├── .gitignore ├── config ├── master │ ├── version_available │ └── version_built └── pve-kernel-5.15 │ ├── version_built │ └── version_available ├── scripts ├── export-artifacts.sh ├── extract_proxmox_branch.sh ├── build-kernel.sh └── copy-patches.sh ├── patches ├── build │ ├── 0003-skip-fwcheck.patch-disabled │ ├── master │ │ └── 0001-proxmox-kernel-version.patch │ ├── pve-kernel-5.15 │ │ └── 0001-proxmox-kernel-version.patch │ └── 0002-relax-kernel-version-detection-in-find-firmware.patch └── kernel │ ├── 9901-allow-override-ACS-for-legacy-devices-or-devices-with-ACS-caps.patch-disabled │ ├── master │ └── 9900-add-relaxable-rmrr-6.2.16.patch │ └── pve-kernel-5.15 │ └── 9900-add-relaxable-rmrr-5.15.107.patch ├── release-notes.md ├── LICENSE ├── .github └── workflows │ ├── test-sendmail.yml │ ├── trigger-kernel-check.yml │ ├── test-tag.yml │ ├── release-kernel.yml │ ├── build-pve-kernel.yml │ └── new-pve-kernel-release-check.yml ├── Dockerfile └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | proxmox-kernel/ 2 | pve-kernel/ 3 | release/ 4 | *~ 5 | -------------------------------------------------------------------------------- /config/master/version_available: -------------------------------------------------------------------------------- 1 | version: 2 | proxmox: 8.0.4 3 | kernel: 6.2.16-16-pve 4 | -------------------------------------------------------------------------------- /config/master/version_built: -------------------------------------------------------------------------------- 1 | version: 2 | proxmox: 8.0.4 3 | kernel: 6.2.16-16-pve 4 | -------------------------------------------------------------------------------- /config/pve-kernel-5.15/version_built: -------------------------------------------------------------------------------- 1 | version: 2 | proxmox: 7.4-15 3 | kernel: 5.15.158-2-pve 4 | -------------------------------------------------------------------------------- /config/pve-kernel-5.15/version_available: -------------------------------------------------------------------------------- 1 | version: 2 | proxmox: 7.4-15 3 | kernel: 5.15.158-2-pve 4 | -------------------------------------------------------------------------------- /scripts/export-artifacts.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # Copy build artifacts 4 | cp /build/pve-kernel/*.deb /release 5 | cd /build/pve-kernel/build 6 | echo "version=$(ls abi-[0-9]* | sed 's/abi/pve-kernel/g' | sed 's/-pve//g')" 7 | -------------------------------------------------------------------------------- /patches/build/0003-skip-fwcheck.patch-disabled: -------------------------------------------------------------------------------- 1 | --- debian/rules.orig 2 | +++ debian/rules 3 | @@ -110,7 +110,7 @@ 4 | dh_fixperms 5 | 6 | binary: install 7 | - debian/rules fwcheck abicheck 8 | + debian/rules abicheck 9 | dh_strip -N${PVE_HEADER_PKG} -N${PVE_USR_HEADER_PKG} 10 | dh_makeshlibs 11 | dh_shlibdeps 12 | -------------------------------------------------------------------------------- /patches/build/master/0001-proxmox-kernel-version.patch: -------------------------------------------------------------------------------- 1 | --- a/Makefile 2 | +++ b/Makefile 3 | @@ -13,7 +13,7 @@ 4 | KERNEL_MAJMIN=$(KERNEL_MAJ).$(KERNEL_MIN) 5 | KERNEL_VER=$(KERNEL_MAJMIN).$(KERNEL_PATCHLEVEL) 6 | 7 | -EXTRAVERSION=-$(KREL)-pve 8 | +EXTRAVERSION=-$(KREL)-pve-relaxablermrr 9 | KVNAME=$(KERNEL_VER)$(EXTRAVERSION) 10 | PACKAGE=pve-kernel-$(KVNAME) 11 | HDRPACKAGE=pve-headers-$(KVNAME) 12 | -------------------------------------------------------------------------------- /patches/build/pve-kernel-5.15/0001-proxmox-kernel-version.patch: -------------------------------------------------------------------------------- 1 | --- a/Makefile 2 | +++ b/Makefile 3 | @@ -13,7 +13,7 @@ 4 | KERNEL_MAJMIN=$(KERNEL_MAJ).$(KERNEL_MIN) 5 | KERNEL_VER=$(KERNEL_MAJMIN).$(KERNEL_PATCHLEVEL) 6 | 7 | -EXTRAVERSION=-$(KREL)-pve 8 | +EXTRAVERSION=-$(KREL)-pve-relaxablermrr 9 | KVNAME=$(KERNEL_VER)$(EXTRAVERSION) 10 | PACKAGE=pve-kernel-$(KVNAME) 11 | HDRPACKAGE=pve-headers-$(KVNAME) 12 | -------------------------------------------------------------------------------- /patches/build/0002-relax-kernel-version-detection-in-find-firmware.patch: -------------------------------------------------------------------------------- 1 | --- a/debian/scripts/find-firmware.pl 2 | +++ b/debian/scripts/find-firmware.pl 3 | @@ -8,7 +8,7 @@ 4 | 5 | die "no such directory" if ! -d $dir; 6 | 7 | -warn "\n\nNOTE: strange directory name: $dir\n\n" if $dir !~ m|^(.*/)?(\d+.\d+.\d+\-\d+\-pve)(/+)?$|; 8 | +warn "\n\nNOTE: strange directory name: $dir\n\n" if $dir !~ m|^(.*/)?(\d+.\d+.\d+\-\d+\-pve(-[\w\d-]+)?)(/+)?$|; 9 | 10 | my $apiver = $2; 11 | -------------------------------------------------------------------------------- /release-notes.md: -------------------------------------------------------------------------------- 1 | This is Proxmox VE Linux kernel version -relaxablermrr. It's compatible with Proxmox VE . 2 | 3 | Please note that this kernel was released automatically and it hasn't been properly tested yet. Use it at your own risk. 4 | 5 | Follow the [instalation](https://github.com/brunokc/pve-kernel-builder/blob/main/README.md#installation) and [configuration](https://github.com/brunokc/pve-kernel-builder/blob/main/README.md#configuration) instructions. 6 | -------------------------------------------------------------------------------- /scripts/extract_proxmox_branch.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -x 4 | 5 | echoerr() { 6 | printf "%s\n" "$*" >&2 7 | } 8 | 9 | re='config/([^/]+)/version' 10 | for commit in `yq '.commits[] as $c | $c.id' -`; do 11 | #echoerr "Commit: ${commit}" 12 | affected_files=$(git log --format= --name-status -n 1 $commit | cut -f 2) 13 | for file in $affected_files; do 14 | #echoerr "analyzing $file" 15 | if [[ $file =~ $re ]]; then 16 | echo "${BASH_REMATCH[1]}" 17 | fi 18 | done 19 | done 20 | -------------------------------------------------------------------------------- /scripts/build-kernel.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -x 4 | 5 | BUILD_DIR=/build 6 | KERNEL_DIR=$BUILD_DIR/pve-kernel 7 | OUTPUT_DIR=$BUILD_DIR/output 8 | 9 | echo -e "Cores available: $(nproc)" 10 | cd $KERNEL_DIR 11 | 12 | echo Building kernel... 13 | make 14 | 15 | echo Exporting artifacts... 16 | mkdir -p $OUTPUT_DIR/artifacts 17 | cp *.deb $OUTPUT_DIR/artifacts 18 | 19 | for d in build pve-kernel-* proxmox-kernel-*; do 20 | if [[ -d $d ]]; then 21 | echo "Exporting abi files from $d to $OUTPUT_DIR..." 22 | cp $d/abi* $OUTPUT_DIR 23 | fi 24 | done 25 | -------------------------------------------------------------------------------- /patches/kernel/9901-allow-override-ACS-for-legacy-devices-or-devices-with-ACS-caps.patch-disabled: -------------------------------------------------------------------------------- 1 | --- a/drivers/pci/quirks.c 2 | +++ b/drivers/pci/quirks.c 3 | @@ -267,9 +267,8 @@ 4 | int i; 5 | 6 | /* Never override ACS for legacy devices or devices with ACS caps */ 7 | - if (!pci_is_pcie(dev) || 8 | - pci_find_ext_capability(dev, PCI_EXT_CAP_ID_ACS)) 9 | - return -ENOTTY; 10 | + if (!pci_is_pcie(dev)) 11 | + return -ENOTTY; 12 | 13 | for (i = 0; i < max_acs_id; i++) 14 | if (acs_on_ids[i].vendor == dev->vendor && 15 | -------------------------------------------------------------------------------- /scripts/copy-patches.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | set -x 4 | 5 | # (https://stackoverflow.com/questions/1215538/extract-parameters-before-last-parameter-in) 6 | # TLDR, gnu.org/software/bash/manual/html_node/… . 7 | # The last command is using $@ which is an array of all arguments. 8 | # $# which is the number of arguments. And then the colon by itself 9 | # in variable expansion means offset. Overall the command means. 10 | # offset the array of args $@, by the number of args $# and convert the 11 | # array to a string because of the variable expansion. It is the most 12 | # portable because Environment variable expansion is specified in GNU Coreutils. 13 | 14 | # last parameter 15 | destination=${@:$#} 16 | # all parameters except the last 17 | sources=${*%${!#}} 18 | 19 | for patch in $sources; do 20 | if [ -f $patch ]; then 21 | cp $patch $destination 22 | fi 23 | done 24 | -------------------------------------------------------------------------------- /patches/kernel/master/9900-add-relaxable-rmrr-6.2.16.patch: -------------------------------------------------------------------------------- 1 | --- a/drivers/iommu/intel/iommu.c 2 | +++ b/drivers/iommu/intel/iommu.c 3 | @@ -297,6 +297,7 @@ 4 | static int dmar_map_ipu = 1; 5 | static int intel_iommu_superpage = 1; 6 | static int iommu_identity_mapping; 7 | +static int intel_relaxable_rmrr = 0; 8 | static int iommu_skip_te_disable; 9 | 10 | #define IDENTMAP_GFX 2 11 | @@ -358,6 +359,9 @@ 12 | } else if (!strncmp(str, "tboot_noforce", 13)) { 13 | pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n"); 14 | intel_iommu_tboot_noforce = 1; 15 | + } else if (!strncmp(str, "relax_rmrr", 10)) { 16 | + pr_info("Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss\n"); 17 | + intel_relaxable_rmrr = 1; 18 | } else { 19 | pr_notice("Unknown option - '%s'\n", str); 20 | } 21 | @@ -2538,7 +2542,7 @@ 22 | return false; 23 | 24 | pdev = to_pci_dev(dev); 25 | - if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev)) 26 | + if (intel_relaxable_rmrr || IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev)) 27 | return true; 28 | else 29 | return false; 30 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2023 Bruno Kraychete da Costa 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /patches/kernel/pve-kernel-5.15/9900-add-relaxable-rmrr-5.15.107.patch: -------------------------------------------------------------------------------- 1 | --- a/drivers/iommu/intel/iommu.c 2 | +++ b/drivers/iommu/intel/iommu.c 3 | @@ -332,6 +332,7 @@ 4 | static int dmar_map_ipu = 1; 5 | static int intel_iommu_superpage = 1; 6 | static int iommu_identity_mapping; 7 | +static int intel_relaxable_rmrr = 0; 8 | static int iommu_skip_te_disable; 9 | 10 | #define IDENTMAP_GFX 2 11 | @@ -414,6 +415,9 @@ 12 | } else if (!strncmp(str, "tboot_noforce", 13)) { 13 | pr_info("Intel-IOMMU: not forcing on after tboot. This could expose security risk for tboot\n"); 14 | intel_iommu_tboot_noforce = 1; 15 | + } else if (!strncmp(str, "relax_rmrr", 10)) { 16 | + pr_info("Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss\n"); 17 | + intel_relaxable_rmrr = 1; 18 | } else { 19 | pr_notice("Unknown option - '%s'\n", str); 20 | } 21 | @@ -2860,7 +2864,7 @@ 22 | return false; 23 | 24 | pdev = to_pci_dev(dev); 25 | - if (IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev)) 26 | + if (intel_relaxable_rmrr || IS_USB_DEVICE(pdev) || IS_GFX_DEVICE(pdev)) 