diff --git a/.github/workflows/reusable-build.yml b/.github/workflows/reusable-build.yml index c2a9b3c5..3b1c968a 100644 --- a/.github/workflows/reusable-build.yml +++ b/.github/workflows/reusable-build.yml @@ -32,6 +32,7 @@ jobs: - asus - fsync - fsync-ba + - fsync-coreos - surface - coreos-stable - coreos-testing @@ -46,6 +47,8 @@ jobs: kernel_flavor: fsync - fedora_version: 39 kernel_flavor: fsync-ba + - fedora_version: 39 + kernel_flavor: fsync-coreos - fedora_version: 39 kernel_flavor: asus - fedora_version: 39 @@ -77,7 +80,11 @@ jobs: export BUILDER_IMAGE=quay.io/fedora/fedora echo "BUILDER_IMAGE=${BUILDER_IMAGE}" >> $GITHUB_ENV echo "FQ_BUILDER_IMAGE=${BUILDER_IMAGE}:${{ matrix.fedora_version }}" >> $GITHUB_ENV - export KERNEL_IMAGE=${{ matrix.kernel_flavor }}-kernel + if [[ "${{matrix.kernel_flavor}}" == "fsync-coreos" ]]; then + export KERNEL_IMAGE=fsync-kernel + else + export KERNEL_IMAGE=${{ matrix.kernel_flavor }}-kernel + fi echo "KERNEL_IMAGE=${KERNEL_IMAGE}" >> $GITHUB_ENV echo "FQ_KERNEL_IMAGE=${{ env.IMAGE_REGISTRY }}/${KERNEL_IMAGE}:${{ matrix.fedora_version }}" >> $GITHUB_ENV @@ -101,6 +108,7 @@ jobs: - name: Get current version shell: bash + if: matrix.kernel_flavor != 'fsync-coreos' run: | set -eo pipefail @@ -125,6 +133,37 @@ jobs: fi echo "KERNEL_IMAGE_VERSION=$img_version" >> $GITHUB_ENV + - name: Get current version (fsync-coreos) + shell: bash + if: matrix.kernel_flavor == 'fsync-coreos' + run: | + set -eo pipefail + + # Get coreos kernel info + skopeo inspect docker://${{ env.IMAGE_REGISTRY }}/coreos-stable-kernel:${{ matrix.fedora_version }} > kernel.json + + coreos_linux=$(jq -r '.["Labels"]["ostree.linux"]' kernel.json) + if [ -z "$coreos_linux" ] || [ "null" = "$coreos_linux" ]; then + echo "inspected linux version must not be empty or null" + exit 1 + fi + major_minor_patch=$(echo $coreos_linux | cut -d - -f1) + # Match to fsync from kernel-cache + skopeo inspect docker://${{ env.IMAGE_REGISTRY }}/fsync-kernel:${{ matrix.fedora_version }}-${major_minor_patch} > kernel.json + linux=$(jq -r '.["Labels"]["ostree.linux"]' kernel.json) + if [ -z "$linux" ] || [ "null" = "$linux" ]; then + echo "inspected linux version must not be empty or null" + exit 1 + fi + echo "KERNEL_VERSION=$linux" >> $GITHUB_ENV + + img_version=$(jq -r '.["Labels"]["org.opencontainers.image.version"]' kernel.json) + if [ -z "$img_version" ] || [ "null" = "$img_version" ]; then + echo "inspected image version must not be empty or null" + exit 1 + fi + echo "KERNEL_IMAGE_VERSION=$img_version" >> $GITHUB_ENV + - name: Generate tags id: generate-tags shell: bash @@ -208,6 +247,8 @@ jobs: BUILDER_IMAGE=${{ env.BUILDER_IMAGE }} KERNEL_ORG=${{ github.repository_owner }} KERNEL_FLAVOR=${{ matrix.kernel_flavor }} + KERNEL_IMAGE=${{ env.KERNEL_IMAGE }} + KERNEL_VERSION=${{ env.KERNEL_VERSION }} FEDORA_MAJOR_VERSION=${{ matrix.fedora_version }} RPMFUSION_MIRROR=${{ vars.RPMFUSION_MIRROR }} DUAL_SIGN=true @@ -226,6 +267,8 @@ jobs: KERNEL_ORG=${{ github.repository_owner }} KERNEL_FLAVOR=${{ matrix.kernel_flavor }} FEDORA_MAJOR_VERSION=${{ matrix.fedora_version }} + KERNEL_IMAGE=${{ env.KERNEL_IMAGE }} + KERNEL_VERSION=${{ env.KERNEL_VERSION }} INPUT_AKMODS=${{ env.IMAGE_NAME }} INPUT_TAG=${{ env.default_tag }} DUAL_SIGN=true diff --git a/Containerfile.common b/Containerfile.common index ea9b0200..5f45ae91 100644 --- a/Containerfile.common +++ b/Containerfile.common @@ -6,7 +6,8 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-main}" ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}" ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}" -ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}" +ARG KERNEL_VERSION="${KERNEL_VERSION}" +ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}" ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}" ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}" FROM ${KERNEL_BASE} AS kernel_cache diff --git a/Containerfile.extra b/Containerfile.extra index c3419544..b580da2d 100644 --- a/Containerfile.extra +++ b/Containerfile.extra @@ -6,7 +6,8 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-main}" ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}" ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}" -ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}" +ARG KERNEL_VERSION="${KERNEL_VERSION}" +ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}" ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}" ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}" FROM ${KERNEL_BASE} AS kernel_cache diff --git