mirror of
https://github.com/linuxboot/heads.git
synced 2024-12-19 21:17:55 +00:00
d7915e1639
hardcode VERSION='reproducible_build' into generated configure script to get rid of generate random git abbrev 8/12 chars (could not find source) patches/openssl-3.0.8.patch: clean up tpm2-tools/tpm2-tss: hack configure scripts to not contain hardcoded libs and other rpath related strings, using sed instead of patching configure script like cryptsetup2 patch Will be clened up in other commits. Leaving here as trace for autotools sed patching for reproducible builds. CircleCI: change working dir from project->heads so that CircleCI and local builds are from heads directory, helping reproducible builds TODO: change other patches a well and generalize to gpg toolstack, removing patches that are a maintainership burden. Signed-off-by: Thierry Laurion <insurgo@riseup.net>
533 lines
17 KiB
YAML
533 lines
17 KiB
YAML
version: 2.1
|
|
|
|
commands:
|
|
build_board:
|
|
parameters:
|
|
arch:
|
|
type: string
|
|
target:
|
|
type: string
|
|
subcommand:
|
|
type: string
|
|
steps:
|
|
- run:
|
|
name: Install dependencies
|
|
command: |
|
|
ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime
|
|
apt update
|
|
apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg gawk iasl m4 nasm patch python python2 python3 wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev doxygen graphviz udev libudev1 libudev-dev automake libtool rsync innoextract sudo libssl-dev device-tree-compiler u-boot-tools sharutils e2fsprogs parted curl unzip imagemagick libncurses5-dev zip
|
|
- run:
|
|
name: Make Board (FULL ORDERED BUILD LOGS HERE UNTIL JOB FAILED)
|
|
command: |
|
|
rm -rf build/<<parameters.arch>>/<<parameters.target>>/* build/<<parameters.arch>>/log/* && make V=1 BOARD=<<parameters.target>> <<parameters.subcommand>> || touch ./tmpDir/failed_build
|
|
no_output_timeout: 3h
|
|
- run:
|
|
name: Output hashes
|
|
command: |
|
|
cat build/<<parameters.arch>>/<<parameters.target>>/hashes.txt || echo "No hashes.txt for this build step..."
|
|
- run:
|
|
name: Output sizes
|
|
command: |
|
|
cat build/<<parameters.arch>>/<<parameters.target>>/sizes.txt || echo "No sizes.txt for this build step..."
|
|
- run:
|
|
name: Archiving build logs.
|
|
command: |
|
|
tar zcvf build/<<parameters.arch>>/<<parameters.target>>/logs.tar.gz $(find build/ -name "*.log")
|
|
- run:
|
|
name: Output build failing logs
|
|
command: |
|
|
if [[ -f ./tmpDir/failed_build ]]; then find ./build/<<parameters.arch>>/ -name "*.log" -type f -mmin -1|while read log; do echo ""; echo '==>' "$log" '<=='; echo ""; cat $log;done; exit 1;else echo "Step hasn't failed. Continuing with next step..."; fi \
|
|
- store_artifacts:
|
|
path: build/<<parameters.arch>>/<<parameters.target>>
|
|
|
|
jobs:
|
|
prep_env:
|
|
docker:
|
|
- image: debian:11
|
|
resource_class: large
|
|
working_directory: ~/heads
|
|
steps:
|
|
- run:
|
|
name: Install dependencies
|
|
command: |
|
|
ln -fs /usr/share/zoneinfo/America/New_York /etc/localtime
|
|
apt update
|
|
apt install -y build-essential zlib1g-dev uuid-dev libdigest-sha-perl libelf-dev bc bzip2 bison flex git gnupg gawk iasl m4 nasm patch python python2 python3 wget gnat cpio ccache pkg-config cmake libusb-1.0-0-dev autoconf texinfo ncurses-dev doxygen graphviz udev libudev1 libudev-dev automake libtool rsync innoextract sudo imagemagick libncurses5-dev
|
|
- checkout
|
|
- run:
|
|
name: git reset
|
|
command: |
|
|
git reset --hard "$CIRCLE_SHA1" \
|
|
|
|
- run:
|
|
name: Make tmp dir
|
|
command: |
|
|
mkdir ./tmpDir \
|
|
|
|
- run:
|
|
name: Creating all modules and patches digest (All modules cache digest)
|
|
command: |
|
|
find ./Makefile ./patches/ ./modules/ -type f | sort -h |xargs sha256sum > ./tmpDir/all_modules_and_patches.sha256sums \
|
|
|
|
- run:
|
|
name: Creating coreboot (and associated patches) and musl-cross-make modules digest (musl-cross-make and coreboot cache digest)
|
|
command: |
|
|
find ./Makefile ./modules/coreboot ./modules/musl-cross* ./patches/coreboot* -type f | sort -h | xargs sha256sum > ./tmpDir/coreboot_musl-cross.sha256sums \
|
|
|
|
- run:
|
|
name: Creating musl-cross-make and musl-cross-make patches digest (musl-cross-make cache digest)
|
|
command: |
|
|
find ./Makefile modules/musl-cross* -type f | sort -h | xargs sha256sum > ./tmpDir/musl-cross.sha256sums \
|
|
|
|
- restore_cache:
|
|
keys:
|
|
#Restore existing cache for matching modules digest, validated to be exactly the same as in github current commit.
|
|
#This cache was made on top of below caches, if previously existing. If no module definition changed, we reuse this one. Otherwise...
|
|
- heads-modules-and-patches-{{ checksum "./tmpDir/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
|
|
#If precedent cache not found, restore cache for coreboot module (and patches) and musl-cross-make digests (coreboot: triannual release)
|
|
#Otehrwise....
|
|
- heads-coreboot-musl-cross-{{ checksum "./tmpDir/coreboot_musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
|
|
#If precedent cache not found. Restore cache for musl-cross-make module digest (rarely modified).
|
|
#Otherwise, we build cleanly.
|
|
- heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
|
|
- run:
|
|
name: Download and neuter xx20 ME (keep generated GBE and extracted IFD in tree)
|
|
command: |
|
|
./blobs/xx20/download_parse_me.sh
|
|
|
|
- run:
|
|
name: Download and neuter xx30 ME (keep generated GBE and extracted IFD in tree)
|
|
# me_cleaner.py present under heads xx30 blobs dir comes from https://github.com/corna/me_cleaner/blob/43612a630c79f3bc6f2653bfe90dfe0b7b137e08/me_cleaner.py
|
|
command: |
|
|
./blobs/xx30/download_clean_me_manually.sh -m $(readlink -f ./blobs/xx30/me_cleaner.py)
|
|
|
|
- run:
|
|
name: Download and extract t530 vbios roms for dgpu boards
|
|
command: |
|
|
./blobs/xx30/vbios_t530.sh
|
|
|
|
- run:
|
|
name: Download and extract w530 vbios roms for dgpu boards
|
|
command: |
|
|
./blobs/xx30/vbios_w530.sh
|
|
|
|
- persist_to_workspace:
|
|
root: ~/
|
|
paths:
|
|
- .
|
|
|
|
build_and_persist:
|
|
docker:
|
|
- image: debian:11
|
|
resource_class: large
|
|
working_directory: ~/heads
|
|
parameters:
|
|
arch:
|
|
type: string
|
|
default: x86
|
|
target:
|
|
type: string
|
|
subcommand:
|
|
type: string
|
|
steps:
|
|
- attach_workspace:
|
|
at: ~/
|
|
- build_board:
|
|
arch: <<parameters.arch>>
|
|
target: <<parameters.target>>
|
|
subcommand: <<parameters.subcommand>>
|
|
- persist_to_workspace:
|
|
root: ~/
|
|
paths:
|
|
- heads/packages/<<parameters.arch>>
|
|
- heads/build/<<parameters.arch>>
|
|
- heads/crossgcc/<<parameters.arch>>
|
|
- heads/install/<<parameters.arch>>
|
|
|
|
build:
|
|
docker:
|
|
- image: debian:11
|
|
resource_class: large
|
|
working_directory: ~/heads
|
|
parameters:
|
|
arch:
|
|
type: string
|
|
default: x86
|
|
target:
|
|
type: string
|
|
subcommand:
|
|
type: string
|
|
steps:
|
|
- attach_workspace:
|
|
at: ~/
|
|
- build_board:
|
|
arch: <<parameters.arch>>
|
|
target: <<parameters.target>>
|
|
subcommand: <<parameters.subcommand>>
|
|
|
|
save_cache:
|
|
docker:
|
|
- image: debian:11
|
|
resource_class: large
|
|
working_directory: ~/heads
|
|
steps:
|
|
- attach_workspace:
|
|
at: ~/
|
|
- save_cache:
|
|
#Generate cache for the same musl-cross module definition if hash is not previously existing
