Removed kernel devel subpackages dependency on the kernel.

[PawelWMS]

Merge Checklist

All boxes should be checked before merging the PR (just tick any boxes which don't apply to this PR)

• The toolchain has been rebuilt successfully (or no changes were made to it)
• The toolchain/worker package manifests are up-to-date
• Any updated packages successfully build (or no packages were changed)
• Packages depending on static components modified in this PR (Golang, *-static subpackages, etc.) have had their Release tag incremented.
• Package tests (%check section) have been verified with RUN_CHECK=y for existing SPEC files, or added to new SPEC files
• All package sources are available
• cgmanifest files are up-to-date and sorted (./cgmanifest.json, ./toolkit/scripts/toolchain/cgmanifest.json, .github/workflows/cgmanifest.json)
• LICENSE-MAP files are up-to-date (./SPECS/LICENSES-AND-NOTICES/data/licenses.json, ./SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md, ./SPECS/LICENSES-AND-NOTICES/LICENSE-EXCEPTIONS.PHOTON)
• All source files have up-to-date hashes in the *.signatures.json files
• sudo make go-tidy-all and sudo make go-test-coverage pass
• Documentation has been updated to match any changes to the build system
• Ready to merge

---

Summary

Kernel devel subpackage differs from other devel subpackages in that it is meant for building components calling internal kernel APIs (like kernel modules). They do not require the actual default kernel to be present in order to be functional and in fact it is common to install multiple kernel devel subpackages (for different kernel flavours of versions) at the same time for instance to build the same OOT kernel module for all the supported kernels. Current devel -> default package dependency prevents these kind of scenarios, because we don't want to install multiple kernels on the user's image in such cases.

Does this affect the toolchain?

Yes.

Test Methodology

• PR checks.

[CBL-Mariner-Bot]

🚨 PR Check Failed - Critical Issues Found

Found 4 critical/error issue(s) that must be fixed.

🔍 Critical Issues Detected:

1. Missing Patch File (ERROR)
   • Patch file '0001-add-mstflint-kernel-%{mstflintver}.patch' is referenced in the spec but not found in the directory
   • 💡 Fix: Add the missing patch file or update the Patch reference
2. Missing Patch File (ERROR)
   • Patch file 'patch-%{version_upstream}-%{rt_version}.patch' is referenced in the spec but not found in the directory
   • 💡 Fix: Add the missing patch file or update the Patch reference
3. Missing Patch File (ERROR)
   • Patch file '0001-add-mstflint-kernel-%{mstflintver}.patch' is referenced in the spec but not found in the directory
   • 💡 Fix: Add the missing patch file or update the Patch reference
4. Missing Patch File (ERROR)
   • Patch file '0001-add-mstflint-kernel-%{mstflintver}.patch' is referenced in the spec but not found in the directory
   • 💡 Fix: Add the missing patch file or update the Patch reference

🤖 AI Analysis Summary:

Brief Analysis:
These changes primarily bump the release numbers and remove an incorrect runtime dependency from the devel subpackage. Only one patch directive (“Patch0: 0001-add-mstflint-kernel-4.28.0.patch”) is used and the corresponding file is present.

Critical Issues Found:
• No ERROR/CRITICAL issues were detected regarding missing or misapplied security patches.

Recommended Actions:
• Review that all CVE-related fixes mentioned in the changelog are documented with their upstream context (even when not using separate CVE patch files).
• Ensure that future CVE fixes, if not embedded in upstream source, are added as properly numbered patches with %patch/%autopatch directives.
• Verify that dependency adjustments (e.g. removal of “Requires: %{name} = …”) do not impact resolution of security updates in the subpackages.

---

📋 For detailed analysis and recommendations, check the Azure DevOps pipeline logs.