QubesOS/qubes-linux-kernel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make makefile and spec compatible with rc versions

Browse Source 
There are a couple of changes needed:
1. Package version cannot contain '-' (5.4-rc5-1.pvops.qubes is an
   invalid rpm version). Follow Fedora upstream idea of moving 'rc' tag
   into package release field, as 0.rcXX.(original rel). This way, such
   package will be 'older' than the final release (with just release
   number there - 1 in most cases). The alternative idea is using
   '~rcXX' in the package version, but ~ couldn't be part of a kernel
   version reported by the kernel itself and also qubes-dom0-update
   refuses ~ in a package filename.
2. Adjust kernel version to match the above - specifically clear
   EXTRAVERSION (-rcXX suffix), as it will be added back as package
   release (CONFIG_LOCALVERSION).
3. rc tarballs are available only as a git-generated .tar.gz (not
   .tar.xz) and there are no matching detached signatures. While it
   would be possible to download a signed tag via git, scripting that
   would be overly complex as for the task rarely used. Leave this
   verification as a manual step and require sha512 checksum to be
   committed into repository.
   To build an archive matching upstream one, out of a signed tag, use
   command like this:
   git archive --prefix=linux-5.4-rc5/ --output=../linux-5.4-rc5.tar.gz v5.4-rc5

While at it, remove obsolete BUILD_FLAVOR variable.
This commit is contained in:
Marek Marczykowski-Górecki 2019-10-30 16:36:45 +01:00
parent 24ee349714
commit 17b7186716
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
4 changed files with 52 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,4 +1,4 @@
linux-*.tar.bz2 linux-*.tar.gz
linux-*.tar.xz linux-*.tar.xz
linux-*.sign linux-*.sign
WireGuard-*.tar.xz WireGuard-*.tar.xz

32
Makefile
View File

@ -11,14 +11,11 @@ SOURCEDIR := $(WORKDIR)
NO_OF_CPUS := $(shell grep -c ^processor /proc/cpuinfo) NO_OF_CPUS := $(shell grep -c ^processor /proc/cpuinfo)
BUILD_FLAVOR := pvops
RPM_DEFINES := --define "_sourcedir $(SOURCEDIR)" \ RPM_DEFINES := --define "_sourcedir $(SOURCEDIR)" \
--define "_specdir $(SPECDIR)" \ --define "_specdir $(SPECDIR)" \
--define "_builddir $(BUILDDIR)" \ --define "_builddir $(BUILDDIR)" \
--define "_srcrpmdir $(SRCRPMDIR)" \ --define "_srcrpmdir $(SRCRPMDIR)" \
--define "_rpmdir $(RPMDIR)" \ --define "_rpmdir $(RPMDIR)"
--define "build_flavor $(BUILD_FLAVOR)"
ifndef NAME ifndef NAME
$(error "You can not run this Makefile without having NAME defined") $(error "You can not run this Makefile without having NAME defined")
@ -30,6 +27,13 @@ ifndef RELEASE
RELEASE := $(shell cat rel) RELEASE := $(shell cat rel)
endif endif
ifneq ($(VERSION),$(subst -rc,,$(VERSION)))
DOWNLOAD_FROM_GIT=1
VERIFICATION := hash
else
VERIFICATION := signature
endif
all: help all: help
MIRROR := cdn.kernel.org MIRROR := cdn.kernel.org
@ -39,13 +43,13 @@ else
SRC_BASEURL := $(DISTFILES_MIRROR) SRC_BASEURL := $(DISTFILES_MIRROR)
endif endif
ifeq ($(VERIFICATION),signature)
SRC_FILE := linux-${VERSION}.tar.xz SRC_FILE := linux-${VERSION}.tar.xz
ifeq ($(BUILD_FLAVOR),pvops)
SIGN_FILE := linux-${VERSION}.tar.sign SIGN_FILE := linux-${VERSION}.tar.sign
else else
SIGN_FILE := linux-${VERSION}.tar.bz2.sign SRC_FILE := linux-${VERSION}.tar.gz
HASH_FILE := $(SRC_FILE).sha512
endif endif
HASH_FILE :=${SRC_FILE}.sha1sum
WG_BASE_URL := https://git.zx2c4.com/WireGuard/snapshot WG_BASE_URL := https://git.zx2c4.com/WireGuard/snapshot
WG_SRC_FILE := WireGuard-0.0.20190913.tar.xz WG_SRC_FILE := WireGuard-0.0.20190913.tar.xz
@ -57,6 +61,10 @@ WG_SIG_URL := $(WG_BASE_URL)/$(WG_SIG_FILE)
URL := $(SRC_BASEURL)/$(SRC_FILE) URL := $(SRC_BASEURL)/$(SRC_FILE)
URL_SIGN := $(SRC_BASEURL)/$(SIGN_FILE) URL_SIGN := $(SRC_BASEURL)/$(SIGN_FILE)
ifeq ($(DOWNLOAD_FROM_GIT),1)
URL := https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/snapshot/linux-$(VERSION).tar.gz
endif
get-sources: $(SRC_FILE) $(SIGN_FILE) $(WG_SRC_FILE) $(WG_SIG_FILE) get-sources: $(SRC_FILE) $(SIGN_FILE) $(WG_SRC_FILE) $(WG_SIG_FILE)
$(SRC_FILE): $(SRC_FILE):
@ -79,14 +87,12 @@ import-keys:
verify-sources: import-keys verify-sources: import-keys
@xzcat $(WG_SRC_FILE) | gpgv --keyring wireguard-trustedkeys.gpg $(WG_SIG_FILE) - 2>/dev/null @xzcat $(WG_SRC_FILE) | gpgv --keyring wireguard-trustedkeys.gpg $(WG_SIG_FILE) - 2>/dev/null
ifeq ($(BUILD_FLAVOR),pvops) ifeq ($(VERIFICATION),signature)
@xzcat $(SRC_FILE) | gpgv --keyring linux-kernel-trustedkeys.gpg $(SIGN_FILE) - 2>/dev/null @xzcat $(SRC_FILE) | gpgv --keyring linux-kernel-trustedkeys.gpg $(SIGN_FILE) - 2>/dev/null
else else
# @gpg --verify $(SIGN_FILE) $(SRC_FILE) # there are no signatures for rc tarballs
# The key has been compromised # verify locally based on a signed git tag and commit hash file
# and kernel.org decided not to release signature sha512sum --quiet -c $(HASH_FILE)
# with a new key... oh, well...
sha1sum --quiet -c ${HASH_FILE}
endif endif
.PHONY: clean-sources .PHONY: clean-sources

