From 243a636f7b8a79a2f3e5460746a769344d100883 Mon Sep 17 00:00:00 2001 From: CBL-Mariner Servicing Account Date: Tue, 7 Jan 2025 09:14:46 +0000 Subject: [PATCH 1/4] Kernel upgrade to 6.6.64.2 version --- .../kernel-64k-signed/kernel-64k-signed.spec | 7 +++++-- SPECS-SIGNED/kernel-signed/kernel-signed.spec | 7 +++++-- .../kernel-uki-signed/kernel-uki-signed.spec | 7 +++++-- .../hyperv-daemons.signatures.json | 2 +- SPECS/hyperv-daemons/hyperv-daemons.spec | 5 ++++- SPECS/kernel-64k/config_aarch64 | 2 +- SPECS/kernel-64k/kernel-64k.signatures.json | 4 ++-- SPECS/kernel-64k/kernel-64k.spec | 7 +++++-- .../kernel-headers.signatures.json | 2 +- SPECS/kernel-headers/kernel-headers.spec | 7 +++++-- SPECS/kernel/config | 2 +- SPECS/kernel/config_aarch64 | 2 +- SPECS/kernel/kernel-uki.spec | 7 +++++-- SPECS/kernel/kernel.signatures.json | 6 +++--- SPECS/kernel/kernel.spec | 7 +++++-- cgmanifest.json | 16 ++++++++-------- .../manifests/package/pkggen_core_aarch64.txt | 2 +- .../manifests/package/pkggen_core_x86_64.txt | 2 +- .../manifests/package/toolchain_aarch64.txt | 2 +- .../manifests/package/toolchain_x86_64.txt | 4 ++-- toolkit/scripts/toolchain/container/Dockerfile | 2 +- .../toolchain/container/toolchain-sha256sums | 2 +- .../container/toolchain_build_temp_tools.sh | 2 +- 23 files changed, 65 insertions(+), 41 deletions(-) diff --git a/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec b/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec index 993e94dfb6f..604181a1731 100644 --- a/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec +++ b/SPECS-SIGNED/kernel-64k-signed/kernel-64k-signed.spec @@ -6,8 +6,8 @@ %define uname_r %{version}-%{release} Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-64k-signed-%{buildarch} -Version: 6.6.57.1 -Release: 7%{?dist} +Version: 6.6.64.2 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -105,6 +105,9 @@ echo "initrd of kernel %{uname_r} removed" >&2 %exclude /module_info.ld %changelog +* Tue Jan 07 2025 CBL-Mariner Servicing Account - 6.6.64.2-1 +- Auto-upgrade to 6.6.64.2 + * Sun Dec 22 2024 Ankita Pareek - 6.6.57.1-7 - Bump release to match kernel diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec index 51bf71bb822..954afb3e3b1 100644 --- a/SPECS-SIGNED/kernel-signed/kernel-signed.spec +++ b/SPECS-SIGNED/kernel-signed/kernel-signed.spec @@ -9,8 +9,8 @@ %define uname_r %{version}-%{release} Summary: Signed Linux Kernel for %{buildarch} systems Name: kernel-signed-%{buildarch} -Version: 6.6.57.1 -Release: 7%{?dist} +Version: 6.6.64.2 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -145,6 +145,9 @@ echo "initrd of kernel %{uname_r} removed" >&2 %exclude /module_info.ld %changelog +* Tue Jan 07 2025 CBL-Mariner Servicing Account - 6.6.64.2-1 +- Auto-upgrade to 6.6.64.2 + * Sun Dec 22 2024 Ankita Pareek - 6.6.57.1-7 - Bump release to match kernel diff --git a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec index bcf7c0c4cb1..b52401d7321 100644 --- a/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec +++ b/SPECS-SIGNED/kernel-uki-signed/kernel-uki-signed.spec @@ -5,8 +5,8 @@ %define kernelver %{version}-%{release} Summary: Signed Unified Kernel Image for %{buildarch} systems Name: kernel-uki-signed-%{buildarch} -Version: 6.6.57.1 -Release: 7%{?dist} +Version: 6.6.64.2 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -68,6 +68,9 @@ popd /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi %changelog +* Tue Jan 07 2025 CBL-Mariner Servicing Account - 6.6.64.2-1 +- Auto-upgrade to 6.6.64.2 + * Sun Dec 22 2024 Ankita Pareek - 6.6.57.1-7 - Bump release to match kernel diff --git a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json index de83d61ba93..549c12df7b4 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.signatures.json +++ b/SPECS/hyperv-daemons/hyperv-daemons.signatures.json @@ -7,6 +7,6 @@ "hypervkvpd.service": "c1bb207cf9f388f8f3cf5b649abbf8cfe4c4fcf74538612946e68f350d1f265f", "hypervvss.rules": "94cead44245ef6553ab79c0bbac8419e3ff4b241f01bcec66e6f508098cbedd1", "hypervvssd.service": "22270d9f0f23af4ea7905f19c1d5d5495e40c1f782cbb87a99f8aec5a011078d", - "kernel-6.6.57.1.tar.gz": "1b967b2dd19d13561fb28c5cf05fd35b8990a2ea70cc802c33d8dd1297a6fee3" + "kernel-6.6.64.2.tar.gz": "8b19b1d4db4add880154d1bf563625efc1b5f52e20792fc6e2628d63b74eb393" } } diff --git a/SPECS/hyperv-daemons/hyperv-daemons.spec b/SPECS/hyperv-daemons/hyperv-daemons.spec index cbf41377aa7..a02143e558a 100644 --- a/SPECS/hyperv-daemons/hyperv-daemons.spec +++ b/SPECS/hyperv-daemons/hyperv-daemons.spec @@ -10,7 +10,7 @@ Summary: Hyper-V daemons suite Name: hyperv-daemons -Version: 6.6.57.1 +Version: 6.6.64.2 Release: 1%{?dist} License: GPLv2+ Vendor: Microsoft Corporation @@ -221,6 +221,9 @@ fi %{_sbindir}/lsvmbus %changelog +* Tue Jan 07 2025 CBL-Mariner Servicing Account - 6.6.64.2-1 +- Auto-upgrade to 6.6.64.2 + * Tue Oct 29 2024 CBL-Mariner Servicing Account - 6.6.57.1-1 - Auto-upgrade to 6.6.57.1 diff --git a/SPECS/kernel-64k/config_aarch64 b/SPECS/kernel-64k/config_aarch64 index f9ea766b12b..ec95e37cae2 100644 --- a/SPECS/kernel-64k/config_aarch64 +++ b/SPECS/kernel-64k/config_aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 6.6.57.1 Kernel Configuration +# Linux/arm64 6.6.64.2 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0" CONFIG_CC_IS_GCC=y diff --git a/SPECS/kernel-64k/kernel-64k.signatures.json b/SPECS/kernel-64k/kernel-64k.signatures.json index a935b60e887..5d8299b4368 100644 --- a/SPECS/kernel-64k/kernel-64k.signatures.json +++ b/SPECS/kernel-64k/kernel-64k.signatures.json @@ -1,10 +1,10 @@ { "Signatures": { "azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b", - "config_aarch64": "2e511edb6a5a6236c6f7307f070df422bd6032b1e572f8f44ef4134ecea7d5b7", + "config_aarch64": "9e1b4c99bc559e7b475e5732052d8537d65270deae476be2ca22dfd7db4b2bcc", "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985", "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", - "kernel-6.6.57.1.tar.gz": "1b967b2dd19d13561fb28c5cf05fd35b8990a2ea70cc802c33d8dd1297a6fee3" + "kernel-6.6.64.2.tar.gz": "8b19b1d4db4add880154d1bf563625efc1b5f52e20792fc6e2628d63b74eb393" } } diff --git a/SPECS/kernel-64k/kernel-64k.spec b/SPECS/kernel-64k/kernel-64k.spec index ff0277bfec8..14bbb2dcb06 100644 --- a/SPECS/kernel-64k/kernel-64k.spec +++ b/SPECS/kernel-64k/kernel-64k.spec @@ -24,8 +24,8 @@ Summary: Linux Kernel Name: kernel-64k -Version: 6.6.57.1 -Release: 7%{?dist} +Version: 6.6.64.2 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -370,6 +370,9 @@ echo "initrd of kernel %{uname_r} removed" >&2 %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Tue Jan 07 2025 CBL-Mariner Servicing Account - 6.6.64.2-1 +- Auto-upgrade to 6.6.64.2 + * Sun Dec 22 2024 Ankita Pareek - 6.6.57.1-7 - Bump release to match kernel diff --git a/SPECS/kernel-headers/kernel-headers.signatures.json b/SPECS/kernel-headers/kernel-headers.signatures.json index 302a1c69051..8338b5bda0b 100644 --- a/SPECS/kernel-headers/kernel-headers.signatures.json +++ b/SPECS/kernel-headers/kernel-headers.