The package rpms/kernel.git has added or updated architecture specific content in its spec file (ExclusiveArch/ExcludeArch or %ifarch/%ifnarch) in commit(s): https://src.fedoraproject.org/cgit/rpms/kernel.git/commit/?id=11fa12d6aafcc7... https://src.fedoraproject.org/cgit/rpms/kernel.git/commit/?id=d9864a2973d526... https://src.fedoraproject.org/cgit/rpms/kernel.git/commit/?id=c68fd73909c552... https://src.fedoraproject.org/cgit/rpms/kernel.git/commit/?id=39eefe69c9cde6... https://src.fedoraproject.org/cgit/rpms/kernel.git/commit/?id=da6f972e3cf077... https://src.fedoraproject.org/cgit/rpms/kernel.git/commit/?id=1d23fdad0ff58c....
Change: +%ifarch x86_64 s390x ppc64 ppc64le aarch64 +ExclusiveArch: noarch i386 i686 x86_64 s390x %{arm} aarch64 ppc64le +%ifarch x86_64 ppc64le +%ifnarch i686 -%ifarch ppc64le +%ifnarch %{arm}
Thanks.
Full change: ============
commit 5919dc6ef7340eda54f01c44299cacf84f37ae77 Author: Laura Abbott labbott@redhat.com Date: Wed Oct 30 10:21:12 2019 -0400
bump and build to make sure I haven't broken anything
diff --git a/kernel.spec b/kernel.spec index 4830f6c..cc33647 100644 --- a/kernel.spec +++ b/kernel.spec @@ -73,7 +73,7 @@ Summary: The Linux kernel # For non-released -rc kernels, this will be appended after the rcX and # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3" # -%global baserelease 1 +%global baserelease 2 %global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching @@ -2364,6 +2364,9 @@ fi # # %changelog +* Wed Oct 30 2019 Laura Abbott labbott@redhat.com - 5.4.0-0.rc5.git0.2 +- bump and build to make sure I haven't broken anything + * Mon Oct 28 2019 Jeremy Cline jcline@redhat.com - 5.4.0-0.rc5.git0.1 - Linux v5.4-rc5
commit 39eefe69c9cde6d575be06028cbbb484e3d47e0c Author: Laura Abbott labbott@redhat.com Date: Fri Oct 25 12:47:30 2019 -0400
Switch up compression to be faster
diff --git a/kernel.spec b/kernel.spec index 5c35165..4830f6c 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1,6 +1,22 @@ # We have to override the new %%install behavior because, well... the kernel is special. %global __spec_install_pre %{___build_pre}
+# At the time of this writing (2019-03), RHEL8 packages use w2.xzdio +# compression for rpms (xz, level 2). +# Kernel has several large (hundreds of mbytes) rpms, they take ~5 mins +# to compress by single-threaded xz. Switch to threaded compression, +# and from level 2 to 3 to keep compressed sizes close to "w2" results. +# +# NB: if default compression in /usr/lib/rpm/redhat/macros ever changes, +# this one might need tweaking (e.g. if default changes to w3.xzdio, +# change below to w4T.xzdio): +# +# This is disabled on i686 as it triggers oom errors + +%ifnarch i686 +%define _binary_payload w3T.xzdio +%endif + Summary: The Linux kernel
# For a kernel released for public testing, released_kernel should be 1.
commit 5a7f6d996dfe3dbd81bf569d3b8b633912636b17 Author: Laura Abbott labbott@redhat.com Date: Fri Oct 25 12:46:54 2019 -0400
Update a comment
diff --git a/kernel.spec b/kernel.spec index a3a988c..5c35165 100644 --- a/kernel.spec +++ b/kernel.spec @@ -3,9 +3,11 @@
Summary: The Linux kernel
-# For a stable, released kernel, released_kernel should be 1. For rawhide -# and/or a kernel built from an rc or git snapshot, released_kernel should -# be 0. +# For a kernel released for public testing, released_kernel should be 1. +# For internal testing builds during development, it should be 0. +# For rawhide and/or a kernel built from an rc or git snapshot, +# released_kernel should be 0. +# For a stable, released kernel, released_kernel should be 1. %global released_kernel 0
%if 0%{?fedora}
commit 8be82a0f1b4e580f0c400e5d489f4f09ff0aded5 Author: Laura Abbott labbott@redhat.com Date: Thu Oct 24 14:47:02 2019 -0400
Don't put %{?_smp_mflags} in the common make definition
Some of the build targets may be racy and need to be fixed up to build correctly. Until that happens, put %{?_smp_mflags} on individual targets.
diff --git a/kernel.spec b/kernel.spec index 7fb5369..a3a988c 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1320,7 +1320,7 @@ cp_vmlinux() %define build_hostldflags %{?build_ldflags} -Wl,--build-id=uuid %endif
-%define make make %{?cross_opts} %{?make_opts} %{?_smp_mflags} HOSTCFLAGS="%{?build_hostcflags}" HOSTLDFLAGS="%{?build_hostldflags}" +%define make make %{?cross_opts} %{?make_opts} HOSTCFLAGS="%{?build_hostcflags}" HOSTLDFLAGS="%{?build_hostldflags}"
BuildKernel() { MakeTarget=$1 @@ -1366,7 +1366,7 @@ BuildKernel() {
# and now to start the build process
- %{make} mrproper + %{make} %{?_smp_mflags} mrproper cp configs/$Config .config
%if %{signkernel}%{signmodules} @@ -1382,9 +1382,9 @@ BuildKernel() {
# This ensures build-ids are unique to allow parallel debuginfo perl -p -i -e "s/^CONFIG_BUILD_SALT.*/CONFIG_BUILD_SALT="%{KVERREL}"/" .config - %{make} ARCH=$Arch KCFLAGS="$KCFLAGS" WITH_GCOV="%{?with_gcov}" $MakeTarget %{?sparse_mflags} %{?kernel_mflags} + %{make} ARCH=$Arch KCFLAGS="$KCFLAGS" WITH_GCOV="%{?with_gcov}" %{?_smp_mflags} $MakeTarget %{?sparse_mflags} %{?kernel_mflags} if [ $DoModules -eq 1 ]; then - %{make} ARCH=$Arch KCFLAGS="$KCFLAGS" WITH_GCOV="%{?with_gcov}" modules %{?sparse_mflags} || exit 1 + %{make} ARCH=$Arch KCFLAGS="$KCFLAGS" WITH_GCOV="%{?with_gcov}" %{?_smp_mflags} modules %{?sparse_mflags} || exit 1 fi
mkdir -p $RPM_BUILD_ROOT/%{image_install_path} @@ -1477,7 +1477,7 @@ BuildKernel() { if [ $DoModules -eq 1 ]; then # Override $(mod-fw) because we don't want it to install any firmware # we'll get it from the linux-firmware package and we don't want conflicts - %{make} ARCH=$Arch INSTALL_MOD_PATH=$RPM_BUILD_ROOT modules_install KERNELRELEASE=$KernelVer mod-fw= + %{make} ARCH=$Arch INSTALL_MOD_PATH=$RPM_BUILD_ROOT %{?_smp_mflags} modules_install KERNELRELEASE=$KernelVer mod-fw= fi
%if %{with_gcov}
commit 862edd6d9621f3adb30983f2046e24cbdad1eb3b Author: Laura Abbott labbott@redhat.com Date: Thu Oct 24 10:08:57 2019 -0400
ppc64le cflags uses -O3
diff --git a/kernel.spec b/kernel.spec index 478ef86..7fb5369 100644 --- a/kernel.spec +++ b/kernel.spec @@ -365,6 +365,7 @@ Summary: The Linux kernel %define kernel_image vmlinux %define kernel_image_elf 1 %define all_arch_configs kernel-%{version}-ppc64le*.config +%define kcflags -O3 %endif
%ifarch s390x
commit da6f972e3cf0771e6cc7d0fe9360c66e498321b8 Author: Laura Abbott labbott@redhat.com Date: Thu Oct 24 10:08:24 2019 -0400
