d4b7066060
Docker/oci and thus gitlab-runner, default to a root user inside the namespace, even if its an unprivileged one. This can cause issues and let permission bugs sneak in, as we are functionally root when running the build. Switch the build jobs to run with our new "containeruser" so we avoid much of it. Our user is still in the wheel/sudo group but that's fine as long we don't elevate the privileges unintentionally. Noticeably for the time being, we will need to chown the CI_PROJECT_DIR checkout as the gitlab runner might try to reuse pre-existing and cached volumes of the project checkout. Additionally we need to change the ccache path, so we will avoid the existing cache owned by "root". Close https://gitlab.freedesktop.org/gstreamer/gstreamer/-/issues/2433 Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/8763>
101 lines
2.2 KiB
Bash
Executable File
101 lines
2.2 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Based on the build-linux.sh script from the Mutter project:
|
|
# https://gitlab.gnome.org/GNOME/mutter/-/blob/main/src/tests/kvm/build-linux.sh
|
|
#
|
|
# Script for building the Linux kernel from git. It aims to build a kernel image
|
|
# that is suitable for running in a virtual machine and is aimed to used for
|
|
# testing.
|
|
#
|
|
# Usage: build-linux.sh [REPO-URL] [BRANCH|TAG] [OUTPUT-FILE] [...CONFIGS]
|
|
#
|
|
# Where [..CONFIGS] can be any number of configuration options, e.g.
|
|
# --enable CONFIG_DRM_VKMS
|
|
#
|
|
|
|
set -e
|
|
|
|
# From scripts/subarch.include in linux
|
|
function get-subarch()
|
|
{
|
|
uname -m | sed -e s/i.86/x86/ \
|
|
-e s/x86_64/x86/ \
|
|
-e s/sun4u/sparc64/ \
|
|
-e s/arm.*/arm/ -e s/sa110/arm/ \
|
|
-e s/s390x/s390/ -e s/parisc64/parisc/ \
|
|
-e s/ppc.*/powerpc/ -e s/mips.*/mips/ \
|
|
-e s/sh[234].*/sh/ -e s/aarch64.*/arm64/ \
|
|
-e s/riscv.*/riscv/
|
|
}
|
|
|
|
REPO="$1"
|
|
BRANCH_OR_TAG="$2"
|
|
IMAGE="$3"
|
|
|
|
ARCH=$(uname -m)
|
|
SUBARCH=$(get-subarch)
|
|
|
|
shift
|
|
shift
|
|
shift
|
|
|
|
# ./scripts/config --enable CONFIG_VIDEO_VISL
|
|
CONFIGS=()
|
|
while [[ "x$1" != "x" ]]; do
|
|
CONFIGS+=( "$1" )
|
|
shift
|
|
done
|
|
|
|
echo Building Linux for $ARCH \($SUBARCH\)...
|
|
|
|
set -x
|
|
|
|
if [ -d linux ]; then
|
|
pushd linux
|
|
git fetch --depth=1 $REPO $BRANCH_OR_TAG
|
|
git checkout FETCH_HEAD
|
|
else
|
|
sudo mkdir ./linux
|
|
sudo chown containeruser:containeruser ./linux
|
|
git clone --depth=1 --branch=$BRANCH_OR_TAG $REPO linux
|
|
pushd linux
|
|
fi
|
|
|
|
# Apply visl patches until they are upstreamed
|
|
for patch in ../ci/docker/fedora/patches/*.patch; do
|
|
patch -p1 < "${patch}"
|
|
done
|
|
|
|
make defconfig
|
|
sync
|
|
make kvm_guest.config
|
|
|
|
echo "Disabling unused features..."
|
|
./scripts/config \
|
|
--disable USB \
|
|
--disable SOUND \
|
|
--disable SND \
|
|
--disable NETDEVICES \
|
|
--disable DRM \
|
|
--disable INPUT \
|
|
--disable I2C \
|
|
--disable HID \
|
|
--disable CRYPTO \
|
|
--disable IPV6
|
|
|
|
echo Enabling ${CONFIGS[@]}...
|
|
./scripts/config ${CONFIGS[@]/#/--enable }
|
|
|
|
make olddefconfig
|
|
make -j8 WERROR=0
|
|
|
|
popd
|
|
|
|
TARGET_DIR="$(dirname "$IMAGE")"
|
|
sudo mkdir -p "$TARGET_DIR"
|
|
sudo chown containeruser:containeruser --recursive "$TARGET_DIR"
|
|
|
|
mv linux/arch/$SUBARCH/boot/bzImage "$IMAGE"
|
|
mv linux/.config $TARGET_DIR/.config
|
|
sudo rm -rf linux
|