-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEErCspvTSmr92z9o8157/I7JWGEQkFAluhDZUACgkQ57/I7JWG
EQkLvQ//QqqAfJXjwZt3Iy+dcYieLqmhy4/KtjVvFP8EKSyfdeWl0awb3szbmMs5
cy2p5q17mafVZTx9MCppp4y1modMBZrMC6hmB9UAoU0j1GnKHNbtddzA3+uo1dmw
i2LudGseb8LSL5z6g95P4SozSNNeFPIOLSYxkGVnlG3sUdlhlRYCvYf9k8BKUEbx
sU0yDXQOhf0kBLsRXW8QfJEBHv5ivr9/Q+s9e71NUpVWaEOZwgfJacM/QWcY8+J4
2o0XlHtS9+r0Ik0RK5Zyt8eun1sH1cb4Lta9LZjvRLWpCqXNpPSus6V8qENngcyw
X9ZGWi3nMiR4OOuEMGMxbzXXzWreg9MNPyM5/kVfJKlsLi1xP7ufhnstR+j2/tTJ
guVLDw73B4RyOwH2p4Kh1Pk0hACagI9AeKfjSBTMMlv2rD6FDfuJlSgEYUIK/NLl
lsefkkKu2EZVdhIBEGDnu80+V2AuoTYXpEknvbnvlYZ1wLNXb73GIFptWu18dfOy
fZ4cEWDxuKd52nbsjKlQmaxlFGSfjmmWliorhrU84FZsRjvFARGWWPwnjk8fwcpD
+D0GASqx37iw1gQK8yNQER3dxHzVh1blIKhADgEWJXsaeHcfyDHziShX7FZ8n6G5
HQBaynaG0Qc9fWd8O6xmX6wsP/vGRFJchbWwa5Gd7L2cCmur1Vk=
=lopf
-----END PGP SIGNATURE-----
Merge tag 'debian/4.18.8-1'
Release linux (4.18.8-1).
- Drop ABI reference files and ABI maintenance patch
- Replace ccp driver patch with upstream version that applies to 4.19
The scripts in question are maintainer scripts in a source package
(that happens to be inside a binary package) and shouldn't be
executable until they are installed into a new binary package.
uscan now does the file removals, which makes the hook script
redundant. Not only that, but the orig tarball passed to the hook is
no longer a symlink to the upstream filename, so genorig.py doesn't
recognise the filename and fails.
Fixes lintian warning patch-file-present-but-not-mentioned-in-series.
Also preparation for using dgit, which will remove everything except
the main patch series under debian/patches.
Rename them to genpatch-{aufs,lockdown,rt}
Fixes lintian warning patch-file-present-but-not-mentioned-in-series.
Also preparation for using dgit, which will remove everything except
the main patch series under debian/patches.
Merge the configuration and default-configuration directories,
using per-architecture overrides in package-list.
This requires a newer version of kernel-wedge to support
Depends_<arch> properly.
The only immediate change to debian/control is to remove the
different description for nic-modules on sparc64.
I thought I had tested my previous changes, but evidently not.
- Fix syntax error in assertion
- Add digest algorithm argument to get_cert_fingerprint() call
I converted the main patch series to quilt format in 3.2.20-1, but
this patch system was still used by genorig.py. One useful
feature that was not available elsewhere was using patch + unifdef
to exclude only part of a source file. However no source files
have needed this since 3.16-rc4 and I don't expect this to ever
be needed again.
The preceding changes moved the file removal/exclusion list into
debian/copyright and the disabling of broken features into the
main patch series, so the private patch system isn't doing
anything.
So we can now remove it completely.
In Linux 4.18, various compiler version and feature tests are invoked
via kconfig rather than via kbuild. This means that we generally
cannot generate kconfig files for foreign architectures.
Move the config files to a new linux-config-<version> package which is
arch-dependent (and also M-A: same).
Make linux-config-<version> and linux-source-<version> recommend each
other.
