|
| 1 | +#!/bin/bash |
| 2 | +# Copyright 2025 Amazon.com, Inc. or its affiliates. All Rights Reserved. |
| 3 | +# SPDX-License-Identifier: Apache-2.0 |
| 4 | + |
| 5 | +# fail if we encounter an error, uninitialized variable or a pipe breaks |
| 6 | +set -eu -o pipefail |
| 7 | + |
| 8 | +check_root() { |
| 9 | + # We need sudo privileges to install the kernel |
| 10 | + if [ "$(id -u)" -ne 0 ]; then |
| 11 | + echo "To install, this script must be run as root or with sudo privileges" |
| 12 | + exit 1 |
| 13 | + fi |
| 14 | +} |
| 15 | + |
| 16 | +check_ubuntu() { |
| 17 | + # Currently this script only works on Ubuntu instances |
| 18 | + if ! grep -qi 'ubuntu' /etc/os-release; then |
| 19 | + echo "This script currently only works on Ubuntu." |
| 20 | + exit 1 |
| 21 | + fi |
| 22 | +} |
| 23 | + |
| 24 | +tidy_up() { |
| 25 | + # Some cleanup after we are done |
| 26 | + echo "Cleaning up.." |
| 27 | + popd |
| 28 | + rm -rf $TMP_BUILD_DIR |
| 29 | +} |
| 30 | + |
| 31 | +confirm() { |
| 32 | + if [[ "$*" == *"--no-install"* ]]; then |
| 33 | + echo "Not installing new kernel." |
| 34 | + |
| 35 | + if [[ "$*" == *"--tidy"* ]]; then |
| 36 | + tidy_up |
| 37 | + fi |
| 38 | + |
| 39 | + exit 0 |
| 40 | + fi |
| 41 | + |
| 42 | + if [[ "$*" == *"--install"* ]]; then |
| 43 | + return 0 |
| 44 | + fi |
| 45 | + |
| 46 | + while true; do |
| 47 | + read -p "Do you want to install the new kernel? (y/n) " yn |
| 48 | + case $yn in |
| 49 | + [Yy]*) return 0 ;; |
| 50 | + [Nn]*) |
| 51 | + echo "Exiting..." |
| 52 | + exit 1 |
| 53 | + ;; |
| 54 | + *) echo "Please answer yes or no." ;; |
| 55 | + esac |
| 56 | + done |
| 57 | +} |
| 58 | + |
| 59 | +apply_patch_file() { |
| 60 | + git apply $1 |
| 61 | +} |
| 62 | + |
| 63 | +apply_series_mbox() { |
| 64 | + git am $1 --empty=drop |
| 65 | +} |
| 66 | + |
| 67 | +apply_series_link() { |
| 68 | + patch_url=$(cat $1) |
| 69 | + echo "Fetching mbox from:" $patch_url |
| 70 | + curl --output lore.mbox.gz "$patch_url/t.mbox.gz" |
| 71 | + gunzip lore.mbox |
| 72 | + apply_series_mbox lore.mbox |
| 73 | + rm lore.mbox |
| 74 | +} |
| 75 | + |
| 76 | +apply_patch_or_series() { |
| 77 | + case "$1" in |
| 78 | + *.patch) apply_patch_file $1 ;; |
| 79 | + *.mbox) apply_series_mbox $1 ;; |
| 80 | + *.lore) apply_series_link $1 ;; |
| 81 | + *) |
| 82 | + echo "Uknown patch file: "$1 |
| 83 | + exit 1 |
| 84 | + ;; |
| 85 | + esac |
| 86 | +} |
| 87 | + |
| 88 | +check_override_presence() { |
| 89 | + while IFS= read -r line; do |
| 90 | + if ! grep -Fq "$line" .config; then |
| 91 | + echo "Missing config: $line" |
| 92 | + exit 1 |
| 93 | + fi |
| 94 | + done <"$KERNEL_CONFIG_OVERRIDES" |
| 95 | + |
| 96 | + echo "All overrides correctly applied.." |
| 97 | +} |
| 98 | + |
| 99 | +KERNEL_URL=$(cat kernel_url) |
| 100 | +KERNEL_COMMIT_HASH=$(cat kernel_commit_hash) |
| 101 | +KERNEL_PATCHES_DIR=$(pwd)/patches |
| 102 | +KERNEL_CONFIG_OVERRIDES=$(pwd)/kernel_config_overrides |
| 103 | + |
| 104 | +TMP_BUILD_DIR=$(mktemp -d -t kernel-build-XXXX) |
| 105 | + |
| 106 | +pushd . |
| 107 | +cd $TMP_BUILD_DIR |
| 108 | + |
| 109 | +echo "Cloning kernel repository into" $TMP_BUILD_DIR |
| 110 | + |
| 111 | +# We checkout the repository that way to make it as |
| 112 | +# small and fast as possible |
| 113 | +git init |
| 114 | +git remote add origin $KERNEL_URL |
| 115 | +git fetch --depth 1 origin $KERNEL_COMMIT_HASH |
| 116 | +git checkout FETCH_HEAD |
| 117 | + |
| 118 | +# Apply our patches on top |
| 119 | +for PATCH in $KERNEL_PATCHES_DIR/*.*; do |
| 120 | + echo "Applying patch:" $(basename $PATCH) |
| 121 | + apply_patch_or_series $PATCH |
| 122 | +done |
| 123 | + |
| 124 | +echo "Making kernel config ready for build" |
| 125 | +# We use olddefconfig to automatically pull in the |
| 126 | +# config from the AMI and update to the newest |
| 127 | +# defaults |
| 128 | +make olddefconfig |
| 129 | + |
| 130 | +# Disable the ubuntu keys |
| 131 | +scripts/config --disable SYSTEM_TRUSTED_KEYS |
| 132 | +scripts/config --disable SYSTEM_REVOCATION_KEYS |
| 133 | + |
| 134 | +# We run this again to default options now changed by |
| 135 | +# the disabling of the ubuntu keys |
| 136 | +make olddefconfig |
| 137 | + |
| 138 | +# Apply our config overrides on top of the config |
| 139 | +scripts/kconfig/merge_config.sh -m .config $KERNEL_CONFIG_OVERRIDES |
| 140 | + |
| 141 | +check_override_presence |
| 142 | + |
| 143 | +echo "Building kernel this may take a while" |
| 144 | +make -s -j $(nproc) |
| 145 | +echo "Building kernel modules" |
| 146 | +make modules -s -j $(nproc) |
| 147 | +echo "Kernel build complete!" |
| 148 | + |
| 149 | +KERNEL_VERSION=$(KERNELVERSION=$(make -s kernelversion) ./scripts/setlocalversion) |
| 150 | + |
| 151 | +echo "New kernel version:" $KERNEL_VERSION |
| 152 | + |
| 153 | +# Make sure a user really wants to install this kernel |
| 154 | +confirm "$@" |
| 155 | + |
| 156 | +check_root |
| 157 | +check_ubuntu |
| 158 | + |
| 159 | +echo "Installing kernel modules..." |
| 160 | +make INSTALL_MOD_STRIP=1 modules_install |
| 161 | +echo "Installing kernel..." |
| 162 | +make INSTALL_MOD_STRIP=1 install |
| 163 | +echo "Update initramfs" |
| 164 | +update-initramfs -c -k $KERNEL_VERSION |
| 165 | +echo "Updating GRUB..." |
| 166 | +update-grub |
| 167 | + |
| 168 | +echo "Kernel built and installed successfully!" |
| 169 | + |
| 170 | +tidy_up |
0 commit comments