From patchwork Thu Feb 28 16:15:08 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
X-Patchwork-Id: 1049607
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 449JGS4dZxz9s47;
	Fri,  1 Mar 2019 03:41:18 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1gzOLE-0001BW-90; Thu, 28 Feb 2019 16:15:24 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <marcelo.cerri@canonical.com>)
	id 1gzOLC-0001An-Rb
	for kernel-team@lists.ubuntu.com; Thu, 28 Feb 2019 16:15:22 +0000
Received: from mail-qk1-f197.google.com ([209.85.222.197])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <marcelo.cerri@canonical.com>)
	id 1gzOLC-00009h-BS
	for kernel-team@lists.ubuntu.com; Thu, 28 Feb 2019 16:15:22 +0000
Received: by mail-qk1-f197.google.com with SMTP id y6so16437397qke.1
	for <kernel-team@lists.ubuntu.com>;
	Thu, 28 Feb 2019 08:15:22 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=ERt+5OzPJq0y2f3zxl8CQMj3dc37RzBiAz9ZgtEN/K8=;
	b=FxV/deNWi4hhufykhiMzGihHtZ8pOfi7nrQMBEKwv8JAgfS99hCUWrTtqgn3QRHp67
	wCEF/SFwU3y3D9YrJKEphg1UVeV4vce9jlgcKdBW7BOEj9hOtRB8/vw+eMyRDaLOLSA8
	vo68w6dfNH4Xzpwgk4x+0fTBIFafCMqekFy2HVWOLAFVhzYBbFVJJZrRYM7gGp01Ns5V
	BvaNqHcY/GnT+3lvVL553NMkQmYka3KsDzMFldSW6A1/99J5kS9eO7jBIxApGOsBds2E
	RiXnbjhT2AyPb37an0ykrdxWhtfgBgDbnGLTZ36WVwoI7ZX7xQw/bVpI15xpTxnNtnCK
	GZPQ==
X-Gm-Message-State: APjAAAXvYxn3n28agW+q8qdnyBfp6IGVCDcqrOhvxSxJ8eJEL4uDA0gV
	6nPh3enNHZq3RBjAbbMcr/yZcbvXqsp0hBthbtkkG81ByaRqo6vDosAw6es3cz/KP7wM1TVA0zd
	L77WPFr/A1XhbUNrB8hqivMIS9dkWinuk4OBlafMU
X-Received: by 2002:ac8:354c:: with SMTP id z12mr44893qtb.92.1551370520879;
	Thu, 28 Feb 2019 08:15:20 -0800 (PST)
X-Google-Smtp-Source: 
 APXvYqzC73Js7LTOCpQ98D+gLKhiMn9eem1TjIQsjjFMfI+q4VDwC4WUeuPcRjBqYsI40GGmCKGayw==
X-Received: by 2002:ac8:354c:: with SMTP id z12mr44873qtb.92.1551370520570;
	Thu, 28 Feb 2019 08:15:20 -0800 (PST)
Received: from gallifrey.lan ([2804:14c:4e3:4a76:8437:8a5d:504f:a207])
	by smtp.gmail.com with ESMTPSA id
	t38sm15783339qtc.12.2019.02.28.08.15.18
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 28 Feb 2019 08:15:19 -0800 (PST)
From: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [bionic/linux-gcp][PATCH 2/5] UBUNTU: [Packaging] config-check: Add
	an include directive
Date: Thu, 28 Feb 2019 13:15:08 -0300
Message-Id: <20190228161511.22659-3-marcelo.cerri@canonical.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20190228161511.22659-1-marcelo.cerri@canonical.com>
References: <20190228161511.22659-1-marcelo.cerri@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

BugLink: http://bugs.launchpad.net/bugs/1752072

Update the config-check script to support a new include directive, that can
be used to override annotations from another file. For instance, with
this change a custom kernel can include the annotation file from
"debian.master/" and override some of it policies.

The directive is only available when using the file format 3, that
extends format 2.

The new directive follows the systax:

	include FILEPATH

Quotes are also accepted:

	include "FILEPATH"

`FILENAME` is always relative to the current annotations file location.
So, assuming a custom kernel, the following directive will include the
annotations file from the generic kernel:

	include "../../debian.master/config/annotations"

To avoid mistakes, any reference to a config in the base annotations
file AFTER the include directive will completely override the references
from the included file.

For instance, the following:

    # FORMAT: 3
    include "../../debian.master/config/annotations"
    CONFIG_X note<some note>

Will cause any line related to CONFIG_X in the included annotations file
to be ignored.

The patch also includes smalls changes to avoid warning due to duplicate
variable declarations.

