@@ -108,12 +108,6 @@ ifneq ($(do_tools),true)
do_tools_host=
endif
-$(foreach _m,$(all_built-in_dkms_modules), \
- $(if $(filter true,$(do_$(_m))),, \
- $(eval do_$(_m)_disable := $$(shell for m in $$$$(cat $(DROOT)/$(_m)-modules.ignore); do grep -qxF $$$$m $(prev_abidir)/../modules.ignore 2>/dev/null || echo $$$$m >> $(prev_abidir)/../modules.ignore; done)) \
- ) \
-)
-
# Either tools package needs the common source preparation
do_any_tools=$(sort $(filter-out false,$(do_linux_tools) $(do_cloud_tools)))
@@ -135,7 +129,7 @@ clean: debian/control debian/canonical-certs.pem debian/canonical-revoked-certs.
dh_clean
# normal build junk
- rm -rf $(DEBIAN)/abi/$(release)-$(revision)
+ rm -rf $(DEBIAN)/abi
rm -rf $(builddir)
rm -f $(stampdir)/stamp-*
rm -rf debian/linux-*/
@@ -101,7 +101,6 @@ export gcc?=gcc-13
GCC_BUILD_DEPENDS=\ $(gcc), $(gcc)-aarch64-linux-gnu [arm64] <cross>, $(gcc)-arm-linux-gnueabihf [armhf] <cross>, $(gcc)-powerpc64le-linux-gnu [ppc64el] <cross>, $(gcc)-riscv64-linux-gnu [riscv64] <cross>, $(gcc)-s390x-linux-gnu [s390x] <cross>, $(gcc)-x86-64-linux-gnu [amd64] <cross>,
abidir := $(CURDIR)/$(DEBIAN)/__abi.current/$(arch)
-prev_abidir := $(CURDIR)/$(DEBIAN)/abi/$(arch)
commonconfdir := $(CURDIR)/$(DEBIAN)/config
archconfdir := $(CURDIR)/$(DEBIAN)/config/$(arch)
sharedconfdir := $(CURDIR)/debian.master/config
@@ -1,15 +1,3 @@
-# Check ABI for package against last release (if not same abinum)
-abi-check-%: $(stampdir)/stamp-install-%
- @echo Debug: $@
- $(DROOT)/scripts/checks/abi-check "$*" \
- "$(prev_abidir)" "$(abidir)" $(do_skip_checks)
-
-# Check the module list against the last release (always)
-module-check-%: $(stampdir)/stamp-install-%
- @echo Debug: $@
- $(DROOT)/scripts/checks/module-check "$*" \
- "$(prev_abidir)" "$(abidir)" $(do_skip_checks)
-
# Check the signature of staging modules
module-signature-check-%: $(stampdir)/stamp-install-%
@echo Debug: $@
@@ -18,13 +6,7 @@ module-signature-check-%: $(stampdir)/stamp-install-%
"$(DROOT)/$(mods_extra_pkg_name)-$*" \
$(do_skip_checks)
-# Check the reptoline jmp/call functions against the last release.
-retpoline-check-%: $(stampdir)/stamp-install-%
- @echo Debug: $@
- $(DROOT)/scripts/checks/retpoline-check "$*" \
- "$(prev_abidir)" "$(abidir)" $(do_skip_checks)
