Remove Conflicts for kernel-core

Now that the _gasket-driver_ package is an "install only" package
(meaning multiple versions can be installed simultaneously), the
conflict with _kernel-core_ no longer makes sense.  Since
_gasket-driver_ will never "update," the old version will not be
uninstalled, and thus will continuously prevent installing a new kernel
version.

Removing the conflict does open up the possibility of having a new
kernel version installed without a corresponding _gasket-driver_
package.  I think the CI pipeline is working well enough, though, that
this is unlikely.  I would much rather keep the "install only" feature,
so that booting into an older kernel will work as expected.

ci/Jenkinsfile

@@ -0,0 +1,89 @@
+@Library('dch')_
+
+properties([
+    pipelineTriggers([
+        GenericTrigger(
+            causeString: 'Webhook Trigger',
+            genericVariables: [[
+                key: 'nvr',
+                value: '$[*].builds[*].nvr',
+            ]],
+            printContributedVariables: true,
+            printPostContent: true,
+            regexpFilterExpression: 'kernel-.*',
+            regexpFilterText: '$nvr',
+            silentResponse: true,
+            tokenCredentialId: 'webhook-trigger',
+        )
+    ])
+])
+
+try {
+    fedoraBuild(
+        architectures: ['amd64'],
+        podTemplate: 'ci/podTemplate.yaml',
+        buildContainer: 'fedora',
+    ) { arch, fedoraVersion ->
+        stage("Prepare f${fedoraVersion}/${arch}") {
+            checkout scm
+
+            container('fedora') {
+                sh '. ci/prepare.sh'
+            }
+        }
+
+        stage("Build f${fedoraVersion}/${arch}") {
+            withCredentials([file(
+                credentialsId: 'kmod-signing-cert',
+                variable: 'SIGNING_KEY',
+            )]) {
+                container('fedora') {
+                    sh '. ci/build.sh'
+                }
+            }
+        }
+
+        stage("Sign f${fedoraVersion}/${arch}") {
+            when(BRANCH_NAME == 'main') {
+                withEnv([
+                    "GNUPGHOME=${env.WORKSPACE_TMP}/gnupg",
+                ]) {
+                    withCredentials([
+                        file(
+                            credentialsId: 'rpm-gpg-key',
+                            variable: 'RPM_GPG_PRIVATE_KEY',
+                        ),
+                        file(
+                            credentialsId: 'rpm-gpg-key-passphrase',
+                            variable: 'RPM_GPG_KEY_PASSPHRASE',
+                        ),
+                    ]) {
+                        container('fedora') {
+                            sh '. ci/sign.sh'
+                        }
+                    }
+                }
+            }
+        }
+
+        archiveArtifacts '*.rpm'
+
+        stage("Publish f${fedoraVersion}/${arch}") {
+            when(BRANCH_NAME == 'main') {
+                container('fedora') {
+                    sshagent(['jenkins-repohost']) {
+                        sh '. ci/publish.sh'
+                    }
+                }
+            }
+        }
+    }
+} catch (ex) {
+    currentBuild.result = 'FAILED'
+    emailext(
+        to: 'gyrfalcon@ebonfire.com',
+        subject: '$DEFAULT_SUBJECT',
+        body: '$DEFAULT_CONTENT',
+    )
+    throw ex
+}

ci/build.sh

@@ -0,0 +1,35 @@
+#!/bin/sh
+
+if [ $(id -u) -eq 0 ]; then
+    kver=$(rpm -q --qf %{VERSION}-%{RELEASE}.%{ARCH} kernel-devel)
+    ln -s "${SIGNING_KEY}" /usr/src/kernels/${kver}/certs/signing_key.x509
+    ln -s "${SIGNING_KEY}" /usr/src/kernels/${kver}/certs/signing_key.pem
+
+    exec setpriv --clear-groups --reuid 1000 --regid 1000 --inh-caps=-all \
+        sh -ex ci/build.sh
+fi
+
+git_rev=$(
+    sed -nr '/^%global git_revision_full/s/.* ([a-z0-9]{40})$/\1/p' \
+        gasket-driver.spec
+)
+curl -fL \
+    -o gasket-driver-${git_rev}.tar.gz \
+    https://git.pyrocufflink.net/dustin/gasket-driver/archive/${git_rev}.tar.gz
+
+# We're downloading the archive from our local mirror of upstream's repository,
+# just in case it goes away or becomes unavailable.  Unfortunately, Gitea
+# creates a slightly different archive layout than GitHub, so we need to fix it
+# up before passing it to `rpmbuild`.
+rm -rf src
+mkdir src
+tar -xzf gasket-driver-${git_rev}.tar.gz -C src
+mv src/gasket-driver src/gasket-driver-${git_rev}
+tar -cf gasket-driver-${git_rev}.tar.gz -C src gasket-driver-${git_rev}
+
+rpmbuild \
+    -D "_topdir ${PWD}" \
+    -D '_sourcedir %{_topdir}' \
+    -ba gasket-driver.spec
+
+ln RPMS/*/*.rpm SRPMS/*.rpm .

