17b7186716
There are a couple of changes needed: 1. Package version cannot contain '-' (5.4-rc5-1.pvops.qubes is an invalid rpm version). Follow Fedora upstream idea of moving 'rc' tag into package release field, as 0.rcXX.(original rel). This way, such package will be 'older' than the final release (with just release number there - 1 in most cases). The alternative idea is using '~rcXX' in the package version, but ~ couldn't be part of a kernel version reported by the kernel itself and also qubes-dom0-update refuses ~ in a package filename. 2. Adjust kernel version to match the above - specifically clear EXTRAVERSION (-rcXX suffix), as it will be added back as package release (CONFIG_LOCALVERSION). 3. rc tarballs are available only as a git-generated .tar.gz (not .tar.xz) and there are no matching detached signatures. While it would be possible to download a signed tag via git, scripting that would be overly complex as for the task rarely used. Leave this verification as a manual step and require sha512 checksum to be committed into repository. To build an archive matching upstream one, out of a signed tag, use command like this: git archive --prefix=linux-5.4-rc5/ --output=../linux-5.4-rc5.tar.gz v5.4-rc5 While at it, remove obsolete BUILD_FLAVOR variable.
612 lines
21 KiB
RPMSpec
612 lines
21 KiB
RPMSpec
# A spec file for building xenlinux Dom0 kernel for Qubes
|
|
# Based on the Open SUSE kernel-spec & Fedora kernel-spec.
|
|
#
|
|
|
|
%define variant qubes
|
|
%define plainrel @REL@
|
|
%define rel %{plainrel}.%{variant}
|
|
%define version %(echo '@VERSION@' | sed 's/~rc.*/.0/')
|
|
%define upstream_version %(echo '@VERSION@' | sed 's/~rc/-rc/')
|
|
%if "%{version}" != "%{upstream_version}"
|
|
%define prerelease 1
|
|
%define rel 0.%(echo '@VERSION@' | sed 's/.*~rc/rc/').%{plainrel}.%{variant}
|
|
%else
|
|
%define prerelease 0
|
|
%define rel %{plainrel}.%{variant}
|
|
%endif
|
|
|
|
%define name_suffix -latest
|
|
|
|
%define _buildshell /bin/bash
|
|
%define build_xen 1
|
|
|
|
%global cpu_arch x86_64
|
|
%define cpu_arch_flavor %cpu_arch
|
|
|
|
%define kernelrelease %(echo %{upstream_version} | sed 's/^[0-9]\\.[0-9]\\+$/\\0.0/;s/-rc.*/.0/')-%rel.%cpu_arch
|
|
%define my_builddir %_builddir/%{name}-%{version}
|
|
|
|
%define build_src_dir %my_builddir/linux-%upstream_version
|
|
%define src_install_dir /usr/src/kernels/%kernelrelease
|
|
%define kernel_build_dir %my_builddir/linux-obj
|
|
%define vm_install_dir /var/lib/qubes/vm-kernels/%upstream_version-%{plainrel}
|
|
|
|
%define install_vdso 1
|
|
%define debuginfodir /usr/lib/debug
|
|
|
|
# debuginfo build is disabled by default to save disk space (it needs 2-3GB build time)
|
|
%define with_debuginfo 0
|
|
|
|
%if !%{with_debuginfo}
|
|
%global debug_package %{nil}
|
|
%define setup_config --disable CONFIG_DEBUG_INFO
|
|
%else
|
|
%define setup_config --enable CONFIG_DEBUG_INFO --disable CONFIG_DEBUG_INFO_REDUCED
|
|
%endif
|
|
|
|
Name: kernel%{?name_suffix}
