1
0

drop ci and remnants

This commit is contained in:
Konstantin Demin 2024-10-29 05:12:06 +03:00
parent 8f7edd05f4
commit 2e85d42e92
5 changed files with 1 additions and 424 deletions

View File

@ -1,28 +0,0 @@
-----BEGIN PRIVATE KEY-----
MIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQCo/R6tgfzFlvtA
bGb9QiwyCur1JB1eRE2UmU8t39jr0VRcr6p55v71fZE+ny4rLZl3ZibsKt1YeEhq
xAg7a7UfvjzT0PWaRV7M/XcwnRfKt032lUyNtcsEiMTp299Iak/Q/jm9M0yiTYxe
W1EsXfu1QrNSe0Zo8EZr9Q6eyFnjilJNgHpOlCyxH/7ujO73tzP84cEDZejFHYlo
ypKsjO2IWLcQssnM+llOlMYZ4mx6a6TxchSMKyYl6PRLviltkK4HF6AD4D4Lgoa0
38pHPL2kJPEW9eb1cRsnFkzK4edYxGN6si728HUY/rQFSzehSaGXjPYR6kq2OCwQ
am4LcCm/AgMBAAECggEBAJso/df1+C88N6mpXs6+yXGRULaQ2F5LfKgqM+c9FyE+
7KTFrlOLYyHoj0neQjfnAHf+1VIW8XFfz64oHB7jAEULGTKrNDbX5vl06NE8DDJX
KEB2SPn8p1GceqD2/wawhmSwaDduOLj1VyLz2Y5RJOIDQj9DbRzBMQfC1A+6ib4/
LscWb1e1gQvZ0FIgSv2ZlOLqdSXVizsg7Am5iCizD5O9Pbw31QfZDyd7IJqpRi63
Wo234CZS3Hhkr2267QttVeuY9AWgtYU1f6KMRrakEpLPf1mNqVIpY3M8Ee8KoMCr
a3pl39+N9+0DI4GCF5yctmzPn4YqWg25vFVirXJFluECgYEA1bRcPQ2EzTLDjm1U
tVrh3yd6ZPdY1Tch1UhzGf7lGIMY924tZZveDpWs7VGJMGO8hHTdo8Ku32AolJKA
yMW+P05+EcXo0GR8xcJ4Ol3yeJrblWhO4UNiQrTxhE6yy/g25zgVKcKUfbdkq7Cu
VOZpmNlh3bM4Iwno8ZGxvUI+GBcCgYEAym8r9G2MWFCmH6w6cOkt2EpOlzCEKLZ5
q1nlZXTQBG+UB3EUPxZBviPTAjzZgfY1YS6SFZCb+fFEsVzGUAcz00xH6H2tHgmK
NoCX1bzqA7qDWjs2Dr2x33803jhRClQr/hg3rCwfoAkkImX2tPEf/URF6b5MuxgB
JPAT98lg3JkCgYEAzMG/8vtl99ogxvF4TT9j1ZWUzvKzma72as29AvZX+XF61XAq
bQW38I92nfgWk1esg9kZl9NsDDitCRWJ8VSOIUgKwOq4VBtD9ZOL8JidPvNZW0ES
+wC+QB3wno1tAMO1jzsMA/QcpIu4GEzz7ALMwJfgDjSun9vZ5sNq4mR67EcCgYEA
ibqbsEC8ZPXyIMiANoQfofHkiK8Eq+KC41dVYPLZ+Lqlf26rNMUC08fx76rQ3cBS
zxztXWi3BpXlg7q4XoiX9SIIJqEjILWi6LQTGePfX8wNRF3WyK69j28v3CV61ckw
6T822Zhnp+2wPQsckD0h46II4yCLehu545TIMSU9FrkCgYEAin/3RTg2V0v/36AR
YSMfZvfd+DCQ2Vm1WJQWfPJhdzb/L8DzFei0DDAbPFIiz5CFt9yyCIaag5XE0NqP
gHq3xaNmYqV2LLDX8lswmpeqUN0YpEKUwrT/CGuRLWMJYc2WwbGGgQIOc53nx+Ku
6DKedX7qLoifu/3fq69hNrMXsFs=
-----END PRIVATE KEY-----

