Fix file conflicts between debug packages where a vDSO is identical
Closes: #872263 - kbuild: Add build salt to the kernel and modules - [arm64,powerpc,x86] Add build salt to the vDSO - Set BUILD_SALT equal to the release string
This commit is contained in:
parent
c924dd44d9
commit
98b1cf0710
|
@ -8,6 +8,11 @@ linux (4.17.6-2) UNRELEASED; urgency=medium
|
||||||
* linux-kbuild: Fix the assumed host architecture for cross-built objtool
|
* linux-kbuild: Fix the assumed host architecture for cross-built objtool
|
||||||
* [ppc64] linux-bootwrapper: Work around compiler include path quirk
|
* [ppc64] linux-bootwrapper: Work around compiler include path quirk
|
||||||
(fixes FTBFS)
|
(fixes FTBFS)
|
||||||
|
* Fix file conflicts between debug packages where a vDSO is identical
|
||||||
|
(Closes: #872263):
|
||||||
|
- kbuild: Add build salt to the kernel and modules
|
||||||
|
- [arm64,powerpc,x86] Add build salt to the vDSO
|
||||||
|
- Set BUILD_SALT equal to the release string
|
||||||
|
|
||||||
-- Ben Hutchings <ben@decadent.org.uk> Thu, 12 Jul 2018 15:16:15 +0100
|
-- Ben Hutchings <ben@decadent.org.uk> Thu, 12 Jul 2018 15:16:15 +0100
|
||||||
|
|
||||||
|
|
105
debian/patches/features/all/kbuild-add-build-salt-to-the-kernel-and-modules.patch
vendored
Normal file
105
debian/patches/features/all/kbuild-add-build-salt-to-the-kernel-and-modules.patch
vendored
Normal file
|
@ -0,0 +1,105 @@
|
||||||
|
From: Laura Abbott <labbott@redhat.com>
|
||||||
|
Date: Thu, 5 Jul 2018 17:49:37 -0700
|
||||||
|
Subject: kbuild: Add build salt to the kernel and modules
|
||||||
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git/commit?id=8bc0ab58aca8a96fed7e9a38e21025d1737f4a4f
|
||||||
|
Bug-Debian: https://bugs.debian.org/872263
|
||||||
|
|
||||||
|
In Fedora, the debug information is packaged separately (foo-debuginfo) and
|
||||||
|
can be installed separately. There's been a long standing issue where only
|
||||||
|
one version of a debuginfo info package can be installed at a time. There's
|
||||||
|
been an effort for Fedora for parallel debuginfo to rectify this problem.
|
||||||
|
|
||||||
|
Part of the requirement to allow parallel debuginfo to work is that build ids
|
||||||
|
are unique between builds. The existing upstream rpm implementation ensures
|
||||||
|
this by re-calculating the build-id using the version and release as a
|
||||||
|
seed. This doesn't work 100% for the kernel because of the vDSO which is
|
||||||
|
its own binary and doesn't get updated when embedded.
|
||||||
|
|
||||||
|
Fix this by adding some data in an ELF note for both the kernel and modules.
|
||||||
|
The data is controlled via a Kconfig option so distributions can set it
|
||||||
|
to an appropriate value to ensure uniqueness between builds.
