diff --git a/debian_iso_image.inc b/debian_iso_image.inc index 8a429b3e0..28c6b9db7 100644 --- a/debian_iso_image.inc +++ b/debian_iso_image.inc @@ -189,12 +189,6 @@ lvm2 #keyrings.alt python3-keyrings.alt -#kpatch-0.9.5 -kpatch -kpatch-build -kpatch-prebuilt -kpatch-prebuilt-rt - #kubernetes-x (-master, -misc, -unit-test used only for build) #kubernetes-1.21.8 kubernetes-1.21.8-client diff --git a/debian_pkg_dirs b/debian_pkg_dirs index 438aac600..406e81584 100644 --- a/debian_pkg_dirs +++ b/debian_pkg_dirs @@ -75,7 +75,6 @@ kubernetes/plugins/kubectl-cert-manager kubernetes/runc ldap/ldapscripts ldap/openldap -livepatch/kpatch networking/dpdk networking/ifupdown-extra networking/iputils diff --git a/livepatch/kpatch/debian/deb_folder/changelog b/livepatch/kpatch/debian/deb_folder/changelog deleted file mode 100644 index 21664ee94..000000000 --- a/livepatch/kpatch/debian/deb_folder/changelog +++ /dev/null @@ -1,5 +0,0 @@ -kpatch (0.9.5-1) stable; urgency=medium - - * Initial release. - - -- Zhixiong Chi Tue, 22 Feb 2022 07:47:56 +0000 diff --git a/livepatch/kpatch/debian/deb_folder/compat b/livepatch/kpatch/debian/deb_folder/compat deleted file mode 100644 index b1bd38b62..000000000 --- a/livepatch/kpatch/debian/deb_folder/compat +++ /dev/null @@ -1 +0,0 @@ -13 diff --git a/livepatch/kpatch/debian/deb_folder/control b/livepatch/kpatch/debian/deb_folder/control deleted file mode 100644 index e6c022536..000000000 --- a/livepatch/kpatch/debian/deb_folder/control +++ /dev/null @@ -1,46 +0,0 @@ -# Copyright (c) 2022 Wind River Systems, Inc. -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. The ASF licenses this -# file to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -Source: kpatch -Section: kernel -Priority: optional -Maintainer: Zhixiong Chi -Build-Depends: libelf-dev, debhelper (>= 13) -Standards-Version: 4.5.1 -Homepage: http://github.com/dynup/kpatch - - -Package: kpatch -Architecture: linux-amd64 -Multi-Arch: foreign -Depends: ${misc:Depends}, ${shlibs:Depends} -Description: Runtime tools for Kpatch - kpatch is a Linux dynamic kernel patching tool which allows you to patch a - running kernel without rebooting or restarting any processes. It enables - sysadmins to apply critical security patches to the kernel immediately, without - having to wait for long-running tasks to complete, users to log off, or - for scheduled reboot windows. It gives more control over up-time without - sacrificing security or stability. - -Package: kpatch-build -Architecture: linux-amd64 -Depends: ${shlibs:Depends}, ${misc:Depends} -Suggests: ccache -Description: Build Tools for Kpatch and Livepatch - kpatch-build is a tool that can build both kpatch and livepatch modules from - a given patch. - diff --git a/livepatch/kpatch/debian/deb_folder/copyright b/livepatch/kpatch/debian/deb_folder/copyright deleted file mode 100644 index 211c4a61b..000000000 --- a/livepatch/kpatch/debian/deb_folder/copyright +++ /dev/null @@ -1,767 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: kpatch -Source: http://github.com/dynup/kpatch - -Files: debian/* -Copyright: (c) 2022 Wind River Systems, Inc. -License: Apache-2 - Licensed to the Apache Software Foundation (ASF) under one - or more contributor license agreements. The ASF licenses this - file to you under the Apache License, Version 2.0 (the - "License"); you may not use this file except in compliance - with the License. You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, - software distributed under the License is distributed on an - "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - KIND, either express or implied. See the License for the - specific language governing permissions and limitations - under the License. - -Files: .github/workflows/unit.yml - .gitignore - .gitmodules - .travis.yml - Makefile - Makefile.inc - contrib/Makefile - contrib/kpatch.service - contrib/kpatch.spec - doc/patch-author-guide.md - examples/* - kmod/Makefile - kmod/core/Makefile - kmod/patch/Makefile - kmod/patch/kpatch-macros.h - kmod/patch/kpatch.lds.S - kpatch-build/Makefile - kpatch-build/gcc-plugins/* - kpatch-build/insn/inat-tables.c - kpatch-build/kpatch-cc - kpatch-build/kpatch.h - kpatch-build/log.h - kpatch-build/lookup.h - kpatch/Makefile - man/Makefile - test/* -Copyright: __NO_COPYRIGHT_NOR_LICENSE__ -License: __NO_COPYRIGHT_NOR_LICENSE__ - -Files: kmod/patch/kpatch-patch-hook.c - kmod/patch/livepatch-patch-hook.c - kmod/patch/patch-hook.c - kpatch-build/create-klp-module.c - kpatch-build/create-kpatch-module.c - kpatch-build/kpatch-elf.h - kpatch-build/kpatch-intermediate.h - kpatch-build/list.h - kpatch-build/lookup.c -Copyright: 2013-2014 Josh Poimboeuf - 2014-2015 Seth Jennings - __NO_COPYRIGHT__ in: kpatch-build/create-klp-module.c - __NO_COPYRIGHT__ in: kpatch-build/create-kpatch-module.c - __NO_COPYRIGHT__ in: kpatch-build/kpatch-elf.h - __NO_COPYRIGHT__ in: kpatch-build/kpatch-intermediate.h -License: GPL-2.0+ - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA, - 02110-1301, USA. - . - On Debian systems, the complete text of the GNU General Public License - Version 2 can be found in `/usr/share/common-licenses/GPL-2'. - -Files: kpatch-build/insn/asm/inat.h - kpatch-build/insn/asm/insn.h - kpatch-build/insn/inat.c - kpatch-build/insn/insn.c -Copyright: 2002-2009 IBM Corporation, - __NO_COPYRIGHT__ in: kpatch-build/insn/asm/inat.h - __NO_COPYRIGHT__ in: kpatch-build/insn/inat.c -License: GPL-2.0+ - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - . - The FSF address in the above text is the old one. - . - On Debian systems, the complete text of the GNU General Public License - Version 2 can be found in `/usr/share/common-licenses/GPL-2'. - -Files: man/kpatch-build.1 - man/kpatch.1 -Copyright: 2013-2014 Josh Poimboeuf - 2014 Seth Jennings and Josh Poimboeuf - 2014 Seth Jennings , Copyright (C) -License: __NO_LICENSE__ - -Files: kpatch/kpatch -Copyright: 2014 Josh Poimboeuf - 2014 Seth Jennings -License: GPL-2.0+ - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA, - 02110-1301, USA. - . - This is the kpatch user script that manages installing, loading, and - displaying information about kernel patch modules installed on the system. - . - On Debian systems, the complete text of the GNU General Public License - Version 2 can be found in `/usr/share/common-licenses/GPL-2'. - -Files: kpatch-build/kpatch-build -Copyright: 2013-2014 Josh Poimboeuf - 2014 Seth Jennings -License: GPL-2.0+ - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA, - 02110-1301, USA. - . - This script takes a patch based on the version of the kernel - currently running and creates a kernel module that will - replace modified functions in the kernel such that the - patched code takes effect. - . - This script: - - Either uses a specified kernel source directory or downloads the kernel - source package for the currently running kernel - - Unpacks and prepares the source package for building if necessary - - Builds the base kernel or module - - Builds the patched kernel/module and monitors changed objects - - Builds the patched objects with gcc flags -f[function|data]-sections - - Runs kpatch tools to create and link the patch kernel module - . - On Debian systems, the complete text of the GNU General Public License - Version 2 can be found in `/usr/share/common-licenses/GPL-2'. - -Files: kpatch-build/insn/asm/inat_types.h -Copyright: __NO_COPYRIGHT__ in: kpatch-build/insn/asm/inat_types.h -License: GPL-2.0+ - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. - . - Instruction attributes - . - The FSF address in the above text is the old one. - . - On Debian systems, the complete text of the GNU General Public License - Version 2 can be found in `/usr/share/common-licenses/GPL-2'. - -Files: kmod/core/shadow.c -Copyright: 2014 Josh Poimboeuf - 2014 Seth Jennings -License: GPL-2.0+ - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program; if not, see . - . - kpatch shadow variables - . - These functions can be used to add new "shadow" fields to existing data - structures. For example, to allocate a "newpid" variable associated with an - . - On Debian systems, the complete text of the GNU General Public License - Version 2 can be found in `/usr/share/common-licenses/GPL-2'. - -Files: kmod/core/core.c -Copyright: 2013-2014 Josh Poimboeuf - 2014 Seth Jennings -License: GPL-2.0+ - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program; if not, see . - . - kpatch core module - . - Patch modules register with this module to redirect old functions to new - functions. - . - For each function patched by the module we must: - . - On Debian systems, the complete text of the GNU General Public License - Version 2 can be found in `/usr/share/common-licenses/GPL-2'. - -Files: kmod/core/kpatch.h -Copyright: 2013-2014 Josh Poimboeuf - 2014 Seth Jennings -License: GPL-2.0+ - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program; if not, see . - . - Contains the API for the core kpatch module used by the patch modules - . - On Debian systems, the complete text of the GNU General Public License - Version 2 can be found in `/usr/share/common-licenses/GPL-2'. - -Files: README.md -Copyright: __NO_COPYRIGHT__ in: README.md -License: GPL-2.0+ - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. - . - On Debian systems, the complete text of the GNU General Public License - Version 2 can be found in `/usr/share/common-licenses/GPL-2'. - -Files: kpatch-build/kpatch-elf.c -Copyright: __NO_COPYRIGHT__ in: kpatch-build/kpatch-elf.c -License: GPL-2.0+ - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA, - 02110-1301, USA. - . - This file provides a common api to create, inspect, and manipulate - . - On Debian systems, the complete text of the GNU General Public License - Version 2 can be found in `/usr/share/common-licenses/GPL-2'. - -Files: kmod/patch/kpatch-patch.h -Copyright: 2014 Josh Poimboeuf -License: GPL-2.0+ - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program; if not, see . - . - Contains the structs used for the patch module special sections - . - On Debian systems, the complete text of the GNU General Public License - Version 2 can be found in `/usr/share/common-licenses/GPL-2'. - -Files: kpatch-build/create-diff-object.c -Copyright: 2013-2014 Josh Poimboeuf - 2014 Seth Jennings -License: GPL-2.0+ - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA, - 02110-1301, USA. - . - This file contains the heart of the ELF object differencing engine. - . - The tool takes two ELF objects from two versions of the same source - file; a "orig" object and a "patched" object. These object need to have - been compiled with the -ffunction-sections and -fdata-sections GCC options. - . - The tool compares the objects at a section level to determine what - sections have changed. Once a list of changed sections has been generated, - various rules are applied to determine any object local sections that - are dependencies of the changed section and also need to be included in - the output object. - . - On Debian systems, the complete text of the GNU General Public License - Version 2 can be found in `/usr/share/common-licenses/GPL-2'. - -Files: test/integration/kpatch-test -Copyright: 2014 Josh Poimboeuf -License: GPL-2.0+ - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public License - as published by the Free Software Foundation; either version 2 - of the License, or (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA, - 02110-1301, USA. - . - This is a basic integration test framework for kpatch, which tests building, - loading, and unloading patches, as well as any other related custom tests. - . - This script looks for test input files in the current directory. It expects - certain file naming conventions: - . - - foo.patch: patch that should build successfully - . - - bar-FAIL.patch: patch that should fail to build - . - - foo-LOADED.test: executable which tests whether the foo.patch module is - loaded. It will be used to test that loading/unloading the patch module - works as expected. - . - Any other *.test files will be executed after all the patch modules have been - built from the *.patch files. They can be used for more custom tests above - and beyond the simple loading and unloading tests. - . - On Debian systems, the complete text of the GNU General Public License - Version 2 can be found in `/usr/share/common-licenses/GPL-2'. - -Files: contrib/kpatch.conf -Copyright: 2018 Amazon.com, Inc. or its affiliates. -License: __UNKNOWN__ - This upstart version lacks the ability of unloading modules with - the "stop" directive, as upstart does not support a feature like - systemd's RemainAfterExit option. - -#---------------------------------------------------------------------------- -# Files marked as NO_LICENSE_TEXT_FOUND may be covered by the following -# license/copyright files. - -#---------------------------------------------------------------------------- -# License file: COPYING - GNU GENERAL PUBLIC LICENSE - Version 2, June 1991 - . - Copyright (C) 1989, 1991 Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - . - Preamble - . - The licenses for most software are designed to take away your - freedom to share and change it. By contrast, the GNU General Public - License is intended to guarantee your freedom to share and change free - software--to make sure the software is free for all its users. This - General Public License applies to most of the Free Software - Foundation's software and to any other program whose authors commit to - using it. (Some other Free Software Foundation software is covered by - the GNU Lesser General Public License instead.) You can apply it to - your programs, too. - . - When we speak of free software, we are referring to freedom, not - price. Our General Public Licenses are designed to make sure that you - have the freedom to distribute copies of free software (and charge for - this service if you wish), that you receive source code or can get it - if you want it, that you can change the software or use pieces of it - in new free programs; and that you know you can do these things. - . - To protect your rights, we need to make restrictions that forbid - anyone to deny you these rights or to ask you to surrender the