Skip to content

Commit

Permalink
Split up $PACKAGE_VERSION to be more flexible and matching what we us…
Browse files Browse the repository at this point in the history
…ed to do
  • Loading branch information
legoktm committed Mar 27, 2024
1 parent db85d59 commit 925c7af
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 12 deletions.
11 changes: 10 additions & 1 deletion build-kernel.sh
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,10 @@ GRSECURITY="${GRSECURITY:-}"
LINUX_VERSION="${LINUX_VERSION:-}"
LINUX_MAJOR_VERSION="${LINUX_MAJOR_VERSION:-}"
LINUX_CUSTOM_CONFIG="${LINUX_CUSTOM_CONFIG:-/config}"
# "securedrop" or "workstation" (or "tiny" in CI)
LOCALVERSION="${LOCALVERSION:-}"
# Increment this if we need to rebuild the same kernel version for whatever reason
export BUILD_VERSION="${BUILD_VERSION:-1}"
export SOURCE_DATE_EPOCH
export SOURCE_DATE_EPOCH_FORMATTED=$(date -R -d @$SOURCE_DATE_EPOCH)
export KBUILD_BUILD_TIMESTAMP
Expand Down Expand Up @@ -53,6 +56,7 @@ if [[ -z "$LINUX_VERSION" ]]; then
echo "Looking up latest release of $LINUX_MAJOR_VERSION from kernel.org"
LINUX_VERSION="$(curl -s https://www.kernel.org/ | grep -m1 -F "$LINUX_MAJOR_VERSION" -A1 | head -n1 | grep -oP '[\d\.]+')"
fi
export LINUX_VERSION

# 5.15.120 -> 5
FOLDER="$(cut -d. -f1 <<< "$LINUX_VERSION").x"
Expand Down Expand Up @@ -82,7 +86,12 @@ tar -cf - . | pigz > ../linux-upstream_${LINUX_VERSION}-grsec-${LOCALVERSION}.or
echo "Copying in our debian/"
cp -R /debian debian

export PACKAGE_VERSION="${LINUX_VERSION}-grsec-${LOCALVERSION}-1"
export LINUX_BUILD_VERSION="${LINUX_VERSION}-${BUILD_VERSION}"
if [[ -n "$GRSECURITY" && "$GRSECURITY" = "1" ]]; then
export VERSION_SUFFIX="grsec-${LOCALVERSION}"
else
export VERSION_SUFFIX="${LOCALVERSION}"
fi
export DEBARCH="amd64"

cat debian/control.in | envsubst > debian/control
Expand Down
2 changes: 1 addition & 1 deletion debian/changelog.in
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
linux-upstream (${PACKAGE_VERSION}) ${VERSION_CODENAME}; urgency=low
linux-upstream (${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}-${BUILD_VERSION}) ${VERSION_CODENAME}; urgency=low

* Custom built Linux kernel.

Expand Down
16 changes: 8 additions & 8 deletions debian/control.in
Original file line number Diff line number Diff line change
Expand Up @@ -6,11 +6,11 @@ Rules-Requires-Root: no
Build-Depends: bc, debhelper, rsync, kmod, cpio, bison, flex, libelf-dev, libssl-dev
Homepage: https://securedrop.org/

Package: linux-image-${PACKAGE_VERSION}
Package: linux-image-${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}
Architecture: ${DEBARCH}
Description: Linux kernel, version ${PACKAGE_VERSION}
Description: Linux kernel, version ${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}
This package contains the Linux kernel, modules and corresponding other
files, version: ${PACKAGE_VERSION}.
files, version: ${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}.

Package: linux-libc-dev
Section: devel
Expand All @@ -21,16 +21,16 @@ Description: Linux support headers for userspace development
are used by the installed headers for GNU glibc and other system libraries.
Multi-Arch: same

Package: linux-headers-${PACKAGE_VERSION}
Package: linux-headers-${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}
Architecture: ${DEBARCH}
Description: Linux kernel headers for ${PACKAGE_VERSION} on ${DEBARCH}
This package provides kernel header files for ${PACKAGE_VERSION} on ${DEBARCH}
Description: Linux kernel headers for ${LINUX_BUILD_VERSION}-${VERSION_SUFFIX} on ${DEBARCH}
This package provides kernel header files for ${LINUX_BUILD_VERSION}-${VERSION_SUFFIX} on ${DEBARCH}
.
This is useful for people who need to build external modules

Package: linux-image-${PACKAGE_VERSION}-dbg
Package: linux-image-${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}-dbg
Section: debug
Architecture: ${DEBARCH}
Description: Linux kernel debugging symbols for ${PACKAGE_VERSION}
Description: Linux kernel debugging symbols for ${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}
This package will come in handy if you need to debug the kernel. It provides
all the necessary debug symbols for the kernel and its modules.
2 changes: 1 addition & 1 deletion debian/control.server
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
Package: securedrop-grsec
Section: admin
Architecture: ${DEBARCH}
Depends: linux-image-${PACKAGE_VERSION}, intel-microcode, amd64-microcode, paxctld
Depends: linux-image-${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}, intel-microcode, amd64-microcode, paxctld
Description: Metapackage providing a grsecurity-patched Linux kernel for use
with SecureDrop. Depends on the most recently built patched kernel maintained
by FPF. Package also includes sysctl and PaX flags calls for GRUB.
2 changes: 1 addition & 1 deletion debian/control.workstation
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ Package: securedrop-workstation-grsec
Section: admin
Architecture: ${DEBARCH}
Pre-Depends: qubes-kernel-vm-support (>=4.0.31)
Depends: linux-image-${PACKAGE_VERSION}, libelf-dev, paxctld
Depends: linux-image-${LINUX_BUILD_VERSION}-${VERSION_SUFFIX}, libelf-dev, paxctld
Description: Linux for SecureDrop Workstation template (meta-package)
Metapackage providing a grsecurity-patched Linux kernel for use in SecureDrop
Workstation Qubes templates. Depends on the most recently built patched kernel
Expand Down

0 comments on commit 925c7af

Please sign in to comment.