adds support for building hook kernel

Makefile

@@ -207,6 +207,7 @@ generate-staging-buildspec: | ensure-locale
 	build/lib/generate_staging_buildspec.sh $(BASE_DIRECTORY) "emissary-ingress_emissary" "$(BASE_DIRECTORY)/projects/emissary-ingress/emissary/buildspecs/batch-build.yml" "$(BASE_DIRECTORY)/buildspec.yml" true "DO_NOT_EXCLUDE_FROM_BUILDSPEC"
 	build/lib/generate_staging_buildspec.sh $(BASE_DIRECTORY) "goharbor_harbor" "$(BASE_DIRECTORY)/projects/goharbor/harbor/buildspecs/batch-build.yml" "$(BASE_DIRECTORY)/buildspec.yml" true "DO_NOT_EXCLUDE_FROM_BUILDSPEC"
 	build/lib/generate_staging_buildspec.sh $(BASE_DIRECTORY) "aws_upgrader" "$(BASE_DIRECTORY)/projects/aws/upgrader/buildspecs/batch-build.yml" "$(BASE_DIRECTORY)/buildspec.yml" true "DO_NOT_EXCLUDE_FROM_BUILDSPEC"
+	build/lib/generate_staging_buildspec.sh $(BASE_DIRECTORY) "tinkerbell_hook" "$(BASE_DIRECTORY)/projects/tinkerbell/hook/buildspecs/batch-build.yml" "$(BASE_DIRECTORY)/buildspec.yml" true "DO_NOT_EXCLUDE_FROM_BUILDSPEC"
 	build/lib/generate_staging_buildspec.sh $(BASE_DIRECTORY) "$(ALL_PROJECTS)" "$(BASE_DIRECTORY)/tools/version-tracker/buildspecs/upgrade.yml" "$(BASE_DIRECTORY)/buildspecs/upgrade-buildspec.yml" true EXCLUDE_FROM_UPGRADE_BUILDSPEC UPGRADE_BUILDSPECS false buildspecs/upgrade-eks-distro-buildspec.yml true
 
 .PHONY: generate

projects/tinkerbell/hook/LINUX_KERNEL_VERSION

@@ -1 +1 @@
-5.10.85-5604bb0dc1cdb6263770a82bf91cbf7e00ffdd5c
+5.10.85

projects/tinkerbell/hook/Makefile

@@ -1,6 +1,6 @@
 BASE_DIRECTORY:=$(abspath ../../../)
 GIT_TAG=$(shell cat GIT_TAG)
-LINUX_KERNEL_VERSION:=$(shell cat LINUX_KERNEL_VERSION)
+KERNEL_VERSION:=$(shell cat LINUX_KERNEL_VERSION)
 GOLANG_VERSION=$(shell cat GOLANG_VERSION)
 REPO=hook
 REPO_OWNER=tinkerbell
@@ -21,14 +21,27 @@ GO_MOD_PATHS=hook-bootkit hook-docker
 # for this build we want to prefix all the files
 HOOK_BOOTKIT_ATTRIBUTION_OVERRIDE=hook-bootkit
 
-CREATE_HOOK_FILES=$(REPO)/out/sha-6d43b8b/rel/vmlinuz-x86_64
+CREATE_HOOK_FILES_PATTERN=$(REPO)/out/sha-6d43b8b/rel/vmlinuz
+HOOK_PLATFORMS=$(if $(IMAGE_PLATFORMS),$(IMAGE_PLATFORMS),linux/$(BUILDER_PLATFORM_ARCH))
+CREATE_HOOK_FILES=$(foreach platform,$(HOOK_PLATFORMS),$(CREATE_HOOK_FILES_PATTERN)-$(if $(findstring amd64,$(platform)),x86_64,aarch64))
+HOOK_IMAGE_FILES=$(OUTPUT_DIR)/kernel/keys.asc $(OUTPUT_DIR)/kernel/configs/config-5.10.x-aarch64 $(OUTPUT_DIR)/kernel/configs/config-5.10.x-x86_64 
 
 HAS_S3_ARTIFACTS=true
 SIMPLE_CREATE_TARBALLS=false
 
 FIX_LICENSES_HOOK_BOOTKIT_TARGET=$(REPO)/hook-bootkit/LICENSE
 FIX_LICENSES_HOOK_DOCKER_TARGET=$(REPO)/hook-docker/LICENSE
 
