From fdf8ea8f8ecc3866d4d49cf357dc71e293cd532e Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Wed, 6 Jan 2016 12:42:33 -0800 Subject: [PATCH 1/4] coreos-kernel: fix check for unclean source tree and check earlier This check was broken in when the source symlinks were moved from `${S}` to `${S}/source`. Also, since it is a environment sanity check running the check as early as possible in `pkg_pretend` is appropriate. --- .../coreos-overlay/eclass/coreos-kernel.eclass | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass b/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass index 35742e1040..c7d00403de 100644 --- a/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass +++ b/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass @@ -175,6 +175,15 @@ prepare-lib-modules-release-dirs() { "${D}/usr/lib/modules/${version}" || die } +coreos-kernel_pkg_pretend() { + [[ "${MERGE_TYPE}" == binary ]] && return + + if [[ -f "${KERNEL_DIR}/.config" || -d "${KERNEL_DIR}/include/config" ]] + then + die "Source is not clean! Run make mrproper in ${KERNEL_DIR}" + fi +} + coreos-kernel_src_unpack() { # we more or less reproduce the layout in /lib/modules/$(uname -r)/ mkdir -p "${S}/build" || die @@ -183,11 +192,6 @@ coreos-kernel_src_unpack() { } coreos-kernel_src_prepare() { - if [[ -f ".config" || -d "include/config" ]] - then - die "Source is not clean! Run make mrproper in ${KERNEL_DIR}" - fi - restore_config build/.config if [[ ! -f build/.config ]]; then local config="$(find_defconfig)" @@ -275,4 +279,4 @@ coreos-kernel_pkg_setup() { fi } -EXPORT_FUNCTIONS src_unpack src_prepare src_configure src_compile src_install pkg_setup +EXPORT_FUNCTIONS pkg_pretend pkg_setup src_unpack src_prepare src_configure src_compile src_install From 009659e01de114de455435b70620c65d4890818a Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Wed, 6 Jan 2016 13:30:36 -0800 Subject: [PATCH 2/4] coreos-kernel: move pkg_setup to follow execution order --- .../eclass/coreos-kernel.eclass | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass b/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass index c7d00403de..55454d570a 100644 --- a/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass +++ b/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass @@ -184,6 +184,19 @@ coreos-kernel_pkg_pretend() { fi } +# We are bad, we want to get around the sandbox. So do the creation of the +# cpio image in pkg_setup() where we are free to mount filesystems, chroot, +# and other fun stuff. +coreos-kernel_pkg_setup() { + [[ "${MERGE_TYPE}" == binary ]] && return + + if [[ "${ROOT:-/}" != / ]]; then + ${ROOT}/usr/sbin/update-bootengine -m -c ${ROOT} || die + else + update-bootengine || die + fi +} + coreos-kernel_src_unpack() { # we more or less reproduce the layout in /lib/modules/$(uname -r)/ mkdir -p "${S}/build" || die @@ -266,17 +279,4 @@ coreos-kernel_src_install() { shred_keys } -# We are bad, we want to get around the sandbox. So do the creation of the -# cpio image in pkg_setup() where we are free to mount filesystems, chroot, -# and other fun stuff. -coreos-kernel_pkg_setup() { - [[ "${MERGE_TYPE}" == binary ]] && return - - if [[ "${ROOT:-/}" != / ]]; then - ${ROOT}/usr/sbin/update-bootengine -m -c ${ROOT} || die - else - update-bootengine || die - fi -} - EXPORT_FUNCTIONS pkg_pretend pkg_setup src_unpack src_prepare src_configure src_compile src_install From 13899916c5d8fab881ace542db398499ec38c3c1 Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Wed, 6 Jan 2016 16:21:53 -0800 Subject: [PATCH 3/4] coreos-kernel: restore call to linux-info's get_version Since moving call to dracut into the coreos-kernel package in pkg_setup step the pkg_setup function provided by linux-info hasn't been called, breaking tc-arch-kernel which depends on the detected kernel version to know if it should return "x86" or "x86_64". Instead of calling `linux-info_pkg_setup` we now call `get_version` directly which only looks up the version in the source, the old behavior allowed for falling back to `get_running_version` which is not useful. --- .../coreos-overlay/eclass/coreos-kernel.eclass | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass b/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass index 55454d570a..e191033573 100644 --- a/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass +++ b/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass @@ -133,15 +133,11 @@ shred_keys() { # Populate /lib/modules/$(uname -r)/{build,source} prepare-lib-modules-release-dirs() { + local kernel_arch=$(tc-arch-kernel) + # build and source must cleaned up to avoid referencing $ROOT rm "${D}/usr/lib/modules/${version}"/{build,source} || die - # XXX: For some reason tc-arch-kernel is returning x86_64 on > 2.6.24 - local kernel_arch=$(tc-arch-kernel) - if [ "${kernel_arch}" == "x86_64" ]; then - kernel_arch="x86" - fi - # Install a stripped source for out-of-tree module builds (Debian-derived) { echo source/Makefile @@ -198,6 +194,9 @@ coreos-kernel_pkg_setup() { } coreos-kernel_src_unpack() { + # tc-arch-kernel requires a call to get_version from linux-info.eclass + get_version || die "Failed to detect kernel version in ${KERNEL_DIR}" + # we more or less reproduce the layout in /lib/modules/$(uname -r)/ mkdir -p "${S}/build" || die mkdir -p "${S}/source" || die From 67a462e423ae591e1b1700e8cbf1fa16317d6404 Mon Sep 17 00:00:00 2001 From: Michael Marineau Date: Wed, 6 Jan 2016 17:47:56 -0800 Subject: [PATCH 4/4] coreos-kernel: fix shredding of private module signing key Two errors here: shred_keys was not updated when the keys were moved from the top level directory to the certs directory and shred_keys was getting called after `rm -r certs`, leaving nothing to shred. Now the ebuild will fail if shred fails. --- .../coreos-overlay/eclass/coreos-kernel.eclass | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass b/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass index e191033573..cd526669b7 100644 --- a/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass +++ b/sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass @@ -125,10 +125,7 @@ kmake() { # Discard the module signing key, we use new keys for each build. shred_keys() { - if [[ -e signing_key.priv ]]; then - shred -u signing_key.* || die - rm -f x509.genkey || die - fi + shred -u build/certs/signing_key.pem || die } # Populate /lib/modules/$(uname -r)/{build,source} @@ -273,9 +270,8 @@ coreos-kernel_src_install() { dosym "vmlinuz-${version}" /usr/boot/vmlinuz dosym "config-${version}" /usr/boot/config - prepare-lib-modules-release-dirs - shred_keys + prepare-lib-modules-release-dirs } EXPORT_FUNCTIONS pkg_pretend pkg_setup src_unpack src_prepare src_configure src_compile src_install