diff --git a/kernel.spec b/kernel.spec index 6e47af6..9b8d377 100644 --- a/kernel.spec +++ b/kernel.spec @@ -54,7 +54,7 @@ Summary: The Linux kernel %if 0%{?released_kernel} # Do we have a -stable update to apply? -%define stable_update 8 +%define stable_update 9 # Set rpm version accordingly %if 0%{?stable_update} %define stablerev %{stable_update} @@ -2161,6 +2161,10 @@ fi # # %changelog +* Thu Oct 20 2016 Justin M. Forbes - 4.7.9-100 +- Linux v4.7.9 +- CVE-2016-5195 (rhbz 1384344 1387080) + * Tue Oct 18 2016 Peter Robinson - Build in AXP20X_I2C (should fix rhbz 1352140) diff --git a/scripts/add-changelog.sh b/scripts/add-changelog.sh new file mode 100755 index 0000000..fa0157a --- /dev/null +++ b/scripts/add-changelog.sh @@ -0,0 +1,12 @@ +#!/bin/sh +# Emulate the changelog part of rpmdev-bumpspec without the bumping of the +# rev. Because Laura keeps typoing her name and the date. + +CURDATE=`date +"%a %b %d %Y"` +PACKAGER=`rpmdev-packager` +CHANGELOG="%changelog\n* $CURDATE $PACKAGER\n- $1\n" + +awk -v CHANGE="$CHANGELOG" '/%changelog/ {print CHANGE} \ + !/%changelog/ { print $0 }' \ + < kernel.spec > kernel.spec.tmp +mv kernel.spec.tmp kernel.spec diff --git a/scripts/check-patchlist.sh b/scripts/check-patchlist.sh new file mode 100755 index 0000000..134e41e --- /dev/null +++ b/scripts/check-patchlist.sh @@ -0,0 +1,113 @@ +#! /bin/sh +# This script was created in a effort to make patch management a bit easier. +# It list all the patches in the current tree and identifies if they are +# present in the kernel.spec, PatchList.txt, both files or neither. +# +# eg. ./check-patchlist.sh [optional flag] + +function usage(){ + echo "List all the patches currently in the tree. It also helps identify" + echo "if the patch is present in kernel.spec or PatchList.txt. " + echo "-h, --help " + echo "-t, --tracked patches in both kernel.spec and PatchList.txt " + echo "-p, --patchlist patches added to PatchList.txt. " + echo "-s, --specfile patches added to kernel.spec. " + echo "-n, --not-tracked patches in the tree but not in PatchList.txt " + echo " or kernel.spec " +} + +BASEDIR=$(dirname "$( cd $(dirname $BASH_SOURCE[0]) && pwd)") +pushd $BASEDIR > /dev/null + +function list_all(){ + echo "===========Legend===========================" + echo ". In kernel.spec " + echo "* In PatchList.txt " + echo "+ In PatchList.txt & Kernel.spec " + echo "- Neither in PatchList.txt nor kernel.spec" + echo "============================================" + for patch in $(ls *.patch); do + if [ ! -z "$(grep $patch PatchList.txt)" ] && [ ! -z "$(grep $patch kernel.spec)" ] + then + echo "+ ${patch}" # Patches in kernel.spec and PatchList.txt + + elif [ ! -z "$(grep $patch PatchList.txt)" ] && [ -z "$(grep $patch kernel.spec)" ] + then + echo "* ${patch}" # Patches in PatchList.txt but not in kernel.spec + + elif [ -z "$(grep $patch PatchList.txt)" ] && [ ! -z "$(grep $patch kernel.spec)" ] + then + echo ". ${patch}" # Patches in kernel.spec but not in PatchList.txt + + else + echo "- ${patch}" # Neither in PatchList.txt nor kernel.spec + + fi + done +} + +function list_present_not_added(){ + for patch in $(ls *.patch); do + if [ -z "$(grep $patch PatchList.txt)" ] && [ -z "$(grep $patch kernel.spec)" ] + then + echo $patch + fi + done +} + +function list_present_added(){ + for patch in $(ls *.patch); do + if [ ! -z "$(grep $patch PatchList.txt)" ] && [ ! -z "$(grep $patch kernel.spec)" ] + then + echo $patch + fi + done +} + +function list_patchList(){ + for patch in $(ls *.patch); do + if [ ! -z "$(grep $patch PatchList.txt)" ] && [ -z "$(grep $patch kernel.spec)" ] + then + echo $patch + fi + done + +} +function list_specfile(){ + for patch in $(ls *.patch); do + if [ -z "$(grep $patch PatchList.txt)" ] && [ ! -z "$(grep $patch kernel.spec)" ] + then + echo $patch + fi + done +} + +if [ -z "$@" ]; then + list_all +else + + for opt in "$@"; do + case $opt in + -t|--tracked) + list_present_added + ;; + -s|--specfile) + list_specfile + ;; + -h|--help) + usage + ;; + -n|--not-added) + list_present_not_added + ;; + -p|--patchlist) + list_patchList + ;; + *) + usage + ;; + esac + done +fi + +popd > /dev/null diff --git a/scripts/cross-aarch64 b/scripts/cross-aarch64 new file mode 100755 index 0000000..dc0645e --- /dev/null +++ b/scripts/cross-aarch64 @@ -0,0 +1,3 @@ +#!/bin/sh + +rpmbuild --target aarch64 --with cross --without debuginfo --without perf --without tools --define "__strip /usr/bin/aarch64-linux-gnu-strip" --rebuild $1 diff --git a/scripts/cross-arm b/scripts/cross-arm new file mode 100755 index 0000000..0aae077 --- /dev/null +++ b/scripts/cross-arm @@ -0,0 +1,3 @@ +#!/bin/sh + +rpmbuild --target armv7hl --with cross --without debuginfo --without perf --without tools --define "__strip /usr/bin/arm-linux-gnu-strip" --rebuild $1 diff --git a/scripts/fast-build.sh b/scripts/fast-build.sh new file mode 100755 index 0000000..8286a11 --- /dev/null +++ b/scripts/fast-build.sh @@ -0,0 +1,13 @@ +#! /bin/sh +# Description: +# rpmbuild combo to build the given architecture without +# debugging information, perf or tools. +# +# Sample usage: +# ./fast-build.sh x86_64 kernel-4.7.0-0.rc1.git1.2.fc25.src.rpm + +if [ -z "$1" ] || [ -z "$2" ]; then + echo "usage: $0 [ arch ] [ kernel-x.x.x.fcxx.src.rpm ] " +fi + +rpmbuild --target $1 --without debug --without debuginfo --without perf --without tools --rebuild $2 diff --git a/scripts/fixup-bumpspec.sh b/scripts/fixup-bumpspec.sh new file mode 100755 index 0000000..1a38de2 --- /dev/null +++ b/scripts/fixup-bumpspec.sh @@ -0,0 +1,10 @@ +#!/bin/sh +# rpmdev-bumpspec 'helpfully' bumps the release which we don't always want. +# This script fixes it up. + +RELEASE=`grep "%global baserelease" kernel.spec | cut -d ' ' -f 3` +export RELEASE=$(($RELEASE-1)) +perl -p -i -e 's|%global baserelease.*|%global baserelease $ENV{'RELEASE'}|' kernel.spec +TODAY=`date +"%a %b %d %Y"` +awk -v DATE="$TODAY" 'START { marked = 0; } $0 ~ DATE { if (marked == 1) { print $0 } else {out=$1; for(i = 2; i <= NF - 2; i++) { out=out" "$i } print out; marked = 1; } } $0 !~ DATE { print $0; }' < kernel.spec > kernel.spec.tmp +mv kernel.spec.tmp kernel.spec diff --git a/scripts/generate-git-snapshot.sh b/scripts/generate-git-snapshot.sh index b6fe0d6..972fd21 100755 --- a/scripts/generate-git-snapshot.sh +++ b/scripts/generate-git-snapshot.sh @@ -1,11 +1,28 @@ #!