Make makefile and spec compatible with rc versions

There are a couple of changes needed:
1. Package version cannot contain '-' (5.4-rc5-1.pvops.qubes is an
   invalid rpm version). Follow Fedora upstream idea of moving 'rc' tag
   into package release field, as 0.rcXX.(original rel). This way, such
   package will be 'older' than the final release (with just release
   number there - 1 in most cases). The alternative idea is using
   '~rcXX' in the package version, but ~ couldn't be part of a kernel
   version reported by the kernel itself and also qubes-dom0-update
   refuses ~ in a package filename.
2. Adjust kernel version to match the above - specifically clear
   EXTRAVERSION (-rcXX suffix), as it will be added back as package
   release (CONFIG_LOCALVERSION).
3. rc tarballs are available only as a git-generated .tar.gz (not
   .tar.xz) and there are no matching detached signatures. While it
   would be possible to download a signed tag via git, scripting that
   would be overly complex as for the task rarely used. Leave this
   verification as a manual step and require sha512 checksum to be
   committed into repository.
   To build an archive matching upstream one, out of a signed tag, use
   command like this:
   git archive --prefix=linux-5.4-rc5/ --output=../linux-5.4-rc5.tar.gz v5.4-rc5

While at it, remove obsolete BUILD_FLAVOR variable.
This commit is contained in:
Marek Marczykowski-Górecki 2019-10-30 16:36:45 +01:00
parent 24ee349714
commit 17b7186716
No known key found for this signature in database
GPG Key ID: 063938BA42CFA724
4 changed files with 52 additions and 35 deletions

2
.gitignore vendored
View File

@ -1,4 +1,4 @@
linux-*.tar.bz2
linux-*.tar.gz
linux-*.tar.xz
linux-*.sign
WireGuard-*.tar.xz

View File

@ -11,14 +11,11 @@ SOURCEDIR := $(WORKDIR)
NO_OF_CPUS := $(shell grep -c ^processor /proc/cpuinfo)
BUILD_FLAVOR := pvops
RPM_DEFINES := --define "_sourcedir $(SOURCEDIR)" \
--define "_specdir $(SPECDIR)" \
--define "_builddir $(BUILDDIR)" \
--define "_srcrpmdir $(SRCRPMDIR)" \
--define "_rpmdir $(RPMDIR)" \
--define "build_flavor $(BUILD_FLAVOR)"
--define "_rpmdir $(RPMDIR)"
ifndef NAME
$(error "You can not run this Makefile without having NAME defined")
@ -30,6 +27,13 @@ ifndef RELEASE
RELEASE := $(shell cat rel)
endif
ifneq ($(VERSION),$(subst -rc,,$(VERSION)))
DOWNLOAD_FROM_GIT=1
VERIFICATION := hash
else
VERIFICATION := signature
endif
all: help
MIRROR := cdn.kernel.org
@ -39,13 +43,13 @@ else
SRC_BASEURL := $(DISTFILES_MIRROR)
endif
ifeq ($(VERIFICATION),signature)
SRC_FILE := linux-${VERSION}.tar.xz
ifeq ($(BUILD_FLAVOR),pvops)
SIGN_FILE := linux-${VERSION}.tar.sign
else
SIGN_FILE := linux-${VERSION}.tar.bz2.sign
SRC_FILE := linux-${VERSION}.tar.gz
HASH_FILE := $(SRC_FILE).sha512
endif
HASH_FILE :=${SRC_FILE}.sha1sum
WG_BASE_URL := https://git.zx2c4.com/WireGuard/snapshot
WG_SRC_FILE := WireGuard-0.0.20190913.tar.xz
@ -57,6 +61,10 @@ WG_SIG_URL := $(WG_BASE_URL)/$(WG_SIG_FILE)
URL := $(SRC_BASEURL)/$(SRC_FILE)
URL_SIGN := $(SRC_BASEURL)/$(SIGN_FILE)
ifeq ($(DOWNLOAD_FROM_GIT),1)
URL := https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/snapshot/linux-$(VERSION).tar.gz
endif
get-sources: $(SRC_FILE) $(SIGN_FILE) $(WG_SRC_FILE) $(WG_SIG_FILE)
$(SRC_FILE):
@ -79,14 +87,12 @@ import-keys:
verify-sources: import-keys
@xzcat $(WG_SRC_FILE) | gpgv --keyring wireguard-trustedkeys.gpg $(WG_SIG_FILE) - 2>/dev/null
ifeq ($(BUILD_FLAVOR),pvops)
ifeq ($(VERIFICATION),signature)
@xzcat $(SRC_FILE) | gpgv --keyring linux-kernel-trustedkeys.gpg $(SIGN_FILE) - 2>/dev/null
else
# @gpg --verify $(SIGN_FILE) $(SRC_FILE)
# The key has been compromised
# and kernel.org decided not to release signature
# with a new key... oh, well...
sha1sum --quiet -c ${HASH_FILE}
# there are no signatures for rc tarballs
# verify locally based on a signed git tag and commit hash file
sha512sum --quiet -c $(HASH_FILE)
endif
.PHONY: clean-sources

