AkarshHCL
diff --git a/‎.github/instructions/oot-modules.instructions.md‎
Lines changed: 315 additions & 0 deletions b/‎.github/instructions/oot-modules.instructions.md‎
Lines changed: 315 additions & 0 deletions
diff --git a/‎.github/instructions/spec.instructions.md‎
Lines changed: 47 additions & 0 deletions b/‎.github/instructions/spec.instructions.md‎
Lines changed: 47 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 6 additions & 5 deletions b/‎README.md‎
Lines changed: 6 additions & 5 deletions
@@ -0,0 +1,315 @@
+---
+applyTo: 'SPECS*/**/*.spec'
+description: Always apply these instructions when editing `*.spec` files that build or repackage
+**out-of-tree (OOT) kernel modules**. Such specs are identifiable by the
+presence of `azl_kernel_*` macros (e.g., `azl_kernel_version`,
+`azl_kernel_hwe_version`).
+---
+
+# Out-of-Tree (OOT) Kernel Module Spec File Conventions
+
+## Instructions context
+
+The specs to be analyzed with these instructions live under:
+
+- `SPECS-NVIDIA/` and `SPECS-AMD/` — **unsigned** (build) specs.
+- `SPECS-NVIDIA-SIGNED/` and `SPECS-AMD-SIGNED/` — **signed** (repackaging) specs.
+
+Above directory pairs are only examples - there may be additional directories for OOT specs,
+but they must follow the same conventions outlined in this document.
+
+---
+
+## 1. Kernel and Dependency Version Macros
+
+### 1.1 Resolving the Target Kernel Version
+
+Always use the `azl_kernel_*` macros provided by the build system. **Never** use
+`rpm -q` shell queries to discover the kernel version at build time.
+
+- Example for the **default kernel**:
+
+  ```rpm
+  %global target_kernel_version_full %{azl_kernel_version}-%{azl_kernel_release}%{?dist}
+  %global release_suffix _%{azl_kernel_version}.%{azl_kernel_release}
+  ```
+
+- Example for the **HWE kernel**:
+
+  ```rpm
+  %global target_kernel_version_full %{azl_kernel_hwe_version}-%{azl_kernel_hwe_release}%{?dist}
+  %global release_suffix _%{azl_kernel_hwe_version}.%{azl_kernel_hwe_release}
+  ```
+
+### 1.2 Extending the Release Suffix with Additional Version Components
+
+When the OOT module is tied to both a specific kernel **and** another package
+version (e.g., an NVIDIA driver version), the release suffix may be extended:
+
+```rpm
+%global release_suffix _%{azl_kernel_version}.%{azl_kernel_release}.%{NVIDIA_DRIVER_VERSION}
+```
+
+This is the exception, not the default. Use it only when the kernel module
+binary is specific to that additional dependency's exact version.
+
+### 1.3 Resolving Non-Kernel Package Version
+
+When the spec also depends on non-kernel packages (i.e., MOFED packages), resolve the version through the
+`azl_<pkg>_*` (i.e., `azl_mlnx_ofa_kernel_*`) macros:
+
+- For the **default kernel**:
+
+  ```rpm
+  %{!?_mofed_full_version: %define _mofed_full_version %{azl_mlnx_ofa_kernel_version}-%{azl_mlnx_ofa_kernel_release}%{?dist}}
+  ```
+
+  Or simpler:
+  ```rpm
+  %define _mofed_full_version %{azl_mlnx_ofa_kernel_version}-%{azl_mlnx_ofa_kernel_release}%{?dist}
+  ```
+
+- For the **HWE kernel**:
+
+  ```rpm
+  %{!?_mofed_hwe_full_version: %define _mofed_hwe_full_version %{azl_mlnx_ofa_kernel_hwe_version}-%{azl_mlnx_ofa_kernel_hwe_release}%{?dist}}
+  ```
+
+  Or simpler:
+  ```rpm
+  %define _mofed_hwe_full_version %{azl_mlnx_ofa_kernel_hwe_version}-%{azl_mlnx_ofa_kernel_hwe_release}%{?dist}
+  ``` 
+
+---
+
+## 2. Release Tag Format
+
+### 2.1 Packages/Subpackages Containing OOT Modules
+
+```rpm
+Release:        [number][kernel_version_related_suffix]%{?dist}
+```
+
+Example from `gdrcopy-hwe-kmod` subpackage in `gdrcopy-hwe.spec`.
