From cc0bb9cffbe9817eff4f66cbb05ec6d5ba0f23a7 Mon Sep 17 00:00:00 2001
From: Dorian Stoll <dorian.stoll@tmsp.io>
Date: Thu, 11 Mar 2021 10:31:19 +0100
Subject: [PATCH] pkg: fedora: Add support for Fedora 34

Also disable secureboot signing by default, and explicitly enable it in the CI.
This makes local builds easier, where you dont have the secureboot CA available.

Signed-off-by: Dorian Stoll <dorian.stoll@tmsp.io>
---
 .github/workflows/fedora-32.yml               |   2 +-
 .github/workflows/fedora-33.yml               |   2 +-
 .github/workflows/fedora-34.yml               | 128 ++++++++++++++++++
 pkg/fedora/kernel-surface/kernel-surface.spec |  39 +++++-
 pkg/fedora/makerpm                            |   4 +-
 5 files changed, 165 insertions(+), 10 deletions(-)
 create mode 100644 .github/workflows/fedora-34.yml

diff --git a/.github/workflows/fedora-32.yml b/.github/workflows/fedora-32.yml
index 0f3a3caee..6c630a606 100644
--- a/.github/workflows/fedora-32.yml
+++ b/.github/workflows/fedora-32.yml
@@ -38,7 +38,7 @@ jobs:
         cd pkg/fedora/kernel-surface
 
         # Build the .rpm packages
-        ../makerpm
+        ../makerpm -- --with=signkernel -ba
 
     - name: Sign packages
       env:
diff --git a/.github/workflows/fedora-33.yml b/.github/workflows/fedora-33.yml
index 9fed2e6c7..2bc4dfeeb 100644
--- a/.github/workflows/fedora-33.yml
+++ b/.github/workflows/fedora-33.yml
@@ -38,7 +38,7 @@ jobs:
         cd pkg/fedora/kernel-surface
 
         # Build the .rpm packages
-        ../makerpm
+        ../makerpm -- --with=signkernel -ba
 
     - name: Sign packages
       env:
diff --git a/.github/workflows/fedora-34.yml b/.github/workflows/fedora-34.yml
new file mode 100644
index 000000000..b171b7d36
--- /dev/null
+++ b/.github/workflows/fedora-34.yml
@@ -0,0 +1,128 @@
+on:
+  push:
+    tags:
+      - 'fedora-34-*'
+
+name: Fedora 34
+
+env:
+  GPG_KEY_ID: 56C464BAAC421453
+
+jobs:
+  build:
+    name: Build Kernel
+    runs-on: ubuntu-latest
+    container: fedora:34
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+
+    - name: Install build dependencies
+      run: |
+        dnf distro-sync -y
+        dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)'
+        dnf builddep -y pkg/fedora/kernel-surface/kernel-surface.spec
+
+    - name: Setup secureboot certificate
+      env:
+        SB_KEY: ${{ secrets.SURFACE_SB_KEY }}
+      run: |
+        cd pkg
+
+        # Install the surface secureboot certificate
+        echo "$SB_KEY" | base64 -d > fedora/kernel-surface/surface.key
+        cp keys/surface.crt fedora/kernel-surface/surface.crt
+
+    - name: Build packages
+      run: |
+        cd pkg/fedora/kernel-surface
+
+        # Build the .rpm packages
+        ../makerpm -- --with=signkernel -ba
+
+    - name: Sign packages
+      env:
+        GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }}
+      run: |
+        cd pkg/fedora/kernel-surface/out/x86_64
+
+        # import GPG key
+        echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes
+
+        # sign packages
+        rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID"
+
+    - name: Upload artifacts
+      uses: actions/upload-artifact@v1
+      with:
+        name: fedora-34-latest
+        path: pkg/fedora/kernel-surface/out/x86_64
+
+  release:
+    name: Publish release
+    needs: [build]
+    runs-on: ubuntu-latest
+    steps:
+    - name: Download artifacts
+      uses: actions/download-artifact@v1
+      with:
+        name: fedora-34-latest
+
+    - name: Upload assets
+      uses: svenstaro/upload-release-action@v1-release
+      with:
+        repo_token: ${{ secrets.GITHUB_BOT_TOKEN }}
+        file: ./*-latest/*
+        tag: ${{ github.ref }}
+        overwrite: true
+        file_glob: true
+
+  repo:
+    name: Update package repository
+    needs: [release]
+    runs-on: ubuntu-latest
+    container: fedora:34
+    steps:
+    - name: Install dependencies
+      run: |
+        dnf install -y git findutils
+
+    - name: Download artifacts
+      uses: actions/download-artifact@v1
+      with:
+        name: fedora-34-latest
+
+    - name: Update repository
+      env:
+        SURFACEBOT_TOKEN: ${{ secrets.GITHUB_BOT_TOKEN }}
+        BRANCH_STAGING: u/staging
+        GIT_REF: ${{ github.ref }}
+      run: |
+        repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git"
+
+        # clone package repository
+        git clone -b "${BRANCH_STAGING}" "${repo}" repo
+
+        # copy packages
+        cp fedora-34-latest/* repo/fedora/f34
+        cd repo/fedora/f34
+
+        # parse git tag from ref
+        GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g')
+
+        # convert packages into references
+        for pkg in $(find . -name '*.rpm'); do
+          echo "linux-surface:$GIT_TAG/$(basename $pkg)" > $pkg.blob
+          rm $pkg
+        done
+
+        # set git identity
+        git config --global user.email "surfacebot@users.noreply.github.com"
+        git config --global user.name "surfacebot"
+
+        # commit and push
+        update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)"
+        git checkout -b "${update_branch}"
+        git add .
+        git commit -m "Update Fedora 34 kernel"
+        git push --set-upstream origin "${update_branch}"
diff --git a/pkg/fedora/kernel-surface/kernel-surface.spec b/pkg/fedora/kernel-surface/kernel-surface.spec
index 39f13e3f3..0009e1898 100755
--- a/pkg/fedora/kernel-surface/kernel-surface.spec
+++ b/pkg/fedora/kernel-surface/kernel-surface.spec
@@ -2,12 +2,18 @@
 # Definitions to configure the kernel we want to build
 #
 
