github/kata-containers
1
0
Fork 2
mirror of https://github.com/kata-containers/kata-containers.git synced 2026-04-02 18:13:57 +00:00
Code Issues Projects Releases Wiki Activity
Files
fd583d833b5b2275dad709f553fe2aba05947492
kata-containers/tools/packaging/kernel/build-kernel.sh
Agam Dua 91d6c39f06 kernel: Fix debug build and add debug symbols to installation 
Fixed a bug with the debug kernel build where common/ was repeated
after the common path variable, resulting in the debug
confs never being picked up.

This exposed a subsequent bug where the debug conf
was included in other builds, this is also fixed by creating a
separate directory for debug confs with one file at the moment,
debug.conf that contains debug configurations and bpf specific
configs.

To enable kernel builds (specifically for bpf) the dwarves package was added
to the kernel dockerfile for the pahole package.

Signed-off-by: Agam Dua <agam_dua@apple.com>
2026-03-20 14:50:23 -07:00

782 lines
24 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
#
# Copyright (c) 2018 Intel Corporation
#
# SPDX-License-Identifier: Apache-2.0
set -o errexit
set -o nounset
set -o pipefail
readonly script_name="$(basename "${BASH_SOURCE[0]}")"
readonly script_dir="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
#project_name
readonly project_name="kata-containers"
[ -n "${GOPATH:-}" ] || GOPATH="${HOME}/go"
# Fetch the first element from GOPATH as working directory
# as go get only works against the first item in the GOPATH
GOPATH="${GOPATH%%:*}"
# Kernel version to be used
kernel_version=""
# Flag know if need to download the kernel source
download_kernel=false
# Default path to search patches to apply to kernel
readonly default_patches_dir="${script_dir}/patches"
# Default path to search config for kata
readonly default_kernel_config_dir="${script_dir}/configs"
# Default path to search for kernel config fragments
readonly default_config_frags_dir="${script_dir}/configs/fragments"
readonly default_config_whitelist="${script_dir}/configs/fragments/whitelist.conf"
# xPU vendor
readonly VENDOR_INTEL="intel"
readonly VENDOR_NVIDIA="nvidia"
readonly KBUILD_SIGN_PIN=${KBUILD_SIGN_PIN:-""}
readonly KERNEL_DEBUG_ENABLED=${KERNEL_DEBUG_ENABLED:-"no"}
#Path to kernel directory
kernel_path=""
#Experimental kernel support. Pull from virtio-fs GitLab instead of kernel.org
build_type=""
#Force generate config when setup
force_setup_generate_config="false"
#GPU kernel support
gpu_vendor=""
#DPU kernel support
dpu_vendor=""
#Confidential guest type
conf_guest=""
#
patches_path=""
#
hypervisor_target=""
#
arch_target=""
#
kernel_config_path=""
#
skip_config_checks="false"
# destdir
DESTDIR="${DESTDIR:-/}"
#PREFIX=
PREFIX="${PREFIX:-/usr}"
#Kernel URL
kernel_url=""
#Linux headers for GPU guest fs module building
linux_headers=""
# Kernel Reference to download using git
kernel_ref=""
# Enable measurement of the guest rootfs at boot.
measured_rootfs="false"
CROSS_BUILD_ARG=""
packaging_scripts_dir="${script_dir}/../scripts"
# shellcheck source=tools/packaging/scripts/lib.sh
source "${packaging_scripts_dir}/lib.sh"
usage() {
exit_code="$1"
cat <<EOF
Overview:
Build a kernel for Kata Containers
Usage:
$script_name [options] <command> <argument>
Commands:
- setup
- build
- install
Options:
-a <arch> : Arch target to build the kernel, such as aarch64/ppc64le/riscv64/s390x/x86_64.
-b <type> : Enable optional config type.
-c <path> : Path to config file to build the kernel.
-D <vendor> : DPU/SmartNIC vendor, only nvidia.
-d : Enable bash debug.
-e : Enable experimental kernel.
-E : Enable arch-specific experimental kernel, arch info offered by "-a".
-f : Enable force generate config when setup, old kernel path and config will be removed.
-g <vendor> : GPU vendor, intel or nvidia.
-h : Display this help.
-H <deb|rpm> : Linux headers for guest fs module building.
-m : Enable measured rootfs.
