mirror of
https://github.com/kata-containers/kata-containers.git
synced 2025-08-31 08:28:34 +00:00
Merge pull request #10488 from fidencio/topic/teach-our-machinery-to-deal-with-rc-kernels
build: kernel: Teach our machinery to deal with -rc kernels
This commit is contained in:
Fabiano Fidêncio
GitHub
@@ -151,8 +151,17 @@ get_kernel_modules_dir() {
|
||||
local numeric_final_version=${version}
|
||||
|
||||
# Every first release of a kernel is x.y, while the resulting folder would be x.y.0
|
||||
local rc=$(echo ${version} | grep -oE "\-rc[0-9]+$")
|
||||
if [ -n "${rc}" ]; then
|
||||
numeric_final_version="${numeric_final_version%"${rc}"}"
|
||||
fi
|
||||
|
||||
local dots=$(echo ${version} | grep -o '\.' | wc -l)
|
||||
[ "${dots}" == "1" ] && numeric_final_version="${version}.0"
|
||||
[ "${dots}" == "1" ] && numeric_final_version="${numeric_final_version}.0"
|
||||
|
||||
if [ -n "${rc}" ]; then
|
||||
numeric_final_version="${numeric_final_version}${rc}"
|
||||
fi
|
||||
|
||||
local kernel_modules_dir="${repo_root_dir}/tools/packaging/kata-deploy/local-build/build/${kernel_name}/builddir/kata-linux-${version}-${kernel_kata_config_version}/lib/modules/${numeric_final_version}"
|
||||
case ${kernel_name} in
|
||||
@@ -534,16 +543,18 @@ install_cached_kernel_tarball_component() {
|
||||
|
||||
#Install kernel asset
|
||||
install_kernel_helper() {
|
||||
local kernel_version_yaml_path="${1}"
|
||||
local kernel_yaml_path="${1}"
|
||||
local kernel_name="${2}"
|
||||
local extra_cmd="${3:-}"
|
||||
local extra_tarballs=""
|
||||
|
||||
export kernel_version="$(get_from_kata_deps .${kernel_version_yaml_path})"
|
||||
export kernel_version="$(get_from_kata_deps .${kernel_yaml_path}.version)"
|
||||
export kernel_url="$(get_from_kata_deps .${kernel_yaml_path}.url)"
|
||||
export kernel_kata_config_version="$(cat ${repo_root_dir}/tools/packaging/kernel/kata_config_version)"
|
||||
|
||||
if [[ "${kernel_name}" == "kernel"*"-confidential" ]]; then
|
||||
kernel_version="$(get_from_kata_deps .assets.kernel.confidential.version)"
|
||||
kernel_url="$(get_from_kata_deps .assets.kernel.confidential.url)"
|
||||
fi
|
||||
|
||||
if [[ "${kernel_name}" == "kernel"*"-confidential" ]]; then
|
||||
@@ -564,60 +575,54 @@ install_kernel_helper() {
|
||||
|
||||
info "build ${kernel_name}"
|
||||
info "Kernel version ${kernel_version}"
|
||||
DESTDIR="${destdir}" PREFIX="${prefix}" "${kernel_builder}" -v "${kernel_version}" ${extra_cmd}
|
||||
DESTDIR="${destdir}" PREFIX="${prefix}" "${kernel_builder}" -v "${kernel_version}" -f -u "${kernel_url}" "${extra_cmd}"
|
||||
}
|
||||
|
||||
#Install kernel asset
|
||||
install_kernel() {
|
||||
install_kernel_helper \
|
||||
"assets.kernel.version" \
|
||||
"assets.kernel" \
|
||||
"kernel" \
|
||||
"-f"
|
||||
""
|
||||
}
|
||||
|
||||
install_kernel_confidential() {
|
||||
local kernel_url="$(get_from_kata_deps .assets.kernel.confidential.url)"
|
||||
|
||||
export MEASURED_ROOTFS=yes
|
||||
|
||||
install_kernel_helper \
|
||||
"assets.kernel.confidential.version" \
|
||||
"assets.kernel.confidential" \
|
||||
"kernel-confidential" \
|
||||
"-x -u ${kernel_url}"
|
||||
"-x"
|
||||
}
|
||||
|
||||
