lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Zo-Khw3jf-hSdD2S@fjasle.eu>
Date: Thu, 11 Jul 2024 09:32:23 +0200
From: Nicolas Schier <nicolas@...sle.eu>
To: Thomas Weißschuh <linux@...ssschuh.net>
Cc: Masahiro Yamada <masahiroy@...nel.org>,
 Nathan Chancellor <nathan@...nel.org>,
 "Jan Alexander Steffens (heftig)" <heftig@...hlinux.org>,
 linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org
Subject: Re: [PATCH v4] kbuild: add script and target to generate pacman
 package

Sorry, I sent my last mail to quickly.  Three things below:

On Wed, Jul 10, 2024 at 09:32:28PM +0200 Thomas Weißschuh wrote:
> pacman is the package manager used by Arch Linux and its derivates.
> Creating native packages from the kernel tree has multiple advantages:
> 
> * The package triggers the correct hooks for initramfs generation and
>   bootloader configuration
> * Uninstallation is complete and also invokes the relevant hooks
> * New UAPI headers can be installed without any manual bookkeeping
> 
> The PKGBUILD file is a simplified version of the one used for the
> downstream Arch Linux "linux" package.

The package is actually called "linux-upstream", right?

> Extra steps that should not be necessary for a development kernel have
> been removed and an UAPI header package has been added.
> 
> Reviewed-by: Nathan Chancellor <nathan@...nel.org>
> Tested-by: Nathan Chancellor <nathan@...nel.org>
> Signed-off-by: Thomas Weißschuh <linux@...ssschuh.net>
> ---
> Changes in v4:
> - Update MRPROPER_FILES
> - Unify shell variable syntax
> - Link to v3: https://lore.kernel.org/r/20240708-kbuild-pacman-pkg-v3-1-885df3cbc740@weissschuh.net
> 
> Changes in v3:
> - Enforce matching architectures for installation
> - Add Reviewed-by and Tested-by from Nathan
> - Link to v2: https://lore.kernel.org/r/20240706-kbuild-pacman-pkg-v2-1-613422a03a7a@weissschuh.net
> 
> Changes in v2:
> - Replace ${MAKE} with $MAKE for consistency with other variables
> - Use $MAKE for "-s image_name"
> - Avoid permission warnings from build directory
> - Clarify reason for /build symlink removal
> - Install System.map and config
> - Install dtbs where available
> - Allow cross-build through arch=any
> - Sort Contributor/Maintainer chronologically
> - Disable some unneeded makepkg options
> - Use DEPMOD=true for consistency with rpm-package
> - Link to v1: https://lore.kernel.org/r/20240704-kbuild-pacman-pkg-v1-1-ac2f63f5fa7b@weissschuh.net
> ---
>  .gitignore               |  6 ++++
>  Makefile                 |  2 +-
>  scripts/Makefile.package | 16 ++++++++++
>  scripts/package/PKGBUILD | 83 ++++++++++++++++++++++++++++++++++++++++++++++++
>  4 files changed, 106 insertions(+), 1 deletion(-)
> 
> diff --git a/.gitignore b/.gitignore
> index c59dc60ba62e..7902adf4f7f1 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -92,6 +92,12 @@ modules.order
>  #
>  /tar-install/
>  
> +#
> +# pacman files (make pacman-pkg)
> +#
> +/PKGBUILD
> +/pacman/
> +
>  #
>  # We don't want to ignore the following even if they are dot-files
>  #
> diff --git a/Makefile b/Makefile
> index b25b5b44af10..79e8dcec6be9 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -1497,7 +1497,7 @@ CLEAN_FILES += vmlinux.symvers modules-only.symvers \
>  # Directories & files removed with 'make mrproper'
>  MRPROPER_FILES += include/config include/generated          \
>  		  arch/$(SRCARCH)/include/generated .objdiff \
> -		  debian snap tar-install \
> +		  debian snap tar-install PKGBUILD pacman \

(thanks!)

>  		  .config .config.old .version \
>  		  Module.symvers \
>  		  certs/signing_key.pem \
> diff --git a/scripts/Makefile.package b/scripts/Makefile.package
> index bf016af8bf8a..a5b5b899d90c 100644
> --- a/scripts/Makefile.package
> +++ b/scripts/Makefile.package
> @@ -141,6 +141,21 @@ snap-pkg:
>  	cd $(objtree)/snap && \
>  	snapcraft --target-arch=$(UTS_MACHINE)
>  
> +# pacman-pkg
> +# ---------------------------------------------------------------------------
> +
> +PHONY += pacman-pkg
> +pacman-pkg:
> +	@ln -srf $(srctree)/scripts/package/PKGBUILD $(objtree)/PKGBUILD
> +	cd $(objtree) && \

Please prefix this line with a '+' to allow make job-server delegation to
sub-make called via makepkg.  This will prevent the make warning

    make[3]: warning: jobserver unavailable: using -j1.  Add '+' to parent make rule.


