From 905c041a7652655fd79c2caf1ea643e50ba9aa11 Mon Sep 17 00:00:00 2001 From: Ylarod Date: Sat, 28 Jan 2023 12:24:43 +0800 Subject: [PATCH] ci: common kernel build and embed ksud (#127) --- .github/workflows/build-kernel-5.10.yml | 186 ----------------- .github/workflows/build-kernel-5.15.yml | 137 ------------ .github/workflows/build-kernel-a12.yml | 55 +++++ .github/workflows/build-kernel-a13.yml | 63 ++++++ .github/workflows/build-ksud.yml | 41 +--- .github/workflows/gki-kernel.yml | 267 ++++++++++++++++++++++++ .github/workflows/ksud.yml | 52 +++++ kernel/Makefile | 1 + kernel/embed_ksud.c | 5 + scripts/bin2c.py | 51 +++++ 10 files changed, 499 insertions(+), 359 deletions(-) delete mode 100644 .github/workflows/build-kernel-5.10.yml delete mode 100644 .github/workflows/build-kernel-5.15.yml create mode 100644 .github/workflows/build-kernel-a12.yml create mode 100644 .github/workflows/build-kernel-a13.yml create mode 100644 .github/workflows/gki-kernel.yml create mode 100644 .github/workflows/ksud.yml create mode 100644 kernel/embed_ksud.c create mode 100644 scripts/bin2c.py diff --git a/.github/workflows/build-kernel-5.10.yml b/.github/workflows/build-kernel-5.10.yml deleted file mode 100644 index 44cfdcb5..00000000 --- a/.github/workflows/build-kernel-5.10.yml +++ /dev/null @@ -1,186 +0,0 @@ -name: Build Kernel 5.10 -on: - push: - branches: [ "main" ] - paths: - - '.github/workflows/build-kernel-5.10.yml' - - 'kernel/**' - pull_request: - branches: [ "main" ] - paths: - - 'kernel/**' -jobs: - build: - strategy: - matrix: - include: - - version: android12-5.10-66 - tag: android12-5.10-2021-11 - os_version: 12.0.0 - os_patch_level: 2021-11 - - version: android12-5.10-81 - tag: android12-5.10-2022-03 - os_version: 12.0.0 - os_patch_level: 2022-03 - - version: android12-5.10-101 - tag: android12-5.10-2022-05 - os_version: 12.0.0 - os_patch_level: 2022-05 - - version: android12-5.10-110 - tag: android12-5.10-2022-07 - os_version: 12.0.0 - os_patch_level: 2022-07 - - version: android12-5.10-136 - tag: android12-5.10-2022-11 - os_version: 12.0.0 - os_patch_level: 2022-11 - - name: Build aarch64-${{ matrix.version }} - runs-on: ubuntu-latest - env: - CCACHE_COMPILERCHECK: "%compiler% -dumpmachine; %compiler% -dumpversion" - CCACHE_NOHASHDIR: "true" - CCACHE_MAXSIZE: "2G" - CCACHE_HARDLINK: "true" - steps: - - uses: actions/checkout@v3 - with: - path: KernelSU - fetch-depth: 0 - - uses: hendrikmuhs/ccache-action@v1.2 - with: - key: ccache-aarch64-${{ matrix.version }} - append-timestamp: false - save: ${{ github.event_name != 'pull_request' }} - - - name: Setup need_upload - id: need_upload - run: | - if [ ! -z "${{ secrets.BOT_TOKEN }}" ]; then - echo "UPLOAD=true" >> $GITHUB_OUTPUT - else - echo "UPLOAD=false" >> $GITHUB_OUTPUT - fi - - - name: Setup kernel source - run: | - cd $GITHUB_WORKSPACE - git clone https://gerrit.googlesource.com/git-repo - mkdir android-kernel && cd android-kernel - ../git-repo/repo init --depth=1 --u https://android.googlesource.com/kernel/manifest -b common-${{ matrix.tag }} - ../git-repo/repo sync -j$(nproc --all) - curl -Lo gki-kernel.zip https://dl.google.com/android/gki/gki-certified-boot-${{ matrix.tag }}_r1.zip - unzip gki-kernel.zip - tools/mkbootimg/unpack_bootimg.py --boot_img=$(find . -maxdepth 1 -name "*.img") - - - name: Setup KernelSU - env: - PATCH_PATH: "5.10" - run: | - cd $GITHUB_WORKSPACE/android-kernel - echo "[+] KernelSU setup" - GKI_ROOT=$(pwd) - echo "[+] GKI_ROOT: $GKI_ROOT" - echo "[+] Copy kernel su driver to $GKI_ROOT/common/drivers" - ln -sf $GITHUB_WORKSPACE/KernelSU/kernel $GKI_ROOT/common/drivers/kernelsu - echo "[+] Add kernel su driver to Makefile" - DRIVER_MAKEFILE=$GKI_ROOT/common/drivers/Makefile - grep -q "kernelsu" $DRIVER_MAKEFILE || echo "obj-y += kernelsu/" >> $DRIVER_MAKEFILE - echo "[+] Apply KernelSU patches" - cd $GKI_ROOT/common/ && git apply $GITHUB_WORKSPACE/KernelSU/.github/patches/$PATCH_PATH/*.patch - cd - - echo "[+] KernelSU setup Done." - - - name: Symbol magic - run: | - echo "[+] Export all symbol from abi_gki_aarch64.xml" - COMMON_ROOT=$GITHUB_WORKSPACE/android-kernel/common - KSU_ROOT=$GITHUB_WORKSPACE/KernelSU - ABI_XML=$COMMON_ROOT/android/abi_gki_aarch64.xml - SYMBOL_LIST=$COMMON_ROOT/android/abi_gki_aarch64 - # python3 $KSU_ROOT/scripts/abi_gki_all.py $ABI_XML > $SYMBOL_LIST - echo "[+] Add KernelSU symbols" - cat $KSU_ROOT/kernel/export_symbol.txt | awk '{sub("[ \t]+","");print " "$0}' >> $SYMBOL_LIST - - - name: Set boot sign key - if: ${{ ( github.event_name != 'pull_request' && github.ref == 'refs/heads/main' ) || github.ref_type == 'tag' }} - working-directory: android-kernel - env: - BOOT_SIGN_KEY: ${{ secrets.BOOT_SIGN_KEY }} - run: | - if [ ! -z "$BOOT_SIGN_KEY" ]; then - echo "$BOOT_SIGN_KEY" > prebuilts/kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem - fi - - - name: Build boot.img - working-directory: android-kernel - run: CCACHE="/usr/bin/ccache" BUILD_BOOT_IMG=1 SKIP_VENDOR_BOOT=1 KERNEL_BINARY=Image GKI_RAMDISK_PREBUILT_BINARY=out/ramdisk AVB_SIGN_BOOT_IMG=1 AVB_BOOT_PARTITION_SIZE=$((64*1024*1024)) AVB_BOOT_ALGORITHM=SHA256_RSA2048 AVB_BOOT_KEY=prebuilts/kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem BOOT_IMAGE_HEADER_VERSION=4 LTO=thin BUILD_CONFIG=common/build.config.gki.aarch64 build/build.sh - - - name: Build boot-lz4.img - working-directory: android-kernel - run: | - tools/mkbootimg/mkbootimg.py --header_version 4 --kernel ./out/android12-5.10/dist/Image.lz4 --ramdisk out/ramdisk --output ./out/android12-5.10/dist/boot-lz4.img --os_version ${{ matrix.os_version }} --os_patch_level ${{ matrix.os_patch_level }} - ./build/build-tools/path/linux-x86/avbtool add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image out/android12-5.10/dist/boot-lz4.img --algorithm SHA256_RSA2048 --key ./prebuilts/kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem - - - name: Build boot-gz.img - working-directory: android-kernel - run: | - cat out/android12-5.10/dist/Image | ./prebuilts/build-tools/path/linux-x86/gzip -n -f -9 > out/android12-5.10/dist/Image.gz - tools/mkbootimg/mkbootimg.py --header_version 4 --kernel ./out/android12-5.10/dist/Image.gz --ramdisk out/ramdisk --output ./out/android12-5.10/dist/boot-gz.img --os_version ${{ matrix.os_version }} --os_patch_level ${{ matrix.os_patch_level }} - ./build/build-tools/path/linux-x86/avbtool add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image out/android12-5.10/dist/boot-gz.img --algorithm SHA256_RSA2048 --key ./prebuilts/kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem - - - name: Upload Image.gz - uses: actions/upload-artifact@v3 - with: - name: kernel-aarch64-${{ matrix.version }}-Image.gz - path: android-kernel/out/android12-5.10/dist/Image.gz - - - name: Upload boot.img - uses: actions/upload-artifact@v3 - with: - name: kernel-aarch64-${{ matrix.version }}-boot.img - path: android-kernel/out/android12-5.10/dist/boot.img - - - name: Upload boot-lz4.img - uses: actions/upload-artifact@v3 - with: - name: kernel-aarch64-${{ matrix.version }}-boot-lz4.img - path: android-kernel/out/android12-5.10/dist/boot-lz4.img - - - name: Upload boot-gz.img - uses: actions/upload-artifact@v3 - with: - name: kernel-aarch64-${{ matrix.version }}-boot-gz.img - path: android-kernel/out/android12-5.10/dist/boot-gz.img - - - name: Setup mutex for uploading - if: github.event_name != 'pull_request' && steps.need_upload.outputs.UPLOAD == 'true' - uses: ben-z/gh-action-mutex@v1.0-alpha-7 - - name: Upload to telegram - if: github.event_name != 'pull_request' && steps.need_upload.outputs.UPLOAD == 'true' - env: - CHAT_ID: ${{ secrets.CHAT_ID }} - CACHE_CHAT_ID: ${{ secrets.CACHE_CHAT_ID }} - BOT_TOKEN: ${{ secrets.BOT_TOKEN }} - MESSAGE_THREAD_ID: ${{ secrets.MESSAGE_THREAD_ID }} - COMMIT_MESSAGE: ${{ github.event.head_commit.message }} - COMMIT_URL: ${{ github.event.head_commit.url }} - RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - TITLE: kernel-aarch64-${{ matrix.version }} - run: | - if [ ! -z "${{ secrets.BOT_TOKEN }}" ]; then - cd $GITHUB_WORKSPACE/KernelSU - export VERSION=$(git rev-list --count HEAD) - cd - - OUTDIR=android-kernel/out/android12-5.10/dist - IMAGE_GZ=${{ matrix.version }}-Image.gz - BOOT=${{ matrix.version }}-boot.img.zip - BOOT_LZ4=${{ matrix.version }}-boot-lz4.img.zip - BOOT_GZ=${{ matrix.version }}-boot-gz.img.zip - mv $OUTDIR/Image.gz $IMAGE_GZ - zip $BOOT -j -r $OUTDIR/boot.img - zip $BOOT_LZ4 -j -r $OUTDIR/boot-lz4.img - zip $BOOT_GZ -j -r $OUTDIR/boot-gz.img - pip3 install python-telegram-bot - python3 $GITHUB_WORKSPACE/KernelSU/scripts/ksubot.py $IMAGE_GZ $BOOT $BOOT_LZ4 $BOOT_GZ - fi \ No newline at end of file diff --git a/.github/workflows/build-kernel-5.15.yml b/.github/workflows/build-kernel-5.15.yml deleted file mode 100644 index daff9112..00000000 --- a/.github/workflows/build-kernel-5.15.yml +++ /dev/null @@ -1,137 +0,0 @@ -name: Build Kernel 5.15 -on: - push: - branches: [ "main" ] - paths: - - '.github/workflows/build-kernel-5.15.yml' - - 'kernel/**' - pull_request: - branches: [ "main" ] - paths: - - 'kernel/**' -jobs: - build: - strategy: - matrix: - include: - - version: "android13-5.15-41" - tag: "android13-5.15-2022-11" - os_version: 13.0.0 - os_version_level: "2022-11" - - version: "android13-5.15-74" - tag: "android13-5.15-2022-12" - os_version: 13.0.0 - os_version_level: "2022-12" - - name: Build aarch64-${{ matrix.version }} - runs-on: ubuntu-latest - env: - CCACHE_COMPILERCHECK: "%compiler% -dumpmachine; %compiler% -dumpversion" - CCACHE_NOHASHDIR: "true" - CCACHE_MAXSIZE: "2G" - CCACHE_HARDLINK: "true" - steps: - - uses: actions/checkout@v3 - with: - path: KernelSU - fetch-depth: 0 - - uses: hendrikmuhs/ccache-action@v1.2 - with: - key: ccache-aarch64-${{ matrix.version }} - append-timestamp: false - save: ${{ github.event_name != 'pull_request' }} - - - name: Setup need_upload - id: need_upload - run: | - if [ ! -z "${{ secrets.BOT_TOKEN }}" ]; then - echo "UPLOAD=true" >> $GITHUB_OUTPUT - else - echo "UPLOAD=false" >> $GITHUB_OUTPUT - fi - - - name: Setup kernel source - run: | - cd $GITHUB_WORKSPACE - git clone https://gerrit.googlesource.com/git-repo - mkdir android-kernel && cd android-kernel - ../git-repo/repo init --depth=1 --u https://android.googlesource.com/kernel/manifest -b common-${{ matrix.tag }} - ../git-repo/repo sync -j$(nproc --all) - curl -Lo gki-kernel.zip https://dl.google.com/android/gki/gki-certified-boot-${{ matrix.tag }}_r1.zip - unzip gki-kernel.zip - tools/mkbootimg/unpack_bootimg.py --boot_img=$(find . -maxdepth 1 -name "*.img") - - - name: Setup KernelSU - env: - PATCH_PATH: "5.15" - run: | - cd $GITHUB_WORKSPACE/android-kernel - echo "[+] KernelSU setup" - GKI_ROOT=$(pwd) - echo "[+] GKI_ROOT: $GKI_ROOT" - echo "[+] Copy kernel su driver to $GKI_ROOT/common/drivers" - ln -sf $GITHUB_WORKSPACE/KernelSU/kernel $GKI_ROOT/common/drivers/kernelsu - echo "[+] Add kernel su driver to Makefile" - DRIVER_MAKEFILE=$GKI_ROOT/common/drivers/Makefile - grep -q "kernelsu" $DRIVER_MAKEFILE || echo "obj-y += kernelsu/" >> $DRIVER_MAKEFILE - echo "[+] Apply KernelSU patches" - cd $GKI_ROOT/common/ && git apply $GITHUB_WORKSPACE/KernelSU/.github/patches/$PATCH_PATH/*.patch - cd - - echo "[+] KernelSU setup Done." - - - name: Symbol magic - run: | - echo "[+] Export all symbol from abi_gki_aarch64.xml" - COMMON_ROOT=$GITHUB_WORKSPACE/android-kernel/common - KSU_ROOT=$GITHUB_WORKSPACE/KernelSU - ABI_XML=$COMMON_ROOT/android/abi_gki_aarch64.xml - SYMBOL_LIST=$COMMON_ROOT/android/abi_gki_aarch64 - # python3 $KSU_ROOT/scripts/abi_gki_all.py $ABI_XML > $SYMBOL_LIST - echo "[+] Add KernelSU symbols" - cat $KSU_ROOT/kernel/export_symbol.txt | awk '{sub("[ \t]+","");print " "$0}' >> $SYMBOL_LIST - - - name: Set boot sign key - if: ${{ ( github.event_name != 'pull_request' && github.ref == 'refs/heads/main' ) || github.ref_type == 'tag' }} - working-directory: android-kernel - env: - BOOT_SIGN_KEY: ${{ secrets.BOOT_SIGN_KEY }} - run: | - if [ ! -z "$BOOT_SIGN_KEY" ]; then - echo "$BOOT_SIGN_KEY" > prebuilts/kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem - fi - - - name: Build boot.img - working-directory: android-kernel - run: CCACHE="/usr/bin/ccache" BUILD_BOOT_IMG=1 SKIP_VENDOR_BOOT=1 KERNEL_BINARY=Image AVB_SIGN_BOOT_IMG=1 AVB_BOOT_PARTITION_SIZE=$((64*1024*1024)) AVB_BOOT_ALGORITHM=SHA256_RSA2048 AVB_BOOT_KEY=prebuilts/kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem BOOT_IMAGE_HEADER_VERSION=4 LTO=thin BUILD_CONFIG=common/build.config.gki.aarch64 build/build.sh - - - name: Upload boot.img - uses: actions/upload-artifact@v3 - with: - name: kernel-aarch64-${{ matrix.version }}-boot.img - path: android-kernel/out/*/dist/boot.img - - - name: Setup mutex for uploading - uses: ben-z/gh-action-mutex@v1.0-alpha-7 - if: github.event_name != 'pull_request' && steps.need_upload.outputs.UPLOAD == 'true' - - name: Upload to telegram - if: github.event_name != 'pull_request' && steps.need_upload.outputs.UPLOAD == 'true' - env: - CHAT_ID: ${{ secrets.CHAT_ID }} - CACHE_CHAT_ID: ${{ secrets.CACHE_CHAT_ID }} - BOT_TOKEN: ${{ secrets.BOT_TOKEN }} - MESSAGE_THREAD_ID: ${{ secrets.MESSAGE_THREAD_ID }} - COMMIT_MESSAGE: ${{ github.event.head_commit.message }} - COMMIT_URL: ${{ github.event.head_commit.url }} - RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - TITLE: kernel-aarch64-${{ matrix.version }} - run: | - if [ ! -z "${{ secrets.BOT_TOKEN }}" ]; then - cd $GITHUB_WORKSPACE/KernelSU - export VERSION=$(git rev-list --count HEAD) - cd - - OUTDIR=android-kernel/out/android13-5.15/dist - BOOT=${{ matrix.version }}-boot.img.zip - zip $BOOT -j -r $OUTDIR/boot.img - pip3 install python-telegram-bot - python3 $GITHUB_WORKSPACE/KernelSU/scripts/ksubot.py $BOOT - fi \ No newline at end of file diff --git a/.github/workflows/build-kernel-a12.yml b/.github/workflows/build-kernel-a12.yml new file mode 100644 index 00000000..43856664 --- /dev/null +++ b/.github/workflows/build-kernel-a12.yml @@ -0,0 +1,55 @@ +name: Build Kernel - Android 12 +on: + push: + branches: ["main", "ci"] + paths: + - ".github/workflows/build-kernel-a12.yml" + - ".github/workflows/gki-kernel.yml" + - "kernel/**" + pull_request: + branches: ["main"] + paths: + - ".github/workflows/build-kernel-a12.yml" + - ".github/workflows/gki-kernel.yml" + - "kernel/**" +jobs: + build-ksud: + uses: ./.github/workflows/ksud.yml + with: + target: aarch64-linux-android + build-kernel: + needs: build-ksud + if: github.event_name != 'pull_request' + strategy: + matrix: + include: + - sub_level: 66 + os_patch_level: 2021-11 + - sub_level: 81 + os_patch_level: 2022-03 + - sub_level: 101 + os_patch_level: 2022-05 + - sub_level: 110 + os_patch_level: 2022-07 + - sub_level: 136 + os_patch_level: 2022-11 + uses: ./.github/workflows/gki-kernel.yml + secrets: inherit + with: + version: android12-5.10 + version_name: android12-5.10.${{ matrix.sub_level }} + tag: android12-5.10-${{ matrix.os_patch_level }} + os_version: 12.0.0 + os_patch_level: ${{ matrix.os_patch_level }} + patch_path: "5.10" + check-build-kernel: + needs: build-ksud + if: github.event_name == 'pull_request' + uses: ./.github/workflows/gki-kernel.yml + with: + version: android12-5.10 + version_name: android12-5.10.101 + tag: android12-5.10-2022-05 + os_version: 12.0.0 + os_patch_level: 2022-05 + patch_path: "5.10" diff --git a/.github/workflows/build-kernel-a13.yml b/.github/workflows/build-kernel-a13.yml new file mode 100644 index 00000000..f132392d --- /dev/null +++ b/.github/workflows/build-kernel-a13.yml @@ -0,0 +1,63 @@ +name: Build Kernel - Android 13 +on: + push: + branches: ["main", "ci"] + paths: + - ".github/workflows/build-kernel-a13.yml" + - ".github/workflows/gki-kernel.yml" + - "kernel/**" + pull_request: + branches: ["main"] + paths: + - ".github/workflows/build-kernel-a13.yml" + - ".github/workflows/gki-kernel.yml" + - "kernel/**" +jobs: + build-ksud: + uses: ./.github/workflows/ksud.yml + with: + target: aarch64-linux-android + build-kernel: + needs: build-ksud + if: github.event_name != 'pull_request' + strategy: + matrix: + include: + - version: "5.10" + sub_level: 107 + os_patch_level: 2022-11 + - version: "5.15" + sub_level: 41 + os_patch_level: 2022-11 + - version: "5.15" + sub_level: 74 + os_patch_level: 2022-12 + uses: ./.github/workflows/gki-kernel.yml + secrets: inherit + with: + version: android13-${{ matrix.version }} + version_name: android13-${{ matrix.version }}.