diff options
Diffstat (limited to 'debian/bin')
| -rwxr-xr-x | debian/bin/buildcheck.py | 134 | ||||
| -rwxr-xr-x | debian/bin/gencontrol.py | 120 | ||||
| -rwxr-xr-x | debian/bin/test-patches | 34 |
3 files changed, 134 insertions, 154 deletions
diff --git a/debian/bin/buildcheck.py b/debian/bin/buildcheck.py index ecf265f6c1..b0e4659a5e 100755 --- a/debian/bin/buildcheck.py +++ b/debian/bin/buildcheck.py @@ -1,107 +1,73 @@ #!/usr/bin/python3 -import sys -import glob +import itertools import os +import pathlib +import sys -from debian_linux.debian import Changelog, VersionLinux - - -class CheckImage(object): - def __init__(self, config, dir, arch, featureset, flavour): - self.dir = dir - self.arch, self.featureset, self.flavour = arch, featureset, flavour +from debian_linux.config_v2 import Config +from debian_linux.kconfig import KconfigFile - self.changelog = Changelog(version=VersionLinux)[0] - self.config_entry_base = config.merge('base', arch, featureset, - flavour) - self.config_entry_build = config.merge('build', arch, featureset, - flavour) - self.config_entry_image = config.merge('image', arch, featureset, - flavour) +class CheckSecureBootConfig: + def __init__(self, config, dir, *_): + self.config = config + self.dir = pathlib.Path(dir) def __call__(self, out): - image = self.config_entry_build.get('image-file') - uncompressed_image = self.config_entry_build \ - .get('uncompressed-image-file') - - if not image: - # TODO: Bail out - return 0 - - image = os.path.join(self.dir, image) - if uncompressed_image: - uncompressed_image = os.path.join(self.dir, uncompressed_image) - fail = 0 - fail |= self.check_size(out, image, uncompressed_image) + if self.config.build.enable_signed \ + and not os.getenv('DEBIAN_KERNEL_DISABLE_SIGNED'): + kconfig = KconfigFile() + with (self.dir / '.config').open() as fh: + kconfig.read(fh) + + for name, value in [('EFI_STUB', True), + ('LOCK_DOWN_IN_EFI_SECURE_BOOT', True), + ('SYSTEM_TRUSTED_KEYS', '""')]: + if name not in kconfig: + out.write(f'Secure Boot: CONFIG_{name} is not defined\n') + fail = 1 + elif kconfig[name].value != value: + out.write(f'Secure Boot: CONFIG_{name} has wrong value:' + f' {kconfig[name].value}\n') + fail = 1 return fail - def check_size(self, out, image, uncompressed_image): - value = self.config_entry_image.get('check-size') - - if not value: - return 0 - - dtb_size = 0 - if self.config_entry_image.get('check-size-with-dtb'): - for dtb in glob.glob( - os.path.join(self.dir, 'arch', - self.config_entry_base['kernel-arch'], - 'boot/dts/*.dtb')): - dtb_size = max(dtb_size, os.stat(dtb).st_size) - - size = os.stat(image).st_size + dtb_size - - # 1% overhead is desirable in order to cope with growth - # through the lifetime of a stable release. Warn if this is - # not the case. - usage = (float(size)/value) * 100.0 - out.write('Image size %d/%d, using %.2f%%. ' % (size, value, usage)) - if size > value: - out.write('Too large. Refusing to continue.\n') - return 1 - elif usage >= 99.0: - out.write('Under 1%% space in %s. ' % self.changelog.distribution) - else: - out.write('Image fits. ') - out.write('Continuing.\n') - - # Also check the uncompressed image - if uncompressed_image and \ - self.config_entry_image.get('check-uncompressed-size'): - value = self.config_entry_image.get('check-uncompressed-size') - size = os.stat(uncompressed_image).st_size - usage = (float(size)/value) * 100.0 - out.write('Uncompressed Image size %d/%d, using %.2f%%. ' % - (size, value, usage)) - if size > value: - out.write('Too large. Refusing to continue.\n') - return 1 - elif usage >= 99.0: - out.write('Uncompressed Image Under 1%% space in %s. ' % - self.changelog.distribution) - else: - out.write('Uncompressed Image fits. ') - out.write('Continuing.