rights. - These restrictions translate to certain responsibilities for you if you - distribute copies of the software, or if you modify it. - . - For example, if you distribute copies of such a program, whether - gratis or for a fee, you must give the recipients all the rights that - you have. You must make sure that they, too, receive or can get the - source code. And you must show them these terms so they know their - rights. - . - We protect your rights with two steps: (1) copyright the software, and - (2) offer you this license which gives you legal permission to copy, - distribute and/or modify the software. - . - Also, for each author's protection and ours, we want to make certain - that everyone understands that there is no warranty for this free - software. If the software is modified by someone else and passed on, we - want its recipients to know that what they have is not the original, so - that any problems introduced by others will not reflect on the original - authors' reputations. - . - Finally, any free program is threatened constantly by software - patents. We wish to avoid the danger that redistributors of a free - program will individually obtain patent licenses, in effect making the - program proprietary. To prevent this, we have made it clear that any - patent must be licensed for everyone's free use or not licensed at all. - . - The precise terms and conditions for copying, distribution and - modification follow. - . - GNU GENERAL PUBLIC LICENSE - TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION - . - 0. This License applies to any program or other work which contains - a notice placed by the copyright holder saying it may be distributed - under the terms of this General Public License. The "Program", below, - refers to any such program or work, and a "work based on the Program" - means either the Program or any derivative work under copyright law: - that is to say, a work containing the Program or a portion of it, - either verbatim or with modifications and/or translated into another - language. (Hereinafter, translation is included without limitation in - the term "modification".) Each licensee is addressed as "you". - . - Activities other than copying, distribution and modification are not - covered by this License; they are outside its scope. The act of - running the Program is not restricted, and the output from the Program - is covered only if its contents constitute a work based on the - Program (independent of having been made by running the Program). - Whether that is true depends on what the Program does. - . - 1. You may copy and distribute verbatim copies of the Program's - source code as you receive it, in any medium, provided that you - conspicuously and appropriately publish on each copy an appropriate - copyright notice and disclaimer of warranty; keep intact all the - notices that refer to this License and to the absence of any warranty; - and give any other recipients of the Program a copy of this License - along with the Program. - . - You may charge a fee for the physical act of transferring a copy, and - you may at your option offer warranty protection in exchange for a fee. - . - 2. You may modify your copy or copies of the Program or any portion - of it, thus forming a work based on the Program, and copy and - distribute such modifications or work under the terms of Section 1 - above, provided that you also meet all of these conditions: - . - a) You must cause the modified files to carry prominent notices - stating that you changed the files and the date of any change. - . - b) You must cause any work that you distribute or publish, that in - whole or in part contains or is derived from the Program or any - part thereof, to be licensed as a whole at no charge to all third - parties under the terms of this License. - . - c) If the modified program normally reads commands interactively - when run, you must cause it, when started running for such - interactive use in the most ordinary way, to print or display an - announcement including an appropriate copyright notice and a - notice that there is no warranty (or else, saying that you provide - a warranty) and that users may redistribute the program under - these conditions, and telling the user how to view a copy of this - License. (Exception: if the Program itself is interactive but - does not normally print such an announcement, your work based on - the Program is not required to print an announcement.) - . - These requirements apply to the modified work as a whole. If - identifiable sections of that work are not derived from the Program, - and can be reasonably considered independent and separate works in - themselves, then this License, and its terms, do not apply to those - sections when you distribute them as separate works. But when you - distribute the same sections as part of a whole which is a work based - on the Program, the distribution of the whole must be on the terms of - this License, whose permissions for other licensees extend to the - entire whole, and thus to each and every part regardless of who wrote it. - . - Thus, it is not the intent of this section to claim rights or contest - your rights to work written entirely by you; rather, the intent is to - exercise the right to control the distribution of derivative or - collective works based on the Program. - . - In addition, mere aggregation of another work not based on the Program - with the Program (or with a work based on the Program) on a volume of - a storage or distribution medium does not bring the other work under - the scope of this License. - . - 3. You may copy and distribute the Program (or a work based on it, - under Section 2) in object code or executable form under the terms of - Sections 1 and 2 above provided that you also do one of the following: - . - a) Accompany it with the complete corresponding machine-readable - source code, which must be distributed under the terms of Sections - 1 and 2 above on a medium customarily used for software interchange; or, - . - b) Accompany it with a written offer, valid for at least three - years, to give any third party, for a charge no more than your - cost of physically performing source distribution, a complete - machine-readable copy of the corresponding source code, to be - distributed under the terms of Sections 1 and 2 above on a medium - customarily used for software interchange; or, - . - c) Accompany it with the information you received as to the offer - to distribute corresponding source code. (This alternative is - allowed only for noncommercial distribution and only if you - received the program in object code or executable form with such - an offer, in accord with Subsection b above.) - . - The source code for a work means the preferred form of the work for - making modifications to it. For an executable work, complete source - code means all the source code for all modules it contains, plus any - associated interface definition files, plus the scripts used to - control compilation and installation of the executable. However, as a - special exception, the source code