+```rpm
+Release:        %{_release}_%{target_azl_build_kernel_version}.%{target_kernel_release}.%{NVIDIA_DRIVER_VERSION}%{?dist}
+```
+
+### 2.2 Packages/Subpackages NOT Containing OOT Modules
+
+```rpm
+Release:        [number]%{?dist}
+```
+
+The `[kernel_version_related_suffix]` is **not needed** for subpackages that contain only
+kernel-independent components (usermode binaries, libraries, services, docs).
+
+Example from `gdrcopy` base subpackage in `gdrcopy.spec`.
+```rpm
+Release:        %{_release}%{?dist}
+```
+
+### 2.3 Reusing the Release Number Across Subpackages
+
+When the same release number must appear in multiple subpackages, encode it as a
+macro to avoid repetition:
+
+```rpm
+%{!?_release: %define _release 3}
+```
+
+Then reference it in each `Release:` tag:
+
+```rpm
+# kmod subpackage (kernel-tied)
+Release: %{_release}%{release_suffix}%{?dist}
+
+# service subpackage (kernel-independent)
+Release: %{_release}%{?dist}
+```
+
+---
+
+## 3. Subpackage Separation
+
+### 3.1 Principle
+
+Subpackages containing OOT kernel modules (`.ko` files) **must not** contain
+components that are not tied to a specific kernel version. Kernel-independent
+components include:
+
+- Usermode binaries and scripts.
+- Shared libraries (`.so` files).
+- Systemd service units.
+- udev rules.
+- Configuration files not specific to the kernel module.
+- Documentation and man pages.
+
+### 3.2 Reference Implementation
+
+The `gdrcopy` spec family is the current exemplar for proper separation:
+
+- `gdrcopy` — userspace library and test binaries.
+- `gdrcopy-service` — systemd service components.
+- `gdrcopy-dkms-src` — DKMS source for runtime compilation.
+- `gdrcopy-kmod` — prebuilt `gdrdrv.ko`, pinned to a specific kernel and NVIDIA
+  driver version.
+
+### 3.3 Known Gap
+
+Most current specs (`cuda-open`, `cuda`, `amdgpu`, `amd-ama-driver`,
+`nvidia-vgpu-guest-driver`) bundle kernel modules and usermode components in a
+single package with `%{release_suffix}`. This is a known gap to be addressed in
+future refactoring. New specs **must** follow the separated pattern from the
+start.
+
+---
+
+## 4. Unsigned / Signed Spec Pair
+
+Every OOT driver requires **two** specs:
+
+### 4.1 Unsigned Spec (Build)
+
+Located in `SPECS-NVIDIA/` or `SPECS-AMD/`. Responsibilities:
+
+- Compile kernel modules from source.
+- Install unsigned `.ko` files (useful for dev testing with kernel lockdown
+  disabled).
+- Place unlinked `.o` / `.ko` files in `kmod_o_dir` to be picked up by the
+  signing pipeline.
+
+### 4.2 Signed Spec (Repackaging)
+
+Located in `SPECS-NVIDIA-SIGNED/` or `SPECS-AMD-SIGNED/`. Responsibilities:
+
+- Take the unsigned RPM as `Source0`, referenced as
+  `<name>-%{version}-%{release}.%{_arch}.rpm`.
+- Strip unsigned `.ko` files from the extracted contents.
+- Install signed `.ko` files provided as additional `Source` entries.
+- Repackage everything into the final RPM.
