feat: add support to Debian kernel source builds and kernel patches

base/mkosi.conf

@@ -2,11 +2,19 @@
 Architecture=x86-64
 Distribution=debian
 Release=trixie
+# KERNEL_VERSION must match a linux-source package available in this snapshot
+Mirror=https://snapshot.debian.org/archive/debian/20251113T083151Z/
 
 [Build]
 PackageCacheDirectory=mkosi.cache
 SandboxTrees=mkosi.builddir/debian-backports.sources:/etc/apt/sources.list.d/debian-backports.sources
-Environment=KERNEL_IMAGE KERNEL_VERSION
+Environment=KERNEL_VERSION=6.16
+            KERNEL_LOCALVERSION
+            FLAVOR=cloud
+            KERNEL_CONFIG_SNIPPETS=kernel/config.d
+            KERNEL_CONFIG_SNIPPETS_BASE=base/kernel/config.d
+            KERNEL_PATCHES=kernel/patches
+            KERNEL_PATCHES_BASE=base/kernel/patches
 WithNetwork=true
 
 [Output]
@@ -28,6 +36,8 @@ FinalizeScripts=base/remove-image-version.sh
 SyncScripts=base/normalize-umask.sh
 
 CleanPackageMetadata=true
+# Kernel .deb is built by kernel/mkosi.build and placed in $PACKAGEDIR
+VolatilePackages=linux-image-6.16.3-mkosi-cloud
 Packages=kmod
          systemd
          systemd-boot-efi
@@ -55,3 +65,9 @@ BuildPackages=build-essential
               zstd
               libssl-dev
               libelf-dev
+              dpkg-dev
+              debhelper
+              libdw-dev
+              python3
+              libncurses-dev
+              xz-utils

bob-common/mkosi.conf

@@ -1,5 +1,6 @@
 [Build]
-Environment=KERNEL_CONFIG_SNIPPETS=kernel/snippets/ubuntu.config KERNEL_CONFIG_SNIPPETS_BOB=bob-common/kernel.config
+Environment=KERNEL_CONFIG_SNIPPETS_BOB=bob-common/kernel/config.d
+            KERNEL_PATCHES_BOB=bob-common/kernel/patches
 WithNetwork=true
 
 [Content]

bob-l1.conf

@@ -5,9 +5,3 @@ Include=bob-l1/mkosi.conf
 
 [Config]
 Profiles=azure,gcp
-
-[Distribution]
-Mirror=https://snapshot.debian.org/archive/debian/20251113T083151Z/
-
-[Build]
-ToolsTreeMirror=https://snapshot.debian.org/archive/debian/20251113T083151Z/

bob-l2.conf

@@ -5,9 +5,3 @@ Include=bob-l2/mkosi.conf
 
 [Config]
 Profiles=gcp
-
-[Distribution]
-Mirror=https://snapshot.debian.org/archive/debian/20251113T083151Z/
-
-[Build]
-ToolsTreeMirror=https://snapshot.debian.org/archive/debian/20251113T083151Z/

