@@ -28,7 +28,7 @@ export SUPPORTED_KERNEL_FLAVORS="generic aws gcp azure oracle"
2828#
2929export JENKINS_OPS_DIR=" ${JENKINS_OPS_DIR:- jenkins-ops} "
3030
31- export UBUNTU_DISTRIBUTION=" noble "
31+ export UBUNTU_DISTRIBUTION=" focal "
3232
3333#
3434# We currently support getting the linux kernel from 3 different sources:
@@ -559,7 +559,7 @@ function install_shfmt() {
559559 arch=" arm"
560560 fi
561561 logmust sudo wget -nv -O /usr/local/bin/shfmt \
562- " https://github.com/mvdan/sh/releases/download/v2.4.0/shfmt_v2.4.0_linux_$arch "
562+ https://github.com/mvdan/sh/releases/download/v2.4.0/shfmt_v2.4.0_linux_$arch
563563 logmust sudo chmod +x /usr/local/bin/shfmt
564564 fi
565565 echo " shfmt version $( shfmt -version) "
@@ -597,47 +597,6 @@ function install_kernel_headers() {
597597 done
598598}
599599
600- #
601- # Install kernel dbgsym packages for all target kernels.
602- # The kernel packages are fetched from S3.
603- #
604- function install_kernel_dbgsyms() {
605- logmust determine_target_kernels
606- check_env KERNEL_VERSIONS DEPDIR
607-
608- logmust list_linux_kernel_packages
609- # Note: linux packages returned in _RET_LIST
610-
611- local pkg
612- for pkg in " ${_RET_LIST[@]} " ; do
613- logmust install_pkgs " $DEPDIR /$pkg /" * dbgsym* .ddeb
614- done
615-
616- #
617- # Verify that headers are installed for all kernel versions
618- # stored in KERNEL_VERSIONS
619- #
620- local kernel
621- for kernel in $KERNEL_VERSIONS ; do
622- logmust dpkg-query -l " linux-image-$kernel -dbgsym*" > /dev/null
623- done
624- }
625-
626- function install_kernel_headers_and_dbgsyms() {
627- logmust install_kernel_headers
628- logmust install_kernel_dbgsyms
629-
630- #
631- # Additionally, we add these symlinks so that kernel module builds will
632- # be able to generate BTF information, as they look for the "vmlinux" file
633- # in the kernel header directory.
634- #
635- local kernel
636- for kernel in $KERNEL_VERSIONS ; do
637- logmust sudo ln -sf " /usr/lib/debug/boot/vmlinux-$kernel " " /usr/src/linux-headers-$kernel /vmlinux"
638- done
639- }
640-
641600function delphix_revision() {
642601 #
643602 # We use "delphix" in the default revision to make it easy to find all
@@ -657,10 +616,6 @@ function delphix_revision() {
657616 echo " delphix.$( date ' +%Y.%m.%d.%H.%M' ) "
658617}
659618
660- function compare_versions() {
661- dpkg --compare-versions " $@ "
662- }
663-
664619function determine_dependencies_base_url() {
665620 [[ -n " $DEPENDENCIES_BASE_URL " && return
666621
@@ -791,24 +746,6 @@ function git_fetch_helper() {
791746 git fetch " $git_url " " $@ " || die " git fetch failed"
792747}
793748
794- #
795- # Run git fetch with the passed arguments. Git url must be passed as first
796- # argument. If FETCH_GIT_TOKEN is set and this is a github repository
797- # then pass-in the token when fetching.
