From: Emanuele Giuseppe Esposito on gitlab.com Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917 We want to enable kernel.spec to optionally ship UKI addons defined in a common config file in redhat folder. The folder redhat/uki_addons will contain all addons configs specifying the UKI kernel cmdline addons to be created in the next build. An addon config is simply a .addon plain text file, where any line is taken as kernel cmdline, except for the ones starting with '#', which will be automatically ignored. redhat/scripts/uki_addons.py will take care of parsing all configs and folders in redhat/uki_addons and call 'ukify' to create the actual addons. The output addon filename will be a concatenation of all folders in redhat/uki_addons that are part of the addon config path. The folder hierarchy inside of redhat/uki_addons is similar to redhat/configs: $distro/$UKI_NAME/%arch. It is also possible to add .sbat to all the generated addons, by populating redhat/addons/$distro/$UKI_NAME/%arch/sbat/sbat.conf. Syntax is same as the addons config. At build time, Makefile will create a tar.gz archive (uki_addons.tar.gz) containing all the files in redhat/uki_addons. It will then passed to the kernel specfile that will extract the addons from it and generate the UKI kernel cmdline addons. As an example of this feature, add the fips addon to optionally enable fips (https://issues.redhat.com/browse/RHEL-23049). --- redhat/scripts/uki_addons.py | 162 +++++++++++++++++++++++++++++++ redhat/uki_addons/virt/common/fips.addon | 1 + redhat/Makefile | 3 + redhat/kernel.spec.template | 44 ++++++++ 4 files changed, 210 insertions(+), 0 deletions(-) -- _______________________________________________ kernel mailing list -- kernel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to kernel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/kernel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue