From: Justin M. Forbes on gitlab.com
Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2907
NOTE: Truncated patchset since committer email 'scweaver(a)redhat.com'
does not match the submitter's GitLab public email address
'jforbes(a)fedoraproject.org'.
When kernel-tools was split out to a separate package in Fedora, it was due to
several factors. Most of those issues have been mitigated in other ways, and
there are advantages to building tools with the kernel build. Let's turn on
tools for Fedora. To do so, we need to add the libperf packages, but this
enables them for Fedora only.
It is worth noting that the Fedora package for bpftool will retain the
upstream kernel versioning. This is because the bpftool versioning scheme is
incompatible with the stable Fedora process.
---
redhat/kernel.spec.template | 78 ++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 74 insertions(+), 4 deletions(-)
From: Don Zickus <dzickus(a)redhat.com>
Add new os-build targets: rt-devel and automotive-devel
This is an attempt to automate the rt and automotive devel branches
using the upstream linux-rt-devel tree as the base combined with
os-build.
The overall process isn't too complicated but there are enough steps to
make it compilicated.
Steps:
* map upstream linux-rt-devel to master-rt branch
* update os-build
* grab linux version from master-rt and os-build
* if version the same then merge os-build and master-rt to
os-build-rt-automated
* else merge tag kernel-N.V.0-0 and master-rt to os-build-rt-automated until
master-rt is update to os-build
* merge os-build-rt-automated into os-build-rt-devel
* merge os-build-rt-automated into os-build-automotive-devel
* run the generate pending-rhel config scripts on rt-devel and
automotive-devel
The script has beginning logic to handle rebasing if necessary when the
rt-devel branch transitions from os-build-stable (linux-stable) to linux
master again.
NOTE: The script uses kernel-N.V.0-0 which is rebased after os-build
linux-x.y GA is created but before linux-x.y+1 pre-rc1 merges happen.
The reason for this is because linux-stable-x.y doesn't exist until
linux-x.y+1-rc1 exists thus leaving linux-stable-x.y-1 in the meantime.
An awkward gap exists, use kernel-N.V.0-0 as the base.
The script has no effect on the day-to-day operations of os-build. They
are designed to be run from a gitlab cron job and update in the
background. Once they are deemed stable, adding ARK MRs that target
either os-build-rt-devel or os-build-automotive-devel will be possible
and those branches can start proper parallel developement with os-build.
Cleanup namespace pollution because shellcheck doesn't like 'local'.
Signed-off-by: Don Zickus <dzickus(a)redhat.com>
diff --git a/redhat/scripts/ci/ark-ci-env.sh b/redhat/scripts/ci/ark-ci-env.sh
index blahblah..blahblah 100644
--- a/redhat/scripts/ci/ark-ci-env.sh
+++ b/redhat/scripts/ci/ark-ci-env.sh
@@ -8,24 +8,188 @@ die()
ci_pre_check()
{
- if test -n "${TO_PUSH}"; then
- if test -z "${GITLAB_PROJECT_URL}" || test -z "$GITLAB_PROJECT_PUSHURL"; then
- echo "To enable git-push, please run:"
- echo "git remote add gitlab <url>"
- echo "git remote set-url --push gitlab <pushurl>"
+ if test -z "${GITLAB_PROJECT_URL}" || test -z "$GITLAB_PROJECT_PUSHURL"; then
+ echo "To enable git-push, please run:"
+ echo "git remote add gitlab <url>"
+ echo "git remote set-url --push gitlab <pushurl>"
+ if test -n "${TO_PUSH}"; then
die "Misconfigured 'gitlab' entry for git"
fi
fi
git diff-index --quiet HEAD || die "Dirty tree, please clean before merging."
}
+# wrapper around branches that may not be exist yet
+ark_git_branch()
+{
+ _target_branch="$1"
+ _source_branch="$2"
+
+ # switch to branch if it exists otherwise create and set to source
+ # branch
+ git show-ref -q --heads "$_target_branch" || \
+ git branch "$_target_branch" "$_source_branch"
+}
+
+# GitLab can only mirror one project at a time. This wrapper function does
+# the mirroring for any other branches.
