diff --git a/.github/workflows/master.yml b/.github/workflows/build-trusted.yml similarity index 71% rename from .github/workflows/master.yml rename to .github/workflows/build-trusted.yml index c76f7aa..708a0fe 100644 --- a/.github/workflows/master.yml +++ b/.github/workflows/build-trusted.yml @@ -1,20 +1,16 @@ -name: Kernel Build +name: Kernel Build (Trusted) -on: - push: - branches: - - master - - flavor/* +on: pull_request jobs: - build: + build: + name: Build runs-on: [self-hosted] strategy: matrix: include: - - build_type: 'generic' - build_cc: gcc-10 - if: "!contains(github.event.head_commit.message, 'skip ci')" + - build_cc: gcc-10 + if: github.event.pull_request.head.repo.full_name == github.repository && !contains(github.event.head_commit.message, 'skip ci') steps: - name: Checkout Sources uses: actions/checkout@v2 @@ -23,9 +19,7 @@ jobs: - name: Build Kernel run: make env: - PVE_BUILD_TYPE: ${{ matrix.build_type }} PVE_BUILD_CC: ${{ matrix.build_cc }} - PVE_BUILD_CFLAGS: ${{ matrix.build_cflags }} - name: Read Build Information id: read_build_info run: | @@ -38,3 +32,4 @@ jobs: with: name: debs-${{ matrix.build_type }} path: "*.deb" + diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2de62b5..176714f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -2,10 +2,13 @@ name: Kernel Release on: push: - tags: v* + tags: + - v* + - flavor/*/v* jobs: build: + name: Build runs-on: [self-hosted, build] strategy: matrix: @@ -43,6 +46,7 @@ jobs: name: debs-${{ matrix.build_type }} path: "*.deb" publish: + name: Publish runs-on: [self-hosted] needs: build steps: @@ -68,7 +72,7 @@ jobs: - name: Create Release uses: softprops/action-gh-release@v1 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: name: pve-edge-kernel ${{ steps.format_release.outputs.release }} body: ${{ steps.format_release.outputs.changelog }} diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml new file mode 100644 index 0000000..1ee03e0 --- /dev/null +++ b/.github/workflows/update.yml @@ -0,0 +1,71 @@ +name: Kernel Update + +on: + workflow_dispatch: + inputs: + tag: + description: 'Tag of the Linux Kernel to update to' + required: true + version: + description: 'Custom version number' + required: false + release: + description: 'Custom release number' + required: false + +jobs: + update: + name: Update + runs-on: [ubuntu-latest] + steps: + - name: Checkout Sources + uses: actions/checkout@v2 + with: + submodules: recursive + - uses: tibdex/github-app-token@v1 + id: generate-token + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.APP_PRIVATE_KEY }} + - name: Setup System Dependencies + run: sudo apt install devscripts + - name: Update Kernel + id: update + run: | + TAG=${{ github.event.inputs.tag }} + VERSION=${{ github.event.inputs.version }} + RELEASE=${{ github.event.inputs.release }} + VERSION_OPT=${VERSION:+-v ${VERSION}} + RELEASE_OPT=${RELEASE:+-r ${RELEASE}} + ./scripts/update.sh -t ${{ github.event.inputs.tag }} $VERSION_OPT $RELEASE_OPT + echo "::set-output name=version::$(scripts/version.sh -L)" + echo "::set-output name=full::$(scripts/version.sh)" + changelog=$(dpkg-parsechangelog -c 1 -l debian/changelog) + changelog="${changelog//'%'/'%25'}" + changelog="${changelog//$'\n'/'%0A'}" + changelog="${changelog//$'\r'/'%0D'}" + echo "::set-output name=changelog::$changelog" + base=$(scripts/version.sh -B) + echo "::set-output name=base::$base" + echo "::set-output name=branch::${GITHUB_REF##*/}" + - name: Create Pull Request + uses: peter-evans/create-pull-request@v3 + with: + token: ${{ steps.generate-token.outputs.token }} # Custom token needed to recursively trigger workflows + commit-message: | + Add Linux ${{ steps.update.outputs.version }} + + This change updates the kernel to Linux ${{ steps.update.outputs.version }} based on Ubuntu ${{ steps.update.output.base }}. + branch: staging/v${{ steps.update.outputs.full }} + branch-suffix: short-commit-hash + delete-branch: true + title: "Add Linux ${{ steps.update.outputs.version }}" + body: | + Automated pull request to update the kernel to Linux ${{ steps.update.outputs.version }}. + + **Changelog:** + ``` + ${{ steps.update.outputs.changelog }} + ``` + labels: | + release diff --git a/.gitignore b/.gitignore index 1adde8b..533f933 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,6 @@ -ubuntu-zesty +# Build artifacts +build *.prepared +config*.org +*.deb +*.ddeb diff --git a/Makefile b/Makefile index c178299..6cd1260 100644 --- a/Makefile +++ b/Makefile @@ -157,4 +157,5 @@ abi-tmp-${KVNAME}: .PHONY: clean clean: rm -rf *~ build *.prepared ${KERNEL_CFG_ORG} - rm -f *.deb *.changes *.buildinfo release.txt artifacts.txt + rm -f *.deb *.ddeb *.changes *.buildinfo release.txt artifacts.txt + rm -f debian/control debian/pve-edge-*.postinst debian/pve-edge-*.prerm debian/pve-edge-*.postrm debian/rules.d/env.mk diff --git a/README.md b/README.md index e8d4026..423aecd 100644 --- a/README.md +++ b/README.md @@ -8,7 +8,7 @@ Custom Linux kernels for Promox VE 6. #### Flavors 1. Proxmox -2. Clear Linux +2. [Navi Reset](https://github.com/fabianishere/pve-edge-kernel/issues/5) #### Microarchitectures 1. Generic @@ -37,6 +37,65 @@ by updating `/etc/apparmor/parser.conf` as follows: features-file=/usr/share/apparmor-features/features.stock ``` +## Building manually +You may also choose to manually build one of these kernels yourself. + +#### Prerequisites +Make sure you have at least 30GB of free space available and have the following +packages installed: + +```bash +apt install devscripts asciidoc-base automake bc bison cpio dh-python flex git kmod libdw-dev libelf-dev libiberty-dev libnuma-dev libpve-common-perl libslang2-dev libssl-dev libtool lintian lz4 perl-modules python2-minimal rsync sed sphinx-common tar xmlto zlib1g-dev dwarves +``` +In case you are building a kernel version >= 5.8, make sure you have installed at least [dwarves >= 1.16.0](https://packages.debian.org/bullseye/dwarves). +Unfortunately, this version is currently only available in the Debian Testing and Debian Unstable repositories. To work around this issue, we describe two options: + +1. You may add the Debian Testing repository to your APT sources as described [here](https://serverfault.com/a/382101) and install the newer `dwarves` package as follows: +```shell +apt install -t testing dwarves +``` +2. Alternatively, you may [download](https://packages.debian.org/bullseye/dwarves) the newer `dwarves` (>= 1.16) package from the Debian website and install the package manually, for example: +```shell +wget http://ftp.us.debian.org/debian/pool/main/d/dwarves-dfsg/dwarves_1.17-1_amd64.deb +apt install ./dwarves_1.17-1_amd64.deb +``` + +#### Obtaining the source +```bash +git clone https://github.com/fabianishere/pve-edge-kernel +cd pve-ede-kernel +git submodule update --init --depth=1 --recursive submodules/ubuntu-mainline +git submodule update --init --recursive +``` +Afterwards, select the branch of your likings (e.g. `v5.8.x`). + +#### Building +Invoking the following command will build the kernel and its associated packages: +```bash +make +``` +The Makefile provides several environmental variables to control: + +1. `PVE_BUILD_FLAVOR` + The name of the kernel flavor which represents a selection of kernel + functionality (e.g. [hardened](https://github.com/anthraxx/linux-hardened) or [zen](https://github.com/zen-kernel/zen-kernel)). + This name is part of the kernel version and package name, which means that you + can have multiple flavors of the same kernel installed alongside each other. + Note that the name itself does not control the selection of kernel functionality. +2. `PVE_BUILD_TYPE` (default `generic`) + The name of the kernel build type which represents the compilation options of + the kernel (e.g. optimization level or micro architecture). + This name is appended as suffix to the Debian package version in case it is not + the default value. +3. `PVE_BUILD_CC` + The compiler to use for the kernel build. +4. `PVE_BUILD_CFLAGS` + The compilation options to use for the kernel build. Use this variable to specify + the optimization level or micro architecture to build for. + +Kernel options may be controlled from the [debian/rules](debian/rules) file. To build with +additional patches, you may add them to the [patches/pve](patches/pve) directory. + ## Questions If you have any questions or want to see additional versions, flavors or micro architectures being built, feel free to open an issue on Github. diff --git a/scripts/update.sh b/scripts/update.sh new file mode 100755 index 0000000..43d87fa --- /dev/null +++ b/scripts/update.sh @@ -0,0 +1,97 @@ +#1/bin/bash +# Script to prepare update for new kernel release +set -e +set -o pipefail + +LINUX_REPOSITORY=submodules/ubuntu-mainline + +while getopts "R:t:b:v:r:h" OPTION; do + case $OPTION in + R) + LINUX_REPOSITORY=$OPTARG + ;; + t) + LINUX_TAG=$OPTARG + ;; + b) + LINUX_BASE=$OPTARG + ;; + v) + LINUX_VERSION=$OPTARG + ;; + r) + LINUX_PACKAGE_RELEASE=$OPTARG + ;; + h) + echo "update.sh -rtbh" + echo " -R path to Linux Git repository" + echo " -t tag in Linux Git repository to pick" + echo " -b manual basis for this kernel" + echo " -v manual version for this kernel" + echo " -r manual release version for this kernel" + echo " -h this help message" + exit 1 + ;; + *) + echo "Incorrect options provided" + exit 1 + ;; + esac +done + +# Fetch from Git repository +echo "Fetching $LINUX_TAG from Linux Git repository..." + +git --git-dir $LINUX_REPOSITORY/.git fetch origin --depth 1 $LINUX_TAG +git --git-dir $LINUX_REPOSITORY/.git checkout FETCH_HEAD + +if [[ -z "$LINUX_BASE" ]]; then + # Parse the Ubuntu base from which our build is derived + UBUNTU_BASE=$(git --git-dir $LINUX_REPOSITORY/.git log -1 --pretty=%B | sed -n "s/^.*Ubuntu-\([0-9.-]*\).*$/\1/p") + LINUX_BASE="Ubuntu $UBUNTU_BASE" +fi + +if [[ -z "$LINUX_VERSION" ]]; then + # Parse the Linux version from the Linux repository if it not provided by the user + LINUX_VERSION=$(dpkg-parsechangelog -l $LINUX_REPOSITORY/debian.master/changelog --show-field Version | sed -n "s/^\([0-9.]*\).