Djam/kernel-5.15
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/kernel-5.15.git synced 2025-02-23 18:42:55 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
440 commits 5 branches 9 tags 15 MiB
Commit graph

440 commits

This branch
This branch
All branches
Author SHA1 Message Date
survolog (Andrey Grigorev)
652659439a upd: 5.4.31 -> 5.4.32 2020-04-16 12:14:48 +03:00
Mikhail Novosyolov
1f7ef747c8 Provide kernel-release-headers to satisfy BRs of glibc-devel in rosa2019.1 (OMV style) 2020-04-14 22:03:16 +03:00
survolog (Andrey Grigorev)
fcb8f610b3 upd: 5.4.28 -> 5.4.31 2020-04-11 14:46:07 +03:00
Mikhail Novosyolov
66a5846b35 Sign modules with GOST in Nickel 
LibreSSL has been built with this patch:
https://github.com/GostCrypt/libressl-openbsd/commit/6baa93
 2020-03-29 01:07:43 +03:00
Mikhail Novosyolov
1bca216017 upd: 5.4.26 -> 5.4.28 2020-03-26 09:54:28 +03:00
Mikhail Novosyolov
99814859cf Disable too much debug 
Example from dmesg:
[Сб мар 21 13:23:34 2020] segments[0]: cf931495c0607220
[Сб мар 21 13:23:34 2020] consider slot 0 [ix=0 type=2]
[Сб мар 21 13:23:34 2020] <--assoc_array_walk() = terminal_node
[Сб мар 21 13:23:34 2020] -->assoc_array_insert()
[Сб мар 21 13:23:34 2020] -->assoc_array_walk()
[Сб мар 21 13:23:34 2020] -->assoc_array_insert_in_empty_tree()
[Сб мар 21 13:23:34 2020] <--assoc_array_insert_in_empty_tree() = ok [no root]
[Сб мар 21 13:23:34 2020] -->assoc_array_walk()
[Сб мар 21 13:23:34 2020] -->assoc_array_apply_edit()
[Сб мар 21 13:23:34 2020] -->assoc_array_rcu_cleanup()
[Сб мар 21 13:23:34 2020] -->assoc_array_destroy_subtree()
[Сб мар 21 13:23:34 2020] [-1] node
[Сб мар 21 13:23:34 2020] Node 00000000b4f58682 [back=00000000227b36db]
[Сб мар 21 13:23:34 2020] [0] free leaf
[Сб мар 21 13:23:34 2020] free node
 2020-03-21 13:28:01 +03:00
Mikhail Novosyolov
9c1eeea866 Fix files without build_headers 2020-03-21 13:12:04 +03:00
Mikhail Novosyolov
dc7438574d New keys with fixed email (vasya@pupkin.ru -> support@rosalinux.ru) 2020-03-21 03:37:29 +03:00
Mikhail Novosyolov
0a2ca7545c fix typo 2020-03-21 03:17:06 +03:00
Mikhail Novosyolov
3a194d0fc5 Make headers of this kernel not default for rosa2016.1 (kernel-4.15 is default) 2020-03-21 03:02:08 +03:00
Mikhail Novosyolov
a5891fe088 upd: 5.4.25 -> 5.4.26 2020-03-20 21:43:16 +03:00
Mikhail Novosyolov
d2702b175b Fix files 2020-03-20 21:35:30 +03:00
Mikhail Novosyolov
0148cd5423 Fix loading RSA keys in UML by making CRYPTO_SHA512 built in 2020-03-20 21:28:35 +03:00
Mikhail Novosyolov
945975bc28 Add built-in GOST public keys for potential use in the future 2020-03-20 21:20:38 +03:00
Mikhail Novosyolov
7eac40b463 Fix typo 2020-03-20 11:27:35 +03:00
Mikhail Novosyolov
104da23e60 minor: delete some odd empty lines 2020-03-19 00:48:01 +03:00
Mikhail Novosyolov
4e695cf30c Replace patch for sign-file.c with the one sent to upstream. CONFIG_MODULE_SIG_STREEBOG* does not make sense now as there is no tool to properly sign with a GOST algo 2020-03-19 00:42:46 +03:00
Mikhail Novosyolov
784b256f80 Always generate a random GOST key for the kernel keyring (later add preinstalled trusted GOST keys) 2020-03-18 23:53:18 +03:00
Mikhail Novosyolov
3148180250 Prepare to have the same kernel in Fresh/RED and certified distros: 
- rename nrj-desktop to generic because nowadays there are no nrjQL patches
- keep nickel flavour for certified distros
- add uml and uml-modules subpackages
- fix description of uml package - it is stripped
- always enable enhanced_security
- disable CONFIG_INIT_ON_FREE_DEFAULT_ON on non-certified distros for best performance
- in scriptlets, check that dkms is installed and make actions if it is installed
- do not depend from the dkms package to avoid pulling it even if someone wants to completely remove it
 2020-03-18 22:26:13 +03:00
Mikhail Novosyolov
0313188174 delete incorrect patch 
AltHa/RestrScript: file /bin/dmesg is allowed to run by f_path \xc0l2r\xe3\xa0\xff\xff
 2020-03-17 11:51:43 +03:00
Mikhail Novosyolov
2854a5a0a7 AltHa: add logging of allowed interpreters 
kernel.altha.rstrscript.debug_log=1 now allows to log interpreters
which were allowed to run and log the path to them which was seen by the kernel.

