Make makefile and spec compatible with rc versions

There are a couple of changes needed:
1. Package version cannot contain '-' (5.4-rc5-1.pvops.qubes is an
   invalid rpm version). Follow Fedora upstream idea of moving 'rc' tag
   into package release field, as 0.rcXX.(original rel). This way, such
   package will be 'older' than the final release (with just release
   number there - 1 in most cases). The alternative idea is using
   '~rcXX' in the package version, but ~ couldn't be part of a kernel
   version reported by the kernel itself and also qubes-dom0-update
   refuses ~ in a package filename.
2. Adjust kernel version to match the above - specifically clear
   EXTRAVERSION (-rcXX suffix), as it will be added back as package
   release (CONFIG_LOCALVERSION).
3. rc tarballs are available only as a git-generated .tar.gz (not
   .tar.xz) and there are no matching detached signatures. While it
   would be possible to download a signed tag via git, scripting that
   would be overly complex as for the task rarely used. Leave this
   verification as a manual step and require sha512 checksum to be
   committed into repository.
   To build an archive matching upstream one, out of a signed tag, use
   command like this:
   git archive --prefix=linux-5.4-rc5/ --output=../linux-5.4-rc5.tar.gz v5.4-rc5

While at it, remove obsolete BUILD_FLAVOR variable.

.gitignore

@@ -1,4 +1,4 @@
-linux-*.tar.bz2
+linux-*.tar.gz
 linux-*.tar.xz
 linux-*.sign
 WireGuard-*.tar.xz

Makefile

@@ -11,14 +11,11 @@ SOURCEDIR := $(WORKDIR)
 
 NO_OF_CPUS := $(shell grep -c ^processor /proc/cpuinfo)
 
-BUILD_FLAVOR := pvops
-
 RPM_DEFINES := --define "_sourcedir $(SOURCEDIR)" \
 		--define "_specdir $(SPECDIR)" \
 		--define "_builddir $(BUILDDIR)" \
 		--define "_srcrpmdir $(SRCRPMDIR)" \
-		--define "_rpmdir $(RPMDIR)" \
-		--define "build_flavor $(BUILD_FLAVOR)"
+		--define "_rpmdir $(RPMDIR)"
 
 ifndef NAME
 $(error "You can not run this Makefile without having NAME defined")
@@ -30,6 +27,13 @@ ifndef RELEASE
 RELEASE := $(shell cat rel)
 endif
 
+ifneq ($(VERSION),$(subst -rc,,$(VERSION)))
+DOWNLOAD_FROM_GIT=1
+VERIFICATION := hash
+else
+VERIFICATION := signature
+endif
+
 all: help
 
 MIRROR := cdn.kernel.org
@@ -39,13 +43,13 @@ else
 SRC_BASEURL := $(DISTFILES_MIRROR)
 endif
 
+ifeq ($(VERIFICATION),signature)
 SRC_FILE := linux-${VERSION}.tar.xz
-ifeq ($(BUILD_FLAVOR),pvops)
 SIGN_FILE := linux-${VERSION}.tar.sign
 else
-SIGN_FILE := linux-${VERSION}.tar.bz2.sign
+SRC_FILE := linux-${VERSION}.tar.gz
+HASH_FILE := $(SRC_FILE).sha512
 endif
-HASH_FILE :=${SRC_FILE}.sha1sum
 
 WG_BASE_URL := https://git.zx2c4.com/WireGuard/snapshot
 WG_SRC_FILE := WireGuard-0.0.20190913.tar.xz
@@ -57,6 +61,10 @@ WG_SIG_URL := $(WG_BASE_URL)/$(WG_SIG_FILE)
 URL := $(SRC_BASEURL)/$(SRC_FILE)
 URL_SIGN := $(SRC_BASEURL)/$(SIGN_FILE)
 
+ifeq ($(DOWNLOAD_FROM_GIT),1)
+URL := https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/snapshot/linux-$(VERSION).tar.gz
+endif
+
 get-sources: $(SRC_FILE) $(SIGN_FILE) $(WG_SRC_FILE) $(WG_SIG_FILE)
 
 $(SRC_FILE):
@@ -79,14 +87,12 @@ import-keys:
 
 verify-sources: import-keys
 	@xzcat $(WG_SRC_FILE) | gpgv --keyring wireguard-trustedkeys.gpg $(WG_SIG_FILE) - 2>/dev/null
-ifeq ($(BUILD_FLAVOR),pvops)
+ifeq ($(VERIFICATION),signature)
 	@xzcat $(SRC_FILE) | gpgv --keyring linux-kernel-trustedkeys.gpg $(SIGN_FILE) - 2>/dev/null
 else
-#	@gpg --verify $(SIGN_FILE) $(SRC_FILE)
-#	The key has been compromised
-#	and kernel.org decided not to release signature
-#	with a new key... oh, well...
-	sha1sum --quiet -c ${HASH_FILE}
+	# there are no signatures for rc tarballs
+	# verify locally based on a signed git tag and commit hash file
+	sha512sum --quiet -c $(HASH_FILE)
 endif
 
 .PHONY: clean-sources

gen-config

@@ -20,9 +20,9 @@ set -eu -o pipefail
 linux_merge_config="./scripts/kconfig/merge_config.sh"
 make_opts=""
 