buildernet/kernel/config.d/01-sane-defaults

@@ -0,0 +1,252 @@
+CONFIG_AUTOFS_FS=y
+CONFIG_BINFMT_MISC=y
+CONFIG_BLK_DEV_SR=y
+CONFIG_CDROM=y
+CONFIG_CHR_DEV_SG=y
+CONFIG_CONFIGFS_FS=y
+CONFIG_CRC_ITU_T=y
+CONFIG_CRYPTO_AEAD=y
+CONFIG_CRYPTO_AES_NI_INTEL=y
+CONFIG_CRYPTO_CRC32C_INTEL=y
+CONFIG_CRYPTO_CRC32_PCLMUL=y
+CONFIG_CRYPTO_CRCT10DIF_PCLMUL=y
+CONFIG_CRYPTO_CRYPTD=y
+CONFIG_CRYPTO_GCM=y
+CONFIG_CRYPTO_GHASH=y
+CONFIG_CRYPTO_GHASH_CLMUL_NI_INTEL=y
+CONFIG_CRYPTO_LIB_CHACHA=y
+CONFIG_CRYPTO_LIB_CHACHA20POLY1305=y
+CONFIG_CRYPTO_LIB_CURVE25519=y
+CONFIG_CRYPTO_LIB_GF128MUL=y
+CONFIG_CRYPTO_LIB_POLY1305=y
+CONFIG_CRYPTO_NULL=y
+CONFIG_CRYPTO_NULL2=y
+CONFIG_CRYPTO_SHA1_SSSE3=y
+CONFIG_CRYPTO_SHA256_SSSE3=y
+CONFIG_CRYPTO_SHA512_SSSE3=y
+CONFIG_CRYPTO_SIMD=y
+# CONFIG_DEFAULT_CUBIC is not set
+CONFIG_DEFAULT_TCP_CONG="bbr"
+CONFIG_EFIVAR_FS=y
+CONFIG_EFI_VARS_PSTORE=y
+CONFIG_FAILOVER=y
+CONFIG_FAT_FS=y
+CONFIG_FB_HYPERV=y
+CONFIG_GARP=y
+CONFIG_HAVE_KVM_IRQ_BYPASS=y
+CONFIG_HID=y
+CONFIG_HID_GENERIC=y
+CONFIG_HID_HYPERV_MOUSE=y
+CONFIG_HYPERV=y
+CONFIG_HYPERV_BALLOON=y
+CONFIG_HYPERV_KEYBOARD=y
+CONFIG_HYPERV_NET=y
+CONFIG_HYPERV_STORAGE=y
+CONFIG_HYPERV_UTILS=y
+CONFIG_HYPERV_VSOCKETS=y
+CONFIG_IKCONFIG=y
+CONFIG_INPUT_EVDEV=y
+CONFIG_INPUT_MOUSEDEV=y
+CONFIG_INTEL_RAPL=y
+CONFIG_INTEL_RAPL_CORE=y
+CONFIG_IOSF_MBI=y
+CONFIG_IP_NF_FILTER=y
+CONFIG_IP_NF_IPTABLES=y
+CONFIG_IP_NF_IPTABLES_LEGACY=y
+CONFIG_IRQ_BYPASS_MANAGER=y
+# CONFIG_KALLSYMS_ALL is not set
+# CONFIG_KSM is not set
+CONFIG_KVM=y
+CONFIG_KVM_AMD=y
+CONFIG_KVM_INTEL=y
+CONFIG_KVM_SW_PROTECTED_VM=y
+CONFIG_KVM_X86=y
+CONFIG_LLC=y
+CONFIG_MICROSOFT_MANA=y
+# CONFIG_MODULES is not set
+# CONFIG_MPTCP is not set
+CONFIG_MRP=y
+CONFIG_NETFILTER_NETLINK=y
+CONFIG_NETFILTER_NETLINK_ACCT=y
+CONFIG_NETFILTER_XTABLES=y
+# CONFIG_NETLABEL is not set
+CONFIG_NET_FAILOVER=y
+CONFIG_NLS_ASCII=y
+CONFIG_NLS_CODEPAGE_437=y
+CONFIG_PCI_HYPERV=y
+CONFIG_PCI_HYPERV_INTERFACE=y
+CONFIG_PERF_EVENTS_INTEL_RAPL=y
+# CONFIG_PROFILING is not set
+# CONFIG_RD_LZ4 is not set
+# CONFIG_RD_LZMA is not set
+# CONFIG_RD_LZO is not set
+# CONFIG_RD_XZ is not set
+CONFIG_SCSI=y
+CONFIG_SCSI_COMMON=y
+CONFIG_SCSI_FC_ATTRS=y
+CONFIG_SCSI_MOD=y
+CONFIG_SERIO_RAW=y
+CONFIG_STP=y
+CONFIG_TCP_CONG_BBR=y
+CONFIG_TDX_GUEST_DRIVER=y
+CONFIG_TLS=y
+CONFIG_TUN=y
+CONFIG_VFAT_FS=y
+CONFIG_VIRTIO_NET=y
+CONFIG_VIRTIO_VSOCKETS_COMMON=y
+CONFIG_VLAN_8021Q=y
+CONFIG_VMWARE_VMCI=y
+CONFIG_VMWARE_VMCI_VSOCKETS=y
+CONFIG_VSOCKETS=y
+CONFIG_VSOCKETS_LOOPBACK=y
+# CONFIG_BIG_KEYS is not set
+CONFIG_CRYPTO_ARCH_HAVE_LIB_CHACHA=y
+CONFIG_CRYPTO_ARCH_HAVE_LIB_CURVE25519=y
+CONFIG_CRYPTO_ARCH_HAVE_LIB_POLY1305=y
+CONFIG_CRYPTO_CHACHA20_X86_64=y
+CONFIG_CRYPTO_CURVE25519_X86=y
+CONFIG_CRYPTO_LIB_CHACHA_GENERIC=y
+CONFIG_CRYPTO_LIB_CHACHA_INTERNAL=y
+CONFIG_CRYPTO_LIB_CURVE25519_GENERIC=y
+CONFIG_CRYPTO_LIB_CURVE25519_INTERNAL=y
+CONFIG_CRYPTO_LIB_POLY1305_GENERIC=y
+CONFIG_CRYPTO_LIB_POLY1305_INTERNAL=y
+CONFIG_CRYPTO_POLY1305_X86_64=y
+CONFIG_DEFAULT_BBR=y
+CONFIG_KVM_GENERIC_MEMORY_ATTRIBUTES=y
+CONFIG_KVM_GENERIC_PRIVATE_MEM=y
+CONFIG_KVM_PRIVATE_MEM=y
+CONFIG_NET_IP_TUNNEL=y
+CONFIG_NET_UDP_TUNNEL=y
+CONFIG_TSM_REPORTS=y
+
+# CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set
+CONFIG_DEBUG_INFO_NONE=y
+
+CONFIG_BLK_DEV_DM=y
+CONFIG_CRYPTO_AUTHENC=y
+CONFIG_CRYPTO_ESSIV=y
+CONFIG_BLK_DEV_DM_BUILTIN=y
+CONFIG_BLK_MQ_STACKING=y
+CONFIG_BLOCK_HOLDER_DEPRECATED=y
+# CONFIG_CRASH_DM_CRYPT is not set
+# CONFIG_DM_AUDIT is not set
+CONFIG_DM_BUFIO=y
+# CONFIG_DM_CACHE is not set
+# CONFIG_DM_CLONE is not set
+CONFIG_DM_CRYPT=y
+# CONFIG_DM_DEBUG is not set