+ark_git_mirror()
+{
+ target_branch="$1"
+ upstream_tree="$2"
+ source_branch="$3"
+ reset_branch="$4"
+
+ prev_branch="$(git rev-parse --abbrev-ref HEAD)"
+ remote_branch="$upstream_tree/$source_branch"
+ ark_git_branch "$target_branch" "$remote_branch"
+ git checkout "$target_branch"
+ git fetch "$upstream_tree" "$source_branch"
+ if test -z "$reset_branch"; then
+ git merge "$remote_branch" || die "git merge $remote_branch failed"
+ else
+ git reset --hard "$remote_branch" || die "git reset $remote_branch failed"
+ fi
+ git checkout "$prev_branch"
+}
+
+# Merge wrapper in case issues arise
+ark_git_merge()
+{
+ source_branch="$1"
+ target_branch="$2"
+ reset_branch="$3"
+
+ prev_branch="$(git rev-parse --abbrev-ref HEAD)"
+ ark_git_branch "$target_branch" "$source_branch"
+ git checkout "$target_branch"
+ if test -n "$reset_branch"; then
+ # there are cases when the initial merge is a reset
+ git reset --hard "$source_branch" || die "git reset $source_branch failed"
+ elif ! git merge -m "Merge '$source_branch' into '$target_branch'" "$source_branch"; then
+ git merge --abort
+ printf "Merge conflict; halting!\n"
+ printf "To reproduce:\n"
+ printf "* git checkout %s\n" "${target_branch}"
+ printf "* git merge %s\n" "${source_branch}"
+ die "Merge conflicts"
+ fi
+
+ git checkout "$prev_branch"
+ return 0
+}
+
+ark_git_rebase()
+{
+ rebase_branch="$1"
+ _upstream="$2"
+ _base="$3"
+
+ prev_branch="$(git rev-parse --abbrev-ref HEAD)"
+ git checkout "${rebase_branch}"
+ if ! git rebase --onto "$_base" "$_upstream"; then
+ git rebase --abort
+ printf "Rebase conflict; halting!\n"
+ printf "To reproduce:\n"
+ printf "* git checkout %s\n" "${rebase_branch}"
+ printf "* git rebase --onto %s %s\n" "${_base}" "${_upstream}"
+ die "Rebase conflicts"
+ fi
+ git checkout "$prev_branch"
+ return 0
+}
+
+ark_update_configs()
+{
+ config_branch="$1"
+ skip_configs="$2"
+
+ prev_branch="$(git rev-parse --abbrev-ref HEAD)"
+ git checkout "${config_branch}"
+
+ # Generates and commits all the pending configs
+ make -j FLAVOR=fedora dist-configs-commit
+ # Skip executing gen_config_patches.sh for new Fedora configs
+
+ old_head="$(git rev-parse HEAD)"
+ make -j FLAVOR=rhel dist-configs-commit
+ new_head="$(git rev-parse HEAD)"
+
+
+ # Converts each new pending config from above into its finalized git
+ # configs/<date>/<config> config_branch. These commits are used for Merge
+ # Requests.
+ [ "$old_head" != "$new_head" ] && CONFIGS_ADDED="1" || CONFIGS_ADDED=""
+
+ if test "$CONFIGS_ADDED"; then
+ if test -z "$skip_configs"; then
+ git checkout "$prev_branch"
+ ./redhat/scripts/genspec/gen_config_patches.sh "$config_branch"
+ fi
+ else
+ printf "No new configuration values exposed from "
+ printf "merging %s into $BRANCH\n" "$UPSTREAM_REF"
+ fi
+
+ git checkout "$prev_branch"
+ test -z "$CONFIGS_ADDED" && return 0 || return 1
+}
+
+ark_push_changes()
+{
+ push_branch="$1"
+ skip_configs="$2"
+
+ prev_branch="$(git rev-parse --abbrev-ref HEAD)"
+ git checkout "${push_branch}"
+
+ TMPFILE=".push-warnings"
+ touch "$TMPFILE"
+
+ test "$TO_PUSH" && PUSH_VERB="Pushing" || PUSH_VERB="To push"
+ PUSH_STR="branch ${push_branch} to ${GITLAB_URL}"
+ PUSH_CMD="git push gitlab ${push_branch}"
+ PUSH_CONFIG_STR="config update branches"
+ PUSH_CONFIG_CMD="for conf_branch in \$(git branch | grep configs/${push_branch}/\"\$(date +%F)\"); do
+ git push \\
+ -o merge_request.create \\
+ -o merge_request.target=\"$push_branch\" \\
+ -o merge_request.remove_source_branch \\
+ gitlab \"\$conf_branch\" 2>&1 | tee -a $TMPFILE
+ done
+ "
+
+ #Push push_branch
+ echo "# $PUSH_VERB $PUSH_STR"
+ echo "$PUSH_CMD"
+ test "$TO_PUSH" && eval "$PUSH_CMD"
+
+ #Push config branches if created
+ if test -z "$skip_configs"; then
+ echo
+ echo "# $PUSH_VERB $PUSH_CONFIG_STR"
+ echo "$PUSH_CONFIG_CMD"
+ test "$TO_PUSH" && eval "$PUSH_CONFIG_CMD"
+ fi
+
+ # GitLab server side warnings do not fail git-push but leave verbose
+ # WARNING messages. Grep for those and consider it a script
+ # failure. Make sure all push_branches are pushed first as follow up
+ # git-pushes may succeed.
+ grep -q "remote:[ ]* WARNINGS" "$TMPFILE" && die "Server side warnings"
+
+ rm "$TMPFILE"
+ git checkout "$prev_branch"
+ return 0
+}
+
# Common variables for all CI scripts
UPSTREAM_REF=${1:-"master"}
BRANCH=${2:-"os-build"}
PROJECT_ID=${PROJECT_ID:-"13604247"}
TO_PUSH=${DIST_PUSH:-""}
-GITLAB_PROJECT_URL="$(git remote get-url gitlab 2>/dev/null)"
-GITLAB_PROJECT_PUSHURL="$(git config --get remote.gitlab.pushurl 2>/dev/null)"
+GITLAB_PROJECT_URL="$(git remote get-url gitlab 2>/dev/null)" || true
+GITLAB_PROJECT_PUSHURL="$(git config --get remote.gitlab.pushurl 2>/dev/null)" || true
ci_pre_check
diff --git a/redhat/scripts/ci/ark-merge-rt.sh b/redhat/scripts/ci/ark-merge-rt.sh
new file mode 100755
index blahblah..blahblah 100755
--- /dev/null
+++ b/redhat/scripts/ci/ark-merge-rt.sh
@@ -0,0 +1,173 @@
+#!/bin/bash
+#
+# This script is intended to sync up the RT and automotive branch (derivative
+# of RT). It adds the extra twist of detecting the right upstream rt branch
+# to sync with depending on the existance of the next branch. Sometimes the
+# rt-devel branch waits until -rc1/2 to create new branches.
+# Finally the code handles the rebases in those cases where newer branches
+# are available.
+#
+# Why the complexity?
+# Development branches will need to be periodically rebased unfortunately.
+# Using 'git rebase --onto <new head> <old_head>' only works with one common
+# branch to rebase from not two. Meanwhile, the -devel branches are formed
+# from two upstream branches, os-build and linux-rt-devel. The idea is
+# to merge the two branches into a single throwaway branch that can be
+# recreated from scratch anytime then use that as the base for -devel.