distributed need not include - anything that is normally distributed (in either source or binary - form) with the major components (compiler, kernel, and so on) of the - operating system on which the executable runs, unless that component - itself accompanies the executable. - . - If distribution of executable or object code is made by offering - access to copy from a designated place, then offering equivalent - access to copy the source code from the same place counts as - distribution of the source code, even though third parties are not - compelled to copy the source along with the object code. - . - 4. You may not copy, modify, sublicense, or distribute the Program - except as expressly provided under this License. Any attempt - otherwise to copy, modify, sublicense or distribute the Program is - void, and will automatically terminate your rights under this License. - However, parties who have received copies, or rights, from you under - this License will not have their licenses terminated so long as such - parties remain in full compliance. - . - 5. You are not required to accept this License, since you have not - signed it. However, nothing else grants you permission to modify or - distribute the Program or its derivative works. These actions are - prohibited by law if you do not accept this License. Therefore, by - modifying or distributing the Program (or any work based on the - Program), you indicate your acceptance of this License to do so, and - all its terms and conditions for copying, distributing or modifying - the Program or works based on it. - . - 6. Each time you redistribute the Program (or any work based on the - Program), the recipient automatically receives a license from the - original licensor to copy, distribute or modify the Program subject to - these terms and conditions. You may not impose any further - restrictions on the recipients' exercise of the rights granted herein. - You are not responsible for enforcing compliance by third parties to - this License. - . - 7. If, as a consequence of a court judgment or allegation of patent - infringement or for any other reason (not limited to patent issues), - conditions are imposed on you (whether by court order, agreement or - otherwise) that contradict the conditions of this License, they do not - excuse you from the conditions of this License. If you cannot - distribute so as to satisfy simultaneously your obligations under this - License and any other pertinent obligations, then as a consequence you - may not distribute the Program at all. For example, if a patent - license would not permit royalty-free redistribution of the Program by - all those who receive copies directly or indirectly through you, then - the only way you could satisfy both it and this License would be to - refrain entirely from distribution of the Program. - . - If any portion of this section is held invalid or unenforceable under - any particular circumstance, the balance of the section is intended to - apply and the section as a whole is intended to apply in other - circumstances. - . - It is not the purpose of this section to induce you to infringe any - patents or other property right claims or to contest validity of any - such claims; this section has the sole purpose of protecting the - integrity of the free software distribution system, which is - implemented by public license practices. Many people have made - generous contributions to the wide range of software distributed - through that system in reliance on consistent application of that - system; it is up to the author/donor to decide if he or she is willing - to distribute software through any other system and a licensee cannot - impose that choice. - . - This section is intended to make thoroughly clear what is believed to - be a consequence of the rest of this License. - . - 8. If the distribution and/or use of the Program is restricted in - certain countries either by patents or by copyrighted interfaces, the - original copyright holder who places the Program under this License - may add an explicit geographical distribution limitation excluding - those countries, so that distribution is permitted only in or among - countries not thus excluded. In such case, this License incorporates - the limitation as if written in the body of this License. - . - 9. The Free Software Foundation may publish revised and/or new versions - of the General Public License from time to time. Such new versions will - be similar in spirit to the present version, but may differ in detail to - address new problems or concerns. - . - Each version is given a distinguishing version number. If the Program - specifies a version number of this License which applies to it and "any - later version", you have the option of following the terms and conditions - either of that version or of any later version published by the Free - Software Foundation. If the Program does not specify a version number of - this License, you may choose any version ever published by the Free Software - Foundation. - . - 10. If you wish to incorporate parts of the Program into other free - programs whose distribution conditions are different, write to the author - to ask for permission. For software which is copyrighted by the Free - Software Foundation, write to the Free Software Foundation; we sometimes - make exceptions for this. Our decision will be guided by the two goals - of preserving the free status of all derivatives of our free software and - of promoting the sharing and reuse of software generally. - . - NO WARRANTY - . - 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY - FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN - OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES - PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED - OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF - MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS - TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE - PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, - REPAIR OR CORRECTION. - . - 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING - WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR - REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, - INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING - OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED - TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY - YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER - PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE - POSSIBILITY OF SUCH DAMAGES. - . - END OF TERMS AND CONDITIONS - . - How to Apply These Terms to Your New Programs - . - If you develop a new program, and you want it to be of the greatest - possible use to the public, the best way to achieve this is to make it - free software which everyone can redistribute and change under these terms. - . - To do so, attach the following notices to the program. It is safest - to attach them to the start of each source file to most effectively - convey the exclusion of warranty; and each file should have at least - the "copyright" line and a