mirror of
https://github.com/peridotbuild/peridot.git
synced 2024-12-30 14:00:56 +00:00
Change .s.0 to .s.1 for newer kernel, and add SIG cert
This commit is contained in:
parent
90871a3baf
commit
021646197c
5 changed files with 55 additions and 26 deletions
1
tools/kernelmanager/kernel_repack/v1/BUILD
vendored
1
tools/kernelmanager/kernel_repack/v1/BUILD
vendored
|
@ -17,6 +17,7 @@ go_library(
|
||||||
"data/kvm_stat.logrotate",
|
"data/kvm_stat.logrotate",
|
||||||
"data/mod-denylist.sh",
|
"data/mod-denylist.sh",
|
||||||
"data/mod-sign.sh",
|
"data/mod-sign.sh",
|
||||||
|
"data/rocky-sigkernel.cer",
|
||||||
"data/rockykpatch1.x509",
|
"data/rockykpatch1.x509",
|
||||||
"data/x509.genkey",
|
"data/x509.genkey",
|
||||||
"data/rockydup1.x509",
|
"data/rockydup1.x509",
|
||||||
|
|
|
@ -55,13 +55,6 @@
|
||||||
%global signmodules 0
|
%global signmodules 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
### BCAT
|
|
||||||
# Further investigation is required before these features
|
|
||||||
# are enabled for the ELRepo Project kernels.
|
|
||||||
%global signkernel 0
|
|
||||||
%global signmodules 0
|
|
||||||
### BCAT
|
|
||||||
|
|
||||||
# Compress modules on all architectures that build modules.
|
# Compress modules on all architectures that build modules.
|
||||||
%ifarch x86_64 || aarch64
|
%ifarch x86_64 || aarch64
|
||||||
%global zipmodules 1
|
%global zipmodules 1
|
||||||
|
@ -247,11 +240,13 @@ Source2000: cpupower.service
|
||||||
Source2001: cpupower.config
|
Source2001: cpupower.config
|
||||||
Source2002: kvm_stat.logrotate
|
Source2002: kvm_stat.logrotate
|
||||||
|
|
||||||
|
Source3000: rocky-sigkernel.cer
|
||||||
|
|
||||||
%if %{signkernel}
|
%if %{signkernel}
|
||||||
%define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
|
%define secureboot_ca_0 %{_datadir}/pki/sb-certs/secureboot-ca-%{_arch}.cer
|
||||||
%define secureboot_key_0 %{_datadir}/pki/sb-certs/secureboot-kernel-%{_arch}.cer
|
%define secureboot_key_0 %{SOURCE3000}
|
||||||
|
|
||||||
%define pesign_name_0 redhatsecureboot501
|
%define pesign_name_0 rockybootsigningsigkernelcert
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%description
|
%description
|
||||||
|
@ -707,6 +702,7 @@ popd > /dev/null
|
||||||
|
|
||||||
%install
|
%install
|
||||||
%define __modsign_install_post \
|
%define __modsign_install_post \
|
||||||
|
pushd linux-%{KVERREL} > /dev/null \
|
||||||
if [ "%{signmodules}" -eq "1" ]; then \
|
if [ "%{signmodules}" -eq "1" ]; then \
|
||||||
if [ "%{with_std}" -ne "0" ]; then \
|
if [ "%{with_std}" -ne "0" ]; then \
|
||||||
%{SOURCE21} certs/signing_key.pem.sign certs/signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
|
%{SOURCE21} certs/signing_key.pem.sign certs/signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
|
||||||
|
@ -1404,7 +1400,7 @@ fi
|
||||||
### BCAT
|
### BCAT
|
||||||
|
|
||||||
%files -n %{name}-tools-libs
|
%files -n %{name}-tools-libs
|
||||||
%{_libdir}/libcpupower.so.0
