-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat: Rewrite build system to use
make, add CI/CD configuration, ad…
…d explicit patch and config configuration, setup Hydrun
- Loading branch information
Showing
16 changed files
with
196 additions
and
95 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,82 @@ | ||
| name: hydrun CI | ||
|
|
||
| on: | ||
| push: | ||
| pull_request: | ||
| schedule: | ||
| - cron: "0 0 * * 0" | ||
|
|
||
| jobs: | ||
| build-linux: | ||
| runs-on: ubuntu-latest | ||
| strategy: | ||
| matrix: | ||
| target: | ||
| - id: fedora-hetzner | ||
| src: . | ||
| os: fedora:39 | ||
| flags: "" | ||
| cmd: ./Hydrunfile fedora hetzner | ||
| dst: out/* | ||
|
|
||
| steps: | ||
| - name: Maximize build space | ||
| run: | | ||
| sudo rm -rf /usr/share/dotnet | ||
| sudo rm -rf /usr/local/lib/android | ||
| sudo rm -rf /opt/ghc | ||
| - name: Checkout | ||
| uses: actions/checkout@v2 | ||
| - name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v1 | ||
| - name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v1 | ||
| - name: Set up hydrun | ||
| run: | | ||
| curl -L -o /tmp/hydrun "https://github.com/pojntfx/hydrun/releases/latest/download/hydrun.linux-$(uname -m)" | ||
| sudo install /tmp/hydrun /usr/local/bin | ||
| - name: Build with hydrun | ||
| working-directory: ${{ matrix.target.src }} | ||
| env: | ||
| PGP_KEY: ${{ secrets.PGP_KEY }} | ||
| PGP_KEY_PASSWORD: ${{ secrets.PGP_KEY_PASSWORD }} | ||
| PGP_KEY_ID: ${{ secrets.PGP_KEY_ID }} | ||
| run: hydrun -o ${{ matrix.target.os }} ${{ matrix.target.flags }} "PGP_KEY=${PGP_KEY} PGP_KEY_PASSWORD=${PGP_KEY_PASSWORD} PGP_KEY_ID=${PGP_KEY_ID} ${{ matrix.target.cmd }}" | ||
| - name: Upload output | ||
| uses: actions/upload-artifact@v2 | ||
| with: | ||
| name: ${{ matrix.target.id }} | ||
| path: ${{ matrix.target.dst }} | ||
|
|
||
| publish-linux: | ||
| runs-on: ubuntu-latest | ||
| needs: build-linux | ||
|
|
||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v2 | ||
| - name: Download output | ||
| uses: actions/download-artifact@v2 | ||
| with: | ||
| path: /tmp/out | ||
| - name: Isolate the repositories | ||
| run: | | ||
| mkdir -p /tmp/github-pages | ||
| for dir in /tmp/out/*/; do | ||
| rsync -a "${dir}"/ /tmp/github-pages/ | ||
| done | ||
| - name: Add index for repositories | ||
| run: | | ||
| sudo apt update | ||
| sudo apt install -y tree | ||
| cd /tmp/github-pages/ | ||
| tree --timefmt '%Y-%m-%dT%H:%M:%SZ' -T 'Linux PVM Repositories' --du -h -D -H . -o 'index.html' | ||
| - name: Publish to GitHub pages | ||
| uses: peaceiris/actions-gh-pages@v3 | ||
| with: | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} | ||
| publish_dir: /tmp/github-pages/ | ||
| keep_files: true | ||
| user_name: github-actions[bot] | ||
| user_email: github-actions[bot]@users.noreply.github.com |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,2 +1,2 @@ | ||
| out | ||
| */linux | ||
| work |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,45 @@ | ||
| #!/bin/bash | ||
|
|
||
| set -e | ||
|
|
||
| # Build | ||
| if [ "$1" = "fedora" ]; then | ||
| # Install native dependencies | ||
| sudo dnf group install -y "Development Tools" | ||
| sudo dnf install -y fedora-packager rpmdevtools perl ccache rpm-sign | ||
| sudo dnf builddep -y kernel | ||
|
|
||
| # Configure Git | ||
| git config --global --add safe.directory '*' | ||
|
|
||
| # Configure PGP | ||
| echo "${PGP_KEY_PASSWORD}" | base64 -d >'/tmp/pgp-pass' | ||
| mkdir -p "${HOME}/.gnupg" | ||
| cat >"${HOME}/.gnupg/gpg.conf" <<EOT | ||
| yes | ||
| passphrase-file /tmp/pgp-pass | ||
| pinentry-mode loopback | ||
| EOT | ||
|
|
||
| echo "${PGP_KEY}" | base64 -d >'/tmp/private.pgp' | ||