a/Containerfile.nvidia b/Containerfile.nvidia index 6569f72a..8a2e222e 100644 --- a/Containerfile.nvidia +++ b/Containerfile.nvidia @@ -6,7 +6,8 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-main}" ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}" ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}" -ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}" +ARG KERNEL_VERSION="${KERNEL_VERSION}" +ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}" ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}" ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}" FROM ${KERNEL_BASE} AS kernel_cache diff --git a/Containerfile.nvidia-open b/Containerfile.nvidia-open index 71f008de..8211680e 100644 --- a/Containerfile.nvidia-open +++ b/Containerfile.nvidia-open @@ -6,7 +6,8 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-main}" ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}" ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}" -ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}" +ARG KERNEL_VERSION="${KERNEL_VERSION}" +ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}" ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}" ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}" FROM ${KERNEL_BASE} AS kernel_cache diff --git a/Containerfile.test b/Containerfile.test index 39bccb23..2ca7adb0 100644 --- a/Containerfile.test +++ b/Containerfile.test @@ -6,7 +6,8 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-main}" ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}" ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}" -ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}" +ARG KERNEL_VERSION="${KERNEL_VERSION}" +ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}" ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}" ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}" ARG INPUT_AKMODS="${INPUT_AKMODS:-akmods}" diff --git a/Containerfile.zfs b/Containerfile.zfs index 52de7c55..ad3db58f 100644 --- a/Containerfile.zfs +++ b/Containerfile.zfs @@ -6,7 +6,8 @@ ARG FEDORA_MAJOR_VERSION="${FEDORA_MAJOR_VERSION:-40}" ARG KERNEL_FLAVOR="${KERNEL_FLAVOR:-coreos-stable}" ARG KERNEL_IMAGE="${KERNEL_IMAGE:-${KERNEL_FLAVOR}-kernel}" ARG KERNEL_ORG="${KERNEL_ORG:-ublue-os}" -ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${FEDORA_MAJOR_VERSION}" +ARG KERNEL_VERSION="${KERNEL_VERSION}" +ARG KERNEL_BASE="ghcr.io/${KERNEL_ORG}/${KERNEL_IMAGE}:${KERNEL_VERSION}" ARG BUILDER_IMAGE="${BUILDER_IMAGE:-quay.io/fedora/fedora}" ARG BUILDER_BASE="${BUILDER_IMAGE}:${FEDORA_MAJOR_VERSION}" FROM ${KERNEL_BASE} AS kernel_cache diff --git a/build-prep.sh b/build-prep.sh index f1d0f756..d1c987b0 100755 --- a/build-prep.sh +++ b/build-prep.sh @@ -2,7 +2,6 @@ set -oeux pipefail - ### PREPARE REPOS # ARCH="$(rpm -E '%_arch')" RELEASE="$(rpm -E '%fedora')" @@ -17,9 +16,9 @@ echo "Installing ${KERNEL_FLAVOR} kernel-cache RPMs..." # fedora image has no kernel so this needs nothing fancy, just install dnf install -y /tmp/kernel_cache/*.rpm if [[ "${KERNEL_FLAVOR}" == "surface" ]]; then - KERNEL_VERSION=$(rpm -q kernel-surface|cut -d '-' -f2-) + KERNEL_VERSION=$(rpm -q kernel-surface | cut -d '-' -f2-) else - KERNEL_VERSION=$(rpm -q kernel|cut -d '-' -f2-) + KERNEL_VERSION=$(rpm -q kernel | cut -d '-' -f2-) fi # enable more repos @@ -58,7 +57,7 @@ if [[ ! -s "/tmp/certs/private_key.priv" ]]; then cp /tmp/certs/public_key.der{.test,} fi -install -Dm644 /tmp/certs/public_key.der /etc/pki/akmods/certs/public_key.der +install -Dm644 /tmp/certs/public_key.der /etc/pki/akmods/certs/public_key.der install -Dm644 /tmp/certs/private_key.priv /etc/pki/akmods/private/private_key.priv if [[ "${DUAL_SIGN}" == "true" ]]; then @@ -70,9 +69,9 @@ if [[ "${DUAL_SIGN}" == "true" ]]; then fi openssl x509 -in /tmp/certs/public_key_2.der -out /tmp/certs/public_key_2.crt openssl x509 -in /tmp/certs/public_key.der -out /tmp/certs/public_key.crt - cat /tmp/certs/private_key.priv <(echo) /tmp/certs/public_key.crt >> /tmp/certs/signing_key_1.pem - cat /tmp/certs/private_key_2.priv <(echo) /tmp/certs/public_key_2.crt >> /tmp/certs/signing_key_2.pem - cat /tmp/certs/public_key.crt <(echo) /tmp/certs/public_key_2.crt >> /tmp/certs/public_key_chain.pem + cat /tmp/certs/private_key.priv <(echo) /tmp/certs/public_key.crt >>/tmp/certs/signing_key_1.pem + cat /tmp/certs/private_key_2.priv <(echo) /tmp/certs/public_key_2.crt >>/tmp/certs/signing_key_2.pem + cat /tmp/certs/public_key.crt <(echo) /tmp/certs/public_key_2.crt >>/tmp/certs/public_key_chain.pem fi # This is for ZFS more than CoreOS