bump roadrunner2/macbook12-spi-driver driver

* origin/pr/161:
  add roadrunner2/macbook12-spi-driver

.gitignore

@@ -1,7 +1,8 @@
-linux-*.tar.bz2
+linux-*.tar.gz
 linux-*.tar.xz
 linux-*.sign
 WireGuard-*.tar.xz
 WireGuard-*.tar.asc
 kernel-*/
 config-base-*
+macbook12-spi-driver-*.tar.gz

0001-xen-netfront-detach-crash.patch

@@ -1,4 +1,4 @@
-From 32862c02a282688aa2b6eaf51e53a1a5cbd16bd4 Mon Sep 17 00:00:00 2001
+From a6b3add4337101ef875423c0888b8ac1cde47c2c Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
  <marmarek@invisiblethingslab.com>
 Date: Thu, 6 Sep 2018 15:09:44 +0200
@@ -16,10 +16,10 @@ http://xen.markmail.org/thread/pw5edbtqienjx4q5
  1 file changed, 4 insertions(+), 3 deletions(-)
 
 diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
-index 8d33970a2950..5c9a0226dc8d 100644
+index 482c6c8b0fb7..8f0a790ec5e7 100644
 --- a/drivers/net/xen-netfront.c
 +++ b/drivers/net/xen-netfront.c
-@@ -1137,9 +1137,10 @@ static void xennet_release_tx_bufs(struct netfront_queue *queue)
+@@ -1138,9 +1138,10 @@ static void xennet_release_tx_bufs(struct netfront_queue *queue)
  
  		skb = queue->tx_skbs[i].skb;
  		get_page(queue->grant_tx_page[i]);
@@ -34,5 +34,5 @@ index 8d33970a2950..5c9a0226dc8d 100644
  		queue->grant_tx_ref[i] = GRANT_INVALID_REF;
  		add_id_to_freelist(&queue->tx_skb_freelist, queue->tx_skbs, i);
 -- 
-2.20.1
+2.21.0
 

0002-mce-hide-EBUSY-initialization-error-on-Xen.patch

@@ -1,4 +1,4 @@
-From 41289a67b087a0d55740334fc0f321398408d784 Mon Sep 17 00:00:00 2001
+From a58197258286cf8dce45cf03b3b2b436b3cf8a99 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
  <marmarek@invisiblethingslab.com>
 Date: Tue, 5 Jan 2016 02:44:04 +0100
@@ -39,7 +39,7 @@ Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
  1 file changed, 9 insertions(+)
 
 diff --git a/arch/x86/kernel/cpu/mce/core.c b/arch/x86/kernel/cpu/mce/core.c
-index 282916f3b8d8..2d6b4703339a 100644
+index 743370ee4983..3af7521b2279 100644
 --- a/arch/x86/kernel/cpu/mce/core.c
 +++ b/arch/x86/kernel/cpu/mce/core.c
 @@ -51,6 +51,10 @@
@@ -53,7 +53,7 @@ index 282916f3b8d8..2d6b4703339a 100644
  #include "internal.h"
  
  static DEFINE_MUTEX(mce_log_mutex);
-@@ -2389,6 +2393,11 @@ static __init int mcheck_init_device(void)
+@@ -2464,6 +2468,11 @@ static __init int mcheck_init_device(void)
  	free_cpumask_var(mce_device_initialized);
  
  err_out:
@@ -66,5 +66,5 @@ index 282916f3b8d8..2d6b4703339a 100644
  
  	return err;
 -- 
-2.20.1
+2.21.0
 

0003-Log-error-code-of-EVTCHNOP_bind_pirq-failure.patch

@@ -1,4 +1,4 @@
-From 7a3613a04ae9fc5d4e454ef50bffc11128409be2 Mon Sep 17 00:00:00 2001
+From da15c0c3af84be25fdd695dddf61524099f4322e Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
  <marmarek@invisiblethingslab.com>
 Date: Sat, 30 Jan 2016 01:53:26 +0100
@@ -10,7 +10,7 @@ Ease debugging of PCI passthrough problems.
  1 file changed, 1 insertion(+), 1 deletion(-)
 
 diff --git a/drivers/xen/events/events_base.c b/drivers/xen/events/events_base.c
-index 2e8570c09789..7494ff7b238a 100644
+index 6c8843968a52..54d2e30683c4 100644
 --- a/drivers/xen/events/events_base.c
 +++ b/drivers/xen/events/events_base.c
 @@ -522,7 +522,7 @@ static unsigned int __startup_pirq(unsigned int irq)
@@ -23,5 +23,5 @@ index 2e8570c09789..7494ff7b238a 100644
  	}
  	evtchn = bind_pirq.port;
 -- 
-2.20.1
+2.21.0
 

0004-pvops-respect-removable-xenstore-flag-for-block-devi.patch

@@ -1,4 +1,4 @@
-From c1fccb4d29f2fb1362810d840d2ef9ee2f2ef4d7 Mon Sep 17 00:00:00 2001
+From 1b9928a04716a54933dcaff9ec7e68323f58090b Mon Sep 17 00:00:00 2001
 From: Marek Marczykowski <marmarek@invisiblethingslab.com>
 Date: Mon, 11 Jun 2012 22:49:31 +0200
 Subject: [PATCH] pvops: respect 'removable' xenstore flag for block devices
@@ -35,5 +35,5 @@ index a74d03913822..e76b999fceca 100644
  				  physical_sector_size);
  	if (err) {
 -- 
-2.20.1
+2.21.0
 

0005-pvops-xen-blkfront-handle-FDEJECT-as-detach-request-.patch

@@ -1,4 +1,4 @@
-From 29e33e1e21f1ef1f1e04483bca05e37a798360ee Mon Sep 17 00:00:00 2001
+From 61d8059c42eaf388b857e0d5c8460ccb76c2f97c Mon Sep 17 00:00:00 2001
 From: Marek Marczykowski <marmarek@invisiblethingslab.com>
 Date: Sun, 15 Jul 2012 19:57:47 +0200
 Subject: [PATCH] pvops/xen-blkfront: handle FDEJECT as detach request (#630)
@@ -30,5 +30,5 @@ index e76b999fceca..db7d28ac9747 100644
  	default:
  		/*printk(KERN_ALERT "ioctl %08x not supported by Xen blkdev\n",
 -- 
-2.20.1
+2.21.0
 

0006-block-add-no_part_scan-module-parameter.patch

@@ -1,4 +1,4 @@
-From 10a2635f42ee839b3ffa6d67f5ae622ca9a09f60 Mon Sep 17 00:00:00 2001
+From 56ce69a0260413418c2845182aa93165c4a1ce42 Mon Sep 17 00:00:00 2001
 From: Rusty Bird <rustybird@openmailbox.org>
 Date: Mon, 11 Jul 2016 13:05:38 +0000
 Subject: [PATCH] block: add no_part_scan module parameter
@@ -15,7 +15,7 @@ the /sys/module/block/parameters/no_part_scan file.
  1 file changed, 12 insertions(+)
 
 diff --git a/block/genhd.c b/block/genhd.c
-index 24654e1d83e6..ce06da45aecd 100644
+index 26b31fcae217..75993c12e123 100644
 --- a/block/genhd.c
 +++ b/block/genhd.c
 @@ -676,6 +676,15 @@ static void register_disk(struct device *parent, struct gendisk *disk,
@@ -34,9 +34,9 @@ index 24654e1d83e6..ce06da45aecd 100644
  /**
   * __device_add_disk - add disk information to kernel list
   * @parent: parent device for the disk
-@@ -695,6 +704,9 @@ static void __device_add_disk(struct device *parent, struct gendisk *disk,
- 	dev_t devt;
- 	int retval;
+@@ -704,6 +713,9 @@ static void __device_add_disk(struct device *parent, struct gendisk *disk,
+ 	if (register_queue)
+ 		elevator_init_mq(disk->queue);
  