/bin/sh +# This script allows for the generation of a git snapshot between the upstream +# git tree and the current tree. # -# Set LINUX_GIT to point to an upstream Linux git tree in your .bashrc or wherever. +# Prerequisites: +# Set LINUX_GIT to point to an upstream Linux git tree in your .bashrc +# or wherever. -[ ! -d "$LINUX_GIT" ] && echo "error: set \$LINUX_GIT to point at upstream git tree" && exit 1 +# Look to see if LINUX_GIT is set in local .bashrc +if [ -f ~/.bashrc ]; then + source ~/.bashrc +fi + +if [ ! -d "$LINUX_GIT" ]; then + echo "error: set \$LINUX_GIT to point at upstream git tree" + exit 1 +fi VER=$(grep patch sources | head -n1 | awk '{ print $2 }' | sed s/patch-// | sed s/-git.*// | sed s/.xz//) +if [ -z "$VER" ] ; +then + VER=$(grep linux sources | head -1 | awk '{ print $2 }' | sed s/linux-// | sed s/.tar.xz//) +fi + OLDGIT=$(grep gitrev kernel.spec | head -n1 | sed s/%define\ gitrev\ //) export NEWGIT=$(($OLDGIT+1)) @@ -14,9 +31,11 @@ pushd $LINUX_GIT git diff v$VER.. > /tmp/patch-$VER-git$NEWGIT xz -9 /tmp/patch-$VER-git$NEWGIT DESC=$(git describe) +git rev-list --max-count=1 HEAD > /tmp/gitrev popd mv /tmp/patch-$VER-git$NEWGIT.xz . +mv /tmp/gitrev . perl -p -i -e 's|%global baserelease.*|%global baserelease 0|' kernel.spec diff --git a/scripts/generate-perf-man.sh b/scripts/generate-perf-man.sh new file mode 100755 index 0000000..27691fa --- /dev/null +++ b/scripts/generate-perf-man.sh @@ -0,0 +1,54 @@ +#!/bin/sh +# Small script to generate the perf-man tarball. The script relies on having +# LINUX_GIT set in your local .bashrc. By default the script will use the +# the kernel version of the upstream tree set in LINUX_GIT. Use --version=x.y +# to set a specific version. + +# [Default] eg. ./scritps/generate-perf-man +# eg. ./scripts/generate-perf-man --version=4.8 +function usage(){ + echo + echo "Helps generate the perf-man tarball " + echo "-h, --help " + echo + echo "./generate-perf-man.sh #Generates using upstream kernel version" + echo + echo "./generate-perf-man.sh --version=x.y #Generate using x.y version" +} + +if [ -f ~/.bashrc ]; then + source ~/.bashrc +fi + +if [ ! -d "$LINUX_GIT" ]; then + echo "Error: \$LINUX_GIT is not set to the upstream git tree." + exit 1 +fi + +BASEDIR=$(dirname "$(cd $(dirname $BASH_SOURCE[0]) && pwd)") +pushd "$LINUX_GIT" > /dev/null +KERNEL_VERSION=$( awk '/^VERSION =/ {print $3}' Makefile ) +KERNEL_PATCHLEVEL=$( awk '/^PATCHLEVEL =/ {print $3}' Makefile ) + +if [ ! -z "$@" ]; then + for opt in "$@"; do + case $opt in + --version=*.*) + version="${opt#*=}" + KERNEL_VERSION=$( awk -F. '{print $1}' <<< $version ) + KERNEL_PATCHLEVEL=$( awk -F. '{print $2}' <<< $version ) + ;; + -h | --help) + usage + exit 0 + ;; + *) + ;; + esac + done +fi +cd tools/perf/Documentation/ +make +tar -czvf $BASEDIR/perf-man-${KERNEL_VERSION}.${KERNEL_PATCHLEVEL}.tar.gz *.1 +make clean +popd diff --git a/scripts/grab-logs.sh b/scripts/grab-logs.sh index 5df5735..571b503 100755 --- a/scripts/grab-logs.sh +++ b/scripts/grab-logs.sh @@ -1,16 +1,35 @@ #!