vyos/vyos-build
1
0
Fork 0
mirror of https://github.com/vyos/vyos-build.git synced 2025-10-01 20:28:40 +02:00
Code Issues Packages Projects Releases Wiki Activity

Jenkins: T2625: import Kernel Pipeline

Browse Source 
Imported from https://github.com/vyos/vyos-build-kernel commit 9e7c12b
This commit is contained in:
Christian Poessinger 2020-06-24 20:16:04 +02:00
parent 488ebdf6ca
commit c1abd12398
15 changed files with 6666 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
packages/linux-kernel/.gitignore vendored Normal file
View File

@ -0,0 +1,20 @@
/linux
/wireguard
/wireguard-linux-compat
/accel-ppp
/intel-qat
/linux-firmware
/qat*
*.deb
*.changes
*.buildinfo
# Intel Driver source
*.tar.gz
i40e-*/
igb-*/
ixgbe-*/
ixgbevf-*/
vyos-intel-*/
vyos-linux-firmware*/
kernel-vars

246
packages/linux-kernel/Jenkinsfile vendored Normal file
View File

@ -0,0 +1,246 @@
// Copyright (C) 2019-2020 VyOS maintainers and contributors
//
// This program is free software; you can redistribute it and/or modify
// in order to easy exprort images built to "external" world
// it under the terms of the GNU General Public License version 2 or later as
// published by the Free Software Foundation.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
@NonCPS
// Using a version specifier library, use 'current' branch. The underscore (_)
// is not a typo! You need this underscore if the line immediately after the
// @Library annotation is not an import statement!
@Library('vyos-build@current')_
/* Only keep the most recent builds. */
def projectProperties = [
[$class: 'BuildDiscarderProperty',strategy: [$class: 'LogRotator', numToKeepStr: '1']],
]
properties(projectProperties)
setDescription()
node('Docker') {
stage('Define Agent') {
script {
// create container name on demand
def branchName = getGitBranchName()
// Adjust PR target branch name so we can re-map it to the proper
// Docker image. CHANGE_ID is set only for pull requests, so it is
// safe to access the pullRequest global variable
if (env.CHANGE_ID) {
branchName = "${env.CHANGE_TARGET}".toLowerCase()
}
if (branchName.equals("master")) {
branchName = "current"
}
env.DOCKER_IMAGE = "vyos/vyos-build:" + branchName
}
}
}
pipeline {
agent {
docker {
args "--sysctl net.ipv6.conf.lo.disable_ipv6=0 -e GOSU_UID=1006 -e GOSU_GID=1006"
image "${env.DOCKER_IMAGE}"
alwaysPull true
}
}
options {
disableConcurrentBuilds()
timeout(time: 120, unit: 'MINUTES')
timestamps()
}
environment {
DEBIAN_ARCH = sh(returnStdout: true, script: 'dpkg --print-architecture').trim()
BASE_DIR = 'packages/linux-kernel'
}
stages {
stage('Fetch') {
steps {
script {
dir('build') {
checkout scm
}
}
}
}
stage('Git Clone - Components') {
parallel {
stage('Kernel') {
steps {
dir(env.BASE_DIR + '/linux') {
checkout([$class: 'GitSCM',
doGenerateSubmoduleConfigurations: false,
extensions: [[$class: 'CleanCheckout'],
[$class: 'CloneOption', depth: 1, noTags: false, reference: '', shallow: true]],
branches: [[name: 'v4.19.128' ]],
userRemoteConfigs: [[url: 'https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git']]])
}
sh "pwd; ls -al"
}
}
stage('Kernel Firmware') {
steps {
dir(env.BASE_DIR + '/linux-firmware') {
checkout([$class: 'GitSCM',
doGenerateSubmoduleConfigurations: false,
extensions: [[$class: 'CleanCheckout'],
[$class: 'CloneOption', depth: 1, noTags: false, reference: '', shallow: true]],
branches: [[name: '20191022' ]],
userRemoteConfigs: [[url: 'https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git']]])
}
}
}
stage('WireGuard') {
steps {
dir(env.BASE_DIR + '/wireguard') {
checkout([$class: 'GitSCM',
doGenerateSubmoduleConfigurations: false,
extensions: [[$class: 'CleanCheckout']],
branches: [[name: 'debian/1.0.20200319-1_bpo10+1' ]],
userRemoteConfigs: [[url: 'https://salsa.debian.org/debian/wireguard.git']]])
}
dir(env.BASE_DIR + '/wireguard-linux-compat') {
checkout([$class: 'GitSCM',
doGenerateSubmoduleConfigurations: false,
extensions: [[$class: 'CleanCheckout']],
branches: [[name: 'debian/1.0.20200429-2_bpo10+1' ]],
userRemoteConfigs: [[url: 'https://salsa.debian.org/debian/wireguard-linux-compat.git']]])
}
}
}
stage('Accel-PPP') {
steps {
dir(env.BASE_DIR + '/accel-ppp') {
checkout([$class: 'GitSCM',
doGenerateSubmoduleConfigurations: false,
extensions: [[$class: 'CleanCheckout']],
branches: [[name: 'ed7b28722ec85' ]],
userRemoteConfigs: [[url: 'https://github.com/accel-ppp/accel-ppp.git']]])
}
}
}
}
}
stage('Compile Kernel') {
steps {
dir(env.BASE_DIR) {
sh "./build-kernel.sh"
}
}
}
stage('Kernel Module(s)') {
parallel {
stage('WireGuard') {
steps {
dir(env.BASE_DIR) {
// In Debian wireguard repo commit edb7124c866ea0e506278c311fc82dfde1f957be
// they decided to split source code of the kernel part and tools
dir('wireguard') {
sh "dpkg-buildpackage -b -us -uc -tc"
}
sh "./build-wireguard-modules.sh"
}
}
}
stage('Accel-PPP') {
steps {
dir(env.BASE_DIR) {
sh "./build-accel-ppp.sh"
}
}
}
stage('Intel Driver(s)') {
steps {
dir(env.BASE_DIR) {
sh "./build-intel-drivers.sh"
}
}
}
stage('Intel QuickAssist Technology') {
steps {
dir(env.BASE_DIR) {
sh "./build-intel-qat.sh"
}
}
}
}
}
// This stage should not be run in the parallel section as it will call "make"
// again on the kernel source and this could confuse other build systems
// like generating Intel or Accel-PPP drivers. Better safe then sorry!
stage('Linux Firmware') {
steps {
dir(env.BASE_DIR) {
sh "./build-linux-firmware.sh"
}
}
}
}
post {
cleanup {
deleteDir()
}
success {
script {
dir(env.BASE_DIR) {
// archive *.deb artifact on custom builds, deploy to repo otherwise
if ( isCustomBuild()) {
archiveArtifacts artifacts: '*.deb', fingerprint: true
} else {
// publish build result, using SSH-dev.packages.vyos.net Jenkins Credentials
sshagent(['SSH-dev.packages.vyos.net']) {
// build up some fancy groovy variables so we do not need to write/copy
// every option over and over again!
def RELEASE = getGitBranchName()
if (getGitBranchName() == "master") {
RELEASE = 'current'
}
def VYOS_REPO_PATH = '/home/sentrium/web/dev.packages.vyos.net/public_html/repositories/' + RELEASE + '/'
if (getGitBranchName() == "crux")
VYOS_REPO_PATH += 'vyos/'
def SSH_OPTS = '-o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o LogLevel=ERROR'
def SSH_REMOTE = 'khagen@10.217.48.113'
echo "Uploading package(s) and updating package(s) in the repository ..."
files = findFiles(glob: '*.deb')
files.each { PACKAGE ->
def ARCH = sh(returnStdout: true, script: "dpkg-deb -f ${PACKAGE} Architecture").trim()
def SUBSTRING = sh(returnStdout: true, script: "dpkg-deb -f ${PACKAGE} Package").trim()
def SSH_DIR = '~/VyOS/' + RELEASE + '/' + ARCH
def ARCH_OPT = ''
if (ARCH != 'all')
ARCH_OPT = '-A ' + ARCH
// No need to explicitly check the return code. The pipeline
// will fail if sh returns a non 0 exit code
sh """
ssh ${SSH_OPTS} ${SSH_REMOTE} -t "bash --login -c 'mkdir -p ${SSH_DIR}'"
scp ${SSH_OPTS} ${PACKAGE} ${SSH_REMOTE}:${SSH_DIR}/
ssh ${SSH_OPTS} ${SSH_REMOTE} -t "uncron-add 'reprepro -v -b ${VYOS_REPO_PATH} ${ARCH_OPT} remove ${RELEASE} ${SUBSTRING}'"
ssh ${SSH_OPTS} ${SSH_REMOTE} -t "uncron-add 'reprepro -v -b ${VYOS_REPO_PATH} deleteunreferenced'"
ssh ${SSH_OPTS} ${SSH_REMOTE} -t "uncron-add 'reprepro -v -b ${VYOS_REPO_PATH} ${ARCH_OPT} includedeb ${RELEASE} ${SSH_DIR}/${PACKAGE}'"
"""
}
}
}
}
}
}
}
}

