set +# CONFIG_SENSORS_ISL29018 is not set +# CONFIG_SENSORS_ISL29028 is not set +# CONFIG_ISL29125 is not set +# CONFIG_JSA1212 is not set +# CONFIG_RPR0521 is not set +# CONFIG_LTR501 is not set +# CONFIG_LV0104CS is not set +# CONFIG_MAX44000 is not set +# CONFIG_MAX44009 is not set +# CONFIG_NOA1305 is not set +# CONFIG_OPT3001 is not set +# CONFIG_PA12203001 is not set +# CONFIG_SI1133 is not set +# CONFIG_SI1145 is not set +# CONFIG_STK3310 is not set +# CONFIG_ST_UVIS25 is not set +# CONFIG_TCS3414 is not set +# CONFIG_TCS3472 is not set +# CONFIG_SENSORS_TSL2563 is not set +# CONFIG_TSL2583 is not set +# CONFIG_TSL2591 is not set +# CONFIG_TSL2772 is not set +# CONFIG_TSL4531 is not set +# CONFIG_US5182D is not set +# CONFIG_VCNL4000 is not set +# CONFIG_VCNL4035 is not set +# CONFIG_VEML6030 is not set +# CONFIG_VEML6070 is not set +# CONFIG_VL6180 is not set +# CONFIG_ZOPT2201 is not set +# end of Light sensors + +# +# Magnetometer sensors +# +# CONFIG_AK8975 is not set +# CONFIG_AK09911 is not set +# CONFIG_BMC150_MAGN_I2C is not set +# CONFIG_MAG3110 is not set +# CONFIG_MMC35240 is not set +# CONFIG_IIO_ST_MAGN_3AXIS is not set +# CONFIG_SENSORS_HMC5843_I2C is not set +# CONFIG_SENSORS_RM3100_I2C is not set +# CONFIG_YAMAHA_YAS530 is not set +# end of Magnetometer sensors + +# +# Multiplexers +# +# end of Multiplexers + +# +# Inclinometer sensors +# +# end of Inclinometer sensors + +# +# Triggers - standalone +# +# CONFIG_IIO_INTERRUPT_TRIGGER is not set +# CONFIG_IIO_SYSFS_TRIGGER is not set +# end of Triggers - standalone + +# +# Linear and angular position sensors +# +# end of Linear and angular position sensors + +# +# Digital potentiometers +# +# CONFIG_AD5110 is not set +# CONFIG_AD5272 is not set +# CONFIG_DS1803 is not set +# CONFIG_MAX5432 is not set +# CONFIG_MCP4018 is not set +# CONFIG_MCP4531 is not set +# CONFIG_TPL0102 is not set +# end of Digital potentiometers + +# +# Digital potentiostats +# +# CONFIG_LMP91000 is not set +# end of Digital potentiostats + +# +# Pressure sensors +# +# CONFIG_ABP060MG is not set +# CONFIG_BMP280 is not set +# CONFIG_DLHL60D is not set +# CONFIG_DPS310 is not set +# CONFIG_HP03 is not set +# CONFIG_ICP10100 is not set +# CONFIG_MPL115_I2C is not set +# CONFIG_MPL3115 is not set +# CONFIG_MS5611 is not set +# CONFIG_MS5637 is not set +CONFIG_IIO_ST_PRESS=m +CONFIG_IIO_ST_PRESS_I2C=m +# CONFIG_T5403 is not set +# CONFIG_HP206C is not set +# CONFIG_ZPA2326 is not set +# end of Pressure sensors + +# +# Lightning sensors +# +# end of Lightning sensors + +# +# Proximity and distance sensors +# +# CONFIG_ISL29501 is not set +# CONFIG_LIDAR_LITE_V2 is not set +# CONFIG_MB1232 is not set +# CONFIG_PING is not set +# CONFIG_RFD77402 is not set +# CONFIG_SRF04 is not set +# CONFIG_SX9310 is not set +# CONFIG_SX9500 is not set +# CONFIG_SRF08 is not set +# CONFIG_VCNL3020 is not set +# CONFIG_VL53L0X_I2C is not set +# end of Proximity and distance sensors + +# +# Resolver to digital converters +# +# end of Resolver to digital converters + +# +# Temperature sensors +# +# CONFIG_MLX90614 is not set +# CONFIG_MLX90632 is not set +# CONFIG_TMP006 is not set +# CONFIG_TMP007 is not set +# CONFIG_TMP117 is not set +# CONFIG_TSYS01 is not set +# CONFIG_TSYS02D is not set +# end of Temperature sensors + +# CONFIG_NTB is not set +# CONFIG_VME_BUS is not set +CONFIG_PWM=y +CONFIG_PWM_SYSFS=y +# CONFIG_PWM_DEBUG is not set +# CONFIG_PWM_DWC is not set +CONFIG_PWM_LPSS=m +CONFIG_PWM_LPSS_PCI=m +CONFIG_PWM_LPSS_PLATFORM=m +# CONFIG_PWM_PCA9685 is not set + +# +# IRQ chip support +# +# end of IRQ chip support + +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set + +# +# PHY Subsystem +# +CONFIG_GENERIC_PHY=y +# CONFIG_USB_LGM_PHY is not set +# CONFIG_PHY_CAN_TRANSCEIVER is not set +# CONFIG_BCM_KONA_USB2_PHY is not set +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_PHY_CPCAP_USB is not set +# CONFIG_PHY_INTEL_LGM_EMMC is not set +# end of PHY Subsystem + +CONFIG_POWERCAP=y +CONFIG_INTEL_RAPL_CORE=m +CONFIG_INTEL_RAPL=m +# CONFIG_IDLE_INJECT is not set +# CONFIG_DTPM is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# end of Performance monitor support + +CONFIG_RAS=y +CONFIG_RAS_CEC=y +# CONFIG_RAS_CEC_DEBUG is not set +# CONFIG_USB4 is not set + +# +# Android +# +# CONFIG_ANDROID is not set +# end of Android + +CONFIG_LIBNVDIMM=y +CONFIG_BLK_DEV_PMEM=m +CONFIG_ND_BLK=y +CONFIG_ND_CLAIM=y +CONFIG_ND_BTT=y +CONFIG_BTT=y +CONFIG_ND_PFN=m +CONFIG_NVDIMM_PFN=y +CONFIG_NVDIMM_DAX=y +CONFIG_DAX_DRIVER=y +CONFIG_DAX=y +CONFIG_DEV_DAX=m +CONFIG_DEV_DAX_PMEM=m +CONFIG_DEV_DAX_KMEM=m +CONFIG_DEV_DAX_PMEM_COMPAT=m +CONFIG_NVMEM=y +CONFIG_NVMEM_SYSFS=y +# CONFIG_NVMEM_RMEM is not set + +# +# HW tracing support +# +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set +# end of HW tracing support + +# CONFIG_FPGA is not set +# CONFIG_TEE is not set +CONFIG_PM_OPP=y +# CONFIG_UNISYS_VISORBUS is not set +# CONFIG_SIOX is not set +# CONFIG_SLIMBUS is not set +# CONFIG_INTERCONNECT is not set +# CONFIG_COUNTER is not set +# CONFIG_MOST is not set +# end of Device Drivers + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +# CONFIG_VALIDATE_FS_PARSER is not set +CONFIG_FS_IOMAP=y +CONFIG_EXT2_FS=y +# CONFIG_EXT2_FS_XATTR is not set +# CONFIG_EXT3_FS is not set +CONFIG_EXT4_FS=y +CONFIG_EXT4_FS_POSIX_ACL=y +CONFIG_EXT4_FS_SECURITY=y +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +# CONFIG_REISERFS_FS is not set +# CONFIG_JFS_FS is not set +CONFIG_XFS_FS=y +CONFIG_XFS_SUPPORT_V4=y +CONFIG_XFS_QUOTA=y +CONFIG_XFS_POSIX_ACL=y +CONFIG_XFS_RT=y +# CONFIG_XFS_ONLINE_SCRUB is not set +CONFIG_XFS_WARN=y +# CONFIG_XFS_DEBUG is not set +# CONFIG_GFS2_FS is not set +# CONFIG_OCFS2_FS is not set +CONFIG_BTRFS_FS=m +CONFIG_BTRFS_FS_POSIX_ACL=y +# CONFIG_BTRFS_FS_CHECK_INTEGRITY is not set +# CONFIG_BTRFS_FS_RUN_SANITY_TESTS is not set +# CONFIG_BTRFS_DEBUG is not set +# CONFIG_BTRFS_ASSERT is not set +# CONFIG_BTRFS_FS_REF_VERIFY is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +# CONFIG_ZONEFS_FS is not set +CONFIG_FS_DAX=y +CONFIG_FS_DAX_PMD=y +CONFIG_FS_POSIX_ACL=y +CONFIG_EXPORTFS=y +CONFIG_EXPORTFS_BLOCK_OPS=y +CONFIG_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +# CONFIG_FS_VERITY is not set +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +CONFIG_FANOTIFY=y +CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y +CONFIG_QUOTA=y +CONFIG_QUOTA_NETLINK_INTERFACE=y +# CONFIG_PRINT_QUOTA_WARNING is not set +# CONFIG_QUOTA_DEBUG is not set +CONFIG_QUOTA_TREE=m +# CONFIG_QFMT_V1 is not set +CONFIG_QFMT_V2=m +CONFIG_QUOTACTL=y +CONFIG_AUTOFS4_FS=m +CONFIG_AUTOFS_FS=m +CONFIG_FUSE_FS=m +# CONFIG_CUSE is not set +CONFIG_VIRTIO_FS=m +CONFIG_FUSE_DAX=y +CONFIG_OVERLAY_FS=m +# CONFIG_OVERLAY_FS_REDIRECT_DIR is not set +CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW=y +# CONFIG_OVERLAY_FS_INDEX is not set +# CONFIG_OVERLAY_FS_XINO_AUTO is not set +# CONFIG_OVERLAY_FS_METACOPY is not set + +# +# Caches +# +CONFIG_NETFS_SUPPORT=m +# CONFIG_NETFS_STATS is not set +CONFIG_FSCACHE=m +# CONFIG_FSCACHE_STATS is not set +# CONFIG_FSCACHE_DEBUG is not set +# CONFIG_CACHEFILES is not set +# end of Caches + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +CONFIG_ZISOFS=y +CONFIG_UDF_FS=y +# end of CD-ROM/DVD Filesystems + +# +# DOS/FAT/EXFAT/NT Filesystems +# +CONFIG_FAT_FS=y +CONFIG_MSDOS_FS=m +CONFIG_VFAT_FS=y +CONFIG_FAT_DEFAULT_CODEPAGE=437 +CONFIG_FAT_DEFAULT_IOCHARSET="ascii" +# CONFIG_FAT_DEFAULT_UTF8 is not set +# CONFIG_EXFAT_FS is not set +# CONFIG_NTFS_FS is not set +# CONFIG_NTFS3_FS is not set +# end of DOS/FAT/EXFAT/NT Filesystems + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +CONFIG_PROC_KCORE=y +CONFIG_PROC_VMCORE=y +CONFIG_PROC_VMCORE_DEVICE_DUMP=y +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +CONFIG_PROC_CHILDREN=y +CONFIG_PROC_PID_ARCH_STATUS=y +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +CONFIG_TMPFS_POSIX_ACL=y +CONFIG_TMPFS_XATTR=y +# CONFIG_TMPFS_INODE64 is not set +CONFIG_HUGETLBFS=y +CONFIG_HUGETLB_PAGE=y +CONFIG_HUGETLB_PAGE_FREE_VMEMMAP=y +# CONFIG_HUGETLB_PAGE_FREE_VMEMMAP_DEFAULT_ON is not set +CONFIG_MEMFD_CREATE=y +CONFIG_ARCH_HAS_GIGANTIC_PAGE=y +CONFIG_CONFIGFS_FS=m +CONFIG_EFIVAR_FS=y +# end of Pseudo filesystems + +CONFIG_MISC_FILESYSTEMS=y +# CONFIG_ORANGEFS_FS is not set +# CONFIG_ADFS_FS is not set +# CONFIG_AFFS_FS is not set +# CONFIG_ECRYPT_FS is not set +# CONFIG_HFS_FS is not set +# CONFIG_HFSPLUS_FS is not set +# CONFIG_BEFS_FS is not set +# CONFIG_BFS_FS is not set +# CONFIG_EFS_FS is not set +CONFIG_CRAMFS=m +CONFIG_CRAMFS_BLOCKDEV=y +CONFIG_SQUASHFS=y +# CONFIG_SQUASHFS_FILE_CACHE is not set +CONFIG_SQUASHFS_FILE_DIRECT=y +CONFIG_SQUASHFS_DECOMP_SINGLE=y +# CONFIG_SQUASHFS_DECOMP_MULTI is not set +# CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU is not set +CONFIG_SQUASHFS_XATTR=y +CONFIG_SQUASHFS_ZLIB=y +CONFIG_SQUASHFS_LZ4=y +CONFIG_SQUASHFS_LZO=y +CONFIG_SQUASHFS_XZ=y +# CONFIG_SQUASHFS_ZSTD is not set +# CONFIG_SQUASHFS_4K_DEVBLK_SIZE is not set +# CONFIG_SQUASHFS_EMBEDDED is not set +CONFIG_SQUASHFS_FRAGMENT_CACHE_SIZE=3 +# CONFIG_VXFS_FS is not set +# CONFIG_MINIX_FS is not set +# CONFIG_OMFS_FS is not set +# CONFIG_HPFS_FS is not set +# CONFIG_QNX4FS_FS is not set +# CONFIG_QNX6FS_FS is not set +# CONFIG_ROMFS_FS is not set +CONFIG_PSTORE=y +CONFIG_PSTORE_DEFAULT_KMSG_BYTES=10240 +CONFIG_PSTORE_DEFLATE_COMPRESS=y +# CONFIG_PSTORE_LZO_COMPRESS is not set +# CONFIG_PSTORE_LZ4_COMPRESS is not set +# CONFIG_PSTORE_LZ4HC_COMPRESS is not set +# CONFIG_PSTORE_842_COMPRESS is not set +# CONFIG_PSTORE_ZSTD_COMPRESS is not set +CONFIG_PSTORE_COMPRESS=y +CONFIG_PSTORE_DEFLATE_COMPRESS_DEFAULT=y +CONFIG_PSTORE_COMPRESS_DEFAULT="deflate" +# CONFIG_PSTORE_CONSOLE is not set +# CONFIG_PSTORE_PMSG is not set +# CONFIG_PSTORE_FTRACE is not set +# CONFIG_PSTORE_RAM is not set +# CONFIG_PSTORE_BLK is not set +# CONFIG_SYSV_FS is not set +# CONFIG_UFS_FS is not set +# CONFIG_EROFS_FS is not set +CONFIG_NETWORK_FILESYSTEMS=y +CONFIG_NFS_FS=m +CONFIG_NFS_V2=m +CONFIG_NFS_V3=m +CONFIG_NFS_V3_ACL=y +CONFIG_NFS_V4=m +# CONFIG_NFS_SWAP is not set +CONFIG_NFS_V4_1=y +CONFIG_NFS_V4_2=y +CONFIG_PNFS_FILE_LAYOUT=m +CONFIG_PNFS_BLOCK=m +CONFIG_PNFS_FLEXFILE_LAYOUT=m +CONFIG_NFS_V4_1_IMPLEMENTATION_ID_DOMAIN="kernel.org" +# CONFIG_NFS_V4_1_MIGRATION is not set +CONFIG_NFS_V4_SECURITY_LABEL=y +CONFIG_NFS_FSCACHE=y +# CONFIG_NFS_USE_LEGACY_DNS is not set +CONFIG_NFS_USE_KERNEL_DNS=y +CONFIG_NFS_DEBUG=y +CONFIG_NFS_DISABLE_UDP_SUPPORT=y +# CONFIG_NFS_V4_2_READ_PLUS is not set +CONFIG_NFSD=m +CONFIG_NFSD_V2_ACL=y +CONFIG_NFSD_V3=y +CONFIG_NFSD_V3_ACL=y +CONFIG_NFSD_V4=y +CONFIG_NFSD_PNFS=y +CONFIG_NFSD_BLOCKLAYOUT=y +CONFIG_NFSD_SCSILAYOUT=y +CONFIG_NFSD_FLEXFILELAYOUT=y +# CONFIG_NFSD_V4_2_INTER_SSC is not set +# CONFIG_NFSD_V4_SECURITY_LABEL is not set +CONFIG_GRACE_PERIOD=m +CONFIG_LOCKD=m +CONFIG_LOCKD_V4=y +CONFIG_NFS_ACL_SUPPORT=m +CONFIG_NFS_COMMON=y +CONFIG_NFS_V4_2_SSC_HELPER=y +CONFIG_SUNRPC=m +CONFIG_SUNRPC_GSS=m +CONFIG_SUNRPC_BACKCHANNEL=y +CONFIG_RPCSEC_GSS_KRB5=m +# CONFIG_SUNRPC_DISABLE_INSECURE_ENCTYPES is not set +CONFIG_SUNRPC_DEBUG=y +CONFIG_SUNRPC_XPRT_RDMA=m +CONFIG_CEPH_FS=m +CONFIG_CEPH_FSCACHE=y +CONFIG_CEPH_FS_POSIX_ACL=y +# CONFIG_CEPH_FS_SECURITY_LABEL is not set +CONFIG_CIFS=m +CONFIG_CIFS_STATS2=y +# CONFIG_CIFS_ALLOW_INSECURE_LEGACY is not set +CONFIG_CIFS_UPCALL=y +CONFIG_CIFS_XATTR=y +CONFIG_CIFS_DEBUG=y +# CONFIG_CIFS_DEBUG2 is not set +# CONFIG_CIFS_DEBUG_DUMP_KEYS is not set +CONFIG_CIFS_DFS_UPCALL=y +# CONFIG_CIFS_SWN_UPCALL is not set +# CONFIG_CIFS_SMB_DIRECT is not set +# CONFIG_CIFS_FSCACHE is not set +# CONFIG_SMB_SERVER is not set +CONFIG_SMBFS_COMMON=m +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=m +# CONFIG_9P_FSCACHE is not set +CONFIG_9P_FS_POSIX_ACL=y +CONFIG_9P_FS_SECURITY=y +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="utf8" +CONFIG_NLS_CODEPAGE_437=y +# CONFIG_NLS_CODEPAGE_737 is not set +# CONFIG_NLS_CODEPAGE_775 is not set +# CONFIG_NLS_CODEPAGE_850 is not set +# CONFIG_NLS_CODEPAGE_852 is not set +# CONFIG_NLS_CODEPAGE_855 is not set +# CONFIG_NLS_CODEPAGE_857 is not set +# CONFIG_NLS_CODEPAGE_860 is not set +# CONFIG_NLS_CODEPAGE_861 is not set +# CONFIG_NLS_CODEPAGE_862 is not set +# CONFIG_NLS_CODEPAGE_863 is not set +# CONFIG_NLS_CODEPAGE_864 is not set +# CONFIG_NLS_CODEPAGE_865 is not set +# CONFIG_NLS_CODEPAGE_866 is not set +# CONFIG_NLS_CODEPAGE_869 is not set +# CONFIG_NLS_CODEPAGE_936 is not set +# CONFIG_NLS_CODEPAGE_950 is not set +# CONFIG_NLS_CODEPAGE_932 is not set +# CONFIG_NLS_CODEPAGE_949 is not set +# CONFIG_NLS_CODEPAGE_874 is not set +# CONFIG_NLS_ISO8859_8 is not set +# CONFIG_NLS_CODEPAGE_1250 is not set +# CONFIG_NLS_CODEPAGE_1251 is not set +CONFIG_NLS_ASCII=y +CONFIG_NLS_ISO8859_1=y +CONFIG_NLS_ISO8859_2=y +CONFIG_NLS_ISO8859_3=y +CONFIG_NLS_ISO8859_4=y +CONFIG_NLS_ISO8859_5=y +CONFIG_NLS_ISO8859_6=y +CONFIG_NLS_ISO8859_7=y +CONFIG_NLS_ISO8859_9=y +CONFIG_NLS_ISO8859_13=y +CONFIG_NLS_ISO8859_14=y +CONFIG_NLS_ISO8859_15=y +CONFIG_NLS_KOI8_R=y +CONFIG_NLS_KOI8_U=y +# CONFIG_NLS_MAC_ROMAN is not set +# CONFIG_NLS_MAC_CELTIC is not set +# CONFIG_NLS_MAC_CENTEURO is not set +# CONFIG_NLS_MAC_CROATIAN is not set +# CONFIG_NLS_MAC_CYRILLIC is not set +# CONFIG_NLS_MAC_GAELIC is not set +# CONFIG_NLS_MAC_GREEK is not set +# CONFIG_NLS_MAC_ICELAND is not set +# CONFIG_NLS_MAC_INUIT is not set +# CONFIG_NLS_MAC_ROMANIAN is not set +# CONFIG_NLS_MAC_TURKISH is not set +CONFIG_NLS_UTF8=y +CONFIG_DLM=m +# CONFIG_DLM_DEBUG is not set +# CONFIG_UNICODE is not set +CONFIG_IO_WQ=y +# end of File systems + +# +# Security options +# +CONFIG_KEYS=y +# CONFIG_KEYS_REQUEST_CACHE is not set +# CONFIG_PERSISTENT_KEYRINGS is not set +CONFIG_TRUSTED_KEYS=m +CONFIG_ENCRYPTED_KEYS=m +# CONFIG_KEY_DH_OPERATIONS is not set +CONFIG_SECURITY_DMESG_RESTRICT=y +CONFIG_SECURITY=y +CONFIG_SECURITYFS=y +CONFIG_SECURITY_NETWORK=y +CONFIG_SECURITY_INFINIBAND=y +CONFIG_SECURITY_NETWORK_XFRM=y +CONFIG_SECURITY_PATH=y +CONFIG_INTEL_TXT=y +CONFIG_LSM_MMAP_MIN_ADDR=65536 +CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y +CONFIG_HARDENED_USERCOPY=y +# CONFIG_HARDENED_USERCOPY_FALLBACK is not set +# CONFIG_HARDENED_USERCOPY_PAGESPAN is not set +CONFIG_FORTIFY_SOURCE=y +# CONFIG_STATIC_USERMODEHELPER is not set +CONFIG_SECURITY_SELINUX=y +# CONFIG_SECURITY_SELINUX_BOOTPARAM is not set +# CONFIG_SECURITY_SELINUX_DISABLE is not set +CONFIG_SECURITY_SELINUX_DEVELOP=y +CONFIG_SECURITY_SELINUX_AVC_STATS=y +CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1 +CONFIG_SECURITY_SELINUX_SIDTAB_HASH_BITS=9 +CONFIG_SECURITY_SELINUX_SID2STR_CACHE_SIZE=256 +# CONFIG_SECURITY_SMACK is not set +# CONFIG_SECURITY_TOMOYO is not set +CONFIG_SECURITY_APPARMOR=y +CONFIG_SECURITY_APPARMOR_HASH=y +CONFIG_SECURITY_APPARMOR_HASH_DEFAULT=y +# CONFIG_SECURITY_APPARMOR_DEBUG is not set +# CONFIG_SECURITY_LOADPIN is not set +CONFIG_SECURITY_YAMA=y +CONFIG_SECURITY_SAFESETID=y +CONFIG_SECURITY_LOCKDOWN_LSM=y +CONFIG_SECURITY_LOCKDOWN_LSM_EARLY=y +CONFIG_LOCK_DOWN_KERNEL_FORCE_NONE=y +# CONFIG_LOCK_DOWN_KERNEL_FORCE_INTEGRITY is not set +# CONFIG_LOCK_DOWN_KERNEL_FORCE_CONFIDENTIALITY is not set +CONFIG_SECURITY_LANDLOCK=y +CONFIG_INTEGRITY=y +# CONFIG_INTEGRITY_SIGNATURE is not set +CONFIG_INTEGRITY_AUDIT=y +CONFIG_IMA=y +CONFIG_IMA_MEASURE_PCR_IDX=10 +CONFIG_IMA_LSM_RULES=y +# CONFIG_IMA_NG_TEMPLATE is not set +CONFIG_IMA_SIG_TEMPLATE=y +CONFIG_IMA_DEFAULT_TEMPLATE="ima-sig" +# CONFIG_IMA_DEFAULT_HASH_SHA1 is not set +CONFIG_IMA_DEFAULT_HASH_SHA256=y +# CONFIG_IMA_DEFAULT_HASH_SHA512 is not set +CONFIG_IMA_DEFAULT_HASH="sha256" +CONFIG_IMA_WRITE_POLICY=y +CONFIG_IMA_READ_POLICY=y +# CONFIG_IMA_APPRAISE is not set +CONFIG_IMA_MEASURE_ASYMMETRIC_KEYS=y +CONFIG_IMA_QUEUE_EARLY_BOOT_KEYS=y +# CONFIG_IMA_SECURE_AND_OR_TRUSTED_BOOT is not set +# CONFIG_IMA_DISABLE_HTABLE is not set +# CONFIG_EVM is not set +# CONFIG_DEFAULT_SECURITY_SELINUX is not set +CONFIG_DEFAULT_SECURITY_APPARMOR=y +# CONFIG_DEFAULT_SECURITY_DAC is not set +CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,apparmor,selinux,tomoyo" + +# +# Kernel hardening options +# + +# +# Memory initialization +# +CONFIG_INIT_STACK_NONE=y +# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set +# CONFIG_GCC_PLUGIN_STACKLEAK is not set +CONFIG_INIT_ON_ALLOC_DEFAULT_ON=y +# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set +CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y +# CONFIG_ZERO_CALL_USED_REGS is not set +# end of Memory initialization +# end of Kernel hardening options +# end of Security options + +CONFIG_XOR_BLOCKS=m +CONFIG_ASYNC_CORE=m +CONFIG_ASYNC_MEMCPY=m +CONFIG_ASYNC_XOR=m +CONFIG_ASYNC_PQ=m +CONFIG_ASYNC_RAID6_RECOV=m +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_FIPS=y +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_SKCIPHER=y +CONFIG_CRYPTO_SKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_RNG_DEFAULT=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_AKCIPHER=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_KPP=m +CONFIG_CRYPTO_ACOMP2=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +CONFIG_CRYPTO_USER=m +# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set +# CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is not set +CONFIG_CRYPTO_GF128MUL=m +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +# CONFIG_CRYPTO_PCRYPT is not set +CONFIG_CRYPTO_CRYPTD=y +CONFIG_CRYPTO_AUTHENC=m +CONFIG_CRYPTO_TEST=m +CONFIG_CRYPTO_SIMD=y +CONFIG_CRYPTO_ENGINE=m + +# +# Public-key cryptography +# +CONFIG_CRYPTO_RSA=y +CONFIG_CRYPTO_DH=m +CONFIG_CRYPTO_ECC=m +CONFIG_CRYPTO_ECDH=m +# CONFIG_CRYPTO_ECDSA is not set +# CONFIG_CRYPTO_ECRDSA is not set +# CONFIG_CRYPTO_SM2 is not set +# CONFIG_CRYPTO_CURVE25519 is not set +CONFIG_CRYPTO_CURVE25519_X86=m + +# +# Authenticated Encryption with Associated Data +# +CONFIG_CRYPTO_CCM=m +CONFIG_CRYPTO_GCM=m +# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +# CONFIG_CRYPTO_AEGIS128 is not set +# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set +CONFIG_CRYPTO_SEQIV=y +CONFIG_CRYPTO_ECHAINIV=m + +# +# Block modes +# +CONFIG_CRYPTO_CBC=y +CONFIG_CRYPTO_CFB=y +CONFIG_CRYPTO_CTR=y +CONFIG_CRYPTO_CTS=y +CONFIG_CRYPTO_ECB=y +CONFIG_CRYPTO_LRW=m +CONFIG_CRYPTO_OFB=y +# CONFIG_CRYPTO_PCBC is not set +CONFIG_CRYPTO_XTS=y +# CONFIG_CRYPTO_KEYWRAP is not set +# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set +# CONFIG_CRYPTO_ADIANTUM is not set +CONFIG_CRYPTO_ESSIV=m + +# +# Hash modes +# +CONFIG_CRYPTO_CMAC=m +CONFIG_CRYPTO_HMAC=y +# CONFIG_CRYPTO_XCBC is not set +# CONFIG_CRYPTO_VMAC is not set + +# +# Digest +# +CONFIG_CRYPTO_CRC32C=y +CONFIG_CRYPTO_CRC32C_INTEL=m +# CONFIG_CRYPTO_CRC32 is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +CONFIG_CRYPTO_XXHASH=m +CONFIG_CRYPTO_BLAKE2B=m +CONFIG_CRYPTO_BLAKE2S_X86=y +CONFIG_CRYPTO_CRCT10DIF=y +# CONFIG_CRYPTO_CRCT10DIF_PCLMUL is not set +CONFIG_CRYPTO_GHASH=m +# CONFIG_CRYPTO_POLY1305 is not set +CONFIG_CRYPTO_POLY1305_X86_64=m +CONFIG_CRYPTO_MD4=m +CONFIG_CRYPTO_MD5=y +# CONFIG_CRYPTO_MICHAEL_MIC is not set +# CONFIG_CRYPTO_RMD160 is not set +CONFIG_CRYPTO_SHA1=y +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +# CONFIG_CRYPTO_SHA256_SSSE3 is not set +# CONFIG_CRYPTO_SHA512_SSSE3 is not set +CONFIG_CRYPTO_SHA256=y +CONFIG_CRYPTO_SHA512=y +CONFIG_CRYPTO_SHA3=m +# CONFIG_CRYPTO_SM3 is not set +# CONFIG_CRYPTO_STREEBOG is not set +# CONFIG_CRYPTO_WP512 is not set +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set + +# +# Ciphers +# +CONFIG_CRYPTO_AES=y +# CONFIG_CRYPTO_AES_TI is not set +CONFIG_CRYPTO_AES_NI_INTEL=y +# CONFIG_CRYPTO_ANUBIS is not set +CONFIG_CRYPTO_ARC4=m +# CONFIG_CRYPTO_BLOWFISH is not set +# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA is not set +# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_CAST5 is not set +# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAST6 is not set +# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set +CONFIG_CRYPTO_DES=m +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +# CONFIG_CRYPTO_FCRYPT is not set +# CONFIG_CRYPTO_KHAZAD is not set +# CONFIG_CRYPTO_CHACHA20 is not set +CONFIG_CRYPTO_CHACHA20_X86_64=m +# CONFIG_CRYPTO_SEED is not set +# CONFIG_CRYPTO_SERPENT is not set +# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set +# CONFIG_CRYPTO_SM4 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_TEA is not set +# CONFIG_CRYPTO_TWOFISH is not set +# CONFIG_CRYPTO_TWOFISH_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set +# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=y +CONFIG_CRYPTO_LZO=m +# CONFIG_CRYPTO_842 is not set +# CONFIG_CRYPTO_LZ4 is not set +# CONFIG_CRYPTO_LZ4HC is not set +# CONFIG_CRYPTO_ZSTD is not set + +# +# Random Number Generation +# +CONFIG_CRYPTO_ANSI_CPRNG=m +CONFIG_CRYPTO_DRBG_MENU=y +CONFIG_CRYPTO_DRBG_HMAC=y +CONFIG_CRYPTO_DRBG_HASH=y +CONFIG_CRYPTO_DRBG_CTR=y +CONFIG_CRYPTO_DRBG=y +CONFIG_CRYPTO_JITTERENTROPY=y +CONFIG_CRYPTO_USER_API=m +CONFIG_CRYPTO_USER_API_HASH=m +CONFIG_CRYPTO_USER_API_SKCIPHER=m +CONFIG_CRYPTO_USER_API_RNG=m +# CONFIG_CRYPTO_USER_API_RNG_CAVP is not set +CONFIG_CRYPTO_USER_API_AEAD=m +CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE=y +# CONFIG_CRYPTO_STATS is not set +CONFIG_CRYPTO_HASH_INFO=y +CONFIG_CRYPTO_HW=y +# CONFIG_CRYPTO_DEV_PADLOCK is not set +# CONFIG_CRYPTO_DEV_ATMEL_ECC is not set +# CONFIG_CRYPTO_DEV_ATMEL_SHA204A is not set +# CONFIG_CRYPTO_DEV_CCP is not set +# CONFIG_CRYPTO_DEV_QAT_DH895xCC is not set +# CONFIG_CRYPTO_DEV_QAT_C3XXX is not set +# CONFIG_CRYPTO_DEV_QAT_C62X is not set +# CONFIG_CRYPTO_DEV_QAT_4XXX is not set +# CONFIG_CRYPTO_DEV_QAT_DH895xCCVF is not set +# CONFIG_CRYPTO_DEV_QAT_C3XXXVF is not set +# CONFIG_CRYPTO_DEV_QAT_C62XVF is not set +# CONFIG_CRYPTO_DEV_NITROX_CNN55XX is not set +# CONFIG_CRYPTO_DEV_CHELSIO is not set +CONFIG_CRYPTO_DEV_VIRTIO=m +# CONFIG_CRYPTO_DEV_SAFEXCEL is not set +# CONFIG_CRYPTO_DEV_AMLOGIC_GXL is not set +CONFIG_ASYMMETRIC_KEY_TYPE=y +CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y +# CONFIG_ASYMMETRIC_TPM_KEY_SUBTYPE is not set +CONFIG_X509_CERTIFICATE_PARSER=y +# CONFIG_PKCS8_PRIVATE_KEY_PARSER is not set +CONFIG_PKCS7_MESSAGE_PARSER=y +# CONFIG_PKCS7_TEST_KEY is not set +# CONFIG_SIGNED_PE_FILE_VERIFICATION is not set + +# +# Certificates for signature checking +# +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" +CONFIG_MODULE_SIG_KEY_TYPE_RSA=y +# CONFIG_MODULE_SIG_KEY_TYPE_ECDSA is not set +CONFIG_SYSTEM_TRUSTED_KEYRING=y +CONFIG_SYSTEM_TRUSTED_KEYS="" +# CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set +# CONFIG_SECONDARY_TRUSTED_KEYRING is not set +CONFIG_SYSTEM_BLACKLIST_KEYRING=y +CONFIG_SYSTEM_BLACKLIST_HASH_LIST="" +# CONFIG_SYSTEM_REVOCATION_LIST is not set +# end of Certificates for signature checking + +CONFIG_BINARY_PRINTF=y + +# +# Library routines +# +CONFIG_RAID6_PQ=m +CONFIG_RAID6_PQ_BENCHMARK=y +# CONFIG_PACKING is not set +CONFIG_BITREVERSE=y +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +CONFIG_GENERIC_FIND_FIRST_BIT=y +# CONFIG_CORDIC is not set +# CONFIG_PRIME_NUMBERS is not set +CONFIG_RATIONAL=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_ARCH_USE_SYM_ANNOTATIONS=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_ARC4=m +CONFIG_CRYPTO_ARCH_HAVE_LIB_BLAKE2S=y +CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y +CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=m +CONFIG_CRYPTO_LIB_CHACHA_GENERIC=m +CONFIG_CRYPTO_LIB_CHACHA=m +CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519=m +CONFIG_CRYPTO_LIB_CURVE25519_GENERIC=m +CONFIG_CRYPTO_LIB_CURVE25519=m +CONFIG_CRYPTO_LIB_DES=m +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=m +CONFIG_CRYPTO_LIB_POLY1305_GENERIC=m +CONFIG_CRYPTO_LIB_POLY1305=m +CONFIG_CRYPTO_LIB_CHACHA20POLY1305=m +CONFIG_CRYPTO_LIB_SHA256=y +# end of Crypto library routines + +CONFIG_LIB_MEMNEQ=y +CONFIG_CRC_CCITT=y +CONFIG_CRC16=y +CONFIG_CRC_T10DIF=y +CONFIG_CRC_ITU_T=y +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +CONFIG_CRC64=m +# CONFIG_CRC4 is not set +# CONFIG_CRC7 is not set +CONFIG_LIBCRC32C=y +CONFIG_CRC8=m +CONFIG_XXHASH=y +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_LZO_COMPRESS=y +CONFIG_LZO_DECOMPRESS=y +CONFIG_LZ4_DECOMPRESS=y +CONFIG_ZSTD_COMPRESS=m +CONFIG_ZSTD_DECOMPRESS=y +CONFIG_XZ_DEC=y +CONFIG_XZ_DEC_X86=y +CONFIG_XZ_DEC_POWERPC=y +CONFIG_XZ_DEC_IA64=y +CONFIG_XZ_DEC_ARM=y +CONFIG_XZ_DEC_ARMTHUMB=y +CONFIG_XZ_DEC_SPARC=y +CONFIG_XZ_DEC_BCJ=y +# CONFIG_XZ_DEC_TEST is not set +CONFIG_DECOMPRESS_GZIP=y +CONFIG_DECOMPRESS_BZIP2=y +CONFIG_DECOMPRESS_LZMA=y +CONFIG_DECOMPRESS_XZ=y +CONFIG_DECOMPRESS_LZO=y +CONFIG_DECOMPRESS_LZ4=y +CONFIG_DECOMPRESS_ZSTD=y +CONFIG_GENERIC_ALLOCATOR=y +CONFIG_REED_SOLOMON=m +CONFIG_REED_SOLOMON_DEC8=y +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=m +CONFIG_TEXTSEARCH_BM=m +CONFIG_TEXTSEARCH_FSM=m +CONFIG_BTREE=y +CONFIG_INTERVAL_TREE=y +CONFIG_XARRAY_MULTI=y +CONFIG_ASSOCIATIVE_ARRAY=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DMA_OPS=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_SWIOTLB=y +# CONFIG_DMA_API_DEBUG is not set +# CONFIG_DMA_MAP_BENCHMARK is not set +CONFIG_SGL_ALLOC=y +CONFIG_IOMMU_HELPER=y +CONFIG_CHECK_SIGNATURE=y +CONFIG_CPUMASK_OFFSTACK=y +CONFIG_CPU_RMAP=y +CONFIG_DQL=y +CONFIG_GLOB=y +# CONFIG_GLOB_SELFTEST is not set +CONFIG_NLATTR=y +CONFIG_CLZ_TAB=y +CONFIG_IRQ_POLL=y +CONFIG_MPILIB=y +CONFIG_DIMLIB=y +CONFIG_OID_REGISTRY=y +CONFIG_UCS2_STRING=y +CONFIG_HAVE_GENERIC_VDSO=y +CONFIG_GENERIC_GETTIMEOFDAY=y +CONFIG_GENERIC_VDSO_TIME_NS=y +CONFIG_FONT_SUPPORT=y +# CONFIG_FONTS is not set +CONFIG_FONT_8x8=y +CONFIG_FONT_8x16=y +CONFIG_SG_POOL=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_MEMREGION=y +CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y +CONFIG_ARCH_HAS_COPY_MC=y +CONFIG_ARCH_STACKWALK=y +CONFIG_SBITMAP=y +CONFIG_PARMAN=m +CONFIG_OBJAGG=m +# end of Library routines + +CONFIG_ASN1_ENCODER=m + +# +# Kernel hacking +# + +# +# printk and dmesg options +# +CONFIG_PRINTK_TIME=y +# CONFIG_PRINTK_CALLER is not set +# CONFIG_STACKTRACE_BUILD_ID is not set +CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 +CONFIG_CONSOLE_LOGLEVEL_QUIET=4 +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set +CONFIG_DYNAMIC_DEBUG=y +CONFIG_DYNAMIC_DEBUG_CORE=y +CONFIG_SYMBOLIC_ERRNAME=y +CONFIG_DEBUG_BUGVERBOSE=y +# end of printk and dmesg options + +CONFIG_AS_HAS_NON_CONST_LEB128=y + +# +# Compile-time checks and compiler options +# +CONFIG_DEBUG_INFO=y +# CONFIG_DEBUG_INFO_REDUCED is not set +# CONFIG_DEBUG_INFO_COMPRESSED is not set +# CONFIG_DEBUG_INFO_SPLIT is not set +CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT=y +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_DEBUG_INFO_DWARF5 is not set +CONFIG_DEBUG_INFO_BTF=y +CONFIG_PAHOLE_HAS_SPLIT_BTF=y +CONFIG_DEBUG_INFO_BTF_MODULES=y +# CONFIG_GDB_SCRIPTS is not set +CONFIG_FRAME_WARN=2048 +CONFIG_STRIP_ASM_SYMS=y +# CONFIG_READABLE_ASM is not set +# CONFIG_HEADERS_INSTALL is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +# CONFIG_DEBUG_FORCE_FUNCTION_ALIGN_64B is not set +CONFIG_FRAME_POINTER=y +CONFIG_STACK_VALIDATION=y +# CONFIG_VMLINUX_MAP is not set +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# end of Compile-time checks and compiler options + +# +# Generic Kernel Debugging Instruments +# +CONFIG_MAGIC_SYSRQ=y +CONFIG_MAGIC_SYSRQ_DEFAULT_ENABLE=0x0 +# CONFIG_MAGIC_SYSRQ_SERIAL is not set +CONFIG_DEBUG_FS=y +CONFIG_DEBUG_FS_ALLOW_ALL=y +# CONFIG_DEBUG_FS_DISALLOW_MOUNT is not set +# CONFIG_DEBUG_FS_ALLOW_NONE is not set +CONFIG_HAVE_ARCH_KGDB=y +CONFIG_KGDB=y +CONFIG_KGDB_HONOUR_BLOCKLIST=y +CONFIG_KGDB_SERIAL_CONSOLE=y +# CONFIG_KGDB_TESTS is not set +# CONFIG_KGDB_LOW_LEVEL_TRAP is not set +CONFIG_KGDB_KDB=y +CONFIG_KDB_DEFAULT_ENABLE=0x1 +# CONFIG_KDB_KEYBOARD is not set +CONFIG_KDB_CONTINUE_CATASTROPHIC=0 +CONFIG_ARCH_HAS_EARLY_DEBUG=y +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_UBSAN is not set +CONFIG_HAVE_ARCH_KCSAN=y +CONFIG_HAVE_KCSAN_COMPILER=y +# CONFIG_KCSAN is not set +# end of Generic Kernel Debugging Instruments + +CONFIG_DEBUG_KERNEL=y +CONFIG_DEBUG_MISC=y + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +# CONFIG_PAGE_OWNER is not set +CONFIG_PAGE_POISONING=y +# CONFIG_DEBUG_PAGE_REF is not set +# CONFIG_DEBUG_RODATA_TEST is not set +CONFIG_ARCH_HAS_DEBUG_WX=y +CONFIG_DEBUG_WX=y +CONFIG_GENERIC_PTDUMP=y +CONFIG_PTDUMP_CORE=y +# CONFIG_PTDUMP_DEBUGFS is not set +# CONFIG_DEBUG_OBJECTS is not set +# CONFIG_SLUB_DEBUG_ON is not set +# CONFIG_SLUB_STATS is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +CONFIG_SCHED_STACK_END_CHECK=y +CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VM_PGTABLE is not set +CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y +# CONFIG_DEBUG_VIRTUAL is not set +# CONFIG_DEBUG_MEMORY_INIT is not set +# CONFIG_DEBUG_PER_CPU_MAPS is not set +CONFIG_HAVE_ARCH_KASAN=y +CONFIG_HAVE_ARCH_KASAN_VMALLOC=y +CONFIG_CC_HAS_KASAN_GENERIC=y +CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y +# CONFIG_KASAN is not set +CONFIG_HAVE_ARCH_KFENCE=y +# CONFIG_KFENCE is not set +# end of Memory Debugging + +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Oops, Lockups and Hangs +# +CONFIG_PANIC_ON_OOPS=y +CONFIG_PANIC_ON_OOPS_VALUE=1 +CONFIG_PANIC_TIMEOUT=-1 +CONFIG_LOCKUP_DETECTOR=y +CONFIG_SOFTLOCKUP_DETECTOR=y +# CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC is not set +CONFIG_BOOTPARAM_SOFTLOCKUP_PANIC_VALUE=0 +CONFIG_HARDLOCKUP_DETECTOR_PERF=y +CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y +CONFIG_HARDLOCKUP_DETECTOR=y +CONFIG_BOOTPARAM_HARDLOCKUP_PANIC=y +CONFIG_BOOTPARAM_HARDLOCKUP_PANIC_VALUE=1 +CONFIG_DETECT_HUNG_TASK=y +CONFIG_DEFAULT_HUNG_TASK_TIMEOUT=0 +# CONFIG_BOOTPARAM_HUNG_TASK_PANIC is not set +CONFIG_BOOTPARAM_HUNG_TASK_PANIC_VALUE=0 +# CONFIG_WQ_WATCHDOG is not set +# CONFIG_TEST_LOCKUP is not set +# end of Debug Oops, Lockups and Hangs + +# +# Scheduler Debugging +# +CONFIG_SCHED_DEBUG=y +CONFIG_SCHED_INFO=y +CONFIG_SCHEDSTATS=y +# end of Scheduler Debugging + +# CONFIG_DEBUG_TIMEKEEPING is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +CONFIG_LOCK_DEBUGGING_SUPPORT=y +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_RWSEMS is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_WW_MUTEX_SELFTEST is not set +# CONFIG_SCF_TORTURE_TEST is not set +# CONFIG_CSD_LOCK_WAIT_DEBUG is not set +# end of Lock Debugging (spinlocks, mutexes, etc...) + +# CONFIG_DEBUG_IRQFLAGS is not set +CONFIG_STACKTRACE=y +# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set +# CONFIG_DEBUG_KOBJECT is not set + +# +# Debug kernel data structures +# +CONFIG_DEBUG_LIST=y +# CONFIG_DEBUG_PLIST is not set +CONFIG_DEBUG_SG=y +CONFIG_DEBUG_NOTIFIERS=y +CONFIG_BUG_ON_DATA_CORRUPTION=y +# end of Debug kernel data structures + +CONFIG_DEBUG_CREDENTIALS=y + +# +# RCU Debugging +# +# CONFIG_RCU_SCALE_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_REF_SCALE_TEST is not set +CONFIG_RCU_CPU_STALL_TIMEOUT=60 +# CONFIG_RCU_TRACE is not set +# CONFIG_RCU_EQS_DEBUG is not set +# end of RCU Debugging + +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set +CONFIG_LATENCYTOP=y +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_NOP_TRACER=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_ARGS=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_OBJTOOL_MCOUNT=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_TRACE_CLOCK=y +CONFIG_RING_BUFFER=y +CONFIG_EVENT_TRACING=y +CONFIG_CONTEXT_SWITCH_TRACER=y +CONFIG_TRACING=y +CONFIG_GENERIC_TRACER=y +CONFIG_TRACING_SUPPORT=y +CONFIG_FTRACE=y +# CONFIG_BOOTTIME_TRACING is not set +CONFIG_FUNCTION_TRACER=y +CONFIG_FUNCTION_GRAPH_TRACER=y +CONFIG_DYNAMIC_FTRACE=y +CONFIG_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y +CONFIG_DYNAMIC_FTRACE_WITH_ARGS=y +# CONFIG_FUNCTION_PROFILER is not set +CONFIG_STACK_TRACER=y +# CONFIG_IRQSOFF_TRACER is not set +# CONFIG_SCHED_TRACER is not set +# CONFIG_HWLAT_TRACER is not set +# CONFIG_OSNOISE_TRACER is not set +# CONFIG_TIMERLAT_TRACER is not set +# CONFIG_MMIOTRACE is not set +CONFIG_FTRACE_SYSCALLS=y +# CONFIG_TRACER_SNAPSHOT is not set +CONFIG_BRANCH_PROFILE_NONE=y +# CONFIG_PROFILE_ANNOTATED_BRANCHES is not set +CONFIG_BLK_DEV_IO_TRACE=y +CONFIG_KPROBE_EVENTS=y +# CONFIG_KPROBE_EVENTS_ON_NOTRACE is not set +CONFIG_UPROBE_EVENTS=y +CONFIG_BPF_EVENTS=y +CONFIG_DYNAMIC_EVENTS=y +CONFIG_PROBE_EVENTS=y +# CONFIG_BPF_KPROBE_OVERRIDE is not set +CONFIG_FTRACE_MCOUNT_RECORD=y +CONFIG_FTRACE_MCOUNT_USE_CC=y +CONFIG_TRACING_MAP=y +CONFIG_SYNTH_EVENTS=y +CONFIG_HIST_TRIGGERS=y +# CONFIG_TRACE_EVENT_INJECT is not set +# CONFIG_TRACEPOINT_BENCHMARK is not set +# CONFIG_RING_BUFFER_BENCHMARK is not set +# CONFIG_TRACE_EVAL_MAP_FILE is not set +# CONFIG_FTRACE_RECORD_RECURSION is not set +# CONFIG_FTRACE_STARTUP_TEST is not set +# CONFIG_RING_BUFFER_STARTUP_TEST is not set +# CONFIG_RING_BUFFER_VALIDATE_TIME_DELTAS is not set +# CONFIG_PREEMPTIRQ_DELAY_TEST is not set +# CONFIG_SYNTH_EVENT_GEN_TEST is not set +# CONFIG_KPROBE_EVENT_GEN_TEST is not set +# CONFIG_HIST_TRIGGERS_DEBUG is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_SAMPLES is not set +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y +CONFIG_STRICT_DEVMEM=y +CONFIG_IO_STRICT_DEVMEM=y + +# +# x86 Debugging +# +# CONFIG_X86_VERBOSE_BOOTUP is not set +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_EARLY_PRINTK_USB_XDBC is not set +# CONFIG_EFI_PGT_DUMP is not set +# CONFIG_DEBUG_TLBFLUSH is not set +# CONFIG_IOMMU_DEBUG is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +# CONFIG_X86_DECODER_SELFTEST is not set +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +# CONFIG_DEBUG_BOOT_PARAMS is not set +# CONFIG_CPA_DEBUG is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +# CONFIG_X86_DEBUG_FPU is not set +# CONFIG_PUNIT_ATOM_DEBUG is not set +# CONFIG_UNWINDER_ORC is not set +CONFIG_UNWINDER_FRAME_POINTER=y +# CONFIG_UNWINDER_GUESS is not set +# end of x86 Debugging + +# +# Kernel Testing and Coverage +# +# CONFIG_KUNIT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +CONFIG_FUNCTION_ERROR_INJECTION=y +# CONFIG_FAULT_INJECTION is not set +CONFIG_ARCH_HAS_KCOV=y +CONFIG_CC_HAS_SANCOV_TRACE_PC=y +# CONFIG_KCOV is not set +CONFIG_RUNTIME_TESTING_MENU=y +# CONFIG_LKDTM is not set +# CONFIG_TEST_MIN_HEAP is not set +# CONFIG_TEST_DIV64 is not set +# CONFIG_KPROBES_SANITY_TEST is not set +# CONFIG_BACKTRACE_SELF_TEST is not set +# CONFIG_RBTREE_TEST is not set +# CONFIG_REED_SOLOMON_TEST is not set +# CONFIG_INTERVAL_TREE_TEST is not set +# CONFIG_PERCPU_TEST is not set +# CONFIG_ATOMIC64_SELFTEST is not set +# CONFIG_ASYNC_RAID6_TEST is not set +# CONFIG_TEST_HEXDUMP is not set +# CONFIG_STRING_SELFTEST is not set +# CONFIG_TEST_STRING_HELPERS is not set +# CONFIG_TEST_STRSCPY is not set +# CONFIG_TEST_KSTRTOX is not set +# CONFIG_TEST_PRINTF is not set +# CONFIG_TEST_SCANF is not set +# CONFIG_TEST_BITMAP is not set +# CONFIG_TEST_UUID is not set +# CONFIG_TEST_XARRAY is not set +# CONFIG_TEST_OVERFLOW is not set +# CONFIG_TEST_RHASHTABLE is not set +# CONFIG_TEST_HASH is not set +# CONFIG_TEST_IDA is not set +# CONFIG_TEST_PARMAN is not set +# CONFIG_TEST_LKM is not set +# CONFIG_TEST_BITOPS is not set +# CONFIG_TEST_VMALLOC is not set +# CONFIG_TEST_USER_COPY is not set +# CONFIG_TEST_BPF is not set +# CONFIG_TEST_BLACKHOLE_DEV is not set +# CONFIG_FIND_BIT_BENCHMARK is not set +# CONFIG_TEST_FIRMWARE is not set +# CONFIG_TEST_SYSCTL is not set +# CONFIG_TEST_UDELAY is not set +# CONFIG_TEST_STATIC_KEYS is not set +# CONFIG_TEST_KMOD is not set +# CONFIG_TEST_MEMCAT_P is not set +# CONFIG_TEST_LIVEPATCH is not set +# CONFIG_TEST_OBJAGG is not set +# CONFIG_TEST_STACKINIT is not set +# CONFIG_TEST_MEMINIT is not set +# CONFIG_TEST_FREE_PAGES is not set +# CONFIG_TEST_FPU is not set +# CONFIG_TEST_CLOCKSOURCE_WATCHDOG is not set +CONFIG_ARCH_USE_MEMTEST=y +CONFIG_MEMTEST=y +# CONFIG_HYPERV_TESTING is not set +# end of Kernel Testing and Coverage +# end of Kernel hacking diff --git a/SPECS/livepatch-5.15.131.1-3.cm2/livepatch-5.15.131.1-3.cm2.signatures.json b/SPECS/livepatch-5.15.131.1-3.cm2/livepatch-5.15.131.1-3.cm2.signatures.json new file mode 100644 index 00000000000..62c2d6c9cb3 --- /dev/null +++ b/SPECS/livepatch-5.15.131.1-3.cm2/livepatch-5.15.131.1-3.cm2.signatures.json @@ -0,0 +1,7 @@ +{ + "Signatures": { + "config-5.15.131.1-3.cm2": "5aac865f894b53ebc1cd94dc6763ed8a5c07c0e2834e6a43fcc8a84fe0ce2c98", + "kernel-5.15.131.1.tar.gz": "79e6f96e5e9b0e920336dc5c2da0d5b65c3d77f9568b15ae6c4517164aace0a4", + "mariner-5.15.131.1-3.cm2.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0" + } +} diff --git a/SPECS/livepatch-5.15.131.1-3.cm2/livepatch-5.15.131.1-3.cm2.spec b/SPECS/livepatch-5.15.131.1-3.cm2/livepatch-5.15.131.1-3.cm2.spec new file mode 100644 index 00000000000..4145c187ec9 --- /dev/null +++ b/SPECS/livepatch-5.15.131.1-3.cm2/livepatch-5.15.131.1-3.cm2.spec @@ -0,0 +1,196 @@ +%define kernel_version_release 5.15.131.1-3.cm2 +%define kernel_version %(echo %{kernel_version_release} | grep -oP "^[^-]+") +%define kernel_release %(echo %{kernel_version_release} | grep -oP "(?<=-).+") + +%define builds_module %([[ -n "$(echo "%{patches}" | grep -oP "CVE-\\d+-\\d+(?=\\.patch)")" ]] && echo 1 || echo 0) + +%define kpatch_logs_file /root/.kpatch/build.log + +# Kpatch module names allow only alphanumeric characters and '_'. +%define livepatch_name %(value="%{name}-%{version}-%{release}"; echo "${value//[^a-zA-Z0-9_]/_}") +%define livepatch_install_dir %{_libdir}/livepatching/%{kernel_version_release} +%define livepatch_module_name %{livepatch_name}.ko +%define livepatch_module_path %{livepatch_install_dir}/%{livepatch_module_name} + +%define patch_applicable_for_kernel [[ -f "%{livepatch_module_path}" && "$(uname -r)" == "%{kernel_version_release}" ]] +%define patch_installed kpatch list | grep -qP "%{livepatch_name}.*%{kernel_version_release}" +%define patch_loaded kpatch list | grep -qP "%{livepatch_name}.*enabled" + +# Install patch if the RUNNING kernel matches. +# No-op for initial (empty) livepatch. +%define install_if_should \ +if %{patch_applicable_for_kernel} && ! %{patch_installed} \ +then \ + kpatch install %{livepatch_module_path} \ +fi + +# Load patch, if the RUNNING kernel matches. +# No-op for initial (empty) livepatch. +%define load_if_should \ +if %{patch_applicable_for_kernel} && ! %{patch_loaded} \ +then \ + kpatch load %{livepatch_module_path} \ +fi + +%define uninstall_if_should \ +if %{patch_installed} \ +then \ + kpatch uninstall %{livepatch_name} \ +fi + +%define unload_if_should \ +if %{patch_loaded} \ +then \ + kpatch unload %{livepatch_name} \ +fi + +%define patches_description \ +%( + echo "Patches list ('*' - fixed, '!' - unfixable through livepatching, kernel update required):" + for patch in %{patches} + do + patch_file=$(basename "$patch") + + cve_number="${patch_file%.*}" + patch_suffix="${patch_file#*.}" + + if [ "$patch_suffix" = "patch" ] + then + echo "*$cve_number" + else + echo "\!$cve_number: $(cat "$patch")" + fi + done +) + +Summary: Set of livepatches for kernel %{kernel_version_release} +Name: livepatch-%{kernel_version_release} +Version: 1.0.0 +Release: 1%{?dist} +License: MIT +Vendor: Microsoft Corporation +Distribution: Mariner +Group: System Environment/Base +URL: https://github.com/microsoft/CBL-Mariner +Source0: https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/%{kernel_version}.tar.gz#/kernel-%{kernel_version}.tar.gz +Source1: config-%{kernel_version_release} +Source2: mariner-%{kernel_version_release}.pem + +ExclusiveArch: x86_64 + +Provides: livepatch = %{kernel_version_release} + +# Must be kept below the "Patch" tags to correctly evaluate %%builds_module. +%if %{builds_module} +BuildRequires: audit-devel +BuildRequires: bash +BuildRequires: bc +BuildRequires: binutils +BuildRequires: bison +BuildRequires: diffutils +BuildRequires: dwarves +BuildRequires: elfutils-libelf-devel +BuildRequires: flex +BuildRequires: gcc +BuildRequires: glib-devel +BuildRequires: glibc-devel +BuildRequires: kbd +BuildRequires: kernel-debuginfo = %{kernel_version_release} +BuildRequires: kernel-headers = %{kernel_version_release} +BuildRequires: kmod-devel +BuildRequires: kpatch-build +BuildRequires: libdnet-devel +BuildRequires: libmspack-devel +BuildRequires: make +BuildRequires: openssl +BuildRequires: openssl-devel +BuildRequires: pam-devel +BuildRequires: procps-ng-devel +BuildRequires: python3-devel +BuildRequires: rpm-build + +Requires: coreutils +Requires: livepatching-filesystem + +Requires(post): coreutils +Requires(post): kpatch + +Requires(preun): kpatch + +%description +A set of kernel livepatches addressing CVEs present in Mariner's +%{kernel_version_release} kernel. +%{patches_description} + +%prep +%setup -q -n CBL-Mariner-Linux-Kernel-rolling-lts-mariner-2-%{kernel_version} + +cp %{SOURCE1} .config +cp %{SOURCE2} certs/mariner.pem + +sed -i 's#CONFIG_SYSTEM_TRUSTED_KEYS=""#CONFIG_SYSTEM_TRUSTED_KEYS="certs/mariner.pem"#' .config +sed -i 's/CONFIG_LOCALVERSION=""/CONFIG_LOCALVERSION="-%{kernel_release}"/' .config + +%build +# Building cumulative patch. +all_patches_file=all.patch +for patch in %{patches} +do + [[ "$patch" == *.patch ]] && cat "$patch" >> $all_patches_file +done + +if ! kpatch-build -ddd \ + --sourcedir . \ + --vmlinux %{_libdir}/debug/lib/modules/%{kernel_version_release}/vmlinux \ + --name %{livepatch_name} \ + $all_patches_file +then + echo "ERROR: failed to build livepatch module. Logs from '%{kpatch_logs_file}':" >&2 + cat "%{kpatch_logs_file}" >&2 + exit 1 +fi + +%install +install -dm 755 %{buildroot}%{livepatch_install_dir} +install -m 744 %{livepatch_module_name} %{buildroot}%{livepatch_module_path} + +%post +%load_if_should +%install_if_should + +%preun +%uninstall_if_should +%unload_if_should + +# Re-enable patch on rollbacks to supported kernel. +%triggerin -- kernel = %{kernel_version_release} +%load_if_should +%install_if_should + +# Prevent the patch from being loaded after a reboot to a different kernel. +# Previous kernel is still running, do NOT unload the livepatch. +%triggerin -- kernel > %{kernel_version_release}, kernel < %{kernel_version_release} +%uninstall_if_should + +%files +%defattr(-,root,root) +%dir %{livepatch_install_dir} +%{livepatch_module_path} + +# else builds_module +%else +%global debug_package %{nil} + +%description +Empty package enabling subscription to future kernel livepatches +addressing CVEs present in Mariner's %{kernel_version_release} kernel. + +%files + +# endif builds_module +%endif + +%changelog +* Wed Sep 27 2023 CBL-Mariner Servicing Account - 1.0.0-1 +- Original version for CBL-Mariner. +- License verified. diff --git a/SPECS/livepatch-5.15.131.1-3.cm2/mariner-5.15.131.1-3.cm2.pem b/SPECS/livepatch-5.15.131.1-3.cm2/mariner-5.15.131.1-3.cm2.pem new file mode 100644 index 00000000000..76865b9a68e --- /dev/null +++ b/SPECS/livepatch-5.15.131.1-3.cm2/mariner-5.15.131.1-3.cm2.pem @@ -0,0 +1,29 @@ +-----BEGIN CERTIFICATE----- +MIIFBjCCA+6gAwIBAgITMwAABO5/lN6NQyelHwABAAAE7jANBgkqhkiG9w0BAQsF +ADB5MQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3RvbjEQMA4GA1UEBxMH +UmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0aW9uMSMwIQYDVQQD +ExpNaWNyb3NvZnQgVGVzdGluZyBQQ0EgMjAxMDAeFw0yMTEwMTQxNzI4MDVaFw0y +MjEwMTMxNzI4MDVaMIGGMQswCQYDVQQGEwJVUzETMBEGA1UECBMKV2FzaGluZ3Rv +bjEQMA4GA1UEBxMHUmVkbW9uZDEeMBwGA1UEChMVTWljcm9zb2Z0IENvcnBvcmF0 +aW9uMTAwLgYDVQQDEydNYXJpbmVyIFNlY3VyZSBCb290KFByb2R1Y3Rpb24gU2ln +bmluZykwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDF45hTHPQAA7yc +6g3iVuqcQKF51ylCynjUySYqqQha2sQzE7tbJ2egVkW4cfY1UbJsm65i2/VGI1OL +Zia4sRwXRN7toRK5aElYfpsghMgGEaCSPs6915BVqO4WX0jxXswqRZ2CPH+evNCC +hQnOqtjvFCqp7aeQ44b/DpZmaMicL/DwbI4925HWGSYa+/Mp1Fs3yGhP5X75+c9v +w4gJ5KoxcOFRmQEt0c7lOclOi5Np5jys7lrrdmPPbjoALERBatiXj8w72LUZu4+I +970/6jqNEkHeGxqVSPRRNIEZubjvRIfg8uULr8k/Kj8TbznCWoGuaT/9yoVbHhqU +KQMJxxFrAgMBAAGjggF3MIIBczATBgNVHSUEDDAKBggrBgEFBQcDAzAdBgNVHQ4E +FgQUtC1rnigJt7kJfP+emwGUuG6Av5UwRQYDVR0RBD4wPKQ6MDgxHjAcBgNVBAsT +FU1pY3Jvc29mdCBDb3Jwb3JhdGlvbjEWMBQGA1UEBRMNNDYwODk3KzQ2ODU5NzAf +BgNVHSMEGDAWgBS/ZaKrb3WjTkWWVwXPOYf0wBUcHDBcBgNVHR8EVTBTMFGgT6BN +hktodHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NybC9NaWNyb3NvZnQl +MjBUZXN0aW5nJTIwUENBJTIwMjAxMCgxKS5jcmwwaQYIKwYBBQUHAQEEXTBbMFkG +CCsGAQUFBzAChk1odHRwOi8vd3d3Lm1pY3Jvc29mdC5jb20vcGtpb3BzL2NlcnRz +L01pY3Jvc29mdCUyMFRlc3RpbmclMjBQQ0ElMjAyMDEwKDEpLmNydDAMBgNVHRMB +Af8EAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQCybuv6kmhT2y97FOLRljLCLvQlBL/E +dxKPDYNFhHCKIUd550yUoUW8XIxSYa+Dmx/1+NYS4Nxql7ecuR4g9+4i0DOmNjYO +NY8epPspIpjUd9OAiKNKJSs2303i2TQojXQcZVeTO89bK3pX+spoACGuEVEuWSdL +q+oPDYZwNTKyobj9wHYO6WXJfcdLPlYZghDjR/WNO5bzvzpi2nn/c4OYvMihLNq0 +5uNO0IB/zquyAaCKbi15v/PqYos1BsT+Yft4zf8ry17yFVBIqJMa2An6Gex7SNWj +jj1S7uBga3oZcTHvR8xv3fmbwfQMIrZRmZrq8xkySxQV7xea0sE7X/pJ +-----END CERTIFICATE----- diff --git a/SPECS/mariner-release/mariner-release.spec b/SPECS/mariner-release/mariner-release.spec index a1a1fc14b14..000d0eff84e 100644 --- a/SPECS/mariner-release/mariner-release.spec +++ b/SPECS/mariner-release/mariner-release.spec @@ -1,7 +1,7 @@ Summary: CBL-Mariner release files Name: mariner-release Version: 2.0 -Release: 51%{?dist} +Release: 52%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -62,6 +62,9 @@ EOF %config(noreplace) %{_sysconfdir}/issue.net %changelog +* Wed Sep 27 2023 CBL-Mariner Servicing Account - 2.0-52 +- Bump release for October 2023 Release + * Wed Sep 20 2023 CBL-Mariner Servicing Account - 2.0-51 - Bump release for September 2023 Update 2 diff --git a/cgmanifest.json b/cgmanifest.json index f23d1f5623b..947a6e4bb21 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -12206,6 +12206,16 @@ } } }, + { + "component": { + "type": "other", + "other": { + "name": "livepatch-5.15.131.1-3.cm2", + "version": "1.0.0", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.131.1.tar.gz" + } + } + }, { "component": { "type": "other", From d7f79b6fedaaa7116270e4cbd78ca8f15d9e42cc Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Thu, 28 Sep 2023 10:48:23 -0700 Subject: [PATCH 26/47] [AUTOPATCHER-CORE] Upgrade bind to 9.16.44 Fix CVE-2023-3341 (#6296) * Upgrade bind to 9.16.44 Fix CVE-2023-3341 * Remove patch for old CVE --------- Co-authored-by: Rakshaa Viswanathan --- SPECS/bind/CVE-2023-2828.patch | 171 -------------------------------- SPECS/bind/bind.signatures.json | 2 +- SPECS/bind/bind.spec | 9 +- cgmanifest.json | 6 +- 4 files changed, 9 insertions(+), 179 deletions(-) delete mode 100644 SPECS/bind/CVE-2023-2828.patch diff --git a/SPECS/bind/CVE-2023-2828.patch b/SPECS/bind/CVE-2023-2828.patch deleted file mode 100644 index 86200ebeef1..00000000000 --- a/SPECS/bind/CVE-2023-2828.patch +++ /dev/null @@ -1,171 +0,0 @@ -From 011a1a2425eaf914f5470f9dd6cfd98b7bd5f340 Mon Sep 17 00:00:00 2001 -From: Suresh Thelkar -Date: Wed, 26 Jul 2023 11:15:57 +0530 -Subject: [PATCH] patch for CVE-2023-2828 - -Backported by @suresh-thelkar from upstream on 2023-07-26 -Upstream patch is available at https://downloads.isc.org/isc/bind9/9.16.42/patches/0001-CVE-2023-2828.patch -Applies on 9.16.33 cleanly ---- - lib/dns/rbtdb.c | 105 ++++++++++++++++++++++++++++++------------------ - 1 file changed, 65 insertions(+), 40 deletions(-) - -diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c -index 75832e3..cc026a6 100644 ---- a/lib/dns/rbtdb.c -+++ b/lib/dns/rbtdb.c -@@ -599,7 +599,7 @@ static void - expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, bool tree_locked, - expire_t reason); - static void --overmem_purge(dns_rbtdb_t *rbtdb, unsigned int locknum_start, isc_stdtime_t now, -+overmem_purge(dns_rbtdb_t *rbtdb, unsigned int locknum_start, size_t purgesize, - bool tree_locked); - static void - resign_insert(dns_rbtdb_t *rbtdb, int idx, rdatasetheader_t *newheader); -@@ -6756,6 +6756,16 @@ cleanup: - - static dns_dbmethods_t zone_methods; - -+static size_t -+rdataset_size(rdatasetheader_t *header) { -+ if (!NONEXISTENT(header)) { -+ return (dns_rdataslab_size((unsigned char *)header, -+ sizeof(*header))); -+ } -+ -+ return (sizeof(*header)); -+} -+ - static isc_result_t - addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, - isc_stdtime_t now, dns_rdataset_t *rdataset, unsigned int options, -@@ -6919,7 +6929,8 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, - } - - if (cache_is_overmem) { -- overmem_purge(rbtdb, rbtnode->locknum, now, tree_locked); -+ overmem_purge(rbtdb, rbtnode->locknum, rdataset_size(newheader), -+ tree_locked); - } - - NODE_LOCK(&rbtdb->node_locks[rbtnode->locknum].lock, -@@ -6938,10 +6949,18 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version, - } - - header = isc_heap_element(rbtdb->heaps[rbtnode->locknum], 1); -- if (header != NULL && header->rdh_ttl + rbtdb->serve_stale_ttl < -- now - RBTDB_VIRTUAL) -- { -- expire_header(rbtdb, header, tree_locked, expire_ttl); -+ if (header != NULL) { -+ dns_ttl_t rdh_ttl = header->rdh_ttl; -+ -+ /* Only account for stale TTL if cache is not overmem */ -+ if (!cache_is_overmem) { -+ rdh_ttl += rbtdb->serve_stale_ttl; -+ } -+ -+ if (rdh_ttl < now - RBTDB_VIRTUAL) { -+ expire_header(rbtdb, header, tree_locked, -+ expire_ttl); -+ } - } - - /* -@@ -10420,52 +10439,58 @@ update_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, isc_stdtime_t now) { - ISC_LIST_PREPEND(rbtdb->rdatasets[header->node->locknum], header, link); - } - -+static size_t -+expire_lru_headers(dns_rbtdb_t *rbtdb, unsigned int locknum, size_t purgesize, -+ bool tree_locked) { -+ rdatasetheader_t *header, *header_prev; -+ size_t purged = 0; -+ -+ for (header = ISC_LIST_TAIL(rbtdb->rdatasets[locknum]); -+ header != NULL && purged <= purgesize; header = header_prev) -+ { -+ header_prev = ISC_LIST_PREV(header, link); -+ /* -+ * Unlink the entry at this point to avoid checking it -+ * again even if it's currently used someone else and -+ * cannot be purged at this moment. This entry won't be -+ * referenced any more (so unlinking is safe) since the -+ * TTL was reset to 0. -+ */ -+ ISC_LIST_UNLINK(rbtdb->rdatasets[locknum], header, link); -+ size_t header_size = rdataset_size(header); -+ expire_header(rbtdb, header, tree_locked, expire_lru); -+ purged += header_size; -+ } -+ -+ return (purged); -+} -+ - /*% -- * Purge some expired and/or stale (i.e. unused for some period) cache entries -- * under an overmem condition. To recover from this condition quickly, up to -- * 2 entries will be purged. This process is triggered while adding a new -- * entry, and we specifically avoid purging entries in the same LRU bucket as -- * the one to which the new entry will belong. Otherwise, we might purge -- * entries of the same name of different RR types while adding RRsets from a -- * single response (consider the case where we're adding A and AAAA glue records -- * of the same NS name). -+ * Purge some stale (i.e. unused for some period - LRU based cleaning) cache -+ * entries under the overmem condition. To recover from this condition quickly, -+ * we cleanup entries up to the size of newly added rdata (passed as purgesize). -+ * -+ * This process is triggered while adding a new entry, and we specifically avoid -+ * purging entries in the same LRU bucket as the one to which the new entry will -+ * belong. Otherwise, we might purge entries of the same name of different RR -+ * types while adding RRsets from a single response (consider the case where -+ * we're adding A and AAAA glue records of the same NS name). - */ - static void --overmem_purge(dns_rbtdb_t *rbtdb, unsigned int locknum_start, isc_stdtime_t now, -+overmem_purge(dns_rbtdb_t *rbtdb, unsigned int locknum_start, size_t purgesize, - bool tree_locked) { -- rdatasetheader_t *header, *header_prev; - unsigned int locknum; -- int purgecount = 2; -+ size_t purged = 0; - - for (locknum = (locknum_start + 1) % rbtdb->node_lock_count; -- locknum != locknum_start && purgecount > 0; -+ locknum != locknum_start && purged <= purgesize; - locknum = (locknum + 1) % rbtdb->node_lock_count) - { - NODE_LOCK(&rbtdb->node_locks[locknum].lock, - isc_rwlocktype_write); - -- header = isc_heap_element(rbtdb->heaps[locknum], 1); -- if (header && header->rdh_ttl < now - RBTDB_VIRTUAL) { -- expire_header(rbtdb, header, tree_locked, expire_ttl); -- purgecount--; -- } -- -- for (header = ISC_LIST_TAIL(rbtdb->rdatasets[locknum]); -- header != NULL && purgecount > 0; header = header_prev) -- { -- header_prev = ISC_LIST_PREV(header, link); -- /* -- * Unlink the entry at this point to avoid checking it -- * again even if it's currently used someone else and -- * cannot be purged at this moment. This entry won't be -- * referenced any more (so unlinking is safe) since the -- * TTL was reset to 0. -- */ -- ISC_LIST_UNLINK(rbtdb->rdatasets[locknum], header, -- link); -- expire_header(rbtdb, header, tree_locked, expire_lru); -- purgecount--; -- } -+ purged += expire_lru_headers(rbtdb, locknum, purgesize - purged, -+ tree_locked); - - NODE_UNLOCK(&rbtdb->node_locks[locknum].lock, - isc_rwlocktype_write); --- -2.38.1 - diff --git a/SPECS/bind/bind.signatures.json b/SPECS/bind/bind.signatures.json index b8ade039d51..f91b7d2dec4 100644 --- a/SPECS/bind/bind.signatures.json +++ b/SPECS/bind/bind.signatures.json @@ -14,6 +14,6 @@ "named.sysconfig": "8f8eff846667b7811358e289e9fe594de17d0e47f2b8cebf7840ad8db7f34816", "setup-named-chroot.sh": "786fbc88c7929fadf217cf2286f2eb03b6fba14843e5da40ad43c0022dd71c3a", "setup-named-softhsm.sh": "3b243d9e48577acb95a08ae5dd7288c5eec4830bc02bd29b1f1724c497d12864", - "bind-9.16.37.tar.xz": "0e4661d522a2fe1f111c1f0685e7d6993d657f81dae24e7a75dbd8db3ef2e2ab" + "bind-9.16.44.tar.xz": "cfaa953c36d5ca42d9584fcf9653d07c85527b59687e7c4d4cb8071272db6754" } } \ No newline at end of file diff --git a/SPECS/bind/bind.spec b/SPECS/bind/bind.spec index 86747640b3e..0a2c6f939ab 100644 --- a/SPECS/bind/bind.spec +++ b/SPECS/bind/bind.spec @@ -9,8 +9,8 @@ Summary: Domain Name System software Name: bind -Version: 9.16.37 -Release: 2%{?dist} +Version: 9.16.44 +Release: 1%{?dist} License: ISC Vendor: Microsoft Corporation Distribution: Mariner @@ -33,7 +33,6 @@ Source14: setup-named-softhsm.sh Source15: named-chroot.files Patch9: bind-9.14-config-pkcs11.patch Patch10: bind-9.10-dist-native-pkcs11.patch -Patch11: CVE-2023-2828.patch BuildRequires: gcc BuildRequires: json-c-devel @@ -235,7 +234,6 @@ cp -r bin/dnssec{,-pkcs11} cp -r lib/dns{,-pkcs11} cp -r lib/ns{,-pkcs11} %patch10 -p1 -b .dist_pkcs11 -%patch11 -p1 libtoolize -c -f; aclocal -I libtool.m4 --force; autoconf -f @@ -615,6 +613,9 @@ fi; %{_mandir}/man8/named-nzd2nzf.8* %changelog +* Wed Sep 27 2023 CBL-Mariner Servicing Account - 9.16.44-1 +- Auto-upgrade to 9.16.44 - Fix CVE-2023-3341 + * Wed Sep 20 2023 Jon Slobodzian - 9.16.37-2 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) diff --git a/cgmanifest.json b/cgmanifest.json index 947a6e4bb21..ea5cf6e987f 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -1087,8 +1087,8 @@ "type": "other", "other": { "name": "bind", - "version": "9.16.37", - "downloadUrl": "https://ftp.isc.org/isc/bind9/9.16.37/bind-9.16.37.tar.xz" + "version": "9.16.44", + "downloadUrl": "https://ftp.isc.org/isc/bind9/9.16.44/bind-9.16.44.tar.xz" } } }, @@ -30897,4 +30897,4 @@ } ], "Version": 1 -} +} \ No newline at end of file From 45d111d407945a4bd086c5658cd5c794719a0877 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Thu, 28 Sep 2023 11:06:01 -0700 Subject: [PATCH 27/47] Upgrade rust to 1.72.0 to resolve CVE-2023-38497, CVE-2023-40030 (#6198) * Upgrade rust to 1.72.0 to resolve CVE-2023-38497, CVE-2023-40030 Rework the rust.spec to use .tar.xz source tarballs instead of .tar.gz source tarballs. This removes the need to modify the bootstrap script in the rust sources. * Bump packges to use new rust * flux: introduce patch to drop warnings are build blocker Signed-off-by: Muhammad Falak R Wani * kata-containers: drop mut for variables to unblock build Signed-off-by: Muhammad Falak R Wani * kata-containers-cc: enable gated feature & drop mut from immutable vars Signed-off-by: Muhammad Falak R Wani * clamav: regenerate cargo cache Signed-off-by: Muhammad Falak R Wani --------- Signed-off-by: Muhammad Falak R Wani Co-authored-by: Muhammad Falak R Wani --- SPECS-EXTENDED/ripgrep/ripgrep.spec | 5 +- SPECS/clamav/clamav.signatures.json | 8 +- SPECS/clamav/clamav.spec | 10 ++- SPECS/cloud-hypervisor/cloud-hypervisor.spec | 5 +- ...x-unblock-build-by-allowing-warnings.patch | 23 ++++++ SPECS/flux/flux.spec | 10 ++- SPECS/influxdb/influxdb.spec | 5 +- ...er-enable-feature-impl_trait_in_asso.patch | 24 ++++++ ...t-for-variables-that-are-not-mutated.patch | 54 ++++++++++++ .../kata-containers-cc.spec | 15 +++- ...t-for-variables-that-are-not-mutated.patch | 54 ++++++++++++ SPECS/kata-containers/kata-containers.spec | 11 ++- SPECS/librsvg2/librsvg2.spec | 5 +- SPECS/mozjs/mozjs.spec | 5 +- SPECS/netavark/netavark.spec | 5 +- SPECS/rpm-ostree/rpm-ostree.spec | 5 +- SPECS/rust/CVE-2023-27477.patch | 82 ------------------- SPECS/rust/generate_source_tarball.sh | 15 ++-- SPECS/rust/rust.signatures.json | 16 ++-- SPECS/rust/rust.spec | 51 ++++++------ cgmanifest.json | 4 +- 21 files changed, 272 insertions(+), 140 deletions(-) create mode 100644 SPECS/flux/0001-libflux-unblock-build-by-allowing-warnings.patch create mode 100644 SPECS/kata-containers-cc/0001-tardev-snapshotter-enable-feature-impl_trait_in_asso.patch create mode 100644 SPECS/kata-containers-cc/drop-mut-for-variables-that-are-not-mutated.patch create mode 100644 SPECS/kata-containers/drop-mut-for-variables-that-are-not-mutated.patch delete mode 100644 SPECS/rust/CVE-2023-27477.patch diff --git a/SPECS-EXTENDED/ripgrep/ripgrep.spec b/SPECS-EXTENDED/ripgrep/ripgrep.spec index 323f35ef6de..5b955dfff41 100644 --- a/SPECS-EXTENDED/ripgrep/ripgrep.spec +++ b/SPECS-EXTENDED/ripgrep/ripgrep.spec @@ -20,7 +20,7 @@ Name: ripgrep Version: 13.0.0 -Release: 4%{?dist} +Release: 5%{?dist} Summary: A search tool that combines ag with grep License: MIT AND Unlicense Vendor: Microsoft Corporation @@ -104,6 +104,9 @@ install -Dm 644 complete/_rg %{buildroot}%{_datadir}/zsh/site-functions/_rg %{_datadir}/zsh %changelog +* Thu Sep 07 2023 Daniel McIlvaney - 13.0.0-5 +- Bump package to rebuild with rust 1.72.0 + * Wed Aug 31 2022 Olivia Crain - 13.0.0-4 - Bump package to rebuild with stable Rust compiler diff --git a/SPECS/clamav/clamav.signatures.json b/SPECS/clamav/clamav.signatures.json index 718475242ca..3fcc6b21b10 100644 --- a/SPECS/clamav/clamav.signatures.json +++ b/SPECS/clamav/clamav.signatures.json @@ -1,6 +1,6 @@ { - "Signatures": { - "clamav-0.105.2.tar.gz": "3827f6f22c08a83c52cd29f3562d780af6db65e825b0e0969608061209a90aa5", - "clamav-clamav-0.105.2-cargo.tar.gz": "a366df3c8525a68210baaa7bdcd2a2fd7684a7d8d4429214d1d787703e2880fd" - } + "Signatures": { + "clamav-0.105.2.tar.gz": "3827f6f22c08a83c52cd29f3562d780af6db65e825b0e0969608061209a90aa5", + "clamav-clamav-0.105.2-cargo-rev2.tar.gz": "08f7b90bb8662ae1acc4a78f6688d8e03d62d4a8db913d6c896ba5b30a74791b" + } } \ No newline at end of file diff --git a/SPECS/clamav/clamav.spec b/SPECS/clamav/clamav.spec index 2ad79af5c1f..7272069e746 100644 --- a/SPECS/clamav/clamav.spec +++ b/SPECS/clamav/clamav.spec @@ -1,7 +1,7 @@ Summary: Open source antivirus engine Name: clamav Version: 0.105.2 -Release: 2%{?dist} +Release: 3%{?dist} License: ASL 2.0 AND BSD AND bzip2-1.0.4 AND GPLv2 AND LGPLv2+ AND MIT AND Public Domain AND UnRar Vendor: Microsoft Corporation Distribution: Mariner @@ -11,7 +11,10 @@ Source0: https://github.com/Cisco-Talos/clamav/archive/refs/tags/%{name}- # Note: the %%{name}-%%{name}-%%{version}-cargo.tar.gz file contains a cache created by capturing the contents downloaded into $CARGO_HOME. # To update the cache run: # [repo_root]/toolkit/scripts/build_cargo_cache.sh %%{name}-%%{version}.tar.gz %%{name}-%%{name}-%%{version} -Source1: %{name}-%{name}-%{version}-cargo.tar.gz + +# Note: Required an updated cargo cache when rust was updated to 1.72.0, added "-rev2" to the filename to indicate the new cache for this +# specific event. Revert back to the original filename when a new cache is created for a different version. +Source1: %{name}-%{name}-%{version}-cargo-rev2.tar.gz Patch0: CVE-2022-48579.patch BuildRequires: bzip2-devel BuildRequires: check-devel @@ -129,6 +132,9 @@ fi %dir %attr(-,clamav,clamav) %{_sharedstatedir}/clamav %changelog +* Thu Sep 07 2023 Daniel McIlvaney - 0.105.2-3 +- Bump package to rebuild with rust 1.72.0 + * Tue Aug 29 2023 Tobias Brick - 0.105.2-2 - Patch CVE-2022-48579 diff --git a/SPECS/cloud-hypervisor/cloud-hypervisor.spec b/SPECS/cloud-hypervisor/cloud-hypervisor.spec index 38ed86b4997..fd98a85f913 100644 --- a/SPECS/cloud-hypervisor/cloud-hypervisor.spec +++ b/SPECS/cloud-hypervisor/cloud-hypervisor.spec @@ -5,7 +5,7 @@ Summary: Cloud Hypervisor is an open source Virtual Machine Monitor (VMM) that runs on top of KVM. Name: cloud-hypervisor Version: 31.1 -Release: 1%{?dist} +Release: 2%{?dist} License: ASL 2.0 OR BSD-3-clause Vendor: Microsoft Corporation Distribution: Mariner @@ -151,6 +151,9 @@ cargo build --release --target=%{rust_musl_target} --package vhost_user_block %{ %license LICENSE-BSD-3-Clause %changelog +* Thu Sep 07 2023 Daniel McIlvaney - 31.1-2 +- Bump package to rebuild with rust 1.72.0 + * Fri May 12 2023 Saul Paredes - 31.1-1 - Update to v31.1 diff --git a/SPECS/flux/0001-libflux-unblock-build-by-allowing-warnings.patch b/SPECS/flux/0001-libflux-unblock-build-by-allowing-warnings.patch new file mode 100644 index 00000000000..df10e4dfee9 --- /dev/null +++ b/SPECS/flux/0001-libflux-unblock-build-by-allowing-warnings.patch @@ -0,0 +1,23 @@ +From 714740fafd5876f4239b095a4d7e000249c65c5d Mon Sep 17 00:00:00 2001 +From: Muhammad Falak R Wani +Date: Thu, 14 Sep 2023 13:49:14 +0530 +Subject: [PATCH] libflux: unblock build by allowing warnings + +Signed-off-by: Muhammad Falak R Wani +--- + libflux/flux/src/lib.rs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/libflux/flux/src/lib.rs b/libflux/flux/src/lib.rs +index 3fdf407..ae7153a 100644 +--- a/libflux/flux/src/lib.rs ++++ b/libflux/flux/src/lib.rs +@@ -1,4 +1,4 @@ +-#![cfg_attr(feature = "strict", deny(warnings, missing_docs))] ++#![cfg_attr(feature = "strict", deny(missing_docs))] + + //! This module provides the public facing API for Flux's Go runtime, including formatting, + //! parsing, and standard library analysis. +-- +2.40.1 + diff --git a/SPECS/flux/flux.spec b/SPECS/flux/flux.spec index ee5690a661b..04301dfacd7 100644 --- a/SPECS/flux/flux.spec +++ b/SPECS/flux/flux.spec @@ -22,7 +22,7 @@ Summary: Influx data language Name: flux Version: 0.191.0 -Release: 1%{?dist} +Release: 3%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -40,6 +40,7 @@ Source0: %{url}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}. Source1: %{name}-%{version}-cargo.tar.gz Source2: cargo_config Patch1: disable-static-library.patch +Patch2: 0001-libflux-unblock-build-by-allowing-warnings.patch BuildRequires: cargo >= 1.45 BuildRequires: kernel-headers BuildRequires: rust >= 1.45 @@ -70,6 +71,7 @@ programs using Influx data language. %prep %setup -q +%patch2 -p1 pushd libflux tar -xf %{SOURCE1} install -D %{SOURCE2} .cargo/config @@ -137,6 +139,12 @@ RUSTFLAGS=%{rustflags} cargo test --release %{_includedir}/influxdata/flux.h %changelog +* Thu Sep 14 2023 Muhammad Falak - 0.191.0-3 +- Introduce patch to drop warnings as build blocker + +* Thu Sep 07 2023 Daniel McIlvaney - 0.191.0-2 +- Bump package to rebuild with rust 1.72.0 + * Mon Jan 30 2023 Mykhailo Bykhovtsev - 0.191.0-1 - Upgrade to version 0.191.0 - Added patches to fix libflux.so file linking issues diff --git a/SPECS/influxdb/influxdb.spec b/SPECS/influxdb/influxdb.spec index a3df9cc9463..31db3063196 100644 --- a/SPECS/influxdb/influxdb.spec +++ b/SPECS/influxdb/influxdb.spec @@ -18,7 +18,7 @@ Summary: Scalable datastore for metrics, events, and real-time analytics Name: influxdb Version: 2.6.1 -Release: 9%{?dist} +Release: 10%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -144,6 +144,9 @@ go test ./... %{_tmpfilesdir}/influxdb.conf %changelog +* Thu Sep 07 2023 Daniel McIlvaney - 2.6.1-10 +- Bump package to rebuild with rust 1.72.0 + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 2.6.1-9 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/kata-containers-cc/0001-tardev-snapshotter-enable-feature-impl_trait_in_asso.patch b/SPECS/kata-containers-cc/0001-tardev-snapshotter-enable-feature-impl_trait_in_asso.patch new file mode 100644 index 00000000000..961aa6011e4 --- /dev/null +++ b/SPECS/kata-containers-cc/0001-tardev-snapshotter-enable-feature-impl_trait_in_asso.patch @@ -0,0 +1,24 @@ +From 5fcf237c5dacff5e688b81e67d33823feb880140 Mon Sep 17 00:00:00 2001 +From: Muhammad Falak R Wani +Date: Thu, 14 Sep 2023 15:03:27 +0530 +Subject: [PATCH] tardev-snapshotter: enable feature(impl_trait_in_assoc_type) + to unblock build + +Signed-off-by: Muhammad Falak R Wani +--- + src/tardev-snapshotter/src/main.rs | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/tardev-snapshotter/src/main.rs b/src/tardev-snapshotter/src/main.rs +index 5ca175b..10018a3 100644 +--- a/src/tardev-snapshotter/src/main.rs ++++ b/src/tardev-snapshotter/src/main.rs +@@ -1,4 +1,5 @@ + #![feature(type_alias_impl_trait)] ++#![feature(impl_trait_in_assoc_type)] + + use containerd_snapshots::server; + use log::{error, info, warn}; +-- +2.40.1 + diff --git a/SPECS/kata-containers-cc/drop-mut-for-variables-that-are-not-mutated.patch b/SPECS/kata-containers-cc/drop-mut-for-variables-that-are-not-mutated.patch new file mode 100644 index 00000000000..4ca736091a3 --- /dev/null +++ b/SPECS/kata-containers-cc/drop-mut-for-variables-that-are-not-mutated.patch @@ -0,0 +1,54 @@ +From a17efe9e87d691bc4c0b7f3ef503096993f3a9d6 Mon Sep 17 00:00:00 2001 +From: Muhammad Falak R Wani +Date: Thu, 14 Sep 2023 16:10:09 +0530 +Subject: [PATCH 1/2] libs: kata-types: drop mut for vars that are immutable + +Signed-off-by: Muhammad Falak R Wani +--- + src/libs/kata-types/src/annotations/mod.rs | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/libs/kata-types/src/annotations/mod.rs b/src/libs/kata-types/src/annotations/mod.rs +index 3af0563..db4e9f7 100644 +--- a/src/libs/kata-types/src/annotations/mod.rs ++++ b/src/libs/kata-types/src/annotations/mod.rs +@@ -470,8 +470,8 @@ impl Annotation { + let u32_err = io::Error::new(io::ErrorKind::InvalidData, "parse u32 error".to_string()); + let u64_err = io::Error::new(io::ErrorKind::InvalidData, "parse u64 error".to_string()); + let i32_err = io::Error::new(io::ErrorKind::InvalidData, "parse i32 error".to_string()); +- let mut hv = config.hypervisor.get_mut(hypervisor_name).unwrap(); +- let mut ag = config.agent.get_mut(agent_name).unwrap(); ++ let hv = config.hypervisor.get_mut(hypervisor_name).unwrap(); ++ let ag = config.agent.get_mut(agent_name).unwrap(); + for (key, value) in &self.annotations { + if hv.security_info.is_annotation_enabled(key) { + match key.as_str() { +-- +2.40.1 + +From 10cdb83529c2135351e4a252b2d9aea85e6e7069 Mon Sep 17 00:00:00 2001 +From: Muhammad Falak R Wani +Date: Thu, 14 Sep 2023 16:26:44 +0530 +Subject: [PATCH 2/2] agent: singnal: drop mut for immutable var + +Signed-off-by: Muhammad Falak R Wani +--- + src/agent/src/signal.rs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/agent/src/signal.rs b/src/agent/src/signal.rs +index d67000b..401ded9 100644 +--- a/src/agent/src/signal.rs ++++ b/src/agent/src/signal.rs +@@ -57,7 +57,7 @@ async fn handle_sigchild(logger: Logger, sandbox: Arc>) -> Result + continue; + } + +- let mut p = process.unwrap(); ++ let p = process.unwrap(); + + let ret: i32 = match wait_status { + WaitStatus::Exited(_, c) => c, +-- +2.40.1 + diff --git a/SPECS/kata-containers-cc/kata-containers-cc.spec b/SPECS/kata-containers-cc/kata-containers-cc.spec index 96d26d69946..9f3e3ac264e 100644 --- a/SPECS/kata-containers-cc/kata-containers-cc.spec +++ b/SPECS/kata-containers-cc/kata-containers-cc.spec @@ -8,7 +8,7 @@ Name: kata-containers-cc Version: 0.6.0 -Release: 2%{?dist} +Release: 4%{?dist} Summary: Kata Confidential Containers License: ASL 2.0 Vendor: Microsoft Corporation @@ -17,6 +17,8 @@ Source0: https://github.com/microsoft/kata-containers/archive/refs/tags/cc- Source1: https://github.com/microsoft/kata-containers/archive/refs/tags/%{name}-%{version}.tar.gz Source2: %{name}-%{version}-cargo.tar.gz Source3: mariner-coco-build-uvm.sh +Patch0: 0001-tardev-snapshotter-enable-feature-impl_trait_in_asso.patch +Patch1: drop-mut-for-variables-that-are-not-mutated.patch ExclusiveArch: x86_64 @@ -240,8 +242,15 @@ install -D -m 0755 %{_builddir}/%{name}-%{version}/tools/osbuilder/image-builder %changelog -* Mon Aug 07 2023 CBL-Mariner Servicing Account - 0.6.0-2 -- Bump release to rebuild with go 1.19.12 +* Thu Sep 14 2023 Muhammad Falak - 0.6.0-4 +- Introduce patch to drop mut for immutable vars +- Introduce patch enabling feature(impl_trait_in_assoc_type) to unblock build + +* Thu Sep 07 2023 Daniel McIlvaney - 0.6.0-3 +- Bump package to rebuild with rust 1.72.0 + +* Mon Aug 07 2023 CBL-Mariner Servicing Account - 0.6.0-2 +- Bump release to rebuild with go 1.19.12 * Tue Jul 11 2023 Dallas Delaney 0.6.0-1 - Upgrade to version 0.6.0 diff --git a/SPECS/kata-containers/drop-mut-for-variables-that-are-not-mutated.patch b/SPECS/kata-containers/drop-mut-for-variables-that-are-not-mutated.patch new file mode 100644 index 00000000000..6eddcfdc68f --- /dev/null +++ b/SPECS/kata-containers/drop-mut-for-variables-that-are-not-mutated.patch @@ -0,0 +1,54 @@ +From 19a8a137b1c5fd9248896bd5f63638acfc9aff8c Mon Sep 17 00:00:00 2001 +From: Muhammad Falak R Wani +Date: Thu, 14 Sep 2023 14:56:17 +0530 +Subject: [PATCH 1/2] kata-types: drop mut for variables that are not mutated + +Signed-off-by: Muhammad Falak R Wani +--- + src/libs/kata-types/src/annotations/mod.rs | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/libs/kata-types/src/annotations/mod.rs b/src/libs/kata-types/src/annotations/mod.rs +index c8d6312..d6c51c1 100644 +--- a/src/libs/kata-types/src/annotations/mod.rs ++++ b/src/libs/kata-types/src/annotations/mod.rs +@@ -462,8 +462,8 @@ impl Annotation { + let u32_err = io::Error::new(io::ErrorKind::InvalidData, "parse u32 error".to_string()); + let u64_err = io::Error::new(io::ErrorKind::InvalidData, "parse u64 error".to_string()); + let i32_err = io::Error::new(io::ErrorKind::InvalidData, "parse i32 error".to_string()); +- let mut hv = config.hypervisor.get_mut(hypervisor_name).unwrap(); +- let mut ag = config.agent.get_mut(agent_name).unwrap(); ++ let hv = config.hypervisor.get_mut(hypervisor_name).unwrap(); ++ let ag = config.agent.get_mut(agent_name).unwrap(); + for (key, value) in &self.annotations { + if hv.security_info.is_annotation_enabled(key) { + match key.as_str() { +-- +2.40.1 + +From 7ec3b121c3891f4e4de643bcbef3287d7f564d7f Mon Sep 17 00:00:00 2001 +From: Muhammad Falak R Wani +Date: Thu, 14 Sep 2023 15:31:16 +0530 +Subject: [PATCH 2/2] agent: drop mut from variable which is not mutated + +Signed-off-by: Muhammad Falak R Wani +--- + src/agent/src/signal.rs | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/agent/src/signal.rs b/src/agent/src/signal.rs +index 79dea3b..8ec6556 100644 +--- a/src/agent/src/signal.rs ++++ b/src/agent/src/signal.rs +@@ -57,7 +57,7 @@ async fn handle_sigchild(logger: Logger, sandbox: Arc>) -> Result + continue; + } + +- let mut p = process.unwrap(); ++ let p = process.unwrap(); + + let ret: i32 = match wait_status { + WaitStatus::Exited(_, c) => c, +-- +2.40.1 + diff --git a/SPECS/kata-containers/kata-containers.spec b/SPECS/kata-containers/kata-containers.spec index 2f3cd9c04da..8cf106c0490 100644 --- a/SPECS/kata-containers/kata-containers.spec +++ b/SPECS/kata-containers/kata-containers.spec @@ -41,7 +41,7 @@ Summary: Kata Containers version 2.x repository Name: kata-containers Version: 3.1.0 -Release: 4%{?dist} +Release: 6%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation URL: https://github.com/%{name}/%{name} @@ -56,7 +56,8 @@ Patch1: 0002-Merged-PR-9671-Wait-for-a-possibly-slow-Guest.patch Patch2: 0003-Merged-PR-9805-Add-support-for-MSHV.patch Patch3: 0004-Merged-PR-9806-Fix-enable_debug-for-hypervisor.clh.patch Patch4: 0005-Merged-PR-9956-shim-avoid-memory-hotplug-timeout.patch -Patch9: runtime-reduce-uvm-high-mem-footprint.patch +Patch5: runtime-reduce-uvm-high-mem-footprint.patch +Patch6: drop-mut-for-variables-that-are-not-mutated.patch BuildRequires: golang BuildRequires: git-core @@ -223,6 +224,12 @@ ln -sf %{_bindir}/kata-runtime %{buildroot}%{_prefix}/local/bin/kata-runtime %exclude %{kataosbuilderdir}/rootfs-builder/ubuntu %changelog +* Thu Sep 14 2023 Muhammad Falak - 3.1.0-6 +- Introduce patch to drop mut for variables to unblock build + +* Thu Sep 07 2023 Daniel McIlvaney - 3.1.0-5 +- Bump package to rebuild with rust 1.72.0 + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 3.1.0-4 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/librsvg2/librsvg2.spec b/SPECS/librsvg2/librsvg2.spec index 7554189738c..7330ccdafcd 100644 --- a/SPECS/librsvg2/librsvg2.spec +++ b/SPECS/librsvg2/librsvg2.spec @@ -8,7 +8,7 @@ Summary: An SVG library based on cairo Name: librsvg2 Version: 2.50.3 -Release: 3%{?dist} +Release: 4%{?dist} License: LGPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -111,6 +111,9 @@ rm -vrf %{buildroot}%{_docdir} %{_mandir}/man1/rsvg-convert.1* %changelog +* Thu Sep 07 2023 Daniel McIlvaney - 2.50.3-4 +- Bump package to rebuild with rust 1.72.0 + * Wed Aug 31 2022 Olivia Crain - 2.50.3-3 - Bump package to rebuild with stable Rust compiler diff --git a/SPECS/mozjs/mozjs.spec b/SPECS/mozjs/mozjs.spec index bfae82501fa..9991d4706cd 100644 --- a/SPECS/mozjs/mozjs.spec +++ b/SPECS/mozjs/mozjs.spec @@ -3,7 +3,7 @@ Summary: Mozilla's JavaScript engine. Name: mozjs Version: 78.10.0 -Release: 4%{?dist} +Release: 5%{?dist} License: BSD AND MIT AND MPLv2.0 AND Unicode Vendor: Microsoft Corporation Distribution: Mariner @@ -128,6 +128,9 @@ fi %{_libdir}/pkgconfig/mozjs-%{major}.pc %changelog +* Thu Sep 07 2023 Daniel McIlvaney - 78.10.0-5 +- Bump package to rebuild with rust 1.72.0 + * Tue Jun 27 2023 Minghe Ren - 78.10.0-4 - Add patch for CVE-2022-48285 diff --git a/SPECS/netavark/netavark.spec b/SPECS/netavark/netavark.spec index 2c5c0876505..682ddfd9d33 100644 --- a/SPECS/netavark/netavark.spec +++ b/SPECS/netavark/netavark.spec @@ -10,7 +10,7 @@ Name: netavark Version: 1.0.3 -Release: 4%{?dist} +Release: 5%{?dist} Summary: OCI network stack License: ASL 2.0 and BSD and MIT Vendor: Microsoft Corporation @@ -219,6 +219,9 @@ popd %{_mandir}/man1/%{name}.1* %changelog +* Thu Sep 07 2023 Daniel McIlvaney - 1.0.3-5 +- Bump package to rebuild with rust 1.72.0 + * Fri Jul 22 2022 Suresh Babu Chalamalasetty 1.0.3-4 - Initial CBL-Mariner import from Fedora 37 (license: MIT). - License verified. diff --git a/SPECS/rpm-ostree/rpm-ostree.spec b/SPECS/rpm-ostree/rpm-ostree.spec index 418baa14266..5f01463b977 100644 --- a/SPECS/rpm-ostree/rpm-ostree.spec +++ b/SPECS/rpm-ostree/rpm-ostree.spec @@ -1,7 +1,7 @@ Summary: Commit RPMs to an OSTree repository Name: rpm-ostree Version: 2022.1 -Release: 5%{?dist} +Release: 6%{?dist} License: LGPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -157,6 +157,9 @@ make check %{_datadir}/gir-1.0/*-1.0.gir %changelog +* Thu Sep 07 2023 Daniel McIlvaney - 2022.1-6 +- Bump package to rebuild with rust 1.72.0 + * Tue Aug 01 2023 Sumedh Sharma - 2022.1-5 - Apply patch for CVE-2022-47085 diff --git a/SPECS/rust/CVE-2023-27477.patch b/SPECS/rust/CVE-2023-27477.patch deleted file mode 100644 index fd19a1312bb..00000000000 --- a/SPECS/rust/CVE-2023-27477.patch +++ /dev/null @@ -1,82 +0,0 @@ -Fixes CVE-2023-27477: https://nvd.nist.gov/vuln/detail/CVE-2023-27477, which is a -vulnerability in cranelift that is exposed in rust. - -Adapted by tobiasb@microsoft.com from patch to wasmtime/cranelift: - https://github.com/bytecodealliance/wasmtime/commit/5dc2bbccbb363e474d2c9a1b8e38a89a43bbd5d1. - -From 5dc2bbccbb363e474d2c9a1b8e38a89a43bbd5d1 Mon Sep 17 00:00:00 2001 -From: -Date: Wed, 8 Mar 2023 13:00:00 -0600 -Subject: [PATCH] Merge pull request from GHSA-xm67-587q-r2vw - -This commit fixes an off-by-one error in the subtraction of indices when -shuffling a vector with itself. Lanes 16-and-above are mapped to select -from the first vector since the first and second element are the same, -but the subtraction was with 15 rather than 16 by accident. ---- -PATCH NOTE -- ORIGINAL: - cranelift/codegen/src/isa/x64/lower/isle.rs | 2 +- -PATCH NOTE -- UPDATED: - vendor/cranelift-codegen/src/isa/x64/lower/isle.rs | 2 +- - -PATCH NOTE: These clif files are not included in the rust source, so they are not included in the patch. - .../filetests/isa/x64/simd-lane-access-compile.clif | 3 ++- - cranelift/filetests/filetests/runtests/simd-shuffle.clif | 7 +++++++ - -PATCH NOTE -- ORIGINAL: - 3 files changed, 10 insertions(+), 2 deletions(-) -PATCH NOTE -- UPDATED: - 1 file changed, 1 insertion(+), 1 deletion(-) - -# PATCH NOTE -- ORIGINAL: -#diff --git a/cranelift/codegen/src/isa/x64/lower/isle.rs b/cranelift/codegen/src/isa/x64/lower/isle.rs -# PATCH NOTE: UPDATED with path used within rust source: -diff --git a/vendor/cranelift-codegen/src/isa/x64/lower/isle.rs b/vendor/cranelift-codegen/src/isa/x64/lower/isle.rs - -index 0267c3d32ce..61be54a0052 100644 -# PATCH NOTE -- ORIGINAL: -#--- a/cranelift/codegen/src/isa/x64/lower/isle.rs -#+++ b/cranelift/codegen/src/isa/x64/lower/isle.rs -# PATCH NOTE: UPDATED with path used within rust source: ---- a/vendor/cranelift-codegen/src/isa/x64/lower/isle.rs -+++ b/vendor/cranelift-codegen/src/isa/x64/lower/isle.rs -@@ -752,7 +752,7 @@ impl Context for IsleContext<'_, '_, MInst, X64Backend> { - fn shuffle_0_31_mask(&mut self, mask: &VecMask) -> VCodeConstant { - let mask = mask - .iter() -- .map(|&b| if b > 15 { b.wrapping_sub(15) } else { b }) -+ .map(|&b| if b > 15 { b.wrapping_sub(16) } else { b }) - .map(|b| if b > 15 { 0b10000000 } else { b }) - .collect(); - self.lower_ctx - -# PATCH NOTE: The rest of the diffs are not applied because the tests are not included in the rust source. -# diff --git a/cranelift/filetests/filetests/isa/x64/simd-lane-access-compile.clif b/cranelift/filetests/filetests/isa/x64/simd-lane-access-compile.clif -# index f58cad93a64..f414054edb8 100644 -# --- a/cranelift/filetests/filetests/isa/x64/simd-lane-access-compile.clif -# +++ b/cranelift/filetests/filetests/isa/x64/simd-lane-access-compile.clif -# @@ -101,7 +101,8 @@ block0: -# ; addb %al, (%rax) -# ; addb %al, (%rax) -# ; addb %al, (%rax) -# -; addb %al, (%rcx, %rax) -# +; addb %al, (%rbx) -# +; addl %eax, (%rax) -# ; addb %al, (%rax) -# ; addb %al, (%rax) -# ; addb %al, (%rax) -# diff --git a/cranelift/filetests/filetests/runtests/simd-shuffle.clif b/cranelift/filetests/filetests/runtests/simd-shuffle.clif -# index cbb8bef5aed..621eebda629 100644 -# --- a/cranelift/filetests/filetests/runtests/simd-shuffle.clif -# +++ b/cranelift/filetests/filetests/runtests/simd-shuffle.clif -# @@ -19,3 +19,10 @@ block0(v0: i8x16, v1: i8x16): -# return v2 -# } -# ; run: %shuffle_zeros([1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16], [17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32]) == [4 1 0 0 5 7 13 12 24 14 25 5 3 0 18 6] -# + -# +function %shuffle1(i8x16) -> i8x16 { -# +block0(v0: i8x16): -# + v1 = shuffle v0, v0, [8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23] -# + return v1 -# +} -# +; run: %shuffle1([0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15]) == [8 9 10 11 12 13 14 15 0 1 2 3 4 5 6 7] diff --git a/SPECS/rust/generate_source_tarball.sh b/SPECS/rust/generate_source_tarball.sh index 28e6d578df2..766034aa69e 100755 --- a/SPECS/rust/generate_source_tarball.sh +++ b/SPECS/rust/generate_source_tarball.sh @@ -88,6 +88,9 @@ popd > /dev/null pushd $src_root > /dev/null echo "Fetching dependencies to a temporary cache" +# The build environment's rust may not have all the features required to run +# cargo fetch, so we need to use the bootstrap mode that disables some features. +export RUSTC_BOOTSTRAP=1 CARGO_HOME=$src_root/.cargo cargo fetch echo "Compressing the cache." tar --sort=name --mtime="2021-04-26 00:00Z" \ @@ -101,12 +104,12 @@ echo "get additional src tarballs" CONFIG_FILE="$src_root/src/stage0.json" RUST_RELEASE_DATE=$(cat $CONFIG_FILE | jq -r '.compiler.date') RUST_STAGE0_VERSION=$(cat $CONFIG_FILE | jq -r '.compiler.version') -wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/cargo-$RUST_STAGE0_VERSION-x86_64-unknown-linux-gnu.tar.gz -wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/rustc-$RUST_STAGE0_VERSION-x86_64-unknown-linux-gnu.tar.gz -wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/rust-std-$RUST_STAGE0_VERSION-x86_64-unknown-linux-gnu.tar.gz -wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/cargo-$RUST_STAGE0_VERSION-aarch64-unknown-linux-gnu.tar.gz -wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/rustc-$RUST_STAGE0_VERSION-aarch64-unknown-linux-gnu.tar.gz -wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/rust-std-$RUST_STAGE0_VERSION-aarch64-unknown-linux-gnu.tar.gz +wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/cargo-$RUST_STAGE0_VERSION-x86_64-unknown-linux-gnu.tar.xz +wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/rustc-$RUST_STAGE0_VERSION-x86_64-unknown-linux-gnu.tar.xz +wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/rust-std-$RUST_STAGE0_VERSION-x86_64-unknown-linux-gnu.tar.xz +wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/cargo-$RUST_STAGE0_VERSION-aarch64-unknown-linux-gnu.tar.xz +wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/rustc-$RUST_STAGE0_VERSION-aarch64-unknown-linux-gnu.tar.xz +wget https://static.rust-lang.org/dist/$RUST_RELEASE_DATE/rust-std-$RUST_STAGE0_VERSION-aarch64-unknown-linux-gnu.tar.xz popd > /dev/null diff --git a/SPECS/rust/rust.signatures.json b/SPECS/rust/rust.signatures.json index 431268b975a..b9cc23028da 100644 --- a/SPECS/rust/rust.signatures.json +++ b/SPECS/rust/rust.signatures.json @@ -1,12 +1,12 @@ { "Signatures": { - "cargo-1.67.1-aarch64-unknown-linux-gnu.tar.gz": "e1ab1452572cb78fc7ec88bcadb2fd3e230c72b84d990fd6fc4ec57a24abdb2f", - "cargo-1.67.1-x86_64-unknown-linux-gnu.tar.gz": "8d9310dc1e8d36ebd8d56ccaddb0c854daddb6b750c147c141be04f0ec6e89f0", - "rust-std-1.67.1-aarch64-unknown-linux-gnu.tar.gz": "19f3afbe43c7e041b8b5c0143101d3ede92f73f720709ef1578ad5d259ad6181", - "rust-std-1.67.1-x86_64-unknown-linux-gnu.tar.gz": "31dfc19ae5821c0542975111574aa8cc7e0b2e1a95204f6cff7572f183524626", - "rustc-1.67.1-aarch64-unknown-linux-gnu.tar.gz": "accb1afa2674730b69a762f79b4f71bbb5211c4f5b022b115d8e034775dba5ad", - "rustc-1.67.1-x86_64-unknown-linux-gnu.tar.gz": "11115542833004fff465fdc86994245b6446d988aebd42153203a6f9c3aeccef", - "rustc-1.68.2-src-cargo.tar.gz": "8b41ba09a0e998fce6bafa69c93c8c5384b29b38438104db7c98e348b4759979", - "rustc-1.68.2-src.tar.xz": "ce1a115f6aafa912b4622906a92b626354973afa9288e2c7750df4dcf3390fc0" + "cargo-1.71.0-aarch64-unknown-linux-gnu.tar.xz": "13e8ff23d6af976a45f3ab451bf698e318a8d1823d588ff8a989555096f894a8", + "cargo-1.71.0-x86_64-unknown-linux-gnu.tar.xz": "fe6fb520f59966300ee661d18b37c36cb3e614877c4c01dfedf987b8a9c577e9", + "rust-std-1.71.0-aarch64-unknown-linux-gnu.tar.xz": "58542a0ab1162ce05a45eb751793782dc24c5bf8eb9a7467317f254260305ea6", + "rust-std-1.71.0-x86_64-unknown-linux-gnu.tar.xz": "98ae6530c3a41167e9d93d11ea078be98a02f6d809a06d0d51af3ce0f73150d7", + "rustc-1.71.0-aarch64-unknown-linux-gnu.tar.xz": "e61b6e34df8c3a002798a9f627c4da701d66f9fc066a70264e354b03d06e6722", + "rustc-1.71.0-x86_64-unknown-linux-gnu.tar.xz": "c293d906769671d1cd18e945671bbd14e0b8a41df5075c47f33e6086fc8a1558", + "rustc-1.72.0-src-cargo.tar.gz": "632d49351b356a9498d099ef619d76f682bcf94768567ade9fdcaca8433f7520", + "rustc-1.72.0-src.tar.xz": "d307441f8ee78a7e94f72cb5c81383822f13027f79e67a5551bfd2c2d2db3014" } } \ No newline at end of file diff --git a/SPECS/rust/rust.spec b/SPECS/rust/rust.spec index c98b536fee8..ef4eab9a5c5 100644 --- a/SPECS/rust/rust.spec +++ b/SPECS/rust/rust.spec @@ -3,13 +3,13 @@ # Release date and version of stage 0 compiler can be found in "src/stage0.json" inside the extracted "Source0". # Look for "date:" and "rustc:". -%define release_date 2023-02-09 -%define stage0_version 1.67.1 +%define release_date 2023-07-13 +%define stage0_version 1.71.0 Summary: Rust Programming Language Name: rust -Version: 1.68.2 -Release: 5%{?dist} +Version: 1.72.0 +Release: 1%{?dist} License: (ASL 2.0 OR MIT) AND BSD AND CC-BY-3.