feat(kernel): Upgrade to 6.18.31.1

[rlmenge]

Updates the kernel and kernel-headers components to version 6.18.31.1, sourced from CBL-Mariner-Linux-Kernel rolling-lts/azl4/6.18.31.1. Also disables several unnecessary kernel configs to reduce attack surface.

Note this fixes AB#20078 but also introduces a new bug (https://dev.azure.com/mariner-org/mariner/_workitems/edit/20082) which will be fixed in a follow-up pr

Changes:

1. Version bump to 6.18.31.1

• Updated kernel and kernel-headers version and tarball fields
• Updated SHA512 hash for the new tarball

2. Disable ESP-in-TCP encapsulation

• Disabled CONFIG_INET_ESPINTCP, CONFIG_INET6_ESPINTCP, CONFIG_XFRM_ESPINTCP on both aarch64 and x86_64
• These configs enable ESP-in-TCP encapsulation (RFC 8229)

3. Disable AF_RXRPC and AFS_FS

• Disabled CONFIG_AF_RXRPC and CONFIG_AFS_FS on both aarch64 and x86_64

Testing:

• Completed a local build of the kernel upgrade to 6.18.31.1.
• Completed Koji builds for the updated packages:
  • kernel-headers: task 2489691
  • kernel: task 2489728
• Boot-tested the upgraded kernel in Azure VMs on both supported architectures:
  • x86_64
  • aarch64
• Confirmed the upgraded kernel boots successfully on both VM types.

[Copilot]

Pull request overview

This PR upgrades the Azure Linux kernel and kernel-headers components to the 6.18.31.1 Azure Linux kernel source (CBL-Mariner-Linux-Kernel rolling-lts/azl4/6.18.31.1) and reduces the kernel attack surface by disabling ESP-in-TCP encapsulation and RXRPC/AFS configs across x86_64 and aarch64.

Changes:

• Bump kernel/kernel-headers to 6.18.31.1 (tarball URIs + SHA512s, rendered spec version macros, lock fingerprints).
• Disable ESP-in-TCP encapsulation configs (CONFIG_*ESPINTCP) on x86_64 and aarch64.
• Disable RXRPC and AFS filesystem support (CONFIG_AF_RXRPC / CONFIG_AFS_FS) on x86_64 and aarch64.

Reviewed changes

Copilot reviewed 10 out of 12 changed files in this pull request and generated 3 comments.

Show a summary per file

File	Description
specs/k/kernel/sources	Updates the kernel source tarball checksum entry for 6.18.31.1.
specs/k/kernel/kernel.spec	Updates rendered kernel spec version macro to 6.18.31.
specs/k/kernel/6.18-x86_64-azl.config	Disables ESP-in-TCP and RXRPC/AFS-related configs; updates config header version.
specs/k/kernel/6.18-aarch64-azl.config	Disables ESP-in-TCP and RXRPC/AFS-related configs; updates config header version.
specs/k/kernel-headers/sources	Updates the kernel source tarball checksum entry for 6.18.31.1.
specs/k/kernel-headers/kernel-headers.spec	Updates rendered kernel-headers spec version macros and adds a new rpmautospec changelog entry.
locks/kernel.lock	Refreshes kernel component input fingerprint after the version/config changes.
locks/kernel-headers.lock	Refreshes kernel-headers component input fingerprint after the version/config changes.
base/comps/kernel/kernel.comp.toml	Updates the kernel tarball version/hash/URI and overlay text to 6.18.31.
base/comps/kernel/6.18-x86_64-azl.config	Source-of-truth config changes for x86_64 matching the rendered spec config.
base/comps/kernel/6.18-aarch64-azl.config	Source-of-truth config changes for aarch64 matching the rendered spec config.
base/comps/kernel-headers/kernel-headers.comp.toml	Updates kernel-headers tarball version/hash/URI and overlay replacements to 6.18.31.

[christopherco]

issue: Render looks broken? It's missing 6.18.29 commit entry and made up this one.

[rlmenge]

This is a known bug with the kernel-headers spec. It can only render the latest commit and the past ones will be for fedora's spec version

[christopherco]

Each commit in the PR is causing a change to the input-fingerprint, and since both kernel and kernel-headers are manual release calculation, this means each of these commits should increment the azl_pkgrelease value