ci/podTemplate.yaml

@@ -0,0 +1,24 @@
+spec:
+  containers:
+  - name: fedora
+    command:
+    - cat
+    stdin: true
+    tty: true
+    resources:
+      requests:
+        cpu: 1500m
+    securityContext:
+      runAsUser: 0
+      runAsGroup: 0
+    volumeMounts:
+    - mountPath: /etc/ssh/ssh_known_hosts
+      name: ssh-known-hosts
+      subPath: ssh_known_hosts
+  hostUsers: false
+  nodeSelector:
+    du5t1n.me/jenkins:
+  volumes:
+  - name: ssh-known-hosts
+    configMap:
+      name: ssh-known-hosts

ci/prepare.sh

@@ -0,0 +1,10 @@
+#!/bin/sh
+
+xargs dnf install -y --setopt install_weak_deps=0 <<EOF
+kernel-devel
+openssh-clients
+rpm-build
+rpm-sign
+rsync
+util-linux
+EOF

ci/publish.sh

@@ -0,0 +1,22 @@
+#!/bin/sh
+
+ARCH="$(uname -m)"
+REPO_HOST=jenkins@files.pyrocufflink.blue
+REPO_PATH=/srv/www/repohost/repos/dch/fedora/$(rpm --eval %fedora)
+
+case "${ARCH}" in
+x86_64)
+    # only include the SRPM once
+    include='*.rpm'
+    ;;
+*)
+    include="*.${ARCH}.rpm"
+    ;;
+esac
+
+rsync -rtiO \
+    --chmod=ugo=rwX \
+    --include "${include}" \
+    --exclude '*' \
+    ./ \
+    "${REPO_HOST}:${REPO_PATH}/"

ci/sign.sh

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+if [ $(id -u) -eq 0 ]; then
+    exec setpriv --clear-groups --reuid 1000 --regid 1000 --inh-caps=-all \
+        sh -ex ci/sign.sh
+fi
+
+install -m u=rwx,go= -d "${GNUPGHOME}"
+cat > "${GNUPGHOME}"/gpg-agent.conf <<EOF
+allow-loopback-pinentry
+EOF
+
+gpg2 --pinentry-mode loopback --passphrase-fd 0 \
+    --import "${RPM_GPG_PRIVATE_KEY}" \
+    < "${RPM_GPG_KEY_PASSPHRASE}"
+
+rpmsign --addsign \
+    -D '_gpg_name jenkins@pyrocufflink.net' \
+    -D '_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-fd 3' \
+    *.rpm \
+    3< "${RPM_GPG_KEY_PASSPHRASE}"

gasket-driver.spec

@@ -1,13 +1,15 @@
 %global git_revision 5815ee3
 %global git_revision_full 5815ee3908a46a415aac616ac7b9aedcb98a504c
 
-%global kernel_ver %(rpm -q --qf %{VERSION}-%{RELEASE} kernel-devel)
+%global kernel_version %(rpm -q --qf %{VERSION} kernel-devel)
+%global kernel_release %(rpm -q --qf %{RELEASE} kernel-devel)
+%global kernel_ver %{kernel_version}-%{kernel_release}
 
 %define _debugsource_template %{nil}
 
 Name:           gasket-driver
 Version:        0.0.git%{git_revision}
-Release:        1
+Release:        5.k%{kernel_version}%{?dist}
 Summary:        The Coral Gasket Driver allows usage of the Coral EdgeTPU on Linux systems
 
 License:        GPL-2.0
@@ -17,7 +19,8 @@ Patch0:         0001-core-Omit-no_llseek-reference.patch
 Patch1:         0002-Update-gasket_page_table.c-Fix-MODULE_IMPORT_NS.patch
 
 BuildRequires:  kernel-devel
-Requires:       kernel-core == %{kernel_ver}
+Provides:       installonlypkg(kernel-module)
+Requires:       kernel-core == %{kernel_version}
 Requires(post): kmod
 
 %description
@@ -47,5 +50,11 @@ depmod -a %{kernel_ver}.%{_arch}
 
 
 %changelog
+* Sun Nov 23 2025 Dustin C. Hatch <dustin@hatch.name> [0.0.git5815ee3-4]
+- Provide installonlypkg(kernel-module)
+
+* Sun Nov 16 2025 Dustin C. Hatch <dustin@hatch.name> [0.0.git5815ee3-2]
+- Include kernel version in release tag
+
 * Wed Aug 06 2025 Dustin C. Hatch <dustin@hatch.name> [0.0.git5815ee3-1]
 - Initial package