lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAK7LNAQk+i+9YUJMa8HkPhGw4gVLZMu=qxjzsT-S8T2b8RMd+w@mail.gmail.com>
Date: Thu, 18 Jul 2024 03:38:17 +0900
From: Masahiro Yamada <masahiroy@...nel.org>
To: Thomas Weißschuh <linux@...ssschuh.net>
Cc: Nathan Chancellor <nathan@...nel.org>, Nicolas Schier <nicolas@...sle.eu>, 
	"Jan Alexander Steffens (heftig)" <heftig@...hlinux.org>, linux-kernel@...r.kernel.org, 
	linux-kbuild@...r.kernel.org
Subject: Re: [PATCH v6] kbuild: add script and target to generate pacman package

On Wed, Jul 17, 2024 at 2:52 AM Thomas Weißschuh <linux@...ssschuh.net> wrote:
>
> pacman is the package manager used by Arch Linux and its derivates.
> Creating native packages from the kernel tree has multiple advantages:
>
> * The package triggers the correct hooks for initramfs generation and
>   bootloader configuration
> * Uninstallation is complete and also invokes the relevant hooks
> * New UAPI headers can be installed without any manual bookkeeping
>
> The PKGBUILD file is a simplified version of the one used for the
> downstream Arch Linux "linux" package.
> Extra steps that should not be necessary for a development kernel have
> been removed and an UAPI header package has been added.
>
> Signed-off-by: Thomas Weißschuh <linux@...ssschuh.net>
> Reviewed-by: Nathan Chancellor <nathan@...nel.org>
> Tested-by: Nathan Chancellor <nathan@...nel.org>
> Reviewed-by: Nicolas Schier <nicolas@...sle.eu>
> ---
> Changes in v6:
> - Drop reference to srctree/Makefile
> - Drop $(realpath $(srctree))
> - Make use of the fact that $(objtree) is always "."
> - Align coding style to kernel and drop vim config line
> - Drop indirection through `$MAKE run-command`
> - Unify shell variable syntax to "${var}"
> - Add explanations to custom variables
> - Add makedepends
> - Link to v5: https://lore.kernel.org/r/20240714-kbuild-pacman-pkg-v5-1-0598460bc918@weissschuh.net
>
> Changes in v5:
> - Rebase onto kbuild/for-next
> - Use new path to build-version script (from kbuild/for-next)
> - Ensure submake jobserver delegation works
> - Simplify $modulesdir/pkgbase file creation
> - Add Reviewed-by from Nicolas
> - Link to v4: https://lore.kernel.org/r/20240710-kbuild-pacman-pkg-v4-1-507bb5b79b2a@weissschuh.net
>
> Changes in v4:
> - Update MRPROPER_FILES
> - Unify shell variable syntax
> - Link to v3: https://lore.kernel.org/r/20240708-kbuild-pacman-pkg-v3-1-885df3cbc740@weissschuh.net
>
> Changes in v3:
> - Enforce matching architectures for installation
> - Add Reviewed-by and Tested-by from Nathan
> - Link to v2: https://lore.kernel.org/r/20240706-kbuild-pacman-pkg-v2-1-613422a03a7a@weissschuh.net
>
> Changes in v2:
> - Replace ${MAKE} with $MAKE for consistency with other variables
> - Use $MAKE for "-s image_name"
> - Avoid permission warnings from build directory
> - Clarify reason for /build symlink removal
> - Install System.map and config
> - Install dtbs where available
> - Allow cross-build through arch=any
> - Sort Contributor/Maintainer chronologically
> - Disable some unneeded makepkg options
> - Use DEPMOD=true for consistency with rpm-package
> - Link to v1: https://lore.kernel.org/r/20240704-kbuild-pacman-pkg-v1-1-ac2f63f5fa7b@weissschuh.net
> ---
>  .gitignore               |  6 +++
>  Makefile                 |  2 +-
>  scripts/Makefile.package | 14 +++++++
>  scripts/package/PKGBUILD | 99 ++++++++++++++++++++++++++++++++++++++++++++++++
>  4 files changed, 120 insertions(+), 1 deletion(-)
>
> diff --git a/.gitignore b/.gitignore
> index c59dc60ba62e..7902adf4f7f1 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -92,6 +92,12 @@ modules.order
>  #
>  /tar-install/
>
> +#
> +# pacman files (make pacman-pkg)
> +#
> +/PKGBUILD
> +/pacman/
> +
>  #
>  # We don't want to ignore the following even if they are dot-files
>  #
> diff --git a/Makefile b/Makefile
> index 7372ea45ed3f..768d3dc107f8 100644
> --- a/Makefile
> +++ b/Makefile
> @@ -1481,7 +1481,7 @@ CLEAN_FILES += vmlinux.symvers modules-only.symvers \
>  # Directories & files removed with 'make mrproper'
>  MRPROPER_FILES += include/config include/generated          \
>                   arch/$(SRCARCH)/include/generated .objdiff \
> -                 debian snap tar-install \
> +                 debian snap tar-install PKGBUILD pacman \
>                   .config .config.old .version \
>                   Module.symvers \
>                   certs/signing_key.pem \
> diff --git a/scripts/Makefile.package b/scripts/Makefile.package
> index bf016af8bf8a..0aaa0832279c 100644
> --- a/scripts/Makefile.package
> +++ b/scripts/Makefile.package
> @@ -141,6 +141,19 @@ snap-pkg:
>         cd $(objtree)/snap && \
>         snapcraft --target-arch=$(UTS_MACHINE)
>
> +# pacman-pkg
> +# ---------------------------------------------------------------------------
> +
> +PHONY += pacman-pkg
> +pacman-pkg:
> +       @ln -srf $(srctree)/scripts/package/PKGBUILD $(objtree)/PKGBUILD
> +       +objtree="$(realpath $(objtree))" \
> +               BUILDDIR=pacman \
> +               CARCH="$(UTS_MACHINE)" \
> +               KBUILD_MAKEFLAGS="$(MAKEFLAGS)" \
> +               KBUILD_REVISION="$(shell $(srctree)/scripts/build-version)" \
> +               makepkg
> +
>  # dir-pkg tar*-pkg - tarball targets
>  # ---------------------------------------------------------------------------
>
> @@ -221,6 +234,7 @@ help:
>         @echo '  bindeb-pkg          - Build only the binary kernel deb package'
>         @echo '  snap-pkg            - Build only the binary kernel snap package'
>         @echo '                        (will connect to external hosts)'
> +       @echo '  pacman-pkg          - Build only the binary kernel pacman package'
>         @echo '  dir-pkg             - Build the kernel as a plain directory structure'
>         @echo '  tar-pkg             - Build the kernel as an uncompressed tarball'
>         @echo '  targz-pkg           - Build the kernel as a gzip compressed tarball'
> diff --git a/scripts/package/PKGBUILD b/scripts/package/PKGBUILD
> new file mode 100644
> index 000000000000..eb3957fad915
> --- /dev/null
> +++ b/scripts/package/PKGBUILD
> @@ -0,0 +1,99 @@
> +# SPDX-License-Identifier: GPL-2.0-only
> +# Maintainer: Thomas Weißschuh <linux@...ssschuh.net>
> +# Contributor: Jan Alexander Steffens (heftig) <heftig@...hlinux.org>
> +
> +pkgbase=linux-upstream
> +pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-api-headers")
> +pkgver="${KERNELRELEASE//-/_}"
> +# The PKGBUILD is evaluated multiple times.
> +# Running scripts/build-version from here would introduce inconsistencies.
> +pkgrel="${KBUILD_REVISION}"








