# # Definitions to configure the kernel we want to build # %global kernel_tag_fc34 kernel-5.14.9-200.fc34 %global kernel_tag_fc33 kernel-5.14.9-100.fc33 %global kernel_release_fc34 1 %global kernel_release_fc33 1 # This is what is printed in the GRUB menu. These cannot be fetched from the # buildhost, because in a container this will also say container. To get the # same text as the default kernels, just hardcode it. Hey, this is important! %global fedora_title_fc34 34 (Thirty Four) %global fedora_title_fc33 33 (Thirty Three) %global ls_patches_commit 2e96060ff1a4837350aa9564b5f871efd5575a9b %global sb_crt surface.crt %global sb_key surface.key # # Definitions that get automatically generated from the ones above # %global kernel_tag %{kernel_tag_fc%{fedora}} %global kernel_release %{kernel_release_fc%{fedora}} %global fedora_title %{fedora_title_fc%{fedora}} %global kernel_version %(echo %{kernel_tag} | cut -d'-' -f2) %global kernel_majorver %(echo %{kernel_version} | cut -d'.' -f1-2) %global kernel_patches patches/%{kernel_majorver} %global kernel_localversion %{kernel_release}.surface%{?dist}.%{_target_cpu} %global kernel_config kernel-%{kernel_version}-%{_target_cpu}.config %global kernel_name %{kernel_version}-%{kernel_localversion} %global fedora_source https://github.com/StollD/linux-fedora %global surface_source https://raw.githubusercontent.com/linux-surface/linux-surface/%{ls_patches_commit} %global kernel_modpath %{buildroot}/lib/modules/%{kernel_name} # # Actual specfile starts here # %bcond_with signkernel Name: kernel-surface Summary: The Linux Kernel with patches for Microsoft Surface Version: %{kernel_version} Release: %{kernel_release}%{?dist} License: GPLv2 URL: https://github.com/linux-surface/linux-surface Provides: installonlypkg(kernel-surface) Provides: kernel-uname-r = %{kernel_name} Provides: kernel-core-uname-r = %{kernel_name} Provides: kernel-modules-uname-r = %{kernel_name} Recommends: iptsd Requires(pre): coreutils, systemd >= 203-2, /usr/bin/kernel-install Requires(pre): dracut >= 027 Requires(pre): linux-firmware >= 20150904-56.git6ebf5d57 Requires(preun): systemd >= 200 BuildRequires: openssl openssl-devel BuildRequires: kmod, patch, bash, tar, git-core, sbsigntools BuildRequires: bzip2, xz, findutils, gzip, m4, perl-interpreter, BuildRequires: perl-Carp, perl-devel, perl-generators, make, diffutils, BuildRequires: gawk, gcc, binutils, redhat-rpm-config, hmaccalc, bison BuildRequires: flex, net-tools, hostname, bc, elfutils-devel BuildRequires: gcc-plugin-devel dwarves # Used to mangle unversioned shebangs to be Python 3 BuildRequires: python3-devel Conflicts: xfsprogs < 4.3.0-1 Conflicts: xorg-x11-drv-vmmouse < 13.0.99 BuildConflicts: rhbuildsys(DiskFree) < 500Mb BuildConflicts: rpm < 4.13.0.1-19 BuildConflicts: dwarves < 1.13 Source0: %{fedora_source}/archive/%{kernel_tag}.tar.gz Source1: %{surface_source}/configs/surface-%{kernel_majorver}.config Source2: fedora.config %if %{with signkernel} Source20: %{sb_crt} Source21: %{sb_key} %endif Source100: mod-sign.sh Source101: parallel_xz.sh Patch0: %{surface_source}/%{kernel_patches}/0001-surface3-oemb.patch Patch1: %{surface_source}/%{kernel_patches}/0002-mwifiex.patch Patch2: %{surface_source}/%{kernel_patches}/0003-ath10k.patch Patch3: %{surface_source}/%{kernel_patches}/0004-ipts.patch Patch4: %{surface_source}/%{kernel_patches}/0005-surface-sam-over-hid.patch Patch5: %{surface_source}/%{kernel_patches}/0006-surface-typecover.patch Patch6: %{surface_source}/%{kernel_patches}/0007-cameras.patch Patch7: %{surface_source}/%{kernel_patches}/0008-amd-gpio.patch Patch8: %{surface_source}/%{kernel_patches}/0009-amd-s0ix.patch Patch100: 0001-Add-secureboot-pre-signing-to-the-kernel.patch ExclusiveArch: x86_64 %global debug_package %{nil} %global _build_id_links