36
packages/linux-kernel/README.md Normal file
View File

@ -0,0 +1,36 @@
# About
VyOS runs on a custom Linux Kernel (which is 4.19) at the time of this writing.
This repository holds a Jenkins Pipeline which is used to build the Custom
Kernel (x86_64/amd64 at the moment) and all required out-of tree modules.
VyOS does not utilize the build in Intel Kernel drivers for its NICs as those
Kernels sometimes lack features e.g. configurable receive-side-scaling queues.
On the other hand we ship additional not mainlined features as WireGuard VPN.
## Kernel
The Kernel is build from the vanilla repositories hosted at https://git.kernel.org.
VyOS requires two additional patches to work which are stored in the patches/kernel
folder.
### Config
The Kernel configuration used is [x86_64_vyos_defconfig](x86_64_vyos_defconfig)
which will be copied on demand during the Pipeline run into the `arch/x86/configs`i
direcotry of the Kernel source tree.
Other configurations can be added in the future easily.
### Modules
VyOS utilizes several Out-of-Tree modules (e.g. WireGuard, Accel-PPP and Intel
network interface card drivers). Module source code is retrieved from the
upstream repository and - when needed - patched so it can be build using this
pipeline.
In the past VyOS maintainers had a fork of the Linux Kernel, WireGuard and
Accel-PPP. This is fine but increases maintenance effort. By utilizing vanilla
repositories upgrading to new versions is very easy - only the branch/commit/tag
used when cloning the repository via [Jenkinsfile](Jenkinsfile) needs to be
adjusted.

33
packages/linux-kernel/build-accel-ppp.sh Executable file
View File

@ -0,0 +1,33 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_VAR_FILE=${CWD}/kernel-vars
ACCEL_SRC=${CWD}/accel-ppp
if [ ! -d ${ACCEL_SRC} ]; then
echo "Accel-PPP source not found"
exit 1
fi
if [ ! -f ${KERNEL_VAR_FILE} ]; then
echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
exit 1
fi
. ${KERNEL_VAR_FILE}
mkdir -p ${ACCEL_SRC}/build
cd ${ACCEL_SRC}/build
echo "I: Build Accel-PPP Debian package"
cmake -DBUILD_IPOE_DRIVER=TRUE \
-DBUILD_VLAN_MON_DRIVER=TRUE \
-DCMAKE_INSTALL_PREFIX=/usr \
-DKDIR=${KERNEL_DIR} \
-DLUA=TRUE \
-DLUA=5.3 \
-DMODULES_KDIR=${KERNEL_VERSION}${KERNEL_SUFFIX} \
-DCPACK_TYPE=Debian10 ..
make
cpack -G DEB
# rename resulting Debian package according git description
mv accel-ppp*.deb ${CWD}/accel-ppp_$(git describe --always --tags)_$(dpkg --print-architecture).deb

