Djam/kernel-6.6
1
0
Fork 0
mirror of https://abf.rosa.ru/djam/kernel-6.6.git synced 2025-02-25 11:52:46 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
kernel-6.6/kernel.spec
Mikhail Novosyolov fdb4d0f552 upd: 5.10.25 -> 5.10.27 
Changelog:

ACPICA: Always create namespace nodes using acpi_ns_create_node()
ACPI: scan: Rearrange memory allocation in acpi_device_add()
ACPI: scan: Use unique number for instance_no
ACPI: video: Add missing callback back for Sony VPCEH3U1E
afs: Fix accessing YFS xattrs on a non-YFS server
afs: Stop listxattr() from listing "afs.*" attributes
ALSA: dice: fix null pointer dereference when node is disconnected
ALSA: hda: generic: Fix the micmute led init state
ALSA: hda: ignore invalid NHLT table
ALSA: hda/realtek: Apply headset-mic quirks for Xiaomi Redmibook Air
ALSA: hda/realtek: apply pin quirk for XiaomiNotebook Pro
ALSA: hda/realtek: fix mute/micmute LEDs for HP 440 G8
ALSA: hda/realtek: fix mute/micmute LEDs for HP 840 G8
ALSA: hda/realtek: fix mute/micmute LEDs for HP 850 G8
ALSA: usb-audio: Fix unintentional sign extension issue
arm64: dts: ls1012a: mark crypto engine dma coherent
arm64: dts: ls1043a: mark crypto engine dma coherent
arm64: dts: ls1046a: mark crypto engine dma coherent
arm64: kdump: update ppos when reading elfcorehdr
arm64: stacktrace: don't trace arch_stack_walk()
ARM: dts: at91: sam9x60: fix mux-mask for PA7 so it can be set to A, B and C
ARM: dts: at91: sam9x60: fix mux-mask to match product's datasheet
ARM: dts: at91-sama5d27_som1: fix phy address to 7
ARM: dts: imx6ull: fix ubi filesystem mount failed
ARM: OMAP2+: Fix smartreflex init regression after dropping legacy data
ASoC: ak4458: Add MODULE_DEVICE_TABLE
ASoC: ak5558: Add MODULE_DEVICE_TABLE
ASoC: codecs: wcd934x: add a sanity check in set channel map
ASoC: fsl_ssi: Fix TDM slot setup for I2S mode
ASoC: Intel: bytcr_rt5640: Fix HP Pavilion x2 10-p0XX OVCD current threshold
ASoC: qcom: lpass-cpu: Fix lpass dai ids parse
ASoC: qcom: sdm845: Fix array out of bounds access
ASoC: qcom: sdm845: Fix array out of range on rx slim channels
ASoC: simple-card-utils: Do not handle device clock
ASoC: SOF: intel: fix wrong poll bits in dsp power down
ASoC: SOF: Intel: unregister DMIC device on probe error
atm: eni: dont release is never initialized
atm: idt77252: fix null-ptr-dereference
atm: lanai: dont run lanai_dev_close if not open
atm: uPD98402: fix incorrect allocation
blk-cgroup: Fix the recursive blkg rwstat
block: Fix REQ_OP_ZONE_RESET_ALL handling
block: recalculate segment count for multi-segment discards correctly
block: Suppress uevent for hidden device when removed
bpf: Change inode_storage's lookup_elem return value from NULL to -EBADF
bpf: Declare __bpf_free_used_maps() unconditionally
bpf: Don't do bpf_cgroup_storage_set() for kuprobe/tp programs
bpf: Fix umd memory leak in copy_process()
btrfs: fix race when cloning extent buffer during rewind of an old root
btrfs: fix slab cache flags for free space tree bitmap
btrfs: fix sleep while in non-sleep context during qgroup removal
bus: omap_l3_noc: mark l3 irqs as IRQF_NO_THREAD
can: c_can: move runtime PM enable/disable to c_can_platform
can: c_can_pci: c_can_pci_remove(): fix use-after-free
can: dev: Move device back to init netns on owning netns delete
can: flexcan: flexcan_chip_freeze(): fix chip freeze for missing bitrate
can: isotp: isotp_setsockopt(): only allow to set low level TX flags for CAN-FD
can: isotp: TX-path: ensure that CAN frame flags are initialized
can: isotp: tx-path: zero initialize outgoing CAN frames
can: kvaser_pciefd: Always disable bus load reporting
can: m_can: m_can_do_rx_poll(): fix extraneous msg loss warning
can: m_can: m_can_rx_peripheral(): fix RX being blocked by errors
can: peak_usb: add forgotten supported devices
can: peak_usb: Revert "can: peak_usb: add forgotten supported devices"
ch_ktls: fix enum-conversion warning
cifs: Adjust key sizes and key generation routines for AES256 encryption
cifs: ask for more credit on async read/write code paths
cifs: change noisy error message to FYI
cifs: fix allocation size on newly created files
cifs: Fix preauth hash corruption
clk: qcom: gcc-sc7180: Use floor ops for the correct sdcc1 clk
counter: stm32-timer-cnt: fix ceiling miss-alignment with reload register
counter: stm32-timer-cnt: fix ceiling write max value
counter: stm32-timer-cnt: Report count function when SLAVE_MODE_DISABLED
cpufreq: blacklist Arm Vexpress platforms in cpufreq-dt-platdev
dm ioctl: fix out of bounds array access when no devices
dm table: Fix zoned model check and zone sectors check
dm verity: fix DM_VERITY_OPTS_MAX value
drm/amd/display: Correct algorithm for reversed gamma
drm/amd/display: Revert dram_clock_change_latency for DCN2.1
drm/amd/display: turn DPMS off on connector unplug
drm/amdgpu: Add additional Sienna Cichlid PCI ID
drm/amdgpu/display: restore AUX_DPHY_TX_CONTROL for DCN2.x
drm/amdgpu: fb BO should be ttm_bo_type_device
drm/amd/pm: fulfill the Polaris implementation for get_clock_by_type_with_latency()
drm/amd/pm: workaround for audio noise issue
drm/etnaviv: Use FOLL_FORCE for userptr
drm/i915: Fix the GT fence revocation runtime PM logic
drm/msm/dsi: fix check-before-set in the 7nm dsi_pll code
drm/msm: fix shutdown hook in case GPU components failed to bind
drm/msm: Fix suspend/resume on i.MX5
drm/radeon: fix AGP dependency
drop_monitor: Perform cleanup upon probe registration failure
e1000e: add rtnl_lock() to e1000_reset_task
e1000e: Fix error handling in e1000_set_d0_lplu_state_82571
efi: use 32-bit alignment for efi_guid_t literals
efivars: respect EFI_UNSUPPORTED return from firmware
ext4: add reclaim checks to xattr code
ext4: do not try to set xattr into ea_inode if value is empty
ext4: find old entry again if failed to rename whiteout
ext4: fix error handling in ext4_end_enable_verity()
ext4: fix potential error in ext4_do_update_inode
ext4: fix rename whiteout with fast commit
ext4: stop inode update before return
firmware/efi: Fix a use after bug in efi_mem_reserve_persistent
flow_dissector: fix byteorder of dissected ICMP ID
fs/cachefiles: Remove wait_bit_key layout dependency
fs/ext4: fix integer overflow in s_log_groups_per_flex
ftgmac100: Restart MAC HW once
ftrace: Fix modify_ftrace_direct.
gcov: fix clang-11+ support
genirq: Disable interrupts for force threaded handlers
gfs2: Add common helper for holding and releasing the freeze glock
gfs2: bypass signal_our_withdraw if no journal
gfs2: fix use-after-free in trans_drain
gfs2: move freeze glock outside the make_fs_rw and _ro functions
gianfar: fix jumbo packets+napi+rx overrun crash
gpiolib: acpi: Add missing IRQF_ONESHOT
gpiolib: Assign fwnode to parent's if no primary one provided
habanalabs: Call put_pid() when releasing control device
hugetlb_cgroup: fix imbalanced css_get and css_put pair for shared mappings
i40e: Fix endianness conversions
i915/perf: Start hrtimer only if sampling the OA buffer
ia64: fix ia64_syscall_get_set_arguments() for break-based syscalls
ia64: fix ptrace(PTRACE_SYSCALL_INFO_EXIT) sign
ibmvnic: add some debugs
ibmvnic: remove excessive irqsave
ibmvnic: serialize access to work queue on remove
igb: avoid premature Rx buffer reuse
igb: check timestamp validity
igc: Fix igc_ptp_rx_pktstamp()
igc: Fix Pause Frame Advertising
igc: Fix Supported Pause Frame Link Setting
igc: reinit_locked() should be called with rtnl_lock
iio: adc: ab8500-gpadc: Fix off by 10 to 3
iio: adc: ad7949: fix wrong ADC result due to incorrect bit mask
iio: adc: adi-axi-adc: add proper Kconfig dependencies
iio:adc:qcom-spmi-vadc: add default scale to LR_MUX2_BAT_ID channel
iio:adc:stm32-adc: Add HAS_IOMEM dependency
iio: adis16400: Fix an error code in adis16400_initial_setup()
iio: gyro: mpu3050: Fix error handling in mpu3050_trigger_handler
iio: hid-sensor-humidity: Fix alignment issue of timestamp channel
iio: hid-sensor-prox: Fix scale not correct issue
iio: hid-sensor-temperature: Fix issues of timestamp channel
integrity: double check iint_cache was initialized
ionic: linearize tso skb with too many frags
io_uring: clear IOCB_WAITQ for non -EIOCBQUEUED return
io_uring: don't attempt IO reissue from the ring exit path
io_uring: ensure that SQPOLL thread is started for exit
io_uring: fix inconsistent lock state
io_uring: fix provide_buffers sign extension
ipv6: fix suspecious RCU usage warning
ipv6: weaken the v4mapped source check
irqchip/ingenic: Add support for the JZ4760
iwlwifi: Add a new card for MA family
ixgbe: Fix memleak in ixgbe_configure_clsu32
kasan: fix per-page tags for non-page_alloc pages
kbuild: add image_name to no-sync-config-targets
kbuild: dummy-tools: fix inverted tests for gcc
kbuild: Fix <linux/version.h> for empty SUBLEVEL or PATCHLEVEL again
kernel, fs: Introduce and use set_restart_fn() and arch_set_restart_data()
kselftest: arm64: Fix exit code of sve-ptrace
KVM: x86: Protect userspace MSR filter with SRCU, and set atomically-ish
libbpf: Fix BTF dump of pointer-to-array-of-struct
libbpf: Fix error path in bpf_object__elf_init()
libbpf: Fix INSTALL flag order
libbpf: Use SOCK_CLOEXEC when opening the netlink socket
locking/mutex: Fix non debug version of mutex_lock_io_nested()
mac80211: Allow HE operation to be longer than expected.
