Skip to content
Snippets Groups Projects
Commit cf1c52ac authored by Detlev Casanova's avatar Detlev Casanova Committed by Ariel D'Alessandro
Browse files

Add scripts to update the upstream kernel


These scripts are separated in 2 parts:
 * Get the latest kernel and try to rebase the apertis kernel on it
 * Push the changes and create merge requests for the pristine-lfs and
   apertis/v.*-security branches

Signed-off-by: default avatarDetlev Casanova <detlev.casanova@collabora.com>
parent 70a70d66
No related branches found
No related tags found
3 merge requests!37Merge changes from apertis/v2022-updates into apertis/v2022,!32[v2022 <- v2023dev3] Merge v2023dev3 in v2022,!31Add a script to update the upstream kernel
......@@ -10,7 +10,9 @@ TOOLS = \
apertis-pkg-pull-updates \
apertis-switch-coreutils-rust \
import-debian-package \
apertis-abi-compare
apertis-abi-compare \
apertis-push-upstream-kernel \
apertis-rebase-upstream-kernel
all:
......
#!/bin/bash
# This script pushes the branch that has been rebased on the latest kernel that
# was generated by the apertis-rebase-upstream-kernel script.
# It also updates the pristine-lfs branch and pushes it to the remote.
# Finally, it creates merge requests for both branches.
# A rebased-update/upstream/${APERTIS_RELEASE}-security/${UPSTREAM_VERSION}-kernel-update
# branch must be checked out on the local linux git repository before running this script.
# Arguments
# $1: Path to apertis linux sources
set -xe
BUILD_DIR=$(mktemp -d)
PACKAGING_TOOLS_DIR=$(mktemp -d)
# Print script usage
print_usage() {
echo "Usage:"
echo " $0 <PATH_TO_LINUX_SOURCES>"
}
# After a rebase on the latest upstream kernel, some patches may have been
# dropped.
# This function removes them from the debian/patches/series file without
# removing the file's comments.
remove_dropped_patches() {
git restore debian/patches/series
git ls-files --deleted | while read deleted; do
git rm ${deleted}
patch=$(echo $deleted | sed 's%^debian/patches/%%')
sed -i "s%${patch}%%" debian/patches/series
done
}
# Update the patch list and release the new apertis version based on
# the lastest upstream kernel with updated metadata.
# args:
# $1: Apertis version to be released (e.g.: 5.15.42-0+apertis1)
# $2: Upstream kernel release (e.g.: 5.15)
make_release() {
local APERTIS_VERSION="$1"
local UPSTREAM_RELEASE="$2"
git add -f debian/patches
git commit -s -m "Update the debian patches for ${APERTIS_VERSION} update"
dch -D apertis "Sync to linux v${UPSTREAM_RELEASE} LTS release."
# Update the metadata. This script is supposed to fail
debian/apertis/update-metadata || true
# Add all modified files
git ls-files --modified | xargs git add -f
git commit -s -m "Release linux version ${APERTIS_VERSION}"
}
# Build the dsc file and update the pristine-lfs branch with it.
# args:
# $1: Apertis version to be released (e.g.: 5.15.42-0+apertis1)
# $2: Apertis release suite (e.g.: v2022)
update_pristine_lfs() {
local APERTIS_VERSION="$1"
local APERTIS_RELEASE="$2"
# Install build dependencies
apt update
DEBIAN_FRONTEND=noninteractive apt -y --no-install-recommends build-dep ./
# Build DSC file
gbp buildpackage \
--git-ignore-new \
--git-debian-branch=apertis/${APERTIS_RELEASE}-security \
--git-prebuild='debian/rules debian/control || true' \
--git-export-dir="${BUILD_DIR}" \
--no-sign -us -S
git clone \
https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.apertis.org/infrastructure/packaging-tools.git \
${PACKAGING_TOOLS_DIR}
# Update pristine-lfs branch
git fetch --depth=1 origin pristine-lfs
git branch pristine-lfs origin/pristine-lfs
${PACKAGING_TOOLS_DIR}/import-tarballs "${BUILD_DIR}/linux_${APERTIS_VERSION}.dsc"
}
# Push new local branch and create the merge request for the -security branches
# as well as the updated pristine branch.
# $1: Apertis release suite (e.g.: v2022)
# $2: Apertis version to be released (e.g.: 5.15.42-0+apertis1)
# $3: Upstream kernel version (e.g.: v5.15.42)
create_merge_requests() {
local APERTIS_RELEASE="$1"
local APERTIS_VERSION="$2"
local UPSTREAM_VERSION="$3"
local TARGET_BRANCH="apertis/${APERTIS_RELEASE}-security"
# Push the updated pristine branch and create merge request
git push \
-o "merge_request.create" \
-o "merge_request.remove_source_branch" \
-o "merge_request.assignee_id=${GITLAB_USER_ID}" \
-o "merge_request.target=pristine-lfs" \
-o "merge_request.title=\"Draft: [pristine] Update upstream kernel to ${UPSTREAM_VERSION}\"" \
${CI_AUTH_PROJECT_URL} \
pristine-lfs:updated/pristine-lfs/${UPSTREAM_VERSION}-kernel-update
# Push rebased branch and create merge request
git push \
-o "merge_request.create" \
-o "merge_request.remove_source_branch" \
-o "merge_request.assignee_id=${GITLAB_USER_ID}" \
-o "merge_request.target=${TARGET_BRANCH}" \
-o "merge_request.title=\"Draft: [apertis/v2022-security] Update upstream kernel to ${UPSTREAM_VERSION}\"" \
${CI_AUTH_PROJECT_URL} \
rebased-update/upstream/${APERTIS_RELEASE}-security/${UPSTREAM_VERSION}-kernel-update:proposed-updates/upstream/${APERTIS_RELEASE}-security/${UPSTREAM_VERSION}-kernel-update
# Push the new tag
git tag ${APERTIS_VERSION}
git push ${CI_AUTH_PROJECT_URL} ${APERTIS_VERSION}
}
cleanup() {
# Remove temporary folders
rm -fr "${PACKAGING_TOOLS_DIR}" "${BUILD_DIR}"
# Go back to the previous folder
popd
}
trap cleanup EXIT
if [ -z "$1" ]; then
echo "Path to apertis linux sources must be provided"
print_usage
exit 1
fi
LINUX_SOURCES="$1"
pushd ${LINUX_SOURCES}
APERTIS_RELEASE=$(git branch --show-current | sed 's#.*/upstream/\(v.*\)-security/.*#\1#')
if [ -z "${APERTIS_RELEASE}" ]; then
echo "Cannot get apertis release suite. Check that you are running this script on a rebased-update/upstream/v*-security/v*-kernel-update branch."
exit 1
fi
# Get upstream release (e.g. 5.15)
UPSTREAM_RELEASE=$(git branch --show-current | sed 's#.*/upstream/v.*-security/v\([0-9]\+\.[0-9]\+\)\.[0-9]\+-kernel-update$#\1#')
if ! echo ${UPSTREAM_RELEASE} | grep -q '^[0-9]\+\.[0-9]\+$'; then
echo "Cannot get upstream release. Check that you are running this script on a rebased-update/upstream/v*-security/v*-kernel-update branch."
exit 1
fi
UPSTREAM_VERSION=$(git branch --show-current | sed 's#.*/upstream/v.*-security/v\([0-9]\+\.[0-9]\+\.[0-9]\+\)-kernel-update$#\1#')
APERTIS_VERSION="${UPSTREAM_VERSION#v}-0+apertis1"
remove_dropped_patches
make_release \
${APERTIS_VERSION} \
${UPSTREAM_RELEASE}
update_pristine_lfs \
${APERTIS_VERSION} \
${APERTIS_RELEASE}
create_merge_requests \
${APERTIS_RELEASE} \
${APERTIS_VERSION} \
${UPSTREAM_VERSION}
#!/bin/bash
# This script is used to rebase the apertis kernel on the latest upstream kernel.
# See more information there:
# https://www.apertis.org/guides/buildingpatchingandmaintainingtheapertiskernel/#updating-the-kernel-from-an-upstream-stable-git-branch
