pkg: fedora: Remove old package setup

pkg/fedora/kernel-surface/0001-Add-secureboot-pre-signing-to-the-kernel.patch

@@ -1,87 +0,0 @@
-From 4d40b8001ac67866e49659211163ebcc0b17dd73 Mon Sep 17 00:00:00 2001
-From: Dorian Stoll <dorian.stoll@tmsp.io>
-Date: Sun, 22 Sep 2019 22:44:16 +0200
-Subject: [PATCH] Add secureboot pre-signing to the kernel
-
-If it detects a secure boot certificate at `keys/MOK.key` and `keys/MOK.cer`,
-the kernel Makefile will automatically sign the vmlinux / bzImage file that
-gets generated, and that is then used in packaging.
-
-By integrating it into the kernel build system directly, it is fully integrated
-with targets like `make deb-pkg` (opposed to `make all`, sign, `make bindeb-pkg`)
-and it gets added to every tree by the same mechanism that is used to apply the
-other surface patches anyways.
-
-Signed-off-by: Dorian Stoll <dorian.stoll@tmsp.io>
----
- .gitignore             |  3 +++
- arch/x86/Makefile      |  1 +
- scripts/sign_kernel.sh | 30 ++++++++++++++++++++++++++++++
- 3 files changed, 34 insertions(+)
- create mode 100755 scripts/sign_kernel.sh
-
-diff --git a/.gitignore b/.gitignore
-index 2030c7a4d2f8..f0705ecd9340 100644
---- a/.gitignore
-+++ b/.gitignore
-@@ -132,6 +132,9 @@ signing_key.priv
- signing_key.x509
- x509.genkey
- 
-+# Secureboot certificate
-+/keys/
-+
- # Kconfig presets
- /all.config
- /alldef.config
-diff --git a/arch/x86/Makefile b/arch/x86/Makefile
-index 94df0868804b..2c7b7829f0c2 100644
---- a/arch/x86/Makefile
-+++ b/arch/x86/Makefile
-@@ -284,6 +284,7 @@ endif
- 	$(Q)$(MAKE) $(build)=$(boot) $(KBUILD_IMAGE)
- 	$(Q)mkdir -p $(objtree)/arch/$(UTS_MACHINE)/boot
- 	$(Q)ln -fsn ../../x86/boot/bzImage $(objtree)/arch/$(UTS_MACHINE)/boot/$@
-+	$(Q)$(srctree)/scripts/sign_kernel.sh $(objtree)/arch/$(UTS_MACHINE)/boot/$@
- 
- $(BOOT_TARGETS): vmlinux
- 	$(Q)$(MAKE) $(build)=$(boot) $@
-diff --git a/scripts/sign_kernel.sh b/scripts/sign_kernel.sh
-new file mode 100755
-index 000000000000..d2526a279254
---- /dev/null
-+++ b/scripts/sign_kernel.sh
-@@ -0,0 +1,30 @@
-+#!/bin/sh
-+# SPDX-License-Identifier: GPL-2.0
-+
-+# The path to the compiled kernel image is passed as the first argument
-+BUILDDIR=$(dirname $(dirname $0))
-+VMLINUX=$1
-+
-+# Keys are stored in a toplevel directory called keys
-+# The following files need to be there:
-+#     * MOK.priv  (private key)
-+#     * MOK.pem   (public key)
-+#
-+# If the files don't exist, this script will do nothing.
-+if [ ! -f "$BUILDDIR/keys/MOK.key" ]; then
-+    exit 0
-+fi
-+if [ ! -f "$BUILDDIR/keys/MOK.crt" ]; then
-+    exit 0
-+fi
-+
-+# Both required certificates were found. Check if sbsign is installed.
-+echo "Keys for automatic secureboot signing found."
-+if [ ! -x "$(command -v sbsign)" ]; then
-+    echo "ERROR: sbsign not found!"
