[UNSTABLE][PATCH 2/2] UBUNTU: [Packaging] add uscan watch file with GPG verification
Masahiro Yamada
masahiro.yamada at canonical.com
Mon Feb 19 04:26:10 UTC 2024
On Wed, Feb 14, 2024 at 2:09 PM Masahiro Yamada
<masahiro.yamada at canonical.com> wrote:
>
> On Wed, Feb 14, 2024 at 11:49 AM Dimitri John Ledkov
> <dimitri.ledkov at canonical.com> wrote:
> >
> >
> >
> > On Wed, 14 Feb 2024, 02:35 Masahiro Yamada, <masahiro.yamada at canonical.com> wrote:
> >>
> >> On Wed, Feb 7, 2024 at 11:02 AM Dimitri John Ledkov
> >> <dimitri.ledkov at canonical.com> wrote:
> >> >
> >> > Reuse upstream released original kernel tarballs and verify GPG
> >> > signature of them against the local copy of greg's key.
> >> >
> >> > This should make `uscan --download-current-version` work against
> >> > released kernels, in a reproducible manner. This should also enforce
> >> > that all our released kernels reuse the kernel.org published orig
> >> > tarball.
> >> >
> >> > One caveat is that tripple integer version number is preserved (as in
> >> > 6.7.0) whereas on kernel.org the tarballs are actually published as
> >> > two integers only (as in 6.7). Although I seem to recall everything in
> >> > the world breaks when one changes kernel version to not be three
> >> > numbers long.
> >>
> >>
> >>
> >> Presumably, this is related, but I do not understand
> >> why I can download 6.7.0, but not 6.7.1 ?
> >
> >
> > Although we don't use the .n releases, the mangling of versions can be fixed up to work correctly for point tarballs too. Because yes that would be very convenient.
>
>
> I slightly tweaked uversionmangle.
>
>
> uversionmangle=s%^([0-9]*\.[0-9]*)$%\\1.0%
>
>
> With this,
>
> uscan --download-version 6.7.1
>
> and
>
> uscan --download-version 6.7.0
>
> worked.
Ignoring the minute, better to merge it.
Acked-by: Masahiro Yamada <masahiro.yamada at canonical.com>
>
>
>
> > Also I wonder if in the future we could fetch the point release diff, apply that, then generate our delta patch. Because that would show the real deal. And preserve using the same orig tarball without exploding mirror storage.
>
>
> Yes, this is my preference, and I asked in MM a couple of times,
> although I did not get agreement.
>
> https://chat.canonical.com/canonical/pl/uwzq86aqptgepdize8q3h8bz5a
>
>
>
>
> >
> >
> >>
> >>
> >> masahiro at zoe:~/canonical/noble/linux$ uscan --download-version 6.7.0
> >> Newest version of linux-unstable on remote site is 6.7.0, specified
> >> download version is 6.7.0
> >> gpgv: Signature made Mon 08 Jan 2024 02:47:49 PM JST
> >> gpgv: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
> >> gpgv: Good signature from "Greg Kroah-Hartman <gregkh at linuxfoundation.org>"
> >> gpgv: aka "Greg Kroah-Hartman <gregkh at kernel.org>"
> >> gpgv: aka "Greg Kroah-Hartman (Linux kernel stable
> >> release signing key) <greg at kroah.com>"
> >> Leaving ../linux-unstable_6.7.0.orig.tar.xz where it is.
> >>
> >> masahiro at zoe:~/canonical/noble/linux$ uscan --download-version 6.7.1
> >> uscan warn: In debian/watch no matching hrefs for version 6.7.1 in watch line
> >> https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-(?:[-_]?v?(\d[\-+\.:\~\da-zA-Z]*))(?i)(?:\.(?:tar\.xz|tar\.bz2|tar\.gz|tar\.zstd?|zip|tgz|tbz|txz))
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>
> >> > ---
> >> > debian/upstream/signing-key.asc | 78 +++++++++++++++++++++++++++++++++
> >> > debian/watch | 3 ++
> >> > 2 files changed, 81 insertions(+)
> >> > create mode 100644 debian/upstream/signing-key.asc
> >> > create mode 100644 debian/watch
> >> >
> >> > diff --git a/debian/upstream/signing-key.asc b/debian/upstream/signing-key.asc
> >> > new file mode 100644
> >> > index 0000000000..5e3addc4ac
> >> > --- /dev/null
> >> > +++ b/debian/upstream/signing-key.asc
> >> > @@ -0,0 +1,78 @@
> >> > +-----BEGIN PGP PUBLIC KEY BLOCK-----
> >> > +
> >> > +mQINBE58tdUBEADY5iQsoL4k8l06dNt+uP2lH8IPi14M51/tOHsW1ZNc8Iok0stH
> >> > ++uA8w0LpN97UgNhsvXFEkIK2JjLalasUTiUoIeeTshD9t+ekFBx5a9SbLCFlBrDS
> >> > +TwfieK2xalzomoL22N5ztj1XbdLWh6NRM6kKMeYvgAGo8p884WJk4pPIJK6G0wEw
> >> > +e9/TG6ilRSLOtxyaF9yZ+FC1eOA1S47Ld2K25Y5GsQF5agwi7nES+9tVVBZp97kB
> >> > +8IOvELeiSiY0xFXi60yfwIlK6x9dfcxsx5nCyrp2qdqQiPiMD0EJMiuA6wymoi5W
> >> > +XtmfCpweTB8TvW8Y8uqrwYApzmDleBDTIDP0vCY1o9eftJcWWMkRKC9c7Ziy4nT6
> >> > +TzmVkNXgqC8/BuOQbpU7I/1VCMoa6e+2a8jrgy5to4dGgu6xQ6jTxWbvgDeB6Hct
> >> > +WGqf8f9s5lSpH8D8OZLDOXKolqnBd5YrJr0Qmpq4cCcIqwNCMbURtsTpbW/EdWl+
> >> > +AKwnStXXLI5O6Hg+m4c3O8ZwbzcnAOgTJePm2Xoi71t9SbAZZx1/W7p6/57UGrXR
> >> > +Q4WfiwpOPD0siF33yO2L7G7Gmm4zh8ieX8aS8guqfWFhuSsDta77F2FB9ozD9WN0
> >> > +Z5tJowiy3Z1VkxvZjZH8IbcB05yBBBV47BJxrPnSuDT+w45yNTqZ6m4VYwARAQAB
> >> > +tC9HcmVnIEtyb2FoLUhhcnRtYW4gPGdyZWdraEBsaW51eGZvdW5kYXRpb24ub3Jn
> >> > +PokCTgQTAQgAOBYhBGR/KGVIlOO9RXGZvjjbvchgkmk+BQJaHvQRAhsDBQsJCAcC
> >> > +BhUICQoLAgQWAgMBAh4BAheAAAoJEDjbvchgkmk+3/8P+gJ85fYDzXoy47y90FFi
> >> > +PJqqtkZhf/VPMP5YOJzxCnGVh0CUwC2fGFV6SIU5V78Ede+gArocYq+LpTV4nJz5
> >> > +SJZZxNBzuEW8t42juF6GZ9uB5SNlqYHUjWbM0bLpl1gut3pe9yJ7mQ2DaZUMYlav
> >> > +D7sOAiKw/5pCyFLvY9a6ZJmp8QmPUU8Fb9kbbudxfjxgDrAwuVlnGU/I8YIZOHhX
> >> > +s1hjBNagZCWcxawktDLPylifNOL5UtNuoLJRjsUVatAEjp+g1Xq2A8/t/mfi5K1p
> >> > +juQaEr5fVzqhkPqt7UQbT1QuZghStYJ5QRunaYT1trvBXmrXKzebBKk85+nlh58g
