linux-yocto/6.5: drop removed IMA option

Integrating the following commit(s) to linux-yocto/.:

1/1 [
    Author: Paul Gortmaker
    Email: paul.gortmaker@windriver.com
    Subject: features/ima: drop now retired IMA_TRUSTED_KEYRING option
    Date: Wed, 6 Dec 2023 09:15:38 -0500

    Unfortunately linux-stable backported this:

      Subject: ima: Remove deprecated IMA_TRUSTED_KEYRING Kconfig

      From: Nayna Jain <nayna@linux.ibm.com>

      [ Upstream commit 5087fd9e80e539d2163accd045b73da64de7de95 ]

      Time to remove "IMA_TRUSTED_KEYRING".

    ...to all releases still being maintained.

    stable-queue$git grep -l 5087fd9e80e539
    releases/5.10.195/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
    releases/5.15.132/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
    releases/5.4.257/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
    releases/6.1.53/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
    releases/6.4.16/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch
    releases/6.5.3/ima-remove-deprecated-ima_trusted_keyring-kconfig.patch

    So now when someone uses the feature, it triggers a do_kernel_configcheck
    warning when the audit runs.

    We added this file way back in 2019 so this fix will be needed on all
    active branches that are using an LTS linux-stable kernel listed above.

    Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
    Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
]

Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

diff --git a/meta/recipes-kernel/linux/linux-yocto-rt_6.5.bb b/meta/recipes-kernel/linux/linux-yocto-rt_6.5.bb
index 62020312f87018311d6f055b8b132ad167d54761..fccf0252d0c4293b1ca3552472689fde00a3469e 100644 (file)
--- a/meta/recipes-kernel/linux/linux-yocto-rt_6.5.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-rt_6.5.bb
@@ -15,7 +15,7 @@ python () {
 }
 
 SRCREV_machine ?= "1d89cd73350cad73ecf330ad3785e6d8bdec092d"
-SRCREV_meta ?= "867a6bdef9701f378f5a9ce66a713daa22598649"
+SRCREV_meta ?= "3b1f87ec237ec3ad9acffb3d75c55efe958085dc"
 
 SRC_URI = "git://git.yoctoproject.org/linux-yocto.git;branch=${KBRANCH};name=machine;protocol=https \
            git://git.yoctoproject.org/yocto-kernel-cache;type=kmeta;name=meta;branch=yocto-6.5;destsuffix=${KMETA};protocol=https"

diff --git a/meta/recipes-kernel/linux/linux-yocto-tiny_6.5.bb b/meta/recipes-kernel/linux/linux-yocto-tiny_6.5.bb
index f57bc47b37d8ea623f29eac9412249bf928faf15..b63d5ad893ce687194959a70cc9029955cd95bdf 100644 (file)
--- a/meta/recipes-kernel/linux/linux-yocto-tiny_6.5.bb
+++ b/meta/recipes-kernel/linux/linux-yocto-tiny_6.5.bb
@@ -18,7 +18,7 @@ KMETA = "kernel-meta"
 KCONF_BSP_AUDIT_LEVEL = "2"
 
 SRCREV_machine ?= "95753fe2a7d507646224fe973e2a4fc48cb7694d"
-SRCREV_meta ?= "867a6bdef9701f378f5a9ce66a713daa22598649"
+SRCREV_meta ?= "3b1f87ec237ec3ad9acffb3d75c55efe958085dc"
 
 PV = "${LINUX_VERSION}+git"
 

diff --git a/meta/recipes-kernel/linux/linux-yocto_6.5.bb b/meta/recipes-kernel/linux/linux-yocto_6.5.bb
index 1233140f8ea8979527241e4cb0d80f9aa378db12..984940d24cd3c191c7567239bfe1c973bcfbad64 100644 (file)
--- a/meta/recipes-kernel/linux/linux-yocto_6.5.bb
+++ b/meta/recipes-kernel/linux/linux-yocto_6.5.bb
@@ -29,7 +29,7 @@ SRCREV_machine:qemux86 ?= "7fe59b2e3f40a94ce4477854264e219aeb972990"
 SRCREV_machine:qemux86-64 ?= "7fe59b2e3f40a94ce4477854264e219aeb972990"
 SRCREV_machine:qemumips64 ?= "ff5efc72e961cf345f935ac14cdcaa9843ec5b23"
 SRCREV_machine ?= "7fe59b2e3f40a94ce4477854264e219aeb972990"
-SRCREV_meta ?= "867a6bdef9701f378f5a9ce66a713daa22598649"
+SRCREV_meta ?= "3b1f87ec237ec3ad9acffb3d75c55efe958085dc"
 
 # set your preferred provider of linux-yocto to 'linux-yocto-upstream', and you'll
 # get the <version>/base branch, which is pure upstream -stable, and the same