From 5ab0744c2537f904d2ce77a93b6bbaaa0c682ece Mon Sep 17 00:00:00 2001 From: Agam Dua Date: Tue, 27 Jan 2026 08:51:25 -0800 Subject: [PATCH] ci: Add pipeline for building and distributing the debug kernel Add the debug kernel to the kata tarball alongside the other kernels. Also update the kernel README documentation to describe the new debug kernel build process. Signed-off-by: Agam Dua --- .../build-kata-static-tarball-amd64.yaml | 2 ++ .../build-kata-static-tarball-arm64.yaml | 1 + .../build-kata-static-tarball-s390x.yaml | 2 ++ tools/packaging/kata-deploy/local-build/Makefile | 10 ++++++++++ .../local-build/kata-deploy-binaries.sh | 14 ++++++++++++++ tools/packaging/kernel/README.md | 15 ++++++++++++++- tools/packaging/kernel/build-kernel.sh | 4 ++++ 7 files changed, 47 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-kata-static-tarball-amd64.yaml b/.github/workflows/build-kata-static-tarball-amd64.yaml index 9bcdd81ec2..4c08b3ad4b 100644 --- a/.github/workflows/build-kata-static-tarball-amd64.yaml +++ b/.github/workflows/build-kata-static-tarball-amd64.yaml @@ -47,6 +47,8 @@ jobs: - coco-guest-components - firecracker - kernel + - kernel-confidential + - kernel-debug - kernel-dragonball-experimental - kernel-nvidia-gpu - nydus diff --git a/.github/workflows/build-kata-static-tarball-arm64.yaml b/.github/workflows/build-kata-static-tarball-arm64.yaml index 959e1597ef..5205e0768d 100644 --- a/.github/workflows/build-kata-static-tarball-arm64.yaml +++ b/.github/workflows/build-kata-static-tarball-arm64.yaml @@ -45,6 +45,7 @@ jobs: - cloud-hypervisor - firecracker - kernel + - kernel-debug - kernel-dragonball-experimental - kernel-nvidia-gpu - kernel-cca-confidential diff --git a/.github/workflows/build-kata-static-tarball-s390x.yaml b/.github/workflows/build-kata-static-tarball-s390x.yaml index 80a9295c6f..cf015d3d59 100644 --- a/.github/workflows/build-kata-static-tarball-s390x.yaml +++ b/.github/workflows/build-kata-static-tarball-s390x.yaml @@ -44,6 +44,8 @@ jobs: - agent - coco-guest-components - kernel + - kernel-confidential + - kernel-debug - pause-image - qemu - virtiofsd diff --git a/tools/packaging/kata-deploy/local-build/Makefile b/tools/packaging/kata-deploy/local-build/Makefile index bc5a40a4dc..b54fca234e 100644 --- a/tools/packaging/kata-deploy/local-build/Makefile +++ b/tools/packaging/kata-deploy/local-build/Makefile @@ -20,6 +20,8 @@ endif ifeq ($(ARCH), x86_64) BASE_TARBALLS = serial-targets \ firecracker-tarball \ + kernel-confidential-tarball \ + kernel-debug-tarball \ kernel-dragonball-experimental-tarball \ kernel-nvidia-gpu-tarball \ kernel-tarball \ @@ -42,6 +44,7 @@ BASE_SERIAL_TARBALLS = rootfs-image-tarball \ cloud-hypervisor-glibc-tarball else ifeq ($(ARCH), s390x) BASE_TARBALLS = serial-targets \ + kernel-debug-tarball \ kernel-tarball \ qemu-tarball \ shim-v2-tarball \ @@ -51,6 +54,7 @@ BASE_SERIAL_TARBALLS = rootfs-image-tarball \ else ifeq ($(ARCH), aarch64) BASE_TARBALLS = serial-targets \ kernel-cca-confidential-tarball \ + kernel-debug-tarball \ kernel-tarball \ qemu-tarball \ qemu-cca-experimental-tarball \ @@ -137,6 +141,12 @@ kernel-nvidia-gpu-tarball: kernel-tarball: ${MAKE} $@-build +ernel-debug-tarball: + ${MAKE} $@-build + +kernel-confidential-tarball: + ${MAKE} $@-build + kernel-cca-confidential-tarball: ${MAKE} $@-build diff --git a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh index 8d0b6fbd3f..298fa2cc0a 100755 --- a/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh +++ b/tools/packaging/kata-deploy/local-build/kata-deploy-binaries.sh @@ -114,6 +114,7 @@ options: kata-manager kernel kernel-cca-confidential + kernel-debug kernel-dragonball-experimental kernel-experimental kernel-nvidia-gpu @@ -716,6 +717,15 @@ install_kernel() { "${extra_cmd}" } +install_kernel_debug() { + export KERNEL_DEBUG_ENABLED="yes" + + install_kernel_helper \ + "assets.kernel" \ + "kernel-debug" \ + "" +} + install_kernel_cca_confidential() { export CONFIDENTIAL_GUEST="yes" export MEASURED_ROOTFS="yes" @@ -1319,6 +1329,10 @@ handle_build() { kernel) install_kernel ;; + kernel-confidential) install_kernel_confidential ;; + + kernel-debug) install_kernel_debug ;; + kernel-cca-confidential) install_kernel_cca_confidential ;; kernel-dragonball-experimental) install_kernel_dragonball_experimental ;; diff --git a/tools/packaging/kernel/README.md b/tools/packaging/kernel/README.md index 73e6738fed..22618e1b82 100644 --- a/tools/packaging/kernel/README.md +++ b/tools/packaging/kernel/README.md @@ -12,7 +12,8 @@ It also requires [yq](https://github.com/mikefarah/yq) version v4.40.7. > **Hint**: `go install github.com/mikefarah/yq/v4@latest` -The Linux kernel scripts further require a few packages (flex, bison, and libelf-dev) +The Linux kernel scripts further require a few packages (flex, bison, libelf-dev, and +dwarves for BTF generation in debug kernels). ## Usage @@ -73,6 +74,18 @@ containers path (`/usr/share/kata-containers/`). $ sudo ./build-kernel.sh install ``` +## Debug Kernel + +Kata Containers provides a kernel with debug configs enabled (symbols, BTF, tracing). + +To build this debug kernel, set `KERNEL_DEBUG_ENABLED=yes` for **all phases**: + +```bash +$ KERNEL_DEBUG_ENABLED=yes ./build-kernel.sh setup +$ KERNEL_DEBUG_ENABLED=yes ./build-kernel.sh build +$ sudo KERNEL_DEBUG_ENABLED=yes ./build-kernel.sh install +``` + ## Submit Kernel Changes Kata Containers packaging repository holds the kernel configs and patches. The diff --git a/tools/packaging/kernel/build-kernel.sh b/tools/packaging/kernel/build-kernel.sh index d6fa698573..db237c01b2 100755 --- a/tools/packaging/kernel/build-kernel.sh +++ b/tools/packaging/kernel/build-kernel.sh @@ -583,6 +583,10 @@ install_kata() { fi fi + if [[ ${KERNEL_DEBUG_ENABLED} == "yes" ]]; then + suffix="-debug${suffix}" + fi + vmlinuz="vmlinuz-${kernel_version}-${config_version}${suffix}" vmlinux="vmlinux-${kernel_version}-${config_version}${suffix}"