|
|
Summary: The Xen Kernel
|
|
Version: %{version}
|
|
Epoch: 1000
|
|
Release: %{rel}
|
|
License: GPL v2 only
|
|
Group: System/Kernel
|
|
Url: http://www.kernel.org/
|
|
AutoReqProv: on
|
|
BuildRequires: coreutils module-init-tools sparse
|
|
BuildRequires: qubes-kernel-vm-support
|
|
BuildRequires: dracut
|
|
BuildRequires: busybox
|
|
BuildRequires: bc
|
|
BuildRequires: openssl-devel
|
|
BuildRequires: gcc-plugin-devel
|
|
BuildRequires: elfutils-libelf-devel
|
|
BuildRequires: bison
|
|
BuildRequires: flex
|
|
BuildRequires: e2fsprogs
|
|
|
|
# gcc with support for BTI mitigation
|
|
%if 0%{?fedora} == 23
|
|
BuildRequires: gcc >= 5.3.1-6.qubes1
|
|
%else
|
|
%if 0%{?fedora} == 25
|
|
BuildRequires: gcc >= 6.4.1-1.qubes1
|
|
%else
|
|
BuildRequires: gcc
|
|
%endif
|
|
%endif
|
|
|
|
# Needed for building GCC hardened plugins
|
|
BuildRequires: gcc-c++
|
|
|
|
Provides: multiversion(kernel)
|
|
Provides: %name = %kernelrelease
|
|
|
|
Provides: kernel-xen-dom0
|
|
Provides: kernel-qubes-dom0
|
|
Provides: kernel-qubes-dom0-pvops
|
|
Provides: kernel-drm = 4.3.0
|
|
Provides: kernel-drm-nouveau = 16
|
|
Provides: kernel-modules-extra = %kernelrelease
|
|
Provides: kernel-modeset = 1
|
|
|
|
Requires(pre): coreutils gawk
|
|
Requires(post): dracut binutils
|
|
Requires: qubes-core-dom0-linux-kernel-install
|
|
|
|
Conflicts: sysfsutils < 2.0
|
|
# root-lvm only works with newer udevs
|
|
Conflicts: udev < 118
|
|
Conflicts: lvm2 < 2.02.33
|
|
Provides: kernel = %kernelrelease
|
|
Provides: kernel-uname-r = %kernelrelease
|
|
|
|
ExclusiveArch: x86_64
|
|
|
|
%if !%{prerelease}
|
|
Source0: linux-%{upstream_version}.tar.xz
|
|
%else
|
|
Source0: linux-%{upstream_version}.tar.gz
|
|
%endif
|
|
Source5: WireGuard-0.0.20190913.tar.xz
|
|
Source16: guards
|
|
Source17: apply-patches
|
|
Source33: check-for-config-changes
|
|
Source34: gen-config
|
|
Source100: config-base
|
|
Source101: config-qubes
|
|
|
|
Patch0: 0001-xen-netfront-detach-crash.patch
|
|
Patch1: 0002-mce-hide-EBUSY-initialization-error-on-Xen.patch
|
|
Patch2: 0003-Log-error-code-of-EVTCHNOP_bind_pirq-failure.patch
|
|
Patch3: 0004-pvops-respect-removable-xenstore-flag-for-block-devi.patch
|
|
Patch4: 0005-pvops-xen-blkfront-handle-FDEJECT-as-detach-request-.patch
|
|
Patch5: 0006-block-add-no_part_scan-module-parameter.patch
|
|
Patch6: 0007-xen-Add-RING_COPY_RESPONSE.patch
|
|
Patch7: 0008-xen-netfront-copy-response-out-of-shared-buffer-befo.patch
|
|
Patch8: 0009-xen-netfront-do-not-use-data-already-exposed-to-back.patch
|
|
Patch9: 0010-xen-netfront-add-range-check-for-Tx-response-id.patch
|
|
Patch10: 0011-xen-blkfront-make-local-copy-of-response-before-usin.patch
|
|
Patch11: 0012-xen-blkfront-prepare-request-locally-only-then-put-i.patch
|
|
Patch12: 0013-xen-pcifront-pciback-Update-pciif.h-with-err-and-res.patch
|
|
Patch13: 0014-xen-pciback-add-attribute-to-allow-MSI-enable-flag-w.patch
|
|
|
|
%description
|
|
Qubes Dom0 kernel.
