From c050dfb0ce2a1755270889f88af63531f9c52742 Mon Sep 17 00:00:00 2001 From: Robert Sturla Date: Wed, 9 Oct 2024 19:23:30 +0100 Subject: [PATCH] chore: enable Fedora 41 builds (#240) Signed-off-by: m2Giles <69128853+m2Giles@users.noreply.github.com> Co-authored-by: Jorge O. Castro Co-authored-by: Benjamin Sherman Co-authored-by: m2 <69128853+m2Giles@users.noreply.github.com> --- .github/workflows/build-41.yml | 15 +++++++++++ .github/workflows/reusable-build.yml | 12 +++++++++ build-kmod-evdi.sh | 20 +++++++++----- build-kmod-vhba.sh | 7 ++++- build-kmod-xpadneo.sh | 11 +++++++- build-kmod-zenergy.sh | 5 ++++ dual-sign-zfs.sh | 32 +++++++++++----------- dual-sign.sh | 40 +++++++++++++++------------- 8 files changed, 99 insertions(+), 43 deletions(-) create mode 100644 .github/workflows/build-41.yml diff --git a/.github/workflows/build-41.yml b/.github/workflows/build-41.yml new file mode 100644 index 00000000..35d4b547 --- /dev/null +++ b/.github/workflows/build-41.yml @@ -0,0 +1,15 @@ +name: ublue akmods 41 +on: + pull_request: + merge_group: + schedule: + - cron: '10 2 * * *' # 2am-ish UTC everyday (timed against official fedora container pushes, and after 'config') + workflow_dispatch: + +jobs: + build: + name: build + uses: ./.github/workflows/reusable-build.yml + secrets: inherit + with: + fedora_version: 41 \ No newline at end of file diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index 3d9f84ab..35545508 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -42,6 +42,18 @@ jobs: - nvidia-open - zfs exclude: + - fedora_version: 41 + kernel_flavor: asus + - fedora_version: 41 + kernel_flavor: coreos-stable + - fedora_version: 41 + kernel_flavor: coreos-testing + - fedora_version: 41 + kernel_flavor: fsync + - fedora_version: 41 + kernel_flavor: fsync-ba + - fedora_version: 41 + kernel_flavor: surface - fedora_version: 39 kernel_flavor: fsync - fedora_version: 39 diff --git a/build-kmod-evdi.sh b/build-kmod-evdi.sh index f851be32..b2785f05 100755 --- a/build-kmod-evdi.sh +++ b/build-kmod-evdi.sh @@ -1,7 +1,6 @@ -#!/bin/sh - -set -oeux pipefail +#!/bin/bash +set -eoux pipefail ARCH="$(rpm -E '%_arch')" KERNEL="$(rpm -q "${KERNEL_NAME}" --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')" @@ -9,13 +8,22 @@ RELEASE="$(rpm -E '%fedora')" cp /tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/negativo17-fedora-multimedia.repo /etc/yum.repos.d/ +if [[ "${FEDORA_MAJOR_VERSION}" -ge 41 ]]; then + if dnf search displaylink | grep -qv "displaylink"; then + echo "Skipping build of evdi; displaylink net yet provided by negativo17" + exit 0 + fi +fi + +set -e pipefail + ### BUILD evdi (succeed or fail-fast with debug output) export CFLAGS="-fno-pie -no-pie" dnf install -y \ - akmod-evdi-*.fc${RELEASE}.${ARCH} + kmod-evdi*.fc"${RELEASE}.${ARCH}" akmod-evdi-*.fc"${RELEASE}.${ARCH}" akmods --force --kernels "${KERNEL}" --kmod evdi -modinfo /usr/lib/modules/${KERNEL}/extra/evdi/evdi.ko.xz > /dev/null \ -|| (find /var/cache/akmods/evdi/ -name \*.log -print -exec cat {} \; && exit 1) +modinfo /usr/lib/modules/"${KERNEL}"/extra/evdi/evdi.ko.xz >/dev/null || + (find /var/cache/akmods/evdi/ -name \*.log -print -exec cat {} \; && exit 1) rm -f /etc/yum.repos.d/negativo17-fedora-multimedia.repo unset CFLAGS diff --git a/build-kmod-vhba.sh b/build-kmod-vhba.sh index b2d87a04..7b66ad51 100755 --- a/build-kmod-vhba.sh +++ b/build-kmod-vhba.sh @@ -12,7 +12,12 @@ if [[ "$RELEASE" -lt 39 ]]; then exit 0 fi -if [[ "${RELEASE}" -ge 41 ]]; then +if [[ "${FEDORA_MAJOR_VERSION}" -ge 41 ]]; then + echo "Skipping build of vhba; net yet provided by COPR" + exit 0 +fi + +if [[ "${RELEASE}" -ge 42 ]]; then COPR_RELEASE="rawhide" else COPR_RELEASE="${RELEASE}" diff --git a/build-kmod-xpadneo.sh b/build-kmod-xpadneo.sh index 549e58ea..3ad92275 100755 --- a/build-kmod-xpadneo.sh +++ b/build-kmod-xpadneo.sh @@ -1,6 +1,6 @@ #!/bin/sh -set -oeux pipefail +set -oux pipefail ARCH="$(rpm -E '%_arch')" @@ -9,6 +9,15 @@ RELEASE="$(rpm -E '%fedora')" cp /tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/negativo17-fedora-multimedia.repo /etc/yum.repos.d/ +if [[ "${FEDORA_MAJOR_VERSION}" -ge 41 ]]; then + if dnf search akmod-xpadneo|grep -qv "akmod-xpadneo"; then + echo "Skipping build of xpadneo; net yet provided by negativo17" + exit 0 + fi +fi + +set -e pipefail + ### BUILD xpadneo (succeed or fail-fast with debug output) dnf install -y \ akmod-xpadneo-*.fc${RELEASE}.${ARCH} diff --git a/build-kmod-zenergy.sh b/build-kmod-zenergy.sh index 0dd7d46f..77aaad21 100755 --- a/build-kmod-zenergy.sh +++ b/build-kmod-zenergy.sh @@ -6,6 +6,11 @@ ARCH="$(rpm -E '%_arch')" KERNEL="$(rpm -q "${KERNEL_NAME}" --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')" RELEASE="$(rpm -E '%fedora')" +if [[ "${FEDORA_MAJOR_VERSION}" -ge 41 ]]; then + echo "Skipping build of zenergy; net yet building..." + exit 0 +fi + cp /tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/_copr_ublue-os-akmods.repo /etc/yum.repos.d/ dnf install -y \ diff --git a/dual-sign-zfs.sh b/dual-sign-zfs.sh index 83990905..dd14a52f 100755 --- a/dual-sign-zfs.sh +++ b/dual-sign-zfs.sh @@ -8,31 +8,31 @@ SIGNING_KEY_2="/tmp/certs/signing_key_2.pem" PUBLIC_CHAIN="/tmp/certs/public_key_chain.pem" if [[ "${DUAL_SIGN}" == "true" ]]; then + ln -s / /tmp/buildroot dnf install -y /var/cache/rpms/kmods/zfs/*.rpm pv modinfo /usr/lib/modules/"${KERNEL}"/extra/zfs/spl.ko - for module in /usr/lib/modules/"${KERNEL}"/extra/zfs/*.ko*; - do + for module in /usr/lib/modules/"${KERNEL}"/extra/zfs/*.ko*; do module_basename=${module:0:-3} module_suffix=${module: -3} if [[ "$module_suffix" == ".xz" ]]; then - xz --decompress "$module" - openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module_basename" -outform DER -out "${module_basename}.cms" -nocerts -noattr -nosmimecap - /usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module_basename}.cms" sha256 "${PUBLIC_CHAIN}" "${module_basename}" - /tmp/dual-sign-check.sh "${KERNEL}" "${module_basename}" "${PUBLIC_CHAIN}" - xz -f "${module_basename}" + xz --decompress "$module" + openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module_basename" -outform DER -out "${module_basename}.cms" -nocerts -noattr -nosmimecap + /usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module_basename}.cms" sha256 "${PUBLIC_CHAIN}" "${module_basename}" + /tmp/dual-sign-check.sh "${KERNEL}" "${module_basename}" "${PUBLIC_CHAIN}" + xz -f "${module_basename}" elif [[ "$module_suffix" == ".gz" ]]; then - gzip -d "$module" - openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module_basename" -outform DER -out "${module_basename}.cms" -nocerts -noattr -nosmimecap - /usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module_basename}.cms" sha256 "${PUBLIC_CHAIN}" "${module_basename}" - /tmp/dual-sign-check.sh "${KERNEL}" "${module_basename}" "${PUBLIC_CHAIN}" - gzip -9f "${module_basename}" + gzip -d "$module" + openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module_basename" -outform DER -out "${module_basename}.cms" -nocerts -noattr -nosmimecap + /usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module_basename}.cms" sha256 "${PUBLIC_CHAIN}" "${module_basename}" + /tmp/dual-sign-check.sh "${KERNEL}" "${module_basename}" "${PUBLIC_CHAIN}" + gzip -9f "${module_basename}" else - openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module" -outform DER -out "${module}.cms" -nocerts -noattr -nosmimecap - /usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module}.cms" sha256 "${PUBLIC_CHAIN}" "${module}" - /tmp/dual-sign-check.sh "${KERNEL}" "${module}" "${PUBLIC_CHAIN}" + openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module" -outform DER -out "${module}.cms" -nocerts -noattr -nosmimecap + /usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module}.cms" sha256 "${PUBLIC_CHAIN}" "${module}" + /tmp/dual-sign-check.sh "${KERNEL}" "${module}" "${PUBLIC_CHAIN}" fi done - rpmrebuild --batch /var/cache/rpms/kmods/zfs/kmod-zfs-*.rpm + rpmrebuild --additional=--buildroot=/tmp/buildroot --batch /var/cache/rpms/kmods/zfs/kmod-zfs-*.rpm rm -rf /usr/lib/modules/"${KERNEL}"/extra dnf reinstall -y /root/rpmbuild/RPMS/"$(uname -m)"/kmod-*-"${KERNEL}"-*.rpm for module in /usr/lib/modules/"${KERNEL}"/extra/*/*.ko*; do diff --git a/dual-sign.sh b/dual-sign.sh index 6b978167..b9cb0643 100755 --- a/dual-sign.sh +++ b/dual-sign.sh @@ -8,36 +8,38 @@ SIGNING_KEY_2="/tmp/certs/signing_key_2.pem" PUBLIC_CHAIN="/tmp/certs/public_key_chain.pem" if [[ "${DUAL_SIGN}" == "true" ]]; then - for module in /usr/lib/modules/"${KERNEL}"/extra/*/*.ko*; - do + for module in /usr/lib/modules/"${KERNEL}"/extra/*/*.ko*; do module_basename=${module:0:-3} module_suffix=${module: -3} if [[ "$module_suffix" == ".xz" ]]; then - xz --decompress "$module" - openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module_basename" -outform DER -out "${module_basename}.cms" -nocerts -noattr -nosmimecap - /usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module_basename}.cms" sha256 "${PUBLIC_CHAIN}" "${module_basename}" - /tmp/dual-sign-check.sh "${KERNEL}" "${module_basename}" "${PUBLIC_CHAIN}" - xz -f "${module_basename}" + xz --decompress "$module" + openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module_basename" -outform DER -out "${module_basename}.cms" -nocerts -noattr -nosmimecap + /usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module_basename}.cms" sha256 "${PUBLIC_CHAIN}" "${module_basename}" + /tmp/dual-sign-check.sh "${KERNEL}" "${module_basename}" "${PUBLIC_CHAIN}" + xz -f "${module_basename}" elif [[ "$module_suffix" == ".gz" ]]; then - gzip -d "$module" - openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module_basename" -outform DER -out "${module_basename}.cms" -nocerts -noattr -nosmimecap - /usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module_basename}.cms" sha256 "${PUBLIC_CHAIN}" "${module_basename}" - /tmp/dual-sign-check.sh "${KERNEL}" "${module_basename}" "${PUBLIC_CHAIN}" - gzip -9f "${module_basename}" + gzip -d "$module" + openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module_basename" -outform DER -out "${module_basename}.cms" -nocerts -noattr -nosmimecap + /usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module_basename}.cms" sha256 "${PUBLIC_CHAIN}" "${module_basename}" + /tmp/dual-sign-check.sh "${KERNEL}" "${module_basename}" "${PUBLIC_CHAIN}" + gzip -9f "${module_basename}" else - openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module" -outform DER -out "${module}.cms" -nocerts -noattr -nosmimecap - /usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module}.cms" sha256 "${PUBLIC_CHAIN}" "${module}" - /tmp/dual-sign-check.sh "${KERNEL}" "${module}" "${PUBLIC_CHAIN}" + openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module" -outform DER -out "${module}.cms" -nocerts -noattr -nosmimecap + /usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module}.cms" sha256 "${PUBLIC_CHAIN}" "${module}" + /tmp/dual-sign-check.sh "${KERNEL}" "${module}" "${PUBLIC_CHAIN}" fi done - find /var/cache/akmods -type f -name \kmod-*.rpm - for RPM in $(find /var/cache/akmods/ -type f -name \kmod-*.rpm); do \ - rpmrebuild --batch "$RPM" + find /var/cache/akmods -type f -name "\kmod-*.rpm" + for RPM in $(find /var/cache/akmods/ -type f -name \kmod-*.rpm); do + mkdir -p /tmp/buildroot + cp -r /{usr,lib} /tmp/buildroot + rpmrebuild --additional=--buildroot=/tmp/buildroot --batch "$RPM" + rm -rf /tmp/buildroot done rm -rf /usr/lib/modules/"${KERNEL}"/extra dnf reinstall -y /root/rpmbuild/RPMS/"$(uname -m)"/kmod-*-"${KERNEL}"-*.rpm for module in /usr/lib/modules/"${KERNEL}"/extra/*/*.ko*; do - if ! modinfo "${module}" > /dev/null; then + if ! modinfo "${module}" >/dev/null; then exit 1 fi done