|
||||||
|
|
||||||
|
Suggested-by: Masahiro Yamada <yamada.masahiro@socionext.com>
|
||||||
|
Signed-off-by: Laura Abbott <labbott@redhat.com>
|
||||||
|
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
|
||||||
|
---
|
||||||
|
include/linux/build-salt.h | 20 ++++++++++++++++++++
|
||||||
|
init/Kconfig | 9 +++++++++
|
||||||
|
init/version.c | 3 +++
|
||||||
|
scripts/mod/modpost.c | 3 +++
|
||||||
|
4 files changed, 35 insertions(+)
|
||||||
|
create mode 100644 include/linux/build-salt.h
|
||||||
|
|
||||||
|
--- /dev/null
|
||||||
|
+++ b/include/linux/build-salt.h
|
||||||
|
@@ -0,0 +1,20 @@
|
||||||
|
+#ifndef __BUILD_SALT_H
|
||||||
|
+#define __BUILD_SALT_H
|
||||||
|
+
|
||||||
|
+#include <linux/elfnote.h>
|
||||||
|
+
|
||||||
|
+#define LINUX_ELFNOTE_BUILD_SALT 0x100
|
||||||
|
+
|
||||||
|
+#ifdef __ASSEMBLER__
|
||||||
|
+
|
||||||
|
+#define BUILD_SALT \
|
||||||
|
+ ELFNOTE(Linux, LINUX_ELFNOTE_BUILD_SALT, .asciz CONFIG_BUILD_SALT)
|
||||||
|
+
|
||||||
|
+#else
|
||||||
|
+
|
||||||
|
+#define BUILD_SALT \
|
||||||
|
+ ELFNOTE32("Linux", LINUX_ELFNOTE_BUILD_SALT, CONFIG_BUILD_SALT)
|
||||||
|
+
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
+#endif /* __BUILD_SALT_H */
|
||||||
|
--- a/init/Kconfig
|
||||||
|
+++ b/init/Kconfig
|
||||||
|
@@ -109,6 +109,15 @@ config LOCALVERSION_AUTO
|
||||||
|
|
||||||
|
which is done within the script "scripts/setlocalversion".)
|
||||||
|
|
||||||
|
+config BUILD_SALT
|
||||||
|
+ string "Build ID Salt"
|
||||||
|
+ default ""
|
||||||
|
+ help
|
||||||
|
+ The build ID is used to link binaries and their debug info. Setting
|
||||||
|
+ this option will use the value in the calculation of the build id.
|
||||||
|
+ This is mostly useful for distributions which want to ensure the
|
||||||
|
+ build is unique between builds. It's safe to leave the default.
|
||||||
|
+
|
||||||
|
config HAVE_KERNEL_GZIP
|
||||||
|
bool
|
||||||
|
|
||||||
|
--- a/init/version.c
|
||||||
|
+++ b/init/version.c
|
||||||
|
@@ -7,6 +7,7 @@
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <generated/compile.h>
|
||||||
|
+#include <linux/build-salt.h>
|
||||||
|
#include <linux/export.h>
|
||||||
|
#include <linux/uts.h>
|
||||||
|
#include <linux/utsname.h>
|
||||||
|
@@ -49,3 +50,5 @@ const char linux_proc_banner[] =
|
||||||
|
"%s version %s"
|
||||||
|
" (" LINUX_COMPILE_BY "@" LINUX_COMPILE_HOST ")"
|
||||||
|
" (" LINUX_COMPILER ") %s\n";
|
||||||
|
+
|
||||||
|
+BUILD_SALT;
|
||||||
|
--- a/scripts/mod/modpost.c
|
||||||
|
+++ b/scripts/mod/modpost.c
|
||||||
|
@@ -2137,10 +2137,13 @@ static int check_modname_len(struct modu
|
||||||
|
**/
|
||||||
|
static void add_header(struct buffer *b, struct module *mod)
|
||||||
|
{
|
||||||
|
+ buf_printf(b, "#include <linux/build-salt.h>\n");
|
||||||
|
buf_printf(b, "#include <linux/module.h>\n");
|
||||||
|
buf_printf(b, "#include <linux/vermagic.h>\n");
|
||||||
|
buf_printf(b, "#include <linux/compiler.h>\n");
|
||||||
|
buf_printf(b, "\n");
|
||||||
|
+ buf_printf(b, "BUILD_SALT;\n");
|
||||||
|
+ buf_printf(b, "\n");
|
||||||
|
buf_printf(b, "MODULE_INFO(vermagic, VERMAGIC_STRING);\n");
|
||||||
|
buf_printf(b, "MODULE_INFO(name, KBUILD_MODNAME);\n");
|
||||||
|
buf_printf(b, "\n");
|
|
@ -0,0 +1,29 @@
|
||||||
|
From: Laura Abbott <labbott@redhat.com>
|
||||||
|
Date: Thu, 5 Jul 2018 17:49:40 -0700
|
||||||
|
Subject: arm64: Add build salt to the vDSO
|
||||||
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git/commit?id=13351cdf75405e38c1b7bb927624d910d328be2b
|
||||||
|
Bug-Debian: https://bugs.debian.org/872263
|
||||||
|
|
||||||
|
The vDSO needs to have a unique build id in a similar manner
|
||||||
|
to the kernel and modules. Use the build salt macro.
