Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.
Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
If both the HTTP and HTTPS versions
return 200 OK and serve the same content:
Replace HTTP with HTTPS.
Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
While descending directories, Kbuild produces objects for modules,
but do not link final *.ko files; it is done in the modpost.
To keep track of modules, Kbuild creates a *.mod file in $(MODVERDIR)
for every module it is building. Some post-processing steps read the
necessary information from *.mod files. This avoids descending into
directories again. This mechanism was introduced in 2003 or so.
Later, commit 551559e13a ("kbuild: implement modules.order") added
modules.order. So, we can simply read it out to know all the modules
with directory paths. This is easier than parsing the first line of
*.mod files.
$(MODVERDIR) has a flat directory structure, that is, *.mod files
are named only with base names. This is based on the assumption that
the module name is unique across the tree. This assumption is really
fragile.
Stephen Rothwell reported a race condition caused by a module name
conflict:
https://lkml.org/lkml/2019/5/13/991
In parallel building, two different threads could write to the same
$(MODVERDIR)/*.mod simultaneously.
Non-unique module names are the source of all kind of troubles, hence
commit 3a48a91901 ("kbuild: check uniqueness of module names")
introduced a new checker script.
However, it is still fragile in the build system point of view because
this race happens before scripts/modules-check.sh is invoked. If it
happens again, the modpost will emit unclear error messages.
To fix this issue completely, create *.mod with full directory path
so that two threads never attempt to write to the same file.
$(MODVERDIR) is no longer needed.
Since modules with directory paths are listed in modules.order, Kbuild
is still able to find *.mod files without additional descending.
I also killed cmd_secanalysis; scripts/mod/sumversion.c computes MD4 hash
for modules with MODULE_VERSION(). When CONFIG_DEBUG_SECTION_MISMATCH=y,
it occurs not only in the modpost stage, but also during directory
descending, where sumversion.c may parse stale *.mod files. It would emit
'No such file or directory' warning when an object consisting a module is
renamed, or when a single-obj module is turned into a multi-obj module or
vice versa.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Nicolas Pitre <nico@fluxnic.net>
header-test-y does not work with headers in sub-directories.
For example, you may want to write a Makefile, like this:
include/linux/Kbuild:
header-test-y += mtd/nand.h
This entry will create a wrapper include/linux/mtd/nand.hdrtest.c
with the following content:
#include "mtd/nand.h"
To make this work, we need to add $(srctree)/include/linux to the
header search path. It would be tedious to add ccflags-y.
Instead, we could change the *.hdrtest.c rule to wrap:
#include "nand.h"
This works for in-tree build since #include "..." searches in the
relative path from the header with this directive. For O=... build,
we need to add $(srctree)/include/linux/mtd to the header search path,
which will be even more tedious.
After all, I thought it would be handier to compile headers directly
without creating wrappers.
I added a new build rule to compile %.h into %.h.s
The target is %.h.s instead of %.h.o because it is slightly faster.
Also, as for GCC, an empty assembly is smaller than an empty object.
I wrote the build rule:
$(CC) $(c_flags) -S -o $@ -x c /dev/null -include $<
instead of:
$(CC) $(c_flags) -S -o $@ -x c $<
Both work fine with GCC, but the latter is bad for Clang.
This comes down to the difference in the -Wunused-function policy.
GCC does not warn about unused 'static inline' functions at all.
Clang does not warn about the ones in included headers, but does
about the ones in the source. So, we should handle headers as
headers, not as source files.
In fact, this has been hidden since commit abb2ea7dfd ("compiler,
clang: suppress warning for unused static inline functions"), but we
should not rely on that.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Jani Nikula <jani.nikula@intel.com>
Tested-by: Jani Nikula <jani.nikula@intel.com>
Zhenzhong Duan reported that running 'make O=/build/kernel binrpm-pkg'
failed with the following errors:
Running 'make O=/build/kernel binrpm-pkg' failed with below two errors.