mac80211: fix double free in ibss_leave
mac80211: fix rate mask reset
macvlan: macvlan_count_rx() needs to be aware of preemption
MAINTAINERS: move some real subsystems off of the staging mailing list
MAINTAINERS: move the staging subsystem to lists.linux.dev
media: cedrus: h264: Support profile controls
MIPS: compressed: fix build with enabled UBSAN
mm/fork: clear PASID for new mm
mm/memcg: fix 5.10 backport of splitting page memcg
mm/memcg: rename mem_cgroup_split_huge_fixup to split_page_memcg and add nr_pages argument
mm/memcg: set memcg when splitting page
mm/mmu_notifiers: ensure range_end() is paired with range_start()
module: avoid *goto*s in module_sig_check()
module: harden ELF info handling
module: merge repetitive strings in module_sig_check()
mt76: fix tx skb error handling in mt76_dma_tx_queue_skb
net: axienet: Fix probe error cleanup
net: axienet: Properly handle PCS/PMA PHY for 1000BaseX mode
net: bonding: fix error return code of bond_neigh_init()
net, bpf: Fix ip6ip6 crash with collect_md populated skbs
net: bridge: don't notify switchdev for local FDB addresses
net: cdc-phonet: fix data-interface release on probe failure
net: check all name nodes in __dev_alloc_name
net: Consolidate common blackhole dst ops
net: davicom: Use platform_get_irq_optional()
net: dsa: b53: VLAN filtering is global to all users
net: dsa: bcm_sf2: Qualify phydev->dev_flags based on port
net: enetc: set MAC RX FIFO to recommended value
net: fec: ptp: avoid register access when ipg clock is disabled
netfilter: ctnetlink: fix dump of the expect mask attribute
netfilter: flowtable: Make sure GC works periodically in idle system
netfilter: nftables: allow to update flowtable flags
netfilter: nftables: report EOPNOTSUPP on unsupported flowtable flags
netfilter: x_tables: Use correct memory barriers.
net: hdlc_x25: Prevent racing between "x25_close" and "x25_xmit"/"x25_rx"
net: hisilicon: hns: fix error return code of hns_nic_clear_all_rx_fetch()
net: intel: iavf: fix error return code of iavf_init_get_resources()
net: ipa: terminate message handler arrays
net/mlx5: Add back multicast stats for uplink representor
net/mlx5e: Allow to match on MPLS parameters only for MPLS over UDP
net/mlx5e: Don't match on Geneve options in case option masks are all zero
net/mlx5e: Fix error path for ethtool set-priv-flag
net/mlx5e: Offload tuple rewrite for non-CT flows
net/mlx5e: RX, Mind the MPWQE gaps when calculating offsets
net/mlx5e: When changing XDP program without reset, take refs for XSK RQs
net: phy: broadcom: Add power down exit reset state delay
net: phy: broadcom: Avoid forward for bcm54xx_config_clock_delay()
net: phy: broadcom: Fix RGMII delays for BCM50160 and BCM50610M
net: phy: broadcom: Set proper 1000BaseX/SGMII interface mode for BCM54616S
net: phy: introduce phydev->port
net: phylink: Fix phylink_err() function name error in phylink_major_config
net: phy: micrel: set soft_reset callback to genphy_soft_reset for KSZ8081
net/qlcnic: Fix a use after free in qlcnic_83xx_get_minidump_template
net: qrtr: fix a kernel-infoleak in qrtr_recvmsg()
net/qrtr: fix __netdev_alloc_skb call
net/sched: cls_flower: fix only mask bit check in the validate_ct_state
net: sched: validate stab values
netsec: restore phy power state after controller reset
net: stmmac: dwmac-sun8i: Provide TX and RX fifo sizes
net: stmmac: fix dma physical address of descriptor when display ring
net: tehuti: fix error return code in bdx_probe()
net: wan: fix error return code of uhdlc_init()
nfp: flower: add ipv6 bit to pre_tunnel control message
nfp: flower: fix pre_tun mask id allocation
nfp: flower: fix unsupported pre_tunnel flows
NFS: Correct size calculation for create reply length
nfsd: don't abort copies early
nfsd: Don't keep looking up unhashed files in the nfsd file cache
NFSD: fix dest to src mount in inter-server COPY
NFSD: Repair misuse of sv_lock in 5.10.16-rt30.
nfs: fix PNFS_FLEXFILE_LAYOUT Kconfig default
nfs: we don't support removing system.nfs4_acl
nvme: add NVME_REQ_CANCELLED flag in nvme_cancel_request()
nvme-core: check ctrl css before setting up zns
nvme-fc: return NVME_SC_HOST_ABORTED_CMD when a command has been aborted
nvme-fc: set NVME_REQ_CANCELLED in nvme_fc_terminate_exchange()
nvme: fix the nsid value to print in nvme_validate_or_alloc_ns
nvme: fix Write Zeroes limitations
nvme-pci: add the DISABLE_WRITE_ZEROES quirk for a Samsung PM1725a
nvme-rdma: Fix a use after free in nvmet_rdma_write_data_done
nvme-rdma: fix possible hang when failing to set io queues
nvme: simplify error logic in nvme_validate_ns()
nvme-tcp: fix a NULL deref when receiving a 0-length r2t PDU
nvme-tcp: fix misuse of __smp_processor_id with preemption enabled
nvme-tcp: fix possible hang when failing to set io queues
nvmet: don't check iosqes,iocqes for discovery controllers
octeontx2-af: fix infinite loop in unmapping NPC counter
octeontx2-af: Fix irq free in rvu teardown
octeontx2-af: Fix memory leak of object buf
octeontx2-af: Formatting debugfs entry rsrc_alloc.
octeontx2-af: Modify default KEX profile to extract TX packet fields
octeontx2-af: Remove TOS field from MKEX TX
octeontx2-pf: Clear RSS enable flag on interace down
PCI: rpadlpar: Fix potential drc_name corruption in store functions
perf auxtrace: Fix auxtrace queue conflict
perf synthetic events: Avoid write of uninitialized memory when generating PERF_RECORD_MMAP* records
perf/x86/intel: Fix a crash caused by zero PEBS status
perf/x86/intel: Fix unchecked MSR access error caused by VLBR_EVENT
platform/x86: intel-vbtn: Stop reporting SW_DOCK events
PM: EM: postpone creating the debugfs dir till fs_initcall
PM: runtime: Defer suspending suppliers
powerpc/4xx: Fix build errors from mfdcr()
powerpc: Force inlining of cpu_has_feature() to avoid build failure
powerpc/sstep: Fix darn emulation
powerpc/sstep: Fix load-store and update emulation
psample: Fix user API breakage
pstore: Fix warning in pstore_kill_sb()
r8152: limit the RX buffer size of RTL8153A for USB 2.0
r8169: fix DMA being used after buffer free if WoL is enabled
RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server
RDMA/mlx5: Allow creating all QPs even when non RDMA profile is used
RDMA/rtrs: Fix KASAN: stack-out-of-bounds bug
RDMA/rtrs: Introduce rtrs_post_send
RDMA/rtrs: Remove unnecessary argument dir of rtrs_iu_free
RDMA/rtrs-srv: Jump to dereg_mr label if allocate iu fails
regulator: pca9450: Add SD_VSEL GPIO for LDO5
regulator: pca9450: Clear PRESET_EN bit to fix BUCK1/2/3 voltage setting
regulator: pca9450: Enable system reset on WDOG_B assertion
regulator: qcom-rpmh: Correct the pmic5_hfsmps515 buck
Revert "net: bonding: fix error return code of bond_neigh_init()"
Revert "netfilter: x_tables: Switch synchronization to RCU"
Revert "netfilter: x_tables: Update remaining dereference to RCU"
Revert "PM: runtime: Update device status before letting suppliers suspend"
Revert "r8152: adjust the settings about MAC clock speed down for RTL8153"
Revert "xen: fix p2m size in dom0 for disabled memory hotplug case"
RISC-V: correct enum sbi_ext_rfence_fid
riscv: Correct SPARSEMEM configuration
s390/pci: fix leak of PCI device structure
s390/pci: refactor zpci_create_device()
s390/pci: remove superfluous zdev->zbus check
s390/qeth: schedule TX NAPI on QAOB completion
s390/vtime: fix increased steal time accounting
scsi: isci: Pass gfp_t flags in isci_port_bc_change_received()
scsi: isci: Pass gfp_t flags in isci_port_link_down()
scsi: isci: Pass gfp_t flags in isci_port_link_up()
scsi: libsas: Introduce a _gfp() variant of event notifiers
scsi: libsas: Remove notifier indirection
scsi: lpfc: Fix some error codes in debugfs
scsi: mpt3sas: Fix error return code of mpt3sas_base_attach()
scsi: mvsas: Pass gfp_t flags to libsas event notifiers
scsi: myrs: Fix a double free in myrs_cleanup()
scsi: pm8001: Neaten debug logging macros and uses
scsi: pm80xx: Fix pm8001_mpi_get_nvmd_resp() race condition
scsi: pm80xx: Make mpi_build_cmd locking consistent
scsi: pm80xx: Make running_req atomic
scsi: qedi: Fix error return code of qedi_alloc_global_queues()
scsi: Revert "qla2xxx: Make sure that aborted commands are freed"
scsi: ufs: ufs-mediatek: Correct operator & -> &&
scsi: ufs: ufs-qcom: Disable interrupt in reset path
selftests/bpf: Set gopt opt_class to 0 if get tunnel opt failed
selftests: forwarding: vxlan_bridge_1d: Fix vxlan ecn decapsulate value
selftests/net: fix warnings on reuseaddr_ports_exhausted
selinux: don't log MAC_POLICY_LOAD record on failed policy load
selinux: fix variable scope issue in live sidtab conversion
selinux: vsock: Set SID for socket returned by accept()
serial: stm32: fix DMA initialization error handling
smb3: fix cached file size problems in duplicate extents (reflink)
soc: ti: omap-prm: Fix occasional abort on reset deassert for dra7 iva
sparc64: Fix opcode filtering in handling of no fault loads
spi: cadence: set cqspi to the driver_data field of struct device
squashfs: fix inode lookup sanity checks
squashfs: fix xattr id and id lookup sanity checks
staging: rtl8192e: fix kconfig dependency on CRYPTO
static_call: Allow module use without exposing static_call_key
static_call: Fix static_call_set_init()
static_call: Fix static_call_update() sanity check
static_call: Fix the module key fixup
static_call: Pull some static_call declarations to the type headers
sun/niu: fix wrong RXMAC_BC_FRM_CNT_COUNT count
sunrpc: fix refcount leak for rpc auth modules
svcrdma: disable timeouts on rdma backchannel
tcp: relookup sock for RST+ACK packets handled by obsolete req sock
thunderbolt: Increase runtime PM reference count on DP tunnel discovery
thunderbolt: Initialize HopID IDAs in tb_switch_alloc()
tipc: better validate user input in tipc_nl_retrieve_key()
tty: serial: stm32-usart: Remove set but unused 'cookie' variables
u64_stats,lockdep: Fix u64_stats_init() vs lockdep
umem: fix error return code in mm_pci_probe()
usb: dwc3: gadget: Allow runtime suspend if UDC unbinded
usb: dwc3: gadget: Prevent EP queuing while stopping transfers
usb: gadget: configfs: Fix KASAN use-after-free
usbip: Fix incorrect double assignment to udc->ud.tcp_rx
usb-storage: Add quirk to defeat Kindle's automatic unload
usb: typec: Remove vdo[3] part of tps6598x_rx_identity_reg struct
usb: typec: tcpm: Invoke power_supply_changed for tcpm-source-psy-
veth: Store queue_mapping independently of XDP prog presence
vfio: IOMMU_API should be selected
vhost_vdpa: fix the missing irq_bypass_unregister_producer() invocation
vhost-vdpa: fix use-after-free of v->config_ctx
vhost-vdpa: set v->config_ctx to NULL if eventfd_ctx_fdget() fails
x86/apic/of: Fix CPU devicetree-node lookups
x86: Introduce TS_COMPAT_RESTART to fix get_nr_restart_syscall()
x86/ioapic: Ignore IRQ2 again
x86/mem_encrypt: Correct physical address calculation in __set_clr_pte_enc()
x86: Move TS_COMPAT back to asm/thread_info.h
xen-blkback: don't leak persistent grants from xen_blkbk_map()
xen/x86: make XEN_BALLOON_MEMORY_HOTPLUG_LIMIT depend on MEMORY_HOTPLUG
z3fold: prevent reclaim/free race for headless pages
zonefs: Fix O_APPEND async write handling
zonefs: fix to update .i_wr_refcnt correctly in zonefs_open_zone()
zonefs: prevent use of seq files as swap file

Updated by kernel-updater-bot (https://abf.io/mikhailnov/kernel-updater-bot)
2021-04-01 14:45:39 +03:00

1631 lines
53 KiB
RPMSpec
Raw Blame History

# _get_email() in %%build contains bashisms for regexping
%define _buildshell /bin/bash
# Prevent RPM scripts from stripping signatures,
# we strip binaries manually in %%build
%define __strip %(which true)
