diff --git a/base/anaconda/centos/build_srpm.data b/base/anaconda/centos/build_srpm.data index 024e3e138..8429863c3 100644 --- a/base/anaconda/centos/build_srpm.data +++ b/base/anaconda/centos/build_srpm.data @@ -1 +1 @@ -TIS_PATCH_VER=5 +TIS_PATCH_VER=6 diff --git a/base/anaconda/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/base/anaconda/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index 16b724a49..51769f19a 100644 --- a/base/anaconda/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/base/anaconda/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -14,7 +14,7 @@ index e2d706d..00b19c4 100644 @@ -3,7 +3,7 @@ Summary: Graphical system installer Name: anaconda - Version: 21.48.22.121 + Version: 21.48.22.147 -Release: 1%{?dist} +Release: 1.el7.centos%{?_tis_dist}.%{tis_patch_ver} License: GPLv2+ and MIT diff --git a/base/anaconda/centos/meta_patches/0002-Add-TIS-patches.patch b/base/anaconda/centos/meta_patches/0002-Add-TIS-patches.patch index 8b02e3ef1..93eee09c5 100644 --- a/base/anaconda/centos/meta_patches/0002-Add-TIS-patches.patch +++ b/base/anaconda/centos/meta_patches/0002-Add-TIS-patches.patch @@ -4,28 +4,26 @@ Date: Mon, 13 Nov 2017 17:22:49 -0500 Subject: [PATCH] Add TIS patches --- - SPECS/anaconda.spec | 8 +++++++- - 1 file changed, 7 insertions(+), 1 deletion(-) + SPECS/anaconda.spec | 6 ++++++ + 1 file changed, 6 insertions(+) diff --git a/SPECS/anaconda.spec b/SPECS/anaconda.spec index 00b19c4..79e1c55 100644 --- a/SPECS/anaconda.spec +++ b/SPECS/anaconda.spec -@@ -22,7 +22,10 @@ Patch6: anaconda-centos-help-text.patch - Patch7: anaconda-centos-skip-retry-if-not-connected.patch - Patch8: 9800-rpmostreepayload-Rework-remote-add-handling.patch - Patch1000: yumpayload-dont-verify-disabled-repos.patch -- -+ +@@ -24,6 +24,9 @@ Patch8: 9800-rpmostreepayload-Rework-remote-add-handling.patch + Patch9: yumpayload-dont-verify-disabled-repos.patch + Patch10: anaconda-centos-armhfp-extloader.patch + +# WRS +Patch10001: 0001-TIS-Progress-and-error-handling.patch + # Versions of required components (done so we make sure the buildrequires # match the requires versions of things). - %define gettextver 0.18.1 -@@ -243,6 +246,9 @@ runtime on NFS/HTTP/FTP servers or local disks. - %patch8 -p1 - %patch1000 -p1 + %define dbusver 1.2.3 +@@ -250,6 +253,9 @@ runtime on NFS/HTTP/FTP servers or local disks. + %patch10 -p1 + %endif +# WRS +%patch10001 -p1 diff --git a/base/anaconda/centos/meta_patches/0003-revert-7.4-grub2-efi-handling.patch b/base/anaconda/centos/meta_patches/0003-revert-7.4-grub2-efi-handling.patch index 5ecc4d617..ad42e87b8 100644 --- a/base/anaconda/centos/meta_patches/0003-revert-7.4-grub2-efi-handling.patch +++ b/base/anaconda/centos/meta_patches/0003-revert-7.4-grub2-efi-handling.patch @@ -11,7 +11,7 @@ diff --git a/SPECS/anaconda.spec b/SPECS/anaconda.spec index 79e1c55..2e5ece9 100644 --- a/SPECS/anaconda.spec +++ b/SPECS/anaconda.spec -@@ -25,6 +25,7 @@ Patch1000: yumpayload-dont-verify-disabled-repos.patch +@@ -26,6 +26,7 @@ Patch10: anaconda-centos-armhfp-extloader.patch # WRS Patch10001: 0001-TIS-Progress-and-error-handling.patch @@ -19,7 +19,7 @@ index 79e1c55..2e5ece9 100644 # Versions of required components (done so we make sure the buildrequires # match the requires versions of things). -@@ -248,6 +249,7 @@ runtime on NFS/HTTP/FTP servers or local disks. +@@ -255,6 +256,7 @@ runtime on NFS/HTTP/FTP servers or local disks. # WRS %patch10001 -p1 diff --git a/base/anaconda/centos/meta_patches/0004-Upversion-rpm-devel-dependency.patch b/base/anaconda/centos/meta_patches/0004-Upversion-rpm-devel-dependency.patch index 0f5c3f6ec..d49cc0627 100644 --- a/base/anaconda/centos/meta_patches/0004-Upversion-rpm-devel-dependency.patch +++ b/base/anaconda/centos/meta_patches/0004-Upversion-rpm-devel-dependency.patch @@ -11,15 +11,15 @@ diff --git a/SPECS/anaconda.spec b/SPECS/anaconda.spec index 2e5ece9..174dbee 100644 --- a/SPECS/anaconda.spec +++ b/SPECS/anaconda.spec -@@ -48,7 +48,7 @@ Patch10002: 0002-revert-7.4-grub2-efi-handling.patch - %define isomd5sum 1.0.10 - %define fcoeutilsver 1.0.12-3.20100323git - %define iscsiver 6.2.0.870-3 +@@ -51,7 +51,7 @@ Patch10002: 0002-revert-7.4-grub2-efi-handling.patch + %define pypartedver 2.5-2 + %define pythonpyblockver 0.45 + %define pythonurlgrabberver 3.9.1-5 -%define rpmver 4.10.0 +%define rpmver 4.14.0 - %define libarchivever 3.0.4 - %define langtablever 0.0.31-3 - %define libxklavierver 5.4 + %define sckeyboardver 1.3.1 + %define utillinuxver 2.15.1 + %define yumutilsver 1.1.11-3 -- 1.8.3.1 diff --git a/base/anaconda/centos/meta_patches/0005-Add-TIS-patches-for-host-lookup.patch b/base/anaconda/centos/meta_patches/0005-Add-TIS-patches-for-host-lookup.patch index 08307e003..3b6ced3ae 100644 --- a/base/anaconda/centos/meta_patches/0005-Add-TIS-patches-for-host-lookup.patch +++ b/base/anaconda/centos/meta_patches/0005-Add-TIS-patches-for-host-lookup.patch @@ -11,7 +11,7 @@ diff --git a/SPECS/anaconda.spec b/SPECS/anaconda.spec index 174dbee..8541334 100644 --- a/SPECS/anaconda.spec +++ b/SPECS/anaconda.spec -@@ -26,6 +26,8 @@ Patch1000: yumpayload-dont-verify-disabled-repos.patch +@@ -27,6 +27,8 @@ Patch10: anaconda-centos-armhfp-extloader.patch # WRS Patch10001: 0001-TIS-Progress-and-error-handling.patch Patch10002: 0002-revert-7.4-grub2-efi-handling.patch @@ -20,7 +20,7 @@ index 174dbee..8541334 100644 # Versions of required components (done so we make sure the buildrequires # match the requires versions of things). -@@ -250,6 +252,8 @@ runtime on NFS/HTTP/FTP servers or local disks. +@@ -257,6 +259,8 @@ runtime on NFS/HTTP/FTP servers or local disks. # WRS %patch10001 -p1 %patch10002 -p1 @@ -29,7 +29,7 @@ index 174dbee..8541334 100644 %build %configure --disable-static \ -@@ -268,6 +272,10 @@ desktop-file-install ---dir=%{buildroot}%{_datadir}/applications %{buildroot}%{_ +@@ -275,6 +279,10 @@ desktop-file-install ---dir=%{buildroot}%{_datadir}/applications %{buildroot}%{_ mkdir -p %{buildroot}%{_datadir}/anaconda/site-python install -m 0644 pyanaconda/sitecustomize.py %{buildroot}%{_datadir}/anaconda/site-python/ %endif @@ -40,7 +40,7 @@ index 174dbee..8541334 100644 # NOTE: If you see "error: Installed (but unpackaged) file(s) found" that include liveinst files, # check the IS_LIVEINST_ARCH in configure.ac to make sure your architecture is properly defined -@@ -316,6 +324,7 @@ update-desktop-database &> /dev/null || : +@@ -323,6 +331,7 @@ update-desktop-database &> /dev/null || : %{_sysconfdir}/X11/xinit/xinitrc.d/* %{_datadir}/applications/*.desktop %endif diff --git a/base/anaconda/centos/patches/0001-TIS-Progress-and-error-handling.patch b/base/anaconda/centos/patches/0001-TIS-Progress-and-error-handling.patch index 685baba4f..3fbc5581d 100644 --- a/base/anaconda/centos/patches/0001-TIS-Progress-and-error-handling.patch +++ b/base/anaconda/centos/patches/0001-TIS-Progress-and-error-handling.patch @@ -92,7 +92,7 @@ diff --git a/pyanaconda/flags.py b/pyanaconda/flags.py index 8a97f95..3d0d2da 100644 --- a/pyanaconda/flags.py +++ b/pyanaconda/flags.py -@@ -70,6 +70,7 @@ class Flags(object): +@@ -71,6 +71,7 @@ class Flags(object): self.ksprompt = True self.rescue_mode = False self.kexec = False @@ -126,16 +126,16 @@ diff --git a/pyanaconda/kickstart.py b/pyanaconda/kickstart.py index 50515c8..d95b2df 100644 --- a/pyanaconda/kickstart.py +++ b/pyanaconda/kickstart.py -@@ -81,6 +81,8 @@ from pykickstart.sections import NullSection, PackageSection, PostScriptSection, - from pykickstart.sections import Section +@@ -90,6 +90,8 @@ from pykickstart.sections import NullSection, PackageSection, PostScriptSection, from pykickstart.version import returnClassForVersion, RHEL7 + from pykickstart.options import KSOptionParser +from pyanaconda.tisnotify import tisnotify + import logging log = logging.getLogger("anaconda") stderrLog = logging.getLogger("anaconda.stderr") -@@ -2342,6 +2344,7 @@ def runPreScripts(scripts): +@@ -2481,6 +2483,7 @@ def runPreScripts(scripts): if len(preScripts) == 0: return @@ -164,15 +164,15 @@ index 7cf59d7..8896ba1 100644 exn = PayloadInstallError("%s %s exited with code %d" % (cmd, argv, rc)) if errors.errorHandler.cb(exn) == errors.ERROR_RAISE: raise exn -@@ -170,6 +173,7 @@ class RPMOSTreePayload(ArchivePayload): - try: - repo.pull(ostreesetup.remote, [ostreesetup.ref], 0, progress, cancellable) +@@ -183,6 +186,7 @@ class RPMOSTreePayload(ArchivePayload): + GLib.Variant('a{sv}', pull_opts), + progress, cancellable) except GLib.GError as e: + tisnotify.failed() exn = PayloadInstallError("Failed to pull from repository: %s" % e) log.error(str(exn)) if errors.errorHandler.cb(exn) == errors.ERROR_RAISE: -@@ -213,6 +217,7 @@ class RPMOSTreePayload(ArchivePayload): +@@ -227,6 +231,7 @@ class RPMOSTreePayload(ArchivePayload): try: self._copyBootloaderData() except (OSError, RuntimeError) as e: @@ -202,7 +202,7 @@ index c6aa234..a0497e0 100644 self.reset() def reset(self, root=None, releasever=None): -@@ -1338,6 +1342,8 @@ reposdir=%s +@@ -1347,6 +1351,8 @@ reposdir=%s if self.data.packages.handleMissing == KS_MISSING_IGNORE: return @@ -211,7 +211,7 @@ index c6aa234..a0497e0 100644 # If we're doing non-interactive ks install, raise CmdlineError, # otherwise the system will just reboot automatically if flags.automatedInstall and not flags.ksprompt: -@@ -1515,6 +1521,7 @@ reposdir=%s +@@ -1524,6 +1530,7 @@ reposdir=%s try: self.checkSoftwareSelection() except DependencyError as e: @@ -219,7 +219,7 @@ index c6aa234..a0497e0 100644 if errorHandler.cb(e) == ERROR_RAISE: progressQ.send_quit(1) while True: -@@ -1569,6 +1576,10 @@ reposdir=%s +@@ -1578,6 +1585,10 @@ reposdir=%s key, text = line.split(":", 1) msg = progress_map[key] + text progressQ.send_message(msg) @@ -230,7 +230,7 @@ index c6aa234..a0497e0 100644 log.debug(msg) elif line.startswith("DEBUG:"): log.debug(line[6:]) -@@ -1581,7 +1592,8 @@ reposdir=%s +@@ -1590,7 +1601,8 @@ reposdir=%s install_errors.append(line[6:]) else: log.debug(line) @@ -240,7 +240,7 @@ index c6aa234..a0497e0 100644 log.error("Error running anaconda-yum: %s", e) exn = PayloadInstallError(str(e)) if errorHandler.cb(exn) == ERROR_RAISE: -@@ -1603,6 +1615,7 @@ reposdir=%s +@@ -1612,6 +1624,7 @@ reposdir=%s shutil.rmtree(iutil.getSysroot()+"/var/tmp/yum.cache") if install_errors: diff --git a/base/anaconda/centos/patches/0002-revert-7.4-grub2-efi-handling.patch b/base/anaconda/centos/patches/0002-revert-7.4-grub2-efi-handling.patch index 71534cb9b..d76071dcc 100644 --- a/base/anaconda/centos/patches/0002-revert-7.4-grub2-efi-handling.patch +++ b/base/anaconda/centos/patches/0002-revert-7.4-grub2-efi-handling.patch @@ -11,7 +11,7 @@ diff --git a/pyanaconda/bootloader.py b/pyanaconda/bootloader.py index 9db9cf3..24e8b56 100644 --- a/pyanaconda/bootloader.py +++ b/pyanaconda/bootloader.py -@@ -1388,9 +1388,7 @@ class GRUB2(GRUB): +@@ -1404,9 +1404,7 @@ class GRUB2(GRUB): """ name = "GRUB2" @@ -22,7 +22,7 @@ index 9db9cf3..24e8b56 100644 _config_file = "grub.cfg" _config_dir = "grub2" _passwd_file = "user.cfg" -@@ -1664,28 +1662,12 @@ class GRUB2(GRUB): +@@ -1680,28 +1678,12 @@ class GRUB2(GRUB): return ret class EFIGRUB(GRUB2): @@ -53,7 +53,7 @@ index 9db9cf3..24e8b56 100644 @property def _config_dir(self): -@@ -1695,15 +1677,6 @@ class EFIGRUB(GRUB2): +@@ -1711,15 +1693,6 @@ class EFIGRUB(GRUB2): super(EFIGRUB, self).__init__() self.efi_dir = 'BOOT' @@ -69,7 +69,7 @@ index 9db9cf3..24e8b56 100644 def efibootmgr(self, *args, **kwargs): if flags.imageInstall or flags.dirInstall: log.info("Skipping efibootmgr for image/directory install.") -@@ -1796,12 +1769,9 @@ class EFIGRUB(GRUB2): +@@ -1812,12 +1785,9 @@ class EFIGRUB(GRUB2): return True class Aarch64EFIGRUB(EFIGRUB): diff --git a/base/anaconda/centos/patches/0003-Set-default-hostname-to-localhost.patch b/base/anaconda/centos/patches/0003-Set-default-hostname-to-localhost.patch index 7099f46fe..0a52ee5d4 100644 --- a/base/anaconda/centos/patches/0003-Set-default-hostname-to-localhost.patch +++ b/base/anaconda/centos/patches/0003-Set-default-hostname-to-localhost.patch @@ -11,7 +11,7 @@ diff --git a/pyanaconda/network.py b/pyanaconda/network.py index c6f7bb7..26c24a3 100644 --- a/pyanaconda/network.py +++ b/pyanaconda/network.py -@@ -63,7 +63,7 @@ networkConfFile = "%s/network" % (sysconfigDir) +@@ -65,7 +65,7 @@ networkConfFile = "%s/network" % (sysconfigDir) hostnameFile = "/etc/hostname" ipv6ConfFile = "/etc/sysctl.d/anaconda.conf" ifcfgLogFile = "/tmp/ifcfg.log" diff --git a/base/anaconda/centos/srpm_path b/base/anaconda/centos/srpm_path index 4781e7724..6edf86917 100644 --- a/base/anaconda/centos/srpm_path +++ b/base/anaconda/centos/srpm_path @@ -1 +1 @@ -mirror:Source/anaconda-21.48.22.121-1.el7.centos.src.rpm +mirror:Source/anaconda-21.48.22.147-1.el7.centos.src.rpm diff --git a/base/bash/centos/build_srpm.data b/base/bash/centos/build_srpm.data index 641edbb0b..ef0524f8c 100644 --- a/base/bash/centos/build_srpm.data +++ b/base/bash/centos/build_srpm.data @@ -1,3 +1,3 @@ COPY_LIST="files/*" -TIS_PATCH_VER=3 +TIS_PATCH_VER=4 BUILD_IS_SLOW=3 diff --git a/base/bash/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/base/bash/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index 45b3ed0ac..318b934cc 100644 --- a/base/bash/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/base/bash/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -3,8 +3,6 @@ From: Scott Little Date: Mon, 2 Oct 2017 16:05:36 -0400 Subject: [PATCH 2/3] WRS: 0001-Update-package-versioning-for-TIS-format.patch -Conflicts: - SPECS/bash.spec --- SPECS/bash.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -17,8 +15,8 @@ index 4f16c8c..d749f92 100644 Version: %{baseversion}%{patchleveltag} Name: bash Summary: The GNU Bourne Again shell --Release: 30%{?dist} -+Release: 30.el7%{?_tis_dist}.%{tis_patch_ver} +-Release: 31%{?dist} ++Release: 31.el7%{?_tis_dist}.%{tis_patch_ver} Group: System Environment/Shells License: GPLv3+ Url: http://www.gnu.org/software/bash diff --git a/base/bash/centos/meta_patches/spec-TiS-bash-history.patch b/base/bash/centos/meta_patches/spec-TiS-bash-history.patch index 376942dd1..725f0d31b 100644 --- a/base/bash/centos/meta_patches/spec-TiS-bash-history.patch +++ b/base/bash/centos/meta_patches/spec-TiS-bash-history.patch @@ -3,8 +3,6 @@ From: Scott Little Date: Mon, 2 Oct 2017 16:05:36 -0400 Subject: [PATCH 1/3] WRS: spec-TiS-bash-history.patch -Conflicts: - SPECS/bash.spec --- SPECS/bash.spec | 8 ++++++++ 1 file changed, 8 insertions(+) @@ -13,9 +11,9 @@ diff --git a/SPECS/bash.spec b/SPECS/bash.spec index 4b2ec49..4f16c8c 100644 --- a/SPECS/bash.spec +++ b/SPECS/bash.spec -@@ -195,6 +195,10 @@ Patch152: bash-4.3-pipefd-leak.patch - #1487615 - bash fails to execute commands containing multibyte characters - Patch153: bash-4.3-wshouldquote.patch +@@ -198,6 +198,10 @@ Patch153: bash-4.3-wshouldquote.patch + #1495398 - Append '/' while tab completing directory names + Patch154: bash-4.3-dircomp-append-slash.patch +# Patches from WindRiver +Patch500: bash-history-syslog.patch @@ -24,9 +22,9 @@ index 4b2ec49..4f16c8c 100644 BuildRequires: texinfo bison BuildRequires: ncurses-devel BuildRequires: autoconf, gettext -@@ -327,6 +331,10 @@ This package contains documentation files for %{name}. - %patch152 -p1 -b .pipefd-leak +@@ -331,6 +335,10 @@ This package contains documentation files for %{name}. %patch153 -p1 -b .wshouldquote + %patch154 -p1 -b .append-slash +# WindRiver patches +%patch500 -p1 -b .history-syslog diff --git a/base/bash/centos/srpm_path b/base/bash/centos/srpm_path index f8127d64f..0e82ece7c 100644 --- a/base/bash/centos/srpm_path +++ b/base/bash/centos/srpm_path @@ -1 +1 @@ -mirror:Source/bash-4.2.46-30.el7.src.rpm +mirror:Source/bash-4.2.46-31.el7.src.rpm diff --git a/base/cluster-resource-agents/centos/build_srpm.data b/base/cluster-resource-agents/centos/build_srpm.data index b30e56fed..8aeb55368 100644 --- a/base/cluster-resource-agents/centos/build_srpm.data +++ b/base/cluster-resource-agents/centos/build_srpm.data @@ -1 +1 @@ -TIS_PATCH_VER=12 +TIS_PATCH_VER=1 diff --git a/base/cluster-resource-agents/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/base/cluster-resource-agents/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index a31639f85..3672bf4dc 100644 --- a/base/cluster-resource-agents/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/base/cluster-resource-agents/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -11,13 +11,13 @@ diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec index 21fa049..fd8bc97 100644 --- a/SPECS/resource-agents.spec +++ b/SPECS/resource-agents.spec -@@ -48,7 +48,7 @@ +@@ -89,7 +89,7 @@ Name: resource-agents Summary: Open Source HA Reusable Cluster Resource Scripts - Version: 3.9.5 --Release: 124%{?dist} -+Release: 124.el7%{?_tis_dist}.%{tis_patch_ver} - License: GPLv2+, LGPLv2+ and ASL 2.0 + Version: 4.1.1 +-Release: 12%{?dist}.7 ++Release: 12.el7_6.7%{?_tis_dist}.%{tis_patch_ver} + License: GPLv2+ and LGPLv2+ and ASL 2.0 URL: https://github.com/ClusterLabs/resource-agents %if 0%{?fedora} || 0%{?centos_version} || 0%{?rhel} -- diff --git a/base/cluster-resource-agents/centos/meta_patches/Disable-creation-of-the-debug-package.patch b/base/cluster-resource-agents/centos/meta_patches/Disable-creation-of-the-debug-package.patch index e49d52aa1..7737c992c 100644 --- a/base/cluster-resource-agents/centos/meta_patches/Disable-creation-of-the-debug-package.patch +++ b/base/cluster-resource-agents/centos/meta_patches/Disable-creation-of-the-debug-package.patch @@ -20,7 +20,7 @@ index 2536cb7..e5fbbeb 100644 +%define debug_package %{nil} + %global upstream_prefix ClusterLabs-resource-agents - %global upstream_version 5434e96 + %global upstream_version e711383f -- 1.8.3.1 diff --git a/base/cluster-resource-agents/centos/meta_patches/spec-avoid-dir-collisions.patch b/base/cluster-resource-agents/centos/meta_patches/spec-avoid-dir-collisions.patch index 47c974d23..d9b08171e 100644 --- a/base/cluster-resource-agents/centos/meta_patches/spec-avoid-dir-collisions.patch +++ b/base/cluster-resource-agents/centos/meta_patches/spec-avoid-dir-collisions.patch @@ -12,7 +12,7 @@ diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec index ec85fc2..bb96485 100644 --- a/SPECS/resource-agents.spec +++ b/SPECS/resource-agents.spec -@@ -723,14 +723,11 @@ rm -rf %{buildroot} +@@ -725,14 +725,11 @@ rm -rf %{buildroot} %endif %if %{with linuxha} @@ -31,7 +31,7 @@ index ec85fc2..bb96485 100644 %if %{with rgmanager} /usr/lib/ocf/resource.d/redhat %endif -@@ -753,8 +750,6 @@ rm -rf %{buildroot} +@@ -758,8 +755,6 @@ rm -rf %{buildroot} %{_includedir}/heartbeat @@ -40,7 +40,7 @@ index ec85fc2..bb96485 100644 %{_mandir}/man7/*.7* ### -@@ -864,7 +859,6 @@ rm -rf %{buildroot} +@@ -912,7 +907,6 @@ rm -rf %{buildroot} %exclude %{_mandir}/man8/ldirectord.8.gz # For compatability with pre-existing agents diff --git a/base/cluster-resource-agents/centos/meta_patches/spec-include-TiS-patches.patch b/base/cluster-resource-agents/centos/meta_patches/spec-include-TiS-patches.patch index b2e81e161..48cb5ca25 100644 --- a/base/cluster-resource-agents/centos/meta_patches/spec-include-TiS-patches.patch +++ b/base/cluster-resource-agents/centos/meta_patches/spec-include-TiS-patches.patch @@ -5,18 +5,18 @@ Subject: [PATCH] WRS: spec-include-TiS-patches.patch Signed-off-by: zhipengl --- - SPECS/resource-agents.spec | 39 +++++++++++++++++++++++++++++++++++++++ - 1 file changed, 39 insertions(+) + SPECS/resource-agents.spec | 37 +++++++++++++++++++++++++++++++++++++ + 1 file changed, 37 insertions(+) diff --git a/SPECS/resource-agents.spec b/SPECS/resource-agents.spec index a16660a..ec85fc2 100644 --- a/SPECS/resource-agents.spec +++ b/SPECS/resource-agents.spec -@@ -263,6 +263,25 @@ Patch202: bz1536548-sap_redhat_cluster_connector-fix-unknown-gvi-function.patch - Patch203: bz1543366-redis-add-support-for-tunneling-replication-traffic.patch - Patch204: bz1546083-galera-fix-temp-logfile-rights.patch +@@ -148,6 +148,24 @@ Patch1002: bz1568588-9-google-cloud-sdk-oauth2client-python-rsa-to-cryptography. + Patch1003: bz1568588-10-gcloud-support-info.patch + Patch1004: bz1568589-4-aliyun-vpc-move-ip-bundled.patch -+# WRS ++# STX +Patch1105: filesystem_rmon.patch +Patch1106: new_ocf_return_codes.patch +Patch1107: ipaddr2_check_if_state.patch @@ -32,17 +32,16 @@ index a16660a..ec85fc2 100644 +Patch1117: lvm_cleanup_refs_on_stop.patch +Patch1118: ipaddr2_if_down.patch +Patch1119: ipaddr2_ignore_lo_if_state.patch -+Patch1120: Re-enable-background-execution-of-arp-commands.patch +Patch1121: ipaddr2-avoid-failing-svc-if-down.patch +Patch1122: ipaddr2-use-host-scope-for-addresses-on-loopback.patch Obsoletes: heartbeat-resources <= %{version} Provides: heartbeat-resources = %{version} -@@ -582,6 +601,26 @@ exit 1 - %patch203 -p1 - %patch204 -p1 +@@ -508,6 +526,25 @@ cp %{aliyuncli_dir}/LICENSE %{aliyuncli}_LICENSE + %patch1004 -p1 + %endif -+# WRS ++# STX +%patch1105 -p1 +%patch1106 -p1 +%patch1107 -p1 @@ -58,7 +57,6 @@ index a16660a..ec85fc2 100644 +%patch1117 -p1 +%patch1118 -p1 +%patch1119 -p1 -+%patch1120 -p1 +%patch1121 -p1 +%patch1122 -p1 + diff --git a/base/cluster-resource-agents/centos/patches/Fix-VG-activity-bug-in-heartbeat-LVM-script.patch b/base/cluster-resource-agents/centos/patches/Fix-VG-activity-bug-in-heartbeat-LVM-script.patch index 4994507c7..ff40c97b4 100644 --- a/base/cluster-resource-agents/centos/patches/Fix-VG-activity-bug-in-heartbeat-LVM-script.patch +++ b/base/cluster-resource-agents/centos/patches/Fix-VG-activity-bug-in-heartbeat-LVM-script.patch @@ -30,11 +30,10 @@ diff --git a/heartbeat/LVM b/heartbeat/LVM index 893ece8..1efb207 100755 --- a/heartbeat/LVM +++ b/heartbeat/LVM -@@ -338,19 +338,16 @@ LVM_status() { - fi +@@ -191,18 +191,15 @@ LVM_status() { fi fi -- + - if [ -d /dev/$1 ]; then - test "`cd /dev/$1 && ls`" != "" - rc=$? @@ -42,7 +41,7 @@ index 893ece8..1efb207 100755 - ocf_exit_reason "VG $1 with no logical volumes is not supported by this RA!" - fi - fi - +- - if [ $rc -ne 0 ]; then + # Ask lvm whether the volume group is active. This maps to + # the question "Are there any logical volumes that are active in @@ -53,9 +52,9 @@ index 893ece8..1efb207 100755 rc=$OCF_NOT_RUNNING else + rc=0 - case $(get_vg_mode) in - 1) # exclusive with tagging. - # If vg is running, make sure the correct tag is present. Otherwise we + lvm_status + rc=$? + fi -- 2.7.4 diff --git a/base/cluster-resource-agents/centos/patches/Re-enable-background-execution-of-arp-commands.patch b/base/cluster-resource-agents/centos/patches/Re-enable-background-execution-of-arp-commands.patch deleted file mode 100644 index efc4bdca0..000000000 --- a/base/cluster-resource-agents/centos/patches/Re-enable-background-execution-of-arp-commands.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 9cdb2de3b5f1d08d74a762cfda2ade16692ef9db Mon Sep 17 00:00:00 2001 -From: Al Bailey -Date: Mon, 28 May 2018 14:09:47 -0500 -Subject: [PATCH] WRS. Re-enable background execution of arp commands. - -Typical ARP commands are taking 6 seconds due to no responses back after 7 attempts. -This change allows that delay to be backgrounded ---- - heartbeat/IPaddr2 | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 -index 59620d2..86009b9 100755 ---- a/heartbeat/IPaddr2 -+++ b/heartbeat/IPaddr2 -@@ -719,12 +719,13 @@ run_send_arp() { - if [ $ARP_COUNT -ne 0 ] ; then - ARGS="-i $OCF_RESKEY_arp_interval -c $ARP_COUNT -p $SENDARPPIDFILE -I $NIC -m $MY_MAC $OCF_RESKEY_ip" - ocf_log $LOGLEVEL "$SENDARP $ARGS" -- output=$($SENDARP $ARGS 2>&1) -+ if ocf_is_true $OCF_RESKEY_arp_bg; then -+ ($SENDARP $ARGS || ocf_log err "Could not send gratuitous arps")& >&2 -+ else -+ $SENDARP $ARGS || ocf_log err "Could not send gratuitous arps" -+ fi - rc=$? - if [ $rc -ne $OCF_SUCCESS ]; then -- if ! ocf_is_true $OCF_RESKEY_arp_bg; then -- ocf_log err "send_arp output: $output" -- fi - ocf_exit_reason "Could not send gratuitous arps" - exit $OCF_ERR_GENERIC - fi --- -1.8.3.1 - diff --git a/base/cluster-resource-agents/centos/patches/copyright.patch b/base/cluster-resource-agents/centos/patches/copyright.patch index d4b2784e0..b91b47b49 100644 --- a/base/cluster-resource-agents/centos/patches/copyright.patch +++ b/base/cluster-resource-agents/centos/patches/copyright.patch @@ -15,7 +15,7 @@ index 27f03d2..af821b2 100755 +++ b/heartbeat/Filesystem @@ -2,6 +2,8 @@ # - # Support: linux-ha@lists.linux-ha.org + # Support: users@clusterlabs.org # License: GNU General Public License (GPL) +# +# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved. @@ -27,7 +27,7 @@ index e435e7b..c11fed7 100755 --- a/heartbeat/LVM +++ b/heartbeat/LVM @@ -10,6 +10,7 @@ - # Support: linux-ha@lists.linux-ha.org + # Support: users@clusterlabs.org # License: GNU General Public License (GPL) # Copyright: (C) 2002 - 2005 International Business Machines, Inc. +# Copyright (c) 2014 Wind River Systems, Inc. All rights reserved. @@ -38,7 +38,7 @@ diff --git a/heartbeat/pgsql b/heartbeat/pgsql index 794f85e..b176b1d 100755 --- a/heartbeat/pgsql +++ b/heartbeat/pgsql -@@ -9,6 +9,7 @@ +@@ -10,6 +10,7 @@ # # Copyright: 2006-2012 Serge Dubrouski # and other Linux-HA contributors diff --git a/base/cluster-resource-agents/centos/patches/filesystem_rmon.patch b/base/cluster-resource-agents/centos/patches/filesystem_rmon.patch index 339e03b7b..ace357873 100644 --- a/base/cluster-resource-agents/centos/patches/filesystem_rmon.patch +++ b/base/cluster-resource-agents/centos/patches/filesystem_rmon.patch @@ -16,7 +16,7 @@ index d834096..8cd9c6b 100755 # OCF_RESKEY_run_fsck # OCF_RESKEY_fast_stop # OCF_RESKEY_force_clones -+# OCF_RESKEY_rmon_rsc_name ++# OCF_RESKEY_rmon_rsc_name # #OCF_RESKEY_device : name of block device for the filesystem. e.g. /dev/sda1, /dev/md0 # Or a -U or -L option for mount, or an NFS mount specification @@ -28,7 +28,7 @@ index d834096..8cd9c6b 100755 # # # This assumes you want to manage a filesystem on a shared (SCSI) bus, -@@ -1137,20 +1139,65 @@ if [ "$OP" != "monitor" ]; then +@@ -822,18 +824,63 @@ if [ "$OP" != "monitor" ]; then ocf_log info "Running $OP for $DEVICE on $MOUNTPOINT" fi @@ -61,55 +61,53 @@ index d834096..8cd9c6b 100755 + fi +} + - # These operations do not require the clone checking + OCFS2 - # initialization. case $OP in status) Filesystem_status - exit $? -+ rc=$? -+ if [ $rc -eq $OCF_SUCCESS ] -+ then -+ rmon_notify "enabled" 300 -+ else -+ rmon_notify "disabled" 300 -+ fi -+ exit $rc ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ else ++ rmon_notify "disabled" 300 ++ fi ++ exit $rc ;; monitor) Filesystem_monitor - exit $? -+ rc=$? -+ if [ $rc -eq $OCF_SUCCESS ] -+ then -+ rmon_notify "enabled" 300 -+ else -+ rmon_notify "disabled" 300 -+ fi -+ exit $rc ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ else ++ rmon_notify "disabled" 300 ++ fi ++ exit $rc ;; validate-all) Filesystem_validate_all exit $? ;; stop) Filesystem_stop - exit $? -+ rc=$? -+ rmon_notify "disabled" 300 -+ exit $rc ++ rc=$? ++ rmon_notify "disabled" 300 ++ exit $rc ;; esac -@@ -1199,6 +1246,12 @@ fi +@@ -879,6 +926,12 @@ fi case $OP in start) Filesystem_start -+ rc=$? -+ if [ $rc -eq $OCF_SUCCESS ] -+ then -+ rmon_notify "enabled" 300 -+ fi -+ exit $rc - ;; - notify) Filesystem_notify ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ fi ++ exit $rc ;; + *) usage + exit $OCF_ERR_UNIMPLEMENTED diff --git a/heartbeat/LVM b/heartbeat/LVM index 425a60a..ba6c198 100755 --- a/heartbeat/LVM @@ -118,11 +116,11 @@ index 425a60a..ba6c198 100755 # # OCF parameters are as below: # OCF_RESKEY_volgrpname -+# OCF_RESKEY_rmon_rsc_name ++# OCF_RESKEY_rmon_rsc_name # ####################################################################### # Initialization: -@@ -699,6 +700,34 @@ then +@@ -406,6 +407,34 @@ then exit $OCF_ERR_CONFIGURED fi @@ -157,45 +155,45 @@ index 425a60a..ba6c198 100755 # Get the LVM version number, for this to work we assume(thanks to panjiam): # # LVM1 outputs like this -@@ -740,16 +769,37 @@ case "$1" in +@@ -449,16 +478,37 @@ case "$1" in start) LVM_validate_all LVM_start $VOLUME - exit $?;; -+ rc=$? -+ if [ $rc -eq $OCF_SUCCESS ] -+ then -+ rmon_notify "enabled" 300 -+ fi -+ exit $rc;; ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ fi ++ exit $rc;; stop) LVM_stop $VOLUME - exit $?;; -+ rc=$? -+ rmon_notify "disabled" 300 -+ exit $rc;; ++ rc=$? ++ rmon_notify "disabled" 300 ++ exit $rc;; status) LVM_status $VOLUME $1 - exit $?;; -+ rc=$? -+ if [ $rc -eq $OCF_SUCCESS ] -+ then -+ rmon_notify "enabled" 300 -+ else -+ rmon_notify "disabled" 300 -+ fi -+ exit $rc;; ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ else ++ rmon_notify "disabled" 300 ++ fi ++ exit $rc;; monitor) LVM_status $VOLUME - exit $?;; -+ rc=$? -+ if [ $rc -eq $OCF_SUCCESS ] -+ then -+ rmon_notify "enabled" 300 -+ else -+ rmon_notify "disabled" 300 -+ fi -+ exit $rc;; ++ rc=$? ++ if [ $rc -eq $OCF_SUCCESS ] ++ then ++ rmon_notify "enabled" 300 ++ else ++ rmon_notify "disabled" 300 ++ fi ++ exit $rc;; validate-all) LVM_validate_all ;; diff --git a/base/cluster-resource-agents/centos/patches/ipaddr2-avoid-failing-svc-if-down.patch b/base/cluster-resource-agents/centos/patches/ipaddr2-avoid-failing-svc-if-down.patch index fcc75030f..60ac5705a 100644 --- a/base/cluster-resource-agents/centos/patches/ipaddr2-avoid-failing-svc-if-down.patch +++ b/base/cluster-resource-agents/centos/patches/ipaddr2-avoid-failing-svc-if-down.patch @@ -11,49 +11,49 @@ diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 index 86009b9..2da5c5e 100755 --- a/heartbeat/IPaddr2 +++ b/heartbeat/IPaddr2 -@@ -885,12 +885,8 @@ ip_start() { - then - exit $OCF_SUCCESS - else -- if [ "$OCF_RESKEY_dc" = "yes" ]; then -- ocf_log info "NIC $NIC is DOWN..." -- exit $OCF_SUCCESS -- else -- exit $OCF_ERR_GENERIC -- fi -+ ocf_log info "NIC $NIC is DOWN..." -+ exit $OCF_SUCCESS - fi +@@ -968,12 +968,8 @@ ip_start() { + then + exit $OCF_SUCCESS + else +- if [ "$OCF_RESKEY_dc" = "yes" ]; then +- ocf_log info "NIC $NIC is DOWN..." +- exit $OCF_SUCCESS +- else +- exit $OCF_ERR_GENERIC +- fi ++ ocf_log info "NIC $NIC is DOWN..." ++ exit $OCF_SUCCESS + fi fi -@@ -954,12 +950,8 @@ ip_start() { - then - exit $OCF_SUCCESS - else -- if [ "$OCF_RESKEY_dc" = "yes" ]; then -- ocf_log info "NIC $NIC is DOWN" -- exit $OCF_SUCCESS -- else -- exit $OCF_ERR_GENERIC -- fi -+ ocf_log info "NIC $NIC is DOWN" -+ exit $OCF_SUCCESS - fi +@@ -1037,12 +1033,8 @@ ip_start() { + then + exit $OCF_SUCCESS + else +- if [ "$OCF_RESKEY_dc" = "yes" ]; then +- ocf_log info "NIC $NIC is DOWN" +- exit $OCF_SUCCESS +- else +- exit $OCF_ERR_GENERIC +- fi ++ ocf_log info "NIC $NIC is DOWN" ++ exit $OCF_SUCCESS + fi } -@@ -1040,12 +1032,8 @@ ip_monitor() { - then - return $OCF_SUCCESS - else -- if [ "$OCF_RESKEY_dc" = "yes" ]; then -- ocf_log info "NIC $NIC is DOWN" -- return $OCF_SUCCESS -- else -- return $OCF_NOT_RUNNING -- fi -+ ocf_log info "NIC $NIC is DOWN" -+ return $OCF_SUCCESS - fi +@@ -1123,12 +1115,8 @@ ip_monitor() { + then + return $OCF_SUCCESS + else +- if [ "$OCF_RESKEY_dc" = "yes" ]; then +- ocf_log info "NIC $NIC is DOWN" +- return $OCF_SUCCESS +- else +- return $OCF_NOT_RUNNING +- fi ++ ocf_log info "NIC $NIC is DOWN" ++ exit $OCF_SUCCESS + fi ;; partial|no|partial2) -- diff --git a/base/cluster-resource-agents/centos/patches/ipaddr2-use-host-scope-for-addresses-on-loopback.patch b/base/cluster-resource-agents/centos/patches/ipaddr2-use-host-scope-for-addresses-on-loopback.patch index 03b03ee46..6980369cc 100644 --- a/base/cluster-resource-agents/centos/patches/ipaddr2-use-host-scope-for-addresses-on-loopback.patch +++ b/base/cluster-resource-agents/centos/patches/ipaddr2-use-host-scope-for-addresses-on-loopback.patch @@ -11,7 +11,7 @@ diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 index 2da5c5e..79dbdcf 100755 --- a/heartbeat/IPaddr2 +++ b/heartbeat/IPaddr2 -@@ -584,10 +584,18 @@ add_interface () { +@@ -622,10 +622,18 @@ add_interface () { add_ipv6_addrlabel $ipaddr fi diff --git a/base/cluster-resource-agents/centos/patches/ipaddr2_check_if_state.patch b/base/cluster-resource-agents/centos/patches/ipaddr2_check_if_state.patch index b3dbc4e3b..098896b52 100644 --- a/base/cluster-resource-agents/centos/patches/ipaddr2_check_if_state.patch +++ b/base/cluster-resource-agents/centos/patches/ipaddr2_check_if_state.patch @@ -11,45 +11,45 @@ diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 index aef6dc7..67a7ca3 100755 --- a/heartbeat/IPaddr2 +++ b/heartbeat/IPaddr2 -@@ -880,7 +880,12 @@ ip_start() { +@@ -964,7 +964,12 @@ ip_start() { local ip_status=`ip_served` if [ "$ip_status" = "ok" ]; then - exit $OCF_SUCCESS -+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] -+ then -+ exit $OCF_SUCCESS -+ else -+ exit $OCF_ERR_GENERIC -+ fi ++ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] ++ then ++ exit $OCF_SUCCESS ++ else ++ exit $OCF_ERR_GENERIC ++ fi fi - if [ -n "$IP_CIP" ] && [ $ip_status = "no" ] || [ $ip_status = "partial2" ]; then -@@ -939,7 +944,12 @@ ip_start() { + if [ -n "$IP_CIP" ] && ([ $ip_status = "no" ] || [ $ip_status = "partial2" ]); then +@@ -1023,7 +1028,12 @@ ip_start() { fi ;; esac - exit $OCF_SUCCESS -+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] -+ then -+ exit $OCF_SUCCESS -+ else -+ exit $OCF_ERR_GENERIC -+ fi ++ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] ++ then ++ exit $OCF_SUCCESS ++ else ++ exit $OCF_ERR_GENERIC ++ fi } ip_stop() { -@@ -1015,7 +1025,12 @@ ip_monitor() { +@@ -1099,7 +1109,12 @@ ip_monitor() { case $ip_status in ok) - $ARP_SEND_FUN refresh + run_arp_sender refresh - return $OCF_SUCCESS -+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] -+ then -+ return $OCF_SUCCESS -+ else -+ return $OCF_NOT_RUNNING -+ fi ++ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] ++ then ++ return $OCF_SUCCESS ++ else ++ return $OCF_NOT_RUNNING ++ fi ;; partial|no|partial2) exit $OCF_NOT_RUNNING diff --git a/base/cluster-resource-agents/centos/patches/ipaddr2_if_down.patch b/base/cluster-resource-agents/centos/patches/ipaddr2_if_down.patch index 4cf424fc3..40c10c52f 100644 --- a/base/cluster-resource-agents/centos/patches/ipaddr2_if_down.patch +++ b/base/cluster-resource-agents/centos/patches/ipaddr2_if_down.patch @@ -11,46 +11,46 @@ diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 index 67a7ca3..2cd822d 100755 --- a/heartbeat/IPaddr2 +++ b/heartbeat/IPaddr2 -@@ -884,7 +884,12 @@ ip_start() { - then - exit $OCF_SUCCESS - else -- exit $OCF_ERR_GENERIC -+ if [ "$OCF_RESKEY_dc" = "yes" ]; then -+ ocf_log info "NIC $NIC is DOWN..." -+ exit $OCF_SUCCESS -+ else -+ exit $OCF_ERR_GENERIC -+ fi - fi +@@ -968,7 +968,12 @@ ip_start() { + then + exit $OCF_SUCCESS + else +- exit $OCF_ERR_GENERIC ++ if [ "$OCF_RESKEY_dc" = "yes" ]; then ++ ocf_log info "NIC $NIC is DOWN..." ++ exit $OCF_SUCCESS ++ else ++ exit $OCF_ERR_GENERIC ++ fi + fi fi -@@ -948,7 +953,12 @@ ip_start() { - then - exit $OCF_SUCCESS - else -- exit $OCF_ERR_GENERIC -+ if [ "$OCF_RESKEY_dc" = "yes" ]; then -+ ocf_log info "NIC $NIC is DOWN" -+ exit $OCF_SUCCESS -+ else -+ exit $OCF_ERR_GENERIC -+ fi - fi +@@ -1032,7 +1037,12 @@ ip_start() { + then + exit $OCF_SUCCESS + else +- exit $OCF_ERR_GENERIC ++ if [ "$OCF_RESKEY_dc" = "yes" ]; then ++ ocf_log info "NIC $NIC is DOWN" ++ exit $OCF_SUCCESS ++ else ++ exit $OCF_ERR_GENERIC ++ fi + fi } -@@ -1029,7 +1039,12 @@ ip_monitor() { - then - return $OCF_SUCCESS - else -- return $OCF_NOT_RUNNING -+ if [ "$OCF_RESKEY_dc" = "yes" ]; then -+ ocf_log info "NIC $NIC is DOWN" -+ return $OCF_SUCCESS -+ else -+ return $OCF_NOT_RUNNING -+ fi - fi +@@ -1113,7 +1123,12 @@ ip_monitor() { + then + return $OCF_SUCCESS + else +- return $OCF_NOT_RUNNING ++ if [ "$OCF_RESKEY_dc" = "yes" ]; then ++ ocf_log info "NIC $NIC is DOWN" ++ return $OCF_SUCCESS ++ else ++ return $OCF_NOT_RUNNING ++ fi + fi ;; partial|no|partial2) -- diff --git a/base/cluster-resource-agents/centos/patches/ipaddr2_ignore_lo_if_state.patch b/base/cluster-resource-agents/centos/patches/ipaddr2_ignore_lo_if_state.patch index 4bb8f44d1..551a2d15c 100644 --- a/base/cluster-resource-agents/centos/patches/ipaddr2_ignore_lo_if_state.patch +++ b/base/cluster-resource-agents/centos/patches/ipaddr2_ignore_lo_if_state.patch @@ -11,33 +11,33 @@ diff --git a/heartbeat/IPaddr2 b/heartbeat/IPaddr2 index 2cd822d..59620d2 100755 --- a/heartbeat/IPaddr2 +++ b/heartbeat/IPaddr2 -@@ -880,7 +880,7 @@ ip_start() { +@@ -964,7 +964,7 @@ ip_start() { local ip_status=`ip_served` if [ "$ip_status" = "ok" ]; then -- if [ -n "`ip link show $NIC | grep \"state UP\"`" ] -+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] || [ "$NIC" = "lo" ] - then - exit $OCF_SUCCESS - else -@@ -949,7 +949,7 @@ ip_start() { +- if [ -n "`ip link show $NIC | grep \"state UP\"`" ] ++ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] || [ "$NIC" = "lo" ] + then + exit $OCF_SUCCESS + else +@@ -1033,7 +1033,7 @@ ip_start() { fi ;; esac -- if [ -n "`ip link show $NIC | grep \"state UP\"`" ] -+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] || [ "$NIC" = "lo" ] - then - exit $OCF_SUCCESS - else -@@ -1035,7 +1035,7 @@ ip_monitor() { +- if [ -n "`ip link show $NIC | grep \"state UP\"`" ] ++ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] || [ "$NIC" = "lo" ] + then + exit $OCF_SUCCESS + else +@@ -1119,7 +1119,7 @@ ip_monitor() { case $ip_status in ok) - $ARP_SEND_FUN refresh -- if [ -n "`ip link show $NIC | grep \"state UP\"`" ] -+ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] || [ "$NIC" = "lo" ] - then - return $OCF_SUCCESS - else + run_arp_sender refresh +- if [ -n "`ip link show $NIC | grep \"state UP\"`" ] ++ if [ -n "`ip link show $NIC | grep \"state UP\"`" ] || [ "$NIC" = "lo" ] + then + return $OCF_SUCCESS + else -- 1.9.1 diff --git a/base/cluster-resource-agents/centos/patches/lvm_cleanup_refs_on_stop.patch b/base/cluster-resource-agents/centos/patches/lvm_cleanup_refs_on_stop.patch index 3ec668508..ac5186c83 100644 --- a/base/cluster-resource-agents/centos/patches/lvm_cleanup_refs_on_stop.patch +++ b/base/cluster-resource-agents/centos/patches/lvm_cleanup_refs_on_stop.patch @@ -30,7 +30,7 @@ diff --git a/heartbeat/LVM b/heartbeat/LVM index 1efb207..bde381c 100755 --- a/heartbeat/LVM +++ b/heartbeat/LVM -@@ -601,6 +601,81 @@ EOF +@@ -367,6 +367,81 @@ LVM_start() { } # @@ -112,7 +112,7 @@ index 1efb207..bde381c 100755 # Disable the LVM volume # LVM_stop() { -@@ -632,6 +707,7 @@ LVM_stop() { +@@ -395,6 +470,7 @@ LVM_stop() { break fi diff --git a/base/cluster-resource-agents/centos/patches/lvm_vg_activation.patch b/base/cluster-resource-agents/centos/patches/lvm_vg_activation.patch index 9f6f32be5..abb7c5843 100644 --- a/base/cluster-resource-agents/centos/patches/lvm_vg_activation.patch +++ b/base/cluster-resource-agents/centos/patches/lvm_vg_activation.patch @@ -4,14 +4,14 @@ Date: Mon, 2 Oct 2017 15:12:54 -0400 Subject: [PATCH 06/13] WRS: Patch1110: lvm_vg_activation.patch --- - heartbeat/LVM | 130 +++++++++++++++++++++++++++++++++++++++++++++++++++------- - 1 file changed, 116 insertions(+), 14 deletions(-) + heartbeat/LVM | 117 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- + 1 file changed, 116 insertions(+), 1 deletion(-) diff --git a/heartbeat/LVM b/heartbeat/LVM index b0ca87a..38092f9 100755 --- a/heartbeat/LVM +++ b/heartbeat/LVM -@@ -437,6 +437,81 @@ retry_exclusive_start() +@@ -222,6 +222,81 @@ LVM_status() { } # @@ -93,68 +93,58 @@ index b0ca87a..38092f9 100755 # Enable LVM volume # LVM_start() { -@@ -477,20 +552,47 @@ EOF - : ;; - esac +@@ -241,10 +316,50 @@ LVM_start() { + ocf_run vgscan + fi -- if ! ocf_run vgchange $vgchange_options $vg; then -- if [ $clvmd -eq 0 ]; then -- return $OCF_ERR_GENERIC -- fi -- -- # Failure to exclusively activate cluster vg.: -- # This could be caused by a remotely active LV, Attempt -- # to disable volume group cluster wide and try again. -- # Allow for some settling -- sleep 5 -- if ! retry_exclusive_start; then -- return $OCF_ERR_GENERIC -- fi -- fi -+ # Kick off activation of all volumes. If it doesn't complete within -+ # the timeout period, then we'll log the not-yet-activated volumes and -+ # continue on. -+ (ocf_run vgchange $vgchange_options $1) & PID=$! -+ -+ # Check every second for up to TIMEOUT seconds whether the vgchange has -+ # completed. -+ TIMEOUT=300 -+ TIMED_OUT=true -+ SECONDS=0; -+ PARALLEL_ACTIVATE_DELAY=10 -+ PARALLEL_ACTIVATE_DONE=false -+ while [ $SECONDS -lt $TIMEOUT ] ; do -+ kill -0 $PID &> /dev/null -+ if [ $? -eq 1 ] ; then -+ # process with pid of $PID doesn't exist, vgchange command completed -+ TIMED_OUT=false -+ break -+ fi -+ if [ $SECONDS -ge $PARALLEL_ACTIVATE_DELAY ] && \ -+ [ "$PARALLEL_ACTIVATE_DONE" != true ] && \ -+ [ "$1" == "cinder-volumes" ] ; then -+ # This will kick off parallel activation of all LVs in the VG. -+ # The delay is to ensure the VG is activated first. -+ PARALLEL_ACTIVATE_DONE=true -+ ocf_log info Explicitly activating all volumes in $1 with: $vgchange_options -+ activate_all_volumes $1 $vgchange_options -+ fi -+ sleep 1 -+ done -+ -+ if [ "$TIMED_OUT" = true ] ; then -+ ocf_log err "Timed out running ocf_run vgchange $vgchange_options $1" -+ log_inactive_volumes $1 -+ else -+ # Child process completed, get its status. -+ wait $PID -+ if [ $? -ne 0 ] ; then -+ return $OCF_ERR_GENERIC -+ fi -+ fi ++ # Kick off activation of all volumes. If it doesn't complete within ++ # the timeout period, then we'll log the not-yet-activated volumes and ++ # continue on. + lvm_pre_activate || exit +- ocf_run vgchange $vgchange_activate_options $vg ++ (ocf_run vgchange $vgchange_activate_options $1) & PID=$! + lvm_post_activate $? ++ # Check every second for up to TIMEOUT seconds whether the vgchange has ++ # completed. ++ TIMEOUT=300 ++ TIMED_OUT=true ++ SECONDS=0; ++ PARALLEL_ACTIVATE_DELAY=10 ++ PARALLEL_ACTIVATE_DONE=false ++ while [ $SECONDS -lt $TIMEOUT ] ; do ++ kill -0 $PID &> /dev/null ++ if [ $? -eq 1 ] ; then ++ # process with pid of $PID doesn't exist, vgchange command completed ++ TIMED_OUT=false ++ break ++ fi ++ if [ $SECONDS -ge $PARALLEL_ACTIVATE_DELAY ] && \ ++ [ "$PARALLEL_ACTIVATE_DONE" != true ] && \ ++ [ "$1" == "cinder-volumes" ] ; then ++ # This will kick off parallel activation of all LVs in the VG. ++ # The delay is to ensure the VG is activated first. ++ PARALLEL_ACTIVATE_DONE=true ++ ocf_log info Explicitly activating all volumes in $1 with: $vgchange_activate_options ++ activate_all_volumes $1 $vgchange_activate_options ++ fi ++ sleep 1 ++ done ++ ++ if [ "$TIMED_OUT" = true ] ; then ++ ocf_log err "Timed out running ocf_run vgchange $vgchange_activate_options $1" ++ log_inactive_volumes $1 ++ else ++ # Child process completed, get its status. ++ wait $PID ++ if [ $? -ne 0 ] ; then ++ return $OCF_ERR_GENERIC ++ fi ++ fi ++ if LVM_status $vg; then : OK Volume $vg activated just fine! + return $OCF_SUCCESS -- 2.7.4 diff --git a/base/cluster-resource-agents/centos/patches/notify-rmon-of-shutdown-before-shutting-down.patch b/base/cluster-resource-agents/centos/patches/notify-rmon-of-shutdown-before-shutting-down.patch index 0d9566988..75e844b73 100644 --- a/base/cluster-resource-agents/centos/patches/notify-rmon-of-shutdown-before-shutting-down.patch +++ b/base/cluster-resource-agents/centos/patches/notify-rmon-of-shutdown-before-shutting-down.patch @@ -5,50 +5,44 @@ Subject: [PATCH 1/1] Notify rmon of shutdown before shutting down LVM and Filesystem --- - heartbeat/Filesystem | 9 +++++---- - heartbeat/LVM | 9 +++++---- - 2 files changed, 10 insertions(+), 8 deletions(-) + heartbeat/Filesystem | 5 +++-- + heartbeat/LVM | 5 +++-- + 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem index 05e4097..d5f3417 100755 --- a/heartbeat/Filesystem +++ b/heartbeat/Filesystem -@@ -1200,10 +1200,11 @@ case $OP in +@@ -883,9 +883,10 @@ case $OP in validate-all) Filesystem_validate_all exit $? ;; - stop) Filesystem_stop -- rc=$? -- rmon_notify "disabled" 300 -- exit $rc +- rc=$? + stop) -+ rmon_notify "disabled" 300 + rmon_notify "disabled" 300 + Filesystem_stop + rc=$? -+ exit $rc + exit $rc ;; esac - diff --git a/heartbeat/LVM b/heartbeat/LVM index 38092f9..893ece8 100755 --- a/heartbeat/LVM +++ b/heartbeat/LVM -@@ -879,10 +879,11 @@ case "$1" in - fi - exit $rc;; +@@ -601,9 +601,10 @@ case "$1" in + fi + exit $rc;; - stop) LVM_stop $VOLUME -- rc=$? -- rmon_notify "disabled" 300 -- exit $rc;; +- rc=$? + stop) -+ rmon_notify "disabled" 300 + rmon_notify "disabled" 300 + LVM_stop $VOLUME + rc=$? -+ exit $rc;; + exit $rc;; status) LVM_status $VOLUME $1 - rc=$? -- 2.7.4 diff --git a/base/cluster-resource-agents/centos/patches/ocf-shellfuncs_change_logtag.patch b/base/cluster-resource-agents/centos/patches/ocf-shellfuncs_change_logtag.patch index 43f78d912..bce1699b1 100644 --- a/base/cluster-resource-agents/centos/patches/ocf-shellfuncs_change_logtag.patch +++ b/base/cluster-resource-agents/centos/patches/ocf-shellfuncs_change_logtag.patch @@ -11,7 +11,7 @@ diff --git a/heartbeat/ocf-shellfuncs.in b/heartbeat/ocf-shellfuncs.in index 3565e20..688c150 100644 --- a/heartbeat/ocf-shellfuncs.in +++ b/heartbeat/ocf-shellfuncs.in -@@ -180,9 +180,9 @@ hadate() { +@@ -176,9 +176,9 @@ hadate() { set_logtag() { if [ -z "$HA_LOGTAG" ]; then if [ -n "$OCF_RESOURCE_INSTANCE" ]; then diff --git a/base/cluster-resource-agents/centos/patches/pgsql.patch b/base/cluster-resource-agents/centos/patches/pgsql.patch index a496d0f12..71f1e220e 100644 --- a/base/cluster-resource-agents/centos/patches/pgsql.patch +++ b/base/cluster-resource-agents/centos/patches/pgsql.patch @@ -4,14 +4,14 @@ Date: Mon, 2 Oct 2017 15:12:59 -0400 Subject: [PATCH 07/13] WRS: Patch1111: pgsql.patch --- - heartbeat/pgsql | 23 ++++++++++++++++++++--- + heartbeat/pgsql | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/heartbeat/pgsql b/heartbeat/pgsql index 768608e..28cc046 100755 --- a/heartbeat/pgsql +++ b/heartbeat/pgsql -@@ -38,6 +38,7 @@ get_pgsql_param() { +@@ -46,6 +46,7 @@ get_pgsql_param() { OCF_RESKEY_pgctl_default=/usr/bin/pg_ctl OCF_RESKEY_psql_default=/usr/bin/psql OCF_RESKEY_pgdata_default=/var/lib/pgsql/data @@ -19,7 +19,7 @@ index 768608e..28cc046 100755 OCF_RESKEY_pgdba_default=postgres OCF_RESKEY_pghost_default="" OCF_RESKEY_pgport_default=5432 -@@ -67,10 +68,11 @@ OCF_RESKEY_stop_escalate_in_slave_default=30 +@@ -78,11 +79,12 @@ OCF_RESKEY_replication_slot_name_default="" : ${OCF_RESKEY_pgctl=${OCF_RESKEY_pgctl_default}} : ${OCF_RESKEY_psql=${OCF_RESKEY_psql_default}} : ${OCF_RESKEY_pgdata=${OCF_RESKEY_pgdata_default}} @@ -27,12 +27,13 @@ index 768608e..28cc046 100755 : ${OCF_RESKEY_pgdba=${OCF_RESKEY_pgdba_default}} : ${OCF_RESKEY_pghost=${OCF_RESKEY_pghost_default}} : ${OCF_RESKEY_pgport=${OCF_RESKEY_pgport_default}} + : ${OCF_RESKEY_pglibs=${OCF_RESKEY_pglibs_default}} -: ${OCF_RESKEY_config=${OCF_RESKEY_pgdata}/postgresql.conf} +: ${OCF_RESKEY_config=${OCF_RESKEY_pgconf}/postgresql.conf} : ${OCF_RESKEY_start_opt=${OCF_RESKEY_start_opt_default}} + : ${OCF_RESKEY_ctl_opt=${OCF_RESKEY_ctl_opt_default}} : ${OCF_RESKEY_pgdb=${OCF_RESKEY_pgdb_default}} - : ${OCF_RESKEY_logfile=${OCF_RESKEY_logfile_default}} -@@ -166,6 +168,14 @@ Path to PostgreSQL data directory. +@@ -180,6 +182,14 @@ Path to PostgreSQL data directory. @@ -47,7 +48,7 @@ index 768608e..28cc046 100755 User that owns PostgreSQL. -@@ -220,7 +230,7 @@ SQL script that will be used for monitor operations. +@@ -243,7 +253,7 @@ SQL script that will be used for monitor operations. Path to the PostgreSQL configuration file for the instance. Configuration file @@ -56,10 +57,10 @@ index 768608e..28cc046 100755 -@@ -549,6 +559,12 @@ pgsql_real_start() { - ocf_log debug "PostgreSQL still hasn't started yet. Waiting..." - done - +@@ -630,6 +640,12 @@ pgsql_real_start() { + fi + fi + + # WRS: Create an unversioned symlink under /var/run so SM can easily + # find the PID file. + if [ ! -h $PIDFILE_SYMLINK ]; then @@ -69,8 +70,8 @@ index 768608e..28cc046 100755 ocf_log info "PostgreSQL is started." return $rc } -@@ -1756,10 +1772,11 @@ fi - +@@ -2078,10 +2094,11 @@ then + fi PIDFILE=${OCF_RESKEY_pgdata}/postmaster.pid +PIDFILE_SYMLINK=/var/run/postmaster.pid @@ -81,7 +82,7 @@ index 768608e..28cc046 100755 +RECOVERY_CONF=${OCF_RESKEY_pgconf}/recovery.conf NODENAME=$(ocf_local_nodename | tr '[A-Z]' '[a-z]') - if is_replication; then + case "$1" in -- 1.9.1 diff --git a/base/cluster-resource-agents/centos/patches/umount-in-namespace.patch b/base/cluster-resource-agents/centos/patches/umount-in-namespace.patch index f848a6171..41f27c1fa 100644 --- a/base/cluster-resource-agents/centos/patches/umount-in-namespace.patch +++ b/base/cluster-resource-agents/centos/patches/umount-in-namespace.patch @@ -11,7 +11,7 @@ diff --git a/heartbeat/Filesystem b/heartbeat/Filesystem index f536298..05e4097 100755 --- a/heartbeat/Filesystem +++ b/heartbeat/Filesystem -@@ -804,6 +804,10 @@ signal_processes() { +@@ -503,6 +503,10 @@ signal_processes() { } try_umount() { local SUB=$1 diff --git a/base/cluster-resource-agents/centos/srpm_path b/base/cluster-resource-agents/centos/srpm_path index cd6b26604..c58e456ad 100644 --- a/base/cluster-resource-agents/centos/srpm_path +++ b/base/cluster-resource-agents/centos/srpm_path @@ -1,2 +1,2 @@ -mirror:Source/resource-agents-3.9.5-124.el7.src.rpm +mirror:Source/resource-agents-4.1.1-12.el7_6.7.src.rpm diff --git a/base/dnsmasq/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/base/dnsmasq/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index 7629011cd..adbefe4ab 100644 --- a/base/dnsmasq/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/base/dnsmasq/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -16,8 +16,8 @@ index 4d30b0a..689158e 100644 Name: dnsmasq Version: 2.76 --Release: 5%{?extraversion}%{?dist} -+Release: 5.el7%{?_tis_dist}.%{tis_patch_ver} +-Release: 7%{?extraversion}%{?dist} ++Release: 7.el7%{?_tis_dist}.%{tis_patch_ver} Summary: A lightweight DHCP/caching DNS server Group: System Environment/Daemons diff --git a/base/dnsmasq/centos/meta_patches/spec-include-TiS-patch.patch b/base/dnsmasq/centos/meta_patches/spec-include-TiS-patch.patch index a13ace5bd..66e0ec7d3 100644 --- a/base/dnsmasq/centos/meta_patches/spec-include-TiS-patch.patch +++ b/base/dnsmasq/centos/meta_patches/spec-include-TiS-patch.patch @@ -12,9 +12,9 @@ diff --git a/SPECS/dnsmasq.spec b/SPECS/dnsmasq.spec index b312ef3..4d30b0a 100644 --- a/SPECS/dnsmasq.spec +++ b/SPECS/dnsmasq.spec -@@ -55,6 +55,10 @@ Patch17: dnsmasq-2.76-gita3303e196.patch - Patch18: dnsmasq-2.76-underflow.patch - Patch19: dnsmasq-2.76-misc-cleanups.patch +@@ -57,6 +57,10 @@ Patch19: dnsmasq-2.76-misc-cleanups.patch + Patch20: dnsmasq-2.76-CVE-2017-14491-2.patch + Patch21: dnsmasq-2.76-inotify.patch +# WRS patches +Patch30: dnsmasq-update-ipv6-leases-from-config.patch @@ -23,9 +23,9 @@ index b312ef3..4d30b0a 100644 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: dbus-devel -@@ -109,6 +113,10 @@ query/remove a DHCP server's leases. - %patch18 -p1 -b .underflow - %patch19 -p1 -b .misc +@@ -113,6 +117,10 @@ query/remove a DHCP server's leases. + %patch20 -p1 -b .CVE-2017-14491-2 + %patch21 -p1 -b .inotify +# WRS patches +%patch30 -p1 @@ -34,7 +34,7 @@ index b312ef3..4d30b0a 100644 # use /var/lib/dnsmasq instead of /var/lib/misc for file in dnsmasq.conf.example man/dnsmasq.8 man/es/dnsmasq.8 src/config.h; do sed -i 's|/var/lib/misc/dnsmasq.leases|/var/lib/dnsmasq/dnsmasq.leases|g' "$file" -@@ -164,25 +172,11 @@ rm -rf %{buildroot}%{_initrddir} +@@ -168,25 +176,11 @@ rm -rf %{buildroot}%{_initrddir} %clean rm -rf $RPM_BUILD_ROOT diff --git a/base/dnsmasq/centos/srpm_path b/base/dnsmasq/centos/srpm_path index 85130bd3f..2f40525ea 100644 --- a/base/dnsmasq/centos/srpm_path +++ b/base/dnsmasq/centos/srpm_path @@ -1 +1 @@ -mirror:Source/dnsmasq-2.76-5.el7.src.rpm +mirror:Source/dnsmasq-2.76-7.el7.src.rpm diff --git a/base/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/base/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index 98adeacbb..10c010eeb 100644 --- a/base/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/base/haproxy/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -16,8 +16,8 @@ index 39c0c86..b0d5862 100644 Name: haproxy Version: 1.5.18 --Release: 7%{?dist} -+Release: 7.el7%{?_tis_dist}.%{tis_patch_ver} +-Release: 8%{?dist} ++Release: 8.el7%{?_tis_dist}.%{tis_patch_ver} Summary: TCP/HTTP proxy and load balancer for high availability environments Group: System Environment/Daemons diff --git a/base/haproxy/centos/srpm_path b/base/haproxy/centos/srpm_path index 8bf806123..3ff579401 100644 --- a/base/haproxy/centos/srpm_path +++ b/base/haproxy/centos/srpm_path @@ -1 +1 @@ -mirror:Source/haproxy-1.5.18-7.el7.src.rpm +mirror:Source/haproxy-1.5.18-8.el7.src.rpm diff --git a/base/initscripts/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/base/initscripts/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index a142b3dda..a01cd0d22 100644 --- a/base/initscripts/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/base/initscripts/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -13,7 +13,7 @@ diff --git a/SPECS/initscripts.spec b/SPECS/initscripts.spec index ad32f19..ace1326 100644 --- a/SPECS/initscripts.spec +++ b/SPECS/initscripts.spec -@@ -4,7 +4,7 @@ Version: 9.49.41 +@@ -4,7 +4,7 @@ Version: 9.49.46 # ppp-watch is GPLv2+, everything else is GPLv2 License: GPLv2 and GPLv2+ Group: System Environment/Base diff --git a/base/initscripts/centos/patches/dhclient-restrict-interfaces-to-those-on-c.patch b/base/initscripts/centos/patches/dhclient-restrict-interfaces-to-those-on-c.patch index 6352036d0..79dc969e3 100644 --- a/base/initscripts/centos/patches/dhclient-restrict-interfaces-to-those-on-c.patch +++ b/base/initscripts/centos/patches/dhclient-restrict-interfaces-to-those-on-c.patch @@ -44,22 +44,22 @@ index 3da5c16..9bcf57f 100755 +++ b/sysconfig/network-scripts/ifup-eth @@ -204,7 +204,7 @@ if [ -n "${DYNCONFIG}" ] && [ -x /sbin/dhclient ]; then generate_lease_file_name - + # Initialize the dhclient args and obtain the hostname options if needed: - DHCLIENTARGS="${DHCLIENTARGS} ${ONESHOT} -q ${DHCLIENTCONF} -lf ${LEASEFILE} -pf /var/run/dhclient-${DEVICE}.pid" + DHCLIENTARGS="${DHCLIENTARGS} ${ONESHOT} -q ${DHCLIENTCONF} -lf ${LEASEFILE} --restrict-interfaces -pf /var/run/dhclient-${DEVICE}.pid" set_hostname_options DHCLIENTARGS - + echo -@@ -354,7 +354,7 @@ if is_true "${DHCPV6C}" && [ -x /sbin/dhclient ]; then +@@ -355,7 +355,7 @@ if is_true "${DHCPV6C}" && [ -x /sbin/dhclient ]; then echo -n $"Determining IPv6 information for ${DEVICE}..." - + # Initialize the dhclient args for IPv6 and obtain the hostname options if needed: - DHCLIENTARGS="-6 -1 ${DHCPV6C_OPTIONS} ${DHCLIENTCONF} -lf ${LEASEFILE} -pf /var/run/dhclient6-${DEVICE}.pid ${DEVICE}" + DHCLIENTARGS="-6 -1 ${DHCPV6C_OPTIONS} ${DHCLIENTCONF} -lf ${LEASEFILE} --restrict-interfaces -pf /var/run/dhclient6-${DEVICE}.pid ${DEVICE}" set_hostname_options DHCLIENTARGS - + if /sbin/dhclient $DHCLIENTARGS; then --- +-- 1.9.1 diff --git a/base/initscripts/centos/patches/run-dhclient-as-daemon-for-ipv6.patch b/base/initscripts/centos/patches/run-dhclient-as-daemon-for-ipv6.patch index de69e7baf..ea638588d 100644 --- a/base/initscripts/centos/patches/run-dhclient-as-daemon-for-ipv6.patch +++ b/base/initscripts/centos/patches/run-dhclient-as-daemon-for-ipv6.patch @@ -11,7 +11,7 @@ diff --git a/sysconfig/network-scripts/ifup-eth b/sysconfig/network-scripts/ifup index 4b8b992..ccb5c75 100755 --- a/sysconfig/network-scripts/ifup-eth +++ b/sysconfig/network-scripts/ifup-eth -@@ -363,13 +363,14 @@ if is_true "${DHCPV6C}" && [ -x /sbin/dhclient ]; then +@@ -364,13 +364,14 @@ if is_true "${DHCPV6C}" && [ -x /sbin/dhclient ]; then echo -n $"Determining IPv6 information for ${DEVICE}..." # Initialize the dhclient args for IPv6 and obtain the hostname options if needed: diff --git a/base/initscripts/centos/patches/run-ifdown-on-all-interfaces.patch b/base/initscripts/centos/patches/run-ifdown-on-all-interfaces.patch index 30f40412a..2b4e9218d 100644 --- a/base/initscripts/centos/patches/run-ifdown-on-all-interfaces.patch +++ b/base/initscripts/centos/patches/run-ifdown-on-all-interfaces.patch @@ -11,7 +11,7 @@ diff --git a/rc.d/init.d/network b/rc.d/init.d/network index a8deed3..852ef94 100755 --- a/rc.d/init.d/network +++ b/rc.d/init.d/network -@@ -214,6 +214,9 @@ stop) +@@ -228,6 +228,9 @@ stop) if ! check_device_down $DEVICE; then action $"Shutting down interface $i: " ./ifdown $i boot [ $? -ne 0 ] && rc=1 diff --git a/base/initscripts/centos/srpm_path b/base/initscripts/centos/srpm_path index 1b314d583..f3a752297 100644 --- a/base/initscripts/centos/srpm_path +++ b/base/initscripts/centos/srpm_path @@ -1 +1 @@ -mirror:Source/initscripts-9.49.41-1.el7.src.rpm +mirror:Source/initscripts-9.49.46-1.el7.src.rpm diff --git a/base/lighttpd/centos/meta_patches/Update-package-versioning-for-TIS-format.patch b/base/lighttpd/centos/meta_patches/Update-package-versioning-for-TIS-format.patch index b39145bf6..02698b672 100644 --- a/base/lighttpd/centos/meta_patches/Update-package-versioning-for-TIS-format.patch +++ b/base/lighttpd/centos/meta_patches/Update-package-versioning-for-TIS-format.patch @@ -16,7 +16,7 @@ index 2f7b261..2553b27 100644 @@ -46,7 +46,7 @@ Summary: Lightning fast webserver with light system requirements Name: lighttpd - Version: 1.4.51 + Version: 1.4.52 -Release: 1%{?dist} +Release: 1.el7%{?_tis_dist}.%{tis_patch_ver} License: BSD diff --git a/base/lighttpd/centos/patches/check-content-length.patch b/base/lighttpd/centos/patches/check-content-length.patch index c70662f17..0827599a1 100644 --- a/base/lighttpd/centos/patches/check-content-length.patch +++ b/base/lighttpd/centos/patches/check-content-length.patch @@ -54,7 +54,7 @@ index 213a87e..8c97f45 100644 static int request_check_hostname(buffer *host) { enum { DOMAINLABEL, TOPLABEL } stage = TOPLABEL; -@@ -1149,6 +1178,22 @@ int http_request_parse(server *srv, connection *con) { +@@ -1176,6 +1205,22 @@ int http_request_parse(server *srv, connection *con) { con->http_status = 411; goto failure; } diff --git a/base/lighttpd/centos/patches/lighttpd-tpm-support.patch b/base/lighttpd/centos/patches/lighttpd-tpm-support.patch index 763e7e172..0caab7927 100644 --- a/base/lighttpd/centos/patches/lighttpd-tpm-support.patch +++ b/base/lighttpd/centos/patches/lighttpd-tpm-support.patch @@ -48,9 +48,9 @@ index 2fe60b6..bddcd01 100644 + EVP_PKEY *tpm_key; +#endif buffer *syslog_facility; - } server_config; -@@ -384,6 +406,8 @@ struct server { + unsigned short compat_module_load; +@@ -386,6 +408,8 @@ struct server { int con_written; int con_closed; @@ -63,7 +63,7 @@ diff --git a/src/configfile.c b/src/configfile.c index c3b0f16..dca2a29 100644 --- a/src/configfile.c +++ b/src/configfile.c -@@ -273,8 +273,10 @@ static int config_insert(server *srv) { +@@ -277,8 +277,10 @@ static int config_insert(server *srv) { { "server.syslog-facility", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_SERVER }, /* 80 */ { "server.socket-perms", NULL, T_CONFIG_STRING, T_CONFIG_SCOPE_CONNECTION }, /* 81 */ { "server.http-parseopts", NULL, T_CONFIG_ARRAY, T_CONFIG_SCOPE_SERVER }, /* 82 */ @@ -75,7 +75,7 @@ index c3b0f16..dca2a29 100644 }; /* all T_CONFIG_SCOPE_SERVER options */ -@@ -315,6 +317,8 @@ static int config_insert(server *srv) { +@@ -321,6 +323,8 @@ static int config_insert(server *srv) { cv[80].destination = srv->srvconf.syslog_facility; http_parseopts = array_init(); cv[82].destination = http_parseopts; @@ -88,7 +88,7 @@ diff --git a/src/mod_openssl.c b/src/mod_openssl.c index 75e0873..4cb0335 100644 --- a/src/mod_openssl.c +++ b/src/mod_openssl.c -@@ -444,6 +444,29 @@ error: +@@ -451,6 +451,29 @@ error: return NULL; } @@ -118,7 +118,7 @@ index 75e0873..4cb0335 100644 static EVP_PKEY * evp_pkey_load_pem_file (server *srv, const char *file) -@@ -498,15 +521,23 @@ network_openssl_load_pemfile (server *srv, plugin_config *s, size_t ndx) +@@ -505,15 +528,23 @@ network_openssl_load_pemfile (server *srv, plugin_config *s, size_t ndx) s->ssl_pemfile_x509 = x509_load_pem_file(srv, s->ssl_pemfile->ptr); if (NULL == s->ssl_pemfile_x509) return -1; @@ -151,7 +151,7 @@ index 75e0873..4cb0335 100644 } return 0; -@@ -673,6 +704,43 @@ network_init_ssl (server *srv, void *p_d) +@@ -680,6 +711,43 @@ network_init_ssl (server *srv, void *p_d) force_assert(NULL != local_send_buffer); } @@ -195,7 +195,7 @@ index 75e0873..4cb0335 100644 if (!buffer_string_is_empty(s->ssl_pemfile)) { #ifdef OPENSSL_NO_TLSEXT data_config *dc = (data_config *)srv->config_context->data[i]; -@@ -935,29 +1003,36 @@ network_init_ssl (server *srv, void *p_d) +@@ -949,29 +1017,36 @@ network_init_ssl (server *srv, void *p_d) } } @@ -258,7 +258,7 @@ index f6409bb..2ace3f8 100644 CLEAN(tmp_chunk_len); #undef CLEAN -@@ -348,6 +353,14 @@ static void server_free(server *srv) { +@@ -349,6 +354,14 @@ static void server_free(server *srv) { CLEAN(srvconf.xattr_name); CLEAN(srvconf.syslog_facility); @@ -273,7 +273,7 @@ index f6409bb..2ace3f8 100644 CLEAN(tmp_chunk_len); #undef CLEAN -@@ -782,7 +795,9 @@ static int log_error_open(server *srv) { +@@ -784,7 +797,9 @@ static int log_error_open(server *srv) { if (-1 == (errfd = fdevent_open_devnull())) { log_error_write(srv, __FILE__, __LINE__, "ss", "opening /dev/null failed:", strerror(errno)); diff --git a/base/lighttpd/centos/srpm_path b/base/lighttpd/centos/srpm_path index 0e02d483f..07f75002d 100644 --- a/base/lighttpd/centos/srpm_path +++ b/base/lighttpd/centos/srpm_path @@ -1 +1 @@ -mirror:Source/lighttpd-1.4.51-1.el7.src.rpm +mirror:Source/lighttpd-1.4.52-1.el7.src.rpm diff --git a/base/net-snmp/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/base/net-snmp/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index d58305c20..408b7e8d4 100644 --- a/base/net-snmp/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/base/net-snmp/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -15,11 +15,11 @@ index a59db4f..8a24ba1 100644 Summary: A collection of SNMP protocol tools and libraries Name: net-snmp Version: 5.7.2 --Release: 33%{?dist}.2 -+Release: 33.el7_5.2%{?_tis_dist}.%{tis_patch_ver} +-Release: 37%{?dist} ++Release: 37.el7%{?_tis_dist}.%{tis_patch_ver} Epoch: 1 - + License: BSD --- +-- 2.7.4 diff --git a/base/net-snmp/centos/meta_patches/spec-build-configure-changes.patch b/base/net-snmp/centos/meta_patches/spec-build-configure-changes.patch index 907539f8b..1182249a2 100644 --- a/base/net-snmp/centos/meta_patches/spec-build-configure-changes.patch +++ b/base/net-snmp/centos/meta_patches/spec-build-configure-changes.patch @@ -9,7 +9,7 @@ index 8a24ba1..40af31f 100644 # use netsnmp_tcp_wrappers 0 to disable tcp_wrappers support %{!?netsnmp_tcp_wrappers:%global netsnmp_tcp_wrappers 1} # use nestnmp_check 0 to speed up packaging by disabling 'make test' -@@ -333,7 +336,7 @@ rm testing/fulltests/default/T200* +@@ -339,7 +342,7 @@ rm testing/fulltests/default/T200* %endif %build @@ -18,7 +18,7 @@ index 8a24ba1..40af31f 100644 ucd-snmp/diskio tcp-mib udp-mib mibII/mta_sendmail \ ip-mib/ipv4InterfaceTable ip-mib/ipv6InterfaceTable \ ip-mib/ipAddressPrefixTable/ipAddressPrefixTable \ -@@ -354,6 +357,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib" +@@ -360,6 +363,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib" --with-logfile="/var/log/snmpd.log" \ --with-persistent-directory="/var/lib/net-snmp" \ --with-mib-modules="$MIBS" \ @@ -26,7 +26,7 @@ index 8a24ba1..40af31f 100644 %if %{netsnmp_tcp_wrappers} --with-libwrap=yes \ %endif -@@ -372,6 +376,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib" +@@ -378,6 +382,7 @@ MIBS="$MIBS ucd-snmp/lmsensorsMib" --with-security-modules=tsm \ --with-mysql \ --with-systemd \ diff --git a/base/net-snmp/centos/srpm_path b/base/net-snmp/centos/srpm_path index fbb0692ce..4de7e4e99 100644 --- a/base/net-snmp/centos/srpm_path +++ b/base/net-snmp/centos/srpm_path @@ -1 +1 @@ -mirror:Source/net-snmp-5.7.2-33.el7_5.2.src.rpm +mirror:Source/net-snmp-5.7.2-37.el7.src.rpm diff --git a/base/setup/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/base/setup/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index a33932f66..247d371e9 100644 --- a/base/setup/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/base/setup/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -15,11 +15,11 @@ index 3ad2458..8f5fc46 100644 Summary: A set of system configuration and setup files Name: setup Version: 2.8.71 --Release: 9%{?dist} -+Release: 9.el7%{?_tis_dist}.%{tis_patch_ver} +-Release: 10%{?dist} ++Release: 10.el7%{?_tis_dist}.%{tis_patch_ver} License: Public Domain Group: System Environment/Base URL: https://pagure.io/setup/ --- +-- 2.7.4 diff --git a/base/setup/centos/meta_patches/0001-WRS-change-passwd-group-uidgid.patch b/base/setup/centos/meta_patches/0001-WRS-change-passwd-group-uidgid.patch index 23b140678..e9897e23a 100644 --- a/base/setup/centos/meta_patches/0001-WRS-change-passwd-group-uidgid.patch +++ b/base/setup/centos/meta_patches/0001-WRS-change-passwd-group-uidgid.patch @@ -11,20 +11,20 @@ diff --git a/SPECS/setup.spec b/SPECS/setup.spec index 0bd1e98..a173b95 100644 --- a/SPECS/setup.spec +++ b/SPECS/setup.spec -@@ -21,6 +21,8 @@ Patch5: setup-2.8.71-fullpath.patch - Patch6: setup-2.8.71-tapeid.patch - Patch7: setup-2.8.71-shlocal.patch +@@ -23,6 +23,8 @@ Patch7: setup-2.8.71-shlocal.patch + Patch8: setup-2.8.71-protocolscrudp.patch + Patch9: setup-2.8.71-shellsnologin.patch -+Patch8: 0001-Change-group-passwd-and-uidgid.patch ++Patch1001: 0001-Change-group-passwd-and-uidgid.patch + %description The setup package contains a set of important system configuration and setup files, such as passwd, group, and profile. -@@ -36,6 +38,8 @@ setup files, such as passwd, group, and profile. - %patch6 -p1 - %patch7 -p1 +@@ -40,6 +42,8 @@ setup files, such as passwd, group, and profile. + %patch8 -p1 + %patch9 -p1 -+%patch8 -p1 ++%patch1001 -p1 + ./shadowconvert.sh diff --git a/base/setup/centos/srpm_path b/base/setup/centos/srpm_path index 82625af3f..5f011677b 100644 --- a/base/setup/centos/srpm_path +++ b/base/setup/centos/srpm_path @@ -1 +1 @@ -mirror:Source/setup-2.8.71-9.el7.src.rpm +mirror:Source/setup-2.8.71-10.el7.src.rpm diff --git a/base/sudo/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/base/sudo/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index c95090da4..794d66d2a 100644 --- a/base/sudo/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/base/sudo/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -1,10 +1,8 @@ From 21db84dcb55f87c792a6d59cef0c68741a9d24b1 Mon Sep 17 00:00:00 2001 From: Scott Little Date: Mon, 2 Oct 2017 16:50:44 -0400 -Subject: [PATCH 1/4] WRS: 0001-Update-package-versioning-for-TIS-format.patch +Subject: [PATCH 1/4] STX: 0001-Update-package-versioning-for-TIS-format.patch -Conflicts: - SPECS/sudo.spec --- SPECS/sudo.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -16,9 +14,9 @@ index c8d2f64..b6402bb 100644 @@ -1,7 +1,7 @@ Summary: Allows restricted root access for specified users Name: sudo - Version: 1.8.19p2 --Release: 14%{?dist} -+Release: 14.el7_5%{?_tis_dist}.%{tis_patch_ver} + Version: 1.8.23 +-Release: 3%{?dist} ++Release: 3.el7%{?_tis_dist}.