From 9477ab1a9a56076a771d3e3553825792e2ea50c4 Mon Sep 17 00:00:00 2001 From: "kelpee (Sergey)" Date: Thu, 21 Oct 2021 22:47:53 +0300 Subject: [PATCH] 5.14.13-xanmod1 --- .abf.yml | 3 +- ...o-off-modules-signature-check-dynami.patch | 37 + 0001-audit-make-it-less-verbose.patch | 34 + ...t-loading-GOST-signed-kernel-modules.patch | 46 + 0001-perf-skip-xmlto-validation.patch | 30 + ...l-functionality-with-modern-LibreSSL.patch | 47 + audit-make-it-less-verbose.patch | 21 - kernel-xanmod.spec | 1296 +++++++++++------ kernel.rpmlintrc | 31 +- linux-5.13-attribute-error.patch | 15 - macros.ksobirator | 40 + perf-xmlto-skip-validation.patch | 12 - xanmod-futex2-error-avoid.patch | 13 - 13 files changed, 1061 insertions(+), 564 deletions(-) create mode 100644 0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch create mode 100644 0001-audit-make-it-less-verbose.patch create mode 100644 0001-crypto-support-loading-GOST-signed-kernel-modules.patch create mode 100644 0001-perf-skip-xmlto-validation.patch create mode 100644 0001-sign-file-full-functionality-with-modern-LibreSSL.patch delete mode 100644 audit-make-it-less-verbose.patch delete mode 100644 linux-5.13-attribute-error.patch create mode 100644 macros.ksobirator delete mode 100644 perf-xmlto-skip-validation.patch delete mode 100644 xanmod-futex2-error-avoid.patch diff --git a/.abf.yml b/.abf.yml index 1723c39..3f4019a 100644 --- a/.abf.yml +++ b/.abf.yml @@ -1,5 +1,4 @@ sources: linux-5.14.tar.xz: 82c1b2888febfe12510a8e83e09b7652c606ffda patch-5.14.13-xanmod1.xz: ce79c3af8a2f3bdfdecdb1c690753a7e9aa53ea6 - - + diff --git a/0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch b/0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch new file mode 100644 index 0000000..f3412d3 --- /dev/null +++ b/0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch @@ -0,0 +1,37 @@ +From 36dc5cf3039c0751fe95370a247ca1c23c06571c Mon Sep 17 00:00:00 2001 +From: Mikhail Novosyolov +Date: Mon, 10 Aug 2020 10:38:20 +0300 +Subject: [PATCH] ROSA: ima: allow to off modules signature check dynamically + +Allow module.sig_enforce=0 kernel cmdline, not only module.sig_enforce=1 +It allows to keep CONFIG_MODULE_SIG_FORCE=y, but disable it when really needed +without recompiling the kernel (it may be impossible, e.g. in certified systems). + +GRUB or another bootloader is password-protected when needed, +so I am not afraid much that someone will be able to turn it off when not needed. + +ROSA-specific patch. +This violates requirements of "secure boot", but currently we do not have secure boot in ROSA. + +Signed-off-by: Mikhail Novosyolov +--- + kernel/module.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/module.c b/kernel/module.c +index 6baa1080c..118d8ee60 100644 +--- a/kernel/module.c ++++ b/kernel/module.c +@@ -274,7 +274,7 @@ + + #ifdef CONFIG_MODULE_SIG + static bool sig_enforce = IS_ENABLED(CONFIG_MODULE_SIG_FORCE); +-module_param(sig_enforce, bool_enable_only, 0644); ++module_param(sig_enforce, bool, 0644); + + void set_module_sig_enforced(void) + { + +-- +2.17.1 + diff --git a/0001-audit-make-it-less-verbose.patch b/0001-audit-make-it-less-verbose.patch new file mode 100644 index 0000000..581d3de --- /dev/null +++ b/0001-audit-make-it-less-verbose.patch @@ -0,0 +1,34 @@ +From edce12c92c0d1e02a6f41344290ee7adee745ef4 Mon Sep 17 00:00:00 2001 +From: Evgenii Shatokhin +Date: Wed, 11 Dec 2019 21:10:42 +0300 +Subject: [PATCH] audit: make it less verbose + +It seems, if audit itself is not installed and therefore nothing listens +to the messages from the kernel's audit subsystem, the latter spams the +kernel log with such messages. + +Let us make them debug-level and thus invisible by default. + +http://bugs.rosalinux.ru/show_bug.cgi?id=6235 +http://bugs.rosalinux.ru/show_bug.cgi?id=6459 +Signed-off-by: Mikhail Novosyolov +--- + kernel/audit.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/kernel/audit.c b/kernel/audit.c +index 68cee3bc8cfe..805633090ea5 100644 +--- a/kernel/audit.c ++++ b/kernel/audit.c +@@ -535,7 +535,7 @@ static void kauditd_printk_skb(struct sk_buff *skb) + char *data = nlmsg_data(nlh); + + if (nlh->nlmsg_type != AUDIT_EOE && printk_ratelimit()) +- pr_notice("type=%d %s\n", nlh->nlmsg_type, data); ++ pr_debug("type=%d %s\n", nlh->nlmsg_type, data); + } + + /** +-- +2.25.1 + diff --git a/0001-crypto-support-loading-GOST-signed-kernel-modules.patch b/0001-crypto-support-loading-GOST-signed-kernel-modules.patch new file mode 100644 index 0000000..8522a6c --- /dev/null +++ b/0001-crypto-support-loading-GOST-signed-kernel-modules.patch @@ -0,0 +1,46 @@ +From 59bf6ed4709ea82d63be300814af2c4c94503e14 Mon Sep 17 00:00:00 2001 +From: Mikhail Novosyolov +Date: Thu, 6 Aug 2020 14:17:31 +0300 +Subject: [PATCH] crypto: support loading GOST-signed kernel modules + +Support loading kernel modules signed with: +* 1.2.643.7.1.1.1.1 id-tc26-gost3410-12-256 +* 1.2.643.7.1.1.1.2 id-tc26-gost3410-12-512 + +Signed-off-by: Mikhail Novosyolov +--- + crypto/asymmetric_keys/pkcs7_parser.c | 11 +++++++++++ + 1 file changed, 11 insertions(+) + +diff --git a/crypto/asymmetric_keys/pkcs7_parser.c b/crypto/asymmetric_keys/pkcs7_parser.c +index 967329e0a07b..39c260a04167 100644 +--- a/crypto/asymmetric_keys/pkcs7_parser.c ++++ b/crypto/asymmetric_keys/pkcs7_parser.c +@@ -248,6 +248,12 @@ int pkcs7_sig_note_digest_algo(void *context, size_t hdrlen, + case OID_sha224: + ctx->sinfo->sig->hash_algo = "sha224"; + break; ++ case OID_gost2012Digest256: ++ ctx->sinfo->sig->hash_algo = "streebog256"; ++ break; ++ case OID_gost2012Digest512: ++ ctx->sinfo->sig->hash_algo = "streebog512"; ++ break; + default: + printk("Unsupported digest algo: %u\n", ctx->last_oid); + return -ENOPKG; +@@ -269,6 +275,11 @@ int pkcs7_sig_note_pkey_algo(void *context, size_t hdrlen, + ctx->sinfo->sig->pkey_algo = "rsa"; + ctx->sinfo->sig->encoding = "pkcs1"; + break; ++ case OID_gost2012PKey256: ++ case OID_gost2012PKey512: ++ ctx->sinfo->sig->pkey_algo = "ecrdsa"; ++ ctx->sinfo->sig->encoding = "raw"; ++ break; + default: + printk("Unsupported pkey algo: %u\n", ctx->last_oid); + return -ENOPKG; +-- +2.17.1 + diff --git a/0001-perf-skip-xmlto-validation.patch b/0001-perf-skip-xmlto-validation.patch new file mode 100644 index 0000000..09c812e --- /dev/null +++ b/0001-perf-skip-xmlto-validation.patch @@ -0,0 +1,30 @@ +From 8d376cb0241182ae4859db3aa7f790996054ae75 Mon Sep 17 00:00:00 2001 +From: Evgenii Shatokhin +Date: Wed, 11 Dec 2019 21:12:06 +0300 +Subject: [PATCH] perf: skip xmlto validation + +Perf docs are built after all the kernels. To validate the xml files +generated during that process, xmlto tries to get DTD files from the Net. +If it fails, the whole build fails, which is unfortunate. Let us avoid this. + +Signed-off-by: Mikhail Novosyolov +--- + tools/perf/Documentation/Makefile | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tools/perf/Documentation/Makefile b/tools/perf/Documentation/Makefile +index 6e54979c2124..ccbc7a68769d 100644 +--- a/tools/perf/Documentation/Makefile ++++ b/tools/perf/Documentation/Makefile +@@ -51,7 +51,7 @@ ASCIIDOC=asciidoc + ASCIIDOC_EXTRA += --unsafe -f asciidoc.conf + ASCIIDOC_HTML = xhtml11 + MANPAGE_XSL = manpage-normal.xsl +-XMLTO_EXTRA = ++XMLTO_EXTRA = --skip-validation + INSTALL?=install + RM ?= rm -f + DOC_REF = origin/man +-- +2.25.1 + diff --git a/0001-sign-file-full-functionality-with-modern-LibreSSL.patch b/0001-sign-file-full-functionality-with-modern-LibreSSL.patch new file mode 100644 index 0000000..7cd3dd7 --- /dev/null +++ b/0001-sign-file-full-functionality-with-modern-LibreSSL.patch @@ -0,0 +1,47 @@ +From 7fac9b5a88bf45574b92cc3ad74fac32f3bacbcc Mon Sep 17 00:00:00 2001 +From: Mikhail Novosyolov +Date: Thu, 19 Mar 2020 00:15:41 +0300 +Subject: [PATCH] sign-file: full functionality with modern LibreSSL + +Current pre-release version of LibreSSL has enabled CMS support, +and now sign-file is fully functional with it. + +See https://github.com/libressl-portable/openbsd/commits/master + +To test buildability with LibreSSL: +~$ git clone https://github.com/libressl-portable/portable.git +~$ cd portable && ./autogen.sh +~$ ./configure --prefix=/opt/libressl +~$ make +~# make install +Go to the kernel source tree and: +~$ gcc -I/opt/libressl/include -L /opt/libressl/lib -lcrypto -Wl,-rpath,/opt/libressl/lib scripts/sign-file.c -o scripts/sign-file + +Fixes: f8688017 ("sign-file: fix build error in sign-file.c with libressl") + +Signed-off-by: Mikhail Novosyolov +--- + scripts/sign-file.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/scripts/sign-file.c b/scripts/sign-file.c +index fbd34b8e8f57..fd4d7c31d1bf 100644 +--- a/scripts/sign-file.c ++++ b/scripts/sign-file.c +@@ -41,9 +41,10 @@ + * signing with anything other than SHA1 - so we're stuck with that if such is + * the case. + */ +-#if defined(LIBRESSL_VERSION_NUMBER) || \ +- OPENSSL_VERSION_NUMBER < 0x10000000L || \ +- defined(OPENSSL_NO_CMS) ++#if defined(OPENSSL_NO_CMS) || \ ++ ( defined(LIBRESSL_VERSION_NUMBER) \ ++ && (LIBRESSL_VERSION_NUMBER < 0x3010000fL) ) || \ ++ OPENSSL_VERSION_NUMBER < 0x10000000L + #define USE_PKCS7 + #endif + #ifndef USE_PKCS7 +-- +2.20.1 + diff --git a/audit-make-it-less-verbose.patch b/audit-make-it-less-verbose.patch deleted file mode 100644 index c100815..0000000 --- a/audit-make-it-less-verbose.patch +++ /dev/null @@ -1,21 +0,0 @@ -It seems, if audit itself is not installed and therefore nothing listens -to the messages from the kernel's audit subsystem, the latter spams the -kernel log with such messages. - -Let us make them debug-level and thus invisible by default. - -http://bugs.rosalinux.ru/show_bug.cgi?id=6235 -http://bugs.rosalinux.ru/show_bug.cgi?id=6459 - -diff -Naur linux-5.9.orig/kernel/audit.c linux-5.9/kernel/audit.c ---- linux-5.9.orig/kernel/audit.c 2020-10-17 12:03:17.445125041 +0300 -+++ linux-5.9/kernel/audit.c 2020-10-17 12:03:17.455125041 +0300 -@@ -535,7 +535,7 @@ - char *data = nlmsg_data(nlh); - - if (nlh->nlmsg_type != AUDIT_EOE && printk_ratelimit()) -- pr_notice("type=%d %s\n", nlh->nlmsg_type, data); -+ pr_debug("type=%d %s\n", nlh->nlmsg_type, data); - } - - /** diff --git a/kernel-xanmod.spec b/kernel-xanmod.spec index a6e4092..5dab175 100644 --- a/kernel-xanmod.spec +++ b/kernel-xanmod.spec @@ -1,5 +1,34 @@ %define userlabel klp +# _get_email() in %%build contains bashisms for regexping +%define _buildshell /bin/bash + +# brp-python-bytecompile uses /usr/bin/python, +# but it is a different python version in different ROSA +# releases; there is no good way to tell brp-python-bytecompile +# which iterpreter to use; so just disable it to avoid problems +%define _python_bytecompile_build 0 + +# Probably dwz bug, on i686 only file is not packaged: +# /usr/lib/debug/usr/bin/trace-5.4.40-3.i386.debug.