798- #
799- function git_branch_exists() {
800- local git_url=" $1 "
801- local label=' '
802- shift
803-
804- if [[ -n " $FETCH_GIT_TOKEN " &&
805- [[ " $git_url " == https://github.com/* ]]; then
806- git_url=" ${git_url/ https: \/\/ / https: \/\/ ${FETCH_GIT_TOKEN} @ } "
807- label=' [token passed]'
808- fi
809- git fetch " $git_url " " $@ " || return 1
810- }
811-
812749#
813750# Fetch package repository into $WORKDIR/repo
814751#
@@ -832,25 +769,6 @@ function fetch_repo_from_git() {
832769 logmust git show-ref repo-HEAD
833770 logmust git show-ref upstream-HEAD
834771 else
835-
836- #
837- # The "os-upgrade" branch is used for Ubuntu version upgrade projects. As such, the following
838- # block of code will only be executed if the `PACKAGE_GIT_BRANCH` is set to "os-upgrade". Not
839- # all product repositories are required to have an "os-upgrade" branch, because some packages
840- # will successfully build on the new Ubuntu version as well as the old without any changes.
841- # To allow engineering to create the "os-upgrade" branch only in repositories that require
842- # changes for the new Ubuntu version, this block of code will check if the "os-upgrade" branch
843- # exists in the repository and if it does not, it will build off of "develop" instead.
844- #
845- if [[ " $PACKAGE_GIT_BRANCH " == " os-upgrade" ; then
846- git_branch_exists " $PACKAGE_GIT_URL " " $PACKAGE_GIT_BRANCH "
847- branch_exists=$?
848- if [[ $branch_exists -ne 0 ]]; then
849- echo " NOTE: The branch 'os-upgrade' does not exist for this repo. Using 'develop' instead."
850- PACKAGE_GIT_BRANCH=" develop"
851- fi
852- fi
853-
854772 logmust git_fetch_helper " $PACKAGE_GIT_URL "
855773 " +$PACKAGE_GIT_BRANCH :repo-HEAD"
856774 logmust git show-ref repo-HEAD
@@ -1087,24 +1005,9 @@ function push_to_remote() {
10871005#
10881006function set_changelog() {
10891007 check_env PACKAGE_REVISION
1008+ local src_package=" ${1:- $PACKAGE } "
10901009 local final_version
10911010
1092- #
1093- # If the name of the source package isn't passed in as a parameter,
1094- # then deduce it. If there's a debian/control file that specifies that
1095- # package name, then use it. Otherwise, default to the name of the
1096- # linux-pkg directory name. This can't always be the default because
1097- # for some packages, those are different. For example, the
1098- # challenge-response linux-pkg directory generates the
1099- # pam-challenge-response debian package.
1100- #
1101- if [[ -n $1 ]]; then
1102- src_package=$1
1103- elif [[ -f debian/control ]]; then
1104- src_package=$( awk ' /^Source:/ { print $2 }' )
1105- fi
1106- src_package=${src_package:- $PACKAGE }
1107-
11081011 #
11091012 # If PACKAGE_VERSION hasn't been set already, then retrieve it from
11101013 # The changelog file. If the changelog file doesn't exist, which
@@ -1169,7 +1072,7 @@ function get_kernel_version_for_platform_from_apt() {
11691072 # image for that particular platform. For instance, Ubuntu has a
11701073 # meta-package for AWS called 'linux-image-aws', which depends on
11711074 # package 'linux-image-4.15.0-1027-aws'. The latter is the linux image
1172- # for kernel version '4.15.0-1027-aws'. We use this dependency to figure
1075+ # for kernel version '4.15.0-1027-aws'. We use this depenency to figure
11731076 # out the default kernel version for a given platform.
11741077 #
11751078 # The "generic" platform is a special case, since we want to use the
@@ -1178,10 +1081,11 @@ function get_kernel_version_for_platform_from_apt() {
11781081 # Note that while the default kernel is usually also the latest
11791082 # available, it is not always the case.
11801083 #
1181- if [[ " $platform " == generic ]]; then
1182- package=" linux-image-${platform} -hwe-24.04"
1183- else
1084+
1085+ if [[ " $platform " != generic ]] && [[ " $UBUNTU_DISTRIBUTION " == focal ]]; then
11841086 package=" linux-image-${platform} "
1087+ else
1088+ package=" linux-image-${platform} -hwe-20.04"
11851089 fi
11861090
11871091 if [[ " $( apt-cache show --no-all-versions " $package "
@@ -1414,87 +1318,3 @@ function set_secret_build_args() {
14141318 _SECRET_BUILD_ARGS+=(" -DSECRET_DB_AWS_REGION=$SECRET_DB_AWS_REGION "
14151319 fi
14161320}
1417-
1418- #
1419- # Secure boot variables and functions
1420- #
1421- # S3 bucket containing keys and certs
1422- # ./db subdirectory contains the db key and various certs:
1423- # .der is for signing modules like ZFS and connstat
1424- # .crt is for signing vmlinuz
1425- # signing_key.pem is the format expected by kernel build for signing its modules
1426- #
1427- # ./pub contains the auth files, secure boot enrollment certs.
1428- #
1429- S3_KEYS_URL=" s3://secure-boot-keys-prod/release"
1430- #
1431- # The kernel build expects the signing_key.pem in this directory, i.e.
1432- # CONFIG_MODULE_SIG_KEY is set to /var/tmp/sbkeys/signing_key.pem in
1433- # resources/delphix_kernel_annotations
1434- #
1435- SB_KEYS_DIR=" /var/tmp/sbkeys"
1436- SBSIGN_KEY=" $SB_KEYS_DIR /db.key"
1437- SBSIGN_DER=" $SB_KEYS_DIR /db.der"
1438-
1439- function download_keys() {
1440- logmust mkdir -p $SB_KEYS_DIR
1441- logmust aws s3 cp --recursive " $S3_KEYS_URL /db/" $SB_KEYS_DIR
1442- }
1443-
1444- function delete_keys() {
1445- logmust rm -r $SB_KEYS_DIR
1446- }
1447-
1448- # Update DEBIAN/md5sum for package directory after
1449- # some files were updated, i.e. secure-boot signed.
1450- #
1451- function update_md5sums() {
1452- pkg_dir=$1
1453- echo_bold " Updating md5sums for $pkg_dir "
1454-
1455- (
1456- cd " $pkg_dir " || exit
1457- : > DEBIAN/md5sums
1458- # print paths relative to root of package
1459- while IFS= read -r -d ' ' ; do
1460- rel=" ${f# ./ } "
1461- md5sum " $rel " >> DEBIAN/md5sums
1462- done < <( find . -type f ! -path ' ./DEBIAN/*' ! -path ' ./etc/depmod*' )
1463- )
1464- }
1465-
1466- function repack_deb() {
1467- deb_name=$1
1468- deb_dir=$2
1469- temp_deb=$( mktemp /tmp/deb.XXXXXX)
1470-
1471- logmust fakeroot dpkg-deb -b " $deb_dir " " $temp_deb "
1472- logmust mv " $temp_deb " " $deb_name "
1473- }
1474-
1475- #
1476- # Sign .ko files in the module list
1477- #
1478- function sign_modules() {
1479- deb_pkgs=" $1 "
1480- echo_bold " Signing $deb_pkgs "
1481- download_keys
1482-
1483- while IFS= read -r pkg; do
1484- echo_bold " Processing $pkg "
1485- temp_dir=$( mktemp -d -p " /var/tmp/" )
1486- logmust fakeroot dpkg-deb -R " $pkg " " $temp_dir "
1487-
1488- # Find and sign all .ko files in package
1489- find " $temp_dir " " *.ko" |
1490- while IFS= read -r -d ' ' ; do
1491- logmust kmodsign sha256 " $SBSIGN_KEY " " $SBSIGN_DER " " $kernel_mod " " $kernel_mod .signed"
1492- logmust mv " $kernel_mod .signed" " $kernel_mod "
1493- logmust modinfo -F signer " $kernel_mod "
1494- done
1495- # Repack the .deb"
1496- update_md5sums " $temp_dir "
1497- repack_deb " $pkg " " $temp_dir "
1498- done <<< " $deb_pkgs"
1499- delete_keys
1500- }
0 commit comments