From 78fa9217467fb4d25f4009445cd90e5c72787f87 Mon Sep 17 00:00:00 2001
From: Malte Poll <1780588+malt3@users.noreply.github.com>
Date: Wed, 16 Aug 2023 10:42:48 +0200
Subject: [PATCH] image: use longterm release of the Linux kernel (#2228)

---
 image/Makefile                          | 18 +++++-------------
 image/README.md                         |  8 ++++++++
 image/mkosi.conf.d/mkosi.aws.conf       |  3 ---
 image/mkosi.conf.d/mkosi.azure.conf     |  6 ------
 image/mkosi.conf.d/mkosi.conf           |  6 +++++-
 image/mkosi.conf.d/mkosi.gcp.conf       |  6 ------
 image/mkosi.conf.d/mkosi.openstack.conf |  3 ---
 image/mkosi.conf.d/mkosi.qemu.conf      |  3 ---
 8 files changed, 18 insertions(+), 35 deletions(-)

diff --git a/image/Makefile b/image/Makefile
index fff4a8ab7..9926e5a24 100644
--- a/image/Makefile
+++ b/image/Makefile
@@ -23,12 +23,9 @@ variants := aws_aws-sev-snp aws_aws-nitro-tpm azure_azure-sev-snp gcp_gcp-sev-es
 certs := $(PKI)/PK.cer $(PKI)/KEK.cer $(PKI)/db.cer
 
 SYSTEMD_FIXED_RPMS := systemd-251.11-2.fc37.x86_64.rpm systemd-libs-251.11-2.fc37.x86_64.rpm systemd-networkd-251.11-2.fc37.x86_64.rpm systemd-pam-251.11-2.fc37.x86_64.rpm systemd-resolved-251.11-2.fc37.x86_64.rpm systemd-udev-251.11-2.fc37.x86_64.rpm
-AWS_FIXED_RPMS := kernel-6.1.34-59.116.amzn2023.x86_64.rpm
-AZURE_FIXED_KERNEL_RPMS := kernel-6.1.18-200.fc37.x86_64.rpm kernel-core-6.1.18-200.fc37.x86_64.rpm kernel-modules-6.1.18-200.fc37.x86_64.rpm
-GCP_FIXED_KERNEL_RPMS := kernel-6.1.18-200.fc37.x86_64.rpm kernel-core-6.1.18-200.fc37.x86_64.rpm kernel-modules-6.1.18-200.fc37.x86_64.rpm
+KERNEL_RPMS := kernel-6.1.45-100.constellation.fc38.x86_64.rpm kernel-core-6.1.45-100.constellation.fc38.x86_64.rpm kernel-modules-6.1.45-100.constellation.fc38.x86_64.rpm kernel-modules-core-6.1.45-100.constellation.fc38.x86_64.rpm
 PREBUILD_RPMS_SYSTEMD := $(addprefix prebuilt/rpms/systemd/,$(SYSTEMD_FIXED_RPMS))
-PREBUILT_RPMS_AZURE := $(addprefix prebuilt/rpms/azure/,$(AZURE_FIXED_KERNEL_RPMS))
-PREBUILT_RPMS_AWS := $(addprefix prebuilt/rpms/aws/,$(AWS_FIXED_RPMS))
+PREBUILD_RPMS_KERNEL := $(addprefix prebuilt/rpms/kernel/,$(KERNEL_RPMS))
 
 .PHONY: all clean inject-bins $(csps) $(variants)
 
@@ -49,15 +46,10 @@ prebuilt/rpms/systemd/%.rpm:
 	@mkdir -p $(@D)
 	@curl -fsSL -o $@ https://kojipkgs.fedoraproject.org/packages/systemd/251.11/2.fc37/x86_64/$*.rpm
 
-prebuilt/rpms/aws/kernel-6.1.34-59.116.amzn2023.x86_64.rpm:
+prebuilt/rpms/kernel/%.rpm:
 	@echo "Downloading $*"
 	@mkdir -p $(@D)
-	@curl -fsSL -o $@ https://cdn.confidential.cloud/constellation/kernel/6.1.34-59.116.amzn2023/kernel-6.1.34-59.116.amzn2023.x86_64.rpm
-
-prebuilt/rpms/azure/%.rpm:
-	@echo "Downloading $*"
-	@mkdir -p $(@D)
-	@curl -fsSL -o $@ https://kojipkgs.fedoraproject.org/packages/kernel/6.1.18/200.fc37/x86_64/$*.rpm
+	@curl -fsSL -o $@ https://cdn.confidential.cloud/constellation/kernel/6.1.45-100.constellation/$*.rpm
 
 mkosi.output.%/fedora~38/image.raw: inject-bins inject-certs
 	rm -rf .csp/
@@ -83,7 +75,7 @@ mkosi.output.%/fedora~38/image.raw: inject-bins inject-certs
 	rm -rf .csp/
 	@echo "Image is ready: $@"
 
