Merge branch 'master' into v5.8.x

.github/workflows/master.yml → .github/workflows/build-trusted.yml

@@ -1,20 +1,16 @@
-name: Kernel Build
+name: Kernel Build (Trusted)
 
-on:
-  push:
-    branches: 
-      - master
-      - flavor/*
+on: pull_request
 
 jobs:
-   build:
+  build:
+    name: Build
     runs-on: [self-hosted]
     strategy:
       matrix:
         include:
-          - build_type: 'generic'
-            build_cc: gcc-10
-    if: "!contains(github.event.head_commit.message, 'skip ci')"
+          - build_cc: gcc-10
+    if: github.event.pull_request.head.repo.full_name == github.repository && !contains(github.event.head_commit.message, 'skip ci')
     steps:
     - name: Checkout Sources
       uses: actions/checkout@v2
@@ -23,9 +19,7 @@ jobs:
     - name: Build Kernel
       run: make
       env:
-          PVE_BUILD_TYPE: ${{ matrix.build_type }}
           PVE_BUILD_CC: ${{ matrix.build_cc }}
-          PVE_BUILD_CFLAGS: ${{ matrix.build_cflags }}
     - name: Read Build Information
       id: read_build_info
       run: |
@@ -38,3 +32,4 @@ jobs:
       with:
         name: debs-${{ matrix.build_type }}
         path: "*.deb"
+

.github/workflows/release.yml

@@ -2,10 +2,13 @@ name: Kernel Release
 
 on:
   push:
-    tags: v*
+    tags:
+      - v*
+      - flavor/*/v*
 
 jobs:
    build:
+    name: Build
     runs-on: [self-hosted, build]
     strategy:
       matrix:
@@ -43,6 +46,7 @@ jobs:
         name: debs-${{ matrix.build_type }}
         path: "*.deb"
    publish:
+    name: Publish
     runs-on: [self-hosted]
     needs: build
     steps:
@@ -68,7 +72,7 @@ jobs:
     - name: Create Release
       uses: softprops/action-gh-release@v1
       env:
-        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
         name: pve-edge-kernel ${{ steps.format_release.outputs.release }}
         body: ${{ steps.format_release.outputs.changelog }}

.github/workflows/update.yml

@@ -0,0 +1,71 @@
+name: Kernel Update
+
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag of the Linux Kernel to update to'
+        required: true
+      version:
+        description: 'Custom version number'
+        required: false
+      release:
+        description: 'Custom release number'
+        required: false
+
+jobs:
+  update:
+    name: Update
+    runs-on: [ubuntu-latest]
+    steps:
+    - name: Checkout Sources
+      uses: actions/checkout@v2
+      with:
+          submodules: recursive
+    - uses: tibdex/github-app-token@v1
+      id: generate-token
+      with:
+        app_id: ${{ secrets.APP_ID }}
+        private_key: ${{ secrets.APP_PRIVATE_KEY }}
+    - name: Setup System Dependencies
+      run: sudo apt install devscripts
+    - name: Update Kernel
+      id: update
+      run: |
+        TAG=${{ github.event.inputs.tag }}
+        VERSION=${{ github.event.inputs.version }}
+        RELEASE=${{ github.event.inputs.release }}
+        VERSION_OPT=${VERSION:+-v ${VERSION}}
+        RELEASE_OPT=${RELEASE:+-r ${RELEASE}}
+        ./scripts/update.sh -t ${{ github.event.inputs.tag }} $VERSION_OPT $RELEASE_OPT
+        echo "::set-output name=version::$(scripts/version.sh -L)"
+        echo "::set-output name=full::$(scripts/version.sh)"
+        changelog=$(dpkg-parsechangelog -c 1 -l debian/changelog)
+        changelog="${changelog//'%'/'%25'}"
+        changelog="${changelog//$'\n'/'%0A'}"
+        changelog="${changelog//$'\r'/'%0D'}"
+        echo "::set-output name=changelog::$changelog"
+        base=$(scripts/version.sh -B)
+        echo "::set-output name=base::$base"
+        echo "::set-output name=branch::${GITHUB_REF##*/}"
+    - name: Create Pull Request
+      uses: peter-evans/create-pull-request@v3
+      with:
+        token: ${{ steps.generate-token.outputs.token }} # Custom token needed to recursively trigger workflows
+        commit-message: |
+          Add Linux ${{ steps.update.outputs.version }}
+
+          This change updates the kernel to Linux ${{ steps.update.outputs.version }} based on Ubuntu ${{ steps.update.output.base }}.
+        branch: staging/v${{ steps.update.outputs.full }}
+        branch-suffix: short-commit-hash
+        delete-branch: true
+        title: "Add Linux ${{ steps.update.outputs.version }}"
+        body: |
+          Automated pull request to update the kernel to Linux ${{ steps.update.outputs.version }}.
+
+          **Changelog:**
+          ```
+          ${{ steps.update.outputs.changelog }}
+          ```
+        labels: |
+          release