/bin/sh +# Script helps download the build logs for the current tree. +# The downloaded logs will be saved in a logs/ within the +# tree. + +BASEDIR="$(dirname "$(cd $(dirname $BASH_SOURCE[0]) && pwd)")" +pushd $BASEDIR > /dev/null VER=$(fedpkg verrel) ver=$(echo $VER | sed -e 's/-/ /g' | awk '{print $2}') rev=$(echo $VER | sed -e 's/-/ /g' | awk '{print $3}') -if [ -d logs ]; then - DIR=logs/ +# keep logs in one place. If logs directory does not exist, make it. +if [ -d "$BASEDIR/logs" ]; then + DIR="$BASEDIR/logs" else - DIR=./ + mkdir "$BASEDIR/logs" + DIR="$BASEDIR/logs" fi -wget -O $DIR/build-$VER-i686.log http://kojipkgs.fedoraproject.org/packages/kernel/$ver/$rev/data/logs/i686/build.log -wget -O $DIR/build-$VER-x86-64.log http://kojipkgs.fedoraproject.org/packages/kernel/$ver/$rev/data/logs/x86_64/build.log -wget -O $DIR/build-$VER-noarch.log http://kojipkgs.fedoraproject.org/packages/kernel/$ver/$rev/data/logs/noarch/build.log +# Common architectures that have build logs. +ARCHS[0]=i686 +ARCHS[1]=x86_64 +ARCHS[2]=noarch +ARCHS[3]=armv7hl +for arch in ${ARCHS[@]}; do + URL=http://kojipkgs.fedoraproject.org/packages/kernel/$ver/$rev/data/logs/$arch/build.log + # Only download logs if exist + wget --spider -q $URL + if [ $? -eq 0 ]; then + wget -O $DIR/build-$VER-$arch.log $URL + fi +done +popd > /dev/null diff --git a/scripts/kernel-version.sh b/scripts/kernel-version.sh new file mode 100644 index 0000000..36e0019 --- /dev/null +++ b/scripts/kernel-version.sh @@ -0,0 +1,8 @@ +VER=$(grep patch sources | head -n1 | awk '{ print $2 }' | sed s/patch-// | sed s/-git.*// | sed s/.xz//) + +if [ -z "$VER" ] ; +then + VER=$(grep linux sources | head -1 | awk '{ print $2 }' | sed s/linux-// | sed s/.tar.xz//) +fi + + diff --git a/scripts/newpatch.sh b/scripts/newpatch.sh index 0dc2e83..2d74986 100755 --- a/scripts/newpatch.sh +++ b/scripts/newpatch.sh @@ -1,21 +1,42 @@ #!/bin/sh -# Easy application of new patches. -# Always adds to the very end. (Bumps last patch nr by 100) -# Parameters: -# $1 - patch filename -# $2 - description -OLD=$(grep ^Patch kernel.spec | tail -n1 | awk '{ print $1 }' | sed s/Patch// | sed s/://) -NEW=$(($OLD/100*100+100)) +# Facilitates the addition of a new patch to the source tree. +# -- Moves patch to tree +# -- Adds patch to kernel.spec list of patches +# -- Adds patch to git +# -- change buildid macro to the name of the patch being added -sed -i "/^Patch$OLD:\ /a#\ $2\nPatch$NEW:\ $1" kernel.spec - -LAST=$(grep ^ApplyPatch kernel.spec | tail -n1 | awk '{ print $2 }') - -sed -i "/^ApplyPatch $LAST/aApplyPatch $1" kernel.spec - -cvs add $1 - -scripts/bumpspecfile.py kernel.spec "- $2" -make clog +# Base directory is relative to where the script is. +BASEDIR="$(dirname "$(cd $(dirname $BASH_SOURCE[0]) && pwd)")" +pushd $BASEDIR > /dev/null +# Check for at least patch +if [ "$#" -lt 1 ]; then + echo "usage: $0 [ /path/to/patch/ ] [ description ]" + exit 1 +fi +PATCHDIR=$1 +DESC=$2 +PATCH="$(basename "$PATCHDIR")" +# Kernel.spec file in the current tree +SPECFILE="$BASEDIR/kernel.spec" +# If adding patch