virtio-linux: package linux microvm image#154
Open
twitchyliquid64 wants to merge 1 commit intomainfrom
Open
Conversation
📝 WalkthroughWalkthroughAdds a new virtio-Linux kernel build: a Nickel BuildSpec ( ChangesVirtio-Linux Build System
Sequence DiagramsequenceDiagram
actor BuildSystem
participant Script
participant KernelSource
participant Artifacts
BuildSystem->>KernelSource: fetch Linux tarball (GCS)
KernelSource-->>Script: provide kernel source tree
BuildSystem->>Script: invoke build.sh (with version arg)
Script->>Script: select arch, apply defconfig and fragments
Script->>Script: enable virtio/container/security options
Script->>Script: run olddefconfig, make -j (build)
Script->>Artifacts: copy vmlinuz, config, System.map
Artifacts-->>BuildSystem: outputs available
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
Comment |
There was a problem hiding this comment.
Actionable comments posted: 2
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/virtio-linux/build.ncl`:
- Around line 53-57: The source_provenance block currently points to the GitHub
mirror (source_provenance with category and owner/repo values); replace it with
the canonical Linux upstream provenance pattern for the kernel (i.e., point
source_provenance to the official kernel.org git repository instead of
"torvalds/linux" on GitHub). Update the source_provenance fields used in the
file so they reference the canonical upstream host and repository identifiers
(the kernel.org canonical git URL/pattern) and remove the GitHub mirror values
so the package metadata correctly identifies the upstream source.
In `@packages/virtio-linux/build.sh`:
- Around line 11-13: The kernel build invokes "make defconfig" and "make
kvm_guest.config" (and the later make calls around the other block) without
specifying ARCH, so on non-x86 runners the wrong architecture may be built;
update all kernel make invocations in build.sh (the places running "make
defconfig", "make kvm_guest.config" and the subsequent make lines around the
113-119 block) to pass ARCH=x86_64 (e.g., "make ARCH=x86_64 defconfig") so the
build and the expected artifact path (arch/x86/boot/bzImage) are produced
reliably.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: 0ce47178-b6e3-464d-af09-a48991545aed
📒 Files selected for processing (2)
packages/virtio-linux/build.nclpackages/virtio-linux/build.sh
Comment on lines
+53
to
+57
| source_provenance = { | ||
| category = 'GithubRepo, | ||
| owner = "torvalds", | ||
| repo = "linux", | ||
| }, |
There was a problem hiding this comment.
Point source_provenance at canonical Linux upstream.
torvalds/linux on GitHub is a mirror, so this metadata does not describe the canonical upstream source for Linux. Please switch source_provenance to the repository’s canonical Linux provenance pattern instead of the GitHub mirror.
As per coding guidelines "Only use source_provenance to point to canonical upstream sources, not mirrors or unofficial copies".
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@packages/virtio-linux/build.ncl` around lines 53 - 57, The source_provenance
block currently points to the GitHub mirror (source_provenance with category and
owner/repo values); replace it with the canonical Linux upstream provenance
pattern for the kernel (i.e., point source_provenance to the official kernel.org
git repository instead of "torvalds/linux" on GitHub). Update the
source_provenance fields used in the file so they reference the canonical
upstream host and repository identifiers (the kernel.org canonical git
URL/pattern) and remove the GitHub mirror values so the package metadata
correctly identifies the upstream source.
Comment on lines
+11
to
+13
| make defconfig | ||
| make kvm_guest.config | ||
|
|
There was a problem hiding this comment.
Pin ARCH=x86_64 for the kernel build.
The script claims an x86_64 target and later copies arch/x86/boot/bzImage, but every make invocation still uses the builder’s default ARCH. On a non-x86 runner this can select the wrong defconfig or fail before the copy step.
Suggested fix
JOBS=$(nproc)
+export ARCH=x86_64
+BZIMAGE_PATH=arch/x86/boot/bzImage
# Start from a sensible x86_64 defconfig, then layer the upstream KVM-guest
# fragment which already turns on the common virtio + paravirt bits used
# by qemu / cloud-hypervisor / firecracker style microVMs.
make defconfig
make kvm_guest.config
@@
make -j"$JOBS" bzImage
@@
OUT=$OUTPUT_DIR/usr/share/virtio-linux
mkdir -p "$OUT"
-cp arch/x86/boot/bzImage "$OUT/bzImage"
+cp "$BZIMAGE_PATH" "$OUT/bzImage"
cp .config "$OUT/config"
cp System.map "$OUT/System.map"Also applies to: 113-119
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
In `@packages/virtio-linux/build.sh` around lines 11 - 13, The kernel build
invokes "make defconfig" and "make kvm_guest.config" (and the later make calls
around the other block) without specifying ARCH, so on non-x86 runners the wrong
architecture may be built; update all kernel make invocations in build.sh (the
places running "make defconfig", "make kvm_guest.config" and the subsequent make
lines around the 113-119 block) to pass ARCH=x86_64 (e.g., "make ARCH=x86_64
defconfig") so the build and the expected artifact path (arch/x86/boot/bzImage)
are produced reliably.
There was a problem hiding this comment.
♻️ Duplicate comments (1)
packages/virtio-linux/build.ncl (1)
53-57:⚠️ Potential issue | 🟡 Minor | ⚡ Quick winUse canonical Linux upstream in
source_provenance(still unresolved).At Line 53-57,
source_provenancestill points totorvalds/linuxon GitHub, which is a mirror rather than the canonical upstream. Please switch this metadata to the project’s canonical Linux upstream provenance form.As per coding guidelines "Only use source_provenance to point to canonical upstream sources, not mirrors or unofficial copies".
🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@packages/virtio-linux/build.ncl` around lines 53 - 57, The source_provenance block currently points to a GitHub mirror (source_provenance with category/owner/repo) and must be changed to the canonical Linux upstream provenance; update the source_provenance entry (the category and owner/repo values) to reference the official kernel upstream (the canonical kernel.org/git repository/provenance form) instead of "torvalds/linux" so the metadata points to the authoritative source.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Duplicate comments:
In `@packages/virtio-linux/build.ncl`:
- Around line 53-57: The source_provenance block currently points to a GitHub
mirror (source_provenance with category/owner/repo) and must be changed to the
canonical Linux upstream provenance; update the source_provenance entry (the
category and owner/repo values) to reference the official kernel upstream (the
canonical kernel.org/git repository/provenance form) instead of "torvalds/linux"
so the metadata points to the authoritative source.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro Plus
Run ID: d80158ac-85f7-41d7-afd8-0af69bf12c44
📒 Files selected for processing (2)
packages/virtio-linux/build.nclpackages/virtio-linux/build.sh
rumwru
approved these changes
May 7, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by CodeRabbit