# brp-python-bytecompile uses /usr/bin/python,
# but it is a different python version in different ROSA
# releases; there is no good way to tell brp-python-bytecompile
# which iterpreter to use; so just disable it to avoid problems
%define _python_bytecompile_build 0
# Probably dwz bug, on i686 only file is not packaged:
# /usr/lib/debug/usr/bin/trace-5.4.40-3.i386.debug.#dwz#.b5xuKG
# dwz compresses only debuginfo from perf, cpupower, uml,
# not the kernel itself (because it is stripped not by RPM),
# so we do not loose much by disabling it.
%global _find_debuginfo_dwz_opts %{nil}
%define kernelversion 5
%define patchlevel 10
%define sublevel 27
# Release number. Increase this before a rebuild.
%define rpmrel 1
%define fullrpmrel %{rpmrel}
%define rpmtag %{disttag}
# fakerel and fakever never change, they are used to fool
# rpm/urpmi/smart and ensure the kernels are installed,
# not upgraded so old kernel is not overwritten or removed
%define fakever 1
%define fakerel %mkrel 1
# version defines
%define kversion %{kernelversion}.%{patchlevel}.%{sublevel}
%define kverrel %{kversion}-%{fullrpmrel}
%define tar_ver %{kernelversion}.%{patchlevel}
%ifarch %{ix86}
%define arch_suffix i586
%endif
%ifarch %{x86_64}
%define arch_suffix x86_64
%endif
%ifarch aarch64
%define arch_suffix arm64
%endif
%define buildrpmrel %{fullrpmrel}%{rpmtag}-%{arch_suffix}
%define buildrel %{kversion}-%{buildrpmrel}
# Add not only the build time generated key to the trusted keyring,
# but also add public keys of private ROSA's keys
%bcond_without additional_keys
# User Mode Linux, https://habr.com/ru/company/itsumma/blog/459558/
# Not buildable on aarch64
%ifarch %{x86_64}
%bcond_without uml
%else
%bcond_with uml
%endif
# "Nickel" is a special brand for certified distros
%if %{mdvver} == 201900 || %{mdvver} == 201905
%bcond_without nickel
# Require kernel modules to be signed
%bcond_without oblig_signed_modules
%else
%bcond_with nickel
%bcond_with oblig_signed_modules
%endif
%if %{mdvver} >= 201905
# Build binary out-of-tree kernel modules (experimental)
%bcond_without binary_extra_modules
# Sign kernel modules with GOST key (experimental)
%bcond_without gost_sign
%else
%bcond_with binary_extra_modules
%bcond_with gost_sign
%endif
%bcond_with ccache
%bcond_without flow_abi
# 1. VirtualBox is for x86_32 and x86_64 only
# 2. I do not know how to solve the problem that userspace part of VirtualBox
# will be updated ahead of these binary modules. So just off building them.
%bcond_with binary_virtualbox_host
# shredder-kernel works only on x86_64, makes manipulations with syscalls tables,
# loading/unloading of the module failed sometimes on kernel 5.4
# and it has not been adapted for kernel 5.10 (is not buildable)
%bcond_with binary_shredder
# Kernel flavour
%if %{with nickel}
%define flavour nickel
%else
%define flavour generic
%endif
# The full kernel version
%define kver_full %{kversion}-%{flavour}-%{buildrpmrel}
############################################################################
%define top_dir_name kernel-%{_arch}
%define build_dir ${RPM_BUILD_DIR}/%{top_dir_name}
%define src_dir %{build_dir}/linux-%{tar_ver}
# Common target directories
%define _bootdir /boot
%define _modulesdir /lib/modules
%define devel_root /usr/src/linux-%{kver_full}
# Directories needed for building
%define temp_root %{build_dir}/temp-root
%define temp_boot %{temp_root}%{_bootdir}
%define temp_modules %{temp_root}%{_modulesdir}
%define temp_devel_root %{temp_root}%{devel_root}
# Directories definition needed for installing
%define target_boot %{buildroot}%{_bootdir}
%define target_modules %{buildroot}%{_modulesdir}
# Manual control of creating and deleting keys
# "rnd" is "random" and means that a key pair is generated at build time
# and is not saved anywhere.
%define certs_dir_rnd certs
%define certs_signing_key_priv_rnd %{certs_dir_rnd}/signing_key_priv.key
%define certs_signing_der %{certs_dir_rnd}/signing_key.x509
%define certs_key_config_rnd %{certs_dir_rnd}/x509.genkey
%define certs_public_keys %{certs_dir_rnd}/public.pem
%define certs_verify_tmp %{certs_dir_rnd}/verify.tmp
############################################################################
# Build defines
%define build_doc 0
%define build_devel 1
%define build_debug 1
# Build kernel-headers package
# Headers from LTS kernel 5.4 are default in rosa2019.1/05 for now
# and headers from 4.15 are default in rosa2016.1
%define build_headers 0
# build perf and cpupower tools
%if %{mdvver} > 201610
%define build_perf 1
%define build_cpupower 1
%else
# This is not the main kernel in rosa2016.1
# This one will be in contrib, not main, in rosa2016.1
%define build_perf 0
%define build_cpupower 0
%endif
# compress modules with xz
%define build_modxz 1
# End of user definitions
# buildtime flags
%{?_without_doc: %global build_doc 0}
%{?_without_devel: %global build_devel 0}
%{?_without_debug: %global build_debug 0}
%{?_without_perf: %global build_perf 0}
%{?_without_cpupower: %global build_cpupower 0}
%{?_without_modxz: %global build_modxz 0}
%{?_with_doc: %global build_doc 1}
%{?_with_devel: %global build_devel 1}
%{?_with_debug: %global build_debug 1}
%{?_with_perf: %global build_perf 1}
%{?_with_cpupower: %global build_cpupower 1}
%{?_with_modxz: %global build_modxz 1}
%if %{build_modxz}
%define kmod_suffix .xz
%else
%define kmod_suffix .gz
%endif
%if !%{build_debug}
# Disable debug rpms.
%define _enable_debug_packages %{nil}
%define debug_package %{nil}
%endif
# http://nickdesaulniers.github.io/blog/2018/06/02/speeding-up-linux-kernel-builds-with-ccache/
%if %{with ccache}
%define kmake KBUILD_BUILD_TIMESTAMP='' %make CC='ccache gcc' ARCH="%{arch_type}"
%else
%define kmake %make CC='gcc' ARCH="%{arch_type}"
%endif
# there are places where parallel make don't work
%define smake make
%ifarch %{ix86} %{x86_64}
%define arch_type x86
%endif
%ifarch aarch64
%define arch_type arm64
%endif
# Parallelize xargs invocations on smp machines
%define kxargs xargs %([ -z "$RPM_BUILD_NCPUS" ] \\\
&& RPM_BUILD_NCPUS="`/usr/bin/getconf _NPROCESSORS_ONLN`"; \\\
[ "$RPM_BUILD_NCPUS" -gt 1 ] && echo "-P $RPM_BUILD_NCPUS")
#
# SRC RPM description
#
Summary: The Linux kernel
Name: kernel
Version: %{kversion}
Release: %{fullrpmrel}
License: GPLv2
Group: System/Kernel and hardware
URL: http://www.kernel.org
####################################################################
#
# Sources
#
Source0: https://cdn.kernel.org/pub/linux/kernel/v%{kernelversion}.x/linux-%{tar_ver}.tar.xz
# This is for disabling *config, mrproper, prepare, scripts on -devel rpms
# Needed, because otherwise the -devel won't build correctly.
Source2: 0001-disable-mrproper-prepare-scripts-configs-in-devel-rp.patch
# TODO: make a separate package "ksobirator" and BR it
# after testing these macros properly
Source3: macros.ksobirator
%{load:%{SOURCE3}}
# Kernel configuration files.
Source111: kernel-x86_64.config
Source112: kernel-i586.config
Source113: kernel-arm64.config
# Cpupower: the service, the config, etc.
Source50: cpupower.service
Source51: cpupower.config
Source52: cpupower-start.sh
Source53: cpupower.path
Source80: kernel.rpmlintrc
# Additional keys that can be used to sign kernel modules
# Generated by https://abf.io/soft/kernel-keys
# Source201..206: public_key_GOST_*.pem
%{expand:%(for i in `seq 1 6`; do echo "Source$((200+${i})): public_key_GOST_${i}.pem"; done)}
# Source207..212: public_key_RSA_*.pem
%{expand:%(for i in `seq 7 12`; do echo "Source$((200+${i})): public_key_RSA_${i}.pem"; done)}
####################################################################
# Patches
# The patch to make kernel x.y.z from x.y.0.
Patch1: https://cdn.kernel.org/pub/linux/kernel/v%{kernelversion}.x/patch-%{kversion}.xz
