lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <020f9537-76ad-4e48-8bd1-ce30e5e175a8@t-8ch.de>
Date: Wed, 17 Jul 2024 21:27:04 +0200
From: Thomas Weißschuh <linux@...ssschuh.net>
To: Masahiro Yamada <masahiroy@...nel.org>
Cc: Nathan Chancellor <nathan@...nel.org>, 
	Nicolas Schier <nicolas@...sle.eu>, "Jan Alexander Steffens (heftig)" <heftig@...hlinux.org>, 
	linux-kernel@...r.kernel.org, linux-kbuild@...r.kernel.org
Subject: Re: [PATCH v6] kbuild: add script and target to generate pacman
 package

On 2024-07-18 03:38:17+0000, Masahiro Yamada wrote:
> On Wed, Jul 17, 2024 at 2:52 AM Thomas Weißschuh <linux@...ssschuh.net> wrote:
> >
> > pacman is the package manager used by Arch Linux and its derivates.
> > Creating native packages from the kernel tree has multiple advantages:
> >
> > * The package triggers the correct hooks for initramfs generation and
> >   bootloader configuration
> > * Uninstallation is complete and also invokes the relevant hooks
> > * New UAPI headers can be installed without any manual bookkeeping
> >
> > The PKGBUILD file is a simplified version of the one used for the
> > downstream Arch Linux "linux" package.
> > Extra steps that should not be necessary for a development kernel have
> > been removed and an UAPI header package has been added.
> >
> > Signed-off-by: Thomas Weißschuh <linux@...ssschuh.net>
> > Reviewed-by: Nathan Chancellor <nathan@...nel.org>
> > Tested-by: Nathan Chancellor <nathan@...nel.org>
> > Reviewed-by: Nicolas Schier <nicolas@...sle.eu>
> > ---
> > Changes in v6:
> > - Drop reference to srctree/Makefile
> > - Drop $(realpath $(srctree))
> > - Make use of the fact that $(objtree) is always "."
> > - Align coding style to kernel and drop vim config line
> > - Drop indirection through `$MAKE run-command`
> > - Unify shell variable syntax to "${var}"
> > - Add explanations to custom variables
> > - Add makedepends
> > - Link to v5: https://lore.kernel.org/r/20240714-kbuild-pacman-pkg-v5-1-0598460bc918@weissschuh.net
> >
> > Changes in v5:
> > - Rebase onto kbuild/for-next
> > - Use new path to build-version script (from kbuild/for-next)
> > - Ensure submake jobserver delegation works
> > - Simplify $modulesdir/pkgbase file creation
> > - Add Reviewed-by from Nicolas
> > - Link to v4: https://lore.kernel.org/r/20240710-kbuild-pacman-pkg-v4-1-507bb5b79b2a@weissschuh.net
> >
> > Changes in v4:
> > - Update MRPROPER_FILES
> > - Unify shell variable syntax
> > - Link to v3: https://lore.kernel.org/r/20240708-kbuild-pacman-pkg-v3-1-885df3cbc740@weissschuh.net
> >
> > Changes in v3:
> > - Enforce matching architectures for installation
> > - Add Reviewed-by and Tested-by from Nathan
> > - Link to v2: https://lore.kernel.org/r/20240706-kbuild-pacman-pkg-v2-1-613422a03a7a@weissschuh.net
> >
> > Changes in v2:
> > - Replace ${MAKE} with $MAKE for consistency with other variables
> > - Use $MAKE for "-s image_name"
> > - Avoid permission warnings from build directory
> > - Clarify reason for /build symlink removal
> > - Install System.map and config
> > - Install dtbs where available
> > - Allow cross-build through arch=any
> > - Sort Contributor/Maintainer chronologically
> > - Disable some unneeded makepkg options
> > - Use DEPMOD=true for consistency with rpm-package
> > - Link to v1: https://lore.kernel.org/r/20240704-kbuild-pacman-pkg-v1-1-ac2f63f5fa7b@weissschuh.net
> > ---
> >  .gitignore               |  6 +++
> >  Makefile                 |  2 +-
> >  scripts/Makefile.package | 14 +++++++
> >  scripts/package/PKGBUILD | 99 ++++++++++++++++++++++++++++++++++++++++++++++++
> >  4 files changed, 120 insertions(+), 1 deletion(-)
> >
> > diff --git a/.gitignore b/.gitignore
> > index c59dc60ba62e..7902adf4f7f1 100644
> > --- a/.gitignore
> > +++ b/.gitignore
> > @@ -92,6 +92,12 @@ modules.order
> >  #
> >  /tar-install/
> >
> > +#
> > +# pacman files (make pacman-pkg)
> > +#
> > +/PKGBUILD
> > +/pacman/
> > +
> >  #
> >  # We don't want to ignore the following even if they are dot-files
> >  #
> > diff --git a/Makefile b/Makefile
> > index 7372ea45ed3f..768d3dc107f8 100644
> > --- a/Makefile
> > +++ b/Makefile
> > @@ -1481,7 +1481,7 @@ CLEAN_FILES += vmlinux.symvers modules-only.symvers \
> >  # Directories & files removed with 'make mrproper'
> >  MRPROPER_FILES += include/config include/generated          \
> >                   arch/$(SRCARCH)/include/generated .objdiff \
> > -                 debian snap tar-install \
> > +                 debian snap tar-install PKGBUILD pacman \
> >                   .config .config.old .version \
> >                   Module.symvers \
> >                   certs/signing_key.pem \
> > diff --git a/scripts/Makefile.package b/scripts/Makefile.package
> > index bf016af8bf8a..0aaa0832279c 100644
> > --- a/scripts/Makefile.package
> > +++ b/scripts/Makefile.package
> > @@ -141,6 +141,19 @@ snap-pkg:
> >         cd $(objtree)/snap && \
> >         snapcraft --target-arch=$(UTS_MACHINE)
> >
> > +# pacman-pkg
> > +# ---------------------------------------------------------------------------
> > +
> > +PHONY += pacman-pkg
> > +pacman-pkg:
> > +       @ln -srf $(srctree)/scripts/package/PKGBUILD $(objtree)/PKGBUILD
> > +       +objtree="$(realpath $(objtree))" \
> > +               BUILDDIR=pacman \
> > +               CARCH="$(UTS_MACHINE)" \
> > +               KBUILD_MAKEFLAGS="$(MAKEFLAGS)" \
> > +               KBUILD_REVISION="$(shell $(srctree)/scripts/build-version)" \
> > +               makepkg
> > +
> >  # dir-pkg tar*-pkg - tarball targets
> >  # ---------------------------------------------------------------------------
> >
> > @@ -221,6 +234,7 @@ help:
> >         @echo '  bindeb-pkg          - Build only the binary kernel deb package'
> >         @echo '  snap-pkg            - Build only the binary kernel snap package'
> >         @echo '                        (will connect to external hosts)'
> > +       @echo '  pacman-pkg          - Build only the binary kernel pacman package'
> >         @echo '  dir-pkg             - Build the kernel as a plain directory structure'
> >         @echo '  tar-pkg             - Build the kernel as an uncompressed tarball'
> >         @echo '  targz-pkg           - Build the kernel as a gzip compressed tarball'
> > diff --git a/scripts/package/PKGBUILD b/scripts/package/PKGBUILD
> > new file mode 100644
> > index 000000000000..eb3957fad915
> > --- /dev/null
> > +++ b/scripts/package/PKGBUILD
> > @@ -0,0 +1,99 @@
> > +# SPDX-License-Identifier: GPL-2.0-only
> > +# Maintainer: Thomas Weißschuh <linux@...ssschuh.net>
> > +# Contributor: Jan Alexander Steffens (heftig) <heftig@...hlinux.org>
> > +
> > +pkgbase=linux-upstream
> > +pkgname=("${pkgbase}" "${pkgbase}-headers" "${pkgbase}-api-headers")
> > +pkgver="${KERNELRELEASE//-/_}"
> > +# The PKGBUILD is evaluated multiple times.
> > +# Running scripts/build-version from here would introduce inconsistencies.
> > +pkgrel="${KBUILD_REVISION}"
> 
> > +pkgdesc='Linux'
> > +url='https://www.kernel.org/'
> > +# Enable flexible cross-compilation
> > +arch=(${CARCH})
> > +license=(GPL-2.0-only)
> > +makedepends=(
> > +       base-devel
> 
> 
> The base-devel group includes autoconf, automake, libtool, etc.
> 
> Kbuild does not use those.
> 
> 
> I like a list of individual packages, as seen in arch linux:
> 
> https://gitlab.archlinux.org/archlinux/packaging/packages/linux/-/blob/6.9.9.arch1-1/PKGBUILD?ref_type=tags#L11