 +	if (disk_no_part_scan)
 +		disk->flags |= GENHD_FL_NO_PART_SCAN;
@@ -45,5 +45,5 @@ index 24654e1d83e6..ce06da45aecd 100644
  	 * be accompanied with EXT_DEVT flag.  Make sure all
  	 * parameters make sense.
 -- 
-2.20.1
+2.21.0
 

0007-xen-Add-RING_COPY_RESPONSE.patch

@@ -1,4 +1,4 @@
-From 28ff22aa85bfbe4cc535ffbcc4cf45a271e1ff70 Mon Sep 17 00:00:00 2001
+From 76c089d06f5ff8dc7a54c3e5ef7d2f1447ca8ec4 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
  <marmarek@invisiblethingslab.com>
 Date: Tue, 15 Dec 2015 21:35:14 +0100
@@ -54,5 +54,5 @@ index 3f40501fc60b..03702f6874df 100644
  #define RING_REQUEST_CONS_OVERFLOW(_r, _cons)				\
      (((_cons) - (_r)->rsp_prod_pvt) >= RING_SIZE(_r))
 -- 
-2.20.1
+2.21.0
 

0008-xen-netfront-copy-response-out-of-shared-buffer-befo.patch

@@ -1,4 +1,4 @@
-From 6c7b9e32eb26ad5c535126c8775e2e4c68b0d57a Mon Sep 17 00:00:00 2001
+From 688769df7c2365ae836eb755ccf5b196b45cbd56 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
  <marmarek@invisiblethingslab.com>
 Date: Wed, 16 Dec 2015 05:09:55 +0100
@@ -18,7 +18,7 @@ Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
  1 file changed, 25 insertions(+), 26 deletions(-)
 
 diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
-index 5c9a0226dc8d..b981a17f2edd 100644
+index 8f0a790ec5e7..abb9b3cd87b8 100644
 --- a/drivers/net/xen-netfront.c
 +++ b/drivers/net/xen-netfront.c
 @@ -385,13 +385,13 @@ static void xennet_tx_buf_gc(struct netfront_queue *queue)
@@ -142,7 +142,7 @@ index 5c9a0226dc8d..b981a17f2edd 100644
  		skb = xennet_get_rx_skb(queue, cons + slots);
  		ref = xennet_get_rx_ref(queue, cons + slots);
  		slots++;
-@@ -895,9 +894,9 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue,
+@@ -895,9 +894,9 @@ static int xennet_fill_frags(struct netfront_queue *queue,
  	struct sk_buff *nskb;
  
  	while ((nskb = __skb_dequeue(list))) {
@@ -154,7 +154,7 @@ index 5c9a0226dc8d..b981a17f2edd 100644
  
  		if (skb_shinfo(skb)->nr_frags == MAX_SKB_FRAGS) {
  			unsigned int pull_to = NETFRONT_SKB_CB(skb)->pull_to;
-@@ -913,7 +912,7 @@ static RING_IDX xennet_fill_frags(struct netfront_queue *queue,
+@@ -913,7 +912,7 @@ static int xennet_fill_frags(struct netfront_queue *queue,
  
  		skb_add_rx_frag(skb, skb_shinfo(skb)->nr_frags,
  				skb_frag_page(nfrag),
@@ -163,7 +163,7 @@ index 5c9a0226dc8d..b981a17f2edd 100644
  
  		skb_shinfo(nskb)->nr_frags = 0;
  		kfree_skb(nskb);
-@@ -1009,7 +1008,7 @@ static int xennet_poll(struct napi_struct *napi, int budget)
+@@ -1011,7 +1010,7 @@ static int xennet_poll(struct napi_struct *napi, int budget)
  	i = queue->rx.rsp_cons;
  	work_done = 0;
  	while ((i != rp) && (work_done < budget)) {
@@ -173,5 +173,5 @@ index 5c9a0226dc8d..b981a17f2edd 100644
  
  		err = xennet_get_responses(queue, &rinfo, rp, &tmpq);
 -- 
-2.20.1
+2.21.0
 

0009-xen-netfront-do-not-use-data-already-exposed-to-back.patch

@@ -1,4 +1,4 @@
-From 9dac7f65e7ce9ba42a3edfa24a87b18bd484ef43 Mon Sep 17 00:00:00 2001
+From f2452d28602c2de1d69d5ca2e34e6771374414a1 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
  <marmarek@invisiblethingslab.com>
 Date: Wed, 16 Dec 2015 05:19:37 +0100
@@ -20,7 +20,7 @@ Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
  1 file changed, 5 insertions(+), 4 deletions(-)
 
 diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
-index b981a17f2edd..66e972918f5b 100644
+index abb9b3cd87b8..56c8a4a32672 100644
 --- a/drivers/net/xen-netfront.c
 +++ b/drivers/net/xen-netfront.c
 @@ -456,7 +456,7 @@ static void xennet_tx_setup_grant(unsigned long gfn, unsigned int offset,
@@ -60,5 +60,5 @@ index b981a17f2edd..66e972918f5b 100644
  	if (skb->ip_summed == CHECKSUM_PARTIAL)
  		/* local packet? */
 -- 
-2.20.1
+2.21.0
 

0010-xen-netfront-add-range-check-for-Tx-response-id.patch

@@ -1,4 +1,4 @@
-From 9b0c48ef89505f95f495fc1d48ee2f489b657999 Mon Sep 17 00:00:00 2001
+From b5bc80763b7bf0f9e32a9a4d4f930ff50d02385d Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
  <marmarek@invisiblethingslab.com>
 Date: Wed, 16 Dec 2015 05:22:24 +0100
@@ -19,7 +19,7 @@ Signed-off-by: Marek Marczykowski-Górecki <marmarek@invisiblethingslab.com>
  1 file changed, 1 insertion(+)
 
 diff --git a/drivers/net/xen-netfront.c b/drivers/net/xen-netfront.c
-index 66e972918f5b..a8a5da7461fc 100644
+index 56c8a4a32672..e11df925c0dc 100644
 --- a/drivers/net/xen-netfront.c
 +++ b/drivers/net/xen-netfront.c
 @@ -392,6 +392,7 @@ static void xennet_tx_buf_gc(struct netfront_queue *queue)
@@ -31,5 +31,5 @@ index 66e972918f5b..a8a5da7461fc 100644
  			if (unlikely(gnttab_query_foreign_access(
  				queue->grant_tx_ref[id]) != 0)) {
 -- 
-2.20.1
+2.21.0
 

0011-xen-blkfront-make-local-copy-of-response-before-usin.patch

@@ -1,4 +1,4 @@
-From e0da6b06520aafefa2809098f4b993a04e70abee Mon Sep 17 00:00:00 2001
+From def16082c5e64f97d5d138ae638a6cde7a136432 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
  <marmarek@invisiblethingslab.com>
 Date: Wed, 16 Dec 2015 05:51:10 +0100
@@ -124,5 +124,5 @@ index db7d28ac9747..3f6dbaf0265b 100644
  			break;
  		default:
 -- 
-2.20.1
+2.21.0
 

0012-xen-blkfront-prepare-request-locally-only-then-put-i.patch

@@ -1,4 +1,4 @@
-From 752af3d52ee9cc908988683cdd776152652e21d8 Mon Sep 17 00:00:00 2001
+From 115094605c08f2e2790f6110f7fdc002122e0788 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?=
  <marmarek@invisiblethingslab.com>
 Date: Wed, 16 Dec 2015 06:07:14 +0100
@@ -187,5 +187,5 @@ index 3f6dbaf0265b..37235ab63ca9 100644
  	if (new_persistent_gnts)
  		gnttab_free_grant_references(setup.gref_head);
 -- 
-2.20.1
+2.21.0
 

0013-xen-pcifront-pciback-Update-pciif.h-with-err-and-res.patch

@@ -1,4 +1,4 @@
-From ae98e33fcffb88d43732018c3a7427c41f6acd5c Mon Sep 17 00:00:00 2001
+From 6a9f5a2435d3845b41f32b3768bb1c25bba1be2d Mon Sep 17 00:00:00 2001
 From: Konrad Rzeszutek Wilk <konrad.wilk@oracle.com>
 Date: Wed, 1 Apr 2015 17:01:26 -0400
 Subject: [PATCH] xen/pcifront/pciback: Update pciif.h with ->err and ->result
@@ -71,5 +71,5 @@ index d9922ae36eb5..c8b674fd2455 100644
  	/* IN: Contains extra infor for this operation */
  	uint32_t info;
 -- 
-2.20.1
+2.21.0
 

0014-xen-pciback-add-attribute-to-allow-MSI-enable-flag-w.patch

@@ -1,4 +1,4 @@
-From 5fa9a8629bacf9c61e236f517ae67e18f0f4b5d4 Mon Sep 17 00:00:00 2001
+From 3a7edaa90f1b3d7066ba9c227577039e4285cb3d Mon Sep 17 00:00:00 2001
 From: HW42 <hw42@ipsumj.de>
 Date: Tue, 12 Sep 2017 00:49:02 +0200
 Subject: [PATCH] xen-pciback: add attribute to allow MSI enable flag writes
@@ -20,10 +20,10 @@ guest (or stubdom) can already generate MSIs through other ways, see
  3 files changed, 104 insertions(+)
 
 diff --git a/drivers/xen/xen-pciback/conf_space_capability.c b/drivers/xen/xen-pciback/conf_space_capability.c
-index 73427d8e0116..a277ddc7f7b4 100644
+index e5694133ebe5..4be817f448c3 100644
 --- a/drivers/xen/xen-pciback/conf_space_capability.c
 +++ b/drivers/xen/xen-pciback/conf_space_capability.c
-@@ -190,6 +190,40 @@ static const struct config_field caplist_pm[] = {
+@@ -189,6 +189,40 @@ static const struct config_field caplist_pm[] = {
  	{}
  };
  
@@ -64,7 +64,7 @@ index 73427d8e0116..a277ddc7f7b4 100644
  static struct xen_pcibk_config_capability xen_pcibk_config_capability_pm = {
  	.capability = PCI_CAP_ID_PM,
  	.fields = caplist_pm,
-@@ -198,11 +232,16 @@ static struct xen_pcibk_config_capability xen_pcibk_config_capability_vpd = {
+@@ -197,11 +231,16 @@ static struct xen_pcibk_config_capability xen_pcibk_config_capability_vpd = {
  	.capability = PCI_CAP_ID_VPD,
  	.fields = caplist_vpd,
  };
@@ -190,5 +190,5 @@ index 263c059bff90..796f949c92be 100644
  	unsigned int enable_intx:1;
  	unsigned int isr_on:1; /* Whether the IRQ handler is installed. */
 -- 
-2.20.1
+2.21.0
 

Makefile

@@ -11,14 +11,11 @@ SOURCEDIR := $(WORKDIR)
 
 NO_OF_CPUS := $(shell grep -c ^processor /proc/cpuinfo)
 
-BUILD_FLAVOR := pvops
-
 RPM_DEFINES := --define "_sourcedir $(SOURCEDIR)" \
 		--define "_specdir $(SPECDIR)" \
 		--define "_builddir $(BUILDDIR)" \
 		--define "_srcrpmdir $(SRCRPMDIR)" \
-		--define "_rpmdir $(RPMDIR)" \
-		--define "build_flavor $(BUILD_FLAVOR)"
+		--define "_rpmdir $(RPMDIR)"
 
 ifndef NAME
 $(error "You can not run this Makefile without having NAME defined")
@@ -30,6 +27,13 @@ ifndef RELEASE
 RELEASE := $(shell cat rel)
 endif
 
+ifneq ($(VERSION),$(subst -rc,,$(VERSION)))
+DOWNLOAD_FROM_GIT=1
+VERIFICATION := hash
+else
+VERIFICATION := signature
+endif
+
 all: help
 
 MIRROR := cdn.kernel.org
@@ -39,25 +43,35 @@ else
 SRC_BASEURL := $(DISTFILES_MIRROR)
 endif
 
+ifeq ($(VERIFICATION),signature)
 SRC_FILE := linux-${VERSION}.tar.xz
-ifeq ($(BUILD_FLAVOR),pvops)
 SIGN_FILE := linux-${VERSION}.tar.sign
 else
-SIGN_FILE := linux-${VERSION}.tar.bz2.sign
+SRC_FILE := linux-${VERSION}.tar.gz
+HASH_FILE := $(SRC_FILE).sha512
 endif
-HASH_FILE :=${SRC_FILE}.sha1sum
 
-WG_BASE_URL := https://git.zx2c4.com/WireGuard/snapshot
-WG_SRC_FILE := WireGuard-0.0.20190702.tar.xz
+WG_BASE_URL := https://git.zx2c4.com/wireguard-linux-compat/snapshot
+WG_SRC_FILE := wireguard-linux-compat-0.0.20200121.tar.xz
 
 WG_SRC_URL := $(WG_BASE_URL)/$(WG_SRC_FILE)
 WG_SIG_FILE := $(WG_SRC_FILE:%.xz=%.asc)
 WG_SIG_URL := $(WG_BASE_URL)/$(WG_SIG_FILE)
 
+SPI_BASE_URL := https://github.com/roadrunner2/macbook12-spi-driver/archive
+SPI_REVISION := ddfbc7733542b8474a0e8f593aba91e06542be4f
+SPI_SRC_URL := $(SPI_BASE_URL)/$(SPI_REVISION).tar.gz
+SPI_SRC_FILE := macbook12-spi-driver-$(SPI_REVISION).tar.gz
+SPI_HASH_SHA256 := 8039f103fbb351ecbbaddd540feeb7b0b1abfa216f0689a611e43d997426470e
+
 URL := $(SRC_BASEURL)/$(SRC_FILE)
 URL_SIGN := $(SRC_BASEURL)/$(SIGN_FILE)
 
-get-sources: $(SRC_FILE) $(SIGN_FILE) $(WG_SRC_FILE) $(WG_SIG_FILE)
+ifeq ($(DOWNLOAD_FROM_GIT),1)
+URL := https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/snapshot/linux-$(VERSION).tar.gz
+endif
+
+get-sources: $(SRC_FILE) $(SIGN_FILE) $(WG_SRC_FILE) $(WG_SIG_FILE) $(SPI_SRC_FILE)
 
 $(SRC_FILE):
 	@wget -q -N $(URL)
@@ -71,6 +85,9 @@ $(WG_SRC_FILE):
 $(WG_SIG_FILE):
 	@wget -q -N $(WG_SIG_URL)
 
+$(SPI_SRC_FILE):
+	@wget -q -N -O $(SPI_SRC_FILE) $(SPI_SRC_URL)
+
 import-keys:
 	@if [ -n "$$GNUPGHOME" ]; then rm -f "$$GNUPGHOME/linux-kernel-trustedkeys.gpg"; fi
 	@gpg --no-auto-check-trustdb --no-default-keyring --keyring linux-kernel-trustedkeys.gpg -q --import kernel*-key.asc
@@ -79,15 +96,14 @@ import-keys:
 
 verify-sources: import-keys
 	@xzcat $(WG_SRC_FILE) | gpgv --keyring wireguard-trustedkeys.gpg $(WG_SIG_FILE) - 2>/dev/null
-ifeq ($(BUILD_FLAVOR),pvops)
+ifeq ($(VERIFICATION),signature)
 	@xzcat $(SRC_FILE) | gpgv --keyring linux-kernel-trustedkeys.gpg $(SIGN_FILE) - 2>/dev/null
 else
-#	@gpg --verify $(SIGN_FILE) $(SRC_FILE)
-#	The key has been compromised
-#	and kernel.org decided not to release signature
-#	with a new key... oh, well...
-	sha1sum --quiet -c ${HASH_FILE}
+	# there are no signatures for rc tarballs
+	# verify locally based on a signed git tag and commit hash file
+	sha512sum --quiet -c $(HASH_FILE)
 endif
+	@gunzip -c $(SPI_SRC_FILE) | sha256sum | head -c64 | grep -q "^$(SPI_HASH_SHA256)$$"
 