# Patches from mainline
# none
# ROSA-specific patches
# Perf docs are built after all the kernels. To validate the xml files
# generated during that process, xmlto tries to get DTD files from the Net.
# If it fails, the whole build fails, which is unfortunate. Let us avoid
# this.
Patch101: 0001-perf-skip-xmlto-validation.patch
# http://bugs.rosalinux.ru/show_bug.cgi?id=6235
# http://bugs.rosalinux.ru/show_bug.cgi?id=6459
Patch102: 0001-audit-make-it-less-verbose.patch
# AUFS 5 from http://aufs.sourceforge.net/
Patch109: 0001-Apply-AUFS-5.patch
# Unofficial AUFS for kernel 5.10
# https://sourceforge.net/projects/lxpup/files/Other/huge-kernels/kernel-5.10-aufs-changes/
Patch110: aufs-k510.diff
# For kmod() generator of RPM Provides
# Changes version of aacraid.ko
Patch111: 0001-Remove-RPM-illegal-chars-from-module-version.patch
# AltHa LSM Module
# https://www.altlinux.org/AltHa
# http://git.altlinux.org/gears/k/kernel-image-un-def.git
# TODO: known problem: https://bugzilla.altlinux.org/show_bug.cgi?id=38225
Patch201: 0001-AltHa-LSM-module.patch
Patch202: 0002-Documentation-for-AltHa-LSM.patch
Patch203: 0003-security-altha-altha_lsm.c-build-fixed-with-kernel-5.patch
Patch204: 0004-altha-use-path-strings-instead-of-path-structs.patch
# sent to upstream, https://patchwork.kernel.org/patch/11446123/
Patch302: 0001-sign-file-full-functionality-with-modern-LibreSSL.patch
# Support loading GOST-signed modules
Patch305: 0001-crypto-support-loading-GOST-signed-kernel-modules.patch
# Allow to off modules signature check dynamically
Patch306: 0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch
# Experimental patch to reduce freezes in low memory conditions
# Config values are the following:
# CONFIG_UNEVICTABLE_ACTIVEFILE=y
# CONFIG_UNEVICTABLE_ACTIVEFILE_KBYTES_LOW=102400 (100 MB)
# CONFIG_UNEVICTABLE_ACTIVEFILE_KBYTES_MIN=51200 (50 MB)
# + zswap is enabled by default
# 50 MB is default value of min_filelist_kbytes in Chromium OS
# https://chromium.googlesource.com/chromiumos/third_party/kernel-next/+/545e2917dbd863760a51379de8c26631e667c563%5E!/
# 256 and 512 MB values are too big as a distro default because many systems have 512MB-2GB RAM
# TODO: tune 50 and 100 MB to some not random and mathemetically explainable values
# https://www.linux.org.ru/news/kernel/16052362?cid=16075323
Patch307: le9pf.diff
Patch308: 0001-Revert-kallsyms-unexport-kallsyms_lookup_name-and-ka.patch
# Disable AutoReq
AutoReq: 0
# but keep autoprov for kmod(xxx)
AutoProv: 1
BuildRequires: bash
BuildRequires: bc
BuildRequires: binutils
BuildRequires: gcc
# ./scripts/mkcompile_h
# in net-tools in rosa2016.1, already installed
%if %{mdvver} > 201610
BuildRequires: hostname
%endif
# For power tools
BuildRequires: pkgconfig(ncurses)
BuildRequires: kmod-devel kmod-compat
BuildRequires: bison
BuildRequires: flex
BuildRequires: bzip2
BuildRequires: rsync
%ifarch x86_64 aarch64
BuildRequires: numa-devel
%endif
# for perf, cpufreq and all other tools
# for cpupower
%if %{build_cpupower}
BuildRequires: pciutils-devel
%endif
# for perf
%if %{build_perf}
BuildRequires: asciidoc
BuildRequires: audit-devel
BuildRequires: binutils-devel
BuildRequires: elfutils-devel
BuildRequires: libunwind-devel
BuildRequires: newt-devel
BuildRequires: perl-devel
BuildRequires: python3
BuildRequires: pkgconfig(python3)
BuildRequires: xmlto
BuildRequires: zlib-devel
BuildRequires: pkgconfig(libcrypto)
%endif
%if %{with uml}
BuildRequires: vde-devel
%endif
# (To generate keys)
# LibreSSL has GOST support without editing openssl.cnf
# or dlopen()-ing external library
BuildRequires: libressl libressl-devel
# To verify signatures (find, xargs, hexdump)
BuildRequires: findutils util-linux
%if %{with binary_extra_modules}
BuildRequires: kernel-source-rtl8821ce
BuildRequires: kernel-source-tripso
%if %{with binary_virtualbox_host}
BuildRequires: kernel-source-virtualbox
%endif
%if %{with binary_shredder}
BuildRequires: kernel-source-shredder-kernel
%endif
# rosa-test-suite is maintained in certified branches only
# nlkm, memfreetest, pcietest
%if %{with nickel}
BuildRequires: kernel-source-rosa-test-suite
%endif
%endif #with binary_extra_modules
%if %{with ccache}
BuildRequires: ccache
%endif
# might be useful too:
Recommends: microcode
%description
The kernel package contains the Linux kernel (vmlinuz), the core of your
operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
############################################################################
%package -n kernel-%{flavour}-%{buildrel}
Version: %{fakever}
Release: %{fakerel}
Provides: kernel = %{kverrel}
Provides: kernel = %{kernelversion}.%{patchlevel}
Provides: kernel-%{flavour} = %{kverrel}
Provides: alsa = 1.0.27
Provides: should-restart = system
Requires(post): dracut
Requires(post): kmod
# Usually necessary, but sometimes user may want to not install them
Recommends: linux-firmware
Recommends: wireless-regdb
Recommends: crda
%if %{with flow_abi}
Requires: kernel-%{kernelversion}.%{patchlevel}-rosa-flow-abi
%endif
# Set BFQ as default scheduler for HDDs
# https://www.phoronix.com/scan.php?page=article&item=linux-50hdd-io
Recommends: udev-rules-ioschedulers
# Keep these deps on old platforms
# but get rid of puling gcc etc. by the kernel on newer platforms
%if %{build_devel} && %{mdvver} < 201900
Requires: kernel-%{flavour}-devel-%{buildrel}
Requires(post): kernel-%{flavour}-devel-%{buildrel}
%endif
%ifarch %{ix86}
Conflicts: arch(x86_64)
%endif
Summary: A general-purpose Linux Kernel
Group: System/Kernel and hardware
%description -n kernel-%{flavour}-%{buildrel}
The kernel package contains the Linux kernel (vmlinuz), the core of your
operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc. This is a general-purpose kernel.
%post -n kernel-%{flavour}-%{buildrel}
# We always regenerate initrd here, even if it already exists. This may
# happen if kernel-<...>-devel is installed first, triggers rebuild of
# DKMS modules and some of these request remaking of initrd. The initrd
# that is created then will be non-functional. But when the user installs
# kernel-<...> package, that defunct initrd will be replaced with a working
# one here.
#
# depmod is also needed, because some DKMS-modules might have been installed
# when the devel package was installed but that was before the main modules
# were installed.
# This is also the reason the devel package is in Requires(post) for this
# package now: it must be installed completely before we call depmod here.
/sbin/depmod -a %{kver_full}
/sbin/dracut -f /boot/initrd-%{kver_full}.img %{kver_full}
# File triggers from grub packages will handle this.
#/usr/sbin/update-grub2
%postun -n kernel-%{flavour}-%{buildrel}
rm -f /boot/initrd-%{kver_full}.img
rm -f /boot/initrd-%{kver_full}_old.img
rm -f /boot/initrd-%{kver_full}kdump.img
rm -f /boot/initramfs-%{kver_full}kdump.img
# Third-party modules might have left something in /lib/modules/.../kernel/.
rm -rf /lib/modules/%{kver_full}/kernel/
rm -rf /lib/modules/%{kver_full}/modules*
# Remove /lib/modules/<...>/ if it is empty (-devel uses it too).
find /lib/modules/%{kver_full} -maxdepth 0 -empty -exec rm -rf {} \; || true
%files -n kernel-%{flavour}-%{buildrel} -f kernel_files.%{flavour}
############################################################################
%if %build_devel
%package -n kernel-%{flavour}-devel-%{buildrel}
Version: %{fakever}
Release: %{fakerel}
Summary: Development files for kernel-%{flavour}-%{buildrel}
Group: Development/Kernel
Requires: glibc-devel
Requires: ncurses-devel
Requires: make
Requires: gcc
Requires: perl
Provides: kernel-devel = %{kverrel}
Provides: kernel-%{flavour}-devel = %{kverrel}
%ifarch %{ix86}
Conflicts: arch(x86_64)
%endif
%description -n kernel-%{flavour}-devel-%{buildrel}
This package contains the kernel files (headers and build tools)
that should be enough to build additional drivers for
use with kernel-%{flavour}-%{buildrel}.
%post -n kernel-%{flavour}-devel-%{buildrel}
if command -v dkms_autoinstaller >/dev/null 2>&1; then
dkms_autoinstaller start %{kver_full}
fi
%preun -n kernel-%{flavour}-devel-%{buildrel}
# If any DKMS modules with REMAKE_INITRD=yes in their configs have been
# uninstalled, initrd has been regenerated for the given kernel. However,
# the kernel itself might have been uninstalled before, so that (defunct)
# initrd image files would be left behind. Remove them if the kernel itself
# is no longer installed. Should work if they are uninstalled in parallel
# too.
if ! test -f /boot/vmlinuz-%{kver_full}; then
rm -f /boot/initrd-%{kver_full}.img
rm -f /boot/initrd-%{kver_full}_old.img
fi
if ! command -v dkms >/dev/null 2>&1; then exit 0; fi
for ii in $(/usr/sbin/dkms status -k %{kver_full} | awk '{ print $1 $2; }'); do
mod=$(echo $ii | awk -v FS=',' '{ print $1; }')
ver=$(echo $ii | awk -v FS=',' '{ print $2; }')
/usr/sbin/dkms --rpm_safe_upgrade uninstall -m $mod -v $ver -k %{kver_full} || :
