From patchwork Wed Oct 30 13:19:48 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Agathe Porte X-Patchwork-Id: 2004204 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XdnqB4FzMz1xxn for ; Thu, 31 Oct 2024 00:22:29 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1t68eD-0005sK-9Y; Wed, 30 Oct 2024 13:22:05 +0000 Received: from smtp-relay-canonical-0.internal ([10.131.114.83] helo=smtp-relay-canonical-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1t68eB-0005oT-Sc for kernel-team@lists.ubuntu.com; Wed, 30 Oct 2024 13:22:03 +0000 Received: from localhost (43-114-103-145.static.glaslokaal.nl [145.103.114.43]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id 806DE3F10A; Wed, 30 Oct 2024 13:22:03 +0000 (UTC) From: Agathe Porte To: kernel-team@lists.ubuntu.com Subject: [unstable][PATCH linux-signed v2 1/9] UBUNTU: [Packaging] generate-control: use stdin and stdout Date: Wed, 30 Oct 2024 14:19:48 +0100 Message-ID: <20241030132153.482139-2-agathe.porte@canonical.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241030132153.482139-1-agathe.porte@canonical.com> References: <20241030132153.482139-1-agathe.porte@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" To allow for easier testing of the script, use stdin to read debian/control.stub and stdout to write to debian/control. Signed-off-by: Agathe Porte --- debian/rules | 2 +- debian/scripts/generate-control | 241 ++++++++++++++++---------------- 2 files changed, 121 insertions(+), 122 deletions(-) diff --git a/debian/rules b/debian/rules index 236a129..1d8272a 100755 --- a/debian/rules +++ b/debian/rules @@ -21,7 +21,7 @@ unsigned_ver = $(shell echo $(ver) | sed -e 's/+[0-9][0-9]*$$//') # we have no binary files and we will not run the appropriate targets. pre-clean: rm -f debian/control - ./debian/scripts/generate-control $(series) $(src) $(generate_src) $(ver) $(unsigned_src) $(unsigned_ver) $(abi) + ./debian/scripts/generate-control $(series) $(src) $(generate_src) $(ver) $(unsigned_src) $(unsigned_ver) $(abi) < debian/control.stub > debian/control ./debian/scripts/parameterise-ancillaries $(abi) $(generate_src) rm -rf ./$(unsigned_ver) UNSIGNED SIGNED rm -f debian/linux-image-*.install \ diff --git a/debian/scripts/generate-control b/debian/scripts/generate-control index 1f38c58..05bd9e2 100755 --- a/debian/scripts/generate-control +++ b/debian/scripts/generate-control @@ -10,132 +10,131 @@ from config import Signing signing = Signing.load("debian/package.config") -with open("debian/control.stub") as tfd, open("debian/control", "w") as cfd: - for line in tfd: - line = line.replace("@SRCPKGNAME@", source_name) - line = line.replace("@SERIES@", series) - if "@DEPENDS@" in line: - for flavour, archs in signing.flavour_archs: - print(f' linux-image-unsigned-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],', file=cfd) - print(f' linux-buildinfo-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],', file=cfd) - # generate-only build-depends with a profile (activated by parameterise-ancillaries) - uci_archs = set() - for _, archs in signing.package_flavour_archs("cvm"): - uci_archs.update(archs) - for _, archs in signing.package_flavour_archs("uc"): - uci_archs.update(archs) - if uci_archs: - print(f' ubuntu-core-initramfs [{" ".join(sorted(uci_archs))}] ,', file=cfd) - print(f" {generate_name} (= {source_version}) ,", file=cfd) - for flavour, archs in signing.package_flavour_archs("extra"): - # ubuntu-core-initramfs sometime needs extra modules https://bugs.launchpad.net/bugs/2032760 - print(f' linux-modules-extra-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(sorted(archs))}] ,', file=cfd) - efi_archs = set() - for (arch, flavour), (stype, binary) in signing.arch_flavour_data: - if stype == 'efi': - efi_archs.update([arch]) - if efi_archs: - print(f' sbsigntool [{" ".join(sorted(efi_archs))}],', file=cfd) - # For HMACs - print(f" openssl,", file=cfd) - else: - print(line, end='', file=cfd) +for line in sys.stdin.readlines(): + line = line.replace("@SRCPKGNAME@", source_name) + line = line.replace("@SERIES@", series) + if "@DEPENDS@" in line: + for flavour, archs in signing.flavour_archs: + print(f' linux-image-unsigned-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],') + print(f' linux-buildinfo-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],') + # generate-only build-depends with a profile (activated by parameterise-ancillaries) + uci_archs = set() + for _, archs in signing.package_flavour_archs("cvm"): + uci_archs.update(archs) + for _, archs in signing.package_flavour_archs("uc"): + uci_archs.update(archs) + if uci_archs: + print(f' ubuntu-core-initramfs [{" ".join(sorted(uci_archs))}] ,') + print(f" {generate_name} (= {source_version}) ,") + for flavour, archs in signing.package_flavour_archs("extra"): + # ubuntu-core-initramfs sometime needs extra modules https://bugs.launchpad.net/bugs/2032760 + print(f' linux-modules-extra-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(sorted(archs))}] ,') + efi_archs = set() + for (arch, flavour), (stype, binary) in signing.arch_flavour_data: + if stype == 'efi': + efi_archs.update([arch]) + if efi_archs: + print(f' sbsigntool [{" ".join(sorted(efi_archs))}],') + # For HMACs + print(f" openssl,") + else: + print(line, end='') - for flavour, archs in signing.package_flavour_archs("image"): - print(dedent(f"""\ +for flavour, archs in signing.package_flavour_archs("image"): + print(dedent(f"""\ - Package: linux-image-{abi_version}-{flavour} - Architecture: {" ".join(archs)} - Depends: ${{unsigned:Depends}} - Recommends: ${{unsigned:Recommends}} - Suggests: ${{unsigned:Suggests}} - Conflicts: ${{unsigned:Conflicts}} - Provides: ${{unsigned:Provides}} - Built-Using: {unsigned_name} (= {unsigned_version}) - Description: Signed kernel image {flavour} - A kernel image for {flavour}. This version of it is signed with - Canonical's signing key. - """).rstrip(), file=cfd) - for flavour, archs in signing.package_flavour_archs("di"): - print(dedent(f"""\ + Package: linux-image-{abi_version}-{flavour} + Architecture: {" ".join(archs)} + Depends: ${{unsigned:Depends}} + Recommends: ${{unsigned:Recommends}} + Suggests: ${{unsigned:Suggests}} + Conflicts: ${{unsigned:Conflicts}} + Provides: ${{unsigned:Provides}} + Built-Using: {unsigned_name} (= {unsigned_version}) + Description: Signed kernel image {flavour} + A kernel image for {flavour}. This version of it is signed with + Canonical's signing key. + """).rstrip()) +for flavour, archs in signing.package_flavour_archs("di"): + print(dedent(f"""\ - Package: kernel-signed-image-{abi_version}-{flavour}-di - Package-Type: udeb - Section: debian-installer - Priority: extra - Provides: kernel-signed-image - Architecture: {" ".join(archs)} - Built-Using: {unsigned_name} (= {unsigned_version}) - Description: Signed kernel image {flavour} for the Debian installer - A kernel image for {flavour}. This version of it is signed with - Canonical's UEFI signing key. It is intended for the Debian installer, - it does _not_ provide a usable kernel for your full Debian system. - """).rstrip(), file=cfd) - for flavour, archs in signing.package_flavour_archs("hmac"): - print(dedent(f"""\ + Package: kernel-signed-image-{abi_version}-{flavour}-di + Package-Type: udeb + Section: debian-installer + Priority: extra + Provides: kernel-signed-image + Architecture: {" ".join(archs)} + Built-Using: {unsigned_name} (= {unsigned_version}) + Description: Signed kernel image {flavour} for the Debian installer + A kernel image for {flavour}. This version of it is signed with + Canonical's UEFI signing key. It is intended for the Debian installer, + it does _not_ provide a usable kernel