From 4899f5039c2e25fc38e1e44ed14598cc7385f679 Mon Sep 17 00:00:00 2001 From: Bastian Blank Date: Thu, 20 Aug 2020 10:17:41 +0200 Subject: [PATCH 1/4] Factor out installer modules disable flag --- debian/bin/gencontrol.py | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) diff --git a/debian/bin/gencontrol.py b/debian/bin/gencontrol.py index 5469300ab..e66a38a9b 100755 --- a/debian/bin/gencontrol.py +++ b/debian/bin/gencontrol.py @@ -58,6 +58,10 @@ class Gencontrol(Base): } } + env_flags = [ + ('DEBIAN_KERNEL_DISABLE_INSTALLER', 'disable_installer', 'installer modules'), + ] + def __init__(self, config_dirs=["debian/config"], template_dirs=["debian/templates"]): super(Gencontrol, self).__init__( @@ -67,6 +71,17 @@ class Gencontrol(Base): self.process_changelog() self.config_dirs = config_dirs + for env, attr, desc in self.env_flags: + setattr(self, attr, False) + if os.getenv(env): + if self.changelog[0].distribution == 'UNRELEASED': + import warnings + warnings.warn(f'Disable {desc} on request ({env} set)') + setattr(self, attr, True) + else: + raise RuntimeError( + 'Unable to disable {desc} in release build ({env} set)') + def _setup_makeflags(self, names, makeflags, data): for src, dst, optional in names: if src in data or not optional: @@ -93,16 +108,7 @@ class Gencontrol(Base): self.installer_packages = {} - if os.getenv('DEBIAN_KERNEL_DISABLE_INSTALLER'): - if self.changelog[0].distribution == 'UNRELEASED': - import warnings - warnings.warn('Disable installer modules on request ' - '(DEBIAN_KERNEL_DISABLE_INSTALLER set)') - else: - raise RuntimeError( - 'Unable to disable installer modules in release build ' - '(DEBIAN_KERNEL_DISABLE_INSTALLER set)') - elif self.config.merge('packages').get('installer', True): + if not self.disable_installer and self.config.merge('packages').get('installer', True): # Add udebs using kernel-wedge kw_env = os.environ.copy() kw_env['KW_DEFCONFIG_DIR'] = 'debian/installer' From 413fadb4aa9230214b845df4b98b3399dce923ef Mon Sep 17 00:00:00 2001 From: Bastian Blank Date: Thu, 20 Aug 2020 10:19:15 +0200 Subject: [PATCH 2/4] Factor out debug info disable flag --- debian/bin/gencontrol.py | 14 ++------------ 1 file changed, 2 insertions(+), 12 deletions(-) diff --git a/debian/bin/gencontrol.py b/debian/bin/gencontrol.py index e66a38a9b..93b27ddf1 100755 --- a/debian/bin/gencontrol.py +++ b/debian/bin/gencontrol.py @@ -59,6 +59,7 @@ class Gencontrol(Base): } env_flags = [ + ('DEBIAN_KERNEL_DISABLE_DEBUG', 'disable_debug', 'debug infos'), ('DEBIAN_KERNEL_DISABLE_INSTALLER', 'disable_installer', 'installer modules'), ] @@ -487,18 +488,7 @@ class Gencontrol(Base): build_debug = config_entry_build.get('debug-info') - if os.getenv('DEBIAN_KERNEL_DISABLE_DEBUG'): - if self.changelog[0].distribution == 'UNRELEASED': - import warnings - warnings.warn('Disable debug infos on request ' - '(DEBIAN_KERNEL_DISABLE_DEBUG set)') - build_debug = False - else: - raise RuntimeError( - 'Unable to disable debug infos in release build ' - '(DEBIAN_KERNEL_DISABLE_DEBUG set)') - - if build_debug: + if not self.disable_debug: makeflags['DEBUG'] = True packages_own.extend(self.process_packages( self.templates['control.image-dbg'], vars)) From 57f0533e9ad9704bfd063e9e175ce9b7e11699c4 Mon Sep 17 00:00:00 2001 From: Bastian Blank Date: Thu, 20 Aug 2020 10:22:25 +0200 Subject: [PATCH 3/4] Add flag to disable signed code --- debian/bin/gencontrol.py | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/debian/bin/gencontrol.py