[UNSTABLE][PATCH 2/2] UBUNTU: [Packaging] add uscan watch file with GPG verification
Dimitri John Ledkov
dimitri.ledkov at canonical.com
Wed Feb 14 02:48:47 UTC 2024
On Wed, 14 Feb 2024, 02:35 Masahiro Yamada, <masahiro.yamada at canonical.com>
wrote:
> On Wed, Feb 7, 2024 at 11:02 AM Dimitri John Ledkov
> <dimitri.ledkov at canonical.com> wrote:
> >
> > Reuse upstream released original kernel tarballs and verify GPG
> > signature of them against the local copy of greg's key.
> >
> > This should make `uscan --download-current-version` work against
> > released kernels, in a reproducible manner. This should also enforce
> > that all our released kernels reuse the kernel.org published orig
> > tarball.
> >
> > One caveat is that tripple integer version number is preserved (as in
> > 6.7.0) whereas on kernel.org the tarballs are actually published as
> > two integers only (as in 6.7). Although I seem to recall everything in
> > the world breaks when one changes kernel version to not be three
> > numbers long.
>
>
>
> Presumably, this is related, but I do not understand
> why I can download 6.7.0, but not 6.7.1 ?
>
Although we don't use the .n releases, the mangling of versions can be
fixed up to work correctly for point tarballs too. Because yes that would
be very convenient.
Also I wonder if in the future we could fetch the point release diff, apply
that, then generate our delta patch. Because that would show the real deal.
And preserve using the same orig tarball without exploding mirror storage.
>
> masahiro at zoe:~/canonical/noble/linux$ uscan --download-version 6.7.0
> Newest version of linux-unstable on remote site is 6.7.0, specified
> download version is 6.7.0
> gpgv: Signature made Mon 08 Jan 2024 02:47:49 PM JST
> gpgv: using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
> gpgv: Good signature from "Greg Kroah-Hartman <gregkh at linuxfoundation.org
> >"
> gpgv: aka "Greg Kroah-Hartman <gregkh at kernel.org>"
> gpgv: aka "Greg Kroah-Hartman (Linux kernel stable
> release signing key) <greg at kroah.com>"
> Leaving ../linux-unstable_6.7.0.orig.tar.xz where it is.
>
> masahiro at zoe:~/canonical/noble/linux$ uscan --download-version 6.7.1
> uscan warn: In debian/watch no matching hrefs for version 6.7.1 in watch
