From 53a69b89877771a75b40dafe0d87ac897dd92b37 Mon Sep 17 00:00:00 2001 From: "Herton R. Krzesinski" Date: Tue, 14 Feb 2023 19:44:17 +0000 Subject: [PATCH] kernel-5.14.0-269.el9 * Tue Feb 14 2023 Herton R. Krzesinski [5.14.0-269.el9] - redhat: Add sub-RPM with a EFI unified kernel image for virtual machines (Vitaly Kuznetsov) [2142102] - redhat: split sub-rpm kernel-modules-core from kernel-core (Gerd Hoffmann) [2142102] Resolves: rhbz#2142102 Signed-off-by: Herton R. Krzesinski --- Makefile.rhelver | 2 +- dracut-virt.conf | 35 ++++++++++ kernel.spec | 166 +++++++++++++++++++++++++++++++++++++++++++++-- sources | 6 +- 4 files changed, 198 insertions(+), 11 deletions(-) create mode 100644 dracut-virt.conf diff --git a/Makefile.rhelver b/Makefile.rhelver index 47206b6..3e88e63 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 2 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 268 +RHEL_RELEASE = 269 # # ZSTREAM diff --git a/dracut-virt.conf b/dracut-virt.conf new file mode 100644 index 0000000..3724026 --- /dev/null +++ b/dracut-virt.conf @@ -0,0 +1,35 @@ +# generic + compressed please +hostonly="no" +compress="xz" + +# VMs can't update microcode anyway +early_microcode="no" + +# modules: basics +dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus dbus-broker usrmount shutdown " + +# modules: storage support +dracutmodules+=" dm lvm rootfs-block fs-lib " + +# modules: tpm and crypto +dracutmodules+=" crypt crypt-loop tpm2-tss " + +# drivers: virtual buses, pci +drivers+=" virtio-pci virtio-mmio " # qemu-kvm +drivers+=" hv-vmbus pci-hyperv " # hyperv +drivers+=" xen-pcifront " # xen + +# drivers: storage +drivers+=" ahci nvme sd_mod sr_mod " # generic +drivers+=" virtio-blk virtio-scsi " # qemu-kvm +drivers+=" hv-storvsc " # hyperv +drivers+=" xen-blkfront " # xen + +# root encryption +drivers+=" dm_crypt " + +# filesystems +filesystems+=" vfat ext4 xfs overlay " + +# systemd-pcrphase +install_items+=" /lib/systemd/system/systemd-pcrphase-initrd.service /usr/lib/systemd/systemd-pcrphase /usr/lib/systemd/system/initrd.target.wants/systemd-pcrphase-initrd.service " diff --git a/kernel.spec b/kernel.spec index 2e2fff4..1242ead 100755 --- a/kernel.spec +++ b/kernel.spec @@ -112,6 +112,12 @@ Summary: The Linux kernel %global zipmodules 1 %endif +%ifarch x86_64 +%global efiuki 1 +%else +%global efiuki 0 +%endif + %if %{zipmodules} %global zipsed -e 's/\.ko$/\.ko.xz/' # for parallel xz processes, replace with 1 to go back to single process @@ -143,15 +149,15 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 268 +%define pkgrelease 269 %define kversion 5 -%define tarfile_release 5.14.0-268.el9 +%define tarfile_release 5.14.0-269.el9 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 268%{?buildid}%{?dist} +%define specrelease 269%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 5.14.0-268.el9 +%define kabiversion 5.14.0-269.el9 # # End of genspec.sh variables @@ -592,6 +598,7 @@ ExclusiveOS: Linux %ifnarch %{nobuildarches} Requires: kernel-core-uname-r = %{KVERREL} Requires: kernel-modules-uname-r = %{KVERREL} +Requires: kernel-modules-core-uname-r = %{KVERREL} %endif @@ -722,6 +729,21 @@ BuildRequires: llvm BuildRequires: lld %endif +%if %{efiuki} +BuildRequires: dracut +# For dracut UEFI uki