94
packages/linux-kernel/build-intel-drivers.sh Executable file
View File

@ -0,0 +1,94 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_VAR_FILE=${CWD}/kernel-vars
if [ ! -f ${KERNEL_VAR_FILE} ]; then
echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
exit 1
fi
. ${KERNEL_VAR_FILE}
declare -a intel=(
"http://dev.packages.vyos.net/source-mirror/ixgbe-5.7.1.tar.gz"
"http://dev.packages.vyos.net/source-mirror/igb-5.3.5.61.tar.gz"
"http://dev.packages.vyos.net/source-mirror/i40e-2.11.29.tar.gz"
"http://dev.packages.vyos.net/source-mirror/ixgbevf-4.7.1.tar.gz"
"http://dev.packages.vyos.net/source-mirror/i40evf-3.6.15.tar.gz"
"http://dev.packages.vyos.net/source-mirror/iavf-3.9.5.tar.gz"
)
for url in "${intel[@]}"
do
cd ${CWD}
DRIVER_FILE="$(basename ${url})"
DRIVER_DIR="${DRIVER_FILE%.tar.gz}"
DRIVER_NAME="${DRIVER_DIR%-*}"
DRIVER_VERSION="${DRIVER_DIR##*-}"
DRIVER_VERSION_EXTRA="-0"
# Build up Debian related variables required for packaging
DEBIAN_ARCH=$(dpkg --print-architecture)
DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}${DRIVER_VERSION_EXTRA}_${DEBIAN_ARCH}"
DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control"
# Fetch Intel driver source from SourceForge
if [ -e ${DRIVER_FILE} ]; then
rm -f ${DRIVER_FILE}
fi
curl -L -o ${DRIVER_FILE} ${url}
if [ "$?" -ne "0" ]; then
exit 1
fi
# Unpack archive
if [ -d ${DRIVER_DIR} ]; then
rm -rf ${DRIVER_DIR}
fi
tar xf ${DRIVER_FILE}
cd ${DRIVER_DIR}/src
if [ -z $KERNEL_DIR ]; then
echo "KERNEL_DIR not defined"
exit 1
fi
echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver"
KSRC=${KERNEL_DIR} \
INSTALL_MOD_PATH=${DEBIAN_DIR} \
make -j $(getconf _NPROCESSORS_ONLN) install
mkdir -p $(dirname "${DEBIAN_CONTROL}")
cat << EOF >${DEBIAN_CONTROL}
Package: vyos-intel-${DRIVER_NAME}
Version: ${DRIVER_VERSION}-${DRIVER_VERSION_EXTRA}
Section: kernel
Priority: extra
Architecture: ${DEBIAN_ARCH}
Maintainer: VyOS Package Maintainers <maintainers@vyos.net>
Description: Vendor based driver for Intel ${DRIVER_NAME}
Depends: linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX}
EOF
# delete non required files which are also present in the kernel package
# und thus lead to duplicated files
find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f
# build Debian package
echo "I: Building Debian package vyos-intel-${DRIVER_NAME}"
fakeroot dpkg-deb --build ${DEBIAN_DIR}
echo "I: Cleanup ${DRIVER_NAME} source"
cd ${CWD}
if [ -e ${DRIVER_FILE} ]; then
rm -f ${DRIVER_FILE}
fi
if [ -d ${DRIVER_DIR} ]; then
rm -rf ${DRIVER_DIR}
fi
if [ -d ${DEBIAN_DIR} ]; then
rm -rf ${DEBIAN_DIR}
fi
done

99
packages/linux-kernel/build-intel-qat.sh Executable file
View File

@ -0,0 +1,99 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_VAR_FILE=${CWD}/kernel-vars
if [ ! -f ${KERNEL_VAR_FILE} ]; then
echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
exit 1
fi
. ${KERNEL_VAR_FILE}
declare -a intel=(
"https://01.org/sites/default/files/downloads/qat1.7.l.4.9.0-00008.tar_0.gz"
)
for url in "${intel[@]}"
do
cd ${CWD}
DRIVER_FILE=$(basename ${url} | sed -e s/tar_0/tar/)
DRIVER_DIR="${DRIVER_FILE%.tar.gz}"
DRIVER_NAME="qat"
DRIVER_VERSION=$(echo ${DRIVER_DIR} | awk -F${DRIVER_NAME} '{print $2}')
DRIVER_VERSION_EXTRA="-0"
# Build up Debian related variables required for packaging
DEBIAN_ARCH=$(dpkg --print-architecture)
DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}${DRIVER_VERSION_EXTRA}_${DEBIAN_ARCH}"
DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control"
# Fetch Intel driver source from SourceForge
if [ -e ${DRIVER_FILE} ]; then
rm -f ${DRIVER_FILE}
fi
curl -L -o ${DRIVER_FILE} ${url}
if [ "$?" -ne "0" ]; then
exit 1
fi
# Unpack archive
if [ -d ${DRIVER_DIR} ]; then
rm -rf ${DRIVER_DIR}
fi
mkdir -p ${DRIVER_DIR}
tar -C ${DRIVER_DIR} -xf ${DRIVER_FILE}
cd ${DRIVER_DIR}
if [ -z $KERNEL_DIR ]; then
echo "KERNEL_DIR not defined"
exit 1
fi
echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver"
mkdir -p ${DEBIAN_DIR}/lib/firmware ${DEBIAN_DIR}/usr/local/bin ${DEBIAN_DIR}/usr/lib/x86_64-linux-gnu ${DEBIAN_DIR}/etc/init.d
KERNEL_SOURCE_ROOT=${KERNEL_DIR} ./configure --enable-kapi
make -j $(getconf _NPROCESSORS_ONLN) all
make INSTALL_MOD_PATH=${DEBIAN_DIR} INSTALL_FW_PATH=${DEBIAN_DIR} \
qat-driver-install
cp build/*.bin ${DEBIAN_DIR}/lib/firmware
cp build/*.so ${DEBIAN_DIR}/usr/lib/x86_64-linux-gnu
cp build/qat_service ${DEBIAN_DIR}/etc/init.d
cp build/adf_ctl ${DEBIAN_DIR}/usr/local/bin
cp build/usdm_drv.ko ${DEBIAN_DIR}/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/updates/drivers
chmod 644 ${DEBIAN_DIR}/lib/firmware/*
chmod 755 ${DEBIAN_DIR}/etc/init.d/* ${DEBIAN_DIR}/usr/local/bin/*
mkdir -p $(dirname "${DEBIAN_CONTROL}")
cat << EOF >${DEBIAN_CONTROL}
Package: vyos-intel-${DRIVER_NAME}
Version: ${DRIVER_VERSION}${DRIVER_VERSION_EXTRA}
Section: kernel
Priority: extra
Architecture: ${DEBIAN_ARCH}
Maintainer: VyOS Package Maintainers <maintainers@vyos.net>
Description: Vendor based driver for Intel ${DRIVER_NAME}
Depends: linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX}
EOF
# delete non required files which are also present in the kernel package
# und thus lead to duplicated files
find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f
# build Debian package
echo "I: Building Debian package vyos-intel-${DRIVER_NAME}"
fakeroot dpkg-deb --build ${DEBIAN_DIR}
echo "I: Cleanup ${DRIVER_NAME} source"
cd ${CWD}
if [ -e ${DRIVER_FILE} ]; then
rm -f ${DRIVER_FILE}
fi
if [ -d ${DRIVER_DIR} ]; then
rm -rf ${DRIVER_DIR}
fi
if [ -d ${DEBIAN_DIR} ]; then
rm -rf ${DEBIAN_DIR}
fi
done

42
packages/linux-kernel/build-kernel.sh Executable file
View File

@ -0,0 +1,42 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_SRC=linux
if [ ! -d ${KERNEL_SRC} ]; then
echo "Linux Kernel source directory does not exists, please 'git clone'"
exit 1
fi
echo "I: Copy Kernel config (x86_64_vyos_defconfig) to Kernel Source"
cp x86_64_vyos_defconfig ${KERNEL_SRC}/arch/x86/configs
cd ${KERNEL_SRC}
KERNEL_VERSION=$(make kernelversion)
KERNEL_SUFFIX=-$(dpkg --print-architecture)-vyos
# VyOS requires some small Kernel Patches - apply them here
# It's easier to habe them here and make use of the upstream
# repository instead of maintaining a full Kernel Fork.
# Saving time/resources is essential :-)
PATCH_DIR=${CWD}/patches/kernel
for patch in $(ls ${PATCH_DIR})
do
echo "I: Apply Kernel patch: ${PATCH_DIR}/${patch}"
patch -p1 < ${PATCH_DIR}/${patch}
done
echo "I: make x86_64_vyos_defconfig"
# Select Kernel configuration - currently there is only one
make x86_64_vyos_defconfig
echo "I: Generate environment file containing Kernel variable"
cat << EOF >${CWD}/kernel-vars
#!/bin/sh
export KERNEL_VERSION=${KERNEL_VERSION}
export KERNEL_SUFFIX=${KERNEL_SUFFIX}
export KERNEL_DIR=${CWD}/${KERNEL_SRC}
EOF
echo "I: Build Debian Kernel package"
make bindeb-pkg BUILD_TOOLS=1 LOCALVERSION=${KERNEL_SUFFIX} KDEB_PKGVERSION=${KERNEL_VERSION}-1 -j $(getconf _NPROCESSORS_ONLN)

95
packages/linux-kernel/build-linux-firmware.sh Executable file
View File

@ -0,0 +1,95 @@
#!/bin/bash
# This script will use "list-required-firmware" to scan the kernel source repository
# in combination with its configuration file which drivers are compiled. Some of those
# drivers require proprietary firmware.
#
# All selected drivers are then precomfiled "make drivers/foo/bar.i" and we grep for
# the magic word "UNIQUE_ID_firmware" which identifies firmware files.
CWD=$(pwd)
LINUX_SRC="linux"
LINUX_FIRMWARE="linux-firmware"
KERNEL_VAR_FILE=${CWD}/kernel-vars
# Some firmware files might not be easy to extract (e.g. Intel iwlwifi drivers)
# thus we simply ammend them "manually"
ADD_FW_FILES="iwlwifi*"
if [ ! -d ${LINUX_SRC} ]; then
echo "Kernel source missing"
exit 1
fi
if [ ! -d ${LINUX_FIRMWARE} ]; then
echo "Linux firmware repository missing"
exit 1
fi
. ${KERNEL_VAR_FILE}
result=()
# Retrieve firmware blobs from source files
for FILE in $(${CWD}/list-required-firmware.py -k ${LINUX_SRC} -c ${CWD}/x86_64_vyos_defconfig -s drivers/net -s drivers/usb); do
cd ${CWD}/${LINUX_SRC}
echo "I: determine required firmware blobs for: ${FILE}"
make LOCALVERSION=${KERNEL_SUFFIX} ${FILE/.c/.i} > /dev/null 2>&1
if [ "$?" == "0" ]; then
result+=( $(grep UNIQUE_ID_firmware ${FILE/.c/.i} | cut -d" " -f12- | xargs printf "%s" | sed -e "s/;/ /g") )
fi
done
# Debian package will use the descriptive Git commit as version
GIT_COMMIT=$(cd ${CWD}/${LINUX_FIRMWARE}; git describe --always)
VYOS_FIRMWARE_NAME="vyos-linux-firmware"
VYOS_FIRMWARE_DIR="${CWD}/${VYOS_FIRMWARE_NAME}_${GIT_COMMIT}-0_all"
if [ -d ${VYOS_FIRMWARE_DIR} ]; then
# remove Debian package folder and deb file from previous runs
rm -rf ${VYOS_FIRMWARE_DIR}*
fi
mkdir -p ${VYOS_FIRMWARE_DIR}
# Copy firmware file from linux firmware repository into
# assembly folder for the vyos-firmware package
SED_REPLACE="s@${CWD}/${LINUX_FIRMWARE}/@@"
for FW in ${result[@]}; do
FW_FILE=$(basename $FW)
res=()
for tmp in $(find ${CWD}/linux-firmware -type f -name ${FW_FILE} | sed -e ${SED_REPLACE} )
do
res+=( "$tmp" )
done
for FILE in ${res[@]}; do
FW_DIR="${VYOS_FIRMWARE_DIR}/lib/firmware/$(dirname ${FILE})"
mkdir -p ${FW_DIR}
echo "I: install firmware: ${FILE}"
cp ${CWD}/linux-firmware/${FILE} ${FW_DIR}
done
done
# Install additional firmware files that could not be autodiscovered
for FW in ${ADD_FW_FILES}
do
FW_DIR="${VYOS_FIRMWARE_DIR}/lib/firmware/$(dirname ${FW})"
mkdir -p ${FW_DIR}
echo "I: install firmware: ${FW}"
cp ${CWD}/linux-firmware/${FW} ${FW_DIR}
done
# Describe Debian package
mkdir ${VYOS_FIRMWARE_DIR}/DEBIAN
cat << EOF >${VYOS_FIRMWARE_DIR}/DEBIAN/control
Package: ${VYOS_FIRMWARE_NAME}
Version: ${GIT_COMMIT}
Section: kernel
Priority: extra
Architecture: all
Maintainer: VyOS Package Maintainers <maintainers@vyos.net>
Description: Firmware blobs for use with the Linux kernel
EOF
# Build Debian package
fakeroot dpkg-deb --build ${VYOS_FIRMWARE_DIR}

30
packages/linux-kernel/build-wireguard-modules.sh Executable file
View File

@ -0,0 +1,30 @@
#!/bin/sh
CWD=$(pwd)
KERNEL_VAR_FILE=${CWD}/kernel-vars
WIREGUARD_SRC=${CWD}/wireguard-linux-compat
if [ ! -d ${WIREGUARD_SRC} ]; then
echo "WireGuard source not found"
exit 1
fi
if [ ! -f ${KERNEL_VAR_FILE} ]; then
echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first"
exit 1
fi
. ${KERNEL_VAR_FILE}
cd ${WIREGUARD_SRC}
# We need some WireGuard patches for building, it's easier to have them here
# and make use of the upstream repository instead of maintaining a full fork,
# saving time/resources is essential :-)
PATCH_DIR=${CWD}/patches/wireguard-linux-compat
for patch in $(ls ${PATCH_DIR})
do
echo "I: Apply WireGuard patch: ${PATCH_DIR}/${patch}"
patch -p1 < ${PATCH_DIR}/${patch}
done
echo "I: Build Debian WireGuard package"
KERNELDIR=$KERNEL_DIR dpkg-buildpackage -b -us -uc -tc

96
packages/linux-kernel/list-required-firmware.py Executable file
View File

@ -0,0 +1,96 @@
#!/usr/bin/env python3
# Copyright (C) 2020 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
# published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
import argparse
import re
import os
import sys
import glob
def load_config(path):
with open(path, 'r') as f:
config = f.read()
targets = re.findall(r'(.*)=(?:y|m)', config)
return targets
def find_subdirs(config, path):
try:
with open(os.path.join(path, 'Makefile'), 'r') as f:
makefile = f.read()
except OSError:
# No Makefile
return []
dir_stmts = re.findall(r'obj-\$\((.*)\)\s+\+=\s+(.*)(?:\n|$)', makefile)
subdirs = []
for ds in dir_stmts:
if args.debug:
print("Processing make targets from {0} ({1})".format(ds[1], ds[0]), file=sys.stderr)
if ds[0] in config:
dirname = os.path.dirname(ds[1])
if dirname:
subdirs.append(dirname)
elif args.debug:
print("{0} is disabled in the config, ignoring {1}".format(ds[0], ds[1]), file=sys.stderr)
return subdirs
def find_firmware(file):
with open(file, 'r') as f:
source = f.read()
fws = re.findall(r'MODULE_FIRMWARE\((.*)\)', source)
return fws
def walk_dir(config, path):
subdirs = find_subdirs(config, path)
if args.debug:
print("Looking for C files in {0}".format(path), file=sys.stderr)
c_files = glob.glob("{0}/*.c".format(path))
for cf in c_files:
fws = find_firmware(cf)
if fws:
print(cf)
if args.debug:
print("Referenced firmware: {0}".format(fws))
for d in subdirs:
d = os.path.join(path, d)
walk_dir(config, d)
if __name__ == '__main__':
parser = argparse.ArgumentParser()
parser.add_argument("-s", "--source-dir", action="append", help="Kernel source directory")
parser.add_argument("-k", "--kernel-dir", action="store", help="Kernel source directory")
parser.add_argument("-c", "--kernel-config", action="store", help="Kernel configuration")
parser.add_argument("-d", "--debug", action="store_true", help="Enable Debug output")
args = parser.parse_args()
if args.source_dir and args.kernel_dir and args.kernel_config:
config = load_config(args.kernel_config)
cwd = os.getcwd()
os.chdir(f'{cwd}/{args.kernel_dir}')
for directory in args.source_dir:
walk_dir(config, directory)
else:
parser.print_help()
sys.exit(1)

165
packages/linux-kernel/patches/kernel/0001-VyOS-Add-linkstate-IP-device-attribute.patch Normal file
View File

@ -0,0 +1,165 @@
From 81d38c4a32e059ad7835f7dc254e7627642afbe9 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen@networkplumber.org>
Date: Mon, 29 Apr 2013 18:50:15 -0700
Subject: [PATCH] VyOS: Add linkstate IP device attribute
Backport of earlier Vyatta patch.
(cherry picked from commit 7c5a851086686be14ae937c80d6cee34814dbefc)
---
Documentation/networking/ip-sysctl.txt | 13 +++++++++++++
include/linux/inetdevice.h | 1 +
include/linux/ipv6.h | 1 +
include/uapi/linux/ip.h | 1 +
include/uapi/linux/ipv6.h | 1 +
net/ipv4/devinet.c | 2 ++
net/ipv6/addrconf.c | 9 +++++++++
net/ipv6/route.c | 12 ++++++++++++
8 files changed, 40 insertions(+)
diff --git a/Documentation/networking/ip-sysctl.txt b/Documentation/networking/ip-sysctl.txt
index 7eb9366422f5..b99d54a313a0 100644
--- a/Documentation/networking/ip-sysctl.txt
+++ b/Documentation/networking/ip-sysctl.txt
@@ -1177,6 +1177,19 @@ rp_filter - INTEGER
Default value is 0. Note that some distributions enable it
in startup scripts.
+link_filter - INTEGER
+ 0 - Allow packets to be received for the address on this interface
+ even if interface is disabled or no carrier.
+
+ 1 - Ignore packets received if interface associated with the incoming
+ address is down.
+
+ 2 - Ignore packets received if interface associated with the incoming
+ address is down or has no carrier.
+
+ Default value is 0. Note that some distributions enable it
+ in startup scripts.
+
arp_filter - BOOLEAN
1 - Allows you to have multiple network interfaces on the same
subnet, and have the ARPs for each interface be answered
diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h
index a64f21a97369..4014dd852bae 100644
--- a/include/linux/inetdevice.h
+++ b/include/linux/inetdevice.h
@@ -133,6 +133,7 @@ static inline void ipv4_devconf_setall(struct in_device *in_dev)
#define IN_DEV_ARP_ANNOUNCE(in_dev) IN_DEV_MAXCONF((in_dev), ARP_ANNOUNCE)
#define IN_DEV_ARP_IGNORE(in_dev) IN_DEV_MAXCONF((in_dev), ARP_IGNORE)
#define IN_DEV_ARP_NOTIFY(in_dev) IN_DEV_MAXCONF((in_dev), ARP_NOTIFY)
+#define IN_DEV_LINKFILTER(in_dev) IN_DEV_MAXCONF((in_dev), LINKFILTER)
struct in_ifaddr {
struct hlist_node hash;
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index 8415bf1a9776..80a0ada19c9a 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -76,6 +76,7 @@ struct ipv6_devconf {
__s32 ndisc_tclass;
struct ctl_table_header *sysctl_header;
+ __s32 link_filter; /* VyOS */
};
struct ipv6_params {
diff --git a/include/uapi/linux/ip.h b/include/uapi/linux/ip.h
index e42d13b55cf3..baf8e77c201b 100644
--- a/include/uapi/linux/ip.h
+++ b/include/uapi/linux/ip.h
@@ -169,6 +169,7 @@ enum
IPV4_DEVCONF_DROP_UNICAST_IN_L2_MULTICAST,
IPV4_DEVCONF_DROP_GRATUITOUS_ARP,
IPV4_DEVCONF_BC_FORWARDING,
+ IPV4_DEVCONF_LINKFILTER, /* VyOS only */
__IPV4_DEVCONF_MAX
};
diff --git a/include/uapi/linux/ipv6.h b/include/uapi/linux/ipv6.h
index 9c0f4a92bcff..619edd130cfd 100644
--- a/include/uapi/linux/ipv6.h
+++ b/include/uapi/linux/ipv6.h
@@ -187,6 +187,7 @@ enum {
DEVCONF_DISABLE_POLICY,
DEVCONF_ACCEPT_RA_RT_INFO_MIN_PLEN,
DEVCONF_NDISC_TCLASS,
+ DEVCONF_LINK_FILTER,
DEVCONF_MAX
};
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index a08d682ba676..17949eb57a5b 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -2318,6 +2318,8 @@ static struct devinet_sysctl_table {
"route_localnet"),
DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST,
"drop_unicast_in_l2_multicast"),
+ /* VyOS */
+ DEVINET_SYSCTL_RW_ENTRY(LINKFILTER, "link_filter"),
},
};
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 627cd24b7c0d..8c49eac27fd0 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -5240,6 +5240,7 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf,
array[DEVCONF_ADDR_GEN_MODE] = cnf->addr_gen_mode;
array[DEVCONF_DISABLE_POLICY] = cnf->disable_policy;
array[DEVCONF_NDISC_TCLASS] = cnf->ndisc_tclass;
+ array[DEVCONF_LINK_FILTER] = cnf->link_filter;
}
static inline size_t inet6_ifla6_size(void)
@@ -6561,6 +6562,14 @@ static const struct ctl_table addrconf_sysctl[] = {
.mode = 0644,
.proc_handler = addrconf_sysctl_disable_policy,
},
+ /* VyOS */
+ {
+ .procname = "link_filter",
+ .data = &ipv6_devconf.link_filter,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = proc_dointvec
+ },
{
.procname = "ndisc_tclass",
.data = &ipv6_devconf.ndisc_tclass,
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index dad35cd48807..1a2439c6a257 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -595,6 +595,15 @@ static inline int rt6_check_dev(struct fib6_info *rt, int oif)
return 0;
}
+static inline int rt6_link_filter(struct fib6_info *rt)
+{
+ const struct net_device *dev = rt->fib6_nh.nh_dev;
+ int linkf = __in6_dev_get(dev)->cnf.link_filter;
+
+ return (linkf && !netif_running(dev))
+ || (linkf > 1 && !netif_carrier_ok(dev));
+}
+
static inline enum rt6_nud_state rt6_check_neigh(struct fib6_info *rt)
{
enum rt6_nud_state ret = RT6_NUD_FAIL_HARD;
@@ -634,6 +643,9 @@ static int rt6_score_route(struct fib6_info *rt, int oif, int strict)
m = rt6_check_dev(rt, oif);
if (!m && (strict & RT6_LOOKUP_F_IFACE))
return RT6_NUD_FAIL_HARD;
+ if (rt6_link_filter(rt))
+ return -1;
+
#ifdef CONFIG_IPV6_ROUTER_PREF
m |= IPV6_DECODE_PREF(IPV6_EXTRACT_PREF(rt->fib6_flags)) << 2;
#endif
--
2.20.1

299
packages/linux-kernel/patches/kernel/0002-VyOS-add-inotify-support-for-stackable-filesystems-o.patch Normal file
View File

@ -0,0 +1,299 @@
From 1d625d2f745b61a718ce52cd1729f467c17defa6 Mon Sep 17 00:00:00 2001
From: Alex Harpin <development@landsofshadow.co.uk>
Date: Wed, 31 Dec 2014 10:33:38 +0000
Subject: [PATCH] VyOS: add inotify support for stackable filesystems
(overlayfs)
As it stands at the moment, overlayfs doesn't have full support for
inotify, and as such anything that relies on inotify currently has
issues. The simplest method of demonstrating this is to tail a file
(so tail -f /var/log/messages) and see that it doesn't follow changes
in that file. This has been reported in a number of places, including
Bug #882147 in Ubuntu. This patch is based on the version proposed by
Li Jianguo in response to this bug, adding support for inotify in
stackable filesystems.
This commit provides a complete fix for the workaround implemented
for bug #303, and will allow that commit to be reverted.
Bug #425 http://bugzilla.vyos.net/show_bug.cgi?id=425
(cherry picked from commit a93f1128bc83b5a6628da242e71c18ef05e81ea2)
---
fs/notify/inotify/Kconfig | 9 +++
fs/notify/inotify/inotify_user.c | 112 ++++++++++++++++++++++++++++++-
fs/overlayfs/super.c | 24 ++++++-
include/linux/inotify.h | 28 ++++++++
4 files changed, 170 insertions(+), 3 deletions(-)
diff --git a/fs/notify/inotify/Kconfig b/fs/notify/inotify/Kconfig
index b981fc0c8379..b0b208bd584b 100644
--- a/fs/notify/inotify/Kconfig
+++ b/fs/notify/inotify/Kconfig
@@ -15,3 +15,12 @@ config INOTIFY_USER
For more information, see <file:Documentation/filesystems/inotify.txt>
If unsure, say Y.
+
+config INOTIFY_STACKFS
+ bool "Inotify support for stackable filesystem"
+ select INOTIFY_USER
+ default y
+ ---help---
+ Say Y here to enable inotify support for stackable filesystem.
+
+ If unsure, say N.
diff --git a/fs/notify/inotify/inotify_user.c b/fs/notify/inotify/inotify_user.c
index 97a51690338e..0595de27e1b5 100644
--- a/fs/notify/inotify/inotify_user.c
+++ b/fs/notify/inotify/inotify_user.c
@@ -24,6 +24,7 @@
#include <linux/file.h>
#include <linux/fs.h> /* struct inode */
+#include <linux/mount.h>
#include <linux/fsnotify_backend.h>
#include <linux/idr.h>
#include <linux/init.h> /* fs_initcall */
@@ -85,6 +86,94 @@ struct ctl_table inotify_table[] = {
};
#endif /* CONFIG_SYSCTL */
+#ifdef CONFIG_INOTIFY_STACKFS
+
+static DEFINE_RWLOCK(inotify_fs_lock);
+static LIST_HEAD(inotify_fs_list);
+
+static inline struct file_system_type* peek_fs_type(struct path *path)
+{
+ return path->mnt->mnt_sb->s_type;
+}
+
+static struct inotify_stackfs* inotify_get_stackfs(struct path *path)
+{
+ struct file_system_type *fs;
+ struct inotify_stackfs *fse, *ret = NULL;
+
+ fs = peek_fs_type(path);
+
+ read_lock(&inotify_fs_lock);
+ list_for_each_entry(fse, &inotify_fs_list, list) {
+ if (fse->fs_type == fs) {
+ ret = fse;
+ break;
+ }
+ }
+ read_unlock(&inotify_fs_lock);
+
+ return ret;
+}
+
+static inline void inotify_put_stackfs(struct inotify_stackfs *fs)
+{
+}
+
+int inotify_register_stackfs(struct inotify_stackfs *fs)
+{
+ int ret = 0;
+ struct inotify_stackfs *fse;
+
+ BUG_ON(IS_ERR_OR_NULL(fs->fs_type));
+ BUG_ON(IS_ERR_OR_NULL(fs->func));
+
+ INIT_LIST_HEAD(&fs->list);
+
+ write_lock(&inotify_fs_lock);
+ list_for_each_entry(fse, &inotify_fs_list, list) {
+ if (fse->fs_type == fs->fs_type) {
+ write_unlock(&inotify_fs_lock);
+ ret = -EBUSY;
+ goto out;
+ }
+ }
+ list_add_tail(&fs->list, &inotify_fs_list);
+ write_unlock(&inotify_fs_lock);
+
+out:
+ return ret;
+}
+EXPORT_SYMBOL_GPL(inotify_register_stackfs);
+
+void inotify_unregister_stackfs(struct inotify_stackfs *fs)
+{
+ struct inotify_stackfs *fse, *n;
+
+ write_lock(&inotify_fs_lock);
+ list_for_each_entry_safe(fse, n, &inotify_fs_list, list) {
+ if (fse == fs) {
+ list_del(&fse->list);
+ break;
+ }
+ }
+ write_unlock(&inotify_fs_lock);
+}
+EXPORT_SYMBOL_GPL(inotify_unregister_stackfs);
+
+#else
+
+static inline struct inotify_stackfs* inotify_get_stackfs(struct path *path)
+{
+ return NULL;
+}
+
+static inline void inotify_put_stackfs(struct inotify_stackfs *fs)
+{
+}
+
+#endif /* CONFIG_INOTIFY_STACKFS */
+
+
static inline __u32 inotify_arg_to_mask(u32 arg)
{
__u32 mask;
@@ -342,7 +431,7 @@ static const struct file_operations inotify_fops = {
/*
* find_inode - resolve a user-given path to a specific inode
*/
-static int inotify_find_inode(const char __user *dirname, struct path *path, unsigned flags)
+static inline int __inotify_find_inode(const char __user *dirname, struct path *path, unsigned flags)
{
int error;
@@ -356,6 +445,27 @@ static int inotify_find_inode(const char __user *dirname, struct path *path, uns
return error;
}
+static int inotify_find_inode(const char __user *dirname, struct path *path, unsigned flags)
+{
+ int ret;
+ struct path tpath;
+ struct inotify_stackfs *fse;
+
+ ret = __inotify_find_inode(dirname, &tpath, flags);
+ if (ret)
+ return ret;
+ fse = inotify_get_stackfs(&tpath);
+ if (fse == NULL) {
+ *path = tpath;
+ return 0;
+ }
+ ret = fse->func(path, &tpath);
+ inotify_put_stackfs(fse);
+ path_put(&tpath);
+
+ return ret;
+}
+
static int inotify_add_to_idr(struct idr *idr, spinlock_t *idr_lock,
struct inotify_inode_mark *i_mark)
{
diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c
index 127df4a85c8a..d6d41a328f9d 100644
--- a/fs/overlayfs/super.c
+++ b/fs/overlayfs/super.c
@@ -18,6 +18,7 @@
#include <linux/seq_file.h>
#include <linux/posix_acl_xattr.h>
#include <linux/exportfs.h>
+#include <linux/inotify.h>
#include "overlayfs.h"
MODULE_AUTHOR("Miklos Szeredi <miklos@szeredi.hu>");
@@ -1703,6 +1704,18 @@ static void ovl_inode_init_once(void *foo)
inode_init_once(&oi->vfs_inode);
}
+static int ovl_inotify_path(struct path *dst, struct path *src)
+{
+ ovl_path_real(src->dentry, dst);
+ path_get(dst);
+ return 0;
+}
+
+static struct inotify_stackfs ovl_inotify = {
+ .fs_type = &ovl_fs_type,
+ .func = ovl_inotify_path,
+};
+
static int __init ovl_init(void)
{
int err;
@@ -1717,13 +1730,21 @@ static int __init ovl_init(void)
err = register_filesystem(&ovl_fs_type);
if (err)
- kmem_cache_destroy(ovl_inode_cachep);
+ goto err;
+ err = inotify_register_stackfs(&ovl_inotify);
+ if (err)
+ goto err;
+ return err;
+err:
+ kmem_cache_destroy(ovl_inode_cachep);
+ unregister_filesystem(&ovl_fs_type);
return err;
}
static void __exit ovl_exit(void)
{
+ inotify_unregister_stackfs(&ovl_inotify);
unregister_filesystem(&ovl_fs_type);
/*
@@ -1732,7 +1753,6 @@ static void __exit ovl_exit(void)
*/
rcu_barrier();
kmem_cache_destroy(ovl_inode_cachep);
-
}
module_init(ovl_init);
diff --git a/include/linux/inotify.h b/include/linux/inotify.h
index 6a24905f6e1e..248b1441ba83 100644
--- a/include/linux/inotify.h
+++ b/include/linux/inotify.h
@@ -9,6 +9,8 @@
#include <linux/sysctl.h>
#include <uapi/linux/inotify.h>
+#include <linux/list.h>
+#include <linux/fs.h>
extern struct ctl_table inotify_table[]; /* for sysctl */
@@ -20,4 +22,30 @@ extern struct ctl_table inotify_table[]; /* for sysctl */
IN_DONT_FOLLOW | IN_EXCL_UNLINK | IN_MASK_ADD | \
IN_MASK_CREATE | IN_ISDIR | IN_ONESHOT)
+typedef int (*inotify_path_proc)(struct path *dst, struct path *src);
+
+struct inotify_stackfs {
+ struct list_head list; /* entry in inotify_fs_list */
+ struct file_system_type *fs_type; /* registed file_system_type */
+ inotify_path_proc func; /* registed callback function */
+};
+
+#ifdef CONFIG_INOTIFY_STACKFS
+
+extern int inotify_register_stackfs(struct inotify_stackfs *fs);
+extern void inotify_unregister_stackfs(struct inotify_stackfs *fs);
+
+#else
+
+static inline int inotify_register_stackfs(struct inotify_stackfs *fs)
+{
+ return 0;
+}
+
+static inline void inotify_unregister_stackfs(struct inotify_stackfs *fs)
+{
+}
+
+#endif /* CONFIG_INOTIFY_STACKFS */
+
#endif /* _LINUX_INOTIFY_H */
--
2.20.1

93
packages/linux-kernel/patches/kernel/0003-RFC-builddeb-add-linux-tools-package-with-perf.patch Normal file
View File

