Commit Graph

893 Commits

Author SHA1 Message Date
Fabian Grünbichler
14107dc511 build: add pve-kernel-X.Y-pve-signed-template
the signed template together with the binary package(s) containing the unsigned
files form the input to our secure boot signing service.

the signed template consists of
- files.json (specifying which files are signed how and by which key)
- packaging template used to build the signed package(s)

the signing service
- extracts and checks the signed-template binary package
- extracts the unsigned package(s)
- signs the needed files
- packs up the signatures + the template contained in the signed-template
  package into the signed source package

the signed source package can then be built in the regular fashion (in case of
the kernel packages, it will copy the kernel image, modules and some helper
files from the unsigned package, attach the signature created by the signing
service, and re-pack the result as signed-kernel package).

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2023-04-05 10:16:11 +02:00
Fabian Grünbichler
e7d49e787a add Proxmox UEFI certificates
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2023-04-05 10:15:43 +02:00
Fabian Grünbichler
360ed44476 build: sign modules and set trust anchor/lockdown
this is required for secure boot support.

at build time, an ephemeral key pair will be generated and all built modules
will be signed with it. the private key is discarded, and the public key
embedded in the kernel image for signature validation at module load time.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2023-03-17 12:00:11 +01:00
Thomas Lamprecht
e1ca9ca51d update ABI file for 6.2.6-1-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-15 09:55:06 +01:00
Thomas Lamprecht
82426c7c10 update fwlist for 6.2.6
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-15 09:23:37 +01:00
Thomas Lamprecht
8a82ea07f9 bump version to 6.2.2-2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-15 09:23:37 +01:00
Thomas Lamprecht
af0b394907 update to Ubuntu-6.2.0-17.17
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-14 18:07:40 +01:00
Thomas Lamprecht
3509d749af update ABI file for 6.2.2-1-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-13 18:18:39 +01:00
Thomas Lamprecht
e1c527fbd0 bump version to 6.2.2-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-13 17:57:09 +01:00
Thomas Lamprecht
97d08b747c update to Ubuntu-6.2.0-16.16
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-13 17:56:47 +01:00
Thomas Lamprecht
b032345298 update fwlist for 6.2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-09 08:52:16 +01:00
Thomas Lamprecht
24d804a086 update and drop applied patches for 6.2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-08 12:29:55 +01:00
Thomas Lamprecht
fd2107cc91 prepare for 6.2 release
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-08 12:07:25 +01:00
Thomas Lamprecht
43ea729172 buildsys: avoid that to new usr header get uploaded for bullseye
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-08 12:07:25 +01:00
Thomas Lamprecht
8977e76d1e update ABI file for 6.1.15-1-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-08 12:05:18 +01:00
Thomas Lamprecht
2367ef4bab bump version to 6.1.15-2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-08 10:34:04 +01:00
Thomas Lamprecht
cfb3869212 update submodule and patches to 6.1.15
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-08 09:50:30 +01:00
Fiona Ebner
3d016e115f add patch to fix issue with large IO requests
Several people reported IO-related issues since kernel 6.1.6 [0].
Things got better with 6.1.10, but apparently the issues are not fully
resolved (e.g. [1]).

I ran into an issue with PBS backup of a VM with passed-through disks
(error with 6.1.6, hang with 6.1.10+) and found that the issue did not
occur anymore with v6.3-rc1. Bisecting what fixed the issue led to the
commit in this patch. The hope is that it fixes some other issues too.

The commit has a CC-stable tag for 5.15+, but telling from the absence
of user reports, it was much less likely to trigger before 6.1.x (it's
not clear what x is, because of the other issue in 6.1.6). The commit
says it depends on 613b14884b85 ("block: handle bio_split_to_limits()
NULL return") which is already present as a3f1c82e0413 ("block:
handle bio_split_to_limits() NULL return") in the Ubuntu tree.

[0]: https://forum.proxmox.com/threads/119483/post-530365
[1]: https://forum.proxmox.com/threads/119483/post-537991

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
2023-03-07 19:38:11 +01:00
Thomas Lamprecht
8b2b9abefa update ABI file for 6.1.14-1-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-03-01 08:43:05 +01:00
Thomas Lamprecht
4048746049 bump version to 6.1.14-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-02-27 18:09:53 +01:00
Thomas Lamprecht
fc2b61b134 update submodule and patches to 6.1.14
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-02-27 18:09:00 +01:00
Thomas Lamprecht
3a6fd39fe7 d/rules: fix misspelled changelog date variable
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-02-10 16:40:14 +01:00
Thomas Lamprecht
9fde3ef1c6 wireless: Add Debian wireless-regdb certificates
so that plain Debian crda + wireless-regdb can work, alternatively we
could disable CRDA and bake in the regdb directly in the kernel,
using the CFG80211_INTERNAL_REGDB KConfig.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-02-10 12:48:20 +01:00
Thomas Lamprecht
0ce1c2c075 update previous fwlist
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-02-07 14:46:16 +01:00
Thomas Lamprecht
9810669ddf bump version to 6.1.10-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-02-07 14:10:16 +01:00
Thomas Lamprecht
7c0483e8cd update to Proxmox-6.1.10-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-02-07 14:09:31 +01:00
Fabian Grünbichler
826eb0ff89 build: re-enable BTF
but allow discarding BTF information when loading modules, so that upgrades
which are otherwise ABI compatible still work. this allows using BTF
information when matching and available, while degrading gracefully if the
currently running kernel is not identical to the one that module was built for.