>From the wiki:

Note:
    The package base-devel is assumed to be already installed when
    building with makepkg. Dependencies of this package should not be
    included in makedepends array.

https://wiki.archlinux.org/title/PKGBUILD

Theoretically this shouldn't even be needed in the makedepends array.
I added it so if users are not aware that makepkg is used under the hood
these basic dependencies are met.
So the linked PKGBUILD assumes that all of this is already installed.

But I can see why you dislike it and will provide a more accurate list
of dependencies.

> > +       bc
> > +       cpio
> > +       gettext
> > +       libelf
> > +       openssl
> > +       pahole
> > +       perl
> > +       python
> > +       rsync
> > +       tar
> > +)
> > +options=(!debug !strip !buildflags !makeflags)
> > +
> > +build() {
> > +       # MAKEFLAGS from makepkg.conf override the ones inherited from kbuild.
> > +       # Bypass this override with a custom variable.
> > +       export MAKEFLAGS="${KBUILD_MAKEFLAGS}"
> > +       cd "${objtree}"
> > +
> > +       # makepkg does a "chmod a-srw", triggering warnings during kbuild
> > +       chmod 0755 "${pkgdirbase}" || true
> 
> 
> Please remove this.
> 
> The warning is emitted by
> 
>   find . -name '*.usyms' | xargs rm -f
> 
> in scripts/remove-stale-files.
> 
> 
> I will apply this first:
> https://lore.kernel.org/linux-kbuild/20240717181340.1518266-1-masahiroy@kernel.org/T/#u

Thank you very much for the analysis and fix!

> > +
> > +       ${MAKE}
> 
> 
> This will cause a revision mismatch between the package and
> 'uname -a' in the installed kernel image.
> 
> You execute scripts/build-version in scripts/Makefile.package,
> and once again during ${MAKE}.
> 
> 
> The revision in include/generated/utsversion.h is bigger
> than ${pkgrel}.
> 
> 
> kernel.spec does like this:
> 
>   %{make} %{makeflags} KERNELRELEASE=%{KERNELRELEASE}
> KBUILD_BUILD_VERSION=%{release}
> 
> 
> 
> You need to do something similar.

Ack, thanks!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