QubesOS/qubes-linux-kernel
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
17b7186716
qubes-linux-kernel/Makefile
Marek Marczykowski-Górecki 17b7186716
Make makefile and spec compatible with rc versions 
There are a couple of changes needed:
1. Package version cannot contain '-' (5.4-rc5-1.pvops.qubes is an
   invalid rpm version). Follow Fedora upstream idea of moving 'rc' tag
   into package release field, as 0.rcXX.(original rel). This way, such
   package will be 'older' than the final release (with just release
   number there - 1 in most cases). The alternative idea is using
   '~rcXX' in the package version, but ~ couldn't be part of a kernel
   version reported by the kernel itself and also qubes-dom0-update
   refuses ~ in a package filename.
2. Adjust kernel version to match the above - specifically clear
   EXTRAVERSION (-rcXX suffix), as it will be added back as package
   release (CONFIG_LOCALVERSION).
3. rc tarballs are available only as a git-generated .tar.gz (not
   .tar.xz) and there are no matching detached signatures. While it
   would be possible to download a signed tag via git, scripting that
   would be overly complex as for the task rarely used. Leave this
   verification as a manual step and require sha512 checksum to be
   committed into repository.
   To build an archive matching upstream one, out of a signed tag, use
   command like this:
   git archive --prefix=linux-5.4-rc5/ --output=../linux-5.4-rc5.tar.gz v5.4-rc5

