开源软件构建与测试

We truncated the diff of some files because they were too big. If you want to see the full diff for every file, click here.

Changes of Revision 3

_service:tar_scm:kernel.spec Changed

@@ -23,9 +23,9 @@
 
 %global upstream_version    6.6
 %global upstream_sublevel   0
-%global devel_release       15
+%global devel_release       18
 %global maintenance_release .0.0
-%global pkg_release         .13
+%global pkg_release         .17
 
 %define with_debuginfo 1
 # Do not recompute the build-id of vmlinux in find-debuginfo.sh
@@ -69,6 +69,11 @@
 Source13: RPM-GPG-KEY-openEuler-compass-ci
 Source14: process_pgp_certs.sh
 
+%if 0%{?openEuler_sign_rsa}
+Source15: openeuler_kernel_cert.cer
+Source16: sign-modules-openeuler
+%endif
+
 %if 0%{?with_kabichk}
 Source18: check-kabi
 Source20: Module.kabi_aarch64
@@ -116,10 +121,6 @@
 BuildRequires: numactl-devel python3-devel glibc-static python3-docutils
 BuildRequires: perl-generators perl(Carp) libunwind-devel gtk2-devel libbabeltrace-devel java-1.8.0-openjdk java-1.8.0-openjdk-devel perl-devel
 
-%if 0%{?openEuler_sign_rsa}
-BuildRequires: sign-openEuler
-%endif
-
 AutoReq: no
 AutoProv: yes
 
@@ -394,6 +395,14 @@
 sed -i 's/CONFIG_LTO_NONE=y/# CONFIG_LTO_NONE is not set/' .config
 %endif
 
+%if 0%{?openEuler_sign_rsa}
+    cp %{SOURCE15} ./certs/openeuler-cert.pem
+    # close kernel native signature
+    sed -i 's/CONFIG_MODULE_SIG_KEY=.*$/CONFIG_MODULE_SIG_KEY=""/g' .config
+    sed -i 's/CONFIG_SYSTEM_TRUSTED_KEYS=.*$/CONFIG_SYSTEM_TRUSTED_KEYS="certs\/openeuler-cert.pem"/g' .config
+    sed -i 's/CONFIG_MODULE_SIG_ALL=y$/CONFIG_MODULE_SIG_ALL=n/g' .config
+%endif
+
 TargetImage=$(basename $(make -s image_name))
 
 %{make} ARCH=%{Arch} $TargetImage %{?_smp_mflags}
@@ -522,14 +531,16 @@
     echo "start sign"
     %ifarch %arm aarch64
 	gunzip -c $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}>$RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.unzip.efi
-	/opt/sign-openEuler/client --config /opt/sign-openEuler/config.toml add --key-name default-x509ee --file-type efi-image --key-type x509ee --sign-type authenticode $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.unzip.efi
+	sh /usr/lib/rpm/brp-ebs-sign --efi $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.unzip.efi
+	mv $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.unzip.efi.sig $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.unzip.efi
 	mv $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.unzip.efi $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.unzip
 	gzip -c $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.unzip>$RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}
 	rm -f $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.unzip
     %endif
     %ifarch x86_64
 	mv $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer} $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.efi
-	/opt/sign-openEuler/client --config /opt/sign-openEuler/config.toml add --key-name default-x509ee --file-type efi-image --key-type x509ee --sign-type authenticode $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.efi
+	sh /usr/lib/rpm/brp-ebs-sign --efi $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.efi
+	mv $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.efi.sig $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.efi
 	mv $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}.efi $RPM_BUILD_ROOT/boot/vmlinuz-%{KernelVer}
     %endif
 %endif
@@ -614,6 +625,15 @@
     find $RPM_BUILD_ROOT/lib/modules/ -type f -name '*.ko' | xargs -n1 -P`nproc --all` xz; \
 %{nil}
 
+%if 0%{?openEuler_sign_rsa}
+%define __modsign_install_post \
+    if  "%{with_signmodules}" -eq "1" ;then \
+sh %{SOURCE16} $RPM_BUILD_ROOT/lib/modules/%{KernelVer} || exit 1 \
+    fi \
+    find $RPM_BUILD_ROOT/lib/modules/ -type f -name '*.ko' | xargs -n1 -P`nproc --all` xz; \
+%{nil}
+%endif
+
 # deal with header
 %{make} ARCH=%{Arch} INSTALL_HDR_PATH=$RPM_BUILD_ROOT/usr KBUILD_SRC= headers_install
 find $RPM_BUILD_ROOT/usr/include -name "\.*"  -exec rm -rf {} \;
@@ -978,6 +998,207 @@
 %endif
 