-k <path> : Path to kernel to build.
-p <path> : Path to a directory with patches to apply to kernel.
-r <ref> : Enable git mode to download kernel using ref.
-s : Skip .config checks
-t <hypervisor> : Hypervisor_target.
-u <url> : Kernel URL to be used to download the kernel tarball.
-v <version> : Kernel version to use if kernel path not provided.
-x : All the confidential guest protection type for a specific architecture.
EOF
exit "$exit_code"
}
# Convert architecture to the name used by the Linux kernel build system
arch_to_kernel() {
local -r arch="$1"
case "$arch" in
aarch64) echo "arm64" ;;
ppc64le) echo "powerpc" ;;
riscv64) echo "riscv" ;;
s390x) echo "s390" ;;
x86_64) echo "$arch" ;;
*) die "unsupported architecture: $arch" ;;
esac
}
get_git_kernel() {
local kernel_path="${2:-}"
if [ ! -d "${kernel_path}" ] ; then
mkdir -p "${kernel_path}"
pushd "${kernel_path}"
local kernel_git_url="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"
if [ -n "${kernel_url}" ]; then
kernel_git_url="${kernel_url}"
fi
git init
git remote add origin "${kernel_git_url}"
popd
fi
pushd "${kernel_path}"
git fetch --depth 1 origin "${kernel_ref}"
git checkout "${kernel_ref}"
popd
}
get_kernel() {
local version="${1:-}"
local kernel_path=${2:-}
[ -n "${kernel_path}" ] || die "kernel_path not provided"
[ ! -d "${kernel_path}" ] || die "kernel_path already exist"
#Remove extra 'v'
version=${version#v}
local major_version=$(echo "${version}" | cut -d. -f1)
local rc=$(echo "${version}" | grep -oE "\-rc[0-9]+$")
local tar_suffix="tar.xz"
if [ -n "${rc}" ]; then
tar_suffix="tar.gz"
fi
kernel_tarball="linux-${version}.${tar_suffix}"
if [ -z "${rc}" ]; then
if [[ -f "${kernel_tarball}.sha256" ]] && (grep -qF "${kernel_tarball}" "${kernel_tarball}.sha256"); then
info "Restore valid ${kernel_tarball}.sha256 to sha256sums.asc"
cp -f "${kernel_tarball}.sha256" sha256sums.asc
else
shasum_url="https://cdn.kernel.org/pub/linux/kernel/v${major_version}.x/sha256sums.asc"
info "Download kernel checksum file: sha256sums.asc from ${shasum_url}"
curl --fail -OL "${shasum_url}"
if (grep -F "${kernel_tarball}" sha256sums.asc >"${kernel_tarball}.sha256"); then
info "sha256sums.asc is valid, ${kernel_tarball}.sha256 generated"
else
die "sha256sums.asc is invalid"
fi
fi
else
info "Release candidate kernels are not part of the official sha256sums.asc -- skipping sha256sum validation"
fi
if [ -f "${kernel_tarball}" ]; then
if [ -z "${rc}" ] && ! sha256sum -c "${kernel_tarball}.sha256"; then
info "invalid kernel tarball ${kernel_tarball} removing "
rm -f "${kernel_tarball}"
fi
fi
if [ ! -f "${kernel_tarball}" ]; then
kernel_tarball_url="https://www.kernel.org/pub/linux/kernel/v${major_version}.x/${kernel_tarball}"
if [ -n "${kernel_url}" ]; then
kernel_tarball_url="${kernel_url}${kernel_tarball}"
fi
info "Download kernel version ${version}"
info "Download kernel from: ${kernel_tarball_url}"
curl --fail -OL "${kernel_tarball_url}"
else
info "kernel tarball already downloaded"
fi
if [ -z "${rc}" ]; then
sha256sum -c "${kernel_tarball}.sha256"
fi
tar xf "${kernel_tarball}"
mv "linux-${version}" "${kernel_path}"
}
get_major_kernel_version() {
local version="${1}"
[ -n "${version}" ] || die "kernel version not provided"
major_version=$(echo "${version}" | cut -d. -f1)
minor_version=$(echo "${version}" | cut -d. -f2)
echo "${major_version}.${minor_version}"
}
# Make a kernel config file from generic and arch specific
# fragments
# - arg1 - path to arch specific fragments
# - arg2 - path to kernel sources
#
get_kernel_frag_path() {
local arch_path="$1"
local common_path="${arch_path}/../common"
local gpu_path="${arch_path}/../gpu"
local dpu_path="${arch_path}/../dpu"
local kernel_path="$2"
local arch="$3"
local cmdpath="${kernel_path}/scripts/kconfig/merge_config.sh"
local config_path="${arch_path}/.config"
local arch_configs="$(ls ${arch_path}/*.conf)"
# By default, exclude configs if they have !$arch tag in the header
local exclude_tags="-e "\!${arch}""
# Also, let confidential guest opt-out some insecure configs
if [[ "${conf_guest}" != "" ]];then
exclude_tags="${exclude_tags} -e "\!${conf_guest}""
fi
local common_configs="$(grep ${exclude_tags} ${common_path}/*.conf -L)"
local extra_configs=""
if [ "${build_type}" != "" ];then
local build_type_dir=$(readlink -m "${arch_path}/../build-type/${build_type}")
if [ ! -d "$build_type_dir" ]; then
die "No config fragments dir for ${build_type}: ${build_type_dir}"
fi
extra_configs=$(find "$build_type_dir" -name '*.conf')
if [ "${extra_configs}" == "" ];then
die "No extra configs found in ${build_type_dir}"
fi
fi
# These are the strings that the kernel merge_config.sh script kicks out
# when it reports an error or warning condition. We search for them in the
# output to try and fail when we think something has been misconfigured.
local not_in_string="not in final"
local redefined_string="redefined"
local redundant_string="redundant"
# Later, if we need to add kernel version specific subdirs in order to
# handle specific cases, then add the path definition and search/list/cat
# here.
local all_configs="${common_configs} ${arch_configs}"
if [[ ${build_type} != "" ]]; then
all_configs="${all_configs} ${extra_configs}"
fi
if [[ "${gpu_vendor}" != "" ]];then
info "Add kernel config for GPU due to '-g ${gpu_vendor}'"
local gpu_configs=$(mktemp).conf
local gpu_subst_configs="${gpu_path}/${gpu_vendor}.${arch_target}.conf.in"
export CONF_GUEST_SUFFIX=""
envsubst <${gpu_subst_configs} >${gpu_configs}
unset CONF_GUEST_SUFFIX
all_configs="${all_configs} ${gpu_configs}"
fi
if [[ "${dpu_vendor}" != "" ]]; then
info "Add kernel config for DPU/SmartNIC due to '-n ${dpu_vendor}'"
local dpu_configs="${dpu_path}/${dpu_vendor}.conf"
all_configs="${all_configs} ${dpu_configs}"
fi
if [[ "${measured_rootfs}" == "true" ]]; then
info "Enabling config for confidential guest trust storage protection"
local cryptsetup_configs
cryptsetup_configs="$(ls "${common_path}"/confidential_containers/cryptsetup.conf)"
all_configs="${all_configs} ${cryptsetup_configs}"
fi
if [[ "${conf_guest}" != "" ]];then
info "Enabling config for '${conf_guest}' confidential guest protection"
local conf_configs="$(ls ${arch_path}/${conf_guest}/*.conf)"
all_configs="${all_configs} ${conf_configs}"
local tmpfs_configs="$(ls ${common_path}/confidential_containers/tmpfs.conf)"
all_configs="${all_configs} ${tmpfs_configs}"
fi
if [[ "${KBUILD_SIGN_PIN}" != "" ]]; then
info "Enabling config for module signing"
local sign_configs
sign_configs="$(ls ${common_path}/signing/module_signing.conf)"
all_configs="${all_configs} ${sign_configs}"
fi
if [[ ${KERNEL_DEBUG_ENABLED} == "yes" ]]; then
info "Enable kernel debug"
local debug_path="${arch_path}/../debug"
local debug_configs="$(ls ${debug_path}/*.conf)"
all_configs="${all_configs} ${debug_configs}"
fi
if [[ "$force_setup_generate_config" == "true" ]]; then
info "Remove existing config ${config_path} due to '-f'"
[ -f "$config_path" ] && rm -f "${config_path}"
[ -f "$config_path".old ] && rm -f "${config_path}".old
fi
info "Constructing config from fragments: ${config_path}"
export KCONFIG_CONFIG=${config_path}
export ARCH=${arch_target}
cd ${kernel_path}
local results
results=$( ${cmdpath} -r -n ${all_configs} )
# Only consider results highlighting "not in final"
results=$(grep "${not_in_string}" <<< "$results")
# Do not care about options that are in whitelist
results=$(grep -v -f ${default_config_whitelist} <<< "$results")
local version_config_whitelist="${default_config_whitelist%.*}-${kernel_version}.conf"
if [ -f ${version_config_whitelist} ]; then
results=$(grep -v -f ${version_config_whitelist} <<< "$results")