|
|
|
|
%prep
|
|
SYMBOLS="xen-dom0 pvops"
|
|
|
|
# Unpack all sources and patches
|
|
%autosetup -N -c -T -a 0
|
|
|
|
export LINUX_UPSTREAM_VERSION=%{upstream_version}
|
|
|
|
mkdir -p %kernel_build_dir
|
|
|
|
cd linux-%upstream_version
|
|
%autopatch -p1
|
|
|
|
# drop EXTRAVERSION - possible -rc suffix already included in %release
|
|
sed -i -e 's/^EXTRAVERSION = -rc.*/EXTRAVERSION =/' Makefile
|
|
|
|
cd %kernel_build_dir
|
|
|
|
# Create QubesOS config kernel
|
|
%{SOURCE34} %{SOURCE100} %{SOURCE101}
|
|
|
|
%build_src_dir/scripts/config \
|
|
--set-str CONFIG_LOCALVERSION -%release.%cpu_arch %{setup_config}
|
|
|
|
MAKE_ARGS="$MAKE_ARGS -C %build_src_dir O=$PWD KERNELRELEASE=%{kernelrelease}"
|
|
|
|
make prepare $MAKE_ARGS
|
|
make scripts $MAKE_ARGS
|
|
make scripts_basic $MAKE_ARGS
|
|
krel=$(make -s kernelrelease $MAKE_ARGS)
|
|
|
|
if [ "$krel" != "%kernelrelease" ]; then
|
|
echo "Kernel release mismatch: $krel != %kernelrelease" >&2
|
|
exit 1
|
|
fi
|
|
|
|
make clean $MAKE_ARGS
|
|
|
|
rm -f source
|
|
find . ! -type d -printf '%%P\n' > %my_builddir/obj-files
|
|
rm -rf %_builddir/u2mfn
|
|
u2mfn_ver=`dkms status u2mfn|tail -n 1|cut -f 2 -d ' '|tr -d ':,:'`
|
|
if [ -n "$u2mfn_ver" ]; then
|
|
cp -r /usr/src/u2mfn-$u2mfn_ver %_builddir/u2mfn
|
|
fi
|
|
|
|
rm -rf %_builddir/wireguard
|
|
tar x -C %_builddir -Jpf %{SOURCE5}
|
|
mv %_builddir/$(basename %{SOURCE5} .tar.xz) %_builddir/wireguard
|
|
|
|
|
|
%build
|
|
|
|
cd %kernel_build_dir
|
|
|
|
make %{?_smp_mflags} all $MAKE_ARGS CONFIG_DEBUG_SECTION_MISMATCH=y
|
|
|
|
# Build u2mfn module
|
|
if [ -d "%_builddir/u2mfn" ]; then
|
|
make -C %kernel_build_dir M=%_builddir/u2mfn modules
|
|
fi
|
|
|
|
if [ -d "%_builddir/wireguard" ]; then
|
|
make -C %kernel_build_dir M=%_builddir/wireguard/src modules
|
|
fi
|
|
|
|
%install
|
|
|
|
# get rid of /usr/lib/rpm/brp-strip-debug
|
|
# strip removes too much from the vmlinux ELF binary
|
|
export NO_BRP_STRIP_DEBUG=true
|
|
export STRIP_KEEP_SYMTAB='*/vmlinux-*'