 .PHONY: clean-sources
 clean-sources:
@@ -97,6 +113,9 @@ endif
 ifneq ($(WG_SRC_FILE), None)
 	-rm $(WG_SRC_FILE) $(WG_SIG_FILE)
 endif
+ifneq ($(SPI_SRC_FILE), None)
+	-rm $(SPI_SRC_FILE)
+endif
 
 
 #RPM := rpmbuild --buildroot=/dev/shm/buildroot/

config-qubes

@@ -76,12 +76,6 @@ CONFIG_SECURITY_YAMA=y
 # CONFIG_HOTPLUG_PCI is not set
 
 
-################################################################################
-## We don't use singed modules
-
-# CONFIG_MODULE_SIG is not set
-
-
 ################################################################################
 ## Deactivate selinux by default
 

gen-config

@@ -20,9 +20,9 @@ set -eu -o pipefail
 linux_merge_config="./scripts/kconfig/merge_config.sh"
 make_opts=""
 
-if [ -n "${RPM_PACKAGE_VERSION:-}" ]; then
-    linux_merge_config="../linux-$RPM_PACKAGE_VERSION/scripts/kconfig/merge_config.sh"
-    make_opts="-C ../linux-$RPM_PACKAGE_VERSION O=$PWD"
+if [ -n "${LINUX_UPSTREAM_VERSION:-}" ]; then
+    linux_merge_config="../linux-$LINUX_UPSTREAM_VERSION/scripts/kconfig/merge_config.sh"
+    make_opts="-C ../linux-$LINUX_UPSTREAM_VERSION O=$PWD"
 fi
 
 if [ -z "$linux_merge_config" ]; then

get-fedora-latest-config

@@ -9,10 +9,18 @@ fi
 
 localdir="$(dirname "$(readlink -f "$0")")"
 releasever="$1"
+# Set to 1 to include rc srpm
+rc="$2"
 
 kernelver="$(cat "$localdir/version")"
 kernelsrc="linux-$kernelver"
 
+exit_clean() {
+    local exit_code=$?
+    rm -rf "$tmpdir"
+    exit "${exit_code}"
+}
+
 errecho() {
     >&2 echo "$@"
 }
@@ -33,7 +41,11 @@ elif [ "x$releasever" == "x" ]; then
 fi
 
 # get the latest kernel rpm
-latestver=$(dnf -q repoquery kernel-core --disablerepo=* --enablerepo=fedora --enablerepo=updates --releasever="$releasever" | sort -V | tail -1 | cut -d ':' -f2)
+latestver=$(dnf -q repoquery kernel-core --disablerepo=* --enablerepo=fedora --enablerepo=updates --releasever="$releasever")
+if [ "$rc" != "1" ]; then
+latestver=$(echo "$latestver" | grep -v "rc[0-9]*")
+fi
+latestver=$(echo "$latestver" | sort -V | tail -1 | cut -d ':' -f2)
 latestrpm="kernel-core-$latestver.rpm"
 
 if [ "$releasever" == 'rawhide' ]; then
@@ -41,8 +53,9 @@ if [ "$releasever" == 'rawhide' ]; then
 fi
 
 if [ "x$latestrpm" != "x" ] && [ "x$releasever" != "x" ]; then
-    key="$localdir/keys/RPM-GPG-KEY-fedora-$releasever-primary"
+    key="$localdir/../builder-rpm/keys/RPM-GPG-KEY-fedora-$releasever-primary"
 
+    trap 'exit_clean' 0 1 2 3 6 15
     tmpdir="$(mktemp -d -p "$localdir")"
     # download latest kernel rpm
     dnf -q download kernel-core --disablerepo=* --enablerepo=fedora --enablerepo=updates --releasever="$releasever"

kernel.org-1-key.asc

@@ -0,0 +1,37 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQENBE55CJIBCACkn+aOLmsaq1ejUcXCAOXkO3w7eiLqjR/ziTL2KZ30p7bxP8cT
+UXvfM7fwE7EnqCCkji25x2xsoKXB8AlUswIEYUFCOupj2BOsVmJ/rKZW7fCvKTOK
++BguKjebDxNbgmif39bfSnHDWrW832f5HrYmZn7a/VySDQFdul8Gl/R6gs6PHJbg
+jjt+K7Px6cQVMVNvY/VBWdvA1zckO/4h6gf3kWWZN+Wlq8wv/pxft8QzNFgweH9o
+5bj4tnQ+wMCLCLiDsgEuVawoOAkg3dRMugIUoiKoBKw7b21q9Vjp4jezRvciC6Ys
+4kGUSFG1ZjIn3MpY3f3xZ3yuYwrxQ8JcA7KTABEBAAG0JExpbnVzIFRvcnZhbGRz
+IDx0b3J2YWxkc0BrZXJuZWwub3JnPokBTgQTAQgAOBYhBKuvEcZaKXCxMKvjxHm+
+PkMAQRiGBQJaHxkTAhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEHm+PkMA
+QRiGzMcH/ieyxrsHR0ng3pi+qy1/sLiTT4WEBN53+1FsGWdP6/DCD3sprFdWDkkB
+Dfh9vPCVzPqX7siZMJxw3+wOfjNnGBRiGj7mTE/1XeXJHDwFRyBEVa/bY8ExLKbv
+Bf+xpiWOg2Myj5RYaOUBFbOEtfTPob0FtvfZvK3PXkjODTHhDH7QJT2zNPivHG+E
+R5VyF1yJEpl10rDTM91NhEeV0n4wpfZkgL8a3JSzo9H2AJX3y35+Dk9wtNge440Z
+SVWAnjwxhBLX2R0LUszRhU925c0vP2l20eFncBmAT0NKpn7v9a670WHv45PluG+S
+KKktf6b5/BtfqpC3eV58I6FEtSVpM1u0LkxpbnVzIFRvcnZhbGRzIDx0b3J2YWxk
+c0BsaW51eC1mb3VuZGF0aW9uLm9yZz6JATgEEwECACIFAk55CJICGwMGCwkIBwMC
+BhUIAgkKCwQWAgMBAh4BAheAAAoJEHm+PkMAQRiGbpwH/2jMNyBq6SjFrltEwt6c
+wOJak1lkjpP5IfFMemfKPH03jBv98Yb7nnVE/VofRQi0erPvzU9HPitzmq9Hdaz8
+pTVD1nNiejn6MBHREY5T10U8J9Holn9S1G3CUvEUaBg+YEhHwWA8hhxFCIRcfz6N
+PRkZH5zi9xdXBnjLrE3CpoZwVguwCT/25DuSqqJnviKiH+BOvJi/BnHSnjV1J71M
+OpVabaTZKxQ1Qkwiyo7KRa/MrBV4Cw87MjF1jmja91wWNOuAwv1ST+aSaI038zcl
+VqbFrc9gHkTeP3o5p8DG3Q7A1pE/yVLRUW+3jucKtiojylWaqxX7FD0RZtIuhNsU
+ig+5AQ0ETnkIkgEIAN+ybgD0IlgKRPJ3eksafd+KORseBWwxUy3GH0yAg/4jZCsf
+HZ7jpbRKzxNTKW1kE6ClSqehUsuXT5Vc1eh6079erN3y+JNxl6zZPC9v+5GNyc28
+qSfNejt4wmwa/y86T7oQfgo77o8Gu/aO/xzOjw7jSDDR3u9p/hFVtsqzptxZzvs3
+hVaiLS+0mar9qYZheaCUqOXOKVo38Vg5gkOhMEwKvZs9x3fINU/t8ckxOHq6KiLa
+p5Bq87XP0ZJsCaMBwdLYhOFxAiEVtlzwyo3DvMplIahqqNELb71YDhpMq/Hu+42o
+R3pqASCPLfO/0GUSdAGXJVhv7L7ng02ETSBmVOUAEQEAAYkBHwQYAQIACQUCTnkI
+kgIbDAAKCRB5vj5DAEEYhuobB/9Fi1GVG5qnPq14S0WKYEW3N891L37LaXmDh977
+r/j2dyZOoYIiV4rx6a6urhq9UbcgNw/ke01TNM4y7EhW/lFnxJQXSMjdsXGcb9Hw
+UevDk2FMV1h9gkHLlqRUlTpjVdQwTB9wMd4bWhZsxybTnGh6o8dCwBEaGNsHsSBY
+O81OXrTE/fcZEgKCeKW2xdKRiazu6Mu5WLU6gBy2nOc6oL2zKJZjACfllQzBx5+6
+z2N4Sj0JBOobz4RR2JLElMEckMbdqbIS+c+n02ItMmCORgakf74k+TEbaZx3ZTVH
+nhvqQqanZz1i4I5IwHJxkUsYLddgYrylZH+MwNDlB5u3I138
+=d8eq
+-----END PGP PUBLIC KEY BLOCK-----