%{tis_patch_ver} License: ISC Group: Applications/System URL: http://www.courtesan.com/sudo/ diff --git a/base/sudo/centos/meta_patches/0002-spec-include-TiS-changes.patch b/base/sudo/centos/meta_patches/0002-spec-include-TiS-changes.patch index 31fbc0e05..1c5083b5d 100644 --- a/base/sudo/centos/meta_patches/0002-spec-include-TiS-changes.patch +++ b/base/sudo/centos/meta_patches/0002-spec-include-TiS-changes.patch @@ -1,35 +1,17 @@ From 70046603b8d607445e2fbf5e7d934bcd43a77dc8 Mon Sep 17 00:00:00 2001 From: Scott Little Date: Mon, 2 Oct 2017 16:50:44 -0400 -Subject: [PATCH 2/4] WRS: 0002-spec-include-TiS-changes.patch +Subject: [PATCH 2/4] STX: 0002-spec-include-TiS-changes.patch --- - SPECS/sudo.spec | 15 +++++++++++++-- - 1 file changed, 13 insertions(+), 2 deletions(-) + SPECS/sudo.spec | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec index b6402bb..acbcb26 100644 --- a/SPECS/sudo.spec +++ b/SPECS/sudo.spec -@@ -78,6 +78,8 @@ Patch24: sudo-1.8.19p2-sssd-double-free.patch - # 1560657 - sudo blocks in poll() for /dev/ptmx with iolog enabled - Patch25: sudo-1.8.19p2-iolog-zombie.patch - -+# WRS patches -+ - %description - Sudo (superuser do) allows a system administrator to give certain - users (or groups of users) the ability to run some (or all) commands -@@ -127,6 +129,8 @@ plugins that use %{name}. - %patch24 -p1 -b .double-free - %patch25 -p1 -b .iolog-zombie - -+# WRS patches -+ - %build - autoreconf -I m4 -fv --install - -@@ -153,7 +157,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL +@@ -111,7 +111,7 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL --with-ignore-dot \ --with-tty-tickets \ --with-ldap \ @@ -38,26 +20,21 @@ index b6402bb..acbcb26 100644 --with-selinux \ --with-passprompt="[sudo] password for %p: " \ --with-linux-audit \ -@@ -179,6 +183,12 @@ install -p -c -m 0440 %{SOURCE1} $RPM_BUILD_ROOT/etc/sudoers - install -p -c -m 0640 %{SOURCE3} $RPM_BUILD_ROOT/etc/sudo.conf - install -p -c -m 0640 %{SOURCE2} $RPM_BUILD_ROOT/%{_sysconfdir}/sudo-ldap.conf +@@ -138,6 +138,9 @@ install -p -c -m 0440 %{SOURCE1} %{buildroot}%{_sysconfdir}/sudoers + install -p -c -m 0640 %{SOURCE3} %{buildroot}%{_sysconfdir}/sudo.conf + install -p -c -m 0640 %{SOURCE2} %{buildroot}%{_sysconfdir}/sudo-ldap.conf -+install -d $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/schema/ -+install -m 644 doc/schema.OpenLDAP $RPM_BUILD_ROOT/%{_sysconfdir}/openldap/schema/sudo.schema ++install -d %{buildroot}%{_sysconfdir}/openldap/schema/ ++install -m 644 doc/schema.OpenLDAP %{buildroot}%{_sysconfdir}/openldap/schema/sudo.schema + -+install -d $RPM_BUILD_ROOT/%{_datadir}/sudo -+install -m 700 plugins/sudoers/sudoers2ldif $RPM_BUILD_ROOT/%{_datadir}/sudo/sudoers2ldif -+ - # Remove execute permission on this script so we don't pull in perl deps - chmod -x $RPM_BUILD_ROOT%{_docdir}/sudo-*/sudoers2ldif + # Remove upstream sudoers file + rm -f %{buildroot}%{_sysconfdir}/sudoers.dist -@@ -247,7 +257,8 @@ rm -rf $RPM_BUILD_ROOT - %{_mandir}/man8/visudo.8* +@@ -210,6 +213,7 @@ rm -rf %{buildroot} + %{_mandir}/man5/sudoers_timestamp.5.gz %dir %{_docdir}/sudo-%{version} %{_docdir}/sudo-%{version}/* -- +%{_sysconfdir}/openldap/schema/sudo.schema -+%{_datadir}/sudo/sudoers2ldif # Make sure permissions are ok even if we're updating %post diff --git a/base/sudo/centos/meta_patches/0003-remove-make-check.patch b/base/sudo/centos/meta_patches/0003-remove-make-check.patch index 2e7b2849e..f6ab0c2a0 100644 --- a/base/sudo/centos/meta_patches/0003-remove-make-check.patch +++ b/base/sudo/centos/meta_patches/0003-remove-make-check.patch @@ -2,16 +2,16 @@ diff --git a/SPECS/sudo.spec b/SPECS/sudo.spec index 8c3f395..17531f7 100644 --- a/SPECS/sudo.spec +++ b/SPECS/sudo.spec -@@ -166,7 +166,8 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL - # --without-kerb4 +@@ -120,7 +120,8 @@ export CFLAGS="$RPM_OPT_FLAGS $F_PIE" LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" SHL make + %check -make check +# "make check" fails if there is no group named "bin" in the mock system +# make check %install - rm -rf $RPM_BUILD_ROOT + rm -rf %{buildroot} -- 2.7.4 diff --git a/base/sudo/centos/srpm_path b/base/sudo/centos/srpm_path index f86011720..227d96962 100644 --- a/base/sudo/centos/srpm_path +++ b/base/sudo/centos/srpm_path @@ -1 +1 @@ -mirror:Source/sudo-1.8.19p2-14.el7_5.src.rpm +mirror:Source/sudo-1.8.23-3.el7.src.rpm diff --git a/base/systemd-config/centos/systemd-config.spec b/base/systemd-config/centos/systemd-config.spec index 7f5d2bdc2..0a4d999fa 100644 --- a/base/systemd-config/centos/systemd-config.spec +++ b/base/systemd-config/centos/systemd-config.spec @@ -9,7 +9,7 @@ URL: unknown Source: %name-%version.tar.gz BuildArch: noarch -BuildRequires: systemd = 219-57.el7 +BuildRequires: systemd = 219-62.el7 Requires: systemd %define debug_package %{nil} diff --git a/base/systemd/centos/build_srpm.data b/base/systemd/centos/build_srpm.data index 6484153d7..73018cc23 100644 --- a/base/systemd/centos/build_srpm.data +++ b/base/systemd/centos/build_srpm.data @@ -1,2 +1,2 @@ -TIS_PATCH_VER=10 +TIS_PATCH_VER=11 BUILD_IS_SLOW=7 diff --git a/base/systemd/centos/meta_patches/PATCH_ORDER b/base/systemd/centos/meta_patches/PATCH_ORDER index 20366cc13..5ac36678b 100644 --- a/base/systemd/centos/meta_patches/PATCH_ORDER +++ b/base/systemd/centos/meta_patches/PATCH_ORDER @@ -2,3 +2,4 @@ update-package-versioning-for-TIS-format.patch Protect-sections-of-systemd-post-from-running-on-pat.patch spec-millisec-in-syslog-date.patch fix-build-error-for-unused-variable.patch +fix-build-error-for-CentOS76.patch diff --git a/base/systemd/centos/meta_patches/Protect-sections-of-systemd-post-from-running-on-pat.patch b/base/systemd/centos/meta_patches/Protect-sections-of-systemd-post-from-running-on-pat.patch index ad017c539..31bfcf071 100644 --- a/base/systemd/centos/meta_patches/Protect-sections-of-systemd-post-from-running-on-pat.patch +++ b/base/systemd/centos/meta_patches/Protect-sections-of-systemd-post-from-running-on-pat.patch @@ -12,36 +12,36 @@ diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec index 6e1d7e1..6a04c16 100644 --- a/SPECS/systemd.spec +++ b/SPECS/systemd.spec -@@ -1159,6 +1159,7 @@ fi +@@ -1213,6 +1213,7 @@ fi rm -f /etc/sysconfig/i18n >/dev/null 2>&1 || : rm -f /etc/sysconfig/keyboard >/dev/null 2>&1 || : - + +if [ $1 -eq 1 ]; then # Migrate HOSTNAME= from /etc/sysconfig/network if [ -e /etc/sysconfig/network -a ! -e /etc/hostname ]; then unset HOSTNAME -@@ -1166,6 +1167,7 @@ if [ -e /etc/sysconfig/network -a ! -e /etc/hostname ]; then +@@ -1220,6 +1221,7 @@ if [ -e /etc/sysconfig/network -a ! -e /etc/hostname ]; then [ -n "$HOSTNAME" ] && echo $HOSTNAME > /etc/hostname 2>&1 || : fi sed -i '/^HOSTNAME=/d' /etc/sysconfig/network >/dev/null 2>&1 || : +fi - + # Migrate the old systemd-setup-keyboard X11 configuration fragment if [ ! -e /etc/X11/xorg.conf.d/00-keyboard.conf ] ; then -@@ -1174,6 +1176,7 @@ else +@@ -1228,6 +1230,7 @@ else rm -f /etc/X11/xorg.conf.d/00-system-setup-keyboard.conf >/dev/null 2>&1 || : fi - + +if [ 1 -eq 0 ] ; then # TIS: Skip this. We don't want myhostname in nsswitch.conf # sed-fu to add myhostname to the hosts line of /etc/nsswitch.conf # Only do that when installing, not when updating. if [ $1 -eq 1 -a -f /etc/nsswitch.conf ] ; then -@@ -1183,6 +1186,7 @@ if [ $1 -eq 1 -a -f /etc/nsswitch.conf ] ; then +@@ -1237,6 +1240,7 @@ if [ $1 -eq 1 -a -f /etc/nsswitch.conf ] ; then s/[[:blank:]]*$/ myhostname/ ' /etc/nsswitch.conf >/dev/null 2>&1 || : fi +fi - + %posttrans # Convert old /etc/sysconfig/desktop settings -- diff --git a/base/systemd/centos/meta_patches/fix-build-error-for-CentOS76.patch b/base/systemd/centos/meta_patches/fix-build-error-for-CentOS76.patch new file mode 100644 index 000000000..c6f091d3f --- /dev/null +++ b/base/systemd/centos/meta_patches/fix-build-error-for-CentOS76.patch @@ -0,0 +1,25 @@ +From 0816ac70222fec2609ed893c30d55f8c37fba632 Mon Sep 17 00:00:00 2001 +From: Shuicheng Lin +Date: Tue, 8 Jan 2019 21:06:06 +0800 +Subject: [PATCH] Add patch to fix build failure in CentOS 7.6 + +Signed-off-by: Shuicheng Lin +--- + SPECS/systemd.spec | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec +index f794c3b..8e3715b 100644 +--- a/SPECS/systemd.spec ++++ b/SPECS/systemd.spec +@@ -707,6 +707,7 @@ Patch0664: 0664-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch + #WRS Patches + Patch0701: 0701-inject-millisec-in-syslog-date.patch + Patch0702: 0702-fix-build-error-for-unused-variable.patch ++Patch0703: 0703-fix-build-error-for-CentOS7.6.patch + + %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} + +-- +2.7.4 + diff --git a/base/systemd/centos/meta_patches/fix-build-error-for-unused-variable.patch b/base/systemd/centos/meta_patches/fix-build-error-for-unused-variable.patch index 0bbf2bb87..6bfa730ed 100644 --- a/base/systemd/centos/meta_patches/fix-build-error-for-unused-variable.patch +++ b/base/systemd/centos/meta_patches/fix-build-error-for-unused-variable.patch @@ -12,8 +12,8 @@ diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec index ffd0770..3f7cc10 100644 --- a/SPECS/systemd.spec +++ b/SPECS/systemd.spec -@@ -655,6 +655,7 @@ Patch0613: 0613-sd-journal-when-picking-up-a-new-file-compare-inode-.patch - +@@ -706,6 +706,7 @@ Patch0664: 0664-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch + #WRS Patches Patch0701: 0701-inject-millisec-in-syslog-date.patch +Patch0702: 0702-fix-build-error-for-unused-variable.patch diff --git a/base/systemd/centos/meta_patches/spec-millisec-in-syslog-date.patch b/base/systemd/centos/meta_patches/spec-millisec-in-syslog-date.patch index 816ec84fe..f7557a689 100644 --- a/base/systemd/centos/meta_patches/spec-millisec-in-syslog-date.patch +++ b/base/systemd/centos/meta_patches/spec-millisec-in-syslog-date.patch @@ -3,8 +3,6 @@ From: Scott Little Date: Mon, 2 Oct 2017 17:53:00 -0400 Subject: [PATCH] WRS: 0005-spec-millisec-in-syslog-date.patch -Conflicts: - SPECS/systemd.spec --- SPECS/systemd.spec | 3 +++ 1 file changed, 3 insertions(+) @@ -13,10 +11,10 @@ diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec index 6a04c16..845d1dd 100644 --- a/SPECS/systemd.spec +++ b/SPECS/systemd.spec -@@ -653,6 +653,9 @@ Patch0611: 0611-sd-journal-make-sure-it-s-safe-to-call-sd_journal_pr.patch - Patch0612: 0612-journalctl-Periodically-call-sd_journal_process-in-j.patch - Patch0613: 0613-sd-journal-when-picking-up-a-new-file-compare-inode-.patch - +@@ -704,6 +704,9 @@ Patch0662: 0662-cryptsetup-generator-don-t-return-error-if-target-di.patch + Patch0663: 0663-cryptsetup-generator-allow-whitespace-characters-in-.patch + Patch0664: 0664-Make-sure-the-mount-units-pulled-by-RequiresMountsFo.patch + +#WRS Patches +Patch0701: 0701-inject-millisec-in-syslog-date.patch + diff --git a/base/systemd/centos/meta_patches/update-package-versioning-for-TIS-format.patch b/base/systemd/centos/meta_patches/update-package-versioning-for-TIS-format.patch index 840b70600..76e89c68f 100644 --- a/base/systemd/centos/meta_patches/update-package-versioning-for-TIS-format.patch +++ b/base/systemd/centos/meta_patches/update-package-versioning-for-TIS-format.patch @@ -3,8 +3,6 @@ From: Scott Little Date: Mon, 2 Oct 2017 17:53:00 -0400 Subject: [PATCH] WRS: 0001-update-package-versioning-for-TIS-format.patch -Conflicts: - SPECS/systemd.spec --- SPECS/systemd.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -17,8 +15,8 @@ index 6bdbb74..3b2aa7f 100644 Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd Version: 219 --Release: 57%{?dist} -+Release: 57.el7%{?_tis_dist}.%{tis_patch_ver} +-Release: 62%{?dist} ++Release: 62.el7%{?_tis_dist}.%{tis_patch_ver} # For a breakdown of the licensing, see README License: LGPLv2+ and MIT and GPLv2+ Summary: A System and Service Manager diff --git a/base/systemd/centos/patches/0701-inject-millisec-in-syslog-date.patch b/base/systemd/centos/patches/0701-inject-millisec-in-syslog-date.patch index 5ac344023..5eee0f141 100644 --- a/base/systemd/centos/patches/0701-inject-millisec-in-syslog-date.patch +++ b/base/systemd/centos/patches/0701-inject-millisec-in-syslog-date.patch @@ -56,7 +56,7 @@ index 4e118aa..85cdeb9 100644 static void forward_syslog_iovec(Server *s, const struct iovec *iovec, unsigned n_iovec, const struct ucred *ucred, const struct timeval *tv) { static const union sockaddr_union sa = { -@@ -143,13 +181,11 @@ void server_forward_syslog(Server *s, int priority, const char *identifier, cons +@@ -145,13 +183,11 @@ void server_forward_syslog(Server *s, int priority, const char *identifier, cons xsprintf(header_priority, "<%i>", priority); IOVEC_SET_STRING(iovec[n++], header_priority); diff --git a/base/systemd/centos/patches/0702-fix-build-error-for-unused-variable.patch b/base/systemd/centos/patches/0702-fix-build-error-for-unused-variable.patch index 302f299b9..8d31d8946 100644 --- a/base/systemd/centos/patches/0702-fix-build-error-for-unused-variable.patch +++ b/base/systemd/centos/patches/0702-fix-build-error-for-unused-variable.patch @@ -12,7 +12,7 @@ diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c index 33062ea..fd4e070 100644 --- a/src/journal/journald-syslog.c +++ b/src/journal/journald-syslog.c -@@ -165,8 +165,6 @@ void server_forward_syslog(Server *s, int priority, const char *identifier, cons +@@ -167,8 +167,6 @@ void server_forward_syslog(Server *s, int priority, const char *identifier, cons char header_priority[DECIMAL_STR_MAX(priority) + 3], header_time[64], header_pid[sizeof("[]: ")-1 + DECIMAL_STR_MAX(pid_t) + 1]; int n = 0; diff --git a/base/systemd/centos/patches/0703-fix-build-error-for-CentOS7.6.patch b/base/systemd/centos/patches/0703-fix-build-error-for-CentOS7.6.patch new file mode 100644 index 000000000..0683bd27f --- /dev/null +++ b/base/systemd/centos/patches/0703-fix-build-error-for-CentOS7.6.patch @@ -0,0 +1,68 @@ +From 424bb6c3f56f6c445b7bd3d06150ab2993f1b611 Mon Sep 17 00:00:00 2001 +From: Shuicheng Lin +Date: Tue, 8 Jan 2019 20:59:43 +0800 +Subject: [PATCH] Fix compile failure due to deprecated value + +Issue occur after upgrade build tool chain. Fix it per tool chain's +suggestion. +Error message is like below: +" +Value MHD_HTTP_REQUEST_ENTITY_TOO_LARGE is deprecated, +use MHD_HTTP_PAYLOAD_TOO_LARGE [-Werror] +Value MHD_HTTP_METHOD_NOT_ACCEPTABLE is deprecated, +use MHD_HTTP_NOT_ACCEPTABLE [-Werror] +" + +Signed-off-by: Shuicheng Lin +--- + src/journal-remote/journal-gatewayd.c | 4 ++-- + src/journal-remote/journal-remote.c | 4 ++-- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/journal-remote/journal-gatewayd.c b/src/journal-remote/journal-gatewayd.c +index d1f0ce3..8364044 100644 +--- a/src/journal-remote/journal-gatewayd.c ++++ b/src/journal-remote/journal-gatewayd.c +@@ -684,7 +684,7 @@ static int request_handler_file( + if (fstat(fd, &st) < 0) + return mhd_respondf(connection, MHD_HTTP_INTERNAL_SERVER_ERROR, "Failed to stat file: %m\n"); + +- response = MHD_create_response_from_fd_at_offset(st.st_size, fd, 0); ++ response = MHD_create_response_from_fd_at_offset64(st.st_size, fd, 0); + if (!response) + return respond_oom(connection); + +@@ -824,7 +824,7 @@ static int request_handler( + assert(method); + + if (!streq(method, "GET")) +- return mhd_respond(connection, MHD_HTTP_METHOD_NOT_ACCEPTABLE, ++ return mhd_respond(connection, MHD_HTTP_NOT_ACCEPTABLE, + "Unsupported method.\n"); + + +diff --git a/src/journal-remote/journal-remote.c b/src/journal-remote/journal-remote.c +index a455fb6..1d7df07 100644 +--- a/src/journal-remote/journal-remote.c ++++ b/src/journal-remote/journal-remote.c +@@ -526,7 +526,7 @@ static int process_http_upload( + log_warning("Failed to process data for connection %p", connection); + if (r == -E2BIG) + return mhd_respondf(connection, +- MHD_HTTP_REQUEST_ENTITY_TOO_LARGE, ++ MHD_HTTP_PAYLOAD_TOO_LARGE, + "Entry is too large, maximum is %u bytes.\n", + DATA_SIZE_MAX); + else +@@ -579,7 +579,7 @@ static int request_handler( + *connection_cls); + + if (!streq(method, "POST")) +- return mhd_respond(connection, MHD_HTTP_METHOD_NOT_ACCEPTABLE, ++ return mhd_respond(connection, MHD_HTTP_NOT_ACCEPTABLE, + "Unsupported method.\n"); + + if (!streq(url, "/upload")) +-- +2.7.4 + diff --git a/base/systemd/centos/srpm_path b/base/systemd/centos/srpm_path index 712c49fb3..bc2313e45 100644 --- a/base/systemd/centos/srpm_path +++ b/base/systemd/centos/srpm_path @@ -1 +1 @@ -mirror:Source/systemd-219-57.el7.src.rpm +mirror:Source/systemd-219-62.el7.src.rpm diff --git a/base/watchdog/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/base/watchdog/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index 4e3359b40..e4b7ad2a6 100644 --- a/base/watchdog/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/base/watchdog/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -11,12 +11,12 @@ diff --git a/SPECS/watchdog.spec b/SPECS/watchdog.spec index 75ce3dd..88c4245 100644 --- a/SPECS/watchdog.spec +++ b/SPECS/watchdog.spec -@@ -1,7 +1,7 @@ +@@ -2,7 +2,7 @@ Summary: Software and/or Hardware watchdog daemon Name: watchdog Version: 5.13 --Release: 11%{?dist} -+Release: 11.el7%{?_tis_dist}.%{tis_patch_ver} +-Release: 12%{?dist} ++Release: 12.el7%{?_tis_dist}.%{tis_patch_ver} License: GPLv2+ URL: http://sourceforge.net/projects/watchdog/ diff --git a/base/watchdog/centos/meta_patches/spec-TiS-changes.patch b/base/watchdog/centos/meta_patches/spec-TiS-changes.patch index 13f2e7161..fc6f3ac43 100644 --- a/base/watchdog/centos/meta_patches/spec-TiS-changes.patch +++ b/base/watchdog/centos/meta_patches/spec-TiS-changes.patch @@ -14,7 +14,7 @@ diff --git a/SPECS/watchdog.spec b/SPECS/watchdog.spec index 7eeacc9..75ce3dd 100644 --- a/SPECS/watchdog.spec +++ b/SPECS/watchdog.spec -@@ -18,6 +18,7 @@ Patch1: 0001-watchdog-Clearer-help-output.patch +@@ -19,6 +19,7 @@ Patch1: 0001-watchdog-Clearer-help-output.patch Patch2: 0002-wd_identify-wd_keepalive-Document-c-config-file-in-h.patch Patch3: 0003-watchdog-5.13-rhsel.patch Patch4: 0004-watchdog-5.13-rhseldoc.patch @@ -22,7 +22,7 @@ index 7eeacc9..75ce3dd 100644 BuildRequires: systemd-units -@@ -49,6 +50,7 @@ expiration) initiated by the BMC. +@@ -50,6 +51,7 @@ expiration) initiated by the BMC. %patch2 -p1 -b .keepalive %patch3 -p1 -b .rhsel %patch4 -p1 -b .rhseldoc diff --git a/base/watchdog/centos/srpm_path b/base/watchdog/centos/srpm_path index dbfb5a496..58c57a835 100644 --- a/base/watchdog/centos/srpm_path +++ b/base/watchdog/centos/srpm_path @@ -1 +1 @@ -mirror:Source/watchdog-5.13-11.el7.src.rpm +mirror:Source/watchdog-5.13-12.el7.src.rpm diff --git a/config/puppet-modules/openstack/puppet-openstacklib-11.3.0/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/config/puppet-modules/openstack/puppet-openstacklib-11.3.0/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index 350bed51d..e9f6fc500 100644 --- a/config/puppet-modules/openstack/puppet-openstacklib-11.3.0/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/config/puppet-modules/openstack/puppet-openstacklib-11.3.0/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -14,12 +14,12 @@ index 7f3bbd8..8bf2c1b 100644 @@ -1,7 +1,7 @@ %{!?upstream_version: %global upstream_version %{version}%{?milestone}} Name: puppet-openstacklib - Version: 11.3.0 + Version: 11.5.0 -Release: 1%{?dist} +Release: 1.el7%{?_tis_dist}.%{tis_patch_ver} Summary: Puppet OpenStack Libraries License: ASL 2.0 -- -1.8.3.1 +2.7.4 diff --git a/config/puppet-modules/openstack/puppet-openstacklib-11.3.0/centos/meta_patches/0002-Add-TIS-patch.patch b/config/puppet-modules/openstack/puppet-openstacklib-11.3.0/centos/meta_patches/0002-Add-TIS-patch.patch index 5fea85474..d8ae8a044 100644 --- a/config/puppet-modules/openstack/puppet-openstacklib-11.3.0/centos/meta_patches/0002-Add-TIS-patch.patch +++ b/config/puppet-modules/openstack/puppet-openstacklib-11.3.0/centos/meta_patches/0002-Add-TIS-patch.patch @@ -11,7 +11,7 @@ diff --git a/SPECS/puppet-openstacklib.spec b/SPECS/puppet-openstacklib.spec index 0ed0c1d..38faf85 100644 --- a/SPECS/puppet-openstacklib.spec +++ b/SPECS/puppet-openstacklib.spec -@@ -8,6 +8,7 @@ License: Apache-2.0 +@@ -8,6 +8,7 @@ License: ASL 2.0 URL: https://launchpad.net/puppet-openstacklib Source0: https://tarballs.openstack.org/%{name}/%{name}-%{upstream_version}.tar.gz diff --git a/config/puppet-modules/openstack/puppet-openstacklib-11.3.0/centos/patches/0003-distributed-keystone-for-system-controller.patch b/config/puppet-modules/openstack/puppet-openstacklib-11.3.0/centos/patches/0003-distributed-keystone-for-system-controller.patch index fc0b4a898..ee33321e2 100644 --- a/config/puppet-modules/openstack/puppet-openstacklib-11.3.0/centos/patches/0003-distributed-keystone-for-system-controller.patch +++ b/config/puppet-modules/openstack/puppet-openstacklib-11.3.0/centos/patches/0003-distributed-keystone-for-system-controller.patch @@ -1,14 +1,17 @@ +From 2d8bb7de61c91b3adbf7486a3f0ad43f97f49a52 Mon Sep 17 00:00:00 2001 From: Kam Nasim Date: Fri, 11 May 2018 11:35:59 -0600 Subject: [PATCH 1/1] Add Distributed Keystone region name option for system controller --- - lib/puppet/provider/openstack.rb | 1 + + lib/puppet/provider/openstack.rb | 1 + 1 file changed, 1 insertion(+) +diff --git a/lib/puppet/provider/openstack.rb b/lib/puppet/provider/openstack.rb +index 53f2366..232d615 100644 --- a/lib/puppet/provider/openstack.rb +++ b/lib/puppet/provider/openstack.rb -@@ -55,6 +55,7 @@ class Puppet::Provider::Openstack < Pupp +@@ -55,6 +55,7 @@ class Puppet::Provider::Openstack < Puppet::Provider Timeout.timeout(command_timeout(action)) do args.unshift('--os-interface', 'internal') if systemcontroller? @@ -16,3 +19,6 @@ Subject: [PATCH 1/1] Add Distributed Keystone region name option for system cont args.unshift('--os-region-name', 'SystemController') end openstack_command *args +-- +2.7.4 + diff --git a/config/puppet-modules/openstack/puppet-openstacklib-11.3.0/centos/srpm_path b/config/puppet-modules/openstack/puppet-openstacklib-11.3.0/centos/srpm_path index 609c1cc18..f5c0ad0fd 100644 --- a/config/puppet-modules/openstack/puppet-openstacklib-11.3.0/centos/srpm_path +++ b/config/puppet-modules/openstack/puppet-openstacklib-11.3.0/centos/srpm_path @@ -1 +1 @@ -mirror:Source/puppet-openstacklib-11.3.0-1.el7.src.rpm +mirror:Source/puppet-openstacklib-11.5.0-1.el7.src.rpm diff --git a/grub/grub2/centos/meta_patches/0001-grub2-Update-package-versioning-for-TIS-format.patch b/grub/grub2/centos/meta_patches/0001-grub2-Update-package-versioning-for-TIS-format.patch index b221ef7ff..e8cd15056 100644 --- a/grub/grub2/centos/meta_patches/0001-grub2-Update-package-versioning-for-TIS-format.patch +++ b/grub/grub2/centos/meta_patches/0001-grub2-Update-package-versioning-for-TIS-format.patch @@ -11,12 +11,12 @@ diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec index 12d34ad..88c6c09 100644 --- a/SPECS/grub2.spec +++ b/SPECS/grub2.spec -@@ -6,7 +6,7 @@ +@@ -17,7 +17,7 @@ Name: grub2 Epoch: 1 Version: 2.02 --Release: 0.65%{?dist}%{?buildid}.2 -+Release: 0.65.el7.centos.2%{?_tis_dist}.%{tis_patch_ver} +-Release: 0.76%{?dist}%{?buildid} ++Release: 0.76.el7.centos%{?_tis_dist}.%{tis_patch_ver} Summary: Bootloader with support for Linux, Multiboot and more Group: System Environment/Base License: GPLv3+ diff --git a/grub/grub2/centos/meta_patches/0003-grub2-remove-debug-pkgs.patch b/grub/grub2/centos/meta_patches/0003-grub2-remove-debug-pkgs.patch index b89beac76..7e3a4fbad 100644 --- a/grub/grub2/centos/meta_patches/0003-grub2-remove-debug-pkgs.patch +++ b/grub/grub2/centos/meta_patches/0003-grub2-remove-debug-pkgs.patch @@ -12,7 +12,7 @@ diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec index 88c6c09..11f6b0e 100644 --- a/SPECS/grub2.spec +++ b/SPECS/grub2.spec -@@ -172,7 +172,6 @@ rm -f grub-%{tarversion}/util/grub-setpassword.in.orig +@@ -187,7 +187,6 @@ rm -f grub-%{tarversion}/util/grub-setpassword.in.orig %install set -e rm -fr $RPM_BUILD_ROOT @@ -20,7 +20,7 @@ index 88c6c09..11f6b0e 100644 %do_common_install %if 0%{with_efi_arch} %do_efi_install %{grubefiarch} %{grubefiname} %{grubeficdname} -@@ -199,25 +198,6 @@ cat << EOF > ${RPM_BUILD_ROOT}%{_sysconfdir}/prelink.conf.d/grub2.conf +@@ -215,25 +214,6 @@ cat << EOF > ${RPM_BUILD_ROOT}%{_sysconfdir}/prelink.conf.d/grub2.conf -b /usr/sbin/grub2-sparc64-setup EOF diff --git a/grub/grub2/centos/meta_patches/0004-grub2-remove-32b-requirements.patch b/grub/grub2/centos/meta_patches/0004-grub2-remove-32b-requirements.patch index 4362b126f..bfdbfd219 100644 --- a/grub/grub2/centos/meta_patches/0004-grub2-remove-32b-requirements.patch +++ b/grub/grub2/centos/meta_patches/0004-grub2-remove-32b-requirements.patch @@ -2,7 +2,7 @@ diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec index 11f6b0e..613f2e1 100644 --- a/SPECS/grub2.spec +++ b/SPECS/grub2.spec -@@ -37,11 +37,6 @@ BuildRequires: /usr/lib64/crt1.o glibc-static glibc-devel +@@ -49,11 +49,6 @@ BuildRequires: /usr/lib64/crt1.o glibc-static glibc-devel BuildRequires: /usr/lib64/crt1.o glibc-static(x86-64) glibc-devel(x86-64) # glibc32 is what will be in the buildroots, but glibc-static(x86-32) is what # will be in an epel-7 (i.e. centos) mock root. I think. diff --git a/grub/grub2/centos/meta_patches/0005-grub2-remove-32b-build.patch b/grub/grub2/centos/meta_patches/0005-grub2-remove-32b-build.patch index e643e99b2..1bb26ce0c 100644 --- a/grub/grub2/centos/meta_patches/0005-grub2-remove-32b-build.patch +++ b/grub/grub2/centos/meta_patches/0005-grub2-remove-32b-build.patch @@ -11,7 +11,7 @@ diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros index 10f74df..075727c 100644 --- a/SOURCES/grub.macros +++ b/SOURCES/grub.macros -@@ -81,15 +81,6 @@ +@@ -82,15 +82,6 @@ %global legacy_package_arch pc %global platform pc @@ -25,11 +25,11 @@ index 10f74df..075727c 100644 - -e 's/-m64//g' \\\ - ) %{nil} %endif - - %ifarch aarch64 -@@ -381,6 +372,7 @@ cd grub-%{1}-%{tarversion} \ - install -m 755 -d $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/ \ - install -m 755 -d $RPM_BUILD_ROOT/boot/grub2/ \ + %ifarch %{ix86} + %global target_cpu_name %{_arch} +@@ -401,6 +392,7 @@ cd grub-%{1}-%{tarversion} \ + install -m 700 -d $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/ \ + install -m 700 -d $RPM_BUILD_ROOT/boot/grub2/ \ make DESTDIR=$RPM_BUILD_ROOT install \ +find $RPM_BUILD_ROOT -name "grub2-bios-setup*" | xargs rm -f \ if [ -f $RPM_BUILD_ROOT%{_infodir}/grub.info ]; then \ diff --git a/grub/grub2/centos/meta_patches/0006-grub2-ship-lst-files.patch b/grub/grub2/centos/meta_patches/0006-grub2-ship-lst-files.patch index 6f6774dee..73ac89b13 100644 --- a/grub/grub2/centos/meta_patches/0006-grub2-ship-lst-files.patch +++ b/grub/grub2/centos/meta_patches/0006-grub2-ship-lst-files.patch @@ -11,8 +11,8 @@ diff --git a/SPECS/grub2.spec b/SPECS/grub2.spec index 613f2e1..7e11008 100644 --- a/SPECS/grub2.spec +++ b/SPECS/grub2.spec -@@ -265,6 +265,8 @@ fi - +@@ -299,6 +299,8 @@ fi + %ifarch x86_64 %files common -f grub.lang %dir %{_libdir}/grub/ +%dir %{_libdir}/grub/%{grubefiarch}/ diff --git a/grub/grub2/centos/meta_patches/0007-1000_linux-mktitle-de-brand-the-grub.cfg-menu.patch b/grub/grub2/centos/meta_patches/0007-1000_linux-mktitle-de-brand-the-grub.cfg-menu.patch index ea8a5a2c0..f92f90958 100644 --- a/grub/grub2/centos/meta_patches/0007-1000_linux-mktitle-de-brand-the-grub.cfg-menu.patch +++ b/grub/grub2/centos/meta_patches/0007-1000_linux-mktitle-de-brand-the-grub.cfg-menu.patch @@ -11,10 +11,10 @@ diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches index bac4594..d7475f0 100644 --- a/SOURCES/grub.patches +++ b/SOURCES/grub.patches -@@ -258,3 +258,4 @@ Patch0257: 0257-set-rootpath.patch - Patch0258: 0258-Fix-one-more-coverity-complaint.patch - Patch0260: 0260-Fix-up-linux-params-usage.patch - Patch0261: 0261-Fix-grub_net_hwaddr_to_str.patch +@@ -286,3 +286,4 @@ Patch0285: 0285-editenv-handle-relative-symlinks.patch + Patch0286: 0286-efinet-also-use-the-firmware-acceleration-for-http.patch + Patch0287: 0287-Make-root_url-reflect-the-protocol-hostname-of-our-b.patch + Patch0289: 0288-efi-uga-Fix-PCIe-LER-when-GRUB2-accesses-non-enabled.patch +Patch1000: 1000_linux-mktitle-de-brand-the-grub.cfg-menu.patch -- 2.7.4 diff --git a/grub/grub2/centos/meta_patches/0008-grub2-Build-unsigned-package.patch b/grub/grub2/centos/meta_patches/0008-grub2-Build-unsigned-package.patch index d084875cc..019da45cb 100644 --- a/grub/grub2/centos/meta_patches/0008-grub2-Build-unsigned-package.patch +++ b/grub/grub2/centos/meta_patches/0008-grub2-Build-unsigned-package.patch @@ -11,7 +11,7 @@ diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros index 075727c..5581deb 100644 --- a/SOURCES/grub.macros +++ b/SOURCES/grub.macros -@@ -215,6 +215,13 @@ Requires: %{name}-common = %{evr} \ +@@ -235,6 +235,13 @@ Requires: %{name}-common = %{evr} \ %{expand:%%description %{1}-cdboot} \ %{desc} \ This subpackage provides optional components of grub used with removeable media on %{1} systems.\ @@ -25,7 +25,7 @@ index 075727c..5581deb 100644 %{nil} %global do_common_setup() \ -@@ -289,6 +296,8 @@ done \ +@@ -309,6 +316,8 @@ done \ -p /EFI/%{efidir} -d grub-core ${GRUB_MODULES} \ %{4}./grub-mkimage -O %{1} -o %{3}.orig \\\ -p /EFI/BOOT -d grub-core ${GRUB_MODULES} \ @@ -34,20 +34,20 @@ index 075727c..5581deb 100644 %{expand:%%{pesign -s -i %{2}.orig -o %{2} -a %{5} -c %{6} -n %{7}}} \ %{expand:%%{pesign -s -i %{3}.orig -o %{3} -a %{5} -c %{6} -n %{7}}} \ %{nil} -@@ -383,6 +392,8 @@ find $RPM_BUILD_ROOT -iname "*.module" -exec chmod a-x {} '\;' \ +@@ -403,6 +412,8 @@ find $RPM_BUILD_ROOT -iname "*.module" -exec chmod a-x {} '\;' \ touch $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/grub.cfg \ ln -sf ../boot/efi/EFI/%{efidir}/grub.cfg \\\ $RPM_BUILD_ROOT%{_sysconfdir}/%{name}-efi.cfg \ -+install -m 755 %{2} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{2}.unsigned \ -+install -m 755 %{3} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{3}.unsigned \ - install -m 755 %{2} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{2} \ - install -m 755 %{3} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{3} \ - install -D -m 644 unicode.pf2 \\\ -@@ -473,4 +484,8 @@ cd .. \ ++install -m 700 %{2} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{2}.unsigned \ ++install -m 700 %{3} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{3}.unsigned \ + install -m 700 %{2} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{2} \ + install -m 700 %{3} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{3} \ + install -D -m 700 unicode.pf2 \\\ +@@ -490,4 +501,8 @@ cd .. \ %defattr(-,root,root,-) \ - %attr(0755,root,root)/boot/efi/EFI/%{efidir}/%{3} \ - %attr(0755,root,root)/boot/efi/EFI/%{efidir}/fonts \ -+ \ + %attr(0700,root,root)/boot/efi/EFI/%{efidir}/%{3} \ + %attr(0700,root,root)/boot/efi/EFI/%{efidir}/fonts \ ++ \ +%{expand:%%files %{1}-unsigned} \ +/boot/efi/EFI/%{efidir}/%{grubefiname}.unsigned \ +/boot/efi/EFI/%{efidir}/%{grubeficdname}.unsigned \ diff --git a/grub/grub2/centos/meta_patches/0009-grub2-Build-pxeboot-package.patch b/grub/grub2/centos/meta_patches/0009-grub2-Build-pxeboot-package.patch index c78f4e7f0..5e9e3cbd6 100644 --- a/grub/grub2/centos/meta_patches/0009-grub2-Build-pxeboot-package.patch +++ b/grub/grub2/centos/meta_patches/0009-grub2-Build-pxeboot-package.patch @@ -11,7 +11,7 @@ diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros index 5581deb..9ef91d6 100644 --- a/SOURCES/grub.macros +++ b/SOURCES/grub.macros -@@ -222,6 +222,13 @@ Summary: Unsigned versions of GRUB EFI binaries \ +@@ -242,6 +242,13 @@ Summary: Unsigned versions of GRUB EFI binaries \ %description %{1}-unsigned \ This package contains unsigned version of GRUB EFI binaries. \ \ @@ -25,15 +25,15 @@ index 5581deb..9ef91d6 100644 %{nil} %global do_common_setup() \ -@@ -394,6 +401,7 @@ ln -sf ../boot/efi/EFI/%{efidir}/grub.cfg \\\ +@@ -414,6 +421,7 @@ ln -sf ../boot/efi/EFI/%{efidir}/grub.cfg \\\ $RPM_BUILD_ROOT%{_sysconfdir}/%{name}-efi.cfg \ - install -m 755 %{2} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{2}.unsigned \ - install -m 755 %{3} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{3}.unsigned \ + install -m 700 %{2} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{2}.unsigned \ + install -m 700 %{3} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{3}.unsigned \ +install -D -m 755 %{2} $RPM_BUILD_ROOT/pxeboot/EFI/%{2} \ - install -m 755 %{2} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{2} \ - install -m 755 %{3} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{3} \ - install -D -m 644 unicode.pf2 \\\ -@@ -488,4 +496,8 @@ cd .. \ + install -m 700 %{2} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{2} \ + install -m 700 %{3} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/%{3} \ + install -D -m 700 unicode.pf2 \\\ +@@ -505,4 +513,8 @@ cd .. \ %{expand:%%files %{1}-unsigned} \ /boot/efi/EFI/%{efidir}/%{grubefiname}.unsigned \ /boot/efi/EFI/%{efidir}/%{grubeficdname}.unsigned \ diff --git a/grub/grub2/centos/meta_patches/0010-grub2-add-tboot.patch b/grub/grub2/centos/meta_patches/0010-grub2-add-tboot.patch index 847f6e018..242514cf2 100644 --- a/grub/grub2/centos/meta_patches/0010-grub2-add-tboot.patch +++ b/grub/grub2/centos/meta_patches/0010-grub2-add-tboot.patch @@ -12,7 +12,7 @@ diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros index 9ef91d6..ffdd23c 100644 --- a/SOURCES/grub.macros +++ b/SOURCES/grub.macros -@@ -81,6 +81,10 @@ +@@ -82,6 +82,10 @@ %global legacy_package_arch pc %global platform pc @@ -21,9 +21,9 @@ index 9ef91d6..ffdd23c 100644 +%global wrs_modules "" + %endif - - %ifarch aarch64 -@@ -327,6 +331,7 @@ GRUB_MODULES=" all_video boot btrfs cat chain configfile echo \\\ + %ifarch %{ix86} + %global target_cpu_name %{_arch} +@@ -347,6 +351,7 @@ GRUB_MODULES=" all_video boot btrfs cat chain configfile echo \\\ search_label serial sleep syslinuxcfg test tftp \\\ video xfs" \ GRUB_MODULES+=%{efi_modules} \ @@ -35,9 +35,9 @@ diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches index d7475f0..e24bd8c 100644 --- a/SOURCES/grub.patches +++ b/SOURCES/grub.patches -@@ -259,3 +259,4 @@ Patch0258: 0258-Fix-one-more-coverity-complaint.patch - Patch0260: 0260-Fix-up-linux-params-usage.patch - Patch0261: 0261-Fix-grub_net_hwaddr_to_str.patch +@@ -287,3 +287,4 @@ Patch0286: 0286-efinet-also-use-the-firmware-acceleration-for-http.patch + Patch0287: 0287-Make-root_url-reflect-the-protocol-hostname-of-our-b.patch + Patch0289: 0288-efi-uga-Fix-PCIe-LER-when-GRUB2-accesses-non-enabled.patch Patch1000: 1000_linux-mktitle-de-brand-the-grub.cfg-menu.patch +Patch1001: 1001-add-tboot.patch -- diff --git a/grub/grub2/centos/meta_patches/0011-grub2-fix-str-for-6B-macs.patch b/grub/grub2/centos/meta_patches/0011-grub2-fix-str-for-6B-macs.patch index 68a48175c..27d00e42f 100644 --- a/grub/grub2/centos/meta_patches/0011-grub2-fix-str-for-6B-macs.patch +++ b/grub/grub2/centos/meta_patches/0011-grub2-fix-str-for-6B-macs.patch @@ -1,7 +1,8 @@ From 5e0c8a6125403db7e90990d20c1cdda5cb9deb78 Mon Sep 17 00:00:00 2001 From: jmckenna Date: Wed, 28 Mar 2018 14:08:57 -0400 -Subject: Patch GRUB so that it doesn't add a trailing colon after MAC +Subject: [PATCH 11/12] Patch GRUB so that it doesn't add a trailing colon + after MAC A CentOS GRUB patch added support for macs > 6B in size. This breaks PXEbooting the installer, because a routine within grub @@ -15,7 +16,7 @@ diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros index ffdd23c..8fcb272 100644 --- a/SOURCES/grub.macros +++ b/SOURCES/grub.macros -@@ -81,7 +81,7 @@ +@@ -82,7 +82,7 @@ %global legacy_package_arch pc %global platform pc @@ -28,8 +29,8 @@ diff --git a/SOURCES/grub.patches b/SOURCES/grub.patches index e24bd8c..73ccdee 100644 --- a/SOURCES/grub.patches +++ b/SOURCES/grub.patches -@@ -260,3 +260,5 @@ Patch0260: 0260-Fix-up-linux-params-usage.patch - Patch0261: 0261-Fix-grub_net_hwaddr_to_str.patch +@@ -288,3 +288,5 @@ Patch0287: 0287-Make-root_url-reflect-the-protocol-hostname-of-our-b.patch + Patch0289: 0288-efi-uga-Fix-PCIe-LER-when-GRUB2-accesses-non-enabled.patch Patch1000: 1000_linux-mktitle-de-brand-the-grub.cfg-menu.patch Patch1001: 1001-add-tboot.patch +Patch1002: 1002-Don-t-write-trailing-colon-when-populating-MAC-strin.patch diff --git a/grub/grub2/centos/meta_patches/0012-grub2-Don-t-strip-img-files-from-non-EFI-build.patch b/grub/grub2/centos/meta_patches/0012-grub2-Don-t-strip-img-files-from-non-EFI-build.patch index 1dab2b34f..8d95c8576 100644 --- a/grub/grub2/centos/meta_patches/0012-grub2-Don-t-strip-img-files-from-non-EFI-build.patch +++ b/grub/grub2/centos/meta_patches/0012-grub2-Don-t-strip-img-files-from-non-EFI-build.patch @@ -11,7 +11,7 @@ diff --git a/SOURCES/grub.macros b/SOURCES/grub.macros index 8fcb272..cd2da06 100644 --- a/SOURCES/grub.macros +++ b/SOURCES/grub.macros -@@ -471,8 +471,6 @@ cd .. \ +@@ -488,8 +488,6 @@ cd .. \ %defattr(-,root,root) \ %dir %{_libdir}/grub/%{2}/ \ %{_libdir}/grub/%{2}/* \ diff --git a/grub/grub2/centos/patches/1002-Don-t-write-trailing-colon-when-populating-MAC-strin.patch b/grub/grub2/centos/patches/1002-Don-t-write-trailing-colon-when-populating-MAC-strin.patch index 68afb58c5..68e665343 100644 --- a/grub/grub2/centos/patches/1002-Don-t-write-trailing-colon-when-populating-MAC-strin.patch +++ b/grub/grub2/centos/patches/1002-Don-t-write-trailing-colon-when-populating-MAC-strin.patch @@ -11,7 +11,7 @@ diff --git a/grub-core/net/net.c b/grub-core/net/net.c index a6566bd..f3f964e 100644 --- a/grub-core/net/net.c +++ b/grub-core/net/net.c -@@ -794,11 +794,18 @@ grub_net_hwaddr_to_str (const grub_net_link_level_address_t *addr, char *str) +@@ -797,11 +797,18 @@ grub_net_hwaddr_to_str (const grub_net_link_level_address_t *addr, char *str) return; } maxstr = addr->len * grub_strlen ("XX:"); diff --git a/grub/grub2/centos/srpm_path b/grub/grub2/centos/srpm_path index 7eb22e359..996afa187 100644 --- a/grub/grub2/centos/srpm_path +++ b/grub/grub2/centos/srpm_path @@ -1 +1 @@ -mirror:Source/grub2-2.02-0.65.el7.centos.2.src.rpm +mirror:Source/grub2-2.02-0.76.el7.centos.src.rpm diff --git a/grub/grubby/centos/meta_patches/0001-grubby-Update-package-versioning-for-TIS-format.patch b/grub/grubby/centos/meta_patches/0001-grubby-Update-package-versioning-for-TIS-format.patch index 2e0ef7bd4..9dfb713fd 100644 --- a/grub/grubby/centos/meta_patches/0001-grubby-Update-package-versioning-for-TIS-format.patch +++ b/grub/grubby/centos/meta_patches/0001-grubby-Update-package-versioning-for-TIS-format.patch @@ -17,8 +17,8 @@ index dd8fa7f..22bff31 100644 @@ -1,6 +1,6 @@ Name: grubby Version: 8.28 --Release: 23%{?dist} -+Release: 23.el7%{?_tis_dist}.%{tis_patch_ver} +-Release: 25%{?dist} ++Release: 25.el7%{?_tis_dist}.