Skip to content

Commit

Permalink
feat: provide build instructions for NVIDIA kernel module
Browse files Browse the repository at this point in the history
Actual module is built in the CI, but never pushed to the registry.

Signed-off-by: Andrey Smirnov <[email protected]>
  • Loading branch information
smira committed Dec 23, 2021
1 parent b22723d commit ad611bc
Show file tree
Hide file tree
Showing 13 changed files with 141 additions and 25 deletions.
19 changes: 19 additions & 0 deletions .drone.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,25 @@ steps:
- name: docker
path: /root/.docker/buildx

- name: build-nonfree-pull-request
image: autonomy/build-container:latest
pull: always
environment:
DOCKER_CLI_EXPERIMENTAL: enabled
commands:
- make nonfree
when:
event:
include:
- pull_request
volumes:
- name: docker-socket
path: /var/run
- name: ssh
path: /root/.ssh
- name: docker
path: /root/.docker/buildx

- name: build-and-publish
image: autonomy/build-container:latest
pull: always
Expand Down
9 changes: 6 additions & 3 deletions Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,12 @@ empty :=
space = $(empty) $(empty)

TARGETS = ca-certificates cni containerd cryptsetup dosfstools eudev fhs flannel-cni grub ipmitool iptables ipxe kernel kmod libaio libjson-c liblzma libpopt libressl libseccomp linux-firmware lvm2 musl open-iscsi open-isns raspberrypi-firmware runc socat syslinux u-boot util-linux xfsprogs
NONFREE_TARGETS = nonfree-kmod-nvidia

all: $(TARGETS) ## Builds all known pkgs.

nonfree: $(NONFREE_TARGETS) ## Builds all known non-free pkgs.

.PHONY: help
help: ## This help menu.
@grep -E '^[a-zA-Z%_-]+:.*?## .*$$' $(MAKEFILE_LIST) | awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
Expand All @@ -36,8 +39,8 @@ target-%: ## Builds the specified target defined in the Dockerfile. The build re
docker-%: ## Builds the specified target defined in the Dockerfile using the docker output type. The build result will be loaded into docker.
@$(MAKE) target-$* TARGET_ARGS="$(TARGET_ARGS)"

.PHONY: $(TARGETS)
$(TARGETS):
.PHONY: $(TARGETS) $(NONFREE_TARGETS)
$(TARGETS) $(NONFREE_TARGETS):
@$(MAKE) docker-$@ TARGET_ARGS="--tag=$(REGISTRY)/$(USERNAME)/$@:$(TAG) --push=$(PUSH)"

.PHONY: deps.png
Expand All @@ -48,7 +51,7 @@ kernel-%: ## Updates the kernel configs: e.g. make kernel-olddefconfig; make ker
for platform in $(subst $(,),$(space),$(PLATFORM)); do \
arch=`basename $$platform` ; \
$(MAKE) docker-kernel-prepare PLATFORM=$$platform TARGET_ARGS="--tag=$(REGISTRY)/$(USERNAME)/kernel:$(TAG)-$$arch --load"; \
docker run --rm -it --entrypoint=/toolchain/bin/bash -e PATH=/toolchain/bin:/bin -w /src -v $$PWD/kernel/kernel/config-$$arch:/host/.hostconfig $(REGISTRY)/$(USERNAME)/kernel:$(TAG)-$$arch -c 'cp /host/.hostconfig .config && make $* && cp .config /host/.hostconfig'; \
docker run --rm -it --entrypoint=/toolchain/bin/bash -e PATH=/toolchain/bin:/bin -w /src -v $$PWD/kernel/build/config-$$arch:/host/.hostconfig $(REGISTRY)/$(USERNAME)/kernel:$(TAG)-$$arch -c 'cp /host/.hostconfig .config && make $* && cp .config /host/.hostconfig'; \
done

