From 0ceed07574866431ec2cf7516fa45e8e3145f715 Mon Sep 17 00:00:00 2001 From: alexhulbert Date: Wed, 18 Jun 2025 22:59:01 -0400 Subject: [PATCH 1/8] Allow modular kernel config and create dockerfile --- .dockerignore | 1 + Dockerfile | 21 ++++--- base/base.conf | 11 +++- base/mkosi.build | 11 ---- buildernet/buildernet.conf | 1 - flake.nix | 10 ---- kernel.nix | 55 ------------------ .../kernel-yocto.config | 0 kernel/mkosi.build | 58 +++++++++++++++++++ 9 files changed, 78 insertions(+), 90 deletions(-) create mode 120000 .dockerignore delete mode 100755 base/mkosi.build delete mode 100644 kernel.nix rename kernel-yocto.config => kernel/kernel-yocto.config (100%) create mode 100755 kernel/mkosi.build diff --git a/.dockerignore b/.dockerignore new file mode 120000 index 0000000..3e4e48b --- /dev/null +++ b/.dockerignore @@ -0,0 +1 @@ +.gitignore \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index d2a08a6..57739de 100644 --- a/Dockerfile +++ b/Dockerfile @@ -4,20 +4,19 @@ RUN apt-get update && apt-get install -y \ curl git sudo qemu-system-x86 qemu-utils \ debian-archive-keyring systemd-boot reprepro xz-utils -RUN adduser --disabled-password --gecos '' nix && \ - echo "nix ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/nix && \ - chmod 0440 /etc/sudoers.d/nix +RUN echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/ubuntu && \ + chmod 0440 /etc/sudoers.d/ubuntu -COPY --chown=nix:nix . /home/nix/mkosi -RUN mkdir -p /home/nix/mkosi/mkosi.packages /home/nix/mkosi/mkosi.cache \ - /home/nix/mkosi/mkosi.builddir /home/nix/mkosi/build /nix && \ - chown -R nix:nix /home/nix/mkosi /nix +COPY --chown=ubuntu:ubuntu . /home/ubuntu/mkosi +RUN mkdir -p /home/ubuntu/mkosi/mkosi.packages /home/ubuntu/mkosi/mkosi.cache \ + /home/ubuntu/mkosi/mkosi.builddir /home/ubuntu/mkosi/build /nix && \ + chown -R ubuntu:ubuntu /home/ubuntu/mkosi /nix -USER nix +USER ubuntu RUN curl -L https://nixos.org/nix/install | sh -s -- --no-daemon && \ mkdir -p ~/.config/nix ~/.cache/mkosi/ && \ echo 'experimental-features = nix-command flakes' > ~/.config/nix/nix.conf -RUN /home/nix/.nix-profile/bin/nix develop -c /bin/true -WORKDIR /home/nix/mkosi -ENTRYPOINT ["/home/nix/.nix-profile/bin/nix", "develop", "-c", "/bin/bash"] \ No newline at end of file +WORKDIR /home/ubuntu/mkosi +RUN /home/ubuntu/.nix-profile/bin/nix develop -c /bin/true +ENTRYPOINT ["/home/ubuntu/.nix-profile/bin/nix", "develop", "-c", "/bin/bash"] \ No newline at end of file diff --git a/base/base.conf b/base/base.conf index 7872d2b..75163fa 100644 --- a/base/base.conf +++ b/base/base.conf @@ -4,7 +4,6 @@ Release=trixie [Build] PackageCacheDirectory=mkosi.cache -Environment=KERNEL_IMAGE KERNEL_VERSION [Output] Format=uki @@ -23,7 +22,7 @@ SkeletonTrees=base/mkosi.skeleton FinalizeScripts=base/debloat.sh PostInstallationScripts=base/debloat-systemd.sh PostInstallationScripts=base/efi-stub.sh -BuildScripts=base/mkosi.build +BuildScripts=kernel/mkosi.build CleanPackageMetadata=true Packages=kmod @@ -44,3 +43,11 @@ BuildPackages=build-essential pkg-config clang cargo + flex + bison + elfutils + bc + perl + gawk + zstd + libssl-dev diff --git a/base/mkosi.build b/base/mkosi.build deleted file mode 100755 index aee1b99..0000000 --- a/base/mkosi.build +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/bash -set -euxo pipefail - -if [ -z "$KERNEL_IMAGE" ] || [ -z "$KERNEL_VERSION" ]; then - echo "KERNEL_IMAGE