> >> > +fRNTyEt2eflNkU1XpFtNcCWo6rke/PZjtHb1CivHD/GhyogeGBfRAMRfmfNDZRZw
> >> > +e5V+EBNI+RUexscvhVyTp0XhxgXdGy9KpSpWbuwGaQ+q9mVLrYRlNn1k3dnYaWxD
> >> > +nk0x7xGCE59dd6vpckcD6t/SXujRwT4b0Ypw1jy3Ve3h8OTB5sP5SBpCA33DoQs9
> >> > +ONbgtL3nX3XST7frXxBkfCD7D58gGCvFvZYAEd1MDGj3250UnBHUPGeVp7/+t/wH
> >> > +MJ/E3rvb45RGYadd736i0vnJStPIae4M/bVG5qddRjU6mcpir5qYHAIrDz6QwWWF
> >> > +2BvR7vqYKa36TGX7TORxuyfotCZHcmVnIEtyb2FoLUhhcnRtYW4gPGdyZWdraEBr
> >> > +ZXJuZWwub3JnPokCTgQTAQgAOBYhBGR/KGVIlOO9RXGZvjjbvchgkmk+BQJaHvNA
> >> > +AhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEDjbvchgkmk+TLEQAJ1Ux/6n
> >> > +//f2jEVBdWb13qYFBBxKJMNeTU9yPMedQAAhrt68IU1Bt8+/nmZLm1iXWOvPQ019
> >> > +21i3HBxANnbTqEYYYWnQJJyROiyTuwY7HWlguQXlkxLa1mahVuFee6DHO+O8IGU8
> >> > +IM+PHdEL08e629sIluu3WGmNXXJ307j47UBu3QFA67YQ7YBmChl7AHBcSpKSplgN
> >> > +82tbAYtrm5ywYHM5uMFhmbw/DJpzLdFsnzRT9E7PKhH+q1MyPojGT4Oytj3D1QZr
> >> > +hp8yZ+Zp8TQnleXeBczLfpQPduzurqVomZpWwIZLHCgBJRWmz7/M0kTDIndQle9L
> >> > +VcJtJqasrRmgL3NsKrYYBw+jHnBe2hp8aq6W3DVaUmkSdshran9ZCaLCpxt62NAg
> >> > +UkI/eg1sSljo1aeXmF33ymYIpxavW5CGUYKlqYRLUT7en6t/mFiYCwPD22KOdLSf
> >> > +svVG+pr4UNsfSZdIF+W9/FLW7HJVZGMIldsrGFv4lOtqiXdbRafMtylYw/mU+xhu
> >> > +9+NslRRrbi1TlWS/BH7ULYu9zKahApf1DFRcrx0PyvtlFleoDZa88uIbmcUO8GzZ
> >> > +XEhejTv9vNnbmjgvYsRywFcJPkJ/TObfasvvSU9GZn6aU36Y7GYSUGjD1anLiUpr
> >> > +0FKkruymqBdXHaXGJ44GZ8Hhd5ZMTavwEX7BtE1HcmVnIEtyb2FoLUhhcnRtYW4g
> >> > +KExpbnV4IGtlcm5lbCBzdGFibGUgcmVsZWFzZSBzaWduaW5nIGtleSkgPGdyZWdA
> >> > +a3JvYWguY29tPokCOAQTAQIAIgUCTny11QIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC
> >> > +HgECF4AACgkQONu9yGCSaT5fXBAAx2NfTb1IZ59eV3PKtqNG0qwQdq/62oSqNKlv
> >> > +lp/JzkeynjeJ7ic1IOs/CTTv2+xoPkLNcNhOPz7uem/4aa/my9A0AEp5UsF6Lvdo
> >> > +/Hy7Jxc++0EgW//TyvWcU9qd5qS/85VZf8I5pL9TZtHVwfIfLME+G8hkQx0+CWRJ
> >> > +loLFG48lwi8khp+TsCRYv1tQei7G22xAY5s+53TssaC1MXyQT7aJBGhwnbspY2Ia
> >> > +RMzsrX0msZn+Fn5WlxxMDxUmUACFMyKGJ+1F6VY01nWolT3G1udOnpee66qXHJo6
> >> > +XnzkNhzeH8Vf3sMe0sXx8YkN682g1NFaa+el0SDcXZvB91pFkWnQaQSfac5gI4Ki
> >> > +ShxAqePAH6Og+a/fhs5XdyYw0SN50O+yaSnqEDl7JkByXVKJiVVihDuEe5JZXkoI
> >> > +O/eTN6uceF89ZQiO/dFn0Kcqc4vL7uuI6FDMRZK7mY7bjFxFW1VjspcxhT1NdR7S
> >> > +FNrK8Glzd5FS67oTwSNB3CzkJ3ON/kOJ8JSxFEt1ZTc2ZpQujrFyTtbksWm3Yy63
> >> > +kbpwxRoR6xgaGwtx0SdkkWDCcA+2GZymCjk5FFQkAhoEk0tu/n5fvHS7TTZui9a2