# Utilities
Expand Down
4 changes: 2 additions & 2 deletions containerd/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ steps:
# sync with version and revision in build
- url: https://github.com/containerd/containerd/archive/refs/tags/v1.5.8.tar.gz
destination: containerd.tar.gz
sha256: a41ab8d39393c9456941b477c33bb1b221a29b635f1c9a99523aab2f5e74f790
sha512: c769506ff6d98689c46ffee94d70ae00ef2f32e0daac1e631cbe8a587f67c7e4f83eb3895707362bdf46198b61823c99df1d8ca61095ab1415de5596f106fd07
sha256: 0890f7b0ee8e20a279a617c60686874b3c7a99e064adb2b38d884499b5284c43
sha512: 672c1743150ec8ab8eac7562a815d55ce697fc4216d83e7f7d142c4a2fca08a70238d545328fa273d1cc15eef15e5e5bec51a3b8fbd6b8a83fba797769197cdf
prepare:
- |
tar -xzf containerd.tar.gz --strip-components=1
Expand Down
17 changes: 17 additions & 0 deletions kernel/build/certs/x509.genkey
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
[ req ]
default_bits = 4096
distinguished_name = req_distinguished_name
prompt = no
string_mask = utf8only
x509_extensions = myexts

[ req_distinguished_name ]
O = Sidero Labs, Inc.
CN = Build time throw-away kernel key
#emailAddress = [email protected]

