From 17b7186716e0b251f9f7dfe34db797f0a1440bc1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Wed, 30 Oct 2019 16:36:45 +0100 Subject: [PATCH] Make makefile and spec compatible with rc versions There are a couple of changes needed: 1. Package version cannot contain '-' (5.4-rc5-1.pvops.qubes is an invalid rpm version). Follow Fedora upstream idea of moving 'rc' tag into package release field, as 0.rcXX.(original rel). This way, such package will be 'older' than the final release (with just release number there - 1 in most cases). The alternative idea is using '~rcXX' in the package version, but ~ couldn't be part of a kernel version reported by the kernel itself and also qubes-dom0-update refuses ~ in a package filename. 2. Adjust kernel version to match the above - specifically clear EXTRAVERSION (-rcXX suffix), as it will be added back as package release (CONFIG_LOCALVERSION). 3. rc tarballs are available only as a git-generated .tar.gz (not .tar.xz) and there are no matching detached signatures. While it would be possible to download a signed tag via git, scripting that would be overly complex as for the task rarely used. Leave this verification as a manual step and require sha512 checksum to be committed into repository. To build an archive matching upstream one, out of a signed tag, use command like this: git archive --prefix=linux-5.4-rc5/ --output=../linux-5.4-rc5.tar.gz v5.4-rc5 While at it, remove obsolete BUILD_FLAVOR variable. --- .gitignore | 2 +- Makefile | 32 +++++++++++++++++++------------- gen-config | 6 +++--- kernel.spec.in | 47 +++++++++++++++++++++++++++++------------------ 4 files changed, 52 insertions(+), 35 deletions(-) diff --git a/.gitignore b/.gitignore index 177e86c..986d07a 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,4 @@ -linux-*.tar.bz2 +linux-*.tar.gz linux-*.tar.xz linux-*.sign WireGuard-*.tar.xz diff --git a/Makefile b/Makefile index f8f5ac1..48151b3 100644 --- a/Makefile +++ b/Makefile @@ -11,14 +11,11 @@ SOURCEDIR := $(WORKDIR) NO_OF_CPUS := $(shell grep -c ^processor /proc/cpuinfo) -BUILD_FLAVOR := pvops - RPM_DEFINES := --define "_sourcedir $(SOURCEDIR)" \ --define "_specdir $(SPECDIR)" \ --define "_builddir $(BUILDDIR)" \ --define "_srcrpmdir $(SRCRPMDIR)" \ - --define "_rpmdir $(RPMDIR)" \ - --define "build_flavor $(BUILD_FLAVOR)" + --define "_rpmdir $(RPMDIR)" ifndef NAME $(error "You can not run this Makefile without having NAME defined") @@ -30,6 +27,13 @@ ifndef RELEASE RELEASE := $(shell cat rel) endif +ifneq ($(VERSION),$(subst -rc,,$(VERSION))) +DOWNLOAD_FROM_GIT=1 +VERIFICATION := hash +else +VERIFICATION := signature +endif + all: help MIRROR := cdn.kernel.org @@ -39,13 +43,13 @@ else SRC_BASEURL := $(DISTFILES_MIRROR) endif +ifeq ($(VERIFICATION),signature) SRC_FILE := linux-${VERSION}.tar.xz -ifeq ($(BUILD_FLAVOR),pvops) SIGN_FILE := linux-${VERSION}.tar.sign else -SIGN_FILE := linux-${VERSION}.tar.bz2.sign +SRC_FILE := linux-${VERSION}.tar.gz +HASH_FILE := $(SRC_FILE).sha512 endif -HASH_FILE :=${SRC_FILE}.sha1sum WG_BASE_URL := https://git.zx2c4.com/WireGuard/snapshot WG_SRC_FILE := WireGuard-0.0.20190913.tar.xz @@ -57,6 +61,10 @@ WG_SIG_URL := $(WG_BASE_URL)/$(WG_SIG_FILE) URL := $(SRC_BASEURL)/$(SRC_FILE) URL_SIGN := $(SRC_BASEURL)/$(SIGN_FILE) +ifeq ($(DOWNLOAD_FROM_GIT),1) +URL := https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/snapshot/linux-$(VERSION).tar.gz +endif + get-sources: $(SRC_FILE) $(SIGN_FILE) $(WG_SRC_FILE) $(WG_SIG_FILE) $(SRC_FILE): @@ -79,14 +87,12 @@ import-keys: verify-sources: import-keys @xzcat $(WG_SRC_FILE) | gpgv --keyring wireguard-trustedkeys.gpg $(WG_SIG_FILE) - 2>/dev/null -ifeq ($(BUILD_FLAVOR),pvops) +ifeq ($(VERIFICATION),signature) @xzcat $(SRC_FILE) | gpgv --keyring linux-kernel-trustedkeys.gpg $(SIGN_FILE) - 2>/dev/null else -# @gpg --verify $(SIGN_FILE) $(SRC_FILE) -# The key has been compromised -# and kernel.org decided not to release signature -# with a new key... oh, well... - sha1sum --quiet -c ${HASH_FILE} + # there are no signatures for rc tarballs + # verify locally based on a signed git tag and commit hash file + sha512sum --quiet -c $(HASH_FILE) endif .PHONY: clean-sources diff --git a/gen-config b/gen-config index c718b4a..0d525a6 100755 --- a/gen-config +++ b/gen-config @@ -20,9 +20,9 @@ set -eu -o pipefail linux_merge_config="./scripts/kconfig/merge_config.sh" make_opts="" -if [ -n "${RPM_PACKAGE_VERSION:-}" ]; then - linux_merge_config="../linux-$RPM_PACKAGE_VERSION/scripts/kconfig/merge_config.sh" - make_opts="-C ../linux-$RPM_PACKAGE_VERSION O=$PWD" +if [ -n "${LINUX_UPSTREAM_VERSION:-}" ]; then + linux_merge_config="../linux-$LINUX_UPSTREAM_VERSION/scripts/kconfig/merge_config.sh" + make_opts="-C ../linux-$LINUX_UPSTREAM_VERSION O=$PWD" fi if [ -z "$linux_merge_config" ]; then diff --git a/kernel.spec.in b/kernel.spec.in index 89c695a..22fb6a9 100644 --- a/kernel.spec.in +++ b/kernel.spec.in @@ -2,10 +2,19 @@ # Based on the Open SUSE kernel-spec & Fedora kernel-spec. # -%define variant pvops.qubes +%define variant qubes %define plainrel @REL@ %define rel %{plainrel}.%{variant} -%define version @VERSION@ +%define version %(echo '@VERSION@' | sed 's/~rc.*/.0/') +%define upstream_version %(echo '@VERSION@' | sed 's/~rc/-rc/') +%if "%{version}" != "%{upstream_version}" +%define prerelease 1 +%define rel 0.%(echo '@VERSION@' | sed 's/.*~rc/rc/').%{plainrel}.%{variant} +%else +%define prerelease 0 +%define rel %{plainrel}.%{variant} +%endif + %define name_suffix -latest %define _buildshell /bin/bash @@ -14,13 +23,13 @@ %global cpu_arch x86_64 %define cpu_arch_flavor %cpu_arch -%define kernelrelease %(echo %{version} | sed 's/^3\\.[0-9]\\+$/\\0.0/')-%rel.%cpu_arch +%define kernelrelease %(echo %{upstream_version} | sed 's/^[0-9]\\.[0-9]\\+$/\\0.0/;s/-rc.*/.0/')-%rel.%cpu_arch %define my_builddir %_builddir/%{name}-%{version} -%define build_src_dir %my_builddir/linux-%version +%define build_src_dir %my_builddir/linux-%upstream_version %define src_install_dir /usr/src/kernels/%kernelrelease %define kernel_build_dir %my_builddir/linux-obj -%define vm_install_dir /var/lib/qubes/vm-kernels/%version-%{plainrel} +%define vm_install_dir /var/lib/qubes/vm-kernels/%upstream_version-%{plainrel} %define install_vdso 1 %define debuginfodir /usr/lib/debug @@ -92,10 +101,13 @@ Conflicts: lvm2 < 2.02.33 Provides: kernel = %kernelrelease Provides: kernel-uname-r = %kernelrelease -BuildRoot: %{_tmppath}/%{name}-%{version}-build ExclusiveArch: x86_64 -Source0: linux-%version.tar.xz +%if !%{prerelease} +Source0: linux-%{upstream_version}.tar.xz +%else +Source0: linux-%{upstream_version}.tar.gz +%endif Source5: WireGuard-0.0.20190913.tar.xz Source16: guards Source17: apply-patches @@ -123,22 +135,21 @@ Patch13: 0014-xen-pciback-add-attribute-to-allow-MSI-enable-flag-w.patch Qubes Dom0 kernel. %prep -if ! [ -e %_sourcedir/linux-%version.tar.xz ]; then - echo "The %name-%version.nosrc.rpm package does not contain the" \ - "complete sources. Please install kernel-source-%version.src.rpm." - exit 1 -fi - SYMBOLS="xen-dom0 pvops" # Unpack all sources and patches %autosetup -N -c -T -a 0 +export LINUX_UPSTREAM_VERSION=%{upstream_version} + mkdir -p %kernel_build_dir -cd linux-%version +cd linux-%upstream_version %autopatch -p1 +# drop EXTRAVERSION - possible -rc suffix already included in %release +sed -i -e 's/^EXTRAVERSION = -rc.*/EXTRAVERSION =/' Makefile + cd %kernel_build_dir # Create QubesOS config kernel @@ -147,7 +158,7 @@ cd %kernel_build_dir %build_src_dir/scripts/config \ --set-str CONFIG_LOCALVERSION -%release.%cpu_arch %{setup_config} -MAKE_ARGS="$MAKE_ARGS -C %build_src_dir O=$PWD" +MAKE_ARGS="$MAKE_ARGS -C %build_src_dir O=$PWD KERNELRELEASE=%{kernelrelease}" make prepare $MAKE_ARGS make scripts $MAKE_ARGS @@ -563,18 +574,18 @@ if [ "$current_default_package" = "%{name}-qubes-vm" ]; then # If qubes-prefs isn't installed yet, the default kernel will be set by %post # of qubes-core-dom0 -type qubes-prefs &>/dev/null && qubes-prefs --set default-kernel %version-%plainrel +type qubes-prefs &>/dev/null && qubes-prefs --set default-kernel %upstream_version-%plainrel fi exit 0 %preun qubes-vm -if [ "`qubes-prefs -g default-kernel`" == "%version-%plainrel" ]; then +if [ "`qubes-prefs -g default-kernel`" == "%upstream_version-%plainrel" ]; then echo "This kernel version is set as default VM kernel, cannot remove" exit 1 fi -if qvm-ls --kernel | grep -qw "%version-%plainrel"; then +if qvm-ls --kernel | grep -qw "%upstream_version-%plainrel"; then echo "This kernel version is used by at least one VM, cannot remove" exit 1 fi