linux-toradex.git/scripts/package, branch v5.11-rc3 Linux kernel for Apalis and Colibri modules builddeb: Fix rootless build in setuid/setgid directory 2020-11-02T02:31:00+00:00 Sven Joachim svenjoac@gmx.de 2020-10-26T19:32:16+00:00 d1889589a4f54b2d1d7075d608b596d6fcfd3d96 Building 5.10-rc1 in a setgid directory failed with the following error: dpkg-deb: error: control directory has bad permissions 2755 (must be >=0755 and <=0775) When building with fakeroot, the earlier chown call would have removed the setgid bits, but in a rootless build they remain. Fixes: 3e8541803624 ("builddeb: Enable rootless builds") Cc: Guillem Jover <guillem@hadrons.org> Signed-off-by: Sven Joachim <svenjoac@gmx.de> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> 
Building 5.10-rc1 in a setgid directory failed with the following
error:

dpkg-deb: error: control directory has bad permissions 2755 (must be
>=0755 and <=0775)

When building with fakeroot, the earlier chown call would have removed
the setgid bits, but in a rootless build they remain.

Fixes: 3e8541803624 ("builddeb: Enable rootless builds")
Cc: Guillem Jover <guillem@hadrons.org>
Signed-off-by: Sven Joachim <svenjoac@gmx.de>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
kbuild: deb-pkg: clean up package name variables 2020-10-14T03:49:39+00:00 Masahiro Yamada masahiroy@kernel.org 2020-10-13T18:38:20+00:00 0fa21cf4489fe11737d56f8056dda1ba0257bd8d Hard-code the names of linux-headers and debug packages in the control file. The kernel package is different for ARCH=um. Change the code for better readability. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> 
Hard-code the names of linux-headers and debug packages in the
control file.

The kernel package is different for ARCH=um. Change the code
for better readability.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
kbuild: deb-pkg: do not build linux-headers package if CONFIG_MODULES=n 2020-10-14T03:49:34+00:00 Masahiro Yamada masahiroy@kernel.org 2020-10-13T18:38:19+00:00 bac977cbc0d6731fb8e67c2be0e4acbd959e10b3 Since commit 269a535ca931 ("modpost: generate vmlinux.symvers and reuse it for the second modpost"), with CONFIG_MODULES disabled, "make deb-pkg" (or "make bindeb-pkg") fails with: find: ‘Module.symvers’: No such file or directory If CONFIG_MODULES is disabled, it doesn't really make sense to build the linux-headers package. Fixes: 269a535ca931 ("modpost: generate vmlinux.symvers and reuse it for the second modpost") Reported-by: Josh Triplett <josh@joshtriplett.org> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> 
Since commit 269a535ca931 ("modpost: generate vmlinux.symvers and
reuse it for the second modpost"), with CONFIG_MODULES disabled,
"make deb-pkg" (or "make bindeb-pkg") fails with:

  find: ‘Module.symvers’: No such file or directory

If CONFIG_MODULES is disabled, it doesn't really make sense to build
the linux-headers package.

Fixes: 269a535ca931 ("modpost: generate vmlinux.symvers and reuse it for the second modpost")
Reported-by: Josh Triplett <josh@joshtriplett.org>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
builddeb: Add support for all required debian/rules targets 2020-10-09T15:41:35+00:00 Guillem Jover guillem@hadrons.org 2020-09-20T22:25:53+00:00 76c37668768464a6c2d5c49abd36ba0b48a0b131 These have been required by the Debian policy for a while, even though the tooling can detect and workaround their omission, but are a hard requirement when using rootless builds. [masahiro: The following Debian policy is particularly important for rootless builds: "Both binary-* targets should depend on the build target, or on the appropriate build-arch or build-indep target, so that the package is built if it has not been already." ] Signed-off-by: Guillem Jover <guillem@hadrons.org> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> 
These have been required by the Debian policy for a while, even though
the tooling can detect and workaround their omission, but are a hard
requirement when using rootless builds.

[masahiro:
The following Debian policy is particularly important for rootless builds:
"Both binary-* targets should depend on the build target, or on the
 appropriate build-arch or build-indep target, so that the package is
 built if it has not been already."
]

Signed-off-by: Guillem Jover <guillem@hadrons.org>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
builddeb: Enable rootless builds 2020-10-09T14:59:16+00:00 Guillem Jover guillem@hadrons.org 2020-09-20T22:25:54+00:00 3e8541803624678925a477a03e19e3c155b5fc12 This makes it possible to build the Debian packages without requiring (pseudo-)root privileges, when the build drivers support this mode of operation. See-Also: /usr/share/doc/dpkg/rootless-builds.txt.gz Signed-off-by: Guillem Jover <guillem@hadrons.org> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> 
This makes it possible to build the Debian packages without requiring
(pseudo-)root privileges, when the build drivers support this mode
of operation.

See-Also: /usr/share/doc/dpkg/rootless-builds.txt.gz
Signed-off-by: Guillem Jover <guillem@hadrons.org>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
builddeb: Pass -n to gzip for reproducible packages 2020-10-09T14:57:30+00:00 Guillem Jover guillem@hadrons.org 2020-09-20T22:25:50+00:00 51ccdbfbed79bae4b9c2529ec980de4508455a47 We should not be encoding the timestamp, otherwise we end up generating unreproducible files that cascade into unreproducible packages. Signed-off-by: Guillem Jover <guillem@hadrons.org> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> 
We should not be encoding the timestamp, otherwise we end up generating
unreproducible files that cascade into unreproducible packages.

