BugLink: https://bugs.launchpad.net/bugs/1969434
They should been assigned automatically based on the latest
dkms-versions.
Also disable building any dkms for mainline builds.
Signed-off-by: You-Sheng Yang (vicamo) <vicamo.yang@canonical.com>
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1968016
Reflect the change with kernel-testing repo moved from kernel.ubuntu.com
to launchpad, where we host all of our testing tools.
Use shallow clone to save some bandwidth / time.
Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: Francis Ginther <francis.ginther@canonical.com>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1964990
Revoke 2017, 2018, 2019 signing certificates for kexec/kdump
purposes.
2012 signing certificate was already revoked for kexec/kdump purposes.
After this patch is applied, certificates corresponding to CRL serials
01, 02, 03, 04 will not be usable by this kernel for kexec/kdump
purposes. This patch prevents this kernel to kexec/kdump using kernels
signed by those certifictes when lockdown is in place.
05 Ubuntu Core 2019 signing certificate is not included as revoked, as
that certificate signs kernel.efi apps only which linux doesn't know
not know how to use with kexec/kdump.
Kernels that include this patch should be routed via 2021v1 signing,
to preserve kexec/kdump functionality under lockdown.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Enforce `set -e` execution of the dkms-build scripts, even when
overall SHELL is not set to `bash -e`. This enforces that dkms-build
scripts catch errors, even when building without SHELL variable, like
it is done by the LRM packages.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
dkms-build script uses bashism variable and test comparison, replace
them with dash compatible invocations. This allows using dkms-build
scripts without SHELL variable set to "bash -e", like it is done by
LRM packages.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Mark dkms-build-configure--zfs script executable, such that one
doesn't need to call it with an explicit shell.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
ddebs are huge in size, and rarely used. Keep them xz compressed.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
linux-image-ABI packages contain compressed content only (vmlinuz,
changelog) and thus the deb does not benefit at all from being
recompressed again. Only copyring file is compressed. We can actually
avoid shipping /doc/ at all, by symlinking it to the modules package
provided /doc/.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Revert "UBUNTU: [Packaging] enforce xz compression for debs"
This reverts commit 45da4d72de.
The previous commit incorrectly stated that jammy dpkg default has
switched from xz to zstd. This change was done late in impish
cycle. [1] It also incorrectly states that there are no evident benefits
for the kernel packages to use zstd.
It is correct that zstd compression may require more
resources. However, the decompression speed and decompression memory
requirements are a lot faster. The choice to switch from xz to zstd by
default in Ubuntu was done to speed up installation and upgrade of all
packages, at the expense of slightly larger download sizes.
If we do want to futher optimize compression methods it should
probably be done on per subpackage type. For example, linux-image-ABI
already contains compressed kernel image and not much else, we can
choose to not compress that deb at all with compression method
none. Debug symbols are usually rarely installed, thus it might make
sense to keep them small and thus choose compress ddebs with
xz. However modules and tools should remain compressed with zstd.
[1] https://launchpad.net/ubuntu/+source/dpkg/1.20.9ubuntu2
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Built-in modules can require firmware so add a new file
<version>/fwinfo.builtin to the buildinfo package that contains that list.
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Newer buildinfo packages provide a fwinfo.builtin file. Process that
file when downloading the ABIs.
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
In jammy we switched from xz compression to zstd compression for debs.
This change seems to have increased a lot the build time without giving
any evident benefit for the kernel packages.
Explicitly enforce xz compression for kernel debs and ddebs to prevent
timeout issues during the build.
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1786013
Signed-off-by: You-Sheng Yang <vicamo.yang@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1938531
Signed-off-by: You-Sheng Yang <vicamo.yang@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
The previous commit introduced a new file modules.builtin that lists all
built-in modules. Take the content of that file into account during the ABI
check so that modules that changed from 'm' to 'y' don't result in a build
failure.
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Add a new file <version>/modules.builtin to the buildinfo package that
lists all the built-in modules. This will be used by the ABI checker to
not complain about missing modules if module configs have changed from
'm' to 'y'.
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Rewrite the module-check script in Python to get us one step closer to
dropping Perl as an Ubuntu kernel build dependency. While at it, remove
some of the rather 'interesting' comments printed to the console.
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Unused since 20.04.1 release, and no udebs are built in Ubuntu since
21.04 release.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
Rewrite the insert-changes.pl script in Python to get us one step closer
to dropping Perl as an Ubuntu kernel build dependency.
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Replace the only Perl oneliner in the Ubuntu Makefiles with Bash
statements. This brings us one step closer to dropping Perl as a build
dependency for the Ubuntu kernel.
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1945989
Call fips-checks as part of the debian target "finalchecks". That will
ensure the checks are executed during build and during cranky close.
Kernels need to enable this check via do_fips_checks.
Signed-off-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1947174
If certificates are packaged, the config keys to use them must be
enabled otherwise boot testing will fail. This check ensures early
detection of incorrect configuration when rebasing derivative kernels.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
There are scripts in the kernel tree that supposedly help with managing
firmware files/blobs but they haven't been used nor needed in ages so get
rid of them.
Signed-off-by: Juerg Haefliger <juergh@canonical.com>
Acked-by: Tim Gardner <tim.gardner@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
Remove remaining few, unused, references to family=ports builds. Also
remove the maintainer targets to operate on ports.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
Acked-by: Juerg Haefliger <juergh@canonical.com>
Acked-by: Andrea Righi <andrea.righi@canonical.com>
Signed-off-by: Paolo Pisati <paolo.pisati@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1912789
The config update was working with the conditional entry but the actual
build is different and was just ignoring everything.
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
(cherry picked commit from 198971108d5dfe12b9846bf0d115accc3d1c3fe8
focal)
Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
BugLink: https://bugs.launchpad.net/bugs/1912789
We want to be able to selectively turn on ODM driver support for those
kernels/arches we have to but otherwise not inherit this to other
derivatives. This is done by a new config option which we will have to
depend on in the new drivers config options. Support is toggled by
changing a makefile rule variable. The new config option will be hidden
as long as not at least one of the arches supported turns on the rule
variable.
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
Acked-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Kelsey Skunberg <kelsey.skunberg@canonical.com>
(cherry picked from commit 4aeffc246531a666c1fad1925ebf1a6e68a704e4
focal)
Signed-off-by: Chia-Lin Kao (AceLan) <acelan.kao@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: Andrea Righi <andrea.righi@canonical.com>
