starlingx/kernel
Code Issues Proposed changes
kernel/kernel-rt/debian/deb_patches/0004-kernel-rt-Adapt-the-debian-folder-for-new-source.patch
Li Zhou feaa9fddd6 kernel-rt: add initial version for debian packaging 
Add kernel-rt 5.10.74 debian packaging.

The kernel-rt we are building starts as source code from the Yocto
Project kernel found at
(https://git.yoctoproject.org/cgit/cgit.cgi/linux-yocto/about/?h=v5.10/standard/preempt-rt/base).
To facilitate the creation of a Debian package of this kernel-rt we
start by making a copy of the 5.10 Debian Bullseye 'debian' folder
taken from (http://snapshot.debian.org/package/linux/5.10.28-1/) and
apply customization via the meta-data patches in debian/deb_patches
dir. In this way we can review and incorporate changes the Debian
community makes to their kernel's 'debian' folder over time.

Since there are StarlingX specific patches to the kernel not suitable to
send for merging in linux-yocto we apply these here as defined in scope
and order in the contained debian/patches/series file.

The original Debian's release use a "rt" feature to build extra kernel
packages with preempt-rt. This "rt" feature applies many patches on the
std kernel and turns it into a rt kernel. Here I don't find a proper way
to do this on linux-yocto source. So I disable the rt feature in debian
folder and build the kernel-rt source code from linux-yocto in a normal
way. Two things are done to make sure this kernel-rt building is fine:
- rename the packages' names from linux-xxx to linux-rt-xxx in the
  debian folder;
- add the right config file for kernel-rt to the proper place.

Verification:
As we are only getting the Debian work bootstrapped there is quite a few
restrictions as far as what can be tested.

- I have compared it to the kernel-rt 5.10.74 being used with stx
  centos:
  - the linux-yocto source code is same;
  - all the StarlingX specific patches are same;
  - the .config of Starlingx centos kernel-rt 5.10.74 is taken to
    Starlingx debian, coexists and overrides the default debian kenrel
    configs, and only below changes are done for it:
    - remove some CONFIGs not set by Starlingx centos kernel code
      intentionally, such as CONFIG_CC_CAN_LINK;
    - remove some CONFIGs special for Starlingx centos kernel code such
      as: CONFIG_CC_VERSION_TEXT;
    - keep the CONFIGs related with signature aligned with debian
      release, because the security feature is still in development.
- 17 debs are built successfully. Build kernel-rt image into rootfs and
  initramfs. Build the LAT ustart image from them.
- Use qemu to boot the ustart image, and the installer installs the
  rootfs successfully. The final debian system with this new kernel-rt
  boot up successfully and run some simple commands successfully.

Story: 2009221
Task: 43335
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Change-Id: I59fbe9c98000fa1d57980e7e1cd45cd24aa30cda
2021-12-15 03:33:31 -05:00

438 lines
18 KiB
Diff
Raw Blame History

From 960001996747e5300f148aaef59c82308f7d5d01 Mon Sep 17 00:00:00 2001
From: Li Zhou <li.zhou@windriver.com>
Date: Fri, 26 Nov 2021 20:17:45 +0800
Subject: [PATCH 4/4] kernel-rt: Adapt the debian folder for new source
Below are the changes on DEBIAN's kernel release's "debian" folder
for building linux-yocto kernel-rt source 5.10.74, besides the changes
about kernel configs / changelog file / replacing "linux" with
"linux-rt":
-Remove the checking about CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT which
is only defined in DEBIAN patches;
-Update debian/config/amd64/none/defines to disable debian cloud image
building, which isn't in use here;
-Update debian/config/defines to disable docs/installer packages'
building to avoid some building errors caused by docs and installer,
which aren't in use here;
-Update debian/lib/python/debian_linux/debian.py to remove an
unimportant format check for changelog because it conflicts with the
new building system;
-Update debian/patches/series to only keep the patches to support
package building system, which are from DEBIAN release;
-Rebase the patch debian/patches/debian/version.patch for context
changes;
-Update debian/rules to solve the issue that building paused after
gencontrol;
-Update debian/config/defines to disable rt feature. This linux-rt
isn't built using the rt feature, because it is hard to figure out
a series of rt patches to turn linux-yocto std branch code into
linux-yocto rt branch code. Take the linux-rt code as a normal kernel
with its special config file;
-Update debian/config/defines to disable unnecessary tool packages;
-Update debian/control to avoid the error:
<debrepack - ERROR - dpkg-source: error: source package has two
conflicting values - linux and linux-rt>
This is caused by the temp control file in the debian folder
downloaded.
Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
debian/bin/gencontrol_signed.py | 1 -
debian/config/amd64/none/defines | 7 --
debian/config/defines | 8 +-
debian/control | 2 +-
debian/lib/python/debian_linux/debian.py | 23 +++--
debian/patches/debian/version.patch | 38 ++++++--
debian/patches/series | 116 -----------------------
debian/rules | 9 +-
8 files changed, 48 insertions(+), 156 deletions(-)
diff --git a/debian/bin/gencontrol_signed.py b/debian/bin/gencontrol_signed.py
index 75d9112..b984cf3 100755
--- a/debian/bin/gencontrol_signed.py
+++ b/debian/bin/gencontrol_signed.py
@@ -188,7 +188,6 @@ class Gencontrol(Base):
(image_package_name, image_suffix)) as f:
kconfig = f.readlines()
assert 'CONFIG_EFI_STUB=y\n' in kconfig
- assert 'CONFIG_LOCK_DOWN_IN_EFI_SECURE_BOOT=y\n' in kconfig
cert_re = re.compile(r'CONFIG_SYSTEM_TRUSTED_KEYS="(.*)"$')
cert_file_name = None
for line in kconfig:
diff --git a/debian/config/amd64/none/defines b/debian/config/amd64/none/defines
index ada2355..090dc41 100644
--- a/debian/config/amd64/none/defines
+++ b/debian/config/amd64/none/defines
@@ -1,10 +1,3 @@
[base]
flavours:
amd64
- cloud-amd64
-default-flavour: amd64
-
-[cloud-amd64_image]
-configs:
- config.cloud
- amd64/config.cloud-amd64
diff --git a/debian/config/defines b/debian/config/defines
index 7133cd7..ee09bd2 100644
--- a/debian/config/defines
+++ b/debian/config/defines
@@ -141,7 +141,6 @@ arches:
compiler: gcc-10
featuresets:
none
- rt
[build]
debug-info: true
@@ -149,7 +148,7 @@ debug-info: true
signed-code: false
[featureset-rt_base]
-enabled: true
+enabled: false
[description]
part-long-up: This kernel is not suitable for SMP (multi-processor,
@@ -167,3 +166,8 @@ gcc-10: gcc-10 <!stage1 !cross !pkg.linux.nokernel>, gcc-10-@gnu-type-package@ <
# initramfs-generators
initramfs-fallback: linux-initramfs-tool
initramfs-tools: initramfs-tools (>= 0.120+deb8u2)
+
+[packages]
+docs: false
+installer: false
+tools-unversioned: false
diff --git a/debian/control b/debian/control
index 11c2e77..5788ad1 100644
--- a/debian/control
+++ b/debian/control
@@ -1,4 +1,4 @@
-Source: linux
+Source: linux-rt
Section: kernel
Priority: optional
Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
diff --git a/debian/lib/python/debian_linux/debian.py b/debian/lib/python/debian_linux/debian.py
index 6fb2618..3200483 100644
--- a/debian/lib/python/debian_linux/debian.py
+++ b/debian/lib/python/debian_linux/debian.py
@@ -85,18 +85,17 @@ class Changelog(list):
v = Version(top_match.group('version'))
else:
bottom_match = self._bottom_re.match(line)
- if not bottom_match:
- raise Exception('invalid bottom line %d in changelog' %
- line_no)
-
- self.append(self.Entry(
- distribution=top_match.group('distribution'),
- source=top_match.group('source'),
- version=v,
- urgency=top_match.group('urgency'),
- maintainer=bottom_match.group('maintainer'),
- date=bottom_match.group('date')))
- top_match = bottom_match = None
+ # Don't raise exception any more if this bottom format
+ # checking fails because we have adpated the changelog format.
+ if bottom_match:
+ self.append(self.Entry(
+ distribution=top_match.group('distribution'),
+ source=top_match.group('source'),
+ version=v,
+ urgency=top_match.group('urgency'),
+ maintainer=bottom_match.group('maintainer'),
+ date=bottom_match.group('date')))
+ top_match = bottom_match = None
class Version(object):
diff --git a/debian/patches/debian/version.patch b/debian/patches/debian/version.patch
index 542dc53..fd2ccae 100644
--- a/debian/patches/debian/version.patch
+++ b/debian/patches/debian/version.patch
@@ -1,11 +1,14 @@
+From 195a07a991926137cd48545acd99cc074f5aedac Mon Sep 17 00:00:00 2001
From: Ben Hutchings <ben@decadent.org.uk>
-Subject: Include package version along with kernel release in stack traces
Date: Tue, 24 Jul 2012 03:13:10 +0100
-Forwarded: not-needed
+Subject: Include package version along with kernel release in stack traces
For distribution binary packages we assume
$DISTRIBUTION_OFFICIAL_BUILD, $DISTRIBUTOR and $DISTRIBUTION_VERSION
are set.
+
+[LZ: Rebase the patch for context changes.]
+Signed-off-by: Li Zhou <li.zhou@windriver.com>
---
Makefile | 15 ++++++++++++++-
arch/ia64/kernel/process.c | 5 +++--
@@ -15,9 +18,11 @@ are set.
lib/dump_stack.c | 6 ++++--
6 files changed, 33 insertions(+), 11 deletions(-)
+diff --git a/Makefile b/Makefile
+index 22500fa35..47e19ccdf 100644
--- a/Makefile
+++ b/Makefile
-@@ -1195,7 +1195,7 @@ PHONY += prepare archprepare
+@@ -1208,7 +1208,7 @@ PHONY += prepare archprepare
archprepare: outputmakefile archheaders archscripts scripts include/config/kernel.release \
asm-generic $(version_h) $(autoksyms_h) include/generated/utsrelease.h \
@@ -26,7 +31,7 @@ are set.
prepare0: archprepare
$(Q)$(MAKE) $(build)=scripts/mod
-@@ -1258,6 +1258,16 @@ define filechk_version.h
+@@ -1271,6 +1271,16 @@ define filechk_version.h
((c) > 255 ? 255 : (c)))'
endef
@@ -43,7 +48,7 @@ are set.
$(version_h): PATCHLEVEL := $(if $(PATCHLEVEL), $(PATCHLEVEL), 0)
$(version_h): SUBLEVEL := $(if $(SUBLEVEL), $(SUBLEVEL), 0)
$(version_h): FORCE
-@@ -1267,6 +1277,9 @@ $(version_h): FORCE
+@@ -1280,6 +1290,9 @@ $(version_h): FORCE
include/generated/utsrelease.h: include/config/kernel.release FORCE
$(call filechk,utsrelease.h)
@@ -53,6 +58,8 @@ are set.
PHONY += headerdep
headerdep:
$(Q)find $(srctree)/include/ -name '*.h' | xargs --max-args 1 \
+diff --git a/arch/ia64/kernel/process.c b/arch/ia64/kernel/process.c
+index c9ff8796b..1b589e2c8 100644
--- a/arch/ia64/kernel/process.c
+++ b/arch/ia64/kernel/process.c
@@ -34,6 +34,7 @@
@@ -75,6 +82,8 @@ are set.
printk("ip is at %pS\n", (void *)ip);
printk("unat: %016lx pfs : %016lx rsc : %016lx\n",
regs->ar_unat, regs->ar_pfs, regs->ar_rsc);
+diff --git a/arch/powerpc/kernel/process.c b/arch/powerpc/kernel/process.c
+index 3064694af..d3e3fac92 100644
--- a/arch/powerpc/kernel/process.c
+++ b/arch/powerpc/kernel/process.c
@@ -40,6 +40,7 @@
@@ -85,7 +94,7 @@ are set.
#include <asm/io.h>
#include <asm/processor.h>
-@@ -1474,8 +1475,9 @@ void show_regs(struct pt_regs * regs)
+@@ -1490,8 +1491,9 @@ void show_regs(struct pt_regs * regs)
printk("NIP: "REG" LR: "REG" CTR: "REG"\n",
regs->nip, regs->link, regs->ctr);
@@ -97,6 +106,8 @@ are set.
printk("MSR: "REG" ", regs->msr);
print_msr_bits(regs->msr);
pr_cont(" CR: %08lx XER: %08lx\n", regs->ccr, regs->xer);
+diff --git a/arch/x86/um/sysrq_64.c b/arch/x86/um/sysrq_64.c
+index 903ad91b6..7fdad4fc2 100644
--- a/arch/x86/um/sysrq_64.c
+++ b/arch/x86/um/sysrq_64.c
@@ -9,6 +9,7 @@
@@ -119,6 +130,8 @@ are set.
printk(KERN_INFO "RIP: %04lx:[<%016lx>]\n", PT_REGS_CS(regs) & 0xffff,
PT_REGS_IP(regs));
printk(KERN_INFO "RSP: %016lx EFLAGS: %08lx\n", PT_REGS_SP(regs),
+diff --git a/kernel/hung_task.c b/kernel/hung_task.c
+index 396ebaebe..8a4ad4fc5 100644
--- a/kernel/hung_task.c
+++ b/kernel/hung_task.c
@@ -23,6 +23,7 @@
@@ -129,7 +142,7 @@ are set.
/*
* The number of tasks checked:
-@@ -128,10 +129,11 @@ static void check_hung_task(struct task_
+@@ -128,10 +129,11 @@ static void check_hung_task(struct task_struct *t, unsigned long timeout)
sysctl_hung_task_warnings--;
pr_err("INFO: task %s:%d blocked for more than %ld seconds.\n",
t->comm, t->pid, (jiffies - t->last_switch_time) / HZ);
@@ -143,17 +156,19 @@ are set.
pr_err("\"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\""
" disables this message.\n");
sched_show_task(t);
+diff --git a/lib/dump_stack.c b/lib/dump_stack.c
+index f5a33b6f7..0ec8104de 100644
--- a/lib/dump_stack.c
+++ b/lib/dump_stack.c
-@@ -12,6 +12,7 @@
- #include <linux/atomic.h>
+@@ -13,6 +13,7 @@
#include <linux/kexec.h>
#include <linux/utsname.h>
+ #include <linux/stop_machine.h>
+#include <generated/package.h>
static char dump_stack_arch_desc_str[128];
-@@ -44,13 +45,14 @@ void __init dump_stack_set_arch_desc(con
+@@ -45,13 +46,14 @@ void __init dump_stack_set_arch_desc(const char *fmt, ...)
*/
void dump_stack_print_info(const char *log_lvl)
{
@@ -170,3 +185,6 @@ are set.
if (dump_stack_arch_desc_str[0] != '\0')
printk("%sHardware name: %s\n",
+--
+2.17.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 56d1700..bdb60da 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,13 +1,3 @@
-debian/gitignore.patch
-
-# Disable features broken by exclusion of upstream files
-debian/dfsg/arch-powerpc-platforms-8xx-ucode-disable.patch
-debian/dfsg/drivers-media-dvb-dvb-usb-af9005-disable.patch
-debian/dfsg/vs6624-disable.patch
-debian/dfsg/drivers-net-appletalk-cops.patch
-debian/dfsg/video-remove-nvidiafb-and-rivafb.patch
-debian/dfsg/documentation-fix-broken-link-to-cipso-draft.patch
-
# Changes to support package build system
debian/version.patch
debian/uname-version-timestamp.patch
@@ -25,109 +15,3 @@ debian/android-enable-building-ashmem-and-binder-as-modules.patch
debian/documentation-drop-sphinx-version-check.patch
debian/perf-traceevent-support-asciidoctor-for-documentatio.patch
debian/kbuild-look-for-module.lds-under-arch-directory-too.patch
-
-# Fixes/improvements to firmware loading
-features/all/drivers-media-dvb-usb-af9005-request_firmware.patch
-debian/iwlwifi-do-not-request-unreleased-firmware.patch
-bugfix/all/firmware_class-log-every-success-and-failure.patch
-bugfix/all/firmware-remove-redundant-log-messages-from-drivers.patch
-bugfix/all/radeon-amdgpu-firmware-is-required-for-drm-and-kms-on-r600-onward.patch
-debian/firmware_class-refer-to-debian-wiki-firmware-page.patch
-
-# Patches from aufs5 repository, imported with debian/bin/genpatch-aufs.
-# These are only the changes needed to allow aufs to be built out-of-tree.
-#features/all/aufs5/aufs5-base.patch
-#features/all/aufs5/aufs5-mmap.patch
-#features/all/aufs5/aufs5-standalone.patch
-
-# Change some defaults for security reasons
-debian/af_802154-Disable-auto-loading-as-mitigation-against.patch
-debian/rds-Disable-auto-loading-as-mitigation-against-local.patch
-debian/decnet-Disable-auto-loading-as-mitigation-against-lo.patch
-debian/dccp-disable-auto-loading-as-mitigation-against-local-exploits.patch
-debian/hamradio-disable-auto-loading-as-mitigation-against-local-exploits.patch
-debian/fs-enable-link-security-restrictions-by-default.patch
-
-# Set various features runtime-disabled by default
-debian/sched-autogroup-disabled.patch
-debian/yama-disable-by-default.patch
-debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
-features/all/security-perf-allow-further-restriction-of-perf_event_open.patch
-features/x86/intel-iommu-add-option-to-exclude-integrated-gpu-only.patch
-features/x86/intel-iommu-add-kconfig-option-to-exclude-igpu-by-default.patch
-
-# Disable autoloading/probing of various drivers by default
-debian/cdc_ncm-cdc_mbim-use-ncm-by-default.patch
-debian/snd-pcsp-disable-autoload.patch
-bugfix/x86/viafb-autoload-on-olpc-xo1.5-only.patch
-debian/fjes-disable-autoload.patch
-
-# Taint if dangerous features are used
-debian/fanotify-taint-on-use-of-fanotify_access_permissions.patch
-debian/btrfs-warn-about-raid5-6-being-experimental-at-mount.patch
-
-# Arch bug fixes
-bugfix/arm/arm-dts-kirkwood-fix-sata-pinmux-ing-for-ts419.patch
-bugfix/arm64/dts-rockchip-correct-voltage-selector-firefly-RK3399.patch
-bugfix/x86/perf-tools-fix-unwind-build-on-i386.patch
-bugfix/sh/sh-boot-do-not-use-hyphen-in-exported-variable-name.patch
-bugfix/arm/arm-mm-export-__sync_icache_dcache-for-xen-privcmd.patch
-bugfix/powerpc/powerpc-boot-fix-missing-crc32poly.h-when-building-with-kernel_xz.patch
-bugfix/arm64/arm64-acpi-Add-fixup-for-HPE-m400-quirks.patch
