e3a342006f
kernel modules built in VM often use different gcc version, which makes provided gcc plugins incompatible. Since rebuilding those plugins may not be straight forward (extra gcc headers needed, possibly kernel config changes needed if gcc version differs significantly), disable them for out of tree modules. Fixes QubesOS/qubes-issues#2844
609 lines
21 KiB
RPMSpec
609 lines
21 KiB
RPMSpec
# A spec file for building xenlinux Dom0 kernel for Qubes
|
|
# Based on the Open SUSE kernel-spec & Fedora kernel-spec.
|
|
#
|
|
|
|
%define variant pvops.qubes
|
|
%define plainrel @REL@
|
|
%define rel %{plainrel}.%{variant}
|
|
%define version @VERSION@
|
|
%define name_suffix -latest
|
|
|
|
%define _buildshell /bin/bash
|
|
%define build_xen 1
|
|
|
|
%global cpu_arch x86_64
|
|
%define cpu_arch_flavor %cpu_arch
|
|
|
|
%define kernelrelease %(echo %{version} | sed 's/^3\\.[0-9]\\+$/\\0.0/')-%rel.%cpu_arch
|
|
%define my_builddir %_builddir/%{name}-%{version}
|
|
|
|
%define build_src_dir %my_builddir/linux-%version
|
|
%define src_install_dir /usr/src/kernels/%kernelrelease
|
|
%define kernel_build_dir %my_builddir/linux-obj
|
|
%define vm_install_dir /var/lib/qubes/vm-kernels/%version-%{plainrel}
|
|
|
|
%define install_vdso 1
|
|
%define debuginfodir /usr/lib/debug
|
|
|
|
# debuginfo build is disabled by default to save disk space (it needs 2-3GB build time)
|
|
%define with_debuginfo 0
|
|
|
|
%if !%{with_debuginfo}
|
|
%global debug_package %{nil}
|
|
%define setup_config --disable CONFIG_DEBUG_INFO
|
|
%else
|
|
%define setup_config --enable CONFIG_DEBUG_INFO --disable CONFIG_DEBUG_INFO_REDUCED
|
|
%endif
|
|
|
|
Name: kernel%{?name_suffix}
|
|
Summary: The Xen Kernel
|
|
Version: %{version}
|
|
Epoch: 1000
|
|
Release: %{rel}
|
|
License: GPL v2 only
|
|
Group: System/Kernel
|
|
Url: http://www.kernel.org/
|
|
AutoReqProv: on
|
|
BuildRequires: coreutils module-init-tools sparse
|
|
BuildRequires: qubes-kernel-vm-support
|
|
BuildRequires: dracut
|
|
BuildRequires: busybox
|
|
BuildRequires: bc
|
|
BuildRequires: openssl-devel
|
|
BuildRequires: gcc-plugin-devel
|
|
BuildRequires: elfutils-libelf-devel
|
|
BuildRequires: bison
|
|
BuildRequires: flex
|
|
BuildRequires: e2fsprogs
|
|
|
|
# gcc with support for BTI mitigation
|
|
%if 0%{?fedora} == 23
|
|
BuildRequires: gcc >= 5.3.1-6.qubes1
|
|
%else
|
|
%if 0%{?fedora} == 25
|
|
BuildRequires: gcc >= 6.4.1-1.qubes1
|
|
%else
|
|
BuildRequires: gcc
|
|
%endif
|
|
%endif
|
|
|
|
# Needed for building GCC hardened plugins
|
|
BuildRequires: gcc-c++
|
|
|
|
Provides: multiversion(kernel)
|
|
Provides: %name = %kernelrelease
|
|
|
|
Provides: kernel-xen-dom0
|
|
Provides: kernel-qubes-dom0
|
|
Provides: kernel-qubes-dom0-pvops
|
|
Provides: kernel-drm = 4.3.0
|
|
Provides: kernel-drm-nouveau = 16
|
|
Provides: kernel-modules-extra = %kernelrelease
|
|
Provides: kernel-modeset = 1
|
|
|
|
Requires(pre): coreutils gawk
|
|
Requires(post): dracut binutils
|
|
Requires: qubes-core-dom0-linux-kernel-install
|
|
|
|
Conflicts: sysfsutils < 2.0
|
|
# root-lvm only works with newer udevs
|
|
Conflicts: udev < 118
|
|
Conflicts: lvm2 < 2.02.33
|
|
Provides: kernel = %kernelrelease
|
|
Provides: kernel-uname-r = %kernelrelease
|
|
|
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
ExclusiveArch: x86_64
|
|
|
|
Source0: linux-%version.tar.xz
|
|
Source5: WireGuard-0.0.20190406.tar.xz
|
|
Source16: guards
|
|
Source17: apply-patches
|
|
Source33: check-for-config-changes
|
|
Source34: gen-config
|
|
Source100: config-base
|
|
Source101: config-qubes
|
|
|
|
Patch0: 0001-kbuild-AFTER_LINK.patch
|
|
Patch1: 0002-xen-netfront-detach-crash.patch
|
|
Patch2: 0003-mce-hide-EBUSY-initialization-error-on-Xen.patch
|
|
Patch3: 0004-Log-error-code-of-EVTCHNOP_bind_pirq-failure.patch
|
|
Patch4: 0005-pvops-respect-removable-xenstore-flag-for-block-devi.patch
|
|
Patch5: 0006-pvops-xen-blkfront-handle-FDEJECT-as-detach-request-.patch
|
|
Patch6: 0007-block-add-no_part_scan-module-parameter.patch
|
|
Patch7: 0008-xen-Add-RING_COPY_RESPONSE.patch
|
|
Patch8: 0009-xen-netfront-copy-response-out-of-shared-buffer-befo.patch
|
|
Patch9: 0010-xen-netfront-do-not-use-data-already-exposed-to-back.patch
|
|
Patch10: 0011-xen-netfront-add-range-check-for-Tx-response-id.patch
|
|
Patch11: 0012-xen-blkfront-make-local-copy-of-response-before-usin.patch
|
|
Patch12: 0013-xen-blkfront-prepare-request-locally-only-then-put-i.patch
|
|
Patch13: 0014-xen-pcifront-pciback-Update-pciif.h-with-err-and-res.patch
|
|
Patch14: 0015-xen-pciback-add-attribute-to-allow-MSI-enable-flag-w.patch
|
|
|
|
%description
|
|
Qubes Dom0 kernel.
|
|
|
|
%prep
|
|
if ! [ -e %_sourcedir/linux-%version.tar.xz ]; then
|
|
echo "The %name-%version.nosrc.rpm package does not contain the" \
|
|
"complete sources. Please install kernel-source-%version.src.rpm."
|
|
exit 1
|
|
fi
|
|
|
|
SYMBOLS="xen-dom0 pvops"
|
|
|
|
# Unpack all sources and patches
|
|
%autosetup -N -c -T -a 0
|
|
|
|
mkdir -p %kernel_build_dir
|
|
|
|
cd linux-%version
|
|
%autopatch -p1
|
|
|
|
cd %kernel_build_dir
|
|
|
|
# Create QubesOS config kernel
|
|
%{SOURCE34} %{SOURCE100} %{SOURCE101}
|
|
|
|
%build_src_dir/scripts/config \
|
|
--set-str CONFIG_LOCALVERSION -%release.%cpu_arch %{setup_config}
|
|
|
|
MAKE_ARGS="$MAKE_ARGS -C %build_src_dir O=$PWD"
|
|
|
|
make prepare $MAKE_ARGS
|
|
make scripts $MAKE_ARGS
|
|
make scripts_basic $MAKE_ARGS
|
|
krel=$(make -s kernelrelease $MAKE_ARGS)
|
|
|
|
if [ "$krel" != "%kernelrelease" ]; then
|
|
echo "Kernel release mismatch: $krel != %kernelrelease" >&2
|
|
exit 1
|
|
fi
|
|
|
|
make clean $MAKE_ARGS
|
|
|
|
rm -f source
|
|
find . ! -type d -printf '%%P\n' > %my_builddir/obj-files
|
|
rm -rf %_builddir/u2mfn
|
|
u2mfn_ver=`dkms status u2mfn|tail -n 1|cut -f 2 -d ' '|tr -d ':,:'`
|
|
if [ -n "$u2mfn_ver" ]; then
|
|
cp -r /usr/src/u2mfn-$u2mfn_ver %_builddir/u2mfn
|
|
fi
|
|
|
|
rm -rf %_builddir/wireguard
|
|
tar x -C %_builddir -Jpf %{SOURCE5}
|
|
mv %_builddir/$(basename %{SOURCE5} .tar.xz) %_builddir/wireguard
|
|
|
|
|
|
%build
|
|
|
|
cd %kernel_build_dir
|
|
|
|
# This override tweaks the kernel makefiles so that we run debugedit on an
|
|
# object before embedding it. When we later run find-debuginfo.sh, it will
|
|
# run debugedit again. The edits it does change the build ID bits embedded
|
|
# in the stripped object, but repeating debugedit is a no-op. We do it
|
|
# beforehand to get the proper final build ID bits into the embedded image.
|
|
# This affects the vDSO images in vmlinux, and the vmlinux image in bzImage.
|
|
export AFTER_LINK=\
|
|
'sh -xc "/usr/lib/rpm/debugedit -b $$RPM_BUILD_DIR -d /usr/src/debug \
|
|
-i $@ > $@.id"'
|
|
|
|
make %{?_smp_mflags} all $MAKE_ARGS CONFIG_DEBUG_SECTION_MISMATCH=y
|
|
|
|
# Build u2mfn module
|
|
if [ -d "%_builddir/u2mfn" ]; then
|
|
make -C %kernel_build_dir M=%_builddir/u2mfn modules
|
|
fi
|
|
|
|
if [ -d "%_builddir/wireguard" ]; then
|
|
make -C %kernel_build_dir M=%_builddir/wireguard/src modules
|
|
fi
|
|
|
|
%install
|
|
|
|
# get rid of /usr/lib/rpm/brp-strip-debug
|
|
# strip removes too much from the vmlinux ELF binary
|
|
export NO_BRP_STRIP_DEBUG=true
|
|
export STRIP_KEEP_SYMTAB='*/vmlinux-*'
|
|
|
|
# /lib/modules/%kernelrelease-%build_flavor/build will be a stale symlink until the
|
|
# kernel-devel package is installed. Don't check for stale symlinks
|
|
# in the brp-symlink check:
|
|
export NO_BRP_STALE_LINK_ERROR=yes
|
|
|
|
cd %kernel_build_dir
|
|
|
|
mkdir -p %buildroot/boot
|
|
cp -p System.map %buildroot/boot/System.map-%kernelrelease
|
|
cp -p arch/x86/boot/bzImage %buildroot/boot/vmlinuz-%kernelrelease
|
|
cp .config %buildroot/boot/config-%kernelrelease
|
|
|
|
%if %install_vdso
|
|
# Install the unstripped vdso's that are linked in the kernel image
|
|
make vdso_install $MAKE_ARGS INSTALL_MOD_PATH=%buildroot
|
|
%endif
|
|
|
|
# Create a dummy initramfs with roughly the size the real one will have.
|
|
# That way, rpm will know that this package requires some additional
|
|
# space in /boot.
|
|
dd if=/dev/zero of=%buildroot/boot/initramfs-%kernelrelease.img \
|
|
bs=1M count=20
|
|
|
|
gzip -c9 < Module.symvers > %buildroot/boot/symvers-%kernelrelease.gz
|
|
|
|
make modules_install $MAKE_ARGS INSTALL_MOD_PATH=%buildroot
|
|
if [ -d "%_builddir/u2mfn" ]; then
|
|
make modules_install $MAKE_ARGS INSTALL_MOD_PATH=%buildroot M=%_builddir/u2mfn
|
|
fi
|
|
if [ -d "%_builddir/wireguard" ]; then
|
|
make modules_install $MAKE_ARGS INSTALL_MOD_PATH=%buildroot M=%_builddir/wireguard/src
|
|
fi
|
|
|
|
mkdir -p %buildroot/%src_install_dir
|
|
|
|
rm -f %buildroot/lib/modules/%kernelrelease/build
|
|
rm -f %buildroot/lib/modules/%kernelrelease/source
|
|
mkdir -p %buildroot/lib/modules/%kernelrelease/build
|
|
(cd %buildroot/lib/modules/%kernelrelease ; ln -s build source)
|
|
# dirs for additional modules per module-init-tools, kbuild/modules.txt
|
|
mkdir -p %buildroot/lib/modules/%kernelrelease/extra
|
|
mkdir -p %buildroot/lib/modules/%kernelrelease/updates
|
|
mkdir -p %buildroot/lib/modules/%kernelrelease/weak-updates
|
|
|
|
pushd %build_src_dir
|
|
cp --parents `find -type f -name "Makefile*" -o -name "Kconfig*"` %buildroot/lib/modules/%kernelrelease/build
|
|
cp -a scripts %buildroot/lib/modules/%kernelrelease/build
|
|
cp -a --parents arch/x86/include %buildroot/lib/modules/%kernelrelease/build/
|
|
cp -a include %buildroot/lib/modules/%kernelrelease/build/include
|
|
popd
|
|
|
|
cp Module.symvers %buildroot/lib/modules/%kernelrelease/build
|
|
cp System.map %buildroot/lib/modules/%kernelrelease/build
|
|
if [ -s Module.markers ]; then
|
|
cp Module.markers %buildroot/lib/modules/%kernelrelease/build
|
|
fi
|
|
|
|
rm -rf %buildroot/lib/modules/%kernelrelease/build/Documentation
|
|
|
|
# disable GCC plugins for external modules build, to not fail if different gcc
|
|
# version is used
|
|
sed -e 's/^\(CONFIG_GCC_PLUGIN.*\)=y/# \1 is not set/' .config > \
|
|
%buildroot/lib/modules/%kernelrelease/build/.config
|
|
|
|
rm -f %buildroot/lib/modules/%kernelrelease/build/scripts/*.o
|
|
rm -f %buildroot/lib/modules/%kernelrelease/build/scripts/*/*.o
|
|
|
|
cp -a scripts/* %buildroot/lib/modules/%kernelrelease/build/scripts/
|
|
cp -a include/* %buildroot/lib/modules/%kernelrelease/build/include/
|
|
cp -a --parents arch/x86/include/* %buildroot/lib/modules/%kernelrelease/build/
|
|
if [ -f tools/objtool/objtool ]; then
|
|
cp -a --parents tools/objtool %buildroot/lib/modules/%kernelrelease/build/
|
|
pushd %build_src_dir
|
|
cp -a --parents tools/objtool %buildroot/lib/modules/%kernelrelease/build/
|
|
cp -a --parents tools/build/Build.include %buildroot/lib/modules/%kernelrelease/build/
|
|
cp -a --parents tools/build/Build %buildroot/lib/modules/%kernelrelease/build/
|
|
cp -a --parents tools/build/fixdep.c %buildroot/lib/modules/%kernelrelease/build/
|
|
cp -a --parents tools/scripts/utilities.mak %buildroot/lib/modules/%kernelrelease/build/
|
|
cp -a --parents tools/lib/str_error_r.c %buildroot/lib/modules/%kernelrelease/build/
|
|
cp -a --parents tools/lib/string.c %buildroot/lib/modules/%kernelrelease/build/
|
|
cp -a --parents tools/lib/subcmd/* %buildroot/lib/modules/%kernelrelease/build/
|
|
popd
|
|
fi
|
|
|
|
# Copy .config to include/config/auto.conf so "make prepare" is unnecessary.
|
|
cp %buildroot/lib/modules/%kernelrelease/build/.config %buildroot/lib/modules/%kernelrelease/build/include/config/auto.conf
|
|
|
|
# Make sure the Makefile and version.h have a matching timestamp so that
|
|
# external modules can be built
|
|
touch -r %buildroot/lib/modules/%kernelrelease/build/Makefile %buildroot/lib/modules/%kernelrelease/build/include/generated/uapi/linux/version.h
|
|
touch -r %buildroot/lib/modules/%kernelrelease/build/.config %buildroot/lib/modules/%kernelrelease/build/include/config/auto.conf
|
|
|
|
if test -s vmlinux.id; then
|
|
cp vmlinux.id %buildroot/lib/modules/%kernelrelease/build/vmlinux.id
|
|
else
|
|
echo >&2 "*** WARNING *** no vmlinux build ID! ***"
|
|
fi
|
|
|
|
#
|
|
# save the vmlinux file for kernel debugging into the kernel-debuginfo rpm
|
|
#
|
|
%if %{with_debuginfo}
|
|
mkdir -p %buildroot%{debuginfodir}/lib/modules/%kernelrelease
|
|
cp vmlinux %buildroot%{debuginfodir}/lib/modules/%kernelrelease
|
|
%endif
|
|
|
|
find %buildroot/lib/modules/%kernelrelease -name "*.ko" -type f >modnames
|
|
|
|
# mark modules executable so that strip-to-file can strip them
|
|
xargs --no-run-if-empty chmod u+x < modnames
|
|
|
|
# Generate a list of modules for block and networking.
|
|
|
|
fgrep /drivers/ modnames | xargs --no-run-if-empty nm -upA |
|
|
sed -n 's,^.*/\([^/]*\.ko\): *U \(.*\)$,\1 \2,p' > drivers.undef
|
|
|
|
collect_modules_list()
|
|
{
|
|
sed -r -n -e "s/^([^ ]+) \\.?($2)\$/\\1/p" drivers.undef |
|
|
LC_ALL=C sort -u > %buildroot/lib/modules/%kernelrelease/modules.$1
|
|
}
|
|
|
|
collect_modules_list networking \
|
|
'register_netdev|ieee80211_register_hw|usbnet_probe'
|
|
collect_modules_list block \
|
|
'ata_scsi_ioctl|scsi_add_host|scsi_add_host_with_dma|blk_init_queue|register_mtd_blktrans|scsi_esp_register|scsi_register_device_handler'
|
|
collect_modules_list drm \
|
|
'drm_open|drm_init'
|
|
collect_modules_list modesetting \
|
|
'drm_crtc_init'
|
|
|
|
# detect missing or incorrect license tags
|
|
rm -f modinfo
|
|
while read i
|
|
do
|
|
echo -n "${i#%buildroot/lib/modules/%kernelrelease/} " >> modinfo
|
|
/sbin/modinfo -l $i >> modinfo
|
|
done < modnames
|
|
|
|
egrep -v \
|
|
'GPL( v2)?$|Dual BSD/GPL$|Dual MPL/GPL$|GPL and additional rights$' \
|
|
modinfo && exit 1
|
|
|
|
rm -f modinfo modnames
|
|
|
|
# Move the devel headers out of the root file system
|
|
mkdir -p %buildroot/usr/src/kernels
|
|
mv %buildroot/lib/modules/%kernelrelease/build/* %buildroot/%src_install_dir/
|
|
mv %buildroot/lib/modules/%kernelrelease/build/.config %buildroot/%src_install_dir
|
|
rmdir %buildroot/lib/modules/%kernelrelease/build
|
|
ln -sf %src_install_dir %buildroot/lib/modules/%kernelrelease/build
|
|
|
|
# Abort if there are any undefined symbols
|
|
