diff --git a/Makefile.rhelver b/Makefile.rhelver index 460d674..0662134 100644 --- a/Makefile.rhelver +++ b/Makefile.rhelver @@ -12,7 +12,7 @@ RHEL_MINOR = 2 # # Use this spot to avoid future merge conflicts. # Do not trim this comment. -RHEL_RELEASE = 268 +RHEL_RELEASE = 269 # # ZSTREAM @@ -66,4 +66,4 @@ ifneq ("$(ZSTREAM)", "yes") endif endif -RTBUILD:=.268 +RTBUILD:=.269 diff --git a/dracut-virt.conf b/dracut-virt.conf new file mode 100644 index 0000000..3724026 --- /dev/null +++ b/dracut-virt.conf @@ -0,0 +1,35 @@ +# generic + compressed please +hostonly="no" +compress="xz" + +# VMs can't update microcode anyway +early_microcode="no" + +# modules: basics +dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus dbus-broker usrmount shutdown " + +# modules: storage support +dracutmodules+=" dm lvm rootfs-block fs-lib " + +# modules: tpm and crypto +dracutmodules+=" crypt crypt-loop tpm2-tss " + +# drivers: virtual buses, pci +drivers+=" virtio-pci virtio-mmio " # qemu-kvm +drivers+=" hv-vmbus pci-hyperv " # hyperv +drivers+=" xen-pcifront " # xen + +# drivers: storage +drivers+=" ahci nvme sd_mod sr_mod " # generic +drivers+=" virtio-blk virtio-scsi " # qemu-kvm +drivers+=" hv-storvsc " # hyperv +drivers+=" xen-blkfront " # xen + +# root encryption +drivers+=" dm_crypt " + +# filesystems +filesystems+=" vfat ext4 xfs overlay " + +# systemd-pcrphase +install_items+=" /lib/systemd/system/systemd-pcrphase-initrd.service /usr/lib/systemd/systemd-pcrphase /usr/lib/systemd/system/initrd.target.wants/systemd-pcrphase-initrd.service " diff --git a/kernel.spec b/kernel.spec index 3c4f37f..3f543a8 100755 --- a/kernel.spec +++ b/kernel.spec @@ -98,6 +98,12 @@ Summary: The Linux kernel %global zipmodules 1 %endif +%ifarch x86_64 +%global efiuki 1 +%else +%global efiuki 0 +%endif + %if %{zipmodules} %global zipsed -e 's/\.ko$/\.ko.xz/' # for parallel xz processes, replace with 1 to go back to single process @@ -129,15 +135,15 @@ Summary: The Linux kernel # define buildid .local %define specversion 5.14.0 %define patchversion 5.14 -%define pkgrelease 268.rt14.268 +%define pkgrelease 269.rt14.269 %define kversion 5 -%define tarfile_release 5.14.0-268.rt14.268.el9 +%define tarfile_release 5.14.0-269.rt14.269.el9 # This is needed to do merge window version magic %define patchlevel 14 # This allows pkg_release to have configurable %%{?dist} tag -%define specrelease 268.rt14.268%{?buildid}%{?dist} +%define specrelease 269.rt14.269%{?buildid}%{?dist} # This defines the kabi tarball version -%define kabiversion 5.14.0-268.rt14.268.el9 +%define kabiversion 5.14.0-269.rt14.269.el9 # # End of genspec.sh variables @@ -300,6 +306,7 @@ Summary: The Linux kernel #global rttag %%RTTAG%% # realtimeN %define with_arm64_64k 0 +%global efiuki 0 %define with_doc 0 %define with_headers 0 %define with_cross_headers 0 @@ -603,6 +610,7 @@ ExclusiveOS: Linux %ifnarch %{nobuildarches} Requires: %{name}-core-uname-r = %{KVERREL} Requires: %{name}-modules-uname-r = %{KVERREL} +Requires: %{name}-modules-core-uname-r = %{KVERREL} %if %{with_realtime} Requires: realtime-setup %endif @@ -736,6 +744,21 @@ BuildRequires: llvm BuildRequires: lld %endif +%if %{efiuki} +BuildRequires: dracut +# For dracut UEFI uki binaries +BuildRequires: binutils +# For the initrd +BuildRequires: lvm2 +%if 0%{?fedora} > 37 +BuildRequires: systemd-boot-unsigned +%endif +# For systemd-stub and systemd-pcrphase +BuildRequires: systemd-udev >= 252-1 +# For TPM operations in UKI initramfs +BuildRequires: tpm2-tools +%endif + # Because this is the kernel, it's hard to get a single upstream URL # to represent the base without needing to do a bunch of patching. This # tarball is generated from a src-git tree. If you want to see the @@ -850,6 +873,8 @@ Source84: mod-internal.list Source100: rheldup3.x509 Source101: rhelkpatch1.x509 +Source150: dracut-virt.conf + Source200: check-kabi %if !