%{tis_patch_ver} Summary: Command line tool for updating bootloader configs Group: System Environment/Base License: GPLv2+ diff --git a/grub/grubby/centos/meta_patches/0002-grubby-Generic-name-for-Titanium.patch b/grub/grubby/centos/meta_patches/0002-grubby-Generic-name-for-Titanium.patch index ba1707708..57f910281 100644 --- a/grub/grubby/centos/meta_patches/0002-grubby-Generic-name-for-Titanium.patch +++ b/grub/grubby/centos/meta_patches/0002-grubby-Generic-name-for-Titanium.patch @@ -11,9 +11,9 @@ diff --git a/SPECS/grubby.spec b/SPECS/grubby.spec index 22bff31..882339a 100644 --- a/SPECS/grubby.spec +++ b/SPECS/grubby.spec -@@ -83,6 +83,9 @@ Patch0073: 0073-Fix-info-for-s390x-s390-1285601.patch - Patch0074: 0074-Add-s390-s390x-set-default-index-test-1285601.patch +@@ -84,6 +84,9 @@ Patch0074: 0074-Add-s390-s390x-set-default-index-test-1285601.patch Patch0075: 0075-Fix-setDefaultImage-for-s390-s390x-1285601.patch + Patch0076: 0076-grubby-Make-sure-configure-BOOTLOADER-variables-are-.patch +# WRS Titanium patches +Patch1000: 1000-Generic-name-for-Titanium.patch diff --git a/grub/grubby/centos/meta_patches/0003-grubby-add-multiboot2.patch b/grub/grubby/centos/meta_patches/0003-grubby-add-multiboot2.patch index 0c021e3e3..fe02e09c9 100644 --- a/grub/grubby/centos/meta_patches/0003-grubby-add-multiboot2.patch +++ b/grub/grubby/centos/meta_patches/0003-grubby-add-multiboot2.patch @@ -11,7 +11,7 @@ diff --git a/SPECS/grubby.spec b/SPECS/grubby.spec index 071463a..a3bb371 100644 --- a/SPECS/grubby.spec +++ b/SPECS/grubby.spec -@@ -85,6 +85,7 @@ Patch0075: 0075-Fix-setDefaultImage-for-s390-s390x-1285601.patch +@@ -86,6 +86,7 @@ Patch0076: 0076-grubby-Make-sure-configure-BOOTLOADER-variables-are-.patch # WRS Titanium patches Patch1000: 1000-Generic-name-for-Titanium.patch @@ -19,7 +19,7 @@ index 071463a..a3bb371 100644 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: pkgconfig glib2-devel popt-devel -@@ -101,6 +102,10 @@ Requires: s390utils-base +@@ -102,6 +103,10 @@ Requires: s390utils-base Requires: uboot-tools %endif Requires: system-release @@ -30,7 +30,7 @@ index 071463a..a3bb371 100644 %description grubby is a command line tool for updating and displaying information about -@@ -140,6 +145,11 @@ mkdir -p $RPM_BUILD_ROOT/boot +@@ -142,6 +147,11 @@ mkdir -p $RPM_BUILD_ROOT/boot echo " " >> $RPM_BUILD_ROOT/boot/boot.scr %endif @@ -42,7 +42,7 @@ index 071463a..a3bb371 100644 %clean rm -rf $RPM_BUILD_ROOT -@@ -152,6 +162,11 @@ rm -rf $RPM_BUILD_ROOT +@@ -154,6 +164,11 @@ rm -rf $RPM_BUILD_ROOT %{_prefix}/sbin/installkernel %{_prefix}/sbin/new-kernel-pkg %{_prefix}/sbin/grubby @@ -53,7 +53,7 @@ index 071463a..a3bb371 100644 + %{_mandir}/man8/*.8* /usr/libexec/grubby/prune_debug - %ghost %config(noreplace) %{_sysconfdir}/sysconfig/kernel + %ghost %attr(0644,-,-) %config(noreplace) %{_sysconfdir}/sysconfig/kernel -- 1.8.3.1 diff --git a/grub/grubby/centos/srpm_path b/grub/grubby/centos/srpm_path index 09f4c437b..e07ec94cb 100644 --- a/grub/grubby/centos/srpm_path +++ b/grub/grubby/centos/srpm_path @@ -1 +1 @@ -mirror:Source/grubby-8.28-23.el7.src.rpm +mirror:Source/grubby-8.28-25.el7.src.rpm diff --git a/kernel/kernel-modules/integrity/centos/build_srpm.data b/kernel/kernel-modules/integrity/centos/build_srpm.data index d07dc140a..1e3f38ac0 100644 --- a/kernel/kernel-modules/integrity/centos/build_srpm.data +++ b/kernel/kernel-modules/integrity/centos/build_srpm.data @@ -2,4 +2,4 @@ COPY_LIST=" \ $FILES_BASE/* \ $PATCHES_BASE/* \ $STX_BASE/downloads/integrity-kmod-e6aef069.tar.gz" -TIS_PATCH_VER=5 +TIS_PATCH_VER=7 diff --git a/kernel/kernel-modules/integrity/centos/integrity-kmod.spec b/kernel/kernel-modules/integrity/centos/integrity-kmod.spec index c0e6ee45f..1c70a882e 100644 --- a/kernel/kernel-modules/integrity/centos/integrity-kmod.spec +++ b/kernel/kernel-modules/integrity/centos/integrity-kmod.spec @@ -36,6 +36,7 @@ Patch02: 0002-integrity-expose-module-params.patch Patch03: 0003-integrity-restrict-by-iversion.patch Patch04: 0004-integrity-disable-set-xattr-on-imasig.patch Patch05: Changes-for-CentOS-7.4-support.patch +Patch06: Changes-for-CentOS-7.6-support.patch %define kversion %(rpm -q kernel%{?bt_ext}-devel | sort --version-sort | tail -1 | sed 's/kernel%{?bt_ext}-devel-//') diff --git a/kernel/kernel-modules/integrity/centos/patches/Changes-for-CentOS-7.6-support.patch b/kernel/kernel-modules/integrity/centos/patches/Changes-for-CentOS-7.6-support.patch new file mode 100644 index 000000000..4d8c62473 --- /dev/null +++ b/kernel/kernel-modules/integrity/centos/patches/Changes-for-CentOS-7.6-support.patch @@ -0,0 +1,78 @@ +From 5b60e1a889246a5a0d131e74ceaf240fc0637c9f Mon Sep 17 00:00:00 2001 +From: Shuicheng Lin +Date: Sat, 29 Dec 2018 02:51:39 +0800 +Subject: [PATCH] pick upstream patch to fix build failure with CentOS 7.6 + 3.10.0-957.1.3 kernel + +Pick upstream patch from "git://git.infradead.org/users/jjs/linux-tpmdd.git" + +" +From aad887f6641145fec2a801da2ce4ed36cf99c6a5 Mon Sep 17 00:00:00 2001 +From: Jarkko Sakkinen +Date: Sun, 5 Nov 2017 13:16:26 +0200 +Subject: [PATCH] tpm: use struct tpm_chip for tpm_chip_find_get() + +Device number (the character device index) is not a stable identifier +for a TPM chip. That is the reason why every call site passes +TPM_ANY_NUM to tpm_chip_find_get(). + +This commit changes the API in a way that instead a struct tpm_chip +instance is given and NULL means the default chip. In addition, this +commit refines the documentation to be up to date with the +implementation. + +Suggested-by: Jason Gunthorpe (@chip_num -> @chip part) +Signed-off-by: Jarkko Sakkinen +Reviewed-by: Jason Gunthorpe +Tested-by: PrasannaKumar Muralidharan +" + +Signed-off-by: Shuicheng Lin +--- + ima/ima_crypto.c | 2 +- + ima/ima_init.c | 2 +- + ima/ima_queue.c | 2 +- + 3 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/ima/ima_crypto.c b/ima/ima_crypto.c +index 802d5d2..3371d13 100644 +--- a/ima/ima_crypto.c ++++ b/ima/ima_crypto.c +@@ -644,7 +644,7 @@ static void __init ima_pcrread(int idx, u8 *pcr) + if (!ima_used_chip) + return; + +- if (tpm_pcr_read(TPM_ANY_NUM, idx, pcr) != 0) ++ if (tpm_pcr_read(NULL, idx, pcr) != 0) + pr_err("Error Communicating to TPM chip\n"); + } + +diff --git a/ima/ima_init.c b/ima/ima_init.c +index a7362e8..577c7b7 100644 +--- a/ima/ima_init.c ++++ b/ima/ima_init.c +@@ -115,7 +115,7 @@ int __init ima_init(void) + + if (ima_used_chip != 0) { + ima_used_chip = 0; +- rc = tpm_pcr_read(TPM_ANY_NUM, 0, pcr_i); ++ rc = tpm_pcr_read(NULL, 0, pcr_i); + if (rc == 0) + ima_used_chip = 1; + } +diff --git a/ima/ima_queue.c b/ima/ima_queue.c +index d9aa5ab..9946363 100644 +--- a/ima/ima_queue.c ++++ b/ima/ima_queue.c +@@ -145,7 +145,7 @@ static int ima_pcr_extend(const u8 *hash, int pcr) + if (!ima_used_chip) + return result; + +- result = tpm_pcr_extend(TPM_ANY_NUM, pcr, hash); ++ result = tpm_pcr_extend(NULL, pcr, hash); + if (result != 0) + pr_err("Error Communicating to TPM chip, result: %d\n", result); + return result; +-- +2.7.4 + diff --git a/kernel/kernel-modules/intel-i40e/centos/build_srpm.data b/kernel/kernel-modules/intel-i40e/centos/build_srpm.data index a7df34cf6..47321e589 100644 --- a/kernel/kernel-modules/intel-i40e/centos/build_srpm.data +++ b/kernel/kernel-modules/intel-i40e/centos/build_srpm.data @@ -1,4 +1,4 @@ COPY_LIST=" \ $PKG_BASE/files/* \ - $STX_BASE/downloads/i40e-2.4.10.tar.gz" + $STX_BASE/downloads/i40e-2.7.29.tar.gz" TIS_PATCH_VER=1 diff --git a/kernel/kernel-modules/intel-i40e/centos/i40e-kmod.spec b/kernel/kernel-modules/intel-i40e/centos/i40e-kmod.spec index 6b6eed99b..04cd3eb34 100644 --- a/kernel/kernel-modules/intel-i40e/centos/i40e-kmod.spec +++ b/kernel/kernel-modules/intel-i40e/centos/i40e-kmod.spec @@ -8,7 +8,7 @@ %define kmod_name i40e Name: %{kmod_name}-kmod%{?bt_ext} -Version: 2.4.10 +Version: 2.7.29 Release: 0%{?_tis_dist}.%{tis_patch_ver} Group: System Environment/Kernel License: GPLv2 diff --git a/kernel/kernel-modules/intel-i40e/files/i40e-Enable-getting-link-status-from-VF.patch b/kernel/kernel-modules/intel-i40e/files/i40e-Enable-getting-link-status-from-VF.patch index 0612126d8..9807529d0 100644 --- a/kernel/kernel-modules/intel-i40e/files/i40e-Enable-getting-link-status-from-VF.patch +++ b/kernel/kernel-modules/intel-i40e/files/i40e-Enable-getting-link-status-from-VF.patch @@ -19,7 +19,7 @@ diff --git a/src/i40e_virtchnl_pf.c b/src/i40e_virtchnl_pf.c index 020bacb..126ec19 100644 --- a/src/i40e_virtchnl_pf.c +++ b/src/i40e_virtchnl_pf.c -@@ -1857,6 +1857,81 @@ error_param: +@@ -2559,6 +2559,81 @@ static int i40e_vc_config_promiscuous_mode_msg(struct i40e_vf *vf, u8 *msg) aq_ret); } @@ -101,24 +101,24 @@ index 020bacb..126ec19 100644 /** * i40e_vc_config_queues_msg * @vf: pointer to the VF info -@@ -2901,6 +2976,9 @@ int i40e_vc_process_vf_msg(struct i40e_pf *pf, s16 vf_id, u32 v_opcode, +@@ -4300,6 +4375,9 @@ int i40e_vc_process_vf_msg(struct i40e_pf *pf, s16 vf_id, u32 v_opcode, case VIRTCHNL_OP_REQUEST_QUEUES: - ret = i40e_vc_request_queues_msg(vf, msg, msglen); + ret = i40e_vc_request_queues_msg(vf, msg); break; + case VIRTCHNL_OP_GET_LINK_STAT: + i40e_vc_get_link_status(vf); + break; - - case VIRTCHNL_OP_UNKNOWN: - default: + #ifdef __TC_MQPRIO_MODE_MAX + case VIRTCHNL_OP_ENABLE_CHANNELS: + ret = i40e_vc_add_qch_msg(vf, msg); diff --git a/src/virtchnl.h b/src/virtchnl.h index afde603..b9b38c0 100644 --- a/src/virtchnl.h +++ b/src/virtchnl.h -@@ -133,6 +133,7 @@ enum virtchnl_ops { - VIRTCHNL_OP_ENABLE_VLAN_STRIPPING = 27, - VIRTCHNL_OP_DISABLE_VLAN_STRIPPING = 28, - VIRTCHNL_OP_REQUEST_QUEUES = 29, +@@ -124,6 +124,7 @@ enum virtchnl_ops { + VIRTCHNL_OP_DISABLE_CHANNELS = 31, + VIRTCHNL_OP_ADD_CLOUD_FILTER = 32, + VIRTCHNL_OP_DEL_CLOUD_FILTER = 33, + VIRTCHNL_OP_GET_LINK_STAT = 0x101, }; diff --git a/kernel/kernel-modules/intel-i40e/files/i40e-add-more-debug-info-for-VFs-still-in-reset.patch b/kernel/kernel-modules/intel-i40e/files/i40e-add-more-debug-info-for-VFs-still-in-reset.patch index fd1cfd309..530aada97 100644 --- a/kernel/kernel-modules/intel-i40e/files/i40e-add-more-debug-info-for-VFs-still-in-reset.patch +++ b/kernel/kernel-modules/intel-i40e/files/i40e-add-more-debug-info-for-VFs-still-in-reset.patch @@ -8,26 +8,15 @@ Subject: [PATCH 2/3] i40e add more debug info for VFs still in reset Signed-off-by: Jim Somerville --- - src/i40e_virtchnl_pf.c | 20 ++++++++++---------- - 1 file changed, 10 insertions(+), 10 deletions(-) + src/i40e_virtchnl_pf.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/i40e_virtchnl_pf.c b/src/i40e_virtchnl_pf.c index 126ec19..da29fc3 100644 --- a/src/i40e_virtchnl_pf.c +++ b/src/i40e_virtchnl_pf.c -@@ -3077,8 +3077,8 @@ int i40e_ndo_set_vf_mac(struct net_device *netdev, int vf_id, u8 *mac) - msleep(20); - } - if (!test_bit(I40E_VF_STATE_INIT, &vf->vf_states)) { -- dev_err(&pf->pdev->dev, "VF %d still in reset. Try again.\n", -- vf_id); -+ dev_err(&pf->pdev->dev, "%s: VF %d still in reset. Try again.\n", -+ __func__, vf_id); - ret = -EAGAIN; - goto error_param; - } -@@ -3218,8 +3218,8 @@ int i40e_ndo_set_vf_port_vlan(struct net_device *netdev, - vf = &(pf->vf[vf_id]); +@@ -4650,8 +4650,8 @@ int i40e_ndo_set_vf_port_vlan(struct net_device *netdev, + vf = &pf->vf[vf_id]; vsi = pf->vsi[vf->lan_vsi_idx]; if (!test_bit(I40E_VF_STATE_INIT, &vf->vf_states)) { - dev_err(&pf->pdev->dev, "VF %d still in reset. Try again.\n", @@ -37,8 +26,8 @@ index 126ec19..da29fc3 100644 ret = -EAGAIN; goto error_pvid; } -@@ -3350,8 +3350,8 @@ int i40e_ndo_set_vf_bw(struct net_device *netdev, int vf_id, int max_tx_rate) - vf = &(pf->vf[vf_id]); +@@ -4784,8 +4784,8 @@ int i40e_ndo_set_vf_bw(struct net_device *netdev, int vf_id, int max_tx_rate) + vf = &pf->vf[vf_id]; vsi = pf->vsi[vf->lan_vsi_idx]; if (!test_bit(I40E_VF_STATE_INIT, &vf->vf_states)) { - dev_err(&pf->pdev->dev, "VF %d still in reset. Try again.\n", @@ -48,7 +37,7 @@ index 126ec19..da29fc3 100644 ret = -EAGAIN; goto error; } -@@ -3443,8 +3443,8 @@ int i40e_ndo_get_vf_config(struct net_device *netdev, +@@ -4844,8 +4844,8 @@ int i40e_ndo_get_vf_config(struct net_device *netdev, /* first vsi is always the LAN vsi */ vsi = pf->vsi[vf->lan_vsi_idx]; if (!test_bit(I40E_VF_STATE_INIT, &vf->vf_states)) { @@ -59,7 +48,7 @@ index 126ec19..da29fc3 100644 ret = -EAGAIN; goto error_param; } -@@ -3576,8 +3576,8 @@ int i40e_ndo_set_vf_spoofchk(struct net_device *netdev, int vf_id, bool enable) +@@ -4989,8 +4989,8 @@ int i40e_ndo_set_vf_spoofchk(struct net_device *netdev, int vf_id, bool enable) vf = &(pf->vf[vf_id]); if (!test_bit(I40E_VF_STATE_INIT, &vf->vf_states)) { diff --git a/kernel/kernel-modules/intel-i40e/files/ndo_get_vf_config-poll-for-out-of-vf-reset.patch b/kernel/kernel-modules/intel-i40e/files/ndo_get_vf_config-poll-for-out-of-vf-reset.patch index 3a30692c6..e8b6ffb38 100644 --- a/kernel/kernel-modules/intel-i40e/files/ndo_get_vf_config-poll-for-out-of-vf-reset.patch +++ b/kernel/kernel-modules/intel-i40e/files/ndo_get_vf_config-poll-for-out-of-vf-reset.patch @@ -19,16 +19,16 @@ diff --git a/src/i40e_virtchnl_pf.c b/src/i40e_virtchnl_pf.c index da29fc3..d5935d6 100644 --- a/src/i40e_virtchnl_pf.c +++ b/src/i40e_virtchnl_pf.c -@@ -3431,6 +3431,7 @@ int i40e_ndo_get_vf_config(struct net_device *netdev, +@@ -4829,6 +4829,7 @@ int i40e_ndo_get_vf_config(struct net_device *netdev, struct i40e_pf *pf = vsi->back; struct i40e_vf *vf; int ret = 0; + u8 i; - /* validate the request */ - if (vf_id >= pf->num_alloc_vfs) { -@@ -3442,6 +3443,16 @@ int i40e_ndo_get_vf_config(struct net_device *netdev, - vf = &(pf->vf[vf_id]); + if (test_and_set_bit(__I40E_VIRTCHNL_OP_PENDING, pf->state)) { + dev_warn(&pf->pdev->dev, "Unable to configure VFs, other operation is pending.\n"); +@@ -4843,6 +4844,16 @@ int i40e_ndo_get_vf_config(struct net_device *netdev, + vf = &pf->vf[vf_id]; /* first vsi is always the LAN vsi */ vsi = pf->vsi[vf->lan_vsi_idx]; + diff --git a/kernel/kernel-modules/intel-i40evf/centos/build_srpm.data b/kernel/kernel-modules/intel-i40evf/centos/build_srpm.data index 4ae6ca876..ee17d7021 100644 --- a/kernel/kernel-modules/intel-i40evf/centos/build_srpm.data +++ b/kernel/kernel-modules/intel-i40evf/centos/build_srpm.data @@ -1,4 +1,4 @@ COPY_LIST=" \ $PKG_BASE/files/* \ - $STX_BASE/downloads/i40evf-3.5.13.tar.gz" + $STX_BASE/downloads/i40evf-3.6.15.tar.gz" TIS_PATCH_VER=1 diff --git a/kernel/kernel-modules/intel-i40evf/centos/i40evf-kmod.spec b/kernel/kernel-modules/intel-i40evf/centos/i40evf-kmod.spec index 85a11eebc..c02915217 100644 --- a/kernel/kernel-modules/intel-i40evf/centos/i40evf-kmod.spec +++ b/kernel/kernel-modules/intel-i40evf/centos/i40evf-kmod.spec @@ -8,7 +8,7 @@ %define kmod_name i40evf Name: %{kmod_name}-kmod%{?bt_ext} -Version: 3.5.13 +Version: 3.6.15 Release: 0%{?_tis_dist}.%{tis_patch_ver} Group: System Environment/Kernel License: GPLv2 diff --git a/kernel/kernel-modules/intel-ixgbe/centos/build_srpm.data b/kernel/kernel-modules/intel-ixgbe/centos/build_srpm.data index 0ac556c64..7b89407ae 100644 --- a/kernel/kernel-modules/intel-ixgbe/centos/build_srpm.data +++ b/kernel/kernel-modules/intel-ixgbe/centos/build_srpm.data @@ -1,4 +1,4 @@ COPY_LIST=" \ $PKG_BASE/files/* \ - $STX_BASE/downloads/ixgbe-5.3.7.tar.gz" + $STX_BASE/downloads/ixgbe-5.5.3.tar.gz" TIS_PATCH_VER=1 diff --git a/kernel/kernel-modules/intel-ixgbe/centos/ixgbe-kmod.spec b/kernel/kernel-modules/intel-ixgbe/centos/ixgbe-kmod.spec index 064d36542..bc52f80be 100644 --- a/kernel/kernel-modules/intel-ixgbe/centos/ixgbe-kmod.spec +++ b/kernel/kernel-modules/intel-ixgbe/centos/ixgbe-kmod.spec @@ -8,7 +8,7 @@ %define kmod_name ixgbe Name: %{kmod_name}-kmod%{?bt_ext} -Version: 5.3.7 +Version: 5.5.3 Release: 0%{?_tis_dist}.%{tis_patch_ver} Group: System Environment/Kernel License: GPLv2 diff --git a/kernel/kernel-modules/intel-ixgbevf/centos/build_srpm.data b/kernel/kernel-modules/intel-ixgbevf/centos/build_srpm.data index 0c6abf9b8..d4b6ceff9 100644 --- a/kernel/kernel-modules/intel-ixgbevf/centos/build_srpm.data +++ b/kernel/kernel-modules/intel-ixgbevf/centos/build_srpm.data @@ -1,4 +1,4 @@ COPY_LIST=" \ $PKG_BASE/files/* \ - $STX_BASE/downloads/ixgbevf-4.3.5.tar.gz" -TIS_PATCH_VER=2 + $STX_BASE/downloads/ixgbevf-4.5.1.tar.gz" +TIS_PATCH_VER=1 diff --git a/kernel/kernel-modules/intel-ixgbevf/centos/ixgbevf-kmod.spec b/kernel/kernel-modules/intel-ixgbevf/centos/ixgbevf-kmod.spec index 61ae5a549..acf1ddf76 100644 --- a/kernel/kernel-modules/intel-ixgbevf/centos/ixgbevf-kmod.spec +++ b/kernel/kernel-modules/intel-ixgbevf/centos/ixgbevf-kmod.spec @@ -8,7 +8,7 @@ %define kmod_name ixgbevf Name: %{kmod_name}-kmod%{?bt_ext} -Version: 4.3.5 +Version: 4.5.1 Release: 0%{?_tis_dist}.%{tis_patch_ver} Group: System Environment/Kernel License: GPLv2 @@ -23,8 +23,6 @@ Source0: %{kmod_name}-%{version}.tar.gz Source5: GPL-v2.0.txt Source11: modules-load.conf -Patch01: 0001-i40evf-Fix-compile-issue.patch - %define kversion %(rpm -q kernel%{?bt_ext}-devel | sort --version-sort | tail -1 | sed 's/kernel%{?bt_ext}-devel-//') %package -n kmod-ixgbevf%{?bt_ext} diff --git a/kernel/kernel-modules/intel-ixgbevf/files/0001-i40evf-Fix-compile-issue.patch b/kernel/kernel-modules/intel-ixgbevf/files/0001-i40evf-Fix-compile-issue.patch deleted file mode 100644 index 52a20e301..000000000 --- a/kernel/kernel-modules/intel-ixgbevf/files/0001-i40evf-Fix-compile-issue.patch +++ /dev/null @@ -1,27 +0,0 @@ -From af5c220050e90b388fdff4b3730cde150988daec Mon Sep 17 00:00:00 2001 -From: Dahir Osman -Date: Fri, 23 Sep 2016 11:17:54 -0400 -Subject: [PATCH] i40evf: Fix compile issue. - -The Makefile was using the wrong CONFIG to compile the driver sources. -The driver was not being built at all without this fix. ---- - src/Makefile | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/Makefile b/src/Makefile -index b50a61d..610c5f9 100644 ---- a/src/Makefile -+++ b/src/Makefile -@@ -28,7 +28,7 @@ ifneq ($(KERNELRELEASE),) - # Makefile for the Intel(R) 10GbE PCI Express Virtual Function Driver - # - --obj-$(CONFIG_IXGBE) += ixgbevf.o -+obj-$(CONFIG_IXGBEVF) += ixgbevf.o - - define ixgbevf-y - ixgbevf_main.o --- -1.9.1 - diff --git a/kernel/kernel-modules/mlnx-ofa_kernel/centos/meta_patches/0001-Support-TiS-system.patch b/kernel/kernel-modules/mlnx-ofa_kernel/centos/meta_patches/0001-Support-TiS-system.patch index 4c3572be9..6fd1edd2a 100644 --- a/kernel/kernel-modules/mlnx-ofa_kernel/centos/meta_patches/0001-Support-TiS-system.patch +++ b/kernel/kernel-modules/mlnx-ofa_kernel/centos/meta_patches/0001-Support-TiS-system.patch @@ -56,7 +56,7 @@ index 33fe911..7a9253d 100644 # Select packages to build # Kernel module packages to be included into kernel-ib -@@ -62,7 +67,9 @@ +@@ -63,7 +68,9 @@ %{!?KERNEL_SOURCES: %global KERNEL_SOURCES /lib/modules/%{KVERSION}/source} @@ -64,10 +64,10 @@ index 33fe911..7a9253d 100644 + +%define _basename mlnx-ofa_kernel +%define _name %{_basename}%{?bt_ext} - %{!?_version: %global _version 4.3} - %{!?_release: %global _release OFED.4.3.3.0.2.1.gcf60532} + %{!?_version: %global _version 4.5} + %{!?_release: %global _release OFED.4.5.1.0.1.1.gb4fdfac} %global _kmp_rel %{_release}%{?_kmp_build_num}%{?_dist} -@@ -74,11 +81,16 @@ +@@ -75,11 +82,16 @@ Summary: Infiniband HCA Driver Name: %{_name} Version: %{_version} @@ -86,7 +86,7 @@ index 33fe911..7a9253d 100644 BuildRoot: %{?build_root:%{build_root}}%{!?build_root:/var/tmp/OFED} Vendor: Mellanox Technologies Obsoletes: kernel-ib -@@ -133,7 +145,6 @@ EOF) +@@ -135,7 +147,6 @@ EOF) %global kernel_release() %{KVERSION} %global flavors_to_build default %package -n %{non_kmp_pname} @@ -94,7 +94,7 @@ index 33fe911..7a9253d 100644 Requires: coreutils Requires: pciutils Requires: grep -@@ -160,7 +171,7 @@ Obsoletes: mlnx-en-doc +@@ -162,7 +173,7 @@ Obsoletes: mlnx-en-doc Obsoletes: mlnx-en-debuginfo Obsoletes: mlnx-en-sources Version: %{_version} @@ -103,7 +103,7 @@ index 33fe911..7a9253d 100644 Summary: Infiniband Driver and ULPs kernel modules Group: System Environment/Libraries %description -n %{non_kmp_pname} -@@ -172,7 +183,7 @@ The driver sources are located at: http://www.mellanox.com/downloads/ofed/mlnx-o +@@ -174,7 +185,7 @@ The driver sources are located at: http://www.mellanox.com/downloads/ofed/mlnx-o %package -n %{devel_pname} Version: %{_version} # build KMP rpms? @@ -112,7 +112,7 @@ index 33fe911..7a9253d 100644 Obsoletes: kernel-ib-devel Obsoletes: compat-rdma-devel Obsoletes: kernel-ib -@@ -209,13 +220,12 @@ The driver sources are located at: http://www.mellanox.com/downloads/ofed/mlnx-o +@@ -212,13 +223,12 @@ The driver sources are located at: http://www.mellanox.com/downloads/ofed/mlnx-o else \ echo -n '0'; fi) @@ -127,7 +127,7 @@ index 33fe911..7a9253d 100644 %global buildsubdir %{_name}-%{version} # Disgusting hack alert! We need to ensure we sign modules *after* all # invocations of strip occur, which is in __debug_install_post if -@@ -228,7 +238,6 @@ The driver sources are located at: http://www.mellanox.com/downloads/ofed/mlnx-o +@@ -231,7 +241,6 @@ The driver sources are located at: http://www.mellanox.com/downloads/ofed/mlnx-o %{__modsign_install_post} \ %{nil} @@ -135,7 +135,7 @@ index 33fe911..7a9253d 100644 # %if "%{_vendor}" == "suse" %debug_package -@@ -259,12 +268,16 @@ The driver sources are located at: http://www.mellanox.com/downloads/ofed/mlnx-o +@@ -262,12 +271,16 @@ The driver sources are located at: http://www.mellanox.com/downloads/ofed/mlnx-o %{!?install_mod_dir: %global install_mod_dir updates} %prep @@ -153,7 +153,7 @@ index 33fe911..7a9253d 100644 %build export EXTRA_CFLAGS='-DVERSION=\"%version\"' export INSTALL_MOD_DIR=%{install_mod_dir} -@@ -279,7 +292,6 @@ for flavor in %flavors_to_build; do +@@ -282,7 +295,6 @@ for flavor in %flavors_to_build; do find compat -type f -exec touch -t 200012201010 '{}' \; || true ./configure --build-dummy-mods --prefix=%{_prefix} --kernel-version $KVERSION --kernel-sources $KSRC --modules-dir $LIB_MOD_DIR $CONF_OPTIONS %{?_smp_mflags} make %{?_smp_mflags} kernel @@ -161,7 +161,7 @@ index 33fe911..7a9253d 100644 cd - done -@@ -288,9 +300,11 @@ touch ofed-files +@@ -291,9 +303,11 @@ touch ofed-files export RECORD_PY_FILES=1 export INSTALL_MOD_PATH=%{buildroot} export INSTALL_MOD_DIR=%{install_mod_dir} @@ -174,7 +174,7 @@ index 33fe911..7a9253d 100644 for flavor in %flavors_to_build; do export KSRC=%{kernel_source $flavor} export KVERSION=%{kernel_release $KSRC} -@@ -340,6 +354,8 @@ echo "override ${mod_name} * weak-updates/%{_name}${mod_path}" >> %{buildroot}%{ +@@ -343,6 +357,8 @@ echo "override ${mod_name} * weak-updates/%{_name}${mod_path}" >> %{buildroot}%{ echo "override ${mod_name} * extra/%{_name}${mod_path}" >> %{buildroot}%{_sysconfdir}/depmod.d/zz01-%{_name}-${mod_name}.conf done %endif @@ -183,7 +183,7 @@ index 33fe911..7a9253d 100644 %endif # copy sources -@@ -680,6 +696,7 @@ fi +@@ -686,6 +702,7 @@ fi %config(noreplace) %{_sysconfdir}/depmod.d/zz01-%{_name}-*.conf %endif %endif diff --git a/kernel/kernel-modules/mlnx-ofa_kernel/centos/srpm_path b/kernel/kernel-modules/mlnx-ofa_kernel/centos/srpm_path index 2b3d165e7..8a880eb54 100644 --- a/kernel/kernel-modules/mlnx-ofa_kernel/centos/srpm_path +++ b/kernel/kernel-modules/mlnx-ofa_kernel/centos/srpm_path @@ -1 +1 @@ -repo:stx/downloads/mlnx-ofa_kernel-4.3-OFED.4.3.3.0.2.1.gcf60532.src.rpm +repo:stx/downloads/mlnx-ofa_kernel-4.5-OFED.4.5.1.0.1.1.gb4fdfac.src.rpm diff --git a/kernel/kernel-modules/tpmdd/centos/build_srpm.data b/kernel/kernel-modules/tpmdd/centos/build_srpm.data index a3a69c84e..b2e6158f8 100644 --- a/kernel/kernel-modules/tpmdd/centos/build_srpm.data +++ b/kernel/kernel-modules/tpmdd/centos/build_srpm.data @@ -2,4 +2,4 @@ COPY_LIST=" \ $PKG_BASE/files/* \ $PKG_BASE/patches/* \ $STX_BASE/downloads/tpm-kmod-e6aef069.tar.gz" -TIS_PATCH_VER=5 +TIS_PATCH_VER=6 diff --git a/kernel/kernel-modules/tpmdd/centos/tpm-kmod.spec b/kernel/kernel-modules/tpmdd/centos/tpm-kmod.spec index a6d725fad..b0f34d71f 100644 --- a/kernel/kernel-modules/tpmdd/centos/tpm-kmod.spec +++ b/kernel/kernel-modules/tpmdd/centos/tpm-kmod.spec @@ -35,6 +35,7 @@ Patch04: UPSTREAM-0002-tpm-reduce-tpm-polling-delay-in-tpm_tis_core.patch Patch05: UPSTREAM-0003-tpm-use-tpm_msleep-value-as-max-delay.patch Patch06: UPSTREAM-0004-tpm-wait-for-stat-to-specify-variable-polling-time.patch Patch07: UPSTREAM-0005-tpm-ignore-burstcount-to-improve-send-performance.patch +Patch08: UPSTREAM-0006-tpm-use-struct-tpm_chip.patch %define kversion %(rpm -q kernel%{?bt_ext}-devel | sort --version-sort | tail -1 | sed 's/kernel%{?bt_ext}-devel-//') diff --git a/kernel/kernel-modules/tpmdd/patches/UPSTREAM-0006-tpm-use-struct-tpm_chip.patch b/kernel/kernel-modules/tpmdd/patches/UPSTREAM-0006-tpm-use-struct-tpm_chip.patch new file mode 100644 index 000000000..42f885dea --- /dev/null +++ b/kernel/kernel-modules/tpmdd/patches/UPSTREAM-0006-tpm-use-struct-tpm_chip.patch @@ -0,0 +1,327 @@ +From 5b60e1a889246a5a0d131e74ceaf240fc0637c9f Mon Sep 17 00:00:00 2001 +From: Shuicheng Lin +Date: Sat, 29 Dec 2018 02:51:39 +0800 +Subject: [PATCH] pick upstream patch to fix build failure with CentOS 7.6 + 3.10.0-957.1.3 kernel + +[commit aad887f6641145fec2a801da2ce4ed36cf99c6a5 from Upstream linux-tpmdd repo] + +" +From aad887f6641145fec2a801da2ce4ed36cf99c6a5 Mon Sep 17 00:00:00 2001 +From: Jarkko Sakkinen +Date: Sun, 5 Nov 2017 13:16:26 +0200 +Subject: [PATCH] tpm: use struct tpm_chip for tpm_chip_find_get() + +Device number (the character device index) is not a stable identifier +for a TPM chip. That is the reason why every call site passes +TPM_ANY_NUM to tpm_chip_find_get(). + +This commit changes the API in a way that instead a struct tpm_chip +instance is given and NULL means the default chip. In addition, this +commit refines the documentation to be up to date with the +implementation. + +Suggested-by: Jason Gunthorpe (@chip_num -> @chip part) +Signed-off-by: Jarkko Sakkinen +Reviewed-by: Jason Gunthorpe +Tested-by: PrasannaKumar Muralidharan +" + +Signed-off-by: Shuicheng Lin +--- + tpm-chip.c | 15 +++---- + tpm-interface.c | 133 +++++++++++++++++++++++++++++--------------------------- + tpm.h | 2 +- + 3 files changed, 76 insertions(+), 74 deletions(-) + +diff --git a/tpm-chip.c b/tpm-chip.c +index a321bd5..84710e0 100644 +--- a/tpm-chip.c ++++ b/tpm-chip.c +@@ -80,21 +80,21 @@ void tpm_put_ops(struct tpm_chip *chip) + EXPORT_SYMBOL_GPL(tpm_put_ops); + + /** +- * tpm_chip_find_get() - return tpm_chip for a given chip number +- * @chip_num: id to find ++ * tpm_chip_find_get() - find and reserve a TPM chip ++ * @chip: a &struct tpm_chip instance, %NULL for the default chip + * + * The return'd chip has been tpm_try_get_ops'd and must be released via + * tpm_put_ops + */ +-struct tpm_chip *tpm_chip_find_get(int chip_num) ++struct tpm_chip *tpm_chip_find_get(struct tpm_chip *chip) + { +- struct tpm_chip *chip, *res = NULL; ++ struct tpm_chip *res = NULL; ++ int chip_num = 0; + int chip_prev; + + mutex_lock(&idr_lock); + +- if (chip_num == TPM_ANY_NUM) { +- chip_num = 0; ++ if (!chip) { + do { + chip_prev = chip_num; + chip = idr_get_next(&dev_nums_idr, &chip_num); +@@ -104,8 +104,7 @@ struct tpm_chip *tpm_chip_find_get(int chip_num) + } + } while (chip_prev != chip_num); + } else { +- chip = idr_find(&dev_nums_idr, chip_num); +- if (chip && !tpm_try_get_ops(chip)) ++ if (!tpm_try_get_ops(chip)) + res = chip; + } + +diff --git a/tpm-interface.c b/tpm-interface.c +index 69041ec..036c6b6 100644 +--- a/tpm-interface.c ++++ b/tpm-interface.c +@@ -787,19 +787,18 @@ int tpm_pcr_read_dev(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) + } + + /** +- * tpm_is_tpm2 - is the chip a TPM2 chip? +- * @chip_num: tpm idx # or ANY ++ * tpm_is_tpm2 - do we a have a TPM2 chip? ++ * @chip: a &struct tpm_chip instance, %NULL for the default chip + * + * Returns < 0 on error, and 1 or 0 on success depending whether the chip + * is a TPM2 chip. + */ +-int tpm_is_tpm2(u32 chip_num) ++int tpm_is_tpm2(struct tpm_chip *chip) + { +- struct tpm_chip *chip; + int rc; + +- chip = tpm_chip_find_get(chip_num); +- if (chip == NULL) ++ chip = tpm_chip_find_get(chip); ++ if (!chip) + return -ENODEV; + + rc = (chip->flags & TPM_CHIP_FLAG_TPM2) != 0; +@@ -811,23 +810,18 @@ int tpm_is_tpm2(u32 chip_num) + EXPORT_SYMBOL_GPL(tpm_is_tpm2); + + /** +- * tpm_pcr_read - read a pcr value +- * @chip_num: tpm idx # or ANY +- * @pcr_idx: pcr idx to retrieve +- * @res_buf: TPM_PCR value +- * size of res_buf is 20 bytes (or NULL if you don't care) +- * +- * The TPM driver should be built-in, but for whatever reason it +- * isn't, protect against the chip disappearing, by incrementing +- * the module usage count. ++ * tpm_pcr_read - read a PCR value from SHA1 bank ++ * @chip: a &struct tpm_chip instance, %NULL for the default chip ++ * @pcr_idx: the PCR to be retrieved ++ * @res_buf: the value of the PCR ++ * Return: same as with tpm_transmit_cmd() + */ +-int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf) ++int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf) + { +- struct tpm_chip *chip; + int rc; + +- chip = tpm_chip_find_get(chip_num); +- if (chip == NULL) ++ chip = tpm_chip_find_get(chip); ++ if (!chip) + return -ENODEV; + if (chip->flags & TPM_CHIP_FLAG_TPM2) + rc = tpm2_pcr_read(chip, pcr_idx, res_buf); +@@ -848,26 +842,27 @@ static const struct tpm_input_header pcrextend_header = { + }; + + /** +- * tpm_pcr_extend - extend pcr value with hash +- * @chip_num: tpm idx # or AN& +- * @pcr_idx: pcr idx to extend +- * @hash: hash value used to extend pcr value ++ * tpm_pcr_extend - extend a PCR value in SHA1 bank. ++ * @chip: a &struct tpm_chip instance, %NULL for the default chip ++ * @pcr_idx: the PCR to be retrieved ++ * @hash: the hash value used to extend the PCR value + * +- * The TPM driver should be built-in, but for whatever reason it +- * isn't, protect against the chip disappearing, by incrementing +- * the module usage count. ++ * Note: with TPM 2.0 extends also those banks with a known digest size to the ++ * cryto subsystem in order to prevent malicious use of those PCR banks. In the ++ * future we should dynamically determine digest sizes. ++ * ++ * Return: same as with tpm_transmit_cmd() + */ +-int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash) ++int tpm_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash) + { + struct tpm_cmd_t cmd; + int rc; +- struct tpm_chip *chip; + struct tpm2_digest digest_list[ARRAY_SIZE(chip->active_banks)]; + u32 count = 0; + int i; + +- chip = tpm_chip_find_get(chip_num); +- if (chip == NULL) ++ chip = tpm_chip_find_get(chip); ++ if (!chip) + return -ENODEV; + + if (chip->flags & TPM_CHIP_FLAG_TPM2) { +@@ -984,17 +979,24 @@ out: + return rc; + } + +-int tpm_send(u32 chip_num, void *cmd, size_t buflen) ++/** ++ * tpm_send - send a TPM command ++ * @chip: a &struct tpm_chip instance, %NULL for the default chip ++ * @cmd: a TPM command buffer ++ * @buflen: the length of the TPM command buffer ++ * ++ * Return: same as with tpm_transmit_cmd() ++ */ ++int tpm_send(struct tpm_chip *chip, void *cmd, size_t buflen) + { +- struct tpm_chip *chip; + int rc; + +- chip = tpm_chip_find_get(chip_num); +- if (chip == NULL) ++ chip = tpm_chip_find_get(chip); ++ if (!chip) + return -ENODEV; + + rc = tpm_transmit_cmd(chip, NULL, cmd, buflen, 0, 0, +- "attempting tpm_cmd"); ++ "attempting to a send a command"); + tpm_put_ops(chip); + return rc; + } +@@ -1164,16 +1166,15 @@ static const struct tpm_input_header tpm_getrandom_header = { + }; + + /** +- * tpm_get_random() - Get random bytes from the tpm's RNG +- * @chip_num: A specific chip number for the request or TPM_ANY_NUM +- * @out: destination buffer for the random bytes +- * @max: the max number of bytes to write to @out ++ * tpm_get_random() - get random bytes from the TPM's RNG ++ * @chip: a &struct tpm_chip instance, %NULL for the default chip ++ * @out: destination buffer for the random bytes ++ * @max: the max number of bytes to write to @out + * +- * Returns < 0 on error and the number of bytes read on success ++ * Return: same as with tpm_transmit_cmd() + */ +-int tpm_get_random(u32 chip_num, u8 *out, size_t max) ++int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max) + { +- struct tpm_chip *chip; + struct tpm_cmd_t tpm_cmd; + u32 recd, num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA), rlength; + int err, total = 0, retries = 5; +@@ -1182,8 +1183,8 @@ int tpm_get_random(u32 chip_num, u8 *out, size_t max) + if (!out || !num_bytes || max > TPM_MAX_RNG_DATA) + return -EINVAL; + +- chip = tpm_chip_find_get(chip_num); +- if (chip == NULL) ++ chip = tpm_chip_find_get(chip); ++ if (!chip) + return -ENODEV; + + if (chip->flags & TPM_CHIP_FLAG_TPM2) { +@@ -1225,22 +1226,23 @@ int tpm_get_random(u32 chip_num, u8 *out, size_t max) + EXPORT_SYMBOL_GPL(tpm_get_random); + + /** +- * tpm_seal_trusted() - seal a trusted key +- * @chip_num: A specific chip number for the request or TPM_ANY_NUM +- * @options: authentication values and other options +- * @payload: the key data in clear and encrypted form ++ * tpm_seal_trusted() - seal a trusted key payload ++ * @chip: a &struct tpm_chip instance, %NULL for the default chip ++ * @options: authentication values and other options ++ * @payload: the key data in clear and encrypted form ++ * ++ * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in ++ * the keyring subsystem. + * +- * Returns < 0 on error and 0 on success. At the moment, only TPM 2.0 chips +- * are supported. ++ * Return: same as with tpm_transmit_cmd() + */ +-int tpm_seal_trusted(u32 chip_num, struct trusted_key_payload *payload, ++int tpm_seal_trusted(struct tpm_chip *chip, struct trusted_key_payload *payload, + struct trusted_key_options *options) + { +- struct tpm_chip *chip; + int rc; + +- chip = tpm_chip_find_get(chip_num); +- if (chip == NULL || !(chip->flags & TPM_CHIP_FLAG_TPM2)) ++ chip = tpm_chip_find_get(chip); ++ if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2)) + return -ENODEV; + + rc = tpm2_seal_trusted(chip, payload, options); +@@ -1251,22 +1253,23 @@ int tpm_seal_trusted(u32 chip_num, struct trusted_key_payload *payload, + EXPORT_SYMBOL_GPL(tpm_seal_trusted); + + /** +- * tpm_unseal_trusted() - unseal a trusted key +- * @chip_num: A specific chip number for the request or TPM_ANY_NUM +- * @options: authentication values and other options +- * @payload: the key data in clear and encrypted form ++ * @chip: a &struct tpm_chip instance, %NULL for the default chip ++ * @options: authentication values and other options ++ * @payload: the key data in clear and encrypted form ++ * ++ * Note: only TPM 2.0 chip are supported. TPM 1.x implementation is located in ++ * the keyring subsystem. + * +- * Returns < 0 on error and 0 on success. At the moment, only TPM 2.0 chips +- * are supported. ++ * Return: same as with tpm_transmit_cmd() + */ +-int tpm_unseal_trusted(u32 chip_num, struct trusted_key_payload *payload, +- struct trusted_key_options *options) ++int tpm_unseal_trusted(struct tpm_chip *chip, ++ struct trusted_key_payload *payload, ++ struct trusted_key_options *options) + { +- struct tpm_chip *chip; + int rc; + +- chip = tpm_chip_find_get(chip_num); +- if (chip == NULL || !(chip->flags & TPM_CHIP_FLAG_TPM2)) ++ chip = tpm_chip_find_get(chip); ++ if (!chip || !(chip->flags & TPM_CHIP_FLAG_TPM2)) + return -ENODEV; + + rc = tpm2_unseal_trusted(chip, payload, options); +diff --git a/tpm.h b/tpm.h +index e2c9f06..6d847a2 100644 +--- a/tpm.h ++++ b/tpm.h +@@ -557,7 +557,7 @@ static inline void tpm_msleep(unsigned int delay_msec) + delay_msec * 1000); + }; + +-struct tpm_chip *tpm_chip_find_get(int chip_num); ++struct tpm_chip *tpm_chip_find_get(struct tpm_chip *chip); + __must_check int tpm_try_get_ops(struct tpm_chip *chip); + void tpm_put_ops(struct tpm_chip *chip); + +-- +2.7.4 + diff --git a/kernel/kernel-rt/centos/build_srpm.data b/kernel/kernel-rt/centos/build_srpm.data index ae352ddf0..c06f85d68 100644 --- a/kernel/kernel-rt/centos/build_srpm.data +++ b/kernel/kernel-rt/centos/build_srpm.data @@ -1,4 +1,4 @@ COPY_LIST="files/*" -TIS_PATCH_VER=43 +TIS_PATCH_VER=1 BUILD_IS_BIG=11 BUILD_IS_SLOW=12 diff --git a/kernel/kernel-rt/centos/meta_patches/Build-logic-and-sources-for-TiC.patch b/kernel/kernel-rt/centos/meta_patches/Build-logic-and-sources-for-TiC.patch index 457842310..e1c996480 100644 --- a/kernel/kernel-rt/centos/meta_patches/Build-logic-and-sources-for-TiC.patch +++ b/kernel/kernel-rt/centos/meta_patches/Build-logic-and-sources-for-TiC.patch @@ -282,10 +282,10 @@ index c05b910..dfbbe1f 100644 mv $i .config Arch=`head -1 .config | cut -b 3-` + -+ # Handle Titanium Cloud customizations. Use -n to match oldnoconfig below. We want this before ++ # Handle StarlingX Cloud customizations. Use -n to match oldnoconfig below. We want this before + # the make line below so that the one below removes any dependencies of ones that we + # turn off here. We also want it before "make listnewconfig" so that we can set the -+ # config option for new configs introduced in the Titanium Cloud patches. ++ # config option for new configs introduced in the StarlingX Cloud patches. + if [ -f ${i}.tis_extra ]; then + scripts/kconfig/merge_config.sh -m -n .config ${i}.tis_extra + fi @@ -313,9 +313,9 @@ index c05b910..dfbbe1f 100644 cp signing_key.priv signing_key.priv.sign${Flavour:+.