Merge remote-tracking branch 'upstream/1.0' into 1.0

Author: anphel31

.github/pull_request_template.md

@@ -10,8 +10,8 @@ Feel free to delete sections of the template which do not apply to your PR, or a
 - [ ] The toolchain/worker package manifests are up-to-date
 - [ ] Any updated packages successfully build (or no packages were changed)
 - [ ] All package sources are available
-- [ ] cgmanifest files are up-to-date and sorted (`./cgmanifest.json`, `./toolkit/tools/cgmanifest.json`, `./toolkit/scripts/toolchain/cgmanifest.json`)
-- [ ] LICENSE-MAP files are up-to-date (`./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md`, `./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON`)
+- [ ] cgmanifest files are up-to-date and sorted (`./cgmanifest.json`, `./toolkit/tools/cgmanifest.json`, `./toolkit/scripts/toolchain/cgmanifest.json`, `.github/workflows/cgmanifest.json`)
+- [ ] LICENSE-MAP files are up-to-date (`./SPECS/LICENSES-AND-NOTICES/data/licenses.json`, `./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md`, `./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON`)
 - [ ] All source files have up-to-date hashes in the `*.signatures.json` files
 - [ ] `sudo make go-tidy-all` and `sudo make go-test-coverage` pass
 - [ ] Documentation has been updated to match any changes to the build system
@@ -42,7 +42,7 @@ NO
 - #xxxx
 
 ###### Links to CVEs  <!-- optional -->
-- https://nvd.nist.gov/...
+- https://nvd.nist.gov/vuln/detail/CVE-YYYY-XXXX
 
 ###### Test Methodology
 <!-- How as this test validated? i.e. local build, pipeline build etc. -->

.github/workflows/check-license-map.yml

@@ -0,0 +1,31 @@
+# This action checks that the licenses.json file is up-to-date
+# and that the LICENSES-MAP.md file is up-to-date
+name: Spec License Map Check
+
+on:
+  push:
+    branches: [main, dev, 1.0*]
+  pull_request:
+    branches: [main, dev, 1.0*]
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+
+    steps:
+      # Checkout the branch of our repo that triggered this action
+      - name: Workflow trigger checkout
+        uses: actions/checkout@v2
+
+      - name: Setup Python 3.9
+        uses: actions/setup-python@v2
+        with:
+          python-version: 3.9
+
+      - name: Run license map checking script
+        run: |
+          python3 ./SPECS/LICENSES-AND-NOTICES/data/license_map.py \
+          ./SPECS/LICENSES-AND-NOTICES/data/licenses.json \
+          ./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md \
+          ./SPECS \
+          ./SPECS-SIGNED

.github/workflows/go-test-coverage.yml

@@ -16,7 +16,7 @@ jobs:
     - name: Set up Go 1.x
       uses: actions/setup-go@v2
       with:
-        go-version: 1.13
+        go-version: 1.15
       id: go
 
     - name: Check out code into the Go module directory

.github/workflows/quickstart_1.0.yml

@@ -20,17 +20,17 @@ jobs:
       with:
         ref: '1.0-stable'
 
-    - name: Set up Go 1.13
+    - name: Set up Go 1.15
       uses: actions/setup-go@v2
       with:
-        go-version: 1.13
+        go-version: 1.15
       id: go
 
     - name: Install Remaining Prerequisites
       run: |
         # Golang and docker are already installed on the agent
         sudo apt-get update
-        sudo apt -y install make tar wget curl rpm qemu-utils genisoimage pigz
+        sudo apt -y install make tar wget curl rpm qemu-utils genisoimage pigz parted
 
     - name: Download SRPMS
       run: |
@@ -48,17 +48,17 @@ jobs:
       with:
         ref: '1.0-stable'
 
-    - name: Set up Go 1.13
+    - name: Set up Go 1.15
       uses: actions/setup-go@v2
       with:
-        go-version: 1.13
+        go-version: 1.15
       id: go
 
     - name: Install Remaining Prerequisites
       run: |
         # Golang and docker are already installed on the agent
         sudo apt-get update
-        sudo apt -y install make tar wget curl rpm qemu-utils genisoimage pigz
+        sudo apt -y install make tar wget curl rpm qemu-utils genisoimage pigz parted
 
     - name: ISO Quick Start
       run: |
@@ -75,17 +75,17 @@ jobs:
       with:
         ref: '1.0-stable'
 
-    - name: Set up Go 1.13
+    - name: Set up Go 1.15
       uses: actions/setup-go@v2
       with:
-        go-version: 1.13
+        go-version: 1.15
       id: go
 