 %changelog
+* Mon Apr 08 2024 Zheng Zengkai <zhengzengkai@huawei.com> - 6.6.0-18.0.0.17
+- !5768  resctrl: fix undefined reference to lockdep_is_cpus_held()
+- fs/resctrl: Move rdtgroup_setup_default() out of init.text section
+- resctrl: fix undefined reference to lockdep_is_cpus_held()
+- !5769  Revert "KVM: arm64: Disable MPAM visibility by default, and handle traps"
+- Revert "KVM: arm64: Disable MPAM visibility by default, and handle traps"
+- !5744  Backport maple_tree: iterator state changes
+- lib/maple_tree.c: fix build error due to hotfix alteration
+- maple_tree: mtree_range_walk() clean up
+- maple_tree: don't find node end in mtree_lookup_walk()
+- maple_tree: use maple state end for write operations
+- maple_tree: remove mas_searchable()
+- maple_tree: separate ma_state node from status
+- maple_tree: clean up inlines for some functions
+- maple_tree: use cached node end in mas_destroy()
+- maple_tree: use cached node end in mas_next()
+- maple_tree: add end of node tracking to the maple state
+- maple_tree: move debug check to __mas_set_range()
+- maple_tree: make mas_erase() more robust
+- maple_tree: remove unnecessary default labels from switch statements
+- !5725  ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
+- ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs
+
+* Sun Apr 07 2024 Zheng Zengkai <zhengzengkai@huawei.com> - 6.6.0-17.0.0.16
+- !5695 v2  Disable OLK-6.6 configs
+- arm64: configs: Disable PROBE_EVENTS_BTF_ARGS
+- x86: configs: Disable PROBE_EVENTS_BTF_ARGS
+- x86: configs: Disable X86_KERNEL_IBT
+- x86: configs: Disable CRASH_HOTPLUG
+- !5733  fix port vlan filter not disabled problem in dynamic vlan mode
+- net: hns3: fix port vlan filter not disabled problem in dynamic vlan mode
+- !5734  arch/mm/fault: accelerate pagefault when badaccess
+- x86: mm: accelerate pagefault when badaccess
+- arm64: mm: accelerate pagefault when VM_FAULT_BADACCESS
+- !5657  Backport slub performance optimization
+- mm/slub: remove unused parameter in next_freelist_entry()
+- mm/slub: remove full list manipulation for non-debug slab
+- mm/slub: directly load freelist from cpu partial slab in the likely case
+- slub: Update frozen slabs documentations in the source
+- slub: Rename all *unfreeze_partials* functions to *put_partials*
+- slub: Optimize deactivate_slab()
+- slub: Delay freezing of partial slabs
+- slub: Introduce freeze_slab()
+- slub: Prepare __slab_free() for unfrozen partial slab out of node partial list
+- slub: Keep track of whether slub is on the per-node partial list
+- slub: Change get_partial() interfaces to return slab
+- slub: Reflow ___slab_alloc()
+- !5699  sr9800: Add check for usbnet_get_endpoints
+- sr9800: Add check for usbnet_get_endpoints
+
+* Tue Apr 02 2024 Zheng Zengkai <zhengzengkai@huawei.com> - 6.6.0-16.0.0.15
+- !5647 hisilicon - some bugfix and cleanup
+- crypto: hisilicon/sec2: fix memory use-after-free issue
+- crypto: hisilicon/qm - hardware error does not reset during binding/unbinding
+- crypto: hisilicon/qm - check device status before sending mailbox
+- crypto: hisilicon/qm - mask error bit before flr
+- crypto: hisilicon/qm - fix the pf2vf timeout when global reset
+- crypto: hisilicon/qm - obtain the mailbox configuration at one time
+- crypto: hisilicon/hpre - mask cluster timeout error
+- crypto: hisilicon/qm - disable same error report before resetting
+- crypto: hisilicon/qm - modify interrupt processing resource application
+- crypto: hisilicon/qm - reset device before enabling it
+- openeuler_defconfig: enable HISI_ACC_VFIO_PCI=m
+- Revert "openeuler_defconfig: enable HISI_ACC_VFIO_PCI=m"
+- !5509  ext4: Validate inode pa before using preallocation blocks
+- ext4: Validate inode pa before using preallocation blocks
+- !5630 scsi: sd: try more retries of START_STOP when resuming scsi device
+- scsi: sd: try more retries of START_STOP when resuming scsi device
+- !5561 roh: backport roh driver feature support
+- roh/hns3: Fix the processing flow of ROH CMDq during the reset process.
+- roh/core: Synchronously update the mac address of the vlan device when configuring the vlan device ip
+- roh/hns3: Fix ROH multi-BD cmdq issue
+- roh/hns3: Add support for roh dfx(debugfs)
+- roh/hns3: Add support for roh reset
+- roh/core: Add support for inetaddr notifier in roh/core
+- roh/hns3: Add support for roh abnormal interruption
+- roh/core: Add roh device sysfs node
+- roh/hns3: Add ROH cmdq interface support
+- roh/hns3: Add ROH hns3 driver and register a ROH device
+- roh/core: Add ROH device driver
+- net: hns3: add support for ROH reset
+- net: hns3: intercept invalid MAC address setting in ROH
+- !5703  openeuler_defconfig: Disable CONFIG_PREEMPT_DYNAMIC for x86
+- openeuler_defconfig: Disable CONFIG_PREEMPT_DYNAMIC for x86
+- !5513 OLK-6.6 SCSI: SSSRAID: Support 3SNIC 3S5XX serial RAID/HBA controllers
+- SCSI: SSSRAID: Support 3SNIC 3S5XX serial RAID/HBA controllers
+- !5582 OLK-6.6Open CONFIG_LZ4_COMPRESS option for x86_64 architecture
+- Open CONFIG_LZ4_COMPRESS option for x86_64 architecture
+- !5688 v3  Optimize compaction
+- mm/compaction: optimize >0 order folio compaction with free page split.
+- mm/compaction: add support for >0 order folio memory compaction.
+- mm/compaction: enable compacting >0 order folios.
+- mm/page_alloc: remove unused fpi_flags in free_pages_prepare()
+- mm/compaction: introduce NR_PAGE_ORDERS and MAX_PAGE_ORDER
+- mm: compaction: limit the suitable target page order to be less than cc->order
+- mm: compaction: update the cc->nr_migratepages when allocating or freeing the freepages
+- mm: compaction: avoid fast_isolate_freepages blindly choose improper pageblock
+- mm: add page_rmappable_folio() wrapper
+- mm: page_alloc: check the order of compound page even when the order is zero
+- mm/compaction: factor out code to test if we should run compaction for target order
+- mm/compaction: improve comment of is_via_compact_memory
+- mm/compaction: remove repeat compact_blockskip_flush check in reset_isolation_suitable
+- mm/compaction: correctly return failure with bogus compound_order in strict mode
+- mm/compaction: call list_is_{first}/{last} more intuitively in move_freelist_{head}/{tail}
+- mm/compaction: use correct list in move_freelist_{head}/{tail}
+- !5655 add steal time software breakpoint pv ipi  support for loongarch kvm
+- LoongArch: Add steal time support in guest side
+- LoongArch: KVM: Add steal time support in kvm side
+- irqchip/loongson-eiointc: Add virt extension support
+- LoongArch: KVM: Add software breakpoint support
+- Documentation: KVM: Add hypercall for LoongArch