+- Repeat pre-/post-install scripts from the unsigned spec as needed for the subpackage they override from the unsigned spec.
+
+**Mandatory** in signed specs — prevent RPM post-processing from stripping
+module signatures:
+
+```rpm
+%define __os_install_post %{__os_install_post_leave_signatures} %{nil}
+```
+
+Signed specs have an **empty `%build` section** — they never compile.
+
+---
+
+## 5. Build and Runtime Dependencies
+
+### 5.1 Kernel Dependencies
+
+```rpm
+# Build-time
+BuildRequires:  kernel-devel = %{target_kernel_version_full}
+BuildRequires:  kernel-headers = %{target_kernel_version_full}
+
+# Runtime
+Requires:       kernel = %{target_kernel_version_full}
+```
+
+For GPU drivers, also add:
+
+```rpm
+Requires:       kernel-drivers-gpu = %{target_kernel_version_full}
+```
+
+For **HWE kernel** variants, replace `kernel`/`kernel-devel`
+with `kernel-hwe`/`kernel-hwe-devel`, and
+`kernel-drivers-gpu` with `kernel-hwe-drivers-gpu`.
+
+> **⚠ BUILD-SYSTEM LIMITATION — `kernel-headers`:**
+> Only the default `kernel-headers` package may appear as a `BuildRequires`.
+> Flavored variants (e.g., `kernel-hwe-headers`) **must not** be used because
+> `kernel-headers` is always pre-installed in the build chroot and conflicts
+> with any other flavor of the headers package. This restriction does **not**
+> apply to `kernel-devel` — using `kernel-hwe-devel` is correct and required
+> for HWE builds.
+
+### 5.2 MOFED Dependencies
+
+When InfiniBand / GPUDirect RDMA support is needed:
+
+```rpm
+BuildRequires:  mlnx-ofa_kernel-devel = %{_mofed_full_version}
+BuildRequires:  mlnx-ofa_kernel = %{_mofed_full_version}
+BuildRequires:  mlnx-ofa_kernel-modules = %{_mofed_full_version}
+BuildRequires:  mlnx-ofa_kernel-source = %{_mofed_full_version}
+
+Requires:       mlnx-ofa_kernel = %{_mofed_full_version}
+Requires:       mlnx-ofa_kernel-modules = %{_mofed_full_version}
+```
+
+For **HWE kernel** variants, use `mlnx-ofa_kernel-hwe-*` package names and
+`%{_mofed_hwe_full_version}`.
+
+---
+
+## 6. Common Boilerplate
+
+### 6.1 Standard Tags
+
+```rpm
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+```
+
+### 6.2 Changelog Format
+
+```
+*   Day Mon DD YYYY Full Name <email@microsoft.com> - VERSION-RELEASE
+-   Description of change.
+```
+
+Date format: `Day Mon DD YYYY` (e.g., `Tue Mar 24 2026`).