|
||||||
|
|
||||||
|
Acked-by: Will Deacon <will.deacon@arm.com>
|
||||||
|
Signed-off-by: Laura Abbott <labbott@redhat.com>
|
||||||
|
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
|
||||||
|
---
|
||||||
|
arch/arm64/kernel/vdso/note.S | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
--- a/arch/arm64/kernel/vdso/note.S
|
||||||
|
+++ b/arch/arm64/kernel/vdso/note.S
|
||||||
|
@@ -22,7 +22,10 @@
|
||||||
|
#include <linux/uts.h>
|
||||||
|
#include <linux/version.h>
|
||||||
|
#include <linux/elfnote.h>
|
||||||
|
+#include <linux/build-salt.h>
|
||||||
|
|
||||||
|
ELFNOTE_START(Linux, 0, "a")
|
||||||
|
.long LINUX_VERSION_CODE
|
||||||
|
ELFNOTE_END
|
||||||
|
+
|
||||||
|
+BUILD_SALT
|
|
@ -0,0 +1,31 @@
|
||||||
|
From: Laura Abbott <labbott@redhat.com>
|
||||||
|
Date: Thu, 5 Jul 2018 17:49:39 -0700
|
||||||
|
Subject: powerpc: Add build salt to the vDSO
|
||||||
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git/commit?id=29f07b97416a95d28ee62e70fd91b44956d3c8ce
|
||||||
|
Bug-Debian: https://bugs.debian.org/872263
|
||||||
|
|
||||||
|
The vDSO needs to have a unique build id in a similar manner
|
||||||
|
to the kernel and modules. Use the build salt macro.
|
||||||
|
|
||||||
|
Signed-off-by: Laura Abbott <labbott@redhat.com>
|
||||||
|
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
|
||||||
|
---
|
||||||
|
arch/powerpc/kernel/vdso32/note.S | 3 +++
|
||||||
|
1 file changed, 3 insertions(+)
|
||||||
|
|
||||||
|
--- a/arch/powerpc/kernel/vdso32/note.S
|
||||||
|
+++ b/arch/powerpc/kernel/vdso32/note.S
|
||||||
|
@@ -5,6 +5,7 @@
|
||||||
|
|
||||||
|
#include <linux/uts.h>
|
||||||
|
#include <linux/version.h>
|
||||||
|
+#include <linux/build-salt.h>
|
||||||
|
|
||||||
|
#define ASM_ELF_NOTE_BEGIN(name, flags, vendor, type) \
|
||||||
|
.section name, flags; \
|
||||||
|
@@ -23,3 +24,5 @@
|
||||||
|
ASM_ELF_NOTE_BEGIN(".note.kernel-version", "a", UTS_SYSNAME, 0)
|
||||||
|
.long LINUX_VERSION_CODE
|
||||||
|
ASM_ELF_NOTE_END
|
||||||
|
+
|
||||||
|
+BUILD_SALT
|
|
@ -0,0 +1,52 @@
|
||||||
|
From: Laura Abbott <labbott@redhat.com>
|
||||||
|
Date: Thu, 5 Jul 2018 17:49:38 -0700
|
||||||
|
Subject: x86: Add build salt to the vDSO
|
||||||
|
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/masahiroy/linux-kbuild.git/commit?id=fdc3ae38182c7f983f4f8b97c86b753a3c16e269
|
||||||
|
Bug-Debian: https://bugs.debian.org/872263
|
||||||
|
|
||||||
|
The vDSO needs to have a unique build id in a similar manner
|
||||||
|
to the kernel and modules. Use the build salt macro.