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -28,18 +28,19 @@ Source0: https://static.rust-lang.org/dist/rustc-%{version}-src.tar.xz # wget https://static.rust-lang.org/dist/rustc-1.68.2-src.tar.xz # - Create a directory to store the output from the script: # mkdir rustOutputDir +# - Get prereqs for the script (for a mariner container): +# tdnf -y install rust wget jq tar ca-certificates # - Run the script: # ./generate_source_tarball --srcTarball path/to/rustc-1.68.2-src.tar.xz --outFolder path/to/rustOutputDir --pkgVersion 1.68.2 # Source1: rustc-%{version}-src-cargo.tar.gz -Source2: https://static.rust-lang.org/dist/%{release_date}/cargo-%{stage0_version}-x86_64-unknown-linux-gnu.tar.gz -Source3: https://static.rust-lang.org/dist/%{release_date}/rustc-%{stage0_version}-x86_64-unknown-linux-gnu.tar.gz -Source4: https://static.rust-lang.org/dist/%{release_date}/rust-std-%{stage0_version}-x86_64-unknown-linux-gnu.tar.gz -Source5: https://static.rust-lang.org/dist/%{release_date}/cargo-%{stage0_version}-aarch64-unknown-linux-gnu.tar.gz -Source6: https://static.rust-lang.org/dist/%{release_date}/rustc-%{stage0_version}-aarch64-unknown-linux-gnu.tar.gz -Source7: https://static.rust-lang.org/dist/%{release_date}/rust-std-%{stage0_version}-aarch64-unknown-linux-gnu.tar.gz -Patch0: CVE-2023-27477.patch +Source2: https://static.rust-lang.org/dist/%{release_date}/cargo-%{stage0_version}-x86_64-unknown-linux-gnu.tar.xz +Source3: https://static.rust-lang.org/dist/%{release_date}/rustc-%{stage0_version}-x86_64-unknown-linux-gnu.tar.xz +Source4: https://static.rust-lang.org/dist/%{release_date}/rust-std-%{stage0_version}-x86_64-unknown-linux-gnu.tar.xz +Source5: https://static.rust-lang.org/dist/%{release_date}/cargo-%{stage0_version}-aarch64-unknown-linux-gnu.tar.xz +Source6: https://static.rust-lang.org/dist/%{release_date}/rustc-%{stage0_version}-aarch64-unknown-linux-gnu.tar.xz +Source7: https://static.rust-lang.org/dist/%{release_date}/rust-std-%{stage0_version}-aarch64-unknown-linux-gnu.tar.xz BuildRequires: binutils BuildRequires: cmake # make sure rust relies on curl from CBL-Mariner (instead of using its vendored flavor) @@ -85,23 +86,18 @@ tar -xf %{SOURCE1} --no-same-owner popd %autosetup -p1 -n rustc-%{version}-src -# Rust doesn't recognize our .tar.gz bootstrap files when XZ support is enabled -# This causes stage 0 bootstrap to look online for sources -# So, we remove XZ support detection in the bootstrap program -sed -i "s/tarball_suffix = '.tar.xz' if support_xz() else '.tar.gz'/tarball_suffix = '.tar.gz'/g" src/bootstrap/bootstrap.py - # Setup build/cache directory BUILD_CACHE_DIR="build/cache/%{release_date}" mkdir -pv "$BUILD_CACHE_DIR" %ifarch x86_64 -mv %{SOURCE2} "$BUILD_CACHE_DIR" -mv %{SOURCE3} "$BUILD_CACHE_DIR" -mv %{SOURCE4} "$BUILD_CACHE_DIR" +cp %{SOURCE2} "$BUILD_CACHE_DIR" +cp %{SOURCE3} "$BUILD_CACHE_DIR" +cp %{SOURCE4} "$BUILD_CACHE_DIR" %endif %ifarch aarch64 -mv %{SOURCE5} "$BUILD_CACHE_DIR" -mv %{SOURCE6} "$BUILD_CACHE_DIR" -mv %{SOURCE7} "$BUILD_CACHE_DIR" +cp %{SOURCE5} "$BUILD_CACHE_DIR" +cp %{SOURCE6} "$BUILD_CACHE_DIR" +cp %{SOURCE7} "$BUILD_CACHE_DIR" %endif %build @@ -112,7 +108,7 @@ export CXXFLAGS="`echo " %{build_cxxflags} " | sed 's/ -g//'`" sh ./configure \ --prefix=%{_prefix} \ --enable-extended \ - --tools="cargo,clippy,rustfmt" \ + --tools="cargo,clippy,rustfmt,rust-analyzer-proc-macro-srv" \ --release-channel="stable" \ --release-description="CBL-Mariner %{version}-%{release}" @@ -121,6 +117,11 @@ sh ./configure \ USER=root SUDO_USER=root %make_build %check +# We expect to generate dynamic CI contents in this folder, but it will fail since the .github folder is not included +# with the published sources. +mkdir -p .github/workflows +x.py run src/tools/expand-yaml-anchors + ln -s %{_prefix}/src/mariner/BUILD/rustc-%{version}-src/build/x86_64-unknown-linux-gnu/stage2-tools-bin/rustfmt %{_prefix}/src/mariner/BUILD/rustc-%{version}-src/build/x86_64-unknown-linux-gnu/stage0/bin/ ln -s %{_prefix}/src/mariner/BUILD/rustc-%{version}-src/vendor/ /root/vendor # remove rustdoc ui flaky test issue-98690.rs (which is tagged with 'unstable-options') @@ -133,6 +134,7 @@ mv %{buildroot}%{_docdir}/%{name}/LICENSE-THIRD-PARTY . rm %{buildroot}%{_docdir}/%{name}/{COPYRIGHT,LICENSE-APACHE,LICENSE-MIT} rm %{buildroot}%{_docdir}/%{name}/html/.lock rm %{buildroot}%{_docdir}/%{name}/*.old +rm %{buildroot}%{_bindir}/*.old %ldconfig_scriptlets @@ -165,6 +167,9 @@ rm %{buildroot}%{_docdir}/%{name}/*.old %{_mandir}/man1/* %changelog +* Wed Sep 06 2023 Daniel McIlvaney - 1.72.2-1 +- Bump to version 1.72.2 to address CVE-2023-38497, CVE-2023-40030 + * Tue Aug 22 2023 Rachel Menge - 1.68.2-5 - Bump release to rebuild against openssl 1.1.1k-26 diff --git a/cgmanifest.json b/cgmanifest.json index ea5cf6e987f..965b6b1b15d 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -27165,8 +27165,8 @@ "type": "other", "other": { "name": "rust", - "version": "1.68.2", - "downloadUrl": "https://static.rust-lang.org/dist/rustc-1.68.2-src.tar.xz" + "version": "1.72.0", + "downloadUrl": "https://static.rust-lang.org/dist/rustc-1.72.0-src.tar.xz" } } }, From 04daa7acedc18ef55143e3a8382308349565b17d Mon Sep 17 00:00:00 2001 From: Chris Gunn Date: Thu, 28 Sep 2023 13:51:12 -0700 Subject: [PATCH 28/47] Centralize assets mount point definition. (#6282) --- .../imagegen/installutils/installutils.go | 32 +++++++++++-------- toolkit/tools/imager/imager.go | 9 +++--- 2 files changed, 23 insertions(+), 18 deletions(-) diff --git a/toolkit/tools/imagegen/installutils/installutils.go b/toolkit/tools/imagegen/installutils/installutils.go index 0ac533571bd..9a3ac262ab8 100644 --- a/toolkit/tools/imagegen/installutils/installutils.go +++ b/toolkit/tools/imagegen/installutils/installutils.go @@ -936,13 +936,14 @@ func addEntryToCrypttab(installRoot string, devicePath string, encryptedRoot dis } // InstallGrubEnv installs an empty grubenv f -func InstallGrubEnv(installRoot string) (err error) { +func InstallGrubEnv(installRoot, assetsDir string) (err error) { const ( - assetGrubEnvFile = "/installer/grub2/grubenv" + assetGrubEnvFile = "grub2/grubenv" grubEnvFile = "boot/grub2/grubenv" ) + assetGrubEnvFileFullPath := filepath.Join(assetsDir, assetGrubEnvFile) installGrubEnvFile := filepath.Join(installRoot, grubEnvFile) - err = file.CopyAndChangeMode(assetGrubEnvFile, installGrubEnvFile, bootDirectoryDirMode, bootDirectoryFileMode) + err = file.CopyAndChangeMode(assetGrubEnvFileFullPath, installGrubEnvFile, bootDirectoryDirMode, bootDirectoryFileMode) if err != nil { logger.Log.Warnf("Failed to copy and change mode of grubenv: %v", err) return @@ -962,23 +963,26 @@ func InstallGrubEnv(installRoot string) (err error) { // - isBootPartitionSeparate is a boolean value which is true if the /boot partition is separate from the root partition // Note: this boot partition could be different than the boot partition specified in the bootloader. // This boot partition specifically indicates where to find the kernel, config files, and initrd -func InstallGrubCfg(installRoot, rootDevice, bootUUID, bootPrefix string, encryptedRoot diskutils.EncryptedRootDevice, kernelCommandLine configuration.KernelCommandLine, readOnlyRoot diskutils.VerityDevice, isBootPartitionSeparate bool) (err error) { +func InstallGrubCfg(installRoot, rootDevice, bootUUID, bootPrefix, assetsDir string, encryptedRoot diskutils.EncryptedRootDevice, kernelCommandLine configuration.KernelCommandLine, readOnlyRoot diskutils.VerityDevice, isBootPartitionSeparate bool) (err error) { const ( - assetGrubcfgFile = "/installer/grub2/grub.cfg" + assetGrubcfgFile = "grub2/grub.cfg" grubCfgFile = "boot/grub2/grub.cfg" - assetGrubDefFile = "/installer/grub2/grub" + assetGrubDefFile = "grub2/grub" grubDefFile = "etc/default/grub" ) // Copy the bootloader's grub.cfg and set the file permission + assetGrubcfgFileFullPath := filepath.Join(assetsDir, assetGrubcfgFile) installGrubCfgFile := filepath.Join(installRoot, grubCfgFile) + + assetGrubDefFileFullPath := filepath.Join(assetsDir, assetGrubDefFile) installGrubDefFile := filepath.Join(installRoot, grubDefFile) - err = file.CopyAndChangeMode(assetGrubcfgFile, installGrubCfgFile, bootDirectoryDirMode, bootDirectoryFileMode) + err = file.CopyAndChangeMode(assetGrubcfgFileFullPath, installGrubCfgFile, bootDirectoryDirMode, bootDirectoryFileMode) if err != nil { return } - err = file.CopyAndChangeMode(assetGrubDefFile, installGrubDefFile, bootDirectoryDirMode, bootDirectoryFileMode) + err = file.CopyAndChangeMode(assetGrubDefFileFullPath, installGrubDefFile, bootDirectoryDirMode, bootDirectoryFileMode) if err != nil { return } @@ -1669,7 +1673,7 @@ func getPackagesFromJSON(file string) (pkgList PackageList, err error) { // - bootUUID is the UUID of the boot partition // Note: this boot partition could be different than the boot partition specified in the main grub config. // This boot partition specifically indicates where to find the main grub cfg -func InstallBootloader(installChroot *safechroot.Chroot, encryptEnabled bool, bootType, bootUUID, bootPrefix, bootDevPath string) (err error) { +func InstallBootloader(installChroot *safechroot.Chroot, encryptEnabled bool, bootType, bootUUID, bootPrefix, bootDevPath, assetsDir string) (err error) { const ( efiMountPoint = "/boot/efi" efiBootType = "efi" @@ -1687,7 +1691,7 @@ func InstallBootloader(installChroot *safechroot.Chroot, encryptEnabled bool, bo } case efiBootType: efiPath := filepath.Join(installChroot.RootDir(), efiMountPoint) - err = installEfiBootloader(encryptEnabled, efiPath, bootUUID, bootPrefix) + err = installEfiBootloader(encryptEnabled, efiPath, bootUUID, bootPrefix, assetsDir) if err != nil { return } @@ -1822,18 +1826,18 @@ func enableCryptoDisk() (err error) { // installRoot/boot/efi folder // It is expected that shim (bootx64.efi) and grub2 (grub2.efi) are installed // into the EFI directory via the package list installation mechanism. -func installEfiBootloader(encryptEnabled bool, installRoot, bootUUID, bootPrefix string) (err error) { +func installEfiBootloader(encryptEnabled bool, installRoot, bootUUID, bootPrefix, assetsDir string) (err error) { const ( defaultCfgFilename = "grub.cfg" encryptCfgFilename = "grubEncrypt.cfg" - grubAssetDir = "/installer/efi/grub" + grubAssetDir = "efi/grub" grubFinalDir = "boot/grub2" ) // Copy the bootloader's grub.cfg - grubAssetPath := filepath.Join(grubAssetDir, defaultCfgFilename) + grubAssetPath := filepath.Join(assetsDir, grubAssetDir, defaultCfgFilename) if encryptEnabled { - grubAssetPath = filepath.Join(grubAssetDir, encryptCfgFilename) + grubAssetPath = filepath.Join(assetsDir, grubAssetDir, encryptCfgFilename) } grubFinalPath := filepath.Join(installRoot, grubFinalDir, defaultCfgFilename) err = file.CopyAndChangeMode(grubAssetPath, grubFinalPath, bootDirectoryDirMode, bootDirectoryFileMode) diff --git a/toolkit/tools/imager/imager.go b/toolkit/tools/imager/imager.go index 9d6f94206bf..5518d33119d 100644 --- a/toolkit/tools/imager/imager.go +++ b/toolkit/tools/imager/imager.go @@ -62,6 +62,8 @@ const ( // kickstartPartitionFile is the file that includes the partitioning schema used by // kickstart installation kickstartPartitionFile = "/tmp/part-include" + + assetsMountPoint = "/installer" ) func main() { @@ -119,7 +121,6 @@ func buildSystemConfig(systemConfig configuration.SystemConfig, disks []configur defer timestamp.StopEvent(nil) const ( - assetsMountPoint = "/installer" localRepoMountPoint = "/mnt/cdrom/RPMS" repoFileMountPoint = "/etc/yum.repos.d" setupRoot = "/setuproot" @@ -686,7 +687,7 @@ func configureDiskBootloader(systemConfig configuration.SystemConfig, installChr } bootType := systemConfig.BootType - err = installutils.InstallBootloader(installChroot, systemConfig.Encryption.Enable, bootType, bootUUID, bootPrefix, diskDevPath) + err = installutils.InstallBootloader(installChroot, systemConfig.Encryption.Enable, bootType, bootUUID, bootPrefix, diskDevPath, assetsMountPoint) if err != nil { err = fmt.Errorf("failed to install bootloader: %s", err) return @@ -722,13 +723,13 @@ func configureDiskBootloader(systemConfig configuration.SystemConfig, installChr } // Grub will always use filesystem UUID, never PARTUUID or PARTLABEL - err = installutils.InstallGrubCfg(installChroot.RootDir(), rootDevice, bootUUID, bootPrefix, encryptedRoot, systemConfig.KernelCommandLine, readOnlyRoot, isBootPartitionSeparate) + err = installutils.InstallGrubCfg(installChroot.RootDir(), rootDevice, bootUUID, bootPrefix, assetsMountPoint, encryptedRoot, systemConfig.KernelCommandLine, readOnlyRoot, isBootPartitionSeparate) if err != nil { err = fmt.Errorf("failed to install main grub config file: %s", err) return } - err = installutils.InstallGrubEnv(installChroot.RootDir()) + err = installutils.InstallGrubEnv(installChroot.RootDir(), assetsMountPoint) if err != nil { err = fmt.Errorf("failed to install grubenv file: %s", err) return From 78e5da4c1acaebd267bebabff694bdeae12a9730 Mon Sep 17 00:00:00 2001 From: Chris Gunn Date: Thu, 28 Sep 2023 15:21:12 -0700 Subject: [PATCH 29/47] Genericize partition functions (#6316) --- .../imagegen/configuration/partitionsetting.go | 18 ++++++++++++++++++ .../imagegen/configuration/systemconfig.go | 16 ++-------------- .../imagegen/installutils/installutils.go | 10 +++++----- toolkit/tools/imager/imager.go | 2 +- 4 files changed, 26 insertions(+), 20 deletions(-) diff --git a/toolkit/tools/imagegen/configuration/partitionsetting.go b/toolkit/tools/imagegen/configuration/partitionsetting.go index 46a917e12c9..259e94469e3 100644 --- a/toolkit/tools/imagegen/configuration/partitionsetting.go +++ b/toolkit/tools/imagegen/configuration/partitionsetting.go @@ -56,3 +56,21 @@ func (p *PartitionSetting) UnmarshalJSON(b []byte) (err error) { } return } + +// FindRootPartitionSetting returns a pointer to the partition setting describing the disk which +// will be mounted at "/", or nil if no partition is found +func FindRootPartitionSetting(partitionSettings []PartitionSetting) (rootPartitionSetting *PartitionSetting) { + return FindMountpointPartitionSetting(partitionSettings, "/") +} + +// FindMountpointPartitionSetting will search a list of partition settings for the partition setting +// corresponding to a mount point. +func FindMountpointPartitionSetting(partitionSettings []PartitionSetting, mountPoint string) (partitionSetting *PartitionSetting) { + for _, p := range partitionSettings { + if p.MountPoint == mountPoint { + // We want to reference the actual object in the slice + return &p + } + } + return nil +} diff --git a/toolkit/tools/imagegen/configuration/systemconfig.go b/toolkit/tools/imagegen/configuration/systemconfig.go index fd7d2dbf030..d901eeb5c33 100644 --- a/toolkit/tools/imagegen/configuration/systemconfig.go +++ b/toolkit/tools/imagegen/configuration/systemconfig.go @@ -44,25 +44,13 @@ type SystemConfig struct { // GetRootPartitionSetting returns a pointer to the partition setting describing the disk which // will be mounted at "/", or nil if no partition is found func (s *SystemConfig) GetRootPartitionSetting() (rootPartitionSetting *PartitionSetting) { - for i, p := range s.PartitionSettings { - if p.MountPoint == "/" { - // We want to reference the actual object in the slice - return &s.PartitionSettings[i] - } - } - return nil + return FindRootPartitionSetting(s.PartitionSettings) } // GetMountpointPartitionSetting will search the system configuration for the partition setting // corresponding to a mount point. func (s *SystemConfig) GetMountpointPartitionSetting(mountPoint string) (partitionSetting *PartitionSetting) { - for i, p := range s.PartitionSettings { - if p.MountPoint == mountPoint { - // We want to reference the actual object in the slice - return &s.PartitionSettings[i] - } - } - return nil + return FindMountpointPartitionSetting(s.PartitionSettings, mountPoint) } // IsValid returns an error if the SystemConfig is not valid diff --git a/toolkit/tools/imagegen/installutils/installutils.go b/toolkit/tools/imagegen/installutils/installutils.go index 9a3ac262ab8..7d7382746d0 100644 --- a/toolkit/tools/imagegen/installutils/installutils.go +++ b/toolkit/tools/imagegen/installutils/installutils.go @@ -80,13 +80,13 @@ func GetRequiredPackagesForInstall() []*pkgjson.PackageVer { // - mountPointToFsTypeMap is a map of mountpoint to filesystem type // - mountPointToMountArgsMap is a map of mountpoint to mount arguments to be passed on a call to mount // - diffDiskBuild is a flag that denotes whether this is a diffdisk build or not -func CreateMountPointPartitionMap(partDevPathMap, partIDToFsTypeMap map[string]string, config configuration.SystemConfig) (mountPointDevPathMap, mountPointToFsTypeMap, mountPointToMountArgsMap map[string]string, diffDiskBuild bool) { +func CreateMountPointPartitionMap(partDevPathMap, partIDToFsTypeMap map[string]string, partitionSettings []configuration.PartitionSetting) (mountPointDevPathMap, mountPointToFsTypeMap, mountPointToMountArgsMap map[string]string, diffDiskBuild bool) { mountPointDevPathMap = make(map[string]string) mountPointToFsTypeMap = make(map[string]string) mountPointToMountArgsMap = make(map[string]string) // Go through each PartitionSetting - for _, partitionSetting := range config.PartitionSettings { + for _, partitionSetting := range partitionSettings { logger.Log.Tracef("%v[%v]", partitionSetting.ID, partitionSetting.MountPoint) partDevPath, ok := partDevPathMap[partitionSetting.ID] if ok { @@ -628,7 +628,7 @@ func configureSystemFiles(installChroot *safechroot.Chroot, hostname string, con } // Update fstab - err = updateFstab(installChroot.RootDir(), config, installMap, mountPointToFsTypeMap, mountPointToMountArgsMap, partIDToDevPathMap, partIDToFsTypeMap, hidepidEnabled) + err = UpdateFstab(installChroot.RootDir(), config.PartitionSettings, installMap, mountPointToFsTypeMap, mountPointToMountArgsMap, partIDToDevPathMap, partIDToFsTypeMap, hidepidEnabled) if err != nil { return } @@ -791,7 +791,7 @@ func updateInitramfsForEncrypt(installChroot *safechroot.Chroot) (err error) { return } -func updateFstab(installRoot string, config configuration.SystemConfig, installMap, mountPointToFsTypeMap, mountPointToMountArgsMap, partIDToDevPathMap, partIDToFsTypeMap map[string]string, hidepidEnabled bool) (err error) { +func UpdateFstab(installRoot string, partitionSettings []configuration.PartitionSetting, installMap, mountPointToFsTypeMap, mountPointToMountArgsMap, partIDToDevPathMap, partIDToFsTypeMap map[string]string, hidepidEnabled bool) (err error) { const ( doPseudoFsMount = true ) @@ -799,7 +799,7 @@ func updateFstab(installRoot string, config configuration.SystemConfig, installM for mountPoint, devicePath := range installMap { if mountPoint != "" && devicePath != NullDevice { - partSetting := config.GetMountpointPartitionSetting(mountPoint) + partSetting := configuration.FindMountpointPartitionSetting(partitionSettings, mountPoint) if partSetting == nil { err = fmt.Errorf("unable to find PartitionSetting for '%s", mountPoint) return diff --git a/toolkit/tools/imager/imager.go b/toolkit/tools/imager/imager.go index 5518d33119d..f0c3dda2450 100644 --- a/toolkit/tools/imager/imager.go +++ b/toolkit/tools/imager/imager.go @@ -223,7 +223,7 @@ func buildSystemConfig(systemConfig configuration.SystemConfig, disks []configur setupChrootDir := filepath.Join(buildDir, setupRoot) // Create Parition to Mountpoint map - mountPointMap, mountPointToFsTypeMap, mountPointToMountArgsMap, diffDiskBuild := installutils.CreateMountPointPartitionMap(partIDToDevPathMap, partIDToFsTypeMap, systemConfig) + mountPointMap, mountPointToFsTypeMap, mountPointToMountArgsMap, diffDiskBuild := installutils.CreateMountPointPartitionMap(partIDToDevPathMap, partIDToFsTypeMap, systemConfig.PartitionSettings) if diffDiskBuild { timestamp.StartEvent("creating delta disk", nil) mountPointToOverlayMap, err = installutils.UpdatePartitionMapWithOverlays(partIDToDevPathMap, partIDToFsTypeMap, mountPointMap, mountPointToFsTypeMap, mountPointToMountArgsMap, systemConfig) From feacd465bae57d5cba1832871bda30b125381e3c Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Thu, 28 Sep 2023 16:17:37 -0700 Subject: [PATCH 30/47] Added `gtk-doc` dependencies to the chroot. (#6317) --- toolkit/resources/manifests/package/pkggen_core_aarch64.txt | 4 ++++ toolkit/resources/manifests/package/pkggen_core_x86_64.txt | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 552d904bb98..6cf922b7d54 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -196,6 +196,8 @@ curl-libs-8.3.0-1.cm2.aarch64.rpm createrepo_c-0.17.5-1.cm2.aarch64.rpm libxml2-2.10.4-1.cm2.aarch64.rpm libxml2-devel-2.10.4-1.cm2.aarch64.rpm +docbook-dtd-xml-4.5-11.cm2.noarch.rpm +docbook-style-xsl-1.79.1-13.cm2.noarch.rpm libsepol-3.2-2.cm2.aarch64.rpm glib-2.71.0-2.cm2.aarch64.rpm libltdl-2.4.6-8.cm2.aarch64.rpm @@ -216,6 +218,7 @@ libgpg-error-1.46-1.cm2.aarch64.rpm libgcrypt-1.9.4-2.cm2.aarch64.rpm libksba-1.6.3-1.cm2.aarch64.rpm libksba-devel-1.6.3-1.cm2.aarch64.rpm +libxslt-1.1.34-7.cm2.aarch64.rpm npth-1.6-4.cm2.aarch64.rpm pinentry-1.2.0-1.cm2.aarch64.rpm gnupg2-2.4.0-2.cm2.aarch64.rpm @@ -238,6 +241,7 @@ python3-3.9.14-7.cm2.aarch64.rpm python3-devel-3.9.14-7.cm2.aarch64.rpm python3-libs-3.9.14-7.cm2.aarch64.rpm python3-setuptools-3.9.14-7.cm2.noarch.rpm +python3-pygments-2.4.2-7.cm2.noarch.rpm which-2.21-8.cm2.aarch64.rpm libselinux-3.2-1.cm2.aarch64.rpm slang-2.3.2-4.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 8aee19842d3..8b7a2cd6c70 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -196,6 +196,8 @@ curl-libs-8.3.0-1.cm2.x86_64.rpm createrepo_c-0.17.5-1.cm2.x86_64.rpm libxml2-2.10.4-1.cm2.x86_64.rpm libxml2-devel-2.10.4-1.cm2.x86_64.rpm +docbook-dtd-xml-4.5-11.cm2.noarch.rpm +docbook-style-xsl-1.79.1-13.cm2.noarch.rpm libsepol-3.2-2.cm2.x86_64.rpm glib-2.71.0-2.cm2.x86_64.rpm libltdl-2.4.6-8.cm2.x86_64.rpm @@ -216,6 +218,7 @@ libgpg-error-1.46-1.cm2.x86_64.rpm libgcrypt-1.9.4-2.cm2.x86_64.rpm libksba-1.6.3-1.cm2.x86_64.rpm libksba-devel-1.6.3-1.cm2.x86_64.rpm +libxslt-1.1.34-7.cm2.x86_64.rpm npth-1.6-4.cm2.x86_64.rpm pinentry-1.2.0-1.cm2.x86_64.rpm gnupg2-2.4.0-2.cm2.x86_64.rpm @@ -238,6 +241,7 @@ python3-3.9.14-7.cm2.x86_64.rpm python3-devel-3.9.14-7.cm2.x86_64.rpm python3-libs-3.9.14-7.cm2.x86_64.rpm python3-setuptools-3.9.14-7.cm2.noarch.rpm +python3-pygments-2.4.2-7.cm2.noarch.rpm which-2.21-8.cm2.x86_64.rpm libselinux-3.2-1.cm2.x86_64.rpm slang-2.3.2-4.cm2.x86_64.rpm From d2ba4f043a8f6ff5eec3ab65af1ec2ff46d5dbbd Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Thu, 28 Sep 2023 16:21:27 -0700 Subject: [PATCH 31/47] [AUTOPATCHER-CORE] Upgrade cri-tools to 1.28.0 to fix vendored vulns CVE-2021-38561, CVE-2021-44716 CVE-2022-32149, CVE-2022-27664, CVE-2022-29526, CVE-2022-28948 (#6300) --- SPECS/cri-tools/cri-tools.signatures.json | 2 +- SPECS/cri-tools/cri-tools.spec | 51 ++++++++++++----------- SPECS/cri-tools/no-git-in-build.patch | 15 ------- cgmanifest.json | 4 +- 4 files changed, 29 insertions(+), 43 deletions(-) delete mode 100644 SPECS/cri-tools/no-git-in-build.patch diff --git a/SPECS/cri-tools/cri-tools.signatures.json b/SPECS/cri-tools/cri-tools.signatures.json index 644a3ec731f..a9d8f207fa0 100644 --- a/SPECS/cri-tools/cri-tools.signatures.json +++ b/SPECS/cri-tools/cri-tools.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "cri-tools-1.23.0.tar.gz": "c6a2e7fdd76d16f1bb5bbdb3c71a335a383e54bc6114058f16bf2789faf808de" + "cri-tools-1.28.0.tar.gz": "e32eb97d8ab6dff4a772a9672a19b62b65dd3bd71253aee64ba3d5109e86e058" } } \ No newline at end of file diff --git a/SPECS/cri-tools/cri-tools.spec b/SPECS/cri-tools/cri-tools.spec index 7f06f25ab79..7819a98d0d3 100644 --- a/SPECS/cri-tools/cri-tools.spec +++ b/SPECS/cri-tools/cri-tools.spec @@ -1,16 +1,19 @@ +%define debug_package %{nil} +%ifarch aarch64 +%global gohostarch arm64 +%elifarch x86_64 +%global gohostarch amd64 +%endif Summary: CRI tools Name: cri-tools -Version: 1.23.0 -Release: 13%{?dist} -License: ASL 2.0 +Version: 1.28.0 +Release: 1%{?dist} +License: Apache-2.0 Vendor: Microsoft Corporation Distribution: Mariner Group: Development/Tools URL: https://github.com/kubernetes-sigs/cri-tools -#Source0: https://github.com/kubernetes-sigs/cri-tools/archive/v%{version}.tar.gz -Source0: %{name}-%{version}.tar.gz -Patch0: no-git-in-build.patch -%define debug_package %{nil} +Source0: https://github.com/kubernetes-sigs/cri-tools/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz BuildRequires: glib-devel BuildRequires: glibc-devel BuildRequires: golang @@ -24,32 +27,30 @@ critest: validation test suites for kubelet CRI. %autosetup -p1 %build -export VERSION="v%{version}" -make %{?_smp_mflags} - +export VERSION="%{version}" +%make_build %install +export BUILD_FOLDER="./build/bin/linux/%{gohostarch}" install -m 755 -d %{buildroot}%{_bindir} -install -p -m 755 -t %{buildroot}%{_bindir} ./build/bin/crictl -install -p -m 755 -t %{buildroot}%{_bindir} ./build/bin/critest - -install -m 755 -d %{buildroot}%{_docdir}/%{name} -install -p -m 644 -t %{buildroot}%{_docdir}/%{name} ./CHANGELOG.md -install -p -m 644 -t %{buildroot}%{_docdir}/%{name} ./CONTRIBUTING.md -install -p -m 644 -t %{buildroot}%{_docdir}/%{name} ./OWNERS -install -p -m 644 -t %{buildroot}%{_docdir}/%{name} ./README.md -install -p -m 644 -t %{buildroot}%{_docdir}/%{name} ./code-of-conduct.md -install -p -m 644 -t %{buildroot}%{_docdir}/%{name} ./docs/validation.md -install -p -m 644 -t %{buildroot}%{_docdir}/%{name} ./docs/roadmap.md -install -p -m 644 -t %{buildroot}%{_docdir}/%{name} ./docs/crictl.md +install -p -m 755 -t %{buildroot}%{_bindir} "${BUILD_FOLDER}/crictl" +install -p -m 755 -t %{buildroot}%{_bindir} "${BUILD_FOLDER}/critest" %files -%defattr(-,root,root) %license LICENSE -%{_bindir}/* -%{_docdir}/%{name} +%doc CHANGELOG.md CONTRIBUTING.md OWNERS README.md code-of-conduct.md +%doc docs/validation.md docs/roadmap.md docs/crictl.md +%{_bindir}/crictl +%{_bindir}/critest %changelog +* Wed Sep 27 2023 CBL-Mariner Servicing Account - 1.28.0-1 +- Auto-upgrade to 1.28.0 to fix vendored vulns CVE-2021-38561, CVE-2021-44716, + CVE-2022-32149, CVE-2022-27664, CVE-2022-29526, CVE-2022-28948 +- Use SPDX license expression in license tag +- Use %%doc macro to install docs +- Remove obsolete patch to remove git usage in makefile + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 1.23.0-13 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/cri-tools/no-git-in-build.patch b/SPECS/cri-tools/no-git-in-build.patch deleted file mode 100644 index 04cefaded0f..00000000000 --- a/SPECS/cri-tools/no-git-in-build.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -ru cri-tools-1.22.0-orig/Makefile cri-tools-1.22.0/Makefile ---- cri-tools-1.22.0-orig/Makefile 2021-08-05 05:27:22.000000000 -0700 -+++ cri-tools-1.22.0/Makefile 2021-08-18 05:50:24.651143216 -0700 -@@ -32,8 +32,9 @@ - PROJECT := github.com/kubernetes-sigs/cri-tools - BINDIR ?= /usr/local/bin - --VERSION := $(shell git describe --tags --dirty --always) --VERSION := $(VERSION:v%=%) -+# build without git => VERSION must be define before using makefile -+# VERSION := $(shell git describe --tags --dirty --always) -+# VERSION := $(VERSION:v%=%) - GO_LDFLAGS := -X $(PROJECT)/pkg/version.Version=$(VERSION) - BUILDTAGS := selinux - \ No newline at end of file diff --git a/cgmanifest.json b/cgmanifest.json index 965b6b1b15d..08c8bdfdba5 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -2287,8 +2287,8 @@ "type": "other", "other": { "name": "cri-tools", - "version": "1.23.0", - "downloadUrl": "https://github.com/kubernetes-sigs/cri-tools/archive/v1.23.0.tar.gz" + "version": "1.28.0", + "downloadUrl": "https://github.com/kubernetes-sigs/cri-tools/archive/v1.28.0.tar.gz" } } }, From 307f520d1affeff92c4e97de45953c2cd160a179 Mon Sep 17 00:00:00 2001 From: Adub17030MS <110563293+Adub17030MS@users.noreply.github.com> Date: Thu, 28 Sep 2023 22:52:19 -0700 Subject: [PATCH 32/47] Update sriov to v3.5.1 (#6312) * Update sriov to v3.5.1 * Update sriov-network-device-plugin.signatures.json * Update sriov-network-device-plugin.spec * Update cgmanifest.json * Spec linitng --- .../sriov-network-device-plugin.signatures.json | 4 ++-- .../sriov-network-device-plugin.spec | 13 ++++++++----- cgmanifest.json | 6 +++--- 3 files changed, 13 insertions(+), 10 deletions(-) diff --git a/SPECS/sriov-network-device-plugin/sriov-network-device-plugin.signatures.json b/SPECS/sriov-network-device-plugin/sriov-network-device-plugin.signatures.json index cab260d2bad..aa848d3116b 100644 --- a/SPECS/sriov-network-device-plugin/sriov-network-device-plugin.signatures.json +++ b/SPECS/sriov-network-device-plugin/sriov-network-device-plugin.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "sriov-network-device-plugin-3.4.0.tar.gz": "670a94299dc144d239f16af342d6d92aaa84e0dd730fe5b8d889255cae7a4063" + "sriov-network-device-plugin-3.5.1.tar.gz": "60ea0e1dfd2eced7c6fadc13b38f80393f258dc65f14ca78b4fa2e6c22cb3433" } -} \ No newline at end of file +} diff --git a/SPECS/sriov-network-device-plugin/sriov-network-device-plugin.spec b/SPECS/sriov-network-device-plugin/sriov-network-device-plugin.spec index 5471fa26333..24dbe4c4104 100644 --- a/SPECS/sriov-network-device-plugin/sriov-network-device-plugin.spec +++ b/SPECS/sriov-network-device-plugin/sriov-network-device-plugin.spec @@ -1,15 +1,15 @@ Summary: Plugin for discovering and advertising networking resources Name: sriov-network-device-plugin -Version: 3.4.0 -Release: 12%{?dist} +Version: 3.5.1 +Release: 1%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner URL: https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin Source0: https://github.com/k8snetworkplumbingwg/%{name}/archive/refs/tags/v%{version}.tar.gz#/%{name}-%{version}.tar.gz BuildRequires: golang -Requires: hwdata Requires: gawk +Requires: hwdata %description sriov-network-device-plugin is Kubernetes device plugin for discovering and advertising networking @@ -24,16 +24,19 @@ go build -mod vendor -o ./build/sriovdp ./cmd/sriovdp/ %install install -D -m0755 build/sriovdp %{buildroot}%{_bindir}/sriovdp install -D -m0755 images/entrypoint.sh %{buildroot}%{_bindir}/%{name}-entrypoint.sh -install -D -m0755 images/ddptool-1.0.1.12.tar.gz %{buildroot}/usr/share/%{name}/ddptool-1.0.1.12.tar.gz +install -D -m0755 images/ddptool-1.0.1.12.tar.gz %{buildroot}%{_datadir}/%{name}/ddptool-1.0.1.12.tar.gz %files %license LICENSE %doc README.md %{_bindir}/sriovdp %{_bindir}/%{name}-entrypoint.sh -/usr/share/%{name}/ddptool-1.0.1.12.tar.gz +%{_datadir}/%{name}/ddptool-1.0.1.12.tar.gz %changelog +* Thu Sep 28 2023 Aditya Dubey - 3.5.1-1 +- Upgrade to v3.5.1 + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 3.4.0-12 - Bump release to rebuild with go 1.19.12 diff --git a/cgmanifest.json b/cgmanifest.json index 08c8bdfdba5..1983123d2bf 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -28117,8 +28117,8 @@ "type": "other", "other": { "name": "sriov-network-device-plugin", - "version": "3.4.0", - "downloadUrl": "https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin/archive/refs/tags/v3.4.0.tar.gz" + "version": "3.5.1", + "downloadUrl": "https://github.com/k8snetworkplumbingwg/sriov-network-device-plugin/archive/refs/tags/v3.5.1.tar.gz" } } }, @@ -30897,4 +30897,4 @@ } ], "Version": 1 -} \ No newline at end of file +} From fca71a0288763a9b6f74ea52ef3b28417d79c240 Mon Sep 17 00:00:00 2001 From: CBL-Mariner-Bot <75509084+CBL-Mariner-Bot@users.noreply.github.com> Date: Fri, 29 Sep 2023 11:25:31 -0700 Subject: [PATCH 33/47] [AUTOPATCHER-kernel] Kernel upgrade to version 5.15.133.1 - branch main (#6286) * Remove NET_CLS_RSVP and CONFIG_NET_CLS_RSVP6 that don't apply to the new version Co-authored-by: Neha Agarwal --- .../kernel-azure-signed.spec | 7 +++-- .../kernel-hci-signed/kernel-hci-signed.spec | 7 +++-- SPECS-SIGNED/kernel-signed/kernel-signed.spec | 7 +++-- .../hyperv-daemons.signatures.json | 2 +- SPECS/hyperv-daemons/hyperv-daemons.spec | 5 +++- SPECS/kernel-azure/config | 4 +-- SPECS/kernel-azure/config_aarch64 | 4 +-- .../kernel-azure/kernel-azure.signatures.json | 8 +++--- SPECS/kernel-azure/kernel-azure.spec | 7 +++-- SPECS/kernel-hci/config | 4 +-- SPECS/kernel-hci/kernel-hci.signatures.json | 6 ++--- SPECS/kernel-hci/kernel-hci.spec | 7 +++-- .../kernel-headers.signatures.json | 2 +- SPECS/kernel-headers/kernel-headers.spec | 7 +++-- SPECS/kernel/config | 4 +-- SPECS/kernel/config_aarch64 | 4 +-- SPECS/kernel/kernel.signatures.json | 8 +++--- SPECS/kernel/kernel.spec | 7 +++-- cgmanifest.json | 22 ++++++++-------- .../manifests/package/pkggen_core_aarch64.txt | 2 +- .../manifests/package/pkggen_core_x86_64.txt | 2 +- .../manifests/package/toolchain_aarch64.txt | 2 +- .../manifests/package/toolchain_x86_64.txt | 2 +- toolkit/scripts/mariner-required-configs.json | 26 +++++++++++++++++++ 24 files changed, 98 insertions(+), 58 deletions(-) diff --git a/SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec b/SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec index 3a68de37c9c..def2024da6d 100644 --- a/SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec +++ b/SPECS-SIGNED/kernel-azure-signed/kernel-azure-signed.spec @@ -9,8 +9,8 @@ %define uname_r %{version}-%{release} Summary: Signed Linux Kernel for Azure Name: kernel-azure-signed-%{buildarch} -Version: 5.15.131.1 -Release: 3%{?dist} +Version: 5.15.133.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %exclude /module_info.ld %changelog +* Tue Sep 26 2023 CBL-Mariner Servicing Account - 5.15.133.1-1 +- Auto-upgrade to 5.15.133.1 + * Tue Sep 22 2023 Cameron Baird - 5.15.131.1-3 - Bump release to match kernel diff --git a/SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec b/SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec index 7ad92233a0c..212de3d4815 100644 --- a/SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec +++ b/SPECS-SIGNED/kernel-hci-signed/kernel-hci-signed.spec @@ -4,8 +4,8 @@ %define uname_r %{version}-%{release} Summary: Signed Linux Kernel for HCI Name: kernel-hci-signed-%{buildarch} -Version: 5.15.131.1 -Release: 3%{?dist} +Version: 5.15.133.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -149,6 +149,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %exclude /module_info.ld %changelog +* Tue Sep 26 2023 CBL-Mariner Servicing Account - 5.15.133.1-1 +- Auto-upgrade to 5.15.133.1 + * Tue Sep 22 2023 Cameron Baird - 5.15.131.1-3 - Bump release to match kernel diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec index 781312a6d75..11078b57303 100644 --- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec +++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec @@ -9,8 +9,8 @@ %define uname_r %{version}-%{release} Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-signed-%{buildarch} -Version: 5.15.131.1 -Release: 3%{?dist} +Version: 5.15.133.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -153,6 +153,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %exclude /module_info.ld %changelog +* Tue Sep 26 2023 CBL-Mariner Servicing Account - 5.15.133.1-1 +- Auto-upgrade to 5.15.133.1 + * Tue Sep 22 2023 Cameron Baird - 5.15.131.1-3 - Bump release to match kernel diff --git a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json index 3f75e95ef11..09bc78003d1 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json +++ b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json @@ -7,6 +7,6 @@ "hypervkvpd.service": "c1bb207cf9f388f8f3cf5b649abbf8cfe4c4fcf74538612946e68f350d1f265f", "hypervvss.rules": "94cead44245ef6553ab79c0bbac8419e3ff4b241f01bcec66e6f508098cbedd1", "hypervvssd.service": "22270d9f0f23af4ea7905f19c1d5d5495e40c1f782cbb87a99f8aec5a011078d", - "kernel-5.15.131.1.tar.gz": "79e6f96e5e9b0e920336dc5c2da0d5b65c3d77f9568b15ae6c4517164aace0a4" + "kernel-5.15.133.1.tar.gz": "de627dba4ea5a7bc47c4d1999aa28a8f14b9b4046c55ac6e4fbce93e1db2c559" } } \ No newline at end of file diff --git a/SPECS/hyperv-daemons/hyperv-daemons.spec b/SPECS/hyperv-daemons/hyperv-daemons.spec index 3834e378619..db6e0e9feec 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.spec +++ b/SPECS/hyperv-daemons/hyperv-daemons.spec @@ -8,7 +8,7 @@ %global udev_prefix 70 Summary: Hyper-V daemons suite Name: hyperv-daemons -Version: 5.15.131.1 +Version: 5.15.133.1 Release: 1%{?dist} License: GPLv2+ Vendor: Microsoft Corporation @@ -219,6 +219,9 @@ fi %{_sbindir}/lsvmbus %changelog +* Tue Sep 26 2023 CBL-Mariner Servicing Account - 5.15.133.1-1 +- Auto-upgrade to 5.15.133.1 + * Fri Sep 08 2023 CBL-Mariner Servicing Account - 5.15.131.1-1 - Auto-upgrade to 5.15.131.1 diff --git a/SPECS/kernel-azure/config b/SPECS/kernel-azure/config index 51458063a06..da5c724e087 100644 --- a/SPECS/kernel-azure/config +++ b/SPECS/kernel-azure/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.15.131.1 Kernel Configuration +# Linux/x86_64 5.15.133.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -1572,8 +1572,6 @@ CONFIG_NET_CLS_FW=m CONFIG_NET_CLS_U32=m CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y -CONFIG_NET_CLS_RSVP=m -CONFIG_NET_CLS_RSVP6=m CONFIG_NET_CLS_FLOW=m CONFIG_NET_CLS_CGROUP=m CONFIG_NET_CLS_BPF=m diff --git a/SPECS/kernel-azure/config_aarch64 b/SPECS/kernel-azure/config_aarch64 index 812ec8c8d02..c66b5520cfa 100644 --- a/SPECS/kernel-azure/config_aarch64 +++ b/SPECS/kernel-azure/config_aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 5.15.131.1 Kernel Configuration +# Linux/arm64 5.15.133.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -1686,8 +1686,6 @@ CONFIG_NET_CLS_FW=m CONFIG_NET_CLS_U32=m CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y -CONFIG_NET_CLS_RSVP=m -CONFIG_NET_CLS_RSVP6=m CONFIG_NET_CLS_FLOW=m CONFIG_NET_CLS_CGROUP=m CONFIG_NET_CLS_BPF=m diff --git a/SPECS/kernel-azure/kernel-azure.signatures.json b/SPECS/kernel-azure/kernel-azure.signatures.json index f7c81752054..b555fc1628b 100644 --- a/SPECS/kernel-azure/kernel-azure.signatures.json +++ b/SPECS/kernel-azure/kernel-azure.signatures.json @@ -1,9 +1,9 @@ { "Signatures": { "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", - "config": "a50ff4269a0f7470cc14896fdb429daa8b5143e8e66e005f95f3bb4f8d91fc84", - "config_aarch64": "ff20c123409e3486e8de87cd2fb6db4b1b2cd02aca88f53c5359f55bb1df528b", + "config": "4cc95f8de9e406768434cc7234d7fd3049414154178608cdf8e2a8ca3f88e67a", + "config_aarch64": "133e9295b2e232011943c609f65058d84b3dc880a011dc50174d8e27605c2c1a", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", - "kernel-5.15.131.1.tar.gz": "79e6f96e5e9b0e920336dc5c2da0d5b65c3d77f9568b15ae6c4517164aace0a4" + "kernel-5.15.133.1.tar.gz": "de627dba4ea5a7bc47c4d1999aa28a8f14b9b4046c55ac6e4fbce93e1db2c559" } -} \ No newline at end of file +} diff --git a/SPECS/kernel-azure/kernel-azure.spec b/SPECS/kernel-azure/kernel-azure.spec index 3884a21267f..f49fb400e41 100644 --- a/SPECS/kernel-azure/kernel-azure.spec +++ b/SPECS/kernel-azure/kernel-azure.spec @@ -27,8 +27,8 @@ Summary: Linux Kernel Name: kernel-azure -Version: 5.15.131.1 -Release: 3%{?dist} +Version: 5.15.133.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -419,6 +419,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Tue Sep 26 2023 CBL-Mariner Servicing Account - 5.15.133.1-1 +- Auto-upgrade to 5.15.133.1 + * Tue Sep 22 2023 Cameron Baird - 5.15.131.1-3 - Call grub2-mkconfig to regenerate configs only if the user has previously used grub2-mkconfig for boot configuration. diff --git a/SPECS/kernel-hci/config b/SPECS/kernel-hci/config index 5d5e64fd6ef..7c09ed08df8 100644 --- a/SPECS/kernel-hci/config +++ b/SPECS/kernel-hci/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.15.131.1 Kernel Configuration +# Linux/x86_64 5.15.133.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -1575,8 +1575,6 @@ CONFIG_NET_CLS_FW=m CONFIG_NET_CLS_U32=m CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y -CONFIG_NET_CLS_RSVP=m -CONFIG_NET_CLS_RSVP6=m CONFIG_NET_CLS_FLOW=m CONFIG_NET_CLS_CGROUP=m CONFIG_NET_CLS_BPF=m diff --git a/SPECS/kernel-hci/kernel-hci.signatures.json b/SPECS/kernel-hci/kernel-hci.signatures.json index 9faaa2a3aa6..db0950ab227 100644 --- a/SPECS/kernel-hci/kernel-hci.signatures.json +++ b/SPECS/kernel-hci/kernel-hci.signatures.json @@ -1,7 +1,7 @@ { "Signatures": { "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", - "config": "015bd05f0b97edc9b61956d54dc1378833e3348f5aabd64f12ee81af0fa7c4e8", - "kernel-5.15.131.1.tar.gz": "79e6f96e5e9b0e920336dc5c2da0d5b65c3d77f9568b15ae6c4517164aace0a4" + "config": "8130c426b7a6c2661eeaa524d21b74d9d49823e51a5fa24b4f7851089a7c3928", + "kernel-5.15.133.1.tar.gz": "de627dba4ea5a7bc47c4d1999aa28a8f14b9b4046c55ac6e4fbce93e1db2c559" } -} \ No newline at end of file +} diff --git a/SPECS/kernel-hci/kernel-hci.spec b/SPECS/kernel-hci/kernel-hci.spec index f67ac6e160a..e48c71f0ef8 100644 --- a/SPECS/kernel-hci/kernel-hci.spec +++ b/SPECS/kernel-hci/kernel-hci.spec @@ -17,8 +17,8 @@ %define config_source %{SOURCE1} Summary: Linux Kernel for HCI Name: kernel-hci -Version: 5.15.131.1 -Release: 3%{?dist} +Version: 5.15.133.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -434,6 +434,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Tue Sep 26 2023 CBL-Mariner Servicing Account - 5.15.133.1-1 +- Auto-upgrade to 5.15.133.1 + * Tue Sep 22 2023 Cameron Baird - 5.15.131.1-3 - Call grub2-mkconfig to regenerate configs only if the user has previously used grub2-mkconfig for boot configuration. diff --git a/SPECS/kernel-headers/kernel-headers.signatures.json b/SPECS/kernel-headers/kernel-headers.signatures.json index 243206377bb..11c5f7411c2 100644 --- a/SPECS/kernel-headers/kernel-headers.signatures.json +++ b/SPECS/kernel-headers/kernel-headers.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "kernel-5.15.131.1.tar.gz": "79e6f96e5e9b0e920336dc5c2da0d5b65c3d77f9568b15ae6c4517164aace0a4" + "kernel-5.15.133.1.tar.gz": "de627dba4ea5a7bc47c4d1999aa28a8f14b9b4046c55ac6e4fbce93e1db2c559" } } \ No newline at end of file diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index a81b1400006..23d5dc789b6 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -1,7 +1,7 @@ Summary: Linux API header files Name: kernel-headers -Version: 5.15.131.1 -Release: 3%{?dist} +Version: 5.15.133.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -36,6 +36,9 @@ cp -rv usr/include/* /%{buildroot}%{_includedir} %{_includedir}/* %changelog +* Tue Sep 26 2023 CBL-Mariner Servicing Account - 5.15.133.1-1 +- Auto-upgrade to 5.15.133.1 + * Tue Sep 22 2023 Cameron Baird - 5.15.131.1-3 - Bump release to match kernel diff --git a/SPECS/kernel/config b/SPECS/kernel/config index fc6039acb66..f587c44ba21 100644 --- a/SPECS/kernel/config +++ b/SPECS/kernel/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.15.131.1 Kernel Configuration +# Linux/x86_64 5.15.133.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -1576,8 +1576,6 @@ CONFIG_NET_CLS_FW=m CONFIG_NET_CLS_U32=m CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y -CONFIG_NET_CLS_RSVP=m -CONFIG_NET_CLS_RSVP6=m CONFIG_NET_CLS_FLOW=m CONFIG_NET_CLS_CGROUP=m CONFIG_NET_CLS_BPF=m diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64 index 0ea762f1405..58e7dac5153 100644 --- a/SPECS/kernel/config_aarch64 +++ b/SPECS/kernel/config_aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 5.15.131.1 Kernel Configuration +# Linux/arm64 5.15.133.1 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -1687,8 +1687,6 @@ CONFIG_NET_CLS_FW=m CONFIG_NET_CLS_U32=m CONFIG_CLS_U32_PERF=y CONFIG_CLS_U32_MARK=y -CONFIG_NET_CLS_RSVP=m -CONFIG_NET_CLS_RSVP6=m CONFIG_NET_CLS_FLOW=m CONFIG_NET_CLS_CGROUP=m CONFIG_NET_CLS_BPF=m diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index 516e13287d1..5df9997d1d5 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -1,9 +1,9 @@ { "Signatures": { "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", - "config": "5aac865f894b53ebc1cd94dc6763ed8a5c07c0e2834e6a43fcc8a84fe0ce2c98", - "config_aarch64": "f060e00880f85bb8222dac3db4419659a522e54c36eff4b2f322ec81e847da85", + "config": "60050fe56fd5d00e9794e232a57e5f982c990c57f2ddfe4ce20c32dc994ce951", + "config_aarch64": "b0ae7f091065ec8edd399a7e88660fac65239e8268c6f56fbe718cbc01905ce2", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", - "kernel-5.15.131.1.tar.gz": "79e6f96e5e9b0e920336dc5c2da0d5b65c3d77f9568b15ae6c4517164aace0a4" + "kernel-5.15.133.1.tar.gz": "de627dba4ea5a7bc47c4d1999aa28a8f14b9b4046c55ac6e4fbce93e1db2c559" } -} \ No newline at end of file +} diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index 40bdbb0bb44..c7dfdfdb38b 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -27,8 +27,8 @@ Summary: Linux Kernel Name: kernel -Version: 5.15.131.1 -Release: 3%{?dist} +Version: 5.15.133.1 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -425,6 +425,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Tue Sep 26 2023 CBL-Mariner Servicing Account - 5.15.133.1-1 +- Auto-upgrade to 5.15.133.1 + * Tue Sep 19 2023 Cameron Baird - 5.15.131.1-3 - Call grub2-mkconfig to regenerate configs only if the user has previously used grub2-mkconfig for boot configuration. diff --git a/cgmanifest.json b/cgmanifest.json index 1983123d2bf..e4fa8c1d37d 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -6600,8 +6600,8 @@ "type": "other", "other": { "name": "hyperv-daemons", - "version": "5.15.131.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.131.1.tar.gz" + "version": "5.15.133.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.133.1.tar.gz" } } }, @@ -8181,8 +8181,8 @@ "type": "other", "other": { "name": "kernel", - "version": "5.15.131.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.131.1.tar.gz" + "version": "5.15.133.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.133.1.tar.gz" } } }, @@ -8191,8 +8191,8 @@ "type": "other", "other": { "name": "kernel-azure", - "version": "5.15.131.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.131.1.tar.gz" + "version": "5.15.133.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.133.1.tar.gz" } } }, @@ -8201,8 +8201,8 @@ "type": "other", "other": { "name": "kernel-hci", - "version": "5.15.131.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.131.1.tar.gz" + "version": "5.15.133.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.133.1.tar.gz" } } }, @@ -8211,8 +8211,8 @@ "type": "other", "other": { "name": "kernel-headers", - "version": "5.15.131.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.131.1.tar.gz" + "version": "5.15.133.1", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-2/5.15.133.1.tar.gz" } } }, @@ -30897,4 +30897,4 @@ } ], "Version": 1 -} +} \ No newline at end of file diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 6cf922b7d54..312386cc66d 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-15.cm2.aarch64.rpm -kernel-headers-5.15.131.1-3.cm2.noarch.rpm +kernel-headers-5.15.133.1-1.cm2.noarch.rpm glibc-2.35-4.cm2.aarch64.rpm glibc-devel-2.35-4.cm2.aarch64.rpm glibc-i18n-2.35-4.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 8b7a2cd6c70..54fb16f7b1b 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-15.cm2.x86_64.rpm -kernel-headers-5.15.131.1-3.cm2.noarch.rpm +kernel-headers-5.15.133.1-1.cm2.noarch.rpm glibc-2.35-4.cm2.x86_64.rpm glibc-devel-2.35-4.cm2.x86_64.rpm glibc-i18n-2.35-4.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 28bb5874cf6..77fa0849a8b 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -136,7 +136,7 @@ intltool-0.51.0-7.cm2.noarch.rpm itstool-2.0.6-4.cm2.noarch.rpm kbd-2.2.0-1.cm2.aarch64.rpm kbd-debuginfo-2.2.0-1.cm2.aarch64.rpm -kernel-headers-5.15.131.1-3.cm2.noarch.rpm +kernel-headers-5.15.133.1-1.cm2.noarch.rpm kmod-29-2.cm2.aarch64.rpm kmod-debuginfo-29-2.cm2.aarch64.rpm kmod-devel-29-2.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index f2f8c4b1637..51a221948f2 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -136,7 +136,7 @@ intltool-0.51.0-7.cm2.noarch.rpm itstool-2.0.6-4.cm2.noarch.rpm kbd-2.2.0-1.cm2.x86_64.rpm kbd-debuginfo-2.2.0-1.cm2.x86_64.rpm -kernel-headers-5.15.131.1-3.cm2.noarch.rpm +kernel-headers-5.15.133.1-1.cm2.noarch.rpm kmod-29-2.cm2.x86_64.rpm kmod-debuginfo-29-2.cm2.x86_64.rpm kmod-devel-29-2.cm2.x86_64.rpm diff --git a/toolkit/scripts/mariner-required-configs.json b/toolkit/scripts/mariner-required-configs.json index 8d2b1b96e73..c5f2c51def6 100644 --- a/toolkit/scripts/mariner-required-configs.json +++ b/toolkit/scripts/mariner-required-configs.json @@ -1130,6 +1130,32 @@ "PR": [ "https://github.com/microsoft/CBL-Mariner/pull/6196" ] + }, + "CONFIG_NET_CLS_RSVP": { + "value": [ + "" + ], + "arch": [ + "AMD64", + "ARM64" + ], + "comment": "Needed for update to 5.15.133.1", + "PR": [ + "https://github.com/microsoft/CBL-Mariner/pull/6286" + ] + }, + "CONFIG_NET_CLS_RSVP6": { + "value": [ + "" + ], + "arch": [ + "AMD64", + "ARM64" + ], + "comment": "Needed for update to 5.15.133.1", + "PR": [ + "https://github.com/microsoft/CBL-Mariner/pull/6286" + ] } } } From 8cee97c6aed7aa1e655b06a3054f3da8a4dbd2f4 Mon Sep 17 00:00:00 2001 From: Chris Gunn Date: Fri, 29 Sep 2023 11:26:25 -0700 Subject: [PATCH 34/47] Imgcustomizer: Discover partitions using grub.cfg and fstab files (#6252) --- .../tools/imagecustomizerapi/fileconfig.go | 8 +- .../imagecustomizerapi/filepermissions.go | 4 +- .../tools/imagecustomizerapi/systemconfig.go | 2 +- toolkit/tools/imagegen/diskutils/diskutils.go | 40 ++++- toolkit/tools/imagegen/diskutils/fstab.go | 147 +++++++++++++++ .../tools/internal/safemount.go/safemount.go | 102 +++++++++++ .../imagecustomizerlib/customizeutils_test.go | 2 +- .../pkg/imagecustomizerlib/imagecustomizer.go | 168 ++++++++++++++++-- .../imagecustomizer_test.go | 108 ++++++++--- .../tools/pkg/imagecustomizerlib/main_test.go | 2 + 10 files changed, 534 insertions(+), 49 deletions(-) create mode 100644 toolkit/tools/imagegen/diskutils/fstab.go create mode 100644 toolkit/tools/internal/safemount.go/safemount.go diff --git a/toolkit/tools/imagecustomizerapi/fileconfig.go b/toolkit/tools/imagecustomizerapi/fileconfig.go index fef3de2206c..026505ad2b8 100644 --- a/toolkit/tools/imagecustomizerapi/fileconfig.go +++ b/toolkit/tools/imagecustomizerapi/fileconfig.go @@ -39,7 +39,7 @@ func (l *FileConfigList) IsValid() (err error) { for i, fileConfig := range *l { err = fileConfig.IsValid() if err != nil { - return fmt.Errorf("invalid FileConfig at index %d: %w", i, err) + return fmt.Errorf("invalid FileConfig at index %d:\n%w", i, err) } } @@ -61,7 +61,7 @@ func (l *FileConfigList) UnmarshalYAML(value *yaml.Node) error { type IntermediateTypeFileConfigList FileConfigList err = value.Decode((*IntermediateTypeFileConfigList)(l)) if err != nil { - return fmt.Errorf("failed to parse FileConfigList: %w", err) + return fmt.Errorf("failed to parse FileConfigList:\n%w", err) } return nil @@ -77,7 +77,7 @@ func (f *FileConfig) IsValid() (err error) { if f.Permissions != nil { err = f.Permissions.IsValid() if err != nil { - return fmt.Errorf("invalid Permissions value: %w", err) + return fmt.Errorf("invalid Permissions value:\n%w", err) } } @@ -102,7 +102,7 @@ func (f *FileConfig) UnmarshalYAML(value *yaml.Node) error { type IntermediateTypeFileConfig FileConfig err = value.Decode((*IntermediateTypeFileConfig)(f)) if err != nil { - return fmt.Errorf("failed to parse FileConfig: %w", err) + return fmt.Errorf("failed to parse FileConfig:\n%w", err) } return nil diff --git a/toolkit/tools/imagecustomizerapi/filepermissions.go b/toolkit/tools/imagecustomizerapi/filepermissions.go index c707ac41e58..df3e3494f3d 100644 --- a/toolkit/tools/imagecustomizerapi/filepermissions.go +++ b/toolkit/tools/imagecustomizerapi/filepermissions.go @@ -34,13 +34,13 @@ func (p *FilePermissions) UnmarshalYAML(value *yaml.Node) error { var strValue string err = value.Decode(&strValue) if err != nil { - return fmt.Errorf("failed to parse FilePermissions: %w", err) + return fmt.Errorf("failed to parse FilePermissions:\n%w", err) } // Try to parse the string as an octal number. fileModeUint, err := strconv.ParseUint(strValue, 8, 32) if err != nil { - return fmt.Errorf("failed to parse FilePermissions: %w", err) + return fmt.Errorf("failed to parse FilePermissions:\n%w", err) } *p = (FilePermissions)(fileModeUint) diff --git a/toolkit/tools/imagecustomizerapi/systemconfig.go b/toolkit/tools/imagecustomizerapi/systemconfig.go index 4411c6ced5f..b0df51f6d84 100644 --- a/toolkit/tools/imagecustomizerapi/systemconfig.go +++ b/toolkit/tools/imagecustomizerapi/systemconfig.go @@ -18,7 +18,7 @@ func (s *SystemConfig) IsValid() error { for sourcePath, fileConfigList := range s.AdditionalFiles { err = fileConfigList.IsValid() if err != nil { - return fmt.Errorf("invalid file configs for (%s): %w", sourcePath, err) + return fmt.Errorf("invalid file configs for (%s):\n%w", sourcePath, err) } } diff --git a/toolkit/tools/imagegen/diskutils/diskutils.go b/toolkit/tools/imagegen/diskutils/diskutils.go index 3cbd8036830..b3eb982e1f5 100644 --- a/toolkit/tools/imagegen/diskutils/diskutils.go +++ b/toolkit/tools/imagegen/diskutils/diskutils.go @@ -39,9 +39,25 @@ type SystemBlockDevice struct { Model string // Example: Virtual Disk } +type partitionInfoOutput struct { + Devices []PartitionInfo `json:"blockdevices"` +} + +type PartitionInfo struct { + Name string `json:"name"` // Example: nbd0p1 + Path string `json:"path"` // Example: /dev/nbd0p1 + PartitionTypeUuid string `json:"parttype"` // Example: c12a7328-f81f-11d2-ba4b-00a0c93ec93b + FileSystemType string `json:"fstype"` // Example: vfat + Uuid string `json:"uuid"` // Example: 4BD9-3A78 + PartUuid string `json:"partuuid"` // Example: 7b1367a6-5845-43f2-99b1-a742d873f590 + Mountpoint string `json:"mountpoint"` // Example: /mnt/os/boot +} + const ( // AutoEndSize is used as the disk's "End" value to indicate it should be picked automatically AutoEndSize = 0 + + EfiSystemPartitionUuid = "c12a7328-f81f-11d2-ba4b-00a0c93ec93b" ) const ( @@ -327,7 +343,7 @@ func WaitForDevicesToSettle() error { logger.Log.Debugf("Waiting for devices to settle") _, _, err := shell.Execute("udevadm", "settle") if err != nil { - return fmt.Errorf("failed to wait for devices to settle: %w", err) + return fmt.Errorf("failed to wait for devices to settle:\n%w", err) } return nil } @@ -674,6 +690,28 @@ func SystemBlockDevices() (systemDevices []SystemBlockDevice, err error) { return } +func GetDiskPartitions(diskDevPath string) ([]PartitionInfo, error) { + // Just in case the disk was only recently connected, wait for the OS to finish processing it. + err := WaitForDevicesToSettle() + if err != nil { + return nil, fmt.Errorf("failed to list disk (%s) partitions:\n%w", diskDevPath, err) + } + + // Read the disk's partitions. + jsonString, _, err := shell.Execute("lsblk", diskDevPath, "--output", "NAME,PATH,PARTTYPE,FSTYPE,UUID,MOUNTPOINT,PARTUUID", "--json", "--list") + if err != nil { + return nil, fmt.Errorf("failed to list disk (%s) partitions:\n%w", diskDevPath, err) + } + + var output partitionInfoOutput + err = json.Unmarshal([]byte(jsonString), &output) + if err != nil { + return nil, fmt.Errorf("failed to parse disk (%s) partitions JSON:\n%w", diskDevPath, err) + } + + return output.Devices, err +} + func createExtendedPartition(diskDevPath string, partitionTableType string, partitions []configuration.Partition, partIDToFsTypeMap, partDevPathMap map[string]string) (err error) { // Create a new partition object for extended partition extendedPartition := configuration.Partition{} diff --git a/toolkit/tools/imagegen/diskutils/fstab.go b/toolkit/tools/imagegen/diskutils/fstab.go new file mode 100644 index 00000000000..de695e5e489 --- /dev/null +++ b/toolkit/tools/imagegen/diskutils/fstab.go @@ -0,0 +1,147 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + +package diskutils + +import ( + "encoding/json" + "fmt" + "strings" + + "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/shell" + "golang.org/x/sys/unix" +) + +type MountFlags uintptr + +type FstabEntry struct { + Source string `json:"source"` + Target string `json:"target"` + FsType string `json:"fstype"` + Options MountFlags `json:"vfs-options"` + FsOptions string `json:"fs-options"` + Freq int `json:"freq"` + PassNo int `json:"passno"` +} + +type findmntOutput struct { + FileSystems []FstabEntry `json:"filesystems"` +} + +func (f *MountFlags) UnmarshalJSON(b []byte) (err error) { + var stringValue string + err = json.Unmarshal(b, &stringValue) + if err != nil { + return fmt.Errorf("failed to parse MountFlags:\n%w", err) + } + + var value MountFlags + options := strings.Split(stringValue, ",") + for _, option := range options { + switch option { + case "async": + value |= unix.MS_ASYNC + + case "atime": + value &= ^MountFlags(unix.MS_NOATIME) + + case "noatime": + value |= unix.MS_NOATIME + + case "dev": + value &= ^MountFlags(unix.MS_NODEV) + + case "nodev": + value |= unix.MS_NODEV + + case "diratime": + value &= ^MountFlags(unix.MS_NODIRATIME) + + case "nodiratime": + value |= unix.MS_NODIRATIME + + case "dirsync": + value |= unix.MS_DIRSYNC + + case "exec": + value &= ^MountFlags(unix.MS_NOEXEC) + + case "noexec": + value |= unix.MS_NOEXEC + + case "iversion": + value |= unix.MS_I_VERSION + + case "mand": + value |= unix.MS_MANDLOCK + + case "nomand": + value &= ^MountFlags(unix.MS_MANDLOCK) + + case "relatime": + value |= unix.MS_RELATIME + + case "norelatime": + value &= ^MountFlags(unix.MS_RELATIME) + + case "strictatime": + value |= unix.MS_STRICTATIME + + case "nostrictatime": + value &= ^MountFlags(unix.MS_STRICTATIME) + + case "suid": + value &= ^MountFlags(unix.MS_NOSUID) + + case "nosuid": + value |= unix.MS_NOSUID + + case "remount": + value |= unix.MS_REMOUNT + + case "ro": + value |= unix.MS_RDONLY + + case "rw": + value &= ^MountFlags(unix.MS_RDONLY) + + case "sync": + value |= unix.MS_SYNC + + // These options are only relevant for the fstab file. + case "owner", "user", "nouser", "users", "group", "auto", "noauto", "nofail", "_netdev", "_rnetdev": + + // There isn't a fixed set of defaults. So, no easy way to support this. + case "defaults": + return fmt.Errorf("unsupported mount flag (%s)", option) + + // Ignore empty options. + case "": + + default: + return fmt.Errorf("unknown mount flag (%s)", option) + } + } + + *f = value + return nil +} + +func ReadFstabFile(fstabPath string) ([]FstabEntry, error) { + // Read the fstab file. + // The `findmnt` command provides a convenient JSON output. In addition, it helpfully splits the + // common vfs options from the filesystem specific options. + jsonString, _, err := shell.Execute("findmnt", "--fstab", "--tab-file", fstabPath, + "--json", "--output", "source,target,fstype,vfs-options,fs-options,freq,passno") + if err != nil { + return nil, fmt.Errorf("failed to read fstab file (%s):\n%w", fstabPath, err) + } + + var output findmntOutput + err = json.Unmarshal([]byte(jsonString), &output) + if err != nil { + return nil, fmt.Errorf("failed to read fstab file (%s): json parse error:\n%w", fstabPath, err) + } + + return output.FileSystems, nil +} diff --git a/toolkit/tools/internal/safemount.go/safemount.go b/toolkit/tools/internal/safemount.go/safemount.go new file mode 100644 index 00000000000..c291deda236 --- /dev/null +++ b/toolkit/tools/internal/safemount.go/safemount.go @@ -0,0 +1,102 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + +// Package that assists with mounting and unmounting cleanly. +package safemount + +import ( + "fmt" + "os" + + "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/logger" + "golang.org/x/sys/unix" +) + +type Mount struct { + target string + isMounted bool + dirCreated bool +} + +// Creates a new system mount. +func NewMount(source, target, fstype string, flags uintptr, data string, makeAndDeleteDir bool) (*Mount, error) { + var err error + + mount := &Mount{ + target: target, + } + + // Try to create the mount. + err = mount.newMountHelper(source, target, fstype, flags, data, makeAndDeleteDir) + if err != nil { + // Cleanup anything created during the failed mount. + cleanupErr := mount.Close() + if cleanupErr != nil { + logger.Log.Warnf("failed to cleanup failed mount: %s", cleanupErr) + } + return nil, err + } + + return mount, nil +} + +func (m *Mount) newMountHelper(source, target, fstype string, flags uintptr, data string, makeAndDeleteDir bool) error { + var err error + + logger.Log.Debugf("Mounting: source: (%s), target: (%s), fstype: (%s), flags: (%#x), data: (%s)", + source, target, fstype, flags, data) + + if makeAndDeleteDir { + // Create the mount target directory. + err = os.MkdirAll(target, os.ModePerm) + if err != nil { + return fmt.Errorf("failed to create mount directory (%s):\n%w", target, err) + } + + m.dirCreated = true + } + + // Create the mount. + err = unix.Mount(source, target, fstype, flags, data) + if err != nil { + return fmt.Errorf("failed to mount (%s) to (%s):\n%w", source, target, err) + } + + m.isMounted = true + return nil +} + +// Target returns the target directory of the mount. +func (m *Mount) Target() string { + return m.target +} + +// Close removes the system mount. +// This function is safe to call multiple times. +func (m *Mount) Close() error { + var err error + + logger.Log.Debugf("Unmounting (%s)", m.target) + + if m.isMounted { + err = unix.Unmount(m.target, 0) + if err != nil { + return fmt.Errorf("failed to unmount (%s):\n%w", m.target, err) + } + + m.isMounted = false + } + + if m.dirCreated { + // Note: Do not use `RemoveAll` here in case the unmount silently failed. + // (This is unlikely. But "belt and braces".) + err = os.Remove(m.target) + if err != nil { + return fmt.Errorf("failed to delete source rpms mount directory (%s):\n%w", m.target, err) + } + + m.dirCreated = false + } + + return nil +} diff --git a/toolkit/tools/pkg/imagecustomizerlib/customizeutils_test.go b/toolkit/tools/pkg/imagecustomizerlib/customizeutils_test.go index 8531b72bc5b..071b5e3779b 100644 --- a/toolkit/tools/pkg/imagecustomizerlib/customizeutils_test.go +++ b/toolkit/tools/pkg/imagecustomizerlib/customizeutils_test.go @@ -15,7 +15,7 @@ import ( ) func TestCopyAdditionalFiles(t *testing.T) { - proposedDir := filepath.Join(tmpDir, "chroot", "TestCopyAdditionalFiles") + proposedDir := filepath.Join(tmpDir, "TestCopyAdditionalFiles") chroot := safechroot.NewChroot(proposedDir, false) baseConfigPath := testDir diff --git a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go index 1ea1cde4f70..140bb667969 100644 --- a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go +++ b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go @@ -7,14 +7,21 @@ import ( "fmt" "os" "path/filepath" + "regexp" + "strings" "github.com/microsoft/CBL-Mariner/toolkit/tools/imagecustomizerapi" "github.com/microsoft/CBL-Mariner/toolkit/tools/imagegen/diskutils" "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/file" "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/safechroot" + "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/safemount.go" "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/shell" ) +var ( + rootfsPartitionRegex = regexp.MustCompile(`(?m)^search -n -u ([a-zA-Z0-9\-]+) -s$`) +) + func CustomizeImageWithConfigFile(buildDir string, configFile string, imageFile string, outputImageFile string, outputImageFormat string, ) error { @@ -47,6 +54,12 @@ func CustomizeImage(buildDir string, baseConfigPath string, config *imagecustomi return err } + // Validate config. + err = validateConfig(baseConfigPath, config) + if err != nil { + return fmt.Errorf("invalid image config:\n%w", err) + } + // Normalize 'buildDir' path. buildDirAbs, err := filepath.Abs(buildDir) if err != nil { @@ -59,18 +72,12 @@ func CustomizeImage(buildDir string, baseConfigPath string, config *imagecustomi return err } - // Validate config. - err = validateConfig(baseConfigPath, config) - if err != nil { - return fmt.Errorf("invalid image config: %w", err) - } - // Convert image file to raw format, so that a kernel loop device can be used to make changes to the image. buildImageFile := filepath.Join(buildDirAbs, "image.raw") _, _, err = shell.Execute("qemu-img", "convert", "-O", "raw", imageFile, buildImageFile) if err != nil { - return fmt.Errorf("failed to convert image file to raw format: %w", err) + return fmt.Errorf("failed to convert image file to raw format:\n%w", err) } // Customize the raw image file. @@ -80,9 +87,12 @@ func CustomizeImage(buildDir string, baseConfigPath string, config *imagecustomi } // Create final output image file. + outDir := filepath.Dir(outputImageFile) + os.MkdirAll(outDir, os.ModePerm) + _, _, err = shell.Execute("qemu-img", "convert", "-O", qemuOutputImageFormat, buildImageFile, outputImageFile) if err != nil { - return fmt.Errorf("failed to convert image file to format: %s: %w", outputImageFormat, err) + return fmt.Errorf("failed to convert image file to format: %s:\n%w", outputImageFormat, err) } return nil @@ -106,7 +116,7 @@ func validateConfig(baseConfigPath string, config *imagecustomizerapi.SystemConf sourceFileFullPath := filepath.Join(baseConfigPath, sourceFile) isFile, err := file.IsFile(sourceFileFullPath) if err != nil { - return fmt.Errorf("invalid AdditionalFiles source file (%s): %w", sourceFile, err) + return fmt.Errorf("invalid AdditionalFiles source file (%s):\n%w", sourceFile, err) } if !isFile { @@ -123,7 +133,7 @@ func customizeImageHelper(buildDir string, baseConfigPath string, config *imagec // Mount the raw disk image file. diskDevPath, err := diskutils.SetupLoopbackDevice(buildImageFile) if err != nil { - return fmt.Errorf("failed to mount raw disk (%s) as a loopback device: %w", buildImageFile, err) + return fmt.Errorf("failed to mount raw disk (%s) as a loopback device:\n%w", buildImageFile, err) } defer diskutils.DetachLoopbackDevice(diskDevPath) @@ -134,9 +144,9 @@ func customizeImageHelper(buildDir string, baseConfigPath string, config *imagec } // Look for all the partitions on the image. - newMountDirectories, mountPoints, err := findPartitions(diskDevPath) + newMountDirectories, mountPoints, err := findPartitions(buildDir, diskDevPath) if err != nil { - return err + return fmt.Errorf("failed to find disk partitions:\n%w", err) } // Create chroot environment. @@ -158,14 +168,134 @@ func customizeImageHelper(buildDir string, baseConfigPath string, config *imagec return nil } -func findPartitions(diskDevice string) ([]string, []*safechroot.MountPoint, error) { - newMountDirectories := []string{} +func findPartitions(buildDir string, diskDevice string) ([]string, []*safechroot.MountPoint, error) { + var err error + + diskPartitions, err := diskutils.GetDiskPartitions(diskDevice) + if err != nil { + return nil, nil, err + } + + // Look for the boot partition (i.e. EFI system partition). + var efiSystemPartition *diskutils.PartitionInfo + for _, diskPartition := range diskPartitions { + if diskPartition.PartitionTypeUuid == diskutils.EfiSystemPartitionUuid { + efiSystemPartition = &diskPartition + break + } + } + + if efiSystemPartition == nil { + return nil, nil, fmt.Errorf("failed to find EFI system partition (%s)", diskDevice) + } + + // Mount the boot partition. + tmpDir := filepath.Join(buildDir, "tmppartition") + + efiSystemPartitionMount, err := safemount.NewMount(efiSystemPartition.Path, tmpDir, efiSystemPartition.FileSystemType, 0, "", true) + if err != nil { + return nil, nil, fmt.Errorf("failed to mount EFI system partition:\n%w", err) + } + defer efiSystemPartitionMount.Close() + + // Read the grub.cfg file. + grubConfigFilePath := filepath.Join(tmpDir, "boot/grub2/grub.cfg") + grubConfigFile, err := os.ReadFile(grubConfigFilePath) + if err != nil { + return nil, nil, fmt.Errorf("failed to read grub.cfg file:\n%w", err) + } + + // Close the boot partition mount. + err = efiSystemPartitionMount.Close() + if err != nil { + return nil, nil, fmt.Errorf("failed to close EFI system partition mount:\n%w", err) + } + + // Look for the rootfs declaration line in the grub.cfg file. + match := rootfsPartitionRegex.FindStringSubmatch(string(grubConfigFile)) + if match == nil { + return nil, nil, fmt.Errorf("failed to find rootfs partition in grub.cfg file") + } + + rootfsUuid := match[1] + + var rootfsPartition *diskutils.PartitionInfo + for _, diskPartition := range diskPartitions { + if diskPartition.Uuid == rootfsUuid { + rootfsPartition = &diskPartition + break + } + } + + // Temporarily mount the rootfs partition so that the fstab file can be read. + rootfsPartitionMount, err := safemount.NewMount(rootfsPartition.Path, tmpDir, rootfsPartition.FileSystemType, 0, "", true) + if err != nil { + return nil, nil, fmt.Errorf("failed to mount rootfs partition:\n%w", err) + } + defer rootfsPartitionMount.Close() + + // Read the fstab file. + fstabPath := filepath.Join(tmpDir, "/etc/fstab") + fstabEntries, err := diskutils.ReadFstabFile(fstabPath) + if err != nil { + return nil, nil, err + } + + // Close the rootfs partition mount. + err = rootfsPartitionMount.Close() + if err != nil { + return nil, nil, fmt.Errorf("failed to close rootfs partition mount:\n%w", err) + } + + // Convert fstab entries into mount points. + var mountPoints []*safechroot.MountPoint + var foundRoot bool + for _, fstabEntry := range fstabEntries { + // Ignore special partitions. + switch fstabEntry.FsType { + case "devtmpfs", "proc", "sysfs", "devpts", "tmpfs": + continue + } + + source, err := findSourcePartition(fstabEntry.Source, diskPartitions) + if err != nil { + return nil, nil, err + } + + var mountPoint *safechroot.MountPoint + if fstabEntry.Target == "/" { + mountPoint = safechroot.NewPreDefaultsMountPoint( + source, fstabEntry.Target, fstabEntry.FsType, + uintptr(fstabEntry.Options), fstabEntry.FsOptions) + + foundRoot = true + } else { + mountPoint = safechroot.NewMountPoint( + source, fstabEntry.Target, fstabEntry.FsType, + uintptr(fstabEntry.Options), fstabEntry.FsOptions) + } + + mountPoints = append(mountPoints, mountPoint) + } + + if !foundRoot { + return nil, nil, fmt.Errorf("image has invalid fstab file: no root partition found") + } + + return nil, mountPoints, nil +} + +func findSourcePartition(source string, partitions []diskutils.PartitionInfo) (string, error) { + partUuid, isPartUuid := strings.CutPrefix(source, "PARTUUID=") + if isPartUuid { + for _, partition := range partitions { + if partition.PartUuid == partUuid { + return partition.Path, nil + } + } - // TODO: Dynamically find partitions instead of hardcoding the mappings. - mountPoints := []*safechroot.MountPoint{ - safechroot.NewPreDefaultsMountPoint(fmt.Sprintf("%sp2", diskDevice), "/", "ext4", 0, ""), - safechroot.NewMountPoint(fmt.Sprintf("%sp1", diskDevice), "/boot", "vfat", 0, ""), + return "", fmt.Errorf("partition not found: %s", source) } - return newMountDirectories, mountPoints, nil + return "", fmt.Errorf("unknown fstab source type: %s", source) } diff --git a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go index 5ff38c22414..53b13867702 100644 --- a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go +++ b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go @@ -13,6 +13,7 @@ import ( "github.com/microsoft/CBL-Mariner/toolkit/tools/imagecustomizerapi" "github.com/microsoft/CBL-Mariner/toolkit/tools/imagegen/configuration" "github.com/microsoft/CBL-Mariner/toolkit/tools/imagegen/diskutils" + "github.com/microsoft/CBL-Mariner/toolkit/tools/imagegen/installutils" "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/buildpipeline" "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/safechroot" "github.com/stretchr/testify/assert" @@ -28,8 +29,8 @@ func TestCustomizeImageEmptyConfig(t *testing.T) { buildDir := filepath.Join(tmpDir, "TestCustomizeImageEmptyConfig") outImageFilePath := filepath.Join(buildDir, "image.vhd") - // Create empty disk. - diskFilePath, err := createEmptyDisk(buildDir) + // Create fake disk. + diskFilePath, _, _, err := createFakeEfiImage(buildDir) if !assert.NoError(t, err) { return } @@ -47,8 +48,6 @@ func TestCustomizeImageEmptyConfig(t *testing.T) { func TestCustomizeImageCopyFiles(t *testing.T) { var err error - t.Skip("Unreliable test") - if !buildpipeline.IsRegularBuild() { t.Skip("loopback block device not available") } @@ -57,8 +56,8 @@ func TestCustomizeImageCopyFiles(t *testing.T) { configFile := filepath.Join(testDir, "addfiles-config.yaml") outImageFilePath := filepath.Join(buildDir, "image.qcow2") - // Create empty disk. - diskFilePath, err := createEmptyDisk(buildDir) + // Create fake disk. + diskFilePath, newMountDirectories, mountPoints, err := createFakeEfiImage(buildDir) if !assert.NoError(t, err) { return } @@ -79,7 +78,10 @@ func TestCustomizeImageCopyFiles(t *testing.T) { } defer diskutils.DetachLoopbackDevice(diskDevPath) - newMountDirectories, mountPoints := emptyDiskPartitions(diskDevPath) + err = diskutils.WaitForDevicesToSettle() + if !assert.NoError(t, err) { + return + } imageChroot := safechroot.NewChroot(filepath.Join(buildDir, "imageroot"), false) err = imageChroot.Initialize("", newMountDirectories, mountPoints) @@ -127,12 +129,12 @@ func TestValidateConfigdditionalFilesIsDir(t *testing.T) { assert.Error(t, err) } -func createEmptyDisk(buildDir string) (string, error) { +func createFakeEfiImage(buildDir string) (string, []string, []*safechroot.MountPoint, error) { var err error err = os.MkdirAll(buildDir, os.ModePerm) if err != nil { - return "", fmt.Errorf("failed to make build directory (%s): %w", buildDir, err) + return "", nil, nil, fmt.Errorf("failed to make build directory (%s):\n%w", buildDir, err) } // Use a prototypical Mariner image partition config. @@ -156,36 +158,100 @@ func createEmptyDisk(buildDir string) (string, error) { }, } + partitionSettings := []configuration.PartitionSetting{ + { + ID: "boot", + MountPoint: "/boot/efi", + MountOptions: "umask=0077", + MountIdentifier: configuration.MountIdentifierDefault, + }, + { + ID: "rootfs", + MountPoint: "/", + MountIdentifier: configuration.MountIdentifierDefault, + }, + } + // Create raw disk image file. rawDisk, err := diskutils.CreateEmptyDisk(buildDir, "disk.raw", diskConfig) if err != nil { - return "", fmt.Errorf("failed to create empty disk file in (%s): %w", buildDir, err) + return "", nil, nil, fmt.Errorf("failed to create empty disk file in (%s):\n%w", buildDir, err) } - // Mount raw disk image file. + // Connect raw disk image file. diskDevPath, err := diskutils.SetupLoopbackDevice(rawDisk) if err != nil { - return "", fmt.Errorf("failed to mount raw disk (%s) as a loopback device: %w", rawDisk, err) + return "", nil, nil, fmt.Errorf("failed to mount raw disk (%s) as a loopback device:\n%w", rawDisk, err) } defer diskutils.DetachLoopbackDevice(diskDevPath) // Set up partitions. - _, _, _, _, err = diskutils.CreatePartitions(diskDevPath, diskConfig, + partIDToDevPathMap, partIDToFsTypeMap, _, _, err := diskutils.CreatePartitions(diskDevPath, diskConfig, configuration.RootEncryption{}, configuration.ReadOnlyVerityRoot{}) if err != nil { - return "", fmt.Errorf("failed to create partitions on disk (%s): %w", diskDevPath, err) + return "", nil, nil, fmt.Errorf("failed to create partitions on disk (%s):\n%w", diskDevPath, err) } - return rawDisk, nil -} + // Create partition mount config. + bootPartitionDevPath := fmt.Sprintf("%sp1", diskDevPath) + osPartitionDevPath := fmt.Sprintf("%sp2", diskDevPath) -func emptyDiskPartitions(diskDevPath string) ([]string, []*safechroot.MountPoint) { newMountDirectories := []string{} mountPoints := []*safechroot.MountPoint{ - safechroot.NewPreDefaultsMountPoint(fmt.Sprintf("%sp2", diskDevPath), "/", "ext4", 0, ""), - safechroot.NewMountPoint(fmt.Sprintf("%sp1", diskDevPath), "/boot", "vfat", 0, ""), + safechroot.NewPreDefaultsMountPoint(osPartitionDevPath, "/", "ext4", 0, ""), + safechroot.NewMountPoint(bootPartitionDevPath, "/boot/efi", "vfat", 0, ""), + } + + // Mount the partitions. + imageChroot := safechroot.NewChroot(filepath.Join(buildDir, "imageroot"), false) + err = imageChroot.Initialize("", newMountDirectories, mountPoints) + if err != nil { + return "", nil, nil, err + } + defer imageChroot.Close(false) + + // Write a fake grub.cfg file so that the partition discovery logic works. + bootPrefix := "/boot" + + osUuid, err := installutils.GetUUID(osPartitionDevPath) + if err != nil { + return "", nil, nil, fmt.Errorf("failed get OS partition UUID:\n%w", err) + } + + rootDevice, err := installutils.FormatMountIdentifier(configuration.MountIdentifierUuid, osPartitionDevPath) + if err != nil { + return "", nil, nil, fmt.Errorf("failed to format mount identifier:\n%w", err) + } + + err = installutils.InstallBootloader(imageChroot, false, "efi", osUuid, bootPrefix, "", assetsDir) + if err != nil { + return "", nil, nil, fmt.Errorf("failed to install bootloader:\n%w", err) + } + + err = installutils.InstallGrubCfg(imageChroot.RootDir(), rootDevice, osUuid, bootPrefix, assetsDir, + diskutils.EncryptedRootDevice{}, configuration.KernelCommandLine{}, diskutils.VerityDevice{}, false) + if err != nil { + return "", nil, nil, fmt.Errorf("failed to install main grub config file:\n%w", err) } - return newMountDirectories, mountPoints + + err = installutils.InstallGrubEnv(imageChroot.RootDir(), assetsDir) + if err != nil { + return "", nil, nil, fmt.Errorf("failed to install grubenv file:\n%w", err) + } + + // Write a fake fstab file so that the partition discovery logic works. + mountPointMap, mountPointToFsTypeMap, mountPointToMountArgsMap, _ := installutils.CreateMountPointPartitionMap( + partIDToDevPathMap, partIDToFsTypeMap, partitionSettings, + ) + + err = installutils.UpdateFstab(imageChroot.RootDir(), partitionSettings, mountPointMap, mountPointToFsTypeMap, + mountPointToMountArgsMap, partIDToDevPathMap, partIDToFsTypeMap, false, /*hidepidEnabled*/ + ) + if err != nil { + return "", nil, nil, fmt.Errorf("failed to install fstab file:\n%w", err) + } + + return rawDisk, newMountDirectories, mountPoints, nil } func checkFileType(t *testing.T, filePath string, expectedFileType string) { @@ -219,5 +285,5 @@ func getImageFileType(filePath string) (string, error) { return "raw", nil } - return "", fmt.Errorf("Unknown file type") + return "", fmt.Errorf("unknown file type: %s", filePath) } diff --git a/toolkit/tools/pkg/imagecustomizerlib/main_test.go b/toolkit/tools/pkg/imagecustomizerlib/main_test.go index e8c780166f1..d39ede97186 100644 --- a/toolkit/tools/pkg/imagecustomizerlib/main_test.go +++ b/toolkit/tools/pkg/imagecustomizerlib/main_test.go @@ -15,6 +15,7 @@ var ( testDir string tmpDir string workingDir string + assetsDir string ) func TestMain(m *testing.M) { @@ -29,6 +30,7 @@ func TestMain(m *testing.M) { testDir = filepath.Join(workingDir, "testdata") tmpDir = filepath.Join(workingDir, "_tmp") + assetsDir = filepath.Join(workingDir, "../../../resources/assets") err = os.MkdirAll(tmpDir, os.ModePerm) if err != nil { From 6f57c9d1a51c3f207d487237b1fc5b633659ecb8 Mon Sep 17 00:00:00 2001 From: Roaa Sakr Date: Fri, 29 Sep 2023 20:50:04 -0700 Subject: [PATCH 35/47] QEMU guest & BareMetal image definitions (#6307) * init Signed-off-by: Roaa Sakr * selinux Signed-off-by: Roaa Sakr * add missing packages Signed-off-by: Roaa Sakr * fix Signed-off-by: Roaa Sakr * typo Signed-off-by: Roaa Sakr * update Signed-off-by: Roaa Sakr --------- Signed-off-by: Roaa Sakr --- toolkit/imageconfigs/baremetal.json | 63 +++++++++++++++++++ .../packagelists/baremetal-packages.json | 5 ++ .../packagelists/qemu-guest-packages.json | 5 ++ toolkit/imageconfigs/qemu-guest.json | 61 ++++++++++++++++++ 4 files changed, 134 insertions(+) create mode 100644 toolkit/imageconfigs/baremetal.json create mode 100644 toolkit/imageconfigs/packagelists/baremetal-packages.json create mode 100644 toolkit/imageconfigs/packagelists/qemu-guest-packages.json create mode 100644 toolkit/imageconfigs/qemu-guest.json diff --git a/toolkit/imageconfigs/baremetal.json b/toolkit/imageconfigs/baremetal.json new file mode 100644 index 00000000000..1ef399381a3 --- /dev/null +++ b/toolkit/imageconfigs/baremetal.json @@ -0,0 +1,63 @@ +{ + "Disks": [ + { + "PartitionTableType": "gpt", + "MaxSize": 1024, + "Artifacts": [ + { + "Name": "core", + "Type": "vhdx" + } + ], + "Partitions": [ + { + "ID": "boot", + "Flags": [ + "esp", + "boot" + ], + "Start": 1, + "End": 9, + "FsType": "fat32" + }, + { + "ID": "rootfs", + "Start": 9, + "End": 0, + "FsType": "ext4" + } + ] + } + ], + "SystemConfigs": [ + { + "Name": "Standard", + "BootType": "efi", + "PartitionSettings": [ + { + "ID": "boot", + "MountPoint": "/boot/efi", + "MountOptions": "umask=0077" + }, + { + "ID": "rootfs", + "MountPoint": "/" + } + ], + "PackageLists": [ + "packagelists/baremetal-packages.json", + "packagelists/cloud-init-packages.json", + "packagelists/core-packages-image.json", + "packagelists/selinux-full.json" + ], + "KernelCommandLine": { + "ExtraCommandLine": "console=tty0 console=ttyS0", + "SELinux": "enforcing" + }, + "KernelOptions": { + "default": "kernel-hci" + }, + "Hostname": "azure-linux" + } + ] +} diff --git a/toolkit/imageconfigs/packagelists/baremetal-packages.json b/toolkit/imageconfigs/packagelists/baremetal-packages.json new file mode 100644 index 00000000000..6271c521ef3 --- /dev/null +++ b/toolkit/imageconfigs/packagelists/baremetal-packages.json @@ -0,0 +1,5 @@ +{ + "packages": [ + "dracut-megaraid" + ] +} diff --git a/toolkit/imageconfigs/packagelists/qemu-guest-packages.json b/toolkit/imageconfigs/packagelists/qemu-guest-packages.json new file mode 100644 index 00000000000..5ceaade7ab6 --- /dev/null +++ b/toolkit/imageconfigs/packagelists/qemu-guest-packages.json @@ -0,0 +1,5 @@ +{ + "packages": [ + "qemu-guest-agent" + ] +} diff --git a/toolkit/imageconfigs/qemu-guest.json b/toolkit/imageconfigs/qemu-guest.json new file mode 100644 index 00000000000..654e2b1552d --- /dev/null +++ b/toolkit/imageconfigs/qemu-guest.json @@ -0,0 +1,61 @@ +{ + "Disks": [ + { + "PartitionTableType": "gpt", + "MaxSize": 1024, + "Artifacts": [ + { + "Name": "core", + "Type": "vhdx" + } + ], + "Partitions": [ + { + "ID": "boot", + "Flags": [ + "esp", + "boot" + ], + "Start": 1, + "End": 9, + "FsType": "fat32" + }, + { + "ID": "rootfs", + "Start": 9, + "End": 0, + "FsType": "ext4" + } + ] + } + ], + "SystemConfigs": [ + { + "Name": "Standard", + "BootType": "efi", + "PartitionSettings": [ + { + "ID": "boot", + "MountPoint": "/boot/efi", + "MountOptions": "umask=0077" + }, + { + "ID": "rootfs", + "MountPoint": "/" + } + ], + "PackageLists": [ + "packagelists/core-packages-image.json", + "packagelists/cloud-init-packages.json", + "packagelists/qemu-guest-packages.json" + ], + "KernelCommandLine": { + "ExtraCommandLine": "console=tty0 console=ttyS0" + }, + "KernelOptions": { + "default": "kernel-hci" + }, + "Hostname": "azure-linux" + } + ] +} From d8deceb6e8fbd9a4b5e1c8d2239972661b3f9bac Mon Sep 17 00:00:00 2001 From: Neha Agarwal <58672330+neha170@users.noreply.github.com> Date: Mon, 2 Oct 2023 08:58:46 -0700 Subject: [PATCH 36/47] nopatch kernel CVE-2023-2163 (#6324) --- SPECS/kernel/CVE-2023-2163.nopatch | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 SPECS/kernel/CVE-2023-2163.nopatch diff --git a/SPECS/kernel/CVE-2023-2163.nopatch b/SPECS/kernel/CVE-2023-2163.nopatch new file mode 100644 index 00000000000..830380d076b --- /dev/null +++ b/SPECS/kernel/CVE-2023-2163.nopatch @@ -0,0 +1,3 @@ +CVE-2023-2163: nopatch, fix present in 5.15.133 +Upstream: 71b547f561247897a0a14f3082730156c0533fed +Stable: e722ea6dae2cc042d1bb7090e2ef8456dd5a0e57 From d453a881bce0093ce4cc11d86402796f01c18421 Mon Sep 17 00:00:00 2001 From: Neha Agarwal <58672330+neha170@users.noreply.github.com> Date: Mon, 2 Oct 2023 09:01:56 -0700 Subject: [PATCH 37/47] kernel: nopatch CVE-2023-4921 (#6322) --- SPECS/kernel/CVE-2023-4921.nopatch | 3 +++ SPECS/kernel/kernel.spec | 1 + 2 files changed, 4 insertions(+) create mode 100644 SPECS/kernel/CVE-2023-4921.nopatch diff --git a/SPECS/kernel/CVE-2023-4921.nopatch b/SPECS/kernel/CVE-2023-4921.nopatch new file mode 100644 index 00000000000..9268a0f8bb8 --- /dev/null +++ b/SPECS/kernel/CVE-2023-4921.nopatch @@ -0,0 +1,3 @@ +CVE-2023-4921: nopatch, fix present in 5.15.133 +Upstream: 8fc134fee27f2263988ae38920bc03da416b03d8 +Stable: 6ea277b2c6263931798234e2eed892ecfbb85596 diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index c7dfdfdb38b..aac9c83d15e 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -427,6 +427,7 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg %changelog * Tue Sep 26 2023 CBL-Mariner Servicing Account - 5.15.133.1-1 - Auto-upgrade to 5.15.133.1 +- Remove CONFIG_NET_CLS_RSVP and CONFIG_NET_CLS_RSVP6 that don't apply to the new version * Tue Sep 19 2023 Cameron Baird - 5.15.131.1-3 - Call grub2-mkconfig to regenerate configs only if the user has From af6ece382324e6aaae497f385219ae4549870461 Mon Sep 17 00:00:00 2001 From: Mitch Zhu Date: Mon, 2 Oct 2023 10:14:54 -0700 Subject: [PATCH 38/47] Upstream kata cc package updates (#6297) * Initial katadev/main upstream draft * Cherry-pick Daniel's CVE fix * Remove alpha logs --- SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md | 2 +- SPECS/LICENSES-AND-NOTICES/data/licenses.json | 1 + .../cloud-hypervisor.signatures.json | 6 +- SPECS/cloud-hypervisor/cloud-hypervisor.spec | 7 +- SPECS/cloud-hypervisor/config.toml | 1 - .../kata-containers-cc.signatures.json | 6 +- .../kata-containers-cc.spec | 108 +- .../mariner-coco-build-uvm.sh | 29 +- ...emd-kernel-cmdline-params-for-initrd.patch | 25 + ...sbuilder-Add-support-for-CBL-Mariner.patch | 122 + SPECS/kata-containers/15-dracut.conf | 29 - .../kata-containers.signatures.json | 4 +- SPECS/kata-containers/kata-containers.spec | 83 +- .../kata-osbuilder-generate.service | 10 - SPECS/kata-containers/kata-osbuilder.sh | 292 -- SPECS/kata-containers/mariner-build-uvm.sh | 26 + ...0-kernel-patch-for-loader-as-of-0524.patch | 625 ---- SPECS/kernel-mshv/config | 408 +-- SPECS/kernel-mshv/kernel-mshv.signatures.json | 4 +- SPECS/kernel-mshv/kernel-mshv.spec | 8 +- SPECS/kernel-uvm-cvm/config | 3255 +++++++++++++++++ .../kernel-uvm-cvm.signatures.json | 6 + SPECS/kernel-uvm-cvm/kernel-uvm-cvm.spec | 1201 ++++++ SPECS/kernel-uvm/config | 799 ++-- SPECS/kernel-uvm/kernel-uvm.signatures.json | 4 +- SPECS/kernel-uvm/kernel-uvm.spec | 19 +- cgmanifest.json | 26 +- 27 files changed, 5394 insertions(+), 1712 deletions(-) create mode 100644 SPECS/kata-containers/0001-Append-systemd-kernel-cmdline-params-for-initrd.patch create mode 100644 SPECS/kata-containers/0001-osbuilder-Add-support-for-CBL-Mariner.patch delete mode 100644 SPECS/kata-containers/15-dracut.conf delete mode 100644 SPECS/kata-containers/kata-osbuilder-generate.service delete mode 100644 SPECS/kata-containers/kata-osbuilder.sh create mode 100755 SPECS/kata-containers/mariner-build-uvm.sh delete mode 100644 SPECS/kernel-mshv/0001-Implement-dom0-kernel-patch-for-loader-as-of-0524.patch create mode 100644 SPECS/kernel-uvm-cvm/config create mode 100644 SPECS/kernel-uvm-cvm/kernel-uvm-cvm.signatures.json create mode 100644 SPECS/kernel-uvm-cvm/kernel-uvm-cvm.spec diff --git a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md index deb80fde906..05a25a368ec 100644 --- a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md +++ b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md @@ -16,6 +16,6 @@ The CBL-Mariner SPEC files originated from a variety of sources with varying lic | OpenEuler | [BSD-3 License](https://github.com/pytorch/pytorch/blob/master/LICENSE) | pytorch | | OpenMamba | [Openmamba GPLv2 License](https://www.gnu.org/licenses/old-licenses/gpl-2.0.txt) | bash-completion | | OpenSUSE | Following [openSUSE guidelines](https://en.opensuse.org/openSUSE:Specfile_guidelines#Specfile_Licensing) | ant
ant-junit
antlr
aopalliance
apache-commons-beanutils
apache-commons-cli
apache-commons-codec
apache-commons-collections
apache-commons-collections4
apache-commons-compress
apache-commons-daemon
apache-commons-dbcp
apache-commons-digester
apache-commons-httpclient
apache-commons-io
apache-commons-jexl
apache-commons-lang
apache-commons-lang3
apache-commons-logging
apache-commons-net
apache-commons-pool
apache-commons-pool2
apache-commons-validator
apache-commons-vfs2
apache-parent
args4j
atinject
base64coder
bazel-workspaces
bcel
bea-stax
beust-jcommander
bsf
byaccj
cal10n
cdparanoia
cglib
cni
containerized-data-importer
cpulimit
cri-o
ecj
fillup
flux
gd
geronimo-specs
glassfish-annotation-api
glassfish-servlet-api
gnu-getopt
gnu-regexp
golang-packaging
guava
guava20
hamcrest
hawtjni-runtime
httpcomponents-core
influx-cli
influxdb
isorelax
jakarta-taglibs-standard
jansi
jarjar
java-cup
java-cup-bootstrap
javacc
javacc-bootstrap
javassist
jboss-interceptors-1.2-api
jdepend
jflex
jflex-bootstrap
jlex
jline
jna
jsch
jsoup
jsr-305
jtidy
junit
junitperf
jzlib
kubevirt
kured
libcontainers-common
libtheora
libva
libvdpau
lynx
maven-parent
multus
objectweb-anttask
objectweb-asm
objenesis
oro
osgi-annotation
osgi-compendium
osgi-core
patterns-ceph-containers
plexus-classworlds
plexus-interpolation
plexus-pom
plexus-utils
proj
psl-make-dafsa
publicsuffix
qdox
regexp
relaxngDatatype
rhino
ripgrep
rook
servletapi4
servletapi5
shapelib
slf4j
trilead-ssh2
xalan-j2
xbean
xcursor-themes
xerces-j2
xml-commons-apis
xml-commons-resolver
xmldb-api
xmlrpc-c
xmlunit
xpp2
xpp3
xz-java | -| Photon | [Photon License](LICENSE-PHOTON.md) and [Photon Notice](NOTICE.APACHE2).