|
|
|
|
# /lib/modules/%kernelrelease-%build_flavor/build will be a stale symlink until the
|
|
# kernel-devel package is installed. Don't check for stale symlinks
|
|
# in the brp-symlink check:
|
|
export NO_BRP_STALE_LINK_ERROR=yes
|
|
|
|
cd %kernel_build_dir
|
|
|
|
mkdir -p %buildroot/boot
|
|
cp -p System.map %buildroot/boot/System.map-%kernelrelease
|
|
cp -p arch/x86/boot/bzImage %buildroot/boot/vmlinuz-%kernelrelease
|
|
cp .config %buildroot/boot/config-%kernelrelease
|
|
|
|
%if %install_vdso
|
|
# Install the unstripped vdso's that are linked in the kernel image
|
|
make vdso_install $MAKE_ARGS INSTALL_MOD_PATH=%buildroot
|
|
%endif
|
|
|
|
# Create a dummy initramfs with roughly the size the real one will have.
|
|
# That way, rpm will know that this package requires some additional
|
|
# space in /boot.
|
|
dd if=/dev/zero of=%buildroot/boot/initramfs-%kernelrelease.img \
|
|
bs=1M count=20
|
|
|
|
gzip -c9 < Module.symvers > %buildroot/boot/symvers-%kernelrelease.gz
|
|
|
|
make modules_install $MAKE_ARGS INSTALL_MOD_PATH=%buildroot
|
|
if [ -d "%_builddir/u2mfn" ]; then
|
|
make modules_install $MAKE_ARGS INSTALL_MOD_PATH=%buildroot M=%_builddir/u2mfn
|
|
fi
|
|
if [ -d "%_builddir/wireguard" ]; then
|
|
make modules_install $MAKE_ARGS INSTALL_MOD_PATH=%buildroot M=%_builddir/wireguard/src
|
|
fi
|
|
|
|
mkdir -p %buildroot/%src_install_dir
|
|
|
|
rm -f %buildroot/lib/modules/%kernelrelease/build
|
|
rm -f %buildroot/lib/modules/%kernelrelease/source
|
|
mkdir -p %buildroot/lib/modules/%kernelrelease/build
|
|
(cd %buildroot/lib/modules/%kernelrelease ; ln -s build source)
|
|
# dirs for additional modules per module-init-tools, kbuild/modules.txt
|
|
mkdir -p %buildroot/lib/modules/%kernelrelease/extra
|
|
mkdir -p %buildroot/lib/modules/%kernelrelease/updates
|
|
mkdir -p %buildroot/lib/modules/%kernelrelease/weak-updates
|
|
|
|
pushd %build_src_dir
|
|
cp --parents `find -type f -name "Makefile*" -o -name "Kconfig*"` %buildroot/lib/modules/%kernelrelease/build
|
|
cp -a scripts %buildroot/lib/modules/%kernelrelease/build
|
|
cp -a --parents arch/x86/include %buildroot/lib/modules/%kernelrelease/build/
|
|
cp -a include %buildroot/lib/modules/%kernelrelease/build/include
|
|
popd
|
|
|
|
cp Module.symvers %buildroot/lib/modules/%kernelrelease/build
|
|
cp System.map %buildroot/lib/modules/%kernelrelease/build
|
|
if [ -s Module.markers ]; then
|
|
cp Module.markers %buildroot/lib/modules/%kernelrelease/build
|
|
fi
|
|
|
|
rm -rf %buildroot/lib/modules/%kernelrelease/build/Documentation
|
|
|
|
# disable GCC plugins for external modules build, to not fail if different gcc
|
|
# version is used
|
|
sed -e 's/^\(CONFIG_GCC_PLUGIN.*\)=y/# \1 is not set/' .config > \
|
|
%buildroot/lib/modules/%kernelrelease/build/.config
|
|
|
|
rm -f %buildroot/lib/modules/%kernelrelease/build/scripts/*.o
|
|
rm -f %buildroot/lib/modules/%kernelrelease/build/scripts/*/*.o
|
|
|
|
cp -a scripts/* %buildroot/lib/modules/%kernelrelease/build/scripts/
|
|
cp -a include/* %buildroot/lib/modules/%kernelrelease/build/include/
|
|
cp -a --parents arch/x86/include/* %buildroot/lib/modules/%kernelrelease/build/
|
|
if [ -f tools/objtool/objtool ]; then
|
|
cp -a --parents tools/objtool %buildroot/lib/modules/%kernelrelease/build/
|
|
pushd %build_src_dir
|
|
cp -a --parents tools/objtool %buildroot/lib/modules/%kernelrelease/build/
|
|
cp -a --parents tools/build/Build.include %buildroot/lib/modules/%kernelrelease/build/
|
|
cp -a --parents tools/build/Build %buildroot/lib/modules/%kernelrelease/build/
|
|
cp -a --parents tools/build/fixdep.c %buildroot/lib/modules/%kernelrelease/build/
|
|
cp -a --parents tools/scripts/utilities.mak %buildroot/lib/modules/%kernelrelease/build/
|
|
cp -a --parents tools/lib/str_error_r.c %buildroot/lib/modules/%kernelrelease/build/