6
gen-config
View File

@ -20,9 +20,9 @@ set -eu -o pipefail
linux_merge_config="./scripts/kconfig/merge_config.sh" linux_merge_config="./scripts/kconfig/merge_config.sh"
make_opts="" make_opts=""
if [ -n "${RPM_PACKAGE_VERSION:-}" ]; then if [ -n "${LINUX_UPSTREAM_VERSION:-}" ]; then
linux_merge_config="../linux-$RPM_PACKAGE_VERSION/scripts/kconfig/merge_config.sh" linux_merge_config="../linux-$LINUX_UPSTREAM_VERSION/scripts/kconfig/merge_config.sh"
make_opts="-C ../linux-$RPM_PACKAGE_VERSION O=$PWD" make_opts="-C ../linux-$LINUX_UPSTREAM_VERSION O=$PWD"
fi fi
if [ -z "$linux_merge_config" ]; then if [ -z "$linux_merge_config" ]; then

47
kernel.spec.in
View File

@ -2,10 +2,19 @@
# Based on the Open SUSE kernel-spec & Fedora kernel-spec. # Based on the Open SUSE kernel-spec & Fedora kernel-spec.
# #
%define variant pvops.qubes %define variant qubes
%define plainrel @REL@ %define plainrel @REL@
%define rel %{plainrel}.%{variant} %define rel %{plainrel}.%{variant}
%define version @VERSION@ %define version %(echo '@VERSION@' | sed 's/~rc.*/.0/')
%define upstream_version %(echo '@VERSION@' | sed 's/~rc/-rc/')
%if "%{version}" != "%{upstream_version}"
%define prerelease 1
%define rel 0.%(echo '@VERSION@' | sed 's/.*~rc/rc/').%{plainrel}.%{variant}
%else
%define prerelease 0
%define rel %{plainrel}.%{variant}
%endif
%define name_suffix -latest %define name_suffix -latest
%define _buildshell /bin/bash %define _buildshell /bin/bash
@ -14,13 +23,13 @@
%global cpu_arch x86_64 %global cpu_arch x86_64
%define cpu_arch_flavor %cpu_arch %define cpu_arch_flavor %cpu_arch
%define kernelrelease %(echo %{version} | sed 's/^3\\.[0-9]\\+$/\\0.0/')-%rel.%cpu_arch %define kernelrelease %(echo %{upstream_version} | sed 's/^[0-9]\\.[0-9]\\+$/\\0.0/;s/-rc.*/.0/')-%rel.%cpu_arch
%define my_builddir %_builddir/%{name}-%{version} %define my_builddir %_builddir/%{name}-%{version}
%define build_src_dir %my_builddir/linux-%version %define build_src_dir %my_builddir/linux-%upstream_version
%define src_install_dir /usr/src/kernels/%kernelrelease %define src_install_dir /usr/src/kernels/%kernelrelease
%define kernel_build_dir %my_builddir/linux-obj %define kernel_build_dir %my_builddir/linux-obj
%define vm_install_dir /var/lib/qubes/vm-kernels/%version-%{plainrel} %define vm_install_dir /var/lib/qubes/vm-kernels/%upstream_version-%{plainrel}
%define install_vdso 1 %define install_vdso 1
%define debuginfodir /usr/lib/debug %define debuginfodir /usr/lib/debug
@ -92,10 +101,13 @@ Conflicts: lvm2 < 2.02.33
Provides: kernel = %kernelrelease Provides: kernel = %kernelrelease
Provides: kernel-uname-r = %kernelrelease Provides: kernel-uname-r = %kernelrelease
BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExclusiveArch: x86_64 ExclusiveArch: x86_64