@ -0,0 +1,93 @@
From: Riku Voipio <riku.voipio@linaro.org>
Perf is shipped in debian in linux-tools-$version package. Extend
the existing to builddeb script to build perf if BUILD_TOOLS=y
is added the make deb-pkg line
Some features of this patch I'm uncomfortable with:
1. Relative paths are resoved to absolute ones
Especially with separate O= buildd, perf build from tools/perf dir
fail.
2. Unsetting LDFLAGS
make -> shell (builddeb) -> make expands variables. The LDFLAGS as
set by toplevel makefile are for kernel, so we just unset the flag
here.
3. Replaces ubuntu/debian packages instead attempting to fit to
the linux-base/linux-tools-common frameworks. I think people who
want to run "make deb-pkg" for their kernels would rather keep this
simple.
4. More tools than just perf could be built - unfortunately most
tools fail to have a working "install" target and/or else have
build process inconsistent with other tools. A topic for another
patch series.
Signed-off-by: Riku Voipio <riku.voipio@linaro.org>
---
scripts/package/builddeb | 31 ++++++++++++++++++++++++++++++-
1 file changed, 30 insertions(+), 1 deletion(-)
diff --git a/scripts/package/builddeb b/scripts/package/builddeb
index 0b31f4f1f92c..629144b4226b 100755
--- a/scripts/package/builddeb
+++ b/scripts/package/builddeb
@@ -39,10 +39,12 @@ tmpdir="$objtree/debian/tmp"
kernel_headers_dir="$objtree/debian/hdrtmp"
libc_headers_dir="$objtree/debian/headertmp"
dbg_dir="$objtree/debian/dbgtmp"
+tools_dir="$objtree/debian/toolstmp"
packagename=linux-image-$version
kernel_headers_packagename=linux-headers-$version
libc_headers_packagename=linux-libc-dev
dbg_packagename=$packagename-dbg
+tools_packagename=linux-tools-$version
if [ "$ARCH" = "um" ] ; then
packagename=user-mode-linux-$version
@@ -65,7 +67,7 @@ esac
BUILD_DEBUG="$(grep -s '^CONFIG_DEBUG_INFO=y' $KCONFIG_CONFIG || true)"
# Setup the directory structure
-rm -rf "$tmpdir" "$kernel_headers_dir" "$libc_headers_dir" "$dbg_dir" $objtree/debian/files
+rm -rf "$tmpdir" "$kernel_headers_dir" "$libc_headers_dir" "$dbg_dir" "$tools_dir" $objtree/debian/files
mkdir -m 755 -p "$tmpdir/DEBIAN"
mkdir -p "$tmpdir/lib" "$tmpdir/boot"
mkdir -p "$kernel_headers_dir/lib/modules/$version/"
@@ -194,4 +196,31 @@ if [ -n "$BUILD_DEBUG" ] ; then
create_package "$dbg_packagename" "$dbg_dir"
fi
+if [ -n "$BUILD_TOOLS" ]
+then
+ # HACK - change output dir from relative to absolute
+ mkdir -p $tools_dir
+ tools_dest=`readlink -f $tools_dir`
+ if [ -n "$O" ]
+ then
+ output=`readlink -f $objtree`
+ mkdir -p $output/tools/perf
+ output="O=$output/tools/perf"
+ fi
+ $MAKE -C $srctree/tools/perf $output LDFLAGS= srctree=$KBUILD_SRC prefix=$tools_dest/usr install
+ cat <<EOF >> debian/control
+
+Package: $tools_packagename
+Architecture: any
+Replaces: linux-base, linux-tools-common
+Depends: \${shlibs:Depends}
+Description: Performance analysis tools for Linux $version
+ This package contains the 'perf' performance analysis tools for Linux
+ kernel version $version .
+EOF
+
+ dpkg-shlibdeps $tools_dest/usr/bin/* $tools_dest/usr/lib*/traceevent/plugins/*
+ create_package "$tools_packagename" "$tools_dir"
+fi
+
exit 0
--
2.20.1

70
packages/linux-kernel/patches/wireguard-linux-compat/0001-Debian-build-WireGuard-module-package-instead-of-DKM.patch Normal file
View File

@ -0,0 +1,70 @@
VyOS requires a pre build binary of the WireGuard package over a DKMS
build. Change the build rules to produce the binary over the source
package for DKMS.
---
debian/control | 8 ++------
debian/rules | 9 ++++-----
2 files changed, 6 insertions(+), 11 deletions(-)
diff --git a/debian/control b/debian/control
index 7b2af41..ae02be3 100644
--- a/debian/control
+++ b/debian/control
@@ -6,14 +6,13 @@ Uploaders:
Unit 193 <unit193@debian.org>,
Build-Depends:
debhelper-compat (= 12),
- dkms,
Standards-Version: 4.5.0
Homepage: https://www.wireguard.com
Vcs-Git: https://salsa.debian.org/debian/wireguard-linux-compat.git -b debian/buster-backports
Vcs-Browser: https://salsa.debian.org/debian/wireguard-linux-compat
Rules-Requires-Root: no
-Package: wireguard-dkms
+Package: wireguard-modules
Architecture: all
Section: kernel
Depends:
@@ -23,7 +22,7 @@ Depends:
Recommends:
wireguard (>= 0.0.20191219),
wireguard-tools (>= 0.0.20191219),
-Description: fast, modern, secure kernel VPN tunnel (DKMS version)
+Description: fast, modern, secure kernel VPN tunnel (Kernel Module)
WireGuard is a novel VPN that runs inside the Linux Kernel and uses
state-of-the-art cryptography (the "Noise" protocol). It aims to be
faster, simpler, leaner, and more useful than IPSec, while avoiding
@@ -31,6 +30,3 @@ Description: fast, modern, secure kernel VPN tunnel (DKMS version)
than OpenVPN. WireGuard is designed as a general purpose VPN for
running on embedded interfaces and super computers alike, fit for
many different circumstances. It runs over UDP.
- .
- This package uses DKMS to automatically build the wireguard kernel
- module.
diff --git a/debian/rules b/debian/rules
index 4fbedc6..15ede39 100755
--- a/debian/rules
+++ b/debian/rules
@@ -6,12 +6,11 @@ export DEB_BUILD_MAINT_OPTIONS = hardening=+all
export DEB_VERSION_UPSTREAM
WIREGUARD_ARGS = V=1
+KERNEL_VERSION := $(shell cat "${KERNELDIR}"/include/config/kernel.release)
%:
- dh $@ --with dkms
+ dh $@
override_dh_auto_install-indep:
- $(MAKE) -C src DESTDIR=../debian/wireguard-dkms DKMSDIR=/usr/src/wireguard-$(DEB_VERSION_UPSTREAM) dkms-install
-
-override_dh_dkms:
- dh_dkms -p wireguard-dkms -- src/dkms.conf
+ $(MAKE) -C src module
+ echo "src/wireguard.ko /lib/modules/$(KERNEL_VERSION)/extra" > debian/wireguard-modules.install
\ No newline at end of file
--
2.20.1

5248
packages/linux-kernel/x86_64_vyos_defconfig Normal file
View File

File diff suppressed because it is too large Load Diff