Merge pull request #3993 from deitch/kernel-build-with-linuxkit

switch kernel builds to linuxkit pkg build for simplicity

docs/kernels.md

@@ -333,7 +333,7 @@ Finally, test that you can build the kernel with that config as `make build-<ver
 If you want to add a new kernel version within an existing series, e.g. `5.15.27` already exists
 and you want to add (or replace it with) `5.15.148`, apply the following process.
 
-1. Modify the list of kernels inside the `Makefile` to include the new version, and, optionally, remove the old one.
+1. Modify the list of kernels inside the `Makefile` to include the new version, and, optionally, remove the old one, or move it to deprecated.
 1. Create a new `linuxkit/kconfig` container image: `make kconfig`. This is not pushed out.
 1. Run a container based on `linuxkit/kconfig`.
 ```sh
@@ -344,6 +344,7 @@ docker run --rm -ti -v $(pwd):/src linuxkit/kconfig
 1. If the config file has changed, copy it out of the container and check it in, e.g. `cp .config /src/5.15.x/config-x86_64`.
 1. Repeat for other architectures.
 1. Commit the changed config files.
+1. Modify the `KERNEL_VERSION` in the `build-args` file in the series directory to the new version. E.g. `5.15.x/build-args`.
 1. Test that you can build the kernel with that config as `make build-<version>`, e.g. `make build-5.15.148`.
 
 ## Adding a new kernel series
@@ -353,6 +354,12 @@ To add a new kernel series, you need to:
 1. Create new directory for the series, e.g. `6.7.x`
 1. Create config files for each architecture in that directory
 1. Optionally, create a `patches/` subdirectory in that directory with any patches to add
+1. Create a `build-args` file in that directory with at least the following settings:
+```bash
+KERNEL_VERSION=<version>
+KERNEL_SERIES=<series>
+BUILD_IMAGE=linuxkit/alpine:<builder>
+```
 1. Update the list of kernels to build in the `Makefile`
 
 Since the last major series likely is the best basis for the new one, subject to additional modifications, you can use

kernel/6.6.x/build-args

@@ -0,0 +1,3 @@
+KERNEL_VERSION=6.6.13
+KERNEL_SERIES=6.6.x
+BUILD_IMAGE=linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e

kernel/Dockerfile

@@ -11,6 +11,7 @@ RUN apk add \
     build-base \
     curl \
     diffutils \
+    findutils \
     flex \
     git \
     gmp-dev \
@@ -54,7 +55,7 @@ RUN KERNEL_MAJOR=$(echo ${KERNEL_VERSION} | cut -d . -f 1) && \
     KERNEL_SHA256_SUMS=https://www.kernel.org/pub/linux/kernel/${KERNEL_MAJOR}/sha256sums.asc && \
     KERNEL_PGP2_SIGN=https://www.kernel.org/pub/linux/kernel/${KERNEL_MAJOR}/linux-${KERNEL_VERSION}.tar.sign && \
     curl -fsSLO ${KERNEL_SHA256_SUMS} && \
-    gpg2 -q --import keys.asc && \
+    gpg2 -q --import /src/keys.asc && \
     gpg2 --verify sha256sums.asc && \
     KERNEL_SHA256=$(grep linux-${KERNEL_VERSION}.tar.xz sha256sums.asc | cut -d ' ' -f 1) && \
     [ -f linux-${KERNEL_VERSION}.tar.xz ] || curl -fsSLO ${KERNEL_SOURCE} && \
@@ -177,8 +178,10 @@ RUN DVER=$(basename $(find /tmp/kernel-modules/lib/modules/ -mindepth 1 -maxdept
 
 RUN printf "${BUILD_IMAGE}" > /out/kernel-builder
 
+ARG BUILD_IMAGE
 FROM scratch
 ENTRYPOINT []
 CMD []
 WORKDIR /
+LABEL org.mobyproject.linuxkit.kernel.buildimage=${BUILD_IMAGE}
 COPY --from=kernel-build /out/* /

kernel/Dockerfile.bcc

@@ -1,7 +1,6 @@
-ARG IMAGE
 ARG BUILD_IMAGE
 
-FROM ${IMAGE} as ksrc
+FROM ${KERNEL_VERSION}-${HASH} as ksrc
 
 FROM ${BUILD_IMAGE} AS build
 RUN apk update && apk upgrade -a && \

kernel/Dockerfile.perf

@@ -1,9 +1,8 @@
 # This Dockerfile extracts the source code and headers from a kernel package,
 # builds the perf utility, and places it into a scratch image
-ARG IMAGE
 ARG BUILD_IMAGE
 
-FROM ${IMAGE} AS ksrc
+FROM ${KERNEL_VERSION}-${HASH} AS ksrc
 
 FROM ${BUILD_IMAGE} AS build
 RUN apk add \

kernel/Makefile

@@ -15,10 +15,7 @@
 RM = rm -f
 # Name and Org on Hub
 ORG?=linuxkit
-PLATFORMS?=linux/amd64,linux/arm64
 IMAGE?=kernel
-IMAGE_BCC:=kernel-bcc
-IMAGE_PERF:=kernel-perf
 IMAGE_BUILDER=linuxkit/alpine:146f540f25cd92ec8ff0c5b0c98342a9a95e479e
 
 # You can specify an extra options for the Makefile. This will:
@@ -42,7 +39,7 @@ PUSH_MANIFEST:=$(shell git rev-parse --show-toplevel)/scripts/push-manifest.sh
 
 # determine our architecture
 BUILDERARCH=
-ARCH := $(shell uname -m)
+ifneq ($(ARCH),)
 ifeq ($(ARCH),$(filter $(ARCH),x86_64 amd64))
 SUFFIX=-amd64
 override ARCH=x86_64
@@ -53,22 +50,14 @@ SUFFIX=-arm64
 override ARCH=aarch64
 BUILDERARCH=arm64
 endif
+endif
+
+ifneq ($(BUILDERARCH),)
+PLATFORMS=--platforms linux/$(BUILDERARCH)
+endif
 
 HASHTAG=$(HASH)$(DIRTY)
 
-BUILD_LABEL=--label org.mobyproject.linuxkit.kernel.buildimage=$(IMAGE_BUILDER)
-
-REPO?=https://github.com/linuxkit/linuxkit
-ifneq ($(REPO),)
-REPO_LABEL=--label org.opencontainers.image.source=$(REPO)
-endif
-ifeq ($(DIRTY),)
-REPO_COMMIT=$(shell git rev-parse HEAD)
-COMMIT_LABEL=--label org.opencontainers.image.revision=$(REPO_COMMIT)
-endif
-
-LABELS=$(REPO_LABEL) $(COMMIT_LABEL) $(BUILD_LABEL)
-
 .PHONY: notdirty
 notdirty:
 	@if [ x"$(DIRTY)" !=  x ]; then echo "Your repository is not clean. Will not push image"; exit 1; fi
@@ -82,15 +71,9 @@ series = $(word 1,$(subst ., ,$(1))).$(word 2,$(subst ., ,$(1))).x
 RELEASESEP := PART
 toolname = $(word 2, $(subst $(RELEASESEP), ,$(1)))
 toolkernel = $(word 1, $(subst $(RELEASESEP), ,$(1)))
-toolimageextension = -$(call toolname,$(1)):$(call toolkernel,$(1))$(EXTRA)$(DEBUG)
-toolimagebase = $(ORG)/$(IMAGE)$(call toolimageextension,$(1))
-toolimagehash = $(call toolimagebase,$(1))-$(HASHTAG)$(SUFFIX)
-toolimagenohash = $(call toolimagebase,$(1))$(SUFFIX)
-toolkernelimage = $(ORG)/$(IMAGE):$(call toolkernel,$(1))$(EXTRA)$(DEBUG)-$(HASHTAG)$(SUFFIX)
 baseimageextension = :$(1)$(EXTRA)$(DEBUG)
 baseimage = $(ORG)/$(IMAGE)$(call baseimageextension,$(1))
 uniq = $(if $1,$(firstword $1) $(call uniq,$(filter-out $(firstword $1),$1)))
-cross_product = $(foreach p,$(1),$(addprefix $(p),$(2)))
 
 
 #
@@ -124,7 +107,7 @@ list:
 	@echo "Tools: $(TOOLS)"
 
 setforce:
-	$(eval FORCE=1)
+	$(eval FORCE=--force)
 build: $(addprefix build-,$(KERNELS))
 push: $(addprefix push-,$(KERNELS))
 show-tags: $(addprefix show-tag-,$(KERNELS))
@@ -135,46 +118,13 @@ buildkernel-%: buildkerneldeps-% buildplainkernel-% builddebugkernel-%;
 
 buildkerneldeps-%: Dockerfile Makefile $(wildcard patches-$(call series,$*)/*) $(wildcard config-$(call series,$*)*) ;
 
-BUILDER?=
+buildplainkernel-%: buildkerneldeps-%
-BUILDER_TEMPLATE = linuxkit-linux-{{.Arch}}-builder
+	$(eval KERNEL_SERIES=$(call series,$*))
-BULDER_ARG =
+	linuxkit pkg build . $(FORCE) $(PLATFORMS) --build-yml ./build-kernel.yml --tag "$*-{{.Hash}}" --build-arg-file $(KERNEL_SERIES)/build-args 
-
-
-# Phony target for conditional logic
-.PHONY: getbuilder
-# determine the builder
-# if it was set by user, just add `--builder <builder>`.
