3:16 a.m.
From: Vitaly Kuznetsov on gitlab.com
Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175
The new 'kernel-unified-virt' sub-RPM is added on x86_64 targets.
This matches the following CS9 request:
https://gitlab.com/redhat/centos-stream/src/kernel/centos-
stream-9/-/merge_requests/1736
This contains an EFI application that provides a combined vmlinux,
initrd and cmdline, as a so called 'unified kernel image'. The
spec for this is defined by the boot loader specification
https://systemd.io/BOOT_LOADER_SPECIFICATION/#type-2-efi-unified-kernel-
images
Note: the newly introduced sub-package just puts UKI to /boot/efi/EFI/Linux/,
it is supposed to be booted directly from firmware or directly from shim and
this part is environement specific and not (yet) automated.
Based-on-patch-by: Daniel P. Berrangé <berrange(a)redhat.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com>
---
redhat/Makefile | 1 +
redhat/dracut-virt.conf | 35 ++++++++
redhat/kernel.spec.template | 179 +++++++++++++++++++++++++++++++++++++------
3 files changed, 190 insertions(+), 25 deletions(-)
3:16 a.m.
New subject: [OS-BUILD PATCH 1/3] redhat: rename sub-rpm: kernel-modules ->
kernel-modules-standard
From: Gerd Hoffmann <kraxel(a)redhat.com>
redhat: rename sub-rpm: kernel-modules -> kernel-modules-standard
Makes all module sub-rpms follow the scheme kernel-modules-<what>,
which hopefully reduces naming confusion a bit.
Signed-off-by: Gerd Hoffmann <kraxel(a)redhat.com>
[vitaly: add 'Provides: kernel-modules' for backwards compatibility]
Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com>
diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template
index blahblah..blahblah 100755
--- a/redhat/kernel.spec.template
+++ b/redhat/kernel.spec.template
@@ -570,7 +570,7 @@ ExclusiveArch: noarch i386 i686 x86_64 s390x %{arm} aarch64 ppc64le
ExclusiveOS: Linux
%ifnarch %{nobuildarches}
Requires: kernel-core-uname-r = %{KVERREL}
-Requires: kernel-modules-uname-r = %{KVERREL}
+Requires: kernel-modules-standard-uname-r = %{KVERREL}
%endif
@@ -1206,7 +1206,7 @@ Provides: kernel%{?1:-%{1}}-modules-internal =
%{version}-%{release}%{?1:+%{1}}\
Provides: installonlypkg(kernel-module)\
Provides: kernel%{?1:-%{1}}-modules-internal-uname-r = %{KVERREL}%{?1:+%{1}}\
Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\
-Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?1:+%{1}}\
+Requires: kernel%{?1:-%{1}}-modules-standard-uname-r = %{KVERREL}%{?1:+%{1}}\
AutoReq: no\
AutoProv: yes\
%description %{?1:%{1}-}modules-internal\
@@ -1226,7 +1226,7 @@ Provides: kernel%{?1:-%{1}}-modules-extra =
%{version}-%{release}%{?1:+%{1}}\
Provides: installonlypkg(kernel-module)\
Provides: kernel%{?1:-%{1}}-modules-extra-uname-r = %{KVERREL}%{?1:+%{1}}\
Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\
-Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?1:+%{1}}\
+Requires: kernel%{?1:-%{1}}-modules-standard-uname-r = %{KVERREL}%{?1:+%{1}}\
%if %{-m:1}%{!-m:0}\
Requires: kernel-modules-extra-uname-r = %{KVERREL}\
%endif\
@@ -1237,24 +1237,27 @@ This package provides less commonly used kernel modules for the
%{?2:%{2} }kerne
%{nil}
#
-# This macro creates a kernel-<subpackage>-modules package.
-# %%kernel_modules_package [-m] <subpackage> <pretty-name>
+# This macro creates a kernel-<subpackage>-modules-standard package.
