linux-surface/pkg/fedora/kernel-surface/build-linux-surface.py

#!/usr/bin/env python3

import argparse
import subprocess
import sys
from pathlib import Path

#####################################################################

##
## The name of the modified kernel package.
##
PACKAGE_NAME = "surface"

##
## https://gitlab.com/cki-project/kernel-ark/-/tags
##
## Fedora tags: kernel-X.Y.Z
## Upstream tags: vX.Y.Z
##
PACKAGE_TAG = "kernel-6.3.12-0"

##
## The release number of the modified kernel package.
## e.g. 300 for kernel-6.3.1-300.fc38.foo
##
PACKAGE_RELEASE = "1"

##
## Build options for configuring which parts of the kernel package are enabled.
##
## We disable all userspace components because we only want the kernel + modules.
## We also don't care too much about debug info or UKI.
##
## To list the available options, run make dist-full-help in the kernel-ark tree.
##
KERNEL_BUILDOPTS = "+up +baseonly -debuginfo -doc -headers -efiuki"

#####################################################################

parser = argparse.ArgumentParser(usage="Build a Fedora kernel with linux-surface patches")

parser.add_argument(
    "--ark-dir",
    help="The local path to the kernel-ark repository.",
    default="kernel-ark",
)

parser.add_argument(
    "--ark-url",
    help="The remote path to the kernel-ark repository.",
    default="https://gitlab.com/cki-project/kernel-ark",
)

parser.add_argument(
    "--mode",
    help="Whether to build a source RPM or binary RPMs.",
    choices=["rpms", "srpm"],
    default="rpms",
)

parser.add_argument(
    "--outdir",
    help="The directory where the built RPM files will be saved.",
    default="out",
)

args = parser.parse_args()

# The directory where this script is saved.
script = Path(sys.argv[0]).resolve().parent

# The root of the linux-surface repository.
linux_surface = script / ".." / ".." / ".."

# Determine the major version of the kernel.
kernel_version = PACKAGE_TAG.split("-")[1]
kernel_major = ".".join(kernel_version.split(".")[:2])

# Determine the patches directory and config file.
patches = linux_surface / "patches" / kernel_major
config = linux_surface / "configs" / ("surface-%s.config" % kernel_major)

sb_cert = script / "secureboot" / "MOK.crt"
sb_key = script / "secureboot" / "MOK.key"

# Check if the major version is supported.
if not patches.exists() or not config.exists():
    print("ERROR: Could not find patches / configs for kernel %s!" % kernel_major)
    sys.exit(1)

# Check if Secure Boot keys are available.
sb_avail = sb_cert.exists() and sb_key.exists()

# If we are building without secureboot, require user input to continue.
if not sb_avail:
    print("")
    print("Secure Boot keys were not configured! Using Red Hat testkeys.")
    print("The compiled kernel will not boot with Secure Boot enabled!")
    print("")

    input("Press enter to continue: ")

# Expand globs
surface_patches = sorted(patches.glob("*.patch"))

cmd = [script / "build-ark.py"]
cmd += ["--ark-dir", args.ark_dir]
cmd += ["--ark-url", args.ark_url]
cmd += ["--mode", args.mode]
cmd += ["--outdir", args.outdir]
cmd += ["--package-name", PACKAGE_NAME]
cmd += ["--package-tag", PACKAGE_TAG]
cmd += ["--package-release", PACKAGE_RELEASE]
cmd += ["--patch"] + surface_patches
cmd += ["--config", config]
cmd += ["--buildopts", KERNEL_BUILDOPTS]

local_patches = sorted((script / "patches").glob("*.patch"))
local_configs = sorted((script / "configs").glob("*.config"))
local_files = sorted((script / "files").glob("*"))

if len(local_patches) > 0:
    cmd += ["--patch"] + local_patches

if len(local_configs) > 0:
    cmd += ["--config"] + local_configs

if len(local_files) > 0:
    cmd += ["--file"] + local_files

if sb_avail:
    sb_patches = sorted((script / "secureboot").glob("*.patch"))
    sb_configs = sorted((script / "secureboot").glob("*.config"))

    if len(sb_patches) > 0:
        cmd += ["--patch"] + sb_patches

    if len(sb_configs) > 0:
        cmd += ["--config"] + sb_configs

    cmd += ["--file", sb_cert, sb_key]

subprocess.run(cmd, check=True)