Merge pull request #1015 from microsoft/joslobo/merge-for-may-update

Merge 1.0-dev to 1.0 branch for May Update
microsoft · Jun 4, 2021 · b130e22 · b130e22
2 parents e092e4a + 59e7069
commit b130e22
Show file tree

Hide file tree

Showing 616 changed files with 23,728 additions and 3,555 deletions.
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
@@ -33,8 +33,9 @@ What does the PR accomplish, why was it needed?
 
 ###### Does this affect the toolchain?  <!-- REQUIRED -->
 <!-- Any packages which are included in the toolchain should be carefully considered. Make sure the toolchain builds with these changes if so. -->
-**YES**
-NO
+<!-- Update: manifests/package/toolchain_*.txt, pkggen_core_*.txt, update_manifests.sh -->
+<!-- To validate: make clean; make workplan REBUILD_TOOLCHAIN=y DISABLE_UPSTREAM_REPOS=y CONFIG_FILE="" ... -->
+**YES/NO**
 
 ###### Associated issues  <!-- optional -->
 <!-- Link to Github issues if possible. -->
@@ -45,5 +46,5 @@ NO
 - https://nvd.nist.gov/vuln/detail/CVE-YYYY-XXXX
 
 ###### Test Methodology
-<!-- How as this test validated? i.e. local build, pipeline build etc. -->
+<!-- How was this test validated? i.e. local build, pipeline build etc. -->
 - Pipeline build id: xxxx
diff --git a/.github/workflows/check_entangled_specs.py b/.github/workflows/check_entangled_specs.py
@@ -28,6 +28,10 @@
         "SPECS/hyperv-daemons/hyperv-daemons.spec",
         "SPECS/kernel/kernel.spec",
         "SPECS/kernel-hyperv/kernel-hyperv.spec"
+    ]),
+    frozenset([
+        "SPECS/azure-iotedge/azure-iotedge.spec",
+        "SPECS/libiothsm-std/libiothsm-std.spec"
     ])
 ]
 

diff --git a/.github/workflows/validate-cg-manifest.sh b/.github/workflows/validate-cg-manifest.sh
@@ -13,6 +13,7 @@
 
 # Ignore some specs, mostly those with Source0 files that are not from an external source, or have very odd URLs
 ignore_list=" \
+  byacc \
   initramfs \
   kf5 \
   mariner-repos \
@@ -23,6 +24,11 @@ ignore_list=" \
   python-markupsafe \
   python-requests \
   python-zope-interface \
+  python-nocasedict \
+  python-pywbem \
+  python-repoze-lru \
+  python-sphinxcontrib-websupport \
+  python-yamlloader \
   qt5-rpm-macros \
   runc \
   grub2-efi-binary-signed-aarch64 \

diff --git a/SPECS-SIGNED/kernel-signed/kernel-signed.spec b/SPECS-SIGNED/kernel-signed/kernel-signed.spec
@@ -1,4 +1,5 @@
 %global debug_package %{nil}
+%global sha512hmac bash %{_sourcedir}/sha512hmac-openssl.sh
 %ifarch x86_64
 %global buildarch x86_64
 %endif
@@ -8,8 +9,8 @@
 %define uname_r %{version}-%{release}
 Summary:        Signed Linux Kernel for %{buildarch} systems
 Name:           kernel-signed-%{buildarch}
-Version:        5.10.28.1
-Release:        4%{?dist}
+Version:        5.10.37.1
+Release:        1%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -66,7 +67,10 @@ URL:            https://github.com/microsoft/CBL-Mariner-Linux-Kernel
 #   4. Build this spec
 Source0:        kernel-%{version}-%{release}.%{buildarch}.rpm
 Source1:        vmlinuz-%{uname_r}
+Source2:        sha512hmac-openssl.sh
 BuildRequires:  cpio
+BuildRequires:  openssl
+BuildRequires:  sed
 
 %description
 This package contains the Linux kernel package with kernel signed with the production key
@@ -86,14 +90,17 @@ The kernel package contains the signed Linux kernel.
 
 %build
 # This spec's whole purpose is to inject the signed kernel binary
-# Do not do anything extra.
 rpm2cpio %{SOURCE0} | cpio -idmv
 cp %{SOURCE1} ./boot/vmlinuz-%{uname_r}
 
 %install
 # Don't use * wildcard. It does not copy over hidden files in the root folder...
 cp -rp ./. %{buildroot}/
 
+# Recalculate sha512hmac for FIPS
+%{sha512hmac} %{buildroot}/boot/vmlinuz-%{uname_r} | sed -e "s,$RPM_BUILD_ROOT,," > %{buildroot}/boot/.vmlinuz-%{uname_r}.hmac
+cp %{buildroot}/boot/.vmlinuz-%{uname_r}.hmac %{buildroot}/lib/modules/%{uname_r}/.vmlinuz.hmac
+
 %triggerin -n kernel -- initramfs
 mkdir -p %{_localstatedir}/lib/rpm-state/initramfs/pending
 touch %{_localstatedir}/lib/rpm-state/initramfs/pending/%{uname_r}
@@ -139,6 +146,30 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %endif
 
