On Ubuntu, /bin/sh is a symlink to /bin/dash by default.
While this is a rare use case, when /bin/sh is a symlink to /bin/bash,
the annotation check fails due to a mismatch of CONFIG_UBUNTU_ODM_DRIVERS.
debian/scripts/misc/arch-has-odm-enabled.sh always fails with bash.
You can see it if you directly execute it.
[with dash]
$ dash debian/scripts/misc/arch-has-odm-enabled.sh amd64
cat: debian/scripts/misc/../../../debian.master/rules.d/hooks.mk: No such file or directory
$ echo $?
0
[with bash]
$ bash debian/scripts/misc/arch-has-odm-enabled.sh amd64
cat: debian/scripts/misc/../../../debian.master/rules.d/hooks.mk: No such file or directory
debian/scripts/misc/arch-has-odm-enabled.sh: line 26: return: can only `return' from a function or sourced script
$ echo $?
2
Bash provides stricter checks, hence the 'return' statement outside
a function leads to an error.
While it is trivial to fix, I wonder if we need this script in the
first place. Its purpose is to make CONFIG_UBUNTU_ODM_DRIVERS a
user-unconfigurable option.
Given debian.*/config/annotations specifying the CONFIG set for each
arch/flavour, why not handle CONFIG_UBUNTU_ODM_DRIVERS just like
other normal CONFIG options? Users are still allow to toggle it from
menuconfig etc., but I do not see a significant issue, as any trouble
comes to users' responsibility when they change CONFIG options by
themselves.
Signed-off-by: Masahiro Yamada <masahiro.yamada@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
linux-buildinfo packages are now externally compared by swm, with
results approving or rejecting updates based on the stable
tracker. Those checks also allow hints and overrides to accept
intentional changes.
Also these are done on the correct pair-wise comparisons, especially
when two streams are being cranked.
The above eliminates the need to identify previous build abi,
download, extract it, vendor it in, and assert it at build time.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1945989
Add a new script responsible for checking if any FIPS relevant commit
was added since the last version. If a new change is found, a
corresponding entry should exist in the justifications file otherwise
the check will fail.
The justifications file is located at "${DEBIAN}/fips.justifications"
and should follow the following format for each commit justification:
<commit short message>
<commit justification>
Signed-off-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
(ported from commit 68d02506ae6b236d7df155cdcaa64456e9153d5e focal)
[magalilemes: added arch/arm64/crypto and lib/crypto/{sha1,aes}.c to
crypto_files; changed the way tag_prefix is set]
Signed-off-by: Magali Lemes <magali.lemes@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2045562
Debian source format 1.0 cannot remove files, create symlinks and change
permission in the .diff.gz tarball. Therefore any changes in these 3
categories cannot be represented without any tricks. To solve this,
the `reconstruct` script is used every time we build the source package.
The script is generated by `gen-auto-reconstruct` script by the `cranky
close`. It checks if there has been any changes in the 3 categories
mentioned above between the upstream version (i.e v6.5) and the current one.
The problem with the script is that in case a file A was removed since the
upstream version was released, the `reconstruct` script will contains
these commands in this exact order:
rm -f A
chmod -x A
The second command will fail because file A does not exist anymore.
This is solved by generating the `chmod +/-x` commands before `rm`.
Which results in:
chmod -x A
rm -f A
But because the reconstruct script is used during `clean` rule which is
triggered pretty much during every cranky step which is run in the
source repo, the first command will always file because file is not
present anymore in the tree. To solve this, any `chmod` change is added
only if the file has not been deleted. Therefore if file A has been
deleted, the `reconstruct` script will contain only this:
rm -f A
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Manuel Diewald <manuel.diewald@canonical.com>
Acked-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/2020531
The '|=' update operator for merging dicts is available starting in
python 3.9 however in focal we have python 3.8, which causes the
annotation parsing script to crash.
Support also the old way of merging dicts available since python 3.5
that uses dict unpacking, e.g. dict1 = {**dict1, **dict2}
Signed-off-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
All kernels and their derivatives have been migrated to the new annotations
scheme by now so clean up the tree and drop the support of the old config
handling.
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Recent kernels don't seem to set KBUILD_VERBOSE anymore, also checking
this variable to determine if we need to enable/disable Ubuntu ODM
drivers does not make any sense, so simply disable this check.
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: http://bugs.launchpad.net/bugs/2015498
Debian source package diffs cannot represent that a file should be
executable.
gen-auto-reconstruct detects the situations where a file has changed
its permissions and restores the execute permissions in the
reconstruct script, assuming the file has always had execute permission.
This does not work in case a file removed the execute permission because
the script will change it back.
The script now adds either `chmod +x` or `chmod -x` based on the actual
permission change.
