From 5b353b9a3e36054447cf10d5b0718fd4ea87b80c Mon Sep 17 00:00:00 2001 From: Maximilian Luz Date: Mon, 20 Jan 2020 14:39:58 +0100 Subject: [PATCH 1/5] Add commit message explaining debian version patch --- ...Version-changes-for-linux-surface-debian-package.patch | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pkg/debian/0001-Version-changes-for-linux-surface-debian-package.patch b/pkg/debian/0001-Version-changes-for-linux-surface-debian-package.patch index 6e6b70b94..5bd67286f 100644 --- a/pkg/debian/0001-Version-changes-for-linux-surface-debian-package.patch +++ b/pkg/debian/0001-Version-changes-for-linux-surface-debian-package.patch @@ -3,6 +3,14 @@ From: Maximilian Luz Date: Sun, 19 Jan 2020 22:50:24 +0100 Subject: [PATCH] Version changes for linux-surface debian package +Rename debian kernel packages so that they do not contain the full version +in the name any more as this allows automated updates via a package +repository. Instead the package name now only contains the $LOCALVERSION +string. + +Also rename libc-dev to allow multiple versions to co-exist in the same +repository. + Signed-off-by: Maximilian Luz --- scripts/package/builddeb | 7 ++++--- From b4203834ee5df354fe59ec801062e88dda619829 Mon Sep 17 00:00:00 2001 From: Maximilian Luz Date: Mon, 20 Jan 2020 14:42:13 +0100 Subject: [PATCH 2/5] Merge fetch and prepare steps for debian package This avoids declaring KERNEL_VERSION multiple times. --- .github/workflows/release.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a8c6699a6..c4e836a24 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -82,7 +82,7 @@ jobs: apt-get -y install build-essential fakeroot rsync git wget python3-debian dpkg-sig lz4 apt-get -y build-dep linux - - name: Fetch kernel source + - name: Prepare kernel source env: KERNEL_VERSION: 5.4.13 run: | @@ -91,13 +91,8 @@ jobs: # download sources wget https://cdn.kernel.org/pub/linux/kernel/v${KERNEL_VERSION%%.*}.x/linux-$KERNEL_VERSION.tar.xz tar xf linux-$KERNEL_VERSION.tar.xz - mv linux-$KERNEL_VERSION linux - - name: Apply patches - env: - KERNEL_VERSION: 5.4.13 - run: | - cd pkg/debian/linux + mv linux-$KERNEL_VERSION linux && cd linux # apply build patches for PATCH in ../*.patch; do patch -p1 < ${PATCH}; done From 145f3538459965af619b6122d595dd3732890fd6 Mon Sep 17 00:00:00 2001 From: Maximilian Luz Date: Mon, 20 Jan 2020 15:12:48 +0100 Subject: [PATCH 3/5] Only run fedora build for testing --- .github/workflows/release.yml | 269 +++++++++++++++++----------------- 1 file changed, 135 insertions(+), 134 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index c4e836a24..a833f2217 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,130 +14,130 @@ env: KEY_NAME: surface-linux jobs: - build-arch: - name: Build Arch Linux Kernel - runs-on: ubuntu-latest - container: archlinux - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Install build dependencies - run: | - # Install makepkg deps - pacman -Sy sudo binutils fakeroot grep base-devel git --noconfirm - - - name: Build - run: | - cd pkg/arch/kernel - - # Fix permissions (can't makepkg as root) - echo "nobody ALL=(ALL) NOPASSWD: /usr/bin/pacman" >> /etc/sudoers - chown -R nobody . - - # Package compression settings (Matches latest Arch) - export PKGEXT='.pkg.tar.zst' - export COMPRESSZST=(zstd -c -T0 --ultra -20 -) - export MAKEFLAGS="-j2" - - # Build - su nobody --pty -p -s /bin/bash -c 'makepkg -f --syncdeps --skippgpcheck --noconfirm' - - - name: Prepare release - run: | - mkdir release - mv pkg/arch/kernel/*.pkg.tar.zst release - - - name: Sign packages - env: - GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }} - run: | - cd release - - # import GPG key - echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes - export GPG_TTY=$(tty) - - # sign packages - ls *.pkg.tar.zst | xargs -L1 gpg --detach-sign --batch --no-tty -u $KEY_ID - - - name: Upload artifacts - uses: actions/upload-artifact@v1 - with: - name: arch-latest - path: release - - build-debian: - name: Build Debian Kernel - runs-on: ubuntu-latest - container: debian:sid - steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Install build dependencies - run: | - sed 's/^deb /deb-src /' /etc/apt/sources.list >> /etc/apt/sources.list - apt-get -y update - apt-get -y install build-essential fakeroot rsync git wget python3-debian dpkg-sig lz4 - apt-get -y build-dep linux - - - name: Prepare kernel source - env: - KERNEL_VERSION: 5.4.13 - run: | - cd pkg/debian - - # download sources - wget https://cdn.kernel.org/pub/linux/kernel/v${KERNEL_VERSION%%.*}.x/linux-$KERNEL_VERSION.tar.xz - tar xf linux-$KERNEL_VERSION.tar.xz - - mv linux-$KERNEL_VERSION linux && cd linux - - # apply build patches - for PATCH in ../*.patch; do patch -p1 < ${PATCH}; done - - # apply surface patches - for PATCH in ../../../patches/${KERNEL_VERSION%.*}/*.patch; do patch -p1 < ${PATCH}; done - - - name: Configure - run: | - cd pkg/debian/linux - - # copy config - cp ../debian.config .config - - # update config - make olddefconfig - - - name: Build - run: | - cd pkg/debian/linux - - export LOCALVERSION="-surface" - make bindeb-pkg -j2 - - - name: Prepare release - run: | - mkdir release - mv pkg/debian/*.deb release - - - name: Sign packages - env: - GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }} - run: | - # import GPG key - echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes - export GPG_TTY=$(tty) - - # sign package - dpkg-sig -g "--batch --no-tty" --sign builder -k $KEY_ID release/*.deb - - - name: Upload artifacts - uses: actions/upload-artifact@v1 - with: - name: debian-latest - path: release +# build-arch: +# name: Build Arch Linux Kernel +# runs-on: ubuntu-latest +# container: archlinux +# steps: +# - name: Checkout code +# uses: actions/checkout@v2 +# +# - name: Install build dependencies +# run: | +# # Install makepkg deps +# pacman -Sy sudo binutils fakeroot grep base-devel git --noconfirm +# +# - name: Build +# run: | +# cd pkg/arch/kernel +# +# # Fix permissions (can't makepkg as root) +# echo "nobody ALL=(ALL) NOPASSWD: /usr/bin/pacman" >> /etc/sudoers +# chown -R nobody . +# +# # Package compression settings (Matches latest Arch) +# export PKGEXT='.pkg.tar.zst' +# export COMPRESSZST=(zstd -c -T0 --ultra -20 -) +# export MAKEFLAGS="-j2" +# +# # Build +# su nobody --pty -p -s /bin/bash -c 'makepkg -f --syncdeps --skippgpcheck --noconfirm' +# +# - name: Prepare release +# run: | +# mkdir release +# mv pkg/arch/kernel/*.pkg.tar.zst release +# +# - name: Sign packages +# env: +# GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }} +# run: | +# cd release +# +# # import GPG key +# echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes +# export GPG_TTY=$(tty) +# +# # sign packages +# ls *.pkg.tar.zst | xargs -L1 gpg --detach-sign --batch --no-tty -u $KEY_ID +# +# - name: Upload artifacts +# uses: actions/upload-artifact@v1 +# with: +# name: arch-latest +# path: release +# +# build-debian: +# name: Build Debian Kernel +# runs-on: ubuntu-latest +# container: debian:sid +# steps: +# - name: Checkout code +# uses: actions/checkout@v2 +# +# - name: Install build dependencies +# run: | +# sed 's/^deb /deb-src /' /etc/apt/sources.list >> /etc/apt/sources.list +# apt-get -y update +# apt-get -y install build-essential fakeroot rsync git wget python3-debian dpkg-sig lz4 +# apt-get -y build-dep linux +# +# - name: Prepare kernel source +# env: +# KERNEL_VERSION: 5.4.13 +# run: | +# cd pkg/debian +# +# # download sources +# wget https://cdn.kernel.org/pub/linux/kernel/v${KERNEL_VERSION%%.*}.x/linux-$KERNEL_VERSION.tar.xz +# tar xf linux-$KERNEL_VERSION.tar.xz +# +# mv linux-$KERNEL_VERSION linux && cd linux +# +# # apply build patches +# for PATCH in ../*.patch; do patch -p1 < ${PATCH}; done +# +# # apply surface patches +# for PATCH in ../../../patches/${KERNEL_VERSION%.*}/*.patch; do patch -p1 < ${PATCH}; done +# +# - name: Configure +# run: | +# cd pkg/debian/linux +# +# # copy config +# cp ../debian.config .config +# +# # update config +# make olddefconfig +# +# - name: Build +# run: | +# cd pkg/debian/linux +# +# export LOCALVERSION="-surface" +# make bindeb-pkg -j2 +# +# - name: Prepare release +# run: | +# mkdir release +# mv pkg/debian/*.deb release +# +# - name: Sign packages +# env: +# GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }} +# run: | +# # import GPG key +# echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes +# export GPG_TTY=$(tty) +# +# # sign package +# dpkg-sig -g "--batch --no-tty" --sign builder -k $KEY_ID release/*.deb +# +# - name: Upload artifacts +# uses: actions/upload-artifact@v1 +# with: +# name: debian-latest +# path: release build-fedora: name: Build Fedora Kernel @@ -187,18 +187,19 @@ jobs: release: name: Publish release - needs: [build-arch, build-debian] +# needs: [build-arch, build-debian] + needs: [build-fedora] runs-on: ubuntu-latest steps: - - name: Download Arch Linux artifacts - uses: actions/download-artifact@v1 - with: - name: arch-latest - - - name: Download Debian artifacts - uses: actions/download-artifact@v1 - with: - name: debian-latest +# - name: Download Arch Linux artifacts +# uses: actions/download-artifact@v1 +# with: +# name: arch-latest +# +# - name: Download Debian artifacts +# uses: actions/download-artifact@v1 +# with: +# name: debian-latest - name: Download Fedora artifacts uses: actions/download-artifact@v1 From 2698827661e16039de4f9e430fafdcacdb25cc5a Mon Sep 17 00:00:00 2001 From: Dorian Stoll Date: Mon, 20 Jan 2020 16:50:53 +0100 Subject: [PATCH 4/5] Disable debugging symbols for fedora Signed-off-by: Dorian Stoll --- pkg/fedora/kernel-surface/fedora.config | 5 +++++ pkg/fedora/kernel-surface/kernel-surface.spec | 14 ++++++++------ 2 files changed, 13 insertions(+), 6 deletions(-) create mode 100644 pkg/fedora/kernel-surface/fedora.config diff --git a/pkg/fedora/kernel-surface/fedora.config b/pkg/fedora/kernel-surface/fedora.config new file mode 100644 index 000000000..d309117d8 --- /dev/null +++ b/pkg/fedora/kernel-surface/fedora.config @@ -0,0 +1,5 @@ +# +# Forcefully disable debug symbols +# + +# CONFIG_DEBUG_INFO is not set diff --git a/pkg/fedora/kernel-surface/kernel-surface.spec b/pkg/fedora/kernel-surface/kernel-surface.spec index 88af19e9c..985d042d3 100755 --- a/pkg/fedora/kernel-surface/kernel-surface.spec +++ b/pkg/fedora/kernel-surface/kernel-surface.spec @@ -72,9 +72,10 @@ BuildConflicts: rhbuildsys(DiskFree) < 500Mb Source0: %{fedora_source}/snapshot/fedora-%{kernel_tag}.tar.gz Source1: %{config_source}/%{kernel_patches}/surface.config +Source2: fedora.config -Source2: %{sb_crt} -Source3: %{sb_key} +Source20: %{sb_crt} +Source21: %{sb_key} Source100: mod-sign.sh Source101: parallel_xz.sh @@ -114,15 +115,16 @@ against the kernel-surface package. scripts/kconfig/merge_config.sh \ fedora/configs/%{kernel_config} \ - %{SOURCE1} + %{SOURCE1} \ + %{SOURCE2} echo $((%{kernel_release} - 1)) > .version # Copy secureboot certificates if they are available -if [ -f "%{SOURCE2}" ] && [ -f "%{SOURCE3}" ]; then +if [ -f "%{SOURCE20}" ] && [ -f "%{SOURCE21}" ]; then mkdir -p keys - cp %{SOURCE2} keys/MOK.crt - cp %{SOURCE3} keys/MOK.key + cp %{SOURCE20} keys/MOK.crt + cp %{SOURCE21} keys/MOK.key fi # This Prevents scripts/setlocalversion from mucking with our version numbers. From f7d8cb46a8b7812eab7492dd20ec382282b3f467 Mon Sep 17 00:00:00 2001 From: Maximilian Luz Date: Mon, 20 Jan 2020 22:09:54 +0100 Subject: [PATCH 5/5] Re-enable Arch and Debian builds --- .github/workflows/release.yml | 269 +++++++++++++++++----------------- 1 file changed, 134 insertions(+), 135 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index a833f2217..c4e836a24 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,130 +14,130 @@ env: KEY_NAME: surface-linux jobs: -# build-arch: -# name: Build Arch Linux Kernel -# runs-on: ubuntu-latest -# container: archlinux -# steps: -# - name: Checkout code -# uses: actions/checkout@v2 -# -# - name: Install build dependencies -# run: | -# # Install makepkg deps -# pacman -Sy sudo binutils fakeroot grep base-devel git --noconfirm -# -# - name: Build -# run: | -# cd pkg/arch/kernel -# -# # Fix permissions (can't makepkg as root) -# echo "nobody ALL=(ALL) NOPASSWD: /usr/bin/pacman" >> /etc/sudoers -# chown -R nobody . -# -# # Package compression settings (Matches latest Arch) -# export PKGEXT='.pkg.tar.zst' -# export COMPRESSZST=(zstd -c -T0 --ultra -20 -) -# export MAKEFLAGS="-j2" -# -# # Build -# su nobody --pty -p -s /bin/bash -c 'makepkg -f --syncdeps --skippgpcheck --noconfirm' -# -# - name: Prepare release -# run: | -# mkdir release -# mv pkg/arch/kernel/*.pkg.tar.zst release -# -# - name: Sign packages -# env: -# GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }} -# run: | -# cd release -# -# # import GPG key -# echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes -# export GPG_TTY=$(tty) -# -# # sign packages -# ls *.pkg.tar.zst | xargs -L1 gpg --detach-sign --batch --no-tty -u $KEY_ID -# -# - name: Upload artifacts -# uses: actions/upload-artifact@v1 -# with: -# name: arch-latest -# path: release -# -# build-debian: -# name: Build Debian Kernel -# runs-on: ubuntu-latest -# container: debian:sid -# steps: -# - name: Checkout code -# uses: actions/checkout@v2 -# -# - name: Install build dependencies -# run: | -# sed 's/^deb /deb-src /' /etc/apt/sources.list >> /etc/apt/sources.list -# apt-get -y update -# apt-get -y install build-essential fakeroot rsync git wget python3-debian dpkg-sig lz4 -# apt-get -y build-dep linux -# -# - name: Prepare kernel source -# env: -# KERNEL_VERSION: 5.4.13 -# run: | -# cd pkg/debian -# -# # download sources -# wget https://cdn.kernel.org/pub/linux/kernel/v${KERNEL_VERSION%%.*}.x/linux-$KERNEL_VERSION.tar.xz -# tar xf linux-$KERNEL_VERSION.tar.xz -# -# mv linux-$KERNEL_VERSION linux && cd linux -# -# # apply build patches -# for PATCH in ../*.patch; do patch -p1 < ${PATCH}; done -# -# # apply surface patches -# for PATCH in ../../../patches/${KERNEL_VERSION%.*}/*.patch; do patch -p1 < ${PATCH}; done -# -# - name: Configure -# run: | -# cd pkg/debian/linux -# -# # copy config -# cp ../debian.config .config -# -# # update config -# make olddefconfig -# -# - name: Build -# run: | -# cd pkg/debian/linux -# -# export LOCALVERSION="-surface" -# make bindeb-pkg -j2 -# -# - name: Prepare release -# run: | -# mkdir release -# mv pkg/debian/*.deb release -# -# - name: Sign packages -# env: -# GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }} -# run: | -# # import GPG key -# echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes -# export GPG_TTY=$(tty) -# -# # sign package -# dpkg-sig -g "--batch --no-tty" --sign builder -k $KEY_ID release/*.deb -# -# - name: Upload artifacts -# uses: actions/upload-artifact@v1 -# with: -# name: debian-latest -# path: release + build-arch: + name: Build Arch Linux Kernel + runs-on: ubuntu-latest + container: archlinux + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Install build dependencies + run: | + # Install makepkg deps + pacman -Sy sudo binutils fakeroot grep base-devel git --noconfirm + + - name: Build + run: | + cd pkg/arch/kernel + + # Fix permissions (can't makepkg as root) + echo "nobody ALL=(ALL) NOPASSWD: /usr/bin/pacman" >> /etc/sudoers + chown -R nobody . + + # Package compression settings (Matches latest Arch) + export PKGEXT='.pkg.tar.zst' + export COMPRESSZST=(zstd -c -T0 --ultra -20 -) + export MAKEFLAGS="-j2" + + # Build + su nobody --pty -p -s /bin/bash -c 'makepkg -f --syncdeps --skippgpcheck --noconfirm' + + - name: Prepare release + run: | + mkdir release + mv pkg/arch/kernel/*.pkg.tar.zst release + + - name: Sign packages + env: + GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }} + run: | + cd release + + # import GPG key + echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes + export GPG_TTY=$(tty) + + # sign packages + ls *.pkg.tar.zst | xargs -L1 gpg --detach-sign --batch --no-tty -u $KEY_ID + + - name: Upload artifacts + uses: actions/upload-artifact@v1 + with: + name: arch-latest + path: release + + build-debian: + name: Build Debian Kernel + runs-on: ubuntu-latest + container: debian:sid + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Install build dependencies + run: | + sed 's/^deb /deb-src /' /etc/apt/sources.list >> /etc/apt/sources.list + apt-get -y update + apt-get -y install build-essential fakeroot rsync git wget python3-debian dpkg-sig lz4 + apt-get -y build-dep linux + + - name: Prepare kernel source + env: + KERNEL_VERSION: 5.4.13 + run: | + cd pkg/debian + + # download sources + wget https://cdn.kernel.org/pub/linux/kernel/v${KERNEL_VERSION%%.*}.x/linux-$KERNEL_VERSION.tar.xz + tar xf linux-$KERNEL_VERSION.tar.xz + + mv linux-$KERNEL_VERSION linux && cd linux + + # apply build patches + for PATCH in ../*.patch; do patch -p1 < ${PATCH}; done + + # apply surface patches + for PATCH in ../../../patches/${KERNEL_VERSION%.*}/*.patch; do patch -p1 < ${PATCH}; done + + - name: Configure + run: | + cd pkg/debian/linux + + # copy config + cp ../debian.config .config + + # update config + make olddefconfig + + - name: Build + run: | + cd pkg/debian/linux + + export LOCALVERSION="-surface" + make bindeb-pkg -j2 + + - name: Prepare release + run: | + mkdir release + mv pkg/debian/*.deb release + + - name: Sign packages + env: + GPG_KEY: ${{ secrets.GITHUB_GPG_KEY }} + run: | + # import GPG key + echo "$GPG_KEY" | base64 -d | gpg --import --no-tty --batch --yes + export GPG_TTY=$(tty) + + # sign package + dpkg-sig -g "--batch --no-tty" --sign builder -k $KEY_ID release/*.deb + + - name: Upload artifacts + uses: actions/upload-artifact@v1 + with: + name: debian-latest + path: release build-fedora: name: Build Fedora Kernel @@ -187,19 +187,18 @@ jobs: release: name: Publish release -# needs: [build-arch, build-debian] - needs: [build-fedora] + needs: [build-arch, build-debian] runs-on: ubuntu-latest steps: -# - name: Download Arch Linux artifacts -# uses: actions/download-artifact@v1 -# with: -# name: arch-latest -# -# - name: Download Debian artifacts -# uses: actions/download-artifact@v1 -# with: -# name: debian-latest + - name: Download Arch Linux artifacts + uses: actions/download-artifact@v1 + with: + name: arch-latest + + - name: Download Debian artifacts + uses: actions/download-artifact@v1 + with: + name: debian-latest - name: Download Fedora artifacts uses: actions/download-artifact@v1