install_kernel_dragonball_experimental() {
|
||||
install_kernel_helper \
|
||||
"assets.kernel-dragonball-experimental.version" \
|
||||
"assets.kernel-dragonball-experimental" \
|
||||
"kernel-dragonball-experimental" \
|
||||
"-e -t dragonball"
|
||||
}
|
||||
|
||||
install_kernel_nvidia_gpu_dragonball_experimental() {
|
||||
install_kernel_helper \
|
||||
"assets.kernel-dragonball-experimental.version" \
|
||||
"assets.kernel-dragonball-experimental" \
|
||||
"kernel-dragonball-experimental" \
|
||||
"-e -t dragonball -g nvidia -H deb"
|
||||
}
|
||||
|
||||
#Install GPU enabled kernel asset
|
||||
install_kernel_nvidia_gpu() {
|
||||
local kernel_url="$(get_from_kata_deps .assets.kernel.url)"
|
||||
|
||||
install_kernel_helper \
|
||||
"assets.kernel.version" \
|
||||
"assets.kernel" \
|
||||
"kernel-nvidia-gpu" \
|
||||
"-g nvidia -u ${kernel_url} -H deb"
|
||||
"-g nvidia -H deb"
|
||||
}
|
||||
|
||||
#Install GPU and TEE enabled kernel asset
|
||||
install_kernel_nvidia_gpu_confidential() {
|
||||
local kernel_url="$(get_from_kata_deps .assets.kernel.confidential.url)"
|
||||
|
||||
install_kernel_helper \
|
||||
"assets.kernel.confidential.version" \
|
||||
"assets.kernel.confidential" \
|
||||
"kernel-nvidia-gpu-confidential" \
|
||||
"-x -g nvidia -u ${kernel_url} -H deb"
|
||||
"-x -g nvidia -H deb"
|
||||
}
|
||||
|
||||
install_qemu_helper() {
|
||||
|
||||
@@ -134,28 +134,6 @@ check_initramfs_or_die() {
|
||||
die "Initramfs for measured rootfs not found at ${default_initramfs}"
|
||||
}
|
||||
|
||||
get_tee_kernel() {
|
||||
local version="${1}"
|
||||
local kernel_path="${2}"
|
||||
local tee="${3}"
|
||||
|
||||
mkdir -p ${kernel_path}
|
||||
|
||||
if [ -z "${kernel_url}" ]; then
|
||||
kernel_url=$(get_from_kata_deps ".assets.kernel.${tee}.url")
|
||||
fi
|
||||
|
||||
local kernel_tarball="${version}.tar.gz"
|
||||
|
||||
# Depending on where we're getting the tarball from it may have a
|
||||
# different name, such as linux-${version}.tar.gz or simply
|
||||
# ${version}.tar.gz. Let's try both before failing.
|
||||
curl --fail -L "${kernel_url}/linux-${kernel_tarball}" -o ${kernel_tarball} || curl --fail -OL "${kernel_url}/${kernel_tarball}"
|
||||
|
||||
mkdir -p ${kernel_path}
|
||||
tar --strip-components=1 -xf ${kernel_tarball} -C ${kernel_path}
|
||||
}
|
||||
|
||||
get_kernel() {
|
||||
local version="${1:-}"
|
||||
|
||||
@@ -163,44 +141,57 @@ get_kernel() {
|
||||
[ -n "${kernel_path}" ] || die "kernel_path not provided"
|
||||
[ ! -d "${kernel_path}" ] || die "kernel_path already exist"
|
||||
|
||||
if [ "${conf_guest}" != "" ]; then
|
||||
get_tee_kernel ${version} ${kernel_path} ${conf_guest}
|
||||
return
|
||||
fi
|
||||
|
||||
#Remove extra 'v'
|
||||
version=${version#v}
|
||||
|
||||
major_version=$(echo "${version}" | cut -d. -f1)
|
||||
kernel_tarball="linux-${version}.tar.xz"
|
||||
local major_version=$(echo "${version}" | cut -d. -f1)
|
||||
local rc=$(echo "${version}" | grep -oE "\-rc[0-9]+$")
|
||||
|
||||
if [[ -f "${kernel_tarball}.sha256" ]] && (grep -qF "${kernel_tarball}" "${kernel_tarball}.sha256"); then
|
||||
info "Restore valid ${kernel_tarball}.sha256 to sha256sums.asc"
|
||||
