diff --git a/kernel-6.6-mamba-64GB-config b/kernel-6.6-mamba-64GB-config index bd5320e..2f782ea 100644 --- a/kernel-6.6-mamba-64GB-config +++ b/kernel-6.6-mamba-64GB-config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/i386 6.6.58 Kernel Configuration +# Linux/i386 6.6.67 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 14.2.1 20240909" CONFIG_CC_IS_GCC=y @@ -895,12 +895,12 @@ CONFIG_ASM_MODVERSIONS=y CONFIG_MODULE_SIG=y # CONFIG_MODULE_SIG_FORCE is not set CONFIG_MODULE_SIG_ALL=y -CONFIG_MODULE_SIG_SHA1=y +# CONFIG_MODULE_SIG_SHA1 is not set # CONFIG_MODULE_SIG_SHA224 is not set # CONFIG_MODULE_SIG_SHA256 is not set # CONFIG_MODULE_SIG_SHA384 is not set -# CONFIG_MODULE_SIG_SHA512 is not set -CONFIG_MODULE_SIG_HASH="sha1" +CONFIG_MODULE_SIG_SHA512=y +CONFIG_MODULE_SIG_HASH="sha512" CONFIG_MODULE_COMPRESS_NONE=y # CONFIG_MODULE_COMPRESS_GZIP is not set # CONFIG_MODULE_COMPRESS_XZ is not set @@ -2016,7 +2016,6 @@ CONFIG_MAC80211_RC_DEFAULT="minstrel_ht" CONFIG_MAC80211_MESH=y CONFIG_MAC80211_LEDS=y # CONFIG_MAC80211_DEBUGFS is not set -# CONFIG_MAC80211_MESSAGE_TRACING is not set # CONFIG_MAC80211_DEBUG_MENU is not set CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 CONFIG_RFKILL=m @@ -2623,6 +2622,7 @@ CONFIG_ZRAM_DEF_COMP_LZORLE=y # CONFIG_ZRAM_DEF_COMP_842 is not set CONFIG_ZRAM_DEF_COMP="lzo-rle" # CONFIG_ZRAM_WRITEBACK is not set +# CONFIG_ZRAM_TRACK_ENTRY_ACTIME is not set # CONFIG_ZRAM_MEMORY_TRACKING is not set # CONFIG_ZRAM_MULTI_COMP is not set CONFIG_BLK_DEV_LOOP=y @@ -3976,7 +3976,6 @@ CONFIG_BRCMUTIL=m CONFIG_BRCMSMAC=m CONFIG_BRCMSMAC_LEDS=y # CONFIG_BRCMFMAC is not set -# CONFIG_BRCM_TRACING is not set # CONFIG_BRCMDBG is not set CONFIG_WLAN_VENDOR_CISCO=y CONFIG_AIRO=m diff --git a/kernel-6.6-mamba-aarch64-config b/kernel-6.6-mamba-aarch64-config index 748f1ef..4f9cc9f 100644 --- a/kernel-6.6-mamba-aarch64-config +++ b/kernel-6.6-mamba-aarch64-config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 6.6.58 Kernel Configuration +# Linux/arm64 6.6.67 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 14.2.1 20240909" CONFIG_CC_IS_GCC=y @@ -529,7 +529,6 @@ CONFIG_ARM64_EPAN=y # end of ARMv8.7 architectural features CONFIG_ARM64_SVE=y -CONFIG_ARM64_SME=y CONFIG_ARM64_PSEUDO_NMI=y # CONFIG_ARM64_DEBUG_PRIORITY_MASKING is not set CONFIG_RELOCATABLE=y @@ -868,12 +867,12 @@ CONFIG_ASM_MODVERSIONS=y CONFIG_MODULE_SIG=y # CONFIG_MODULE_SIG_FORCE is not set CONFIG_MODULE_SIG_ALL=y -CONFIG_MODULE_SIG_SHA1=y +# CONFIG_MODULE_SIG_SHA1 is not set # CONFIG_MODULE_SIG_SHA224 is not set # CONFIG_MODULE_SIG_SHA256 is not set # CONFIG_MODULE_SIG_SHA384 is not set -# CONFIG_MODULE_SIG_SHA512 is not set -CONFIG_MODULE_SIG_HASH="sha1" +CONFIG_MODULE_SIG_SHA512=y +CONFIG_MODULE_SIG_HASH="sha512" CONFIG_MODULE_COMPRESS_NONE=y # CONFIG_MODULE_COMPRESS_GZIP is not set # CONFIG_MODULE_COMPRESS_XZ is not set @@ -1993,7 +1992,6 @@ CONFIG_MAC80211_RC_DEFAULT="minstrel_ht" # CONFIG_MAC80211_MESH is not set CONFIG_MAC80211_LEDS=y # CONFIG_MAC80211_DEBUGFS is not set -# CONFIG_MAC80211_MESSAGE_TRACING is not set # CONFIG_MAC80211_DEBUG_MENU is not set CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 CONFIG_RFKILL=m @@ -2721,6 +2719,7 @@ CONFIG_ZRAM_DEF_COMP_LZORLE=y # CONFIG_ZRAM_DEF_COMP_842 is not set CONFIG_ZRAM_DEF_COMP="lzo-rle" # CONFIG_ZRAM_WRITEBACK is not set +# CONFIG_ZRAM_TRACK_ENTRY_ACTIME is not set # CONFIG_ZRAM_MEMORY_TRACKING is not set # CONFIG_ZRAM_MULTI_COMP is not set CONFIG_BLK_DEV_LOOP=y @@ -4129,7 +4128,6 @@ CONFIG_BRCMFMAC_PROTO_MSGBUF=y CONFIG_BRCMFMAC_SDIO=y CONFIG_BRCMFMAC_USB=y CONFIG_BRCMFMAC_PCIE=y -# CONFIG_BRCM_TRACING is not set # CONFIG_BRCMDBG is not set CONFIG_WLAN_VENDOR_CISCO=y CONFIG_AIRO=m @@ -10759,10 +10757,8 @@ CONFIG_COMMON_CLK_MT8192_VDECSYS=y CONFIG_COMMON_CLK_MT8192_VENCSYS=y CONFIG_COMMON_CLK_MT8195=y CONFIG_COMMON_CLK_MT8195_APUSYS=m -CONFIG_COMMON_CLK_MT8195_AUDSYS=m CONFIG_COMMON_CLK_MT8195_IMP_IIC_WRAP=m CONFIG_COMMON_CLK_MT8195_MFGCFG=m -CONFIG_COMMON_CLK_MT8195_MSDC=m CONFIG_COMMON_CLK_MT8195_SCP_ADSP=m CONFIG_COMMON_CLK_MT8195_VDOSYS=m CONFIG_COMMON_CLK_MT8195_VPPSYS=m diff --git a/kernel-6.6-mamba-config b/kernel-6.6-mamba-config index 900b57c..60e6411 100644 --- a/kernel-6.6-mamba-config +++ b/kernel-6.6-mamba-config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/i386 6.6.58 Kernel Configuration +# Linux/i386 6.6.67 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 14.2.1 20240909" CONFIG_CC_IS_GCC=y @@ -885,12 +885,12 @@ CONFIG_ASM_MODVERSIONS=y CONFIG_MODULE_SIG=y # CONFIG_MODULE_SIG_FORCE is not set CONFIG_MODULE_SIG_ALL=y -CONFIG_MODULE_SIG_SHA1=y +# CONFIG_MODULE_SIG_SHA1 is not set # CONFIG_MODULE_SIG_SHA224 is not set # CONFIG_MODULE_SIG_SHA256 is not set # CONFIG_MODULE_SIG_SHA384 is not set -# CONFIG_MODULE_SIG_SHA512 is not set -CONFIG_MODULE_SIG_HASH="sha1" +CONFIG_MODULE_SIG_SHA512=y +CONFIG_MODULE_SIG_HASH="sha512" CONFIG_MODULE_COMPRESS_NONE=y # CONFIG_MODULE_COMPRESS_GZIP is not set # CONFIG_MODULE_COMPRESS_XZ is not set @@ -2003,7 +2003,6 @@ CONFIG_MAC80211_RC_DEFAULT="minstrel_ht" CONFIG_MAC80211_MESH=y CONFIG_MAC80211_LEDS=y # CONFIG_MAC80211_DEBUGFS is not set -# CONFIG_MAC80211_MESSAGE_TRACING is not set # CONFIG_MAC80211_DEBUG_MENU is not set CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 