kernel.spec.in

@@ -2,10 +2,19 @@
 # Based on the Open SUSE kernel-spec & Fedora kernel-spec.
 #
 
-%define variant pvops.qubes
+%define variant qubes
 %define plainrel @REL@
 %define rel %{plainrel}.%{variant}
-%define version @VERSION@
+%define version %(echo '@VERSION@' | sed 's/~rc.*/.0/')
+%define upstream_version %(echo '@VERSION@' | sed 's/~rc/-rc/')
+%if "%{version}" != "%{upstream_version}"
+%define prerelease 1
+%define rel 0.%(echo '@VERSION@' | sed 's/.*~rc/rc/').%{plainrel}.%{variant}
+%else
+%define prerelease 0
+%define rel %{plainrel}.%{variant}
+%endif
+
 %define name_suffix -latest
 
 %define _buildshell /bin/bash
@@ -14,13 +23,13 @@
 %global cpu_arch x86_64
 %define cpu_arch_flavor %cpu_arch
 
-%define kernelrelease %(echo %{version} | sed 's/^3\\.[0-9]\\+$/\\0.0/')-%rel.%cpu_arch
+%define kernelrelease %(echo %{upstream_version} | sed 's/^[0-9]\\.[0-9]\\+$/\\0.0/;s/-rc.*/.0/')-%rel.%cpu_arch
 %define my_builddir %_builddir/%{name}-%{version}
 
-%define build_src_dir %my_builddir/linux-%version
+%define build_src_dir %my_builddir/linux-%upstream_version
 %define src_install_dir /usr/src/kernels/%kernelrelease
 %define kernel_build_dir %my_builddir/linux-obj
-%define vm_install_dir /var/lib/qubes/vm-kernels/%version-%{plainrel}
+%define vm_install_dir /var/lib/qubes/vm-kernels/%upstream_version-%{plainrel}
 
 %define install_vdso 1
 %define debuginfodir /usr/lib/debug
@@ -28,6 +37,9 @@
 # debuginfo build is disabled by default to save disk space (it needs 2-3GB build time)
 %define with_debuginfo 0
 
+# Sign all modules
+%global signmodules 1
+
 %if !%{with_debuginfo}
 %global debug_package %{nil}
 %define setup_config --disable CONFIG_DEBUG_INFO
@@ -49,7 +61,9 @@ BuildRequires:  qubes-kernel-vm-support
 BuildRequires:  dracut
 BuildRequires:  busybox
 BuildRequires:  bc
+BuildRequires:  openssl
 BuildRequires:  openssl-devel
+BuildRequires:  python3-devel
 BuildRequires:  gcc-plugin-devel
 BuildRequires:  elfutils-libelf-devel
 BuildRequires:  bison
@@ -92,17 +106,23 @@ Conflicts:      lvm2 < 2.02.33
 Provides:       kernel = %kernelrelease
 Provides:       kernel-uname-r = %kernelrelease
 
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 ExclusiveArch:  x86_64
 
-Source0:        linux-%version.tar.xz
-Source5:	WireGuard-0.0.20190702.tar.xz
+%if !%{prerelease}
+Source0:        linux-%{upstream_version}.tar.xz
+%else
+Source0:        linux-%{upstream_version}.tar.gz
+%endif
+Source5:	wireguard-linux-compat-0.0.20200121.tar.xz
+Source6:        macbook12-spi-driver-ddfbc7733542b8474a0e8f593aba91e06542be4f.tar.gz
 Source16:       guards
 Source17:       apply-patches
+Source18:       mod-sign.sh
 Source33:       check-for-config-changes
 Source34:       gen-config
 Source100:      config-base
 Source101:      config-qubes
+%define modsign_cmd %{SOURCE18}
 
 Patch0: 0001-xen-netfront-detach-crash.patch
 Patch1: 0002-mce-hide-EBUSY-initialization-error-on-Xen.patch
@@ -123,22 +143,42 @@ Patch13: 0014-xen-pciback-add-attribute-to-allow-MSI-enable-flag-w.patch
 Qubes Dom0 kernel.
 
 %prep
-if ! [ -e %_sourcedir/linux-%version.tar.xz ]; then
-    echo "The %name-%version.nosrc.rpm package does not contain the" \
-         "complete sources. Please install kernel-source-%version.src.rpm."
-    exit 1
-fi
-
 SYMBOLS="xen-dom0 pvops"
 
 # Unpack all sources and patches
 %autosetup -N -c -T -a 0
 
+export LINUX_UPSTREAM_VERSION=%{upstream_version}
+
 mkdir -p %kernel_build_dir
 
-cd linux-%version
+cd linux-%upstream_version
 %autopatch -p1
 
+# drop EXTRAVERSION - possible -rc suffix already included in %release
+sed -i -e 's/^EXTRAVERSION = -rc.*/EXTRAVERSION =/' Makefile
+
+%if 0%{?fedora} >= 31
+# Mangle /usr/bin/python shebangs to /usr/bin/python3
+# Mangle all Python shebangs to be Python 3 explicitly
+# -p preserves timestamps
+# -n prevents creating ~backup files
+# -i specifies the interpreter for the shebang
+# This fixes errors such as
+# *** ERROR: ambiguous python shebang in /usr/bin/kvm_stat: #!/usr/bin/python. Change it to python3 (or python2) explicitly.
+# We patch all sources below for which we got a report/error.
+pathfix.py -i "%{__python3} %{py3_shbang_opts}" -p -n \
+	tools/kvm/kvm_stat/kvm_stat \
+	scripts/show_delta \
+	scripts/diffconfig \
+	scripts/bloat-o-meter \
+	tools/perf/tests/attr.py \
+	tools/perf/scripts/python/stat-cpi.py \
+	tools/perf/scripts/python/sched-migration.py \
+	Documentation \
+	scripts/gen_compile_commands.py
+%endif
+
 cd %kernel_build_dir
 
 # Create QubesOS config kernel
@@ -147,7 +187,7 @@ cd %kernel_build_dir
 %build_src_dir/scripts/config \
         --set-str CONFIG_LOCALVERSION -%release.%cpu_arch %{setup_config}
 
-MAKE_ARGS="$MAKE_ARGS -C %build_src_dir O=$PWD"
+MAKE_ARGS="$MAKE_ARGS -C %build_src_dir O=$PWD KERNELRELEASE=%{kernelrelease}"
 
 make prepare $MAKE_ARGS
 make scripts $MAKE_ARGS
@@ -173,6 +213,9 @@ rm -rf %_builddir/wireguard
 tar x -C %_builddir -Jpf %{SOURCE5}
 mv %_builddir/$(basename %{SOURCE5} .tar.xz) %_builddir/wireguard
 