-# If not, see if our default builder pattern is available, and use that, else
-# fall back to usual docker.
-getbuilder:
-ifeq ($(BUILDER),)
-	$(eval BUILDERNAME=$(subst {{.Arch}},$(BUILDERARCH),$(BUILDER_TEMPLATE)))
-	$(eval BUILDER_FOUND=$(shell docker builder inspect $(BUILDERNAME) 2>/dev/null || true))
-	$(eval BUILDER_ARG=$(if $(BUILDER_FOUND),--builder $(BUILDERNAME),))
-else
-	$(eval BUILDERNAME=$(subst {{.Arch}},$(BUILDERARCH),$(BUILDER)))
-	$(eval BUILDER_ARG=--builder $(BUILDERNAME))
-endif
-
-buildplainkernel-%: buildkerneldeps-% getbuilder
-	$(eval BASEIMAGE=$(call baseimage,$*))
-	$(eval TARGETIMAGE=$(BASEIMAGE)-$(HASHTAG)$(SUFFIX))
-	$(eval EXTRATOOL=$(addprefix -,$(word 2,$(subst -, ,$*))))
-	([ -z "$(FORCE)" ] && docker manifest inspect $(TARGETIMAGE) >/dev/null 2>&1) || \
-		docker build \
-			$(BUILDER_ARG) \
-			--platform linux/$(BUILDERARCH) \
-			--build-arg KERNEL_VERSION=$* \
-			--build-arg KERNEL_SERIES=$(call series,$*) \
-			--build-arg EXTRA=$(EXTRATOOL) \
-			--build-arg DEBUG=$(DEBUG) \
-			--build-arg BUILD_IMAGE=$(IMAGE_BUILDER) \
-			$(LABELS) \
-			--load \
-			--no-cache -t $(TARGETIMAGE) .
 
 builddebugkernel-%: buildkerneldeps-%
-	$(MAKE) buildplainkernel-$* DEBUG=-dbg
+	$(eval KERNEL_SERIES=$(call series,$*))
+	linuxkit pkg build . $(FORCE) $(PLATFORMS) --build-yml ./build-kernel.yml --tag "$*-dbg-{{.Hash}}" --build-arg-file $(KERNEL_SERIES)/build-args --build-arg-file build-args-debug
 
 push-%: notdirty build-% pushkernel-% tagbuilder-% pushtools-%;
 
@@ -184,43 +134,41 @@ tagbuilder-%: notdirty
 	docker push $(BUILDER_IMAGE)$(SUFFIX) && \
 	$(PUSH_MANIFEST) $(BUILDER_IMAGE)
 
-pushtagpush-%:
+pushkernel-%: pushplainkernel-% pushdebugkernel-%;
-	$(eval BASEIMAGE=$(ORG)/$(IMAGE)$*)
-	$(eval HASHIMAGE=$(BASEIMAGE)-$(HASHTAG))
-	$(eval SUFFIXEDIMAGE=$(BASEIMAGE)$(SUFFIX))
-	$(eval HASHANDSUFFIXIMAGE=$(HASHIMAGE)$(SUFFIX))
-	([ -z "$(FORCE)" ] && docker manifest inspect $(HASHANDSUFFIXIMAGE) >/dev/null 2>&1) || \
-		(docker push $(HASHANDSUFFIXIMAGE) && \
-		 docker tag $(HASHANDSUFFIXIMAGE) $(SUFFIXEDIMAGE) && \
-		 docker push $(SUFFIXEDIMAGE) && \
-		 $(PUSH_MANIFEST) $(HASHIMAGE) && \
-		 $(PUSH_MANIFEST) $(BASEIMAGE))
 
-pushkernel-%:
+pushplainkernel-%: buildplainkernel-%
-	$(MAKE) pushtagpush-$(call baseimageextension,$*)
+	$(eval HASHED_IMAGE=$(shell linuxkit pkg show-tag . --build-yml ./build-kernel.yml --tag "$*-{{.Hash}}"))
