Eliminate Linux SUBLEVEL bump and decouple Linux image build CI #574
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Closed
|
The workflow_dispatch event should be manually triggered periodically to build the latest Linux image. After these are merged, only the |
|
The Doom and Quake patches shall be applied when building rootfs.cpio by Buildroot. The patches could stored at rv32emu-prebuilt. Will do in future PR. |
ChinYikMing
force-pushed
the
ci-build-linux-img
branch
from
6f167f3 to
9865a41
Compare
Code Review Agent Run Status
|
ChinYikMing
force-pushed
the
ci-build-linux-img
branch
from
9865a41 to
0b8c241
Compare
Add SHA256SUM as a new checksum verifier for downloading Linux tarballs since the latest Linux tarball is available at https://cdn.kernel.org/pub/linux/kernel/v6.x/ and the official SHA256 values can be found at https://cdn.kernel.org/pub/linux/kernel/v6.x/sha256sums.asc. To maintain compatibility with SHA1SUM, the verify function in mk/external.mk has been modified to support multiple SHA commands. Additionally, strip-components option has been added to ensure correct extraction when using tar to address variations in top-level directory structures such as the Linux tarball including a top-level directory while the Timidity tarball does not. With these changes, the Linux kernel SUBLEVEL bump is no longer necessary, and builds can be triggered via a workflow dispatch event. Afterwards, version updates of Linux will only apply to the VERSION and PATCHLEVEL.
ChinYikMing
force-pushed
the
ci-build-linux-img
branch
from
0b8c241 to
e1b6764
Compare
jserv
reviewed
Feb 26, 2025
Separate the Linux image build process from the build-artifact CI. The Linux image is now majorly built via a workflow dispatch event while ELF artifacts do not need to be built in the same event, thus decoupling these processes ensures that ELF artifacts are not unnecessarily rebuilt. This modular approach improves the flexibility of the artifact building workflow.
ChinYikMing
force-pushed
the
ci-build-linux-img
branch
from
e1b6764 to
ec4a794
Compare
Code Review Agent Run Status
|
|
Thank @ChinYikMing for contributing! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add SHA256SUM as a new checksum verifier for downloading Linux tarballs since the latest Linux tarball is available at https://cdn.kernel.org/pub/linux/kernel/v6.x/, and the official SHA256 values can be found at https://cdn.kernel.org/pub/linux/kernel/v6.x/sha256sums.asc. To maintain compatibility with SHA1SUM, the verify function in mk/external.mk has been modified to support multiple SHA algorithms. With these changes, the Linux kernel SUBLEVEL bump is no longer necessary and builds can be triggered via a workflow dispatch event. Afterwards, version updates of Linux will only apply to the VERSION and PATCHLEVEL.
Separate the Linux image build process from the build-artifact CI. The Linux image is now majorly built via a workflow dispatch event while ELF artifacts do not need to be built in the same event, thus decoupling these processes ensures that ELF artifacts are not unnecessarily rebuilt. This modular approach improves the flexibility of the artifact building workflow.
Summary by Bito
This pull request enhances the Linux image build process by replacing SHA1SUM with SHA256SUM for improved security. It modifies the verify function to support multiple SHA algorithms and decouples the build processes for Linux images and ELF artifacts, streamlining workflows and enhancing verification accuracy.Unit tests added: False
Estimated effort to review (1-5, lower is better): 2