Also see [LICENSE-EXCEPTIONS.PHOTON](LICENSE-EXCEPTIONS.PHOTON). | acl
alsa-lib
alsa-utils
ansible
apparmor
apr
apr-util
asciidoc
atftp
audit
autoconf
autoconf-archive
autofs
autogen
automake
babel
bash
bc
bcc
bind
binutils
bison
blktrace
boost
bridge-utils
btrfs-progs
bubblewrap
build-essential
bzip2
c-ares
cairo
cassandra
cdrkit
check
chkconfig
chrpath
cifs-utils
clang
clang16
cloud-init
cloud-utils-growpart
cmake
cni-plugins
core-packages
coreutils
cpio
cppunit
cracklib
crash
crash-gcore-command
createrepo_c
cri-tools
cronie
curl
cyrus-sasl
cyrus-sasl-bootstrap
dbus
dbus-glib
dejagnu
device-mapper-multipath
dhcp
dialog
diffutils
dkms
dmidecode
dnsmasq
docbook-dtd-xml
docbook-style-xsl
dosfstools
dracut
dstat
e2fsprogs
ed
efibootmgr
efivar
elfutils
emacs
erlang
etcd-3.5.0
etcd-3.5.1
etcd-3.5.3
etcd-3.5.4
etcd-3.5.5
etcd-3.5.6
ethtool
expat
expect
fcgi
file
filesystem
findutils
finger
flex
fontconfig
fping
freetype
fuse
gawk
gc
gcc
gdb
gdbm
gettext
git
git-lfs
glib
glib-networking
glibc
glibmm
glide
gmp
gnome-common
gnupg2
gnuplot
gnutls
gobject-introspection
golang
golang-1.17
golang-1.18
gperf
gperftools
gpgme
gptfdisk
grep
groff
grub2
gtest
gtk-doc
guile
gzip
haproxy
harfbuzz
haveged
hdparm
http-parser
httpd
i2c-tools
iana-etc
icu
initramfs
initscripts
inotify-tools
intltool
iotop
iperf3
iproute
ipset
iptables
iputils
ipvsadm
ipxe
irqbalance
itstool
jansson
jq
json-c
json-glib
kbd
keepalived
kernel
kernel-azure
kernel-hci
kernel-headers
kernel-mshv
kernel-rt
kernel-uvm
keyutils
kmod
krb5
less
libaio
libarchive
libassuan
libatomic_ops
libcap
libcap-ng
libconfig
libdb
libdnet
libedit
libestr
libevent
libfastjson
libffi
libgcrypt
libgpg-error
libgssglue
libgsystem
libgudev
libjpeg-turbo
libksba
liblogging
libmbim
libmnl
libmodulemd
libmpc
libmspack
libndp
libnetfilter_conntrack
libnetfilter_cthelper
libnetfilter_cttimeout
libnetfilter_queue
libnfnetlink
libnftnl
libnl3
libnsl2
libpcap
libpipeline
libpng
libpsl
libqmi
librelp
librepo
librsync
libseccomp
libselinux
libsepol
libserf
libsigc++30
libsolv
libsoup
libssh2
libtalloc
libtar
libtasn1
libtiff
libtirpc
libtool
libunistring
libunwind
libusb
libvirt
libwebp
libxml2
libxslt
libyaml
linux-firmware
lldb
lldpad
llvm
llvm16
lm-sensors
lmdb
log4cpp
logrotate
lshw
lsof
lsscsi
ltrace
lttng-tools
lttng-ust
lvm2
lz4
lzo
m2crypto
m4
make
man-db
man-pages
mariadb
maven
mc
mercurial
meson
mlocate
ModemManager
mozjs
mpfr
msft-golang
msr-tools
mysql
nano
nasm
ncurses
ndctl
net-snmp
net-tools
nettle
newt
nfs-utils
nghttp2
nginx
ninja-build
nodejs
nodejs18
npth
nspr
nss
nss-altfiles
ntp
numactl
nvme-cli
oniguruma
OpenIPMI
openldap
openscap
openssh
openvswitch
ostree
pam
pango
parted
patch
pciutils
pcre
perl-Canary-Stability
perl-CGI
perl-common-sense
perl-Crypt-SSLeay
perl-DBD-SQLite
perl-DBI
perl-DBIx-Simple
perl-Exporter-Tiny
perl-File-HomeDir
perl-File-Which
perl-IO-Socket-SSL
perl-JSON-Any
perl-JSON-XS
perl-libintl-perl
perl-List-MoreUtils
perl-Module-Build
perl-Module-Install
perl-Module-ScanDeps
perl-Net-SSLeay
perl-NetAddr-IP
perl-Object-Accessor
perl-Path-Class
perl-Try-Tiny
perl-Types-Serialiser
perl-WWW-Curl
perl-XML-Parser
perl-YAML
perl-YAML-Tiny
pgbouncer
pinentry
polkit
popt
postgresql
procps-ng
protobuf
protobuf-c
psmisc
pth
pyasn1-modules
pyOpenSSL
PyPAM
pyparsing
pytest
python-appdirs
python-asn1crypto
python-atomicwrites
python-attrs
python-bcrypt
python-certifi
python-cffi
python-chardet
python-configobj
python-constantly
python-coverage
python-cryptography
python-daemon
python-dateutil
python-defusedxml
python-distro
python-docopt
python-docutils
python-ecdsa
python-gevent
python-hyperlink
python-hypothesis
python-idna
python-imagesize
python-incremental
python-iniparse
python-ipaddr
python-jinja2
python-jmespath
python-jsonpatch
python-jsonpointer
python-jsonschema
python-lockfile
python-lxml
python-m2r
python-mako
python-markupsafe
python-mistune
python-msgpack
python-netaddr
python-netifaces
python-ntplib
python-oauthlib
python-packaging
python-pam
python-pbr
python-ply
python-prettytable
python-psutil
python-psycopg2
python-py
python-pyasn1
python-pycodestyle
python-pycparser
python-pycurl
python-pygments
python-pynacl
python-requests
python-setuptools_scm
python-simplejson
python-six
python-snowballstemmer
python-sphinx-theme-alabaster
python-twisted
python-urllib3
python-vcversioner
python-virtualenv
python-wcwidth
python-webob
python-websocket-client
python-werkzeug
python-zope-interface
python3
pytz
PyYAML
rapidjson
readline
redis
rng-tools
rpcbind
rpcsvc-proto
rpm
rpm-ostree
rrdtool
rsync
rsyslog
ruby
rust
scons
sed
sg3_utils
shadow-utils
slang
snappy
socat
sqlite
sshpass
strace
strongswan
subversion
sudo
swig
syslinux
syslog-ng
sysstat
systemd
systemd-bootstrap
systemtap
tar
tboot
tcl
tcpdump
tcsh
tdnf
telegraf
texinfo
tmux
tpm2-abrmd
tpm2-tools
tpm2-tss
traceroute
tree
trousers
tzdata
unbound
unixODBC
unzip
usbutils
userspace-rcu
utf8proc
util-linux
valgrind
vim
vsftpd
WALinuxAgent
wget
which
wpa_supplicant
xfsprogs
xinetd
xmlsec1
xmlto
xz
zchunk
zeromq
zip
zlib
zsh | +| Photon | [Photon License](LICENSE-PHOTON.md) and [Photon Notice](NOTICE.APACHE2).
Also see [LICENSE-EXCEPTIONS.PHOTON](LICENSE-EXCEPTIONS.PHOTON). | acl
alsa-lib
alsa-utils
ansible
apparmor
apr
apr-util
asciidoc
atftp
audit
autoconf
autoconf-archive
autofs
autogen
automake
babel
bash
bc
bcc
bind
binutils
bison
blktrace
boost
bridge-utils
btrfs-progs
bubblewrap
build-essential
bzip2
c-ares
cairo
cassandra
cdrkit
check
chkconfig
chrpath
cifs-utils
clang
clang16
cloud-init
cloud-utils-growpart
cmake
cni-plugins
core-packages
coreutils
cpio
cppunit
cracklib
crash
crash-gcore-command
createrepo_c
cri-tools
cronie
curl
cyrus-sasl
cyrus-sasl-bootstrap
dbus
dbus-glib
dejagnu
device-mapper-multipath
dhcp
dialog
diffutils
dkms
dmidecode
dnsmasq
docbook-dtd-xml
docbook-style-xsl
dosfstools
dracut
dstat
e2fsprogs
ed
efibootmgr
efivar
elfutils
emacs
erlang
etcd-3.5.0
etcd-3.5.1
etcd-3.5.3
etcd-3.5.4
etcd-3.5.5
etcd-3.5.6
ethtool
expat
expect
fcgi
file
filesystem
findutils
finger
flex
fontconfig
fping
freetype
fuse
gawk
gc
gcc
gdb
gdbm
gettext
git
git-lfs
glib
glib-networking
glibc
glibmm
glide
gmp
gnome-common
gnupg2
gnuplot
gnutls
gobject-introspection
golang
golang-1.17
golang-1.18
gperf
gperftools
gpgme
gptfdisk
grep
groff
grub2
gtest
gtk-doc
guile
gzip
haproxy
harfbuzz
haveged
hdparm
http-parser
httpd
i2c-tools
iana-etc
icu
initramfs
initscripts
inotify-tools
intltool
iotop
iperf3
iproute
ipset
iptables
iputils
ipvsadm
ipxe
irqbalance
itstool
jansson
jq
json-c
json-glib
kbd
keepalived
kernel
kernel-azure
kernel-hci
kernel-headers
kernel-mshv
kernel-rt
kernel-uvm
kernel-uvm-cvm
keyutils
kmod
krb5
less
libaio
libarchive
libassuan
libatomic_ops
libcap
libcap-ng
libconfig
libdb
libdnet
libedit
libestr
libevent
libfastjson
libffi
libgcrypt
libgpg-error
libgssglue
libgsystem
libgudev
libjpeg-turbo
libksba
liblogging
libmbim
libmnl
libmodulemd
libmpc
libmspack
libndp
libnetfilter_conntrack
libnetfilter_cthelper
libnetfilter_cttimeout
libnetfilter_queue
libnfnetlink
libnftnl
libnl3
libnsl2
libpcap
libpipeline
libpng
libpsl
libqmi
librelp
librepo
librsync
libseccomp
libselinux
libsepol
libserf
libsigc++30
libsolv
libsoup
libssh2
libtalloc
libtar
libtasn1
libtiff
libtirpc
libtool
libunistring
libunwind
libusb
libvirt
libwebp
libxml2
libxslt
libyaml
linux-firmware
lldb
lldpad
llvm
llvm16
lm-sensors
lmdb
log4cpp
logrotate
lshw
lsof
lsscsi
ltrace
lttng-tools
lttng-ust
lvm2
lz4
lzo
m2crypto
m4
make
man-db
man-pages
mariadb
maven
mc
mercurial
meson
mlocate
ModemManager
mozjs
mpfr
msft-golang
msr-tools
mysql
nano
nasm
ncurses
ndctl
net-snmp
net-tools
nettle
newt
nfs-utils
nghttp2
nginx
ninja-build
nodejs
nodejs18
npth
nspr
nss
nss-altfiles
ntp
numactl
nvme-cli
oniguruma
OpenIPMI
openldap
openscap
openssh
openvswitch
ostree
pam
pango
parted
patch
pciutils
pcre
perl-Canary-Stability
perl-CGI
perl-common-sense
perl-Crypt-SSLeay
perl-DBD-SQLite
perl-DBI
perl-DBIx-Simple
perl-Exporter-Tiny
perl-File-HomeDir
perl-File-Which
perl-IO-Socket-SSL
perl-JSON-Any
perl-JSON-XS
perl-libintl-perl
perl-List-MoreUtils
perl-Module-Build
perl-Module-Install
perl-Module-ScanDeps
perl-Net-SSLeay
perl-NetAddr-IP
perl-Object-Accessor
perl-Path-Class
perl-Try-Tiny
perl-Types-Serialiser
perl-WWW-Curl
perl-XML-Parser
perl-YAML
perl-YAML-Tiny
pgbouncer
pinentry
polkit
popt
postgresql
procps-ng
protobuf
protobuf-c
psmisc
pth
pyasn1-modules
pyOpenSSL
PyPAM
pyparsing
pytest
python-appdirs
python-asn1crypto
python-atomicwrites
python-attrs
python-bcrypt
python-certifi
python-cffi
python-chardet
python-configobj
python-constantly
python-coverage
python-cryptography
python-daemon
python-dateutil
python-defusedxml
python-distro
python-docopt
python-docutils
python-ecdsa
python-gevent
python-hyperlink
python-hypothesis
python-idna
python-imagesize
python-incremental
python-iniparse
python-ipaddr
python-jinja2
python-jmespath
python-jsonpatch
python-jsonpointer
python-jsonschema
python-lockfile
python-lxml
python-m2r
python-mako
python-markupsafe
python-mistune
python-msgpack
python-netaddr
python-netifaces
python-ntplib
python-oauthlib
python-packaging
python-pam
python-pbr
python-ply
python-prettytable
python-psutil
python-psycopg2
python-py
python-pyasn1
python-pycodestyle
python-pycparser
python-pycurl
python-pygments
python-pynacl
python-requests
python-setuptools_scm
python-simplejson
python-six
python-snowballstemmer
python-sphinx-theme-alabaster
python-twisted
python-urllib3
python-vcversioner
python-virtualenv
python-wcwidth
python-webob
python-websocket-client
python-werkzeug
python-zope-interface
python3
pytz
PyYAML
rapidjson
readline
redis
rng-tools
rpcbind
rpcsvc-proto
rpm
rpm-ostree
rrdtool
rsync
rsyslog
ruby
rust
scons
sed
sg3_utils
shadow-utils
slang
snappy
socat
sqlite
sshpass
strace
strongswan
subversion
sudo
swig
syslinux
syslog-ng
sysstat
systemd
systemd-bootstrap
systemtap
tar
tboot
tcl
tcpdump
tcsh
tdnf
telegraf
texinfo
tmux
tpm2-abrmd
tpm2-tools
tpm2-tss
traceroute
tree
trousers
tzdata
unbound
unixODBC
unzip
usbutils
userspace-rcu
utf8proc
util-linux
valgrind
vim
vsftpd
WALinuxAgent
wget
which
wpa_supplicant
xfsprogs
xinetd
xmlsec1
xmlto
xz
zchunk
zeromq
zip
zlib
zsh | | RPM software management source | [GPLv2+ License](https://github.com/rpm-software-management/dnf5/blob/main/COPYING.md) | dnf5 | | Sysbench source | [GPLv2+ License](https://github.com/akopytov/sysbench/blob/master/COPYING) | sysbench | diff --git a/SPECS/LICENSES-AND-NOTICES/data/licenses.json b/SPECS/LICENSES-AND-NOTICES/data/licenses.json index 7b3c3e028f2..01b1df0502a 100644 --- a/SPECS/LICENSES-AND-NOTICES/data/licenses.json +++ b/SPECS/LICENSES-AND-NOTICES/data/licenses.json @@ -2757,6 +2757,7 @@ "kernel-mshv", "kernel-rt", "kernel-uvm", + "kernel-uvm-cvm", "keyutils", "kmod", "krb5", diff --git a/SPECS/cloud-hypervisor/cloud-hypervisor.signatures.json b/SPECS/cloud-hypervisor/cloud-hypervisor.signatures.json index 9a1db6576ad..163a303dec9 100644 --- a/SPECS/cloud-hypervisor/cloud-hypervisor.signatures.json +++ b/SPECS/cloud-hypervisor/cloud-hypervisor.signatures.json @@ -1,7 +1,7 @@ { "Signatures": { - "cloud-hypervisor-31.1-cargo.tar.gz": "360665126fff3dd381ddfd9cc260849fb2e66b326cf05d48b1137d74fc3165e3", - "cloud-hypervisor-31.1.tar.gz": "cb337502c97afb9f08b43416f16ed0509247eaf4a1f6c888bb64e1990f0efd12", - "config.toml": "5d9e002712ba17bb3e9d7ddc135aef1e94b8b89b6d292633bb14614c19f7805d" + "cloud-hypervisor-32.0-cargo.tar.gz": "2dd7ca374109ba337afeb0ff95d5edac8193431ec74cdbb6b1a400c600f4d915", + "cloud-hypervisor-32.0.tar.gz": "b9754a5ecd26697e5416a642345b2f35f4fdc983a83d540d740978309f2eb419", + "config.toml": "6d2aeec19782ae17eb2708262b0a7c551db3cc36b56542abca18d577de042458" } } \ No newline at end of file diff --git a/SPECS/cloud-hypervisor/cloud-hypervisor.spec b/SPECS/cloud-hypervisor/cloud-hypervisor.spec index fd98a85f913..de1a3205b42 100644 --- a/SPECS/cloud-hypervisor/cloud-hypervisor.spec +++ b/SPECS/cloud-hypervisor/cloud-hypervisor.spec @@ -4,8 +4,8 @@ Summary: Cloud Hypervisor is an open source Virtual Machine Monitor (VMM) that runs on top of KVM. Name: cloud-hypervisor -Version: 31.1 -Release: 2%{?dist} +Version: 32.0 +Release: 1%{?dist} License: ASL 2.0 OR BSD-3-clause Vendor: Microsoft Corporation Distribution: Mariner @@ -151,6 +151,9 @@ cargo build --release --target=%{rust_musl_target} --package vhost_user_block %{ %license LICENSE-BSD-3-Clause %changelog +* Wed Sep 27 2023 Saul Paredes - 32.0-1 +- Update to v32.0 + * Thu Sep 07 2023 Daniel McIlvaney - 31.1-2 - Bump package to rebuild with rust 1.72.0 diff --git a/SPECS/cloud-hypervisor/config.toml b/SPECS/cloud-hypervisor/config.toml index f68f66c777a..5b71c983ac7 100644 --- a/SPECS/cloud-hypervisor/config.toml +++ b/SPECS/cloud-hypervisor/config.toml @@ -1,4 +1,3 @@ - [source.crates-io] replace-with = "vendored-sources" diff --git a/SPECS/kata-containers-cc/kata-containers-cc.signatures.json b/SPECS/kata-containers-cc/kata-containers-cc.signatures.json index 1b74ffe7ba0..42a4117937c 100644 --- a/SPECS/kata-containers-cc/kata-containers-cc.signatures.json +++ b/SPECS/kata-containers-cc/kata-containers-cc.signatures.json @@ -1,7 +1,7 @@ { "Signatures": { - "kata-containers-cc-0.6.0.tar.gz": "1c75582bde90561a3543ec34e3c888bed4d545eb4b5868d4a546455c8a7e9376", - "kata-containers-cc-0.6.0-cargo.tar.gz": "802735c1b3fd5debb0df24cdcd2b70d7863e26a1e02c681aec27de98260d9b5f", - "mariner-coco-build-uvm.sh" :"347dd3189332066fc739cd6fc6f4c43bf583e174003ac997705ebca65e8d8ac9" + "kata-containers-cc-0.6.1.tar.gz": "8cb47fa74e2419849db97891d15e3baa85564d75ce809ff6fdd3e42614d242f4", + "kata-containers-cc-0.6.1-cargo.tar.gz": "8fc62d814019d7a09f61a5c8593978b6f74c5b3f0e35054a46714d4471553ded", + "mariner-coco-build-uvm.sh" :"2c1ef256c294c702ba2feab118644c81a2c6c85d0085fa8d205e3ce1a0b5c82d" } } diff --git a/SPECS/kata-containers-cc/kata-containers-cc.spec b/SPECS/kata-containers-cc/kata-containers-cc.spec index 9f3e3ac264e..5a763492c95 100644 --- a/SPECS/kata-containers-cc/kata-containers-cc.spec +++ b/SPECS/kata-containers-cc/kata-containers-cc.spec @@ -7,8 +7,8 @@ %global debug_package %{nil} Name: kata-containers-cc -Version: 0.6.0 -Release: 4%{?dist} +Version: 0.6.1 +Release: 1%{?dist} Summary: Kata Confidential Containers License: ASL 2.0 Vendor: Microsoft Corporation @@ -33,26 +33,36 @@ BuildRequires: sudo BuildRequires: perl-FindBin BuildRequires: perl-lib BuildRequires: libseccomp-devel -BuildRequires: kernel-uvm-devel BuildRequires: openssl-devel BuildRequires: clang BuildRequires: device-mapper-devel BuildRequires: cmake +BuildRequires: fuse-devel + +# needed to build the tarfs module, see next comment - we currently build the tarfs module for both kernels +BuildRequires: kernel-uvm-devel +BuildRequires: kernel-uvm-cvm-devel +# kernel-uvm is required for allowing to test the kata-cc handler w/o SEV SNP but with the +# policy feature using kernel-uvm and the kata-cc shim/agent from this package with policy features Requires: kernel-uvm +Requires: kernel-uvm-cvm Requires: moby-containerd-cc %description Kata Confidential Containers. +# This subpackage is used to build the uvm and therefore has dependencies on the kernel-uvm(-cvm) binaries %package tools -Summary: Kata CC Tools package for building UVM components +Summary: Kata CC tools package for building UVM components Requires: cargo Requires: qemu-img Requires: parted Requires: curl +Requires: veritysetup Requires: opa >= 0.50.2 Requires: kernel-uvm +Requires: kernel-uvm-cvm %description tools This package contains the UVM osbuilder files @@ -68,41 +78,67 @@ export PATH=$PATH:"$(pwd)/go/bin" export GOPATH="$(pwd)/go" export OPENSSL_NO_VENDOR=1 -# Runtime +# kata shim/runtime pushd %{_builddir}/%{name}-%{version}/src/runtime %make_build %{runtime_make_vars} popd -# Tardev snapshotter +# agent +pushd %{_builddir}/%{name}-%{version}/src/agent +%make_build %{agent_make_vars} +popd + +# tardev snapshotter pushd %{_builddir}/%{name}-%{version}/src/tardev-snapshotter make chmod +x target/release/tardev-snapshotter popd -pushd /usr/src/linux-headers* +# overlay +pushd %{_builddir}/%{name}-%{version}/src/overlay +cargo build --release +popd + +# utarfs +pushd %{_builddir}/%{name}-%{version}/src/utarfs +cargo build --release +popd + +# kernel modules +pushd /usr/src/linux-headers*cvm +header_dir=$(basename $PWD) +KERNEL_CVM_VER=${header_dir#"linux-headers-"} +KERNEL_CVM_MODULE_VER=${KERNEL_CVM_VER%%-*} +popd + +pushd /usr/src/$(ls /usr/src | grep linux-header | grep -v cvm) header_dir=$(basename $PWD) KERNEL_VER=${header_dir#"linux-headers-"} KERNEL_MODULE_VER=${KERNEL_VER%%-*} popd -# Kernel modules +# make a copy of the tarfs folder for cvm modules +mkdir -p %{_builddir}/%{name}-%{version}/src/tarfs-cvm +cp -aR %{_builddir}/%{name}-%{version}/src/tarfs/* %{_builddir}/%{name}-%{version}/src/tarfs-cvm/ + pushd %{_builddir}/%{name}-%{version}/src/tarfs make KDIR=/usr/src/linux-headers-${KERNEL_VER} make KDIR=/usr/src/linux-headers-${KERNEL_VER} install popd %global KERNEL_MODULES_DIR %{_builddir}/%{name}-%{version}/src/tarfs/_install/lib/modules/${KERNEL_MODULE_VER} -# Agent -pushd %{_builddir}/%{name}-%{version}/src/agent -%make_build %{agent_make_vars} +pushd %{_builddir}/%{name}-%{version}/src/tarfs-cvm +make KDIR=/usr/src/linux-headers-${KERNEL_CVM_VER} +make KDIR=/usr/src/linux-headers-${KERNEL_CVM_VER} install popd +%global KERNEL_CVM_MODULES_DIR %{_builddir}/%{name}-%{version}/src/tarfs-cvm/_install/lib/modules/${KERNEL_CVM_MODULE_VER} %install %define coco_path /opt/confidential-containers %define coco_bin %{coco_path}/bin %define defaults_kata %{coco_path}/share/defaults/kata-containers %define share_kata %{coco_path}/share/kata-containers -%define osbuilder /opt/mariner/share/uvm +%define osbuilder %{coco_path}/uvm mkdir -p %{buildroot}%{osbuilder}/tools/osbuilder/scripts mkdir -p %{buildroot}%{osbuilder}/tools/osbuilder/rootfs-builder @@ -110,8 +146,9 @@ mkdir -p %{buildroot}%{osbuilder}/tools/osbuilder/initrd-builder mkdir -p %{buildroot}%{osbuilder}/tools/osbuilder/image-builder mkdir -p %{buildroot}%{osbuilder}/ci -# Kernel modules +# kernel modules cp -aR %{KERNEL_MODULES_DIR} %{buildroot}%{osbuilder} +cp -aR %{KERNEL_CVM_MODULES_DIR} %{buildroot}%{osbuilder} # osbuilder pushd %{_builddir}/%{name}-%{version} @@ -130,58 +167,70 @@ cp -aR tools/osbuilder/initrd-builder %{buildroot}%{osbuilder}/tools/osbuilder cp -aR tools/osbuilder/scripts %{buildroot}%{osbuilder}/tools/osbuilder popd -# Symlinks for cc binaries mkdir -p %{buildroot}%{coco_bin} mkdir -p %{buildroot}%{share_kata} mkdir -p %{buildroot}%{coco_path}/libexec mkdir -p %{buildroot}/etc/systemd/system/containerd.service.d/ -# cloud-hypervisor is not intended for prod scenarios +# for testing policy/snapshotter without SEV SNP we use CH (with kernel-uvm and initrd) instead of CH-CVM with IGVM +# Note: our kata-containers config toml expects cloud-hypervisor and kernel under a certain path/name, so we align this through symlinks here ln -s /usr/bin/cloud-hypervisor %{buildroot}%{coco_bin}/cloud-hypervisor -ln -s /usr/bin/cloud-hypervisor %{buildroot}%{coco_bin}/cloud-hypervisor-snp +ln -s /usr/bin/cloud-hypervisor-cvm %{buildroot}%{coco_bin}/cloud-hypervisor-snp + +# this is again for testing without SEV SNP ln -s /usr/share/cloud-hypervisor/vmlinux.bin %{buildroot}%{share_kata}/vmlinux.container ln -sf /usr/libexec/virtiofsd %{buildroot}/%{coco_path}/libexec/virtiofsd find %{buildroot}/etc -# Agent +# agent pushd %{_builddir}/%{name}-%{version}/src/agent - mkdir -p %{buildroot}%{osbuilder}/src/agent/samples/policy cp -aR samples/policy/all-allowed %{buildroot}%{osbuilder}/src/agent/samples/policy install -D -m 0755 kata-containers.target %{buildroot}%{osbuilder}/kata-containers.target install -D -m 0755 kata-agent.service.in %{buildroot}%{osbuilder}/kata-agent.service.in install -D -m 0755 coco-opa.service %{buildroot}%{osbuilder}/coco-opa.service install -D -m 0755 target/x86_64-unknown-linux-gnu/release/kata-agent %{buildroot}%{osbuilder}/kata-agent +popd -popd - -# Runtime +# runtime/shim pushd %{_builddir}/%{name}-%{version}/src/runtime install -D -m 0755 containerd-shim-kata-v2 %{buildroot}/usr/local/bin/containerd-shim-kata-cc-v2 install -D -m 0755 kata-monitor %{buildroot}%{coco_bin}/kata-monitor install -D -m 0755 kata-runtime %{buildroot}%{coco_bin}/kata-runtime install -D -m 0755 data/kata-collect-data.sh %{buildroot}%{coco_bin}/kata-collect-data.sh -# configuration-clh.toml is not intended for prod scenarios +# Note: we deploy two configurations - the additional one is for policy/snapshotter testing w/o SEV SNP or IGVM install -D -m 0644 config/configuration-clh.toml %{buildroot}/%{defaults_kata}/configuration-clh.toml install -D -m 0644 config/configuration-clh-snp.toml %{buildroot}/%{defaults_kata}/configuration-clh-snp.toml + +# adapt upstream config files +# change paths with locations specific to our distribution sed -i 's|/usr|/opt/confidential-containers|g' %{buildroot}/%{defaults_kata}/configuration-clh.toml sed -i 's|/usr|/opt/confidential-containers|g' %{buildroot}/%{defaults_kata}/configuration-clh-snp.toml popd -# Tardev-snapshotter +# tardev-snapshotter pushd %{_builddir}/%{name}-%{version}/src/tardev-snapshotter/ sed -i -e 's/containerd.service/kubelet.service/g' tardev-snapshotter.service install -m 0644 -D -t %{buildroot}%{_unitdir} tardev-snapshotter.service install -D -m 0755 target/release/tardev-snapshotter %{buildroot}/usr/bin/tardev-snapshotter popd +# overlay +pushd %{_builddir}/%{name}-%{version}/src/overlay/ +install -D -m 0755 target/release/kata-overlay %{buildroot}/usr/bin/kata-overlay +popd + +# utarfs +pushd %{_builddir}/%{name}-%{version}/src/utarfs/ +install -D -m 0755 target/release/utarfs %{buildroot}/usr/sbin/mount.tar +popd + install -D -m 0755 %{_builddir}/%{name}-%{version}/tools/osbuilder/image-builder/image_builder.sh %{buildroot}%{osbuilder}/tools/osbuilder/image-builder/image_builder.sh install -D -m 0755 %{_builddir}/%{name}-%{version}/tools/osbuilder/image-builder/nsdax.gpl.c %{buildroot}%{osbuilder}/tools/osbuilder/image-builder/nsdax.gpl.c - %preun %systemd_preun tardev-snapshotter.service @@ -204,6 +253,8 @@ install -D -m 0755 %{_builddir}/%{name}-%{version}/tools/osbuilder/image-builder %{coco_path}/libexec/virtiofsd %{_bindir}/tardev-snapshotter +%{_bindir}/kata-overlay +%{_sbindir}/mount.tar %{_unitdir}/tardev-snapshotter.service %{_prefix}/local/bin/containerd-shim-kata-cc-v2 @@ -211,10 +262,8 @@ install -D -m 0755 %{_builddir}/%{name}-%{version}/tools/osbuilder/image-builder %doc CONTRIBUTING.md %doc README.md - %files tools %dir %{osbuilder}/src/agent/samples/policy/all-allowed -%{osbuilder}/src/agent/samples/policy/all-allowed/all-allowed-data.json %{osbuilder}/src/agent/samples/policy/all-allowed/all-allowed.rego %{osbuilder}/mariner-coco-build-uvm.sh @@ -232,7 +281,7 @@ install -D -m 0755 %{_builddir}/%{name}-%{version}/tools/osbuilder/image-builder %{osbuilder}/modules/* %{osbuilder}/tools/* -# Remove some scripts we don't use +# remove some scripts we don't use %exclude %{osbuilder}/tools/osbuilder/rootfs-builder/alpine %exclude %{osbuilder}/tools/osbuilder/rootfs-builder/centos %exclude %{osbuilder}/tools/osbuilder/rootfs-builder/clearlinux @@ -240,8 +289,11 @@ install -D -m 0755 %{_builddir}/%{name}-%{version}/tools/osbuilder/image-builder %exclude %{osbuilder}/tools/osbuilder/rootfs-builder/template %exclude %{osbuilder}/tools/osbuilder/rootfs-builder/ubuntu - %changelog +* Mon Sep 18 2023 Dallas Delaney 0.6.1-1 +- Update to use cloud-hypervisor-cvm and kernel-uvm-cm +- Pull in latest source for genpolicy, utarfs, and overlay changes + * Thu Sep 14 2023 Muhammad Falak - 0.6.0-4 - Introduce patch to drop mut for immutable vars - Introduce patch enabling feature(impl_trait_in_assoc_type) to unblock build diff --git a/SPECS/kata-containers-cc/mariner-coco-build-uvm.sh b/SPECS/kata-containers-cc/mariner-coco-build-uvm.sh index 2d353653ff3..3d4e9ddc66c 100755 --- a/SPECS/kata-containers-cc/mariner-coco-build-uvm.sh +++ b/SPECS/kata-containers-cc/mariner-coco-build-uvm.sh @@ -11,21 +11,27 @@ readonly ROOTFS_DIR=${SCRIPT_DIR}/tools/osbuilder/rootfs-builder/rootfs-cbl-mari readonly OSBUILDER_DIR=${SCRIPT_DIR}/tools/osbuilder export AGENT_SOURCE_BIN=${SCRIPT_DIR}/kata-agent -# get kernel modules version -pushd modules/* -export KERNEL_MODULES_VER=$(basename $PWD) -export KERNEL_MODULES_DIR=${SCRIPT_DIR}/modules/${KERNEL_MODULES_VER} -popd - # build rootfs pushd ${OSBUILDER_DIR} sudo make clean rm -rf ${ROOTFS_DIR} -sudo -E PATH=$PATH make -B DISTRO=cbl-mariner rootfs +sudo -E PATH=$PATH SECURITY_POLICY=yes make -B DISTRO=cbl-mariner rootfs popd -# run depmod for kernel modules -depmod -a -b ${ROOTFS_DIR} ${KERNEL_MODULES_VER} +# include both kernel-uvm and kernel-uvm-cvm modules in rootfs +# TODO once kernel-uvm and kernel-uvm-cvm are re-aligned: +# - remove this code +# - define and export a KERNEL_MODULE_DIR variable above make rootfs +# - this will cause the make rootfs command to copy the modules and call dempod +# - the current version of rootfs.sh does not support adding multiple module folder for different kernel versions +MODULE_ROOTFS_DEST_DIR="${ROOTFS_DIR}/lib/modules" +mkdir -p ${MODULE_ROOTFS_DEST_DIR} +for d in modules/*; +do + MODULE_DIR_NAME=$(basename $d) + cp -a "modules/${MODULE_DIR_NAME}" "${MODULE_ROOTFS_DEST_DIR}/" + depmod -a -b "${ROOTFS_DIR}" ${MODULE_DIR_NAME} +done # install other services cp ${SCRIPT_DIR}/coco-opa.service ${ROOTFS_DIR}/usr/lib/systemd/system/coco-opa.service @@ -33,7 +39,8 @@ cp ${SCRIPT_DIR}/kata-containers.target ${ROOTFS_DIR}/usr/lib/systemd/system/ka cp ${SCRIPT_DIR}/kata-agent.service.in ${ROOTFS_DIR}/usr/lib/systemd/system/kata-agent.service sed -i 's/@BINDIR@\/@AGENT_NAME@/\/usr\/bin\/kata-agent/g' ${ROOTFS_DIR}/usr/lib/systemd/system/kata-agent.service -# build initrd +# build image pushd ${OSBUILDER_DIR} -sudo -E PATH=$PATH make DISTRO=cbl-mariner TARGET_ROOTFS=${ROOTFS_DIR} initrd +mv rootfs-builder/rootfs-cbl-mariner cbl-mariner_rootfs +sudo -E PATH=$PATH make DISTRO=cbl-mariner KATA_BUILD_CC=yes DM_VERITY_FORMAT=kernelinit image popd diff --git a/SPECS/kata-containers/0001-Append-systemd-kernel-cmdline-params-for-initrd.patch b/SPECS/kata-containers/0001-Append-systemd-kernel-cmdline-params-for-initrd.patch new file mode 100644 index 00000000000..8744c2c5e96 --- /dev/null +++ b/SPECS/kata-containers/0001-Append-systemd-kernel-cmdline-params-for-initrd.patch @@ -0,0 +1,25 @@ +From 0503cd61a56ed09de60981fedecc226df3845860 Mon Sep 17 00:00:00 2001 +From: dallasd1 +Date: Wed, 26 Jul 2023 08:40:44 -0700 +Subject: [PATCH] Append systemd kernel cmdline params for initrd + +--- + src/runtime/pkg/katautils/create.go | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/runtime/pkg/katautils/create.go b/src/runtime/pkg/katautils/create.go +index 67ea03dcf..2c829a691 100644 +--- a/src/runtime/pkg/katautils/create.go ++++ b/src/runtime/pkg/katautils/create.go +@@ -57,7 +57,7 @@ func getKernelParams(needSystemd, trace bool) []vc.Param { + } + + func needSystemd(config vc.HypervisorConfig) bool { +- return config.ImagePath != "" ++ return config.ImagePath != "" || config.InitrdPath != "" + } + + // HandleFactory set the factory +-- +2.17.1 + diff --git a/SPECS/kata-containers/0001-osbuilder-Add-support-for-CBL-Mariner.patch b/SPECS/kata-containers/0001-osbuilder-Add-support-for-CBL-Mariner.patch new file mode 100644 index 00000000000..d7d8b128c83 --- /dev/null +++ b/SPECS/kata-containers/0001-osbuilder-Add-support-for-CBL-Mariner.patch @@ -0,0 +1,122 @@ +From 36198274dcb4332f1acd445d2a80854232b1d236 Mon Sep 17 00:00:00 2001 +From: Dallas Delaney +Date: Thu, 26 Jan 2023 14:58:55 -0800 +Subject: [PATCH] osbuilder: Add support for CBL-Mariner + +Add osbuilder support to build a rootfs and image +based on the CBL-Mariner Linux distro + +Fixes: #6462 + +Signed-off-by: Dallas Delaney +--- + tools/osbuilder/README.md | 14 +++++----- + .../rootfs-builder/cbl-mariner/Dockerfile.in | 15 +++++++++++ + .../rootfs-builder/cbl-mariner/config.sh | 10 +++++++ + .../rootfs-builder/cbl-mariner/rootfs_lib.sh | 26 +++++++++++++++++++ + 4 files changed, 58 insertions(+), 7 deletions(-) + create mode 100644 tools/osbuilder/rootfs-builder/cbl-mariner/Dockerfile.in + create mode 100644 tools/osbuilder/rootfs-builder/cbl-mariner/config.sh + create mode 100644 tools/osbuilder/rootfs-builder/cbl-mariner/rootfs_lib.sh + +diff --git a/tools/osbuilder/README.md b/tools/osbuilder/README.md +index 343d2bf60..9415de74e 100644 +--- a/tools/osbuilder/README.md ++++ b/tools/osbuilder/README.md +@@ -80,7 +80,7 @@ filesystem components to generate an initrd. + 3. When generating an image, the initrd is extracted to obtain the base rootfs for + the image. + +-Ubuntu is the default distro for building the rootfs, to use a different one, you can set `DISTRO=alpine|clearlinux|debian|ubuntu`. ++Ubuntu is the default distro for building the rootfs, to use a different one, you can set `DISTRO=alpine|clearlinux|debian|ubuntu|cbl-mariner`. + For example `make USE_DOCKER=true DISTRO=alpine rootfs` will make an Alpine rootfs using Docker. + + ### Rootfs creation +@@ -209,9 +209,9 @@ of the the osbuilder distributions. + > Note: this table is not relevant for the dracut build method, since it supports + any Linux distribution and architecture where dracut is available. + +-| |Alpine |CentOS Stream |Clear Linux |Debian/Ubuntu | +-|-- |-- |-- |-- |-- | +-|**ARM64** |:heavy_check_mark:|:heavy_check_mark:| | | +-|**PPC64le**| |:heavy_check_mark:| |:heavy_check_mark:| +-|**s390x** | |:heavy_check_mark:| |:heavy_check_mark:| +-|**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| ++| |Alpine |CentOS Stream |Clear Linux |Debian/Ubuntu |CBL-Mariner | ++|-- |-- |-- |-- |-- |-- | ++|**ARM64** |:heavy_check_mark:|:heavy_check_mark:| | | | ++|**PPC64le**| |:heavy_check_mark:| |:heavy_check_mark:| | ++|**s390x** | |:heavy_check_mark:| |:heavy_check_mark:| | ++|**x86_64** |:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:| +diff --git a/tools/osbuilder/rootfs-builder/cbl-mariner/Dockerfile.in b/tools/osbuilder/rootfs-builder/cbl-mariner/Dockerfile.in +new file mode 100644 +index 000000000..6fa29807d +--- /dev/null ++++ b/tools/osbuilder/rootfs-builder/cbl-mariner/Dockerfile.in +@@ -0,0 +1,15 @@ ++# Copyright (c) 2023 Microsoft Corporation ++# ++# SPDX-License-Identifier: Apache-2.0 ++ ++ARG IMAGE_REGISTRY=mcr.microsoft.com ++FROM ${IMAGE_REGISTRY}/cbl-mariner/base/core:@OS_VERSION@ ++ ++RUN tdnf -y install \ ++ ca-certificates \ ++ build-essential \ ++ dnf \ ++ git \ ++ tar ++ ++@INSTALL_RUST@ +diff --git a/tools/osbuilder/rootfs-builder/cbl-mariner/config.sh b/tools/osbuilder/rootfs-builder/cbl-mariner/config.sh +new file mode 100644 +index 000000000..694124acd +--- /dev/null ++++ b/tools/osbuilder/rootfs-builder/cbl-mariner/config.sh +@@ -0,0 +1,10 @@ ++# Copyright (c) 2023 Microsoft Corporation ++# ++# SPDX-License-Identifier: Apache-2.0 ++ ++OS_NAME=cbl-mariner ++OS_VERSION=${OS_VERSION:-2.0} ++LIBC="gnu" ++PACKAGES="core-packages-base-image ca-certificates" ++[ "$AGENT_INIT" = no ] && PACKAGES+=" systemd" ++[ "$SECCOMP" = yes ] && PACKAGES+=" libseccomp" +diff --git a/tools/osbuilder/rootfs-builder/cbl-mariner/rootfs_lib.sh b/tools/osbuilder/rootfs-builder/cbl-mariner/rootfs_lib.sh +new file mode 100644 +index 000000000..0288d4d77 +--- /dev/null ++++ b/tools/osbuilder/rootfs-builder/cbl-mariner/rootfs_lib.sh +@@ -0,0 +1,26 @@ ++# Copyright (c) 2023 Microsoft Corporation ++# ++# SPDX-License-Identifier: Apache-2.0 ++ ++build_rootfs() ++{ ++ # Mandatory ++ local ROOTFS_DIR="$1" ++ ++ [ -z "$ROOTFS_DIR" ] && die "need rootfs" ++ ++ # In case of support EXTRA packages, use it to allow ++ # users add more packages to the base rootfs ++ local EXTRA_PKGS=${EXTRA_PKGS:-""} ++ ++ check_root ++ mkdir -p "${ROOTFS_DIR}" ++ PKG_MANAGER="tdnf" ++ ++ DNF="${PKG_MANAGER} -y --installroot=${ROOTFS_DIR} --noplugins --releasever=${OS_VERSION}" ++ ++ info "install packages for rootfs" ++ $DNF install ${EXTRA_PKGS} ${PACKAGES} ++ ++ rm -rf ${ROOTFS_DIR}/usr/share/{bash-completion,cracklib,doc,info,locale,man,misc,pixmaps,terminfo,zoneinfo,zsh} ++} +-- +2.33.8 + diff --git a/SPECS/kata-containers/15-dracut.conf b/SPECS/kata-containers/15-dracut.conf deleted file mode 100644 index 93fc6e03ecc..00000000000 --- a/SPECS/kata-containers/15-dracut.conf +++ /dev/null @@ -1,29 +0,0 @@ -# Custom Fedora dracut config for kata initrd/rootfs generation - - -# Fedora: kernel drivers we want in the initrd. -drivers+=" " -# virtio vsock -drivers+="vmw_vsock_virtio_transport " -# virtio net -drivers+="virtio_net " -# virtio fs -drivers+="virtiofs " -# virtio block -drivers+="virtio_blk " -# virtio scsi -drivers+="virtio_scsi " -# virtio serial. Could be dropped eventually, vsock covers us -drivers+="virtio_console " -# virtio 9p. Could be dropped eventually, virtio-fs covers us -drivers+="9p 9pnet_virtio " -# vfio -drivers+="vfio-pci vfio vfio_iommu_type1 irqbypass vfio_virqfd" - -# Mariner: Additional shared objects we want in the initrd. -install_items+=" /usr/lib/libseccomp.so.* " - -# Fedora: extra dracut modules -dracutmodules+=" " -# These aid debugging -dracutmodules+="bash busybox rescue " \ No newline at end of file diff --git a/SPECS/kata-containers/kata-containers.signatures.json b/SPECS/kata-containers/kata-containers.signatures.json index 1d9515a9b1e..9c1da048474 100644 --- a/SPECS/kata-containers/kata-containers.signatures.json +++ b/SPECS/kata-containers/kata-containers.signatures.json @@ -1,10 +1,8 @@ { "Signatures": { - "15-dracut.conf": "af94e6b7c9dfa3910531e7b5532a18fd0340de88939a4852de4ec7a49c5889ca", "50-kata": "fb108c6337b3d3bf80b43ab04f2bf9a3bdecd29075ebd16320aefe8f81c502a7", "kata-containers-3.1.0-vendor.tar.gz": "d14032fc30e0f8e1bd9afc57264ed703df6cdf48ad2b1845b02e046763ac3352", "kata-containers-3.1.0.tar.gz": "9785078a2250a784c30692f156de4a1a2cfa754a38b48b755ece7517902ffed3", - "kata-osbuilder-generate.service": "4438c39799297efbf88cfc549964432a41506a3c89e13073fa908658a5bd6376", - "kata-osbuilder.sh": "43d82b8c43332a23fa6e8dedf194c786c1d46d35ac901dc4ccb194da63034a9e" + "mariner-build-uvm.sh": "a0fbee4def82ee492eab64a8b5a948c2fef125fa1ca5686aafa0a80c64144068" } } diff --git a/SPECS/kata-containers/kata-containers.spec b/SPECS/kata-containers/kata-containers.spec index 8cf106c0490..2f1d22d128e 100644 --- a/SPECS/kata-containers/kata-containers.spec +++ b/SPECS/kata-containers/kata-containers.spec @@ -12,11 +12,14 @@ %undefine _strict_symbol_defs_build %global katacache %{_localstatedir}/cache -%global katalibexecdir %{_libexecdir}/kata-containers +%global katauvmdir /opt/kata-containers/uvm %global katalocalstatecachedir %{katacache}/kata-containers -%global kataagentdir %{katalibexecdir}/agent -%global kataosbuilderdir %{katalibexecdir}/osbuilder +%global kataagentdir %{katauvmdir}/agent +%global kataosbuilderdir %{katauvmdir}/tools/osbuilder +%global kataconfigdir /usr/share/defaults/kata-containers +%global kataclhdir /usr/share/cloud-hypervisor +%global katainitrddir /var/cache/kata-containers/osbuilder-images/kernel-uvm %global runtime_make_vars QEMUPATH=%{qemupath} \\\ KERNELTYPE="compressed" \\\ @@ -25,8 +28,8 @@ DEFVIRTIOFSDAEMON=%{_libexecdir}/"virtiofsd" \\\ DEFVIRTIOFSCACHESIZE=0 \\\ DEFSANDBOXCGROUPONLY=false \\\ - DEFSTATICSANDBOXWORKLOADMEM=1984 \\\ - DEFMEMSZ=64 \\\ + DEFSTATICSANDBOXWORKLOADMEM=1792 \\\ + DEFMEMSZ=256 \\\ SKIP_GO_VERSION_CHECK=y \\\ MACHINETYPE=%{machinetype} \\\ DESTDIR=%{buildroot} \\\ @@ -41,16 +44,14 @@ Summary: Kata Containers version 2.x repository Name: kata-containers Version: 3.1.0 -Release: 6%{?dist} +Release: 7%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation URL: https://github.com/%{name}/%{name} Source0: https://github.com/%{name}/%{name}/archive/refs/tags/%{version}.tar.gz#/%{name}-%{version}.tar.gz Source1: https://github.com/%{name}/%{name}/releases/download/%{version}/%{name}-%{version}-vendor.tar.gz -Source2: kata-osbuilder.sh -Source3: kata-osbuilder-generate.service -Source4: 15-dracut.conf -Source5: 50-kata +Source2: 50-kata +Source3: mariner-build-uvm.sh Patch0: 0001-Merged-PR-9607-Allow-10-seconds-for-VM-creation-star.patch Patch1: 0002-Merged-PR-9671-Wait-for-a-possibly-slow-Guest.patch Patch2: 0003-Merged-PR-9805-Add-support-for-MSHV.patch @@ -58,6 +59,8 @@ Patch3: 0004-Merged-PR-9806-Fix-enable_debug-for-hypervisor.clh.patch Patch4: 0005-Merged-PR-9956-shim-avoid-memory-hotplug-timeout.patch Patch5: runtime-reduce-uvm-high-mem-footprint.patch Patch6: drop-mut-for-variables-that-are-not-mutated.patch +Patch7: 0001-osbuilder-Add-support-for-CBL-Mariner.patch +Patch8: 0001-Append-systemd-kernel-cmdline-params-for-initrd.patch BuildRequires: golang BuildRequires: git-core @@ -75,7 +78,6 @@ BuildRequires: cargo BuildRequires: rust Requires: busybox -Requires: dracut Requires: kernel Requires: libseccomp Requires: qemu-kvm-core >= 4.2.0-4 @@ -83,7 +85,6 @@ Requires: %{_libexecdir}/virtiofsd Conflicts: kata-agent Conflicts: kata-ksm-throttler -Conflicts: kata-osbuilder Conflicts: kata-proxy Conflicts: kata-runtime Conflicts: kata-shim @@ -94,6 +95,14 @@ project and community working to build a standard implementation of lightweight Virtual Machines (VMs) that feel and perform like containers, but provide the workload isolation and security advantages of VMs. https://katacontainers.io/.} +%package tools +Summary: Kata Tools package +Requires: cargo +Requires: curl + +%description tools +This package contains the UVM osbuilder files + %prep %autosetup -p1 -n %{name}-%{version} @@ -131,10 +140,16 @@ export PATH=$PATH:$GOPATH/bin cd go/src/github.com/%{name}/%{name} -install -m 0644 -D -t %{buildroot}%{katalibexecdir} VERSION +install -m 0755 -D -t %{buildroot}%{katauvmdir} %{SOURCE3} +install -m 0644 -D -t %{buildroot}%{katauvmdir} VERSION +install -m 0644 -D -t %{buildroot}%{katauvmdir} versions.yaml +install -D -m 0644 ci/install_yq.sh %{buildroot}%{katauvmdir}/ci/install_yq.sh +sed -i 's#distro_config_dir="${script_dir}/${distro}#distro_config_dir="${script_dir}/cbl-mariner#g' tools/osbuilder/rootfs-builder/rootfs.sh pushd src/runtime %make_install %{runtime_make_vars} +sed -i -e "s|image = .*$|initrd = \"%{katainitrddir}/kata-containers-initrd.img\"|" %{buildroot}%{kataconfigdir}/configuration.toml +sed -i -e "s|kernel = .*$|kernel = \"%{kataclhdir}/vmlinux.bin\"|" %{buildroot}%{kataconfigdir}/configuration.toml popd pushd src/agent @@ -146,24 +161,21 @@ rm .gitignore rm rootfs-builder/.gitignore mkdir -p %{buildroot}%{katalocalstatecachedir} -install -m 0644 -D -t %{buildroot}%{_unitdir} %{SOURCE3} install -m 0755 -D -t %{buildroot}%{kataosbuilderdir} nsdax -install -m 0644 -D -t %{buildroot}%{kataosbuilderdir} %{SOURCE2} cp -aR rootfs-builder %{buildroot}%{kataosbuilderdir} cp -aR image-builder %{buildroot}%{kataosbuilderdir} cp -aR initrd-builder %{buildroot}%{kataosbuilderdir} cp -aR scripts %{buildroot}%{kataosbuilderdir} cp -aR dracut %{buildroot}%{kataosbuilderdir} +cp -aR Makefile %{buildroot}%{kataosbuilderdir} rm -f %{buildroot}%{kataosbuilderdir}/image-builder/nsdax.gpl.c -install -m 0644 -D -t %{buildroot}%{kataosbuilderdir}/dracut/dracut.conf.d/ %{SOURCE4} chmod +x %{buildroot}%{kataosbuilderdir}/scripts/lib.sh -chmod +x %{buildroot}%{kataosbuilderdir}/kata-osbuilder.sh popd # Install the CRI-O config drop-in file -install -m 0644 -D -t %{buildroot}%{_sysconfdir}/crio/crio.conf.d %{SOURCE5} +install -m 0644 -D -t %{buildroot}%{_sysconfdir}/crio/crio.conf.d %{SOURCE2} # Disable the image= option, so we use initrd= by default # The kernels kata-osbuilder creates are in /var/cache now, see rhbz#1792216 @@ -174,15 +186,6 @@ ln -sf %{_bindir}/containerd-shim-kata-v2 %{buildroot}%{_prefix}/local/bin/conta ln -sf %{_bindir}/kata-monitor %{buildroot}%{_prefix}/local/bin/kata-monitor ln -sf %{_bindir}/kata-runtime %{buildroot}%{_prefix}/local/bin/kata-runtime -%preun -%systemd_preun kata-osbuilder-generate.service - -%postun -%systemd_postun kata-osbuilder-generate.service - -%post -%systemd_post kata-osbuilder-generate.service - %files # runtime %{_bindir}/containerd-shim-kata-v2 @@ -194,26 +197,29 @@ ln -sf %{_bindir}/kata-runtime %{buildroot}%{_prefix}/local/bin/kata-runtime %{_prefix}/local/bin/kata-runtime %dir %{_datadir}/defaults/kata-containers/ %{_datadir}/defaults/kata-containers/configuration*.toml -%dir %{katalibexecdir} -%{katalibexecdir}/VERSION %{_datadir}/bash-completion/completions/kata-runtime %license LICENSE %doc CONTRIBUTING.md %doc README.md -#agent -%dir %{kataagentdir} -%{kataagentdir}/* +# CRI-O drop-in file +%{_sysconfdir}/crio/crio.conf.d/50-kata -#osbuilder +%files tools +# osbuilddir %dir %{kataosbuilderdir} %dir %{katalocalstatecachedir} - %{kataosbuilderdir}/* -%{_unitdir}/kata-osbuilder-generate.service -# CRI-O drop-in file -%{_sysconfdir}/crio/crio.conf.d/50-kata +# agent +%dir %{kataagentdir} +%{kataagentdir}/* + +%dir %{katauvmdir} +%{katauvmdir}/VERSION +%{katauvmdir}/versions.yaml +%{katauvmdir}/mariner-build-uvm.sh +%{katauvmdir}/ci/install_yq.sh # Remove some scripts we don't use %exclude %{kataosbuilderdir}/rootfs-builder/alpine @@ -224,6 +230,9 @@ ln -sf %{_bindir}/kata-runtime %{buildroot}%{_prefix}/local/bin/kata-runtime %exclude %{kataosbuilderdir}/rootfs-builder/ubuntu %changelog +* Wed Sep 27 2023 Dallas Delaney 3.1.0-7 +- Refactor UVM build script and add -tools subpackage + * Thu Sep 14 2023 Muhammad Falak - 3.1.0-6 - Introduce patch to drop mut for variables to unblock build diff --git a/SPECS/kata-containers/kata-osbuilder-generate.service b/SPECS/kata-containers/kata-osbuilder-generate.service deleted file mode 100644 index 79e0ea8bf16..00000000000 --- a/SPECS/kata-containers/kata-osbuilder-generate.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=Generate Kata appliance image for host kernel - -[Service] -Type=oneshot -ExecStart=/usr/libexec/kata-containers/osbuilder/kata-osbuilder.sh -c -k kernel-uvm -ExecReload=/usr/libexec/kata-containers/osbuilder/kata-osbuilder.sh -c -k kernel-uvm - -[Install] -WantedBy=kubelet.service diff --git a/SPECS/kata-containers/kata-osbuilder.sh b/SPECS/kata-containers/kata-osbuilder.sh deleted file mode 100644 index 7d66eee41b8..00000000000 --- a/SPECS/kata-containers/kata-osbuilder.sh +++ /dev/null @@ -1,292 +0,0 @@ -#!/bin/bash - -set -o errexit -set -o nounset -set -o pipefail - -[ -n "${DEBUG:-}" ] && set -o xtrace - -readonly IMAGE_TOPDIR="/var/cache/kata-containers" -readonly KERNEL_SYMLINK="${IMAGE_TOPDIR}/vmlinuz.container" -readonly SCRIPTNAME="$0" - -readonly DRACUT_ROOTFS=`mktemp --directory -t kata-dracut-rootfs-XXXXXX` -readonly DRACUT_IMAGES=`mktemp --directory -t kata-dracut-images-XXXXXX` -trap exit_handler EXIT - -readonly GENERATED_IMAGE="${DRACUT_IMAGES}/kata-containers.img" -readonly GENERATED_INITRD="${DRACUT_IMAGES}/kata-containers-initrd.img" - -readonly DISTRO="mariner" - - -KVERSION=`uname -r` -KERNEL_PATH="" -COMMAND="" -OSBUILDER_DIR="/usr/libexec/kata-containers/osbuilder" -GENERATE_IMAGE="" -AGENT_DIR_PREFIX="" - -# rpm %check sets this to run the script without overwriting host -# content, and not requiring root -TEST_MODE="${TEST_MODE:-}" - - -die() -{ - error "$*" - exit 1 -} - - -error() -{ - echo "ERROR: ${SCRIPTNAME}: $*" >&2 -} - - -info() -{ - echo "${SCRIPTNAME}: $*" -} - - -exit_handler() -{ - rm -rf "${DRACUT_ROOTFS}" "${DRACUT_IMAGES}" -} - - -usage() -{ - cat <> $loadfile - done -} - - -generate_rootfs() -{ - # To generate the rootfs, we build an initrd with dracut, extract - # the initrd content, and then discard the initrd. We then rebuild - # the initrd using the osbuilder native scripts. - # - # This is a bit wasteful, but it's the easiest way to work around - # obuilder script inflexibility for now, which expect that some rootfs.sh - # code is called on a fully populated distro root. - - local agent_dir="${AGENT_DIR_PREFIX}/usr/libexec/kata-containers/agent" - - if [ -n "${TEST_MODE}" ] ; then - nsdax_bin="${OSBUILDER_DIR}/nsdax" - fi - - local agent_source_bin="${agent_dir}/usr/bin/kata-agent" - local osbuilder_version="${DISTRO}-osbuilder-version-unknown" - local dracut_conf_dir="./dracut/dracut.conf.d" - local tmp_initrd=`mktemp --tmpdir=${DRACUT_IMAGES}` - unlink "$tmp_initrd" - - # Build the initrd - echo -e "+ Building dracut initrd" - dracut \ - --confdir "${dracut_conf_dir}" \ - --no-compress \ - ${tmp_initrd} ${KVERSION} - - # Extract the generated rootfs - echo "+ Extracting dracut initrd rootfs" - cat ${tmp_initrd} | \ - cpio --extract --preserve-modification-time --make-directories --directory=${DRACUT_ROOTFS} - - # Using the busybox dracut module sets /sbin/init -> busybox - # We don't want that. Reset it to systemd - ln -sf ../lib/systemd/systemd ${DRACUT_ROOTFS}/usr/sbin/init - - echo "+ Copying agent directory tree into place" - cp -ar ${agent_dir}/* ${DRACUT_ROOTFS} - - # Make kata specific adjustments to our rootfs - echo "Calling osbuilder rootfs.sh on extracted rootfs" - AGENT_SOURCE_BIN="${agent_source_bin}" RUST_AGENT="yes" \ - ./rootfs-builder/rootfs.sh \ - -o ${osbuilder_version} \ - -r ${DRACUT_ROOTFS} - - # Generate modules-load.d file - generate_modules_load_conf -} - - -move_images() -{ - # Move images into place - local image_osbuilder_dir="${IMAGE_TOPDIR}/osbuilder-images" - local image_dir="${image_osbuilder_dir}/$KVERSION" - local initrd_dest_path="${image_dir}/${DISTRO}-kata-${KVERSION}.initrd" - local image_dest_path="${image_dir}/${DISTRO}-kata-${KVERSION}.img" - local image_dest_link="${IMAGE_TOPDIR}/kata-containers.img" - - # This blows away the entire osbuilder-images/ dir, deleting any - # previously cached content - rm -rf "${image_osbuilder_dir}" - mkdir -p "${image_dir}" - - ln -sf ${KERNEL_PATH} ${KERNEL_SYMLINK} - - mv -Z ${GENERATED_INITRD} ${initrd_dest_path} - ln -sf ${initrd_dest_path} ${IMAGE_TOPDIR}/kata-containers-initrd.img - - if [ -n "${GENERATE_IMAGE}" ]; then - mv -Z ${GENERATED_IMAGE} ${image_dest_path} - ln -sf ${image_dest_path} ${image_dest_link} - else - rm -f ${image_dest_link} - fi -} - -update_config() -{ - local image_osbuilder_dir="${IMAGE_TOPDIR}/osbuilder-images" - local image_dir="${image_osbuilder_dir}/$KVERSION" - local initrd_dest_path="${image_dir}/${DISTRO}-kata-${KVERSION}.initrd" - sed -i -e "s|kernel = .*$|kernel = \"/usr/share/cloud-hypervisor/vmlinux.bin\"|" /usr/share/defaults/kata-containers/configuration.toml - sed -i -e "s|image = .*$|initrd = \"$initrd_dest_path\"|" /usr/share/defaults/kata-containers/configuration.toml -} - - - -main() -{ - parse_args $* - - if [ -z "${TEST_MODE}" ]; then - [ "$(id -u)" -eq 0 ] || die "$0: must be run as root" - fi - - find_host_kernel_path - - cd "${OSBUILDER_DIR}" - - # Generate the rootfs using dracut - generate_rootfs - - if [ -n "${TEST_MODE}" ]; then - echo "+ Exiting TEST_MODE successfully" - return - fi - - # Build the initrd - echo "+ Calling osbuilder initrd_builder.sh" - ./initrd-builder/initrd_builder.sh -o ${GENERATED_INITRD} ${DRACUT_ROOTFS} - - if [ -n "${GENERATE_IMAGE}" ]; then - # Build the FS image - local nsdax_bin="/usr/libexec/kata-containers/osbuilder/nsdax" - echo "+ Calling osbuilder image_builder.sh" - NSDAX_BIN="${nsdax_bin}" \ - ./image-builder/image_builder.sh \ - -o ${GENERATED_IMAGE} ${DRACUT_ROOTFS} - fi - - move_images - update_config -} - - -main $* diff --git a/SPECS/kata-containers/mariner-build-uvm.sh b/SPECS/kata-containers/mariner-build-uvm.sh new file mode 100755 index 00000000000..3683db87f61 --- /dev/null +++ b/SPECS/kata-containers/mariner-build-uvm.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +readonly SCRIPT_DIR=$(dirname "$(readlink -f "$0")") +readonly OSBUILDER_DIR=${SCRIPT_DIR}/tools/osbuilder +readonly ROOTFS_DIR=${SCRIPT_DIR}/tools/osbuilder/rootfs-builder/rootfs-cbl-mariner +readonly INITRD_DIR="/var/cache/kata-containers/osbuilder-images/kernel-uvm" + +export AGENT_SOURCE_BIN=${SCRIPT_DIR}/agent/usr/bin/kata-agent + +rm -rf ${ROOTFS_DIR} + +# build rootfs +pushd ${OSBUILDER_DIR} +sudo make clean +rm -rf ${ROOTFS_DIR} +sudo -E PATH=$PATH make -B DISTRO=cbl-mariner rootfs +popd + +# copy service files +cp ${SCRIPT_DIR}/agent/usr/lib/systemd/system/kata-containers.target ${ROOTFS_DIR}/usr/lib/systemd/system/kata-containers.target +cp ${SCRIPT_DIR}/agent/usr/lib/systemd/system/kata-agent.service ${ROOTFS_DIR}/usr/lib/systemd/system/kata-agent.service + +# build initrd +pushd ${OSBUILDER_DIR} +sudo -E PATH=$PATH make DISTRO=cbl-mariner TARGET_ROOTFS=${ROOTFS_DIR} initrd +popd diff --git a/SPECS/kernel-mshv/0001-Implement-dom0-kernel-patch-for-loader-as-of-0524.patch b/SPECS/kernel-mshv/0001-Implement-dom0-kernel-patch-for-loader-as-of-0524.patch deleted file mode 100644 index dcd27631d35..00000000000 --- a/SPECS/kernel-mshv/0001-Implement-dom0-kernel-patch-for-loader-as-of-0524.patch +++ /dev/null @@ -1,625 +0,0 @@ -From 705afe2302e591761333f0571f44affdc18bee32 Mon Sep 17 00:00:00 2001 -From: Cameron Baird -Date: Wed, 24 May 2023 16:08:14 -0700 -Subject: [PATCH] Implement dom0 kernel patch for loader as of 0524 - ---- - arch/x86/include/uapi/asm/bootparam.h | 1 + - arch/x86/kernel/cpu/mshyperv.c | 86 +++++- - drivers/firmware/efi/libstub/Makefile | 3 + - drivers/firmware/efi/libstub/efi-mshv.h | 83 ++++++ - drivers/firmware/efi/libstub/x86-efi-mshv.c | 302 ++++++++++++++++++++ - drivers/firmware/efi/libstub/x86-stub.c | 10 + - include/linux/efi.h | 2 + - 7 files changed, 481 insertions(+), 6 deletions(-) - create mode 100644 drivers/firmware/efi/libstub/efi-mshv.h - create mode 100644 drivers/firmware/efi/libstub/x86-efi-mshv.c - -diff --git a/arch/x86/include/uapi/asm/bootparam.h b/arch/x86/include/uapi/asm/bootparam.h -index b25d3f82c2f3..d8833cac7127 100644 ---- a/arch/x86/include/uapi/asm/bootparam.h -+++ b/arch/x86/include/uapi/asm/bootparam.h -@@ -10,6 +10,7 @@ - #define SETUP_EFI 4 - #define SETUP_APPLE_PROPERTIES 5 - #define SETUP_JAILHOUSE 6 -+#define SETUP_MSHV 7 - - #define SETUP_INDIRECT (1<<31) - -diff --git a/arch/x86/kernel/cpu/mshyperv.c b/arch/x86/kernel/cpu/mshyperv.c -index 90cd5fdd17c4..39dcfd2854b4 100644 ---- a/arch/x86/kernel/cpu/mshyperv.c -+++ b/arch/x86/kernel/cpu/mshyperv.c -@@ -41,6 +41,7 @@ bool hv_root_partition; - /* Is Linux running on nested Microsoft Hypervisor */ - bool hv_nested; - struct ms_hyperv_info ms_hyperv; -+bool mshv_loader_new; - - #if IS_ENABLED(CONFIG_HYPERV) - static void (*mshv_handler)(void); -@@ -363,19 +364,71 @@ static void __init hv_smp_prepare_cpus(unsigned int max_cpus) - #endif /* #if defined(CONFIG_SMP) && IS_ENABLED(CONFIG_HYPERV) */ - - #define HV_MAX_RESVD_RANGES 32 --static int hv_resvd_ranges[HV_MAX_RESVD_RANGES] = -- {[0 ... HV_MAX_RESVD_RANGES-1] = -1}; -+static int hv_resvd_ranges[HV_MAX_RESVD_RANGES] = { -+ [0 ... HV_MAX_RESVD_RANGES-1] = -1}; - static struct resource hv_mshv_res[HV_MAX_RESVD_RANGES]; -+static u32 ranges_nr; - - /* -- * parse eg "hyperv_resvd=3,7,20" where 3, 7, and 20 are indexes into the e820 -- * table for ranges that are reserved by the loader for the hypervisor -+ * Parse "hyperv_resvd=,
", specifying a memory block that -+ * contains an array of memory ranges that are reserved by the loader for the -+ * hypervisor. -+ */ -+static int __init hv_parse_hyperv_resvd_new(char *arg) -+{ -+ struct resource *data; -+ int data_sz; -+ unsigned long long pa_data; -+ int result; -+ -+ mshv_loader_new = true; -+ -+ result = get_option(&arg, &data_sz); -+ /* Make sure format is correct ,
*/ -+ if (result != 2) { -+ pr_err("Hyper-V: Invalid 'hyperv_resvd=,
' format\n"); -+ BUG_ON(true); -+ } -+ -+ pa_data = simple_strtoull(arg, NULL, 16); -+ if (!pa_data || (data_sz % sizeof(struct resource))) { -+ pr_err("Hyper-V: Invalid hyperv_resvd parameters\n"); -+ BUG_ON(true); -+ } -+ -+ ranges_nr = data_sz / sizeof(struct resource); -+ if (ranges_nr > HV_MAX_RESVD_RANGES) { -+ pr_err("Hyper-V: too many reserved ranges %d, max %d!\n", -+ ranges_nr, HV_MAX_RESVD_RANGES); -+ /* -+ * Might as well stop here when it is very clear what the issue is. -+ * Continue booting without marking all mshv ranges as reserved -+ * will crash at a random place, during boot, and be more -+ * challenging to root-cause. -+ */ -+ BUG_ON(true); -+ } -+ -+ data = early_memremap(pa_data, data_sz); -+ memcpy(hv_mshv_res, data, data_sz); -+ early_memunmap(data, data_sz); -+ -+ return 0; -+} -+early_param("hyperv_resvd_new", hv_parse_hyperv_resvd_new); -+ -+/* -+ * Parse "hyperv_resvd=,,...", specifying a memory block that -+ * contains an array of memory ranges that are reserved by the loader for the -+ * hypervisor. - */ - static int __init hv_parse_hyperv_resvd(char *arg) - { - int idx, max = ARRAY_SIZE(hv_resvd_ranges); - int i = 0; - -+ mshv_loader_new = false; -+ - if (is_kdump_kernel()) - return 0; - -@@ -427,6 +480,23 @@ static void __init hv_resv_mshv_memory(void) - hv_mshv_res[i].flags = IORESOURCE_BUSY | IORESOURCE_SYSTEM_RAM; - hv_mshv_res[i].start = start; - hv_mshv_res[i].end = end; -+ memblock_reserve(start, end - start + 1); -+ } -+} -+ -+/* -+ * Log memory ranges that the hypervisor uses. The ranges are marked -+ * by a custom bootloader. -+ */ -+static void __init hv_dump_mshv_memory(void) -+{ -+ u64 start, end; -+ int i; -+ -+ for (i = 0; i < ranges_nr; i++) { -+ start = hv_mshv_res[i].start; -+ end = hv_mshv_res[i].end; -+ pr_info("Hyper-V reserve [mem %#018Lx-%#018Lx]\n", start, end); - } - } - -@@ -522,8 +592,12 @@ static void __init ms_hyperv_init_platform(void) - hv_root_partition = true; - pr_info("Hyper-V: running as root partition\n"); - -- /* very first thing, reserve exclusive hypervisor memory */ -- hv_resv_mshv_memory(); -+ -+ /* very first thing, reserve and/or log exclusive hypervisor memory */ -+ if (mshv_loader_new) -+ hv_dump_mshv_memory(); -+ else -+ hv_resv_mshv_memory(); - } - - if (ms_hyperv.hints & HV_X64_HYPERV_NESTED) { -diff --git a/drivers/firmware/efi/libstub/Makefile b/drivers/firmware/efi/libstub/Makefile -index 2c67f71f2375..b5c4d0c6d8cf 100644 ---- a/drivers/firmware/efi/libstub/Makefile -+++ b/drivers/firmware/efi/libstub/Makefile -@@ -77,6 +77,9 @@ lib-$(CONFIG_ARM) += arm32-stub.o - lib-$(CONFIG_ARM64) += arm64-stub.o - lib-$(CONFIG_X86) += x86-stub.o - lib-$(CONFIG_RISCV) += riscv-stub.o -+ifdef CONFIG_X86_64 -+lib-$(CONFIG_MSHV_ROOT) += x86-efi-mshv.o -+endif - CFLAGS_arm32-stub.o := -DTEXT_OFFSET=$(TEXT_OFFSET) - - # Even when -mbranch-protection=none is set, Clang will generate a -diff --git a/drivers/firmware/efi/libstub/efi-mshv.h b/drivers/firmware/efi/libstub/efi-mshv.h -new file mode 100644 -index 000000000000..2db152bb39ee ---- /dev/null -+++ b/drivers/firmware/efi/libstub/efi-mshv.h -@@ -0,0 +1,83 @@ -+/* SPDX-License-Identifier: GPL-2.0 */ -+ -+#ifndef _DRIVERS_FIRMWARE_EFI_MSHV_H -+#define _DRIVERS_FIRMWARE_EFI_MSHV_H -+ -+#if !IS_ENABLED(CONFIG_MSHV_ROOT) -+#ifdef CONFIG_X86_64 -+static inline void mshv_efi_setup(struct boot_params *boot_params) -+{ -+ return EFI_SUCCESS; -+} -+ -+static inline efi_status_t mshv_set_efi_rt_range(struct efi_boot_memmap *map) -+{ -+ return EFI_SUCCESS; -+} -+ -+static inline void mshv_launch(void) {} -+#endif /* CONFIG_X86_64 */ -+#else /* !CONFIG_MSHV_ROOT */ -+ -+#ifdef CONFIG_X86_64 -+void mshv_efi_setup(struct boot_params *boot_params); -+efi_status_t mshv_set_efi_rt_range(struct efi_boot_memmap *map); -+void mshv_launch(void); -+#endif /* CONFIG_X86_64 */ -+ -+struct hvl_dbg_data { -+ u8 unused[552]; -+} __packed; -+ -+struct hvl_launch_data { -+ u64 launch_status; -+ u64 launch_substatus1; -+} __packed; -+ -+struct hvl_load_data { -+ u32 is_unsafe_config:1; -+ u32 reserved:31; -+} __packed; -+ -+struct hvl_return_data { -+ u32 crash_dump_area_page_count; -+ u32 unused; -+ u64 crashdump_area_spa; -+ union { -+ struct hvl_launch_data launch_data; -+ struct hvl_load_data load_data; -+ }; -+ struct hvl_dbg_data debug_data; -+ void *spa_page_range_array; -+ u32 range_count; -+ -+ struct -+ { -+ u32 base_checksum; -+ u32 base_timestamp; -+ u32 patch_checksum; -+ u32 patch_timestamp; -+ u32 base_hpat_entries_used; -+ u32 patch_hpat_entries_used; -+ u32 patch_sequence_number; -+ } patch_details; -+} __packed; -+ -+typedef struct efi_hvloader_protocol efi_hvloader_protocol_t; -+ -+struct efi_hvloader_protocol { -+ void (__efiapi * launch_hv)(void *, struct hvl_return_data *); -+ efi_status_t (__efiapi * register_range)(u64, u64); -+ efi_status_t (__efiapi * get_memory_map)(unsigned long *, void *, -+ unsigned long *, -+ unsigned long *, u32 *); -+ efi_status_t (__efiapi * get_hv_ranges)(void **, -+ unsigned long *, -+ unsigned long *); -+ efi_status_t (__efiapi * get_loader_init_status)(void); -+ efi_char16_t *(__efiapi * get_next_log_msg)(size_t *); -+}; -+ -+#endif /* CONFIG_MSHV_ROOT */ -+ -+#endif /* !_DRIVERS_FIRMWARE_EFI_MSHV_H */ -diff --git a/drivers/firmware/efi/libstub/x86-efi-mshv.c b/drivers/firmware/efi/libstub/x86-efi-mshv.c -new file mode 100644 -index 000000000000..63c5fa368130 ---- /dev/null -+++ b/drivers/firmware/efi/libstub/x86-efi-mshv.c -@@ -0,0 +1,302 @@ -+// SPDX-License-Identifier: GPL-2.0-only -+ -+#include -+ -+#include "efistub.h" -+#include "efi-mshv.h" -+ -+/* Initial number of MSHV reserved ranges, extended as needed */ -+#define MSHV_RESERVED_RANGES_COUNT 16 -+ -+typedef struct mshv_setup_data { -+ struct setup_data sd; -+ struct setup_indirect si; -+} __packed setup_data_block; -+ -+static efi_hvloader_protocol_t *efi_mshv; -+ -+static inline void __noreturn efistub_reboot(const char *fmt, ...) -+{ -+ va_list args; -+ -+ va_start(args, fmt); -+ efi_printk(fmt, args); -+ va_end(args); -+ -+ efi_bs_call(stall, 5 * EFI_USEC_PER_SEC); -+ efi_rt_call(reset_system, EFI_RESET_COLD, EFI_ABORTED, 0, NULL); -+} -+ -+static int mshv_realloc_ranges(struct resource **data, -+ unsigned long *data_sz, int nr_ranges) -+{ -+ struct resource *new_data; -+ unsigned long new_sz; -+ int status; -+ -+ new_sz = sizeof(struct resource) * nr_ranges; -+ status = efi_bs_call(allocate_pool, EFI_LOADER_DATA, new_sz, -+ (void **)&new_data); -+ if (status != EFI_SUCCESS) { -+ efi_err("mshv failed to allocate setup_data\n"); -+ return status; -+ } -+ -+ memset(new_data, 0, new_sz); -+ if (*data) { -+ memcpy(new_data, *data, *data_sz); -+ efi_bs_call(free_pool, *data); -+ } -+ -+ *data = new_data; -+ *data_sz = new_sz; -+ -+ return EFI_SUCCESS; -+} -+ -+static efi_status_t mshv_populate_ranges(struct boot_params *boot_params, -+ void *mshv_reserved, unsigned long mshv_reserved_sz) -+{ -+ unsigned long cmdline_ptr; -+ u32 cmdline_size; -+ u32 cmdline_len; -+ static u8 mshv_cmdline[COMMAND_LINE_SIZE]; -+ -+ if (!efi_mshv) -+ return EFI_SUCCESS; -+ -+ memset(mshv_cmdline, 0, sizeof(mshv_cmdline)); -+ -+ cmdline_ptr = boot_params->hdr.cmd_line_ptr; -+ cmdline_ptr |= (u64)boot_params->ext_cmd_line_ptr << 32; -+ cmdline_size = boot_params->hdr.cmdline_size; -+ -+ cmdline_len = strnlen((const char *)cmdline_ptr, cmdline_size); -+ if (cmdline_len >= sizeof(mshv_cmdline)) -+ return EFI_BUFFER_TOO_SMALL; -+ memcpy(mshv_cmdline, (void *)cmdline_ptr, cmdline_len); -+ -+ /* -+ * Create the 'hyperv_resvd_new' command line option: -+ * 'hyperv_resvd_new=,
