From patchwork Tue Oct 8 09:01:28 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Agathe Porte X-Patchwork-Id: 1994132 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XN95V1ylrz1xvS for ; Tue, 8 Oct 2024 20:02:38 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1sy66v-00049C-Rj; Tue, 08 Oct 2024 09:02:29 +0000 Received: from smtp-relay-canonical-0.internal ([10.131.114.83] helo=smtp-relay-canonical-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1sy66t-00048C-Tk for kernel-team@lists.ubuntu.com; Tue, 08 Oct 2024 09:02:27 +0000 Received: from localhost (82-65-169-98.subs.proxad.net [82.65.169.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id A19FC3F1A8 for ; Tue, 8 Oct 2024 09:02:27 +0000 (UTC) From: Agathe Porte To: kernel-team@lists.ubuntu.com Subject: [unstable][PATCH linux-signed 5/9] UBUNTU: [Packaging] generate-control: split into functions Date: Tue, 8 Oct 2024 11:01:28 +0200 Message-ID: <20241008090221.25747-6-agathe.porte@canonical.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241008090221.25747-1-agathe.porte@canonical.com> References: <20241008090221.25747-1-agathe.porte@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" Split the full script into functions. This simplifies the understanding of what the script is doing and in which order. Signed-off-by: Agathe Porte --- debian/scripts/generate-control | 356 +++++++++++++++++--------------- 1 file changed, 193 insertions(+), 163 deletions(-) diff --git a/debian/scripts/generate-control b/debian/scripts/generate-control index 2e3e2d7..7f94a54 100755 --- a/debian/scripts/generate-control +++ b/debian/scripts/generate-control @@ -17,167 +17,197 @@ from config import Signing signing = Signing.load("debian/package.config") -for line in sys.stdin.readlines(): - line = line.replace("@SRCPKGNAME@", source_name) - line = line.replace("@SERIES@", series) - if "@DEPENDS@" in line: - for flavour, archs in signing.flavour_archs: - print( - f' linux-image-unsigned-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],' - ) - print( - f' linux-buildinfo-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],' - ) - # generate-only build-depends with a profile (activated by parameterise-ancillaries) - uci_archs = set() - for _, archs in signing.package_flavour_archs("cvm"): - uci_archs.update(archs) - for _, archs in signing.package_flavour_archs("uc"): - uci_archs.update(archs) - if uci_archs: - print( - f' ubuntu-core-initramfs [{" ".join(sorted(uci_archs))}] ,' - ) - print(f" {generate_name} (= {source_version}) ,") - for flavour, archs in signing.package_flavour_archs("extra"): - # ubuntu-core-initramfs sometime needs extra modules https://bugs.launchpad.net/bugs/2032760 - print( - f' linux-modules-extra-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(sorted(archs))}] ,' - ) - efi_archs = set() - for (arch, flavour), (stype, binary) in signing.arch_flavour_data: - if stype == "efi": - efi_archs.update([arch]) - if efi_archs: - print(f' sbsigntool [{" ".join(sorted(efi_archs))}],') - # For HMACs - print(f" openssl,") - else: - print(line, end="") - -for flavour, archs in signing.package_flavour_archs("image"): - print( - dedent( - f"""\ - - Package: linux-image-{abi_version}-{flavour} - Architecture: {" ".join(archs)} - Depends: ${{unsigned:Depends}} - Recommends: ${{unsigned:Recommends}} - Suggests: ${{unsigned:Suggests}} - Conflicts: ${{unsigned:Conflicts}} - Provides: ${{unsigned:Provides}} - Built-Using: {unsigned_name} (= {unsigned_version}) - Description: Signed kernel image {flavour} - A kernel image for {flavour}. This version of it is signed with - Canonical's signing key. - """ - ).rstrip() - ) -for flavour, archs in signing.package_flavour_archs("di"): - print( - dedent( - f"""\ - - Package: kernel-signed-image-{abi_version}-{flavour}-di - Package-Type: udeb - Section: debian-installer - Priority: extra - Provides: kernel-signed-image - Architecture: {" ".join(archs)} - Built-Using: {unsigned_name} (= {unsigned_version}) - Description: Signed kernel image {flavour} for the Debian installer - A kernel image for {flavour}. This version of it is signed with - Canonical's UEFI signing key. It is intended for the Debian installer, - it does _not_ provide a usable kernel for your full Debian system. - """ - ).rstrip() - ) -for flavour, archs