We currently use the Ubuntu kernel sources, available from:
- http://kernel.ubuntu.com/git/ubuntu/ubuntu-xenial.git/
+ http://kernel.ubuntu.com/git/ubuntu/ubuntu-bionic.git/
Ubuntu will maintain those kernels till:
- include latest e1000e driver from intel/sourceforge
-- include latest ixgbe driver from intel/sourceforge
-
- - include latest igb driver from intel/sourceforge
-
-# Note: hpsa does not compile with kernel 3.19.8
-#- include latest HPSA driver (HP Smart Array)
-#
-# * http://sourceforge.net/projects/cciss/
+- include latest igb driver from intel/sourceforge
- include native OpenZFS filesystem kernel modules for Linux
For licensing questions, see: http://open-zfs.org/wiki/Talk:FAQ
-- include latest DRBD 9 driver, see http://drbd.linbit.com/home/what-is-drbd/
-
-FIRMWARE:
+SUBMODULE
=========
-We create our own firmware package, which includes the firmware for
-all proxmox-ve kernels. So far this include
+We track the current upstream repository as submodule. Besides obvious
+advantages over tracking binary tar archives this also has some implications.
+
+For building the submodule directory gets copied into build/ and a few patches
+get applied with the `patch` tool. From a git point-of-view, the copied
+directory remains clean even with extra patches applied since it does not
+contain a .git directory, but a reference to the (still pristine) submodule:
+
+$ cat build/ubuntu-bionic/.git
+
+If you mistakenly cloned the upstream repo as "normal" clone (not via the
+submodule mechanics) this means that you have a real .git directory with its
+independent objects and tracking info when copying for building, thus git
+operates on the copied directory - and "sees" that it was dirtied by `patch`,
+and thus the kernel buildsystem sees this too and will add a '+' to the version
+as a result. This changes the output directories for modules and other build
+artefacts and let's then the build fail on packaging.
+
+So always ensure that you really checked it out as submodule, not as full
+"normal" clone. You can also explicitly set the LOCALVERSION variable to
+undefined with: `export LOCALVERSION= but that should only be done for test
+builds.
+
+RELATED PACKAGES:
+=================
+
+proxmox-ve
+----------
+
+top level meta package, depends on current default kernel series meta package.
+
+git clone git://git.proxmox.com/git/proxmox-ve.git
-pve-kernel-2.6.18
-pve-kernel-2.6.24
-pve-kernel-2.6.32
-pve-kernel-3.10.0
-pve-kernel-3.19.0
+pve-kernel-meta
+---------------
-We use 'find-firmware.pl' to extract lists of required firmeware
-files. The script 'assemble-firmware.pl' is used to read those lists
-and copy the files from various source directory into a target
-directory.
+depends on latest kernel and header package within a certain kernel series,
+e.g., pve-kernel-4.15 / pve-headers-4.15
-We do not include firmeware for some wireless HW when there is a
-separate debian package for that, for example:
+git clone git://git.proxmox.com/git/pve-kernel-meta.git
-zd1211-firmware
-atmel-firmware
-bluez-firmware
+pve-firmware
+------------
+contains the firmware for all released PVE kernels.
-PATCHES:
---------
+git clone git://git.proxmox.com/git/pve-firmware.git
- bridge-patch.diff: Avoid bridge problems with changing MAC
- see also: http://forum.openvz.org/index.php?t=msg&th=5291
- Behaviour after 2.6.27 has changed slighly - after setting mac address
- of bridge device, then address won't change. So we could omit
- that patch, requiring to set hwaddress in /etc/network/interfaces.
+NOTES:
+======
+
+ABI versions, package versions and package name:
+------------------------------------------------
+
+We follow debian's versioning w.r.t ABI changes:
+
+https://kernel-team.pages.debian.net/kernel-handbook/ch-versions.html
+https://wiki.debian.org/DebianKernelABIChanges
+
+The debian/rules file has a target comparing the build kernel's ABI against the
+version stored in the repository and indicates when an ABI bump is necessary.
+An ABI bump within one upstream version consists of incrementing the KREL
+variable in the Makefile, rebuilding the packages and running 'make abiupdate'
+(the 'abiupdate' target in 'Makefile' contains the steps for consistently
+updating the repository).
Watchdog blacklist
------------------
----------------------
We use the default configuration provided by Ubuntu, and apply
-the following modification:
+the following modifications:
+
+NOTE: For the exact and current list see debian/rules (PVE_CONFIG_OPTS)
-see Makefile (PVE_CONFIG_OPTS)
+- enable INTEL_MEI_WDT=m (to allow disabling via patch)
+
+- disable CONFIG_SND_PCM_OSS (enabled by default in Ubuntu, not needed)
+
+- switch CONFIG_TRANSPARENT_HUGEPAGE to MADVISE from ALWAYS
- enable CONFIG_CEPH_FS=m (request from user)
- enable common CONFIG_BLK_DEV_XXX to avoid hardware detection
- problems (udev, undate-initramfs have serious problems without that)
+ problems (udev, update-initramfs have serious problems without that)
CONFIG_BLK_DEV_SD=y
CONFIG_BLK_DEV_SR=y
CONFIG_BLK_DEV_NBD=m
CONFIG_BLK_DEV_RBD=m
-- set LOOP_MIN_COUNT to 8 (debian defaults)
- CONFIG_BLK_DEV_LOOP_MIN_COUNT=8
-
-- disable module signatures (CONFIG_MODULE_SIG)
-
-- enable IBM JFS file system
+- enable IBM JFS file system as module
- This is disabled in RHEL kernel for no real reason, so we enable
- it as requested by users (bug #64)
+ enable it as requested by users (bug #64)
-- enable apple HFS and HFSPLUS
+- enable apple HFS and HFSPLUS as module
- This is disabled in RHEL kernel for no real reason, so we enable
- it as requested by users
+ enable it as requested by users
- enable CONFIG_BCACHE=m (requested by user)
- enable CONFIG_DEFAULT_SECURITY_APPARMOR
We need this for lxc
-
+
- set CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE=y
because if not set, it can give some dynamic memory or cpu frequencies
Module evbug is not blacklisted on debian, so we simply disable it
to avoid key-event logs (which is a big security problem)
-Testing final kernel with kvm
------------------------------
+- enable CONFIG_MODVERSIONS (needed for ABI tracking)
+
+- switch default UNWINDER to FRAME_POINTER
-kvm -kernel data/boot/vmlinuz-3.19.8-1-pve -initrd initrd.img-3.19.8-1-pve -append "vga=791 video=vesafb:ywrap,mtrr" /dev/zero
+ the recently introduced ORC_UNWINDER is not 100% stable yet, especially in combination with ZFS
+- enable CONFIG_PAGE_TABLE_ISOLATION (Meltdown mitigation)