+# %%kernel_modules_standard_package [-m] <subpackage> <pretty-name>
#
-%define kernel_modules_package(m) \
-%package %{?1:%{1}-}modules\
-Summary: kernel modules to match the %{?2:%{2}-}core kernel\
+%define kernel_modules_standard_package(m) \
+%package %{?1:%{1}-}modules-standard\
+Summary: Standard kernel modules to match the %{?2:%{2}-}core kernel\
+Provides: kernel%{?1:-%{1}}-modules-standard-%{_target_cpu} = %{version}-%{release}\
+Provides: kernel-modules-standard-%{_target_cpu} = %{version}-%{release}%{?1:+%{1}}\
+Provides: kernel-modules-standard = %{version}-%{release}%{?1:+%{1}}\
Provides: kernel%{?1:-%{1}}-modules-%{_target_cpu} = %{version}-%{release}\
Provides: kernel-modules-%{_target_cpu} = %{version}-%{release}%{?1:+%{1}}\
Provides: kernel-modules = %{version}-%{release}%{?1:+%{1}}\
Provides: installonlypkg(kernel-module)\
-Provides: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?1:+%{1}}\
+Provides: kernel%{?1:-%{1}}-modules-standard-uname-r = %{KVERREL}%{?1:+%{1}}\
Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\
%if %{-m:1}%{!-m:0}\
-Requires: kernel-modules-uname-r = %{KVERREL}\
+Requires: kernel-modules-standard-uname-r = %{KVERREL}\
%endif\
AutoReq: no\
AutoProv: yes\
-%description %{?1:%{1}-}modules\
+%description %{?1:%{1}-}modules-standard\
This package provides commonly used kernel modules for the %{?2:%{2}-}core kernel
package.\
%{nil}
@@ -1266,7 +1269,7 @@ This package provides commonly used kernel modules for the
%{?2:%{2}-}core kerne
%package %{1}\
summary: kernel meta-package for the %{1} kernel\
Requires: kernel-%{1}-core-uname-r = %{KVERREL}+%{1}\
-Requires: kernel-%{1}-modules-uname-r = %{KVERREL}+%{1}\
+Requires: kernel-%{1}-modules-standard-uname-r = %{KVERREL}+%{1}\
Provides: installonlypkg(kernel)\
%description %{1}\
The meta-package for the %{1} kernel\
@@ -1291,7 +1294,7 @@ Requires: kernel-core-uname-r = %{KVERREL}\
%endif\
%{expand:%%kernel_devel_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\
%{expand:%%kernel_devel_matched_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}
%{-m:%{-m}}}\
-%{expand:%%kernel_modules_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\
+%{expand:%%kernel_modules_standard_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}
%{-m:%{-m}}}\
%{expand:%%kernel_modules_extra_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}
%{-m:%{-m}}}\
%if %{-m:0}%{!-m:1}\
%{expand:%%kernel_modules_internal_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}}\
