lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20240708055046.GB1968570@thelio-3990X>
Date: Sun, 7 Jul 2024 22:50:46 -0700
From: Nathan Chancellor <nathan@...nel.org>
To: Thomas Weißschuh <linux@...ssschuh.net>
Cc: Masahiro Yamada <masahiroy@...nel.org>,
	Nicolas Schier <nicolas@...sle.eu>,
	"Jan Alexander Steffens (heftig)" <heftig@...hlinux.org>,
	linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org
Subject: Re: [PATCH v2] kbuild: add script and target to generate pacman
 package

Hi Thomas,

On Sat, Jul 06, 2024 at 09:33:46AM +0200, Thomas Weißschuh wrote:
> pacman is the package manager used by Arch Linux and its derivates.
> Creating native packages from the kernel tree has multiple advantages:
> 
> * The package triggers the correct hooks for initramfs generation and
>   bootloader configuration
> * Uninstallation is complete and also invokes the relevant hooks
> * New UAPI headers can be installed without any manual bookkeeping
> 
> The PKGBUILD file is a simplified version of the one used for the
> downstream Arch Linux "linux" package.
> Extra steps that should not be necessary for a development kernel have
> been removed and an UAPI header package has been added.
> 
> Signed-off-by: Thomas Weißschuh <linux@...ssschuh.net>

Thanks a lot for addressing my comments. From a PKGBUILD perspective,
this looks good to me (I have a couple more comments below). I am not as
familiar with the Kbuild packaging infrastructure, so Masahiro might
have more comments on that, but it works for me in my basic testing so
consider it:

Reviewed-by: Nathan Chancellor <nathan@...nel.org>
Tested-by: Nathan Chancellor <nathan@...nel.org>

> ---
> Changes in v2:
> - Replace ${MAKE} with $MAKE for consistency with other variables
> - Use $MAKE for "-s image_name"
> - Avoid permission warnings from build directory
> - Clarify reason for /build symlink removal
> - Install System.map and config
> - Install dtbs where available
> - Allow cross-build through arch=any
> - Sort Contributor/Maintainer chronologically
> - Disable some unneeded makepkg options
> - Use DEPMOD=true for consistency with rpm-package
> - Link to v1: https://lore.kernel.org/r/20240704-kbuild-pacman-pkg-v1-1-ac2f63f5fa7b@weissschuh.net
> ---
>  .gitignore               |  6 ++++
>  scripts/Makefile.package | 15 +++++++++
>  scripts/package/PKGBUILD | 83 ++++++++++++++++++++++++++++++++++++++++++++++++
>  3 files changed, 104 insertions(+)
> 
> diff --git a/.gitignore b/.gitignore
> index c59dc60ba62e..7902adf4f7f1 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -92,6 +92,12 @@ modules.order
>  #
>  /tar-install/
>  
> +#
> +# pacman files (make pacman-pkg)
> +#
> +/PKGBUILD
> +/pacman/
> +
>  #
>  # We don't want to ignore the following even if they are dot-files
>  #
> diff --git a/scripts/Makefile.package b/scripts/Makefile.package
> index bf016af8bf8a..8c0c80f8bec0 100644
> --- a/scripts/Makefile.package
> +++ b/scripts/Makefile.package
> @@ -141,6 +141,20 @@ snap-pkg:
>  	cd $(objtree)/snap && \
>  	snapcraft --target-arch=$(UTS_MACHINE)
>  
> +# pacman-pkg
> +# ---------------------------------------------------------------------------
> +
> +PHONY += pacman-pkg
> +pacman-pkg:
> +	@ln -srf $(srctree)/scripts/package/PKGBUILD $(objtree)/PKGBUILD
> +	cd $(objtree) && \
> +		srctree="$(realpath $(srctree))" \
> +		objtree="$(realpath $(objtree))" \
> +		BUILDDIR="$(realpath $(objtree))/pacman" \
> +		KBUILD_MAKEFLAGS="$(MAKEFLAGS)" \
> +		KBUILD_REVISION="$(shell $(srctree)/init/build-version)" \
> +		makepkg
> +
>  # dir-pkg tar*-pkg - tarball targets
>  # ---------------------------------------------------------------------------
>  
> @@ -221,6 +235,7 @@ help:
>  	@echo '  bindeb-pkg          - Build only the binary kernel deb package'
>  	@echo '  snap-pkg            - Build only the binary kernel snap package'
>  	@echo '                        (will connect to external hosts)'
> +	@echo '  pacman-pkg          - Build only the binary kernel pacman package'
>  	@echo '  dir-pkg             - Build the kernel as a plain directory structure'
>  	@echo '  tar-pkg             - Build the kernel as an uncompressed tarball'
>  	@echo '  targz-pkg           - Build the kernel as a gzip compressed tarball'
> diff --git a/scripts/package/PKGBUILD b/scripts/package/PKGBUILD
> new file mode 100644
> index 000000000000..fe899c77a976
> --- /dev/null
> +++ b/scripts/package/PKGBUILD
> @@ -0,0 +1,83 @@
> +# SPDX-License-Identifier: GPL-2.0-only
> +# Maintainer: Thomas Weißschuh <linux@...ssschuh.net>
> +# Contributor: Jan Alexander Steffens (heftig) <heftig@...hlinux.org>
> +
> +pkgbase=linux-upstream
> +pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-api-headers")
> +pkgver="${KERNELRELEASE//-/_}"
> +pkgrel="$KBUILD_REVISION"
> +pkgdesc='Linux'
> +url='https://www.kernel.org/'
> +arch=(any)

I see why you went this way but this feels a little dangerous because
this means the package will be installable on architectures other than
the one that it is built for. I think a better solution for this problem
would be moving arch back to $UTS_MACHINE but setting CARCH to that same
value in scripts/Makefile.package above. This diff works for me,
allowing me to build an aarch64 package on x86_64:

diff --git a/scripts/Makefile.package b/scripts/Makefile.package
index 8c0c80f8bec0..a5b5b899d90c 100644
--- a/scripts/Makefile.package
+++ b/scripts/Makefile.package
@@ -151,6 +151,7 @@ pacman-pkg:
 		srctree="$(realpath $(srctree))" \
 		objtree="$(realpath $(objtree))" \
 		BUILDDIR="$(realpath $(objtree))/pacman" \
+		CARCH="$(UTS_MACHINE)" \
 		KBUILD_MAKEFLAGS="$(MAKEFLAGS)" \
 		KBUILD_REVISION="$(shell $(srctree)/init/build-version)" \
 		makepkg
diff --git a/scripts/package/PKGBUILD b/scripts/package/PKGBUILD
index fe899c77a976..7f1a4588c3d3 100644
--- a/scripts/package/PKGBUILD
+++ b/scripts/package/PKGBUILD
@@ -8,7 +8,7 @@ pkgver="${KERNELRELEASE//-/_}"
 pkgrel="$KBUILD_REVISION"
 pkgdesc='Linux'
 url='https://www.kernel.org/'
-arch=(any)
+arch=($UTS_MACHINE)
 options=(!debug !strip !buildflags !makeflags)
 license=(GPL-2.0-only)
 

> +options=(!debug !strip !buildflags !makeflags)
> +license=(GPL-2.0-only)
> +
> +build() {
> +  export MAKEFLAGS="${KBUILD_MAKEFLAGS}"
> +  cd "$objtree"
> +
> +  # makepkg does a "chmod a-srw", triggering warnings during kbuild
> +  chmod 0755 "$pkgdirbase" || true
> +
> +  $MAKE -f "${srctree}/Makefile"
> +}
> +
> +package_linux-upstream() {
> +  pkgdesc="The $pkgdesc kernel and modules"
> +
> +  export MAKEFLAGS="${KBUILD_MAKEFLAGS}"
> +  cd "$objtree"
> +  local modulesdir="$pkgdir/usr/$MODLIB"
> +
> +  echo "Installing boot image..."
> +  # systemd expects to find the kernel here to allow hibernation
> +  # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
> +  install -Dm644 "$($MAKE -s image_name)" "$modulesdir/vmlinuz"
> +
> +  # Used by mkinitcpio to name the kernel
> +  echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase"
> +
> +  echo "Installing modules..."
> +  $MAKE INSTALL_MOD_PATH="$pkgdir/usr" INSTALL_MOD_STRIP=1 \
> +    DEPMOD=true modules_install
> +
> +  if $MAKE run-command KBUILD_RUN_COMMAND='test -d ${srctree}/arch/${SRCARCH}/boot/dts' 2>/dev/null; then
> +    echo "Installing dtbs..."
> +    $MAKE INSTALL_DTBS_PATH="$modulesdir/dtb" dtbs_install
> +  fi
> +
> +  # remove build link, will be part of -headers package
> +  rm -f "$modulesdir/build"
> +}
> +
> +package_linux-upstream-headers() {
> +  pkgdesc="Headers and scripts for building modules for the $pkgdesc kernel"
> +
> +  export MAKEFLAGS="${KBUILD_MAKEFLAGS}"
> +  cd "$objtree"
> +  local builddir="$pkgdir/usr/$MODLIB/build"
> +
> +  echo "Installing build files..."
> +  "$srctree/scripts/package/install-extmod-build" "$builddir"
> +
> +  echo "Installing System.map and config..."
> +  cp System.map "$builddir/System.map"
> +  cp .config "$builddir/.config"

Remove the dot on the installation location so that it is more visible.

> +  echo "Adding symlink..."
> +  mkdir -p "$pkgdir/usr/src"
> +  ln -sr "$builddir" "$pkgdir/usr/src/$pkgbase"
> +}
> +
> +package_linux-upstream-api-headers() {
> +  pkgdesc="Kernel headers sanitized for use in userspace"
> +  provides=(linux-api-headers)
> +  conflicts=(linux-api-headers)
> +
> +  export MAKEFLAGS="${KBUILD_MAKEFLAGS}"
> +  cd "$objtree"
> +
> +  $MAKE headers_install INSTALL_HDR_PATH="$pkgdir/usr"
> +}
> +
> +# vim:set ts=8 sts=2 sw=2 et:
> 
> ---
> base-commit: 1dd28064d4164a4dc9096fd1a7990d2de15f2bb6
> change-id: 20240625-kbuild-pacman-pkg-b4f87e19d036
> 
> Best regards,
> -- 
> Thomas Weißschuh <linux@...ssschuh.net>
> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