.gitignore

@@ -1,2 +1,6 @@
-ubuntu-zesty
+# Build artifacts
+build
 *.prepared
+config*.org
+*.deb
+*.ddeb

Makefile

@@ -157,4 +157,5 @@ abi-tmp-${KVNAME}:
 .PHONY: clean
 clean:
 	rm -rf *~ build *.prepared ${KERNEL_CFG_ORG}
-	rm -f *.deb *.changes *.buildinfo release.txt artifacts.txt
+	rm -f *.deb *.ddeb *.changes *.buildinfo release.txt artifacts.txt
+	rm -f debian/control debian/pve-edge-*.postinst debian/pve-edge-*.prerm debian/pve-edge-*.postrm debian/rules.d/env.mk

README.md

@@ -8,7 +8,7 @@ Custom Linux kernels for Promox VE 6.
 
 #### Flavors
 1. Proxmox
-2. Clear Linux
+2. [Navi Reset](https://github.com/fabianishere/pve-edge-kernel/issues/5)
 
 #### Microarchitectures
 1. Generic
@@ -37,6 +37,65 @@ by updating `/etc/apparmor/parser.conf` as follows:
 features-file=/usr/share/apparmor-features/features.stock
 ```
 
+## Building manually
+You may also choose to manually build one of these kernels yourself.
+
+#### Prerequisites
+Make sure you have at least 30GB of free space available and have the following
+packages installed:
+
+```bash
+apt install devscripts asciidoc-base automake bc bison cpio dh-python flex git kmod libdw-dev libelf-dev libiberty-dev libnuma-dev libpve-common-perl libslang2-dev libssl-dev libtool lintian lz4 perl-modules python2-minimal rsync sed sphinx-common tar xmlto zlib1g-dev dwarves
+```
+In case you are building a kernel version >= 5.8, make sure you have installed at least [dwarves >= 1.16.0](https://packages.debian.org/bullseye/dwarves).
+Unfortunately, this version is currently only available in the Debian Testing and Debian Unstable repositories. To work around this issue, we describe two options:
+
+1. You may add the Debian Testing repository to your APT sources as described [here](https://serverfault.com/a/382101) and install the newer `dwarves` package as follows:
+```shell
+apt install -t testing dwarves
+```
+2. Alternatively, you may [download](https://packages.debian.org/bullseye/dwarves) the newer `dwarves` (>= 1.16) package from the Debian website and install the package manually, for example:
+```shell
+wget http://ftp.us.debian.org/debian/pool/main/d/dwarves-dfsg/dwarves_1.17-1_amd64.deb
+apt install ./dwarves_1.17-1_amd64.deb
+```
+
+#### Obtaining the source
+```bash
+git clone https://github.com/fabianishere/pve-edge-kernel
+cd pve-ede-kernel
+git submodule update --init --depth=1 --recursive submodules/ubuntu-mainline
+git submodule update --init --recursive
+```
+Afterwards, select the branch of your likings (e.g. `v5.8.x`).
+
+#### Building
+Invoking the following command will build the kernel and its associated packages:
+```bash
+make
+```
+The Makefile provides several environmental variables to control:
+
+1. `PVE_BUILD_FLAVOR`  
+   The name of the kernel flavor which represents a selection of kernel
+   functionality (e.g. [hardened](https://github.com/anthraxx/linux-hardened) or [zen](https://github.com/zen-kernel/zen-kernel)).
+   This name is part of the kernel version and package name, which means that you
+   can have multiple flavors of the same kernel installed alongside each other.
+   Note that the name itself does not control the selection of kernel functionality.
+2. `PVE_BUILD_TYPE` (default `generic`)  
+   The name of the kernel build type which represents the compilation options of
+   the kernel (e.g. optimization level or micro architecture).
+   This name is appended as suffix to the Debian package version in case it is not
+   the default value.
+3. `PVE_BUILD_CC`  
+   The compiler to use for the kernel build.
+4. `PVE_BUILD_CFLAGS`  
+   The compilation options to use for the kernel build. Use this variable to specify
+   the optimization level or micro architecture to build for.
+
+Kernel options may be controlled from the [debian/rules](debian/rules) file. To build with
+additional patches, you may add them to the [patches/pve](patches/pve) directory.
+
 ## Questions
 If you have any questions or want to see additional versions, flavors or micro architectures being built, feel
 free to open an issue on Github.

scripts/update.sh

@@ -0,0 +1,97 @@
+#1/bin/bash
+# Script to prepare update for new kernel release
+set -e 
+set -o pipefail
+
+LINUX_REPOSITORY=submodules/ubuntu-mainline
+
+while getopts "R:t:b:v:r:h" OPTION; do
+    case $OPTION in
+    R)
+        LINUX_REPOSITORY=$OPTARG
+        ;;
+    t)
+        LINUX_TAG=$OPTARG
+        ;;
+    b)
+        LINUX_BASE=$OPTARG
+        ;;
+    v)
+        LINUX_VERSION=$OPTARG
+        ;;
+    r)
+        LINUX_PACKAGE_RELEASE=$OPTARG
+        ;;
+    h)
+        echo "update.sh -rtbh"
+        echo "  -R  path to Linux Git repository"
+        echo "  -t  tag in Linux Git repository to pick"
+        echo "  -b  manual basis for this kernel"
+        echo "  -v  manual version for this kernel"
+        echo "  -r  manual release version for this kernel"
+        echo "  -h  this help message"
+        exit 1
+        ;;
+    *)
+        echo "Incorrect options provided"
+        exit 1
+        ;;
+    esac
+done
+
+# Fetch from Git repository
+echo "Fetching $LINUX_TAG from Linux Git repository..."
+
+git --git-dir $LINUX_REPOSITORY/.git fetch origin --depth 1 $LINUX_TAG
+git --git-dir $LINUX_REPOSITORY/.git checkout FETCH_HEAD
+
+if [[ -z "$LINUX_BASE" ]]; then
+    # Parse the Ubuntu base from which our build is derived
+    UBUNTU_BASE=$(git --git-dir $LINUX_REPOSITORY/.git log -1 --pretty=%B | sed -n "s/^.*Ubuntu-\([0-9.-]*\).*$/\1/p")
+    LINUX_BASE="Ubuntu $UBUNTU_BASE"
+fi
+
+if [[ -z "$LINUX_VERSION" ]]; then
+    # Parse the Linux version from the Linux repository if it not provided by the user
+    LINUX_VERSION=$(dpkg-parsechangelog -l $LINUX_REPOSITORY/debian.master/changelog --show-field Version | sed -n "s/^\([0-9.]*\).*$/\1/p")
+fi
+
+echo "Using Linux $LINUX_VERSION based on $LINUX_BASE."
+
+# Prepare Debian changelog
+sed -e "s/@KVNAME@/$LINUX_VERSION/g" -e "s/@KVMAJMIN@/$LINUX_VERSION_MAJOR.$LINUX_VERSION_MINOR/g" < debian/control.in > debian/control
+
+LINUX_VERSION_MAJOR=$(echo $LINUX_VERSION | cut -d. -f1)
+LINUX_VERSION_MINOR=$(echo $LINUX_VERSION | cut -d. -f2)
+LINUX_VERSION_PATCH=$(echo $LINUX_VERSION | cut -d. -f3)
+LINUX_VERSION_PATCH=${LINUX_VERSION_PATCH:-0} # Default to 0
+
+LINUX_PACKAGE_RELEASE_PREVIOUS=$(scripts/version.sh -r)
