Merge pull request #1526 from bcressey/kernel-five-ten

add support for kernel 5.10

Dockerfile

@@ -8,7 +8,12 @@
 # filesystem at /host.
 
 ARG SDK
+ARG TOOLCHAIN
+ARG ARCH
+ARG GOARCH
+
 FROM ${SDK} as sdk
+FROM --platform=linux/${GOARCH} ${TOOLCHAIN}-${ARCH} as toolchain
 
 ############################################################################################
 # Section 1: The following build stages are used to build rpm.spec packages
@@ -120,12 +125,16 @@ WORKDIR /root
 
 USER root
 RUN --mount=target=/host \
-    mkdir -p /local/rpms /local/migrations ./rpmbuild/RPMS \
+    mkdir -p /local/rpms /local/migrations /local/archives ./rpmbuild/RPMS \
     && ln -s /host/build/rpms/*.rpm ./rpmbuild/RPMS \
     && find /host/build/rpms/ -maxdepth 1 -type f \
         -name "bottlerocket-${ARCH}-migrations-*.rpm" \
         -not -iname '*debuginfo*' \
         -exec cp '{}' '/local/migrations/' ';' \
+    && KERNEL="$(printf "%s\n" ${PACKAGES} | awk '/^kernel-/{print $1}')" \
+    && find /host/build/rpms/ -maxdepth 1 -type f \
+        -name "bottlerocket-${ARCH}-${KERNEL}-archive-*.rpm" \
+        -exec cp '{}' '/local/archives/' ';' \
     && createrepo_c \
         -o ./rpmbuild/RPMS \
         -x '*-debuginfo-*.rpm' \
@@ -186,8 +195,30 @@ RUN --mount=target=/host \
     && echo ${NOCACHE}
 
 # =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^=
-# Copies the build artifacts (Bottlerocket image files and migrations) to their expected
-# location so that buildsys can find them and copy them out.
+# Creates an archive of kernel development sources and toolchain.
+FROM repobuild as kmodkitbuild
+ARG ARCH
+ARG VERSION_ID
+ARG BUILD_ID
+ARG NOCACHE
+ARG VARIANT
+ENV VARIANT=${VARIANT} VERSION_ID=${VERSION_ID} BUILD_ID=${BUILD_ID}
+
+USER root
+COPY --from=toolchain /toolchain /local/toolchain
+
+WORKDIR /tmp
+RUN --mount=target=/host \
+    /host/tools/rpm2kmodkit \
+      --archive-dir=/local/archives \
+      --toolchain-dir=/local/toolchain \
+      --output-dir=/local/output \
+    && echo ${NOCACHE}
+
+# =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^= =^..^=
+# Copies the build artifacts (Bottlerocket image files, migrations, and kmod kit) to their
+# expected location so that buildsys can find them and copy them out.
 FROM scratch AS variant
 COPY --from=imgbuild /local/output/* /output/
 COPY --from=migrationbuild /local/output/* /output/
+COPY --from=kmodkitbuild /local/output/* /output/

Makefile.toml

@@ -114,7 +114,7 @@ PUBLISH_AMI_NAME_DEFAULT = "${BUILDSYS_NAME}-${BUILDSYS_VARIANT}-${BUILDSYS_ARCH
 
 # The name of the kmod kit archive, used to ease building out-of-tree kernel modules.
 BUILDSYS_KMOD_KIT = "${BUILDSYS_VARIANT}-${BUILDSYS_ARCH}-kmod-kit-v${BUILDSYS_VERSION_IMAGE}"
-BUILDSYS_KMOD_KIT_PATH="${BUILDSYS_ARCHIVES_DIR}/${BUILDSYS_KMOD_KIT}.tar.xz"
+BUILDSYS_KMOD_KIT_PATH="${BUILDSYS_OUTPUT_DIR}/latest/${BUILDSYS_KMOD_KIT}.tar.xz"
 
 # The name of the OVA bundle that will be built if the current variant builds VMDK artifacts
 BUILDSYS_OVA = "${BUILDSYS_NAME_FULL}.ova"
@@ -335,92 +335,8 @@ cargo build \
 '''
 ]
 