for your full Debian system. + """).rstrip()) +for flavour, archs in signing.package_flavour_archs("hmac"): + print(dedent(f"""\ - Package: linux-image-hmac-{abi_version}-{flavour} - Build-Profiles: - Architecture: {" ".join(archs)} - Section: kernel - Priority: optional - Depends: ${{misc:Depends}}, ${{shlibs:Depends}}, linux-image-{abi_version}-{flavour} - Suggests: fips-initramfs-generic - Description: HMAC file for linux kernel image {abi_version}-{flavour} - This package contains the HMAC file for Linux kernel image for version - {abi_version}-{flavour} - """).rstrip(), file=cfd) - for flavour, archs in signing.package_flavour_archs("cvm"): - # Mostly similar to image, but we don't have recommands nor conflicts - print(dedent(f"""\ + Package: linux-image-hmac-{abi_version}-{flavour} + Build-Profiles: + Architecture: {" ".join(archs)} + Section: kernel + Priority: optional + Depends: ${{misc:Depends}}, ${{shlibs:Depends}}, linux-image-{abi_version}-{flavour} + Suggests: fips-initramfs-generic + Description: HMAC file for linux kernel image {abi_version}-{flavour} + This package contains the HMAC file for Linux kernel image for version + {abi_version}-{flavour} + """).rstrip()) +for flavour, archs in signing.package_flavour_archs("cvm"): + # Mostly similar to image, but we don't have recommands nor conflicts + print(dedent(f"""\ - Package: linux-image-{abi_version}-{flavour}-fde - Architecture: {" ".join(archs)} - Depends: ${{unsigned:Depends}} - Recommends: ${{cvm:Recommends}} - Suggests: ${{unsigned:Suggests}} - Conflicts: ${{cvm:Conflicts}} - Provides: ${{unsigned:Provides}} - Built-Using: {unsigned_name} (= {unsigned_version}) - Description: Signed kernel image {flavour} for CVM - A kernel image for {flavour}. This version of it is signed with - Canonical's signing key. - """).rstrip(), file=cfd) - for flavour, archs in signing.package_flavour_archs("uc"): - depends = f"linux-modules-{abi_version}-{flavour}" - for extra_flavour, extra_archs in signing.package_flavour_archs("extra"): - if extra_flavour == flavour: - depends += f", linux-modules-extra-{abi_version}-{flavour} [{' '.join(sorted(extra_archs))}]" - # Mostly similar to image, but we don't have recommands nor conflicts - print(dedent(f"""\ + Package: linux-image-{abi_version}-{flavour}-fde + Architecture: {" ".join(archs)} + Depends: ${{unsigned:Depends}} + Recommends: ${{cvm:Recommends}} + Suggests: ${{unsigned:Suggests}} + Conflicts: ${{cvm:Conflicts}} + Provides: ${{unsigned:Provides}} + Built-Using: {unsigned_name} (= {unsigned_version}) + Description: Signed kernel image {flavour} for CVM + A kernel image for {flavour}. This version of it is signed with + Canonical's signing key. + """).rstrip()) +for flavour, archs in signing.package_flavour_archs("uc"): + depends = f"linux-modules-{abi_version}-{flavour}" + for extra_flavour, extra_archs in signing.package_flavour_archs("extra"): + if extra_flavour == flavour: + depends += f", linux-modules-extra-{abi_version}-{flavour} [{' '.join(sorted(extra_archs))}]" + # Mostly similar to image, but we don't have recommands nor conflicts + print(dedent(f"""\ - Package: linux-image-uc-{abi_version}-{flavour} - Architecture: {" ".join(archs)} - Depends: {depends} - Built-Using: {unsigned_name} (= {unsigned_version}) - Description: Signed kernel image {flavour} for Ubuntu Core - A kernel image for {flavour}. This version of it is signed with - Canonical's signing key. - """).rstrip(), file=cfd) - # XXX: all dbgsym packages _must_ be at the end of debian/control else the - # build will hang forever on the builder. - for flavour, archs in signing.package_flavour_archs("image"): - print(dedent(f"""\ + Package: linux-image-uc-{abi_version}-{flavour} + Architecture: {" ".join(archs)} + Depends: {depends} + Built-Using: {unsigned_name} (= {unsigned_version}) + Description: Signed kernel image {flavour} for Ubuntu Core + A kernel image for {flavour}. This version of it is signed with + Canonical's signing key. + """).rstrip()) +# XXX: all dbgsym packages _must_ be at the end of debian/control else the +# build will hang forever on the builder. +for flavour, archs in signing.package_flavour_archs("image"): + print(dedent(f"""\ - Package: linux-image-{abi_version}-{flavour}-dbgsym - Section: devel - Architecture: {" ".join(archs)} - Depends: linux-image-unsigned-{abi_version}-{flavour}-dbgsym - Description: Signed kernel image {flavour} - A link to the debugging symbols for the {flavour} signed kernel. - """).rstrip(), file=cfd) - for flavour, archs in signing.package_flavour_archs("cvm"): - print(dedent(f"""\ + Package: linux-image-{abi_version}-{flavour}-dbgsym + Section: devel + Architecture: {" ".join(archs)} + Depends: linux-image-unsigned-{abi_version}-{flavour}-dbgsym + Description: Signed kernel image {flavour} + A link to the debugging symbols for the {flavour} signed kernel. + """).rstrip()) +for flavour, archs in signing.package_flavour_archs("cvm"): + print(dedent(f"""\ - Package: linux-image-{abi_version}-{flavour}-fde-dbgsym - Section: devel - Architecture: {" ".join(archs)} - Depends: linux-image-unsigned-{abi_version}-{flavour}-dbgsym - Description: Signed kernel image {flavour} for CVM (debug) - A link to the debugging symbols for the {flavour} signed kernel. - """).rstrip(), file=cfd) + Package: linux-image-{abi_version}-{flavour}-fde-dbgsym + Section: devel + Architecture: {" ".join(archs)} + Depends: linux-image-unsigned-{abi_version}-{flavour}-dbgsym + Description: Signed kernel image {flavour} for CVM (debug) + A link to the debugging symbols for the {flavour} signed kernel. + """).rstrip()) From patchwork Wed Oct 30 13:19:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Agathe Porte X-Patchwork-Id: 2004201 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XdnqB4jShz1xxy for ; Thu, 31 Oct 2024 00:22:29 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1t68eD-0005sb-Km; Wed, 30 Oct 2024 13:22:05 +0000 Received: from smtp-relay-canonical-0.internal ([10.131.114.83] helo=smtp-relay-canonical-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1t68eC-0005pj-En for kernel-team@lists.ubuntu.com; Wed, 30 Oct 2024 13:22:04 +0000 Received: from localhost (43-114-103-145.static.glaslokaal.nl [145.103.114.43]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id 24B233F10A; Wed, 30 Oct 2024 13:22:04 +0000 (UTC) From: Agathe Porte To: kernel-team@lists.ubuntu.com Subject: [unstable][PATCH linux-signed v2 2/9] UBUNTU: [Packaging] introduce debian/scripts/test-generate-control.sh Date: Wed, 30 Oct 2024 14:19:49 +0100 Message-ID: <20241030132153.482139-3-agathe.porte@canonical.