[ka:cli-build-out] ka-build: arch makepkg wrapper + sign + publish #34

New Issue

Closed

opened 2026-05-19 07:01:21 +00:00 by marfrit · 0 comments

marfrit commented 2026-05-19 07:01:21 +00:00

Owner

Copy Link

Copy Source

Per umbrella #21. ka-promote landed via #22 (resolver) and trailer normalisation via #31. Next verb.

Scope (Phase-1, minimum viable)

Given a host (ka-build <host>):

1. Locate the most-recent build/<host>/<baseline_ref>/manifest.lock (output of ka-promote). Refuse if missing — "run ka-promote first".
2. Read package.template_at from the manifest = path inside marfrit-packages to the PKGBUILD recipe (e.g. marfrit-packages/arch/linux-fresnel-fourier/PKGBUILD).
3. Stamp the template: _cumulative_b2sum from manifest.lock, pkgrel (bumped or read from manifest), _srctag from baseline.ref. Drop the cumulative.patch into the same dir as the PKGBUILD.
4. Run makepkg --syncdeps --noconfirm --cleanbuild natively on the build host. Primary: boltzmann (RK3588 native aarch64). Fallback: fermi (LXD ALARM aarch64). Hand-off via ssh.
5. Bake in the headers-pkg ln -sr parent-dir fix (README:284) — verify the PKGBUILD's headers package() does install -d before ln -sr and warn-fix if missing.
6. Sign + push: pipe the resulting *.pkg.tar.zst through marfrit-publish-arch on hertz (existing script — already does repo-add + rsync to nc).
7. Update manifest.lock with built_at, built_on_host, output pkg_path, pkg_b2sum.

Out of scope (defer to follow-ups)

• Debian .deb build path — separate verb (ka-build-deb or similar)
• distcc routing — explicitly NOT in kernel-agent manifests (feedback_kernel_agent_no_distcc)
• PKGBUILD template generation from manifest (currently the PKGBUILDs are hand-authored in marfrit-packages; ka-build stamps into them, not authors them)
• ka-build --validate-against (apply-check + bisect harness) — would mirror ka-promote's flag; nice-to-have, not blocker
• Bootstrapping the kernel-agent checkout on boltzmann (currently noether-only) — implementation will force this, capture in a Phase-2 issue

Phase-1 acceptance

• ka-build fresnel produces a linux-fresnel-fourier-7.0-1-aarch64.pkg.tar.zst that is byte-identical (modulo timestamps) to the most recent hand-built fresnel kernel package on packages.reauktion.de/arch/aarch64/.
• Parity test in tests/ka-build/ against a cached reference pkg b2sum.
• README section Bootstrap reference build cross-references ka-build for step 3 (manual recipe retained as fallback).

Implementation notes

• Language: bash (matches ka-status; the verb is mostly shell-out heavy — makepkg, ssh, scp, sign-via-existing-script). Switch to python if flow control creeps in.
• Build-host dispatch: read build_host.primary / build_host.fallback from manifest; ssh + bash heredoc. Capture stdout to build/<host>/<baseline_ref>/build.log. Save bash exit code + cargo-rc-style metadata into manifest.lock.
• Sign+publish: use existing /opt/herding/bin/marfrit-publish-arch aarch64 <pkg> on hertz — don't reimplement repo-add / signing.
• Refuse to build if git status --porcelain of marfrit-packages shows the PKGBUILD dirty — refuse silent commits.