pointer to where the full notice is found. - . - - Copyright (C) - . - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - . - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - . - You should have received a copy of the GNU General Public License along - with this program; if not, write to the Free Software Foundation, Inc., - 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - . - Also add information on how to contact you by electronic and paper mail. - . - If the program is interactive, make it output a short notice like this - when it starts in an interactive mode: - . - Gnomovision version 69, Copyright (C) year name of author - Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - . - The hypothetical commands `show w' and `show c' should show the appropriate - parts of the General Public License. Of course, the commands you use may - be called something other than `show w' and `show c'; they could even be - mouse-clicks or menu items--whatever suits your program. - . - You should also get your employer (if you work as a programmer) or your - school, if any, to sign a "copyright disclaimer" for the program, if - necessary. Here is a sample; alter the names: - . - Yoyodyne, Inc., hereby disclaims all copyright interest in the program - `Gnomovision' (which makes passes at compilers) written by James Hacker. - . - , 1 April 1989 - Ty Coon, President of Vice - . - This General Public License does not permit incorporating your program into - proprietary programs. If your program is a subroutine library, you may - consider it more useful to permit linking proprietary applications with the - library. If this is what you want to do, use the GNU Lesser General - Public License instead of this License. diff --git a/livepatch/kpatch/debian/deb_folder/kpatch-build.install b/livepatch/kpatch/debian/deb_folder/kpatch-build.install deleted file mode 100644 index 393985b61..000000000 --- a/livepatch/kpatch/debian/deb_folder/kpatch-build.install +++ /dev/null @@ -1,4 +0,0 @@ -usr/bin/* -usr/libexec/kpatch/* -usr/share/kpatch/* -usr/share/man/man1/kpatch-build.1* diff --git a/livepatch/kpatch/debian/deb_folder/kpatch.install b/livepatch/kpatch/debian/deb_folder/kpatch.install deleted file mode 100644 index e770ae0f8..000000000 --- a/livepatch/kpatch/debian/deb_folder/kpatch.install +++ /dev/null @@ -1,6 +0,0 @@ -usr/sbin/kpatch -usr/share/man/man1/kpatch.1* -usr/lib/systemd/system/kpatch.service lib/systemd/system/ -etc/init/kpatch.conf -etc/kpatch-load.conf -var/lib/kpatch/* diff --git a/livepatch/kpatch/debian/deb_folder/rules b/livepatch/kpatch/debian/deb_folder/rules deleted file mode 100755 index 4ce6c23e8..000000000 --- a/livepatch/kpatch/debian/deb_folder/rules +++ /dev/null @@ -1,26 +0,0 @@ -#!/usr/bin/make -f -# -# Copyright (c) 2022 Wind River Systems, Inc. -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. The ASF licenses this -# file to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -#export DH_VERBOSE = 1 - -%: - dh $@ - -override_dh_auto_install: - dh_auto_install -- PREFIX=/usr diff --git a/livepatch/kpatch/debian/deb_folder/source/format b/livepatch/kpatch/debian/deb_folder/source/format deleted file mode 100644 index 163aaf8d8..000000000 --- a/livepatch/kpatch/debian/deb_folder/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (quilt) diff --git a/livepatch/kpatch/debian/meta_data.yaml b/livepatch/kpatch/debian/meta_data.yaml deleted file mode 100644 index 6d351deae..000000000 --- a/livepatch/kpatch/debian/meta_data.yaml +++ /dev/null @@ -1,9 +0,0 @@ ---- -debver: 0.9.5-1 -dl_path: - name: kpatch.tar.gz - url: https://github.com/dynup/kpatch/archive/refs/tags/v0.9.5.tar.gz - md5sum: 0b0bf29ef3962ab2e1ac31b2b0e05181 -revision: - dist: $STX_DIST - PKG_GITREVCOUNT: true diff --git a/livepatch/kpatch/debian/patches/0001-kpatch-Support-for-WRCP.patch b/livepatch/kpatch/debian/patches/0001-kpatch-Support-for-WRCP.patch deleted file mode 100644 index c0c0d537b..000000000 --- a/livepatch/kpatch/debian/patches/0001-kpatch-Support-for-WRCP.patch +++ /dev/null @@ -1,190 +0,0 @@ -From 5637fee8b42fbe7eed1b4957c670e868c60ed24c Mon Sep 17 00:00:00 2001 -From: Zhixiong Chi -Date: Wed, 6 Apr 2022 11:18:07 +0800 -Subject: [PATCH] kpatch: Support for WRCP - -Adjust the kpatch-build workflow for WRCP platform, and add the example -patch for livepatch function for WRCP. - -Signed-off-by: Zhixiong Chi ---- - Makefile | 2 +- - Makefile.inc | 1 + - contrib/kpatch.service | 1 + - kpatch-build/kpatch-build | 28 ++++++++++++++++++---- - kpatch/Makefile | 1 + - kpatch/kpatch | 3 ++- - test/Makefile | 12 ++++++++++ - test/integration/wrcp/meminfo-string.patch | 11 +++++++++ - 8 files changed, 53 insertions(+), 6 deletions(-) - create mode 100644 test/Makefile - create mode 100644 test/integration/wrcp/meminfo-string.patch - -diff --git a/Makefile b/Makefile -index 1153492..1f0e921 100644 ---- a/Makefile -+++ b/Makefile -@@ -1,6 +1,6 @@ - include Makefile.inc - --SUBDIRS = kpatch-build kpatch kmod man contrib -+SUBDIRS = kpatch-build kpatch kmod man contrib test - BUILD_DIRS = $(SUBDIRS:%=build-%) - INSTALL_DIRS = $(SUBDIRS:%=install-%) - UNINSTALL_DIRS = $(SUBDIRS:%=uninstall-%) -diff --git a/Makefile.inc b/Makefile.inc -index 15049f3..259127c 100644 ---- a/Makefile.inc -+++ b/Makefile.inc -@@ -16,6 +16,7 @@ DATADIR = $(DESTDIR)$(PREFIX)/share/kpatch - MANDIR = $(DESTDIR)$(PREFIX)/share/man/man1 - SYSTEMDDIR = $(DESTDIR)$(PREFIX)/lib/systemd/system - UPSTARTDIR = $(DESTDIR)/etc/init -+LOCALSTATEDIR = $(DESTDIR)/var - - .PHONY: all install clean - .DEFAULT: all -diff --git a/contrib/kpatch.service b/contrib/kpatch.service -index 6240256..ede0382 100644 ---- a/contrib/kpatch.service -+++ b/contrib/kpatch.service -@@ -8,6 +8,7 @@ Wants=network-pre.target - Type=oneshot - RemainAfterExit=yes - ExecStart=PREFIX/sbin/kpatch load --all -+ExecStop=PREFIX/sbin/kpatch unload --all - - [Install] - WantedBy=multi-user.target -diff --git a/kpatch-build/kpatch-build b/kpatch-build/kpatch-build -index eedf383..0cabe74 100755 ---- a/kpatch-build/kpatch-build -+++ b/kpatch-build/kpatch-build -@@ -48,6 +48,7 @@ TEMPDIR="$CACHEDIR/tmp" - ENVFILE="$TEMPDIR/kpatch-build.env" - LOGFILE="$CACHEDIR/build.log" - RELEASE_FILE=/etc/os-release -+LINUXSRCDIR=/usr/src - DEBUG=0 - SKIPCLEANUP=0 - SKIPCOMPILERCHECK=0 -@@ -741,6 +742,7 @@ if [[ -n "$USERSRCDIR" ]]; then - elif [[ -e "$SRCDIR"/.config ]] && [[ -e "$VERSIONFILE" ]] && [[ "$(cat "$VERSIONFILE")" = "$ARCHVERSION" ]]; then - echo "Using cache at $SRCDIR" - -+ - else - if [[ "$DISTRO" = fedora ]] || [[ "$DISTRO" = rhel ]] || [[ "$DISTRO" = ol ]] || [[ "$DISTRO" = centos ]]; then - -@@ -793,7 +795,7 @@ else - - # url may be changed for a different mirror - url="http://ftp.debian.org/debian/pool/main/l" -- sublevel="SUBLEVEL =" -+ sublevel="SUBLEVEL = 0" - fi - - pkgname="$(dpkg-query -W -f='${Source}' "linux-image-$ARCHVERSION" | sed s/-signed//)" -@@ -805,9 +807,25 @@ else - cd "$TEMPDIR" || die - echo "Downloading and unpacking the kernel source for $ARCHVERSION" - # Download source deb pkg -- (dget -u "$url/${pkgname}/${dscname}" 2>&1) | logger || die "dget: Could not fetch/unpack $url/${pkgname}/${dscname}" -- mv "${pkgname}-$KVER" "$SRCDIR" || die -- [[ -z "$CONFIGFILE" ]] && CONFIGFILE="/boot/config-${ARCHVERSION}" -+ # (dget -u "$url/${pkgname}/${dscname}" 2>&1) | logger || die "dget: Could not fetch/unpack $url/${pkgname}/${dscname}" -+ # mv "${pkgname}-$KVER" "$SRCDIR" || die -+ -+ # Since the linux-yocto kernel version is used for wrcp project now, so need to ensure the linux-source package had -+ # already been installed. We don't dowanload the kernel source from the debian any more. -+ KSRCVER="${KVER%.