-inject-bins: $(PREBUILD_RPMS_SYSTEMD) $(PREBUILT_RPMS_AZURE) $(PREBUILT_RPMS_AWS)
+inject-bins: $(PREBUILD_RPMS_SYSTEMD) $(PREBUILD_RPMS_KERNEL)
 	mkdir -p $(MKOSI_EXTRA)/usr/bin
 	mkdir -p $(MKOSI_EXTRA)/usr/sbin
 	cp $(UPGRADE_AGENT_BINARY) $(MKOSI_EXTRA)/usr/bin/upgrade-agent
diff --git a/image/README.md b/image/README.md
index e7b89618e..4c031f543 100644
--- a/image/README.md
+++ b/image/README.md
@@ -272,3 +272,11 @@ bazel run //image/upload -- qemu --verbose --raw-image mkosi.output.qemu/fedora~
 ```
 
 </details>
+
+## Kernel
+
+The Kernel is built from the srpm published under [edgelesssys/constellation-kernel](https://github.com/edgelesssys/constellation-kernel).
+We track the latest longterm release, use sources directly from [kernel.org](https://www.kernel.org/) and build the Kernel using the steps specified in the
+srpm spec file.
+
+After building a Kernel rpm, we upload it to our CDN and use it in our image builds.
diff --git a/image/mkosi.conf.d/mkosi.aws.conf b/image/mkosi.conf.d/mkosi.aws.conf
index 97d146ecd..b9924a650 100644
--- a/image/mkosi.conf.d/mkosi.aws.conf
+++ b/image/mkosi.conf.d/mkosi.aws.conf
@@ -1,5 +1,2 @@
 [Match]
 PathExists=../.csp/aws
-
-[Content]
-Packages=prebuilt/rpms/aws/kernel-6.1.34-59.116.amzn2023.x86_64.rpm
diff --git a/image/mkosi.conf.d/mkosi.azure.conf b/image/mkosi.conf.d/mkosi.azure.conf
index eb05e2786..d36fc5b5e 100644
--- a/image/mkosi.conf.d/mkosi.azure.conf
+++ b/image/mkosi.conf.d/mkosi.azure.conf
@@ -1,8 +1,2 @@
 [Match]
 PathExists=../.csp/azure
-
-# replace kernel
-[Content]
-Packages=prebuilt/rpms/azure/kernel-6.1.18-200.fc37.x86_64.rpm
-         prebuilt/rpms/azure/kernel-core-6.1.18-200.fc37.x86_64.rpm
-         prebuilt/rpms/azure/kernel-modules-6.1.18-200.fc37.x86_64.rpm
diff --git a/image/mkosi.conf.d/mkosi.conf b/image/mkosi.conf.d/mkosi.conf
index 94e6612b0..c10c03354 100644
--- a/image/mkosi.conf.d/mkosi.conf
+++ b/image/mkosi.conf.d/mkosi.conf
@@ -18,7 +18,11 @@ ImageId=constellation
 Output=image.raw
 
 [Content]
-Packages=prebuilt/rpms/systemd/systemd-251.11-2.fc37.x86_64.rpm
+Packages=prebuilt/rpms/kernel/kernel-6.1.45-100.constellation.fc38.x86_64.rpm
+         prebuilt/rpms/kernel/kernel-core-6.1.45-100.constellation.fc38.x86_64.rpm
+         prebuilt/rpms/kernel/kernel-modules-6.1.45-100.constellation.fc38.x86_64.rpm
+         prebuilt/rpms/kernel/kernel-modules-core-6.1.45-100.constellation.fc38.x86_64.rpm
+         prebuilt/rpms/systemd/systemd-251.11-2.fc37.x86_64.rpm
          prebuilt/rpms/systemd/systemd-libs-251.11-2.fc37.x86_64.rpm
          prebuilt/rpms/systemd/systemd-networkd-251.11-2.fc37.x86_64.rpm
          prebuilt/rpms/systemd/systemd-pam-251.11-2.fc37.x86_64.rpm
diff --git a/image/mkosi.conf.d/mkosi.gcp.conf b/image/mkosi.conf.d/mkosi.gcp.conf
index 2dce65ac7..04e7bfb3c 100644
--- a/image/mkosi.conf.d/mkosi.gcp.conf
+++ b/image/mkosi.conf.d/mkosi.gcp.conf
@@ -1,8 +1,2 @@
 [Match]
 PathExists=../.csp/gcp
-
-# replace kernel
-[Content]
-Packages=kernel
-         kernel-core
-         kernel-modules
diff --git a/image/mkosi.conf.d/mkosi.openstack.conf b/image/mkosi.conf.d/mkosi.openstack.conf
index 881c841db..24f7976b6 100644
--- a/image/mkosi.conf.d/mkosi.openstack.conf
+++ b/image/mkosi.conf.d/mkosi.openstack.conf
@@ -7,6 +7,3 @@ KernelCommandLine=mem_encrypt=on kvm_amd.sev=1 module_blacklist=qemu_fw_cfg cons
 [Content]
 Autologin=yes
 Environment=CONSOLE_MOTD=true
-Packages=kernel
-         kernel-core
-         kernel-modules
diff --git a/image/mkosi.conf.d/mkosi.qemu.conf b/image/mkosi.conf.d/mkosi.qemu.conf
index 5b79e5250..770c3de85 100644
--- a/image/mkosi.conf.d/mkosi.qemu.conf
+++ b/image/mkosi.conf.d/mkosi.qemu.conf
@@ -4,6 +4,3 @@ PathExists=../.csp/qemu
 [Content]
 Autologin=yes
 Environment=CONSOLE_MOTD=true
-Packages=kernel
-         kernel-core
-         kernel-modules