alldebug %description The Linux Kernel, the operating system core itself, with support for Microsoft Surface. %package devel Summary: Development package for building kernel modules for kernel-surface AutoReqProv: no Provides: installonlypkg(kernel-surface) Provides: kernel-devel-uname-r = %{kernel_name} %description devel This package provides kernel headers and makefiles sufficient to build modules against the kernel-surface package. %prep %autosetup -p1 -n linux-fedora-%{kernel_tag} scripts/kconfig/merge_config.sh \ fedora/configs/%{kernel_config} \ %{SOURCE1} \ %{SOURCE2} echo $((%{kernel_release} - 1)) > .version # Copy secureboot certificates if they are available %if %{with signkernel} mkdir -p keys cp %{SOURCE20} keys/MOK.crt cp %{SOURCE21} keys/MOK.key %endif # This Prevents scripts/setlocalversion from mucking with our version numbers. touch .scmversion # Mangle /usr/bin/python shebangs to /usr/bin/python3 # Mangle all Python shebangs to be Python 3 explicitly # -p preserves timestamps # -n prevents creating ~backup files # -i specifies the interpreter for the shebang # This fixes errors such as # *** ERROR: ambiguous python shebang in /usr/bin/kvm_stat: #!/usr/bin/python. Change it to python3 (or python2) explicitly. # We patch all sources below for which we got a report/error. pathfix.py -i "%{__python3} %{py3_shbang_opts}" -p -n \ tools/kvm/kvm_stat/kvm_stat \ scripts/show_delta \ scripts/diffconfig \ scripts/bloat-o-meter \ scripts/jobserver-exec \ tools \ Documentation \ scripts/clang-tools %build # This ensures build-ids are unique to allow parallel debuginfo perl -p -i -e "s/^CONFIG_BUILD_SALT.*/CONFIG_BUILD_SALT=\"%{kernel_name}\"/" .config make %{?_smp_mflags} all LOCALVERSION=-%{kernel_localversion} ARCH=%{_target_cpu} %define __modsign_install_post \ %{SOURCE100} certs/signing_key.pem certs/signing_key.x509 %{kernel_modpath} \ find %{kernel_modpath} -type f -name '*.ko' | %{SOURCE101} %{?_smp_mflags}; \ %{nil} # # Disgusting hack alert! We need to ensure we sign modules *after* all # invocations of strip occur. # %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}}\ %{__arch_install_post}\ %{__os_install_post}\ %{__modsign_install_post} %install mkdir -p %{buildroot}/boot # Install modules make %{?_smp_mflags} INSTALL_MOD_PATH=%{buildroot} modules_install KERNELRELEASE=%{kernel_name} # Install vmlinuz image_name=$(make -s image_name) install -m 755 $image_name %{buildroot}/boot/vmlinuz-%{kernel_name} install -m 755 $image_name %{kernel_modpath}/vmlinuz # Install System.map and .config install -m 644 System.map %{kernel_modpath}/System.map install -m 644 System.map %{buildroot}/boot/System.map-%{kernel_name} install -m 644 .config %{kernel_modpath}/config install -m 644 .config %{buildroot}/boot/config-%{kernel_name} # hmac sign the kernel for FIPS sha512hmac %{buildroot}/boot/vmlinuz-%{kernel_name} | sed -e "s,%{buildroot},," > %{kernel_modpath}/.vmlinuz.hmac cp %{kernel_modpath}/.vmlinuz.hmac %{buildroot}/boot/.vmlinuz-%{kernel_name}.hmac # mark modules executable so that strip-to-file can strip them find %{kernel_modpath} -name "*.ko" -type f | xargs --no-run-if-empty chmod u+x # Setup directories for -devel files rm -f %{kernel_modpath}/build rm -f %{kernel_modpath}/source mkdir -p %{kernel_modpath}/build pushd %{kernel_modpath} ln -s build source popd # first copy everything cp --parents $(find -type f -name "Makefile*" -o -name "Kconfig*") %{kernel_modpath}/build cp Module.symvers %{kernel_modpath}/build cp System.map %{kernel_modpath}/build if [ -s Module.markers ]; then cp Module.markers %{kernel_modpath}/build fi # then drop all but the needed Makefiles/Kconfig files rm -rf %{kernel_modpath}/build/scripts rm -rf %{kernel_modpath}/build/include cp .config %{kernel_modpath}/build cp -a scripts %{kernel_modpath}/build