Move debug symbols back to the main archive
dak currently allows a binary upload to include debug symbol packages that don't appear in the overrides file or the Binary field of the changes file, so long as they have the appropriate 'Auto-Built-Package' field and their name matches another binary package in the upload plus the '-dbgsym' suffix. For architectures with code signing enabled, our binary uploads never match this condition as the corresponding binary package has the '-unsigned' suffix and the debug symbols package does not. Since we do list the debug symbol packages in the Binary field, they do get added to the overrides file when accepted through the NEW queue, but they are automatically pruned from there some time later. Later uploads then have to go through NEW even though they are not introducing new binary packages. This would be a big problem for stable security updates. For now, move debug symbols back to the main archive with the old '-dbg' suffix. Keep them enabled for all architectures.
This commit is contained in:
Ben Hutchings
parent
6ef03e0be7
commit
b4b1be4c52
|
|
@ -499,7 +499,7 @@ class Gencontrol(Base):
|
||||||
'debian/%s.%s' % (image_main['Package'], name))
|
'debian/%s.%s' % (image_main['Package'], name))
|
||||||
if build_debug:
|
if build_debug:
|
||||||
self._substitute_file('image-dbg.lintian-override', vars,
|
self._substitute_file('image-dbg.lintian-override', vars,
|
||||||
'debian/linux-image-%s%s-dbgsym.lintian-overrides' %
|
'debian/linux-image-%s%s-dbg.lintian-overrides' %
|
||||||
(vars['abiname'], vars['localversion']))
|
(vars['abiname'], vars['localversion']))
|
||||||
|
|
||||||
def process_changelog(self):
|
def process_changelog(self):
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,8 @@ linux (4.9.18-2) UNRELEASED; urgency=medium
|
||||||
* [mips*/octeon] Set NR_CPUS=64 to allow for Cavium CN7890
|
* [mips*/octeon] Set NR_CPUS=64 to allow for Cavium CN7890
|
||||||
* [arm64] Set NR_CPUS=256 to allow for multi-SoC systems
|
* [arm64] Set NR_CPUS=256 to allow for multi-SoC systems
|
||||||
* [powerpc/powerpc-smp,powerpcspe] Explicitly set NR_CPUS=4
|
* [powerpc/powerpc-smp,powerpcspe] Explicitly set NR_CPUS=4
|
||||||
|
* Move debug symbols back to the main archive, to avoid problems with the
|
||||||
|
current handling in dak
|
||||||
|
|
||||||
[ Salvatore Bonaccorso ]
|
[ Salvatore Bonaccorso ]
|
||||||
* ping: implement proper locking (CVE-2017-2671)
|
* ping: implement proper locking (CVE-2017-2671)
|
||||||
|
|
|
||||||
|
|
@ -453,7 +453,7 @@ install-image_$(ARCH)_$(FEATURESET)_$(FLAVOUR)_bug:
|
||||||
printf "RELEASE='$(REAL_VERSION)'\nDISTRIBUTOR='$(DISTRIBUTOR)'\nSOURCEVERSION='$(SOURCEVERSION)'\nPACKAGE_NAME='$(PACKAGE_NAME)'\nPACKAGE_VERSION='$(SOURCEVERSION)'" > $(PACKAGE_DIR)/usr/share/bug/$(PACKAGE_NAME)/info
|
printf "RELEASE='$(REAL_VERSION)'\nDISTRIBUTOR='$(DISTRIBUTOR)'\nSOURCEVERSION='$(SOURCEVERSION)'\nPACKAGE_NAME='$(PACKAGE_NAME)'\nPACKAGE_VERSION='$(SOURCEVERSION)'" > $(PACKAGE_DIR)/usr/share/bug/$(PACKAGE_NAME)/info
|
||||||
|
|
||||||
install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): REAL_VERSION = $(ABINAME)$(LOCALVERSION)
|
install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): REAL_VERSION = $(ABINAME)$(LOCALVERSION)
|
||||||
install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): PACKAGE_NAME = linux-image-$(REAL_VERSION)-dbgsym
|
install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): PACKAGE_NAME = linux-image-$(REAL_VERSION)-dbg
|
||||||
install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): PACKAGE_DIR = debian/$(PACKAGE_NAME)
|
install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): PACKAGE_DIR = debian/$(PACKAGE_NAME)
|
||||||
install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): DEBUG_DIR = $(PACKAGE_DIR)/usr/lib/debug
|
install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): DEBUG_DIR = $(PACKAGE_DIR)/usr/lib/debug
|
||||||
install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): DIR = $(BUILD_DIR)/build_$(ARCH)_$(FEATURESET)_$(FLAVOUR)
|
install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): DIR = $(BUILD_DIR)/build_$(ARCH)_$(FEATURESET)_$(FLAVOUR)
|
||||||
|
|
@ -485,7 +485,7 @@ endif
|
||||||
ln -s boot/vmlinux-$(REAL_VERSION) $(DEBUG_DIR)/
|
ln -s boot/vmlinux-$(REAL_VERSION) $(DEBUG_DIR)/
|
||||||
mkdir -p $(DEBUG_DIR)/lib/modules/$(REAL_VERSION)
|
mkdir -p $(DEBUG_DIR)/lib/modules/$(REAL_VERSION)
|
||||||
ln -s ../../../boot/vmlinux-$(REAL_VERSION) $(DEBUG_DIR)/lib/modules/$(REAL_VERSION)/vmlinux
|
ln -s ../../../boot/vmlinux-$(REAL_VERSION) $(DEBUG_DIR)/lib/modules/$(REAL_VERSION)/vmlinux
|
||||||
+$(MAKE_SELF) install-base GENCONTROL_ARGS='-DAuto-Built-Package=debug-symbols'
|
+$(MAKE_SELF) install-base
|
||||||
|
|
||||||
install-udeb_$(ARCH): export KW_DEFCONFIG_DIR=debian/installer
|
install-udeb_$(ARCH): export KW_DEFCONFIG_DIR=debian/installer
|
||||||
install-udeb_$(ARCH): export KW_CONFIG_DIR=debian/installer/$(ARCH)
|
install-udeb_$(ARCH): export KW_CONFIG_DIR=debian/installer/$(ARCH)
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
Package: linux-image-@abiname@@localversion@-dbgsym
|
Package: linux-image-@abiname@@localversion@-dbg
|
||||||
Build-Profiles: <!stage1>
|
Build-Profiles: <!stage1>
|
||||||
Depends: ${misc:Depends}
|
Depends: ${misc:Depends}
|
||||||
Section: debug
|
Section: debug
|
||||||
Priority: extra
|
Priority: extra
|
||||||
Description: Debug symbols for linux-image-@abiname@@localversion@
|
Description: Debug symbols for linux-image-@abiname@@localversion@
|
||||||
|
This package provides the detached debug symbols for the Linux kernel
|
||||||
|
and modules in linux-image-@abiname@@localversion@.
|
||||||
|
|
|
||||||
|
|
@ -1,2 +1,2 @@
|
||||||
# Kernel dbg packages contain a full image with debug data
|
# Kernel dbg packages contain a full image with debug data
|
||||||
linux-image-@abiname@@localversion@-dbgsym: dbg-package-missing-depends
|
linux-image-@abiname@@localversion@-dbg: dbg-package-missing-depends
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue