ci: update musl headers to 6.6 #3921
Conversation
tammela
force-pushed
the
musl-headers
branch
5 times, most recently
from
3d166ca
to
d14a03b
Compare
|
☔ The latest upstream changes (presumably #3922) made this pull request unmergeable. Please resolve the merge conflicts. |
|
☔ The latest upstream changes (presumably #4042) made this pull request unmergeable. Please resolve the merge conflicts. |
There was a problem hiding this comment.
Sorry this hasn't been on my radar. Is the switch to Alpine just because of better maintenance?
Suggested some ways to clean up the shell script, also I think there are a couple other musl dockerfiles that will need to be updated now (loongarch?). libc-test/build.rs is probably pretty out of date, if you'd like we can merge the musl changes first and then clean up build.rs in a followup.
ci/install-musl.sh
Outdated
| # Download, configure, build, and install musl-sanitized kernel headers. | ||
| # This routine piggybacks on: https://git.alpinelinux.org/aports/tree/main/linux-headers?h=3.20-stable | ||
| # Alpine follows stable kernel releases, 3.20 uses Linux 6.6 headers. | ||
| git clone -n --depth=1 --filter=tree:0 -b 3.20-stable https://gitlab.alpinelinux.org/alpine/aports |
There was a problem hiding this comment.
Nit to make use of variables
| # Download, configure, build, and install musl-sanitized kernel headers. | |
| # This routine piggybacks on: https://git.alpinelinux.org/aports/tree/main/linux-headers?h=3.20-stable | |
| # Alpine follows stable kernel releases, 3.20 uses Linux 6.6 headers. | |
| git clone -n --depth=1 --filter=tree:0 -b 3.20-stable https://gitlab.alpinelinux.org/alpine/aports | |
| # Download, configure, build, and install musl-sanitized kernel headers. | |
| # Alpine follows stable kernel releases, 3.20 uses Linux 6.6 headers. | |
| alpine_version=3.20 | |
| alpine_git=https://gitlab.alpinelinux.org/alpine/aports | |
| # This routine piggybacks on: https://git.alpinelinux.org/aports/tree/main/linux-headers?h=3.20-stable | |
| git clone -n --depth=1 --filter=tree:0 -b "${alpine_version}-stable" "$alpine_git" |
ci/install-musl.sh
Outdated
| cp APKBUILD APKBUILD.source | ||
| cp APKBUILD APKBUILD.sha512 | ||
| { | ||
| echo "printf \"\$source\"" | ||
| # shellcheck disable=SC2028 | ||
| echo "printf \"\$_kernver\n\"" | ||
| # shellcheck disable=SC2028 | ||
| echo "printf \"\$pkgver\n\"" | ||
| } >> APKBUILD.source | ||
| echo "printf \"\$sha512sums\"" >> APKBUILD.sha512 | ||
| KERNEL_VER=$(bash APKBUILD.source | tail -2 | head -1 | tr -d "[:space:]") | ||
| PKGVER=$(bash APKBUILD.source | tail -1 | tr -d "[:space:]") | ||
| urls=$(bash APKBUILD.source | grep -o 'https.*') | ||
| kernel="" | ||
| patch="" | ||
| for url in $urls; do | ||
| base=$(basename "$url") | ||
| curl --retry 5 -L "$url" > "$base" | ||
| case $base in | ||
| linux-*) kernel=$base;; | ||
| patch-*) patch=$base;; | ||
| esac | ||
| done | ||
| bash APKBUILD.sha512 | grep "$kernel" >> sha-check | ||
| bash APKBUILD.sha512 | grep "$patch" >> sha-check |
There was a problem hiding this comment.
I think this gets a bit cleaner with heredoc and writing the outputs to files rather than filtering:
| cp APKBUILD APKBUILD.source | |
| cp APKBUILD APKBUILD.sha512 | |
| { | |
| echo "printf \"\$source\"" | |
| # shellcheck disable=SC2028 | |
| echo "printf \"\$_kernver\n\"" | |
| # shellcheck disable=SC2028 | |
| echo "printf \"\$pkgver\n\"" | |
| } >> APKBUILD.source | |
| echo "printf \"\$sha512sums\"" >> APKBUILD.sha512 | |
| KERNEL_VER=$(bash APKBUILD.source | tail -2 | head -1 | tr -d "[:space:]") | |
| PKGVER=$(bash APKBUILD.source | tail -1 | tr -d "[:space:]") | |
| urls=$(bash APKBUILD.source | grep -o 'https.*') | |
| kernel="" | |
| patch="" | |
| for url in $urls; do | |
| base=$(basename "$url") | |
| curl --retry 5 -L "$url" > "$base" | |
| case $base in | |
| linux-*) kernel=$base;; | |
| patch-*) patch=$base;; | |
| esac | |
| done | |
| bash APKBUILD.sha512 | grep "$kernel" >> sha-check | |
| bash APKBUILD.sha512 | grep "$patch" >> sha-check | |
| # Create a version of APKBUILD to extract variables | |
| cp APKBUILD APKBUILD.vars | |
| cat <<- 'EOF' >> APKBUILD.vars | |
| printf "$source" > alpine-source | |
| printf "$_kernver" > alpine-kernver | |
| printf "$pkgver" > alpine-pkgver | |
| printf "$sha512sums" > alpine-sha512sums | |
| EOF | |
| # Execute the build script to write the output files | |
| sh APKBUILD.vars | |
| alpine_source="$(cat alpine-source)" | |
| kernel_version="$(cat alpine-kernver)" | |
| pkg_version="$(cat alpine-pkgver)" | |
| kernel="" | |
| patch="" | |
| urls="$(echo "$alpine_source" | grep -o 'https.*')" | |
| # Download | |
| for url in $urls; do | |
| base=$(basename "$url") | |
| curl --retry 5 -L "$url" > "$base" | |
| case "$base" in | |
| linux-*) kernel="$base";; | |
| patch-*) patch="$base";; | |
| *) | |
| echo "Unexpected basename $base" | |
| exit 1 | |
| ;; | |
| esac | |
| done | |
| grep "$kernel" alpine-sha512sums >> sha-check | |
| grep "$patch" alpine-sha512sums >> sha-check |
(I haven't tested this)
There was a problem hiding this comment.
Also, does CARCH need to be set before running APKBUILD?
There was a problem hiding this comment.
Also, does
CARCHneed to be set before runningAPKBUILD?
Not in this case, we force the arch to our own $kernel_arch
Sabotage is pretty much stuck on 4.19.88 for years now. Alpine follows the stable releases from www.kernel.org and uses musl. I will update the PR to take into account your suggestions |
tammela
force-pushed
the
musl-headers
branch
4 times, most recently
from
ae76331
to
9575471
Compare
There was a problem hiding this comment.
Sabotage is pretty much stuck on 4.19.88 for years now. Alpine follows the stable releases from www.kernel.org and uses musl. As you saw, this is pretty much a hack to piggy back on Alpine's patches for the kernel headers. I wouldn't claim it's better maintenance over sabotage, but rather it's a better fit since we want to test and add the shiniest new features :)
Thanks for the context, that makes a lot of sense 👍
Two small suggestions for the script then this looks good to me. One other nit - it seems like your bash is indented by three spaces, mind changing to 4 like the rest of the scripts?
ci/install-musl.sh
Outdated
| { | ||
| echo "printf \"\$source\" > alpine-source" | ||
| # shellcheck disable=SC2028 | ||
| echo "printf \"\$_kernver\n\" > alpine-kernver" | ||
| # shellcheck disable=SC2028 | ||
| echo "printf \"\$pkgver\n\" > alpine-pkgver" | ||
| # shellcheck disable=SC2028 | ||
| echo "printf \"\$sha512sums\n\" > alpine-sha512sums" | ||
| } >> APKBUILD.vars |
There was a problem hiding this comment.
Could this just use heredoc rather than the nested quoting? Which shouldn't hit the shellcheck warnings
ci/install-musl.sh
Outdated
| urls=$(grep -o 'https.*' alpine-source) | ||
| kernel="" | ||
| patch="" | ||
| for url in $urls; do | ||
| base=$(basename "$url") | ||
| curl --retry 5 -L "$url" > "$base" | ||
| case $base in | ||
| linux-*) kernel=$base;; | ||
| patch-*) patch=$base;; | ||
| esac | ||
| done |
There was a problem hiding this comment.
Does the following work instead?
| urls=$(grep -o 'https.*' alpine-source) | |
| kernel="" | |
| patch="" | |
| for url in $urls; do | |
| base=$(basename "$url") | |
| curl --retry 5 -L "$url" > "$base" | |
| case $base in | |
| linux-*) kernel=$base;; | |
| patch-*) patch=$base;; | |
| esac | |
| done | |
| urls=$(grep -o 'https.*' alpine-source) | |
| for url in $urls; do | |
| base=$(basename "$url") | |
| # We only need to download `linux` and the patch archive, not individual | |
| # patches. | |
| case "$base" in | |
| linux-*) kernel="$base";; | |
| patch-*) patch="$base";; | |
| *) continue;; | |
| esac | |
| curl --retry 5 -L "$url" -o "$base" | |
| grep "$base" alpine-sha512sums >> sha-check | |
| done |
Then remove the grep "$kernel/patch" alpine-sha512sums >> sha-check lines below. This makes sure we don't download/use anything that we don't verify the sha of.
If we do actually need to download all the files (revert-broken-uapi.patch and 0003-remove-inclusion-of-sysinfo.h-in-kernel.h.patch), then remove *) continue and >> sha-check, instead just sha512sum -c alpine-sha512sums.
There was a problem hiding this comment.
We need the latter. I added an explicit check to avoid downloading files that do not contain a checksum.
|
☔ The latest upstream changes (presumably #4120) made this pull request unmergeable. Please resolve the merge conflicts. |
tammela
force-pushed
the
musl-headers
branch
2 times, most recently
from
77523c0
to
4c6fc50
Compare
Update the musl headers in CI to use alpine-linux instead of sabotage-linux. Alpine also uses musl but follows the linux stable releases, providing more up-to-date headers. Signed-off-by: Pedro Tammela <pctammela@gmail.com>
tammela
force-pushed
the
musl-headers
branch
from
4c6fc50
to
b87db4d
Compare
Now that we have Linux 6.6 we can clean up some of the test exceptions. Not all of them can be removed, so the comments are updated if needed. Signed-off-by: Pedro Tammela <pctammela@gmail.com>
tammela
force-pushed
the
musl-headers
branch
from
b87db4d
to
55f9451
Compare
tgross35
added
the
stable-nominated
Update the musl headers in CI to use alpine-linux instead of sabotage-linux.
Alpine also uses musl but follows the linux stable releases, providing more up-to-date headers.
I also took the opportunity to clean up libc-test/build.rs a bit.