|
|
cp -a --parents tools/lib/string.c %buildroot/lib/modules/%kernelrelease/build/
|
|
cp -a --parents tools/lib/subcmd/* %buildroot/lib/modules/%kernelrelease/build/
|
|
popd
|
|
fi
|
|
|
|
# Copy .config to include/config/auto.conf so "make prepare" is unnecessary.
|
|
cp %buildroot/lib/modules/%kernelrelease/build/.config %buildroot/lib/modules/%kernelrelease/build/include/config/auto.conf
|
|
|
|
# Make sure the Makefile and version.h have a matching timestamp so that
|
|
# external modules can be built
|
|
touch -r %buildroot/lib/modules/%kernelrelease/build/Makefile %buildroot/lib/modules/%kernelrelease/build/include/generated/uapi/linux/version.h
|
|
touch -r %buildroot/lib/modules/%kernelrelease/build/.config %buildroot/lib/modules/%kernelrelease/build/include/config/auto.conf
|
|
|
|
if test -s vmlinux.id; then
|
|
cp vmlinux.id %buildroot/lib/modules/%kernelrelease/build/vmlinux.id
|
|
else
|
|
echo >&2 "*** WARNING *** no vmlinux build ID! ***"
|
|
fi
|
|
|
|
#
|
|
# save the vmlinux file for kernel debugging into the kernel-debuginfo rpm
|
|
#
|
|
%if %{with_debuginfo}
|
|
mkdir -p %buildroot%{debuginfodir}/lib/modules/%kernelrelease
|
|
cp vmlinux %buildroot%{debuginfodir}/lib/modules/%kernelrelease
|
|
%endif
|
|
|
|
find %buildroot/lib/modules/%kernelrelease -name "*.ko" -type f >modnames
|
|
|
|
# mark modules executable so that strip-to-file can strip them
|
|
xargs --no-run-if-empty chmod u+x < modnames
|
|
|
|
# Generate a list of modules for block and networking.
|
|
|
|
fgrep /drivers/ modnames | xargs --no-run-if-empty nm -upA |
|
|
sed -n 's,^.*/\([^/]*\.ko\): *U \(.*\)$,\1 \2,p' > drivers.undef
|
|
|
|
collect_modules_list()
|
|
{
|
|
sed -r -n -e "s/^([^ ]+) \\.?($2)\$/\\1/p" drivers.undef |
|
|
LC_ALL=C sort -u > %buildroot/lib/modules/%kernelrelease/modules.$1
|
|
}
|
|
|
|
collect_modules_list networking \
|
|
'register_netdev|ieee80211_register_hw|usbnet_probe'
|
|
collect_modules_list block \
|
|
'ata_scsi_ioctl|scsi_add_host|scsi_add_host_with_dma|blk_init_queue|register_mtd_blktrans|scsi_esp_register|scsi_register_device_handler'
|
|
collect_modules_list drm \
|
|
'drm_open|drm_init'
|
|
collect_modules_list modesetting \
|
|
'drm_crtc_init'
|
|
|
|
# detect missing or incorrect license tags
|
|
rm -f modinfo
|
|
while read i
|
|
do
|
|
echo -n "${i#%buildroot/lib/modules/%kernelrelease/} " >> modinfo
|
|
/sbin/modinfo -l $i >> modinfo
|
|
done < modnames
|
|
|
|
egrep -v \
|
|
'GPL( v2)?$|Dual BSD/GPL$|Dual MPL/GPL$|GPL and additional rights$' \
|
|
modinfo && exit 1
|
|
|
|
rm -f modinfo modnames
|
|
|
|
# Move the devel headers out of the root file system
|
|
mkdir -p %buildroot/usr/src/kernels
|
|
mv %buildroot/lib/modules/%kernelrelease/build/* %buildroot/%src_install_dir/
|
|
mv %buildroot/lib/modules/%kernelrelease/build/.config %buildroot/%src_install_dir
|
|
rmdir %buildroot/lib/modules/%kernelrelease/build
|
|
ln -sf %src_install_dir %buildroot/lib/modules/%kernelrelease/build
|
|
|
|
# Abort if there are any undefined symbols
|
|