Add a new "pkg.linux.nosource" to let users disable building the
linux-source-* package, and allow to set "source: false" to modify
the default behaviour when no rofile is used.
When doing development builds this can save up to 15 minutes of build
time, especially on IO-strapped build workers.
We don't want to include "-4.9" in them twice. Add a "source_basename"
template variable that excludes any version suffix in the source package
name.
(cherry picked from commit f3c51efdd6e9d0ce32ee5a0f998fdcda930a715c)
For master, nothing is immediately broken without this. Also we have
no longer build a linux-manual package. Change the changelog text
accordingly.
We already had support for disabling the tools build, used by
src:linux-grsec. However in this case, where we're using a different
based version to src:linux, we do still need to build the versioned
tools packages (linux-kbuild-4.9 and linux-perf-4.9). Split the
control template, config setting and rules accordingly.
(cherry picked from commit cb62c945f27ddee476631fa85c6aa67e50ed3bee)
The obvious way to do this is to edit the PATH in .kernelvariables.
But this obvious way doesn't work due to a bug in make (#895835).
(cherry picked from commit 4c6213fbbbff44710dda2091a7b26e0f0ea0a610)
dpkg-source strictly enforces that 3.0 (native) packages do not have
Debian revisions in their version strings, i.e. they cannot include
hyphens.
Replace the hyphen from the image binary version with a '+'.
Override this version back to what we want when building the signed
binary packages.
debhelper no longer fully trusts the package list specified with -p,
but only processes packages that are listed in debian/control and
enabled in the current build profile. This breaks the test build of
udebs that we build for real after code signing.
Work around this by adding the udebs to the control file, conditional
on a new build profile (pkg.linux.udeb-unsigned-test-build). Override
the build profile during the test build.
I just made this change for firmware-nonfree, for which I wrote:
We open some, but not all, files with an explicit UTF-8 encoding. One
of the open calls that I missed has just caused gencontrol.py to fail
instead a pbuilder environment. Instead of continuing to set an
explicit encoding for each open call, use locale.setlocale to set it
globally.
I haven't hit such a problem here, but let's do it anyway.
Keep using explicit encodings in debian/lib for now, since we can't
assume all calling programs will set the locale.
Currently '*' and '**' match at least one character. Change them to
match zero or more characters, as in shell patterns.
'*' matches anything but '!', but that has no special meaning in
symbol names or module filenames. Change it to match anything but
'/', as in shell patterns.
dak currently allows a binary upload to include debug symbol packages
that don't appear in the overrides file or the Binary field of the
changes file, so long as they have the appropriate
'Auto-Built-Package' field and their name matches another binary
package in the upload plus the '-dbgsym' suffix.
For architectures with code signing enabled, our binary uploads never
match this condition as the corresponding binary package has the
'-unsigned' suffix and the debug symbols package does not. Since we
do list the debug symbol packages in the Binary field, they do get
added to the overrides file when accepted through the NEW queue, but
they are automatically pruned from there some time later. Later
uploads then have to go through NEW even though they are not
introducing new binary packages. This would be a big problem for
stable security updates.
For now, move debug symbols back to the main archive with the old
'-dbg' suffix. Keep them enabled for all architectures.
This reverts commit 99d37f9b16, which
caused most binary uploads to be rejected. dak's allows upload of
debug symbol packages not listed in the Binary field only if there is
a corresponding binary package without the -dbgsym suffix, which is
not the case on architectures where we use a -unsigned suffix.
Any packages listed in debian/control that are not installed in the
main archive will always be seen as NEW. This might be fixable by
archive configuration changes, but for now we'll generate them in a
similar way to debhelper.
- incoming.debian.org now uses pool layout
- deb.debian.org is a better default than ftp.de.debian.org
- ftp.debian-ports.org redirects to ftp.ports.debian.org, so use the
latter directly
Ben Hutchings
Bastian Blank
Luca Boccassi
Roger Shimizu