+
+set -e
+
+# source common CI functions and variables
+# shellcheck disable=SC1091
+. "$(dirname "$0")"/ark-ci-env.sh
+
+#Upstream RT tree git://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-rt-devel.git
+UPSTREAM_RT_TREE_URL="git://git.kernel.org/pub/scm/linux/kernel/git/rt/linux-rt-devel.git"
+UPSTREAM_RT_TREE_NAME="linux-rt-devel"
+DOWNSTREAM_RT_BRANCH="master-rt-devel"
+RT_AUTOMATED_BRANCH="os-build-rt-automated"
+RT_DEVEL_BRANCH="os-build-rt-devel"
+AUTOMOTIVE_DEVEL_BRANCH="os-build-automotive-devel"
+
+# verify git remote rt is setup
+if ! git remote get-url "$UPSTREAM_RT_TREE_NAME" 2>/dev/null; then
+ die "Please 'git remote add linux-rt-devel $UPSTREAM_RT_TREE_URL'"
+fi
+
+# grab the os-build base branches
+ark_git_mirror "os-build" "origin" "os-build"
+ark_git_mirror "master" "origin" "master"
+
+# make sure tags are available for git-describe to correctly work
+git fetch -t origin
+
+# upstream -rt devel branches are aligned with version numbers and are not
+# always up to date with master. Figure out which branch to mirror based on
+# version number and existance. We may have to trigger a rebase.
+
+# what are the current versions of rt-devel and os-build (use 'master' to
+# avoid fedora tagging of kernel-X.Y.0.0.....)
+# use git tags which are always 'vX.Y-rcZ-aaa-gbbbbb' or 'vX.Y-aaa-gbbbbb'
+# where X.Y is the version number that maps to linux-rt's branch of
+# 'linux-X.Y.y'
+get_upstream_version()
+{
+ branch=$1
+ upstream="master"
+
+ # Thanks to pre-rc1 merging, we have a 2 week window with an
+ # incorrect version number. Detect and correct.
+ mergebase="$(git merge-base "$branch" "$upstream")"
+ raw_version="$(git describe "$mergebase")"
+ version="$(git show "$branch":Makefile | sed -ne '/^VERSION\ =\ /{s///;p;q}')"
+ patchlevel="$(git show "$branch":Makefile | sed -ne '/^PATCHLEVEL\ =\ /{s///;p;q}')"
+ kver="${version}.${patchlevel}"
+
+ #-rc indicates no tricks necessary, return version
+ if echo "${raw_version}" | grep -q -- "-rc"; then
+ echo "$kver"
+ return
+ fi
+
+ #if -gXXX is _not_ there, must be a GA release, use version
+ if ! echo "${raw_version}" | grep -q -- "-g"; then
+ echo "$kver"
+ return
+ fi
+
+ #must be a post tag release with -g but not -rcX, IOW an rc0.
+ #Add a 1 to the version number
+ echo "${version}.$((patchlevel + 1))"
+}
+
+# To handle missing branches, precalculate previous kernel versions to fetch
+get_prev_version()
+{
+ version_str=$1
+
+ version="$(echo "$version_str" | cut -c1)"
+ patchlevel="$(echo "$version_str" | cut -c3)"
+
+ echo "${version}.$((patchlevel - 1))"
+}
+
+OS_BUILD_VER="$(get_upstream_version os-build)"
+OS_BUILD_VER_prev="$(get_prev_version "$OS_BUILD_VER")"
+
+# check latest upstream RT branch
+if git fetch -q "$UPSTREAM_RT_TREE_NAME" "linux-${OS_BUILD_VER}.y-rt"; then
+ UPSTREAM_RT_DEVEL_VER="${OS_BUILD_VER}"
+elif git fetch -q "$UPSTREAM_RT_TREE_NAME" "linux-${OS_BUILD_VER_prev}.y-rt"; then
+ UPSTREAM_RT_DEVEL_VER="${OS_BUILD_VER_prev}"
+else
+ die "Neither version ($OS_BUILD_VER, $OS_BUILD_VER_prev) in upstream tree: $UPSTREAM_RT_TREE_NAME"
+fi
+
+# verify the core branches exist or use provided defaults
+UPSTREAM_RT_DEVEL_BRANCH="linux-${UPSTREAM_RT_DEVEL_VER}.y-rt"
+ark_git_branch "$DOWNSTREAM_RT_BRANCH" "$UPSTREAM_RT_TREE_NAME/$UPSTREAM_RT_DEVEL_BRANCH"
+ark_git_branch "$RT_AUTOMATED_BRANCH" "$UPSTREAM_RT_TREE_NAME/$UPSTREAM_RT_DEVEL_BRANCH"
+ark_git_branch "$RT_DEVEL_BRANCH" "$UPSTREAM_RT_TREE_NAME/$UPSTREAM_RT_DEVEL_BRANCH"
+ark_git_branch "$AUTOMOTIVE_DEVEL_BRANCH" "$UPSTREAM_RT_TREE_NAME/$UPSTREAM_RT_DEVEL_BRANCH"
+
+MASTER_RT_DEVEL_VER="$(get_upstream_version "$DOWNSTREAM_RT_BRANCH")"
+RT_AUTOMATED_VER="$(get_upstream_version $RT_AUTOMATED_BRANCH)"
+RT_DEVEL_VER="$(get_upstream_version $RT_DEVEL_BRANCH)"
+AUTOMOTIVE_DEVEL_VER="$(get_upstream_version $AUTOMOTIVE_DEVEL_BRANCH)"
+
+OS_BUILD_BASE_BRANCH="os-build"
+RT_REBASE=""
+
+if test "$UPSTREAM_RT_DEVEL_VER" != "$OS_BUILD_VER"; then
+ # no newer upstream branch to rebase onto, continue with an
+ # os-build stable tag
+ OS_BUILD_BASE_BRANCH="kernel-${MASTER_RT_DEVEL_VER}.0-0"
+fi
+
+# sanity check, sometimes broken scripts leave a mess
+if test "$MASTER_RT_DEVEL_VER" != "$UPSTREAM_RT_DEVEL_VER" -o \
+ "$MASTER_RT_DEVEL_VER" != "$RT_AUTOMATED_VER" -o \
+ "$MASTER_RT_DEVEL_VER" != "$RT_DEVEL_VER" -o \
+ "$MASTER_RT_DEVEL_VER" != "$AUTOMOTIVE_DEVEL_VER"; then
+ # rebase time
+ RT_REBASE="yes"
+fi
+
+## PREP the upstream branches
+# on a rebase, propogate all the git resets
+# fetch the determined rt-devel branch
+ark_git_mirror "$DOWNSTREAM_RT_BRANCH" "$UPSTREAM_RT_TREE_NAME" "$UPSTREAM_RT_DEVEL_BRANCH" "$RT_REBASE"
+# finally merge the two correct branches
+ark_git_merge "$OS_BUILD_BASE_BRANCH" "$RT_AUTOMATED_BRANCH" "$RT_REBASE"
+ark_git_merge "$DOWNSTREAM_RT_BRANCH" "$RT_AUTOMATED_BRANCH"
+
+## MERGE the upstream branches to the development branches
+if test -n "$RT_REBASE"; then
+ # handle the rebase
+ # rebases usually go from prev version to new version
+ # rebuild the prev merge base in case the previous automated one is
+ # corrupted.
+ prev_branch="$(git rev-parse --abbrev-ref HEAD)"
+ temp_branch="_temp_rt_devel_$(date +%F)"
+ git branch -D "$temp_branch" 2>/dev/null
+ git checkout -b "$temp_branch" "kernel-${OS_BUILD_VER_prev}.0-0"
+ git merge "$UPSTREAM_RT_TREE_NAME/linux-${OS_BUILD_VER_prev}.y-rt"
+ git checkout "$prev_branch"
+ ark_git_rebase "$RT_DEVEL_BRANCH" "$temp_branch" "$RT_AUTOMATED_BRANCH"
+ ark_git_rebase "$AUTOMOTIVE_DEVEL_BRANCH" "$temp_branch" "$RT_AUTOMATED_BRANCH"
+ git branch -D "$temp_branch"
+fi
+
+## Build -rt-devel branch, generate pending-rhel configs
+ark_git_merge "$RT_AUTOMATED_BRANCH" "$RT_DEVEL_BRANCH"
+# don't care if configs were added or not hence '|| true'
+ark_update_configs "$RT_DEVEL_BRANCH" || true
+# skip pushing config update MRs, keep them in pending-rhel
+ark_push_changes "$RT_DEVEL_BRANCH" "skip"
+
+## Build -automotive-devel branch, generate pending-rhel configs
+ark_git_merge "$RT_AUTOMATED_BRANCH" "$AUTOMOTIVE_DEVEL_BRANCH"
+# don't care if configs were added or not hence '|| true'
+ark_update_configs "$AUTOMOTIVE_DEVEL_BRANCH" || true
+# skip pushing config update MRs, keep them in pending-rhel
+ark_push_changes "$AUTOMOTIVE_DEVEL_BRANCH" "skip"
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2732
From: Justin M. Forbes on gitlab.com
Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2907
When kernel-tools was split out to a separate package in Fedora, it was due to
several factors. Most of those issues have been mitigated in other ways, and
there are advantages to building tools with the kernel build. Let's turn on
tools for Fedora. To do so, we need to add the libperf packages, but this
enables them for Fedora only.
It is worth noting that the Fedora package for bpftool will retain the
upstream kernel versioning. This is because the bpftool versioning scheme is
incompatible with the stable Fedora process.
---
redhat/kernel.spec.template | 78 ++++++++++++++++++++++++++++++++++++++++++--
1 files changed, 74 insertions(+), 4 deletions(-)
From: Artem Savkov on gitlab.com
Merge Request: https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2884
Forwardport from rhel9.
Bugzilla: http://bugzilla.redhat.com/2120968
Upstream status: RHEL-only
With the latest toolchain update build fails due to libbpf missing
btf enum64 support. 5.19 update contains libbpf update but the spec
uses buildroot's (old) bpftool.
Switch to use the just-built bpftool.
The snippet cannot be moved below bpftool build since vmlinux.h is
needed to build_tools.
Credits to Felix Maurer <fmaurer(a)redhat.com>
Signed-off-by: Yauheni Kaliuta <ykaliuta(a)redhat.com>
---
redhat/kernel.spec.template | 11 ++++++-----
1 files changed, 6 insertions(+), 5 deletions(-)
From: Emanuele Giuseppe Esposito <eesposit(a)redhat.com>
redhat/kernel.spec: add uki_addons to create UKI kernel cmdline addons
Upstream Status: RHEL-Only
By defininig an addon in uki_cmdline_addons.conf, the script
uki_addons.py will automatically create an UKI addon to be shipped
together in the same package.
For additional info on how to format uki_cmdline_addons.conf, check
uki_addons.py head comment.
Signed-off-by: Emanuele Giuseppe Esposito <eesposit(a)redhat.com>
diff --git a/redhat/Makefile b/redhat/Makefile
index blahblah..blahblah 100644
--- a/redhat/Makefile
+++ b/redhat/Makefile
@@ -690,6 +690,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check
scripts/mod/mod-partner.list \
scripts/mod/mod-sign.sh \
scripts/mod/mod-kvm.list \
+ scripts/uki_addons.py \
configs/flavors \
configs/generate_all_configs.sh \
configs/merge.py \
@@ -698,6 +699,7 @@ sources-rh: $(TARBALL) generate-testpatch-tmp setup-source dist-configs-check
README.rst \
kernel-local \
dracut-virt.conf \
+ uki_cmdline_addons.conf \
$(SOURCES)/
@cat $$(ls -1 $(SPECPACKAGE_NAME).changelog-* | sort -t '.' -k 3 -n -r) \
> $(SOURCES)/kernel.changelog
diff --git a/redhat/kernel.spec.template b/redhat/kernel.spec.template
index blahblah..blahblah 100644
--- a/redhat/kernel.spec.template
+++ b/redhat/kernel.spec.template
@@ -792,6 +792,8 @@ BuildRequires: binutils
BuildRequires: lvm2
BuildRequires: systemd-boot-unsigned
# For systemd-stub and systemd-pcrphase
+BuildRequires: systemd-ukify
+# For UKI kernel cmdline addons
BuildRequires: systemd-udev >= 252-1
# For TPM operations in UKI initramfs
BuildRequires: tpm2-tools
@@ -933,6 +935,9 @@ Source86: dracut-virt.conf
Source87: flavors
+Source151: uki_addons.py
+Source152: uki_cmdline_addons.conf
+
Source100: rheldup3.x509
Source101: rhelkpatch1.x509
@@ -2537,6 +2542,15 @@ BuildKernel() {
fi
mv $KernelUnifiedImage.signed $KernelUnifiedImage
+ KernelAddonsDir="$KernelUnifiedImageDir/addons"
+ mkdir -p $KernelAddonsDir
+ python3 %{SOURCE151} %{SOURCE152} $KernelAddonsDir
+ for addon in "$KernelAddonsDir"/*; do
+ %pesign -s -i $addon -o $addon.signed -a %{secureboot_ca_1} -c %{secureboot_key_1} -n %{pesign_name_1}
+ rm -f $addon
+ mv $addon.signed $addon
+ done
+
# signkernel
%endif
@@ -3692,6 +3706,7 @@ fi\
/lib/modules/%{KVERREL}%{?3:+%{3}}/config\
/lib/modules/%{KVERREL}%{?3:+%{3}}/modules.builtin*\
%attr(0644, root, root) /lib/modules/%{KVERREL}%{?3:+%{3}}/%{?-k:%{-k*}}%{!?-k:vmlinuz}-virt.efi\
+/lib/modules/%{KVERREL}%{?3:+%{3}}/addons/*.addon.efi\
%ghost /%{image_install_path}/efi/EFI/Linux/%{?-k:%{-k*}}%{!?-k:*}-%{KVERREL}%{?3:+%{3}}.efi\
%endif\
%endif\
diff --git a/redhat/scripts/uki_addons.py b/redhat/scripts/uki_addons.py
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/scripts/uki_addons.py
@@ -0,0 +1,137 @@
+#!/bin/bash
+#
+# This script reads a given uki addons config file list, and creates an addon
+# for each definition given.
+#
+# Usage: python uki_addons.py cfgfile cert.pem key output_dir
+#
+# This tool requires the systemd-ukify and systemd-boot yum packages.
+#
+# Cfgfile definition
+#-------------------
+# Each addon is separate from the next by an empty line.
+# Each addon has 3 mandatory fields, plus one optional (sbat).
+# Each field (except the fourth) is terminated by a single newline.
+# No multiline fields! If a cmdline starts to be too long, maybe it's time to
+# create multiple addons.
+#
+# Cfgfile fields
+#---------------
+# - Name: name of the addon. This tool will create an addon called <name>.addon.efi
+# and put it in @output_dir. Name might or might not contain .addon.efi.
+# If it is missing, it will be added automatically.
+# - Description: human readable description of the addon. Not included in the
+# generated file.
+# - Command line: the command line to be inserted into the addon.
+# - SBAT (optional): If this field is specified, replace .sbat with the provided
+# one. This field can be multiline, but must have an additional
+# newline (or EOF) to separate from the next addon.
+
+import os
+import sys
+import collections
+import subprocess
+
+SYSTEMD_STUB_PATH = '/usr/lib/systemd/boot/efi/addonx64.efi.stub'
+UKIFY_PATH = '/usr/lib/systemd/ukify'
+
+def usage(err):
+ print(f'Usage: {os.path.basename(__file__)} cfgfile cert.pem key output_dir')
+ if err:
+ print(f'Error:{err}')
+ sys.exit(1)
+
+def cfgfile_fields_help():
+ print("Cfgfile fields")
+ print("---------------")
+ print(" - Name: name of the addon. This tool will create an addon called <name>.addon.efi")
+ print(" and put it in @output_dir. Name might or might not contain .addon.efi.")
+ print(" If it is missing, it will be added automatically.")
+ print(" - Description: human readable description of the addon. Not included in the")
+ print(" generated file.")
+ print(" - Command line: the command line to be inserted into the addon.")
+ print(" - SBAT (optional): If this field is specified, replace .sbat with the provided")
+ print(" one. This field can be multiline, but must have an additional")
+ print(" newline (or EOF) to separate from the next addon.")
+ sys.exit(1)
+
+def check_arguments(cfgfile, output):
+ if not os.path.isfile(cfgfile):
+ usage(f'cfgfile {cfgfile} is not a file, or does not exist!')
+
+ if not os.path.isdir(output):
+ usage(f'output_dir {output} is not a dir, or does not exist!')