cp -f "${kernel_tarball}.sha256" sha256sums.asc
|
||||
else
|
||||
shasum_url="https://cdn.kernel.org/pub/linux/kernel/v${major_version}.x/sha256sums.asc"
|
||||
info "Download kernel checksum file: sha256sums.asc from ${shasum_url}"
|
||||
curl --fail -OL "${shasum_url}"
|
||||
if (grep -F "${kernel_tarball}" sha256sums.asc >"${kernel_tarball}.sha256"); then
|
||||
info "sha256sums.asc is valid, ${kernel_tarball}.sha256 generated"
|
||||
local tar_suffix="tar.xz"
|
||||
if [ -n "${rc}" ]; then
|
||||
tar_suffix="tar.gz"
|
||||
fi
|
||||
kernel_tarball="linux-${version}.${tar_suffix}"
|
||||
|
||||
if [ -z "${rc}" ]; then
|
||||
if [[ -f "${kernel_tarball}.sha256" ]] && (grep -qF "${kernel_tarball}" "${kernel_tarball}.sha256"); then
|
||||
info "Restore valid ${kernel_tarball}.sha256 to sha256sums.asc"
|
||||
cp -f "${kernel_tarball}.sha256" sha256sums.asc
|
||||
else
|
||||
die "sha256sums.asc is invalid"
|
||||
shasum_url="https://cdn.kernel.org/pub/linux/kernel/v${major_version}.x/sha256sums.asc"
|
||||
info "Download kernel checksum file: sha256sums.asc from ${shasum_url}"
|
||||
curl --fail -OL "${shasum_url}"
|
||||
if (grep -F "${kernel_tarball}" sha256sums.asc >"${kernel_tarball}.sha256"); then
|
||||
info "sha256sums.asc is valid, ${kernel_tarball}.sha256 generated"
|
||||
else
|
||||
die "sha256sums.asc is invalid"
|
||||
fi
|
||||
fi
|
||||
else
|
||||
info "Release candidate kernels are not part of the official sha256sums.asc -- skipping sha256sum validation"
|
||||
fi
|
||||
|
||||
if [ -f "${kernel_tarball}" ]; then
|
||||
if [ -n "${rc}" ] && ! sha256sum -c "${kernel_tarball}.sha256"; then
|
||||
info "invalid kernel tarball ${kernel_tarball} removing "
|
||||
rm -f "${kernel_tarball}"
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f "${kernel_tarball}" ] && ! sha256sum -c "${kernel_tarball}.sha256"; then
|
||||
info "invalid kernel tarball ${kernel_tarball} removing "
|
||||
rm -f "${kernel_tarball}"
|
||||
fi
|
||||
if [ ! -f "${kernel_tarball}" ]; then
|
||||
kernel_tarball_url="https://www.kernel.org/pub/linux/kernel/v${major_version}.x/${kernel_tarball}"
|
||||
if [ -n "${kernel_url}" ]; then
|
||||
kernel_tarball_url="${kernel_url}${kernel_tarball}"
|
||||
fi
|
||||
info "Download kernel version ${version}"
|
||||
info "Download kernel"
|
||||
curl --fail -OL "https://www.kernel.org/pub/linux/kernel/v${major_version}.x/${kernel_tarball}"
|
||||
info "Download kernel from: ${kernel_tarball_url}"
|
||||
curl --fail -OL "${kernel_tarball_url}"
|
||||
else
|
||||
info "kernel tarball already downloaded"
|
||||
fi
|
||||
|
||||
sha256sum -c "${kernel_tarball}.sha256"
|
||||
if [ -z "${rc}" ]; then
|
||||
sha256sum -c "${kernel_tarball}.sha256"
|
||||
fi
|
||||
|
||||
tar xf "${kernel_tarball}"
|
||||
|
||||
|
||||
@@ -1 +1 @@
|
||||
138
|
||||
139
|
||||
|
||||
@@ -207,7 +207,7 @@ assets:
|
||||
|
||||
kernel-dragonball-experimental:
|
||||
description: "Linux kernel with Dragonball VMM optimizations like upcall"
|
||||
url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/"
|
||||
url: "https://cdn.kernel.org/pub/linux/kernel/v6.x/"
|
||||
version: "v6.1.62"
|
||||
|
||||
externals:
|
||||
|
||||
Reference in New Issue
Block a user