Message ID | 20230612105030.2242300-1-dimitri.ledkov@canonical.com |
---|---|
State | New |
Headers | show |
Series | [mantic:linux,mantic:linux-unstable] UBUNTU: [Packaging] remove the signing tarball support | expand |
On Mon, Jun 12, 2023 at 11:50:30AM +0100, Dimitri John Ledkov wrote: > All signing tarball support is now removed (previously only disabled) > as all kernels now use generate out of linux-signed to submit signing. > > Fixes: 6fecc30361 ("UBUNTU: [Packaging] neuter the signing tarball") > BugLink: https://bugs.launchpad.net/bugs/2012776 > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> Looks good to me, applied to mantic/linux-unstable. Thanks, -Andrea > --- > debian/rules.d/2-binary-arch.mk | 35 --------------------------------- > 1 file changed, 35 deletions(-) > > diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk > index b796e67dad..8ab795a5d9 100644 > --- a/debian/rules.d/2-binary-arch.mk > +++ b/debian/rules.d/2-binary-arch.mk > @@ -157,32 +157,6 @@ else > $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* > chmod 600 $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* > endif > - > -ifeq ($(uefi_signed),DISABLED) > - install -d $(signingv) > - # gzipped kernel images must be decompressed for signing > - if [[ "$(kernfile)" =~ \.gz$$ ]]; then \ > - < $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \ > - gunzip -cv > $(signingv)/$(instfile)-$(abi_release)-$*.efi; \ > - cp -p --attributes-only $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \ > - $(signingv)/$(instfile)-$(abi_release)-$*.efi; \ > - echo "GZIP=1" >> $(signingv)/$(instfile)-$(abi_release)-$*.efi.vars; \ > - else \ > - cp -p $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \ > - $(signingv)/$(instfile)-$(abi_release)-$*.efi; \ > - fi > -endif > -ifeq ($(opal_signed),DISABLED) > - install -d $(signingv) > - cp -p $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \ > - $(signingv)/$(instfile)-$(abi_release)-$*.opal; > -endif > -ifeq ($(sipl_signed),DISABLED) > - install -d $(signingv) > - cp -p $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \ > - $(signingv)/$(instfile)-$(abi_release)-$*.sipl; > -endif > - > install -d $(pkgdir)/boot > install -m644 $(builddir)/build-$*/.config \ > $(pkgdir)/boot/config-$(abi_release)-$* > @@ -840,17 +814,8 @@ ifeq ($(do_cloud_tools),true) > endif > > .PHONY: binary-debs > -binary-debs: signing = $(CURDIR)/debian/$(bin_pkg_name)-signing > -binary-debs: signingv = $(CURDIR)/debian/$(bin_pkg_name)-signing/$(release)-$(revision) > -binary-debs: signing_tar = $(src_pkg_name)_$(release)-$(revision)_$(arch).tar.gz > binary-debs: binary-perarch $(addprefix binary-,$(flavours)) > @echo Debug: $@ > -ifeq ($(any_signed),true) > - install -d $(signingv)/control > - { echo "tarball"; } >$(signingv)/control/options > - cd $(signing) && tar czvf ../../../$(signing_tar) . > - dpkg-distaddfile $(signing_tar) raw-signing - > -endif > > build-arch-deps-$(do_flavour_image_package) += $(addprefix $(stampdir)/stamp-install-,$(flavours)) > > -- > 2.34.1 > > > -- > kernel-team mailing list > kernel-team@lists.ubuntu.com > https://lists.ubuntu.com/mailman/listinfo/kernel-team
diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk index b796e67dad..8ab795a5d9 100644 --- a/debian/rules.d/2-binary-arch.mk +++ b/debian/rules.d/2-binary-arch.mk @@ -157,32 +157,6 @@ else $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* chmod 600 $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* endif - -ifeq ($(uefi_signed),DISABLED) - install -d $(signingv) - # gzipped kernel images must be decompressed for signing - if [[ "$(kernfile)" =~ \.gz$$ ]]; then \ - < $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \ - gunzip -cv > $(signingv)/$(instfile)-$(abi_release)-$*.efi; \ - cp -p --attributes-only $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \ - $(signingv)/$(instfile)-$(abi_release)-$*.efi; \ - echo "GZIP=1" >> $(signingv)/$(instfile)-$(abi_release)-$*.efi.vars; \ - else \ - cp -p $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \ - $(signingv)/$(instfile)-$(abi_release)-$*.efi; \ - fi -endif -ifeq ($(opal_signed),DISABLED) - install -d $(signingv) - cp -p $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \ - $(signingv)/$(instfile)-$(abi_release)-$*.opal; -endif -ifeq ($(sipl_signed),DISABLED) - install -d $(signingv) - cp -p $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \ - $(signingv)/$(instfile)-$(abi_release)-$*.sipl; -endif - install -d $(pkgdir)/boot install -m644 $(builddir)/build-$*/.config \ $(pkgdir)/boot/config-$(abi_release)-$* @@ -840,17 +814,8 @@ ifeq ($(do_cloud_tools),true) endif .PHONY: binary-debs -binary-debs: signing = $(CURDIR)/debian/$(bin_pkg_name)-signing -binary-debs: signingv = $(CURDIR)/debian/$(bin_pkg_name)-signing/$(release)-$(revision) -binary-debs: signing_tar = $(src_pkg_name)_$(release)-$(revision)_$(arch).tar.gz binary-debs: binary-perarch $(addprefix binary-,$(flavours)) @echo Debug: $@ -ifeq ($(any_signed),true) - install -d $(signingv)/control - { echo "tarball"; } >$(signingv)/control/options - cd $(signing) && tar czvf ../../../$(signing_tar) . - dpkg-distaddfile $(signing_tar) raw-signing - -endif build-arch-deps-$(do_flavour_image_package) += $(addprefix $(stampdir)/stamp-install-,$(flavours))
All signing tarball support is now removed (previously only disabled) as all kernels now use generate out of linux-signed to submit signing. Fixes: 6fecc30361 ("UBUNTU: [Packaging] neuter the signing tarball") BugLink: https://bugs.launchpad.net/bugs/2012776 Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> --- debian/rules.d/2-binary-arch.mk | 35 --------------------------------- 1 file changed, 35 deletions(-)