#dwz#.b5xuKG +# dwz compresses only debuginfo from perf, cpupower, uml, +# not the kernel itself (because it is stripped not by RPM), +# so we do not loose much by disabling it. +%global _find_debuginfo_dwz_opts %{nil} + +# Put everything into one non-standard debuginfo subpackage +# TODO: make multiple debuginfo packages coinstallable as installonlypkg, +# to achive this, there must be no conflicting files. +# Probably signing and compressing of kernel modules +# has to be moved to %%_spec_install_post. +%global _debuginfo_subpackages %{nil} +%global _debuginfo_template %{nil} +%undefine _debugsource_packages + +# Hack: flavour and major version are variable, make %%_build_pkgcheck_* always detect and use this config +%global _build_pkgcheck_set %(echo "%{_build_pkgcheck_set}" | sed -e 's,/%{name}.rpmlintrc,/kernel.rpmlintrc,') +%global _build_pkgcheck_srpm %(echo "%{_build_pkgcheck_srpm}" | sed -e 's,/%{name}.rpmlintrc,/kernel.rpmlintrc,') + %define kernelversion 5 %define patchlevel 14 # sublevel is used for stable-based kernels @@ -8,51 +37,97 @@ %define patch_rel 1 # Release number. Increase this before a rebuild. -%define rpmrel 1.%{userlabel} +%define rpmrel 3.%{userlabel} %define fullrpmrel %{rpmrel} -%define rpmtag %{disttag} - -# fakerel and fakever never change, they are used to fool -# rpm/urpmi/smart and ensure the kernels are installed, -# not upgraded so old kernel is not overwritten or removed -%define fakever 1 -%define fakerel %mkrel 1 +%define rpmtag %{disttag} # version defines %define kversion_base %{kernelversion}.%{patchlevel}.%{sublevel} %define kversion %{kversion_base}.xm%{patch_rel} -%define kverrel %{kversion}-%{fullrpmrel} -%define tar_ver %{kernelversion}.%{patchlevel} +%define kverrel %{kversion}-%{fullrpmrel} +%define tar_ver %{kernelversion}.%{patchlevel} %ifarch %{ix86} -# Use a standard suffix for 32-bit x86 %define arch_suffix i586 -%else -%define arch_suffix %{_arch} %endif -%define buildrpmrel %{rpmtag}-%{arch_suffix} -%define buildrel %{kversion}-%{fullrpmrel}-%{buildrpmrel} +%ifarch %{x86_64} +%define arch_suffix x86_64 +%endif -# Kernel flavour -%define flavour xanmod +%ifarch aarch64 +%define arch_suffix arm64 +%endif + +%define buildrpmrel %{fullrpmrel}%{rpmtag}-%{arch_suffix} +%define buildrel %{kversion}-%{buildrpmrel} + +# Add not only the build time generated key to the trusted keyring, +# but also add public keys of private ROSA's keys +%bcond_without additional_keys + +# Fail the build after "make oldconfig" to edit kernel configs +%bcond_with fail + +# User Mode Linux, https://habr.com/ru/company/itsumma/blog/459558/ +# Not buildable on aarch64 +%ifarch %{x86_64} +%bcond_without uml +%else +%bcond_with uml +%endif + +%if %{mdvver} >= 201905 +# Build binary out-of-tree kernel modules (experimental) +%bcond_without binary_extra_modules +# Sign kernel modules with GOST key (experimental) +%bcond_without gost_sign +%else +%bcond_with binary_extra_modules +%bcond_with gost_sign +%endif + +%bcond_with ccache +%bcond_without flow_abi + +# 1. VirtualBox is for x86_32 and x86_64 only +# 2. I do not know how to solve the problem that userspace part of VirtualBox +# will be updated ahead of these binary modules. So just off building them. +%bcond_with binary_virtualbox_host + +# shredder-kernel works only on x86_64, makes manipulations with syscalls tables, +# loading/unloading of the module failed sometimes on kernel 5.4 +# and it has not been adapted for kernel 5.10 (is not buildable) +%bcond_with binary_shredder + +# compress modules with zstd (zstd is good compression and fast decompression) +%bcond_without compress_modules +# Spend more resources on compression, but make resulting size less; +# decompression speed will not be affected, but more memory will be required +# which should not a problem here (performance penalty from allocating more +# memory should not be big, I think, but I did not benchmark). +%define zstd_cmd zstd -q --format=zstd --ultra -22 + +%define flavour xanmod # The full kernel version -%define kver_full %{kversion}-%{fullrpmrel}-%{flavour}-%{buildrpmrel} +%define kver_full %{kversion}-%{flavour}-%{buildrpmrel} + ############################################################################ -%define top_dir_name kernel-%{_arch} -%define build_dir ${RPM_BUILD_DIR}/%{top_dir_name} -%define src_dir %{build_dir}/linux-%{tar_ver} +%define top_dir_name kernel-%{_arch} +%define build_dir ${RPM_BUILD_DIR}/%{top_dir_name} +%define src_dir %{build_dir}/linux-%{tar_ver} # Common target directories %define _bootdir /boot %define _modulesdir /lib/modules - %define devel_root /usr/src/linux-%{kver_full} +%define initrd_path %{_bootdir}/initrd-%{kver_full}.img + # Directories needed for building %define temp_root %{build_dir}/temp-root %define temp_boot %{temp_root}%{_bootdir} @@ -62,38 +137,49 @@ # Directories definition needed for installing %define target_boot %{buildroot}%{_bootdir} %define target_modules %{buildroot}%{_modulesdir} + +%define kernel_files %{_builddir}/kernel_files.list +%define debuginfo_files %{_builddir}/debuginfo_files.list + +# Append list of files generate by find-debuginfo.sh to our custom list +%global __debug_install_post \ +%{__debug_install_post} \ +cat %{_builddir}/debugfiles.list >> %{debuginfo_files} + ############################################################################ -# SELinux is now built in by default but some other hardening features -# are not. -%{?build_selinux}%{?!build_selinux:%bcond_with selinux} -%if %{with selinux} -%global enhanced_security 1 -%else -%global enhanced_security 0 +%if %{with binary_extra_modules} +# https://github.com/rpm-software-management/rpm/pull/1794 +#nvidia# %%define nvidia_390_j %%(if rpm -q kernel-source-nvidia390 >/dev/null 2>&1; then rpm -q --qf '%%{version}' kernel-source-nvidia390 | awk -F '.' '{print $1}'; else echo 0; fi) +#nvidia# %%define nvidia_390_n %%(if rpm -q kernel-source-nvidia390 >/dev/null 2>&1; then rpm -q --qf '%%{version}' kernel-source-nvidia390 | awk -F '.' '{print $2}'; else echo 0; fi) +#nvidia# %%define nvidia_470_j %%(if rpm -q kernel-source-nvidia470 >/dev/null 2>&1; then rpm -q --qf '%%{version}' kernel-source-nvidia470 | awk -F '.' '{print $1}'; else echo 0; fi) +#nvidia# %%define nvidia_470_n %%(if rpm -q kernel-source-nvidia470 >/dev/null 2>&1; then rpm -q --qf '%%{version}' kernel-source-nvidia470 | awk -F '.' '{print $2}'; else echo 0; fi) + +# For SRPM stage when auto-krokodil-rpm-macros is not installed +%{?!kroko_req_modules_in_kernel:%define kroko_req_modules_in_kernel(j:n:p:) %{nil}} %endif -# Allow "rpmbuild --with enhanced_security <...>" -%{?_with_enhanced_security:%global enhanced_security 1} -############################################################################ -# Development files for SystemTap may be needed for its integration with perf. -%bcond_without systemtap ############################################################################ # Build defines -%define build_doc 0 -%define build_devel 1 -%define build_debug 0 +%define build_doc 0 +%define build_devel 1 +%define build_debug 1 # Build kernel-headers package -%define build_headers 1 +%define build_headers 1 # build perf and cpupower tools +%if %{mdvver} > 201610 %define build_perf 1 -%define build_cpupower 1 +%define build_cpupower 1 +%else +# This is not the main kernel in rosa2016.1 +# This one will be in contrib, not main, in rosa2016.1 +%define build_perf 0 +%define build_cpupower 0 +%endif -# compress modules with xz -%define build_modxz 1 # End of user definitions # buildtime flags @@ -102,28 +188,41 @@ %{?_without_debug: %global build_debug 0} %{?_without_perf: %global build_perf 0} %{?_without_cpupower: %global build_cpupower 0} -%{?_without_modxz: %global build_modxz 0} %{?_with_doc: %global build_doc 1} %{?_with_devel: %global build_devel 1} %{?_with_debug: %global build_debug 1} %{?_with_perf: %global build_perf 1} %{?_with_cpupower: %global build_cpupower 1} -%{?_with_modxz: %global build_modxz 1} + +%if %{with compress_modules} +%define kmod_suffix .zst +%else +%define kmod_suffix %{nil} +%endif %if !