install release keys in a saner way

[pve-kernel-jessie.git] / Makefile
diff --git a/Makefile b/Makefile

index 89d266fc1bf0ed258bc4e2475d31bdbac666da61..e7edb769eb2db38cbe3f13a22e124970c20b31d4 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -1,11 +1,11 @@
  RELEASE=4.4
  
  # also update proxmox-ve/changelog if you change KERNEL_VER or KREL
-KERNEL_VER=4.4.35
-PKGREL=78
+KERNEL_VER=4.4.40
+PKGREL=80
  # also include firmware of previous version into
  # the fw package:  fwlist-2.6.32-PREV-pve
-KREL=2
+KREL=1
  
  KERNEL_SRC=ubuntu-xenial
  KERNELSRCTAR=${KERNEL_SRC}.tgz
@@ -17,6 +17,7 @@ HDRPACKAGE=pve-headers-${KVNAME}
  
  ARCH=amd64
  GITVERSION:=$(shell cat .git/refs/heads/master)
+CHANGELOG_DATE:=$(shell dpkg-parsechangelog -SDate -lchangelog.Debian)
  
  TOP=$(shell pwd)
  
@@ -89,10 +90,6 @@ LINUX_TOOLS_DEB=${LINUX_TOOLS_PKG}_${KERNEL_VER}-${PKGREL}_amd64.deb
  
  DEBS=${DST_DEB} ${HDR_DEB} ${FW_DEB} ${PVE_DEB} ${VIRTUAL_HDR_DEB} ${LINUX_TOOLS_DEB}
  
-PVE_RELEASE_KEYS=                              \
-       proxmox-ve/proxmox-release-4.x.pubkey   \
-       proxmox-ve/proxmox-release-5.x.pubkey
-
  all: check_gcc ${DEBS}
  
  ${PVE_DEB} pve: proxmox-ve/control proxmox-ve/postinst ${PVE_RELEASE_KEYS}
@@ -100,7 +97,8 @@ ${PVE_DEB} pve: proxmox-ve/control proxmox-ve/postinst ${PVE_RELEASE_KEYS}
         mkdir -p proxmox-ve/data/DEBIAN
         mkdir -p proxmox-ve/data/usr/share/doc/${PVEPKG}/
         mkdir -p proxmox-ve/data/etc/apt/trusted.gpg.d
-       gpg2 --no-default-keyring --keyring ./proxmox-ve/data/etc/apt/trusted.gpg.d/proxmox-ve.gpg --import ${PVE_RELEASE_KEYS}
+       install -m 0644 proxmox-ve/proxmox-release-4.x.pubkey proxmox-ve/data/etc/apt/trusted.gpg.d/proxmox-ve-release-4.x.gpg
+       install -m 0644 proxmox-ve/proxmox-release-5.x.pubkey proxmox-ve/data/etc/apt/trusted.gpg.d/proxmox-ve-release-5.x.gpg
         sed -e 's/@KVNAME@/${KVNAME}/' -e 's/@KERNEL_VER@/${KERNEL_VER}/' -e 's/@RELEASE@/${RELEASE}/' -e 's/@PKGREL@/${PKGREL}/' <proxmox-ve/control >proxmox-ve/data/DEBIAN/control
         sed -e 's/@KVNAME@/${KVNAME}/' <proxmox-ve/postinst >proxmox-ve/data/DEBIAN/postinst
         chmod 0755 proxmox-ve/data/DEBIAN/postinst
@@ -127,7 +125,7 @@ ${VIRTUAL_HDR_DEB} pve-headers: proxmox-ve/pve-headers.control
  download:
         rm -rf ${KERNEL_SRC} ${KERNELSRCTAR}
         #git clone git://kernel.ubuntu.com/ubuntu/ubuntu-vivid.git
-       git clone --single-branch -b Ubuntu-4.4.0-58.79 git://kernel.ubuntu.com/ubuntu/ubuntu-xenial.git ${KERNEL_SRC}
+       git clone --single-branch -b Ubuntu-4.4.0-62.83 git://kernel.ubuntu.com/ubuntu/ubuntu-xenial.git ${KERNEL_SRC}
         tar czf ${KERNELSRCTAR} --exclude .git ${KERNEL_SRC} 
  
