sys-kernel/coreos-sources: fix patch ordering

Our local patches get applied together with the upstream
patch-$maj.$min.$pl.patch ordered lexicographically.  By starting with
0's we're applying the local patches first, which breaks when their
contents touch the same files.

A simple way to fix this is to prefix our patches with a "z", so they're
applied after the upstream patch.

sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-sources/coreos-sources-4.4.3.ebuild

@@ -14,27 +14,33 @@ KEYWORDS="amd64 arm64"
 IUSE=""
 
 PATCH_DIR="${FILESDIR}/${KV_MAJOR}.${KV_MINOR}"
+
+# XXX: Note we must prefix the patch filenames with "z" to ensure they are
+# applied _after_ a potential patch-${KV}.patch file, present when building a
+# patchlevel revision.  We mustn't apply our patches first, it fails when the
+# local patches overlap with the upstream patch.
+
 # in $PATCH_DIR: ls -1 | sed -e 's/^/\t${PATCH_DIR}\//g' -e 's/$/ \\/g'
 UNIPATCH_LIST="
-		${PATCH_DIR}/0001-Add-secure_modules-call.patch \
+		${PATCH_DIR}/z0001-Add-secure_modules-call.patch \
-		${PATCH_DIR}/0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch \
+		${PATCH_DIR}/z0002-PCI-Lock-down-BAR-access-when-module-security-is-ena.patch \
-		${PATCH_DIR}/0003-x86-Lock-down-IO-port-access-when-module-security-is.patch \
+		${PATCH_DIR}/z0003-x86-Lock-down-IO-port-access-when-module-security-is.patch \
-		${PATCH_DIR}/0004-ACPI-Limit-access-to-custom_method.patch \
+		${PATCH_DIR}/z0004-ACPI-Limit-access-to-custom_method.patch \
-		${PATCH_DIR}/0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch \
+		${PATCH_DIR}/z0005-asus-wmi-Restrict-debugfs-interface-when-module-load.patch \
-		${PATCH_DIR}/0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch \
+		${PATCH_DIR}/z0006-Restrict-dev-mem-and-dev-kmem-when-module-loading-is.patch \
-		${PATCH_DIR}/0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch \
+		${PATCH_DIR}/z0007-acpi-Ignore-acpi_rsdp-kernel-parameter-when-module-l.patch \
-		${PATCH_DIR}/0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch \
+		${PATCH_DIR}/z0008-kexec-Disable-at-runtime-if-the-kernel-enforces-modu.patch \
-		${PATCH_DIR}/0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch \
+		${PATCH_DIR}/z0009-x86-Restrict-MSR-access-when-module-loading-is-restr.patch \
-		${PATCH_DIR}/0010-Add-option-to-automatically-enforce-module-signature.patch \
+		${PATCH_DIR}/z0010-Add-option-to-automatically-enforce-module-signature.patch \
-		${PATCH_DIR}/0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch \
+		${PATCH_DIR}/z0011-efi-Make-EFI_SECURE_BOOT_SIG_ENFORCE-depend-on-EFI.patch \
-		${PATCH_DIR}/0012-efi-Add-EFI_SECURE_BOOT-bit.patch \
+		${PATCH_DIR}/z0012-efi-Add-EFI_SECURE_BOOT-bit.patch \
-		${PATCH_DIR}/0013-hibernate-Disable-in-a-signed-modules-environment.patch \
+		${PATCH_DIR}/z0013-hibernate-Disable-in-a-signed-modules-environment.patch \
-		${PATCH_DIR}/0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch \
+		${PATCH_DIR}/z0014-Security-Provide-copy-up-security-hooks-for-unioned-.patch \
-		${PATCH_DIR}/0015-Overlayfs-Use-copy-up-security-hooks.patch \
+		${PATCH_DIR}/z0015-Overlayfs-Use-copy-up-security-hooks.patch \
-		${PATCH_DIR}/0016-SELinux-Stub-in-copy-up-handling.patch \
+		${PATCH_DIR}/z0016-SELinux-Stub-in-copy-up-handling.patch \
-		${PATCH_DIR}/0017-SELinux-Handle-opening-of-a-unioned-file.patch \
+		${PATCH_DIR}/z0017-SELinux-Handle-opening-of-a-unioned-file.patch \
-		${PATCH_DIR}/0018-SELinux-Check-against-union-label-for-file-operation.patch \
+		${PATCH_DIR}/z0018-SELinux-Check-against-union-label-for-file-operation.patch \
-		${PATCH_DIR}/0019-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \
+		${PATCH_DIR}/z0019-kbuild-derive-relative-path-for-KBUILD_SRC-from-CURD.patch \
-		${PATCH_DIR}/0020-Don-t-verify-write-permissions-on-lower-inodes-on-ov.patch \
+		${PATCH_DIR}/z0020-Don-t-verify-write-permissions-on-lower-inodes-on-ov.patch \
-		${PATCH_DIR}/0021-Fix-unallocated-memory-access-in-TPM-eventlog-code.patch \
+		${PATCH_DIR}/z0021-Fix-unallocated-memory-access-in-TPM-eventlog-code.patch \
 "