${Flavour}} cp signing_key.x509 signing_key.x509.sign${Flavour:+.${Flavour}} -+ # WRS: Copy these keys as part of the devel package ++ # STX: Copy these keys as part of the devel package + # The Module signing keys are to ensure that only Out-of-tree -+ # built against the Titanium Kernel get signed and loaded sans warnings ++ # built against the StarlingX Kernel get signed and loaded sans warnings + cp signing_key.priv ${RPM_BUILD_ROOT}/lib/modules/${KernelVer}/build/ + cp signing_key.x509 ${RPM_BUILD_ROOT}/lib/modules/${KernelVer}/build/ + @@ -443,7 +443,7 @@ index c05b910..dfbbe1f 100644 %if %{buildheaders} # Install kernel headers make ARCH=%{hdrarch} INSTALL_HDR_PATH=$RPM_BUILD_ROOT/usr headers_install -@@ -1153,6 +1367,14 @@ rm -rf $RPM_BUILD_ROOT +@@ -1165,6 +1379,14 @@ rm -rf $RPM_BUILD_ROOT ### scripts ### @@ -458,7 +458,7 @@ index c05b910..dfbbe1f 100644 # # This macro defines a %%post script for a kernel*-devel package. # %%kernel_devel_post [] -@@ -1316,6 +1538,43 @@ fi +@@ -1328,6 +1550,43 @@ fi %endif %endif @@ -502,7 +502,7 @@ index c05b910..dfbbe1f 100644 # This is %{image_install_path} on an arch where that includes ELF files, # or empty otherwise. %global elf_image_install_path %{?kernel_image_elf:%{image_install_path}} -@@ -1332,6 +1591,7 @@ fi +@@ -1344,6 +1603,7 @@ fi /%{image_install_path}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?2:.%{2}}\ /%{image_install_path}/.vmlinuz-%{KVERREL}%{?2:.%{2}}.hmac\ /boot/System.map-%{KVERREL}%{?2:.%{2}}\ @@ -510,7 +510,7 @@ index c05b910..dfbbe1f 100644 /boot/config-%{KVERREL}%{?2:.%{2}}\ %exclude /lib/modules/%{KVERREL}%{?2:.%{2}}/kernel/arch/x86/kvm\ %exclude /lib/modules/%{KVERREL}%{?2:.%{2}}/kernel/drivers/gpu/drm/i915/gvt\ -@@ -1410,6 +1670,11 @@ fi +@@ -1422,6 +1682,11 @@ fi %kernel_variant_files %{buildvanilla} vanilla %endif @@ -520,8 +520,8 @@ index c05b910..dfbbe1f 100644 +%endif # do_sign + %changelog - * Fri Aug 10 2018 Luis Claudio R. Goncalves [3.10.0-862.11.6.rt56.819.el7] - - [rt] Update source tree to match RHEL 7.5 tree [1549768 1462329] + * Thu Nov 15 2018 Luis Claudio R. Goncalves [3.10.0-957.1.3.rt56.913.el7] + - [rt] Update source tree to match RHEL 7.6.z tree [1632386 1642619] -- 2.7.4 diff --git a/kernel/kernel-rt/centos/meta_patches/Compile-issues.patch b/kernel/kernel-rt/centos/meta_patches/Compile-issues.patch index 42bc8e52c..9cf178368 100644 --- a/kernel/kernel-rt/centos/meta_patches/Compile-issues.patch +++ b/kernel/kernel-rt/centos/meta_patches/Compile-issues.patch @@ -6,26 +6,29 @@ Subject: [PATCH 1/1] Compile issues Signed-off-by: Jim Somerville --- - SPECS/kernel-rt.spec | 2 ++ - 1 file changed, 2 insertions(+) + SPECS/kernel-rt.spec | 5 +++++ + 1 file changed, 5 insertions(+) diff --git a/SPECS/kernel-rt.spec b/SPECS/kernel-rt.spec index ab6daf3..3c0e4b4 100644 --- a/SPECS/kernel-rt.spec +++ b/SPECS/kernel-rt.spec -@@ -420,6 +420,7 @@ Patch1029: dpt_i2o-fix-build-warning.patch +@@ -418,6 +418,9 @@ Patch1027: dpt_i2o-fix-build-warning.patch # DRBD was choking on write same - Patch1030: turn-off-write-same-in-smartqpi-driver.patch - Patch1031: restrict-iSCSI-kthreads-to-CPUs-in-cpu_kthread_mask.patch -+Patch1032: fix-compilation-issues.patch + Patch1028: turn-off-write-same-in-smartqpi-driver.patch + Patch1029: restrict-iSCSI-kthreads-to-CPUs-in-cpu_kthread_mask.patch ++Patch1030: fix-compilation-issues.patch ++# Fix CentOS 7.6 upgrade compile error ++Patch1031: fix-CentOS-7.6-upgrade-compile-error.patch BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root -@@ -784,6 +785,7 @@ ApplyPatch aic94xx-Skip-reading-user-settings-if-flash-is-not-f.patch +@@ -780,6 +783,8 @@ ApplyPatch aic94xx-Skip-reading-user-settings-if-flash-is-not-f.patch ApplyPatch dpt_i2o-fix-build-warning.patch ApplyPatch turn-off-write-same-in-smartqpi-driver.patch ApplyPatch restrict-iSCSI-kthreads-to-CPUs-in-cpu_kthread_mask.patch +ApplyPatch fix-compilation-issues.patch ++ApplyPatch fix-CentOS-7.6-upgrade-compile-error.patch # move off upstream version mechanism if [ -e localversion-rt ]; then diff --git a/kernel/kernel-rt/centos/meta_patches/Kernel-source-patches-for-TiC.patch b/kernel/kernel-rt/centos/meta_patches/Kernel-source-patches-for-TiC.patch index 04c04ae39..b899b65a4 100644 --- a/kernel/kernel-rt/centos/meta_patches/Kernel-source-patches-for-TiC.patch +++ b/kernel/kernel-rt/centos/meta_patches/Kernel-source-patches-for-TiC.patch @@ -8,14 +8,14 @@ Subject: [PATCH 2/3] Kernel source patches for TiC Signed-off-by: Jim Somerville --- - SPECS/kernel-rt.spec | 66 ++++++++++++++++++++++++++++++++++++++++++++++++++++ - 1 file changed, 66 insertions(+) + SPECS/kernel-rt.spec | 62 ++++++++++++++++++++++++++++++++++++++++++++++++++++ + 1 file changed, 62 insertions(+) diff --git a/SPECS/kernel-rt.spec b/SPECS/kernel-rt.spec index 905ae52..15114e6 100644 --- a/SPECS/kernel-rt.spec +++ b/SPECS/kernel-rt.spec -@@ -386,6 +386,40 @@ Source1000: modprobe-dccp-blacklist.conf +@@ -386,6 +386,38 @@ Source1000: modprobe-dccp-blacklist.conf # Empty final patch file to facilitate testing of kernel patches Patch999999: linux-kernel-test.patch @@ -45,18 +45,16 @@ index 905ae52..15114e6 100644 +Patch1023: cpuidle-menu-Avoid-taking-spinlock-for-accessing-QoS.patch +Patch1024: US101216-IMA-support-in-Titanium-kernel.patch +Patch1025: US103091-IMA-System-Configuration.patch -+Patch1026: timer-Reduce-timer-migration-overhead-if-disabled.patch -+Patch1027: timer-Minimize-nohz-off-overhead.patch +# Fix compile warnings that break the build -+Patch1028: aic94xx-Skip-reading-user-settings-if-flash-is-not-f.patch -+Patch1029: dpt_i2o-fix-build-warning.patch ++Patch1026: aic94xx-Skip-reading-user-settings-if-flash-is-not-f.patch ++Patch1027: dpt_i2o-fix-build-warning.patch +# DRBD was choking on write same -+Patch1030: turn-off-write-same-in-smartqpi-driver.patch -+Patch1031: restrict-iSCSI-kthreads-to-CPUs-in-cpu_kthread_mask.patch ++Patch1028: turn-off-write-same-in-smartqpi-driver.patch ++Patch1029: restrict-iSCSI-kthreads-to-CPUs-in-cpu_kthread_mask.patch BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root -@@ -718,6 +752,38 @@ cp %{SOURCE38} . +@@ -718,6 +750,36 @@ cp %{SOURCE38} . ## Apply Patches here ApplyPatch linux-kernel-test.patch @@ -86,8 +84,6 @@ index 905ae52..15114e6 100644 +ApplyPatch cpuidle-menu-Avoid-taking-spinlock-for-accessing-QoS.patch +ApplyPatch US101216-IMA-support-in-Titanium-kernel.patch +ApplyPatch US103091-IMA-System-Configuration.patch -+ApplyPatch timer-Reduce-timer-migration-overhead-if-disabled.patch -+ApplyPatch timer-Minimize-nohz-off-overhead.patch +ApplyPatch aic94xx-Skip-reading-user-settings-if-flash-is-not-f.patch +ApplyPatch dpt_i2o-fix-build-warning.patch +ApplyPatch turn-off-write-same-in-smartqpi-driver.patch diff --git a/kernel/kernel-rt/centos/patches/Affine-irqs-and-workqueues-with-kthread_cpus.patch b/kernel/kernel-rt/centos/patches/Affine-irqs-and-workqueues-with-kthread_cpus.patch index c32e5e083..21500b770 100644 --- a/kernel/kernel-rt/centos/patches/Affine-irqs-and-workqueues-with-kthread_cpus.patch +++ b/kernel/kernel-rt/centos/patches/Affine-irqs-and-workqueues-with-kthread_cpus.patch @@ -32,7 +32,7 @@ diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c index bd59426..bad147c 100644 --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c -@@ -404,6 +404,13 @@ setup_affinity(unsigned int irq, struct irq_desc *desc, struct cpumask *mask) +@@ -410,6 +410,13 @@ setup_affinity(unsigned int irq, struct irq_desc *desc, struct cpumask *mask) if (cpumask_intersects(mask, nodemask)) cpumask_and(mask, mask, nodemask); } @@ -50,7 +50,7 @@ diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 986e283..7160e71 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c -@@ -5466,6 +5466,8 @@ static int __init init_workqueues(void) +@@ -5483,6 +5483,8 @@ static int __init init_workqueues(void) BUG_ON(!(attrs = alloc_workqueue_attrs(GFP_KERNEL))); attrs->nice = std_nice[i]; @@ -59,7 +59,7 @@ index 986e283..7160e71 100644 unbound_std_wq_attrs[i] = attrs; /* -@@ -5476,6 +5478,8 @@ static int __init init_workqueues(void) +@@ -5493,6 +5495,8 @@ static int __init init_workqueues(void) BUG_ON(!(attrs = alloc_workqueue_attrs(GFP_KERNEL))); attrs->nice = std_nice[i]; attrs->no_numa = true; diff --git a/kernel/kernel-rt/centos/patches/CGTS-3744-route-do-not-cache-fib-route-info-on-local.patch b/kernel/kernel-rt/centos/patches/CGTS-3744-route-do-not-cache-fib-route-info-on-local.patch index 68f8f8eab..f49e30677 100644 --- a/kernel/kernel-rt/centos/patches/CGTS-3744-route-do-not-cache-fib-route-info-on-local.patch +++ b/kernel/kernel-rt/centos/patches/CGTS-3744-route-do-not-cache-fib-route-info-on-local.patch @@ -35,7 +35,7 @@ diff --git a/net/ipv4/route.c b/net/ipv4/route.c index f19aca2..5246096 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c -@@ -2057,6 +2057,17 @@ static struct rtable *__mkroute_output(const struct fib_result *res, +@@ -2121,6 +2121,17 @@ static struct rtable *__mkroute_output(const struct fib_result *res, */ if (fi && res->prefixlen < 4) fi = NULL; diff --git a/kernel/kernel-rt/centos/patches/CPU-PM-expose-pm_qos_resume_latency-for-CPUs.patch b/kernel/kernel-rt/centos/patches/CPU-PM-expose-pm_qos_resume_latency-for-CPUs.patch index 0ef0d1d7b..5c338438d 100644 --- a/kernel/kernel-rt/centos/patches/CPU-PM-expose-pm_qos_resume_latency-for-CPUs.patch +++ b/kernel/kernel-rt/centos/patches/CPU-PM-expose-pm_qos_resume_latency-for-CPUs.patch @@ -39,15 +39,15 @@ diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c index 65e786d..91d620f 100644 --- a/drivers/base/cpu.c +++ b/drivers/base/cpu.c -@@ -16,6 +16,7 @@ +@@ -15,6 +15,7 @@ + #include #include #include - #include +#include #include "base.h" -@@ -319,6 +320,7 @@ int register_cpu(struct cpu *cpu, int num) +@@ -318,6 +319,7 @@ int register_cpu(struct cpu *cpu, int num) per_cpu(cpu_sys_devices, num) = &cpu->dev; if (!error) register_cpu_under_node(num, cpu_to_node(num)); diff --git a/kernel/kernel-rt/centos/patches/Make-kernel-start-eth-devices-at-offset.patch b/kernel/kernel-rt/centos/patches/Make-kernel-start-eth-devices-at-offset.patch index 2f41a1f1a..c121e668f 100644 --- a/kernel/kernel-rt/centos/patches/Make-kernel-start-eth-devices-at-offset.patch +++ b/kernel/kernel-rt/centos/patches/Make-kernel-start-eth-devices-at-offset.patch @@ -23,7 +23,7 @@ index 1425f9d..db04f3b 100644 set_bit(i, inuse); } -+ /* WRS extension, want kernel to start at eth1000 */ ++ /* STX extension, want kernel to start at eth1000 */ + if (strcmp(name, "eth%d") == 0) { + for (i=0; i < 1000; i++) + set_bit(i, inuse); diff --git a/kernel/kernel-rt/centos/patches/Notification-of-death-of-arbitrary-processes.patch b/kernel/kernel-rt/centos/patches/Notification-of-death-of-arbitrary-processes.patch index fc36f39ed..385f4d78e 100644 --- a/kernel/kernel-rt/centos/patches/Notification-of-death-of-arbitrary-processes.patch +++ b/kernel/kernel-rt/centos/patches/Notification-of-death-of-arbitrary-processes.patch @@ -65,7 +65,7 @@ diff --git a/include/linux/sched.h b/include/linux/sched.h index 97ff026..0785453 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h -@@ -1664,6 +1664,12 @@ struct task_struct { +@@ -1682,6 +1682,12 @@ struct task_struct { short il_next; short pref_node_fork; #endif @@ -111,7 +111,7 @@ diff --git a/init/Kconfig b/init/Kconfig index 1d645a1..37e48c0 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1539,6 +1539,21 @@ config VM_EVENT_COUNTERS +@@ -1581,6 +1581,21 @@ config VM_EVENT_COUNTERS on EXPERT systems. /proc/vmstat will only show page counts if VM event counters are disabled. @@ -137,10 +137,10 @@ diff --git a/kernel/Makefile b/kernel/Makefile index 762218c..d357e7d 100644 --- a/kernel/Makefile +++ b/kernel/Makefile -@@ -117,6 +117,7 @@ obj-$(CONFIG_RING_BUFFER) += trace/ - obj-$(CONFIG_TRACEPOINTS) += trace/ +@@ -120,6 +120,7 @@ obj-$(CONFIG_TRACEPOINTS) += trace/ obj-$(CONFIG_IRQ_WORK) += irq_work.o obj-$(CONFIG_CPU_PM) += cpu_pm.o + obj-$(CONFIG_BPF) += bpf/ +obj-$(CONFIG_SIGEXIT) += death_notify.o obj-$(CONFIG_PERF_EVENTS) += events/ @@ -457,7 +457,7 @@ diff --git a/kernel/fork.c b/kernel/fork.c index 6bda4c0..f3cd3ad 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -1512,6 +1512,10 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1518,6 +1518,10 @@ static struct task_struct *copy_process(unsigned long clone_flags, p->sequential_io = 0; p->sequential_io_avg = 0; #endif @@ -472,7 +472,7 @@ diff --git a/kernel/signal.c b/kernel/signal.c index 59e84a2..728daa9 100644 --- a/kernel/signal.c +++ b/kernel/signal.c -@@ -48,6 +48,9 @@ +@@ -47,6 +47,9 @@ #include #include #include "audit.h" /* audit_signal_info() */ @@ -482,7 +482,7 @@ index 59e84a2..728daa9 100644 /* * SLAB caches for signal bits. -@@ -1853,6 +1856,10 @@ bool do_notify_parent(struct task_struct *tsk, int sig) +@@ -1849,6 +1852,10 @@ bool do_notify_parent(struct task_struct *tsk, int sig) __wake_up_parent(tsk, tsk->parent); spin_unlock_irqrestore(&psig->siglock, flags); @@ -493,7 +493,7 @@ index 59e84a2..728daa9 100644 return autoreap; } -@@ -1924,6 +1931,10 @@ static void do_notify_parent_cldstop(struct task_struct *tsk, +@@ -1920,6 +1927,10 @@ static void do_notify_parent_cldstop(struct task_struct *tsk, */ __wake_up_parent(tsk, parent); spin_unlock_irqrestore(&sighand->siglock, flags); diff --git a/kernel/kernel-rt/centos/patches/PCI-Add-ACS-quirk-for-Intel-Fortville-NICs.patch b/kernel/kernel-rt/centos/patches/PCI-Add-ACS-quirk-for-Intel-Fortville-NICs.patch index 22e0fec68..c80c1f27d 100644 --- a/kernel/kernel-rt/centos/patches/PCI-Add-ACS-quirk-for-Intel-Fortville-NICs.patch +++ b/kernel/kernel-rt/centos/patches/PCI-Add-ACS-quirk-for-Intel-Fortville-NICs.patch @@ -18,7 +18,7 @@ diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index 5614e3f..4a0bfed 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c -@@ -4289,6 +4289,10 @@ static const struct pci_dev_acs_enabled { +@@ -4401,6 +4401,10 @@ static const struct pci_dev_acs_enabled { /* I219 */ { PCI_VENDOR_ID_INTEL, 0x15b7, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_INTEL, 0x15b8, pci_quirk_mf_endpoint_acs }, diff --git a/kernel/kernel-rt/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch b/kernel/kernel-rt/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch index e0025f635..6c8cb0ba4 100644 --- a/kernel/kernel-rt/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch +++ b/kernel/kernel-rt/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch @@ -47,7 +47,7 @@ This helps in: Signed-off-by: Jim Somerville --- Documentation/ABI/testing/sysfs-devices-system-cpu | 65 ++ - arch/x86/kernel/cpu/intel_cacheinfo.c | 830 +++++++-------------- + arch/x86/kernel/cpu/cacheinfo.c | 830 +++++++-------------- drivers/base/Makefile | 2 +- drivers/base/cacheinfo.c | 662 ++++++++++++++++ drivers/base/cpu.c | 54 ++ @@ -133,10 +133,10 @@ index ff65f15..7521be8 100644 What: /sys/devices/system/cpu/cpuX/cpufreq/throttle_stats /sys/devices/system/cpu/cpuX/cpufreq/throttle_stats/turbo_stat /sys/devices/system/cpu/cpuX/cpufreq/throttle_stats/sub_turbo_stat -diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c +diff --git a/arch/x86/kernel/cpu/cacheinfo.c b/arch/x86/kernel/cpu/cacheinfo.c index d529019..bf23bd2 100644 ---- a/arch/x86/kernel/cpu/intel_cacheinfo.c -+++ b/arch/x86/kernel/cpu/intel_cacheinfo.c +--- a/arch/x86/kernel/cpu/cacheinfo.c ++++ b/arch/x86/kernel/cpu/cacheinfo.c @@ -1,5 +1,5 @@ /* - * Routines to indentify caches on Intel CPU. @@ -499,7 +499,7 @@ index d529019..bf23bd2 100644 return -EIO; /* better error ? */ this_leaf->eax = eax; -@@ -576,14 +631,14 @@ static int find_num_cache_leaves(struct cpuinfo_x86 *c) +@@ -576,7 +631,7 @@ static int find_num_cache_leaves(struct cpuinfo_x86 *c) /* Do cpuid(op) loop to find out num_cache_leaves */ cpuid_count(op, i, &eax, &ebx, &ecx, &edx); cache_eax.full = eax; @@ -508,6 +508,7 @@ index d529019..bf23bd2 100644 return i; } +@@ -622,7 +677,7 @@ void cacheinfo_amd_init_llc_id(struct cpuinfo_x86 *c, int cpu, u8 node_id) void init_amd_cacheinfo(struct cpuinfo_x86 *c) { @@ -516,7 +517,7 @@ index d529019..bf23bd2 100644 num_cache_leaves = find_num_cache_leaves(c); } else if (c->extended_cpuid_level >= 0x80000006) { if (cpuid_edx(0x80000006) & 0xf000) -@@ -600,7 +655,7 @@ unsigned int init_intel_cacheinfo(struct cpuinfo_x86 *c) +@@ -639,7 +694,7 @@ unsigned int init_intel_cacheinfo(struct cpuinfo_x86 *c) unsigned int new_l1d = 0, new_l1i = 0; /* Cache sizes from cpuid(4) */ unsigned int new_l2 = 0, new_l3 = 0, i; /* Cache sizes from cpuid(4) */ unsigned int l2_id = 0, l3_id = 0, num_threads_sharing, index_msb; @@ -525,7 +526,7 @@ index d529019..bf23bd2 100644 unsigned int cpu = c->cpu_index; #endif -@@ -618,36 +673,34 @@ unsigned int init_intel_cacheinfo(struct cpuinfo_x86 *c) +@@ -657,36 +712,34 @@ unsigned int init_intel_cacheinfo(struct cpuinfo_x86 *c) * parameters cpuid leaf to find the cache details */ for (i = 0; i < num_cache_leaves; i++) { @@ -587,7 +588,7 @@ index d529019..bf23bd2 100644 } } } -@@ -721,34 +774,40 @@ unsigned int init_intel_cacheinfo(struct cpuinfo_x86 *c) +@@ -760,34 +813,40 @@ unsigned int init_intel_cacheinfo(struct cpuinfo_x86 *c) if (new_l2) { l2 = new_l2; @@ -640,7 +641,7 @@ index d529019..bf23bd2 100644 int i, sibling; /* -@@ -757,40 +816,43 @@ static int cache_shared_amd_cpu_map_setup(unsigned int cpu, int index) +@@ -796,40 +855,43 @@ static int cache_shared_amd_cpu_map_setup(unsigned int cpu, int index) */ if (index == 3) { for_each_cpu(i, cpu_llc_shared_mask(cpu)) { @@ -697,7 +698,7 @@ index d529019..bf23bd2 100644 } } } else -@@ -799,72 +861,70 @@ static int cache_shared_amd_cpu_map_setup(unsigned int cpu, int index) +@@ -838,72 +900,70 @@ static int cache_shared_amd_cpu_map_setup(unsigned int cpu, int index) return 1; } @@ -814,7 +815,7 @@ index d529019..bf23bd2 100644 } /* -@@ -886,411 +946,37 @@ static void get_cache_id(int cpu, struct _cpuid4_info_regs *id4_regs) +@@ -925,411 +985,37 @@ static void get_cache_id(int cpu, struct _cpuid4_info_regs *id4_regs) int get_cpu_cache_id(int cpu, int level) { int i; @@ -1931,7 +1932,7 @@ diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c index 290609b..65e786d 100644 --- a/drivers/base/cpu.c +++ b/drivers/base/cpu.c -@@ -340,6 +340,60 @@ struct device *get_cpu_device(unsigned cpu) +@@ -338,6 +338,60 @@ struct device *get_cpu_device(unsigned cpu) } EXPORT_SYMBOL_GPL(get_cpu_device); diff --git a/kernel/kernel-rt/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch b/kernel/kernel-rt/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch index 3d8140961..7b0b229ae 100644 --- a/kernel/kernel-rt/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch +++ b/kernel/kernel-rt/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch @@ -31,7 +31,7 @@ diff --git a/fs/namei.c b/fs/namei.c index 9f90b63..bf91ea0 100644 --- a/fs/namei.c +++ b/fs/namei.c -@@ -3236,7 +3236,7 @@ opened: +@@ -3225,7 +3225,7 @@ opened: error = open_check_o_direct(file); if (error) goto exit_fput; @@ -44,7 +44,7 @@ diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 00e98c3..cb9250e 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c -@@ -883,7 +883,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, +@@ -898,7 +898,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, goto out_nfserr; } @@ -80,7 +80,7 @@ index eb6f994..2dbaf80 100644 void *i_private; /* fs or device private pointer */ }; -@@ -2827,7 +2826,6 @@ static inline bool inode_is_open_for_write(const struct inode *inode) +@@ -2830,7 +2829,6 @@ static inline bool inode_is_open_for_write(const struct inode *inode) return atomic_read(&inode->i_writecount) > 0; } @@ -88,7 +88,7 @@ index eb6f994..2dbaf80 100644 static inline void i_readcount_dec(struct inode *inode) { BUG_ON(!atomic_read(&inode->i_readcount)); -@@ -2837,16 +2835,7 @@ static inline void i_readcount_inc(struct inode *inode) +@@ -2840,16 +2838,7 @@ static inline void i_readcount_inc(struct inode *inode) { atomic_inc(&inode->i_readcount); } @@ -229,7 +229,7 @@ diff --git a/security/security.c b/security/security.c index f069482..646a0e3 100644 --- a/security/security.c +++ b/security/security.c -@@ -156,6 +156,110 @@ EXPORT_SYMBOL(unregister_lsm_notifier); +@@ -157,6 +157,110 @@ EXPORT_SYMBOL(unregister_lsm_notifier); /* Security operations */ @@ -340,7 +340,7 @@ index f069482..646a0e3 100644 int security_ptrace_access_check(struct task_struct *child, unsigned int mode) { #ifdef CONFIG_SECURITY_YAMA_STACKED -@@ -715,8 +819,11 @@ EXPORT_SYMBOL(security_inode_listsecurity); +@@ -716,8 +820,11 @@ EXPORT_SYMBOL(security_inode_listsecurity); void security_inode_getsecid(struct inode *inode, u32 *secid) { @@ -353,7 +353,7 @@ index f069482..646a0e3 100644 int security_inode_copy_up(struct dentry *src, struct cred **new) { -@@ -1525,6 +1632,7 @@ int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +@@ -1526,6 +1633,7 @@ int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) { return security_ops->audit_rule_init(field, op, rulestr, lsmrule); } @@ -361,13 +361,14 @@ index f069482..646a0e3 100644 int security_audit_rule_known(struct audit_krule *krule) { -@@ -1541,5 +1649,6 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, +@@ -1542,6 +1650,7 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, { return security_ops->audit_rule_match(secid, field, op, lsmrule, actx); } +EXPORT_SYMBOL_GPL(security_audit_rule_match); #endif /* CONFIG_AUDIT */ + -- 1.8.3.1 diff --git a/kernel/kernel-rt/centos/patches/US103091-IMA-System-Configuration.patch b/kernel/kernel-rt/centos/patches/US103091-IMA-System-Configuration.patch index 936b2a0db..9e8ada317 100644 --- a/kernel/kernel-rt/centos/patches/US103091-IMA-System-Configuration.patch +++ b/kernel/kernel-rt/centos/patches/US103091-IMA-System-Configuration.patch @@ -50,7 +50,7 @@ index d357e7d..f333b29 100644 obj-$(CONFIG_MODULES) += module.o obj-$(CONFIG_MODULE_SIG) += module_signing.o obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o -@@ -202,7 +202,45 @@ targets += $(obj)/.x509.list +@@ -206,7 +206,45 @@ targets += $(obj)/.x509.list $(obj)/.x509.list: @echo $(X509_CERTIFICATES) >$@ diff --git a/kernel/kernel-rt/centos/patches/affine-compute-kernel-threads.patch b/kernel/kernel-rt/centos/patches/affine-compute-kernel-threads.patch index 8603e7c60..6299a6f1e 100644 --- a/kernel/kernel-rt/centos/patches/affine-compute-kernel-threads.patch +++ b/kernel/kernel-rt/centos/patches/affine-compute-kernel-threads.patch @@ -42,7 +42,7 @@ diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-paramete index 02cfdf6..4eeda61 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -1539,6 +1539,16 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -1551,6 +1551,16 @@ bytes respectively. Such letter suffixes can also be entirely omitted. kpti [X86-64] Enable kernel page table isolation. @@ -83,7 +83,7 @@ diff --git a/init/main.c b/init/main.c index 2e4ecd4..6e265d0 100644 --- a/init/main.c +++ b/init/main.c -@@ -958,10 +958,6 @@ static noinline void __init kernel_init_freeable(void) +@@ -961,10 +961,6 @@ static noinline void __init kernel_init_freeable(void) * init can allocate pages on any node */ set_mems_allowed(node_states[N_MEMORY]); @@ -94,7 +94,7 @@ index 2e4ecd4..6e265d0 100644 cad_pid = task_pid(current); -@@ -977,6 +973,8 @@ static noinline void __init kernel_init_freeable(void) +@@ -980,6 +976,8 @@ static noinline void __init kernel_init_freeable(void) do_basic_setup(); @@ -107,7 +107,7 @@ diff --git a/kernel/cpu.c b/kernel/cpu.c index 6fe84e4..325a47a 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c -@@ -1073,6 +1073,19 @@ static DECLARE_BITMAP(cpu_active_bits, CONFIG_NR_CPUS) __read_mostly; +@@ -1308,6 +1308,19 @@ static DECLARE_BITMAP(cpu_active_bits, CONFIG_NR_CPUS) __read_mostly; const struct cpumask *const cpu_active_mask = to_cpumask(cpu_active_bits); EXPORT_SYMBOL(cpu_active_mask); diff --git a/kernel/kernel-rt/centos/patches/cma-add-placement-specifier-for-cma-kernel-parameter.patch b/kernel/kernel-rt/centos/patches/cma-add-placement-specifier-for-cma-kernel-parameter.patch index 6b73a28cc..c320990c9 100644 --- a/kernel/kernel-rt/centos/patches/cma-add-placement-specifier-for-cma-kernel-parameter.patch +++ b/kernel/kernel-rt/centos/patches/cma-add-placement-specifier-for-cma-kernel-parameter.patch @@ -52,7 +52,7 @@ diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-paramete index 4eeda61..685554b 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -579,8 +579,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -580,8 +580,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted. Also note the kernel might malfunction if you disable some critical bits. @@ -70,7 +70,7 @@ diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index 9eca4ac..4e39287 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1283,7 +1283,7 @@ void __init setup_arch(char **cmdline_p) +@@ -1298,7 +1298,7 @@ void __init setup_arch(char **cmdline_p) setup_real_mode(); memblock_set_current_limit(get_max_mapped()); diff --git a/kernel/kernel-rt/centos/patches/debrand-single-cpu.patch b/kernel/kernel-rt/centos/patches/debrand-single-cpu.patch index 1845131e0..80ebf8946 100644 --- a/kernel/kernel-rt/centos/patches/debrand-single-cpu.patch +++ b/kernel/kernel-rt/centos/patches/debrand-single-cpu.patch @@ -13,7 +13,7 @@ diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index f27ca00..9eca4ac 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -922,7 +922,7 @@ static void rh_check_supported(void) +@@ -931,7 +931,7 @@ static void rh_check_supported(void) if (((boot_cpu_data.x86_max_cores * smp_num_siblings) == 1) && !x86_hyper && !cpu_has_hypervisor && !is_kdump_kernel()) { pr_crit("Detected single cpu native boot.\n"); diff --git a/kernel/kernel-rt/centos/patches/fix-CentOS-7.6-upgrade-compile-error.patch b/kernel/kernel-rt/centos/patches/fix-CentOS-7.6-upgrade-compile-error.patch new file mode 100644 index 000000000..c8069c82f --- /dev/null +++ b/kernel/kernel-rt/centos/patches/fix-CentOS-7.6-upgrade-compile-error.patch @@ -0,0 +1,67 @@ +From c48d3f2683c28939b3c11bdfa67e4446cd11beee Mon Sep 17 00:00:00 2001 +From: "Martin, Chen" +Date: Mon, 14 Jan 2019 17:59:03 +0000 +Subject: [PATCH] fix CentOS 7.6 upgrade compile error + +1, fix improper call of part_round_stats and part_inc_in_flight +in drbd_req.c, as CONFIG_BLK_DEV_DRBD=m defined in +kernel-3.10.0-x86_64.config.tis_extra + +2, add explicit declaration for trace_bpf_int_jit_compile, +trace_bpf_jit_compile, trace_bpf_jit_free, if pmd_read_atomic not +defined + +Signed-off-by: Martin, Chen +--- + drivers/block/drbd/drbd_req.c | 8 ++++---- + include/linux/filter.h | 4 ++++ + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/drivers/block/drbd/drbd_req.c b/drivers/block/drbd/drbd_req.c +index a6f13f7..cbd0a49 100644 +--- a/drivers/block/drbd/drbd_req.c ++++ b/drivers/block/drbd/drbd_req.c +@@ -39,12 +39,12 @@ static void _drbd_start_io_acct(struct drbd_conf *mdev, struct drbd_request *req + const int rw = bio_data_dir(req->master_bio); + int cpu; + cpu = part_stat_lock(); +- part_round_stats(cpu, &mdev->vdisk->part0); ++ part_round_stats(mdev->rq_queue, cpu, &mdev->vdisk->part0); + part_stat_inc(cpu, &mdev->vdisk->part0, ios[rw]); + part_stat_add(cpu, &mdev->vdisk->part0, sectors[rw], req->i.size >> 9); + (void) cpu; /* The macro invocations above want the cpu argument, I do not like + the compiler warning about cpu only assigned but never used... */ +- part_inc_in_flight(&mdev->vdisk->part0, rw); ++ part_inc_in_flight(mdev->rq_queue, &mdev->vdisk->part0, rw); + part_stat_unlock(); + } + +@@ -56,8 +56,8 @@ static void _drbd_end_io_acct(struct drbd_conf *mdev, struct drbd_request *req) + int cpu; + cpu = part_stat_lock(); + part_stat_add(cpu, &mdev->vdisk->part0, ticks[rw], duration); +- part_round_stats(cpu, &mdev->vdisk->part0); +- part_dec_in_flight(&mdev->vdisk->part0, rw); ++ part_round_stats(mdev->rq_queue, cpu, &mdev->vdisk->part0); ++ part_dec_in_flight(mdev->rq_queue, &mdev->vdisk->part0, rw); + part_stat_unlock(); + } + +diff --git a/include/linux/filter.h b/include/linux/filter.h +index cddbb31..15ce55f 100644 +--- a/include/linux/filter.h ++++ b/include/linux/filter.h +@@ -665,6 +665,10 @@ static inline bool bpf_jit_blinding_enabled(struct bpf_prog *prog) + return true; + } + #else ++struct bpf_prog * __weak trace_bpf_int_jit_compile(struct bpf_prog *prog); ++void __weak trace_bpf_jit_compile(struct bpf_prog *prog); ++void __weak trace_bpf_jit_free(struct bpf_prog *fp); ++ + static inline bool ebpf_jit_enabled(void) + { + return false; +-- +1.8.3.1 + diff --git a/kernel/kernel-rt/centos/patches/intel-iommu-allow-ignoring-Ethernet-device-RMRR-with.patch b/kernel/kernel-rt/centos/patches/intel-iommu-allow-ignoring-Ethernet-device-RMRR-with.patch index 899207924..ef125f87f 100644 --- a/kernel/kernel-rt/centos/patches/intel-iommu-allow-ignoring-Ethernet-device-RMRR-with.patch +++ b/kernel/kernel-rt/centos/patches/intel-iommu-allow-ignoring-Ethernet-device-RMRR-with.patch @@ -59,7 +59,7 @@ diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-paramete index 685554b..0ca635a 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -1306,6 +1306,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -1318,6 +1318,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted. than 32-bit addressing. The default is to look for translation below 32-bit and if not available then look in the higher range. @@ -75,7 +75,7 @@ diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c index 05b0971..d6f4723 100644 --- a/drivers/iommu/intel-iommu.c +++ b/drivers/iommu/intel-iommu.c -@@ -504,6 +504,7 @@ static int dmar_forcedac; +@@ -480,6 +480,7 @@ static int dmar_forcedac; static int intel_iommu_strict; static int intel_iommu_superpage = 1; static int intel_iommu_ecs = 1; @@ -83,7 +83,7 @@ index 05b0971..d6f4723 100644 /* We only actually use ECS when PASID support (on the new bit 40) * is also advertised. Some early implementations — the ones with -@@ -563,6 +564,15 @@ static int __init intel_iommu_setup(char *str) +@@ -539,6 +540,15 @@ static int __init intel_iommu_setup(char *str) } else if (!strncmp(str, "forcedac", 8)) { pr_info("Forcing DAC for PCI devices\n"); dmar_forcedac = 1; @@ -99,7 +99,7 @@ index 05b0971..d6f4723 100644 } else if (!strncmp(str, "strict", 6)) { pr_info("Disable batched IOTLB flush\n"); intel_iommu_strict = 1; -@@ -2733,6 +2743,15 @@ static bool device_is_rmrr_locked(struct device *dev) +@@ -2779,6 +2789,15 @@ static bool device_is_rmrr_locked(struct device *dev) if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev)) return false; diff --git a/kernel/kernel-rt/centos/patches/kernel-3.10.0-x86_64-rt.config.tis_extra b/kernel/kernel-rt/centos/patches/kernel-3.10.0-x86_64-rt.config.tis_extra index 642ab74c1..9499c311d 100644 --- a/kernel/kernel-rt/centos/patches/kernel-3.10.0-x86_64-rt.config.tis_extra +++ b/kernel/kernel-rt/centos/patches/kernel-3.10.0-x86_64-rt.config.tis_extra @@ -951,3 +951,8 @@ CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS=n # Make performance default governor CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND=n CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y + +CONFIG_TORTURE_TEST=n +CONFIG_RCU_TORTURE_TEST=n +CONFIG_LOCK_TORTURE_TEST=n + diff --git a/kernel/kernel-rt/centos/patches/memblock-introduce-memblock_alloc_range.patch b/kernel/kernel-rt/centos/patches/memblock-introduce-memblock_alloc_range.patch index 8dd2ded65..a30ef9e1e 100644 --- a/kernel/kernel-rt/centos/patches/memblock-introduce-memblock_alloc_range.patch +++ b/kernel/kernel-rt/centos/patches/memblock-introduce-memblock_alloc_range.patch @@ -35,7 +35,7 @@ diff --git a/include/linux/memblock.h b/include/linux/memblock.h index 5a439c9..d6bcbef 100644 --- a/include/linux/memblock.h +++ b/include/linux/memblock.h -@@ -304,6 +304,8 @@ static inline bool memblock_bottom_up(void) { return false; } +@@ -306,6 +306,8 @@ static inline bool memblock_bottom_up(void) { return false; } #define MEMBLOCK_ALLOC_ANYWHERE (~(phys_addr_t)0) #define MEMBLOCK_ALLOC_ACCESSIBLE 0 diff --git a/kernel/kernel-rt/centos/patches/rcu-Don-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch b/kernel/kernel-rt/centos/patches/rcu-Don-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch index 9991f4806..9e3a00cb2 100644 --- a/kernel/kernel-rt/centos/patches/rcu-Don-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch +++ b/kernel/kernel-rt/centos/patches/rcu-Don-t-wake-rcuc-X-kthreads-on-NOCB-CPUs.patch @@ -33,7 +33,7 @@ diff --git a/kernel/rcutree.c b/kernel/rcutree.c index 9648918..fb7b2a8 100644 --- a/kernel/rcutree.c +++ b/kernel/rcutree.c -@@ -319,7 +319,7 @@ static int +@@ -367,7 +367,7 @@ static int cpu_has_callbacks_ready_to_invoke(struct rcu_data *rdp) { return &rdp->nxtlist != rdp->nxttail[RCU_DONE_TAIL] && diff --git a/kernel/kernel-rt/centos/patches/restrict-iSCSI-kthreads-to-CPUs-in-cpu_kthread_mask.patch b/kernel/kernel-rt/centos/patches/restrict-iSCSI-kthreads-to-CPUs-in-cpu_kthread_mask.patch index a98e0b376..6b5315def 100644 --- a/kernel/kernel-rt/centos/patches/restrict-iSCSI-kthreads-to-CPUs-in-cpu_kthread_mask.patch +++ b/kernel/kernel-rt/centos/patches/restrict-iSCSI-kthreads-to-CPUs-in-cpu_kthread_mask.patch @@ -19,7 +19,7 @@ diff --git a/drivers/target/iscsi/iscsi_target.c b/drivers/target/iscsi/iscsi_ta index d8f587e..17b08b7 100644 --- a/drivers/target/iscsi/iscsi_target.c +++ b/drivers/target/iscsi/iscsi_target.c -@@ -3594,8 +3594,8 @@ void iscsit_thread_get_cpumask(struct iscsi_conn *conn) +@@ -3575,8 +3575,8 @@ void iscsit_thread_get_cpumask(struct iscsi_conn *conn) * iSCSI connection's RX/TX threads will be scheduled to * execute upon. */ diff --git a/kernel/kernel-rt/centos/patches/timer-Minimize-nohz-off-overhead.patch b/kernel/kernel-rt/centos/patches/timer-Minimize-nohz-off-overhead.patch deleted file mode 100644 index 6f83a72e3..000000000 --- a/kernel/kernel-rt/centos/patches/timer-Minimize-nohz-off-overhead.patch +++ /dev/null @@ -1,168 +0,0 @@ -From ecfd98039a9be52230746b209010c77adb575629 Mon Sep 17 00:00:00 2001 -Message-Id: -In-Reply-To: -References: -From: Thomas Gleixner -Date: Tue, 26 May 2015 22:50:35 +0000 -Subject: [PATCH 28/32] timer: Minimize nohz off overhead - -If nohz is disabled on the kernel command line the [hr]timer code -still calls wake_up_nohz_cpu() and tick_nohz_full_cpu(), a pretty -pointless exercise. Cache nohz_active in [hr]timer per cpu bases and -avoid the overhead. - -Before: - 48.10% hog [.] main - 15.25% [kernel] [k] _raw_spin_lock_irqsave - 9.76% [kernel] [k] _raw_spin_unlock_irqrestore - 6.50% [kernel] [k] mod_timer - 6.44% [kernel] [k] lock_timer_base.isra.38 - 3.87% [kernel] [k] detach_if_pending - 3.80% [kernel] [k] del_timer - 2.67% [kernel] [k] internal_add_timer - 1.33% [kernel] [k] __internal_add_timer - 0.73% [kernel] [k] timerfn - 0.54% [kernel] [k] wake_up_nohz_cpu - -After: - 48.73% hog [.] main - 15.36% [kernel] [k] _raw_spin_lock_irqsave - 9.77% [kernel] [k] _raw_spin_unlock_irqrestore - 6.61% [kernel] [k] lock_timer_base.isra.38 - 6.42% [kernel] [k] mod_timer - 3.90% [kernel] [k] detach_if_pending - 3.76% [kernel] [k] del_timer - 2.41% [kernel] [k] internal_add_timer - 1.39% [kernel] [k] __internal_add_timer - 0.76% [kernel] [k] timerfn - -We probably should have a cached