+rm -rf %_builddir/macbook12-spi-driver
+tar -x -C %_builddir -zf %{SOURCE6}
+mv %_builddir/$(basename %{SOURCE6} .tar.gz) %_builddir/macbook12-spi-driver
 
 %build
 
@@ -189,6 +232,31 @@ if [ -d "%_builddir/wireguard" ]; then
     make -C %kernel_build_dir M=%_builddir/wireguard/src modules
 fi
 
+# Build applespi, apple-ibridge, apple-ib-tb, apple-ib-als modules
+if [ -d "%_builddir/macbook12-spi-driver" ]; then
+    make -C %kernel_build_dir M=%_builddir/macbook12-spi-driver modules
+fi
+
+%define __modsign_install_post \
+  if [ "%{signmodules}" -eq "1" ]; then \
+    %{modsign_cmd} certs/signing_key.pem certs/signing_key.x509 $RPM_BUILD_ROOT/lib/modules/%kernelrelease/ \
+  fi \
+%{nil}
+
+#
+# Disgusting hack alert! We need to ensure we sign modules *after* all
+# invocations of strip occur, which is in __debug_install_post if
+# find-debuginfo.sh runs, and __os_install_post if not.
+#
+
+%define __spec_install_post \
+  %{?__debug_package:%{__debug_install_post}}\
+  %{__arch_install_post}\
+  %{__os_install_post}\
+  %{?__remove_unwanted_dbginfo_install_post}\
+  %{__modsign_install_post}
+
+
 %install
 
 # get rid of /usr/lib/rpm/brp-strip-debug
@@ -228,6 +296,9 @@ fi
 if [ -d "%_builddir/wireguard" ]; then
     make modules_install $MAKE_ARGS INSTALL_MOD_PATH=%buildroot M=%_builddir/wireguard/src
 fi
+if [ -d "%_builddir/macbook12-spi-driver" ]; then
+    make modules_install $MAKE_ARGS INSTALL_MOD_PATH=%buildroot M=%_builddir/macbook12-spi-driver
+fi
 
 mkdir -p %buildroot/%src_install_dir
 
@@ -255,10 +326,10 @@ fi
 
 rm -rf %buildroot/lib/modules/%kernelrelease/build/Documentation
 
-# disable GCC plugins for external modules build, to not fail if different gcc
-# version is used
-sed -e 's/^\(CONFIG_GCC_PLUGIN.*\)=y/# \1 is not set/' .config > \
-        %buildroot/lib/modules/%kernelrelease/build/.config
+# Remove useless scripts that creates ERROR with ambiguous shebang
+# that are removed too in Fedora
+rm -rf %buildroot/lib/modules/%kernelrelease/build/scripts/tracing
+rm -f %buildroot/lib/modules/%kernelrelease/build/scripts/spdxcheck.py
 
 rm -f %buildroot/lib/modules/%kernelrelease/build/scripts/*.o
 rm -f %buildroot/lib/modules/%kernelrelease/build/scripts/*/*.o
@@ -280,6 +351,13 @@ if [ -f tools/objtool/objtool ]; then
     popd
 fi
 
+# disable GCC plugins for external modules build, to not fail if different gcc
+# version is used
+sed -e 's/^\(CONFIG_GCC_PLUGIN.*\)=y/# \1 is not set/' .config > \
+        %buildroot/lib/modules/%kernelrelease/build/.config
+sed -e '/^#define CONFIG_GCC_PLUGIN/d' include/generated/autoconf.h > \
+        %buildroot/lib/modules/%kernelrelease/build/include/generated/autoconf.h
+
 # Copy .config to include/config/auto.conf so "make prepare" is unnecessary.
 cp %buildroot/lib/modules/%kernelrelease/build/.config %buildroot/lib/modules/%kernelrelease/build/include/config/auto.conf
 
@@ -287,6 +365,7 @@ cp %buildroot/lib/modules/%kernelrelease/build/.config %buildroot/lib/modules/%k
 # external modules can be built
 touch -r %buildroot/lib/modules/%kernelrelease/build/Makefile %buildroot/lib/modules/%kernelrelease/build/include/generated/uapi/linux/version.h
 touch -r %buildroot/lib/modules/%kernelrelease/build/.config %buildroot/lib/modules/%kernelrelease/build/include/config/auto.conf
+touch -r %buildroot/lib/modules/%kernelrelease/build/.config %buildroot/lib/modules/%kernelrelease/build/include/generated/autoconf.h
 
 if test -s vmlinux.id; then
 cp vmlinux.id %buildroot/lib/modules/%kernelrelease/build/vmlinux.id
@@ -427,7 +506,7 @@ if [ -n "$SOURCE_DATE_EPOCH" ]; then
 fi
 PATH="/sbin:$PATH" mkfs.ext3 -d %buildroot%vm_install_dir/modules \
       -U dcee2318-92bd-47a5-a15d-e79d1412cdce \
-      %buildroot%vm_install_dir/modules.img 500M
+      %buildroot%vm_install_dir/modules.img 1024M
 rm -rf %buildroot%vm_install_dir/modules
 %endif
 
@@ -555,23 +634,26 @@ rmdir /tmp/qubes-modules-%kernelrelease
 mv /tmp/qubes-modules-%kernelrelease.img %vm_install_dir/modules.img
 %endif
 
-%if "%{?name_suffix}" == ""
+current_default="$(qubes-prefs default-kernel)"
+current_default_path="/var/lib/qubes/vm-kernels/$current_default"
+current_default_package="$(rpm --qf '%{NAME}' -qf "$current_default_path")"
+if [ "$current_default_package" = "%{name}-qubes-vm" ]; then
 # Set kernel as default VM kernel if we are the default package.
 
 # If qubes-prefs isn't installed yet, the default kernel will be set by %post
 # of qubes-core-dom0
-type qubes-prefs &>/dev/null && qubes-prefs --set default-kernel %version-%plainrel
-%endif
+type qubes-prefs &>/dev/null && qubes-prefs --set default-kernel %upstream_version-%plainrel
+fi
 
 exit 0
 
 %preun qubes-vm
 
-if [ "`qubes-prefs -g default-kernel`" == "%version-%plainrel" ]; then
+if [ "`qubes-prefs -g default-kernel`" == "%upstream_version-%plainrel" ]; then
     echo "This kernel version is set as default VM kernel, cannot remove"
     exit 1
 fi
-if qvm-ls --kernel | grep -qw "%version-%plainrel"; then
+if qvm-ls --kernel | grep -qw "%upstream_version-%plainrel"; then
     echo "This kernel version is used by at least one VM, cannot remove"
     exit 1
 fi