-if [ -n "${RPM_PACKAGE_VERSION:-}" ]; then
-    linux_merge_config="../linux-$RPM_PACKAGE_VERSION/scripts/kconfig/merge_config.sh"
-    make_opts="-C ../linux-$RPM_PACKAGE_VERSION O=$PWD"
+if [ -n "${LINUX_UPSTREAM_VERSION:-}" ]; then
+    linux_merge_config="../linux-$LINUX_UPSTREAM_VERSION/scripts/kconfig/merge_config.sh"
+    make_opts="-C ../linux-$LINUX_UPSTREAM_VERSION O=$PWD"
 fi
 
 if [ -z "$linux_merge_config" ]; then

kernel.spec.in

@@ -2,10 +2,19 @@
 # Based on the Open SUSE kernel-spec & Fedora kernel-spec.
 #
 
-%define variant pvops.qubes
+%define variant qubes
 %define plainrel @REL@
 %define rel %{plainrel}.%{variant}
-%define version @VERSION@
+%define version %(echo '@VERSION@' | sed 's/~rc.*/.0/')
+%define upstream_version %(echo '@VERSION@' | sed 's/~rc/-rc/')
+%if "%{version}" != "%{upstream_version}"
+%define prerelease 1
+%define rel 0.%(echo '@VERSION@' | sed 's/.*~rc/rc/').%{plainrel}.%{variant}
+%else
+%define prerelease 0
+%define rel %{plainrel}.%{variant}
+%endif
+
 %define name_suffix -latest
 
 %define _buildshell /bin/bash
@@ -14,13 +23,13 @@
 %global cpu_arch x86_64
 %define cpu_arch_flavor %cpu_arch
 
-%define kernelrelease %(echo %{version} | sed 's/^3\\.[0-9]\\+$/\\0.0/')-%rel.%cpu_arch
+%define kernelrelease %(echo %{upstream_version} | sed 's/^[0-9]\\.[0-9]\\+$/\\0.0/;s/-rc.*/.0/')-%rel.%cpu_arch
 %define my_builddir %_builddir/%{name}-%{version}
 
-%define build_src_dir %my_builddir/linux-%version
+%define build_src_dir %my_builddir/linux-%upstream_version
 %define src_install_dir /usr/src/kernels/%kernelrelease
 %define kernel_build_dir %my_builddir/linux-obj
-%define vm_install_dir /var/lib/qubes/vm-kernels/%version-%{plainrel}
+%define vm_install_dir /var/lib/qubes/vm-kernels/%upstream_version-%{plainrel}
 
 %define install_vdso 1
 %define debuginfodir /usr/lib/debug
@@ -92,10 +101,13 @@ Conflicts:      lvm2 < 2.02.33
 Provides:       kernel = %kernelrelease
 Provides:       kernel-uname-r = %kernelrelease
 
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 ExclusiveArch:  x86_64
 
-Source0:        linux-%version.tar.xz
+%if !%{prerelease}
+Source0:        linux-%{upstream_version}.tar.xz
+%else
+Source0:        linux-%{upstream_version}.tar.gz
+%endif
 Source5:	WireGuard-0.0.20190913.tar.xz
 Source16:       guards
 Source17:       apply-patches
@@ -123,22 +135,21 @@ Patch13: 0014-xen-pciback-add-attribute-to-allow-MSI-enable-flag-w.patch
 Qubes Dom0 kernel.
 
 %prep
-if ! [ -e %_sourcedir/linux-%version.tar.xz ]; then
-    echo "The %name-%version.nosrc.rpm package does not contain the" \
-         "complete sources. Please install kernel-source-%version.src.rpm."
-    exit 1
-fi
-
 SYMBOLS="xen-dom0 pvops"
 
 # Unpack all sources and patches
 %autosetup -N -c -T -a 0
 
+export LINUX_UPSTREAM_VERSION=%{upstream_version}
+
 mkdir -p %kernel_build_dir
 
-cd linux-%version
+cd linux-%upstream_version
 %autopatch -p1
 
+# drop EXTRAVERSION - possible -rc suffix already included in %release
+sed -i -e 's/^EXTRAVERSION = -rc.*/EXTRAVERSION =/' Makefile
+
 cd %kernel_build_dir
 
 # Create QubesOS config kernel
@@ -147,7 +158,7 @@ cd %kernel_build_dir
 %build_src_dir/scripts/config \
         --set-str CONFIG_LOCALVERSION -%release.%cpu_arch %{setup_config}
 
-MAKE_ARGS="$MAKE_ARGS -C %build_src_dir O=$PWD"
+MAKE_ARGS="$MAKE_ARGS -C %build_src_dir O=$PWD KERNELRELEASE=%{kernelrelease}"
 
 make prepare $MAKE_ARGS
 make scripts $MAKE_ARGS
@@ -563,18 +574,18 @@ if [ "$current_default_package" = "%{name}-qubes-vm" ]; then
 
 # If qubes-prefs isn't installed yet, the default kernel will be set by %post
 # of qubes-core-dom0
-type qubes-prefs &>/dev/null && qubes-prefs --set default-kernel %version-%plainrel
+type qubes-prefs &>/dev/null && qubes-prefs --set default-kernel %upstream_version-%plainrel
 fi
 
 exit 0
 
 %preun qubes-vm
 
-if [ "`qubes-prefs -g default-kernel`" == "%version-%plainrel" ]; then
+if [ "`qubes-prefs -g default-kernel`" == "%upstream_version-%plainrel" ]; then
     echo "This kernel version is set as default VM kernel, cannot remove"
     exit 1
 fi
-if qvm-ls --kernel | grep -qw "%version-%plainrel"; then
+if qvm-ls --kernel | grep -qw "%upstream_version-%plainrel"; then
     echo "This kernel version is used by at least one VM, cannot remove"
     exit 1
 fi