Source0: linux-%version.tar.xz %if !%{prerelease}
Source0: linux-%{upstream_version}.tar.xz
%else
Source0: linux-%{upstream_version}.tar.gz
%endif
Source5: WireGuard-0.0.20190913.tar.xz Source5: WireGuard-0.0.20190913.tar.xz
Source16: guards Source16: guards
Source17: apply-patches Source17: apply-patches
@ -123,22 +135,21 @@ Patch13: 0014-xen-pciback-add-attribute-to-allow-MSI-enable-flag-w.patch
Qubes Dom0 kernel. Qubes Dom0 kernel.
%prep %prep
if ! [ -e %_sourcedir/linux-%version.tar.xz ]; then
echo "The %name-%version.nosrc.rpm package does not contain the" \
"complete sources. Please install kernel-source-%version.src.rpm."
exit 1
fi
SYMBOLS="xen-dom0 pvops" SYMBOLS="xen-dom0 pvops"
# Unpack all sources and patches # Unpack all sources and patches
%autosetup -N -c -T -a 0 %autosetup -N -c -T -a 0
export LINUX_UPSTREAM_VERSION=%{upstream_version}
mkdir -p %kernel_build_dir mkdir -p %kernel_build_dir
cd linux-%version cd linux-%upstream_version
%autopatch -p1 %autopatch -p1
# drop EXTRAVERSION - possible -rc suffix already included in %release
sed -i -e 's/^EXTRAVERSION = -rc.*/EXTRAVERSION =/' Makefile
cd %kernel_build_dir cd %kernel_build_dir
# Create QubesOS config kernel # Create QubesOS config kernel
@ -147,7 +158,7 @@ cd %kernel_build_dir
%build_src_dir/scripts/config \ %build_src_dir/scripts/config \
--set-str CONFIG_LOCALVERSION -%release.%cpu_arch %{setup_config} --set-str CONFIG_LOCALVERSION -%release.%cpu_arch %{setup_config}
MAKE_ARGS="$MAKE_ARGS -C %build_src_dir O=$PWD" MAKE_ARGS="$MAKE_ARGS -C %build_src_dir O=$PWD KERNELRELEASE=%{kernelrelease}"
make prepare $MAKE_ARGS make prepare $MAKE_ARGS
make scripts $MAKE_ARGS make scripts $MAKE_ARGS
@ -563,18 +574,18 @@ if [ "$current_default_package" = "%{name}-qubes-vm" ]; then
# If qubes-prefs isn't installed yet, the default kernel will be set by %post # If qubes-prefs isn't installed yet, the default kernel will be set by %post
# of qubes-core-dom0 # of qubes-core-dom0
type qubes-prefs &>/dev/null && qubes-prefs --set default-kernel %version-%plainrel type qubes-prefs &>/dev/null && qubes-prefs --set default-kernel %upstream_version-%plainrel
fi fi
exit 0 exit 0
%preun qubes-vm %preun qubes-vm
if [ "`qubes-prefs -g default-kernel`" == "%version-%plainrel" ]; then if [ "`qubes-prefs -g default-kernel`" == "%upstream_version-%plainrel" ]; then
echo "This kernel version is set as default VM kernel, cannot remove" echo "This kernel version is set as default VM kernel, cannot remove"
exit 1 exit 1
fi fi
if qvm-ls --kernel | grep -qw "%version-%plainrel"; then if qvm-ls --kernel | grep -qw "%upstream_version-%plainrel"; then
echo "This kernel version is used by at least one VM, cannot remove" echo "This kernel version is used by at least one VM, cannot remove"
exit 1 exit 1
fi fi