View File

@ -1,19 +0,0 @@
-----BEGIN CERTIFICATE-----
MIIDEzCCAfugAwIBAgIUM0ot4Y+xMV7+tm0g9Yp70GPmizQwDQYJKoZIhvcNAQEL
BQAwGTEXMBUGA1UEAwwOVGVzdCBTaWduZXIgQ0EwHhcNMjIwMjA1MTgyOTIzWhcN
MjIwMzA3MTgyOTIzWjAZMRcwFQYDVQQDDA5UZXN0IFNpZ25lciBDQTCCASIwDQYJ
KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKj9Hq2B/MWW+0BsZv1CLDIK6vUkHV5E
TZSZTy3f2OvRVFyvqnnm/vV9kT6fListmXdmJuwq3Vh4SGrECDtrtR++PNPQ9ZpF
Xsz9dzCdF8q3TfaVTI21ywSIxOnb30hqT9D+Ob0zTKJNjF5bUSxd+7VCs1J7Rmjw
Rmv1Dp7IWeOKUk2Aek6ULLEf/u6M7ve3M/zhwQNl6MUdiWjKkqyM7YhYtxCyycz6
WU6UxhnibHprpPFyFIwrJiXo9Eu+KW2QrgcXoAPgPguChrTfykc8vaQk8Rb15vVx
GycWTMrh51jEY3qyLvbwdRj+tAVLN6FJoZeM9hHqSrY4LBBqbgtwKb8CAwEAAaNT
MFEwHQYDVR0OBBYEFJ2vFS8iN46NNzlnI73JPOXy+8ydMB8GA1UdIwQYMBaAFJ2v
FS8iN46NNzlnI73JPOXy+8ydMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEL
BQADggEBAFRNfEbkBd0dKw7Ch4b9GMi4yDHFBN9d9KBe6Il92hojluBlQXTBvyKM
OPN12k7CTTHDN1RCLfHaPQl9lrZILgMLI3y5KdLYPhaaGuGwihIUObcNVetU+TGa
iMgdIsRSnF1LaYb5z56mJnnHSYA+5eq+Lnpy+jT7JhXrs0jL2JB7n36lYarpDE0Q
yby09tTHw8fJFONQ2UfUUJu52wcT8hrSygZR0msDz27/l0KmKgKtmM039hZW3Ssa
PZlVfQe3j7lZ0kPi/W9RhA+3LPDdHmjJYhTS2gtCLfeAaaXGj9sFEpMfGbF8Hgl4
OjiEuTKPVoApKbpa6islqK3O6GR86WE=
-----END CERTIFICATE-----

23
debian/rules vendored
View File

@ -35,29 +35,6 @@ build: build-arch build-indep
build-arch: debian/control
dh_testdir
# The perf-read-vdso* programs are built for different architectures,
# without standard flags, but are not exposed to untrusted input.
@printf '%s\n' 'blhc: ignore-line-regexp: .* -o *[^ ]*/perf-read-vdso.*'
# Kernel code needs different hardening options that blhc doesn't know
# about.
@printf '%s\n' 'blhc: ignore-line-regexp: .* -D__KERNEL__ .*'
# The tools/perf/tests/workloads/.* programs are deliberately compiled
# without -O2, so instruct blhc to ignore those
@printf '%s\n' 'blhc: ignore-line-regexp: .* -o .*tools/perf/tests/workloads/.*'
# fixdep is not always built with the right flags but is also not packaged
@printf '%s\n' 'blhc: ignore-line-regexp: .* -o .*/tools/.*/fixdep.*'
# We need to use terse builds in CI due to the log size limit. This
# mostly affects the output for builds of kernel code, which need
# different options for hardening anyway.
ifneq ($(filter terse,$(DEB_BUILD_OPTIONS)),)
@printf '%s\n' 'blhc: ignore-line-regexp: \s*(CC(LD)?|LD|LINK)\b.*'
endif
$(MAKE) -f debian/rules.gen build-arch_$(DEB_HOST_ARCH)
build-indep: debian/control

