diff --git a/.github/workflows/fedora-32.yml b/.github/workflows/fedora-32.yml index 0f3a3caee..6c630a606 100644 --- a/.github/workflows/fedora-32.yml +++ b/.github/workflows/fedora-32.yml @@ -38,7 +38,7 @@ jobs: cd pkg/fedora/kernel-surface # Build the .rpm packages - ../makerpm + ../makerpm -- --with=signkernel -ba - name: Sign packages env: diff --git a/.github/workflows/fedora-33.yml b/.github/workflows/fedora-33.yml index 9fed2e6c7..2bc4dfeeb 100644 --- a/.github/workflows/fedora-33.yml +++ b/.github/workflows/fedora-33.yml @@ -38,7 +38,7 @@ jobs: cd pkg/fedora/kernel-surface # Build the .rpm packages - ../makerpm + ../makerpm -- --with=signkernel -ba - name: Sign packages env: diff --git a/.github/workflows/fedora-34.yml b/.github/workflows/fedora-34.yml new file mode 100644 index 000000000..b171b7d36 --- /dev/null +++ b/.github/workflows/fedora-34.yml @@ -0,0 +1,128 @@ +on: + push: + tags: + - 'fedora-34-*' + +name: Fedora 34 + +env: + GPG_KEY_ID: 56C464BAAC421453 + +jobs: + build: + name: Build Kernel + runs-on: ubuntu-latest + container: fedora:34 + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Install build dependencies + run: | + dnf distro-sync -y + dnf install -y rpmdevtools rpm-sign 'dnf-command(builddep)' + dnf builddep -y pkg/fedora/kernel-surface/kernel-surface.spec + + - name: Setup secureboot certificate + env: + SB_KEY: ${{ secrets.SURFACE_SB_KEY }} + run: | + cd pkg + + # Install the surface secureboot certificate + echo "$SB_KEY" | base64 -d > fedora/kernel-surface/surface.key + cp keys/surface.crt fedora/kernel-surface/surface.crt + + - name: Build packages + run: | + cd pkg/fedora/kernel-surface + + # Build the .rpm packages + ../makerpm -- --with=signkernel -ba + + - name: Sign packages + env: + GPG_KEY: ${{ secrets.SURFACE_GPG_KEY }} + run: | + cd pkg/fedora/kernel-surface/out/x86_64 + + # import GPG key + echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes + + # sign packages + rpm --resign *.rpm --define "_gpg_name $GPG_KEY_ID" + + - name: Upload artifacts + uses: actions/upload-artifact@v1 + with: + name: fedora-34-latest + path: pkg/fedora/kernel-surface/out/x86_64 + + release: + name: Publish release + needs: [build] + runs-on: ubuntu-latest + steps: + - name: Download artifacts + uses: actions/download-artifact@v1 + with: + name: fedora-34-latest + + - name: Upload assets + uses: svenstaro/upload-release-action@v1-release + with: + repo_token: ${{ secrets.GITHUB_BOT_TOKEN }} + file: ./*-latest/* + tag: ${{ github.ref }} + overwrite: true + file_glob: true + + repo: + name: Update package repository + needs: [release] + runs-on: ubuntu-latest + container: fedora:34 + steps: + - name: Install dependencies + run: | + dnf install -y git findutils + + - name: Download artifacts + uses: actions/download-artifact@v1 + with: + name: fedora-34-latest + + - name: Update repository + env: + SURFACEBOT_TOKEN: ${{ secrets.GITHUB_BOT_TOKEN }} + BRANCH_STAGING: u/staging + GIT_REF: ${{ github.ref }} + run: | + repo="https://surfacebot:${SURFACEBOT_TOKEN}@github.com/linux-surface/repo.git" + + # clone package repository + git clone -b "${BRANCH_STAGING}" "${repo}" repo + + # copy packages + cp fedora-34-latest/* repo/fedora/f34 + cd repo/fedora/f34 + + # parse git tag from ref + GIT_TAG=$(echo $GIT_REF | sed 's|^refs/tags/||g') + + # convert packages into references + for pkg in $(find . -name '*.rpm'); do + echo "linux-surface:$GIT_TAG/$(basename $pkg)" > $pkg.blob + rm $pkg + done + + # set git identity + git config --global user.email "surfacebot@users.noreply.github.com" + git config --global user.name "surfacebot" + + # commit and push + update_branch="${BRANCH_STAGING}-$(cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)" + git checkout -b "${update_branch}" + git add . + git commit -m "Update Fedora 34 kernel" + git