Now that the _gasket-driver_ package is an "install only" package
(meaning multiple versions can be installed simultaneously), the
conflict with _kernel-core_ no longer makes sense. Since
_gasket-driver_ will never "update," the old version will not be
uninstalled, and thus will continuously prevent installing a new kernel
version.
Removing the conflict does open up the possibility of having a new
kernel version installed without a corresponding _gasket-driver_
package. I think the CI pipeline is working well enough, though, that
this is unlikely. I would much rather keep the "install only" feature,
so that booting into an older kernel will work as expected.
This should hopefully allow multiple simultaneous versions of the
package to be installed (i.e. one for each installed kernel), without
having to explicitly specify `installonlypkgs = gasket-driver` in
`dnf.conf`.
Instead of manually specifying a list of Fedora versions to target, we
can now use the `fedoraBuild` pipeline function to generate the target
matrix automatically.
Note that the stage names need to be unique, as the `when` function
cannot mark the correct stage as "skipped" if there are multiple stages
with the same name.
Since _kernel_ is an `installonly` package, "upgrading" actually
installs a new version instead of replacing the installed version.
Because of this, the `Requires` tag of _gasket-driver_ does not prevent
upgrading to a new version of the kernel, as the requirement will still
be satisfied by the old version.
To fully prevent upgrading to a new kernel for which there is no
_gasket-driver_ (which would prevent Frigate from starting after the
reboot), we need to add a `Conflicts` tag. This will not allow RPM to
install a version of _kernel_ newer than the one that matches
_gasket-driver_.
I've created a mirror of the _gasket-driver_ Git repository, to ensure
it remains available, even if Google decides to remove it or GitHub is
temporarily unavailable.
It turns out, everything is already in place to enable kernel module
signing. All that's necessary is to provide a certificate and private
key at the correct path; if those are present, the modules files will be
signed during `modules_install`.