> line
> https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-(?:[-_]?v?(\d[\-+\.
> <https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-(?:[-_]?v?(%5Cd[%5C-+%5C.>
> :\~\da-zA-Z]*))(?i)(?:\.(?:tar\.xz|tar\.bz2|tar\.gz|tar\.zstd?|zip|tgz|tbz|txz))
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> > Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>
> > ---
> > debian/upstream/signing-key.asc | 78 +++++++++++++++++++++++++++++++++
> > debian/watch | 3 ++
> > 2 files changed, 81 insertions(+)
> > create mode 100644 debian/upstream/signing-key.asc
> > create mode 100644 debian/watch
> >
> > diff --git a/debian/upstream/signing-key.asc
> b/debian/upstream/signing-key.asc
> > new file mode 100644
> > index 0000000000..5e3addc4ac
> > --- /dev/null
> > +++ b/debian/upstream/signing-key.asc
> > @@ -0,0 +1,78 @@
> > +-----BEGIN PGP PUBLIC KEY BLOCK-----
> > +
> > +mQINBE58tdUBEADY5iQsoL4k8l06dNt+uP2lH8IPi14M51/tOHsW1ZNc8Iok0stH
> > ++uA8w0LpN97UgNhsvXFEkIK2JjLalasUTiUoIeeTshD9t+ekFBx5a9SbLCFlBrDS
> > +TwfieK2xalzomoL22N5ztj1XbdLWh6NRM6kKMeYvgAGo8p884WJk4pPIJK6G0wEw
> > +e9/TG6ilRSLOtxyaF9yZ+FC1eOA1S47Ld2K25Y5GsQF5agwi7nES+9tVVBZp97kB
> > +8IOvELeiSiY0xFXi60yfwIlK6x9dfcxsx5nCyrp2qdqQiPiMD0EJMiuA6wymoi5W
> > +XtmfCpweTB8TvW8Y8uqrwYApzmDleBDTIDP0vCY1o9eftJcWWMkRKC9c7Ziy4nT6
> > +TzmVkNXgqC8/BuOQbpU7I/1VCMoa6e+2a8jrgy5to4dGgu6xQ6jTxWbvgDeB6Hct
> > +WGqf8f9s5lSpH8D8OZLDOXKolqnBd5YrJr0Qmpq4cCcIqwNCMbURtsTpbW/EdWl+
> > +AKwnStXXLI5O6Hg+m4c3O8ZwbzcnAOgTJePm2Xoi71t9SbAZZx1/W7p6/57UGrXR
> > +Q4WfiwpOPD0siF33yO2L7G7Gmm4zh8ieX8aS8guqfWFhuSsDta77F2FB9ozD9WN0
> > +Z5tJowiy3Z1VkxvZjZH8IbcB05yBBBV47BJxrPnSuDT+w45yNTqZ6m4VYwARAQAB
> > +tC9HcmVnIEtyb2FoLUhhcnRtYW4gPGdyZWdraEBsaW51eGZvdW5kYXRpb24ub3Jn
> > +PokCTgQTAQgAOBYhBGR/KGVIlOO9RXGZvjjbvchgkmk+BQJaHvQRAhsDBQsJCAcC
> > +BhUICQoLAgQWAgMBAh4BAheAAAoJEDjbvchgkmk+3/8P+gJ85fYDzXoy47y90FFi
> > +PJqqtkZhf/VPMP5YOJzxCnGVh0CUwC2fGFV6SIU5V78Ede+gArocYq+LpTV4nJz5
> > +SJZZxNBzuEW8t42juF6GZ9uB5SNlqYHUjWbM0bLpl1gut3pe9yJ7mQ2DaZUMYlav
> > +D7sOAiKw/5pCyFLvY9a6ZJmp8QmPUU8Fb9kbbudxfjxgDrAwuVlnGU/I8YIZOHhX
> > +s1hjBNagZCWcxawktDLPylifNOL5UtNuoLJRjsUVatAEjp+g1Xq2A8/t/mfi5K1p
> > +juQaEr5fVzqhkPqt7UQbT1QuZghStYJ5QRunaYT1trvBXmrXKzebBKk85+nlh58g