+
+# Check whether we need to increment the package release
+if [[ -n $LINUX_PACKAGE_RELEASE ]]; then
+    echo "Using custom package release $LINUX_PACKAGE_RELEASE"
+elif [[ $LINUX_VERSION == "$(scripts/version.sh -L)" ]]; then
+    LINUX_PACKAGE_RELEASE=$((LINUX_PACKAGE_RELEASE_PREVIOUS + 1))
+    echo "Incrementing package release to $LINUX_PACKAGE_RELEASE"
+else
+    LINUX_PACKAGE_RELEASE=1
+    echo "New package release"
+fi
+
+echo "Updating Makefile..."
+# Update the Makefile with the proper version numbers
+sed -i Makefile \
+    -e "s/^KERNEL_MAJ=[0-9]*$/KERNEL_MAJ=$LINUX_VERSION_MAJOR/" \
+    -e "s/^KERNEL_MIN=[0-9]*$/KERNEL_MIN=$LINUX_VERSION_MINOR/" \
+    -e "s/^KERNEL_PATCHLEVEL=[0-9]*$/KERNEL_PATCHLEVEL=$LINUX_VERSION_PATCH/" \
+    -e "s/^KREL=[0-9]*$/KREL=1/" \
+    -e "s/^PKGREL=[0-9]*$/PKGREL=$LINUX_PACKAGE_RELEASE/"
+
+echo "Generating entry for change log..."
+# Generate a changelog entry
+debchange -v $LINUX_VERSION-$LINUX_PACKAGE_RELEASE -D edge --force-distribution -U -M "Update to Linux $LINUX_VERSION based on $LINUX_BASE."
+
+echo "Cleaning up"
+rm -f debian/control
+

scripts/version.sh

@@ -0,0 +1,72 @@
+#!/bin/bash
+# Script for parsing version information in the repository
+set -e 
+set -o pipefail
+
+LINUX_REPOSITORY=submodules/ubuntu-mainline
+LINUX_VERSION_MAJOR=$(sed -n "s/^KERNEL_MAJ=\([0-9]*$\)/\1/p" < Makefile | xargs)
+LINUX_VERSION_MINOR=$(sed -n "s/^KERNEL_MIN=\([0-9]*$\)/\1/p" < Makefile | xargs)
+LINUX_VERSION_PATCHLEVEL=$(sed -n "s/^KERNEL_PATCHLEVEL=\([0-9]*$\)/\1/p" < Makefile | xargs)
+LINUX_VERSION_PATCHLEVEL=${LINUX_VERSION_PATCHLEVEL:-0}
+LINUX_VERSION=$LINUX_VERSION_MAJOR.$LINUX_VERSION_MINOR.$LINUX_VERSION_PATCHLEVEL
+LINUX_PACKAGE_RELEASE=$(sed -n "s/^PKGREL=\(.*\)$/\1/p" < Makefile | xargs)
+LINUX_FLAVOR=$(sed -n "s/^PVE_BUILD_TYPE ?=\(.*\)$/\1/p" < Makefile | xargs)
+
+while getopts "MmprfdLBh" OPTION; do
+    case $OPTION in
+    M)
+        echo $LINUX_VERSION_MAJOR
+        exit 0
+        ;;
+
+    m)
+        echo $LINUX_VERSION_MINOR
+        exit 0
+        ;; 
+    p)
+        echo $LINUX_VERSION_PATCHLEVEL
+        exit 0
+        ;; 
+    r)
+        echo $LINUX_PACKAGE_RELEASE
+        exit 0
+        ;;
+    f)
+        echo $LINUX_FLAVOR
+        exit 0
+        ;; 
+    f)
+        echo $LINUX_FLAVOR
+        exit 0
+        ;;
+    L)
+        echo $LINUX_VERSION
+        exit 0
+        ;;
+    B)
+        echo $(git --git-dir $LINUX_REPOSITORY/.git log -1 --pretty=%B | sed -n "s/^.*Ubuntu-\([0-9.-]*\).*$/\1/p")
+        exit 0
+        ;;
+    h)
+        echo "commit.sh [-Mmprfh]]"
+        echo "  -M  major version"
+        echo "  -m  minor version"
+        echo "  -p  patch version"
+        echo "  -r  package release"
+        echo "  -f  flavor name"
+        echo "  -L  Linux version"
+        echo "  -h  this help message"
+        exit 1
+        ;;
+    *)
+        echo "Incorrect options provided"
+        exit 1
+        ;;
+    esac
+done
+
+if [[ -z "$LINUX_FLAVOR" ]]; then
+    LINUX_FLAVOR_SUFFIX=-$LINUX_FLAVOR
+fi
+
+echo "$LINUX_VERSION$LINUX_FLAVOR_SUFFIX-$LINUX_PACKAGE_RELEASE"