@@ -1316,7 +1319,7 @@ Provides: kernel%{?1:-%{1}}-modules-partner =
%{version}-%{release}%{?1:+%{1}}\
Provides: installonlypkg(kernel-module)\
Provides: kernel%{?1:-%{1}}-modules-partner-uname-r = %{KVERREL}%{?1:+%{1}}\
Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\
-Requires: kernel%{?1:-%{1}}-modules-uname-r = %{KVERREL}%{?1:+%{1}}\
+Requires: kernel%{?1:-%{1}}-modules-standard-uname-r = %{KVERREL}%{?1:+%{1}}\
AutoReq: no\
AutoProv: yes\
%description %{?1:%{1}-}modules-partner\
@@ -2169,7 +2172,7 @@ BuildKernel() {
# Make sure the files lists start with absolute paths or rpmbuild fails.
# Also add in the dir entries
- sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/k-d.list >
../kernel${Variant:+-${Variant}}-modules.list
+ sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/k-d.list >
../kernel${Variant:+-${Variant}}-modules-standard.list
sed -e 's/^lib*/%dir \/lib/' %{?zipsed} $RPM_BUILD_ROOT/module-dirs.list >
../kernel${Variant:+-${Variant}}-core.list
sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/modules.list >>
../kernel${Variant:+-${Variant}}-core.list
sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/mod-extra.list >>
../kernel${Variant:+-${Variant}}-modules-extra.list
@@ -2817,18 +2820,18 @@ fi\
# It also defines a %%postun script that does the same thing.
# %%kernel_modules_post [<subpackage>]
#
-%define kernel_modules_post() \
-%{expand:%%post %{?1:%{1}-}modules}\
+%define kernel_modules_standard_post() \
+%{expand:%%post %{?1:%{1}-}modules-standard}\
/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\
if [ ! -f %{_localstatedir}/lib/rpm-state/%{name}/installing_core_%{KVERREL}%{?1:+%{1}}
]; then\
mkdir -p %{_localstatedir}/lib/rpm-state/%{name}\
touch %{_localstatedir}/lib/rpm-state/%{name}/need_to_run_dracut_%{KVERREL}%{?1:+%{1}}\
fi\
%{nil}\
-%{expand:%%postun %{?1:%{1}-}modules}\
+%{expand:%%postun %{?1:%{1}-}modules-standard}\
/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\
%{nil}\
-%{expand:%%posttrans %{?1:%{1}-}modules}\
+%{expand:%%posttrans %{?1:%{1}-}modules-standard}\
if [ -f %{_localstatedir}/lib/rpm-state/%{name}/need_to_run_dracut_%{KVERREL}%{?1:+%{1}}
]; then\
rm -f %{_localstatedir}/lib/rpm-state/%{name}/need_to_run_dracut_%{KVERREL}%{?1:+%{1}}\
echo "Running: dracut -f --kver %{KVERREL}%{?1:+%{1}}"\
@@ -2863,7 +2866,7 @@ fi\
#
%define kernel_variant_post(v:r:) \
%{expand:%%kernel_devel_post %{?-v*}}\
-%{expand:%%kernel_modules_post %{?-v*}}\
+%{expand:%%kernel_modules_standard_post %{?-v*}}\
%{expand:%%kernel_modules_extra_post %{?-v*}}\
%{expand:%%kernel_modules_internal_post %{?-v*}}\
%if 0%{!?fedora:1}\
@@ -3125,7 +3128,7 @@ fi
/lib/modules/%{KVERREL}%{?3:+%{3}}/vdso\
%endif\
/lib/modules/%{KVERREL}%{?3:+%{3}}/modules.*\
-%{expand:%%files -f kernel-%{?3:%{3}-}modules.list %{?3:%{3}-}modules}\
+%{expand:%%files -f kernel-%{?3:%{3}-}modules-standard.list
%{?3:%{3}-}modules-standard}\
%{expand:%%files %{?3:%{3}-}devel}\
%defverify(not mtime)\
/usr/src/kernels/%{KVERREL}%{?3:+%{3}}\
@@ -3154,7 +3157,7 @@ fi
%files debug-core
%files debug-devel
%files debug-devel-matched
-%files debug-modules
+%files debug-modules-standard
%files debug-modules-extra
%endif
%kernel_variant_files %{use_vdso} %{with_pae} lpae
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175
3:16 a.m.
New subject: [OS-BUILD PATCH 2/3] redhat: split sub-rpm kernel-modules-core from
kernel-core
From: Gerd Hoffmann <kraxel(a)redhat.com>
redhat: split sub-rpm kernel-modules-core from kernel-core
All kernel modules plus support files (such as the files generated
by depmod) are moved to the new kernel-modules-core sub-rpm.
The kernel binary plus support files stay in the kernel-core sub-rpm.
This essentially includes the files which are copied over to /boot by
the kernel-install utility (vmlinuz, System.map, ...).
With this in place we have a strict separation between sub-rpms carrying
a kernel image and sub-rpms carrying kernel modules. This should make it
easier to use alternative kernel image packages, for example an unified
kernel.
