rpms/gasket-driver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: rpms:a8e8d7cd3057b2d8248ac88dbd533de5dbb686b7
Branches Tags
rpms:main
...
compare: rpms:1a3a502213136932b542f41b310af6d3f55a384f
Branches Tags
rpms:main

6 Commits
a8e8d7cd30 ... 1a3a502213

Author SHA1 Message Date
Dustin C. Hatch
1a3a502213 Include kernel version in release tag
All checks were successful
RPMs/gasket-driver/pipeline/head This commit looks good
Details 
This will allow `dnf` to automatically upgrade the package when a new
build is published for a new kernel release.
 2025-11-16 09:30:18 -06:00
Dustin C. Hatch
5a6e882d45 ci: Fetch sources from local mirror 
I've created a mirror of the _gasket-driver_ Git repository, to ensure
it remains available, even if Google decides to remove it or GitHub is
temporarily unavailable.
 2025-11-16 09:30:18 -06:00
Dustin C. Hatch
663a2976ad ci: Publish RPMs to dch Yum repo 2025-11-16 09:30:12 -06:00
Dustin C. Hatch
7f673e3b5a ci: Sign RPMs 2025-11-16 09:29:52 -06:00
Dustin C. Hatch
2b7954bb52 ci: Sign the kernel modules 
It turns out, everything is already in place to enable kernel module
signing.  All that's necessary is to provide a certificate and private
key at the correct path; if those are present, the modules files will be
signed during `modules_install`.
 2025-11-16 09:26:45 -06:00
Dustin C. Hatch
cdc38a9f5a ci: Begin Jenkins pipeline 2025-11-16 09:26:41 -06:00
7 changed files with 218 additions and 3 deletions
Expand all files Collapse all files

98
ci/Jenkinsfile vendored Normal file
View File

@@ -0,0 +1,98 @@
pipeline {
agent none
stages {
stage('RPM') {
matrix {
axes {
axis {
name 'FEDORA'
values '41', '42'
}
}
agent {
kubernetes {
yamlFile 'ci/podTemplate.yaml'
yamlMergeStrategy merge()
defaultContainer 'fedora'
containerTemplate {
name 'fedora'
image "registry.fedoraproject.org/fedora:${FEDORA}"
}
}
}
stages {
stage('Prepare') {
steps {
sh '. ci/prepare.sh'
}
}
stage('Build') {
steps {
withCredentials([file(
credentialsId: 'kmod-signing-cert',
variable: 'SIGNING_KEY',
)]) {
sh '. ci/build.sh'
}
}
}
stage('Sign') {
when {
branch 'main'
}
environment {
GNUPGHOME = "${env.WORKSPACE_TMP}/gnupg"
}
steps {
withCredentials([
file(
credentialsId: 'rpm-gpg-key',
variable: 'RPM_GPG_PRIVATE_KEY',
),
file(
credentialsId: 'rpm-gpg-key-passphrase',
variable: 'RPM_GPG_KEY_PASSPHRASE',
),
]) {
sh '. ci/sign.sh'
}
}
}
stage('Archive') {
steps {
archiveArtifacts '*.rpm'
}
}
stage('Publish') {
when {
branch 'main'
}
steps {
sshagent(['jenkins-repohost']) {
sh '. ci/publish.sh'
}
}
}
}
}
}
}
post {
failure {
emailext(
to: 'gyrfalcon@ebonfire.com',
subject: '$DEFAULT_SUBJECT',
body: '$DEFAULT_CONTENT',
)
}
}
}

35
ci/build.sh Normal file
View File

@@ -0,0 +1,35 @@
#!/bin/sh
if [ $(id -u) -eq 0 ]; then
kver=$(rpm -q --qf %{VERSION}-%{RELEASE}.%{ARCH} kernel-devel)
ln -s "${SIGNING_KEY}" /usr/src/kernels/${kver}/certs/signing_key.x509
ln -s "${SIGNING_KEY}" /usr/src/kernels/${kver}/certs/signing_key.pem
exec setpriv --clear-groups --reuid 1000 --regid 1000 --inh-caps=-all \
sh -ex ci/build.sh
fi
git_rev=$(
sed -nr '/^%global git_revision_full/s/.* ([a-z0-9]{40})$/\1/p' \
gasket-driver.spec
)
curl -fL \
-o gasket-driver-${git_rev}.tar.gz \
https://git.pyrocufflink.net/dustin/gasket-driver/archive/${git_rev}.tar.gz
# We're downloading the archive from our local mirror of upstream's repository,
# just in case it goes away or becomes unavailable. Unfortunately, Gitea
# creates a slightly different archive layout than GitHub, so we need to fix it
# up before passing it to `rpmbuild`.
rm -rf src
mkdir src
tar -xzf gasket-driver-${git_rev}.tar.gz -C src
mv src/gasket-driver src/gasket-driver-${git_rev}
tar -cf gasket-driver-${git_rev}.tar.gz -C src gasket-driver-${git_rev}
rpmbuild \
-D "_topdir ${PWD}" \
-D '_sourcedir %{_topdir}' \
-ba gasket-driver.spec
ln RPMS/*/*.rpm SRPMS/*.rpm .

