[P/U] [PATCH RESEND 2/4] UBUNTU: [packaging] generate debian/control with correct signed/unsigned
Masahiro Yamada
masahiro.yamada at canonical.com
Tue Feb 18 14:50:47 UTC 2025
The current debian/scripts/control-create creates debian/control with
one of the following configurations:
- all architectures are signed
- all architectures are unsigned
The resulting debian/control depends on the build architecture due to
this inclusion:
-include $(DEBIAN)/rules.d/$(arch).mk
Here, $(arch) expands to the architecture of the build machine.
This includes the definitin of uefi_signed, opal_signed, and sipl_signed
for the build architecture to determine 'any_signed' for all the host
architectures.
If you create debian/control on an x86 machine, you will get this:
Package: linux-image-unsigned-6.14.0-2-generic
Build-Profiles: <!stage1>
Architecture: amd64 armhf arm64 ppc64el s390x
...
This is incorrect because debian.master/rules.d/{amd64,arm64}.mk
define uefi_signed=true and debian.master/rules.d/s390x.mk defines
sipl_signed=true, while the others do not define *_signed flags at all.
The correct debian/control should be structured as follows:
Package: linux-image-unsigned-6.14.0-2-generic
Build-Profiles: <!stage1>
Architecture: amd64 arm64 s390x
...
Package: linux-image-6.14.0-2-generic
Build-Profiles: <!stage1>
Architecture: armhf ppc64el
...
To address this issue, rewrite debian/scripts/control-create to produce
correct debian/control.
Signed-off-by: Masahiro Yamada <masahiro.yamada at canonical.com>
---
debian/rules | 18 +---
debian/scripts/control-create | 159 +++++++++++++++++++++++-----------
2 files changed, 111 insertions(+), 66 deletions(-)
diff --git a/debian/rules b/debian/rules
index ade26dd751eb..965773d5dc80 100755
--- a/debian/rules
+++ b/debian/rules
@@ -184,27 +184,15 @@ $(DEBIAN)/control.stub: \
debian/control.d/flavour-module.stub \
$(DEBIAN)/changelog \
$(wildcard $(DEBIAN)/control.d/*)
- for i in $(control_files); do \
- cat $$i; \
- echo ""; \
- done | sed -e 's/PKGVER/$(DEB_VERSION_UPSTREAM)/g' \
+ debian/scripts/control-create $(DEB_SOURCE) | \
+ sed -e 's/PKGVER/$(DEB_VERSION_UPSTREAM)/g' \
-e 's/ABINUM/$(abinum)/g' \
-e 's/SRCPKGNAME/$(DEB_SOURCE)/g' \
-e 's/=HUMAN=/$(human_arch)/g' \
-e 's/=SERIES=/$(DEB_DISTRIBUTION)/g' \
-e 's|\(^Maintainer:.*\)|\1\nXSC-Ubuntu-Compatible-Signing: $(UBUNTU_COMPATIBLE_SIGNING)|g' \
-e 's/\(^Build-Depends:$$\)/\1\n$(GCC_BUILD_DEPENDS)/g' \
- > $(DEBIAN)/control.stub;
- flavours="$(sort $(wildcard $(DEBIAN)/control.d/vars.*))";\
- for i in $$flavours; do \
- $(SHELL) debian/scripts/control-create $$i "$(any_signed)" | \
- sed -e 's/PKGVER/$(DEB_VERSION_UPSTREAM)/g' \
- -e 's/ABINUM/$(abinum)/g' \
- -e 's/SRCPKGNAME/$(DEB_SOURCE)/g' \
- -e 's/=HUMAN=/$(human_arch)/g' \
- -e 's/=SERIES=/$(DEB_DISTRIBUTION)/g' \
- >> $(DEBIAN)/control.stub; \
- done
+ > $(DEBIAN)/control.stub
.PHONY: debian/control
debian/control: $(DEBIAN)/control.stub
diff --git a/debian/scripts/control-create b/debian/scripts/control-create
index 92aa3d9e3f25..527471d85b72 100755
--- a/debian/scripts/control-create
+++ b/debian/scripts/control-create
@@ -1,62 +1,119 @@
#!/bin/bash
+set -e
+shopt -s nullglob
+
+DEB_SOURCE=$1
+
. debian/debian.env
-vars=$1
-any_signed=$2
-
-. $vars
-
-[ "$provides" != '' ] && provides="$provides, "
-
-flavour=$(basename $vars | sed 's/.*\.//')
-stub="${DEBIAN}/control.d/flavour-signed-control.stub ${DEBIAN}/control.d/flavour-control.stub debian/control.d/flavour-buildinfo.stub"
-if [ "$any_signed" = 'true' ]; then
- sign_me_pkg="-unsigned"
- sign_me_txt=" unsigned"
- sign_peer_pkg=""
-else
- sign_me_pkg=""
- sign_me_txt=""
- sign_peer_pkg="-unsigned"
+if [ -z "${DEBIAN}" ]; then
+ echo "DEBIAN is empty" >&2
+ exit 1
fi
-cat $stub | grep -v '^#' | sed \
- -e "s#FLAVOUR#$flavour#g" \
- -e "s#DESC#$desc#g" \
- -e "s#ARCH#$arch#g" \
- -e "s#SUPPORTED#$supported#g" \
- -e "s#TARGET#$target#g" \
- -e "s#BOOTLOADER#$bootloader#g" \
- -e "s#=PROVIDES=#$provides#g" \
- -e "s#=CONFLICTS=#$conflicts#g" \
- -e "s#=SIGN-ME-PKG=#$sign_me_pkg#g" \
- -e "s#=SIGN-ME-TXT=#$sign_me_txt#g" \
- -e "s#=SIGN-PEER-PKG=#$sign_peer_pkg#g"
+gen_common () {
+ cat "${DEBIAN}/control.stub.in"
+ echo ""
-while read package version extras
-do
- module="$package"
- module_type=
+ if [ "${DEB_SOURCE}" = linux ]; then
+ cat debian/control.d/linux-libc-dev.stub
+ echo ""
+ fi
+}
- # Module arch parameters are skipped here, so a package section will
- # be generated for each flavour, and its Architecture will be set to
- # all architectures with that flavour. Even that is being generated,
- # it doesn't follow all of them will be built. That's to work-around
- # dkms_exclude/dkms_include that manipulates supported architectures
- # in $(DEBIAN)/rules.d/$(arch).mk.
