diff --git a/.github/workflows/hydrun.yaml b/.github/workflows/hydrun.yaml new file mode 100644 index 0000000..d6e01d2 --- /dev/null +++ b/.github/workflows/hydrun.yaml @@ -0,0 +1,82 @@ +name: hydrun CI + +on: + push: + pull_request: + schedule: + - cron: "0 0 * * 0" + +jobs: + build-linux: + runs-on: ubuntu-latest + strategy: + matrix: + target: + - id: fedora-hetzner + src: . + os: fedora:39 + flags: "" + cmd: ./Hydrunfile fedora hetzner + dst: out/* + + steps: + - name: Maximize build space + run: | + sudo rm -rf /usr/share/dotnet + sudo rm -rf /usr/local/lib/android + sudo rm -rf /opt/ghc + - name: Checkout + uses: actions/checkout@v2 + - name: Set up QEMU + uses: docker/setup-qemu-action@v1 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v1 + - name: Set up hydrun + run: | + curl -L -o /tmp/hydrun "https://github.com/pojntfx/hydrun/releases/latest/download/hydrun.linux-$(uname -m)" + sudo install /tmp/hydrun /usr/local/bin + - name: Build with hydrun + working-directory: ${{ matrix.target.src }} + env: + PGP_KEY: ${{ secrets.PGP_KEY }} + PGP_KEY_PASSWORD: ${{ secrets.PGP_KEY_PASSWORD }} + PGP_KEY_ID: ${{ secrets.PGP_KEY_ID }} + run: hydrun -o ${{ matrix.target.os }} ${{ matrix.target.flags }} "PGP_KEY=${PGP_KEY} PGP_KEY_PASSWORD=${PGP_KEY_PASSWORD} PGP_KEY_ID=${PGP_KEY_ID} ${{ matrix.target.cmd }}" + - name: Upload output + uses: actions/upload-artifact@v2 + with: + name: ${{ matrix.target.id }} + path: ${{ matrix.target.dst }} + + publish-linux: + runs-on: ubuntu-latest + needs: build-linux + + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Download output + uses: actions/download-artifact@v2 + with: + path: /tmp/out + - name: Isolate the repositories + run: | + mkdir -p /tmp/github-pages + for dir in /tmp/out/*/; do + rsync -a "${dir}"/ /tmp/github-pages/ + done + - name: Add index for repositories + run: | + sudo apt update + sudo apt install -y tree + + cd /tmp/github-pages/ + tree --timefmt '%Y-%m-%dT%H:%M:%SZ' -T 'Linux PVM Repositories' --du -h -D -H . -o 'index.html' + - name: Publish to GitHub pages + uses: peaceiris/actions-gh-pages@v3 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + publish_dir: /tmp/github-pages/ + keep_files: true + user_name: github-actions[bot] + user_email: github-actions[bot]@users.noreply.github.com diff --git a/.gitignore b/.gitignore index 3c6aa6f..2113d9e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,2 @@ out -*/linux +work diff --git a/Hydrunfile b/Hydrunfile new file mode 100755 index 0000000..dab21eb --- /dev/null +++ b/Hydrunfile @@ -0,0 +1,45 @@ +#!/bin/bash + +set -e + +# Build +if [ "$1" = "fedora" ]; then + # Install native dependencies + sudo dnf group install -y "Development Tools" + sudo dnf install -y fedora-packager rpmdevtools perl ccache rpm-sign + sudo dnf builddep -y kernel + + # Configure Git + git config --global --add safe.directory '*' + + # Configure PGP + echo "${PGP_KEY_PASSWORD}" | base64 -d >'/tmp/pgp-pass' + mkdir -p "${HOME}/.gnupg" + cat >"${HOME}/.gnupg/gpg.conf" <'/tmp/private.pgp' + gpg --import /tmp/private.pgp + + echo "%_signature gpg +%_gpg_name $(echo ${PGP_KEY_ID} | base64 -d)" >"${HOME}/.rpmmacros" + + # Get kernel source + make clone + + # Patch and configure kernel + make "copy/fedora/${2}" + make "patch/fedora/${2}" + make "configure/fedora/${2}" + + # Build kernel + make -j$(nproc) "build/fedora/${2}" + + # Package kernel + make -j$(nproc) "package/fedora/${2}" PGP_KEY_ID_BASE64="${PGP_KEY_ID}" + + exit 0 +fi diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..5350e7e --- /dev/null +++ b/Makefile @@ -0,0 +1,66 @@ +SHELL := /bin/bash + +obj = fedora/hetzner +all: $(addprefix build/,$(obj)) + +clone: + rm -rf work/base/linux + mkdir -p work/base/linux + git clone --depth 1 --single-branch --branch pvm-fix https://github.com/virt-pvm/linux.git