+%global kernel_tag_fc34 kernel-5.11.5-300.fc34
 %global kernel_tag_fc33 kernel-5.10.21-200.fc33
 %global kernel_tag_fc32 kernel-5.10.21-100.fc32
 
+%global kernel_release_fc34 1
 %global kernel_release_fc33 1
 %global kernel_release_fc32 1
 
+# This is what is printed in the GRUB menu. These cannot be fetched from the
+# buildhost, because in a container this will also say container. To get the
+# same text as the default kernels, just hardcode it. Hey, this is important!
+%global fedora_title_fc34 34 (Thirty Four)
 %global fedora_title_fc33 33 (Thirty Three)
 %global fedora_title_fc32 32 (Thirty Two)
 
@@ -41,6 +47,8 @@
 # Actual specfile starts here
 #
 
+%bcond_with signkernel
+
 Name:       kernel-surface
 Summary:    The Linux Kernel with patches for Microsoft Surface
 Version:    %{kernel_version}
@@ -81,12 +89,29 @@ Source0:    %{fedora_source}/archive/%{kernel_tag}.tar.gz
 Source1:    %{surface_source}/configs/surface-%{kernel_majorver}.config
 Source2:    fedora.config
 
+%if %{with signkernel}
 Source20:   %{sb_crt}
 Source21:   %{sb_key}
+%endif
 
 Source100:  mod-sign.sh
 Source101:  parallel_xz.sh
 
+%if "%{kernel_majorver}" == "5.11"
+
+Patch0:     %{surface_source}/%{kernel_patches}/0001-surface3-oemb.patch
+Patch1:     %{surface_source}/%{kernel_patches}/0002-wifi.patch
+Patch2:     %{surface_source}/%{kernel_patches}/0003-ipts.patch
+Patch3:     %{surface_source}/%{kernel_patches}/0004-surface-sam-over-hid.patch
+Patch4:     %{surface_source}/%{kernel_patches}/0005-surface-sam.patch
+Patch5:     %{surface_source}/%{kernel_patches}/0006-surface-hotplug.patch
+Patch6:     %{surface_source}/%{kernel_patches}/0007-surface-typecover.patch
+Patch7:     %{surface_source}/%{kernel_patches}/0008-surface-sensors.patch
+Patch8:     %{surface_source}/%{kernel_patches}/0009-cameras.patch
+Patch9:     %{surface_source}/%{kernel_patches}/0010-ath10k-firmware-override.patch
+
+%else
+
 Patch0:     %{surface_source}/%{kernel_patches}/0001-surface3-oemb.patch
 Patch1:     %{surface_source}/%{kernel_patches}/0002-wifi.patch
 Patch2:     %{surface_source}/%{kernel_patches}/0003-ipts.patch
@@ -99,6 +124,8 @@ Patch8:     %{surface_source}/%{kernel_patches}/0009-surface-sensors.patch
 Patch9:     %{surface_source}/%{kernel_patches}/0010-cameras.patch
 Patch10:    %{surface_source}/%{kernel_patches}/0011-ath10k-firmware-override.patch
 
+%endif
+
 Patch100:   0001-Add-secureboot-pre-signing-to-the-kernel.patch
 
 ExclusiveArch: x86_64
@@ -121,7 +148,7 @@ This package provides kernel headers and makefiles sufficient to build modules
 against the kernel-surface package.
 
 %prep
-%autosetup -S git_am -n linux-fedora-%{kernel_tag}
+%autosetup -p1 -n linux-fedora-%{kernel_tag}
 
 scripts/kconfig/merge_config.sh         \
 	fedora/configs/%{kernel_config} \
@@ -131,11 +158,11 @@ scripts/kconfig/merge_config.sh         \
 echo $((%{kernel_release} - 1)) > .version
 
 # Copy secureboot certificates if they are available
-if [ -f "%{SOURCE20}" ] && [ -f "%{SOURCE21}" ]; then
-	mkdir -p keys
-	cp %{SOURCE20} keys/MOK.crt
-	cp %{SOURCE21} keys/MOK.key
-fi
+%if %{with signkernel}
+mkdir -p keys
+cp %{SOURCE20} keys/MOK.crt
+cp %{SOURCE21} keys/MOK.key
+%endif
 
 # This Prevents scripts/setlocalversion from mucking with our version numbers.
 touch .scmversion
diff --git a/pkg/fedora/makerpm b/pkg/fedora/makerpm
index e551a3f2a..10fdd54bc 100755
--- a/pkg/fedora/makerpm
+++ b/pkg/fedora/makerpm
@@ -50,8 +50,8 @@ while getopts ":hcsf:k:" args; do
 done
 shift $((OPTIND-1))
 
-if [ ! "$@" = "" ]; then
-	OPTS="$@"
+if [ ! "$*" = "" ]; then
+	OPTS="$*"
 fi
 
 # Check if the specfile exists