AUFS was updated to "4.20.4+-20190211" in the process.
As for the sorted entries in the config files - this helps a lot during
rebases to the newer stable kernel branches.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
It was long since obsolete but sometimes difficult to maintain.
Now that the common Ubuntu-like kernels are the main ones in ROSA, one
common flavour of stable-based kernels is enough.
Stable-based kernels are often inferior to Ubuntu-based ones in terms of
stability, performance and hardware support. Now they are only intended for
debugging and experiments with some new features.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
Besides the upstream update, I have disabled building of nrj-laptop
kernels here.
Now that the main kernels used in ROSA are based on the sources from
Ubuntu, the stable-based kernels like this one are mostly intended for
debugging. No need to build nrj-laptop flavour each time. Let us make
things a bit easier for other ABF users at least.
Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
While at it, made the configs a bit closer to those from Ubuntu:
* disabled IDE drivers which are now barely maintained anyway;
* disabled some debugging facilities (verboseness of some drivers,
etc.);
* made some often used modules like vfat, fuse, ata_piix, etc.,
built-in.
* and so forth.
...And set it to 3, which should only allow to print the messages with
KERN_EMERG, KERN_ALERT and KERN_CRIT levels. This should make the boot
process less noisy.
Can be overridden with loglevel=n boot option.
1. Got rid of statistics to simplify maintenance. Changing global
kernel structures is not a thing to take lightly.
2. Removed sanitization of pages. Starting from kernel 4.6, page
poisoning should be used instead. To enable it, set page_poison=on in
the boot options for the kernel.
3. The sanitization patch is now applied only if enhanced security is
enabled (disabled by default for ROSA Fresh, enabled for cert. builds).
You can also use "rpmbuild -ba --with enhanced_security <...>" to force
enable the feature.
This helps unify the kernels for the ordinary systems and for the
certified systems a bit more.
SELinux components are built-in but disabled by default. To enable
SELinux, it should be enough to add "selinux=1" to the kernel options
at boot time (or in the bootloader configuration file).
Until now, the build system for the kernel supported a number of
flavours: nrj and non-nrj ones, desktop-, laptop-, server- and
netbook-oriented, etc.
It turned out over the years, however, that our users mostly need the
following:
* a kernel to use on the desktops (home and office use) with reasonable
default settings for performance and responsiveness;
* a kernel for laptops, with a bit more emphasis on power consumption.
Other variants were rarely used. We also did not have enough time to
properly support all these.
Besides, the kernels for ARM and other architectures need a somewhat
different build process than for x86. So, they are better off to be in
separate ABF projects, even if they are needed. No signs of ROSA on ARM
yet, btw.
So, I kept only nrj-desktop and nrj-laptop flavours and only x86.
Non-PAE systems also seem to be rare now, so I enabled PAE by default
for the 32-bit kernels. Non-PAE kernels are no longer built. If they are
needed, we may use a separate git branch or an ABF project for that.
To simplify debugging, maintenance and experimentation with the kernel
builds further, I revisited the process of preparing the kernel
configuration files. The goal is to get rid of a separate git repo with
the default configs (kernel-patches-and-configs) and keep everything in
this project.
The default config files are now kept here. For x86_64:
* kernel-x86_64.config contains the options for both nrj-desktop and
nrn-laptop flavours;
* kernel-{nrj_desktop|nrj_laptop}-x86_64.config files contain the
flavour-specific options.
This way, it is easier to track which config options changed when,
easier to experiment with the custom configs and so on.
The kernel will be built with debug info if rpmbuild is called with
"--with debug".