-+    exit -2
-+fi
-+
-+# Sign the kernel
-+sbsign --key $BUILDDIR/keys/MOK.key --cert $BUILDDIR/keys/MOK.crt \
-+    --output $VMLINUX $VMLINUX
--- 
-2.23.0
-

pkg/fedora/kernel-surface/fedora.config

@@ -1,10 +0,0 @@
-##
-## Forcefully disable debug symbols
-##
-
-CONFIG_DEBUG_INFO_NONE=y
-# CONFIG_DEBUG_INFO is not set
-# CONFIG_DEBUG_INFO_BTF is not set
-# CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set
-# CONFIG_DEBUG_INFO_DWARF4 is not set
-# CONFIG_DEBUG_INFO_DWARF5 is not set

pkg/fedora/kernel-surface/kernel-surface.spec

@@ -1,363 +0,0 @@
-#
-# Definitions to configure the kernel we want to build
-#
-
-%global kernel_tag_fc38 kernel-6.3.5-200.fc38
-%global kernel_tag_fc37 kernel-6.3.5-100.fc37
-
-%global kernel_release_fc38 1
-%global kernel_release_fc37 1
-
-# This is what is printed in the GRUB menu. These cannot be fetched from the
-# buildhost, because in a container this will also say container. To get the
-# same text as the default kernels, just hardcode it. Hey, this is important!
-%global fedora_title_fc37 38 (Thirty Eight)
-%global fedora_title_fc37 37 (Thirty Seven)
-
-%global ls_patches_commit f6d9315b8a3ecaee9f1575d8860a46cf44e79607
-
-%global sb_crt surface.crt
-%global sb_key surface.key
-
-#
-# Definitions that get automatically generated from the ones above
-#
-
-%global kernel_tag %{kernel_tag_fc%{fedora}}
-%global kernel_release %{kernel_release_fc%{fedora}}
-%global fedora_title %{fedora_title_fc%{fedora}}
-
-%global kernel_version %(echo %{kernel_tag} | cut -d'-' -f2)
-%global kernel_majorver %(echo %{kernel_version} | cut -d'.' -f1-2)
-%global kernel_patches patches/%{kernel_majorver}
-
-%global kernel_localversion %{kernel_release}.surface%{?dist}.%{_target_cpu}
-%global kernel_config kernel-%{kernel_version}-%{_target_cpu}.config
-%global kernel_name %{kernel_version}-%{kernel_localversion}
-
-%global fedora_source https://github.com/StollD/linux-fedora
-%global surface_source https://raw.githubusercontent.com/linux-surface/linux-surface/%{ls_patches_commit}
-
-%global kernel_modpath %{buildroot}/lib/modules/%{kernel_name}
-
-#
-# Actual specfile starts here
-#
-
-%bcond_with signkernel
-
-Name:       kernel-surface
-Summary:    The Linux Kernel with patches for Microsoft Surface
-Version:    %{kernel_version}
-Release:    %{kernel_release}%{?dist}
-License:    GPLv2
-URL:        https://github.com/linux-surface/linux-surface
-
-Provides: installonlypkg(kernel-surface)
-Provides: kernel-uname-r = %{kernel_name}
-Provides: kernel-core-uname-r = %{kernel_name}
-Provides: kernel-modules-uname-r = %{kernel_name}
-
-Recommends: iptsd
-
-Requires(pre): coreutils, systemd >= 203-2, /usr/bin/kernel-install
-Requires(pre): dracut >= 027
-Requires(pre): linux-firmware >= 20150904-56.git6ebf5d57
-Requires(preun): systemd >= 200
-
-BuildRequires: openssl openssl-devel
-BuildRequires: kmod, patch, bash, tar, git-core, sbsigntools
-BuildRequires: bzip2, xz, findutils, gzip, m4, perl-interpreter,
-BuildRequires: perl-Carp, perl-devel, perl-generators, make, diffutils,
-BuildRequires: gawk, gcc, binutils, redhat-rpm-config, hmaccalc, bison
-BuildRequires: flex, net-tools, hostname, bc, elfutils-devel