Signed-off-by: Gerd Hoffmann <kraxel(a)redhat.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com>
diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template
index blahblah..blahblah 100755
--- a/redhat/kernel.spec.template
+++ b/redhat/kernel.spec.template
@@ -570,6 +570,7 @@ ExclusiveArch: noarch i386 i686 x86_64 s390x %{arm} aarch64 ppc64le
ExclusiveOS: Linux
%ifnarch %{nobuildarches}
Requires: kernel-core-uname-r = %{KVERREL}
+Requires: kernel-modules-core-uname-r = %{KVERREL}
Requires: kernel-modules-standard-uname-r = %{KVERREL}
%endif
@@ -885,6 +886,7 @@ Provides: kernel = %{specversion}-%{pkg_release}\
%endif\
Provides: kernel-%{_target_cpu} = %{specversion}-%{pkg_release}%{?1:+%{1}}\
Provides: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\
+Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\
Requires(pre): %{kernel_prereq}\
Requires(pre): %{initrd_prereq}\
Requires(pre): ((linux-firmware >= 20150904-56.git6ebf5d57) if linux-firmware)\
@@ -1206,6 +1208,7 @@ Provides: kernel%{?1:-%{1}}-modules-internal =
%{version}-%{release}%{?1:+%{1}}\
Provides: installonlypkg(kernel-module)\
Provides: kernel%{?1:-%{1}}-modules-internal-uname-r = %{KVERREL}%{?1:+%{1}}\
Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\
+Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\
Requires: kernel%{?1:-%{1}}-modules-standard-uname-r = %{KVERREL}%{?1:+%{1}}\
AutoReq: no\
AutoProv: yes\
@@ -1226,6 +1229,7 @@ Provides: kernel%{?1:-%{1}}-modules-extra =
%{version}-%{release}%{?1:+%{1}}\
Provides: installonlypkg(kernel-module)\
Provides: kernel%{?1:-%{1}}-modules-extra-uname-r = %{KVERREL}%{?1:+%{1}}\
Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\
+Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\
Requires: kernel%{?1:-%{1}}-modules-standard-uname-r = %{KVERREL}%{?1:+%{1}}\
%if %{-m:1}%{!-m:0}\
Requires: kernel-modules-extra-uname-r = %{KVERREL}\
@@ -1252,6 +1256,7 @@ Provides: kernel-modules = %{version}-%{release}%{?1:+%{1}}\
Provides: installonlypkg(kernel-module)\
Provides: kernel%{?1:-%{1}}-modules-standard-uname-r = %{KVERREL}%{?1:+%{1}}\
Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\
+Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\
%if %{-m:1}%{!-m:0}\
Requires: kernel-modules-standard-uname-r = %{KVERREL}\
%endif\
@@ -1261,6 +1266,28 @@ AutoProv: yes\
This package provides commonly used kernel modules for the %{?2:%{2}-}core kernel
package.\
%{nil}
+#
+# This macro creates a kernel-<subpackage>-modules-core package.
+# %%kernel_modules_core_package [-m] <subpackage> <pretty-name>
+#
+%define kernel_modules_core_package(m) \
+%package %{?1:%{1}-}modules-core\
+Summary: Core kernel modules to match the %{?2:%{2}-}core kernel\
+Provides: kernel%{?1:-%{1}}-modules-core-%{_target_cpu} = %{version}-%{release}\
+Provides: kernel-modules-core-%{_target_cpu} = %{version}-%{release}%{?1:+%{1}}\
+Provides: kernel-modules-core = %{version}-%{release}%{?1:+%{1}}\
+Provides: installonlypkg(kernel-module)\
+Provides: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\
+Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\
+%if %{-m:1}%{!-m:0}\
+Requires: kernel-modules-core-uname-r = %{KVERREL}\
+%endif\
+AutoReq: no\
+AutoProv: yes\
+%description %{?1:%{1}-}modules-core\
+This package provides essential kernel modules for the %{?2:%{2}-}core kernel package.\