' -+ */ -+ cmdline_len += snprintf(&mshv_cmdline[cmdline_len], -+ sizeof(mshv_cmdline)-cmdline_len, -+ " hyperv_resvd_new=%d,0x%p", -+ mshv_reserved_sz, mshv_reserved); -+ -+ if (cmdline_len >= sizeof(mshv_cmdline) - 1) -+ return EFI_BUFFER_TOO_SMALL; -+ -+ boot_params->hdr.cmd_line_ptr = (u32)((unsigned long)mshv_cmdline); -+ boot_params->ext_cmd_line_ptr = (u32)((unsigned long)mshv_cmdline >> 32); -+ boot_params->hdr.cmdline_size = sizeof(mshv_cmdline); -+ -+ return EFI_SUCCESS; -+} -+ -+/* -+ * Prepare for running as root partition with mshv. -+ * - Open the hypervisor loader EFI protocol, used for launching mshv after -+ * 'exit boot services'. -+ * - Get mshv reserved memory ranges from the loader, and populates those -+ * via a command line parameter 'hyperv_resvd_new'. -+ * If mshv_efi_setup() fails, boot continues as a bare-metal boot. -+ */ -+void mshv_efi_setup(struct boot_params *boot_params) -+{ -+ struct setup_data **setup_data_itr; -+ setup_data_block *sd_block; -+ static efi_guid_t hv_proto_guid = EFI_MSHV_MEDIA_PROTOCOL_GUID; -+ efi_memory_desc_t *mem_map; -+ unsigned long map_sz, key, desc_sz, setup_data_sz; -+ u32 desc_ver; -+ u64 start, end; -+ struct resource *mshv_range, *prev; -+ struct resource *mshv_reserved; -+ unsigned long mshv_reserved_sz; -+ u32 nr_desc; -+ int i, nr_ranges, max_ranges; -+ efi_status_t status; -+ -+ mem_map = NULL; -+ mshv_reserved = NULL; -+ -+ status = efi_bs_call(locate_protocol, -+ &hv_proto_guid, NULL, (void **)&efi_mshv); -+ if (status == EFI_NOT_FOUND) { -+ /* If the protocol is not installed, we are in a standard Linux boot */ -+ status = EFI_SUCCESS; -+ goto cleanup; -+ } else if (status != EFI_SUCCESS) -+ efistub_reboot("LocateProtocol failed " -+ "unexpectedly with code %d", status); -+ -+ status = efi_mshv->get_loader_init_status(); -+ if (status != EFI_SUCCESS) -+ efistub_reboot("mshv protocol installed but seems to " -+ "have failed with code %d", status); -+ -+ /* -+ * Get mshv memory map to figure out mshv reserved ranges. -+ */ -+ -+ map_sz = 0; -+ status = efi_mshv->get_hv_ranges((void *)&mem_map, &map_sz, &desc_sz); -+ if (status != EFI_SUCCESS) -+ efistub_reboot("failed to retrieve mshv ranges: error code %d", -+ status); -+ -+ /* -+ * Build an array of kernel 'struct resource' objects that contain mshv -+ * reserved ranges. This array is populated via a command line parameter -+ * called 'hyperv_resvd_new'. -+ */ -+ -+ status = mshv_realloc_ranges(&mshv_reserved, &mshv_reserved_sz, -+ MSHV_RESERVED_RANGES_COUNT); -+ if (status != EFI_SUCCESS) -+ efistub_reboot("failed to allocate space for hv ranges with code %d", -+ status); -+ -+ max_ranges = MSHV_RESERVED_RANGES_COUNT; -+ mshv_range = mshv_reserved; -+ prev = NULL; -+ nr_desc = map_sz / desc_sz; -+ for (i = 0, nr_ranges = 0; i < nr_desc; i++) { -+ efi_memory_desc_t *d; -+ -+ d = efi_early_memdesc_ptr(mem_map, desc_sz, i); -+ -+ /* Merge adjacent ranges */ -+ if (prev && ((prev->end + 1) == d->phys_addr)) { -+ prev->end += (d->num_pages << PAGE_SHIFT); -+ continue; -+ } -+ -+ mshv_range->name = "Hypervisor Code and Data"; -+ mshv_range->flags = IORESOURCE_BUSY | IORESOURCE_SYSTEM_RAM; -+ mshv_range->start = d->phys_addr; -+ mshv_range->end = d->phys_addr + (d->num_pages << PAGE_SHIFT) - 1; -+ -+ prev = mshv_range++; -+ nr_ranges++; -+ if (nr_ranges >= max_ranges) { -+ /* Extend the array to accommodate more ranges */ -+ max_ranges += MSHV_RESERVED_RANGES_COUNT; -+ status = mshv_realloc_ranges(&mshv_reserved, &mshv_reserved_sz, -+ max_ranges); -+ if (status != EFI_SUCCESS) -+ efistub_reboot("failed to allocate space for " -+ "hv ranges with code %d", status); -+ -+ prev = &mshv_reserved[nr_ranges-1]; -+ mshv_range = prev + 1; -+ } -+ } -+ -+ status = mshv_populate_ranges(boot_params, mshv_reserved, -+ nr_ranges * sizeof(struct resource)); -+ if (status != EFI_SUCCESS) -+ efistub_reboot("failed to allocate space for hv ranges with code %d", -+ status); -+ -+ /* Build an indirect setup_data for each mshv reserved range. */ -+ status = efi_bs_call(allocate_pool, EFI_LOADER_DATA, -+ nr_ranges * sizeof(setup_data_block), -+ (void **)&sd_block); -+ if (status != EFI_SUCCESS) -+ efistub_reboot("failed to allocate space for " -+ "hv ranges: error code %d", status); -+ -+ memset((void *)sd_block, 0, nr_ranges * sizeof(setup_data_block)); -+ setup_data_itr = (struct setup_data **)&boot_params->hdr.setup_data; -+ -+ while (*setup_data_itr && (*setup_data_itr)->next) -+ setup_data_itr = (struct setup_data **)&(*setup_data_itr)->next; -+ -+ *setup_data_itr = (struct setup_data *)sd_block; -+ -+ for (i = 0; i < nr_ranges; i++) { -+ start = mshv_reserved[i].start; -+ end = mshv_reserved[i].end; -+ -+ sd_block[i].sd.type = SETUP_INDIRECT; -+ sd_block[i].sd.len = sizeof(struct setup_indirect); -+ sd_block[i].sd.next = &sd_block[i + 1]; -+ -+ sd_block[i].si.type = SETUP_MSHV; -+ sd_block[i].si.reserved = 0; -+ sd_block[i].si.len = end - start + 1; -+ sd_block[i].si.addr = start; -+ } -+ -+ /* -+ * Remove the trailing 'next' pointer which is currently -+ * outside of the setup_data_block buffer. -+ */ -+ -+ sd_block[nr_ranges - 1].sd.next = NULL; -+ -+cleanup: -+ if (mem_map) -+ efi_bs_call(free_pool, mem_map); -+ -+ if (status != EFI_SUCCESS) { -+ if (mshv_reserved) -+ efi_bs_call(free_pool, mshv_reserved); -+ efi_mshv = NULL; -+ } -+} -+ -+efi_status_t mshv_set_efi_rt_range(struct efi_boot_memmap *map) -+{ -+ u32 nr_desc; -+ int i; -+ efi_status_t status; -+ -+ if (!efi_mshv) -+ return EFI_SUCCESS; -+ -+ nr_desc = *map->map_size / *map->desc_size; -+ -+ for (i = 0; i < nr_desc; i++) { -+ efi_memory_desc_t *d; -+ -+ d = efi_early_memdesc_ptr(*map->map, *map->desc_size, i); -+ switch (d->type) { -+ case EFI_RUNTIME_SERVICES_CODE: -+ case EFI_RUNTIME_SERVICES_DATA: -+ status = efi_mshv->register_range(d->phys_addr >> PAGE_SHIFT, -+ d->num_pages); -+ if (status != EFI_SUCCESS) -+ return status; -+ break; -+ } -+ } -+ -+ return EFI_SUCCESS; -+} -+ -+/* -+ * Launch mshv, if enabled -+ * -+ * If launching hypervsior fails, we let it boot as bare-metal since we -+ * cannot return to boot loader after we exited boot services! -+ * To get more information about the failure, the HV loader's internal -+ * logging can be used, which is exposed via efi_hv->get_next_log_msg(...). -+ * -+ */ -+void mshv_launch(void) -+{ -+ struct hvl_return_data ret; -+ -+ if (!efi_mshv) -+ return; -+ -+ efi_mshv->launch_hv(NULL, &ret); -+ /* TODO: Where/how do we dump the hv loader logs? */ -+ if (ret.launch_data.launch_status != 0) -+ efi_rt_call(reset_system, EFI_RESET_COLD, EFI_ABORTED, 0, NULL); -+} -+ -diff --git a/drivers/firmware/efi/libstub/x86-stub.c b/drivers/firmware/efi/libstub/x86-stub.c -index 72162645b553..7dd205704be5 100644 ---- a/drivers/firmware/efi/libstub/x86-stub.c -+++ b/drivers/firmware/efi/libstub/x86-stub.c -@@ -17,6 +17,7 @@ - #include - - #include "efistub.h" -+#include "efi-mshv.h" - - /* Maximum physical address for 64-bit kernel with 4-level paging */ - #define MAXMEM_X86_64_4LEVEL (1ull << 46) -@@ -665,6 +666,11 @@ static efi_status_t exit_boot(struct boot_params *boot_params, void *handle) - if (status != EFI_SUCCESS) - return status; - -+ /* Notify hypervisor of efi runtime services pages */ -+ status = mshv_set_efi_rt_range(&map); -+ if (status != EFI_SUCCESS) -+ return status; -+ - return EFI_SUCCESS; - } - -@@ -796,6 +802,8 @@ unsigned long efi_main(efi_handle_t handle, - /* Ask the firmware to clear memory on unclean shutdown */ - efi_enable_reset_attack_mitigation(); - -+ mshv_efi_setup(boot_params); -+ - efi_random_get_seed(); - - efi_retrieve_tpm2_eventlog(); -@@ -812,6 +820,8 @@ unsigned long efi_main(efi_handle_t handle, - goto fail; - } - -+ mshv_launch(); -+ - return bzimage_addr; - fail: - efi_err("efi_main() failed!\n"); -diff --git a/include/linux/efi.h b/include/linux/efi.h -index 5598fc348c69..c9f2dda148a3 100644 ---- a/include/linux/efi.h -+++ b/include/linux/efi.h -@@ -347,6 +347,8 @@ void efi_native_runtime_setup(void); - #define EFI_CERT_X509_GUID EFI_GUID(0xa5c059a1, 0x94e4, 0x4aa7, 0x87, 0xb5, 0xab, 0x15, 0x5c, 0x2b, 0xf0, 0x72) - #define EFI_CERT_X509_SHA256_GUID EFI_GUID(0x3bd2a492, 0x96c0, 0x4079, 0xb4, 0x20, 0xfc, 0xf9, 0x8e, 0xf1, 0x03, 0xed) - -+#define EFI_MSHV_MEDIA_PROTOCOL_GUID EFI_GUID(0x098d423a, 0x6ca5, 0x4ad4, 0x90, 0xfa, 0x72, 0xc3, 0xce, 0x22, 0xc8, 0xd0) -+ - /* - * This GUID is used to pass to the kernel proper the struct screen_info - * structure that was populated by the stub based on the GOP protocol instance --- -2.25.1 - diff --git a/SPECS/kernel-mshv/config b/SPECS/kernel-mshv/config index 123b4d36322..02fb048559d 100644 --- a/SPECS/kernel-mshv/config +++ b/SPECS/kernel-mshv/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.15.110.mshv2 Kernel Configuration +# Linux/x86_64 5.15.126.mshv3 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -489,6 +489,8 @@ CONFIG_RETHUNK=y CONFIG_CPU_UNRET_ENTRY=y CONFIG_CPU_IBPB_ENTRY=y CONFIG_CPU_IBRS_ENTRY=y +CONFIG_CPU_SRSO=y +# CONFIG_GDS_FORCE_MITIGATION is not set CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y CONFIG_USE_PERCPU_NUMA_NODE_ID=y @@ -638,27 +640,8 @@ CONFIG_AMD_NB=y # end of Binary Emulations CONFIG_HAVE_KVM=y -CONFIG_HAVE_KVM_IRQCHIP=y -CONFIG_HAVE_KVM_IRQFD=y -CONFIG_HAVE_KVM_IRQ_ROUTING=y -CONFIG_HAVE_KVM_EVENTFD=y -CONFIG_KVM_MMIO=y -CONFIG_KVM_ASYNC_PF=y -CONFIG_HAVE_KVM_MSI=y -CONFIG_HAVE_KVM_CPU_RELAX_INTERCEPT=y -CONFIG_KVM_VFIO=y -CONFIG_KVM_GENERIC_DIRTYLOG_READ_PROTECT=y -CONFIG_HAVE_KVM_IRQ_BYPASS=y -CONFIG_HAVE_KVM_NO_POLL=y -CONFIG_KVM_XFER_TO_GUEST_WORK=y -CONFIG_HAVE_KVM_PM_NOTIFIER=y CONFIG_VIRTUALIZATION=y -CONFIG_KVM=m -CONFIG_KVM_WERROR=y -CONFIG_KVM_INTEL=m -CONFIG_KVM_AMD=m -# CONFIG_KVM_XEN is not set -# CONFIG_KVM_MMU_AUDIT is not set +# CONFIG_KVM is not set CONFIG_AS_AVX512=y CONFIG_AS_SHA1_NI=y CONFIG_AS_SHA256_NI=y @@ -680,7 +663,6 @@ CONFIG_UPROBES=y CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y CONFIG_ARCH_USE_BUILTIN_BSWAP=y CONFIG_KRETPROBES=y -CONFIG_USER_RETURN_NOTIFIER=y CONFIG_HAVE_IOREMAP_PROT=y CONFIG_HAVE_KPROBES=y CONFIG_HAVE_KRETPROBES=y @@ -696,6 +678,7 @@ CONFIG_GENERIC_SMP_IDLE_THREAD=y CONFIG_ARCH_HAS_FORTIFY_SOURCE=y CONFIG_ARCH_HAS_SET_MEMORY=y CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_ARCH_HAS_CPU_FINALIZE_INIT=y CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y CONFIG_ARCH_WANTS_NO_INSTR=y @@ -872,7 +855,6 @@ CONFIG_BFQ_GROUP_IOSCHED=y # CONFIG_BFQ_CGROUP_DEBUG is not set # end of IO Schedulers -CONFIG_PREEMPT_NOTIFIERS=y CONFIG_ASN1=y CONFIG_INLINE_SPIN_UNLOCK_IRQ=y CONFIG_INLINE_READ_UNLOCK=y @@ -1463,7 +1445,6 @@ CONFIG_BRIDGE_VLAN_FILTERING=y CONFIG_VLAN_8021Q=m CONFIG_VLAN_8021Q_GVRP=y CONFIG_VLAN_8021Q_MVRP=y -# CONFIG_DECNET is not set CONFIG_LLC=m # CONFIG_LLC2 is not set # CONFIG_ATALK is not set @@ -1901,7 +1882,6 @@ CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 # CONFIG_BLK_DEV_CRYPTOLOOP is not set # CONFIG_BLK_DEV_DRBD is not set # CONFIG_BLK_DEV_NBD is not set -# CONFIG_BLK_DEV_SX8 is not set CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_COUNT=16 CONFIG_BLK_DEV_RAM_SIZE=4096 @@ -2061,7 +2041,7 @@ CONFIG_SCSI_MVSAS=m CONFIG_SCSI_MVSAS_DEBUG=y CONFIG_SCSI_MVSAS_TASKLET=y CONFIG_SCSI_MVUMI=m -CONFIG_SCSI_DPT_I2O=m +# CONFIG_SCSI_DPT_I2O is not set CONFIG_SCSI_ADVANSYS=m CONFIG_SCSI_ARCMSR=m CONFIG_SCSI_ESAS2R=m @@ -3661,7 +3641,6 @@ CONFIG_MFD_INTEL_LPSS_PCI=m # CONFIG_MFD_VIPERBOARD is not set # CONFIG_MFD_RETU is not set # CONFIG_MFD_PCF50633 is not set -# CONFIG_UCB1400_CORE is not set # CONFIG_MFD_RDC321X is not set # CONFIG_MFD_RT4831 is not set # CONFIG_MFD_RT5033 is not set @@ -3812,7 +3791,6 @@ CONFIG_USB_GSPCA=m # CONFIG_USB_ZR364XX is not set # CONFIG_USB_STKWEBCAM is not set # CONFIG_USB_S2255 is not set -# CONFIG_VIDEO_USBTV is not set # # Analog TV USB devices @@ -3820,7 +3798,6 @@ CONFIG_USB_GSPCA=m # CONFIG_VIDEO_PVRUSB2 is not set # CONFIG_VIDEO_HDPVR is not set # CONFIG_VIDEO_STK1160_COMMON is not set -# CONFIG_VIDEO_GO7007 is not set # # Analog/digital TV USB devices @@ -3891,7 +3868,6 @@ CONFIG_MEDIA_ATTACH=y # CONFIG_VIDEO_TVAUDIO is not set # CONFIG_VIDEO_TDA7432 is not set # CONFIG_VIDEO_TDA9840 is not set -# CONFIG_VIDEO_TDA1997X is not set # CONFIG_VIDEO_TEA6415C is not set # CONFIG_VIDEO_TEA6420 is not set # CONFIG_VIDEO_MSP3400 is not set @@ -4516,372 +4492,7 @@ CONFIG_FRAMEBUFFER_CONSOLE_ROTATION=y # CONFIG_LOGO is not set # end of Graphics support -CONFIG_SOUND=m -CONFIG_SND=m -CONFIG_SND_TIMER=m -CONFIG_SND_PCM=m -CONFIG_SND_HWDEP=m -CONFIG_SND_RAWMIDI=m -CONFIG_SND_COMPRESS_OFFLOAD=m -CONFIG_SND_JACK=y -CONFIG_SND_JACK_INPUT_DEV=y -# CONFIG_SND_OSSEMUL is not set -CONFIG_SND_PCM_TIMER=y -# CONFIG_SND_HRTIMER is not set -CONFIG_SND_DYNAMIC_MINORS=y -CONFIG_SND_MAX_CARDS=4 -CONFIG_SND_SUPPORT_OLD_API=y -CONFIG_SND_PROC_FS=y -CONFIG_SND_VERBOSE_PROCFS=y -# CONFIG_SND_VERBOSE_PRINTK is not set -# CONFIG_SND_DEBUG is not set -CONFIG_SND_VMASTER=y -CONFIG_SND_DMA_SGBUF=y -CONFIG_SND_CTL_LED=m -# CONFIG_SND_SEQUENCER is not set -CONFIG_SND_AC97_CODEC=m -CONFIG_SND_DRIVERS=y -# CONFIG_SND_DUMMY is not set -# CONFIG_SND_ALOOP is not set -# CONFIG_SND_MTPAV is not set -# CONFIG_SND_SERIAL_U16550 is not set -# CONFIG_SND_MPU401 is not set -# CONFIG_SND_AC97_POWER_SAVE is not set -CONFIG_SND_PCI=y -# CONFIG_SND_AD1889 is not set -# CONFIG_SND_ALS4000 is not set -# CONFIG_SND_ASIHPI is not set -# CONFIG_SND_ATIIXP is not set -# CONFIG_SND_ATIIXP_MODEM is not set -# CONFIG_SND_AU8810 is not set -# CONFIG_SND_AU8820 is not set -# CONFIG_SND_AU8830 is not set -# CONFIG_SND_AW2 is not set -# CONFIG_SND_BT87X is not set -# CONFIG_SND_CA0106 is not set -# CONFIG_SND_CMIPCI is not set -# CONFIG_SND_OXYGEN is not set -# CONFIG_SND_CS4281 is not set -# CONFIG_SND_CS46XX is not set -# CONFIG_SND_CTXFI is not set -# CONFIG_SND_DARLA20 is not set -# CONFIG_SND_GINA20 is not set -# CONFIG_SND_LAYLA20 is not set -# CONFIG_SND_DARLA24 is not set -# CONFIG_SND_GINA24 is not set -# CONFIG_SND_LAYLA24 is not set -# CONFIG_SND_MONA is not set -# CONFIG_SND_MIA is not set -# CONFIG_SND_ECHO3G is not set -# CONFIG_SND_INDIGO is not set -# CONFIG_SND_INDIGOIO is not set -# CONFIG_SND_INDIGODJ is not set -# CONFIG_SND_INDIGOIOX is not set -# CONFIG_SND_INDIGODJX is not set -# CONFIG_SND_ENS1370 is not set -CONFIG_SND_ENS1371=m -# CONFIG_SND_FM801 is not set -# CONFIG_SND_HDSP is not set -# CONFIG_SND_HDSPM is not set -# CONFIG_SND_ICE1724 is not set -# CONFIG_SND_INTEL8X0 is not set -# CONFIG_SND_INTEL8X0M is not set -# CONFIG_SND_KORG1212 is not set -# CONFIG_SND_LOLA is not set -# CONFIG_SND_LX6464ES is not set -# CONFIG_SND_MIXART is not set -# CONFIG_SND_NM256 is not set -# CONFIG_SND_PCXHR is not set -# CONFIG_SND_RIPTIDE is not set -# CONFIG_SND_RME32 is not set -# CONFIG_SND_RME96 is not set -# CONFIG_SND_RME9652 is not set -# CONFIG_SND_SE6X is not set -# CONFIG_SND_VIA82XX is not set -# CONFIG_SND_VIA82XX_MODEM is not set -# CONFIG_SND_VIRTUOSO is not set -# CONFIG_SND_VX222 is not set -# CONFIG_SND_YMFPCI is not set - -# -# HD-Audio -# -CONFIG_SND_HDA=m -CONFIG_SND_HDA_GENERIC_LEDS=y -CONFIG_SND_HDA_INTEL=m -# CONFIG_SND_HDA_HWDEP is not set -# CONFIG_SND_HDA_RECONFIG is not set -# CONFIG_SND_HDA_INPUT_BEEP is not set -# CONFIG_SND_HDA_PATCH_LOADER is not set -CONFIG_SND_HDA_CODEC_REALTEK=m -# CONFIG_SND_HDA_CODEC_ANALOG is not set -# CONFIG_SND_HDA_CODEC_SIGMATEL is not set -# CONFIG_SND_HDA_CODEC_VIA is not set -CONFIG_SND_HDA_CODEC_HDMI=m -# CONFIG_SND_HDA_CODEC_CIRRUS is not set -# CONFIG_SND_HDA_CODEC_CS8409 is not set -# CONFIG_SND_HDA_CODEC_CONEXANT is not set -# CONFIG_SND_HDA_CODEC_CA0110 is not set -# CONFIG_SND_HDA_CODEC_CA0132 is not set -# CONFIG_SND_HDA_CODEC_CMEDIA is not set -# CONFIG_SND_HDA_CODEC_SI3054 is not set -CONFIG_SND_HDA_GENERIC=m -CONFIG_SND_HDA_POWER_SAVE_DEFAULT=0 -# CONFIG_SND_HDA_INTEL_HDMI_SILENT_STREAM is not set -# end of HD-Audio - -CONFIG_SND_HDA_CORE=m -CONFIG_SND_HDA_DSP_LOADER=y -CONFIG_SND_HDA_COMPONENT=y -CONFIG_SND_HDA_I915=y -CONFIG_SND_HDA_EXT_CORE=m -CONFIG_SND_HDA_PREALLOC_SIZE=0 -CONFIG_SND_INTEL_NHLT=y -CONFIG_SND_INTEL_DSP_CONFIG=m -CONFIG_SND_INTEL_SOUNDWIRE_ACPI=m -CONFIG_SND_USB=y -CONFIG_SND_USB_AUDIO=m -# CONFIG_SND_USB_UA101 is not set -# CONFIG_SND_USB_USX2Y is not set -# CONFIG_SND_USB_CAIAQ is not set -# CONFIG_SND_USB_US122L is not set -# CONFIG_SND_USB_6FIRE is not set -# CONFIG_SND_USB_HIFACE is not set -# CONFIG_SND_BCD2000 is not set -# CONFIG_SND_USB_POD is not set -# CONFIG_SND_USB_PODHD is not set -# CONFIG_SND_USB_TONEPORT is not set -# CONFIG_SND_USB_VARIAX is not set -CONFIG_SND_SOC=m -CONFIG_SND_SOC_COMPRESS=y -CONFIG_SND_SOC_TOPOLOGY=y -CONFIG_SND_SOC_ACPI=m -# CONFIG_SND_SOC_ADI is not set -# CONFIG_SND_SOC_AMD_ACP is not set -# CONFIG_SND_SOC_AMD_ACP3x is not set -# CONFIG_SND_SOC_AMD_RENOIR is not set -# CONFIG_SND_SOC_AMD_ACP5x is not set -# CONFIG_SND_ATMEL_SOC is not set -# CONFIG_SND_BCM63XX_I2S_WHISTLER is not set -# CONFIG_SND_DESIGNWARE_I2S is not set - -# -# SoC Audio for Freescale CPUs -# - -# -# Common SoC Audio options for Freescale CPUs: -# -# CONFIG_SND_SOC_FSL_ASRC is not set -# CONFIG_SND_SOC_FSL_SAI is not set -# CONFIG_SND_SOC_FSL_AUDMIX is not set -# CONFIG_SND_SOC_FSL_SSI is not set -# CONFIG_SND_SOC_FSL_SPDIF is not set -# CONFIG_SND_SOC_FSL_ESAI is not set -# CONFIG_SND_SOC_FSL_MICFIL is not set -# CONFIG_SND_SOC_FSL_XCVR is not set -# CONFIG_SND_SOC_IMX_AUDMUX is not set -# end of SoC Audio for Freescale CPUs - -# CONFIG_SND_I2S_HI6210_I2S is not set -# CONFIG_SND_SOC_IMG is not set -CONFIG_SND_SOC_INTEL_SST_TOPLEVEL=y -CONFIG_SND_SOC_INTEL_SST=m -# CONFIG_SND_SOC_INTEL_CATPT is not set -CONFIG_SND_SST_ATOM_HIFI2_PLATFORM=m -# CONFIG_SND_SST_ATOM_HIFI2_PLATFORM_PCI is not set -CONFIG_SND_SST_ATOM_HIFI2_PLATFORM_ACPI=m -CONFIG_SND_SOC_INTEL_SKYLAKE=m -CONFIG_SND_SOC_INTEL_SKL=m -CONFIG_SND_SOC_INTEL_APL=m -CONFIG_SND_SOC_INTEL_KBL=m -CONFIG_SND_SOC_INTEL_GLK=m -CONFIG_SND_SOC_INTEL_CNL=m -CONFIG_SND_SOC_INTEL_CFL=m -# CONFIG_SND_SOC_INTEL_CML_H is not set -# CONFIG_SND_SOC_INTEL_CML_LP is not set -CONFIG_SND_SOC_INTEL_SKYLAKE_FAMILY=m -# CONFIG_SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC is not set -CONFIG_SND_SOC_INTEL_SKYLAKE_COMMON=m -CONFIG_SND_SOC_ACPI_INTEL_MATCH=m -CONFIG_SND_SOC_INTEL_MACH=y -# CONFIG_SND_SOC_INTEL_USER_FRIENDLY_LONG_NAMES is not set -# CONFIG_SND_SOC_INTEL_BYTCR_RT5640_MACH is not set -# CONFIG_SND_SOC_INTEL_BYTCR_RT5651_MACH is not set -# CONFIG_SND_SOC_INTEL_CHT_BSW_RT5672_MACH is not set -# CONFIG_SND_SOC_INTEL_CHT_BSW_RT5645_MACH is not set -# CONFIG_SND_SOC_INTEL_CHT_BSW_MAX98090_TI_MACH is not set -# CONFIG_SND_SOC_INTEL_CHT_BSW_NAU8824_MACH is not set -# CONFIG_SND_SOC_INTEL_BYT_CHT_CX2072X_MACH is not set -# CONFIG_SND_SOC_INTEL_BYT_CHT_DA7213_MACH is not set -# CONFIG_SND_SOC_INTEL_BYT_CHT_ES8316_MACH is not set -# CONFIG_SND_SOC_INTEL_BYT_CHT_NOCODEC_MACH is not set -# CONFIG_SND_SOC_INTEL_SKL_RT286_MACH is not set -# CONFIG_SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH is not set -# CONFIG_SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH is not set -# CONFIG_SND_SOC_INTEL_BXT_DA7219_MAX98357A_MACH is not set -# CONFIG_SND_SOC_INTEL_BXT_RT298_MACH is not set -# CONFIG_SND_SOC_INTEL_KBL_RT5663_MAX98927_MACH is not set -# CONFIG_SND_SOC_INTEL_KBL_DA7219_MAX98357A_MACH is not set -# CONFIG_SND_SOC_INTEL_KBL_DA7219_MAX98927_MACH is not set -# CONFIG_SND_SOC_INTEL_KBL_RT5660_MACH is not set -# CONFIG_SND_SOC_MTK_BTCVSD is not set -# CONFIG_SND_SOC_SOF_TOPLEVEL is not set - -# -# STMicroelectronics STM32 SOC audio support -# -# end of STMicroelectronics STM32 SOC audio support - -# CONFIG_SND_SOC_XILINX_I2S is not set -# CONFIG_SND_SOC_XILINX_AUDIO_FORMATTER is not set -# CONFIG_SND_SOC_XILINX_SPDIF is not set -# CONFIG_SND_SOC_XTFPGA_I2S is not set -CONFIG_SND_SOC_I2C_AND_SPI=m - -# -# CODEC drivers -# -# CONFIG_SND_SOC_AC97_CODEC is not set -# CONFIG_SND_SOC_ADAU1372_I2C is not set -# CONFIG_SND_SOC_ADAU1701 is not set -# CONFIG_SND_SOC_ADAU1761_I2C is not set -# CONFIG_SND_SOC_ADAU7002 is not set -# CONFIG_SND_SOC_ADAU7118_HW is not set -# CONFIG_SND_SOC_ADAU7118_I2C is not set -# CONFIG_SND_SOC_AK4118 is not set -# CONFIG_SND_SOC_AK4458 is not set -# CONFIG_SND_SOC_AK4554 is not set -# CONFIG_SND_SOC_AK4613 is not set -# CONFIG_SND_SOC_AK4642 is not set -# CONFIG_SND_SOC_AK5386 is not set -# CONFIG_SND_SOC_AK5558 is not set -# CONFIG_SND_SOC_ALC5623 is not set -# CONFIG_SND_SOC_BD28623 is not set -# CONFIG_SND_SOC_BT_SCO is not set -# CONFIG_SND_SOC_CS35L32 is not set -# CONFIG_SND_SOC_CS35L33 is not set -# CONFIG_SND_SOC_CS35L34 is not set -# CONFIG_SND_SOC_CS35L35 is not set -# CONFIG_SND_SOC_CS35L36 is not set -# CONFIG_SND_SOC_CS42L42 is not set -# CONFIG_SND_SOC_CS42L51_I2C is not set -# CONFIG_SND_SOC_CS42L52 is not set -# CONFIG_SND_SOC_CS42L56 is not set -# CONFIG_SND_SOC_CS42L73 is not set -# CONFIG_SND_SOC_CS4234 is not set -# CONFIG_SND_SOC_CS4265 is not set -# CONFIG_SND_SOC_CS4270 is not set -# CONFIG_SND_SOC_CS4271_I2C is not set -# CONFIG_SND_SOC_CS42XX8_I2C is not set -# CONFIG_SND_SOC_CS43130 is not set -# CONFIG_SND_SOC_CS4341 is not set -# CONFIG_SND_SOC_CS4349 is not set -# CONFIG_SND_SOC_CS53L30 is not set -# CONFIG_SND_SOC_CX2072X is not set -# CONFIG_SND_SOC_DA7213 is not set -# CONFIG_SND_SOC_DMIC is not set -# CONFIG_SND_SOC_ES7134 is not set -# CONFIG_SND_SOC_ES7241 is not set -# CONFIG_SND_SOC_ES8316 is not set -# CONFIG_SND_SOC_ES8328_I2C is not set -# CONFIG_SND_SOC_GTM601 is not set -# CONFIG_SND_SOC_ICS43432 is not set -# CONFIG_SND_SOC_INNO_RK3036 is not set -# CONFIG_SND_SOC_MAX98088 is not set -# CONFIG_SND_SOC_MAX98357A is not set -# CONFIG_SND_SOC_MAX98504 is not set -# CONFIG_SND_SOC_MAX9867 is not set -# CONFIG_SND_SOC_MAX98927 is not set -# CONFIG_SND_SOC_MAX98373_I2C is not set -# CONFIG_SND_SOC_MAX98390 is not set -# CONFIG_SND_SOC_MAX9860 is not set -# CONFIG_SND_SOC_MSM8916_WCD_DIGITAL is not set -# CONFIG_SND_SOC_PCM1681 is not set -# CONFIG_SND_SOC_PCM1789_I2C is not set -# CONFIG_SND_SOC_PCM179X_I2C is not set -# CONFIG_SND_SOC_PCM186X_I2C is not set -# CONFIG_SND_SOC_PCM3060_I2C is not set -# CONFIG_SND_SOC_PCM3168A_I2C is not set -# CONFIG_SND_SOC_PCM5102A is not set -# CONFIG_SND_SOC_PCM512x_I2C is not set -# CONFIG_SND_SOC_RK3328 is not set -# CONFIG_SND_SOC_RT5616 is not set -# CONFIG_SND_SOC_RT5631 is not set -# CONFIG_SND_SOC_RT5640 is not set -# CONFIG_SND_SOC_RT5659 is not set -# CONFIG_SND_SOC_SGTL5000 is not set -# CONFIG_SND_SOC_SIMPLE_AMPLIFIER is not set -# CONFIG_SND_SOC_SIMPLE_MUX is not set -# CONFIG_SND_SOC_SPDIF is not set -# CONFIG_SND_SOC_SSM2305 is not set -# CONFIG_SND_SOC_SSM2518 is not set -# CONFIG_SND_SOC_SSM2602_I2C is not set -# CONFIG_SND_SOC_SSM4567 is not set -# CONFIG_SND_SOC_STA32X is not set -# CONFIG_SND_SOC_STA350 is not set -# CONFIG_SND_SOC_STI_SAS is not set -# CONFIG_SND_SOC_TAS2552 is not set -# CONFIG_SND_SOC_TAS2562 is not set -# CONFIG_SND_SOC_TAS2764 is not set -# CONFIG_SND_SOC_TAS2770 is not set -# CONFIG_SND_SOC_TAS5086 is not set -# CONFIG_SND_SOC_TAS571X is not set -# CONFIG_SND_SOC_TAS5720 is not set -# CONFIG_SND_SOC_TAS6424 is not set -# CONFIG_SND_SOC_TDA7419 is not set -# CONFIG_SND_SOC_TFA9879 is not set -# CONFIG_SND_SOC_TFA989X is not set -# CONFIG_SND_SOC_TLV320AIC23_I2C is not set -# CONFIG_SND_SOC_TLV320AIC31XX is not set -# CONFIG_SND_SOC_TLV320AIC32X4_I2C is not set -# CONFIG_SND_SOC_TLV320AIC3X_I2C is not set -# CONFIG_SND_SOC_TLV320ADCX140 is not set -# CONFIG_SND_SOC_TS3A227E is not set -# CONFIG_SND_SOC_TSCS42XX is not set -# CONFIG_SND_SOC_TSCS454 is not set -# CONFIG_SND_SOC_UDA1334 is not set -# CONFIG_SND_SOC_WM8510 is not set -# CONFIG_SND_SOC_WM8523 is not set -# CONFIG_SND_SOC_WM8524 is not set -# CONFIG_SND_SOC_WM8580 is not set -# CONFIG_SND_SOC_WM8711 is not set -# CONFIG_SND_SOC_WM8728 is not set -# CONFIG_SND_SOC_WM8731 is not set -# CONFIG_SND_SOC_WM8737 is not set -# CONFIG_SND_SOC_WM8741 is not set -# CONFIG_SND_SOC_WM8750 is not set -# CONFIG_SND_SOC_WM8753 is not set -# CONFIG_SND_SOC_WM8776 is not set -# CONFIG_SND_SOC_WM8782 is not set -# CONFIG_SND_SOC_WM8804_I2C is not set -# CONFIG_SND_SOC_WM8903 is not set -# CONFIG_SND_SOC_WM8904 is not set -# CONFIG_SND_SOC_WM8960 is not set -# CONFIG_SND_SOC_WM8962 is not set -# CONFIG_SND_SOC_WM8974 is not set -# CONFIG_SND_SOC_WM8978 is not set -# CONFIG_SND_SOC_WM8985 is not set -# CONFIG_SND_SOC_MAX9759 is not set -# CONFIG_SND_SOC_MT6351 is not set -# CONFIG_SND_SOC_MT6358 is not set -# CONFIG_SND_SOC_MT6660 is not set -# CONFIG_SND_SOC_NAU8315 is not set -# CONFIG_SND_SOC_NAU8540 is not set -# CONFIG_SND_SOC_NAU8810 is not set -# CONFIG_SND_SOC_NAU8822 is not set -# CONFIG_SND_SOC_NAU8824 is not set -# CONFIG_SND_SOC_TPA6130A2 is not set -# CONFIG_SND_SOC_LPASS_WSA_MACRO is not set -# CONFIG_SND_SOC_LPASS_VA_MACRO is not set -# CONFIG_SND_SOC_LPASS_RX_MACRO is not set -# CONFIG_SND_SOC_LPASS_TX_MACRO is not set -# end of CODEC drivers - -# CONFIG_SND_SIMPLE_CARD is not set -# CONFIG_SND_X86 is not set -# CONFIG_SND_VIRTIO is not set -CONFIG_AC97_BUS=m +# CONFIG_SOUND is not set # # HID support @@ -4910,7 +4521,6 @@ CONFIG_HID_CHERRY=m # CONFIG_HID_CORSAIR is not set # CONFIG_HID_COUGAR is not set # CONFIG_HID_MACALLY is not set -# CONFIG_HID_PRODIKEYS is not set # CONFIG_HID_CMEDIA is not set # CONFIG_HID_CREATIVE_SB0540 is not set # CONFIG_HID_CYPRESS is not set @@ -5578,6 +5188,7 @@ CONFIG_HYPERV_BALLOON=y CONFIG_MSHV=y CONFIG_MSHV_ROOT=y # CONFIG_MSHV_VTL is not set +CONFIG_MSHV_DIAG=y CONFIG_MSHV_VFIO=y CONFIG_MSHV_XFER_TO_GUEST_WORK=y # CONFIG_DXGKRNL is not set @@ -5609,9 +5220,8 @@ CONFIG_MXM_WMI=m # CONFIG_FUJITSU_LAPTOP is not set # CONFIG_FUJITSU_TABLET is not set # CONFIG_GPD_POCKET_FAN is not set -# CONFIG_HP_ACCEL is not set +# CONFIG_X86_PLATFORM_DRIVERS_HP is not set # CONFIG_WIRELESS_HOTKEY is not set -# CONFIG_HP_WMI is not set # CONFIG_IBM_RTL is not set # CONFIG_SENSORS_HDAPS is not set # CONFIG_THINKPAD_ACPI is not set diff --git a/SPECS/kernel-mshv/kernel-mshv.signatures.json b/SPECS/kernel-mshv/kernel-mshv.signatures.json index a017062e753..fe6a6231900 100644 --- a/SPECS/kernel-mshv/kernel-mshv.signatures.json +++ b/SPECS/kernel-mshv/kernel-mshv.signatures.json @@ -1,8 +1,8 @@ { "Signatures": { - "kernel-mshv-5.15.110.mshv2.tar.gz": "380928fa07ff5007734898f111ad95282db29052726017088259a6314f77ab78", + "kernel-mshv-5.15.126.mshv3.tar.gz": "a4a19caadbcb6c367bbc8d92338bbf6843f5e0fbd411f0ff0ba7650d44505e87", "50_mariner_mshv.cfg": "0a5fcad1efb1fd37f910f675c5303210a2aeeef9e089d804510ce40ff9b26369", "cbl-mariner-ca-20211013.pem": "5ef124b0924cb1047c111a0ecff1ae11e6ad7cac8d1d9b40f98f99334121f0b0", - "config": "1fa929c177355df4e85bb59f3ef0e1c87077db887b89f5ebfb0725268197eb3b" + "config": "bbdc5e2c5506e2a272a15b82541ea258c4dcc6c25db4a2120d09675a43e96528" } } \ No newline at end of file diff --git a/SPECS/kernel-mshv/kernel-mshv.spec b/SPECS/kernel-mshv/kernel-mshv.spec index fffebdea189..548a280ace3 100644 --- a/SPECS/kernel-mshv/kernel-mshv.spec +++ b/SPECS/kernel-mshv/kernel-mshv.spec @@ -10,8 +10,8 @@ Summary: Mariner kernel that has MSHV Host support Name: kernel-mshv -Version: 5.15.110.mshv2 -Release: 5%{?dist} +Version: 5.15.126.mshv3 +Release: 1%{?dist} License: GPLv2 Group: Development/Tools Vendor: Microsoft Corporation @@ -20,7 +20,6 @@ Source0: %{_mariner_sources_url}/%{name}-%{version}.tar.gz Source1: config Source2: cbl-mariner-ca-20211013.pem Source3: 50_mariner_mshv.cfg -Patch0: 0001-Implement-dom0-kernel-patch-for-loader-as-of-0524.patch ExclusiveArch: x86_64 BuildRequires: audit-devel BuildRequires: bash @@ -248,6 +247,9 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner-mshv.cfg %{_includedir}/perf/perf_dlfilter.h %changelog +* Thu Sep 21 2023 Saul Paredes - 5.15.126.mshv3-1 +- Update to v5.15.126.mshv3 + * Tue Sep 19 2023 Cameron Baird - 5.15.110.mshv2-5 - Enable grub2-mkconfig-based boot path by installing 50_mariner_mshv.cfg diff --git a/SPECS/kernel-uvm-cvm/config b/SPECS/kernel-uvm-cvm/config new file mode 100644 index 00000000000..fe23ffdc63d --- /dev/null +++ b/SPECS/kernel-uvm-cvm/config @@ -0,0 +1,3255 @@ +# +# Automatically generated file; DO NOT EDIT. +# Linux/x86_64 6.1.0.mshv11 Kernel Configuration +# +CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" +CONFIG_CC_IS_GCC=y +CONFIG_GCC_VERSION=110200 +CONFIG_CLANG_VERSION=0 +CONFIG_AS_IS_GNU=y +CONFIG_AS_VERSION=23700 +CONFIG_LD_IS_BFD=y +CONFIG_LD_VERSION=23700 +CONFIG_LLD_VERSION=0 +CONFIG_CC_CAN_LINK=y +CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y +CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y +CONFIG_CC_HAS_ASM_INLINE=y +CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y +CONFIG_PAHOLE_VERSION=121 +CONFIG_IRQ_WORK=y +CONFIG_BUILDTIME_TABLE_SORT=y +CONFIG_THREAD_INFO_IN_TASK=y + +# +# General setup +# +CONFIG_INIT_ENV_ARG_LIMIT=32 +# CONFIG_COMPILE_TEST is not set +# CONFIG_WERROR is not set +CONFIG_LOCALVERSION="" +# CONFIG_LOCALVERSION_AUTO is not set +CONFIG_BUILD_SALT="" +CONFIG_HAVE_KERNEL_GZIP=y +CONFIG_HAVE_KERNEL_BZIP2=y +CONFIG_HAVE_KERNEL_LZMA=y +CONFIG_HAVE_KERNEL_XZ=y +CONFIG_HAVE_KERNEL_LZO=y +CONFIG_HAVE_KERNEL_LZ4=y +CONFIG_HAVE_KERNEL_ZSTD=y +CONFIG_KERNEL_GZIP=y +# CONFIG_KERNEL_BZIP2 is not set +# CONFIG_KERNEL_LZMA is not set +# CONFIG_KERNEL_XZ is not set +# CONFIG_KERNEL_LZO is not set +# CONFIG_KERNEL_LZ4 is not set +# CONFIG_KERNEL_ZSTD is not set +CONFIG_DEFAULT_INIT="" +CONFIG_DEFAULT_HOSTNAME="(none)" +CONFIG_SYSVIPC=y +CONFIG_SYSVIPC_SYSCTL=y +CONFIG_POSIX_MQUEUE=y +CONFIG_POSIX_MQUEUE_SYSCTL=y +# CONFIG_WATCH_QUEUE is not set +# CONFIG_CROSS_MEMORY_ATTACH is not set +# CONFIG_USELIB is not set +# CONFIG_AUDIT is not set +CONFIG_HAVE_ARCH_AUDITSYSCALL=y + +# +# IRQ subsystem +# +CONFIG_GENERIC_IRQ_PROBE=y +CONFIG_GENERIC_IRQ_SHOW=y +CONFIG_GENERIC_IRQ_EFFECTIVE_AFF_MASK=y +CONFIG_GENERIC_PENDING_IRQ=y +CONFIG_GENERIC_IRQ_MIGRATION=y +CONFIG_HARDIRQS_SW_RESEND=y +CONFIG_IRQ_DOMAIN=y +CONFIG_IRQ_DOMAIN_HIERARCHY=y +CONFIG_GENERIC_MSI_IRQ=y +CONFIG_GENERIC_MSI_IRQ_DOMAIN=y +CONFIG_IRQ_MSI_IOMMU=y +CONFIG_GENERIC_IRQ_MATRIX_ALLOCATOR=y +CONFIG_GENERIC_IRQ_RESERVATION_MODE=y +CONFIG_IRQ_FORCED_THREADING=y +CONFIG_SPARSE_IRQ=y +# end of IRQ subsystem + +CONFIG_CLOCKSOURCE_WATCHDOG=y +CONFIG_ARCH_CLOCKSOURCE_INIT=y +CONFIG_CLOCKSOURCE_VALIDATE_LAST_CYCLE=y +CONFIG_GENERIC_TIME_VSYSCALL=y +CONFIG_GENERIC_CLOCKEVENTS=y +CONFIG_GENERIC_CLOCKEVENTS_BROADCAST=y +CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y +CONFIG_GENERIC_CMOS_UPDATE=y +CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_CONTEXT_TRACKING=y +CONFIG_CONTEXT_TRACKING_IDLE=y + +# +# Timers subsystem +# +CONFIG_TICK_ONESHOT=y +CONFIG_NO_HZ_COMMON=y +# CONFIG_HZ_PERIODIC is not set +# CONFIG_NO_HZ_IDLE is not set +CONFIG_NO_HZ_FULL=y +CONFIG_CONTEXT_TRACKING_USER=y +# CONFIG_CONTEXT_TRACKING_USER_FORCE is not set +CONFIG_NO_HZ=y +CONFIG_HIGH_RES_TIMERS=y +CONFIG_CLOCKSOURCE_WATCHDOG_MAX_SKEW_US=100 +# end of Timers subsystem + +CONFIG_BPF=y +CONFIG_HAVE_EBPF_JIT=y +CONFIG_ARCH_WANT_DEFAULT_BPF_JIT=y + +# +# BPF subsystem +# +CONFIG_BPF_SYSCALL=y +# CONFIG_BPF_JIT is not set +# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set +# CONFIG_BPF_PRELOAD is not set +# end of BPF subsystem + +CONFIG_PREEMPT_VOLUNTARY_BUILD=y +# CONFIG_PREEMPT_NONE is not set +CONFIG_PREEMPT_VOLUNTARY=y +# CONFIG_PREEMPT is not set +# CONFIG_PREEMPT_DYNAMIC is not set +# CONFIG_SCHED_CORE is not set + +# +# CPU/Task time and stats accounting +# +CONFIG_VIRT_CPU_ACCOUNTING=y +CONFIG_VIRT_CPU_ACCOUNTING_GEN=y +# CONFIG_IRQ_TIME_ACCOUNTING is not set +# CONFIG_BSD_PROCESS_ACCT is not set +# CONFIG_TASKSTATS is not set +# CONFIG_PSI is not set +# end of CPU/Task time and stats accounting + +CONFIG_CPU_ISOLATION=y + +# +# RCU Subsystem +# +CONFIG_TREE_RCU=y +# CONFIG_RCU_EXPERT is not set +CONFIG_SRCU=y +CONFIG_TREE_SRCU=y +CONFIG_TASKS_RCU_GENERIC=y +CONFIG_TASKS_TRACE_RCU=y +CONFIG_RCU_STALL_COMMON=y +CONFIG_RCU_NEED_SEGCBLIST=y +CONFIG_RCU_NOCB_CPU=y +# CONFIG_RCU_NOCB_CPU_DEFAULT_ALL is not set +# end of RCU Subsystem + +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +# CONFIG_IKHEADERS is not set +CONFIG_LOG_BUF_SHIFT=17 +CONFIG_LOG_CPU_MAX_BUF_SHIFT=12 +CONFIG_PRINTK_SAFE_LOG_BUF_SHIFT=13 +CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y + +# +# Scheduler features +# +# CONFIG_UCLAMP_TASK is not set +# end of Scheduler features + +CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y +CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y +CONFIG_CC_HAS_INT128=y +CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" +CONFIG_GCC12_NO_ARRAY_BOUNDS=y +CONFIG_ARCH_SUPPORTS_INT128=y +# CONFIG_NUMA_BALANCING is not set +CONFIG_CGROUPS=y +CONFIG_PAGE_COUNTER=y +# CONFIG_CGROUP_FAVOR_DYNMODS is not set +CONFIG_MEMCG=y +CONFIG_MEMCG_KMEM=y +CONFIG_BLK_CGROUP=y +CONFIG_CGROUP_WRITEBACK=y +CONFIG_CGROUP_SCHED=y +CONFIG_FAIR_GROUP_SCHED=y +CONFIG_CFS_BANDWIDTH=y +# CONFIG_RT_GROUP_SCHED is not set +CONFIG_CGROUP_PIDS=y +# CONFIG_CGROUP_RDMA is not set +CONFIG_CGROUP_FREEZER=y +# CONFIG_CGROUP_HUGETLB is not set +CONFIG_CPUSETS=y +# CONFIG_PROC_PID_CPUSET is not set +CONFIG_CGROUP_DEVICE=y +CONFIG_CGROUP_CPUACCT=y +CONFIG_CGROUP_PERF=y +CONFIG_CGROUP_BPF=y +# CONFIG_CGROUP_MISC is not set +# CONFIG_CGROUP_DEBUG is not set +CONFIG_SOCK_CGROUP_DATA=y +CONFIG_NAMESPACES=y +CONFIG_UTS_NS=y +# CONFIG_TIME_NS is not set +CONFIG_IPC_NS=y +CONFIG_USER_NS=y +CONFIG_PID_NS=y +CONFIG_NET_NS=y +# CONFIG_CHECKPOINT_RESTORE is not set +# CONFIG_SCHED_AUTOGROUP is not set +# CONFIG_SYSFS_DEPRECATED is not set +# CONFIG_RELAY is not set +CONFIG_BLK_DEV_INITRD=y +CONFIG_INITRAMFS_SOURCE="" +CONFIG_RD_GZIP=y +# CONFIG_RD_BZIP2 is not set +# CONFIG_RD_LZMA is not set +# CONFIG_RD_XZ is not set +# CONFIG_RD_LZO is not set +# CONFIG_RD_LZ4 is not set +# CONFIG_RD_ZSTD is not set +# CONFIG_BOOT_CONFIG is not set +CONFIG_INITRAMFS_PRESERVE_MTIME=y +CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y +# CONFIG_CC_OPTIMIZE_FOR_SIZE is not set +CONFIG_LD_ORPHAN_WARN=y +CONFIG_SYSCTL=y +CONFIG_SYSCTL_EXCEPTION_TRACE=y +CONFIG_HAVE_PCSPKR_PLATFORM=y +# CONFIG_EXPERT is not set +CONFIG_MULTIUSER=y +CONFIG_SGETMASK_SYSCALL=y +CONFIG_SYSFS_SYSCALL=y +CONFIG_FHANDLE=y +CONFIG_POSIX_TIMERS=y +CONFIG_PRINTK=y +CONFIG_BUG=y +CONFIG_ELF_CORE=y +CONFIG_PCSPKR_PLATFORM=y +CONFIG_BASE_FULL=y +CONFIG_FUTEX=y +CONFIG_FUTEX_PI=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_IO_URING=y +CONFIG_ADVISE_SYSCALLS=y +CONFIG_MEMBARRIER=y +CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set +CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y +CONFIG_KALLSYMS_BASE_RELATIVE=y +CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y +CONFIG_RSEQ=y +# CONFIG_EMBEDDED is not set +CONFIG_HAVE_PERF_EVENTS=y + +# +# Kernel Performance Events And Counters +# +CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set +# end of Kernel Performance Events And Counters + +# CONFIG_PROFILING is not set +# end of General setup + +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_INSTRUCTION_DECODER=y +CONFIG_OUTPUT_FORMAT="elf64-x86-64" +CONFIG_LOCKDEP_SUPPORT=y +CONFIG_STACKTRACE_SUPPORT=y +CONFIG_MMU=y +CONFIG_ARCH_MMAP_RND_BITS_MIN=28 +CONFIG_ARCH_MMAP_RND_BITS_MAX=32 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MIN=8 +CONFIG_ARCH_MMAP_RND_COMPAT_BITS_MAX=16 +CONFIG_GENERIC_ISA_DMA=y +CONFIG_GENERIC_BUG=y +CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y +CONFIG_ARCH_MAY_HAVE_PC_FDC=y +CONFIG_GENERIC_CALIBRATE_DELAY=y +CONFIG_ARCH_HAS_CPU_RELAX=y +CONFIG_ARCH_HIBERNATION_POSSIBLE=y +CONFIG_ARCH_NR_GPIO=1024 +CONFIG_ARCH_SUSPEND_POSSIBLE=y +CONFIG_AUDIT_ARCH=y +CONFIG_HAVE_INTEL_TXT=y +CONFIG_X86_64_SMP=y +CONFIG_ARCH_SUPPORTS_UPROBES=y +CONFIG_FIX_EARLYCON_MEM=y +CONFIG_DYNAMIC_PHYSICAL_MASK=y +CONFIG_PGTABLE_LEVELS=4 +CONFIG_CC_HAS_SANE_STACKPROTECTOR=y + +# +# Processor type and features +# +CONFIG_SMP=y +CONFIG_X86_FEATURE_NAMES=y +CONFIG_X86_X2APIC=y +CONFIG_X86_MPPARSE=y +# CONFIG_GOLDFISH is not set +# CONFIG_X86_CPU_RESCTRL is not set +# CONFIG_X86_EXTENDED_PLATFORM is not set +# CONFIG_X86_INTEL_LPSS is not set +# CONFIG_X86_AMD_PLATFORM_DEVICE is not set +# CONFIG_IOSF_MBI is not set +# CONFIG_SCHED_OMIT_FRAME_POINTER is not set +CONFIG_HYPERVISOR_GUEST=y +CONFIG_PARAVIRT=y +# CONFIG_PARAVIRT_DEBUG is not set +CONFIG_PARAVIRT_SPINLOCKS=y +CONFIG_X86_HV_CALLBACK_VECTOR=y +# CONFIG_XEN is not set +CONFIG_KVM_GUEST=y +CONFIG_ARCH_CPUIDLE_HALTPOLL=y +CONFIG_PVH=y +# CONFIG_PARAVIRT_TIME_ACCOUNTING is not set +CONFIG_PARAVIRT_CLOCK=y +# CONFIG_JAILHOUSE_GUEST is not set +# CONFIG_ACRN_GUEST is not set +# CONFIG_INTEL_TDX_GUEST is not set +# CONFIG_MK8 is not set +# CONFIG_MPSC is not set +# CONFIG_MCORE2 is not set +# CONFIG_MATOM is not set +CONFIG_GENERIC_CPU=y +CONFIG_X86_INTERNODE_CACHE_SHIFT=6 +CONFIG_X86_L1_CACHE_SHIFT=6 +CONFIG_X86_TSC=y +CONFIG_X86_CMPXCHG64=y +CONFIG_X86_CMOV=y +CONFIG_X86_MINIMUM_CPU_FAMILY=64 +CONFIG_X86_DEBUGCTLMSR=y +CONFIG_IA32_FEAT_CTL=y +CONFIG_X86_VMX_FEATURE_NAMES=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_CPU_SUP_HYGON=y +CONFIG_CPU_SUP_CENTAUR=y +CONFIG_CPU_SUP_ZHAOXIN=y +CONFIG_HPET_TIMER=y +CONFIG_DMI=y +CONFIG_GART_IOMMU=y +CONFIG_MAXSMP=y +CONFIG_NR_CPUS_RANGE_BEGIN=8192 +CONFIG_NR_CPUS_RANGE_END=8192 +CONFIG_NR_CPUS_DEFAULT=8192 +CONFIG_NR_CPUS=8192 +# CONFIG_SCHED_CLUSTER is not set +CONFIG_SCHED_SMT=y +CONFIG_SCHED_MC=y +CONFIG_SCHED_MC_PRIO=y +CONFIG_X86_LOCAL_APIC=y +CONFIG_X86_IO_APIC=y +# CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set +# CONFIG_X86_MCE is not set + +# +# Performance monitoring +# +# CONFIG_PERF_EVENTS_INTEL_UNCORE is not set +# CONFIG_PERF_EVENTS_INTEL_RAPL is not set +# CONFIG_PERF_EVENTS_INTEL_CSTATE is not set +# CONFIG_PERF_EVENTS_AMD_POWER is not set +CONFIG_PERF_EVENTS_AMD_UNCORE=y +# CONFIG_PERF_EVENTS_AMD_BRS is not set +# end of Performance monitoring + +CONFIG_X86_16BIT=y +CONFIG_X86_ESPFIX64=y +CONFIG_X86_VSYSCALL_EMULATION=y +# CONFIG_X86_IOPL_IOPERM is not set +# CONFIG_MICROCODE is not set +CONFIG_X86_MSR=y +CONFIG_X86_CPUID=y +# CONFIG_X86_5LEVEL is not set +CONFIG_X86_DIRECT_GBPAGES=y +CONFIG_X86_MEM_ENCRYPT=y +CONFIG_AMD_MEM_ENCRYPT=y +CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y +CONFIG_NUMA=y +CONFIG_AMD_NUMA=y +CONFIG_X86_64_ACPI_NUMA=y +# CONFIG_NUMA_EMU is not set +CONFIG_NODES_SHIFT=10 +CONFIG_ARCH_SPARSEMEM_ENABLE=y +CONFIG_ARCH_SPARSEMEM_DEFAULT=y +# CONFIG_ARCH_MEMORY_PROBE is not set +CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 +# CONFIG_X86_PMEM_LEGACY is not set +# CONFIG_X86_CHECK_BIOS_CORRUPTION is not set +CONFIG_MTRR=y +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 +CONFIG_X86_PAT=y +CONFIG_ARCH_USES_PG_UNCACHED=y +CONFIG_X86_UMIP=y +CONFIG_CC_HAS_IBT=y +# CONFIG_X86_KERNEL_IBT is not set +# CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set +CONFIG_X86_INTEL_TSX_MODE_OFF=y +# CONFIG_X86_INTEL_TSX_MODE_ON is not set +# CONFIG_X86_INTEL_TSX_MODE_AUTO is not set +CONFIG_X86_SGX=y +# CONFIG_EFI is not set +# CONFIG_HZ_100 is not set +CONFIG_HZ_250=y +# CONFIG_HZ_300 is not set +# CONFIG_HZ_1000 is not set +CONFIG_HZ=250 +CONFIG_SCHED_HRTICK=y +# CONFIG_KEXEC is not set +# CONFIG_KEXEC_FILE is not set +# CONFIG_CRASH_DUMP is not set +CONFIG_PHYSICAL_START=0x1000000 +# CONFIG_RELOCATABLE is not set +CONFIG_PHYSICAL_ALIGN=0x200000 +CONFIG_HOTPLUG_CPU=y +# CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set +# CONFIG_DEBUG_HOTPLUG_CPU0 is not set +CONFIG_LEGACY_VSYSCALL_XONLY=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set +# CONFIG_CMDLINE_BOOL is not set +CONFIG_MODIFY_LDT_SYSCALL=y +# CONFIG_STRICT_SIGALTSTACK_SIZE is not set +CONFIG_HAVE_LIVEPATCH=y +# end of Processor type and features + +CONFIG_CC_HAS_RETURN_THUNK=y +CONFIG_SPECULATION_MITIGATIONS=y +CONFIG_PAGE_TABLE_ISOLATION=y +CONFIG_RETPOLINE=y +CONFIG_RETHUNK=y +CONFIG_CPU_UNRET_ENTRY=y +CONFIG_CPU_IBPB_ENTRY=y +CONFIG_CPU_IBRS_ENTRY=y +CONFIG_ARCH_HAS_ADD_PAGES=y +CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y + +# +# Power management and ACPI options +# +# CONFIG_SUSPEND is not set +# CONFIG_HIBERNATION is not set +# CONFIG_PM is not set +# CONFIG_ENERGY_MODEL is not set +CONFIG_ARCH_SUPPORTS_ACPI=y +CONFIG_ACPI=y +CONFIG_ACPI_LEGACY_TABLES_LOOKUP=y +CONFIG_ARCH_MIGHT_HAVE_ACPI_PDC=y +CONFIG_ACPI_SYSTEM_POWER_STATES_SUPPORT=y +# CONFIG_ACPI_DEBUGGER is not set +# CONFIG_ACPI_SPCR_TABLE is not set +# CONFIG_ACPI_FPDT is not set +CONFIG_ACPI_LPIT=y +# CONFIG_ACPI_REV_OVERRIDE_POSSIBLE is not set +# CONFIG_ACPI_EC_DEBUGFS is not set +# CONFIG_ACPI_AC is not set +# CONFIG_ACPI_BATTERY is not set +CONFIG_ACPI_BUTTON=y +# CONFIG_ACPI_FAN is not set +# CONFIG_ACPI_DOCK is not set +CONFIG_ACPI_CPU_FREQ_PSS=y +CONFIG_ACPI_PROCESSOR_CSTATE=y +CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_CPPC_LIB=y +CONFIG_ACPI_PROCESSOR=y +CONFIG_ACPI_HOTPLUG_CPU=y +# CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set +CONFIG_ACPI_THERMAL=y +CONFIG_ACPI_CUSTOM_DSDT_FILE="" +CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y +CONFIG_ACPI_TABLE_UPGRADE=y +# CONFIG_ACPI_DEBUG is not set +CONFIG_ACPI_PCI_SLOT=y +CONFIG_ACPI_CONTAINER=y +CONFIG_ACPI_HOTPLUG_MEMORY=y +CONFIG_ACPI_HOTPLUG_IOAPIC=y +# CONFIG_ACPI_SBS is not set +# CONFIG_ACPI_HED is not set +CONFIG_ACPI_NFIT=y +# CONFIG_NFIT_SECURITY_DEBUG is not set +CONFIG_ACPI_NUMA=y +# CONFIG_ACPI_HMAT is not set +CONFIG_HAVE_ACPI_APEI=y +CONFIG_HAVE_ACPI_APEI_NMI=y +# CONFIG_ACPI_APEI is not set +# CONFIG_ACPI_DPTF is not set +# CONFIG_ACPI_CONFIGFS is not set +# CONFIG_ACPI_PFRUT is not set +CONFIG_ACPI_PCC=y +# CONFIG_PMIC_OPREGION is not set +CONFIG_ACPI_VIOT=y +CONFIG_X86_PM_TIMER=y + +# +# CPU Frequency scaling +# +CONFIG_CPU_FREQ=y +CONFIG_CPU_FREQ_GOV_ATTR_SET=y +# CONFIG_CPU_FREQ_STAT is not set +CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y +# CONFIG_CPU_FREQ_DEFAULT_GOV_POWERSAVE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_USERSPACE is not set +# CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL is not set +CONFIG_CPU_FREQ_GOV_PERFORMANCE=y +# CONFIG_CPU_FREQ_GOV_POWERSAVE is not set +# CONFIG_CPU_FREQ_GOV_USERSPACE is not set +# CONFIG_CPU_FREQ_GOV_ONDEMAND is not set +# CONFIG_CPU_FREQ_GOV_CONSERVATIVE is not set +CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y + +# +# CPU frequency scaling drivers +# +CONFIG_X86_INTEL_PSTATE=y +# CONFIG_X86_PCC_CPUFREQ is not set +# CONFIG_X86_AMD_PSTATE is not set +# CONFIG_X86_AMD_PSTATE_UT is not set +# CONFIG_X86_ACPI_CPUFREQ is not set +# CONFIG_X86_SPEEDSTEP_CENTRINO is not set +# CONFIG_X86_P4_CLOCKMOD is not set + +# +# shared options +# +# end of CPU Frequency scaling + +# +# CPU Idle +# +CONFIG_CPU_IDLE=y +# CONFIG_CPU_IDLE_GOV_LADDER is not set +CONFIG_CPU_IDLE_GOV_MENU=y +# CONFIG_CPU_IDLE_GOV_TEO is not set +# CONFIG_CPU_IDLE_GOV_HALTPOLL is not set +# CONFIG_HALTPOLL_CPUIDLE is not set +# end of CPU Idle + +# CONFIG_INTEL_IDLE is not set +# end of Power management and ACPI options + +# +# Bus options (PCI etc.) +# +CONFIG_PCI_DIRECT=y +CONFIG_PCI_MMCONFIG=y +CONFIG_MMCONF_FAM10H=y +CONFIG_ISA_DMA_API=y +CONFIG_AMD_NB=y +# end of Bus options (PCI etc.) + +# +# Binary Emulations +# +# CONFIG_IA32_EMULATION is not set +# CONFIG_X86_X32_ABI is not set +# end of Binary Emulations + +CONFIG_HAVE_KVM=y +# CONFIG_VIRTUALIZATION is not set +CONFIG_AS_AVX512=y +CONFIG_AS_SHA1_NI=y +CONFIG_AS_SHA256_NI=y +CONFIG_AS_TPAUSE=y + +# +# General architecture-dependent options +# +CONFIG_HOTPLUG_SMT=y +CONFIG_GENERIC_ENTRY=y +# CONFIG_KPROBES is not set +# CONFIG_JUMP_LABEL is not set +# CONFIG_STATIC_CALL_SELFTEST is not set +CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS=y +CONFIG_ARCH_USE_BUILTIN_BSWAP=y +CONFIG_HAVE_IOREMAP_PROT=y +CONFIG_HAVE_KPROBES=y +CONFIG_HAVE_KRETPROBES=y +CONFIG_HAVE_OPTPROBES=y +CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_ARCH_CORRECT_STACKTRACE_ON_KRETPROBE=y +CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y +CONFIG_HAVE_NMI=y +CONFIG_TRACE_IRQFLAGS_SUPPORT=y +CONFIG_TRACE_IRQFLAGS_NMI_SUPPORT=y +CONFIG_HAVE_ARCH_TRACEHOOK=y +CONFIG_HAVE_DMA_CONTIGUOUS=y +CONFIG_GENERIC_SMP_IDLE_THREAD=y +CONFIG_ARCH_HAS_FORTIFY_SOURCE=y +CONFIG_ARCH_HAS_SET_MEMORY=y +CONFIG_ARCH_HAS_SET_DIRECT_MAP=y +CONFIG_HAVE_ARCH_THREAD_STRUCT_WHITELIST=y +CONFIG_ARCH_WANTS_DYNAMIC_TASK_STRUCT=y +CONFIG_ARCH_WANTS_NO_INSTR=y +CONFIG_HAVE_ASM_MODVERSIONS=y +CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y +CONFIG_HAVE_RSEQ=y +CONFIG_HAVE_RUST=y +CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y +CONFIG_HAVE_HW_BREAKPOINT=y +CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y +CONFIG_HAVE_USER_RETURN_NOTIFIER=y +CONFIG_HAVE_PERF_EVENTS_NMI=y +CONFIG_HAVE_HARDLOCKUP_DETECTOR_PERF=y +CONFIG_HAVE_PERF_REGS=y +CONFIG_HAVE_PERF_USER_STACK_DUMP=y +CONFIG_HAVE_ARCH_JUMP_LABEL=y +CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y +CONFIG_MMU_GATHER_TABLE_FREE=y +CONFIG_MMU_GATHER_RCU_TABLE_FREE=y +CONFIG_MMU_GATHER_MERGE_VMAS=y +CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y +CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y +CONFIG_HAVE_CMPXCHG_LOCAL=y +CONFIG_HAVE_CMPXCHG_DOUBLE=y +CONFIG_HAVE_ARCH_SECCOMP=y +CONFIG_HAVE_ARCH_SECCOMP_FILTER=y +CONFIG_SECCOMP=y +CONFIG_SECCOMP_FILTER=y +# CONFIG_SECCOMP_CACHE_DEBUG is not set +CONFIG_HAVE_ARCH_STACKLEAK=y +CONFIG_HAVE_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR=y +CONFIG_STACKPROTECTOR_STRONG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG=y +CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN=y +CONFIG_LTO_NONE=y +CONFIG_ARCH_SUPPORTS_CFI_CLANG=y +CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y +CONFIG_HAVE_CONTEXT_TRACKING_USER=y +CONFIG_HAVE_CONTEXT_TRACKING_USER_OFFSTACK=y +CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y +CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y +CONFIG_HAVE_MOVE_PUD=y +CONFIG_HAVE_MOVE_PMD=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y +CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y +CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_HUGE_VMALLOC=y +CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y +CONFIG_HAVE_ARCH_SOFT_DIRTY=y +CONFIG_HAVE_MOD_ARCH_SPECIFIC=y +CONFIG_MODULES_USE_ELF_RELA=y +CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y +CONFIG_HAVE_SOFTIRQ_ON_OWN_STACK=y +CONFIG_SOFTIRQ_ON_OWN_STACK=y +CONFIG_ARCH_HAS_ELF_RANDOMIZE=y +CONFIG_HAVE_ARCH_MMAP_RND_BITS=y +CONFIG_HAVE_EXIT_THREAD=y +CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_PAGE_SIZE_LESS_THAN_64KB=y +CONFIG_PAGE_SIZE_LESS_THAN_256KB=y +CONFIG_HAVE_OBJTOOL=y +CONFIG_HAVE_JUMP_LABEL_HACK=y +CONFIG_HAVE_NOINSTR_HACK=y +CONFIG_HAVE_NOINSTR_VALIDATION=y +CONFIG_HAVE_UACCESS_VALIDATION=y +CONFIG_HAVE_STACK_VALIDATION=y +CONFIG_HAVE_RELIABLE_STACKTRACE=y +# CONFIG_COMPAT_32BIT_TIME is not set +CONFIG_HAVE_ARCH_VMAP_STACK=y +CONFIG_VMAP_STACK=y +CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET=y +CONFIG_RANDOMIZE_KSTACK_OFFSET=y +# CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set +CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y +CONFIG_STRICT_KERNEL_RWX=y +CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y +CONFIG_STRICT_MODULE_RWX=y +CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y +CONFIG_ARCH_USE_MEMREMAP_PROT=y +CONFIG_ARCH_HAS_MEM_ENCRYPT=y +CONFIG_ARCH_HAS_CC_PLATFORM=y +CONFIG_HAVE_STATIC_CALL=y +CONFIG_HAVE_STATIC_CALL_INLINE=y +CONFIG_HAVE_PREEMPT_DYNAMIC=y +CONFIG_HAVE_PREEMPT_DYNAMIC_CALL=y +CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y +CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_SUPPORTS_PAGE_TABLE_CHECK=y +CONFIG_ARCH_HAS_ELFCORE_COMPAT=y +CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=y +CONFIG_DYNAMIC_SIGFRAME=y +CONFIG_HAVE_ARCH_NODE_DEV_GROUP=y +CONFIG_ARCH_HAS_NONLEAF_PMD_YOUNG=y + +# +# GCOV-based kernel profiling +# +CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y +# end of GCOV-based kernel profiling + +CONFIG_HAVE_GCC_PLUGINS=y +CONFIG_GCC_PLUGINS=y +# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set +# end of General architecture-dependent options + +CONFIG_RT_MUTEXES=y +CONFIG_BASE_SMALL=0 +CONFIG_MODULES=y +# CONFIG_MODULE_FORCE_LOAD is not set +# CONFIG_MODULE_UNLOAD is not set +# CONFIG_MODVERSIONS is not set +# CONFIG_MODULE_SRCVERSION_ALL is not set +# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_COMPRESS_NONE=y +# CONFIG_MODULE_COMPRESS_GZIP is not set +# CONFIG_MODULE_COMPRESS_XZ is not set +# CONFIG_MODULE_COMPRESS_ZSTD is not set +# CONFIG_MODULE_ALLOW_MISSING_NAMESPACE_IMPORTS is not set +CONFIG_MODPROBE_PATH="/sbin/modprobe" +CONFIG_MODULES_TREE_LOOKUP=y +CONFIG_BLOCK=y +CONFIG_BLOCK_LEGACY_AUTOLOAD=y +CONFIG_BLK_CGROUP_RWSTAT=y +CONFIG_BLK_DEV_BSG_COMMON=y +CONFIG_BLK_DEV_BSGLIB=y +CONFIG_BLK_DEV_INTEGRITY=y +CONFIG_BLK_DEV_INTEGRITY_T10=y +# CONFIG_BLK_DEV_ZONED is not set +CONFIG_BLK_DEV_THROTTLING=y +# CONFIG_BLK_DEV_THROTTLING_LOW is not set +# CONFIG_BLK_WBT is not set +# CONFIG_BLK_CGROUP_IOLATENCY is not set +# CONFIG_BLK_CGROUP_IOCOST is not set +# CONFIG_BLK_CGROUP_IOPRIO is not set +# CONFIG_BLK_SED_OPAL is not set +# CONFIG_BLK_INLINE_ENCRYPTION is not set + +# +# Partition Types +# +# CONFIG_PARTITION_ADVANCED is not set +CONFIG_MSDOS_PARTITION=y +CONFIG_EFI_PARTITION=y +# end of Partition Types + +CONFIG_BLK_MQ_PCI=y +CONFIG_BLK_MQ_VIRTIO=y +CONFIG_BLOCK_HOLDER_DEPRECATED=y +CONFIG_BLK_MQ_STACKING=y + +# +# IO Schedulers +# +# CONFIG_MQ_IOSCHED_DEADLINE is not set +# CONFIG_MQ_IOSCHED_KYBER is not set +# CONFIG_IOSCHED_BFQ is not set +# end of IO Schedulers + +CONFIG_ASN1=y +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y +CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y +CONFIG_MUTEX_SPIN_ON_OWNER=y +CONFIG_RWSEM_SPIN_ON_OWNER=y +CONFIG_LOCK_SPIN_ON_OWNER=y +CONFIG_ARCH_USE_QUEUED_SPINLOCKS=y +CONFIG_QUEUED_SPINLOCKS=y +CONFIG_ARCH_USE_QUEUED_RWLOCKS=y +CONFIG_QUEUED_RWLOCKS=y +CONFIG_ARCH_HAS_NON_OVERLAPPING_ADDRESS_SPACE=y +CONFIG_ARCH_HAS_SYNC_CORE_BEFORE_USERMODE=y +CONFIG_ARCH_HAS_SYSCALL_WRAPPER=y +CONFIG_FREEZER=y + +# +# Executable file formats +# +CONFIG_BINFMT_ELF=y +CONFIG_ELFCORE=y +CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y +CONFIG_BINFMT_SCRIPT=y +CONFIG_BINFMT_MISC=y +CONFIG_COREDUMP=y +# end of Executable file formats + +# +# Memory Management options +# +CONFIG_SWAP=y +# CONFIG_ZSWAP is not set + +# +# SLAB allocator options +# +# CONFIG_SLAB is not set +CONFIG_SLUB=y +# CONFIG_SLAB_MERGE_DEFAULT is not set +# CONFIG_SLAB_FREELIST_RANDOM is not set +# CONFIG_SLAB_FREELIST_HARDENED is not set +# CONFIG_SLUB_STATS is not set +CONFIG_SLUB_CPU_PARTIAL=y +# end of SLAB allocator options + +# CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set +# CONFIG_COMPAT_BRK is not set +CONFIG_SPARSEMEM=y +CONFIG_SPARSEMEM_EXTREME=y +CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y +CONFIG_SPARSEMEM_VMEMMAP=y +CONFIG_HAVE_FAST_GUP=y +CONFIG_NUMA_KEEP_MEMINFO=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_EXCLUSIVE_SYSTEM_RAM=y +CONFIG_HAVE_BOOTMEM_INFO_NODE=y +CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y +CONFIG_MEMORY_HOTPLUG=y +CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE=y +CONFIG_MEMORY_HOTREMOVE=y +CONFIG_MHP_MEMMAP_ON_MEMORY=y +CONFIG_SPLIT_PTLOCK_CPUS=4 +CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +CONFIG_BALLOON_COMPACTION=y +CONFIG_COMPACTION=y +CONFIG_COMPACT_UNEVICTABLE_DEFAULT=1 +CONFIG_PAGE_REPORTING=y +CONFIG_MIGRATION=y +CONFIG_DEVICE_MIGRATION=y +CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y +CONFIG_ARCH_ENABLE_THP_MIGRATION=y +CONFIG_CONTIG_ALLOC=y +CONFIG_PHYS_ADDR_T_64BIT=y +CONFIG_MMU_NOTIFIER=y +CONFIG_KSM=y +CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y +CONFIG_ARCH_WANTS_THP_SWAP=y +CONFIG_TRANSPARENT_HUGEPAGE=y +# CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS is not set +CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y +CONFIG_THP_SWAP=y +# CONFIG_READ_ONLY_THP_FOR_FS is not set +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_USE_PERCPU_NUMA_NODE_ID=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y +# CONFIG_CMA is not set +CONFIG_GENERIC_EARLY_IOREMAP=y +# CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set +# CONFIG_IDLE_PAGE_TRACKING is not set +CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_ARCH_HAS_CURRENT_STACK_POINTER=y +CONFIG_ARCH_HAS_PTE_DEVMAP=y +CONFIG_ZONE_DMA=y +CONFIG_ZONE_DMA32=y +CONFIG_ZONE_DEVICE=y +# CONFIG_DEVICE_PRIVATE is not set +CONFIG_VMAP_PFN=y +CONFIG_VM_EVENT_COUNTERS=y +# CONFIG_PERCPU_STATS is not set + +# +# GUP_TEST needs to have DEBUG_FS enabled +# +CONFIG_ARCH_HAS_PTE_SPECIAL=y +CONFIG_SECRETMEM=y +# CONFIG_ANON_VMA_NAME is not set +# CONFIG_USERFAULTFD is not set +# CONFIG_LRU_GEN is not set + +# +# Data Access Monitoring +# +# CONFIG_DAMON is not set +# end of Data Access Monitoring +# end of Memory Management options + +CONFIG_NET=y +CONFIG_NET_INGRESS=y +CONFIG_NET_EGRESS=y +CONFIG_SKB_EXTENSIONS=y + +# +# Networking options +# +CONFIG_PACKET=y +CONFIG_PACKET_DIAG=y +CONFIG_UNIX=y +CONFIG_UNIX_SCM=y +CONFIG_AF_UNIX_OOB=y +# CONFIG_UNIX_DIAG is not set +# CONFIG_TLS is not set +CONFIG_XFRM=y +CONFIG_XFRM_ALGO=y +CONFIG_XFRM_USER=y +# CONFIG_XFRM_INTERFACE is not set +CONFIG_XFRM_SUB_POLICY=y +# CONFIG_XFRM_MIGRATE is not set +# CONFIG_XFRM_STATISTICS is not set +# CONFIG_NET_KEY is not set +# CONFIG_XDP_SOCKETS is not set +CONFIG_INET=y +CONFIG_IP_MULTICAST=y +# CONFIG_IP_ADVANCED_ROUTER is not set +CONFIG_IP_ROUTE_CLASSID=y +CONFIG_IP_PNP=y +CONFIG_IP_PNP_DHCP=y +# CONFIG_IP_PNP_BOOTP is not set +# CONFIG_IP_PNP_RARP is not set +# CONFIG_NET_IPIP is not set +# CONFIG_NET_IPGRE_DEMUX is not set +# CONFIG_IP_MROUTE is not set +CONFIG_SYN_COOKIES=y +# CONFIG_NET_IPVTI is not set +# CONFIG_NET_FOU is not set +# CONFIG_INET_AH is not set +# CONFIG_INET_ESP is not set +# CONFIG_INET_IPCOMP is not set +# CONFIG_INET_DIAG is not set +CONFIG_TCP_CONG_ADVANCED=y +# CONFIG_TCP_CONG_BIC is not set +# CONFIG_TCP_CONG_CUBIC is not set +# CONFIG_TCP_CONG_WESTWOOD is not set +# CONFIG_TCP_CONG_HTCP is not set +# CONFIG_TCP_CONG_HSTCP is not set +# CONFIG_TCP_CONG_HYBLA is not set +# CONFIG_TCP_CONG_VEGAS is not set +# CONFIG_TCP_CONG_NV is not set +# CONFIG_TCP_CONG_SCALABLE is not set +# CONFIG_TCP_CONG_LP is not set +# CONFIG_TCP_CONG_VENO is not set +# CONFIG_TCP_CONG_YEAH is not set +# CONFIG_TCP_CONG_ILLINOIS is not set +# CONFIG_TCP_CONG_DCTCP is not set +# CONFIG_TCP_CONG_CDG is not set +CONFIG_TCP_CONG_BBR=y +CONFIG_DEFAULT_BBR=y +# CONFIG_DEFAULT_RENO is not set +CONFIG_DEFAULT_TCP_CONG="bbr" +CONFIG_TCP_MD5SIG=y +CONFIG_IPV6=y +# CONFIG_IPV6_ROUTER_PREF is not set +# CONFIG_IPV6_OPTIMISTIC_DAD is not set +# CONFIG_INET6_AH is not set +# CONFIG_INET6_ESP is not set +# CONFIG_INET6_IPCOMP is not set +# CONFIG_IPV6_MIP6 is not set +# CONFIG_IPV6_ILA is not set +# CONFIG_IPV6_VTI is not set +# CONFIG_IPV6_SIT is not set +# CONFIG_IPV6_TUNNEL is not set +CONFIG_IPV6_MULTIPLE_TABLES=y +# CONFIG_IPV6_SUBTREES is not set +# CONFIG_IPV6_MROUTE is not set +# CONFIG_IPV6_SEG6_LWTUNNEL is not set +# CONFIG_IPV6_SEG6_HMAC is not set +# CONFIG_IPV6_RPL_LWTUNNEL is not set +# CONFIG_IPV6_IOAM6_LWTUNNEL is not set +# CONFIG_NETLABEL is not set +# CONFIG_MPTCP is not set +# CONFIG_NETWORK_SECMARK is not set +CONFIG_NET_PTP_CLASSIFY=y +# CONFIG_NETWORK_PHY_TIMESTAMPING is not set +CONFIG_NETFILTER=y +CONFIG_NETFILTER_ADVANCED=y +# CONFIG_BRIDGE_NETFILTER is not set + +# +# Core Netfilter Configuration +# +CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_EGRESS=y +CONFIG_NETFILTER_NETLINK=y +CONFIG_NETFILTER_FAMILY_ARP=y +CONFIG_NETFILTER_NETLINK_ACCT=y +CONFIG_NETFILTER_NETLINK_QUEUE=y +CONFIG_NETFILTER_NETLINK_LOG=y +CONFIG_NETFILTER_NETLINK_OSF=y +CONFIG_NF_CONNTRACK=y +CONFIG_NF_LOG_SYSLOG=y +CONFIG_NETFILTER_CONNCOUNT=y +CONFIG_NF_CONNTRACK_MARK=y +CONFIG_NF_CONNTRACK_ZONES=y +# CONFIG_NF_CONNTRACK_PROCFS is not set +CONFIG_NF_CONNTRACK_EVENTS=y +CONFIG_NF_CONNTRACK_TIMEOUT=y +CONFIG_NF_CONNTRACK_TIMESTAMP=y +CONFIG_NF_CONNTRACK_LABELS=y +CONFIG_NF_CT_PROTO_DCCP=y +CONFIG_NF_CT_PROTO_GRE=y +CONFIG_NF_CT_PROTO_SCTP=y +CONFIG_NF_CT_PROTO_UDPLITE=y +CONFIG_NF_CONNTRACK_AMANDA=y +CONFIG_NF_CONNTRACK_FTP=y +CONFIG_NF_CONNTRACK_H323=y +CONFIG_NF_CONNTRACK_IRC=y +CONFIG_NF_CONNTRACK_BROADCAST=y +CONFIG_NF_CONNTRACK_NETBIOS_NS=y +CONFIG_NF_CONNTRACK_SNMP=y +CONFIG_NF_CONNTRACK_PPTP=y +CONFIG_NF_CONNTRACK_SANE=y +CONFIG_NF_CONNTRACK_SIP=y +CONFIG_NF_CONNTRACK_TFTP=y +CONFIG_NF_CT_NETLINK=y +CONFIG_NF_CT_NETLINK_TIMEOUT=y +CONFIG_NF_CT_NETLINK_HELPER=y +CONFIG_NETFILTER_NETLINK_GLUE_CT=y +CONFIG_NF_NAT=y +CONFIG_NF_NAT_AMANDA=y +CONFIG_NF_NAT_FTP=y +CONFIG_NF_NAT_IRC=y +CONFIG_NF_NAT_SIP=y +CONFIG_NF_NAT_TFTP=y +CONFIG_NF_NAT_REDIRECT=y +CONFIG_NF_NAT_MASQUERADE=y +CONFIG_NETFILTER_SYNPROXY=y +# CONFIG_NF_TABLES is not set +CONFIG_NETFILTER_XTABLES=y + +# +# Xtables combined modules +# +CONFIG_NETFILTER_XT_MARK=y +CONFIG_NETFILTER_XT_CONNMARK=y +CONFIG_NETFILTER_XT_SET=y + +# +# Xtables targets +# +CONFIG_NETFILTER_XT_TARGET_CHECKSUM=y +CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y +CONFIG_NETFILTER_XT_TARGET_CONNMARK=y +CONFIG_NETFILTER_XT_TARGET_CT=y +CONFIG_NETFILTER_XT_TARGET_DSCP=y +CONFIG_NETFILTER_XT_TARGET_HL=y +CONFIG_NETFILTER_XT_TARGET_HMARK=y +CONFIG_NETFILTER_XT_TARGET_IDLETIMER=y +CONFIG_NETFILTER_XT_TARGET_LOG=y +CONFIG_NETFILTER_XT_TARGET_MARK=y +CONFIG_NETFILTER_XT_NAT=y +CONFIG_NETFILTER_XT_TARGET_NETMAP=y +CONFIG_NETFILTER_XT_TARGET_NFLOG=y +CONFIG_NETFILTER_XT_TARGET_NFQUEUE=y +# CONFIG_NETFILTER_XT_TARGET_NOTRACK is not set +CONFIG_NETFILTER_XT_TARGET_RATEEST=y +CONFIG_NETFILTER_XT_TARGET_REDIRECT=y +CONFIG_NETFILTER_XT_TARGET_MASQUERADE=y +CONFIG_NETFILTER_XT_TARGET_TEE=y +CONFIG_NETFILTER_XT_TARGET_TPROXY=y +CONFIG_NETFILTER_XT_TARGET_TRACE=y +CONFIG_NETFILTER_XT_TARGET_TCPMSS=y +CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP=y + +# +# Xtables matches +# +CONFIG_NETFILTER_XT_MATCH_ADDRTYPE=y +CONFIG_NETFILTER_XT_MATCH_BPF=y +CONFIG_NETFILTER_XT_MATCH_CGROUP=y +CONFIG_NETFILTER_XT_MATCH_CLUSTER=y +CONFIG_NETFILTER_XT_MATCH_COMMENT=y +CONFIG_NETFILTER_XT_MATCH_CONNBYTES=y +CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y +CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y +CONFIG_NETFILTER_XT_MATCH_CONNMARK=y +CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y +CONFIG_NETFILTER_XT_MATCH_CPU=y +CONFIG_NETFILTER_XT_MATCH_DCCP=y +CONFIG_NETFILTER_XT_MATCH_DEVGROUP=y +CONFIG_NETFILTER_XT_MATCH_DSCP=y +CONFIG_NETFILTER_XT_MATCH_ECN=y +CONFIG_NETFILTER_XT_MATCH_ESP=y +CONFIG_NETFILTER_XT_MATCH_HASHLIMIT=y +CONFIG_NETFILTER_XT_MATCH_HELPER=y +CONFIG_NETFILTER_XT_MATCH_HL=y +CONFIG_NETFILTER_XT_MATCH_IPCOMP=y +CONFIG_NETFILTER_XT_MATCH_IPRANGE=y +CONFIG_NETFILTER_XT_MATCH_IPVS=y +CONFIG_NETFILTER_XT_MATCH_L2TP=y +CONFIG_NETFILTER_XT_MATCH_LENGTH=y +CONFIG_NETFILTER_XT_MATCH_LIMIT=y +CONFIG_NETFILTER_XT_MATCH_MAC=y +CONFIG_NETFILTER_XT_MATCH_MARK=y +CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y +CONFIG_NETFILTER_XT_MATCH_NFACCT=y +CONFIG_NETFILTER_XT_MATCH_OSF=y +CONFIG_NETFILTER_XT_MATCH_OWNER=y +CONFIG_NETFILTER_XT_MATCH_POLICY=y +CONFIG_NETFILTER_XT_MATCH_PKTTYPE=y +CONFIG_NETFILTER_XT_MATCH_QUOTA=y +CONFIG_NETFILTER_XT_MATCH_RATEEST=y +CONFIG_NETFILTER_XT_MATCH_REALM=y +CONFIG_NETFILTER_XT_MATCH_RECENT=y +CONFIG_NETFILTER_XT_MATCH_SCTP=y +# CONFIG_NETFILTER_XT_MATCH_SOCKET is not set +CONFIG_NETFILTER_XT_MATCH_STATE=y +CONFIG_NETFILTER_XT_MATCH_STATISTIC=y +CONFIG_NETFILTER_XT_MATCH_STRING=y +CONFIG_NETFILTER_XT_MATCH_TCPMSS=y +CONFIG_NETFILTER_XT_MATCH_TIME=y +CONFIG_NETFILTER_XT_MATCH_U32=y +# end of Core Netfilter Configuration + +CONFIG_IP_SET=y +CONFIG_IP_SET_MAX=256 +CONFIG_IP_SET_BITMAP_IP=y +CONFIG_IP_SET_BITMAP_IPMAC=y +CONFIG_IP_SET_BITMAP_PORT=y +CONFIG_IP_SET_HASH_IP=y +CONFIG_IP_SET_HASH_IPMARK=y +CONFIG_IP_SET_HASH_IPPORT=y +CONFIG_IP_SET_HASH_IPPORTIP=y +CONFIG_IP_SET_HASH_IPPORTNET=y +# CONFIG_IP_SET_HASH_IPMAC is not set +CONFIG_IP_SET_HASH_MAC=y +CONFIG_IP_SET_HASH_NETPORTNET=y +CONFIG_IP_SET_HASH_NET=y +CONFIG_IP_SET_HASH_NETNET=y +CONFIG_IP_SET_HASH_NETPORT=y +CONFIG_IP_SET_HASH_NETIFACE=y +CONFIG_IP_SET_LIST_SET=y +CONFIG_IP_VS=y +# CONFIG_IP_VS_IPV6 is not set +# CONFIG_IP_VS_DEBUG is not set +CONFIG_IP_VS_TAB_BITS=12 + +# +# IPVS transport protocol load balancing support +# +CONFIG_IP_VS_PROTO_TCP=y +CONFIG_IP_VS_PROTO_UDP=y +CONFIG_IP_VS_PROTO_AH_ESP=y +CONFIG_IP_VS_PROTO_ESP=y +CONFIG_IP_VS_PROTO_AH=y +CONFIG_IP_VS_PROTO_SCTP=y + +# +# IPVS scheduler +# +CONFIG_IP_VS_RR=y +CONFIG_IP_VS_WRR=y +CONFIG_IP_VS_LC=y +CONFIG_IP_VS_WLC=y +CONFIG_IP_VS_FO=y +CONFIG_IP_VS_OVF=y +CONFIG_IP_VS_LBLC=y +CONFIG_IP_VS_LBLCR=y +CONFIG_IP_VS_DH=y +CONFIG_IP_VS_SH=y +# CONFIG_IP_VS_MH is not set +CONFIG_IP_VS_SED=y +CONFIG_IP_VS_NQ=y +# CONFIG_IP_VS_TWOS is not set + +# +# IPVS SH scheduler +# +CONFIG_IP_VS_SH_TAB_BITS=8 + +# +# IPVS MH scheduler +# +CONFIG_IP_VS_MH_TAB_INDEX=12 + +# +# IPVS application helper +# +CONFIG_IP_VS_FTP=y +CONFIG_IP_VS_NFCT=y +CONFIG_IP_VS_PE_SIP=y + +# +# IP: Netfilter Configuration +# +CONFIG_NF_DEFRAG_IPV4=y +# CONFIG_NF_SOCKET_IPV4 is not set +CONFIG_NF_TPROXY_IPV4=y +CONFIG_NF_DUP_IPV4=y +# CONFIG_NF_LOG_ARP is not set +CONFIG_NF_LOG_IPV4=y +CONFIG_NF_REJECT_IPV4=y +CONFIG_NF_NAT_SNMP_BASIC=y +CONFIG_NF_NAT_PPTP=y +CONFIG_NF_NAT_H323=y +CONFIG_IP_NF_IPTABLES=y +CONFIG_IP_NF_MATCH_AH=y +CONFIG_IP_NF_MATCH_ECN=y +CONFIG_IP_NF_MATCH_RPFILTER=y +CONFIG_IP_NF_MATCH_TTL=y +CONFIG_IP_NF_FILTER=y +CONFIG_IP_NF_TARGET_REJECT=y +CONFIG_IP_NF_TARGET_SYNPROXY=y +CONFIG_IP_NF_NAT=y +CONFIG_IP_NF_TARGET_MASQUERADE=y +CONFIG_IP_NF_TARGET_NETMAP=y +CONFIG_IP_NF_TARGET_REDIRECT=y +CONFIG_IP_NF_MANGLE=y +CONFIG_IP_NF_TARGET_CLUSTERIP=y +CONFIG_IP_NF_TARGET_ECN=y +CONFIG_IP_NF_TARGET_TTL=y +CONFIG_IP_NF_RAW=y +CONFIG_IP_NF_SECURITY=y +CONFIG_IP_NF_ARPTABLES=y +CONFIG_IP_NF_ARPFILTER=y +CONFIG_IP_NF_ARP_MANGLE=y +# end of IP: Netfilter Configuration + +# +# IPv6: Netfilter Configuration +# +# CONFIG_NF_SOCKET_IPV6 is not set +# CONFIG_NF_TPROXY_IPV6 is not set +CONFIG_NF_DUP_IPV6=y +# CONFIG_NF_REJECT_IPV6 is not set +CONFIG_NF_LOG_IPV6=y +# CONFIG_IP6_NF_IPTABLES is not set +# end of IPv6: Netfilter Configuration + +CONFIG_NF_DEFRAG_IPV6=y +# CONFIG_NF_CONNTRACK_BRIDGE is not set +# CONFIG_BRIDGE_NF_EBTABLES is not set +# CONFIG_BPFILTER is not set +# CONFIG_IP_DCCP is not set +# CONFIG_IP_SCTP is not set +# CONFIG_RDS is not set +# CONFIG_TIPC is not set +# CONFIG_ATM is not set +# CONFIG_L2TP is not set +CONFIG_STP=y +CONFIG_BRIDGE=y +CONFIG_BRIDGE_IGMP_SNOOPING=y +# CONFIG_BRIDGE_MRP is not set +# CONFIG_BRIDGE_CFM is not set +# CONFIG_NET_DSA is not set +# CONFIG_VLAN_8021Q is not set +CONFIG_LLC=y +# CONFIG_LLC2 is not set +# CONFIG_ATALK is not set +# CONFIG_X25 is not set +# CONFIG_LAPB is not set +# CONFIG_PHONET is not set +# CONFIG_6LOWPAN is not set +# CONFIG_IEEE802154 is not set +CONFIG_NET_SCHED=y + +# +# Queueing/Scheduling +# +CONFIG_NET_SCH_CBQ=y +# CONFIG_NET_SCH_HTB is not set +# CONFIG_NET_SCH_HFSC is not set +# CONFIG_NET_SCH_PRIO is not set +CONFIG_NET_SCH_MULTIQ=y +# CONFIG_NET_SCH_RED is not set +# CONFIG_NET_SCH_SFB is not set +# CONFIG_NET_SCH_SFQ is not set +# CONFIG_NET_SCH_TEQL is not set +# CONFIG_NET_SCH_TBF is not set +# CONFIG_NET_SCH_CBS is not set +# CONFIG_NET_SCH_ETF is not set +# CONFIG_NET_SCH_TAPRIO is not set +# CONFIG_NET_SCH_GRED is not set +# CONFIG_NET_SCH_DSMARK is not set +# CONFIG_NET_SCH_NETEM is not set +# CONFIG_NET_SCH_DRR is not set +# CONFIG_NET_SCH_MQPRIO is not set +# CONFIG_NET_SCH_SKBPRIO is not set +# CONFIG_NET_SCH_CHOKE is not set +# CONFIG_NET_SCH_QFQ is not set +# CONFIG_NET_SCH_CODEL is not set +CONFIG_NET_SCH_FQ_CODEL=y +# CONFIG_NET_SCH_CAKE is not set +CONFIG_NET_SCH_FQ=y +# CONFIG_NET_SCH_HHF is not set +# CONFIG_NET_SCH_PIE is not set +# CONFIG_NET_SCH_PLUG is not set +# CONFIG_NET_SCH_ETS is not set +# CONFIG_NET_SCH_DEFAULT is not set + +# +# Classification +# +CONFIG_NET_CLS=y +# CONFIG_NET_CLS_BASIC is not set +# CONFIG_NET_CLS_TCINDEX is not set +# CONFIG_NET_CLS_ROUTE4 is not set +# CONFIG_NET_CLS_FW is not set +# CONFIG_NET_CLS_U32 is not set +# CONFIG_NET_CLS_RSVP is not set +# CONFIG_NET_CLS_RSVP6 is not set +# CONFIG_NET_CLS_FLOW is not set +CONFIG_NET_CLS_CGROUP=y +# CONFIG_NET_CLS_BPF is not set +# CONFIG_NET_CLS_FLOWER is not set +# CONFIG_NET_CLS_MATCHALL is not set +CONFIG_NET_EMATCH=y +CONFIG_NET_EMATCH_STACK=32 +# CONFIG_NET_EMATCH_CMP is not set +# CONFIG_NET_EMATCH_NBYTE is not set +# CONFIG_NET_EMATCH_U32 is not set +# CONFIG_NET_EMATCH_META is not set +# CONFIG_NET_EMATCH_TEXT is not set +# CONFIG_NET_EMATCH_IPSET is not set +# CONFIG_NET_EMATCH_IPT is not set +# CONFIG_NET_CLS_ACT is not set +CONFIG_NET_SCH_FIFO=y +# CONFIG_DCB is not set +# CONFIG_BATMAN_ADV is not set +# CONFIG_OPENVSWITCH is not set +CONFIG_VSOCKETS=y +# CONFIG_VSOCKETS_DIAG is not set +# CONFIG_VSOCKETS_LOOPBACK is not set +CONFIG_VIRTIO_VSOCKETS=y +CONFIG_VIRTIO_VSOCKETS_COMMON=y +# CONFIG_HYPERV_VSOCKETS is not set +# CONFIG_NETLINK_DIAG is not set +# CONFIG_MPLS is not set +# CONFIG_NET_NSH is not set +# CONFIG_HSR is not set +CONFIG_NET_SWITCHDEV=y +# CONFIG_NET_L3_MASTER_DEV is not set +# CONFIG_QRTR is not set +# CONFIG_NET_NCSI is not set +# CONFIG_PCPU_DEV_REFCNT is not set +CONFIG_RPS=y +CONFIG_RFS_ACCEL=y +CONFIG_SOCK_RX_QUEUE_MAPPING=y +CONFIG_XPS=y +CONFIG_CGROUP_NET_PRIO=y +CONFIG_CGROUP_NET_CLASSID=y +CONFIG_NET_RX_BUSY_POLL=y +CONFIG_BQL=y +# CONFIG_BPF_STREAM_PARSER is not set +CONFIG_NET_FLOW_LIMIT=y + +# +# Network testing +# +# CONFIG_NET_PKTGEN is not set +# end of Network testing +# end of Networking options + +# CONFIG_HAMRADIO is not set +# CONFIG_CAN is not set +# CONFIG_BT is not set +# CONFIG_AF_RXRPC is not set +# CONFIG_AF_KCM is not set +# CONFIG_MCTP is not set +CONFIG_FIB_RULES=y +# CONFIG_WIRELESS is not set +# CONFIG_RFKILL is not set +CONFIG_NET_9P=y +CONFIG_NET_9P_FD=y +CONFIG_NET_9P_VIRTIO=y +# CONFIG_NET_9P_DEBUG is not set +# CONFIG_CAIF is not set +# CONFIG_CEPH_LIB is not set +# CONFIG_NFC is not set +# CONFIG_PSAMPLE is not set +# CONFIG_NET_IFE is not set +# CONFIG_LWTUNNEL is not set +CONFIG_GRO_CELLS=y +CONFIG_NET_SOCK_MSG=y +CONFIG_PAGE_POOL=y +# CONFIG_PAGE_POOL_STATS is not set +CONFIG_FAILOVER=y +# CONFIG_ETHTOOL_NETLINK is not set + +# +# Device Drivers +# +CONFIG_HAVE_EISA=y +# CONFIG_EISA is not set +CONFIG_HAVE_PCI=y +CONFIG_PCI=y +CONFIG_PCI_DOMAINS=y +CONFIG_PCIEPORTBUS=y +CONFIG_HOTPLUG_PCI_PCIE=y +# CONFIG_PCIEAER is not set +CONFIG_PCIEASPM=y +CONFIG_PCIEASPM_DEFAULT=y +# CONFIG_PCIEASPM_POWERSAVE is not set +# CONFIG_PCIEASPM_POWER_SUPERSAVE is not set +# CONFIG_PCIEASPM_PERFORMANCE is not set +# CONFIG_PCIE_PTM is not set +CONFIG_PCI_MSI=y +CONFIG_PCI_MSI_IRQ_DOMAIN=y +CONFIG_PCI_QUIRKS=y +# CONFIG_PCI_DEBUG is not set +# CONFIG_PCI_STUB is not set +CONFIG_PCI_ATS=y +CONFIG_PCI_LOCKLESS_CONFIG=y +# CONFIG_PCI_IOV is not set +CONFIG_PCI_PRI=y +CONFIG_PCI_PASID=y +# CONFIG_PCI_P2PDMA is not set +CONFIG_PCI_LABEL=y +# CONFIG_PCI_HYPERV is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 +CONFIG_HOTPLUG_PCI=y +CONFIG_HOTPLUG_PCI_ACPI=y +# CONFIG_HOTPLUG_PCI_ACPI_IBM is not set +# CONFIG_HOTPLUG_PCI_CPCI is not set +CONFIG_HOTPLUG_PCI_SHPC=y + +# +# PCI controller drivers +# +# CONFIG_VMD is not set +# CONFIG_PCI_HYPERV_INTERFACE is not set + +# +# DesignWare PCI Core Support +# +# CONFIG_PCIE_DW_PLAT_HOST is not set +# CONFIG_PCI_MESON is not set +# end of DesignWare PCI Core Support + +# +# Mobiveil PCIe Core Support +# +# end of Mobiveil PCIe Core Support + +# +# Cadence PCIe controllers support +# +# end of Cadence PCIe controllers support +# end of PCI controller drivers + +# +# PCI Endpoint +# +# CONFIG_PCI_ENDPOINT is not set +# end of PCI Endpoint + +# +# PCI switch controller drivers +# +# CONFIG_PCI_SW_SWITCHTEC is not set +# end of PCI switch controller drivers + +# CONFIG_CXL_BUS is not set +# CONFIG_PCCARD is not set +# CONFIG_RAPIDIO is not set + +# +# Generic Driver Options +# +# CONFIG_UEVENT_HELPER is not set +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +# CONFIG_DEVTMPFS_SAFE is not set +# CONFIG_STANDALONE is not set +# CONFIG_PREVENT_FIRMWARE_BUILD is not set + +# +# Firmware loader +# +CONFIG_FW_LOADER=y +CONFIG_EXTRA_FIRMWARE="" +# CONFIG_FW_LOADER_USER_HELPER is not set +# CONFIG_FW_LOADER_COMPRESS is not set +# CONFIG_FW_UPLOAD is not set +# end of Firmware loader + +CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set +# CONFIG_TEST_ASYNC_DRIVER_PROBE is not set +CONFIG_GENERIC_CPU_AUTOPROBE=y +CONFIG_GENERIC_CPU_VULNERABILITIES=y +# end of Generic Driver Options + +# +# Bus devices +# +# CONFIG_MHI_BUS is not set +# CONFIG_MHI_BUS_EP is not set +# end of Bus devices + +# CONFIG_CONNECTOR is not set + +# +# Firmware Drivers +# + +# +# ARM System Control and Management Interface Protocol +# +# end of ARM System Control and Management Interface Protocol + +# CONFIG_EDD is not set +CONFIG_FIRMWARE_MEMMAP=y +CONFIG_DMIID=y +CONFIG_DMI_SYSFS=y +CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y +# CONFIG_ISCSI_IBFT is not set +# CONFIG_FW_CFG_SYSFS is not set +# CONFIG_SYSFB_SIMPLEFB is not set +# CONFIG_GOOGLE_FIRMWARE is not set + +# +# Tegra firmware driver +# +# end of Tegra firmware driver +# end of Firmware Drivers + +# CONFIG_GNSS is not set +# CONFIG_MTD is not set +# CONFIG_OF is not set +CONFIG_ARCH_MIGHT_HAVE_PC_PARPORT=y +# CONFIG_PARPORT is not set +CONFIG_PNP=y +# CONFIG_PNP_DEBUG_MESSAGES is not set + +# +# Protocols +# +CONFIG_PNPACPI=y +CONFIG_BLK_DEV=y +# CONFIG_BLK_DEV_NULL_BLK is not set +# CONFIG_BLK_DEV_FD is not set +# CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set +CONFIG_BLK_DEV_LOOP=y +CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 +# CONFIG_BLK_DEV_DRBD is not set +# CONFIG_BLK_DEV_NBD is not set +CONFIG_BLK_DEV_RAM=y +CONFIG_BLK_DEV_RAM_COUNT=16 +CONFIG_BLK_DEV_RAM_SIZE=16384 +# CONFIG_CDROM_PKTCDVD is not set +# CONFIG_ATA_OVER_ETH is not set +CONFIG_VIRTIO_BLK=y +# CONFIG_BLK_DEV_RBD is not set +# CONFIG_BLK_DEV_UBLK is not set + +# +# NVME Support +# +# CONFIG_BLK_DEV_NVME is not set +# CONFIG_NVME_FC is not set +# CONFIG_NVME_TCP is not set +# end of NVME Support + +# +# Misc devices +# +# CONFIG_DUMMY_IRQ is not set +# CONFIG_IBM_ASM is not set +# CONFIG_PHANTOM is not set +# CONFIG_TIFM_CORE is not set +# CONFIG_ENCLOSURE_SERVICES is not set +# CONFIG_HP_ILO is not set +# CONFIG_SRAM is not set +# CONFIG_DW_XDATA_PCIE is not set +# CONFIG_PCI_ENDPOINT_TEST is not set +# CONFIG_XILINX_SDFEC is not set +# CONFIG_C2PORT is not set + +# +# EEPROM support +# +# CONFIG_EEPROM_93CX6 is not set +# end of EEPROM support + +# CONFIG_CB710_CORE is not set + +# +# Texas Instruments shared transport line discipline +# +# end of Texas Instruments shared transport line discipline + +# +# Altera FPGA firmware download module (requires I2C) +# +# CONFIG_INTEL_MEI is not set +# CONFIG_INTEL_MEI_ME is not set +# CONFIG_INTEL_MEI_TXE is not set +# CONFIG_VMWARE_VMCI is not set +# CONFIG_GENWQE is not set +# CONFIG_ECHO is not set +# CONFIG_BCM_VK is not set +# CONFIG_MISC_ALCOR_PCI is not set +# CONFIG_MISC_RTSX_PCI is not set +# CONFIG_HABANA_AI is not set +# CONFIG_UACCE is not set +# CONFIG_PVPANIC is not set +# end of Misc devices + +# +# SCSI device support +# +CONFIG_SCSI_MOD=y +# CONFIG_RAID_ATTRS is not set +CONFIG_SCSI_COMMON=y +CONFIG_SCSI=y +CONFIG_SCSI_DMA=y +# CONFIG_SCSI_PROC_FS is not set + +# +# SCSI support type (disk, tape, CD-ROM) +# +CONFIG_BLK_DEV_SD=y +# CONFIG_CHR_DEV_ST is not set +# CONFIG_BLK_DEV_SR is not set +# CONFIG_CHR_DEV_SG is not set +CONFIG_BLK_DEV_BSG=y +# CONFIG_CHR_DEV_SCH is not set +# CONFIG_SCSI_CONSTANTS is not set +# CONFIG_SCSI_LOGGING is not set +# CONFIG_SCSI_SCAN_ASYNC is not set + +# +# SCSI Transports +# +# CONFIG_SCSI_SPI_ATTRS is not set +# CONFIG_SCSI_FC_ATTRS is not set +# CONFIG_SCSI_ISCSI_ATTRS is not set +# CONFIG_SCSI_SAS_ATTRS is not set +# CONFIG_SCSI_SAS_LIBSAS is not set +# CONFIG_SCSI_SRP_ATTRS is not set +# end of SCSI Transports + +CONFIG_SCSI_LOWLEVEL=y +# CONFIG_ISCSI_TCP is not set +# CONFIG_ISCSI_BOOT_SYSFS is not set +# CONFIG_SCSI_CXGB3_ISCSI is not set +# CONFIG_SCSI_CXGB4_ISCSI is not set +# CONFIG_SCSI_BNX2_ISCSI is not set +# CONFIG_BE2ISCSI is not set +# CONFIG_BLK_DEV_3W_XXXX_RAID is not set +# CONFIG_SCSI_HPSA is not set +# CONFIG_SCSI_3W_9XXX is not set +# CONFIG_SCSI_3W_SAS is not set +# CONFIG_SCSI_ACARD is not set +# CONFIG_SCSI_AACRAID is not set +# CONFIG_SCSI_AIC7XXX is not set +# CONFIG_SCSI_AIC79XX is not set +# CONFIG_SCSI_AIC94XX is not set +# CONFIG_SCSI_MVSAS is not set +# CONFIG_SCSI_MVUMI is not set +# CONFIG_SCSI_ADVANSYS is not set +# CONFIG_SCSI_ARCMSR is not set +# CONFIG_SCSI_ESAS2R is not set +# CONFIG_MEGARAID_NEWGEN is not set +# CONFIG_MEGARAID_LEGACY is not set +# CONFIG_MEGARAID_SAS is not set +# CONFIG_SCSI_MPT3SAS is not set +# CONFIG_SCSI_MPT2SAS is not set +# CONFIG_SCSI_MPI3MR is not set +# CONFIG_SCSI_SMARTPQI is not set +# CONFIG_SCSI_HPTIOP is not set +# CONFIG_SCSI_BUSLOGIC is not set +# CONFIG_SCSI_MYRB is not set +# CONFIG_SCSI_MYRS is not set +# CONFIG_VMWARE_PVSCSI is not set +# CONFIG_HYPERV_STORAGE is not set +# CONFIG_SCSI_SNIC is not set +# CONFIG_SCSI_DMX3191D is not set +# CONFIG_SCSI_FDOMAIN_PCI is not set +# CONFIG_SCSI_ISCI is not set +# CONFIG_SCSI_IPS is not set +# CONFIG_SCSI_INITIO is not set +# CONFIG_SCSI_INIA100 is not set +# CONFIG_SCSI_STEX is not set +# CONFIG_SCSI_SYM53C8XX_2 is not set +# CONFIG_SCSI_QLOGIC_1280 is not set +# CONFIG_SCSI_QLA_ISCSI is not set +# CONFIG_SCSI_DC395x is not set +# CONFIG_SCSI_AM53C974 is not set +# CONFIG_SCSI_WD719X is not set +# CONFIG_SCSI_DEBUG is not set +# CONFIG_SCSI_PMCRAID is not set +# CONFIG_SCSI_PM8001 is not set +CONFIG_SCSI_VIRTIO=y +# CONFIG_SCSI_DH is not set +# end of SCSI device support + +# CONFIG_ATA is not set +CONFIG_MD=y +# CONFIG_BLK_DEV_MD is not set +# CONFIG_BCACHE is not set +CONFIG_BLK_DEV_DM_BUILTIN=y +CONFIG_BLK_DEV_DM=y +# CONFIG_DM_DEBUG is not set +CONFIG_DM_BUFIO=y +# CONFIG_DM_DEBUG_BLOCK_MANAGER_LOCKING is not set +# CONFIG_DM_UNSTRIPED is not set +# CONFIG_DM_CRYPT is not set +# CONFIG_DM_SNAPSHOT is not set +# CONFIG_DM_THIN_PROVISIONING is not set +# CONFIG_DM_CACHE is not set +# CONFIG_DM_WRITECACHE is not set +# CONFIG_DM_EBS is not set +# CONFIG_DM_ERA is not set +# CONFIG_DM_CLONE is not set +# CONFIG_DM_MIRROR is not set +# CONFIG_DM_RAID is not set +# CONFIG_DM_ZERO is not set +# CONFIG_DM_MULTIPATH is not set +# CONFIG_DM_DELAY is not set +# CONFIG_DM_DUST is not set +CONFIG_DM_INIT=y +# CONFIG_DM_UEVENT is not set +# CONFIG_DM_FLAKEY is not set +CONFIG_DM_VERITY=y +# CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG is not set +# CONFIG_DM_VERITY_FEC is not set +# CONFIG_DM_SWITCH is not set +# CONFIG_DM_LOG_WRITES is not set +# CONFIG_DM_INTEGRITY is not set +# CONFIG_TARGET_CORE is not set +# CONFIG_FUSION is not set + +# +# IEEE 1394 (FireWire) support +# +# CONFIG_FIREWIRE is not set +# CONFIG_FIREWIRE_NOSY is not set +# end of IEEE 1394 (FireWire) support + +# CONFIG_MACINTOSH_DRIVERS is not set +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +# CONFIG_BONDING is not set +# CONFIG_DUMMY is not set +# CONFIG_WIREGUARD is not set +# CONFIG_EQUALIZER is not set +# CONFIG_NET_FC is not set +# CONFIG_NET_TEAM is not set +# CONFIG_MACVLAN is not set +# CONFIG_IPVLAN is not set +# CONFIG_VXLAN is not set +# CONFIG_GENEVE is not set +# CONFIG_BAREUDP is not set +# CONFIG_GTP is not set +# CONFIG_AMT is not set +# CONFIG_MACSEC is not set +# CONFIG_NETCONSOLE is not set +# CONFIG_TUN is not set +# CONFIG_TUN_VNET_CROSS_LE is not set +CONFIG_VETH=y +CONFIG_VIRTIO_NET=y +# CONFIG_NLMON is not set +# CONFIG_ARCNET is not set +CONFIG_ETHERNET=y +# CONFIG_NET_VENDOR_3COM is not set +# CONFIG_NET_VENDOR_ADAPTEC is not set +# CONFIG_NET_VENDOR_AGERE is not set +# CONFIG_NET_VENDOR_ALACRITECH is not set +# CONFIG_NET_VENDOR_ALTEON is not set +# CONFIG_ALTERA_TSE is not set +# CONFIG_NET_VENDOR_AMAZON is not set +# CONFIG_NET_VENDOR_AMD is not set +# CONFIG_NET_VENDOR_AQUANTIA is not set +# CONFIG_NET_VENDOR_ARC is not set +CONFIG_NET_VENDOR_ASIX=y +# CONFIG_NET_VENDOR_ATHEROS is not set +# CONFIG_CX_ECAT is not set +# CONFIG_NET_VENDOR_BROADCOM is not set +# CONFIG_NET_VENDOR_CADENCE is not set +# CONFIG_NET_VENDOR_CAVIUM is not set +# CONFIG_NET_VENDOR_CHELSIO is not set +# CONFIG_NET_VENDOR_CISCO is not set +# CONFIG_NET_VENDOR_CORTINA is not set +CONFIG_NET_VENDOR_DAVICOM=y +# CONFIG_DNET is not set +# CONFIG_NET_VENDOR_DEC is not set +# CONFIG_NET_VENDOR_DLINK is not set +# CONFIG_NET_VENDOR_EMULEX is not set +CONFIG_NET_VENDOR_ENGLEDER=y +# CONFIG_TSNEP is not set +# CONFIG_NET_VENDOR_EZCHIP is not set +CONFIG_NET_VENDOR_FUNGIBLE=y +# CONFIG_FUN_ETH is not set +# CONFIG_NET_VENDOR_GOOGLE is not set +# CONFIG_NET_VENDOR_HUAWEI is not set +# CONFIG_NET_VENDOR_I825XX is not set +CONFIG_NET_VENDOR_INTEL=y +# CONFIG_E100 is not set +# CONFIG_E1000 is not set +# CONFIG_E1000E is not set +# CONFIG_IGB is not set +# CONFIG_IGBVF is not set +# CONFIG_IXGB is not set +# CONFIG_IXGBE is not set +# CONFIG_IXGBEVF is not set +# CONFIG_I40E is not set +# CONFIG_I40EVF is not set +# CONFIG_ICE is not set +# CONFIG_FM10K is not set +# CONFIG_IGC is not set +CONFIG_NET_VENDOR_WANGXUN=y +# CONFIG_NGBE is not set +# CONFIG_TXGBE is not set +# CONFIG_JME is not set +# CONFIG_NET_VENDOR_LITEX is not set +# CONFIG_NET_VENDOR_MARVELL is not set +# CONFIG_NET_VENDOR_MELLANOX is not set +# CONFIG_NET_VENDOR_MICREL is not set +# CONFIG_NET_VENDOR_MICROCHIP is not set +# CONFIG_NET_VENDOR_MICROSEMI is not set +# CONFIG_NET_VENDOR_MICROSOFT is not set +# CONFIG_NET_VENDOR_MYRI is not set +# CONFIG_FEALNX is not set +# CONFIG_NET_VENDOR_NI is not set +# CONFIG_NET_VENDOR_NATSEMI is not set +# CONFIG_NET_VENDOR_NETERION is not set +# CONFIG_NET_VENDOR_NETRONOME is not set +# CONFIG_NET_VENDOR_NVIDIA is not set +# CONFIG_NET_VENDOR_OKI is not set +# CONFIG_ETHOC is not set +# CONFIG_NET_VENDOR_PACKET_ENGINES is not set +# CONFIG_NET_VENDOR_PENSANDO is not set +# CONFIG_NET_VENDOR_QLOGIC is not set +# CONFIG_NET_VENDOR_BROCADE is not set +# CONFIG_NET_VENDOR_QUALCOMM is not set +# CONFIG_NET_VENDOR_RDC is not set +# CONFIG_NET_VENDOR_REALTEK is not set +# CONFIG_NET_VENDOR_RENESAS is not set +# CONFIG_NET_VENDOR_ROCKER is not set +# CONFIG_NET_VENDOR_SAMSUNG is not set +# CONFIG_NET_VENDOR_SEEQ is not set +# CONFIG_NET_VENDOR_SILAN is not set +# CONFIG_NET_VENDOR_SIS is not set +# CONFIG_NET_VENDOR_SOLARFLARE is not set +# CONFIG_NET_VENDOR_SMSC is not set +# CONFIG_NET_VENDOR_SOCIONEXT is not set +# CONFIG_NET_VENDOR_STMICRO is not set +# CONFIG_NET_VENDOR_SUN is not set +# CONFIG_NET_VENDOR_SYNOPSYS is not set +# CONFIG_NET_VENDOR_TEHUTI is not set +# CONFIG_NET_VENDOR_TI is not set +CONFIG_NET_VENDOR_VERTEXCOM=y +# CONFIG_NET_VENDOR_VIA is not set +# CONFIG_NET_VENDOR_WIZNET is not set +# CONFIG_NET_VENDOR_XILINX is not set +# CONFIG_FDDI is not set +# CONFIG_HIPPI is not set +# CONFIG_NET_SB1000 is not set +# CONFIG_PHYLIB is not set +# CONFIG_PSE_CONTROLLER is not set +# CONFIG_MDIO_DEVICE is not set + +# +# PCS device drivers +# +# end of PCS device drivers + +# CONFIG_PPP is not set +# CONFIG_SLIP is not set + +# +# Host-side USB support is needed for USB Network Adapter support +# +# CONFIG_WLAN is not set +# CONFIG_WAN is not set + +# +# Wireless WAN +# +# CONFIG_WWAN is not set +# end of Wireless WAN + +# CONFIG_VMXNET3 is not set +# CONFIG_FUJITSU_ES is not set +# CONFIG_HYPERV_NET is not set +CONFIG_NET_FAILOVER=y +# CONFIG_ISDN is not set + +# +# Input device support +# +CONFIG_INPUT=y +# CONFIG_INPUT_FF_MEMLESS is not set +# CONFIG_INPUT_SPARSEKMAP is not set +# CONFIG_INPUT_MATRIXKMAP is not set + +# +# Userland interfaces +# +# CONFIG_INPUT_MOUSEDEV is not set +# CONFIG_INPUT_JOYDEV is not set +# CONFIG_INPUT_EVDEV is not set +# CONFIG_INPUT_EVBUG is not set + +# +# Input Device Drivers +# +# CONFIG_INPUT_KEYBOARD is not set +# CONFIG_INPUT_MOUSE is not set +# CONFIG_INPUT_JOYSTICK is not set +# CONFIG_INPUT_TABLET is not set +# CONFIG_INPUT_TOUCHSCREEN is not set +# CONFIG_INPUT_MISC is not set +# CONFIG_RMI4_CORE is not set + +# +# Hardware I/O ports +# +# CONFIG_SERIO is not set +CONFIG_ARCH_MIGHT_HAVE_PC_SERIO=y +# CONFIG_GAMEPORT is not set +# end of Hardware I/O ports +# end of Input device support + +# +# Character devices +# +CONFIG_TTY=y +CONFIG_VT=y +CONFIG_CONSOLE_TRANSLATIONS=y +CONFIG_VT_CONSOLE=y +CONFIG_HW_CONSOLE=y +# CONFIG_VT_HW_CONSOLE_BINDING is not set +CONFIG_UNIX98_PTYS=y +# CONFIG_LEGACY_PTYS is not set +# CONFIG_LDISC_AUTOLOAD is not set + +# +# Serial drivers +# +CONFIG_SERIAL_EARLYCON=y +CONFIG_SERIAL_8250=y +# CONFIG_SERIAL_8250_DEPRECATED_OPTIONS is not set +CONFIG_SERIAL_8250_PNP=y +# CONFIG_SERIAL_8250_16550A_VARIANTS is not set +# CONFIG_SERIAL_8250_FINTEK is not set +CONFIG_SERIAL_8250_CONSOLE=y +CONFIG_SERIAL_8250_PCI=y +# CONFIG_SERIAL_8250_EXAR is not set +CONFIG_SERIAL_8250_NR_UARTS=4 +CONFIG_SERIAL_8250_RUNTIME_UARTS=4 +# CONFIG_SERIAL_8250_EXTENDED is not set +# CONFIG_SERIAL_8250_DW is not set +# CONFIG_SERIAL_8250_RT288X is not set +# CONFIG_SERIAL_8250_LPSS is not set +# CONFIG_SERIAL_8250_MID is not set +CONFIG_SERIAL_8250_PERICOM=y + +# +# Non-8250 serial port support +# +# CONFIG_SERIAL_UARTLITE is not set +CONFIG_SERIAL_CORE=y +CONFIG_SERIAL_CORE_CONSOLE=y +# CONFIG_SERIAL_JSM is not set +# CONFIG_SERIAL_LANTIQ is not set +# CONFIG_SERIAL_SCCNXP is not set +# CONFIG_SERIAL_ALTERA_JTAGUART is not set +# CONFIG_SERIAL_ALTERA_UART is not set +# CONFIG_SERIAL_ARC is not set +# CONFIG_SERIAL_RP2 is not set +# CONFIG_SERIAL_FSL_LPUART is not set +# CONFIG_SERIAL_FSL_LINFLEXUART is not set +# CONFIG_SERIAL_SPRD is not set +# end of Serial drivers + +# CONFIG_SERIAL_NONSTANDARD is not set +# CONFIG_N_GSM is not set +# CONFIG_NOZOMI is not set +# CONFIG_NULL_TTY is not set +CONFIG_HVC_DRIVER=y +# CONFIG_SERIAL_DEV_BUS is not set +CONFIG_VIRTIO_CONSOLE=y +# CONFIG_IPMI_HANDLER is not set +CONFIG_HW_RANDOM=y +# CONFIG_HW_RANDOM_TIMERIOMEM is not set +# CONFIG_HW_RANDOM_INTEL is not set +# CONFIG_HW_RANDOM_AMD is not set +# CONFIG_HW_RANDOM_BA431 is not set +# CONFIG_HW_RANDOM_VIA is not set +CONFIG_HW_RANDOM_VIRTIO=y +# CONFIG_HW_RANDOM_XIPHERA is not set +# CONFIG_APPLICOM is not set +# CONFIG_MWAVE is not set +# CONFIG_DEVMEM is not set +# CONFIG_NVRAM is not set +# CONFIG_DEVPORT is not set +# CONFIG_HPET is not set +# CONFIG_HANGCHECK_TIMER is not set +# CONFIG_TCG_TPM is not set +# CONFIG_TELCLOCK is not set +# CONFIG_XILLYBUS is not set +# CONFIG_RANDOM_TRUST_CPU is not set +# CONFIG_RANDOM_TRUST_BOOTLOADER is not set +# end of Character devices + +# +# I2C support +# +# CONFIG_I2C is not set +# end of I2C support + +# CONFIG_I3C is not set +# CONFIG_SPI is not set +# CONFIG_SPMI is not set +# CONFIG_HSI is not set +CONFIG_PPS=y +# CONFIG_PPS_DEBUG is not set + +# +# PPS clients support +# +# CONFIG_PPS_CLIENT_KTIMER is not set +# CONFIG_PPS_CLIENT_LDISC is not set +# CONFIG_PPS_CLIENT_GPIO is not set + +# +# PPS generators support +# + +# +# PTP clock support +# +CONFIG_PTP_1588_CLOCK=y +CONFIG_PTP_1588_CLOCK_OPTIONAL=y + +# +# Enable PHYLIB and NETWORK_PHY_TIMESTAMPING to see the additional clocks. +# +CONFIG_PTP_1588_CLOCK_KVM=y +# CONFIG_PTP_1588_CLOCK_VMW is not set +# end of PTP clock support + +# CONFIG_PINCTRL is not set +# CONFIG_GPIOLIB is not set +# CONFIG_W1 is not set +# CONFIG_POWER_RESET is not set +# CONFIG_POWER_SUPPLY is not set +# CONFIG_HWMON is not set +CONFIG_THERMAL=y +# CONFIG_THERMAL_NETLINK is not set +# CONFIG_THERMAL_STATISTICS is not set +CONFIG_THERMAL_EMERGENCY_POWEROFF_DELAY_MS=0 +# CONFIG_THERMAL_WRITABLE_TRIPS is not set +CONFIG_THERMAL_DEFAULT_GOV_STEP_WISE=y +# CONFIG_THERMAL_DEFAULT_GOV_FAIR_SHARE is not set +# CONFIG_THERMAL_DEFAULT_GOV_USER_SPACE is not set +# CONFIG_THERMAL_GOV_FAIR_SHARE is not set +CONFIG_THERMAL_GOV_STEP_WISE=y +# CONFIG_THERMAL_GOV_BANG_BANG is not set +# CONFIG_THERMAL_GOV_USER_SPACE is not set +# CONFIG_THERMAL_EMULATION is not set + +# +# Intel thermal drivers +# +# CONFIG_INTEL_POWERCLAMP is not set +CONFIG_X86_THERMAL_VECTOR=y +# CONFIG_X86_PKG_TEMP_THERMAL is not set +# CONFIG_INTEL_SOC_DTS_THERMAL is not set + +# +# ACPI INT340X thermal drivers +# +# CONFIG_INT340X_THERMAL is not set +# end of ACPI INT340X thermal drivers + +# CONFIG_INTEL_PCH_THERMAL is not set +# CONFIG_INTEL_TCC_COOLING is not set +# CONFIG_INTEL_MENLOW is not set +# CONFIG_INTEL_HFI_THERMAL is not set +# end of Intel thermal drivers + +CONFIG_WATCHDOG=y +CONFIG_WATCHDOG_CORE=y +# CONFIG_WATCHDOG_NOWAYOUT is not set +CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y +CONFIG_WATCHDOG_OPEN_TIMEOUT=0 +# CONFIG_WATCHDOG_SYSFS is not set +# CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT is not set + +# +# Watchdog Pretimeout Governors +# +# CONFIG_WATCHDOG_PRETIMEOUT_GOV is not set + +# +# Watchdog Device Drivers +# +# CONFIG_SOFT_WATCHDOG is not set +# CONFIG_WDAT_WDT is not set +# CONFIG_XILINX_WATCHDOG is not set +# CONFIG_CADENCE_WATCHDOG is not set +# CONFIG_DW_WATCHDOG is not set +# CONFIG_MAX63XX_WATCHDOG is not set +# CONFIG_ACQUIRE_WDT is not set +# CONFIG_ADVANTECH_WDT is not set +# CONFIG_ALIM1535_WDT is not set +# CONFIG_ALIM7101_WDT is not set +# CONFIG_EBC_C384_WDT is not set +# CONFIG_EXAR_WDT is not set +# CONFIG_F71808E_WDT is not set +# CONFIG_SP5100_TCO is not set +# CONFIG_SBC_FITPC2_WATCHDOG is not set +# CONFIG_EUROTECH_WDT is not set +# CONFIG_IB700_WDT is not set +# CONFIG_IBMASR is not set +# CONFIG_WAFER_WDT is not set +# CONFIG_I6300ESB_WDT is not set +# CONFIG_IE6XX_WDT is not set +# CONFIG_ITCO_WDT is not set +# CONFIG_IT8712F_WDT is not set +# CONFIG_IT87_WDT is not set +# CONFIG_HP_WATCHDOG is not set +# CONFIG_SC1200_WDT is not set +# CONFIG_PC87413_WDT is not set +# CONFIG_NV_TCO is not set +# CONFIG_60XX_WDT is not set +# CONFIG_CPU5_WDT is not set +# CONFIG_SMSC_SCH311X_WDT is not set +# CONFIG_SMSC37B787_WDT is not set +# CONFIG_TQMX86_WDT is not set +# CONFIG_VIA_WDT is not set +# CONFIG_W83627HF_WDT is not set +# CONFIG_W83877F_WDT is not set +# CONFIG_W83977F_WDT is not set +# CONFIG_MACHZ_WDT is not set +# CONFIG_SBC_EPX_C3_WATCHDOG is not set +# CONFIG_NI903X_WDT is not set +# CONFIG_NIC7018_WDT is not set + +# +# PCI-based Watchdog Cards +# +# CONFIG_PCIPCWATCHDOG is not set +# CONFIG_WDTPCI is not set +CONFIG_SSB_POSSIBLE=y +# CONFIG_SSB is not set +CONFIG_BCMA_POSSIBLE=y +# CONFIG_BCMA is not set + +# +# Multifunction device drivers +# +# CONFIG_MFD_MADERA is not set +# CONFIG_HTC_PASIC3 is not set +# CONFIG_MFD_INTEL_QUARK_I2C_GPIO is not set +# CONFIG_LPC_ICH is not set +# CONFIG_LPC_SCH is not set +# CONFIG_MFD_INTEL_LPSS_ACPI is not set +# CONFIG_MFD_INTEL_LPSS_PCI is not set +# CONFIG_MFD_JANZ_CMODIO is not set +# CONFIG_MFD_KEMPLD is not set +# CONFIG_MFD_MT6397 is not set +# CONFIG_MFD_RDC321X is not set +# CONFIG_MFD_SM501 is not set +# CONFIG_MFD_SYSCON is not set +# CONFIG_MFD_TI_AM335X_TSCADC is not set +# CONFIG_MFD_TQMX86 is not set +# CONFIG_MFD_VX855 is not set +# end of Multifunction device drivers + +# CONFIG_REGULATOR is not set +# CONFIG_RC_CORE is not set + +# +# CEC support +# +# CONFIG_MEDIA_CEC_SUPPORT is not set +# end of CEC support + +# CONFIG_MEDIA_SUPPORT is not set + +# +# Graphics support +# +CONFIG_APERTURE_HELPERS=y +# CONFIG_AGP is not set +# CONFIG_VGA_SWITCHEROO is not set +# CONFIG_DRM is not set + +# +# ARM devices +# +# end of ARM devices + +# +# Frame buffer Devices +# +# CONFIG_FB is not set +# end of Frame buffer Devices + +# +# Backlight & LCD device support +# +# CONFIG_LCD_CLASS_DEVICE is not set +# CONFIG_BACKLIGHT_CLASS_DEVICE is not set +# end of Backlight & LCD device support + +# +# Console display driver support +# +CONFIG_VGA_CONSOLE=y +CONFIG_DUMMY_CONSOLE=y +CONFIG_DUMMY_CONSOLE_COLUMNS=80 +CONFIG_DUMMY_CONSOLE_ROWS=25 +# end of Console display driver support +# end of Graphics support + +# CONFIG_SOUND is not set + +# +# HID support +# +# CONFIG_HID is not set + +# +# Intel ISH HID support +# +# CONFIG_INTEL_ISH_HID is not set +# end of Intel ISH HID support +# end of HID support + +CONFIG_USB_OHCI_LITTLE_ENDIAN=y +# CONFIG_USB_SUPPORT is not set +# CONFIG_MMC is not set +# CONFIG_SCSI_UFSHCD is not set +# CONFIG_MEMSTICK is not set +# CONFIG_NEW_LEDS is not set +# CONFIG_ACCESSIBILITY is not set +# CONFIG_INFINIBAND is not set +CONFIG_EDAC_ATOMIC_SCRUB=y +CONFIG_EDAC_SUPPORT=y +CONFIG_RTC_LIB=y +CONFIG_RTC_MC146818_LIB=y +# CONFIG_RTC_CLASS is not set +# CONFIG_DMADEVICES is not set + +# +# DMABUF options +# +# CONFIG_SYNC_FILE is not set +# CONFIG_DMABUF_HEAPS is not set +# end of DMABUF options + +# CONFIG_AUXDISPLAY is not set +# CONFIG_UIO is not set +CONFIG_VFIO=y +CONFIG_VFIO_IOMMU_TYPE1=y +CONFIG_VFIO_VIRQFD=y +# CONFIG_VFIO_NOIOMMU is not set +CONFIG_VFIO_PCI_CORE=y +CONFIG_VFIO_PCI_MMAP=y +CONFIG_VFIO_PCI_INTX=y +CONFIG_VFIO_PCI=y +# CONFIG_VFIO_PCI_VGA is not set +# CONFIG_VFIO_PCI_IGD is not set +# CONFIG_VFIO_MDEV is not set +CONFIG_IRQ_BYPASS_MANAGER=y +CONFIG_VIRT_DRIVERS=y +CONFIG_VMGENID=y +# CONFIG_VBOXGUEST is not set +# CONFIG_NITRO_ENCLAVES is not set +CONFIG_SEV_GUEST=y +CONFIG_VIRTIO_ANCHOR=y +CONFIG_VIRTIO=y +CONFIG_VIRTIO_PCI_LIB=y +CONFIG_VIRTIO_PCI_LIB_LEGACY=y +CONFIG_VIRTIO_MENU=y +CONFIG_VIRTIO_PCI=y +CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_PMEM=y +CONFIG_VIRTIO_BALLOON=y +CONFIG_VIRTIO_MEM=y +# CONFIG_VIRTIO_INPUT is not set +CONFIG_VIRTIO_MMIO=y +CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y +# CONFIG_VDPA is not set +# CONFIG_VHOST_MENU is not set + +# +# Microsoft Hyper-V guest support +# +CONFIG_HYPERV=y +CONFIG_HYPERV_TIMER=y +# CONFIG_HYPERV_BALLOON is not set +# end of Microsoft Hyper-V guest support + +# CONFIG_GREYBUS is not set +# CONFIG_COMEDI is not set +# CONFIG_STAGING is not set +# CONFIG_CHROME_PLATFORMS is not set +# CONFIG_MELLANOX_PLATFORM is not set +# CONFIG_SURFACE_PLATFORMS is not set +# CONFIG_X86_PLATFORM_DEVICES is not set +# CONFIG_P2SB is not set +CONFIG_HAVE_CLK=y +CONFIG_HAVE_CLK_PREPARE=y +CONFIG_COMMON_CLK=y +# CONFIG_XILINX_VCU is not set +# CONFIG_HWSPINLOCK is not set + +# +# Clock Source drivers +# +CONFIG_CLKEVT_I8253=y +CONFIG_I8253_LOCK=y +CONFIG_CLKBLD_I8253=y +# end of Clock Source drivers + +CONFIG_MAILBOX=y +CONFIG_PCC=y +# CONFIG_ALTERA_MBOX is not set +CONFIG_IOMMU_IOVA=y +CONFIG_IOASID=y +CONFIG_IOMMU_API=y +CONFIG_IOMMU_SUPPORT=y + +# +# Generic IOMMU Pagetable Support +# +CONFIG_IOMMU_IO_PGTABLE=y +# end of Generic IOMMU Pagetable Support + +# CONFIG_IOMMU_DEFAULT_DMA_STRICT is not set +CONFIG_IOMMU_DEFAULT_DMA_LAZY=y +# CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set +CONFIG_IOMMU_DMA=y +CONFIG_AMD_IOMMU=y +CONFIG_AMD_IOMMU_V2=y +CONFIG_DMAR_TABLE=y +CONFIG_INTEL_IOMMU=y +# CONFIG_INTEL_IOMMU_SVM is not set +# CONFIG_INTEL_IOMMU_DEFAULT_ON is not set +CONFIG_INTEL_IOMMU_FLOPPY_WA=y +# CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON is not set +CONFIG_IRQ_REMAP=y +CONFIG_HYPERV_IOMMU=y +CONFIG_VIRTIO_IOMMU=y + +# +# Remoteproc drivers +# +# CONFIG_REMOTEPROC is not set +# end of Remoteproc drivers + +# +# Rpmsg drivers +# +# CONFIG_RPMSG_QCOM_GLINK_RPM is not set +# CONFIG_RPMSG_VIRTIO is not set +# end of Rpmsg drivers + +# CONFIG_SOUNDWIRE is not set + +# +# SOC (System On Chip) specific Drivers +# + +# +# Amlogic SoC drivers +# +# end of Amlogic SoC drivers + +# +# Broadcom SoC drivers +# +# end of Broadcom SoC drivers + +# +# NXP/Freescale QorIQ SoC drivers +# +# end of NXP/Freescale QorIQ SoC drivers + +# +# fujitsu SoC drivers +# +# end of fujitsu SoC drivers + +# +# i.MX SoC drivers +# +# end of i.MX SoC drivers + +# +# Enable LiteX SoC Builder specific drivers +# +# end of Enable LiteX SoC Builder specific drivers + +# +# Qualcomm SoC drivers +# +# end of Qualcomm SoC drivers + +# CONFIG_SOC_TI is not set + +# +# Xilinx SoC drivers +# +# end of Xilinx SoC drivers +# end of SOC (System On Chip) specific Drivers + +# CONFIG_PM_DEVFREQ is not set +# CONFIG_EXTCON is not set +# CONFIG_MEMORY is not set +# CONFIG_IIO is not set +# CONFIG_NTB is not set +# CONFIG_PWM is not set + +# +# IRQ chip support +# +# end of IRQ chip support + +# CONFIG_IPACK_BUS is not set +# CONFIG_RESET_CONTROLLER is not set + +# +# PHY Subsystem +# +# CONFIG_GENERIC_PHY is not set +# CONFIG_PHY_CAN_TRANSCEIVER is not set + +# +# PHY drivers for Broadcom platforms +# +# CONFIG_BCM_KONA_USB2_PHY is not set +# end of PHY drivers for Broadcom platforms + +# CONFIG_PHY_PXA_28NM_HSIC is not set +# CONFIG_PHY_PXA_28NM_USB2 is not set +# CONFIG_PHY_INTEL_LGM_EMMC is not set +# end of PHY Subsystem + +# CONFIG_POWERCAP is not set +# CONFIG_MCB is not set + +# +# Performance monitor support +# +# end of Performance monitor support + +# CONFIG_RAS is not set +# CONFIG_USB4 is not set + +# +# Android +# +# CONFIG_ANDROID_BINDER_IPC is not set +# end of Android + +CONFIG_LIBNVDIMM=y +CONFIG_BLK_DEV_PMEM=y +CONFIG_ND_CLAIM=y +CONFIG_ND_BTT=y +CONFIG_BTT=y +CONFIG_ND_PFN=y +CONFIG_NVDIMM_PFN=y +CONFIG_NVDIMM_DAX=y +CONFIG_DAX=y +# CONFIG_DEV_DAX is not set +CONFIG_NVMEM=y +# CONFIG_NVMEM_SYSFS is not set +# CONFIG_NVMEM_RMEM is not set + +# +# HW tracing support +# +# CONFIG_STM is not set +# CONFIG_INTEL_TH is not set +# end of HW tracing support + +# CONFIG_FPGA is not set +# CONFIG_TEE is not set +# CONFIG_SIOX is not set +# CONFIG_SLIMBUS is not set +# CONFIG_INTERCONNECT is not set +# CONFIG_COUNTER is not set +# CONFIG_PECI is not set +# CONFIG_HTE is not set +# end of Device Drivers + +# +# File systems +# +CONFIG_DCACHE_WORD_ACCESS=y +# CONFIG_VALIDATE_FS_PARSER is not set +CONFIG_FS_IOMAP=y +# CONFIG_EXT2_FS is not set +# CONFIG_EXT3_FS is not set +CONFIG_EXT4_FS=y +CONFIG_EXT4_USE_FOR_EXT2=y +CONFIG_EXT4_FS_POSIX_ACL=y +CONFIG_EXT4_FS_SECURITY=y +# CONFIG_EXT4_DEBUG is not set +CONFIG_JBD2=y +# CONFIG_JBD2_DEBUG is not set +CONFIG_FS_MBCACHE=y +# CONFIG_REISERFS_FS is not set +# CONFIG_JFS_FS is not set +CONFIG_XFS_FS=y +# CONFIG_XFS_SUPPORT_V4 is not set +# CONFIG_XFS_QUOTA is not set +# CONFIG_XFS_POSIX_ACL is not set +# CONFIG_XFS_RT is not set +# CONFIG_XFS_ONLINE_SCRUB is not set +# CONFIG_XFS_WARN is not set +# CONFIG_XFS_DEBUG is not set +# CONFIG_GFS2_FS is not set +# CONFIG_BTRFS_FS is not set +# CONFIG_NILFS2_FS is not set +# CONFIG_F2FS_FS is not set +CONFIG_FS_DAX=y +CONFIG_FS_DAX_PMD=y +CONFIG_FS_POSIX_ACL=y +CONFIG_EXPORTFS=y +CONFIG_EXPORTFS_BLOCK_OPS=y +CONFIG_FILE_LOCKING=y +# CONFIG_FS_ENCRYPTION is not set +# CONFIG_FS_VERITY is not set +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +CONFIG_FANOTIFY=y +# CONFIG_FANOTIFY_ACCESS_PERMISSIONS is not set +# CONFIG_QUOTA is not set +CONFIG_AUTOFS4_FS=y +CONFIG_AUTOFS_FS=y +CONFIG_FUSE_FS=y +# CONFIG_CUSE is not set +CONFIG_VIRTIO_FS=y +CONFIG_FUSE_DAX=y +CONFIG_OVERLAY_FS=y +CONFIG_OVERLAY_FS_REDIRECT_DIR=y +# CONFIG_OVERLAY_FS_REDIRECT_ALWAYS_FOLLOW is not set +CONFIG_OVERLAY_FS_INDEX=y +CONFIG_OVERLAY_FS_XINO_AUTO=y +CONFIG_OVERLAY_FS_METACOPY=y + +# +# Caches +# +CONFIG_NETFS_SUPPORT=y +# CONFIG_NETFS_STATS is not set +# CONFIG_FSCACHE is not set +# end of Caches + +# +# CD-ROM/DVD Filesystems +# +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +CONFIG_ZISOFS=y +# CONFIG_UDF_FS is not set +# end of CD-ROM/DVD Filesystems + +# +# DOS/FAT/EXFAT/NT Filesystems +# +CONFIG_FAT_FS=y +CONFIG_MSDOS_FS=y +CONFIG_VFAT_FS=y +CONFIG_FAT_DEFAULT_CODEPAGE=437 +CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" +# CONFIG_FAT_DEFAULT_UTF8 is not set +# CONFIG_EXFAT_FS is not set +# CONFIG_NTFS_FS is not set +# CONFIG_NTFS3_FS is not set +# end of DOS/FAT/EXFAT/NT Filesystems + +# +# Pseudo filesystems +# +CONFIG_PROC_FS=y +# CONFIG_PROC_KCORE is not set +CONFIG_PROC_SYSCTL=y +CONFIG_PROC_PAGE_MONITOR=y +# CONFIG_PROC_CHILDREN is not set +CONFIG_PROC_PID_ARCH_STATUS=y +CONFIG_KERNFS=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +# CONFIG_TMPFS_POSIX_ACL is not set +# CONFIG_TMPFS_XATTR is not set +# CONFIG_TMPFS_INODE64 is not set +CONFIG_HUGETLBFS=y +CONFIG_HUGETLB_PAGE=y +CONFIG_ARCH_WANT_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y +CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y +# CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON is not set +CONFIG_MEMFD_CREATE=y +CONFIG_ARCH_HAS_GIGANTIC_PAGE=y +# CONFIG_CONFIGFS_FS is not set +# end of Pseudo filesystems + +# CONFIG_MISC_FILESYSTEMS is not set +CONFIG_NETWORK_FILESYSTEMS=y +# CONFIG_NFS_FS is not set +# CONFIG_NFSD is not set +# CONFIG_CEPH_FS is not set +# CONFIG_CIFS is not set +# CONFIG_SMB_SERVER is not set +# CONFIG_CODA_FS is not set +# CONFIG_AFS_FS is not set +CONFIG_9P_FS=y +CONFIG_9P_FS_POSIX_ACL=y +CONFIG_9P_FS_SECURITY=y +CONFIG_NLS=y +CONFIG_NLS_DEFAULT="utf8" +CONFIG_NLS_CODEPAGE_437=y +CONFIG_NLS_CODEPAGE_737=y +CONFIG_NLS_CODEPAGE_775=y +CONFIG_NLS_CODEPAGE_850=y +CONFIG_NLS_CODEPAGE_852=y +CONFIG_NLS_CODEPAGE_855=y +CONFIG_NLS_CODEPAGE_857=y +CONFIG_NLS_CODEPAGE_860=y +CONFIG_NLS_CODEPAGE_861=y +CONFIG_NLS_CODEPAGE_862=y +CONFIG_NLS_CODEPAGE_863=y +CONFIG_NLS_CODEPAGE_864=y +CONFIG_NLS_CODEPAGE_865=y +CONFIG_NLS_CODEPAGE_866=y +CONFIG_NLS_CODEPAGE_869=y +CONFIG_NLS_CODEPAGE_936=y +CONFIG_NLS_CODEPAGE_950=y +CONFIG_NLS_CODEPAGE_932=y +CONFIG_NLS_CODEPAGE_949=y +CONFIG_NLS_CODEPAGE_874=y +CONFIG_NLS_ISO8859_8=y +CONFIG_NLS_CODEPAGE_1250=y +CONFIG_NLS_CODEPAGE_1251=y +CONFIG_NLS_ASCII=y +CONFIG_NLS_ISO8859_1=y +CONFIG_NLS_ISO8859_2=y +CONFIG_NLS_ISO8859_3=y +CONFIG_NLS_ISO8859_4=y +CONFIG_NLS_ISO8859_5=y +CONFIG_NLS_ISO8859_6=y +CONFIG_NLS_ISO8859_7=y +CONFIG_NLS_ISO8859_9=y +CONFIG_NLS_ISO8859_13=y +CONFIG_NLS_ISO8859_14=y +CONFIG_NLS_ISO8859_15=y +CONFIG_NLS_KOI8_R=y +CONFIG_NLS_KOI8_U=y +CONFIG_NLS_MAC_ROMAN=y +CONFIG_NLS_MAC_CELTIC=y +CONFIG_NLS_MAC_CENTEURO=y +CONFIG_NLS_MAC_CROATIAN=y +CONFIG_NLS_MAC_CYRILLIC=y +CONFIG_NLS_MAC_GAELIC=y +CONFIG_NLS_MAC_GREEK=y +CONFIG_NLS_MAC_ICELAND=y +CONFIG_NLS_MAC_INUIT=y +CONFIG_NLS_MAC_ROMANIAN=y +CONFIG_NLS_MAC_TURKISH=y +CONFIG_NLS_UTF8=y +# CONFIG_UNICODE is not set +CONFIG_IO_WQ=y +# end of File systems + +# +# Security options +# +# CONFIG_KEYS is not set +# CONFIG_SECURITY_DMESG_RESTRICT is not set +CONFIG_SECURITY=y +# CONFIG_SECURITYFS is not set +# CONFIG_SECURITY_NETWORK is not set +# CONFIG_SECURITY_PATH is not set +# CONFIG_INTEL_TXT is not set +CONFIG_HAVE_HARDENED_USERCOPY_ALLOCATOR=y +# CONFIG_HARDENED_USERCOPY is not set +# CONFIG_FORTIFY_SOURCE is not set +# CONFIG_STATIC_USERMODEHELPER is not set +# CONFIG_SECURITY_SMACK is not set +# CONFIG_SECURITY_TOMOYO is not set +# CONFIG_SECURITY_APPARMOR is not set +# CONFIG_SECURITY_LOADPIN is not set +# CONFIG_SECURITY_YAMA is not set +# CONFIG_SECURITY_SAFESETID is not set +# CONFIG_SECURITY_LOCKDOWN_LSM is not set +# CONFIG_SECURITY_LANDLOCK is not set +# CONFIG_INTEGRITY is not set +CONFIG_DEFAULT_SECURITY_DAC=y +CONFIG_LSM="landlock,lockdown,yama,loadpin,safesetid,integrity,bpf" + +# +# Kernel hardening options +# + +# +# Memory initialization +# +CONFIG_INIT_STACK_NONE=y +# CONFIG_GCC_PLUGIN_STRUCTLEAK_USER is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF is not set +# CONFIG_GCC_PLUGIN_STRUCTLEAK_BYREF_ALL is not set +# CONFIG_GCC_PLUGIN_STACKLEAK is not set +# CONFIG_INIT_ON_ALLOC_DEFAULT_ON is not set +# CONFIG_INIT_ON_FREE_DEFAULT_ON is not set +CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y +# CONFIG_ZERO_CALL_USED_REGS is not set +# end of Memory initialization + +CONFIG_RANDSTRUCT_NONE=y +# CONFIG_RANDSTRUCT_FULL is not set +# CONFIG_RANDSTRUCT_PERFORMANCE is not set +# end of Kernel hardening options +# end of Security options + +CONFIG_CRYPTO=y + +# +# Crypto core or helper +# +CONFIG_CRYPTO_ALGAPI=y +CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y +CONFIG_CRYPTO_SKCIPHER=y +CONFIG_CRYPTO_SKCIPHER2=y +CONFIG_CRYPTO_HASH=y +CONFIG_CRYPTO_HASH2=y +CONFIG_CRYPTO_RNG=y +CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_KPP2=y +CONFIG_CRYPTO_ACOMP2=y +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y +# CONFIG_CRYPTO_USER is not set +# CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set +# CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is not set +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y +# CONFIG_CRYPTO_PCRYPT is not set +# CONFIG_CRYPTO_CRYPTD is not set +# CONFIG_CRYPTO_AUTHENC is not set +# CONFIG_CRYPTO_TEST is not set +# end of Crypto core or helper + +# +# Public-key cryptography +# +# CONFIG_CRYPTO_RSA is not set +# CONFIG_CRYPTO_DH is not set +# CONFIG_CRYPTO_ECDH is not set +# CONFIG_CRYPTO_ECDSA is not set +# CONFIG_CRYPTO_ECRDSA is not set +# CONFIG_CRYPTO_SM2 is not set +# CONFIG_CRYPTO_CURVE25519 is not set +# end of Public-key cryptography + +# +# Block ciphers +# +CONFIG_CRYPTO_AES=y +# CONFIG_CRYPTO_AES_TI is not set +# CONFIG_CRYPTO_ARIA is not set +# CONFIG_CRYPTO_BLOWFISH is not set +# CONFIG_CRYPTO_CAMELLIA is not set +# CONFIG_CRYPTO_CAST5 is not set +# CONFIG_CRYPTO_CAST6 is not set +# CONFIG_CRYPTO_DES is not set +# CONFIG_CRYPTO_FCRYPT is not set +# CONFIG_CRYPTO_SERPENT is not set +# CONFIG_CRYPTO_SM4_GENERIC is not set +# CONFIG_CRYPTO_TWOFISH is not set +# end of Block ciphers + +# +# Length-preserving ciphers and modes +# +# CONFIG_CRYPTO_ADIANTUM is not set +# CONFIG_CRYPTO_CHACHA20 is not set +# CONFIG_CRYPTO_CBC is not set +# CONFIG_CRYPTO_CFB is not set +CONFIG_CRYPTO_CTR=y +# CONFIG_CRYPTO_CTS is not set +# CONFIG_CRYPTO_ECB is not set +# CONFIG_CRYPTO_HCTR2 is not set +# CONFIG_CRYPTO_KEYWRAP is not set +# CONFIG_CRYPTO_LRW is not set +# CONFIG_CRYPTO_OFB is not set +# CONFIG_CRYPTO_PCBC is not set +# CONFIG_CRYPTO_XTS is not set +# end of Length-preserving ciphers and modes + +# +# AEAD (authenticated encryption with associated data) ciphers +# +# CONFIG_CRYPTO_AEGIS128 is not set +# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +# CONFIG_CRYPTO_CCM is not set +CONFIG_CRYPTO_GCM=y +# CONFIG_CRYPTO_SEQIV is not set +# CONFIG_CRYPTO_ECHAINIV is not set +# CONFIG_CRYPTO_ESSIV is not set +# end of AEAD (authenticated encryption with associated data) ciphers + +# +# Hashes, digests, and MACs +# +# CONFIG_CRYPTO_BLAKE2B is not set +# CONFIG_CRYPTO_CMAC is not set +CONFIG_CRYPTO_GHASH=y +# CONFIG_CRYPTO_HMAC is not set +# CONFIG_CRYPTO_MD4 is not set +CONFIG_CRYPTO_MD5=y +# CONFIG_CRYPTO_MICHAEL_MIC is not set +# CONFIG_CRYPTO_POLY1305 is not set +# CONFIG_CRYPTO_RMD160 is not set +# CONFIG_CRYPTO_SHA1 is not set +CONFIG_CRYPTO_SHA256=y +# CONFIG_CRYPTO_SHA512 is not set +# CONFIG_CRYPTO_SHA3 is not set +# CONFIG_CRYPTO_SM3_GENERIC is not set +# CONFIG_CRYPTO_STREEBOG is not set +# CONFIG_CRYPTO_VMAC is not set +# CONFIG_CRYPTO_WP512 is not set +# CONFIG_CRYPTO_XCBC is not set +# CONFIG_CRYPTO_XXHASH is not set +# end of Hashes, digests, and MACs + +# +# CRCs (cyclic redundancy checks) +# +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32 is not set +CONFIG_CRYPTO_CRCT10DIF=y +CONFIG_CRYPTO_CRC64_ROCKSOFT=y +# end of CRCs (cyclic redundancy checks) + +# +# Compression +# +CONFIG_CRYPTO_DEFLATE=y +# CONFIG_CRYPTO_LZO is not set +# CONFIG_CRYPTO_842 is not set +# CONFIG_CRYPTO_LZ4 is not set +# CONFIG_CRYPTO_LZ4HC is not set +# CONFIG_CRYPTO_ZSTD is not set +# end of Compression + +# +# Random number generation +# +CONFIG_CRYPTO_ANSI_CPRNG=y +# CONFIG_CRYPTO_DRBG_MENU is not set +# CONFIG_CRYPTO_JITTERENTROPY is not set +# end of Random number generation + +# +# Userspace interface +# +CONFIG_CRYPTO_USER_API=y +CONFIG_CRYPTO_USER_API_HASH=y +# CONFIG_CRYPTO_USER_API_SKCIPHER is not set +# CONFIG_CRYPTO_USER_API_RNG is not set +# CONFIG_CRYPTO_USER_API_AEAD is not set +# CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set +# end of Userspace interface + +# +# Accelerated Cryptographic Algorithms for CPU (x86) +# +# CONFIG_CRYPTO_CURVE25519_X86 is not set +# CONFIG_CRYPTO_AES_NI_INTEL is not set +# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set +# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set +# CONFIG_CRYPTO_ARIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_CHACHA20_X86_64 is not set +# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set +# CONFIG_CRYPTO_BLAKE2S_X86 is not set +# CONFIG_CRYPTO_POLYVAL_CLMUL_NI is not set +# CONFIG_CRYPTO_POLY1305_X86_64 is not set +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +# CONFIG_CRYPTO_SHA256_SSSE3 is not set +# CONFIG_CRYPTO_SHA512_SSSE3 is not set +# CONFIG_CRYPTO_SM3_AVX_X86_64 is not set +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# CONFIG_CRYPTO_CRCT10DIF_PCLMUL is not set +# end of Accelerated Cryptographic Algorithms for CPU (x86) + +# CONFIG_CRYPTO_HW is not set + +# +# Certificates for signature checking +# +# end of Certificates for signature checking + +CONFIG_BINARY_PRINTF=y + +# +# Library routines +# +# CONFIG_PACKING is not set +CONFIG_BITREVERSE=y +CONFIG_GENERIC_STRNCPY_FROM_USER=y +CONFIG_GENERIC_STRNLEN_USER=y +CONFIG_GENERIC_NET_UTILS=y +# CONFIG_CORDIC is not set +# CONFIG_PRIME_NUMBERS is not set +CONFIG_RATIONAL=y +CONFIG_GENERIC_PCI_IOMAP=y +CONFIG_GENERIC_IOMAP=y +CONFIG_ARCH_USE_CMPXCHG_LOCKREF=y +CONFIG_ARCH_HAS_FAST_MULTIPLIER=y +CONFIG_ARCH_USE_SYM_ANNOTATIONS=y + +# +# Crypto library routines +# +CONFIG_CRYPTO_LIB_UTILS=y +CONFIG_CRYPTO_LIB_AES=y +CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y +# CONFIG_CRYPTO_LIB_CHACHA is not set +# CONFIG_CRYPTO_LIB_CURVE25519 is not set +CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 +# CONFIG_CRYPTO_LIB_POLY1305 is not set +# CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_LIB_SHA1=y +CONFIG_CRYPTO_LIB_SHA256=y +# end of Crypto library routines + +# CONFIG_CRC_CCITT is not set +CONFIG_CRC16=y +CONFIG_CRC_T10DIF=y +CONFIG_CRC64_ROCKSOFT=y +# CONFIG_CRC_ITU_T is not set +CONFIG_CRC32=y +# CONFIG_CRC32_SELFTEST is not set +CONFIG_CRC32_SLICEBY8=y +# CONFIG_CRC32_SLICEBY4 is not set +# CONFIG_CRC32_SARWATE is not set +# CONFIG_CRC32_BIT is not set +CONFIG_CRC64=y +# CONFIG_CRC4 is not set +# CONFIG_CRC7 is not set +CONFIG_LIBCRC32C=y +# CONFIG_CRC8 is not set +CONFIG_XXHASH=y +# CONFIG_RANDOM32_SELFTEST is not set +CONFIG_ZLIB_INFLATE=y +CONFIG_ZLIB_DEFLATE=y +CONFIG_XZ_DEC=y +CONFIG_XZ_DEC_X86=y +CONFIG_XZ_DEC_POWERPC=y +CONFIG_XZ_DEC_IA64=y +CONFIG_XZ_DEC_ARM=y +CONFIG_XZ_DEC_ARMTHUMB=y +CONFIG_XZ_DEC_SPARC=y +# CONFIG_XZ_DEC_MICROLZMA is not set +CONFIG_XZ_DEC_BCJ=y +# CONFIG_XZ_DEC_TEST is not set +CONFIG_DECOMPRESS_GZIP=y +CONFIG_GENERIC_ALLOCATOR=y +CONFIG_TEXTSEARCH=y +CONFIG_TEXTSEARCH_KMP=y +CONFIG_TEXTSEARCH_BM=y +CONFIG_TEXTSEARCH_FSM=y +CONFIG_INTERVAL_TREE=y +CONFIG_XARRAY_MULTI=y +CONFIG_HAS_IOMEM=y +CONFIG_HAS_IOPORT_MAP=y +CONFIG_HAS_DMA=y +CONFIG_DMA_OPS=y +CONFIG_NEED_SG_DMA_LENGTH=y +CONFIG_NEED_DMA_MAP_STATE=y +CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_ARCH_HAS_FORCE_DMA_UNENCRYPTED=y +CONFIG_SWIOTLB=y +CONFIG_DMA_COHERENT_POOL=y +# CONFIG_DMA_API_DEBUG is not set +CONFIG_SGL_ALLOC=y +CONFIG_IOMMU_HELPER=y +CONFIG_CPUMASK_OFFSTACK=y +# CONFIG_FORCE_NR_CPUS is not set +CONFIG_CPU_RMAP=y +CONFIG_DQL=y +CONFIG_NLATTR=y +# CONFIG_IRQ_POLL is not set +CONFIG_HAVE_GENERIC_VDSO=y +CONFIG_GENERIC_GETTIMEOFDAY=y +CONFIG_GENERIC_VDSO_TIME_NS=y +CONFIG_SG_POOL=y +CONFIG_ARCH_HAS_PMEM_API=y +CONFIG_MEMREGION=y +CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y +CONFIG_ARCH_HAS_COPY_MC=y +CONFIG_ARCH_STACKWALK=y +CONFIG_STACKDEPOT=y +CONFIG_SBITMAP=y +# end of Library routines + +# +# Kernel hacking +# + +# +# printk and dmesg options +# +CONFIG_PRINTK_TIME=y +# CONFIG_PRINTK_CALLER is not set +# CONFIG_STACKTRACE_BUILD_ID is not set +CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 +CONFIG_CONSOLE_LOGLEVEL_QUIET=4 +CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set +# CONFIG_DYNAMIC_DEBUG is not set +# CONFIG_DYNAMIC_DEBUG_CORE is not set +# CONFIG_SYMBOLIC_ERRNAME is not set +CONFIG_DEBUG_BUGVERBOSE=y +# end of printk and dmesg options + +CONFIG_DEBUG_KERNEL=y +CONFIG_DEBUG_MISC=y + +# +# Compile-time checks and compiler options +# +CONFIG_AS_HAS_NON_CONST_LEB128=y +CONFIG_DEBUG_INFO_NONE=y +# CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_DEBUG_INFO_DWARF5 is not set +CONFIG_FRAME_WARN=2048 +# CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set +# CONFIG_HEADERS_INSTALL is not set +# CONFIG_DEBUG_SECTION_MISMATCH is not set +CONFIG_SECTION_MISMATCH_WARN_ONLY=y +CONFIG_OBJTOOL=y +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set +# end of Compile-time checks and compiler options + +# +# Generic Kernel Debugging Instruments +# +# CONFIG_MAGIC_SYSRQ is not set +# CONFIG_DEBUG_FS is not set +CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set +CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y +# CONFIG_UBSAN is not set +CONFIG_HAVE_ARCH_KCSAN=y +CONFIG_HAVE_KCSAN_COMPILER=y +# CONFIG_KCSAN is not set +# end of Generic Kernel Debugging Instruments + +# +# Networking Debugging +# +# CONFIG_NET_DEV_REFCNT_TRACKER is not set +# CONFIG_NET_NS_REFCNT_TRACKER is not set +# CONFIG_DEBUG_NET is not set +# end of Networking Debugging + +# +# Memory Debugging +# +# CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +CONFIG_SLUB_DEBUG=y +# CONFIG_SLUB_DEBUG_ON is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_PAGE_TABLE_CHECK is not set +# CONFIG_PAGE_POISONING is not set +# CONFIG_DEBUG_RODATA_TEST is not set +CONFIG_ARCH_HAS_DEBUG_WX=y +# CONFIG_DEBUG_WX is not set +CONFIG_GENERIC_PTDUMP=y +# CONFIG_DEBUG_OBJECTS is not set +CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_SCHED_STACK_END_CHECK is not set +CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y +# CONFIG_DEBUG_VM is not set +# CONFIG_DEBUG_VM_PGTABLE is not set +CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y +# CONFIG_DEBUG_VIRTUAL is not set +CONFIG_DEBUG_MEMORY_INIT=y +# CONFIG_DEBUG_PER_CPU_MAPS is not set +CONFIG_HAVE_ARCH_KASAN=y +CONFIG_HAVE_ARCH_KASAN_VMALLOC=y +CONFIG_CC_HAS_KASAN_GENERIC=y +CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y +# CONFIG_KASAN is not set +CONFIG_HAVE_ARCH_KFENCE=y +# CONFIG_KFENCE is not set +CONFIG_HAVE_ARCH_KMSAN=y +# end of Memory Debugging + +# CONFIG_DEBUG_SHIRQ is not set + +# +# Debug Oops, Lockups and Hangs +# +# CONFIG_PANIC_ON_OOPS is not set +CONFIG_PANIC_ON_OOPS_VALUE=0 +CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SOFTLOCKUP_DETECTOR is not set +CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y +# CONFIG_HARDLOCKUP_DETECTOR is not set +# CONFIG_DETECT_HUNG_TASK is not set +# CONFIG_WQ_WATCHDOG is not set +# CONFIG_TEST_LOCKUP is not set +# end of Debug Oops, Lockups and Hangs + +# +# Scheduler Debugging +# +CONFIG_SCHED_DEBUG=y +# CONFIG_SCHEDSTATS is not set +# end of Scheduler Debugging + +# CONFIG_DEBUG_TIMEKEEPING is not set + +# +# Lock Debugging (spinlocks, mutexes, etc...) +# +CONFIG_LOCK_DEBUGGING_SUPPORT=y +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_RWSEMS is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set +# CONFIG_WW_MUTEX_SELFTEST is not set +# CONFIG_SCF_TORTURE_TEST is not set +# CONFIG_CSD_LOCK_WAIT_DEBUG is not set +# end of Lock Debugging (spinlocks, mutexes, etc...) + +# CONFIG_DEBUG_IRQFLAGS is not set +CONFIG_STACKTRACE=y +# CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set +# CONFIG_DEBUG_KOBJECT is not set + +# +# Debug kernel data structures +# +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PLIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set +# CONFIG_BUG_ON_DATA_CORRUPTION is not set +# CONFIG_DEBUG_MAPLE_TREE is not set +# end of Debug kernel data structures + +# CONFIG_DEBUG_CREDENTIALS is not set + +# +# RCU Debugging +# +# CONFIG_RCU_SCALE_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_REF_SCALE_TEST is not set +CONFIG_RCU_CPU_STALL_TIMEOUT=21 +CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0 +CONFIG_RCU_TRACE=y +# CONFIG_RCU_EQS_DEBUG is not set +# end of RCU Debugging + +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set +# CONFIG_LATENCYTOP is not set +CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_RETHOOK=y +CONFIG_HAVE_FUNCTION_TRACER=y +CONFIG_HAVE_DYNAMIC_FTRACE=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y +CONFIG_HAVE_DYNAMIC_FTRACE_WITH_ARGS=y +CONFIG_HAVE_DYNAMIC_FTRACE_NO_PATCHABLE=y +CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y +CONFIG_HAVE_SYSCALL_TRACEPOINTS=y +CONFIG_HAVE_FENTRY=y +CONFIG_HAVE_OBJTOOL_MCOUNT=y +CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_HAVE_BUILDTIME_MCOUNT_SORT=y +CONFIG_TRACE_CLOCK=y +CONFIG_TRACING_SUPPORT=y +# CONFIG_FTRACE is not set +# CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set +# CONFIG_SAMPLES is not set +CONFIG_HAVE_SAMPLE_FTRACE_DIRECT=y +CONFIG_HAVE_SAMPLE_FTRACE_DIRECT_MULTI=y +CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y + +# +# x86 Debugging +# +CONFIG_X86_VERBOSE_BOOTUP=y +CONFIG_EARLY_PRINTK=y +# CONFIG_EARLY_PRINTK_DBGP is not set +# CONFIG_EARLY_PRINTK_USB_XDBC is not set +# CONFIG_DEBUG_TLBFLUSH is not set +# CONFIG_IOMMU_DEBUG is not set +CONFIG_HAVE_MMIOTRACE_SUPPORT=y +# CONFIG_X86_DECODER_SELFTEST is not set +CONFIG_IO_DELAY_0X80=y +# CONFIG_IO_DELAY_0XED is not set +# CONFIG_IO_DELAY_UDELAY is not set +# CONFIG_IO_DELAY_NONE is not set +# CONFIG_CPA_DEBUG is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +CONFIG_X86_DEBUG_FPU=y +# CONFIG_PUNIT_ATOM_DEBUG is not set +CONFIG_UNWINDER_ORC=y +# CONFIG_UNWINDER_FRAME_POINTER is not set +# end of x86 Debugging + +# +# Kernel Testing and Coverage +# +# CONFIG_KUNIT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set +CONFIG_ARCH_HAS_KCOV=y +CONFIG_CC_HAS_SANCOV_TRACE_PC=y +# CONFIG_KCOV is not set +# CONFIG_RUNTIME_TESTING_MENU is not set +CONFIG_ARCH_USE_MEMTEST=y +# CONFIG_MEMTEST is not set +# end of Kernel Testing and Coverage + +# +# Rust hacking +# +# end of Rust hacking +# end of Kernel hacking diff --git a/SPECS/kernel-uvm-cvm/kernel-uvm-cvm.signatures.json b/SPECS/kernel-uvm-cvm/kernel-uvm-cvm.signatures.json new file mode 100644 index 00000000000..218da1b3f52 --- /dev/null +++ b/SPECS/kernel-uvm-cvm/kernel-uvm-cvm.signatures.json @@ -0,0 +1,6 @@ +{ + "Signatures": { + "config": "56859a4947b2f23d3663c1ed5dc4bcb8f56c2e42b90f6b18b0f46f1e27ba11c3", + "kernel-uvm-6.1.0.mshv11.tar.gz": "11ab6d4082a1d7c73fc5abc71faf0d2507bb5e7b18100f5636d476748bf0520d" + } +} diff --git a/SPECS/kernel-uvm-cvm/kernel-uvm-cvm.spec b/SPECS/kernel-uvm-cvm/kernel-uvm-cvm.spec new file mode 100644 index 00000000000..3eff694d043 --- /dev/null +++ b/SPECS/kernel-uvm-cvm/kernel-uvm-cvm.spec @@ -0,0 +1,1201 @@ +%global security_hardening none +%global debug_package %{nil} +%define uname_r %{version}-%{release}-cvm + +%ifarch x86_64 +%define arch x86_64 +%define archdir x86 +%define config_source %{SOURCE1} +%endif + +Summary: Linux Kernel for SEV SNP enabled Kata UVMs +Name: kernel-uvm-cvm +Version: 6.1.0.mshv11 +Release: 1%{?dist} +License: GPLv2 +Vendor: Microsoft Corporation +Distribution: Mariner +Group: System Environment/Kernel +Source0: %{_mariner_sources_url}/kernel-uvm-%{version}.tar.gz +Source1: config +BuildRequires: audit-devel +BuildRequires: bash +BuildRequires: bc +BuildRequires: diffutils +BuildRequires: dwarves +BuildRequires: elfutils-libelf-devel +BuildRequires: glib-devel +BuildRequires: kbd +BuildRequires: kmod-devel +BuildRequires: libdnet-devel +BuildRequires: libmspack-devel +BuildRequires: openssl +BuildRequires: openssl-devel +BuildRequires: pam-devel +BuildRequires: procps-ng-devel +BuildRequires: python3-devel +BuildRequires: sed +Requires: filesystem +Requires: kmod +Requires(post): coreutils +Requires(postun): coreutils +ExclusiveArch: x86_64 + +# Config file is only an inmutable copy from default config in lsg dom0 sources (arch/x86/configs/mshv_default_config) +# to make permanent changes to config, make a PR for mshv_default_config in https://microsoft.visualstudio.com/DefaultCollection/LSG/_git/linux-dom0 + +# To make temporary changes: +# When updating the config files it is important to sanitize them. +# Steps for updating a config file: +# 1. Extract the linux sources into a folder +# 2. Add the current config file to the folder +# 3. Run `make menuconfig` to edit the file (Manually editing is not recommended) +# * You might have to install the following dependencies: libncurses5-dev flex +# 4. Save the config file +# 5. Copy the config file back into the kernel spec folder +# 6. Revert any undesired changes (GCC related changes, etc) +# 8. Build the kernel package +# 9. Apply the changes listed in the log file (if any) to the config file +# 10. Verify the rest of the config file looks ok +# If there are significant changes to the config file, disable the config check and build the +# kernel rpm. The final config file is included in /boot in the rpm. + +%ifarch x86_64 +%define image_fname vmlinux.bin +%define image arch/x86/boot/compressed/%{image_fname} +%if 0%{?centos_version} && 0%{?centos_version} < 900 +%define kcflags %{nil} +%else +%define kcflags -Wa,-mx86-used-note=no +%endif +%define arch x86_64 +%endif + +%description +The kernel UVM CVM package contains the Linux kernel for SEV SNP enabled UVMs. + +%package devel +Summary: Lightweight kernel Devel package +Group: System Environment/Kernel +Requires: %{name} = %{version}-%{release} + +%description devel +This package contains the kernel UVM CVM devel files + +%prep +tar xf %{SOURCE0} --strip-components=1 + +make mrproper + +cp %{config_source} .config +cp .config current_config +make LC_ALL= ARCH=%{arch} oldconfig + +# Verify the config files match +cp .config new_config +sed -i 's/CONFIG_LOCALVERSION=".*"/CONFIG_LOCALVERSION=""/' new_config +diff --unified new_config current_config > config_diff || true +if [ -s config_diff ]; then + printf "\n\n\n\n\n\n\n\n" + cat config_diff + printf "\n\n\n\n\n\n\n\n" + echo "Config file has unexpected changes" + echo "Update config file to set changed values explicitly" + +# (DISABLE THIS IF INTENTIONALLY UPDATING THE CONFIG FILE) + # exit 1 +fi + +%build +%ifarch x86_64 +KCFLAGS="%{kcflags}" make VERBOSE=1 KBUILD_BUILD_VERSION="1" KBUILD_BUILD_HOST="CBL-Mariner" ARCH=%{arch} %{?_smp_mflags} +%endif + +%install +install -vdm 755 %{buildroot}%{_prefix}/src/linux-headers-%{uname_r} +install -vdm 755 %{buildroot}/lib/modules/%{uname_r} + +D=%{buildroot}%{_datadir}/cloud-hypervisor-cvm +install -D -m 644 %{image} $D/%{image_fname} +install -D -m 644 arch/%{arch}/boot/bzImage $D/bzImage +%ifarch x86_64 +mkdir -p %{buildroot}/lib/modules/%{name} +ln -s %{_datadir}/cloud-hypervisor-cvm/%{image_fname} %{buildroot}/lib/modules/%{name}/vmlinux +%endif + +find . -name Makefile* -o -name Kconfig* -o -name *.pl | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy +find arch/%{archdir}/include include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy +find $(find arch/%{archdir} -name include -o -name scripts -type d) -type f | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy +find arch/%{archdir}/include Module.symvers include scripts -type f | xargs sh -c 'cp --parents "$@" %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}' copy +%ifarch x86_64 +# CONFIG_STACK_VALIDATION=y requires objtool to build external modules +install -vsm 755 tools/objtool/objtool %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}/tools/objtool/ +install -vsm 755 tools/objtool/fixdep %{buildroot}%{_prefix}/src/linux-headers-%{uname_r}/tools/objtool/ +%endif + +cp .config %{buildroot}%{_prefix}/src/linux-headers-%{uname_r} # copy .config manually to be where it's expected to be +ln -sf "%{_prefix}/src/linux-headers-%{uname_r}" "%{buildroot}/lib/modules/%{uname_r}/build" +find %{buildroot}/lib/modules -name '*.ko' -exec chmod u+x {} + + +%files +%defattr(-,root,root) +%license COPYING +%{_datadir}/cloud-hypervisor-cvm/%{image_fname} +%{_datadir}/cloud-hypervisor-cvm/bzImage +%dir %{_datadir}/cloud-hypervisor-cvm +%ifarch x86_64 +/lib/modules/%{name}/vmlinux +%endif + +%files devel +%defattr(-,root,root) +/lib/modules/%{uname_r}/build +%{_prefix}/src/linux-headers-%{uname_r} + +%changelog +* Thu Sep 15 2023 Saul Paredes - 6.1.0.mshv11-1 +- Update to v6.1.0.mshv11 + +* Fri Sep 15 2023 Saul Paredes - 6.1.0.mshv10-1 +- Update to v6.1.0.mshv10 + +* Mon Aug 28 2023 Saul Paredes - 6.1.0.mshv8-1 +- Update to v6.1.0.mshv8 + +* Wed Aug 18 2023 Dallas Delaney - 5.15.110.mshv2-5 +- Add back debug logs for config change warning + +* Wed Aug 18 2023 Dallas Delaney - 5.15.110.mshv2-4 +- Align config with UVM from LSG + +* Wed May 31 2023 Dallas Delaney - 5.15.110.mshv2-2 +- Enable dm-verity + +* Fri May 12 2023 Saul Paredes - 5.15.110.mshv2-1 +- Update to v5.15.110.mshv2 + +* Mon May 1 2023 Dallas Delaney - 5.15.98.mshv1-4 +- Install the bzImage + +* Thu Apr 6 2023 Chris Co - 5.15.98.mshv1-3 +- Generate devel subpackage and enable loadable kernel module support + +* Thu Apr 6 2023 Saul Paredes 5.15.98.mshv1-2 +- Remove aarch64 build instructions + +* Fri Mar 24 2023 Saul Paredes 5.15.98.mshv1-1 +- Consume source and config from dom0 + +* Thu Feb 23 2023 Aurélien Bombo - 5.15.48.1-9 +- Enable Hyper-V enlightenments. + +* Mon Sep 12 2022 Neha Agarwal - 5.15.48.1-8 +- Create modules folder and copy vmlinux + +* Tue Aug 30 2022 Chris Co - 5.15.48.1-7 +- Trim spec to only necessary components for UVM + +* Fri Aug 26 2022 Max Brodeur-Urbas - 5.15.48.1-6 +- Creating kernel configuration specifically for kata uvm purposes + +* Fri Jul 08 2022 Francis Laniel - 5.15.48.1-5 +- Add back CONFIG_FTRACE_SYSCALLS to enable eBPF CO-RE syscalls tracers. +- Add CONFIG_IKHEADERS=m to enable eBPF standard tracers. + +* Mon Jun 27 2022 Neha Agarwal - 5.15.48.1-4 +- Remove 'quiet' from commandline to enable verbose log + +* Mon Jun 27 2022 Henry Beberman - 5.15.48.1-3 +- Enable CONFIG_VIRTIO_FS=m and CONFIG_FUSE_DAX=y +- Symlink /lib/modules/uname/vmlinuz to /boot/vmlinuz-uname to improve compat with scripts seeking the kernel. + +* Wed Jun 22 2022 Max Brodeur-Urbas - 5.15.48.1-2 +- Enabling Vgem driver in config. + +* Fri Jun 17 2022 Neha Agarwal - 5.15.48.1-1 +- Update source to 5.15.48.1 + +* Tue Jun 14 2022 Pawel Winogrodzki - 5.15.45.1-2 +- Moving ".config" update and check steps into the %%prep section. + +* Thu Jun 09 2022 Cameron Baird - 5.15.45.1-1 +- Update source to 5.15.45.1 +- Address CVE-2022-32250 with a nopatch + +* Mon Jun 06 2022 Max Brodeur-Urbas - 5.15.41.1-4 +- Compiling ptp_kvm driver as a module + +* Wed Jun 01 2022 Pawel Winogrodzki - 5.15.41.1-3 +- Enabling "LIVEPATCH" config option. + +* Thu May 26 2022 Minghe Ren - 5.15.41.1-2 +- Disable SMACK kernel configuration + +* Tue May 24 2022 Cameron Baird - 5.15.41.1-1 +- Update source to 5.15.41.1 +- Nopatch CVE-2020-35501, CVE-2022-28893, CVE-2022-29581 + +* Mon May 23 2022 Neha Agarwal - 5.15.37.1-3 +- Fix configs to bring down initrd boot time + +* Mon May 16 2022 Neha Agarwal - 5.15.37.1-2 +- Fix cdrom, hyperv-mouse, kexec and crash-on-demand config in aarch64 + +* Mon May 09 2022 Neha Agarwal - 5.15.37.1-1 +- Update source to 5.15.37.1 +- Nopatch CVE-2021-4095, CVE-2022-0500, CVE-2022-0998, CVE-2022-28796, CVE-2022-29582, + CVE-2022-1048, CVE-2022-1195, CVE-2022-1353, CVE-2022-29968, CVE-2022-1015 +- Enable IFB config + +* Tue Apr 19 2022 Cameron Baird - 5.15.34.1-1 +- Update source to 5.15.34.1 +- Clean up nopatches in Patch list, no longer needed for CVE automation +- Nopatch CVE-2022-28390, CVE-2022-28389, CVE-2022-28388, CVE-2022-28356, CVE-2022-0435, + CVE-2021-4202, CVE-2022-27950, CVE-2022-0433, CVE-2022-0494, CVE-2022-0330, CVE-2022-0854, + CVE-2021-4197, CVE-2022-29156 + +* Tue Apr 19 2022 Max Brodeur-Urbas - 5.15.32.1-3 +- Remove kernel lockdown config from grub envblock + +* Tue Apr 12 2022 Andrew Phelps - 5.15.32.1-2 +- Remove trace symlink from _bindir +- Exclude files and directories under the debug folder from kernel and kernel-tools packages +- Remove BR for xerces-c-devel + +* Fri Apr 08 2022 Neha Agarwal - 5.15.32.1-1 +- Update source to 5.15.32.1 +- Address CVES: 2022-0516, 2022-26878, 2022-27223, 2022-24958, 2022-0742, + 2022-1011, 2022-26490, 2021-4002 +- Enable MANA driver config +- Address CVEs 2022-0995, 2022-1055, 2022-27666 + +* Tue Apr 05 2022 Henry Li - 5.15.26.1-4 +- Add Dell devices support + +* Mon Mar 28 2022 Rachel Menge - 5.15.26.1-3 +- Remove hardcoded mariner.pem from configs and instead insert during + the build phase + +* Mon Mar 14 2022 Vince Perri - 5.15.26.1-2 +- Add support for compressed firmware + +* Tue Mar 08 2022 cameronbaird - 5.15.26.1-1 +- Update source to 5.15.26.1 +- Address CVES: 2022-0617, 2022-25375, 2022-25258, 2021-4090, 2022-25265, + 2021-45402, 2022-0382, 2022-0185, 2021-44879, 2022-24959, 2022-0264, + 2022-24448, 2022-24122, 2021-20194, 2022-0847, 1999-0524, 2008-4609, + 2010-0298, 2010-4563, 2011-0640, 2022-0492, 2021-3743, 2022-26966 + +* Mon Mar 07 2022 George Mileka - 5.15.18.1-5 +- Enabled vfio noiommu. + +* Fri Feb 25 2022 Henry Li - 5.15.18.1-4 +- Enable CONFIG_DEVMEM, CONFIG_STRICT_DEVMEM and CONFIG_IO_STRICT_DEVMEM + +* Thu Feb 24 2022 Cameron Baird - 5.15.18.1-3 +- CONFIG_BPF_UNPRIV_DEFAULT_OFF=y + +* Thu Feb 24 2022 Suresh Babu Chalamalasetty - 5.15.18.1-2 +- Add usbip required kernel configs CONFIG_USBIP_CORE CONFIG_USBIP_VHCI_HCD + +* Mon Feb 07 2022 Cameron Baird - 5.15.18.1-1 +- Update source to 5.15.18.1 +- Address CVE-2010-0309, CVE-2018-1000026, CVE-2018-16880, CVE-2019-3016, + CVE-2019-3819, CVE-2019-3887, CVE-2020-25672, CVE-2021-3564, CVE-2021-45095, + CVE-2021-45469, CVE-2021-45480 + +* Thu Feb 03 2022 Henry Li - 5.15.2.1-5 +- Enable CONFIG_X86_SGX and CONFIG_X86_SGX_KVM + +* Wed Feb 02 2022 Rachel Menge - 5.15.2.1-4 +- Add libperf-jvmti.so to tools package + +* Thu Jan 27 2022 Daniel Mihai - 5.15.2.1-3 +- Enable kdb frontend for kgdb + +* Sun Jan 23 2022 Chris Co - 5.15.2.1-2 +- Rotate Mariner cert + +* Thu Jan 06 2022 Rachel Menge - 5.15.2.1-1 +- Update source to 5.15.2.1 + +* Tue Jan 04 2022 Suresh Babu Chalamalasetty - 5.10.78.1-3 +- Add provides exclude for debug build-id for aarch64 to generate debuginfo rpm +- Fix missing brackets for __os_install_post. + +* Tue Dec 28 2021 Suresh Babu Chalamalasetty - 5.10.78.1-2 +- Enable CONFIG_COMPAT kernel configs + +* Tue Nov 23 2021 Rachel Menge - 5.10.78.1-1 +- Update source to 5.10.78.1 +- Address CVE-2021-43267, CVE-2021-42739, CVE-2021-42327, CVE-2021-43389 +- Add patch to fix SPDX-License-Identifier in headers + +* Mon Nov 15 2021 Thomas Crain - 5.10.74.1-4 +- Add python3-perf subpackage and add python3-devel to build-time requirements +- Exclude accessibility modules from main package to avoid subpackage conflict +- Remove redundant License tag from bpftool subpackage + +* Thu Nov 04 2021 Andrew Phelps - 5.10.74.1-3 +- Update configs for gcc 11.2.0 and binutils 2.37 updates + +* Tue Oct 26 2021 Rachel Menge - 5.10.74.1-2 +- Update configs for eBPF support +- Add dwarves Build-requires + +* Tue Oct 19 2021 Rachel Menge - 5.10.74.1-1 +- Update source to 5.10.74.1 +- Address CVE-2021-41864, CVE-2021-42252 +- License verified + +* Thu Oct 07 2021 Rachel Menge - 5.10.69.1-1 +- Update source to 5.10.69.1 +- Address CVE-2021-38300, CVE-2021-41073, CVE-2021-3653, CVE-2021-42008 + +* Wed Sep 22 2021 Rachel Menge - 5.10.64.1-2 +- Enable CONFIG_NET_VRF +- Add vrf to drivers argument for dracut + +* Mon Sep 20 2021 Rachel Menge - 5.10.64.1-1 +- Update source to 5.10.64.1 + +* Fri Sep 17 2021 Rachel Menge - 5.10.60.1-1 +- Remove cn from dracut drivers argument +- Update source to 5.10.60.1 +- Address CVE-2021-38166, CVE-2021-38205, CVE-2021-3573 + CVE-2021-37576, CVE-2021-34556, CVE-2021-35477, CVE-2021-28691, + CVE-2021-3564, CVE-2020-25639, CVE-2021-29657, CVE-2021-38199, + CVE-2021-38201, CVE-2021-38202, CVE-2021-38207, CVE-2021-38204, + CVE-2021-38206, CVE-2021-38208, CVE-2021-38200, CVE-2021-38203, + CVE-2021-38160, CVE-2021-3679, CVE-2021-38198, CVE-2021-38209, + CVE-2021-3655 +- Add patch to fix VDSO in HyperV + +* Thu Sep 09 2021 Muhammad Falak - 5.10.52.1-2 +- Export `bpftool` subpackage + +* Tue Jul 20 2021 Rachel Menge - 5.10.52.1-1 +- Update source to 5.10.52.1 +- Address CVE-2021-35039, CVE-2021-33909 + +* Mon Jul 19 2021 Chris Co - 5.10.47.1-2 +- Enable CONFIG_CONNECTOR and CONFIG_PROC_EVENTS + +* Tue Jul 06 2021 Rachel Menge - 5.10.47.1-1 +- Update source to 5.10.47.1 +- Address CVE-2021-34693, CVE-2021-33624 + +* Wed Jun 30 2021 Chris Co - 5.10.42.1-4 +- Enable legacy mcelog config + +* Tue Jun 22 2021 Suresh Babu Chalamalasetty - 5.10.42.1-3 +- Enable CONFIG_IOSCHED_BFQ and CONFIG_BFQ_GROUP_IOSCHED configs + +* Wed Jun 16 2021 Chris Co - 5.10.42.1-2 +- Enable CONFIG_CROSS_MEMORY_ATTACH + +* Tue Jun 08 2021 Rachel Menge - 5.10.42.1-1 +- Update source to 5.10.42.1 +- Address CVE-2021-33200 + +* Thu Jun 03 2021 Rachel Menge - 5.10.37.1-2 +- Address CVE-2020-25672 + +* Fri May 28 2021 Rachel Menge - 5.10.37.1-1 +- Update source to 5.10.37.1 +- Address CVE-2021-23134, CVE-2021-29155, CVE-2021-31829, CVE-2021-31916, + CVE-2021-32399, CVE-2021-33033, CVE-2021-33034, CVE-2021-3483 + CVE-2021-3501, CVE-2021-3506 + +* Thu May 27 2021 Chris Co - 5.10.32.1-7 +- Set lockdown=integrity by default + +* Wed May 26 2021 Chris Co - 5.10.32.1-6 +- Add Mariner cert into the trusted kernel keyring + +* Tue May 25 2021 Daniel Mihai - 5.10.32.1-5 +- Enable kernel debugger + +* Thu May 20 2021 Nicolas Ontiveros - 5.10.32.1-4 +- Bump release number to match kernel-signed update + +* Mon May 17 2021 Andrew Phelps - 5.10.32.1-3 +- Update CONFIG_LD_VERSION for binutils 2.36.1 +- Remove build-id match check + +* Thu May 13 2021 Rachel Menge - 5.10.32.1-2 +- Add CONFIG_AS_HAS_LSE_ATOMICS=y + +* Mon May 03 2021 Rachel Menge - 5.10.32.1-1 +- Update source to 5.10.32.1 +- Address CVE-2021-23133, CVE-2021-29154, CVE-2021-30178 + +* Thu Apr 22 2021 Chris Co - 5.10.28.1-4 +- Disable CONFIG_EFI_DISABLE_PCI_DMA. It can cause boot issues on some hardware. + +* Mon Apr 19 2021 Chris Co - 5.10.28.1-3 +- Bump release number to match kernel-signed update + +* Thu Apr 15 2021 Rachel Menge - 5.10.28.1-2 +- Address CVE-2021-29648 + +* Thu Apr 08 2021 Chris Co - 5.10.28.1-1 +- Update source to 5.10.28.1 +- Update uname_r define to match the new value derived from the source +- Address CVE-2020-27170, CVE-2020-27171, CVE-2021-28375, CVE-2021-28660, + CVE-2021-28950, CVE-2021-28951, CVE-2021-28952, CVE-2021-28971, + CVE-2021-28972, CVE-2021-29266, CVE-2021-28964, CVE-2020-35508, + CVE-2020-16120, CVE-2021-29264, CVE-2021-29265, CVE-2021-29646, + CVE-2021-29647, CVE-2021-29649, CVE-2021-29650, CVE-2021-30002 + +* Fri Mar 26 2021 Daniel Mihai - 5.10.21.1-4 +- Enable CONFIG_CRYPTO_DRBG_HASH, CONFIG_CRYPTO_DRBG_CTR + +* Thu Mar 18 2021 Chris Co - 5.10.21.1-3 +- Address CVE-2021-27365, CVE-2021-27364, CVE-2021-27363 +- Enable CONFIG_FANOTIFY_ACCESS_PERMISSIONS + +* Wed Mar 17 2021 Nicolas Ontiveros - 5.10.21.1-2 +- Disable QAT kernel configs + +* Thu Mar 11 2021 Chris Co - 5.10.21.1-1 +- Update source to 5.10.21.1 +- Add virtio drivers to be installed into initrd +- Address CVE-2021-26930, CVE-2020-35499, CVE-2021-26931, CVE-2021-26932 + +* Fri Mar 05 2021 Chris Co - 5.10.13.1-4 +- Enable kernel lockdown config + +* Thu Mar 04 2021 Suresh Babu Chalamalasetty - 5.10.13.1-3 +- Add configs for CONFIG_BNXT bnxt_en and MSR drivers + +* Mon Feb 22 2021 Thomas Crain - 5.10.13.1-2 +- Add configs for speakup and uinput drivers +- Add kernel-drivers-accessibility subpackage + +* Thu Feb 18 2021 Chris Co - 5.10.13.1-1 +- Update source to 5.10.13.1 +- Remove patch to publish efi tpm event log on ARM. Present in updated source. +- Remove patch for arm64 hyperv support. Present in updated source. +- Account for new module.lds location on aarch64 +- Remove CONFIG_GCC_PLUGIN_RANDSTRUCT +- Add CONFIG_SCSI_SMARTPQI=y + +* Thu Feb 11 2021 Nicolas Ontiveros - 5.4.91-5 +- Add configs to enable tcrypt in FIPS mode + +* Tue Feb 09 2021 Nicolas Ontiveros - 5.4.91-4 +- Use OpenSSL to perform HMAC calc + +* Thu Jan 28 2021 Nicolas Ontiveros - 5.4.91-3 +- Add configs for userspace crypto support +- HMAC calc the kernel for FIPS + +* Wed Jan 27 2021 Daniel McIlvaney - 5.4.91-2 +- Enable dm-verity boot support with FEC + +* Wed Jan 20 2021 Chris Co - 5.4.91-1 +- Update source to 5.4.91 +- Address CVE-2020-29569, CVE-2020-28374, CVE-2020-36158 +- Remove patch to fix GUI installer crash. Fixed in updated source. + +* Tue Jan 12 2021 Rachel Menge - 5.4.83-4 +- Add imx8mq support + +* Sat Jan 09 2021 Andrew Phelps - 5.4.83-3 +- Add patch to fix GUI installer crash + +* Mon Dec 28 2020 Nicolas Ontiveros - 5.4.83-2 +- Address CVE-2020-27777 + +* Tue Dec 15 2020 Henry Beberman - 5.4.83-1 +- Update source to 5.4.83 +- Address CVE-2020-14351, CVE-2020-14381, CVE-2020-25656, CVE-2020-25704, + CVE-2020-29534, CVE-2020-29660, CVE-2020-29661 + +* Fri Dec 04 2020 Chris Co - 5.4.81-1 +- Update source to 5.4.81 +- Remove patch for kexec in HyperV. Integrated in 5.4.81. +- Address CVE-2020-25705, CVE-2020-15436, CVE-2020-28974, CVE-2020-29368, + CVE-2020-29369, CVE-2020-29370, CVE-2020-29374, CVE-2020-29373, CVE-2020-28915, + CVE-2020-28941, CVE-2020-27675, CVE-2020-15437, CVE-2020-29371, CVE-2020-29372, + CVE-2020-27194, CVE-2020-27152 + +* Wed Nov 25 2020 Chris Co - 5.4.72-5 +- Add patch to publish efi tpm event log on ARM + +* Mon Nov 23 2020 Chris Co - 5.4.72-4 +- Apply patch to fix kexec in HyperV + +* Mon Nov 16 2020 Suresh Babu Chalamalasetty - 5.4.72-3 +- Disable kernel config SLUB_DEBUG_ON due to tcp throughput perf impact + +* Tue Nov 10 2020 Suresh Babu Chalamalasetty - 5.4.72-2 +- Enable kernel configs for Arm64 HyperV, Ampere and Cavium SoCs support + +* Mon Oct 26 2020 Chris Co - 5.4.72-1 +- Update source to 5.4.72 +- Remove patch to support CometLake e1000e ethernet. Integrated in 5.4.72. +- Add license file +- Lint spec +- Address CVE-2018-1000026, CVE-2018-16880, CVE-2020-12464, CVE-2020-12465, + CVE-2020-12659, CVE-2020-15780, CVE-2020-14356, CVE-2020-14386, CVE-2020-25645, + CVE-2020-25643, CVE-2020-25211, CVE-2020-25212, CVE-2008-4609, CVE-2020-14331, + CVE-2010-0298, CVE-2020-10690, CVE-2020-25285, CVE-2020-10711, CVE-2019-3887, + CVE-2020-14390, CVE-2019-19338, CVE-2019-20810, CVE-2020-10766, CVE-2020-10767, + CVE-2020-10768, CVE-2020-10781, CVE-2020-12768, CVE-2020-14314, CVE-2020-14385, + CVE-2020-25641, CVE-2020-26088, CVE-2020-10942, CVE-2020-12826, CVE-2019-3016, + CVE-2019-3819, CVE-2020-16166, CVE-2020-11608, CVE-2020-11609, CVE-2020-25284, + CVE-2020-12888, CVE-2017-8244, CVE-2017-8245, CVE-2017-8246, CVE-2009-4484, + CVE-2015-5738, CVE-2007-4998, CVE-2010-0309, CVE-2011-0640, CVE-2020-12656, + CVE-2011-2519, CVE-1999-0656, CVE-2010-4563, CVE-2019-20794, CVE-1999-0524 + +* Fri Oct 16 2020 Suresh Babu Chalamalasetty - 5.4.51-11 +- Enable QAT kernel configs + +* Fri Oct 02 2020 Chris Co - 5.4.51-10 +- Address CVE-2020-10757, CVE-2020-12653, CVE-2020-12657, CVE-2010-3865, + CVE-2020-11668, CVE-2020-12654, CVE-2020-24394, CVE-2020-8428 + +* Fri Oct 02 2020 Chris Co - 5.4.51-9 +- Fix aarch64 build error + +* Wed Sep 30 2020 Emre Girgin - 5.4.51-8 +- Update postun script to deal with removal in case of another installed kernel. + +* Fri Sep 25 2020 Suresh Babu Chalamalasetty - 5.4.51-7 +- Enable Mellanox kernel configs + +* Wed Sep 23 2020 Daniel McIlvaney - 5.4.51-6 +- Enable CONFIG_IMA (measurement only) and associated configs + +* Thu Sep 03 2020 Daniel McIlvaney - 5.4.51-5 +- Add code to check for missing config flags in the checked in configs + +* Thu Sep 03 2020 Chris Co - 5.4.51-4 +- Apply additional kernel hardening configs + +* Thu Sep 03 2020 Chris Co - 5.4.51-3 +- Bump release number due to kernel-signed- package update +- Minor aarch64 config and changelog cleanup + +* Tue Sep 01 2020 Chris Co - 5.4.51-2 +- Update source hash + +* Wed Aug 19 2020 Chris Co - 5.4.51-1 +- Update source to 5.4.51 +- Enable DXGKRNL config +- Address CVE-2020-11494, CVE-2020-11565, CVE-2020-12655, CVE-2020-12771, + CVE-2020-13974, CVE-2020-15393, CVE-2020-8647, CVE-2020-8648, CVE-2020-8649, + CVE-2020-9383, CVE-2020-11725 + +* Wed Aug 19 2020 Chris Co - 5.4.42-12 +- Remove the signed package depends + +* Tue Aug 18 2020 Chris Co - 5.4.42-11 +- Remove signed subpackage + +* Mon Aug 17 2020 Chris Co - 5.4.42-10 +- Enable BPF, PC104, userfaultfd, SLUB sysfs, SMC, XDP sockets monitoring configs + +* Fri Aug 07 2020 Mateusz Malisz - 5.4.42-9 +- Add crashkernel=128M to the kernel cmdline +- Update config to support kexec and kexec_file_load + +* Tue Aug 04 2020 Pawel Winogrodzki - 5.4.42-8 +- Updating "KBUILD_BUILD_VERSION" and "KBUILD_BUILD_HOST" with correct + distribution name. + +* Wed Jul 22 2020 Chris Co - 5.4.42-7 +- Address CVE-2020-8992, CVE-2020-12770, CVE-2020-13143, CVE-2020-11884 + +* Fri Jul 17 2020 Suresh Babu Chalamalasetty - 5.4.42-6 +- Enable CONFIG_MLX5_CORE_IPOIB and CONFIG_INFINIBAND_IPOIB config flags + +* Fri Jul 17 2020 Suresh Babu Chalamalasetty - 5.4.42-5 +- Adding XDP config flag + +* Thu Jul 09 2020 Anand Muthurajan - 5.4.42-4 +- Enable CONFIG_QED, CONFIG_QEDE, CONFIG_QED_SRIOV and CONFIG_QEDE_VXLAN flags + +* Wed Jun 24 2020 Chris Co - 5.4.42-3 +- Regenerate input config files + +* Fri Jun 19 2020 Chris Co - 5.4.42-2 +- Add kernel-secure subpackage and macros for adding offline signed kernels + +* Fri Jun 12 2020 Chris Co - 5.4.42-1 +- Update source to 5.4.42 + +* Thu Jun 11 2020 Chris Co - 5.4.23-17 +- Enable PAGE_POISONING configs +- Disable PROC_KCORE config +- Enable RANDOM_TRUST_CPU config for x86_64 + +* Fri Jun 05 2020 Suresh Babu Chalamalasetty - 5.4.23-16 +- Adding BPF config flags + +* Thu Jun 04 2020 Chris Co - 5.4.23-15 +- Add config support for USB video class devices + +* Wed Jun 03 2020 Nicolas Ontiveros - 5.4.23-14 +- Add CONFIG_CRYPTO_XTS=y to config. + +* Wed Jun 03 2020 Chris Co - 5.4.23-13 +- Add patch to support CometLake e1000e ethernet +- Remove drivers-gpu subpackage +- Inline the initramfs trigger and postun source files +- Remove rpi3 dtb and ls1012 dtb subpackages + +* Wed May 27 2020 Chris Co - 5.4.23-12 +- Update arm64 security configs +- Disable devmem in x86_64 config + +* Tue May 26 2020 Daniel Mihai - 5.4.23-11 +- Disabled Reliable Datagram Sockets protocol (CONFIG_RDS). + +* Fri May 22 2020 Emre Girgin - 5.4.23-10 +- Change /boot directory permissions to 600. + +* Thu May 21 2020 Chris Co - 5.4.23-9 +- Update x86_64 security configs + +* Wed May 20 2020 Suresh Babu Chalamalasetty - 5.4.23-8 +- Adding InfiniBand config flags + +* Mon May 11 2020 Anand Muthurajan - 5.4.23-7 +- Adding PPP config flags + +* Tue Apr 28 2020 Emre Girgin - 5.4.23-6 +- Renaming Linux-PAM to pam + +* Tue Apr 28 2020 Emre Girgin - 5.4.23-5 +- Renaming linux to kernel + +* Tue Apr 14 2020 Emre Girgin - 5.4.23-4 +- Remove linux-aws and linux-esx references. +- Remove kat_build usage. +- Remove ENA module. + +* Fri Apr 10 2020 Emre Girgin - 5.4.23-3 +- Remove xml-security-c dependency. + +* Wed Apr 08 2020 Nicolas Ontiveros - 5.4.23-2 +- Remove toybox and only use coreutils for requires. + +* Tue Dec 10 2019 Chris Co - 5.4.23-1 +- Update to Microsoft Linux Kernel 5.4.23 +- Remove patches +- Update ENA module to 2.1.2 to work with Linux 5.4.23 +- Remove xr module +- Remove Xen tmem module from dracut module list to fix initramfs creation +- Add patch to fix missing trans_pgd header in aarch64 build + +* Fri Oct 11 2019 Henry Beberman - 4.19.52-8 +- Enable Hyper-V TPM in config + +* Tue Sep 03 2019 Mateusz Malisz - 4.19.52-7 +- Initial CBL-Mariner import from Photon (license: Apache2). + +* Thu Jul 25 2019 Keerthana K - 4.19.52-6 +- Fix postun scriplet. + +* Thu Jul 11 2019 Keerthana K - 4.19.52-5 +- Enable kernel configs necessary for BPF Compiler Collection (BCC). + +* Wed Jul 10 2019 Srivatsa S. Bhat (VMware) 4.19.52-4 +- Deprecate linux-aws-tools in favor of linux-tools. + +* Tue Jul 02 2019 Alexey Makhalov - 4.19.52-3 +- Fix 9p vsock 16bit port issue. + +* Thu Jun 20 2019 Tapas Kundu - 4.19.52-2 +- Enabled CONFIG_I2C_CHARDEV to support lm-sensors + +* Mon Jun 17 2019 Srivatsa S. Bhat (VMware) 4.19.52-1 +- Update to version 4.19.52 +- Fix CVE-2019-12456, CVE-2019-12379, CVE-2019-12380, CVE-2019-12381, +- CVE-2019-12382, CVE-2019-12378, CVE-2019-12455 + +* Tue May 28 2019 Srivatsa S. Bhat (VMware) 4.19.40-3 +- Change default I/O scheduler to 'deadline' to fix performance issue. + +* Tue May 14 2019 Keerthana K - 4.19.40-2 +- Fix to parse through /boot folder and update symlink (/boot/photon.cfg) if +- mulitple kernels are installed