Signed-off-by: Guillem Jover <guillem@hadrons.org>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
kbuild: preprocess module linker script 2020-09-24T15:36:41+00:00 Masahiro Yamada masahiroy@kernel.org 2020-09-08T04:27:08+00:00 596b0474d3d9b1242eab713f84d8873f9887d980 There was a request to preprocess the module linker script like we do for the vmlinux one. (https://lkml.org/lkml/2020/8/21/512) The difference between vmlinux.lds and module.lds is that the latter is needed for external module builds, thus must be cleaned up by 'make mrproper' instead of 'make clean'. Also, it must be created by 'make modules_prepare'. You cannot put it in arch/$(SRCARCH)/kernel/, which is cleaned up by 'make clean'. I moved arch/$(SRCARCH)/kernel/module.lds to arch/$(SRCARCH)/include/asm/module.lds.h, which is included from scripts/module.lds.S. scripts/module.lds is fine because 'make clean' keeps all the build artifacts under scripts/. You can add arch-specific sections in <asm/module.lds.h>. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Tested-by: Jessica Yu <jeyu@kernel.org> Acked-by: Will Deacon <will@kernel.org> Acked-by: Geert Uytterhoeven <geert@linux-m68k.org> Acked-by: Palmer Dabbelt <palmerdabbelt@google.com> Reviewed-by: Kees Cook <keescook@chromium.org> Acked-by: Jessica Yu <jeyu@kernel.org> 
There was a request to preprocess the module linker script like we
do for the vmlinux one. (https://lkml.org/lkml/2020/8/21/512)

The difference between vmlinux.lds and module.lds is that the latter
is needed for external module builds, thus must be cleaned up by
'make mrproper' instead of 'make clean'. Also, it must be created
by 'make modules_prepare'.

You cannot put it in arch/$(SRCARCH)/kernel/, which is cleaned up by
'make clean'. I moved arch/$(SRCARCH)/kernel/module.lds to
arch/$(SRCARCH)/include/asm/module.lds.h, which is included from
scripts/module.lds.S.

scripts/module.lds is fine because 'make clean' keeps all the
build artifacts under scripts/.

You can add arch-specific sections in <asm/module.lds.h>.

Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
Tested-by: Jessica Yu <jeyu@kernel.org>
Acked-by: Will Deacon <will@kernel.org>
Acked-by: Geert Uytterhoeven <geert@linux-m68k.org>
Acked-by: Palmer Dabbelt <palmerdabbelt@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Acked-by: Jessica Yu <jeyu@kernel.org>
kbuild: Replace HTTP links with HTTPS ones 2020-08-09T16:32:59+00:00 Alexander A. Klimov grandmaster@al2klimov.de 2020-07-19T19:46:02+00:00 16a122c743b327f714606eff2cd8ff31c206bafc Rationale: Reduces attack surface on kernel devs opening the links for MITM as HTTPS traffic is much harder to manipulate. Deterministic algorithm: For each file: If not .svg: For each line: If doesn't contain `\bxmlns\b`: For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`: If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`: If both the HTTP and HTTPS versions return 200 OK and serve the same content: Replace HTTP with HTTPS. Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> 
Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
  If not .svg:
    For each line:
      If doesn't contain `\bxmlns\b`:
        For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
	  If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
            If both the HTTP and HTTPS versions
            return 200 OK and serve the same content:
              Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
kbuild: buildtar: add dtbs support 2020-07-07T02:13:11+00:00 Domenico Andreoli domenico.andreoli@linux.com 2020-06-27T12:25:05+00:00 55a87cd858578a4c3f0ab6e24696df1954e86f2c Make 'make tar-pkg' install dtbs. Signed-off-by: Domenico Andreoli <domenico.andreoli@linux.com> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> 
Make 'make tar-pkg' install dtbs.

Signed-off-by: Domenico Andreoli <domenico.andreoli@linux.com>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>
kbuild: fix broken builds because of GZIP,BZIP2,LZOP variables 2020-06-11T11:14:41+00:00 Denis Efremov efremov@linux.com 2020-06-08T09:59:44+00:00 e4a42c82e943b97ce124539fcd7a47445b43fa0d Redefine GZIP, BZIP2, LZOP variables as KGZIP, KBZIP2, KLZOP resp. GZIP, BZIP2, LZOP env variables are reserved by the tools. The original attempt to redefine them internally doesn't work in makefiles/scripts intercall scenarios, e.g., "make GZIP=gzip bindeb-pkg" and results in broken builds. There can be other broken build commands because of this, so the universal solution is to use non-reserved env variables for the compression tools. Fixes: 8dfb61dcbace ("kbuild: add variables for compression tools") Signed-off-by: Denis Efremov <efremov@linux.com> Tested-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> 
Redefine GZIP, BZIP2, LZOP variables as KGZIP, KBZIP2, KLZOP resp.
GZIP, BZIP2, LZOP env variables are reserved by the tools. The original
attempt to redefine them internally doesn't work in makefiles/scripts
intercall scenarios, e.g., "make GZIP=gzip bindeb-pkg" and results in
broken builds. There can be other broken build commands because of this,
so the universal solution is to use non-reserved env variables for the
compression tools.

Fixes: 8dfb61dcbace ("kbuild: add variables for compression tools")
Signed-off-by: Denis Efremov <efremov@linux.com>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Masahiro Yamada <masahiroy@kernel.org>