|
|
#CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names
|
|
key: heads-musl-cross-{{ checksum "./tmpDir/musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
|
|
paths:
|
|
- crossgcc
|
|
- build/x86/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1
|
|
- build/ppc64/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1
|
|
- packages
|
|
- save_cache:
|
|
#Generate cache for the same coreboot mnd musl-cross-make modules definition if hash is not previously existing
|
|
#CircleCI removed their wildcard support, so we have to list precise versions to cache in directory names
|
|
key: heads-coreboot-musl-cross-{{ checksum "./tmpDir/coreboot_musl-cross.sha256sums" }}{{ .Environment.CACHE_VERSION }}
|
|
paths:
|
|
- crossgcc
|
|
- build/x86/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1
|
|
- build/ppc64/musl-cross-38e52db8358c043ae82b346a2e6e66bc86a53bc1
|
|
- packages
|
|
- build/x86/coreboot-4.11
|
|
- build/x86/coreboot-4.13
|
|
- build/x86/coreboot-4.14
|
|
- build/x86/coreboot-4.15
|
|
- build/x86/coreboot-4.17
|
|
- build/x86/coreboot-4.22.01
|
|
- build/x86/coreboot-purism
|
|
- build/x86/coreboot-nitrokey
|
|
- build/ppc64/coreboot-talos_2
|
|
- save_cache:
|
|
#Generate cache for the exact same modules definitions if hash is not previously existing
|
|
key: heads-modules-and-patches-{{ checksum "./tmpDir/all_modules_and_patches.sha256sums" }}{{ .Environment.CACHE_VERSION }}
|
|
paths:
|
|
- crossgcc
|
|
- build
|
|
- packages
|
|
- install
|
|
|
|
workflows:
|
|
version: 2
|
|
build_and_test:
|
|
jobs:
|
|
- prep_env
|
|
|
|
# Below, sequentially build one board for each coreboot
|
|
# version. The last board in the sequence is the dependency
|
|
# for the parallel boards built at the end, and also save_cache.
|
|
|
|
# coreboot 4.22.01
|
|
- build_and_persist:
|
|
name: x230-hotp-maximized
|
|
target: x230-hotp-maximized
|
|
subcommand: ""
|
|
requires:
|
|
- prep_env
|
|
|
|
# coreboot-git librems
|
|
- build_and_persist:
|
|
name: librem_14
|
|
target: librem_14
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
# coreboot-git Nitropads depending on x230-hotp-maximized cache
|
|
# since kernel is 6.x and coreboot is git is unshared
|
|
# We use nitropad's coreboot's fork crossgcc
|
|
# No need to wait further for other board's cache.
|
|
- build_and_persist:
|
|
name: nitropad-nv41
|
|
target: nitropad-nv41
|
|
subcommand: ""
|
|
requires:
|
|
- prep_env
|
|
|
|
# coreboot-git Talos II (PPC)
|
|
- build_and_persist:
|
|
name: talos-2
|
|
arch: ppc64
|
|
target: talos-2
|
|
subcommand: ""
|
|
requires:
|
|
- prep_env
|
|
|
|
#Cache one workspace per architecture. Make sure workspace caches are chainloaded and the last in chain for an arch is saved.
|
|
- save_cache:
|
|
requires:
