Extracting debuginfo strips away modules signatures (which would be
invalid anyway, as the module file is modified). Include the code for
signing modules again, taken from Fedora's kernel.spec.
FixesQubesOS/qubes-issues#5497
There are a couple of changes needed:
1. Package version cannot contain '-' (5.4-rc5-1.pvops.qubes is an
invalid rpm version). Follow Fedora upstream idea of moving 'rc' tag
into package release field, as 0.rcXX.(original rel). This way, such
package will be 'older' than the final release (with just release
number there - 1 in most cases). The alternative idea is using
'~rcXX' in the package version, but ~ couldn't be part of a kernel
version reported by the kernel itself and also qubes-dom0-update
refuses ~ in a package filename.
2. Adjust kernel version to match the above - specifically clear
EXTRAVERSION (-rcXX suffix), as it will be added back as package
release (CONFIG_LOCALVERSION).
3. rc tarballs are available only as a git-generated .tar.gz (not
.tar.xz) and there are no matching detached signatures. While it
would be possible to download a signed tag via git, scripting that
would be overly complex as for the task rarely used. Leave this
verification as a manual step and require sha512 checksum to be
committed into repository.
To build an archive matching upstream one, out of a signed tag, use
command like this:
git archive --prefix=linux-5.4-rc5/ --output=../linux-5.4-rc5.tar.gz v5.4-rc5
While at it, remove obsolete BUILD_FLAVOR variable.
If default kernel was from kernel-latest, update default kernel property
on kernel-latest update (only). Same for other kernel package flavor.
Suggested by @hexagonrecursion
FixesQubesOS/qubes-issues#5309
kernel modules built in VM often use different gcc version, which makes
provided gcc plugins incompatible. Since rebuilding those plugins may
not be straight forward (extra gcc headers needed, possibly kernel
config changes needed if gcc version differs significantly), disable
them for out of tree modules.
FixesQubesOS/qubes-issues#2844
* origin/pr/27:
plymouth: ignore serial console hvc0 in UEFI
Ensure the rebuild of grub.cfg with plymouth.ignore-serial-consoles
plymouth-ignore-serial-consoles: adjusting the method from marmarek suggestion
plymouth: ignore serial console hvc0
Update to kernel-4.20.14
FixesQubesOS/qubes-issues#3849
Default kernel options like root= or plymouth.enable are specific to the
kernel package (and initrd bundled with it). Start migrating away from
built-in defaults in core-admin by adding a file in kernel package
containing those options.
Also, if new enough initramfs is included, add xen_scrub_pages=0 which
will speed up the domain start.
QubesOS/qubes-issues#4839QubesOS/qubes-issues#4736
This will make package installation a little faster, more reproducible
(mkfs.ext3 -d is easier to make/replace with reproducible tool than
kernel driver), and also make disk space estimation more accurate.