value for nohz full in the per cpu -bases as well to avoid the cpumask check. The base cache line is hot -already, the cpumask not necessarily. - -Signed-off-by: Thomas Gleixner -Cc: Peter Zijlstra -Cc: Paul McKenney -Cc: Frederic Weisbecker -Cc: Eric Dumazet -Cc: Viresh Kumar -Cc: John Stultz -Cc: Joonwoo Park -Cc: Wenbo Wang -Link: http://lkml.kernel.org/r/20150526224512.207378134@linutronix.de -Signed-off-by: Thomas Gleixner -Signed-off-by: Alex Kozyrev -Signed-off-by: Jim Somerville ---- - include/linux/hrtimer.h | 2 ++ - kernel/time/tick-internal.h | 4 ++-- - kernel/time/tick-sched.c | 2 +- - kernel/timer.c | 14 +++++++++++--- - 4 files changed, 16 insertions(+), 6 deletions(-) - -diff --git a/include/linux/hrtimer.h b/include/linux/hrtimer.h -index 00d4c9b..6183bf8 100644 ---- a/include/linux/hrtimer.h -+++ b/include/linux/hrtimer.h -@@ -176,6 +176,7 @@ enum hrtimer_base_type { - * Note that in RHEL7 clock_was_set is upstream's - * clock_was_set_seq (KABI). - * @migration_enabled: The migration of hrtimers to other cpus is enabled -+ * @nohz_active: The nohz functionality is enabled - * @expires_next: absolute time of the next event which was scheduled - * via clock_set_next_event() - * @hres_active: State of high resolution mode -@@ -191,6 +192,7 @@ struct hrtimer_cpu_base { - unsigned int active_bases; - unsigned int clock_was_set; /* clock_was_set_seq */ - bool migration_enabled; -+ bool nohz_active; - #ifdef CONFIG_HIGH_RES_TIMERS - ktime_t expires_next; - int hres_active; -diff --git a/kernel/time/tick-internal.h b/kernel/time/tick-internal.h -index 3ebdda4..13468bd 100644 ---- a/kernel/time/tick-internal.h -+++ b/kernel/time/tick-internal.h -@@ -173,9 +173,9 @@ extern unsigned long tick_nohz_active; - #endif - - #if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON) --extern void timers_update_migration(void); -+extern void timers_update_migration(bool update_nohz); - #else --static inline void timers_update_migration(void) { } -+static inline void timers_update_migration(bool update_nohz) { } - #endif - - DECLARE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases); -diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c -index 6c92920..3ccc18c 100644 ---- a/kernel/time/tick-sched.c -+++ b/kernel/time/tick-sched.c -@@ -980,7 +980,7 @@ static inline void tick_nohz_activate(struct tick_sched *ts, int mode) - ts->nohz_mode = mode; - /* One update is enough */ - if (!test_and_set_bit(0, &tick_nohz_active)) -- timers_update_migration(); -+ timers_update_migration(true); - } - - /** -diff --git a/kernel/timer.c b/kernel/timer.c -index 4fcb630..08c96e1 100644 ---- a/kernel/timer.c -+++ b/kernel/timer.c -@@ -88,6 +88,7 @@ struct tvec_base { - unsigned long active_timers; - int cpu; - bool migration_enabled; -+ bool nohz_active; - struct tvec_root tv1; - struct tvec tv2; - struct tvec tv3; -@@ -103,7 +104,7 @@ static DEFINE_PER_CPU(struct tvec_base *, tvec_bases) = &boot_tvec_bases; - #if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON) - unsigned int sysctl_timer_migration = 1; - --void timers_update_migration(void) -+void timers_update_migration(bool update_nohz) - { - bool on = sysctl_timer_migration && tick_nohz_active; - unsigned int cpu; -@@ -119,6 +120,10 @@ void timers_update_migration(void) - tvec_base->migration_enabled = on; - hrtimer_base = &per_cpu(hrtimer_bases, cpu); - hrtimer_base->migration_enabled = on; -+ if (!update_nohz) -+ continue; -+ tvec_base->nohz_active = true; -+ hrtimer_base->nohz_active = true; - } - } - -@@ -132,7 +137,7 @@ int timer_migration_handler(struct ctl_table *table, int write, - mutex_lock(&mutex); - ret = proc_dointvec(table, write, buffer, lenp, ppos); - if (!ret && write) -- timers_update_migration(); -+ timers_update_migration(false); - mutex_unlock(&mutex); - return ret; - } -@@ -482,8 +487,11 @@ static void internal_add_timer(struct tvec_base *base, struct timer_list *timer) - * require special care against races with idle_cpu(), lets deal - * with that later. - */ -- if (!tbase_get_deferrable(base) || tick_nohz_full_cpu(base->cpu)) -+ if (base->nohz_active) { -+ if (!tbase_get_deferrable(base) || -+ tick_nohz_full_cpu(base->cpu)) - wake_up_nohz_cpu(base->cpu); -+ } - } - - #ifdef CONFIG_TIMER_STATS --- -1.8.3.1 - diff --git a/kernel/kernel-rt/centos/patches/timer-Reduce-timer-migration-overhead-if-disabled.patch b/kernel/kernel-rt/centos/patches/timer-Reduce-timer-migration-overhead-if-disabled.patch deleted file mode 100644 index 92674a069..000000000 --- a/kernel/kernel-rt/centos/patches/timer-Reduce-timer-migration-overhead-if-disabled.patch +++ /dev/null @@ -1,533 +0,0 @@ -From 100eaa897b32405365ce13248c20fcbfd6e4a85d Mon Sep 17 00:00:00 2001 -Message-Id: <100eaa897b32405365ce13248c20fcbfd6e4a85d.1528226387.git.Jim.Somerville@windriver.com> -In-Reply-To: -References: -From: Thomas Gleixner -Date: Tue, 26 May 2015 22:50:33 +0000 -Subject: [PATCH 27/32] timer: Reduce timer migration overhead if disabled - -Eric reported that the timer_migration sysctl is not really nice -performance wise as it needs to check at every timer insertion whether -the feature is enabled or not. Further the check does not live in the -timer code, so we have an extra function call which checks an extra -cache line to figure out that it is disabled. - -We can do better and store that information in the per cpu (hr)timer -bases. I pondered to use a static key, but that's a nightmare to -update from the nohz code and the timer base cache line is hot anyway -when we select a timer base. - -The old logic enabled the timer migration unconditionally if -CONFIG_NO_HZ was set even if nohz was disabled on the kernel command -line. - -With this modification, we start off with migration disabled. The user -visible sysctl is still set to enabled. If the kernel switches to NOHZ -migration is enabled, if the user did not disable it via the sysctl -prior to the switch. If nohz=off is on the kernel command line, -migration stays disabled no matter what. - -Before: - 47.76% hog [.] main - 14.84% [kernel] [k] _raw_spin_lock_irqsave - 9.55% [kernel] [k] _raw_spin_unlock_irqrestore - 6.71% [kernel] [k] mod_timer - 6.24% [kernel] [k] lock_timer_base.isra.38 - 3.76% [kernel] [k] detach_if_pending - 3.71% [kernel] [k] del_timer - 2.50% [kernel] [k] internal_add_timer - 1.51% [kernel] [k] get_nohz_timer_target - 1.28% [kernel] [k] __internal_add_timer - 0.78% [kernel] [k] timerfn - 0.48% [kernel] [k] wake_up_nohz_cpu - -After: - 48.10% hog [.] main - 15.25% [kernel] [k] _raw_spin_lock_irqsave - 9.76% [kernel] [k] _raw_spin_unlock_irqrestore - 6.50% [kernel] [k] mod_timer - 6.44% [kernel] [k] lock_timer_base.isra.38 - 3.87% [kernel] [k] detach_if_pending - 3.80% [kernel] [k] del_timer - 2.67% [kernel] [k] internal_add_timer - 1.33% [kernel] [k] __internal_add_timer - 0.73% [kernel] [k] timerfn - 0.54% [kernel] [k] wake_up_nohz_cpu - -Reported-by: Eric Dumazet -Signed-off-by: Thomas Gleixner -Cc: Peter Zijlstra -Cc: Paul McKenney -Cc: Frederic Weisbecker -Cc: Viresh Kumar -Cc: John Stultz -Cc: Joonwoo Park -Cc: Wenbo Wang -Link: http://lkml.kernel.org/r/20150526224512.127050787@linutronix.de -Signed-off-by: Thomas Gleixner -Signed-off-by: Alex Kozyrev -Signed-off-by: Jim Somerville ---- - include/linux/hrtimer.h | 2 ++ - include/linux/sched/sysctl.h | 12 -------- - include/linux/timer.h | 8 +++++ - kernel/hrtimer.c | 48 +++++++++++++++++------------- - kernel/rcutree_plugin.h | 2 -- - kernel/sched/core.c | 2 -- - kernel/sysctl.c | 18 ++++++------ - kernel/time/tick-internal.h | 14 +++++++++ - kernel/time/tick-sched.c | 25 +++++++++------- - kernel/time/timer_list.c | 3 +- - kernel/timer.c | 70 ++++++++++++++++++++++++++++++++++++-------- - 11 files changed, 133 insertions(+), 71 deletions(-) - -diff --git a/include/linux/hrtimer.h b/include/linux/hrtimer.h -index cd04b77..00d4c9b 100644 ---- a/include/linux/hrtimer.h -+++ b/include/linux/hrtimer.h -@@ -175,6 +175,7 @@ enum hrtimer_base_type { - * @clock_was_set: Sequence counter of clock was set events - * Note that in RHEL7 clock_was_set is upstream's - * clock_was_set_seq (KABI). -+ * @migration_enabled: The migration of hrtimers to other cpus is enabled - * @expires_next: absolute time of the next event which was scheduled - * via clock_set_next_event() - * @hres_active: State of high resolution mode -@@ -189,6 +190,7 @@ struct hrtimer_cpu_base { - raw_spinlock_t lock; - unsigned int active_bases; - unsigned int clock_was_set; /* clock_was_set_seq */ -+ bool migration_enabled; - #ifdef CONFIG_HIGH_RES_TIMERS - ktime_t expires_next; - int hres_active; -diff --git a/include/linux/sched/sysctl.h b/include/linux/sched/sysctl.h -index 4895484..02ab10e 100644 ---- a/include/linux/sched/sysctl.h -+++ b/include/linux/sched/sysctl.h -@@ -54,24 +54,12 @@ extern unsigned int sysctl_numa_balancing_settle_count; - extern unsigned int sysctl_sched_migration_cost; - extern unsigned int sysctl_sched_nr_migrate; - extern unsigned int sysctl_sched_time_avg; --extern unsigned int sysctl_timer_migration; - extern unsigned int sysctl_sched_shares_window; - - int sched_proc_update_handler(struct ctl_table *table, int write, - void __user *buffer, size_t *length, - loff_t *ppos); - #endif --#ifdef CONFIG_SCHED_DEBUG --static inline unsigned int get_sysctl_timer_migration(void) --{ -- return sysctl_timer_migration; --} --#else --static inline unsigned int get_sysctl_timer_migration(void) --{ -- return 1; --} --#endif - - /* - * control realtime throttling: -diff --git a/include/linux/timer.h b/include/linux/timer.h -index c37d9b9..8eb4558 100644 ---- a/include/linux/timer.h -+++ b/include/linux/timer.h -@@ -249,6 +249,14 @@ extern void run_local_timers(void); - struct hrtimer; - extern enum hrtimer_restart it_real_fn(struct hrtimer *); - -+#if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON) -+#include -+extern unsigned int sysctl_timer_migration; -+int timer_migration_handler(struct ctl_table *table, int write, -+ void __user *buffer, size_t *lenp, -+ loff_t *ppos); -+#endif -+ - unsigned long __round_jiffies(unsigned long j, int cpu); - unsigned long __round_jiffies_relative(unsigned long j, int cpu); - unsigned long round_jiffies(unsigned long j); -diff --git a/kernel/hrtimer.c b/kernel/hrtimer.c -index 40655c8..55444ab 100644 ---- a/kernel/hrtimer.c -+++ b/kernel/hrtimer.c -@@ -168,19 +168,6 @@ struct hrtimer_clock_base *lock_hrtimer_base(const struct hrtimer *timer, - } - } - -- --/* -- * Get the preferred target CPU for NOHZ -- */ --static int hrtimer_get_target(int this_cpu, int pinned) --{ --#ifdef CONFIG_NO_HZ_COMMON -- if (!pinned && get_sysctl_timer_migration()) -- return get_nohz_timer_target(); --#endif -- return this_cpu; --} -- - /* - * With HIGHRES=y we do not migrate the timer when it is expiring - * before the next event on the target cpu because we cannot reprogram -@@ -204,6 +191,24 @@ hrtimer_check_target(struct hrtimer *timer, struct hrtimer_clock_base *new_base) - #endif - } - -+#if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON) -+static inline -+struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, -+ int pinned) -+{ -+ if (pinned || !base->migration_enabled) -+ return this_cpu_ptr(&hrtimer_bases); -+ return &per_cpu(hrtimer_bases, get_nohz_timer_target()); -+} -+#else -+static inline -+struct hrtimer_cpu_base *get_target_base(struct hrtimer_cpu_base *base, -+ int pinned) -+{ -+ return this_cpu_ptr(&hrtimer_bases); -+} -+#endif -+ - /* - * Switch the timer base to the current CPU when possible. - */ -@@ -211,14 +216,13 @@ static inline struct hrtimer_clock_base * - switch_hrtimer_base(struct hrtimer *timer, struct hrtimer_clock_base *base, - int pinned) - { -+ struct hrtimer_cpu_base *new_cpu_base, *this_base; - struct hrtimer_clock_base *new_base; -- struct hrtimer_cpu_base *new_cpu_base; -- int this_cpu = smp_processor_id(); -- int cpu = hrtimer_get_target(this_cpu, pinned); - int basenum = base->index; - -+ this_base = this_cpu_ptr(&hrtimer_bases); -+ new_cpu_base = get_target_base(this_base, pinned); - again: -- new_cpu_base = &per_cpu(hrtimer_bases, cpu); - new_base = &new_cpu_base->clock_base[basenum]; - - if (base != new_base) { -@@ -239,17 +243,19 @@ again: - raw_spin_unlock(&base->cpu_base->lock); - raw_spin_lock(&new_base->cpu_base->lock); - -- if (cpu != this_cpu && hrtimer_check_target(timer, new_base)) { -- cpu = this_cpu; -+ if (new_cpu_base != this_base && -+ hrtimer_check_target(timer, new_base)) { - raw_spin_unlock(&new_base->cpu_base->lock); - raw_spin_lock(&base->cpu_base->lock); -+ new_cpu_base = this_base; - timer->base = base; - goto again; - } - timer->base = new_base; - } else { -- if (cpu != this_cpu && hrtimer_check_target(timer, new_base)) { -- cpu = this_cpu; -+ if (new_cpu_base != this_base && -+ hrtimer_check_target(timer, new_base)) { -+ new_cpu_base = this_base; - goto again; - } - } -diff --git a/kernel/rcutree_plugin.h b/kernel/rcutree_plugin.h -index 8f410cc..7232ecb 100644 ---- a/kernel/rcutree_plugin.h -+++ b/kernel/rcutree_plugin.h -@@ -1502,8 +1502,6 @@ module_param(rcu_idle_gp_delay, int, 0644); - static int rcu_idle_lazy_gp_delay = RCU_IDLE_LAZY_GP_DELAY; - module_param(rcu_idle_lazy_gp_delay, int, 0644); - --extern int tick_nohz_active; -- - /* - * Try to advance callbacks for all flavors of RCU on the current CPU. - * Afterwards, if there are any callbacks ready for immediate invocation, -diff --git a/kernel/sched/core.c b/kernel/sched/core.c -index b2333b7..d82e745 100644 ---- a/kernel/sched/core.c -+++ b/kernel/sched/core.c -@@ -8824,8 +8824,6 @@ void __init sched_init_smp(void) - } - #endif /* CONFIG_SMP */ - --const_debug unsigned int sysctl_timer_migration = 1; -- - int in_sched_functions(unsigned long addr) - { - return in_lock_functions(addr) || -diff --git a/kernel/sysctl.c b/kernel/sysctl.c -index 8516049..b435155 100644 ---- a/kernel/sysctl.c -+++ b/kernel/sysctl.c -@@ -376,15 +376,6 @@ static struct ctl_table kern_table[] = { - .mode = 0644, - .proc_handler = proc_dointvec, - }, -- { -- .procname = "timer_migration", -- .data = &sysctl_timer_migration, -- .maxlen = sizeof(unsigned int), -- .mode = 0644, -- .proc_handler = proc_dointvec_minmax, -- .extra1 = &zero, -- .extra2 = &one, -- }, - #ifdef CONFIG_SCHEDSTATS - { - .procname = "sched_schedstats", -@@ -1200,6 +1191,15 @@ static struct ctl_table kern_table[] = { - .extra1 = &zero, - .extra2 = &one, - }, -+#if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON) -+ { -+ .procname = "timer_migration", -+ .data = &sysctl_timer_migration, -+ .maxlen = sizeof(unsigned int), -+ .mode = 0644, -+ .proc_handler = timer_migration_handler, -+ }, -+#endif - { } - }; - -diff --git a/kernel/time/tick-internal.h b/kernel/time/tick-internal.h -index ecd2ff4..3ebdda4 100644 ---- a/kernel/time/tick-internal.h -+++ b/kernel/time/tick-internal.h -@@ -165,3 +165,17 @@ extern void do_timer(unsigned long ticks); - extern void update_wall_time(void); - - extern u64 get_next_timer_interrupt(unsigned long basej, u64 basem); -+ -+#ifdef CONFIG_NO_HZ_COMMON -+extern unsigned long tick_nohz_active; -+#else -+#define tick_nohz_active (0) -+#endif -+ -+#if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON) -+extern void timers_update_migration(void); -+#else -+static inline void timers_update_migration(void) { } -+#endif -+ -+DECLARE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases); -diff --git a/kernel/time/tick-sched.c b/kernel/time/tick-sched.c -index 625c116..6c92920 100644 ---- a/kernel/time/tick-sched.c -+++ b/kernel/time/tick-sched.c -@@ -412,7 +412,7 @@ void __init tick_nohz_init(void) - /* - * NO HZ enabled ? - */ --int tick_nohz_active __read_mostly; -+unsigned long tick_nohz_active __read_mostly; - /* - * Enable / Disable tickless mode - */ -@@ -973,6 +973,16 @@ static void tick_nohz_handler(struct clock_event_device *dev) - tick_program_event(hrtimer_get_expires(&ts->sched_timer), 1); - } - -+static inline void tick_nohz_activate(struct tick_sched *ts, int mode) -+{ -+ if (!tick_nohz_enabled) -+ return; -+ ts->nohz_mode = mode; -+ /* One update is enough */ -+ if (!test_and_set_bit(0, &tick_nohz_active)) -+ timers_update_migration(); -+} -+ - /** - * tick_nohz_switch_to_nohz - switch to nohz mode - */ -@@ -987,9 +997,6 @@ static void tick_nohz_switch_to_nohz(void) - if (tick_switch_to_oneshot(tick_nohz_handler)) - return; - -- tick_nohz_active = 1; -- ts->nohz_mode = NOHZ_MODE_LOWRES; -- - /* - * Recycle the hrtimer in ts, so we can share the - * hrtimer_forward with the highres code. -@@ -1001,6 +1008,7 @@ static void tick_nohz_switch_to_nohz(void) - hrtimer_forward_now(&ts->sched_timer, tick_period); - hrtimer_set_expires(&ts->sched_timer, next); - tick_program_event(next, 1); -+ tick_nohz_activate(ts, NOHZ_MODE_LOWRES); - } - - /* -@@ -1052,6 +1060,7 @@ static inline void tick_check_nohz_this_cpu(void) - - static inline void tick_nohz_switch_to_nohz(void) { } - static inline void tick_check_nohz_this_cpu(void) { } -+static inline void tick_nohz_activate(struct tick_sched *ts, int mode) { } - - #endif /* CONFIG_NO_HZ_COMMON */ - -@@ -1137,13 +1146,7 @@ void tick_setup_sched_timer(void) - - hrtimer_forward(&ts->sched_timer, now, tick_period); - hrtimer_start_expires(&ts->sched_timer, HRTIMER_MODE_ABS_PINNED); -- --#ifdef CONFIG_NO_HZ_COMMON -- if (tick_nohz_enabled) { -- ts->nohz_mode = NOHZ_MODE_HIGHRES; -- tick_nohz_active = 1; -- } --#endif -+ tick_nohz_activate(ts, NOHZ_MODE_HIGHRES); - } - #endif /* HIGH_RES_TIMERS */ - -diff --git a/kernel/time/timer_list.c b/kernel/time/timer_list.c -index 9174c0a..d7dd92a 100644 ---- a/kernel/time/timer_list.c -+++ b/kernel/time/timer_list.c -@@ -20,6 +20,7 @@ - - #include - -+#include "tick-internal.h" - - struct timer_list_iter { - int cpu; -@@ -29,8 +30,6 @@ struct timer_list_iter { - - typedef void (*print_fn_t)(struct seq_file *m, unsigned int *classes); - --DECLARE_PER_CPU(struct hrtimer_cpu_base, hrtimer_bases); -- - /* - * This allows printing both to /proc/timer_list and - * to the console (on SysRq-Q): -diff --git a/kernel/timer.c b/kernel/timer.c -index dc85e24..4fcb630 100644 ---- a/kernel/timer.c -+++ b/kernel/timer.c -@@ -49,6 +49,8 @@ - #include - #include - -+#include "time/tick-internal.h" -+ - #define CREATE_TRACE_POINTS - #include - -@@ -85,6 +87,7 @@ struct tvec_base { - unsigned long next_timer; - unsigned long active_timers; - int cpu; -+ bool migration_enabled; - struct tvec_root tv1; - struct tvec tv2; - struct tvec tv3; -@@ -97,6 +100,58 @@ struct tvec_base boot_tvec_bases; - EXPORT_SYMBOL(boot_tvec_bases); - static DEFINE_PER_CPU(struct tvec_base *, tvec_bases) = &boot_tvec_bases; - -+#if defined(CONFIG_SMP) && defined(CONFIG_NO_HZ_COMMON) -+unsigned int sysctl_timer_migration = 1; -+ -+void timers_update_migration(void) -+{ -+ bool on = sysctl_timer_migration && tick_nohz_active; -+ unsigned int cpu; -+ struct tvec_base *tvec_base = this_cpu_read(tvec_bases); -+ struct hrtimer_cpu_base *hrtimer_base = this_cpu_ptr(&hrtimer_bases); -+ -+ /* Avoid the loop, if nothing to update */ -+ if (tvec_base->migration_enabled == on) -+ return; -+ -+ for_each_possible_cpu(cpu) { -+ tvec_base = per_cpu(tvec_bases, cpu); -+ tvec_base->migration_enabled = on; -+ hrtimer_base = &per_cpu(hrtimer_bases, cpu); -+ hrtimer_base->migration_enabled = on; -+ } -+} -+ -+int timer_migration_handler(struct ctl_table *table, int write, -+ void __user *buffer, size_t *lenp, -+ loff_t *ppos) -+{ -+ static DEFINE_MUTEX(mutex); -+ int ret; -+ -+ mutex_lock(&mutex); -+ ret = proc_dointvec(table, write, buffer, lenp, ppos); -+ if (!ret && write) -+ timers_update_migration(); -+ mutex_unlock(&mutex); -+ return ret; -+} -+ -+static inline struct tvec_base *get_target_base(struct tvec_base *base, -+ int pinned) -+{ -+ if (pinned || !base->migration_enabled) -+ return this_cpu_read(tvec_bases); -+ return per_cpu(tvec_bases, get_nohz_timer_target()); -+} -+#else -+static inline struct tvec_base *get_target_base(struct tvec_base *base, -+ int pinned) -+{ -+ return this_cpu_read(tvec_bases); -+} -+#endif -+ - /* Functions below help us manage 'deferrable' flag */ - static inline unsigned int tbase_get_deferrable(struct tvec_base *base) - { -@@ -793,11 +848,11 @@ static inline struct tvec_base *switch_timer_base(struct timer_list *timer, - - static inline int - __mod_timer(struct timer_list *timer, unsigned long expires, -- bool pending_only, int pinned) -+ bool pending_only, int pinned) - { - struct tvec_base *base, *new_base; - unsigned long flags; -- int ret = 0 , cpu; -+ int ret = 0; - - timer_stats_timer_set_start_info(timer); - BUG_ON(!timer->function); -@@ -810,16 +865,7 @@ __mod_timer(struct timer_list *timer, unsigned long expires, - - debug_activate(timer, expires); - -- preempt_disable_rt(); -- cpu = smp_processor_id(); -- --#if defined(CONFIG_NO_HZ_COMMON) && defined(CONFIG_SMP) -- if (!pinned && get_sysctl_timer_migration()) -- cpu = get_nohz_timer_target(); --#endif -- preempt_enable_rt(); -- -- new_base = per_cpu(tvec_bases, cpu); -+ new_base = get_target_base(base, pinned); - - if (base != new_base) { - /* --- -1.8.3.1 - diff --git a/kernel/kernel-rt/centos/patches/turn-off-write-same-in-smartqpi-driver.patch b/kernel/kernel-rt/centos/patches/turn-off-write-same-in-smartqpi-driver.patch index 61dc4c1f4..5e18fa8d7 100644 --- a/kernel/kernel-rt/centos/patches/turn-off-write-same-in-smartqpi-driver.patch +++ b/kernel/kernel-rt/centos/patches/turn-off-write-same-in-smartqpi-driver.patch @@ -15,7 +15,7 @@ diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smart index 2c6b546..6968c48 100644 --- a/drivers/scsi/smartpqi/smartpqi_init.c +++ b/drivers/scsi/smartpqi/smartpqi_init.c -@@ -5843,6 +5843,7 @@ static struct scsi_host_template pqi_driver_template = { +@@ -5814,6 +5814,7 @@ static struct scsi_host_template pqi_driver_template = { .slave_alloc = pqi_slave_alloc, .sdev_attrs = pqi_sdev_attrs, .shost_attrs = pqi_shost_attrs, diff --git a/kernel/kernel-rt/centos/patches/x86-enable-DMA-CMA-with-swiotlb.patch b/kernel/kernel-rt/centos/patches/x86-enable-DMA-CMA-with-swiotlb.patch index 3cbe751a4..e10aadfa0 100644 --- a/kernel/kernel-rt/centos/patches/x86-enable-DMA-CMA-with-swiotlb.patch +++ b/kernel/kernel-rt/centos/patches/x86-enable-DMA-CMA-with-swiotlb.patch @@ -53,15 +53,13 @@ Signed-off-by: Jim Somerville arch/x86/kernel/amd_gart_64.c | 2 +- arch/x86/kernel/pci-swiotlb.c | 9 ++++++--- arch/x86/pci/sta2x11-fixup.c | 6 ++---- - include/linux/swiotlb.h | 2 ++ - lib/swiotlb.c | 2 +- - 7 files changed, 20 insertions(+), 10 deletions(-) + 5 files changed, 17 insertions(+), 9 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index bdcca71..f67aa39 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -44,7 +44,7 @@ config X86 +@@ -47,7 +47,7 @@ config X86 select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH if SMP select ARCH_WANT_OPTIONAL_GPIOLIB select ARCH_WANT_FRAME_POINTERS @@ -153,30 +151,6 @@ index 9d8a509..5ceda85 100644 .map_page = swiotlb_map_page, .unmap_page = swiotlb_unmap_page, .map_sg = swiotlb_map_sg_attrs, -diff --git a/include/linux/swiotlb.h b/include/linux/swiotlb.h -index 16c296a..65c4a7a 100644 ---- a/include/linux/swiotlb.h -+++ b/include/linux/swiotlb.h -@@ -117,4 +117,6 @@ static inline void swiotlb_free(void) { } - #endif - - extern void swiotlb_print_info(void); -+extern int is_swiotlb_buffer(phys_addr_t paddr); -+ - #endif /* __LINUX_SWIOTLB_H */ -diff --git a/lib/swiotlb.c b/lib/swiotlb.c -index ffcaff5..d89c82a 100644 ---- a/lib/swiotlb.c -+++ b/lib/swiotlb.c -@@ -404,7 +404,7 @@ void __init swiotlb_free(void) - io_tlb_nslabs = 0; - } - --static int is_swiotlb_buffer(phys_addr_t paddr) -+int is_swiotlb_buffer(phys_addr_t paddr) - { - return paddr >= io_tlb_start && paddr < io_tlb_end; - } -- 1.8.3.1 diff --git a/kernel/kernel-rt/centos/srpm_path b/kernel/kernel-rt/centos/srpm_path index 7250e62d6..ea91ad861 100644 --- a/kernel/kernel-rt/centos/srpm_path +++ b/kernel/kernel-rt/centos/srpm_path @@ -1 +1 @@ -mirror:Source/kernel-rt-3.10.0-862.11.6.rt56.819.el7.src.rpm +mirror:Source/kernel-rt-3.10.0-957.1.3.rt56.913.el7.src.rpm diff --git a/kernel/kernel-std/centos/build_srpm.data b/kernel/kernel-std/centos/build_srpm.data index 2789e6f6e..c06f85d68 100644 --- a/kernel/kernel-std/centos/build_srpm.data +++ b/kernel/kernel-std/centos/build_srpm.data @@ -1,4 +1,4 @@ COPY_LIST="files/*" -TIS_PATCH_VER=36 +TIS_PATCH_VER=1 BUILD_IS_BIG=11 BUILD_IS_SLOW=12 diff --git a/kernel/kernel-std/centos/meta_patches/Build-logic-and-sources-for-TiC.patch b/kernel/kernel-std/centos/meta_patches/Build-logic-and-sources-for-TiC.patch index d9998f9f1..8cdd2b3d9 100644 --- a/kernel/kernel-std/centos/meta_patches/Build-logic-and-sources-for-TiC.patch +++ b/kernel/kernel-std/centos/meta_patches/Build-logic-and-sources-for-TiC.patch @@ -17,29 +17,29 @@ index 1c3a765..f2499b4 100644 %define dist .el7 -# % define buildid .local -+# This is the WRS patch release ++# This is the STX patch release +%define buildid .%{tis_patch_ver}.tis # For a kernel released for public testing, released_kernel should be 1. # For internal testing builds during development, it should be 0. @@ -14,12 +15,14 @@ Summary: The Linux kernel - %global distro_build 862 + %global distro_build 957 %define rpmversion 3.10.0 --%define pkgrelease 862.11.6.el7 -+%define _pkgrelease 862.11.6 +-%define pkgrelease 957.1.3.el7 ++%define _pkgrelease 957.1.3 +%define pkgrelease %{_pkgrelease}.el7 + # allow pkg_release to have configurable %%{?dist} tag - %define specrelease 862.11.6%{?dist} + %define specrelease 957.1.3%{?dist} -%define pkg_release %{specrelease}%{?buildid} +%define pkg_release %{specrelease}%{buildid} # The kernel tarball/base version %define rheltarball %{rpmversion}-%{pkgrelease} -@@ -66,7 +69,7 @@ Summary: The Linux kernel +@@ -68,7 +71,7 @@ Summary: The Linux kernel %define with_dbgonly %{?_with_dbgonly: 1} %{?!_with_dbgonly: 0} # Control whether we perform a compat. check against published ABI. @@ -48,7 +48,7 @@ index 1c3a765..f2499b4 100644 # Control whether we perform a compat. check against DUP ABI. %define with_kabidupchk 1 -@@ -89,7 +92,7 @@ Summary: The Linux kernel +@@ -91,7 +94,7 @@ Summary: The Linux kernel # Set debugbuildsenabled to 1 for production (build separate debug kernels) # and 0 for rawhide (all kernels are debug kernels). # See also 'make debug' and 'make release'. RHEL only ever does 1. @@ -57,7 +57,7 @@ index 1c3a765..f2499b4 100644 %define with_gcov %{?_with_gcov: 1} %{?!_with_gcov: 0} -@@ -370,6 +373,7 @@ BuildRequires: bison flex +@@ -385,6 +388,7 @@ BuildRequires: bison flex # required for zfcpdump BuildRequires: glibc-static %endif @@ -65,11 +65,11 @@ index 1c3a765..f2499b4 100644 Source0: linux-%{rpmversion}-%{pkgrelease}.tar.xz -@@ -435,6 +439,12 @@ Patch1000: debrand-single-cpu.patch +@@ -450,6 +454,12 @@ Patch1000: debrand-single-cpu.patch Patch1001: debrand-rh_taint.patch Patch1002: debrand-rh-i686-cpu.patch -+# Titanium Cloud sources here. ++# StarlingX Cloud sources here. +# Not sure if we need to worry about numerical collisions between +# SourceX and PatchX, so let's not risk it +Source30000: kernel-3.10.0-x86_64.config.tis_extra @@ -78,9 +78,9 @@ index 1c3a765..f2499b4 100644 BuildRoot: %{_tmppath}/kernel-%{KVRA}-root %description -@@ -586,6 +596,13 @@ This package provides debug information for package kernel-tools. +@@ -612,6 +622,13 @@ manipulation of eBPF programs and maps. - %endif # with_tools + %endif # with_bpftool +%ifarch x86_64 +%package unsigned @@ -92,7 +92,7 @@ index 1c3a765..f2499b4 100644 %if %{with_gcov} %package gcov Summary: gcov graph and source files for coverage data collection. -@@ -751,6 +768,9 @@ cd linux-%{KVRA} +@@ -777,6 +794,9 @@ cd linux-%{KVRA} # Drop some necessary files from the source dir into the buildroot cp $RPM_SOURCE_DIR/kernel-%{version}-*.config . @@ -102,15 +102,15 @@ index 1c3a765..f2499b4 100644 ApplyOptionalPatch linux-kernel-test.patch ApplyOptionalPatch debrand-single-cpu.patch ApplyOptionalPatch debrand-rh_taint.patch -@@ -795,6 +815,15 @@ for i in *.config +@@ -821,6 +841,15 @@ for i in *.config do mv $i .config Arch=`head -1 .config | cut -b 3-` + -+ # Handle Titanium Cloud customizations. Use -n to match oldnoconfig below. We want this before ++ # Handle StarlingX Cloud customizations. Use -n to match oldnoconfig below. We want this before + # the make line below so that the one below removes any dependencies of ones that we + # turn off here. We also want it before "make listnewconfig" so that we can set the -+ # config option for new configs introduced in the Titanium Cloud patches. ++ # config option for new configs introduced in the StarlingX Cloud patches. + if [ -f ${i}.tis_extra ]; then + scripts/kconfig/merge_config.sh -m -n .config ${i}.tis_extra + fi @@ -118,7 +118,7 @@ index 1c3a765..f2499b4 100644 make %{?cross_opts} ARCH=$Arch listnewconfig | grep -E '^CONFIG_' >.newoptions || true %if %{listnewconfig_fail} if [ -s .newoptions ]; then -@@ -868,12 +897,13 @@ BuildKernel() { +@@ -894,12 +923,13 @@ BuildKernel() { # and now to start the build process @@ -133,7 +133,7 @@ index 1c3a765..f2499b4 100644 cp configs/$Config .config -@@ -888,8 +918,8 @@ BuildKernel() { +@@ -914,8 +944,8 @@ BuildKernel() { fi %endif @@ -144,25 +144,25 @@ index 1c3a765..f2499b4 100644 if [ "$Flavour" != "kdump" ]; then make -s %{?cross_opts} ARCH=$Arch V=1 %{?_smp_mflags} KCFLAGS="%{?kcflags}" WITH_GCOV="%{?with_gcov}" modules %{?sparse_mflags} || exit 1 -@@ -913,6 +943,8 @@ BuildKernel() { +@@ -939,6 +969,8 @@ BuildKernel() { fi # EFI SecureBoot signing, x86_64-only %ifarch x86_64 + cp $KernelImage vmlinuz.unsigned + $CopyKernel vmlinuz.unsigned $RPM_BUILD_ROOT/%{image_install_path}/vmlinuz.unsigned - %pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE13} + %pesign -s -i $KernelImage -o $KernelImage.signed -a %{SOURCE13} -c %{SOURCE14} -n %{pesign_name} mv $KernelImage.signed $KernelImage %endif -@@ -929,7 +961,7 @@ BuildKernel() { +@@ -955,7 +987,7 @@ BuildKernel() { if [ "$Flavour" != "kdump" ]; then # Override $(mod-fw) because we don't want it to install any firmware # we'll get it from the linux-firmware package and we don't want conflicts -- make -s %{?cross_opts} ARCH=$Arch INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_install KERNELRELEASE=$KernelVer mod-fw= -+ make -s -j"%(nproc)" %{?cross_opts} ARCH=$Arch INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_install KERNELRELEASE=$KernelVer mod-fw= +- make -s %{?cross_opts} %{?_smp_mflags} ARCH=$Arch INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_install KERNELRELEASE=$KernelVer mod-fw= ++ make -s -j"%(nproc)" %{?cross_opts} %{?_smp_mflags} ARCH=$Arch INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_install KERNELRELEASE=$KernelVer mod-fw= %if %{with_gcov} # install gcov-needed files to $BUILDROOT/$BUILD/...: # gcov_info->filename is absolute path -@@ -939,7 +971,7 @@ BuildKernel() { +@@ -965,7 +997,7 @@ BuildKernel() { %endif fi %ifarch %{vdso_arches} @@ -171,20 +171,20 @@ index 1c3a765..f2499b4 100644 if [ ! -s ldconfig-kernel.conf ]; then echo > ldconfig-kernel.conf "\ # Placeholder file, no vDSO hwcap entries used in this kernel." -@@ -1148,6 +1180,12 @@ BuildKernel() { +@@ -1174,6 +1206,12 @@ BuildKernel() { cp signing_key.priv signing_key.priv.sign${Flavour:+.${Flavour}} cp signing_key.x509 signing_key.x509.sign${Flavour:+.${Flavour}} -+ # WRS: Copy these keys as part of the devel package ++ # STX: Copy these keys as part of the devel package + # The Module signing keys are to ensure that only Out-of-tree -+ # built against the Titanium Kernel get signed and loaded sans warnings ++ # built against the StarlingX Kernel get signed and loaded sans warnings + cp signing_key.priv ${RPM_BUILD_ROOT}/lib/modules/${KernelVer}/build/ + cp signing_key.x509 ${RPM_BUILD_ROOT}/lib/modules/${KernelVer}/build/ + # remove files that will be auto generated by depmod at rpm -i time for i in alias alias.bin builtin.bin ccwmap dep dep.bin ieee1394map inputmap isapnpmap ofmap pcimap seriomap symbols symbols.bin usbmap softdep devname do -@@ -1208,15 +1246,15 @@ make %{?cross_opts} %{?_smp_mflags} -C tools/power/cpupower CPUFREQ_BENCH=false +@@ -1234,15 +1272,15 @@ make %{?cross_opts} %{?_smp_mflags} -C tools/power/cpupower CPUFREQ_BENCH=false %endif %ifarch x86_64 pushd tools/power/x86/x86_energy_perf_policy/ @@ -203,7 +203,7 @@ index 1c3a765..f2499b4 100644 popd %endif -@@ -1487,6 +1525,10 @@ fi}\ +@@ -1536,6 +1574,10 @@ fi}\ %{expand:\ %{_sbindir}/new-kernel-pkg --package kernel%{?-v:-%{-v*}} --install %{KVRA}%{?-v:.%{-v*}} || exit $?\ }\ @@ -214,7 +214,7 @@ index 1c3a765..f2499b4 100644 %{nil} # -@@ -1697,6 +1739,11 @@ fi +@@ -1756,6 +1798,11 @@ fi %kernel_variant_files %{with_debug} debug %kernel_variant_files %{with_kdump} kdump @@ -224,7 +224,7 @@ index 1c3a765..f2499b4 100644 +%endif + %changelog - * Tue Aug 14 2018 CentOS Sources - 3.10.0-862.11.6.el7 + * Mon Nov 26 2018 CentOS Sources - 3.10.0-957.1.3.el7 - Apply debranding changes -- 2.7.4 diff --git a/kernel/kernel-std/centos/meta_patches/Compile-issues.patch b/kernel/kernel-std/centos/meta_patches/Compile-issues.patch index cdee5a12e..092f88f0c 100644 --- a/kernel/kernel-std/centos/meta_patches/Compile-issues.patch +++ b/kernel/kernel-std/centos/meta_patches/Compile-issues.patch @@ -5,27 +5,30 @@ Subject: [PATCH 4/5] Compile issues Signed-off-by: Jim Somerville --- - SPECS/kernel.spec | 3 +++ - 1 file changed, 3 insertions(+) + SPECS/kernel.spec | 6 ++++++ + 1 file changed, 6 insertions(+) diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index 01dd989..d45c419 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec -@@ -474,6 +474,8 @@ Patch40024: aic94xx-Skip-reading-user-settings-if-flash-is-not-f.patch +@@ -489,6 +489,10 @@ Patch40024: aic94xx-Skip-reading-user-settings-if-flash-is-not-f.patch Patch40025: dpt_i2o-fix-build-warning.patch # DRBD was choking on write same Patch40026: turn-off-write-same-in-smartqpi-driver.patch +# Fix assorted compilation issues +Patch40027: fix-compilation-issues.patch ++# Fix CentOS 7.6 upgrade compile error ++Patch40028: fix-CentOS-7.6-upgrade-compile-error.patch BuildRoot: %{_tmppath}/kernel-%{KVRA}-root -@@ -833,6 +835,7 @@ ApplyOptionalPatch US103091-IMA-System-Configuration.patch +@@ -859,6 +863,8 @@ ApplyOptionalPatch US103091-IMA-System-Configuration.patch ApplyOptionalPatch aic94xx-Skip-reading-user-settings-if-flash-is-not-f.patch ApplyOptionalPatch dpt_i2o-fix-build-warning.patch ApplyOptionalPatch turn-off-write-same-in-smartqpi-driver.patch +ApplyOptionalPatch fix-compilation-issues.patch ++ApplyOptionalPatch fix-CentOS-7.6-upgrade-compile-error.patch # Any further pre-build tree manipulations happen here. diff --git a/kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch b/kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch index cc7d12017..935f059a8 100644 --- a/kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch +++ b/kernel/kernel-std/centos/meta_patches/Kernel-source-patches-for-TiC.patch @@ -12,11 +12,11 @@ diff --git a/SPECS/kernel.spec b/SPECS/kernel.spec index eef356a..f1a0092 100644 --- a/SPECS/kernel.spec +++ b/SPECS/kernel.spec -@@ -445,6 +445,36 @@ Patch1002: debrand-rh-i686-cpu.patch +@@ -460,6 +460,36 @@ Patch1002: debrand-rh-i686-cpu.patch Source30000: kernel-3.10.0-x86_64.config.tis_extra Source30001: ima_signing_key.pub -+# Titanium Cloud patches here. ++# StarlingX Cloud patches here. +Patch40001: Fix-compile-issue-when-transparent-hugepages-are-off.patch +Patch40002: Notification-of-death-of-arbitrary-processes.patch +Patch40003: CGTS-3744-route-do-not-cache-fib-route-info-on-local.patch @@ -49,11 +49,11 @@ index eef356a..f1a0092 100644 BuildRoot: %{_tmppath}/kernel-%{KVRA}-root %description -@@ -776,6 +806,34 @@ ApplyOptionalPatch debrand-single-cpu.patch +@@ -802,6 +832,34 @@ ApplyOptionalPatch debrand-single-cpu.patch ApplyOptionalPatch debrand-rh_taint.patch ApplyOptionalPatch debrand-rh-i686-cpu.patch -+# Titanium Cloud patches here. ++# StarlingX Cloud patches here. +ApplyOptionalPatch Fix-compile-issue-when-transparent-hugepages-are-off.patch +ApplyOptionalPatch Notification-of-death-of-arbitrary-processes.patch +ApplyOptionalPatch CGTS-3744-route-do-not-cache-fib-route-info-on-local.patch diff --git a/kernel/kernel-std/centos/patches/Affine-irqs-and-workqueues-with-kthread_cpus.patch b/kernel/kernel-std/centos/patches/Affine-irqs-and-workqueues-with-kthread_cpus.patch index 01e5261ed..ede67a3d0 100644 --- a/kernel/kernel-std/centos/patches/Affine-irqs-and-workqueues-with-kthread_cpus.patch +++ b/kernel/kernel-std/centos/patches/Affine-irqs-and-workqueues-with-kthread_cpus.patch @@ -32,7 +32,7 @@ diff --git a/kernel/irq/manage.c b/kernel/irq/manage.c index e639145..be46349 100644 --- a/kernel/irq/manage.c +++ b/kernel/irq/manage.c -@@ -366,6 +366,13 @@ setup_affinity(unsigned int irq, struct irq_desc *desc, struct cpumask *mask) +@@ -372,6 +372,13 @@ setup_affinity(unsigned int irq, struct irq_desc *desc, struct cpumask *mask) if (cpumask_intersects(mask, nodemask)) cpumask_and(mask, mask, nodemask); } @@ -50,7 +50,7 @@ diff --git a/kernel/workqueue.c b/kernel/workqueue.c index 179cbb2..9524a6f 100644 --- a/kernel/workqueue.c +++ b/kernel/workqueue.c -@@ -5424,6 +5424,8 @@ static int __init init_workqueues(void) +@@ -5441,6 +5441,8 @@ static int __init init_workqueues(void) BUG_ON(!