-[tasks.build-kernel]
-env = { "PACKAGE" = "kernel" }
-run_task = "build-package"
-
-[tasks.build-kmod-kit]
-dependencies = ["build-kernel"]
-script_runner = "bash"
-script = [
-'''
-mkdir -p "${BUILDSYS_ARCHIVES_DIR}"
-
-toolchain="toolchain-${BUILDSYS_SDK_VERSION}.${BUILDSYS_ARCH}.tar.gz"
-if [ ! -s "${BUILDSYS_ARCHIVES_DIR}/${toolchain}" ] ; then
-  if ! docker create --name "${toolchain}" \
-      ${BUILDSYS_TOOLCHAIN}-${BUILDSYS_ARCH} true >/dev/null 2>&1 ; then
-    echo "could not create toolchain container" >&2
-    exit 1
-  fi
-  if ! docker cp "${toolchain}":toolchain - \
-      | gzip --fast > "${BUILDSYS_ARCHIVES_DIR}/${toolchain}" ; then
-    echo "could not extract toolchain from container" >&2
-    exit 1
-  fi
-  if ! docker rm -f "${toolchain}" >/dev/null 2>&1 ; then
-    echo "could not remove toolchain container" >&2
-    exit 1
-  fi
-fi
-
-# Find the most recent kernel archive. If we have more than one, we want the
-# last one that was built.
-kernel_archive="$(find "${BUILDSYS_PACKAGES_DIR}" \
-  -type f -name '*-'"${BUILDSYS_ARCH}"'-kernel-archive-*.rpm' \
-  -printf '%T@ %p\n' | sort -r | awk 'NR==1{print $2}')"
-
-if [ "${?}" -ne 0 ] || [ -z "${kernel_archive}" ] || [ ! -s "${kernel_archive}" ]; then
-  echo "Unable to find latest kernel archive for ${BUILDSYS_ARCH} in ${BUILDSYS_PACKAGES_DIR}"
-  exit 1
-fi
-
-if [ -s "${BUILDSYS_KMOD_KIT_PATH}" ] && [ "${BUILDSYS_KMOD_KIT_PATH}" -nt "${kernel_archive}" ]; then
-  echo "Existing kmod kit ${BUILDSYS_KMOD_KIT_PATH} is newer than kernel archive ${kernel_archive}; skipping build."
-  exit 0
-fi
-
-prepare_kmod_kit="
-set -e -o pipefail
-
-mkdir -p /tmp/kit/${BUILDSYS_KMOD_KIT} /tmp/extract
-
-# Retrieve the toolchain and kernel archives.
-pushd /tmp/extract >/dev/null
-find /tmp/rpms -name "${kernel_archive##*/}" \
-  -exec rpm2cpio {} \; | cpio -idmu --quiet
-find -name 'kernel-devel.tar.xz' -exec mv {} /tmp/kit/${BUILDSYS_KMOD_KIT} \;
-popd >/dev/null
-
-# Extract them into the same directory.
-pushd /tmp/kit/${BUILDSYS_KMOD_KIT} >/dev/null
-tar xf kernel-devel.tar.xz
-rm kernel-devel.tar.xz
-tar xf /tmp/archives/${toolchain}
-popd >/dev/null
-
-# Merge them together into a unified archive.
-pushd /tmp/kit >/dev/null
-tar cf ${BUILDSYS_KMOD_KIT}.tar ${BUILDSYS_KMOD_KIT}
-xz -T0 ${BUILDSYS_KMOD_KIT}.tar
-popd >/dev/null
-
-mv /tmp/kit/${BUILDSYS_KMOD_KIT}.tar.xz /tmp/archives
-"
-
-docker run --rm \
-  --network=host \
-  --user "$(id -u):$(id -g)" \
-  --security-opt label:disable \
-  -v "${BUILDSYS_PACKAGES_DIR}":/tmp/rpms \
-  -v "${BUILDSYS_ARCHIVES_DIR}":/tmp/archives \
-  "${BUILDSYS_SDK_IMAGE}" \
-  bash -c "${prepare_kmod_kit}"
-'''
-]
-
 [tasks.build-archives]
-dependencies = ["build-kmod-kit", "build-ova"]
+dependencies = ["build-ova"]
 
 [tasks.build-variant]
 dependencies = ["build-tools", "publish-setup"]
@@ -532,7 +448,9 @@ docker run --rm \
 dependencies = ["fetch"]
 script = [
 '''
-for link in ${BUILDSYS_OUTPUT_DIR}/latest/${BUILDSYS_NAME_VARIANT}*; do
+for link in \
+    ${BUILDSYS_OUTPUT_DIR}/latest/${BUILDSYS_NAME_VARIANT}* \
+    ${BUILDSYS_OUTPUT_DIR}/latest/*-kmod-kit-* ; do
   if [ -L "${link}" ]; then
     rm ${link}
   fi
@@ -551,6 +469,8 @@ for artifact in ${BUILDSYS_OUTPUT_DIR}/${BUILDSYS_NAME_FULL}*; do
   link_name="${file_name/${BUILDSYS_NAME_FULL}/${BUILDSYS_NAME_VARIANT}}"
   ln -snf "../${file_name}" "${BUILDSYS_OUTPUT_DIR}/latest/${link_name}"
 done
+ln -snf "../${BUILDSYS_NAME_FULL}-kmod-kit.tar.xz" \
+  "${BUILDSYS_OUTPUT_DIR}/latest/${BUILDSYS_KMOD_KIT}.tar.xz"
 '''
 ]
 

README.md

@@ -578,7 +578,7 @@ We use RPM package definitions to build and install individual packages into an
 RPM itself is not in the image - it's just a common and convenient package definition format.
 
 We currently package the following major third-party components:
-* Linux kernel ([background](https://en.wikipedia.org/wiki/Linux), [packaging](packages/kernel/))
+* Linux kernel ([background](https://en.wikipedia.org/wiki/Linux), [packaging](packages/kernel-5.4/))
 * glibc ([background](https://www.gnu.org/software/libc/), [packaging](packages/glibc/))
 * Buildroot as build toolchain ([background](https://buildroot.org/), via the [SDK](https://github.com/bottlerocket-os/bottlerocket-sdk))
 * GRUB, with patches for partition flip updates ([background](https://www.gnu.org/software/grub/), [packaging](packages/grub/))

packages/kernel-5.10/1001-Makefile-add-prepare-target-for-external-modules.patch

@@ -0,0 +1,50 @@
+From b6d859b7089dd68d3186f2a088823c322ad4852e Mon Sep 17 00:00:00 2001
+From: Ben Cressey <[email protected]>
+Date: Mon, 19 Apr 2021 18:46:04 +0000
+Subject: [PATCH] Makefile: add prepare target for external modules
+
+We need to ensure that native versions of programs like `objtool` are
+built before trying to build out-of-tree modules, or else the build
+will fail.
+
+Unlike other distributions, we cannot include these programs in our
+kernel-devel archive, because we rely on cross-compilation: these are
+"host" programs and may not match the architecture of the target.
+
+Ideally, out-of-tree builds would run `make prepare` first, so that
+these programs could be compiled in the normal fashion. We ship all
+the files needed for this to work. However, this requirement is
+specific to our use case, and DKMS does not support it.
+
+Adding a minimal prepare target to the dependency graph causes the
+programs to be built automatically and improves compatibility with
+existing solutions.
+
+Signed-off-by: Ben Cressey <[email protected]>
+---
+ Makefile | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/Makefile b/Makefile
+index 1d4a50ebe3b7..b9347d1e69e2 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1719,6 +1719,15 @@ else # KBUILD_EXTMOD
+ KBUILD_BUILTIN :=
+ KBUILD_MODULES := 1
+
++PHONY += modules_prepare
++modules_prepare: $(objtool_target)
++	$(Q)$(MAKE) $(build)=scripts/basic
++	$(Q)$(MAKE) $(build)=scripts/dtc
++	$(Q)$(MAKE) $(build)=scripts/mod
++	$(Q)$(MAKE) $(build)=scripts
++
++prepare: modules_prepare
++
+ build-dirs := $(KBUILD_EXTMOD)
+ PHONY += modules
+ modules: $(MODORDER)
+-- 
+2.21.3
+

packages/kernel-5.10/Cargo.toml

@@ -0,0 +1,17 @@
+[package]
+name = "kernel-5_10"
+version = "0.1.0"
+edition = "2018"
+publish = false
+build = "build.rs"
+
+[package.metadata.build-package]
+package-name = "kernel-5.10"
+
+[lib]
+path = "pkg.rs"
+
+[[package.metadata.build-package.external-files]]
+# Use latest-srpm-url.sh to get this.
+url = "https://cdn.amazonlinux.com/blobstore/fa04b98fc067a4943beac60d0c2971e2fbef1a29faed4bac1c4096abe4ad4c12/kernel-5.10.29-27.126.amzn2.src.rpm"
+sha512 = "47341f4a1c13ba7e5ea72bad13fe689eefd22cc7547aea08a08fe47238b4a3fe1659786a406b84a1d1508143be20d9be2fae6fe3e7a6924bc85043bf61d4bfce"