kgess-mirror/debian-linux
1
0
Fork 0
mirror of https://salsa.debian.org/kernel-team/linux.git synced 2026-01-16 23:12:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'ci-update-6.1' into 'debian/6.1/bookworm'

Browse source 
CI: Backport source package handling changes to 6.1

See merge request kernel-team/linux!1698
This commit is contained in:
Salvatore Bonaccorso 2025-11-02 10:07:27 +01:00
commit 554255d05c
4 changed files with 86 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
debian/bin/genorig.py vendored
View file

@ -114,11 +114,7 @@ class Main(object):
RuntimeWarning)
def tar(self, orig_date):
out = os.path.join("../orig", self.orig_tar)
try:
os.mkdir("../orig")
except OSError:
pass
out = os.path.join("..", self.orig_tar)
try:
os.stat(out)
raise RuntimeError("Destination already exists")
@ -151,11 +147,6 @@ class Main(object):
except OSError:
pass
raise
try:
os.symlink(os.path.join('orig', self.orig_tar),
os.path.join('..', self.orig_tar))
except OSError:
pass
if __name__ == '__main__':

10
debian/changelog vendored
View file

@ -1,3 +1,13 @@
linux (6.1.153-2) UNRELEASED; urgency=medium
* d/b/genorig.py, d/rules, d/salsa-ci.yml: Put orig tarballs directly in ..
* d/salsa-ci.yml: Adjust filenames to allow source package name suffix
* d/salsa-ci.yml: Fix cache configuration for build job
* d/salsa-ci.yml: Move orig tarball generation to a separate job again
* d/salsa-ci.yml: Restore lintian checking of source package
-- Ben Hutchings <benh@debian.org> Sat, 01 Nov 2025 22:50:11 +0100
linux (6.1.153-1) bookworm-security; urgency=high
* New upstream stable update:

9
debian/rules vendored
View file

@ -66,20 +66,15 @@ binary-indep: build-indep
$(MAKE) -f debian/rules.gen binary-indep
DIR_ORIG = ../orig/$(SOURCE)-$(VERSION_UPSTREAM)
TAR_ORIG_NAME = $(SOURCE)_$(VERSION_UPSTREAM).orig.tar.xz
TAR_ORIG = $(firstword $(wildcard ../$(TAR_ORIG_NAME)) $(wildcard ../orig/$(TAR_ORIG_NAME)))
TAR_ORIG = ../$(SOURCE)_$(VERSION_UPSTREAM).orig.tar.xz
orig: $(DIR_ORIG)
rsync --delete --exclude /debian --exclude .svk --exclude .svn --exclude .git --link-dest=$(DIR_ORIG)/ -a $(DIR_ORIG)/ .
QUILT_PATCHES='$(CURDIR)/debian/patches' QUILT_PC=.pc quilt push --quiltrc - -a -q --fuzz=0
$(DIR_ORIG):
ifeq ($(TAR_ORIG),)
$(error Cannot find orig tarball $(TAR_ORIG_NAME))
else
$(DIR_ORIG): $(TAR_ORIG)
mkdir -p ../orig
tar -C ../orig -xaf $(TAR_ORIG)
endif
CLEAN_PATTERNS := $(BUILD_DIR) $(STAMPS_DIR) debian/lib/python/debian_linux/*.pyc debian/lib/python/debian_linux/__pycache__ $$(find debian -maxdepth 1 -type d -name 'linux-*') debian/*-modules-*-di* debian/kernel-image-*-di* debian/*-tmp debian/*.substvars