Remove redundant macros for ppc64le
We only have ppc64le
diff --git a/kernel.spec b/kernel.spec index ee80254..478ef86 100644 --- a/kernel.spec +++ b/kernel.spec @@ -364,10 +364,8 @@ Summary: The Linux kernel %define make_target vmlinux %define kernel_image vmlinux %define kernel_image_elf 1 -%ifarch ppc64le %define all_arch_configs kernel-%{version}-ppc64le*.config %endif -%endif
%ifarch s390x %define asmarch s390
commit 10b3a150cf0d4b06f5f9105e9f7c7e49951caf70 Author: Laura Abbott labbott@redhat.com Date: Thu Oct 24 10:06:22 2019 -0400
Move the with_vanilla up with the rest of the macros
diff --git a/kernel.spec b/kernel.spec index 6d2090f..ee80254 100644 --- a/kernel.spec +++ b/kernel.spec @@ -161,6 +161,9 @@ Summary: The Linux kernel # ipa_clone support %define with_ipaclones %{?_without_ipaclones: 0} %{?!_without_ipaclones: 1}
+# Want to build a vanilla kernel build without any non-upstream patches? +%define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0} +
# Set debugbuildsenabled to 1 for production (build separate debug kernels) # and 0 for rawhide (all kernels are debug kernels). @@ -189,9 +192,6 @@ Summary: The Linux kernel %define make_opts -s %endif
-# Want to build a vanilla kernel build without any non-upstream patches? -%define with_vanilla %{?_with_vanilla: 1} %{?!_with_vanilla: 0} - # pkg_release is what we'll fill in for the rpm Release: field %if 0%{?released_kernel}
commit 1cf4120f6fc0cb76a666e9ad9539832403c75314 Author: Laura Abbott labbott@redhat.com Date: Thu Oct 24 09:55:10 2019 -0400
Fix debuginfo
From the original RHEL patch:
This extra '+' causes problems with the regular expression used with /usr/lib/rpm/find-debuginfo.sh script from rpm-build, which is used to filter the debug files to the corresponding debuginfo packages. The '+' character in the release is interpreted as a regular expression operator and the debuginfo filter fails, with the build failing on an empty debuginfo file list.
Which means we need to escape the extra '+' character if we want debuginfo filter to work. I tried to use '' to escape, but rpm "eats" that, in testing '[+]' worked so is what I'm using to fix/workaround this problem. When RHEL 8 drops the the extra +<number> in the future, we can remove this fix/workaround.
This problem is likely to come up so just add it in now.
diff --git a/kernel.spec b/kernel.spec index e996823..6d2090f 100644 --- a/kernel.spec +++ b/kernel.spec @@ -245,6 +245,7 @@ Summary: The Linux kernel %define image_install_path boot
%define KVERREL %{version}-%{release}.%{_target_cpu} +%define KVERREL_RE %(echo %KVERREL | sed 's/+/[+]/g') %define hdrarch %_target_cpu %define asmarch %_target_cpu
@@ -822,7 +823,7 @@ AutoReqProv: no\ %description %{?1:%{1}-}debuginfo\ This package provides debug information for package %{name}%{?1:-%{1}}.\ This is required to use SystemTap with %{name}%{?1:-%{1}}-%{KVERREL}.\ -%{expand:%%global _find_debuginfo_opts %{?_find_debuginfo_opts} -p '/.*/%%{KVERREL}%{?1:[+]%{1}}/.*|/.*%%{KVERREL}%{?1:+%{1}}(.debug)?' -o debuginfo%{?1}.list}\ +%{expand:%%global _find_debuginfo_opts %{?_find_debuginfo_opts} -p '/.*/%%{KVERREL_RE}%{?1:[+]%{1}}/.*|/.*%%{KVERREL_RE}%{?1:+%{1}}(.debug)?' -o debuginfo%{?1}.list}\ %{nil}
#
commit c0312b2e60495b2f82b1748d13f9eb20712a746e Author: Laura Abbott labbott@redhat.com Date: Wed Oct 23 15:43:13 2019 -0400
Make turning off configchecks an official ---with option
Fedora does some validation on config options to catch errors. There may be cases when we want to turn off that checking because it doesn't actually matter. Make this a full --with option to make it easier to turn off.
diff --git a/kernel.spec b/kernel.spec index 8f663d2..e996823 100644 --- a/kernel.spec +++ b/kernel.spec @@ -149,6 +149,11 @@ Summary: The Linux kernel # verbose build, i.e. no silent rules and V=1 %define with_verbose %{?_with_verbose: 1} %{?!_with_verbose: 0}
+# +# check for mismatched config options +%define with_configchecks %{?_without_configchecks: 0} %{?!_without_configchecks: 1} + +# # gcov support %define with_gcov %{?_with_gcov: 1} %{?!_with_gcov: 0}
@@ -400,11 +405,7 @@ Summary: The Linux kernel # Should make listnewconfig fail if there's config options # printed out? %if %{nopatches} -%define listnewconfig_fail 0 -%define configmismatch_fail 0 -%else -%define listnewconfig_fail 1 -%define configmismatch_fail 1 +%define with_configchecks 0 %endif
# To temporarily exclude an architecture from being built, add it to @@ -1261,11 +1262,12 @@ done
cp %{SOURCE42} . OPTS="" -%if %{listnewconfig_fail} - OPTS="$OPTS -n" +%if %{with_configchecks} +%if 0%{?fedora} + OPTS="$OPTS -n -c" +%else + OPTS="$OPTS -w -n -c" %endif -%if %{configmismatch_fail} - OPTS="$OPTS -c" %endif ./process_configs.sh $OPTS kernel %{rpmversion}
commit d9864a2973d5262d756db797cb344b65e2d1e801 Author: Laura Abbott labbott@redhat.com Date: Wed Oct 23 15:28:49 2019 -0400
Switch up some Fedora options
Downstream has different requirements than Fedora in some places. Add some macros to support both cases.
diff --git a/kernel.spec b/kernel.spec index c8a2ebc..8f663d2 100644 --- a/kernel.spec +++ b/kernel.spec @@ -8,8 +8,14 @@ Summary: The Linux kernel # be 0. %global released_kernel 0
+%if 0%{?fedora} +%define secure_boot_arch x86_64 +%else +%define secure_boot_arch x86_64 aarch64 s390x ppc64le +%endif + # Signing for secure boot authentication -%ifarch %{ix86} x86_64 +%ifarch %{secure_boot_arch} %global signkernel 1 %else %global signkernel 0 @@ -166,6 +172,10 @@ Summary: The Linux kernel %define with_ipaclones 0 # no whitelist %define with_kernel_abi_whitelists 0 +# Fedora builds these separately +%define with_perf 0 +%define with_tools 0 +%define with_bpftool 0 %endif
%if %{with_verbose} @@ -289,8 +299,6 @@ Summary: The Linux kernel %define with_kabidwchk 0 %endif
-%define all_x86 i386 i686 - %if %{with_vdso_install} %define use_vdso 1 %endif @@ -307,10 +315,12 @@ Summary: The Linux kernel %define doc_build_fail true %endif
+%if 0%{?fedora} # don't do debug builds on anything but i686 and x86_64 %ifnarch i686 x86_64 %define with_debug 0 %endif +%endif
# don't build noarch kernels or headers (duh) %ifarch noarch @@ -329,7 +339,7 @@ Summary: The Linux kernel
# Per-arch tweaks
-%ifarch %{all_x86} +%ifarch i686 %define asmarch x86 %define hdrarch i386 %define all_arch_configs kernel-%{version}-i?86*.config @@ -404,7 +414,11 @@ Summary: The Linux kernel # Which is a BadThing(tm).