-
-checks-%: module-check-% module-signature-check-% abi-check-% retpoline-check-%
+checks-%: module-signature-check-%
@echo Debug: $@
# Check the config against the known options list.
deleted file mode 100755
@@ -1,139 +0,0 @@
-#!/usr/bin/python3
-#
-# Check ABI changes
-#
-# To skip the ABI checks, add a file
-# debian.<foo>/abi/<arch>/ignore.abi
-# or
-# debian.<foo>/abi/<arch>/<flavor>.ignore.abi
-#
-# To ignore a list of symbols, add the symbols to the file
-# debian.<foo>/abi/abi.ignore
-#
-
-import os
-import re
-import sys
-
-def decode_symline(line):
- comps = re.sub(r'\s+', ' ', line).split(' ')
- if comps[0].startswith('EXPORT_SYMBOL'):
- stype, sloc, shash, sname = comps
- else:
- stype, shash, sname, sloc = comps[1:]
- return sname, {'type': stype, 'loc': sloc, 'hash': shash}
-
-if len(sys.argv) < 4 or len(sys.argv) > 5:
- print('Usage: abi-check <flavor> <prev_abidir> <abidir> [<skipabi>]')
- sys.exit(2)
-
-flavor, prev_abidir, abidir = sys.argv[1:4] # pylint: disable=W0632
-if len(sys.argv) > 4:
- skipabi = sys.argv[4].lower() in ['1', 'true', 'yes']
-else:
- skipabi = False
-
-print('II: Checking ABI for {}...'.format(flavor), end='')
-
-if ((os.path.exists('{}/ignore.abi'.format(prev_abidir)) or
- os.path.exists('{}/{}.ignore.abi'.format(prev_abidir, flavor)))):
- print('WW: Explicitly ignoring ABI')
- print('II: Done')
- sys.exit(0)
-
-curr_abi = '{}/{}'.format(abidir, flavor)
-prev_abi = '{}/{}'.format(prev_abidir, flavor)
-if not os.path.exists(curr_abi) or not os.path.exists(prev_abi):
- print('II: Previous or current ABI file missing!')
- print(' {}'.format(curr_abi))
- print(' {}'.format(prev_abi))
- if skipabi:
- print('WW: Explicitly asked to ignore failures')
- print('II: Done')
- sys.exit(0)
- print('EE: Missing ABI file')
- sys.exit(1)
-
-print()
-
-symbols = {}
-symbols_ignore = {}
-
-# See if we have any ignores
-print(' Reading symbols to ignore...', end='')
-ignore = 0
-prev_abi_ignore = '{}/../abi.ignore'.format(prev_abidir)
-if os.path.exists(prev_abi_ignore):
- with open(prev_abi_ignore) as fh:
- for sym in fh:
- sym = sym.strip()
- if sym.startswith('#'):
- continue
- symbols_ignore[sym] = 1
- ignore += 1
-print('read {} symbols.'.format(ignore))
-
-# Read new symbols first
-print(' Reading new symbols...', end='')
-new_count = 0
-with open('{}/{}'.format(abidir, flavor)) as fh:
- for line in fh:
- sym, vals = decode_symline(line.strip())
- symbols[sym] = vals
- new_count += 1
-print('read {} symbols.'.format(new_count))
-
-# Now the old symbols
-print(' Reading old symbols...', end='')
-old_count = 0
-with open('{}/{}'.format(prev_abidir, flavor)) as fh:
- for line in fh:
- sym, vals = decode_symline(line.strip())
- if sym not in symbols:
- symbols[sym] = {}
- symbols[sym]['old'] = vals
- old_count += 1
-print('read {} symbols.'.format(old_count))
-
-print('II: Checking for ABI changes...')
