#!/usr/bin/make -f
# -*- makefile -*-
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
# TODO: check for headers not being installed
BUILD_DIR=$(shell pwd)
include /usr/share/dpkg/default.mk
include debian/rules.d/env.mk
include debian/rules.d/$(DEB_BUILD_ARCH).mk
MAKEFLAGS += $(subst parallel=,-j,$(filter parallel=%,${DEB_BUILD_OPTIONS}))
CHANGELOG_DATE:=$(shell dpkg-parsechangelog -SDate)
CHANGELOG_DATE_UTC_ISO := $(shell date -u -d '$(CHANGELOG_DATE)' +%Y-%m-%dT%H:%MZ)
PMX_KERNEL_PKG=proxmox-kernel-$(KVNAME)
PMX_KERNEL_SERIES_PKG=proxmox-kernel-$(KERNEL_MAJMIN)
PMX_DEBUG_KERNEL_PKG=proxmox-kernel-$(KVNAME)-dbgsym
PMX_HEADER_PKG=proxmox-headers-$(KVNAME)
PMX_USR_HEADER_PKG=proxmox-kernel-libc-dev
PMX_KERNEL_SIGNING_TEMPLATE_PKG=proxmox-kernel-${KVNAME}-signed-template
PMX_KERNEL_SIGNED_VERSION := $(shell echo ${DEB_VERSION} | sed -e 's/-/+/')
LINUX_TOOLS_PKG=linux-tools-$(KERNEL_MAJMIN)
KERNEL_SRC_COPY=$(KERNEL_SRC)_tmp
# TODO: split for archs, move to files?
PMX_CONFIG_OPTS= \
-m INTEL_MEI_WDT \
-d CONFIG_SND_PCM_OSS \
-e CONFIG_TRANSPARENT_HUGEPAGE_MADVISE \
-d CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS \
-m CONFIG_CEPH_FS \
-m CONFIG_BLK_DEV_NBD \
-m CONFIG_BLK_DEV_RBD \
-m CONFIG_BLK_DEV_UBLK \
-d CONFIG_SND_PCSP \
-m CONFIG_BCACHE \
-m CONFIG_JFS_FS \
-m CONFIG_HFS_FS \
-m CONFIG_HFSPLUS_FS \
-e CIFS_SMB_DIRECT \
-e CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU \
-e CONFIG_BRIDGE \
-e CONFIG_BRIDGE_NETFILTER \
-e CONFIG_BLK_DEV_SD \
-e CONFIG_BLK_DEV_SR \
-e CONFIG_BLK_DEV_DM \
-m CONFIG_BLK_DEV_NVME \
-e CONFIG_NLS_ISO8859_1 \
-d CONFIG_INPUT_EVBUG \
-d CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND \
-d CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL \
-e CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE \
-e CONFIG_SYSFB_SIMPLEFB \
-e CONFIG_DRM_SIMPLEDRM \
-e CONFIG_MODULE_SIG \
-e CONFIG_MODULE_SIG_ALL \
-e CONFIG_MODULE_SIG_FORMAT \
--set-str CONFIG_MODULE_SIG_HASH sha512 \
--set-str CONFIG_MODULE_SIG_KEY certs/signing_key.pem \
-e CONFIG_MODULE_SIG_KEY_TYPE_RSA \
-e CONFIG_MODULE_SIG_SHA512 \
-d CONFIG_MEMCG_DISABLED \
-e CONFIG_MEMCG_SWAP_ENABLED \
-e CONFIG_HYPERV \
-m CONFIG_VFIO_IOMMU_TYPE1 \
-e CONFIG_VFIO_VIRQFD \
-m CONFIG_VFIO \
-m CONFIG_VFIO_PCI \
-m CONFIG_USB_XHCI_HCD \
-m CONFIG_USB_XHCI_PCI \
-m CONFIG_USB_EHCI_HCD \
-m CONFIG_USB_EHCI_PCI \
-m CONFIG_USB_EHCI_HCD_PLATFORM \
-m CONFIG_USB_OHCI_HCD \
-m CONFIG_USB_OHCI_HCD_PCI \
-m CONFIG_USB_OHCI_HCD_PLATFORM \
-d CONFIG_USB_OHCI_HCD_SSB \
-m CONFIG_USB_UHCI_HCD \
-d CONFIG_USB_SL811_HCD_ISO \
-e CONFIG_MEMCG_KMEM \
-d CONFIG_DEFAULT_CFQ \
-e CONFIG_DEFAULT_DEADLINE \
-e CONFIG_MODVERSIONS \
-e CONFIG_ZSTD_COMPRESS \
-d CONFIG_DEFAULT_SECURITY_DAC \
-e CONFIG_DEFAULT_SECURITY_APPARMOR \
--set-str CONFIG_DEFAULT_SECURITY apparmor \
-e CONFIG_MODULE_ALLOW_BTF_MISMATCH \
-d CONFIG_UNWINDER_ORC \
-d CONFIG_UNWINDER_GUESS \
-e CONFIG_UNWINDER_FRAME_POINTER \
--set-str CONFIG_SYSTEM_TRUSTED_KEYS ""\
--set-str CONFIG_SYSTEM_REVOCATION_KEYS ""\
-e CONFIG_SECURITY_LOCKDOWN_LSM \
-e CONFIG_SECURITY_LOCKDOWN_LSM_EARLY \
--set-str CONFIG_LSM lockdown,yama,integrity,apparmor \
-e CONFIG_PAGE_TABLE_ISOLATION \
-e CONFIG_ARCH_HAS_CPU_FINALIZE_INIT \
-d CONFIG_GDS_FORCE_MITIGATION \
-d CONFIG_WQ_CPU_INTENSIVE_REPORT \
-d CONFIG_N_GSM \
-d UBSAN_BOUNDS \
debian/control: $(wildcard debian/*.in)
sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.prerm.in > debian/$(PMX_KERNEL_PKG).prerm
sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.postrm.in > debian/$(PMX_KERNEL_PKG).postrm
sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.postinst.in > debian/$(PMX_KERNEL_PKG).postinst
sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-headers.postinst.in > debian/$(PMX_HEADER_PKG).postinst
sed -e 's/@@KVMAJMIN@@/$(KERNEL_MAJMIN)/g' -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel-meta.postrm.in > debian/$(PMX_KERNEL_SERIES_PKG).postrm
sed -e 's/@@KVMAJMIN@@/$(KERNEL_MAJMIN)/g' -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel-meta.postinst.in > debian/$(PMX_KERNEL_SERIES_PKG).postinst
chmod +x debian/$(PMX_KERNEL_PKG).prerm
chmod +x debian/$(PMX_KERNEL_PKG).postrm
chmod +x debian/$(PMX_KERNEL_PKG).postinst
chmod +x debian/$(PMX_KERNEL_SERIES_PKG).postrm
chmod +x debian/$(PMX_KERNEL_SERIES_PKG).postinst
chmod +x debian/$(PMX_HEADER_PKG).postinst
sed -e 's/@KVNAME@/$(KVNAME)/g' -e 's/@KVMAJMIN@/$(KERNEL_MAJMIN)/g' < debian/control.in > debian/control
# signing-template
sed -e '1 s/proxmox-kernel/proxmox-kernel-signed/' -e '1 s/${DEB_VERSION}/${PMX_KERNEL_SIGNED_VERSION}/' < debian/changelog > debian/signing-template/changelog
sed -e 's/@KVNAME@/${KVNAME}/g' -e 's/@KVMAJMIN@/$(KERNEL_MAJMIN)/g' -e 's/@UNSIGNED_VERSION@/${DEB_VERSION}/g' < debian/signing-template/control.in > debian/signing-template/control
sed -e 's/@KVNAME@/${KVNAME}/g' < debian/signing-template/files.json.in > debian/signing-template/files.json
sed -e 's/@KVNAME@/${KVNAME}/g' -e 's/@PKG_VERSION@/${DEB_VERSION}/' < debian/signing-template/rules.in > debian/signing-template/rules
sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.prerm.in > debian/signing-template/prerm
sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.postrm.in > debian/signing-template/postrm
sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.postinst.in > debian/signing-template/postinst
rm debian/signing-template/*.in
cp debian/SOURCE debian/signing-template/
build: .compile_mark .tools_compile_mark .modules_compile_mark
install: .install_mark .tools_install_mark .headers_install_mark .usr_headers_install_mark
dh_installdocs -A debian/copyright debian/SOURCE
dh_installchangelogs
dh_installman
dh_strip_nondeterminism
dh_compress
dh_fixperms
binary: install
debian/rules fwcheck abicheck
dh_strip -N$(PMX_HEADER_PKG) -N$(PMX_USR_HEADER_PKG)
dh_makeshlibs
dh_shlibdeps
dh_installdeb
dh_gencontrol
dh_md5sums
dh_builddeb
.config_mark:
cd $(KERNEL_SRC); scripts/config $(PMX_CONFIG_OPTS)
$(MAKE) -C $(KERNEL_SRC) olddefconfig
# copy to allow building in parallel to kernel/module compilation without interference
rm -rf $(KERNEL_SRC_COPY)
cp -ar $(KERNEL_SRC) $(KERNEL_SRC_COPY)
touch $@
.compile_mark: .config_mark
$(MAKE) -C $(KERNEL_SRC) KBUILD_BUILD_VERSION_TIMESTAMP="PMX $(DEB_VERSION) ($(CHANGELOG_DATE_UTC_ISO))"
touch $@
.install_mark: .compile_mark .modules_compile_mark
rm -rf debian/$(PMX_KERNEL_PKG)
mkdir -p debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)
mkdir debian/$(PMX_KERNEL_PKG)/boot
install -m 644 $(KERNEL_SRC)/.config debian/$(PMX_KERNEL_PKG)/boot/config-$(KVNAME)
install -m 644 $(KERNEL_SRC)/System.map debian/$(PMX_KERNEL_PKG)/boot/System.map-$(KVNAME)
install -m 644 $(KERNEL_SRC)/$(KERNEL_IMAGE_PATH) debian/$(PMX_KERNEL_PKG)/boot/$(KERNEL_INSTALL_FILE)-$(KVNAME)
$(MAKE) -C $(KERNEL_SRC) INSTALL_MOD_PATH=$(BUILD_DIR)/debian/$(PMX_KERNEL_PKG)/ modules_install
# install zfs drivers
install -d -m 0755 debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/zfs
install -m 644 $(MODULES)/zfs.ko $(MODULES)/spl.ko debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/zfs
# remove firmware
rm -rf debian/$(PMX_KERNEL_PKG)/lib/firmware
ifeq ($(filter pkg.proxmox-kernel.debug,$(DEB_BUILD_PROFILES)),)
echo "'pkg.proxmox-kernel.debug' build profile disabled, skipping -dbgsym creation"
else
echo "'pkg.proxmox-kernel.debug' build profile enabled, creating -dbgsym contents"
mkdir -p debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)
mkdir debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/boot
install -m 644 $(KERNEL_SRC)/vmlinux debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/boot/vmlinux-$(KVNAME)
cp -r debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME) debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/
rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/source
rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/build
rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/modules.*
endif
# strip debug info
find debian/$(PMX_KERNEL_PKG)/lib/modules -name \*.ko -print | while read f ; do strip --strip-debug "$$f"; done
# sign modules using ephemeral, embedded key
if grep -q CONFIG_MODULE_SIG=y ubuntu-kernel/.config ; then \
find debian/$(PMX_KERNEL_PKG)/lib/modules -name \*.ko -print | while read f ; do \
./ubuntu-kernel/scripts/sign-file sha512 ./ubuntu-kernel/certs/signing_key.pem ubuntu-kernel/certs/signing_key.x509 "$$f" ; \
done; \
rm ./ubuntu-kernel/certs/signing_key.pem ; \
fi
# finalize
/sbin/depmod -b debian/$(PMX_KERNEL_PKG)/ $(KVNAME)
# Autogenerate blacklist for watchdog devices (see README)
install -m 0755 -d debian/$(PMX_KERNEL_PKG)/lib/modprobe.d
ls debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/kernel/drivers/watchdog/ > watchdog-blacklist.tmp
echo ipmi_watchdog.ko >> watchdog-blacklist.tmp
cat watchdog-blacklist.tmp|sed -e 's/^/blacklist /' -e 's/.ko$$//'|sort -u > debian/$(PMX_KERNEL_PKG)/lib/modprobe.d/blacklist_$(PMX_KERNEL_PKG).conf
rm -f debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/source
rm -f debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/build
# copy signing template contents
rm -rf debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}
mkdir -p debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/source-template/debian
cp -R debian/copyright \
debian/signing-template/rules \
debian/signing-template/control \
debian/signing-template/source \
debian/signing-template/changelog \
debian/signing-template/prerm \
debian/signing-template/postrm \
debian/signing-template/postinst \
debian/signing-template/SOURCE \
debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/source-template/debian
cp debian/signing-template/files.json debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/
touch $@
.tools_compile_mark: .compile_mark
$(MAKE) -C $(KERNEL_SRC)/tools/perf prefix=/usr NO_LIBTRACEEVENT=1 HAVE_NO_LIBBFD=1 HAVE_CPLUS_DEMANGLE_SUPPORT=1 NO_LIBPYTHON=1 NO_LIBPERL=1 NO_LIBCRYPTO=1 PYTHON=python3
echo "checking GPL-2 only perf binary for library linkage with incompatible licenses.."
! ldd $(KERNEL_SRC)/tools/perf/perf | grep -q -E '\blibbfd'
! ldd $(KERNEL_SRC)/tools/perf/perf | grep -q -E '\blibcrypto'
$(MAKE) -C $(KERNEL_SRC)/tools/perf NO_LIBTRACEEVENT=1 man
touch $@
.tools_install_mark: .tools_compile_mark
rm -rf debian/$(LINUX_TOOLS_PKG)
mkdir -p debian/$(LINUX_TOOLS_PKG)/usr/bin
mkdir -p debian/$(LINUX_TOOLS_PKG)/usr/share/man/man1
install -m 755 $(BUILD_DIR)/$(KERNEL_SRC)/tools/perf/perf debian/$(LINUX_TOOLS_PKG)/usr/bin/perf_$(KERNEL_MAJMIN)
for i in $(BUILD_DIR)/$(KERNEL_SRC)/tools/perf/Documentation/*.1; do \
fname="$${i##*/}"; manname="$${fname%.1}"; \
install -m644 "$$i" "debian/$(LINUX_TOOLS_PKG)/usr/share/man/man1/$${manname}_$(KERNEL_MAJMIN).1"; \
done
touch $@
.headers_prepare_mark: .config_mark
rm -rf debian/$(PMX_HEADER_PKG)
mkdir -p debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
install -m 0644 $(KERNEL_SRC)/.config debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
make -C $(KERNEL_SRC_COPY) mrproper
cd $(KERNEL_SRC_COPY); find . -path './debian/*' -prune \
-o -path './include/*' -prune \
-o -path './Documentation' -prune \
-o -path './scripts' -prune \
-o -type f \
\( \
-name 'Makefile*' \
-o -name 'Kconfig*' \
-o -name 'Kbuild*' \
-o -name '*.sh' \
-o -name '*.pl' \
\) \
-print | cpio -pd --preserve-modification-time $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
cd $(KERNEL_SRC_COPY); \
( \
find arch/$(KERNEL_HEADER_ARCH) -name include -type d -print | \
xargs -n1 -i: find : -type f \
) | \
cpio -pd --preserve-modification-time $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
touch $@
.headers_compile_mark: .headers_prepare_mark
# set output to subdir of source to reduce number of hardcoded paths in output files
rm -rf $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)
mkdir -p $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)
cp $(KERNEL_SRC)/.config $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)/.config
$(MAKE) -C $(KERNEL_SRC_COPY) O=$(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG) -j1 syncconfig modules_prepare prepare scripts
cd $(KERNEL_SRC_COPY); cp -a include scripts $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