done
%postun -n kernel-%{flavour}-devel-%{buildrel}
rm -rf /usr/src/linux-%{kver_full} >/dev/null
# depmod (called when removing DKMS modules) might have created files in
# /lib/modules/.../. Remove these first.
rm -rf /lib/modules/%{kver_full}/modules*
# Remove the dir if it is already empty.
find /lib/modules/%{kver_full} -maxdepth 0 -empty -exec rm -rf {} \; || true
%files -n kernel-%{flavour}-devel-%{buildrel}
%{devel_root}/Documentation
%dir %{devel_root}
%dir %{devel_root}/arch
%dir %{devel_root}/include
%{devel_root}/arch/um
%{devel_root}/arch/x86
%{devel_root}/arch/arm
%{devel_root}/arch/arm64
%{devel_root}/block
%{devel_root}/certs
%{devel_root}/crypto
%{devel_root}/drivers
%{devel_root}/fs
%{devel_root}/include/soc
%{devel_root}/include/acpi
%{devel_root}/include/asm-generic
%{devel_root}/include/clocksource
%{devel_root}/include/config
%{devel_root}/include/crypto
%{devel_root}/include/drm
%{devel_root}/include/dt-bindings
%{devel_root}/include/generated
%{devel_root}/include/keys
%{devel_root}/include/kvm
%{devel_root}/include/kunit
%{devel_root}/include/linux
%{devel_root}/include/math-emu
%{devel_root}/include/media
%{devel_root}/include/memory
%{devel_root}/include/misc
%{devel_root}/include/net
%{devel_root}/include/pcmcia
%{devel_root}/include/ras
%{devel_root}/include/rdma
%{devel_root}/include/scsi
%{devel_root}/include/sound
%{devel_root}/include/target
%{devel_root}/include/trace
%{devel_root}/include/uapi
%{devel_root}/include/vdso
%{devel_root}/include/video
%{devel_root}/include/xen
%{devel_root}/init
%{devel_root}/ipc
%{devel_root}/kernel
%{devel_root}/lib
%{devel_root}/mm
%{devel_root}/net
%{devel_root}/samples
%{devel_root}/scripts
%{devel_root}/security
%{devel_root}/sound
%{devel_root}/tools
%{devel_root}/usr
%{devel_root}/virt
%{devel_root}/.config
%{devel_root}/Kbuild
%{devel_root}/Kconfig
%{devel_root}/Makefile
%{devel_root}/Module.symvers
%{devel_root}/arch/Kconfig
%{_modulesdir}/%{kver_full}/build
%{_modulesdir}/%{kver_full}/source
%endif
############################################################################
%if %build_debug
%package -n kernel-%{flavour}-%{buildrel}-debuginfo
Version: %{fakever}
Release: %{fakerel}
Summary: Debuginfo for kernel-%{flavour}-%{buildrel}
Group: Development/Debug
Provides: kernel-debug = %{kverrel}
%ifarch %{ix86}
Conflicts: arch(x86_64)
%endif
%description -n kernel-%{flavour}-%{buildrel}-debuginfo
This package contains the files with debuginfo for kernel-%{flavour}-%{buildrel}.
%files -n kernel-%{flavour}-%{buildrel}-debuginfo -f kernel_debug_files.%{flavour}
%endif
############################################################################
%package -n kernel-%{flavour}-%{kernelversion}.%{patchlevel}-latest
Version: %{kversion}
Release: %{fullrpmrel}
Summary: Meta package for the latest kernel-%{flavour} in %{kernelversion}.%{patchlevel} series
Group: System/Kernel and hardware
Requires: kernel-%{flavour}-%{buildrel}
%ifarch %{ix86}
Conflicts: arch(x86_64)
%endif
%description -n kernel-%{flavour}-%{kernelversion}.%{patchlevel}-latest
This meta package aims to make sure you always have the
latest kernel-%{flavour} %{kernelversion}.%{patchlevel}.x installed.
%files -n kernel-%{flavour}-%{kernelversion}.%{patchlevel}-latest
# no files
############################################################################
%if %build_devel
%package -n kernel-%{flavour}-%{kernelversion}.%{patchlevel}-devel-latest
Version: %{kversion}
Release: %{fullrpmrel}
Summary: Meta package for the latest kernel-%{flavour}-devel in %{kernelversion}.%{patchlevel} series
Group: Development/Kernel
Requires: kernel-%{flavour}-devel-%{buildrel}
Provides: kernel-devel-latest
%ifarch %{ix86}
Conflicts: arch(x86_64)
%endif
%description -n kernel-%{flavour}-%{kernelversion}.%{patchlevel}-devel-latest
This meta package aims to make sure you always have the
latest kernel-%{flavour}-devel %{kernelversion}.%{patchlevel}.x installed.
%files -n kernel-%{flavour}-%{kernelversion}.%{patchlevel}-devel-latest
# no files
%endif
############################################################################
%if %build_doc
%package -n kernel-doc
Version: %{kversion}
Release: %{fullrpmrel}
Summary: Various documentation bits found in the kernel source
Group: Documentation
Buildarch: noarch
%description -n kernel-doc
This package contains documentation files from the kernel source.
%files -n kernel-doc
%doc linux-%{tar_ver}/Documentation/*
%endif
############################################################################
%if %{build_perf}
%package -n perf
Version: %{kversion}
Release: %{fullrpmrel}
Summary: perf tool and the supporting documentation
Group: System/Kernel and hardware
%description -n perf
The package contains perf tool and the supporting documentation.
%files -n perf
%{_bindir}/perf
%ifarch x86_64
%{_bindir}/perf-read-vdso32
%endif
%{_bindir}/trace
%dir %{_prefix}/libexec/perf-core
%dir %{_libdir}/traceevent
%dir %{_libdir}/traceevent/plugins
%{_libdir}/traceevent/plugins/*
%{_prefix}/libexec/perf-core/*
%{_mandir}/man[1-8]/perf*
%{_sysconfdir}/bash_completion.d/perf
%{_datadir}/perf-core/strace/groups/*
%{_datadir}/doc/perf-tip/*.txt
/usr/lib/perf/examples/bpf/*
/usr/lib/perf/include/bpf/*
%endif
############################################################################
%if %{build_cpupower}
%package -n cpupower
Version: %{kversion}
Release: %{fullrpmrel}
Summary: The cpupower tools
Group: System/Kernel and hardware
Requires(post): rpm-helper >= 0.24.0-3
Requires(preun): rpm-helper >= 0.24.0-3
Obsoletes: cpufreq < 3.0
Obsoletes: cpufrequtils < 10.0
%description -n cpupower
The cpupower tools.
%post -n cpupower
if [ $1 -ge 0 ]; then
# Do not enable/disable cpupower.service directly, because it should start
# when cpupower.path triggers it.
/bin/systemctl enable cpupower.path >/dev/null 2>&1 || :
/bin/systemctl start cpupower.path >/dev/null 2>&1 || :
fi
%preun -n cpupower
if [ $1 -eq 0 ]; then
/bin/systemctl --no-reload disable cpupower.path > /dev/null 2>&1 || :
/bin/systemctl stop cpupower.path > /dev/null 2>&1 || :
fi
%files -n cpupower -f cpupower.lang
%{_bindir}/cpupower
%{_bindir}/cpupower-start.sh
%{_libdir}/libcpupower.so.0
%{_libdir}/libcpupower.so.0.0.1
%{_unitdir}/cpupower.service
%{_unitdir}/cpupower.path
%{_datadir}/bash-completion/completions/cpupower
%{_mandir}/man[1-8]/cpupower*
%config(noreplace) %{_sysconfdir}/sysconfig/cpupower
############################################################################
%package -n cpupower-devel
Version: %{kversion}
Release: %{fullrpmrel}
Summary: Development files for cpupower
Group: Development/Kernel
Requires: cpupower = %{kversion}-%{fullrpmrel}
Conflicts: %{_lib}cpufreq-devel
%description -n cpupower-devel
This package contains the development files for cpupower.
%files -n cpupower-devel
%{_libdir}/libcpupower.so
%{_includedir}/cpufreq.h
%{_includedir}/cpuidle.h
%endif
############################################################################
%if %{build_headers}
%package headers
Version: %kversion
Release: %fullrpmrel
Summary: Linux kernel header files mostly used by your C library
Group: System/Kernel and hardware
Epoch: 1
Provides: linux-userspace-headers = %{EVRD}
Provides: kernel-release-headers = %{EVRD}
%description headers
C header files from the Linux kernel. The header files define
structures and constants that are needed for building most
standard programs, notably the C library.
This package is not suitable for building kernel modules, you
should use the 'kernel-devel' package instead.
%files headers
%{_includedir}/*
# Don't conflict with cpupower-devel
%if %{build_cpupower}
%exclude %{_includedir}/cpufreq.h
%exclude %{_includedir}/cpuidle.h
%endif
%endif
############################################################################
%if %{with uml}
%package -n kernel-uml-%{flavour}-%{buildrel}
Version: %{fakever}
Release: %{fakerel}
Provides: kernel-uml = %{kverrel}
Provides: kernel-uml-%{flavour} = %{kverrel}
Summary: User Mode Linux binary
Group: System/Kernel and hardware
%description -n kernel-uml-%{flavour}-%{buildrel}
User Mode Linux binary.
Stripped, debug is in kernel-%{flavour}-%{buildrel}-debuginfo.
%files -n kernel-uml-%{flavour}-%{buildrel}
%{_bindir}/linux-uml-%{kver_full}
#------------------------------------------------
%package -n kernel-uml-modules-%{flavour}-%{buildrel}
Version: %{fakever}
Release: %{fakerel}
Provides: kernel-uml-modules = %{kverrel}
Provides: kernel-uml-modules-%{flavour} = %{kverrel}
Summary: User Mode Linux (UML) kernel modules
Group: System/Kernel and hardware
%description -n kernel-uml-modules-%{flavour}-%{buildrel}
User Mode Linux (UML) kernel modules
- not compressed
- not stripped
- signed
%files -n kernel-uml-modules-%{flavour}-%{buildrel}
/lib/modules-uml/%{kver_full}
#------------------------------------------------
%package -n kernel-uml-%{flavour}-%{kernelversion}.%{patchlevel}-latest
Version: %{kversion}
Release: %{fullrpmrel}
Summary: Meta package for the latest kernel-uml-%{flavour} in %{kernelversion}.%{patchlevel} series
Group: System/Kernel and hardware
Requires: kernel-uml-%{flavour}-%{buildrel}
%ifarch %{ix86}
Conflicts: arch(x86_64)
%endif
%description -n kernel-uml-%{flavour}-%{kernelversion}.%{patchlevel}-latest
This meta package aims to make sure you always have the
latest kernel-uml-%{flavour} %{kernelversion}.%{patchlevel}.x
(User Mode Linux binary) installed.
%files -n kernel-uml-%{flavour}-%{kernelversion}.%{patchlevel}-latest
# no files
#------------------------------------------------
%package -n kernel-uml-modules-%{flavour}-%{kernelversion}.%{patchlevel}-latest
Version: %{kversion}
Release: %{fullrpmrel}
Summary: Meta package for the latest kernel-uml-modules-%{flavour} in %{kernelversion}.%{patchlevel} series
Group: System/Kernel and hardware
Requires: kernel-uml-modules-%{flavour}-%{buildrel}
%ifarch %{ix86}
Conflicts: arch(x86_64)
%endif
%description -n kernel-uml-modules-%{flavour}-%{kernelversion}.%{patchlevel}-latest
This meta package aims to make sure you always have the
latest kernel-uml-modules-%{flavour} %{kernelversion}.%{patchlevel}.x
(User Mode Linux kernel modules) installed.