27 | return true; 28 | else 29 | return false; 30 | -------------------------------------------------------------------------------- /.github/workflows/test-sendmail.yml: -------------------------------------------------------------------------------- 1 | name: Test Workflow 2 | 3 | on: 4 | workflow_dispatch: 5 | 6 | env: 7 | DEBIAN_FRONTEND: noninteractive 8 | KERNEL_VERSION: 5.15.116-1-pve 9 | PROXMOX_VERSION: 7.4-6 10 | 11 | jobs: 12 | test: 13 | name: This is a test job 14 | runs-on: ubuntu-latest 15 | 16 | steps: 17 | - name: Send new kernel version email 18 | uses: dawidd6/action-send-mail@v3 19 | with: 20 | # Specify connection via URL (replaces server_address, server_port, secure, 21 | # username and password) 22 | # 23 | # Format: 24 | # 25 | # * smtp://user:password@server:port 26 | # * smtp+starttls://user:password@server:port 27 | connection_url: ${{ secrets.EMAIL_NOTIFICATION_CONNECTION }} 28 | subject: "[pve-kernel-builder] New kernel version detected" 29 | to: ${{ secrets.EMAIL_NOTIFICATION_RECIPIENTS }} 30 | from: "GitHub Workflow @ pve-kernel-builder " 31 | html_body: | 32 | New Proxmox kernel version **${{ env.KERNEL_VERSION }}** 33 | (Proxmox version **${{ env.PROXMOX_VERSION }}**) detected! 34 | 35 | Check the new version by visiting the 36 | [workflow](https://github.com/${{ github.repository }}/actions/workflows/trigger-kernel-check.yml). 37 | convert_markdown: true 38 | # Optional priority: 'high', 'normal' (default) or 'low' 39 | priority: high 40 | -------------------------------------------------------------------------------- /.github/workflows/trigger-kernel-check.yml: -------------------------------------------------------------------------------- 1 | name: Trigger new pve-kernel release check 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | save-new-version: 7 | description: 'Save new detected version' 8 | type: boolean 9 | default: true 10 | required: false 11 | schedule: 12 | - cron: '45 2 * * *' # Every day at 2:45AM UTC / 7:45PM PST 13 | 14 | env: 15 | DEBIAN_FRONTEND: noninteractive 16 | # save-new-version will be set in workflow_dispatch, but not when launched from a schedule 17 | SAVE_NEW_VERSION: "${{ inputs.save-new-version != '' && inputs.save-new-version || true }}" 18 | 19 | jobs: 20 | set-state: 21 | # Workaround: can't use env in job.with. Copy env to job.output instead and access it from check-for-new-kernel 22 | name: Set SAVE_NEW_VERSION 23 | runs-on: ubuntu-latest 24 | outputs: 25 | save-new-version: ${{ env.SAVE_NEW_VERSION }} 26 | steps: 27 | - name: Print state 28 | run: | 29 | echo "inputs.save-new-version: ${{ inputs.save-new-version }}" 30 | echo "SAVE_NEW_VERSION: ${{ env.SAVE_NEW_VERSION }}" 31 | 32 | check-for-new-kernel: 33 | name: Check for new release for each branch 34 | needs: set-state 35 | strategy: 36 | fail-fast: false 37 | matrix: 38 | branch: ['pve-kernel-5.15'] 39 | uses: ./.github/workflows/new-pve-kernel-release-check.yml 40 | with: 41 | branch: ${{ matrix.branch }} 42 | save-new-version: ${{ needs.set-state.outputs.save-new-version == 'true' }} 43 | secrets: 44 | token: ${{ secrets.PAT }} 45 | email_connection_url: ${{ secrets.EMAIL_NOTIFICATION_CONNECTION }} 46 | email_recipients: ${{ secrets.EMAIL_NOTIFICATION_RECIPIENTS }} 47 | permissions: 48 | contents: write 49 | -------------------------------------------------------------------------------- /.github/workflows/test-tag.yml: -------------------------------------------------------------------------------- 1 | name: Test Workflow 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | kernel-version: 7 | type: string 8 | required: true 9 | proxmox-version: 10 | type: string 11 | required: true 12 | 13 | env: 14 | DEBIAN_FRONTEND: noninteractive 15 | KERNEL_VERSION: "6.2.16-99-pve" 16 | PROXMOX_VERSION: "8.0" 17 | #RELEASE_TITLE: "PVE kernel 6.2.16.99-pve-relaxablermrr release (Promox 8.0}" 18 | RELEASE_TITLE: "Proxmox VE kernel ${{ inputs.kernel-version }}-relaxablermrr (Proxmox VE ${{ inputs.proxmox-version }})" 19 | 20 | jobs: 21 | test: 22 | name: This is a tag test job 23 | runs-on: ubuntu-latest 24 | permissions: 25 | contents: write 26 | steps: 27 | - name: Create release tag 28 | uses: actions/github-script@v6 29 | env: 30 | CLIENT_PAYLOAD: ${{ toJSON(github.event.client_payload) }} 31 | with: 32 | script: | 33 | const tagName = "${{ inputs.kernel-version }}"; 34 | const branch = "main"; 35 | const tagger = { 36 | name: "Github Actions", 37 | email: "github-actions@github.com" 38 | }; 39 | 40 | const { owner, repo } = context.repo; 41 | 42 | console.log("Finding out the HEAD hash"); 43 | let ref = `heads/${branch}`; 44 | const head = await github.rest.git.getRef({ owner, repo, ref }); 45 | console.log("head: ", head); 46 | const sha = head.data.object.sha; 47 | 48 | // Create tag object. This is only needed for annotated tags 49 | console.log(`Creating tag ${tagName}`); 50 | const newTag = await github.rest.git.createTag({ 51 | owner, 52 | repo, 53 | tag: tagName, 54 | message: process.env.RELEASE_TITLE, 55 | object: sha, 56 | type: "commit", 57 | tagger 58 | }); 59 | 60 | // Create tag reference 61 | ref = `refs/tags/${tagName}`; 62 | console.log(`Creating ref for tag ${tagName} (${newTag.data.sha})`); 63 | const newRef = await github.rest.git.createRef({ owner, repo, ref, sha: newTag.data.sha }); 64 | -------------------------------------------------------------------------------- /Dockerfile: -------------------------------------------------------------------------------- 1 | # 2 | # This Dockerfile builds the newest kernel with the RMRR patch 3 | # 4 | ARG DEBIAN_RELEASE=bullseye 5 | FROM debian:${DEBIAN_RELEASE}-slim 6 | 7 | ARG DEBIAN_RELEASE 8 | ARG REPO_URL=git://git.proxmox.com/git/pve-kernel.git 9 | ARG REPO_BRANCH=pve-kernel-5.15 10 | 11 | ENV DEBIAN_FRONTEND=noninteractive 12 | 13 | # Trust Proxmox repository key and upgrade system 14 | RUN set -x \ 15 | && apt update \ 16 | && apt install -y apt-utils ca-certificates wget \ 17 | && wget http://download.proxmox.com/debian/proxmox-release-bullseye.gpg -qO /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg \ 18 | && chmod +r /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg \ 19 | && echo "deb http://download.proxmox.com/debian/pve ${DEBIAN_RELEASE} pve-no-subscription" \ 20 | > /etc/apt/sources.list.d/pve-no-subscription.list \ 21 | && apt update \ 22 | && apt upgrade -y 23 | 24 | # Install dependencies 25 | RUN set -x \ 26 | && apt-get install -y --no-install-recommends git nano screen patch fakeroot build-essential devscripts \ 27 | libncurses5 libncurses5-dev libssl-dev bc flex bison libelf-dev libaudit-dev libgtk2.0-dev libperl-dev \ 28 | asciidoc xmlto gnupg gnupg2 rsync lintian debhelper libdw-dev libnuma-dev libslang2-dev sphinx-common \ 29 | asciidoc-base automake cpio dh-python file gcc kmod libiberty-dev libtool perl-modules python3-minimal \ 30 | sed tar zlib1g-dev liblz4-tool idn libpve-common-perl dwarves zstd \ 31 | python3-dev libunwind-dev libzstd-dev libcap-dev systemtap-sdt-dev libbabeltrace-dev \ 32 | && apt-get autoremove --purge \ 33 | && apt-get clean 34 | 35 | RUN useradd -m -d /build builder 36 | USER builder 37 | 38 | WORKDIR /build 39 | COPY patches patches 40 | COPY scripts scripts 41 | 42 | # Clone pve kernel repo 43 | RUN set -x \ 44 | && git clone ${REPO_URL} -b ${REPO_BRANCH} pve-kernel 45 | 46 | # Copy kernel patches 47 | RUN set -x \ 48 | && cd pve-kernel \ 49 | && ../scripts/copy-patches.sh ../patches/kernel/*.patch patches/kernel \ 50 | && ../scripts/copy-patches.sh ../patches/kernel/$REPO_BRANCH/*.patch patches/kernel 51 | 52 | # Apply build patches 53 | RUN set -x \ 54 | && cd pve-kernel \ 55 | && mkdir -p build-patches \ 56 | && ../scripts/copy-patches.sh ../patches/build/*.patch build-patches \ 57 | && ../scripts/copy-patches.sh ../patches/build/$REPO_BRANCH/*.patch build-patches \ 58 | && for patch in build-patches/*.patch; do \ 59 | if [ -f $patch ]; then \ 60 | echo "Applying build patch '$patch'"; \ 61 | patch -p1 < ${patch}; \ 62 | fi; \ 63 | done 64 | -------------------------------------------------------------------------------- /.github/workflows/release-kernel.yml: -------------------------------------------------------------------------------- 1 | # Example from https://github.com/actions/runner/blob/8db8bbe13a0dabc165d0ff19a1ecb85a4fe86dd8/.github/workflows/release.yml 2 | 3 | name: Release 4 | 5 | on: 6 | workflow_dispatch: 7 | inputs: 8 | artifact-name: 9 | type: string 10 | required: true 11 | kernel-version: 12 | type: string 13 | required: true 14 | proxmox-version: 15 | type: string 16 | required: true 17 | workflow_call: 18 | inputs: 19 | artifact-name: 20 | type: string 21 | required: true 22 | kernel-version: 23 | type: string 24 | required: true 25 | proxmox-version: 26 | type: string 27 | required: true 28 | secrets: 29 | token: 30 | description: 'Token used in git operations' 31 | required: true 32 | 33 | env: 34 | TOKEN: ${{ secrets.token }} 35 | 36 | jobs: 37 | release: 38 | name: Release Built Kernel 39 | runs-on: ubuntu-latest 40 | permissions: 41 | contents: write 42 | 43 | steps: 44 | - name: Checkout sources 45 | uses: actions/checkout@v3 46 | 47 | - name: Set Git token (if needed) 48 | if: env.TOKEN == '' 49 | env: 50 | TOK: ${{ secrets.GITHUB_TOKEN }} 51 | run: | 52 | echo "TOKEN=${TOK}" > $GITHUB_ENV 53 | 54 | - name: Download build artifacts 55 | uses: actions/download-artifact@v4 56 | with: 57 | name: ${{ inputs.artifact-name }} 58 | path: ./assets 59 | 60 | - name: Create Release Notes 61 | id: create-release-notes 62 | uses: actions/github-script@v6 63 | with: 64 | github-token: ${{ env.TOKEN }} 65 | script: | 66 | const fs = require('fs') 67 | var releaseNote = fs.readFileSync('${{ github.workspace }}/release-notes.md', 'utf8') 68 | releaseNote = releaseNote.replace(//g, '${{ inputs.kernel-version }}') 69 | releaseNote = releaseNote.replace(//g, '${{ inputs.proxmox-version }}') 70 | console.log(releaseNote) 71 | core.setOutput('release-note', releaseNote) 72 | 73 | - name: Create release tag 74 | uses: actions/github-script@v6 75 | with: 76 | script: | 77 | const tagName = "${{ inputs.kernel-version }}"; 78 | const branch = "main"; 79 | const tagger = { 80 | name: "Github Actions", 81 | email: "github-actions@github.com" 82 | }; 83 | 84 | const { owner, repo } = context.repo; 85 | 86 | console.log("Finding out the HEAD sha"); 87 | let ref = `heads/${branch}`; 88 | const head = await github.rest.git.getRef({ owner, repo, ref }); 89 | const sha = head.data.object.sha; 90 | 91 | const message = "PVE kernel ${{ inputs.kernel-version }}-relaxablermrr release (Proxmox VE ${{ inputs.proxmox-version }})" 92 | 93 | // Create tag object. This is only needed for annotated tags 94 | console.log(`Creating tag ${tagName}`); 95 | const newTag = await github.rest.git.createTag({ 96 | owner, 97 | repo, 98 | tag: tagName, 99 | message, 100 | object: sha, 101 | type: "commit", 102 | tagger 103 | }); 104 | 105 | // Create tag reference 106 | ref = `refs/tags/${tagName}`; 107 | console.log(`Creating ref for tag ${tagName} (${newTag.data.sha})`); 108 | const newRef = await github.rest.git.createRef({ owner, repo, ref, sha: newTag.data.sha }); 109 | 110 | # Using action-gh-release from https://github.com/softprops/action-gh-release 111 | - name: Release 112 | uses: softprops/action-gh-release@v1 113 | #if: startsWith(github.ref, 'refs/tags/') 114 | with: 115 | #repository: brunokc/pve-kernel-builder 116 | name: "Proxmox VE kernel ${{ inputs.kernel-version }}-relaxablermrr (Proxmox VE ${{ inputs.proxmox-version }})" 117 | body: ${{ steps.create-release-notes.outputs.release-note }} 118 | # Note: you'll typically need to create a personal access token 119 | # with permissions to create releases in the other repo 120 | #token: ${{ secrets.CUSTOM_GITHUB_TOKEN }} 121 | token: ${{ env.TOKEN }} 122 | tag_name: ${{ inputs.kernel-version }} 123 | draft: true 124 | fail_on_unmatched_files: true 125 | files: ./assets/*.deb 126 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Proxmox VE Kernel Builder 2 | 3 | [![Check for new pve-kernel releases](https://github.com/brunokc/pve-kernel-builder/actions/workflows/trigger-kernel-check.yml/badge.svg)](https://github.com/brunokc/pve-kernel-builder/actions/workflows/kernel-check-schedule.yml) 4 | 5 | Latest from [Proxmox](https://git.proxmox.com/): 6 | with 7 | 8 | Latest Patched Kernel Releases: 9 | Latest 5.15 release 10 | 11 | 12 | --- 13 | 14 | ### ⚠️ Starting with kernel version 6.2.16-13-pve (available as of 18/Sep/2023), the Relaxable RMRR patch has been included with the Proxmox VE kernel. *You don't need a patched kernel to enable the feature anymore*. You still need to enable it though. Just follow the [configuration steps](README.md#configuration) below. See [Proxmox Bug 4707](https://bugzilla.proxmox.com/show_bug.cgi?id=4707) for more details. 15 | 16 | ### Kernel series 5.15 (Proxmox 7.4) still needs to be patched and it will continue to be released here. 17 | --- 18 | 19 | This project aims to provide an easy way to build kernels for Proxmox VE 20 | with a particular set of patches. 21 | 22 | At the moment, these are the patches applied during build: 23 | 24 | * [Relax Intel RMRR](https://github.com/kiler129/relax-intel-rmrr): relax 25 | RMRRs on Intel platforms to allow certain PCIe devices to be passed through 26 | to VMs (credit to [kiler129](https://github.com/kiler129/relax-intel-rmrr)). 27 | This patch works around the dreaded `Device is ineligible for IOMMU domain 28 | attach due to platform RMRR requirement. Contact your platform vendor.` 29 | message when trying to passthrough certain PCIe devices to a VM. 30 | 31 | ## How to Build 32 | 33 | There are two options: 34 | 35 | 1. Trigger the [Build pve kernel (in container)](https://github.com/brunokc/pve-kernel-builder/actions/workflows/build-pve-kernel-container.yml) 36 | workflow. 37 | 38 | This workflow will build a new kernel with the current set of patches applied 39 | and produce artifacts that can be downloaded. It will run on a 2-core VM in 40 | GitHub and it will take between 2h30m and 3h to complete. 41 | 42 | 2. Build it locally 43 | 44 | Use the build.sh script to build the kernel locally with the current set of 45 | patches applied. Because you are building everything locally, you can customize 46 | the set of patches you want before building. 47 | 48 | In all cases, kernel builds are done using docker to contain the dependencies 49 | and make cleanup easier. 50 | 51 | ## Installation 52 | 53 | Regardless of how you built the kernel, you'll end up with a few of .deb files. 54 | To install them you need to: 55 | 56 | 1. Go to the [releases tab](https://github.com/brunokc/pve-kernel-builder/releases/) and pick appropriate packages 57 | 3. Download all applicable `*.deb`s packages to your machine 58 | - If you don't use your Proxmox machine for building software, you really only need the `pve-kernel--pve-relaxablermrr__amd64.deb` file. 59 | 4. Install the package(s) using `dpkg -i *.deb` in the folder where you downloaded the debs 60 | 5. *(OPTIONAL)* Verify the kernel works with the patch disabled by rebooting and checking if `uname -r` shows a version 61 | ending with `-pve-relaxablermrr` 62 | 5. [Configure the kernel](README.md#configuration) 63 | 64 | ## Configuration 65 | 66 | By default, after the kernel is installed, the patch will be *inactive* (i.e. the kernel will 67 | behave like no patch was applied). To activate it you have to add `relax_rmrr` to the `intel_iommu` 68 | option on your Linux boot args. 69 | 70 | In most distros (including Proxmox) you do this by: 71 | 72 | 1. Opening `/etc/default/grub` (e.g. using `nano /etc/default/grub`) 73 | 2. Editing the `GRUB_CMDLINE_LINUX_DEFAULT` to include the option: 74 | 75 | - Example of old line: 76 | ``` 77 | GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on iommu=pt intremap=no_x2apic_optout" 78 | ``` 79 | - Example of new line: 80 | ``` 81 | GRUB_CMDLINE_LINUX_DEFAULT="quiet intel_iommu=on,relax_rmrr iommu=pt intremap=no_x2apic_optout" 82 | ``` 83 | - *Side note: these are actually options which will make your PCI passthrough work and do so efficiently* 84 | 3. Running `update-grub` 85 | 4. Rebooting 86 | 87 | To verify if the the patch is active execute `dmesg | grep 'Intel-IOMMU'` after reboot. 