  check_gcc: 
@@ -209,9 +207,8 @@ data: .compile_mark igb.ko ixgbe.ko e1000e.ko ${SPL_MODULES} ${ZFS_MODULES} ${DR
  PVE_CONFIG_OPTS= \
  -m INTEL_MEI_WDT \
  -d CONFIG_SND_PCM_OSS \
--d CONFIG_TRANSPARENT_HUGEPAGE_MADVISE \
+-e CONFIG_TRANSPARENT_HUGEPAGE_MADVISE \
  -d CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS \
--e CONFIG_TRANSPARENT_HUGEPAGE_NEVER \
  -m CONFIG_CEPH_FS \
  -m CONFIG_BLK_DEV_NBD \
  -m CONFIG_BLK_DEV_RBD \
@@ -242,8 +239,8 @@ PVE_CONFIG_OPTS= \
         cp ${KERNEL_CFG_ORG} ${KERNEL_SRC}/.config
         cd ${KERNEL_SRC}; ./scripts/config ${PVE_CONFIG_OPTS}
         cd ${KERNEL_SRC}; make oldconfig
-       cd ${KERNEL_SRC}; make -j 8
-       make -C ${KERNEL_SRC}/tools/perf prefix=/usr HAVE_CPLUS_DEMANGLE=1 NO_LIBPYTHON=1 NO_LIBPERL=1 PYTHON=python2.7
+       cd ${KERNEL_SRC}; make KBUILD_BUILD_VERSION_TIMESTAMP="PVE ${KERNEL_VER}-${PKGREL} ($(CHANGELOG_DATE))" -j 8
+       make -C ${KERNEL_SRC}/tools/perf prefix=/usr HAVE_CPLUS_DEMANGLE=1 NO_LIBPYTHON=1 NO_LIBPERL=1 NO_LIBCRYPTO=1 PYTHON=python2.7
         make -C ${KERNEL_SRC}/tools/perf man
         touch $@
  
@@ -251,7 +248,7 @@ ${KERNEL_SRC}/README ${KERNEL_CFG_ORG}: ${KERNELSRCTAR}
         rm -rf ${KERNEL_SRC}
         tar xf ${KERNELSRCTAR}
         cat ${KERNEL_SRC}/debian.master/config/config.common.ubuntu ${KERNEL_SRC}/debian.master/config/amd64/config.common.amd64 ${KERNEL_SRC}/debian.master/config/amd64/config.flavour.generic > ${KERNEL_CFG_ORG}
-       cd ${KERNEL_SRC}; patch -p1 <../add-thp-never-option.patch
+       cd ${KERNEL_SRC}; patch -p1 < ../uname-version-timestamp.patch
         cd ${KERNEL_SRC}; patch -p1 <../bridge-patch.diff
         #cd ${KERNEL_SRC}; patch -p1 <../bridge-forward-ipv6-neighbor-solicitation.patch
         #cd ${KERNEL_SRC}; patch -p1 <../add-empty-ndo_poll_controller-to-veth.patch
@@ -270,6 +267,8 @@ ${KERNEL_SRC}/README ${KERNEL_CFG_ORG}: ${KERNELSRCTAR}
         cd ${KERNEL_SRC}; patch -p1 < ../cgroup-cpuset-add-cpuset.remap_cpus.patch
         cd ${KERNEL_SRC}; patch -p1 < ../0001-Revert-mm-throttle-on-IO-only-when-there-are-too-man.patch
         cd ${KERNEL_SRC}; patch -p1 < ../0002-Revert-mm-oom-rework-oom-detection.patch
+       cd ${KERNEL_SRC}; patch -p1 < ../CVE-2017-2583-KVM-x86-fix-emulation-of-MOV-SS-null-selector.patch
+       cd ${KERNEL_SRC}; patch -p1 < ../CVE-2017-2596-kvm-page-reference-leakage-in-handle_vmon.patch
         sed -i ${KERNEL_SRC}/Makefile -e 's/^EXTRAVERSION.*$$/EXTRAVERSION=${EXTRAVERSION}/'
         touch $@
  
@@ -352,7 +351,6 @@ ${SPL_MODULES}: .compile_mark ${SPLSRC}
  ${ZFS_MODULES}: .compile_mark ${ZFSSRC}
         rm -rf ${ZFSDIR}
         tar xf ${ZFSSRC}
-       cd ${ZFSDIR}; patch -p1 < ../zfs-fix-zpool-import-bug-with-nested-pools.patch
         cd ${ZFSDIR}; ./autogen.sh
         cd ${ZFSDIR}; ./configure --with-spl=${TOP}/${SPLDIR} --with-spl-obj=${TOP}/${SPLDIR} --with-config=kernel --with-linux=${TOP}/${KERNEL_SRC} --with-linux-obj=${TOP}/${KERNEL_SRC}
         cd ${ZFSDIR}; make