     - name: Install Remaining Prerequisites
       run: |
         # Golang and docker are already installed on the agent
         sudo apt-get update
-        sudo apt -y install make tar wget curl rpm qemu-utils genisoimage pigz
+        sudo apt -y install make tar wget curl rpm qemu-utils genisoimage pigz parted
 
     - name: VHDX Quick Start
       run: |

SPECS-SIGNED/grub2-efi-binary-signed-aarch64/grub2-efi-binary-signed-aarch64.spec

@@ -1,8 +1,8 @@
 %global debug_package %{nil}
 Summary:        Signed GRand Unified Bootloader for aarch64 systems
 Name:           grub2-efi-binary-signed-aarch64
-Version:        2.02
-Release:        26%{?dist}
+Version:        2.06~rc1
+Release:        1%{?dist}
 License:        GPLv3+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -40,6 +40,10 @@ cp %{SOURCE1} %{buildroot}/boot/efi/EFI/BOOT/grubaa64.efi
 /boot/efi/EFI/BOOT/grubaa64.efi
 
 %changelog
+* Wed Mar 10 2021 Chris Co <[email protected]> - 2.06~rc1-1
+- Update to 2.06-rc1
+- Incorporate SBAT data
+
 * Wed Dec 23 2020 Pawel Winogrodzki <[email protected]> - 2.02-26
 - Updating release to be aligned with the unsigned bits.
 

SPECS-SIGNED/grub2-efi-binary-signed-x64/grub2-efi-binary-signed-x64.spec

@@ -1,8 +1,8 @@
 %global debug_package %{nil}
 Summary:        Signed GRand Unified Bootloader for x86_64 systems
 Name:           grub2-efi-binary-signed-x64
-Version:        2.02
-Release:        26%{?dist}
+Version:        2.06~rc1
+Release:        1%{?dist}
 License:        GPLv3+
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -40,6 +40,10 @@ cp %{SOURCE1} %{buildroot}/boot/efi/EFI/BOOT/grubx64.efi
 /boot/efi/EFI/BOOT/grubx64.efi
 
 %changelog
+* Wed Mar 10 2021 Chris Co <[email protected]> - 2.06~rc1-1
+- Update to 2.06-rc1
+- Incorporate SBAT data
+
 * Wed Dec 23 2020 Pawel Winogrodzki <[email protected]> - 2.02-26
 - Updating release to be aligned with the unsigned bits.
 

SPECS-SIGNED/kernel-signed-aarch64/kernel-signed-aarch64.spec

@@ -2,8 +2,8 @@
 %define uname_r %{version}-rolling-lts-mariner-%{release}
 Summary:        Signed Linux Kernel for aarch64 systems
 Name:           kernel-signed-aarch64
-Version:        5.10.13.1
-Release:        1%{?dist}
+Version:        5.10.21.1
+Release:        3%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -22,7 +22,7 @@ URL:            https://github.com/microsoft/CBL-Mariner-Linux-Kernel
 #   3. Place the unsigned package and signed binary in this spec's folder
 #   4. Build this spec
 Source0:        kernel-%{version}-%{release}.aarch64.rpm
-Source1:        vmlinuz-%{version}-%{release}
+Source1:        vmlinuz-%{uname_r}
 BuildRequires:  cpio
 Requires:       filesystem
 Requires:       kmod
@@ -38,16 +38,16 @@ This package contains the Linux kernel package with kernel signed with the produ
 
 %build
 rpm2cpio %{SOURCE0} | cpio -idmv
+cp %{SOURCE1} ./boot/vmlinuz-%{uname_r}
 
 %install
 install -vdm 700 %{buildroot}/boot
 install -vdm 755 %{buildroot}/lib/modules/%{uname_r}
 mkdir -p %{buildroot}/%{_localstatedir}/lib/initramfs/kernel
 
-cp -rp ./boot/* %{buildroot}/boot
-cp -rp ./lib/* %{buildroot}/lib
-cp -rp ./var/* %{buildroot}/%{_localstatedir}
-cp %{SOURCE1} %{buildroot}/boot/vmlinuz-%{version}-%{release}
+cp -rp ./boot/. %{buildroot}/boot
+cp -rp ./lib/. %{buildroot}/lib
+cp -rp ./var/. %{buildroot}/%{_localstatedir}
 
 %triggerin -- initramfs
 mkdir -p %{_localstatedir}/lib/rpm-state/initramfs/pending
@@ -82,6 +82,25 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %config %{_localstatedir}/lib/initramfs/kernel/%{uname_r}
 