msg="$(/sbin/depmod -F %buildroot/boot/System.map-%kernelrelease \
|
|
-b %buildroot -ae %kernelrelease 2>&1)"
|
|
|
|
if [ $? -ne 0 ] || echo "$msg" | grep 'needs unknown symbol'; then
|
|
exit 1
|
|
fi
|
|
|
|
# in case of no firmware built - place empty dir
|
|
mkdir -p %buildroot/lib/firmware
|
|
mv %buildroot/lib/firmware %buildroot/lib/firmware-all
|
|
mkdir -p %buildroot/lib/firmware
|
|
mv %buildroot/lib/firmware-all %buildroot/lib/firmware/%kernelrelease
|
|
|
|
# Prepare initramfs for Qubes VM
|
|
mkdir -p %buildroot/%vm_install_dir
|
|
PATH="/sbin:$PATH" dracut --nomdadmconf --nolvmconf \
|
|
--kmoddir %buildroot/lib/modules/%kernelrelease \
|
|
--modules "kernel-modules qubes-vm-simple" \
|
|
--conf /dev/null --confdir /var/empty \
|
|
-d "xenblk xen-blkfront cdrom ext4 jbd2 crc16 dm_snapshot" \
|
|
%buildroot/%vm_install_dir/initramfs %kernelrelease || exit 1
|
|
|
|
# workaround for buggy dracut-044 in Fedora 25
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1431317
|
|
# https://github.com/dracutdevs/dracut/issues/194
|
|
modules_dep=$(lsinitrd "%buildroot/%vm_install_dir/initramfs" \
|
|
"usr/lib/modules/%kernelrelease/modules.dep")
|
|
if [ -z "$modules_dep" ]; then
|
|
tmpdir=$(mktemp -d)
|
|
zcat "%buildroot/%vm_install_dir/initramfs" | cpio -imd -D "$tmpdir" || exit 1
|
|
mv "$tmpdir"/%buildroot/lib/modules/%kernelrelease/kernel \
|
|
"$tmpdir"/lib/modules/%kernelrelease/ || exit 1
|
|
depmod -F %buildroot/boot/System.map-%kernelrelease \
|
|
-b "$tmpdir" -a %kernelrelease || exit 1
|
|
pushd "$tmpdir"
|
|
if [ -n "$SOURCE_DATE_EPOCH" ]; then
|
|
find . -exec touch --no-dereference --date="@${SOURCE_DATE_EPOCH}" {} +
|
|
fi
|
|
find . -print0 | sort -z \
|
|
| cpio --null -R 0:0 -H newc -o --reproducible --quiet \
|
|
| gzip -n > %buildroot/%vm_install_dir/initramfs || exit 1
|
|
popd
|
|
fi
|
|
|
|
cp -p arch/x86/boot/bzImage %buildroot/%vm_install_dir/vmlinuz
|
|
|
|
# default kernel options for this kernel
|
|
def_kernelopts="root=/dev/mapper/dmroot ro nomodeset console=hvc0"
|
|
def_kernelopts="$def_kernelopts rd_NO_PLYMOUTH rd.plymouth.enable=0 plymouth.enable=0"
|
|
if [ -e /usr/lib/dracut/modules.d/90qubes-vm-simple/xen-scrub-pages-supported ]; then
|
|
# set xen_scrub_pages=0 _only_ when included initramfs does support
|
|
# re-enabling it
|
|
def_kernelopts="$def_kernelopts xen_scrub_pages=0"
|
|
fi
|
|
echo "$def_kernelopts " > %buildroot/%vm_install_dir/default-kernelopts-common.txt
|
|
|
|
# Modules for Qubes VM
|
|
mkdir -p %buildroot%vm_install_dir/modules
|
|
cp -a %buildroot/lib/modules/%kernelrelease %buildroot%vm_install_dir/modules/
|
|
mkdir -p %buildroot%vm_install_dir/modules/firmware
|
|
cp -a %buildroot/lib/firmware/%kernelrelease %buildroot%vm_install_dir/modules/firmware/
|
|
|
|
# Include kernel headers for Qubes VM in "/lib/modules" - so kernel-devel
|
|
# package will be unnecessary there, regardless of distribution
|
|
rm -f %buildroot%vm_install_dir/modules/%kernelrelease/build
|
|
cp -a %buildroot/%src_install_dir %buildroot%vm_install_dir/modules/%kernelrelease/build