msg="$(/sbin/depmod -F %buildroot/boot/System.map-%kernelrelease \
|
|
-b %buildroot -ae %kernelrelease 2>&1)"
|
|
|
|
if [ $? -ne 0 ] || echo "$msg" | grep 'needs unknown symbol'; then
|
|
exit 1
|
|
fi
|
|
|
|
# in case of no firmware built - place empty dir
|
|
mkdir -p %buildroot/lib/firmware
|
|
mv %buildroot/lib/firmware %buildroot/lib/firmware-all
|
|
mkdir -p %buildroot/lib/firmware
|
|
mv %buildroot/lib/firmware-all %buildroot/lib/firmware/%kernelrelease
|
|
|
|
# Prepare initramfs for Qubes VM
|
|
mkdir -p %buildroot/%vm_install_dir
|
|
PATH="/sbin:$PATH" dracut --nomdadmconf --nolvmconf \
|
|
--kmoddir %buildroot/lib/modules/%kernelrelease \
|
|
--modules "kernel-modules qubes-vm-simple" \
|
|
--conf /dev/null --confdir /var/empty \
|
|
-d "xenblk xen-blkfront cdrom ext4 jbd2 crc16 dm_snapshot" \
|
|
%buildroot/%vm_install_dir/initramfs %kernelrelease || exit 1
|
|
|
|
# workaround for buggy dracut-044 in Fedora 25
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1431317
|
|
# https://github.com/dracutdevs/dracut/issues/194
|
|
modules_dep=$(lsinitrd "%buildroot/%vm_install_dir/initramfs" \
|
|
"usr/lib/modules/%kernelrelease/modules.dep")
|
|
if [ -z "$modules_dep" ]; then
|
|
tmpdir=$(mktemp -d)
|
|
zcat "%buildroot/%vm_install_dir/initramfs" | cpio -imd -D "$tmpdir" || exit 1
|
|
mv "$tmpdir"/%buildroot/lib/modules/%kernelrelease/kernel \
|
|
"$tmpdir"/lib/modules/%kernelrelease/ || exit 1
|
|
depmod -F %buildroot/boot/System.map-%kernelrelease \
|
|
-b "$tmpdir" -a %kernelrelease || exit 1
|
|
pushd "$tmpdir"
|
|
if [ -n "$SOURCE_DATE_EPOCH" ]; then
|
|
find . -exec touch --no-dereference --date="@${SOURCE_DATE_EPOCH}" {} +
|
|
fi
|
|
find . -print0 | sort -z \
|
|
| cpio --null -R 0:0 -H newc -o --reproducible --quiet \
|
|
| gzip -n > %buildroot/%vm_install_dir/initramfs || exit 1
|
|
popd
|
|
fi
|
|
|
|
cp -p arch/x86/boot/bzImage %buildroot/%vm_install_dir/vmlinuz
|
|
|
|
# default kernel options for this kernel
|
|
def_kernelopts="root=/dev/mapper/dmroot ro nomodeset console=hvc0"
|
|
def_kernelopts="$def_kernelopts rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0"
|
|
if [ -e /usr/lib/dracut/modules.d/90qubes-vm-simple/xen-scrub-pages-supported ]; then
|
|
# set xen_scrub_pages=0 _only_ when included initramfs does support
|
|
# re-enabling it
|
|
def_kernelopts="$def_kernelopts xen_scrub_pages=0"
|
|
fi
|
|
echo "$def_kernelopts " > %buildroot/%vm_install_dir/default-kernelopts-common.txt
|
|
|
|
# Modules for Qubes VM
|
|
mkdir -p %buildroot%vm_install_dir/modules
|
|
cp -a %buildroot/lib/modules/%kernelrelease %buildroot%vm_install_dir/modules/
|
|
mkdir -p %buildroot%vm_install_dir/modules/firmware
|
|
cp -a %buildroot/lib/firmware/%kernelrelease %buildroot%vm_install_dir/modules/firmware/
|
|
|
|
# Include kernel headers for Qubes VM in "/lib/modules" - so kernel-devel
|
|
# package will be unnecessary there, regardless of distribution
|
|
rm -f %buildroot%vm_install_dir/modules/%kernelrelease/build
|
|
cp -a %buildroot/%src_install_dir %buildroot%vm_install_dir/modules/%kernelrelease/build