|
||||||
|
|
||||||
|
Acked-by: Andy Lutomirski <luto@kernel.org>
|
||||||
|
Signed-off-by: Laura Abbott <labbott@redhat.com>
|
||||||
|
Signed-off-by: Masahiro Yamada <yamada.masahiro@socionext.com>
|
||||||
|
---
|
||||||
|
arch/x86/entry/vdso/vdso-note.S | 3 +++
|
||||||
|
arch/x86/entry/vdso/vdso32/note.S | 3 +++
|
||||||
|
2 files changed, 6 insertions(+)
|
||||||
|
|
||||||
|
--- a/arch/x86/entry/vdso/vdso-note.S
|
||||||
|
+++ b/arch/x86/entry/vdso/vdso-note.S
|
||||||
|
@@ -3,6 +3,7 @@
|
||||||
|
* Here we can supply some information useful to userland.
|
||||||
|
*/
|
||||||
|
|
||||||
|
+#include <linux/build-salt.h>
|
||||||
|
#include <linux/uts.h>
|
||||||
|
#include <linux/version.h>
|
||||||
|
#include <linux/elfnote.h>
|
||||||
|
@@ -10,3 +11,5 @@
|
||||||
|
ELFNOTE_START(Linux, 0, "a")
|
||||||
|
.long LINUX_VERSION_CODE
|
||||||
|
ELFNOTE_END
|
||||||
|
+
|
||||||
|
+BUILD_SALT
|
||||||
|
--- a/arch/x86/entry/vdso/vdso32/note.S
|
||||||
|
+++ b/arch/x86/entry/vdso/vdso32/note.S
|
||||||
|
@@ -4,6 +4,7 @@
|
||||||
|
* Here we can supply some information useful to userland.
|
||||||
|
*/
|
||||||
|
|
||||||
|
+#include <linux/build-salt.h>
|
||||||
|
#include <linux/version.h>
|
||||||
|
#include <linux/elfnote.h>
|
||||||
|
|
||||||
|
@@ -14,6 +15,8 @@ ELFNOTE_START(Linux, 0, "a")
|
||||||
|
.long LINUX_VERSION_CODE
|
||||||
|
ELFNOTE_END
|
||||||
|
|
||||||
|
+BUILD_SALT
|
||||||
|
+
|
||||||
|
#ifdef CONFIG_XEN
|
||||||
|
/*
|
||||||
|
* Add a special note telling glibc's dynamic linker a fake hardware
|
|
@ -96,6 +96,10 @@ bugfix/all/i40e-build-for-64-bit-targets-only.patch
|
||||||
bugfix/all/ib-fix-rdma_rxe-and-infiniband_rdmavt-dependencies-f.patch
|
bugfix/all/ib-fix-rdma_rxe-and-infiniband_rdmavt-dependencies-f.patch
|
||||||
|
|
||||||
# Miscellaneous features
|
# Miscellaneous features
|
||||||
|
features/all/kbuild-add-build-salt-to-the-kernel-and-modules.patch
|
||||||
|
features/x86/x86-add-build-salt-to-the-vdso.patch
|
||||||
|
features/powerpc/powerpc-add-build-salt-to-the-vdso.patch
|
||||||
|
features/arm64/arm64-add-build-salt-to-the-vdso.patch
|
||||||
|
|
||||||
# Lockdown (formerly 'securelevel') patchset
|
# Lockdown (formerly 'securelevel') patchset
|
||||||
features/all/lockdown/0001-Add-the-ability-to-lock-down-access-to-the-running-k.patch
|
features/all/lockdown/0001-Add-the-ability-to-lock-down-access-to-the-running-k.patch
