Fixed Docker build and build files for Proxmox 7

build/proxmox/Dockerfile

@@ -3,7 +3,7 @@
 # This Dockerfile builds the newest kernel with RMRR patch
 #
 # TODO Add support for custom branch of build
-FROM debian:buster
+FROM debian:bullseye
 
 RUN mkdir -p /build
 WORKDIR /build
@@ -12,4 +12,19 @@ RUN set -x \
   && apt update && apt install -y ca-certificates wget \
   && wget -O /build/build.sh 'https://raw.githubusercontent.com/kiler129/relax-intel-rmrr/master/build/proxmox/build.sh'
 
-RUN bash /build/build.sh
+RUN apt -y update
+RUN apt -y install git nano screen patch fakeroot build-essential devscripts libncurses5 libncurses5-dev libssl-dev bc \
+ flex bison libelf-dev libaudit-dev libgtk2.0-dev libperl-dev asciidoc xmlto gnupg gnupg2 rsync lintian debhelper \
+ libdw-dev libnuma-dev libslang2-dev sphinx-common asciidoc-base automake cpio dh-python file gcc kmod libiberty-dev \
+ libtool perl-modules python3-minimal sed tar zlib1g-dev lz4 curl dwarves
+
+#Need pahole 1.16 or above
+RUN TEMP_DEB="$(mktemp)" && \
+ wget -O "$TEMP_DEB" http://archive.ubuntu.com/ubuntu/pool/universe/d/dwarves-dfsg/dwarves_1.21-0ubuntu1~20.04_amd64.deb && \
+ dpkg -i "$TEMP_DEB" && \
+ rm -f "$TEMP_DEB" 
+
+
+COPY *.sh /build/
+
+RUN bash /build/build7.sh

build/proxmox/README.md

@@ -17,7 +17,7 @@ guide if you want to build packages in an isolated environment.
 3. ~30GB of free space
 
 #### Steps
-1. Download the [build script](build.sh) (e.g. use `wget https://raw.githubusercontent.com/kiler129/relax-intel-rmrr/master/build/proxmox/build.sh`)
+1. Download the [build script](build.sh) (e.g. use `wget https://raw.githubusercontent.com/kiler129/relax-intel-rmrr/build/proxmox/build.sh`)
 2. Run the [`build.sh`](build.sh) script from terminal:  
    `RMRR_AUTOINSTALL=1 bash ./build.sh`  
    <small>*You can also manually execute commands in the script step-by-step. To facilitate that the script contains 
@@ -50,9 +50,6 @@ This is mostly intended for building packages for later use (and/or when you don
 3. Copy debs *(it will give you `debs` folder)*:
    `docker cp build-cont:/build/proxmox-kernel/debs ./`
 4. Cleanup image & dummy container:  
-   ```
-   docker rm -f build-cont
-   docker rmi -f build-img
-   ```
+   `docker rmi -f build-img`
 
 Now you can [install debs like you would premade packages](../../README.md#proxmox---premade-packages-easy).

build/proxmox/build.sh

@@ -1,6 +1,21 @@
 #!/usr/bin/env bash
 set -e
 
+: "${PVE_KERNEL_BRANCH:=master}"
+: "${RELAX_INTEL_GIT_REPO:=https://github.com/kiler129/relax-intel-rmrr.git}"
+: "${PROXMOX_PATCH:=proxmox.patch}"
+: "${RELAX_PATCH:=proxmox.patch}"
+
+echo '###########################################################'
+echo '################ Settings  ################################'
+echo '###########################################################'
+
+echo "PVE_KERNEL_BRANCH:${PVE_KERNEL_BRANCH}"
+echo "RELAX_INTEL_GIT_REPO:${RELAX_INTEL_GIT_REPO}"
+echo "PROXMOX_PATCH:${PROXMOX_PATCH}"
+echo "RELAX_PATCH:${RELAX_PATCH}"
+
+
 #################################################################################
 # This script is a part of https://github.com/kiler129/relax-intel-rmrr project #
 #################################################################################
@@ -37,8 +52,9 @@ else
   echo "Step 1.0: Adding Proxmox apt repository..."
   apt -y update
   apt -y install gnupg
-  apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7BF2812E8A6E88E0
-  echo 'deb http://download.proxmox.com/debian/pve buster pve-no-subscription' > /etc/apt/sources.list.d/pve.list
+  # apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7BF2812E8A6E88E0
+  wget https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg
+  echo 'deb http://download.proxmox.com/debian/pve bullseye pve-no-subscription' > /etc/apt/sources.list.d/pve.list
 fi
 
 # Install all packages required to build the kernel & create *.deb packages for installation
@@ -47,7 +63,7 @@ apt -y update
 apt -y install git nano screen patch fakeroot build-essential devscripts libncurses5 libncurses5-dev libssl-dev bc \
  flex bison libelf-dev libaudit-dev libgtk2.0-dev libperl-dev asciidoc xmlto gnupg gnupg2 rsync lintian debhelper \
  libdw-dev libnuma-dev libslang2-dev sphinx-common asciidoc-base automake cpio dh-python file gcc kmod libiberty-dev \
- libpve-common-perl libtool perl-modules python-minimal sed tar zlib1g-dev lz4 curl
+ libpve-common-perl libtool perl-modules python3-minimal sed tar zlib1g-dev lz4 curl zstd dwarves
 