Makefile:600: include/config/auto.conf: No such file or directory
+ cp make -C /mnt/root/kernel O=/build/kernel image_name make -f
/mnt/root/kernel/Makefile ...
cp: invalid option -- 'C'
Try 'cp --help' for more information.
Prior to commit 80463f1b7b ("kbuild: add --include-dir flag only
for out-of-tree build"), both srctree and objtree were added to
--include-dir redundantly, and the wrong code 'make image_name'
was working by relying on that. Now, the potential issue that had
previously been hidden just showed up.
'make image_name' recurses to the generated $(objtree)/Makefile and
ends up with running in srctree, which is incorrect. It should be
invoked with '-f $srctree/Makefile' (or KBUILD_SRC=) to be executed
in objtree.
Fixes: 80463f1b7b ("kbuild: add --include-dir flag only for out-of-tree build")
Reported-by: Zhenzhong Duan <zhenzhong.duan@oracle.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The new-kernel-pkg script is only present when grubby is installed, but it
may not always be the case. So if the script isn't present, attempt to use
the kernel-install script as a fallback instead.
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
There is a change in how command line parsing is done in this version.
Excludes and includes are now ordered with the file list. Since
the spec file puts the file list before the exclude list it means newer
tar ignores the excludes and packs all the build output into the
kernel-devel RPM resulting in a huge package.
Simple argument re-ordering fixes the problem.
Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
$RPM_BUILD_ROOT must be escaped to prevent shell from expanding it
when generating the spec file.
%{build_root} is more readable than \$RPM_BUILD_ROOT.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
When CONFIG_MODULES is disabled, make rpm-pkg / binrpm-pkg fails
with the following message:
The present kernel configuration has modules disabled.
Type 'make config' and enable loadable module support.
Then build a kernel with module support enabled.
Do not install modules in the case. Also, omit the devel package.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The repeat of echo is unreadable. The here-document is a well-known
device for such scripts. One difficulty is we have a bunch of PREBUILT
conditionals that would split the here-document.
My idea is to add "$S" annotatation to lines only for the source package
spec file, then post-process it by sed. I hope it will make our life
easier than repeat of "cat <<EOF ..."
I confirmed this commit still produced the same (bin)kernel.spec as
before.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Clean up the mkspec without changing the behavior.
- grep CONFIG_DRM=y more simply
- move "EXCLUDE" out of the "%install" section because it can be
computed when the spec file is generated
- remove "BuildRoot:" field, which is now redundant
- do not mkdir $RPM_BUILD_ROOT/lib/modules explicitly because it
is automatically created by "make modules_install"
- exclude "%package devel" from source package spec file because
it does not make sense where "%files devel" is already excluded
- exclude "%build" from source package spec file
- remove unneeded "make clean" because we had already cleaned
before making tar file
- merge two %ifarch ia64 conditionals
- replace KBUILD_IMAGE with direct use of $(make image_name)
- remove trailing empty line from the spec file
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This conditional was added by commit fc370ecfdb ("kbuild: add
vmlinux to kernel rpm"). Its git-log mentioned vmlinux.bz2 was
necessary for debugging, but did not explain why ppc64 was an
exception. I see no problem to copy vmlinux.bz2 all the time.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
This conditional was added by commit 1a0f3d422b ("kbuild: fix
make rpm for powerpc"). Its git-log explains the default kernel
image is zImage, but obviously the current arch/powerpc/Makefile
does not set KBUILD_IMAGE, so the image file is actually vmlinux.
Moreover, since commit 09549aa1ba ("deb-pkg: Remove the KBUILD_IMAGE
workaround"), all architectures are supposed to set the full path to
the image in KBUILD_IMAGE. I see no good reason to differentiate
ppc64 from others. Rip off the conditional.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
The "Release:" field of the spec file is determined based on the
.version file.
However, the .version file is not copied to the source tar file.
So, when we build the kernel from the source package, the UTS_VERSION
always indicates #1. This does not match with "rpm -q".
The kernel UTS_VERSION and "rpm -q" do not agree for binrpm-pkg, either.
