summaryrefslogtreecommitdiffstats
path: root/debian/signing_templates
diff options
context:
space:
mode:
Diffstat (limited to 'debian/signing_templates')
-rw-r--r--debian/signing_templates/README.source4
-rw-r--r--debian/signing_templates/control.image.in11
-rw-r--r--debian/signing_templates/control.source.in16
-rwxr-xr-xdebian/signing_templates/rules20
-rw-r--r--debian/signing_templates/rules.real85
-rw-r--r--debian/signing_templates/source/format1
6 files changed, 137 insertions, 0 deletions
diff --git a/debian/signing_templates/README.source b/debian/signing_templates/README.source
new file mode 100644
index 000000000..f175c35b3
--- /dev/null
+++ b/debian/signing_templates/README.source
@@ -0,0 +1,4 @@
+This source package is generated by the Debian signing service from a
+template built by the linux package. It should never be updated directly.
+
+ -- Ben Hutchings <ben@decadent.org.uk> Fri, 06 Apr 2018 10:23:29 +0100
diff --git a/debian/signing_templates/control.image.in b/debian/signing_templates/control.image.in
new file mode 100644
index 000000000..0bc4f6f83
--- /dev/null
+++ b/debian/signing_templates/control.image.in
@@ -0,0 +1,11 @@
+Package: linux-image-@abiname@@localversion@
+Depends: ${unsigned:Depends}, ${misc:Depends}
+Recommends: ${unsigned:Recommends}
+Suggests: ${unsigned:Suggests}
+Breaks: ${unsigned:Breaks}
+Conflicts: linux-image-@abiname@@localversion@-unsigned
+Replaces: linux-image-@abiname@@localversion@-unsigned
+Description: ${unsigned:DescriptionShort} (signed)
+ ${unsigned:DescriptionLong}
+ .
+ ${signed:Description}
diff --git a/debian/signing_templates/control.source.in b/debian/signing_templates/control.source.in
new file mode 100644
index 000000000..ac3d07616
--- /dev/null
+++ b/debian/signing_templates/control.source.in
@@ -0,0 +1,16 @@
+Source: linux-signed-@arch@
+Section: kernel
+Priority: optional
+Maintainer: Debian Kernel Team <debian-kernel@lists.debian.org>
+Uploaders: Bastian Blank <waldi@debian.org>, maximilian attems <maks@debian.org>, Ben Hutchings <benh@debian.org>, Salvatore Bonaccorso <carnil@debian.org>
+Standards-Version: 4.2.0
+Build-Depends:
+ debhelper-compat (= 12),
+ rsync,
+ sbsigntool [amd64 arm64 i386],
+ kernel-wedge (>= 2.102~),
+ linux-kbuild-@version@
+Rules-Requires-Root: no
+Vcs-Git: https://salsa.debian.org/kernel-team/linux.git
+Vcs-Browser: https://salsa.debian.org/kernel-team/linux
+Homepage: https://www.kernel.org/
diff --git a/debian/signing_templates/rules b/debian/signing_templates/rules
new file mode 100755
index 000000000..ad6156b87
--- /dev/null
+++ b/debian/signing_templates/rules
@@ -0,0 +1,20 @@
+#!/usr/bin/make -f
+SHELL := sh -e
+
+include /usr/share/dpkg/architecture.mk
+
+build: build-arch build-indep
+build-arch:
+build-indep:
+
+clean:
+ dh_testdir
+ dh_clean
+
+binary: binary-arch binary-indep
+binary-arch: debian/control
+ dh_testdir
+ $(MAKE) -f debian/rules.gen binary-arch_$(DEB_HOST_ARCH)
+binary-indep:
+
+.PHONY: build build-arch build-indep clean binary binary-arch binary-indep
diff --git a/debian/signing_templates/rules.real b/debian/signing_templates/rules.real
new file mode 100644
index 000000000..23df05ccd
--- /dev/null
+++ b/debian/signing_templates/rules.real
@@ -0,0 +1,85 @@
+SHELL := bash -e
+
+export DH_OPTIONS
+
+build-indep:
+
+install-signed: DH_OPTIONS = -p$(PACKAGE_NAME)
+install-signed: KERNEL_VERSION = $(ABINAME)$(LOCALVERSION)
+install-signed: IMAGE_PACKAGE_NAME = linux-image-$(KERNEL_VERSION)-unsigned
+install-signed: PACKAGE_DIR = debian/$(PACKAGE_NAME)
+install-signed: SIGNATURE_DIR = debian/signatures/$(IMAGE_PACKAGE_NAME)