 %changelog
+* Fri May 28 2021 Rachel Menge <[email protected]> - 5.10.37.1-1
+- Update source to 5.10.37.1
+
+* Thu May 27 2021 Chris Co <[email protected]> - 5.10.32.1-7
+- Bump release number to match kernel release
+
+* Wed May 26 2021 Chris Co <[email protected]> - 5.10.32.1-6
+- Bump release number to match kernel release
+
+* Tue May 25 2021 Daniel Mihai <[email protected]> - 5.10.32.1-5
+- Bump release number to match kernel release
+
+* Thu May 20 2021 Nicolas Ontiveros <[email protected]> - 5.10.32.1-4
+- Recalculate sha512hmac on signed kernel binary
+
+* Tue May 17 2021 Andrew Phelps <[email protected]> - 5.10.32.1-3
+- Update to kernel release 5.10.32.1-3
+
+* Thu May 13 2021 Rachel Menge <[email protected]> - 5.10.32.1-2
+- Bump release number to match kernel release
+
+* Mon May 03 2021 Rachel Menge <[email protected]> - 5.10.32.1-1
+- Update source to 5.10.32.1
+
 * Thu Apr 22 2021 Chris Co <[email protected]> - 5.10.28.1-4
 - Bump release number to match kernel release
 

diff --git a/SPECS-SIGNED/kernel-signed/sha512hmac-openssl.sh b/SPECS-SIGNED/kernel-signed/sha512hmac-openssl.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# Mocks sha512hmac using the openssl tool.
+# Only for use during RPM build.
+
+openssl sha512 -hmac FIPS-FTW-RHT2009 -hex "$1" | cut -f 2 -d ' ' | echo "$(cat -)  $1"
diff --git a/SPECS/CUnit/CUnit.signatures.json b/SPECS/CUnit/CUnit.signatures.json
@@ -0,0 +1,5 @@
+{
+ "Signatures": {
+  "CUnit-2.1.3.tar.bz2": "f5b29137f845bb08b77ec60584fdb728b4e58f1023e6f249a464efa49a40f214"
+ }
+}
diff --git a/SPECS/CUnit/CUnit.spec b/SPECS/CUnit/CUnit.spec
@@ -0,0 +1,197 @@
+%global tarver 2.1-3
+
+Name:           CUnit
+Version:        2.1.3
+Release:        23%{?dist}
+Summary:        Unit testing framework for C
+Vendor:         Microsoft Corporation
+Distribution:   Mariner
+License:        LGPLv2+
+URL:            http://cunit.sourceforge.net/
+#Source0:       https://downloads.sourceforge.net/cunit/%{name}-%{tarver}.tar.bz2
+Source0:        %{name}-%{version}.tar.bz2
+
+BuildRequires:  automake
+BuildRequires:  libtool
+
+%description 
+CUnit is a lightweight system for writing, administering,
+and running unit tests in C.  It provides C programmers a basic
+testing functionality with a flexible variety of user interfaces.
+
+%package devel
+Summary:        Header files and libraries for CUnit development
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+
+%description devel 
+The %{name}-devel package contains the header files
+and libraries for use with CUnit package.
+
+%prep
+%setup -q -n %{name}-%{tarver}
+find -name *.c -exec chmod -x {} \;
+
+%build
+autoreconf -f -i
+%configure --disable-static
+make %{?_smp_mflags}
+
+%install
+make install DESTDIR=%{buildroot}
+rm -f `find %{buildroot} -name *.la`
+
+# work around bad docdir= in doc/Makefile*
+mkdir -p %{buildroot}%{_docdir}/%{name}
+mv %{buildroot}%{_prefix}/doc/%{name} %{buildroot}%{_docdir}/%{name}/html
+
+# add some doc files into the buildroot manually (#1001276)
+for f in AUTHORS ChangeLog COPYING NEWS README TODO VERSION ; do
+    install -p -m0644 -D $f %{buildroot}%{_docdir}/%{name}/${f}
+done
+
+%post -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+
+%files
+%license %{_defaultdocdir}/%{name}/COPYING
+%{_datadir}/%{name}/
+%{_libdir}/libcunit.so.*
+%dir %{_docdir}/%{name}
+%{_docdir}/%{name}/AUTHORS
+%{_docdir}/%{name}/ChangeLog
+%{_docdir}/%{name}/NEWS
+%{_docdir}/%{name}/README
+%{_docdir}/%{name}/TODO
+%{_docdir}/%{name}/VERSION
+
+%files devel
+%{_docdir}/%{name}/html/
+%{_includedir}/%{name}/
+%{_libdir}/libcunit.so
+%{_libdir}/pkgconfig/cunit.pc
+%{_mandir}/man3/CUnit.3*
+
+%changelog
+* Fri Aug 21 2020 Thomas Crain <[email protected]> - 2.1.3-23
+- Initial CBL-Mariner import from Fedora 33 (license: MIT)
+- License verified
+
+* Mon Jul 27 2020 Fedora Release Engineering <[email protected]> - 2.1.3-22
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Tue Jan 28 2020 Fedora Release Engineering <[email protected]> - 2.1.3-21
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Wed Jul 24 2019 Fedora Release Engineering <[email protected]> - 2.1.3-20
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Thu Jan 31 2019 Fedora Release Engineering <[email protected]> - 2.1.3-19
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
+
+* Thu Jul 12 2018 Fedora Release Engineering <[email protected]> - 2.1.3-18
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
+