Please note the kernel has already been built before the spec file is
created. Currently, mkspec invokes mkversion. This script returns an
incremented version. So, the "Release:" field of the spec file is
greater than the version in the kernel by one.
For the source package build (where .version file is missing), we can
give KBUILD_BUILD_VERSION=%{release} to the build command.
For the binary package build, we can simply read out the .version file
because it contains the version number that was used for building the
kernel image.
We can remove scripts/mkversion because scripts/package/Makefile need
not touch the .version file.
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Commit 5620a0d1aa ("firmware: delete in-kernel firmware") deleted
in-kernel firmware support, including "make firmware_install".
Since then, "make rpm-pkg" / "make binrpm-pkg" fails to build with
the error:
make[2]: *** No rule to make target `firmware_install'. Stop.
Commit df85b2d767 ("firmware: Restore support for built-in firmware")
restored the build infrastructure for CONFIG_EXTRA_FIRMWARE, but this
is out of the scope of "make firmware_install". So, the right thing to
do is to kill the use of "make firmware_install".
Fixes: 5620a0d1aa ("firmware: delete in-kernel firmware")
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Brace expansion might not work properly if _buildshell RPM macro
points to a shell other than bash. Particularly, with _bulidshell
defined to /bin/dash it leads to broken build and source symlinks.
Signed-off-by: Anton Tikhomirov <anton.tikhomirov@cdnetworks.com>
Signed-off-by: Michal Marek <mmarek@suse.com>
When uninstalling kernel RPM, we're unconditionally calling
"new-kernel-pkg --remove". This is useless on systems which are based on
'update-bootloader' script instead.
Support update-bootloader removal method as well in case the script is
present; contrary to new-kernel-pkg, this needs to be done in %postun,
otherwise update-bootloader will refuse to remove entry for kernel for
which the binary still exists.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Signed-off-by: Michal Marek <mmarek@suse.com>
This patch add a rpm preuninstall scriptlet to cleanup the
boot loader configuration on kernel package uninstall.
The initrd for the to-be-removed kernel is deleted, too.
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Michal Marek <mmarek@suse.com>
mkspec is copying built kernel to temporrary location
/boot/vmlinuz-$KERNELRELEASE-rpm
and runs installkernel on it. This however directly leads to grub2
menuentry for this suffixed binary being generated as well during the run
of installkernel script.
Later in the process the temporary -rpm suffixed files are removed, and
therefore we end up with spurious (and non-functional) grub2 menu entries
for each installed kernel RPM.
Fix that by using a different temporary name (prefixed by '.'), so that
the binary is not recognized as an actual kernel binary and no menuentry
is created for it.
Signed-off-by: Jiri Kosina <jkosina@suse.cz>
Fixes: 3c9c7a14b6 ("rpm-pkg: add %post section to create initramfs and grub hooks")
Signed-off-by: Michal Marek <mmarek@suse.com>
This causes conflicts when using multiple kernels built
with this mechanism.
Reviewed-by: Dennis Dalessandro <dennis.dalessandro@intel.com>
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Michal Marek <mmarek@suse.com>
No need for the intermediary vmlinux.orig - bzip2 can keep the original
files used for compression with --keep.
Signed-off-by: Borislav Petkov <bp@suse.de>
Signed-off-by: Michal Marek <mmarek@suse.cz>
When doing make binrpm-pkg we only want to build the binary and header
package as the documentation of binrpm-pkg target claims. Hence this
patch avoid building the source and devel package. This makes binrpm-pkg
target lot faster and way more usefull.
Signed-off-by: Jérôme Glisse <jglisse@redhat.com>
Cc: Michal Marek <mmarek@suse.cz>
[mmarek: used subject line from v3]
Signed-off-by: Michal Marek <mmarek@suse.cz>
Change the spec file to generate a kernel-devel module
allowing for compilation of external kernel modules.
This patch requires a new minimum RPM level of 4.0.3.
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Prior to this patch, firmware files were being installed
in /lib/firmware with a potential conflict with already
installed kernels.
firmware files are now installed in /lib/firmware/<release>
and packaged with the rest of the modules.
