From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 4A048E32A for ; Tue, 18 Jul 2023 11:11:44 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 32A1C1887E for ; Tue, 18 Jul 2023 11:11:44 +0200 (CEST) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Tue, 18 Jul 2023 11:11:42 +0200 (CEST) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 8572842FD9 for ; Tue, 18 Jul 2023 11:11:42 +0200 (CEST) From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= To: pve-devel@lists.proxmox.com Date: Tue, 18 Jul 2023 11:11:01 +0200 Message-Id: <20230718091102.6631-9-f.gruenbichler@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20230718091102.6631-1-f.gruenbichler@proxmox.com> References: <20230718091102.6631-1-f.gruenbichler@proxmox.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.071 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH 2/2] integrate meta packages and change prefix X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jul 2023 09:11:44 -0000 long overdue, and avoids the issue of the meta packages version going down after being folded in from the pve-kernel-meta repository. the ABI needs to be bumped for every published kernel package now that modules are signed, else the booted kernel image containing the public part of the ephemeral signing key, and the on-disk (potentially upgraded in-place) signed module files can disagree, and module loading would fail. not changed (yet): git repository name, pve-firmware Signed-off-by: Fabian Grünbichler --- Notes: we could also unify KREL and PKGREL now, since the two always need to be bumped together? not changed yet: git repo, pve-firmware package - those can be done as follow-ups though. we could possibly add a Breaks on all the outdated meta packages here, but I think just bumping coming from the other direction should be enough: proxmox-ve/proxmox-backup-meta/proxmox-mailgateway -> proxmox-kernel-6.2 -> updated proxmox-kernel-6.2.16-... -> updated proxmox-kernel-helper pve-headers -> proxmox-kernel-6.2 -> updated proxmox-headers-6.2.16-.. note that PMG calls the top-level headers meta package pve-headers as well, and PBS doesn't even have it in the first place. we could rename (and Breaks+Replaces+Provides) for PMG, and add it to PBS as well, if desired. changelog diff included because of the source package rename (easy to miss otherwise) - can of course be extended/.. if more changes are folded in before actually building and releasing! Makefile | 28 +++++----- debian/changelog | 13 +++++ debian/control.in | 52 ++++++++++++++----- ...ostinst.in => proxmox-headers.postinst.in} | 0 debian/proxmox-kernel-meta.postinst.in | 17 ++++++ debian/proxmox-kernel-meta.postrm.in | 19 +++++++ ...postinst.in => proxmox-kernel.postinst.in} | 0 ...nel.postrm.in => proxmox-kernel.postrm.in} | 0 ...ernel.prerm.in => proxmox-kernel.prerm.in} | 0 debian/rules | 27 ++++++---- debian/source/lintian-overrides | 4 +- 11 files changed, 121 insertions(+), 39 deletions(-) rename debian/{pve-headers.postinst.in => proxmox-headers.postinst.in} (100%) create mode 100755 debian/proxmox-kernel-meta.postinst.in create mode 100755 debian/proxmox-kernel-meta.postrm.in rename debian/{pve-kernel.postinst.in => proxmox-kernel.postinst.in} (100%) rename debian/{pve-kernel.postrm.in => proxmox-kernel.postrm.in} (100%) rename debian/{pve-kernel.prerm.in => proxmox-kernel.prerm.in} (100%) diff --git a/Makefile b/Makefile index b1ebe36..aba8c5c 100644 --- a/Makefile +++ b/Makefile @@ -1,22 +1,22 @@ include /usr/share/dpkg/pkg-info.mk -# also bump pve-kernel-meta if either of MAJ.MIN, PATCHLEVEL or KREL change +# also bump proxmox-ve and PBS/PMG meta packages if the default MAJ.MIN version changes! KERNEL_MAJ=6 KERNEL_MIN=2 KERNEL_PATCHLEVEL=16 -# increment KREL if the ABI changes (abicheck target in debian/rules) +# increment KREL for every published package release! # rebuild packages with new KREL and run 'make abiupdate' -KREL=4 +KREL=5 -PKGREL=5 +PKGREL=6 KERNEL_MAJMIN=$(KERNEL_MAJ).$(KERNEL_MIN) KERNEL_VER=$(KERNEL_MAJMIN).$(KERNEL_PATCHLEVEL) EXTRAVERSION=-$(KREL)-pve KVNAME=$(KERNEL_VER)$(EXTRAVERSION) -PACKAGE=pve-kernel-$(KVNAME) -HDRPACKAGE=pve-headers-$(KVNAME) +PACKAGE=proxmox-kernel-$(KVNAME) +HDRPACKAGE=proxmox-headers-$(KVNAME) ARCH=$(shell dpkg-architecture -qDEB_BUILD_ARCH) @@ -31,7 +31,7 @@ GITVERSION:=$(shell git rev-parse HEAD) SKIPABI=0 -BUILD_DIR=pve-kernel-$(KERNEL_VER) +BUILD_DIR=proxmox-kernel-$(KERNEL_VER) KERNEL_SRC=ubuntu-kernel KERNEL_SRC_SUBMODULE=submodules/$(KERNEL_SRC) @@ -46,19 +46,21 @@ MODULE_DIRS=$(ZFSDIR) # exported to debian/rules via debian/rules.d/dirs.mk DIRS=KERNEL_SRC ZFSDIR MODULES -DSC=pve-kernel_$(KERNEL_VER)-$(PKGREL).dsc +DSC=proxmox-kernel-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(PKGREL).dsc DST_DEB=$(PACKAGE)_$(KERNEL_VER)-$(PKGREL)_$(ARCH).deb +META_DEB=proxmox-kernel-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(PKGREL)_all.deb HDR_DEB=$(HDRPACKAGE)_$(KERNEL_VER)-$(PKGREL)_$(ARCH).deb -USR_HDR_DEB=pve-kernel-libc-dev_$(KERNEL_VER)-$(PKGREL)_$(ARCH).deb +META_HDR_DEB=proxmox-headers-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(PKGREL)_all.deb +USR_HDR_DEB=proxmox-kernel-libc-dev_$(KERNEL_VER)-$(PKGREL)_$(ARCH).deb LINUX_TOOLS_DEB=linux-tools-$(KERNEL_MAJMIN)_$(KERNEL_VER)-$(PKGREL)_$(ARCH).deb LINUX_TOOLS_DBG_DEB=linux-tools-$(KERNEL_MAJMIN)-dbgsym_$(KERNEL_VER)-$(PKGREL)_$(ARCH).deb -DEBS=$(DST_DEB) $(HDR_DEB) $(LINUX_TOOLS_DEB) $(LINUX_TOOLS_DBG_DEB) # $(USR_HDR_DEB) +DEBS=$(DST_DEB) $(META_DEB) $(HDR_DEB) $(META_HDR_DEB) $(LINUX_TOOLS_DEB) $(LINUX_TOOLS_DBG_DEB) # $(USR_HDR_DEB) all: deb deb: $(DEBS) -$(LINUX_TOOLS_DEB) $(HDR_DEB): $(DST_DEB) +$(META_DEB) $(META_HDR_DEB) $(LINUX_TOOLS_DEB) $(HDR_DEB): $(DST_DEB) $(DST_DEB): $(BUILD_DIR).prepared cd $(BUILD_DIR); dpkg-buildpackage --jobs=auto -b -uc -us lintian $(DST_DEB) @@ -161,5 +163,5 @@ abi-tmp-$(KVNAME): .PHONY: clean clean: - rm -rf *~ pve-kernel-[0-9]*/ *.prepared $(KERNEL_CFG_ORG) - rm -f *.deb *.dsc *.changes *.buildinfo *.build pve-kernel*.tar.* + rm -rf *~ proxmox-kernel-[0-9]*/ *.prepared $(KERNEL_CFG_ORG) + rm -f *.deb *.dsc *.changes *.buildinfo *.build proxmox-kernel*.tar.* diff --git a/debian/changelog b/debian/changelog index 5046ab5..01f70c4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,16 @@ +proxmox-kernel-6.2 (6.2.16-6) bookworm; urgency=medium + + * enable Secure Boot related KConfigs to allow manually signed booting + + * merge proxmox-kernel-meta packaging into main kernel build, since every + package release entails an ABI bump now. + + * bump ABI to 6.2.16-5 + + * change `pve-` prefix to `proxmox-` + + -- Proxmox Support Team Fri, 14 Jul 2023 19:53:39 +0200 + pve-kernel (6.2.16-5) bookworm; urgency=medium * kvm: xsave set: mask-out PKRU bit in xfeatures if vCPU has no support to diff --git a/debian/control.in b/debian/control.in index 2fbbf6b..6c10ddb 100644 --- a/debian/control.in +++ b/debian/control.in @@ -1,4 +1,4 @@ -Source: pve-kernel +Source: proxmox-kernel-@KVMAJMIN@ Section: devel Priority: optional Maintainer: Proxmox Support Team @@ -31,7 +31,7 @@ Build-Depends: asciidoc-base, xmlto, zlib1g-dev, zstd, -Build-Conflicts: pve-headers-@KVNAME@, +Build-Conflicts: proxmox-headers-@KVNAME@, Standards-Version: 4.6.2 Vcs-Git: git://git.proxmox.com/git/pve-kernel Vcs-Browser: https://git.proxmox.com/?p=pve-kernel.git @@ -45,48 +45,74 @@ Description: Linux kernel version specific tools for version @KVMAJMIN@ This package provides the architecture dependent parts for kernel version locked tools (such as perf and x86_energy_perf_policy) -Package: pve-headers-@KVNAME@ +Package: proxmox-headers-@KVNAME@ Section: devel Priority: optional Architecture: any -Provides: linux-headers-@KVNAME@-amd64, +Provides: linux-headers-@KVNAME@-amd64, pve-headers-@KVNAME@ Depends: ${misc:Depends}, Description: Proxmox Kernel Headers This package contains the linux kernel headers -Package: pve-kernel-@KVNAME@ +Package: proxmox-kernel-@KVNAME@ Section: admin Priority: optional Architecture: any -Provides: linux-image-@KVNAME@-amd64, +Provides: linux-image-@KVNAME@-amd64, pve-kernel-@KVNAME@ Suggests: pve-firmware, Depends: busybox, initramfs-tools | linux-initramfs-tool, ${misc:Depends}, Recommends: grub-pc | grub-efi-amd64 | grub-efi-ia32 | grub-efi-arm64, Description: Proxmox Kernel Image This package contains the linux kernel and initial ramdisk used for booting -Package: pve-kernel-@KVNAME@-dbgsym +Package: proxmox-kernel-@KVNAME@-dbgsym Architecture: any -Provides: linux-debug, +Provides: linux-debug, pve-kernel-@KVNAME@-dbgsym Section: devel Priority: optional -Build-Profiles: +Build-Profiles: Depends: ${misc:Depends}, Description: Proxmox Kernel debug image This package provides the kernel debug image for version @KVNAME@. The debug kernel image contained in this package is NOT meant to boot from - it is uncompressed, and unstripped, and suitable for use with crash/kdump-tools/.. - to analyze kernel crashes. This package also contains the pve-kernel modules + to analyze kernel crashes. This package also contains the proxmox-kernel modules in their unstripped version. -Package: pve-kernel-libc-dev +Package: proxmox-kernel-libc-dev Section: devel Priority: optional Architecture: any -Provides: linux-libc-dev (=${binary:Version}), +Provides: linux-libc-dev (=${binary:Version}), pve-kernel-libc-dev Conflicts: linux-libc-dev, -Replaces: linux-libc-dev, +Replaces: linux-libc-dev, pve-kernel-libc-dev +Breaks: pve-kernel-libc-dev Depends: ${misc:Depends}, Description: Linux support headers for userspace development This package provides userspaces headers from the Linux kernel. These headers are used by the installed headers for GNU libc and other system libraries. + +Package: proxmox-headers-@KVMAJMIN@ +Architecture: all +Section: admin +Provides: linux-headers-amd64, linux-headers-generic, pve-headers-@KVMAJMIN@ +Breaks: pve-headers-@KVMAJMIN@ +Replaces: pve-headers-@KVMAJMIN@ +Priority: optional +Depends: proxmox-headers-@KVNAME@, ${misc:Depends}, +Description: Latest Proxmox Kernel Headers + This is a metapackage which