Commit Graph

37 Commits

Author SHA1 Message Date
Fabian Grünbichler
331dac76a3 meta package: prefer signed kernel package
to ensure future versions are properly pulled in.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2023-11-20 12:59:50 +01:00
Fabian Grünbichler
17ad9a3376 d/control: add missing python3-dev
required by perf's Makefile

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2023-11-20 12:28:56 +01:00
Fabian Grünbichler
2b3d5a2269 build: add proxmox-kernel-X.Y-pve-signed-template
the signed template together with the binary package(s) containing the unsigned
files form the input to our secure boot signing service.

the signed template consists of
- files.json (specifying which files are signed how and by which key)
- packaging template used to build the signed package(s)

the signing service
- extracts and checks the signed-template binary package
- extracts the unsigned package(s)
- signs the needed files
- packs up the signatures + the template contained in the signed-template
  package into the signed source package

the signed source package can then be built in the regular fashion (in case of
the kernel packages, it will copy the kernel image, modules and some helper
files from the unsigned package, attach the signature created by the signing
service, and re-pack the result as signed-kernel package).

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2023-11-20 12:28:56 +01:00
Fabian Grünbichler
6e72c5b2b7 integrate meta packages and change prefix
long overdue, and avoids the issue of the meta packages version going down
after being folded in from the pve-kernel-meta repository.

the ABI needs to be bumped for every published kernel package now that modules
are signed, else the booted kernel image containing the public part of the
ephemeral signing key, and the on-disk (potentially upgraded in-place) signed
module files can disagree, and module loading would fail.

not changed (yet): git repository name, pve-firmware

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2023-08-01 14:27:29 +02:00
Thomas Lamprecht
e1c98087b0 d/control: drop useless dependency on already essential coreutils
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-05-20 20:28:07 +02:00
Thomas Lamprecht
dad61fd72e d/control: define compat level via build-depends and raise to 13
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-05-20 19:25:13 +02:00
Thomas Lamprecht
f1ef3eb877 d/control: add missing ${misc:Depends}
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-05-20 19:25:13 +02:00
Thomas Lamprecht
5d70d14bad d/control: drop build-dependency for perl-module
lintian rightfully errors out on this one, makes no sense to depend
on an implementation detail of the perl packaging ecosystem.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-05-20 19:25:13 +02:00
Thomas Lamprecht
65f3c4a837 d/control: add missing Standards-Version field
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-05-20 19:25:13 +02:00
Thomas Lamprecht
d4beb8d050 d/control: wrap-and-sort -tkn
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-05-20 19:25:13 +02:00
Thomas Lamprecht
7e3bd8b16a d/control: drop build-dependencies on essential packages
we do not need a specific version..

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2023-05-20 19:25:13 +02:00
Wolfgang Bumiller
3ffc526456 d/control: add linux-initramfs-tool as alternative
This is provdied by both initramfs-tools and dracut.
Required to be able to use dracut in place of
initramfs-tools.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2023-01-30 09:41:52 +01:00
Thomas Lamprecht
c2793ff7ec debian: update some meta and copyright information
lintian wasn't to happy..

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2022-06-17 13:42:23 +02:00
Stoiko Ivanov
dd539d4154 d/control.in: Provide versioned linux-image/linux-headers
pve-headers-$(uname -r) is equivalent to
linux-headers-$(uname -r)-amd64

pve-kernel-$(uname -r) is equivalent to
linux-image-$(uname -r)-amd64

By adding a provides this should help users running
`apt install linux-headers-$(uname -r)-amd64` which is commonly
suggested in install instructions for third-party kernel-drivers on
plain debian.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2021-12-14 13:31:17 +01:00
Fabian Grünbichler
7c4bae5665 d/control: add zstd to B-D
used for compressing the kernel image, build fails if not installed.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Acked-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-12-14 13:31:00 +01:00
Fabian Grünbichler
04f7144d55 build: conditionalize -dbgsym package
via a new, namespaced build profile.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-07-21 18:26:52 +02:00
Thomas Lamprecht
a79b3b7061 d/control: follow text-width limits...
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-07-02 17:25:15 +02:00
Fabian Grünbichler
b5dd2682ff d/control: wrap-and-sort
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-06-15 14:31:10 +02:00
Fabian Grünbichler
6677d2a3ac d/control: remove references to 2.6 kernel
those days are long gone by now ;)

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-06-15 14:31:10 +02:00
Fabian Grünbichler
3636c8611a d/control: provide linux-libc-dev with version
needed for it to be a proper replacement for linux-libc-dev when
resolving dependencies, such as for liburing-dev

