diff --git a/debian/bin/genorig.py b/debian/bin/genorig.py index 9bf43a34e2..b13e738ac9 100755 --- a/debian/bin/genorig.py +++ b/debian/bin/genorig.py @@ -114,11 +114,7 @@ class Main(object): RuntimeWarning) def tar(self, orig_date): - out = os.path.join("../orig", self.orig_tar) - try: - os.mkdir("../orig") - except OSError: - pass + out = os.path.join("..", self.orig_tar) try: os.stat(out) raise RuntimeError("Destination already exists") @@ -151,11 +147,6 @@ class Main(object): except OSError: pass raise - try: - os.symlink(os.path.join('orig', self.orig_tar), - os.path.join('..', self.orig_tar)) - except OSError: - pass if __name__ == '__main__': diff --git a/debian/changelog b/debian/changelog index 5b13e0c974..c430753c58 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +linux (6.1.153-2) UNRELEASED; urgency=medium + + * d/b/genorig.py, d/rules, d/salsa-ci.yml: Put orig tarballs directly in .. + * d/salsa-ci.yml: Adjust filenames to allow source package name suffix + * d/salsa-ci.yml: Fix cache configuration for build job + * d/salsa-ci.yml: Move orig tarball generation to a separate job again + * d/salsa-ci.yml: Restore lintian checking of source package + + -- Ben Hutchings Sat, 01 Nov 2025 22:50:11 +0100 + linux (6.1.153-1) bookworm-security; urgency=high * New upstream stable update: diff --git a/debian/rules b/debian/rules index f6e291c473..742734ad2c 100755 --- a/debian/rules +++ b/debian/rules @@ -66,20 +66,15 @@ binary-indep: build-indep $(MAKE) -f debian/rules.gen binary-indep DIR_ORIG = ../orig/$(SOURCE)-$(VERSION_UPSTREAM) -TAR_ORIG_NAME = $(SOURCE)_$(VERSION_UPSTREAM).orig.tar.xz -TAR_ORIG = $(firstword $(wildcard ../$(TAR_ORIG_NAME)) $(wildcard ../orig/$(TAR_ORIG_NAME))) +TAR_ORIG = ../$(SOURCE)_$(VERSION_UPSTREAM).orig.tar.xz orig: $(DIR_ORIG) rsync --delete --exclude /debian --exclude .svk --exclude .svn --exclude .git --link-dest=$(DIR_ORIG)/ -a $(DIR_ORIG)/ . QUILT_PATCHES='$(CURDIR)/debian/patches' QUILT_PC=.pc quilt push --quiltrc - -a -q --fuzz=0 -$(DIR_ORIG): -ifeq ($(TAR_ORIG),) - $(error Cannot find orig tarball $(TAR_ORIG_NAME)) -else +$(DIR_ORIG): $(TAR_ORIG) mkdir -p ../orig tar -C ../orig -xaf $(TAR_ORIG) -endif CLEAN_PATTERNS := $(BUILD_DIR) $(STAMPS_DIR) debian/lib/python/debian_linux/*.pyc debian/lib/python/debian_linux/__pycache__ $$(find debian -maxdepth 1 -type d -name 'linux-*') debian/*-modules-*-di* debian/kernel-image-*-di* debian/*-tmp debian/*.substvars diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml index 3ea3fdcda2..fb41228bb0 100644 --- a/debian/salsa-ci.yml +++ b/debian/salsa-ci.yml @@ -18,6 +18,7 @@ variables: # Add stages for signed packages stages: + - provisioning - build - publish - test @@ -25,17 +26,67 @@ stages: - build-signed - test-signed +orig: + stage: provisioning + image: $SALSA_CI_IMAGES_BASE + cache: + key: "orig-${RELEASE}" + paths: + - orig + extends: + - .artifacts-default-expire + except: + variables: + - $CI_COMMIT_TAG != null + script: + # Move orig tarball cache + - | + if [ -d orig ]; then + mv orig/* .. + rmdir orig + fi + + # Install dpkg-parsechangelog and dependencies of genorig.py + - apt-get update + - | + eatmydata apt-get install --no-install-recommends -y \ + dpkg-dev \ + git \ + gpg \ + gpgv \ + python3 \ + python3-debian + + - source=$(dpkg-parsechangelog -SSource) + - version=$(dpkg-parsechangelog -SVersion) + - upstream_version=$(echo $version | sed 's/-[^-]*$//') + + # We could use origtargz to download a tarball fom the archive if + # available or run uscan if not, but uscan is currently + # excessively slow for us (bug #1003251). + - | + if ! [ -f ../${source}_${upstream_version}.orig.tar.xz ]; then + debian/bin/genorig.py https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git + fi + + # Move orig tarballs back to where GitLab wants them + - mkdir orig + - mv ../*.orig.tar.