\n') - - return 0 - class Main(object): - def __init__(self, dir, arch, featureset, flavour): - self.args = dir, arch, featureset, flavour - # TODO - # self.config = ConfigCoreDump(open("debian/config.defines.dump", "rb")) + checks = { + 'setup': [CheckSecureBootConfig], + 'build': [], + } + + def __init__(self, dir, arch, featureset, flavour, phase): + self.args = dir, arch, featureset, flavour + self.phase = phase + + config_dirs = [ + pathlib.Path('debian/config'), + pathlib.Path('debian/config.local'), + ] + top_config = Config.read_orig(config_dirs).merged + arch_config = next( + ac + for ac in itertools.chain.from_iterable( + kac.debianarchs for kac in top_config.kernelarchs) + if ac.name == arch + ) + fs_config = next(fsc for fsc in arch_config.featuresets + if fsc.name == featureset) + self.config = next(fc for fc in fs_config.flavours + if fc.name == flavour) def __call__(self): fail = 0 - for c in (): + for c in self.checks[self.phase]: fail |= c(self.config, *self.args)(sys.stdout) return fail diff --git a/debian/bin/gencontrol.py b/debian/bin/gencontrol.py index a992221bb0..fd7f061037 100755 --- a/debian/bin/gencontrol.py +++ b/debian/bin/gencontrol.py @@ -2,6 +2,7 @@ from __future__ import annotations +import dataclasses import json import locale import os @@ -19,7 +20,9 @@ from debian_linux.config_v2 import ( ConfigMergedFeatureset, ConfigMergedFlavour, ) +from debian_linux.dataclasses_deb822 import read_deb822, write_deb822 from debian_linux.debian import \ + PackageBuildprofile, \ PackageRelationEntry, PackageRelationGroup, \ VersionLinux, BinaryPackage from debian_linux.gencontrol import Gencontrol as Base, PackagesBundle, \ @@ -86,7 +89,7 @@ class Gencontrol(Base): makeflags['SOURCE_SUFFIX'] = vars['source_suffix'] # Prepare to generate debian/tests/control - self.tests_control = self.templates.get_tests_control('main.tests-control', vars) + self.tests_control = list(self.templates.get_tests_control('main.tests-control', vars)) def do_main_makefile( self, @@ -145,9 +148,9 @@ class Gencontrol(Base): libcdev_makeflags['ALL_LIBCDEV_MULTIARCHES'] = ' '.join(sorted(libcdev_multiarches)) for package in self.bundle.add('libc-dev', (), libcdev_makeflags, vars): - package.setdefault('Provides').extend([ + package.provides.extend([ PackageRelationGroup( - f'{package["Package"]}-{arch}-cross (= ${{binary:Version}})' + f'{package.name}-{arch}-cross (= ${{binary:Version}})' ) for arch in sorted(libcdev_debianarches) ]) @@ -210,9 +213,7 @@ class Gencontrol(Base): self.bundle.add('signed-template', (arch,), makeflags, vars, arch=arch) bundle_signed = self.bundles[f'signed-{arch}'] = \ - PackagesBundle(f'signed-{arch}', self.templates) - bundle_signed.packages['source'] = \ - self.templates.get_source_control('signed.source.control', vars)[0] + PackagesBundle(f'signed-{arch}', 'signed.source.control', vars, self.templates) with bundle_signed.open('source/lintian-overrides', 'w') as f: f.write(self.substitute( @@ -294,7 +295,7 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur # Generate compiler build-depends for native: # gcc-13 [arm64] <!cross !pkg.linux.nokernel> - self.bundle.packages['source']['Build-Depends-Arch'].merge([ + self.bundle.source.build_depends_arch.merge([ PackageRelationEntry( relation_compiler, arches={arch}, @@ -304,7 +305,7 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur # Generate compiler build-depends for cross: # gcc-13-aarch64-linux-gnu [arm64] <cross !pkg.linux.nokernel> - self.bundle.packages['source']['Build-Depends-Arch'].merge([ + self.bundle.source.build_depends_arch.merge([ PackageRelationEntry( relation_compiler, name=f'{relation_compiler.name}-{config.defs_debianarch.gnutype_package}', @@ -317,7 +318,7 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur # gcc-13-hppa64-linux-gnu [hppa] <!pkg.linux.nokernel> if gnutype := config.build.compiler_gnutype: if gnutype != config.defs_debianarch.gnutype: - self.bundle.packages['source']['Build-Depends-Arch'].merge([ + self.bundle.source.build_depends_arch.merge([ PackageRelationEntry( relation_compiler, name=f'{relation_compiler.name}-{gnutype.replace("_", "-")}', @@ -331,7 +332,7 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur # XXX: Linux uses various definitions for this, all ending with "gcc", not $CC if gnutype := config.build.compiler_gnutype_compat: if gnutype != config.defs_debianarch.gnutype: - self.bundle.packages['source']['Build-Depends-Arch'].merge([ + self.bundle.source.build_depends_arch.merge([ PackageRelationEntry( f'gcc-{gnutype.replace("_", "-")}', arches={arch}, @@ -371,7 +372,7 