CONFIG_RFKILL=m @@ -2608,6 +2607,7 @@ CONFIG_ZRAM_DEF_COMP_LZORLE=y # CONFIG_ZRAM_DEF_COMP_842 is not set CONFIG_ZRAM_DEF_COMP="lzo-rle" # CONFIG_ZRAM_WRITEBACK is not set +# CONFIG_ZRAM_TRACK_ENTRY_ACTIME is not set # CONFIG_ZRAM_MEMORY_TRACKING is not set # CONFIG_ZRAM_MULTI_COMP is not set CONFIG_BLK_DEV_LOOP=y @@ -3958,7 +3958,6 @@ CONFIG_BRCMUTIL=m CONFIG_BRCMSMAC=m CONFIG_BRCMSMAC_LEDS=y # CONFIG_BRCMFMAC is not set -# CONFIG_BRCM_TRACING is not set # CONFIG_BRCMDBG is not set CONFIG_WLAN_VENDOR_CISCO=y CONFIG_AIRO=m diff --git a/kernel-6.6-mamba-x86_64-config b/kernel-6.6-mamba-x86_64-config index b0449a5..aceec70 100644 --- a/kernel-6.6-mamba-x86_64-config +++ b/kernel-6.6-mamba-x86_64-config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 6.6.58 Kernel Configuration +# Linux/x86_64 6.6.67 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 14.2.1 20240909" CONFIG_CC_IS_GCC=y @@ -43,10 +43,10 @@ CONFIG_HAVE_KERNEL_ZSTD=y # CONFIG_KERNEL_GZIP is not set # CONFIG_KERNEL_BZIP2 is not set # CONFIG_KERNEL_LZMA is not set -CONFIG_KERNEL_XZ=y +# CONFIG_KERNEL_XZ is not set # CONFIG_KERNEL_LZO is not set # CONFIG_KERNEL_LZ4 is not set -# CONFIG_KERNEL_ZSTD is not set +CONFIG_KERNEL_ZSTD=y CONFIG_DEFAULT_INIT="" CONFIG_DEFAULT_HOSTNAME="openmamba" CONFIG_SYSVIPC=y @@ -505,7 +505,6 @@ CONFIG_PHYSICAL_START=0x1000000 CONFIG_RELOCATABLE=y # CONFIG_RANDOMIZE_BASE is not set CONFIG_PHYSICAL_ALIGN=0x1000000 -# CONFIG_ADDRESS_MASKING is not set CONFIG_HOTPLUG_CPU=y # CONFIG_COMPAT_VDSO is not set CONFIG_LEGACY_VSYSCALL_XONLY=y @@ -933,12 +932,12 @@ CONFIG_MODULE_FORCE_UNLOAD=y CONFIG_MODULE_SIG=y # CONFIG_MODULE_SIG_FORCE is not set CONFIG_MODULE_SIG_ALL=y -CONFIG_MODULE_SIG_SHA1=y +# CONFIG_MODULE_SIG_SHA1 is not set # CONFIG_MODULE_SIG_SHA224 is not set # CONFIG_MODULE_SIG_SHA256 is not set # CONFIG_MODULE_SIG_SHA384 is not set -# CONFIG_MODULE_SIG_SHA512 is not set -CONFIG_MODULE_SIG_HASH="sha1" +CONFIG_MODULE_SIG_SHA512=y +CONFIG_MODULE_SIG_HASH="sha512" CONFIG_MODULE_COMPRESS_NONE=y # CONFIG_MODULE_COMPRESS_GZIP is not set # CONFIG_MODULE_COMPRESS_XZ is not set @@ -2075,7 +2074,6 @@ CONFIG_MAC80211_RC_DEFAULT="minstrel_ht" CONFIG_MAC80211_MESH=y CONFIG_MAC80211_LEDS=y # CONFIG_MAC80211_DEBUGFS is not set -# CONFIG_MAC80211_MESSAGE_TRACING is not set # CONFIG_MAC80211_DEBUG_MENU is not set CONFIG_MAC80211_STA_HASH_MAX_SIZE=0 CONFIG_RFKILL=m @@ -2680,6 +2678,7 @@ CONFIG_ZRAM_DEF_COMP_LZORLE=y # CONFIG_ZRAM_DEF_COMP_842 is not set CONFIG_ZRAM_DEF_COMP="lzo-rle" # CONFIG_ZRAM_WRITEBACK is not set +# CONFIG_ZRAM_TRACK_ENTRY_ACTIME is not set # CONFIG_ZRAM_MEMORY_TRACKING