+	$(eval PLAIN_IMAGE=$(shell linuxkit pkg show-tag . --build-yml ./build-kernel.yml --tag "$*"))
+	linuxkit cache push $(HASHED_IMAGE)
+	linuxkit cache push $(HASHED_IMAGE) --remote-name $(PLAIN_IMAGE)
+
+pushdebugkernel-%: builddebugkernel-%
+	$(eval HASHED_IMAGE=$(shell linuxkit pkg show-tag . --build-yml ./build-kernel.yml --tag "$*-dbg-{{.Hash}}"))
+	$(eval PLAIN_IMAGE=$(shell linuxkit pkg show-tag . --build-yml ./build-kernel.yml --tag "$*-dbg"))
+	linuxkit cache push $(HASHED_IMAGE)
+	linuxkit cache push $(HASHED_IMAGE) --remote-name $(PLAIN_IMAGE)
 
 show-tag-%:
 	@echo 	$(eval BASEIMAGE=$(call baseimage,$*))-$(HASHTAG)
 
 buildtools-%: $(addprefix buildtool-%$(RELEASESEP),$(TOOLS));
 
-buildtool-%: getbuilder
+buildtool-%:
-	$(eval TARGETIMAGE=$(call toolimagehash,$*))
-	$(eval KERNELIMAGE=$(call toolkernelimage,$*))
 	$(eval TOOL=$(call toolname,$*))
-	([ -z "$(FORCE)" ] && docker manifest inspect $(TARGETIMAGE) >/dev/null 2>&1) || \
+	$(eval KERNEL_VERSION=$(call toolkernel,$*))
-		 docker build -f Dockerfile.$(TOOL) \
+	$(eval KERNEL_SERIES=$(call series,$(KERNEL_VERSION)))
-			$(BUILDER_ARG) \
+	linuxkit pkg build . $(FORCE) $(PLATFORMS) --build-yml ./build-$(TOOL).yml --tag "$(KERNEL_VERSION)-{{.Hash}}" --build-arg-file $(KERNEL_SERIES)/build-args
-			--platform linux/$(BUILDERARCH) \
-			--build-arg IMAGE=$(KERNELIMAGE) \
-			--build-arg BUILD_IMAGE=$(IMAGE_BUILDER) \
-			--load \
-			--no-cache $(LABEL) -t $(TARGETIMAGE) .
 
 pushtools-%: $(addprefix pushtool-%$(RELEASESEP),$(TOOLS));
 
-pushtool-%:
+pushtool-%: buildtool-%
-	$(MAKE) pushtagpush-$(call toolimageextension,$*)
+	$(eval TOOL=$(call toolname,$*))
+	$(eval KERNEL_VERSION=$(call toolkernel,$*))
+	$(eval KERNEL_SERIES=$(call series,$(KERNEL_VERSION)))
+	$(eval HASHED_IMAGE=$(shell linuxkit pkg show-tag . --build-yml ./build-$(TOOL).yml --tag "$(KERNEL_VERSION)-{{.Hash}}"))
+	$(eval PLAIN_IMAGE=$(shell linuxkit pkg show-tag . --build-yml ./build-$(TOOL).yml --tag "$(KERNEL_VERSION)"))
+	linuxkit cache push $(HASHED_IMAGE)
+	linuxkit cache push $(HASHED_IMAGE) --remote-name $(PLAIN_IMAGE)
 
 # Target for kernel config
 kconfig:

kernel/build-args-debug

@@ -0,0 +1 @@
+DEBUG=-dbg

kernel/build-bcc.yml

@@ -0,0 +1,2 @@
+image: kernel-bcc
+network: true

kernel/build-kernel.yml

@@ -0,0 +1,2 @@
+image: kernel
+network: true

kernel/build-perf.yml

@@ -0,0 +1,2 @@
+image: kernel-perf
+network: true