# We only build kernel-headers on the following... +%if 0%{?fedora} %define nobuildarches i386 +%else +%define nobuildarches i386 i686 +%endif
%ifarch %nobuildarches %define with_up 0 @@ -416,7 +430,11 @@ Summary: The Linux kernel %endif
# Architectures we build tools/cpupower on +%if 0%{?fedora} %define cpupowerarchs %{ix86} x86_64 ppc64le %{arm} aarch64 +%else +%define cpupowerarchs i686 x86_64 ppc64le aarch64 +%endif
%if %{use_vdso}
@@ -446,7 +464,11 @@ Version: %{rpmversion} Release: %{pkg_release} # DO NOT CHANGE THE 'ExclusiveArch' LINE TO TEMPORARILY EXCLUDE AN ARCHITECTURE BUILD. # SET %%nobuildarches (ABOVE) INSTEAD +%if 0%{?fedora} ExclusiveArch: x86_64 s390x %{arm} aarch64 ppc64le +%else +ExclusiveArch: noarch i386 i686 x86_64 s390x %{arm} aarch64 ppc64le +%endif ExclusiveOS: Linux %ifnarch %{nobuildarches} Requires: kernel-core-uname-r = %{KVERREL}%{?variant}
commit 5648544aaba8a542ab14990ac83c4c401637aebf Author: Laura Abbott labbott@redhat.com Date: Wed Oct 23 14:53:43 2019 -0400
Add mod-internal package
Some of the downstream users want to package some modules for internal use only. While Fedora isn't internal, it's still useful to have packaging aligned. Add a few modules to this package.
diff --git a/kernel.spec b/kernel.spec index f102af3..c8a2ebc 100644 --- a/kernel.spec +++ b/kernel.spec @@ -525,6 +525,7 @@ Source15: merge.pl Source16: mod-extra.list Source17: mod-extra.sh Source18: mod-sign.sh +Source19: mod-extra-blacklist.sh Source90: filter-x86_64.sh Source91: filter-armv7hl.sh Source92: filter-i686.sh @@ -555,6 +556,8 @@ Source41: generate_debug_configs.sh Source42: process_configs.sh Source43: generate_bls_conf.sh
+Source44: mod-internal.list + # This file is intentionally left empty in the stock kernel. Its a nicety # added for those wanting to do custom rebuilds with altered config opts. Source1000: kernel-local @@ -832,6 +835,27 @@ This package provides *.ipa-clones files.\ %{nil}
# +# This macro creates a kernel-<subpackage>-modules-internal package. +# %%kernel_modules_internal_package <subpackage> <pretty-name> +# +%define kernel_modules_internal_package() \ +%package %{?1:%{1}-}modules-internal\ +Summary: Extra kernel modules to match the %{?2:%{2} }kernel\ +Group: System Environment/Kernel\ +Provides: kernel%{?1:-%{1}}-modules-internal-%{_target_cpu} = %{version}-%{release}\ +Provides: kernel%{?1:-%{1}}-modules-internal-%{_target_cpu} = %{version}-%{release}%{?1:+%{1}}\ +Provides: kernel%{?1:-%{1}}-modules-internal = %{version}-%{release}%{?1:+%{1}}\ +Provides: installonlypkg(kernel-module)\ +Provides: kernel%{?1:-%{1}}-modules-internal-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ +Requires: kernel-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ +Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?variant}%{?1:+%{1}}\ +AutoReq: no\ +AutoProv: yes\ +%description %{?1:%{1}-}modules-internal\ +This package provides kernel modules for the %{?2:%{2} }kernel package for Red Hat internal usage.\ +%{nil} + +# # This macro creates a kernel-<subpackage>-modules-extra package. # %%kernel_modules_extra_package <subpackage> <pretty-name> # @@ -904,6 +928,7 @@ Obsoletes: kernel-bootwrapper\ %{expand:%%kernel_devel_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\ %{expand:%%kernel_modules_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\ %{expand:%%kernel_modules_extra_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\ +%{expand:%%kernel_modules_internal_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\ %{expand:%%kernel_debuginfo_package %{?1:%{1}}}\ %{nil}
@@ -1464,6 +1489,7 @@ BuildKernel() { (cd $RPM_BUILD_ROOT/lib/modules/$KernelVer ; ln -s build source) # dirs for additional modules per module-init-tools, kbuild/modules.txt mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/extra + mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/internal mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/updates mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/weak-updates # first copy everything @@ -1686,6 +1712,10 @@ BuildKernel() {
# Call the modules-extra script to move things around %{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE16} + # Blacklist net autoloadable modules in modules-extra + %{SOURCE19} $RPM_BUILD_ROOT lib/modules/$KernelVer + # Call the modules-extra script for internal modules + %{SOURCE17} $RPM_BUILD_ROOT/lib/modules/$KernelVer %{SOURCE44} internal
# # Generate the kernel-core and kernel-modules files lists @@ -1699,7 +1729,7 @@ BuildKernel() { cp -r lib/modules/$KernelVer/* restore/.