and current linux kernel is removed. + +* Tue May 07 2019 Ajay Kaher - 4.19.40-1 +- Update to version 4.19.40 + +* Thu Apr 11 2019 Srivatsa S. Bhat (VMware) 4.19.32-3 +- Update config_aarch64 to fix ARM64 build. + +* Fri Mar 29 2019 Srivatsa S. Bhat (VMware) 4.19.32-2 +- Fix CVE-2019-10125 + +* Wed Mar 27 2019 Srivatsa S. Bhat (VMware) 4.19.32-1 +- Update to version 4.19.32 + +* Thu Mar 14 2019 Srivatsa S. Bhat (VMware) 4.19.29-1 +- Update to version 4.19.29 + +* Tue Mar 05 2019 Ajay Kaher - 4.19.26-1 +- Update to version 4.19.26 + +* Thu Feb 21 2019 Him Kalyan Bordoloi - 4.19.15-3 +- Fix CVE-2019-8912 + +* Thu Jan 24 2019 Alexey Makhalov - 4.19.15-2 +- Add WiFi (ath10k), sensors (i2c,spi), usb support for NXP LS1012A board. + +* Tue Jan 15 2019 Srivatsa S. Bhat (VMware) 4.19.15-1 +- Update to version 4.19.15 + +* Fri Jan 11 2019 Srinidhi Rao - 4.19.6-7 +- Add Network support for NXP LS1012A board. + +* Wed Jan 09 2019 Ankit Jain - 4.19.6-6 +- Enable following for x86_64 and aarch64: +- Enable Kernel Address Space Layout Randomization. +- Enable CONFIG_SECURITY_NETWORK_XFRM + +* Fri Jan 04 2019 Srivatsa S. Bhat (VMware) 4.19.6-5 +- Enable AppArmor by default. + +* Wed Jan 02 2019 Alexey Makhalov - 4.19.6-4 +- .config: added Compulab fitlet2 device drivers +- .config_aarch64: added gpio sysfs support +- renamed -sound to -drivers-sound + +* Tue Jan 01 2019 Ajay Kaher - 4.19.6-3 +- .config: Enable CONFIG_PCI_HYPERV driver + +* Wed Dec 19 2018 Srinidhi Rao - 4.19.6-2 +- Add NXP LS1012A support. + +* Mon Dec 10 2018 Srivatsa S. Bhat (VMware) 4.19.6-1 +- Update to version 4.19.6 + +* Fri Dec 07 2018 Alexey Makhalov - 4.19.1-3 +- .config: added qmi wwan module + +* Mon Nov 12 2018 Ajay Kaher - 4.19.1-2 +- Fix config_aarch64 for 4.19.1 + +* Mon Nov 05 2018 Srivatsa S. Bhat (VMware) 4.19.1-1 +- Update to version 4.19.1 + +* Tue Oct 16 2018 Him Kalyan Bordoloi - 4.18.9-5 +- Change in config to enable drivers for zigbee and GPS + +* Fri Oct 12 2018 Ajay Kaher - 4.18.9-4 +- Enable LAN78xx for aarch64 rpi3 + +* Fri Oct 5 2018 Ajay Kaher - 4.18.9-3 +- Fix config_aarch64 for 4.18.9 +- Add module.lds for aarch64 + +* Wed Oct 03 2018 Srivatsa S. Bhat 4.18.9-2 +- Use updated steal time accounting patch. +- .config: Enable CONFIG_CPU_ISOLATION and a few networking options +- that got accidentally dropped in the last update. + +* Mon Oct 1 2018 Srivatsa S. Bhat 4.18.9-1 +- Update to version 4.18.9 + +* Tue Sep 25 2018 Ajay Kaher - 4.14.67-2 +- Build hang (at make oldconfig) fix in config_aarch64 + +* Wed Sep 19 2018 Srivatsa S. Bhat 4.14.67-1 +- Update to version 4.14.67 + +* Tue Sep 18 2018 Srivatsa S. Bhat 4.14.54-7 +- Add rdrand-based RNG driver to enhance kernel entropy. + +* Sun Sep 02 2018 Srivatsa S. Bhat 4.14.54-6 +- Add full retpoline support by building with retpoline-enabled gcc. + +* Thu Aug 30 2018 Srivatsa S. Bhat 4.14.54-5 +- Apply out-of-tree patches needed for AppArmor. + +* Wed Aug 22 2018 Alexey Makhalov - 4.14.54-4 +- Fix overflow kernel panic in rsi driver. +- .config: enable BT stack, enable GPIO sysfs. +- Add Exar USB serial driver. + +* Fri Aug 17 2018 Ajay Kaher - 4.14.54-3 +- Enabled USB PCI in config_aarch64 +- Build hang (at make oldconfig) fix in config_aarch64 + +* Thu Jul 19 2018 Alexey Makhalov - 4.14.54-2 +- .config: usb_serial_pl2303=m,wlan=y,can=m,gpio=y,pinctrl=y,iio=m + +* Mon Jul 09 2018 Him Kalyan Bordoloi - 4.14.54-1 +- Update to version 4.14.54 + +* Fri Jan 26 2018 Alexey Makhalov - 4.14.8-2 +- Added vchiq entry to rpi3 dts +- Added dtb-rpi3 subpackage + +* Fri Dec 22 2017 Alexey Makhalov - 4.14.8-1 +- Version update + +* Wed Dec 13 2017 Alexey Makhalov - 4.9.66-4 +- KAT build support + +* Thu Dec 07 2017 Alexey Makhalov - 4.9.66-3 +- Aarch64 support + +* Tue Dec 05 2017 Alexey Makhalov - 4.9.66-2 +- Sign and compress modules after stripping. fips=1 requires signed modules + +* Mon Dec 04 2017 Srivatsa S. Bhat 4.9.66-1 +- Version update + +* Tue Nov 21 2017 Srivatsa S. Bhat 4.9.64-1 +- Version update + +* Mon Nov 06 2017 Srivatsa S. Bhat 4.9.60-1 +- Version update + +* Wed Oct 11 2017 Srivatsa S. Bhat 4.9.53-3 +- Add patch "KVM: Don't accept obviously wrong gsi values via + KVM_IRQFD" to fix CVE-2017-1000252. + +* Tue Oct 10 2017 Alexey Makhalov - 4.9.53-2 +- Build hang (at make oldconfig) fix. + +* Thu Oct 05 2017 Srivatsa S. Bhat 4.9.53-1 +- Version update + +* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-3 +- Allow privileged CLONE_NEWUSER from nested user namespaces. + +* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-2 +- Fix CVE-2017-11472 (ACPICA: Namespace: fix operand cache leak) + +* Mon Oct 02 2017 Srivatsa S. Bhat 4.9.52-1 +- Version update + +* Mon Sep 18 2017 Alexey Makhalov - 4.9.47-2 +- Requires coreutils or toybox + +* Mon Sep 04 2017 Alexey Makhalov - 4.9.47-1 +- Fix CVE-2017-11600 + +* Tue Aug 22 2017 Anish Swaminathan - 4.9.43-2 +- Add missing xen block drivers + +* Mon Aug 14 2017 Alexey Makhalov - 4.9.43-1 +- Version update +- [feature] new sysctl option unprivileged_userns_clone + +* Wed Aug 09 2017 Alexey Makhalov - 4.9.41-2 +- Fix CVE-2017-7542 +- [bugfix] Added ccm,gcm,ghash,lzo crypto modules to avoid + panic on modprobe tcrypt + +* Mon Aug 07 2017 Alexey Makhalov - 4.9.41-1 +- Version update + +* Fri Aug 04 2017 Bo Gan - 4.9.38-6 +- Fix initramfs triggers + +* Tue Aug 01 2017 Anish Swaminathan - 4.9.38-5 +- Allow some algorithms in FIPS mode +- Reverts 284a0f6e87b0721e1be8bca419893902d9cf577a and backports +- bcf741cb779283081db47853264cc94854e7ad83 in the kernel tree +- Enable additional NF features + +* Fri Jul 21 2017 Anish Swaminathan - 4.9.38-4 +- Add patches in Hyperv codebase + +* Fri Jul 21 2017 Anish Swaminathan - 4.9.38-3 +- Add missing hyperv drivers + +* Thu Jul 20 2017 Alexey Makhalov - 4.9.38-2 +- Disable scheduler beef up patch + +* Tue Jul 18 2017 Alexey Makhalov - 4.9.38-1 +- Fix CVE-2017-11176 and CVE-2017-10911 + +* Mon Jul 03 2017 Xiaolin Li - 4.9.34-3 +- Add libdnet-devel, kmod-devel and libmspack-devel to BuildRequires + +* Thu Jun 29 2017 Divya Thaluru - 4.9.34-2 +- Added obsolete for deprecated linux-dev package + +* Wed Jun 28 2017 Alexey Makhalov - 4.9.34-1 +- [feature] 9P FS security support +- [feature] DM Delay target support +- Fix CVE-2017-1000364 ("stack clash") and CVE-2017-9605 + +* Thu Jun 8 2017 Alexey Makhalov - 4.9.31-1 +- Fix CVE-2017-8890, CVE-2017-9074, CVE-2017-9075, CVE-2017-9076 + CVE-2017-9077 and CVE-2017-9242 +- [feature] IPV6 netfilter NAT table support + +* Fri May 26 2017 Alexey Makhalov - 4.9.30-1 +- Added ENA driver for AMI +- Fix CVE-2017-7487 and CVE-2017-9059 + +* Wed May 17 2017 Vinay Kulkarni - 4.9.28-2 +- Enable IPVLAN module. + +* Tue May 16 2017 Alexey Makhalov - 4.9.28-1 +- Version update + +* Wed May 10 2017 Alexey Makhalov - 4.9.27-1 +- Version update + +* Sun May 7 2017 Alexey Makhalov - 4.9.26-1 +- Version update +- Removed version suffix from config file name + +* Thu Apr 27 2017 Bo Gan - 4.9.24-2 +- Support dynamic initrd generation + +* Tue Apr 25 2017 Alexey Makhalov - 4.9.24-1 +- Fix CVE-2017-6874 and CVE-2017-7618. +- Fix audit-devel BuildRequires. +- .config: build nvme and nvme-core in kernel. + +* Mon Mar 6 2017 Alexey Makhalov - 4.9.13-2 +- .config: NSX requirements for crypto and netfilter + +* Tue Feb 28 2017 Alexey Makhalov - 4.9.13-1 +- Update to linux-4.9.13 to fix CVE-2017-5986 and CVE-2017-6074 + +* Thu Feb 09 2017 Alexey Makhalov - 4.9.9-1 +- Update to linux-4.9.9 to fix CVE-2016-10153, CVE-2017-5546, + CVE-2017-5547, CVE-2017-5548 and CVE-2017-5576. +- .config: added CRYPTO_FIPS support. + +* Tue Jan 10 2017 Alexey Makhalov - 4.9.2-1 +- Update to linux-4.9.2 to fix CVE-2016-10088 +- Move linux-tools.spec to linux.spec as -tools subpackage + +* Mon Dec 19 2016 Xiaolin Li - 4.9.0-2 +- BuildRequires Linux-PAM-devel + +* Mon Dec 12 2016 Alexey Makhalov - 4.9.0-1 +- Update to linux-4.9.0 +- Add paravirt stolen time accounting feature (from linux-esx), + but disable it by default (no-vmw-sta cmdline parameter) + +* Thu Dec 8 2016 Alexey Makhalov - 4.4.35-3 +- net-packet-fix-race-condition-in-packet_set_ring.patch + to fix CVE-2016-8655 + +* Wed Nov 30 2016 Alexey Makhalov - 4.4.35-2 +- Expand `uname -r` with release number +- Check for build-id matching +- Added syscalls tracing support +- Compress modules + +* Mon Nov 28 2016 Alexey Makhalov - 4.4.35-1 +- Update to linux-4.4.35 +- vfio-pci-fix-integer-overflows-bitmask-check.patch + to fix CVE-2016-9083 + +* Tue Nov 22 2016 Alexey Makhalov - 4.4.31-4 +- net-9p-vsock.patch + +* Thu Nov 17 2016 Alexey Makhalov - 4.4.31-3 +- tty-prevent-ldisc-drivers-from-re-using-stale-tty-fields.patch + to fix CVE-2015-8964 + +* Tue Nov 15 2016 Alexey Makhalov - 4.4.31-2 +- .config: add cgrup_hugetlb support +- .config: add netfilter_xt_{set,target_ct} support +- .config: add netfilter_xt_match_{cgroup,ipvs} support + +* Thu Nov 10 2016 Alexey Makhalov - 4.4.31-1 +- Update to linux-4.4.31 + +* Fri Oct 21 2016 Alexey Makhalov - 4.4.26-1 +- Update to linux-4.4.26 + +* Wed Oct 19 2016 Alexey Makhalov - 4.4.20-6 +- net-add-recursion-limit-to-GRO.patch +- scsi-arcmsr-buffer-overflow-in-arcmsr_iop_message_xfer.patch + +* Tue Oct 18 2016 Alexey Makhalov - 4.4.20-5 +- ipip-properly-mark-ipip-GRO-packets-as-encapsulated.patch +- tunnels-dont-apply-GRO-to-multiple-layers-of-encapsulation.patch + +* Mon Oct 3 2016 Alexey Makhalov - 4.4.20-4 +- Package vmlinux with PROGBITS sections in -debuginfo subpackage + +* Tue Sep 27 2016 Alexey Makhalov - 4.4.20-3 +- .config: CONFIG_IP_SET_HASH_{IPMARK,MAC}=m + +* Tue Sep 20 2016 Alexey Makhalov - 4.4.20-2 +- Add -release number for /boot/* files +- Use initrd.img with version and release number +- Rename -dev subpackage to -devel + +* Wed Sep 7 2016 Alexey Makhalov - 4.4.20-1 +- Update to linux-4.4.20 +- apparmor-fix-oops-validate-buffer-size-in-apparmor_setprocattr.patch +- keys-fix-asn.1-indefinite-length-object-parsing.patch + +* Thu Aug 25 2016 Alexey Makhalov - 4.4.8-11 +- vmxnet3 patches to bumpup a version to 1.4.8.0 + +* Wed Aug 10 2016 Alexey Makhalov - 4.4.8-10 +- Added VSOCK-Detach-QP-check-should-filter-out-non-matching-QPs.patch +- .config: pmem hotplug + ACPI NFIT support +- .config: enable EXPERT mode, disable UID16 syscalls + +* Thu Jul 07 2016 Alexey Makhalov - 4.4.8-9 +- .config: pmem + fs_dax support + +* Fri Jun 17 2016 Alexey Makhalov - 4.4.8-8 +- patch: e1000e-prevent-div-by-zero-if-TIMINCA-is-zero.patch +- .config: disable rt group scheduling - not supported by systemd + +* Wed Jun 15 2016 Harish Udaiya Kumar - 4.4.8-7 +- fixed the capitalization for - System.map + +* Thu May 26 2016 Alexey Makhalov - 4.4.8-6 +- patch: REVERT-sched-fair-Beef-up-wake_wide.patch + +* Tue May 24 2016 Priyesh Padmavilasom - 4.4.8-5 +- GA - Bump release of all rpms + +* Mon May 23 2016 Harish Udaiya Kumar - 4.4.8-4 +- Fixed generation of debug symbols for kernel modules & vmlinux. + +* Mon May 23 2016 Divya Thaluru - 4.4.8-3 +- Added patches to fix CVE-2016-3134, CVE-2016-3135 + +* Wed May 18 2016 Harish Udaiya Kumar - 4.4.8-2 +- Enabled CONFIG_UPROBES in config as needed by ktap + +* Wed May 04 2016 Alexey Makhalov - 4.4.8-1 +- Update to linux-4.4.8 +- Added net-Drivers-Vmxnet3-set-... patch + +* Tue May 03 2016 Vinay Kulkarni - 4.2.0-27 +- Compile Intel GigE and VMXNET3 as part of kernel. + +* Thu Apr 28 2016 Nick Shi - 4.2.0-26 +- Compile cramfs.ko to allow mounting cramfs image + +* Tue Apr 12 2016 Vinay Kulkarni - 4.2.0-25 +- Revert network interface renaming disable in kernel. + +* Tue Mar 29 2016 Alexey Makhalov - 4.2.0-24 +- Support kmsg dumping to vmware.log on panic +- sunrpc: xs_bind uses ip_local_reserved_ports + +* Mon Mar 28 2016 Harish Udaiya Kumar - 4.2.0-23 +- Enabled Regular stack protection in Linux kernel in config + +* Thu Mar 17 2016 Harish Udaiya Kumar - 4.2.0-22 +- Restrict the permissions of the /boot/System.map-X file + +* Fri Mar 04 2016 Alexey Makhalov - 4.2.0-21 +- Patch: SUNRPC: Do not reuse srcport for TIME_WAIT socket. + +* Wed Mar 02 2016 Alexey Makhalov - 4.2.0-20 +- Patch: SUNRPC: Ensure that we wait for connections to complete + before retrying + +* Fri Feb 26 2016 Alexey Makhalov - 4.2.0-19 +- Disable watchdog under VMware hypervisor. + +* Thu Feb 25 2016 Alexey Makhalov - 4.2.0-18 +- Added rpcsec_gss_krb5 and nfs_fscache + +* Mon Feb 22 2016 Alexey Makhalov - 4.2.0-17 +- Added sysctl param to control weighted_cpuload() behavior + +* Thu Feb 18 2016 Divya Thaluru - 4.2.0-16 +- Disabling network renaming + +* Sun Feb 14 2016 Alexey Makhalov - 4.2.0-15 +- veth patch: don’t modify ip_summed + +* Thu Feb 11 2016 Alexey Makhalov - 4.2.0-14 +- Full tickless -> idle tickless + simple CPU time accounting +- SLUB -> SLAB +- Disable NUMA balancing +- Disable stack protector +- No build_forced no-CBs CPUs +- Disable Expert configuration mode +- Disable most of debug features from 'Kernel hacking' + +* Mon Feb 08 2016 Alexey Makhalov - 4.2.0-13 +- Double tcp_mem limits, patch is added. + +* Wed Feb 03 2016 Anish Swaminathan - 4.2.0-12 +- Fixes for CVE-2015-7990/6937 and CVE-2015-8660. + +* Tue Jan 26 2016 Anish Swaminathan - 4.2.0-11 +- Revert CONFIG_HZ=250 + +* Fri Jan 22 2016 Alexey Makhalov - 4.2.0-10 +- Fix for CVE-2016-0728 + +* Wed Jan 13 2016 Alexey Makhalov - 4.2.0-9 +- CONFIG_HZ=250 + +* Tue Jan 12 2016 Mahmoud Bassiouny - 4.2.0-8 +- Remove rootfstype from the kernel parameter. + +* Mon Jan 04 2016 Harish Udaiya Kumar - 4.2.0-7 +- Disabled all the tracing options in kernel config. +- Disabled preempt. +- Disabled sched autogroup. + +* Thu Dec 17 2015 Harish Udaiya Kumar - 4.2.0-6 +- Enabled kprobe for systemtap & disabled dynamic function tracing in config + +* Fri Dec 11 2015 Harish Udaiya Kumar - 4.2.0-5 +- Added oprofile kernel driver sub-package. + +* Fri Nov 13 2015 Mahmoud Bassiouny - 4.2.0-4 +- Change the linux image directory. + +* Wed Nov 11 2015 Harish Udaiya Kumar - 4.2.0-3 +- Added the build essential files in the dev sub-package. + +* Mon Nov 09 2015 Vinay Kulkarni - 4.2.0-2 +- Enable Geneve module support for generic kernel. + +* Fri Oct 23 2015 Harish Udaiya Kumar - 4.2.0-1 +- Upgraded the generic linux kernel to version 4.2.0 & and updated timer handling to full tickless mode. + +* Tue Sep 22 2015 Harish Udaiya Kumar - 4.0.9-5 +- Added driver support for frame buffer devices and ACPI + +* Wed Sep 2 2015 Alexey Makhalov - 4.0.9-4 +- Added mouse ps/2 module. + +* Fri Aug 14 2015 Alexey Makhalov - 4.0.9-3 +- Use photon.cfg as a symlink. + +* Thu Aug 13 2015 Alexey Makhalov - 4.0.9-2 +- Added environment file(photon.cfg) for grub. + +* Wed Aug 12 2015 Sharath George - 4.0.9-1 +- Upgrading kernel version. + +* Wed Aug 12 2015 Alexey Makhalov - 3.19.2-5 +- Updated OVT to version 10.0.0. +- Rename -gpu-drivers to -drivers-gpu in accordance to directory structure. +- Added -sound package/ + +* Tue Aug 11 2015 Anish Swaminathan - 3.19.2-4 +- Removed Requires dependencies. + +* Fri Jul 24 2015 Harish Udaiya Kumar - 3.19.2-3 +- Updated the config file to include graphics drivers. + +* Mon May 18 2015 Touseef Liaqat - 3.13.3-2 +- Update according to UsrMove. + +* Wed Nov 5 2014 Divya Thaluru - 3.13.3-1 +- Initial build. First version diff --git a/SPECS/kernel-uvm/config b/SPECS/kernel-uvm/config index 4b992c9738b..fe23ffdc63d 100644 --- a/SPECS/kernel-uvm/config +++ b/SPECS/kernel-uvm/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 5.15.110.mshv2 Kernel Configuration +# Linux/x86_64 6.1.0.mshv11 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 11.2.0" CONFIG_CC_IS_GCC=y @@ -12,7 +12,6 @@ CONFIG_LD_IS_BFD=y CONFIG_LD_VERSION=23700 CONFIG_LLD_VERSION=0 CONFIG_CC_CAN_LINK=y -CONFIG_CC_HAS_ASM_GOTO=y CONFIG_CC_HAS_ASM_GOTO_OUTPUT=y CONFIG_CC_HAS_ASM_GOTO_TIED_OUTPUT=y CONFIG_CC_HAS_ASM_INLINE=y @@ -47,7 +46,6 @@ CONFIG_KERNEL_GZIP=y # CONFIG_KERNEL_ZSTD is not set CONFIG_DEFAULT_INIT="" CONFIG_DEFAULT_HOSTNAME="(none)" -CONFIG_SWAP=y CONFIG_SYSVIPC=y CONFIG_SYSVIPC_SYSCTL=y CONFIG_POSIX_MQUEUE=y @@ -88,6 +86,8 @@ CONFIG_GENERIC_CLOCKEVENTS_MIN_ADJUST=y CONFIG_GENERIC_CMOS_UPDATE=y CONFIG_HAVE_POSIX_CPU_TIMERS_TASK_WORK=y CONFIG_POSIX_CPU_TIMERS_TASK_WORK=y +CONFIG_CONTEXT_TRACKING=y +CONFIG_CONTEXT_TRACKING_IDLE=y # # Timers subsystem @@ -97,10 +97,11 @@ CONFIG_NO_HZ_COMMON=y # CONFIG_HZ_PERIODIC is not set # CONFIG_NO_HZ_IDLE is not set CONFIG_NO_HZ_FULL=y -CONFIG_CONTEXT_TRACKING=y -# CONFIG_CONTEXT_TRACKING_FORCE is not set +CONFIG_CONTEXT_TRACKING_USER=y +# CONFIG_CONTEXT_TRACKING_USER_FORCE is not set CONFIG_NO_HZ=y CONFIG_HIGH_RES_TIMERS=y +CONFIG_CLOCKSOURCE_WATCHDOG_MAX_SKEW_US=100 # end of Timers subsystem CONFIG_BPF=y @@ -116,9 +117,11 @@ CONFIG_BPF_SYSCALL=y # CONFIG_BPF_PRELOAD is not set # end of BPF subsystem -CONFIG_PREEMPT_NONE=y -# CONFIG_PREEMPT_VOLUNTARY is not set +CONFIG_PREEMPT_VOLUNTARY_BUILD=y +# CONFIG_PREEMPT_NONE is not set +CONFIG_PREEMPT_VOLUNTARY=y # CONFIG_PREEMPT is not set +# CONFIG_PREEMPT_DYNAMIC is not set # CONFIG_SCHED_CORE is not set # @@ -146,6 +149,7 @@ CONFIG_TASKS_TRACE_RCU=y CONFIG_RCU_STALL_COMMON=y CONFIG_RCU_NEED_SEGCBLIST=y CONFIG_RCU_NOCB_CPU=y +# CONFIG_RCU_NOCB_CPU_DEFAULT_ALL is not set # end of RCU Subsystem CONFIG_IKCONFIG=y @@ -165,12 +169,14 @@ CONFIG_HAVE_UNSTABLE_SCHED_CLOCK=y CONFIG_ARCH_SUPPORTS_NUMA_BALANCING=y CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y CONFIG_CC_HAS_INT128=y +CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" +CONFIG_GCC12_NO_ARRAY_BOUNDS=y CONFIG_ARCH_SUPPORTS_INT128=y # CONFIG_NUMA_BALANCING is not set CONFIG_CGROUPS=y CONFIG_PAGE_COUNTER=y +# CONFIG_CGROUP_FAVOR_DYNMODS is not set CONFIG_MEMCG=y -CONFIG_MEMCG_SWAP=y CONFIG_MEMCG_KMEM=y CONFIG_BLK_CGROUP=y CONFIG_CGROUP_WRITEBACK=y @@ -189,6 +195,7 @@ CONFIG_CGROUP_CPUACCT=y CONFIG_CGROUP_PERF=y CONFIG_CGROUP_BPF=y # CONFIG_CGROUP_MISC is not set +# CONFIG_CGROUP_DEBUG is not set CONFIG_SOCK_CGROUP_DATA=y CONFIG_NAMESPACES=y CONFIG_UTS_NS=y @@ -211,6 +218,7 @@ CONFIG_RD_GZIP=y # CONFIG_RD_LZ4 is not set # CONFIG_RD_ZSTD is not set # CONFIG_BOOT_CONFIG is not set +CONFIG_INITRAMFS_PRESERVE_MTIME=y CONFIG_CC_OPTIMIZE_FOR_PERFORMANCE=y # CONFIG_CC_OPTIMIZE_FOR_SIZE is not set CONFIG_LD_ORPHAN_WARN=y @@ -240,9 +248,9 @@ CONFIG_IO_URING=y CONFIG_ADVISE_SYSCALLS=y CONFIG_MEMBARRIER=y CONFIG_KALLSYMS=y +# CONFIG_KALLSYMS_ALL is not set CONFIG_KALLSYMS_ABSOLUTE_PERCPU=y CONFIG_KALLSYMS_BASE_RELATIVE=y -# CONFIG_USERFAULTFD is not set CONFIG_ARCH_HAS_MEMBARRIER_SYNC_CORE=y CONFIG_RSEQ=y # CONFIG_EMBEDDED is not set @@ -252,18 +260,9 @@ CONFIG_HAVE_PERF_EVENTS=y # Kernel Performance Events And Counters # CONFIG_PERF_EVENTS=y +# CONFIG_DEBUG_PERF_USE_VMALLOC is not set # end of Kernel Performance Events And Counters -CONFIG_VM_EVENT_COUNTERS=y -CONFIG_SLUB_DEBUG=y -# CONFIG_COMPAT_BRK is not set -# CONFIG_SLAB is not set -CONFIG_SLUB=y -# CONFIG_SLAB_MERGE_DEFAULT is not set -# CONFIG_SLAB_FREELIST_RANDOM is not set -# CONFIG_SLAB_FREELIST_HARDENED is not set -# CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set -# CONFIG_SLUB_CPU_PARTIAL is not set # CONFIG_PROFILING is not set # end of General setup @@ -285,19 +284,15 @@ CONFIG_GENERIC_BUG_RELATIVE_POINTERS=y CONFIG_ARCH_MAY_HAVE_PC_FDC=y CONFIG_GENERIC_CALIBRATE_DELAY=y CONFIG_ARCH_HAS_CPU_RELAX=y -CONFIG_ARCH_HAS_FILTER_PGPROT=y -CONFIG_HAVE_SETUP_PER_CPU_AREA=y -CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y -CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y CONFIG_ARCH_HIBERNATION_POSSIBLE=y CONFIG_ARCH_NR_GPIO=1024 CONFIG_ARCH_SUSPEND_POSSIBLE=y -CONFIG_ARCH_WANT_GENERAL_HUGETLB=y CONFIG_AUDIT_ARCH=y CONFIG_HAVE_INTEL_TXT=y CONFIG_X86_64_SMP=y CONFIG_ARCH_SUPPORTS_UPROBES=y CONFIG_FIX_EARLYCON_MEM=y +CONFIG_DYNAMIC_PHYSICAL_MASK=y CONFIG_PGTABLE_LEVELS=4 CONFIG_CC_HAS_SANE_STACKPROTECTOR=y @@ -317,7 +312,8 @@ CONFIG_X86_MPPARSE=y # CONFIG_SCHED_OMIT_FRAME_POINTER is not set CONFIG_HYPERVISOR_GUEST=y CONFIG_PARAVIRT=y -# CONFIG_PARAVIRT_SPINLOCKS is not set +# CONFIG_PARAVIRT_DEBUG is not set +CONFIG_PARAVIRT_SPINLOCKS=y CONFIG_X86_HV_CALLBACK_VECTOR=y # CONFIG_XEN is not set CONFIG_KVM_GUEST=y @@ -327,6 +323,7 @@ CONFIG_PVH=y CONFIG_PARAVIRT_CLOCK=y # CONFIG_JAILHOUSE_GUEST is not set # CONFIG_ACRN_GUEST is not set +# CONFIG_INTEL_TDX_GUEST is not set # CONFIG_MK8 is not set # CONFIG_MPSC is not set # CONFIG_MCORE2 is not set @@ -348,13 +345,16 @@ CONFIG_CPU_SUP_CENTAUR=y CONFIG_CPU_SUP_ZHAOXIN=y CONFIG_HPET_TIMER=y CONFIG_DMI=y -# CONFIG_GART_IOMMU is not set -CONFIG_NR_CPUS_RANGE_BEGIN=2 -CONFIG_NR_CPUS_RANGE_END=512 -CONFIG_NR_CPUS_DEFAULT=64 -CONFIG_NR_CPUS=240 +CONFIG_GART_IOMMU=y +CONFIG_MAXSMP=y +CONFIG_NR_CPUS_RANGE_BEGIN=8192 +CONFIG_NR_CPUS_RANGE_END=8192 +CONFIG_NR_CPUS_DEFAULT=8192 +CONFIG_NR_CPUS=8192 +# CONFIG_SCHED_CLUSTER is not set CONFIG_SCHED_SMT=y -# CONFIG_SCHED_MC is not set +CONFIG_SCHED_MC=y +CONFIG_SCHED_MC_PRIO=y CONFIG_X86_LOCAL_APIC=y CONFIG_X86_IO_APIC=y # CONFIG_X86_REROUTE_FOR_BROKEN_BOOT_IRQS is not set @@ -367,7 +367,8 @@ CONFIG_X86_IO_APIC=y # CONFIG_PERF_EVENTS_INTEL_RAPL is not set # CONFIG_PERF_EVENTS_INTEL_CSTATE is not set # CONFIG_PERF_EVENTS_AMD_POWER is not set -# CONFIG_PERF_EVENTS_AMD_UNCORE is not set +CONFIG_PERF_EVENTS_AMD_UNCORE=y +# CONFIG_PERF_EVENTS_AMD_BRS is not set # end of Performance monitoring CONFIG_X86_16BIT=y @@ -379,26 +380,29 @@ CONFIG_X86_MSR=y CONFIG_X86_CPUID=y # CONFIG_X86_5LEVEL is not set CONFIG_X86_DIRECT_GBPAGES=y -# CONFIG_AMD_MEM_ENCRYPT is not set +CONFIG_X86_MEM_ENCRYPT=y +CONFIG_AMD_MEM_ENCRYPT=y +CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y CONFIG_NUMA=y -# CONFIG_AMD_NUMA is not set -# CONFIG_X86_64_ACPI_NUMA is not set +CONFIG_AMD_NUMA=y +CONFIG_X86_64_ACPI_NUMA=y # CONFIG_NUMA_EMU is not set -CONFIG_NODES_SHIFT=6 +CONFIG_NODES_SHIFT=10 CONFIG_ARCH_SPARSEMEM_ENABLE=y CONFIG_ARCH_SPARSEMEM_DEFAULT=y -CONFIG_ARCH_SELECT_MEMORY_MODEL=y # CONFIG_ARCH_MEMORY_PROBE is not set CONFIG_ILLEGAL_POINTER_VALUE=0xdead000000000000 # CONFIG_X86_PMEM_LEGACY is not set # CONFIG_X86_CHECK_BIOS_CORRUPTION is not set CONFIG_MTRR=y -# CONFIG_MTRR_SANITIZER is not set +CONFIG_MTRR_SANITIZER=y +CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=0 +CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1 CONFIG_X86_PAT=y CONFIG_ARCH_USES_PG_UNCACHED=y -CONFIG_ARCH_RANDOM=y -CONFIG_X86_SMAP=y CONFIG_X86_UMIP=y +CONFIG_CC_HAS_IBT=y +# CONFIG_X86_KERNEL_IBT is not set # CONFIG_X86_INTEL_MEMORY_PROTECTION_KEYS is not set CONFIG_X86_INTEL_TSX_MODE_OFF=y # CONFIG_X86_INTEL_TSX_MODE_ON is not set @@ -415,19 +419,16 @@ CONFIG_SCHED_HRTICK=y # CONFIG_KEXEC_FILE is not set # CONFIG_CRASH_DUMP is not set CONFIG_PHYSICAL_START=0x1000000 -CONFIG_RELOCATABLE=y -CONFIG_RANDOMIZE_BASE=y -CONFIG_X86_NEED_RELOCS=y +# CONFIG_RELOCATABLE is not set CONFIG_PHYSICAL_ALIGN=0x200000 -# CONFIG_RANDOMIZE_MEMORY is not set CONFIG_HOTPLUG_CPU=y # CONFIG_BOOTPARAM_HOTPLUG_CPU0 is not set # CONFIG_DEBUG_HOTPLUG_CPU0 is not set -# CONFIG_LEGACY_VSYSCALL_EMULATE is not set -# CONFIG_LEGACY_VSYSCALL_XONLY is not set -CONFIG_LEGACY_VSYSCALL_NONE=y +CONFIG_LEGACY_VSYSCALL_XONLY=y +# CONFIG_LEGACY_VSYSCALL_NONE is not set # CONFIG_CMDLINE_BOOL is not set CONFIG_MODIFY_LDT_SYSCALL=y +# CONFIG_STRICT_SIGALTSTACK_SIZE is not set CONFIG_HAVE_LIVEPATCH=y # end of Processor type and features @@ -441,7 +442,6 @@ CONFIG_CPU_IBPB_ENTRY=y CONFIG_CPU_IBRS_ENTRY=y CONFIG_ARCH_HAS_ADD_PAGES=y CONFIG_ARCH_MHP_MEMMAP_ON_MEMORY_ENABLE=y -CONFIG_USE_PERCPU_NUMA_NODE_ID=y # # Power management and ACPI options @@ -469,10 +469,11 @@ CONFIG_ACPI_BUTTON=y CONFIG_ACPI_CPU_FREQ_PSS=y CONFIG_ACPI_PROCESSOR_CSTATE=y CONFIG_ACPI_PROCESSOR_IDLE=y +CONFIG_ACPI_CPPC_LIB=y CONFIG_ACPI_PROCESSOR=y CONFIG_ACPI_HOTPLUG_CPU=y # CONFIG_ACPI_PROCESSOR_AGGREGATOR is not set -# CONFIG_ACPI_THERMAL is not set +CONFIG_ACPI_THERMAL=y CONFIG_ACPI_CUSTOM_DSDT_FILE="" CONFIG_ARCH_HAS_ACPI_TABLE_UPGRADE=y CONFIG_ACPI_TABLE_UPGRADE=y @@ -485,13 +486,17 @@ CONFIG_ACPI_HOTPLUG_IOAPIC=y # CONFIG_ACPI_HED is not set CONFIG_ACPI_NFIT=y # CONFIG_NFIT_SECURITY_DEBUG is not set -# CONFIG_ACPI_NUMA is not set +CONFIG_ACPI_NUMA=y +# CONFIG_ACPI_HMAT is not set CONFIG_HAVE_ACPI_APEI=y CONFIG_HAVE_ACPI_APEI_NMI=y # CONFIG_ACPI_APEI is not set # CONFIG_ACPI_DPTF is not set # CONFIG_ACPI_CONFIGFS is not set +# CONFIG_ACPI_PFRUT is not set +CONFIG_ACPI_PCC=y # CONFIG_PMIC_OPREGION is not set +CONFIG_ACPI_VIOT=y CONFIG_X86_PM_TIMER=y # @@ -516,6 +521,8 @@ CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y # CONFIG_X86_INTEL_PSTATE=y # CONFIG_X86_PCC_CPUFREQ is not set +# CONFIG_X86_AMD_PSTATE is not set +# CONFIG_X86_AMD_PSTATE_UT is not set # CONFIG_X86_ACPI_CPUFREQ is not set # CONFIG_X86_SPEEDSTEP_CENTRINO is not set # CONFIG_X86_P4_CLOCKMOD is not set @@ -553,7 +560,7 @@ CONFIG_AMD_NB=y # Binary Emulations # # CONFIG_IA32_EMULATION is not set -# CONFIG_X86_X32 is not set +# CONFIG_X86_X32_ABI is not set # end of Binary Emulations CONFIG_HAVE_KVM=y @@ -578,6 +585,7 @@ CONFIG_HAVE_KPROBES=y CONFIG_HAVE_KRETPROBES=y CONFIG_HAVE_OPTPROBES=y CONFIG_HAVE_KPROBES_ON_FTRACE=y +CONFIG_ARCH_CORRECT_STACKTRACE_ON_KRETPROBE=y CONFIG_HAVE_FUNCTION_ERROR_INJECTION=y CONFIG_HAVE_NMI=y CONFIG_TRACE_IRQFLAGS_SUPPORT=y @@ -594,6 +602,7 @@ CONFIG_ARCH_WANTS_NO_INSTR=y CONFIG_HAVE_ASM_MODVERSIONS=y CONFIG_HAVE_REGS_AND_STACK_ACCESS_API=y CONFIG_HAVE_RSEQ=y +CONFIG_HAVE_RUST=y CONFIG_HAVE_FUNCTION_ARG_ACCESS_API=y CONFIG_HAVE_HW_BREAKPOINT=y CONFIG_HAVE_MIXED_BREAKPOINTS_REGS=y @@ -606,6 +615,7 @@ CONFIG_HAVE_ARCH_JUMP_LABEL=y CONFIG_HAVE_ARCH_JUMP_LABEL_RELATIVE=y CONFIG_MMU_GATHER_TABLE_FREE=y CONFIG_MMU_GATHER_RCU_TABLE_FREE=y +CONFIG_MMU_GATHER_MERGE_VMAS=y CONFIG_ARCH_HAVE_NMI_SAFE_CMPXCHG=y CONFIG_HAVE_ALIGNED_STRUCT_PAGE=y CONFIG_HAVE_CMPXCHG_LOCAL=y @@ -622,9 +632,10 @@ CONFIG_STACKPROTECTOR_STRONG=y CONFIG_ARCH_SUPPORTS_LTO_CLANG=y CONFIG_ARCH_SUPPORTS_LTO_CLANG_THIN=y CONFIG_LTO_NONE=y +CONFIG_ARCH_SUPPORTS_CFI_CLANG=y CONFIG_HAVE_ARCH_WITHIN_STACK_FRAMES=y -CONFIG_HAVE_CONTEXT_TRACKING=y -CONFIG_HAVE_CONTEXT_TRACKING_OFFSTACK=y +CONFIG_HAVE_CONTEXT_TRACKING_USER=y +CONFIG_HAVE_CONTEXT_TRACKING_USER_OFFSTACK=y CONFIG_HAVE_VIRT_CPU_ACCOUNTING_GEN=y CONFIG_HAVE_IRQ_TIME_ACCOUNTING=y CONFIG_HAVE_MOVE_PUD=y @@ -632,36 +643,53 @@ CONFIG_HAVE_MOVE_PMD=y CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE=y CONFIG_HAVE_ARCH_TRANSPARENT_HUGEPAGE_PUD=y CONFIG_HAVE_ARCH_HUGE_VMAP=y +CONFIG_HAVE_ARCH_HUGE_VMALLOC=y CONFIG_ARCH_WANT_HUGE_PMD_SHARE=y CONFIG_HAVE_ARCH_SOFT_DIRTY=y CONFIG_HAVE_MOD_ARCH_SPECIFIC=y CONFIG_MODULES_USE_ELF_RELA=y CONFIG_HAVE_IRQ_EXIT_ON_IRQ_STACK=y CONFIG_HAVE_SOFTIRQ_ON_OWN_STACK=y +CONFIG_SOFTIRQ_ON_OWN_STACK=y CONFIG_ARCH_HAS_ELF_RANDOMIZE=y CONFIG_HAVE_ARCH_MMAP_RND_BITS=y CONFIG_HAVE_EXIT_THREAD=y CONFIG_ARCH_MMAP_RND_BITS=28 +CONFIG_PAGE_SIZE_LESS_THAN_64KB=y +CONFIG_PAGE_SIZE_LESS_THAN_256KB=y +CONFIG_HAVE_OBJTOOL=y +CONFIG_HAVE_JUMP_LABEL_HACK=y +CONFIG_HAVE_NOINSTR_HACK=y +CONFIG_HAVE_NOINSTR_VALIDATION=y +CONFIG_HAVE_UACCESS_VALIDATION=y CONFIG_HAVE_STACK_VALIDATION=y CONFIG_HAVE_RELIABLE_STACKTRACE=y # CONFIG_COMPAT_32BIT_TIME is not set CONFIG_HAVE_ARCH_VMAP_STACK=y CONFIG_VMAP_STACK=y CONFIG_HAVE_ARCH_RANDOMIZE_KSTACK_OFFSET=y +CONFIG_RANDOMIZE_KSTACK_OFFSET=y # CONFIG_RANDOMIZE_KSTACK_OFFSET_DEFAULT is not set CONFIG_ARCH_HAS_STRICT_KERNEL_RWX=y CONFIG_STRICT_KERNEL_RWX=y CONFIG_ARCH_HAS_STRICT_MODULE_RWX=y CONFIG_STRICT_MODULE_RWX=y CONFIG_HAVE_ARCH_PREL32_RELOCATIONS=y +CONFIG_ARCH_USE_MEMREMAP_PROT=y CONFIG_ARCH_HAS_MEM_ENCRYPT=y +CONFIG_ARCH_HAS_CC_PLATFORM=y CONFIG_HAVE_STATIC_CALL=y CONFIG_HAVE_STATIC_CALL_INLINE=y CONFIG_HAVE_PREEMPT_DYNAMIC=y +CONFIG_HAVE_PREEMPT_DYNAMIC_CALL=y CONFIG_ARCH_WANT_LD_ORPHAN_WARN=y CONFIG_ARCH_SUPPORTS_DEBUG_PAGEALLOC=y +CONFIG_ARCH_SUPPORTS_PAGE_TABLE_CHECK=y CONFIG_ARCH_HAS_ELFCORE_COMPAT=y CONFIG_ARCH_HAS_PARANOID_L1D_FLUSH=y +CONFIG_DYNAMIC_SIGFRAME=y +CONFIG_HAVE_ARCH_NODE_DEV_GROUP=y +CONFIG_ARCH_HAS_NONLEAF_PMD_YOUNG=y # # GCOV-based kernel profiling @@ -672,7 +700,6 @@ CONFIG_ARCH_HAS_GCOV_PROFILE_ALL=y CONFIG_HAVE_GCC_PLUGINS=y CONFIG_GCC_PLUGINS=y # CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set -# CONFIG_GCC_PLUGIN_RANDSTRUCT is not set # end of General architecture-dependent options CONFIG_RT_MUTEXES=y @@ -691,10 +718,12 @@ CONFIG_MODULE_COMPRESS_NONE=y CONFIG_MODPROBE_PATH="/sbin/modprobe" CONFIG_MODULES_TREE_LOOKUP=y CONFIG_BLOCK=y +CONFIG_BLOCK_LEGACY_AUTOLOAD=y CONFIG_BLK_CGROUP_RWSTAT=y CONFIG_BLK_DEV_BSG_COMMON=y -# CONFIG_BLK_DEV_BSGLIB is not set -# CONFIG_BLK_DEV_INTEGRITY is not set +CONFIG_BLK_DEV_BSGLIB=y +CONFIG_BLK_DEV_INTEGRITY=y +CONFIG_BLK_DEV_INTEGRITY_T10=y # CONFIG_BLK_DEV_ZONED is not set CONFIG_BLK_DEV_THROTTLING=y # CONFIG_BLK_DEV_THROTTLING_LOW is not set @@ -716,6 +745,7 @@ CONFIG_EFI_PARTITION=y CONFIG_BLK_MQ_PCI=y CONFIG_BLK_MQ_VIRTIO=y CONFIG_BLOCK_HOLDER_DEPRECATED=y +CONFIG_BLK_MQ_STACKING=y # # IO Schedulers @@ -749,7 +779,7 @@ CONFIG_FREEZER=y # CONFIG_BINFMT_ELF=y CONFIG_ELFCORE=y -# CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS is not set +CONFIG_CORE_DUMP_DEFAULT_ELF_HEADERS=y CONFIG_BINFMT_SCRIPT=y CONFIG_BINFMT_MISC=y CONFIG_COREDUMP=y @@ -758,8 +788,23 @@ CONFIG_COREDUMP=y # # Memory Management options # -CONFIG_SELECT_MEMORY_MODEL=y -CONFIG_SPARSEMEM_MANUAL=y +CONFIG_SWAP=y +# CONFIG_ZSWAP is not set + +# +# SLAB allocator options +# +# CONFIG_SLAB is not set +CONFIG_SLUB=y +# CONFIG_SLAB_MERGE_DEFAULT is not set +# CONFIG_SLAB_FREELIST_RANDOM is not set +# CONFIG_SLAB_FREELIST_HARDENED is not set +# CONFIG_SLUB_STATS is not set +CONFIG_SLUB_CPU_PARTIAL=y +# end of SLAB allocator options + +# CONFIG_SHUFFLE_PAGE_ALLOCATOR is not set +# CONFIG_COMPAT_BRK is not set CONFIG_SPARSEMEM=y CONFIG_SPARSEMEM_EXTREME=y CONFIG_SPARSEMEM_VMEMMAP_ENABLE=y @@ -767,43 +812,54 @@ CONFIG_SPARSEMEM_VMEMMAP=y CONFIG_HAVE_FAST_GUP=y CONFIG_NUMA_KEEP_MEMINFO=y CONFIG_MEMORY_ISOLATION=y +CONFIG_EXCLUSIVE_SYSTEM_RAM=y CONFIG_HAVE_BOOTMEM_INFO_NODE=y CONFIG_ARCH_ENABLE_MEMORY_HOTPLUG=y +CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y CONFIG_MEMORY_HOTPLUG=y -CONFIG_MEMORY_HOTPLUG_SPARSE=y CONFIG_MEMORY_HOTPLUG_DEFAULT_ONLINE=y -CONFIG_ARCH_ENABLE_MEMORY_HOTREMOVE=y CONFIG_MEMORY_HOTREMOVE=y CONFIG_MHP_MEMMAP_ON_MEMORY=y CONFIG_SPLIT_PTLOCK_CPUS=4 CONFIG_ARCH_ENABLE_SPLIT_PMD_PTLOCK=y +CONFIG_MEMORY_BALLOON=y +CONFIG_BALLOON_COMPACTION=y CONFIG_COMPACTION=y -# CONFIG_PAGE_REPORTING is not set +CONFIG_COMPACT_UNEVICTABLE_DEFAULT=1 +CONFIG_PAGE_REPORTING=y CONFIG_MIGRATION=y +CONFIG_DEVICE_MIGRATION=y CONFIG_ARCH_ENABLE_HUGEPAGE_MIGRATION=y +CONFIG_ARCH_ENABLE_THP_MIGRATION=y CONFIG_CONTIG_ALLOC=y CONFIG_PHYS_ADDR_T_64BIT=y -CONFIG_VIRT_TO_BUS=y CONFIG_MMU_NOTIFIER=y -# CONFIG_KSM is not set +CONFIG_KSM=y CONFIG_DEFAULT_MMAP_MIN_ADDR=4096 -# CONFIG_TRANSPARENT_HUGEPAGE is not set +CONFIG_ARCH_WANT_GENERAL_HUGETLB=y CONFIG_ARCH_WANTS_THP_SWAP=y -# CONFIG_CLEANCACHE is not set -# CONFIG_FRONTSWAP is not set +CONFIG_TRANSPARENT_HUGEPAGE=y +# CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS is not set +CONFIG_TRANSPARENT_HUGEPAGE_MADVISE=y +CONFIG_THP_SWAP=y +# CONFIG_READ_ONLY_THP_FOR_FS is not set +CONFIG_NEED_PER_CPU_EMBED_FIRST_CHUNK=y +CONFIG_NEED_PER_CPU_PAGE_FIRST_CHUNK=y +CONFIG_USE_PERCPU_NUMA_NODE_ID=y +CONFIG_HAVE_SETUP_PER_CPU_AREA=y # CONFIG_CMA is not set -# CONFIG_ZPOOL is not set -# CONFIG_ZSMALLOC is not set CONFIG_GENERIC_EARLY_IOREMAP=y # CONFIG_DEFERRED_STRUCT_PAGE_INIT is not set # CONFIG_IDLE_PAGE_TRACKING is not set CONFIG_ARCH_HAS_CACHE_LINE_SIZE=y +CONFIG_ARCH_HAS_CURRENT_STACK_POINTER=y CONFIG_ARCH_HAS_PTE_DEVMAP=y CONFIG_ZONE_DMA=y CONFIG_ZONE_DMA32=y CONFIG_ZONE_DEVICE=y -CONFIG_DEV_PAGEMAP_OPS=y # CONFIG_DEVICE_PRIVATE is not set +CONFIG_VMAP_PFN=y +CONFIG_VM_EVENT_COUNTERS=y # CONFIG_PERCPU_STATS is not set # @@ -811,6 +867,9 @@ CONFIG_DEV_PAGEMAP_OPS=y # CONFIG_ARCH_HAS_PTE_SPECIAL=y CONFIG_SECRETMEM=y +# CONFIG_ANON_VMA_NAME is not set +# CONFIG_USERFAULTFD is not set +# CONFIG_LRU_GEN is not set # # Data Access Monitoring @@ -821,6 +880,7 @@ CONFIG_SECRETMEM=y CONFIG_NET=y CONFIG_NET_INGRESS=y +CONFIG_NET_EGRESS=y CONFIG_SKB_EXTENSIONS=y # @@ -859,7 +919,6 @@ CONFIG_SYN_COOKIES=y # CONFIG_INET_AH is not set # CONFIG_INET_ESP is not set # CONFIG_INET_IPCOMP is not set -CONFIG_INET_TABLE_PERTURB_ORDER=16 # CONFIG_INET_DIAG is not set CONFIG_TCP_CONG_ADVANCED=y # CONFIG_TCP_CONG_BIC is not set @@ -913,6 +972,7 @@ CONFIG_NETFILTER_ADVANCED=y # Core Netfilter Configuration # CONFIG_NETFILTER_INGRESS=y +CONFIG_NETFILTER_EGRESS=y CONFIG_NETFILTER_NETLINK=y CONFIG_NETFILTER_FAMILY_ARP=y CONFIG_NETFILTER_NETLINK_ACCT=y @@ -1176,7 +1236,6 @@ CONFIG_BRIDGE_IGMP_SNOOPING=y # CONFIG_BRIDGE_CFM is not set # CONFIG_NET_DSA is not set # CONFIG_VLAN_8021Q is not set -# CONFIG_DECNET is not set CONFIG_LLC=y # CONFIG_LLC2 is not set # CONFIG_ATALK is not set @@ -1226,6 +1285,7 @@ CONFIG_NET_SCH_FQ=y # CONFIG_NET_CLS=y # CONFIG_NET_CLS_BASIC is not set +# CONFIG_NET_CLS_TCINDEX is not set # CONFIG_NET_CLS_ROUTE4 is not set # CONFIG_NET_CLS_FW is not set # CONFIG_NET_CLS_U32 is not set @@ -1293,6 +1353,7 @@ CONFIG_FIB_RULES=y # CONFIG_WIRELESS is not set # CONFIG_RFKILL is not set CONFIG_NET_9P=y +CONFIG_NET_9P_FD=y CONFIG_NET_9P_VIRTIO=y # CONFIG_NET_9P_DEBUG is not set # CONFIG_CAIF is not set @@ -1303,6 +1364,8 @@ CONFIG_NET_9P_VIRTIO=y # CONFIG_LWTUNNEL is not set CONFIG_GRO_CELLS=y CONFIG_NET_SOCK_MSG=y +CONFIG_PAGE_POOL=y +# CONFIG_PAGE_POOL_STATS is not set CONFIG_FAILOVER=y # CONFIG_ETHTOOL_NETLINK is not set @@ -1326,15 +1389,18 @@ CONFIG_PCIEASPM_DEFAULT=y CONFIG_PCI_MSI=y CONFIG_PCI_MSI_IRQ_DOMAIN=y CONFIG_PCI_QUIRKS=y +# CONFIG_PCI_DEBUG is not set # CONFIG_PCI_STUB is not set CONFIG_PCI_ATS=y CONFIG_PCI_LOCKLESS_CONFIG=y # CONFIG_PCI_IOV is not set -# CONFIG_PCI_PRI is not set -# CONFIG_PCI_PASID is not set +CONFIG_PCI_PRI=y +CONFIG_PCI_PASID=y # CONFIG_PCI_P2PDMA is not set CONFIG_PCI_LABEL=y # CONFIG_PCI_HYPERV is not set +CONFIG_VGA_ARB=y +CONFIG_VGA_ARB_MAX_GPUS=16 CONFIG_HOTPLUG_PCI=y CONFIG_HOTPLUG_PCI_ACPI=y # CONFIG_HOTPLUG_PCI_ACPI_IBM is not set @@ -1387,6 +1453,7 @@ CONFIG_HOTPLUG_PCI_SHPC=y # CONFIG_UEVENT_HELPER is not set CONFIG_DEVTMPFS=y CONFIG_DEVTMPFS_MOUNT=y +# CONFIG_DEVTMPFS_SAFE is not set # CONFIG_STANDALONE is not set # CONFIG_PREVENT_FIRMWARE_BUILD is not set @@ -1397,9 +1464,13 @@ CONFIG_FW_LOADER=y CONFIG_EXTRA_FIRMWARE="" # CONFIG_FW_LOADER_USER_HELPER is not set # CONFIG_FW_LOADER_COMPRESS is not set +# CONFIG_FW_UPLOAD is not set # end of Firmware loader CONFIG_ALLOW_DEV_COREDUMP=y +# CONFIG_DEBUG_DRIVER is not set +# CONFIG_DEBUG_DEVRES is not set +# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set # CONFIG_TEST_ASYNC_DRIVER_PROBE is not set CONFIG_GENERIC_CPU_AUTOPROBE=y CONFIG_GENERIC_CPU_VULNERABILITIES=y @@ -1409,6 +1480,7 @@ CONFIG_GENERIC_CPU_VULNERABILITIES=y # Bus devices # # CONFIG_MHI_BUS is not set +# CONFIG_MHI_BUS_EP is not set # end of Bus devices # CONFIG_CONNECTOR is not set @@ -1424,12 +1496,11 @@ CONFIG_GENERIC_CPU_VULNERABILITIES=y # CONFIG_EDD is not set CONFIG_FIRMWARE_MEMMAP=y -# CONFIG_DMIID is not set -# CONFIG_DMI_SYSFS is not set +CONFIG_DMIID=y +CONFIG_DMI_SYSFS=y CONFIG_DMI_SCAN_MACHINE_NON_EFI_FALLBACK=y # CONFIG_ISCSI_IBFT is not set # CONFIG_FW_CFG_SYSFS is not set -CONFIG_SYSFB=y # CONFIG_SYSFB_SIMPLEFB is not set # CONFIG_GOOGLE_FIRMWARE is not set @@ -1457,18 +1528,16 @@ CONFIG_BLK_DEV=y # CONFIG_BLK_DEV_PCIESSD_MTIP32XX is not set CONFIG_BLK_DEV_LOOP=y CONFIG_BLK_DEV_LOOP_MIN_COUNT=8 -# CONFIG_BLK_DEV_CRYPTOLOOP is not set # CONFIG_BLK_DEV_DRBD is not set # CONFIG_BLK_DEV_NBD is not set -# CONFIG_BLK_DEV_SX8 is not set CONFIG_BLK_DEV_RAM=y CONFIG_BLK_DEV_RAM_COUNT=16 -CONFIG_BLK_DEV_RAM_SIZE=4096 +CONFIG_BLK_DEV_RAM_SIZE=16384 # CONFIG_CDROM_PKTCDVD is not set # CONFIG_ATA_OVER_ETH is not set CONFIG_VIRTIO_BLK=y # CONFIG_BLK_DEV_RBD is not set -# CONFIG_BLK_DEV_RSXX is not set +# CONFIG_BLK_DEV_UBLK is not set # # NVME Support @@ -1575,7 +1644,6 @@ CONFIG_SCSI_LOWLEVEL=y # CONFIG_SCSI_AIC94XX is not set # CONFIG_SCSI_MVSAS is not set # CONFIG_SCSI_MVUMI is not set -# CONFIG_SCSI_DPT_I2O is not set # CONFIG_SCSI_ADVANSYS is not set # CONFIG_SCSI_ARCMSR is not set # CONFIG_SCSI_ESAS2R is not set @@ -1586,7 +1654,6 @@ CONFIG_SCSI_LOWLEVEL=y # CONFIG_SCSI_MPT2SAS is not set # CONFIG_SCSI_MPI3MR is not set # CONFIG_SCSI_SMARTPQI is not set -# CONFIG_SCSI_UFSHCD is not set # CONFIG_SCSI_HPTIOP is not set # CONFIG_SCSI_BUSLOGIC is not set # CONFIG_SCSI_MYRB is not set @@ -1638,7 +1705,7 @@ CONFIG_DM_BUFIO=y # CONFIG_DM_MULTIPATH is not set # CONFIG_DM_DELAY is not set # CONFIG_DM_DUST is not set -# CONFIG_DM_INIT is not set +CONFIG_DM_INIT=y # CONFIG_DM_UEVENT is not set # CONFIG_DM_FLAKEY is not set CONFIG_DM_VERITY=y @@ -1672,6 +1739,7 @@ CONFIG_NET_CORE=y # CONFIG_GENEVE is not set # CONFIG_BAREUDP is not set # CONFIG_GTP is not set +# CONFIG_AMT is not set # CONFIG_MACSEC is not set # CONFIG_NETCONSOLE is not set # CONFIG_TUN is not set @@ -1691,6 +1759,7 @@ CONFIG_ETHERNET=y # CONFIG_NET_VENDOR_AMD is not set # CONFIG_NET_VENDOR_AQUANTIA is not set # CONFIG_NET_VENDOR_ARC is not set +CONFIG_NET_VENDOR_ASIX=y # CONFIG_NET_VENDOR_ATHEROS is not set # CONFIG_CX_ECAT is not set # CONFIG_NET_VENDOR_BROADCOM is not set @@ -1699,11 +1768,16 @@ CONFIG_ETHERNET=y # CONFIG_NET_VENDOR_CHELSIO is not set # CONFIG_NET_VENDOR_CISCO is not set # CONFIG_NET_VENDOR_CORTINA is not set +CONFIG_NET_VENDOR_DAVICOM=y # CONFIG_DNET is not set # CONFIG_NET_VENDOR_DEC is not set # CONFIG_NET_VENDOR_DLINK is not set # CONFIG_NET_VENDOR_EMULEX is not set +CONFIG_NET_VENDOR_ENGLEDER=y +# CONFIG_TSNEP is not set # CONFIG_NET_VENDOR_EZCHIP is not set +CONFIG_NET_VENDOR_FUNGIBLE=y +# CONFIG_FUN_ETH is not set # CONFIG_NET_VENDOR_GOOGLE is not set # CONFIG_NET_VENDOR_HUAWEI is not set # CONFIG_NET_VENDOR_I825XX is not set @@ -1721,6 +1795,9 @@ CONFIG_NET_VENDOR_INTEL=y # CONFIG_ICE is not set # CONFIG_FM10K is not set # CONFIG_IGC is not set +CONFIG_NET_VENDOR_WANGXUN=y +# CONFIG_NGBE is not set +# CONFIG_TXGBE is not set # CONFIG_JME is not set # CONFIG_NET_VENDOR_LITEX is not set # CONFIG_NET_VENDOR_MARVELL is not set @@ -1759,6 +1836,7 @@ CONFIG_NET_VENDOR_INTEL=y # CONFIG_NET_VENDOR_SYNOPSYS is not set # CONFIG_NET_VENDOR_TEHUTI is not set # CONFIG_NET_VENDOR_TI is not set +CONFIG_NET_VENDOR_VERTEXCOM=y # CONFIG_NET_VENDOR_VIA is not set # CONFIG_NET_VENDOR_WIZNET is not set # CONFIG_NET_VENDOR_XILINX is not set @@ -1766,6 +1844,7 @@ CONFIG_NET_VENDOR_INTEL=y # CONFIG_HIPPI is not set # CONFIG_NET_SB1000 is not set # CONFIG_PHYLIB is not set +# CONFIG_PSE_CONTROLLER is not set # CONFIG_MDIO_DEVICE is not set # @@ -1862,6 +1941,7 @@ CONFIG_SERIAL_8250_RUNTIME_UARTS=4 # CONFIG_SERIAL_8250_RT288X is not set # CONFIG_SERIAL_8250_LPSS is not set # CONFIG_SERIAL_8250_MID is not set +CONFIG_SERIAL_8250_PERICOM=y # # Non-8250 serial port support @@ -1872,7 +1952,6 @@ CONFIG_SERIAL_CORE_CONSOLE=y # CONFIG_SERIAL_JSM is not set # CONFIG_SERIAL_LANTIQ is not set # CONFIG_SERIAL_SCCNXP is not set -# CONFIG_SERIAL_BCM63XX is not set # CONFIG_SERIAL_ALTERA_JTAGUART is not set # CONFIG_SERIAL_ALTERA_UART is not set # CONFIG_SERIAL_ARC is not set @@ -1985,9 +2064,73 @@ CONFIG_X86_THERMAL_VECTOR=y # CONFIG_INTEL_PCH_THERMAL is not set # CONFIG_INTEL_TCC_COOLING is not set +# CONFIG_INTEL_MENLOW is not set +# CONFIG_INTEL_HFI_THERMAL is not set # end of Intel thermal drivers -# CONFIG_WATCHDOG is not set +CONFIG_WATCHDOG=y +CONFIG_WATCHDOG_CORE=y +# CONFIG_WATCHDOG_NOWAYOUT is not set +CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED=y +CONFIG_WATCHDOG_OPEN_TIMEOUT=0 +# CONFIG_WATCHDOG_SYSFS is not set +# CONFIG_WATCHDOG_HRTIMER_PRETIMEOUT is not set + +# +# Watchdog Pretimeout Governors +# +# CONFIG_WATCHDOG_PRETIMEOUT_GOV is not set + +# +# Watchdog Device Drivers +# +# CONFIG_SOFT_WATCHDOG is not set +# CONFIG_WDAT_WDT is not set +# CONFIG_XILINX_WATCHDOG is not set +# CONFIG_CADENCE_WATCHDOG is not set +# CONFIG_DW_WATCHDOG is not set +# CONFIG_MAX63XX_WATCHDOG is not set +# CONFIG_ACQUIRE_WDT is not set +# CONFIG_ADVANTECH_WDT is not set +# CONFIG_ALIM1535_WDT is not set +# CONFIG_ALIM7101_WDT is not set +# CONFIG_EBC_C384_WDT is not set +# CONFIG_EXAR_WDT is not set +# CONFIG_F71808E_WDT is not set +# CONFIG_SP5100_TCO is not set +# CONFIG_SBC_FITPC2_WATCHDOG is not set +# CONFIG_EUROTECH_WDT is not set +# CONFIG_IB700_WDT is not set +# CONFIG_IBMASR is not set +# CONFIG_WAFER_WDT is not set +# CONFIG_I6300ESB_WDT is not set +# CONFIG_IE6XX_WDT is not set +# CONFIG_ITCO_WDT is not set +# CONFIG_IT8712F_WDT is not set +# CONFIG_IT87_WDT is not set +# CONFIG_HP_WATCHDOG is not set +# CONFIG_SC1200_WDT is not set +# CONFIG_PC87413_WDT is not set +# CONFIG_NV_TCO is not set +# CONFIG_60XX_WDT is not set +# CONFIG_CPU5_WDT is not set +# CONFIG_SMSC_SCH311X_WDT is not set +# CONFIG_SMSC37B787_WDT is not set +# CONFIG_TQMX86_WDT is not set +# CONFIG_VIA_WDT is not set +# CONFIG_W83627HF_WDT is not set +# CONFIG_W83877F_WDT is not set +# CONFIG_W83977F_WDT is not set +# CONFIG_MACHZ_WDT is not set +# CONFIG_SBC_EPX_C3_WATCHDOG is not set +# CONFIG_NI903X_WDT is not set +# CONFIG_NIC7018_WDT is not set + +# +# PCI-based Watchdog Cards +# +# CONFIG_PCIPCWATCHDOG is not set +# CONFIG_WDTPCI is not set CONFIG_SSB_POSSIBLE=y # CONFIG_SSB is not set CONFIG_BCMA_POSSIBLE=y @@ -2003,7 +2146,6 @@ CONFIG_BCMA_POSSIBLE=y # CONFIG_LPC_SCH is not set # CONFIG_MFD_INTEL_LPSS_ACPI is not set # CONFIG_MFD_INTEL_LPSS_PCI is not set -# CONFIG_MFD_INTEL_PMT is not set # CONFIG_MFD_JANZ_CMODIO is not set # CONFIG_MFD_KEMPLD is not set # CONFIG_MFD_MT6397 is not set @@ -2017,15 +2159,20 @@ CONFIG_BCMA_POSSIBLE=y # CONFIG_REGULATOR is not set # CONFIG_RC_CORE is not set + +# +# CEC support +# # CONFIG_MEDIA_CEC_SUPPORT is not set +# end of CEC support + # CONFIG_MEDIA_SUPPORT is not set # # Graphics support # +CONFIG_APERTURE_HELPERS=y # CONFIG_AGP is not set -CONFIG_VGA_ARB=y -CONFIG_VGA_ARB_MAX_GPUS=16 # CONFIG_VGA_SWITCHEROO is not set # CONFIG_DRM is not set @@ -2074,6 +2221,7 @@ CONFIG_DUMMY_CONSOLE_ROWS=25 CONFIG_USB_OHCI_LITTLE_ENDIAN=y # CONFIG_USB_SUPPORT is not set # CONFIG_MMC is not set +# CONFIG_SCSI_UFSHCD is not set # CONFIG_MEMSTICK is not set # CONFIG_NEW_LEDS is not set # CONFIG_ACCESSIBILITY is not set @@ -2106,14 +2254,20 @@ CONFIG_VFIO_PCI=y # CONFIG_VFIO_PCI_IGD is not set # CONFIG_VFIO_MDEV is not set CONFIG_IRQ_BYPASS_MANAGER=y -# CONFIG_VIRT_DRIVERS is not set +CONFIG_VIRT_DRIVERS=y +CONFIG_VMGENID=y +# CONFIG_VBOXGUEST is not set +# CONFIG_NITRO_ENCLAVES is not set +CONFIG_SEV_GUEST=y +CONFIG_VIRTIO_ANCHOR=y CONFIG_VIRTIO=y CONFIG_VIRTIO_PCI_LIB=y +CONFIG_VIRTIO_PCI_LIB_LEGACY=y CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_PCI=y CONFIG_VIRTIO_PCI_LEGACY=y CONFIG_VIRTIO_PMEM=y -# CONFIG_VIRTIO_BALLOON is not set +CONFIG_VIRTIO_BALLOON=y CONFIG_VIRTIO_MEM=y # CONFIG_VIRTIO_INPUT is not set CONFIG_VIRTIO_MMIO=y @@ -2127,29 +2281,19 @@ CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y CONFIG_HYPERV=y CONFIG_HYPERV_TIMER=y # CONFIG_HYPERV_BALLOON is not set -# CONFIG_MSHV is not set -# CONFIG_DXGKRNL is not set # end of Microsoft Hyper-V guest support # CONFIG_GREYBUS is not set # CONFIG_COMEDI is not set # CONFIG_STAGING is not set -# CONFIG_X86_PLATFORM_DEVICES is not set -CONFIG_PMC_ATOM=y # CONFIG_CHROME_PLATFORMS is not set # CONFIG_MELLANOX_PLATFORM is not set # CONFIG_SURFACE_PLATFORMS is not set +# CONFIG_X86_PLATFORM_DEVICES is not set +# CONFIG_P2SB is not set CONFIG_HAVE_CLK=y CONFIG_HAVE_CLK_PREPARE=y CONFIG_COMMON_CLK=y - -# -# Clock driver for ARM Reference designs -# -# CONFIG_ICST is not set -# CONFIG_CLK_SP810 is not set -# end of Clock driver for ARM Reference designs - # CONFIG_XILINX_VCU is not set # CONFIG_HWSPINLOCK is not set @@ -2161,7 +2305,9 @@ CONFIG_I8253_LOCK=y CONFIG_CLKBLD_I8253=y # end of Clock Source drivers -# CONFIG_MAILBOX is not set +CONFIG_MAILBOX=y +CONFIG_PCC=y +# CONFIG_ALTERA_MBOX is not set CONFIG_IOMMU_IOVA=y CONFIG_IOASID=y CONFIG_IOMMU_API=y @@ -2170,13 +2316,15 @@ CONFIG_IOMMU_SUPPORT=y # # Generic IOMMU Pagetable Support # +CONFIG_IOMMU_IO_PGTABLE=y # end of Generic IOMMU Pagetable Support # CONFIG_IOMMU_DEFAULT_DMA_STRICT is not set CONFIG_IOMMU_DEFAULT_DMA_LAZY=y # CONFIG_IOMMU_DEFAULT_PASSTHROUGH is not set CONFIG_IOMMU_DMA=y -# CONFIG_AMD_IOMMU is not set +CONFIG_AMD_IOMMU=y +CONFIG_AMD_IOMMU_V2=y CONFIG_DMAR_TABLE=y CONFIG_INTEL_IOMMU=y # CONFIG_INTEL_IOMMU_SVM is not set @@ -2185,8 +2333,7 @@ CONFIG_INTEL_IOMMU_FLOPPY_WA=y # CONFIG_INTEL_IOMMU_SCALABLE_MODE_DEFAULT_ON is not set CONFIG_IRQ_REMAP=y CONFIG_HYPERV_IOMMU=y -CONFIG_HYPERV_ROOT_PVIOMMU=y -# CONFIG_VIRTIO_IOMMU is not set +CONFIG_VIRTIO_IOMMU=y # # Remoteproc drivers @@ -2197,6 +2344,7 @@ CONFIG_HYPERV_ROOT_PVIOMMU=y # # Rpmsg drivers # +# CONFIG_RPMSG_QCOM_GLINK_RPM is not set # CONFIG_RPMSG_VIRTIO is not set # end of Rpmsg drivers @@ -2221,6 +2369,11 @@ CONFIG_HYPERV_ROOT_PVIOMMU=y # # end of NXP/Freescale QorIQ SoC drivers +# +# fujitsu SoC drivers +# +# end of fujitsu SoC drivers + # # i.MX SoC drivers # @@ -2249,7 +2402,6 @@ CONFIG_HYPERV_ROOT_PVIOMMU=y # CONFIG_MEMORY is not set # CONFIG_IIO is not set # CONFIG_NTB is not set -# CONFIG_VME_BUS is not set # CONFIG_PWM is not set # @@ -2265,7 +2417,13 @@ CONFIG_HYPERV_ROOT_PVIOMMU=y # # CONFIG_GENERIC_PHY is not set # CONFIG_PHY_CAN_TRANSCEIVER is not set + +# +# PHY drivers for Broadcom platforms +# # CONFIG_BCM_KONA_USB2_PHY is not set +# end of PHY drivers for Broadcom platforms + # CONFIG_PHY_PXA_28NM_HSIC is not set # CONFIG_PHY_PXA_28NM_USB2 is not set # CONFIG_PHY_INTEL_LGM_EMMC is not set @@ -2285,20 +2443,19 @@ CONFIG_HYPERV_ROOT_PVIOMMU=y # # Android # -# CONFIG_ANDROID is not set +# CONFIG_ANDROID_BINDER_IPC is not set # end of Android CONFIG_LIBNVDIMM=y CONFIG_BLK_DEV_PMEM=y -CONFIG_ND_BLK=y CONFIG_ND_CLAIM=y CONFIG_ND_BTT=y CONFIG_BTT=y CONFIG_ND_PFN=y CONFIG_NVDIMM_PFN=y CONFIG_NVDIMM_DAX=y -CONFIG_DAX_DRIVER=y CONFIG_DAX=y +# CONFIG_DEV_DAX is not set CONFIG_NVMEM=y # CONFIG_NVMEM_SYSFS is not set # CONFIG_NVMEM_RMEM is not set @@ -2312,11 +2469,12 @@ CONFIG_NVMEM=y # CONFIG_FPGA is not set # CONFIG_TEE is not set -# CONFIG_UNISYS_VISORBUS is not set # CONFIG_SIOX is not set # CONFIG_SLIMBUS is not set # CONFIG_INTERCONNECT is not set # CONFIG_COUNTER is not set +# CONFIG_PECI is not set +# CONFIG_HTE is not set # end of Device Drivers # @@ -2350,6 +2508,7 @@ CONFIG_XFS_FS=y # CONFIG_NILFS2_FS is not set # CONFIG_F2FS_FS is not set CONFIG_FS_DAX=y +CONFIG_FS_DAX_PMD=y CONFIG_FS_POSIX_ACL=y CONFIG_EXPORTFS=y CONFIG_EXPORTFS_BLOCK_OPS=y @@ -2378,21 +2537,29 @@ CONFIG_OVERLAY_FS_METACOPY=y # # Caches # +CONFIG_NETFS_SUPPORT=y +# CONFIG_NETFS_STATS is not set # CONFIG_FSCACHE is not set # end of Caches # # CD-ROM/DVD Filesystems # -# CONFIG_ISO9660_FS is not set +CONFIG_ISO9660_FS=y +CONFIG_JOLIET=y +CONFIG_ZISOFS=y # CONFIG_UDF_FS is not set # end of CD-ROM/DVD Filesystems # # DOS/FAT/EXFAT/NT Filesystems # -# CONFIG_MSDOS_FS is not set -# CONFIG_VFAT_FS is not set +CONFIG_FAT_FS=y +CONFIG_MSDOS_FS=y +CONFIG_VFAT_FS=y +CONFIG_FAT_DEFAULT_CODEPAGE=437 +CONFIG_FAT_DEFAULT_IOCHARSET="iso8859-1" +# CONFIG_FAT_DEFAULT_UTF8 is not set # CONFIG_EXFAT_FS is not set # CONFIG_NTFS_FS is not set # CONFIG_NTFS3_FS is not set @@ -2415,8 +2582,9 @@ CONFIG_TMPFS=y # CONFIG_TMPFS_INODE64 is not set CONFIG_HUGETLBFS=y CONFIG_HUGETLB_PAGE=y -CONFIG_HUGETLB_PAGE_FREE_VMEMMAP=y -# CONFIG_HUGETLB_PAGE_FREE_VMEMMAP_DEFAULT_ON is not set +CONFIG_ARCH_WANT_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y +CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y +# CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON is not set CONFIG_MEMFD_CREATE=y CONFIG_ARCH_HAS_GIGANTIC_PAGE=y # CONFIG_CONFIGFS_FS is not set @@ -2435,56 +2603,56 @@ CONFIG_9P_FS=y CONFIG_9P_FS_POSIX_ACL=y CONFIG_9P_FS_SECURITY=y CONFIG_NLS=y -CONFIG_NLS_DEFAULT="iso8859-1" -# CONFIG_NLS_CODEPAGE_437 is not set -# CONFIG_NLS_CODEPAGE_737 is not set -# CONFIG_NLS_CODEPAGE_775 is not set -# CONFIG_NLS_CODEPAGE_850 is not set -# CONFIG_NLS_CODEPAGE_852 is not set -# CONFIG_NLS_CODEPAGE_855 is not set -# CONFIG_NLS_CODEPAGE_857 is not set -# CONFIG_NLS_CODEPAGE_860 is not set -# CONFIG_NLS_CODEPAGE_861 is not set -# CONFIG_NLS_CODEPAGE_862 is not set -# CONFIG_NLS_CODEPAGE_863 is not set -# CONFIG_NLS_CODEPAGE_864 is not set -# CONFIG_NLS_CODEPAGE_865 is not set -# CONFIG_NLS_CODEPAGE_866 is not set -# CONFIG_NLS_CODEPAGE_869 is not set -# CONFIG_NLS_CODEPAGE_936 is not set -# CONFIG_NLS_CODEPAGE_950 is not set -# CONFIG_NLS_CODEPAGE_932 is not set -# CONFIG_NLS_CODEPAGE_949 is not set -# CONFIG_NLS_CODEPAGE_874 is not set -# CONFIG_NLS_ISO8859_8 is not set -# CONFIG_NLS_CODEPAGE_1250 is not set -# CONFIG_NLS_CODEPAGE_1251 is not set -# CONFIG_NLS_ASCII is not set -# CONFIG_NLS_ISO8859_1 is not set -# CONFIG_NLS_ISO8859_2 is not set -# CONFIG_NLS_ISO8859_3 is not set -# CONFIG_NLS_ISO8859_4 is not set -# CONFIG_NLS_ISO8859_5 is not set -# CONFIG_NLS_ISO8859_6 is not set -# CONFIG_NLS_ISO8859_7 is not set -# CONFIG_NLS_ISO8859_9 is not set -# CONFIG_NLS_ISO8859_13 is not set -# CONFIG_NLS_ISO8859_14 is not set -# CONFIG_NLS_ISO8859_15 is not set -# CONFIG_NLS_KOI8_R is not set -# CONFIG_NLS_KOI8_U is not set -# CONFIG_NLS_MAC_ROMAN is not set -# CONFIG_NLS_MAC_CELTIC is not set -# CONFIG_NLS_MAC_CENTEURO is not set -# CONFIG_NLS_MAC_CROATIAN is not set -# CONFIG_NLS_MAC_CYRILLIC is not set -# CONFIG_NLS_MAC_GAELIC is not set -# CONFIG_NLS_MAC_GREEK is not set -# CONFIG_NLS_MAC_ICELAND is not set -# CONFIG_NLS_MAC_INUIT is not set -# CONFIG_NLS_MAC_ROMANIAN is not set -# CONFIG_NLS_MAC_TURKISH is not set -# CONFIG_NLS_UTF8 is not set +CONFIG_NLS_DEFAULT="utf8" +CONFIG_NLS_CODEPAGE_437=y +CONFIG_NLS_CODEPAGE_737=y +CONFIG_NLS_CODEPAGE_775=y +CONFIG_NLS_CODEPAGE_850=y +CONFIG_NLS_CODEPAGE_852=y +CONFIG_NLS_CODEPAGE_855=y +CONFIG_NLS_CODEPAGE_857=y +CONFIG_NLS_CODEPAGE_860=y +CONFIG_NLS_CODEPAGE_861=y +CONFIG_NLS_CODEPAGE_862=y +CONFIG_NLS_CODEPAGE_863=y +CONFIG_NLS_CODEPAGE_864=y +CONFIG_NLS_CODEPAGE_865=y +CONFIG_NLS_CODEPAGE_866=y +CONFIG_NLS_CODEPAGE_869=y +CONFIG_NLS_CODEPAGE_936=y +CONFIG_NLS_CODEPAGE_950=y +CONFIG_NLS_CODEPAGE_932=y +CONFIG_NLS_CODEPAGE_949=y +CONFIG_NLS_CODEPAGE_874=y +CONFIG_NLS_ISO8859_8=y +CONFIG_NLS_CODEPAGE_1250=y +CONFIG_NLS_CODEPAGE_1251=y +CONFIG_NLS_ASCII=y +CONFIG_NLS_ISO8859_1=y +CONFIG_NLS_ISO8859_2=y +CONFIG_NLS_ISO8859_3=y +CONFIG_NLS_ISO8859_4=y +CONFIG_NLS_ISO8859_5=y +CONFIG_NLS_ISO8859_6=y +CONFIG_NLS_ISO8859_7=y +CONFIG_NLS_ISO8859_9=y +CONFIG_NLS_ISO8859_13=y +CONFIG_NLS_ISO8859_14=y +CONFIG_NLS_ISO8859_15=y +CONFIG_NLS_KOI8_R=y +CONFIG_NLS_KOI8_U=y +CONFIG_NLS_MAC_ROMAN=y +CONFIG_NLS_MAC_CELTIC=y +CONFIG_NLS_MAC_CENTEURO=y +CONFIG_NLS_MAC_CROATIAN=y +CONFIG_NLS_MAC_CYRILLIC=y +CONFIG_NLS_MAC_GAELIC=y +CONFIG_NLS_MAC_GREEK=y +CONFIG_NLS_MAC_ICELAND=y +CONFIG_NLS_MAC_INUIT=y +CONFIG_NLS_MAC_ROMANIAN=y +CONFIG_NLS_MAC_TURKISH=y +CONFIG_NLS_UTF8=y # CONFIG_UNICODE is not set CONFIG_IO_WQ=y # end of File systems @@ -2532,6 +2700,10 @@ CONFIG_INIT_STACK_NONE=y CONFIG_CC_HAS_ZERO_CALL_USED_REGS=y # CONFIG_ZERO_CALL_USED_REGS is not set # end of Memory initialization + +CONFIG_RANDSTRUCT_NONE=y +# CONFIG_RANDSTRUCT_FULL is not set +# CONFIG_RANDSTRUCT_PERFORMANCE is not set # end of Kernel hardening options # end of Security options @@ -2542,21 +2714,30 @@ CONFIG_CRYPTO=y # CONFIG_CRYPTO_ALGAPI=y CONFIG_CRYPTO_ALGAPI2=y +CONFIG_CRYPTO_AEAD=y +CONFIG_CRYPTO_AEAD2=y CONFIG_CRYPTO_SKCIPHER=y CONFIG_CRYPTO_SKCIPHER2=y CONFIG_CRYPTO_HASH=y CONFIG_CRYPTO_HASH2=y CONFIG_CRYPTO_RNG=y CONFIG_CRYPTO_RNG2=y +CONFIG_CRYPTO_AKCIPHER2=y +CONFIG_CRYPTO_KPP2=y CONFIG_CRYPTO_ACOMP2=y -# CONFIG_CRYPTO_MANAGER is not set +CONFIG_CRYPTO_MANAGER=y +CONFIG_CRYPTO_MANAGER2=y # CONFIG_CRYPTO_USER is not set # CONFIG_CRYPTO_MANAGER_DISABLE_TESTS is not set -# CONFIG_CRYPTO_NULL is not set +# CONFIG_CRYPTO_MANAGER_EXTRA_TESTS is not set +CONFIG_CRYPTO_GF128MUL=y +CONFIG_CRYPTO_NULL=y +CONFIG_CRYPTO_NULL2=y # CONFIG_CRYPTO_PCRYPT is not set # CONFIG_CRYPTO_CRYPTD is not set # CONFIG_CRYPTO_AUTHENC is not set # CONFIG_CRYPTO_TEST is not set +# end of Crypto core or helper # # Public-key cryptography @@ -2568,107 +2749,87 @@ CONFIG_CRYPTO_ACOMP2=y # CONFIG_CRYPTO_ECRDSA is not set # CONFIG_CRYPTO_SM2 is not set # CONFIG_CRYPTO_CURVE25519 is not set -# CONFIG_CRYPTO_CURVE25519_X86 is not set +# end of Public-key cryptography # -# Authenticated Encryption with Associated Data +# Block ciphers # -# CONFIG_CRYPTO_CCM is not set -# CONFIG_CRYPTO_GCM is not set -# CONFIG_CRYPTO_CHACHA20POLY1305 is not set -# CONFIG_CRYPTO_AEGIS128 is not set -# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set -# CONFIG_CRYPTO_SEQIV is not set -# CONFIG_CRYPTO_ECHAINIV is not set +CONFIG_CRYPTO_AES=y +# CONFIG_CRYPTO_AES_TI is not set +# CONFIG_CRYPTO_ARIA is not set +# CONFIG_CRYPTO_BLOWFISH is not set +# CONFIG_CRYPTO_CAMELLIA is not set +# CONFIG_CRYPTO_CAST5 is not set +# CONFIG_CRYPTO_CAST6 is not set +# CONFIG_CRYPTO_DES is not set +# CONFIG_CRYPTO_FCRYPT is not set +# CONFIG_CRYPTO_SERPENT is not set +# CONFIG_CRYPTO_SM4_GENERIC is not set +# CONFIG_CRYPTO_TWOFISH is not set +# end of Block ciphers # -# Block modes +# Length-preserving ciphers and modes # +# CONFIG_CRYPTO_ADIANTUM is not set +# CONFIG_CRYPTO_CHACHA20 is not set # CONFIG_CRYPTO_CBC is not set # CONFIG_CRYPTO_CFB is not set -# CONFIG_CRYPTO_CTR is not set +CONFIG_CRYPTO_CTR=y # CONFIG_CRYPTO_CTS is not set # CONFIG_CRYPTO_ECB is not set +# CONFIG_CRYPTO_HCTR2 is not set +# CONFIG_CRYPTO_KEYWRAP is not set # CONFIG_CRYPTO_LRW is not set # CONFIG_CRYPTO_OFB is not set # CONFIG_CRYPTO_PCBC is not set # CONFIG_CRYPTO_XTS is not set -# CONFIG_CRYPTO_KEYWRAP is not set -# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set -# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set -# CONFIG_CRYPTO_ADIANTUM is not set -# CONFIG_CRYPTO_ESSIV is not set +# end of Length-preserving ciphers and modes # -# Hash modes +# AEAD (authenticated encryption with associated data) ciphers # -# CONFIG_CRYPTO_CMAC is not set -# CONFIG_CRYPTO_HMAC is not set -# CONFIG_CRYPTO_XCBC is not set -# CONFIG_CRYPTO_VMAC is not set +# CONFIG_CRYPTO_AEGIS128 is not set +# CONFIG_CRYPTO_CHACHA20POLY1305 is not set +# CONFIG_CRYPTO_CCM is not set +CONFIG_CRYPTO_GCM=y +# CONFIG_CRYPTO_SEQIV is not set +# CONFIG_CRYPTO_ECHAINIV is not set +# CONFIG_CRYPTO_ESSIV is not set +# end of AEAD (authenticated encryption with associated data) ciphers # -# Digest +# Hashes, digests, and MACs # -CONFIG_CRYPTO_CRC32C=y -# CONFIG_CRYPTO_CRC32C_INTEL is not set -# CONFIG_CRYPTO_CRC32 is not set -# CONFIG_CRYPTO_CRC32_PCLMUL is not set -# CONFIG_CRYPTO_XXHASH is not set # CONFIG_CRYPTO_BLAKE2B is not set -# CONFIG_CRYPTO_BLAKE2S_X86 is not set -# CONFIG_CRYPTO_CRCT10DIF is not set -# CONFIG_CRYPTO_GHASH is not set -# CONFIG_CRYPTO_POLY1305 is not set -# CONFIG_CRYPTO_POLY1305_X86_64 is not set +# CONFIG_CRYPTO_CMAC is not set +CONFIG_CRYPTO_GHASH=y +# CONFIG_CRYPTO_HMAC is not set # CONFIG_CRYPTO_MD4 is not set CONFIG_CRYPTO_MD5=y # CONFIG_CRYPTO_MICHAEL_MIC is not set +# CONFIG_CRYPTO_POLY1305 is not set # CONFIG_CRYPTO_RMD160 is not set # CONFIG_CRYPTO_SHA1 is not set -# CONFIG_CRYPTO_SHA1_SSSE3 is not set -# CONFIG_CRYPTO_SHA256_SSSE3 is not set -# CONFIG_CRYPTO_SHA512_SSSE3 is not set CONFIG_CRYPTO_SHA256=y # CONFIG_CRYPTO_SHA512 is not set # CONFIG_CRYPTO_SHA3 is not set -# CONFIG_CRYPTO_SM3 is not set +# CONFIG_CRYPTO_SM3_GENERIC is not set # CONFIG_CRYPTO_STREEBOG is not set +# CONFIG_CRYPTO_VMAC is not set # CONFIG_CRYPTO_WP512 is not set -# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set +# CONFIG_CRYPTO_XCBC is not set +# CONFIG_CRYPTO_XXHASH is not set +# end of Hashes, digests, and MACs # -# Ciphers +# CRCs (cyclic redundancy checks) # -CONFIG_CRYPTO_AES=y -# CONFIG_CRYPTO_AES_TI is not set -# CONFIG_CRYPTO_AES_NI_INTEL is not set -# CONFIG_CRYPTO_BLOWFISH is not set -# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set -# CONFIG_CRYPTO_CAMELLIA is not set -# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set -# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set -# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set -# CONFIG_CRYPTO_CAST5 is not set -# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set -# CONFIG_CRYPTO_CAST6 is not set -# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set -# CONFIG_CRYPTO_DES is not set -# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set -# CONFIG_CRYPTO_FCRYPT is not set -# CONFIG_CRYPTO_CHACHA20 is not set -# CONFIG_CRYPTO_CHACHA20_X86_64 is not set -# CONFIG_CRYPTO_SERPENT is not set -# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set -# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set -# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set -# CONFIG_CRYPTO_SM4 is not set -# CONFIG_CRYPTO_SM4_AESNI_AVX_X86_64 is not set -# CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64 is not set -# CONFIG_CRYPTO_TWOFISH is not set -# CONFIG_CRYPTO_TWOFISH_X86_64 is not set -# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set -# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set +CONFIG_CRYPTO_CRC32C=y +# CONFIG_CRYPTO_CRC32 is not set +CONFIG_CRYPTO_CRCT10DIF=y +CONFIG_CRYPTO_CRC64_ROCKSOFT=y +# end of CRCs (cyclic redundancy checks) # # Compression @@ -2679,19 +2840,65 @@ CONFIG_CRYPTO_DEFLATE=y # CONFIG_CRYPTO_LZ4 is not set # CONFIG_CRYPTO_LZ4HC is not set # CONFIG_CRYPTO_ZSTD is not set +# end of Compression # -# Random Number Generation +# Random number generation # CONFIG_CRYPTO_ANSI_CPRNG=y # CONFIG_CRYPTO_DRBG_MENU is not set # CONFIG_CRYPTO_JITTERENTROPY is not set +# end of Random number generation + +# +# Userspace interface +# CONFIG_CRYPTO_USER_API=y CONFIG_CRYPTO_USER_API_HASH=y # CONFIG_CRYPTO_USER_API_SKCIPHER is not set # CONFIG_CRYPTO_USER_API_RNG is not set # CONFIG_CRYPTO_USER_API_AEAD is not set # CONFIG_CRYPTO_USER_API_ENABLE_OBSOLETE is not set +# end of Userspace interface + +# +# Accelerated Cryptographic Algorithms for CPU (x86) +# +# CONFIG_CRYPTO_CURVE25519_X86 is not set +# CONFIG_CRYPTO_AES_NI_INTEL is not set +# CONFIG_CRYPTO_BLOWFISH_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAMELLIA_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_CAST5_AVX_X86_64 is not set +# CONFIG_CRYPTO_CAST6_AVX_X86_64 is not set +# CONFIG_CRYPTO_DES3_EDE_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_SSE2_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX_X86_64 is not set +# CONFIG_CRYPTO_SERPENT_AVX2_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_SM4_AESNI_AVX2_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH_X86_64 is not set +# CONFIG_CRYPTO_TWOFISH_X86_64_3WAY is not set +# CONFIG_CRYPTO_TWOFISH_AVX_X86_64 is not set +# CONFIG_CRYPTO_ARIA_AESNI_AVX_X86_64 is not set +# CONFIG_CRYPTO_CHACHA20_X86_64 is not set +# CONFIG_CRYPTO_AEGIS128_AESNI_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_SSE2 is not set +# CONFIG_CRYPTO_NHPOLY1305_AVX2 is not set +# CONFIG_CRYPTO_BLAKE2S_X86 is not set +# CONFIG_CRYPTO_POLYVAL_CLMUL_NI is not set +# CONFIG_CRYPTO_POLY1305_X86_64 is not set +# CONFIG_CRYPTO_SHA1_SSSE3 is not set +# CONFIG_CRYPTO_SHA256_SSSE3 is not set +# CONFIG_CRYPTO_SHA512_SSSE3 is not set +# CONFIG_CRYPTO_SM3_AVX_X86_64 is not set +# CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL is not set +# CONFIG_CRYPTO_CRC32C_INTEL is not set +# CONFIG_CRYPTO_CRC32_PCLMUL is not set +# CONFIG_CRYPTO_CRCT10DIF_PCLMUL is not set +# end of Accelerated Cryptographic Algorithms for CPU (x86) + # CONFIG_CRYPTO_HW is not set # @@ -2709,7 +2916,6 @@ CONFIG_BITREVERSE=y CONFIG_GENERIC_STRNCPY_FROM_USER=y CONFIG_GENERIC_STRNLEN_USER=y CONFIG_GENERIC_NET_UTILS=y -CONFIG_GENERIC_FIND_FIRST_BIT=y # CONFIG_CORDIC is not set # CONFIG_PRIME_NUMBERS is not set CONFIG_RATIONAL=y @@ -2722,6 +2928,7 @@ CONFIG_ARCH_USE_SYM_ANNOTATIONS=y # # Crypto library routines # +CONFIG_CRYPTO_LIB_UTILS=y CONFIG_CRYPTO_LIB_AES=y CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y # CONFIG_CRYPTO_LIB_CHACHA is not set @@ -2729,13 +2936,14 @@ CONFIG_CRYPTO_LIB_BLAKE2S_GENERIC=y CONFIG_CRYPTO_LIB_POLY1305_RSIZE=11 # CONFIG_CRYPTO_LIB_POLY1305 is not set # CONFIG_CRYPTO_LIB_CHACHA20POLY1305 is not set +CONFIG_CRYPTO_LIB_SHA1=y CONFIG_CRYPTO_LIB_SHA256=y # end of Crypto library routines -CONFIG_LIB_MEMNEQ=y # CONFIG_CRC_CCITT is not set CONFIG_CRC16=y -# CONFIG_CRC_T10DIF is not set +CONFIG_CRC_T10DIF=y +CONFIG_CRC64_ROCKSOFT=y # CONFIG_CRC_ITU_T is not set CONFIG_CRC32=y # CONFIG_CRC32_SELFTEST is not set @@ -2743,11 +2951,12 @@ CONFIG_CRC32_SLICEBY8=y # CONFIG_CRC32_SLICEBY4 is not set # CONFIG_CRC32_SARWATE is not set # CONFIG_CRC32_BIT is not set -# CONFIG_CRC64 is not set +CONFIG_CRC64=y # CONFIG_CRC4 is not set # CONFIG_CRC7 is not set CONFIG_LIBCRC32C=y # CONFIG_CRC8 is not set +CONFIG_XXHASH=y # CONFIG_RANDOM32_SELFTEST is not set CONFIG_ZLIB_INFLATE=y CONFIG_ZLIB_DEFLATE=y @@ -2758,9 +2967,11 @@ CONFIG_XZ_DEC_IA64=y CONFIG_XZ_DEC_ARM=y CONFIG_XZ_DEC_ARMTHUMB=y CONFIG_XZ_DEC_SPARC=y +# CONFIG_XZ_DEC_MICROLZMA is not set CONFIG_XZ_DEC_BCJ=y # CONFIG_XZ_DEC_TEST is not set CONFIG_DECOMPRESS_GZIP=y +CONFIG_GENERIC_ALLOCATOR=y CONFIG_TEXTSEARCH=y CONFIG_TEXTSEARCH_KMP=y CONFIG_TEXTSEARCH_BM=y @@ -2774,9 +2985,14 @@ CONFIG_DMA_OPS=y CONFIG_NEED_SG_DMA_LENGTH=y CONFIG_NEED_DMA_MAP_STATE=y CONFIG_ARCH_DMA_ADDR_T_64BIT=y +CONFIG_ARCH_HAS_FORCE_DMA_UNENCRYPTED=y CONFIG_SWIOTLB=y +CONFIG_DMA_COHERENT_POOL=y # CONFIG_DMA_API_DEBUG is not set CONFIG_SGL_ALLOC=y +CONFIG_IOMMU_HELPER=y +CONFIG_CPUMASK_OFFSTACK=y +# CONFIG_FORCE_NR_CPUS is not set CONFIG_CPU_RMAP=y CONFIG_DQL=y CONFIG_NLATTR=y @@ -2790,6 +3006,7 @@ CONFIG_MEMREGION=y CONFIG_ARCH_HAS_UACCESS_FLUSHCACHE=y CONFIG_ARCH_HAS_COPY_MC=y CONFIG_ARCH_STACKWALK=y +CONFIG_STACKDEPOT=y CONFIG_SBITMAP=y # end of Library routines @@ -2806,23 +3023,32 @@ CONFIG_PRINTK_TIME=y CONFIG_CONSOLE_LOGLEVEL_DEFAULT=7 CONFIG_CONSOLE_LOGLEVEL_QUIET=4 CONFIG_MESSAGE_LOGLEVEL_DEFAULT=4 +# CONFIG_BOOT_PRINTK_DELAY is not set # CONFIG_DYNAMIC_DEBUG is not set # CONFIG_DYNAMIC_DEBUG_CORE is not set # CONFIG_SYMBOLIC_ERRNAME is not set CONFIG_DEBUG_BUGVERBOSE=y # end of printk and dmesg options -CONFIG_AS_HAS_NON_CONST_LEB128=y +CONFIG_DEBUG_KERNEL=y +CONFIG_DEBUG_MISC=y # # Compile-time checks and compiler options # +CONFIG_AS_HAS_NON_CONST_LEB128=y +CONFIG_DEBUG_INFO_NONE=y +# CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set +# CONFIG_DEBUG_INFO_DWARF4 is not set +# CONFIG_DEBUG_INFO_DWARF5 is not set CONFIG_FRAME_WARN=2048 # CONFIG_STRIP_ASM_SYMS is not set +# CONFIG_READABLE_ASM is not set # CONFIG_HEADERS_INSTALL is not set # CONFIG_DEBUG_SECTION_MISMATCH is not set CONFIG_SECTION_MISMATCH_WARN_ONLY=y -CONFIG_STACK_VALIDATION=y +CONFIG_OBJTOOL=y +# CONFIG_DEBUG_FORCE_WEAK_PER_CPU is not set # end of Compile-time checks and compiler options # @@ -2831,31 +3057,48 @@ CONFIG_STACK_VALIDATION=y # CONFIG_MAGIC_SYSRQ is not set # CONFIG_DEBUG_FS is not set CONFIG_HAVE_ARCH_KGDB=y +# CONFIG_KGDB is not set CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y # CONFIG_UBSAN is not set CONFIG_HAVE_ARCH_KCSAN=y CONFIG_HAVE_KCSAN_COMPILER=y +# CONFIG_KCSAN is not set # end of Generic Kernel Debugging Instruments -# CONFIG_DEBUG_KERNEL is not set +# +# Networking Debugging +# +# CONFIG_NET_DEV_REFCNT_TRACKER is not set +# CONFIG_NET_NS_REFCNT_TRACKER is not set +# CONFIG_DEBUG_NET is not set +# end of Networking Debugging # # Memory Debugging # # CONFIG_PAGE_EXTENSION is not set +# CONFIG_DEBUG_PAGEALLOC is not set +CONFIG_SLUB_DEBUG=y +# CONFIG_SLUB_DEBUG_ON is not set +# CONFIG_PAGE_OWNER is not set +# CONFIG_PAGE_TABLE_CHECK is not set # CONFIG_PAGE_POISONING is not set # CONFIG_DEBUG_RODATA_TEST is not set CONFIG_ARCH_HAS_DEBUG_WX=y # CONFIG_DEBUG_WX is not set CONFIG_GENERIC_PTDUMP=y -# CONFIG_SLUB_DEBUG_ON is not set -# CONFIG_SLUB_STATS is not set +# CONFIG_DEBUG_OBJECTS is not set CONFIG_HAVE_DEBUG_KMEMLEAK=y +# CONFIG_DEBUG_KMEMLEAK is not set +# CONFIG_DEBUG_STACK_USAGE is not set +# CONFIG_SCHED_STACK_END_CHECK is not set CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y +# CONFIG_DEBUG_VM is not set # CONFIG_DEBUG_VM_PGTABLE is not set CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y +# CONFIG_DEBUG_VIRTUAL is not set CONFIG_DEBUG_MEMORY_INIT=y -CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y +# CONFIG_DEBUG_PER_CPU_MAPS is not set CONFIG_HAVE_ARCH_KASAN=y CONFIG_HAVE_ARCH_KASAN_VMALLOC=y CONFIG_CC_HAS_KASAN_GENERIC=y @@ -2863,21 +3106,30 @@ CONFIG_CC_HAS_WORKING_NOSANITIZE_ADDRESS=y # CONFIG_KASAN is not set CONFIG_HAVE_ARCH_KFENCE=y # CONFIG_KFENCE is not set +CONFIG_HAVE_ARCH_KMSAN=y # end of Memory Debugging +# CONFIG_DEBUG_SHIRQ is not set + # # Debug Oops, Lockups and Hangs # # CONFIG_PANIC_ON_OOPS is not set CONFIG_PANIC_ON_OOPS_VALUE=0 CONFIG_PANIC_TIMEOUT=0 +# CONFIG_SOFTLOCKUP_DETECTOR is not set CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y +# CONFIG_HARDLOCKUP_DETECTOR is not set +# CONFIG_DETECT_HUNG_TASK is not set +# CONFIG_WQ_WATCHDOG is not set # CONFIG_TEST_LOCKUP is not set # end of Debug Oops, Lockups and Hangs # # Scheduler Debugging # +CONFIG_SCHED_DEBUG=y +# CONFIG_SCHEDSTATS is not set # end of Scheduler Debugging # CONFIG_DEBUG_TIMEKEEPING is not set @@ -2886,41 +3138,76 @@ CONFIG_HARDLOCKUP_CHECK_TIMESTAMP=y # Lock Debugging (spinlocks, mutexes, etc...) # CONFIG_LOCK_DEBUGGING_SUPPORT=y +# CONFIG_PROVE_LOCKING is not set +# CONFIG_LOCK_STAT is not set +# CONFIG_DEBUG_RT_MUTEXES is not set +# CONFIG_DEBUG_SPINLOCK is not set +# CONFIG_DEBUG_MUTEXES is not set +# CONFIG_DEBUG_WW_MUTEX_SLOWPATH is not set +# CONFIG_DEBUG_RWSEMS is not set +# CONFIG_DEBUG_LOCK_ALLOC is not set +# CONFIG_DEBUG_ATOMIC_SLEEP is not set +# CONFIG_DEBUG_LOCKING_API_SELFTESTS is not set +# CONFIG_LOCK_TORTURE_TEST is not set # CONFIG_WW_MUTEX_SELFTEST is not set +# CONFIG_SCF_TORTURE_TEST is not set +# CONFIG_CSD_LOCK_WAIT_DEBUG is not set # end of Lock Debugging (spinlocks, mutexes, etc...) # CONFIG_DEBUG_IRQFLAGS is not set -# CONFIG_STACKTRACE is not set +CONFIG_STACKTRACE=y # CONFIG_WARN_ALL_UNSEEDED_RANDOM is not set +# CONFIG_DEBUG_KOBJECT is not set # # Debug kernel data structures # +# CONFIG_DEBUG_LIST is not set +# CONFIG_DEBUG_PLIST is not set +# CONFIG_DEBUG_SG is not set +# CONFIG_DEBUG_NOTIFIERS is not set # CONFIG_BUG_ON_DATA_CORRUPTION is not set +# CONFIG_DEBUG_MAPLE_TREE is not set # end of Debug kernel data structures +# CONFIG_DEBUG_CREDENTIALS is not set + # # RCU