|
||||||
|
|
|
@ -172,6 +172,8 @@ $(STAMPS_DIR)/setup_$(ARCH)_$(FEATURESET)_$(FLAVOUR): $(STAMPS_DIR)/source_$(FEA
|
||||||
rm -rf '$(DIR)'
|
rm -rf '$(DIR)'
|
||||||
mkdir '$(DIR)'
|
mkdir '$(DIR)'
|
||||||
cp '$(CONFIG)' '$(DIR)/.config'
|
cp '$(CONFIG)' '$(DIR)/.config'
|
||||||
|
# Add "salt" to fix #872263
|
||||||
|
echo 'CONFIG_BUILD_SALT="$(ABINAME)$(LOCALVERSION_IMAGE)"' >> '$(DIR)/.config'
|
||||||
echo 'override ARCH = $(KERNEL_ARCH)' >> '$(DIR)/.kernelvariables'
|
echo 'override ARCH = $(KERNEL_ARCH)' >> '$(DIR)/.kernelvariables'
|
||||||
echo 'override KERNELRELEASE = $(ABINAME)$(LOCALVERSION_IMAGE)' >> '$(DIR)/.kernelvariables'
|
echo 'override KERNELRELEASE = $(ABINAME)$(LOCALVERSION_IMAGE)' >> '$(DIR)/.kernelvariables'
|
||||||
echo 'CCACHE = ccache' >> '$(DIR)/.kernelvariables'
|
echo 'CCACHE = ccache' >> '$(DIR)/.kernelvariables'
|
||||||
|
@ -570,9 +572,10 @@ install-source: $(BUILD_DIR)/$(SOURCE_BASENAME)-source-$(UPSTREAMVERSION).tar.xz
|
||||||
dh_installdirs /usr/src/linux-config-$(UPSTREAMVERSION)
|
dh_installdirs /usr/src/linux-config-$(UPSTREAMVERSION)
|
||||||
dh_install $^ /usr/src
|
dh_install $^ /usr/src
|
||||||
# Include our kernel config files, but with the module signing
|
# Include our kernel config files, but with the module signing
|
||||||
# configuration fixed to work for custom kernels.
|
# configuration fixed to work for custom kernels. Also delete
|
||||||
|
# CONFIG_BUILD_SALT which makes no sense for custom kernels.
|
||||||
for triplet in $(ALL_TRIPLETS); do \
|
for triplet in $(ALL_TRIPLETS); do \
|
||||||
sed '/CONFIG_\(MODULE_SIG_\(ALL\|KEY\)\|SYSTEM_TRUSTED_KEYS\)[ =]/d' $(BUILD_DIR)/build_$$triplet/.config | xz -c >debian/$(PACKAGE_NAME)/usr/src/linux-config-$(UPSTREAMVERSION)/config.$$triplet.xz; \
|
sed '/CONFIG_\(MODULE_SIG_\(ALL\|KEY\)\|SYSTEM_TRUSTED_KEYS\|BUILD_SALT\)[ =]/d' $(BUILD_DIR)/build_$$triplet/.config | xz -c >debian/$(PACKAGE_NAME)/usr/src/linux-config-$(UPSTREAMVERSION)/config.$$triplet.xz; \
|
||||||
done
|
done
|
||||||
# We don't want to recompress, but -Znone is not compatible with older
|
# We don't want to recompress, but -Znone is not compatible with older
|
||||||
# tools and is currently rejected by dak. -Zgzip -z0 (uncompressed
|
# tools and is currently rejected by dak. -Zgzip -z0 (uncompressed
|
||||||
|
|
Loading…
Reference in New Issue