-bugfix/x86/x86-32-disable-3dnow-in-generic-config.patch
-
-# Arch features
-features/arm64/arm64-dts-rockchip-Add-basic-support-for-Kobol-s-Hel.patch
-features/x86/x86-memtest-WARN-if-bad-RAM-found.patch
-features/x86/x86-make-x32-syscall-support-conditional.patch
-
-# Miscellaneous bug fixes
-bugfix/all/disable-some-marvell-phys.patch
-bugfix/all/fs-add-module_softdep-declarations-for-hard-coded-cr.patch
-bugfix/all/partially-revert-usb-kconfig-using-select-for-usb_co.patch
-debian/makefile-do-not-check-for-libelf-when-building-oot-module.patch
-bugfix/all/partially-revert-net-socket-implement-64-bit-timestamps.patch
-
-# Miscellaneous features
-
-# Lockdown missing pieces
-features/all/lockdown/efi-add-an-efi_secure_boot-flag-to-indicate-secure-b.patch
-features/all/lockdown/efi-lock-down-the-kernel-if-booted-in-secure-boot-mo.patch
-features/all/lockdown/mtd-disable-slram-and-phram-when-locked-down.patch
-features/all/lockdown/arm64-add-kernel-config-option-to-lock-down-when.patch
-
-# Improve integrity platform keyring for kernel modules verification
-features/all/db-mok-keyring/0001-MODSIGN-do-not-load-mok-when-secure-boot-disabled.patch
-features/all/db-mok-keyring/0002-MODSIGN-load-blacklist-from-MOKx.patch
-features/all/db-mok-keyring/0003-MODSIGN-checking-the-blacklisted-hash-before-loading-a-kernel-module.patch
-features/all/db-mok-keyring/0004-MODSIGN-check-the-attributes-of-db-and-mok.patch
-features/all/db-mok-keyring/modsign-make-shash-allocation-failure-fatal.patch
-features/all/db-mok-keyring/KEYS-Make-use-of-platform-keyring-for-module-signature.patch
-
-# Security fixes
-debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
-debian/ntfs-mark-it-as-broken.patch
-bugfix/x86/0001-bpf-x86-Validate-computation-of-branch-displacements.patch
-bugfix/x86/0002-bpf-x86-Validate-computation-of-branch-displacements.patch
-
-# Fix exported symbol versions
-bugfix/all/module-disable-matching-missing-version-crc.patch
-
-# Tools bug fixes
-bugfix/all/usbip-document-tcp-wrappers.patch
-bugfix/all/kbuild-fix-recordmcount-dependency.patch
-bugfix/all/tools-perf-man-date.patch
-bugfix/all/tools-perf-remove-shebangs.patch
-bugfix/x86/revert-perf-build-fix-libunwind-feature-detection-on.patch
-bugfix/all/tools-build-remove-bpf-run-time-check-at-build-time.patch
-bugfix/all/cpupower-bump-soname-version.patch
-bugfix/all/libcpupower-hide-private-function.patch
-bugfix/all/cpupower-fix-checks-for-cpu-existence.patch
-bugfix/all/tools-perf-pmu-events-fix-reproducibility.patch
-bugfix/all/bpftool-fix-version-string-in-recursive-builds.patch
-bugfix/all/tools-include-uapi-fix-errno.h.patch
-
-# overlay: allow mounting in user namespaces
-debian/overlayfs-permit-mounts-in-userns.patch
-
-# ABI maintenance
diff --git a/debian/rules b/debian/rules
index 3659e5b..f6f4c07 100755
--- a/debian/rules
+++ b/debian/rules
@@ -113,12 +113,7 @@ debian/control-real: debian/bin/gencontrol.py $(CONTROL_FILES)
# Hash randomisation makes the pickled config unreproducible
PYTHONHASHSEED=0 $<
md5sum $^ > debian/control.md5sum
- @echo
- @echo This target is made to fail intentionally, to make sure
- @echo that it is NEVER run during the automated build. Please
- @echo ignore the following error, the debian/control file has
- @echo been generated SUCCESSFULLY.
- @echo
- exit 1
+ @echo The debian/control file has been generated SUCCESSFULLY.
+ @echo Proceed to build!
.PHONY: binary binary-% build build-% clean debian/control-real orig setup source
--
2.17.1
View Git Blame Copy Permalink