- for param in $extras; do
- case "$param" in
- modulename=*) module="${param#modulename=}" ;;
- type=*) module_type="${param#type=}" ;;
- *) continue ;;
- esac
+gen_per_flavour () {
+ local arch bootloader conflicts desc flavour provides supported target
+ local sed_common_patterns signed_arch unsigned_arch
+
+ var=$1
+
+ flavour=${var##*.}
+
+ . "${var}"
+
+ if [ "$provides" != '' ]; then
+ provides+=", "
+ fi
+
+ for a in ${arch}
+ do
+ # This is a makefile, so grepping...
+ if grep -q -E '(uefi|opal|sipl)_signed[[:space:]]*=[[:space:]]*true' "${DEBIAN}/rules.d/${a}.mk"; then
+ signed_arch+=("${a}")
+ else
+ unsigned_arch+=("${a}")
+ fi
done
- [ "$module_type" = "standalone" ] || continue
+ sed_common_patterns=(
+ -e "/^#/d"
+ -e "s/BOOTLOADER/${bootloader}/g"
+ -e "s/=CONFLICTS=/${conflicts}/g"
+ -e "s/DESC/${desc}/g"
+ -e "s/FLAVOUR/${flavour}/g"
+ -e "s/=PROVIDES=/${provides}/g"
+ -e "s/SUPPORTED/${supported}/g"
+ -e "s/TARGET/${target}/g"
+ )
- cat debian/control.d/flavour-module.stub | grep -v '^#' | sed \
- -e "s#ARCH#$arch#g" \
- -e "s#MODULE#$module#g" \
- -e "s#FLAVOUR#$flavour#g"
-done <"${DEBIAN}/dkms-versions"
+ if [ "${#signed_arch[@]}" != 0 ]; then
+ sed "${sed_common_patterns[@]}" \
+ -e "s/ARCH/${signed_arch[*]}/g" \
+ -e "s/=SIGN-ME-PKG=/-unsigned/g" \
+ -e "s/=SIGN-ME-TXT=/ unsigned/g" \
+ -e "s/=SIGN-PEER-PKG=//g" \
+ "${DEBIAN}/control.d/flavour-signed-control.stub"
+ fi
+
+ if [ "${#unsigned_arch[@]}" != 0 ]; then
+ sed "${sed_common_patterns[@]}" \
+ -e "s/ARCH/${unsigned_arch[*]}/g" \
+ -e "s/=SIGN-ME-PKG=//g" \
+ -e "s/=SIGN-ME-TXT=//g" \
+ -e "s/=SIGN-PEER-PKG=/-unsigned/g" \
+ "${DEBIAN}/control.d/flavour-signed-control.stub"
+ fi
+
+ sed "${sed_common_patterns[@]}" \
+ -e "s/ARCH/${arch}/g" \
+ "${DEBIAN}/control.d/flavour-control.stub"
+
+ sed "${sed_common_patterns[@]}" \
+ -e "s/ARCH/${arch}/g" \
+ "debian/control.d/flavour-buildinfo.stub"
+
+ while read -r package version extras
+ do
+ module="$package"
+ module_type=
+
+ # Module arch parameters are skipped here, so a package section will
+ # be generated for each flavour, and its Architecture will be set to
+ # all architectures with that flavour. Even that is being generated,
+ # it doesn't follow all of them will be built. That's to work-around
+ # dkms_exclude/dkms_include that manipulates supported architectures
+ # in $(DEBIAN)/rules.d/$(arch).mk.
+ for param in $extras; do
+ case "$param" in
+ modulename=*) module="${param#modulename=}" ;;
+ type=*) module_type="${param#type=}" ;;
+ *) continue ;;
+ esac
+ done
+
+ [ "$module_type" = "standalone" ] || continue
+
+ sed "${sed_common_patterns[@]}" \
+ -e "s/ARCH/${arch}/g" \
+ -e "s/MODULE/${module}/g" \
+ debian/control.d/flavour-module.stub
+ done < "${DEBIAN}/dkms-versions"
+}
+
+gen_common
+
+for v in "${DEBIAN}"/control.d/vars.*
+do
+ gen_per_flavour "${v}"
+done
--
2.43.0
More information about the kernel-team
mailing list