+# CONFIG_DM_DEBUG_BLOCK_MANAGER_LOCKING is not set
+# CONFIG_DM_DELAY is not set
+# CONFIG_DM_DUST is not set
+# CONFIG_DM_EBS is not set
+# CONFIG_DM_ERA is not set
+# CONFIG_DM_FLAKEY is not set
+# CONFIG_DM_INIT is not set
+# CONFIG_DM_INTEGRITY is not set
+# CONFIG_DM_LOG_WRITES is not set
+# CONFIG_DM_MIRROR is not set
+# CONFIG_DM_MULTIPATH is not set
+# CONFIG_DM_RAID is not set
+# CONFIG_DM_SNAPSHOT is not set
+# CONFIG_DM_SWITCH is not set
+# CONFIG_DM_THIN_PROVISIONING is not set
+# CONFIG_DM_UEVENT is not set
+# CONFIG_DM_UNSTRIPED is not set
+# CONFIG_DM_VDO is not set
+CONFIG_DM_VERITY=y
+CONFIG_DM_VERITY_FEC=y
+CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG=y
+CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_PLATFORM_KEYRING=y
+CONFIG_DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING=y
+CONFIG_DM_WRITECACHE=y
+# CONFIG_DM_ZERO is not set
+# CONFIG_DM_ZONED is not set
+CONFIG_IPE_PROP_DM_VERITY=y
+CONFIG_IPE_PROP_DM_VERITY_SIGNATURE=y
+CONFIG_REED_SOLOMON=y
+CONFIG_REED_SOLOMON_DEC8=y
+
+CONFIG_BLK_DEV_SD=y
+CONFIG_SCSI_VIRTIO=y
+CONFIG_VIRTIO_BALLOON=y
+CONFIG_VIRTIO_BLK=y
+CONFIG_VIRTIO_INPUT=y
+CONFIG_VIRTIO_MEM=y
+CONFIG_BALLOON_COMPACTION=y
+CONFIG_MEMORY_BALLOON=y
+
+# CONFIG_BCACHEFS_FS is not set
+# CONFIG_BLK_DEV_RBD is not set
+# CONFIG_BONDING is not set
+# CONFIG_BTRFS_FS is not set
+# CONFIG_CEPH_FS is not set
+# CONFIG_CIFS is not set
+# CONFIG_DUMMY is not set
+# CONFIG_EQUALIZER is not set
+# CONFIG_FS_DAX is not set
+# CONFIG_FS_ENCRYPTION is not set
+# CONFIG_FS_VERITY is not set
+# CONFIG_FUSE_FS is not set
+# CONFIG_HIBERNATION is not set
+# CONFIG_IA32_EMULATION is not set
+# CONFIG_INET6_AH is not set
+# CONFIG_INET6_ESP is not set
+# CONFIG_INET6_IPCOMP is not set
+# CONFIG_INET_AH is not set
+# CONFIG_INET_ESP is not set
+# CONFIG_INET_IPCOMP is not set
+# CONFIG_INFINIBAND is not set
+# CONFIG_IPV6_ILA is not set
+# CONFIG_IPV6_MIP6 is not set
+# CONFIG_IPV6_MROUTE is not set
+# CONFIG_IPV6_MULTIPLE_TABLES is not set
+# CONFIG_IPV6_SEG6_HMAC is not set
+# CONFIG_IPV6_SEG6_LWTUNNEL is not set
+# CONFIG_IPV6_SIT is not set
+# CONFIG_IPV6_TUNNEL is not set
+# CONFIG_IPV6_VTI is not set
+# CONFIG_IP_ADVANCED_ROUTER is not set
+# CONFIG_IP_MROUTE is not set
+# CONFIG_IP_SCTP is not set
+# CONFIG_ISO9660_FS is not set
+# CONFIG_KVM_XEN is not set
+# CONFIG_L2TP is not set
+# CONFIG_NET_FOU is not set
+# CONFIG_NET_IPGRE_DEMUX is not set
+# CONFIG_NET_IPIP is not set
+# CONFIG_NET_IPVTI is not set
+# CONFIG_NET_KEY is not set
+# CONFIG_NFSD is not set
+# CONFIG_NFS_FS is not set
+# CONFIG_NTFS3_FS is not set
+# CONFIG_RDS is not set
+# CONFIG_SMB_SERVER is not set
+# CONFIG_SURFACE_PLATFORMS is not set
+# CONFIG_SUSPEND is not set
+# CONFIG_TCP_CONG_BIC is not set
+# CONFIG_TCP_CONG_CDG is not set
+# CONFIG_TCP_CONG_DCTCP is not set
+# CONFIG_TCP_CONG_HSTCP is not set
+# CONFIG_TCP_CONG_HTCP is not set
+# CONFIG_TCP_CONG_HYBLA is not set
+# CONFIG_TCP_CONG_ILLINOIS is not set
+# CONFIG_TCP_CONG_LP is not set
+# CONFIG_TCP_CONG_NV is not set
+# CONFIG_TCP_CONG_SCALABLE is not set
+# CONFIG_TCP_CONG_VEGAS is not set
+# CONFIG_TCP_CONG_VENO is not set
+# CONFIG_TCP_CONG_WESTWOOD is not set
+# CONFIG_TCP_CONG_YEAH is not set
+# CONFIG_TIPC is not set
+# CONFIG_UDF_FS is not set
+# CONFIG_X86_ACPI_CPUFREQ_CPB is not set
+# CONFIG_X86_P4_CLOCKMOD is not set
+# CONFIG_X86_POWERNOW_K8 is not set
+# CONFIG_X86_SPEEDSTEP_CENTRINO is not set
+# CONFIG_XDP_SOCKETS is not set
+# CONFIG_XEN is not set
+# CONFIG_ZONEFS_FS is not set
+CONFIG_X86_DISABLED_FEATURE_XENPV=y
+CONFIG_X86_REQUIRED_FEATURE_PGE=y
+CONFIG_X86_REQUIRED_FEATURE_PSE=y