%files -n kernel-uml-modules-%{flavour}-%{kernelversion}.%{patchlevel}-latest
# no files
#------------------------------------------------
%endif #endif uml
#------------------------------------------------
%if %{with binary_extra_modules}
%ksob_mk_module_pkg -n 8821ce -s net/wireless -r rtl8821ce-blacklist
%ksob_mk_module_pkg -n xt_TRIPSO -s net -r tripso
%if %{with binary_shredder}
%ksob_mk_module_pkg -n shredder-kernel -s extra -r rosa-shredder-user
%endif
#------------------------------------------------
# virtualbox host
%if %{with binary_virtualbox_host}
%ksob_mk_module_pkg -n vboxnetflt -s misc
%ksob_mk_module_pkg -n vboxnetadp -s misc
%ksob_mk_module_pkg -n vboxdrv -s misc
%ksob_mk_module_pkg -n vboxpci -s misc
# a package which will pull all those modules
%package -n kernel-modules-virtualbox-host-%{flavour}-%{kernelversion}.%{patchlevel}-latest
Summary: Meta package to pull VirtualBox host kernel modules for kernel-%{flavour}-%{kernelversion}.%{patchlevel}
Group: System/Kernel and hardware
Version: %{kversion}
Release: %{fullrpmrel}
Requires: kernel-module-vboxnetflt-%{flavour}-%{buildrel}
Requires: kernel-module-vboxnetadp-%{flavour}-%{buildrel}
Requires: kernel-module-vboxdrv-%{flavour}-%{buildrel}
Requires: kernel-module-vboxpci-%{flavour}-%{buildrel}
%description -n kernel-modules-virtualbox-host-%{flavour}-%{kernelversion}.%{patchlevel}-latest
Meta package to pull VirtualBox host kernel modules for kernel-%{flavour}-%{kernelversion}.%{patchlevel}
%files -n kernel-modules-virtualbox-host-%{flavour}-%{kernelversion}.%{patchlevel}-latest
# empty
%endif #ifarch x86
#------------------------------------------------
%if %{with nickel}
%ksob_mk_module_pkg -n nlkm -s misc
%ksob_mk_module_pkg -n memfreetest -s misc
%ksob_mk_module_pkg -n pcietest -s misc
%endif
%endif #binary_extra_modules
############################
%if %{with flow_abi}
%package -n kernel-%{kernelversion}.%{patchlevel}-rosa-flow-abi
Summary: Directory to install third-party binary kernel modules for kernels %{kernelversion}.%{patchlevel}.x
Group: System/Kernel and hardware
%description -n kernel-%{kernelversion}.%{patchlevel}-rosa-flow-abi
This package contains a directory to install third-party binary kernel modules for kernels %{kernelversion}.%{patchlevel}.x.
Some vendors provide binary-only kernel modules. They can put them into /lib/modules/%{kernelversion}.%{patchlevel}-rosa-flow-abi.
kmod tools will find them for kernels 5.4.x of "generic" and "nickel" flavours,
but there is no guarantee that these modules will load and work correctly on newer
or older kernels then the ones they were build against.
We call this "flow ABI" because most ABIs are not changed between %{kernelversion}.%{patchlevel}.x releases,
but there are no specific guarantees. ABI may evolve and change.
We highly recommend to use DKMS and build third-party kernel modules from source for every kernel!
This package does nothing, just owns a directory for third-party binary kernel modules.
%files -n kernel-%{kernelversion}.%{patchlevel}-rosa-flow-abi
/lib/modules/%{kernelversion}.%{patchlevel}-rosa-flow-abi
%endif #with flow_abi
################################################
%prep
%setup -q -n %top_dir_name -c
%if %{with uml}
cp -r %{src_dir} %{src_dir}.uml
%endif
cd %src_dir
%autopatch -p1
#
# Setup Begin
#
# Kernel configuration
echo "Creating the kernel configuration file."
# Configs
cp %{SOURCE111} .
cp %{SOURCE112} .
cp %{SOURCE113} .
cp kernel-%{arch_suffix}.config .config
touch %{build_dir}/.config.append
# get rid of unwanted files
find . -name '*~' -o -name '*.orig' -o -name '*.append' -delete
# wipe all .gitignore/.get_maintainer.ignore files
find . -name "*.g*ignore" -delete
# Enable debug info if requested.
sed -i '/CONFIG_DEBUG_INFO/d' .config
%if %build_debug
echo 'CONFIG_DEBUG_INFO=y' >> %{build_dir}/.config.append
echo 'CONFIG_DEBUG_INFO_DWARF4=y' >> %{build_dir}/.config.append
echo 'CONFIG_GDB_SCRIPTS=y' >> %{build_dir}/.config.append
%else
echo 'CONFIG_DEBUG_INFO=n' >> %{build_dir}/.config.append
%endif
sed -i '/CONFIG_MODULE_SIG_FORCE/d' .config
%if %{with oblig_signed_modules}
# Disallow loading not signed modules
# But 0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch allows to override this in cmdline
echo CONFIG_MODULE_SIG_FORCE=y >> %{build_dir}/.config.append
%else
echo CONFIG_MODULE_SIG_FORCE=n >> %{build_dir}/.config.append
%endif
sed -i '/CONFIG_MODULE_SIG_KEY/d' .config
# Set path to the key that will be generated later by openssl/libressl
echo CONFIG_MODULE_SIG_KEY=\"%{certs_signing_key_priv_rnd}\" >> %{build_dir}/.config.append
# Set path to one PEM file with all keys that the kernel must trust
sed -i '/CONFIG_SYSTEM_TRUSTED_KEYS/d' .config
echo CONFIG_SYSTEM_TRUSTED_KEYS=\"%{certs_public_keys}\" >> %{build_dir}/.config.append
# Memory wiping
# Introduced in kernel 5.3 by commit 6471384af2a6530696fc0203bafe4de41a23c9ef
# Estimated performance impact is described in the commit
# "Fill newly allocated pages and heap objects with zeroes."
# To enable, add to cmdline: init_on_alloc=1
sed -i '/CONFIG_INIT_ON_ALLOC_DEFAULT_ON/d' .config
echo CONFIG_INIT_ON_ALLOC_DEFAULT_ON=n >> %{build_dir}/.config.append
# "Fill freed pages and heap objects with zeroes"
# To disable, add to cmdline: init_on_free=0
sed -i '/CONFIG_INIT_ON_FREE_DEFAULT_ON/d' .config
%if %{with nickel}
echo CONFIG_INIT_ON_FREE_DEFAULT_ON=y >> %{build_dir}/.config.append
%else
echo CONFIG_INIT_ON_FREE_DEFAULT_ON=n >> %{build_dir}/.config.append
%endif
# Here enabling only either only init_on_free or only init_on_alloc
# makes sense; init_on_alloc is not about protecting information.
# To load kernel keyring in UML
for i in STREEBOG SHA1 SHA256 SHA512 ECRDSA RSA ; do
if ! grep -q "^CONFIG_CRYPTO_${i}=y$" .config; then
sed -i "/CONFIG_CRYPTO_${i}/d" .config
echo "CONFIG_CRYPTO_${i}=y" >> %{build_dir}/.config.append
fi
done
cat %{build_dir}/.config.append >> .config
# Store the config file in the appropriate directory.
CONFIG_DIR=arch/%{arch_type}/configs
mkdir -p "${CONFIG_DIR}"
cfg_file=arch/%{arch_type}/configs/%{arch_suffix}_defconfig-%{flavour}
make ARCH=%{arch_type} oldconfig && \
mv .config ${cfg_file}
echo "Created ${cfg_file}."