in signing.package_flavour_archs("hmac"): - print( - dedent( - f"""\ - - Package: linux-image-hmac-{abi_version}-{flavour} - Build-Profiles: - Architecture: {" ".join(archs)} - Section: kernel - Priority: optional - Depends: ${{misc:Depends}}, ${{shlibs:Depends}}, linux-image-{abi_version}-{flavour} - Suggests: fips-initramfs-generic - Description: HMAC file for linux kernel image {abi_version}-{flavour} - This package contains the HMAC file for Linux kernel image for version - {abi_version}-{flavour} - """ - ).rstrip() - ) -for flavour, archs in signing.package_flavour_archs("cvm"): - # Mostly similar to image, but we don't have recommands nor conflicts - print( - dedent( - f"""\ - - Package: linux-image-{abi_version}-{flavour}-fde - Architecture: {" ".join(archs)} - Depends: ${{unsigned:Depends}} - Recommends: ${{cvm:Recommends}} - Suggests: ${{unsigned:Suggests}} - Conflicts: ${{cvm:Conflicts}} - Provides: ${{unsigned:Provides}} - Built-Using: {unsigned_name} (= {unsigned_version}) - Description: Signed kernel image {flavour} for CVM - A kernel image for {flavour}. This version of it is signed with - Canonical's signing key. - """ - ).rstrip() - ) -for flavour, archs in signing.package_flavour_archs("uc"): - depends = f"linux-modules-{abi_version}-{flavour}" - for extra_flavour, extra_archs in signing.package_flavour_archs("extra"): - if extra_flavour == flavour: - depends += f", linux-modules-extra-{abi_version}-{flavour} [{' '.join(sorted(extra_archs))}]" - # Mostly similar to image, but we don't have recommands nor conflicts - print( - dedent( - f"""\ - - Package: linux-image-uc-{abi_version}-{flavour} - Architecture: {" ".join(archs)} - Depends: {depends} - Built-Using: {unsigned_name} (= {unsigned_version}) - Description: Signed kernel image {flavour} for Ubuntu Core - A kernel image for {flavour}. This version of it is signed with - Canonical's signing key. - """ - ).rstrip() - ) -# XXX: all dbgsym packages _must_ be at the end of debian/control else the -# build will hang forever on the builder. -for flavour, archs in signing.package_flavour_archs("image"): - print( - dedent( - f"""\ - - Package: linux-image-{abi_version}-{flavour}-dbgsym - Section: devel - Architecture: {" ".join(archs)} - Depends: linux-image-unsigned-{abi_version}-{flavour}-dbgsym - Description: Signed kernel image {flavour} - A link to the debugging symbols for the {flavour} signed kernel. - """ - ).rstrip() - ) -for flavour, archs in signing.package_flavour_archs("cvm"): - print( - dedent( - f"""\ - - Package: linux-image-{abi_version}-{flavour}-fde-dbgsym - Section: devel - Architecture: {" ".join(archs)} - Depends: linux-image-unsigned-{abi_version}-{flavour}-dbgsym - Description: Signed kernel image {flavour} for CVM (debug) - A link to the debugging symbols for the {flavour} signed kernel. + +def gen_depends_uci(): + uci_archs = set() + for _, archs in signing.package_flavour_archs("cvm"): + uci_archs.update(archs) + for _, archs in signing.package_flavour_archs("uc"): + uci_archs.update(archs) + if uci_archs: + print( + f' ubuntu-core-initramfs [{" ".join(sorted(uci_archs))}] ,' + ) + + +def gen_depends_efi(): + efi_archs = set() + for (arch, flavour), (stype, binary) in signing.arch_flavour_data: + if stype == "efi": + efi_archs.update([arch]) + if efi_archs: + print(f' sbsigntool [{" ".join(sorted(efi_archs))}],') + + +def gen_depends(): + for flavour, archs in signing.flavour_archs: + print( + f' linux-image-unsigned-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],' + ) + print( + f' linux-buildinfo-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],' + ) + # generate-only build-depends with a profile (activated by parameterise-ancillaries) + gen_depends_uci() + print(f" {generate_name} (= {source_version}) ,") + for flavour, archs in signing.package_flavour_archs("extra"): + # ubuntu-core-initramfs sometime needs extra modules https://bugs.launchpad.net/bugs/2032760 + print( + f' linux-modules-extra-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(sorted(archs))}] ,' + ) + gen_depends_efi() + # For HMACs + print(f" openssl,") + + +def replace_placeholders(): + for line in sys.stdin.readlines(): + line = line.replace("@SRCPKGNAME@", source_name) + line = line.replace("@SERIES@", series) + if "@DEPENDS@" in line: + gen_depends() + else: + print(line, end="") + + +def gen_binpkgs(): + for flavour, archs in signing.package_flavour_archs("image"): + print( + dedent( + f"""\ + + Package: linux-image-{abi_version}-{flavour} + Architecture: {" ".join(archs)} + Depends: ${{unsigned:Depends}} + Recommends: ${{unsigned:Recommends}} + Suggests: ${{unsigned:Suggests}} + Conflicts: ${{unsigned:Conflicts}} + Provides: ${{unsigned:Provides}} + Built-Using: {unsigned_name} (= {unsigned_version}) + Description: Signed kernel image {flavour} + A kernel image for {flavour}. This version of it is signed with + Canonical's signing key. + """ + ).rstrip() + ) + for flavour, archs in signing.package_flavour_archs("di"): + print( + dedent( + f"""\ + + Package: kernel-signed-image-{abi_version}-{flavour}-di + Package-Type: udeb + Section: debian-installer + Priority: extra + Provides: kernel-signed-image + Architecture: {" ".join(archs)} + Built-Using: {unsigned_name} (= {unsigned_version}) + Description: Signed kernel image {flavour} for the Debian installer + A kernel image for {flavour}. This version of it is signed with + Canonical's UEFI signing key. It is intended for the Debian installer, + it does _not_ provide a usable kernel for your full Debian system. """ - ).rstrip() - ) + ).rstrip() + ) + for flavour, archs in signing.package_flavour_archs("hmac"): + print( + dedent( + f"""\ + + Package: linux-image-hmac-{abi_version}-{flavour} + Build-Profiles: + Architecture: {" ".join(archs)} + Section: kernel + Priority: optional + Depends: ${{misc:Depends}}, ${{shlibs:Depends}}, linux-image-{abi_version}-{flavour} + Suggests: fips-initramfs-generic + Description: HMAC file for linux kernel image {abi_version}-{flavour} + This package contains the HMAC file for Linux kernel image for version + {abi_version}-{flavour} + """ + ).rstrip() + ) + for flavour, archs in signing.package_flavour_archs("cvm"): + # Mostly similar to image, but we don't have recommands nor conflicts + print( + dedent( + f"""\ + + Package: linux-image-{abi_version}-{flavour}-fde + Architecture: {" ".join(archs)} + Depends: ${{unsigned:Depends}} + Recommends: ${{cvm:Recommends}} + Suggests: ${{unsigned:Suggests}} + Conflicts: ${{cvm:Conflicts}} + Provides: ${{unsigned:Provides}} + Built-Using: {unsigned_name} (= {unsigned_version}) + Description: Signed kernel image {flavour} for CVM + A kernel image for {flavour}. This version of it is signed with + Canonical's signing key. + """ + ).rstrip() + ) + for flavour, archs in signing.package_flavour_archs("uc"): + depends = f"linux-modules-{abi_version}-{flavour}" + for extra_flavour, extra_archs in signing.package_flavour_archs("extra"): + if extra_flavour == flavour: + depends += f", linux-modules-extra-{abi_version}-{flavour} [{' '.join(sorted(extra_archs))}]" + # Mostly similar to image, but we don't have recommands nor conflicts + print( + dedent( + f"""\ + + Package: linux-image-uc-{abi_version}-{flavour} + Architecture: {" ".join(archs)} + Depends: {depends} + Built-Using: {unsigned_name} (= {unsigned_version}) + Description: Signed kernel image {flavour} for Ubuntu Core + A kernel image for {flavour}. This version of it is signed with + Canonical's signing key. + """ + ).rstrip() + ) + + +def gen_dbgsym_binpkgs(): + for flavour, archs in signing.package_flavour_archs("image"): + print( + dedent( + f"""\ + + Package: linux-image-{abi_version}-{flavour}-dbgsym + Section: devel + Architecture: {" ".join(archs)} + Depends: linux-image-unsigned-{abi_version}-{flavour}-dbgsym + Description: Signed kernel image {flavour} + A link to the debugging symbols for the {flavour} signed kernel. + """ + ).rstrip() + ) + for flavour, archs in signing.package_flavour_archs("cvm"): + print( + dedent( + f"""\ + + Package: linux-image-{abi_version}-{flavour}-fde-dbgsym + Section: devel + Architecture: {" ".join(archs)} + Depends: linux-image-unsigned-{abi_version}-{flavour}-dbgsym + Description: Signed kernel image {flavour} for CVM (debug) + A link to the debugging symbols for the {flavour} signed kernel. + """ + ).rstrip() + ) + + +def main(): + replace_placeholders() + gen_binpkgs() + + # XXX: all dbgsym packages _must_ be at the end of debian/control else the + # build will hang forever on the builder. + gen_dbgsym_binpkgs() + + +if __name__ == "__main__": + main()