-changed_loc = 0
-changed_type = 0
-error = False
-for sym, vals in symbols.items():
- # Ignore new symbols
- if 'old' not in vals or 'loc' not in vals:
- continue
-
- # Changes in location don't hurt us, but log it anyway
- if vals['loc'] != vals['old']['loc']:
- changed_loc += 1
- print(' MOVE : {:40} : {} => {}'.format(sym, vals['old']['loc'],
- vals['loc']))
-
- # Changes from GPL to non-GPL are bad
- if ((vals['old']['type'] == 'EXPORT_SYMBOL_GPL' and
- vals['type'] != 'EXPORT_SYMBOL_GPL')):
- changed_type += 1
- if sym in symbols_ignore or vals['loc'] in symbols_ignore:
- ignored = ' (ignore)'
- else:
- ignored = ''
- error = True
- print(' TYPE : {:40} : {} => {}{}'.format(sym, vals['old']['type'],
- vals['type'], ignored))
-
-if changed_loc > 0:
- print('II: {} symbols changed location'.format(changed_loc))
-
-if changed_type > 0:
- print('II: {} symbols changed export type'.format(changed_type))
-
-if error:
- if skipabi:
- print('WW: Explicitly asked to ignore failures')
- else:
- print('EE: Symbol types changed')
- sys.exit(1)
-
-print('II: Done')
-sys.exit(0)
@@ -3,12 +3,6 @@
debian="$1"
abi="$2"
-skipabi=${3:-}
-case "${skipabi,,}" in
- 1|true|yes) skipabi=true ;;
- *) skipabi=false ;;
-esac
-
archs=$(awk '/^Architecture:/ { $1=""; for (i=1; i<=NF; i++) { if ($i != "all") { print $i }}}' debian/control | sort -u)
fail=0
@@ -19,48 +13,6 @@ failure()
fail=1
}
-abi_check()
-{
- local abidir="$1"
- local arch="$2"
- local flavour="$3"
-
- local abidir="$abidir/$arch"
-
- if [ ! -f "$abidir/$flavour" ] && \
- [ ! -f "$abidir/$flavour.ignore" ] && \
- [ ! -f "$abidir/ignore" ]
- then
- failure "$arch/$flavour ABI symbol file missing"
- fi
-
- if [ ! -f "$abidir/$flavour.modules" ] && \
- [ ! -f "$abidir/$flavour.ignore.modules" ] && \
- [ ! -f "$abidir/ignore.modules" ]
- then
- failure "$arch/$flavour ABI modules file missing"
- fi
-
- if [ ! -f "$abidir/$flavour.retpoline" ] && \
- [ ! -f "$abidir/$flavour.ignore.retpoline" ] && \
- [ ! -f "$abidir/ignore.retpoline" ]
- then
- failure "$arch/$flavour ABI retpoline file missing"
- fi
-}
-
-abi_version="$debian/abi/version"
-if ! [ -f "$abi_version" ]
-then
- failure "$abi_version ABI version file missing"
-fi
-
-version=$(cat "$abi_version")
-if [ "$abi" != "$version" ]
-then
- failure "$abi_version ABI version mismatch ($abi != $version)"
-fi
-
for arch in $archs
do
if [ ! -f "$debian/rules.d/$arch.mk" ]; then
@@ -89,9 +41,6 @@ do
failure "'CONFIG_SYSTEM_REVOCATION_KEYS=\"debian/canonical-revoked-certs.pem\"' is required"
fi
fi
- if [ "${skipabi}" = "false" ] ; then
- abi_check "$debian/abi" "$arch" "$flavour"
- fi
done
done
new file mode 100755
@@ -0,0 +1,98 @@
+#!/bin/bash
+
+debian="$1"
+abi="$2"
+
+skipabi=${3:-}
+case "${skipabi,,}" in
+ 1|true|yes) skipabi=true ;;
+ *) skipabi=false ;;
+esac
+
+archs=$(awk '/^Architecture:/ { $1=""; for (i=1; i<=NF; i++) { if ($i != "all") { print $i }}}' debian/control | sort -u)
+
+fail=0
+
+failure()
+{
+ echo "EE: $*" 1>&2
+ fail=1
+}
+
+abi_check()
+{
+ local abidir="$1"
+ local arch="$2"
+ local flavour="$3"
+
+ local abidir="$abidir/$arch"
+
+ if [ ! -f "$abidir/$flavour" ] && \
+ [ ! -f "$abidir/$flavour.ignore" ] && \