> +		srctree="$(realpath $(srctree))" \
> +		objtree="$(realpath $(objtree))" \
> +		BUILDDIR="$(realpath $(objtree))/pacman" \
> +		CARCH="$(UTS_MACHINE)" \
> +		KBUILD_MAKEFLAGS="$(MAKEFLAGS)" \
> +		KBUILD_REVISION="$(shell $(srctree)/init/build-version)" \

Just a note: In Masahiro's current kbuild tree 'build-version' has been moved
to scripts/build-version.  But I don't know on which base this patch will
possibly be applied to.

> +		makepkg
> +
>  # dir-pkg tar*-pkg - tarball targets
>  # ---------------------------------------------------------------------------
>  
> @@ -221,6 +236,7 @@ help:
>  	@echo '  bindeb-pkg          - Build only the binary kernel deb package'
>  	@echo '  snap-pkg            - Build only the binary kernel snap package'
>  	@echo '                        (will connect to external hosts)'
> +	@echo '  pacman-pkg          - Build only the binary kernel pacman package'
>  	@echo '  dir-pkg             - Build the kernel as a plain directory structure'
>  	@echo '  tar-pkg             - Build the kernel as an uncompressed tarball'
>  	@echo '  targz-pkg           - Build the kernel as a gzip compressed tarball'
> diff --git a/scripts/package/PKGBUILD b/scripts/package/PKGBUILD
> new file mode 100644
> index 000000000000..b0b133ac28eb
> --- /dev/null
> +++ b/scripts/package/PKGBUILD
> @@ -0,0 +1,83 @@
> +# SPDX-License-Identifier: GPL-2.0-only
> +# Maintainer: Thomas Weißschuh <linux@...ssschuh.net>
> +# Contributor: Jan Alexander Steffens (heftig) <heftig@...hlinux.org>

I am not familiar enough with makepkg/PKGBUILD: Does it make sense to put
'set -e' here, as we (will) do in other kbuild scripts?  ('set -u' breaks
'makepkg'.)  Without 'set -e', shellcheck asks for error handling around 'cd'
commands.

> +
> +pkgbase=linux-upstream
> +pkgname=("$pkgbase" "$pkgbase-headers" "$pkgbase-api-headers")
> +pkgver="${KERNELRELEASE//-/_}"
> +pkgrel="$KBUILD_REVISION"
> +pkgdesc='Linux'
> +url='https://www.kernel.org/'
> +arch=($CARCH)
> +options=(!debug !strip !buildflags !makeflags)
> +license=(GPL-2.0-only)
> +
> +build() {
> +  export MAKEFLAGS="$KBUILD_MAKEFLAGS"
> +  cd "$objtree"
> +
> +  # makepkg does a "chmod a-srw", triggering warnings during kbuild
> +  chmod 0755 "$pkgdirbase" || true
> +
> +  $MAKE -f "$srctree/Makefile"
> +}
> +
> +package_linux-upstream() {
> +  pkgdesc="The $pkgdesc kernel and modules"
> +
> +  export MAKEFLAGS="$KBUILD_MAKEFLAGS"
> +  cd "$objtree"
> +  local modulesdir="$pkgdir/usr/$MODLIB"
> +
> +  echo "Installing boot image..."
> +  # systemd expects to find the kernel here to allow hibernation
> +  # https://github.com/systemd/systemd/commit/edda44605f06a41fb86b7ab8128dcf99161d2344
> +  install -Dm644 "$($MAKE -s image_name)" "$modulesdir/vmlinuz"
> +
> +  # Used by mkinitcpio to name the kernel
> +  echo "$pkgbase" | install -Dm644 /dev/stdin "$modulesdir/pkgbase"

This looks funny, I think I'd just use echo "$pkgbase" >"$modulesdir/pkgbase",
but this is probably just bike-shedding.

So, all in all it looks good to me, thanks!

With the jobserver-'+'-prefix added:
Reviewed-by: Nicolas Schier <nicolas@...sle.eu>

Kind regards,
Nicolas

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