Message ID | 20190201165703.GL4659@brain |
---|---|
State | New |
Headers | show |
Series | UBUNTU: [Packaging] download-signed -- fix downloader component and handle versions correctly | expand |
On Fri, Feb 01, 2019 at 04:57:03PM +0000, Andy Whitcroft wrote: > While testing some new signing packages I have found a couple of bugs > that need fixing across the board. Firstly we are dropping out of the > version search after the first record unconditionally which means if the > kernel we are looking for is not the newest version it will fail. > Secondly (as we have noticed before) we can only build correctly for > kernels in main. This is because the signing bits always drop into main > in dists regardless of where the source is; hard wire this. > > This patch is applicable to any modern signed kernel using raw-signing > (rather than raw-efi) custom uploads, which does not already have this > patch. > > Proposing for SRU to everywhere. > > Signed-off-by: Andy Whitcroft <apw@canonical.com> Acked-by: Seth Forshee <seth.forshee@canonical.com> Applied to disco and unstable, thanks!
On 2/1/19 5:57 PM, Andy Whitcroft wrote: > While testing some new signing packages I have found a couple of bugs > that need fixing across the board. Firstly we are dropping out of the > version search after the first record unconditionally which means if the > kernel we are looking for is not the newest version it will fail. > Secondly (as we have noticed before) we can only build correctly for > kernels in main. This is because the signing bits always drop into main > in dists regardless of where the source is; hard wire this. > > This patch is applicable to any modern signed kernel using raw-signing > (rather than raw-efi) custom uploads, which does not already have this > patch. > > Proposing for SRU to everywhere. > > Signed-off-by: Andy Whitcroft <apw@canonical.com> > --- > download-signed | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/download-signed b/download-signed > index 0e2e953..bed284e 100755 > --- a/download-signed > +++ b/download-signed > @@ -44,7 +44,7 @@ class SignedDownloader: > for version in cache[package_name].versions: > if version.version == self.package_version: > self.package = version > - break > + break > > if not self.package: > raise KeyError("{0}: package version not found".format(self.package_name)) > @@ -52,7 +52,7 @@ class SignedDownloader: > origin = self.package.origins[0] > pool_parsed = urlparse(self.package.uri) > self.package_dir = "%s/%s/%s/%s-%s/%s/" % ( > - origin.archive, origin.component, 'signed', > + origin.archive, 'main', 'signed', > self.src_package, self.package.architecture, self.package_version) > > # Prepare the master url stem and pull out any username/password. If present Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
On 2/1/19 5:57 PM, Andy Whitcroft wrote: > While testing some new signing packages I have found a couple of bugs > that need fixing across the board. Firstly we are dropping out of the > version search after the first record unconditionally which means if the > kernel we are looking for is not the newest version it will fail. > Secondly (as we have noticed before) we can only build correctly for > kernels in main. This is because the signing bits always drop into main > in dists regardless of where the source is; hard wire this. > > This patch is applicable to any modern signed kernel using raw-signing > (rather than raw-efi) custom uploads, which does not already have this > patch. > > Proposing for SRU to everywhere. > > Signed-off-by: Andy Whitcroft <apw@canonical.com> > --- > download-signed | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/download-signed b/download-signed > index 0e2e953..bed284e 100755 > --- a/download-signed > +++ b/download-signed > @@ -44,7 +44,7 @@ class SignedDownloader: > for version in cache[package_name].versions: > if version.version == self.package_version: > self.package = version > - break > + break > > if not self.package: > raise KeyError("{0}: package version not found".format(self.package_name)) > @@ -52,7 +52,7 @@ class SignedDownloader: > origin = self.package.origins[0] > pool_parsed = urlparse(self.package.uri) > self.package_dir = "%s/%s/%s/%s-%s/%s/" % ( > - origin.archive, origin.component, 'signed', > + origin.archive, 'main', 'signed', > self.src_package, self.package.architecture, self.package_version) > > # Prepare the master url stem and pull out any username/password. If present Applied to: - trusty/linux-signed-azure/master - xenial/linux-signed-oracle/master - xenial/linux-signed/hwe-edge - xenial/linux-signed/hwe - xenial/linux-signed-gcp/master - xenial/linux-signed-azure/azure-edge - xenial/linux-signed-azure/master - bionic/linux-signed-oracle/master - bionic/linux-signed-gcp/gcp-edge - bionic/linux-signed-gcp/master - bionic/linux-signed-azure/azure-edge - bionic/linux-signed-azure/master - bionic/linux-signed-oem/oem - bionic/linux-signed/hwe-edge - bionic/linux-signed/hwe - bionic/linux-signed/master - cosmic/linux-signed-gcp/master - cosmic/linux-signed-azure/master - cosmic/linux-signed/master Thanks, Kleber
diff --git a/download-signed b/download-signed index 0e2e953..bed284e 100755 --- a/download-signed +++ b/download-signed @@ -44,7 +44,7 @@ class SignedDownloader: for version in cache[package_name].versions: if version.version == self.package_version: self.package = version - break + break if not self.package: raise KeyError("{0}: package version not found".format(self.package_name)) @@ -52,7 +52,7 @@ class SignedDownloader: origin = self.package.origins[0] pool_parsed = urlparse(self.package.uri) self.package_dir = "%s/%s/%s/%s-%s/%s/" % ( - origin.archive, origin.component, 'signed', + origin.archive, 'main', 'signed', self.src_package, self.package.architecture, self.package_version) # Prepare the master url stem and pull out any username/password. If present
While testing some new signing packages I have found a couple of bugs that need fixing across the board. Firstly we are dropping out of the version search after the first record unconditionally which means if the kernel we are looking for is not the newest version it will fail. Secondly (as we have noticed before) we can only build correctly for kernels in main. This is because the signing bits always drop into main in dists regardless of where the source is; hard wire this. This patch is applicable to any modern signed kernel using raw-signing (rather than raw-efi) custom uploads, which does not already have this patch. Proposing for SRU to everywhere. Signed-off-by: Andy Whitcroft <apw@canonical.com> --- download-signed | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)