%{build_debug} # Disable debug rpms. -%define _enable_debug_packages %{nil} -%define debug_package %{nil} +%define _enable_debug_packages %{nil} +%define debug_package %{nil} %endif -%if %(if [ -z "$CC" ] ; then echo 0; else echo 1; fi) -%define kmake %make CC="$CC" +# http://nickdesaulniers.github.io/blog/2018/06/02/speeding-up-linux-kernel-builds-with-ccache/ +%if %{with ccache} +%define kmake KBUILD_BUILD_TIMESTAMP='' %make CC='ccache gcc' ARCH="%{arch_type}" %else -%define kmake %make +%define kmake %make CC='gcc' ARCH="%{arch_type}" %endif + # there are places where parallel make don't work %define smake make +%ifarch %{ix86} %{x86_64} +%define arch_type x86 +%endif +%ifarch aarch64 +%define arch_type arm64 +%endif + # Parallelize xargs invocations on smp machines %define kxargs xargs %([ -z "$RPM_BUILD_NCPUS" ] \\\ @@ -133,31 +232,35 @@ # # SRC RPM description # -Summary: The Linux kernel -Name: kernel -Version: %{kversion} -Release: %{fullrpmrel} -#Epoch: 1 -License: GPLv2 -Group: System/Kernel and hardware -ExclusiveArch: %{ix86} x86_64 -URL: http://www.kernel.org +Summary: The Linux kernel +Name: kernel-%{flavour} +Version: %{kversion} +Release: %{fullrpmrel} +License: GPLv2 +Group: System/Kernel and hardware +URL: http://www.kernel.org #################################################################### # # Sources # -Source0: https://cdn.kernel.org/pub/linux/kernel/v%{kernelversion}.x/linux-%{tar_ver}.tar.xz +Source0: https://cdn.kernel.org/pub/linux/kernel/v%{kernelversion}.x/linux-%{tar_ver}.tar.xz # Kernel configuration files. Source1: kernel-xanmod.config +# TODO: make a separate package "ksobirator" and BR it +# after testing these macros properly +Source3: macros.ksobirator +%{load:%{SOURCE3}} + # Cpupower: the service, the config, etc. -Source10: cpupower.service -Source11: cpupower.config -Source12: cpupower-start.sh -Source13: cpupower.path -Source14: kernel.rpmlintrc +Source50: cpupower.service +Source51: cpupower.config +Source52: cpupower-start.sh +Source53: cpupower.path + +Source80: kernel.rpmlintrc #################################################################### @@ -167,247 +270,278 @@ Source14: kernel.rpmlintrc #The real-time version is recommended for critical runtime applications such as Linux gaming eSports, streaming, live productions and ultra-low latency enthusiasts. Patch0: https://github.com/xanmod/linux/releases/download/%{kversion_base}-%{patch_name}%{patch_rel}/patch-%{kversion_base}-%{patch_name}%{patch_rel}.xz +#Avoid error: "Unversioned Python shebangs are not allowed. Specify python3 or python2 explicitly in /builddir/build/BUILDROOT/kernel-5.14.0.xm1-10.x86_64//usr/libexec/perf-core/scripts/python/libxed.py" +Patch41: unversioned-python-shebangs-are-not-allowed-error-avoid.patch + +# Patches from mainline +# none + # ROSA-specific patches # Perf docs are built after all the kernels. To validate the xml files # generated during that process, xmlto tries to get DTD files from the Net. # If it fails, the whole build fails, which is unfortunate. Let us avoid # this. -Patch10: perf-xmlto-skip-validation.patch +Patch101: 0001-perf-skip-xmlto-validation.patch # http://bugs.rosalinux.ru/show_bug.cgi?id=6235 # http://bugs.rosalinux.ru/show_bug.cgi?id=6459 -Patch11: audit-make-it-less-verbose.patch +Patch102: 0001-audit-make-it-less-verbose.patch -# Other patches -# error: Illegal char ']' (0x5d) in: 1.2.1[50983]_custom -# caused by aacraid versioning ("1.2.1[50983]-custom") -Patch20: 0001-Remove-RPM-illegal-chars-from-module-version.patch +# For kmod() generator of RPM Provides +# Changes version of aacraid.ko +Patch111: 0001-Remove-RPM-illegal-chars-from-module-version.patch -#Avoid error: "error: 'FUTEX_32' undeclared, error: 'FUTEX_SHARED_FLAG' undeclared" -Patch40: xanmod-futex2-error-avoid.patch -#Avoid error: "Unversioned Python shebangs are not allowed. Specify python3 or python2 explicitly in /builddir/build/BUILDROOT/kernel-5.14.0.xm1-10.x86_64//usr/libexec/perf-core/scripts/python/libxed.py" -Patch41: unversioned-python-shebangs-are-not-allowed-error-avoid.patch +# sent to upstream, https://patchwork.kernel.org/patch/11446123/ +Patch302: 0001-sign-file-full-functionality-with-modern-LibreSSL.patch +# Support loading GOST-signed modules +Patch305: 0001-crypto-support-loading-GOST-signed-kernel-modules.patch +# Allow to off modules signature check dynamically +Patch306: 0001-ROSA-ima-allow-to-off-modules-signature-check-dynami.patch -Patch51: linux-5.13-attribute-error.patch -#################################################################### - -Autoreqprov: no +# Disable AutoReq +AutoReq: 0 +# but keep autoprov for kmod(xxx) +AutoProv: 1 BuildRequires: bash -BuildRequires: bc -BuildRequires: binutils -BuildRequires: gcc -BuildRequires: findutils -BuildRequires: util-linux - -# for ORC unwinder and perf -BuildRequires: pkgconfig(libelf) - +BuildRequires: bc +BuildRequires: binutils +BuildRequires: gcc +# ./scripts/mkcompile_h +# in net-tools in rosa2016.1, already installed +%if %{mdvver} > 201610 +BuildRequires: hostname +%endif # For power tools BuildRequires: pkgconfig(ncurses) - BuildRequires: kmod-devel kmod-compat - BuildRequires: bison BuildRequires: flex - BuildRequires: bzip2 -BuildRequires: pkgconfig(libzstd) - BuildRequires: rsync -%ifarch x86_64 -BuildRequires: numa-devel +%ifarch x86_64 aarch64 +BuildRequires: numa-devel %endif # for perf, cpufreq and all other tools # for cpupower %if %{build_cpupower} -BuildRequires: pciutils-devel +BuildRequires: pciutils-devel %endif # for perf %if %{build_perf} -BuildRequires: asciidoc -BuildRequires: binutils-devel -BuildRequires: newt-devel -BuildRequires: perl-devel -BuildRequires: python3 -BuildRequires: pkgconfig(python3) -#BuildRequires: python2 -#BuildRequires: pkgconfig(python2) -#BuildRequires: pkgconfig(slang) -BuildRequires: xmlto -BuildRequires: pkgconfig(libcrypto) -BuildRequires: pkgconfig(libcap) -BuildRequires: pkgconfig(audit) -BuildRequires: pkgconfig(libunwind) -BuildRequires: pkgconfig(zlib) -#BuildRequires: pkgconfig(babeltrace) -%ifarch x86_64 -BuildRequires: systemtap-devel -BuildRequires: pkgconfig(libzstd) -BuildRequires: pkgconfig(libcap) -#BuildRequires: java-openjdk -#BuildRequires: java-devel-openjdk -#BuildRequires: perl-ExtUtils-Embed -%endif -%if %{with systemtap} -BuildRequires: systemtap-devel -%endif +BuildRequires: asciidoc +BuildRequires: audit-devel +BuildRequires: binutils-devel +BuildRequires: elfutils-devel +BuildRequires: libunwind-devel +BuildRequires: newt-devel +BuildRequires: perl-devel +BuildRequires: python3 +BuildRequires: pkgconfig(python3) +BuildRequires: xmlto +BuildRequires: zlib-devel +BuildRequires: pkgconfig(libcrypto) %endif -# might be useful too: +%if %{with uml} +BuildRequires: vde-devel +%endif + +# (To generate keys) +# LibreSSL has GOST support without editing openssl.cnf +# or dlopen()-ing external library +BuildRequires: libressl libressl-devel +# To verify signatures (find, xargs, hexdump) +BuildRequires: findutils util-linux + +%if %{with binary_extra_modules} +BuildRequires: auto-krokodil-rpm-macros +BuildRequires: kernel-source-rtl8821ce +BuildRequires: kernel-source-rtl8821cu +# broadcom-wl and nvidia390 contain a proprietary blob which is only for x86 +%ifarch %{ix86} %{x86_64} +BuildRequires: kernel-source-broadcom-wl +#nvidia# BuildRequires: kernel-source-nvidia390 +%endif +# nvidia470+ are x86_64 only (maybe aarch64 will be also packaged later) +%ifarch %{x86_64} +#nvidia# BuildRequires: kernel-source-nvidia470 +%endif +BuildRequires: kernel-source-tripso +BuildRequires: kernel-source-ipt-so +%if %{with binary_virtualbox_host} +BuildRequires: kernel-source-virtualbox +%endif +BuildRequires: kernel-source-v4l2loopback +%if %{with binary_shredder} +BuildRequires: kernel-source-shredder-kernel +%endif +# rosa-test-suite is maintained in certified branches only +# nlkm, memfreetest, pcietest +%endif #with binary_extra_modules + +%if %{with ccache} +BuildRequires: ccache +%endif + +%if %{with compress_modules} +BuildRequires: zstd +%endif + +Provides: kernel = %{EVRD} +Provides: kernel-%{flavour} = %{EVRD} +Provides: kernel-abi(%{kver_full}) = %{EVRD} +# dnf config-manager --dump | grep installonly +Provides: installonlypkg(kernel) = %{EVRD}.image +Provides: installonlypkg(kernel) = %{EVRD}.modules + +# >= because of added support of zstd-compressed modules +Requires(posttrans): dracut >= 053-0.git5eb736.5 +Requires(posttrans): kmod >= 28-3 + +# Usually necessary, but sometimes user may want to not install them +Recommends: linux-firmware +Recommends: wireless-regdb +Recommends: crda Recommends: microcode +# Set BFQ as default scheduler for HDDs +# https://www.phoronix.com/scan.php?page=article&item=linux-50hdd-io +Recommends: udev-rules-ioschedulers +%if %{with flow_abi} +Requires: kernel-%{flavour}-rosa-flow-abi +%endif + +%ifarch %{ix86} +Conflicts: arch(x86_64) +%endif + +# XXX temporary hack to upgrade from kernel-headers 1:5.4 +%if %{build_headers} +Recommends: kernel-headers = %{EVRD} +%endif + +#nvidia# %%if %%{with binary_extra_modules} +#nvidia# %%ifarch %%{ix86} %%{x86_64} +#nvidia# %%kroko_req_modules_in_kernel -j %%{nvidia_390_j} -n %%{nvidia_390_n} -p %%{kver_full} +#nvidia# %%endif +#nvidia# %%ifarch %%{x86_64} +#nvidia# %%kroko_req_modules_in_kernel -j %%{nvidia_470_j} -n %%{nvidia_470_n} -p %%{kver_full} +#nvidia# %%endif +#nvidia# %%endif + +Obsoletes: kernel-%{flavour}-%{kernelversion}.%{patchlevel}-latest < 5.10.34-2 %description The kernel package contains the Linux kernel (vmlinuz), the core of your operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device -input and output, etc. - -############################################################################ - -%package -n kernel-%{flavour}-%{buildrel} -Version: %{fakever} -Release: %{fakerel} - -Provides: kernel = %{kverrel} -Provides: kernel = %{kernelversion}.