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-06-15 14:31:10 +02:00
Fabian Grünbichler
bec104985e build: keep unstripped kernel and module files
and put them into a new -dbgsym package for usage with
crash/kdump-tools/...

fixes #3465, and now allows to do the following (after installing
and configuring kdump-tools to collect kernel crash dumps) when the
system crashes:

  $ apt install pve-kernel-5.11.21-1-dbgsym
  $ crash /usr/lib/debug/boot/vmlinux-5.11.21-1-pve /var/crash/202106151236/dump.202106151236

  crash 7.2.9
  Copyright (C) 2002-2020  Red Hat, Inc.
  Copyright (C) 2004, 2005, 2006, 2010  IBM Corporation
  Copyright (C) 1999-2006  Hewlett-Packard Co
  Copyright (C) 2005, 2006, 2011, 2012  Fujitsu Limited
  Copyright (C) 2006, 2007  VA Linux Systems Japan K.K.
  Copyright (C) 2005, 2011  NEC Corporation
  Copyright (C) 1999, 2002, 2007  Silicon Graphics, Inc.
  Copyright (C) 1999, 2000, 2001, 2002  Mission Critical Linux, Inc.
  This program is free software, covered by the GNU General Public License,
  and you are welcome to change it and/or distribute copies of it under
  certain conditions.  Enter "help copying" to see the conditions.
  This program has absolutely no warranty.  Enter "help warranty" for details.

  GNU gdb (GDB) 7.6
  Copyright (C) 2013 Free Software Foundation, Inc.
  License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
  and "show warranty" for details.
  This GDB was configured as "x86_64-unknown-linux-gnu"...

  WARNING: kernel relocated [812MB]: patching 136336 gdb minimal_symbol values

        KERNEL: /usr/lib/debug/boot/vmlinux-5.11.21-1-pve
      DUMPFILE: /var/crash/202106151236/dump.202106151236  [PARTIAL DUMP]
          CPUS: 4
          DATE: Tue Jun 15 12:36:38 CEST 2021
        UPTIME: 00:06:21
  LOAD AVERAGE: 0.04, 0.11, 0.08
         TASKS: 272
      NODENAME: test
       RELEASE: 5.11.21-1-pve
       VERSION: #1 SMP PVE 5.11.21-1 (Tue, 01 Jun 2021 16:38:57 +0200)
       MACHINE: x86_64  (3696 Mhz)
        MEMORY: 8 GB
         PANIC: "Kernel panic - not syncing: sysrq triggered crash"
           PID: 3167
       COMMAND: "bash"
          TASK: ffff9220c8f5be00  [THREAD_INFO: ffff9220c8f5be00]
           CPU: 3
         STATE: TASK_RUNNING (PANIC)

  crash> bt
  PID: 3167   TASK: ffff9220c8f5be00  CPU: 3   COMMAND: "bash"
   #0 [ffffa24ec0bfbc80] machine_kexec at ffffffffb3c751f3
   #1 [ffffa24ec0bfbce0] __crash_kexec at ffffffffb3d61092
   #2 [ffffa24ec0bfbdb0] panic at ffffffffb47b769d
   #3 [ffffa24ec0bfbe30] sysrq_handle_crash at ffffffffb434da4a
   #4 [ffffa24ec0bfbe40] __handle_sysrq.cold at ffffffffb47e2cdc
   #5 [ffffa24ec0bfbe78] write_sysrq_trigger at ffffffffb434e3f8
   #6 [ffffa24ec0bfbe90] proc_reg_write at ffffffffb3fc09ea
   #7 [ffffa24ec0bfbeb0] vfs_write at ffffffffb3f143b6
   #8 [ffffa24ec0bfbee8] ksys_write at ffffffffb3f16b97
   #9 [ffffa24ec0bfbf28] __x64_sys_write at ffffffffb3f16c2a
  #10 [ffffa24ec0bfbf38] do_syscall_64 at ffffffffb480e868
  #11 [ffffa24ec0bfbf50] entry_SYSCALL_64_after_hwframe at ffffffffb4a0008c
      RIP: 00007f367f7baf33  RSP: 00007ffe6175dc98  RFLAGS: 00000246
      RAX: ffffffffffffffda  RBX: 0000000000000002  RCX: 00007f367f7baf33
      RDX: 0000000000000002  RSI: 0000560510e640b0  RDI: 0000000000000001
      RBP: 0000560510e640b0   R8: 000000000000000a   R9: 0000000000000001
      R10: 0000560510e5f800  R11: 0000000000000246  R12: 0000000000000002
      R13: 00007f367f88b6a0  R14: 0000000000000002  R15: 00007f367f88b8a0
      ORIG_RAX: 0000000000000001  CS: 0033  SS: 002b

as well as lots of other fun things (see 'help' after opening a crash dump).