|
%{_libdir}/libcpupower.so.1
|
||||||
%{_libdir}/libcpupower.so.0.0.1
|
%{_libdir}/libcpupower.so.0.0.1
|
||||||
|
|
||||||
%files -n %{name}-tools-libs-devel
|
%files -n %{name}-tools-libs-devel
|
||||||
|
@ -1488,3 +1484,7 @@ fi
|
||||||
%kernel_ml_variant_files %{_use_vdso} %{with_std}
|
%kernel_ml_variant_files %{_use_vdso} %{with_std}
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
{{range $val := .Changelog}}
|
||||||
|
* {{$val.Date}} {{$val.Name}} - {{$val.Version}}-{{$val.BuildID}}
|
||||||
|
- {{$val.Text}}
|
||||||
|
{{end}}
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIFLDCCBBSgAwIBAgIBFTANBgkqhkiG9w0BAQsFADCB1DELMAkGA1UEBhMCVVMx
|
||||||
|
ETAPBgNVBAgMCERlbGF3YXJlMQ4wDAYDVQQHDAVEb3ZlcjEtMCsGA1UECgwkUm9j
|
||||||
|
a3kgRW50ZXJwcmlzZSBTb2Z0d2FyZSBGb3VuZGF0aW9uMSEwHwYDVQQLDBhSZWxl
|
||||||
|
YXNlIGVuZ2luZWVyaW5nIHRlYW0xKDAmBgNVBAMMH1JvY2t5IExpbnV4IFNlY3Vy
|
||||||
|
ZSBCb290IFJvb3QgQ0ExJjAkBgkqhkiG9w0BCQEWF3NlY3VyaXR5QHJvY2t5bGlu
|
||||||
|
dXgub3JnMB4XDTIzMTAxOTE5MzczNloXDTI0MTAxODE5MzczNlowgeMxCzAJBgNV
|
||||||
|
BAYTAlVTMREwDwYDVQQIDAhEZWxhd2FyZTEOMAwGA1UEBwwFRG92ZXIxLTArBgNV
|
||||||
|
BAoMJFJvY2t5IEVudGVycHJpc2UgU29mdHdhcmUgRm91bmRhdGlvbjEhMB8GA1UE
|
||||||
|
CwwYUmVsZWFzZSBlbmdpbmVlcmluZyB0ZWFtMTcwNQYDVQQDDC5Sb2NreSBMaW51
|
||||||
|
eCBLZXJuZWwgU0lHIEtlcm5lbCBTaWduaW5nIENlcnQgMTAxMSYwJAYJKoZIhvcN
|
||||||
|
AQkBFhdzZWN1cml0eUByb2NreWxpbnV4Lm9yZzCCAaIwDQYJKoZIhvcNAQEBBQAD
|
||||||
|
ggGPADCCAYoCggGBALd7czYlm7KN34SFNxIYktTHMMfw5TdOTB9tm8IDN8YVvCMP
|
||||||
|
nigAE0i+BjtgMPPd7lQPMy46ZYIqtg4/jLceQGpyjFm6UI676fTN4te7HC/nAFC0
|
||||||
|
IszCQgLgj3QAUF00+9ffjtgsU6tiX5pp246aMUAjvN8rI1bjJ+N4G9PC58D4FDRm
|
||||||
|
x6iik7IrK4fL2TUGZG24M5BiI1NsjUroNkLZ9o/iZAYTq6Ff6cAJZcXqnc+vS7ve
|
||||||
|
MiEqKpAeO4SQSnyoNzYK/ApTJB4vegfbvCPx0W00ZhNMqO73/zjXE95dbT18jZx/
|
||||||
|
b6XNhnsqODolGbK7IInNJNnkSwV7nXEC4YYfhNu4BK7v/v94xG53ruwdkKJDV/D0
|
||||||
|
fpHo0KccGr9HwgZnqVO7aQrSPuI42B7+2R6QPFYNynwVtlJ1iNyZloiyA4DgmWBg
|
||||||
|
caGhXVnJcobqw/KjBFZsmH3sYEIoUbihXHsgvFtqPs/YORrBADy5Wnt0ZGHJN9xg
|
||||||
|
yMRw1fO1Wv/17an2DQIDAQABo3gwdjAMBgNVHRMBAf8EAjAAMA4GA1UdDwEB/wQE
|
||||||
|
AwIHgDAWBgNVHSUBAf8EDDAKBggrBgEFBQcDAzAdBgNVHQ4EFgQUE5nV9l42MZKa
|
||||||
|
Ujwu5B9Vg+L4eI8wHwYDVR0jBBgwFoAUTCxr19ZO6BWByrjphmYfZeIWb8QwDQYJ
|
||||||
|
KoZIhvcNAQELBQADggEBAK82djaZ4M5LOdlAE9Q6Ry2YypdmZ31c8eqpExNHxUeD
|
||||||
|
IV7KmYNByhu95bmkunAJMdnYVkCIrAgDhM3WYuzB9Fg2kgrOBW2ZNFdyn2VtayLA
|
||||||
|
ng1gFfYf22yLBhEYVwvTOmM9WxIwjoSIo9rskkFL5BKwjwPwHcoH6rw1kEqOB1TW
|
||||||
|
LStbQ6q78y3EDwEOTudO/WAjejR4d5sYil6tPtRxq6Nt0g8W9rsc8cTpKbsYBkZA
|
||||||
|
OrnmfkSprUh13BLj5fbjtQaDRsQXz9EPRIASrAT7nphPJKI8VkXHVtVDorr2VovA
|
||||||
|
MvVRhQTw4nXpYZXvFETDkwCKtumjZWbgKL8mcjUxI24=
|
||||||
|
-----END CERTIFICATE-----
|
1
tools/kernelmanager/rpc/BUILD
vendored
1
tools/kernelmanager/rpc/BUILD
vendored
|
@ -14,7 +14,6 @@ go_library(
|
||||||
"//base/go/kv",
|
"//base/go/kv",
|
||||||
"//third_party/googleapis/google/longrunning:longrunning_go_proto",