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur 'Conflicts', 'Breaks'): for i in getattr(config.relations.image, field.lower(), []): for package_image in packages_image: - package_image.setdefault(field).merge( + getattr(package_image, field.lower()).merge( PackageRelationGroup(i, arches={arch}) ) @@ -382,7 +383,7 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur if entry.operator is not None: entry.operator = -entry.operator for package_image in packages_image: - package_image.setdefault('Breaks').append(PackageRelationGroup([entry])) + package_image.breaks.append(PackageRelationGroup([entry])) if desc_parts := config.description.parts: # XXX: Workaround, we need to support multiple entries of the same @@ -390,12 +391,12 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur parts = list(set(desc_parts)) parts.sort() for package_image in packages_image: - desc = package_image['Description'] + desc = package_image.description for part in parts: desc.append(config.description.long[part]) desc.append_short(config.description.short[part]) - packages_headers[0]['Depends'].merge(relation_compiler_header) + packages_headers[0].depends.merge(relation_compiler_header) packages_own.extend(packages_image) packages_own.extend(packages_headers) @@ -417,14 +418,11 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur assert len(packages_meta) == 2 if ( - config.name_featureset == 'none' - and config.defs_flavour.is_default + config.defs_flavour.is_default and not self.vars['source_suffix'] ): - packages_meta[0].setdefault('Provides') \ - .append('linux-image-generic') - packages_meta[1].setdefault('Provides') \ - .append('linux-headers-generic') + packages_meta[0].provides.append('linux-image-generic') + packages_meta[1].provides.append('linux-headers-generic') packages_own.extend(packages_meta) @@ -439,25 +437,31 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur self.bundle.add('image-dbg.meta', ruleid, makeflags, vars, arch=arch) ) - # In a quick build, only build the quick flavour (if any). if ( - config.name_featureset != 'none' - or not config.defs_flavour.is_quick + config.defs_flavour.is_default + # XXX + and not self.vars['source_suffix'] ): + packages_own.extend( + self.bundle.add('image-extra-dev', ruleid, makeflags, vars, arch=arch) + ) + + # In a quick build, only build the quick flavour (if any). + if not config.defs_flavour.is_quick: for package in packages_own: - package['Build-Profiles'][0].neg.add('pkg.linux.quick') + package.build_profiles[0].neg.add('pkg.linux.quick') tests_control_image = self.templates.get_tests_control('image.tests-control', vars) for c in tests_control_image: - c.setdefault('Depends').extend( - [i['Package'] for i in packages_image_unsigned] + c.depends.extend( + [i.name for i in packages_image_unsigned] ) tests_control_headers = self.templates.get_tests_control('headers.tests-control', vars) for c in tests_control_headers: - c.setdefault('Depends').extend( - [i['Package'] for i in packages_headers] + - [i['Package'] for i in packages_image_unsigned] + c.depends.extend( + [i.name for i in packages_headers] + + [i.name for i in packages_image_unsigned] ) self.tests_control.extend(tests_control_image) @@ -503,23 +507,27 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur stdout=subprocess.PIPE, text=True, env=kw_env) - udeb_packages_base = BinaryPackage.read_rfc822(kw_proc.stdout) + assert kw_proc.stdout is not None + udeb_packages_base = list(read_deb822(BinaryPackage, kw_proc.stdout)) kw_proc.wait() if kw_proc.returncode != 0: raise RuntimeError('kernel-wedge exited with code %d' % kw_proc.returncode) - udeb_packages = [] - for package_base in udeb_packages_base: - package = package_base.copy() - # kernel-wedge currently chokes on Build-Profiles so add it now - package['Build-Profiles'] = ( - '<!noudeb !pkg.linux.nokernel !pkg.linux.quick>') - package.meta['rules-target'] = 'installer' - udeb_packages.append(package) + udeb_packages = [ + dataclasses.replace( + package_base, + # kernel-wedge currently chokes on Build-Profiles so add it now + build_profiles=PackageBuildprofile.parse( + '<!noudeb !pkg.linux.nokernel !pkg.linux.quick>', + ), + meta_rules_target='installer', + ) + for package_base in udeb_packages_base + ] makeflags_local = makeflags.copy() - makeflags_local['IMAGE_PACKAGE_NAME'] = udeb_packages[0]['Package'] + makeflags_local['IMAGE_PACKAGE_NAME'] = udeb_packages[0].name bundle_signed.add_packages( udeb_packages, @@ -528,24 +536,27 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur ) if build_signed: - udeb_packages = [] # XXX This is a hack to exclude the udebs from # the package list while still being able to # convince debhelper and kernel-wedge to go # part way to building them. - for package_base in udeb_packages_base: - package = package_base.copy() - # kernel-wedge currently chokes on Build-Profiles so add it now - package['Build-Profiles'] = ( - '<pkg.linux.udeb-unsigned-test-build !noudeb' - ' !pkg.linux.nokernel !pkg.linux.quick>') - package.meta['rules-target'] = 'installer-test' - udeb_packages.append(package) + udeb_packages = [ + dataclasses.replace( + package_base, + # kernel-wedge currently chokes on Build-Profiles so add it now + build_profiles=PackageBuildprofile.parse( + '<pkg.linux.udeb-unsigned-test-build !noudeb' + ' !pkg.linux.nokernel !pkg.linux.quick>', + ), + meta_rules_target='installer-test', + ) + for package_base in udeb_packages_base + ] self.bundle.add_packages( udeb_packages, (config.name_debianarch, config.name_featureset, config.name_flavour), - makeflags, arch=arch, check_packages=False, + makeflags_local, arch=arch, check_packages=False, ) def process_changelog(self) -> None: @@ -604,7 +615,10 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur pkg_sign_entries = {} for p in bundle.packages.values(): - if pkg_sign_pkg := p.meta.get('sign-package'): + if not isinstance(p, BinaryPackage): + continue + + if pkg_sign_pkg := p.meta_sign_package: pkg_sign_entries[pkg_sign_pkg] = { 'trusted_certs': [], 'files': [ @@ -612,7 +626,7 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur 'sig_type': e.split(':', 1)[-1], 'file': e.split(':', 1)[0], } - for e in p.meta['sign-files'].split() + for e in p.meta_sign_files ], } @@ -621,8 +635,8 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur json.dump({'packages': pkg_sign_entries}, f, indent=2) def write_tests_control(self) -> None: - self.bundle.write_rfc822(open("debian/tests/control", 'w'), - self.tests_control) + with open("debian/tests/control", 'w') as f: + write_deb822(self.tests_control, f) if __name__ == '__main__': diff --git a/debian/bin/test-patches b/debian/bin/test-patches index a85369042d..bd14d57485 100755 --- a/debian/bin/test-patches +++ b/debian/bin/test-patches @@ -6,9 +6,9 @@ shopt -s extglob # Set defaults from the running kernel arch="$(dpkg --print-architecture)" kernelabi="$(uname -r)" -ff="${kernelabi#+([^-])-@(trunk|?(rc)+([0-9])|0.@(bpo|deb+([0-9])).+([0-9]))-}" +ff="${kernelabi##+([^-])-?(@(trunk|?(rc)+([0-9])|0.@(bpo|deb+([0-9])).+([0-9]))-)}" if [ "x$ff" != "x$kernelabi" ]; then - flavour="${ff#@(openvz|rt|vserver|xen)-}" + flavour="${ff#rt-}" if [ "x$flavour" != "x$ff" ]; then featureset="${ff%-$flavour}" else @@ -97,23 +97,23 @@ mkdir $patchdir/test # Prepare a new directory for the config; override ABI name, featuresets, flavours rm -rf debian/config.local -mkdir debian/config.local debian/config.local/"$arch" debian/config.local/"$arch"/"$featureset" -cat >debian/config.local/defines <<EOF +mkdir debian/config.local debian/config.local/"$arch" +for other_fs in none rt; do + if [ "$other_fs" != "$featureset" ]; then + cat >debian/config.local/defines.toml <<EOF +[[featureset]] +name = '$other_fs' +enable = false EOF -cat >debian/config.local/"$arch"/defines <<EOF -[base] -featuresets: $featureset -EOF -cat >debian/config.local/"$arch"/"$featureset"/defines <<EOF -[base] -flavours: $flavour -EOF -if [ "$featureset" = none ]; then - # default-flavour must refer to a flavour that's enabled - cat >>debian/config.local/"$arch"/"$featureset"/defines <<EOF -default-flavour: $flavour + fi +done +cat >debian/config.local/"$arch"/defines.toml <<EOF +[[featureset]] +name = '$featureset' + +[[featureset.flavour]] +name = '$flavour' EOF -fi # Regenerate control and included rules rm -f debian/control debian/rules.gen |