0ct0pu5
/
linux-surface


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363
							#
# Definitions to configure the kernel we want to build
#

%global kernel_tag_fc37 kernel-5.19.15-301.fc37
%global kernel_tag_fc36 kernel-5.19.15-201.fc36
%global kernel_tag_fc35 kernel-5.19.15-101.fc35

%global kernel_release_fc37 1
%global kernel_release_fc36 1
%global kernel_release_fc35 1

# This is what is printed in the GRUB menu. These cannot be fetched from the
# buildhost, because in a container this will also say container. To get the
# same text as the default kernels, just hardcode it. Hey, this is important!
%global fedora_title_fc37 37 (Thirty Seven)
%global fedora_title_fc36 36 (Thirty Six)
%global fedora_title_fc35 35 (Thirty Five)

%global ls_patches_commit ecaea8b979eb1d0552c557306d00354b80fa8acd

%global sb_crt surface.crt
%global sb_key surface.key

#
# Definitions that get automatically generated from the ones above
#

%global kernel_tag %{kernel_tag_fc%{fedora}}
%global kernel_release %{kernel_release_fc%{fedora}}
%global fedora_title %{fedora_title_fc%{fedora}}

%global kernel_version %(echo %{kernel_tag} | cut -d'-' -f2)
%global kernel_majorver %(echo %{kernel_version} | cut -d'.' -f1-2)
%global kernel_patches patches/%{kernel_majorver}

%global kernel_localversion %{kernel_release}.surface%{?dist}.%{_target_cpu}
%global kernel_config kernel-%{kernel_version}-%{_target_cpu}.config
%global kernel_name %{kernel_version}-%{kernel_localversion}

%global fedora_source https://github.com/StollD/linux-fedora
%global surface_source https://raw.githubusercontent.com/linux-surface/linux-surface/%{ls_patches_commit}

%global kernel_modpath %{buildroot}/lib/modules/%{kernel_name}

#
# Actual specfile starts here
#

%bcond_with signkernel

Name:       kernel-surface
Summary:    The Linux Kernel with patches for Microsoft Surface
Version:    %{kernel_version}
Release:    %{kernel_release}%{?dist}
License:    GPLv2
URL:        https://github.com/linux-surface/linux-surface

Provides: installonlypkg(kernel-surface)
Provides: kernel-uname-r = %{kernel_name}
Provides: kernel-core-uname-r = %{kernel_name}
Provides: kernel-modules-uname-r = %{kernel_name}

Recommends: iptsd

Requires(pre): coreutils, systemd >= 203-2, /usr/bin/kernel-install
Requires(pre): dracut >= 027
Requires(pre): linux-firmware >= 20150904-56.git6ebf5d57
Requires(preun): systemd >= 200

BuildRequires: openssl openssl-devel
BuildRequires: kmod, patch, bash, tar, git-core, sbsigntools
BuildRequires: bzip2, xz, findutils, gzip, m4, perl-interpreter,
BuildRequires: perl-Carp, perl-devel, perl-generators, make, diffutils,
BuildRequires: gawk, gcc, binutils, redhat-rpm-config, hmaccalc, bison
BuildRequires: flex, net-tools, hostname, bc, elfutils-devel
BuildRequires: gcc-plugin-devel dwarves

# Used to mangle unversioned shebangs to be Python 3
BuildRequires: python3-devel

Conflicts: xfsprogs < 4.3.0-1
Conflicts: xorg-x11-drv-vmmouse < 13.0.99
BuildConflicts: rhbuildsys(DiskFree) < 500Mb
BuildConflicts: rpm < 4.13.0.1-19
BuildConflicts: dwarves < 1.13

Source0:    %{fedora_source}/archive/%{kernel_tag}.tar.gz
Source1:    %{surface_source}/configs/surface-%{kernel_majorver}.config
Source2:    fedora.config