%{with_realtime} @@ -919,6 +944,7 @@ Provides: %{name}-%{_target_cpu} = %{specversion}-%{pkg_release}%{uname_suffix % Provides: %{name}-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ Provides: kernel-%{_target_cpu} = %{specversion}-%{pkg_release}%{uname_suffix %{?1:%{1}}}\ Provides: kernel-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ +Requires: %{name}%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ Requires(pre): %{kernel_prereq}\ Requires(pre): %{initrd_prereq}\ Requires(pre): ((linux-firmware >= 20150904-56.git6ebf5d57) if linux-firmware)\ @@ -1261,6 +1287,7 @@ Provides: installonlypkg(kernel-module)\ Provides: %{name}%{?1:-%{1}}-modules-internal-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ Requires: %{name}-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ +Requires: %{name}%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ AutoReq: no\ AutoProv: yes\ %description %{?1:%{1}-}modules-internal\ @@ -1281,6 +1308,7 @@ Provides: installonlypkg(kernel-module)\ Provides: %{name}%{?1:-%{1}}-modules-extra-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ Requires: %{name}-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ Requires: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ +Requires: %{name}%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ %if %{-m:1}%{!-m:0}\ Requires: %{name}-modules-extra-uname-r = %{KVERREL}\ %endif\ @@ -1303,6 +1331,7 @@ Provides: %{name}-modules = %{version}-%{release}%{uname_suffix %{?1:%{1}}}\ Provides: installonlypkg(kernel-module)\ Provides: %{name}%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ Requires: %{name}-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ +Requires: %{name}%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ %if %{-m:1}%{!-m:0}\ Requires: %{name}-modules-uname-r = %{KVERREL}\ %endif\ @@ -1312,6 +1341,28 @@ AutoProv: yes\ This package provides commonly used kernel modules for the %{?2:%{2}-}core kernel package.\ %{nil} +# +# This macro creates a kernel--modules-core package. +# %%kernel_modules_core_package [-m] +# +%define kernel_modules_core_package(m) \ +%package %{?1:%{1}-}modules-core\ +Summary: Core kernel modules to match the %{?2:%{2}-}core kernel\ +Provides: kernel%{?1:-%{1}}-modules-core-%{_target_cpu} = %{version}-%{release}\ +Provides: %{name}-modules-core-%{_target_cpu} = %{version}-%{release}%{uname_suffix %{?1:%{1}}}\ +Provides: %{name}-modules-core = %{version}-%{release}%{uname_suffix %{?1:%{1}}}\ +Provides: installonlypkg(kernel-module)\ +Provides: %{name}%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ +Requires: %{name}-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ +%if %{-m:1}%{!-m:0}\ +Requires: %{name}-modules-core-uname-r = %{KVERREL}%{uname_variant %{?1:%{1}}}\ +%endif\ +AutoReq: no\ +AutoProv: yes\ +%description %{?1:%{1}-}modules-core\ +This package provides essential kernel modules for the %{?2:%{2}-}core kernel package.