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241030132153.482139-1-agathe.porte@canonical.com> References: <20241030132153.482139-1-agathe.porte@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" The goal of this script is to have some tests to run while refactoring the generate-control script to be sure that the output stays the same. It depends on some external files such as debian/control.stub and debian/package.config, but this is a first step to avoid blind refactoring. Signed-off-by: Agathe Porte --- debian/scripts/generate-control.ref | 74 +++++++++++++++++++++++++ debian/scripts/test-generate-control.sh | 17 ++++++ 2 files changed, 91 insertions(+) create mode 100644 debian/scripts/generate-control.ref create mode 100755 debian/scripts/test-generate-control.sh diff --git a/debian/scripts/generate-control.ref b/debian/scripts/generate-control.ref new file mode 100644 index 0000000..b5f016b --- /dev/null +++ b/debian/scripts/generate-control.ref @@ -0,0 +1,74 @@ +Source: linux-signed +Section: kernel +Priority: optional +Maintainer: Canonical Kernel Team +Build-Depends: + debhelper (>= 9), + lsb-release, + python3, + python3-apt, +Build-Depends-Arch: + linux-image-unsigned-6.11.0-8-generic (= 6.11.0-8.8) [amd64 arm64 s390x], + linux-buildinfo-6.11.0-8-generic (= 6.11.0-8.8) [amd64 arm64 s390x], + linux-image-unsigned-6.11.0-8-generic-64k (= 6.11.0-8.8) [arm64], + linux-buildinfo-6.11.0-8-generic-64k (= 6.11.0-8.8) [arm64], + ubuntu-core-initramfs [amd64 arm64] , + linux-generate (= 6.11.0-8.8) , + linux-modules-extra-6.11.0-8-generic (= 6.11.0-8.8) [amd64 arm64] , + sbsigntool [amd64 arm64], + openssl, +Standards-Version: 3.9.4 + +Package: linux-image-6.11.0-8-generic +Architecture: amd64 arm64 s390x +Depends: ${unsigned:Depends} +Recommends: ${unsigned:Recommends} +Suggests: ${unsigned:Suggests} +Conflicts: ${unsigned:Conflicts} +Provides: ${unsigned:Provides} +Built-Using: linux (= 6.11.0-8.8) +Description: Signed kernel image generic + A kernel image for generic. This version of it is signed with + Canonical's signing key. + +Package: linux-image-6.11.0-8-generic-64k +Architecture: arm64 +Depends: ${unsigned:Depends} +Recommends: ${unsigned:Recommends} +Suggests: ${unsigned:Suggests} +Conflicts: ${unsigned:Conflicts} +Provides: ${unsigned:Provides} +Built-Using: linux (= 6.11.0-8.8) +Description: Signed kernel image generic-64k + A kernel image for generic-64k. This version of it is signed with + Canonical's signing key. + +Package: linux-image-uc-6.11.0-8-generic +Architecture: amd64 arm64 +Depends: linux-modules-6.11.0-8-generic, linux-modules-extra-6.11.0-8-generic [amd64 arm64] +Built-Using: linux (= 6.11.0-8.8) +Description: Signed kernel image generic for Ubuntu Core + A kernel image for generic. This version of it is signed with + Canonical's signing key. + +Package: linux-image-uc-6.11.0-8-generic-64k +Architecture: arm64 +Depends: linux-modules-6.11.0-8-generic-64k +Built-Using: linux (= 6.11.0-8.8) +Description: Signed kernel image generic-64k for Ubuntu Core + A kernel image for generic-64k. This version of it is signed with + Canonical's signing key. + +Package: linux-image-6.11.0-8-generic-dbgsym +Section: devel +Architecture: amd64 arm64 s390x +Depends: linux-image-unsigned-6.11.0-8-generic-dbgsym +Description: Signed kernel image generic + A link to the debugging symbols for the generic signed kernel. + +Package: linux-image-6.11.0-8-generic-64k-dbgsym +Section: devel +Architecture: arm64 +Depends: linux-image-unsigned-6.11.0-8-generic-64k-dbgsym +Description: Signed kernel image generic-64k + A link to the debugging symbols for the generic-64k signed kernel. diff --git a/debian/scripts/test-generate-control.sh b/debian/scripts/test-generate-control.sh new file mode 100755 index 0000000..bca8940 --- /dev/null +++ b/debian/scripts/test-generate-control.sh @@ -0,0 +1,17 @@ +#!/bin/dash + +set -eux + +REFERENCE_FILE=debian/scripts/generate-control.ref + +debian/scripts/generate-control \ + oracular \ + linux-signed \ + linux-generate \ + 6.11.0-8.8 \ + linux \ + 6.11.0-8.8 6.11.0-8 \ + < debian/control.stub | diff -u "$REFERENCE_FILE" - + +# Use this line instead to refresh the reference values +# < debian/control.stub > "$REFERENCE_FILE" From patchwork Wed Oct 30 13:19:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Agathe Porte X-Patchwork-Id: 2004198 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XdnqB4Kq2z1xxq for ; Thu, 31 Oct 2024 00:22:29 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1t68eE-0005t5-QK; Wed, 30 Oct 2024 13:22:06 +0000 Received: from smtp-relay-canonical-1.internal ([10.131.114.174] helo=smtp-relay-canonical-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1t68eC-0005pt-S6 for kernel-team@lists.ubuntu.com; Wed, 30 Oct 2024 13:22:04 +0000 Received: from localhost (43-114-103-145.static.glaslokaal.nl [145.103.114.43]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id 85B863F3A7; Wed, 30 Oct 2024 13:22:04 +0000 (UTC) From: Agathe Porte To: kernel-team@lists.ubuntu.com Subject: [unstable][PATCH linux-signed v2 3/9] UBUNTU: [Packaging] generate-control: fix 'os' imported but unused Date: Wed, 30 Oct 2024 14:19:50 +0100 Message-ID: <20241030132153.482139-4-agathe.porte@canonical.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241030132153.482139-1-agathe.porte@canonical.com> References: <20241030132153.482139-1-agathe.porte@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" Signed-off-by: Agathe Porte --- debian/scripts/generate-control | 1 - 1 file changed, 1 deletion(-) diff --git a/debian/scripts/generate-control b/debian/scripts/generate-control index 05bd9e2..fe4998b 100755 --- a/debian/scripts/generate-control +++ b/debian/scripts/generate-control @@ -1,6 +1,5 @@ #!/usr/bin/python3 -B -import os import sys from textwrap import dedent From patchwork Wed Oct 30 13:19:51 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Agathe Porte X-Patchwork-Id: 2004200 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XdnqB4fhRz1xxx for ; Thu, 31 Oct 2024 00:22:29 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1t68eJ-0005wk-Oh; Wed, 30 Oct 2024 13:22:11 +0000 Received: from smtp-relay-canonical-1.internal ([10.131.114.174] helo=smtp-relay-canonical-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1t68eD-0005sL-BV for kernel-team@lists.ubuntu.com; Wed, 30 Oct 2024 13:22:05 +0000 Received: from localhost (43-114-103-145.static.glaslokaal.nl [145.103.114.43]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id 0DD2C3F3A7; Wed, 30 Oct 2024 13:22:05 +0000 (UTC) From: Agathe Porte To: kernel-team@lists.ubuntu.com Subject: [unstable][PATCH linux-signed v2 4/9] UBUNTU: [Packaging] generate-control: reformat using black Date: Wed, 30 Oct 2024 14:19:51 +0100 Message-ID: <20241030132153.482139-5-agathe.porte@canonical.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241030132153.482139-1-agathe.porte@canonical.com> References: <20241030132153.482139-1-agathe.porte@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" Signed-off-by: Agathe Porte --- debian/scripts/generate-control | 86 +++++++++++++++++++++++++-------- 1 file changed, 65 insertions(+), 21 deletions(-) diff --git a/debian/scripts/generate-control b/debian/scripts/generate-control index fe4998b..2e3e2d7 100755 --- a/debian/scripts/generate-control +++ b/debian/scripts/generate-control @@ -5,7 +5,15 @@ from textwrap import dedent from config import Signing -(series, source_name, generate_name, source_version, unsigned_name, unsigned_version, abi_version) = sys.argv[1:] +( + series, + source_name, + generate_name, + source_version, + unsigned_name, + unsigned_version, + abi_version, +) = sys.argv[1:] signing = Signing.load("debian/package.config") @@ -14,8 +22,12 @@ for line in sys.stdin.readlines(): line = line.replace("@SERIES@", series) if "@DEPENDS@" in line: for flavour, archs in signing.flavour_archs: - print(f' linux-image-unsigned-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],') - print(f' linux-buildinfo-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],') + print( + f' linux-image-unsigned-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],' + ) + print( + f' linux-buildinfo-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],' + ) # generate-only build-depends with a profile (activated by parameterise-ancillaries) uci_archs = set() for _, archs in signing.package_flavour_archs("cvm"): @@ -23,24 +35,30 @@ for line in sys.stdin.readlines(): for _, archs in signing.package_flavour_archs("uc"): uci_archs.update(archs) if uci_archs: - print(f' ubuntu-core-initramfs [{" ".join(sorted(uci_archs))}] ,') + print( + f' ubuntu-core-initramfs [{" ".join(sorted(uci_archs))}] ,' + ) print(f" {generate_name} (= {source_version}) ,") for