+ [ ! -f "$abidir/ignore" ]
+ then
+ failure "$arch/$flavour ABI symbol file missing"
+ fi
+
+ if [ ! -f "$abidir/$flavour.modules" ] && \
+ [ ! -f "$abidir/$flavour.ignore.modules" ] && \
+ [ ! -f "$abidir/ignore.modules" ]
+ then
+ failure "$arch/$flavour ABI modules file missing"
+ fi
+
+ if [ ! -f "$abidir/$flavour.retpoline" ] && \
+ [ ! -f "$abidir/$flavour.ignore.retpoline" ] && \
+ [ ! -f "$abidir/ignore.retpoline" ]
+ then
+ failure "$arch/$flavour ABI retpoline file missing"
+ fi
+}
+
+abi_version="$debian/abi/version"
+if ! [ -f "$abi_version" ]
+then
+ failure "$abi_version ABI version file missing"
+fi
+
+version=$(cat "$abi_version")
+if [ "$abi" != "$version" ]
+then
+ failure "$abi_version ABI version mismatch ($abi != $version)"
+fi
+
+for arch in $archs
+do
+ if [ ! -f "$debian/rules.d/$arch.mk" ]; then
+ continue
+ fi
+
+ image_pkg=$(awk -F '\\s*=\\s*' '$1 == "do_flavour_image_package" { print $2 }' "$debian/rules.d/$arch.mk")
+ if [ "$image_pkg" = "false" ]; then
+ continue
+ fi
+
+ flavours=$(
+ awk '/^\s*flavours\s*=/{
+ sub(/^\s*flavours\s*=\s*/, "");
+ print
+ }' "$debian/rules.d/$arch.mk")
+ for flavour in $flavours
+ do
+ if [ -d debian/certs ]; then
+ if ! python3 debian/scripts/misc/annotations --export -c CONFIG_SYSTEM_TRUSTED_KEYS --arch "$arch" --flavour "$flavour" | grep -q '^CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem"$' ; then
+ failure "'CONFIG_SYSTEM_TRUSTED_KEYS=\"debian/canonical-certs.pem\"' is required"
+ fi
+ fi
+ if [ -d debian/revoked-certs ]; then
+ if ! python3 debian/scripts/misc/annotations --export -c CONFIG_SYSTEM_REVOCATION_KEYS --arch "$arch" --flavour "$flavour" | grep -q '^CONFIG_SYSTEM_REVOCATION_KEYS="debian/canonical-revoked-certs.pem"$' ; then
+ failure "'CONFIG_SYSTEM_REVOCATION_KEYS=\"debian/canonical-revoked-certs.pem\"' is required"
+ fi
+ fi
+ if [ "${skipabi}" = "false" ] ; then
+ abi_check "$debian/abi" "$arch" "$flavour"
+ fi
+ done
+done
+
+exit "$fail"
deleted file mode 100755
@@ -1,131 +0,0 @@
-#!/usr/bin/python3
-#
-# Check modules changes
-#
-# To skip the modules check, add a file
-# debian.<foo>/abi/<arch>/ignore.modules
-# or
-# debian.<foo>/abi/<arch>/<flavor>.ignore.modules
-#
-# To ignore a list of modules, add the modules to the file
-# debian.<foo>/abi/modules.ignore
-#
-
-import os
-import sys
-
-if len(sys.argv) < 4 or len(sys.argv) > 5:
- print('Usage: module-check <flavor> <prev_abidir> <abidir> [<skipmodule>]')
- sys.exit(2)
-
-flavor, prev_abidir, abidir = sys.argv[1:4] # pylint: disable=W0632
-if len(sys.argv) > 4:
- skipmodule = sys.argv[4].lower() in ['1', 'true', 'yes']
-else:
- skipmodule = False
-
-print('II: Checking modules for {}...'.format(flavor), end='')
-
-if ((os.path.exists('{}/ignore.modules'.format(prev_abidir)) or
- os.path.exists('{}/{}.ignore.modules'.format(prev_abidir, flavor)))):
- print('WW: Explicitly ignoring modules')
- print('II: Done')
- sys.exit(0)
-
-curr_modules = '{}/{}.modules'.format(abidir, flavor)
-prev_modules = '{}/{}.modules'.format(prev_abidir, flavor)
-if not os.path.exists(curr_modules) or not os.path.exists(prev_modules):
- print('II: Previous or current modules file missing!')
