diff mbox series

UBUNTU: [Packaging] download-signed -- fix downloader component and handle versions correctly

Message ID 20190201165703.GL4659@brain
State New
Headers show
Series UBUNTU: [Packaging] download-signed -- fix downloader component and handle versions correctly | expand

Commit Message

Andy Whitcroft Feb. 1, 2019, 4:57 p.m. UTC 
While testing some new signing packages I have found a couple of bugs
that need fixing across the board.  Firstly we are dropping out of the
version search after the first record unconditionally which means if the
kernel we are looking for is not the newest version it will fail.
Secondly (as we have noticed before) we can only build correctly for
kernels in main.  This is because the signing bits always drop into main
in dists regardless of where the source is; hard wire this.

This patch is applicable to any modern signed kernel using raw-signing
(rather than raw-efi) custom uploads, which does not already have this
patch.

Proposing for SRU to everywhere.

Signed-off-by: Andy Whitcroft <apw@canonical.com>
---
 download-signed | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

Comments

Seth Forshee Feb. 1, 2019, 8:50 p.m. UTC | #1 
On Fri, Feb 01, 2019 at 04:57:03PM +0000, Andy Whitcroft wrote:
> While testing some new signing packages I have found a couple of bugs
> that need fixing across the board.  Firstly we are dropping out of the
> version search after the first record unconditionally which means if the
> kernel we are looking for is not the newest version it will fail.
> Secondly (as we have noticed before) we can only build correctly for
> kernels in main.  This is because the signing bits always drop into main
> in dists regardless of where the source is; hard wire this.
> 
> This patch is applicable to any modern signed kernel using raw-signing
> (rather than raw-efi) custom uploads, which does not already have this
> patch.
> 
> Proposing for SRU to everywhere.
> 
> Signed-off-by: Andy Whitcroft <apw@canonical.com>

Acked-by: Seth Forshee <seth.forshee@canonical.com>

Applied to disco and unstable, thanks!
Kleber Sacilotto de Souza Feb. 4, 2019, 12:26 p.m. UTC | #2 
On 2/1/19 5:57 PM, Andy Whitcroft wrote:
> While testing some new signing packages I have found a couple of bugs
> that need fixing across the board.  Firstly we are dropping out of the
> version search after the first record unconditionally which means if the
> kernel we are looking for is not the newest version it will fail.
> Secondly (as we have noticed before) we can only build correctly for
> kernels in main.  This is because the signing bits always drop into main
> in dists regardless of where the source is; hard wire this.
>
> This patch is applicable to any modern signed kernel using raw-signing
> (rather than raw-efi) custom uploads, which does not already have this
> patch.
>
> Proposing for SRU to everywhere.
>
> Signed-off-by: Andy Whitcroft <apw@canonical.com>
> ---
>  download-signed | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/download-signed b/download-signed
> index 0e2e953..bed284e 100755
> --- a/download-signed
> +++ b/download-signed
> @@ -44,7 +44,7 @@ class SignedDownloader:
>          for version in cache[package_name].versions:
>              if version.version == self.package_version:
>                  self.package = version
> -            break
> +                break
>  
>          if not self.package:
>              raise KeyError("{0}: package version not found".format(self.package_name))
> @@ -52,7 +52,7 @@ class SignedDownloader:
>          origin = self.package.origins[0]
>          pool_parsed = urlparse(self.package.uri)
>          self.package_dir = "%s/%s/%s/%s-%s/%s/" % (
> -            origin.archive, origin.component, 'signed',
> +            origin.archive, 'main', 'signed',
>              self.src_package, self.package.architecture, self.package_version)
>  
>          # Prepare the master url stem and pull out any username/password.  If present

Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Kleber Sacilotto de Souza Feb. 4, 2019, 2:32 p.m. UTC | #3 
On 2/1/19 5:57 PM, Andy Whitcroft wrote:
> While testing some new signing packages I have found a couple of bugs
> that need fixing across the board.  Firstly we are dropping out of the
> version search after the first record unconditionally which means if the
> kernel we are looking for is not the newest version it will fail.
> Secondly (as we have noticed before) we can only build correctly for
> kernels in main.  This is because the signing bits always drop into main
> in dists regardless of where the source is; hard wire this.
>
> This patch is applicable to any modern signed kernel using raw-signing
> (rather than raw-efi) custom uploads, which does not already have this
> patch.
>
> Proposing for SRU to everywhere.
>
> Signed-off-by: Andy Whitcroft <apw@canonical.com>
> ---
>  download-signed | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/download-signed b/download-signed
> index 0e2e953..bed284e 100755
> --- a/download-signed
> +++ b/download-signed
> @@ -44,7 +44,7 @@ class SignedDownloader:
>          for version in cache[package_name].versions:
>              if version.version == self.package_version:
>                  self.package = version
> -            break
> +                break
>  
>          if not self.package:
>              raise KeyError("{0}: package version not found".format(self.package_name))
> @@ -52,7 +52,7 @@ class SignedDownloader:
>          origin = self.package.origins[0]
>          pool_parsed = urlparse(self.package.uri)
>          self.package_dir = "%s/%s/%s/%s-%s/%s/" % (
> -            origin.archive, origin.component, 'signed',
> +            origin.archive, 'main', 'signed',
>              self.src_package, self.package.architecture, self.package_version)
>  
>          # Prepare the master url stem and pull out any username/password.  If present

Applied to:
- trusty/linux-signed-azure/master
- xenial/linux-signed-oracle/master
- xenial/linux-signed/hwe-edge
- xenial/linux-signed/hwe
- xenial/linux-signed-gcp/master
- xenial/linux-signed-azure/azure-edge
- xenial/linux-signed-azure/master
- bionic/linux-signed-oracle/master
- bionic/linux-signed-gcp/gcp-edge
- bionic/linux-signed-gcp/master
- bionic/linux-signed-azure/azure-edge
- bionic/linux-signed-azure/master
- bionic/linux-signed-oem/oem
- bionic/linux-signed/hwe-edge
- bionic/linux-signed/hwe
- bionic/linux-signed/master
- cosmic/linux-signed-gcp/master
- cosmic/linux-signed-azure/master
- cosmic/linux-signed/master

Thanks,
Kleber
diff mbox series

Patch

diff --git a/download-signed b/download-signed
index 0e2e953..bed284e 100755
--- a/download-signed
+++ b/download-signed
@@ -44,7 +44,7 @@  class SignedDownloader:
         for version in cache[package_name].versions:
             if version.version == self.package_version:
                 self.package = version
-            break
+                break
 
         if not self.package:
             raise KeyError("{0}: package version not found".format(self.package_name))
@@ -52,7 +52,7 @@  class SignedDownloader:
         origin = self.package.origins[0]
         pool_parsed = urlparse(self.package.uri)
         self.package_dir = "%s/%s/%s/%s-%s/%s/" % (
-            origin.archive, origin.component, 'signed',
+            origin.archive, 'main', 'signed',
             self.src_package, self.package.architecture, self.package_version)
 
         # Prepare the master url stem and pull out any username/password.  If present