Build stable kernel package #59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build stable kernel package | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| release: | |
| type: choice | |
| description: Release type | |
| options: | |
| - none | |
| - pre-release | |
| - release | |
| env: | |
| HOME: /home/runner | |
| KERNEL_STABLE_VER: 6.8.1 | |
| PKGVER: 1 | |
| jobs: | |
| build: | |
| runs-on: self-hosted | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download linux kernel ${{ env.KERNEL_STABLE_VER }} source | |
| run: | | |
| wget https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-${{ env.KERNEL_STABLE_VER }}.tar.xz \ | |
| && tar xf linux-${{ env.KERNEL_STABLE_VER }}.tar.xz | |
| - name: Setup dependencies | |
| run: | | |
| sudo apt-get update \ | |
| && sudo apt-get install -y build-essential \ | |
| bc kmod cpio flex libncurses-dev \ | |
| libelf-dev libssl-dev dwarves bison \ | |
| gawk openssl libssl-dev dkms libudev-dev \ | |
| libpci-dev libiberty-dev autoconf \ | |
| debhelper lz4 | |
| - name: Apply patch | |
| working-directory: linux-${{ env.KERNEL_STABLE_VER }} | |
| run: | | |
| git config user.name "GitHub Actions" | |
| git config user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git clone https://github.com/graysky2/kernel_compiler_patch.git ../kernel_compiler_patch \ | |
| && patch -Np1 -i ../kernel_compiler_patch/more-uarches-for-kernel-6.8-rc4+.patch | |
| git clone --depth 1 https://gitlab.com/xanmod/linux-patches.git ../xanmod-patches \ | |
| && for i in ../xanmod-patches/linux-6.8.y-xanmod/net/netfilter/*FLOWOFFLOAD*.patch \ | |
| ../xanmod-patches/linux-6.8.y-xanmod/net/tcp/bbr3/*.patch \ | |
| ../xanmod-patches/linux-6.8.y-xanmod/net/tcp/cloudflare/*.patch; do | |
| patch -Np1 -i ${i} | |
| done | |
| git clone https://github.com/clearlinux-pkgs/linux.git ../clear-patches \ | |
| && for i in $(grep '^Patch' ../clear-patches/linux.spec |\ | |
| grep -Ev '^Patch0132|^Patch0118|^Patch0113|^Patch0138|^Patch0139|^Patch0107|^Patch0109|^Patch0136|^Patch0147' | sed -n 's/.*: //p'); do | |
| patch -Np1 -i "../clear-patches/${i}" | |
| done | |
| curl -sSL https://gist.githubusercontent.com/love4taylor/111d56cd2b1dc149cba6d80f617f47b1/raw/1ea1a5df138c881d5b29ea1a02bb3e88f1ff9b4b/0001-net-tcp_brutal-make-it-as-a-built-in-kernel-module.patch | patch -Np1 | |
| patch -Np1 -i ../0001-netfilter-nat-add-brcm-fullcone-support-from-ASUS.patch | |
| - name: Copy .config and setup some config | |
| working-directory: linux-${{ env.KERNEL_STABLE_VER }} | |
| run: | | |
| cp ../config .config | |
| scripts/config --set-str LOCALVERSION "-egoist" \ | |
| --set-str DEFAULT_HOSTNAME "inori" | |
| # /proc/config.gz | |
| scripts/config -e IKCONFIG \ | |
| -e IKCONFIG_PROC | |
| # x86-64-v2 | |
| scripts/config -d GENERIC_CPU \ | |
| -e GENERIC_CPU2 | |
| # xt_FLOWOFFLOAD | |
| scripts/config -e NETFILTER_XT_TARGET_FLOWOFFLOAD | |
| # BBR3 | |
| scripts/config -m TCP_CONG_CUBIC \ | |
| -d DEFAULT_CUBIC \ | |
| -e TCP_CONG_BBR \ | |
| -e DEFAULT_BBR \ | |
| --set-str DEFAULT_TCP_CONG bbr | |
| # BBR3 doesn't work properly with FQ_CODEL | |
| scripts/config -m NET_SCH_FQ_CODEL \ | |
| -e NET_SCH_FQ \ | |
| -d DEFAULT_FQ_CODEL \ | |
| -e DEFAULT_FQ \ | |
| --set-str DEFAULT_NET_SCH fq | |
| # TCP Brutal | |
| scripts/config -m TCP_CONG_BRUTAL | |
| # zswap | |
| scripts/config -e ZSWAP_DEFAULT_ON \ | |
| -d ZSWAP_COMPRESSOR_DEFAULT_LZO \ | |
| -e ZSWAP_COMPRESSOR_DEFAULT_ZSTD | |
| # NTFS3 | |
| scripts/config -m NTFS3_FS \ | |
| -e NTFS3_LZX_XPRESS \ | |
| -e NTFS3_FS_POSIX_ACL | |
| # SMB | |
| scripts/config -m SMB_SERVER \ | |
| -e SMB_SERVER_SMBDIRECT \ | |
| -e SMB_SERVER_CHECK_CAP_NET_ADMIN \ | |
| -e SMB_SERVER_KERBEROS5 | |
| # Security | |
| scripts/config -e SECURITY_SELINUX \ | |
| -e SECURITY_SELINUX_BOOTPARAM \ | |
| -e SECURITY_SMACK \ | |
| -e SECURITY_SMACK_BRINGUP \ | |
| -e SECURITY_SMACK_NETFILTER \ | |
| -e SECURITY_SMACK_APPEND_SIGNALS \ | |
| -e SECURITY_TOMOYO \ | |
| -e SECURITY_APPARMOR \ | |
| -e SECURITY_YAMA | |
| - name: Build | |
| working-directory: linux-${{ env.KERNEL_STABLE_VER }} | |
| env: | |
| DEBEMAIL: "love4taylor <[email protected]>" | |
| KDEB_COMPRESS: "xz" | |
| run: | | |
| make \ | |
| olddefconfig | |
| make \ | |
| KDEB_PKGVERSION=$(make kernelversion)-${{ env.PKGVER }} \ | |
| -j`nproc` \ | |
| bindeb-pkg | |
| - name: Upload config | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: config | |
| path: linux-${{ env.KERNEL_STABLE_VER }}/.config | |
| - name: Upload deb | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: deb | |
| path: linux-*.deb | |
| - name: Release | |
| if: ${{ github.event.inputs.release != 'none' }} | |
| uses: ncipollo/release-action@v1 | |
| with: | |
| artifacts: linux-*.deb | |
| prerelease: ${{ github.event.inputs.release == 'pre-release' }} | |
| makeLatest: ${{ github.event.inputs.release == 'release' }} | |
| tag: ${{ env.KERNEL_STABLE_VER }}-${{ env.PKGVER }} | |