[precise/lts-trusty 1/2] UBUNTU: Packaging: Introduce copy-files and local-mangle
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Thu Feb 21 16:59:32 UTC 2019
BugLink: https://bugs.launchpad.net/bugs/1786013
Two new scripts are introduced in order to do some of the copying and mangling
of copies that update-from-*master does.
One of the changes on copy-files compared to update-from-*master is that the -c
option is given to rsync, so it compares checksums of files in order to decide
whether they are different and need an update. That's necessary because
sometimes files will have the same size and their modified time will be whithin
one second or the original file will be older because git checked it out
earlier.
The script is split in two so the copy-files may be shared between different
kernel tress and the very specific changes are done on the local-mangle file,
which is different between trees.
Also, in order to make the copy-files the same one for all trees, some of the
copies and updates are dependent on a local.conf file, which is present only on
those trees where it's needed. The contents of those files are not so easily
generated, so they are not part of update.conf.
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
---
debian.trusty/changelog | 67 +++++++++-------------
debian.trusty/etc/local.conf | 2 +
debian.trusty/scripts/helpers/copy-files | 67 ++++++++++++++++++++++
debian.trusty/scripts/helpers/local-mangle | 36 ++++++++++++
4 files changed, 133 insertions(+), 39 deletions(-)
create mode 100644 debian.trusty/etc/local.conf
create mode 100755 debian.trusty/scripts/helpers/copy-files
create mode 100755 debian.trusty/scripts/helpers/local-mangle
diff --git a/debian.trusty/changelog b/debian.trusty/changelog
index 9b6de3ec0a3d..b2221fa2ea9b 100644
--- a/debian.trusty/changelog
+++ b/debian.trusty/changelog
@@ -1,21 +1,7 @@
linux-lts-trusty (3.13.0-166.216~precise1) precise; urgency=medium
- * linux-lts-trusty: 3.13.0-166.216~precise1 -proposed tracker (LP: #1814646)
-
- * linux-buildinfo: pull out ABI information into its own package
- (LP: #1806380)
- - [Config] resync flavour-control.stub
- - [Config] hooks.mk -- add basic LTS hook configuration
-
- * signing: only install a signed kernel (LP: #1764794)
- - [debian] fix check for the reconstruct file
-
- * Packaging resync (LP: #1786013)
- - [Packaging] update helper scripts
-
- [ Ubuntu: 3.13.0-166.216 ]
-
* linux: 3.13.0-166.216 -proposed tracker (LP: #1814645)
+
* linux-buildinfo: pull out ABI information into its own package
(LP: #1806380)
- [Packaging] limit preparation to linux-libc-dev in headers
@@ -29,6 +15,7 @@ linux-lts-trusty (3.13.0-166.216~precise1) precise; urgency=medium
- [Packaging] getabis -- handle all known package combinations
- [Packaging] getabis -- support parsing a simple version
- [Packaging] autoreconstruct -- base tag is always primary mainline version
+
* signing: only install a signed kernel (LP: #1764794)
- [Debian] usbip tools packaging
- [Debian] Don't fail if a symlink already exists
@@ -66,66 +53,66 @@ linux-lts-trusty (3.13.0-166.216~precise1) precise; urgency=medium
- [debian] do not force do_tools_common
- [Packaging] skip cloud tools packaging when not building package
- [debian] prep linux-libc-dev only if do_libc_dev_package=true
+
* Packaging resync (LP: #1786013)
- [Packaging] update helper scripts
+
* kernel oops in bcache module (LP: #1793901)
- SAUCE: bcache: never writeback a discard operation
+
* iptables connlimit allows more connections than the limit when using
multiple CPUs (LP: #1811094)
- netfilter: connlimit: improve packet-to-closed-connection logic
- netfilter: nf_conncount: fix garbage collection confirm race
- netfilter: nf_conncount: don't skip eviction when age is negative
+
* CVE-2019-6133
- fork: record start_time late
+
* test_095_kernel_symbols_missing_proc_self_stack failed on P-LTS
(LP: #1813001)
- procfs: make /proc/*/{stack, syscall, personality} 0400
- -- Kleber Sacilotto de Souza <kleber.souza at canonical.com> Thu, 14 Feb 2019 14:11:08 +0000