fi
[[ "${skip_config_checks}" == "true" ]] && echo "${config_path}" && return
# Did we request any entries that did not make it?
local missing=$(echo $results | grep -v -q "${not_in_string}"; echo $?)
if [ ${missing} -ne 0 ]; then
info "Some CONFIG elements failed to make the final .config:"
info "${results}"
info "Generated config file can be found in ${config_path}"
die "Failed to construct requested .config file"
fi
# Did we define something as two different values?
local redefined=$(echo ${results} | grep -v -q "${redefined_string}"; echo $?)
if [ ${redefined} -ne 0 ]; then
info "Some CONFIG elements are redefined in fragments:"
info "${results}"
info "Generated config file can be found in ${config_path}"
die "Failed to construct requested .config file"
fi
# Did we define something twice? Nominally this may not be an error, and it
# might be convenient to allow it, but for now, let's pick up on them.
local redundant=$(echo ${results} | grep -v -q "${redundant_string}"; echo $?)
if [ ${redundant} -ne 0 ]; then
info "Some CONFIG elements are redundant in fragments:"
info "${results}"
info "Generated config file can be found in ${config_path}"
die "Failed to construct requested .config file"
fi
echo "${config_path}"
}
# Locate and return the path to the relevant kernel config file
# - arg1: kernel version
# - arg2: hypervisor target
# - arg3: arch target
# - arg4: kernel source path
get_default_kernel_config() {
local version="${1}"
local hypervisor="$2"
local kernel_arch="$3"
local kernel_path="$4"
[ -n "${version}" ] || die "kernel version not provided"
[ -n "${hypervisor}" ] || die "hypervisor not provided"
[ -n "${kernel_arch}" ] || die "kernel arch not provided"
archfragdir="${default_config_frags_dir}/${kernel_arch}"
if [ -d "${archfragdir}" ]; then
config="$(get_kernel_frag_path ${archfragdir} ${kernel_path} ${kernel_arch})"
else
[ "${hypervisor}" == "firecracker" ] && hypervisor="kvm"
config="${default_kernel_config_dir}/${kernel_arch}_kata_${hypervisor}_${major_kernel}.x"
fi
[ -f "${config}" ] || die "failed to find default config ${config}"
echo "${config}"
}
get_config_and_patches() {
if [ -z "${patches_path}" ]; then
patches_path="${default_patches_dir}"
fi
}
get_config_version() {
get_config_and_patches
config_version_file="${default_patches_dir}/../kata_config_version"
if [ -f "${config_version_file}" ]; then
cat "${config_version_file}"
else
die "failed to find ${config_version_file}"
fi
}
setup_kernel() {
local kernel_path=${1:-}
[ -n "${kernel_path}" ] || die "kernel_path not provided"
if [[ "$force_setup_generate_config" == "true" ]] && [[ -d "$kernel_path" ]];then
info "Remove existing directory ${kernel_path} due to '-f'"
rm -rf "${kernel_path}"
fi
if [ -d "$kernel_path" ]; then
info "${kernel_path} already exist"
if [[ "${force_setup_generate_config}" != "true" ]];then
return
else
info "Force generate config due to '-f'"
fi
else
info "kernel path does not exist, will download kernel"
download_kernel="true"
[ -n "$kernel_version" ] || die "failed to get kernel version: Kernel version is emtpy"
if [[ ${download_kernel} == "true" ]]; then
if [ -z "${kernel_ref}" ]; then
get_kernel "${kernel_version}" "${kernel_path}"
else
get_git_kernel "${kernel_version}" "${kernel_path}"
fi
fi
[ -n "$kernel_path" ] || die "failed to find kernel source path"
fi
get_config_and_patches
[ -d "${patches_path}" ] || die " patches path '${patches_path}' does not exist"
local major_kernel
major_kernel=$(get_major_kernel_version "${kernel_version}")