It should easify debugging issues like https://bugzilla.altlinux.org/show_bug.cgi?id=38225
where it is not clear why a binary was allowed to run.
 2020-03-17 00:31:54 +03:00
Mikhail Novosyolov
5f08ed1263 Add AltHa LSM Module 
TODO: https://bugzilla.altlinux.org/show_bug.cgi?id=38225 has to be resolved
 2020-03-16 23:58:42 +03:00
Mikhail Novosyolov
88e63d63e7 Fix building UML on 32 bit (copy hack from non-UML) 2020-03-16 19:38:59 +03:00
Mikhail Novosyolov
6b48b8dafb Disable GOST signing for now due to impossibility to make a correct signature untill libressl or openssl-gost-engine support GOST CMS 2020-03-15 20:26:01 +03:00
Mikhail Novosyolov
c98134ffc6 Revert "Mix non-GOST RSA keys with GOST buildtime key in the kernel keyring" 
The 1st certificate from PEM - GOST - is loaded correctly, others (RSA) are not

Loaded X.509 cert 'ROSA rpmbuild: Build time autogenerated kernel key: bb12e555ee1aa3718c7cbff4033d6f08ddc514af'
Loaded X.509 cert 'ROSA rpmbuild: Build time autogenerated kernel key: bb12e555ee1aa3718c7cbff4033d6f08ddc514af'

Thread 1 "linux-uml-5.4.2" hit Breakpoint 1, pkcs1pad_verify (req=0x6197a600) at crypto/rsa-pkcs1pad.c:538
538		if (WARN_ON(req->dst) ||
(gdb) n
539		    WARN_ON(!req->dst_len) ||
(gdb) n
------------[ cut here ]------------
WARNING: CPU: 0 PID: 1 at crypto/rsa-pkcs1pad.c:539 pkcs1pad_verify+0x4e/0x146
Modules linked in:
CPU: 0 PID: 1 Comm: swapper Not tainted 5.4.0 #1
Stack:
 6182b9e0 602e6a39 00000009 00000000
 00000000 61969580 6182b9f0 602e6a7e
 6182ba30 60037f79 00000200 61981409
Call Trace:
 [<600677ed>] ? printk+0x0/0x94
 [<601e1d29>] ? sg_set_buf+0x0/0x92
 [<6001d383>] show_stack+0x13b/0x155
 [<602e6a39>] ? dump_stack_print_info+0xe2/0xeb
 [<602e6a7e>] dump_stack+0x2a/0x2c
 [<60037f79>] __warn+0xed/0x116
 [<60038431>] warn_slowpath_fmt+0xd1/0xdf
 [<601dab29>] ? rsa_free_mpi_key+0x0/0x44
 [<601dab29>] ? rsa_free_mpi_key+0x0/0x44
 [<60211d2c>] ? mpi_read_raw_data+0x0/0x105
 [<601dad3e>] ? rsa_set_pub_key+0xb9/0xe7
 [<60038360>] ? warn_slowpath_fmt+0x0/0xdf
 [<601db6d3>] pkcs1pad_verify+0x4e/0x146
 [<601e2667>] public_key_verify_signature+0x2ae/0x366
 [<601d3a45>] ? crypto_find_alg+0x0/0x2a
 [<6002eebe>] ? set_signals+0x30/0x36
 [<6002eebe>] ? set_signals+0x30/0x36
 [<600d082f>] ? __kmalloc+0xa6/0xd0
 [<600d10ee>] ? kfree+0x0/0x65
 [<601e37ea>] x509_check_for_self_signed+0xd9/0xff
 [<600d10ee>] ? kfree+0x0/0x65
 [<601e2e48>] x509_cert_parse+0x1ed/0x22d
 [<601e33de>] x509_key_preparse+0x28/0x20a
 [<601e0e66>] asymmetric_key_preparse+0x4a/0x87
 [<601ca333>] ? key_type_lookup+0x5a/0x97
 [<601ca509>] key_create_or_update+0x199/0x43a
 [<600677ed>] ? printk+0x0/0x94
 [<6000a549>] load_system_certificate_list+0xc2/0x134
 [<6000a487>] ? load_system_certificate_list+0x0/0x134
 [<6001aa19>] do_one_initcall+0x8e/0x1d0
 [<6001a98b>] ? do_one_initcall+0x0/0x1d0
 [<6001a98b>] ? do_one_initcall+0x0/0x1d0
 [<60001e26>] kernel_init_freeable+0x18c/0x254
 [<600677ed>] ? printk+0x0/0x94
 [<602f55bd>] kernel_init+0x27/0x136
 [<6001c1b5>] new_thread_handler+0x81/0xb2