> > +fRNTyEt2eflNkU1XpFtNcCWo6rke/PZjtHb1CivHD/GhyogeGBfRAMRfmfNDZRZw
> > +e5V+EBNI+RUexscvhVyTp0XhxgXdGy9KpSpWbuwGaQ+q9mVLrYRlNn1k3dnYaWxD
> > +nk0x7xGCE59dd6vpckcD6t/SXujRwT4b0Ypw1jy3Ve3h8OTB5sP5SBpCA33DoQs9
> > +ONbgtL3nX3XST7frXxBkfCD7D58gGCvFvZYAEd1MDGj3250UnBHUPGeVp7/+t/wH
> > +MJ/E3rvb45RGYadd736i0vnJStPIae4M/bVG5qddRjU6mcpir5qYHAIrDz6QwWWF
> > +2BvR7vqYKa36TGX7TORxuyfotCZHcmVnIEtyb2FoLUhhcnRtYW4gPGdyZWdraEBr
> > +ZXJuZWwub3JnPokCTgQTAQgAOBYhBGR/KGVIlOO9RXGZvjjbvchgkmk+BQJaHvNA
> > +AhsDBQsJCAcCBhUICQoLAgQWAgMBAh4BAheAAAoJEDjbvchgkmk+TLEQAJ1Ux/6n
> > +//f2jEVBdWb13qYFBBxKJMNeTU9yPMedQAAhrt68IU1Bt8+/nmZLm1iXWOvPQ019
> > +21i3HBxANnbTqEYYYWnQJJyROiyTuwY7HWlguQXlkxLa1mahVuFee6DHO+O8IGU8
> > +IM+PHdEL08e629sIluu3WGmNXXJ307j47UBu3QFA67YQ7YBmChl7AHBcSpKSplgN
> > +82tbAYtrm5ywYHM5uMFhmbw/DJpzLdFsnzRT9E7PKhH+q1MyPojGT4Oytj3D1QZr
> > +hp8yZ+Zp8TQnleXeBczLfpQPduzurqVomZpWwIZLHCgBJRWmz7/M0kTDIndQle9L
> > +VcJtJqasrRmgL3NsKrYYBw+jHnBe2hp8aq6W3DVaUmkSdshran9ZCaLCpxt62NAg
> > +UkI/eg1sSljo1aeXmF33ymYIpxavW5CGUYKlqYRLUT7en6t/mFiYCwPD22KOdLSf
> > +svVG+pr4UNsfSZdIF+W9/FLW7HJVZGMIldsrGFv4lOtqiXdbRafMtylYw/mU+xhu
> > +9+NslRRrbi1TlWS/BH7ULYu9zKahApf1DFRcrx0PyvtlFleoDZa88uIbmcUO8GzZ
> > +XEhejTv9vNnbmjgvYsRywFcJPkJ/TObfasvvSU9GZn6aU36Y7GYSUGjD1anLiUpr
> > +0FKkruymqBdXHaXGJ44GZ8Hhd5ZMTavwEX7BtE1HcmVnIEtyb2FoLUhhcnRtYW4g
> > +KExpbnV4IGtlcm5lbCBzdGFibGUgcmVsZWFzZSBzaWduaW5nIGtleSkgPGdyZWdA
> > +a3JvYWguY29tPokCOAQTAQIAIgUCTny11QIbAwYLCQgHAwIGFQgCCQoLBBYCAwEC
> > +HgECF4AACgkQONu9yGCSaT5fXBAAx2NfTb1IZ59eV3PKtqNG0qwQdq/62oSqNKlv
> > +lp/JzkeynjeJ7ic1IOs/CTTv2+xoPkLNcNhOPz7uem/4aa/my9A0AEp5UsF6Lvdo
> > +/Hy7Jxc++0EgW//TyvWcU9qd5qS/85VZf8I5pL9TZtHVwfIfLME+G8hkQx0+CWRJ
> > +loLFG48lwi8khp+TsCRYv1tQei7G22xAY5s+53TssaC1MXyQT7aJBGhwnbspY2Ia
> > +RMzsrX0msZn+Fn5WlxxMDxUmUACFMyKGJ+1F6VY01nWolT3G1udOnpee66qXHJo6
> > +XnzkNhzeH8Vf3sMe0sXx8YkN682g1NFaa+el0SDcXZvB91pFkWnQaQSfac5gI4Ki
> > +ShxAqePAH6Og+a/fhs5XdyYw0SN50O+yaSnqEDl7JkByXVKJiVVihDuEe5JZXkoI
> > +O/eTN6uceF89ZQiO/dFn0Kcqc4vL7uuI6FDMRZK7mY7bjFxFW1VjspcxhT1NdR7S
> > +FNrK8Glzd5FS67oTwSNB3CzkJ3ON/kOJ8JSxFEt1ZTc2ZpQujrFyTtbksWm3Yy63
> > +kbpwxRoR6xgaGwtx0SdkkWDCcA+2GZymCjk5FFQkAhoEk0tu/n5fvHS7TTZui9a2