local patches_dir_for_version="${patches_path}/${major_kernel}.x"
local build_type_patches_dir="${patches_path}/${major_kernel}.x/${build_type}"
[ -n "${arch_target}" ] || arch_target="$(uname -m)"
arch_target=$(arch_to_kernel "${arch_target}")
(
cd "${kernel_path}" || exit 1
# Apply version specific patches
${packaging_scripts_dir}/apply_patches.sh "${patches_dir_for_version}"
# Apply version specific patches for build_type build
if [ "${build_type}" != "" ] ;then
info "Apply build_type patches from ${build_type_patches_dir}"
${packaging_scripts_dir}/apply_patches.sh "${build_type_patches_dir}"
fi
[ -n "${hypervisor_target}" ] || hypervisor_target="kvm"
[ -n "${kernel_config_path}" ] || kernel_config_path=$(get_default_kernel_config "${kernel_version}" "${hypervisor_target}" "${arch_target}" "${kernel_path}")
info "Copying config file from: ${kernel_config_path}"
cp "${kernel_config_path}" ./.config
ARCH=${arch_target} make oldconfig ${CROSS_BUILD_ARG}
)
info "Fetching NVIDIA driver source code"
if [[ "${gpu_vendor}" == "${VENDOR_NVIDIA}" ]]; then
driver_version=$(get_from_kata_deps .externals.nvidia.driver.version)
driver_url=$(get_from_kata_deps .externals.nvidia.driver.url)
driver_src="open-gpu-kernel-modules-${driver_version}"
info "Downloading NVIDIA driver source code from: ${driver_url}${driver_version}.tar.gz"
[[ -d "${driver_src}" ]] && rm -rf "${driver_src}"
curl -L -o "${driver_version}.tar.gz" "${driver_url}${driver_version}.tar.gz"
tar -xvf "${driver_version}.tar.gz" --transform "s|open-gpu-kernel-modules-${driver_version}|open-gpu-kernel-modules|"
fi
}
build_kernel() {
local kernel_path=${1:-}
[ -n "${kernel_path}" ] || die "kernel_path not provided"
[ -d "${kernel_path}" ] || die "path to kernel does not exist, use ${script_name} setup"
[ -n "${arch_target}" ] || arch_target="$(uname -m)"
arch_target=$(arch_to_kernel "${arch_target}")
pushd "${kernel_path}" >>/dev/null
make -j $(nproc) ARCH="${arch_target}" ${CROSS_BUILD_ARG}
if [ "${conf_guest}" == "confidential" ]; then
make -j $(nproc) INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH=${kernel_path} modules_install
fi
[ "$arch_target" != "powerpc" ] && ([ -e "arch/${arch_target}/boot/bzImage" ] || [ -e "arch/${arch_target}/boot/Image.gz" ])
[ -e "vmlinux" ]
([ "${hypervisor_target}" == "firecracker" ] || [ "${hypervisor_target}" == "cloud-hypervisor" ]) && [ "${arch_target}" == "arm64" ] && [ -e "arch/${arch_target}/boot/Image" ]
popd >>/dev/null
if [[ "${gpu_vendor}" == "${VENDOR_NVIDIA}" ]]; then
# We need in-tree modules as well as out-of-tree ones for NVIDIA GPU
make -C "${kernel_path}" -j "$(nproc)" INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH="${kernel_path}" modules_install
pushd open-gpu-kernel-modules
make -j "$(nproc)" CC=gcc SYSSRC="${kernel_path}" > /dev/null
make INSTALL_MOD_STRIP=1 INSTALL_MOD_PATH="${kernel_path}" -j "$(nproc)" CC=gcc SYSSRC="${kernel_path}" modules_install
make -j "$(nproc)" CC=gcc SYSSRC="${kernel_path}" clean > /dev/null
fi
}
build_kernel_headers() {
local kernel_path=${1:-}
[ -n "${kernel_path}" ] || die "kernel_path not provided"
[ -d "${kernel_path}" ] || die "path to kernel does not exist, use ${script_name} setup"
[ -n "${arch_target}" ] || arch_target="$(uname -m)"
arch_target=$(arch_to_kernel "${arch_target}")
pushd "${kernel_path}" >>/dev/null
if [ "$linux_headers" == "deb" ]; then
export KBUILD_BUILD_USER="${USER}"
make -j $(nproc) bindeb-pkg ARCH="${arch_target}"
fi
if [ "$linux_headers" == "rpm" ]; then
make -j $(nproc) rpm-pkg ARCH="${arch_target}"