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
/sbin/installkernel is used to insure grub hooks are
inserted and the initramfs is created on the
target system.
The invokation installkernel will work with any
kernel as long as:
- /sbin/installkernel exists
- the kernel and sysem map files are readable
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
The following issue can be reproduced with Linus' tree on
an x86_64 server.
>+ cp /home/user/rpmbuild-test/BUILDROOT/kernel-3.9.2.x86_64/boot/vmlinuz-3.9.2
>cp: missing destination file operand after
>/home/user/rpmbuild-test/BUILDROOT/kernel-3.9.2-1.x86_64/boot/vmlinuz-3.9.2'
>Try `cp --help' for more information.
>error: Bad exit status from /var/tmp/rpm-tmp.R4o0iI (%install)
Here are the commands to reproduce:
make defconfig
make rpm-pkg
Use the resulting src rpm to build as follows:
mkdir ~/rpmbuild-test
cd ~/rpmbuild-test
rpmbuild --rebuild --define "_topdir `pwd`" -vv ~/rpmbuild/SRPMS/kernel-3.10.0_rc1+-1.src.rpm
The issue is because the %install script uses $KBUILD_IMAGE and it hasn't
been set since it is only available in the kbuild system and not in the
%install script.
This patch adds a Makefile target to emit the image_name that can be used
and modifies the mkspec to use the dynamic name in %install.
Signed-off-by: Mike Marciniszyn <mike.marciniszyn@intel.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
'make rpm-pkg' and 'make binrpm-pkg' fail when the kernel source is
read-only. Specifically, when the RPM spec generated by
scripts/package/mkspec is run, KBUILD_SRC happens to be set to the
source location and thus the invocation of 'make headers_install'
fails when an internal call to 'filechk' tries to write a file into
the source tree.
The fix is to clear KBUILD_SRC for the 'make headers_install'
invocation in the spec file, as is already done for the 'make
modules_install' invocation.
Signed-off-by: David R. Bild <drbild@umich.edu>
Signed-off-by: Michal Marek <mmarek@suse.cz>
To compile binaries which depend on new kernel interfaces, we need a
kernel-headers RPM
Signed-off-by: Arun Sharma <asharma@fb.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
Removing the '-' results in hard to read filenames such as:
kernel-2.6.35.2000042g76e4caf-28.x86_64.rpm
kernel-2.6.35.2_000042_g76e4caf-28.x86_64.rpm is easier to
read.
Signed-off-by: Arun Sharma <asharma@fb.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
* 'packaging' of git://git.kernel.org/pub/scm/linux/kernel/git/mmarek/kbuild-2.6:
scripts/package: don't break if %{_smp_mflags} isn't set
kbuild, deb-pkg: Check if KBUILD_IMAGE exists before copying it
Same fix as in 13797b77d4 is needed for the "new"
line invoking _smp_mflags for modules_install. Without the fix, `make
binrpm-pkg` fails with:
+ make '%{_smp_mflags}' KBUILD_SRC= modules_install
make[2]: warning: jobserver unavailable: using -j1. Add `+' to parent make rule.
make[2]: *** No rule to make target `%{_smp_mflags}'. Stop.
error: Bad exit status from /var/tmp/rpm-tmp.8S9B9e (%install)
Signed-off-by: Nishanth Aravamudan <nacc@us.ibm.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
* 'for-35' of git://repo.or.cz/linux-kbuild: (81 commits)
kbuild: Revert part of e8d400a to resolve a conflict
kbuild: Fix checking of scm-identifier variable
gconfig: add support to show hidden options that have prompts
menuconfig: add support to show hidden options which have prompts
gconfig: remove show_debug option
gconfig: remove dbg_print_ptype() and dbg_print_stype()
kconfig: fix zconfdump()
kconfig: some small fixes
add random binaries to .gitignore
kbuild: Include gen_initramfs_list.sh and the file list in the .d file
kconfig: recalc symbol value before showing search results
.gitignore: ignore *.lzo files
headerdep: perlcritic warning
scripts/Makefile.lib: Align the output of LZO
kbuild: Generate modules.builtin in make modules_install
Revert "kbuild: specify absolute paths for cscope"
kbuild: Do not unnecessarily regenerate modules.builtin
headers_install: use local file handles
headers_check: fix perl warnings
export_report: fix perl warnings
...
