lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 19 Jul 2017 10:01:17 +0300
From:   Riku Voipio <riku.voipio@...aro.org>
To:     Paolo Pisati <paolo.pisati@...onical.com>
Cc:     Masahiro Yamada <yamada.masahiro@...ionext.com>,
        Michal Marek <mmarek@...e.com>,
        linux-kbuild <linux-kbuild@...r.kernel.org>,
        Vinícius Tinti <viniciustinti@...il.com>,
        Matthias Kaehlcke <mka@...omium.org>,
        "Luis R . Rodriguez" <mcgrof@...nel.org>,
        LKML <linux-kernel@...r.kernel.org>,
        Jim Davis <jim.epost@...il.com>
Subject: Re: [PATCH] scripts/package: snap-pkg target

On 10 July 2017 at 17:59, Paolo Pisati <paolo.pisati@...onical.com> wrote:
> Following in footsteps of other targets like 'deb-pkg, 'rpm-pkg' and 'tar-pkg',
> this patch adds a 'snap-pkg' target for the creation of a Linux kernel snap
> package using the kbuild infrastructure.
>
> A snap, in its general form, is a self contained, sandboxed, universal package
> and it is intended to work across multiple distributions and/or devices. A snap
> package is distributed as a single compressed squashfs filesystem.
>
> A kernel snap is a snap package carrying the Linux kernel, kernel modules,
> accessory files (DTBs, System.map, etc) and a manifesto file.  The purpose of a
> kernel snap is to carry the Linux kernel during the creation of a system image,
> eg. Ubuntu Core, and it's subsequent upgrades.
>
> For more information on snap packages: https://snapcraft.io/docs/
>
> Signed-off-by: Paolo Pisati <paolo.pisati@...onical.com>
> ---
>  .gitignore                         |  5 +++++
>  scripts/package/Makefile           | 14 ++++++++++++++
>  scripts/package/snapcraft.template | 14 ++++++++++++++
>  3 files changed, 33 insertions(+)
>  create mode 100644 scripts/package/snapcraft.template
>
> diff --git a/.gitignore b/.gitignore
> index 0c39aa2..638c492 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -59,6 +59,11 @@ Module.symvers
>  /debian/
>
>  #
> +# Snap directory (make snap-pkg)
> +#
> +/snap/
> +
> +#
>  # tar directory (make tar*-pkg)
>  #
>  /tar-install/
> diff --git a/scripts/package/Makefile b/scripts/package/Makefile
> index 71b4a8a..a7ea67c 100644
> --- a/scripts/package/Makefile
> +++ b/scripts/package/Makefile
> @@ -99,6 +99,19 @@ bindeb-pkg: FORCE
>
>  clean-dirs += $(objtree)/debian/
>
> +# snap-pkg
> +# ---------------------------------------------------------------------------
> +snap-pkg: FORCE
> +       rm -rf $(objtree)/snap
> +       mkdir $(objtree)/snap
> +       sed "s@...NELRELEASE@$(KERNELRELEASE)@; \
> +               s@...TREE@$(shell realpath $(srctree))@" \
> +               $(srctree)/scripts/package/snapcraft.template > \
> +               $(objtree)/snap/snapcraft.yaml
> +       cd $(objtree)/snap && \
> +       snapcraft --target-arch=$(UTS_MACHINE)
> +
> +clean-dirs += $(objtree)/snap/
>
>  # tarball targets
>  # ---------------------------------------------------------------------------
> @@ -143,6 +156,7 @@ help: FORCE
>         @echo '  binrpm-pkg          - Build only the binary kernel RPM package'
>         @echo '  deb-pkg             - Build both source and binary deb kernel packages'
>         @echo '  bindeb-pkg          - Build only the binary kernel deb package'
> +       @echo '  snap-pkg            - Build only the binary kernel snap package'
>         @echo '  tar-pkg             - Build the kernel as an uncompressed tarball'
>         @echo '  targz-pkg           - Build the kernel as a gzip compressed tarball'
>         @echo '  tarbz2-pkg          - Build the kernel as a bzip2 compressed tarball'
> diff --git a/scripts/package/snapcraft.template b/scripts/package/snapcraft.template
> new file mode 100644
> index 0000000..2e7ffc8
> --- /dev/null
> +++ b/scripts/package/snapcraft.template
> @@ -0,0 +1,14 @@
> +name: kernel
> +version: KERNELRELEASE
> +summary: Linux kernel
> +description: The upstream Linux kernel
> +grade: stable
> +confinement: strict
> +type: kernel
> +
> +parts:
> +  kernel:
> +    plugin: kernel
> +    source: SRCTREE
> +    source-type: git
> +    kconfigfile: SRCTREE/.config

As we see from the above lines, the snapcraft command already has lots
of special code for handling kernels. I think would make more sense to
add support building a kernel source tree into the snapcraft command
itself. Most importantly that would work with older kernel trees,
while this patch above will only work from v4.14+

Maybe add a parameter like "snapcraft --kernel" in current kernel
sourcetree. Or ship a "snapcraft-kernel" command in snapcraft package.

Riku

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