smcleod.net

chicken scratchings with Sam McLeod

Continuous integration for the Linux Kernel - Built within Docker

Linux Kernel CI for Debian

Github: sammcj/kernel-ci

Those of us using technologies such as Docker and BTRFS or simply trying to gain a performance edge on the competition have a lot to gain from the features and performance of recent Kernel updates (especially from 3.18 onwards).

‘Enterprise’ Linux distributions such as RHEL & variants are concerningly out of date when comes to the Kernel. Many people seem to have forgotten what Linux is… Linux IS the Kernel.

Someone said to me recently ‘Why do I need a more modern Kernel? - It never gives us problems!’ later in the conversation they alluded to a number of performance issues they were experiencing with both a database platform and with some modern containerised applications they were trying to run. Both of those issues were resolved several years ago in the Kernel which was newer than what they were running.

There’s a fine line between bleeding edge and being at the front of the game, if there’s one thing I’ve learnt about this over the past few years it’s that the Kernel gets better with age, not worse.

In addition to CI of modern Kernel images, I’ve also integrated (optional) patching for GRSecurity fixes - GRSecurity is a great line of defence for the Kernel and prevents applications doing many silly things they shouldn’t be allowed to do (Can anyone say Nodes?…).

  • Uploads publicly accessable Debian Kernel Packages to packagecloud.io
  • Includes Kernel Watcher that detects new stable kernel releases and triggers builds.
  • Supports patching the Kernel with GRSecurity
  • Tested with Gitlab-CI and Travis-CI but should work on any CI system.
  • Runs in an isolated and disposble docker container.
  • No root access required when building with Docker.
  • Both the build and the kernels Work with Debian Wheezy (7) and Jessie (8).
  • Supports uploading built packages to a remote server and adding them to reprepro