and KERNEL_VERSION must be set" - exit 1 -fi - -# Copy kernel and config to a place where mkosi can find it -mkdir -p "$DESTDIR/usr/lib/modules/$KERNEL_VERSION" -cp "$KERNEL_IMAGE" "$DESTDIR/usr/lib/modules/$KERNEL_VERSION/vmlinuz" \ No newline at end of file diff --git a/buildernet/buildernet.conf b/buildernet/buildernet.conf index ac7bfca..bd42339 100644 --- a/buildernet/buildernet.conf +++ b/buildernet/buildernet.conf @@ -21,5 +21,4 @@ BuildPackages=libleveldb-dev zlib1g-dev libzstd-dev libpq-dev - libssl-dev protobuf-compiler diff --git a/flake.nix b/flake.nix index c1bd83b..922cdf9 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,6 @@ let system = "x86_64-linux"; pkgs = import nixpkgs { inherit system; }; - kernel = import ./kernel.nix { inherit pkgs; }; reprepro = pkgs.stdenv.mkDerivation rec { name = "reprepro-${version}"; version = "4.16.0"; @@ -32,17 +31,8 @@ ] ++ [ reprepro ]; }; in { - packages.${system} = { - kernel = kernel; - default = kernel; - }; - devShells.${system}.default = pkgs.mkShell { nativeBuildInputs = [ pkgs.qemu mkosi ]; - - KERNEL_IMAGE = "${kernel}/bzImage"; - KERNEL_VERSION = kernel.version; - shellHook = '' mkdir -p mkosi.packages mkosi.cache mkosi.builddir ''; diff --git a/kernel.nix b/kernel.nix deleted file mode 100644 index 87ed618..0000000 --- a/kernel.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ pkgs ? import {} }: -pkgs.stdenv.mkDerivation rec { - pname = "linux-tdx"; - version = "6.13.1"; - - depsBuildBuild = with pkgs.pkgsBuildBuild; [ - stdenv.cc - ]; - - nativeBuildInputs = with pkgs.buildPackages; [ - git flex bison elfutils openssl - bc perl gawk zstd - ]; - - src = pkgs.fetchFromGitHub { - owner = "gregkh"; - repo = "linux"; - rev = "v${version}"; - sha256 = "sha256-eiceHrOC2K2nBEbs7dD9AfpCNesorMhC9X24UtSPkMY="; - }; - - # patches = []; - - configurePhase = ''cp ${./kernel-yocto.config} .config''; - - buildPhase = '' - patchShebangs ./scripts/ld-version.sh - export KBUILD_BUILD_TIMESTAMP="$(date -u -d @$SOURCE_DATE_EPOCH)" - export KBUILD_BUILD_USER="nixbuild" - export KBUILD_BUILD_HOST="nixbuilder" - make olddefconfig bzImage -j "$NIX_BUILD_CORES" \ - ARCH="x86_64" \ - HOSTCC="$CC_FOR_BUILD" \ - HOSTCXX="$CXX_FOR_BUILD" \ - HOSTAR="$AR_FOR_BUILD" \ - HOSTLD="$LD_FOR_BUILD" \ - CC="$CC" LD="$LD" \ - OBJCOPY="$OBJCOPY" \ - OBJDUMP="$OBJDUMP" \ - READELF="$READELF" \ - STRIP="$STRIP" \ - CONFIG_EFI_STUB=y - ''; - - installPhase = '' - mkdir -p $out - cp arch/x86_64/boot/bzImage $out/ - ''; - - meta = { - description = "Linux Kernel ${version}"; - homepage = https://kernel.org; - license = "gpl2Only"; - }; -} \ No newline at end of file diff --git a/kernel-yocto.config b/kernel/kernel-yocto.config similarity index 100% rename from kernel-yocto.config rename to kernel/kernel-yocto.config diff --git a/kernel/mkosi.build b/kernel/mkosi.build new file mode 100755 index 0000000..e384129 --- /dev/null +++ b/kernel/mkosi.build @@ -0,0 +1,58 @@ +#!/bin/bash +set -euo pipefail + +# Configuration +KERNEL_VERSION="6.13.12" +KERNEL_REPO="https://github.com/gregkh/linux" +BASE_CONFIG="$SRCDIR/kernel/kernel-yocto.config" +SNIPPETS_DIR="$SRCDIR/kernel/snippets" + +echo "Building kernel $KERNEL_VERSION with snippets: ${KERNEL_CONFIG_SNIPPETS:-none}" + +# Generate final config +config_file=$(mktemp) +cp "$BASE_CONFIG" "$config_file" +if [[ -n "${KERNEL_CONFIG_SNIPPETS:-}" ]]; then + IFS=',' read -ra snippets <<< "$KERNEL_CONFIG_SNIPPETS" + for snippet in "${snippets[@]}"; do + snippet_file="$SNIPPETS_DIR/${snippet}.config" + [[ -f "$snippet_file" ]] && cat "$snippet_file" >> "$config_file" + done +fi + +# Calculate cache key and paths +config_hash=$(sha256sum "$config_file" | cut -d' ' -f1 | cut -c1-12) +cache_dir="$BUILDDIR/kernel-${KERNEL_VERSION}-${config_hash}" +kernel_file="$cache_dir/bzImage" + +# Use cached kernel if available +if [[ -f "$kernel_file" ]]; then + echo "Using cached kernel: $kernel_file" +else + echo "Building kernel from source..." + build_dir="$BUILDROOT/build/kernel-${KERNEL_VERSION}" + + # Clone if needed + [[ ! -d "$build_dir" ]] && git clone --depth 1 --branch "v${KERNEL_VERSION}" "$KERNEL_REPO" "$build_dir" + + # Build kernel + cd "$build_dir" + cp "$config_file" .config + export KBUILD_BUILD_TIMESTAMP="$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%s)})" + export KBUILD_BUILD_USER="mkosi" KBUILD_BUILD_HOST="mkosi-builder" + + make olddefconfig + make -j "$(nproc 2>/dev/null || echo 2)" bzImage ARCH=x86_64 CONFIG_EFI_STUB=y + + # Cache result + mkdir -p "$cache_dir" + cp arch/x86_64/boot/bzImage "$cache_dir/" + cp .config "$cache_dir/config" +fi + +# Install kernel +mkdir -p "$DESTDIR/usr/lib/modules/$KERNEL_VERSION" +cp "$kernel_file" "$DESTDIR/usr/lib/modules/$KERNEL_VERSION/vmlinuz" +rm -f "$config_file" + +echo "Kernel installed successfully" \ No newline at end of file From 5fc450596e2c497acf755d5b37d4eec21060b502 Mon Sep 17 00:00:00 2001 From: alexhulbert Date: Thu, 19 Jun 2025 11:53:20 -0400 Subject: [PATCH 2/8] Run make inside chroot --- kernel/mkosi.build | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/kernel/mkosi.build b/kernel/mkosi.build index e384129..72f80da 100755 --- a/kernel/mkosi.build +++ b/kernel/mkosi.build @@ -41,8 +41,8 @@ else export KBUILD_BUILD_TIMESTAMP="$(date -u -d @${SOURCE_DATE_EPOCH:-$(date +%s)})" export KBUILD_BUILD_USER="mkosi" KBUILD_BUILD_HOST="mkosi-builder" - make olddefconfig - make -j "$(nproc 2>/dev/null || echo 2)" bzImage ARCH=x86_64 CONFIG_EFI_STUB=y + mkosi-chroot make olddefconfig + mkosi-chroot make -j "$(nproc 2>/dev/null || echo 2)" bzImage ARCH=x86_64 CONFIG_EFI_STUB=y # Cache result mkdir -p "$cache_dir" From 9baafa4a7510ee191007fd566324cbbf4ed43f2e Mon Sep 17 00:00:00 2001 From: Niccolo Raspa Date: Fri, 20 Jun 2025 11:56:24 +0200 Subject: [PATCH 3/8] feat: add test pipeline --- .github/workflows/build.yaml | 49 ++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .github/workflows/build.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 0000000..ad13c15 --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,49 @@ +name: Build mkosi Image + +on: + workflow_dispatch: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +jobs: + build-mkosi: + runs-on: warp-ubuntu-latest-x64-8x + + permissions: + contents: read + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Nix + uses: DeterminateSystems/nix-installer-action@main + + # TODO: Setup Warp cache + # - name: Setup Warp cache + # uses: WarpBuilds/cache@v1 + # with: + # path: ~/.cache/mkosi/ + # key: ${{ runner.os }}-mkosi-cache-${{ hashFiles('**/mkosi.conf', '**/mkosi.packages') }} + # restore-keys: | + # ${{ runner.os }}-mkosi-cache- + + - name: Install system dependencies + run: | + sudo apt-get update + sudo apt-get install -y \ + qemu-system-x86 qemu-utils \ + debian-archive-keyring systemd-boot reprepro xz-utils + + - name: Configure Nix + run: | + mkdir -p ~/.config/nix + echo 'experimental-features = nix-command flakes' > ~/.config/nix/nix.conf + + # Building tdx-image for testing + - name: Build mkosi image using nix + run: | + mkdir -p ~/.cache/mkosi/ + ix develop --command mkosi --force -I tdx-dummy.conf From e120250be6124c38e96af3301b95abfba9cc96f9 Mon Sep 17 00:00:00 2001 From: Niccolo Raspa Date: Fri, 20 Jun 2025 12:01:51 +0200 Subject: [PATCH 4/8] fix: typo in nix command --- .github/workflows/e2e.yaml | 49 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 .github/workflows/e2e.yaml diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml new file mode 100644 index 0000000..dbe97cd --- /dev/null +++ b/.github/workflows/e2e.yaml @@ -0,0 +1,49 @@ +name: Build mkosi Image + +on: + workflow_dispatch: + push: + branches: [ main ] + pull_request: + branches: [ main ] + +jobs: + build-mkosi: + runs-on: warp-ubuntu-latest-x64-8x + + permissions: + contents: read + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Setup Nix + uses: DeterminateSystems/nix-installer-action@main + + # TODO: Setup Warp cache + # - name: Setup Warp cache + # uses: WarpBuilds/cache@v1 + # with: + # path: ~/.cache/mkosi/ + # key: ${{ runner.os }}-mkosi-cache-${{ hashFiles('**/mkosi.conf', '**/mkosi.packages') }} + # restore-keys: | + # ${{ runner.os }}-mkosi-cache- + + - name: Install system dependencies + run: | + sudo apt-get update + sudo apt-get install -y \ + qemu-system-x86 qemu-utils \ + debian-archive-keyring systemd-boot reprepro xz-utils + + - name: Configure Nix + run: | + mkdir -p ~/.config/nix + echo 'experimental-features = nix-command flakes' > ~/.config/nix/nix.conf + + # Building tdx-image for testing + - name: Build mkosi image using nix + run: | + mkdir -p ~/.cache/mkosi/ + nix develop --command mkosi --force -I tdx-dummy.conf From 859f8b8189191b920a07d2ec4c535a557e41b550 Mon Sep 17 00:00:00 2001 From: Niccolo Raspa Date: Fri, 20 Jun 2025 12:03:50 +0200 Subject: [PATCH 5/8] test: add current branch for testing --- .github/workflows/e2e.yaml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index dbe97cd..9b737c7 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -3,9 +3,12 @@ name: Build mkosi Image on: workflow_dispatch: push: - branches: [ main ] + branches: + - main + - feat/add-warp-ci # TODO: Remove this once the CI is working pull_request: - branches: [ main ] + branches: + - main jobs: build-mkosi: From 805d11e65a8eef9f887c5643dd1b1864cf7fcd82 Mon Sep 17 00:00:00 2001 From: Niccolo Raspa Date: Fri, 20 Jun 2025 12:08:13 +0200 Subject: [PATCH 6/8] fix: permissions errors --- .github/workflows/e2e.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index 9b737c7..e67b578 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -33,6 +33,12 @@ jobs: # restore-keys: | # ${{ runner.os }}-mkosi-cache- + - name: Enable user namespaces for mkosi + run: | + echo 'kernel.unprivileged_userns_clone=1' | sudo tee -a /etc/sysctl.conf + sudo sysctl -p + cat /proc/sys/kernel/unprivileged_userns_clone + - name: Install system dependencies run: | sudo apt-get update From a39eea0d2f57bd101299f99557ee311f2a668bde Mon Sep 17 00:00:00 2001 From: Niccolo Raspa Date: Fri, 20 Jun 2025 12:08:49 +0200 Subject: [PATCH 7/8] fix: permissions errors indentations --- .github/workflows/e2e.