88 | You should see a result similar to this: 89 | 90 | ``` 91 | root@sandbox:~# dmesg | grep 'Intel-IOMMU' 92 | [ 0.050195] DMAR: Intel-IOMMU: assuming all RMRRs are relaxable. This can lead to instability or data loss 93 | root@sandbox:~# 94 | ``` 95 | 96 | ## Acknowledgements 97 | 98 | * [kiler129](https://github.com/kiler129/relax-intel-rmrr): provider of the Relax Intel RMRR patch. Kiler129 provides lots of good info on the [why and how the patch works](https://github.com/kiler129/relax-intel-rmrr/blob/master/deep-dive.md). 99 | * [roforest](https://github.com/roforest/Actions-pve-kernel): provides the basis for the GitHub workflows implemented here. 100 | -------------------------------------------------------------------------------- /.github/workflows/build-pve-kernel.yml: -------------------------------------------------------------------------------- 1 | name: Build pve-kernel 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | tmate_debug_enabled: 7 | type: boolean 8 | description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)' 9 | required: false 10 | default: false 11 | runner: 12 | description: 'Target runner for this workflow' 13 | required: true 14 | type: choice 15 | options: 16 | - ubuntu-22.04 17 | - self-hosted 18 | default: 'ubuntu-22.04' 19 | repo-url: 20 | description: 'URL for the Proxmox kernel repository' 21 | required: false 22 | type: string 23 | default: 'git://git.proxmox.com/git/pve-kernel.git' 24 | branch: 25 | description: 'Branch to build' 26 | required: true 27 | type: string 28 | upload-artifacts: 29 | description: 'Upload artifacts' 30 | required: false 31 | type: boolean 32 | default: true 33 | display-top-disk-usages: 34 | description: 'Display top packages and folders by size' 35 | required: false 36 | type: boolean 37 | default: false 38 | 39 | workflow_call: 40 | inputs: 41 | tmate_debug_enabled: 42 | type: boolean 43 | description: 'Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate)' 44 | required: false 45 | default: false 46 | runner: 47 | description: 'Target runner for this workflow' 48 | type: string 49 | default: 'ubuntu-22.04' 50 | repo-url: 51 | description: 'URL for the Proxmox kernel repository' 52 | required: false 53 | type: string 54 | default: 'git://git.proxmox.com/git/pve-kernel.git' 55 | branch: 56 | description: 'Branch to build' 57 | required: true 58 | type: string 59 | upload-artifacts: 60 | description: 'Control whether artifacts should be uploaded' 61 | required: false 62 | type: boolean 63 | default: true 64 | display-top-disk-usages: 65 | description: 'Display top packages and folders by size' 66 | required: false 67 | type: boolean 68 | default: false 69 | outputs: 70 | build-successful: 71 | description: 'Build was successful' 72 | value: ${{ jobs.build.outputs.build-successful }} 73 | kernel-version: 74 | description: 'Kernel version built' 75 | value: ${{ jobs.build.outputs.kernel-version }} 76 | artifacts-name: 77 | description: 'Artifact named used' 78 | value: ${{ jobs.build.outputs.artifacts-name }} 79 | 80 | env: 81 | DEBIAN_RELEASE: bullseye 82 | 83 | jobs: 84 | build: 85 | name: Build PVE kernel 86 | runs-on: ${{ inputs.runner }} 87 | outputs: 88 | build-successful: ${{ steps.docker-build.outputs.status == 'success' }} 89 | kernel-version: ${{ steps.kernel-version.outputs.version }} 90 | # For now, use kernel version as the artifacts name 91 | artifacts-name: ${{ steps.kernel-version.outputs.version }} 92 | 93 | steps: 94 | - name: Checkout 95 | uses: actions/checkout@master 96 | 97 | - name: Cleanup 98 | env: 99 | DEBIAN_FRONTEND: noninteractive 100 | run: | 101 | set -x 102 | echo "Disk usage: start" 103 | df -h 104 | sudo -E apt-get update 105 | packages="'aspnetcore-targeting-pack.*' '^dotnet-.*' '^temurin-.*-jdk' '^llvm-.*' 'php.*' google-cloud-sdk google-cloud-cli \ 106 | azure-cli microsoft-edge-stable google-chrome-stable firefox 'openjdk-11-.*' powershell 'postgresql-.*' 'mysql-.*-core-.*' \ 107 | mono-devel 'mono-llvm-.*' 'gfortran-.*'" 108 | # Adding cat at the end to reset the exit status to 0 in case grep doesn't find anything 109 | packages_to_remove=$(dpkg -l | grep -E '^ii' | awk '{ print $2 }' | eval grep -E $(printf " -e %s" $packages) | cat) 110 | if [ -n "${packages_to_remove}" ]; then 111 | echo "Removing packages: ${packages_to_remove}" 112 | sudo -E apt-get purge -y ${packages_to_remove} 113 | sudo -E apt-get autoremove -y 114 | sudo -E apt-get clean 115 | echo "Disk usage: after apt-get purge" 116 | df -h 117 | fi 118 | sudo -E rm -rf /usr/share/dotnet /usr/local/lib/android /usr/local/share/powershell /usr/local/share/chromium \ 119 | /usr/share/swift /opt/hostedtoolcache/PyPy /usr/local/julia1.10.0 /usr/local/aws-cli 120 | echo "Disk usage: after directory removals" 121 | df -h 122 | 123 | - name: Display disk usage 124 | if: inputs.display-top-disk-usages 125 | run: | 126 | set -x 127 | echo "Top packages by size:" 128 | dpkg-query -Wf '${Installed-Size}\t${Package}\n' | sort -rn | head -n 100 129 | echo "Top folders by size:" 130 | sudo -E du -d 4 -ahx / | sort -rh | head -n 100 131 | 132 | - name: Initialize environment 133 | env: 134 | DEBIAN_FRONTEND: noninteractive 135 | run: | 136 | sudo -E apt-get upgrade -y 137 | sudo -E apt-get install -y --no-install-recommends apt-utils git nano 138 | 139 | - name: Prepare container 140 | run: | 141 | docker build --build-arg DEBIAN_RELEASE=${DEBIAN_RELEASE} --build-arg REPO_URL="${{ inputs.repo-url }}" \ 142 | --build-arg REPO_BRANCH="${{ inputs.branch }}" -t pve-kernel-build . 