+
+---
+
+## 7. HWE Kernel Variant Naming Cheat Sheet
+
+When creating an HWE variant of an existing spec, apply these substitutions
+throughout the entire spec:
+
+| Default kernel | HWE kernel |
+|---|---|
+| `%azl_kernel_version` | `%azl_kernel_hwe_version` |
+| `%azl_kernel_release` | `%azl_kernel_hwe_release` |
+| `%azl_mlnx_ofa_kernel_version` | `%azl_mlnx_ofa_kernel_hwe_version` |
+| `%azl_mlnx_ofa_kernel_release` | `%azl_mlnx_ofa_kernel_hwe_release` |
+| `kernel` (package name) | `kernel-hwe` |
+| `kernel-devel` | `kernel-hwe-devel` |
+| `kernel-headers` | ~~`kernel-hwe-headers`~~ — **do not substitute for `BuildRequires`** (see §5.1 limitation) |
+| `kernel-drivers-gpu` | `kernel-hwe-drivers-gpu` |
+| `mlnx-ofa_kernel-*` | `mlnx-ofa_kernel-hwe-*` |
+| `_mofed_full_version` | `_mofed_hwe_full_version` |
+
+---
+
+## 8. Quick-Reference: Minimal Preamble Template
+
+```rpm
+%global _enable_debug_package 0
+%global debug_package %{nil}
+%global __os_install_post /usr/lib/rpm/brp-compress %{nil}
+%global driver_version <DRIVER_VERSION>
+
+%global target_kernel_version_full %{azl_kernel_version}-%{azl_kernel_release}%{?dist}
+%global release_suffix _%{azl_kernel_version}.%{azl_kernel_release}
+
+# Only if MOFED is needed:
+%{!?_mofed_full_version: %define _mofed_full_version %{azl_mlnx_ofa_kernel_version}-%{azl_mlnx_ofa_kernel_release}%{?dist}}
+
+Name:           <package-name>
+Version:        %{driver_version}
+Release:        1%{release_suffix}%{?dist}
+Summary:        <summary>
+License:        <license>
+Vendor:         Microsoft Corporation
+Distribution:   Azure Linux
+```
@@ -0,0 +1,47 @@
+---
+applyTo: 'SPECS*/**/*.spec'
+description: Always apply these instructions when editing `*.spec` files. They live under
+the `SPECS*` directories and their subdirectories. The exact directory structure may vary,
+but all spec files must follow the conventions outlined in this document.
+---
+
+## Instructions context
+
+- We're using `some-package` as a placeholder for the actual package name.
+- The spec file is placed in the `SPECS` or `SPECS-<SUBTYPE>` directory, e.g.:
+  - `SPECS/some-package/some-package.spec`
+  - `SPECS-NVIDIA/some-package/some-package.spec`
+  - `SPECS-AMD/some-package/some-package.spec`
+
+## General RPM spec instructions
+
+- The spec file name and the directory name should be the same, if only one version of the package needs to be maintained.
+- Keep one spec subdirectory per package.
+  
+  GOOD:
+  - `SPECS/some-package/some-package.spec`
+  - `SPECS/some-package-similar/some-package-similar.spec`
+  
+  BAD:
+  - `SPECS/some-package/some-package.spec`
+  - `SPECS/some-package/some-package-similar.spec`
+- All packages must have a license file included through the `%license` macro in the `%files` section. Exceptions:
+  - Subpackages that depend on another subpackage from the same spec, where that other subpackage already includes the license file. The expected end result of installing any package is that a license file for that package ends up being installed along with it.
+  - "Metapackages", which don't build and install any of its own files but are a collection of run-time `Requires` dependencies.
+- If multiple versions need to be maintained, use versioned spec files names within the same directory. If you're adding a new version to an existing directory with a single spec file, keep the original spec file unchanged. Example:
+  - `SPECS/some-package/some-package.spec`
+  - `SPECS/some-package/some-package-v2.spec`
+- The `Name` tag in the spec file should match the spec file name except for the version suffix (if present). Example:
+  - For `some-package.spec`, use `Name: some-package`
+  - For `some-package-v2.spec`, use `Name: some-package`
+- Packages, which need their internal files (kernel or EFI modules for instance) signed, must have a separate signed spec file variant in its own `SPECS*-SIGNED` directory. The signed subdirectory and spec file should have the `-signed` suffix. Example:
+  - For `SPECS-NVIDIA/some-package/some-package.spec` -> `SPECS-NVIDIA-SIGNED/some-package-signed/some-package-signed.spec`
+- The signed spec file must define only subpackages, which contain the signed files. The name of these subpackages must be identical to their unsigned counterparts. Example:
+  - For `some-package-kmod` subpackage in the unsigned spec, define `some-package-kmod` subpackage in the signed spec as well.
+  **NOTE**: since the signed spec only defines subpackages, either make `Name:` tag in the signed spec file match the subpackage name or define `%package -n <subpackage-name>` and `%files -n <subpackage-name>` explicitly in the signed spec file.
+- The signed specs DO NOT use the original sources. Instead, they use the RPM package built from the unsigned spec as the source of unsigned files and separately a `SourceX` entry for each of the signed files. No other source files are allowed. The files inside the original RPM should be extracted to the same installation paths as in the original RPM and then the signed files should replace the unsigned ones.
+- The signed subpackage must have the same pre- and post-install scripts as the unsigned subpackage (if any) to ensure proper installation and removal.
+
+## Instructions specific to spec files building out-of-tree kernel modules
+
+**IN ADDITION TO THESE INSTRUCTIONS**, follow instructions under `.github/instructions/oot-modules.instructions.md`.
@@ -33,11 +33,12 @@ Note: Support for the ISO is community based. Before filing a new bug or feature
 ## Getting Help
 - Bugs, feature requests and questions can be filed as GitHub issues.
 - We are starting a public community call for Azure Linux users to get together and discuss new features, provide feedback, and learn more about how others are using Azure Linux. In each session, we will feature a new demo. The schedule for the upcoming community calls are:
-- 7/24/2025 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDcyZjRkYWMtOWQxYS00OTk3LWFhNmMtMTMwY2VhMTA4OTZi%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2271a6ce92-58a5-4ea0-96f4-bd4a0401370a%22%7d)
-- 9/25/2025 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDcyZjRkYWMtOWQxYS00OTk3LWFhNmMtMTMwY2VhMTA4OTZi%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2271a6ce92-58a5-4ea0-96f4-bd4a0401370a%22%7d)
-- 11/20/2025 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDcyZjRkYWMtOWQxYS00OTk3LWFhNmMtMTMwY2VhMTA4OTZi%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2271a6ce92-58a5-4ea0-96f4-bd4a0401370a%22%7d)
-- 1/22/2026 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDcyZjRkYWMtOWQxYS00OTk3LWFhNmMtMTMwY2VhMTA4OTZi%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2271a6ce92-58a5-4ea0-96f4-bd4a0401370a%22%7d)
-- 3/26/2026 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDcyZjRkYWMtOWQxYS00OTk3LWFhNmMtMTMwY2VhMTA4OTZi%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2271a6ce92-58a5-4ea0-96f4-bd4a0401370a%22%7d)
+- 5/28/2026 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDcyZjRkYWMtOWQxYS00OTk3LWFhNmMtMTMwY2VhMTA4OTZi%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2271a6ce92-58a5-4ea0-96f4-bd4a0401370a%22%7d)
+- 7/23/2026 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDcyZjRkYWMtOWQxYS00OTk3LWFhNmMtMTMwY2VhMTA4OTZi%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2271a6ce92-58a5-4ea0-96f4-bd4a0401370a%22%7d)
+- 9/24/2026 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDcyZjRkYWMtOWQxYS00OTk3LWFhNmMtMTMwY2VhMTA4OTZi%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2271a6ce92-58a5-4ea0-96f4-bd4a0401370a%22%7d)
+- 11/19/2026 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDcyZjRkYWMtOWQxYS00OTk3LWFhNmMtMTMwY2VhMTA4OTZi%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2271a6ce92-58a5-4ea0-96f4-bd4a0401370a%22%7d)
+- 1/28/2027 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDcyZjRkYWMtOWQxYS00OTk3LWFhNmMtMTMwY2VhMTA4OTZi%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2271a6ce92-58a5-4ea0-96f4-bd4a0401370a%22%7d)
+- 3/25/2027 from 8-9am (PST) [Click to join](https://teams.microsoft.com/l/meetup-join/19%3ameeting_ZDcyZjRkYWMtOWQxYS00OTk3LWFhNmMtMTMwY2VhMTA4OTZi%40thread.v2/0?context=%7b%22Tid%22%3a%2272f988bf-86f1-41af-91ab-2d7cd011db47%22%2c%22Oid%22%3a%2271a6ce92-58a5-4ea0-96f4-bd4a0401370a%22%7d)
 
 ## Trademarks