%if %{with signkernel}
Source20:   %{sb_crt}
Source21:   %{sb_key}
%endif

Source100:  mod-sign.sh
Source101:  parallel_xz.sh

Patch0:     %{surface_source}/%{kernel_patches}/0001-surface3-oemb.patch
Patch1:     %{surface_source}/%{kernel_patches}/0002-mwifiex.patch
Patch2:     %{surface_source}/%{kernel_patches}/0003-ath10k.patch
Patch3:     %{surface_source}/%{kernel_patches}/0004-ipts.patch
Patch4:     %{surface_source}/%{kernel_patches}/0005-surface-sam.patch
Patch5:     %{surface_source}/%{kernel_patches}/0006-surface-sam-over-hid.patch
Patch6:     %{surface_source}/%{kernel_patches}/0007-surface-button.patch
Patch7:     %{surface_source}/%{kernel_patches}/0008-surface-typecover.patch
Patch8:     %{surface_source}/%{kernel_patches}/0009-surface-gpe.patch
Patch9:     %{surface_source}/%{kernel_patches}/0010-cameras.patch
Patch10:    %{surface_source}/%{kernel_patches}/0011-amd-gpio.patch

Patch100:   0001-Add-secureboot-pre-signing-to-the-kernel.patch

ExclusiveArch: x86_64

%global debug_package %{nil}
%global _build_id_links alldebug

%description
The Linux Kernel, the operating system core itself, with support for
Microsoft Surface.

%package devel
Summary: Development package for building kernel modules for kernel-surface
AutoReqProv: no
Provides: installonlypkg(kernel-surface)
Provides: kernel-devel-uname-r = %{kernel_name}

%description devel
This package provides kernel headers and makefiles sufficient to build modules
against the kernel-surface package.

%prep
%autosetup -S git -n linux-fedora-%{kernel_tag}

# Fix missing Makefile.rhelver
touch Makefile.rhelver

scripts/kconfig/merge_config.sh         \
	fedora/configs/%{kernel_config} \
	%{SOURCE1}                      \
	%{SOURCE2}

echo $((%{kernel_release} - 1)) > .version

# Copy secureboot certificates if they are available
%if %{with signkernel}
mkdir -p keys
cp %{SOURCE20} keys/MOK.crt
cp %{SOURCE21} keys/MOK.key
%endif

# This Prevents scripts/setlocalversion from mucking with our version numbers.
touch .scmversion

# Mangle /usr/bin/python shebangs to /usr/bin/python3
# Mangle all Python shebangs to be Python 3 explicitly
# -p preserves timestamps
# -n prevents creating ~backup files
# -i specifies the interpreter for the shebang
# This fixes errors such as
# *** ERROR: ambiguous python shebang in /usr/bin/kvm_stat: #!/usr/bin/python. Change it to python3 (or python2) explicitly.
# We patch all sources below for which we got a report/error.
pathfix.py -i "%{__python3} %{py3_shbang_opts}" -p -n \
	tools/kvm/kvm_stat/kvm_stat \
	scripts/show_delta \
	scripts/diffconfig \
	scripts/bloat-o-meter \
	scripts/jobserver-exec \
	tools \
	Documentation \
	scripts/clang-tools

%build

# This ensures build-ids are unique to allow parallel debuginfo
perl -p -i -e "s/^CONFIG_BUILD_SALT.*/CONFIG_BUILD_SALT=\"%{kernel_name}\"/" .config

make %{?_smp_mflags} all LOCALVERSION=-%{kernel_localversion} ARCH=%{_target_cpu}

%define __modsign_install_post \
  %{SOURCE100} certs/signing_key.pem certs/signing_key.x509 %{kernel_modpath} \
  find %{kernel_modpath} -type f -name '*.ko' | %{SOURCE101} %{?_smp_mflags}; \
%{nil}

#
# Disgusting hack alert! We need to ensure we sign modules *after* all
# invocations of strip occur.
#
%define __spec_install_post \
  %{?__debug_package:%{__debug_install_post}}\
  %{__arch_install_post}\
  %{__os_install_post}\
  %{__modsign_install_post}