143 | 144 | - name: Build kernel 145 | id: docker-build 146 | run: | 147 | mkdir output 148 | chmod 777 output 149 | docker run -v ${{ github.workspace }}/output:/build/output pve-kernel-build scripts/build-kernel.sh 150 | echo "status=success" >> $GITHUB_OUTPUT 151 | 152 | - name: Extract kernel version 153 | id: kernel-version 154 | run: | 155 | cd output 156 | echo "version=$(ls abi-[0-9]* | sed 's/abi/pve-kernel/g' | sed 's/-pve//g')" >> $GITHUB_OUTPUT 157 | 158 | - name: Upload build artifacts 159 | uses: actions/upload-artifact@v4 160 | if: steps.docker-build.outputs.status == 'success' && inputs.upload-artifacts 161 | with: 162 | name: ${{ steps.kernel-version.outputs.version }} 163 | path: ./output/artifacts 164 | 165 | - name: Start tmate session on failure 166 | uses: mxschmitt/action-tmate@v3 167 | if: ${{ github.event_name == 'workflow_dispatch' && inputs.tmate_debug_enabled && failure() }} 168 | -------------------------------------------------------------------------------- /.github/workflows/new-pve-kernel-release-check.yml: -------------------------------------------------------------------------------- 1 | name: Check for new PVE kernel release 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | branch: 7 | description: 'Branch to check for' 8 | type: string 9 | required: true 10 | save-new-version: 11 | description: 'Save new detected version' 12 | type: boolean 13 | default: true 14 | 15 | workflow_call: 16 | inputs: 17 | branch: 18 | description: 'Branch to check for' 19 | type: string 20 | required: true 21 | save-new-version: 22 | description: 'Save new detected version' 23 | type: boolean 24 | default: true 25 | secrets: 26 | token: 27 | description: 'Token used in privileged operations' 28 | required: false 29 | email_connection_url: 30 | description: 'Connection string used to connect to SMTP server' 31 | required: true 32 | email_recipients: 33 | description: 'List of recipients for notification emails' 34 | required: true 35 | 36 | env: 37 | DEBIAN_FRONTEND: noninteractive 38 | TOKEN: ${{ secrets.token }} 39 | VERSION_AVAILABLE_FILE_PATH: '${{ github.workspace }}/config/${{ inputs.branch }}/version_available' 40 | VERSION_BUILT_FILE_PATH: '${{ github.workspace }}/config/${{ inputs.branch }}/version_built' 41 | 42 | jobs: 43 | check-for-new-kernel: 44 | name: Check for new kernel release 45 | runs-on: ubuntu-latest 46 | outputs: 47 | new-kernel-available: ${{ steps.check-version.outputs.status != 'up-to-date' }} 48 | kernel-version: ${{ steps.check-version.outputs.kernel-version }} 49 | proxmox-version: ${{ steps.check-version.outputs.proxmox-version }} 50 | 51 | steps: 52 | - name: Set Git token (if needed) 53 | if: env.TOKEN == '' 54 | env: 55 | TOK: ${{ secrets.GITHUB_TOKEN }} 56 | run: | 57 | echo "TOKEN=${TOK}" > $GITHUB_ENV 58 | 59 | - name: Checkout Sources 60 | uses: actions/checkout@main 61 | with: 62 | token: ${{ env.TOKEN }} 63 | 64 | - name: Initialize environment 65 | run: | 66 | sudo -E apt-get update 67 | sudo -E apt install -y curl 68 | 69 | - name: Check for latest kernel version 70 | id: check-version 71 | run: | 72 | cur_abi_ver="" 73 | if [[ -e ${VERSION_AVAILABLE_FILE_PATH} ]]; then 74 | cur_abi_ver=`yq .version.kernel ${VERSION_AVAILABLE_FILE_PATH}` 75 | fi 76 | echo "Cached kernel ABI version for branch ${{ inputs.branch }}: ${cur_abi_ver}" 77 | proxmox_ver=`curl -s "https://git.proxmox.com/?p=pve-kernel-meta.git;a=shortlog;h=refs/heads/${{ inputs.branch }}" | \ 78 | grep -oP "bump version to \K[^<]*" | head -n 1` 79 | url="https://git.proxmox.com/?p=pve-kernel.git;a=shortlog;h=refs/heads/${{ inputs.branch }}" 80 | payload=`wget $url -qO shortlog.html` 81 | ver=`grep -oP "bump version to \K[^<,]+" shortlog.html | head -n 1` 82 | abi_ver=`grep -oP "update ABI file for \K[^<,]+" shortlog.html | head -n 1` 83 | #kernel_ver="pve-kernel-${abi_ver}-${ver}" 84 | echo "Current kernel version: ${ver} (ABI version: ${abi_ver})" 85 | if [[ ${abi_ver} == ${cur_abi_ver} ]]; then 86 | echo "Current kernel ABI version ${abi_ver} for branch ${{ inputs.branch }} is up to date. Checking latest built kernel..." 87 | built_abi_ver="" 88 | if [[ -e ${VERSION_BUILT_FILE_PATH} ]]; then 89 | built_abi_ver=`yq .version.kernel ${VERSION_BUILT_FILE_PATH}` 90 | fi 91 | echo "Last built kernel version for branch ${{ inputs.branch }}: ${built_abi_ver}" 92 | if [[ ${abi_ver} == ${built_abi_ver} ]]; then 93 | echo "Built kernel ABI version ${abi_ver} for branch ${{ inputs.branch }} is up to date. Nothing to do." 94 | echo "status=up-to-date" >> $GITHUB_OUTPUT 95 | else 96 | echo "Built kernel ABI version and available kernel ABI version are out of sync. Will trigger a build..." 97 | echo "kernel-version=${abi_ver}" >> $GITHUB_OUTPUT 98 | echo "proxmox-version=${proxmox_ver}" >> $GITHUB_OUTPUT 99 | echo "status=needs-build" >> $GITHUB_OUTPUT 100 | fi 101 | else 102 | echo "New kernel ABI version avaiable for branch ${{ inputs.branch }}: ${abi_ver}. Will trigger a build." 