 
 
@@ -61,35 +77,32 @@ cd proxmox-kernel
 
 # Clone official Proxmox kernel repo & Relaxed RMRR Mapping patch
 echo "Step 2.1: Downloading Proxmox kernel toolchain & patches"
-git clone --depth=1 -b pve-kernel-5.4 git://git.proxmox.com/git/pve-kernel.git
-git clone --depth=1 https://github.com/kiler129/relax-intel-rmrr.git
+git clone --depth=1 -b ${PVE_KERNEL_BRANCH} git://git.proxmox.com/git/pve-kernel.git
+git clone --depth=1 ${RELAX_INTEL_GIT_REPO}
 
 # Go to the actual Proxmox toolchain
 cd pve-kernel
 
-# (OPTIONAL) Download flat copy of Ubuntu Focal kernel submodule
+# (OPTIONAL) Download flat copy of Ubuntu hirsute kernel submodule
+#  If you skip this the "make" of Proxmox kernel toolchain will download a copy (a Proxmox kernel is based on Ubuntu
 #  If you skip this the "make" of Proxmox kernel toolchain will download a copy (a Proxmox kernel is based on Ubuntu
-#  Focal kernel). However, it will download it with the whole history etc which takes A LOT of space (and time). This
+#  hirsute kernel). However, it will download it with the whole history etc which takes A LOT of space (and time). This
 #  bypasses the process safely.
 # This curl skips certificate validation because Proxmox GIT WebUI doesn't send Let's Encrypt intermediate cert
 echo "Step 2.2: Downloading base kernel"
-curl -f -k "https://git.proxmox.com/?p=mirror_ubuntu-focal-kernel.git;a=snapshot;h=$(git submodule status submodules/ubuntu-focal | cut -c 2-41);sf=tgz" --output kernel.tgz || true
-
-if [[ -f "kernel.tgz" ]]; then
-  tar -xf kernel.tgz -C submodules/ubuntu-focal/ --strip 1
-  rm kernel.tgz
-else
-  echo "[-] Failed to download flat base kernel (will use git instead)"
-fi
+#TODO: This needs a proxmox7 fix
+# curl -k "https://git.proxmox.com/?p=mirror_ubuntu-hirsute-kernel.git;a=snapshot;h=$(git submodule status submodules/ubuntu-hirsute | cut -c 2-41);sf=tgz" --output kernel.tgz
+# tar -xf kernel.tgz -C submodules/ubuntu-hirsute/ --strip 1
+# rm kernel.tgz
 
 
 
 echo '###########################################################'
 echo '################# STEP 3 - CREATE KERNEL ##################'
 echo '###########################################################'
 echo "Step 3.0: Applying patches"
-cp ../relax-intel-rmrr/patches/add-relaxable-rmrr-below-5_8.patch ./patches/kernel/CUSTOM-add-relaxable-rmrr.patch
-patch -p1 < ../relax-intel-rmrr/patches/proxmox.patch
+cp ../relax-intel-rmrr/patches/${RELAX_PATCH} ./patches/kernel/CUSTOM-add-relaxable-rmrr.patch
+patch -p1 < ../relax-intel-rmrr/patches/${PROXMOX_PATCH}
 
 
 echo "Step 3.1: Compiling kernel... (it will take 30m-3h)"

build/proxmox/build7.1-10.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+set -e
+
+export PVE_KERNEL_BRANCH=pve-kernel-5.13
+export RELAX_INTEL_GIT_REPO="https://github.com/OrpheeGT/relax-intel-rmrr.git"
+export RELAX_PATCH="add-relaxable-rmrr-5_13.patch"
+export PROXMOX_PATCH="proxmox7.patch"
+
+./build.sh

build/proxmox/build7.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+set -e
+
+export PVE_KERNEL_BRANCH=pve-kernel-5.13
+export RELAX_INTEL_GIT_REPO="https://github.com/jamestutton/relax-intel-rmrr.git"
+export RELAX_PATCH="add-relaxable-rmrr-5_11.patch"
+export PROXMOX_PATCH="proxmox7.patch"
+
+./build.sh

build/proxmox/docker-compose.yaml

@@ -0,0 +1,9 @@
+version: '3'
+services:
+  build-cont:
+    image: build-img
+    build: .
+    stdin_open: true
+    tty: true
+    volumes:
+      - ./debs:/build/proxmox-kernel/debs