-
-linux-lts-trusty (3.13.0-165.215~precise1) precise; urgency=medium
-
- * linux-lts-trusty: 3.13.0-165.215~precise1 -proposed tracker (LP: #1811857)
-
- * Packaging resync (LP: #1786013)
- - [Packaging] update helper scripts
+ -- Kleber Sacilotto de Souza <kleber.souza at canonical.com> Thu, 07 Feb 2019 11:31:21 +0000
- [ Ubuntu: 3.13.0-165.215 ]
+linux (3.13.0-165.215) trusty; urgency=medium
* linux: 3.13.0-165.215 -proposed tracker (LP: #1811856)
+
* CVE-2018-17972
- proc: restrict kernel stack dumps to root
+
* CVE-2018-18281
- mremap: properly flush TLB before releasing the page
+
* 29d6d30f5c8aa58b04f40a58442df3bcaae5a1d5 in btrfs_kernel_fixes failed on T
(LP: #1809868)
- Btrfs: send, don't send rmdir for same target multiple times
+
* CVE-2018-9568
- net: Set sk_prot_creator when cloning sockets to the right proto
+
* CVE-2018-1066
- cifs: empty TargetInfo leads to crash on recovery
- -- Stefan Bader <stefan.bader at canonical.com> Fri, 18 Jan 2019 18:07:01 +0100
-
-linux-lts-trusty (3.13.0-164.214~precise1) precise; urgency=medium
-
- * linux-lts-trusty: 3.13.0-164.214~precise1 -proposed tracker (LP: #1806429)
-
- * Packaging resync (LP: #1786013)
- - [Packaging] update helper scripts
- - [Packaging] update update.conf
+ -- Khalid Elmously <khalid.elmously at canonical.com> Wed, 16 Jan 2019 06:19:08 +0000
- [ Ubuntu: 3.13.0-164.214 ]
+linux (3.13.0-164.214) trusty; urgency=medium
* linux: 3.13.0-164.214 -proposed tracker (LP: #1806428)
+
* CVE-2018-12896
- posix-timers: Sanitize overrun handling
+
* CVE-2018-16276
- USB: yurex: fix out-of-bounds uaccess in read handler
+
* CVE-2018-10902
- ALSA: rawmidi: Change resized buffers atomically
+
* CVE-2018-18386
- n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD)
+
* CVE-2017-5753
- x86/spectre_v1: Disable compiler optimizations over
array_index_mask_nospec()
@@ -152,21 +139,23 @@ linux-lts-trusty (3.13.0-164.214~precise1) precise; urgency=medium
- fs/quota: Fix spectre gadget in do_quotactl
- misc: hmc6352: fix potential Spectre v1
- tty: vt_ioctl: fix potential Spectre v1
+
* CVE-2018-18710
- cdrom: fix improper type cast, which can leat to information leak.
+
* CVE-2018-18690
- xfs: don't fail when converting shortform attr to long form during
ATTR_REPLACE
+
* CVE-2018-14734
- infiniband: fix a possible use-after-free bug
+
* CVE-2017-2647 // CVE-2017-2647 / CVE-2017-6951
- keys: Guard against null match function in keyring_search_aux()
- -- Kleber Sacilotto de Souza <kleber.souza at canonical.com> Thu, 06 Dec 2018 16:26:39 +0000
-
-linux-lts-trusty (3.13.0-163.213~precise1) precise; urgency=medium
+ -- Khalid Elmously <khalid.elmously at canonical.com> Wed, 05 Dec 2018 06:47:30 +0000
- * linux-lts-trusty: 3.13.0-163.213~precise1 -proposed tracker (LP: #1802772)
+linux (3.13.0-163.213) trusty; urgency=medium
* linux: 3.13.0-163.213 -proposed tracker (LP: #1802769)
@@ -181,7 +170,7 @@ linux-lts-trusty (3.13.0-163.213~precise1) precise; urgency=medium
* Packaging resync (LP: #1786013)
- [Package] add support for specifying the primary makefile
- -- Juerg Haefliger <juergh at canonical.com> Thu, 15 Nov 2018 08:53:52 +0100
+ -- Thadeu Lima de Souza Cascardo <cascardo at canonical.com> Tue, 13 Nov 2018 13:30:30 -0200
linux (3.13.0-162.212) trusty; urgency=medium
diff --git a/debian.trusty/etc/local.conf b/debian.trusty/etc/local.conf
new file mode 100644
index 000000000000..81ef3a7f79cf
--- /dev/null
+++ b/debian.trusty/etc/local.conf
@@ -0,0 +1,2 @@
+SKIP_RULES_D=1
+FOREIGN_ARCHES="x32 arm64 powerpc ppc64el"
diff --git a/debian.trusty/scripts/helpers/copy-files b/debian.trusty/scripts/helpers/copy-files
new file mode 100755
index 000000000000..0ce0afe84578
--- /dev/null
+++ b/debian.trusty/scripts/helpers/copy-files
@@ -0,0 +1,67 @@
+#!/bin/bash -eu
+
+if [ -f debian/debian.env ]; then
+ # shellcheck disable=SC1091
+ . debian/debian.env
+fi
+
+if [ ! -d "${DEBIAN}" ]; then
+ echo You must run this script from the top directory of this repository.