View File

@ -20,9 +20,9 @@ set -eu -o pipefail
linux_merge_config="./scripts/kconfig/merge_config.sh"
make_opts=""
if [ -n "${RPM_PACKAGE_VERSION:-}" ]; then
linux_merge_config="../linux-$RPM_PACKAGE_VERSION/scripts/kconfig/merge_config.sh"
make_opts="-C ../linux-$RPM_PACKAGE_VERSION O=$PWD"
if [ -n "${LINUX_UPSTREAM_VERSION:-}" ]; then
linux_merge_config="../linux-$LINUX_UPSTREAM_VERSION/scripts/kconfig/merge_config.sh"
make_opts="-C ../linux-$LINUX_UPSTREAM_VERSION O=$PWD"
fi
if [ -z "$linux_merge_config" ]; then

View File

@ -2,10 +2,19 @@
# Based on the Open SUSE kernel-spec & Fedora kernel-spec.
#
%define variant pvops.qubes
%define variant qubes
%define plainrel @REL@
%define rel %{plainrel}.%{variant}
%define version @VERSION@
%define version %(echo '@VERSION@' | sed 's/~rc.*/.0/')
%define upstream_version %(echo '@VERSION@' | sed 's/~rc/-rc/')
%if "%{version}" != "%{upstream_version}"
%define prerelease 1
%define rel 0.%(echo '@VERSION@' | sed 's/.*~rc/rc/').%{plainrel}.%{variant}
%else
%define prerelease 0
%define rel %{plainrel}.%{variant}
%endif
%define name_suffix -latest
%define _buildshell /bin/bash
@ -14,13 +23,13 @@
%global cpu_arch x86_64
%define cpu_arch_flavor %cpu_arch
%define kernelrelease %(echo %{version} | sed 's/^3\\.[0-9]\\+$/\\0.0/')-%rel.%cpu_arch
%define kernelrelease %(echo %{upstream_version} | sed 's/^[0-9]\\.[0-9]\\+$/\\0.0/;s/-rc.*/.0/')-%rel.%cpu_arch
%define my_builddir %_builddir/%{name}-%{version}
%define build_src_dir %my_builddir/linux-%version
%define build_src_dir %my_builddir/linux-%upstream_version
%define src_install_dir /usr/src/kernels/%kernelrelease
%define kernel_build_dir %my_builddir/linux-obj
%define vm_install_dir /var/lib/qubes/vm-kernels/%version-%{plainrel}
%define vm_install_dir /var/lib/qubes/vm-kernels/%upstream_version-%{plainrel}
%define install_vdso 1
%define debuginfodir /usr/lib/debug
@ -92,10 +101,13 @@ Conflicts: lvm2 < 2.02.33
Provides: kernel = %kernelrelease
Provides: kernel-uname-r = %kernelrelease
BuildRoot: %{_tmppath}/%{name}-%{version}-build
ExclusiveArch: x86_64
Source0: linux-%version.tar.xz
%if !%{prerelease}
Source0: linux-%{upstream_version}.tar.xz
%else
Source0: linux-%{upstream_version}.tar.gz
%endif
Source5: WireGuard-0.0.20190913.tar.xz
Source16: guards
Source17: apply-patches
@ -123,22 +135,21 @@ Patch13: 0014-xen-pciback-add-attribute-to-allow-MSI-enable-flag-w.patch
Qubes Dom0 kernel.
%prep
if ! [ -e %_sourcedir/linux-%version.tar.xz ]; then
echo "The %name-%version.nosrc.rpm package does not contain the" \
"complete sources. Please install kernel-source-%version.src.rpm."
exit 1
fi
SYMBOLS="xen-dom0 pvops"
# Unpack all sources and patches
%autosetup -N -c -T -a 0
export LINUX_UPSTREAM_VERSION=%{upstream_version}
mkdir -p %kernel_build_dir
cd linux-%version
cd linux-%upstream_version
%autopatch -p1
# drop EXTRAVERSION - possible -rc suffix already included in %release
sed -i -e 's/^EXTRAVERSION = -rc.*/EXTRAVERSION =/' Makefile
cd %kernel_build_dir
# Create QubesOS config kernel
@ -147,7 +158,7 @@ cd %kernel_build_dir
%build_src_dir/scripts/config \
--set-str CONFIG_LOCALVERSION -%release.%cpu_arch %{setup_config}
MAKE_ARGS="$MAKE_ARGS -C %build_src_dir O=$PWD"
MAKE_ARGS="$MAKE_ARGS -C %build_src_dir O=$PWD KERNELRELEASE=%{kernelrelease}"
make prepare $MAKE_ARGS
make scripts $MAKE_ARGS
@ -563,18 +574,18 @@ if [ "$current_default_package" = "%{name}-qubes-vm" ]; then
# If qubes-prefs isn't installed yet, the default kernel will be set by %post
# of qubes-core-dom0
type qubes-prefs &>/dev/null && qubes-prefs --set default-kernel %version-%plainrel
type qubes-prefs &>/dev/null && qubes-prefs --set default-kernel %upstream_version-%plainrel
fi
exit 0
%preun qubes-vm
if [ "`qubes-prefs -g default-kernel`" == "%version-%plainrel" ]; then
if [ "`qubes-prefs -g default-kernel`" == "%upstream_version-%plainrel" ]; then
echo "This kernel version is set as default VM kernel, cannot remove"
exit 1
fi
if qvm-ls --kernel | grep -qw "%version-%plainrel"; then
if qvm-ls --kernel | grep -qw "%upstream_version-%plainrel"; then
echo "This kernel version is used by at least one VM, cannot remove"
exit 1
fi