%{patchlevel} -Provides: kernel-%{flavour} = %{kverrel} -Provides: alsa = 1.0.27 -Provides: should-restart = system - -Requires(pre): grub2 -Requires(pre): dracut >= 046 -Requires(pre): kmod >= 20-1 -Requires(pre): sysfsutils >= 2.1.0-12 -Requires: dracut >= 046 -Requires: linux-firmware >= 20181026 -Requires: wireless-regdb - -Recommends: crda - -%if %build_devel -Requires: kernel-%{flavour}-devel-%{buildrel} -Requires(post): kernel-%{flavour}-devel-%{buildrel} -%endif - -%ifarch %{ix86} -Conflicts: arch(x86_64) -%endif - -Summary: A general-purpose Linux Kernel -Group: System/Kernel and hardware - -%description -n kernel-%{flavour}-%{buildrel} -The kernel package contains the Linux kernel (vmlinuz), the core of your -operating system. The kernel handles the basic functions -of the operating system: memory allocation, process allocation, device input and output, etc. This is a general-purpose kernel. -%post -n kernel-%{flavour}-%{buildrel} +%posttrans # We always regenerate initrd here, even if it already exists. This may # happen if kernel-<...>-devel is installed first, triggers rebuild of # DKMS modules and some of these request remaking of initrd. The initrd # that is created then will be non-functional. But when the user installs # kernel-<...> package, that defunct initrd will be replaced with a working # one here. -# -# depmod is also needed, because some DKMS-modules might have been installed -# when the devel package was installed but that was before the main modules -# were installed. -# This is also the reason the devel package is in Requires(post) for this -# package now: it must be installed completely before we call depmod here. -/sbin/depmod -a %{kver_full} -/sbin/dracut -f /boot/initrd-%{kver_full}.img %{kver_full} +dracut -f %{initrd_path} %{kver_full} # File triggers from grub packages will handle this. #/usr/sbin/update-grub2 -pushd /boot > /dev/null -if [ -L vmlinuz-%{flavour} ]; then - rm -f vmlinuz-%{flavour} -fi -if [ -L initrd-%{flavour}.img ]; then - rm -f initrd-%{flavour}.img -fi -popd > /dev/null -exit 0 - -%preun -n kernel-%{flavour}-%{buildrel} -pushd /boot > /dev/null -if [ -L vmlinuz-%{flavour} ]; then - if [ "$(readlink vmlinuz-%{flavour})" = "vmlinuz-%{kver_full}" ]; then - rm -f vmlinuz-%{flavour} - fi -fi -if [ -L initrd-%{flavour}.img ]; then - if [ "$(readlink initrd-%{flavour}.img)" = "initrd-%{kver_full}.img" ]; then - rm -f initrd-%{flavour}.img - fi +%transfiletriggerin -- %{_modulesdir}/%{kver_full} +# Detect all modules, including ones inside kernel-module* packages +if grep -qE '/.*\.ko(|\..*)' ; then + depmod -a %{kver_full} fi -# File triggers from grub packages will handle this. -#/usr/sbin/update-grub2 +%transfiletriggerpostun -- %{_modulesdir}/%{kver_full} +# Handle e.g. removal of kernel-module* packages +# List of files is not available here (?) +depmod -a %{kver_full} -popd > /dev/null -exit 0 - -%postun -n kernel-%{flavour}-%{buildrel} -rm -f /boot/initrd-%{kver_full}.img -rm -f /boot/initrd-%{kver_full}_old.img -rm -f /boot/initrd-%{kver_full}kdump.img -rm -f /boot/initramfs-%{kver_full}kdump.img - -# Third-party modules might have left something in /lib/modules/.../kernel/. -rm -rf /lib/modules/%{kver_full}/kernel/ -rm -rf /lib/modules/%{kver_full}/modules* -# Remove /lib/modules/<...>/ if it is empty (-devel uses it too). -find /lib/modules/%{kver_full} -maxdepth 0 -empty -exec rm -rf {} \; || true - - -%files -n kernel-%{flavour}-%{buildrel} -f kernel_files.%{flavour} +%files -f %{kernel_files} +%{_bootdir}/System.map-%{kver_full} +%{_bootdir}/symvers-%{kver_full}.zst +%{_bootdir}/config-%{kver_full} +%{_bootdir}/vmlinuz-%{kver_full} +%ghost %{initrd_path} +%ifarch %{armx} +%{_bootdir}/dtb-%{kver_full} +%endif +%{_modulesdir}/%{kver_full}/modules.* +%if %{with flow_abi} +%{_modulesdir}/%{kver_full}/kernel/zzz-%{kernelversion}.%{patchlevel}-rosa-flow-abi +%endif +%if %{with binary_extra_modules} +# 8821ce.ko.debug will not be excluded and will be in the main debug subpackage +%exclude %{_modulesdir}/%{kver_full}/kernel/net/wireless/8821ce.ko%{kmod_suffix} +%exclude %{_modulesdir}/%{kver_full}/kernel/net/wireless/8821cu.ko%{kmod_suffix} +%ifarch %{ix86} %{x86_64} +%exclude %{_modulesdir}/%{kver_full}/kernel/net/wireless/wl.ko%{kmod_suffix} +#nvidia# %%exclude %%{_modulesdir}/%%{kver_full}/kernel/drivers/video/nvidia390 +%endif +%ifarch %{x86_64} +#nvidia# %%exclude %%{_modulesdir}/%%{kver_full}/kernel/drivers/video/nvidia470 +%endif +%if %{with binary_shredder} +%exclude %{_modulesdir}/%{kver_full}/kernel/extra/shredder-kernel.ko%{kmod_suffix} +%endif +%exclude %{_modulesdir}/%{kver_full}/kernel/drivers/media/v4l2loopback.ko%{kmod_suffix} +%if %{with binary_virtualbox_host} +# vbox host modules may be built here (vboxnetflt vboxnetadp vboxdrv vboxpci) +# vbox guest modules are in the mainline kernel now (vboxvideo vboxguest vboxsf) +%exclude %{_modulesdir}/%{kver_full}/kernel/misc/vbox*.ko%{kmod_suffix} +%endif +%exclude %{_modulesdir}/%{kver_full}/kernel/net/xt_TRIPSO.ko%{kmod_suffix} +%exclude %{_modulesdir}/%{kver_full}/kernel/net/xt_so.ko%{kmod_suffix} +%endif #with binary_extra_modules ############################################################################ %if %build_devel -%package -n kernel-%{flavour}-devel-%{buildrel} -Version: %{fakever} -Release: %{fakerel} -Summary: Development files for kernel-%{flavour}-%{buildrel} +%package devel +Summary: Development files for %{name} Group: Development/Kernel - Requires: glibc-devel Requires: ncurses-devel Requires: make Requires: gcc Requires: perl -Requires(post): dkms -Requires(preun): dkms - Provides: kernel-devel = %{kverrel} Provides: kernel-%{flavour}-devel = %{kverrel} +Provides: installonlypkg(kernel) = %{EVRD}.devel +Obsoletes: kernel-%{flavour}-%{kernelversion}.%{patchlevel}-devel-latest < 5.10.34-2 + +# Have dkms updated/installed before the kernel, scriptlet here checks if dkms exists +OrderWithRequires(post): dkms +# Try to remove the main kernel package after removing this devel package +# because there may be dkms-built kernel modules inside directories owned +# by the main package, try to get rid of such files before RPM starts to +# deal with directories owned in the main package +# (note that the devel package does not explicitly require the main package, +# there is no need to do so, a kernel module may be built using just the devel part). +OrderWithRequires(postun): %{name} = %{EVRD} %ifarch %{ix86} Conflicts: arch(x86_64) %endif -%description -n kernel-%{flavour}-devel-%{buildrel} +%description devel This package contains the kernel files (headers and build tools) that should be enough to build additional drivers for -use with kernel-%{flavour}-%{buildrel}. +use with %{name}. -%post -n kernel-%{flavour}-devel-%{buildrel} -/usr/sbin/dkms_autoinstaller start %{kver_full} +%post devel +if command -v dkms_autoinstaller >/dev/null 2>&1; then + dkms_autoinstaller start %{kver_full} +fi -%preun -n kernel-%{flavour}-devel-%{buildrel} -for ii in $(/usr/sbin/dkms status -k %{kver_full} | awk '{ print $1 $2; }'); do - mod=$(echo $ii | awk -v FS=',' '{ print $1; }') - ver=$(echo $ii | awk -v FS=',' '{ print $2; }') - /usr/sbin/dkms --rpm_safe_upgrade uninstall -m $mod -v $ver -k %{kver_full} || true -done +%preun devel # If any DKMS modules with REMAKE_INITRD=yes in their configs have been # uninstalled, initrd has been regenerated for the given kernel. However, @@ -420,27 +554,29 @@ if ! test -f /boot/vmlinuz-%{kver_full}; then rm -f /boot/initrd-%{kver_full}_old.img fi -%postun -n kernel-%{flavour}-devel-%{buildrel} -rm -rf /usr/src/linux-%{kver_full} >/dev/null -# depmod (called when removing DKMS modules) might have created files in -# /lib/modules/.../. Remove these first. -rm -rf /lib/modules/%{kver_full}/modules* -# Remove the dir if it is already empty. -find /lib/modules/%{kver_full} -maxdepth 0 -empty -exec rm -rf {} \; || true +if ! command -v dkms >/dev/null 2>&1; then exit 0; fi +for ii in $(/usr/sbin/dkms status -k %{kver_full} | awk '{ print $1 $2; }'); do + mod=$(echo $ii | awk -v FS=',' '{ print $1; }') + ver=$(echo $ii | awk -v FS=',' '{ print $2; }') + /usr/sbin/dkms --rpm_safe_upgrade uninstall -m $mod -v $ver -k %{kver_full} || : +done -%files -n kernel-%{flavour}-devel-%{buildrel} +%files devel +%{devel_root}/Documentation %dir %{devel_root} %dir %{devel_root}/arch %dir %{devel_root}/include -%{devel_root}/Documentation %{devel_root}/arch/um %{devel_root}/arch/x86 +%{devel_root}/arch/arm +%{devel_root}/arch/arm64 %{devel_root}/block %{devel_root}/certs %{devel_root}/crypto %{devel_root}/drivers %{devel_root}/fs +%{devel_root}/include/soc %{devel_root}/include/acpi %{devel_root}/include/asm-generic %{devel_root}/include/clocksource @@ -450,11 +586,12 @@ find /lib/modules/%{kver_full} -maxdepth 0 -empty -exec rm -rf {} \; || true %{devel_root}/include/dt-bindings %{devel_root}/include/generated %{devel_root}/include/keys -%{devel_root}/include/kunit %{devel_root}/include/kvm +%{devel_root}/include/kunit %{devel_root}/include/linux %{devel_root}/include/math-emu %{devel_root}/include/media +%{devel_root}/include/memory %{devel_root}/include/misc %{devel_root}/include/net %{devel_root}/include/pcmcia @@ -468,8 +605,6 @@ find /lib/modules/%{kver_full} -maxdepth 0 -empty -exec rm -rf {} \; || true %{devel_root}/include/vdso %{devel_root}/include/video %{devel_root}/include/xen -%{devel_root}/include/memory -#%%{devel_root}/include/brute %{devel_root}/init %{devel_root}/ipc %{devel_root}/kernel @@ -492,89 +627,38 @@ find /lib/modules/%{kver_full} -maxdepth 0 -empty -exec rm -rf {} \; || true %{_modulesdir}/%{kver_full}/build %{_modulesdir}/%{kver_full}/source -%endif +%endif # /build_devel ############################################################################ %if %build_debug -%package -n kernel-%{flavour}-%{buildrel}-debuginfo -Version: %{fakever} -Release: %{fakerel} -Summary: Debuginfo for kernel-%{flavour}-%{buildrel} +%package debuginfo +Summary: Debuginfo for %{name} Group: Development/Debug Provides: kernel-debug = %{kverrel} +AutoReq: 0 +AutoProv: 0 -%ifarch %{ix86} -Conflicts: arch(x86_64) -%endif +%description debuginfo +This package contains the files with debuginfo for %{name}. -%description -n kernel-%{flavour}-%{buildrel}-debuginfo -This package contains the files with debuginfo for kernel-%{flavour}-%{buildrel}. +%files debuginfo -f %{debuginfo_files} +%{_bootdir}/vmlinux-%{kver_full} -%files -n kernel-%{flavour}-%{buildrel}-debuginfo -f kernel_debug_files.