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2021-06-15 14:31:10 +02:00
Thomas Lamprecht
41cf1104e2 d/control: update build dependencies
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2021-01-15 15:10:56 +01:00
Thomas Lamprecht
924ae54c14 add pve-kernel-libc-dev headers package
This was long overdue, allows to access the full feature set of our
kernel for some tools using the Linux API directly.

Packaging mostly taken from Debian[0]

[0]: https://salsa.debian.org/kernel-team/linux/-/blob/debian/4.19.118-2/debian/rules.real#L367

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Reviewed-By: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2020-05-28 14:07:11 +02:00
Thomas Lamprecht
8028e2a26b d/control: record lz4 build dependency
Since Ubuntu Eoan the kernel compression was changed from GZIP to
LZ4, due to slightly faster load times vs. a 25% size increase
trade-off (e.g. 5.0 had ~ 8, this one has ~ 12 MB; *but* the initrd
stays roughly the same size, and that one is 5 times bigger anyway)

If we want to keep that is in the stars, but for now correctly
document the build-dependency to LZ4.

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-11-14 15:23:23 +01:00
Fabian Grünbichler
77b2009b13 build: add ZFS 0.8 debhelper build-dependencies
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2019-08-05 10:27:56 +02:00
Fabian Grünbichler
6c6eb8b0dd fix #327: downgrade dependency on grub-*
from Depends to Recommends, since we now have an alternate bootloader
setup for some scenarios. both our installer and Debian's default setup
still install Grub by default anyway, but this allows removal without
hacks in case such an alternate bootloader is used on the system.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2019-07-11 14:56:42 +02:00
Thomas Lamprecht
2135c72329 remove gcc check completely, we have build dependencies for that
RETPOLINE is now for sure included, further as this is build through
buildpackage the build dependencies are checked

Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-22 15:42:57 +02:00
Thomas Lamprecht
b8e09c3c69 support gcc 8.3 from buster
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2019-05-22 15:42:57 +02:00
Fabian Grünbichler
03f37cb2bb d/control: update build-depends
with the help of "dpkg-checkdep" to mimic the current build-environment

asciidoc-base: used by perf man pages
automake: used by ZFS/SPL (among other things)
cpio: used in debian/rules
debhelper: used in debian/rules
kmod: used in debian/rules (depmod)
libdw-dev,libelf-dev: used for unwinder
libnuma-dev: used by perf
libslang2-dev: used by perf tui
python-minimal: used by perf
zlib1g-dev: used by perf

thank you Thomas for additional review and extensive discussions
regarding what to include (or not ;))!

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Reviewed-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-10-12 10:41:58 +02:00
Fabian Grünbichler
9929833ca3 d/control: add missing build dependency
libpve-common-perl is used by debian/scripts/abi-generate

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-10-05 14:10:05 +02:00
Thomas Lamprecht
73cf4c7faf d/control: automatically replace linux tools maj.min version
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
2018-05-30 08:25:19 +02:00
Fabian Grünbichler
d72363003b build: refactor header build
to also include tools and scripts like objtool, which are now needed for
external module building

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-05-09 13:12:07 +02:00
Fabian Grünbichler
7cbdd0b90d d/rules: check for accidental perf linkage
with libraries that are not GPL-2-only compatible, fix previously typoed
variable, and add build-dep on libiberty-dev for CPLUS demangling.

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-25 13:27:39 +02:00
Thomas Lamprecht
ff2994e82d d/control: add some missing build dependencies
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

and wrap-and-sort them

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
2018-04-24 12:01:10 +02:00
Fabian Grünbichler
1e99f45be0 build: replace 4.13 with 4.15
as well as artful with bionic, and reset KREL/PKGREL accordingly
2018-03-09 14:47:21 +01:00
Fabian Grünbichler
f3baf3769b d/control: add source section, cleanup
remove variables that are set by dpkg-buildpackage automatically, and
wrap-and-sort the whole thing
2018-03-09 09:19:58 +01:00
Fabian Grünbichler
2d62d8a400 build: move/merge files
the control files were merged as appropriate, the rest are plain
renames.
2018-03-09 09:19:58 +01:00