Among other things:
* BFQ was updated to v8r7 for 4.9.0
* AUFS was updated to version 4.9-20161219
* inotify-increase-max-user-watches.patch was dropped: it is better to
tune such things from user space instead.
1. Got rid of statistics to simplify maintenance. Changing global
kernel structures is not a thing to take lightly.
2. Removed sanitization of pages. Starting from kernel 4.6, page
poisoning should be used instead. To enable it, set page_poison=on in
the boot options for the kernel.
3. The sanitization patch is now applied only if enhanced security is
enabled (disabled by default for ROSA Fresh, enabled for cert. builds).
You can also use "rpmbuild -ba --with enhanced_security <...>" to force
enable the feature.
This helps unify the kernels for the ordinary systems and for the
certified systems a bit more.
SELinux components are built-in but disabled by default. To enable
SELinux, it should be enough to add "selinux=1" to the kernel options
at boot time (or in the bootloader configuration file).
It does not work. Say, kernel 4.6.x does not support broadcom-wl version
5.x. However, installing kernel 4.6.x should not remove that driver
because the user might have a different kernel installed that supports
it.
It would be cleaner if the driver packages specified the minimum required
kernel versions, "kernel >= x.y.z" (the kernel has the appropriate
"Provides" for that). Same for the maximum kernel versions supported by
the driver.
Similar for the obsoletes: this kernel may provide the listed drivers
but we cannot be sure about other kernels the user might have installed.
A safer route seems to be not to require dkms-* directly but rather -
via "Requires: kmod(xxx)". Again, it is not the kernel's responsibility
to keep track of all this.
While at it, cleaned up the spec a bit more.
If anyone needs the sources of our kernel, they can easily get an SRPM,
unpack it and run "rpmbuild -bp" to get the properly patched source
tree.
The configuration files for the different kernel flavours will also be
available in that source tree, in arch/x86/configs/.
Let us save a bit of a build time then and not build the RPM with the
sources by default.
Earlier, the patches were kept in the respective branches of a separate
project, https://abf.io/soft/kernel-patches-and-configs. And before that -
in the custom tarballs.
Now all the patches are kept here along with the spec file and are
applied the default way rather than by separate scripts. This should
make the maintenance of the patches as well as the experiments with the
new ones a lot easier.
The previous scheme seemed to offer a bit more flexibility (different
patch sets for different cases) at the cost of maintenance. But as it
turned out, that flexibility was not worth it and was rarely used,
at most.