Per umbrella #21. ka-promote landed via #22 (resolver) and trailer normalisation via #31. Next verb. ## Scope (Phase-1, minimum viable) Given a host (`ka-build <host>`): 1. Locate the most-recent `build/<host>/<baseline_ref>/manifest.lock` (output of `ka-promote`). Refuse if missing — "run ka-promote first". 2. Read `package.template_at` from the manifest = path inside marfrit-packages to the PKGBUILD recipe (e.g. `marfrit-packages/arch/linux-fresnel-fourier/PKGBUILD`). 3. Stamp the template: `_cumulative_b2sum` from manifest.lock, `pkgrel` (bumped or read from manifest), `_srctag` from `baseline.ref`. Drop the cumulative.patch into the same dir as the PKGBUILD. 4. Run `makepkg --syncdeps --noconfirm --cleanbuild` natively on the build host. Primary: `boltzmann` (RK3588 native aarch64). Fallback: `fermi` (LXD ALARM aarch64). Hand-off via ssh. 5. Bake in the headers-pkg `ln -sr` parent-dir fix (README:284) — verify the PKGBUILD's headers package() does `install -d` before `ln -sr` and warn-fix if missing. 6. Sign + push: pipe the resulting `*.pkg.tar.zst` through `marfrit-publish-arch` on hertz (existing script — already does repo-add + rsync to nc). 7. Update manifest.lock with `built_at`, `built_on_host`, output `pkg_path`, `pkg_b2sum`. ## Out of scope (defer to follow-ups) - Debian `.deb` build path — separate verb (`ka-build-deb` or similar) - distcc routing — explicitly NOT in kernel-agent manifests (`feedback_kernel_agent_no_distcc`) - PKGBUILD template **generation** from manifest (currently the PKGBUILDs are hand-authored in marfrit-packages; ka-build *stamps* into them, not authors them) - `ka-build --validate-against` (apply-check + bisect harness) — would mirror ka-promote's flag; nice-to-have, not blocker - Bootstrapping the kernel-agent checkout on boltzmann (currently noether-only) — implementation will force this, capture in a Phase-2 issue ## Phase-1 acceptance - `ka-build fresnel` produces a `linux-fresnel-fourier-7.0-1-aarch64.pkg.tar.zst` that is **byte-identical** (modulo timestamps) to the most recent hand-built fresnel kernel package on `packages.reauktion.de/arch/aarch64/`. - Parity test in `tests/ka-build/` against a cached reference pkg b2sum. - README section `Bootstrap reference build` cross-references `ka-build` for step 3 (manual recipe retained as fallback). ## Implementation notes - Language: bash (matches ka-status; the verb is mostly shell-out heavy — makepkg, ssh, scp, sign-via-existing-script). Switch to python if flow control creeps in. - Build-host dispatch: read `build_host.primary` / `build_host.fallback` from manifest; ssh + bash heredoc. Capture stdout to `build/<host>/<baseline_ref>/build.log`. Save bash exit code + cargo-rc-style metadata into `manifest.lock`. - Sign+publish: use existing `/opt/herding/bin/marfrit-publish-arch aarch64 <pkg>` on hertz — don't reimplement repo-add / signing. - Refuse to build if `git status --porcelain` of `marfrit-packages` shows the PKGBUILD dirty — refuse silent commits.

marfrit referenced this issue from a commit 2026-05-19 07:24:34 +00:00

ka-build: arch makepkg wrapper + sign + publish (closes #34)

marfrit referenced a pull request that will close this issue 2026-05-19 07:24:58 +00:00

ka-build: arch makepkg wrapper + sign + publish (closes #34) #35

marfrit closed this issue 2026-05-19 07:26:59 +00:00

marfrit referenced this issue from a commit 2026-05-19 07:27:01 +00:00

Merge pull request 'ka-build: arch makepkg wrapper + sign + publish (closes #34)' (#35) from noether/ka-build-impl into main

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

noether/ohm-pkgrel6-perseries-converged

No results found.

Labels

Clear labels

EWONTFIX

Triaged 2026-05-18: scoped out indefinitely; reopen-able if real need emerges. (HEVC-on-ampere first batch.)

area:boltzmann

Touches boltzmann host

area:fresnel

Touches fresnel host

area:patch-tree

Touches the scope-tagged patches/ tree

decision

Pending decision required (no clear default)

migration

Bootstrap-time migration from existing trees into kernel-agent layout

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

claude-ampere (Claude (ampere)) claude-boltzmann (Claude (boltzmann)) claude-noether (Claude (noether)) marfrit (Markus Fritsche)

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: marfrit/kernel-agent#34