# don't include anything going into k-m-e in the file lists - rm -rf lib/modules/$KernelVer/extra + rm -rf lib/modules/$KernelVer/{extra,internal}
if [ $DoModules -eq 1 ]; then @@ -2068,6 +2098,20 @@ fi\ %{nil}
# +# This macro defines a %%post script for a kernel*-modules-internal package. +# It also defines a %%postun script that does the same thing. +# %%kernel_modules_internal_post [<subpackage>] +# +%define kernel_modules_internal_post() \ +%{expand:%%post %{?1:%{1}-}modules-internal}\ +/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\ +%{nil}\ +%{expand:%%postun %{?1:%{1}-}modules-internal}\ +/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\ +%{nil} + + +# # This macro defines a %%post script for a kernel*-modules package. # It also defines a %%postun script that does the same thing. # %%kernel_modules_post [<subpackage>] @@ -2102,6 +2146,7 @@ fi\ %{expand:%%kernel_devel_post %{?-v*}}\ %{expand:%%kernel_modules_post %{?-v*}}\ %{expand:%%kernel_modules_extra_post %{?-v*}}\ +%{expand:%%kernel_modules_internal_post %{?-v*}}\ %{expand:%%kernel_variant_posttrans %{?-v*}}\ %{expand:%%post %{?-v*:%{-v*}-}core}\ %{-r:\ @@ -2237,7 +2282,13 @@ fi %defverify(not mtime)\ /usr/src/kernels/%{KVERREL}%{?3:+%{3}}\ %{expand:%%files %{?3:%{3}-}modules-extra}\ +%config(noreplace) /etc/modprobe.d/*-blacklist.conf\ /lib/modules/%{KVERREL}%{?3:+%{3}}/extra\ +%%defattr(-,root,root)\ +%defverify(not mtime)\ +/usr/src/kernels/%{KVERREL}%{?3:+%{3}}\ +%{expand:%%files %{?3:%{3}-}modules-internal}\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/internal\ %if %{with_debuginfo}\ %ifnarch noarch\ %{expand:%%files -f debuginfo%{?3}.list %{?3:%{3}-}debuginfo}\ diff --git a/mod-extra-blacklist.sh b/mod-extra-blacklist.sh new file mode 100755 index 0000000..9569ef6 --- /dev/null +++ b/mod-extra-blacklist.sh @@ -0,0 +1,48 @@ +#!/bin/bash + +buildroot="$1" +kernel_base="$2" + +blacklist() +{ + cat > "$buildroot/etc/modprobe.d/$1-blacklist.conf" <<-__EOF__ + # This kernel module can be automatically loaded by non-root users. To + # enhance system security, the module is blacklisted by default to ensure + # system administrators make the module available for use as needed. + # See https://access.redhat.com/articles/3760101 for more details. + # + # Remove the blacklist by adding a comment # at the start of the line. + blacklist $1 +__EOF__ +} + +check_blacklist() +{ + if modinfo "$1" | grep -q '^alias:\s+net-'; then + mod="${1##*/}" + mod="${mod%.ko*}" + echo "$mod has an alias that allows auto-loading. Blacklisting." + blacklist "$mod" + fi +} + +foreachp() +{ + P=$(nproc) + bgcount=0 + while read mod; do + $1 "$mod" & + + bgcount=$((bgcount + 1)) + if [ $bgcount -eq $P ]; then + wait -n + bgcount=$((bgcount - 1)) + fi + done + + wait +} + +[ -d "$buildroot/etc/modprobe.d/" ] || mkdir -p "$buildroot/etc/modprobe.d/" +find "$buildroot/$kernel_base/extra" -name "*.ko*" | \ + foreachp check_blacklist diff --git a/mod-extra.sh b/mod-extra.sh index d121bd0..7dc075b 100755 --- a/mod-extra.sh +++ b/mod-extra.sh @@ -2,6 +2,10 @@
Dir=$1 List=$2 +Dest="extra" + +# Destination was specified on the command line +test -n "$3" && Dest="$3"
pushd $Dir rm -rf modnames @@ -11,43 +15,45 @@ find . -name "*.ko" -type f > modnames rm -rf dep.list dep2.list rm -rf req.list req2.list touch dep.list req.list -cp $2 . +cp "$List" .
-for dep in `cat modnames` -do - depends=`modinfo $dep | grep depends| cut -f2 -d":" | sed -e 's/^[ \t]*//'` - [ -z "$depends" ] && continue; - for mod in `echo $depends | sed -e 's/,/ /g'` +# This variable needs to be exported because it is used in sub-script +# executed by xargs +export ListName=$(basename "$List") + +# NB: this loop runs 2000+ iterations. Try to be fast. +NPROC=`nproc` +[ -z "$NPROC" ] && NPROC=1 +cat modnames | xargs -r -n1 -P $NPROC sh -c ' + dep=$1 + depends=`modinfo $dep | sed -n -e "/^depends/ s/^depends:[ \t]*//p"` + [ -z "$depends" ] && exit + for mod in ${depends//,/ } do - match=`grep "^$mod.ko" mod-extra.list` ||: - if [ -z "$match" ] + match=$(grep "^$mod.ko" "$ListName") + [ -z "$match" ] && continue + # check if the module we are looking at is in mod-extra too. + # if so we do not need to mark the dep as required. + mod2=${dep##*/} # same as `basename $dep`, but faster + match2=$(grep "^$mod2" "$ListName") + if [ -n "$match2" ] then + #echo $mod2 >> notreq.list continue - else - # check if the module we're looking at is in mod-extra too. if so - # we don't need to mark the dep as required - mod2=`basename $dep` - match2=`grep "^$mod2" mod-extra.list` ||: - if [ -n "$match2" ] - then - continue - #echo $mod2 >> notreq.list - else - echo $mod.ko >> req.list - fi fi + echo $mod.ko >> req.list done -done +' DUMMYARG0 # xargs appends MODNAME, which becomes $dep in the script above
sort -u req.list > req2.list -sort -u mod-extra.list > mod-extra2.list -join -v 1 mod-extra2.list req2.list > mod-extra3.list +sort -u "$ListName" > modules2.list +join -v 1 modules2.list req2.list > modules3.list
-for mod in `cat mod-extra3.list` +for mod in $(cat modules3.list) do # get the path for the module - modpath=`grep /$mod modnames` ||: - [ -z "$modpath" ] && continue; + modpath=`grep /$mod modnames` + [ -z "$modpath" ] && continue echo $modpath >> dep.list done
@@ -56,7 +62,7 @@ sort -u dep.list > dep2.list # now move the modules into the extra/ directory for mod in `cat dep2.list` do - newpath=`dirname $mod | sed -e 's/kernel//extra//'` + newpath=`dirname $mod | sed -e "s/kernel\//$Dest//"` mkdir -p $newpath mv $mod $newpath done @@ -76,5 +82,5 @@ done
pushd $Dir rm modnames dep.list dep2.list req.list req2.list -rm mod-extra.list mod-extra2.list mod-extra3.list +rm "$ListName" modules2.list modules3.list popd diff --git a/mod-internal.list b/mod-internal.list new file mode 100644 index 0000000..9270dcc --- /dev/null +++ b/mod-internal.list @@ -0,0 +1,4 @@ +mac80211_hwsim +netdevsim +pktgen +rocker
commit 11fa12d6aafcc7da26fa11b58f79cfcec7721718 Author: Laura Abbott labbott@redhat.com Date: Tue Oct 22 11:16:56 2019 -0400
Bring in packaging support for kABI (no we are not getting an ABI)
Other products downstream of Fedora offer kernel ABI guarantees. Fedora doesn't offer this and have no plans to do so but it's useful to at least have the packaging in our tree. Add support.