103 | mkdir -p `dirname ${VERSION_AVAILABLE_FILE_PATH}` 104 | sudo echo -e "version:\n proxmox: ${proxmox_ver}\n kernel: ${abi_ver}" > ${VERSION_AVAILABLE_FILE_PATH} 105 | echo "kernel-version=${abi_ver}" >> $GITHUB_OUTPUT 106 | echo "proxmox-version=${proxmox_ver}" >> $GITHUB_OUTPUT 107 | echo "status=save-kernel-version-and-build" >> $GITHUB_OUTPUT 108 | fi 109 | rm -f shortlog.html 110 | 111 | - name: Save new available kernel version 112 | continue-on-error: true 113 | if: inputs.save-new-version && steps.check-version.outputs.status == 'save-kernel-version-and-build' 114 | run: | 115 | git config --local user.email "github-actions@github.com" 116 | git config --local user.name "Github Actions" 117 | git pull 118 | git add config/** 119 | git commit -m 'Update available kernel version for branch ${{ inputs.branch }} to ${{ steps.check-version.outputs.kernel-version }}' 120 | git push 121 | 122 | - name: Send new kernel version email 123 | if: steps.check-version.outputs.status == 'save-kernel-version-and-build' 124 | uses: dawidd6/action-send-mail@v3 125 | with: 126 | # Specify connection via URL (replaces server_address, server_port, secure, 127 | # username and password) 128 | # 129 | # Format: 130 | # 131 | # * smtp://user:password@server:port 132 | # * smtp+starttls://user:password@server:port 133 | connection_url: ${{ secrets.email_connection_url }} 134 | subject: "[pve-kernel-builder] New kernel version detected" 135 | to: ${{ secrets.email_recipients }} 136 | from: "GitHub Workflow @ pve-kernel-builder " 137 | html_body: | 138 | New Proxmox kernel version **${{ steps.check-version.outputs.kernel-version }}** 139 | (Proxmox version **${{ steps.check-version.outputs.proxmox-version }}**) detected! 140 | 141 | Check the new version by visiting the 142 | [workflow](https://github.com/${{ github.repository }}/actions/workflows/trigger-kernel-check.yml). 143 | convert_markdown: true 144 | # Optional priority: 'high', 'normal' (default) or 'low' 145 | priority: high 146 | 147 | debug-state: 148 | name: Debug state 149 | runs-on: ubuntu-latest 150 | needs: check-for-new-kernel 151 | steps: 152 | - name: print state 153 | run: | 154 | echo "new-kernel-available: ${{ needs.check-for-new-kernel.outputs.new-kernel-available }}" 155 | 156 | build-kernel: 157 | name: Build new kernel 158 | needs: check-for-new-kernel 159 | if: needs.check-for-new-kernel.outputs.new-kernel-available == 'true' 160 | uses: ./.github/workflows/build-pve-kernel.yml 161 | with: 162 | branch: ${{ inputs.branch }} 163 | 164 | save-built-kernel-version: 165 | name: Save new kernel version 166 | runs-on: ubuntu-latest 167 | needs: [check-for-new-kernel, build-kernel] 168 | if: inputs.save-new-version && needs.build-kernel.outputs.build-successful == 'true' 169 | permissions: 170 | contents: write 171 | steps: 172 | - name: Set Git token (if needed) 173 | if: env.TOKEN == '' 174 | env: 175 | TOK: ${{ secrets.GITHUB_TOKEN }} 176 | run: | 177 | echo "TOKEN=${TOK}" > $GITHUB_ENV 178 | 179 | - name: Checkout Sources 180 | uses: actions/checkout@main 181 | with: 182 | token: ${{ env.TOKEN }} 183 | 184 | - name: Save new built kernel version 185 | run: | 186 | version_built_file_path='${{ github.workspace }}/config/${{ inputs.branch }}/version_built' 187 | sudo echo -e "version:" > ${version_built_file_path} 188 | sudo echo -e " proxmox: ${{ needs.check-for-new-kernel.outputs.proxmox-version }}" >> ${version_built_file_path} 189 | sudo echo -e " kernel: ${{ needs.check-for-new-kernel.outputs.kernel-version }}" >> ${version_built_file_path} 190 | git config --local user.email "github-actions@github.com" 191 | git config --local user.name "Github Actions" 192 | git pull 193 | git add config/** 194 | git commit -m 'Update built kernel version for branch ${{ inputs.branch }} to ${{ needs.check-for-new-kernel.outputs.kernel-version }}' 195 | git push 196 | 197 | release-new-kernel: 198 | name: Release new kernel 199 | needs: [check-for-new-kernel, build-kernel] 200 | if: needs.build-kernel.outputs.build-successful == 'true' 201 | secrets: inherit 202 | uses: ./.github/workflows/release-kernel.yml 203 | with: 204 | artifact-name: ${{ needs.build-kernel.outputs.artifacts-name }} 205 | kernel-version: ${{ needs.check-for-new-kernel.outputs.kernel-version }} 206 | proxmox-version: ${{ needs.check-for-new-kernel.outputs.proxmox-version }} 207 | 208 | notify-new-release: 209 | name: Notify of new kernel release 210 | runs-on: ubuntu-latest 211 | needs: [check-for-new-kernel, release-new-kernel] 212 | if: needs.release-new-kernel.result == 'success' 213 | steps: 214 | - name: Send new kernel version email 215 | uses: dawidd6/action-send-mail@v3 216 | with: 217 | # Specify connection via URL (replaces server_address, server_port, secure, 218 | # username and password) 219 | # 220 | # Format: 221 | # 222 | # * smtp://user:password@server:port 223 | # * smtp+starttls://user:password@server:port 224 | connection_url: ${{ secrets.email_connection_url }} 225 | subject: "[pve-kernel-builder] New Release Available for Publishing" 226 | to: ${{ secrets.email_recipients }} 227 | from: "GitHub Workflow @ pve-kernel-builder " 228 | html_body: | 229 | A new draft release for Proxmox kernel version **${{ needs.check-for-new-kernel.outputs.kernel-version }}** 230 | (Proxmox version **${{ needs.check-for-new-kernel.outputs.proxmox-version }}**) is available! 231 | 232 | Please go to the [releases page](https://github.com/${{ github.repository }}/releases) 233 | and publish it. 234 | convert_markdown: true 235 | # Optional priority: 'high', 'normal' (default) or 'low' 236 | priority: high 237 | --------------------------------------------------------------------------------