Update on Frédéric's recent kernel-related work
75 views
Skip to first unread message
Andrew David Wong
Apr 6, 2019, 3:35:14 PM4/6/19
to qubes...@googlegroups.com, frederic...@qubes-os.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Dear Qubes Community,
Frédéric has given me permission to share this update about the great
work he has recently been doing.
- -------- Forwarded Message --------
Subject: Summary about recent work
Date: Sat, 6 Apr 2019 17:37:36 +0200
From: Frédéric Pierret <frederic...@qubes-os.org>
To: a...@qubes-os.org
CC: marm...@invisiblethingslab.com
Dear Andrew,
I hope you are fine. Please find few elements for what I have done
recently for the community:
1) Automatic Qubes Kernel Updater (fepitre/qubes-linux-kernel-updater)
A scheduled pipeline (every week) fetches latest versions of stable,
lts-4.14 and lts-4.19 kernels. It corresponds respectively to master,
stable-4.14 and stable-4.19 branches of qubes-linux-kernel. If newer
versions exists (typically it is the case every week) which are not in
the corresponding branches of Qubes repos, a bot automatically gets
latest config from Fedora upstream and do a build with that new kernel,
config and Qubes patches. If the build succeeds, a PR is opened
automatically on qubes-linux-kernel. The built kernels are available on
my personal home repository. For current r4.0 release, it is located in
my 'unstable' repo:
http://mirror.notset.fr/qubes/repo/notset/yum/r4.0/unstable/dom0/fc25/
(I can provide yum repo file). The current strategy is to provide the
latest kernels for users who want to help us and give their feedback.
Notably, if enough positive feedback is done for LTS kernels, Marek will
merge stable-4.14 and stable-4.19 faster into the Qubes
'current-testing' repository and then to 'current'.
I'm working on improving the mechanism and also to provide build-logs on
each PR.
Related issue: https://github.com/QubesOS/qubes-issues/issues/4846
2) Updated Qubes ISO with latest stable kernels
I made a pipeline (WIP:
https://github.com/fepitre/qubes-installer-qubes-os/tree/gitlab-build-latest)
for building latest Qubes ISO with kernel-latest (master branch), first
for my own usage. There is no packages/templates built from my side as
I'm using only Qubes repositories to build the ISO. With respect to a
need (https://github.com/QubesOS/qubes-issues/issues/4846) I decided to
the upload built ISOs on my mirror http://mirror.notset.fr/qubes/iso/.
This will help Qubes users to test pre-release and also allowing them to
install Qubes where sometimes it requires very recent kernels. With
Marek, we are currently cleaning and making easier to build such ISO
(e.g. https://github.com/QubesOS/qubes-installer-qubes-os/pull/31,
https://github.com/QubesOS/qubes-builder/pull/75 and
https://github.com/QubesOS/qubes-builder/pull/76). I plan to build an
ISO twice a month and add soon a buildinfo for each ISO inside the repo
itself, like packages/kernel version.
Currently for 1) and 2), all this automatic work is done with a bot
named 'fepitre-bot' (1C87 14D6 40F3 0457 EC95 3050 6569 46BA 873D
DEC1). Moreover, all this work is done on personal hosted Gitlab and
Gitlab Runners under KVM VMs. In parallel, I'm currently testing Gitlab
Runner inside a Qubes VM. This will improve the isolation and the safety
of the building and signing process like Marek does with packages building.
If you have any questions/needs about the current work and what is going
to evolve, please don't hesitate to ask me.
Best regards,
Frédéric
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlyo/10ACgkQ203TvDlQ
MDDnDw/+NE0CSF5QoWKk3RntcP2zUEafdm/JnuyjZJCRBtVV4NHEln9nwxvsQ89z
MNJXGv3tkbF4yNH+zbKSwGHUeW8w1xNIqbOtOyfx5KLd5T4e8nYolxsAKsYKyA9M
b5uFfXWgVk25XTYhReS8ECmOfOfuyi24R6DSxRgbKx0UvrWtTz4pUdL9fAEZyn5p
vKagsimLoMvJx8GM4EufXgw3bujMoy7Z1mKwjyVPaw4yraKG6VF80e84sTBdEAUI
TvI1tP6rWgg1mcYcQivYeUnMHOT+n7qBD0CUn/BfzBBbsgwN/qeUhS3N4vR8Mb69
7ED8+LVBoFwP2hEsUb/H9aNGcJGg5lKfsAZQ8gLt6kX/HjJqG19DjWY0wEE1kU1M
kMy7tswXtX9OlWs+9D4oAS9e5B4xjA+OwXLuUFg9xmsM/2Pn/Vk+a1XGBcUC6dDB
E3ICnphzI6nWZgmC1uVFmJfl5qqFX/jylfwNWV7XCDElfsXZqDbNcgkC5qOm7YMk
+VccGg61vYDzBg/d9WI6mpk6Kp1NUJPV9saUSMlyYZMK6qSll4CmR18/pxnhcPWO
j1sDiBfe6xNt+iQS1CQza13oh3rJrqUr18VNybzlPoMAgZqq59iV/jLi992MmX2W
hh/5JT1RhJFcoOpoytTKMTWhqd2Z8XndeA64lrHL4trzHQSBQpM=
=Y25Y
-----END PGP SIGNATURE-----
Hash: SHA512
Dear Qubes Community,
Frédéric has given me permission to share this update about the great
work he has recently been doing.