%install
mkdir -p %{buildroot}/boot

# Install modules
make %{?_smp_mflags} INSTALL_MOD_PATH=%{buildroot} modules_install KERNELRELEASE=%{kernel_name}

# Install vmlinuz
image_name=$(make -s image_name)
install -m 755 $image_name %{buildroot}/boot/vmlinuz-%{kernel_name}
install -m 755 $image_name %{kernel_modpath}/vmlinuz

# Install System.map and .config
install -m 644 System.map %{kernel_modpath}/System.map
install -m 644 System.map %{buildroot}/boot/System.map-%{kernel_name}
install -m 644 .config %{kernel_modpath}/config
install -m 644 .config %{buildroot}/boot/config-%{kernel_name}

# hmac sign the kernel for FIPS
sha512hmac %{buildroot}/boot/vmlinuz-%{kernel_name} | sed -e "s,%{buildroot},," > %{kernel_modpath}/.vmlinuz.hmac
cp %{kernel_modpath}/.vmlinuz.hmac %{buildroot}/boot/.vmlinuz-%{kernel_name}.hmac

# mark modules executable so that strip-to-file can strip them
find %{kernel_modpath} -name "*.ko" -type f | xargs --no-run-if-empty chmod u+x

# Setup directories for -devel files
rm -f %{kernel_modpath}/build
rm -f %{kernel_modpath}/source
mkdir -p %{kernel_modpath}/build
pushd %{kernel_modpath}
	ln -s build source
popd

# first copy everything
cp --parents $(find  -type f -name "Makefile*" -o -name "Kconfig*") %{kernel_modpath}/build
cp Module.symvers %{kernel_modpath}/build
cp System.map %{kernel_modpath}/build
if [ -s Module.markers ]; then
	cp Module.markers %{kernel_modpath}/build
fi

# then drop all but the needed Makefiles/Kconfig files
rm -rf %{kernel_modpath}/build/scripts
rm -rf %{kernel_modpath}/build/include
cp .config %{kernel_modpath}/build
cp -a scripts %{kernel_modpath}/build
rm -rf %{kernel_modpath}/build/scripts/tracing
rm -f %{kernel_modpath}/build/scripts/spdxcheck.py

if [ -f tools/objtool/objtool ]; then
	cp -a tools/objtool/objtool %{kernel_modpath}/build/tools/objtool/ || :

	# these are a few files associated with objtool
	cp -a --parents tools/build/Build.include %{kernel_modpath}/build/
	cp -a --parents tools/build/Build %{kernel_modpath}/build/
	cp -a --parents tools/build/fixdep.c %{kernel_modpath}/build/
	cp -a --parents tools/scripts/utilities.mak %{kernel_modpath}/build/

	# also more than necessary but it's not that many more files
	cp -a --parents tools/objtool/* %{kernel_modpath}/build/
	cp -a --parents tools/lib/str_error_r.c %{kernel_modpath}/build/
	cp -a --parents tools/lib/string.c %{kernel_modpath}/build/
	cp -a --parents tools/lib/subcmd/* %{kernel_modpath}/build/
fi

if [ -d arch/x86/scripts ]; then
	cp -a arch/x86/scripts %{kernel_modpath}/build/arch/x86/ || :
fi

if [ -f arch/x86/*lds ]; then
	cp -a arch/x86/*lds %{kernel_modpath}/build/arch/x86/ || :
fi

if [ -f arch/x86/kernel/module.lds ]; then
	cp -a --parents arch/x86/kernel/module.lds %{kernel_modpath}/build/
fi

rm -f %{kernel_modpath}/build/scripts/*.o
rm -f %{kernel_modpath}/build/scripts/*/*.o

if [ -d arch/x86/include ]; then
	cp -a --parents arch/x86/include %{kernel_modpath}/build/
fi