%{flavour} - -%endif - -############################################################################ - -%package -n kernel-%{flavour}-%{kernelversion}.%{patchlevel}-latest -Version: %{kversion} -Release: %{fullrpmrel} -Summary: Meta package for the latest kernel-%{flavour} in %{kernelversion}.%{patchlevel} series -Group: System/Kernel and hardware -Requires: kernel-%{flavour}-%{buildrel} - -%ifarch %{ix86} -Conflicts: arch(x86_64) -%endif - -%description -n kernel-%{flavour}-%{kernelversion}.%{patchlevel}-latest -This meta package aims to make sure you always have the -latest kernel-%{flavour} %{kernelversion}.%{patchlevel}.x installed. - -%files -n kernel-%{flavour}-%{kernelversion}.%{patchlevel}-latest -# no files - -############################################################################ - -%if %build_devel - -%package -n kernel-%{flavour}-%{kernelversion}.%{patchlevel}-devel-latest -Version: %{kversion} -Release: %{fullrpmrel} -Summary: Meta package for the latest kernel-%{flavour}-devel in %{kernelversion}.%{patchlevel} series -Group: Development/Kernel -Requires: kernel-%{flavour}-devel-%{buildrel} - -%ifarch %{ix86} -Conflicts: arch(x86_64) -%endif - -Provides: kernel-devel-latest - -%description -n kernel-%{flavour}-%{kernelversion}.%{patchlevel}-devel-latest -This meta package aims to make sure you always have the -latest kernel-%{flavour}-devel %{kernelversion}.%{patchlevel}.x installed. - -%files -n kernel-%{flavour}-%{kernelversion}.%{patchlevel}-devel-latest -# no files - -%endif +%endif # /build_debug ############################################################################ %if %build_doc -%package -n kernel-doc -Version: %{kversion} -Release: %{fullrpmrel} -Summary: Various documentation bits found in the kernel source -Group: Documentation +%package doc +Summary: Various documentation bits found in the kernel source +Group: Documentation Buildarch: noarch -%description -n kernel-doc +%description doc This package contains documentation files from the kernel source. -%files -n kernel-doc +%files doc %doc linux-%{tar_ver}/Documentation/* %endif @@ -583,8 +667,6 @@ This package contains documentation files from the kernel source. %if %{build_perf} %package -n perf -Version: %{kversion} -Release: %{fullrpmrel} Summary: perf tool and the supporting documentation Group: System/Kernel and hardware @@ -608,8 +690,6 @@ The package contains perf tool and the supporting documentation. %{_datadir}/doc/perf-tip/*.txt /usr/lib/perf/examples/bpf/* /usr/lib/perf/include/bpf/* -#%%{_libdir}/libperf-jvmti.so - %endif @@ -617,14 +697,9 @@ The package contains perf tool and the supporting documentation. %if %{build_cpupower} %package -n cpupower -Version: %{kversion} -Release: %{fullrpmrel} + Summary: The cpupower tools Group: System/Kernel and hardware -Requires(post): rpm-helper >= 0.24.0-3 -Requires(preun): rpm-helper >= 0.24.0-3 -Obsoletes: cpufreq < 3.0 -Obsoletes: cpufrequtils < 10.0 %description -n cpupower The cpupower tools. @@ -640,8 +715,8 @@ fi %preun -n cpupower if [ $1 -eq 0 ]; then - /bin/systemctl --no-reload disable cpupower.path > /dev/null 2>&1 || : - /bin/systemctl stop cpupower.path > /dev/null 2>&1 || : + /bin/systemctl --no-reload disable cpupower.path > /dev/null 2>&1 || : + /bin/systemctl stop cpupower.path > /dev/null 2>&1 || : fi %files -n cpupower -f cpupower.lang @@ -658,11 +733,9 @@ fi ############################################################################ %package -n cpupower-devel -Version: %{kversion} -Release: %{fullrpmrel} Summary: Development files for cpupower Group: Development/Kernel -Requires: cpupower = %{kversion}-%{fullrpmrel} +Requires: cpupower = %{EVRD} Conflicts: %{_lib}cpufreq-devel %description -n cpupower-devel @@ -671,24 +744,20 @@ This package contains the development files for cpupower. %files -n cpupower-devel %{_libdir}/libcpupower.so %{_includedir}/cpufreq.h +%{_includedir}/cpuidle.h %endif ############################################################################ %if %{build_headers} -%package headers -Version: %kversion -Release: %fullrpmrel +%package -n kernel-headers Summary: Linux kernel header files mostly used by your C library Group: System/Kernel and hardware -#Epoch: 1 -# (tpg) fix bug https://issues.openmandriva.org/show_bug.cgi?id=1580 -Provides: linux-userspace-headers = 1:%{kverrel} -Provides: kernel-release-headers = 1:%{kverrel} -Obsoletes: kernel-headers < 1:%{kverrel} +Provides: linux-userspace-headers = %{EVRD} +Provides: kernel-release-headers = %{EVRD} -%description headers +%description -n kernel-headers C header files from the Linux kernel. The header files define structures and constants that are needed for building most standard programs, notably the C library. @@ -696,21 +765,144 @@ standard programs, notably the C library. This package is not suitable for building kernel modules, you should use the 'kernel-devel' package instead. -%files headers +%files -n kernel-headers %{_includedir}/* # Don't conflict with cpupower-devel %if %{build_cpupower} -%exclude %_includedir/cpufreq.h +%exclude %{_includedir}/cpufreq.h +%exclude %{_includedir}/cpuidle.h %endif %endif ############################################################################ +%if %{with uml} + +%package uml +Summary: User Mode Linux binary +Group: System/Kernel and hardware +Provides: kernel-uml = %{kverrel} +Provides: kernel-uml-%{flavour} = %{kverrel} +Provides: installonlypkg(kernel) = %{EVRD}.uml +Obsoletes: kernel-uml-%{flavour}-%{kernelversion}.%{patchlevel}-latest < 5.10.34-2 + +%description uml +User Mode Linux binary. +Stripped, debug is in %{name}-debuginfo. + +%files uml +%{_bindir}/linux-uml-%{kver_full} +#------------------------------------------------ + +%package uml-modules +Summary: User Mode Linux (UML) kernel modules +Group: System/Kernel and hardware +Provides: kernel-uml-modules = %{kverrel} +Provides: kernel-uml-modules-%{flavour} = %{kverrel} +Provides: installonlypkg(kernel-module) = %{EVRD}.uml +Obsoletes: kernel-uml-modules-%{flavour}-%{kernelversion}.%{patchlevel}-latest < 5.10.34-2 + +%description uml-modules +User Mode Linux (UML) kernel modules +- not compressed +- not stripped +- signed + +%files uml-modules +/lib/modules-uml/%{kver_full} + +%endif #endif uml + +#------------------------------------------------ + +%if %{with binary_extra_modules} + +%ksob_mk_module_pkg -n 8821ce -s net/wireless -r rtl8821ce-blacklist +%ksob_mk_module_pkg -n 8821cu -s net/wireless +%ifarch %{ix86} %{x86_64} +%ksob_mk_module_pkg -n wl -s net/wireless -r broadcom-wl-aliases +#nvidia# %%kroko_kmod_pkg -j %%{nvidia_390_j} -n %%{nvidia_390_n} -f %%{flavour} -k %%{kernelversion}.%%{patchlevel} -m %%{sublevel} -p %%{kver_full} -s %%{NAME} -r %%{kroko_mk_release} +%endif +%ifarch %{x86_64} +#nvidia# %%kroko_kmod_pkg -j %%{nvidia_470_j} -n %%{nvidia_470_n} -f %%{flavour} -k %%{kernelversion}.%%{patchlevel} -m %%{sublevel} -p %%{kver_full} -s %%{NAME} -r %%{kroko_mk_release} +%endif +%ksob_mk_module_pkg -n xt_TRIPSO -s net -r tripso +%ksob_mk_module_pkg -n xt_so -s net -r ipt-so +%ksob_mk_module_pkg -n v4l2loopback -s drivers/media -r v4l2loopback + +%if %{with binary_shredder} +%ksob_mk_module_pkg -n shredder-kernel -s extra -r rosa-shredder-user +%endif + +#------------------------------------------------ + +# virtualbox host +%if %{with binary_virtualbox_host} +%ksob_mk_module_pkg -n vboxnetflt -s misc +%ksob_mk_module_pkg -n vboxnetadp -s misc +%ksob_mk_module_pkg -n vboxdrv -s misc +%ksob_mk_module_pkg -n vboxpci -s misc + +# a package which will pull all those modules +%package -n kernel-modules-virtualbox-host-%{ksob_kernel} +Summary: Meta package to pull VirtualBox host kernel modules for kernel-%{flavour}-%{kernelversion}.%{patchlevel} +Group: System/Kernel and hardware +Requires: kernel-module-vboxnetflt-%{ksob_kernel} +Requires: kernel-module-vboxnetadp-%{ksob_kernel} +Requires: kernel-module-vboxdrv-%{ksob_kernel} +Requires: kernel-module-vboxpci-%{ksob_kernel} +Obsoletes: kernel-modules-virtualbox-host-%{flavour}-%{kernelversion}.%{patchlevel}-latest < 5.10.34-2 + +%description -n kernel-modules-virtualbox-host-%{ksob_kernel} +Meta package to pull VirtualBox host kernel modules for %{name} + +%files -n kernel-modules-virtualbox-host-%{ksob_kernel} +# empty +%endif #ifarch x86 +#------------------------------------------------ + +%endif #binary_extra_modules + +############################ + +%if %{with flow_abi} +%package -n kernel-%{flavour}-rosa-flow-abi +Summary: Directory to install third-party binary kernel modules for kernels %{kernelversion}.%{patchlevel}.x +Group: System/Kernel and hardware + +%description -n kernel-%{flavour}-rosa-flow-abi +This package contains a directory to install third-party binary kernel modules for kernels %{kernelversion}.%{patchlevel}.x. +Some vendors provide binary-only kernel modules. They can put them into /lib/modules/%{kernelversion}.%{patchlevel}-rosa-flow-abi. +kmod tools will find them for kernels 5.4.x of "generic" and "nickel" flavours, +but there is no guarantee that these modules will load and work correctly on newer +or older kernels then the ones they were build against. + +We call this "flow ABI" because most ABIs are not changed between %{kernelversion}.