#
# The apertis linux sources git local repository must have a apertis/v.*-security branch checked
# out (e.g.: apertis/v2022-security).
#
# Arguments
# $1: Path to apertis linux sources
set -xe
LINUX_STABLE_DIR=$(mktemp -d)
# Print script usage
print_usage() {
echo "Usage:"
echo " $0 <PATH_TO_LINUX_SOURCES>"
}
# Fetch the latest version of the upstream release branch
# args:
# $1: Upstream kernel release
fetch_upstream_remote() {
local UPSTREAM_RELEASE="$1"
git clone \
-b "linux-${UPSTREAM_RELEASE}.y" \
--depth=1 \
git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git \
${LINUX_STABLE_DIR}
}
# Push the branch so that it can be pulled from the remote to be manually rebased
# $1: Apertis release suite (e.g.: v2022)
# $2: Upstream kernel version (e.g.: v5.15.42)
push_rebase_failed() {
local APERTIS_RELEASE="$1"
local UPSTREAM_VERSION="$2"
git push \
${CI_AUTH_PROJECT_URL} \
apertis/${APERTIS_RELEASE}-security:failed-update/upstream/${APERTIS_RELEASE}-security/${UPSTREAM_VERSION}-kernel-update
echo "Could not rebase the patch queue on upstream/linux-${UPSTREAM_RELEASE}.y, a manual rebase is necessary:"
echo " git pull
git checkout apertis/v2022-security
gbp pq import
git branch -m patch-queue/failed-update/upstream/${APERTIS_RELEASE}-security/${UPSTREAM_VERSION}-kernel-update
git checkout failed-update/upstream/${APERTIS_RELEASE}-security/${UPSTREAM_VERSION}-kernel-update
gbp pq rebase
[fix issues]
gbp pq export
[check and remove unused patches in debian/patches/series]
git checkout -b rebased-update/upstream/${APERTIS_RELEASE}-security/${UPSTREAM_VERSION}-kernel-update
git push -u origin rebased-update/upstream/${APERTIS_RELEASE}-security/${UPSTREAM_VERSION}-kernel-update"
}
# Create a branch with the correct name for the apertis-push-upstream-kernel script to continue work
# $1: Apertis release suite (e.g.: v2022)
# $2: Upstream kernel version (e.g.: v5.15.42)
prepare_for_push() {
local APERTIS_RELEASE="$1"
local UPSTREAM_VERSION="$2"
git checkout -b rebased-update/upstream/${APERTIS_RELEASE}-security/${UPSTREAM_VERSION}-kernel-update
}
# Import the orig tarball and rebase patches on it
# args:
# $1: Apertis release version (e.g.: 5.15.42-0+apertis1)
# $2: Apertis release suite (e.g.: v2022)
# $3: Upstream kernel release (e.g.: 5.15)
# $4: Upstream kernel version (e.g.: v5.15.42)
import_orig_tarball() {
local APERTIS_VERSION="$1"
local APERTIS_RELEASE="$2"
local UPSTREAM_RELEASE="$3"
local UPSTREAM_VERSION="$4"
gbp pq import
gbp pq switch
dch -v "${APERTIS_VERSION}" ""
git add -f debian/changelog
git commit -s -m "Add changelog entry for update to ${APERTIS_VERSION}"
debian/bin/genorig.py ${LINUX_STABLE_DIR}
git fetch --depth=1 origin upstream/linux-${UPSTREAM_RELEASE}.y
git branch \
upstream/linux-${UPSTREAM_RELEASE}.y \
origin/upstream/linux-${UPSTREAM_RELEASE}.y
gbp import-orig \
-u ${UPSTREAM_VERSION#v} \
--upstream-branch=upstream/linux-${UPSTREAM_RELEASE}.y \
--debian-branch=apertis/${APERTIS_RELEASE}-security \
../orig/linux_${UPSTREAM_VERSION#v}.orig.tar.xz
if ! gbp pq rebase; then
# push the branch as is and warn the user about the rebase error and what to do from here.
push_rebase_failed ${APERTIS_RELEASE} ${UPSTREAM_VERSION}
exit 1
fi
gbp pq export
prepare_for_push ${APERTIS_RELEASE} ${UPSTREAM_VERSION}
}
cleanup() {
# Remove temporary folders
rm -fr "${LINUX_STABLE_DIR}"
# Go back to the previous folder
popd
}
trap cleanup EXIT
if [ -z "$1" ]; then
echo "Path to apertis linux sources must be provided"
print_usage
exit 1
fi
LINUX_SOURCES="$1"
pushd ${LINUX_SOURCES}
APERTIS_RELEASE=$(git branch --show-current | sed 's/apertis\/\(v.*\)-security$/\1/')
if [ -z "${APERTIS_RELEASE}" ]; then
echo "Cannot get apertis release suite. Check that you are running this pipeline on an apertis/v*-security branch."
exit 1
fi
# Get upstream release (e.g. 5.15)
UPSTREAM_RELEASE=$(git describe | sed 's#apertis/\([0-9]\+\.[0-9]\+\)\..*#\1#')
if ! echo ${UPSTREAM_RELEASE} | grep -q '^[0-9]\+\.[0-9]\+$'; then
echo "Cannot get upstream release. Check that you are running this pipeline on an apertis/v*-security branch."
exit 1
fi
fetch_upstream_remote "${UPSTREAM_RELEASE}"
UPSTREAM_VERSION=$(git -C ${LINUX_STABLE_DIR} describe linux-${UPSTREAM_RELEASE}.y)
APERTIS_VERSION="${UPSTREAM_VERSION#v}-0+apertis1"
import_orig_tarball \
${APERTIS_VERSION} \
${APERTIS_RELEASE} \
${UPSTREAM_RELEASE} \
${UPSTREAM_VERSION}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment