| --- thirdparty/SPECS/kernel.spec 2022-06-08 15:20:05.813872246 +0000 |
| +++ kernel.spec 2022-06-08 15:22:00.662019559 +0000 |
| @@ -6,6 +6,7 @@ |
| %define dist .el7 |
| |
| # % define buildid .local |
| +%define buildid .actnfs_KNLSUFFIX |
| |
| # If there's no unversioned python, select version explicitly, |
| # so it's possible to at least do rh-srpm. |
| @@ -98,7 +99,7 @@ |
| # Set debugbuildsenabled to 1 for production (build separate debug kernels) |
| # and 0 for rawhide (all kernels are debug kernels). |
| # See also 'make debug' and 'make release'. RHEL only ever does 1. |
| -%define debugbuildsenabled 1 |
| +%define debugbuildsenabled 0 |
| |
| %define with_gcov %{?_with_gcov:1}%{?!_with_gcov:0} |
| |
| @@ -464,6 +465,7 @@ |
| Patch1000: debrand-single-cpu.patch |
| Patch1001: debrand-rh_taint.patch |
| Patch1002: debrand-rh-i686-cpu.patch |
| +Patch6666: nfscache.patch |
| |
| BuildRoot: %{_tmppath}/kernel-%{KVRA}-root |
| |
| @@ -807,6 +809,7 @@ |
| ApplyOptionalPatch debrand-single-cpu.patch |
| ApplyOptionalPatch debrand-rh_taint.patch |
| ApplyOptionalPatch debrand-rh-i686-cpu.patch |
| +ApplyOptionalPatch nfscache.patch |
| |
| # Any further pre-build tree manipulations happen here. |
| |
| @@ -969,6 +972,17 @@ |
| %pesign -s -i $KernelImage.tmp -o $KernelImage.signed -a %{SOURCE15} -c %{SOURCE16} -n %{pesign_name_1} |
| rm $KernelImage.tmp |
| mv $KernelImage.signed $KernelImage |
| + sbattach --detach $KernelImage.oldsig --remove $KernelImage |
| + sbattach --remove $KernelImage |
| + kms_signer --project backupdr-build --location global \ |
| + --keyring uefi-signing-prod --key db-signing --key-version 1 pkcs7 \ |
| + --signing-cert /target/dbsign-v1.crt --input $KernelImage.oldsig \ |
| + --output $KernelImage.newsig |
| + cp $KernelImage $KernelImage.signed |
| + sbattach --attach $KernelImage.newsig $KernelImage.signed |
| + mv $KernelImage.signed $KernelImage |
| + rm -f $KernelImage.newsig |
| + rm -f $KernelImage.oldsig |
| %endif |
| $CopyKernel $KernelImage $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer |
| chmod 755 $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer |
| @@ -2067,6 +2070,9 @@ |
| - powerpc/rtas: Restrict RTAS requests from userspace (Aristeu Rozanski) [1906443] {CVE-2020-27777} |
| - IB/mlx5: Fix initializing CQ fragments buffer (Alaa Hleihel) [1962499] |
| |
| +* Tue Aug 03 2021 Mark Woodward <woodwardm@google.com> [3.10.0-1160.36.2.el7] |
| +- Backport fix for nfs cache |
| + |
| * Wed Jul 28 2021 Augusto Caringi <acaringi@redhat.com> [3.10.0-1160.39.1.el7] |
| - netfilter: x_tables: fix compat match/target pad out-of-bound write (Florian Westphal) [1980489] {CVE-2021-22555} |
| - Revert "be2net: disable bh with spin_lock in be_process_mcc" (Petr Oros) [1971744] |