#!/usr/bin/make -f # -*- makefile -*- # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 # TODO: check for headers not being installed BUILD_DIR=$(shell pwd) include /usr/share/dpkg/default.mk include debian/rules.d/env.mk include debian/rules.d/$(DEB_BUILD_ARCH).mk MAKEFLAGS += $(subst parallel=,-j,$(filter parallel=%,${DEB_BUILD_OPTIONS})) CHANGELOG_DATE:=$(shell dpkg-parsechangelog -SDate) CHANGELOG_DATE_UTC_ISO := $(shell date -u -d '$(CHANGELOG_DATE)' +%Y-%m-%dT%H:%MZ) PMX_KERNEL_PKG=proxmox-kernel-$(KVNAME) PMX_KERNEL_SERIES_PKG=proxmox-kernel-$(KERNEL_MAJMIN) PMX_DEBUG_KERNEL_PKG=proxmox-kernel-$(KVNAME)-dbgsym PMX_HEADER_PKG=proxmox-headers-$(KVNAME) PMX_USR_HEADER_PKG=proxmox-kernel-libc-dev PMX_KERNEL_SIGNING_TEMPLATE_PKG=proxmox-kernel-${KVNAME}-signed-template PMX_KERNEL_SIGNED_VERSION := $(shell echo ${DEB_VERSION} | sed -e 's/-/+/') LINUX_TOOLS_PKG=linux-tools-$(KERNEL_MAJMIN) KERNEL_SRC_COPY=$(KERNEL_SRC)_tmp # TODO: split for archs, move to files? PMX_CONFIG_OPTS= \ -m INTEL_MEI_WDT \ -d CONFIG_SND_PCM_OSS \ -e CONFIG_TRANSPARENT_HUGEPAGE_MADVISE \ -d CONFIG_TRANSPARENT_HUGEPAGE_ALWAYS \ -m CONFIG_CEPH_FS \ -m CONFIG_BLK_DEV_NBD \ -m CONFIG_BLK_DEV_RBD \ -m CONFIG_BLK_DEV_UBLK \ -d CONFIG_SND_PCSP \ -m CONFIG_BCACHE \ -m CONFIG_JFS_FS \ -m CONFIG_HFS_FS \ -m CONFIG_HFSPLUS_FS \ -e CIFS_SMB_DIRECT \ -e CONFIG_SQUASHFS_DECOMP_MULTI_PERCPU \ -e CONFIG_BRIDGE \ -e CONFIG_BRIDGE_NETFILTER \ -e CONFIG_BLK_DEV_SD \ -e CONFIG_BLK_DEV_SR \ -e CONFIG_BLK_DEV_DM \ -m CONFIG_BLK_DEV_NVME \ -e CONFIG_NLS_ISO8859_1 \ -d CONFIG_INPUT_EVBUG \ -d CONFIG_CPU_FREQ_DEFAULT_GOV_ONDEMAND \ -d CONFIG_CPU_FREQ_DEFAULT_GOV_SCHEDUTIL \ -e CONFIG_CPU_FREQ_DEFAULT_GOV_PERFORMANCE \ -e CONFIG_SYSFB_SIMPLEFB \ -e CONFIG_DRM_SIMPLEDRM \ -e CONFIG_MODULE_SIG \ -e CONFIG_MODULE_SIG_ALL \ -e CONFIG_MODULE_SIG_FORMAT \ --set-str CONFIG_MODULE_SIG_HASH sha512 \ --set-str CONFIG_MODULE_SIG_KEY certs/signing_key.pem \ -e CONFIG_MODULE_SIG_KEY_TYPE_RSA \ -e CONFIG_MODULE_SIG_SHA512 \ -d CONFIG_MEMCG_DISABLED \ -e CONFIG_MEMCG_SWAP_ENABLED \ -e CONFIG_HYPERV \ -m CONFIG_VFIO_IOMMU_TYPE1 \ -e CONFIG_VFIO_VIRQFD \ -m CONFIG_VFIO \ -m CONFIG_VFIO_PCI \ -m CONFIG_USB_XHCI_HCD \ -m CONFIG_USB_XHCI_PCI \ -m CONFIG_USB_EHCI_HCD \ -m CONFIG_USB_EHCI_PCI \ -m CONFIG_USB_EHCI_HCD_PLATFORM \ -m CONFIG_USB_OHCI_HCD \ -m CONFIG_USB_OHCI_HCD_PCI \ -m CONFIG_USB_OHCI_HCD_PLATFORM \ -d CONFIG_USB_OHCI_HCD_SSB \ -m CONFIG_USB_UHCI_HCD \ -d CONFIG_USB_SL811_HCD_ISO \ -e CONFIG_MEMCG_KMEM \ -d CONFIG_DEFAULT_CFQ \ -e CONFIG_DEFAULT_DEADLINE \ -e CONFIG_MODVERSIONS \ -e CONFIG_ZSTD_COMPRESS \ -d CONFIG_DEFAULT_SECURITY_DAC \ -e CONFIG_DEFAULT_SECURITY_APPARMOR \ --set-str CONFIG_DEFAULT_SECURITY apparmor \ -e CONFIG_MODULE_ALLOW_BTF_MISMATCH \ -d CONFIG_UNWINDER_ORC \ -d CONFIG_UNWINDER_GUESS \ -e CONFIG_UNWINDER_FRAME_POINTER \ --set-str CONFIG_SYSTEM_TRUSTED_KEYS ""\ --set-str CONFIG_SYSTEM_REVOCATION_KEYS ""\ -e CONFIG_SECURITY_LOCKDOWN_LSM \ -e CONFIG_SECURITY_LOCKDOWN_LSM_EARLY \ --set-str CONFIG_LSM lockdown,yama,integrity,apparmor \ -e CONFIG_PAGE_TABLE_ISOLATION \ -e CONFIG_ARCH_HAS_CPU_FINALIZE_INIT \ -d CONFIG_GDS_FORCE_MITIGATION \ -d CONFIG_WQ_CPU_INTENSIVE_REPORT \ -d CONFIG_N_GSM \ -d UBSAN_BOUNDS \ debian/control: $(wildcard debian/*.in) sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.prerm.in > debian/$(PMX_KERNEL_PKG).prerm sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.postrm.in > debian/$(PMX_KERNEL_PKG).postrm sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel.postinst.in > debian/$(PMX_KERNEL_PKG).postinst sed -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-headers.postinst.in > debian/$(PMX_HEADER_PKG).postinst sed -e 's/@@KVMAJMIN@@/$(KERNEL_MAJMIN)/g' -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel-meta.postrm.in > debian/$(PMX_KERNEL_SERIES_PKG).postrm sed -e 's/@@KVMAJMIN@@/$(KERNEL_MAJMIN)/g' -e 's/@@KVNAME@@/$(KVNAME)/g' < debian/proxmox-kernel-meta.postinst.in > debian/$(PMX_KERNEL_SERIES_PKG).postinst chmod +x debian/$(PMX_KERNEL_PKG).prerm chmod +x debian/$(PMX_KERNEL_PKG).postrm chmod +x debian/$(PMX_KERNEL_PKG).postinst chmod +x debian/$(PMX_KERNEL_SERIES_PKG).postrm chmod +x debian/$(PMX_KERNEL_SERIES_PKG).postinst chmod +x debian/$(PMX_HEADER_PKG).postinst sed -e 's/@KVNAME@/$(KVNAME)/g' -e 's/@KVMAJMIN@/$(KERNEL_MAJMIN)/g' < debian/control.in > debian/control # signing-template sed -e '1 s/proxmox-kernel/proxmox-kernel-signed/' -e '1 s/${DEB_VERSION}/${PMX_KERNEL_SIGNED_VERSION}/' < debian/changelog > debian/signing-template/changelog sed -e 's/@KVNAME@/${KVNAME}/g' -e 's/@KVMAJMIN@/$(KERNEL_MAJMIN)/g' -e 's/@UNSIGNED_VERSION@/${DEB_VERSION}/g' < debian/signing-template/control.in > debian/signing-template/control sed -e 's/@KVNAME@/${KVNAME}/g' < debian/signing-template/files.json.in > debian/signing-template/files.json sed -e 's/@KVNAME@/${KVNAME}/g' -e 's/@PKG_VERSION@/${DEB_VERSION}/' < debian/signing-template/rules.in > debian/signing-template/rules sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.prerm.in > debian/signing-template/prerm sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.postrm.in > debian/signing-template/postrm sed -e 's/@@KVNAME@@/${KVNAME}/g' < debian/proxmox-kernel.postinst.in > debian/signing-template/postinst rm debian/signing-template/*.in cp debian/SOURCE debian/signing-template/ build: .compile_mark .tools_compile_mark .modules_compile_mark install: .install_mark .tools_install_mark .headers_install_mark .usr_headers_install_mark dh_installdocs -A debian/copyright debian/SOURCE dh_installchangelogs dh_installman dh_strip_nondeterminism dh_compress dh_fixperms binary: install debian/rules fwcheck abicheck dh_strip -N$(PMX_HEADER_PKG) -N$(PMX_USR_HEADER_PKG) dh_makeshlibs dh_shlibdeps dh_installdeb dh_gencontrol dh_md5sums dh_builddeb .config_mark: cd $(KERNEL_SRC); scripts/config $(PMX_CONFIG_OPTS) $(MAKE) -C $(KERNEL_SRC) olddefconfig # copy to allow building in parallel to kernel/module compilation without interference rm -rf $(KERNEL_SRC_COPY) cp -ar $(KERNEL_SRC) $(KERNEL_SRC_COPY) touch $@ .compile_mark: .config_mark $(MAKE) -C $(KERNEL_SRC) KBUILD_BUILD_VERSION_TIMESTAMP="PMX $(DEB_VERSION) ($(CHANGELOG_DATE_UTC_ISO))" touch $@ .install_mark: .compile_mark .modules_compile_mark rm -rf debian/$(PMX_KERNEL_PKG) mkdir -p debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME) mkdir debian/$(PMX_KERNEL_PKG)/boot install -m 644 $(KERNEL_SRC)/.config debian/$(PMX_KERNEL_PKG)/boot/config-$(KVNAME) install -m 644 $(KERNEL_SRC)/System.map debian/$(PMX_KERNEL_PKG)/boot/System.map-$(KVNAME) install -m 644 $(KERNEL_SRC)/$(KERNEL_IMAGE_PATH) debian/$(PMX_KERNEL_PKG)/boot/$(KERNEL_INSTALL_FILE)-$(KVNAME) $(MAKE) -C $(KERNEL_SRC) INSTALL_MOD_PATH=$(BUILD_DIR)/debian/$(PMX_KERNEL_PKG)/ modules_install # install zfs drivers install -d -m 0755 debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/zfs install -m 644 $(MODULES)/zfs.ko $(MODULES)/spl.ko debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/zfs # remove firmware rm -rf debian/$(PMX_KERNEL_PKG)/lib/firmware ifeq ($(filter pkg.proxmox-kernel.debug,$(DEB_BUILD_PROFILES)),) echo "'pkg.proxmox-kernel.debug' build profile disabled, skipping -dbgsym creation" else echo "'pkg.proxmox-kernel.debug' build profile enabled, creating -dbgsym contents" mkdir -p debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME) mkdir debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/boot install -m 644 $(KERNEL_SRC)/vmlinux debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/boot/vmlinux-$(KVNAME) cp -r debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME) debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/ rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/source rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/build rm -f debian/$(PMX_DEBUG_KERNEL_PKG)/usr/lib/debug/lib/modules/$(KVNAME)/modules.* endif # strip debug info find debian/$(PMX_KERNEL_PKG)/lib/modules -name \*.ko -print | while read f ; do strip --strip-debug "$$f"; done # sign modules using ephemeral, embedded key if grep -q CONFIG_MODULE_SIG=y ubuntu-kernel/.config ; then \ find debian/$(PMX_KERNEL_PKG)/lib/modules -name \*.ko -print | while read f ; do \ ./ubuntu-kernel/scripts/sign-file sha512 ./ubuntu-kernel/certs/signing_key.pem ubuntu-kernel/certs/signing_key.x509 "$$f" ; \ done; \ rm ./ubuntu-kernel/certs/signing_key.pem ; \ fi # finalize /sbin/depmod -b debian/$(PMX_KERNEL_PKG)/ $(KVNAME) # Autogenerate blacklist for watchdog devices (see README) install -m 0755 -d debian/$(PMX_KERNEL_PKG)/lib/modprobe.d ls debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/kernel/drivers/watchdog/ > watchdog-blacklist.tmp echo ipmi_watchdog.ko >> watchdog-blacklist.tmp cat watchdog-blacklist.tmp|sed -e 's/^/blacklist /' -e 's/.ko$$//'|sort -u > debian/$(PMX_KERNEL_PKG)/lib/modprobe.d/blacklist_$(PMX_KERNEL_PKG).conf rm -f debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/source rm -f debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME)/build # copy signing template contents rm -rf debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG} mkdir -p debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/source-template/debian cp -R debian/copyright \ debian/signing-template/rules \ debian/signing-template/control \ debian/signing-template/source \ debian/signing-template/changelog \ debian/signing-template/prerm \ debian/signing-template/postrm \ debian/signing-template/postinst \ debian/signing-template/SOURCE \ debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/source-template/debian cp debian/signing-template/files.json debian/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/usr/share/code-signing/${PMX_KERNEL_SIGNING_TEMPLATE_PKG}/ touch $@ .tools_compile_mark: .compile_mark $(MAKE) -C $(KERNEL_SRC)/tools/perf prefix=/usr NO_LIBTRACEEVENT=1 HAVE_NO_LIBBFD=1 HAVE_CPLUS_DEMANGLE_SUPPORT=1 NO_LIBPYTHON=1 NO_LIBPERL=1 NO_LIBCRYPTO=1 PYTHON=python3 echo "checking GPL-2 only perf binary for library linkage with incompatible licenses.." ! ldd $(KERNEL_SRC)/tools/perf/perf | grep -q -E '\blibbfd' ! ldd $(KERNEL_SRC)/tools/perf/perf | grep -q -E '\blibcrypto' $(MAKE) -C $(KERNEL_SRC)/tools/perf NO_LIBTRACEEVENT=1 man touch $@ .tools_install_mark: .tools_compile_mark rm -rf debian/$(LINUX_TOOLS_PKG) mkdir -p debian/$(LINUX_TOOLS_PKG)/usr/bin mkdir -p debian/$(LINUX_TOOLS_PKG)/usr/share/man/man1 install -m 755 $(BUILD_DIR)/$(KERNEL_SRC)/tools/perf/perf debian/$(LINUX_TOOLS_PKG)/usr/bin/perf_$(KERNEL_MAJMIN) for i in $(BUILD_DIR)/$(KERNEL_SRC)/tools/perf/Documentation/*.1; do \ fname="$${i##*/}"; manname="$${fname%.1}"; \ install -m644 "$$i" "debian/$(LINUX_TOOLS_PKG)/usr/share/man/man1/$${manname}_$(KERNEL_MAJMIN).1"; \ done touch $@ .headers_prepare_mark: .config_mark rm -rf debian/$(PMX_HEADER_PKG) mkdir -p debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME) install -m 0644 $(KERNEL_SRC)/.config debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME) make -C $(KERNEL_SRC_COPY) mrproper cd $(KERNEL_SRC_COPY); find . -path './debian/*' -prune \ -o -path './include/*' -prune \ -o -path './Documentation' -prune \ -o -path './scripts' -prune \ -o -type f \ \( \ -name 'Makefile*' \ -o -name 'Kconfig*' \ -o -name 'Kbuild*' \ -o -name '*.sh' \ -o -name '*.pl' \ \) \ -print | cpio -pd --preserve-modification-time $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME) cd $(KERNEL_SRC_COPY); \ ( \ find arch/$(KERNEL_HEADER_ARCH) -name include -type d -print | \ xargs -n1 -i: find : -type f \ ) | \ cpio -pd --preserve-modification-time $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME) touch $@ .headers_compile_mark: .headers_prepare_mark # set output to subdir of source to reduce number of hardcoded paths in output files rm -rf $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG) mkdir -p $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG) cp $(KERNEL_SRC)/.config $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)/.config $(MAKE) -C $(KERNEL_SRC_COPY) O=$(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG) -j1 syncconfig modules_prepare prepare scripts cd $(KERNEL_SRC_COPY); cp -a include scripts $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME) find $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG) -name \*.o.ur-\* -o -name '*.cmd' | xargs rm -f rsync --ignore-existing -r -v -a $(addprefix $(BUILD_DIR)/$(KERNEL_SRC_COPY)/$(PMX_HEADER_PKG)/,arch include kernel scripts tools) $(BUILD_DIR)/debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/ rm -rf $(BUILD_DIR)/$(KERNEL_SRC_COPY) touch $@ .headers_install_mark: .compile_mark .modules_compile_mark .headers_compile_mark cp $(KERNEL_SRC)/include/generated/compile.h debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/include/generated/compile.h install -m 0644 $(KERNEL_SRC)/Module.symvers debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME) mkdir -p debian/$(PMX_HEADER_PKG)/lib/modules/$(KVNAME) ln -sf /usr/src/linux-headers-$(KVNAME) debian/$(PMX_HEADER_PKG)/lib/modules/$(KVNAME)/build touch $@ .usr_headers_install_mark: PKG_DIR = debian/$(PMX_USR_HEADER_PKG) .usr_headers_install_mark: OUT_DIR = $(PKG_DIR)/usr .usr_headers_install_mark: .config_mark rm -rf '$(PKG_DIR)' mkdir -p '$(PKG_DIR)' $(MAKE) -C $(KERNEL_SRC) headers_install ARCH=$(KERNEL_HEADER_ARCH) INSTALL_HDR_PATH='$(CURDIR)'/$(OUT_DIR) rm -rf $(OUT_DIR)/include/drm $(OUT_DIR)/include/scsi find $(OUT_DIR)/include \( -name .install -o -name ..install.cmd \) -execdir rm {} + # Move include/asm to arch-specific directory mkdir -p $(OUT_DIR)/include/$(DEB_HOST_MULTIARCH) mv $(OUT_DIR)/include/asm $(OUT_DIR)/include/$(DEB_HOST_MULTIARCH)/ test ! -d $(OUT_DIR)/include/arch || \ mv $(OUT_DIR)/include/arch $(OUT_DIR)/include/$(DEB_HOST_MULTIARCH)/ touch $@ .modules_compile_mark: $(MODULES)/zfs.ko touch $@ $(MODULES)/zfs.ko: .compile_mark cd $(MODULES)/$(ZFSDIR); ./autogen.sh cd $(MODULES)/$(ZFSDIR); ./configure --with-config=kernel --with-linux=$(BUILD_DIR)/$(KERNEL_SRC) --with-linux-obj=$(BUILD_DIR)/$(KERNEL_SRC) $(MAKE) -C $(MODULES)/$(ZFSDIR) cp $(MODULES)/$(ZFSDIR)/module/zfs.ko $(MODULES)/ cp $(MODULES)/$(ZFSDIR)/module/spl.ko $(MODULES)/ fwlist-$(KVNAME): .compile_mark .modules_compile_mark debian/scripts/find-firmware.pl debian/$(PMX_KERNEL_PKG)/lib/modules/$(KVNAME) >fwlist.tmp mv fwlist.tmp $@ .PHONY: fwcheck fwcheck: fwlist-$(KVNAME) fwlist-previous @echo "checking fwlist for changes since last built firmware package.." @echo "if this check fails, add fwlist-$(KVNAME) to the pve-firmware repository and upload a new firmware package together with the $(KVNAME) kernel" sort fwlist-previous | uniq > fwlist-previous.sorted sort fwlist-$(KVNAME) | uniq > fwlist-$(KVNAME).sorted diff -up -N fwlist-previous.sorted fwlist-$(KVNAME).sorted > fwlist.diff rm fwlist.diff fwlist-previous.sorted fwlist-$(KVNAME).sorted @echo "done, no need to rebuild pve-firmware" abi-$(KVNAME): .compile_mark debian/scripts/abi-generate debian/$(PMX_HEADER_PKG)/usr/src/linux-headers-$(KVNAME)/Module.symvers abi-$(KVNAME) $(KVNAME) .PHONY: abicheck abicheck: debian/scripts/abi-check abi-$(KVNAME) abi-prev-* abi-blacklist debian/scripts/abi-check abi-$(KVNAME) abi-prev-* $(SKIPABI) .PHONY: clean