kpatch: initial addition

Change-Id: I8cc2898956506595af704b670c753f3a69fd795b
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/16507
Tested-by: gerrit-photon <[email protected]>
Reviewed-by: Shreenidhi Shedi <[email protected]>

SPECS/kpatch/0001-Added-support-for-Photon-OS.patch

@@ -0,0 +1,129 @@
+From b5a09b6e99001a93f683347a06a076f40a9f33db Mon Sep 17 00:00:00 2001
+From: Brennan Lamoreaux <[email protected]>
+Date: Tue, 31 May 2022 22:39:31 +0000
+Subject: [PATCH] Added support for Photon OS
+
+This has now been modified and tested (on aws, generic and rt only) to be
+compatible with all Photon OS flavors.
+---
+ kpatch-build/kpatch-build | 90 ++++++++++++++++++++++++++++++++++++++-
+ 1 file changed, 89 insertions(+), 1 deletion(-)
+
+diff --git a/kpatch-build/kpatch-build b/kpatch-build/kpatch-build
+index 634095d..e17c321 100755
+--- a/kpatch-build/kpatch-build
++++ b/kpatch-build/kpatch-build
+@@ -628,6 +628,13 @@ while [[ $# -gt 0 ]]; do
+ 	shift
+ done
+
++#make sure we have at least 8 gb
++let BYTES_NEEDED=$((8*(2**30)))
++if (( $(df $PWD --block-size=1 | awk '/[0-9]%/{print $(NF-2)}') < $BYTES_NEEDED )); then
++	warn "building the kernel requires at least 8gb of disk space. There is probably not enough in this partition"
++	echo "Needs: $BYTES_NEEDED, Available: $(df $PWD --block-size=1 | awk '/[0-9]%/{print $(NF-2)}')"
++fi
++
+ if [[ ${#PATCH_LIST[@]} -eq 0 ]]; then
+ 	warn "no patch file(s) specified"
+ 	usage
+@@ -712,7 +719,7 @@ if [[ -z "$USERSRCDIR" ]] && [[ -f "$RELEASE_FILE" ]]; then
+ 	DISTRO="$ID"
+ fi
+
+-if [[ "$DISTRO" = fedora ]] || [[ "$DISTRO" = rhel ]] || [[ "$DISTRO" = ol ]] || [[ "$DISTRO" = centos ]] || [[ "$DISTRO" = openEuler ]]; then
++if [[ "$DISTRO" = fedora ]] || [[ "$DISTRO" = rhel ]] || [[ "$DISTRO" = ol ]] || [[ "$DISTRO" = centos ]] || [[ "$DISTRO" = openEuler ]] || [[ "$DISTRO" = photon ]]; then
+ 	[[ -z "$VMLINUX" ]] && VMLINUX="/usr/lib/debug/lib/modules/$ARCHVERSION/vmlinux"
+ 	[[ -e "$VMLINUX" ]] || die "kernel-debuginfo-$ARCHVERSION not installed"
+
+@@ -824,6 +831,87 @@ else
+ 		sed -i "s/^SUBLEVEL.*/${sublevel}/" "$KERNEL_SRCDIR/Makefile" || die
+ 		echo "$ARCHVERSION" > "$VERSIONFILE" || die
+
++	elif [[ "$DISTRO" = photon ]]; then
++		echo "Photon distribution detected, no cache. Setting up."
++		clean_cache
++		PHOTON_TEMP_DIR=$HOME/.kpatch/kpatch_prep
++
++		[[ -z "$CONFIGFILE" ]] && CONFIGFILE="/boot/config-$(uname -r)"
++
++		#extract only version number
++		KERNEL_VERSION=$(uname -r | cut -d '-' -f 1)
++
++		declare -A photon_version=(["4.19"]="3.0" ["5.10"]="4.0")
++
++		#determine which photon version this is
++		KERNEL_SHORT_VERSION=$(uname -r | cut -d '.' -f 1-2) && PHOTON_VERSION=${photon_version[$KERNEL_SHORT_VERSION]}
++
++		#extract photon flavor - aws, esx, etc.
++		FLAVOR=$(uname -r | cut -d '-' -f 3)
++
++		#extract version/release ex) 5.10.108-2.ph4
++		EXTRAVERSION=$(uname -r | cut -d '-' -f 2)
++		if [[ ${EXTRAVERSION:0:2} == "rt" ]]; then
++			EXTRAVERSION=$(uname -r | cut -d '-' -f 3)
++			FLAVOR="rt"
++		fi
++
++		VERSION_RELEASE="${KERNEL_VERSION}-${EXTRAVERSION}"
++		echo "Detected Linux: $VERSION_RELEASE"
++		echo "Detected Photon OS: $FLAVOR $PHOTON_VERSION"
++
++		#download and prep photon kernel source
++		[ ! -d $PHOTON_TEMP_DIR ] && mkdir $PHOTON_TEMP_DIR
++		pushd $PHOTON_TEMP_DIR
++		
++		# src rpm name
++		if [[ $FLAVOR != "" ]]; then
++			SRC_RPM_NAME="linux-$FLAVOR-$VERSION_RELEASE.src.rpm"
++			SPEC_FILENAME="linux-$FLAVOR.spec"
++		else
++			SRC_RPM_NAME="linux-$VERSION_RELEASE.src.rpm"
++			SPEC_FILENAME="linux.spec"
++		fi
++
++		echo "Downloading source rpm"
++		curl "https://packages.vmware.com/photon/$PHOTON_VERSION/photon_srpms_${PHOTON_VERSION}_x86_64/$SRC_RPM_NAME" --output $SRC_RPM_NAME > /dev/null 2>&1 || die "Couldn't download photon kernel source rpm"
++
++		# set up temporary rpm build environment
++		RPMDIR="%_topdir %(echo $PWD)/rpmbuild"
++		mkdir -p rpmbuild/{BUILD,RPMS,SOURCES,SPECS,SRPMS}
++
++		echo "Extracting spec file"
++		rpm -i "$SRC_RPM_NAME" --define "$RPMDIR"
++
++		echo "Extracting kernel source from source rpm, this may take a few minutes..."
++		rpmbuild -bp "rpmbuild/SPECS/$SPEC_FILENAME" --define "$RPMDIR" > /dev/null 2>&1
++		cp rpmbuild/BUILD/fips-canister*/* "rpmbuild/BUILD/linux-$KERNEL_VERSION/crypto"
++		cp "$CONFIGFILE" rpmbuild/BUILD/linux-"$KERNEL_VERSION"/.config
++		echo "Finished extracting source"
++
++		#move kernel source to where kpatch wants it
++		mkdir -p $KERNEL_SRCDIR
++		mv rpmbuild/BUILD/linux-*/* "$KERNEL_SRCDIR" || die
++
++		echo "$ARCHVERSION" > "$VERSIONFILE" || die
++
++		# make sure kernel dependencies are installed
++		echo -e "\nMaking sure dependencies are installed for the kernel"
++		old_IFS=$IFS
++		IFS=$'\n'
++		packages=( $(rpm -q --requires $SRC_RPM_NAME) )
++		for package in "${packages[@]}"; do
++			[[ $package =~ ^[^[:space:]]+ ]] && packagename=$BASH_REMATCH
++
++			#exclude rpmlib, tdnf install everything else
++			echo "$packagename" | grep rpmlib || tdnf install -y "$packagename"
++		done
++		IFS=$old_IFS
++		echo -e "\n***********************************************************"
++
++		#clean up
++		popd
++		rm -rf $PHOTON_TEMP_DIR
+ 	else
+ 		die "Unsupported distribution"
+ 	fi
+-- 
+2.30.0
+