from outside the source tree move it to the source tree +if [ -z "$(ls | grep $PATCH)" ]; then + cp $PATCHDIR $BASEDIR/ +fi +if [ ! -z "$(grep $PATCH $SPECFILE)" ] +then + echo "$PATCH already in kernel.spec" + exit 1 +fi +# ID number of the last patch in kernel.spec +LPATCH_ID=$(grep ^Patch $SPECFILE | tail -n1 | awk '{ print $1 }' | sed s/Patch// | sed s/://) +# ID of the next patch to be added to kernel.spec +NPATCH_ID=$(($LPATCH_ID + 1 )) +# Add patch with new id at the end of the list of patches +sed -i "/^Patch$LPATCH_ID:\ /a#\ $DESC\nPatch$NPATCH_ID:\ $PATCH" $SPECFILE +# Add it to git +git add $PATCH +BUILDID_PATCH="$(echo $PATCH | sed 's/\-/\_/g' )" +sed -i "s/^.*define buildid .*$/%define buildid .$BUILDID_PATCH/" $SPECFILE +popd > /dev/null diff --git a/scripts/rawhide-rc.sh b/scripts/rawhide-rc.sh new file mode 100755 index 0000000..2e871ee --- /dev/null +++ b/scripts/rawhide-rc.sh @@ -0,0 +1,36 @@ +#!/bin/sh +# Generate a commit for a rawhide RC release + +source scripts/kernel-version.sh + +make release +# fixup the release because rpmdev-bumpspec *sigh* +scripts/fixup-bumpspec.sh +fedpkg commit -c + +# Figure out what is our RC +RC=`grep "%define rcrev" kernel.spec| cut -d ' ' -f 3` +RC=$(($RC+1)) +BASE=`grep "%define base_sublevel" kernel.spec| cut -d ' ' -f 3` + +# Kill all patches +awk '!/patch/ { print $0 }' < sources > sources.tmp +mv sources.tmp sources + +# Grab the tarball +if [ ! -f patch-4.$BASE-rc$RC.xz ]; then + wget https://cdn.kernel.org/pub/linux/kernel/v4.x/testing/patch-4.$BASE-rc$RC.xz + if [ ! $? -eq 0 ]; then + exit 1 + fi + fedpkg upload patch-4.$BASE-rc$RC.xz +fi + +# bump rcrev in the spec and set git snapshot to 0 +RC=$RC perl -p -i -e 's|%define rcrev.*|%global rcrev $ENV{'RC'}|' kernel.spec + +perl -p -i -e 's|%define gitrev.*|%define gitrev 0|' kernel.spec + +perl -p -i -e 's|%global baserelease.*|%global baserelease 0|' kernel.spec + +rpmdev-bumpspec -c "Linux v4.$BASE-rc$RC" kernel.spec diff --git a/scripts/rawhide-snapshot.sh b/scripts/rawhide-snapshot.sh new file mode 100755 index 0000000..b96bd38 --- /dev/null +++ b/scripts/rawhide-snapshot.sh @@ -0,0 +1,59 @@ +#!/bin/sh +# A coffeeproof rawhide script. You should be able to run this before the +# coffee has kicked in and generate a good rawhide commit. +# +# - Updates the local Fedora tree to master and verifies that you are working +# off of the correct master +# - Updates the upstream tree to the latest master. +# - Generates a git snapshot via generate-git-snapshot.sh +# - Clears out old git snapshots from the sources +# - Uploads the new snapshot + +source scripts/kernel-version.sh + +git fetch origin +if [ "$(git rev-parse origin/master)" != "$(git rev-parse HEAD)" ]; then + echo "I just did a git fetch and this branch does not match master" + echo "Re-check out this branch to work off of the latest master" + exit 1 +fi + +if [ ! -d "$LINUX_GIT" ]; then + echo "error: set \$LINUX_GIT to point at an upstream git tree" + exit 1 +fi + +git -C $LINUX_GIT pull +if [ ! $? -eq 0 ]; then + echo "Git pull failed. Is your tree clean/correct?" + exit 1 +fi + +git -C $LINUX_GIT