binaries +BuildRequires: binutils +# For the initrd +BuildRequires: lvm2 +%if 0%{?fedora} > 37 +BuildRequires: systemd-boot-unsigned +%endif +# For systemd-stub and systemd-pcrphase +BuildRequires: systemd-udev >= 252-1 +# For TPM operations in UKI initramfs +BuildRequires: tpm2-tools +%endif + # Because this is the kernel, it's hard to get a single upstream URL # to represent the base without needing to do a bunch of patching. This # tarball is generated from a src-git tree. If you want to see the @@ -832,6 +854,8 @@ Source84: mod-internal.list Source100: rheldup3.x509 Source101: rhelkpatch1.x509 +Source150: dracut-virt.conf + Source200: check-kabi Source201: Module.kabi_aarch64 @@ -892,6 +916,7 @@ Provides: kernel = %{specversion}-%{pkg_release}\ %endif\ Provides: kernel-%{_target_cpu} = %{specversion}-%{pkg_release}%{uname_suffix %{?1:%{1}}}\ Provides: kernel-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ +Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ Requires(pre): %{kernel_prereq}\ Requires(pre): %{initrd_prereq}\ Requires(pre): ((linux-firmware >= 20150904-56.git6ebf5d57) if linux-firmware)\ @@ -1226,6 +1251,7 @@ Provides: installonlypkg(kernel-module)\ Provides: kernel%{?1:-%{1}}-modules-internal-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ Requires: kernel-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ +Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ AutoReq: no\ AutoProv: yes\ %description %{?1:%{1}-}modules-internal\ @@ -1246,6 +1272,7 @@ Provides: installonlypkg(kernel-module)\ Provides: kernel%{?1:-%{1}}-modules-extra-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ Requires: kernel-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ +Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ %if %{-m:1}%{!-m:0}\ Requires: kernel-modules-extra-uname-r = %{KVERREL}%{uname_variant %{?1:%{1}}}\ %endif\ @@ -1268,6 +1295,7 @@ Provides: kernel-modules = %{version}-%{release}%{uname_suffix %{?1:%{1}}}\ Provides: installonlypkg(kernel-module)\ Provides: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ Requires: kernel-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ +Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ %if %{-m:1}%{!-m:0}\ Requires: kernel-modules-uname-r = %{KVERREL}%{uname_variant %{?1:%{1}}}\ %endif\ @@ -1277,6 +1305,28 @@ AutoProv: yes\ This package provides commonly used kernel modules for the %{?2:%{2}-}core kernel package.\ %{nil} +# +# This macro creates a kernel--modules-core package. +# %%kernel_modules_core_package [-m] +# +%define kernel_modules_core_package(m) \ +%package %{?1:%{1}-}modules-core\ +Summary: Core kernel modules to match the %{?2:%{2}-}core kernel\ +Provides: kernel%{?1:-%{1}}-modules-core-%{_target_cpu} = %{version}-%{release}\ +Provides: kernel-modules-core-%{_target_cpu} = %{version}-%{release}%{uname_suffix %{?1:%{1}}}\ +Provides: kernel-modules-core = %{version}-%{release}%{uname_suffix %{?1:%{1}}}\ +Provides: installonlypkg(kernel-module)\ +Provides: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ +Requires: kernel-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ +%if %{-m:1}%{!-m:0}\ +Requires: kernel-modules-core-uname-r = %{KVERREL}%{uname_variant %{?1:%{1}}}\ +%endif\ +AutoReq: no\ +AutoProv: yes\ +%description %{?1:%{1}-}modules-core\ +This package provides essential kernel modules for the %{?2:%{2}-}core kernel package.