\ +%{nil} + # # this macro creates a kernel- meta package. # %%kernel_meta_package @@ -1321,6 +1372,7 @@ This package provides commonly used kernel modules for the %{?2:%{2}-}core kerne summary: kernel meta-package for the %{1} kernel\ Requires: %{name}-%{1}-core-uname-r = %{KVERREL}+%{uname_suffix %{1}}\ Requires: %{name}-%{1}-modules-uname-r = %{KVERREL}+%{uname_suffix %{1}}\ +Requires: %{name}-%{1}-modules-core-uname-r = %{KVERREL}+%{uname_suffix %{1}}\ %if %{with_realtime}\ Requires: realtime-setup\ %endif\ @@ -1359,6 +1411,7 @@ Provides: %{name}-%{?1:%{1}-}core-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}} Provides: installonlypkg(kernel)\ %if %{-m:1}%{!-m:0}\ Requires: kernel-core-uname-r = %{KVERREL}\ +Requires: %{name}-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{uname_variant %{?1:%{1}}}\ %endif\ %{expand:%%kernel_reqprovconf %{?1:%{1}} %{-o:%{-o}}}\ %if %{?1:1} %{!?1:0} \ @@ -1367,6 +1420,7 @@ Requires: kernel-core-uname-r = %{KVERREL}\ %{expand:%%kernel_devel_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\ %{expand:%%kernel_devel_matched_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\ %{expand:%%kernel_modules_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\ +%{expand:%%kernel_modules_core_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\ %{expand:%%kernel_modules_extra_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\ %if %{-m:0}%{!-m:1}\ %{expand:%%kernel_modules_internal_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\ @@ -1375,6 +1429,13 @@ Requires: kernel-core-uname-r = %{KVERREL}\ %if %{with_realtime} \ %{expand:%%kernel_kvm_package %{?1:%{1}}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\ %endif \ +%if %{efiuki}\ +%package %{?1:%{1}-}uki-virt\ +Summary: %{variant_summary} unified kernel image for virtual machines\ +Provides: installonlypkg(kernel)\ +Provides: %{name}-%{?1:%{1}-}uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ +Requires: %{name}%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{uname_suffix %{?1:%{1}}}\ +%endif\ %{nil} # Now, each variant package. @@ -1440,6 +1501,14 @@ Linux operating system. The kernel handles the basic functions of the operating system: memory allocation, process allocation, device input and output, etc. +%if %{efiuki} +%description debug-uki-virt +Prebuilt debug unified kernel image for virtual machines. + +%description uki-virt +Prebuilt default unified kernel image for virtual machines. +%endif + %if %{with_ipaclones} %kernel_ipaclones_package %endif @@ -2226,6 +2295,42 @@ BuildKernel() { touch lib/modules/$KernelVer/modules.builtin fi +%if %{efiuki} + popd + + KernelUnifiedImageDir="$RPM_BUILD_ROOT/lib/modules/$KernelVer" + KernelUnifiedImage="$KernelUnifiedImageDir/$InstallName-virt.efi" + + mkdir -p $KernelUnifiedImageDir + + dracut --conf=%{SOURCE150} \ + --confdir=$(mktemp -d) \ + --verbose \ + --kver "$KernelVer" \ + --kmoddir "$RPM_BUILD_ROOT/lib/modules/$KernelVer/" \ + --logfile=$(mktemp) \ + --uefi \ + --kernel-image $(realpath $KernelImage) \ + --kernel-cmdline 'console=tty0 console=ttyS0' \ + $KernelUnifiedImage + +%if %{signkernel} + + %pesign -s -i $KernelUnifiedImage -o $KernelUnifiedImage.signed -a %{secureboot_ca_0} -c %{secureboot_key_0} -n %{pesign_name_0} + if [ ! -s $KernelUnifiedImage.signed ]; then + echo "pesigning failed" + exit 1 + fi + mv $KernelUnifiedImage.signed $KernelUnifiedImage + +# signkernel +%endif + + pushd $RPM_BUILD_ROOT + +# efiuki +%endif + remove_depmod_files # Go back and find all of the various directories in the tree. We use this @@ -2248,8 +2353,8 @@ BuildKernel() { # Make sure the files lists start with absolute paths or rpmbuild fails. # Also add in the dir entries sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/k-d.list > ../%{name}${Variant:+-${Variant}}-modules.list - sed -e 's/^lib*/%dir \/lib/' %{?zipsed} $RPM_BUILD_ROOT/module-dirs.list > ../%{name}${Variant:+-${Variant}}-core.list - sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/modules.list >> ../%{name}${Variant:+-${Variant}}-core.list + sed -e 's/^lib*/%dir \/lib/' %{?zipsed} $RPM_BUILD_ROOT/module-dirs.list > ../%{name}${Variant:+-${Variant}}-modules-core.list + sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/modules.list >> ../%{name}${Variant:+-${Variant}}-modules-core.list sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/mod-extra.list >> ../%{name}${Variant:+-${Variant}}-modules-extra.list sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/mod-internal.list >> ../%{name}${Variant:+-${Variant}}-modules-internal.list %if %{with_realtime} @@ -2947,6 +3052,21 @@ if [ -f %{_localstatedir}/lib/rpm-state/%{name}/need_to_run_dracut_%{KVERREL}%{? fi\ %{nil} +# +# This macro defines a %%post script for a kernel*-modules-core package. +# It also defines a %%postun script that does the same thing. +# %%kernel_modules_core_post [] +# +# FIXME: /bin/kernel-install can't handle UKIs (yet), so cleanup depmod files in %postun for now. +# +%define kernel_modules_core_post() \ +%{expand:%%posttrans %{?1:%{1}-}modules-core}\ +/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\ +%{nil}\ +%{expand:%%postun %{?1:%{1}-}modules-core}\ +rm -f /lib/modules/%{KVERREL}%{?1:+%{1}}/modules.*\ +%{nil} + # This macro defines a %%posttrans script for a kernel package. # %%kernel_variant_posttrans [] # More text can follow to go at the end of this variant's %%post. @@ -2977,6 +3097,7 @@ fi\ %define kernel_variant_post(v:r:) \ %{expand:%%kernel_devel_post %{?-v*}}\ %{expand:%%kernel_modules_post %{?-v*}}\ +%{expand:%%kernel_modules_core_post %{?-v*}}\ %{expand:%%kernel_modules_extra_post %{?-v*}}\ %{expand:%%kernel_modules_internal_post %{?-v*}}\ %{expand:%%kernel_variant_posttrans %{?-v*}}\ @@ -2990,6 +3111,20 @@ mkdir -p %{_localstatedir}/lib/rpm-state/%{name}\ touch %{_localstatedir}/lib/rpm-state/%{name}/installing_core_%{KVERREL}%{?-v:+%{-v*}}\ %{nil} +# +# This macro defines scripts for a kernel*-uki-virt package +# +# FIXME: /bin/kernel-install can't handle UKIs (yet), so just cp/rm as temporary stop-gap +# +%define kernel_uki_virt_scripts() \ +%{expand:%%posttrans %{?1:%{1}-}uki-virt}\ +mkdir -p /boot/efi/EFI/Linux\ +cp /lib/modules/%{KVERREL}%{?1:+%{1}}/vmlinuz-virt.efi /boot/efi/EFI/Linux/vmlinuz-%{KVERREL}%{?1:+%{1}}-virt.efi\ +%{nil}\ +%{expand:%%postun %{?1:%{1}-}uki-virt}\ +rm -f /boot/efi/EFI/Linux/vmlinuz-%{KVERREL}%{?1:+%{1}}-virt.efi\ +%{nil} + # # This macro defines a %%preun script for a kernel package. # %%kernel_variant_preun @@ -3005,6 +3140,10 @@ fi\ %endif\ %{nil} +%if %{efiuki} +%kernel_uki_virt_scripts +%endif + %kernel_variant_preun %kernel_variant_post -r kernel-smp %if %{with_realtime} @@ -3032,6 +3171,9 @@ fi\ %endif %if %{with_debug} +%if %{efiuki} +%kernel_uki_virt_scripts debug +%endif %kernel_variant_preun debug %kernel_variant_post -v debug %endif @@ -3223,7 +3365,7 @@ fi # %define kernel_variant_files(k:) \ %if %{2}\ -%{expand:%%files -f %{name}-%{?3:%{3}-}core.list %{?1:-f %{name}-%{?3:%{3}-}ldsoconf.list} %{?3:%{3}-}core}\ +%{expand:%%files %{?1:-f %{name}-%{?3:%{3}-}ldsoconf.list} %{?3:%{3}-}core}\ %{!?_licensedir:%global license %%doc}\ %license linux-%{KVERREL}/COPYING-%{version}-%{release}\ /lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}\ @@ -3241,6 +3383,7 @@ fi %ghost %attr(0600, root, root) /boot/symvers-%{KVERREL}%{?3:+%{3}}.gz\ %ghost %attr(0600, root, root) /boot/initramfs-%{KVERREL}%{?3:+%{3}}.img\ %ghost %attr(0644, root, root) /boot/config-%{KVERREL}%{?3:+%{3}}\ +%{expand:%%files -f %{name}-%{?3:%{3}-}modules-core.list %{?3:%{3}-}modules-core}\ %dir /lib/modules\ %dir /lib/modules/%{KVERREL}%{?3:+%{3}}\ %dir /lib/modules/%{KVERREL}%{?3:+%{3}}/kernel\ @@ -3270,6 +3413,11 @@ fi %{expand:%%files -f debuginfo%{?3}.list %{?3:%{3}-}debuginfo}\ %endif\ %endif\ +%if %{efiuki}\ +%{expand:%%files %{?3:%{3}-}uki-virt}\ +/lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi\ +%ghost /%{image_install_path}/efi/EFI/Linux/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?3:+%{3}}-virt.efi\ +%endif\ %if %{?3:1} %{!?3:0}\ %{expand:%%files %{3}}\ %endif\ @@ -3289,7 +3437,16 @@ fi %files debug-devel %files debug-devel-matched %files debug-modules +%files debug-modules-core %files debug-modules-extra +%if %{with_arm64_64k} +%files 64k-debug +%files 64k-debug-core +%files 64k-debug-devel +%files 64k-debug-devel-matched +%files 64k-debug-modules +%files 64k-debug-modules-extra +%endif %endif %kernel_variant_files %{use_vdso} %{with_pae} lpae %kernel_variant_files %{_use_vdso} %{with_zfcpdump} zfcpdump @@ -3313,6 +3470,11 @@ fi # # %changelog +* Wed Feb 15 2023 Luis Claudio R. Goncalves [5.14.0-269.rt14.269.el9] +- [rt] build kernel-rt-5.14.0-269.rt14.269.el9 [2125474] +- redhat: Add sub-RPM with a EFI unified kernel image for virtual machines (Vitaly Kuznetsov) [2142102] +- redhat: split sub-rpm kernel-modules-core from kernel-core (Gerd Hoffmann) [2142102] + * Wed Feb 15 2023 Luis Claudio R. Goncalves [5.14.0-268.rt14.268.el9] - [rt] build kernel-rt-5.14.0-268.rt14.268.el9 [2125474] - drm/i915/fbdev: do not create fbdev if HPD is suspended (Karol Herbst) [2156007] diff --git a/sources b/sources index f6f9eb2..472c364 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ SHA512 (kernel-abi-whitelists-5.13.0-1.tar.bz2) = ceba454e1f590c1e4ef4115a75463ae3ac2c2aa7ec85fa14a2669d666c421483a38225ee19d7d72b4ac7032375741408b23543e43588538c80161ec0cf57051c -SHA512 (linux-5.14.0-268.rt14.268.el9.tar.xz) = 299c70517cda8c7a770e60f853cb1a4d2b528a505fe8ebb0ac5d0041adcc0640497af66e7cb98626b4c06c8984bd34e9863c2a861fb18f882ed9414f2bf29248 -SHA512 (kernel-abi-stablelists-5.14.0-268.rt14.268.el9.tar.bz2) = 13bcfb29e1a7e6d620425651fa2623e126157e2750a651f61332e9ab497d96a4a43b43cac50142b8a1f7d4c082917e8b470f649f7396d1434a19f346fcac06ef -SHA512 (kernel-kabi-dw-5.14.0-268.rt14.268.el9.tar.bz2) = 565f812fa83a756ef7b91219031cfe80b1e853f22b4ed38ada76aed482caaf89df35e4d220f45728392765a757f8b0798e3b5a57fee0114e1d0379e887772578 +SHA512 (linux-5.14.0-269.rt14.269.el9.tar.xz) = e4f2295ab14a12cc491a9aac7c27cf494d38508008961fbb58101a31dfcdd0434afa9ab462f14c0ad3a5592e8328d388fd6e633d4b64e5004cc6331fcb3031fb +SHA512 (kernel-abi-stablelists-5.14.0-269.rt14.269.el9.tar.bz2) = 77b364e145e8c469f1becfc46a84b596c9eefbd961961c20f353373aa471da02baf32b1c928248b9addb658c3d21c793949eef1f20a3daf92b0ac0bdf11cc5c1 +SHA512 (kernel-kabi-dw-5.14.0-269.rt14.269.el9.tar.bz2) = 565f812fa83a756ef7b91219031cfe80b1e853f22b4ed38ada76aed482caaf89df35e4d220f45728392765a757f8b0798e3b5a57fee0114e1d0379e887772578