keys/RPM-GPG-KEY-fedora-25-primary

@@ -1,30 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1
-
-mQINBFb9YzMBEACy1RmbMa6MNIpfHYxLwgCgBVnFYCdCHZqWfYYYK14potfJ9uI2
-4Y4w+oHiLeZ/HoG1EBQiDfXHetGZECAKEYQlE7BbRBcd3An9GalKTkWzcshhHFx7
-f5JIprL0uY8x2D9HmCfAjMxoh6usWjmAQ+DUYd48iYCkahyZa0/2CgX9HIcEz/M/
-oDeQbTwzw9AQbQz382oOErfRaXE/DQrjlx2ln0iejidiOe7DzGZOH9/Foc2KN062
-A9VnZ7tU1ACKT8NxZ78RaBL3qmvMGdb7kf7GywjpRNo4J7XCQUP+nP51eCur2wMS
-4mY2idDL8Ojouta79pPrviVLmwzunJoFnBcnIhbndebdxPqgOA5XAOaTdLtgurMq
-90V45DPyJpkdEyptovksH7zYNGEIGB8cFmrVgUwriB0TLNJTEcM4Knbh4imfTX42
-vCE+rEHn3YVqubG7rggibKznJbflwQcqOYZHLlPGYCxO47aaFUo5qJN7QN3lxajb
-SzL/SdoHrVL67unzmHyktx5uF8Fv6EDgUV6NCb/IBiEwhR8YHi86NQ8nsI3K8Zhv
-EnIxghJQD+cn3ykthwqYmZwi2PJDBiZsOGf3iXbalAjU3JVqoA7mboRPR+IBXQxK
-xvAEpyIGeSUN8yBn+JVDRwZ37kkUVs2AOeUwMlnfFSqYFfmqbeQ73A9ECwARAQAB
-tDxGZWRvcmEgMjUgUHJpbWFyeSAoMjUpIDxmZWRvcmEtMjUtcHJpbWFyeUBmZWRv
-cmFwcm9qZWN0Lm9yZz6JAjgEEwECACIFAlb9YzMCGw8GCwkIBwMCBhUIAgkKCwQW
-AgMBAh4BAheAAAoJEECJ2PL9sZyY1TEP/0u/v4g8HEdl9gqlhV179vXCJJiGtzB0
-7IGAu++mrsxBrDpqPZTEs6dG5MyzvhhHcmHYrZIiicPAeL9xlZ75oIqQuvjDncoM
-kROSGvtfUnvocZhQIPvvkgWe3UAmmP3cSlVzu3KtbTpM+KL71incWo4Tentq9L/f
-vsow7vvGbKUMoSSZbAMfjJkzlzSDNlFtaRkrCBQFJ76EKeggjnEZ8H0cowCdGuyv
-uBoxQeeQM13b2T9c/uyrXCIcasaOTIKTcqTjbJUTIC2NIZ8OHjtlxZacEaN3ml1M
-lNRtbIvqzbtv+sb+DsOVTyd1XIcxU9s+TDKvUm0OBNvj3Bm2BQbi8RHyLFbHWvhx
-Gjzb8Wb/MnlcdTlk3M2iPv8dWHXjEM9n9TKyStdpBD9X3P/Gy2gUquHgkl8p+r8o
-xmzNH534mKH47kPL/trKInKwv0fkBwxvuPgHG0n79eMHQenVA8gXzG4P6JkcyObA
-6xGEEQ/wXFF0gLksmwFWuPm2GcnOI5KmGNgDP2PMhS8/cfJfW04a/tL2T2zr4CmE
-LynbOvY/yOJk7/2W3Cb47+yhqo/htrpJDP6n6zQNNk3+e8EVgfhkQqFxom8yCmEP
-pW0gBFeE83VoytYPXRkavwmFR+tplyZfOkXG9gysTn8SpRp5+B44O+VeaZumanQZ
-kRFmBygMR6M/
-=NrXo
------END PGP PUBLIC KEY BLOCK-----

keys/RPM-GPG-KEY-fedora-29-primary

@@ -1,30 +0,0 @@
-pub  4096R/429476B4 2018-02-17 Fedora 29 (29) <fedora-29@fedoraproject.org>
-
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBFqIZTcBEACjh0DKywPd0Hx9I4nGYsbUbqIU7TGZgxaT9jnVSRgkcdfRqt2C
-P7EdtRbyqkMUKyL23CLwAz+YSmf9Ff9nxBSl8FiKUCNNWUYO3faEAZkZ5reDr6h6
-W4a0niBMWfVLqmYjpZmkcBqgLgl+2wVq9/E9Fq9SzDktzczUF7wwAWrsKW5rwEEq
-+i8jk6FSUTNMqWZq69y7Dvox8k8QIxtou5dIL3Z8qQdkc/0ynTs4bdac94FsJBM6
-0qKSHP23MY7ppwOl7wttAsnaIzBaCD0UIM5qtfFBNFaYfeJ5kH1rf+NzgFjJ8y1D
-xiZdEX2t4OyXvhuAQSvYyotDrJzCbusjXQYMYYqnfGcqMmTCkgGxYbdfVGbMs3x1
-mMObZWMQbb9HGN0KTBaFdwA7EnMBrCGy3I9WxngGIGATOPWkPPUUxlaI9jwxT3tq
-bwYY5Kn2RhD4CZyj4VIaQvGdMaop01O78QVFHhdH24abqNuPrYqEDZ+aSTgnYFKJ
-cpGSsRVL+Kw/x1wik8PYzpC9tNzU1LRCi9jsX0pk9gODSgbKLWryZEgZaIdcBcJD
-4U3slDjdBeTDY8pJV9z9r7z+gFPAHLqStGKj2icbv80dMGTfgUm3HqWES/XXomX9
-ZWA1tV0ZlNOM8/IunmISz9MNpc3LChpcccffjrfvWBfokDKaXO9qCUgctwARAQAB
-tCxGZWRvcmEgMjkgKDI5KSA8ZmVkb3JhLTI5QGZlZG9yYXByb2plY3Qub3JnPokC
-OAQTAQIAIgUCWohlNwIbDwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQogql
-a0KUdrR7axAAluNHQ93T7u/yIQaTCs4uGb/jEg7qbm6hRx5nsqrdm3qKNqnyXK61
-nnPNoDJNk1WhZww4RdrvxCDOGyyNhGSejjvXM6RBDEOY/KmD6huPo8xN5i7JVG+E
-2mlwTGe7HSg47d0wHydDNTRLQqT0VZnpkxRe3puQ4DNNHJZG1SsRl/Sf2VI1XyB/
-hHbFGbLS9KvH32lCIAAtt6dbGTRZC9gsGL6XR/6o7EU5fpj7U5rYiDTFaYqmqG21
-LZZV9xtqCoHcKElY7jX7Rfmk8Wn1G2zC2XR0LX7eVH7GBeXw6JbmLZjxSgd235zE
-1lNSaSLMHOHMcgSHWoEC9ULzLYJuTagjK3cjk0VkKLocakRcsb9dtFcxgZGdQHfM
-X7mD9epuJmqB4a6TOZoL/tiq28ORakUbjYfLz9ngnqd/pJkn9MNWcxy3yBtOdTYq
-ce+61/XQk4cR2tH8V2eP7fL8YMboNkPPbcbKlcvKG/TgaS0tVrFMUmA1xmDihzf6
-gupAANlcMkYo0hm+z1hLvgqosp14oTocJeXLAFVw5dxnb9bmqjBy+77u/rqrY0Ek
-LQd9XnXgowUQl0RSNXgcIIfEkVBipL/2YB+MFBmMQKcTDXX7lc/hl6W4BFmVj2KH
-kPdZzUOJQVYfe90Rt3hfXHViUw118hkTaJhrCPVwkFbaUWscEA2OaFI=
-=QzSY
------END PGP PUBLIC KEY BLOCK-----