-BuildRequires: gcc-plugin-devel dwarves
-
-# Used to mangle unversioned shebangs to be Python 3
-BuildRequires: python3-devel
-
-Conflicts: xfsprogs < 4.3.0-1
-Conflicts: xorg-x11-drv-vmmouse < 13.0.99
-BuildConflicts: rhbuildsys(DiskFree) < 500Mb
-BuildConflicts: rpm < 4.13.0.1-19
-BuildConflicts: dwarves < 1.13
-
-Source0:    %{fedora_source}/archive/%{kernel_tag}.tar.gz
-Source1:    %{surface_source}/configs/surface-%{kernel_majorver}.config
-Source2:    fedora.config
-
-%if %{with signkernel}
-Source20:   %{sb_crt}
-Source21:   %{sb_key}
-%endif
-
-Source100:  mod-sign.sh
-Source101:  parallel_xz.sh
-
-Patch0:     %{surface_source}/%{kernel_patches}/0001-surface3-oemb.patch
-Patch1:     %{surface_source}/%{kernel_patches}/0002-mwifiex.patch
-Patch2:     %{surface_source}/%{kernel_patches}/0003-ath10k.patch
-Patch3:     %{surface_source}/%{kernel_patches}/0004-ipts.patch
-Patch4:     %{surface_source}/%{kernel_patches}/0005-ithc.patch
-Patch5:     %{surface_source}/%{kernel_patches}/0006-surface-sam.patch
-Patch6:     %{surface_source}/%{kernel_patches}/0007-surface-sam-over-hid.patch
-Patch7:     %{surface_source}/%{kernel_patches}/0008-surface-button.patch
-Patch8:     %{surface_source}/%{kernel_patches}/0009-surface-typecover.patch
-Patch9:     %{surface_source}/%{kernel_patches}/0010-surface-shutdown.patch
-Patch10:    %{surface_source}/%{kernel_patches}/0011-surface-gpe.patch
-Patch11:    %{surface_source}/%{kernel_patches}/0012-cameras.patch
-Patch12:    %{surface_source}/%{kernel_patches}/0013-amd-gpio.patch
-Patch13:    %{surface_source}/%{kernel_patches}/0014-rtc.patch
-
-Patch100:   0001-Add-secureboot-pre-signing-to-the-kernel.patch
-
-ExclusiveArch: x86_64
-
-%global debug_package %{nil}
-%global _build_id_links alldebug
-
-%description
-The Linux Kernel, the operating system core itself, with support for
-Microsoft Surface.
-
-%package devel
-Summary: Development package for building kernel modules for kernel-surface
-AutoReqProv: no
-Provides: installonlypkg(kernel-surface)
-Provides: kernel-devel-uname-r = %{kernel_name}
-
-%description devel
-This package provides kernel headers and makefiles sufficient to build modules
-against the kernel-surface package.
-
-%prep
-%autosetup -S git -n linux-fedora-%{kernel_tag}
-
-# Fix missing Makefile.rhelver
-touch Makefile.rhelver
-
-scripts/kconfig/merge_config.sh         \
-	fedora/configs/%{kernel_config} \
-	%{SOURCE1}                      \
-	%{SOURCE2}
-
-echo $((%{kernel_release} - 1)) > .version
-
-# Copy secureboot certificates if they are available
-%if %{with signkernel}
-mkdir -p keys
-cp %{SOURCE20} keys/MOK.crt
-cp %{SOURCE21} keys/MOK.key
-%endif
-
-# This Prevents scripts/setlocalversion from mucking with our version numbers.
-touch .scmversion
-
-# Mangle /usr/bin/python shebangs to /usr/bin/python3
-# Mangle all Python shebangs to be Python 3 explicitly
-# -p preserves timestamps
-# -n prevents creating ~backup files
-# -i specifies the interpreter for the shebang
-# This fixes errors such as
-# *** ERROR: ambiguous python shebang in /usr/bin/kvm_stat: #!/usr/bin/python. Change it to python3 (or python2) explicitly.
-# We patch all sources below for which we got a report/error.