107
debian/salsa-ci.yml vendored
View file

@ -18,6 +18,7 @@ variables:
# Add stages for signed packages
stages:
- provisioning
- build
- publish
- test
@ -25,17 +26,67 @@ stages:
- build-signed
- test-signed
orig:
stage: provisioning
image: $SALSA_CI_IMAGES_BASE
cache:
key: "orig-${RELEASE}"
paths:
- orig
extends:
- .artifacts-default-expire
except:
variables:
- $CI_COMMIT_TAG != null
script:
# Move orig tarball cache
- |
if [ -d orig ]; then
mv orig/* ..
rmdir orig
fi
# Install dpkg-parsechangelog and dependencies of genorig.py
- apt-get update
- |
eatmydata apt-get install --no-install-recommends -y \
dpkg-dev \
git \
gpg \
gpgv \
python3 \
python3-debian
- source=$(dpkg-parsechangelog -SSource)
- version=$(dpkg-parsechangelog -SVersion)
- upstream_version=$(echo $version | sed 's/-[^-]*$//')
# We could use origtargz to download a tarball fom the archive if
# available or run uscan if not, but uscan is currently
# excessively slow for us (bug #1003251).
- |
if ! [ -f ../${source}_${upstream_version}.orig.tar.xz ]; then
debian/bin/genorig.py https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
fi
# Move orig tarballs back to where GitLab wants them
- mkdir orig
- mv ../*.orig.tar.* orig
# Our modified build jobs
build:
timeout: 3 hours
cache:
key: "orig-${RELEASE}"
paths:
- orig
key: "build-${BUILD_ARCH}_${HOST_ARCH}"
paths:
- .ccache
- key: "orig-${RELEASE}"
paths:
- orig
policy: pull
- key: "build-${BUILD_ARCH}_${HOST_ARCH}"
paths:
- .ccache
needs:
- job: orig
extends:
- .build-definition
except:
@ -45,19 +96,19 @@ build:
# Do the same as the common .build-definition script
- !reference [.build-before-script]
- !reference [.build-script-setup-environment]
# Move cache to where genorig.py and orig target want it
- mkdir -p orig
- rm -rf ../orig
- mv orig ../orig
# Install dependencies of gencontrol.py, genorig.py, and debian/rules orig
# Move orig tarball cache
- |
if [ -d orig ]; then
mv orig/* ..
rmdir orig
fi
# Install dependencies of gencontrol.py and debian/rules orig
- apt-get update
- |
eatmydata apt-get install --no-install-recommends -y \
debhelper \
git \
gpg \
gpgv \
kernel-wedge \
python3 \
python3-debian \
@ -65,18 +116,11 @@ build:
quilt \
rsync
- source=$(dpkg-parsechangelog -SSource)
- version=$(dpkg-parsechangelog -SVersion)
- upstream_version=$(echo $version | sed 's/-[^-]*$//')
# Merge upstream source. We could use origtargz to download a
# tarball fom the archive if available or run uscan if not, but
# uscan is currently excessively slow for us (bug #1003251).
- |
if [ -f ../orig/linux_${upstream_version}.orig.tar.xz ]; then
ln -s orig/linux_${upstream_version}.orig.tar.xz ..
else
debian/bin/genorig.py https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
fi
# Merge upstream source
- debian/rules orig
# Fudge source version and distribution *before* gencontrol.py
@ -97,19 +141,14 @@ build:
# Put packed source in artifacts
- dpkg-buildpackage -uc -us -S -sa -d
- mkdir -p ${WORKING_DIR}
- cp ../orig/linux_${upstream_version}.orig.tar.xz ${WORKING_DIR}
- mv ../linux_${version}.dsc ../linux_${version}.debian.tar.xz ${WORKING_DIR}
# Move orig tarballs back to where GitLab wants them
- mkdir ${CI_PROJECT_DIR}/orig
- cp -v ${WORKING_DIR}/*.orig.tar.* ${CI_PROJECT_DIR}/orig
- mv ../${source}_${upstream_version}.orig.tar.xz ../${source}_${version}.dsc ../${source}_${version}.debian.tar.xz ../${source}_${version}_source.buildinfo ../${source}_${version}_source.changes ${WORKING_DIR}
- chown -R 'salsa-ci:' ${WORKING_DIR} ${CCACHE_DIR}
- !reference [.build-script-setup-build-command]
- cd ${WORKING_DIR}
- export BUILD_COMMAND="${BUILD_COMMAND} linux_${version}.dsc"
- export BUILD_COMMAND="${BUILD_COMMAND} ${source}_${version}.dsc"
- !reference [.build-script-run-build-command]
after_script:
@ -237,12 +276,12 @@ sign-code:
# Sign the code and build a source package
- |
"$kernel_team_dir"/scripts/debian-test-sign \
${WORKING_DIR}/linux_*_${BUILD_ARCH}.changes \
${WORKING_DIR}/linux*_${BUILD_ARCH}.changes \
debian/certs/ci-test-sign/ci-test-sign-key.pem \
debian/certs/ci-test-sign/ci-test-sign.pem
artifacts:
paths:
- ${WORKING_DIR}/linux-signed-${BUILD_ARCH}_*
- ${WORKING_DIR}/linux-signed*-${BUILD_ARCH}_*
needs:
- job: build
artifacts: true
@ -268,7 +307,7 @@ build-signed:
- !reference [.build-script-setup-build-command]
- export BUILD_COMMAND="${BUILD_COMMAND} ${WORKING_DIR}/linux-signed-${BUILD_ARCH}_*.dsc"
- export BUILD_COMMAND="${BUILD_COMMAND} ${WORKING_DIR}/linux-signed*-${BUILD_ARCH}_*.dsc"
- !reference [.build-script-run-build-command]
after_script:
@ -278,7 +317,7 @@ build-signed:
# packages, and (for piuparts) the versioned dependencies produced
# by the build job
paths:
- ${WORKING_DIR}/linux-signed-${BUILD_ARCH}_*
- ${WORKING_DIR}/linux-signed*-${BUILD_ARCH}_*
- ${WORKING_DIR}/linux-headers-*_${BUILD_ARCH}.deb
- ${WORKING_DIR}/linux-headers-*-common_*_all.deb
- ${WORKING_DIR}/linux-image-*_${BUILD_ARCH}.deb