+* Wed Feb 07 2018 Fedora Release Engineering <[email protected]> - 2.1.3-17
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Wed Aug 02 2017 Fedora Release Engineering <[email protected]> - 2.1.3-16
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
+
+* Wed Jul 26 2017 Fedora Release Engineering <[email protected]> - 2.1.3-15
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Feb 10 2017 Fedora Release Engineering <[email protected]> - 2.1.3-14
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Wed Feb 03 2016 Fedora Release Engineering <[email protected]> - 2.1.3-13
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Tue Jun 16 2015 Fedora Release Engineering <[email protected]> - 2.1.3-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Fri Aug 15 2014 Fedora Release Engineering <[email protected]> - 2.1.3-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
+
+* Fri Jun 06 2014 Fedora Release Engineering <[email protected]> - 2.1.3-10
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Sun Jun  1 2014 Michael Schwendt <[email protected]> - 2.1.3-9
+- Fix HTML documentation installation location.
+- Replace CUnit-2.1-3-src.tar.bz2 tarball, which really
+  is 2.1-2 in disguise according to configure.in, with 2.1-3 as
+  published on 2014-04-24.
+- BR libtool
+- Run autoreconf instead of autoconf.
+- Drop --enable-curses because without BuildRequires ncurses-devel it
+  would disable itself automatically (and if it were enabled, test programs
+  would need to link with ncurses explicitly).
+
+* Sun Sep 29 2013 Michael Schwendt <[email protected]> - 2.1.3-8
+- Add %%_isa to -devel base package dependency.
+- Headers get installed by "make install", copying them from the HTML
+  doc headers dir is not necessary.
+- Configure build with --disable-static.
+- Drop unneeded spec stuff (buildroot def, removal, clean, pkgconfig dep).
+- Using %%defattr is not needed anymore.
+- Deduplicate documentation files in unversioned docdir (#1001276).
+
+* Tue Sep 10 2013 Shakthi Kannan <shakthimaan [AT] fedoraproject.org> - 2.1.3-7
+- Fix build with unversioned docdir (#1001276)
+
+* Fri Aug 02 2013 Fedora Release Engineering <[email protected]> - 2.1.3-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Fri Jun 21 2013 Shakthi Kannan <shakthimaan [AT] fedoraproject.org> - 2.1.3-5
+- Use header files from doc folder as well
+- Enable curses
+
+* Sat Apr 20 2013 Shakthi Kannan <shakthimaan [AT] fedoraproject.org> - 2.1.3-4
+- Use autoconf for ARM
+
+* Wed Feb 13 2013 Fedora Release Engineering <[email protected]> - 2.1.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Wed Jul 18 2012 Fedora Release Engineering <[email protected]> - 2.1.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Wed May 2 2012 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> 2.1.3-1
+- Updated to 2.1.3 sources re-run with autoreconf.
+
+* Thu Jan 12 2012 Fedora Release Engineering <[email protected]> - 2.1.2-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Mon Feb 07 2011 Fedora Release Engineering <[email protected]> - 2.1.2-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Sat Jan 29 2011 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> 2.1.2-6
+- Changed Group to System Environment/Libraries.
+- Remove executable permission from C files.
+- Created two separate patches for Makefile and manpage fixes.
+- Removed passing datarootdir from configure.
+
+* Thu Jan 20 2011 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> 2.1.2-5
+- Renamed Source0 to use Fedora sourceforge.net naming guidelines.
+- Removed exit call in library patch.
+- Use A.B.C version number.
+
+* Thu Jan 20 2011 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> 2.1_2-4
+- Updated to license LGPLv2+.
+- Changed to use BuildRoot.
+- Added comments for inclusion of patches.
+- Removed inconsistent macro usage.
+- Moved man page, HTML documentation to devel package.
+- Added AUTHORS, COPYING, README, TODO to doc in base package.
+- Used * in man, library inclusion.
+
+* Sun Dec 26 2010 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> 2.1_2-3
+- Created patch to fix man page warnings and datarootdir settings.
+- Added patch to remove exit calls in library.
+
+* Wed Dec 15 2010 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> 2.1_2-2
+- Moved libcunit.so.* to main package.
+- Added post, postun ldconfig.
+- Added smp flags for make build.
+- Changed datarootdir to datadir.
+
+* Tue Dec 14 2010 Shakthi Kannan <shakthimaan [AT] fedoraproject dot org> 2.1_2-1
+- First CUnit package.