+%{nil}
+
#
# this macro creates a kernel-<subpackage> meta package.
# %%kernel_meta_package <subpackage>
@@ -1269,6 +1296,7 @@ This package provides commonly used kernel modules for the
%{?2:%{2}-}core kerne
%package %{1}\
summary: kernel meta-package for the %{1} kernel\
Requires: kernel-%{1}-core-uname-r = %{KVERREL}+%{1}\
+Requires: kernel-%{1}-modules-core-uname-r = %{KVERREL}+%{1}\
Requires: kernel-%{1}-modules-standard-uname-r = %{KVERREL}+%{1}\
Provides: installonlypkg(kernel)\
%description %{1}\
@@ -1287,6 +1315,7 @@ Provides: kernel-%{?1:%{1}-}core-uname-r = %{KVERREL}%{?1:+%{1}}\
Provides: installonlypkg(kernel)\
%if %{-m:1}%{!-m:0}\
Requires: kernel-core-uname-r = %{KVERREL}\
+Requires: kernel-%{?1:%{1}-}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\
%endif\
%{expand:%%kernel_reqprovconf %{?1:%{1}} %{-o:%{-o}}}\
%if %{?1:1} %{!?1:0} \
@@ -1294,6 +1323,7 @@ Requires: kernel-core-uname-r = %{KVERREL}\
%endif\
%{expand:%%kernel_devel_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}} %{-m:%{-m}}}\
%{expand:%%kernel_devel_matched_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}
%{-m:%{-m}}}\
+%{expand:%%kernel_modules_core_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}
%{-m:%{-m}}}\
%{expand:%%kernel_modules_standard_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}
%{-m:%{-m}}}\
%{expand:%%kernel_modules_extra_package %{?1:%{1}} %{!?{-n}:%{1}}%{?{-n}:%{-n*}}
%{-m:%{-m}}}\
%if %{-m:0}%{!-m:1}\
@@ -1319,6 +1349,7 @@ Provides: kernel%{?1:-%{1}}-modules-partner =
%{version}-%{release}%{?1:+%{1}}\
Provides: installonlypkg(kernel-module)\
Provides: kernel%{?1:-%{1}}-modules-partner-uname-r = %{KVERREL}%{?1:+%{1}}\
Requires: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\
+Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\
Requires: kernel%{?1:-%{1}}-modules-standard-uname-r = %{KVERREL}%{?1:+%{1}}\
AutoReq: no\
AutoProv: yes\
@@ -2173,8 +2204,8 @@ BuildKernel() {
# Make sure the files lists start with absolute paths or rpmbuild fails.
# Also add in the dir entries
sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/k-d.list >
../kernel${Variant:+-${Variant}}-modules-standard.list
- sed -e 's/^lib*/%dir \/lib/' %{?zipsed} $RPM_BUILD_ROOT/module-dirs.list >
../kernel${Variant:+-${Variant}}-core.list
- sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/modules.list >>
../kernel${Variant:+-${Variant}}-core.list
+ sed -e 's/^lib*/%dir \/lib/' %{?zipsed} $RPM_BUILD_ROOT/module-dirs.list >
../kernel${Variant:+-${Variant}}-modules-core.list
+ sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/modules.list >>
../kernel${Variant:+-${Variant}}-modules-core.list
sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/mod-extra.list >>
../kernel${Variant:+-${Variant}}-modules-extra.list
sed -e 's/^lib*/\/lib/' %{?zipsed} $RPM_BUILD_ROOT/mod-internal.list >>
../kernel${Variant:+-${Variant}}-modules-internal.list
%if 0%{!?fedora:1}
@@ -2839,6 +2870,19 @@ if [ -f
%{_localstatedir}/lib/rpm-state/%{name}/need_to_run_dracut_%{KVERREL}%{?
fi\
%{nil}
+#
+# This macro defines a %%post script for a kernel*-modules-core package.
+# It also defines a %%postun script that does the same thing.
+# %%kernel_modules_core_post [<subpackage>]