%{patchlevel}.x releases, +but there are no specific guarantees. ABI may evolve and change. +We highly recommend to use DKMS and build third-party kernel modules from source for every kernel! + +This package does nothing, just owns a directory for third-party binary kernel modules. + +%files -n kernel-%{flavour}-rosa-flow-abi +/lib/modules/%{kernelversion}.%{patchlevel}-rosa-flow-abi +%endif #with flow_abi + +################################################ + %prep + +# avoid accidental merge +%if 0%{?rpm5} +%{error:Package structure is for dnf, not for urpmi!} +%endif + %setup -q -n %top_dir_name -c +%if %{with uml} +cp -r %{src_dir} %{src_dir}.uml +%endif cd %src_dir -%apply_patches +%autopatch -p1 # # Setup Begin @@ -720,13 +912,10 @@ cd %src_dir echo "Creating the kernel configuration file." -# Configs +# Config cp %{SOURCE1} .config echo >> .config -# Disable CONFIG_MODULE_SIG_KEY -#echo 'CONFIG_MODULE_SIG_KEY=""' >> .config - # Disable Kernel module signing sed -i 's/CONFIG_MODULE_SIG_ALL=y/# CONFIG_MODULE_SIG_ALL is not set/' .config sed -i 's/CONFIG_MODULE_SIG=y/# CONFIG_MODULE_SIG is not set/' .config @@ -734,63 +923,68 @@ sed -i 's/CONFIG_MODULE_SIG=y/# CONFIG_MODULE_SIG is not set/' .config sed -i 's!CONFIG_MODULE_SIG_KEY="certs/signing_key.pem"!CONFIG_MODULE_SIG_KEY=""!' .config -# To avoid ERROR: "error: call to '__read_overflow2' declared with attribute -# error: detected read beyond size of object passed as 2nd parameter" -sed -i 's/CONFIG_FORTIFY_SOURCE=y/# CONFIG_FORTIFY_SOURCE is not set/' .config +touch %{build_dir}/.config.append -# Disable ASLR for 32-bit systems because it does not play well with hibernate. -%ifarch %{ix86} -sed -i 's/CONFIG_RANDOMIZE_BASE=y/# CONFIG_RANDOMIZE_BASE is not set/' .config -%endif - -# Disable checking for W+X memory mappings for 32-bit systems. The warnings -# may confuse the users and noone is eager to fix the underlying problem, -# it seems. -%ifarch %{ix86} -sed -i 's/CONFIG_DEBUG_WX=y/# CONFIG_DEBUG_WX is not set/' .config -%endif - -# GCC 5.5 may not support -fstack-protector-* on 32-bit systems. -# Let us disable the stack protector in the config explicitly. -%ifarch %{ix86} -sed -i 's/CONFIG_STACKPROTECTOR=y/# CONFIG_STACKPROTECTOR is not set/' .config -sed -i 's/CONFIG_STACKPROTECTOR_STRONG=y/# CONFIG_STACKPROTECTOR_STRONG is not set/' .config -%endif +# get rid of unwanted files +find . -name '*~' -o -name '*.orig' -o -name '*.append' -delete +# wipe all .gitignore/.get_maintainer.ignore files +find . -name "*.g*ignore" -delete # Enable debug info if requested. +sed -i '/CONFIG_DEBUG_INFO/d' .config + %if %build_debug -sed -i 's/# CONFIG_DEBUG_INFO is not set/CONFIG_DEBUG_INFO=y\nCONFIG_DEBUG_INFO_DWARF4=y\nCONFIG_GDB_SCRIPTS=y/' .config +echo 'CONFIG_DEBUG_INFO=y' >> %{build_dir}/.config.append +echo 'CONFIG_GDB_SCRIPTS=y' >> %{build_dir}/.config.append +echo '# CONFIG_DEBUG_INFO_REDUCED is not set' >> %{build_dir}/.config.append +echo '# CONFIG_DEBUG_INFO_COMPRESSED is not set' >> %{build_dir}/.config.append +echo '# CONFIG_DEBUG_INFO_SPLIT is not set' >> %{build_dir}/.config.append +echo 'CONFIG_DEBUG_INFO_DWARF4=y' >> %{build_dir}/.config.append +echo '# CONFIG_DEBUG_INFO_BTF is not set' >> %{build_dir}/.config.append + +%else +echo '# CONFIG_DEBUG_INFO is not set' >> %{build_dir}/.config.append %endif -%if %{enhanced_security} -# seems to be needed to boot system in enforcing selinux mode -# note: cpio fpormat of initramfs does not support xattrs without patches -# see also: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680315 -sed -i '/CONFIG_SECURITY_SELINUX_DISABLE/d' .config -echo CONFIG_SECURITY_SELINUX_DISABLE=y >> .config -# enable selinux in kernel by default if not disabled explicitly -sed -i '/CONFIG_SECURITY_SELINUX_BOOTPARAM/d' .config -echo CONFIG_SECURITY_SELINUX_BOOTPARAM=y >> .config -%endif -sed -i 's/# CONFIG_KERNEL_XZ is not set/CONFIG_KERNEL_XZ=y/' .config -sed -i 's/CONFIG_KERNEL_LZ4=y/# CONFIG_KERNEL_LZ4 is not set/' .config +# Memory wiping +# Introduced in kernel 5.3 by commit 6471384af2a6530696fc0203bafe4de41a23c9ef +# Estimated performance impact is described in the commit +# "Fill newly allocated pages and heap objects with zeroes." +# To enable, add to cmdline: init_on_alloc=1 +sed -i '/CONFIG_INIT_ON_ALLOC_DEFAULT_ON/d' .config +echo CONFIG_INIT_ON_ALLOC_DEFAULT_ON=n >> %{build_dir}/.config.append +# "Fill freed pages and heap objects with zeroes" +# To disable, add to cmdline: init_on_free=0 +sed -i '/CONFIG_INIT_ON_FREE_DEFAULT_ON/d' .config +echo CONFIG_INIT_ON_FREE_DEFAULT_ON=n >> %{build_dir}/.config.append + +# Here enabling only either only init_on_free or only init_on_alloc +# makes sense; init_on_alloc is not about protecting information. + +# To load kernel keyring in UML +for i in STREEBOG SHA1 SHA256 SHA512 ECRDSA RSA ; do + if ! grep -q "^CONFIG_CRYPTO_${i}=y$" .config; then + sed -i "/CONFIG_CRYPTO_${i}/d" .config + echo "CONFIG_CRYPTO_${i}=y" >> %{build_dir}/.config.append + fi +done + +cat %{build_dir}/.config.append >> .config # Store the config file in the appropriate directory. -CONFIG_DIR=arch/x86/configs +CONFIG_DIR=arch/%{arch_type}/configs mkdir -p "${CONFIG_DIR}" -cfg_file=arch/x86/configs/%{arch_suffix}_defconfig-%{flavour} -make ARCH=%{_arch} oldconfig && \ +cfg_file=arch/%{arch_type}/configs/%{arch_suffix}_defconfig-%{flavour} + +make ARCH=%{arch_type} oldconfig +# When it is needed to edit kernel configs, run: +# abf fetch +# rpmbuild --define "_sourcedir $PWD" --with=fail -bb kernel.spec +# and then work with the config in the buildroot with applied patches etc. +%{?_with_fail:exit 1} mv .config ${cfg_file} - -# Looks like 'make oldconfig' removes '# CONFIG_64BIT is not set' for some -# reason. For now, let us restore it. -%ifarch %{ix86} -sed -i 's/CONFIG_64BIT=y//' ${cfg_file} -echo '# CONFIG_64BIT is not set' >> ${cfg_file} -%endif - echo "Created ${cfg_file}." # make sure the kernel has the sublevel we know it has... @@ -800,9 +994,6 @@ LC_ALL=C sed -ri "s/^SUBLEVEL.*/SUBLEVEL = %{sublevel}/" Makefile find . -name '*~' -o -name '*.orig' -o -name '*.append' | %kxargs rm -f find . -name '.get_maintainer.ignore' | %kxargs rm -f -cat /dev/null > localversion - - ############################################################################ %build @@ -814,27 +1005,157 @@ cd %src_dir # .config %smake -s mrproper -cp arch/x86/configs/%{arch_suffix}_defconfig-%{flavour} .config +cp arch/%{arch_type}/configs/%{arch_suffix}_defconfig-%{flavour} .config # make sure EXTRAVERSION says what we want it to say -LC_ALL=C sed -ri "s/^EXTRAVERSION.*/EXTRAVERSION = .xm%{patch_rel}-%{fullrpmrel}-%{flavour}-%{buildrpmrel}/" Makefile +LC_ALL=C sed -ri "s/^EXTRAVERSION.*/EXTRAVERSION = -%{flavour}-%{buildrpmrel}/" Makefile # build the kernel echo "Building kernel %{kver_full}" -%kmake -s all +TARGETS="all" +# need to install dtbs to proper boot arm64 devices +%ifarch %{armx} + TARGETS="$TARGETS dtbs" +%endif + +%kmake V=1 -s $TARGETS + +# Install modules +mkdir -p %{temp_modules}/%{kver_full} +%smake INSTALL_MOD_PATH=%{temp_root} KERNELRELEASE=%{kver_full} modules_install + +%if %{with binary_extra_modules} +# Build and install procedure is specific to each Makefile from kernmel-source-* packages +# See also: https://www.kernel.org/doc/html/latest/kbuild/modules.html +# Copy directory because write permissions are required +# `make modules_install` must be done before this, otherwise these copied files will be deleted + +cp -r "$(rpm -q --qf '/usr/src/rtl8821ce-%%{VERSION}-%%{RELEASE}' kernel-source-rtl8821ce)" kernel-source-rtl8821ce +pushd kernel-source-rtl8821ce +%kmake KSRC=%{src_dir} M="$PWD" +mkdir -p %{temp_modules}/%{kver_full}/kernel/net/wireless/ +cp 8821ce.ko %{temp_modules}/%{kver_full}/kernel/net/wireless/8821ce.ko +popd +rm -fr kernel-source-rtl8821ce + +cp -r "$(rpm -q --qf '/usr/src/rtl8821cu-%%{VERSION}-%%{RELEASE}' kernel-source-rtl8821cu)" kernel-source-rtl8821cu +pushd kernel-source-rtl8821cu +%kmake KSRC=%{src_dir} M="$PWD" +mkdir -p %{temp_modules}/%{kver_full}/kernel/net/wireless/ +cp 8821cu.ko %{temp_modules}/%{kver_full}/kernel/net/wireless/8821cu.ko +popd +rm -fr kernel-source-rtl8821cu + +#nvidia# _build_nvidia(){ +#nvidia# cp -r "$(rpm -q --qf "/usr/src/nvidia${1}-%%{VERSION}-%%{RELEASE}" kernel-source-nvidia${1})" kernel-source-nvidia${1} +#nvidia# pushd kernel-source-nvidia${1} +#nvidia# %%make SYSSRC=%%{src_dir} +#nvidia# mkdir -p %%{temp_modules}/%%{kver_full}/kernel/drivers/video/nvidia${1} +#nvidia# cp *.ko %%{temp_modules}/%%{kver_full}/kernel/drivers/video/nvidia${1} +#nvidia# popd +#nvidia# rm -fr kernel-source-nvidia${1} +#nvidia# } + +%ifarch %{ix86} %{x86_64} +cp -r "$(rpm -q --qf '/usr/src/broadcom-wl-%%{VERSION}-%%{RELEASE}' kernel-source-broadcom-wl)" kernel-source-broadcom-wl +pushd kernel-source-broadcom-wl +%kmake -C %{src_dir} M="$PWD" +mkdir -p %{temp_modules}/%{kver_full}/kernel/net/wireless/ +cp wl.ko %{temp_modules}/%{kver_full}/kernel/net/wireless/wl.ko +popd +rm -fr kernel-source-broadcom-wl + +#nvidia# _build_nvidia 390 +%endif + +%ifarch %{x86_64} +#nvidia# _build_nvidia 470 +%endif + +cp -r "$(rpm -q --qf '/usr/src/tripso-%%{VERSION}-%%{RELEASE}' kernel-source-tripso)" kernel-source-tripso +pushd kernel-source-tripso +%kmake KDIR=%{src_dir} +mkdir -p %{temp_modules}/%{kver_full}/kernel/net +cp xt_TRIPSO.ko %{temp_modules}/%{kver_full}/kernel/net/ +popd +rm -fr kernel-source-tripso + +cp -r "$(rpm -q --qf '/usr/src/ipt-so-%%{VERSION}-%%{RELEASE}' kernel-source-ipt-so)" kernel-source-ipt-so +pushd kernel-source-ipt-so +%kmake KDIR=%{src_dir} +mkdir -p %{temp_modules}/%{kver_full}/kernel/net +cp xt_so.ko %{temp_modules}/%{kver_full}/kernel/net/ +popd +rm -fr kernel-source-ipt-so + +%if %{with binary_shredder} +cp -r "$(rpm -q --qf '/usr/src/shredder-kernel-%%{VERSION}-%%{RELEASE}' kernel-source-shredder-kernel)" kernel-source-shredder-kernel +pushd