b/debian/bin/gencontrol.py index 93b27ddf1..df289e07b 100755 --- a/debian/bin/gencontrol.py +++ b/debian/bin/gencontrol.py @@ -61,6 +61,7 @@ class Gencontrol(Base): env_flags = [ ('DEBIAN_KERNEL_DISABLE_DEBUG', 'disable_debug', 'debug infos'), ('DEBIAN_KERNEL_DISABLE_INSTALLER', 'disable_installer', 'installer modules'), + ('DEBIAN_KERNEL_DISABLE_SIGNED', 'disable_signed', 'signed code'), ] def __init__(self, config_dirs=["debian/config"], @@ -139,8 +140,11 @@ class Gencontrol(Base): # configuration errors before building linux-signed. build_signed = {} for arch in arches: - build_signed[arch] = self.config.merge('build', arch) \ - .get('signed-code', False) + if not self.disable_signed: + build_signed[arch] = self.config.merge('build', arch) \ + .get('signed-code', False) + else: + build_signed[arch] = False for package in udeb_packages: # kernel-wedge currently chokes on Build-Profiles so add it now @@ -253,8 +257,11 @@ class Gencontrol(Base): makeflags['ABINAME'] = vars['abiname'] = \ self.abiname_version + abiname_part - build_signed = self.config.merge('build', arch) \ - .get('signed-code', False) + if not self.disable_signed: + build_signed = self.config.merge('build', arch) \ + .get('signed-code', False) + else: + build_signed = False # Some userland architectures require kernels from another # (Debian) architecture, e.g. x32/amd64. @@ -464,7 +471,10 @@ class Gencontrol(Base): packages_own = [] - build_signed = config_entry_build.get('signed-code') + if not self.disable_signed: + build_signed = config_entry_build.get('signed-code') + else: + build_signed = False image = self.templates[build_signed and "control.image-unsigned" or "control.image"] From 0fdf2513b6bf70da85aae603157de9e88994ca40 Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Thu, 27 Aug 2020 20:28:36 +0200 Subject: [PATCH 4/4] debian/tests/python: pycodestyle: Increase max-line-length to 100 Set the maximum allowed line length to 100 as the default of 79 is too limiting small. Raising the allowed line length to 100 seems acceptable enough. This addresses autopkgtest failure for the python test since the refactoring changes for debian/bin/gencontrol.py to factor out the siable flags for installer modules, debug info and signed code. Fixes: 9b82c45d67dc ("Factor out installer modules disable flag") Fixes: 5a2d988f8612 ("Factor out debug info disable flag") Fixes: 710b1f5b6d8c ("Add flag to disable signed code") Signed-off-by: Salvatore Bonaccorso --- debian/changelog | 1 + debian/tests/python | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 9557df4ed..6358f0fa1 100644 --- a/debian/changelog +++ b/debian/changelog @@ -733,6 +733,7 @@ linux (4.19.143-1) UNRELEASED; urgency=medium (CVE-2020-15780) * [rt] Update to 4.19.142-rt63 * net/packet: fix overflow in tpacket_rcv (CVE-2020-14386) + * debian/tests/python: pycodestyle: Increase max-line-length to 100. -- Salvatore Bonaccorso Tue, 04 Aug 2020 16:33:40 +0200 diff --git a/debian/tests/python b/debian/tests/python index 3f1f8c7e8..c743f21ef 100755 --- a/debian/tests/python +++ b/debian/tests/python @@ -22,7 +22,7 @@ sources="$AUTOPKGTEST_TMP/sources" echo "I: Running pycodestyle..." # Ignore E126,E226,W503 (ignored by default) and also E127,W291 which # give false positives. -if ! xargs pycodestyle --ignore E126,E127,E226,W291,W503 < "$sources"; then +if ! xargs pycodestyle --max-line-length=100 --ignore E126,E127,E226,W291,W503 < "$sources"; then # pycodestyle only writes to stdout echo >&2 "E: pycodestyle detected problems" fi