*}" -+ KSRCNAME="$LINUXSRCDIR/linux-source-$KSRCVER.tar.xz" -+ if [[ -e "$KSRCNAME" ]]; then -+ tar xvf $KSRCNAME -+ mv "linux-source-$KSRCVER" "$SRCDIR" || die -+ fi -+ # Due to the ostree mechanism, we need add the prefix for kernel config here -+ CMDLINE="$(cat /proc/cmdline)" -+ TMP_PREFIX_CONFIG="${CMDLINE##*ostree=}" -+ PREFIX_CONFIG="${TMP_PREFIX_CONFIG%% *}" -+ [[ -z "$CONFIGFILE" ]] && CONFIGFILE="$PREFIX_CONFIG/boot/config-${ARCHVERSION}" -+ cp "$CONFIGFILE" "$SRCDIR/.config" || die -+ CONFIGFILE="$SRCDIR/.config" -+ - if [[ "$ARCHVERSION" == *-* ]]; then - echo "-${ARCHVERSION#*-}" > "$SRCDIR/localversion" || die - fi -@@ -869,6 +886,9 @@ else - KBUILD_EXTRA_SYMBOLS="$SYMVERSFILE" - fi - -+# Fix the module signing configuration to work for building kernels. -+sed -i '/CONFIG_\(MODULE_SIG_\(ALL\|KEY\)\|SYSTEM_TRUSTED_KEYS\)[ =]/d' "$CONFIGFILE" || die -+ - # optional kernel configs: - grep -q "CONFIG_PARAVIRT=y" "$CONFIGFILE" && CONFIG_PARAVIRT=1 - grep -q "CONFIG_UNWINDER_ORC=y" "$CONFIGFILE" && CONFIG_UNWINDER_ORC=1 -diff --git a/kpatch/Makefile b/kpatch/Makefile -index 448968f..067792a 100644 ---- a/kpatch/Makefile -+++ b/kpatch/Makefile -@@ -5,6 +5,7 @@ all: - install: all - $(INSTALL) -d $(SBINDIR) - $(INSTALL) kpatch $(SBINDIR) -+ $(INSTALL) -d $(LOCALSTATEDIR)/lib/kpatch - - uninstall: - $(RM) $(SBINDIR)/kpatch -diff --git a/kpatch/kpatch b/kpatch/kpatch -index 7fecb23..e4624f5 100755 ---- a/kpatch/kpatch -+++ b/kpatch/kpatch -@@ -584,7 +584,8 @@ case "$1" in - echo "uninstalling $PATCH ($KVER)" - rm -f "$MODULE" || die "failed to uninstall module $PATCH" - rmdir --ignore-fail-on-non-empty "$INSTALLDIR/$KVER" || die "failed to remove directory $INSTALLDIR/$KVER" -- rmdir --ignore-fail-on-non-empty "$INSTALLDIR" || die "failed to remove directory $INSTALLDIR" -+ # keep $INSTALLDIR directory for kpatch test build. -+ # rmdir --ignore-fail-on-non-empty "$INSTALLDIR" || die "failed to remove directory $INSTALLDIR" - - ;; - -diff --git a/test/Makefile b/test/Makefile -new file mode 100644 -index 0000000..4ab6b23 ---- /dev/null -+++ b/test/Makefile -@@ -0,0 +1,12 @@ -+include ../Makefile.inc -+ -+all: -+ -+install: all -+ $(INSTALL) -d $(LOCALSTATEDIR)/lib/kpatch/test -+ $(INSTALL) integration/wrcp/*.patch $(LOCALSTATEDIR)/lib/kpatch/test -+ -+uninstall: -+ $(RM) $(LOCALSTATEDIR)/lib/kpatch/test/*.patch -+ -+clean: -diff --git a/test/integration/wrcp/meminfo-string.patch b/test/integration/wrcp/meminfo-string.patch -new file mode 100644 -index 0000000..5047a2e ---- /dev/null -+++ b/test/integration/wrcp/meminfo-string.patch -@@ -0,0 +1,11 @@ -+--- src.orig/fs/proc/meminfo.c 2021-10-19 03:09:04.000000000 +0000 -++++ src/fs/proc/meminfo.c 2022-03-22 10:21:30.686845582 +0000 -+@@ -119,7 +119,7 @@ -+ seq_printf(m, "VmallocTotal: %8lu kB\n", -+ (unsigned long)VMALLOC_TOTAL >> 10); -+ show_val_kb(m, "VmallocUsed: ", vmalloc_nr_pages()); -+- show_val_kb(m, "VmallocChunk: ", 0ul); -++ show_val_kb(m, "VMALLOCChunk: ", 0ul); -+ show_val_kb(m, "Percpu: ", pcpu_nr_pages()); -+ -+ #ifdef CONFIG_MEMORY_FAILURE --- -2.25.1 - diff --git a/livepatch/kpatch/debian/patches/0002-kpatch-Add-the-signature-for-livepatch-kernel-module.patch b/livepatch/kpatch/debian/patches/0002-kpatch-Add-the-signature-for-livepatch-kernel-module.patch deleted file mode 100644 index 5cd15e840..000000000 --- a/livepatch/kpatch/debian/patches/0002-kpatch-Add-the-signature-for-livepatch-kernel-module.patch +++ /dev/null @@ -1,138 +0,0 @@ -From 92337a56eaee72228a73846a65660cae1c98cc88 Mon Sep 17 00:00:00 2001 -From: Zhixiong Chi -Date: Thu, 5 May 2022 02:41:42 -0700 -Subject: [PATCH] kpatch: Add the signature for livepatch kernel modules - -As the commit [https://review.opendev.org/c/starlingx/kernel/+/838284] -shows, once lockdown feature for secure boot was enabled, the unsigned -kernel modules' loading will fail with the error 'Operation not permitted'. -For livepatched kernel module we also need to sign the module so that we -can insmod the module successfully when the command 'kpatch load xxx.ko' -or 'systemctl start kpatch.service' is executed. - -Add '-k/--keydir' to support the customzied pubkey/privkey pairs. - -Drop some unused variables for starlingx platform. - -Signed-off-by: Zhixiong Chi ---- - kpatch-build/kpatch-build | 54 ++++++++++++++++++++++++++------------- - 1 file changed, 36 insertions(+), 18 deletions(-) - -diff --git a/kpatch-build/kpatch-build b/kpatch-build/kpatch-build -index 3c721ea..8a9fa03 100755 ---- a/kpatch-build/kpatch-build -+++ b/kpatch-build/kpatch-build -@@ -49,6 +49,11 @@ ENVFILE="$TEMPDIR/kpatch-build.env" - LOGFILE="$CACHEDIR/build.log" - RELEASE_FILE=/etc/os-release - LINUXSRCDIR=/usr/src -+KVERSION=$(uname -r) -+KEYDIR="${LINUXSRCDIR}/kernels/${KVERSION}" -+SIGNTOOLDIR=(/usr/lib/linux*-kbuild-*/scripts) -+SIGNTOOL="sign-file" -+SIGHASH="sha256" - DEBUG=0 - SKIPCLEANUP=0 - SKIPCOMPILERCHECK=0 -@@ -523,6 +528,19 @@ module_name_string() { - echo "${1//[^a-zA-Z0-9_-]/-}" | cut -c 1-48 - } - -+# Sign the generated livepatched kernel module -+sign_module() { -+ local module=${1} -+ PRIVKEY="${KEYDIR}/signing_key.pem" -+ PUBKEY="${KEYDIR}/signing_key.x509" -+ SIGNTOOL_ABSPATH=$(find "${SIGNTOOLDIR[@]}" -name "${SIGNTOOL}") -+ [[ ! -e "${SIGNTOOL_ABSPATH}" ]] && die "can't find ${SIGNTOOL}." -+ [[ ! -e "${PRIVKEY}" ]] && die "can't find privkey ${PRIVKEY}." -+ [[ ! -e "${PUBKEY}" ]] && die "can't find publickey ${PUBKEY}." -+ -+ "${SIGNTOOL_ABSPATH}" "${SIGHASH}" "${PRIVKEY}" "${PUBKEY}" "${module}" || die "Sign module ${module} failed!" -+} -+ - usage() { - echo "usage: $(basename "$0") [options] " >&2 - echo " patchN Input patchfile(s)" >&2 -@@ -547,7 +565,7 @@ usage() { - echo " (not recommended)" >&2 - } - --options="$(getopt -o ha:r:s:c:v:j:t:n:o:de:R -l "help,archversion:,sourcerpm:,sourcedir:,config:,vmlinux:,jobs:,target:,name:,output:,oot-module:,debug,skip-gcc-check,skip-compiler-check,skip-cleanup,non-replace" -- "$@")" || die "getopt failed" -+options="$(getopt -o ha:r:s:c:v:j:t:n:o:k:de:R -l "help,archversion:,sourcerpm:,sourcedir:,config:,vmlinux:,jobs:,target:,name:,output:,keydir:,oot-module:,debug,skip-gcc-check,skip-compiler-check,skip-cleanup,non-replace" -- "$@")" || die "getopt failed" - - eval set -- "$options" - -@@ -599,6 +617,11 @@ while [[ $# -gt 0 ]]; do - BASE="$(readlink -f "$2")" - shift - ;; -+ -k|--keydir) -+ [[ ! -d "$2" ]] && die "keydir '$2' not found" -+ KEYDIR="$(readlink -f "$2")" -+ shift -+ ;; - -d|--debug) - DEBUG=$((DEBUG + 1)) - if [[ $DEBUG -eq 1 ]]; then -@@ -785,22 +808,7 @@ else - - echo "Debian/Ubuntu distribution detected" - -- if [[ "$DISTRO" = ubuntu ]]; then -- -- # url may be changed for a different mirror -- url="http://archive.ubuntu.com/ubuntu/pool/main/l" -- sublevel="SUBLEVEL = 0" -- -- elif [[ "$DISTRO" = debian ]]; then -- -- # url may be changed for a different mirror -- url="http://ftp.debian.org/debian/pool/main/l" -- sublevel="SUBLEVEL = 0" -- fi -- -- pkgname="$(dpkg-query -W -f='${Source}' "linux-image-$ARCHVERSION" | sed s/-signed//)" -- pkgver="$(dpkg-query -W -f='${Version}' "linux-image-$ARCHVERSION")" -- dscname="${pkgname}_${pkgver}.dsc" -+ sublevel="SUBLEVEL = 0" - - clean_cache - -@@ -815,7 +823,7 @@ else - KSRCVER="${KVER%.