${{ matrix.sub_level }} + tag: android13-${{ matrix.version }}-${{ matrix.os_patch_level }} + os_version: 13.0.0 + os_patch_level: ${{ matrix.os_patch_level }} + patch_path: ${{ matrix.version }} + check-build-kernel: + needs: build-ksud + if: github.event_name == 'pull_request' + strategy: + matrix: + include: + - version: "5.10" + sub_level: 107 + os_patch_level: 2022-11 + - version: "5.15" + sub_level: 41 + os_patch_level: 2022-11 + uses: ./.github/workflows/gki-kernel.yml + with: + version: android13-${{ matrix.version }} + version_name: android13-${{ matrix.version }}.${{ matrix.sub_level }} + tag: android13-${{ matrix.version }}-${{ matrix.os_patch_level }} + os_version: 13.0.0 + os_patch_level: ${{ matrix.os_patch_level }} + patch_path: ${{ matrix.version }} \ No newline at end of file diff --git a/.github/workflows/build-ksud.yml b/.github/workflows/build-ksud.yml index a586e5d8..e98ba21e 100644 --- a/.github/workflows/build-ksud.yml +++ b/.github/workflows/build-ksud.yml @@ -1,10 +1,10 @@ name: Build KSUD on: - workflow_call: push: - branches: [ "main" ] + branches: [ "main", "ci" ] paths: - '.github/workflows/build-ksud.yml' + - '.github/workflows/ksud.yml' - 'userspace/ksud/**' pull_request: branches: [ "main" ] @@ -17,37 +17,6 @@ jobs: include: - target: aarch64-linux-android - target: x86_64-linux-android - name: Build KSUD - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up cargo cache - uses: actions/cache@v3 - continue-on-error: false - with: - path: | - ~/.cargo/bin/ - ~/.cargo/registry/index/ - ~/.cargo/registry/cache/ - ~/.cargo/git/db/ - key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - restore-keys: ${{ runner.os }}-cargo- - - name: Set up ksud build cache - uses: actions/cache@v3 - continue-on-error: false - with: - path: ./userspace/ksud/target/ - key: ${{ runner.os }}-ksud-${{ hashFiles('**/Cargo.lock') }}-${{ matrix.target }} - restore-keys: ${{ runner.os }}-ksud- - - name: Build ksud - uses: actions-rs/cargo@v1 - with: - use-cross: true - command: build - args: --target ${{ matrix.target }} --release --manifest-path ./userspace/ksud/Cargo.toml - - name: Upload ksud artifact - uses: actions/upload-artifact@v3 - with: - name: ksud-${{ matrix.target }} - path: ./userspace/ksud/target/**/release/ksud - + uses: ./.github/workflows/ksud.yml + with: + target: ${{ matrix.target }} \ No newline at end of file diff --git a/.github/workflows/gki-kernel.yml b/.github/workflows/gki-kernel.yml new file mode 100644 index 00000000..3122a61c --- /dev/null +++ b/.github/workflows/gki-kernel.yml @@ -0,0 +1,267 @@ +name: GKI Kernel Build + +on: + workflow_call: + inputs: + version: + required: true + type: string + description: > + Output directory of gki, + for example: android12-5.10 + version_name: + required: true + type: string + description: > + With SUBLEVEL of kernel, + for example: android12-5.10.66 + tag: + required: true + type: string + description: > + Part of branch name of common kernel manifest, + for example: android12-5.10-2021-11 + os_version: + required: true + type: string + description: > + Android version, + for example: 12.0.0 + os_patch_level: + required: true + type: string + description: > + Part of branch name of common kernel manifest, + for example: 2021-11 + patch_path: + required: true + type: string + description: > + Directory name of .github/patches/ + for example: 5.10 + use_cache: + required: false + type: boolean + default: true + embed_ksud: + required: false + type: string + default: ksud-aarch64-linux-android + description: > + Artifact name of prebuilt ksud to be embedded + for example: 5.10 + secrets: + BOOT_SIGN_KEY: + required: false + CHAT_ID: + required: false + CACHE_CHAT_ID: + required: false + BOT_TOKEN: + required: false + MESSAGE_THREAD_ID: + required: false + +jobs: + build: + name: Build ${{ inputs.version_name }} + runs-on: ubuntu-latest + env: + CCACHE_COMPILERCHECK: "%compiler% -dumpmachine; %compiler% -dumpversion" + CCACHE_NOHASHDIR: "true" + CCACHE_MAXSIZE: "2G" + CCACHE_HARDLINK: "true" + OUTPUT_IMAGE_GZ: ${{ inputs.version_name }}-Image.gz + OUTPUT_BOOT: ${{ inputs.version_name }}-boot.img.zip + OUTPUT_BOOT_GZ: ${{ inputs.version_name }}-boot-gz.img.zip + OUTPUT_BOOT_LZ4_LG: ${{ inputs.version_name }}-boot-lz4_lg.img.zip + OUTPUT_BOOT_LZ4_LEGACY: ${{ inputs.version_name }}-boot-lz4_legacy.img.zip + steps: + - uses: actions/checkout@v3 + with: + path: KernelSU + fetch-depth: 0 + + - uses: hendrikmuhs/ccache-action@v1.2 + if: inputs.use_cache == true + with: + key: ccache-aarch64-${{ inputs.version_name }} + append-timestamp: false + save: ${{ github.event_name != 'pull_request' }} + + - name: Setup need_upload + id: need_upload + run: | + if [ ! -z "${{ secrets.BOT_TOKEN }}" ]; then + echo "UPLOAD=true" >> $GITHUB_OUTPUT + else + echo "UPLOAD=false" >> $GITHUB_OUTPUT + fi + + - name: Setup kernel source + run: | + cd $GITHUB_WORKSPACE + git clone https://gerrit.googlesource.com/git-repo + mkdir android-kernel && cd android-kernel + ../git-repo/repo init --depth=1 --u https://android.googlesource.com/kernel/manifest -b common-${{ inputs.tag }} + ../git-repo/repo sync -j$(nproc --all) + curl -Lo gki-kernel.zip https://dl.google.com/android/gki/gki-certified-boot-${{ inputs.tag }}_r1.zip + unzip gki-kernel.zip + tools/mkbootimg/unpack_bootimg.py --boot_img=$(find . -maxdepth 1 -name "*.img") + + - name: Setup version related environment + working-directory: android-kernel + run: | + case ${{ inputs.version }} in + android12-5.10) + export AVBTOOL=./build/build-tools/path/linux-x86/avbtool + ;; + android13-5.10 | android13-5.15 ) + export AVBTOOL=./build/kernel/build-tools/path/linux-x86/avbtool + ;; + *) + export AVBTOOL=$(find ./build -name "avbtool") + echo "find result: $AVBTOOL" + ;; + esac + echo "AVBTOOL: $AVBTOOL" + if [ ! -f "$AVBTOOL" ]; then + echo "Don't find AVBTOOL, please fixup this script" + crash_this_workflow + fi + echo "AVBTOOL=$AVBTOOL" >> $GITHUB_ENV + + - name: Download prebuilt ksud from artifacts + uses: actions/download-artifact@v3 + with: + name: ${{ inputs.embed_ksud }} + path: . + + - name: Setup KernelSU + env: + PATCH_PATH: ${{ inputs.patch_path }} + run: | + cd $GITHUB_WORKSPACE/android-kernel + echo "[+] KernelSU setup" + GKI_ROOT=$(pwd) + echo "[+] GKI_ROOT: $GKI_ROOT" + echo "[+] Copy KernelSU driver to $GKI_ROOT/common/drivers" + ln -sf $GITHUB_WORKSPACE/KernelSU/kernel $GKI_ROOT/common/drivers/kernelsu + echo "[+] Add KernelSU driver to Makefile" + DRIVER_MAKEFILE=$GKI_ROOT/common/drivers/Makefile + grep -q "kernelsu" $DRIVER_MAKEFILE || echo "obj-y += kernelsu/" >> $DRIVER_MAKEFILE + echo "[+] Apply KernelSU patches" + cd $GKI_ROOT/common/ && git apply $GITHUB_WORKSPACE/KernelSU/.github/patches/$PATCH_PATH/*.patch + cd $GITHUB_WORKSPACE + echo "[+] Build embed_ksud.c" + python3 ./KernelSU/scripts/bin2c.py ./aarch64-linux-android/release/ksud ksud > ./KernelSU/kernel/embed_ksud.c + echo "[+] KernelSU setup done." + + - name: Symbol magic + run: | + echo "[+] Export all symbol from abi_gki_aarch64.xml" + COMMON_ROOT=$GITHUB_WORKSPACE/android-kernel/common + KSU_ROOT=$GITHUB_WORKSPACE/KernelSU + ABI_XML=$COMMON_ROOT/android/abi_gki_aarch64.xml + SYMBOL_LIST=$COMMON_ROOT/android/abi_gki_aarch64 + # python3 $KSU_ROOT/scripts/abi_gki_all.py $ABI_XML > $SYMBOL_LIST + echo "[+] Add KernelSU symbols" + cat $KSU_ROOT/kernel/export_symbol.txt | awk '{sub("[ \t]+","");print " "$0}' >> $SYMBOL_LIST + + - name: Setup boot sign key + if: ${{ ( github.event_name != 'pull_request' && github.ref == 'refs/heads/main' ) || github.ref_type == 'tag' }} + working-directory: android-kernel + env: + BOOT_SIGN_KEY: ${{ secrets.BOOT_SIGN_KEY }} + run: | + if [ ! -z "$BOOT_SIGN_KEY" ]; then + echo "$BOOT_SIGN_KEY" > prebuilts/kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem + fi + + - name: Build boot.img + working-directory: android-kernel + run: CCACHE="/usr/bin/ccache" BUILD_BOOT_IMG=1 SKIP_VENDOR_BOOT=1 KERNEL_BINARY=Image GKI_RAMDISK_PREBUILT_BINARY=out/ramdisk AVB_SIGN_BOOT_IMG=1 AVB_BOOT_PARTITION_SIZE=$((64*1024*1024)) AVB_BOOT_ALGORITHM=SHA256_RSA2048 AVB_BOOT_KEY=prebuilts/kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem BOOT_IMAGE_HEADER_VERSION=4 LTO=thin BUILD_CONFIG=common/build.config.gki.aarch64 build/build.sh + + - name: Build boot-gz.img + working-directory: android-kernel + run: | + cat out/${{ inputs.version }}/dist/Image | ./prebuilts/build-tools/path/linux-x86/gzip -n -f -9 > out/${{ inputs.version }}/dist/Image.gz + tools/mkbootimg/mkbootimg.py --header_version 4 --kernel ./out/${{ inputs.version }}/dist/Image.gz --ramdisk out/ramdisk --output ./out/${{ inputs.version }}/dist/boot-gz.img --os_version ${{ inputs.os_version }} --os_patch_level ${{ inputs.os_patch_level }} + ${{ env.AVBTOOL }} add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image out/${{ inputs.version }}/dist/boot-gz.img --algorithm SHA256_RSA2048 --key ./prebuilts/kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem + + - name: Build boot-lz4_lg.img + working-directory: android-kernel + run: | + tools/mkbootimg/mkbootimg.py --header_version 4 --kernel ./out/${{ inputs.version }}/dist/Image.lz4 --ramdisk out/ramdisk --output ./out/${{ inputs.version }}/dist/boot-lz4_lg.img --os_version ${{ inputs.os_version }} --os_patch_level ${{ inputs.os_patch_level }} + ${{ env.AVBTOOL }} add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image out/${{ inputs.version }}/dist/boot-lz4_lg.img --algorithm SHA256_RSA2048 --key ./prebuilts/kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem + + - name: Build boot-lz4_legacy.img + working-directory: android-kernel + run: | + cat ./out/${{ inputs.version }}/dist/Image | ./prebuilts/kernel-build-tools/linux-x86/bin/lz4 -l -12 --favor-decSpeed stdin stdout > ./out/${{ inputs.version }}/dist/Image.lz4-legacy + tools/mkbootimg/mkbootimg.py --header_version 4 --kernel ./out/${{ inputs.version }}/dist/Image.lz4-legacy --ramdisk out/ramdisk --output ./out/${{ inputs.version }}/dist/boot-lz4_legacy.img --os_version ${{ inputs.os_version }} --os_patch_level ${{ inputs.os_patch_level }} + ${{ env.AVBTOOL }} add_hash_footer --partition_name boot --partition_size $((64*1024*1024)) --image out/${{ inputs.version }}/dist/boot-lz4_legacy.img --algorithm SHA256_RSA2048 --key ./prebuilts/kernel-build-tools/linux-x86/share/avb/testkey_rsa2048.pem + + - name: Prepare artifacts + id: prepareArtifacts + run: | + OUTDIR=android-kernel/out/${{ inputs.version }}/dist + cp $OUTDIR/Image.gz $OUTPUT_IMAGE_GZ + zip $OUTPUT_BOOT -j -r $OUTDIR/boot.img + zip $OUTPUT_BOOT_GZ -j -r $OUTDIR/boot-gz.img + zip $OUTPUT_BOOT_LZ4_LG -j -r $OUTDIR/boot-lz4_lg.img + zip $OUTPUT_BOOT_LZ4_LEGACY -j -r $OUTDIR/boot-lz4_legacy.img + + - name: Upload Image.gz + uses: actions/upload-artifact@v3 + with: + name: ${{ inputs.version_name }}-Image.gz + path: ${{ env.OUTPUT_IMAGE_GZ }} + + - name: Upload boot.img + uses: actions/upload-artifact@v3 + with: + name: ${{ inputs.version_name }}-boot.img + path: ${{ env.OUTPUT_BOOT }} + + - name: Upload boot-gz.img + uses: actions/upload-artifact@v3 + with: + name: ${{ inputs.version_name }}-boot-gz.img + path: ${{ env.OUTPUT_BOOT_GZ }} + + - name: Upload boot-lz4_lg.img + uses: actions/upload-artifact@v3 + with: + name: ${{ inputs.version_name }}-boot-lz4_lg.img + path: ${{ env.OUTPUT_BOOT_LZ4_LG }} + + - name: Upload boot-lz4_legacy.img + uses: actions/upload-artifact@v3 + with: + name: ${{ inputs.version_name }}-boot-lz4_legacy.img + path: ${{ env.OUTPUT_BOOT_LZ4_LEGACY }} + + - name: Setup mutex for uploading + uses: ben-z/gh-action-mutex@v1.0-alpha-7 + if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main' && steps.need_upload.outputs.UPLOAD == 'true' + + - name: Upload to telegram + if: github.event_name != 'pull_request' && github.ref == 'refs/heads/main' && steps.need_upload.outputs.UPLOAD == 'true' + env: + CHAT_ID: ${{ secrets.CHAT_ID }} + CACHE_CHAT_ID: ${{ secrets.CACHE_CHAT_ID }} + BOT_TOKEN: ${{ secrets.BOT_TOKEN }} + MESSAGE_THREAD_ID: ${{ secrets.MESSAGE_THREAD_ID }} + COMMIT_MESSAGE: ${{ github.event.head_commit.message }} + COMMIT_URL: ${{ github.event.head_commit.url }} + RUN_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + TITLE: kernel-${{ inputs.version_name }} + run: | + if [ ! -z "${{ secrets.BOT_TOKEN }}" ]; then + cd $GITHUB_WORKSPACE/KernelSU + export VERSION=$(git rev-list --count HEAD) + cd - + pip3 install python-telegram-bot + python3 $GITHUB_WORKSPACE/KernelSU/scripts/ksubot.py $OUTPUT_IMAGE_GZ $OUTPUT_BOOT $OUTPUT_BOOT_GZ $OUTPUT_BOOT_LZ4_LG $OUTPUT_BOOT_LZ4_LEGACY + fi diff --git a/.github/workflows/ksud.yml b/.github/workflows/ksud.yml new file mode 100644 index 00000000..fc70791c --- /dev/null +++ b/.github/workflows/ksud.yml @@ -0,0 +1,52 @@ +name: Build ksud +on: + workflow_call: + inputs: + target: + required: true + type: string + use_cache: + required: false + type: boolean + default: true +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + + - name: Set up cargo cache + if: inputs.use_cache == true + uses: actions/cache@v3 + continue-on-error: false + with: + path: | + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/git/db/ + key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} + restore-keys: ${{ runner.os }}-cargo- + + - name: Set up ksud build cache + if: inputs.use_cache == true + uses: actions/cache@v3 + continue-on-error: false + with: + path: ./userspace/ksud/target/ + key: ${{ runner.os }}-ksud-${{ hashFiles('**/Cargo.lock') }}-${{ inputs.target }} + restore-keys: ${{ runner.os }}-ksud- + + - name: Build ksud + uses: actions-rs/cargo@v1 + with: + use-cross: true + command: build + args: --target ${{ inputs.target }} --release --manifest-path ./userspace/ksud/Cargo.toml + + - name: Upload ksud artifact + uses: actions/upload-artifact@v3 + with: + name: ksud-${{ inputs.target }} + path: ./userspace/ksud/target/**/release/ksud + diff --git a/kernel/Makefile b/kernel/Makefile index cf98838d..65063cfa 100644 --- a/kernel/Makefile +++ b/kernel/Makefile @@ -8,6 +8,7 @@ obj-y += uid_observer.o obj-y += manager.o obj-y += core_hook.o obj-y += ksud.o +obj-y += embed_ksud.o obj-y += selinux/ diff --git a/kernel/embed_ksud.c b/kernel/embed_ksud.c new file mode 100644 index 00000000..c82d9eee --- /dev/null +++ b/kernel/embed_ksud.c @@ -0,0 +1,5 @@ +// WARNING: THIS IS A STUB FILE +// This file will be regenerated by CI + +unsigned int ksud_size = 0; +const char ksud[0] = {}; \ No newline at end of file diff --git a/scripts/bin2c.py b/scripts/bin2c.py new file mode 100644 index 00000000..58513132 --- /dev/null +++ b/scripts/bin2c.py @@ -0,0 +1,51 @@ +#!/usr/bin/python3 + +import argparse +import os +import re + +line_size = 80 + + +def bin2c(filename, varname='data'): + if not os.path.isfile(filename): + print('File "%s" is not found!' % filename) + return '' + if not re.match('[a-zA-Z_][a-zA-Z0-9_]*', varname): + print('Invalid variable name "%s"' % varname) + return + with open(filename, 'rb') as in_file: + data = in_file.read() + # limit the line length + byte_len = 6 # '0x00, ' + out = 'unsigned int %s_size = %d;\n' \ + 'const char %s[%d] = {\n' % (varname, len(data), varname, len(data)) + line = '' + for byte in data: + line += '0x%02x, ' % byte + if len(line) + 4 + byte_len >= line_size: + out += ' ' * 4 + line + '\n' + line = '' + # add the last line + if len(line) + 4 + byte_len < line_size: + out += ' ' * 4 + line + '\n' + # strip the last comma + out = out.rstrip(', \n') + '\n' + out += '};' + return out + + +def main(): + """ Main func """ + parser = argparse.ArgumentParser() + parser.add_argument( + 'filename', help='filename to convert to C array') + parser.add_argument( + 'varname', nargs='?', help='variable name', default='data') + args = parser.parse_args() + # print out the data + print(bin2c(args.filename, args.varname)) + + +if __name__ == '__main__': + main()