#!/usr/bin/python3 import argparse import io import os import os.path import re import shutil import subprocess import sys import tempfile def main(source, version, verify_signature): patch_dir = 'debian/patches-rt' series_name = 'series' old_series = set() new_series = set() try: with open(os.path.join(patch_dir, series_name), 'r') as series_fh: for line in series_fh: name = line.strip() if name != '' and name[0] != '#': old_series.add(name) except FileNotFoundError: pass with open(os.path.join(patch_dir, series_name), 'w') as series_fh: # Add Origin to all patch headers. def add_patch(name, source_patch, origin): path = os.path.join(patch_dir, name) try: os.unlink(path) except FileNotFoundError: pass with open(path, 'w') as patch: in_header = True for line in source_patch: if in_header and re.match(r'^(\n|[^\w\s]|Index:)', line): patch.write('Origin: %s\n' % origin) if line != '\n': patch.write('\n') in_header = False patch.write(line) new_series.add(name) if os.path.isdir(os.path.join(source, '.git')): # Export rebased branch from stable-rt git as patch series up_ver = re.sub(r'-rt\d+$', '', version) env = os.environ.copy() env['GIT_DIR'] = os.path.join(source, '.git') env['DEBIAN_KERNEL_KEYRING'] = 'rt-signing-key.pgp' if verify_signature: # Validate tag signature gpg_wrapper = os.path.join(os.getcwd(), "debian/bin/git-tag-gpg-wrapper") verify_proc = subprocess.Popen( ['git', '-c', 'gpg.program=%s' % gpg_wrapper, 'tag', '-v', 'v%s-rebase' % version], env=env) if verify_proc.wait(): raise RuntimeError("GPG tag verification failed") args = ['git', 'format-patch', 'v%s..v%s-rebase' % (up_ver, version)] format_proc = subprocess.Popen(args, cwd=patch_dir, env=env, stdout=subprocess.PIPE) with io.open(format_proc.stdout.fileno(), encoding='utf-8') \ as pipe: for line in pipe: name = line.strip('\n') with open(os.path.join(patch_dir, name)) as source_patch: patch_from = source_patch.readline() match = re.match(r'From ([0-9a-f]{40}) ', patch_from) assert match origin = ('https://git.kernel.org/cgit/linux/kernel/' 'git/rt/linux-stable-rt.git/commit?id=%s' % match.group(1)) add_patch(name, source_patch, origin) series_fh.write(line) else: # Get version and upstream version if version is None: match = re.search(r'(?:^|/)patches-(.+)\.tar\.[gx]z$', source) assert match, 'no version specified or found in filename' version = match.group(1) match = re.match(r'^(\d+\.\d+)(?:\.\d+|-rc\d+)?-rt\d+$', version) assert match, 'could not parse version string' up_ver = match.group(1) if verify_signature: # Expect an accompanying signature, and validate it source_sig = re.sub(r'.[gx]z$', '.sign', source) unxz_proc = subprocess.Popen(['xzcat', source], stdout=subprocess.PIPE) verify_output = subprocess.check_output( ['gpgv', '--status-fd', '1', '--keyring', 'debian/upstream/rt-signing-key.pgp', '--ignore-time-conflict', source_sig, '-'], stdin=unxz_proc.stdout, text=True) if unxz_proc.wait() or \ not re.search(r'^\[GNUPG:\]\s+VALIDSIG\s', verify_output, re.MULTILINE): sys.stderr.write(verify_output) raise RuntimeError("GPG signature verification failed") temp_dir = tempfile.mkdtemp(prefix='rt-genpatch', dir='debian') try: # Unpack tarball subprocess.check_call(['tar', '-C', temp_dir, '-xaf', source]) source_dir = os.path.join(temp_dir, 'patches') assert os.path.isdir(source_dir), \ 'tarball does not contain patches directory' # Copy patch series origin = ('https://www.kernel.org/pub/linux/kernel/projects/' 'rt/%s/older/patches-%s.tar.xz' % (up_ver, version)) with open(os.path.join(source_dir, 'series'), 'r') \ as source_series_fh: for line in source_series_fh: name = line.strip() if name != '' and name[0] != '#': with open(os.path.join(source_dir, name)) \ as source_patch: add_patch(name, source_patch, origin) series_fh.write(line) finally: shutil.rmtree(temp_dir) for name in new_series: if name in old_series: old_series.remove(name) else: print('Added patch', os.path.join(patch_dir, name)) for name in old_series: print('Obsoleted patch', os.path.join(patch_dir, name)) if __name__ == '__main__': parser = argparse.ArgumentParser( description='Generate or update the rt featureset patch series') parser.add_argument( 'source', metavar='SOURCE', type=str, help='tarball of patches or git repo containing the given RT-VERSION') parser.add_argument( 'version', metavar='RT-VERSION', type=str, nargs='?', help='rt kernel version (optional for tarballs)') parser.add_argument( '--verify-signature', action=argparse.BooleanOptionalAction, default=True, help='verify signature on tarball (detached in .sign file) or git tag') args = parser.parse_args() main(args.source, args.version, args.verify_signature)