diff --git a/kernel.spec b/kernel.spec index acb4115..f102af3 100644 --- a/kernel.spec +++ b/kernel.spec @@ -106,6 +106,8 @@ Summary: The Linux kernel %define with_debuginfo %{?_without_debuginfo: 0} %{?!_without_debuginfo: 1} # Want to build a the vsdo directories installed %define with_vdso_install %{?_without_vdso_install: 0} %{?!_without_vdso_install: 1} +# kernel-abi-whitelists +%define with_kernel_abi_whitelists %{?_without_kernel_abi_whitelists: 0} %{?!_without_kernel_abi_whitelists: 1} # internal samples and selftests %define with_selftests %{?_without_selftests: 0} %{?!_without_selftests: 1} # @@ -117,6 +119,17 @@ Summary: The Linux kernel %define with_paeonly %{?_with_paeonly: 1} %{?!_with_paeonly: 0} # Only build the debug kernel (--with dbgonly): %define with_dbgonly %{?_with_dbgonly: 1} %{?!_with_dbgonly: 0} +# Control whether we perform a compat. check against published ABI. +#%define with_kabichk %{?_without_kabichk: 0} %{?!_without_kabichk: 1} +# Temporarily disable kabi checks until RC. +%define with_kabichk 0 +# Control whether we perform a compat. check against DUP ABI. +%define with_kabidupchk %{?_with_kabidupchk: 1} %{?!_with_kabidupchk: 0} +# +# Control whether to run an extensive DWARF based kABI check. +# Note that this option needs to have baseline setup in SOURCE300. +%define with_kabidwchk %{?_without_kabidwchk: 0} %{?!_without_kabidwchk: 1} +%define with_kabidw_base %{?_with_kabidw_base: 1} %{?!_with_kabidw_base: 0} # # should we do C=1 builds with sparse %define with_sparse %{?_with_sparse: 1} %{?!_with_sparse: 0} @@ -151,6 +164,8 @@ Summary: The Linux kernel %define with_selftests 0 # no ipa_clone for now %define with_ipaclones 0 +# no whitelist +%define with_kernel_abi_whitelists 0 %endif
%if %{with_verbose} @@ -196,6 +211,11 @@ Summary: The Linux kernel %define with_kabidwchk 0 %endif
+# turn off kABI DWARF-based check if we're generating the base dataset +%if %{with_kabidw_base} +%define with_kabidwchk 0 +%endif + # kpatch_kcflags are extra compiler flags applied to base kernel # -fdump-ipa-clones is enabled only for base kernels on selected arches %if %{with_ipaclones} @@ -263,12 +283,22 @@ Summary: The Linux kernel %define with_pae 0 %endif
+# turn off kABI DUP check and DWARF-based check if kABI check is disabled +%if !%{with_kabichk} +%define with_kabidupchk 0 +%define with_kabidwchk 0 +%endif + %define all_x86 i386 i686
%if %{with_vdso_install} %define use_vdso 1 %endif
+%ifnarch noarch +%define with_kernel_abi_whitelists 0 +%endif + # Overrides for generic default options
# only package docs noarch @@ -471,6 +501,9 @@ BuildConflicts: rpm < 4.13.0.1-19 %global _missing_build_ids_terminate_build 1 %global _no_recompute_build_ids 1 %endif +%if %{with_kabidwchk} || %{with_kabidw_base} +BuildRequires: kabi-dw +%endif
%if %{signkernel}%{signmodules} BuildRequires: openssl openssl-devel @@ -730,6 +763,25 @@ Summary: gcov graph and source files for coverage data collection. kernel-gcov includes the gcov graph and source files for gcov coverage collection. %endif
+%package -n kernel-abi-whitelists +Summary: The Red Hat Enterprise Linux kernel ABI symbol whitelists +AutoReqProv: no +%description -n kernel-abi-whitelists +The kABI package contains information pertaining to the Red Hat Enterprise +Linux kernel ABI, including lists of kernel symbols that are needed by +external Linux kernel modules, and a yum plugin to aid enforcement. + +%if %{with_kabidw_base} +%package kabidw-base +Summary: The baseline dataset for kABI verification using DWARF data +Group: System Environment/Kernel +AutoReqProv: no +%description kabidw-base +The kabidw-base package contains data describing the current ABI of the Red Hat +Enterprise Linux kernel, suitable for the kabi-dw tool. +%endif + + # # This macro creates a kernel-<subpackage>-debuginfo package. # %%kernel_debuginfo_package <subpackage> @@ -1421,6 +1473,87 @@ BuildKernel() { if [ -s Module.markers ]; then cp Module.markers $RPM_BUILD_ROOT/lib/modules/$KernelVer/build fi + + # create the kABI metadata for use in packaging + # NOTENOTE: the name symvers is used by the rpm backend + # NOTENOTE: to discover and run the /usr/lib/rpm/fileattrs/kabi.attr + # NOTENOTE: script which dynamically adds exported kernel symbol + # NOTENOTE: checksums to the rpm metadata provides list. + # NOTENOTE: if you change the symvers name, update the backend too + echo "**** GENERATING kernel ABI metadata ****" + gzip -c9 < Module.symvers > $RPM_BUILD_ROOT/boot/symvers-$KernelVer.gz + cp $RPM_BUILD_ROOT/boot/symvers-$KernelVer.gz $RPM_BUILD_ROOT/lib/modules/$KernelVer/symvers.gz +%if %{with_kabichk} + echo "**** kABI checking is enabled in kernel SPEC file. ****" + chmod 0755 $RPM_SOURCE_DIR/check-kabi + if [ -e $RPM_SOURCE_DIR/Module.kabi_%{_target_cpu}$Flavour ]; then + cp $RPM_SOURCE_DIR/Module.kabi_%{_target_cpu}$Flavour $RPM_BUILD_ROOT/Module.kabi + $RPM_SOURCE_DIR/check-kabi -k $RPM_BUILD_ROOT/Module.kabi -s Module.symvers || exit 1 + rm $RPM_BUILD_ROOT/Module.kabi # for now, don't keep it around. + else + echo "**** NOTE: Cannot find reference Module.kabi file. ****" + fi +%endif + +%if %{with_kabidupchk} + echo "**** kABI DUP checking is enabled in kernel SPEC file. ****" + if [ -e $RPM_SOURCE_DIR/Module.kabi_dup_%{_target_cpu}$Flavour ]; then + cp $RPM_SOURCE_DIR/Module.kabi_dup_%{_target_cpu}$Flavour $RPM_BUILD_ROOT/Module.kabi + $RPM_SOURCE_DIR/check-kabi -k $RPM_BUILD_ROOT/Module.kabi -s Module.symvers || exit 1 + rm $RPM_BUILD_ROOT/Module.kabi # for now, don't keep it around. + else + echo "**** NOTE: Cannot find DUP reference Module.kabi file. ****" + fi +%endif + +%if %{with_kabidw_base} + # Don't build kabi base for debug kernels + if [ "$Flavour" != "kdump" -a "$Flavour" != "debug" ]; then + mkdir -p $RPM_BUILD_ROOT/kabi-dwarf + tar xjvf %{SOURCE301} -C $RPM_BUILD_ROOT/kabi-dwarf + + mkdir -p $RPM_BUILD_ROOT/kabi-dwarf/whitelists + tar xjvf %{SOURCE300} -C $RPM_BUILD_ROOT/kabi-dwarf/whitelists + + echo "**** GENERATING DWARF-based kABI baseline dataset ****" + chmod 0755 $RPM_BUILD_ROOT/kabi-dwarf/run_kabi-dw.sh + $RPM_BUILD_ROOT/kabi-dwarf/run_kabi-dw.sh generate \ + "$RPM_BUILD_ROOT/kabi-dwarf/whitelists/kabi-current/kabi_whitelist_%{_target_cpu}" \ + "$(pwd)" \ + "$RPM_BUILD_ROOT/kabidw-base/%{_target_cpu}${Flavour:+.${Flavour}}" || : + + rm -rf $RPM_BUILD_ROOT/kabi-dwarf + fi +%endif + +%if %{with_kabidwchk} + if [ "$Flavour" != "kdump" ]; then + mkdir -p $RPM_BUILD_ROOT/kabi-dwarf + tar xjvf %{SOURCE301} -C $RPM_BUILD_ROOT/kabi-dwarf + if [ -d "$RPM_BUILD_ROOT/kabi-dwarf/base/%{_target_cpu}${Flavour:+.