-
Notifications
You must be signed in to change notification settings - Fork 511
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
improve support for out-of-tree kernel modules #1220
Commits on Dec 1, 2020
-
kernel: enable zstd compression for squashfs
We use squashfs archives for files that must be included, but which are rarely or never accessed on most running systems. zstd offers compression ratios similar to xz, and decompression speeds like lz4. This saves space while keeping reads fast. Signed-off-by: Ben Cressey <bcressey@amazon.com>
Configuration menu - View commit details
-
Copy full SHA for 90aee0a - Browse repository at this point
Copy the full SHA 90aee0aView commit details -
kernel: overhaul kernel development sources
Previously, we included host programs like `objtool` which are built with the default `gcc` compiler and not our cross-compiler toolchain. This works as long as the running system matches our build host, but would break if we began building x86_64 images on an aarch64 system. The reverse is not true today, but only because `objtool` is not yet required for the arm64 target. Ideally, we'd be able to cross-compile these host programs, but that isn't supported by the kernel's build system, and would be hard to implement. For example, `fixdep` is both a tool we'd want to ship, meaning it would need to be cross-compiled, and a tool that's used to build `objtool`, meaning it couldn't be cross-compiled and still run on the build host. Instead we push the problem out to the downstream consumer, who can be relied on to have a compiler that can build native versions of the host programs. This requires shipping all the headers, tools, and scripts needed to run `make prepare`. For compatibility with solutions like DKMS, which do not expect to run anything but the module build, we add a minimal prepare target to this path so that the host programs will be automatically rebuilt. We also make some edits and exclude some files to avoid dependencies on bison, flex, and OpenSSL. Signed-off-by: Ben Cressey <bcressey@amazon.com>
Configuration menu - View commit details
-
Copy full SHA for 1e19ea3 - Browse repository at this point
Copy the full SHA 1e19ea3View commit details -
kernel: package archived development sources
The squashfs filesystem is meant to be used on a running host, while a tarball is easier to work with when assembling a combined archive that also includes our toolchain. Signed-off-by: Ben Cressey <bcressey@amazon.com>
Configuration menu - View commit details
-
Copy full SHA for 161b609 - Browse repository at this point
Copy the full SHA 161b609View commit details -
build: set options for license squashfs
Apply the same options we use for the kernel-devel squashfs. Signed-off-by: Ben Cressey <bcressey@amazon.com>
Configuration menu - View commit details
-
Copy full SHA for 876b50a - Browse repository at this point
Copy the full SHA 876b50aView commit details -
release: enable writes to /usr/src/kernels
With the changes to our packaging of kernel development sources, any out-of-tree module builds will need to run `make prepare` in order to compile dependencies like `objtool`. These binaries need to land in the same directory tree as the other development files we ship. Using an overlayfs mount allows writes to the otherwise read-only content from the squashfs. We purge the upper directory on reboot so changes do not persist across system upgrades. Signed-off-by: Ben Cressey <bcressey@amazon.com>
Configuration menu - View commit details
-
Copy full SHA for d70179c - Browse repository at this point
Copy the full SHA d70179cView commit details -
host-ctr: allow writes to /usr/src/kernels
This directory needs to be writable in order to build out-of-tree modules inside a superpowered container. Signed-off-by: Ben Cressey <bcressey@amazon.com>
Configuration menu - View commit details
-
Copy full SHA for 5071785 - Browse repository at this point
Copy the full SHA 5071785View commit details -
build: add target for kmod kit
To support compiling out-of-tree modules ahead of time, rather than on a running Bottlerocket host, we need to provide two things: the kernel development sources, such as headers and Makefiles; and the toolchain we use to build our kernel. Our toolchain is built separately as part of our cross-compiling SDK, and it's possible, if unlikely, that we would ship two releases with the same kernel version built with a different GCC. It's also possible that variants will use different kernels, so we cannot have just one development kit per release. This is not yet supported, but we need the ecosystem to anticipate the requirement for a per-variant, per-architecture kit. The build target combines the archives from the toolchain matching the SDK we used to build the kernel, and kernel development sources from the most recent build. This produces a single artifact that can be uploaded for later retrieval by a consumer that knows the variant, architecture, and version that they are targeting. Signed-off-by: Ben Cressey <bcressey@amazon.com>
Configuration menu - View commit details
-
Copy full SHA for eaa7d04 - Browse repository at this point
Copy the full SHA eaa7d04View commit details