We've been doing a workaround of using a uuid for the build-id for
userspace binaries to let us get parallel debuginfo (the trick we
use for the kernel doesn't extend to userspace binaries). This
works but isn't ideal for reproducibility. Given we don't actually
care about this debuginfo, just remove it from the buildroot completely.
The "regular" definition of the with_kabichk macro does not need to
be commented out while it is temporarily (re-)defined as 0 on the
next line. This avoids a "Macro expanded in comment" warning.
Remove comments on the same line as %endif directives. Instead, make
a couple of these conditionals easier to read (and consistent with
the surrounding ones) by deleting a few blank lines.
From the original RHEL patch:
This extra '+' causes problems with the regular expression used with
/usr/lib/rpm/find-debuginfo.sh script from rpm-build, which is used to filter
the debug files to the corresponding debuginfo packages. The '+' character
in the release is interpreted as a regular expression operator and the
debuginfo filter fails, with the build failing on an empty debuginfo file list.
Which means we need to escape the extra '+' character if we want debuginfo
filter to work. I tried to use '\' to escape, but rpm "eats" that, in testing
'[+]' worked so is what I'm using to fix/workaround this problem. When RHEL 8
drops the the extra +<number> in the future, we can remove this fix/workaround.
This problem is likely to come up so just add it in now.
Fedora does some validation on config options to catch
errors. There may be cases when we want to turn off that
checking because it doesn't actually matter. Make this a
full --with option to make it easier to turn off.
Some of the downstream users want to package some modules for
internal use only. While Fedora isn't internal, it's still
useful to have packaging aligned. Add a few modules to this
package.
Other products downstream of Fedora offer kernel ABI guarantees.
Fedora doesn't offer this and have no plans to do so but it's
useful to at least have the packaging in our tree. Add support.
Fedora currently only supports x86_64 secureboot signing.
There's ongoing work to enable other arches though. For now,
just bring in the packaging support with some of it commented
out.