+KERNEL_MAJOR_V=v$(firstword $(subst ., ,$(KERNEL_VERSION))).x
+DEFCONFIG=config-$(basename $(KERNEL_VERSION)).x
+
+BUILDSPECS=buildspec.yml buildspecs/combine-images.yml
+BUILDSPEC_1_COMPUTE_TYPE=BUILD_GENERAL1_LARGE
+BUILDSPEC_1_VARS_KEYS=IMAGE_PLATFORMS
+BUILDSPEC_1_VARS_VALUES=IMAGE_PLATFORMS
+BUILDSPEC_1_ARCH_TYPES=LINUX_CONTAINER ARM_CONTAINER
+BUILDSPEC_2_DEPENDS_ON_OVERRIDE=tinkerbell_hook_linux_amd64 tinkerbell_hook_linux_arm64
+
 include $(BASE_DIRECTORY)/Common.mk
 
 
@@ -42,27 +55,46 @@ $(GATHER_LICENSES_TARGETS): | $(FIX_LICENSES_HOOK_BOOTKIT_TARGET) $(FIX_LICENSES
 # We are using eks-distro-minimal-base-glibc as the base and builder to install docker.
 hook-docker/images/%: BASE_IMAGE_NAME=eks-distro-minimal-base-glibc
 
-# Currently the kernel image is being built off upstream.
-# TODO: Setup a build environment to build the linux kernel.
-kernel/images/%: BASE_IMAGE=quay.io/tinkerbell/hook-kernel:$(LINUX_KERNEL_VERSION)
+kernel-config/images/% kernel/images/%: IMAGE_BUILD_ARGS=KERNEL_MAJOR_V KERNEL_VERSION DEFCONFIG
+kernel-config/images/% kernel/images/%: IMAGE_CONTEXT_DIR=$(OUTPUT_DIR)/kernel
+kernel-config/images/% kernel/images/%: BASE_IMAGE=public.ecr.aws/amazonlinux/amazonlinux:2
+kernel-config/images/% kernel/images/%: DOCKERFILE_FOLDER=$(REPO)/kernel
+
+$(call IMAGE_TARGETS_FOR_NAME, kernel): $(HOOK_IMAGE_FILES)
+
+kernel-config/images/%: IMAGE_TARGET=kernel-configurator
+kernel-config/images/%: IMAGE_OUTPUT_TYPE=docker
+kernel-config/images/%: IMAGE_IMPORT_CACHE=
+kernel-config/images/%: LATEST_IMAGE=hook-kernel:builder
+kernel-config/images/%: DOCKERFILE_FOLDER=docker/linux/kernel
 
 s3-artifacts: $(CREATE_HOOK_FILES)
 
-$(CREATE_HOOK_FILES): MAKEFLAGS=
-$(CREATE_HOOK_FILES): tarballs | $$(ENABLE_DOCKER)
+# TODO: support custom eks-a hook kernel config
+$(OUTPUT_DIR)/kernel/%:
+	@mkdir -p $(@D)
+	cp -f $(REPO)/kernel/$(@F) $@
+
+$(CREATE_HOOK_FILES_PATTERN)-%: MAKEFLAGS=
+$(CREATE_HOOK_FILES_PATTERN)-%: tarballs | $$(ENABLE_DOCKER)
 # Modify the linuxkit config file hook/hook.yaml to point to IMAGE_REPO.
-# Upstream make target `dist` is triggered to perform linuxkit build and generate OSIE files ().
-	@source $(BUILD_LIB)/common.sh && build::common::use_go_version "1.19" && make dist IMAGE_REPO=$(IMAGE_REPO) LATEST_TAG=$(LATEST_TAG) -C $(REPO); \
+# Upstream make target `dist-<arch>` is triggered to perform linuxkit build and generate OSIE files ().
+	@source $(BUILD_LIB)/common.sh && build::common::use_go_version "1.19" && make dist-$* IMAGE_REPO=$(IMAGE_REPO) LATEST_TAG=$(LATEST_TAG) -C $(REPO); \
 	mkdir -p $(OUTPUT_DIR)/hook/$(GIT_TAG); \
-	cp $(REPO)/out/sha-*/rel/vmlinuz-* $(OUTPUT_DIR)/hook/$(GIT_TAG)/; \
-	cp $(REPO)/out/sha-*/rel/initramfs-* $(OUTPUT_DIR)/hook/$(GIT_TAG)/; \
+	cp $(REPO)/out/sha-*/rel/vmlinuz-$* $(OUTPUT_DIR)/hook/$(GIT_TAG)/; \
+	cp $(REPO)/out/sha-*/rel/initramfs-$* $(OUTPUT_DIR)/hook/$(GIT_TAG)/; \
 	mkdir -p $(ARTIFACTS_PATH); \
 	cp -rf $(OUTPUT_DIR)/hook/* $(ARTIFACTS_PATH)
 
