Skip to content

[CLK] Embed dist-git in source branch#959

Open
bmastbergen wants to merge 7 commits intociq-6.12.yfrom
{bmastbergen}_ciq-6.12.y
Open

[CLK] Embed dist-git in source branch#959
bmastbergen wants to merge 7 commits intociq-6.12.yfrom
{bmastbergen}_ciq-6.12.y

Conversation

@bmastbergen
Copy link
Collaborator

@bmastbergen bmastbergen commented Mar 11, 2026

This is a first pass at embedding the CLK dist-git in kernel-src-tree. I've started with the 6.12.74 srpm contents and then tweaked them a bit in the subsequent commits:

  • Remove kabi generation and checking
  • Move netfilter modules to modules-core to match Rocky 9
  • Use configs from ciq/configs instead of copies in SOURCES

And then I added a utility script to generate the source tarball for the srpm.

When we rebase, I have lt_rebase.sh updating the spec to match the kernel we are rebasing onto. See that PR here:
ctrliq/kernel-src-tree-tools#60

And an example of what a rebase on top of this looks like in this branch:
https://github.com/ctrliq/kernel-src-tree/tree/%7Bbmastbergen%7D_ciq-6.12.y-next

Some things I'd like input on:

  • Should SOURCES and SPECS be in the root directory, or should I move them into the ciq directory?
  • Should all of these SOURCES and SPECS commits start with [CIQ] ?
  • I added generate_tarball.sh as a script here so that when we do secure boot builds, those folks can generate the tarball without having to check out any other code. Cool?
  • The lt_rebase.sh spec update will create a commit every time we rebase. I think thats ok to start, but maybe in the future we'd want to auto squash these or something? We may want to do that with the config commits eventually as well. Not sure.
  • Deiter had suggested having no SOURCES directory and no tarball at all, since this repo IS the sources. But I couldn't get that to work. My (and Claude's) spec-fu may be too weak for that.
  • That being said I don't think we need to push a tarball to any kind of lookaside. If a person checks out the 'dist-git' they are getting all of the source. If they want the tarball, they can call generate_tarball.sh.
  • These PRs do not provide any tooling for the scenario where we want to release additional commits without performing a rebase (ie 6.12.74-2). We will need a workflow and tooling for that, but I wanted to start with the basics here.
  • I think there is a lot of other stuff we can clean out of the kernel.spec and SOURCES dir. But again, I wanted to start simple, with the least amount of change. These cleanups can be done later.

Once we get this nailed down for 6.12, I'd apply a similar set of commits to ciq-6.18.y as well.

@bmastbergen
Import dist-git from 6.12.64 SRPM
fae8cba
@bmastbergen
kernel.spec: Remove kabi code
db78db3 
This kernel does not guarantee a stable kabi
@bmastbergen
kernel.spec: Move netfilter modules to core
8a7e118 
This aligns module packaging with Rocky 9
@bmastbergen
kernel.spec: Use configs from ciq/config
059bd6e 
The configs are already in ciq/configs, so no need to have another
copy in SOURCES
@bmastbergen
Add generate_tarball.sh
5f44568
@bmastbergen bmastbergen mentioned this pull request Mar 11, 2026
Open
@bmastbergen bmastbergen requested review from a team, elguero and jdieter March 11, 2026 15:21
jdieter
jdieter reviewed Mar 11, 2026
View reviewed changes
@bmastbergen
Copy link
Collaborator Author

bmastbergen commented Mar 11, 2026

I think I'll need to pull in this new kernel-pkg change as well:
https://github.com/ctrliq/kernel-pkg/pull/14/

elguero and others added 2 commits March 12, 2026 14:47
@elguero @bmastbergen
Adding CIQ attributes to kernel mod signing cert
a94827a 
We should be attributing CIQ as the signer of the kernel modules being built and
signed during the kernel build and packaging process.

This patch adds a 'x509.genkey.rocky' file which will be used when creating the
ephemeral cert that is used for signing the kernel modules at build time.

Signed-off-by: Michael L. Young <myoung@ciq.com>

AUTODEL-1213
@bmastbergen
Switch to zstd for source tarball
8b27245
@bmastbergen
Copy link
Collaborator Author

bmastbergen commented Mar 12, 2026

Updated:

  • Use zstd for source tarball
  • Picked up @elguero changes for module signing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jdieter jdieter jdieter left review comments

@elguero elguero Awaiting requested review from elguero

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bmastbergen @jdieter @elguero