+install-signed:
+ mkdir -p $(PACKAGE_DIR)/boot
+ rsync -a $(patsubst %,/boot/%-$(KERNEL_VERSION),config System.map $(IMAGE_INSTALL_STEM)) \
+ $(PACKAGE_DIR)/boot/
+ if [ -f $(SIGNATURE_DIR)/boot/vmlinuz-$(KERNEL_VERSION).sig ]; then \
+ sbattach --attach $(SIGNATURE_DIR)/boot/vmlinuz-$(KERNEL_VERSION).sig \
+ $(PACKAGE_DIR)/boot/vmlinuz-$(KERNEL_VERSION); \
+ echo >> debian/$(PACKAGE_NAME).substvars 'signed:Description=The kernel image and modules are signed for use with Secure Boot.'; \
+ else \
+ echo >> debian/$(PACKAGE_NAME).substvars 'signed:Description=The modules are signed.'; \
+ fi
+ mkdir -p $(PACKAGE_DIR)/lib/modules/$(KERNEL_VERSION)
+ rsync -a $(addprefix /lib/modules/$(KERNEL_VERSION)/,kernel modules.builtin modules.builtin.modinfo modules.order) \
+ $(PACKAGE_DIR)/lib/modules/$(KERNEL_VERSION)/
+ while read path; do \
+ /usr/lib/linux-kbuild-$(VERSION)/scripts/sign-file -s \
+ $(SIGNATURE_DIR)/lib/modules/$(KERNEL_VERSION)/$$path \
+ sha256 dummy \
+ $(PACKAGE_DIR)/lib/modules/$(KERNEL_VERSION)/$${path%.sig}; \
+ done < <(find $(SIGNATURE_DIR)/lib/modules/$(KERNEL_VERSION) -name '*.sig' -printf '%P\n')
+# Copy any device tree files
+ if [ -d /usr/lib/linux-image-$(KERNEL_VERSION) ]; then \
+ mkdir -p $(PACKAGE_DIR)/usr/lib/linux-image-$(KERNEL_VERSION); \
+ rsync -a /usr/lib/linux-image-$(KERNEL_VERSION)/ \
+ $(PACKAGE_DIR)/usr/lib/linux-image-$(KERNEL_VERSION)/; \
+ fi
+# Copy bug scripts but change the info file to refer to the right package
+ mkdir -p $(PACKAGE_DIR)/usr/share/bug/$(PACKAGE_NAME)
+ rsync -a /usr/share/bug/$(IMAGE_PACKAGE_NAME)/ \
+ $(PACKAGE_DIR)/usr/share/bug/$(PACKAGE_NAME)/
+ sed -i -e 's/^PACKAGE_NAME=.*/PACKAGE_NAME=$(PACKAGE_NAME)/' \
+ -e 's/^PACKAGE_VERSION=.*/PACKAGE_VERSION=$(PACKAGE_VERSION)/' \
+ $(PACKAGE_DIR)/usr/share/bug/$(PACKAGE_NAME)/info
+ dh_install
+ dh_installchangelogs
+ ln -sf linux-image.NEWS debian/$(PACKAGE_NAME).NEWS
+ dh_installdocs
+ dh_compress
+ dh_fixperms
+ dh_installdeb
+# Copy most package relations and description from unsigned package
+ for field in Depends Suggests Recommends Breaks; do \
+ echo >> debian/$(PACKAGE_NAME).substvars "unsigned:$$field=$$(dpkg-query -f '$${'$$field'}' -W $(IMAGE_PACKAGE_NAME))"; \
+ done
+ echo >> debian/$(PACKAGE_NAME).substvars "unsigned:DescriptionShort=$$(dpkg-query -f '$${Description}' -W $(IMAGE_PACKAGE_NAME) | head -n 1)"
+ echo >> debian/$(PACKAGE_NAME).substvars "unsigned:DescriptionLong=$$(dpkg-query -f '$${Description}' -W $(IMAGE_PACKAGE_NAME) | tail -n +2 | sed -rz 's/\$$/$${}/g; s/^ //; s/\n \.?/$${Newline}/g')"
+ dh_gencontrol -- $(GENCONTROL_ARGS)
+ dh_md5sums
+ dh_builddeb
+
+install-meta: DH_OPTIONS = -p$(PACKAGE_NAME)
+install-meta:
+ dh_testdir
+ dh_prep
+ dh_bugfiles
+ dh_installdocs --link-doc=$(LINK_DOC_PACKAGE_NAME)
+ dh_compress
+ dh_fixperms
+ dh_installdeb
+ dh_gencontrol -- $(GENCONTROL_ARGS)
+ dh_md5sums
+ dh_builddeb
+
+install-udeb_$(ARCH): export KW_DEFCONFIG_DIR=/usr/share/linux-support-$(ABINAME)/installer
+install-udeb_$(ARCH): export KW_CONFIG_DIR=/usr/share/linux-support-$(ABINAME)/installer
+install-udeb_$(ARCH): DH_OPTIONS=$(PACKAGE_NAMES:%=-p%)
+install-udeb_$(ARCH):
+ dh_testdir
+ dh_prep
+ kernel-wedge install-files $(ABINAME)
+ kernel-wedge check $(PACKAGE_NAMES)
+ dh_fixperms
+ dh_gencontrol -- $(GENCONTROL_ARGS)
+ dh_builddeb
diff --git a/debian/signing_templates/source/format b/debian/signing_templates/source/format
new file mode 100644
index 000000000..89ae9db8f
--- /dev/null
+++ b/debian/signing_templates/source/format
@@ -0,0 +1 @@
+3.0 (native)