1. Got rid of statistics to simplify maintenance. Changing global
kernel structures is not a thing to take lightly.
2. Removed sanitization of pages. Starting from kernel 4.6, page
poisoning should be used instead. To enable it, set page_poison=on in
the boot options for the kernel.
3. The sanitization patch is now applied only if enhanced security is
enabled (disabled by default for ROSA Fresh, enabled for cert. builds).
You can also use "rpmbuild -ba --with enhanced_security <...>" to force
enable the feature.
This helps unify the kernels for the ordinary systems and for the
certified systems a bit more.
SELinux components are built-in but disabled by default. To enable
SELinux, it should be enough to add "selinux=1" to the kernel options
at boot time (or in the bootloader configuration file).
It does not work. Say, kernel 4.6.x does not support broadcom-wl version
5.x. However, installing kernel 4.6.x should not remove that driver
because the user might have a different kernel installed that supports
it.
It would be cleaner if the driver packages specified the minimum required
kernel versions, "kernel >= x.y.z" (the kernel has the appropriate
"Provides" for that). Same for the maximum kernel versions supported by
the driver.
Similar for the obsoletes: this kernel may provide the listed drivers
but we cannot be sure about other kernels the user might have installed.
A safer route seems to be not to require dkms-* directly but rather -
via "Requires: kmod(xxx)". Again, it is not the kernel's responsibility
to keep track of all this.
While at it, cleaned up the spec a bit more.
If anyone needs the sources of our kernel, they can easily get an SRPM,
unpack it and run "rpmbuild -bp" to get the properly patched source
tree.
The configuration files for the different kernel flavours will also be
available in that source tree, in arch/x86/configs/.
Let us save a bit of a build time then and not build the RPM with the
sources by default.
Earlier, the patches were kept in the respective branches of a separate
project, https://abf.io/soft/kernel-patches-and-configs. And before that -
in the custom tarballs.
Now all the patches are kept here along with the spec file and are
applied the default way rather than by separate scripts. This should
make the maintenance of the patches as well as the experiments with the
new ones a lot easier.
The previous scheme seemed to offer a bit more flexibility (different
patch sets for different cases) at the cost of maintenance. But as it
turned out, that flexibility was not worth it and was rarely used,
at most.
The intent behind these things was to simplify building of pre-release
kernels and such. Over time, it became too cumbersome to use though.
Let us get rid of all that stuff and make the spec a bit cleaner.
kernel*-latest packages now also obsolete & provide kernel*-pae*-latest.
This way, the older kernel*-pae*-latest packages will be properly
replaced with the appropriate new packages in the users' systems.
Until now, the build system for the kernel supported a number of
flavours: nrj and non-nrj ones, desktop-, laptop-, server- and
netbook-oriented, etc.
It turned out over the years, however, that our users mostly need the
following:
* a kernel to use on the desktops (home and office use) with reasonable
default settings for performance and responsiveness;
* a kernel for laptops, with a bit more emphasis on power consumption.
Other variants were rarely used. We also did not have enough time to
properly support all these.
Besides, the kernels for ARM and other architectures need a somewhat
different build process than for x86. So, they are better off to be in
separate ABF projects, even if they are needed. No signs of ROSA on ARM
yet, btw.
So, I kept only nrj-desktop and nrj-laptop flavours and only x86.
Non-PAE systems also seem to be rare now, so I enabled PAE by default
for the 32-bit kernels. Non-PAE kernels are no longer built. If they are
needed, we may use a separate git branch or an ABF project for that.
To simplify debugging, maintenance and experimentation with the kernel
builds further, I revisited the process of preparing the kernel
configuration files. The goal is to get rid of a separate git repo with
the default configs (kernel-patches-and-configs) and keep everything in
this project.
The default config files are now kept here. For x86_64:
* kernel-x86_64.config contains the options for both nrj-desktop and
nrn-laptop flavours;
* kernel-{nrj_desktop|nrj_laptop}-x86_64.config files contain the
flavour-specific options.
This way, it is easier to track which config options changed when,
easier to experiment with the custom configs and so on.
The kernel will be built with debug info if rpmbuild is called with
"--with debug".