|
"//third_party/googleapis/google/longrunning:longrunning_go_proto",
|
||||||
"//tools/kernelmanager/proto/v1:pb",
|
"//tools/kernelmanager/proto/v1:pb",
|
||||||
"//tools/mothership/proto/v1:pb",
|
|
||||||
"//vendor/go.temporal.io/api/enums/v1:enums",
|
"//vendor/go.temporal.io/api/enums/v1:enums",
|
||||||
"//vendor/go.temporal.io/api/serviceerror",
|
"//vendor/go.temporal.io/api/serviceerror",
|
||||||
"//vendor/go.temporal.io/api/workflowservice/v1:workflowservice",
|
"//vendor/go.temporal.io/api/workflowservice/v1:workflowservice",
|
||||||
|
|
|
@ -15,20 +15,19 @@
|
||||||
package kernelmanager_rpc
|
package kernelmanager_rpc
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"context"
|
"context"
|
||||||
base "go.resf.org/peridot/base/go"
|
base "go.resf.org/peridot/base/go"
|
||||||
kernelmanagerpb "go.resf.org/peridot/tools/kernelmanager/pb"
|
kernelmanagerpb "go.resf.org/peridot/tools/kernelmanager/pb"
|
||||||
mothershippb "go.resf.org/peridot/tools/mothership/pb"
|
v11 "go.temporal.io/api/enums/v1"
|
||||||
v11 "go.temporal.io/api/enums/v1"
|
"go.temporal.io/api/serviceerror"
|
||||||
"go.temporal.io/api/serviceerror"
|
"go.temporal.io/api/workflowservice/v1"
|
||||||
"go.temporal.io/api/workflowservice/v1"
|
"google.golang.org/genproto/googleapis/longrunning"
|
||||||
"google.golang.org/genproto/googleapis/longrunning"
|
rpccode "google.golang.org/genproto/googleapis/rpc/code"
|
||||||
rpccode "google.golang.org/genproto/googleapis/rpc/code"
|
rpcstatus "google.golang.org/genproto/googleapis/rpc/status"
|
||||||
rpcstatus "google.golang.org/genproto/googleapis/rpc/status"
|
"google.golang.org/grpc/codes"
|
||||||
"google.golang.org/grpc/codes"
|
"google.golang.org/grpc/status"
|
||||||
"google.golang.org/grpc/status"
|
"google.golang.org/protobuf/types/known/anypb"
|
||||||
"google.golang.org/protobuf/types/known/anypb"
|
"google.golang.org/protobuf/types/known/timestamppb"
|
||||||
"google.golang.org/protobuf/types/known/timestamppb"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func (s *Server) describeWorkflowToOperation(ctx context.Context, res *workflowservice.DescribeWorkflowExecutionResponse) (*longrunning.Operation, error) {
|
func (s *Server) describeWorkflowToOperation(ctx context.Context, res *workflowservice.DescribeWorkflowExecutionResponse) (*longrunning.Operation, error) {
|
||||||
|
@ -75,7 +74,7 @@ func (s *Server) describeWorkflowToOperation(ctx context.Context, res *workflows
|
||||||
// Complete, we need to get the result using GetWorkflow
|
// Complete, we need to get the result using GetWorkflow
|
||||||
run := s.temporal.GetWorkflow(ctx, op.Name, "")
|
run := s.temporal.GetWorkflow(ctx, op.Name, "")
|
||||||
|
|
||||||
var res mothershippb.ProcessRPMResponse
|
var res kernelmanagerpb.TriggerKernelUpdateResponse
|
||||||
if err := run.Get(ctx, &res); err != nil {
|
if err := run.Get(ctx, &res); err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue