From 3fe9fb0c48a66a77df19642017a0c9d72e5231c8 Mon Sep 17 00:00:00 2001
From: James Le Cuirot <jlecuirot@microsoft.com>
Date: Thu, 9 Oct 2025 17:49:29 +0100
Subject: [PATCH] sys-kernel/coreos-kernel: Version bump to 6.17.1

Signed-off-by: James Le Cuirot <jlecuirot@microsoft.com>
---
 .../coreos-kernel/coreos-kernel-6.17.1.ebuild | 171 ++++++++++++++++++
 1 file changed, 171 insertions(+)
 create mode 100644 sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.17.1.ebuild

diff --git a/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.17.1.ebuild b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.17.1.ebuild
new file mode 100644
index 0000000000..8e50a61a5e
--- /dev/null
+++ b/sdk_container/src/third_party/coreos-overlay/sys-kernel/coreos-kernel/coreos-kernel-6.17.1.ebuild
@@ -0,0 +1,171 @@
+# Copyright 2014-2016 CoreOS, Inc.
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+COREOS_SOURCE_REVISION=""
+inherit coreos-kernel toolchain-funcs
+
+DESCRIPTION="CoreOS Linux kernel"
+KEYWORDS="amd64 arm64"
+RESTRICT="userpriv" # dracut (via bootengine) needs root
+
+RDEPEND="=sys-kernel/coreos-modules-${PVR}"
+BDEPEND="
+	sys-kernel/dracut
+"
+DEPEND="
+	${RDEPEND}
+	${BDEPEND}
+	app-alternatives/awk
+	app-alternatives/gzip
+	app-arch/xz-utils
+	app-arch/zstd
+	app-crypt/clevis
+	app-shells/bash
+	coreos-base/afterburn
+	coreos-base/coreos-init:=
+	sys-apps/azure-vm-utils[dracut]
+	sys-apps/baselayout
+	sys-apps/busybox
+	sys-apps/coreutils
+	sys-apps/findutils
+	sys-apps/grep
+	sys-apps/ignition:=
+	sys-apps/iproute2
+	sys-apps/less
+	sys-apps/nvme-cli
+	sys-apps/sed
+	sys-apps/shadow
+	sys-apps/systemd[cryptsetup]
+	sys-apps/seismograph
+	sys-apps/util-linux[cryptsetup,udev]
+	sys-block/open-iscsi
+	sys-fs/btrfs-progs
+	sys-fs/cryptsetup[udev]
+	sys-fs/e2fsprogs
+	sys-fs/lvm2[udev]
+	sys-fs/mdadm
+	sys-fs/xfsprogs
+	>=sys-kernel/bootengine-0.0.38-r37:=
+	>=sys-kernel/coreos-firmware-20180103-r1:=
+	virtual/udev
+	amd64? ( sys-firmware/intel-microcode:= )
+"
+
+src_prepare() {
+	# Fail early if we didn't detect the build installed by coreos-modules
+	[[ -n "${KV_OUT_DIR}" ]] || die "Failed to detect modules build tree"
+
+	default
+
+	# KV_OUT_DIR points to the minimal build tree installed by coreos-modules
+	# Pull in the config and public module signing key
+	KV_OUT_DIR="${ESYSROOT}/lib/modules/${COREOS_SOURCE_NAME#linux-}/build"
+	cp -v "${KV_OUT_DIR}/.config" build/ || die
+	validate_sig_key
+
+	config_update 'CONFIG_INITRAMFS_SOURCE="bootengine.cpio"'
+
+	# include all intel and amd microcode files, avoiding the signatures
+	local fw_dir="${ESYSROOT}/lib/firmware"
+	use amd64 && config_update "CONFIG_EXTRA_FIRMWARE=\"$(find ${fw_dir} -type f \
+		\( -path ${fw_dir}'/intel-ucode/*' -o -path ${fw_dir}'/amd-ucode/*' \) -printf '%P ')\""
+	use amd64 && config_update "CONFIG_EXTRA_FIRMWARE_DIR=\"${fw_dir}\""
+}
+
+src_compile() {
+	local BE_ARGS=()
+
+	if [[ -n ${SYSROOT} ]]; then
+		BE_ARGS+=( -r "${SYSROOT}" )
+		export DRACUT_ARCH="${CHOST%%-*}"
+
+		# We may need to run ldconfig via QEMU, so use the wrapper. Dracut calls
+		# it with -r, which chroots and confuses the sandbox, so calm it down.