work/base/linux + +copy: $(addprefix copy/,$(obj)) +copy/fedora/hetzner: + rm -rf work/fedora/hetzner + mkdir -p work/fedora/hetzner + cp -r work/base/linux work/fedora/hetzner/linux + +patch: $(addprefix patch/,$(obj)) +patch/fedora/hetzner: + cd work/fedora/hetzner/linux && \ + git apply ../../../../patches/add-typedefs.patch && \ + git apply ../../../../patches/fix-installkernel.patch + +configure: $(addprefix configure/,$(obj)) +# KVM_PVM: To enable PVM +# ADDRESS_MASKING: To prevent https://lore.kernel.org/all/CAHk-=wiOJOOyWvZOUsKppD068H3D=5dzQOJv5j2DU4rDPsJBBg@mail.gmail.com/T/ +# DEBUG_INFO_NONE etc.: To build the RPM much more quickly +# SYSTEM_TRUSTED_KEYS: To auto-generate certs +configure/fedora/hetzner: + cp configs/fedora/hetzner.config work/fedora/hetzner/linux/.config + cd work/fedora/hetzner/linux && \ + yes "" | $(MAKE) oldconfig && \ + scripts/config -m KVM_PVM && \ + scripts/config -d ADDRESS_MASKING && \ + scripts/config -e DEBUG_INFO_NONE && \ + scripts/config -d DEBUG_INFO_BTF && \ + scripts/config -d DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT && \ + scripts/config -d DEBUG_INFO_DWARF4 && \ + scripts/config -d DEBUG_INFO_DWARF5 && \ + scripts/config --set-str SYSTEM_TRUSTED_KEYS "" + +build: $(addprefix build/,$(obj)) +build/fedora/hetzner: + rm -rf work/fedora/hetzner/linux/rpmbuild + echo '0' > work/fedora/hetzner/linux/.version + cd work/fedora/hetzner/linux && yes "" | CC="ccache gcc" $(MAKE) LOCALVERSION= EXTRAVERSION=-rc6-pvm-host-fedora-hetzner rpm-pkg + mkdir -p out/fedora/hetzner + cp work/fedora/hetzner/linux/rpmbuild/RPMS/x86_64/*.rpm out/fedora/hetzner + +package: $(addprefix package/,$(obj)) +package/fedora/hetzner: + rpm --addsign out/fedora/hetzner/*.rpm + createrepo out/fedora/hetzner + gpg --detach-sign --armor --default-key $(shell echo ${PGP_KEY_ID_BASE64} | base64 -d) "out/fedora/hetzner/repodata/repomd.xml" + gpg --output "out/fedora/hetzner/repodata/repo.asc" --armor --export --default-key $(shell echo ${PGP_KEY_ID_BASE64} | base64 -d) + echo "[linux-pvm-ci]\ + name=Linux PVM Repository\ + baseurl=https://loopholelabs.github.io/linux-pvm-ci/fedora/hetzner\ + enabled=1\ + gpgcheck=1\ + gpgkey=https://loopholelabs.github.io/linux-pvm-ci/fedora/hetzner/repodata/repo.asc" > "out/fedora/hetzner/repodata/linux-pvm-ci.repo" + +clean: $(addprefix clean/,$(obj)) + rm -rf work/base out + +$(addprefix clean/,$(obj)): + rm -rf work/$(subst clean/,,$@) diff --git a/README.md b/README.md index aff2d27..e803123 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ Kernel package CI for Linux with PVM patches applied - +[![hydrun CI](https://github.com/loopholelabs/linux-pvm-ci/actions/workflows/hydrun.yaml/badge.svg)](https://github.com/loopholelabs/linux-pvm-ci/actions/workflows/hydrun.yaml) ## Overview diff --git a/base/1-dependencies.sh b/base/1-dependencies.sh deleted file mode 100755 index b31324f..0000000 --- a/base/1-dependencies.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -set -ex - -sudo dnf group install -y "Development Tools" -sudo dnf install -y fedora-packager rpmdevtools perl ccache rpm-sign -sudo dnf builddep -y kernel diff --git a/base/2-clone.sh b/base/2-clone.sh deleted file mode 100755 index 7de7fee..0000000 --- a/base/2-clone.sh +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -set -ex - -rm -rf ./base/linux -git clone --depth 1 --single-branch --branch pvm-fix https://github.com/virt-pvm/linux.git ./base/linux # Needed for PVM to also work on AMD diff --git a/base/3-patch.sh b/base/3-patch.sh deleted file mode 100755 index 05f438d..0000000 --- a/base/3-patch.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -set -ex - -cd ./base/linux - -git apply ../*.patch diff --git a/base/6-pgp.sh b/base/6-pgp.sh deleted file mode 100755 index 4c67505..0000000 --- a/base/6-pgp.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -set -ex - -echo "${PGP_KEY_PASSWORD}" | base64 -d >'/tmp/pgp-pass' -mkdir -p "${HOME}/.gnupg" -cat >"${HOME}/.gnupg/gpg.conf" <'/tmp/private.pgp' -gpg --import /tmp/private.pgp - -echo "%_signature gpg -%_gpg_name $(echo ${PGP_KEY_ID} | base64 -d)" >"${HOME}/.rpmmacros" diff --git a/base/7-createrepo.sh b/base/7-createrepo.sh deleted file mode 100755 index 83db1ea..0000000 --- a/base/7-createrepo.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash - -set -ex - -cd out - -rpm --addsign *.rpm - -createrepo . - -gpg --detach-sign --armor --default-key $(echo ${PGP_KEY_ID} | base64 -d) "repodata/repomd.xml" - -gpg --output "repodata/repo.asc" --armor --export --default-key $(echo ${PGP_KEY_ID} | base64 -d) - -echo "[linux-pvm-ci-repo] -name=Linux PVM repo -baseurl=https://loopholelabs.github.io/linux-pvm-ci -enabled=1 -gpgcheck=1 -gpgkey=https://loopholelabs.github.io/linux-pvm-ci/repodata/repo.asc" >"repodata/linux-pvm-ci.repo" diff --git a/fedora-hetzner/.config b/configs/fedora/hetzner.config similarity index 100% rename from fedora-hetzner/.config rename to configs/fedora/hetzner.config diff --git a/fedora-hetzner/README.md b/docs/fedora/hetzner.md similarity index 90% rename from fedora-hetzner/README.md rename to docs/fedora/hetzner.md index 67ffb2f..ef308e3 100644 --- a/fedora-hetzner/README.md +++ b/docs/fedora/hetzner.md @@ -1,7 +1,7 @@ # Linux PVM CI for Fedora on Hetzner ```shell -sudo dnf config-manager --add-repo 'https://loopholelabs.github.io/linux-pvm-ci/repodata/linux-pvm-ci.repo' +sudo dnf config-manager --add-repo 'https://loopholelabs.github.io/linux-pvm-ci/fedora/hetzner/repodata/linux-pvm-ci.repo' sudo dnf install -y kernel-6.7.0_rc6_pvm_host_fedora_hetzner-1.x86_64 ``` diff --git a/fedora-hetzner/4-configure.sh b/fedora-hetzner/4-configure.sh deleted file mode 100755 index 07cb84a..0000000 --- a/fedora-hetzner/4-configure.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash - -set -ex - -rm -rf fedora-hetzner/linux -cp -r base/linux fedora-hetzner/linux - -cp fedora-hetzner/.config fedora-hetzner/linux/.config - -cd fedora-hetzner/linux/ - -yes "" | make oldconfig - -scripts/config -m KVM_PVM -scripts/config -d ADDRESS_MASKING # To prevent https://lore.kernel.org/all/CAHk-=wiOJOOyWvZOUsKppD068H3D=5dzQOJv5j2DU4rDPsJBBg@mail.gmail.com/T/ -scripts/config -d DEBUG_INFO_BTF # To prevent https://lore.kernel.org/all/CAHk-=wiOJOOyWvZOUsKppD068H3D=5dzQOJv5j2DU4rDPsJBBg@mail.gmail.com/T/ -scripts/config -e DEBUG_INFO_NONE # To build the RPM much more quickly: https://stackoverflow.com/questions/62737956/compressing-all-files-inside-linux-kernel-rpm-package -scripts/config -d DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT # To disable debug info -scripts/config -d DEBUG_INFO_DWARF4 # To disable debug info -scripts/config -d DEBUG_INFO_DWARF5 # To disable debug info -scripts/config --set-str SYSTEM_TRUSTED_KEYS "" # To not require secureboot certs diff --git a/fedora-hetzner/5-build.sh b/fedora-hetzner/5-build.sh deleted file mode 100755 index 81ed453..0000000 --- a/fedora-hetzner/5-build.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash - -set -ex - -cd ./fedora-hetzner/linux - -export CC="ccache gcc" - -rm -rf rpmbuild -echo "0" >.version -yes "" | make -j$(nproc) LOCALVERSION= EXTRAVERSION=-rc6-pvm-host-fedora-hetzner rpm-pkg - -mkdir -p ../../out -cp rpmbuild/RPMS/x86_64/*.rpm ../../out diff --git a/base/add-typedefs.patch b/patches/add-typedefs.patch similarity index 100% rename from base/add-typedefs.patch rename to patches/add-typedefs.patch diff --git a/base/fix-installkernel.patch b/patches/fix-installkernel.patch similarity index 100% rename from base/fix-installkernel.patch rename to patches/fix-installkernel.patch