 $(REPO)/%/LICENSE: | $(GO_MOD_DOWNLOAD_TARGETS)
 #go-licenses requires a LICENSE file in each folder with the go.mod
 	cp $(REPO)/LICENSE $@
 
+# TODO: does this load the current config and let the user add to it, or should be fresh? 
+kernel-config: | ensure-docker
+	@$(MAKE) kernel-config/images/$(BUILDER_PLATFORM_ARCH) IMAGE_NAMES=kernel-config 
+	docker run -it -v $(MAKE_ROOT)/$(OUTPUT_DIR)/kernel/$(BUILDER_PLATFORM_ARCH):/host hook-kernel:builder bash "-c" "make menuconfig && make savedefconfig && cp -v defconfig /host/$(DEFCONFIG)"
+
 
 ########### DO NOT EDIT #############################
 # To update call: make add-generated-help-block

projects/tinkerbell/hook/buildspecs/batch-build.yml

@@ -0,0 +1,51 @@
+# Copyright Amazon.com Inc. or its affiliates. All Rights Reserved.
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#      http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This file was generated by running `make generate`. DO NOT EDIT
+
+batch:
+  fast-fail: true
+  build-graph:
+    - identifier: tinkerbell_hook_linux_amd64
+      env:
+        type: LINUX_CONTAINER
+        compute-type: BUILD_GENERAL1_LARGE
+        variables:
+          IMAGE_PLATFORMS: linux/amd64
+          BINARY_PLATFORMS: linux/amd64
+          IMAGE_TAG_SUFFIX: -amd64
+    - identifier: tinkerbell_hook_linux_arm64
+      env:
+        type: ARM_CONTAINER
+        compute-type: BUILD_GENERAL1_LARGE
+        variables:
+          IMAGE_PLATFORMS: linux/arm64
+          BINARY_PLATFORMS: linux/arm64
+          IMAGE_TAG_SUFFIX: -arm64
+    - identifier: tinkerbell_hook
+      buildspec: buildspecs/combine-images.yml
+      depend-on:
+        - tinkerbell_hook_linux_amd64
+        - tinkerbell_hook_linux_arm64
+      env:
+        type: ARM_CONTAINER
+        compute-type: BUILD_GENERAL1_SMALL
+version: 0.2
+phases:
+  pre_build:
+    commands:
+      - ./build/lib/setup.sh
+  build:
+    commands:
+      - if $(make check-project-path-exists) && make check-for-release-branch-skip -C $PROJECT_PATH; then make release -C $PROJECT_PATH; fi

projects/tinkerbell/hook/patches/0001-Don-t-build-container-images.patch

@@ -1,7 +1,7 @@
 From d019305f298013d46cdf133e934c29ac27d97d5c Mon Sep 17 00:00:00 2001
 From: Jacob Weinstock <jakobweinstock@gmail.com>
 Date: Thu, 10 Nov 2022 05:14:29 +0000
-Subject: [PATCH] Don't build container images:
+Subject: [PATCH 1/4] Don't build container images:
 