\ +%{nil} + # # this macro creates a kernel- meta package. # %%kernel_meta_package @@ -1286,6 +1336,7 @@ This package provides commonly used kernel modules for the %{?2:%{2}-}core kerne summary: kernel meta-package for the %{1} kernel\ Requires: kernel-%{1}-core-uname-r = %{KVERREL}%{uname_suffix %{1}}\ Requires: kernel-%{1}-modules-uname-r = %{KVERREL}%{uname_suffix %{1}}\ +Requires: kernel-%{1}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{1}}\ Provides: installonlypkg(kernel)\ %description %{1}\ The meta-package for the %{1} kernel\ @@ -1303,6 +1354,7 @@ Provides: kernel-%{?1:%{1}-}core-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ Provides: installonlypkg(kernel)\ %if %{-m:1}%{!-m:0}\ Requires: kernel-core-uname-r = %{KVERREL}%{uname_variant %{?1:%{1}}}\ +Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{uname_variant %{?1:%{1}}}\ %endif\ %{expand:%%kernel_reqprovconf %{?1:%{1}} %{-o:%{-o}}}\ %if %{?1:1} %{!?1:0} \ @@ -1311,11 +1363,19 @@ Requires: kernel-core-uname-r = %{KVERREL}%{uname_variant %{?1:%{1}}}\ %{expand:%%kernel_devel_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\ %{expand:%%kernel_devel_matched_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\ %{expand:%%kernel_modules_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\ +%{expand:%%kernel_modules_core_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\ %{expand:%%kernel_modules_extra_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\ %if %{-m:0}%{!-m:1}\ %{expand:%%kernel_modules_internal_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\ %{expand:%%kernel_debuginfo_package %{?1:%{1}}}\ %endif\ +%if %{efiuki}\ +%package %{?1:%{1}-}uki-virt\ +Summary: %{variant_summary} unified kernel image for virtual machines\ +Provides: installonlypkg(kernel)\ +Provides: kernel-%{?1:%{1}-}uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ +Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ +%endif\ %{nil} # Now, each variant package. @@ -1385,6 +1445,14 @@ Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. +%if %{efiuki} +%description debug-uki-virt +Prebuilt debug unified kernel image for virtual machines. + +%description uki-virt +Prebuilt default unified kernel image for virtual machines. +%endif + %if %{with_ipaclones} %kernel_ipaclones_package %endif @@ -2151,6 +2219,42 @@ BuildKernel() { touch lib/modules/$KernelVer/modules.builtin fi +%if %{efiuki} + popd + + KernelUnifiedImageDir="$RPM_BUILD_ROOT/lib/modules/$KernelVer" + KernelUnifiedImage="$KernelUnifiedImageDir/$InstallName-virt.efi" + + mkdir -p $KernelUnifiedImageDir + + dracut --conf=%{SOURCE150} \ + --confdir=$(mktemp -d) \ + --verbose \ + --kver "$KernelVer" \ + --kmoddir "$RPM_BUILD_ROOT/lib/modules/$KernelVer/" \ + --logfile=$(mktemp) \ + --uefi \ + --kernel-image $(realpath $KernelImage) \ + --kernel-cmdline 'console=tty0 console=ttyS0' \ + $KernelUnifiedImage + +%if %{signkernel} + + %pesign -s -i $KernelUnifiedImage -o $KernelUnifiedImage.signed -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0} + if [ ! -s $KernelUnifiedImage.signed ]; then + echo "pesigning failed" + exit 1 + fi + mv $KernelUnifiedImage.signed $KernelUnifiedImage + +# signkernel +%endif + + pushd $RPM_BUILD_ROOT + +# efiuki +%endif + remove_depmod_files # Go back and find all of the various directories in the tree. We use this @@ -2173,8 +2277,8 @@ BuildKernel() { # Make sure the files lists start with absolute paths or rpmbuild fails. # Also add in the dir entries sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/k-d.list > ../kernel${Variant:+-${Variant}}-modules.list - sed -e 's/^lib*/%dir \/lib/' %{?zipsed} $RPM_BUILD_ROOT/module-dirs.list > ../kernel${Variant:+-${Variant}}-core.list - sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/modules.list >> ../kernel${Variant:+-${Variant}}-core.list + sed -e 's/^lib*/%dir \/lib/' %{?zipsed} $RPM_BUILD_ROOT/module-dirs.list > ../kernel${Variant:+-${Variant}}-modules-core.list + sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/modules.list >> ../kernel${Variant:+-${Variant}}-modules-core.list sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/mod-extra.list >> ../kernel${Variant:+-${Variant}}-modules-extra.list sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/mod-internal.list >> ../kernel${Variant:+-${Variant}}-modules-internal.list @@ -2848,6 +2952,21 @@ if [ -f %{_localstatedir}/lib/rpm-state/%{name}/need_to_run_dracut_%{KVERREL}%{? fi\ %{nil} +# +# This macro defines a %%post script for a kernel*-modules-core package. +# It also defines a %%postun script that does the same thing. +# %%kernel_modules_core_post [] +# +# FIXME: /bin/kernel-install can't handle UKIs (yet), so cleanup depmod files in %postun for now. +# +%define kernel_modules_core_post() \ +%{expand:%%posttrans %{?1:%{1}-}modules-core}\ +/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\ +%{nil}\ +%{expand:%%postun %{?1:%{1}-}modules-core}\ +rm -f /lib/modules/%{KVERREL}%{?1:+%{1}}/modules.*\ +%{nil} + # This macro defines a %%posttrans script for a kernel package. # %%kernel_variant_posttrans [] # More text can follow to go at the end of this variant's %%post. @@ -2876,6 +2995,7 @@ fi\ %define kernel_variant_post(v:r:) \ %{expand:%%kernel_devel_post %{?-v*}}\ %{expand:%%kernel_modules_post %{?-v*}}\ +%{expand:%%kernel_modules_core_post %{?-v*}}\ %{expand:%%kernel_modules_extra_post %{?-v*}}\ %{expand:%%kernel_modules_internal_post %{?-v*}}\ %{expand:%%kernel_variant_posttrans %{?-v*}}\ @@ -2889,6 +3009,20 @@ mkdir -p %{_localstatedir}/lib/rpm-state/%{name}\ touch %{_localstatedir}/lib/rpm-state/%{name}/installing_core_%{KVERREL}%{?-v:+%{-v*}}\ %{nil} +# +# This macro defines scripts for a kernel*-uki-virt package +# +# FIXME: /bin/kernel-install can't handle UKIs (yet), so just cp/rm as temporary stop-gap +# +%define kernel_uki_virt_scripts() \ +%{expand:%%posttrans %{?1:%{1}-}uki-virt}\ +mkdir -p /boot/efi/EFI/Linux\ +cp /lib/modules/%{KVERREL}%{?1:+%{1}}/vmlinuz-virt.efi /boot/efi/EFI/Linux/vmlinuz-%{KVERREL}%{?1:+%{1}}-virt.efi\ +%{nil}\ +%{expand:%%postun %{?1:%{1}-}uki-virt}\ +rm -f /boot/efi/EFI/Linux/vmlinuz-%{KVERREL}%{?1:+%{1}}-virt.efi\ +%{nil} + # # This macro defines a %%preun script for a kernel package. # %%kernel_variant_preun @@ -2902,6 +3036,10 @@ then\ fi\ %{nil} +%if %{efiuki} +%kernel_uki_virt_scripts +%endif + %kernel_variant_preun %kernel_variant_post -r kernel-smp @@ -2926,6 +3064,9 @@ fi\ %endif %if %{with_debug} +%if %{efiuki} +%kernel_uki_virt_scripts debug +%endif %kernel_variant_preun debug %kernel_variant_post -v debug %endif @@ -3115,7 +3256,7 @@ fi # %define kernel_variant_files(k:) \ %if %{2}\ -%{expand:%%files -f kernel-%{?3:%{3}-}core.list %{?1:-f kernel-%{?3:%{3}-}ldsoconf.list} %{?3:%{3}-}core}\ +%{expand:%%files %{?1:-f kernel-%{?3:%{3}-}ldsoconf.list} %{?3:%{3}-}core}\ %{!?