Signed-off-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
---
 debian/scripts/config-check | 80 +++++++++++++++++++++++++++----------
 1 file changed, 59 insertions(+), 21 deletions(-)

diff --git a/debian/scripts/config-check b/debian/scripts/config-check
index 224be080514a..843f5999006b 100755
--- a/debian/scripts/config-check
+++ b/debian/scripts/config-check
@@ -3,6 +3,8 @@
 # check-config -- check the current config for issues
 #
 use strict;
+use File::Basename;
+use File::Spec;
 
 my $P = 'check-config';
 
@@ -13,7 +15,7 @@ if ($ARGV[0] eq '--test') {
 	die "Usage: $P <config> <arch> <flavour> <commonconfig> <warn-only>\n";
 }
 
-my ($config, $arch, $flavour, $commonconfig, $warn_only) = @ARGV;
+my ($configfile, $arch, $flavour, $commonconfig, $warn_only) = @ARGV;
 
 my %values = ();
 
@@ -25,8 +27,8 @@ $fail_exit = 0 if ($warn_only eq 'true' || $warn_only eq '1');
 my $exit_val = 0;
 
 # Load up the current configuration values -- FATAL if this fails
-print "$P: $config: loading config\n";
-open(CONFIG, "<$config") || die "$P: $config: open failed -- $! -- aborting\n";
+print "$P: $configfile: loading config\n";
+open(CONFIG, "<$configfile") || die "$P: $configfile: open failed -- $! -- aborting\n";
 while (<CONFIG>) {
 	# Pull out values.
 	/^#*\s*(CONFIG_\w+)[\s=](.*)$/ or next;
@@ -38,38 +40,74 @@ while (<CONFIG>) {
 }
 close(CONFIG);
 
-# ANNOTATIONS: check any annotations marked for enforcement
-my $pass = 0;
-my $total = 0;
-my $annotations = "$commonconfig/annotations";
-my ($config, $value, $options, $option, $value, $check, $policy);
-print "$P: $annotations loading annotations\n";
-my %annot;
-my $form = 1;
-open(ANNOTATIONS, "<$annotations") || die "$P: $annotations: open failed -- $! -- aborting\n";
-while (<ANNOTATIONS>) {
+sub read_annotations {
+    my ($filename) = @_;
+    my %annot;
+    my $form = 1;
+    my ($config, $value, $options);
+
+    # Keep track of the configs that shouldn't be appended because
+    # they were include_annot from another annotations file.
+    # That's a hash of undefs, aka a set.
+    my %noappend;
+
+    print "$P: $filename loading annotations\n";
+    open(my $fd, "<$filename") ||
+	die "$P: $filename: open failed -- $! -- aborting\n";
+    while (<$fd>) {
 	if (/^# FORMAT: (\S+)/) {
-		die "$P: $1: unknown annotations format\n" if ($1 != 2);
-		$form = $1;
+	    die "$P: $1: unknown annotations format\n" if ($1 != 2 && $1 != 3);
+	    $form = $1;
+	}
+
+	# Format #3 adds the include directive on top of format #2:
+	if ($form == 3 && /^\s*include(\s|$)/) {
+	    # Include quoted or unquoted files:
+	    if (/^\s*include\s+"(.*)"\s*$/ || /^\s*include\s+(.*)$/) {
+		# The include is relative to the current file
+		my $include_filename = File::Spec->join(dirname($filename), $1);
+		# Append the include files
+		my %include_annot = read_annotations($include_filename);
+		%annot = ( %annot, %include_annot );
+		# And marked them to not be appended:
+		my %included_noappend;
+		# Discard the values and keep only the keys
+		@included_noappend{keys %include_annot} = ();
+		%noappend = ( %noappend, %included_noappend );
+		next;
+	    } else {
+		die "$P: Invalid include: $_";
+	    }
 	}
 
 	/^#/ && next;
 	chomp;
 	/^$/ && next;
-
 	/^CONFIG_/ || next;
 
 	if ($form == 1) {
-		($config, $value, $options) = split(' ', $_, 3);
-	} elsif ($form == 2) {
-		($config, $options) = split(' ', $_, 2);
+	    ($config, $value, $options) = split(' ', $_, 3);
+	} elsif ($form >= 2) {
+	    ($config, $options) = split(' ', $_, 2);
 	}
 
+	if (exists $noappend{$config}) {
+	    delete $annot{$config};
+	    delete $noappend{$config};
+	}
 	$annot{$config} = $annot{$config} . ' ' . $options;
+    }
+    close($fd);
+    return %annot;
 }
-close(ANNOTATIONS);
 
-my $config;
+# ANNOTATIONS: check any annotations marked for enforcement
+my $annotations = "$commonconfig/annotations";
+my %annot = read_annotations($annotations);
+
+my $pass = 0;
+my $total = 0;
+my ($config, $value, $options, $option, $check, $policy);
 for $config (keys %annot) {
 	$check = 0;
 	$options = $annot{$config};