in case of a mismatch, the kernel will log a warning when loading the module,
for example:

Jan 30 13:57:58 test kernel: BPF:          type_id=184 bits_offset=4096
Jan 30 13:57:58 test kernel: BPF:
Jan 30 13:57:58 test kernel: BPF: Invalid name
Jan 30 13:57:58 test kernel: BPF:
Jan 30 13:57:58 test kernel: failed to validate module [bonding] BTF: -22

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2023-01-31 17:44:18 +01:00
Thomas Lamprecht
2162f4c4e7 backport fix for CPU stalls with hugepage in use
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-01-31 10:21:37 +01:00
Wolfgang Bumiller
3ffc526456 d/control: add linux-initramfs-tool as alternative
This is provdied by both initramfs-tools and dracut.
Required to be able to use dracut in place of
initramfs-tools.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2023-01-30 09:41:52 +01:00
Thomas Lamprecht
4b70e25984 update ABI file for 6.1.6-1-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-01-28 15:28:10 +01:00
Thomas Lamprecht
6305b31642 bump version to 6.1.6-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-01-28 15:06:33 +01:00
Thomas Lamprecht
8da6dd78ce update ZFS to 2.1.9
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-01-28 15:06:24 +01:00
Thomas Lamprecht
5ddf42542e rebase patches on top of Ubuntu-6.1.0-14.14
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-01-28 15:01:34 +01:00
Thomas Lamprecht
b7cd468287 update sources to Ubuntu-6.1.0-14.14
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-01-28 15:01:34 +01:00
Thomas Lamprecht
28761ee886 change submodule url to ubuntu-kernel
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-01-25 16:37:05 +01:00
Thomas Lamprecht
8e0208d23b update ZFS to 2.1.8
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-01-25 09:10:46 +01:00
Thomas Lamprecht
3203bc7c65 update ABI file for 6.1.2-1-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-01-10 09:49:13 +01:00
Thomas Lamprecht
7d2d23be68 bump version to 6.1.2-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-01-10 08:53:57 +01:00
Thomas Lamprecht
3ba39b6c0a rever fortify patch that breaks our gcc 10.2
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-01-10 08:53:57 +01:00
Thomas Lamprecht
4d1db3083c backport some fixes-fixes from v6.1.4
found with

 git log --decorate v5.16^..v6.1.4 -- Makefile kernel/ secuirty drivers/ fs \
   block mm net virt/ ipc init arch/x86/ | ~/gitdm/stablefixes \
   --fixed-after v6.1.2 --regressed-before v6.1.2

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-01-07 14:52:24 +01:00
Thomas Lamprecht
a0a93ff7fe revert two stable patches that have reports about regressions
we never released them yet (only introduced after 6.1.0), but there
are upstream reports about regressions for them at:
https://lore.kernel.org/netdev/CAK8fFZ5pzMaw3U1KXgC_OK4shKGsN=HDcR62cfPOuL0umXE1Ww@mail.gmail.com/
https://lore.kernel.org/netdev/CAK8fFZ6A_Gphw_3-QMGKEFQk=sfCw1Qmq0TVZK3rtAi7vb621A@mail.gmail.com/

So do a preventive revert.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-01-07 13:52:36 +01:00
Thomas Lamprecht
898be11352 rebase patches on top of Ubuntu-6.1.0-12.12
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-01-07 13:45:05 +01:00
Thomas Lamprecht
5e31f96e2c update sources to Ubuntu-6.1.0-12.12
(generated with debian/scripts/import-upstream-tag)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-01-07 13:42:55 +01:00
Thomas Lamprecht
add5e35014 update ZFS submodule with open TMPFILE fixes for Linux 6.1 compat
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-01-07 13:27:32 +01:00
Thomas Lamprecht
23214d3d31 d/rules: enable budiling the userspace block driver as module
Requested-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-12-19 16:33:51 +01:00
Thomas Lamprecht
d53796d63c readme: update for current source state
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-12-13 18:07:40 +01:00
Thomas Lamprecht
71031b0bc3 d/rules: use UTC ISO format for build timestamp
same info but shorter, avoiding cut-off on `uname -a` output due to
the relatively newly changed and reported "SMP PREEMPT_DYNAMIC" mode.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-12-13 17:58:52 +01:00
Thomas Lamprecht
e911b5aabc update ABI file for 6.1.0-1-pve
(generated with debian/scripts/abi-generate)

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-12-13 15:50:53 +01:00
Thomas Lamprecht
704a0976ef update fwlist-previous
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-12-13 15:10:10 +01:00
Thomas Lamprecht
67ec0da236 bump version to 6.1.0-1
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-12-13 15:09:59 +01:00