5.19.0-xanmod1

.directory

@@ -0,0 +1,4 @@
+[Dolphin]
+Timestamp=2022,8,3,6,51,10.102
+Version=4
+ViewMode=2

0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch

@@ -1,37 +0,0 @@
-From 36dc5cf3039c0751fe95370a247ca1c23c06571c Mon Sep 17 00:00:00 2001
-From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
-Date: Mon, 10 Aug 2020 10:38:20 +0300
-Subject: [PATCH] ROSA: ima: allow to off modules signature check dynamically
-
-Allow module.sig_enforce=0 kernel cmdline, not only module.sig_enforce=1
-It allows to keep CONFIG_MODULE_SIG_FORCE=y, but disable it when really needed
-without recompiling the kernel (it may be impossible, e.g. in certified systems).
-
-GRUB or another bootloader is password-protected when needed,
-so I am not afraid much that someone will be able to turn it off when not needed.
-
-ROSA-specific patch.
-This violates requirements of "secure boot", but currently we do not have secure boot in ROSA.
-
-Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
----
- kernel/module.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/kernel/module.c b/kernel/module.c
-index 6baa1080c..118d8ee60 100644
---- a/kernel/module.c
-+++ b/kernel/module.c
-@@ -274,7 +274,7 @@
- 
- #ifdef CONFIG_MODULE_SIG
- static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE);
--module_param(sig_enforce, bool_enable_only, 0644);
-+module_param(sig_enforce, bool, 0644);
- 
- void set_module_sig_enforced(void)
- {
-
--- 
-2.17.1
-

0001-crypto-support-loading-GOST-signed-kernel-modules.patch

@@ -1,46 +0,0 @@
-From 59bf6ed4709ea82d63be300814af2c4c94503e14 Mon Sep 17 00:00:00 2001
-From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
-Date: Thu, 6 Aug 2020 14:17:31 +0300
-Subject: [PATCH] crypto: support loading GOST-signed kernel modules
-
-Support loading kernel modules signed with:
-* 1.2.643.7.1.1.1.1 id-tc26-gost3410-12-256
-* 1.2.643.7.1.1.1.2 id-tc26-gost3410-12-512
-
-Signed-off-by: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
----
- crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c
-index 967329e0a07b..39c260a04167 100644
---- a/crypto/asymmetric_keys/pkcs7_parser.c
-+++ b/crypto/asymmetric_keys/pkcs7_parser.c
-@@ -248,6 +248,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen,
- 	case OID_sha224:
- 		ctx->sinfo->sig->hash_algo = "sha224";
- 		break;
-+	case OID_gost2012Digest256:
-+		ctx->sinfo->sig->hash_algo = "streebog256";
-+		break;
-+	case OID_gost2012Digest512:
-+		ctx->sinfo->sig->hash_algo = "streebog512";
-+		break;
- 	default:
- 		printk("Unsupported digest algo: %u\n", ctx->last_oid);
- 		return -ENOPKG;
-@@ -269,6 +275,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen,
- 		ctx->sinfo->sig->pkey_algo = "rsa";
- 		ctx->sinfo->sig->encoding = "pkcs1";
- 		break;
-+	case OID_gost2012PKey256:
-+	case OID_gost2012PKey512:
-+		ctx->sinfo->sig->pkey_algo = "ecrdsa";
-+		ctx->sinfo->sig->encoding = "raw";
-+		break;
- 	default:
- 		printk("Unsupported pkey algo: %u\n", ctx->last_oid);
- 		return -ENOPKG;
--- 
-2.17.1
-

kernel-xanmod.spec

@@ -35,7 +35,7 @@
 %define patch_rel		1
 
 # Release number. Increase this before a rebuild.
-%define rpmrel			1.klp
+%define rpmrel			2
 
 %define fullrpmrel	%{rpmrel}
 
@@ -287,10 +287,6 @@ Patch111:	0001-Remove-RPM-illegal-chars-from-module-version.patch
 
 # sent to upstream, https://patchwork.kernel.org/patch/11446123/
 Patch302:	0001-sign-file-full-functionality-with-modern-LibreSSL.patch
-# Support loading GOST-signed modules
-#Patch305:	0001-crypto-support-loading-GOST-signed-kernel-modules.patch
-# Allow to off modules signature check dynamically
-#Patch306:	0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch
 
 # Disable AutoReq
 AutoReq: 	0