diff --git a/.github/workflows/build-linux.yml b/.github/workflows/build-linux.yml new file mode 100644 index 000000000..220cdc60e --- /dev/null +++ b/.github/workflows/build-linux.yml @@ -0,0 +1,63 @@ +name: Build Linux + +on: + workflow_call: + outputs: + kernel-artifact-url: + description: "URL of the built (and uploaded) Linux kernel" + value: ${{ github.api_url }}/repos/${{ github.repository }}/actions/artifacts/${{ jobs.build.outputs.kernel-artifact-id }}/zip + +jobs: + build: + name: Build Linux + runs-on: ubuntu-latest + outputs: + kernel-artifact-id: ${{ steps.upload-linux-kernel.outputs.artifact-id }} + steps: + - uses: actions/checkout@v4 + - uses: actions/cache/restore@v4 + id: restore-cached-kernel + with: + path: build/arch/x86/boot/bzImage + key: linux-kernel-${{ hashFiles('data/config') }} + - if: steps.restore-cached-kernel.outputs.cache-hit != 'true' + uses: actions/checkout@v4 + with: + repository: 'torvalds/linux' + # TODO: Bump to v6.11 once tagged. + ref: 81510a0eaa6916c2fbb0b2639f3e617a296979a3 + fetch-depth: 1 + path: linux/ + - if: steps.restore-cached-kernel.outputs.cache-hit != 'true' + name: Install required tools + run: sudo apt-get install -y libelf-dev + - if: steps.restore-cached-kernel.outputs.cache-hit != 'true' + name: Build kernel + run: | + config=$(readlink --canonicalize-existing data/config) + build=$(pwd)/build/ + + cd linux/ + export KBUILD_OUTPUT="${build}" + mkdir "${KBUILD_OUTPUT}" + + KCONFIG_ALLCONFIG="${config}" make O="${KBUILD_OUTPUT}" allnoconfig + + echo "::group::config" + cat "${KBUILD_OUTPUT}/.config" + echo "::endgroup::" + + make O="${KBUILD_OUTPUT}" --jobs $(($(nproc) * 2)) + - if: steps.restore-cached-kernel.outputs.cache-hit != 'true' + uses: actions/cache/save@v4 + with: + path: build/arch/x86/boot/bzImage + key: linux-kernel-${{ hashFiles('data/config') }} + - uses: actions/upload-artifact@v4 + id: upload-linux-kernel + with: + name: linux-kernel + if-no-files-found: error + # The kernel image is already compressed. + compression-level: 0 + path: build/arch/x86/boot/bzImage diff --git a/.github/workflows/publish-cli.yml b/.github/workflows/publish-cli.yml index 1a5c4155e..1b420a5b9 100644 --- a/.github/workflows/publish-cli.yml +++ b/.github/workflows/publish-cli.yml @@ -40,7 +40,7 @@ jobs: --request POST \ --url https://api.github.com/repos/${{ github.repository }}/releases \ --header "Accept: application/vnd.github+json" \ - --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}"\ + --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ --header "X-GitHub-Api-Version: 2022-11-28" \ --data "{ \"tag_name\":\"cli-v${version}\", diff --git a/.github/workflows/test-linux.yml b/.github/workflows/test-linux.yml new file mode 100644 index 000000000..a480dcd8c --- /dev/null +++ b/.github/workflows/test-linux.yml @@ -0,0 +1,66 @@ +name: Build Linux + +on: + push: + +jobs: + build-linux-kernel: + uses: ./.github/workflows/build-linux.yml + secrets: inherit + test: + needs: [build-linux-kernel] + name: Test and coverage + runs-on: ubuntu-22.04 + env: + LLVM_GSYMUTIL: /usr/bin/llvm-gsymutil-14 + steps: + - uses: actions/checkout@v4 + - uses: dtolnay/rust-toolchain@nightly + - uses: Swatinem/rust-cache@v2 + - name: Install required tools + run: sudo apt-get install -y llvm-14 + - name: Build main.sh + env: + ARTIFACT_URL: ${{ needs.build-linux-kernel.outputs.kernel-artifact-url }} + PYTHON: ${{ steps.py312.outputs.python-path }} + run: | + # Build all tests. + cargo build --tests + # Get a list of tests we just built. + IFS='' tests=$(cargo build -Z unstable-options --tests --build-plan | \ + jq -r ' + .invocations[] | + select( + .package_name == "blazesym" and + .outputs[0] != null and + (.outputs[0] | endswith(".rlib") | not) and + (.outputs[0] | contains("/build/") | not) + ) | + .outputs[0] + ') + # Yes, there appears to be no way to just retrieve the + # uploaded artifact. One can't use actions/download-artifact + # and provide any of the outputs of actions/upload-artifact. + # Neither does it seem possible to just download the thing + # directly, because contents are unconditionally zipped. Good. + # Lord. + curl --location \ + --fail-with-body \ + --header "Accept: application/vnd.github+json" \ + --header "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}"\ + --header "X-GitHub-Api-Version: 2022-11-28" \ + --output artifact.zip \ + "${ARTIFACT_URL}" + # This unzip will produce the kernel bzImage. + unzip artifact.zip + cat < main.sh + set -e -u -o pipefail + export PYTHON=${PYTHON} + ${tests} + EOF + chmod a+x main.sh + - name: Test + uses: danobi/vmtest-action@master + with: + kernel: bzImage + command: ${{ github.workspace }}/main.sh diff --git a/data/config b/data/config new file mode 100644 index 000000000..7f8746c63 --- /dev/null +++ b/data/config @@ -0,0 +1,148 @@ +CONFIG_KERNEL_ZSTD=y +CONFIG_SYSVIPC=y +CONFIG_POSIX_MQUEUE=y +CONFIG_WATCH_QUEUE=y +CONFIG_CPU_ISOLATION=y +CONFIG_IKCONFIG=y +CONFIG_IKCONFIG_PROC=y +CONFIG_CGROUPS=y +CONFIG_MEMCG=y +CONFIG_NAMESPACES=y +CONFIG_UTS_NS=y +CONFIG_TIME_NS=y +CONFIG_IPC_NS=y +CONFIG_USER_NS=y +CONFIG_PID_NS=y +CONFIG_NET_NS=y +CONFIG_UID16=y +CONFIG_SYSFS_SYSCALL=y +CONFIG_FHANDLE=y +CONFIG_POSIX_TIMERS=y +CONFIG_PRINTK=y +CONFIG_FUTEX=y +CONFIG_FUTEX_PI=y +CONFIG_EPOLL=y +CONFIG_SIGNALFD=y +CONFIG_TIMERFD=y +CONFIG_EVENTFD=y +CONFIG_SHMEM=y +CONFIG_AIO=y +CONFIG_KALLSYMS=y +CONFIG_KALLSYMS_ALL=y +CONFIG_64BIT=y +CONFIG_X86_64=y +CONFIG_X86=y +CONFIG_MMU=y +CONFIG_X86_64_SMP=y +CONFIG_SMP=y +CONFIG_X86_X2APIC=y +CONFIG_X86_MPPARSE=y +CONFIG_SCHED_OMIT_FRAME_POINTER=y +CONFIG_HYPERVISOR_GUEST=y +CONFIG_PARAVIRT=y +CONFIG_PARAVIRT_SPINLOCKS=y +CONFIG_KVM_GUEST=y +CONFIG_PARAVIRT_CLOCK=y +CONFIG_CPU_SUP_INTEL=y +CONFIG_CPU_SUP_AMD=y +CONFIG_SCHED_CLUSTER=y +CONFIG_SCHED_SMT=y +CONFIG_X86_MSR=y +CONFIG_X86_CPUID=y +CONFIG_MTRR=y +CONFIG_HZ_300=y +CONFIG_PM=y +CONFIG_ACPI=y +CONFIG_ACPI_BUTTON=y +CONFIG_CPU_IDLE=y +CONFIG_IA32_EMULATION=y +CONFIG_COMPAT_32=y +CONFIG_COMPAT=y +CONFIG_KVM_MMIO=y +CONFIG_KVM_ASYNC_PF=y +CONFIG_VIRTUALIZATION=y +CONFIG_JUMP_LABEL=y +CONFIG_BLOCK=y +CONFIG_FREEZER=y +CONFIG_BINFMT_ELF=y +CONFIG_COMPAT_BINFMT_ELF=y +CONFIG_ELFCORE=y +CONFIG_BINFMT_SCRIPT=y +CONFIG_BINFMT_MISC=y +CONFIG_COREDUMP=y +CONFIG_SLUB=y +CONFIG_MEMORY_ISOLATION=y +CONFIG_MEMFD_CREATE=y +CONFIG_PER_VMA_LOCK=y +CONFIG_NET=y +CONFIG_NET_INGRESS=y +CONFIG_NET_EGRESS=y +CONFIG_NET_XGRESS=y +CONFIG_PACKET=y +CONFIG_UNIX=y +CONFIG_INET=y +CONFIG_IPV6=y +CONFIG_NET_SCHED=y +CONFIG_NET_9P=y +CONFIG_NET_9P_VIRTIO=y +CONFIG_PAGE_POOL=y +CONFIG_PCI=y +CONFIG_DEVTMPFS=y +CONFIG_DEVTMPFS_MOUNT=y +CONFIG_DEVTMPFS_SAFE=y +CONFIG_STANDALONE=y +CONFIG_SYS_HYPERVISOR=y +CONFIG_PROC_EVENTS=y +CONFIG_BLK_DEV=y +CONFIG_ATA=y +CONFIG_SATA_HOST=y +CONFIG_SATA_AHCI=y +CONFIG_NETDEVICES=y +CONFIG_NET_CORE=y +CONFIG_ETHERNET=y +CONFIG_TTY=y +CONFIG_SERIAL_EARLYCON=y +CONFIG_SERIAL_8250=y +CONFIG_SERIAL_8250_CONSOLE=y +CONFIG_SERIAL_8250_PCI=y +CONFIG_SERIAL_CORE=y +CONFIG_SERIAL_CORE_CONSOLE=y +CONFIG_SERIAL_DEV_BUS=y +CONFIG_SERIAL_DEV_CTRL_TTYPORT=y +CONFIG_VIRTIO_CONSOLE=y +CONFIG_DEVMEM=y +CONFIG_DEVPORT=y +CONFIG_HPET=y +CONFIG_VIRT_DRIVERS=y +CONFIG_VIRTIO=y +CONFIG_VIRTIO_PCI_LIB=y +CONFIG_VIRTIO_MENU=y +CONFIG_VIRTIO_PCI=y +CONFIG_VHOST_TASK=y +CONFIG_STAGING=y +CONFIG_COMMON_CLK=y +CONFIG_HWSPINLOCK=y +CONFIG_MEMORY=y +CONFIG_FILE_LOCKING=y +CONFIG_FSNOTIFY=y +CONFIG_DNOTIFY=y +CONFIG_INOTIFY_USER=y +CONFIG_PROC_FS=y +CONFIG_PROC_SYSCTL=y +CONFIG_SYSFS=y +CONFIG_TMPFS=y +CONFIG_NETWORK_FILESYSTEMS=y +CONFIG_9P_FS=y +CONFIG_9P_FS_POSIX_ACL=y +CONFIG_9P_FS_SECURITY=y +CONFIG_NLS=y +CONFIG_NLS_CODEPAGE_437=y +CONFIG_NLS_ASCII=y +CONFIG_ZSTD_COMMON=y +CONFIG_ZSTD_DECOMPRESS=y +CONFIG_DECOMPRESS_ZSTD=y +CONFIG_ASSOCIATIVE_ARRAY=y +CONFIG_PRINTK_TIME=y +CONFIG_SYMBOLIC_ERRNAME=y +CONFIG_BUILDTIME_MCOUNT_SORT=y +CONFIG_RING_BUFFER=y