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml index e67b578..974617c 100644 --- a/.github/workflows/e2e.yaml +++ b/.github/workflows/e2e.yaml @@ -33,11 +33,11 @@ jobs: # restore-keys: | # ${{ runner.os }}-mkosi-cache- - - name: Enable user namespaces for mkosi - run: | - echo 'kernel.unprivileged_userns_clone=1' | sudo tee -a /etc/sysctl.conf - sudo sysctl -p - cat /proc/sys/kernel/unprivileged_userns_clone + - name: Enable user namespaces for mkosi + run: | + echo 'kernel.unprivileged_userns_clone=1' | sudo tee -a /etc/sysctl.conf + sudo sysctl -p + cat /proc/sys/kernel/unprivileged_userns_clone - name: Install system dependencies run: | From 0c1030a506e4ada275cc5827d291eb4ead67254f Mon Sep 17 00:00:00 2001 From: Niccolo Raspa Date: Fri, 20 Jun 2025 16:28:24 +0200 Subject: [PATCH 8/8] fix: add only one CI --- .github/workflows/build.yaml | 15 ++++++++-- .github/workflows/e2e.yaml | 58 ------------------------------------ 2 files changed, 12 insertions(+), 61 deletions(-) delete mode 100644 .github/workflows/e2e.yaml diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index ad13c15..974617c 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -3,9 +3,12 @@ name: Build mkosi Image on: workflow_dispatch: push: - branches: [ main ] + branches: + - main + - feat/add-warp-ci # TODO: Remove this once the CI is working pull_request: - branches: [ main ] + branches: + - main jobs: build-mkosi: @@ -30,6 +33,12 @@ jobs: # restore-keys: | # ${{ runner.os }}-mkosi-cache- + - name: Enable user namespaces for mkosi + run: | + echo 'kernel.unprivileged_userns_clone=1' | sudo tee -a /etc/sysctl.conf + sudo sysctl -p + cat /proc/sys/kernel/unprivileged_userns_clone + - name: Install system dependencies run: | sudo apt-get update @@ -46,4 +55,4 @@ jobs: - name: Build mkosi image using nix run: | mkdir -p ~/.cache/mkosi/ - ix develop --command mkosi --force -I tdx-dummy.conf + nix develop --command mkosi --force -I tdx-dummy.conf diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml deleted file mode 100644 index 974617c..0000000 --- a/.github/workflows/e2e.yaml +++ /dev/null @@ -1,58 +0,0 @@ -name: Build mkosi Image - -on: - workflow_dispatch: - push: - branches: - - main - - feat/add-warp-ci # TODO: Remove this once the CI is working - pull_request: - branches: - - main - -jobs: - build-mkosi: - runs-on: warp-ubuntu-latest-x64-8x - - permissions: - contents: read - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Setup Nix - uses: DeterminateSystems/nix-installer-action@main - - # TODO: Setup Warp cache - # - name: Setup Warp cache - # uses: WarpBuilds/cache@v1 - # with: - # path: ~/.cache/mkosi/ - # key: ${{ runner.os }}-mkosi-cache-${{ hashFiles('**/mkosi.conf', '**/mkosi.packages') }} - # restore-keys: | - # ${{ runner.os }}-mkosi-cache- - - - name: Enable user namespaces for mkosi - run: | - echo 'kernel.unprivileged_userns_clone=1' | sudo tee -a /etc/sysctl.conf - sudo sysctl -p - cat /proc/sys/kernel/unprivileged_userns_clone - - - name: Install system dependencies - run: | - sudo apt-get update - sudo apt-get install -y \ - qemu-system-x86 qemu-utils \ - debian-archive-keyring systemd-boot reprepro xz-utils - - - name: Configure Nix - run: | - mkdir -p ~/.config/nix - echo 'experimental-features = nix-command flakes' > ~/.config/nix/nix.conf - - # Building tdx-image for testing - - name: Build mkosi image using nix - run: | - mkdir -p ~/.cache/mkosi/ - nix develop --command mkosi --force -I tdx-dummy.conf