+
+UKICmdlineAddon = collections.namedtuple('UKICmdlineAddon', ['name', 'desc', 'cmdline', 'sbat'])
+
+def create_uki_addon(start, end, lines):
+ name = lines[start].rstrip()
+ if not name.endswith('.addon.efi'):
+ name += '.addon.efi'
+ desc = lines[start + 1].rstrip()
+ cmdline = lines[start + 2].rstrip()
+ sbat = ''.join(lines[start+3:end])
+ return UKICmdlineAddon(name, desc, cmdline, sbat)
+
+def parse_addon(i, lines):
+ start = -1
+ while i < len(lines) and start < 0:
+ if lines[i] != '\n':
+ start = i
+ i += 1
+
+ end = -1
+ while i < len(lines) and end < 0:
+ if lines[i] == '\n':
+ end = i
+ i += 1
+ if i == len(lines) and end < 0:
+ end = i
+
+ if start < 0 or end < 0:
+ return None, i
+
+ if start + 3 > end: # too small, fields ignored
+ print(f'Addon line {start+1}:{end} ignored, must contain at least name-descr-cmdline')
+ return None, i
+
+ return create_uki_addon(start, end, lines), i
+
+def main(cfgfile, output):
+ if not output.endswith('/'):
+ output += '/'
+
+ with open(cfgfile, 'r') as addons:
+ lines = addons.readlines()
+
+ i = 0
+ while i < len(lines):
+ addon, i = parse_addon(i, lines)
+ if not addon:
+ continue
+ out_path = output + addon.name
+ cmd = [
+ f'{UKIFY_PATH}', 'build',
+ f'--stub={SYSTEMD_STUB_PATH}',
+ f'--cmdline="{addon.cmdline}"',
+ f'--output={out_path}']
+ if addon.sbat != '':
+ cmd.append('--sbat=' + addon.sbat.rstrip() +'')
+
+ # print(''.join(cmd))
+ print(cmd)
+ print()
+ subprocess.check_call(cmd, text=True)
+
+if __name__ == "__main__":
+ argc = len(sys.argv) - 1
+ if argc != 2:
+ usage('too few or too many parameters!')
+
+ cfgfile = sys.argv[1]
+ output = sys.argv[2]
+
+ check_arguments(cfgfile, output)
+ main(cfgfile, output)
+
+
diff --git a/redhat/uki_cmdline_addons.conf b/redhat/uki_cmdline_addons.conf
new file mode 100644
index blahblah..blahblah 100644
--- /dev/null
+++ b/redhat/uki_cmdline_addons.conf
--
https://gitlab.com/cki-project/kernel-ark/-/merge_requests/2917
Hi, we tested your kernel and here are the results:
Overall result: PASSED
Merge: OK
Compile: OK
Test: OK
Tested-by: CKI Project <cki-project(a)redhat.com>
Kernel information:
Brew / Koji Task ID: 112707366
You can find all the details about the test run at
https://datawarehouse.cki-project.org/kcidb/checkouts/126830
One or more kernel tests failed:
We also see the following known issues which are not related to your changes:
Issue: NFS Connectathon: SELinux prevents rpcbind
URL: https://bugzilla.redhat.com/1758147
Affected tests:
ppc64le - Filesystem - NFS Connectathon
x86_64 - Filesystem - NFS Connectathon
Tests that were not ran because of internal issues:
aarch64 - Hardware - IPMI driver test
aarch64 - Hardware - IPMItool loop stress test
aarch64 - Storage - swraid scsi_raid
aarch64 - stress: stress-ng - interrupt
aarch64 - stress: stress-ng - cpu
aarch64 - stress: stress-ng - cpu-cache
aarch64 - stress: stress-ng - memory
aarch64 - Reboot test
If you find a failure unrelated to your changes, please ask the test maintainer to review it.
This will prevent the failures from being incorrectly reported in the future.
Please reply to this email if you have any questions about the tests that we
ran or if you have any suggestions on how to make future tests more effective.
,-. ,-.
( C ) ( K ) Continuous
`-',-.`-' Kernel
( I ) Integration
`-'
______________________________________________________________________________