From b4b1be4c52c99ec13be1f9e72e90da671f5deb7e Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 16 Apr 2017 18:33:50 +0100 Subject: [PATCH] Move debug symbols back to the main archive dak currently allows a binary upload to include debug symbol packages that don't appear in the overrides file or the Binary field of the changes file, so long as they have the appropriate 'Auto-Built-Package' field and their name matches another binary package in the upload plus the '-dbgsym' suffix. For architectures with code signing enabled, our binary uploads never match this condition as the corresponding binary package has the '-unsigned' suffix and the debug symbols package does not. Since we do list the debug symbol packages in the Binary field, they do get added to the overrides file when accepted through the NEW queue, but they are automatically pruned from there some time later. Later uploads then have to go through NEW even though they are not introducing new binary packages. This would be a big problem for stable security updates. For now, move debug symbols back to the main archive with the old '-dbg' suffix. Keep them enabled for all architectures. --- debian/bin/gencontrol.py | 2 +- debian/changelog | 2 ++ debian/rules.real | 4 ++-- debian/templates/control.image-dbg.in | 4 +++- debian/templates/image-dbg.lintian-override.in | 2 +- 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/debian/bin/gencontrol.py b/debian/bin/gencontrol.py index 1eeda4587..5302e5672 100755 --- a/debian/bin/gencontrol.py +++ b/debian/bin/gencontrol.py @@ -499,7 +499,7 @@ class Gencontrol(Base): 'debian/%s.%s' % (image_main['Package'], name)) if build_debug: self._substitute_file('image-dbg.lintian-override', vars, - 'debian/linux-image-%s%s-dbgsym.lintian-overrides' % + 'debian/linux-image-%s%s-dbg.lintian-overrides' % (vars['abiname'], vars['localversion'])) def process_changelog(self): diff --git a/debian/changelog b/debian/changelog index adcecfaf6..d539700d3 100644 --- a/debian/changelog +++ b/debian/changelog @@ -19,6 +19,8 @@ linux (4.9.18-2) UNRELEASED; urgency=medium * [mips*/octeon] Set NR_CPUS=64 to allow for Cavium CN7890 * [arm64] Set NR_CPUS=256 to allow for multi-SoC systems * [powerpc/powerpc-smp,powerpcspe] Explicitly set NR_CPUS=4 + * Move debug symbols back to the main archive, to avoid problems with the + current handling in dak [ Salvatore Bonaccorso ] * ping: implement proper locking (CVE-2017-2671) diff --git a/debian/rules.real b/debian/rules.real index 21c75b7e3..37da264d0 100644 --- a/debian/rules.real +++ b/debian/rules.real @@ -453,7 +453,7 @@ install-image_$(ARCH)_$(FEATURESET)_$(FLAVOUR)_bug: printf "RELEASE='$(REAL_VERSION)'\nDISTRIBUTOR='$(DISTRIBUTOR)'\nSOURCEVERSION='$(SOURCEVERSION)'\nPACKAGE_NAME='$(PACKAGE_NAME)'\nPACKAGE_VERSION='$(SOURCEVERSION)'" > $(PACKAGE_DIR)/usr/share/bug/$(PACKAGE_NAME)/info install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): REAL_VERSION = $(ABINAME)$(LOCALVERSION) -install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): PACKAGE_NAME = linux-image-$(REAL_VERSION)-dbgsym +install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): PACKAGE_NAME = linux-image-$(REAL_VERSION)-dbg install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): PACKAGE_DIR = debian/$(PACKAGE_NAME) install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): DEBUG_DIR = $(PACKAGE_DIR)/usr/lib/debug install-image-dbg_$(ARCH)_$(FEATURESET)_$(FLAVOUR): DIR = $(BUILD_DIR)/build_$(ARCH)_$(FEATURESET)_$(FLAVOUR) @@ -485,7 +485,7 @@ endif ln -s boot/vmlinux-$(REAL_VERSION) $(DEBUG_DIR)/ mkdir -p $(DEBUG_DIR)/lib/modules/$(REAL_VERSION) ln -s ../../../boot/vmlinux-$(REAL_VERSION) $(DEBUG_DIR)/lib/modules/$(REAL_VERSION)/vmlinux - +$(MAKE_SELF) install-base GENCONTROL_ARGS='-DAuto-Built-Package=debug-symbols' + +$(MAKE_SELF) install-base install-udeb_$(ARCH): export KW_DEFCONFIG_DIR=debian/installer install-udeb_$(ARCH): export KW_CONFIG_DIR=debian/installer/$(ARCH) diff --git a/debian/templates/control.image-dbg.in b/debian/templates/control.image-dbg.in index c3c8d636a..7963f2094 100644 --- a/debian/templates/control.image-dbg.in +++ b/debian/templates/control.image-dbg.in @@ -1,6 +1,8 @@ -Package: linux-image-@abiname@@localversion@-dbgsym +Package: linux-image-@abiname@@localversion@-dbg Build-Profiles: Depends: ${misc:Depends} Section: debug Priority: extra Description: Debug symbols for linux-image-@abiname@@localversion@ + This package provides the detached debug symbols for the Linux kernel + and modules in linux-image-@abiname@@localversion@. diff --git a/debian/templates/image-dbg.lintian-override.in b/debian/templates/image-dbg.lintian-override.in index 26c857a6a..3e1849d74 100644 --- a/debian/templates/image-dbg.lintian-override.in +++ b/debian/templates/image-dbg.lintian-override.in @@ -1,2 +1,2 @@ # Kernel dbg packages contain a full image with debug data -linux-image-@abiname@@localversion@-dbgsym: dbg-package-missing-depends +linux-image-@abiname@@localversion@-dbg: dbg-package-missing-depends