+		export DRACUT_LDCONFIG="${CHOST}-ldconfig"
+		local f; for f in /etc/ld.so.cache{,~} /var/cache/ldconfig/aux-cache{,~}; do
+			addwrite "${f}"
+		done
+	fi
+
+	tc-export PKG_CONFIG
+	"${ESYSROOT}"/usr/bin/update-bootengine -k "${KV_FULL}" -o "${S}"/build/bootengine.cpio "${BE_ARGS[@]}" || die
+	# Copy full initrd over to /usr as filesystem image
+	mkdir "${S}"/build/bootengine || die
+	pushd "${S}"/build/bootengine || die
+	lsinitrd --kver SILENCEERROR --unpack "${S}"/build/bootengine.cpio || die
+	mksquashfs . "${S}"/build/bootengine.img -noappend -xattrs-exclude ^btrfs. || die
+	popd || die
+	# Create minimal initrd
+	if use amd64; then
+		mkdir "${S}"/build/early-cpio || die
+		pushd "${S}"/build/early-cpio || die
+		lsinitrd --kver SILENCEERROR --unpackearly "${S}"/build/bootengine.cpio || die
+		# Recreate to only contain the early cpio for microcode
+		find . -print0 | cpio --null --create --verbose --format=newc > "${S}"/build/bootengine.cpio || die
+		# Debug: List contents after recreation
+		cpio -t < "${S}"/build/bootengine.cpio
+		popd || die
+	else
+		# No early cpio, drop full initrd
+		> "${S}"/build/bootengine.cpio
+	fi
+	mkdir "${S}"/build/minimal || die
+	pushd "${S}"/build/minimal || die
+	mkdir -p {etc,dev,proc,sys,dev,usr/bin,usr/lib64,realinit,sysusr/usr} || die
+	ln -s usr/bin bin || die
+	ln -s usr/bin sbin || die
+	ln -s bin usr/sbin || die
+	ln -s usr/lib64 lib || die
+	ln -s usr/lib64 lib64 || die
+	ln -s lib64 usr/lib || die
+	mkdir -p lib/modules/"${KV_FULL}"/ || die
+	# Instead from ESYSROOT we can also copy kernel modules from the dracut pre-selection
+	cp "${S}"/build/bootengine/usr/lib/modules/"${KV_FULL}"/modules.* lib/modules/"${KV_FULL}"/ || die
+	mkdir -p lib/modprobe.d/ || die
+	cp "${S}"/build/bootengine/lib/modprobe.d/* lib/modprobe.d/ || die
+	# Only include modules related to mounting /usr and for interacting with the emergency console
+	pushd "${S}/build/bootengine/usr/lib/modules/${KV_FULL}" || die
+	find kernel/drivers/{ata,block,hid,hv,input/serio,mmc,nvme,pci,scsi,usb} kernel/fs/{btrfs,overlayfs,squashfs} kernel/security/keys -name "*.ko.*" -printf "%f\0" | DRACUT_NO_XATTR=1 xargs --null "${BROOT}"/usr/lib/dracut/dracut-install --destrootdir "${S}"/build/minimal --kerneldir . --sysrootdir "${S}"/build/bootengine/ --firmwaredirs "${S}"/build/bootengine/usr/lib/firmware --module dm-verity dm-mod virtio_console || die
+	popd || die
+	echo '$MODALIAS=.*	0:0 660 @/sbin/modprobe "$MODALIAS"' > ./etc/mdev.conf || die
+	# We can't use busybox's modprobe because it doesn't support the globs in module.alias, breaking module loading
+	DRACUT_NO_XATTR=1 "${BROOT}"/usr/lib/dracut/dracut-install --destrootdir . --sysrootdir "${ESYSROOT}" --ldd /bin/veritysetup /bin/dmsetup /bin/busybox /sbin/modprobe || die
+	cp -a "${ESYSROOT}"/usr/bin/minimal-init ./init || die
+	# Make it easier to debug by not relying too much on the first commands
+	ln -s busybox ./bin/sh || die
+	mknod ./dev/console c 5 1 || die
+	mknod ./dev/null c 1 3 || die
+	mknod ./dev/tty c 5 0 || die
+	mknod ./dev/urandom c 1 9 || die
+	mknod ./dev/random c 1 8 || die
+	mknod ./dev/zero c 1 5 || die
+	# No compression because CONFIG_INITRAMFS_COMPRESSION_XZ should take care of it
+	find . -print0 | cpio --null --create --verbose --format=newc >> "${S}"/build/bootengine.cpio || die
+	popd || die
+	kmake "$(kernel_target)"
+
+	# sanity check :)
+	[[ -e build/certs/signing_key.pem ]] && die "created a new key!"
+}
+
+src_install() {
+	# coreos-postinst expects to find the kernel in /usr/boot
+	insinto "/usr/boot"
+	newins "$(kernel_path)" "vmlinuz-${KV_FULL}"
+	dosym "vmlinuz-${KV_FULL}" "/usr/boot/vmlinuz"
+
+	insinto "/usr/lib/modules/${KV_FULL}/build"
+	doins build/System.map
+
+	insinto "/usr/lib/debug/usr/boot"
+	newins build/vmlinux "vmlinux-${KV_FULL}"
+	dosym "../../../boot/vmlinux-${KV_FULL}" "/usr/lib/debug/usr/lib/modules/${KV_FULL}/vmlinux"
+
+	# For easy access to vdso debug symbols in gdb:
+	#   set debug-file-directory /usr/lib/debug/usr/lib/modules/${KV_FULL}/vdso/
+	kmake INSTALL_MOD_PATH="${ED}/usr/lib/debug/usr" vdso_install
+
+	insinto "/usr/lib/flatcar"
+	doins build/bootengine.img
+}