$ diff -Naur linux-6.8.9 linux-zabbly-6.8.9 > zabbly-6.8.9.patch
$ cat zabbly-6.8.9.patch
diff --color -Naur linux-6.8.9/.github/FUNDING.yml linux-zabbly-6.8.9/.github/FUNDING.yml
--- linux-6.8.9/.github/FUNDING.yml 1970-01-01 01:00:00.000000000 +0100
+++ linux-zabbly-6.8.9/.github/FUNDING.yml 2024-05-03 17:36:05.000000000 +0200
@@ -0,0 +1,5 @@
+# Frequent committers who contribute to Incus on their own time can add
+# themselves to the list here so users who feel like sponsoring can find
+# them.
+github:
+ - stgraber
diff --color -Naur linux-6.8.9/.github/workflows/commits.yml linux-zabbly-6.8.9/.github/workflows/commits.yml
--- linux-6.8.9/.github/workflows/commits.yml 1970-01-01 01:00:00.000000000 +0100
+++ linux-zabbly-6.8.9/.github/workflows/commits.yml 2024-05-03 17:36:05.000000000 +0200
@@ -0,0 +1,40 @@
+name: Commits
+on:
+ - pull_request
+
+permissions:
+ contents: read
+
+jobs:
+ dco-check:
+ permissions:
+ pull-requests: read # for tim-actions/get-pr-commits to get list of commits from the PR
+ name: Signed-off-by (DCO)
+ runs-on: ubuntu-22.04
+ steps:
+ - name: Get PR Commits
+ id: 'get-pr-commits'
+ uses: tim-actions/get-pr-commits@master
+ with:
+ token: ${{ secrets.GITHUB_TOKEN }}
+
+ - name: Check that all commits are signed-off
+ uses: tim-actions/dco@master
+ with:
+ commits: ${{ steps.get-pr-commits.outputs.commits }}
+
+ target-branch:
+ permissions:
+ contents: none
+ name: Branch target
+ runs-on: ubuntu-22.04
+ steps:
+ - name: Check branch target
+ env:
+ TARGET: ${{ github.event.pull_request.base.ref }}
+ run: |
+ set -x
+ [ "${TARGET}" = "main" ] && exit 0
+
+ echo "Invalid branch target: ${TARGET}"
+ exit 1
diff --color -Naur linux-6.8.9/README.md linux-zabbly-6.8.9/README.md
--- linux-6.8.9/README.md 1970-01-01 01:00:00.000000000 +0100
+++ linux-zabbly-6.8.9/README.md 2024-05-03 17:36:05.000000000 +0200
@@ -0,0 +1,108 @@
+# Linux stable kernel builds
+Those are kernel builds made and supported by Zabbly.
+They track the latest stable mainline kernel and are build for both `x86_64` and `aarch64`.
+
+The general goal behind those kernel builds is to provide a recent
+stable mainline kernel with wide hardware support and a configuration
+that's optimal for running [Incus](https://github.com/lxc/incus) containers and VMs.
+
+Those are usually updated weekly, shortly after a new bugfix release.
+They do not immediately roll to a new kernel release, instead waiting for its first bugfix release to be out.
+
+## Availability
+Those kernels are built for:
+
+ * Ubuntu 20.04 LTS (`focal`)
+ * Ubuntu 22.04 LTS (`jammy`)
+ * Ubuntu 24.04 LTS (`noble`)
+ * Debian 11 (`bullseye`) (`x86_64` only)
+ * Debian 12 (`bookworm`)
+
+## Installation
+
+All commands should be run as root.
+
+### Repository key
+
+Packages provided by the repository are signed. In order to verify the integrity of the packages, you need to import the public key. First, verify that the fin
+
+```sh
+curl -fsSL https://pkgs.zabbly.com/key.asc | gpg --show-keys --fingerprint
+```
+
+```sh
+pub rsa3072 2023-08-23 [SC] [expires: 2025-08-22]
+ 4EFC 5906 96CB 15B8 7C73 A3AD 82CC 8797 C838 DCFD
+uid Zabbly Kernel Builds <info@zabbly.com>
+sub rsa3072 2023-08-23 [E] [expires: 2025-08-22]
+```
+
+If so, save the key locally:
+
+```sh
+mkdir -p /etc/apt/keyrings/
+curl -fsSL https://pkgs.zabbly.com/key.asc -o /etc/apt/keyrings/zabbly.asc
+```
+
+### Stable repository
+
+On any of the distributions above, you can add the package repository at `/etc/apt/sources.list.d/zabbly-kernel-stable.sources`.
+
+Run the following command to add the stable repository:
+
+```sh
+sh -c 'cat <<EOF > /etc/apt/sources.list.d/zabbly-kernel-stable.sources
+Enabled: yes
+Types: deb
+URIs: https://pkgs.zabbly.com/kernel/stable
+Suites: $(. /etc/os-release && echo ${VERSION_CODENAME})
+Components: main
+Architectures: $(dpkg --print-architecture)
+Signed-By: /etc/apt/keyrings/zabbly.asc
+
+EOF'
+```
+
+### Installing the kernel
+
+Finally, install the kernel, with: `apt-get install linux-zabbly`.
+
+## Secure boot
+As those kernels aren't signed by a trusted distribution key, you may
+need to turn off Secure Boot on your system in order to boot this kernel.
+
+## Configuration
+The kernel configuration is a derivative of the Ubuntu configuration for the matching architecture.
+That is, almost everything is enabled and as many components as possible are built as modules.
+
+## Additional changes
+On top of the mainline kernel, the following changes have been made:
+
+ * Support for VFS idmap mounts for cephfs (both architectures)
+ * Revert of a PCIe change breaking Qualcomm servers (aarch64 only)
+ * Revert of the change making `kernel_neon_begin` and `kernel_neon_end` GPL-only (breaks ZFS) (aarch64 only)
+
+## Ceph VFS idmap
+The Ceph VFS idmap support requires protocol changes which haven't been included in upstream Ceph yet.
+To function with stable Ceph, the module must be loaded with the `enable_unsafe_idmap=Y` option.
+
+This can be easily done by creating a file at `/etc/modprobe.d/ceph.conf` containing:
+```
+options ceph enable_unsafe_idmap=Y
+```
+
+## ZFS availability
+For users who need ZFS support, an up to date ZFS package repository can be found: [here](https://github.com/zabbly/zfs)
+That ZFS package repository is tested prior to new kernels being rolled out and so will avoid breakages due to upstream kernel changes.
+
+## Support
+Commercial support for those kernel packages is provided by [Zabbly](https://zabbly.com).
+
+You can also help support the work on those packages through:
+
+ - [Github Sponsors](https://github.com/sponsors/stgraber)
+ - [Patreon](https://patreon.com/stgraber)
+ - [Ko-Fi](https://ko-fi.com/stgraber)
+
+## Repository
+This repository gets actively rebased as new releases come out, DO NOT expect a linear git history.