diff --git a/docs/kernels.md b/docs/kernels.md index e58675076..796389c1c 100644 --- a/docs/kernels.md +++ b/docs/kernels.md @@ -16,7 +16,7 @@ image is tagged with the full kernel version (e.g., hash of the files it was created from (git tree hash of the `./kernel` directory). For selected kernels (mostly the LTS kernels and latest stable kernels) we also compile/push kernels with additional debugging -enabled. The hub images for these kernels have the `_dbg` suffix in +enabled. The hub images for these kernels have the `-dbg` suffix in the tag. For some kernels, we also provide matching packages containing the `perf` utility for debugging and performance tracing. The perf package is called `kernel-perf` and is tagged the same way as @@ -140,16 +140,27 @@ kernel: If you have committed your local changes, the `-dirty` will not be appended. Then you can also override the Hub organisation to use the -image elsewhere with: +image elsewhere with (and also disable image signing): ```sh -make ORG= +make ORG= NOTRUST=1 ``` The image will be uploaded to Hub and can be use in a YAML file as `/kernel:4.9.33` or as `/kernel:4.9.33-`. +The kernel build system has some provision to allow local +customisation to the build. + +If you want to override/add some kernel config options, you can add a +file called `kernel_config-foo` and then invoke the build with `make +EXTRA=-foo build_4.9.x-foo` and this will build an image with the +additional kernel config options enabled. + +If you want additional patches being applied, just copy them to the +`patches-4.X.x` and the build process will pick them up. + ## Working with Linux kernel patches for LinuxKit diff --git a/kernel/Dockerfile b/kernel/Dockerfile index 2775e6520..a4ecc1d32 100644 --- a/kernel/Dockerfile +++ b/kernel/Dockerfile @@ -24,15 +24,14 @@ RUN apk add \ tar \ xz \ xz-dev \ - zlib-dev && \ + zlib-dev + # libunwind-dev pkg is missed from arm64 now, below statement will be removed if the pkg is available. - if [ $(uname -m) == x86_64 ]; then \ - apk add libunwind-dev; \ - fi +RUN [ $(uname -m) == x86_64 ] && apk add libunwind-dev || true ARG KERNEL_VERSION ARG KERNEL_SERIES -ARG DEBUG +ARG EXTRA ENV KERNEL_SOURCE=https://www.kernel.org/pub/linux/kernel/v4.x/linux-${KERNEL_VERSION}.tar.xz ENV KERNEL_SHA256_SUMS=https://www.kernel.org/pub/linux/kernel/v4.x/sha256sums.asc @@ -67,8 +66,7 @@ RUN set -e && for patch in /patches/*.patch; do \ done # Kernel config -COPY kernel_config-${KERNEL_SERIES}* /linux/ -COPY kernel_config.debug /linux/debug_config +COPY kernel_config* /linux/ RUN case $(uname -m) in \ x86_64) \ @@ -79,14 +77,17 @@ RUN case $(uname -m) in \ ;; \ esac && \ cp /linux/kernel_config-${KERNEL_SERIES}-$(uname -m) ${KERNEL_DEF_CONF}; \ - if [ -n "${DEBUG}" ]; then \ - sed -i 's/CONFIG_PANIC_ON_OOPS=y/# CONFIG_PANIC_ON_OOPS is not