${Flavour}}" ]; then + mkdir -p $RPM_BUILD_ROOT/kabi-dwarf/whitelists + tar xjvf %{SOURCE300} -C $RPM_BUILD_ROOT/kabi-dwarf/whitelists + + echo "**** GENERATING DWARF-based kABI dataset ****" + chmod 0755 $RPM_BUILD_ROOT/kabi-dwarf/run_kabi-dw.sh + $RPM_BUILD_ROOT/kabi-dwarf/run_kabi-dw.sh generate \ + "$RPM_BUILD_ROOT/kabi-dwarf/whitelists/kabi-current/kabi_whitelist_%{_target_cpu}" \ + "$(pwd)" \ + "$RPM_BUILD_ROOT/kabi-dwarf/base/%{_target_cpu}${Flavour:+.${Flavour}}.tmp" || : + + echo "**** kABI DWARF-based comparison report ****" + $RPM_BUILD_ROOT/kabi-dwarf/run_kabi-dw.sh compare \ + "$RPM_BUILD_ROOT/kabi-dwarf/base/%{_target_cpu}${Flavour:+.${Flavour}}" \ + "$RPM_BUILD_ROOT/kabi-dwarf/base/%{_target_cpu}${Flavour:+.${Flavour}}.tmp" || : + echo "**** End of kABI DWARF-based comparison report ****" + else + echo "**** Baseline dataset for kABI DWARF-BASED comparison report not found ****" + fi + + rm -rf $RPM_BUILD_ROOT/kabi-dwarf + fi +%endif + # then drop all but the needed Makefiles/Kconfig files rm -rf $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/Documentation rm -rf $RPM_BUILD_ROOT/lib/modules/$KernelVer/build/scripts @@ -1839,6 +1972,15 @@ done rm -rf $RPM_BUILD_ROOT/usr/tmp-headers %endif
+%if %{with_kernel_abi_whitelists} +# kabi directory +INSTALL_KABI_PATH=$RPM_BUILD_ROOT/lib/modules/ +mkdir -p $INSTALL_KABI_PATH + +# install kabi releases directories +tar xjvf %{SOURCE300} -C $INSTALL_KABI_PATH +%endif # with_kernel_abi_whitelists + %if %{with_selftests} pushd samples install -d %{buildroot}%{_libexecdir}/ksamples @@ -2012,6 +2154,19 @@ fi /usr/*-linux-gnu/include/* %endif
+%if %{with_kernel_abi_whitelists} +%files -n kernel-abi-whitelists +/lib/modules/kabi-* +%endif + +%if %{with_kabidw_base} +%ifarch x86_64 s390x ppc64 ppc64le aarch64 +%files kabidw-base +%defattr(-,root,root) +/kabidw-base/%{_target_cpu}/* +%endif +%endif + # only some architecture builds need kernel-doc %if %{with_doc} %files doc @@ -2060,7 +2215,9 @@ fi %endif\ %attr(600,root,root) /lib/modules/%{KVERREL}%{?3:+%{3}}/System.map\ %ghost /boot/System.map-%{KVERREL}%{?3:+%{3}}\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/symvers.gz\ /lib/modules/%{KVERREL}%{?3:+%{3}}/config\ +%ghost /boot/symvers-%{KVERREL}%{?3:+%{3}}.gz\ %ghost /boot/config-%{KVERREL}%{?3:+%{3}}\ %ghost /boot/initramfs-%{KVERREL}%{?3:+%{3}}.img\ %dir /lib/modules\
commit dd53be813be3f4c8367e3c3e202c8911b94402b3 Author: Laura Abbott labbott@redhat.com Date: Tue Oct 22 11:00:32 2019 -0400
Use the dist tag for the hard link instead of a wider fc* tag
More generic for other dist-tags
diff --git a/kernel.spec b/kernel.spec index ac0c125..acb4115 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1907,7 +1907,7 @@ if [ "$HARDLINK" != "no" -a -x /usr/sbin/hardlink ]\ then\ (cd /usr/src/kernels/%{KVERREL}%{?1:+%{1}} &&\ /usr/bin/find . -type f | while read f; do\ - hardlink -c /usr/src/kernels/*.fc*.*/$f $f\ + hardlink -c /usr/src/kernels/*%{?dist}.*/$f $f\ done)\ fi\ %{nil}
commit 5a0c912794dda84feb84b495adede3df75d0620b Author: Laura Abbott labbott@redhat.com Date: Tue Oct 22 10:59:19 2019 -0400
Add some expanded UEFI support
Fedora currently only supports x86_64 secureboot signing. There's ongoing work to enable other arches though. For now, just bring in the packaging support with some of it commented out.
diff --git a/kernel.spec b/kernel.spec index fd3382c..ac0c125 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1313,14 +1313,53 @@ BuildKernel() { cp arch/$Arch/boot/zImage.stub $RPM_BUILD_ROOT/%{image_install_path}/zImage.stub-$KernelVer || : cp arch/$Arch/boot/zImage.stub $RPM_BUILD_ROOT/lib/modules/$KernelVer/zImage.stub-$KernelVer || : fi + + %if %{signkernel} + if [ "$KernelImage" = vmlinux ]; then + # We can't strip and sign $KernelImage in place, because + # we need to preserve original vmlinux for debuginfo. + # Use a copy for signing. + $CopyKernel $KernelImage $KernelImage.tosign + KernelImage=$KernelImage.tosign + CopyKernel=cp + fi + # Sign the image if we're using EFI + # aarch64 kernels are gziped EFI images + KernelExtension=${KernelImage##*.} + if [ "$KernelExtension" == "gz" ]; then + SignImage=${KernelImage%.*} + else + SignImage=$KernelImage + fi + + %ifarch x86_64 aarch64 + %if 0%{?fedora} %pesign -s -i $KernelImage -o vmlinuz.signed + %else + %pesign -s -i $SignImage -o vmlinuz.signed -a %{secureboot_ca} -c %{secureboot_key} -n %{pesign_name} + %endif # fedora + %endif # arches + %ifarch s390x ppc64le + if [ -x /usr/bin/rpm-sign ]; then + rpm-sign --key "%{pesign_name}" --lkmsign $SignImage --output vmlinuz.signed + elif [ $DoModules -eq 1 ]; then + chmod +x scripts/sign-file + ./scripts/sign-file -p sha256 certs/signing_key.pem certs/signing_key.x509 $SignImage vmlinuz.signed + else + mv $SignImage vmlinuz.signed + fi + %endif + if [ ! -s vmlinuz.signed ]; then echo "pesigning failed" exit 1 fi - mv vmlinuz.signed $KernelImage + mv vmlinuz.signed $SignImage + if [ "$KernelExtension" == "gz" ]; then + gzip -f9 $SignImage + fi %endif $CopyKernel $KernelImage \ $RPM_BUILD_ROOT/%{image_install_path}/$InstallName-$KernelVer @@ -1609,6 +1648,23 @@ BuildKernel() { # build a BLS config for this kernel %{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}"
+%if 0 + # Red Hat UEFI Secure Boot CA cert, which can be used to authenticate the kernel + mkdir -p $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer + install -m 0644 %{secureboot_ca} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer + %ifarch s390x ppc64le + if [ $DoModules -eq 1 ]; then + if [ -x /usr/bin/rpm-sign ]; then + install -m 0644 %{secureboot_key} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename} + else + install -m 0644 certs/signing_key.x509.sign${Flav} $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/kernel-signing-ca.cer + openssl x509 -in certs/signing_key.pem.sign${Flav} -outform der -out $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename} + chmod 0644 $RPM_BUILD_ROOT%{_datadir}/doc/kernel-keys/$KernelVer/%{signing_key_filename} + fi + fi + %endif +%endif + %if %{with_ipaclones} MAXPROCS=$(echo %{?_smp_mflags} | sed -n 's/-j\s*([0-9]+)/\1/p') if [ -z "$MAXPROCS" ]; then
commit 8044841427b22ab04ec6dd8781fbe4be2be411df Author: Laura Abbott labbott@redhat.com Date: Tue Oct 22 10:45:16 2019 -0400
Add some weak-updates
Fedora doesn't use this at the moment but we might want it later. Add support for weak module updates. This should have no affect.