|
|
- talos-2
|
|
- librem_14
|
|
|
|
#
|
|
# Those onboarding new boards should add their entries below.
|
|
#
|
|
#
|
|
|
|
#Coreboot 4.22.01 boards
|
|
- build:
|
|
name: x220-hotp-maximized
|
|
target: x220-hotp-maximized
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: x220-maximized
|
|
target: x220-maximized
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: t420-hotp-maximized
|
|
target: t420-hotp-maximized
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: t420-maximized
|
|
target: t420-maximized
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: x230-legacy-flash
|
|
target: x230-legacy-flash
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: x230-legacy
|
|
target: x230-legacy
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: x230-hotp-legacy
|
|
target: x230-hotp-legacy
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: x230-hotp-maximized_usb-kb
|
|
target: x230-hotp-maximized_usb-kb
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: t430-hotp-maximized
|
|
target: t430-hotp-maximized
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: x230-maximized
|
|
target: x230-maximized
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: x230-maximized-fhd_edp
|
|
target: x230-maximized-fhd_edp
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: x230-hotp-maximized-fhd_edp
|
|
target: x230-hotp-maximized-fhd_edp
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: w530-hotp-maximized
|
|
target: w530-hotp-maximized
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: t430-maximized
|
|
target: t430-maximized
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: w530-maximized
|
|
target: w530-maximized
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: t440p-maximized
|
|
target: t440p-maximized
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: t440p-hotp-maximized
|
|
target: t440p-hotp-maximized
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: w541-maximized
|
|
target: w541-maximized
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: w541-hotp-maximized
|
|
target: w541-hotp-maximized
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: qemu-coreboot-fbwhiptail-tpm2-hotp
|
|
target: qemu-coreboot-fbwhiptail-tpm2-hotp
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: z220-cmt-maximized
|
|
target: z220-cmt-maximized
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
- build:
|
|
name: z220-cmt-hotp-maximized
|
|
target: z220-cmt-hotp-maximized
|
|
subcommand: ""
|
|
requires:
|
|
- x230-hotp-maximized
|
|
|
|
#coreboot-git librem boards
|
|
- build:
|
|
name: librem_13v2
|
|
target: librem_13v2
|
|
subcommand: ""
|
|
requires:
|
|
- librem_14
|
|
|
|
- build:
|
|
name: librem_15v3
|
|
target: librem_15v3
|
|
subcommand: ""
|
|
requires:
|
|
- librem_14
|
|
|
|
- build:
|
|
name: librem_13v4
|
|
target: librem_13v4
|
|
subcommand: ""
|
|
requires:
|
|
- librem_14
|
|
|
|
- build:
|
|
name: librem_15v4
|
|
target: librem_15v4
|
|
subcommand: ""
|
|
requires:
|
|
- librem_14
|
|
|
|
- build:
|
|
name: librem_mini
|
|
target: librem_mini
|
|
subcommand: ""
|
|
requires:
|
|
- librem_14
|
|
|
|
- build:
|
|
name: librem_mini_v2
|
|
target: librem_mini_v2
|
|
subcommand: ""
|
|
requires:
|
|
- librem_14
|
|
|
|
#coreboot-git dasharo clevo_release + staging IASL patch
|
|
- build:
|
|
name: nitropad-ns50
|
|
target: nitropad-ns50
|
|
subcommand: ""
|
|
requires:
|
|
- nitropad-nv41
|
|
|
|
# - build:
|
|
# name: UNMAINTAINED_kgpe-d16_workstation-usb_keyboard
|
|
# target: UNMAINTAINED_kgpe-d16_workstation-usb_keyboard
|
|
# subcommand: ""
|
|
# requires:
|
|
# - UNMAINTAINED_kgpe-d16_workstation
|
|
|
|
# - build:
|
|
# name: UNMAINTAINED_kgpe-d16_server
|
|
# target: UNMAINTAINED_kgpe-d16_server
|
|
# subcommand: ""
|
|
# requires:
|
|
# - UNMAINTAINED_kgpe-d16_workstation
|
|
|
|
# - build:
|
|
# name: UNMAINTAINED_kgpe-d16_server-whiptail
|
|
# target: UNMAINTAINED_kgpe-d16_server-whiptail
|
|
# subcommand: ""
|
|
# requires:
|
|
# - UNMAINTAINED_kgpe-d16_workstation
|
|
|
|
# - build:
|
|
# name: librem_l1um
|
|
# target: librem_l1um
|
|
# subcommand: ""
|
|
# requires:
|
|
# - librem_14
|
|
|
|
########################
|
|
########################
|
|
### OLD STUFF ###
|
|
########################
|
|
########################
|
|
# linuxboot steps need something to pass in the kernel header path
|
|
# skipping for now
|
|
# - run:
|
|
# name: UNMAINTAINED_qemu-linuxboot-edk2
|
|
# command: |
|
|
# ./build/make-4.2.1/make \
|
|
# CROSS=/cross/bin/x86_64-linux-musl- \
|
|
# BOARD=UNMAINTAINED_qemu-linuxboot \
|
|
# `/bin/pwd`/build/linuxboot-git/build/qemu/.configured \
|
|
# # Run first to avoid too many processes
|
|
#
|
|
# - run:
|
|
# name: UNMAINTAINED_qemu-linuxboot
|
|
# command: |
|
|
# ./build/make-4.2.1/make \
|
|
# CROSS=/cross/bin/x86_64-linux-musl- \
|
|
# CPUS=16 \
|
|
# V=1 \
|
|
# BOARD=UNMAINTAINED_qemu-linuxboot \
|
|
#
|
|
# - store-artifacts:
|
|
# path: build/UNMAINTAINED_qemu-linuxboot/linuxboot.rom
|
|
# - store-artifacts:
|
|
# path: build/UNMAINTAINED_qemu-linuxboot/hashes.txt
|
|
|