-pathfix.py -i "%{__python3} %{py3_shbang_opts}" -p -n \
-	tools/kvm/kvm_stat/kvm_stat \
-	scripts/show_delta \
-	scripts/diffconfig \
-	scripts/bloat-o-meter \
-	scripts/jobserver-exec \
-	tools \
-	Documentation \
-	scripts/clang-tools
-
-%build
-
-# This ensures build-ids are unique to allow parallel debuginfo
-perl -p -i -e "s/^CONFIG_BUILD_SALT.*/CONFIG_BUILD_SALT=\"%{kernel_name}\"/" .config
-
-make %{?_smp_mflags} all LOCALVERSION=-%{kernel_localversion} ARCH=%{_target_cpu}
-
-%define __modsign_install_post \
-  %{SOURCE100} certs/signing_key.pem certs/signing_key.x509 %{kernel_modpath} \
-  find %{kernel_modpath} -type f -name '*.ko' | %{SOURCE101} %{?_smp_mflags}; \
-%{nil}
-
-#
-# Disgusting hack alert! We need to ensure we sign modules *after* all
-# invocations of strip occur.
-#
-%define __spec_install_post \
-  %{?__debug_package:%{__debug_install_post}}\
-  %{__arch_install_post}\
-  %{__os_install_post}\
-  %{__modsign_install_post}
-
-%install
-mkdir -p %{buildroot}/boot
-
-# Install modules
-make %{?_smp_mflags} INSTALL_MOD_PATH=%{buildroot} modules_install KERNELRELEASE=%{kernel_name}
-
-# Install vmlinuz
-image_name=$(make -s image_name)
-install -m 755 $image_name %{buildroot}/boot/vmlinuz-%{kernel_name}
-install -m 755 $image_name %{kernel_modpath}/vmlinuz
-
-# Install System.map and .config
-install -m 644 System.map %{kernel_modpath}/System.map
-install -m 644 System.map %{buildroot}/boot/System.map-%{kernel_name}
-install -m 644 .config %{kernel_modpath}/config
-install -m 644 .config %{buildroot}/boot/config-%{kernel_name}
-
-# hmac sign the kernel for FIPS
-sha512hmac %{buildroot}/boot/vmlinuz-%{kernel_name} | sed -e "s,%{buildroot},," > %{kernel_modpath}/.vmlinuz.hmac
-cp %{kernel_modpath}/.vmlinuz.hmac %{buildroot}/boot/.vmlinuz-%{kernel_name}.hmac
-
-# mark modules executable so that strip-to-file can strip them
-find %{kernel_modpath} -name "*.ko" -type f | xargs --no-run-if-empty chmod u+x
-
-# Setup directories for -devel files
-rm -f %{kernel_modpath}/build
-rm -f %{kernel_modpath}/source
-mkdir -p %{kernel_modpath}/build
-pushd %{kernel_modpath}
-	ln -s build source
-popd
-
-# first copy everything
-cp --parents $(find  -type f -name "Makefile*" -o -name "Kconfig*") %{kernel_modpath}/build
-cp Module.symvers %{kernel_modpath}/build
-cp System.map %{kernel_modpath}/build
-if [ -s Module.markers ]; then
-	cp Module.markers %{kernel_modpath}/build
-fi
-
-# then drop all but the needed Makefiles/Kconfig files
-rm -rf %{kernel_modpath}/build/scripts
-rm -rf %{kernel_modpath}/build/include
-cp .config %{kernel_modpath}/build
-cp -a scripts %{kernel_modpath}/build
-rm -rf %{kernel_modpath}/build/scripts/tracing
-rm -f %{kernel_modpath}/build/scripts/spdxcheck.py
-
-if [ -f tools/objtool/objtool ]; then
-	cp -a tools/objtool/objtool %{kernel_modpath}/build/tools/objtool/ || :
-
-	# these are a few files associated with objtool
-	cp -a --parents tools/build/Build.include %{kernel_modpath}/build/
-	cp -a --parents tools/build/Build %{kernel_modpath}/build/