24
ci/podTemplate.yaml Normal file
View File

@@ -0,0 +1,24 @@
spec:
containers:
- name: fedora
command:
- cat
stdin: true
tty: true
resources:
requests:
cpu: 1500m
securityContext:
runAsUser: 0
runAsGroup: 0
volumeMounts:
- mountPath: /etc/ssh/ssh_known_hosts
name: ssh-known-hosts
subPath: ssh_known_hosts
hostUsers: false
nodeSelector:
du5t1n.me/jenkins:
volumes:
- name: ssh-known-hosts
configMap:
name: ssh-known-hosts

10
ci/prepare.sh Normal file
View File

@@ -0,0 +1,10 @@
#!/bin/sh
xargs dnf install -y --setopt install_weak_deps=0 <<EOF
kernel-devel
openssh-clients
rpm-build
rpm-sign
rsync
util-linux
EOF

22
ci/publish.sh Normal file
View File

@@ -0,0 +1,22 @@
#!/bin/sh
ARCH="$(uname -m)"
REPO_HOST=jenkins@files.pyrocufflink.blue
REPO_PATH=/srv/www/repohost/repos/dch/fedora/$(rpm --eval %fedora)
case "${ARCH}" in
x86_64)
# only include the SRPM once
include='*.rpm'
;;
*)
include="*.${ARCH}.rpm"
;;
esac
rsync -rtiO \
--chmod=ugo=rwX \
--include "${include}" \
--exclude '*' \
./ \
"${REPO_HOST}:${REPO_PATH}/"

21
ci/sign.sh Normal file
View File

@@ -0,0 +1,21 @@
#!/bin/sh
if [ $(id -u) -eq 0 ]; then
exec setpriv --clear-groups --reuid 1000 --regid 1000 --inh-caps=-all \
sh -ex ci/sign.sh
fi
install -m u=rwx,go= -d "${GNUPGHOME}"
cat > "${GNUPGHOME}"/gpg-agent.conf <<EOF
allow-loopback-pinentry
EOF
gpg2 --pinentry-mode loopback --passphrase-fd 0 \
--import "${RPM_GPG_PRIVATE_KEY}" \
< "${RPM_GPG_KEY_PASSPHRASE}"
rpmsign --addsign \
-D '_gpg_name jenkins@pyrocufflink.net' \
-D '_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-fd 3' \
*.rpm \
3< "${RPM_GPG_KEY_PASSPHRASE}"

11
gasket-driver.spec
View File

@@ -1,13 +1,15 @@
%global git_revision 5815ee3 %global git_revision 5815ee3
%global git_revision_full 5815ee3908a46a415aac616ac7b9aedcb98a504c %global git_revision_full 5815ee3908a46a415aac616ac7b9aedcb98a504c
%global kernel_ver %(rpm -q --qf %{VERSION}-%{RELEASE} kernel-devel) %global kernel_version %(rpm -q --qf %{VERSION} kernel-devel)
%global kernel_release %(rpm -q --qf %{RELEASE} kernel-devel)
%global kernel_ver %{kernel_version}-%{kernel_release}
%define _debugsource_template %{nil} %define _debugsource_template %{nil}
Name: gasket-driver Name: gasket-driver
Version: 0.0.git%{git_revision} Version: 0.0.git%{git_revision}
Release: 1 Release: 2.k%{kernel_version}%{?dist}
Summary: The Coral Gasket Driver allows usage of the Coral EdgeTPU on Linux systems Summary: The Coral Gasket Driver allows usage of the Coral EdgeTPU on Linux systems
License: GPL-2.0 License: GPL-2.0
@@ -17,7 +19,7 @@ Patch0: 0001-core-Omit-no_llseek-reference.patch
Patch1: 0002-Update-gasket_page_table.c-Fix-MODULE_IMPORT_NS.patch Patch1: 0002-Update-gasket_page_table.c-Fix-MODULE_IMPORT_NS.patch
BuildRequires: kernel-devel BuildRequires: kernel-devel
Requires: kernel-core == %{kernel_ver} Requires: kernel-core == %{kernel_version}
Requires(post): kmod Requires(post): kmod
%description %description
@@ -47,5 +49,8 @@ depmod -a %{kernel_ver}.%{_arch}
%changelog %changelog
* Sun Nov 16 2025 Dustin C. Hatch <dustin@hatch.name> [0.0.git5815ee3-2]
- Include kernel version in release tag
* Wed Aug 06 2025 Dustin C. Hatch <dustin@hatch.name> [0.0.git5815ee3-1] * Wed Aug 06 2025 Dustin C. Hatch <dustin@hatch.name> [0.0.git5815ee3-1]
- Initial package - Initial package