*$/\1/p") +fi + +echo "Using Linux $LINUX_VERSION based on $LINUX_BASE." + +# Prepare Debian changelog +sed -e "s/@KVNAME@/$LINUX_VERSION/g" -e "s/@KVMAJMIN@/$LINUX_VERSION_MAJOR.$LINUX_VERSION_MINOR/g" < debian/control.in > debian/control + +LINUX_VERSION_MAJOR=$(echo $LINUX_VERSION | cut -d. -f1) +LINUX_VERSION_MINOR=$(echo $LINUX_VERSION | cut -d. -f2) +LINUX_VERSION_PATCH=$(echo $LINUX_VERSION | cut -d. -f3) +LINUX_VERSION_PATCH=${LINUX_VERSION_PATCH:-0} # Default to 0 + +LINUX_PACKAGE_RELEASE_PREVIOUS=$(scripts/version.sh -r) + +# Check whether we need to increment the package release +if [[ -n $LINUX_PACKAGE_RELEASE ]]; then + echo "Using custom package release $LINUX_PACKAGE_RELEASE" +elif [[ $LINUX_VERSION == "$(scripts/version.sh -L)" ]]; then + LINUX_PACKAGE_RELEASE=$((LINUX_PACKAGE_RELEASE_PREVIOUS + 1)) + echo "Incrementing package release to $LINUX_PACKAGE_RELEASE" +else + LINUX_PACKAGE_RELEASE=1 + echo "New package release" +fi + +echo "Updating Makefile..." +# Update the Makefile with the proper version numbers +sed -i Makefile \ + -e "s/^KERNEL_MAJ=[0-9]*$/KERNEL_MAJ=$LINUX_VERSION_MAJOR/" \ + -e "s/^KERNEL_MIN=[0-9]*$/KERNEL_MIN=$LINUX_VERSION_MINOR/" \ + -e "s/^KERNEL_PATCHLEVEL=[0-9]*$/KERNEL_PATCHLEVEL=$LINUX_VERSION_PATCH/" \ + -e "s/^KREL=[0-9]*$/KREL=1/" \ + -e "s/^PKGREL=[0-9]*$/PKGREL=$LINUX_PACKAGE_RELEASE/" + +echo "Generating entry for change log..." +# Generate a changelog entry +debchange -v $LINUX_VERSION-$LINUX_PACKAGE_RELEASE -D edge --force-distribution -U -M "Update to Linux $LINUX_VERSION based on $LINUX_BASE." + +echo "Cleaning up" +rm -f debian/control + diff --git a/scripts/version.sh b/scripts/version.sh new file mode 100755 index 0000000..18a8c77 --- /dev/null +++ b/scripts/version.sh @@ -0,0 +1,72 @@ +#!/bin/bash +# Script for parsing version information in the repository +set -e +set -o pipefail + +LINUX_REPOSITORY=submodules/ubuntu-mainline +LINUX_VERSION_MAJOR=$(sed -n "s/^KERNEL_MAJ=\([0-9]*$\)/\1/p" < Makefile | xargs) +LINUX_VERSION_MINOR=$(sed -n "s/^KERNEL_MIN=\([0-9]*$\)/\1/p" < Makefile | xargs) +LINUX_VERSION_PATCHLEVEL=$(sed -n "s/^KERNEL_PATCHLEVEL=\([0-9]*$\)/\1/p" < Makefile | xargs) +LINUX_VERSION_PATCHLEVEL=${LINUX_VERSION_PATCHLEVEL:-0} +LINUX_VERSION=$LINUX_VERSION_MAJOR.$LINUX_VERSION_MINOR.$LINUX_VERSION_PATCHLEVEL +LINUX_PACKAGE_RELEASE=$(sed -n "s/^PKGREL=\(.*\)$/\1/p" < Makefile | xargs) +LINUX_FLAVOR=$(sed -n "s/^PVE_BUILD_TYPE ?=\(.*\)$/\1/p" < Makefile | xargs) + +while getopts "MmprfdLBh" OPTION; do + case $OPTION in + M) + echo $LINUX_VERSION_MAJOR + exit 0 + ;; + + m) + echo $LINUX_VERSION_MINOR + exit 0 + ;; + p) + echo $LINUX_VERSION_PATCHLEVEL + exit 0 + ;; + r) + echo $LINUX_PACKAGE_RELEASE + exit 0 + ;; + f) + echo $LINUX_FLAVOR + exit 0 + ;; + f) + echo $LINUX_FLAVOR + exit 0 + ;; + L) + echo $LINUX_VERSION + exit 0 + ;; + B) + echo $(git --git-dir $LINUX_REPOSITORY/.git log -1 --pretty=%B | sed -n "s/^.*Ubuntu-\([0-9.-]*\).*$/\1/p") + exit 0 + ;; + h) + echo "commit.sh [-Mmprfh]]" + echo " -M major version" + echo " -m minor version" + echo " -p patch version" + echo " -r package release" + echo " -f flavor name" + echo " -L Linux version" + echo " -h this help message" + exit 1 + ;; + *) + echo "Incorrect options provided" + exit 1 + ;; + esac +done + +if [[ -z "$LINUX_FLAVOR" ]]; then + LINUX_FLAVOR_SUFFIX=-$LINUX_FLAVOR +fi + +echo "$LINUX_VERSION$LINUX_FLAVOR_SUFFIX-$LINUX_PACKAGE_RELEASE"