- print(' {}'.format(curr_modules))
- print(' {}'.format(prev_modules))
- if skipmodule:
- print('WW: Explicitly asked to ignore failures')
- print('II: Done')
- sys.exit(0)
- print('EE: Missing modules file')
- sys.exit(1)
-
-print()
-
-modules = {}
-modules_ignore = {}
-
-# See if we have any ignores
-print(' Reading modules to ignore...', end='')
-ignore = 0
-prev_modules_ignore = '{}/../modules.ignore'.format(prev_abidir)
-if os.path.exists(prev_modules_ignore):
- with open(prev_modules_ignore) as fh:
- for mod in fh:
- mod = mod.strip()
- if mod.startswith('#'):
- continue
- modules_ignore[mod] = 1
- ignore += 1
-print('read {} modules.'.format(ignore))
-
-# Read new modules first
-print(' Reading new modules...', end='')
-new_count = 0
-for f in (curr_modules, curr_modules + '.builtin'):
- if not os.path.exists(f):
- continue
- with open(f) as fh:
- for mod in fh:
- mod = mod.strip()
- modules[mod] = {'new': 1}
- new_count += 1
-print('read {} modules.'.format(new_count))
-
-# Now the old modules
-print(' Reading old modules...', end='')
-old_count = 0
-for f in (prev_modules, prev_modules + '.builtin'):
- if not os.path.exists(f):
- continue
- with open(f) as fh:
- for mod in fh:
- mod = mod.strip()
- if mod not in modules:
- modules[mod] = {}
- modules[mod]['old'] = 1
- old_count += 1
-print('read {} modules.'.format(old_count))
-
-print('II: Checking for modules changes...')
-new = 0
-missing = 0
-missing_ignored = 0
-error = False
-for mod, vals in modules.items():
- # New modules
- if 'old' not in vals:
- print(' NEW: {}'.format(mod))
- new += 1
-
- # Missing modules
- if 'new' not in vals:
- missing += 0
- if mod in modules_ignore:
- ignored = ' (ignored)'
- missing_ignored += 1
- else:
- ignored = ''
- error = True
- print(' MISS : {}{}'.format(mod, ignored))
-
-if new > 0:
- print('II: {} new modules'.format(new))
-
-if missing > 0:
- print('II: {} missing modules ({} ignored)'.format(missing, missing_ignored))
-
-if error:
- if skipmodule:
- print('WW: Explicitly asked to ignore failures')
- else:
- print('EE: Missing modules')
- sys.exit(1)
-
-print('II: Done')
-sys.exit(0)
deleted file mode 100755
@@ -1,52 +0,0 @@
-#!/bin/bash
-
-flavour="$1"
-prev_abidir="$2"
-curr_abidir="$3"
-
-skipretpoline=${4:-}
-case "${skipretpoline,,}" in
- 1|true|yes) skipretpoline=true ;;
- *) skipretpoline=false ;;
-esac
-
-echo "II: Checking retpoline indirections for $flavour...";
-
-if [ "$skipretpoline" = 'true' ]; then
- echo "manual request ignoring retpoline delta"
-fi
-
-if [ -f "$prev_abidir/ignore.retpoline" -o \
- -f "$prev_abidir/$flavour.ignore.retpoline" ]; then
- echo "explicitly ignoring retpoline delta"
- skipretpoline='true'
-fi
-
-prev="$prev_abidir/$flavour.retpoline"
-curr="$curr_abidir/$flavour.retpoline"
-if [ ! -f "$prev" ]; then
- echo "previous retpoline file missing!"
- echo " $prev"
- prev="/dev/null"
-fi
-if [ ! -f "$curr" ]; then
- echo "current retpoline file missing!"
- echo " $curr"
- curr="/dev/null"
-fi
-
-echo "II: retpoline delta in this package..."
-rc=0
-diff -u "$prev" "$curr" || true
-count=$( diff -u "$prev" "$curr" | grep '^+[^+]' | wc -l )
-if [ "$count" != 0 ]; then
- rc=1
- echo "WW: $count new retpoline sequences detected"
-fi
-
-echo "II: Done";
-if [ "$skipretpoline" = 'true' -a "$rc" -ne 0 ]; then
- echo "II: ignoring errors"
- exit 0
-fi
-exit "$rc"