keys/RPM-GPG-KEY-fedora-30-primary

@@ -1,30 +0,0 @@
-pub 4096R/CFC659B9 2018-08-11 Fedora (30) <fedora-30-primary@fedoraproject.org>
- 
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBFturGcBEACv0xBo91V2n0uEC2vh69ywCiSyvUgN/AQH8EZpCVtM7NyjKgKm
-bbY4G3R0M3ir1xXmvUDvK0493/qOiFrjkplvzXFTGpPTi0ypqGgxc5d0ohRA1M75
-L+0AIlXoOgHQ358/c4uO8X0JAA1NYxCkAW1KSJgFJ3RjukrfqSHWthS1d4o8fhHy
-KJKEnirE5hHqB50dafXrBfgZdaOs3C6ppRIePFe2o4vUEapMTCHFw0woQR8Ah4/R
-n7Z9G9Ln+0Cinmy0nbIDiZJ+pgLAXCOWBfDUzcOjDGKvcpoZharA07c0q1/5ojzO
-4F0Fh4g/BUmtrASwHfcIbjHyCSr1j/3Iz883iy07gJY5Yhiuaqmp0o0f9fgHkG53
-2xCU1owmACqaIBNQMukvXRDtB2GJMuKa/asTZDP6R5re+iXs7+s9ohcRRAKGyAyc
-YKIQKcaA+6M8T7/G+TPHZX6HJWqJJiYB+EC2ERblpvq9TPlLguEWcmvjbVc31nyq
-SDoO3ncFWKFmVsbQPTbP+pKUmlLfJwtb5XqxNR5GEXSwVv4I7IqBmJz1MmRafnBZ
-g0FJUtH668GnldO20XbnSVBr820F5SISMXVwCXDXEvGwwiB8Lt8PvqzXnGIFDAu3
-DlQI5sxSqpPVWSyw08ppKT2Tpmy8adiBotLfaCFl2VTHwOae48X2dMPBvQARAQAB
-tDFGZWRvcmEgKDMwKSA8ZmVkb3JhLTMwLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v
-cmc+iQI4BBMBAgAiBQJbbqxnAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAK
-CRDvPBEfz8ZZudTnD/9170LL3nyTVUCFmBjT9wZ4gYnpwtKVPa/pKnxbbS+Bmmac
-g9TrT9pZbqOHrNJLiZ3Zx1Hp+8uxr3Lo6kbYwImLhkOEDrf4aP17HfQ6VYFbQZI8
-f79OFxWJ7si9+3gfzeh9UYFEqOQfzIjLWFyfnas0OnV/P+RMQ1Zr+vPRqO7AR2va
-N9wg+Xl7157dhXPCGYnGMNSoxCbpRs0JNlzvJMuAea5nTTznRaJZtK/xKsqLn51D
-K07k9MHVFXakOH8QtMCUglbwfTfIpO5YRq5imxlWbqsYWVQy1WGJFyW6hWC0+RcJ
-Ox5zGtOfi4/dN+xJ+ibnbyvy/il7Qm+vyFhCYqIPyS5m2UVJUuao3eApE38k78/o
-8aQOTnFQZ+U1Sw+6woFTxjqRQBXlQm2+7Bt3bqGATg4sXXWPbmwdL87Ic+mxn/ml
-SMfQux/5k6iAu1kQhwkO2YJn9eII6HIPkW+2m5N1JsUyJQe4cbtZE5Yh3TRA0dm7
-+zoBRfCXkOW4krchbgww/ptVmzMMP7GINJdROrJnsGl5FVeid9qHzV7aZycWSma7
-CxBYB1J8HCbty5NjtD6XMYRrMLxXugvX6Q4NPPH+2NKjzX4SIDejS6JjgrP3KA3O
-pMuo7ZHMfveBngv8yP+ZD/1sS6l+dfExvdaJdOdgFCnp4p3gPbw5+Lv70HrMjA==
-=BfZ/
------END PGP PUBLIC KEY BLOCK-----

keys/RPM-GPG-KEY-fedora-31-primary

@@ -1,29 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBFxq3QMBEADUhGfCfP1ijiggBuVbR/pBDSWMC3TWbfC8pt7fhZkYrilzfWUM
-fTsikPymSriScONXP6DNyZ5r7tgrIVdVrJvRIqIFRO0mufp9HyfWKDO//Ctyp7OQ
-zYw6NVthO/aWpyFfJpj6s4iZsYGqf9gByV8brBB8v8jEsCtVOj1BU3bMbLkMsRI9
-+WiLjDYyvopqNBQuIe8ogxSxpYdbUz6+jxzfvhRoBzWdjITd//Gjd90kkrBOMWkO
-LTqO133OD1WMT08G5NuQ4KhjYsVvSbBpfdkTcNuP8gBP9LxCQDc+e1eAhZ95g3qk
-XLeKEK9j+F+wuG/OrEAxBsscCxXRUB38QH6CFe3UxGoSMnBi+jEhicudo+ItpFOy
-7rPaYyRh4Pmu4QHcC83bNjp8NI6zTHrBmVuPqkxMn07GMAQav9ezBXj6umqTX4cU
-dsJUavJrJ3u7rT0lhBdiGrQ9zPbL07u2Kn+OXPAC3dKSf7G8TvwNAdry9esGSpi3
-8aa1myQYVZvAlsIBkbN3fb1wvDJE5czVhzwQ77V2t66jxeg0o9/2OZVH3CozD2Zj
-v28LHuW/jnQHtsQ0fUyQYRmHxNEVkW10GGM7fQwxzpxFFS1O/2XEnfMu7yBHZsgL
-SojfUct0FhLhEN/g/IINX9ZCVrzK5/De27CNjYE1cgYD/lTmQ0SyjfKVwwARAQAB
-tDFGZWRvcmEgKDMxKSA8ZmVkb3JhLTMxLXByaW1hcnlAZmVkb3JhcHJvamVjdC5v
-cmc+iQI+BBMBAgAoAhsPBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAUCXGrkTQUJ
-Es8P/QAKCRBQyzkLPDNZxBmDD/90IFwAfFcQq5ENl7/o2CYQ9k2adTHbV5RoIOWC
-/o9I5/btn1y8WDhPOUNmsgbUqRqz6srlVplg+LkpIj67PVLDBwpVbCJC8o1fztd2
-MryVqdvu562WVhUorII+iW7nfqD0yv55nH9b/JR1qloUa8LpeKw84JgvxF5wVfyR
-id1WjI0DBk2taFR4xCfU5Tb262fbdFj5iB9xskP7oNeS29+SfDjlnybtlFoqr9UA
-nY1uvhBPkGmj45SJkpfP+L+kGYXVaUd29M/q/Pt46X1KDvr6Z0l8bSUEk3zfcNdj
-uEhtHBqSy1UPPAikGX1Q5wGdu7R7+mv/ARqfI6OC44ipoOMNK1Aiu6+slbPYphwX
-ighSz9yYuG0EdWt7akfKR0R04Kuej4LXLWcxTR4l8XDzThYgPP0g+z0XQJrAkVhi
-SrzICeC3K1GPSiUtNAxSTL+qWWgwvQyAPNoPV/OYmY+wUxUnKCZpEWPkL79lh6CM
-bJx/zlrOMzRumSzaOnKW9AOliviH4Rj89OmDifBEsQ0CewdHN9ly6g4ZFJJGYXJ5
-HTb5jdButTC3tDfvH8Z7dtXKdC4iqJCIxj698Xn8UjVefZQ2nbv5eXcZLfHtvbNB
-TTv1vvBV4G7aiHKYRSj7HmxhLBZC8Y/nmFAemOoOYDpR5eUmPmSbFayoLfRsFXmC
-HLs7cw==
-=6hRW
------END PGP PUBLIC KEY BLOCK-----

mod-sign.sh

@@ -0,0 +1,37 @@
+#! /bin/bash
+
+# The modules_sign target checks for corresponding .o files for every .ko that
+# is signed. This doesn't work for package builds which re-use the same build
+# directory for every flavour, and the .config may change between flavours.
+# So instead of using this script to just sign lib/modules/$KernelVer/extra,
+# sign all .ko in the buildroot.
+
+# This essentially duplicates the 'modules_sign' Kbuild target and runs the
+# same commands for those modules.
+
+MODSECKEY=$1
+MODPUBKEY=$2
+moddir=$3
+
+modules=`find $moddir -type f -name '*.ko'`
+
+NPROC=`nproc`
+[ -z "$NPROC" ] && NPROC=1
+
+# NB: this loop runs 2000+ iterations. Try to be fast.
+echo "$modules" | xargs -r -n16 -P $NPROC sh -c "
+for mod; do
+    ./scripts/sign-file sha256 $MODSECKEY $MODPUBKEY \$mod
+    rm -f \$mod.sig \$mod.dig
+done
+" DUMMYARG0   # xargs appends ARG1 ARG2..., which go into $mod in for loop.
+
+RANDOMMOD=$(echo "$modules" | sort -R | head -n 1)
+if [ "~Module signature appended~" != "$(tail -c 28 $RANDOMMOD)" ]; then
+    echo "*****************************"
+    echo "*** Modules are unsigned! ***"
+    echo "*****************************"
+    exit 1
+fi
+
+exit 0

version

@@ -1 +1 @@
-5.2.11
+5.4.16