diff --git a/kernel.spec b/kernel.spec index 9ad9579..fd3382c 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1374,6 +1374,7 @@ BuildKernel() { # dirs for additional modules per module-init-tools, kbuild/modules.txt mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/extra mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/updates + mkdir -p $RPM_BUILD_ROOT/lib/modules/$KernelVer/weak-updates # first copy everything cp --parents `find -type f -name "Makefile*" -o -name "Kconfig*"` $RPM_BUILD_ROOT/lib/modules/$KernelVer/build cp Module.symvers $RPM_BUILD_ROOT/lib/modules/$KernelVer/build @@ -1887,6 +1888,10 @@ fi\ # %define kernel_variant_posttrans() \ %{expand:%%posttrans %{?1:%{1}-}core}\ +if [ -x %{_sbindir}/weak-modules ]\ +then\ + %{_sbindir}/weak-modules --add-kernel %{KVERREL}%{?1:+%{1}} || exit $?\ +fi\ /bin/kernel-install add %{KVERREL}%{?1:+%{1}} /lib/modules/%{KVERREL}%{?1:+%{1}}/vmlinuz || exit $?\ %{nil}
@@ -1915,6 +1920,10 @@ fi}\ %define kernel_variant_preun() \ %{expand:%%preun %{?1:%{1}-}core}\ /bin/kernel-install remove %{KVERREL}%{?1:+%{1}} /lib/modules/%{KVERREL}%{?1:+%{1}}/vmlinuz || exit $?\ +if [ -x %{_sbindir}/weak-modules ]\ +then\ + %{_sbindir}/weak-modules --remove-kernel %{KVERREL}%{?1:+%{1}} || exit $?\ +fi\ %{nil}
%kernel_variant_preun @@ -2005,6 +2014,7 @@ fi /lib/modules/%{KVERREL}%{?3:+%{3}}/source\ /lib/modules/%{KVERREL}%{?3:+%{3}}/updates\ /lib/modules/%{KVERREL}%{?3:+%{3}}/bls.conf\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/weak-updates\ %if %{1}\ /lib/modules/%{KVERREL}%{?3:+%{3}}/vdso\ %endif\
commit c68fd73909c5522f3d58a8267c4a0e50b3d88a5a Author: Laura Abbott labbott@redhat.com Date: Mon Oct 21 15:27:30 2019 -0400
Add support for building ipaclones
While Fedora doesn't officially support kpatch, there's work being done to enable kpatch elsewhere. Add the packaging work but don't actually build anything.
diff --git a/kernel.spec b/kernel.spec index 47fdd82..9ad9579 100644 --- a/kernel.spec +++ b/kernel.spec @@ -133,6 +133,11 @@ Summary: The Linux kernel # gcov support %define with_gcov %{?_with_gcov: 1} %{?!_with_gcov: 0}
+# +# ipa_clone support +%define with_ipaclones %{?_without_ipaclones: 0} %{?!_without_ipaclones: 1} + + # Set debugbuildsenabled to 1 for production (build separate debug kernels) # and 0 for rawhide (all kernels are debug kernels). # See also 'make debug' and 'make release'. @@ -144,6 +149,8 @@ Summary: The Linux kernel %define with_cross_headers 0 # no selftests for now %define with_selftests 0 +# no ipa_clone for now +%define with_ipaclones 0 %endif
%if %{with_verbose} @@ -189,6 +196,16 @@ Summary: The Linux kernel %define with_kabidwchk 0 %endif
+# kpatch_kcflags are extra compiler flags applied to base kernel +# -fdump-ipa-clones is enabled only for base kernels on selected arches +%if %{with_ipaclones} +%ifarch x86_64 ppc64le +%define kpatch_kcflags -fdump-ipa-clones +%else +%define with_ipaclones 0 +%endif +%endif + %define make_target bzImage %define image_install_path boot
@@ -751,6 +768,18 @@ against the %{?2:%{2} }kernel package.\ %{nil}
# +# kernel-<variant>-ipaclones-internal package +# +%define kernel_ipaclones_package() \ +%package %{?1:%{1}-}ipaclones-internal\ +Summary: *.ipa-clones files generated by -fdump-ipa-clones for kernel%{?1:-%{1}}\ +Group: System Environment/Kernel\ +AutoReqProv: no\ +%description %{?1:%{1}-}ipaclones-internal\ +This package provides *.ipa-clones files.\ +%{nil} + +# # This macro creates a kernel-<subpackage>-modules-extra package. # %%kernel_modules_extra_package <subpackage> <pretty-name> # @@ -858,6 +887,10 @@ Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc.
+%if %{with_ipaclones} +%kernel_ipaclones_package +%endif + %prep # do a few sanity-checks for --with *only builds %if %{with_baseonly} @@ -1574,6 +1607,18 @@ BuildKernel() {
# build a BLS config for this kernel %{SOURCE43} "$KernelVer" "$RPM_BUILD_ROOT" "%{?variant}" + +%if %{with_ipaclones} + MAXPROCS=$(echo %{?_smp_mflags} | sed -n 's/-j\s*([0-9]+)/\1/p') + if [ -z "$MAXPROCS" ]; then + MAXPROCS=1 + fi + if [ "$Flavour" == "" ]; then + mkdir -p $RPM_BUILD_ROOT/$DevelDir-ipaclones + find . -name '*.ipa-clones' | xargs -i{} -r -n 1 -P $MAXPROCS install -m 644 -D "{}" "$RPM_BUILD_ROOT/$DevelDir-ipaclones/{}" + fi +%endif + }
### @@ -1985,6 +2030,19 @@ fi %kernel_variant_files %{_use_vdso} %{with_debug} debug %kernel_variant_files %{use_vdso} %{with_pae} lpae
+%define kernel_variant_ipaclones(k:) \ +%if %{1}\ +%if %{with_ipaclones}\ +%{expand:%%files %{?2:%{2}-}ipaclones-internal}\ +%defattr(-,root,root)\ +%defverify(not mtime)\ +/usr/src/kernels/%{KVERREL}%{?2:+%{2}}-ipaclones\ +%endif\ +%endif\ +%{nil} + +%kernel_variant_ipaclones %{with_up} + # plz don't put in a version string unless you're going to tag # and build. #
commit 1d23fdad0ff58ca20761935b5c27ce9590cd7857 Author: Laura Abbott labbott@redhat.com Date: Mon Oct 21 14:04:18 2019 -0400
Package selftests
It can be useful to have some of the selftests built for future testing. Package them up but don't build quite yet.