flavour, archs in signing.package_flavour_archs("extra"): # ubuntu-core-initramfs sometime needs extra modules https://bugs.launchpad.net/bugs/2032760 - print(f' linux-modules-extra-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(sorted(archs))}] ,') + print( + f' linux-modules-extra-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(sorted(archs))}] ,' + ) efi_archs = set() for (arch, flavour), (stype, binary) in signing.arch_flavour_data: - if stype == 'efi': + if stype == "efi": efi_archs.update([arch]) if efi_archs: print(f' sbsigntool [{" ".join(sorted(efi_archs))}],') # For HMACs print(f" openssl,") else: - print(line, end='') + print(line, end="") for flavour, archs in signing.package_flavour_archs("image"): - print(dedent(f"""\ + print( + dedent( + f"""\ Package: linux-image-{abi_version}-{flavour} Architecture: {" ".join(archs)} @@ -53,9 +71,13 @@ for flavour, archs in signing.package_flavour_archs("image"): Description: Signed kernel image {flavour} A kernel image for {flavour}. This version of it is signed with Canonical's signing key. - """).rstrip()) + """ + ).rstrip() + ) for flavour, archs in signing.package_flavour_archs("di"): - print(dedent(f"""\ + print( + dedent( + f"""\ Package: kernel-signed-image-{abi_version}-{flavour}-di Package-Type: udeb @@ -68,9 +90,13 @@ for flavour, archs in signing.package_flavour_archs("di"): A kernel image for {flavour}. This version of it is signed with Canonical's UEFI signing key. It is intended for the Debian installer, it does _not_ provide a usable kernel for your full Debian system. - """).rstrip()) + """ + ).rstrip() + ) for flavour, archs in signing.package_flavour_archs("hmac"): - print(dedent(f"""\ + print( + dedent( + f"""\ Package: linux-image-hmac-{abi_version}-{flavour} Build-Profiles: @@ -82,10 +108,14 @@ for flavour, archs in signing.package_flavour_archs("hmac"): Description: HMAC file for linux kernel image {abi_version}-{flavour} This package contains the HMAC file for Linux kernel image for version {abi_version}-{flavour} - """).rstrip()) + """ + ).rstrip() + ) for flavour, archs in signing.package_flavour_archs("cvm"): # Mostly similar to image, but we don't have recommands nor conflicts - print(dedent(f"""\ + print( + dedent( + f"""\ Package: linux-image-{abi_version}-{flavour}-fde Architecture: {" ".join(archs)} @@ -98,14 +128,18 @@ for flavour, archs in signing.package_flavour_archs("cvm"): Description: Signed kernel image {flavour} for CVM A kernel image for {flavour}. This version of it is signed with Canonical's signing key. - """).rstrip()) + """ + ).rstrip() + ) for flavour, archs in signing.package_flavour_archs("uc"): depends = f"linux-modules-{abi_version}-{flavour}" for extra_flavour, extra_archs in signing.package_flavour_archs("extra"): if extra_flavour == flavour: depends += f", linux-modules-extra-{abi_version}-{flavour} [{' '.join(sorted(extra_archs))}]" # Mostly similar to image, but we don't have recommands nor conflicts - print(dedent(f"""\ + print( + dedent( + f"""\ Package: linux-image-uc-{abi_version}-{flavour} Architecture: {" ".join(archs)} @@ -114,11 +148,15 @@ for flavour, archs in signing.package_flavour_archs("uc"): Description: Signed kernel image {flavour} for Ubuntu Core A kernel image for {flavour}. This version of it is signed with Canonical's signing key. - """).rstrip()) + """ + ).rstrip() + ) # XXX: all dbgsym packages _must_ be at the end of debian/control else the # build will hang forever on the builder. for flavour, archs in signing.package_flavour_archs("image"): - print(dedent(f"""\ + print( + dedent( + f"""\ Package: linux-image-{abi_version}-{flavour}-dbgsym Section: devel @@ -126,9 +164,13 @@ for flavour, archs in signing.package_flavour_archs("image"): Depends: linux-image-unsigned-{abi_version}-{flavour}-dbgsym Description: Signed kernel image {flavour} A link to the debugging symbols for the {flavour} signed kernel. - """).rstrip()) + """ + ).rstrip() + ) for flavour, archs in signing.package_flavour_archs("cvm"): - print(dedent(f"""\ + print( + dedent( + f"""\ Package: linux-image-{abi_version}-{flavour}-fde-dbgsym Section: devel @@ -136,4 +178,6 @@ for flavour, archs in signing.package_flavour_archs("cvm"): Depends: linux-image-unsigned-{abi_version}-{flavour}-dbgsym Description: Signed kernel image {flavour} for CVM (debug) A link to the debugging symbols for the {flavour} signed kernel. - """).rstrip()) + """ + ).rstrip() + ) From patchwork Wed Oct 30 13:19:52 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Agathe Porte X-Patchwork-Id: 2004203 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XdnqB3Yz6z1xwK for ; Thu, 31 Oct 2024 00:22:29 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1t68eI-0005vL-0X; Wed, 30 Oct 2024 13:22:10 +0000 Received: from smtp-relay-canonical-0.internal ([10.131.114.83] helo=smtp-relay-canonical-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1t68eD-0005sk-SO for kernel-team@lists.ubuntu.com; Wed, 30 Oct 2024 13:22:05 +0000 Received: from localhost (43-114-103-145.static.glaslokaal.nl [145.103.114.43]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id 9B7DA3F10A; Wed, 30 Oct 2024 13:22:05 +0000 (UTC) From: Agathe Porte To: kernel-team@lists.ubuntu.com Subject: [unstable][PATCH linux-signed v2 5/9] UBUNTU: [Packaging] generate-control: split into functions Date: Wed, 30 Oct 2024 14:19:52 +0100 Message-ID: <20241030132153.482139-6-agathe.porte@canonical.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241030132153.482139-1-agathe.porte@canonical.com> References: <20241030132153.482139-1-agathe.porte@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" Split the full script into functions. This simplifies the understanding of what the script is doing and in which order. Signed-off-by: Agathe Porte --- debian/scripts/generate-control | 356 +++++++++++++++++--------------- 1 file changed, 193 insertions(+), 163 deletions(-) diff --git a/debian/scripts/generate-control b/debian/scripts/generate-control index 2e3e2d7..7f94a54 100755 --- a/debian/scripts/generate-control +++ b/debian/scripts/generate-control @@ -17,167 +17,197 @@ from config import Signing signing = Signing.load("debian/package.config") -for line in sys.stdin.readlines(): - line = line.replace("@SRCPKGNAME@", source_name) - line = line.replace("@SERIES@", series) - if "@DEPENDS@" in line: - for flavour, archs in signing.flavour_archs: - print( - f' linux-image-unsigned-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],' - ) - print( - f' linux-buildinfo-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],' - ) - # generate-only build-depends with a profile (activated by parameterise-ancillaries) - uci_archs = set() - for _, archs in signing.package_flavour_archs("cvm"): - uci_archs.update(archs) - for _, archs in signing.package_flavour_archs("uc"): - uci_archs.update(archs) - if uci_archs: - print( - f' ubuntu-core-initramfs [{" ".join(sorted(uci_archs))}] ,' - ) - print(f" {generate_name} (= {source_version}) ,") - for flavour, archs in signing.package_flavour_archs("extra"): - # ubuntu-core-initramfs sometime needs extra modules https://bugs.launchpad.net/bugs/2032760 - print( - f' linux-modules-extra-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(sorted(archs))}] ,' - ) - efi_archs = set() - for (arch, flavour), (stype, binary) in signing.arch_flavour_data: - if stype == "efi": - efi_archs.update([arch]) - if efi_archs: - print(f' sbsigntool [{" ".join(sorted(efi_archs))}],') - # For HMACs - print(f" openssl,") - else: - print(line, end="") - -for flavour, archs in signing.package_flavour_archs("image"): - print( - dedent( - f"""\ - - Package: linux-image-{abi_version}-{flavour} - Architecture: {" ".join(archs)} - Depends: ${{unsigned:Depends}} - Recommends: ${{unsigned:Recommends}} - Suggests: ${{unsigned:Suggests}} - Conflicts: ${{unsigned:Conflicts}} - Provides: ${{unsigned:Provides}} - Built-Using: {unsigned_name} (= {unsigned_version}) - Description: Signed kernel image {flavour} - A kernel image for {flavour}. This version of it is signed with - Canonical's signing key. - """ - ).rstrip() - ) -for flavour, archs in signing.package_flavour_archs("di"): - print( - dedent( - f"""\ - - Package: kernel-signed-image-{abi_version}-{flavour}-di - Package-Type: udeb - Section: debian-installer - Priority: extra - Provides: kernel-signed-image - Architecture: {" ".join(archs)} - Built-Using: {unsigned_name} (= {unsigned_version}) - Description: Signed kernel image {flavour} for the Debian installer - A kernel image for {flavour}. This version of it is signed with - Canonical's UEFI signing key. It is intended for the Debian installer, - it does _not_ provide a usable kernel for your full Debian system. - """ - ).rstrip() - ) -for flavour, archs in signing.package_flavour_archs("hmac"): - print( - dedent( - f"""\ - - Package: linux-image-hmac-{abi_version}-{flavour} - Build-Profiles: - Architecture: {" ".join(archs)} - Section: kernel - Priority: optional - Depends: ${{misc:Depends}}, ${{shlibs:Depends}}, linux-image-{abi_version}-{flavour} - Suggests: fips-initramfs-generic - Description: HMAC file for linux kernel image {abi_version}-{flavour} - This package contains the HMAC file for Linux kernel image for version - {abi_version}-{flavour} - """ - ).rstrip() - ) -for flavour, archs in signing.package_flavour_archs("cvm"): - # Mostly similar to image, but we don't have recommands nor conflicts - print( - dedent( - f"""\ - - Package: linux-image-{abi_version}-{flavour}-fde - Architecture: {" ".join(archs)} - Depends: ${{unsigned:Depends}} - Recommends: ${{cvm:Recommends}} - Suggests: ${{unsigned:Suggests}} - Conflicts: ${{cvm:Conflicts}} - Provides: ${{unsigned:Provides}} - Built-Using: {unsigned_name} (= {unsigned_version}) - Description: Signed kernel image {flavour} for CVM - A kernel image for {flavour}. This version of it is signed with - Canonical's signing key. - """ - ).rstrip() - ) -for flavour, archs in signing.package_flavour_archs("uc"): - depends = f"linux-modules-{abi_version}-{flavour}" - for extra_flavour, extra_archs in signing.package_flavour_archs("extra"): - if extra_flavour == flavour: - depends += f", linux-modules-extra-{abi_version}-{flavour} [{' '.join(sorted(extra_archs))}]" - # Mostly similar to image, but we don't have recommands nor conflicts - print( - dedent( - f"""\ - - Package: linux-image-uc-{abi_version}-{flavour} - Architecture: {" ".join(archs)} - Depends: {depends} - Built-Using: {unsigned_name} (= {unsigned_version}) - Description: Signed kernel image {flavour} for Ubuntu Core - A kernel image for {flavour}. This version of it is signed with - Canonical's signing key. - """ - ).rstrip() - ) -# XXX: all dbgsym packages _must_ be at the end of debian/control else the -# build will hang forever on the builder. -for flavour, archs in signing.package_flavour_archs("image"): - print( - dedent( - f"""\ - - Package: linux-image-{abi_version}-{flavour}-dbgsym - Section: devel - Architecture: {" ".join(archs)} - Depends: linux-image-unsigned-{abi_version}-{flavour}-dbgsym - Description: Signed kernel image {flavour} - A link to the debugging symbols for the {flavour} signed kernel. - """ - ).rstrip() - ) -for flavour, archs in signing.package_flavour_archs("cvm"): - print( - dedent( - f"""\ - - Package: linux-image-{abi_version}-{flavour}-fde-dbgsym - Section: devel - Architecture: {" ".join(archs)} - Depends: linux-image-unsigned-{abi_version}-{flavour}-dbgsym - Description: Signed kernel image {flavour} for CVM (debug) - A link to the debugging symbols for the {flavour} signed kernel. + +def gen_depends_uci(): + uci_archs = set() + for _, archs in signing.package_flavour_archs("cvm"): + uci_archs.update(archs) + for _, archs in signing.package_flavour_archs("uc"): + uci_archs.update(archs) + if uci_archs: + print( + f' ubuntu-core-initramfs [{" ".join(sorted(uci_archs))}] ,' + ) + + +def gen_depends_efi(): + efi_archs = set() + for (arch, flavour), (stype, binary) in signing.arch_flavour_data: + if stype == "efi": + efi_archs.update([arch]) + if efi_archs: + print(f' sbsigntool [{" ".join(sorted(efi_archs))}],') + + +def gen_depends(): + for flavour, archs in signing.flavour_archs: + print( + f' linux-image-unsigned-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],' + ) + print( + f' linux-buildinfo-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],' + ) + # generate-only build-depends with a profile (activated by parameterise-ancillaries) + gen_depends_uci() + print(f" {generate_name} (= {source_version}) ,") + for flavour, archs in signing.package_flavour_archs("extra"): + # ubuntu-core-initramfs sometime needs extra modules https://bugs.launchpad.net/bugs/2032760 + print( + f' linux-modules-extra-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(sorted(archs))}] ,' + ) + gen_depends_efi() + # For HMACs + print(f" openssl,") + + +def replace_placeholders(): + for line in sys.stdin.readlines(): + line = line.replace("@SRCPKGNAME@", source_name) + line = line.replace("@SERIES@", series) + if "@DEPENDS@" in line: + gen_depends() + else: + print(line, end="") + + +def gen_binpkgs(): + for flavour, archs in signing.package_flavour_archs("image"): + print( + dedent( + f"""\ + + Package: linux-image-{abi_version}-{flavour} + Architecture: {" ".join(archs)} + Depends: ${{unsigned:Depends}} + Recommends: ${{unsigned:Recommends}} + Suggests: ${{unsigned:Suggests}} + Conflicts: ${{unsigned:Conflicts}} + Provides: ${{unsigned:Provides}} + Built-Using: {unsigned_name} (= {unsigned_version}) + Description: Signed kernel image {flavour} + A kernel image for {flavour}. This version of it is signed with + Canonical's signing key. + """ + ).rstrip() + ) + for flavour, archs in signing.package_flavour_archs("di"): + print( + dedent( + f"""\ + + Package: kernel-signed-image-{abi_version}-{flavour}-di + Package-Type: udeb + Section: debian-installer + Priority: extra + Provides: kernel-signed-image + Architecture: {" ".join(archs)} + Built-Using: {unsigned_name} (= {unsigned_version}) + Description: Signed kernel image {flavour} for the Debian installer + A kernel image for {flavour}. This version of it is signed with + Canonical's UEFI signing key. It is intended for the Debian installer, + it does _not_ provide a usable kernel for your full Debian system. """ - ).rstrip() - ) + ).rstrip() + ) + for flavour, archs in signing.package_flavour_archs("hmac"): + print( + dedent( + f"""\ + + Package: linux-image-hmac-{abi_version}-{flavour} + Build-Profiles: + Architecture: {" ".join(archs)} + Section: kernel + Priority: optional + Depends: ${{misc:Depends}}, ${{shlibs:Depends}}, linux-image-{abi_version}-{flavour} + Suggests: fips-initramfs-generic + Description: HMAC file for linux kernel image {abi_version}-{flavour} + This package contains the HMAC file for Linux kernel image for version + {abi_version}-{flavour} + """ + ).rstrip() + ) + for flavour, archs in signing.package_flavour_archs("cvm"): + # Mostly similar to image, but we don't have recommands nor conflicts + print( + dedent( + f"""\ + + Package: linux-image-{abi_version}-{flavour}-fde + Architecture: {" ".join(archs)} + Depends: ${{unsigned:Depends}} + Recommends: ${{cvm:Recommends}} + Suggests: ${{unsigned:Suggests}} + Conflicts: ${{cvm:Conflicts}} + Provides: ${{unsigned:Provides}} + Built-Using: {unsigned_name} (= {unsigned_version}) + Description: Signed kernel image {flavour} for CVM + A kernel image for {flavour}. This version of it is signed with + Canonical's signing key. + """ + ).rstrip() + ) + for flavour, archs in signing.package_flavour_archs("uc"): + depends = f"linux-modules-{abi_version}-{flavour}" + for extra_flavour, extra_archs in signing.package_flavour_archs("extra"): + if extra_flavour == flavour: + depends += f", linux-modules-extra-{abi_version}-{flavour} [{' '.join(sorted(extra_archs))}]" + # Mostly similar to image, but we don't have recommands nor conflicts + print( + dedent( + f"""\ + + Package: linux-image-uc-{abi_version}-{flavour} + Architecture: {" ".join(archs)} + Depends: {depends} + Built-Using: {unsigned_name} (= {unsigned_version}) + Description: Signed kernel image {flavour} for Ubuntu Core + A kernel image for {flavour}. This version of it is signed with + Canonical's signing key. + """ + ).rstrip() + ) + + +def gen_dbgsym_binpkgs(): + for flavour, archs in signing.package_flavour_archs("image"): + print( + dedent( + f"""\ + + Package: linux-image-{abi_version}-{flavour}-dbgsym + Section: devel + Architecture: {" ".join(archs)} + Depends: linux-image-unsigned-{abi_version}-{flavour}-dbgsym + Description: Signed kernel image {flavour} + A link to the debugging symbols for the {flavour} signed kernel. + """ + ).rstrip() + ) + for flavour, archs in signing.package_flavour_archs("cvm"): + print( + dedent( + f"""\ + + Package: linux-image-{abi_version}-{flavour}-fde-dbgsym + Section: devel + Architecture: {" ".join(archs)} + Depends: linux-image-unsigned-{abi_version}-{flavour}-dbgsym + Description: Signed kernel image {flavour} for CVM (debug) + A link to the debugging symbols for the {flavour} signed kernel. + """ + ).rstrip() + ) + + +def main(): + replace_placeholders() + gen_binpkgs() + + # XXX: all dbgsym packages _must_ be at the end of debian/control else the + # build will hang forever on the builder. + gen_dbgsym_binpkgs() + + +if __name__ == "__main__": + main() From patchwork Wed Oct 30 13:19:53 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Agathe Porte X-Patchwork-Id: 2004199 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XdnqB4NtLz1xxw for ; Thu, 31 Oct 2024 00:22:29 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1t68eK-0005xM-9g; Wed, 30 Oct 2024 13:22:12 +0000 Received: from smtp-relay-canonical-0.internal ([10.131.114.83] helo=smtp-relay-canonical-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1t68eE-0005sw-9R for kernel-team@lists.ubuntu.com; Wed, 30 Oct 2024 13:22:06 +0000 Received: from localhost (43-114-103-145.static.glaslokaal.nl [145.103.114.43]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id 14E9A3F10A; Wed, 30 Oct 2024 13:22:06 +0000 (UTC) From: Agathe Porte To: kernel-team@lists.ubuntu.com Subject: [unstable][PATCH linux-signed v2 6/9] UBUNTU: [Packaging] generate-control: use full path to parameterise-ancillaries in comment Date: Wed, 30 Oct 2024 14:19:53 +0100 Message-ID: <20241030132153.482139-7-agathe.porte@canonical.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241030132153.482139-1-agathe.porte@canonical.com> References: <20241030132153.482139-1-agathe.porte@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" To be able to gf the file and not having to search for it. Signed-off-by: Agathe Porte --- debian/scripts/generate-control | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/scripts/generate-control b/debian/scripts/generate-control index 7f94a54..556f327 100755 --- a/debian/scripts/generate-control +++ b/debian/scripts/generate-control @@ -47,7 +47,8 @@ def gen_depends(): print( f' linux-buildinfo-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],' ) - # generate-only build-depends with a profile (activated by parameterise-ancillaries) + # generate-only build-depends with a profile + # (activated by debian/scripts/parameterise-ancillaries) gen_depends_uci() print(f" {generate_name} (= {source_version}) ,") for flavour, archs in signing.package_flavour_archs("extra"): From patchwork Wed Oct 30 13:19:54 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Agathe Porte X-Patchwork-Id: 2004196 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XdnqB3dhGz1xxd for ; Thu, 31 Oct 2024 00:22:29 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1t68eK-0005xi-JC; Wed, 30 Oct 2024 13:22:12 +0000 Received: from smtp-relay-canonical-1.internal ([10.131.114.174] helo=smtp-relay-canonical-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1t68eE-0005t4-Om for kernel-team@lists.ubuntu.com; Wed, 30 Oct 2024 13:22:06 +0000 Received: from localhost (43-114-103-145.static.glaslokaal.nl [145.103.114.43]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id 77F163F3A7; Wed, 30 Oct 2024 13:22:06 +0000 (UTC) From: Agathe Porte To: kernel-team@lists.ubuntu.com Subject: [unstable][PATCH linux-signed v2 7/9] UBUNTU: [Packaging] generate-control: rename to generate_control.py Date: Wed, 30 Oct 2024 14:19:54 +0100 Message-ID: <20241030132153.482139-8-agathe.porte@canonical.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241030132153.482139-1-agathe.porte@canonical.com> References: <20241030132153.482139-1-agathe.porte@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" In order to be able to import the file in test files such as test_gen_control.py for writting unit tests, rename the file so that it now has a valid Python module name. Signed-off-by: Agathe Porte --- debian/rules | 2 +- debian/scripts/{generate-control => generate_control.py} | 0 .../scripts/{generate-control.ref => generate_control.py.ref} | 0 debian/scripts/test-generate-control.sh | 4 ++-- 4 files changed, 3 insertions(+), 3 deletions(-) rename debian/scripts/{generate-control => generate_control.py} (100%) rename debian/scripts/{generate-control.ref => generate_control.py.ref} (100%) diff --git a/debian/rules b/debian/rules index 1d8272a..65666d5 100755 --- a/debian/rules +++ b/debian/rules @@ -21,7 +21,7 @@ unsigned_ver = $(shell echo $(ver) | sed -e 's/+[0-9][0-9]*$$//') # we have no binary files and we will not run the appropriate targets. pre-clean: rm -f debian/control - ./debian/scripts/generate-control $(series) $(src) $(generate_src) $(ver) $(unsigned_src) $(unsigned_ver) $(abi) < debian/control.stub > debian/control + ./debian/scripts/generate_control.py $(series) $(src) $(generate_src) $(ver) $(unsigned_src) $(unsigned_ver) $(abi) < debian/control.stub > debian/control ./debian/scripts/parameterise-ancillaries $(abi) $(generate_src) rm -rf ./$(unsigned_ver) UNSIGNED SIGNED rm -f debian/linux-image-*.install \ diff --git a/debian/scripts/generate-control b/debian/scripts/generate_control.py similarity index 100% rename from debian/scripts/generate-control rename to debian/scripts/generate_control.py diff --git a/debian/scripts/generate-control.ref b/debian/scripts/generate_control.py.ref similarity index 100% rename from debian/scripts/generate-control.ref rename to debian/scripts/generate_control.py.ref diff --git a/debian/scripts/test-generate-control.sh b/debian/scripts/test-generate-control.sh index bca8940..ce042f3 100755 --- a/debian/scripts/test-generate-control.sh +++ b/debian/scripts/test-generate-control.sh @@ -2,9 +2,9 @@ set -eux -REFERENCE_FILE=debian/scripts/generate-control.ref +REFERENCE_FILE=debian/scripts/generate_control.py.ref -debian/scripts/generate-control \ +debian/scripts/generate_control.py \ oracular \ linux-signed \ linux-generate \ From patchwork Wed Oct 30 13:19:55 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Agathe Porte X-Patchwork-Id: 2004205 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XdnqB4lNpz1xy0 for ; Thu, 31 Oct 2024 00:22:29 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1t68eI-0005vY-Au; Wed, 30 Oct 2024 13:22:10 +0000 Received: from smtp-relay-canonical-1.internal ([10.131.114.174] helo=smtp-relay-canonical-1.