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "kernel-6.6.57.1.tar.gz": "1b967b2dd19d13561fb28c5cf05fd35b8990a2ea70cc802c33d8dd1297a6fee3" + "kernel-6.6.64.2.tar.gz": "8b19b1d4db4add880154d1bf563625efc1b5f52e20792fc6e2628d63b74eb393" } } diff --git a/SPECS/kernel-headers/kernel-headers.spec b/SPECS/kernel-headers/kernel-headers.spec index 96cebd1e25c..6d54aea99ab 100644 --- a/SPECS/kernel-headers/kernel-headers.spec +++ b/SPECS/kernel-headers/kernel-headers.spec @@ -13,8 +13,8 @@ Summary: Linux API header files Name: kernel-headers -Version: 6.6.57.1 -Release: 7%{?dist} +Version: 6.6.64.2 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -75,6 +75,9 @@ done %endif %changelog +* Tue Jan 07 2025 CBL-Mariner Servicing Account - 6.6.64.2-1 +- Auto-upgrade to 6.6.64.2 + * Sun Dec 22 2024 Ankita Pareek - 6.6.57.1-7 - Bump release to match kernel diff --git a/SPECS/kernel/config b/SPECS/kernel/config index b225406e6b8..bdc3a27347e 100644 --- a/SPECS/kernel/config +++ b/SPECS/kernel/config @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86_64 6.6.57.1 Kernel Configuration +# Linux/x86_64 6.6.64.2 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0" CONFIG_CC_IS_GCC=y diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64 index e0d99388788..a03a6543e87 100644 --- a/SPECS/kernel/config_aarch64 +++ b/SPECS/kernel/config_aarch64 @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 6.6.57.1 Kernel Configuration +# Linux/arm64 6.6.64.2 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 13.2.0" CONFIG_CC_IS_GCC=y diff --git a/SPECS/kernel/kernel-uki.spec b/SPECS/kernel/kernel-uki.spec index 3c928626a97..3a5a1cf8d1a 100644 --- a/SPECS/kernel/kernel-uki.spec +++ b/SPECS/kernel/kernel-uki.spec @@ -12,8 +12,8 @@ Summary: Unified Kernel Image Name: kernel-uki -Version: 6.6.57.1 -Release: 7%{?dist} +Version: 6.6.64.2 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -70,6 +70,9 @@ cp %{buildroot}/boot/vmlinuz-uki-%{kernelver}.efi %{buildroot}/boot/efi/EFI/Linu /boot/efi/EFI/Linux/vmlinuz-uki-%{kernelver}.efi %changelog +* Tue Jan 07 2025 CBL-Mariner Servicing Account - 6.6.64.2-1 +- Auto-upgrade to 6.6.64.2 + * Sun Dec 22 2024 Ankita Pareek - 6.6.57.1-7 - Bump release to match kernel diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index eda9fcf8ddd..b16b05f5b13 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -1,11 +1,11 @@ { "Signatures": { "azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b", - "config": "651f9cab61a3eb370f7e6451d2115cce2c5f137f5d7e5f28234b5d07bf841d0f", - "config_aarch64": "bfb4b4344045354a2ba518d11ae81fe5e3d45e9b11253ca2e199792543a9d624", + "config": "869059cc0a295d60116a5a1597eec3f6ac9ec26e6900d49a5001014810371e08", + "config_aarch64": "d1228f2a8653055e6f552ea90271ad83efd69ce2a688991b7b823fdd6c819a78", "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985", "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", - "kernel-6.6.57.1.tar.gz": "1b967b2dd19d13561fb28c5cf05fd35b8990a2ea70cc802c33d8dd1297a6fee3" + "kernel-6.6.64.2.tar.gz": "8b19b1d4db4add880154d1bf563625efc1b5f52e20792fc6e2628d63b74eb393" } } diff --git a/SPECS/kernel/kernel.spec b/SPECS/kernel/kernel.spec index 6533a6d2545..16e59ed6012 100644 --- a/SPECS/kernel/kernel.spec +++ b/SPECS/kernel/kernel.spec @@ -29,8 +29,8 @@ Summary: Linux Kernel Name: kernel -Version: 6.6.57.1 -Release: 7%{?dist} +Version: 6.6.64.2 +Release: 1%{?dist} License: GPLv2 Vendor: Microsoft Corporation Distribution: Azure Linux @@ -424,6 +424,9 @@ echo "initrd of kernel %{uname_r} removed" >&2 %{_sysconfdir}/bash_completion.d/bpftool %changelog +* Tue Jan 07 2025 CBL-Mariner Servicing Account - 6.6.64.2-1 +- Auto-upgrade to 6.6.64.2 + * Sun Dec 22 2024 Ankita Pareek - 6.6.57.1-7 - Enable CONFIG_INTEL_TDX_GUEST and CONFIG_TDX_GUEST_DRIVER diff --git a/cgmanifest.json b/cgmanifest.json index baa0bcbf1aa..42a4d47daf3 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -6530,8 +6530,8 @@ "type": "other", "other": { "name": "hyperv-daemons", - "version": "6.6.57.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-3/6.6.57.1.tar.gz" + "version": "6.6.64.2", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-3/6.6.64.2.tar.gz" } } }, @@ -8131,8 +8131,8 @@ "type": "other", "other": { "name": "kernel", - "version": "6.6.57.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-3/6.6.57.1.tar.gz" + "version": "6.6.64.2", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-3/6.6.64.2.tar.gz" } } }, @@ -8141,8 +8141,8 @@ "type": "other", "other": { "name": "kernel-64k", - "version": "6.6.57.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-3/6.6.57.1.tar.gz" + "version": "6.6.64.2", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-3/6.6.64.2.tar.gz" } } }, @@ -8151,8 +8151,8 @@ "type": "other", "other": { "name": "kernel-headers", - "version": "6.6.57.1", - "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-3/6.6.57.1.tar.gz" + "version": "6.6.64.2", + "downloadUrl": "https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-3/6.6.64.2.tar.gz" } } }, diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 68985884f26..3289a276433 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,5 +1,5 @@ filesystem-1.1-21.azl3.aarch64.rpm -kernel-headers-6.6.57.1-7.azl3.noarch.rpm +kernel-headers-6.6.64.2-1.azl3.noarch.rpm glibc-2.38-8.azl3.aarch64.rpm glibc-devel-2.38-8.azl3.aarch64.rpm glibc-i18n-2.38-8.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index d7bf3caeb7a..aa83488dcb5 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,5 +1,5 @@ filesystem-1.1-21.azl3.x86_64.rpm -kernel-headers-6.6.57.1-7.azl3.noarch.rpm +kernel-headers-6.6.64.2-1.azl3.noarch.rpm glibc-2.38-8.azl3.x86_64.rpm glibc-devel-2.38-8.azl3.x86_64.rpm glibc-i18n-2.38-8.azl3.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index c8a14aeaf25..4ba96951db9 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -156,7 +156,7 @@ intltool-0.51.0-7.azl3.noarch.rpm itstool-2.0.7-1.azl3.noarch.rpm kbd-2.2.0-2.azl3.aarch64.rpm kbd-debuginfo-2.2.0-2.azl3.aarch64.rpm -kernel-headers-6.6.57.1-7.azl3.noarch.rpm +kernel-headers-6.6.64.2-1.azl3.noarch.rpm kmod-30-1.azl3.aarch64.rpm kmod-debuginfo-30-1.azl3.aarch64.rpm kmod-devel-30-1.