rancher/os-kernel
1
0
Fork 1
mirror of https://github.com/rancher/os-kernel.git synced 2025-08-12 01:41:31 +00:00
Code Issues Releases Wiki Activity

Update to 4.9.1 kernel, and start verifying signed kernel

Browse Source 
Signed-off-by: Sven <sven@osbuild.local.lan>
This commit is contained in:
Sven Dowideit 2017-01-09 00:26:49 +00:00
parent c3f38b0b54
commit bf457e66cc
7 changed files with 25 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Dockerfile.dapper
View File

@ -13,7 +13,7 @@ ARG HOST_ARCH=${DAPPER_HOST_ARCH}
ARG ARCH=${HOST_ARCH} ARG ARCH=${HOST_ARCH}
RUN apt-get update \ RUN apt-get update \
&& apt-get install -y build-essential wget libncurses5-dev unzip bc curl python rsync ccache git vim libssl-dev kmod && apt-get install -y build-essential wget libncurses5-dev unzip bc curl python rsync ccache git vim libssl-dev kmod gnupg2
# Install dapper # Install dapper
RUN curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m | sed 's/arm.*/arm/') > /usr/bin/dapper \ RUN curl -sL https://releases.rancher.com/dapper/latest/dapper-$(uname -s)-$(uname -m | sed 's/arm.*/arm/') > /usr/bin/dapper \
@ -62,9 +62,12 @@ RUN curl -fL ${DOCKER_URL_amd64} > /usr/bin/docker && \
chmod +x /usr/bin/docker chmod +x /usr/bin/docker
########## Kernel version Configuration ############################# ########## Kernel version Configuration #############################
ENV KERNEL_TAG=4.9 ENV KERNEL_TAG=4.9.1
ENV KERNEL_VERSION=${KERNEL_TAG}-rancher2 ENV KERNEL_VERSION=${KERNEL_TAG}-rancher
ENV KERNEL_SHA1=fa46da077c077467776cdc45a7b50d327a081ab4 #ENV KERNEL_SHA1=fa46da077c077467776cdc45a7b50d327a081ab4
ENV KERNEL_URL=https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-${KERNEL_TAG}.tar.xz ENV KERNEL_URL=https://cdn.kernel.org/pub/linux/kernel/v4.x/
ENV KERNEL_TAR=linux-${KERNEL_TAG}.tar.xz
ENV KERNEL_SIGN=linux-${KERNEL_TAG}.tar.sign
# for rc testing
#ENV KERNEL_URL=https://cdn.kernel.org/pub/linux/kernel/v4.x/testing/linux-${KERNEL_TAG}.tar.xz #ENV KERNEL_URL=https://cdn.kernel.org/pub/linux/kernel/v4.x/testing/linux-${KERNEL_TAG}.tar.xz

6
README.md
View File

@ -15,9 +15,3 @@ package up the result by running
You may need to adjust the expected module list files. You may need to adjust the expected module list files.
## Notes
```
+: ${KERNEL_URL:="https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.8.1.tar.xz"}
+: ${KERNEL_SHA1:="af418cf983819e99fb4bd0c200a10d9568a2ac52"}
```

2
config/kernel-config
View File

@ -1,6 +1,6 @@
# #
# Automatically generated file; DO NOT EDIT. # Automatically generated file; DO NOT EDIT.
# Linux/x86 4.9.0 Kernel Configuration # Linux/x86 4.9.1 Kernel Configuration
# #
CONFIG_64BIT=y CONFIG_64BIT=y
CONFIG_X86_64=y CONFIG_X86_64=y

1
scripts/build-kernel
View File

@ -9,7 +9,6 @@ source scripts/version
export CCACHE_DIR="${HOME}/.kernel-ccache" export CCACHE_DIR="${HOME}/.kernel-ccache"
export CC="ccache gcc" export CC="ccache gcc"
export PATH="/usr/lib/ccache:$PATH" export PATH="/usr/lib/ccache:$PATH"
KERNEL=$(basename ${KERNEL_URL})
DIR=${VERSION} DIR=${VERSION}
FIRMWARE=$(readlink -f scripts/firmware) FIRMWARE=$(readlink -f scripts/firmware)
MODULE_LIST=$(readlink -f modules.list) MODULE_LIST=$(readlink -f modules.list)

44
scripts/download
View File

@ -6,37 +6,19 @@ cd $(dirname $0)/..
source scripts/build-common source scripts/build-common
check() mkdir -p ${ARTIFACTS}
{ cd ${ARTIFACTS}
local hash=$1
local file=$2
if [ ! -e "$file" ]; then if [ ! -e "${KERNEL_TAR}" ]; then
return 1 curl -sL ${KERNEL_URL}${KERNEL_TAR} > ${KERNEL_TAR}
fi fi
curl -sL ${KERNEL_URL}${KERNEL_SIGN} > ${KERNEL_SIGN}
CURRENT=$(sha1sum $file | awk '{print $1}') # grab gregkh's stable signing key
gpg2 --keyserver hkp://keys.gnupg.net --recv-keys 6092693E
[ "$hash" = "$CURRENT" ] if ! xz -cd ${KERNEL_TAR} | gpg2 --verify ${KERNEL_SIGN} - ; then
} echo "ERROR: ${KERNEL_TAR} signing error" 1>&2
return 1
download() fi
{ echo "${KERNEL_TAR} probably ok"
mkdir -p ${ARTIFACTS}
local url=$2
local file=${ARTIFACTS}/$(basename $2)
local hash=$1
if ! check $hash $file; then
curl -sL $url > $file
fi
if ! check $hash $file; then
echo "ERROR: $file does not match checksum $hash, got $CURRENT" 1>&2
return 1
fi
}
# Download Kernel source
download ${KERNEL_SHA1} ${KERNEL_URL}

7
scripts/extract
View File

@ -6,20 +6,19 @@ cd $(dirname $0)/..
source scripts/build-common source scripts/build-common
source scripts/version source scripts/version
KERNEL=$(basename ${KERNEL_URL})
DIR=${VERSION} DIR=${VERSION}
mkdir -p ${BUILD} mkdir -p ${BUILD}
cd ${BUILD} cd ${BUILD}
if [ ! -e ${DIR} ]; then if [ ! -e ${DIR} ]; then
echo Extracting ${ARTIFACTS}/${KERNEL} echo Extracting ${ARTIFACTS}/${KERNEL_TAR}
TEMP=$(mktemp -d -p ${BUILD}) TEMP=$(mktemp -d -p ${BUILD})
mkdir ${TEMP}/${DIR} mkdir ${TEMP}/${DIR}
trap "rm -rf ${TEMP}" exit trap "rm -rf ${TEMP}" exit
ls -lah ${ARTIFACTS}/${KERNEL} ls -lah ${ARTIFACTS}/${KERNEL_TAR}
tar xf ${ARTIFACTS}/${KERNEL} -C ${TEMP}/${DIR} --strip-components=1 tar xf ${ARTIFACTS}/${KERNEL_TAR} -C ${TEMP}/${DIR} --strip-components=1
mv ${TEMP}/${DIR} ${DIR} mv ${TEMP}/${DIR} ${DIR}
fi fi

1
scripts/package-kernel
View File

@ -25,7 +25,6 @@ done
export CCACHE_DIR="${HOME}/.kernel-ccache" export CCACHE_DIR="${HOME}/.kernel-ccache"
export CC="ccache gcc" export CC="ccache gcc"
export PATH="/usr/lib/ccache:$PATH" export PATH="/usr/lib/ccache:$PATH"
KERNEL=$(basename ${KERNEL_URL})
FIRMWARE=$(readlink -f scripts/firmware) FIRMWARE=$(readlink -f scripts/firmware)
MODULE_LIST=$(readlink -f modules.list) MODULE_LIST=$(readlink -f modules.list)
MODULE_EXTRA_LIST=$(readlink -f modules-extra.list) MODULE_EXTRA_LIST=$(readlink -f modules-extra.list)