rm -rf %{kernel_modpath}/build/scripts/tracing rm -f %{kernel_modpath}/build/scripts/spdxcheck.py if [ -f tools/objtool/objtool ]; then cp -a tools/objtool/objtool %{kernel_modpath}/build/tools/objtool/ || : # these are a few files associated with objtool cp -a --parents tools/build/Build.include %{kernel_modpath}/build/ cp -a --parents tools/build/Build %{kernel_modpath}/build/ cp -a --parents tools/build/fixdep.c %{kernel_modpath}/build/ cp -a --parents tools/scripts/utilities.mak %{kernel_modpath}/build/ # also more than necessary but it's not that many more files cp -a --parents tools/objtool/* %{kernel_modpath}/build/ cp -a --parents tools/lib/str_error_r.c %{kernel_modpath}/build/ cp -a --parents tools/lib/string.c %{kernel_modpath}/build/ cp -a --parents tools/lib/subcmd/* %{kernel_modpath}/build/ fi if [ -d arch/x86/scripts ]; then cp -a arch/x86/scripts %{kernel_modpath}/build/arch/x86/ || : fi if [ -f arch/x86/*lds ]; then cp -a arch/x86/*lds %{kernel_modpath}/build/arch/x86/ || : fi if [ -f arch/x86/kernel/module.lds ]; then cp -a --parents arch/x86/kernel/module.lds %{kernel_modpath}/build/ fi rm -f %{kernel_modpath}/build/scripts/*.o rm -f %{kernel_modpath}/build/scripts/*/*.o if [ -d arch/x86/include ]; then cp -a --parents arch/x86/include %{kernel_modpath}/build/ fi cp -a include %{kernel_modpath}/build/include # files for 'make prepare' to succeed with kernel-devel cp -a --parents arch/x86/entry/syscalls/syscall_32.tbl %{kernel_modpath}/build/ cp -a --parents arch/x86/entry/syscalls/syscall_64.tbl %{kernel_modpath}/build/ cp -a --parents arch/x86/tools/relocs_32.c %{kernel_modpath}/build/ cp -a --parents arch/x86/tools/relocs_64.c %{kernel_modpath}/build/ cp -a --parents arch/x86/tools/relocs.c %{kernel_modpath}/build/ cp -a --parents arch/x86/tools/relocs_common.c %{kernel_modpath}/build/ cp -a --parents arch/x86/tools/relocs.h %{kernel_modpath}/build/ cp -a --parents scripts/syscalltbl.sh %{kernel_modpath}/build/ cp -a --parents scripts/syscallhdr.sh %{kernel_modpath}/build/ # Yes this is more includes than we probably need. Feel free to sort out # dependencies if you so choose. cp -a --parents tools/include/* %{kernel_modpath}/build/ cp -a --parents arch/x86/purgatory/purgatory.c %{kernel_modpath}/build/ cp -a --parents arch/x86/purgatory/stack.S %{kernel_modpath}/build/ cp -a --parents arch/x86/purgatory/setup-x86_64.S %{kernel_modpath}/build/ cp -a --parents arch/x86/purgatory/entry64.S %{kernel_modpath}/build/ cp -a --parents arch/x86/boot/string.h %{kernel_modpath}/build/ cp -a --parents arch/x86/boot/string.c %{kernel_modpath}/build/ cp -a --parents arch/x86/boot/ctype.h %{kernel_modpath}/build/ # Make sure the Makefile and version.h have a matching timestamp so that # external modules can be built touch -r %{kernel_modpath}/build/Makefile %{kernel_modpath}/build/include/generated/uapi/linux/version.h # Copy .config to include/config/auto.conf so "make prepare" is unnecessary. cp %{kernel_modpath}/build/.config %{kernel_modpath}/build/include/config/auto.conf mkdir -p %{buildroot}/usr/src/kernels mv %{kernel_modpath}/build %{buildroot}/usr/src/kernels/%{kernel_name} # This is going to create a broken link during the build, but we don't use # it after this point. We need the link to actually point to something # when kernel-devel is installed, and a relative link doesn't work across # the F17 UsrMove feature. ln -sf /usr/src/kernels/%{kernel_name} %{kernel_modpath}/build # prune junk from kernel-devel find %{buildroot}/usr/src/kernels -name ".*.cmd" -delete # remove files that will be auto generated by depmod at rpm -i time pushd %{kernel_modpath} rm -f modules.{alias*,builtin.bin,dep*,*map,symbols*,devname,softdep} popd # build a BLS config for this kernel cat >%{kernel_modpath}/bls.conf < - Initial version