_service:tar_scm:SOURCE Changed

_service:tar_scm:openeuler_kernel_cert.cer Added

@@ -0,0 +1,35 @@
+-----BEGIN CERTIFICATE-----
+MIIGDzCCA/egAwIBAgIRAKnq386vzCkrb//p0VpXwOEwDQYJKoZIhvcNAQELBQAw
+ZTELMAkGA1UEAwwCQ0ExDjAMBgNVBAsMBUluZnJhMRIwEAYDVQQKDAlvcGVuRXVs
+ZXIxETAPBgNVBAcMCFNoZW5aaGVuMRIwEAYDVQQIDAlHdWFuZ0RvbmcxCzAJBgNV
+BAYTAkNOMB4XDTI0MDMxMjAyNDMzMVoXDTM0MDIyODAyNDMzMVoweTEfMB0GA1UE
+AwwWb3BlbkV1bGVyIGtlcm5lbCBJQ0EgMTEOMAwGA1UECwwFSW5mcmExEjAQBgNV
+BAoMCW9wZW5FdWxlcjERMA8GA1UEBwwIU2hlblpoZW4xEjAQBgNVBAgMCUd1YW5n
+RG9uZzELMAkGA1UEBhMCQ04wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCuGUP8/b1zxFAGV/3Vj/1B40SY9vnmkb8Kk+F8tRUEB1k36WxnxTQ3REb70ViM
+Y69L0ITzyC4qwmyEjvEyKF5/H13q0u7f6jwrBxD6J3yaePY7W60NlzO1XB5n0Ul0
+Q4FSzjLEXpL9dEcdvVHQX7DCdCxHguOf02UCrbS+QGY4ZqV4joESCo7dxn7Dpe89
+nNlvaoB/lJ2zTyk7L4/iv7nhRDpt1anI08yOYVxhf37fVeYD8YL4NnES7RvQWANA
+VEe0/UYukO14xhD27NrmYX1u96FCOtThH8GuuPqHC1Pd9hWdlHRnLXNC6JOaBPkF
+cIdwMoRiC1pryKUH5dJCFrtfN8906rq9A63eA0OMAwJ+DCotgm4qzeSUVYWrA/DM
+5ZpAqnKp55MkOHif32jtFzNfplNN9QzcTHe9eSAUClhPtPbWbQ1U1K9EPQblbrNy
+y1o+/WH5zYomLc5fnvSmiAY92YLS0i0IkLwWc/sEKV7KmYqxdUU7pSadwNR1xRyz
+7f5iWV7biWdluHBeGmVYQaMia/OJ03Gslt/lRKk4GoUdnqi0LzpTK+2fwFZfDpC1
+GyFt8d7WoDUI8E5IeGqdVFQj1rYr5mlH83bacWw9AGWsuTbgoxuOhhg8WKKorZcs
+Nj9DULBbKlS+aAc86aBGIc+W6AarU1tPrPtq9ZupsNaLgwIDAQABo4GlMIGiMBIG
+A1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFJC7Z+tLV+tiv2+Gfk9WvU4Z59BB
+MB8GA1UdIwQYMBaAFB4bqpJoNc3ZSRnUM8NEAaLl9T35MA4GA1UdDwEB/wQEAwIB
+hjApBglghkgBhvhCAQ0EHBYaU2lnbmF0cnVzdCBJbnRlcm1lZGlhdGUgQ0EwEQYJ
+YIZIAYb4QgEBBAQDAgABMA0GCSqGSIb3DQEBCwUAA4ICAQBDICG0Jjcjt+aKxE0E
+TK0sdl0CE0e8O/8wY5DWNkU79g2+LqU6T4g0JAV41lR/tFtrth+kP/S1H1FS50fe
+xIiWN+/RbcyB1QgOKnCWzutsozqPryKtl0dBLcD/KJepH89thWSTtCNPlCwsP10d
+VDeNEwpvLw9R7Uedl5WbXdfcv8up9g9UC0mCDAUUGonAl+1Q3fmOtfwSYd3MvslR
+sSda83kfYrMZY9av4MgyV4IyRAi97wvFY14jPjevZEr7Hfg67t85kiEthSFH5z0/
+v8U/pJ1d/HuIf9Sz+FbTeZM13OttdBlPvqw+N3oVCWuomC00DDQoznKySfd+pHEz
+PInSb3IQcAhQY0gTc+GILd0FQpahb7WCXjd3xs1S/oNsHgfjEFif80c4nG/GDVpk
+vIKwSxxGQ6GfGLw/VTOwRUta4n5WNzdIsPRi/tEz7Dpn0ay9IEh1q+sl2yLAxMUQ
+xUrEYKz1izPYgWAzUKZ3NXtCFRLhBvowj5REJXs6xIthOrDpa1Qfx5Q18pMfc+qW
+kEBLiNqEDYe2aBiWaTZKL39U9M8i3ND4JMQODgEiUrZLhACKLa6r2Vs8y61dMMs4
+ATKSZtuzfPaE7b+oKv/f47jvzG0BJM+mq0rC9A9hElztDSNfLnLgh9OJ3jHM7caF
+/V6mKr3gR8aQytJy+1JBXKzjyw==
+-----END CERTIFICATE-----

_service:tar_scm:sign-modules-openeuler Added