- -------- Forwarded Message --------
Subject: Summary about recent work
Date: Sat, 6 Apr 2019 17:37:36 +0200
From: Frédéric Pierret <frederic...@qubes-os.org>
To: a...@qubes-os.org
CC: marm...@invisiblethingslab.com
Dear Andrew,
I hope you are fine. Please find few elements for what I have done
recently for the community:
1) Automatic Qubes Kernel Updater (fepitre/qubes-linux-kernel-updater)
A scheduled pipeline (every week) fetches latest versions of stable,
lts-4.14 and lts-4.19 kernels. It corresponds respectively to master,
stable-4.14 and stable-4.19 branches of qubes-linux-kernel. If newer
versions exists (typically it is the case every week) which are not in
the corresponding branches of Qubes repos, a bot automatically gets
latest config from Fedora upstream and do a build with that new kernel,
config and Qubes patches. If the build succeeds, a PR is opened
automatically on qubes-linux-kernel. The built kernels are available on
my personal home repository. For current r4.0 release, it is located in
my 'unstable' repo:
http://mirror.notset.fr/qubes/repo/notset/yum/r4.0/unstable/dom0/fc25/
(I can provide yum repo file). The current strategy is to provide the
latest kernels for users who want to help us and give their feedback.
Notably, if enough positive feedback is done for LTS kernels, Marek will
merge stable-4.14 and stable-4.19 faster into the Qubes
'current-testing' repository and then to 'current'.
I'm working on improving the mechanism and also to provide build-logs on
each PR.
Related issue: https://github.com/QubesOS/qubes-issues/issues/4846
2) Updated Qubes ISO with latest stable kernels
I made a pipeline (WIP:
https://github.com/fepitre/qubes-installer-qubes-os/tree/gitlab-build-latest)
for building latest Qubes ISO with kernel-latest (master branch), first
for my own usage. There is no packages/templates built from my side as
I'm using only Qubes repositories to build the ISO. With respect to a
need (https://github.com/QubesOS/qubes-issues/issues/4846) I decided to
the upload built ISOs on my mirror http://mirror.notset.fr/qubes/iso/.
This will help Qubes users to test pre-release and also allowing them to
install Qubes where sometimes it requires very recent kernels. With
Marek, we are currently cleaning and making easier to build such ISO
(e.g. https://github.com/QubesOS/qubes-installer-qubes-os/pull/31,
https://github.com/QubesOS/qubes-builder/pull/75 and
https://github.com/QubesOS/qubes-builder/pull/76). I plan to build an
ISO twice a month and add soon a buildinfo for each ISO inside the repo
itself, like packages/kernel version.
Currently for 1) and 2), all this automatic work is done with a bot
named 'fepitre-bot' (1C87 14D6 40F3 0457 EC95 3050 6569 46BA 873D
DEC1). Moreover, all this work is done on personal hosted Gitlab and
Gitlab Runners under KVM VMs. In parallel, I'm currently testing Gitlab
Runner inside a Qubes VM. This will improve the isolation and the safety
of the building and signing process like Marek does with packages building.
If you have any questions/needs about the current work and what is going
to evolve, please don't hesitate to ask me.
Best regards,
Frédéric
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlyo/10ACgkQ203TvDlQ
MDDnDw/+NE0CSF5QoWKk3RntcP2zUEafdm/JnuyjZJCRBtVV4NHEln9nwxvsQ89z
MNJXGv3tkbF4yNH+zbKSwGHUeW8w1xNIqbOtOyfx5KLd5T4e8nYolxsAKsYKyA9M
b5uFfXWgVk25XTYhReS8ECmOfOfuyi24R6DSxRgbKx0UvrWtTz4pUdL9fAEZyn5p
vKagsimLoMvJx8GM4EufXgw3bujMoy7Z1mKwjyVPaw4yraKG6VF80e84sTBdEAUI
TvI1tP6rWgg1mcYcQivYeUnMHOT+n7qBD0CUn/BfzBBbsgwN/qeUhS3N4vR8Mb69
7ED8+LVBoFwP2hEsUb/H9aNGcJGg5lKfsAZQ8gLt6kX/HjJqG19DjWY0wEE1kU1M
kMy7tswXtX9OlWs+9D4oAS9e5B4xjA+OwXLuUFg9xmsM/2Pn/Vk+a1XGBcUC6dDB
E3ICnphzI6nWZgmC1uVFmJfl5qqFX/jylfwNWV7XCDElfsXZqDbNcgkC5qOm7YMk
+VccGg61vYDzBg/d9WI6mpk6Kp1NUJPV9saUSMlyYZMK6qSll4CmR18/pxnhcPWO
j1sDiBfe6xNt+iQS1CQza13oh3rJrqUr18VNybzlPoMAgZqq59iV/jLi992MmX2W
hh/5JT1RhJFcoOpoytTKMTWhqd2Z8XndeA64lrHL4trzHQSBQpM=
=Y25Y
-----END PGP SIGNATURE-----
Reply all
Reply to author
Forward
0 new messages