diff --git a/kernel.spec b/kernel.spec index 74f0aaf..47fdd82 100644 --- a/kernel.spec +++ b/kernel.spec @@ -106,6 +106,8 @@ Summary: The Linux kernel %define with_debuginfo %{?_without_debuginfo: 0} %{?!_without_debuginfo: 1} # Want to build a the vsdo directories installed %define with_vdso_install %{?_without_vdso_install: 0} %{?!_without_vdso_install: 1} +# internal samples and selftests +%define with_selftests %{?_without_selftests: 0} %{?!_without_selftests: 1} # # Additional options for user-friendly one-off kernel building: # @@ -136,10 +138,12 @@ Summary: The Linux kernel # See also 'make debug' and 'make release'. %define debugbuildsenabled 1
-# Kernel headers are being split out into a separate package %if 0%{?fedora} +# Kernel headers are being split out into a separate package %define with_headers 0 %define with_cross_headers 0 +# no selftests for now +%define with_selftests 0 %endif
%if %{with_verbose} @@ -266,6 +270,8 @@ Summary: The Linux kernel %define with_up 0 %define with_headers 0 %define with_cross_headers 0 +%define with_selftests 0 +%define with_debug 0 %define all_arch_configs kernel-%{version}-*.config %endif
@@ -322,6 +328,8 @@ Summary: The Linux kernel %define with_headers 0 %define with_cross_headers 0 %endif +# These currently don't compile on armv7 +%define with_selftests 0 %endif
%ifarch aarch64 @@ -353,9 +361,10 @@ Summary: The Linux kernel
%ifarch %nobuildarches %define with_up 0 -%define with_pae 0 -%define with_debuginfo 0 %define with_debug 0 +%define with_debuginfo 0 +%define with_selftests 0 +%define with_pae 0 %define _enable_debug_packages 0 %endif
@@ -418,6 +427,17 @@ BuildRequires: xmlto, asciidoc, python3-sphinx %if %{with_sparse} BuildRequires: sparse %endif +%if %{with_selftests} +%if 0%{?fedora} +BuildRequires: clang llvm +%else +BuildRequires: llvm-toolset +%endif +%ifnarch %{arm} +BuildRequires: numactl-devel +%endif +BuildRequires: libcap-devel libcap-ng-devel rsync +%endif BuildConflicts: rhbuildsys(DiskFree) < 500Mb %if %{with_debuginfo} BuildRequires: rpm-build, elfutils @@ -668,6 +688,24 @@ Provides: installonlypkg(kernel) This package is required by %{name}-debuginfo subpackages. It provides the kernel source files common to all builds.
+%if %{with_selftests} + +%package selftests-internal +Summary: Kernel samples and selftests +License: GPLv2 +Requires: binutils, bpftool, iproute-tc, nmap-ncat +Requires: kernel-modules-internal = %{version}-%{release} +%description selftests-internal +Kernel sample programs and selftests. + +# Note that this pattern only works right to match the .build-id +# symlinks because of the trailing nonmatching alternation and +# the leading .*, because of find-debuginfo.sh's buggy handling +# of matching the pattern against the symlinks file. +%{expand:%%global _find_debuginfo_opts %{?_find_debuginfo_opts} -p '.*%%{_libexecdir}/(ksamples|kselftests)/.*|XXX' -o selftests-debuginfo.list} + +%endif # with_selftests + %if %{with_gcov} %package gcov Summary: gcov graph and source files for coverage data collection. @@ -1562,6 +1600,15 @@ BuildKernel %make_target %kernel_image %{use_vdso} lpae BuildKernel %make_target %kernel_image %{_use_vdso} %endif
+%if %{with_selftests} +%{make} -s ARCH=$Arch V=1 samples/bpf/ +pushd tools/testing/selftests +# We need to install here because we need to call make with ARCH set which +# doesn't seem possible to do in the install section. +%{make} -s ARCH=$Arch V=1 TARGETS="bpf livepatch net" INSTALL_PATH=%{buildroot}%{_libexecdir}/kselftests install +popd +%endif + %if %{with_doc} # Make the HTML pages. make htmldocs || %{doc_build_fail} @@ -1615,6 +1662,16 @@ find Documentation -type d | xargs chmod u+w
%endif
+# We don't want to package debuginfo for self-tests and samples but +# we have to delete them to avoid an error messages about unpackaged +# files. +%define __remove_unwanted_dbginfo_install_post \ + if [ "%{with_selftests}" -ne "0" ]; then \ + rm -rf $RPM_BUILD_ROOT/usr/lib/debug/usr/libexec/ksamples; \ + rm -rf $RPM_BUILD_ROOT/usr/lib/debug/usr/libexec/kselftests; \ + fi \ +%{nil} + # # Disgusting hack alert! We need to ensure we sign modules *after* all # invocations of strip occur, which is in __debug_install_post if @@ -1624,6 +1681,7 @@ find Documentation -type d | xargs chmod u+w %{?__debug_package:%{__debug_install_post}}\ %{__arch_install_post}\ %{__os_install_post}\ + %{__remove_unwanted_dbginfo_install_post}\ %{__modsign_install_post}
### @@ -1679,6 +1737,52 @@ done rm -rf $RPM_BUILD_ROOT/usr/tmp-headers %endif
+%if %{with_selftests} +pushd samples +install -d %{buildroot}%{_libexecdir}/ksamples +# install bpf samples +pushd bpf +install -d %{buildroot}%{_libexecdir}/ksamples/bpf +find -type f -executable -exec install -m755 {} %{buildroot}%{_libexecdir}/ksamples/bpf ; +install -m755 *.sh %{buildroot}%{_libexecdir}/ksamples/bpf +# test_lwt_bpf.sh compiles test_lwt_bpf.c when run; this works only from the +# kernel tree. Just remove it. +rm %{buildroot}%{_libexecdir}/ksamples/bpf/test_lwt_bpf.sh +install -m644 tcp_bpf.readme %{buildroot}%{_libexecdir}/ksamples/bpf +popd +# install pktgen samples +pushd pktgen +install -d %{buildroot}%{_libexecdir}/ksamples/pktgen +find . -type f -executable -exec install -m755 {} %{buildroot}%{_libexecdir}/ksamples/pktgen/{} ; +find . -type f ! -executable -exec install -m644 {} %{buildroot}%{_libexecdir}/ksamples/pktgen/{} ; +popd +popd +# install drivers/net/mlxsw selftests +pushd tools/testing/selftests/drivers/net/mlxsw +find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/drivers/net/mlxsw/{} ; +find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/drivers/net/mlxsw/{} ; +find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/drivers/net/mlxsw/{} ; +popd +# install net/forwarding selftests +pushd tools/testing/selftests/net/forwarding +find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/net/forwarding/{} ; +find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/net/forwarding/{} ; +find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/net/forwarding/{} ; +popd +# install tc-testing selftests +pushd tools/testing/selftests/tc-testing +find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/tc-testing/{} ; +find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/tc-testing/{} ; +find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/tc-testing/{} ; +popd +# install livepatch selftests +pushd tools/testing/selftests/livepatch +find -type d -exec install -d %{buildroot}%{_libexecdir}/kselftests/livepatch/{} ; +find -type f -executable -exec install -D -m755 {} %{buildroot}%{_libexecdir}/kselftests/livepatch/{} ; +find -type f ! -executable -exec install -D -m644 {} %{buildroot}%{_libexecdir}/kselftests/livepatch/{} ; +popd +%endif + ### ### clean ### @@ -1807,6 +1911,12 @@ fi %dir %{_datadir}/doc/kernel-doc-%{rpmversion} %endif
+%if %{with_selftests} +%files selftests-internal +%{_libexecdir}/ksamples +%{_libexecdir}/kselftests +%endif + # empty meta-package %files %if %{with_gcov}
arch-excludes@lists.fedoraproject.org