Debugging # +# CONFIG_RCU_SCALE_TEST is not set +# CONFIG_RCU_TORTURE_TEST is not set +# CONFIG_RCU_REF_SCALE_TEST is not set CONFIG_RCU_CPU_STALL_TIMEOUT=21 +CONFIG_RCU_EXP_CPU_STALL_TIMEOUT=0 +CONFIG_RCU_TRACE=y +# CONFIG_RCU_EQS_DEBUG is not set # end of RCU Debugging +# CONFIG_DEBUG_WQ_FORCE_RR_CPU is not set +# CONFIG_CPU_HOTPLUG_STATE_CONTROL is not set +# CONFIG_LATENCYTOP is not set CONFIG_USER_STACKTRACE_SUPPORT=y +CONFIG_HAVE_RETHOOK=y CONFIG_HAVE_FUNCTION_TRACER=y -CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y CONFIG_HAVE_DYNAMIC_FTRACE=y CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y CONFIG_HAVE_DYNAMIC_FTRACE_WITH_DIRECT_CALLS=y CONFIG_HAVE_DYNAMIC_FTRACE_WITH_ARGS=y +CONFIG_HAVE_DYNAMIC_FTRACE_NO_PATCHABLE=y CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y CONFIG_HAVE_SYSCALL_TRACEPOINTS=y CONFIG_HAVE_FENTRY=y CONFIG_HAVE_OBJTOOL_MCOUNT=y CONFIG_HAVE_C_RECORDMCOUNT=y +CONFIG_HAVE_BUILDTIME_MCOUNT_SORT=y +CONFIG_TRACE_CLOCK=y CONFIG_TRACING_SUPPORT=y # CONFIG_FTRACE is not set # CONFIG_PROVIDE_OHCI1394_DMA_INIT is not set # CONFIG_SAMPLES is not set +CONFIG_HAVE_SAMPLE_FTRACE_DIRECT=y +CONFIG_HAVE_SAMPLE_FTRACE_DIRECT_MULTI=y CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y # @@ -2930,11 +3217,18 @@ CONFIG_X86_VERBOSE_BOOTUP=y CONFIG_EARLY_PRINTK=y # CONFIG_EARLY_PRINTK_DBGP is not set # CONFIG_EARLY_PRINTK_USB_XDBC is not set +# CONFIG_DEBUG_TLBFLUSH is not set +# CONFIG_IOMMU_DEBUG is not set CONFIG_HAVE_MMIOTRACE_SUPPORT=y +# CONFIG_X86_DECODER_SELFTEST is not set CONFIG_IO_DELAY_0X80=y # CONFIG_IO_DELAY_0XED is not set # CONFIG_IO_DELAY_UDELAY is not set # CONFIG_IO_DELAY_NONE is not set +# CONFIG_CPA_DEBUG is not set +# CONFIG_DEBUG_ENTRY is not set +# CONFIG_DEBUG_NMI_SELFTEST is not set +CONFIG_X86_DEBUG_FPU=y # CONFIG_PUNIT_ATOM_DEBUG is not set CONFIG_UNWINDER_ORC=y # CONFIG_UNWINDER_FRAME_POINTER is not set @@ -2944,6 +3238,8 @@ CONFIG_UNWINDER_ORC=y # Kernel Testing and Coverage # # CONFIG_KUNIT is not set +# CONFIG_NOTIFIER_ERROR_INJECTION is not set +# CONFIG_FAULT_INJECTION is not set CONFIG_ARCH_HAS_KCOV=y CONFIG_CC_HAS_SANCOV_TRACE_PC=y # CONFIG_KCOV is not set @@ -2951,4 +3247,9 @@ CONFIG_CC_HAS_SANCOV_TRACE_PC=y CONFIG_ARCH_USE_MEMTEST=y # CONFIG_MEMTEST is not set # end of Kernel Testing and Coverage + +# +# Rust hacking +# +# end of Rust hacking # end of Kernel hacking diff --git a/SPECS/kernel-uvm/kernel-uvm.signatures.json b/SPECS/kernel-uvm/kernel-uvm.signatures.json index f132699bba5..75e98fd98d8 100644 --- a/SPECS/kernel-uvm/kernel-uvm.signatures.json +++ b/SPECS/kernel-uvm/kernel-uvm.signatures.json @@ -1,6 +1,6 @@ { "Signatures": { - "config": "e0318bccd7ce6f2a729d06098e4ab14e7edb9de1c5ad034f3cec10d88cb9ef30", - "kernel-mshv-5.15.110.mshv2.tar.gz": "380928fa07ff5007734898f111ad95282db29052726017088259a6314f77ab78" + "config": "56859a4947b2f23d3663c1ed5dc4bcb8f56c2e42b90f6b18b0f46f1e27ba11c3", + "kernel-uvm-6.1.0.mshv11.tar.gz": "11ab6d4082a1d7c73fc5abc71faf0d2507bb5e7b18100f5636d476748bf0520d" } } diff --git a/SPECS/kernel-uvm/kernel-uvm.spec b/SPECS/kernel-uvm/kernel-uvm.spec index 07ecfeffd91..f7873e6404f 100644 --- a/SPECS/kernel-uvm/kernel-uvm.spec +++ b/SPECS/kernel-uvm/kernel-uvm.spec @@ -10,14 +10,13 @@ Summary: Linux Kernel for Kata UVM Name: kernel-uvm -Version: 5.15.110.mshv2 -Release: 2%{?dist} +Version: 6.1.0.mshv11 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner Group: System Environment/Kernel -# uses same source as kernel-mshv -Source0: %{_mariner_sources_url}/kernel-mshv-%{version}.tar.gz +Source0: %{_mariner_sources_url}/kernel-uvm-%{version}.tar.gz Source1: config BuildRequires: audit-devel BuildRequires: bash @@ -154,6 +153,18 @@ find %{buildroot}/lib/modules -name '*.ko' -exec chmod u+x {} + %{_prefix}/src/linux-headers-%{uname_r} %changelog +* Thu Sep 15 2023 Saul Paredes - 6.1.0.mshv11-1 +- Update to v6.1.0.mshv11 + +* Fri Sep 15 2023 Saul Paredes - 6.1.0.mshv10-1 +- Update to v6.1.0.mshv10 + +* Mon Aug 28 2023 Saul Paredes - 5.15.123.mshv4-1 +- Update to v5.15.123.mshv4 + +* Thu Jun 22 2023 Saul Paredes - 5.15.118.mshv4-1 +- Update to v5.15.118.mshv4 + * Wed May 31 2023 Dallas Delaney - 5.15.110.mshv2-2 - Enable dm-verity diff --git a/cgmanifest.json b/cgmanifest.json index e4fa8c1d37d..679be934f79 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -1797,8 +1797,8 @@ "type": "other", "other": { "name": "cloud-hypervisor", - "version": "31.1", - "downloadUrl": "https://github.com/cloud-hypervisor/cloud-hypervisor/archive/refs/tags/v31.1.tar.gz" + "version": "32.0", + "downloadUrl": "https://github.com/cloud-hypervisor/cloud-hypervisor/archive/refs/tags/v32.0.tar.gz" } } }, @@ -8111,8 +8111,8 @@ "type": "other", "other": { "name": "kata-containers-cc", - "version": "0.6.0", - "downloadUrl": "https://github.com/microsoft/kata-containers/archive/refs/tags/cc-0.6.0.tar.gz" + "version": "0.6.1", + "downloadUrl": "https://github.com/microsoft/kata-containers/archive/refs/tags/cc-0.6.1.tar.gz" } } }, @@ -8221,8 +8221,8 @@ "type": "other", "other": { "name": "kernel-mshv", - "version": "5.15.110.mshv2", - "downloadUrl": "https://cblmarinerstorage.blob.core.windows.net/sources/core/kernel-mshv-5.15.110.mshv2.tar.gz" + "version": "5.15.126.mshv3", + "downloadUrl": "https://cblmarinerstorage.blob.core.windows.net/sources/core/kernel-mshv-5.15.126.mshv3.tar.gz" } } }, @@ -8241,8 +8241,18 @@ "type": "other", "other": { "name": "kernel-uvm", - "version": "5.15.110.mshv2", - "downloadUrl": "https://cblmarinerstorage.blob.core.windows.net/sources/core/kernel-mshv-5.15.110.mshv2.tar.gz" + "version": "6.1.0.mshv11", + "downloadUrl": "https://cblmarinerstorage.blob.core.windows.net/sources/core/kernel-uvm-6.1.0.mshv11.tar.gz" + } + } + }, + { + "component": { + "type": "other", + "other": { + "name": "kernel-uvm-cvm", + "version": "6.1.0.mshv11", + "downloadUrl": "https://cblmarinerstorage.blob.core.windows.net/sources/core/kernel-uvm-6.1.0.mshv11.tar.gz" } } }, From f5151e750894bed8878faa2c57edb06da33b75ae Mon Sep 17 00:00:00 2001 From: Chris Gunn Date: Mon, 2 Oct 2023 11:34:27 -0700 Subject: [PATCH 39/47] Image customizer: Implement `PostInstallScripts` and `FinalizeImageScripts`. (#6323) --- toolkit/tools/imagecustomizerapi/script.go | 21 +++++++ .../tools/imagecustomizerapi/systemconfig.go | 18 +++++- .../pkg/imagecustomizerlib/customizeutils.go | 57 +++++++++++++++++++ .../pkg/imagecustomizerlib/imagecustomizer.go | 39 +++++++++++++ .../imagecustomizer_test.go | 38 +++++++++++++ .../testdata/runscripts-config.yaml | 5 ++ .../testdata/scripts/finalizeimagescript.sh | 3 + .../testdata/scripts/postinstallscript.sh | 3 + 8 files changed, 183 insertions(+), 1 deletion(-) create mode 100644 toolkit/tools/imagecustomizerapi/script.go create mode 100644 toolkit/tools/pkg/imagecustomizerlib/testdata/runscripts-config.yaml create mode 100755 toolkit/tools/pkg/imagecustomizerlib/testdata/scripts/finalizeimagescript.sh create mode 100755 toolkit/tools/pkg/imagecustomizerlib/testdata/scripts/postinstallscript.sh diff --git a/toolkit/tools/imagecustomizerapi/script.go b/toolkit/tools/imagecustomizerapi/script.go new file mode 100644 index 00000000000..de03103a7e8 --- /dev/null +++ b/toolkit/tools/imagecustomizerapi/script.go @@ -0,0 +1,21 @@ +// Copyright (c) Microsoft Corporation. +// Licensed under the MIT License. + +package imagecustomizerapi + +import ( + "fmt" +) + +type Script struct { + Path string `yaml:"Path"` + Args string `yaml:"Args"` +} + +func (s *Script) IsValid() error { + if s.Path == "" { + return fmt.Errorf("value of Path may not be empty") + } + + return nil +} diff --git a/toolkit/tools/imagecustomizerapi/systemconfig.go b/toolkit/tools/imagecustomizerapi/systemconfig.go index b0df51f6d84..346f57fa986 100644 --- a/toolkit/tools/imagecustomizerapi/systemconfig.go +++ b/toolkit/tools/imagecustomizerapi/systemconfig.go @@ -9,7 +9,9 @@ import ( // SystemConfig defines how each system present on the image is supposed to be configured. type SystemConfig struct { - AdditionalFiles map[string]FileConfigList `yaml:"AdditionalFiles"` + AdditionalFiles map[string]FileConfigList `yaml:"AdditionalFiles"` + PostInstallScripts []Script `yaml:"PostInstallScripts"` + FinalizeImageScripts []Script `yaml:"FinalizeImageScripts"` } func (s *SystemConfig) IsValid() error { @@ -22,5 +24,19 @@ func (s *SystemConfig) IsValid() error { } } + for i, script := range s.PostInstallScripts { + err = script.IsValid() + if err != nil { + return fmt.Errorf("invalid PostInstallScripts item at index %d: %w", i, err) + } + } + + for i, script := range s.FinalizeImageScripts { + err = script.IsValid() + if err != nil { + return fmt.Errorf("invalid FinalizeImageScripts item at index %d: %w", i, err) + } + } + return nil } diff --git a/toolkit/tools/pkg/imagecustomizerlib/customizeutils.go b/toolkit/tools/pkg/imagecustomizerlib/customizeutils.go index 0a40cc0ea92..12b1fa611b1 100644 --- a/toolkit/tools/pkg/imagecustomizerlib/customizeutils.go +++ b/toolkit/tools/pkg/imagecustomizerlib/customizeutils.go @@ -4,21 +4,42 @@ package imagecustomizerlib import ( + "fmt" "io/fs" "path/filepath" "github.com/microsoft/CBL-Mariner/toolkit/tools/imagecustomizerapi" "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/safechroot" + "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/safemount.go" + "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/shell" + "golang.org/x/sys/unix" +) + +const ( + configDirMountPathInChroot = "/_imageconfigs" ) func doCustomizations(baseConfigPath string, config *imagecustomizerapi.SystemConfig, imageChroot *safechroot.Chroot) error { var err error + // Note: The ordering of the customization steps here should try to mirror the order of the equivalent steps in imager + // tool as closely as possible. + err = copyAdditionalFiles(baseConfigPath, config.AdditionalFiles, imageChroot) if err != nil { return err } + err = runScripts(baseConfigPath, config.PostInstallScripts, imageChroot) + if err != nil { + return err + } + + err = runScripts(baseConfigPath, config.FinalizeImageScripts, imageChroot) + if err != nil { + return err + } + return nil } @@ -42,3 +63,39 @@ func copyAdditionalFiles(baseConfigPath string, additionalFiles map[string]image return nil } + +func runScripts(baseConfigPath string, scripts []imagecustomizerapi.Script, imageChroot *safechroot.Chroot) error { + configDirMountPath := filepath.Join(imageChroot.RootDir(), configDirMountPathInChroot) + + // Bind mount the config directory so that the scripts can access any required resources. + mount, err := safemount.NewMount(baseConfigPath, configDirMountPath, "", unix.MS_BIND|unix.MS_RDONLY, "", true) + if err != nil { + return err + } + defer mount.Close() + + for _, script := range scripts { + scriptPathInChroot := filepath.Join(configDirMountPathInChroot, script.Path) + command := fmt.Sprintf("%s %s", scriptPathInChroot, script.Args) + + // Run the script. + err = imageChroot.UnsafeRun(func() error { + err := shell.ExecuteLive(false, shell.ShellProgram, "-c", command) + if err != nil { + return err + } + + return nil + }) + if err != nil { + return err + } + } + + err = mount.Close() + if err != nil { + return err + } + + return nil +} diff --git a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go index 140bb667969..510942132e0 100644 --- a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go +++ b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer.go @@ -112,6 +112,8 @@ func toQemuImageFormat(imageFormat string) (string, error) { } func validateConfig(baseConfigPath string, config *imagecustomizerapi.SystemConfig) error { + var err error + for sourceFile := range config.AdditionalFiles { sourceFileFullPath := filepath.Join(baseConfigPath, sourceFile) isFile, err := file.IsFile(sourceFileFullPath) @@ -124,6 +126,43 @@ func validateConfig(baseConfigPath string, config *imagecustomizerapi.SystemConf } } + for i, script := range config.PostInstallScripts { + err = validateScript(baseConfigPath, &script) + if err != nil { + return fmt.Errorf("invalid PostInstallScripts item at index %d: %w", i, err) + } + } + + for i, script := range config.FinalizeImageScripts { + err = validateScript(baseConfigPath, &script) + if err != nil { + return fmt.Errorf("invalid FinalizeImageScripts item at index %d: %w", i, err) + } + } + + return nil +} + +func validateScript(baseConfigPath string, script *imagecustomizerapi.Script) error { + // Ensure that install scripts sit under the config file's parent directory. + // This allows the install script to be run in the chroot environment by bind mounting the config directory. + if !filepath.IsLocal(script.Path) { + return fmt.Errorf("install script (%s) is not under config directory (%s)", script.Path, baseConfigPath) + } + + // Verify that the file exists. + fullPath := filepath.Join(baseConfigPath, script.Path) + + scriptStat, err := os.Stat(fullPath) + if err != nil { + return fmt.Errorf("couldn't read install script (%s):\n%w", script.Path, err) + } + + // Verify that the file has an executable bit set. + if scriptStat.Mode()&0111 == 0 { + return fmt.Errorf("install script (%s) does not have executable bit set", script.Path) + } + return nil } diff --git a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go index 53b13867702..b52f6ae9aac 100644 --- a/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go +++ b/toolkit/tools/pkg/imagecustomizerlib/imagecustomizer_test.go @@ -129,6 +129,44 @@ func TestValidateConfigdditionalFilesIsDir(t *testing.T) { assert.Error(t, err) } +func TestValidateConfigScript(t *testing.T) { + err := validateConfig(testDir, &imagecustomizerapi.SystemConfig{ + PostInstallScripts: []imagecustomizerapi.Script{ + { + Path: "scripts/postinstallscript.sh", + }, + }, + FinalizeImageScripts: []imagecustomizerapi.Script{ + { + Path: "scripts/finalizeimagescript.sh", + }, + }, + }) + assert.NoError(t, err) +} + +func TestValidateConfigScriptNonLocalFile(t *testing.T) { + err := validateConfig(testDir, &imagecustomizerapi.SystemConfig{ + PostInstallScripts: []imagecustomizerapi.Script{ + { + Path: "../a.sh", + }, + }, + }) + assert.Error(t, err) +} + +func TestValidateConfigScriptNonExecutable(t *testing.T) { + err := validateConfig(testDir, &imagecustomizerapi.SystemConfig{ + FinalizeImageScripts: []imagecustomizerapi.Script{ + { + Path: "files/a.txt", + }, + }, + }) + assert.Error(t, err) +} + func createFakeEfiImage(buildDir string) (string, []string, []*safechroot.MountPoint, error) { var err error diff --git a/toolkit/tools/pkg/imagecustomizerlib/testdata/runscripts-config.yaml b/toolkit/tools/pkg/imagecustomizerlib/testdata/runscripts-config.yaml new file mode 100644 index 00000000000..4ea17d91316 --- /dev/null +++ b/toolkit/tools/pkg/imagecustomizerlib/testdata/runscripts-config.yaml @@ -0,0 +1,5 @@ +PostInstallScripts: +- Path: scripts/postinstallscript.sh + +FinalizeImageScripts: +- Path: scripts/finalizeimagescript.sh diff --git a/toolkit/tools/pkg/imagecustomizerlib/testdata/scripts/finalizeimagescript.sh b/toolkit/tools/pkg/imagecustomizerlib/testdata/scripts/finalizeimagescript.sh new file mode 100755 index 00000000000..5330114df0f --- /dev/null +++ b/toolkit/tools/pkg/imagecustomizerlib/testdata/scripts/finalizeimagescript.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +echo "A finalize image script" diff --git a/toolkit/tools/pkg/imagecustomizerlib/testdata/scripts/postinstallscript.sh b/toolkit/tools/pkg/imagecustomizerlib/testdata/scripts/postinstallscript.sh new file mode 100755 index 00000000000..c6f06bf0484 --- /dev/null +++ b/toolkit/tools/pkg/imagecustomizerlib/testdata/scripts/postinstallscript.sh @@ -0,0 +1,3 @@ +#!/usr/bin/env bash + +echo "A post install script" From 4050c1fef8e8b0d4631af5aa7be0d2f19a9c07d7 Mon Sep 17 00:00:00 2001 From: Chris Gunn Date: Mon, 2 Oct 2023 12:09:13 -0700 Subject: [PATCH 40/47] Image Customizer: Support Hostname (#6325) --- .../tools/imagecustomizerapi/systemconfig.go | 10 +++++++++ .../imagecustomizerapi/systemconfig_test.go | 8 +++++++ .../pkg/imagecustomizerlib/customizeutils.go | 22 +++++++++++++++++++ .../imagecustomizerlib/customizeutils_test.go | 22 +++++++++++++++++++ 4 files changed, 62 insertions(+) diff --git a/toolkit/tools/imagecustomizerapi/systemconfig.go b/toolkit/tools/imagecustomizerapi/systemconfig.go index 346f57fa986..c1306076eb8 100644 --- a/toolkit/tools/imagecustomizerapi/systemconfig.go +++ b/toolkit/tools/imagecustomizerapi/systemconfig.go @@ -5,10 +5,14 @@ package imagecustomizerapi import ( "fmt" + "strings" + + "github.com/asaskevich/govalidator" ) // SystemConfig defines how each system present on the image is supposed to be configured. type SystemConfig struct { + Hostname string `yaml:"Hostname"` AdditionalFiles map[string]FileConfigList `yaml:"AdditionalFiles"` PostInstallScripts []Script `yaml:"PostInstallScripts"` FinalizeImageScripts []Script `yaml:"FinalizeImageScripts"` @@ -17,6 +21,12 @@ type SystemConfig struct { func (s *SystemConfig) IsValid() error { var err error + if s.Hostname != "" { + if !govalidator.IsDNSName(s.Hostname) || strings.Contains(s.Hostname, "_") { + return fmt.Errorf("invalid hostname: %s", s.Hostname) + } + } + for sourcePath, fileConfigList := range s.AdditionalFiles { err = fileConfigList.IsValid() if err != nil { diff --git a/toolkit/tools/imagecustomizerapi/systemconfig_test.go b/toolkit/tools/imagecustomizerapi/systemconfig_test.go index b0a865b5b81..f08ac90eae1 100644 --- a/toolkit/tools/imagecustomizerapi/systemconfig_test.go +++ b/toolkit/tools/imagecustomizerapi/systemconfig_test.go @@ -11,6 +11,14 @@ func TestSystemConfigValidEmpty(t *testing.T) { testValidYamlValue[*SystemConfig](t, "{ }", &SystemConfig{}) } +func TestSystemConfigValidHostname(t *testing.T) { + testValidYamlValue[*SystemConfig](t, "{ \"Hostname\": \"validhostname\" }", &SystemConfig{Hostname: "validhostname"}) +} + +func TestSystemConfigInvalidHostname(t *testing.T) { + testInvalidYamlValue[*SystemConfig](t, "{ \"Hostname\": \"invalid_hostname\" }") +} + func TestSystemConfigInvalidAdditionalFiles(t *testing.T) { testInvalidYamlValue[*SystemConfig](t, "{ \"AdditionalFiles\": { \"a.txt\": [] } }") } diff --git a/toolkit/tools/pkg/imagecustomizerlib/customizeutils.go b/toolkit/tools/pkg/imagecustomizerlib/customizeutils.go index 12b1fa611b1..b973ba7f9c6 100644 --- a/toolkit/tools/pkg/imagecustomizerlib/customizeutils.go +++ b/toolkit/tools/pkg/imagecustomizerlib/customizeutils.go @@ -9,6 +9,7 @@ import ( "path/filepath" "github.com/microsoft/CBL-Mariner/toolkit/tools/imagecustomizerapi" + "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/file" "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/safechroot" "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/safemount.go" "github.com/microsoft/CBL-Mariner/toolkit/tools/internal/shell" @@ -25,6 +26,11 @@ func doCustomizations(baseConfigPath string, config *imagecustomizerapi.SystemCo // Note: The ordering of the customization steps here should try to mirror the order of the equivalent steps in imager // tool as closely as possible. + err = updateHostname(config.Hostname, imageChroot) + if err != nil { + return err + } + err = copyAdditionalFiles(baseConfigPath, config.AdditionalFiles, imageChroot) if err != nil { return err @@ -43,6 +49,22 @@ func doCustomizations(baseConfigPath string, config *imagecustomizerapi.SystemCo return nil } +func updateHostname(hostname string, imageChroot *safechroot.Chroot) error { + var err error + + if hostname == "" { + return nil + } + + hostnameFilePath := filepath.Join(imageChroot.RootDir(), "etc/hostname") + err = file.Write(hostname, hostnameFilePath) + if err != nil { + return fmt.Errorf("failed to write hostname file: %w", err) + } + + return nil +} + func copyAdditionalFiles(baseConfigPath string, additionalFiles map[string]imagecustomizerapi.FileConfigList, imageChroot *safechroot.Chroot) error { var err error diff --git a/toolkit/tools/pkg/imagecustomizerlib/customizeutils_test.go b/toolkit/tools/pkg/imagecustomizerlib/customizeutils_test.go index 071b5e3779b..f4bcf421cce 100644 --- a/toolkit/tools/pkg/imagecustomizerlib/customizeutils_test.go +++ b/toolkit/tools/pkg/imagecustomizerlib/customizeutils_test.go @@ -14,6 +14,28 @@ import ( "github.com/stretchr/testify/assert" ) +func TestUpdateHostname(t *testing.T) { + // Setup environment. + proposedDir := filepath.Join(tmpDir, "TestUpdateHostname") + chroot := safechroot.NewChroot(proposedDir, false) + err := chroot.Initialize("", []string{}, []*safechroot.MountPoint{}) + assert.NoError(t, err) + defer chroot.Close(false) + + err = os.MkdirAll(filepath.Join(chroot.RootDir(), "etc"), os.ModePerm) + assert.NoError(t, err) + + // Set hostname. + expectedHostname := "testhostname" + err = updateHostname(expectedHostname, chroot) + assert.NoError(t, err) + + // Ensure hostname was correctly set. + actualHostname, err := os.ReadFile(filepath.Join(chroot.RootDir(), "etc/hostname")) + assert.NoError(t, err) + assert.Equal(t, expectedHostname, string(actualHostname)) +} + func TestCopyAdditionalFiles(t *testing.T) { proposedDir := filepath.Join(tmpDir, "TestCopyAdditionalFiles") chroot := safechroot.NewChroot(proposedDir, false) From 59a542e04dbb9ff8e4c5c9a92834bf3e882f51c5 Mon Sep 17 00:00:00 2001 From: Pawel Winogrodzki Date: Mon, 2 Oct 2023 12:48:59 -0700 Subject: [PATCH 41/47] Added explicit BR on `libxslt-devel` to `xmlsec1.spec`. (#6331) --- SPECS/xmlsec1/xmlsec1.spec | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/SPECS/xmlsec1/xmlsec1.spec b/SPECS/xmlsec1/xmlsec1.spec index 6d7e7d17f79..f4074dc4376 100644 --- a/SPECS/xmlsec1/xmlsec1.spec +++ b/SPECS/xmlsec1/xmlsec1.spec @@ -1,7 +1,7 @@ Summary: Library providing support for "XML Signature" and "XML Encryption" standards Name: xmlsec1 Version: 1.2.34 -Release: 1%{?dist} +Release: 2%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -12,6 +12,7 @@ BuildRequires: gnutls-devel BuildRequires: libgcrypt-devel BuildRequires: libltdl-devel BuildRequires: libxml2-devel +BuildRequires: libxslt-devel BuildRequires: nss-devel Requires: libltdl Requires: libxml2 @@ -104,6 +105,9 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck} %{_mandir}/man1/xmlsec1-config.1.gz %changelog +* Mon Oct 02 2023 Pawel Winogrodzki - 1.2.34-2 +- Adding BR for 'libxslt-devel' to fix a build issue. + * Fri Sep 23 2022 Andrew Phelps - 1.2.34-1 - Update to version 1.2.34 - Add nss-tools to fix check tests From c333521c24715aaa9745a9d90c3a0fd8827e3ada Mon Sep 17 00:00:00 2001 From: Cameron E Baird Date: Mon, 2 Oct 2023 15:49:48 -0700 Subject: [PATCH 42/47] Add mkconfig-based template to iso installer manifest (#6332) --- toolkit/resources/imageconfigs/iso_initrd.json | 1 + toolkit/resources/imageconfigs/iso_initrd_arm64.json | 1 + 2 files changed, 2 insertions(+) diff --git a/toolkit/resources/imageconfigs/iso_initrd.json b/toolkit/resources/imageconfigs/iso_initrd.json index e902c45efde..0ce0fe394de 100644 --- a/toolkit/resources/imageconfigs/iso_initrd.json +++ b/toolkit/resources/imageconfigs/iso_initrd.json @@ -31,6 +31,7 @@ "../assets/efi/grub/grub.cfg": "/installer/efi/grub/grub.cfg", "../assets/efi/grub/grubEncrypt.cfg": "/installer/efi/grub/grubEncrypt.cfg", "../assets/grub2/grub.cfg": "/installer/grub2/grub.cfg", + "../assets/grub2/grub": "/installer/grub2/grub", "../assets/grub2/grubenv": "/installer/grub2/grubenv", "additionalfiles/iso_initrd/init": "/init", "additionalfiles/iso_initrd/installer/calamares-EULA.txt": "/etc/calamares/mariner-eula", diff --git a/toolkit/resources/imageconfigs/iso_initrd_arm64.json b/toolkit/resources/imageconfigs/iso_initrd_arm64.json index 1b65a87c32c..ca72912ea48 100644 --- a/toolkit/resources/imageconfigs/iso_initrd_arm64.json +++ b/toolkit/resources/imageconfigs/iso_initrd_arm64.json @@ -26,6 +26,7 @@ "../assets/efi/grub/grub.cfg": "/installer/efi/grub/grub.cfg", "../assets/efi/grub/grubEncrypt.cfg": "/installer/efi/grub/grubEncrypt.cfg", "../assets/grub2/grub.cfg": "/installer/grub2/grub.cfg", + "../assets/grub2/grub": "/installer/grub2/grub", "../assets/grub2/grubenv": "/installer/grub2/grubenv", "additionalfiles/iso_initrd/init": "/init", "additionalfiles/iso_initrd/installer/calamares-EULA.txt": "/etc/calamares/mariner-eula", From fa58e6b7914b653bc44fabdc8b3948435f1cebcb Mon Sep 17 00:00:00 2001 From: Muhammad Falak R Wani Date: Tue, 3 Oct 2023 09:16:40 +0530 Subject: [PATCH 43/47] libsprio: upgrade version 20190731 -> 20221101 to address CVE-2019-19847 (#6267) Signed-off-by: Muhammad Falak R Wani --- .../libspiro/libspiro.signatures.json | 2 +- SPECS-EXTENDED/libspiro/libspiro.spec | 38 ++++++++++--------- cgmanifest.json | 6 +-- 3 files changed, 24 insertions(+), 22 deletions(-) diff --git a/SPECS-EXTENDED/libspiro/libspiro.signatures.json b/SPECS-EXTENDED/libspiro/libspiro.signatures.json index 513d3415e35..279bf13a91f 100644 --- a/SPECS-EXTENDED/libspiro/libspiro.signatures.json +++ b/SPECS-EXTENDED/libspiro/libspiro.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "libspiro-20190731.tar.gz": "24c7d1ccc7c7fe44ff10c376aa9f96e20e505f417ee72b63dc91a9b34eeac354" + "libspiro-20221101.tar.gz": "5984fb5af3e4e1f927f3a74850b705a711fb86284802a5e6170b09786440e8be" } } \ No newline at end of file diff --git a/SPECS-EXTENDED/libspiro/libspiro.spec b/SPECS-EXTENDED/libspiro/libspiro.spec index 04eeca5bda8..d7eaa8703e0 100644 --- a/SPECS-EXTENDED/libspiro/libspiro.spec +++ b/SPECS-EXTENDED/libspiro/libspiro.spec @@ -1,21 +1,19 @@ +Summary: Library to simplify the drawing of beautiful curves +Name: libspiro +Version: 20221101 +Release: 1%{?dist} +License: GPL-3.0-or-later Vendor: Microsoft Corporation Distribution: Mariner -Name: libspiro -Version: 20190731 -Release: 3%{?dist} -Summary: Library to simplify the drawing of beautiful curves - -# The files that are used to compile this library are all in GPLv3+ -# https://github.com/fontforge/libspiro/issues/8 -License: GPLv3+ URL: https://github.com/fontforge/libspiro/ -Source0: https://github.com/fontforge/libspiro/releases/download/%{version}/libspiro-%{version}.tar.gz -BuildRequires: automake autoconf libtool +Source0: https://github.com/fontforge/libspiro/releases/download/%{version}/libspiro-dist-%{version}.tar.gz#/%{name}-%{version}.tar.gz +BuildRequires: gcc +BuildRequires: make %description -This library will take an array of spiro control points and -convert them into a series of bézier splines which can then -be used in the myriad of ways the world has come to use béziers. +This library will take an array of spiro control points and +convert them into a series of bézier splines which can then +be used in the myriad of ways the world has come to use béziers. %package devel Summary: Development files for %{name} @@ -29,14 +27,12 @@ developing applications that use %{name}. %autosetup -n libspiro-%{version} %build -autoreconf -i -automake --foreign -Wall %configure --disable-static -make %{?_smp_mflags} +%make_build %install -make install DESTDIR=$RPM_BUILD_ROOT INSTALL="install -p" -find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' +%make_install +find %{buildroot} -type f -name "*.la" -delete -print %files %doc README* ChangeLog AUTHORS @@ -47,8 +43,14 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';' %{_includedir}/* %{_libdir}/*.so %{_libdir}/pkgconfig/libspiro.pc +%{_mandir}/man3/libspiro.3.gz %changelog +* Fri Oct 15 2021 Muhammad Falak - 20221101-1 +- Bump version to address CVE-2019-19847 +- Lint spec +- License verified + * Fri Oct 15 2021 Pawel Winogrodzki - 20190731-3 - Initial CBL-Mariner import from Fedora 32 (license: MIT). diff --git a/cgmanifest.json b/cgmanifest.json index 679be934f79..bbd94e352b6 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -11071,8 +11071,8 @@ "type": "other", "other": { "name": "libspiro", - "version": "20190731", - "downloadUrl": "https://github.com/fontforge/libspiro/releases/download/20190731/libspiro-20190731.tar.gz" + "version": "20221101", + "downloadUrl": "https://github.com/fontforge/libspiro/releases/download/20221101/libspiro-dist-20221101.tar.gz" } } }, @@ -30907,4 +30907,4 @@ } ], "Version": 1 -} \ No newline at end of file +} From 9f738e014537ddf1d07c681b112ccea87cdcddb3 Mon Sep 17 00:00:00 2001 From: Daniel McIlvaney Date: Tue, 3 Oct 2023 16:37:22 -0700 Subject: [PATCH 44/47] Update read-only-root-efi.json to remove demo credentials (#6337) --- toolkit/imageconfigs/read-only-root-efi.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/toolkit/imageconfigs/read-only-root-efi.json b/toolkit/imageconfigs/read-only-root-efi.json index 45197cd23d4..3e6caeec289 100644 --- a/toolkit/imageconfigs/read-only-root-efi.json +++ b/toolkit/imageconfigs/read-only-root-efi.json @@ -99,7 +99,7 @@ "Name": "root", "Password": "$6$20m6y6nwlU1K$hKgyNYjVSKPJOTFaAzAf/fwACUV/dZ1NPy5cGNkhvRzKJiKDBKofuvDpdl81Jak4ep756DnZmVm7JfGRMO/n90", "PasswordHashed": true, - "_comment": "The password is 'p@ssw0rd', this should be regenerated with 'openssl passwd -6 -salt ', or use the json key 'SSHPubKeyPaths' to use an SSH key for login" + "_comment": "This password was generated with 'openssl passwd -6 -salt '. You may also use the json key 'SSHPubKeyPaths' to use an SSH key for login" } ] } From 115ecc713d6b70246707cecfea8598777af9e3e8 Mon Sep 17 00:00:00 2001 From: Mandeep Plaha <99760213+mandeepsplaha@users.noreply.github.com> Date: Tue, 3 Oct 2023 16:38:04 -0700 Subject: [PATCH 45/47] Mandeepsplaha/patch cves against gdb (#6338) * Patch CVE-2023-4911 in glibc * Update all specs that build require glibc-static --- SPECS-EXTENDED/buildah/buildah.spec | 7 +- SPECS-EXTENDED/catatonit/catatonit.spec | 7 +- SPECS-EXTENDED/dyninst/dyninst.spec | 7 +- SPECS-EXTENDED/podman/podman.spec | 7 +- SPECS/busybox/busybox.spec | 7 +- SPECS/flannel/flannel.spec | 7 +- SPECS/glibc/CVE-2023-4911.patch | 147 ++++++++++++++++++ SPECS/glibc/glibc.spec | 6 +- SPECS/kubevirt/kubevirt.spec | 7 +- SPECS/libguestfs/libguestfs.spec | 7 +- SPECS/rust/rust.spec | 7 +- SPECS/supermin/supermin.spec | 7 +- SPECS/tini/tini.spec | 7 +- .../manifests/package/pkggen_core_aarch64.txt | 14 +- .../manifests/package/pkggen_core_x86_64.txt | 14 +- .../manifests/package/toolchain_aarch64.txt | 18 +-- .../manifests/package/toolchain_x86_64.txt | 18 +-- 17 files changed, 239 insertions(+), 55 deletions(-) create mode 100644 SPECS/glibc/CVE-2023-4911.patch diff --git a/SPECS-EXTENDED/buildah/buildah.spec b/SPECS-EXTENDED/buildah/buildah.spec index deb6926b754..c17d6cf3cf9 100644 --- a/SPECS-EXTENDED/buildah/buildah.spec +++ b/SPECS-EXTENDED/buildah/buildah.spec @@ -21,7 +21,7 @@ Summary: A command line tool used for creating OCI Images Name: buildah Version: 1.18.0 -Release: 17%{?dist} +Release: 18%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -32,7 +32,7 @@ BuildRequires: btrfs-progs-devel BuildRequires: device-mapper-devel BuildRequires: git BuildRequires: glib2-devel -BuildRequires: glibc-static >= 2.35-4%{?dist} +BuildRequires: glibc-static >= 2.35-5%{?dist} BuildRequires: go-md2man BuildRequires: go-rpm-macros BuildRequires: golang @@ -123,6 +123,9 @@ cp imgtype %{buildroot}/%{_bindir}/%{name}-imgtype %{_datadir}/%{name}/test %changelog +* Tue Oct 03 2023 Mandeep Plaha - 1.18.0-18 +- Bump release to rebuild against glibc 2.35-5 + * Tue Sep 05 2023 Brian Fjeldstad - 1.18.0-17 - Address CVE-2022-2990 diff --git a/SPECS-EXTENDED/catatonit/catatonit.spec b/SPECS-EXTENDED/catatonit/catatonit.spec index 8dedeaaebee..aaa588a0d77 100644 --- a/SPECS-EXTENDED/catatonit/catatonit.spec +++ b/SPECS-EXTENDED/catatonit/catatonit.spec @@ -3,7 +3,7 @@ Distribution: Mariner Name: catatonit Version: 0.1.7 -Release: 7%{?dist} +Release: 8%{?dist} Summary: A signal-forwarding process manager for containers License: GPLv3+ URL: https://github.com/openSUSE/catatonit @@ -13,7 +13,7 @@ BuildRequires: automake BuildRequires: file BuildRequires: gcc BuildRequires: git -BuildRequires: glibc-static >= 2.35-4%{?dist} +BuildRequires: glibc-static >= 2.35-5%{?dist} BuildRequires: libtool BuildRequires: make @@ -61,6 +61,9 @@ ln -s %{_libexecdir}/%{name}/%{name} %{buildroot}%{_libexecdir}/podman/%{name} %{_libexecdir}/podman/%{name} %changelog +* Tue Oct 03 2023 Mandeep Plaha - 0.1.7-8 +- Bump release to rebuild against glibc 2.35-5 + * Wed Jul 05 2023 Andrew Phelps - 0.1.7-7 - Bump release to rebuild against glibc 2.35-4 diff --git a/SPECS-EXTENDED/dyninst/dyninst.spec b/SPECS-EXTENDED/dyninst/dyninst.spec index d5de5ee96df..69be25ebbf0 100644 --- a/SPECS-EXTENDED/dyninst/dyninst.spec +++ b/SPECS-EXTENDED/dyninst/dyninst.spec @@ -1,7 +1,7 @@ Summary: An API for Run-time Code Generation License: LGPLv2+ Name: dyninst -Release: 9%{?dist} +Release: 10%{?dist} Vendor: Microsoft Corporation Distribution: Mariner URL: http://www.dyninst.org @@ -31,7 +31,7 @@ BuildRequires: tbb tbb-devel # Extra requires just for the testsuite BuildRequires: gcc-gfortran libstdc++-static libxml2-devel -BuildRequires: glibc-static >= 2.35-4%{?dist} +BuildRequires: glibc-static >= 2.35-5%{?dist} # Testsuite files should not provide/require anything %{?filter_setup: @@ -194,6 +194,9 @@ echo "%{_libdir}/dyninst" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf %attr(644,root,root) %{_libdir}/dyninst/testsuite/*.a %changelog +* Tue Oct 03 2023 Mandeep Plaha - 10.1.0-10 +- Bump release to rebuild against glibc 2.35-5 + * Wed Jul 05 2023 Andrew Phelps - 10.1.0-9 - Bump release to rebuild against glibc 2.35-4 diff --git a/SPECS-EXTENDED/podman/podman.spec b/SPECS-EXTENDED/podman/podman.spec index 5d1bda945ec..042b534a014 100644 --- a/SPECS-EXTENDED/podman/podman.spec +++ b/SPECS-EXTENDED/podman/podman.spec @@ -36,7 +36,7 @@ Name: podman Version: 4.1.1 -Release: 14%{?dist} +Release: 15%{?dist} License: ASL 2.0 and BSD and ISC and MIT and MPLv2.0 Summary: Manage Pods, Containers and Container Images Vendor: Microsoft Corporation @@ -51,7 +51,7 @@ BuildRequires: go-md2man BuildRequires: golang BuildRequires: gcc BuildRequires: glib2-devel -BuildRequires: glibc-static >= 2.35-4%{?dist} +BuildRequires: glibc-static >= 2.35-5%{?dist} BuildRequires: git BuildRequires: go-rpm-macros BuildRequires: gpgme-devel @@ -387,6 +387,9 @@ cp -pav test/system %{buildroot}/%{_datadir}/%{name}/test/ # rhcontainerbot account currently managed by lsm5 %changelog +* Tue Oct 03 2023 Mandeep Plaha - 4.1.1-15 +- Bump release to rebuild against glibc 2.35-5 + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 4.1.1-14 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/busybox/busybox.spec b/SPECS/busybox/busybox.spec index 8fcf2d49e84..8a3344e19fb 100644 --- a/SPECS/busybox/busybox.spec +++ b/SPECS/busybox/busybox.spec @@ -1,7 +1,7 @@ Summary: Statically linked binary providing simplified versions of system commands Name: busybox Version: 1.35.0 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Mariner @@ -16,7 +16,7 @@ Patch3: CVE-2022-30065.patch Patch4: ash-fix-use-after-free-in-pattern-substituon-code.patch Patch5: ash-fix-use-after-free-in-bash-pattern-substitution.patch BuildRequires: gcc -BuildRequires: glibc-static >= 2.35-4%{?dist} +BuildRequires: glibc-static >= 2.35-5%{?dist} BuildRequires: libselinux-devel >= 1.27.7-2 BuildRequires: libsepol-devel # libbb/hash_md5_sha.c @@ -94,6 +94,9 @@ install -m 644 docs/busybox.petitboot.1 %{buildroot}/%{_mandir}/man1/busybox.pet %{_mandir}/man1/busybox.petitboot.1.gz %changelog +* Tue Oct 03 2023 Mandeep Plaha - 1.35.0-7 +- Bump release to rebuild against glibc 2.35-5 + * Wed Sep 20 2023 Jon Slobodzian - 1.35.0-6 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) diff --git a/SPECS/flannel/flannel.spec b/SPECS/flannel/flannel.spec index 36b4cf1f876..f94f292d6dd 100644 --- a/SPECS/flannel/flannel.spec +++ b/SPECS/flannel/flannel.spec @@ -4,7 +4,7 @@ Summary: Simple and easy way to configure a layer 3 network fabric designed for Kubernetes Name: flannel Version: 0.14.0 -Release: 16%{?dist} +Release: 17%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -15,7 +15,7 @@ Source0: %{name}-%{version}.tar.gz BuildRequires: gcc BuildRequires: glibc-devel -BuildRequires: glibc-static >= 2.35-4%{?dist} +BuildRequires: glibc-static >= 2.35-5%{?dist} BuildRequires: golang >= 1.18.5 BuildRequires: kernel-headers @@ -48,6 +48,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./dist/flanneld %{_bindir}/flanneld %changelog +* Tue Oct 03 2023 Mandeep Plaha - 0.14.0-17 +- Bump release to rebuild against glibc 2.35-5 + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 0.14.0-16 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/glibc/CVE-2023-4911.patch b/SPECS/glibc/CVE-2023-4911.patch new file mode 100644 index 00000000000..f20443b6e42 --- /dev/null +++ b/SPECS/glibc/CVE-2023-4911.patch @@ -0,0 +1,147 @@ +From 1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa Mon Sep 17 00:00:00 2001 +From: Siddhesh Poyarekar +Date: Tue, 19 Sep 2023 18:39:32 -0400 +Subject: [PATCH] tunables: Terminate if end of input is reached + (CVE-2023-4911) + +The string parsing routine may end up writing beyond bounds of tunestr +if the input tunable string is malformed, of the form name=name=val. +This gets processed twice, first as name=name=val and next as name=val, +resulting in tunestr being name=name=val:name=val, thus overflowing +tunestr. + +Terminate the parsing loop at the first instance itself so that tunestr +does not overflow. + +This also fixes up tst-env-setuid-tunables to actually handle failures +correct and add new tests to validate the fix for this CVE. + +Signed-off-by: Siddhesh Poyarekar +Reviewed-by: Carlos O'Donell + +diff --git a/elf/dl-tunables.c b/elf/dl-tunables.c +index 8e7ee9d..76cf8b9 100644 +--- a/elf/dl-tunables.c ++++ b/elf/dl-tunables.c +@@ -187,11 +187,7 @@ parse_tunables (char *tunestr, char *valstring) + /* If we reach the end of the string before getting a valid name-value + pair, bail out. */ + if (p[len] == '\0') +- { +- if (__libc_enable_secure) +- tunestr[off] = '\0'; +- return; +- } ++ break; + + /* We did not find a valid name-value pair before encountering the + colon. */ +@@ -251,9 +247,16 @@ parse_tunables (char *tunestr, char *valstring) + } + } + +- if (p[len] != '\0') +- p += len + 1; ++ /* We reached the end while processing the tunable string. */ ++ if (p[len] == '\0') ++ break; ++ ++ p += len + 1; + } ++ ++ /* Terminate tunestr before we leave. */ ++ if (__libc_enable_secure) ++ tunestr[off] = '\0'; + } + #endif + +diff --git a/elf/tst-env-setuid-tunables.c b/elf/tst-env-setuid-tunables.c +index 88182b7..0e77584 100644 +--- a/elf/tst-env-setuid-tunables.c ++++ b/elf/tst-env-setuid-tunables.c +@@ -52,6 +52,8 @@ const char *teststrings[] = + "glibc.malloc.perturb=0x800:not_valid.malloc.check=2:glibc.malloc.mmap_threshold=4096", + "glibc.not_valid.check=2:glibc.malloc.mmap_threshold=4096", + "not_valid.malloc.check=2:glibc.malloc.mmap_threshold=4096", ++ "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096", ++ "glibc.malloc.check=2", + "glibc.malloc.garbage=2:glibc.maoc.mmap_threshold=4096:glibc.malloc.check=2", + "glibc.malloc.check=4:glibc.malloc.garbage=2:glibc.maoc.mmap_threshold=4096", + ":glibc.malloc.garbage=2:glibc.malloc.check=1", +@@ -70,6 +72,8 @@ const char *resultstrings[] = + "glibc.malloc.perturb=0x800:glibc.malloc.mmap_threshold=4096", + "glibc.malloc.mmap_threshold=4096", + "glibc.malloc.mmap_threshold=4096", ++ "glibc.malloc.mmap_threshold=glibc.malloc.mmap_threshold=4096", ++ "", + "", + "", + "", +@@ -84,11 +88,18 @@ test_child (int off) + const char *val = getenv ("GLIBC_TUNABLES"); + + #if HAVE_TUNABLES ++ printf (" [%d] GLIBC_TUNABLES is %s\n", off, val); ++ fflush (stdout); + if (val != NULL && strcmp (val, resultstrings[off]) == 0) + return 0; + + if (val != NULL) +- printf ("[%d] Unexpected GLIBC_TUNABLES VALUE %s\n", off, val); ++ printf (" [%d] Unexpected GLIBC_TUNABLES VALUE %s, expected %s\n", ++ off, val, resultstrings[off]); ++ else ++ printf (" [%d] GLIBC_TUNABLES environment variable absent\n", off); ++ ++ fflush (stdout); + + return 1; + #else +@@ -118,30 +129,40 @@ do_test (int argc, char **argv) + exit (1); + + exit (EXIT_SUCCESS); ++ /* Special return code to make sure that the child executed all the way ++ through. */ ++ exit (42); + } + else + { +- int ret = 0; +- + /* Spawn tests. */ + for (int i = 0; i < array_length (teststrings); i++) + { + char buf[INT_BUFSIZE_BOUND (int)]; + +- printf ("Spawned test for %s (%d)\n", teststrings[i], i); ++ printf ("[%d] Spawned test for %s\n", i, teststrings[i]); + snprintf (buf, sizeof (buf), "%d\n", i); ++ fflush (stdout); + if (setenv ("GLIBC_TUNABLES", teststrings[i], 1) != 0) +- exit (1); +- ++ { ++ printf (" [%d] Failed to set GLIBC_TUNABLES: %m", i); ++ support_record_failure (); ++ continue; ++ } + int status = support_capture_subprogram_self_sgid (buf); + + /* Bail out early if unsupported. */ + if (WEXITSTATUS (status) == EXIT_UNSUPPORTED) + return EXIT_UNSUPPORTED; + +- ret |= status; ++ if (WEXITSTATUS (status) != 42) ++ { ++ printf (" [%d] child failed with status %d\n", i, ++ WEXITSTATUS (status)); ++ support_record_failure (); ++ } + } +- return ret; ++ return 0; + } + } + diff --git a/SPECS/glibc/glibc.spec b/SPECS/glibc/glibc.spec index 6c5fc3bea59..ef3240763c5 100644 --- a/SPECS/glibc/glibc.spec +++ b/SPECS/glibc/glibc.spec @@ -7,7 +7,7 @@ Summary: Main C library Name: glibc Version: 2.35 -Release: 4%{?dist} +Release: 5%{?dist} License: BSD AND GPLv2+ AND Inner-Net AND ISC AND LGPLv2+ AND MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -27,6 +27,7 @@ Patch3: CVE-2020-1751.nopatch # Rationale: Exploit requires crafted pattern in regex compiler meant only for trusted content Patch4: CVE-2018-20796.nopatch Patch5: glibc-2.34_pthread_cond_wait.patch +Patch6: CVE-2023-4911.patch BuildRequires: bison BuildRequires: gawk BuildRequires: gettext @@ -319,6 +320,9 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||: %defattr(-,root,root) %changelog +* Tue Oct 03 2023 Mandeep Plaha - 2.35-5 +- Patch CVE-2023-4911 + * Fri Jun 30 2023 Andrew Phelps - 2.35-4 - Restore glibc-debuginfo package diff --git a/SPECS/kubevirt/kubevirt.spec b/SPECS/kubevirt/kubevirt.spec index 51a9da16cc4..9f5ac981e6b 100644 --- a/SPECS/kubevirt/kubevirt.spec +++ b/SPECS/kubevirt/kubevirt.spec @@ -19,7 +19,7 @@ Summary: Container native virtualization Name: kubevirt Version: 0.59.0 -Release: 7%{?dist} +Release: 8%{?dist} License: ASL 2.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -34,7 +34,7 @@ Patch1: Allocate-2-cpu-for-the-emulator-thread.patch Patch2: Hotplug_detach_grace_period.patch %global debug_package %{nil} BuildRequires: glibc-devel -BuildRequires: glibc-static >= 2.35-4%{?dist} +BuildRequires: glibc-static >= 2.35-5%{?dist} BuildRequires: golang BuildRequires: golang-packaging BuildRequires: pkgconfig @@ -211,6 +211,9 @@ install -p -m 0644 cmd/virt-handler/nsswitch.conf %{buildroot}%{_datadir}/kube-v %{_bindir}/virt-tests %changelog +* Tue Oct 03 2023 Mandeep Plaha - 0.59.0-8 +- Bump release to rebuild against glibc 2.35-5 + * Mon Aug 07 2023 CBL-Mariner Servicing Account - 0.59.0-7 - Bump release to rebuild with go 1.19.12 diff --git a/SPECS/libguestfs/libguestfs.spec b/SPECS/libguestfs/libguestfs.spec index a5ab0c9a591..b632735fbd5 100644 --- a/SPECS/libguestfs/libguestfs.spec +++ b/SPECS/libguestfs/libguestfs.spec @@ -25,7 +25,7 @@ Summary: Access and modify virtual machine disk images Name: libguestfs Version: 1.44.0 -Release: 15%{?dist} +Release: 16%{?dist} License: LGPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -89,7 +89,7 @@ BuildRequires: gcc-c++ BuildRequires: gdisk BuildRequires: genisoimage BuildRequires: gfs2-utils -BuildRequires: glibc-static >= 2.35-4%{?dist} +BuildRequires: glibc-static >= 2.35-5%{?dist} BuildRequires: gobject-introspection-devel BuildRequires: gperf BuildRequires: grep @@ -1236,6 +1236,9 @@ rm ocaml/html/.gitignore %endif %changelog +* Tue Oct 03 2023 Mandeep Plaha - 1.44.0-16 +- Bump release to rebuild against glibc 2.35-5 + * Wed Sep 20 2023 Jon Slobodzian - 1.44.0-15 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) diff --git a/SPECS/rust/rust.spec b/SPECS/rust/rust.spec index ef4eab9a5c5..e3cd78af4dc 100644 --- a/SPECS/rust/rust.spec +++ b/SPECS/rust/rust.spec @@ -9,7 +9,7 @@ Summary: Rust Programming Language Name: rust Version: 1.72.0 -Release: 1%{?dist} +Release: 2%{?dist} License: (ASL 2.0 OR MIT) AND BSD AND CC-BY-3.0 Vendor: Microsoft Corporation Distribution: Mariner @@ -56,7 +56,7 @@ BuildRequires: ninja-build BuildRequires: openssl-devel BuildRequires: python3 %if %{with_check} -BuildRequires: glibc-static >= 2.35-4%{?dist} +BuildRequires: glibc-static >= 2.35-5%{?dist} %endif # rustc uses a C compiler to invoke the linker, and links to glibc in most cases Requires: binutils @@ -167,6 +167,9 @@ rm %{buildroot}%{_bindir}/*.old %{_mandir}/man1/* %changelog +* Tue Oct 03 2023 Mandeep Plaha - 1.72.2-2 +- Bump release to rebuild against glibc 2.35-5 + * Wed Sep 06 2023 Daniel McIlvaney - 1.72.2-1 - Bump to version 1.72.2 to address CVE-2023-38497, CVE-2023-40030 diff --git a/SPECS/supermin/supermin.spec b/SPECS/supermin/supermin.spec index d049ce8a903..5522c589483 100644 --- a/SPECS/supermin/supermin.spec +++ b/SPECS/supermin/supermin.spec @@ -21,7 +21,7 @@ Summary: Tool for creating supermin appliances Name: supermin Version: 5.2.1 -Release: 7%{?dist} +Release: 8%{?dist} License: GPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -54,7 +54,7 @@ BuildRequires: systemd-udev %if %{with dietlibc} BuildRequires: dietlibc-devel %else -BuildRequires: glibc-static >= 2.35-4%{?dist} +BuildRequires: glibc-static >= 2.35-5%{?dist} %endif %if %{with_check} @@ -129,6 +129,9 @@ make check || { %{_rpmconfigdir}/supermin-find-requires %changelog +* Tue Oct 03 2023 Mandeep Plaha - 5.2.1-8 +- Bump release to rebuild against glibc 2.35-5 + * Wed Sep 20 2023 Jon Slobodzian - 5.2.1-7 - Recompile with stack-protection fixed gcc version (CVE-2023-4039) diff --git a/SPECS/tini/tini.spec b/SPECS/tini/tini.spec index 3fa0b8233da..9951e590056 100644 --- a/SPECS/tini/tini.spec +++ b/SPECS/tini/tini.spec @@ -1,7 +1,7 @@ Summary: A tiny but valid init for containers Name: tini Version: 0.19.0 -Release: 9%{?dist} +Release: 10%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -13,7 +13,7 @@ BuildRequires: diffutils BuildRequires: file BuildRequires: gcc BuildRequires: glibc-devel -BuildRequires: glibc-static >= 2.35-4%{?dist} +BuildRequires: glibc-static >= 2.35-5%{?dist} BuildRequires: kernel-headers BuildRequires: make BuildRequires: sed @@ -66,6 +66,9 @@ ln -s %{_bindir}/tini-static %{buildroot}%{_bindir}/docker-init %{_bindir}/docker-init %changelog +* Tue Oct 03 2023 Mandeep Plaha - 0.19.0-10 +- Bump release to rebuild against glibc 2.35-5 + * Wed Jul 05 2023 Andrew Phelps - 0.19.0-9 - Bump release to rebuild against glibc 2.35-4 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 312386cc66d..5f04a855291 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,12 +1,12 @@ filesystem-1.1-15.cm2.aarch64.rpm kernel-headers-5.15.133.1-1.cm2.noarch.rpm -glibc-2.35-4.cm2.aarch64.rpm -glibc-devel-2.35-4.cm2.aarch64.rpm -glibc-i18n-2.35-4.cm2.aarch64.rpm -glibc-iconv-2.35-4.cm2.aarch64.rpm -glibc-lang-2.35-4.cm2.aarch64.rpm -glibc-nscd-2.35-4.cm2.aarch64.rpm -glibc-tools-2.35-4.cm2.aarch64.rpm +glibc-2.35-5.cm2.aarch64.rpm +glibc-devel-2.35-5.cm2.aarch64.rpm +glibc-i18n-2.35-5.cm2.aarch64.rpm +glibc-iconv-2.35-5.cm2.aarch64.rpm +glibc-lang-2.35-5.cm2.aarch64.rpm +glibc-nscd-2.35-5.cm2.aarch64.rpm +glibc-tools-2.35-5.cm2.aarch64.rpm zlib-1.2.13-1.cm2.aarch64.rpm zlib-devel-1.2.13-1.cm2.aarch64.rpm file-5.40-2.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 54fb16f7b1b..8efbed6f6d9 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,12 +1,12 @@ filesystem-1.1-15.cm2.x86_64.rpm kernel-headers-5.15.133.1-1.cm2.noarch.rpm -glibc-2.35-4.cm2.x86_64.rpm -glibc-devel-2.35-4.cm2.x86_64.rpm -glibc-i18n-2.35-4.cm2.x86_64.rpm -glibc-iconv-2.35-4.cm2.x86_64.rpm -glibc-lang-2.35-4.cm2.x86_64.rpm -glibc-nscd-2.35-4.cm2.x86_64.rpm -glibc-tools-2.35-4.cm2.x86_64.rpm +glibc-2.35-5.cm2.x86_64.rpm +glibc-devel-2.35-5.cm2.x86_64.rpm +glibc-i18n-2.35-5.cm2.x86_64.rpm +glibc-iconv-2.35-5.cm2.x86_64.rpm +glibc-lang-2.35-5.cm2.x86_64.rpm +glibc-nscd-2.35-5.cm2.x86_64.rpm +glibc-tools-2.35-5.cm2.x86_64.rpm zlib-1.2.13-1.cm2.x86_64.rpm zlib-devel-1.2.13-1.cm2.x86_64.rpm file-5.40-2.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 77fa0849a8b..e42a12ced35 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -106,15 +106,15 @@ glib-debuginfo-2.71.0-2.cm2.aarch64.rpm glib-devel-2.71.0-2.cm2.aarch64.rpm glib-doc-2.71.0-2.cm2.noarch.rpm glib-schemas-2.71.0-2.cm2.aarch64.rpm -glibc-2.35-4.cm2.aarch64.rpm -glibc-debuginfo-2.35-4.cm2.aarch64.rpm -glibc-devel-2.35-4.cm2.aarch64.rpm -glibc-i18n-2.35-4.cm2.aarch64.rpm -glibc-iconv-2.35-4.cm2.aarch64.rpm -glibc-lang-2.35-4.cm2.aarch64.rpm -glibc-nscd-2.35-4.cm2.aarch64.rpm -glibc-static-2.35-4.cm2.aarch64.rpm -glibc-tools-2.35-4.cm2.aarch64.rpm +glibc-2.35-5.cm2.aarch64.rpm +glibc-debuginfo-2.35-5.cm2.aarch64.rpm +glibc-devel-2.35-5.cm2.aarch64.rpm +glibc-i18n-2.35-5.cm2.aarch64.rpm +glibc-iconv-2.35-5.cm2.aarch64.rpm +glibc-lang-2.35-5.cm2.aarch64.rpm +glibc-nscd-2.35-5.cm2.aarch64.rpm +glibc-static-2.35-5.cm2.aarch64.rpm +glibc-tools-2.35-5.cm2.aarch64.rpm gmp-6.2.1-4.cm2.aarch64.rpm gmp-debuginfo-6.2.1-4.cm2.aarch64.rpm gmp-devel-6.2.1-4.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 51a221948f2..4059c43b9f6 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -106,15 +106,15 @@ glib-debuginfo-2.71.0-2.cm2.x86_64.rpm glib-devel-2.71.0-2.cm2.x86_64.rpm glib-doc-2.71.0-2.cm2.noarch.rpm glib-schemas-2.71.0-2.cm2.x86_64.rpm -glibc-2.35-4.cm2.x86_64.rpm -glibc-debuginfo-2.35-4.cm2.x86_64.rpm -glibc-devel-2.35-4.cm2.x86_64.rpm -glibc-i18n-2.35-4.cm2.x86_64.rpm -glibc-iconv-2.35-4.cm2.x86_64.rpm -glibc-lang-2.35-4.cm2.x86_64.rpm -glibc-nscd-2.35-4.cm2.x86_64.rpm -glibc-static-2.35-4.cm2.x86_64.rpm -glibc-tools-2.35-4.cm2.x86_64.rpm +glibc-2.35-5.cm2.x86_64.rpm +glibc-debuginfo-2.35-5.cm2.x86_64.rpm +glibc-devel-2.35-5.cm2.x86_64.rpm +glibc-i18n-2.35-5.cm2.x86_64.rpm +glibc-iconv-2.35-5.cm2.x86_64.rpm +glibc-lang-2.35-5.cm2.x86_64.rpm +glibc-nscd-2.35-5.cm2.x86_64.rpm +glibc-static-2.35-5.cm2.x86_64.rpm +glibc-tools-2.35-5.cm2.x86_64.rpm gmp-6.2.1-4.cm2.x86_64.rpm gmp-debuginfo-6.2.1-4.cm2.x86_64.rpm gmp-devel-6.2.1-4.cm2.x86_64.rpm From 6d613801b9a9bc41de4d9f51899230022621dfca Mon Sep 17 00:00:00 2001 From: porwalameet Date: Wed, 4 Oct 2023 08:01:46 +0530 Subject: [PATCH 46/47] Add hping3 v0.0.20051105 (#6162) Co-authored-by: Ameet Porwal --- .../hping3/hping3-20051105-typo.patch | 12 + SPECS-EXTENDED/hping3/hping3-bytesex.patch | 22 ++ SPECS-EXTENDED/hping3/hping3-cflags.patch | 11 + SPECS-EXTENDED/hping3/hping3-common.patch | 13 + .../hping3/hping3-getifnamedebug.patch | 12 + SPECS-EXTENDED/hping3/hping3-include.patch | 22 ++ SPECS-EXTENDED/hping3/hping3-man.patch | 253 ++++++++++++++++++ SPECS-EXTENDED/hping3/hping3.signatures.json | 5 + SPECS-EXTENDED/hping3/hping3.spec | 187 +++++++++++++ SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md | 2 +- SPECS/LICENSES-AND-NOTICES/data/licenses.json | 1 + cgmanifest.json | 10 + 12 files changed, 549 insertions(+), 1 deletion(-) create mode 100644 SPECS-EXTENDED/hping3/hping3-20051105-typo.patch create mode 100644 SPECS-EXTENDED/hping3/hping3-bytesex.patch create mode 100644 SPECS-EXTENDED/hping3/hping3-cflags.patch create mode 100644 SPECS-EXTENDED/hping3/hping3-common.patch create mode 100644 SPECS-EXTENDED/hping3/hping3-getifnamedebug.patch create mode 100644 SPECS-EXTENDED/hping3/hping3-include.patch create mode 100644 SPECS-EXTENDED/hping3/hping3-man.patch create mode 100644 SPECS-EXTENDED/hping3/hping3.signatures.json create mode 100644 SPECS-EXTENDED/hping3/hping3.spec diff --git a/SPECS-EXTENDED/hping3/hping3-20051105-typo.patch b/SPECS-EXTENDED/hping3/hping3-20051105-typo.patch new file mode 100644 index 00000000000..ebc3eb1eed3 --- /dev/null +++ b/SPECS-EXTENDED/hping3/hping3-20051105-typo.patch @@ -0,0 +1,12 @@ +diff -Naur hping3-20051105-orig/statistics.c hping3-20051105/statistics.c +--- hping3-20051105-orig/statistics.c 2004-04-09 19:38:56.000000000 -0400 ++++ hping3-20051105/statistics.c 2012-07-17 18:47:06.306378289 -0400 +@@ -30,7 +30,7 @@ + lossrate = 100; + + fprintf(stderr, "\n--- %s hping statistic ---\n", targetname); +- fprintf(stderr, "%d packets tramitted, %d packets received, " ++ fprintf(stderr, "%d packets transmitted, %d packets received, " + "%d%% packet loss\n", sent_pkt, recv_pkt, lossrate); + if (out_of_sequence_pkt) + fprintf(stderr, "%d out of sequence packets received\n", diff --git a/SPECS-EXTENDED/hping3/hping3-bytesex.patch b/SPECS-EXTENDED/hping3/hping3-bytesex.patch new file mode 100644 index 00000000000..b4d46d3d4a3 --- /dev/null +++ b/SPECS-EXTENDED/hping3/hping3-bytesex.patch @@ -0,0 +1,22 @@ +--- bytesex.h.orig 2003-08-31 19:23:48.000000000 +0200 ++++ bytesex.h 2009-05-25 09:40:31.000000000 +0200 +@@ -9,13 +9,19 @@ + + #if defined(__i386__) \ + || defined(__alpha__) \ ++ || defined(__x86_64__) \ ++ || defined(__ia64__) \ ++ || defined(__sh__) \ ++ || (defined(__arm__) && defined(__ARMEL__)) || defined(__AARCH64EL__) \ + || (defined(__mips__) && (defined(MIPSEL) || defined (__MIPSEL__))) + #define BYTE_ORDER_LITTLE_ENDIAN + #elif defined(__mc68000__) \ ++ || defined (__s390__) \ + || defined (__sparc__) \ + || defined (__sparc) \ + || defined (__PPC__) \ + || defined (__BIG_ENDIAN__) \ ++ || (defined(__arm__) && defined(__ARMEB__)) || defined(__AARCH64EB__) \ + || (defined(__mips__) && (defined(MIPSEB) || defined (__MIPSEB__))) + #define BYTE_ORDER_BIG_ENDIAN + #else diff --git a/SPECS-EXTENDED/hping3/hping3-cflags.patch b/SPECS-EXTENDED/hping3/hping3-cflags.patch new file mode 100644 index 00000000000..7c8dbd40453 --- /dev/null +++ b/SPECS-EXTENDED/hping3/hping3-cflags.patch @@ -0,0 +1,11 @@ +--- Makefile.in.org 2006-05-12 15:29:02.000000000 -0400 ++++ Makefile.in 2006-05-12 15:29:10.000000000 -0400 +@@ -9,7 +9,7 @@ + CC= gcc + AR=/usr/bin/ar + RANLIB=/usr/bin/ranlib +-CCOPT= -O2 -Wall @PCAP_INCLUDE@ @TCL_INC@ @USE_TCL@ ++CCOPT= $(CFLAGS) -Wall @PCAP_INCLUDE@ @TCL_INC@ @USE_TCL@ + DEBUG= -g + #uncomment the following if you need libpcap based build under linux + #(not raccomanded) diff --git a/SPECS-EXTENDED/hping3/hping3-common.patch b/SPECS-EXTENDED/hping3/hping3-common.patch new file mode 100644 index 00000000000..b2c71bde980 --- /dev/null +++ b/SPECS-EXTENDED/hping3/hping3-common.patch @@ -0,0 +1,13 @@ +diff --git a/hping2.h b/hping2.h +index 70e2035..3766e1d 100644 +--- a/hping2.h ++++ b/hping2.h +@@ -353,7 +353,7 @@ struct delaytable_element { + int status; + }; + +-volatile struct delaytable_element delaytable[TABLESIZE]; ++extern volatile struct delaytable_element delaytable[TABLESIZE]; + + /* protos */ + void nop(void); /* nop */ diff --git a/SPECS-EXTENDED/hping3/hping3-getifnamedebug.patch b/SPECS-EXTENDED/hping3/hping3-getifnamedebug.patch new file mode 100644 index 00000000000..c4f1124e125 --- /dev/null +++ b/SPECS-EXTENDED/hping3/hping3-getifnamedebug.patch @@ -0,0 +1,12 @@ +diff -Nur hping3-20051105-orig/getifname.c hping3-20051105/getifname.c +--- hping2-rc3-orig/getifname.c 2004-05-03 10:55:53.000000000 +0200 ++++ hping2-rc3/getifname.c 2005-07-26 18:23:34.000000000 +0200 +@@ -60,7 +60,7 @@ + known_output_if = 1; + if (opt_debug) + printf("DEBUG: Output interface address: %s\n", +- inet_ntoa(sa.sin_addr)); ++ inet_ntoa(output_if_addr.sin_addr)); + } else { + fprintf(stderr, "Warning: Unable to guess the output " + "interface\n"); diff --git a/SPECS-EXTENDED/hping3/hping3-include.patch b/SPECS-EXTENDED/hping3/hping3-include.patch new file mode 100644 index 00000000000..95a4ce597a9 --- /dev/null +++ b/SPECS-EXTENDED/hping3/hping3-include.patch @@ -0,0 +1,22 @@ +--- script.c.orig 2006-05-12 15:32:49.000000000 -0400 ++++ script.c 2006-05-12 15:33:17.000000000 -0400 +@@ -24,7 +24,7 @@ + + #include + #include +-#include ++#include + + #include "release.h" + #include "hping2.h" +--- libpcap_stuff.c.orig 2006-05-12 15:32:44.000000000 -0400 ++++ libpcap_stuff.c 2006-05-12 15:33:07.000000000 -0400 +@@ -17,7 +17,7 @@ + #include + #include + #include +-#include ++#include + + #include "globals.h" + diff --git a/SPECS-EXTENDED/hping3/hping3-man.patch b/SPECS-EXTENDED/hping3/hping3-man.patch new file mode 100644 index 00000000000..93d3937cd32 --- /dev/null +++ b/SPECS-EXTENDED/hping3/hping3-man.patch @@ -0,0 +1,253 @@ +--- docs/hping3.8.old 2008-11-10 00:00:00.000000000 -0500 ++++ docs/hping3.8 2008-11-10 00:01:39.000000000 -0500 +@@ -1,8 +1,8 @@ +-.TH HPING2 8 "2001 Aug 14" ++.TH HPING3 8 "2005 Nov 5" + .SH NAME +-hping2 \- send (almost) arbitrary TCP/IP packets to network hosts ++hping3 \- send (almost) arbitrary TCP/IP packets to network hosts + .SH SYNOPSIS +-.B hping2 ++.B hping3 + [ + .B \-hvnqVDzZ012WrfxykQbFSRPAUXYjJBuTG + ] [ +@@ -116,11 +116,11 @@ hostname + .br + .ad + .SH DESCRIPTION +-hping2 is a network tool able to send custom TCP/IP packets and to +-display target replies like ping program does with ICMP replies. hping2 ++hping3 is a network tool able to send custom TCP/IP packets and to ++display target replies like ping program does with ICMP replies. hping3 + handle fragmentation, arbitrary packets body and size and can be used in + order to transfer files encapsulated under supported protocols. Using +-hping2 you are able to perform at least the following stuff: ++hping3 you are able to perform at least the following stuff: + + - Test firewall rules + - Advanced port scanning +@@ -136,7 +136,7 @@ hping2 you are able to perform at least + - A lot of others. + + .IR "It's also a good didactic tool to learn TCP/IP" . +-hping2 is developed and maintained by antirez@invece.org and is ++hping3 is developed and maintained by antirez@invece.org and is + licensed under GPL version 2. Development is open so you can send + me patches, suggestion and affronts without inhibitions. + .SH HPING SITE +@@ -158,9 +158,9 @@ or + .I -c --count count + Stop after sending (and receiving) + .I count +-response packets. After last packet was send hping2 wait COUNTREACHED_TIMEOUT ++response packets. After last packet was send hping3 wait COUNTREACHED_TIMEOUT + seconds target host replies. You are able to tune COUNTREACHED_TIMEOUT editing +-hping2.h ++hping3.h + .TP + .I -i --interval + Wait +@@ -171,10 +171,10 @@ to X seconds, --interval uX set + .I wait + to X micro seconds. + The default is to wait +-one second between each packet. Using hping2 to transfer files tune this ++one second between each packet. Using hping3 to transfer files tune this + option is really important in order to increase transfer rate. Even using +-hping2 to perform idle/spoofing scanning you should tune this option, see +-.B HPING2-HOWTO ++hping3 to perform idle/spoofing scanning you should tune this option, see ++.B HPING3-HOWTO + for more information. + .TP + .I --fast +@@ -195,13 +195,13 @@ Quiet output. Nothing is displayed excep + startup time and when finished. + .TP + .I -I --interface interface name +-By default on linux and BSD systems hping2 uses default routing interface. ++By default on linux and BSD systems hping3 uses default routing interface. + In other systems or when there is no default route +-hping2 uses the first non-loopback interface. +-However you are able to force hping2 to use the interface you need using ++hping3 uses the first non-loopback interface. ++However you are able to force hping3 to use the interface you need using + this option. Note: you don't need to specify the whole name, for + example -I et will match eth0 ethernet0 myet1 et cetera. If no interfaces +-match hping2 will try to use lo. ++match hping3 will try to use lo. + .TP + .I -V --verbose + Enable verbose output. TCP replies will be shown as follows: +@@ -211,7 +211,7 @@ tos=0 iplen=40 seq=0 ack=1380893504 sum= + .TP + .I -D --debug + Enable debug mode, it's useful when you experience some problem with +-hping2. When debug mode is enabled you will get more information about ++hping3. When debug mode is enabled you will get more information about + .B interface detection, data link layer access, interface settings, options + .B parsing, fragmentation, HCMP protocol + and other stuff. +@@ -223,30 +223,30 @@ so you will able to increment/decrement + CTRL+Z once or twice. + .TP + .I -Z --unbind +-Unbind CTRL+Z so you will able to stop hping2. ++Unbind CTRL+Z so you will able to stop hping3. + .TP + .I --beep + Beep for every matching received packet (but not for ICMP errors). + .SH PROTOCOL SELECTION +-Default protocol is TCP, by default hping2 will send tcp headers to target ++Default protocol is TCP, by default hping3 will send tcp headers to target + host's port 0 with a winsize of 64 without any tcp flag on. Often this + is the best way to do an 'hide ping', useful when target is behind + a firewall that drop ICMP. Moreover a tcp null-flag to port 0 has a good + probability of not being logged. + .TP + .I -0 --rawip +-RAW IP mode, in this mode hping2 will send IP header with data ++RAW IP mode, in this mode hping3 will send IP header with data + appended with --signature and/or --file, see also --ipproto that + allows you to set the ip protocol field. + .TP + .I -1 --icmp +-ICMP mode, by default hping2 will send ICMP echo-request, you can set ++ICMP mode, by default hping3 will send ICMP echo-request, you can set + other ICMP type/code using + .B --icmptype --icmpcode + options. + .TP + .I -2 --udp +-UDP mode, by default hping2 will send udp to target host's port 0. ++UDP mode, by default hping3 will send udp to target host's port 0. + UDP header tunable options are the following: + .B --baseport, --destport, --keep. + .TP +@@ -288,11 +288,11 @@ at this additional information when you + shows interesting details. + .TP + .I -9 --listen signature +-HPING2 listen mode, using this option hping2 waits for packet that contain ++HPING3 listen mode, using this option hping3 waits for packet that contain + .I signature + and dump from + .I signature +-end to packet's end. For example if hping2 --listen TEST reads a packet ++end to packet's end. For example if hping3 --listen TEST reads a packet + that contain + .B 234-09sdflkjs45-TESThello_world + it will display +@@ -304,7 +304,7 @@ Use this option in order to set a fake I + ensures that target will not gain your real address. However replies + will be sent to spoofed address, so you will can't see them. In order + to see how it's possible to perform spoofed/idle scanning see the +-.BR HPING2-HOWTO . ++.BR HPING3-HOWTO . + .TP + .I --rand-source + This option enables the +@@ -347,7 +347,7 @@ of outgoing packets, it's likely that yo + or + .B --bind + options. If in doubt try +-.BR "" "`" "hping2 some.host.com -t 1 --traceroute" "'." ++.BR "" "`" "hping3 some.host.com -t 1 --traceroute" "'." + .TP + .I -N --id + Set ip->id field. Default id is random but if fragmentation is turned on +@@ -361,11 +361,11 @@ Set the ip protocol in RAW IP mode. + .I -W --winid + id from Windows* systems before Win2k has different byte ordering, if this + option is enable +-hping2 will properly display id replies from those Windows. ++hping3 will properly display id replies from those Windows. + .TP + .I -r --rel + Display id increments instead of id. See the +-.B HPING2-HOWTO ++.B HPING3-HOWTO + for more information. Increments aren't computed as id[N]-id[N-1] but + using packet loss compensation. See relid.c for more information. + .TP +@@ -445,7 +445,7 @@ Alias for --icmptype 17 (to send ICMP ad + .SH TCP/UDP RELATED OPTIONS + .TP + .I -s --baseport source port +-hping2 uses source port in order to guess replies sequence number. It ++hping3 uses source port in order to guess replies sequence number. It + starts with a base source port number, and increase this number for each + packet sent. When packet is received sequence number can be computed as + .IR "replies.dest.port - base.source.port" . +@@ -474,10 +474,10 @@ Set TCP window size. Default is 64. + .I -O --tcpoff + Set fake tcp data offset. Normal data offset is tcphdrlen / 4. + .TP +-.I -M --tcpseq ++.I -M --setseq + Set the TCP sequence number. + .TP +-.I -L --tcpack ++.I -L --setack + Set the TCP ack. + .TP + .I -Q --seqnum +@@ -485,7 +485,7 @@ This option can be used in order to coll + by target host. This can be useful when you need to analyze whether + TCP sequence number is predictable. Output example: + +-.B #hping2 win98 --seqnum -p 139 -S -i u1 -I eth0 ++.B #hping3 win98 --seqnum -p 139 -S -i u1 -I eth0 + .nf + HPING uaz (eth0 192.168.4.41): S set, 40 headers + 0 data bytes + 2361294848 +2361294848 +@@ -540,8 +540,8 @@ Set Ymas tcp flag. + .SH COMMON OPTIONS + .TP + .I -d --data data size +-Set packet body size. Warning, using --data 40 hping2 will not generate +-0 byte packets but protocol_header+40 bytes. hping2 will display ++Set packet body size. Warning, using --data 40 hping3 will not generate ++0 byte packets but protocol_header+40 bytes. hping3 will display + packet size information as first line output, like this: + .B HPING www.yahoo.com (ppp0 204.71.200.67): NO FLAGS are set, 40 headers + 40 data bytes + .TP +@@ -577,9 +577,9 @@ will be resent. For example in order to + A to host B you may use the following: + .nf + .I [host_a] +-.B # hping2 host_b --udp -p 53 -d 100 --sign signature --safe --file /etc/passwd ++.B # hping3 host_b --udp -p 53 -d 100 --sign signature --safe --file /etc/passwd + .I [host_b] +-.B # hping2 host_a --listen signature --safe --icmp ++.B # hping3 host_a --listen signature --safe --icmp + .fi + .TP + .I -u --end +@@ -587,13 +587,13 @@ If you are using + .I --file filename + option, tell you when EOF has been reached. Moreover prevent that other end + accept more packets. Please, for more information see the +-.BR HPING2-HOWTO . ++.BR HPING3-HOWTO . + .TP + .I -T --traceroute +-Traceroute mode. Using this option hping2 will increase ttl for each ++Traceroute mode. Using this option hping3 will increase ttl for each + .B ICMP time to live 0 during transit + received. Try +-.BR "hping2 host --traceroute" . ++.BR "hping3 host --traceroute" . + This option implies --bind and --ttl 1. You can override the ttl of 1 + using the --ttl option. Since 2.0.0 stable it prints RTT information. + .TP +@@ -601,7 +601,7 @@ using the --ttl option. Since 2.0.0 stab + Keep the TTL fixed in traceroute mode, so you can monitor just one hop + in the route. For example, to monitor how the 5th hop changes or + how its RTT changes you can try +-.BR "hping2 host --traceroute --ttl 5 --tr-keep-ttl" . ++.BR "hping3 host --traceroute --ttl 5 --tr-keep-ttl" . + .TP + .I --tr-stop + If this option is specified hping will exit once the first packet diff --git a/SPECS-EXTENDED/hping3/hping3.signatures.json b/SPECS-EXTENDED/hping3/hping3.signatures.json new file mode 100644 index 00000000000..afb036c702e --- /dev/null +++ b/SPECS-EXTENDED/hping3/hping3.signatures.json @@ -0,0 +1,5 @@ +{ + "Signatures": { + "hping3-20051105.tar.gz": "f5a671a62a11dc8114fa98eade19542ed1c3aa3c832b0e572ca0eb1a5a4faee8" + } +} \ No newline at end of file diff --git a/SPECS-EXTENDED/hping3/hping3.spec b/SPECS-EXTENDED/hping3/hping3.spec new file mode 100644 index 00000000000..426fc86beb2 --- /dev/null +++ b/SPECS-EXTENDED/hping3/hping3.spec @@ -0,0 +1,187 @@ +Summary: TCP/IP stack auditing and much more +Name: hping3 +Version: 0.0.20051105 +Release: 41%{?dist} +License: MIT +Vendor: Microsoft Corporation +Distribution: Mariner +URL: http://www.hping.org/ +Source0: https://src.fedoraproject.org/lookaside/pkgs/hping3/hping3-20051105.tar.gz/ca4ea4e34bcc2162aedf25df8b2d1747/hping3-20051105.tar.gz +Patch0: hping3-include.patch +Patch1: hping3-bytesex.patch +Patch2: hping3-getifnamedebug.patch +Patch3: hping3-cflags.patch +Patch4: hping3-man.patch +Patch5: hping3-20051105-typo.patch +Patch6: hping3-common.patch +BuildRequires: gcc +BuildRequires: libpcap-devel +BuildRequires: make +BuildRequires: tcl-devel +Obsoletes: hping2 +Provides: hping2 + +%description +hping3 is a network tool able to send custom TCP/IP packets and to +display target replies like ping do with ICMP replies. hping3 can handle +fragmentation, and almost arbitrary packet size and content, using the +command line interface. +Since version 3, hping implements scripting capabilties + +%prep + +%setup -q -n hping3-20051105 +%patch0 -b .include +%patch1 -b .bytesex +%patch2 -p1 -b .getifnamedebug +%patch3 -b .cflags +%patch4 -b .man +%patch5 -p1 +%patch6 -p1 -b .common + +%build +%configure --force-libpcap +make %{?_smp_mflags} + +%install + +install -d $RPM_BUILD_ROOT{%{_sbindir},%{_mandir}/man8} + +install -m0755 hping3 %{buildroot}%{_sbindir} +install -m0644 docs/hping3.8 %{buildroot}%{_mandir}/man8 + +ln -sf hping3 %{buildroot}%{_sbindir}/hping +ln -sf hping3 %{buildroot}%{_sbindir}/hping2 + +%check +# no upstream tests available yet + +%files +%license COPYING +%doc *BUGS CHANGES README TODO docs/AS-BACKDOOR docs/HPING2-HOWTO.txt +%doc docs/HPING2-IS-OPEN docs/MORE-FUN-WITH-IPID docs/SPOOFED_SCAN.txt +%doc docs/HPING3.txt +%attr(755,root,root) %{_sbindir}/* +%{_mandir}/man8/* + +%changelog +* Thu Sep 28 2023 Ameet Porwal - 0.0.20051105-41 +- Initial CBL-Mariner import from Fedora 38 (license: MIT). +- License verified + +* Thu Jul 21 2022 Fedora Release Engineering - 0.0.20051105-40 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Thu Jan 20 2022 Fedora Release Engineering - 0.0.20051105-39 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Thu Jul 22 2021 Fedora Release Engineering - 0.0.20051105-38 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Tue Jan 26 2021 Fedora Release Engineering - 0.0.20051105-37 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Tue Jul 28 2020 Fedora Release Engineering - 0.0.20051105-36 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Tue May 26 2020 Jeff Law - 0.0.20051105-35 +- Avoid multiple definitions of delaytable. + +* Wed Jan 29 2020 Fedora Release Engineering - 0.0.20051105-34 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jul 25 2019 Fedora Release Engineering - 0.0.20051105-33 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Fri Feb 01 2019 Fedora Release Engineering - 0.0.20051105-32 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Fri Jul 13 2018 Fedora Release Engineering - 0.0.20051105-31 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Wed Feb 07 2018 Fedora Release Engineering - 0.0.20051105-30 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Wed Aug 02 2017 Fedora Release Engineering - 0.0.20051105-29 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Wed Jul 26 2017 Fedora Release Engineering - 0.0.20051105-28 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Fri Feb 10 2017 Fedora Release Engineering - 0.0.20051105-27 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Wed Feb 03 2016 Fedora Release Engineering - 0.0.20051105-26 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Jun 17 2015 Fedora Release Engineering - 0.0.20051105-25 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Wed Sep 10 2014 Marcin Juszkiewicz - 0.0.20051105-24 +- Handle AArch64 + +* Sat Aug 16 2014 Fedora Release Engineering - 0.0.20051105-23 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 0.0.20051105-22 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Wed May 21 2014 Jaroslav Škarvada - 0.0.20051105-21 +- Rebuilt for https://fedoraproject.org/wiki/Changes/f21tcl86 + +* Sat Aug 03 2013 Fedora Release Engineering - 0.0.20051105-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Thu Feb 14 2013 Fedora Release Engineering - 0.0.20051105-19 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Jul 17 2012 Paul Wouters - 0.0.20051105-18 +- Fix typo in output (tramitting -> transmitting), rhbz#781325 + +* Fri Jan 13 2012 Fedora Release Engineering - 0.0.20051105-17 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Wed Feb 09 2011 Fedora Release Engineering - 0.0.20051105-16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Fri Jul 24 2009 Fedora Release Engineering - 0.0.20051105-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Mon May 25 2009 Dan Horak - 0.0.20051105-14 +- update the bytesex patch to include s390/s390x arch + +* Tue Feb 24 2009 Fedora Release Engineering - 0.0.20051105-13 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Fri Nov 27 2008 Paul Wouters - 0.0.20051105-12 +- Fix for "sh" arch, see https://bugzilla.redhat.com/show_bug.cgi?id=471709 + +* Fri Nov 7 2008 Paul Wouters - 0.0.20051105-11 +- Fix for man page, see https://bugzilla.redhat.com/show_bug.cgi?id=456675 + +* Thu Jul 31 2008 Tom "spot" Callaway - 0.0.20051105-10 +- fix license tag + +* Tue Feb 19 2008 Fedora Release Engineering - 0.0.20051105-9 +- Autorebuild for GCC 4.3 + +* Thu Jan 3 2008 Alex Lancaster - 0.0.20051105-8 +- Rebuild against new Tcl 8.5 + +* Fri Feb 22 2007 Paul Wouters 0.0.20051105-7 +- Rebuild for new tcl 8.4 dependancy (it got rolled back) + +* Fri Feb 2 2007 Paul Wouters 0.0.20051105-6 +- Rebuild for new tcl 8.5 dependancy + +* Wed Nov 29 2006 Paul Wouters 0.0.20051105-5 +- Rebuild for new libpcap dependancy + +* Thu Sep 7 2006 Paul Wouters 0.0.20051105-4 +- Rebuild requested for PT_GNU_HASH support from gcc + +* Sun May 19 2006 Paul Wouters 0.0.20051105-2 +- Added Provides hping2 to fix upgrade path + +* Sun May 07 2006 Paul Wouters 0.0.20051105-1 +- Initial Release based on hping2 package diff --git a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md index 05a25a368ec..64d8e6789ae 100644 --- a/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md +++ b/SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md @@ -5,7 +5,7 @@ The CBL-Mariner SPEC files originated from a variety of sources with varying lic | CentOS | [MIT](https://www.centos.org/legal/#licensing-policy) | crash-ptdump-command