buildernet/kernel/config.d/02-disable-unneeded

@@ -0,0 +1,7 @@
+# CONFIG_BLK_DEV_DRBD is not set
+# CONFIG_BLK_DEV_NBD is not set
+# CONFIG_BLK_DEV_NULL_BLK is not set
+CONFIG_BLK_DEV_PCIESSD_MTIP32XX=y
+# CONFIG_BLK_DEV_UBLK is not set
+# CONFIG_NET_SCH_TEQL is not set
+# CONFIG_ZRAM is not set

buildernet/kernel/config.d/03-bbr-net-fq

@@ -0,0 +1,3 @@
+CONFIG_DEFAULT_FQ=y
+# CONFIG_DEFAULT_FQ_CODEL is not set
+CONFIG_DEFAULT_NET_SCH="fq"

buildernet/mkosi.conf

@@ -1,5 +1,7 @@
 [Build]
 Environment=LIGHTHOUSE_BINARY RETH_BINARY RBUILDER_BINARY
+            KERNEL_CONFIG_SNIPPETS_BUILDERNET=buildernet/kernel/config.d
+            KERNEL_PATCHES_BUILDERNET=buildernet/kernel/patches
 WithNetwork=true
 
 [Content]

kernel/config.d/00-no-modules

@@ -0,0 +1 @@
+# CONFIG_MODULES is not set