| gpg --import /tmp/private.pgp | ||
|
|
||
| echo "%_signature gpg | ||
| %_gpg_name $(echo ${PGP_KEY_ID} | base64 -d)" >"${HOME}/.rpmmacros" | ||
|
|
||
| # Get kernel source | ||
| make clone | ||
|
|
||
| # Patch and configure kernel | ||
| make "copy/fedora/${2}" | ||
| make "patch/fedora/${2}" | ||
| make "configure/fedora/${2}" | ||
|
|
||
| # Build kernel | ||
| make -j$(nproc) "build/fedora/${2}" | ||
|
|
||
| # Package kernel | ||
| make -j$(nproc) "package/fedora/${2}" PGP_KEY_ID_BASE64="${PGP_KEY_ID}" | ||
|
|
||
| exit 0 | ||
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,66 @@ | ||
| SHELL := /bin/bash | ||
|
|
||
| obj = fedora/hetzner | ||
| all: $(addprefix build/,$(obj)) | ||
|
|
||
| clone: | ||
| rm -rf work/base/linux | ||
| mkdir -p work/base/linux | ||
| git clone --depth 1 --single-branch --branch pvm-fix https://github.com/virt-pvm/linux.git work/base/linux | ||
|
|
||
| copy: $(addprefix copy/,$(obj)) | ||
| copy/fedora/hetzner: | ||
| rm -rf work/fedora/hetzner | ||
| mkdir -p work/fedora/hetzner | ||
| cp -r work/base/linux work/fedora/hetzner/linux | ||
|
|
||
| patch: $(addprefix patch/,$(obj)) | ||
| patch/fedora/hetzner: | ||
| cd work/fedora/hetzner/linux && \ | ||
| git apply ../../../../patches/add-typedefs.patch && \ | ||
| git apply ../../../../patches/fix-installkernel.patch | ||
|
|
||
| configure: $(addprefix configure/,$(obj)) | ||
| # KVM_PVM: To enable PVM | ||
| # ADDRESS_MASKING: To prevent https://lore.kernel.org/all/CAHk-=wiOJOOyWvZOUsKppD068H3D=5dzQOJv5j2DU4rDPsJBBg@mail.gmail.com/T/ | ||
| # DEBUG_INFO_NONE etc.: To build the RPM much more quickly | ||
| # SYSTEM_TRUSTED_KEYS: To auto-generate certs | ||
| configure/fedora/hetzner: | ||
| cp configs/fedora/hetzner.config work/fedora/hetzner/linux/.config | ||
| cd work/fedora/hetzner/linux && \ | ||
| yes "" | $(MAKE) oldconfig && \ | ||
| scripts/config -m KVM_PVM && \ | ||
| scripts/config -d ADDRESS_MASKING && \ | ||
| scripts/config -e DEBUG_INFO_NONE && \ | ||
| scripts/config -d DEBUG_INFO_BTF && \ | ||
| scripts/config -d DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT && \ | ||
| scripts/config -d DEBUG_INFO_DWARF4 && \ | ||
| scripts/config -d DEBUG_INFO_DWARF5 && \ | ||
| scripts/config --set-str SYSTEM_TRUSTED_KEYS "" | ||
|
|
||
| build: $(addprefix build/,$(obj)) | ||
| build/fedora/hetzner: | ||
| rm -rf work/fedora/hetzner/linux/rpmbuild | ||
| echo '0' > work/fedora/hetzner/linux/.version | ||
| cd work/fedora/hetzner/linux && yes "" | CC="ccache gcc" $(MAKE) LOCALVERSION= EXTRAVERSION=-rc6-pvm-host-fedora-hetzner rpm-pkg | ||
| mkdir -p out/fedora/hetzner | ||
| cp work/fedora/hetzner/linux/rpmbuild/RPMS/x86_64/*.rpm out/fedora/hetzner | ||
|
|
||
| package: $(addprefix package/,$(obj)) | ||
| package/fedora/hetzner: | ||
| rpm --addsign out/fedora/hetzner/*.rpm | ||
| createrepo out/fedora/hetzner | ||
| gpg --detach-sign --armor --default-key $(shell echo ${PGP_KEY_ID_BASE64} | base64 -d) "out/fedora/hetzner/repodata/repomd.xml" | ||
| gpg --output "out/fedora/hetzner/repodata/repo.asc" --armor --export --default-key $(shell echo ${PGP_KEY_ID_BASE64} | base64 -d) | ||
| echo "[linux-pvm-ci]\ | ||
| name=Linux PVM Repository\ | ||
| baseurl=https://loopholelabs.github.io/linux-pvm-ci/fedora/hetzner\ | ||
| enabled=1\ | ||
| gpgcheck=1\ | ||
| gpgkey=https://loopholelabs.github.io/linux-pvm-ci/fedora/hetzner/repodata/repo.asc" > "out/fedora/hetzner/repodata/linux-pvm-ci.repo" | ||
|
|
||
| clean: $(addprefix clean/,$(obj)) | ||
| rm -rf work/base out | ||
|
|
||
| $(addprefix clean/,$(obj)): | ||
| rm -rf work/$(subst clean/,,$@) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
File renamed without changes.
File renamed without changes.