will install the kernel headers + for the latest available proxmox kernel from the @KVMAJMIN@ + series. + +Package: proxmox-kernel-@KVMAJMIN@ +Architecture: all +Section: admin +Provides: linux-image-amd64, linux-image-generic, wireguard-modules (=1.0.0), pve-kernel-@KVMAJMIN@ +Breaks: pve-kernel-@KVMAJMIN@ +Replaces: pve-kernel-@KVMAJMIN@ +Priority: optional +Depends: pve-firmware, proxmox-kernel-@KVNAME@, ${misc:Depends}, +Description: Latest Proxmox Kernel Image + This is a metapackage which will install the latest available + proxmox kernel from the @KVMAJMIN@ series. diff --git a/debian/pve-headers.postinst.in b/debian/proxmox-headers.postinst.in similarity index 100% rename from debian/pve-headers.postinst.in rename to debian/proxmox-headers.postinst.in diff --git a/debian/proxmox-kernel-meta.postinst.in b/debian/proxmox-kernel-meta.postinst.in new file mode 100755 index 0000000..dd801d6 --- /dev/null +++ b/debian/proxmox-kernel-meta.postinst.in @@ -0,0 +1,17 @@ +#! /bin/sh + +# Abort if any command returns an error value +set -e + +case "$1" in + configure) + # setup kernel links for installation CD (rescue boot) + mkdir -p /boot/pve + ln -sf /boot/vmlinuz-@@KVNAME@@ /boot/pve/vmlinuz-@@KVMAJMIN@@ + ln -sf /boot/initrd.img-@@KVNAME@@ /boot/pve/initrd.img-@@KVMAJMIN@@ + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/proxmox-kernel-meta.postrm.in b/debian/proxmox-kernel-meta.postrm.in new file mode 100755 index 0000000..6935ad7 --- /dev/null +++ b/debian/proxmox-kernel-meta.postrm.in @@ -0,0 +1,19 @@ +#! /bin/sh + +# Abort if any command returns an error value +set -e + +case "$1" in + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + # remove kernel symlinks + rm -f /boot/pve/vmlinuz-@@KVNAME@@ + rm -f /boot/pve/initrd.img-@@KVNAME@@ + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# diff --git a/debian/pve-kernel.postinst.in b/debian/proxmox-kernel.postinst.in similarity index 100% rename from debian/pve-kernel.postinst.in rename to debian/proxmox-kernel.postinst.in diff --git a/debian/pve-kernel.postrm.in b/debian/proxmox-kernel.postrm.in similarity index 100% rename from debian/pve-kernel.postrm.in rename to debian/proxmox-kernel.postrm.in diff --git a/debian/pve-kernel.prerm.in b/debian/proxmox-kernel.prerm.in similarity index 100% rename from debian/pve-kernel.prerm.in rename to debian/proxmox-kernel.prerm.in diff --git a/debian/rules b/debian/rules index 123c870..1b7cc16 100755 --- a/debian/rules +++ b/debian/rules @@ -16,10 +16,11 @@ MAKEFLAGS += $(subst parallel=,-j,$(filter parallel=%,${DEB_BUILD_OPTIONS})) CHANGELOG_DATE:=$(shell dpkg-parsechangelog -SDate) CHANGELOG_DATE_UTC_ISO := $(shell date -u -d '$(CHANGELOG_DATE)' +%Y-%m-%dT%H:%MZ) -PVE_KERNEL_PKG=pve-kernel-$(KVNAME) -PVE_DEBUG_KERNEL_PKG=pve-kernel-$(KVNAME)-dbgsym -PVE_HEADER_PKG=pve-headers-$(KVNAME) -PVE_USR_HEADER_PKG=pve-kernel-libc-dev +PVE_KERNEL_PKG=proxmox-kernel-$(KVNAME) +PVE_KERNEL_META_PKG=proxmox-kernel-$(KERNEL_MAJMIN) +PVE_DEBUG_KERNEL_PKG=proxmox-kernel-$(KVNAME)-dbgsym +PVE_HEADER_PKG=proxmox-headers-$(KVNAME) +PVE_USR_HEADER_PKG=proxmox-kernel-libc-dev LINUX_TOOLS_PKG=linux-tools-$(KERNEL_MAJMIN) KERNEL_SRC_COPY=$(KERNEL_SRC)_tmp @@ -98,13 +99,17 @@ PVE_CONFIG_OPTS= \ -e CONFIG_PAGE_TABLE_ISOLATION debian/control: $(wildcard debian/*.in) - sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/pve-kernel.prerm.in > debian/$(PVE_KERNEL_PKG).prerm - sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/pve-kernel.postrm.in > debian/$(PVE_KERNEL_PKG).postrm - sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/pve-kernel.postinst.in > debian/$(PVE_KERNEL_PKG).postinst - sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/pve-headers.postinst.in > debian/$(PVE_HEADER_PKG).postinst + sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.prerm.in > debian/$(PVE_KERNEL_PKG).prerm + sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.postrm.in > debian/$(PVE_KERNEL_PKG).postrm + sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.postinst.in > debian/$(PVE_KERNEL_PKG).postinst + sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-headers.postinst.in > debian/$(PVE_HEADER_PKG).postinst + sed -e 's/@@KVMAJMIN@@/$(KERNEL_MAJMIN)/g' -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel-meta.postrm.in > debian/$(PVE_KERNEL_META_PKG).postrm + sed -e 's/@@KVMAJMIN@@/$(KERNEL_MAJMIN)/g' -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel-meta.postinst.in > debian/$(PVE_KERNEL_META_PKG).postinst chmod +x debian/$(PVE_KERNEL_PKG).prerm chmod +x debian/$(PVE_KERNEL_PKG).postrm chmod +x debian/$(PVE_KERNEL_PKG).postinst + chmod +x debian/$(PVE_KERNEL_META_PKG).postrm + chmod +x debian/$(PVE_KERNEL_META_PKG).postinst chmod +x debian/$(PVE_HEADER_PKG).postinst sed -e 's/@KVNAME@/$(KVNAME)/g' -e 's/@KVMAJMIN@/$(KERNEL_MAJMIN)/g' < debian/control.in > debian/control @@ -154,10 +159,10 @@ binary: install # remove firmware rm -rf debian/$(PVE_KERNEL_PKG)/lib/firmware -ifeq ($(filter pkg.pve-kernel.debug,$(DEB_BUILD_PROFILES)),) - echo "'pkg.pve-kernel.debug' build profile disabled, skipping -dbgsym creation" +ifeq ($(filter pkg.proxmox-kernel.debug,$(DEB_BUILD_PROFILES)),) + echo "'pkg.proxmox-kernel.debug' build profile disabled, skipping -dbgsym creation" else - echo "'pkg.pve-kernel.debug' build profile enabled, creating -dbgsym contents" + echo "'pkg.proxmox-kernel.debug' build profile enabled, creating -dbgsym contents" mkdir -p debian/$(PVE_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME) mkdir debian/$(PVE_DEBUG_KERNEL_PKG)/usr/lib/debug/boot install -m 644 $(KERNEL_SRC)/vmlinux debian/$(PVE_DEBUG_KERNEL_PKG)/usr/lib/debug/boot/vmlinux-$(KVNAME) diff --git a/debian/source/lintian-overrides b/debian/source/lintian-overrides index 792a6ca..053cb04 100644 --- a/debian/source/lintian-overrides +++ b/debian/source/lintian-overrides @@ -1,2 +1,2 @@ -pve-kernel source: debian-control-has-dbgsym-package (in section for pve-kernel-*-pve-dbgsym) Package [debian/control:*] -pve-kernel source: license-problem-gfdl-invariants invariant part is: with the :ref:`invariant sections ` being list their titles, with the :ref:`front-cover texts ` being list, and with the :ref:`back-cover texts ` being list [ubuntu-kernel/Documentation/userspace-api/media/fdl-appendix.rst] +proxmox-kernel source: debian-control-has-dbgsym-package (in section for proxmox-kernel-*-pve-dbgsym) Package [debian/control:*] +proxmox-kernel source: license-problem-gfdl-invariants invariant part is: with the :ref:`invariant sections ` being list their titles, with the :ref:`front-cover texts ` being list, and with the :ref:`back-cover texts ` being list [ubuntu-kernel/Documentation/userspace-api/media/fdl-appendix.rst] -- 2.39.2