# make sure the kernel has the sublevel we know it has...
LC_ALL=C sed -ri "s/^SUBLEVEL.*/SUBLEVEL = %{sublevel}/" Makefile
# get rid of unwanted files
find . -name '*~' -o -name '*.orig' -o -name '*.append' | %kxargs rm -f
find . -name '.get_maintainer.ignore' | %kxargs rm -f
############################################################################
%build
# Ensure that build time generated private keys don't get published
# as e.g. "RPM build root" on ABF!
# Note that ABF sends SIGKILL to rpm-build.sh when the build is terminated;
# in this case trap will not work, but RPM build root also will not be
# saved because rpm-build.sh saves it, but it is SIGKILLed.
# For best security we could store private keys in RAM (not reachable from
# filesystem, so not in /tmp!) and override sth like fopen() by LD_PRELOAD
# to give the content of keys from RAM when a virtual address of a key file
# is accessed, but currently I don't know how to implement this (TODO: ).
_cleanup(){
# Show resulting kernel public keys for debugging
cat "%{src_dir}/%{certs_dir_rnd}/x509_certificate_list" | base64 -d || :
rm -fvr "%{src_dir}/%{certs_dir_rnd}"
%if %{with uml}
cat "%{src_dir}.uml/%{certs_dir_rnd}/x509_certificate_list" | base64 -d || :
rm -fvr "%{src_dir}.uml/%{certs_dir_rnd}"
%endif
}
# Make a trap to delete keys even if %%build fails in the middle
trap "_cleanup" EXIT
rm -rf %{temp_root}
install -d %{temp_root}
cd %src_dir
### Keys for signing kernel modules
# Keys can be generated both manually and automatically,
# let's generate them by ourselves to take full control of the process
# https://www.ibm.com/support/knowledgecenter/en/SSB23S_1.1.0.13/gtps7/cfgcert.html
# See also certs/Makefile in kernel source
mkdir -p "%{certs_dir_rnd}"
# On ABF, %%packager == $username <$email>
# Try to extract email from %%packager if it is set
_get_email(){
# Check that macro %%packager was set and is not empty
if echo '%{packager}' | grep -q 'packager}$' || [ -z "%{packager}" ]
# If was not set or is empty, use default email
then echo 'rpmbuild@rosa.unknown' && return
# Otherwise try to extract email from 'name <email>' or sth else
else temp="$(echo '%{packager}' | tr '[:upper:]' '[:lower:]' | tr ' ' '\n' | tr -d '<>' | grep -E '@.*\..*' | head -n 1)"
fi
# Validate that what we have now is a valid email
# https://stackoverflow.com/a/2138832, https://stackoverflow.com/a/41192733
# Note that we set %%_buildshell to /bin/bash to guarantee the work of this bashism
regex_email="^[a-z0-9!#\$%&'*+/=?^_\`{|}~-]+(\.[a-z0-9!#$%&'*+/=?^_\`{|}~-]+)*@([a-z0-9]([a-z0-9-]*[a-z0-9])?\.)+[a-z0-9]([a-z0-9-]*[a-z0-9])?\$"
if [[ "$temp" =~ ${regex_email} ]]
# If it is, use it
then echo "$temp" && return
# Otherwise use default email
else echo 'rpmbuild@rosa.unknown' && return
fi
# If script above has not return'ed for any reason,
# e.g. because of non-bash shell being not able to
# process regexp, use default email
echo 'rpmbuild@rosa.unknown'
}
email="$(_get_email)"
cat <<EOF > "%{certs_key_config_rnd}"
[ req ]
prompt = no
string_mask = utf8only
#default_keyfile = %{certs_signing_key_priv_rnd}
distinguished_name = req_distinguished_name
x509_extensions = myexts
[ req_distinguished_name ]
organizationName = %{vendor} rpmbuild
commonName = Build time autogenerated @ALGO@ kernel key
emailAddress = ${email}
[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
EOF
cat "%{certs_key_config_rnd}"
sed -e 's,@ALGO@,RSA,g' "%{certs_key_config_rnd}" > "%{certs_key_config_rnd}.RSA"
sed -e 's,@ALGO@,GOST R 34.10-2012,g' "%{certs_key_config_rnd}" > "%{certs_key_config_rnd}.GOST"
# avoid using the template
rm -f "%{certs_key_config_rnd}"
_libressl_gen_key(){
if [ "$GOST_KEY" = 1 ]
then
lssl_req_gost_args="\
-newkey gost2001 \
-pkeyopt dgst:streebog512 -pkeyopt paramset:A \
-streebog512"
OUT="%{certs_signing_key_priv_rnd}.GOST"
CONFIG="%{certs_key_config_rnd}.GOST"
else
lssl_req_gost_args=""
OUT="%{certs_signing_key_priv_rnd}.RSA"
CONFIG="%{certs_key_config_rnd}.RSA"
fi
libressl req -new -nodes -utf8 -batch \
$lssl_req_gost_args \
-days 109500 \
-x509 -config "$CONFIG" \
-out "$OUT" \
-keyout "$OUT"
# Verify
if [ "$GOST_KEY" = 1 ]; then
libressl x509 -in "%{certs_signing_key_priv_rnd}.GOST" -text -noout \
| grep -E 'Signature Algorithm:.*GOST R 34.10-2012'
libressl x509 -in "%{certs_signing_key_priv_rnd}.GOST" -text -noout \
| grep -E 'Digest Algorithm:.*GOST R 34-11-2012'
libressl x509 -in "%{certs_signing_key_priv_rnd}.GOST" -text -noout \
| grep -E 'Public Key Algorithm:.*GOST R 34.10-2012'
fi
}
GOST_KEY=0 _libressl_gen_key
GOST_KEY=1 _libressl_gen_key
# Fake CONFIG_MODULE_SIG_KEY to make build scripts happy
cp -v "%{certs_signing_key_priv_rnd}.RSA" "%{certs_signing_key_priv_rnd}"
# Strip public parts from the generated PEMs
sed -n \
'/^-----BEGIN CERTIFICATE-----$/,/^-----END CERTIFICATE-----$/p' \
"%{certs_signing_key_priv_rnd}.GOST" \
"%{certs_signing_key_priv_rnd}.RSA" \
> "%{certs_public_keys}"
# link sign-file and extract-cert with LibreSSL instead of OpenSSL
if [ $? != 0 ] ; then exit $? ; fi
sed -i %{src_dir}/scripts/Makefile \
%if %{with uml}
%{src_dir}.uml/scripts/Makefile \
%endif
-e "s, libcrypto , libressl-libcrypto ,g"
%if %{with additional_keys}
# Add additional public RSA keys to the list of trusted keys for kernel modules
# Build kernel --without additional_keys if you do not want to trust them
cat %{expand:%(for i in `seq 1 12`; do echo "%%SOURCE$((200+${i}))" | tr "\n" " "; done)} \
>> "%{certs_public_keys}"
%endif #endif additional_keys
cat %{certs_public_keys}
# .config
%smake -s mrproper
cp arch/%{arch_type}/configs/%{arch_suffix}_defconfig-%{flavour} .config
# make sure EXTRAVERSION says what we want it to say
LC_ALL=C sed -ri "s/^EXTRAVERSION.*/EXTRAVERSION = -%{flavour}-%{buildrpmrel}/" Makefile
# build the kernel
echo "Building kernel %{kver_full}"
TARGETS="all"
# need to install dtbs to proper boot arm64 devices
%ifarch aarch64
TARGETS="$TARGETS dtbs"
%endif
%kmake V=1 -s $TARGETS
# Install modules
mkdir -p %{temp_modules}/%{kver_full}
%smake INSTALL_MOD_PATH=%{temp_root} KERNELRELEASE=%{kver_full} modules_install
%if %{with binary_extra_modules}
# Build and install procedure is specific to each Makefile from kernmel-source-* packages
# See also: https://www.kernel.org/doc/html/latest/kbuild/modules.html
# Copy directory because write permissions are required
# `make modules_install` must be done before this, otherwise these copied files will be deleted
cp -r "$(rpm -q --qf '/usr/src/rtl8821ce-%%{VERSION}-%%{RELEASE}' kernel-source-rtl8821ce)" kernel-source-rtl8821ce
pushd kernel-source-rtl8821ce
%kmake KSRC=%{src_dir} M="$PWD"
mkdir -p %{temp_modules}/%{kver_full}/kernel/net/wireless/
cp 8821ce.ko %{temp_modules}/%{kver_full}/kernel/net/wireless/8821ce.ko
popd
rm -fr kernel-source-rtl8821ce
cp -r "$(rpm -q --qf '/usr/src/tripso-%%{VERSION}-%%{RELEASE}' kernel-source-tripso)" kernel-source-tripso
pushd kernel-source-tripso
%kmake KDIR=%{src_dir}
mkdir -p %{temp_modules}/%{kver_full}/kernel/net
cp xt_TRIPSO.ko %{temp_modules}/%{kver_full}/kernel/net/
popd
rm -fr kernel-source-tripso
%if %{with binary_shredder}
cp -r "$(rpm -q --qf '/usr/src/shredder-kernel-%%{VERSION}-%%{RELEASE}' kernel-source-shredder-kernel)" kernel-source-shredder-kernel
pushd kernel-source-shredder-kernel
%kmake KERNEL_PATH=%{src_dir}
mkdir -p %{temp_modules}/%{kver_full}/kernel/extra/
cp shredder-kernel.ko %{temp_modules}/%{kver_full}/kernel/extra/
popd
rm -fr kernel-source-shredder-kernel
%endif
%if %{with binary_virtualbox_host}
# build commands for virtualbox are based on the ones from the virtualbox package
cp -r "$(rpm -q --qf '/usr/src/virtualbox-%%{VERSION}-%%{RELEASE}' kernel-source-virtualbox)" kernel-source-virtualbox
mkdir -p %{temp_modules}/%{kver_full}/kernel/misc/
pushd kernel-source-virtualbox
make -C vboxdrv KERN_DIR=%{src_dir} KERN_VER=%{kver_full}
cp -fv vboxdrv/Module.symvers vboxnetflt
cp -fv vboxdrv/Module.symvers vboxnetadp
make -C vboxnetflt KERN_DIR=%{src_dir} KERN_VER=%{kver_full}
make -C vboxnetadp KERN_DIR=%{src_dir} KERN_VER=%{kver_full}
cp -fv vboxnetadp/Module.symvers vboxpci/
make -C vboxpci KERN_DIR=%{src_dir} KERN_VER=%{kver_full}
for i in vboxnetflt vboxnetadp vboxdrv vboxpci
do
cp -v "${i}/${i}.ko" %{temp_modules}/%{kver_full}/kernel/misc/
done
popd
%endif
%if %{with nickel}
# rosa-test-suite uses /sr/src/xxx-version, not /usr/src/xxx-version-release
cp -r "$(rpm -q --qf '/usr/src/rosa-test-suite-%%{VERSION}' kernel-source-rosa-test-suite)" kernel-source-rosa-test-suite
pushd kernel-source-rosa-test-suite
mkdir -p %{temp_modules}/%{kver_full}/kernel/misc/
for i in nlkm memfreetest pcietest
do
cat << EOF > Makefile
obj-m := ${i}.o
all:
make -C %{src_dir} M=\$(PWD) modules
EOF
%kmake
cp -fv ${i}.ko %{temp_modules}/%{kver_full}/kernel/misc/
done
popd
%endif #with nickel <- with binary_extra_modules
%endif #with binary_extra_modules
%if %{with uml}
cp -rv %{certs_dir_rnd} %{src_dir}.uml/
pushd %{src_dir}.uml
%kmake ARCH=um defconfig
%kmake ARCH=um linux
install -Dm0755 linux %{temp_root}%{_bindir}/linux-uml-%{kver_full}
#rm -fv linux
%kmake V=1 ARCH=um modules
mkdir -p %{temp_root}/lib/modules-uml/%{kver_full}/
%kmake ARCH=um INSTALL_MOD_PATH=%{temp_root}/lib/modules-uml/%{kver_full}/ modules_install
popd
%endif
install -d %{temp_boot}
install -m 644 System.map %{temp_boot}/System.map-%{kver_full}
install -m 644 .config %{temp_boot}/config-%{kver_full}
xz -c Module.symvers > %{temp_boot}/symvers-%{kver_full}.xz
%ifarch aarch64
cp -f arch/arm64/boot/Image.gz %{temp_boot}/vmlinuz-%{kver_full}
%else
cp -f arch/%{arch_type}/boot/bzImage %{temp_boot}/vmlinuz-%{kver_full}
%endif
# headers
%if %{build_headers}
%make INSTALL_HDR_PATH=%{temp_root}%{_prefix} KERNELRELEASE=%{kver_full} headers_install
find %{temp_root}%{_prefix} -name .install -or -name ..install.cmd | %kxargs rm -f
%endif
# remove /lib/firmware, we use a separate linux-firmware package
rm -rf %{temp_root}/lib/firmware
# Prepare the files for kernel*-devel
%if %build_devel
mkdir -p %{temp_devel_root}
for i in $(find . -name 'Makefile*'); do cp -R --parents $i %{temp_devel_root}; done
for i in $(find . -name 'Kconfig*' -o -name 'Kbuild*'); do cp -R --parents $i %{temp_devel_root}; done
cp -fR include %{temp_devel_root}
cp -fR scripts %{temp_devel_root}
cp -fR kernel/bounds.c %{temp_devel_root}/kernel
cp -fR kernel/time/timeconst.bc %{temp_devel_root}/kernel/time
cp -fR tools %{temp_devel_root}/
cp -fR arch/%{arch_type}/kernel/asm-offsets.{c,s} %{temp_devel_root}/arch/%{arch_type}/kernel/
%ifarch %{ix86} %{x86_64}
cp -fR arch/%{arch_type}/kernel/asm-offsets_{32,64}.c %{temp_devel_root}/arch/%{arch_type}/kernel/
cp -fR arch/%{arch_type}/purgatory/* %{temp_devel_root}/arch/%{arch_type}/purgatory/
# needed for arch/x86/purgatory
cp -fR lib/*.h lib/*.c %{temp_devel_root}/lib/
cp -fR arch/%{arch_type}/entry/syscalls/syscall* %{temp_devel_root}/arch/%{arch_type}/entry/syscalls/
cp -fR arch/%{arch_type}/tools %{temp_devel_root}/arch/%{arch_type}/
# needed for kexec
cp -fR arch/%{arch_type}/boot/*.h %{temp_devel_root}/arch/%{arch_type}/boot/
cp -fR arch/%{arch_type}/boot/*.c %{temp_devel_root}/arch/%{arch_type}/boot/
%endif
cp -fR arch/%{arch_type}/include %{temp_devel_root}/arch/%{arch_type}/
cp -fR .config Module.symvers %{temp_devel_root}
# Needed for truecrypt build (Danny)
cp -fR drivers/md/dm.h %{temp_devel_root}/drivers/md/
# Needed for lirc_gpio (#39004)
cp -fR drivers/media/pci/bt8xx/bttv{,p}.h %{temp_devel_root}/drivers/media/pci/bt8xx/
cp -fR drivers/media/pci/bt8xx/bt848.h %{temp_devel_root}/drivers/media/pci/bt8xx/
cp -fR drivers/media/common/btcx-risc.h %{temp_devel_root}/drivers/media/common/
# add acpica header files, needed for fglrx build
cp -fR drivers/acpi/acpica/*.h %{temp_devel_root}/drivers/acpi/acpica/
# aufs2 has a special file needed
cp -fR fs/aufs/magic.mk %{temp_devel_root}/fs/aufs
# SELinux needs security/selinux/include
cp -fR security/selinux/include %{temp_devel_root}/security/selinux
for i in alpha arc avr32 blackfin c6x cris csky frv h8300 hexagon ia64 m32r m68k m68knommu metag microblaze \
mips mn10300 nds32 nios2 openrisc parisc powerpc riscv s390 score sh sparc tile unicore32 xtensa; do
