Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore: enable Fedora 41 builds #240

Merged
merged 17 commits into from
Oct 9, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions .github/workflows/build-41.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
name: ublue akmods 41
on:
pull_request:
merge_group:
schedule:
- cron: '10 2 * * *' # 2am-ish UTC everyday (timed against official fedora container pushes, and after 'config')
workflow_dispatch:

jobs:
build:
name: build
uses: ./.github/workflows/reusable-build.yml
secrets: inherit
with:
fedora_version: 41
12 changes: 12 additions & 0 deletions .github/workflows/reusable-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,18 @@ jobs:
- nvidia-open
- zfs
exclude:
- fedora_version: 41
kernel_flavor: asus
- fedora_version: 41
kernel_flavor: coreos-stable
- fedora_version: 41
kernel_flavor: coreos-testing
- fedora_version: 41
kernel_flavor: fsync
- fedora_version: 41
kernel_flavor: fsync-ba
- fedora_version: 41
kernel_flavor: surface
- fedora_version: 39
kernel_flavor: fsync
- fedora_version: 39
Expand Down
20 changes: 14 additions & 6 deletions build-kmod-evdi.sh
Original file line number Diff line number Diff line change
@@ -1,21 +1,29 @@
#!/bin/sh

set -oeux pipefail
#!/bin/bash

set -eoux pipefail

ARCH="$(rpm -E '%_arch')"
KERNEL="$(rpm -q "${KERNEL_NAME}" --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')"
RELEASE="$(rpm -E '%fedora')"

cp /tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/negativo17-fedora-multimedia.repo /etc/yum.repos.d/

if [[ "${FEDORA_MAJOR_VERSION}" -ge 41 ]]; then
if dnf search displaylink | grep -qv "displaylink"; then
echo "Skipping build of evdi; displaylink net yet provided by negativo17"
exit 0
fi
fi

set -e pipefail

### BUILD evdi (succeed or fail-fast with debug output)
export CFLAGS="-fno-pie -no-pie"
dnf install -y \
akmod-evdi-*.fc${RELEASE}.${ARCH}
kmod-evdi*.fc"${RELEASE}.${ARCH}" akmod-evdi-*.fc"${RELEASE}.${ARCH}"
akmods --force --kernels "${KERNEL}" --kmod evdi
modinfo /usr/lib/modules/${KERNEL}/extra/evdi/evdi.ko.xz > /dev/null \
|| (find /var/cache/akmods/evdi/ -name \*.log -print -exec cat {} \; && exit 1)
modinfo /usr/lib/modules/"${KERNEL}"/extra/evdi/evdi.ko.xz >/dev/null ||
(find /var/cache/akmods/evdi/ -name \*.log -print -exec cat {} \; && exit 1)

rm -f /etc/yum.repos.d/negativo17-fedora-multimedia.repo
unset CFLAGS
7 changes: 6 additions & 1 deletion build-kmod-vhba.sh
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,12 @@ if [[ "$RELEASE" -lt 39 ]]; then
exit 0
fi

if [[ "${RELEASE}" -ge 41 ]]; then
if [[ "${FEDORA_MAJOR_VERSION}" -ge 41 ]]; then
echo "Skipping build of vhba; net yet provided by COPR"
exit 0
fi

if [[ "${RELEASE}" -ge 42 ]]; then
COPR_RELEASE="rawhide"
else
COPR_RELEASE="${RELEASE}"
Expand Down
11 changes: 10 additions & 1 deletion build-kmod-xpadneo.sh
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
#!/bin/sh

set -oeux pipefail
set -oux pipefail


ARCH="$(rpm -E '%_arch')"
Expand All @@ -9,6 +9,15 @@ RELEASE="$(rpm -E '%fedora')"

cp /tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/negativo17-fedora-multimedia.repo /etc/yum.repos.d/

if [[ "${FEDORA_MAJOR_VERSION}" -ge 41 ]]; then
if dnf search akmod-xpadneo|grep -qv "akmod-xpadneo"; then
echo "Skipping build of xpadneo; net yet provided by negativo17"
exit 0
fi
fi

set -e pipefail

### BUILD xpadneo (succeed or fail-fast with debug output)
dnf install -y \
akmod-xpadneo-*.fc${RELEASE}.${ARCH}
Expand Down
5 changes: 5 additions & 0 deletions build-kmod-zenergy.sh
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,11 @@ ARCH="$(rpm -E '%_arch')"
KERNEL="$(rpm -q "${KERNEL_NAME}" --queryformat '%{VERSION}-%{RELEASE}.%{ARCH}')"
RELEASE="$(rpm -E '%fedora')"

if [[ "${FEDORA_MAJOR_VERSION}" -ge 41 ]]; then
echo "Skipping build of zenergy; net yet building..."
exit 0
fi

cp /tmp/ublue-os-akmods-addons/rpmbuild/SOURCES/_copr_ublue-os-akmods.repo /etc/yum.repos.d/

dnf install -y \
Expand Down
32 changes: 16 additions & 16 deletions dual-sign-zfs.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,31 +8,31 @@ SIGNING_KEY_2="/tmp/certs/signing_key_2.pem"
PUBLIC_CHAIN="/tmp/certs/public_key_chain.pem"

if [[ "${DUAL_SIGN}" == "true" ]]; then
ln -s / /tmp/buildroot
dnf install -y /var/cache/rpms/kmods/zfs/*.rpm pv
modinfo /usr/lib/modules/"${KERNEL}"/extra/zfs/spl.ko
for module in /usr/lib/modules/"${KERNEL}"/extra/zfs/*.ko*;
do
for module in /usr/lib/modules/"${KERNEL}"/extra/zfs/*.ko*; do
module_basename=${module:0:-3}
module_suffix=${module: -3}
if [[ "$module_suffix" == ".xz" ]]; then
xz --decompress "$module"
openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module_basename" -outform DER -out "${module_basename}.cms" -nocerts -noattr -nosmimecap
/usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module_basename}.cms" sha256 "${PUBLIC_CHAIN}" "${module_basename}"
/tmp/dual-sign-check.sh "${KERNEL}" "${module_basename}" "${PUBLIC_CHAIN}"
xz -f "${module_basename}"
xz --decompress "$module"
openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module_basename" -outform DER -out "${module_basename}.cms" -nocerts -noattr -nosmimecap
/usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module_basename}.cms" sha256 "${PUBLIC_CHAIN}" "${module_basename}"
/tmp/dual-sign-check.sh "${KERNEL}" "${module_basename}" "${PUBLIC_CHAIN}"
xz -f "${module_basename}"
elif [[ "$module_suffix" == ".gz" ]]; then
gzip -d "$module"
openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module_basename" -outform DER -out "${module_basename}.cms" -nocerts -noattr -nosmimecap
/usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module_basename}.cms" sha256 "${PUBLIC_CHAIN}" "${module_basename}"
/tmp/dual-sign-check.sh "${KERNEL}" "${module_basename}" "${PUBLIC_CHAIN}"
gzip -9f "${module_basename}"
gzip -d "$module"
openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module_basename" -outform DER -out "${module_basename}.cms" -nocerts -noattr -nosmimecap
/usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module_basename}.cms" sha256 "${PUBLIC_CHAIN}" "${module_basename}"
/tmp/dual-sign-check.sh "${KERNEL}" "${module_basename}" "${PUBLIC_CHAIN}"
gzip -9f "${module_basename}"
else
openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module" -outform DER -out "${module}.cms" -nocerts -noattr -nosmimecap
/usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module}.cms" sha256 "${PUBLIC_CHAIN}" "${module}"
/tmp/dual-sign-check.sh "${KERNEL}" "${module}" "${PUBLIC_CHAIN}"
openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module" -outform DER -out "${module}.cms" -nocerts -noattr -nosmimecap
/usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module}.cms" sha256 "${PUBLIC_CHAIN}" "${module}"
/tmp/dual-sign-check.sh "${KERNEL}" "${module}" "${PUBLIC_CHAIN}"
fi
done
rpmrebuild --batch /var/cache/rpms/kmods/zfs/kmod-zfs-*.rpm
rpmrebuild --additional=--buildroot=/tmp/buildroot --batch /var/cache/rpms/kmods/zfs/kmod-zfs-*.rpm
rm -rf /usr/lib/modules/"${KERNEL}"/extra
dnf reinstall -y /root/rpmbuild/RPMS/"$(uname -m)"/kmod-*-"${KERNEL}"-*.rpm
for module in /usr/lib/modules/"${KERNEL}"/extra/*/*.ko*; do
Expand Down
40 changes: 21 additions & 19 deletions dual-sign.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,36 +8,38 @@ SIGNING_KEY_2="/tmp/certs/signing_key_2.pem"
PUBLIC_CHAIN="/tmp/certs/public_key_chain.pem"

if [[ "${DUAL_SIGN}" == "true" ]]; then
for module in /usr/lib/modules/"${KERNEL}"/extra/*/*.ko*;
do
for module in /usr/lib/modules/"${KERNEL}"/extra/*/*.ko*; do
module_basename=${module:0:-3}
module_suffix=${module: -3}
if [[ "$module_suffix" == ".xz" ]]; then
xz --decompress "$module"
openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module_basename" -outform DER -out "${module_basename}.cms" -nocerts -noattr -nosmimecap
/usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module_basename}.cms" sha256 "${PUBLIC_CHAIN}" "${module_basename}"
/tmp/dual-sign-check.sh "${KERNEL}" "${module_basename}" "${PUBLIC_CHAIN}"
xz -f "${module_basename}"
xz --decompress "$module"
openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module_basename" -outform DER -out "${module_basename}.cms" -nocerts -noattr -nosmimecap
/usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module_basename}.cms" sha256 "${PUBLIC_CHAIN}" "${module_basename}"
/tmp/dual-sign-check.sh "${KERNEL}" "${module_basename}" "${PUBLIC_CHAIN}"
xz -f "${module_basename}"
elif [[ "$module_suffix" == ".gz" ]]; then
gzip -d "$module"
openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module_basename" -outform DER -out "${module_basename}.cms" -nocerts -noattr -nosmimecap
/usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module_basename}.cms" sha256 "${PUBLIC_CHAIN}" "${module_basename}"
/tmp/dual-sign-check.sh "${KERNEL}" "${module_basename}" "${PUBLIC_CHAIN}"
gzip -9f "${module_basename}"
gzip -d "$module"
openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module_basename" -outform DER -out "${module_basename}.cms" -nocerts -noattr -nosmimecap
/usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module_basename}.cms" sha256 "${PUBLIC_CHAIN}" "${module_basename}"
/tmp/dual-sign-check.sh "${KERNEL}" "${module_basename}" "${PUBLIC_CHAIN}"
gzip -9f "${module_basename}"
else
openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module" -outform DER -out "${module}.cms" -nocerts -noattr -nosmimecap
/usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module}.cms" sha256 "${PUBLIC_CHAIN}" "${module}"
/tmp/dual-sign-check.sh "${KERNEL}" "${module}" "${PUBLIC_CHAIN}"
openssl cms -sign -signer "${SIGNING_KEY_1}" -signer "${SIGNING_KEY_2}" -binary -in "$module" -outform DER -out "${module}.cms" -nocerts -noattr -nosmimecap
/usr/src/kernels/"${KERNEL}"/scripts/sign-file -s "${module}.cms" sha256 "${PUBLIC_CHAIN}" "${module}"
/tmp/dual-sign-check.sh "${KERNEL}" "${module}" "${PUBLIC_CHAIN}"
fi
done
find /var/cache/akmods -type f -name \kmod-*.rpm
for RPM in $(find /var/cache/akmods/ -type f -name \kmod-*.rpm); do \
rpmrebuild --batch "$RPM"
find /var/cache/akmods -type f -name "\kmod-*.rpm"
for RPM in $(find /var/cache/akmods/ -type f -name \kmod-*.rpm); do
mkdir -p /tmp/buildroot
cp -r /{usr,lib} /tmp/buildroot
rpmrebuild --additional=--buildroot=/tmp/buildroot --batch "$RPM"
rm -rf /tmp/buildroot
done
rm -rf /usr/lib/modules/"${KERNEL}"/extra
dnf reinstall -y /root/rpmbuild/RPMS/"$(uname -m)"/kmod-*-"${KERNEL}"-*.rpm
for module in /usr/lib/modules/"${KERNEL}"/extra/*/*.ko*; do
if ! modinfo "${module}" > /dev/null; then
if ! modinfo "${module}" >/dev/null; then
exit 1
fi
done
Expand Down