*}" - KSRCNAME="$LINUXSRCDIR/linux-source-$KSRCVER.tar.xz" - if [[ -e "$KSRCNAME" ]]; then -- tar xvf $KSRCNAME -+ tar xvf "${KSRCNAME}" 2>&1 | logger || die - mv "linux-source-$KSRCVER" "$SRCDIR" || die - fi - # Due to the ostree mechanism, we need add the prefix for kernel config here -@@ -977,6 +985,14 @@ else - MAKEVARS+=("LD=${KPATCH_CC_PREFIX}ld") - fi - -+# Adjust the kconfig -+KCONFIGACK="" -+KCONFIGCOUNT=$(make listnewconfig | wc -l) -+while [[ "${KCONFIGCOUNT}" -gt 0 ]]; do -+ KCONFIGACK=${KCONFIGACK}"\n" -+ let KCONFIGCOUNT-- -+done -+echo -e "${KCONFIGACK}" | make -f ./Makefile syncconfig 2>&1 | logger || die - - # $TARGETS used as list, no quotes. - # shellcheck disable=SC2086 -@@ -1257,6 +1273,8 @@ UNDEFINED=$(comm -23 <(sort -u "${TEMPDIR}"/undefined_references) \ - - cp -f "$TEMPDIR/patch/$MODNAME.ko" "$BASE" || die - -+sign_module "${BASE}/${MODNAME}.ko" | logger -+ - [[ "$DEBUG" -eq 0 && "$SKIPCLEANUP" -eq 0 ]] && rm -f "$LOGFILE" - - echo "SUCCESS" --- -2.34.1 - diff --git a/livepatch/kpatch/debian/patches/0003-kpatch-Adjust-the-kpatch-build-to-support-the-multik.patch b/livepatch/kpatch/debian/patches/0003-kpatch-Adjust-the-kpatch-build-to-support-the-multik.patch deleted file mode 100644 index 4107996b4..000000000 --- a/livepatch/kpatch/debian/patches/0003-kpatch-Adjust-the-kpatch-build-to-support-the-multik.patch +++ /dev/null @@ -1,87 +0,0 @@ -From 713fd23d83514ef609bd216d6649ac29a606a83e Mon Sep 17 00:00:00 2001 -From: Zhixiong Chi -Date: Mon, 13 Jun 2022 23:16:59 -0700 -Subject: [PATCH] kpatch: Adjust the kpatch-build to support the multikernel - -With multikernel support, both the std and rt kernel packages are installed -into the image. This causes confusion in locating the relevant tools or the -source for the kernel type. -Adjust the variables to get the correct tools and source locations. - -Signed-off-by: Zhixiong Chi ---- - kpatch-build/kpatch-build | 23 +++++++++++++++-------- - 1 file changed, 15 insertions(+), 8 deletions(-) - -diff --git a/kpatch-build/kpatch-build b/kpatch-build/kpatch-build -index 8a9fa03..af91f5e 100755 ---- a/kpatch-build/kpatch-build -+++ b/kpatch-build/kpatch-build -@@ -41,17 +41,14 @@ SCRIPTDIR="$(readlink -f "$(dirname "$(type -p "$0")")")" - ARCH="$(uname -m)" - CPUS="$(getconf _NPROCESSORS_ONLN)" - CACHEDIR="${CACHEDIR:-$HOME/.kpatch}" --SRCDIR="$CACHEDIR/src" - RPMTOPDIR="$CACHEDIR/buildroot" - VERSIONFILE="$CACHEDIR/version" - TEMPDIR="$CACHEDIR/tmp" - ENVFILE="$TEMPDIR/kpatch-build.env" - LOGFILE="$CACHEDIR/build.log" - RELEASE_FILE=/etc/os-release -+KERNELTYPE= - LINUXSRCDIR=/usr/src --KVERSION=$(uname -r) --KEYDIR="${LINUXSRCDIR}/kernels/${KVERSION}" --SIGNTOOLDIR=(/usr/lib/linux*-kbuild-*/scripts) - SIGNTOOL="sign-file" - SIGHASH="sha256" - DEBUG=0 -@@ -711,6 +708,13 @@ fi - - [[ -z "$ARCHVERSION" ]] && ARCHVERSION="$(uname -r)" - -+[[ "$ARCHVERSION" =~ rt ]] && KERNELTYPE="-rt" -+ -+LINUXTYPE="linux${KERNELTYPE}" -+SIGNTOOLDIR=(/usr/lib/${LINUXTYPE}-kbuild-*/scripts) -+SRCDIR="${CACHEDIR}/${LINUXTYPE}-src" -+KEYDIR="${LINUXSRCDIR}/kernels/${ARCHVERSION}" -+ - [[ "$SKIPCLEANUP" -eq 0 ]] && trap cleanup EXIT INT TERM HUP - - KVER="${ARCHVERSION%%-*}" -@@ -821,10 +825,10 @@ else - # Since the linux-yocto kernel version is used for wrcp project now, so need to ensure the linux-source package had - # already been installed. We don't dowanload the kernel source from the debian any more. - KSRCVER="${KVER%.*}" -- KSRCNAME="$LINUXSRCDIR/linux-source-$KSRCVER.tar.xz" -- if [[ -e "$KSRCNAME" ]]; then -+ KSRCNAME="${LINUXSRCDIR}/${LINUXTYPE}-source-${KSRCVER}.tar.xz" -+ if [[ -e "${KSRCNAME}" ]]; then - tar xvf "${KSRCNAME}" 2>&1 | logger || die -- mv "linux-source-$KSRCVER" "$SRCDIR" || die -+ mv "${LINUXTYPE}-source-${KSRCVER}" "${SRCDIR}" || die - fi - # Due to the ostree mechanism, we need add the prefix for kernel config here - CMDLINE="$(cat /proc/cmdline)" -@@ -835,7 +839,7 @@ else - CONFIGFILE="$SRCDIR/.config" - - if [[ "$ARCHVERSION" == *-* ]]; then -- echo "-${ARCHVERSION#*-}" > "$SRCDIR/localversion" || die -+ echo "-${ARCHVERSION#*-}" > "$SRCDIR/localversion${KERNELTYPE}" || die - fi - # for some reason the Ubuntu kernel versions don't follow the - # upstream SUBLEVEL; they are always at SUBLEVEL 0 -@@ -1076,6 +1080,8 @@ if [[ -z "$MODNAME" ]] ; then - MODNAME="kpatch-$MODNAME" - fi - -+ [[ "$KERNELTYPE" == "-rt" ]] && MODNAME="rt-${MODNAME}" -+ - MODNAME="$(module_name_string "$MODNAME")" - fi - FILES="$(cat "$TEMPDIR/changed_objs")" --- -2.34.1 - diff --git a/livepatch/kpatch/debian/patches/0004-kpatch-Fix-the-build-failure-when-the-cache-src-dire.patch b/livepatch/kpatch/debian/patches/0004-kpatch-Fix-the-build-failure-when-the-cache-src-dire.patch deleted file mode 100644 index 08943e1b3..000000000 --- a/livepatch/kpatch/debian/patches/0004-kpatch-Fix-the-build-failure-when-the-cache-src-dire.patch +++ /dev/null @@ -1,38 +0,0 @@ -From 3454f6871ee7a7dd1c04249edf2598f144339440 Mon Sep 17 00:00:00 2001 -From: Zhixiong Chi -Date: Tue, 9 Aug 2022 01:45:28 -0700 -Subject: [PATCH] kpatch: Fix build failure when cache src directory is used - -When the -c option is used (eg: kpatch-prebuilt) for building more -than one livepatch issue, the download linux source step will be -skipped and cache src directory will be used. -We correct the CONFIGFILE variable after the file is copied. - -Signed-off-by: Zhixiong Chi ---- - kpatch-build/kpatch-build | 9 +++++---- - 1 file changed, 5 insertions(+), 4 deletions(-) - -diff --git a/kpatch-build/kpatch-build b/kpatch-build/kpatch-build -index eb8a1e0..9da45d1 100755 ---- a/kpatch-build/kpatch-build -+++ b/kpatch-build/kpatch-build -@@ -851,10 +851,11 @@ else - fi - fi - --[[ -z "$CONFIGFILE" ]] && CONFIGFILE="$SRCDIR"/.config --[[ ! -e "$CONFIGFILE" ]] && die "can't find config file" --if [[ ! "$CONFIGFILE" -ef "$SRCDIR"/.config ]] ; then -- cp -f "$CONFIGFILE" "$SRCDIR/.config" || die -+[[ -z "${CONFIGFILE}" ]] && CONFIGFILE="${SRCDIR}"/.config -+[[ ! -e "${CONFIGFILE}" ]] && die "Can't find config file ${CONFIGFILE}" -+if [[ ! "${CONFIGFILE}" -ef "${SRCDIR}"/.config ]] ; then -+ cp -f "${CONFIGFILE}" "${SRCDIR}/.config" || die "Copy ${CONFIGFILE} failed" -+ CONFIGFILE="${SRCDIR}/.config" - fi - - # kernel option checking --- -2.34.1 - diff --git a/livepatch/kpatch/debian/patches/0005-kpatch-Support-the-customized-order-for-module-load.patch b/livepatch/kpatch/debian/patches/0005-kpatch-Support-the-customized-order-for-module-load.patch deleted file mode 