_licensedir:%global license %%doc}\ %license linux-%{KVERREL}/COPYING-%{version}-%{release}\ /lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}\ @@ -3133,6 +3274,7 @@ fi %ghost %attr(0600, root, root) /boot/symvers-%{KVERREL}%{?3:+%{3}}.gz\ %ghost %attr(0600, root, root) /boot/initramfs-%{KVERREL}%{?3:+%{3}}.img\ %ghost %attr(0644, root, root) /boot/config-%{KVERREL}%{?3:+%{3}}\ +%{expand:%%files -f kernel-%{?3:%{3}-}modules-core.list %{?3:%{3}-}modules-core}\ %dir /lib/modules\ %dir /lib/modules/%{KVERREL}%{?3:+%{3}}\ %dir /lib/modules/%{KVERREL}%{?3:+%{3}}/kernel\ @@ -3159,6 +3301,11 @@ fi %{expand:%%files -f debuginfo%{?3}.list %{?3:%{3}-}debuginfo}\ %endif\ %endif\ +%if %{efiuki}\ +%{expand:%%files %{?3:%{3}-}uki-virt}\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi\ +%ghost /%{image_install_path}/efi/EFI/Linux/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?3:+%{3}}-virt.efi\ +%endif\ %if %{?3:1} %{!?3:0}\ %{expand:%%files %{3}}\ %endif\ @@ -3176,6 +3323,7 @@ fi %files debug-devel %files debug-devel-matched %files debug-modules +%files debug-modules-core %files debug-modules-extra %if %{with_arm64_64k} %files 64k-debug @@ -3208,6 +3356,10 @@ fi # # %changelog +* Tue Feb 14 2023 Herton R. Krzesinski [5.14.0-269.el9] +- redhat: Add sub-RPM with a EFI unified kernel image for virtual machines (Vitaly Kuznetsov) [2142102] +- redhat: split sub-rpm kernel-modules-core from kernel-core (Gerd Hoffmann) [2142102] + * Tue Feb 14 2023 Herton R. Krzesinski [5.14.0-268.el9] - drm/i915/fbdev: do not create fbdev if HPD is suspended (Karol Herbst) [2156007] - drm/i915/fbdev: suspend HPD before fbdev unregistration (Karol Herbst) [2156007] diff --git a/sources b/sources index 1c79e97..97e0e4e 100644 --- a/sources +++ b/sources @@ -1,3 +1,3 @@ -SHA512 (linux-5.14.0-268.el9.tar.xz) = cda431d51fdfe709007a89fbb6754e60b2b94b4e78393488862b2b54130da04d0a8f6b4e1f3b72a1ed51b8013410dbff2ba54fbedca0686271d2c8460963ef38 -SHA512 (kernel-abi-stablelists-5.14.0-268.el9.tar.bz2) = 957ba136ef5471407365c47274cc3ca1d248bd556b982ad54684c79fa4ef8d5b9a9562d11fdc31c91c3e21ef8c8a3793916f34de6842020a30dce91cea522ab7 -SHA512 (kernel-kabi-dw-5.14.0-268.el9.tar.bz2) = 9e04e60ad97e383cd54a33c6fe25253bce5d7ab7945e86e919d1dcd0f1489d6a868f0d466b57a1bb1d017c1458d0cd65cbd087961cf826f30ea095b7fffe12a9 +SHA512 (linux-5.14.0-269.el9.tar.xz) = 9b3c75413839484caaf271c3d79edee8e4bf56aa6fc936cf3e61441888d4766b03a9ce4703f2377d43000cbad116fec08141b7a4725a9414631280bbf5259f4c +SHA512 (kernel-abi-stablelists-5.14.0-269.el9.tar.bz2) = fc3d73e7cdd9c9087d2f3c29c88bce3c6cd88aa0793a189cbd7d395181a2446fc0ac0da10317492f57e584a07d144efe2d6f0bb4c3950f6c24fd75ad1caf1765 +SHA512 (kernel-kabi-dw-5.14.0-269.el9.tar.bz2) = 3dd4b1078d3baa4696c1cc7e253220cf8d9b531c11dff6ac7f5b9fc0147e230f03b0bc73c8f6128150b103610fdaafa0b4fe0a5e67ecf5878f6027c8a5a73ae1