From 1b721c99a0a5e41576fea5057ce62b63a182ee49 Mon Sep 17 00:00:00 2001 From: Brett Mastbergen Date: Wed, 15 Apr 2026 14:52:40 -0400 Subject: [PATCH 1/3] Add generic kernel Provides to spec Adds 'Provides: kernel = version' to base package for compatibility with packages depending on generic kernel capability. --- ciq/SPECS/kernel-clk6.18.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/ciq/SPECS/kernel-clk6.18.spec b/ciq/SPECS/kernel-clk6.18.spec index 156cb9f451d5b..1cf2448e17e67 100644 --- a/ciq/SPECS/kernel-clk6.18.spec +++ b/ciq/SPECS/kernel-clk6.18.spec @@ -702,6 +702,7 @@ Requires: %{name}-modules-uname-r = %{KVERREL} Requires: %{name}-modules-core-uname-r = %{KVERREL} Requires: ((%{name}-modules-extra-uname-r = %{KVERREL}) if %{name}-modules-extra-matched) Provides: installonlypkg(kernel) +Provides: kernel = %{specversion}-%{pkg_release} %endif From dba6d7dd0bf7c7d6975fb608d10a74faf54307e2 Mon Sep 17 00:00:00 2001 From: Brett Mastbergen Date: Fri, 1 May 2026 15:03:12 -0400 Subject: [PATCH 2/3] Add generic kernel-headers and kernel-devel Provides to spec Add versioned Provides for kernel-headers, kernel-devel, and kernel-devel- so the namespaced CLK packages satisfy the same dependency capabilities as stock Rocky kernel packages. Remove Conflicts on kernel-headers and kernel-cross-headers since the namespaced packages now provide those capabilities directly. --- ciq/SPECS/kernel-clk6.18.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ciq/SPECS/kernel-clk6.18.spec b/ciq/SPECS/kernel-clk6.18.spec index 1cf2448e17e67..60dd9dc885ee1 100644 --- a/ciq/SPECS/kernel-clk6.18.spec +++ b/ciq/SPECS/kernel-clk6.18.spec @@ -1485,6 +1485,8 @@ This is required to use SystemTap with %{name}%{?1:-%{1}}-%{KVERREL}.\ Summary: Development package for building kernel modules to match the %{?2:%{2} }kernel\ Provides: %{name}%{?1:-%{1}}-devel-%{_target_cpu} = %{specversion}-%{release}\ Provides: %{name}-devel-%{_target_cpu} = %{specversion}-%{release}%{uname_suffix %{?1}}\ +Provides: kernel-devel = %{specversion}-%{release}\ +Provides: kernel-devel-%{_target_cpu} = %{specversion}-%{release}\ Provides: kernel-devel-uname-r = %{KVERREL}%{uname_suffix %{?1}}\ Provides: %{name}-devel-uname-r = %{KVERREL}%{uname_suffix %{?1}}\ Provides: installonlypkg(kernel)\ From 22f595510848ea2c6ebb18ea46b8132d3fa75b11 Mon Sep 17 00:00:00 2001 From: Brett Mastbergen Date: Mon, 4 May 2026 15:33:43 -0400 Subject: [PATCH 3/3] bundle_bindgen: add set -e, curl --fail, and SHA256 verification - Add set -e so the script exits on any command failure - Add -f (--fail) to curl so HTTP errors are caught - Verify the downloaded crate against the known SHA256 from crates.io before extracting --- ciq/SOURCES/bundle_bindgen.sh | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/ciq/SOURCES/bundle_bindgen.sh b/ciq/SOURCES/bundle_bindgen.sh index 3a75eb218fe40..1c893eaa4cac5 100755 --- a/ciq/SOURCES/bundle_bindgen.sh +++ b/ciq/SOURCES/bundle_bindgen.sh @@ -1,4 +1,5 @@ #!/bin/sh +set -e # Bundle the bindgen-cli source code to be included in the kernel build. # https://crates.io/crates/bindgen-cli @@ -12,9 +13,19 @@ SOURCES=$1 BINDGEN_CLI=bindgen-cli BINDGEN_CLI_VERSION="0.71.1" BINDGEN_CLI_CRATE=bindgen-cli.crate +BINDGEN_CLI_SHA256="fded10ca0956afd0cbe5cf89cc71ae1a679e65b8216c651fca17ba7de8ac54dc" CRATESIO_API_ENDPOINT=https://crates.io/api/v1/crates/bindgen-cli/${BINDGEN_CLI_VERSION}/download -curl -sL $CRATESIO_API_ENDPOINT -o $SOURCES/$BINDGEN_CLI_CRATE +curl -sfL $CRATESIO_API_ENDPOINT -o $SOURCES/$BINDGEN_CLI_CRATE + +echo "$BINDGEN_CLI_SHA256 $SOURCES/$BINDGEN_CLI_CRATE" | sha256sum -c - || { + echo "Error: SHA256 checksum mismatch for $BINDGEN_CLI_CRATE" + echo "Expected: $BINDGEN_CLI_SHA256" + echo "Got: $(sha256sum $SOURCES/$BINDGEN_CLI_CRATE | awk '{print $1}')" + rm -f $SOURCES/$BINDGEN_CLI_CRATE + exit 1 +} + tar -xf $SOURCES/$BINDGEN_CLI_CRATE -C $SOURCES mv $SOURCES/$BINDGEN_CLI-$BINDGEN_CLI_VERSION $SOURCES/$BINDGEN_CLI