100644 index 1f99f99a2..000000000 --- a/livepatch/kpatch/debian/patches/0005-kpatch-Support-the-customized-order-for-module-load.patch +++ /dev/null @@ -1,159 +0,0 @@ -From 458e83d02810ee2697b509bf4ea30c570a5151ed Mon Sep 17 00:00:00 2001 -From: Zhixiong Chi -Date: Wed, 26 Oct 2022 00:58:41 -0700 -Subject: [PATCH] kpatch: Support the customized order for module load - -With adding the configfile, now we can use customized order to load -the livepatched kernel modules instead of the original alphabetical -order when the command 'kpatch load --all' is executed. - -If the configfile is empty, then the behavior is still to load the -module as the original style(alphabetical order). - -The first column in the config file is the module to be loaded. -The second column is the dependency which must be loaded first, and -it can be ignored if the dependency is null. - -Signed-off-by: Zhixiong Chi ---- - Makefile.inc | 1 + - contrib/Makefile | 3 ++ - contrib/kpatch-load.conf | 5 ++++ - kpatch/kpatch | 59 ++++++++++++++++++++++++++++++++++++---- - 4 files changed, 63 insertions(+), 5 deletions(-) - create mode 100644 contrib/kpatch-load.conf - -diff --git a/Makefile.inc b/Makefile.inc -index 259127c..8280182 100644 ---- a/Makefile.inc -+++ b/Makefile.inc -@@ -15,6 +15,7 @@ LIBEXECDIR = $(DESTDIR)$(PREFIX)/$(LIBEXEC)/kpatch - DATADIR = $(DESTDIR)$(PREFIX)/share/kpatch - MANDIR = $(DESTDIR)$(PREFIX)/share/man/man1 - SYSTEMDDIR = $(DESTDIR)$(PREFIX)/lib/systemd/system -+SYSCONFDIR = $(DESTDIR)/etc - UPSTARTDIR = $(DESTDIR)/etc/init - LOCALSTATEDIR = $(DESTDIR)/var - -diff --git a/contrib/Makefile b/contrib/Makefile -index 0b0eeeb..1e43b39 100644 ---- a/contrib/Makefile -+++ b/contrib/Makefile -@@ -9,9 +9,12 @@ install: all - $(INSTALL) -d $(UPSTARTDIR) - $(INSTALL) -m 0644 kpatch.conf $(UPSTARTDIR) - sed -i 's~PREFIX~$(PREFIX)~' $(UPSTARTDIR)/kpatch.conf -+ $(INSTALL) -d $(SYSCONFDIR) -+ $(INSTALL) -m 0644 kpatch-load.conf $(SYSCONFDIR) - - uninstall: - $(RM) $(SYSTEMDDIR)/kpatch.service - $(RM) $(UPSTARTDIR)/kpatch.conf -+ $(RM) $(SYSCONFDIR)/kpatch-load.conf - - clean: -diff --git a/contrib/kpatch-load.conf b/contrib/kpatch-load.conf -new file mode 100644 -index 0000000..fdaebb0 ---- /dev/null -+++ b/contrib/kpatch-load.conf -@@ -0,0 +1,5 @@ -+# Please write the whole filename including .ko -+# InstallMod Dependmod1,Dependmod2 -+# eg: abc.ko -+# eg: abc.ko def.ko -+# eg: abc.ko def.ko,ghi.ko -diff --git a/kpatch/kpatch b/kpatch/kpatch -index e4624f5..4b65892 100755 ---- a/kpatch/kpatch -+++ b/kpatch/kpatch -@@ -23,7 +23,8 @@ - # This is the kpatch user script that manages installing, loading, and - # displaying information about kernel patch modules installed on the system. - --INSTALLDIR=/var/lib/kpatch -+INSTALLDIR="/var/lib/kpatch" -+CONFIGFILE="/etc/kpatch-load.conf" - SCRIPTDIR="$(readlink -f "$(dirname "$(type -p "$0")")")" - VERSION="0.9.5" - POST_ENABLE_WAIT=15 # seconds -@@ -67,6 +68,15 @@ warn() { - echo "kpatch: $*" >&2 - } - -+warn_load() { -+ local tty_specific_colour_on tty_specific_colour_off -+ if [[ -t 2 ]] ; then -+ tty_specific_colour_on=$'\033[1;33m' -+ tty_specific_colour_off=$'\033[0m' -+ fi -+ echo "${tty_specific_colour_on}kpatch: $*${tty_specific_colour_off}" >&2 -+} -+ - die() { - warn "$@" - exit 1 -@@ -443,6 +453,18 @@ get_module_version() { - MODVER="${MODVER/ */}" - } - -+is_installed() { -+ local RDEPS=$1 -+ for item in "${RDEPS[@]}"; do -+ item="${item%*.ko}" -+ if ! lsmod | awk '{print $1}' | grep -q "${item//-/_}"; then -+ warn_load "Module Dependency: ${item} Is Not Loaded!" -+ return 1 -+ fi -+ done -+ return 0 -+} -+ - unset MODULE - - # Initialize the $SYSFS var. This only works if the core module has been -@@ -456,10 +478,37 @@ case "$1" in - [[ "$#" -ne 2 ]] && usage - case "$2" in - "--all") -- for i in "$INSTALLDIR/$(uname -r)"/*.ko; do -- [[ -e "$i" ]] || continue -- load_module "$i" || die "failed to load module $i" -- done -+ [[ -e "${CONFIGFILE}" ]] || die "Kpatch modules load configfile ${CONFIGFILE} could NOT be found!" -+ if [[ -n $(awk '{if(!NF || /^#/){next}}1' "${CONFIGFILE}") ]]; then -+ awk '{if(!NF || /^#/){next}}1' "${CONFIGFILE}" | while read -r line; do -+ INSTALLMOD=${line%% *} -+ RDEPSMODS=${line#*.ko} -+ RDEPS_ARRAY=$(echo "${RDEPSMODS}" | tr ',' ' ') -+ -+ if [[ "${INSTALLMOD: -3}" != ".ko" ]]; then -+ warn_load "Module ${INSTALLMOD} missing .ko filename suffix" -+ continue -+ fi -+ -+ if [[ ! -e "${INSTALLDIR}/$(uname -r)/${INSTALLMOD}" ]]; then -+ warn_load "Skipping ${INSTALLMOD}, cannot find it in ${INSTALLDIR}/$(uname -r)/" -+ continue -+ fi -+ -+ if [[ "${RDEPS_ARRAY}" ]] && ! is_installed "${RDEPS_ARRAY}"; then -+ warn_load "Skipping load of ${INSTALLMOD} due to missing dependency module(s)" -+ continue -+ fi -+ -+ MOD_FULLPATH="${INSTALLDIR}/$(uname -r)/${INSTALLMOD}" -+ load_module "${MOD_FULLPATH}" || die "Failed to load module ${MOD_FULLPATH}" -+ done -+ else -+ for i in "${INSTALLDIR}/$(uname -r)"/*.ko; do -+ [[ -e "${i}" ]] || continue -+ load_module "${i}" || die "Failed to load module ${i}" -+ done -+ fi - ;; - *) - PATCH="$2" --- -2.25.1 - diff --git a/livepatch/kpatch/debian/patches/0006-kpatch-Allowing-passing-in-KEYDIR-and-SRCDIR.patch b/livepatch/kpatch/debian/patches/0006-kpatch-Allowing-passing-in-KEYDIR-and-SRCDIR.patch deleted file mode 100644 index d9d170a38..000000000 --- a/livepatch/kpatch/debian/patches/0006-kpatch-Allowing-passing-in-KEYDIR-and-SRCDIR.patch +++ /dev/null @@ -1,33 +0,0 @@ -From a300c15748a84df03d8a6d6f4fd306e00955e885 Mon Sep 17 00:00:00 2001 -From: Zhixiong Chi -Date: Tue, 13 Dec 2022 17:14:51 +0800 -Subject: [PATCH] kpatch: Allowing passing in KEYDIR and SRCDIR - -When the '-k/--keydir' option is used, the variable KEYDIR will -still be the fixed value. Allow the customized value for KEYDIR -to be passed. -It's the same as '-s/--sourcedir' option and the variable SRCDIR. - -Signed-off-by: Zhixiong Chi ---- - kpatch-build/kpatch-build | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/kpatch-build/kpatch-build b/kpatch-build/kpatch-build -index 45a9757..1f66901 100755 ---- a/kpatch-build/kpatch-build -+++ b/kpatch-build/kpatch-build -@@ -712,8 +712,8 @@ fi - - LINUXTYPE="linux${KERNELTYPE}" - SIGNTOOLDIR=(/usr/lib/${LINUXTYPE}-kbuild-*/scripts) --SRCDIR="${CACHEDIR}/${LINUXTYPE}-src" --KEYDIR="${LINUXSRCDIR}/kernels/${ARCHVERSION}" -+[[ -z "${SRCDIR}" ]] && SRCDIR="${CACHEDIR}/${LINUXTYPE}-src" -+[[ -z "${KEYDIR}" ]] && KEYDIR="${LINUXSRCDIR}/kernels/${ARCHVERSION}" - - [[ "$SKIPCLEANUP" -eq 0 ]] && trap cleanup EXIT INT TERM HUP - --- -2.25.1 - diff --git a/livepatch/kpatch/debian/patches/series b/livepatch/kpatch/debian/patches/series deleted file mode 100644 index 4c1f236ae..000000000 --- a/livepatch/kpatch/debian/patches/series +++ /dev/null @@ -1,6 +0,0 @@ -0001-kpatch-Support-for-WRCP.patch -0002-kpatch-Add-the-signature-for-livepatch-kernel-module.patch -0003-kpatch-Adjust-the-kpatch-build-to-support-the-multik.patch -0004-kpatch-Fix-the-build-failure-when-the-cache-src-dire.patch -0005-kpatch-Support-the-customized-order-for-module-load.patch -0006-kpatch-Allowing-passing-in-KEYDIR-and-SRCDIR.patch