The mkspec script hardcodes "/var/tmp" into the generated rpm spec file's
BuildRoot. The user, however, may have a custom setting for %_tmppath,
which should be used in BuildRoot. This patch changes mkspec's
BuildRoot output to appropriately use %_tmppath.
Signed-off-by: John Saalwaechter <saalwaechter@gmail.com>
Signed-off-by: Michal Marek <mmarek@suse.cz>
The binrpm-pkg target (binary RPM only) fails when called with
KBUILD_OUTPUT set. This patch makes it work.
For the rpm-pkg target (source + binary RPM), building with
KBUILD_OUTPUT set is not possible and also not needed as the
actual build is done in a temporary directory anyway, so check
that KBUILD_OUTPUT is not set in that case to avoid later errors.
Signed-off-by: Frans Pop <elendil@planet.nl>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
The contents of the %clean section in mkspec is currently commented
out leaving RPM_BUILD_ROOT and its contents on the build machine.
This patch removes it once the rpm build process is complete.
Signed-off-by: Josh Hunt <josh@scalex86.org>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
We are building an automated system to test kernels weekly and need to
provide an rpm to our QA dept. We would like to use the ability to create
kernel rpms already in the kernel's Makefile, but need the vmlinux file
included in the rpm for later debugging.
This patch adds a compressed vmlinux to the kernel rpm when doing a
make rpm-pkg or binrpm-pkg and upon install places the vmlinux file in /boot.
Signed-off-by: Josh Hunt <josh@scalex86.org>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Currently, if we do a 'make rpm-pkg' without the _smp_mflags rpm macro
defined, the build fails with:
[snip]
Executing(%build): /bin/bash -e /var/tmp/rpm-tmp.67959
+ umask 022
+ cd /home/jk/devel/kernel-snapshot/rpm/BUILD
+ cd kernel-2.6.26
+ make clean
+ make '%{_smp_mflags}'
make[3]: *** No rule to make target `%{_smp_mflags}'. Stop.
error: Bad exit status from /var/tmp/rpm-tmp.67959 (%build)
This change uses the 'null if not set' reference to the _smp_mflags
macro instead.
Signed-off-by: Jeremy Kerr <jk@ozlabs.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
This is patch to fix incorrect mkspec script to make rpm correctly at 2.6.27 vanilla kernel.
This is regression in 2.6.27. 2.6.26 make rpm work good.
In 2.6.27 'make rpm' say error from rpmbuild "Many unpacked files (*.fw)."
Signed-off-by: Evgeniy Manachkin <sfstudio@mail.ru>
Acked-by: Alan Cox <alan@redhat.com>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Cc: Stable <stable@kernel.org>
"mkdir -p" does not only mean not to complain if the directory already
exists, but also to create the parent directories if needed. This patch
removes "lib" from the list of directories to create as we will also create
"lib/modules".
Signed-off-by: Rolf Eike Beer <eike-kernel@sf-tec.de>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
The default target for most powerpc platforms is zImage. The
zImage however is in arch/powerpc/boot and the mkspec script
was set up to get the kernel from the top level of the kernel
tree. This patch copies vmlinux to arch/powerpc/boot and then
copies the kernel to the tmp directory so the rpm can be made.
Signed-off-by: Mike Wolf <mjw@us.ibm.com>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
On ia64, only the EFI (fat) partition is available to boot from. The rpm
needs to install the kernel under /boot/efi to be useable on ia64.
Signed-off-by: Greg Edwards <edwardsg@sgi.com>
Signed-off-by: Sam Ravnborg <sam@ravnborg.org>
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.
Let it rip!