+#
+%define kernel_modules_core_post() \
+%{expand:%%post %{?1:%{1}-}modules-core}\
+/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\
+%{nil}\
+%{expand:%%postun %{?1:%{1}-}modules-core}\
+/sbin/depmod -a %{KVERREL}%{?1:+%{1}}\
+%{nil}
+
# This macro defines a %%posttrans script for a kernel package.
# %%kernel_variant_posttrans [<subpackage>]
# More text can follow to go at the end of this variant's %%post.
@@ -2866,6 +2910,7 @@ fi\
#
%define kernel_variant_post(v:r:) \
%{expand:%%kernel_devel_post %{?-v*}}\
+%{expand:%%kernel_modules_core_post %{?-v*}}\
%{expand:%%kernel_modules_standard_post %{?-v*}}\
%{expand:%%kernel_modules_extra_post %{?-v*}}\
%{expand:%%kernel_modules_internal_post %{?-v*}}\
@@ -3097,7 +3142,7 @@ fi
#
%define kernel_variant_files(k:) \
%if %{2}\
-%{expand:%%files -f kernel-%{?3:%{3}-}core.list %{?1:-f kernel-%{?3:%{3}-}ldsoconf.list}
%{?3:%{3}-}core}\
+%{expand:%%files %{?1:-f kernel-%{?3:%{3}-}ldsoconf.list} %{?3:%{3}-}core}\
%{!?_licensedir:%global license %%doc}\
%license linux-%{KVERREL}/COPYING-%{version}-%{release}\
/lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}\
@@ -3115,6 +3160,7 @@ fi
%ghost %attr(0600, root, root) /boot/symvers-%{KVERREL}%{?3:+%{3}}.gz\
%ghost %attr(0600, root, root) /boot/initramfs-%{KVERREL}%{?3:+%{3}}.img\
%ghost %attr(0644, root, root) /boot/config-%{KVERREL}%{?3:+%{3}}\
+%{expand:%%files -f kernel-%{?3:%{3}-}modules-core.list %{?3:%{3}-}modules-core}\
%dir /lib/modules\
%dir /lib/modules/%{KVERREL}%{?3:+%{3}}\
%dir /lib/modules/%{KVERREL}%{?3:+%{3}}/kernel\
@@ -3157,6 +3203,7 @@ fi
%files debug-core
%files debug-devel
%files debug-devel-matched
+%files debug-modules-core
%files debug-modules-standard
%files debug-modules-extra
%endif
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175
3:16 a.m.
New subject: [OS-BUILD PATCH 3/3] redhat: Add sub-RPM with a EFI unified kernel
image for
virtual machines
From: Vitaly Kuznetsov <vkuznets(a)redhat.com>
redhat: Add sub-RPM with a EFI unified kernel image for virtual machines
The new 'kernel-unified-virt' sub-RPM is added on x86_64 targets.
This contains an EFI application that provides a combined vmlinux,
initrd and cmdline, as a so called 'unified kernel image'. The
spec for this is defined by the boot loader specification
https://uapi-group.org/specifications/specs/boot_loader_specification/
The key benefit of a unified kernel is that its secure boot
signature covers the initrd and cmdline contents, allowing
a trustworthy measured boot process with attestation, which
is not practical with locally generated initrds/cmdlines.
Since the initrd is pre-generated its contents have to be
very generic, to be usable on a wide variety of deployments.
To make this problem tractable, the sub-RPM targets only
usage in virtual machines. With such a restriction, the
initrd only needs a very small set of block driver modules
present, in order to be usable across KVM, Hyper-V and Xen
hypervisors which will cover essentially all common public
and private clouds.
Similarly the kernel cmdline cannot contain any host specific
data, which means the root filesystem to mount needs to be
able to be automatically detected. A virtual machine image
intending to use this unified kernel package thus needs to
comply with the discoverable partitions specification:
https://uapi-group.org/specifications/specs/discoverable_partitions_speci...
Based-on-patch-by: Daniel P. Berrangé <berrange(a)redhat.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets(a)redhat.com>
