incus: Cherry-pick upstream bugfixes #701
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Builds | |
on: | |
push: | |
permissions: | |
contents: read | |
concurrency: | |
group: ${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build-incus: | |
name: Build Incus | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- ubuntu-20.04 | |
- ubuntu-22.04 | |
- ubuntu-24.04 | |
- debian-11 | |
- debian-12 | |
arch: | |
- amd64 | |
- arm64 | |
exclude: | |
- os: debian-11 | |
arch: arm64 | |
runs-on: | |
- self-hosted | |
- cpu-4 | |
- mem-4G | |
- disk-50G | |
- arch-${{ matrix.arch }} | |
- image-${{ matrix.os }} | |
env: | |
OS_ARCH: ${{ matrix.arch }} | |
OS_NAME: ${{ matrix.os }} | |
HOME: "/root/" | |
PKG_CONFIG_PATH: "/opt/incus/lib/pkgconfig/" | |
CGO_LDFLAGS: "-L/opt/incus/lib/" | |
CGO_CFLAGS: "-I/opt/incus/include/" | |
LD_LIBRARY_PATH: "/opt/incus/lib/" | |
CPATH: "/opt/incus/include/" | |
PATH: "/opt/incus/bin:/root/.cargo/bin:/usr/local/go/bin:/usr/local/node/bin:/bin:/usr/bin:/sbin:/usr/sbin:/usr/local/bin:/usr/local/sbin" | |
LXC_TAG: "v6.0.2" | |
LXCFS_TAG: "v6.0.2" | |
INCUS_TAG: "v6.5.0" | |
INCUS_UI_CANONICAL_TAG: "0.12" | |
RAFT_TAG: "v0.22.1" | |
COWSQL_TAG: "v1.15.6" | |
CRIU_TAG: "v3.19" | |
EDK2_TAG: "edk2-stable202408" | |
GOLANG_TAG: "go1.23.1" | |
LIBTPMS_TAG: "v0.9.6" | |
LIBURING_TAG: "liburing-2.7" | |
MINIO_TAG: "RELEASE.2024-09-13T20-26-02Z" | |
MINIO_MC_TAG: "RELEASE.2024-09-09T07-53-10Z" | |
NASM_TAG: "nasm-2.16.03" | |
NVIDIA_CONTAINER_TAG: "v1.16.1" | |
QEMU_TAG: "v9.0.2" | |
SEABIOS_TAG: "rel-1.16.3" | |
SKOPEO_TAG: "v1.16.1" | |
SWTPM_TAG: "v0.9.0" | |
UMOCI_TAG: "v0.4.7" | |
VIRTIOFSD_TAG: "v1.11.1" | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Configure git | |
run: | | |
git config --global --add advice.detachedHead false | |
git config --global user.email "[email protected]" | |
git config --global user.name "Zabbly Incus build" | |
- name: Install dependencies | |
run: | | |
apt-get update | |
apt-get install --no-install-recommends --yes \ | |
acpica-tools \ | |
asciidoc \ | |
autoconf \ | |
automake \ | |
bison \ | |
bmake \ | |
build-essential \ | |
curl \ | |
debhelper \ | |
devscripts \ | |
dosfstools \ | |
expect \ | |
flex \ | |
gawk \ | |
gettext \ | |
git \ | |
iproute2 \ | |
libacl1-dev \ | |
libaio-dev \ | |
libapparmor-dev \ | |
libbtrfs-dev \ | |
libcap-dev \ | |
libcap-ng-dev \ | |
libdbus-1-dev \ | |
libdevmapper-dev \ | |
libelf-dev \ | |
libfuse3-dev \ | |
libglib2.0-dev \ | |
libgnutls28-dev \ | |
libgpgme-dev \ | |
libjson-glib-dev \ | |
libnet1-dev \ | |
libnl-3-dev \ | |
libnuma-dev \ | |
libpam0g-dev \ | |
libpixman-1-dev \ | |
libprotobuf-c-dev \ | |
libprotobuf-dev \ | |
librbd-dev \ | |
libseccomp-dev \ | |
libselinux1-dev \ | |
libspice-server-dev \ | |
libsqlite3-dev \ | |
libssl-dev \ | |
libtirpc-dev \ | |
libtool \ | |
libudev-dev \ | |
libusb-1.0-0-dev \ | |
libusbredirhost-dev \ | |
libuv1-dev \ | |
lsb-release \ | |
mtools \ | |
ninja-build \ | |
pkg-config \ | |
protobuf-c-compiler \ | |
protobuf-compiler \ | |
python3-cryptography \ | |
python3-jinja2 \ | |
python3-pexpect \ | |
python3-pip \ | |
python3-setuptools \ | |
python3-venv \ | |
rsync \ | |
socat \ | |
uuid-dev \ | |
xmlto \ | |
xorriso | |
pip3 install meson || pip3 install meson --break-system-packages | |
pip3 install tomli || pip3 install tomli --break-system-packages | |
- name: Install backported debhelper (on focal) | |
if: ${{ matrix.os == 'ubuntu-20.04' }} | |
run: | | |
if [ "${OS_ARCH}" = "amd64" ]; then | |
echo "deb http://archive.ubuntu.com/ubuntu focal-backports main restricted universe multiverse" >> /etc/apt/sources.list | |
else | |
echo "deb http://ports.ubuntu.com/ubuntu-ports focal-backports main restricted universe multiverse" >> /etc/apt/sources.list | |
fi | |
apt-get install -t focal-backports debhelper --yes | |
- name: Install backported git (on focal) | |
if: ${{ matrix.os == 'ubuntu-20.04' }} | |
run: | | |
apt-get install software-properties-common --yes | |
add-apt-repository ppa:git-core/ppa --yes | |
apt-get install git --yes | |
- name: Install Go | |
run: | | |
curl -sL "https://go.dev/dl/${GOLANG_TAG}.linux-${OS_ARCH}.tar.gz" | tar -C /usr/local/ -zx | |
go version | |
- name: Install Rust | |
run: | | |
curl -sL https://sh.rustup.rs -o install-rust.sh | |
bash install-rust.sh -y | |
- name: Install Node | |
run: | | |
[ "${OS_ARCH}" = "amd64" ] && NODE_ARCH=x64 | |
[ "${OS_ARCH}" = "arm64" ] && NODE_ARCH=arm64 | |
mkdir /usr/local/node/ | |
curl -sL "https://nodejs.org/dist/v20.10.0/node-v20.10.0-linux-${NODE_ARCH}.tar.xz" | tar -C /usr/local/node/ -Jx --strip-components=1 | |
- name: Build environment | |
run: | | |
mkdir /build/ | |
mkdir -p \ | |
/opt/incus/bin/ \ | |
/opt/incus/include/ \ | |
/opt/incus/lib/ \ | |
/opt/incus/lib/systemd/system/ \ | |
/opt/incus/share/ | |
- name: Get the code | |
run: | | |
# Ubuntu 20.04 is no longer supported by recent QEMU. | |
[ "${OS_NAME}" = "ubuntu-20.04" ] && QEMU_TAG="v9.0.2" | |
git clone https://github.com/axboe/liburing /build/liburing --depth 1 -b "${LIBURING_TAG}" | |
git clone https://github.com/cowsql/raft /build/raft --depth 1 -b "${RAFT_TAG}" | |
git clone https://github.com/cowsql/cowsql /build/cowsql --depth 1 -b "${COWSQL_TAG}" | |
git clone https://github.com/lxc/lxc /build/lxc --depth 1 -b "${LXC_TAG}" | |
git clone https://github.com/lxc/lxcfs /build/lxcfs --depth 1 -b "${LXCFS_TAG}" | |
git clone https://github.com/lxc/incus /build/incus -b "${INCUS_TAG}" | |
git clone https://github.com/opencontainers/umoci /build/umoci --depth 1 -b "${UMOCI_TAG}" | |
git clone https://github.com/containers/skopeo /build/skopeo --depth 1 -b "${SKOPEO_TAG}" | |
git clone https://github.com/checkpoint-restore/criu /build/criu --depth 1 -b "${CRIU_TAG}" | |
git clone https://github.com/NVIDIA/libnvidia-container /build/libnvidia-container --depth 1 -b "${NVIDIA_CONTAINER_TAG}" | |
git clone https://github.com/minio/minio /build/minio --depth 1 -b "${MINIO_TAG}" | |
git clone https://github.com/minio/mc /build/mc --depth 1 -b "${MINIO_MC_TAG}" | |
git clone https://gitlab.com/qemu-project/seabios /build/seabios --depth 1 -b "${SEABIOS_TAG}" | |
git clone https://github.com/tianocore/edk2 /build/edk2 --recurse-submodules --shallow-submodules --depth 1 -b "${EDK2_TAG}" | |
git clone https://github.com/stefanberger/libtpms /build/libtpms --depth 1 -b "${LIBTPMS_TAG}" | |
git clone https://github.com/stefanberger/swtpm /build/swtpm --depth 1 -b "${SWTPM_TAG}" | |
git clone https://gitlab.com/virtio-fs/virtiofsd /build/virtiofsd --depth 1 -b "${VIRTIOFSD_TAG}" | |
git clone https://gitlab.com/qemu-project/qemu /build/qemu --depth 1 -b "${QEMU_TAG}" | |
git clone https://github.com/canonical/lxd-ui /build/incus-ui-canonical --depth 1 -b "${INCUS_UI_CANONICAL_TAG}" | |
mkdir /build/nasm/ | |
curl -sL "https://www.nasm.us/pub/nasm/releasebuilds/$(echo ${NASM_TAG} | cut -d- -f2)/${NASM_TAG}.tar.gz" | tar -C /build/nasm/ -zx --strip-components=1 | |
- name: Build liburing | |
run: | | |
cd /build/liburing | |
./configure --prefix=/opt/incus | |
make | |
mkdir -p /build/target/liburing/ | |
DESTDIR=/build/target/liburing make install | |
rsync -a /build/target/liburing/opt/incus/include/* /opt/incus/include/ | |
rsync -a /build/target/liburing/opt/incus/lib/* /opt/incus/lib/ | |
- name: Build raft | |
run: | | |
cd /build/raft | |
autoreconf -i | |
./configure --prefix=/opt/incus | |
make | |
mkdir -p /build/target/raft/ | |
DESTDIR=/build/target/raft/ make install | |
rsync -a /build/target/raft/opt/incus/include/ /opt/incus/include/ | |
rsync -a /build/target/raft/opt/incus/lib/ /opt/incus/lib/ | |
- name: Build cowsql | |
run: | | |
cd /build/cowsql | |
autoreconf -i | |
./configure --prefix=/opt/incus | |
make | |
mkdir -p /build/target/cowsql/ | |
DESTDIR=/build/target/cowsql/ make install | |
rsync -a /build/target/cowsql/opt/incus/include/ /opt/incus/include/ | |
rsync -a /build/target/cowsql/opt/incus/lib/ /opt/incus/lib/ | |
- name: Build LXC | |
run: | | |
cd /build/lxc | |
meson setup build \ | |
--prefix=/opt/incus \ | |
--libdir=/opt/incus/lib \ | |
-Dexamples=false \ | |
-Dman=false \ | |
-Dtools=false \ | |
-Dtests=false \ | |
-Dmemfd-rexec=false \ | |
-Dapparmor=true \ | |
-Dseccomp=true \ | |
-Dselinux=true \ | |
-Dcapabilities=true \ | |
-Dio-uring-event-loop=false | |
meson compile -C build | |
mkdir -p /build/target/lxc/ | |
DESTDIR=/build/target/lxc/ meson install -C build | |
rsync -a /build/target/lxc/opt/incus/include/ /opt/incus/include/ | |
rsync -a /build/target/lxc/opt/incus/lib/ /opt/incus/lib/ | |
mkdir -p /opt/incus/share/lxc/config/common.conf.d/ | |
mkdir -p /opt/incus/share/lxc/hooks/ | |
cp /build/target/lxc/opt/incus/share/lxc/hooks/nvidia /opt/incus/share/lxc/hooks/ | |
- name: Build LXCFS | |
run: | | |
REPO="${PWD}" | |
cd /build/lxcfs | |
meson setup build \ | |
--prefix=/opt/incus \ | |
--libdir=/opt/incus/lib \ | |
-Ddocs=false \ | |
-Dtests=false | |
meson compile -C build | |
mkdir -p /build/target/lxcfs/ | |
DESTDIR=/build/target/lxcfs/ meson install -C build | |
rsync -a /build/target/lxcfs/opt/incus/bin/ /opt/incus/bin/ | |
rsync -a /build/target/lxcfs/opt/incus/share/ /opt/incus/share/ | |
rsync -a /build/target/lxcfs/opt/incus/lib/ /opt/incus/lib/ | |
sed -i "s#/var/lib/lxcfs#/var/lib/incus-lxcfs#g" /opt/incus/share/lxcfs/lxc.mount.hook | |
patch -p1 /opt/incus/share/lxcfs/lxc.mount.hook < "${REPO}/patches/lxcfs-0001-hook.patch" | |
- name: Build Incus | |
run: | | |
REPO="${PWD}" | |
cd /build/incus | |
git cherry-pick 0b4ebf48ab3de5692168cb056e90a814d52338ce # incus/network: Fix capitalization in network list | |
git cherry-pick 622a1487db2a2902816bbd83dd688b1df0bdadb0 # i18n: Update translation templates | |
git cherry-pick b6c1dd079a7e558d01f6e19bea2d61134acbeed7 # incusd/storage/drivers/lvm: Cache VG extent size | |
git cherry-pick 17cba6ecb8900c8fc462e8ab59a1cd509567a91d # incusd/instance/qemu: Always re-generate the nvram symlink | |
git cherry-pick 86fdc2528a0e3a75b1d3e815e2c119f4e3fdc432 # incusd/network/ovn: LSP dynamic allocation can't be done per protocol | |
git cherry-pick 572afb06f66f83ca95efa1b9386fceeaa1c9e11b # incusd/instance/qemu: Set O_DIRECT when passing in FDs | |
git cherry-pick d1f3c43fdda266f4d2cffa27a195fb33d8eae44a # Translated using Weblate (French) | |
git cherry-pick cf8632cc07ac384b096d62a4e3a82afdb422288d # incusd/apparmor: Only initialize with the daemon | |
git cherry-pick 0c37b7e3ec65b4d0e166e2127d9f1835320165b8 # incusd/instance/qemu: Make O_DIRECT conditional on directCache | |
git cherry-pick 58eeb4eeee8a9e7f9fa9c62443d00f0ec6797078 # incusd/instance/qemu: Force threads I/O mode for unsafe/writeback | |
git cherry-pick 4acc15c0dcab2fe4c076eb8422bc1215fc5d4d7a # incusd/instance/qemu: Move away from deprecated fd: syntax | |
git cherry-pick 2684f7993ead016a8ae8579751b80e13f81d511a # doc: Fix network load-balancer typo | |
git cherry-pick 34d40ab5c7aacf3502979d008a94f270f2de3bb8 # incusd/network/ovn: Fix group of load-balancer config keys | |
git cherry-pick 5f3bb2e9d0d24ca527030cac0d36e384a9d83334 # doc: Update metadata | |
git cherry-pick b77c1ee8aca2da814a534ad45ab21223a0f8faf5 # incusd/apparmor: Add sys_rawio for QEMU 9.1 | |
git cherry-pick 62dee371d6205956ef0ea17ec3ed06482bb8d5f3 # doc: Fix limits.memory default value unit | |
git cherry-pick 40ba91f6703e0095de5bbe8ad64f0084498c9e73 # incusd/storage/zfs: Make sure the zvol is a block device | |
git cherry-pick b390684968aa62facf38203a14cb7ecf25c508b9 # incusd/apparmor: Don't attempt unloading profiles when apparmor is disabled | |
git cherry-pick d69eb911d452f9e3ee9f184f1d3e568a14d75f84 # internal/instance: Fix unit for limits.memory | |
git cherry-pick b92d02eb5077ea1dce01515c2449b319666f13a9 # doc: Update metadata | |
git cherry-pick f491d1a1fc2aba4754c6577e3ab8502ea65d6993 # Added translation using Weblate (Norwegian Bokmål) | |
git cherry-pick bf77cadcebf7f76cda4b1384874675250ed15dc8 # Translated using Weblate (Norwegian Bokmål) | |
git cherry-pick 40c533300acb7666feb736c3131f60db52be651b # doc/installing: Add Rocky Linux 9 | |
git cherry-pick 39111047246db671f441bed1034d3a1c4837d976 # incus/storage_volume: Fix snapshot listing | |
git cherry-pick ec2a946f6621897462801efcc9a54b141ec8c63a # i18n: Update translation templates | |
git cherry-pick ef9e0bdbb5ce6fa92620af72b27b5d21c14ba6aa # Added translation using Weblate (Indonesian) | |
git cherry-pick c3f84edbe4b7ebe5e4109e82b4173113504dc10b # scripts: fix empty-incus.sh instances delete | |
go build -o "/opt/incus/bin/fuidshift" github.com/lxc/incus/v6/cmd/fuidshift | |
go build -o "/opt/incus/bin/incus" github.com/lxc/incus/v6/cmd/incus | |
go build -o "/opt/incus/bin/incus-benchmark" github.com/lxc/incus/v6/cmd/incus-benchmark | |
go build -o "/opt/incus/bin/incus-migrate" github.com/lxc/incus/v6/cmd/incus-migrate | |
go build -o "/opt/incus/bin/incus-simplestreams" github.com/lxc/incus/v6/cmd/incus-simplestreams | |
go build -o "/opt/incus/bin/incus-user" github.com/lxc/incus/v6/cmd/incus-user | |
go build -o "/opt/incus/bin/incusd" -tags=libsqlite3 github.com/lxc/incus/v6/cmd/incusd | |
go build -o "/opt/incus/bin/lxc-to-incus" github.com/lxc/incus/v6/cmd/lxc-to-incus | |
go build -o "/opt/incus/bin/lxd-to-incus" -tags=libsqlite3 github.com/lxc/incus/v6/cmd/lxd-to-incus | |
mkdir -p /opt/incus/agent | |
if [ "$(uname -m)" = "x86_64" ]; then | |
GOARCH=amd64 CGO_ENABLED=0 go build -o "/opt/incus/agent/incus-agent.linux.x86_64" -tags=agent,netgo github.com/lxc/incus/v6/cmd/incus-agent | |
GOARCH=386 CGO_ENABLED=0 go build -o "/opt/incus/agent/incus-agent.linux.i686" -tags=agent,netgo github.com/lxc/incus/v6/cmd/incus-agent | |
elif [ "$(uname -m)" = "aarch64" ]; then | |
GOARCH=arm64 CGO_ENABLED=0 go build -o "/opt/incus/agent/incus-agent.linux.aarch64" -tags=agent,netgo github.com/lxc/incus/v6/cmd/incus-agent | |
fi | |
make build-mo | |
mkdir -p /opt/incus/share/locale | |
cp po/*.mo /opt/incus/share/locale/ | |
make doc | |
cp -R doc/html /opt/incus/doc | |
mkdir -p /opt/incus/share/completions/ | |
/opt/incus/bin/incus completion bash > /opt/incus/share/completions/bash | |
/opt/incus/bin/incus completion fish > /opt/incus/share/completions/fish | |
/opt/incus/bin/incus completion zsh > /opt/incus/share/completions/zsh | |
- name: Build UI (canonical) | |
run: | | |
REPO="${PWD}" | |
cd /build/incus-ui-canonical | |
# Specific tweaking | |
git am "${REPO}/patches/ui-canonical-0001-Branding.patch" | |
git am "${REPO}/patches/ui-canonical-0002-Update-navigation.patch" | |
git am "${REPO}/patches/ui-canonical-0003-Update-certificate-generation.patch" | |
git am "${REPO}/patches/ui-canonical-0004-Remove-external-links.patch" | |
git am "${REPO}/patches/ui-canonical-0005-Remove-Canonical-image-servers.patch" | |
git am "${REPO}/patches/ui-canonical-0006-Remove-version-check.patch" | |
git am "${REPO}/patches/ui-canonical-0007-Improve-OpenFGA-support.patch" | |
git am "${REPO}/patches/ui-canonical-0008-Update-keys-that-aren-t-VM-specific.patch" | |
git am "${REPO}/patches/ui-canonical-0009-Fix-cluster-evacuation.patch" | |
git am "${REPO}/patches/ui-canonical-0010-Rename-user.ui_title-to-user.ui.title.patch" | |
git am "${REPO}/patches/ui-canonical-0011-Add-user.uid.sso_only.patch" | |
git am "${REPO}/patches/ui-canonical-0012-Skip-LXD-identity-API.patch" | |
git am "${REPO}/patches/ui-canonical-0013-Fix-network-forward-count-logic.patch" | |
git am "${REPO}/patches/ui-canonical-0014-Hide-Cluster-option-when-not-clustered.patch" | |
git am "${REPO}/patches/ui-canonical-0015-Add-optional-location-column.patch" | |
git am "${REPO}/patches/ui-canonical-0016-Make-migration-an-action.patch" | |
git am "${REPO}/patches/ui-canonical-0017-Wait-for-projects-list-to-be-loaded.patch" | |
git am "${REPO}/patches/ui-canonical-0018-Respect-image-profile-list.patch" | |
git am "${REPO}/patches/ui-canonical-0019-Add-support-for-LVM-Cluster.patch" | |
git am "${REPO}/patches/ui-canonical-0020-Fix-stateful-snapshots-creation.patch" | |
sed -i -f "${REPO}/patches/ui-canonical-renames.sed" src/*/*.ts* src/*/*/*.ts* src/*/*/*/*.ts* src/*/*/*/*/*.ts* | |
npm install yarn --global | |
yarn install | |
yarn build | |
mkdir -p /opt/incus/ui-canonical/ | |
rsync -a /build/incus-ui-canonical/build/ui/ /opt/incus/ui-canonical/ | |
- name: Build CRIU | |
run: | | |
cd /build/criu | |
make WERROR=0 | |
cp criu/criu /opt/incus/bin/ | |
- name: Build libnvidia-container | |
run: | | |
REPO="${PWD}" | |
cd /build/libnvidia-container | |
patch -p1 < "${REPO}/patches/nvidia-0001-Fix-for-22.04-build.patch" | |
patch -p1 < "${REPO}/patches/nvidia-0002-pre-load-libdl.patch" | |
make prefix=/ | |
mkdir /build/target/libnvidia-container | |
DESTDIR=/build/target/libnvidia-container make install prefix=/ | |
rsync -a /build/target/libnvidia-container/bin/ /opt/incus/bin/ | |
rsync -a /build/target/libnvidia-container/include/ /opt/incus/include/ | |
rsync -a /build/target/libnvidia-container/lib/ /opt/incus/lib/ | |
- name: Build minio | |
run: | | |
cd /build/minio | |
make build | |
cp minio /opt/incus/bin/ | |
- name: Build minio client | |
run: | | |
cd /build/mc | |
make build | |
cp mc /opt/incus/bin/ | |
- name: Build seabios | |
if: ${{ matrix.arch == 'amd64' }} | |
run: | | |
REPO="${PWD}" | |
cd /build/seabios | |
# Build a traditional seabios. | |
make clean distclean | |
echo "CONFIG_QEMU=y" >> .config | |
echo "CONFIG_QEMU_HARDWARE=y" > .config | |
echo "CONFIG_BOOTSPLASH=n" >> .config | |
echo "CONFIG_ROM_SIZE=256" >> .config | |
echo "CONFIG_XEN=n" >> .config | |
echo "CONFIG_PVSCSI=n" >> .config | |
echo "CONFIG_ESP_SCSI=n" >> .config | |
echo "CONFIG_LSI_SCSI=n" >> .config | |
echo "CONFIG_MEGASAS=n" >> .config | |
echo "CONFIG_MPT_SCSI=n" >> .config | |
echo "CONFIG_FLOPPY=n" >> .config | |
echo "CONFIG_FLASH_FLOPPY=n" >> .config | |
make oldnoconfig V=1 | |
make V=1 PYTHON=python3 | |
mkdir -p /opt/incus/share/qemu/ | |
cp out/bios.bin /opt/incus/share/qemu/seabios.bin | |
- name: Build nasm | |
run: | | |
REPO="${PWD}" | |
cd /build/nasm | |
patch -p1 < "${REPO}/patches/nasm-0000-disable-manpages.patch" | |
./configure --prefix=/opt/incus | |
make | |
mkdir -p /build/target/nasm/ | |
DESTDIR=/build/target/nasm make install | |
rsync -a /build/target/nasm/opt/incus/bin/ /opt/incus/bin/ | |
- name: Build EDK2 | |
run: | | |
REPO="${PWD}" | |
cd /build/edk2 | |
patch -p1 < "${REPO}/patches/edk2-0001-force-DUID-LLT.patch" | |
cp "${REPO}/patches/edk2-0002-logo.bmp" MdeModulePkg/Logo/Logo.bmp | |
patch -p1 < "${REPO}/patches/edk2-0003-boot-delay.patch" | |
patch -p1 < "${REPO}/patches/edk2-0004-gcc-errors.patch" | |
patch -p1 < "${REPO}/patches/edk2-0005-Revert-ArmVirtPkg-make-EFI_LOADER_DATA-non-executabl.patch" | |
patch -p1 < "${REPO}/patches/edk2-0006-disable-EFI-memory-attributes-protocol.patch" | |
patch -p1 < "${REPO}/patches/edk2-0007-disable-UEFI-shell-under-SecureBoot.patch" | |
EDK2_ARCH="X64" | |
EDK2_PKG="OvmfPkg/OvmfPkgX64.dsc" | |
EDK2_FV_CODE="OVMF_CODE" | |
EDK2_FV_VARS="OVMF_VARS" | |
if [ "$(uname -m)" = "aarch64" ]; then | |
EDK2_ARCH="AARCH64" | |
EDK2_PKG="ArmVirtPkg/ArmVirtQemu.dsc" | |
EDK2_FV_CODE="QEMU_EFI" | |
EDK2_FV_VARS="QEMU_VARS" | |
fi | |
build_edk2() { | |
TARGET_CODE="$1" | |
shift | |
TARGET_VARS="$1" | |
shift | |
set -ex | |
( | |
cat << EOF | |
. ./edksetup.sh | |
make -C BaseTools ARCH=${EDK2_ARCH} | |
build -a ${EDK2_ARCH} -t GCC5 -b RELEASE -p ${EDK2_PKG} \ | |
-DSMM_REQUIRE=FALSE \ | |
-DSECURE_BOOT_ENABLE=TRUE \ | |
-DNETWORK_IP4_ENABLE=TRUE \ | |
-DNETWORK_IP6_ENABLE=TRUE \ | |
-DNETWORK_TLS_ENABLE=TRUE \ | |
-DNETWORK_HTTP_BOOT_ENABLE=TRUE \ | |
-DTPM2_ENABLE=TRUE \ | |
-DTPM2_CONFIG_ENABLE=TRUE \ | |
$@ | |
EOF | |
) | bash -e | |
cp Build/*/*/FV/${EDK2_FV_CODE}.fd "${TARGET_CODE}" | |
cp Build/*/*/FV/${EDK2_FV_VARS}.fd "${TARGET_VARS}" | |
if [ "$(uname -m)" = "aarch64" ]; then | |
truncate -s 64m "${TARGET_CODE}" | |
truncate -s 64m "${TARGET_VARS}" | |
fi | |
} | |
mkdir -p "/opt/incus/share/qemu/" | |
build_edk2 \ | |
"/opt/incus/share/qemu/OVMF_CODE.4MB.fd" \ | |
"/opt/incus/share/qemu/OVMF_VARS.4MB.fd" \ | |
-DFD_SIZE_4MB | |
ln -s OVMF_CODE.4MB.fd /opt/incus/share/qemu/OVMF_CODE.fd | |
ln -s OVMF_VARS.4MB.fd /opt/incus/share/qemu/OVMF_VARS.fd | |
- name: Build libtmps | |
run: | | |
cd /build/libtpms | |
./autogen.sh | |
./configure --prefix=/opt/incus --with-tpm2 --with-openssl | |
make | |
mkdir -p /build/target/libtpms/ | |
DESTDIR=/build/target/libtpms make install | |
rsync -a /build/target/libtpms/opt/incus/include/ /opt/incus/include/ | |
rsync -a /build/target/libtpms/opt/incus/lib/ /opt/incus/lib/ | |
- name: Build swtpm | |
run: | | |
cd /build/swtpm | |
./autogen.sh | |
./configure --prefix=/opt/incus --with-seccomp --with-openssl --without-cuse | |
make | |
mkdir -p /build/target/swtpm/ | |
DESTDIR=/build/target/swtpm make install | |
rsync -a /build/target/swtpm/opt/incus/bin/ /opt/incus/bin/ | |
rsync -a /build/target/swtpm/opt/incus/include/ /opt/incus/include/ | |
rsync -a /build/target/swtpm/opt/incus/lib/ /opt/incus/lib/ | |
- name: Build virtiofsd | |
run: | | |
cd /build/virtiofsd | |
cargo build --release | |
cp target/release/virtiofsd /opt/incus/bin/ | |
- name: Build umoci | |
run: | | |
cd /build/umoci | |
go build -o "/opt/incus/bin/umoci" github.com/opencontainers/umoci/cmd/umoci | |
- name: Build skopeo | |
run: | | |
cd /build/skopeo | |
go build -o "/opt/incus/bin/skopeo" github.com/containers/skopeo/cmd/skopeo | |
- name: Build QEMU | |
run: | | |
cd /build/qemu | |
sed -i "s/^unset target_list$/target_list=\"$(uname -m)-softmmu\"/" configure | |
./configure \ | |
--prefix=/opt/incus \ | |
--libexecdir=bin \ | |
--libdir=lib \ | |
--disable-bochs \ | |
--disable-cloop \ | |
--disable-dmg \ | |
--disable-docs \ | |
--disable-guest-agent \ | |
--disable-parallels \ | |
--disable-qed \ | |
--disable-slirp \ | |
--disable-user \ | |
--disable-vdi \ | |
--disable-vnc \ | |
--disable-xen \ | |
--disable-install-blobs \ | |
--enable-attr \ | |
--enable-cap-ng \ | |
--enable-kvm \ | |
--enable-libusb \ | |
--enable-usb-redir \ | |
--enable-linux-aio \ | |
--enable-linux-io-uring \ | |
--enable-numa \ | |
--enable-pie \ | |
--enable-rbd \ | |
--enable-seccomp \ | |
--enable-spice \ | |
--enable-system \ | |
--enable-tcg \ | |
--enable-tools \ | |
--enable-vhost-crypto \ | |
--enable-vhost-kernel \ | |
--enable-vhost-net \ | |
--enable-vhost-user \ | |
--enable-virtfs | |
make | |
mkdir /build/target/qemu/ | |
DESTDIR=/build/target/qemu/ make install | |
rsync -a /build/target/qemu/opt/incus/bin/ /opt/incus/bin/ | |
rsync -a /build/target/qemu/opt/incus/lib/ /opt/incus/lib/ | |
rsync -a /build/target/qemu/opt/incus/share/qemu/ /opt/incus/share/qemu/ | |
cp /build/qemu/pc-bios/kvmvapic.bin /opt/incus/share/qemu/ | |
cp /build/qemu/pc-bios/vgabios-qxl.bin /opt/incus/share/qemu/ | |
cp /build/qemu/pc-bios/vgabios-virtio.bin /opt/incus/share/qemu/ | |
cp /build/qemu/pc-bios/efi-virtio.rom /opt/incus/share/qemu/ | |
- name: Build Secure Boot firmware | |
run: | | |
REPO="${PWD}" | |
cd /build/edk2 | |
FIRMWARE="OVMF" | |
if [ "$(uname -m)" = "aarch64" ]; then | |
FIRMWARE="AAVMF" | |
fi | |
cd "${REPO}/edk2-vars-generator" | |
./edk2-vars-generator -f "${FIRMWARE}" \ | |
-e /build/edk2/Build/*/*/*/EnrollDefaultKeys.efi \ | |
-s /build/edk2/Build/*/*/*/Shell.efi \ | |
-c "/opt/incus/share/qemu/OVMF_CODE.4MB.fd" \ | |
-V "/opt/incus/share/qemu/OVMF_VARS.4MB.fd" \ | |
-C "$(cat ${REPO}/zabbly-sb.oem.crt)" \ | |
-o "/opt/incus/share/qemu/OVMF_VARS.4MB.ms.fd" | |
- name: Systemd units | |
run: | | |
cp systemd/*.service systemd/*.socket /opt/incus/lib/systemd/system/ | |
cp systemd/incusd /opt/incus/lib/systemd/ | |
cp systemd/incus-startup /opt/incus/lib/systemd/ | |
cp systemd/incus-user /opt/incus/lib/systemd/ | |
- name: Strip and cleanup binaries | |
run: | | |
rm -Rf /opt/incus/lib/debug/ | |
rm -Rf /opt/incus/include/ | |
rm -Rf /opt/incus/lib/pkgconfig/ | |
rm /opt/incus/lib/*.a /opt/incus/lib/*.la /opt/incus/lib/*/*.a /opt/incus/lib/*/*.la | |
rm /opt/incus/bin/nasm | |
rm /opt/incus/bin/ndisasm | |
rm /opt/incus/bin/qemu-bridge-helper | |
rm /opt/incus/bin/qemu-edid | |
rm /opt/incus/bin/qemu-io | |
rm /opt/incus/bin/qemu-nbd | |
rm /opt/incus/bin/qemu-pr-helper | |
rm /opt/incus/bin/qemu-storage-daemon | |
rm /opt/incus/bin/swtpm_* | |
rm /opt/incus/share/qemu/trace-events-all | |
strip /opt/incus/bin/* | |
strip /opt/incus/lib/*so* | |
- name: Make a Debian package | |
env: | |
PKGOS: ${{ matrix.os }} | |
run: | | |
[ "${PKGOS}" = "debian-11" ] && CODENAME=bullseye | |
[ "${PKGOS}" = "debian-12" ] && CODENAME=bookworm | |
[ "${PKGOS}" = "ubuntu-20.04" ] && CODENAME=focal | |
[ "${PKGOS}" = "ubuntu-22.04" ] && CODENAME=jammy | |
[ "${PKGOS}" = "ubuntu-24.04" ] && CODENAME=noble | |
mkdir -p pkg/ pkg/lib/systemd/ pkg/opt/ pkg/usr/bin/ \ | |
pkg/usr/share/bash-completion/completions/ \ | |
pkg/usr/share/fish/vendor_completions.d/ \ | |
pkg/usr/share/zsh/vendor-completions/ | |
cp -R debian pkg/debian | |
cp bin/* pkg/usr/bin/ | |
cp -R /opt/incus pkg/opt/ | |
cp -R etc pkg/etc | |
mv pkg/opt/incus/lib/systemd/system pkg/lib/systemd/system | |
ln -s /opt/incus/share/completions/bash pkg/usr/share/bash-completion/completions/incus | |
ln -s /opt/incus/share/completions/fish pkg/usr/share/fish/vendor_completions.d/incus.fish | |
ln -s /opt/incus/share/completions/zsh pkg/usr/share/zsh/vendor-completions/_incus | |
ln -s /opt/incus/bin/lxd-to-incus pkg/usr/bin/lxd-to-incus | |
ln -s /opt/incus/bin/fuidshift pkg/usr/bin/fuidshift | |
ln -s /opt/incus/bin/incus-migrate pkg/usr/bin/incus-migrate | |
ln -s /opt/incus/bin/incus-simplestreams pkg/usr/bin/incus-simplestreams | |
mkdir -p pkg/var/lib/incus | |
chmod 711 pkg/var/lib/incus | |
mkdir -p pkg/var/log/incus | |
chmod 700 pkg/var/log/incus | |
mkdir -p pkg/usr/share/locale | |
for i in /opt/incus/share/locale/*.mo; do | |
LANG=$(echo $i | sed -e "s#.*/locale/##g" -e "s#.mo\$##g") | |
mkdir -p pkg/usr/share/locale/${LANG}/LC_MESSAGES | |
ln -s ${i} pkg/usr/share/locale/${LANG}/LC_MESSAGES/incus.mo | |
done | |
cd pkg | |
dch --package incus --create -D ${CODENAME} -M -m "Automated Incus stable build" -v 1:$(echo ${INCUS_TAG} | sed -e "s/v//" -e "s/.0$//")-$(echo ${PKGOS} | sed "s/-//g")-$(date -u +%Y%m%d%H%M) --force-distribution | |
dpkg-buildpackage -b | |
cd .. | |
mkdir out | |
mv incus_* out/ | |
mv incus-base_* out/ | |
mv incus-client_* out/ | |
mv incus-extra_* out/ | |
mv incus-ui-canonical_* out/ | |
- name: Upload resulting build | |
uses: actions/upload-artifact@v3 | |
continue-on-error: true | |
with: | |
name: ${{ matrix.os }}-${{ matrix.arch }} | |
path: out/* |