> +pkgdesc='Linux'
> +url='https://www.kernel.org/'
> +# Enable flexible cross-compilation
> +arch=(${CARCH})
> +license=(GPL-2.0-only)
> +makedepends=(
> +       base-devel


The base-devel group includes autoconf, automake, libtool, etc.

Kbuild does not use those.


I like a list of individual packages, as seen in arch linux:

https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/blob/6.9.9.arch1-1/PKGBUILD?ref_type=tags#L11






> +       bc
> +       cpio
> +       gettext
> +       libelf
> +       openssl
> +       pahole
> +       perl
> +       python
> +       rsync
> +       tar
> +)
> +options=(!debug !strip !buildflags !makeflags)
> +
> +build() {
> +       # MAKEFLAGS from makepkg.conf override the ones inherited from kbuild.
> +       # Bypass this override with a custom variable.
> +       export MAKEFLAGS="${KBUILD_MAKEFLAGS}"
> +       cd "${objtree}"
> +
> +       # makepkg does a "chmod a-srw", triggering warnings during kbuild
> +       chmod 0755 "${pkgdirbase}" || true


Please remove this.

The warning is emitted by

  find . -name '*.usyms' | xargs rm -f

in scripts/remove-stale-files.


I will apply this first:
https://lore.kernel.org/linux-kbuild/20240717181340.1518266-1-masahiroy@kernel.org/T/#u






> +
> +       ${MAKE}


This will cause a revision mismatch between the package and
'uname -a' in the installed kernel image.

You execute scripts/build-version in scripts/Makefile.package,
and once again during ${MAKE}.


The revision in include/generated/utsversion.h is bigger
than ${pkgrel}.


kernel.spec does like this:

  %{make} %{makeflags} KERNELRELEASE=%{KERNELRELEASE}
KBUILD_BUILD_VERSION=%{release}



You need to do something similar.





--
Best Regards
Masahiro Yamada

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