|
|
|
|
%if 0%{?fedora} >= 25
|
|
# include kernel+initramfs also inside modules.img, for direct kernel boot with
|
|
# stubdomain
|
|
cp %buildroot%vm_install_dir/vmlinuz %buildroot%vm_install_dir/modules/
|
|
cp %buildroot%vm_install_dir/initramfs %buildroot%vm_install_dir/modules/
|
|
if [ -n "$SOURCE_DATE_EPOCH" ]; then
|
|
find %buildroot%vm_install_dir/modules \
|
|
-exec touch --no-dereference --date="@${SOURCE_DATE_EPOCH}" {} +
|
|
fi
|
|
PATH="/sbin:$PATH" mkfs.ext3 -d %buildroot%vm_install_dir/modules \
|
|
-U dcee2318-92bd-47a5-a15d-e79d1412cdce \
|
|
%buildroot%vm_install_dir/modules.img 500M
|
|
rm -rf %buildroot%vm_install_dir/modules
|
|
%endif
|
|
|
|
# remove files that will be auto generated by depmod at rpm -i time
|
|
for i in alias alias.bin ccwmap dep dep.bin ieee1394map inputmap isapnpmap ofmap pcimap seriomap symbols symbols.bin usbmap
|
|
do
|
|
rm -f %buildroot/lib/modules/%kernelrelease/modules.$i
|
|
done
|
|
|
|
%post
|
|
/sbin/depmod -a %{kernelrelease}
|
|
|
|
%posttrans
|
|
# with kernel-4.14+ plymouth detects hvc0 serial console and forces text boot
|
|
# we simply make plymouth ignore it to recover the splash screen
|
|
if [ -f /etc/default/grub ]; then
|
|
if ! grep -q plymouth.ignore-serial-consoles /etc/default/grub; then
|
|
echo 'GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX plymouth.ignore-serial-consoles"' >> /etc/default/grub
|
|
fi
|
|
fi
|
|
|
|
if [ -f /boot/efi/EFI/qubes/xen.cfg ]; then
|
|
if ! grep -q plymouth.ignore-serial-consoles /boot/efi/EFI/qubes/xen.cfg; then
|
|
sed -i 's/kernel=.*/& plymouth.ignore-serial-consoles/g' /boot/efi/EFI/qubes/xen.cfg
|
|
fi
|
|
fi
|
|
|
|
/bin/kernel-install add %{kernelrelease} /boot/vmlinuz-%{kernelrelease} || exit $?
|
|
|
|
# grubby (used by new-kernel-pkg) do not understand xen entries in grub2 config
|
|
if [ -x /sbin/new-kernel-pkg -a -e /boot/grub2/grub.cfg ]; then
|
|
grub2-mkconfig > /boot/grub2/grub.cfg
|
|
fi
|
|
|
|
%preun
|
|
/bin/kernel-install remove %{kernelrelease} /boot/vmlinuz-%{kernelrelease} || exit $?
|
|
|
|
%files
|
|
%defattr(-, root, root)
|
|
%ghost /boot/initramfs-%{kernelrelease}.img
|
|
/boot/System.map-%{kernelrelease}
|
|
/boot/config-%{kernelrelease}
|
|
/boot/symvers-%kernelrelease.gz
|
|
%attr(0644, root, root) /boot/vmlinuz-%{kernelrelease}
|
|
/lib/firmware/%{kernelrelease}
|
|
/lib/modules/%{kernelrelease}
|
|
|
|
%package devel
|
|
Summary: Development files necessary for building kernel modules
|
|
License: GPL v2 only
|
|
Group: Development/Sources
|
|
Provides: multiversion(kernel)
|
|
Provides: %name-devel = %kernelrelease
|
|
%if "%{?name_suffix}" != ""
|
|
Provides: kernel-devel = %kernelrelease
|
|
%endif
|
|
Provides: kernel-devel-uname-r = %kernelrelease
|
|
Requires: elfutils-libelf-devel
|
|
AutoReqProv: on
|
|
|
|
%description devel
|
|
This package contains files necessary for building kernel modules (and
|
|
kernel module packages) against the kernel.
|
|
|
|
%post devel
|
|
if [ -f /etc/sysconfig/kernel ]
|
|
then
|
|
. /etc/sysconfig/kernel || exit $?