> >> > +HMsyqmgTJzeU0eQJDgmb/ahzW0VgjHtABaJr40Q83M9upkZdHFXSZb7UHFYkAdH1
> >> > +OxdvSFW5Ag0ETny11QEQALIiIb/niWy6M6GfBMt/2EBWpLuE+FYVeUQGpGhXD2rU
> >> > +hOo9UpoxBD/Y5mc5OaJsVL3fySYQldVFOaT7Pu0J1N5FXIBckgtbT3eg+TGD9WIf
> >> > +Jy6ZpWjBKf6K4frwTwRpLBKqZhcA/78KzxFHeRHjV4cEVZVNoRtVqLYuTlbdlkH6
> >> > +G2YxgCioxAfqvsGjsg2ES7Xl6xz3uaBH1DFX7S2LXHkDHnloWOTaDRe/4h2VnFHf
> >> > +76xsJCgt2seJp91kI8bhuR7CUrO5mkRMhnp/z9v6vc2qcMv8EMK62FiBaqENaKg5
> >> > +6ag8Icujar1YwXG7oYhOuYiWxqGpJUwg5+h/HeYw5Q8ue0UwHPCUZR14pzQCKxag
> >> > +RMibiufOlS6URbCcBG44ddFAt2vqqopIo069moxfqt6OGig59cYv7PSMfHX25dV0
> >> > +1Ns+2R1eo7qiktkV+3CSSs/dUArcTxyovuadIAUaZAJ3XqsS3FGzZsPYMYNM9faZ
> >> > +qOfF6mmGmCZRJMMESWuWjc8ZnVAv4luyD18vlsr/J9rO0t28s4PJyqJGozEXLBLt
> >> > +saCVihxBHMY7QK/pC0jRniLpeniDDHY875TIiG3nrmtR84nnW9WNOG6tuaIcB6hD
> >> > +/DmSr72rRoNEpCa/eT7XiCOymGHS5gWR+94R1+J1rQZbd1T8gSq/nQQluJII7oz7
> >> > +ABEBAAGJAjYEGAECAAkFAk58tdUCGwwAIQkQONu9yGCSaT4WIQRkfyhlSJTjvUVx
> >> > +mb44273IYJJpPjBTEAC+6nWLKuUdxyHZEd/GmYVEFg07C2akTEkHL4pTMNnpGMxN
> >> > +McVvDdiuSRcDVwxChsXa9PGc1mzkHYje7ayn8APUx4XEP8x7m15tlyMlMEfwMF8o
> >> > +xHAXBfd9sfhfsxwsPpdgwgTPtWjR7exPMJWpkzbs2Y9muFYePTktAiWIt5S7Jfni
> >> > +9jAvrqGW8+40+ESwi5ptUZhiFVZ3hlp+FwjRXcsZj8onAFmrimqXNU8QsyTFy8Ia
> >> > +GLX0YN4XfVnz2mW6BXTbTuQiMVv7XXuhfgV7OW7UEalwL2zXZl32uHLcrMurAKjE
> >> > +CBtku8LBoZ8QsNKKQ8mCkE6+mHWBMClfXX/trb+R85hgRT6G2epObiTnqROuWVFf
> >> > +4IKDFDZpnXdx1oW0dPMA6edgk0SNdLQKUTLEhdeegufCNy4txNNVveQ0fssChH/H
> >> > +UmZtHWieEg4H9HAUlxRPf+aUkW1dRpwYJJIKkK0vQd7BTRivS4vk3HnWLuk0bhpw
> >> > +gk214rPU8zJphksRNVj9641nUD/PJo0qztj9IJtrmrjI6YNz+yRIpRB8/vJDwqJT
> >> > +q1SZ5YBp+pS40j3jozRFGwqfGZziC5ZfK9RbB2un4ABh/NyRlTiAYhFVYpK8boJM
> >> > +oOzQe1nlbVwDf6Wty6voekrLOTnu4Y5GpY4Wq5AREyzShd0cpznDnmyjOIKWVA==
> >> > +=Xuim
> >> > +-----END PGP PUBLIC KEY BLOCK-----
> >> > diff --git a/debian/watch b/debian/watch
> >> > new file mode 100644
> >> > index 0000000000..ac0e235e69
> >> > --- /dev/null
> >> > +++ b/debian/watch
> >> > @@ -0,0 +1,3 @@
> >> > +version=4
> >> > +opts="uversionmangle=s%$%.0%,pgpsigurlmangle=s%@ARCHIVE_EXT@$%.tar.sign%,decompress" \
> >> > +https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-@ANY_VERSION@@ARCHIVE_EXT@
> >> > --
> >> > 2.34.1
> >> >
More information about the kernel-team
mailing list