/
build_release.sh
executable file
·120 lines (99 loc) · 3.34 KB
/
build_release.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#!/bin/bash
set -ex
usage() {
echo "Usage: $0 (lts|cos|mitigation)-<version> [<branch-tag-or-commit>]";
exit 1;
}
RELEASE_NAME="$1"
BRANCH="$2"
if [[ ! "$RELEASE_NAME" =~ ^(lts|cos|mitigation)-(.*) ]]; then usage; fi
TARGET="${BASH_REMATCH[1]}"
VERSION="${BASH_REMATCH[2]}"
case $TARGET in
lts)
REPO="https://github.com/gregkh/linux"
DEFAULT_BRANCH="v${VERSION}"
case $VERSION in
6.6.*) CONFIG_FN="lts-6.6.config" ;;
6.1.*) CONFIG_FN="lts-6.1.config" ;;
esac
if [ -z "$CONFIG_FN" ]; then echo "Failed to select config (VERSION=$VERSION)"; exit 1; fi
;;
cos)
REPO="https://cos.googlesource.com/third_party/kernel"
;;
mitigation)
REPO="https://github.com/thejh/linux"
case $VERSION in
v3-6.1.55)
DEFAULT_BRANCH="mitigations-next"
CONFIG_FN="mitigation-v3.config"
CONFIG_FULL_FN="mitigation-v3-full.config"
;;
6.1 | 6.1-v2)
DEFAULT_BRANCH="slub-virtual-v6.1"
CONFIG_FN="mitigation-v1.config"
;;
esac ;;
*)
usage ;;
esac
BRANCH="${BRANCH:-$DEFAULT_BRANCH}"
if [ -z "$BRANCH" ]; then usage; fi
echo "REPO=$REPO"
echo "BRANCH=$BRANCH"
echo "CONFIG_FN=$CONFIG_FN"
BASEDIR=`pwd`
BUILD_DIR="$BASEDIR/builds/$RELEASE_NAME"
RELEASE_DIR="$BASEDIR/releases/$RELEASE_NAME"
CONFIGS_DIR="$BASEDIR/kernel_configs"
if [ -d "$RELEASE_DIR" ]; then echo "Release directory already exists. Stopping."; exit 1; fi
mkdir -p $BUILD_DIR 2>/dev/null || true
cd $BUILD_DIR
if [ ! -d ".git" ]; then git init && git remote add origin $REPO; fi
if ! git checkout $BRANCH; then
git fetch --depth 1 origin $BRANCH:$BRANCH || true # TODO: hack, solve it better
git checkout $BRANCH
fi
# not necessary for the build itself, but it can be useful for comparing the config changes
if [ "$TARGET" == "lts" ]; then
make defconfig
mv .config upstream_defconfig
fi
if [ "$TARGET" == "cos" ]; then
rm lakitu_defconfig || true
make lakitu_defconfig
cp .config lakitu_defconfig
else
curl 'https://cos.googlesource.com/third_party/kernel/+/refs/heads/cos-6.1/arch/x86/configs/lakitu_defconfig?format=text'|base64 -d > lakitu_defconfig
cp lakitu_defconfig .config
fi
# build everything into the kernel instead of modules
# note: this can increase the attack surface!
sed -i s/=m/=y/g .config
if [ ! -z "$CONFIG_FN" ]; then
cp $CONFIGS_DIR/$CONFIG_FN kernel/configs/
make $CONFIG_FN
fi
make olddefconfig
if [ ! -z "$CONFIG_FN" ]; then
if scripts/diffconfig $CONFIGS_DIR/$CONFIG_FN .config|grep "^[^+]"; then
echo "Config did not apply cleanly."
exit 1
fi
fi
if [ ! -z "$CONFIG_FULL_FN" ]; then
if scripts/diffconfig $CONFIGS_DIR/$CONFIG_FULL_FN .config|grep "^[^+]"; then
echo "The full config has differences compared to the applied config. Check if the base config changed since custom config was created."
exit 1
fi
fi
make -j`nproc`
mkdir -p $RELEASE_DIR 2>/dev/null || true
echo "REPOSITORY_URL=$REPO" > $RELEASE_DIR/COMMIT_INFO
(echo -n "COMMIT_HASH="; git rev-parse HEAD) >> $RELEASE_DIR/COMMIT_INFO
cp $BUILD_DIR/arch/x86/boot/bzImage $RELEASE_DIR/
cp $BUILD_DIR/lakitu_defconfig $RELEASE_DIR/
cp $BUILD_DIR/.config $RELEASE_DIR/
if [ "$TARGET" == "lts" ]; then cp $BUILD_DIR/upstream_defconfig $RELEASE_DIR/; fi
gzip -c $BUILD_DIR/vmlinux > $RELEASE_DIR/vmlinux.gz