kernel-source-shredder-kernel +%kmake KERNEL_PATH=%{src_dir} +mkdir -p %{temp_modules}/%{kver_full}/kernel/extra/ +cp shredder-kernel.ko %{temp_modules}/%{kver_full}/kernel/extra/ +popd +rm -fr kernel-source-shredder-kernel +%endif + +%if %{with binary_virtualbox_host} +# build commands for virtualbox are based on the ones from the virtualbox package +cp -r "$(rpm -q --qf '/usr/src/virtualbox-%%{VERSION}-%%{RELEASE}' kernel-source-virtualbox)" kernel-source-virtualbox +mkdir -p %{temp_modules}/%{kver_full}/kernel/misc/ +pushd kernel-source-virtualbox +make -C vboxdrv KERN_DIR=%{src_dir} KERN_VER=%{kver_full} +cp -fv vboxdrv/Module.symvers vboxnetflt +cp -fv vboxdrv/Module.symvers vboxnetadp +make -C vboxnetflt KERN_DIR=%{src_dir} KERN_VER=%{kver_full} +make -C vboxnetadp KERN_DIR=%{src_dir} KERN_VER=%{kver_full} +cp -fv vboxnetadp/Module.symvers vboxpci/ +make -C vboxpci KERN_DIR=%{src_dir} KERN_VER=%{kver_full} +for i in vboxnetflt vboxnetadp vboxdrv vboxpci +do + cp -v "${i}/${i}.ko" %{temp_modules}/%{kver_full}/kernel/misc/ +done +popd +%endif + +cp -r "$(rpm -q --qf '/usr/src/v4l2loopback-%%{VERSION}-%%{RELEASE}' kernel-source-v4l2loopback)" kernel-source-v4l2loopback +pushd kernel-source-v4l2loopback +cat Kbuild > Makefile +mkdir -p %{temp_modules}/%{kver_full}/kernel/drivers/media +make -C %{src_dir} M="$PWD" modules +cp v4l2loopback.ko %{temp_modules}/%{kver_full}/kernel/drivers/media +pushd +rm -fr kernel-source-v4l2loopback + +%endif #with binary_extra_modules + +%if %{with uml} +pushd %{src_dir}.uml +%kmake ARCH=um defconfig +%kmake ARCH=um linux +install -Dm0755 linux %{temp_root}%{_bindir}/linux-uml-%{kver_full} +#rm -fv linux +%kmake V=1 ARCH=um modules +mkdir -p %{temp_root}/lib/modules-uml/%{kver_full}/ +%kmake ARCH=um INSTALL_MOD_PATH=%{temp_root}/lib/modules-uml/%{kver_full}/ modules_install +popd +%endif -# Start installing stuff install -d %{temp_boot} install -m 644 System.map %{temp_boot}/System.map-%{kver_full} install -m 644 .config %{temp_boot}/config-%{kver_full} -xz -c Module.symvers > %{temp_boot}/symvers-%{kver_full}.xz +%{zstd_cmd} Module.symvers +install -m 644 Module.symvers.zst %{temp_boot}/symvers-%{kver_full}.zst -cp -f arch/x86/boot/bzImage %{temp_boot}/vmlinuz-%{kver_full} +%ifarch %{armx} +%make_build ARCH=%{arch_type} V=1 INSTALL_DTBS_PATH=%{temp_boot}/dtb-%{kver_full} dtbs_install +%endif -# modules -install -d %{temp_modules}/%{kver_full} -%smake INSTALL_MOD_PATH=%{temp_root} KERNELRELEASE=%{kver_full} INSTALL_MOD_STRIP=1 modules_install +%ifarch aarch64 + cp -f arch/arm64/boot/Image.gz %{temp_boot}/vmlinuz-%{kver_full} +%else + cp -f arch/%{arch_type}/boot/bzImage %{temp_boot}/vmlinuz-%{kver_full} +%endif # headers %if %{build_headers} @@ -858,12 +1179,19 @@ cp -fR scripts %{temp_devel_root} cp -fR kernel/bounds.c %{temp_devel_root}/kernel cp -fR kernel/time/timeconst.bc %{temp_devel_root}/kernel/time cp -fR tools %{temp_devel_root}/ -cp -fR arch/x86/kernel/asm-offsets.{c,s} %{temp_devel_root}/arch/x86/kernel/ -cp -fR arch/x86/kernel/asm-offsets_{32,64}.c %{temp_devel_root}/arch/x86/kernel/ -cp -fR arch/x86/purgatory/* %{temp_devel_root}/arch/x86/purgatory/ -cp -fR arch/x86/entry/syscalls/syscall* %{temp_devel_root}/arch/x86/entry/syscalls/ -cp -fR arch/x86/include %{temp_devel_root}/arch/x86/ -cp -fR arch/x86/tools %{temp_devel_root}/arch/x86/ +cp -fR arch/%{arch_type}/kernel/asm-offsets.{c,s} %{temp_devel_root}/arch/%{arch_type}/kernel/ +%ifarch %{ix86} %{x86_64} +cp -fR arch/%{arch_type}/kernel/asm-offsets_{32,64}.c %{temp_devel_root}/arch/%{arch_type}/kernel/ +cp -fR arch/%{arch_type}/purgatory/* %{temp_devel_root}/arch/%{arch_type}/purgatory/ +# needed for arch/x86/purgatory +cp -fR lib/*.h lib/*.c %{temp_devel_root}/lib/ +cp -fR arch/%{arch_type}/entry/syscalls/syscall* %{temp_devel_root}/arch/%{arch_type}/entry/syscalls/ +cp -fR arch/%{arch_type}/tools %{temp_devel_root}/arch/%{arch_type}/ +# needed for kexec +cp -fR arch/%{arch_type}/boot/*.h %{temp_devel_root}/arch/%{arch_type}/boot/ +cp -fR arch/%{arch_type}/boot/*.c %{temp_devel_root}/arch/%{arch_type}/boot/ +%endif +cp -fR arch/%{arch_type}/include %{temp_devel_root}/arch/%{arch_type}/ cp -fR .config Module.symvers %{temp_devel_root} # Needed for truecrypt build (Danny) @@ -880,46 +1208,27 @@ cp -fR drivers/acpi/acpica/*.h %{temp_devel_root}/drivers/acpi/acpica/ # SELinux needs security/selinux/include cp -fR security/selinux/include %{temp_devel_root}/security/selinux -# needed for kexec -cp -fR arch/x86/boot/*.h %{temp_devel_root}/arch/x86/boot/ -cp -fR arch/x86/boot/*.c %{temp_devel_root}/arch/x86/boot/ - -# needed for arch/x86/purgatory -cp -fR lib/*.h lib/*.c %{temp_devel_root}/lib/ - for i in alpha arc avr32 blackfin c6x cris csky frv h8300 hexagon ia64 m32r m68k m68knommu metag microblaze \ mips mn10300 nds32 nios2 openrisc parisc powerpc riscv s390 score sh sparc tile unicore32 xtensa; do rm -rf %{temp_devel_root}/arch/$i done -rm -rf %{temp_devel_root}/arch/arm* -rm -rf %{temp_devel_root}/include/kvm/arm* -rm -rf %{temp_devel_root}/include/soc - # Clean the scripts tree, and make sure everything is ok (sanity check) # running prepare+scripts (tree was already "prepared" in build) -#pushd %%{temp_devel_root} >/dev/null -# %%smake -s prepare scripts -# %%smake -s clean -#popd >/dev/null +pushd %{temp_devel_root} + %smake V=1 -s clean ARCH=%{arch_type} +popd + rm -f %{temp_devel_root}/.config.old # fix permissions chmod -R a+rX %{temp_devel_root} -# Create the symlinks needed by DKMS -mkdir -p %{temp_modules}/%{kver_full} - # endif build_devel %endif -# Manage the files with debug info, provide the debug links in the -# kernel modules. +# TODO: maybe move to /usr/lib/debug? %if %build_debug -install -m 644 vmlinux %{temp_boot}/vmlinux-%{kver_full} -kernel_debug_files=../kernel_debug_files.%{flavour} -echo "%{_bootdir}/vmlinux-%{kver_full}" >> $kernel_debug_files - find %{temp_modules}/%{kver_full}/kernel \ -name "*.ko" | \ %kxargs -I '{}' objcopy --only-keep-debug '{}' '{}'.debug @@ -928,48 +1237,33 @@ find %{temp_modules}/%{kver_full}/kernel \ sh -c 'cd `dirname {}`; \ objcopy --add-gnu-debuglink=`basename {}`.debug \ --strip-debug `basename {}`' +%endif # /build_debug -pushd %{temp_modules} -find %{kver_full}/kernel -name "*.ko.debug" > debug_module_list -popd -cat %{temp_modules}/debug_module_list | \ - sed 's|\(.*\)|%{_modulesdir}/\1|' >> $kernel_debug_files -cat %{temp_modules}/debug_module_list | \ - sed 's|\(.*\)|%exclude %{_modulesdir}/\1|' \ - >> ../kernel_exclude_debug_files.%{flavour} -rm -f %{temp_modules}/debug_module_list +# https://patchwork.kernel.org/patch/11446123/ +_libressl_sign(){ + if [ ! -f "$1" ]; then + echo "No file $1" + return 0 + fi + f="$1" -# endif build_debug -%endif - -# Create the list of files for the kernel. -kernel_files=../kernel_files.%{flavour} - -cat > $kernel_files <> $kernel_files + unset f +} +export -f _libressl_sign +find %{temp_modules}/%{kver_full}/kernel \ +%if %{with uml} + %{temp_root}/lib/modules-uml/%{kver_full} \ %endif +-name '*.ko' -print0 | sort -u | \ + xargs --null -P "$(nproc)" -I {} "$SHELL" -e -x -c 'if ! _libressl_sign "{}"; \ + then echo Failed _libressl_sign on "{}" && exit 1; fi' # set extraversion to match srpm to get nice version reported by the tools LC_ALL=C sed -ri "s/^EXTRAVERSION.*/EXTRAVERSION = -%{fullrpmrel}/" Makefile %if %{build_perf} -%ifarch x86_64 -%define perf_is_x64 1 -%else -%define perf_is_x64 0 -%endif - -%smake -C tools/perf -s WERROR=0 IS_X86_64=%{perf_is_x64} HAVE_CPLUS_DEMANGLE=1 prefix=%{_prefix} NO_GTK2=1 all -%smake -C tools/perf -s WERROR=0 prefix=%{_prefix} NO_GTK2=1 man +%smake -C tools/perf -s PYTHON=%{__python3} HAVE_CPLUS_DEMANGLE=1 WERROR=0 prefix=%{_prefix} lib=%{_lib} NO_GTK2=1 all +%smake -C tools/perf -s prefix=%{_prefix} lib=%{_lib} NO_GTK2=1 man %endif %if %{build_cpupower} @@ -988,12 +1282,60 @@ rm -rf %{buildroot} cp -a %{temp_root} %{buildroot} # compressing modules -%if %{build_modxz} -find %{target_modules} -name "*.ko" | %kxargs xz -6e -%else -find %{target_modules} -name "*.ko" | %kxargs gzip -9 +%if %{with compress_modules} +# Tested on /lib/modules/5.10.34-generic-2rosa2019.1-x86_64, the results are the following: +# * decompressed: 266.3 MiB +# * xz -9 --extreme: 67.8 MiB +# * zstd --ultra -22 without training: 73.5 MiB +# * zstd -6 without training: 79.6 MiB +# * zstd --ultra -22 with training: 66.3 MiB (the winner!) +# Training takes only a few minutes, make it here in place with current zstd and kernel modules. +# But! Decompressing also requires a dictionary for zstd, that will be too complex, so not using training :( +# We already use zstd in dracut to compress initrds quickly and with good compression ration. +# Testing speed of loading modules: +# `time modinfo bcache.ko.xz` took 0,048s, `time modinfo bcache.ko.zstd` took 0,014s (for multiple times) +# find /lib/modules/5.10.34-generic-2rosa2019.1-x86_64 -type f -name '*.ko.zst' > /tmp/zst.list +# time { for i in `cat /tmp/zst.list`; do modinfo $i >/dev/null 2>&1; done ;} +# took ~31-40s, with disk cache (2+ runs) ~33s +# find /lib/modules/5.10.34-generic-1rosa2019.1-x86_64 -type f -name '*.ko.xz' > /tmp/xz.list +# time { for i in `cat /tmp/xz.list`; do modinfo $i >/dev/null 2>&1; done ;} +# took 43-47s, with disk cache (2+ runs) ~42s, +21% +# zstd-compressed initramfs image initrd-5.10.34-generic-1rosa2019.1-x86_64.img with *.ko.xz is 56,3 MiB +# zstd-compressed initramfs image initrd-5.10.34-generic-2rosa2019.1-x86_64.img with *.ko.zst is 58,4 MiB (+3.6%) +# /lib/modules/5.10.34-generic-1rosa2019.1-x86_64 (*.ko.xz) is 78,1 MiB +# /lib/modules/5.10.34-generic-2rosa2019.1-x86_64 (*.ko.zst) is 83,9 MiB (+7%) +# When zstd is compressing cpio (initrd image) with zstd-compressed