Signed-off-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Roxana Nicolescu <roxana.nicolescu@canonical.com>
Acked-by: Andrei Gherzan <andrei.gherzan@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Cory Todd <cory.todd@canonical.com>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Move the final-checks script to debian/scripts/checks so that all the
checker scripts are in one place.
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Includes are always parsed recursively, but when we save them (e.g.,
when the annotations file is updated) we should always save only the
top-level includes, without repeating the recursive ones.
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
kconfig: Fix pylint violations
Fix the following:
R0205: Class 'Config' inherits from object, can be safely removed from bases in python3 (useless-object-inheritance)
E1101: Instance of 'Config' has no '_parse' member (no-member)
W0613: Unused argument 'arch' (unused-argument)
W0613: Unused argument 'flavour' (unused-argument)
W1514: Using open without explicitly specifying an encoding (unspecified-encoding)
R0201: Method could be a function (no-self-use)
E1101: Instance of 'Config' has no 'config' member (no-member)
W0707: Consider explicitly re-raising using the 'from' keyword (raise-missing-from)
W0105: String statement has no effect (pointless-string-statement)
W0123: Use of eval (eval-used)
W0102: Dangerous default value [] as argument (dangerous-default-value)
R1723: Unnecessary "elif" after "break" (no-else-break)
R1705: Unnecessary "elif" after "return" (no-else-return)
R1704: Redefining argument with the local name 'arch' (redefined-argument-from-local)
Signed-off-by: Juerg Haefliger <juergh@proton.me>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
FLAVOUR_DEP is used to map flavors from the main annotations file to
flavors from includes. Currently, there is no check that any of the
listed flavors exists or is valid so the resulting behavior is
(probably) undefined/unexpected. Add a sanity check to verify the
FLAVOUR_DEP flavors.
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
When writing the annotations file, separate them into two groups: With
and without a note. Write the group with notes first and separate the
other group with a visual marker.
The idea is that all configs that are set/modified manually should have
an annotation note and putting them at the top of the annotations file
should make it easier to figure out what the config of this kernel is
about.
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Currently, invalid lines are silently ignored, which is not good.
Fix this by raising an exception if the line can't be parsed. While at
it, remove one level of nesting by using if-continue.
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Handle tabs in the annotations file by replacing them with spaces.
While at make the parsing more robust by removing leading and trailing
whitespaces and ignoring empty lines.
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
The logic to determine if policy lines need to be written to the output
file is a little convoluted. Basically, if there is no 'policy' key in
a config, there is nothing to do, so put that check at the beginning of
the loop.
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Fix the following flake8 errors:
- E127 continuation line over-indented for visual indent
- E722 do not use bare 'except'
- E203 whitespace before ':'
- E201 whitespace after '{'
- E202 whitespace before '}'
- E713 test for membership should be 'not in'
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Currently, rules with notes are written out as separate lines, i. e.,
one line for the policy and one line for the note, followed by an
empty line. The parser now supports single line rules so preserve that
style when writting out the rules.
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
The old annotations file allowed single-line rules such as:
CONFIG_FOO policy<'amd64': 'n'> note<LP: #123456>
The new annotations parser doesn't support that, so add it.
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Prevent dropping configs that are undefined across all the supported
architectures in annotations that have includes, because we may want to
use them to override configs imported from other annotations.
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
With the switch to the new annotations-only mechanism and the new
annotations script, the 'editconfigs' target was dropped for some
reason. It's usefull so bring it back.
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
For mainline builds, all checks need to be disabled since failures can't
be tolerated/handled. For that, do_skip_checks is set to 'true' but the
new kernelconfig script doesn't honor that. Fix it.
While at it, add a header comment listing all supported environment
variables.
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
The kernelconfig script evolved over a long time and accumulated quite
some cruft. With the switch to using annotations only, that got even
worse so it's time for a major overhaul. Rather than sending tons of
little patches, just rewrite the whole script and also ensure shellcheck
is happy.
No functional changes intended.
Signed-off-by: Juerg Haefliger <juerg.haefliger@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Sometimes certain config options are removed in new kernels, so when
annotations is updated these options result to be undefined across all
architectures and flavours, in this case it's much more clean to simply
drop them from annotations (considering that the kernel doesn't support
them anymore).
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Do not exit immediately at the first config-check failure, make sure all
arches and flavour are checked and then reports all the failures.
Also clean up a little bit the genconfigs code.
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Mehmet Basaran
Stefan Bader
Manuel Diewald
Magali Lemes
Roxana Nicolescu
Masahiro Yamada
Dimitri John Ledkov
Andrea Righi
Marcelo Henrique Cerri
Juerg Haefliger
Paolo Pisati