cp -a include %{kernel_modpath}/build/include

# files for 'make prepare' to succeed with kernel-devel
cp -a --parents arch/x86/entry/syscalls/syscall_32.tbl %{kernel_modpath}/build/
cp -a --parents arch/x86/entry/syscalls/syscall_64.tbl %{kernel_modpath}/build/
cp -a --parents arch/x86/tools/relocs_32.c %{kernel_modpath}/build/
cp -a --parents arch/x86/tools/relocs_64.c %{kernel_modpath}/build/
cp -a --parents arch/x86/tools/relocs.c %{kernel_modpath}/build/
cp -a --parents arch/x86/tools/relocs_common.c %{kernel_modpath}/build/
cp -a --parents arch/x86/tools/relocs.h %{kernel_modpath}/build/

cp -a --parents scripts/syscalltbl.sh %{kernel_modpath}/build/
cp -a --parents scripts/syscallhdr.sh %{kernel_modpath}/build/

# Yes this is more includes than we probably need. Feel free to sort out
# dependencies if you so choose.
cp -a --parents tools/include/* %{kernel_modpath}/build/
cp -a --parents arch/x86/purgatory/purgatory.c %{kernel_modpath}/build/
cp -a --parents arch/x86/purgatory/stack.S %{kernel_modpath}/build/
cp -a --parents arch/x86/purgatory/setup-x86_64.S %{kernel_modpath}/build/
cp -a --parents arch/x86/purgatory/entry64.S %{kernel_modpath}/build/
cp -a --parents arch/x86/boot/string.h %{kernel_modpath}/build/
cp -a --parents arch/x86/boot/string.c %{kernel_modpath}/build/
cp -a --parents arch/x86/boot/ctype.h %{kernel_modpath}/build/

# Make sure the Makefile, version.h, and auto.conf have a matching
# timestamp so that external modules can be built

touch -r %{kernel_modpath}/build/Makefile \
	%{kernel_modpath}/build/include/generated/uapi/linux/version.h \
	%{kernel_modpath}/build/include/config/auto.conf

mkdir -p %{buildroot}/usr/src/kernels
mv %{kernel_modpath}/build %{buildroot}/usr/src/kernels/%{kernel_name}

# This is going to create a broken link during the build, but we don't use
# it after this point.  We need the link to actually point to something
# when kernel-devel is installed, and a relative link doesn't work across
# the F17 UsrMove feature.
ln -sf /usr/src/kernels/%{kernel_name} %{kernel_modpath}/build

# prune junk from kernel-devel
find %{buildroot}/usr/src/kernels -name ".*.cmd" -delete

# remove files that will be auto generated by depmod at rpm -i time
pushd %{kernel_modpath}
	rm -f modules.{alias*,builtin.bin,dep*,*map,symbols*,devname,softdep}
popd

# build a BLS config for this kernel
cat >%{kernel_modpath}/bls.conf <<EOF
title Fedora (%{kernel_name}) %{fedora_title}
version %{kernel_name}
linux /vmlinuz-%{kernel_name}
initrd /initramfs-%{kernel_name}.img
options \$kernelopts
grub_users \$grub_users
grub_arg --unrestricted
grub_class kernel
EOF

%clean
rm -rf %{buildroot}

%posttrans
/bin/kernel-install add %{kernel_name} /lib/modules/%{kernel_name}/vmlinuz || exit $?

%preun
/bin/kernel-install remove %{kernel_name} /lib/modules/%{kernel_name}/vmlinuz || exit $?

%files
%defattr (-, root, root)
/lib/modules/%{kernel_name}
%ghost /boot/vmlinuz-%{kernel_name}
%ghost /boot/config-%{kernel_name}
%ghost /boot/System.map-%{kernel_name}
%ghost /boot/.vmlinuz-%{kernel_name}.hmac

%files devel
%defattr (-, root, root)
/usr/src/kernels/%{kernel_name}

%changelog
* Thu Jan 09 2020 Dorian Stoll <dorian.stoll@tmsp.io>
- Initial version