|
|
fi
|
|
if [ "$HARDLINK" != "no" -a -x /usr/sbin/hardlink ]
|
|
then
|
|
(cd /usr/src/kernels/%{kernelrelease} &&
|
|
/usr/bin/find . -type f | while read f; do
|
|
hardlink -c /usr/src/kernels/*.fc*.*/$f $f
|
|
done)
|
|
fi
|
|
|
|
|
|
%files devel
|
|
%defattr(-,root,root)
|
|
/usr/src/kernels/%{kernelrelease}
|
|
|
|
|
|
%package qubes-vm
|
|
Summary: The Xen Kernel
|
|
Version: %{version}
|
|
Release: %{rel}
|
|
License: GPL v2 only
|
|
Group: System/Kernel
|
|
Url: http://www.kernel.org/
|
|
AutoReqProv: on
|
|
BuildRequires: coreutils module-init-tools sparse
|
|
Provides: multiversion(kernel-qubes-vm)
|
|
|
|
Provides: kernel-xen-domU
|
|
Provides: kernel-qubes-domU
|
|
|
|
Requires(pre): coreutils gawk
|
|
Requires(post): dracut
|
|
Requires(post): qubes-core-dom0
|
|
|
|
Conflicts: sysfsutils < 2.0
|
|
# root-lvm only works with newer udevs
|
|
Conflicts: udev < 118
|
|
Conflicts: lvm2 < 2.02.33
|
|
Provides: kernel-qubes-vm = %kernelrelease
|
|
|
|
%description qubes-vm
|
|
Qubes domU kernel.
|
|
|
|
%post qubes-vm
|
|
|
|
%if 0%{?fedora} < 25
|
|
mkdir /tmp/qubes-modules-%kernelrelease
|
|
truncate -s 500M /tmp/qubes-modules-%kernelrelease.img
|
|
mkfs -t ext3 -F /tmp/qubes-modules-%kernelrelease.img > /dev/null
|
|
mount /tmp/qubes-modules-%kernelrelease.img /tmp/qubes-modules-%kernelrelease -o loop
|
|
cp -a -t /tmp/qubes-modules-%kernelrelease %vm_install_dir/modules/%kernelrelease
|
|
mkdir /tmp/qubes-modules-%kernelrelease/firmware
|
|
cp -a -t /tmp/qubes-modules-%kernelrelease/firmware %vm_install_dir/modules/firmware/%kernelrelease
|
|
cp %vm_install_dir/vmlinuz /tmp/qubes-modules-%kernelrelease/
|
|
cp %vm_install_dir/initramfs /tmp/qubes-modules-%kernelrelease/
|
|
umount /tmp/qubes-modules-%kernelrelease
|
|
rmdir /tmp/qubes-modules-%kernelrelease
|
|
mv /tmp/qubes-modules-%kernelrelease.img %vm_install_dir/modules.img
|
|
%endif
|
|
|
|
%if "%{?name_suffix}" == ""
|
|
# Set kernel as default VM kernel if we are the default package.
|
|
|
|
# If qubes-prefs isn't installed yet, the default kernel will be set by %post
|
|
# of qubes-core-dom0
|
|
type qubes-prefs &>/dev/null && qubes-prefs --set default-kernel %version-%plainrel
|
|
%endif
|
|
|
|
exit 0
|
|
|
|
%preun qubes-vm
|
|
|
|
if [ "`qubes-prefs -g default-kernel`" == "%version-%plainrel" ]; then
|
|
echo "This kernel version is set as default VM kernel, cannot remove"
|
|
exit 1
|
|
fi
|
|
if qvm-ls --kernel | grep -qw "%version-%plainrel"; then
|
|
echo "This kernel version is used by at least one VM, cannot remove"
|
|
exit 1
|
|
fi
|
|
|
|
exit 0
|
|
|
|
%files qubes-vm
|
|
%defattr(-, root, root)
|
|
%dir %vm_install_dir
|
|
%if 0%{?fedora} < 25
|
|
%ghost %attr(0644, root, root) %vm_install_dir/modules.img
|
|
%else
|
|
%attr(0644, root, root) %vm_install_dir/modules.img
|
|
%endif
|
|
%attr(0644, root, root) %vm_install_dir/initramfs
|
|
%attr(0644, root, root) %vm_install_dir/vmlinuz
|
|
%if 0%{?fedora} < 25
|
|
%vm_install_dir/modules
|
|
%endif
|
|
%attr(0644, root, root) %vm_install_dir/default-kernelopts-common.txt
|
|
|
|
%changelog
|
|
@CHANGELOG@
|