delve
fstrm
nodejs-nodemon
rhnlib
rt-setup
rt-tests
rtctl
tuned | | Ceph source | [LGPL2.1](https://github.com/ceph/ceph/blob/master/COPYING-LGPL2.1) | ceph | | Debian | [MIT](https://opensource.org/licenses/MIT) | prometheus-process-exporter | -| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | a52dec
abseil-cpp
accountsservice
acpica-tools
acpid
adcli
adobe-mappings-cmap
adobe-mappings-pdf
advancecomp
adwaita-icon-theme
afflib
aide
alsa-firmware
alsa-plugins
amtk
amtterm
annobin
ansible-freeipa
archivemount
argparse-manpage
arptables
arpwatch
asio
aspell
aspell-en
at
at-spi2-atk
at-spi2-core
atf
atk
atop
attr
audiofile
augeas
authbind
authd
authselect
autoconf213
avahi
babeltrace
babeltrace2
babl
baekmuk-ttf-fonts
bats
bcache-tools
biosdevname
blosc
bluez
bmake
bogofilter
bolt
boom-boot
booth
botan2
breezy
brotli
buildah
busybox
bwidget
byacc
ca-certificates
cachefilesd
cairomm
calamares
capstone
catatonit
catch
catch1
cdrdao
celt051
cereal
certmonger
cfitsio
cgdcbxd
chan
CharLS
checkpolicy
checksec
chrony
cim-schema
cjkuni-uming-fonts
cjose
cldr-emoji-annotation
clucene
clutter
clutter-gst3
clutter-gtk
cmocka
cogl
collectd
colm
color-filesystem
colord
colorize
compat-lua
compiler-rt
conda
conmon
conntrack-tools
console-setup
container-exception-logger
containernetworking-plugins
convmv
corosync
corosync-qdevice
cpp-hocon
cppcheck
cpprest
cpptest
cpuid
criu
crypto-policies
cryptsetup
cscope
ctags
CUnit
cups
custodia
Cython
dbus-c++
dbus-python
dbxtool
dconf
dcraw
debootstrap
deltarpm
desktop-file-utils
device-mapper-persistent-data
dietlibc
diffstat
ding-libs
discount
distribution-gpg-keys
dleyna-connector-dbus
dleyna-core
dmraid
dnf
dnf-plugins-core
docbook-dtds
docbook-simple
docbook-slides
docbook-style-dsssl
docbook-utils
docbook2X
docbook5-schemas
docbook5-style-xsl
dogtail
dos2unix
dotconf
dovecot
dpdk
dpkg
driverctl
dropwatch
drpm
dumpet
dvd+rw-tools
dwarves
dwz
dyninst
ebtables
edac-utils
edk2
efax
efi-rpm-macros
egl-wayland
eglexternalplatform
elinks
enca
enchant
enchant2
enscript
environment-modules
evemu
execstack
exempi
exiv2
extra-cmake-modules
fabtests
facter
fakechroot
fakeroot
fapolicyd
fdk-aac-free
fdupes
fence-virt
fetchmail
fftw
filebench
fio
fipscheck
firewalld
fish
flac
flatbuffers
flite
fltk
fmt
fontawesome-fonts
fontpackages
fonts-rpm-macros
foomatic-db
freeglut
freeipmi
freeradius
freetds
freexl
fribidi
fros
frr
fsverity-utils
fuse-overlayfs
fuse-sshfs
fuse-zip
fuse3
future
fxload
gavl
gconf-editor
GConf2
gcovr
gcr
gdal
gdisk
gdk-pixbuf2
generic-logos
genwqe-tools
geoclue2
GeoIP
GeoIP-GeoLite-data
geolite2
geos
gfs2-utils
ghc-srpm-macros
giflib
gl-manpages
glew
glm
glog
glusterfs
gnome-desktop-testing
gnome-doc-utils
gnome-icon-theme
gnome-keyring
gnu-efi
go-rpm-macros
gom
google-api-python-client
google-crosextra-caladea-fonts
google-crosextra-carlito-fonts
google-guice
google-noto-cjk-fonts
google-noto-emoji-fonts
google-roboto-slab-fonts
gphoto2
gpm
gpsbabel
graphene
graphite2
graphviz
grubby
gsettings-desktop-schemas
gsl
gsm
gspell
gssdp
gssntlmssp
gstreamer1
gstreamer1-plugins-base
gtk-vnc
gtk2
gtk3
gtkspell
gupnp
gupnp-av
gupnp-dlna
gupnp-igd
hardening-check
hdf
hdf5
heimdal
help2man
hexedit
hicolor-icon-theme
hiera
highlight
hivex
hostname
hsakmt
htop
hunspell
hunspell-af
hunspell-ar
hunspell-as
hunspell-ast
hunspell-az
hunspell-be
hunspell-bg
hunspell-bn
hunspell-br
hunspell-ca
hunspell-cop
hunspell-csb
hunspell-cv
hunspell-cy
hunspell-da
hunspell-de
hunspell-dsb
hunspell-el
hunspell-en
hunspell-eo
hunspell-es
hunspell-et
hunspell-eu
hunspell-fa
hunspell-fj
hunspell-fo
hunspell-fr
hunspell-fur
hunspell-fy
hunspell-ga
hunspell-gd
hunspell-gl
hunspell-grc
hunspell-gu
hunspell-gv
hunspell-haw
hunspell-hi
hunspell-hil
hunspell-hr
hunspell-hsb
hunspell-ht
hunspell-hu
hunspell-hy
hunspell-ia
hunspell-id
hunspell-is
hunspell-it
hunspell-kk
hunspell-km
hunspell-kn
hunspell-ko
hunspell-ku
hunspell-ky
hunspell-la
hunspell-lb
hunspell-ln
hunspell-mai
hunspell-mg
hunspell-mi
hunspell-mk
hunspell-ml
hunspell-mn
hunspell-mos
hunspell-mr
hunspell-ms
hunspell-mt
hunspell-nds
hunspell-ne
hunspell-nl
hunspell-no
hunspell-nr
hunspell-nso
hunspell-ny
hunspell-om
hunspell-or
hunspell-pa
hunspell-pl
hunspell-pt
hunspell-quh
hunspell-ro
hunspell-ru
hunspell-rw
hunspell-se
hunspell-shs
hunspell-si
hunspell-sk
hunspell-sl
hunspell-smj
hunspell-so
hunspell-sq
hunspell-sr
hunspell-sv
hunspell-sw
hunspell-ta
hunspell-te
hunspell-tet
hunspell-th
hunspell-tk
hunspell-tl
hunspell-tn
hunspell-tpi
hunspell-ts
hunspell-uk
hunspell-uz
hunspell-ve
hunspell-vi
hunspell-wa
hunspell-xh
hunspell-yi
hwdata
hwloc
hyperscan
hyperv-daemons
hyphen
hyphen-as
hyphen-bg
hyphen-bn
hyphen-ca
hyphen-da
hyphen-de
hyphen-el
hyphen-es
hyphen-fa
hyphen-fo
hyphen-fr
hyphen-ga
hyphen-gl
hyphen-grc
hyphen-gu
hyphen-hi
hyphen-hsb
hyphen-hu
hyphen-ia
hyphen-id
hyphen-is
hyphen-it
hyphen-kn
hyphen-ku
hyphen-lt
hyphen-mi
hyphen-ml
hyphen-mn
hyphen-mr
hyphen-nl
hyphen-or
hyphen-pa
hyphen-pl
hyphen-pt
hyphen-ro
hyphen-ru
hyphen-sa
hyphen-sk
hyphen-sl
hyphen-sv
hyphen-ta
hyphen-te
hyphen-tk
hyphen-uk
ibus
ibus-chewing
ibus-hangul
ibus-kkc
ibus-libzhuyin
ibus-m17n
ibus-rawcode
ibus-sayura
ibus-table
ibus-table-chinese
icc-profiles-openicc
icon-naming-utils
icoutils
iftop
iio-sensor-proxy
ilmbase
im-chooser
imaptest
imsettings
indent
infinipath-psm
inih
iniparser
intel-cmt-cat
intel-ipsec-mb
ioping
IP2Location
ipa-pgothic-fonts
ipcalc
ipmitool
iprutils
iptraf-ng
iptstate
irssi
iscsi-initiator-utils
isns-utils
iso-codes
isomd5sum
iw
iwd
jabberpy
jasper
javapackages-bootstrap
javapackages-tools
jbigkit
jdom2
jemalloc
jfsutils
jimtcl
jose
js-jquery
jsoncpp
Judy
kata-containers
kde-filesystem
kde-settings
kexec-tools
keybinder3
keycloak-httpd-client-install
kf5
kf5-kconfig
kf5-kcoreaddons
kf5-ki18n
kf5-kwidgetsaddons
kpmcore
kronosnet
ksh
kyotocabinet
kyua
ladspa
lame
langtable
lapack
lasso
latencytop
lato-fonts
lcms2
lcov
ldns
leatherman
ledmon
lensfun
leveldb
lftp
libabw
libaec
libao
libappstream-glib
libart_lgpl
libasyncns
libatasmart
libavc1394
libblockdev
libbpf
libbsd
libburn
libbytesize
libcacard
libcanberra
libcdio
libcdio-paranoia
libcdr
libcgroup
libchewing
libcli
libcmis
libcmpiutil
libcomps
libcroco
libdaemon
libdap
libdatrie
libdazzle
libdbi
libdbi-drivers
libdbusmenu
libdc1394
libdeflate
libdmx
libdnf
libdrm
libdvdnav
libdvdread
libdwarf
libeasyfc
libecap
libecb
libell
libEMF
libeot
libepoxy
libepubgen
libesmtp
libetonyek
libev
libevdev
libewf
libexif
libexttextcat
libfabric
libfontenc
libfreehand
libftdi
libgadu
libgdither
libgee
libgee06
libgeotiff
libgexiv2
libgit2
libgit2-glib
libglade2
libglvnd
libgovirt
libgphoto2
libgsf
libgta
libguestfs
libgusb
libgxim
libgxps
libhangul
libhugetlbfs
libibcommon
libical
libICE
libicns
libid3tag
libIDL
libidn2
libiec61883
libieee1284
libimobiledevice
libindicator
libinput
libiodbc
libipt
libiptcdata
libiscsi
libisoburn
libisofs
libjcat
libkcapi
libkeepalive
libkkc
libkkc-data
libkml
liblangtag
libldb
libldm
liblerc
liblockfile
liblognorm
liblouis
liblqr-1
liblzf
libmad
libmediaart
libmicrohttpd
libmikmod
libmodman
libmodplug
libmodulemd1
libmpcdec
libmspub
libmtp
libmusicbrainz5
libmwaw
libnbd
libnet
libnetfilter_log
libnfs
libnotify
libntlm
libnumbertext
liboauth
libodfgen
libofa
libogg
liboggz
liboil
libomxil-bellagio
libopenraw
liboping
libosinfo
libotf
libotr
libpagemaker
libpaper
libpciaccess
libpeas
libpfm
libpinyin
libplist
libpmemobj-cpp
libpng12
libpng15
libproxy
libpsm2
libpwquality
libqb
libqxp
libraqm
LibRaw
libraw1394
libreport
libreswan
librevenge
librsvg2
librx
libsamplerate
libsass
libsecret
libsemanage
libsigc++20
libsigsegv
libslirp
libSM
libsmbios
libsmi
libsndfile
libsodium
libspiro
libsrtp
libssh
libstaroffice
libstemmer
libstoragemgmt
libtdb
libteam
libtevent
libthai
libtnc
libtomcrypt
libtommath
libtraceevent
libtranslit
libucil
libunicap
libuninameslist
liburing
libusbmuxd
libuser
libutempter
libvarlink
libverto
libvirt-dbus
libvirt-glib
libvirt-java
libvirt-python
libvisio
libvisual
libvoikko
libvorbis
libvpx
libwacom
libwnck3
libwpd
libwpe
libwpg
libwps
libwvstreams
libX11
libXau
libXaw
libxcb
libXcomposite
libxcrypt
libXcursor
libXdamage
libXdmcp
libXext
libxfce4util
libXfixes
libXfont2
libXft
libXi
libXinerama
libxkbcommon
libxkbfile
libxklavier
libxmlb
libXmu
libXpm
libXrandr
libXrender
libXres
libXScrnSaver
libxshmfence
libXt
libXtst
libXv
libXxf86vm
libyami
libyang
libyubikey
libzip
libzmf
lilv
linuxconsoletools
linuxptp
lksctp-tools
lldpd
lockdev
logwatch
lpsolve
lrzsz
lua
lua-expat
lua-filesystem
lua-json
lua-lpeg
lua-lunit
lua-rpm-macros
lua-term
luajit
luksmeta
lutok
lv2
lzip
lzop
m17n-db
m17n-lib
mac-robber
mailcap
mailx
malaga
malaga-suomi-voikko
mallard-rng
man-pages-cs
man-pages-es
man-pages-it
man-pages-ja
man-pages-ko
man-pages-pl
man-pages-ru
man-pages-zh-CN
mariadb-connector-c
mariadb-connector-odbc
marisa
maven-compiler-plugin
maven-jar-plugin
maven-resolver
maven-resources-plugin
maven-surefire
maven-wagon
mcelog
mcpp
mcstrans
mdadm
mdds
meanwhile
mecab
mecab-ipadic
media-player-info
memcached
memkind
mesa
mesa-libGLU
metis
microcode_ctl
microdnf
minicom
minizip
mksh
mobile-broadband-provider-info
mock
mock-core-configs
mod_auth_gssapi
mod_auth_mellon
mod_auth_openidc
mod_authnz_pam
mod_fcgid
mod_http2
mod_intercept_form_submit
mod_lookup_identity
mod_md
mod_security
mod_security_crs
mod_wsgi
mokutil
mpage
mrtg
mstflint
mt-st
mtdev
mtools
mtr
mtx
multilib-rpm-config
munge
mutt
mythes
mythes-bg
mythes-ca
mythes-cs
mythes-da
mythes-de
mythes-el
mythes-en
mythes-eo
mythes-es
mythes-fr
mythes-ga
mythes-hu
mythes-mi
mythes-ne
mythes-nl
mythes-pl
mythes-pt
mythes-ro
mythes-ru
mythes-sk
mythes-sl
mythes-sv
mythes-uk
nbd
nbdkit
neon
netavark
netcdf
netcf
netlabel_tools
netpbm
netsniff-ng
nfs4-acl-tools
nftables
nilfs-utils
nkf
nload
nlopt
nodejs-packaging
nss-pam-ldapd
nss_nis
nss_wrapper
ntfs-3g
ntfs-3g-system-compression
numad
numatop
numpy
nvmetcli
nvml
oath-toolkit
ocaml
ocaml-alcotest
ocaml-astring
ocaml-base
ocaml-bigarray-compat
ocaml-bisect-ppx
ocaml-calendar
ocaml-camlp5
ocaml-camomile
ocaml-cinaps
ocaml-cmdliner
ocaml-compiler-libs-janestreet
ocaml-cppo
ocaml-csexp
ocaml-csv
ocaml-ctypes
ocaml-curses
ocaml-dune
ocaml-extlib
ocaml-fileutils
ocaml-findlib
ocaml-fmt
ocaml-fpath
ocaml-gettext
ocaml-integers
ocaml-libvirt
ocaml-luv
ocaml-lwt
ocaml-markup
ocaml-migrate-parsetree
ocaml-mmap
ocaml-num
ocaml-ocamlbuild
ocaml-ocplib-endian
ocaml-ounit
ocaml-parsexp
ocaml-ppx-derivers
ocaml-ppxlib
ocaml-re
ocaml-react
ocaml-result
ocaml-seq
ocaml-sexplib
ocaml-sexplib0
ocaml-stdio
ocaml-topkg
ocaml-tyxml
ocaml-uuidm
ocaml-uutf
ocaml-xml-light
ocaml-zarith
ocl-icd
oddjob
ogdi
omping
opa
opal
open-vm-tools
openblas
opencc
opencl-filesystem
opencl-headers
opencryptoki
opencsd
opendnssec
OpenEXR
openjade
openjpeg2
openmpi
openobex
openoffice-lv
openrdate
opensc
openslp
opensm
opensp
openssl
openssl-ibmpkcs11
openssl-pkcs11
openwsman
optipng
opus
opusfile
orangefs
ORBit2
orc
os-prober
osinfo-db
osinfo-db-tools
overpass-fonts
p11-kit
p7zip
pacemaker
pacrunner
pakchois
pam_krb5
pam_wrapper
papi
paps
parallel
patchelf
patchutils
pbzip2
pcp
pcsc-lite
pcsc-lite-ccid
PEGTL
perl
perl-Algorithm-C3
perl-Algorithm-Diff
perl-Alien-Build
perl-Alien-pkgconf
perl-AnyEvent
perl-AnyEvent-AIO
perl-AnyEvent-BDB
perl-App-cpanminus
perl-App-FatPacker
perl-AppConfig
perl-Archive-Extract
perl-Archive-Zip
perl-Authen-SASL
perl-B-Debug
perl-B-Hooks-EndOfScope
perl-B-Hooks-OP-Check
perl-B-Keywords
perl-B-Lint
perl-bareword-filehandles
perl-BDB
perl-Bit-Vector
perl-boolean
perl-Browser-Open
perl-BSD-Resource
perl-Business-ISBN
perl-Business-ISBN-Data
perl-Bytes-Random-Secure
perl-Capture-Tiny
perl-Carp-Clan
perl-CBOR-XS
perl-Class-Accessor
perl-Class-C3
perl-Class-C3-XS
perl-Class-Data-Inheritable
perl-Class-Factory-Util
perl-Class-Inspector
perl-Class-ISA
perl-Class-Load
perl-Class-Load-XS
perl-Class-Method-Modifiers
perl-Class-Singleton
perl-Class-Tiny
perl-Class-XSAccessor
perl-Clone
perl-Color-ANSI-Util
perl-Color-RGB-Util
perl-ColorThemeBase-Static
perl-ColorThemeRole-ANSI
perl-ColorThemes-Standard
perl-ColorThemeUtil-ANSI
perl-Compress-Bzip2
perl-Compress-LZF
perl-Compress-Raw-Lzma
perl-Config-AutoConf
perl-Config-INI
perl-Config-INI-Reader-Multiline
perl-Config-IniFiles
perl-Config-Simple
perl-Config-Tiny
perl-Const-Fast
perl-Convert-ASN1
perl-Convert-Bencode
perl-Coro
perl-Coro-Multicore
perl-CPAN-Changes
perl-CPAN-DistnameInfo
perl-CPAN-Meta-Check
perl-Cpanel-JSON-XS
perl-Crypt-CBC
perl-Crypt-DES
perl-Crypt-IDEA
perl-Crypt-OpenSSL-Bignum
perl-Crypt-OpenSSL-Guess
perl-Crypt-OpenSSL-Random
perl-Crypt-OpenSSL-RSA
perl-Crypt-PasswdMD5
perl-Crypt-Random-Seed
perl-CSS-Tiny
perl-Data-Dump
perl-Data-Munge
perl-Data-OptList
perl-Data-Peek
perl-Data-Section
perl-Data-UUID
perl-Date-Calc
perl-Date-ISO8601
perl-Date-Manip
perl-DateTime
perl-DateTime-Format-Builder
perl-DateTime-Format-DateParse
perl-DateTime-Format-HTTP
perl-DateTime-Format-IBeat
perl-DateTime-Format-ISO8601
perl-DateTime-Format-Mail
perl-DateTime-Format-Strptime
perl-DateTime-Locale
perl-DateTime-TimeZone
perl-DateTime-TimeZone-SystemV
perl-DateTime-TimeZone-Tzfile
perl-DBD-MySQL
perl-Devel-CallChecker
perl-Devel-Caller
perl-Devel-CheckBin
perl-Devel-CheckLib
perl-Devel-Cycle
perl-Devel-EnforceEncapsulation
perl-Devel-GlobalDestruction
perl-Devel-GlobalDestruction-XS
perl-Devel-Hide
perl-Devel-Leak
perl-Devel-LexAlias
perl-Devel-Size
perl-Devel-StackTrace
perl-Devel-Symdump
perl-Digest-BubbleBabble
perl-Digest-CRC
perl-Digest-HMAC
perl-Digest-SHA1
perl-Dist-CheckConflicts
perl-DynaLoader-Functions
perl-Email-Address
perl-Email-Date-Format
perl-Encode-Detect
perl-Encode-EUCJPASCII
perl-Encode-IMAPUTF7
perl-Encode-Locale
perl-Env-ShellWords
perl-Error
perl-EV
perl-Eval-Closure
perl-Event
perl-Exception-Class
perl-Expect
perl-ExtUtils-Config
perl-ExtUtils-Depends
perl-ExtUtils-Helpers
perl-ExtUtils-InstallPaths
perl-ExtUtils-PkgConfig
perl-FCGI
perl-Fedora-VSP
perl-FFI-CheckLib
perl-File-BaseDir
perl-File-BOM
perl-File-chdir
perl-File-CheckTree
perl-File-Copy-Recursive
perl-File-DesktopEntry
perl-File-Find-Object
perl-File-Find-Object-Rule
perl-File-Find-Rule
perl-File-Find-Rule-Perl
perl-File-Inplace
perl-File-Listing
perl-File-MimeInfo
perl-File-pushd
perl-File-ReadBackwards
perl-File-Remove
perl-File-ShareDir
perl-File-ShareDir-Install
perl-File-Slurp
perl-File-Slurp-Tiny
perl-File-Slurper
perl-File-Type
perl-Font-TTF
perl-FreezeThaw
perl-GD
perl-GD-Barcode
perl-generators
perl-Getopt-ArgvFile
perl-gettext
perl-Graphics-ColorNamesLite-WWW
perl-GSSAPI
perl-Guard
perl-Hook-LexWrap
perl-HTML-Parser
perl-HTML-Tagset
perl-HTML-Tree
perl-HTTP-Cookies
perl-HTTP-Daemon
perl-HTTP-Date
perl-HTTP-Message
perl-HTTP-Negotiate
perl-Image-Base
perl-Image-Info
perl-Image-Xbm
perl-Image-Xpm
perl-Import-Into
perl-Importer
perl-inc-latest
perl-indirect
perl-Inline-Files
perl-IO-AIO
perl-IO-All
perl-IO-CaptureOutput
perl-IO-Compress-Lzma
perl-IO-HTML
perl-IO-Multiplex
perl-IO-SessionData
perl-IO-Socket-INET6
perl-IO-String
perl-IO-stringy
perl-IO-Tty
perl-IPC-Run
perl-IPC-Run3
perl-IPC-System-Simple
perl-JSON
perl-JSON-Color
perl-JSON-MaybeXS
perl-LDAP
perl-libnet
perl-libwww-perl
perl-libxml-perl
perl-Lingua-EN-Inflect
perl-List-MoreUtils-XS
perl-local-lib
perl-Locale-Codes
perl-Locale-Maketext-Gettext
perl-Locale-Msgfmt
perl-Locale-PO
perl-Log-Message
perl-Log-Message-Simple
perl-LWP-MediaTypes
perl-LWP-Protocol-https
perl-Mail-AuthenticationResults
perl-Mail-DKIM
perl-Mail-IMAPTalk
perl-Mail-SPF
perl-MailTools
perl-Math-Int64
perl-Math-Random-ISAAC
perl-MIME-Charset
perl-MIME-Lite
perl-MIME-Types
perl-Mixin-Linewise
perl-MLDBM
perl-Mock-Config
perl-Module-Build-Tiny
perl-Module-CPANfile
perl-Module-Implementation
perl-Module-Install-AuthorRequires
perl-Module-Install-AuthorTests
perl-Module-Install-AutoLicense
perl-Module-Install-GithubMeta
perl-Module-Install-ManifestSkip
perl-Module-Install-ReadmeFromPod
perl-Module-Install-ReadmeMarkdownFromPod
perl-Module-Install-Repository
perl-Module-Install-TestBase
perl-Module-Load-Util
perl-Module-Manifest
perl-Module-Manifest-Skip
perl-Module-Package
perl-Module-Package-Au
perl-Module-Pluggable
perl-Module-Runtime
perl-Module-Signature
perl-Mojolicious
perl-Moo
perl-Mozilla-CA
perl-Mozilla-LDAP
perl-MRO-Compat
perl-multidimensional
perl-namespace-autoclean
perl-namespace-clean
perl-Net-CIDR-Lite
perl-Net-Daemon
perl-Net-DNS
perl-Net-DNS-Resolver-Mock
perl-Net-DNS-Resolver-Programmable
perl-Net-HTTP
perl-Net-IMAP-Simple
perl-Net-IMAP-Simple-SSL
perl-Net-LibIDN2
perl-Net-Patricia
perl-Net-SMTP-SSL
perl-Net-SNMP
perl-Net-Telnet
perl-Newt
perl-NNTPClient
perl-NTLM
perl-Number-Compare
perl-Object-Deadly
perl-Object-HashBase
perl-Package-Anon
perl-Package-Constants
perl-Package-DeprecationManager
perl-Package-Generator
perl-Package-Stash
perl-Package-Stash-XS
perl-PadWalker
perl-Paper-Specs
perl-PAR-Dist
perl-Parallel-Iterator
perl-Params-Classify
perl-Params-Util
perl-Params-Validate
perl-Params-ValidationCompiler
perl-Parse-PMFile
perl-Parse-RecDescent
perl-Parse-Yapp
perl-Path-Tiny
perl-Perl-Critic
perl-Perl-Critic-More
perl-Perl-Destruct-Level
perl-Perl-MinimumVersion
perl-Perl4-CoreLibs
perl-PerlIO-gzip
perl-PerlIO-utf8_strict
perl-PkgConfig-LibPkgConf
perl-Pod-Coverage
perl-Pod-Coverage-TrustPod
perl-Pod-Escapes
perl-Pod-Eventual
perl-Pod-LaTeX
perl-Pod-Markdown
perl-Pod-Parser
perl-Pod-Plainer
perl-Pod-POM
perl-Pod-Spell
perl-PPI
perl-PPI-HTML
perl-PPIx-QuoteLike
perl-PPIx-Regexp
perl-PPIx-Utilities
perl-prefork
perl-Probe-Perl
perl-Razor-Agent
perl-Readonly
perl-Readonly-XS
perl-Ref-Util
perl-Ref-Util-XS
perl-Regexp-Pattern-Perl
perl-Return-MultiLevel
perl-Role-Tiny
perl-Scope-Guard
perl-Scope-Upper
perl-SGMLSpm
perl-SNMP_Session
perl-Socket6
perl-Software-License
perl-Sort-Versions
perl-Specio
perl-Spiffy
perl-strictures
perl-String-CRC32
perl-String-Format
perl-String-ShellQuote
perl-String-Similarity
perl-Sub-Exporter
perl-Sub-Exporter-Progressive
perl-Sub-Identify
perl-Sub-Info
perl-Sub-Install
perl-Sub-Name
perl-Sub-Quote
perl-Sub-Uplevel
perl-SUPER
perl-Switch
perl-Syntax-Highlight-Engine-Kate
perl-Sys-CPU
perl-Sys-MemInfo
perl-Sys-Virt
perl-Taint-Runtime
perl-Task-Weaken
perl-Term-Size-Any
perl-Term-Size-Perl
perl-Term-Table
perl-Term-UI
perl-TermReadKey
perl-Test-Base
perl-Test-ClassAPI
perl-Test-CPAN-Meta
perl-Test-CPAN-Meta-JSON
perl-Test-Deep
perl-Test-Differences
perl-Test-DistManifest
perl-Test-Distribution
perl-Test-EOL
perl-Test-Exception
perl-Test-Exit
perl-Test-FailWarnings
perl-Test-Fatal
perl-Test-File
perl-Test-File-ShareDir
perl-Test-Harness
perl-Test-HasVersion
perl-Test-InDistDir
perl-Test-Inter
perl-Test-LeakTrace
perl-Test-LongString
perl-Test-Manifest
perl-Test-Memory-Cycle
perl-Test-MinimumVersion
perl-Test-MockObject
perl-Test-MockRandom
perl-Test-Needs
perl-Test-NoTabs
perl-Test-NoWarnings
perl-Test-Object
perl-Test-Output
perl-Test-Pod
perl-Test-Pod-Coverage
perl-Test-Portability-Files
perl-Test-Requires
perl-Test-RequiresInternet
perl-Test-Script
perl-Test-Simple
perl-Test-SubCalls
perl-Test-Synopsis
perl-Test-Taint
perl-Test-TrailingSpace
perl-Test-utf8
perl-Test-Vars
perl-Test-Warn
perl-Test-Without-Module
perl-Test2-Plugin-NoWarnings
perl-Test2-Suite
perl-Test2-Tools-Explain
perl-Text-CharWidth
perl-Text-CSV_XS
perl-Text-Diff
perl-Text-Glob
perl-Text-Iconv
perl-Text-Soundex
perl-Text-Unidecode
perl-Text-WrapI18N
perl-Tie-IxHash
perl-TimeDate
perl-Tree-DAG_Node
perl-Unicode-EastAsianWidth
perl-Unicode-LineBreak
perl-Unicode-Map8
perl-Unicode-String
perl-Unicode-UTF8
perl-UNIVERSAL-can
perl-UNIVERSAL-isa
perl-Unix-Syslog
perl-URI
perl-Variable-Magic
perl-Version-Requirements
perl-WWW-RobotRules
perl-XML-Catalog
perl-XML-DOM
perl-XML-Dumper
perl-XML-Filter-BufferText
perl-XML-Generator
perl-XML-Grove
perl-XML-Handler-YAWriter
perl-XML-LibXML
perl-XML-LibXSLT
perl-XML-NamespaceSupport
perl-XML-Parser-Lite
perl-XML-RegExp
perl-XML-SAX
perl-XML-SAX-Base
perl-XML-SAX-Writer
perl-XML-Simple
perl-XML-TokeParser
perl-XML-TreeBuilder
perl-XML-Twig
perl-XML-Writer
perl-XML-XPath
perl-XML-XPathEngine
perl-XString
perl-YAML-LibYAML
perl-YAML-PP
perl-YAML-Syck
perltidy
pesign
phodav
php
php-pear
php-pecl-zip
physfs
picosat
pinfo
pipewire
pixman
pkcs11-helper
pkgconf
plexus-cipher
plexus-containers
plexus-sec-dispatcher
plotutils
pmdk-convert
pmix
pngcrush
pngnq
po4a
podman
poetry
policycoreutils
polkit-pkla-compat
portreserve
postfix
potrace
powertop
ppp
pps-tools
pptp
priv_wrapper
procmail
prometheus
prometheus-node-exporter
ps_mem
psacct
psutils
ptlib
publicsuffix-list
pugixml
pulseaudio
puppet
pwgen
pyatspi
pybind11
pycairo
pyelftools
pyflakes
pygobject3
PyGreSQL
pykickstart
pylint
pyparted
pyproject-rpm-macros
pyserial
python-absl-py
python-aiodns
python-aiohttp
python-alsa
python-argcomplete
python-astroid
python-astunparse
python-async-generator
python-augeas
python-azure-sdk
python-beautifulsoup4
python-betamax
python-blinker
python-blivet
python-cached_property
python-charset-normalizer
python-cheetah
python-click
python-cmd2
python-colorama
python-CommonMark
python-conda-package-handling
python-configshell
python-cpuinfo
python-cups
python-curio
python-cytoolz
python-d2to1
python-dbus-client-gen
python-dbus-python-client-gen
python-dbus-signature-pyparsing
python-dbusmock
python-ddt
python-debtcollector
python-decorator
python-distlib
python-dmidecode
python-dns
python-dtopt
python-dulwich
python-enchant
python-entrypoints
python-ethtool
python-evdev
python-extras
python-faker
python-fasteners
python-fields
python-filelock
python-fixtures
python-flake8
python-flask
python-flit
python-flit-core
python-fluidity-sm
python-frozendict
python-funcsigs
python-gast
python-genshi
python-google-auth
python-google-auth-oauthlib
python-greenlet
python-gssapi
python-h5py
python-hs-dbus-signature
python-html5lib
python-httplib2
python-humanize
python-hwdata
python-importlib-metadata
python-inotify
python-into-dbus-python
python-IPy
python-iso8601
python-isodate
python-isort
python-itsdangerous
python-justbases
python-justbytes
python-jwcrypto
python-jwt
python-kdcproxy
python-kerberos
python-kmod
python-kubernetes
python-lazy-object-proxy
python-ldap
python-linux-procfs
python-lit
python-markdown
python-mccabe
python-memcached
python-mimeparse
python-mock
python-monotonic
python-more-itertools
python-mpmath
python-msal
python-msrestazure
python-mutagen
python-networkx
python-nose2
python-ntlm-auth
python-oauth2client
python-openpyxl
python-openstackdocstheme
python-oslo-i18n
python-oslo-sphinx
python-paramiko
python-pefile
python-pexpect
python-pkgconfig
python-platformdirs
python-pluggy
python-podman-api
python-process-tests
python-productmd
python-ptyprocess
python-pycares
python-pycosat
python-pydbus
python-pymongo
python-PyMySQL
python-pyperclip
python-pyroute2
python-pyrsistent
python-pysocks
python-pytest-benchmark
python-pytest-cov
python-pytest-expect
python-pytest-flake8
python-pytest-forked
python-pytest-mock
python-pytest-relaxed
python-pytest-runner
python-pytest-subtests
python-pytest-timeout
python-pytest-xdist
python-pytoml
python-pyudev
python-pywbem
python-qrcode
python-rdflib
python-recommonmark
python-redis
python-requests-file
python-requests-ftp
python-requests-kerberos
python-requests-mock
python-requests-oauthlib
python-requests-toolbelt
python-requests_ntlm
python-responses
python-retrying
python-rfc3986
python-rpm-generators
python-rpmfluff
python-rtslib
python-ruamel-yaml
python-ruamel-yaml-clib
python-s3transfer
python-schedutils
python-semantic_version
python-should_dsl
python-simpleline
python-slip
python-sniffio
python-soupsieve
python-sphinx
python-sphinx-epytext
python-sphinx-theme-py3doc-enhanced
python-sphinx_rtd_theme
python-sphinxcontrib-apidoc
python-sphinxcontrib-applehelp
python-sphinxcontrib-devhelp
python-sphinxcontrib-htmlhelp
python-sphinxcontrib-httpdomain
python-sphinxcontrib-jsmath
python-sphinxcontrib-qthelp
python-sphinxcontrib-serializinghtml
python-sqlalchemy
python-suds
python-systemd
python-tempita
python-templated-dictionary
python-termcolor
python-testpath
python-testresources
python-testscenarios
python-testtools
python-tidy
python-toml
python-tomli
python-toolz
python-tornado
python-tox
python-tox-current-env
python-tqdm
python-trio
python-typing-extensions
python-uamqp
python-unittest2
python-uritemplate
python-urwid
python-varlink
python-virt-firmware
python-voluptuous
python-waitress
python-webencodings
python-webtest
python-wheel
python-whoosh
python-winrm
python-wrapt
python-xmltodict
python-yubico
python-zipp
python-zmq
python3-mallard-ducktype
python3-pytest-asyncio
python3-typed_ast
pyusb
pywbem
pyxattr
qemu
qhull
qpdf
qperf
qr-code-generator
qt5-qtbase
qt5-qtconnectivity
qt5-qtdeclarative
qt5-qtsensors
qt5-qtserialport
qt5-qtsvg
qt5-qttools
qt5-rpm-macros
quagga
quota
radvd
ragel
raptor2
rarian
rasdaemon
rasqal
rcs
rdist
rdma-core
re2
re2c
realmd
rear
recode
redland
resource-agents
rest
rhash
rlwrap
rp-pppoe
rpm-mpi-hooks
rpmdevtools
rpmlint
rtkit
rtl-sdr
ruby-augeas
rubygem-bson
rubygem-coderay
rubygem-diff-lcs
rubygem-flexmock
rubygem-hpricot
rubygem-introspection
rubygem-liquid
rubygem-maruku
rubygem-metaclass
rubygem-mongo
rubygem-mustache
rubygem-mysql2
rubygem-pkg-config
rubygem-rake
rubygem-rake-compiler
rubygem-ronn
rubygem-rouge
rubygem-rspec
rubygem-rspec-expectations
rubygem-rspec-mocks
rubygem-rspec-support
rubygem-thread_order
rusers
samba
sanlock
sassist
satyr
sbc
sblim-cim-client2
sblim-cmpi-base
sblim-cmpi-devel
sblim-cmpi-fsvol
sblim-cmpi-network
sblim-cmpi-nfsv3
sblim-cmpi-nfsv4
sblim-cmpi-params
sblim-cmpi-sysfs
sblim-cmpi-syslog
sblim-indication_helper
sblim-sfcb
sblim-sfcc
sblim-sfcCommon
sblim-testsuite
sblim-wbemcli
scl-utils
scotch
screen
scrub
SDL
SDL2
SDL_sound
sdparm
seabios
secilc
selinux-policy
sendmail
serd
setools
setserial
setuptool
sgabios
sgml-common
sgpio
shared-mime-info
sharutils
sip
sisu
skkdic
sleuthkit
slirp4netns
smartmontools
smc-tools
socket_wrapper
softhsm
sombok
sord
sos
sound-theme-freedesktop
soundtouch
sox
soxr
sparsehash
spausedd
speex
speexdsp
spice-protocol
spice-vdagent
spirv-headers
spirv-tools
splix
squashfs-tools
squid
sratom
sscg
star
startup-notification
stunnel
subscription-manager
suitesparse
SuperLU
supermin
switcheroo-control
symlinks
sympy
sysfsutils
systemd-bootchart
t1lib
t1utils
taglib
tang
targetcli
tbb
tcl-pgtcl
tclx
teckit
telnet
tidy
time
tini
tinycdb
tix
tk
tlog
tmpwatch
tn5250
tofrodos
tokyocabinet
tpm-quote-tools
tpm-tools
tss2
ttembed
ttmkfdir
tuna
twolame
uchardet
uclibc-ng
ucpp
ucs-miscfixed-fonts
ucx
udftools
udica
udisks2
uglify-js
uid_wrapper
unicode-emoji
unicode-ucd
unique3
units
upower
uriparser
urlview
usb_modeswitch
usb_modeswitch-data
usbguard
usbip
usbmuxd
usbredir
usermode
ustr
uthash
uuid
uw-imap
v4l-utils
vhostmd
vino
virglrenderer
virt-p2v
virt-top
virt-what
virt-who
vitess
vmem
volume_key
vorbis-tools
vte291
vulkan-headers
vulkan-loader
watchdog
wavpack
wayland
wayland-protocols
web-assets
webrtc-audio-processing
websocketpp
whois
wireguard-tools
wireless-regdb
wireshark
woff2
wordnet
words
wpebackend-fdo
wsmancli
wvdial
x3270
xapian-core
Xaw3d
xcb-proto
xcb-util
xcb-util-image
xcb-util-keysyms
xcb-util-renderutil
xcb-util-wm
xdelta
xdg-dbus-proxy
xdg-utils
xerces-c
xfconf
xfsdump
xhtml1-dtds
xkeyboard-config
xmlstarlet
xmltoman
xmvn
xorg-x11-apps
xorg-x11-drv-libinput
xorg-x11-font-utils
xorg-x11-fonts
xorg-x11-proto-devel
xorg-x11-server
xorg-x11-server-utils
xorg-x11-util-macros
xorg-x11-utils
xorg-x11-xauth
xorg-x11-xbitmaps
xorg-x11-xinit
xorg-x11-xkb-utils
xorg-x11-xtrans-devel
xrestop
xterm
xxhash
yajl
yaml-cpp
yasm
yelp-tools
yelp-xsl
ykclient
yp-tools
ypbind
ypserv
z3
zenity
zerofree
zfs-fuse
zipper
zopfli
zziplib | +| Fedora | [Fedora MIT License Declaration](https://fedoraproject.org/wiki/Licensing:Main?rd=Licensing#License_of_Fedora_SPEC_Files) | a52dec
abseil-cpp
accountsservice
acpica-tools
acpid
adcli
adobe-mappings-cmap
adobe-mappings-pdf
advancecomp
adwaita-icon-theme
afflib
aide
alsa-firmware
alsa-plugins
amtk
amtterm
annobin
ansible-freeipa
archivemount
argparse-manpage
arptables
arpwatch
asio
aspell
aspell-en
at
at-spi2-atk
at-spi2-core
atf
atk
atop
attr
audiofile
augeas
authbind
authd
authselect
autoconf213
avahi
babeltrace
babeltrace2
babl
baekmuk-ttf-fonts
bats
bcache-tools
biosdevname
blosc
bluez
bmake
bogofilter
bolt
boom-boot
booth
botan2
breezy
brotli
buildah
busybox
bwidget
byacc
ca-certificates
cachefilesd
cairomm
calamares
capstone
catatonit
catch
catch1
cdrdao
celt051
cereal
certmonger
cfitsio
cgdcbxd
chan
CharLS
checkpolicy
checksec
chrony
cim-schema
cjkuni-uming-fonts
cjose
cldr-emoji-annotation
clucene
clutter
clutter-gst3
clutter-gtk
cmocka
cogl
collectd
colm
color-filesystem
colord
colorize
compat-lua
compiler-rt
conda
conmon
conntrack-tools
console-setup
container-exception-logger
containernetworking-plugins
convmv
corosync
corosync-qdevice
cpp-hocon
cppcheck
cpprest
cpptest
cpuid
criu
crypto-policies
cryptsetup
cscope
ctags
CUnit
cups
custodia
Cython
dbus-c++
dbus-python
dbxtool
dconf
dcraw
debootstrap
deltarpm
desktop-file-utils
device-mapper-persistent-data
dietlibc
diffstat
ding-libs
discount
distribution-gpg-keys
dleyna-connector-dbus
dleyna-core
dmraid
dnf
dnf-plugins-core
docbook-dtds
docbook-simple
docbook-slides
docbook-style-dsssl
docbook-utils
docbook2X
docbook5-schemas
docbook5-style-xsl
dogtail
dos2unix
dotconf
dovecot
dpdk
dpkg
driverctl
dropwatch
drpm
dumpet
dvd+rw-tools
dwarves
dwz
dyninst
ebtables
edac-utils
edk2
efax
efi-rpm-macros
egl-wayland
eglexternalplatform
elinks
enca
enchant
enchant2
enscript
environment-modules
evemu
execstack
exempi
exiv2
extra-cmake-modules
fabtests
facter
fakechroot
fakeroot
fapolicyd
fdk-aac-free
fdupes
fence-virt
fetchmail
fftw
filebench
fio
fipscheck
firewalld
fish
flac
flatbuffers
flite
fltk
fmt
fontawesome-fonts
fontpackages
fonts-rpm-macros
foomatic-db
freeglut
freeipmi
freeradius
freetds
freexl
fribidi
fros
frr
fsverity-utils
fuse-overlayfs
fuse-sshfs
fuse-zip
fuse3
future
fxload
gavl
gconf-editor
GConf2
gcovr
gcr
gdal
gdisk
gdk-pixbuf2
generic-logos
genwqe-tools
geoclue2
GeoIP
GeoIP-GeoLite-data
geolite2
geos
gfs2-utils
ghc-srpm-macros
giflib
gl-manpages
glew
glm
glog
glusterfs
gnome-desktop-testing
gnome-doc-utils
gnome-icon-theme
gnome-keyring
gnu-efi
go-rpm-macros
gom
google-api-python-client
google-crosextra-caladea-fonts
google-crosextra-carlito-fonts
google-guice
google-noto-cjk-fonts
google-noto-emoji-fonts
google-roboto-slab-fonts
gphoto2
gpm
gpsbabel
graphene
graphite2
graphviz
grubby
gsettings-desktop-schemas
gsl
gsm
gspell
gssdp
gssntlmssp
gstreamer1
gstreamer1-plugins-base
gtk-vnc
gtk2
gtk3
gtkspell
gupnp
gupnp-av
gupnp-dlna
gupnp-igd
hardening-check
hdf
hdf5
heimdal
help2man
hexedit
hicolor-icon-theme
hiera
highlight
hivex
hostname
hping3
hsakmt
htop
hunspell
hunspell-af
hunspell-ar
hunspell-as
hunspell-ast
hunspell-az
hunspell-be
hunspell-bg
hunspell-bn
hunspell-br
hunspell-ca
hunspell-cop
hunspell-csb
hunspell-cv
hunspell-cy
hunspell-da
hunspell-de
hunspell-dsb
hunspell-el
hunspell-en
hunspell-eo
hunspell-es
hunspell-et
hunspell-eu
hunspell-fa
hunspell-fj
hunspell-fo
hunspell-fr
hunspell-fur
hunspell-fy
hunspell-ga
hunspell-gd
hunspell-gl
hunspell-grc
hunspell-gu
hunspell-gv
hunspell-haw
hunspell-hi
hunspell-hil
hunspell-hr
hunspell-hsb
hunspell-ht
hunspell-hu
hunspell-hy
hunspell-ia
hunspell-id
hunspell-is
hunspell-it
hunspell-kk
hunspell-km
hunspell-kn
hunspell-ko
hunspell-ku
hunspell-ky
hunspell-la
hunspell-lb
hunspell-ln
hunspell-mai
hunspell-mg
hunspell-mi
hunspell-mk
hunspell-ml
hunspell-mn
hunspell-mos
hunspell-mr
hunspell-ms
hunspell-mt
hunspell-nds
hunspell-ne
hunspell-nl
hunspell-no
hunspell-nr
hunspell-nso
hunspell-ny
hunspell-om
hunspell-or
hunspell-pa
hunspell-pl
hunspell-pt
hunspell-quh
hunspell-ro
hunspell-ru
hunspell-rw
hunspell-se
hunspell-shs
hunspell-si
hunspell-sk
hunspell-sl
hunspell-smj
hunspell-so
hunspell-sq
hunspell-sr
hunspell-sv
hunspell-sw
hunspell-ta
hunspell-te
hunspell-tet
hunspell-th
hunspell-tk
hunspell-tl
hunspell-tn
hunspell-tpi
hunspell-ts
hunspell-uk
hunspell-uz
hunspell-ve
hunspell-vi
hunspell-wa
hunspell-xh
hunspell-yi
hwdata
hwloc
hyperscan
hyperv-daemons
hyphen
hyphen-as
hyphen-bg
hyphen-bn
hyphen-ca
hyphen-da
hyphen-de
hyphen-el
hyphen-es
hyphen-fa
hyphen-fo
hyphen-fr
hyphen-ga
hyphen-gl
hyphen-grc
hyphen-gu
hyphen-hi
hyphen-hsb
hyphen-hu
hyphen-ia
hyphen-id
hyphen-is
hyphen-it
hyphen-kn
hyphen-ku
hyphen-lt
hyphen-mi
hyphen-ml
hyphen-mn
hyphen-mr
hyphen-nl
hyphen-or
hyphen-pa
hyphen-pl
hyphen-pt
hyphen-ro
hyphen-ru
hyphen-sa
hyphen-sk
hyphen-sl
hyphen-sv
hyphen-ta
hyphen-te
hyphen-tk
hyphen-uk
ibus
ibus-chewing
ibus-hangul
ibus-kkc
ibus-libzhuyin
ibus-m17n
ibus-rawcode
ibus-sayura
ibus-table
ibus-table-chinese
icc-profiles-openicc
icon-naming-utils
icoutils
iftop
iio-sensor-proxy
ilmbase
im-chooser
imaptest
imsettings
indent
infinipath-psm
inih
iniparser
intel-cmt-cat
intel-ipsec-mb
ioping
IP2Location
ipa-pgothic-fonts
ipcalc
ipmitool
iprutils
iptraf-ng
iptstate
irssi
iscsi-initiator-utils
isns-utils
iso-codes
isomd5sum
iw
iwd
jabberpy
jasper
javapackages-bootstrap
javapackages-tools
jbigkit
jdom2
jemalloc
jfsutils
jimtcl
jose
js-jquery
jsoncpp
Judy
kata-containers
kde-filesystem
kde-settings
kexec-tools
keybinder3
keycloak-httpd-client-install
kf5
kf5-kconfig
kf5-kcoreaddons
kf5-ki18n
kf5-kwidgetsaddons
kpmcore
kronosnet
ksh
kyotocabinet
kyua
ladspa
lame
langtable
lapack
lasso
latencytop
lato-fonts
lcms2
lcov
ldns
leatherman
ledmon
lensfun
leveldb
lftp
libabw
libaec
libao
libappstream-glib
libart_lgpl
libasyncns
libatasmart
libavc1394
libblockdev
libbpf
libbsd
libburn
libbytesize
libcacard
libcanberra
libcdio
libcdio-paranoia
libcdr
libcgroup
libchewing
libcli
libcmis
libcmpiutil
libcomps
libcroco
libdaemon
libdap
libdatrie
libdazzle
libdbi
libdbi-drivers
libdbusmenu
libdc1394
libdeflate
libdmx
libdnf
libdrm
libdvdnav
libdvdread
libdwarf
libeasyfc
libecap
libecb
libell
libEMF
libeot
libepoxy
libepubgen
libesmtp
libetonyek
libev
libevdev
libewf
libexif
libexttextcat
libfabric
libfontenc
libfreehand
libftdi
libgadu
libgdither
libgee
libgee06
libgeotiff
libgexiv2
libgit2
libgit2-glib
libglade2
libglvnd
libgovirt
libgphoto2
libgsf
libgta
libguestfs
libgusb
libgxim
libgxps
libhangul
libhugetlbfs
libibcommon
libical
libICE
libicns
libid3tag
libIDL
libidn2
libiec61883
libieee1284
libimobiledevice
libindicator
libinput
libiodbc
libipt
libiptcdata
libiscsi
libisoburn
libisofs
libjcat
libkcapi
libkeepalive
libkkc
libkkc-data
libkml
liblangtag
libldb
libldm
liblerc
liblockfile
liblognorm
liblouis
liblqr-1
liblzf
libmad
libmediaart
libmicrohttpd
libmikmod
libmodman
libmodplug
libmodulemd1
libmpcdec
libmspub
libmtp
libmusicbrainz5
libmwaw
libnbd
libnet
libnetfilter_log
libnfs
libnotify
libntlm
libnumbertext
liboauth
libodfgen
libofa
libogg
liboggz
liboil
libomxil-bellagio
libopenraw
liboping
libosinfo
libotf
libotr
libpagemaker
libpaper
libpciaccess
libpeas
libpfm
libpinyin
libplist
libpmemobj-cpp
libpng12
libpng15
libproxy
libpsm2
libpwquality
libqb
libqxp
libraqm
LibRaw
libraw1394
libreport
libreswan
librevenge
librsvg2
librx
libsamplerate
libsass
libsecret
libsemanage
libsigc++20
libsigsegv
libslirp
libSM
libsmbios
libsmi
libsndfile
libsodium
libspiro
libsrtp
libssh
libstaroffice
libstemmer
libstoragemgmt
libtdb
libteam
libtevent
libthai
libtnc
libtomcrypt
libtommath
libtraceevent
libtranslit
libucil
libunicap
libuninameslist
liburing
libusbmuxd
libuser
libutempter
libvarlink
libverto
libvirt-dbus
libvirt-glib
libvirt-java
libvirt-python
libvisio
libvisual
libvoikko
libvorbis
libvpx
libwacom
libwnck3
libwpd
libwpe
libwpg
libwps
libwvstreams
libX11
libXau
libXaw
libxcb
libXcomposite
libxcrypt
libXcursor
libXdamage
libXdmcp
libXext
libxfce4util
libXfixes
libXfont2
libXft
libXi
libXinerama
libxkbcommon
libxkbfile
libxklavier
libxmlb
libXmu
libXpm
libXrandr
libXrender
libXres
libXScrnSaver
libxshmfence
libXt
libXtst
libXv
libXxf86vm
libyami
libyang
libyubikey
libzip
libzmf
lilv
linuxconsoletools
linuxptp
lksctp-tools
lldpd
lockdev
logwatch
lpsolve
lrzsz
lua
lua-expat
lua-filesystem
lua-json
lua-lpeg
lua-lunit
lua-rpm-macros
lua-term
luajit
luksmeta
lutok
lv2
lzip
lzop
m17n-db
m17n-lib
mac-robber
mailcap
mailx
malaga
malaga-suomi-voikko
mallard-rng
man-pages-cs
man-pages-es
man-pages-it
man-pages-ja
man-pages-ko
man-pages-pl
man-pages-ru
man-pages-zh-CN
mariadb-connector-c
mariadb-connector-odbc
marisa
maven-compiler-plugin
maven-jar-plugin
maven-resolver
maven-resources-plugin
maven-surefire
maven-wagon
mcelog
mcpp
mcstrans
mdadm
mdds
meanwhile
mecab
mecab-ipadic
media-player-info
memcached
memkind
mesa
mesa-libGLU
metis
microcode_ctl
microdnf
minicom
minizip
mksh
mobile-broadband-provider-info
mock
mock-core-configs
mod_auth_gssapi
mod_auth_mellon
mod_auth_openidc
mod_authnz_pam
mod_fcgid
mod_http2
mod_intercept_form_submit
mod_lookup_identity
mod_md
mod_security
mod_security_crs
mod_wsgi
mokutil
mpage
mrtg
mstflint
mt-st
mtdev
mtools
mtr
mtx
multilib-rpm-config
munge
mutt
mythes
mythes-bg
mythes-ca
mythes-cs
mythes-da
mythes-de
mythes-el
mythes-en
mythes-eo
mythes-es
mythes-fr
mythes-ga
mythes-hu
mythes-mi
mythes-ne
mythes-nl
mythes-pl
mythes-pt
mythes-ro
mythes-ru
mythes-sk
mythes-sl
mythes-sv
mythes-uk
nbd
nbdkit
neon
netavark
netcdf
netcf
netlabel_tools
netpbm
netsniff-ng
nfs4-acl-tools
nftables
nilfs-utils
nkf
nload
nlopt
nodejs-packaging
nss-pam-ldapd
nss_nis
nss_wrapper
ntfs-3g
ntfs-3g-system-compression
numad
numatop
numpy
nvmetcli
nvml
oath-toolkit
ocaml
ocaml-alcotest
ocaml-astring
ocaml-base
ocaml-bigarray-compat
ocaml-bisect-ppx
ocaml-calendar
ocaml-camlp5
ocaml-camomile
ocaml-cinaps
ocaml-cmdliner
ocaml-compiler-libs-janestreet
ocaml-cppo
ocaml-csexp
ocaml-csv
ocaml-ctypes
ocaml-curses
ocaml-dune
ocaml-extlib
ocaml-fileutils
ocaml-findlib
ocaml-fmt
ocaml-fpath
ocaml-gettext
ocaml-integers
ocaml-libvirt
ocaml-luv
ocaml-lwt
ocaml-markup
ocaml-migrate-parsetree
ocaml-mmap
ocaml-num
ocaml-ocamlbuild
ocaml-ocplib-endian
ocaml-ounit
ocaml-parsexp
ocaml-ppx-derivers
ocaml-ppxlib
ocaml-re
ocaml-react
ocaml-result
ocaml-seq
ocaml-sexplib
ocaml-sexplib0
ocaml-stdio
ocaml-topkg
ocaml-tyxml
ocaml-uuidm
ocaml-uutf
ocaml-xml-light
ocaml-zarith
ocl-icd
oddjob
ogdi
omping
opa
opal
open-vm-tools
openblas
opencc
opencl-filesystem
opencl-headers
opencryptoki
opencsd
opendnssec
OpenEXR
openjade
openjpeg2
openmpi
openobex
openoffice-lv
openrdate
opensc
openslp
opensm
opensp
openssl
openssl-ibmpkcs11
openssl-pkcs11
openwsman
optipng
opus
opusfile
orangefs
ORBit2
orc
os-prober
osinfo-db
osinfo-db-tools
overpass-fonts
p11-kit
p7zip
pacemaker
pacrunner
pakchois
pam_krb5
pam_wrapper
papi
paps
parallel
patchelf
patchutils
pbzip2
pcp
pcsc-lite
pcsc-lite-ccid
PEGTL
perl
perl-Algorithm-C3
perl-Algorithm-Diff
perl-Alien-Build
perl-Alien-pkgconf
perl-AnyEvent
perl-AnyEvent-AIO
perl-AnyEvent-BDB
perl-App-cpanminus
perl-App-FatPacker
perl-AppConfig
perl-Archive-Extract
perl-Archive-Zip
perl-Authen-SASL
perl-B-Debug
perl-B-Hooks-EndOfScope
perl-B-Hooks-OP-Check
perl-B-Keywords
perl-B-Lint
perl-bareword-filehandles
perl-BDB
perl-Bit-Vector
perl-boolean
perl-Browser-Open
perl-BSD-Resource
perl-Business-ISBN
perl-Business-ISBN-Data
perl-Bytes-Random-Secure
perl-Capture-Tiny
perl-Carp-Clan
perl-CBOR-XS
perl-Class-Accessor
perl-Class-C3
perl-Class-C3-XS
perl-Class-Data-Inheritable
perl-Class-Factory-Util
perl-Class-Inspector
perl-Class-ISA
perl-Class-Load
perl-Class-Load-XS
perl-Class-Method-Modifiers
perl-Class-Singleton
perl-Class-Tiny
perl-Class-XSAccessor
perl-Clone
perl-Color-ANSI-Util
perl-Color-RGB-Util
perl-ColorThemeBase-Static
perl-ColorThemeRole-ANSI
perl-ColorThemes-Standard
perl-ColorThemeUtil-ANSI
perl-Compress-Bzip2
perl-Compress-LZF
perl-Compress-Raw-Lzma
perl-Config-AutoConf
perl-Config-INI
perl-Config-INI-Reader-Multiline
perl-Config-IniFiles
perl-Config-Simple
perl-Config-Tiny
perl-Const-Fast
perl-Convert-ASN1
perl-Convert-Bencode
perl-Coro
perl-Coro-Multicore
perl-CPAN-Changes
perl-CPAN-DistnameInfo
perl-CPAN-Meta-Check
perl-Cpanel-JSON-XS
perl-Crypt-CBC
perl-Crypt-DES
perl-Crypt-IDEA
perl-Crypt-OpenSSL-Bignum
perl-Crypt-OpenSSL-Guess
perl-Crypt-OpenSSL-Random
perl-Crypt-OpenSSL-RSA
perl-Crypt-PasswdMD5
perl-Crypt-Random-Seed
perl-CSS-Tiny
perl-Data-Dump
perl-Data-Munge
perl-Data-OptList
perl-Data-Peek
perl-Data-Section
perl-Data-UUID
perl-Date-Calc
perl-Date-ISO8601
perl-Date-Manip
perl-DateTime
perl-DateTime-Format-Builder
perl-DateTime-Format-DateParse
perl-DateTime-Format-HTTP
perl-DateTime-Format-IBeat
perl-DateTime-Format-ISO8601
perl-DateTime-Format-Mail
perl-DateTime-Format-Strptime
perl-DateTime-Locale
perl-DateTime-TimeZone
perl-DateTime-TimeZone-SystemV
perl-DateTime-TimeZone-Tzfile
perl-DBD-MySQL
perl-Devel-CallChecker
perl-Devel-Caller
perl-Devel-CheckBin
perl-Devel-CheckLib
perl-Devel-Cycle
perl-Devel-EnforceEncapsulation
perl-Devel-GlobalDestruction
perl-Devel-GlobalDestruction-XS
perl-Devel-Hide
perl-Devel-Leak
perl-Devel-LexAlias
perl-Devel-Size
perl-Devel-StackTrace
perl-Devel-Symdump
perl-Digest-BubbleBabble
perl-Digest-CRC
perl-Digest-HMAC
perl-Digest-SHA1
perl-Dist-CheckConflicts
perl-DynaLoader-Functions
perl-Email-Address
perl-Email-Date-Format
perl-Encode-Detect
perl-Encode-EUCJPASCII
perl-Encode-IMAPUTF7
perl-Encode-Locale
perl-Env-ShellWords
perl-Error
perl-EV
perl-Eval-Closure
perl-Event
perl-Exception-Class
perl-Expect
perl-ExtUtils-Config
perl-ExtUtils-Depends
perl-ExtUtils-Helpers
perl-ExtUtils-InstallPaths
perl-ExtUtils-PkgConfig
perl-FCGI
perl-Fedora-VSP
perl-FFI-CheckLib
perl-File-BaseDir
perl-File-BOM
perl-File-chdir
perl-File-CheckTree
perl-File-Copy-Recursive
perl-File-DesktopEntry
perl-File-Find-Object
perl-File-Find-Object-Rule
perl-File-Find-Rule
perl-File-Find-Rule-Perl
perl-File-Inplace
perl-File-Listing
perl-File-MimeInfo
perl-File-pushd
perl-File-ReadBackwards
perl-File-Remove
perl-File-ShareDir
perl-File-ShareDir-Install
perl-File-Slurp
perl-File-Slurp-Tiny
perl-File-Slurper
perl-File-Type
perl-Font-TTF
perl-FreezeThaw
perl-GD
perl-GD-Barcode
perl-generators
perl-Getopt-ArgvFile
perl-gettext
perl-Graphics-ColorNamesLite-WWW
perl-GSSAPI
perl-Guard
perl-Hook-LexWrap
perl-HTML-Parser
perl-HTML-Tagset
perl-HTML-Tree
perl-HTTP-Cookies
perl-HTTP-Daemon
perl-HTTP-Date
perl-HTTP-Message
perl-HTTP-Negotiate
perl-Image-Base
perl-Image-Info
perl-Image-Xbm
perl-Image-Xpm
perl-Import-Into
perl-Importer
perl-inc-latest
perl-indirect
perl-Inline-Files
perl-IO-AIO
perl-IO-All
perl-IO-CaptureOutput
perl-IO-Compress-Lzma
perl-IO-HTML
perl-IO-Multiplex
perl-IO-SessionData
perl-IO-Socket-INET6
perl-IO-String
perl-IO-stringy
perl-IO-Tty
perl-IPC-Run
perl-IPC-Run3
perl-IPC-System-Simple
perl-JSON
perl-JSON-Color
perl-JSON-MaybeXS
perl-LDAP
perl-libnet
perl-libwww-perl
perl-libxml-perl
perl-Lingua-EN-Inflect
perl-List-MoreUtils-XS
perl-local-lib
perl-Locale-Codes
perl-Locale-Maketext-Gettext
perl-Locale-Msgfmt
perl-Locale-PO
perl-Log-Message
perl-Log-Message-Simple
perl-LWP-MediaTypes
perl-LWP-Protocol-https
perl-Mail-AuthenticationResults
perl-Mail-DKIM
perl-Mail-IMAPTalk
perl-Mail-SPF
perl-MailTools
perl-Math-Int64
perl-Math-Random-ISAAC
perl-MIME-Charset
perl-MIME-Lite
perl-MIME-Types
perl-Mixin-Linewise
perl-MLDBM
perl-Mock-Config
perl-Module-Build-Tiny
perl-Module-CPANfile
perl-Module-Implementation
perl-Module-Install-AuthorRequires
perl-Module-Install-AuthorTests
perl-Module-Install-AutoLicense
perl-Module-Install-GithubMeta
perl-Module-Install-ManifestSkip
perl-Module-Install-ReadmeFromPod
perl-Module-Install-ReadmeMarkdownFromPod
perl-Module-Install-Repository
perl-Module-Install-TestBase
perl-Module-Load-Util
perl-Module-Manifest
perl-Module-Manifest-Skip
perl-Module-Package
perl-Module-Package-Au
perl-Module-Pluggable
perl-Module-Runtime
perl-Module-Signature
perl-Mojolicious
perl-Moo
perl-Mozilla-CA
perl-Mozilla-LDAP
perl-MRO-Compat
perl-multidimensional
perl-namespace-autoclean
perl-namespace-clean
perl-Net-CIDR-Lite
perl-Net-Daemon
perl-Net-DNS
perl-Net-DNS-Resolver-Mock
perl-Net-DNS-Resolver-Programmable
perl-Net-HTTP
perl-Net-IMAP-Simple
perl-Net-IMAP-Simple-SSL
perl-Net-LibIDN2
perl-Net-Patricia
perl-Net-SMTP-SSL
perl-Net-SNMP
perl-Net-Telnet
perl-Newt
perl-NNTPClient
perl-NTLM
perl-Number-Compare
perl-Object-Deadly
perl-Object-HashBase
perl-Package-Anon
perl-Package-Constants
perl-Package-DeprecationManager
perl-Package-Generator
perl-Package-Stash
perl-Package-Stash-XS
perl-PadWalker
perl-Paper-Specs
perl-PAR-Dist
perl-Parallel-Iterator
perl-Params-Classify
perl-Params-Util
perl-Params-Validate
perl-Params-ValidationCompiler
perl-Parse-PMFile
perl-Parse-RecDescent
perl-Parse-Yapp
perl-Path-Tiny
perl-Perl-Critic
perl-Perl-Critic-More
perl-Perl-Destruct-Level
perl-Perl-MinimumVersion
perl-Perl4-CoreLibs
perl-PerlIO-gzip
perl-PerlIO-utf8_strict
perl-PkgConfig-LibPkgConf
perl-Pod-Coverage
perl-Pod-Coverage-TrustPod
perl-Pod-Escapes
perl-Pod-Eventual
perl-Pod-LaTeX
perl-Pod-Markdown
perl-Pod-Parser
perl-Pod-Plainer
perl-Pod-POM
perl-Pod-Spell
perl-PPI
perl-PPI-HTML
perl-PPIx-QuoteLike
perl-PPIx-Regexp
perl-PPIx-Utilities
perl-prefork
perl-Probe-Perl
perl-Razor-Agent
perl-Readonly
perl-Readonly-XS
perl-Ref-Util
perl-Ref-Util-XS
perl-Regexp-Pattern-Perl
perl-Return-MultiLevel
perl-Role-Tiny
perl-Scope-Guard
perl-Scope-Upper
perl-SGMLSpm
perl-SNMP_Session
perl-Socket6
perl-Software-License
perl-Sort-Versions
perl-Specio
perl-Spiffy
perl-strictures
perl-String-CRC32
perl-String-Format
perl-String-ShellQuote
perl-String-Similarity
perl-Sub-Exporter
perl-Sub-Exporter-Progressive
perl-Sub-Identify
perl-Sub-Info
perl-Sub-Install
perl-Sub-Name
perl-Sub-Quote
perl-Sub-Uplevel
perl-SUPER
perl-Switch
perl-Syntax-Highlight-Engine-Kate
perl-Sys-CPU
perl-Sys-MemInfo
perl-Sys-Virt
perl-Taint-Runtime
perl-Task-Weaken
perl-Term-Size-Any
perl-Term-Size-Perl
perl-Term-Table
perl-Term-UI
perl-TermReadKey
perl-Test-Base
perl-Test-ClassAPI
perl-Test-CPAN-Meta
perl-Test-CPAN-Meta-JSON
perl-Test-Deep
perl-Test-Differences
perl-Test-DistManifest
perl-Test-Distribution
perl-Test-EOL
perl-Test-Exception
perl-Test-Exit
perl-Test-FailWarnings
perl-Test-Fatal
perl-Test-File
perl-Test-File-ShareDir
perl-Test-Harness
perl-Test-HasVersion
perl-Test-InDistDir
perl-Test-Inter
perl-Test-LeakTrace
perl-Test-LongString
perl-Test-Manifest
perl-Test-Memory-Cycle
perl-Test-MinimumVersion
perl-Test-MockObject
perl-Test-MockRandom
perl-Test-Needs
perl-Test-NoTabs
perl-Test-NoWarnings
perl-Test-Object
perl-Test-Output
perl-Test-Pod
perl-Test-Pod-Coverage
perl-Test-Portability-Files
perl-Test-Requires
perl-Test-RequiresInternet
perl-Test-Script
perl-Test-Simple
perl-Test-SubCalls
perl-Test-Synopsis
perl-Test-Taint
perl-Test-TrailingSpace
perl-Test-utf8
perl-Test-Vars
perl-Test-Warn
perl-Test-Without-Module
perl-Test2-Plugin-NoWarnings
perl-Test2-Suite
perl-Test2-Tools-Explain
perl-Text-CharWidth
perl-Text-CSV_XS
perl-Text-Diff
perl-Text-Glob
perl-Text-Iconv
perl-Text-Soundex
perl-Text-Unidecode
perl-Text-WrapI18N
perl-Tie-IxHash
perl-TimeDate
perl-Tree-DAG_Node
perl-Unicode-EastAsianWidth
perl-Unicode-LineBreak
perl-Unicode-Map8
perl-Unicode-String
perl-Unicode-UTF8
perl-UNIVERSAL-can
perl-UNIVERSAL-isa
perl-Unix-Syslog
perl-URI
perl-Variable-Magic
perl-Version-Requirements
perl-WWW-RobotRules
perl-XML-Catalog
perl-XML-DOM
perl-XML-Dumper
perl-XML-Filter-BufferText
perl-XML-Generator
perl-XML-Grove
perl-XML-Handler-YAWriter
perl-XML-LibXML
perl-XML-LibXSLT
perl-XML-NamespaceSupport
perl-XML-Parser-Lite
perl-XML-RegExp
perl-XML-SAX
perl-XML-SAX-Base
perl-XML-SAX-Writer
perl-XML-Simple
perl-XML-TokeParser
perl-XML-TreeBuilder
perl-XML-Twig
perl-XML-Writer
perl-XML-XPath
perl-XML-XPathEngine
perl-XString
perl-YAML-LibYAML
perl-YAML-PP
perl-YAML-Syck
perltidy
pesign
phodav
php
php-pear
php-pecl-zip
physfs
picosat
pinfo
pipewire
pixman
pkcs11-helper
pkgconf
plexus-cipher
plexus-containers
plexus-sec-dispatcher
plotutils
pmdk-convert
pmix
pngcrush
pngnq
po4a
podman
poetry
policycoreutils
polkit-pkla-compat
portreserve
postfix
potrace
powertop
ppp
pps-tools
pptp
priv_wrapper
procmail
prometheus
prometheus-node-exporter
ps_mem
psacct
psutils
ptlib
publicsuffix-list
pugixml
pulseaudio
puppet
pwgen
pyatspi
pybind11
pycairo
pyelftools
pyflakes
pygobject3
PyGreSQL
pykickstart
pylint
pyparted
pyproject-rpm-macros
pyserial
python-absl-py
python-aiodns
python-aiohttp
python-alsa
python-argcomplete
python-astroid
python-astunparse
python-async-generator
python-augeas
python-azure-sdk
python-beautifulsoup4
python-betamax
python-blinker
python-blivet
python-cached_property
python-charset-normalizer
python-cheetah
python-click
python-cmd2
python-colorama
python-CommonMark
python-conda-package-handling
python-configshell
python-cpuinfo
python-cups
python-curio
python-cytoolz
python-d2to1
python-dbus-client-gen
python-dbus-python-client-gen
python-dbus-signature-pyparsing
python-dbusmock
python-ddt
python-debtcollector
python-decorator
python-distlib
python-dmidecode
python-dns
python-dtopt
python-dulwich
python-enchant
python-entrypoints
python-ethtool
python-evdev
python-extras
python-faker
python-fasteners
python-fields
python-filelock
python-fixtures
python-flake8
python-flask
python-flit
python-flit-core
python-fluidity-sm
python-frozendict
python-funcsigs
python-gast
python-genshi
python-google-auth
python-google-auth-oauthlib
python-greenlet
python-gssapi
python-h5py
python-hs-dbus-signature
python-html5lib
python-httplib2
python-humanize
python-hwdata
python-importlib-metadata
python-inotify
python-into-dbus-python
python-IPy
python-iso8601
python-isodate
python-isort
python-itsdangerous
python-justbases
python-justbytes
python-jwcrypto
python-jwt
python-kdcproxy
python-kerberos
python-kmod
python-kubernetes
python-lazy-object-proxy
python-ldap
python-linux-procfs
python-lit
python-markdown
python-mccabe
python-memcached
python-mimeparse
python-mock
python-monotonic
python-more-itertools
python-mpmath
python-msal
python-msrestazure
python-mutagen
python-networkx
python-nose2
python-ntlm-auth
python-oauth2client
python-openpyxl
python-openstackdocstheme
python-oslo-i18n
python-oslo-sphinx
python-paramiko
python-pefile
python-pexpect
python-pkgconfig
python-platformdirs
python-pluggy
python-podman-api
python-process-tests
python-productmd
python-ptyprocess
python-pycares
python-pycosat
python-pydbus
python-pymongo
python-PyMySQL
python-pyperclip
python-pyroute2
python-pyrsistent
python-pysocks
python-pytest-benchmark
python-pytest-cov
python-pytest-expect
python-pytest-flake8
python-pytest-forked
python-pytest-mock
python-pytest-relaxed
python-pytest-runner
python-pytest-subtests
python-pytest-timeout
python-pytest-xdist
python-pytoml
python-pyudev
python-pywbem
python-qrcode
python-rdflib
python-recommonmark
python-redis
python-requests-file
python-requests-ftp
python-requests-kerberos
python-requests-mock
python-requests-oauthlib
python-requests-toolbelt
python-requests_ntlm
python-responses
python-retrying
python-rfc3986
python-rpm-generators
python-rpmfluff
python-rtslib
python-ruamel-yaml
python-ruamel-yaml-clib
python-s3transfer
python-schedutils
python-semantic_version
python-should_dsl
python-simpleline
python-slip
python-sniffio
python-soupsieve
python-sphinx
python-sphinx-epytext
python-sphinx-theme-py3doc-enhanced
python-sphinx_rtd_theme
python-sphinxcontrib-apidoc
python-sphinxcontrib-applehelp
python-sphinxcontrib-devhelp
python-sphinxcontrib-htmlhelp
python-sphinxcontrib-httpdomain
python-sphinxcontrib-jsmath
python-sphinxcontrib-qthelp
python-sphinxcontrib-serializinghtml
python-sqlalchemy
python-suds
python-systemd
python-tempita
python-templated-dictionary
python-termcolor
python-testpath
python-testresources
python-testscenarios
python-testtools
python-tidy
python-toml
python-tomli
python-toolz
python-tornado
python-tox
python-tox-current-env
python-tqdm
python-trio
python-typing-extensions
python-uamqp
python-unittest2
python-uritemplate
python-urwid
python-varlink
python-virt-firmware
python-voluptuous
python-waitress
python-webencodings
python-webtest
python-wheel
python-whoosh
python-winrm
python-wrapt
python-xmltodict
python-yubico
python-zipp
python-zmq
python3-mallard-ducktype
python3-pytest-asyncio
python3-typed_ast
pyusb
pywbem
pyxattr
qemu
qhull
qpdf
qperf
qr-code-generator
qt5-qtbase
qt5-qtconnectivity
qt5-qtdeclarative
qt5-qtsensors
qt5-qtserialport
qt5-qtsvg
qt5-qttools
qt5-rpm-macros
quagga
quota
radvd
ragel
raptor2
rarian
rasdaemon
rasqal
rcs
rdist
rdma-core
re2
re2c
realmd
rear
recode
redland
resource-agents
rest
rhash
rlwrap
rp-pppoe
rpm-mpi-hooks
rpmdevtools
rpmlint
rtkit
rtl-sdr
ruby-augeas
rubygem-bson
rubygem-coderay
rubygem-diff-lcs
rubygem-flexmock
rubygem-hpricot
rubygem-introspection
rubygem-liquid
rubygem-maruku
rubygem-metaclass
rubygem-mongo
rubygem-mustache
rubygem-mysql2
rubygem-pkg-config
rubygem-rake
rubygem-rake-compiler
rubygem-ronn
rubygem-rouge
rubygem-rspec
rubygem-rspec-expectations
rubygem-rspec-mocks
rubygem-rspec-support
rubygem-thread_order
rusers
samba
sanlock
sassist
satyr
sbc
sblim-cim-client2
sblim-cmpi-base
sblim-cmpi-devel
sblim-cmpi-fsvol
sblim-cmpi-network
sblim-cmpi-nfsv3
sblim-cmpi-nfsv4
sblim-cmpi-params
sblim-cmpi-sysfs
sblim-cmpi-syslog
sblim-indication_helper
sblim-sfcb
sblim-sfcc
sblim-sfcCommon
sblim-testsuite
sblim-wbemcli
scl-utils
scotch
screen
scrub
SDL
SDL2
SDL_sound
sdparm
seabios
secilc
selinux-policy
sendmail
serd
setools
setserial
setuptool
sgabios
sgml-common
sgpio
shared-mime-info
sharutils
sip
sisu
skkdic
sleuthkit
slirp4netns
smartmontools
smc-tools
socket_wrapper
softhsm
sombok
sord
sos
sound-theme-freedesktop
soundtouch
sox
soxr
sparsehash
spausedd
speex
speexdsp
spice-protocol
spice-vdagent
spirv-headers
spirv-tools
splix
squashfs-tools
squid
sratom
sscg
star
startup-notification
stunnel
subscription-manager
suitesparse
SuperLU
supermin
switcheroo-control
symlinks
sympy
sysfsutils
systemd-bootchart
t1lib
t1utils
taglib
tang
targetcli
tbb
tcl-pgtcl
tclx
teckit
telnet
tidy
time
tini
tinycdb
tix
tk
tlog
tmpwatch
tn5250
tofrodos
tokyocabinet
tpm-quote-tools
tpm-tools
tss2
ttembed
ttmkfdir
tuna
twolame
uchardet
uclibc-ng
ucpp
ucs-miscfixed-fonts
ucx
udftools
udica
udisks2
uglify-js
uid_wrapper
unicode-emoji
unicode-ucd
unique3
units
upower
uriparser
urlview
usb_modeswitch
usb_modeswitch-data
usbguard
usbip
usbmuxd
usbredir
usermode
ustr
uthash
uuid
uw-imap
v4l-utils
vhostmd
vino
virglrenderer
virt-p2v
virt-top
virt-what
virt-who
vitess
vmem
volume_key
vorbis-tools
vte291
vulkan-headers
vulkan-loader
watchdog
wavpack
wayland
wayland-protocols
web-assets
webrtc-audio-processing
websocketpp
whois
wireguard-tools
wireless-regdb
wireshark
woff2
wordnet
words
wpebackend-fdo
wsmancli
wvdial
x3270
xapian-core
Xaw3d
xcb-proto
xcb-util
xcb-util-image
xcb-util-keysyms
xcb-util-renderutil
xcb-util-wm
xdelta
xdg-dbus-proxy
xdg-utils
xerces-c
xfconf
xfsdump
xhtml1-dtds
xkeyboard-config
xmlstarlet
xmltoman
xmvn
xorg-x11-apps
xorg-x11-drv-libinput
xorg-x11-font-utils
xorg-x11-fonts
xorg-x11-proto-devel
xorg-x11-server
xorg-x11-server-utils
xorg-x11-util-macros
xorg-x11-utils
xorg-x11-xauth
xorg-x11-xbitmaps
xorg-x11-xinit
xorg-x11-xkb-utils
xorg-x11-xtrans-devel
xrestop
xterm
xxhash
yajl
yaml-cpp
yasm
yelp-tools
yelp-xsl
ykclient
yp-tools
ypbind
ypserv
z3
zenity
zerofree
zfs-fuse
zipper
zopfli
zziplib | | Fedora (Copyright Remi Collet) | [CC-BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/legalcode) | libmemcached-awesome
librabbitmq | | Fedora (ISC) | [ISC License](https://github.com/sarugaku/resolvelib/blob/main/LICENSE) | python-resolvelib | | Magnus Edenhill Open Source | [Magnus Edenhill Open Source BSD License](https://github.com/jemalloc/jemalloc/blob/dev/COPYING) | librdkafka | diff --git a/SPECS/LICENSES-AND-NOTICES/data/licenses.json b/SPECS/LICENSES-AND-NOTICES/data/licenses.json index 01b1df0502a..3bf06fcde42 100644 --- a/SPECS/LICENSES-AND-NOTICES/data/licenses.json +++ b/SPECS/LICENSES-AND-NOTICES/data/licenses.json @@ -323,6 +323,7 @@ "highlight", "hivex", "hostname", + "hping3", "hsakmt", "htop", "hunspell", diff --git a/cgmanifest.json b/cgmanifest.json index bbd94e352b6..160f7152cb0 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -5385,6 +5385,16 @@ } } }, + { + "component": { + "type": "other", + "other": { + "name": "hping3", + "version": "0.0.20051105", + "downloadUrl": "https://src.fedoraproject.org/lookaside/pkgs/hping3/hping3-20051105.tar.gz/ca4ea4e34bcc2162aedf25df8b2d1747/hping3-20051105.tar.gz" + } + } + }, { "component": { "type": "other", From d75967c7144f802dda929b4024e3109d806bb780 Mon Sep 17 00:00:00 2001 From: Minghe Ren Date: Tue, 3 Oct 2023 20:28:15 -0700 Subject: [PATCH 47/47] Add patch for Bluez CVE-2022-3563 (#6335) * add patch for CVE-2022-3563 * add patch * update typo --------- Co-authored-by: minghe --- SPECS/bluez/CVE-2022-3563.patch | 38 +++++++++++++++++++++++++++++++++ SPECS/bluez/bluez.spec | 6 +++++- 2 files changed, 43 insertions(+), 1 deletion(-) create mode 100644 SPECS/bluez/CVE-2022-3563.patch diff --git a/SPECS/bluez/CVE-2022-3563.patch b/SPECS/bluez/CVE-2022-3563.patch new file mode 100644 index 00000000000..1fb0a05c553 --- /dev/null +++ b/SPECS/bluez/CVE-2022-3563.patch @@ -0,0 +1,38 @@ +From e3c92f1f786f0b55440bd908b55894d0c792cf0e Mon Sep 17 00:00:00 2001 +From: Tedd Ho-Jeong An +Date: Wed, 22 Jun 2022 21:45:20 -0700 +Subject: mgmt-tester: Fix null dereference issue reported by scan-build + +This patch fixes the null dereference reported by the scan-build. + +tools/mgmt-tester.c:12025:28: warning: Access to field 'cap_len' results +in a dereference of a null pointer (loaded from variable 'rp') +[core.NullDereference] + + if (sizeof(rp->cap_len) + rp->cap_len != length) { + ^~~~~~~~~~~ +--- + tools/mgmt-tester.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/tools/mgmt-tester.c b/tools/mgmt-tester.c +index f45a6c015e..6018327f10 100644 +--- a/tools/mgmt-tester.c ++++ b/tools/mgmt-tester.c +@@ -12020,12 +12020,14 @@ static void read_50_controller_cap_complete(uint8_t status, uint16_t length, + tester_warn("Failed to read advertising features: %s (0x%02x)", + mgmt_errstr(status), status); + tester_test_failed(); ++ return; + } + + if (sizeof(rp->cap_len) + rp->cap_len != length) { + tester_warn("Controller capabilities malformed, size %zu != %u", + sizeof(rp->cap_len) + rp->cap_len, length); + tester_test_failed(); ++ return; + } + + while (offset < rp->cap_len) { +-- +cgit diff --git a/SPECS/bluez/bluez.spec b/SPECS/bluez/bluez.spec index edf7111c869..3b6f7a47d1a 100644 --- a/SPECS/bluez/bluez.spec +++ b/SPECS/bluez/bluez.spec @@ -1,7 +1,7 @@ Summary: Bluetooth utilities Name: bluez Version: 5.63 -Release: 3%{?dist} +Release: 4%{?dist} License: GPLv2+ AND LGPLv2+ Vendor: Microsoft Corporation Distribution: Mariner @@ -23,6 +23,7 @@ Patch6: 0002-Use-g_memdup2-everywhere.patch # Both patches have one rediff necessary to apply to 5.63 Patch7: 0001-hog-Fix-read-order-of-attributes-rediffed.patch Patch8: 0002-hog-Add-input-queue-while-uhid-device-has-not-been-c-rediffed.patch +Patch9: CVE-2022-3563.patch BuildRequires: autoconf BuildRequires: automake # For printing @@ -271,6 +272,9 @@ install emulator/btvirt %{buildroot}/%{_libexecdir}/bluetooth/ %{_userunitdir}/obex.service %changelog +* Mon Oct 02 2023 Minghe Ren - 5.63-4 +- Add patch for CVE-2022-3563 + * Wed Sep 20 2023 Jon Slobodzian - 5.63-3 - Recompile with stack-protection fixed gcc version (CVE-2023-4039)