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 06043454bd9..a8dc3741122 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -163,8 +163,8 @@ intltool-0.51.0-7.azl3.noarch.rpm itstool-2.0.7-1.azl3.noarch.rpm kbd-2.2.0-2.azl3.x86_64.rpm kbd-debuginfo-2.2.0-2.azl3.x86_64.rpm -kernel-cross-headers-6.6.57.1-7.azl3.noarch.rpm -kernel-headers-6.6.57.1-7.azl3.noarch.rpm +kernel-cross-headers-6.6.64.2-1.azl3.noarch.rpm +kernel-headers-6.6.64.2-1.azl3.noarch.rpm kmod-30-1.azl3.x86_64.rpm kmod-debuginfo-30-1.azl3.x86_64.rpm kmod-devel-30-1.azl3.x86_64.rpm diff --git a/toolkit/scripts/toolchain/container/Dockerfile b/toolkit/scripts/toolchain/container/Dockerfile index 111ff83c734..0a251cd23b9 100644 --- a/toolkit/scripts/toolchain/container/Dockerfile +++ b/toolkit/scripts/toolchain/container/Dockerfile @@ -63,7 +63,7 @@ RUN wget -nv --no-clobber --timeout=30 --continue --input-file=$LFS/tools/toolch # Disable downloading from remote sources by default. The 'toolchain-local-wget-list' generated for the above line will download from $(SOURCE_URL) # The 'toolchain-remote-wget-list' is still available and can be used as an alternate to $(SOURCE_URL) if desired. #RUN wget -nv --no-clobber --timeout=30 --continue --input-file=$LFS/tools/toolchain-remote-wget-list --directory-prefix=$LFS/sources; exit 0 -RUN wget -nv --no-clobber --timeout=30 --continue https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-3/6.6.57.1.tar.gz -O kernel-6.6.57.1.tar.gz --directory-prefix=$LFS/sources; exit 0 +RUN wget -nv --no-clobber --timeout=30 --continue https://github.com/microsoft/CBL-Mariner-Linux-Kernel/archive/rolling-lts/mariner-3/6.6.64.2.tar.gz -O kernel-6.6.64.2.tar.gz --directory-prefix=$LFS/sources; exit 0 USER root RUN mkdir -pv $LFS/{etc,var} $LFS/usr/{bin,lib,sbin} && \ diff --git a/toolkit/scripts/toolchain/container/toolchain-sha256sums b/toolkit/scripts/toolchain/container/toolchain-sha256sums index 10b5dd57a5d..79880531210 100644 --- a/toolkit/scripts/toolchain/container/toolchain-sha256sums +++ b/toolkit/scripts/toolchain/container/toolchain-sha256sums @@ -28,7 +28,7 @@ a3c2b80201b89e68616f4ad30bc66aee4927c3ce50e33929ca819d5c43538898 gmp-6.3.0.tar. 1db2aedde89d0dea42b16d9528f894c8d15dae4e190b59aecc78f5a951276eab grep-3.11.tar.xz 6b9757f592b7518b4902eb6af7e54570bdccba37a871fddb2d30ae3863511c13 groff-1.23.0.tar.gz 7454eb6935db17c6655576c2e1b0fabefd38b4d0936e0f87f48cd062ce91a057 gzip-1.13.tar.xz -1b967b2dd19d13561fb28c5cf05fd35b8990a2ea70cc802c33d8dd1297a6fee3 kernel-6.6.57.1.tar.gz +8b19b1d4db4add880154d1bf563625efc1b5f52e20792fc6e2628d63b74eb393 kernel-6.6.64.2.tar.gz 5d24e40819768f74daf846b99837fc53a3a9dcdf3ce1c2003fe0596db850f0f0 libarchive-3.7.1.tar.gz f311f8f3dad84699d0566d1d6f7ec943a9298b28f714cae3c931dfd57492d7eb libcap-2.69.tar.xz b8b45194989022a79ec1317f64a2a75b1551b2a55bea06f67704cb2a2e4690b0 libpipeline-1.5.7.tar.gz diff --git a/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh b/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh index 6556dfe97f4..38d410ec1e2 100755 --- a/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh +++ b/toolkit/scripts/toolchain/container/toolchain_build_temp_tools.sh @@ -86,7 +86,7 @@ rm -rf gcc-13.2.0 touch $LFS/logs/temptoolchain/status_gcc_pass1_complete -KERNEL_VERSION="6.6.57.1" +KERNEL_VERSION="6.6.64.2" echo Linux-${KERNEL_VERSION} API Headers tar xf kernel-${KERNEL_VERSION}.tar.gz pushd