-	cp -a --parents tools/build/fixdep.c %{kernel_modpath}/build/
-	cp -a --parents tools/scripts/utilities.mak %{kernel_modpath}/build/
-
-	# also more than necessary but it's not that many more files
-	cp -a --parents tools/objtool/* %{kernel_modpath}/build/
-	cp -a --parents tools/lib/str_error_r.c %{kernel_modpath}/build/
-	cp -a --parents tools/lib/string.c %{kernel_modpath}/build/
-	cp -a --parents tools/lib/subcmd/* %{kernel_modpath}/build/
-fi
-
-if [ -d arch/x86/scripts ]; then
-	cp -a arch/x86/scripts %{kernel_modpath}/build/arch/x86/ || :
-fi
-
-if [ -f arch/x86/*lds ]; then
-	cp -a arch/x86/*lds %{kernel_modpath}/build/arch/x86/ || :
-fi
-
-if [ -f arch/x86/kernel/module.lds ]; then
-	cp -a --parents arch/x86/kernel/module.lds %{kernel_modpath}/build/
-fi
-
-rm -f %{kernel_modpath}/build/scripts/*.o
-rm -f %{kernel_modpath}/build/scripts/*/*.o
-
-if [ -d arch/x86/include ]; then
-	cp -a --parents arch/x86/include %{kernel_modpath}/build/
-fi
-
-cp -a include %{kernel_modpath}/build/include
-
-# files for 'make prepare' to succeed with kernel-devel
-cp -a --parents arch/x86/entry/syscalls/syscall_32.tbl %{kernel_modpath}/build/
-cp -a --parents arch/x86/entry/syscalls/syscall_64.tbl %{kernel_modpath}/build/
-cp -a --parents arch/x86/tools/relocs_32.c %{kernel_modpath}/build/
-cp -a --parents arch/x86/tools/relocs_64.c %{kernel_modpath}/build/
-cp -a --parents arch/x86/tools/relocs.c %{kernel_modpath}/build/
-cp -a --parents arch/x86/tools/relocs_common.c %{kernel_modpath}/build/
-cp -a --parents arch/x86/tools/relocs.h %{kernel_modpath}/build/
-
-cp -a --parents scripts/syscalltbl.sh %{kernel_modpath}/build/
-cp -a --parents scripts/syscallhdr.sh %{kernel_modpath}/build/
-
-# Yes this is more includes than we probably need. Feel free to sort out
-# dependencies if you so choose.
-cp -a --parents tools/include/* %{kernel_modpath}/build/
-cp -a --parents arch/x86/purgatory/purgatory.c %{kernel_modpath}/build/
-cp -a --parents arch/x86/purgatory/stack.S %{kernel_modpath}/build/
-cp -a --parents arch/x86/purgatory/setup-x86_64.S %{kernel_modpath}/build/
-cp -a --parents arch/x86/purgatory/entry64.S %{kernel_modpath}/build/
-cp -a --parents arch/x86/boot/string.h %{kernel_modpath}/build/
-cp -a --parents arch/x86/boot/string.c %{kernel_modpath}/build/
-cp -a --parents arch/x86/boot/ctype.h %{kernel_modpath}/build/
-
-# Make sure the Makefile, version.h, and auto.conf have a matching
-# timestamp so that external modules can be built
-
-touch -r %{kernel_modpath}/build/Makefile \
-	%{kernel_modpath}/build/include/generated/uapi/linux/version.h \
-	%{kernel_modpath}/build/include/config/auto.conf
-
-mkdir -p %{buildroot}/usr/src/kernels
-mv %{kernel_modpath}/build %{buildroot}/usr/src/kernels/%{kernel_name}
-
-# This is going to create a broken link during the build, but we don't use
-# it after this point.  We need the link to actually point to something
-# when kernel-devel is installed, and a relative link doesn't work across
-# the F17 UsrMove feature.