patches/add-relaxable-rmrr-5_11.patch

@@ -0,0 +1,31 @@
+--- a/drivers/iommu/intel/iommu.c	2021-07-30 16:21:22.235520365 +0100
++++ b/drivers/iommu/intel/iommu.c	2021-07-30 16:28:28.905719413 +0100
+@@ -355,6 +355,7 @@
+ static int intel_iommu_superpage = 1;
+ static int iommu_identity_mapping;
+ static int iommu_skip_te_disable;
++static int intel_relaxable_rmrr = 0;
+
+ #define IDENTMAP_GFX		2
+ #define IDENTMAP_AZALIA		4
+@@ -455,7 +456,10 @@
+ 		} else if (!strncmp(str, "tboot_noforce", 13)) {
+ 			pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n");
+ 			intel_iommu_tboot_noforce = 1;
+-		}
++		} else if (!strncmp(str, "relax_rmrr", 10)) {
++			pr_info("Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss\n");
++			intel_relaxable_rmrr = 1;
++ 		}
+
+ 		str += strcspn(str, ",");
+ 		while (*str == ',')
+@@ -2802,7 +2806,7 @@
+ 		return false;
+
+ 	pdev = to_pci_dev(dev);
+-	if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
++	if (intel_relaxable_rmrr || IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
+ 		return true;
+ 	else
+ 		return false;

patches/add-relaxable-rmrr-5_13.patch

@@ -0,0 +1,29 @@
+--- a/drivers/iommu/intel/iommu.c       2022-02-26 13:51:33.821885509 +0100
++++ b/drivers/iommu/intel/iommu.c       2022-02-26 13:58:27.231463792 +0100
+@@ -364,6 +364,7 @@
+ static int intel_iommu_superpage = 1;
+ static int iommu_identity_mapping;
+ static int iommu_skip_te_disable;
++static int intel_relaxable_rmrr = 0;
+
+ #define IDENTMAP_GFX           2
+ #define IDENTMAP_AZALIA                4
+@@ -465,6 +466,9 @@
+                } else if (!strncmp(str, "tboot_noforce", 13)) {
+                        pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n");
+                        intel_iommu_tboot_noforce = 1;
++               } else if (!strncmp(str, "relax_rmrr", 10)) {
++                        pr_info("Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss\n");
++                        intel_relaxable_rmrr = 1;
+                } else {
+                        pr_notice("Unknown option - '%s'\n", str);
+                }
+@@ -2846,7 +2850,7 @@
+                return false;
+
+        pdev = to_pci_dev(dev);
+-       if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
++       if (intel_relaxable_rmrr || IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
+                return true;
+        else
+                return false;

patches/add-relaxable-rmrr-5_15.patch

@@ -0,0 +1,29 @@
+--- a/drivers/iommu/intel/iommu.c       2022-02-27 12:02:53.958814198 +0100
++++ b/drivers/iommu/intel/iommu.c       2022-02-27 12:03:07.402842983 +0100
+@@ -338,6 +338,7 @@
+ static int intel_iommu_superpage = 1;
+ static int iommu_identity_mapping;
+ static int iommu_skip_te_disable;
++static int intel_relaxable_rmrr = 0;
+
+ #define IDENTMAP_GFX           2
+ #define IDENTMAP_AZALIA                4
+@@ -442,6 +443,9 @@
+                } else if (!strncmp(str, "tboot_noforce", 13)) {
+                        pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n");
+                        intel_iommu_tboot_noforce = 1;
++                } else if (!strncmp(str, "relax_rmrr", 10)) {
++                        pr_info("Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss\n");
++                        intel_relaxable_rmrr = 1;
+                } else {
+                        pr_notice("Unknown option - '%s'\n", str);
+                }
+@@ -2824,7 +2828,7 @@
+                return false;
+
+        pdev = to_pci_dev(dev);
+-       if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
++       if (intel_relaxable_rmrr || IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev))
+                return true;
+        else
+                return false;

patches/proxmox7.patch

@@ -0,0 +1,22 @@
+--- a/Makefile
++++ b/Makefile
+@@ -11,7 +11,7 @@
+ KERNEL_MAJMIN=$(KERNEL_MAJ).$(KERNEL_MIN)
+ KERNEL_VER=$(KERNEL_MAJMIN).$(KERNEL_PATCHLEVEL)
+
+-EXTRAVERSION=-${KREL}-pve
++EXTRAVERSION=-${KREL}-pve-relaxablermrr
+ KVNAME=${KERNEL_VER}${EXTRAVERSION}
+ PACKAGE=pve-kernel-${KVNAME}
+ HDRPACKAGE=pve-headers-${KVNAME}
+--- a/debian/scripts/find-firmware.pl
++++ b/debian/scripts/find-firmware.pl
+@@ -8,7 +8,7 @@
+
+ die "no such directory" if ! -d $dir;
+
+-die "strange directory name: $dir" if $dir !~ m|^(.*/)?(\d+.\d+.\d+\-\d+\-pve)(/+)?$|;
++#die "strange directory name: $dir" if $dir !~ m|^(.*/)?(\d+.\d+.\d+\-\d+\-pve)(/+)?$|;
+
+
+ my $apiver = $2;