CBL-Mariner-Linux-Kernel-rolling-lts-mariner-3-${KERNEL_VERSION} From f15b9c51494bf38d8ab122e9336cb9b07f077dfb Mon Sep 17 00:00:00 2001 From: CBL-Mariner Servicing Account Date: Tue, 7 Jan 2025 09:25:08 +0000 Subject: [PATCH 2/4] Apply config changes to AMD64 --- SPECS/kernel/config | 4 ++-- SPECS/kernel/kernel.signatures.json | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/SPECS/kernel/config b/SPECS/kernel/config index bdc3a27347e..66cc9df8407 100644 --- a/SPECS/kernel/config +++ b/SPECS/kernel/config @@ -507,7 +507,6 @@ CONFIG_PHYSICAL_ALIGN=0x1000000 CONFIG_DYNAMIC_MEMORY_LAYOUT=y CONFIG_RANDOMIZE_MEMORY=y CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0xa -# CONFIG_ADDRESS_MASKING is not set CONFIG_HOTPLUG_CPU=y # CONFIG_COMPAT_VDSO is not set # CONFIG_LEGACY_VSYSCALL_XONLY is not set @@ -7366,6 +7365,8 @@ CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y CONFIG_SECURITY_LANDLOCK=y CONFIG_SECURITY_IPE=y CONFIG_IPE_BOOT_POLICY="" +CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y +CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y # # IPE Trust Providers @@ -7374,7 +7375,6 @@ CONFIG_IPE_PROP_DM_VERITY=y CONFIG_IPE_PROP_DM_VERITY_SIGNATURE=y CONFIG_IPE_PROP_FS_VERITY=y CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG=y -CONFIG_IPE_PROP_INTENDED_PATHNAME=y # end of IPE Trust Providers CONFIG_INTEGRITY=y diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index b16b05f5b13..bcd197256b5 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -1,7 +1,7 @@ { "Signatures": { "azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b", - "config": "869059cc0a295d60116a5a1597eec3f6ac9ec26e6900d49a5001014810371e08", + "config": "fc926acd06b82abc2a9f0618947072eba2e6913c5cbbf11d64aaf56e3f0996cc", "config_aarch64": "d1228f2a8653055e6f552ea90271ad83efd69ce2a688991b7b823fdd6c819a78", "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985", "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98", From 4f478806375d41447ac4e0aa6e74dc7ee9476595 Mon Sep 17 00:00:00 2001 From: CBL-Mariner Servicing Account Date: Tue, 7 Jan 2025 09:25:19 +0000 Subject: [PATCH 3/4] Apply config changes to ARM64 --- SPECS/kernel-64k/config_aarch64 | 6 ++---- SPECS/kernel-64k/kernel-64k.signatures.json | 2 +- SPECS/kernel/config_aarch64 | 6 ++---- SPECS/kernel/kernel.signatures.json | 2 +- 4 files changed, 6 insertions(+), 10 deletions(-) diff --git a/SPECS/kernel-64k/config_aarch64 b/SPECS/kernel-64k/config_aarch64 index ec95e37cae2..0f1e1bdfa39 100644 --- a/SPECS/kernel-64k/config_aarch64 +++ b/SPECS/kernel-64k/config_aarch64 @@ -529,7 +529,6 @@ CONFIG_ARM64_EPAN=y # end of ARMv8.7 architectural features CONFIG_ARM64_SVE=y -CONFIG_ARM64_SME=y CONFIG_ARM64_PSEUDO_NMI=y # CONFIG_ARM64_DEBUG_PRIORITY_MASKING is not set CONFIG_RELOCATABLE=y @@ -8770,10 +8769,8 @@ CONFIG_COMMON_CLK_MT8192=y # CONFIG_COMMON_CLK_MT8192_VENCSYS is not set CONFIG_COMMON_CLK_MT8195=y CONFIG_COMMON_CLK_MT8195_APUSYS=y -CONFIG_COMMON_CLK_MT8195_AUDSYS=y CONFIG_COMMON_CLK_MT8195_IMP_IIC_WRAP=y CONFIG_COMMON_CLK_MT8195_MFGCFG=y -CONFIG_COMMON_CLK_MT8195_MSDC=y CONFIG_COMMON_CLK_MT8195_SCP_ADSP=y CONFIG_COMMON_CLK_MT8195_VDOSYS=y CONFIG_COMMON_CLK_MT8195_VPPSYS=y @@ -10411,6 +10408,8 @@ CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y CONFIG_SECURITY_LANDLOCK=y CONFIG_SECURITY_IPE=y