While at it, remove obsolete BUILD_FLAVOR variable.
2019-10-30 17:48:44 +01:00

161 lines
4.2 KiB
Makefile
Raw Blame History

NAME := kernel
SPECFILE := kernel.spec
WORKDIR := $(shell pwd)
SPECDIR ?= $(WORKDIR)
SRCRPMDIR ?= $(WORKDIR)/srpm
BUILDDIR ?= $(WORKDIR)
RPMDIR ?= $(WORKDIR)/rpm
SOURCEDIR := $(WORKDIR)
NO_OF_CPUS := $(shell grep -c ^processor /proc/cpuinfo)
RPM_DEFINES := --define "_sourcedir $(SOURCEDIR)" \
--define "_specdir $(SPECDIR)" \
--define "_builddir $(BUILDDIR)" \
--define "_srcrpmdir $(SRCRPMDIR)" \
--define "_rpmdir $(RPMDIR)"
ifndef NAME
$(error "You can not run this Makefile without having NAME defined")
endif
ifndef VERSION
VERSION := $(shell cat version)
endif
ifndef RELEASE
RELEASE := $(shell cat rel)
endif
ifneq ($(VERSION),$(subst -rc,,$(VERSION)))
DOWNLOAD_FROM_GIT=1
VERIFICATION := hash
else
VERIFICATION := signature
endif
all: help
MIRROR := cdn.kernel.org
ifeq (,$(DISTFILES_MIRROR))
SRC_BASEURL := https://${MIRROR}/pub/linux/kernel/v$(shell echo $(VERSION) | sed 's/^\(2\.[0-9]*\).*/\1/;s/^3\..*/3.x/;s/^4\..*/4.x/;s/^5\..*/5.x/')
else
SRC_BASEURL := $(DISTFILES_MIRROR)
endif
ifeq ($(VERIFICATION),signature)
SRC_FILE := linux-${VERSION}.tar.xz
SIGN_FILE := linux-${VERSION}.tar.sign
else
SRC_FILE := linux-${VERSION}.tar.gz
HASH_FILE := $(SRC_FILE).sha512
endif
WG_BASE_URL := https://git.zx2c4.com/WireGuard/snapshot
WG_SRC_FILE := WireGuard-0.0.20190913.tar.xz
WG_SRC_URL := $(WG_BASE_URL)/$(WG_SRC_FILE)
WG_SIG_FILE := $(WG_SRC_FILE:%.xz=%.asc)
WG_SIG_URL := $(WG_BASE_URL)/$(WG_SIG_FILE)
URL := $(SRC_BASEURL)/$(SRC_FILE)
URL_SIGN := $(SRC_BASEURL)/$(SIGN_FILE)
ifeq ($(DOWNLOAD_FROM_GIT),1)
URL := https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/snapshot/linux-$(VERSION).tar.gz
endif
get-sources: $(SRC_FILE) $(SIGN_FILE) $(WG_SRC_FILE) $(WG_SIG_FILE)
$(SRC_FILE):
@wget -q -N $(URL)
$(SIGN_FILE):
@wget -q -N $(URL_SIGN)
$(WG_SRC_FILE):
@wget -q -N $(WG_SRC_URL)
$(WG_SIG_FILE):
@wget -q -N $(WG_SIG_URL)
import-keys:
@if [ -n "$$GNUPGHOME" ]; then rm -f "$$GNUPGHOME/linux-kernel-trustedkeys.gpg"; fi
@gpg --no-auto-check-trustdb --no-default-keyring --keyring linux-kernel-trustedkeys.gpg -q --import kernel*-key.asc
@if [ -n "$$GNUPGHOME" ]; then rm -f "$$GNUPGHOME/wireguard-trustedkeys.gpg"; fi
@gpg --no-auto-check-trustdb --no-default-keyring --keyring wireguard-trustedkeys.gpg -q --import wireguard*-key.asc
verify-sources: import-keys
@xzcat $(WG_SRC_FILE) | gpgv --keyring wireguard-trustedkeys.gpg $(WG_SIG_FILE) - 2>/dev/null
ifeq ($(VERIFICATION),signature)
@xzcat $(SRC_FILE) | gpgv --keyring linux-kernel-trustedkeys.gpg $(SIGN_FILE) - 2>/dev/null
else
# there are no signatures for rc tarballs
# verify locally based on a signed git tag and commit hash file
sha512sum --quiet -c $(HASH_FILE)
endif
.PHONY: clean-sources
clean-sources:
ifneq ($(SRC_FILE), None)
-rm $(SRC_FILE) $(SIGN_FILE)
endif
ifneq ($(WG_SRC_FILE), None)
-rm $(WG_SRC_FILE) $(WG_SIG_FILE)
endif
#RPM := rpmbuild --buildroot=/dev/shm/buildroot/
RPM := rpmbuild
RPM_WITH_DIRS = $(RPM) $(RPM_DEFINES)
rpms: rpms-dom0
rpms-vm:
rpms-dom0: get-sources $(SPECFILE)
$(RPM_WITH_DIRS) -bb $(SPECFILE)
rpm --addsign $(RPMDIR)/x86_64/*$(VERSION)-$(RELEASE)*.rpm
rpms-nobuild:
$(RPM_WITH_DIRS) --nobuild -bb $(SPECFILE)
rpms-just-build:
$(RPM_WITH_DIRS) --short-circuit -bc $(SPECFILE)
rpms-install:
$(RPM_WITH_DIRS) -bi $(SPECFILE)
prep: get-sources $(SPECFILE)
$(RPM_WITH_DIRS) -bp $(SPECFILE)
srpm: get-sources $(SPECFILE)
$(RPM_WITH_DIRS) -bs $(SPECFILE)
verrel:
@echo $(NAME)-$(VERSION)-$(RELEASE)
# mop up, printing out exactly what was mopped.
.PHONY : clean
clean ::
@echo "Running the %clean script of the rpmbuild..."
$(RPM_WITH_DIRS) --clean --nodeps $(SPECFILE)
help:
@echo "Usage: make <target>"
@echo
@echo "get-sources Download kernel sources from kernel.org"
@echo "verify-sources"
@echo
@echo "prep Just do the prep"
@echo "rpms Build rpms"
@echo "rpms-nobuild Skip the build stage (for testing)"
@echo "rpms-just-build Skip packaging (just test compilation)"
@echo "srpm Create an srpm"
@echo
@echo "make update-repo-current -- copy newly generated rpms to qubes yum repo"
@echo "make update-repo-current-testing -- same, but to -current-testing"
@echo "make update-repo-unstable -- same, but to -unstable repo"
Reference in New Issue View Git Blame Copy Permalink