fi
# If we encrypt the key earlier it will break the kernel_headers build.
# At this stage the kernel has created the certs/signing_key.pem
# encrypt it for later usage in another job or out-of-tree build
# only encrypt if we have KBUILD_SIGN_PIN set
local key="certs/signing_key.pem"
if [ -n "${KBUILD_SIGN_PIN}" ]; then
[ -e "${key}" ] || die "${key} missing but KBUILD_SIGN_PIN is set"
openssl rsa -aes256 -in ${key} -out ${key} -passout env:KBUILD_SIGN_PIN
fi
popd >>/dev/null
}
install_kata() {
local kernel_path=${1:-}
[ -n "${kernel_path}" ] || die "kernel_path not provided"
[ -d "${kernel_path}" ] || die "path to kernel does not exist, use ${script_name} setup"
[ -n "${arch_target}" ] || arch_target="$(uname -m)"
arch_target=$(arch_to_kernel "${arch_target}")
pushd "${kernel_path}" >>/dev/null
config_version=$(get_config_version)
[ -n "${config_version}" ] || die "failed to get config version"
install_path=$(readlink -m "${DESTDIR}/${PREFIX}/share/${project_name}")
suffix=""
if [[ ${build_type} != "" ]]; then
suffix="-${build_type}"
fi
if [[ ${gpu_vendor} != "" ]]; then
suffix="-${gpu_vendor}-gpu${suffix}"
elif [[ ${conf_guest} != "" ]]; then
# CCA on aarch64 uses -confidential suffix; x86_64/s390x unified kernel does not
if [[ "${arch_target}" == "aarch64" ]]; then
suffix="-${conf_guest}${suffix}"
fi
fi
if [[ ${KERNEL_DEBUG_ENABLED} == "yes" ]]; then
suffix="-debug${suffix}"
fi
vmlinuz="vmlinuz-${kernel_version}-${config_version}${suffix}"
vmlinux="vmlinux-${kernel_version}-${config_version}${suffix}"
if [ -e "arch/${arch_target}/boot/bzImage" ]; then
bzImage="arch/${arch_target}/boot/bzImage"
elif [ -e "arch/${arch_target}/boot/Image.gz" ]; then
bzImage="arch/${arch_target}/boot/Image.gz"
elif [ "${arch_target}" != "powerpc" ]; then
die "failed to find image"
fi
# Install compressed kernel
if [ "${arch_target}" = "powerpc" ]; then
install --mode 0644 -D "vmlinux" "${install_path}/${vmlinuz}"
else
install --mode 0644 -D "${bzImage}" "${install_path}/${vmlinuz}"
fi
# Install uncompressed kernel
if [ "${arch_target}" = "arm64" ] || [ "${arch_target}" = "riscv" ]; then
install --mode 0644 -D "arch/${arch_target}/boot/Image" "${install_path}/${vmlinux}"
elif [ "${arch_target}" = "s390" ]; then
install --mode 0644 -D "arch/${arch_target}/boot/vmlinux" "${install_path}/${vmlinux}"
else
install --mode 0644 -D "vmlinux" "${install_path}/${vmlinux}"
fi
install --mode 0644 -D ./.config "${install_path}/config-${kernel_version}-${config_version}${suffix}"
install --mode 0644 -D ./System.map "${install_path}/System.map-${kernel_version}-${config_version}${suffix}"
ln -sf "${vmlinuz}" "${install_path}/vmlinuz${suffix}.container"
ln -sf "${vmlinux}" "${install_path}/vmlinux${suffix}.container"
ls -la "${install_path}/vmlinux${suffix}.container"
ls -la "${install_path}/vmlinuz${suffix}.container"
popd >>/dev/null
}
main() {
while getopts "a:b:c:dD:eEfg:hH:k:mp:r:st:u:v:x" opt; do
case "$opt" in
a)
arch_target="${OPTARG}"
;;
b)
build_type="${OPTARG}"
;;
c)
kernel_config_path="${OPTARG}"
;;
d)
PS4=' Line ${LINENO}: '
set -x
;;
D)
dpu_vendor="${OPTARG}"
[[ "${dpu_vendor}" == "${VENDOR_NVIDIA}" ]] || die "DPU vendor only support nvidia"
;;
e)