 EKSA build environment doesn't have docker
 so build containers via the makefile will
@@ -28,7 +28,7 @@ index b2c5133..006dd48 100644
 @@ -14,30 +12,30 @@ SHELL := bash
  # This option is for running docker manifest command
  export DOCKER_CLI_EXPERIMENTAL := enabled
-
+ 
 -ARCH := $(shell uname -m)
 +ARCH:=$(shell uname -m)
  ifeq ($(ARCH),x86_64)
@@ -39,36 +39,36 @@ index b2c5133..006dd48 100644
 -ARCH = arm64
 +ARCH=arm64
  endif
-
+ 
 -arches := amd64 arm64
 -modes := rel dbg
 +arches:=amd64 arm64
 +modes:=rel dbg
-
+ 
 -hook-bootkit-deps := $(wildcard hook-bootkit/*)
 -hook-docker-deps := $(wildcard hook-docker/*)
 +hook-bootkit-deps:=$(wildcard hook-bootkit/*)
 +hook-docker-deps:=$(wildcard hook-docker/*)
-
+ 
  define foreach_mode_arch_rules =
 -mode := $(1)
 -arch := $(2)
 +mode:=$(1)
 +arch:=$(2)
-
+ 
  $$(shell mkdir -p out/$T/$(mode)/$(arch))
-
+ 
  .PHONY: image-$(mode)-$(arch)
  image-$(mode)-$(arch): out/$T/$(mode)/$(arch)/hook.tar
-
+ 
 -out/$T/$(mode)/$(arch)/hook.tar: out/$T/$(mode)/$(arch)/hook.yaml out/$T/hook-bootkit-$(arch) out/$T/hook-docker-$(arch)
 +out/$T/$(mode)/$(arch)/hook.tar: out/$T/$(mode)/$(arch)/hook.yaml
  	linuxkit build -docker -arch $(arch) -format tar-kernel-initrd -name hook -dir $$(@D) $$<
  	mv $$(@D)/hook-initrd.tar $$@
-
+ 
 @@ -46,15 +44,12 @@ out/$T/$(mode)/$(arch)/cmdline out/$T/$(mode)/$(arch)/initrd.img out/$T/$(mode)/
  	touch $$@
-
+ 
  out/$T/$(mode)/$(arch)/hook.yaml: $$(LINUXKIT_CONFIG)
 -	sed '/hook-\(bootkit\|docker\):/ { s|:latest|:$T-$(arch)|; s|quay.io/tinkerbell|$(ORG)|; }' $$< > $$@
 -	if [[ $(mode) == dbg ]]; then
@@ -77,11 +77,11 @@ index b2c5133..006dd48 100644
 +	sed -E -e 's,quay.io/tinkerbell/hook-(bootkit|docker|kernel).*,$(IMAGE_REPO)/tinkerbell/hook-\1:$(LATEST_TAG),g' $$< > $$@
  endef
  $(foreach m,$(modes),$(foreach a,$(arches),$(eval $(call foreach_mode_arch_rules,$m,$a))))
-
+ 
  define foreach_arch_rules =
 -arch := $(1)
 +arch:=$(1)
-
+ 
  debug: dbg-image-$(arch)
  dbg-image-$(arch): out/$T/dbg/$(arch)/hook.tar
 @@ -90,14 +85,14 @@ push-hook-bootkit push-hook-docker:
@@ -110,6 +110,6 @@ index b2c5133..006dd48 100644
 +	tar -xf $$f -C $$d/ initrd.img && mv $$d/initrd.img $$d/initramfs-$$arch; \
 +	tar -cf- -C $$d initramfs-$$arch vmlinuz-$$arch | pigz > $$d/hook_$$arch.tar.gz; \
 +	done \
---
+-- 
 2.36.0
 

projects/tinkerbell/hook/patches/0002-adds-support-for-building-single-arch-vmlinuz-and-in.patch

@@ -0,0 +1,30 @@
+From 3de7f342367c9fb89e8a97bad8d750d1b36995ea Mon Sep 17 00:00:00 2001
+From: Jackson West <jgw@amazon.com>
+Date: Mon, 15 Jul 2024 16:46:54 +0000
+Subject: [PATCH 2/4] adds support for building single arch vmlinuz and
+ initramfs
+
+---
+ rules.mk | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/rules.mk b/rules.mk
+index 006dd48..7c619bd 100644
+--- a/rules.mk
++++ b/rules.mk
+@@ -82,9 +82,10 @@ push-hook-bootkit push-hook-docker:
+ 	docker buildx build --platform $$platforms --push -t $(ORG)/$(container):$T $(container)
+
+ .PHONY: dist
+-dist: out/$T/rel/amd64/hook.tar out/$T/rel/arm64/hook.tar ## Build tarballs for distribution
++dist-aarch64: out/$T/rel/arm64/hook.tar ## Build tarballs for distribution
++dist-x86_64: out/$T/rel/amd64/hook.tar ## Build tarballs for distribution
+ dbg-dist: out/$T/dbg/$(ARCH)/hook.tar ## Build debug enabled tarball
+-dist dbg-dist:
++dist-arm64 dist-amd64 dbg-dist:
+ 	for f in $^; do \
+ 	case $$f in \
+ 	*amd64*) arch=x86_64 ;; \
+-- 
+2.34.1
+