describe --tags HEAD | grep -q "\-g" +if [ ! $? -eq 0 ]; then + echo "Trying to snapshot off of a tagged git." + echo "I don't think this is what you want" + exit 1 +fi + +if [ "$(git -C $LINUX_GIT rev-parse origin/master)" == `cat gitrev` ]; then + echo "Last snapshot commit matches current master. Nothing to do" + echo "\o/" + exit 0 +fi + +GIT=`grep "%define gitrev" kernel.spec | cut -d ' ' -f 3` +if [ "$GIT" -eq 0 ]; then + make debug + ./scripts/fixup-bumpspec.sh + fedpkg commit -c +fi + +./scripts/generate-git-snapshot.sh + +#Nuke the old patch from the source +awk '!/git/ { print $0 }' < sources > sources.tmp +mv sources.tmp sources + +GIT=`grep "%define gitrev" kernel.spec | cut -d ' ' -f 3` +fedpkg upload patch-$VER-git$GIT.xz diff --git a/scripts/stable-update.sh b/scripts/stable-update.sh new file mode 100755 index 0000000..eefd9a9 --- /dev/null +++ b/scripts/stable-update.sh @@ -0,0 +1,67 @@ +#!/bin/sh +# +# Author: Laura Abbott +# +# Apply a stable patch update to the Fedora tree. This takes care of +# - Downloading the patch from kernel.org +# - Uploading the source file +# - Removing old patch files +# - Updating the spec file stable version +# - Adding a proper changelog entry +# +# Based on steps from https://fedoraproject.org/wiki/Kernel/DayToDay#Stable_kernel_update +# +# Args: Stable version to update (e.g. 4.7.7, 4.8.1) + +if [ $# -lt 1 ]; then + echo "Need a version" + exit 1 +fi + +VERSION=`echo $1 | cut -d . -f 1` +if [ -z $VERSION ]; then + echo "Malformed version $1" + exit 1 +fi +PATCHLEVEL=`echo $1 | cut -d . -f 2` +if [ -z $VERSION ]; then + echo "Malformed version $1" + exit 1 +fi +SUBLEVEL=`echo $1 | cut -d . -f 3` +if [ -z $VERSION ]; then + echo "Malformed version $1" + exit 1 +fi + +if [ ! -f patch-$1.xz ]; then + wget https://cdn.kernel.org/pub/linux/kernel/v4.x/patch-$1.xz + if [ ! $? -eq 0 ]; then + echo "Download fail" + exit 1 + fi +fi + +grep $1 sources &> /dev/null +if [ ! $? -eq 0 ]; then + fedpkg upload patch-$1.xz + + # Cryptic awk: search for the previous patch level (if one exists) and + # remove it from the source file + awk -v VER=$VERSION.$PATCHLEVEL.$((SUBLEVEL-1)) '$0 !~ VER { print $0; }' < sources > sources.tmp + mv sources.tmp sources +fi + +# Update the stable level +awk -v STABLE=$SUBLEVEL '/%define stable_update/ \ + { print "%define stable_update " STABLE } \ + !/%define stable_update/ { print $0 }' \ + < kernel.spec > kernel.spec.tmp +mv kernel.spec.tmp kernel.spec + +# Reset the base release for use with rpmdev-bumpspec +BASERELEASE=`cat kernel.spec | grep "%global baserelease" | cut -d ' ' -f 3 | head -c 1`00 +BASERELEASE=$(($BASERELEASE-1)) +BASERELEASE=$BASERELEASE perl -p -i -e 's|%global baserelease.*|%global baserelease $ENV{'BASERELEASE'}|' kernel.spec + +rpmdev-bumpspec -c "Linux v$1" kernel.spec diff --git a/sources b/sources index a9d57d1..fb1dc8e 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ 5276563eb1f39a048e4a8a887408c031 linux-4.7.tar.xz fe259c02c75eec61d1aa4b1211f3c853 perf-man-4.7.tar.gz -106560e20e26ef3225dac71539fe3531 patch-4.7.8.xz +28f6b3a4bf77710cbffbee17afcf7ae2 patch-4.7.9.xz