Linux Kernel package

[p5]

I have been following the https://github.com/containers/bootc development, and had a crazy idea. Theoretically we can build and boot a bare-metal system using only wolfi-os (and custom melange) packages. This allows us to generate complete SBOMs of an entire OS, and have the same "zero CVEs" as we do in container images.

I am in no way expecting Chainguard to pick this up as supported. I thought it would be a cool project to showcase both tools.

Has anybody been able to work out the correct configuration to get a Linux Kernel package building? I've been looking into it for the past hour-ish and have made progress, though said progress is slowing down when I reached the linux internals.

package:
  name: linux-kernel
  version: 5.15.170
  epoch: 1
  description: "Linux kernel packaged with Melange"
  copyright:
    - license: GPL-2.0-only
  dependencies:
    runtime:

environment:
  contents:
    packages:
      - busybox
      - autoconf
      - automake
      - build-base
      - wdiff
      - bison
      - flex
      - gcc
      - openssl-dev
      - bc
      - elfutils-dev
      - glibc
      - python3
    repositories:
      - https://packages.wolfi.dev/os
    keyring:
      - https://packages.wolfi.dev/os/wolfi-signing.rsa.pub

pipeline:
  - uses: fetch
    with:
      uri: https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-${{package.version}}.tar.xz
      expected-sha256: fd596545a3d6d93196db3fa29e4926e60900b9c05b3b9ccdee9e35d8e376e7a9
      strip-components: 0

  - runs: |
      cd linux-${{package.version}}
      make V=1 -j $(nproc)

[xnox]

@p5 multiple people have done prototypes like these. For the time being, Wolfi maintainers are not comfortable to put a kernel into wolfi-dev/os. Largely due to the weight of expectations that will be upon us w.r.t. LSM, secureboot, dkms, and userspace packages not working as the host-os. Afterall Wolfi is a containers-first OS. There are lots of subtle things missing or miss-configured all over wolfi, which may make host-os experience not very straightforward. Also do think carefully about data management, none of the packages assume upgrade; and many of them do not support upgrades. No support is provided, but to freshly install/unpack packages (with either apk-tools or apko).

note you don't have to build your own kernel, there are multiple providers of upstream kernel builds which are good enough. For example Zabbly kernel builds. There is also Fedora ARK and I thought they published binary builds somewhere but cannot find it.

Putting a kernel into wolfi is currently out of scope; but if you have any feedback, bug reports, or fixes to packages to make them work better outside of containers - and if they are simple enough, we will consider integrating them.

[p5]

Thank you for the response.

That's completely fine, and I didn't expect Wolfi to provide these directly. This question was mainly around "I have this idea but has anybody already attempted this".

I'm still going to continue trying my own prototype as it's an opportunity to learn the projects in greater depths.

I'm certainly not trying to build anything production-ready, but I would like to be able to boot and upgrade an OS as a starting point.

I'm going to look at the kernel projects you've provided. I liked the idea of DIYing it, though to prove the concept I may try those to begin with.

[xnox]

it is a lot of fun =)