rm -rf %{temp_devel_root}/arch/$i
done
# Clean the scripts tree, and make sure everything is ok (sanity check)
# running prepare+scripts (tree was already "prepared" in build)
pushd %{temp_devel_root}
%smake V=1 -s clean ARCH=%{arch_type}
popd
rm -f %{temp_devel_root}/.config.old
# fix permissions
chmod -R a+rX %{temp_devel_root}
# disable mrproper in -devel rpms
patch -p1 --fuzz=0 -d %{temp_devel_root} -i %{SOURCE2}
# endif build_devel
%endif
# Manage the files with debug info, provide the debug links in the
# kernel modules.
%if %build_debug
install -m 644 vmlinux %{temp_boot}/vmlinux-%{kver_full}
kernel_debug_files=../kernel_debug_files.%{flavour}
echo "%{_bootdir}/vmlinux-%{kver_full}" >> $kernel_debug_files
find %{temp_modules}/%{kver_full}/kernel \
-name "*.ko" | \
%kxargs -I '{}' objcopy --only-keep-debug '{}' '{}'.debug
find %{temp_modules}/%{kver_full}/kernel \
-name "*.ko" | %kxargs -I '{}' \
sh -c 'cd `dirname {}`; \
objcopy --add-gnu-debuglink=`basename {}`.debug \
--strip-debug `basename {}`'
pushd %{temp_modules}
find %{kver_full}/kernel -name "*.ko.debug" > debug_module_list
popd
cat %{temp_modules}/debug_module_list | \
sed 's|\(.*\)|%{_modulesdir}/\1|' >> $kernel_debug_files
cat %{temp_modules}/debug_module_list | \
sed 's|\(.*\)|%exclude %{_modulesdir}/\1|' \
>> ../kernel_exclude_debug_files.%{flavour}
rm -f %{temp_modules}/debug_module_list
# endif build_debug
%endif
# https://patchwork.kernel.org/patch/11446123/
_libressl_sign(){
if [ ! -f "$1" ]; then
echo "No file $1"
return 0
fi
f="$1"
%if %{with gost_sign}
%{src_dir}/scripts/sign-file streebog512 \
"%{certs_signing_key_priv_rnd}.GOST" "%{certs_signing_key_priv_rnd}.GOST" "$f"
%else
%{src_dir}/scripts/sign-file sha512 \
"%{certs_signing_key_priv_rnd}.RSA" "%{certs_signing_key_priv_rnd}.RSA" "$f"
%endif
unset f
}
export -f _libressl_sign
find %{temp_modules}/%{kver_full}/kernel \
%if %{with uml}
%{temp_root}/lib/modules-uml/%{kver_full} \
%endif
-name '*.ko' -print0 | sort -u | \
xargs --null -P "$(nproc)" -I {} "$SHELL" -e -x -c 'if ! _libressl_sign "{}"; \
then echo Failed _libressl_sign on "{}" && exit 1; fi'
# Create the list of files for the kernel.
kernel_files=../kernel_files.%{flavour}
cat > $kernel_files <<EOF
%{_bootdir}/System.map-%{kver_full}
%{_bootdir}/symvers-%{kver_full}.xz
%{_bootdir}/config-%{kver_full}
%{_bootdir}/vmlinuz-%{kver_full}
%{_modulesdir}/%{kver_full}/kernel
%if %{with binary_extra_modules}
# 8821ce.ko.debug will not be excluded and will be in the main debug subpackage
%exclude %{_modulesdir}/%{kver_full}/kernel/net/wireless/8821ce.ko%{kmod_suffix}
%if %{with binary_shredder}
%exclude %{_modulesdir}/%{kver_full}/kernel/extra/shredder-kernel.ko%{kmod_suffix}
%endif
%if %{with binary_virtualbox_host}
# vbox host modules may be built here (vboxnetflt vboxnetadp vboxdrv vboxpci)
# vbox guest modules are in the mainline kernel now (vboxvideo vboxguest vboxsf)
%exclude %{_modulesdir}/%{kver_full}/kernel/misc/vbox*.ko%{kmod_suffix}
%endif
%exclude %{_modulesdir}/%{kver_full}/kernel/net/xt_TRIPSO.ko%{kmod_suffix}
%if %{with nickel}
%exclude %{_modulesdir}/%{kver_full}/kernel/misc/nlkm.ko%{kmod_suffix}
%exclude %{_modulesdir}/%{kver_full}/kernel/misc/memfreetest.ko%{kmod_suffix}
%exclude %{_modulesdir}/%{kver_full}/kernel/misc/pcietest.ko%{kmod_suffix}
%endif
%endif #with binary_extra_modules
%{_modulesdir}/%{kver_full}/modules.*
EOF
%if %build_debug
cat ../kernel_exclude_debug_files.%{flavour} >> $kernel_files
%endif
# set extraversion to match srpm to get nice version reported by the tools
LC_ALL=C sed -ri "s/^EXTRAVERSION.*/EXTRAVERSION = -%{fullrpmrel}/" Makefile
%if %{build_perf}
%smake -C tools/perf -s PYTHON=%{__python3} HAVE_CPLUS_DEMANGLE=1 WERROR=0 prefix=%{_prefix} lib=%{_lib} NO_GTK2=1 all
%smake -C tools/perf -s prefix=%{_prefix} lib=%{_lib} NO_GTK2=1 man
%endif
%if %{build_cpupower}
# make sure version-gen.sh is executable.
chmod +x tools/power/cpupower/utils/version-gen.sh
%make -C tools/power/cpupower CPUFREQ_BENCH=false
%endif
_cleanup
############################################################################
%install
cd %src_dir
# We want to be able to test several times the install part
rm -rf %{buildroot}
cp -a %{temp_root} %{buildroot}
# Multithreaded verification that every kernel module
# has a signature attached to it
mkdir -p "%{certs_dir_rnd}"
touch %{certs_verify_tmp}
_verify_signature(){
if [ -z "$1" ] || [ ! -f "$1" ]; then return; fi
if hexdump -C "$1" | rev | cut -f 2 -d '|' | rev | tr -d '\n' | \
grep -q '~Module signature appended~'
then
if [ -f %{certs_verify_tmp} ]; then
rm -f %{certs_verify_tmp}
fi
else
echo "ERROR: Module $1 has no signature attached to it!"
exit 1
fi
}
export -f _verify_signature
find %{target_modules} \
%if %{with uml}
%{buildroot}/lib/modules-uml/%{kver_full} \
%endif
-name '*.ko' -print0 | sort -u | \
xargs --null -P "$(nproc)" -I {} "$SHELL" -c '_verify_signature "{}"'
if [ -f %{certs_verify_tmp} ]; then
echo "ERROR: seems that signatures of none modules were verified!"
exit 1
fi
rm -f %{certs_verify_tmp}
# compressing modules
%if %{build_modxz}
find %{target_modules} -name "*.ko" | %kxargs xz -6e
%else
find %{target_modules} -name "*.ko" | %kxargs gzip -9
%endif
pushd %{target_modules}
for i in *; do
rm -f $i/build $i/source
ln -sf /usr/src/linux-$i $i/build
ln -sf /usr/src/linux-$i $i/source
done
# sniff, if we compressed all the modules, we change the stamp :(
# we really need the depmod -ae here
for i in *; do
/sbin/depmod -ae -b %{buildroot} -F %{target_boot}/System.map-$i $i
echo $?
done
# We used to create modules.description files which contained the
# description strings for the modules as shown by modinfo. These files
# are unlikely to be used right now, so create them (in case some old tool
# checks for their existence) but keep them empty.
for i in *; do
touch $i/modules.description
done
popd
# need to set extraversion to match srpm again to avoid rebuild
LC_ALL=C sed -ri "s/^EXTRAVERSION.*/EXTRAVERSION = -%{fullrpmrel}/" Makefile
%if %{build_perf}
# perf tool binary and supporting scripts/binaries
make -C tools/perf -s V=1 DESTDIR=%{buildroot} WERROR=0 HAVE_CPLUS_DEMANGLE=1 prefix=%{_prefix} lib=%{_lib} install
# Versionize shebang (#!/usr/bin/env python -> #!/usr/bin/python3)
sed -i -e '1 s,^.*$,#!%{__python3},' %{buildroot}%{_prefix}/libexec/perf-core/scripts/python/exported-sql-viewer.py
# perf man pages (note: implicit rpm magic compresses them later)
make -C tools/perf -s V=1 DESTDIR=%{buildroot} WERROR=0 HAVE_CPLUS_DEMANGLE=1 prefix=%{_prefix} install-man
%endif
%if %{build_cpupower}
make -C tools/power/cpupower DESTDIR=%{buildroot} libdir=%{_libdir} mandir=%{_mandir} CPUFREQ_BENCH=false install
rm -f %{buildroot}%{_libdir}/*.{a,la}
%find_lang cpupower
mv cpupower.lang ../
chmod 0755 %{buildroot}%{_libdir}/libcpupower.so*
mkdir -p %{buildroot}%{_unitdir} %{buildroot}%{_sysconfdir}/sysconfig
install -m644 %{SOURCE50} %{buildroot}%{_unitdir}/cpupower.service
install -m644 %{SOURCE53} %{buildroot}%{_unitdir}/cpupower.path
install -m644 %{SOURCE51} %{buildroot}%{_sysconfdir}/sysconfig/cpupower
install -m755 %{SOURCE52} %{buildroot}%{_bindir}/cpupower-start.sh
%endif
# delete junk
rm -fr %{buildroot}%{_usr}/src/*/kernel-source-*
%if %{with flow_abi}
# Prefix with "zzz" to put this directory into the end of search list
# and avoid tricks with depmod configs
mkdir -p %{buildroot}/lib/modules/%{kernelversion}.%{patchlevel}-rosa-flow-abi
ln -s /lib/modules/%{kernelversion}.%{patchlevel}-rosa-flow-abi %{buildroot}%{_modulesdir}/%{kver_full}/kernel/zzz-%{kernelversion}.%{patchlevel}-rosa-flow-abi
%endif
Reference in a new issue View git blame Copy permalink