dak currently allows a binary upload to include debug symbol packages
that don't appear in the overrides file or the Binary field of the
changes file, so long as they have the appropriate
'Auto-Built-Package' field and their name matches another binary
package in the upload plus the '-dbgsym' suffix.
For architectures with code signing enabled, our binary uploads never
match this condition as the corresponding binary package has the
'-unsigned' suffix and the debug symbols package does not. Since we
do list the debug symbol packages in the Binary field, they do get
added to the overrides file when accepted through the NEW queue, but
they are automatically pruned from there some time later. Later
uploads then have to go through NEW even though they are not
introducing new binary packages. This would be a big problem for
stable security updates.
For now, move debug symbols back to the main archive with the old
'-dbg' suffix. Keep them enabled for all architectures.
This reverts commit 99d37f9b16, which
caused most binary uploads to be rejected. dak's allows upload of
debug symbol packages not listed in the Binary field only if there is
a corresponding binary package without the -dbgsym suffix, which is
not the case on architectures where we use a -unsigned suffix.
Any packages listed in debian/control that are not installed in the
main archive will always be seen as NEW. This might be fixable by
archive configuration changes, but for now we'll generate them in a
similar way to debhelper.
Include headers for all architectures that we build a kernel for.
This allows co-installation of per-flavour header packages for
multiple Debian architectures, and fixes the problem of arm64 headers
depending on arm headers that we did not include.
By default dpkg-architecture lets the current environment override the
architecture specified by the -a option. We mustn't let that happen
here as we are considering all architectures. Use the -f option to
force use of our specified architecture.
The current cross-compiler packages don't set the Multi-Arch field, so
specify that the cross-compiler package must be native, rather than any
architecture.
flex doesn't support multi-arch, and this would require splitting it
(#611230, #761449). Force use of the native package for now.
openssl doesn't support multi-arch but probably easily could (#827028).
Force use of the native package for now.
We need the native libssl-dev while building the kernel itself and the
host libssl-dev while building tools for linux-kbuild.
Document the state of cross-building in README.source.
These packages will be taken over by src:linux-signed. Still do
everything but building the packages so we find configuration
errors before building linux-signed.
- Enable it by default
- Disable it for armel/marvell since signature verification is not enabled.
- Disable it for mips and mipsel so linux-signed can be uploaded without
waiting for them to build
- Disable it for all architectures not in the main archive, as linux-signed
won't support them (at least, not initially).
We don't need a variable to control signing of the image, because
we should do that for all flavours that have CONFIG_EFI_STUB=y.
* Drop redundant gitignore.patch from linux-tools
* Rename linux-tools' debian/templates/control.main.in to
debian/templates/control.tools.in
* Combine changelogs, putting all entries for each upstream release
cycle in chronological order
* Combine rules and gencontrol.py code
The linux-grsec source package needs a way to explicitly disable these
binary packages which are already built by the linux source package.
We already do that when there are no actual kernels for the target
architecture. Rename the FOREIGN_KERNEL make variable and combine the
two conditions.
Based on work by Yves-Alexis Perez.
A parallel 'debian/rules build' will now invoke 'debian/rules.real
build' twice in parallel, which is disastrous.
- Add and use proper build-arch and build-indep targets in
debian/rules.gen and debian/rules.real
- Assign a separate temporary directory to each target in
debian/rules.real. Add the directories to .gitignore and
the clean rule.
- Pull installation of the lockdep wrapper (which is indep)
up into debian/rules.real so that we don't end up building
liblockdep twice in parallel.
Currently we don't allow versions like 3.16.7-ckt9-3~deb8u1~bpo7+1 in
*-backports, but we should! Add the security suffix as an option
before the backports suffix.
We also don't check that an upload to *-security or *-lts includes the
expected suffix and nothing else. Add a check for that.
svn path=/dists/trunk/linux/; revision=22539
Unfortunately it is not sufficient to provide virtual packages
that exactly match the ABI name. For example, 'reportbug kernel'
doesn't find the virtual package, and neither do dpkg commands
such as 'dpkg -l linux-image-$(uname -r)'.
svn path=/dists/sid/linux/; revision=22034
* debian/bin/gencontrol.py: Export internal ABI.
* debian/lib/python/debian_linux/debian.py: Export three-part version.
* debian/rules.real
- Provide more variables.
- Make udeb generation easier.
- Use internal ABI for files.
* debian/templates/control.*: Provide name with internal ABI.
* debian/templates/image.plain.*: Use internal ABI.
svn path=/dists/sid/linux/; revision=22017
The filename of the kernel image to be installed, and the stem of the
installed name, varies between architectures, so we define several
different rules to install it for different sets of architectures.
However the basic fact that we need to install this file in /boot does
not.
We also duplicate this name information in gencontrol.py and in
debian/config/{armel,armhf,sh4}/defines (used by buildcheck.py).
To address this:
* Define [image]install-stem and [build]image-file for each architecture
* Copy these settings to make-flags in gencontrol.py
* Copy [image]install-stem to the image-stem template variable in
gencontrol.py
* Replace the per-architecture rules with a single rule using those
make-flags
The per-architecture rules for ARM and PowerPC also installed DTB
and DTS files, respectively. Include those commands in the single
rule with appropriate conditions around them.
svn path=/dists/trunk/linux/; revision=21253