diff --git a/redhat/Makefile b/redhat/Makefile
index blahblah..blahblah 100644
--- a/redhat/Makefile
+++ b/redhat/Makefile
@@ -639,6 +639,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source
dist-configs-check
../Makefile.rhelver \
README.rst \
kernel-local \
+ dracut-virt.conf \
$(SOURCES)/
@if [ "$(RELEASED_KERNEL)" -ne 0 ]; then \
cp keys/redhatsecureboot{301,501,ca5,ca1}.cer $(SOURCES)/; \
diff --git a/redhat/dracut-virt.conf b/redhat/dracut-virt.conf
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/dracut-virt.conf
@@ -0,0 +1,35 @@
+# generic + compressed please
+hostonly="no"
+compress="xz"
+
+# VMs can't update microcode anyway
+early_microcode="no"
+
+# modules: basics
+dracutmodules+=" base systemd systemd-initrd dracut-systemd dbus dbus-broker
usrmount shutdown "
+
+# modules: storage support
+dracutmodules+=" dm lvm rootfs-block fs-lib "
+
+# modules: tpm and crypto
+dracutmodules+=" crypt crypt-loop tpm2-tss "
+
+# drivers: virtual buses, pci
+drivers+=" virtio-pci virtio-mmio " # qemu-kvm
+drivers+=" hv-vmbus pci-hyperv " # hyperv
+drivers+=" xen-pcifront " # xen
+
+# drivers: storage
+drivers+=" ahci nvme scsi-hd scsi-cd " # generic
+drivers+=" virtio-blk virtio-scsi " # qemu-kvm
+drivers+=" hv-storvsc " # hyperv
+drivers+=" xen-blkfront " # xen
+
+# root encryption
+drivers+=" dm_crypt "
+
+# filesystems
+filesystems+=" vfat ext4 xfs overlay "
+
+# systemd-pcrphase
+install_items+=" /lib/systemd/system/systemd-pcrphase-initrd.service
/usr/lib/systemd/systemd-pcrphase
/usr/lib/systemd/system/initrd.target.wants/systemd-pcrphase-initrd.service "
diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template
index blahblah..blahblah 100755
--- a/redhat/kernel.spec.template
+++ b/redhat/kernel.spec.template
@@ -91,6 +91,12 @@ Summary: The Linux kernel
%global zipmodules 1
%endif
+%ifarch x86_64
+%global efiunified 1
+%else
+%global efiunified 0
+%endif
+
%if %{zipmodules}
%global zipsed -e 's/\.ko$/\.ko.xz/'
%endif
@@ -698,6 +704,18 @@ BuildRequires: llvm
BuildRequires: lld
%endif
+%if %{efiunified}
+BuildRequires: dracut
+# For dracut UEFI unified binaries
+BuildRequires: binutils
+# For the initrd
+BuildRequires: lvm2
+# For systemd-stub
+BuildRequires: systemd-udev >= 250-13
+# For TPM operations in UKI initramfs
+BuildRequires: tpm2-tools
+%endif
+
# Because this is the kernel, it's hard to get a single upstream URL
# to represent the base without needing to do a bunch of patching. This
# tarball is generated from a src-git tree. If you want to see the
@@ -825,6 +843,8 @@ Source82: update_scripts.sh
Source84: mod-internal.list
Source85: mod-partner.list
+Source86: dracut-virt.conf
+
Source100: rheldup3.x509
Source101: rhelkpatch1.x509
@@ -1333,6 +1353,13 @@ Requires: kernel-%{?1:%{1}-}-modules-core-uname-r =
%{KVERREL}%{?1:+%{1}}\
%endif\
%{expand:%%kernel_debuginfo_package %{?1:%{1}}}\
%endif\
+%if %{efiunified}\
+%package %{?1:%{1}-}unified-virt\
+Summary: %{variant_summary} unified kernel image for virtual machines\
+Requires: kernel%{?1:-%{1}}-modules-core-uname-r = %{KVERREL}%{?1:+%{1}}\
+Provides: kernel-uname-r = %{KVERREL}%{?1:+%{1}}\
+Provides: installonlypkg(kernel)\
+%endif\
%{nil}
#
@@ -1402,6 +1429,14 @@ Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.
+%if %{efiunified}
+%description debug-unified-virt
+Prebuilt debug unified kernel image for virtual machines.
+
+%description unified-virt
+Prebuilt default unified kernel image for virtual machines.
+%endif
+
%if %{with_ipaclones}
%kernel_ipaclones_package
%endif
@@ -2182,6 +2217,46 @@ BuildKernel() {
touch lib/modules/$KernelVer/modules.builtin
fi
+ popd
+
+ %if %{efiunified}
+
+
KernelUnifiedImageDir="$RPM_BUILD_ROOT/%{image_install_path}/efi/EFI/Linux"
+
KernelUnifiedImage="$KernelUnifiedImageDir/$InstallName-$KernelVer-virt.efi"
+
+ mkdir -p $KernelUnifiedImageDir
+
+ dracut --conf=%{SOURCE86} \
+ --confdir=$(mktemp -d) \
+ --verbose \
+ --kver "$KernelVer" \
+ --kmoddir "$RPM_BUILD_ROOT/lib/modules/$KernelVer/" \
+ --logfile=$(mktemp) \
+ --uefi \
+ --kernel-image $(realpath $KernelImage) \
+ --kernel-cmdline 'console=tty0 console=ttyS0 earlyprintk=ttyS0' \
+ $KernelUnifiedImage
+
+ %if %{signkernel}
+
+ %pesign -s -i $KernelUnifiedImage -o $KernelUnifiedImage.tmp -a %{secureboot_ca_0} -c
%{secureboot_key_0} -n %{pesign_name_0}
+ %pesign -s -i $KernelUnifiedImage.tmp -o $KernelUnifiedImage.signed -a
%{secureboot_ca_1} -c %{secureboot_key_1} -n %{pesign_name_1}
+ rm -f $KernelUnifiedImage.tmp
+
+ if [ ! -s $KernelUnifiedImage.signed ]; then
+ echo "pesigning failed"
+ exit 1
+ fi
+ mv $KernelUnifiedImage.signed $KernelUnifiedImage
+
+ # signkernel
+ %endif
+
+ # efiunified
+ %endif
+
+ pushd $RPM_BUILD_ROOT
+
remove_depmod_files
# Go back and find all of the various directories in the tree. We use this
@@ -3190,6 +3265,10 @@ fi
%{expand:%%files -f debuginfo%{?3}.list %{?3:%{3}-}debuginfo}\
%endif\
%endif\
+%if %{efiunified}\
+%{expand:%%files %{?3:%{3}-}unified-virt}\
+/%{image_install_path}/efi/EFI/Linux/%{?-k:%{-k*}}%{!?-k:vmlinuz}-%{KVERREL}%{?3:+%{3}}-virt.efi\
+%endif\
%if %{?3:1} %{!?3:0}\
%{expand:%%files %{3}}\
%endif\
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175
7:46 a.m.
New subject: [OS-BUILD PATCH 0/3] redhat: Add sub-RPM with a EFI unified
kernel image
for virtual machines
From: Justin M. Forbes on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175#note_1226...
This shouldn't come out of draft until it has been approved from FESCo.
I still do not approve of renaming kernel-modules to kernel-modules-standard
for no actual gain or reason
8:29 a.m.
New subject: [OS-BUILD PATCH 0/3] redhat: Add sub-RPM with a EFI unified
kernel image
for virtual machines
From: Vitaly Kuznetsov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175#note_1226...
Sure, I can move this back to Draft for the time being, no problem. Basically,
I wanted ARK to match CS9 (https://gitlab.com/redhat/centos-
stream/src/kernel/centos-stream-9/-/merge_requests/1736).
Regarding 'kernel-modules' rename, I'll leave it to @kraxel :-) Personally, I
think that 'kernel-modules-standard' is a bit less ambiguous after we
introduce 'kernel-modules-core' but we can certainly live without the rename.
8:48 a.m.
New subject: [OS-BUILD PATCH 0/3] redhat: Add sub-RPM with a EFI unified
kernel image
for virtual machines
From: Vitaly Kuznetsov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175#note_1226...
I've actually missed that Gerd dropped the renaming patch from his MR,
updating here too.
8:51 a.m.
New subject: [OS-BUILD PATCH 0/3] redhat: Add sub-RPM with a EFI unified
kernel image
for virtual machines
From: Justin M. Forbes on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175#note_1226...
https://lists.fedoraproject.org/archives/list/kernel@lists.fedoraproject....
hread/HDANRFTC3JIHMSSJYL5Z5H4RM2ULZYZY/#E42HQLKEODQBZZP5LDNVBCDH5N32XHX5 That
was the reason, and it does seem that UKIs would need to follow suit in the
spirit of the change.
9:44 a.m.
New subject: [OS-BUILD PATCH 0/3] redhat: Add sub-RPM with a EFI unified
kernel image
for virtual machines
From: Vitaly Kuznetsov on gitlab.com
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2175#note_1226...
Thanks for the pointer! Indeed, in case we still want the whole install to go
under /usr, UKIs should be there too.
478
days inactive
478
days old
kernel@lists.fedoraproject.org
8 comments
2 participants
participants (2)
-
Justin M. Forbes (via Email Bridge) -
Vitaly Kuznetsov (via Email Bridge)