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1t68eF-0005tY-EK for kernel-team@lists.ubuntu.com; Wed, 30 Oct 2024 13:22:07 +0000 Received: from localhost (43-114-103-145.static.glaslokaal.nl [145.103.114.43]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id 2FB003F3A7; Wed, 30 Oct 2024 13:22:07 +0000 (UTC) From: Agathe Porte To: kernel-team@lists.ubuntu.com Subject: [unstable][PATCH linux-signed v2 8/9] UBUNTU: [Packaging] generate_control.py: pass everything by argument Date: Wed, 30 Oct 2024 14:19:55 +0100 Message-ID: <20241030132153.482139-9-agathe.porte@canonical.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241030132153.482139-1-agathe.porte@canonical.com> References: <20241030132153.482139-1-agathe.porte@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" If we want to be able to write unit tests for this script, first we need to get rid of global variables and pass everything by argument. Signed-off-by: Agathe Porte --- debian/scripts/generate_control.py | 109 ++++++++++++++++------------- 1 file changed, 59 insertions(+), 50 deletions(-) diff --git a/debian/scripts/generate_control.py b/debian/scripts/generate_control.py index 556f327..8e64ff3 100755 --- a/debian/scripts/generate_control.py +++ b/debian/scripts/generate_control.py @@ -1,24 +1,14 @@ #!/usr/bin/python3 -B + +from argparse import ArgumentParser, Namespace import sys from textwrap import dedent from config import Signing -( - series, - source_name, - generate_name, - source_version, - unsigned_name, - unsigned_version, - abi_version, -) = sys.argv[1:] - -signing = Signing.load("debian/package.config") - -def gen_depends_uci(): +def gen_depends_uci(signing: Signing): uci_archs = set() for _, archs in signing.package_flavour_archs("cvm"): uci_archs.update(archs) @@ -30,7 +20,7 @@ def gen_depends_uci(): ) -def gen_depends_efi(): +def gen_depends_efi(signing: Signing): efi_archs = set() for (arch, flavour), (stype, binary) in signing.arch_flavour_data: if stype == "efi": @@ -39,52 +29,52 @@ def gen_depends_efi(): print(f' sbsigntool [{" ".join(sorted(efi_archs))}],') -def gen_depends(): +def gen_depends(signing: Signing, args: Namespace): for flavour, archs in signing.flavour_archs: print( - f' linux-image-unsigned-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],' + f' linux-image-unsigned-{args.abi_version}-{flavour} (= {args.unsigned_version}) [{" ".join(archs)}],' ) print( - f' linux-buildinfo-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(archs)}],' + f' linux-buildinfo-{args.abi_version}-{flavour} (= {args.unsigned_version}) [{" ".join(archs)}],' ) # generate-only build-depends with a profile # (activated by debian/scripts/parameterise-ancillaries) - gen_depends_uci() - print(f" {generate_name} (= {source_version}) ,") + gen_depends_uci(signing) + print(f" {args.generate_name} (= {args.source_version}) ,") for flavour, archs in signing.package_flavour_archs("extra"): # ubuntu-core-initramfs sometime needs extra modules https://bugs.launchpad.net/bugs/2032760 print( - f' linux-modules-extra-{abi_version}-{flavour} (= {unsigned_version}) [{" ".join(sorted(archs))}] ,' + f' linux-modules-extra-{args.abi_version}-{flavour} (= {args.unsigned_version}) [{" ".join(sorted(archs))}] ,' ) - gen_depends_efi() + gen_depends_efi(signing) # For HMACs print(f" openssl,") -def replace_placeholders(): +def replace_placeholders(signing: Signing, args: Namespace): for line in sys.stdin.readlines(): - line = line.replace("@SRCPKGNAME@", source_name) - line = line.replace("@SERIES@", series) + line = line.replace("@SRCPKGNAME@", args.source_name) + line = line.replace("@SERIES@", args.series) if "@DEPENDS@" in line: - gen_depends() + gen_depends(signing, args) else: print(line, end="") -def gen_binpkgs(): +def gen_binpkgs(signing: Signing, args: Namespace): for flavour, archs in signing.package_flavour_archs("image"): print( dedent( f"""\ - Package: linux-image-{abi_version}-{flavour} + Package: linux-image-{args.abi_version}-{flavour} Architecture: {" ".join(archs)} Depends: ${{unsigned:Depends}} Recommends: ${{unsigned:Recommends}} Suggests: ${{unsigned:Suggests}} Conflicts: ${{unsigned:Conflicts}} Provides: ${{unsigned:Provides}} - Built-Using: {unsigned_name} (= {unsigned_version}) + Built-Using: {args.unsigned_name} (= {args.unsigned_version}) Description: Signed kernel image {flavour} A kernel image for {flavour}. This version of it is signed with Canonical's signing key. @@ -96,13 +86,13 @@ def gen_binpkgs(): dedent( f"""\ - Package: kernel-signed-image-{abi_version}-{flavour}-di + Package: kernel-signed-image-{args.abi_version}-{flavour}-di Package-Type: udeb Section: debian-installer Priority: extra Provides: kernel-signed-image Architecture: {" ".join(archs)} - Built-Using: {unsigned_name} (= {unsigned_version}) + Built-Using: {args.unsigned_name} (= {args.unsigned_version}) Description: Signed kernel image {flavour} for the Debian installer A kernel image for {flavour}. This version of it is signed with Canonical's UEFI signing key. It is intended for the Debian installer, @@ -115,16 +105,16 @@ def gen_binpkgs(): dedent( f"""\ - Package: linux-image-hmac-{abi_version}-{flavour} + Package: linux-image-hmac-{args.abi_version}-{flavour} Build-Profiles: Architecture: {" ".join(archs)} Section: kernel Priority: optional - Depends: ${{misc:Depends}}, ${{shlibs:Depends}}, linux-image-{abi_version}-{flavour} + Depends: ${{misc:Depends}}, ${{shlibs:Depends}}, linux-image-{args.abi_version}-{flavour} Suggests: fips-initramfs-generic - Description: HMAC file for linux kernel image {abi_version}-{flavour} + Description: HMAC file for linux kernel image {args.abi_version}-{flavour} This package contains the HMAC file for Linux kernel image for version - {abi_version}-{flavour} + {args.abi_version}-{flavour} """ ).rstrip() ) @@ -134,14 +124,14 @@ def gen_binpkgs(): dedent( f"""\ - Package: linux-image-{abi_version}-{flavour}-fde + Package: linux-image-{args.abi_version}-{flavour}-fde Architecture: {" ".join(archs)} Depends: ${{unsigned:Depends}} Recommends: ${{cvm:Recommends}} Suggests: ${{unsigned:Suggests}} Conflicts: ${{cvm:Conflicts}} Provides: ${{unsigned:Provides}} - Built-Using: {unsigned_name} (= {unsigned_version}) + Built-Using: {args.unsigned_name} (= {args.unsigned_version}) Description: Signed kernel image {flavour} for CVM A kernel image for {flavour}. This version of it is signed with Canonical's signing key. @@ -149,19 +139,19 @@ def gen_binpkgs(): ).rstrip() ) for flavour, archs in signing.package_flavour_archs("uc"): - depends = f"linux-modules-{abi_version}-{flavour}" + depends = f"linux-modules-{args.abi_version}-{flavour}" for extra_flavour, extra_archs in signing.package_flavour_archs("extra"): if extra_flavour == flavour: - depends += f", linux-modules-extra-{abi_version}-{flavour} [{' '.join(sorted(extra_archs))}]" + depends += f", linux-modules-extra-{args.abi_version}-{flavour} [{' '.join(sorted(extra_archs))}]" # Mostly similar to image, but we don't have recommands nor conflicts print( dedent( f"""\ - Package: linux-image-uc-{abi_version}-{flavour} + Package: linux-image-uc-{args.abi_version}-{flavour} Architecture: {" ".join(archs)} Depends: {depends} - Built-Using: {unsigned_name} (= {unsigned_version}) + Built-Using: {args.unsigned_name} (= {args.unsigned_version}) Description: Signed kernel image {flavour} for Ubuntu Core A kernel image for {flavour}. This version of it is signed with Canonical's signing key. @@ -170,16 +160,16 @@ def gen_binpkgs(): ) -def gen_dbgsym_binpkgs(): +def gen_dbgsym_binpkgs(signing: Signing, args: Namespace): for flavour, archs in signing.package_flavour_archs("image"): print( dedent( f"""\ - Package: linux-image-{abi_version}-{flavour}-dbgsym + Package: linux-image-{args.abi_version}-{flavour}-dbgsym Section: devel Architecture: {" ".join(archs)} - Depends: linux-image-unsigned-{abi_version}-{flavour}-dbgsym + Depends: linux-image-unsigned-{args.abi_version}-{flavour}-dbgsym Description: Signed kernel image {flavour} A link to the debugging symbols for the {flavour} signed kernel. """ @@ -190,10 +180,10 @@ def gen_dbgsym_binpkgs(): dedent( f"""\ - Package: linux-image-{abi_version}-{flavour}-fde-dbgsym + Package: linux-image-{args.abi_version}-{flavour}-fde-dbgsym Section: devel Architecture: {" ".join(archs)} - Depends: linux-image-unsigned-{abi_version}-{flavour}-dbgsym + Depends: linux-image-unsigned-{args.abi_version}-{flavour}-dbgsym Description: Signed kernel image {flavour} for CVM (debug) A link to the debugging symbols for the {flavour} signed kernel. """ @@ -201,14 +191,33 @@ def gen_dbgsym_binpkgs(): ) -def main(): - replace_placeholders() - gen_binpkgs() +def main(args: Namespace): + signing = Signing.load("debian/package.config") + + replace_placeholders(signing, args) + gen_binpkgs(signing, args) # XXX: all dbgsym packages _must_ be at the end of debian/control else the # build will hang forever on the builder. - gen_dbgsym_binpkgs() + gen_dbgsym_binpkgs(signing, args) if __name__ == "__main__": - main() + + parser = ArgumentParser( + prog="generate_control.py", + description="generate debian/control file from debian/control.stub", + epilog="pass debian/control.stub as stdin and get debian/control as stdout", + ) + + parser.add_argument("series") + parser.add_argument("source_name") + parser.add_argument("generate_name") + parser.add_argument("source_version") + parser.add_argument("unsigned_name") + parser.add_argument("unsigned_version") + parser.add_argument("abi_version") + + args = parser.parse_args() + + main(args) From patchwork Wed Oct 30 13:19:56 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Agathe Porte X-Patchwork-Id: 2004202 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=185.125.189.65; helo=lists.ubuntu.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=patchwork.ozlabs.org) Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4XdnqB4stxz1xy1 for ; Thu, 31 Oct 2024 00:22:29 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com) by lists.ubuntu.com with esmtp (Exim 4.86_2) (envelope-from ) id 1t68eK-0005y8-Rs; Wed, 30 Oct 2024 13:22:12 +0000 Received: from smtp-relay-canonical-0.internal ([10.131.114.83] helo=smtp-relay-canonical-0.canonical.com) by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1t68eF-0005tv-Vq for kernel-team@lists.ubuntu.com; Wed, 30 Oct 2024 13:22:08 +0000 Received: from localhost (43-114-103-145.static.glaslokaal.nl [145.103.114.43]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-0.canonical.com (Postfix) with ESMTPSA id 9077A3F10A; Wed, 30 Oct 2024 13:22:07 +0000 (UTC) From: Agathe Porte To: kernel-team@lists.ubuntu.com Subject: [unstable][PATCH linux-signed v2 9/9] UBUNTU: [Packaging] introduce test_generate_control.py Date: Wed, 30 Oct 2024 14:19:56 +0100 Message-ID: <20241030132153.482139-10-agathe.porte@canonical.com> X-Mailer: git-send-email 2.45.2 In-Reply-To: <20241030132153.482139-1-agathe.porte@canonical.com> References: <20241030132153.482139-1-agathe.porte@canonical.com> MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" Use pytest to test the full output of the tool, as well as the output of some options. The tests now can be run with: $ python3 -m pytest The bash test script can be dropped, all of the output is now verified in this test file as well. Signed-off-by: Agathe Porte --- debian/scripts/generate_control.py | 6 +- debian/scripts/test-generate-control.sh | 17 ----- ...ontrol.py.ref => test_generate_control.py} | 62 ++++++++++++++++++- 3 files changed, 64 insertions(+), 21 deletions(-) delete mode 100755 debian/scripts/test-generate-control.sh rename debian/scripts/{generate_control.py.ref => test_generate_control.py} (61%) diff --git a/debian/scripts/generate_control.py b/debian/scripts/generate_control.py index 8e64ff3..816f0b0 100755 --- a/debian/scripts/generate_control.py +++ b/debian/scripts/generate_control.py @@ -191,8 +191,7 @@ def gen_dbgsym_binpkgs(signing: Signing, args: Namespace): ) -def main(args: Namespace): - signing = Signing.load("debian/package.config") +def main(signing: Signing, args: Namespace): replace_placeholders(signing, args) gen_binpkgs(signing, args) @@ -219,5 +218,6 @@ if __name__ == "__main__": parser.add_argument("abi_version") args = parser.parse_args() + signing = Signing.load("debian/package.config") - main(args) + main(signing, args) diff --git a/debian/scripts/test-generate-control.sh b/debian/scripts/test-generate-control.sh deleted file mode 100755 index ce042f3..0000000 --- a/debian/scripts/test-generate-control.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/dash - -set -eux - -REFERENCE_FILE=debian/scripts/generate_control.py.ref - -debian/scripts/generate_control.py \ - oracular \ - linux-signed \ - linux-generate \ - 6.11.0-8.8 \ - linux \ - 6.11.0-8.8 6.11.0-8 \ - < debian/control.stub | diff -u "$REFERENCE_FILE" - - -# Use this line instead to refresh the reference values -# < debian/control.stub > "$REFERENCE_FILE" diff --git a/debian/scripts/generate_control.py.ref b/debian/scripts/test_generate_control.py similarity index 61% rename from debian/scripts/generate_control.py.ref rename to debian/scripts/test_generate_control.py index b5f016b..b1bc409 100644 --- a/debian/scripts/generate_control.py.ref +++ b/debian/scripts/test_generate_control.py @@ -1,4 +1,60 @@ -Source: linux-signed +import sys +from argparse import Namespace + +import generate_control +from config import Signing + + +class SigningMock: + def __init__(self): + self.flavour_archs = {} + self.arch_flavour_data = {} + + def package_flavour_archs(self, key): + return self.flavour_archs.get(key, []) + + +def test_gen_depends_uci_none(capfd): + signing = SigningMock() + generate_control.gen_depends_uci(signing) + + out, err = capfd.readouterr() + assert out == "" + + +def test_gen_depends_uci_cvm(capfd): + signing = SigningMock() + signing.flavour_archs["cvm"] = (("", ["amd64"]), ("", ["arm64"])) + generate_control.gen_depends_uci(signing) + + out, err = capfd.readouterr() + assert out == " ubuntu-core-initramfs [amd64 arm64] ,\n" + + +def test_gen_depends_uci_cvm_uc(capfd): + signing = SigningMock() + signing.flavour_archs["cvm"] = (("", ["amd64"]),) + signing.flavour_archs["uc"] = (("", ["arm64"]),) + generate_control.gen_depends_uci(signing) + + out, err = capfd.readouterr() + assert out == " ubuntu-core-initramfs [amd64 arm64] ,\n" + + +def test_main(capfd): + args = Namespace() + args.series = "oracular" + args.source_name = "linux-signed" + args.generate_name = "linux-generate" + args.source_version = "6.11.0-8.8" + args.unsigned_name = "linux" + args.unsigned_version = "6.11.0-8.8" + args.abi_version = "6.11.0-8" + + sys.stdin = open("debian/control.stub") + generate_control.main(Signing.load("debian/package.config"), args) + + expected_output = """Source: linux-signed Section: kernel Priority: optional Maintainer: Canonical Kernel Team @@ -72,3 +128,7 @@ Architecture: arm64 Depends: linux-image-unsigned-6.11.0-8-generic-64k-dbgsym Description: Signed kernel image generic-64k A link to the debugging symbols for the generic-64k signed kernel. +""" + + out, err = capfd.readouterr() + assert out == expected_output