PMX_DEBUG_KERNEL_PKG=proxmox-kernel-$(KVNAME)-dbgsym
PMX_HEADER_PKG=proxmox-headers-$(KVNAME)
PMX_USR_HEADER_PKG=proxmox-kernel-libc-dev
+PMX_KERNEL_SIGNING_TEMPLATE_PKG=proxmox-kernel-${KVNAME}-signed-template
+PMX_KERNEL_SIGNED_VERSION := $(shell echo ${DEB_VERSION} | sed -e 's/-/+/')
LINUX_TOOLS_PKG=linux-tools-$(KERNEL_MAJMIN)
KERNEL_SRC_COPY=$(KERNEL_SRC)_tmp
-e CONFIG_MEMCG_SWAP_ENABLED \
-e CONFIG_HYPERV \
-m CONFIG_VFIO_IOMMU_TYPE1 \
--m CONFIG_VFIO_VIRQFD \
+-e CONFIG_VFIO_VIRQFD \
-m CONFIG_VFIO \
-m CONFIG_VFIO_PCI \
-m CONFIG_USB_XHCI_HCD \
-e CONFIG_PAGE_TABLE_ISOLATION \
-e CONFIG_ARCH_HAS_CPU_FINALIZE_INIT \
-d CONFIG_GDS_FORCE_MITIGATION \
+-d CONFIG_WQ_CPU_INTENSIVE_REPORT \
+-d UBSAN_BOUNDS \
debian/control: $(wildcard debian/*.in)
sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.prerm.in > debian/$(PMX_KERNEL_PKG).prerm
chmod +x debian/$(PMX_HEADER_PKG).postinst
sed -e 's/@KVNAME@/$(KVNAME)/g' -e 's/@KVMAJMIN@/$(KERNEL_MAJMIN)/g' < debian/control.in > debian/control
+ # signing-template
+ sed -e '1 s/proxmox-kernel/proxmox-kernel-signed/' -e '1 s/${DEB_VERSION}/${PMX_KERNEL_SIGNED_VERSION}/' < debian/changelog > debian/signing-template/changelog
+ sed -e 's/@KVNAME@/${KVNAME}/g' -e 's/@KVMAJMIN@/$(KERNEL_MAJMIN)/g' -e 's/@UNSIGNED_VERSION@/${DEB_VERSION}/g' < debian/signing-template/control.in > debian/signing-template/control
+ sed -e 's/@KVNAME@/${KVNAME}/g' < debian/signing-template/files.json.in > debian/signing-template/files.json
+ sed -e 's/@KVNAME@/${KVNAME}/g' -e 's/@PKG_VERSION@/${DEB_VERSION}/' < debian/signing-template/rules.in > debian/signing-template/rules
+ sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.prerm.in > debian/signing-template/prerm
+ sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.postrm.in > debian/signing-template/postrm
+ sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.postinst.in > debian/signing-template/postinst
+ rm debian/signing-template/*.in
+ cp debian/SOURCE debian/signing-template/
+
build: .compile_mark .tools_compile_mark .modules_compile_mark
install: .install_mark .tools_install_mark .headers_install_mark .usr_headers_install_mark
.config_mark:
cd $(KERNEL_SRC); scripts/config $(PMX_CONFIG_OPTS)
- $(MAKE) -C $(KERNEL_SRC) oldconfig
+ $(MAKE) -C $(KERNEL_SRC) olddefconfig
# copy to allow building in parallel to kernel/module compilation without interference
rm -rf $(KERNEL_SRC_COPY)
cp -ar $(KERNEL_SRC) $(KERNEL_SRC_COPY)
cat watchdog-blacklist.tmp|sed -e 's/^/blacklist /' -e 's/.ko$$//'|sort -u > debian/$(PMX_KERNEL_PKG)/lib/modprobe.d/blacklist_$(PMX_KERNEL_PKG).conf
rm -f debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/source
rm -f debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/build
+
+ # copy signing template contents
+ rm -rf debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}
+ mkdir -p debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/source-template/debian
+ cp -R debian/copyright \
+ debian/signing-template/rules \
+ debian/signing-template/control \
+ debian/signing-template/source \
+ debian/signing-template/changelog \
+ debian/signing-template/prerm \
+ debian/signing-template/postrm \
+ debian/signing-template/postinst \
+ debian/signing-template/SOURCE \
+ debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/source-template/debian
+ cp debian/signing-template/files.json debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/
+
touch $@
.tools_compile_mark: .compile_mark