find $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG) -name \*.o.ur-\* -o -name '*.cmd' | xargs rm -f
rsync --ignore-existing -r -v -a $(addprefix $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)/,arch include kernel scripts tools) $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/
rm -rf $(BUILD_DIR)/$(KERNEL_SRC_COPY)
touch $@
.headers_install_mark: .compile_mark .modules_compile_mark .headers_compile_mark
cp $(KERNEL_SRC)/include/generated/compile.h debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/include/generated/compile.h
install -m 0644 $(KERNEL_SRC)/Module.symvers debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)
mkdir -p debian/$(PMX_HEADER_PKG)/lib/modules/$(KVNAME)
ln -sf /usr/src/linux-headers-$(KVNAME) debian/$(PMX_HEADER_PKG)/lib/modules/$(KVNAME)/build
touch $@
.usr_headers_install_mark: PKG_DIR = debian/$(PMX_USR_HEADER_PKG)
.usr_headers_install_mark: OUT_DIR = $(PKG_DIR)/usr
.usr_headers_install_mark: .config_mark
rm -rf '$(PKG_DIR)'
mkdir -p '$(PKG_DIR)'
$(MAKE) -C $(KERNEL_SRC) headers_install ARCH=$(KERNEL_HEADER_ARCH) INSTALL_HDR_PATH='$(CURDIR)'/$(OUT_DIR)
rm -rf $(OUT_DIR)/include/drm $(OUT_DIR)/include/scsi
find $(OUT_DIR)/include \( -name .install -o -name ..install.cmd \) -execdir rm {} +
# Move include/asm to arch-specific directory
mkdir -p $(OUT_DIR)/include/$(DEB_HOST_MULTIARCH)
mv $(OUT_DIR)/include/asm $(OUT_DIR)/include/$(DEB_HOST_MULTIARCH)/
test ! -d $(OUT_DIR)/include/arch || \
mv $(OUT_DIR)/include/arch $(OUT_DIR)/include/$(DEB_HOST_MULTIARCH)/
touch $@
.modules_compile_mark: $(MODULES)/zfs.ko
touch $@
$(MODULES)/zfs.ko: .compile_mark
cd $(MODULES)/$(ZFSDIR); ./autogen.sh
cd $(MODULES)/$(ZFSDIR); ./configure --with-config=kernel --with-linux=$(BUILD_DIR)/$(KERNEL_SRC) --with-linux-obj=$(BUILD_DIR)/$(KERNEL_SRC)
$(MAKE) -C $(MODULES)/$(ZFSDIR)
cp $(MODULES)/$(ZFSDIR)/module/zfs.ko $(MODULES)/
cp $(MODULES)/$(ZFSDIR)/module/spl.ko $(MODULES)/
fwlist-$(KVNAME): .compile_mark .modules_compile_mark
debian/scripts/find-firmware.pl debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME) >fwlist.tmp
mv fwlist.tmp $@
.PHONY: fwcheck
fwcheck: fwlist-$(KVNAME) fwlist-previous
@echo "checking fwlist for changes since last built firmware package.."
@echo "if this check fails, add fwlist-$(KVNAME) to the pve-firmware repository and upload a new firmware package together with the $(KVNAME) kernel"
sort fwlist-previous | uniq > fwlist-previous.sorted
sort fwlist-$(KVNAME) | uniq > fwlist-$(KVNAME).sorted
diff -up -N fwlist-previous.sorted fwlist-$(KVNAME).sorted > fwlist.diff
rm fwlist.diff fwlist-previous.sorted fwlist-$(KVNAME).sorted
@echo "done, no need to rebuild pve-firmware"
abi-$(KVNAME): .compile_mark
debian/scripts/abi-generate debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/Module.symvers abi-$(KVNAME) $(KVNAME)
.PHONY: abicheck
abicheck: debian/scripts/abi-check abi-$(KVNAME) abi-prev-* abi-blacklist
debian/scripts/abi-check abi-$(KVNAME) abi-prev-* $(SKIPABI)
.PHONY: clean