* orig + # Our modified build jobs build: timeout: 3 hours cache: - key: "orig-${RELEASE}" - paths: - - orig - key: "build-${BUILD_ARCH}_${HOST_ARCH}" - paths: - - .ccache + - key: "orig-${RELEASE}" + paths: + - orig + policy: pull + - key: "build-${BUILD_ARCH}_${HOST_ARCH}" + paths: + - .ccache + needs: + - job: orig extends: - .build-definition except: @@ -45,19 +96,19 @@ build: # Do the same as the common .build-definition script - !reference [.build-before-script] - !reference [.build-script-setup-environment] - # Move cache to where genorig.py and orig target want it - - mkdir -p orig - - rm -rf ../orig - - mv orig ../orig - # Install dependencies of gencontrol.py, genorig.py, and debian/rules orig + # Move orig tarball cache + - | + if [ -d orig ]; then + mv orig/* .. + rmdir orig + fi + + # Install dependencies of gencontrol.py and debian/rules orig - apt-get update - | eatmydata apt-get install --no-install-recommends -y \ debhelper \ - git \ - gpg \ - gpgv \ kernel-wedge \ python3 \ python3-debian \ @@ -65,18 +116,11 @@ build: quilt \ rsync + - source=$(dpkg-parsechangelog -SSource) - version=$(dpkg-parsechangelog -SVersion) - upstream_version=$(echo $version | sed 's/-[^-]*$//') - # Merge upstream source. We could use origtargz to download a - # tarball fom the archive if available or run uscan if not, but - # uscan is currently excessively slow for us (bug #1003251). - - | - if [ -f ../orig/linux_${upstream_version}.orig.tar.xz ]; then - ln -s orig/linux_${upstream_version}.orig.tar.xz .. - else - debian/bin/genorig.py https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git - fi + # Merge upstream source - debian/rules orig # Fudge source version and distribution *before* gencontrol.py @@ -97,19 +141,14 @@ build: # Put packed source in artifacts - dpkg-buildpackage -uc -us -S -sa -d - mkdir -p ${WORKING_DIR} - - cp ../orig/linux_${upstream_version}.orig.tar.xz ${WORKING_DIR} - - mv ../linux_${version}.dsc ../linux_${version}.debian.tar.xz ${WORKING_DIR} - - # Move orig tarballs back to where GitLab wants them - - mkdir ${CI_PROJECT_DIR}/orig - - cp -v ${WORKING_DIR}/*.orig.tar.* ${CI_PROJECT_DIR}/orig + - mv ../${source}_${upstream_version}.orig.tar.xz ../${source}_${version}.dsc ../${source}_${version}.debian.tar.xz ../${source}_${version}_source.buildinfo ../${source}_${version}_source.changes ${WORKING_DIR} - chown -R 'salsa-ci:' ${WORKING_DIR} ${CCACHE_DIR} - !reference [.build-script-setup-build-command] - cd ${WORKING_DIR} - - export BUILD_COMMAND="${BUILD_COMMAND} linux_${version}.dsc" + - export BUILD_COMMAND="${BUILD_COMMAND} ${source}_${version}.dsc" - !reference [.build-script-run-build-command] after_script: @@ -237,12 +276,12 @@ sign-code: # Sign the code and build a source package - | "$kernel_team_dir"/scripts/debian-test-sign \ - ${WORKING_DIR}/linux_*_${BUILD_ARCH}.changes \ + ${WORKING_DIR}/linux*_${BUILD_ARCH}.changes \ debian/certs/ci-test-sign/ci-test-sign-key.pem \ debian/certs/ci-test-sign/ci-test-sign.pem artifacts: paths: - - ${WORKING_DIR}/linux-signed-${BUILD_ARCH}_* + - ${WORKING_DIR}/linux-signed*-${BUILD_ARCH}_* needs: - job: build artifacts: true @@ -268,7 +307,7 @@ build-signed: - !reference [.build-script-setup-build-command] - - export BUILD_COMMAND="${BUILD_COMMAND} ${WORKING_DIR}/linux-signed-${BUILD_ARCH}_*.dsc" + - export BUILD_COMMAND="${BUILD_COMMAND} ${WORKING_DIR}/linux-signed*-${BUILD_ARCH}_*.dsc" - !reference [.build-script-run-build-command] after_script: @@ -278,7 +317,7 @@ build-signed: # packages, and (for piuparts) the versioned dependencies produced # by the build job paths: - - ${WORKING_DIR}/linux-signed-${BUILD_ARCH}_* + - ${WORKING_DIR}/linux-signed*-${BUILD_ARCH}_* - ${WORKING_DIR}/linux-headers-*_${BUILD_ARCH}.deb - ${WORKING_DIR}/linux-headers-*-common_*_all.deb - ${WORKING_DIR}/linux-image-*_${BUILD_ARCH}.deb