|
|
|
|
%if 0%{?fedora} >= 25
|
|
# include kernel+initramfs also inside modules.img, for direct kernel boot with
|
|
# stubdomain
|
|
cp %buildroot%vm_install_dir/vmlinuz %buildroot%vm_install_dir/modules/
|
|
cp %buildroot%vm_install_dir/initramfs %buildroot%vm_install_dir/modules/
|
|
if [ -n "$SOURCE_DATE_EPOCH" ]; then
|
|
find %buildroot%vm_install_dir/modules \
|
|
-exec touch --no-dereference --date="@${SOURCE_DATE_EPOCH}" {} +
|
|
fi
|
|
PATH="/sbin:$PATH" mkfs.ext3 -d %buildroot%vm_install_dir/modules \
|
|
-U dcee2318-92bd-47a5-a15d-e79d1412cdce \
|
|
%buildroot%vm_install_dir/modules.img 500M
|
|
rm -rf %buildroot%vm_install_dir/modules
|
|
%endif
|
|
|
|
# remove files that will be auto generated by depmod at rpm -i time
|
|
for i in alias alias.bin ccwmap dep dep.bin ieee1394map inputmap isapnpmap ofmap pcimap seriomap symbols symbols.bin usbmap
|
|
do
|
|
rm -f %buildroot/lib/modules/%kernelrelease/modules.$i
|
|
done
|
|
|
|
%post
|
|
/sbin/depmod -a %{kernelrelease}
|
|
|
|
%posttrans
|
|
# with kernel-4.14+ plymouth detects hvc0 serial console and forces text boot
|
|
# we simply make plymouth ignore it to recover the splash screen
|
|
if [ -f /etc/default/grub ]; then
|
|
if ! grep -q plymouth.ignore-serial-consoles /etc/default/grub; then
|
|
echo 'GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX plymouth.ignore-serial-consoles"' >> /etc/default/grub
|
|
fi
|
|
fi
|
|
|
|
if [ -f /boot/efi/EFI/qubes/xen.cfg ]; then
|
|
if ! grep -q plymouth.ignore-serial-consoles /boot/efi/EFI/qubes/xen.cfg; then
|
|
sed -i 's/kernel=.*/& plymouth.ignore-serial-consoles/g' /boot/efi/EFI/qubes/xen.cfg
|
|
fi
|
|
fi
|
|
|
|
/bin/kernel-install add %{kernelrelease} /boot/vmlinuz-%{kernelrelease} || exit $?
|
|
|
|
# grubby (used by new-kernel-pkg) do not understand xen entries in grub2 config
|
|
if [ -x /sbin/new-kernel-pkg -a -e /boot/grub2/grub.cfg ]; then
|
|
grub2-mkconfig > /boot/grub2/grub.cfg
|
|
fi
|
|
|
|
%preun
|
|
/bin/kernel-install remove %{kernelrelease} /boot/vmlinuz-%{kernelrelease} || exit $?
|
|
|
|
%files
|
|
%defattr(-, root, root)
|
|
%ghost /boot/initramfs-%{kernelrelease}.img
|
|
/boot/System.map-%{kernelrelease}
|
|
/boot/config-%{kernelrelease}
|
|
/boot/symvers-%kernelrelease.gz
|
|
%attr(0644, root, root) /boot/vmlinuz-%{kernelrelease}
|
|
/lib/firmware/%{kernelrelease}
|
|
/lib/modules/%{kernelrelease}
|
|
|
|
%package devel
|
|
Summary: Development files necessary for building kernel modules
|
|
License: GPL v2 only
|
|
Group: Development/Sources
|
|
Provides: multiversion(kernel)
|
|
Provides: %name-devel = %kernelrelease
|
|
%if "%{?name_suffix}" != ""
|
|
Provides: kernel-devel = %kernelrelease
|
|
%endif
|
|
Provides: kernel-devel-uname-r = %kernelrelease
|
|
Requires: elfutils-libelf-devel
|
|
AutoReqProv: on
|
|
|
|
%description devel
|
|
This package contains files necessary for building kernel modules (and
|
|
kernel module packages) against the kernel.
|
|
|
|
%post devel
|
|
if [ -f /etc/sysconfig/kernel ]
|
|
then
|
|
. /etc/sysconfig/kernel || exit $?
|
|
fi
|
|
if [ "$HARDLINK" != "no" -a -x /usr/sbin/hardlink ]
|
|
then
|
|
(cd /usr/src/kernels/%{kernelrelease} &&
|
|
/usr/bin/find . -type f | while read f; do
|
|
hardlink -c /usr/src/kernels/*.fc*.*/$f $f
|
|
done)
|
|
fi
|
|
|
|
|
|
%files devel
|
|
%defattr(-,root,root)
|
|
/usr/src/kernels/%{kernelrelease}
|
|
|
|
|
|
%package qubes-vm
|
|
Summary: The Xen Kernel
|
|
Version: %{version}
|
|
Release: %{rel}
|
|
License: GPL v2 only
|
|
Group: System/Kernel
|
|
Url: http://www.kernel.org/
|
|
AutoReqProv: on
|
|
BuildRequires: coreutils module-init-tools sparse
|
|
Provides: multiversion(kernel-qubes-vm)
|
|
|
|
Provides: kernel-xen-domU
|
|
Provides: kernel-qubes-domU
|
|
|
|
Requires(pre): coreutils gawk
|
|
Requires(post): dracut
|
|
Requires(post): qubes-core-dom0
|
|
|
|
Conflicts: sysfsutils < 2.0
|
|
# root-lvm only works with newer udevs
|
|
Conflicts: udev < 118
|
|
Conflicts: lvm2 < 2.02.33
|
|
Provides: kernel-qubes-vm = %kernelrelease
|
|
|
|
%description qubes-vm
|
|
Qubes domU kernel.
|
|
|
|
%post qubes-vm
|
|
|
|
%if 0%{?fedora} < 25
|
|
mkdir /tmp/qubes-modules-%kernelrelease
|
|
truncate -s 500M /tmp/qubes-modules-%kernelrelease.img
|
|
mkfs -t ext3 -F /tmp/qubes-modules-%kernelrelease.img > /dev/null
|
|
mount /tmp/qubes-modules-%kernelrelease.img /tmp/qubes-modules-%kernelrelease -o loop
|
|
cp -a -t /tmp/qubes-modules-%kernelrelease %vm_install_dir/modules/%kernelrelease
|
|
mkdir /tmp/qubes-modules-%kernelrelease/firmware
|
|
cp -a -t /tmp/qubes-modules-%kernelrelease/firmware %vm_install_dir/modules/firmware/%kernelrelease
|
|
cp %vm_install_dir/vmlinuz /tmp/qubes-modules-%kernelrelease/
|
|
cp %vm_install_dir/initramfs /tmp/qubes-modules-%kernelrelease/
|
|
umount /tmp/qubes-modules-%kernelrelease
|
|
rmdir /tmp/qubes-modules-%kernelrelease
|
|
mv /tmp/qubes-modules-%kernelrelease.img %vm_install_dir/modules.img
|
|
%endif
|
|
|
|
current_default="$(qubes-prefs default-kernel)"
|
|
current_default_path="/var/lib/qubes/vm-kernels/$current_default"
|
|
current_default_package="$(rpm --qf '%{NAME}' -qf "$current_default_path")"
|
|
if [ "$current_default_package" = "%{name}-qubes-vm" ]; then
|
|
# Set kernel as default VM kernel if we are the default package.
|
|
|
|
# If qubes-prefs isn't installed yet, the default kernel will be set by %post
|
|
# of qubes-core-dom0
|
|
type qubes-prefs &>/dev/null && qubes-prefs --set default-kernel %upstream_version-%plainrel
|
|
fi
|
|
|
|
exit 0
|
|
|
|
%preun qubes-vm
|
|
|
|
if [ "`qubes-prefs -g default-kernel`" == "%upstream_version-%plainrel" ]; then
|
|
echo "This kernel version is set as default VM kernel, cannot remove"
|
|
exit 1
|
|
fi
|
|
if qvm-ls --kernel | grep -qw "%upstream_version-%plainrel"; then
|
|
echo "This kernel version is used by at least one VM, cannot remove"
|
|
exit 1
|
|
fi
|
|
|
|
exit 0
|
|
|
|
%files qubes-vm
|
|
%defattr(-, root, root)
|
|
%dir %vm_install_dir
|
|
%if 0%{?fedora} < 25
|
|
%ghost %attr(0644, root, root) %vm_install_dir/modules.img
|
|
%else
|
|
%attr(0644, root, root) %vm_install_dir/modules.img
|
|
%endif
|
|
%attr(0644, root, root) %vm_install_dir/initramfs
|
|
%attr(0644, root, root) %vm_install_dir/vmlinuz
|
|
%if 0%{?fedora} < 25
|
|
%vm_install_dir/modules
|
|
%endif
|
|
%attr(0644, root, root) %vm_install_dir/default-kernelopts-common.txt
|
|
|
|
%changelog
|
|
@CHANGELOG@
|