> > +HMsyqmgTJzeU0eQJDgmb/ahzW0VgjHtABaJr40Q83M9upkZdHFXSZb7UHFYkAdH1
> > +OxdvSFW5Ag0ETny11QEQALIiIb/niWy6M6GfBMt/2EBWpLuE+FYVeUQGpGhXD2rU
> > +hOo9UpoxBD/Y5mc5OaJsVL3fySYQldVFOaT7Pu0J1N5FXIBckgtbT3eg+TGD9WIf
> > +Jy6ZpWjBKf6K4frwTwRpLBKqZhcA/78KzxFHeRHjV4cEVZVNoRtVqLYuTlbdlkH6
> > +G2YxgCioxAfqvsGjsg2ES7Xl6xz3uaBH1DFX7S2LXHkDHnloWOTaDRe/4h2VnFHf
> > +76xsJCgt2seJp91kI8bhuR7CUrO5mkRMhnp/z9v6vc2qcMv8EMK62FiBaqENaKg5
> > +6ag8Icujar1YwXG7oYhOuYiWxqGpJUwg5+h/HeYw5Q8ue0UwHPCUZR14pzQCKxag
> > +RMibiufOlS6URbCcBG44ddFAt2vqqopIo069moxfqt6OGig59cYv7PSMfHX25dV0
> > +1Ns+2R1eo7qiktkV+3CSSs/dUArcTxyovuadIAUaZAJ3XqsS3FGzZsPYMYNM9faZ
> > +qOfF6mmGmCZRJMMESWuWjc8ZnVAv4luyD18vlsr/J9rO0t28s4PJyqJGozEXLBLt
> > +saCVihxBHMY7QK/pC0jRniLpeniDDHY875TIiG3nrmtR84nnW9WNOG6tuaIcB6hD
> > +/DmSr72rRoNEpCa/eT7XiCOymGHS5gWR+94R1+J1rQZbd1T8gSq/nQQluJII7oz7
> > +ABEBAAGJAjYEGAECAAkFAk58tdUCGwwAIQkQONu9yGCSaT4WIQRkfyhlSJTjvUVx
> > +mb44273IYJJpPjBTEAC+6nWLKuUdxyHZEd/GmYVEFg07C2akTEkHL4pTMNnpGMxN
> > +McVvDdiuSRcDVwxChsXa9PGc1mzkHYje7ayn8APUx4XEP8x7m15tlyMlMEfwMF8o
> > +xHAXBfd9sfhfsxwsPpdgwgTPtWjR7exPMJWpkzbs2Y9muFYePTktAiWIt5S7Jfni
> > +9jAvrqGW8+40+ESwi5ptUZhiFVZ3hlp+FwjRXcsZj8onAFmrimqXNU8QsyTFy8Ia
> > +GLX0YN4XfVnz2mW6BXTbTuQiMVv7XXuhfgV7OW7UEalwL2zXZl32uHLcrMurAKjE
> > +CBtku8LBoZ8QsNKKQ8mCkE6+mHWBMClfXX/trb+R85hgRT6G2epObiTnqROuWVFf
> > +4IKDFDZpnXdx1oW0dPMA6edgk0SNdLQKUTLEhdeegufCNy4txNNVveQ0fssChH/H
> > +UmZtHWieEg4H9HAUlxRPf+aUkW1dRpwYJJIKkK0vQd7BTRivS4vk3HnWLuk0bhpw
> > +gk214rPU8zJphksRNVj9641nUD/PJo0qztj9IJtrmrjI6YNz+yRIpRB8/vJDwqJT
> > +q1SZ5YBp+pS40j3jozRFGwqfGZziC5ZfK9RbB2un4ABh/NyRlTiAYhFVYpK8boJM
> > +oOzQe1nlbVwDf6Wty6voekrLOTnu4Y5GpY4Wq5AREyzShd0cpznDnmyjOIKWVA==
> > +=Xuim
> > +-----END PGP PUBLIC KEY BLOCK-----
> > diff --git a/debian/watch b/debian/watch
> > new file mode 100644
> > index 0000000000..ac0e235e69
> > --- /dev/null
> > +++ b/debian/watch
> > @@ -0,0 +1,3 @@
> > +version=4
> > +opts="uversionmangle=s%$%.0%,pgpsigurlmangle=s%@ARCHIVE_EXT@$%.tar.sign%,decompress"
> \
> > +
> https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-@ANY_VERSION@@ARCHIVE_EXT@
> > --
> > 2.34.1
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20240214/22a45f12/attachment-0001.html>
More information about the kernel-team
mailing list