Since _kernel_ is an `installonly` package, "upgrading" actually
installs a new version instead of replacing the installed version.
Because of this, the `Requires` tag of _gasket-driver_ does not prevent
upgrading to a new version of the kernel, as the requirement will still
be satisfied by the old version.
To fully prevent upgrading to a new kernel for which there is no
_gasket-driver_ (which would prevent Frigate from starting after the
reboot), we need to add a `Conflicts` tag. This will not allow RPM to
install a version of _kernel_ newer than the one that matches
_gasket-driver_.
I've created a mirror of the _gasket-driver_ Git repository, to ensure
it remains available, even if Google decides to remove it or GitHub is
temporarily unavailable.
It turns out, everything is already in place to enable kernel module
signing. All that's necessary is to provide a certificate and private
key at the correct path; if those are present, the modules files will be
signed during `modules_install`.
