-
Notifications
You must be signed in to change notification settings - Fork 0
Ch 6.12.8 kernel 1.4 #3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: ch-6.12.8
Are you sure you want to change the base?
Changes from all commits
3a0a5a7
14caed4
52bead7
df90d62
c6e11d7
0303f29
0cbd865
9afdbad
074fac4
d91e37a
7dee9ab
7a67df1
f2a1148
f4e1c62
09de4df
d64ceea
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,22 +1,48 @@ | ||
| name: Cloud Hypervisor Linux Release | ||
| on: [create] | ||
|
|
||
| permissions: | ||
| contents: write | ||
|
|
||
| jobs: | ||
| release: | ||
| if: github.event_name == 'create' && github.event.ref_type == 'tag' | ||
| name: Release | ||
| runs-on: ubuntu-22.04 | ||
| runs-on: [self-hosted, linux, x64, kvm] | ||
| env: | ||
| # Static link host tools so they don't depend on build host's glibc version | ||
| HOSTLDFLAGS: "-static -lz" | ||
| steps: | ||
| - name: Code checkout | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| fetch-depth: 1 | ||
| - name: Install build tools | ||
| run: sudo apt install build-essential flex bison libssl-dev libelf-dev bc gcc-aarch64-linux-gnu gcc-riscv64-linux-gnu | ||
| run: sudo apt install -y build-essential flex bison libssl-dev libelf-dev zlib1g-dev bc gcc-aarch64-linux-gnu gcc-riscv64-linux-gnu | ||
| - name: Configure (aarch64) | ||
| run: ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make ch_defconfig | ||
| - name: Build (aarch64) | ||
| run: ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make Image.gz -j `nproc` | ||
| - name: Build kernel modules (aarch64) | ||
| run: ARCH=arm64 CROSS_COMPILE=aarch64-linux-gnu- make modules -j `nproc` | ||
| - name: Package kernel headers (aarch64) | ||
| run: | | ||
| KVER=$(ARCH=arm64 make -s kernelrelease) | ||
| HEADERS_DIR="$(pwd)/kernel-headers-arm64" | ||
|
|
||
| # Use the kernel's built-in script via make run-command to ensure proper env vars | ||
| mkdir -p "${HEADERS_DIR}" | ||
| ARCH=arm64 make run-command KBUILD_RUN_COMMAND="\${srctree}/scripts/package/install-extmod-build ${HEADERS_DIR}" | ||
|
|
||
| # Add System.map and .config | ||
| cp System.map "${HEADERS_DIR}/" | ||
| cp .config "${HEADERS_DIR}/" | ||
|
|
||
| # Package just the headers contents (flat structure) | ||
| tar czf kernel-headers-aarch64.tar.gz -C "${HEADERS_DIR}" . | ||
|
|
||
| echo "Kernel headers packaged for ${KVER} (aarch64):" | ||
| du -sh kernel-headers-aarch64.tar.gz | ||
|
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Riscv64 missing module build and headers packaging stepsMedium Severity The riscv64 defconfig now enables Additional Locations (1) |
||
| - name: Configure (riscv64) | ||
| run: ARCH=riscv CROSS_COMPILE=riscv64-linux-gnu- make ch_defconfig | ||
| - name: Build (riscv64) | ||
|
|
@@ -25,6 +51,48 @@ jobs: | |
| run: make ch_defconfig | ||
| - name: Build kernel (x86-64) | ||
| run: CFLAGS="-Wa,-mx86-used-note=no" make bzImage -j `nproc` | ||
| - name: Build kernel modules (x86-64) | ||
| run: make modules -j `nproc` | ||
| - name: Package kernel headers (x86-64) | ||
| run: | | ||
| KVER=$(make -s kernelrelease) | ||
| HEADERS_DIR="$(pwd)/kernel-headers-x86" | ||
|
|
||
| # Use the kernel's built-in script via make run-command to ensure proper env vars | ||
| mkdir -p "${HEADERS_DIR}" | ||
| make run-command KBUILD_RUN_COMMAND="\${srctree}/scripts/package/install-extmod-build ${HEADERS_DIR}" | ||
|
|
||
| # Add System.map and .config (useful for debugging and some build scenarios) | ||
| cp System.map "${HEADERS_DIR}/" | ||
| cp .config "${HEADERS_DIR}/" | ||
|
|
||
| # Package just the headers contents (flat structure) | ||
| tar czf kernel-headers-x86_64.tar.gz -C "${HEADERS_DIR}" . | ||
|
|
||
| echo "Kernel headers packaged for ${KVER}:" | ||
| du -sh kernel-headers-x86_64.tar.gz | ||
| - name: Verify tools are statically linked | ||
| run: | | ||
| echo "Checking that host tools are statically linked..." | ||
| FAILED=0 | ||
| for tool in kernel-headers-x86/scripts/basic/fixdep \ | ||
| kernel-headers-x86/scripts/mod/modpost \ | ||
| kernel-headers-x86/tools/objtool/objtool; do | ||
| if [ -f "$tool" ]; then | ||
| if file "$tool" | grep -q "statically linked"; then | ||
| echo "✓ $tool: statically linked" | ||
| else | ||
| echo "✗ $tool: DYNAMICALLY LINKED - this will cause glibc compatibility issues!" | ||
| file "$tool" | ||
| FAILED=1 | ||
| fi | ||
| fi | ||
| done | ||
| if [ $FAILED -eq 1 ]; then | ||
| echo "ERROR: Some tools are dynamically linked. Check HOSTLDFLAGS setting." | ||
| exit 1 | ||
| fi | ||
| echo "All tools verified as statically linked." | ||
| - name: Create release | ||
| id: create_release | ||
| uses: actions/create-release@v1 | ||
|
|
@@ -52,6 +120,24 @@ jobs: | |
| asset_path: vmlinux | ||
| asset_name: vmlinux-x86_64 | ||
| asset_content_type: application/octet-stream | ||
| - name: Upload kernel headers for x86_64 | ||
| uses: actions/upload-release-asset@v1 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| with: | ||
| upload_url: ${{ steps.create_release.outputs.upload_url }} | ||
| asset_path: kernel-headers-x86_64.tar.gz | ||
| asset_name: kernel-headers-x86_64.tar.gz | ||
| asset_content_type: application/gzip | ||
| - name: Upload kernel headers for aarch64 | ||
| uses: actions/upload-release-asset@v1 | ||
| env: | ||
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
| with: | ||
| upload_url: ${{ steps.create_release.outputs.upload_url }} | ||
| asset_path: kernel-headers-aarch64.tar.gz | ||
| asset_name: kernel-headers-aarch64.tar.gz | ||
| asset_content_type: application/gzip | ||
| - name: Upload Image.gz for aarch64 | ||
| uses: actions/upload-release-asset@v1 | ||
| env: | ||
|
|
||


There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Aarch64 headers contain wrong-architecture host tools
High Severity
The aarch64 headers packaging step invokes
make run-commandwith onlyARCH=arm64but omitsCROSS_COMPILE=aarch64-linux-gnu-. WithoutCROSS_COMPILE, the kernel Makefile setsCC=gcc(same asHOSTCC=gcc), so theinstall-extmod-buildscript'sCC != HOSTCCcheck evaluates false and the host tool rebuild branch is skipped. The packaged aarch64 headers will contain x86-64 host binaries (fixdep,modpost) from the build machine, which will fail with "exec format error" when someone tries to build kernel modules natively on an aarch64 system. The upstreambuilddebscript explicitly passes the cross-compiler asCCto trigger this rebuild.