SPECS/kpatch/kpatch.spec

@@ -0,0 +1,87 @@
+Name:           kpatch
+Summary:        Dynamic kernel patching
+Version:        0.9.6
+Release:        1%{?dist}
+URL:            http://github.com/dynup/kpatch
+License:        GPLv2
+Group:          System Environment/Kernel
+Vendor:         VMware, Inc.
+Distribution:   Photon
+
+Source0:        https://github.com/dynup/kpatch/archive/refs/tags/kpatch-v%{version}.tar.gz
+%define sha512 kpatch=898c5704098c473187f2eab9bccd5fb3cfc31f4211492d658abcd0b7cac6d03f11a27df19a56ad17c20163803084ddf54a27defcf12b4975a8a8eb5dbad73f21
+
+Patch0:         0001-Added-support-for-Photon-OS.patch
+
+BuildRequires:  make
+BuildRequires:  gcc
+BuildRequires:  elfutils
+BuildRequires:  elfutils-devel
+BuildRequires:  systemd-rpm-macros
+
+Requires:       kmod
+Requires:       bash
+Requires:       rpm-build
+Requires:	coreutils
+Requires:	gawk
+
+%description
+Contains the kpatch utility, which allows loading of kernel livepatches.
+kpatch is a Linux dynamic kernel patching tool which allows you to patch a
+running kernel without rebooting or restarting any processes.  It enables
+sysadmins to apply critical security patches to the kernel immediately, without
+having to wait for long-running tasks to complete, users to log off, or
+for scheduled reboot windows.  It gives more control over up-time without
+sacrificing security or stability.
+
+%package build
+Requires: %{name} = %{version}-%{release}
+Summary: Dynamic kernel patching
+
+%description build
+Contains the kpatch-build tool, to enable creation of kernel livepatches.
+
+%package devel
+Summary: Development files for kpatch
+
+%description devel
+Contains files for developing with kpatch.
+
+%prep
+%autosetup -p1
+
+%build
+make %{?_smp_mflags}
+
+%install
+make install PREFIX=%{_usr} DESTDIR=%{buildroot} %{?_smp_mflags}
+
+#%check
+# make check require shellcheck package, which is not in photon
+
+%post   -p /sbin/ldconfig
+%postun -p /sbin/ldconfig
+
+%files
+%defattr(-,root,root,-)
+%license COPYING
+%{_sbindir}/kpatch
+%{_unitdir}/*
+%{_sysconfdir}/init/kpatch.conf
+
+%files build
+%defattr(-,root,root,-)
+%{_bindir}/*
+%{_libexecdir}/*
+%{_datadir}/%{name}
+
+%files devel
+%defattr(-,root,root,-)
+%doc README.md doc/patch-author-guide.md
+%{_mandir}/man1/kpatch-build.1*
+%{_mandir}/man1/kpatch.1*
+
+%changelog
+* Tue May 24 2022 Brennan Lamoreaux <[email protected]> 0.9.6-1
+- Initial addition to photon. Modified from provided kpatch.spec on
+- GitHub.