 %changelog
+* Thu Mar 18 2021 Chris Co <[email protected]> - 5.10.21.1-3
+- Fix file copy
+
+* Wed Mar 17 2021 Nicolas Ontiveros <[email protected]> - 5.10.21.1-2
+- Update to kernel release 5.10.21.1-2
+
+* Thu Mar 11 2021 Chris Co <[email protected]> - 5.10.21.1-1
+- Update source to 5.10.21.1
+
+* Fri Mar 05 2021 Chris Co <[email protected]> - 5.10.13.1-4
+- Update release number to match kernel spec
+- Use uname_r macro instead of version-release for kernel version
+
+* Thu Mar 04 2021 Suresh Babu Chalamalasetty <[email protected]> - 5.10.13.1-3
+- Update to kernel release 5.10.13.1-3
+
+* Mon Feb 22 2021 Thomas Crain <[email protected]> - 5.10.13.1-2
+- Update to kernel release 5.10.13.1-2
+
 * Thu Feb 18 2021 Chris Co <[email protected]> - 5.10.13.1-1
 - Update source to 5.10.13.1
 

SPECS-SIGNED/kernel-signed-x64/kernel-signed-x64.spec

@@ -2,8 +2,8 @@
 %define uname_r %{version}-rolling-lts-mariner-%{release}
 Summary:        Signed Linux Kernel for x86_64 systems
 Name:           kernel-signed-x64
-Version:        5.10.13.1
-Release:        1%{?dist}
+Version:        5.10.21.1
+Release:        3%{?dist}
 License:        GPLv2
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -22,7 +22,7 @@ URL:            https://github.com/microsoft/CBL-Mariner-Linux-Kernel
 #   3. Place the unsigned package and signed binary in this spec's folder
 #   4. Build this spec
 Source0:        kernel-%{version}-%{release}.x86_64.rpm
-Source1:        vmlinuz-%{version}-%{release}
+Source1:        vmlinuz-%{uname_r}
 BuildRequires:  cpio
 Requires:       filesystem
 Requires:       kmod
@@ -38,16 +38,16 @@ This package contains the Linux kernel package with kernel signed with the produ
 
 %build
 rpm2cpio %{SOURCE0} | cpio -idmv
+cp %{SOURCE1} ./boot/vmlinuz-%{uname_r}
 
 %install
 install -vdm 700 %{buildroot}/boot
 install -vdm 755 %{buildroot}/lib/modules/%{uname_r}
 mkdir -p %{buildroot}/%{_localstatedir}/lib/initramfs/kernel
 
-cp -rp ./boot/* %{buildroot}/boot
-cp -rp ./lib/* %{buildroot}/lib
-cp -rp ./var/* %{buildroot}/%{_localstatedir}
-cp %{SOURCE1} %{buildroot}/boot/vmlinuz-%{version}-%{release}
+cp -rp ./boot/. %{buildroot}/boot
+cp -rp ./lib/. %{buildroot}/lib
+cp -rp ./var/. %{buildroot}/%{_localstatedir}
 
 %triggerin -- initramfs
 mkdir -p %{_localstatedir}/lib/rpm-state/initramfs/pending
@@ -82,6 +82,25 @@ ln -sf linux-%{uname_r}.cfg /boot/mariner.cfg
 %config %{_localstatedir}/lib/initramfs/kernel/%{uname_r}
 
 %changelog
+* Thu Mar 18 2021 Chris Co <[email protected]> - 5.10.21.1-3
+- Fix file copy
+
+* Wed Mar 17 2021 Nicolas Ontiveros <[email protected]> - 5.10.21.1-2
+- Update to kernel release 5.10.21.1-2
+
+* Thu Mar 11 2021 Chris Co <[email protected]> - 5.10.21.1-1
+- Update source to 5.10.21.1
+
+* Fri Mar 05 2021 Chris Co <[email protected]> - 5.10.13.1-4
+- Update release number to match kernel spec
+- Use uname_r macro instead of version-release for kernel version
+
+* Thu Mar 04 2021 Suresh Babu Chalamalasetty <[email protected]> - 5.10.13.1-3
+- Update to kernel release 5.10.13.1-3
+
+* Mon Feb 22 2021 Thomas Crain <[email protected]> - 5.10.13.1-2
+- Update to kernel release 5.10.13.1-2
+
 * Thu Feb 18 2021 Chris Co <[email protected]> - 5.10.13.1-1
 - Update source to 5.10.13.1