is not set # CONFIG_ZRAM_MULTI_COMP is not set CONFIG_BLK_DEV_LOOP=y @@ -4027,7 +4026,6 @@ CONFIG_BRCMUTIL=m CONFIG_BRCMSMAC=m CONFIG_BRCMSMAC_LEDS=y # CONFIG_BRCMFMAC is not set -# CONFIG_BRCM_TRACING is not set # CONFIG_BRCMDBG is not set CONFIG_WLAN_VENDOR_CISCO=y CONFIG_AIRO=m @@ -11848,7 +11846,7 @@ CONFIG_CRYPTO_POLY1305=m CONFIG_CRYPTO_RMD160=m CONFIG_CRYPTO_SHA1=y CONFIG_CRYPTO_SHA256=y -CONFIG_CRYPTO_SHA512=m +CONFIG_CRYPTO_SHA512=y CONFIG_CRYPTO_SHA3=m CONFIG_CRYPTO_SM3=m CONFIG_CRYPTO_SM3_GENERIC=m diff --git a/kernel-x509.genkey.openmamba b/kernel-x509.genkey.openmamba new file mode 100644 index 0000000..4362898 --- /dev/null +++ b/kernel-x509.genkey.openmamba @@ -0,0 +1,16 @@ +[ req ] +default_bits = 4096 +distinguished_name = req_distinguished_name +prompt = no +x509_extensions = myexts + +[ req_distinguished_name ] +O = openmamba +CN = openmamba kernel signing key +emailAddress = info@openmamba.org + +[ myexts ] +basicConstraints=critical,CA:FALSE +keyUsage=digitalSignature +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid diff --git a/kernel.spec b/kernel.spec index e146773..9ddae37 100644 --- a/kernel.spec +++ b/kernel.spec @@ -95,7 +95,7 @@ %define _use_internal_dependency_generator 1 Name: kernel -Version: 6.6.60 +Version: 6.6.67 Release: 1mamba Summary: The Linux Kernel, the operating system core itself Group: System/Kernel and Hardware @@ -103,6 +103,7 @@ Vendor: openmamba Distribution: openmamba Packager: Silvan Calarco Source0: https://cdn.kernel.org/pub/linux/kernel/v%{kernel_MAJver}.x/linux-%{kernel_ver}.tar.xz +Source1: kernel-x509.genkey.openmamba Source11: %{name}-%{kernel_majver}-mamba-config Source12: %{name}-%{kernel_majver}-mamba-x86_64-config Source13: %{name}-%{kernel_majver}-mamba-64GB-config @@ -191,6 +192,10 @@ This kernel sanitised headers are configured for %{TARGET_CPU} architecture and # Don't clean build at the end %global __spec_rmbuild_cmd /bin/true +# Don't remove signature in modules +%global __brp_strip %{nil} +%global __brp_strip_comment_note %{nil} + %prep [ "%{buildroot}" != / ] && rm -rf "%{buildroot}" @@ -217,6 +222,9 @@ mv linux-%{version}/* . rm -r linux-%{version} %endif +# Install genkey file for openmamba +cp %{SOURCE1} configs/x509.genkey + # Disable build-ids to avoid conflicts %define _build_id_links none @@ -262,19 +270,16 @@ make mrproper %endif cp $kernel_cfg ./.config -#___EOF echo "%{KERNEL_LOCALVER}" > localversion.20-pkgname -%build -# -# build kernel for given target -# -#:<< __EOF sed -i 's@/usr/bin/env@/bin/env@' ./arch/ia64/scripts/unwcheck.py ARCH=%{target_cpu} make oldconfig make -s kernelrelease > version +%build +#:<< __EOF + PATH=%{_bindir}:$PATH \ ARCH=%{target_cpu} \ make CROSS_COMPILE=%{_target_platform}- \ @@ -330,7 +335,7 @@ dd if=/dev/zero of=%{buildroot}/boot/initramfs-%{kernel_ver}%{?KERNEL_LOCALVER}- cp %{KIMAGE} %{buildroot}/boot/%{KIMAGE_DEST}-%{kernel_ver}%{?KERNEL_LOCALVER} # install dts files %ifarch aarch64 -cp -a arch/%{target_cpu}/boot/dts %{buildroot}/boot/ +cp -aL arch/%{target_cpu}/boot/dts %{buildroot}/boot/ %endif #%if %{_target_cpu} == arm @@ -339,18 +344,13 @@ cp -a arch/%{target_cpu}/boot/dts %{buildroot}/boot/ cp System.map %{buildroot}/boot/System.map-%{kernel_ver}%{?KERNEL_LOCALVER} -# # install sanitised headers used by glibc -# ARCH=%{target_cpu} make headers_install \ HOSTCC=%{_build}-gcc \ CROSS_COMPILE=%{_target_platform}- \ INSTALL_HDR_PATH=%{buildroot}%{_prefix}/src/linux-%{kernel_ver}%{KERNEL_LOCALVER}/usr -# # install kernel headers -# - case %{_target_cpu} in i586|x86_64) headers_arch="x86" ;; arm) headers_arch="arm" ;; @@ -376,6 +376,10 @@ cp -t ${build_dir} -a include install -d ${build_dir}/tools cp -t ${build_dir}/tools -a tools/include +# install modules signing key +install -D -m0600 certs/signing_key.pem ${build_dir}/certs/signing_key.pem +install -D -m0644 certs/signing_key.x509 ${build_dir}/certs/signing_key.x509 + # Needed build files #cp -t ${build_dir}/arch/${headers_arch} -a arch/${headers_arch}/entry cp -t ${build_dir}/arch/${headers_arch} -a arch/${headers_arch}/include @@ -455,10 +459,10 @@ done %{kernel_ver}%{?KERNEL_LOCALVER} &>/dev/null # create local system initramfs -/usr/sbin/mkinitrd -H -f /boot/initramfs-%{kernel_ver}%{?KERNEL_LOCALVER}.img %{kernel_ver}%{?KERNEL_LOCALVER} +/usr/sbin/dracut -H -f -q /boot/initramfs-%{kernel_ver}%{?KERNEL_LOCALVER}.img %{kernel_ver}%{?KERNEL_LOCALVER} # create system-wide "failsafe" initramfs -/usr/sbin/dracut -f --filesystems "squashfs isofs ext4" \ +/usr/sbin/dracut -f -q --filesystems "squashfs isofs ext4" \ --nomdadmconf --nolvmconf -k /lib/modules/%{kernel_ver}%{?KERNEL_LOCALVER} \ /boot/initramfs-%{kernel_ver}%{?KERNEL_LOCALVER}-failsafe.img %{kernel_ver}%{?KERNEL_LOCALVER} @@ -599,6 +603,12 @@ fi /lib/modules/%{kernel_ver}%{?KERNEL_LOCALVER}/build %changelog +* Sat Dec 21 2024 Automatic Build System 6.6.67-1mamba +- update to 6.6.67 +- aarch64: dereference symlinks in /boot/dtb to fix installation on FAT /boot +- set CONFIG_MODULE_SIG_SHA512=y and install signing key +- x86_64: set CONFIG_KERNEL_ZSTD=y + * Thu Nov 14 2024 Silvan Calarco 6.6.60-1mamba - update to 6.6.60 - update CONFIG_LSM from "yama,loadpin,safesetid,integrity" to "landlock,lockdown,yama,loadpin,safesetid,apparmor,bpf"