Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: gated fsync kernel (matches coreos-stable) #234

Merged
merged 6 commits into from
Sep 2, 2024
Merged
Show file tree
Hide file tree
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 44 additions & 1 deletion .github/workflows/reusable-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ jobs:
- asus
- fsync
- fsync-ba
- fsync-gated
- surface
- coreos-stable
- coreos-testing
Expand All @@ -46,6 +47,8 @@ jobs:
kernel_flavor: fsync
- fedora_version: 39
kernel_flavor: fsync-ba
- fedora_version: 39
kernel_flavor: fsync-gated
- fedora_version: 39
kernel_flavor: asus
- fedora_version: 39
Expand Down Expand Up @@ -77,7 +80,11 @@ jobs:
export BUILDER_IMAGE=quay.io/fedora/fedora
echo "BUILDER_IMAGE=${BUILDER_IMAGE}" >> $GITHUB_ENV
echo "FQ_BUILDER_IMAGE=${BUILDER_IMAGE}:${{ matrix.fedora_version }}" >> $GITHUB_ENV
export KERNEL_IMAGE=${{ matrix.kernel_flavor }}-kernel
if [[ "${{matrix.kernel_flavor}}" != "fsync-gated" ]]; then
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A little nitpicky, but why is this a negative? Isn't it a bit more clear to:

if [[ "${{matrix.kernel_flavor}}" == "fsync-gated" ]]; then
    export KERNEL_IMAGE=fsync-kernel
else
    export KERNEL_IMAGE=${{ matrix.kernel_flavor }}-kernel
fi

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only reason was that's just how I was thinking. I agree that not using the negative is better

export KERNEL_IMAGE=${{ matrix.kernel_flavor }}-kernel
else
export KERNEL_IMAGE=fsync-kernel
fi
echo "KERNEL_IMAGE=${KERNEL_IMAGE}" >> $GITHUB_ENV
echo "FQ_KERNEL_IMAGE=${{ env.IMAGE_REGISTRY }}/${KERNEL_IMAGE}:${{ matrix.fedora_version }}" >> $GITHUB_ENV

Expand All @@ -101,6 +108,7 @@ jobs:

- name: Get current version
shell: bash
if: matrix.kernel_flavor != 'fsync-gated'
run: |
set -eo pipefail

Expand All @@ -125,6 +133,37 @@ jobs:
fi
echo "KERNEL_IMAGE_VERSION=$img_version" >> $GITHUB_ENV

- name: Get current version (fsync-gated)
shell: bash
if: matrix.kernel_flavor == 'fsync-gated'
run: |
set -eo pipefail

# Get coreos kernel info
skopeo inspect docker://${{ env.IMAGE_REGISTRY }}/coreos-stable-kernel:${{ matrix.fedora_version }} > kernel.json

coreos_linux=$(jq -r '.["Labels"]["ostree.linux"]' kernel.json)
if [ -z "$coreos_linux" ] || [ "null" = "$coreos_linux" ]; then
echo "inspected linux version must not be empty or null"
exit 1
fi
major_minor_patch=$(echo $coreos_linux | cut -d - -f1)
# Match to fsync from kernel-cache
skopeo inspect docker://${{ env.IMAGE_REGISTRY }}/fsync-kernel:${{ matrix.fedora_version }}-${major_minor_patch} > kernel.json
linux=$(jq -r '.["Labels"]["ostree.linux"]' kernel.json)
if [ -z "$linux" ] || [ "null" = "$linux" ]; then
echo "inspected linux version must not be empty or null"
exit 1
fi
echo "KERNEL_VERSION=$linux" >> $GITHUB_ENV

img_version=$(jq -r '.["Labels"]["org.opencontainers.image.version"]' kernel.json)
if [ -z "$img_version" ] || [ "null" = "$img_version" ]; then
echo "inspected image version must not be empty or null"
exit 1
fi
echo "KERNEL_IMAGE_VERSION=$img_version" >> $GITHUB_ENV

- name: Generate tags
id: generate-tags
shell: bash
Expand Down Expand Up @@ -208,6 +247,8 @@ jobs:
BUILDER_IMAGE=${{ env.BUILDER_IMAGE }}
KERNEL_ORG=${{ github.repository_owner }}
KERNEL_FLAVOR=${{ matrix.kernel_flavor }}
KERNEL_IMAGE=${{ env.KERNEL_IMAGE }}
KERNEL_VERSION=${{ env.KERNEL_VERSION }}
FEDORA_MAJOR_VERSION=${{ matrix.fedora_version }}
RPMFUSION_MIRROR=${{ vars.RPMFUSION_MIRROR }}
DUAL_SIGN=true
Expand All @@ -226,6 +267,8 @@ jobs:
KERNEL_ORG=${{ github.repository_owner }}
KERNEL_FLAVOR=${{ matrix.kernel_flavor }}
FEDORA_MAJOR_VERSION=${{ matrix.fedora_version }}
KERNEL_IMAGE=${{ env.KERNEL_IMAGE }}
KERNEL_VERSION=${{ env.KERNEL_VERSION }}
INPUT_AKMODS=${{ env.IMAGE_NAME }}
INPUT_TAG=${{ env.default_tag }}
DUAL_SIGN=true
Expand Down
3 changes: 2 additions & 1 deletion Containerfile.common
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-main}"
ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}"
ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}"
ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}"
ARG KERNEL_VERSION="${KERNEL_VERSION}"
ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}"
ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}"
ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}"
FROM ${KERNEL_BASE} AS kernel_cache
Expand Down
3 changes: 2 additions & 1 deletion Containerfile.extra
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-main}"
ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}"
ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}"
ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}"
ARG KERNEL_VERSION="${KERNEL_VERSION}"
ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}"
ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}"
ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}"
FROM ${KERNEL_BASE} AS kernel_cache
Expand Down
3 changes: 2 additions & 1 deletion Containerfile.nvidia
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-main}"
ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}"
ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}"
ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}"
ARG KERNEL_VERSION="${KERNEL_VERSION}"
ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}"
ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}"
ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}"
FROM ${KERNEL_BASE} AS kernel_cache
Expand Down
3 changes: 2 additions & 1 deletion Containerfile.nvidia-open
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-main}"
ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}"
ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}"
ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}"
ARG KERNEL_VERSION="${KERNEL_VERSION}"
ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}"
ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}"
ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}"
FROM ${KERNEL_BASE} AS kernel_cache
Expand Down
3 changes: 2 additions & 1 deletion Containerfile.test
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-main}"
ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}"
ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}"
ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}"
ARG KERNEL_VERSION="${KERNEL_VERSION}"
ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}"
ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}"
ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}"
ARG INPUT_AKMODS="${INPUT_AKMODS:-akmods}"
Expand Down
3 changes: 2 additions & 1 deletion Containerfile.zfs
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,8 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}"
ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-coreos-stable}"
ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}"
ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}"
ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}"
ARG KERNEL_VERSION="${KERNEL_VERSION}"
ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}"
ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}"
ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}"
FROM ${KERNEL_BASE} AS kernel_cache
Expand Down
15 changes: 7 additions & 8 deletions build-prep.sh
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,6 @@

set -oeux pipefail


### PREPARE REPOS
# ARCH="$(rpm -E '%_arch')"
RELEASE="$(rpm -E '%fedora')"
Expand All @@ -17,9 +16,9 @@ echo "Installing ${KERNEL_FLAVOR} kernel-cache RPMs..."
# fedora image has no kernel so this needs nothing fancy, just install
dnf install -y /tmp/kernel_cache/*.rpm
if [[ "${KERNEL_FLAVOR}" == "surface" ]]; then
KERNEL_VERSION=$(rpm -q kernel-surface|cut -d '-' -f2-)
KERNEL_VERSION=$(rpm -q kernel-surface | cut -d '-' -f2-)
else
KERNEL_VERSION=$(rpm -q kernel|cut -d '-' -f2-)
KERNEL_VERSION=$(rpm -q kernel | cut -d '-' -f2-)
fi

# enable more repos
Expand Down Expand Up @@ -58,7 +57,7 @@ if [[ ! -s "/tmp/certs/private_key.priv" ]]; then
cp /tmp/certs/public_key.der{.test,}
fi

install -Dm644 /tmp/certs/public_key.der /etc/pki/akmods/certs/public_key.der
install -Dm644 /tmp/certs/public_key.der /etc/pki/akmods/certs/public_key.der
install -Dm644 /tmp/certs/private_key.priv /etc/pki/akmods/private/private_key.priv

if [[ "${DUAL_SIGN}" == "true" ]]; then
Expand All @@ -70,13 +69,13 @@ if [[ "${DUAL_SIGN}" == "true" ]]; then
fi
openssl x509 -in /tmp/certs/public_key_2.der -out /tmp/certs/public_key_2.crt
openssl x509 -in /tmp/certs/public_key.der -out /tmp/certs/public_key.crt
cat /tmp/certs/private_key.priv <(echo) /tmp/certs/public_key.crt >> /tmp/certs/signing_key_1.pem
cat /tmp/certs/private_key_2.priv <(echo) /tmp/certs/public_key_2.crt >> /tmp/certs/signing_key_2.pem
cat /tmp/certs/public_key.crt <(echo) /tmp/certs/public_key_2.crt >> /tmp/certs/public_key_chain.pem
cat /tmp/certs/private_key.priv <(echo) /tmp/certs/public_key.crt >>/tmp/certs/signing_key_1.pem
cat /tmp/certs/private_key_2.priv <(echo) /tmp/certs/public_key_2.crt >>/tmp/certs/signing_key_2.pem
cat /tmp/certs/public_key.crt <(echo) /tmp/certs/public_key_2.crt >>/tmp/certs/public_key_chain.pem
fi

# This is for ZFS more than CoreOS
if [[ "${KERNEL_FLAVOR}" =~ "coreos" ]]; then
if [[ "${KERNEL_FLAVOR}" =~ coreos|gated ]]; then
install -Dm644 /tmp/certs/public_key.der /lib/modules/"${KERNEL_VERSION}"/build/certs/signing_key.x509
install -Dm644 /tmp/certs/private_key.priv /lib/modules/"${KERNEL_VERSION}"/build/certs/signing_key.pem
dnf install -y \
Expand Down
Loading