---[ end trace 9cd4d0bf1a354d26 ]---
public_key_verify_signature (pkey=0x61969580, sig=<optimized out>) at crypto/asymmetric_keys/public_key.c:309
309		ret = crypto_wait_req(crypto_akcipher_verify(req), &cwait);
(gdb) p req
$1 = (struct akcipher_request *) 0x6197a600
(gdb) p &req
Address requested for identifier "req" which is in register $rbx
(gdb) p $req
$2 = void
(gdb) p req->src_len
$3 = 512
(gdb) p ctx->key_size
No symbol "ctx" in current context.
(gdb)

Problems happen here:

static int pkcs1pad_verify(struct akcipher_request *req)
{
	struct crypto_akcipher *tfm = crypto_akcipher_reqtfm(req);
	struct pkcs1pad_ctx *ctx = akcipher_tfm_ctx(tfm);
	struct pkcs1pad_request *req_ctx = akcipher_request_ctx(req);
	int err;

	if (WARN_ON(req->dst) ||
	    WARN_ON(!req->dst_len) ||
	    !ctx->key_size || req->src_len < ctx->key_size)
		return -EINVAL;

For now let's just disable this and debug this later if I have wish and time.

This reverts commit 89974eea5f.
 2020-03-15 17:08:18 +03:00
Mikhail Novosyolov
89974eea5f Mix non-GOST RSA keys with GOST buildtime key in the kernel keyring 2020-03-15 14:55:26 +03:00
Mikhail Novosyolov
582758eb22 CRYPTO_ECRDSA must be built in to load kernel keyring and modules 2020-03-15 13:16:34 +03:00
Mikhail Novosyolov
663de86aea decode future CONFIG_SYSTEM_TRUSTED_KEYS 2020-03-14 22:02:48 +03:00
Evgenii Shatokhin
ad889a101f Do not package include/Kbuild 
Starting from fcbb8461fd23 "kbuild: remove header compile test",
include/Kbuild is no longer provided. Do not expect it to be present.
 2020-03-14 20:51:32 +03:00
Evgenii Shatokhin
caad8bc737 Fix objtool-related errors in 'make prepare' for devel packages 
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
 2020-03-14 20:51:15 +03:00
Mikhail Novosyolov
974fbb224c More verbosity 2020-03-14 15:06:19 +03:00
Mikhail Novosyolov
7dd0d4da5b upd: 5.4.6 -> 5.4.25 2020-03-13 23:26:47 +03:00
Mikhail Novosyolov
de78db5b2c Better regulation of CONFIG_DEBUGINFO*, make UML binary really not stripped 2020-03-13 20:51:12 +03:00
Mikhail Novosyolov
b320b958ee Build UML (User Mode Linux) 2020-03-13 20:35:12 +03:00
Mikhail Novosyolov
2e4f6dd1fc python-devel was renamed to python2-devel in rosa2019.1 2020-03-13 20:33:55 +03:00
Mikhail Novosyolov
2887e766e7 enable AutoProv 2020-03-13 20:33:46 +03:00
Mikhail Novosyolov
227ff5c08b adapt for rpm4 2020-03-13 20:33:36 +03:00
Mikhail Novosyolov
64d2bf03ae Print debug messages to console/log 2019-12-23 14:29:21 +03:00
Mikhail Novosyolov
833fec59c1 upd: 5.4.3 -> 5.4.6 2019-12-22 02:35:08 +03:00
Evgenii Shatokhin
6d5c9b98f5 aufs: do not export flush_delayed_fput() twice 2019-12-16 16:53:30 +03:00
Mikhail Novosyolov
14ab754fe2 upd: 5.4.2 -> 5.4.3 2019-12-16 16:14:30 +03:00
Mikhail Novosyolov
06412a73ba Reenable AUFS 
(I am still thinking of dropping AUFS)
 2019-12-16 16:12:07 +03:00
Evgenii Shatokhin
34e76862b9 Updated configs and AUFS patch for kernel 5.4.3 
AUFS patch was rediffed manually due to missing upstream version for kernel 5.4
 2019-12-16 16:09:18 +03:00
Mikhail Novosyolov
f439835bb0 Upd to 5.4 series (v5.4.2), rediffed patches, disabled AUFS for now 2019-12-12 15:30:51 +03:00
Mikhail Novosyolov
eb0db6c1dd allow unsigned modules 2019-12-09 19:50:34 +03:00
Mikhail Novosyolov
12362ac8e3 Use GOST for signing kernel modules 2019-12-09 19:50:15 +03:00
Mikhail Novosyolov
efe34d83a7 upd: 5.3.11 -> 5.3.15 2019-12-07 20:39:47 +03:00
Mikhail Novosyolov
cd6077c83d test libressl, step 1 2019-12-01 02:03:15 +03:00
Mikhail Novosyolov
c9df52aa4c Allow to rebuild allowing unsigned modules (needed for testing custom modules from rosa-test-suite e.g.) 2019-11-21 21:17:42 +03:00
Mikhail Novosyolov
a71dd0a80d Use relative path to certs directory, use "" 
Fixes reading PEM with trusted keys (for some reason...)
 2019-11-19 22:30:42 +03:00