build_type="experimental"
;;
E)
build_type="arch-experimental"
;;
f)
force_setup_generate_config="true"
;;
g)
gpu_vendor="${OPTARG}"
[[ "${gpu_vendor}" == "${VENDOR_INTEL}" || "${gpu_vendor}" == "${VENDOR_NVIDIA}" ]] || die "GPU vendor only support intel and nvidia"
;;
h)
usage 0
;;
H)
linux_headers="${OPTARG}"
;;
m)
measured_rootfs="true"
;;
k)
kernel_path="$(realpath ${OPTARG})"
;;
p)
patches_path="${OPTARG}"
;;
r)
kernel_ref="${OPTARG}"
;;
s)
skip_config_checks="true"
;;
t)
hypervisor_target="${OPTARG}"
;;
u)
kernel_url="${OPTARG}"
;;
v)
kernel_version="${OPTARG}"
;;
x)
conf_guest="confidential"
;;
*)
echo "ERROR: invalid argument '$opt'"
exit 1
;;
esac
done
shift $((OPTIND - 1))
subcmd="${1:-}"
[ -z "${subcmd}" ] && usage 1
if [[ ${build_type} == "experimental" ]] && [[ ${hypervisor_target} == "dragonball" ]]; then
build_type="dragonball-experimental"
if [ -n "$kernel_version" ]; then
kernel_major_version=$(get_major_kernel_version "${kernel_version}")
if [[ ${kernel_major_version} != "5.10" ]]; then
info "dragonball-experimental kernel patches are only tested on 5.10.x kernel now, other kernel version may cause confliction"
fi
fi
fi
# If not kernel version take it from versions.yaml
if [ -z "$kernel_version" ]; then
if [[ ${build_type} == "experimental" ]]; then
kernel_version=$(get_from_kata_deps ".assets.kernel-experimental.tag")
elif [[ ${build_type} == "arch-experimental" ]]; then
case "${arch_target}" in
"aarch64")
build_type="arm-experimental"
kernel_version=$(get_from_kata_deps ".assets.kernel-arm-experimental.version")
;;
*)
info "No arch-specific experimental kernel supported, using experimental one instead"
kernel_version=$(get_from_kata_deps ".assets.kernel-experimental.tag")
;;
esac
elif [[ ${build_type} == "dragonball-experimental" ]]; then
kernel_version=$(get_from_kata_deps ".assets.kernel-dragonball-experimental.version")
elif [[ "${conf_guest}" != "" ]]; then
#If specifying a tag for kernel_version, must be formatted version-like to avoid unintended parsing issues
kernel_version=$(get_from_kata_deps ".assets.kernel.${conf_guest}.version" 2>/dev/null || true)
[ -n "${kernel_version}" ] || kernel_version=$(get_from_kata_deps ".assets.kernel.${conf_guest}.tag")
else
kernel_version=$(get_from_kata_deps ".assets.kernel.version")
fi
fi
#Remove extra 'v'
kernel_version="${kernel_version#v}"
if [ -z "${kernel_path}" ]; then
config_version=$(get_config_version)
if [[ ${build_type} != "" ]]; then
kernel_path="${PWD}/kata-linux-${build_type}-${kernel_version}-${config_version}"
else
kernel_path="${PWD}/kata-linux-${kernel_version}-${config_version}"
fi
info "Config version: ${config_version}"
fi
info "Kernel version: ${kernel_version}"
[ "${arch_target}" != "" -a "${arch_target}" != $(uname -m) ] && CROSS_BUILD_ARG="CROSS_COMPILE=${arch_target}-linux-gnu-"
case "${subcmd}" in
build)
build_kernel "${kernel_path}"
;;
build-headers)
build_kernel_headers "${kernel_path}"
;;
install)
install_kata "${kernel_path}"
;;
setup)
setup_kernel "${kernel_path}"
[ -d "${kernel_path}" ] || die "${kernel_path} does not exist"
echo "Kernel source ready: ${kernel_path} "
;;
*)
usage 1
;;
esac
}
main "$@"
Reference in New Issue View Git Blame Copy Permalink