push --set-upstream origin "${update_branch}" diff --git a/pkg/fedora/kernel-surface/kernel-surface.spec b/pkg/fedora/kernel-surface/kernel-surface.spec index 39f13e3f3..0009e1898 100755 --- a/pkg/fedora/kernel-surface/kernel-surface.spec +++ b/pkg/fedora/kernel-surface/kernel-surface.spec @@ -2,12 +2,18 @@ # Definitions to configure the kernel we want to build # +%global kernel_tag_fc34 kernel-5.11.5-300.fc34 %global kernel_tag_fc33 kernel-5.10.21-200.fc33 %global kernel_tag_fc32 kernel-5.10.21-100.fc32 +%global kernel_release_fc34 1 %global kernel_release_fc33 1 %global kernel_release_fc32 1 +# This is what is printed in the GRUB menu. These cannot be fetched from the +# buildhost, because in a container this will also say container. To get the +# same text as the default kernels, just hardcode it. Hey, this is important! +%global fedora_title_fc34 34 (Thirty Four) %global fedora_title_fc33 33 (Thirty Three) %global fedora_title_fc32 32 (Thirty Two) @@ -41,6 +47,8 @@ # Actual specfile starts here # +%bcond_with signkernel + Name: kernel-surface Summary: The Linux Kernel with patches for Microsoft Surface Version: %{kernel_version} @@ -81,12 +89,29 @@ Source0: %{fedora_source}/archive/%{kernel_tag}.tar.gz Source1: %{surface_source}/configs/surface-%{kernel_majorver}.config Source2: fedora.config +%if %{with signkernel} Source20: %{sb_crt} Source21: %{sb_key} +%endif Source100: mod-sign.sh Source101: parallel_xz.sh +%if "%{kernel_majorver}" == "5.11" + +Patch0: %{surface_source}/%{kernel_patches}/0001-surface3-oemb.patch +Patch1: %{surface_source}/%{kernel_patches}/0002-wifi.patch +Patch2: %{surface_source}/%{kernel_patches}/0003-ipts.patch +Patch3: %{surface_source}/%{kernel_patches}/0004-surface-sam-over-hid.patch +Patch4: %{surface_source}/%{kernel_patches}/0005-surface-sam.patch +Patch5: %{surface_source}/%{kernel_patches}/0006-surface-hotplug.patch +Patch6: %{surface_source}/%{kernel_patches}/0007-surface-typecover.patch +Patch7: %{surface_source}/%{kernel_patches}/0008-surface-sensors.patch +Patch8: %{surface_source}/%{kernel_patches}/0009-cameras.patch +Patch9: %{surface_source}/%{kernel_patches}/0010-ath10k-firmware-override.patch + +%else + Patch0: %{surface_source}/%{kernel_patches}/0001-surface3-oemb.patch Patch1: %{surface_source}/%{kernel_patches}/0002-wifi.patch Patch2: %{surface_source}/%{kernel_patches}/0003-ipts.patch @@ -99,6 +124,8 @@ Patch8: %{surface_source}/%{kernel_patches}/0009-surface-sensors.patch Patch9: %{surface_source}/%{kernel_patches}/0010-cameras.patch Patch10: %{surface_source}/%{kernel_patches}/0011-ath10k-firmware-override.patch +%endif + Patch100: 0001-Add-secureboot-pre-signing-to-the-kernel.patch ExclusiveArch: x86_64 @@ -121,7 +148,7 @@ This package provides kernel headers and makefiles sufficient to build modules against the kernel-surface package. %prep -%autosetup -S git_am -n linux-fedora-%{kernel_tag} +%autosetup -p1 -n linux-fedora-%{kernel_tag} scripts/kconfig/merge_config.sh \ fedora/configs/%{kernel_config} \ @@ -131,11 +158,11 @@ scripts/kconfig/merge_config.sh \ echo $((%{kernel_release} - 1)) > .version # Copy secureboot certificates if they are available -if [ -f "%{SOURCE20}" ] && [ -f "%{SOURCE21}" ]; then - mkdir -p keys - cp %{SOURCE20} keys/MOK.crt - cp %{SOURCE21} keys/MOK.key -fi +%if %{with signkernel} +mkdir -p keys +cp %{SOURCE20} keys/MOK.crt +cp %{SOURCE21} keys/MOK.key +%endif # This Prevents scripts/setlocalversion from mucking with our version numbers. touch .scmversion diff --git a/pkg/fedora/makerpm b/pkg/fedora/makerpm index e551a3f2a..10fdd54bc 100755 --- a/pkg/fedora/makerpm +++ b/pkg/fedora/makerpm @@ -50,8 +50,8 @@ while getopts ":hcsf:k:" args; do done shift $((OPTIND-1)) -if [ ! "$@" = "" ]; then - OPTS="$@" +if [ ! "$*" = "" ]; then + OPTS="$*" fi # Check if the specfile exists