From: Emanuele Giuseppe Esposito on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917 We want to enable kernel.spec to optionally ship UKI addons defined in a common config file in redhat folder. The folder redhat/addons will contain all addons configs specifying the UKI kernel cmdline addons to be created in the next build. An addon config is simply a .addon plain text file, where any line is taken as kernel cmdline, except for the ones starting with '#', which will be automatically ignored. redhat/scripts/uki_addons.py will take care of parsing all configs and folders in redhat/addons and call 'ukify' to create the actual addons. The output addon filename will be a concatenation of all folders in redhat/addons that are part of the addon config path. For example, an addon config redhat/addons/1/2/3/test.addon will result in generating redhat/addons_output/1-2-3-test.addon.efi. It is also possible to add .sbat to all the generated addons, by populating redhat/addons/sbat/sbat.conf. Syntax is same as the addons config. At build time, Makefile will create a tar.gz archive (addons.tar.gz) containing all the files in redhat/addons. It will then passed to the kernel specfile that will extract the addons from it and generate the UKI kernel cmdline addons. As an example of this feature, add the fips addon to optionally enable fips (https://issues.redhat.com/browse/RHEL-23049). --- redhat/addons/fedora/virt/x86_64/fips.addon | 2 + redhat/addons/rhel/virt/x86_64/fips.addon | 2 + redhat/scripts/uki_addons.py | 125 ++++++++++++++++++++++++++++ redhat/Makefile | 9 ++ redhat/kernel.spec.template | 45 ++++++++++ 5 files changed, 183 insertions(+), 0 deletions(-) -- _______________________________________________ kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue