# _get_email() in %%build contains bashisms for regexping %define _buildshell /bin/bash # brp-python-bytecompile uses /usr/bin/python, # but it is a different python version in different ROSA # releases; there is no good way to tell brp-python-bytecompile # which iterpreter to use; so just disable it to avoid problems %define _python_bytecompile_build 0 # Probably dwz bug, on i686 only file is not packaged: # /usr/lib/debug/usr/bin/trace-5.4.40-3.i386.debug.#dwz#.b5xuKG # dwz compresses only debuginfo from perf, cpupower, uml, # not the kernel itself (because it is stripped not by RPM), # so we do not loose much by disabling it. %global _find_debuginfo_dwz_opts %{nil} # Put everything into one non-standard debuginfo subpackage # TODO: make multiple debuginfo packages coinstallable as installonlypkg, # to achive this, there must be no conflicting files. # Probably signing and compressing of kernel modules # has to be moved to %%_spec_install_post. %global _debuginfo_subpackages %{nil} %global _debuginfo_template %{nil} %undefine _debugsource_packages # Hack: flavour and major version are variable, make %%_build_pkgcheck_* always detect and use this config %global _build_pkgcheck_set %(echo "%{_build_pkgcheck_set}" | sed -e 's,/%{name}.rpmlintrc,/kernel.rpmlintrc,') %global _build_pkgcheck_srpm %(echo "%{_build_pkgcheck_srpm}" | sed -e 's,/%{name}.rpmlintrc,/kernel.rpmlintrc,') %define kernelversion 5 %define patchlevel 15 %define sublevel 72 # Release number. Increase this before a rebuild. %define rpmrel 2 %define fullrpmrel %{rpmrel} %define rpmtag %{disttag} # Version defines %define kversion %{kernelversion}.%{patchlevel}.%{sublevel} %define kverrel %{kversion}-%{fullrpmrel} %define tar_ver %{kernelversion}.%{patchlevel} %ifarch %{ix86} %define arch_suffix i686 %endif %ifarch %{x86_64} %define arch_suffix x86_64 %endif %ifarch aarch64 %define arch_suffix arm64 %endif %define buildrpmrel %{fullrpmrel}%{rpmtag}-%{arch_suffix} %define buildrel %{kversion}-%{buildrpmrel} # Add not only the build time generated key to the trusted keyring, # but also add public keys of private ROSA's keys %bcond_without additional_keys # Fail the build after "make oldconfig" to edit kernel configs %bcond_with fail # User Mode Linux, https://habr.com/ru/company/itsumma/blog/459558/ # Not buildable on aarch64, rarely needed in general %bcond_with uml # "Nickel" is a special brand for certified distros %if %{mdvver} == 201905 %bcond_without nickel # Require kernel modules to be signed %bcond_without oblig_signed_modules %else %bcond_with nickel %bcond_with oblig_signed_modules %endif %if %{mdvver} >= 201905 # Build binary out-of-tree kernel modules (experimental) %bcond_without binary_extra_modules # Sign kernel modules with GOST key (experimental) %bcond_without gost_sign %else %bcond_with binary_extra_modules %bcond_with gost_sign %endif %bcond_with ccache %bcond_without flow_abi %bcond_without aufs # 1. VirtualBox is for x86_32 and x86_64 only # 2. I do not know how to solve the problem that userspace part of VirtualBox # will be updated ahead of these binary modules. So just off building them. %bcond_with binary_virtualbox_host # Shredder-kernel works only on x86_64, makes manipulations with syscalls tables, # loading/unloading of the module failed sometimes on kernel 5.4 # and it has not been adapted for kernel 5.10 (is not buildable) %bcond_with binary_shredder # Compress modules with zstd (zstd is good compression and fast decompression) %bcond_without compress_modules # Spend more resources on compression, but make resulting size less; # decompression speed will not be affected, but more memory will be required # which should not a problem here (performance penalty from allocating more # memory should not be big, I think, but I did not benchmark). %define zstd_cmd zstd -q --format=zstd --ultra -22 # Optionally keep using xz as compressor #bcond_without modxz # Kernel flavour %if %{with nickel} %define flavour nickel %else %define flavour generic %endif # The full kernel version %define kver_full %{kversion}-%{flavour}-%{buildrpmrel} ############################################################################ %define top_dir_name kernel-%{_arch} %define build_dir ${RPM_BUILD_DIR}/%{top_dir_name} %define src_dir %{build_dir}/linux-%{tar_ver} # Common target directories %define _bootdir /boot %define _modulesdir /lib/modules %define devel_root /usr/src/linux-%{kver_full} %define initrd_path %{_bootdir}/initrd-%{kver_full}.img # Directories needed for building %define temp_root %{build_dir}/temp-root %define temp_boot %{temp_root}%{_bootdir} %define temp_modules %{temp_root}%{_modulesdir} %define temp_devel_root %{temp_root}%{devel_root} # Directories definition needed for installing %define target_boot %{buildroot}%{_bootdir} %define target_modules %{buildroot}%{_modulesdir} # Manual control of creating and deleting keys # "rnd" is "random" and means that a key pair is generated at build time # and is not saved anywhere. %define certs_dir_rnd certs %define certs_signing_key_priv_rnd %{certs_dir_rnd}/signing_key_priv.key %define certs_signing_der %{certs_dir_rnd}/signing_key.x509 %define certs_key_config_rnd %{certs_dir_rnd}/x509.genkey %define certs_public_keys %{certs_dir_rnd}/public.pem %define certs_verify_tmp %{certs_dir_rnd}/verify.tmp %define kernel_files %{_builddir}/kernel_files.list %define debuginfo_files %{_builddir}/debuginfo_files.list # Append list of files generate by find-debuginfo.sh to our custom list %global __debug_install_post \ %{__debug_install_post} \ cat %{_builddir}/debugfiles.list >> %{debuginfo_files} ############################################################################ %if %{with binary_extra_modules} # global instead of define to speed up things # TODO: add nvidia340 %global nvidia_390_j %{kroko_j -p kernel-source-nvidia390 -r 390} %global nvidia_390_n %{kroko_n -p kernel-source-nvidia390 -r 390} %global nvidia_470_j %{kroko_j -p kernel-source-nvidia470 -r 470} %global nvidia_470_n %{kroko_n -p kernel-source-nvidia470 -r 470} %global nvidia_510_j %{kroko_j -p kernel-source-nvidia510 -r 510} %global nvidia_510_n %{kroko_n -p kernel-source-nvidia510 -r 510} %global nvidia_515_j %{kroko_j -p kernel-source-nvidia515 -r 515} %global nvidia_515_n %{kroko_n -p kernel-source-nvidia515 -r 515} # For SRPM stage when auto-krokodil-rpm-macros is not installed %{?!kroko_mk_release:%global kroko_mk_release(n:) %{nil}} %{?!kroko_req_modules_in_kernel:%global kroko_req_modules_in_kernel(j:n:p:) %{nil}} # global, not define, must be expanded only once %global kroko_release %kroko_mk_release -n kernel-%{kernelversion}.%{patchlevel}-%{flavour} %endif #/binary_extra_modules ############################################################################ # Buildtime flags %{?_without_doc: %global build_doc 0} %{?_without_devel: %global build_devel 0} %{?_without_debug: %global build_debug 0} %{?_without_perf: %global build_perf 0} %{?_without_cpupower: %global build_cpupower 0} %{?_with_doc: %global build_doc 1} %{?_with_devel: %global build_devel 1} %{?_with_debug: %global build_debug 1} %{?_with_perf: %global build_perf 1} %{?_with_cpupower: %global build_cpupower 1} %{?_with_modxz: %global build_modxz 0} # Build defines %define build_doc 1 %define build_devel 1 %define build_debug 1 # Build kernel-headers package %define build_headers 1 # Build perf and cpupower tools %define build_perf 1 %define build_cpupower 1 %if %{with compress_modules} %if %{with modxz} %define kmod_suffix .xz %else %define kmod_suffix .zst %endif %else %define kmod_suffix %{nil} %endif %if !%{build_debug} # Disable debug rpms. %define _enable_debug_packages %{nil} %define debug_package %{nil} %endif # End of user definitions # http://nickdesaulniers.github.io/blog/2018/06/02/speeding-up-linux-kernel-builds-with-ccache/ %if %{with ccache} %define kmake KBUILD_BUILD_TIMESTAMP='' %make CC='ccache gcc' ARCH="%{arch_type}" %else %define kmake %make CC='gcc' ARCH="%{arch_type}" %endif # There are places where parallel make don't work %define smake make %ifarch %{ix86} %{x86_64} %define arch_type x86 %endif %ifarch aarch64 %define arch_type arm64 %endif # Parallelize xargs invocations on smp machines %define kxargs xargs %([ -z "$RPM_BUILD_NCPUS" ] \\\ && RPM_BUILD_NCPUS="`/usr/bin/getconf _NPROCESSORS_ONLN`"; \\\ [ "$RPM_BUILD_NCPUS" -gt 1 ] && echo "-P $RPM_BUILD_NCPUS") # # SRC RPM description # Summary: The Linux kernel Name: kernel-%{kernelversion}.%{patchlevel}-%{flavour} Version: %{kversion} Release: %{fullrpmrel} License: GPLv2 Group: System/Kernel and hardware Url: https://www.kernel.org #################################################################### # # Sources # Source0: https://cdn.kernel.org/pub/linux/kernel/v%{kernelversion}.x/linux-%{tar_ver}.tar.xz # This is for disabling *config, mrproper, prepare, scripts on -devel rpms # Needed, because otherwise the -devel won't build correctly. Source2: 0001-disable-mrproper-prepare-scripts-configs-in-devel-rp.patch # TODO: Make a separate package "ksobirator" and BR it # after testing these macros properly Source3: macros.ksobirator %{load:%{SOURCE3}} # Kernel configuration files. Source111: kernel-x86_64.config Source112: kernel-i686.config Source113: kernel-arm64.config # Cpupower: the service, the config, etc. Source50: cpupower.service Source51: cpupower.config Source52: cpupower-start.sh Source53: cpupower.path Source80: kernel.rpmlintrc # Additional keys that can be used to sign kernel modules # Generated by https://abf.io/soft/kernel-keys # Source201..206: public_key_GOST_*.pem %{expand:%(for i in `seq 1 6`; do echo "Source$((200+${i})): public_key_GOST_${i}.pem"; done)} # Source207..212: public_key_RSA_*.pem %{expand:%(for i in `seq 7 12`; do echo "Source$((200+${i})): public_key_RSA_${i}.pem"; done)} #################################################################### # Patches # The patch to make kernel x.y.z from x.y.0. Patch1: https://cdn.kernel.org/pub/linux/kernel/v%{kernelversion}.x/patch-%{kversion}.xz # Patches from mainline # none Patch2: kernel-5.10.93-fix-perf-build.patch # https://www.opennet.ru/opennews/art.shtml?num=57838 Patch3: https://github.com/torvalds/linux/commit/e400ad8b7e6a1b9102123c6240289a811501f7d9.patch # ROSA-specific patches # Perf docs are built after all the kernels. To validate the xml files # generated during that process, xmlto tries to get DTD files from the Net. # If it fails, the whole build fails, which is unfortunate. Let us avoid # this. Patch101: 0001-perf-skip-xmlto-validation.patch # http://bugs.rosalinux.ru/show_bug.cgi?id=6235 # http://bugs.rosalinux.ru/show_bug.cgi?id=6459 Patch102: 0001-audit-make-it-less-verbose.patch %if %{with aufs} # AUFS 5 from http://aufs.sourceforge.net/ Patch109: 0001-Apply-AUFS-5.patch %endif # For kmod() generator of RPM Provides # Changes version of aacraid.ko Patch111: 0001-Remove-RPM-illegal-chars-from-module-version.patch # AltHa LSM Module # https://www.altlinux.org/AltHa # http://git.altlinux.org/gears/k/kernel-image-un-def.git # TODO: known problem: https://bugzilla.altlinux.org/show_bug.cgi?id=38225 Patch201: 0001-altha.patch # sent to upstream, https://patchwork.kernel.org/patch/11446123/ Patch302: 0001-sign-file-full-functionality-with-modern-LibreSSL.patch # Support loading GOST-signed modules Patch305: 0001-crypto-support-loading-GOST-signed-kernel-modules.patch # Allow to off modules signature check dynamically Patch306: 0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch # Experimental patch to reduce freezes in low memory conditions # Config values are the following: # CONFIG_UNEVICTABLE_ACTIVEFILE=y # CONFIG_UNEVICTABLE_ACTIVEFILE_KBYTES_LOW=102400 (100 MB) # CONFIG_UNEVICTABLE_ACTIVEFILE_KBYTES_MIN=51200 (50 MB) # + zswap is enabled by default # 50 MB is default value of min_filelist_kbytes in Chromium OS # https://chromium.googlesource.com/chromiumos/third_party/kernel-next/+/545e2917dbd863760a51379de8c26631e667c563%5E!/ # 256 and 512 MB values are too big as a distro default because many systems have 512MB-2GB RAM # TODO: tune 50 and 100 MB to some not random and mathemetically explainable values # https://www.linux.org.ru/news/kernel/16052362?cid=16075323 Patch307: le9pf.diff Patch308: 0001-Revert-kallsyms-unexport-kallsyms_lookup_name-and-ka.patch # Support sound on notebook Aquarius NS685U R11 (https://linux-hardware.org/?probe=339dc3db60) # First 2 patches are from Aquarius. # The next ones are cherry-picked commits from v5.16+, all commits except 19aed2d6cd from: # https://github.com/torvalds/linux/commits/0066f1b0e/sound/soc/intel/boards/sof_es8336.c # Also needed to make sound work: # 1) alsa-ucm-conf (SRPM alsa-lib) (ucm2/Intel/sof-essx8336/HiFi.conf) also has to be patched # https://abf.io/import/alsa-lib/commit/0cc7a15f10ef20dbedba94c14ef614a8c64c1882 # 2) firmware sof-cml-es8336.tplg is added into alsa-sof-firmware # https://abf.io/import/alsa-sof-firmware/commit/6fa57e82492d3ddede7af7b78aeeb5a0c230db4b Patch0400: 0400-ASoC-es8316-Add-power-management.patch Patch0401: 0401-ASoC-es8316-Use-increased-GPIO-debounce-time.patch Patch0402: 0402-ASoC-Intel-add-machine-driver-for-SOF-ES8336.patch Patch0403: 0403-ASoC-Intel-sof_es8336-add-quirk-for-Huawei-D15-2021.patch Patch0404: 0404-ASoC-Intel-sof_es8336-make-gpio-optional.patch Patch0405: 0405-ASoC-Intel-sof_es8336-get-codec-device-with-ACPI-ins.patch Patch0406: 0406-ASoC-Intel-Revert-ASoC-Intel-sof_es8336-add-quirk-fo.patch Patch0407: 0407-ASoC-Intel-sof_es8336-use-NHLT-information-to-set-dm.patch Patch0408: 0408-ASoC-Intel-sof_es8336-log-all-quirks.patch Patch0409: 0409-ASoC-Intel-sof_es8336-move-comment-to-the-right-plac.patch Patch0410: 0410-ASoC-Intel-sof_es8336-add-support-for-JD-inverted-qu.patch Patch0411: 0411-ASoC-Intel-sof_es8336-extend-machine-driver-to-suppo.patch Patch0412: 0412-ASoC-Intel-sof_es8336-add-cfg-dmics-component-for-UC.patch Patch0413: 0413-ASoC-Intel-sof_es8336-simplify-speaker-gpio-naming.patch Patch0414: 0414-ASoC-Intel-sof_es8336-support-a-separate-gpio-to-con.patch Patch0415: 0415-ASoC-Intel-sof_es8336-add-a-quirk-for-headset-at-mic.patch Patch0416: 0416-ASoC-Intel-sof_es8336-Add-a-quirk-for-Huawei-Mateboo.patch Patch0417: 0417-ASoC-Intel-sof_es8336-Fix-GPIO-quirks-set-via-module.patch Patch0418: 0418-ASoC-Intel-sof_es8336-ignore-GpioInt-when-looking-fo.patch Patch0419: 0419-ASoC-Intel-sof_es8336-add-support-for-HDMI_In-captur.patch Patch0420: 0420-ASoC-Intel-sof_es8336-reset-the-num_links-during-pro.patch Patch0421: 0421-ASoC-Intel-sof_es8336-remove-hard-coded-SSP-selectio.patch Patch0422: 0422-ASoC-Intel-fix-sof_es8336-probe.patch Patch0423: 0423-sound-backport-firmware-matches.patch # TODO: upstreamize quirks and fixes in alsa ucm2 Patch0424: 0424-ASoC-Intel-sof_es8336-Add-more-quirks-for-Russian-ha.patch Patch0425: 0425-ASoC-Intel-sof_es8336-Add-a-quirk-for-Aquarius-NS685.patch # Additional backports to make previous patches work/compile Patch0426: 0426-ASoC-SOF-Intel-hda-report-SSP-link-mask-to-machine-d.patch Patch0427: 0427-ASoC-Intel-soc-acpi-quirk-topology-filename-dynamica.patch Patch0428: 0428-ASoC-soc-acpi-fix-kernel-doc-descriptor.patch Patch0429: 0429-ASoC-soc-acpi-add-information-on-I2S-TDM-link-mask.patch Patch0430: 0430-ALSA-hda-Fill-gaps-in-NHLT-endpoint-interface.patch Patch0431: 0431-ASoC-SOF-avoid-casting-const-attribute-away.patch Patch0432: 0432-ALSA-intel-dsp-config-add-more-ACPI-HIDs-for-ES83x6-.patch Patch0433: 0433-ASoC-soc-acpi-add-comp_ids-field-for-machine-driver-.patch Patch0434: 0434-ALSA-hda-intel-dsp-config-update-AlderLake-PCI-IDs.patch Patch0435: 0435-ASoC-Intel-soc-acpi-Add-entry-for-sof_es8336-in-ADL-.patch Patch0436: 0436-ALSA-intel-nhlt-add-helper-to-detect-SSP-link-mask.patch # Support SoC with Baikal-M (ARMv8) CPU # http://git.altlinux.org/gears/k/kernel-image-std-def.git # https://github.com/asheplyakov/linux/commits/baikalm-5.15.y-next (many thanks!) Patch0600: 0600-drm-panfrost-initial-dual-core-group-GPUs-support.patch Patch0601: 0601-net-stmmac-inital-support-of-Baikal-T1-M-SoCs-GMAC.patch Patch0602: 0602-dt-bindings-dwmac-Add-bindings-for-Baikal-T1-M-SoCs.patch Patch0603: 0603-net-stmmac-custom-mdio-reset-for-some-Baikal-M-board.patch Patch0604: 0604-net-dwmac-baikal-added-compatible-strings.patch Patch0605: 0605-hwmon-bt1-pvt-access-registers-via-pvt_-readl-writel.patch Patch0606: 0606-hwmon-bt1-pvt-define-pvt_readl-pvt_writel-for-Baikal.patch Patch0607: 0607-hwmon-bt1-pvt-adjusted-probing-for-Baikal-M-SoC.patch Patch0608: 0608-hwmon-bt1-pvt-added-compatible-baikal-pvt.patch Patch0609: 0609-clk-added-Baikal-M-clock-management-unit-driver.patch Patch0610: 0610-cpufreq-dt-don-t-load-on-Baikal-M-SoC.patch Patch0611: 0611-usb-dwc3-of-simple-added-compatible-string-for-Baika.patch Patch0612: 0612-arm64-Enable-armv8-based-Baikal-M-SoC-support.patch Patch0613: 0613-drm-bridge-New-bridge-driver-stdp4028.patch Patch0614: 0614-drm-added-Baikal-M-SoC-video-display-unit-driver.patch Patch0615: 0615-baikal_vdu-et101-display-port-support.patch Patch0616: 0616-dw-hdmi-ahb-audio-support-Baikal-M-SoC.patch Patch0617: 0617-ALSA-hda-Baikal-M-SoC-support.patch Patch0618: 0618-Added-TF307-TF306-board-management-controller-driver.patch Patch0619: 0619-rejected-serial-8250_dw-verify-clock-rate-in-dw8250_.patch Patch0620: 0620-drm-panfrost-forcibly-set-dma-coherent-on-Baikal-M.patch Patch0621: 0621-drm-panfrost-disable-devfreq-on-Baikal-M.patch Patch0622: 0622-pm-disable-all-sleep-states-on-Baikal-M-based-boards.patch Patch0623: 0623-arm64-stub-fixed-secondary-cores-boot-on-Baikal-M-So.patch Patch0624: 0624-efi-rtc-avoid-calling-efi.get_time-on-Baikal-M-SoC.patch Patch0625: 0625-net-fwnode_get_phy_id-consider-all-compatible-string.patch Patch0626: 0626-BROKEN-dwc-i2s-support-Baikal-M-SoC.patch Patch0627: 0627-input-added-TF307-serio-PS-2-emulator-driver.patch Patch0628: 0628-arm64-added-Baikal-M-SoC-and-TF307-board-device-tree.patch Patch0629: 0629-arm64-device-tree-baikal-mark-GPU-as-dma-coherent.patch Patch0630: 0630-arm64-device-tree-Baikal-M-fixed-PHY-binding-descrip.patch Patch0631: 0631-arm64-device-tree-Baikal-M-fixed-gpio-alias.patch Patch0632: 0632-arm64-device-tree-Baikal-M-fixed-GPU-opp_table.patch Patch0633: 0633-arm64-device-tree-Baikal-M-fixed-CPUs-opp_table.patch Patch0634: 0634-arm64-defconfig-for-Baikal-M-support-testing.patch # Disable AutoReq AutoReq: 0 # but keep autoprov for kmod(xxx) AutoProv: 1 BuildRequires: bash BuildRequires: bc BuildRequires: binutils BuildRequires: bison BuildRequires: bzip2 %if %{with ccache} BuildRequires: ccache %endif BuildRequires: flex BuildRequires: gcc # ./scripts/mkcompile_h BuildRequires: hostname BuildRequires: kmod-compat BuildRequires: rsync %if %{with compress_modules} %if %{with modxz} BuildRequires: xz %else BuildRequires: zstd %endif %endif %ifarch aarch64 BuildRequires: uboot-tools %endif BuildRequires: kmod-devel %ifarch x86_64 aarch64 BuildRequires: numa-devel %endif %if %{with uml} BuildRequires: vde-devel %endif # For power tools BuildRequires: pkgconfig(ncurses) # For perf, cpufreq and all other tools # For cpupower %if %{build_cpupower} BuildRequires: pciutils-devel %endif # For perf %if %{build_perf} BuildRequires: asciidoc BuildRequires: perl-ExtUtils-Embed BuildRequires: python3 BuildRequires: xmlto BuildRequires: audit-devel BuildRequires: binutils-devel BuildRequires: elfutils-devel BuildRequires: java-1.8.0-openjdk-devel BuildRequires: libunwind-devel BuildRequires: newt-devel BuildRequires: perl-devel BuildRequires: pkgconfig(babeltrace) BuildRequires: pkgconfig(libcap) BuildRequires: pkgconfig(libcrypto) BuildRequires: pkgconfig(python3) BuildRequires: pkgconfig(slang) BuildRequires: pkgconfig(zlib) %endif # (To generate keys) # LibreSSL has GOST support without editing openssl.cnf # or dlopen()-ing external library BuildRequires: libressl BuildRequires: libressl-devel # To verify signatures (find, xargs, hexdump) BuildRequires: findutils BuildRequires: util-linux %if %{with binary_extra_modules} BuildRequires: auto-krokodil-rpm-macros BuildRequires: kernel-source-rtl8821ce BuildRequires: kernel-source-rtl8821cu # Broadcom-wl and nvidia390 contain a proprietary blob which is only for x86 %ifarch %{ix86} %{x86_64} BuildRequires: kernel-source-broadcom-wl BuildRequires: kernel-source-nvidia390 %endif # Nvidia470+ are x86_64 only (maybe aarch64 will be also packaged later) %ifarch %{x86_64} BuildRequires: kernel-source-nvidia470 BuildRequires: kernel-source-nvidia510 BuildRequires: kernel-source-nvidia515 %endif BuildRequires: kernel-source-tripso BuildRequires: kernel-source-ipt-so %if %{with binary_virtualbox_host} BuildRequires: kernel-source-virtualbox %endif BuildRequires: kernel-source-v4l2loopback %if %{with binary_shredder} BuildRequires: kernel-source-shredder-kernel %endif # Rosa-test-suite is maintained in certified branches only nlkm, memfreetest, pcietest %if %{with nickel} BuildRequires: kernel-source-rosa-test-suite %endif %endif # End of with binary_extra_modules Provides: kernel = %{EVRD} Provides: kernel-%{flavour} = %{EVRD} Provides: kernel-abi(%{kver_full}) = %{EVRD} # Dnf config-manager --dump | grep installonly Provides: installonlypkg(kernel) = %{EVRD}.image Provides: installonlypkg(kernel) = %{EVRD}.modules # >= because of added support of zstd-compressed modules Requires(posttrans): dracut >= 053-0.git5eb736.5 Requires(posttrans): kmod >= 28-3 # Need for rebuild dkms drivers Requires: (kernel-%{tar_ver}-generic-devel if dkms) # Usually necessary, but sometimes user may want to not install them Recommends: crda Recommends: linux-firmware Recommends: microcode # Set BFQ as default scheduler for HDDs # https://www.phoronix.com/scan.php?page=article&item=linux-50hdd-io Recommends: udev-rules-ioschedulers Recommends: wireless-regdb %if %{with flow_abi} Requires: kernel-%{kernelversion}.%{patchlevel}-rosa-flow-abi %endif %ifarch %{ix86} Conflicts: arch(x86_64) %endif # XXX temporary hack to upgrade from kernel-headers 1:5.4 %if %{build_headers} Recommends: kernel-headers = %{EVRD} %endif %if %{with binary_extra_modules} %ifarch %{ix86} %{x86_64} %kroko_req_modules_in_kernel -j %{nvidia_390_j} -n %{nvidia_390_n} -p %{kver_full} %endif %ifarch %{x86_64} %kroko_req_modules_in_kernel -j %{nvidia_470_j} -n %{nvidia_470_n} -p %{kver_full} %kroko_req_modules_in_kernel -j %{nvidia_510_j} -n %{nvidia_510_n} -p %{kver_full} %kroko_req_modules_in_kernel -j %{nvidia_515_j} -n %{nvidia_515_n} -p %{kver_full} %endif %endif %description The kernel package contains the Linux kernel (vmlinuz), the core of your operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. This is a general-purpose kernel. %posttrans # We always regenerate initrd here, even if it already exists. This may # happen if kernel-<...>-devel is installed first, triggers rebuild of # DKMS modules and some of these request remaking of initrd. The initrd # that is created then will be non-functional. But when the user installs # kernel-<...> package, that defunct initrd will be replaced with a working # one here. dracut -f %{initrd_path} %{kver_full} # File triggers from grub packages will handle this. #/usr/sbin/update-grub2 %transfiletriggerin -- %{_modulesdir}/%{kver_full} # Detect all modules, including ones inside kernel-module* packages if grep -qE '/.*\.ko(|\..*)' ; then depmod -a %{kver_full} fi %transfiletriggerpostun -- %{_modulesdir}/%{kver_full} # Handle e.g. removal of kernel-module* packages # List of files is not available here (?) depmod -a %{kver_full} %files -f %{kernel_files} %{_bootdir}/System.map-%{kver_full} %{_bootdir}/symvers-%{kver_full}.* %{_bootdir}/config-%{kver_full} %{_bootdir}/vmlinuz-%{kver_full} %ghost %{initrd_path} %ifarch %{armx} %{_bootdir}/dtb-%{kver_full} %endif %{_modulesdir}/%{kver_full}/modules.* %if %{with flow_abi} %{_modulesdir}/%{kver_full}/kernel/zzz-%{kernelversion}.%{patchlevel}-rosa-flow-abi %endif %if %{with binary_extra_modules} # 8821ce.ko.debug will not be excluded and will be in the main debug subpackage %exclude %{_modulesdir}/%{kver_full}/kernel/net/wireless/8821ce.ko%{kmod_suffix} %exclude %{_modulesdir}/%{kver_full}/kernel/net/wireless/8821cu.ko%{kmod_suffix} %ifarch %{ix86} %{x86_64} %exclude %{_modulesdir}/%{kver_full}/kernel/net/wireless/wl.ko%{kmod_suffix} %endif %if %{with binary_shredder} %exclude %{_modulesdir}/%{kver_full}/kernel/extra/shredder-kernel.ko%{kmod_suffix} %endif %exclude %{_modulesdir}/%{kver_full}/kernel/drivers/media/v4l2loopback.ko%{kmod_suffix} %if %{with binary_virtualbox_host} # vbox host modules may be built here (vboxnetflt vboxnetadp vboxdrv vboxpci) # vbox guest modules are in the mainline kernel now (vboxvideo vboxguest vboxsf) %exclude %{_modulesdir}/%{kver_full}/kernel/misc/vbox*.ko%{kmod_suffix} %endif %exclude %{_modulesdir}/%{kver_full}/kernel/net/xt_TRIPSO.ko%{kmod_suffix} %exclude %{_modulesdir}/%{kver_full}/kernel/net/xt_so.ko%{kmod_suffix} %if %{with nickel} %exclude %{_modulesdir}/%{kver_full}/kernel/misc/nlkm.ko%{kmod_suffix} %exclude %{_modulesdir}/%{kver_full}/kernel/misc/memfreetest.ko%{kmod_suffix} %exclude %{_modulesdir}/%{kver_full}/kernel/misc/pcietest.ko%{kmod_suffix} %endif %endif # End of with binary_extra_modules ############################################################################ %if %{build_devel} %package devel Summary: Development files for %{name} Group: Development/Kernel Requires: glibc-devel Requires: ncurses-devel Requires: gcc Requires: make Requires: perl Requires: %{name} = %{EVRD} Provides: kernel-devel = %{kverrel} Provides: kernel-%{flavour}-devel = %{kverrel} Provides: installonlypkg(kernel) = %{EVRD}.devel # Have dkms updated/installed before the kernel, scriptlet here checks if dkms exists OrderWithRequires(post): dkms # Try to remove the main kernel package after removing this devel package # because there may be dkms-built kernel modules inside directories owned # by the main package, try to get rid of such files before RPM starts to # deal with directories owned in the main package # (note that the devel package does not explicitly require the main package, # there is no need to do so, a kernel module may be built using just the devel part). OrderWithRequires(postun): %{name} = %{EVRD} %ifarch %{ix86} Conflicts: arch(x86_64) %endif %description devel This package contains the kernel files (headers and build tools) that should be enough to build additional drivers for use with %{name}. %post devel if command -v dkms_autoinstaller >/dev/null 2>&1; then dkms_autoinstaller start %{kver_full} fi %preun devel # If any DKMS modules with REMAKE_INITRD=yes in their configs have been # uninstalled, initrd has been regenerated for the given kernel. However, # the kernel itself might have been uninstalled before, so that (defunct) # initrd image files would be left behind. Remove them if the kernel itself # is no longer installed. Should work if they are uninstalled in parallel # too. if ! test -f /boot/vmlinuz-%{kver_full}; then rm -f /boot/initrd-%{kver_full}.img rm -f /boot/initrd-%{kver_full}_old.img fi if ! command -v dkms >/dev/null 2>&1; then exit 0; fi for ii in $(/usr/sbin/dkms status -k %{kver_full} | awk '{ print $1 $2; }'); do mod=$(echo $ii | awk -v FS=',' '{ print $1; }') ver=$(echo $ii | awk -v FS=',' '{ print $2; }') /usr/sbin/dkms --rpm_safe_upgrade uninstall -m $mod -v $ver -k %{kver_full} || : done %files devel %{devel_root}/Documentation %dir %{devel_root} %dir %{devel_root}/arch %dir %{devel_root}/include %{devel_root}/arch/um %{devel_root}/arch/x86 %{devel_root}/arch/arm %{devel_root}/arch/arm64 %{devel_root}/block %{devel_root}/certs %{devel_root}/crypto %{devel_root}/drivers %{devel_root}/fs %{devel_root}/include/soc %{devel_root}/include/acpi %{devel_root}/include/asm-generic %{devel_root}/include/clocksource %{devel_root}/include/config %{devel_root}/include/crypto %{devel_root}/include/drm %{devel_root}/include/dt-bindings %{devel_root}/include/generated %{devel_root}/include/keys %{devel_root}/include/kvm %{devel_root}/include/kunit %{devel_root}/include/linux %{devel_root}/include/math-emu %{devel_root}/include/media %{devel_root}/include/memory %{devel_root}/include/misc %{devel_root}/include/net %{devel_root}/include/pcmcia %{devel_root}/include/ras %{devel_root}/include/rdma %{devel_root}/include/scsi %{devel_root}/include/sound %{devel_root}/include/target %{devel_root}/include/trace %{devel_root}/include/uapi %{devel_root}/include/vdso %{devel_root}/include/video %{devel_root}/include/xen %{devel_root}/init %{devel_root}/ipc %{devel_root}/kernel %{devel_root}/lib %{devel_root}/mm %{devel_root}/net %{devel_root}/samples %{devel_root}/scripts %{devel_root}/security %{devel_root}/sound %{devel_root}/tools %{devel_root}/usr %{devel_root}/virt %{devel_root}/.config %{devel_root}/Kbuild %{devel_root}/Kconfig %{devel_root}/Makefile %{devel_root}/Module.symvers %{devel_root}/arch/Kconfig %{_modulesdir}/%{kver_full}/build %{_modulesdir}/%{kver_full}/source %endif # End of build_devel ############################################################################ %if %{build_debug} %package debuginfo Summary: Debuginfo for %{name} Group: Development/Debug Provides: kernel-debug = %{kverrel} AutoReq: 0 AutoProv: 0 %description debuginfo This package contains the files with debuginfo for %{name}. %files debuginfo -f %{debuginfo_files} %{_bootdir}/vmlinux-%{kver_full} %endif # End of build_debug ############################################################################ %if %{build_doc} %package doc Summary: Various documentation bits found in the kernel source Group: Documentation BuildArch: noarch %description doc This package contains documentation files from the kernel source. %files doc %doc linux-%{tar_ver}/Documentation/* %endif ############################################################################ %if %{build_perf} %package -n perf Summary: perf tool and the supporting documentation Group: System/Kernel and hardware %description -n perf The package contains perf tool and the supporting documentation. %files -n perf %{_bindir}/perf %ifarch x86_64 %{_bindir}/perf-read-vdso32 %endif %{_bindir}/trace %{_includedir}/perf/perf_dlfilter.h %dir %{_prefix}/libexec/perf-core %dir %{_libdir}/traceevent %dir %{_libdir}/traceevent/plugins %{_libdir}/libperf-jvmti.so %{_libdir}/traceevent/plugins/* %{_prefix}/libexec/perf-core/* %{_mandir}/man[1-8]/perf* %{_sysconfdir}/bash_completion.d/perf %{_datadir}/perf-core/strace/groups/* %{_datadir}/doc/perf-tip/*.txt /usr/lib/perf/examples/bpf/* /usr/lib/perf/include/bpf/* %endif ############################################################################ %if %{build_cpupower} %package -n cpupower Summary: The cpupower tools Group: System/Kernel and hardware %description -n cpupower The cpupower tools. %post -n cpupower if [ $1 -ge 0 ]; then # Do not enable/disable cpupower.service directly, because it should start # when cpupower.path triggers it. /bin/systemctl enable cpupower.path >/dev/null 2>&1 || : /bin/systemctl start cpupower.path >/dev/null 2>&1 || : fi %preun -n cpupower if [ $1 -eq 0 ]; then /bin/systemctl --no-reload disable cpupower.path > /dev/null 2>&1 || : /bin/systemctl stop cpupower.path > /dev/null 2>&1 || : fi %files -n cpupower -f cpupower.lang %config(noreplace) %{_sysconfdir}/sysconfig/cpupower %{_bindir}/cpupower %{_bindir}/cpupower-start.sh %{_libdir}/libcpupower.so.0 %{_libdir}/libcpupower.so.0.0.1 %{_unitdir}/cpupower.service %{_unitdir}/cpupower.path %{_datadir}/bash-completion/completions/cpupower %{_mandir}/man[1-8]/cpupower* ############################################################################ %package -n cpupower-devel Summary: Development files for cpupower Group: Development/Kernel Requires: cpupower = %{EVRD} Conflicts: %{_lib}cpufreq-devel %description -n cpupower-devel This package contains the development files for cpupower. %files -n cpupower-devel %{_libdir}/libcpupower.so %{_includedir}/cpufreq.h %{_includedir}/cpuidle.h %endif ############################################################################ %if %{build_headers} %package -n kernel-headers Summary: Linux kernel header files mostly used by your C library Group: System/Kernel and hardware Provides: linux-userspace-headers = %{EVRD} Provides: kernel-release-headers = %{EVRD} %description -n kernel-headers C header files from the Linux kernel. The header files define structures and constants that are needed for building most standard programs, notably the C library. This package is not suitable for building kernel modules, you should use the 'kernel-devel' package instead. %files -n kernel-headers %{_includedir}/* # Don't conflict with cpupower-devel %if %{build_cpupower} %exclude %{_includedir}/cpufreq.h %exclude %{_includedir}/cpuidle.h %endif %if %{build_perf} %exclude %{_includedir}/perf/perf_dlfilter.h %endif %endif ############################################################################ %if %{with uml} %package uml Summary: User Mode Linux binary Group: System/Kernel and hardware Provides: kernel-uml = %{kverrel} Provides: kernel-uml-%{flavour} = %{kverrel} Provides: installonlypkg(kernel) = %{EVRD}.uml %description uml User Mode Linux binary. Stripped, debug is in %{name}-debuginfo. %files uml %{_bindir}/linux-uml-%{kver_full} #----------------------------------------------------------------------------- %package uml-modules Summary: User Mode Linux (UML) kernel modules Group: System/Kernel and hardware Provides: kernel-uml-modules = %{kverrel} Provides: kernel-uml-modules-%{flavour} = %{kverrel} Provides: installonlypkg(kernel-module) = %{EVRD}.uml %description uml-modules User Mode Linux (UML) kernel modules: - not compressed; - not stripped; - signed. %files uml-modules /lib/modules-uml/%{kver_full} %endif # End of uml #----------------------------------------------------------------------------- ############################### # Extra modules package definitions %if %{with binary_extra_modules} %ksob_mk_module_pkg -n 8821ce -s net/wireless -r rtl8821ce-blacklist %ksob_mk_module_pkg -n 8821cu -s net/wireless %ifarch %{ix86} %{x86_64} %ksob_mk_module_pkg -n wl -s net/wireless -r broadcom-wl-aliases %kroko_kmod_pkg -r %{kroko_release} -j %{nvidia_390_j} -n %{nvidia_390_n} -f %{flavour} -k %{kernelversion}.%{patchlevel} -m %{sublevel} -p %{kver_full} -s %{NAME} -c %{kmod_suffix} %endif %ifarch %{x86_64} %kroko_kmod_pkg -r %{kroko_release} -j %{nvidia_470_j} -n %{nvidia_470_n} -f %{flavour} -k %{kernelversion}.%{patchlevel} -m %{sublevel} -p %{kver_full} -s %{NAME} -c %{kmod_suffix} %kroko_kmod_pkg -r %{kroko_release} -j %{nvidia_510_j} -n %{nvidia_510_n} -f %{flavour} -k %{kernelversion}.%{patchlevel} -m %{sublevel} -p %{kver_full} -s %{NAME} -c %{kmod_suffix} %kroko_kmod_pkg -r %{kroko_release} -j %{nvidia_515_j} -n %{nvidia_515_n} -f %{flavour} -k %{kernelversion}.%{patchlevel} -m %{sublevel} -p %{kver_full} -s %{NAME} -c %{kmod_suffix} %endif %ksob_mk_module_pkg -n xt_TRIPSO -s net -r tripso %ksob_mk_module_pkg -n xt_so -s net -r ipt-so %ksob_mk_module_pkg -n v4l2loopback -s drivers/media -r v4l2loopback %if %{with binary_shredder} %ksob_mk_module_pkg -n shredder-kernel -s extra -r rosa-shredder-user %endif #----------------------------------------------------------------------------- ############### # Virtualbox host %if %{with binary_virtualbox_host} %ksob_mk_module_pkg -n vboxnetflt -s misc %ksob_mk_module_pkg -n vboxnetadp -s misc %ksob_mk_module_pkg -n vboxdrv -s misc %ksob_mk_module_pkg -n vboxpci -s misc # A package which will pull all those modules %package -n kernel-modules-virtualbox-host-%{ksob_kernel} Summary: Meta package to pull VirtualBox host kernel modules for kernel-%{flavour}-%{kernelversion}.%{patchlevel} Group: System/Kernel and hardware Requires: kernel-module-vboxnetflt-%{ksob_kernel} Requires: kernel-module-vboxnetadp-%{ksob_kernel} Requires: kernel-module-vboxdrv-%{ksob_kernel} Requires: kernel-module-vboxpci-%{ksob_kernel} %description -n kernel-modules-virtualbox-host-%{ksob_kernel} Meta package to pull VirtualBox host kernel modules for %{name}. %files -n kernel-modules-virtualbox-host-%{ksob_kernel} # empty %endif #End of ifarch x86 #----------------------------------------------------------------------------- %if %{with nickel} %ksob_mk_module_pkg -n nlkm -s misc %ksob_mk_module_pkg -n memfreetest -s misc %ksob_mk_module_pkg -n pcietest -s misc %endif %endif # End of binary_extra_modules ################################################################# %if %{with flow_abi} %package -n kernel-%{kernelversion}.%{patchlevel}-rosa-flow-abi Summary: Directory to install third-party binary kernel modules for kernels %{kernelversion}.%{patchlevel}.x Group: System/Kernel and hardware %description -n kernel-%{kernelversion}.%{patchlevel}-rosa-flow-abi This package contains a directory to install third-party binary kernel modules for kernels %{kernelversion}.%{patchlevel}.x. Some vendors provide binary-only kernel modules. They can put them into /lib/modules/%{kernelversion}.%{patchlevel}-rosa-flow-abi. kmod tools will find them for kernels 5.4.x of "generic" and "nickel" flavours but there is no guarantee that these modules will load and work correctly on newer or older kernels then the ones they were build against. We call this "flow ABI" because most ABIs are not changed between %{kernelversion}.%{patchlevel}.x releases, but there are no specific guarantees. ABI may evolve and change. We highly recommend to use DKMS and build third-party kernel modules from source for every kernel! This package does nothing, just owns a directory for third-party binary kernel modules. %files -n kernel-%{kernelversion}.%{patchlevel}-rosa-flow-abi /lib/modules/%{kernelversion}.%{patchlevel}-rosa-flow-abi %endif # End of flow_abi ################################################ %prep # Avoid accidental merge %if 0%{?rpm5} %{error:Package structure is for dnf, not for urpmi!} %endif %setup -q -n %{top_dir_name} -c %if %{with uml} cp -r %{src_dir} %{src_dir}.uml %endif cd %{src_dir} %autopatch -p1 # # Setup Begin # ################################## # Kernel configuration echo "Creating the kernel configuration file." # Configs cp %{SOURCE111} . cp %{SOURCE112} . cp %{SOURCE113} . cp kernel-%{arch_suffix}.config .config touch %{build_dir}/.config.append # Get rid of unwanted files find . -name '*~' -o -name '*.orig' -o -name '*.append' -delete # Wipe all .gitignore/.get_maintainer.ignore files find . -name "*.g*ignore" -delete # Disable debug info if requested (enabled by default) %if ! %build_debug sed -i -e '/CONFIG_DEBUG_INFO/d' -e '/CONFIG_GDB_SCRIPTS/d' .config echo '# CONFIG_DEBUG_INFO is not set' >> %{build_dir}/.config.append echo '# CONFIG_GDB_SCRIPTS is not set' >> %{build_dir}/.config.append %endif sed -i '/CONFIG_MODULE_SIG_FORCE/d' .config %if %{with oblig_signed_modules} # Disallow loading not signed modules # But 0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch allows to override this in cmdline echo CONFIG_MODULE_SIG_FORCE=y >> %{build_dir}/.config.append %else echo CONFIG_MODULE_SIG_FORCE=n >> %{build_dir}/.config.append %endif sed -i '/CONFIG_MODULE_SIG_KEY/d' .config # Set path to the key that will be generated later by openssl/libressl echo CONFIG_MODULE_SIG_KEY=\"%{certs_signing_key_priv_rnd}\" >> %{build_dir}/.config.append # Set path to one PEM file with all keys that the kernel must trust sed -i '/CONFIG_SYSTEM_TRUSTED_KEYS/d' .config echo CONFIG_SYSTEM_TRUSTED_KEYS=\"%{certs_public_keys}\" >> %{build_dir}/.config.append # Memory wiping # Introduced in kernel 5.3 by commit 6471384af2a6530696fc0203bafe4de41a23c9ef # Estimated performance impact is described in the commit # "Fill newly allocated pages and heap objects with zeroes." # To enable, add to cmdline: init_on_alloc=1 sed -i '/CONFIG_INIT_ON_ALLOC_DEFAULT_ON/d' .config echo CONFIG_INIT_ON_ALLOC_DEFAULT_ON=n >> %{build_dir}/.config.append # "Fill freed pages and heap objects with zeroes" # To disable, add to cmdline: init_on_free=0 sed -i '/CONFIG_INIT_ON_FREE_DEFAULT_ON/d' .config %if %{with nickel} echo CONFIG_INIT_ON_FREE_DEFAULT_ON=y >> %{build_dir}/.config.append %else echo CONFIG_INIT_ON_FREE_DEFAULT_ON=n >> %{build_dir}/.config.append %endif # Here enabling only either only init_on_free or only init_on_alloc # makes sense; init_on_alloc is not about protecting information. # To load kernel keyring in UML for i in STREEBOG SHA1 SHA256 SHA512 ECRDSA RSA ; do if ! grep -q "^CONFIG_CRYPTO_${i}=y$" .config; then sed -i "/CONFIG_CRYPTO_${i}/d" .config echo "CONFIG_CRYPTO_${i}=y" >> %{build_dir}/.config.append fi done cat %{build_dir}/.config.append >> .config ################## # End of kernel config # Store the config file in the appropriate directory. CONFIG_DIR=arch/%{arch_type}/configs mkdir -p "${CONFIG_DIR}" cfg_file=arch/%{arch_type}/configs/%{arch_suffix}_defconfig-%{flavour} make ARCH=%{arch_type} oldconfig # When it is needed to edit kernel configs, run: # abf fetch # rpmbuild --define "_sourcedir $PWD" --with=fail -bb kernel.spec # and then work with the config in the buildroot with applied patches etc. %{?_with_fail:exit 1} mv .config ${cfg_file} echo "Created ${cfg_file}." # Make sure the kernel has the sublevel we know it has... LC_ALL=C sed -ri "s/^SUBLEVEL.*/SUBLEVEL = %{sublevel}/" Makefile # Get rid of unwanted files find . -name '*~' -o -name '*.orig' -o -name '*.append' | %kxargs rm -f find . -name '.get_maintainer.ignore' | %kxargs rm -f # Versionize python shebang (#!/usr/bin/env python -> #!/usr/bin/python3) in scripts sed -i '1 s,^#!/usr/bin/env python$,#!%{__python3},' \ scripts/bloat-o-meter \ scripts/checkkconfigsymbols.py \ scripts/diffconfig \ scripts/jobserver-exec \ scripts/show_delta \ scripts/spdxcheck.py \ scripts/clang-tools/gen_compile_commands.py \ scripts/clang-tools/run-clang-tools.py \ scripts/tracing/draw_functrace.py \ tools/hv/vmbus_testing \ tools/kvm/kvm_stat/kvm_stat \ tools/perf/python/tracepoint.py \ tools/perf/python/twatch.py \ tools/power/pm-graph/bootgraph.py \ tools/power/pm-graph/sleepgraph.py \ tools/power/x86/intel_pstate_tracer/intel_pstate_tracer.py \ tools/testing/kunit/kunit.py \ tools/testing/kunit/kunit_tool_test.py \ tools/testing/selftests/bpf/test_offload.py \ tools/testing/selftests/drivers/net/mlxsw/sharedbuffer_configuration.py \ tools/testing/selftests/exec/binfmt_script \ tools/testing/selftests/net/devlink_port_split.py \ tools/testing/selftests/tc-testing/tdc.py \ tools/testing/selftests/tc-testing/tdc_batch.py \ tools/testing/selftests/tc-testing/tdc_multibatch.py \ Documentation/sphinx/kernel_include.py \ Documentation/sphinx/maintainers_include.py \ Documentation/sphinx/rstFlatTable.py \ Documentation/target/tcm_mod_builder.py # Drop env from bash scripts sed -i '1 s,^#!.*env .*,#!%{_bindir}/bash,' scripts/config # Drop env from perl scripts sed -i '1 s,^#!.*env .*,#!%{_bindir}/perl,' \ scripts/bootgraph.pl \ scripts/checkincludes.pl \ scripts/checkkconfigsymbols.py \ scripts/checkpatch.pl \ scripts/checkstack.pl \ scripts/checkversion.pl \ scripts/cleanfile \ scripts/cleanpatch \ scripts/documentation-file-ref-check \ scripts/export_report.pl \ scripts/extract-module-sig.pl \ scripts/extract-sys-certs.pl \ scripts/extract_xc3028.pl \ scripts/get_abi.pl \ scripts/get_dvb_firmware \ scripts/get_maintainer.pl \ scripts/headerdep.pl \ scripts/headers_check.pl \ scripts/kernel-doc \ scripts/leaking_addresses.pl \ scripts/markup_oops.pl \ scripts/profile2linkerlist.pl \ scripts/recordmcount.pl \ scripts/split-man.pl \ scripts/stackdelta \ scripts/dtc/dt_to_config \ scripts/kconfig/streamline_config.pl \ tools/testing/ktest/compare-ktest-sample.pl \ tools/testing/selftests/kselftest/prefix.pl \ Documentation/sphinx/parse-headers.pl ############################################################################ %build # Ensure that build time generated private keys don't get published # as e.g. "RPM build root" on ABF! # Note that ABF sends SIGKILL to rpm-build.sh when the build is terminated; # in this case trap will not work, but RPM build root also will not be # saved because rpm-build.sh saves it, but it is SIGKILLed. # For best security we could store private keys in RAM (not reachable from # filesystem, so not in /tmp!) and override sth like fopen() by LD_PRELOAD # to give the content of keys from RAM when a virtual address of a key file # is accessed, but currently I don't know how to implement this (TODO: ). _cleanup(){ # Show resulting kernel public keys for debugging cat "%{src_dir}/%{certs_dir_rnd}/x509_certificate_list" | base64 -d || : rm -fvr "%{src_dir}/%{certs_dir_rnd}" %if %{with uml} cat "%{src_dir}.uml/%{certs_dir_rnd}/x509_certificate_list" | base64 -d || : rm -fvr "%{src_dir}.uml/%{certs_dir_rnd}" %endif } # Make a trap to delete keys even if %%build fails in the middle trap "_cleanup" EXIT rm -rf %{temp_root} install -d %{temp_root} cd %{src_dir} ### Keys for signing kernel modules # Keys can be generated both manually and automatically, # let's generate them by ourselves to take full control of the process # https://www.ibm.com/support/knowledgecenter/en/SSB23S_1.1.0.13/gtps7/cfgcert.html # See also certs/Makefile in kernel source mkdir -p "%{certs_dir_rnd}" # On ABF, %%packager == $username <$email> # Try to extract email from %%packager if it is set _get_email(){ # Check that macro %%packager was set and is not empty if echo '%{packager}' | grep -q 'packager}$' || [ -z "%{packager}" ] # If was not set or is empty, use default email then echo 'rpmbuild@rosa.unknown' && return # Otherwise try to extract email from 'name ' or sth else else temp="$(echo '%{packager}' | tr '[:upper:]' '[:lower:]' | tr ' ' '\n' | tr -d '<>' | grep -E '@.*\..*' | head -n 1)" fi # Validate that what we have now is a valid email # https://stackoverflow.com/a/2138832, https://stackoverflow.com/a/41192733 # Note that we set %%_buildshell to /bin/bash to guarantee the work of this bashism regex_email="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$" if [[ "$temp" =~ ${regex_email} ]] # If it is, use it then echo "$temp" && return # Otherwise use default email else echo 'rpmbuild@rosa.unknown' && return fi # If script above has not return'ed for any reason, # e.g. because of non-bash shell being not able to # process regexp, use default email echo 'rpmbuild@rosa.unknown' } email="$(_get_email)" cat < "%{certs_key_config_rnd}" [ req ] prompt = no string_mask = utf8only #default_keyfile = %%{certs_signing_key_priv_rnd} distinguished_name = req_distinguished_name x509_extensions = myexts [ req_distinguished_name ] organizationName = %{vendor} rpmbuild commonName = Build time autogenerated @ALGO@ kernel key emailAddress = ${email} [ myexts ] basicConstraints=critical,CA:FALSE keyUsage=digitalSignature subjectKeyIdentifier=hash authorityKeyIdentifier=keyid EOF cat "%{certs_key_config_rnd}" sed -e 's,@ALGO@,RSA,g' "%{certs_key_config_rnd}" > "%{certs_key_config_rnd}.RSA" sed -e 's,@ALGO@,GOST R 34.10-2012,g' "%{certs_key_config_rnd}" > "%{certs_key_config_rnd}.GOST" # Avoid using the template rm -f "%{certs_key_config_rnd}" _libressl_gen_key(){ if [ "$GOST_KEY" = 1 ] then lssl_req_gost_args="\ -newkey gost2001 \ -pkeyopt dgst:streebog512 -pkeyopt paramset:A \ -streebog512" OUT="%{certs_signing_key_priv_rnd}.GOST" CONFIG="%{certs_key_config_rnd}.GOST" else lssl_req_gost_args="" OUT="%{certs_signing_key_priv_rnd}.RSA" CONFIG="%{certs_key_config_rnd}.RSA" fi libressl req -new -nodes -utf8 -batch \ $lssl_req_gost_args \ -days 109500 \ -x509 -config "$CONFIG" \ -out "$OUT" \ -keyout "$OUT" # Verify if [ "$GOST_KEY" = 1 ]; then libressl x509 -in "%{certs_signing_key_priv_rnd}.GOST" -text -noout \ | grep -E 'Signature Algorithm:.*GOST R 34.10-2012' libressl x509 -in "%{certs_signing_key_priv_rnd}.GOST" -text -noout \ | grep -E 'Digest Algorithm:.*GOST R 34-11-2012' libressl x509 -in "%{certs_signing_key_priv_rnd}.GOST" -text -noout \ | grep -E 'Public Key Algorithm:.*GOST R 34.10-2012' fi } GOST_KEY=0 _libressl_gen_key GOST_KEY=1 _libressl_gen_key # Fake CONFIG_MODULE_SIG_KEY to make build scripts happy cp -v "%{certs_signing_key_priv_rnd}.RSA" "%{certs_signing_key_priv_rnd}" # Strip public parts from the generated PEMs sed -n \ '/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' \ "%{certs_signing_key_priv_rnd}.GOST" \ "%{certs_signing_key_priv_rnd}.RSA" \ > "%{certs_public_keys}" # Link sign-file and extract-cert with LibreSSL instead of OpenSSL if [ $? != 0 ] ; then exit $? ; fi sed -i %{src_dir}/scripts/Makefile \ %if %{with uml} %{src_dir}.uml/scripts/Makefile \ %endif -e "s, libcrypto , libressl-libcrypto ,g" %if %{with additional_keys} # Add additional public RSA keys to the list of trusted keys for kernel modules # Build kernel --without additional_keys if you do not want to trust them cat %{expand:%(for i in `seq 1 12`; do echo "%%SOURCE$((200+${i}))" | tr "\n" " "; done)} \ >> "%{certs_public_keys}" %endif # End of additional_keys cat %{certs_public_keys} # .config %smake -s mrproper cp arch/%{arch_type}/configs/%{arch_suffix}_defconfig-%{flavour} .config # Make sure EXTRAVERSION says what we want it to say LC_ALL=C sed -ri "s/^EXTRAVERSION.*/EXTRAVERSION = -%{flavour}-%{buildrpmrel}/" Makefile # Build the kernel echo "Building kernel %{kver_full}" TARGETS="all" # need to install dtbs to proper boot arm64 devices %ifarch %{armx} TARGETS="$TARGETS dtbs" %endif %kmake V=1 -s $TARGETS # Install modules mkdir -p %{temp_modules}/%{kver_full} %smake INSTALL_MOD_PATH=%{temp_root} KERNELRELEASE=%{kver_full} modules_install %if %{with binary_extra_modules} # Build and install procedure is specific to each Makefile from kernmel-source-* packages # See also: https://www.kernel.org/doc/html/latest/kbuild/modules.html # Copy directory because write permissions are required # `make modules_install` must be done before this, otherwise these copied files will be deleted cp -r "$(rpm -q --qf '/usr/src/rtl8821ce-%%{VERSION}-%%{RELEASE}' kernel-source-rtl8821ce)" kernel-source-rtl8821ce pushd kernel-source-rtl8821ce %kmake KSRC=%{src_dir} M="$PWD" mkdir -p %{temp_modules}/%{kver_full}/kernel/net/wireless/ cp 8821ce.ko %{temp_modules}/%{kver_full}/kernel/net/wireless/8821ce.ko popd rm -fr kernel-source-rtl8821ce cp -r "$(rpm -q --qf '/usr/src/rtl8821cu-%%{VERSION}-%%{RELEASE}' kernel-source-rtl8821cu)" kernel-source-rtl8821cu pushd kernel-source-rtl8821cu %kmake KSRC=%{src_dir} M="$PWD" mkdir -p %{temp_modules}/%{kver_full}/kernel/net/wireless/ cp 8821cu.ko %{temp_modules}/%{kver_full}/kernel/net/wireless/8821cu.ko popd rm -fr kernel-source-rtl8821cu _build_nvidia(){ cp -r "$(rpm -q --qf "/usr/src/nvidia${1}-%%{VERSION}-%%{RELEASE}" kernel-source-nvidia${1})" kernel-source-nvidia${1} pushd kernel-source-nvidia${1} %make SYSSRC=%{src_dir} mkdir -p %{temp_modules}/%{kver_full}/kernel/drivers/video/nvidia${1}.%{kroko_release} for i in *.ko do # put them here to extract debug and compress, will be moved later install -m0644 "$i" %{temp_modules}/%{kver_full}/kernel/drivers/video/nvidia${1}.%{kroko_release}/"$i" done popd rm -fr kernel-source-nvidia${1} # for rosa-kernel-tools mkdir -p %{temp_root}/var/spool/initramfs-regen touch %{temp_root}/var/spool/initramfs-regen/nvidia${1}.%{kroko_release} } %ifarch %{ix86} %{x86_64} cp -r "$(rpm -q --qf '/usr/src/broadcom-wl-%%{VERSION}-%%{RELEASE}' kernel-source-broadcom-wl)" kernel-source-broadcom-wl pushd kernel-source-broadcom-wl %kmake -C %{src_dir} M="$PWD" mkdir -p %{temp_modules}/%{kver_full}/kernel/net/wireless/ cp wl.ko %{temp_modules}/%{kver_full}/kernel/net/wireless/wl.ko popd rm -fr kernel-source-broadcom-wl _build_nvidia 390 %endif %ifarch %{x86_64} _build_nvidia 470 _build_nvidia 510 _build_nvidia 515 %endif cp -r "$(rpm -q --qf '/usr/src/tripso-%%{VERSION}-%%{RELEASE}' kernel-source-tripso)" kernel-source-tripso pushd kernel-source-tripso %kmake KDIR=%{src_dir} mkdir -p %{temp_modules}/%{kver_full}/kernel/net cp xt_TRIPSO.ko %{temp_modules}/%{kver_full}/kernel/net/ popd rm -fr kernel-source-tripso cp -r "$(rpm -q --qf '/usr/src/ipt-so-%%{VERSION}-%%{RELEASE}' kernel-source-ipt-so)" kernel-source-ipt-so pushd kernel-source-ipt-so %kmake KDIR=%{src_dir} mkdir -p %{temp_modules}/%{kver_full}/kernel/net cp xt_so.ko %{temp_modules}/%{kver_full}/kernel/net/ popd rm -fr kernel-source-ipt-so %if %{with binary_shredder} cp -r "$(rpm -q --qf '/usr/src/shredder-kernel-%%{VERSION}-%%{RELEASE}' kernel-source-shredder-kernel)" kernel-source-shredder-kernel pushd kernel-source-shredder-kernel %kmake KERNEL_PATH=%{src_dir} mkdir -p %{temp_modules}/%{kver_full}/kernel/extra/ cp shredder-kernel.ko %{temp_modules}/%{kver_full}/kernel/extra/ popd rm -fr kernel-source-shredder-kernel %endif %if %{with binary_virtualbox_host} # build commands for virtualbox are based on the ones from the virtualbox package cp -r "$(rpm -q --qf '/usr/src/virtualbox-%%{VERSION}-%%{RELEASE}' kernel-source-virtualbox)" kernel-source-virtualbox mkdir -p %{temp_modules}/%{kver_full}/kernel/misc/ pushd kernel-source-virtualbox make -C vboxdrv KERN_DIR=%{src_dir} KERN_VER=%{kver_full} cp -fv vboxdrv/Module.symvers vboxnetflt cp -fv vboxdrv/Module.symvers vboxnetadp make -C vboxnetflt KERN_DIR=%{src_dir} KERN_VER=%{kver_full} make -C vboxnetadp KERN_DIR=%{src_dir} KERN_VER=%{kver_full} cp -fv vboxnetadp/Module.symvers vboxpci/ make -C vboxpci KERN_DIR=%{src_dir} KERN_VER=%{kver_full} for i in vboxnetflt vboxnetadp vboxdrv vboxpci do cp -v "${i}/${i}.ko" %{temp_modules}/%{kver_full}/kernel/misc/ done popd %endif cp -r "$(rpm -q --qf '/usr/src/v4l2loopback-%%{VERSION}-%%{RELEASE}' kernel-source-v4l2loopback)" kernel-source-v4l2loopback pushd kernel-source-v4l2loopback cat Kbuild > Makefile mkdir -p %{temp_modules}/%{kver_full}/kernel/drivers/media make -C %{src_dir} M="$PWD" modules cp v4l2loopback.ko %{temp_modules}/%{kver_full}/kernel/drivers/media pushd rm -fr kernel-source-v4l2loopback %if %{with nickel} # rosa-test-suite uses /sr/src/xxx-version, not /usr/src/xxx-version-release cp -r "$(rpm -q --qf '/usr/src/rosa-test-suite-%%{VERSION}' kernel-source-rosa-test-suite)" kernel-source-rosa-test-suite pushd kernel-source-rosa-test-suite mkdir -p %{temp_modules}/%{kver_full}/kernel/misc/ for i in nlkm memfreetest pcietest do cat << EOF > Makefile obj-m := ${i}.o all: make -C %{src_dir} M=\$(PWD) modules EOF %kmake cp -fv ${i}.ko %{temp_modules}/%{kver_full}/kernel/misc/ done popd %endif # End with nickel <- with binary_extra_modules %endif # End with binary_extra_modules %if %{with uml} cp -rv %{certs_dir_rnd} %{src_dir}.uml/ pushd %{src_dir}.uml %kmake ARCH=um defconfig %kmake ARCH=um linux install -Dm0755 linux %{temp_root}%{_bindir}/linux-uml-%{kver_full} #rm -fv linux %kmake V=1 ARCH=um modules mkdir -p %{temp_root}/lib/modules-uml/%{kver_full}/ %kmake ARCH=um INSTALL_MOD_PATH=%{temp_root}/lib/modules-uml/%{kver_full}/ modules_install popd %endif install -d %{temp_boot} install -m 644 System.map %{temp_boot}/System.map-%{kver_full} install -m 644 .config %{temp_boot}/config-%{kver_full} %if %{with modxz} xz -c Module.symvers > %{temp_boot}/symvers-%{kver_full}.xz %else %{zstd_cmd} Module.symvers install -m 644 Module.symvers.zst %{temp_boot}/symvers-%{kver_full}.zst %endif %ifarch %{armx} %make_build ARCH=%{arch_type} V=1 INSTALL_DTBS_PATH=%{temp_boot}/dtb-%{kver_full} dtbs_install %endif %ifarch aarch64 cp -f arch/arm64/boot/Image.gz %{temp_boot}/vmlinuz-%{kver_full} %else cp -f arch/%{arch_type}/boot/bzImage %{temp_boot}/vmlinuz-%{kver_full} %endif # Headers %if %{build_headers} %make INSTALL_HDR_PATH=%{temp_root}%{_prefix} KERNELRELEASE=%{kver_full} headers_install find %{temp_root}%{_prefix} -name .install -or -name ..install.cmd | %kxargs rm -f %endif # Remove /lib/firmware, we use a separate linux-firmware package rm -rf %{temp_root}/lib/firmware # Prepare the files for kernel*-devel %if %{build_devel} mkdir -p %{temp_devel_root} for i in $(find . -name 'Makefile*'); do cp -R --parents $i %{temp_devel_root}; done for i in $(find . -name 'Kconfig*' -o -name 'Kbuild*'); do cp -R --parents $i %{temp_devel_root}; done cp -fR include %{temp_devel_root} cp -fR scripts %{temp_devel_root} cp -fR kernel/bounds.c %{temp_devel_root}/kernel cp -fR kernel/time/timeconst.bc %{temp_devel_root}/kernel/time cp -fR tools %{temp_devel_root}/ cp -fR arch/%{arch_type}/kernel/asm-offsets.{c,s} %{temp_devel_root}/arch/%{arch_type}/kernel/ %ifarch %{ix86} %{x86_64} cp -fR arch/%{arch_type}/kernel/asm-offsets_{32,64}.c %{temp_devel_root}/arch/%{arch_type}/kernel/ cp -fR arch/%{arch_type}/purgatory/* %{temp_devel_root}/arch/%{arch_type}/purgatory/ # Needed for arch/x86/purgatory cp -fR lib/*.h lib/*.c %{temp_devel_root}/lib/ cp -fR arch/%{arch_type}/entry/syscalls/syscall* %{temp_devel_root}/arch/%{arch_type}/entry/syscalls/ cp -fR arch/%{arch_type}/tools %{temp_devel_root}/arch/%{arch_type}/ # needed for kexec cp -fR arch/%{arch_type}/boot/*.h %{temp_devel_root}/arch/%{arch_type}/boot/ cp -fR arch/%{arch_type}/boot/*.c %{temp_devel_root}/arch/%{arch_type}/boot/ %endif cp -fR arch/%{arch_type}/include %{temp_devel_root}/arch/%{arch_type}/ cp -fR .config Module.symvers %{temp_devel_root} # Needed for truecrypt build (Danny) cp -fR drivers/md/dm.h %{temp_devel_root}/drivers/md/ # Needed for lirc_gpio (#39004) cp -fR drivers/media/pci/bt8xx/bttv{,p}.h %{temp_devel_root}/drivers/media/pci/bt8xx/ cp -fR drivers/media/pci/bt8xx/bt848.h %{temp_devel_root}/drivers/media/pci/bt8xx/ cp -fR drivers/media/common/btcx-risc.h %{temp_devel_root}/drivers/media/common/ # Add acpica header files, needed for fglrx build cp -fR drivers/acpi/acpica/*.h %{temp_devel_root}/drivers/acpi/acpica/ %if %{with aufs} # aufs2 has a special file needed cp -fR fs/aufs/magic.mk %{temp_devel_root}/fs/aufs %endif # SELinux needs security/selinux/include cp -fR security/selinux/include %{temp_devel_root}/security/selinux for i in alpha arc avr32 blackfin c6x cris csky frv h8300 hexagon ia64 m32r m68k m68knommu metag microblaze \ mips mn10300 nds32 nios2 openrisc parisc powerpc riscv s390 score sh sparc tile unicore32 xtensa; do rm -rf %{temp_devel_root}/arch/$i done # Clean the scripts tree, and make sure everything is ok (sanity check) # running prepare+scripts (tree was already "prepared" in build) pushd %{temp_devel_root} %smake V=1 -s clean ARCH=%{arch_type} popd rm -f %{temp_devel_root}/.config.old # Fix permissions chmod -R a+rX %{temp_devel_root} # Disable mrproper in -devel rpms patch -p1 --fuzz=0 -d %{temp_devel_root} -i %{SOURCE2} %endif # End of build_devel # TODO: maybe move to /usr/lib/debug? %if %{build_debug} find %{temp_modules}/%{kver_full}/kernel \ -name "*.ko" | \ %kxargs -I '{}' objcopy --only-keep-debug '{}' '{}'.debug find %{temp_modules}/%{kver_full}/kernel \ -name "*.ko" | %kxargs -I '{}' \ sh -c 'cd `dirname {}`; \ objcopy --add-gnu-debuglink=`basename {}`.debug \ --strip-debug `basename {}`' %endif # End of build_debug # https://patchwork.kernel.org/patch/11446123/ _libressl_sign(){ if [ ! -f "$1" ]; then echo "No file $1" return 0 fi f="$1" %if %{with gost_sign} %{src_dir}/scripts/sign-file streebog512 \ "%{certs_signing_key_priv_rnd}.GOST" "%{certs_signing_key_priv_rnd}.GOST" "$f" %else %{src_dir}/scripts/sign-file sha512 \ "%{certs_signing_key_priv_rnd}.RSA" "%{certs_signing_key_priv_rnd}.RSA" "$f" %endif unset f } export -f _libressl_sign find %{temp_modules}/%{kver_full}/kernel \ %if %{with uml} %{temp_root}/lib/modules-uml/%{kver_full} \ %endif -name '*.ko' -print0 | sort -u | \ xargs --null -P "$(nproc)" -I {} "$SHELL" -e -x -c 'if ! _libressl_sign "{}"; \ then echo Failed _libressl_sign on "{}" && exit 1; fi' # Set extraversion to match srpm to get nice version reported by the tools LC_ALL=C sed -ri "s/^EXTRAVERSION.*/EXTRAVERSION = -%{fullrpmrel}/" Makefile %if %{build_perf} %smake -C tools/perf -s PYTHON=%{__python3} HAVE_CPLUS_DEMANGLE=1 WERROR=0 prefix=%{_prefix} lib=%{_lib} NO_GTK2=1 all %smake -C tools/perf -s prefix=%{_prefix} lib=%{_lib} NO_GTK2=1 man %endif %if %{build_cpupower} # Make sure version-gen.sh is executable. chmod +x tools/power/cpupower/utils/version-gen.sh %make -C tools/power/cpupower CPUFREQ_BENCH=false %endif _cleanup ############################################################################ %install cd %{src_dir} # TODO: get rid of temporary directory, install to buildroot directly? # We want to be able to test several times the install part rm -rf %{buildroot} cp -a %{temp_root} %{buildroot} #if %%{with oblig_signed_modules} # Multithreaded verification that every kernel module has a signature attached to it mkdir -p "%{certs_dir_rnd}" touch %{certs_verify_tmp} _verify_signature(){ if [ -z "$1" ] || [ ! -f "$1" ]; then return; fi if hexdump -C "$1" | rev | cut -f 2 -d '|' | rev | tr -d '\n' | grep -q '~Module signature appended~'; then if [ -f %{certs_verify_tmp} ]; then rm -f %{certs_verify_tmp} fi else echo "ERROR: Module $1 has no signature attached to it!" exit 1 fi } export -f _verify_signature find %{target_modules} \ %if %{with uml} %{buildroot}/lib/modules-uml/%{kver_full} \ %endif -name '*.ko' -print0 | sort -u | \ xargs --null -P "$(nproc)" -I {} "$SHELL" -c '_verify_signature "{}"' if [ -f %{certs_verify_tmp} ]; then echo "ERROR: seems that signatures of none modules were verified!" exit 1 fi rm -f %{certs_verify_tmp} #endif # Compressing modules %if %{with compress_modules} # Tested on /lib/modules/5.10.34-generic-2rosa2019.1-x86_64, the results are the following: # * decompressed: 266.3 MiB # * xz -9 --extreme: 67.8 MiB # * zstd --ultra -22 without training: 73.5 MiB # * zstd -6 without training: 79.6 MiB # * zstd --ultra -22 with training: 66.3 MiB (the winner!) # Training takes only a few minutes, make it here in place with current zstd and kernel modules. # But! Decompressing also requires a dictionary for zstd, that will be too complex, so not using training :( # We already use zstd in dracut to compress initrds quickly and with good compression ration. # Testing speed of loading modules: # `time modinfo bcache.ko.xz` took 0,048s, `time modinfo bcache.ko.zstd` took 0,014s (for multiple times) # find /lib/modules/5.10.34-generic-2rosa2019.1-x86_64 -type f -name '*.ko.zst' > /tmp/zst.list # time { for i in `cat /tmp/zst.list`; do modinfo $i >/dev/null 2>&1; done ;} # took ~31-40s, with disk cache (2+ runs) ~33s # find /lib/modules/5.10.34-generic-1rosa2019.1-x86_64 -type f -name '*.ko.xz' > /tmp/xz.list # time { for i in `cat /tmp/xz.list`; do modinfo $i >/dev/null 2>&1; done ;} # took 43-47s, with disk cache (2+ runs) ~42s, +21%% # zstd-compressed initramfs image initrd-5.10.34-generic-1rosa2019.1-x86_64.img with *.ko.xz is 56,3 MiB # zstd-compressed initramfs image initrd-5.10.34-generic-2rosa2019.1-x86_64.img with *.ko.zst is 58,4 MiB (+3.6%%) # /lib/modules/5.10.34-generic-1rosa2019.1-x86_64 (*.ko.xz) is 78,1 MiB # /lib/modules/5.10.34-generic-2rosa2019.1-x86_64 (*.ko.zst) is 83,9 MiB (+7%%) # When zstd is compressing cpio (initrd image) with zstd-compressed kernel modules inside it, does it recompress data? # It is not easy to make a choice between zstd and xz for kernel modules... Disk space (and so speed of installing # RPM packages) is not much bigger, we do not try to support super low end devices, operation speed is a bit better. # I have not seen measurable difference in startup time according to systemd-analyze. # Note that decompression after zstd --ultra -22 will consume more memory than after zstd -6, see commit message in # https://github.com/torvalds/linux/commit/73f3d1b48f5069d46b. I did not benchmark -6 vs -22 in runtime. # Let's use zstd for now. # zstd may also be used to compress linux-firmware to save a lot of space on disk, # but upstream kernels still cannot decompress it. #{zstd_cmd} -T0 --train $(find . -type f -name '*.ko') #[ -f dictionary ] # -T1 (one thread) because we run multiple zstd processes by xargs %if %{with modxz} find %{target_modules} -name "*.ko" | %kxargs xz -6e %else find %{target_modules} -name "*.ko" | %kxargs %{zstd_cmd} --rm -T1 #-D dictionary rm -f dictionary %endif %endif %if %{with binary_extra_modules} # Move nvidia modules to manage them via alternatives(8), leave *.debug # TODO: better handle debug here and in the package in general find %{target_modules}/%{kver_full}/kernel/drivers/video -name 'nvidia???.*' -type d -maxdepth 1 | while read -r line do nv="$(basename "$line")" mkdir -p %{buildroot}%{kroko_kmods_dir}/"$nv"-%{kver_full} mv -v "$line"/*.ko%{kmod_suffix} %{buildroot}%{kroko_kmods_dir}/"$nv"-%{kver_full} dir_no_buildroot="$(echo "$line" | sed -e 's,^%{buildroot},,')" echo "%exclude $dir_no_buildroot" >> %{kernel_files} %if %{build_debug} echo "%dir $dir_no_buildroot" >> %{debuginfo_files} %endif done %endif #/with binary_extra_modules find %{buildroot}%{_modulesdir}/%{kver_full} -type f -name '*.ko%{kmod_suffix}' | sed -e 's,^%{buildroot},,' | sort -u >> %{kernel_files} find %{buildroot}%{_modulesdir}/%{kver_full} -type d | sed -e 's,^%{buildroot},%dir ,' | sort -u >> %{kernel_files} # We estimate the size of the initramfs because rpm needs to take this size # into consideration when performing disk space calculations (See rhbz#530778) # 65 MiB is a bit more than needed, but let's be more sure that there is enought space. # On my PC, zstd-compressed initrds take 58,5 MiB. # Real size of the RPM package should not increase because RPM compresses the payload. # This file is %%ghost, so the real initrd will be deleted when uninstalling this package. dd if=/dev/zero of=%{buildroot}%{initrd_path} bs=1M count=65 %if %{build_debug} install -m 644 vmlinux %{buildroot}%{_bootdir}/vmlinux-%{kver_full} find %{buildroot}%{_modulesdir} -type f -name '*.debug' | sed -e 's,^%{buildroot},,' | sort -u >> %{debuginfo_files} %endif # End of build_debug pushd %{target_modules} for i in *; do rm -f $i/build $i/source ln -sf /usr/src/linux-$i $i/build ln -sf /usr/src/linux-$i $i/source done # Sniff, if we compressed all the modules, we change the stamp :( # we really need the depmod -ae here for i in *; do /sbin/depmod -ae -b %{buildroot} -F %{target_boot}/System.map-$i $i echo $? done # We used to create modules.description files which contained the # description strings for the modules as shown by modinfo. These files # are unlikely to be used right now, so create them (in case some old tool # checks for their existence) but keep them empty. for i in *; do touch $i/modules.description done popd # Need to set extraversion to match srpm again to avoid rebuild LC_ALL=C sed -ri "s/^EXTRAVERSION.*/EXTRAVERSION = -%{fullrpmrel}/" Makefile %if %{build_perf} # Perf tool binary and supporting scripts/binaries make -C tools/perf -s V=1 DESTDIR=%{buildroot} WERROR=0 HAVE_CPLUS_DEMANGLE=1 prefix=%{_prefix} lib=%{_lib} install # Versionize shebang (#!/usr/bin/env python -> #!/usr/bin/python3) sed -i '1 s,^#!/usr/bin/env python$,#!%{__python3},' \ %{buildroot}%{_prefix}/libexec/perf-core/scripts/python/exported-sql-viewer.py \ %{buildroot}%{_prefix}/libexec/perf-core/scripts/python/libxed.py # Perf man pages (note: implicit rpm magic compresses them later) make -C tools/perf -s V=1 DESTDIR=%{buildroot} WERROR=0 HAVE_CPLUS_DEMANGLE=1 prefix=%{_prefix} install-man %endif %if %{build_cpupower} make -C tools/power/cpupower DESTDIR=%{buildroot} libdir=%{_libdir} mandir=%{_mandir} CPUFREQ_BENCH=false install rm -f %{buildroot}%{_libdir}/*.{a,la} %find_lang cpupower mv cpupower.lang ../ chmod 0755 %{buildroot}%{_libdir}/libcpupower.so* mkdir -p %{buildroot}%{_unitdir} %{buildroot}%{_sysconfdir}/sysconfig install -m644 %{SOURCE50} %{buildroot}%{_unitdir}/cpupower.service install -m644 %{SOURCE53} %{buildroot}%{_unitdir}/cpupower.path install -m644 %{SOURCE51} %{buildroot}%{_sysconfdir}/sysconfig/cpupower install -m755 %{SOURCE52} %{buildroot}%{_bindir}/cpupower-start.sh %endif # Delete junk rm -fr %{buildroot}%{_usr}/src/*/kernel-source-* %if %{with flow_abi} # Prefix with "zzz" to put this directory into the end of search list # and avoid tricks with depmod configs mkdir -p %{buildroot}/lib/modules/%{kernelversion}.%{patchlevel}-rosa-flow-abi ln -s /lib/modules/%{kernelversion}.%{patchlevel}-rosa-flow-abi %{buildroot}%{_modulesdir}/%{kver_full}/kernel/zzz-%{kernelversion}.%{patchlevel}-rosa-flow-abi %endif # Drop hidden files rm -f %{buildroot}%{_docdir}/kernel-5.10-generic-doc/devicetree/bindings/.yamllint # Fix perms chmod -x %{buildroot}%{_sysconfdir}/bash_completion.d/perf chmod -x %{buildroot}%{_prefix}/lib/perf/examples/bpf/*.c chmod -x %{buildroot}%{_prefix}/lib/perf/include/bpf/*.h chmod -x %{buildroot}%{_prefix}/lib/perf/include/bpf/linux/*.h chmod -x %{buildroot}%{_datadir}/doc/perf-tip/*.txt