kernel modules inside it, does it recompress data? +# It is not easy to make a choice between zstd and xz for kernel modules... Disk space (and so speed of installing +# RPM packages) is not much bigger, we do not try to support super low end devices, operation speed is a bit better. +# I have not seen measurable difference in startup time according to systemd-analyze. +# Note that decompression after zstd --ultra -22 will consume more memory than after zstd -6, see commit message in +# https://github.com/torvalds/linux/commit/73f3d1b48f5069d46b. I did not benchmark -6 vs -22 in runtime. +# Let's use zstd for now. +# zstd may also be used to compress linux-firmware to save a lot of space on disk, +# but upstream kernels still cannot decompress it. +#%%{zstd_cmd} -T0 --train $(find . -type f -name '*.ko') +#[ -f dictionary ] +# -T1 (one thread) because we run multiple zstd processes by xargs +find %{target_modules} -name "*.ko" | %kxargs %{zstd_cmd} --rm -T1 #-D dictionary +#rm -f dictionary %endif +find %{buildroot}%{_modulesdir}/%{kver_full} -type f -name '*.ko%{kmod_suffix}' | sed -e 's,^%{buildroot},,' | sort -u >> %{kernel_files} +find %{buildroot}%{_modulesdir}/%{kver_full} -type d | sed -e 's,^%{buildroot},%dir ,' | sort -u >> %{kernel_files} + +# We estimate the size of the initramfs because rpm needs to take this size +# into consideration when performing disk space calculations (See rhbz#530778) +# 65 MiB is a bit more than needed, but let's be more sure that there is enought space. +# On my PC, zstd-compressed initrds take 58,5 MiB. +# Real size of the RPM package should not increase because RPM compresses the payload. +# This file is %%ghost, so the real initrd will be deleted when uninstalling this package. +dd if=/dev/zero of=%{buildroot}%{initrd_path} bs=1M count=65 + +%if %build_debug +install -m 644 vmlinux %{buildroot}%{_bootdir}/vmlinux-%{kver_full} +find %{buildroot}%{_modulesdir} -type f -name '*.debug' | sed -e 's,^%{buildroot},,' | sort -u >> %{debuginfo_files} +%endif # /build_debug + pushd %{target_modules} for i in *; do rm -f $i/build $i/source @@ -1022,15 +1364,15 @@ LC_ALL=C sed -ri "s/^EXTRAVERSION.*/EXTRAVERSION = -%{fullrpmrel}/" Makefile %if %{build_perf} # perf tool binary and supporting scripts/binaries -make -C tools/perf -s V=1 DESTDIR=%{buildroot} IS_X86_64=%{perf_is_x64} HAVE_CPLUS_DEMANGLE=1 prefix=%{_prefix} install - -# perf man pages (note: implicit rpm magic compresses them later) -make -C tools/perf -s V=1 DESTDIR=%{buildroot} IS_X86_64=%{perf_is_x64} HAVE_CPLUS_DEMANGLE=1 prefix=%{_prefix} install-man -%endif +make -C tools/perf -s V=1 DESTDIR=%{buildroot} WERROR=0 HAVE_CPLUS_DEMANGLE=1 prefix=%{_prefix} lib=%{_lib} install # Versionize shebang (#!/usr/bin/env python -> #!/usr/bin/python3) sed -i -e '1 s,^.*$,#!%{__python3},' %{buildroot}%{_prefix}/libexec/perf-core/scripts/python/exported-sql-viewer.py +# perf man pages (note: implicit rpm magic compresses them later) +make -C tools/perf -s V=1 DESTDIR=%{buildroot} WERROR=0 HAVE_CPLUS_DEMANGLE=1 prefix=%{_prefix} install-man +%endif + %if %{build_cpupower} make -C tools/power/cpupower DESTDIR=%{buildroot} libdir=%{_libdir} mandir=%{_mandir} CPUFREQ_BENCH=false install rm -f %{buildroot}%{_libdir}/*.{a,la} @@ -1038,8 +1380,18 @@ rm -f %{buildroot}%{_libdir}/*.{a,la} mv cpupower.lang ../ chmod 0755 %{buildroot}%{_libdir}/libcpupower.so* mkdir -p %{buildroot}%{_unitdir} %{buildroot}%{_sysconfdir}/sysconfig -install -m644 %{SOURCE10} %{buildroot}%{_unitdir}/cpupower.service -install -m644 %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/cpupower -install -m755 %{SOURCE12} %{buildroot}%{_bindir}/cpupower-start.sh -install -m644 %{SOURCE13} %{buildroot}%{_unitdir}/cpupower.path +install -m644 %{SOURCE50} %{buildroot}%{_unitdir}/cpupower.service +install -m644 %{SOURCE53} %{buildroot}%{_unitdir}/cpupower.path +install -m644 %{SOURCE51} %{buildroot}%{_sysconfdir}/sysconfig/cpupower +install -m755 %{SOURCE52} %{buildroot}%{_bindir}/cpupower-start.sh +%endif + +# delete junk +rm -fr %{buildroot}%{_usr}/src/*/kernel-source-* + +%if %{with flow_abi} +# Prefix with "zzz" to put this directory into the end of search list +# and avoid tricks with depmod configs +mkdir -p %{buildroot}/lib/modules/%{kernelversion}.%{patchlevel}-rosa-flow-abi +ln -s /lib/modules/%{kernelversion}.%{patchlevel}-rosa-flow-abi %{buildroot}%{_modulesdir}/%{kver_full}/kernel/zzz-%{kernelversion}.%{patchlevel}-rosa-flow-abi %endif diff --git a/kernel.rpmlintrc b/kernel.rpmlintrc index f0b6707..59967cd 100644 --- a/kernel.rpmlintrc +++ b/kernel.rpmlintrc @@ -2,36 +2,9 @@ addFilter("E: zero-length") addFilter("E: incoherent-version-in-name") addFilter("E: unstripped-binary-or-object") - -addFilter("E: executable-sourced-script") -addFilter("E: executable-in-library-package") -addFilter("E: devel-dependency") -addFilter("E: hardcoded-library-path") -addFilter("E: useless-provides") - addFilter("W: devel-file-in-non-devel-package") addFilter("W: dangling-relative-symlink") addFilter("W: non-executable-script") addFilter("W: script-without-shebang") - -addFilter("W: no-documentation") -addFilter("W: spurious-executable-perm") -addFilter("W: summary-not-capitalized") -addFilter("W: obsolete-not-provided") - -addFilter("W: non-standard-dir-in-usr") -addFilter("W: no-major-in-name") -addFilter("W: no-dependency-on") -addFilter("W: name-repeated-in-summary") -addFilter("W: unversioned-explicit-provides") - -addFilter("W: hidden-file-or-dir") -addFilter("W: filename-too-long-for-joliet") -addFilter("W: dangerous-command-in-%preun") -addFilter("W: dangerous-command-in-%postun") -addFilter("W: dangerous-command-in-%post") - - - - - +# longer descriptions are allowed in rpm4 platforms +addFilter("E: description-line-too-long") diff --git a/linux-5.13-attribute-error.patch b/linux-5.13-attribute-error.patch deleted file mode 100644 index 0fb57be..0000000 --- a/linux-5.13-attribute-error.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up linux-5.13/tools/include/linux/compiler-gcc.h.2~ linux-5.13/tools/include/linux/compiler-gcc.h ---- linux-5.13/tools/include/linux/compiler-gcc.h.2~ 2021-06-28 00:21:11.000000000 +0200 -+++ linux-5.13/tools/include/linux/compiler-gcc.h 2021-07-09 01:09:40.704907665 +0200 -@@ -16,9 +16,9 @@ - # define __fallthrough __attribute__ ((fallthrough)) - #endif - --#if GCC_VERSION >= 40300 -+#if __has_attribute(error) - # define __compiletime_error(message) __attribute__((error(message))) --#endif /* GCC_VERSION >= 40300 */ -+#endif /* __has_attribute(error) */ - - /* &a[0] degrades to a pointer: a different type from an array */ - #define __must_be_array(a) BUILD_BUG_ON_ZERO(__same_type((a), &(a)[0])) diff --git a/macros.ksobirator b/macros.ksobirator new file mode 100644 index 0000000..f9baa63 --- /dev/null +++ b/macros.ksobirator @@ -0,0 +1,40 @@ +# ksobirator RPM macros +# For now they are bundled in the kernel package, +# in the future, after testing, ksobirator will become a separate package +# which will be BuildRequired from kernel packages + +# TODO: define it somewhere else... +# TODO: avoid depending from %%flavour, %%buildrel etc ?! +# TODO: fail if needed macros are not defined +%ksob_kernel %{kernelversion}.%{patchlevel}-%{flavour} + +# %%ksob_mk_module_pkg -n module name -s module section [ -r additional requires for this package ] +# Examples: +# %%ksob_mk_module_pkg -n shredder -s extra -r /usr/bin/wipe +# %%ksob_mk_module_pkg -n shredder -s extra +%ksob_mk_module_pkg(n:s:r:) \ +\ +%define module_name %{-n:%{-n*}}%{!-n:%{error:Module name not defined!}} \ +%define pkg_main kernel-module-%{module_name}-%{ksob_kernel} \ +%define module_section %{-s:%{-s*}}%{!-s:%{error:Module section (e.g. extra) not defined!}} \ +\ +%{expand: \ +%package -n %{pkg_main} \ +# TODO: convert long kernel name to one macro \ +Summary: Binary module %{module_name} for kernel-%{ksob_kernel} \ +Group: System/Kernel and hardware \ +\ +%{-r:Requires: %{-r*}} \ +Requires: %{name}%{_isa} = %{EVRD} \ +Provides: installonlypkg(kernel-module) = %{EVRD}.module.%{module_name} \ +Obsoletes: kernel-module-%{module_name}-%{flavour}-%{kernelversion}.%{patchlevel}-latest < 5.10.34-2 \ +\ +%description -n %{pkg_main} \ +Binary module %{module_name} for kernel-%{ksob_kernel} \ +\ +%files -n %{pkg_main} \ +# XXX TODO: how to %%exclude these files from the main package automatically? \ +%{_modulesdir}/%{kver_full}/kernel/%{module_section}/%{module_name}.ko%{kmod_suffix} \ +\ +%{nil} \ +} diff --git a/perf-xmlto-skip-validation.patch b/perf-xmlto-skip-validation.patch deleted file mode 100644 index 2d558a3..0000000 --- a/perf-xmlto-skip-validation.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur linux-5.9.orig/tools/perf/Documentation/Makefile linux-5.9/tools/perf/Documentation/Makefile ---- linux-5.9.orig/tools/perf/Documentation/Makefile 2020-10-17 12:00:45.497122395 +0300 -+++ linux-5.9/tools/perf/Documentation/Makefile 2020-10-17 12:00:47.205122425 +0300 -@@ -51,7 +51,7 @@ - ASCIIDOC_EXTRA += --unsafe -f asciidoc.conf - ASCIIDOC_HTML = xhtml11 - MANPAGE_XSL = manpage-normal.xsl --XMLTO_EXTRA = -+XMLTO_EXTRA = --skip-validation - INSTALL?=install - RM ?= rm -f - DOC_REF = origin/man diff --git a/xanmod-futex2-error-avoid.patch b/xanmod-futex2-error-avoid.patch deleted file mode 100644 index 8bbbcf0..0000000 --- a/xanmod-futex2-error-avoid.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/tools/perf/bench/futex.h b/tools/perf/bench/futex.h -index 915bf3da7ce2..6e62e7708fde 100644 ---- a/tools/perf/bench/futex.h -+++ b/tools/perf/bench/futex.h -@@ -11,7 +11,7 @@ - #include - #include - #include --#include -+#include "../../include/uapi/linux/futex.h" - - /** - * futex() - SYS_futex syscall wrapper