(attrs = alloc_workqueue_attrs(GFP_KERNEL))); attrs->nice = std_nice[i]; @@ -59,7 +59,7 @@ index 179cbb2..9524a6f 100644 unbound_std_wq_attrs[i] = attrs; /* -@@ -5434,6 +5436,8 @@ static int __init init_workqueues(void) +@@ -5451,6 +5453,8 @@ static int __init init_workqueues(void) BUG_ON(!(attrs = alloc_workqueue_attrs(GFP_KERNEL))); attrs->nice = std_nice[i]; attrs->no_numa = true; diff --git a/kernel/kernel-std/centos/patches/CGTS-3744-route-do-not-cache-fib-route-info-on-local.patch b/kernel/kernel-std/centos/patches/CGTS-3744-route-do-not-cache-fib-route-info-on-local.patch index 57776310c..f477475c0 100644 --- a/kernel/kernel-std/centos/patches/CGTS-3744-route-do-not-cache-fib-route-info-on-local.patch +++ b/kernel/kernel-std/centos/patches/CGTS-3744-route-do-not-cache-fib-route-info-on-local.patch @@ -35,7 +35,7 @@ diff --git a/net/ipv4/route.c b/net/ipv4/route.c index f19aca2..5246096 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c -@@ -2057,6 +2057,17 @@ static struct rtable *__mkroute_output(const struct fib_result *res, +@@ -2121,6 +2121,17 @@ static struct rtable *__mkroute_output(const struct fib_result *res, */ if (fi && res->prefixlen < 4) fi = NULL; diff --git a/kernel/kernel-std/centos/patches/CPU-PM-expose-pm_qos_resume_latency-for-CPUs.patch b/kernel/kernel-std/centos/patches/CPU-PM-expose-pm_qos_resume_latency-for-CPUs.patch index dad1b90d2..693adabf5 100644 --- a/kernel/kernel-std/centos/patches/CPU-PM-expose-pm_qos_resume_latency-for-CPUs.patch +++ b/kernel/kernel-std/centos/patches/CPU-PM-expose-pm_qos_resume_latency-for-CPUs.patch @@ -39,15 +39,15 @@ diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c index 65e786d..91d620f 100644 --- a/drivers/base/cpu.c +++ b/drivers/base/cpu.c -@@ -16,6 +16,7 @@ +@@ -15,6 +15,7 @@ + #include #include #include - #include +#include #include "base.h" -@@ -319,6 +320,7 @@ int register_cpu(struct cpu *cpu, int num) +@@ -318,6 +319,7 @@ int register_cpu(struct cpu *cpu, int num) per_cpu(cpu_sys_devices, num) = &cpu->dev; if (!error) register_cpu_under_node(num, cpu_to_node(num)); diff --git a/kernel/kernel-std/centos/patches/Fix-compile-issue-when-transparent-hugepages-are-off.patch b/kernel/kernel-std/centos/patches/Fix-compile-issue-when-transparent-hugepages-are-off.patch index 581ff9dc0..fec105dcb 100644 --- a/kernel/kernel-std/centos/patches/Fix-compile-issue-when-transparent-hugepages-are-off.patch +++ b/kernel/kernel-std/centos/patches/Fix-compile-issue-when-transparent-hugepages-are-off.patch @@ -13,7 +13,7 @@ diff --git a/mm/swap.c b/mm/swap.c index 0982a35..6dcf38c 100644 --- a/mm/swap.c +++ b/mm/swap.c -@@ -998,8 +998,10 @@ void release_pages(struct page **pages, int nr, bool cold) +@@ -1040,8 +1040,10 @@ void release_pages(struct page **pages, int nr, bool cold) if (!put_page_testzero(page)) continue; diff --git a/kernel/kernel-std/centos/patches/Make-kernel-start-eth-devices-at-offset.patch b/kernel/kernel-std/centos/patches/Make-kernel-start-eth-devices-at-offset.patch index 068f0c854..ec1460636 100644 --- a/kernel/kernel-std/centos/patches/Make-kernel-start-eth-devices-at-offset.patch +++ b/kernel/kernel-std/centos/patches/Make-kernel-start-eth-devices-at-offset.patch @@ -23,7 +23,7 @@ index 92d6c59..238c90d 100644 set_bit(i, inuse); } -+ /* WRS extension, want kernel to start at eth1000 */ ++ /* STX extension, want kernel to start at eth1000 */ + if (strcmp(name, "eth%d") == 0) { + for (i=0; i < 1000; i++) + set_bit(i, inuse); diff --git a/kernel/kernel-std/centos/patches/Notification-of-death-of-arbitrary-processes.patch b/kernel/kernel-std/centos/patches/Notification-of-death-of-arbitrary-processes.patch index 66f2de45a..d215c7cd2 100644 --- a/kernel/kernel-std/centos/patches/Notification-of-death-of-arbitrary-processes.patch +++ b/kernel/kernel-std/centos/patches/Notification-of-death-of-arbitrary-processes.patch @@ -65,7 +65,7 @@ diff --git a/include/linux/sched.h b/include/linux/sched.h index d184652..ba6ae5c 100644 --- a/include/linux/sched.h +++ b/include/linux/sched.h -@@ -1631,6 +1631,12 @@ struct task_struct { +@@ -1649,6 +1649,12 @@ struct task_struct { short il_next; short pref_node_fork; #endif @@ -111,7 +111,7 @@ diff --git a/init/Kconfig b/init/Kconfig index 6ec689c..550cea4 100644 --- a/init/Kconfig +++ b/init/Kconfig -@@ -1538,6 +1538,21 @@ config VM_EVENT_COUNTERS +@@ -1580,6 +1580,21 @@ config VM_EVENT_COUNTERS on EXPERT systems. /proc/vmstat will only show page counts if VM event counters are disabled. @@ -137,10 +137,10 @@ diff --git a/kernel/Makefile b/kernel/Makefile index 2fb90fa..44a82c1 100644 --- a/kernel/Makefile +++ b/kernel/Makefile -@@ -112,6 +112,7 @@ obj-$(CONFIG_RING_BUFFER) += trace/ - obj-$(CONFIG_TRACEPOINTS) += trace/ +@@ -113,6 +113,7 @@ obj-$(CONFIG_TRACEPOINTS) += trace/ obj-$(CONFIG_IRQ_WORK) += irq_work.o obj-$(CONFIG_CPU_PM) += cpu_pm.o + obj-$(CONFIG_BPF) += bpf/ +obj-$(CONFIG_SIGEXIT) += death_notify.o obj-$(CONFIG_PERF_EVENTS) += events/ @@ -457,7 +457,7 @@ diff --git a/kernel/fork.c b/kernel/fork.c index c75422b..30dee92 100644 --- a/kernel/fork.c +++ b/kernel/fork.c -@@ -1471,6 +1471,10 @@ static struct task_struct *copy_process(unsigned long clone_flags, +@@ -1477,6 +1477,10 @@ static struct task_struct *copy_process(unsigned long clone_flags, p->sequential_io = 0; p->sequential_io_avg = 0; #endif @@ -472,7 +472,7 @@ diff --git a/kernel/signal.c b/kernel/signal.c index 35133a7..3f72ac0 100644 --- a/kernel/signal.c +++ b/kernel/signal.c -@@ -47,6 +47,9 @@ +@@ -46,6 +46,9 @@ #include #include #include "audit.h" /* audit_signal_info() */ @@ -482,7 +482,7 @@ index 35133a7..3f72ac0 100644 /* * SLAB caches for signal bits. -@@ -1744,6 +1747,10 @@ bool do_notify_parent(struct task_struct *tsk, int sig) +@@ -1740,6 +1743,10 @@ bool do_notify_parent(struct task_struct *tsk, int sig) __wake_up_parent(tsk, tsk->parent); spin_unlock_irqrestore(&psig->siglock, flags); @@ -493,7 +493,7 @@ index 35133a7..3f72ac0 100644 return autoreap; } -@@ -1815,6 +1822,10 @@ static void do_notify_parent_cldstop(struct task_struct *tsk, +@@ -1811,6 +1818,10 @@ static void do_notify_parent_cldstop(struct task_struct *tsk, */ __wake_up_parent(tsk, parent); spin_unlock_irqrestore(&sighand->siglock, flags); diff --git a/kernel/kernel-std/centos/patches/PCI-Add-ACS-quirk-for-Intel-Fortville-NICs.patch b/kernel/kernel-std/centos/patches/PCI-Add-ACS-quirk-for-Intel-Fortville-NICs.patch index 106be5d86..2bc689905 100644 --- a/kernel/kernel-std/centos/patches/PCI-Add-ACS-quirk-for-Intel-Fortville-NICs.patch +++ b/kernel/kernel-std/centos/patches/PCI-Add-ACS-quirk-for-Intel-Fortville-NICs.patch @@ -18,7 +18,7 @@ diff --git a/drivers/pci/quirks.c b/drivers/pci/quirks.c index 5614e3f..4a0bfed 100644 --- a/drivers/pci/quirks.c +++ b/drivers/pci/quirks.c -@@ -4289,6 +4289,10 @@ static const struct pci_dev_acs_enabled { +@@ -4401,6 +4401,10 @@ static const struct pci_dev_acs_enabled { /* I219 */ { PCI_VENDOR_ID_INTEL, 0x15b7, pci_quirk_mf_endpoint_acs }, { PCI_VENDOR_ID_INTEL, 0x15b8, pci_quirk_mf_endpoint_acs }, diff --git a/kernel/kernel-std/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch b/kernel/kernel-std/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch index ab797dc9b..76fa2bdcf 100644 --- a/kernel/kernel-std/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch +++ b/kernel/kernel-std/centos/patches/Porting-Cacheinfo-from-Kernel-4.10.17.patch @@ -47,7 +47,7 @@ This helps in: Signed-off-by: Jim Somerville --- Documentation/ABI/testing/sysfs-devices-system-cpu | 65 ++ - arch/x86/kernel/cpu/intel_cacheinfo.c | 830 +++++++-------------- + arch/x86/kernel/cpu/cacheinfo.c | 830 +++++++-------------- drivers/base/Makefile | 2 +- drivers/base/cacheinfo.c | 662 ++++++++++++++++ drivers/base/cpu.c | 54 ++ @@ -133,10 +133,10 @@ index ff65f15..7521be8 100644 What: /sys/devices/system/cpu/cpuX/cpufreq/throttle_stats /sys/devices/system/cpu/cpuX/cpufreq/throttle_stats/turbo_stat /sys/devices/system/cpu/cpuX/cpufreq/throttle_stats/sub_turbo_stat -diff --git a/arch/x86/kernel/cpu/intel_cacheinfo.c b/arch/x86/kernel/cpu/intel_cacheinfo.c +diff --git a/arch/x86/kernel/cpu/cacheinfo.c b/arch/x86/kernel/cpu/cacheinfo.c index d529019..bf23bd2 100644 ---- a/arch/x86/kernel/cpu/intel_cacheinfo.c -+++ b/arch/x86/kernel/cpu/intel_cacheinfo.c +--- a/arch/x86/kernel/cpu/cacheinfo.c ++++ b/arch/x86/kernel/cpu/cacheinfo.c @@ -1,5 +1,5 @@ /* - * Routines to indentify caches on Intel CPU. @@ -499,7 +499,7 @@ index d529019..bf23bd2 100644 return -EIO; /* better error ? */ this_leaf->eax = eax; -@@ -576,14 +631,14 @@ static int find_num_cache_leaves(struct cpuinfo_x86 *c) +@@ -576,7 +631,7 @@ static int find_num_cache_leaves(struct cpuinfo_x86 *c) /* Do cpuid(op) loop to find out num_cache_leaves */ cpuid_count(op, i, &eax, &ebx, &ecx, &edx); cache_eax.full = eax; @@ -508,6 +508,7 @@ index d529019..bf23bd2 100644 return i; } +@@ -622,7 +677,7 @@ void cacheinfo_amd_init_llc_id(struct cpuinfo_x86 *c, int cpu, u8 node_id) void init_amd_cacheinfo(struct cpuinfo_x86 *c) { @@ -516,7 +517,7 @@ index d529019..bf23bd2 100644 num_cache_leaves = find_num_cache_leaves(c); } else if (c->extended_cpuid_level >= 0x80000006) { if (cpuid_edx(0x80000006) & 0xf000) -@@ -600,7 +655,7 @@ unsigned int init_intel_cacheinfo(struct cpuinfo_x86 *c) +@@ -639,7 +694,7 @@ unsigned int init_intel_cacheinfo(struct cpuinfo_x86 *c) unsigned int new_l1d = 0, new_l1i = 0; /* Cache sizes from cpuid(4) */ unsigned int new_l2 = 0, new_l3 = 0, i; /* Cache sizes from cpuid(4) */ unsigned int l2_id = 0, l3_id = 0, num_threads_sharing, index_msb; @@ -525,7 +526,7 @@ index d529019..bf23bd2 100644 unsigned int cpu = c->cpu_index; #endif -@@ -618,36 +673,34 @@ unsigned int init_intel_cacheinfo(struct cpuinfo_x86 *c) +@@ -657,36 +712,34 @@ unsigned int init_intel_cacheinfo(struct cpuinfo_x86 *c) * parameters cpuid leaf to find the cache details */ for (i = 0; i < num_cache_leaves; i++) { @@ -587,7 +588,7 @@ index d529019..bf23bd2 100644 } } } -@@ -721,34 +774,40 @@ unsigned int init_intel_cacheinfo(struct cpuinfo_x86 *c) +@@ -760,34 +813,40 @@ unsigned int init_intel_cacheinfo(struct cpuinfo_x86 *c) if (new_l2) { l2 = new_l2; @@ -640,7 +641,7 @@ index d529019..bf23bd2 100644 int i, sibling; /* -@@ -757,40 +816,43 @@ static int cache_shared_amd_cpu_map_setup(unsigned int cpu, int index) +@@ -796,40 +855,43 @@ static int cache_shared_amd_cpu_map_setup(unsigned int cpu, int index) */ if (index == 3) { for_each_cpu(i, cpu_llc_shared_mask(cpu)) { @@ -697,7 +698,7 @@ index d529019..bf23bd2 100644 } } } else -@@ -799,72 +861,70 @@ static int cache_shared_amd_cpu_map_setup(unsigned int cpu, int index) +@@ -838,72 +900,70 @@ static int cache_shared_amd_cpu_map_setup(unsigned int cpu, int index) return 1; } @@ -814,7 +815,7 @@ index d529019..bf23bd2 100644 } /* -@@ -886,411 +946,37 @@ static void get_cache_id(int cpu, struct _cpuid4_info_regs *id4_regs) +@@ -925,411 +985,37 @@ static void get_cache_id(int cpu, struct _cpuid4_info_regs *id4_regs) int get_cpu_cache_id(int cpu, int level) { int i; @@ -1931,7 +1932,7 @@ diff --git a/drivers/base/cpu.c b/drivers/base/cpu.c index 290609b..65e786d 100644 --- a/drivers/base/cpu.c +++ b/drivers/base/cpu.c -@@ -340,6 +340,60 @@ struct device *get_cpu_device(unsigned cpu) +@@ -338,6 +338,60 @@ struct device *get_cpu_device(unsigned cpu) } EXPORT_SYMBOL_GPL(get_cpu_device); diff --git a/kernel/kernel-std/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch b/kernel/kernel-std/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch index 54440381a..ba81a997b 100644 --- a/kernel/kernel-std/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch +++ b/kernel/kernel-std/centos/patches/US101216-IMA-support-in-Titanium-kernel.patch @@ -31,7 +31,7 @@ diff --git a/fs/namei.c b/fs/namei.c index 9f90b63..bf91ea0 100644 --- a/fs/namei.c +++ b/fs/namei.c -@@ -3236,7 +3236,7 @@ opened: +@@ -3225,7 +3225,7 @@ opened: error = open_check_o_direct(file); if (error) goto exit_fput; @@ -44,7 +44,7 @@ diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 00e98c3..cb9250e 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c -@@ -883,7 +883,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, +@@ -898,7 +898,7 @@ nfsd_open(struct svc_rqst *rqstp, struct svc_fh *fhp, umode_t type, goto out_nfserr; } @@ -80,7 +80,7 @@ index eb6f994..2dbaf80 100644 void *i_private; /* fs or device private pointer */ }; -@@ -2827,7 +2826,6 @@ static inline bool inode_is_open_for_write(const struct inode *inode) +@@ -2830,7 +2829,6 @@ static inline bool inode_is_open_for_write(const struct inode *inode) return atomic_read(&inode->i_writecount) > 0; } @@ -88,7 +88,7 @@ index eb6f994..2dbaf80 100644 static inline void i_readcount_dec(struct inode *inode) { BUG_ON(!atomic_read(&inode->i_readcount)); -@@ -2837,16 +2835,7 @@ static inline void i_readcount_inc(struct inode *inode) +@@ -2840,16 +2838,7 @@ static inline void i_readcount_inc(struct inode *inode) { atomic_inc(&inode->i_readcount); } @@ -229,7 +229,7 @@ diff --git a/security/security.c b/security/security.c index f069482..646a0e3 100644 --- a/security/security.c +++ b/security/security.c -@@ -156,6 +156,110 @@ EXPORT_SYMBOL(unregister_lsm_notifier); +@@ -157,6 +157,110 @@ EXPORT_SYMBOL(unregister_lsm_notifier); /* Security operations */ @@ -340,7 +340,7 @@ index f069482..646a0e3 100644 int security_ptrace_access_check(struct task_struct *child, unsigned int mode) { #ifdef CONFIG_SECURITY_YAMA_STACKED -@@ -715,8 +819,11 @@ EXPORT_SYMBOL(security_inode_listsecurity); +@@ -716,8 +820,11 @@ EXPORT_SYMBOL(security_inode_listsecurity); void security_inode_getsecid(struct inode *inode, u32 *secid) { @@ -353,7 +353,7 @@ index f069482..646a0e3 100644 int security_inode_copy_up(struct dentry *src, struct cred **new) { -@@ -1525,6 +1632,7 @@ int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) +@@ -1526,6 +1633,7 @@ int security_audit_rule_init(u32 field, u32 op, char *rulestr, void **lsmrule) { return security_ops->audit_rule_init(field, op, rulestr, lsmrule); } @@ -361,13 +361,14 @@ index f069482..646a0e3 100644 int security_audit_rule_known(struct audit_krule *krule) { -@@ -1541,5 +1649,6 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, +@@ -1542,6 +1650,7 @@ int security_audit_rule_match(u32 secid, u32 field, u32 op, void *lsmrule, { return security_ops->audit_rule_match(secid, field, op, lsmrule, actx); } +EXPORT_SYMBOL_GPL(security_audit_rule_match); #endif /* CONFIG_AUDIT */ + -- 1.8.3.1 diff --git a/kernel/kernel-std/centos/patches/US103091-IMA-System-Configuration.patch b/kernel/kernel-std/centos/patches/US103091-IMA-System-Configuration.patch index 382fcc75e..c9fcdacb5 100644 --- a/kernel/kernel-std/centos/patches/US103091-IMA-System-Configuration.patch +++ b/kernel/kernel-std/centos/patches/US103091-IMA-System-Configuration.patch @@ -60,7 +60,7 @@ index 44a82c1..000b9a8 100644 obj-$(CONFIG_MODULES) += module.o obj-$(CONFIG_MODULE_SIG) += module_signing.o obj-$(CONFIG_MODULE_SIG_UEFI) += modsign_uefi.o -@@ -197,7 +197,45 @@ targets += $(obj)/.x509.list +@@ -199,7 +199,45 @@ targets += $(obj)/.x509.list $(obj)/.x509.list: @echo $(X509_CERTIFICATES) >$@ diff --git a/kernel/kernel-std/centos/patches/affine-compute-kernel-threads.patch b/kernel/kernel-std/centos/patches/affine-compute-kernel-threads.patch index 1997d3d46..5b0a632bb 100644 --- a/kernel/kernel-std/centos/patches/affine-compute-kernel-threads.patch +++ b/kernel/kernel-std/centos/patches/affine-compute-kernel-threads.patch @@ -42,7 +42,7 @@ diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-paramete index 1806170..2f7feb0 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -1539,6 +1539,16 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -1551,6 +1551,16 @@ bytes respectively. Such letter suffixes can also be entirely omitted. kpti [X86-64] Enable kernel page table isolation. @@ -83,7 +83,7 @@ diff --git a/init/main.c b/init/main.c index 085c9c5..089f83d 100644 --- a/init/main.c +++ b/init/main.c -@@ -956,10 +956,6 @@ static noinline void __init kernel_init_freeable(void) +@@ -959,10 +959,6 @@ static noinline void __init kernel_init_freeable(void) * init can allocate pages on any node */ set_mems_allowed(node_states[N_MEMORY]); @@ -94,7 +94,7 @@ index 085c9c5..089f83d 100644 cad_pid = task_pid(current); -@@ -975,6 +971,8 @@ static noinline void __init kernel_init_freeable(void) +@@ -978,6 +974,8 @@ static noinline void __init kernel_init_freeable(void) do_basic_setup(); @@ -107,7 +107,7 @@ diff --git a/kernel/cpu.c b/kernel/cpu.c index 0d9e250..6c156bd 100644 --- a/kernel/cpu.c +++ b/kernel/cpu.c -@@ -756,6 +756,19 @@ static DECLARE_BITMAP(cpu_active_bits, CONFIG_NR_CPUS) __read_mostly; +@@ -991,6 +991,19 @@ static DECLARE_BITMAP(cpu_active_bits, CONFIG_NR_CPUS) __read_mostly; const struct cpumask *const cpu_active_mask = to_cpumask(cpu_active_bits); EXPORT_SYMBOL(cpu_active_mask); diff --git a/kernel/kernel-std/centos/patches/cma-add-placement-specifier-for-cma-kernel-parameter.patch b/kernel/kernel-std/centos/patches/cma-add-placement-specifier-for-cma-kernel-parameter.patch index 5c41754d7..ab7fd499e 100644 --- a/kernel/kernel-std/centos/patches/cma-add-placement-specifier-for-cma-kernel-parameter.patch +++ b/kernel/kernel-std/centos/patches/cma-add-placement-specifier-for-cma-kernel-parameter.patch @@ -52,7 +52,7 @@ diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-paramete index 590c8c2..c8f8f82 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -579,8 +579,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -580,8 +580,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted. Also note the kernel might malfunction if you disable some critical bits. @@ -70,7 +70,7 @@ diff --git a/arch/x86/kernel/setup.c b/arch/x86/kernel/setup.c index 9eca4ac..4e39287 100644 --- a/arch/x86/kernel/setup.c +++ b/arch/x86/kernel/setup.c -@@ -1283,7 +1283,7 @@ void __init setup_arch(char **cmdline_p) +@@ -1298,7 +1298,7 @@ void __init setup_arch(char **cmdline_p) setup_real_mode(); memblock_set_current_limit(get_max_mapped()); diff --git a/kernel/kernel-std/centos/patches/fix-CentOS-7.6-upgrade-compile-error.patch b/kernel/kernel-std/centos/patches/fix-CentOS-7.6-upgrade-compile-error.patch new file mode 100644 index 000000000..9a29c7d0b --- /dev/null +++ b/kernel/kernel-std/centos/patches/fix-CentOS-7.6-upgrade-compile-error.patch @@ -0,0 +1,67 @@ +From 84a6fef49cb58415d9790947e65c34b09d99d356 Mon Sep 17 00:00:00 2001 +From: "Martin, Chen" +Date: Mon, 14 Jan 2019 19:58:07 +0000 +Subject: [PATCH] fix CentOS 7.6 upgrade compile error + +1, fix improper call of part_round_stats and part_inc_in_flight +in drbd_req.c, as CONFIG_BLK_DEV_DRBD=m defined in +kernel-3.10.0-x86_64.config.tis_extra + +2, add explicit declaration for trace_bpf_int_jit_compile, +trace_bpf_jit_compile, trace_bpf_jit_free, if pmd_read_atomic not +defined + +Signed-off-by: Martin, Chen +--- + drivers/block/drbd/drbd_req.c | 8 ++++---- + include/linux/filter.h | 4 ++++ + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/drivers/block/drbd/drbd_req.c b/drivers/block/drbd/drbd_req.c +index a6f13f7..cbd0a49 100644 +--- a/drivers/block/drbd/drbd_req.c ++++ b/drivers/block/drbd/drbd_req.c +@@ -39,12 +39,12 @@ static void _drbd_start_io_acct(struct drbd_conf *mdev, struct drbd_request *req + const int rw = bio_data_dir(req->master_bio); + int cpu; + cpu = part_stat_lock(); +- part_round_stats(cpu, &mdev->vdisk->part0); ++ part_round_stats(mdev->rq_queue, cpu, &mdev->vdisk->part0); + part_stat_inc(cpu, &mdev->vdisk->part0, ios[rw]); + part_stat_add(cpu, &mdev->vdisk->part0, sectors[rw], req->i.size >> 9); + (void) cpu; /* The macro invocations above want the cpu argument, I do not like + the compiler warning about cpu only assigned but never used... */ +- part_inc_in_flight(&mdev->vdisk->part0, rw); ++ part_inc_in_flight(mdev->rq_queue, &mdev->vdisk->part0, rw); + part_stat_unlock(); + } + +@@ -56,8 +56,8 @@ static void _drbd_end_io_acct(struct drbd_conf *mdev, struct drbd_request *req) + int cpu; + cpu = part_stat_lock(); + part_stat_add(cpu, &mdev->vdisk->part0, ticks[rw], duration); +- part_round_stats(cpu, &mdev->vdisk->part0); +- part_dec_in_flight(&mdev->vdisk->part0, rw); ++ part_round_stats(mdev->rq_queue, cpu, &mdev->vdisk->part0); ++ part_dec_in_flight(mdev->rq_queue, &mdev->vdisk->part0, rw); + part_stat_unlock(); + } + +diff --git a/include/linux/filter.h b/include/linux/filter.h +index cddbb31..15ce55f 100644 +--- a/include/linux/filter.h ++++ b/include/linux/filter.h +@@ -665,6 +665,10 @@ static inline bool bpf_jit_blinding_enabled(struct bpf_prog *prog) + return true; + } + #else ++struct bpf_prog * __weak trace_bpf_int_jit_compile(struct bpf_prog *prog); ++void __weak trace_bpf_jit_compile(struct bpf_prog *prog); ++void __weak trace_bpf_jit_free(struct bpf_prog *fp); ++ + static inline bool ebpf_jit_enabled(void) + { + return false; +-- +1.8.3.1 + diff --git a/kernel/kernel-std/centos/patches/intel-iommu-allow-ignoring-Ethernet-device-RMRR-with.patch b/kernel/kernel-std/centos/patches/intel-iommu-allow-ignoring-Ethernet-device-RMRR-with.patch index 320a6b743..a4c7546bb 100644 --- a/kernel/kernel-std/centos/patches/intel-iommu-allow-ignoring-Ethernet-device-RMRR-with.patch +++ b/kernel/kernel-std/centos/patches/intel-iommu-allow-ignoring-Ethernet-device-RMRR-with.patch @@ -59,7 +59,7 @@ diff --git a/Documentation/kernel-parameters.txt b/Documentation/kernel-paramete index 2f7feb0..590c8c2 100644 --- a/Documentation/kernel-parameters.txt +++ b/Documentation/kernel-parameters.txt -@@ -1303,6 +1303,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted. +@@ -1315,6 +1315,11 @@ bytes respectively. Such letter suffixes can also be entirely omitted. than 32-bit addressing. The default is to look for translation below 32-bit and if not available then look in the higher range. @@ -75,7 +75,7 @@ diff --git a/drivers/iommu/intel-iommu.c b/drivers/iommu/intel-iommu.c index 260597e..6c16b68 100644 --- a/drivers/iommu/intel-iommu.c +++ b/drivers/iommu/intel-iommu.c -@@ -504,6 +504,7 @@ static int dmar_forcedac; +@@ -480,6 +480,7 @@ static int dmar_forcedac; static int intel_iommu_strict; static int intel_iommu_superpage = 1; static int intel_iommu_ecs = 1; @@ -83,7 +83,7 @@ index 260597e..6c16b68 100644 /* We only actually use ECS when PASID support (on the new bit 40) * is also advertised. Some early implementations — the ones with -@@ -563,6 +564,15 @@ static int __init intel_iommu_setup(char *str) +@@ -539,6 +540,15 @@ static int __init intel_iommu_setup(char *str) } else if (!strncmp(str, "forcedac", 8)) { pr_info("Forcing DAC for PCI devices\n"); dmar_forcedac = 1; @@ -99,7 +99,7 @@ index 260597e..6c16b68 100644 } else if (!strncmp(str, "strict", 6)) { pr_info("Disable batched IOTLB flush\n"); intel_iommu_strict = 1; -@@ -2733,6 +2743,15 @@ static bool device_is_rmrr_locked(struct device *dev) +@@ -2779,6 +2789,15 @@ static bool device_is_rmrr_locked(struct device *dev) if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev)) return false; diff --git a/kernel/kernel-std/centos/patches/memblock-introduce-memblock_alloc_range.patch b/kernel/kernel-std/centos/patches/memblock-introduce-memblock_alloc_range.patch index a4be2b021..c894da01f 100644 --- a/kernel/kernel-std/centos/patches/memblock-introduce-memblock_alloc_range.patch +++ b/kernel/kernel-std/centos/patches/memblock-introduce-memblock_alloc_range.patch @@ -35,7 +35,7 @@ diff --git a/include/linux/memblock.h b/include/linux/memblock.h index 5a439c9..d6bcbef 100644 --- a/include/linux/memblock.h +++ b/include/linux/memblock.h -@@ -304,6 +304,8 @@ static inline bool memblock_bottom_up(void) { return false; } +@@ -306,6 +306,8 @@ static inline bool memblock_bottom_up(void) { return false; } #define MEMBLOCK_ALLOC_ANYWHERE (~(phys_addr_t)0) #define MEMBLOCK_ALLOC_ACCESSIBLE 0 diff --git a/kernel/kernel-std/centos/patches/turn-off-write-same-in-smartqpi-driver.patch b/kernel/kernel-std/centos/patches/turn-off-write-same-in-smartqpi-driver.patch index 9587d4f67..7952c445a 100644 --- a/kernel/kernel-std/centos/patches/turn-off-write-same-in-smartqpi-driver.patch +++ b/kernel/kernel-std/centos/patches/turn-off-write-same-in-smartqpi-driver.patch @@ -15,7 +15,7 @@ diff --git a/drivers/scsi/smartpqi/smartpqi_init.c b/drivers/scsi/smartpqi/smart index 2c6b546..6968c48 100644 --- a/drivers/scsi/smartpqi/smartpqi_init.c +++ b/drivers/scsi/smartpqi/smartpqi_init.c -@@ -5843,6 +5843,7 @@ static struct scsi_host_template pqi_driver_template = { +@@ -5814,6 +5814,7 @@ static struct scsi_host_template pqi_driver_template = { .slave_alloc = pqi_slave_alloc, .sdev_attrs = pqi_sdev_attrs, .shost_attrs = pqi_shost_attrs, diff --git a/kernel/kernel-std/centos/patches/x86-enable-DMA-CMA-with-swiotlb.patch b/kernel/kernel-std/centos/patches/x86-enable-DMA-CMA-with-swiotlb.patch index 506d84a6f..e69391e28 100644 --- a/kernel/kernel-std/centos/patches/x86-enable-DMA-CMA-with-swiotlb.patch +++ b/kernel/kernel-std/centos/patches/x86-enable-DMA-CMA-with-swiotlb.patch @@ -53,15 +53,13 @@ Signed-off-by: Jim Somerville arch/x86/kernel/amd_gart_64.c | 2 +- arch/x86/kernel/pci-swiotlb.c | 9 ++++++--- arch/x86/pci/sta2x11-fixup.c | 6 ++---- - include/linux/swiotlb.h | 2 ++ - lib/swiotlb.c | 2 +- - 7 files changed, 20 insertions(+), 10 deletions(-) + 5 files changed, 17 insertions(+), 9 deletions(-) diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig index 48ae099..9e841a5 100644 --- a/arch/x86/Kconfig +++ b/arch/x86/Kconfig -@@ -44,7 +44,7 @@ config X86 +@@ -47,7 +47,7 @@ config X86 select ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH if SMP select ARCH_WANT_OPTIONAL_GPIOLIB select ARCH_WANT_FRAME_POINTERS @@ -153,30 +151,6 @@ index 9d8a509..5ceda85 100644 .map_page = swiotlb_map_page, .unmap_page = swiotlb_unmap_page, .map_sg = swiotlb_map_sg_attrs, -diff --git a/include/linux/swiotlb.h b/include/linux/swiotlb.h -index 16c296a..65c4a7a 100644 ---- a/include/linux/swiotlb.h -+++ b/include/linux/swiotlb.h -@@ -117,4 +117,6 @@ static inline void swiotlb_free(void) { } - #endif - - extern void swiotlb_print_info(void); -+extern int is_swiotlb_buffer(phys_addr_t paddr); -+ - #endif /* __LINUX_SWIOTLB_H */ -diff --git a/lib/swiotlb.c b/lib/swiotlb.c -index ffcaff5..d89c82a 100644 ---- a/lib/swiotlb.c -+++ b/lib/swiotlb.c -@@ -404,7 +404,7 @@ void __init swiotlb_free(void) - io_tlb_nslabs = 0; - } - --static int is_swiotlb_buffer(phys_addr_t paddr) -+int is_swiotlb_buffer(phys_addr_t paddr) - { - return paddr >= io_tlb_start && paddr < io_tlb_end; - } -- 1.8.3.1 diff --git a/kernel/kernel-std/centos/srpm_path b/kernel/kernel-std/centos/srpm_path index 38c1a66b6..23abb4311 100644 --- a/kernel/kernel-std/centos/srpm_path +++ b/kernel/kernel-std/centos/srpm_path @@ -1,2 +1,2 @@ -mirror:Source/kernel-3.10.0-862.11.6.el7.src.rpm +mirror:Source/kernel-3.10.0-957.1.3.el7.src.rpm diff --git a/ldap/openldap/centos/meta_patches/Update-package-versioning-for-TIS-format.patch b/ldap/openldap/centos/meta_patches/Update-package-versioning-for-TIS-format.patch index 407283f8f..09f2e10f9 100644 --- a/ldap/openldap/centos/meta_patches/Update-package-versioning-for-TIS-format.patch +++ b/ldap/openldap/centos/meta_patches/Update-package-versioning-for-TIS-format.patch @@ -17,8 +17,8 @@ index c38f1bd..d35d73f 100644 Name: openldap Version: 2.4.44 --Release: 15%{?dist} -+Release: 15.el7_5%{?_tis_dist}.%{tis_patch_ver} +-Release: 20%{?dist} ++Release: 20.el7%{?_tis_dist}.%{tis_patch_ver} Summary: LDAP support libraries Group: System Environment/Daemons License: OpenLDAP diff --git a/ldap/openldap/centos/meta_patches/openldap-enable-password-policy.patch b/ldap/openldap/centos/meta_patches/openldap-enable-password-policy.patch index 7ec88d097..0163f23b3 100644 --- a/ldap/openldap/centos/meta_patches/openldap-enable-password-policy.patch +++ b/ldap/openldap/centos/meta_patches/openldap-enable-password-policy.patch @@ -11,7 +11,7 @@ diff --git a/SPECS/openldap.spec b/SPECS/openldap.spec index 66a1377..468ca0e 100644 --- a/SPECS/openldap.spec +++ b/SPECS/openldap.spec -@@ -64,6 +64,9 @@ Patch101: openldap-tlsmc.patch +@@ -71,6 +71,9 @@ Patch101: openldap-tlsmc.patch # Fedora specific patches Patch102: openldap-fedora-systemd.patch @@ -21,7 +21,7 @@ index 66a1377..468ca0e 100644 BuildRequires: cyrus-sasl-devel, nss-devel, openssl-devel, krb5-devel, tcp_wrappers-devel, unixODBC-devel BuildRequires: glibc-devel, libtool, libtool-ltdl-devel, groff, perl, perl-devel, perl(ExtUtils::Embed) Requires: nss-tools -@@ -178,6 +181,9 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi +@@ -190,6 +193,9 @@ AUTOMAKE=%{_bindir}/true autoreconf -fi %patch102 -p1 @@ -31,7 +31,7 @@ index 66a1377..468ca0e 100644 # build smbk5pwd with other overlays ln -s ../../../contrib/slapd-modules/smbk5pwd/smbk5pwd.c servers/slapd/overlays mv contrib/slapd-modules/smbk5pwd/README contrib/slapd-modules/smbk5pwd/README.smbk5pwd -@@ -302,12 +308,12 @@ install -d -m 740 %{buildroot}%{_sysconfdir}/openldap +@@ -312,12 +318,12 @@ install -d -m 740 %{buildroot}%{_sysconfdir}/openldap cat > %{buildroot}%{_sysconfdir}/openldap/check_password.conf < %{buildroot}%{_sysconfdir}/openldap/check_password.conf </dev/null @@ -36,7 +36,7 @@ index 85abac9..66a1377 100644 else %{_libexecdir}/openldap/convert-config.sh -f %{_datadir}/openldap-servers/slapd.ldif &>/dev/null fi -@@ -641,8 +641,8 @@ exit 0 +@@ -653,8 +653,8 @@ exit 0 %{_mandir}/man5/slapd*.5* %{_mandir}/man5/slapo-*.5* # obsolete configuration diff --git a/ldap/openldap/centos/patches/rootdn-should-not-bypass-ppolicy.patch b/ldap/openldap/centos/patches/rootdn-should-not-bypass-ppolicy.patch index 38e839244..797c8ad1f 100644 --- a/ldap/openldap/centos/patches/rootdn-should-not-bypass-ppolicy.patch +++ b/ldap/openldap/centos/patches/rootdn-should-not-bypass-ppolicy.patch @@ -4,20 +4,18 @@ Date: Tue, 11 Apr 2017 17:23:03 -0400 Subject: [PATCH] rootdn should not bypass ppolicy --- - servers/slapd/overlays/ppolicy.c | 13 ++++++++++--- - 1 file changed, 10 insertions(+), 3 deletions(-) + servers/slapd/overlays/ppolicy.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/servers/slapd/overlays/ppolicy.c b/servers/slapd/overlays/ppolicy.c index b446deb..fa79872 100644 --- a/servers/slapd/overlays/ppolicy.c +++ b/servers/slapd/overlays/ppolicy.c -@@ -1904,8 +1904,9 @@ ppolicy_modify( Operation *op, SlapReply *rs ) - } +@@ -1905,7 +1905,8 @@ ppolicy_modify( Operation *op, SlapReply *rs ) for(p=tl; p; p=p->next, hsize++); /* count history size */ } -- + - if (be_isroot( op )) goto do_modify; -+ + /* WRS UPDATE: Run ppolicy for all user password modify ops */ + //if (be_isroot( op )) goto do_modify; diff --git a/ldap/openldap/centos/srpm_path b/ldap/openldap/centos/srpm_path index 9ca4a1169..76892ba0e 100644 --- a/ldap/openldap/centos/srpm_path +++ b/ldap/openldap/centos/srpm_path @@ -1 +1 @@ -mirror:Source/openldap-2.4.44-15.el7_5.src.rpm +mirror:Source/openldap-2.4.44-20.el7.src.rpm diff --git a/logging/logrotate/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/logging/logrotate/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index b5361a125..19fdeb77d 100644 --- a/logging/logrotate/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/logging/logrotate/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -15,8 +15,8 @@ index c22af07..0dbde7d 100644 Summary: Rotates, compresses, removes and mails system log files Name: logrotate Version: 3.8.6 --Release: 15%{?dist} -+Release: 15.el7%{?_tis_dist}.%{tis_patch_ver} +-Release: 17%{?dist} ++Release: 17.el7%{?_tis_dist}.%{tis_patch_ver} License: GPL+ Group: System Environment/Base URL: https://github.com/logrotate/logrotate diff --git a/logging/logrotate/centos/meta_patches/0002-Add-upstream-patches.patch b/logging/logrotate/centos/meta_patches/0002-Add-upstream-patches.patch index 271eda812..7096e018c 100644 --- a/logging/logrotate/centos/meta_patches/0002-Add-upstream-patches.patch +++ b/logging/logrotate/centos/meta_patches/0002-Add-upstream-patches.patch @@ -11,9 +11,9 @@ diff --git a/SPECS/logrotate.spec b/SPECS/logrotate.spec index 0eac8bf..99a22ac 100644 --- a/SPECS/logrotate.spec +++ b/SPECS/logrotate.spec -@@ -48,6 +48,9 @@ Patch17: logrotate-3.8.6-config-mode-err.patch - # fix #1483800 - update references to project page - Patch18: logrotate-3.8.6-upstream-url.patch +@@ -54,6 +54,9 @@ Patch19: logrotate-3.8.6-monthly-dst.patch + # fix #1374550 - unlink destination file when rotation fails + Patch20: logrotate-3.8.6-unlink-on-failure.patch +Patch10001: 0001-createOutputFile-rename-already-existing-file.patch +Patch10002: 0002-createOutputFile-eliminate-stat-open-TOCTOU-race.patch @@ -21,9 +21,9 @@ index 0eac8bf..99a22ac 100644 Requires: coreutils >= 5.92 popt BuildRequires: libselinux-devel popt-devel libacl-devel acl BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) -@@ -85,6 +88,9 @@ log files on your system. - %patch17 -p1 - %patch18 -p1 +@@ -93,6 +96,9 @@ log files on your system. + %patch19 -p1 + %patch20 -p1 +%patch10001 -p1 +%patch10002 -p1 diff --git a/logging/logrotate/centos/srpm_path b/logging/logrotate/centos/srpm_path index b0dd56aac..4f7dfdd7c 100644 --- a/logging/logrotate/centos/srpm_path +++ b/logging/logrotate/centos/srpm_path @@ -1 +1 @@ -mirror:Source/logrotate-3.8.6-15.el7.src.rpm +mirror:Source/logrotate-3.8.6-17.el7.src.rpm diff --git a/networking/mellanox/libibverbs/centos/build_srpm.data b/networking/mellanox/libibverbs/centos/build_srpm.data index 0eac83bbb..8aeb55368 100644 --- a/networking/mellanox/libibverbs/centos/build_srpm.data +++ b/networking/mellanox/libibverbs/centos/build_srpm.data @@ -1 +1 @@ -TIS_PATCH_VER=4 +TIS_PATCH_VER=1 diff --git a/networking/mellanox/libibverbs/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/networking/mellanox/libibverbs/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index 2e617d9e6..67a1762b3 100644 --- a/networking/mellanox/libibverbs/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/networking/mellanox/libibverbs/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -16,8 +16,8 @@ index e55433c..74cb4d2 100644 Name: libibverbs Version: 41mlnx1 --Release: OFED.4.3.2.1.6.43302 -+Release: OFED.4.3.2.1.6.43302%{?_tis_dist}.%{tis_patch_ver} +-Release: OFED.4.5.0.1.0.45101 ++Release: OFED.4.5.0.1.0.45101%{?_tis_dist}.%{tis_patch_ver} Summary: A library for direct userspace use of RDMA (InfiniBand/iWARP) hardware Group: System Environment/Libraries diff --git a/networking/mellanox/libibverbs/centos/srpm_path b/networking/mellanox/libibverbs/centos/srpm_path index 7cd73d918..79c1f1b3c 100644 --- a/networking/mellanox/libibverbs/centos/srpm_path +++ b/networking/mellanox/libibverbs/centos/srpm_path @@ -1 +1 @@ -repo:stx/downloads/libibverbs-41mlnx1-OFED.4.3.2.1.6.43302.src.rpm +repo:stx/downloads/libibverbs-41mlnx1-OFED.4.5.0.1.0.45101.src.rpm diff --git a/networking/mellanox/rdma-core/centos/meta_patches/0001-Add-build-dependencies-and-package-versioning-for-Ti.patch b/networking/mellanox/rdma-core/centos/meta_patches/0001-Add-build-dependencies-and-package-versioning-for-Ti.patch index ba6d63124..3272f3187 100644 --- a/networking/mellanox/rdma-core/centos/meta_patches/0001-Add-build-dependencies-and-package-versioning-for-Ti.patch +++ b/networking/mellanox/rdma-core/centos/meta_patches/0001-Add-build-dependencies-and-package-versioning-for-Ti.patch @@ -8,8 +8,8 @@ Subject: [PATCH 1/1] Add build dependencies and package versioning for TiS Signed-off-by: eric zhang Signed-off-by: Jim Somerville --- - SPECS/rdma-core.spec | 13 +++++++++++-- - 1 file changed, 11 insertions(+), 2 deletions(-) + SPECS/rdma-core.spec | 12 ++++++++++-- + 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/SPECS/rdma-core.spec b/SPECS/rdma-core.spec index 7f9cd5b..6d81a28 100644 @@ -25,17 +25,16 @@ index 7f9cd5b..6d81a28 100644 %{!?cmake: %global cmake cmake} %{!?_udevrulesdir: %global _udevrulesdir /etc/udev/rules.d} -@@ -8,7 +14,8 @@ +@@ -8,7 +14,7 @@ Name: rdma-core - Version: 43mlnx1 --Release: 1%{?dist}.43302 -+Release: 1.43302%{?_tis_dist}.%{tis_patch_ver} -+ + Version: 45mlnx1 +-Release: 1%{?dist}.45101 ++Release: 1.45101%{?_tis_dist}.%{tis_patch_ver} Summary: RDMA core userspace libraries and daemons Group: System Environment/Libraries -@@ -24,7 +31,9 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) +@@ -26,7 +32,9 @@ BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRequires: binutils BuildRequires: gcc BuildRequires: python diff --git a/networking/mellanox/rdma-core/centos/srpm_path b/networking/mellanox/rdma-core/centos/srpm_path index 1846ede67..be3cdf818 100644 --- a/networking/mellanox/rdma-core/centos/srpm_path +++ b/networking/mellanox/rdma-core/centos/srpm_path @@ -1 +1 @@ -repo:stx/downloads/rdma-core-43mlnx1-1.43302.src.rpm +repo:stx/downloads/rdma-core-45mlnx1-1.45101.src.rpm diff --git a/networking/net-tools/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/networking/net-tools/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index d0f7cf66f..3b8f7792f 100644 --- a/networking/net-tools/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/networking/net-tools/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -3,8 +3,6 @@ From: Scott Little Date: Mon, 2 Oct 2017 16:42:22 -0400 Subject: [PATCH 2/2] WRS: 0001-Update-package-versioning-for-TIS-format.patch -Conflicts: - SPECS/net-tools.spec --- SPECS/net-tools.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) @@ -17,8 +15,8 @@ index 2f09372..c8b94cd 100644 Summary: Basic networking tools Name: net-tools Version: 2.0 --Release: 0.22.%{checkout}%{?dist} -+Release: 0.22.20131004git.el7%{?_tis_dist}.%{tis_patch_ver} +-Release: 0.24.%{checkout}%{?dist} ++Release: 0.24.20131004git.el7%{?_tis_dist}.%{tis_patch_ver} License: GPLv2+ Group: System Environment/Base URL: http://sourceforge.net/projects/net-tools/ diff --git a/networking/net-tools/centos/meta_patches/spec-to-include-TiS-patches.patch b/networking/net-tools/centos/meta_patches/spec-to-include-TiS-patches.patch index eccb7cc9a..36b766f87 100644 --- a/networking/net-tools/centos/meta_patches/spec-to-include-TiS-patches.patch +++ b/networking/net-tools/centos/meta_patches/spec-to-include-TiS-patches.patch @@ -3,8 +3,6 @@ From: Scott Little Date: Mon, 2 Oct 2017 16:42:22 -0400 Subject: [PATCH 1/2] WRS: spec-to-include-TiS-patches.patch -Conflicts: - SPECS/net-tools.spec --- SPECS/net-tools.spec | 7 +++++++ 1 file changed, 7 insertions(+) @@ -13,9 +11,9 @@ diff --git a/SPECS/net-tools.spec b/SPECS/net-tools.spec index 2ee770e..2f09372 100644 --- a/SPECS/net-tools.spec +++ b/SPECS/net-tools.spec -@@ -65,6 +65,10 @@ Patch23: net-tools-ifconfig-EiB.patch - # sctp was not documented in help and manpage - Patch24: net-tools-netstat-sctp-man.patch +@@ -68,6 +68,10 @@ Patch24: net-tools-netstat-sctp-man.patch + # output of interface names was restricted to 8-10 characters max + Patch25: net-tools-interface-name-len.patch +# WindRiver patches +Patch100: net-tools-hostname-ipv6-shortname.patch @@ -24,9 +22,9 @@ index 2ee770e..2f09372 100644 BuildRequires: gettext, libselinux BuildRequires: libselinux-devel BuildRequires: systemd-units -@@ -103,6 +107,9 @@ cp %SOURCE8 ./man/en_US - %patch23 -p1 -b .round-EiB +@@ -107,6 +111,9 @@ cp %SOURCE8 ./man/en_US %patch24 -p1 -b .sctp-man + %patch25 -p1 -b .interface-name-len +%patch100 -p1 -b .hostname-ipv6 +%patch101 -p1 -b .ifconfig-no-ifstate-on-flush diff --git a/networking/net-tools/centos/srpm_path b/networking/net-tools/centos/srpm_path index cc279a762..70f217433 100644 --- a/networking/net-tools/centos/srpm_path +++ b/networking/net-tools/centos/srpm_path @@ -1 +1 @@ -mirror:Source/net-tools-2.0-0.22.20131004git.el7.src.rpm +mirror:Source/net-tools-2.0-0.24.20131004git.el7.src.rpm diff --git a/networking/openvswitch/centos/meta_patches/PATCH_ORDER b/networking/openvswitch/centos/meta_patches/PATCH_ORDER index 1f219ff38..9fcda3431 100644 --- a/networking/openvswitch/centos/meta_patches/PATCH_ORDER +++ b/networking/openvswitch/centos/meta_patches/PATCH_ORDER @@ -2,6 +2,5 @@ 0002-dpdk-usertools.patch 0003-run-services-as-root-user.patch 0004-rpm-check-with-condition.patch -0005-enable-mlx-pmds.patch 0006-iommu-width-fix.patch 0007-net-mlx5-fix-memory-region-cache-lookup.patch diff --git a/python/python-2.7.5/centos/build_srpm.data b/python/python-2.7.5/centos/build_srpm.data index d3f64f336..0eac83bbb 100644 --- a/python/python-2.7.5/centos/build_srpm.data +++ b/python/python-2.7.5/centos/build_srpm.data @@ -1 +1 @@ -TIS_PATCH_VER=3 +TIS_PATCH_VER=4 diff --git a/python/python-2.7.5/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/python/python-2.7.5/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index d30960d23..c9d0cf319 100644 --- a/python/python-2.7.5/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/python/python-2.7.5/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -11,12 +11,12 @@ diff --git a/SPECS/python.spec b/SPECS/python.spec index 2af363e..c3706be 100644 --- a/SPECS/python.spec +++ b/SPECS/python.spec -@@ -106,7 +106,7 @@ Summary: An interpreted, interactive, object-oriented programming language +@@ -114,7 +114,7 @@ Summary: An interpreted, interactive, object-oriented programming language Name: %{python} # Remember to also rebase python-docs when changing this: Version: 2.7.5 --Release: 69%{?dist} -+Release: 69.el7_5%{?_tis_dist}.%{tis_patch_ver} +-Release: 76%{?dist} ++Release: 76.el7%{?_tis_dist}.%{tis_patch_ver} License: Python Group: Development/Languages Requires: %{python}-libs%{?_isa} = %{version}-%{release} diff --git a/python/python-2.7.5/centos/meta_patches/0002-Disable-unittest-check-phase.patch b/python/python-2.7.5/centos/meta_patches/0002-Disable-unittest-check-phase.patch index 04426cede..420c9eee9 100644 --- a/python/python-2.7.5/centos/meta_patches/0002-Disable-unittest-check-phase.patch +++ b/python/python-2.7.5/centos/meta_patches/0002-Disable-unittest-check-phase.patch @@ -11,7 +11,7 @@ diff --git a/SPECS/python.spec b/SPECS/python.spec index a9fd32f..1030c57 100644 --- a/SPECS/python.spec +++ b/SPECS/python.spec -@@ -54,7 +54,7 @@ +@@ -62,7 +62,7 @@ %global with_gdbm 1 # Turn this to 0 to turn off the "check" phase: diff --git a/python/python-2.7.5/centos/meta_patches/0003-Make-Python-Faster.patch b/python/python-2.7.5/centos/meta_patches/0003-Make-Python-Faster.patch index f49203739..612f5c9b4 100644 --- a/python/python-2.7.5/centos/meta_patches/0003-Make-Python-Faster.patch +++ b/python/python-2.7.5/centos/meta_patches/0003-Make-Python-Faster.patch @@ -11,7 +11,7 @@ diff --git a/SPECS/python.spec b/SPECS/python.spec index 94adb05..36289ea 100644 --- a/SPECS/python.spec +++ b/SPECS/python.spec -@@ -1259,6 +1259,8 @@ Patch305: 00305-CVE-2016-2183.patch +@@ -1301,6 +1301,8 @@ Patch306: 00306-fix-oserror-17-upon-semaphores-creation.patch # above: Patch5000: 05000-autotool-intermediates.patch @@ -20,7 +20,7 @@ index 94adb05..36289ea 100644 # ====================================================== # Additional metadata, and subpackages # ====================================================== -@@ -1670,6 +1672,7 @@ find -name "*~" |xargs rm -f +@@ -1719,6 +1721,7 @@ find -name "*~" |xargs rm -f %patch5000 -p0 -b .autotool-intermediates %endif @@ -28,7 +28,7 @@ index 94adb05..36289ea 100644 # ====================================================== # Configuring and building the code: -@@ -1800,7 +1803,7 @@ BuildPython debug \ +@@ -1849,7 +1852,7 @@ BuildPython debug \ BuildPython optimized \ python \ python%{pybasever} \ diff --git a/python/python-2.7.5/centos/meta_patches/0004-Turn-off-with_systemtap-to-disable-dtrace.patch b/python/python-2.7.5/centos/meta_patches/0004-Turn-off-with_systemtap-to-disable-dtrace.patch index 7c52f7e8a..38c739fa7 100644 --- a/python/python-2.7.5/centos/meta_patches/0004-Turn-off-with_systemtap-to-disable-dtrace.patch +++ b/python/python-2.7.5/centos/meta_patches/0004-Turn-off-with_systemtap-to-disable-dtrace.patch @@ -11,7 +11,7 @@ diff --git a/SPECS/python.spec b/SPECS/python.spec index 2441951..c2edce8 100644 --- a/SPECS/python.spec +++ b/SPECS/python.spec -@@ -42,7 +42,7 @@ +@@ -43,7 +43,7 @@ %global with_gdb_hooks 1 diff --git a/python/python-2.7.5/centos/srpm_path b/python/python-2.7.5/centos/srpm_path index d6afcb06f..4f555512b 100644 --- a/python/python-2.7.5/centos/srpm_path +++ b/python/python-2.7.5/centos/srpm_path @@ -1,2 +1,2 @@ -mirror:Source/python-2.7.5-69.el7_5.src.rpm +mirror:Source/python-2.7.5-76.el7.src.rpm diff --git a/security/shim-signed/centos/meta_patches/0001-Titanium-release-info.patch b/security/shim-signed/centos/meta_patches/0001-Titanium-release-info.patch index 78aebe62a..48fdb08bb 100644 --- a/security/shim-signed/centos/meta_patches/0001-Titanium-release-info.patch +++ b/security/shim-signed/centos/meta_patches/0001-Titanium-release-info.patch @@ -13,7 +13,7 @@ index d2a13b1..9cfcb2f 100644 +++ b/SPECS/shim-signed.spec @@ -1,6 +1,6 @@ Name: shim-signed - Version: 12 + Version: 15 -Release: 1%{?dist}%{?buildid} +Release: 1%{?_tis_dist}.%{tis_patch_ver} Summary: First-stage UEFI bootloader diff --git a/security/shim-signed/centos/meta_patches/0002-Use-presigned-binaries.patch b/security/shim-signed/centos/meta_patches/0002-Use-presigned-binaries.patch index baa00fd95..d9a3a12cd 100644 --- a/security/shim-signed/centos/meta_patches/0002-Use-presigned-binaries.patch +++ b/security/shim-signed/centos/meta_patches/0002-Use-presigned-binaries.patch @@ -4,30 +4,31 @@ new mode 100755 index 9cfcb2f..f6ce87e --- a/SPECS/shim-signed.spec +++ b/SPECS/shim-signed.spec -@@ -2,7 +2,6 @@ Name: shim-signed - Version: 12 +@@ -2,18 +2,20 @@ Name: shim-signed + Version: 15 Release: 1%{?_tis_dist}.%{tis_patch_ver} Summary: First-stage UEFI bootloader -%define unsigned_release 1%{?dist} License: BSD - URL: http://www.codon.org.uk/~mjg59/shim/ -@@ -16,10 +15,12 @@ Patch0004: 0004-Don-t-allow-sha1-on-the-mokutil-command-line.patch - Patch0005: 0005-Make-all-efi_guid_t-const.patch - Patch0006: 0006-mokutil-be-explicit-about-file-modes-in-all-cases.patch - Patch0007: 0007-Add-bash-completion-file.patch + URL: https://github.com/rhboot/shim/ + # incorporate mokutil for packaging simplicity + %global mokutil_version 0.3.0 +%global srcbasename shimx64 +%global srcbasenameia32 shimia32 - - Source1: centos.crt --Source10: shimx64.efi --Source11: shimia32.efi ++ + Source0: https://github.com/lcp/mokutil/archive/mokutil-%{mokutil_version}.tar.gz + Source1: centossecureboot001.crt + Source2: centos-ca-secureboot.der + %define pesign_name centossecureboot001 +-Source10: shimx64.efi +-Source11: shimia32.efi +Source10: %{srcbasename}.efi +Source11: %{srcbasenameia32}.efi - #Source12: shimaa64.efi - Source20: BOOTX64.CSV - Source21: BOOTIA32.CSV -@@ -47,11 +48,17 @@ BuildRequires: git + Source12: shimaa64.efi + Source20: BOOTX64.CSV + Source21: BOOTIA32.CSV +@@ -52,11 +54,17 @@ BuildRequires: git BuildRequires: openssl-devel openssl BuildRequires: pesign >= 0.106-5%{dist} BuildRequires: efivar-devel @@ -47,16 +48,16 @@ index 9cfcb2f..f6ce87e # for mokutil's configure BuildRequires: autoconf automake -@@ -143,39 +150,34 @@ cd .. +@@ -148,39 +156,34 @@ cd .. %define vendor_cert_str %{expand:%%{!?vendor_cert_nickname:-c "Red Hat Test Certificate"}%%{?vendor_cert_nickname:-c "%%{vendor_cert_nickname}"}} %ifarch %{ca_signed_arches} -pesign -i %{shimsrc} -h -P > shim%{efiarchlc}.hash -if ! cmp shim%{efiarchlc}.hash %{unsigned_dir}shim%{efiarchlc}.hash ; then -- echo Invalid signature\! > /dev/stderr -- echo saved hash is $(cat %{unsigned_dir}shim%{efiarchlc}.hash) > /dev/stderr -- echo shim%{efiarchlc}.efi hash is $(cat shim%{efiarchlc}.hash) > /dev/stderr -- exit 1 +- echo Invalid signature\! > /dev/stderr +- echo saved hash is $(cat %{unsigned_dir}shim%{efiarchlc}.hash) > /dev/stderr +- echo shim%{efiarchlc}.efi hash is $(cat shim%{efiarchlc}.hash) > /dev/stderr +- exit 1 + +# if we already have a presigned EFI image, then do not do signing -- just +# use the presigned one. @@ -70,10 +71,10 @@ index 9cfcb2f..f6ce87e %ifarch x86_64 -pesign -i %{shimsrcia32} -h -P > shimia32.hash -if ! cmp shimia32.hash %{unsigned_dir_ia32}shimia32.hash ; then -- echo Invalid signature\! > /dev/stderr -- echo saved hash is $(cat %{unsigned_dir_ia32}shimia32.hash) > /dev/stderr -- echo shimia32.efi hash is $(cat shimia32.hash) > /dev/stderr -- exit 1 +- echo Invalid signature\! > /dev/stderr +- echo saved hash is $(cat %{unsigned_dir_ia32}shimia32.hash) > /dev/stderr +- echo shimia32.efi hash is $(cat shimia32.hash) > /dev/stderr +- exit 1 +if [ -e %{unsigned_dir_ia32}%{srcbasenameia32}-presigned.efi ]; then + cp %{unsigned_dir_ia32}%{srcbasenameia32}-presigned.efi %{srcbasenameia32}.efi +else @@ -83,9 +84,9 @@ index 9cfcb2f..f6ce87e -%endif -%endif -%ifarch %{rh_signed_arches} --%pesign -s -i %{unsigned_dir}shim%{efiarchlc}.efi -a %{SOURCE1} -c %{SOURCE1} -o shim%{efiarchlc}-%{efidir}.efi +-%pesign -s -i %{unsigned_dir}shim%{efiarchlc}.efi -a %{SOURCE2} -c %{SOURCE1} -n %{pesign_name} -o shim%{efiarchlc}-%{efidir}.efi -%ifarch x86_64 --%pesign -s -i %{unsigned_dir_ia32}shimia32.efi -a %{SOURCE1} -c %{SOURCE1} -o shimia32-%{efidir}.efi +-%pesign -s -i %{unsigned_dir_ia32}shimia32.efi -a %{SOURCE2} -c %{SOURCE1} -n %{pesign_name} -o shimia32-%{efidir}.efi -%endif -%endif -%ifarch %{rh_signed_arches} @@ -94,54 +95,57 @@ index 9cfcb2f..f6ce87e %endif %endif --%pesign -s -i %{unsigned_dir}mm%{efiarchlc}.efi -o mm%{efiarchlc}.efi -a %{SOURCE1} -c %{SOURCE1} --%pesign -s -i %{unsigned_dir}fb%{efiarchlc}.efi -o fb%{efiarchlc}.efi -a %{SOURCE1} -c %{SOURCE1} +-%pesign -s -i %{unsigned_dir}mm%{efiarchlc}.efi -o mm%{efiarchlc}.efi -a %{SOURCE2} -c %{SOURCE1} -n %{pesign_name} +-%pesign -s -i %{unsigned_dir}fb%{efiarchlc}.efi -o fb%{efiarchlc}.efi -a %{SOURCE2} -c %{SOURCE1} -n %{pesign_name} +if [ -e %{unsigned_dir}mm%{efiarchlc}-presigned.efi ]; then + cp %{unsigned_dir}mm%{efiarchlc}-presigned.efi mm%{efiarchlc}.efi +else -+ %pesign -s -i %{unsigned_dir}mm%{efiarchlc}.efi -o mm%{efiarchlc}.efi -a %{SOURCE1} -c %{SOURCE1} ++ %pesign -s -i %{unsigned_dir}mm%{efiarchlc}.efi -o mm%{efiarchlc}.efi -a %{SOURCE2} -c %{SOURCE1} -n %{pesign_name} +fi +if [ -e %{unsigned_dir}fb%{efiarchlc}-presigned.efi ]; then + cp %{unsigned_dir}fb%{efiarchlc}-presigned.efi fb%{efiarchlc}.efi +else -+ %pesign -s -i %{unsigned_dir}fb%{efiarchlc}.efi -o fb%{efiarchlc}.efi -a %{SOURCE1} -c %{SOURCE1} ++ %pesign -s -i %{unsigned_dir}fb%{efiarchlc}.efi -o fb%{efiarchlc}.efi -a %{SOURCE2} -c %{SOURCE1} -n %{pesign_name} +fi %ifarch x86_64 - %pesign -s -i %{unsigned_dir_ia32}mmia32.efi -o mmia32.efi -a %{SOURCE1} -c %{SOURCE1} -@@ -191,7 +193,7 @@ make %{?_smp_mflags} + %pesign -s -i %{unsigned_dir_ia32}mmia32.efi -o mmia32.efi -a %{SOURCE2} -c %{SOURCE1} -n %{pesign_name} +@@ -196,7 +199,7 @@ make %{?_smp_mflags} rm -rf $RPM_BUILD_ROOT - install -D -d -m 0755 $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/ - install -m 0644 shim%{efiarchlc}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarchlc}.efi --install -m 0644 shim%{efiarchlc}-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi -+#install -m 0644 shim%{efiarchlc}-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi - install -m 0644 mm%{efiarchlc}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/mm%{efiarchlc}.efi - install -m 0644 %{bootsrc} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOT%{efiarch}.CSV + install -D -d -m 0700 $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/ + install -m 0700 shim%{efiarchlc}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarchlc}.efi +-install -m 0700 shim%{efiarchlc}-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi ++#install -m 0700 shim%{efiarchlc}-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi + install -m 0700 mm%{efiarchlc}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/mm%{efiarchlc}.efi + install -m 0700 mm%{efiarchlc}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/MokManager.efi + install -m 0700 %{bootsrc} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOT%{efiarch}.CSV +@@ -218,7 +221,7 @@ install -m 0700 %{bootsrc} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOT.CSV -@@ -211,7 +213,7 @@ install -m 0644 %{bootsrc} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOT.CSV - - install -m 0644 shimia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32.efi - install -m 0644 shimia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32.efi --install -m 0644 shimia32-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi -+#install -m 0644 shimia32-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi - install -m 0644 mmia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/mmia32.efi - install -m 0644 %{bootsrcia32} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOTIA32.CSV - -@@ -224,7 +226,7 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install + install -m 0700 shimia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32.efi + install -m 0700 shimia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32.efi +-install -m 0700 shimia32-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi ++#install -m 0700 shimia32-%{efidir}.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi + install -m 0700 mmia32.efi $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/mmia32.efi + install -m 0700 %{bootsrcia32} $RPM_BUILD_ROOT/boot/efi/EFI/%{efidir}/BOOTIA32.CSV +@@ -232,7 +235,7 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install %files -n shim-%{efiarchlc} + %defattr(0700,root,root,-) /boot/efi/EFI/%{efidir}/shim%{efiarchlc}.efi -/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi +#/boot/efi/EFI/%{efidir}/shim%{efiarchlc}-%{efidir}.efi /boot/efi/EFI/%{efidir}/mm%{efiarchlc}.efi + /boot/efi/EFI/%{efidir}/MokManager.efi /boot/efi/EFI/%{efidir}/BOOT%{efiarch}.CSV - /boot/efi/EFI/BOOT/BOOT%{efiarch}.EFI -@@ -236,7 +238,7 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install - +@@ -247,7 +250,7 @@ make PREFIX=%{_prefix} LIBDIR=%{_libdir} DESTDIR=%{buildroot} install %files -n shim-ia32 + %defattr(0700,root,root,-) /boot/efi/EFI/%{efidir}/shimia32.efi -/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi +#/boot/efi/EFI/%{efidir}/shimia32-%{efidir}.efi /boot/efi/EFI/%{efidir}/mmia32.efi /boot/efi/EFI/%{efidir}/BOOTIA32.CSV /boot/efi/EFI/BOOT/BOOTIA32.EFI +-- +1.8.3.1 + diff --git a/security/shim-signed/centos/srpm_path b/security/shim-signed/centos/srpm_path index 26e944f98..90af5a681 100644 --- a/security/shim-signed/centos/srpm_path +++ b/security/shim-signed/centos/srpm_path @@ -1 +1 @@ -mirror:Source/shim-signed-12-1.el7.centos.src.rpm +mirror:Source/shim-signed-15-1.el7.centos.src.rpm diff --git a/security/shim-unsigned/centos/meta_patches/0001-Ti-version-string.patch b/security/shim-unsigned/centos/meta_patches/0001-Ti-version-string.patch index 840528f8b..b38f191c2 100644 --- a/security/shim-unsigned/centos/meta_patches/0001-Ti-version-string.patch +++ b/security/shim-unsigned/centos/meta_patches/0001-Ti-version-string.patch @@ -16,7 +16,7 @@ index afd533b..de216b6 +++ b/SPECS/shim.spec @@ -1,6 +1,6 @@ Name: shim - Version: 12 + Version: 15 -Release: 1%{?dist} +Release: 1.el7%{?_tis_dist}.%{tis_patch_ver} Summary: First-stage UEFI bootloader diff --git a/security/shim-unsigned/centos/meta_patches/0002-Add-Ti-certificate.patch b/security/shim-unsigned/centos/meta_patches/0002-Add-Ti-certificate.patch index 4b52100ef..33fb501ad 100644 --- a/security/shim-unsigned/centos/meta_patches/0002-Add-Ti-certificate.patch +++ b/security/shim-unsigned/centos/meta_patches/0002-Add-Ti-certificate.patch @@ -4,8 +4,8 @@ Date: Mon, 15 Jan 2018 13:22:09 -0500 Subject: [PATCH 2/2] Add Ti certificate --- - SPECS/shim.spec | 5 +++++ - 1 file changed, 5 insertions(+) + SPECS/shim.spec | 4 ++++ + 1 file changed, 4 insertions(+) mode change 100644 => 100755 SPECS/shim.spec diff --git a/SPECS/shim.spec b/SPECS/shim.spec @@ -14,17 +14,18 @@ new mode 100755 index de216b6..83da6cd --- a/SPECS/shim.spec +++ b/SPECS/shim.spec -@@ -11,6 +11,9 @@ Source1: centos.crt - #Source2: dbx-x64.esl - #Source3: dbx-aa64.esl - Source4: shim-find-debuginfo.sh +@@ -12,8 +12,10 @@ Source0: https://github.com/mjg59/shim/releases/download/%{version}/shim- + #Source3: dbx-aa64.esl + Source4: shim-find-debuginfo.sh + Source5: centos.esl +Source1000: tis-shim.crt -+ -+Patch1000: 0001-Use-Titanium-certificate.patch + + Patch0: 0001-Add-vendor-esl.patch ++Patch1000: 0001-Use-Titanium-certificate.patch BuildRequires: git openssl-devel openssl BuildRequires: pesign >= 0.106-1 -@@ -101,6 +104,7 @@ git commit -a -q -m "%{version} baseline." +@@ -104,6 +106,7 @@ git commit -a -q -m "%{version} baseline." git am --ignore-whitespace %{patches} $@ - hexdump -v -e '1/1 "0x%02x, "' $< >> $@ + echo "static UINT8 shim_cert[] __attribute__((__unused__)) = {" > $@ + $(HEXDUMP) -v -e '1/1 "0x%02x, "' $< >> $@ echo "};" >> $@ -@@ -121,10 +131,10 @@ version.c : version.c.in - -e "s,@@COMMIT@@,$(COMMITID)," \ - < version.c.in > version.c +@@ -70,10 +74,10 @@ version.c : $(TOPDIR)/version.c.in + -e "s,@@COMMIT@@,$(COMMIT_ID)," \ + < $< > $@ -certdb/secmod.db: shim.crt +certdb/secmod.db: $(INTERNAL_CERT).crt -mkdir certdb -- pk12util -d certdb/ -i shim.p12 -W "" -K "" -- certutil -d certdb/ -A -i shim.crt -n shim -t u -+ pk12util -d certdb/ -i $(INTERNAL_CERT).p12 -W "" -K "" -+ certutil -d certdb/ -A -i $(INTERNAL_CERT).crt -n shim -t u +- $(PK12UTIL) -d certdb/ -i shim.p12 -W "" -K "" +- $(CERTUTIL) -d certdb/ -A -i shim.crt -n shim -t u ++ $(PK12UTIL) -d certdb/ -i $(INTERNAL_CERT).p12 -W "" -K "" ++ $(CERTUTIL) -d certdb/ -A -i $(INTERNAL_CERT).crt -n shim -t u - shim.o: $(SOURCES) shim_cert.h - shim.o: $(wildcard *.h) + shim.o: $(SOURCES) + ifneq ($(origin ENABLE_SHIM_CERT),undefined) -- 1.8.3.1 diff --git a/security/shim-unsigned/centos/srpm_path b/security/shim-unsigned/centos/srpm_path index 19f9a3f9e..eb27711fa 100644 --- a/security/shim-unsigned/centos/srpm_path +++ b/security/shim-unsigned/centos/srpm_path @@ -1 +1 @@ -mirror:Source/shim-12-1.el7.centos.src.rpm +mirror:Source/shim-15-1.el7.centos.src.rpm diff --git a/security/tboot/centos/build_srpm.data b/security/tboot/centos/build_srpm.data index 70b4b5dcb..8aeb55368 100644 --- a/security/tboot/centos/build_srpm.data +++ b/security/tboot/centos/build_srpm.data @@ -1 +1 @@ -TIS_PATCH_VER=2 +TIS_PATCH_VER=1 diff --git a/security/tboot/centos/meta_patches/0001-tboot-Update-package-versioning-for-TIS-format.patch b/security/tboot/centos/meta_patches/0001-tboot-Update-package-versioning-for-TIS-format.patch index 7e51ef7f3..4abd3cc5f 100644 --- a/security/tboot/centos/meta_patches/0001-tboot-Update-package-versioning-for-TIS-format.patch +++ b/security/tboot/centos/meta_patches/0001-tboot-Update-package-versioning-for-TIS-format.patch @@ -15,8 +15,8 @@ index 2f6f0a8..c2d5eb7 100644 Summary: Performs a verified launch using Intel TXT Name: tboot Version: 1.9.6 --Release: 2%{?dist} -+Release: 2.e17%{?_tis_dist}.%{tis_patch_ver} +-Release: 3%{?dist} ++Release: 3.e17%{?_tis_dist}.%{tis_patch_ver} Epoch: 1 Group: System Environment/Base @@ -26,7 +26,7 @@ index 2f6f0a8..c2d5eb7 100644 + BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) - Patch01: 0001-MANPATH-should-not-be-used-as-install-dir.patch + Patch01: ../patches/0001-Fix-a-logical-error-in-function-bool-evtlog_append.patch -- 2.7.4 diff --git a/security/tboot/centos/meta_patches/0002-TiS-tboot.patch b/security/tboot/centos/meta_patches/0002-TiS-tboot.patch index fdf2df5c3..4c0593abf 100644 --- a/security/tboot/centos/meta_patches/0002-TiS-tboot.patch +++ b/security/tboot/centos/meta_patches/0002-TiS-tboot.patch @@ -4,37 +4,26 @@ Date: Wed, 6 Dec 2017 08:47:12 -0500 Subject: [PATCH 1/1] TiS tboot --- - SPECS/tboot.spec | 11 +++++++++-- - 1 file changed, 9 insertions(+), 2 deletions(-) + SPECS/tboot.spec | 2 ++ + 1 file changed, 2 insertions(+) diff --git a/SPECS/tboot.spec b/SPECS/tboot.spec index c2d5eb7..f04dd17 100644 --- a/SPECS/tboot.spec +++ b/SPECS/tboot.spec -@@ -12,9 +12,10 @@ Source0: http://downloads.sourceforge.net/%{name}/%{name}-%{version}.tar. - BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) - - Patch01: 0001-MANPATH-should-not-be-used-as-install-dir.patch -+Patch999: 1000-tboot-for-tis.patch +@@ -27,6 +27,7 @@ Patch13: ../patches/0013-Add-centos7-instructions-for-Use-in-EFI-boot-mode.patch + Patch14: ../patches/0014-Ensure-tboot-log-is-available-even-when-measured-lau.patch + Patch15: ../patches/0015-Add-support-for-appending-to-a-TPM2-TCG-style-event-.patch + Patch16: ../patches/0016-Add-an-option-in-tboot-to-force-SINIT-to-use-the-leg.patch ++Patch999: ../patches/1000-tboot-for-tis.patch BuildRequires: trousers-devel --BuildRequires: openssl-devel -+BuildRequires: openssl-devel git - ExclusiveArch: x86_64 - - %description -@@ -24,7 +25,13 @@ and verified launch of an OS kernel/VMM. - - %prep - %setup -q --%patch01 -p1 -b .0001 -+ -+git init -+git config user.email "example@example.com" -+git config user.name "RHEL example" -+git add . -+git commit -a -q -m "baseline." -+git am %{patches} + BuildRequires: openssl-devel +@@ -56,6 +57,7 @@ and verified launch of an OS kernel/VMM. + %patch14 -p1 -b .0014 + %patch15 -p1 -b .0015 + %patch16 -p1 -b .0016 ++%patch999 -p1 %build CFLAGS="$RPM_OPT_FLAGS"; export CFLAGS diff --git a/security/tboot/centos/meta_patches/0003-security-set-immutable-attribute.patch b/security/tboot/centos/meta_patches/0003-security-set-immutable-attribute.patch index b9be1ae8e..1036e50f7 100644 --- a/security/tboot/centos/meta_patches/0003-security-set-immutable-attribute.patch +++ b/security/tboot/centos/meta_patches/0003-security-set-immutable-attribute.patch @@ -11,7 +11,7 @@ diff --git a/SPECS/tboot.spec b/SPECS/tboot.spec index f04dd17..1673095 100644 --- a/SPECS/tboot.spec +++ b/SPECS/tboot.spec -@@ -49,6 +49,13 @@ if [ -e "/sys/firmware/efi" ]; then +@@ -75,6 +75,13 @@ if [ -e "/sys/firmware/efi" ]; then exit 0; fi @@ -25,7 +25,7 @@ index f04dd17..1673095 100644 %install rm -rf $RPM_BUILD_ROOT make debug=y DISTDIR=$RPM_BUILD_ROOT install -@@ -56,6 +63,11 @@ make debug=y DISTDIR=$RPM_BUILD_ROOT install +@@ -82,6 +89,11 @@ make debug=y DISTDIR=$RPM_BUILD_ROOT install %clean rm -rf $RPM_BUILD_ROOT @@ -37,7 +37,7 @@ index f04dd17..1673095 100644 %files %defattr(-,root,root,-) %doc README COPYING docs/* lcptools/lcptools2.txt lcptools/Linux_LCP_Tools_User_Manual.pdf -@@ -92,8 +104,8 @@ rm -rf $RPM_BUILD_ROOT +@@ -118,8 +130,8 @@ rm -rf $RPM_BUILD_ROOT %{_mandir}/man8/lcp_writepol.8.gz %{_mandir}/man8/tb_polgen.8.gz %{_mandir}/man8/txt-stat.8.gz @@ -47,7 +47,7 @@ index f04dd17..1673095 100644 +%attr(0400,root,root) /boot/tboot-syms %changelog - * Thu Jan 25 2018 Tony Camuso - 1:1.9.6-2 + * Mon Jul 16 2018 Tony Camuso - 1:1.9.6-3 -- 2.7.4 diff --git a/security/tboot/centos/patches/1000-tboot-for-tis.patch b/security/tboot/centos/patches/1000-tboot-for-tis.patch index ddb8b0f8c..a12d40b08 100644 --- a/security/tboot/centos/patches/1000-tboot-for-tis.patch +++ b/security/tboot/centos/patches/1000-tboot-for-tis.patch @@ -94,15 +94,15 @@ diff --git a/tboot/common/policy.c b/tboot/common/policy.c index 9678b7c..5a16d81 100644 --- a/tboot/common/policy.c +++ b/tboot/common/policy.c -@@ -349,6 +349,7 @@ tb_error_t set_policy(void) +@@ -353,6 +353,7 @@ tb_error_t set_policy(void) * type is LCP_POLTYPE_LIST (since we could have been give a policy data * file even though the policy was not a LIST */ printk(TBOOT_INFO"reading Launch Control Policy from TPM NV...\n"); + - if ( read_policy_from_tpm(g_tpm->lcp_own_index, + if ( read_policy_from_tpm(tpm->lcp_own_index, _policy_index_buf, &policy_index_size) ) { printk(TBOOT_DETA"\t:%lu bytes read\n", policy_index_size); -@@ -408,6 +409,7 @@ bool hash_policy(tb_hash_t *hash, uint16_t hash_alg) +@@ -412,6 +413,7 @@ bool hash_policy(tb_hash_t *hash, uint16_t hash_alg) /* generate hash by hashing cmdline and module image */ static bool hash_module(hash_list_t *hl, @@ -110,7 +110,7 @@ index 9678b7c..5a16d81 100644 const char* cmdline, void *base, size_t size) { -@@ -416,6 +418,7 @@ static bool hash_module(hash_list_t *hl, +@@ -423,6 +425,7 @@ static bool hash_module(hash_list_t *hl, return false; } @@ -118,29 +118,29 @@ index 9678b7c..5a16d81 100644 /* final hash is SHA-1( SHA-1(cmdline) | SHA-1(image) ) */ /* where cmdline is first stripped of leading spaces, file name, then */ /* any spaces until the next non-space char */ -@@ -430,16 +433,17 @@ static bool hash_module(hash_list_t *hl, - switch (g_tpm->extpol) { +@@ -437,16 +440,17 @@ static bool hash_module(hash_list_t *hl, + switch (tpm->extpol) { case TB_EXTPOL_FIXED: hl->count = 1; -- hl->entries[0].alg = g_tpm->cur_alg; -+ // hl->entries[0].alg = g_tpm->cur_alg; +- hl->entries[0].alg = tpm->cur_alg; ++ // hl->entries[0].alg = tpm->cur_alg; + hl->entries[0].alg = cur_alg; if ( !hash_buffer((const unsigned char *)cmdline, strlen(cmdline), -- &hl->entries[0].hash, g_tpm->cur_alg) ) +- &hl->entries[0].hash, tpm->cur_alg) ) + &hl->entries[0].hash, cur_alg) ) return false; /* hash image and extend into cmdline hash */ tb_hash_t img_hash; -- if ( !hash_buffer(base, size, &img_hash, g_tpm->cur_alg) ) +- if ( !hash_buffer(base, size, &img_hash, tpm->cur_alg) ) + if ( !hash_buffer(base, size, &img_hash, cur_alg) ) return false; -- if ( !extend_hash(&hl->entries[0].hash, &img_hash, g_tpm->cur_alg) ) +- if ( !extend_hash(&hl->entries[0].hash, &img_hash, tpm->cur_alg) ) + if ( !extend_hash(&hl->entries[0].hash, &img_hash, cur_alg) ) return false; break; -@@ -635,7 +639,7 @@ static tb_error_t verify_module(module_t *module, tb_policy_entry_t *pol_entry, +@@ -643,7 +647,7 @@ static tb_error_t verify_module(module_t *module, tb_policy_entry_t *pol_entry, } hash_list_t hl; @@ -149,7 +149,7 @@ index 9678b7c..5a16d81 100644 printk(TBOOT_ERR"\t hash cannot be generated.\n"); return TB_ERR_MODULE_VERIFICATION_FAILED; } -@@ -659,6 +663,8 @@ static tb_error_t verify_module(module_t *module, tb_policy_entry_t *pol_entry, +@@ -667,6 +671,8 @@ static tb_error_t verify_module(module_t *module, tb_policy_entry_t *pol_entry, if ( pol_entry != NULL && !is_hash_in_policy_entry(pol_entry, &hl.entries[0].hash, hash_alg) ) { printk(TBOOT_ERR"\t verification failed\n"); @@ -171,7 +171,7 @@ index b9b67c9..b7c5d62 100644 index, offset, ret); ti->error = ret; return false; -@@ -2505,8 +2505,9 @@ static bool tpm20_init(struct tpm_if *ti) +@@ -2504,8 +2504,9 @@ static bool tpm20_init(struct tpm_if *ti) get_tboot_extpol(); if (info_list->capabilities.tpm_nv_index_set == 0){ /* init NV index */ diff --git a/security/tboot/centos/srpm_path b/security/tboot/centos/srpm_path index c36bb4899..97d222fd6 100644 --- a/security/tboot/centos/srpm_path +++ b/security/tboot/centos/srpm_path @@ -1 +1 @@ -mirror:Source/tboot-1.9.6-2.el7.src.rpm +mirror:Source/tboot-1.9.6-3.el7.src.rpm diff --git a/security/tpm2-tools/centos/build_srpm.data b/security/tpm2-tools/centos/build_srpm.data index ece53b3fc..13364eb8b 100644 --- a/security/tpm2-tools/centos/build_srpm.data +++ b/security/tpm2-tools/centos/build_srpm.data @@ -1,2 +1,2 @@ #COPY_LIST="tpm2-tools/*" -TIS_PATCH_VER=2 +TIS_PATCH_VER=0 diff --git a/security/tpm2-tools/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch b/security/tpm2-tools/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch index 6cc12c328..b8f1f68ac 100644 --- a/security/tpm2-tools/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch +++ b/security/tpm2-tools/centos/meta_patches/0001-Update-package-versioning-for-TIS-format.patch @@ -3,11 +3,10 @@ From: Scott Little Date: Mon, 2 Oct 2017 17:30:57 -0400 Subject: [PATCH] WRS: 0001-Update-package-versioning-for-TIS-format.patch -Conflicts: - SPECS/tpm2-tools.spec + --- - SPECS/tpm2-tools.spec | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) + SPECS/tpm2-tools.spec | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SPECS/tpm2-tools.spec b/SPECS/tpm2-tools.spec index 935580d..12aa6a0 100644 @@ -15,21 +14,12 @@ index 935580d..12aa6a0 100644 +++ b/SPECS/tpm2-tools.spec @@ -1,6 +1,6 @@ Name: tpm2-tools - Version: 3.0.1 --Release: 1%{?dist} -+Release: 1.el7%{?_tis_dist}.%{tis_patch_ver} + Version: 3.0.4 +-Release: 2%{?dist} ++Release: 2.el7%{?_tis_dist}.%{tis_patch_ver} Summary: A TPM2.0 testing tool build upon TPM2.0-TSS License: BSD -@@ -33,7 +33,7 @@ BuildRequires: pkgconfig(tcti-tabrmd) - ExclusiveArch: %{ix86} x86_64 - - # tpm2-tools is heavily depending on TPM2.0-TSS project, matched tss is required --Requires: tpm2-tss%{?_isa} >= 1.3.0-1%{?dist} -+Requires: tpm2-tss%{?_isa} = 1.3.0-2.el7 - - # tpm2-tools project changed the install path for binaries and man page section - Obsoletes: tpm2-tools <= 2.1.0-2 -- 2.7.4 diff --git a/security/tpm2-tools/centos/meta_patches/disable-socket-mode-TCTI.patch b/security/tpm2-tools/centos/meta_patches/disable-socket-mode-TCTI.patch index 2decd2d67..26949b7fe 100644 --- a/security/tpm2-tools/centos/meta_patches/disable-socket-mode-TCTI.patch +++ b/security/tpm2-tools/centos/meta_patches/disable-socket-mode-TCTI.patch @@ -11,7 +11,7 @@ diff --git a/SPECS/tpm2-tools.spec b/SPECS/tpm2-tools.spec index 308ecfa..935580d 100644 --- a/SPECS/tpm2-tools.spec +++ b/SPECS/tpm2-tools.spec -@@ -46,7 +46,7 @@ tpm2-tools is a batch of testing tools for tpm2.0. It is based on tpm2-tss. +@@ -43,7 +43,7 @@ tpm2-tools is a batch of testing tools for tpm2.0. It is based on tpm2-tss. ./bootstrap %build diff --git a/security/tpm2-tools/centos/srpm_path b/security/tpm2-tools/centos/srpm_path index 506bd9824..a145dab60 100644 --- a/security/tpm2-tools/centos/srpm_path +++ b/security/tpm2-tools/centos/srpm_path @@ -1 +1 @@ -mirror:Source/tpm2-tools-3.0.1-1.el7.src.rpm +mirror:Source/tpm2-tools-3.0.4-2.el7.src.rpm