[ myexts ]
basicConstraints=critical,CA:FALSE
keyUsage=digitalSignature
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid
File renamed without changes.
File renamed without changes.
40 changes: 40 additions & 0 deletions kernel/build/pkg.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
name: kernel-build
variant: scratch
shell: /toolchain/bin/bash
dependencies:
- stage: kernel-prepare
steps:
- env:
CARCH: {{ if eq .ARCH "aarch64"}}arm64{{ else if eq .ARCH "x86_64" }}amd64{{ else }}unsupported{{ end }}
KARCH: {{ if eq .ARCH "aarch64"}}ARM64{{ else if eq .ARCH "x86_64" }}X86_64{{ else }}unsupported{{ end }}
ARCH: {{ if eq .ARCH "aarch64"}}arm64{{ else if eq .ARCH "x86_64" }}x86_64{{ else }}unsupported{{ end }}
prepare:
- |
cd /src
cp -v /pkg/config-${CARCH} .config
cp -v /pkg/certs/* certs/
build:
- |
cd /src
python3 /toolchain/kconfig-hardened-check/bin/kconfig-hardened-check -c .config -p ${KARCH} -m json | python3 /pkg/scripts/filter-hardened-check.py
- |
cd /src
make -j $(nproc)
make -j $(nproc) modules
if [[ "${ARCH}" == "arm64" ]]; then
echo "Compiling device-tree blobs"
make -j $(nproc) dtbs
fi
finalize:
- from: /src
to: /src
- from: /toolchain
to: /toolchain
- from: /usr
to: /usr
- from: /bin
to: /bin
- from: /lib
to: /lib
23 changes: 3 additions & 20 deletions kernel/kernel/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,31 +2,14 @@ name: kernel
variant: scratch
shell: /toolchain/bin/bash
dependencies:
- stage: kernel-prepare
- stage: kernel-build
steps:
- env:
ARCH: {{ if eq .ARCH "aarch64"}}arm64{{ else if eq .ARCH "x86_64" }}x86_64{{ else }}unsupported{{ end }}
CARCH: {{ if eq .ARCH "aarch64"}}arm64{{ else if eq .ARCH "x86_64" }}amd64{{ else }}unsupported{{ end }}
KARCH: {{ if eq .ARCH "aarch64"}}ARM64{{ else if eq .ARCH "x86_64" }}X86_64{{ else }}unsupported{{ end }}
prepare:
- |
cp -a /src/. .
cp -v /pkg/config-${CARCH} .config
patch -p0 < /pkg/patches/sign-file.patch
- |
python3 /toolchain/kconfig-hardened-check/bin/kconfig-hardened-check -c .config -p ${KARCH} -m json | python3 /pkg/scripts/filter-hardened-check.py
build:
- |
make -j $(nproc)
make -j $(nproc) modules
if [[ "${ARCH}" == "arm64" ]]; then
echo "Compiling device-tree blobs"
make -j $(nproc) dtbs
fi
install:
- |
cd /src
mkdir -p /rootfs/boot
mkdir -p /rootfs/dtb
case $ARCH in
Expand Down
File renamed without changes.
1 change: 1 addition & 0 deletions kernel/kernel-prepare/pkg.yaml → kernel/prepare/pkg.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ steps:
cd /toolchain && git clone https://github.com/a13xp0p0v/kconfig-hardened-check.git
- |
patch -p1 < /pkg/patches/hardening.kconfig.patch
patch -p0 < /pkg/patches/sign-file.patch
install:
- |
mkdir -p /src
Expand Down
53 changes: 53 additions & 0 deletions nonfree/kmod-nvidia/pkg.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: nonfree-kmod-nvidia
variant: scratch
shell: /toolchain/bin/bash
dependencies:
- stage: kernel-build
steps:
# driver sources: https://www.nvidia.com/en-us/drivers/unix/
# {{ if eq .ARCH "aarch64" }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
#
# build on ARM fails at the moment, not sure what is the reason, it feels like it tries to use x86 function
# for the PoC, we'll leave nvidia module x86-only
#
# - url: https://us.download.nvidia.com/XFree86/aarch64/470.94/NVIDIA-Linux-aarch64-470.94.run
# destination: nvidia.run
# sha256: a1c991051c6cbd3fa69d9768fa7cd0084bfa6d4c384cc6a6e3ab88b5b51e57c8
# sha512: e27b04ec5025b5ce1d6cd78306f55f5699032fc350f78fb7a731a82ec4691ba0764fd3e36d8738d38f17cafd93988c7542d55c370e219bdbab6d0e7eb2f9a5fd
- install:
- |
mkdir -p /rootfs
# {{ else }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
- sources:
- url: https://us.download.nvidia.com/XFree86/Linux-x86_64/470.94/NVIDIA-Linux-x86_64-470.94.run
destination: nvidia.run
sha256: 9585aa29330ebad9bdf22ce3ca2bac2026c85a9a32f03d7c59f714a7798500eb
sha512: b70542af04691da623b494d49fcbd58c58b83388fdb1c7ea6dcc779755b595444a324f613840ccbba0d9029456668376fe6049a3e4496c6054efbbf1e0a59c0f
env:
ARCH: {{ if eq .ARCH "aarch64"}}arm64{{ else if eq .ARCH "x86_64" }}x86_64{{ else }}unsupported{{ end }}
prepare:
- |
export PATH=/toolchain/bin:$PATH
export GUESS_MD5_PATH=/toolchain/bin
rm -f /dev/tty && ln -s /dev/stdout /dev/tty
ln -s /toolchain/bin/echo /toolchain/bin/which
/toolchain/bin/bash nvidia.run --extract-only
build:
- |
cd NVIDIA-Linux-*/kernel
make -j $(nproc) SYSSRC=/src
install:
- |
cd NVIDIA-Linux-*/kernel
mkdir -p /rootfs/lib/modules/$(cat /src/include/config/kernel.release)/
touch /rootfs/lib/modules/$(cat /src/include/config/kernel.release)/modules.order /rootfs/lib/modules/$(cat /src/include/config/kernel.release)/modules.builtin
make -j $(nproc) modules_install SYSSRC=/src DEPMOD=/toolchain/bin/depmod INSTALL_MOD_PATH=/rootfs
# {{ end }} This in fact is YAML comment, but Go templating instruction is evaluated by bldr
finalize:
- from: /rootfs
to: /

0 comments on commit ad611bc

Please sign in to comment.