+ exit 1
+fi
+
+CONF="${DEBIAN}"/etc/update.conf
+if [ -f "${CONF}" ]; then
+ # shellcheck disable=SC1090
+ . "${CONF}"
+fi
+
+FOREIGN_ARCHES=""
+LOCAL_CONF="${DEBIAN}/etc/local.conf"
+if [ -f "${LOCAL_CONF}" ]; then
+ # shellcheck disable=SC1090
+ . "${LOCAL_CONF}"
+fi
+
+SKIP_RULES_D=${SKIP_RULES_D:-}
+
+#
+# Pick up any master branch changes to udeb modules or firmware.
+#
+rsync -avc --delete "${DEBIAN_MASTER}/d-i/" "${DEBIAN}/d-i"
+
+#
+# Update configs from master
+#
+rsync -avc --delete "${DEBIAN_MASTER}/config/" "${DEBIAN}/config"
+
+#
+# Update package and DTB settings from master.
+#
+if [ -z "${SKIP_RULES_D}" ] ; then
+ rsync -avc "${DEBIAN_MASTER}/rules.d/"*.mk "${DEBIAN}/rules.d/"
+fi
+
+# Remove the .mk files from the arch's that are not supported
+for i in ${FOREIGN_ARCHES}
+do
+ rm -f "${DEBIAN}/rules.d/${i}.mk"
+ git rm -f --ignore-unmatch "${DEBIAN}/rules.d/${i}.mk" || true
+done
+
+#
+# Update modprobe.d from master
+#
+# Some releases (trusty) don't have this directory, and rsync would fail
+# without this check.
+if [ -d "${DEBIAN}/modprobe.d/" ]; then
+ rsync -avc --delete "${DEBIAN_MASTER}/modprobe.d/" "${DEBIAN}/modprobe.d"
+fi
+
+cp -p "${DEBIAN_MASTER}/control.d/"*.inclusion-list "${DEBIAN}/control.d"
+
+cp -p "${DEBIAN_MASTER}/reconstruct" "${DEBIAN}/reconstruct"
+
+if [ -x "${DEBIAN}/scripts/helpers/local-mangle" ]; then
+ "./${DEBIAN}/scripts/helpers/local-mangle"
+fi
diff --git a/debian.trusty/scripts/helpers/local-mangle b/debian.trusty/scripts/helpers/local-mangle
new file mode 100755
index 000000000000..d9b9c80b1fda
--- /dev/null
+++ b/debian.trusty/scripts/helpers/local-mangle
@@ -0,0 +1,36 @@
+#!/bin/bash -eu
+
+# shellcheck disable=SC1091
+. debian/debian.env
+
+#
+# Make sure signed module enforcement stays off until user space is ready.
+#
+sed -i 's/CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=y/CONFIG_EFI_SECURE_BOOT_SIG_ENFORCE=n/' "${DEBIAN}/config/config.common.ubuntu"
+
+#
+# Build in these 2 modules for arm in order to avoid
+# a missing __aeabi_uldivmod symbol.
+#
+for i in CONFIG_MEGARAID_LEGACY CONFIG_MEGARAID_MAILBOX CONFIG_MEGARAID_MM CONFIG_MEGARAID_NEWGEN CONFIG_MEGARAID_SAS
+do
+ echo "$i=n" >> "${DEBIAN}/config/armhf/config.common.armhf"
+done
+# Drop lowlatency
+sed -i 's/lowlatency//g' "${DEBIAN}/rules.d/"*.mk
+# shellcheck disable=SC2043
+for i in lowlatency
+do
+ find "${DEBIAN}/config" | grep "$i" | xargs rm -f
+ find "${DEBIAN}/control.d" | grep "$i" | xargs rm -f
+done
+# Make sure CONFIG_SECURITY_APPARMOR_AA3_SEMANTICS=n
+sed -i 's/CONFIG_SECURITY_APPARMOR_AA3_SEMANTICS=y/CONFIG_SECURITY_APPARMOR_AA3_SEMANTICS=n/' "${DEBIAN}/config/config."* "${DEBIAN}/config/"*/config.*
+
+# Original update-from-trusty-master did not copy inclusion list files.
+# Now that the new script does, we should remove it, otherwise we start
+# generating linux-modules-extra package, which might break users of a very
+# stable distribution.
+rm -f "${DEBIAN}/control.d/"*.inclusion-list
+
+rm -f "${DEBIAN}/d-i/kernel-versions"
--
2.20.1
More information about the kernel-team
mailing list