set/' ${KERNEL_DEF_CONF}; \ - cat /linux/debug_config >> ${KERNEL_DEF_CONF}; \ + if [ -n "${EXTRA}" ]; then \ + sed -i "s/CONFIG_LOCALVERSION=\"-linuxkit\"/CONFIG_LOCALVERSION=\"-linuxkit${EXTRA}\"/" ${KERNEL_DEF_CONF}; \ + if [ "${EXTRA}" = "-dbg" ]; then \ + sed -i 's/CONFIG_PANIC_ON_OOPS=y/# CONFIG_PANIC_ON_OOPS is not set/' ${KERNEL_DEF_CONF}; \ + fi && \ + cat /linux/kernel_config${EXTRA} >> ${KERNEL_DEF_CONF}; \ fi && \ - rm /linux/kernel_config-${KERNEL_SERIES}* && \ + rm /linux/kernel_config* && \ make defconfig && \ make oldconfig && \ - if [ -z "${DEBUG}" ]; then diff .config ${KERNEL_DEF_CONF}; fi + if [ -z "${EXTRA}" ]; then diff .config ${KERNEL_DEF_CONF}; fi RUN mkdir /out @@ -101,7 +102,7 @@ RUN make -j "$(getconf _NPROCESSORS_ONLN)" KCFLAGS="-fno-pie" && \ ;; \ esac && \ cp System.map /out && \ - ([ -n "${DEBUG}" ] && cp vmlinux /out || true) + ([ "${EXTRA}" = "-dbg" ] && cp vmlinux /out || true) # WireGuard RUN curl -sSL -o /wireguard.tar.xz "${WIREGUARD_URL}" && \ diff --git a/kernel/Makefile b/kernel/Makefile index d41bee2ec..90a0e1a4f 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -17,6 +17,11 @@ ORG?=linuxkit IMAGE:=kernel IMAGE_PERF:=kernel-perf +# You can specify an extra options for the Makefile. This will: +# - append a kernel_config$(EXTRA) to the kernel config for your kernel/arch +# - append $(EXTRA) to the CONFIG_LOCALVERSION of your kernel +EXTRA?= + ifeq ($(HASH),) HASH_COMMIT?=HEAD # Setting this is only really useful with the show-tag target HASH?=$(shell git ls-tree --full-tree $(HASH_COMMIT) -- $(CURDIR) | awk '{print $$3}') @@ -49,6 +54,12 @@ COMMIT_LABEL=--label org.opencontainers.image.revision=$(REPO_COMMIT) endif LABELS=$(REPO_LABEL) $(COMMIT_LABEL) +ifeq ($(DOCKER_CONTENT_TRUST),) +ifndef NOTRUST +export DOCKER_CONTENT_TRUST=1 +endif +endif + KERNEL_VERSIONS= .PHONY: check tag push @@ -71,8 +82,8 @@ sources: # This defines targets like: # build_4.9.x and push_4.9.x and adds them as dependencies # to the global targets -# Set $3 to "_dbg", to build debug kernels. This defines targets like -# build_4.9.x_dbg and adds "_dbg" to the hub image name. +# Set $3 to "-dbg", to build debug kernels. This defines targets like +# build_4.9.x-dbg and adds "-dbg" to the hub image name. define kernel ifeq ($(3),) @@ -81,23 +92,23 @@ sources/linux-$(1).tar.xz: Makefile | sources KERNEL_VERSIONS+=$(1) endif -build_$(2)$(3): Dockerfile Makefile $(wildcard patches-$(2)/*) $(wildcard kernel_config-$(2)*) kernel_config.debug | sources +build_$(2)$(3): Dockerfile Makefile $(wildcard patches-$(2)/*) $(wildcard kernel_config-$(2)*) kernel_config-dbg | sources docker pull $(ORG)/$(IMAGE):$(1)$(3)-$(TAG)$(SUFFIX) || \ docker build \ --build-arg KERNEL_VERSION=$(1) \ --build-arg KERNEL_SERIES=$(2) \ - --build-arg DEBUG=$(3) \ + --build-arg EXTRA=$(3) \ $(LABELS) \ --no-cache -t $(ORG)/$(IMAGE):$(1)$(3)-$(TAG)$(SUFFIX) . push_$(2)$(3): build_$(2)$(3) @if [ x"$(DIRTY)" != x ]; then echo "Your repository is not clean. Will not push image"; exit 1; fi - DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE):$(1)$(3)-$(TAG)$(SUFFIX) || \ - (DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(1)$(3)-$(TAG)$(SUFFIX) && \ + docker pull $(ORG)/$(IMAGE):$(1)$(3)-$(TAG)$(SUFFIX) || \ + (docker push $(ORG)/$(IMAGE):$(1)$(3)-$(TAG)$(SUFFIX) && \ docker tag $(ORG)/$(IMAGE):$(1)$(3)-$(TAG)$(SUFFIX) $(ORG)/$(IMAGE):$(1)$(3)$(SUFFIX) && \ - DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE):$(1)$(3)$(SUFFIX) && \ - $(PUSH_MANIFEST) $(ORG)/$(IMAGE):$(1)$(3)-$(TAG) 1 && \ - $(PUSH_MANIFEST) $(ORG)/$(IMAGE):$(1)$(3) 1) + docker push $(ORG)/$(IMAGE):$(1)$(3)$(SUFFIX) && \ + $(PUSH_MANIFEST) $(ORG)/$(IMAGE):$(1)$(3)-$(TAG) $(DOCKER_CONTENT_TRUST) && \ + $(PUSH_MANIFEST) $(ORG)/$(IMAGE):$(1)$(3) $(DOCKER_CONTENT_TRUST)) show-tag_$(2)$(3): @echo $(ORG)/$(IMAGE):$(1)$(3)-$(TAG) @@ -116,12 +127,12 @@ build_perf_$(2)$(3): build_$(2)$(3) push_perf_$(2)$(3): build_perf_$(2)$(3) @if [ x"$(DIRTY)" != x ]; then echo "Your repository is not clean. Will not push image"; exit 1; fi - DOCKER_CONTENT_TRUST=1 docker pull $(ORG)/$(IMAGE_PERF):$(1)$(3)-$(TAG)$(SUFFIX) || \ - (DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE_PERF):$(1)$(3)-$(TAG)$(SUFFIX) && \ + docker pull $(ORG)/$(IMAGE_PERF):$(1)$(3)-$(TAG)$(SUFFIX) || \ + (docker push $(ORG)/$(IMAGE_PERF):$(1)$(3)-$(TAG)$(SUFFIX) && \ docker tag $(ORG)/$(IMAGE_PERF):$(1)$(3)-$(TAG)$(SUFFIX) $(ORG)/$(IMAGE_PERF):$(1)$(3)$(SUFFIX) && \ - DOCKER_CONTENT_TRUST=1 docker push $(ORG)/$(IMAGE_PERF):$(1)$(3)$(SUFFIX) && \ - $(PUSH_MANIFEST) $(ORG)/$(IMAGE_PERF):$(1)$(3)-$(TAG) 1 && \ - $(PUSH_MANIFEST) $(ORG)/$(IMAGE_PERF):$(1)$(3) 1) + docker push $(ORG)/$(IMAGE_PERF):$(1)$(3)$(SUFFIX) && \ + $(PUSH_MANIFEST) $(ORG)/$(IMAGE_PERF):$(1)$(3)-$(TAG) $(DOCKER_CONTENT_TRUST) && \ + $(PUSH_MANIFEST) $(ORG)/$(IMAGE_PERF):$(1)$(3) $(DOCKER_CONTENT_TRUST)) build: build_perf_$(2)$(3) push: push_perf_$(2)$(3) @@ -133,11 +144,11 @@ endef # Build Targets # Debug targets only for latest stable and LTS stable # -$(eval $(call kernel,4.12.8,4.12.x)) -$(eval $(call kernel,4.12.8,4.12.x,_dbg)) -$(eval $(call kernel,4.9.44,4.9.x)) -$(eval $(call kernel,4.9.44,4.9.x,_dbg)) -$(eval $(call kernel,4.4.83,4.4.x)) +$(eval $(call kernel,4.12.8,4.12.x,$(EXTRA))) +$(eval $(call kernel,4.12.8,4.12.x,-dbg)) +$(eval $(call kernel,4.9.44,4.9.x,$(EXTRA))) +$(eval $(call kernel,4.9.44,4.9.x,-dbg)) +$(eval $(call kernel,4.4.83,4.4.x,$(EXTRA))) # Target for kernel config kconfig: | sources diff --git a/kernel/kernel_config.debug b/kernel/kernel_config-dbg similarity index 100% rename from kernel/kernel_config.debug rename to kernel/kernel_config-dbg