-ln -sf /usr/src/kernels/%{kernel_name} %{kernel_modpath}/build
-
-# prune junk from kernel-devel
-find %{buildroot}/usr/src/kernels -name ".*.cmd" -delete
-
-# remove files that will be auto generated by depmod at rpm -i time
-pushd %{kernel_modpath}
-	rm -f modules.{alias*,builtin.bin,dep*,*map,symbols*,devname,softdep}
-popd
-
-# build a BLS config for this kernel
-cat >%{kernel_modpath}/bls.conf <<EOF
-title Fedora (%{kernel_name}) %{fedora_title}
-version %{kernel_name}
-linux /vmlinuz-%{kernel_name}
-initrd /initramfs-%{kernel_name}.img
-options \$kernelopts
-grub_users \$grub_users
-grub_arg --unrestricted
-grub_class kernel
-EOF
-
-%clean
-rm -rf %{buildroot}
-
-%posttrans
-/bin/kernel-install add %{kernel_name} /lib/modules/%{kernel_name}/vmlinuz || exit $?
-
-%preun
-/bin/kernel-install remove %{kernel_name} /lib/modules/%{kernel_name}/vmlinuz || exit $?
-
-%files
-%defattr (-, root, root)
-/lib/modules/%{kernel_name}
-%ghost /boot/vmlinuz-%{kernel_name}
-%ghost /boot/config-%{kernel_name}
-%ghost /boot/System.map-%{kernel_name}
-%ghost /boot/.vmlinuz-%{kernel_name}.hmac
-
-%files devel
-%defattr (-, root, root)
-/usr/src/kernels/%{kernel_name}
-
-%changelog
-* Thu Jan 09 2020 Dorian Stoll <dorian.stoll@tmsp.io>
-- Initial version

pkg/fedora/kernel-surface/mod-sign.sh

@@ -1,36 +0,0 @@
-#! /bin/bash
-
-# The modules_sign target checks for corresponding .o files for every .ko that
-# is signed. This doesn't work for package builds which re-use the same build
-# directory for every flavour, and the .config may change between flavours.
-# So instead of using this script to just sign lib/modules/$KernelVer/extra,
-# sign all .ko in the buildroot.
-
-# This essentially duplicates the 'modules_sign' Kbuild target and runs the
-# same commands for those modules.
-
-MODSECKEY=$1
-MODPUBKEY=$2
-
-moddir=$3
-
-modules=`find $moddir -name *.ko`
-
-for mod in $modules
-do
-    dir=`dirname $mod`
-    file=`basename $mod`
-
-    ./scripts/sign-file sha256 ${MODSECKEY} ${MODPUBKEY} ${dir}/${file}
-    rm -f ${dir}/${file}.{sig,dig}
-done
-
-RANDOMMOD=$(find $moddir -type f -name '*.ko' | sort -R | head -n 1)
-if [ "~Module signature appended~" != "$(tail -c 28 $RANDOMMOD)" ]; then
-    echo "*****************************"
-    echo "*** Modules are unsigned! ***"
-    echo "*****************************"
-    exit 1
-fi
-
-exit 0

pkg/fedora/kernel-surface/parallel_xz.sh

@@ -1,26 +0,0 @@
-#!/bin/sh
-# Reads filenames on stdin, xz-compresses each in place.
-# Not optimal for "compress relatively few, large files" scenario!
-
-# How many xz's to run in parallel:
-procgroup=""
-while test "$#" != 0; do
-	# Get it from -jNUM
-	N="${1#-j}"
-	if test "$N" = "$1"; then
-		# Not -j<something> - warn and ignore
-		echo "parallel_xz: warning: unrecognized argument: '$1'"
-	else
-		procgroup="$N"
-	fi
-	shift
-done
-
-# If told to use only one cpu:
-test "$procgroup" || exec xargs -r xz
-test "$procgroup" = 1 && exec xargs -r xz
-
-# xz has some startup cost. If files are really small,
-# this cost might be significant. To combat this,
-# process several files (in sequence) by each xz process via -n 16:
-exec xargs -r -n 16 -P $procgroup xz