CONFIG_IPE_BOOT_POLICY="" +CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y +CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y # # IPE Trust Providers @@ -10419,7 +10418,6 @@ CONFIG_IPE_PROP_DM_VERITY=y CONFIG_IPE_PROP_DM_VERITY_SIGNATURE=y CONFIG_IPE_PROP_FS_VERITY=y CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG=y -CONFIG_IPE_PROP_INTENDED_PATHNAME=y # end of IPE Trust Providers CONFIG_INTEGRITY=y diff --git a/SPECS/kernel-64k/kernel-64k.signatures.json b/SPECS/kernel-64k/kernel-64k.signatures.json index 5d8299b4368..8ddbe3e70f7 100644 --- a/SPECS/kernel-64k/kernel-64k.signatures.json +++ b/SPECS/kernel-64k/kernel-64k.signatures.json @@ -1,7 +1,7 @@ { "Signatures": { "azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b", - "config_aarch64": "9e1b4c99bc559e7b475e5732052d8537d65270deae476be2ca22dfd7db4b2bcc", + "config_aarch64": "a38d706af967657d1961382c9c3114bd8ed30e1d338e528e203239d125e2e1c9", "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985", "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", diff --git a/SPECS/kernel/config_aarch64 b/SPECS/kernel/config_aarch64 index a03a6543e87..96fb63b9ee3 100644 --- a/SPECS/kernel/config_aarch64 +++ b/SPECS/kernel/config_aarch64 @@ -527,7 +527,6 @@ CONFIG_ARM64_EPAN=y # end of ARMv8.7 architectural features CONFIG_ARM64_SVE=y -CONFIG_ARM64_SME=y CONFIG_ARM64_PSEUDO_NMI=y # CONFIG_ARM64_DEBUG_PRIORITY_MASKING is not set CONFIG_RELOCATABLE=y @@ -8777,10 +8776,8 @@ CONFIG_COMMON_CLK_MT8192=y # CONFIG_COMMON_CLK_MT8192_VENCSYS is not set CONFIG_COMMON_CLK_MT8195=y CONFIG_COMMON_CLK_MT8195_APUSYS=y -CONFIG_COMMON_CLK_MT8195_AUDSYS=y CONFIG_COMMON_CLK_MT8195_IMP_IIC_WRAP=y CONFIG_COMMON_CLK_MT8195_MFGCFG=y -CONFIG_COMMON_CLK_MT8195_MSDC=y CONFIG_COMMON_CLK_MT8195_SCP_ADSP=y CONFIG_COMMON_CLK_MT8195_VDOSYS=y CONFIG_COMMON_CLK_MT8195_VPPSYS=y @@ -10421,6 +10418,8 @@ CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y CONFIG_SECURITY_LANDLOCK=y CONFIG_SECURITY_IPE=y CONFIG_IPE_BOOT_POLICY="" +CONFIG_IPE_POLICY_SIG_SECONDARY_KEYRING=y +CONFIG_IPE_POLICY_SIG_PLATFORM_KEYRING=y # # IPE Trust Providers @@ -10429,7 +10428,6 @@ CONFIG_IPE_PROP_DM_VERITY=y CONFIG_IPE_PROP_DM_VERITY_SIGNATURE=y CONFIG_IPE_PROP_FS_VERITY=y CONFIG_IPE_PROP_FS_VERITY_BUILTIN_SIG=y -CONFIG_IPE_PROP_INTENDED_PATHNAME=y # end of IPE Trust Providers CONFIG_INTEGRITY=y diff --git a/SPECS/kernel/kernel.signatures.json b/SPECS/kernel/kernel.signatures.json index bcd197256b5..02b3952810f 100644 --- a/SPECS/kernel/kernel.signatures.json +++ b/SPECS/kernel/kernel.signatures.json @@ -2,7 +2,7 @@ "Signatures": { "azurelinux-ca-20230216.pem": "d545401163c75878319f01470455e6bc18a5968e39dd964323225e3fe308849b", "config": "fc926acd06b82abc2a9f0618947072eba2e6913c5cbbf11d64aaf56e3f0996cc", - "config_aarch64": "d1228f2a8653055e6f552ea90271ad83efd69ce2a688991b7b823fdd6c819a78", + "config_aarch64": "40c1f07b2193bd8b2766229ec2145a18b09b7a8f99f5796dc407923634873098", "cpupower": "d7518767bf2b1110d146a49c7d42e76b803f45eb8bd14d931aa6d0d346fae985", "cpupower.service": "b057fe9e5d0e8c36f485818286b80e3eba8ff66ff44797940e99b1fd5361bb98", "sha512hmac-openssl.sh": "02ab91329c4be09ee66d759e4d23ac875037c3b56e5a598e32fd1206da06a27f", From f3a224545a87062b4b006fb647fa16080f4128f2 Mon Sep 17 00:00:00 2001 From: Rachel Menge Date: Wed, 8 Jan 2025 18:37:56 +0000 Subject: [PATCH 4/4] Trigger checks