2
debian/rules.real vendored
View File

@ -41,7 +41,7 @@ setup_env := env -u ABINAME -u ARCH -u FEATURESET -u FLAVOUR -u VERSION -u LOCAL
# XXX: All the tools leak flags between host and build all the time, just don't care. See #1050991.
setup_env += -u KBUILD_HOSTCFLAGS -u HOSTCFLAGS -u KBUILD_HOSTLDFLAGS
setup_env += DISTRIBUTION_OFFICIAL_BUILD=1 DISTRIBUTOR="$(DEB_VENDOR)" DISTRIBUTION_VERSION="$(SOURCEVERSION)" KBUILD_BUILD_TIMESTAMP="@$(SOURCE_DATE_EPOCH)" KBUILD_BUILD_VERSION_TIMESTAMP="$(DEB_VENDOR) $(SOURCEVERSION) ($(SOURCE_DATE_UTC_ISO))" KBUILD_BUILD_USER="$(word 1,$(subst @, ,$(MAINTAINER)))" KBUILD_BUILD_HOST="$(word 2,$(subst @, ,$(MAINTAINER)))"
setup_env += KBUILD_VERBOSE=$(if $(filter terse,$(DEB_BUILD_OPTIONS)),0,1)
setup_env += KBUILD_VERBOSE=1
MAKE_CLEAN = $(setup_env) $(MAKE) KCFLAGS=-fdebug-prefix-map=$(CURDIR)/= KAFLAGS=-fdebug-prefix-map=$(CURDIR)/=
MAKE_SELF := $(MAKE) -f debian/rules.real $(MAKEOVERRIDES)

353
debian/salsa-ci.yml vendored
View File

@ -1,353 +0,0 @@
include:
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
variables:
RELEASE: 'unstable'
# Make that build quicker
DEB_BUILD_PROFILES: pkg.linux.quick
# We have to bump the version in source preparation, not later
SALSA_CI_DISABLE_VERSION_BUMP: 'true'
# Currently broken in quick build
DEBIAN_KERNEL_DISABLE_INSTALLER: 'true'
# Output is limited to 4 MiB total, so use 'terse'.
# Current runners have 2 CPUs but have slow I/O so 'parallel=4' is
# a bit faster.
DEB_BUILD_OPTIONS: 'terse parallel=4'
DEBIAN_KERNEL_DISABLE_BUILD_PACKAGE_ARM64: 0
# Add stages for signed packages
stages:
- provisioning
- build
- publish
- sign-code
- build-signed
- test
# The common Salsa CI pipeline relies on keeping the unpacked source
# as an artifact, but in our case this is far too large for the
# current limits on Salsa (salsa-ci-team/pipeline#195). So we
# redefine the source extraction and build steps to use packed source.
# Our modified extract-source and build jobs
extract-source:
stage: provisioning
image: $SALSA_CI_IMAGES_BASE
cache:
key: "orig-${RELEASE}"
paths:
- orig
extends:
- .artifacts-default-expire
rules:
- if: $CI_COMMIT_TAG != null
when: never
- when: always
script:
# Move orig tarball cache
- |
if [ -d orig ]; then
mv orig/* ..
rmdir orig
fi
# Install dependencies of gencontrol.py and debian/rules orig
# plus origtargz
- apt-get update
- |
eatmydata apt-get install --no-install-recommends -y \
debhelper \
devscripts \
git \
kernel-wedge \
python3 \
python3-dacite \
python3-debian \
python3-jinja2 \
quilt \
rsync
- version=$(dpkg-parsechangelog -SVersion)
- upstream_version=$(echo $version | sed 's/-[^-]*$//')
# Merge upstream source
- USCAN_VCS_EXPORT_UNCOMPRESSED=yes origtargz -dt
- debian/rules orig
# Fudge source version and distribution *before* gencontrol.py
- sed -i -e '1 s/) [^;]*/+salsaci) UNRELEASED/' debian/changelog
- version=${version}+salsaci
# Run gencontrol.py
# - create temporary log
- log="$(mktemp)"
# - invoke debian/control-real rule and log output
- |
rc=0; debian/rules debian/control-real >"$log" 2>&1 || rc=$?
- cat "$log"
# - check for success message and error code
- test $rc = 2
- grep -q 'been generated SUCCESSFULLY' "$log"
# Put packed source in artifacts
- dpkg-buildpackage -uc -us -S -sa -d
- mkdir -p ${WORKING_DIR}
- cp ../linux_${upstream_version}.orig.tar.xz ${WORKING_DIR}
- mv ../linux_${version}.dsc ../linux_${version}.debian.tar.xz ${WORKING_DIR}
# Move orig tarballs back to where GitLab wants them
- mkdir orig
- mv ../*.orig.tar.* orig
build:
stage: build
timeout: 3 hours
image: $SALSA_CI_IMAGES_BASE
cache:
key: "build-${BUILD_ARCH}_${HOST_ARCH}"
paths:
- .ccache
extends:
- .artifacts-default-expire
rules:
- if: $CI_COMMIT_TAG != null
when: never
- when: always
variables:
CCACHE_TMP_DIR: ${CI_PROJECT_DIR}/../.ccache
CCACHE_WORK_DIR: ${CI_PROJECT_DIR}/.ccache
DB_BUILD_PARAM: ${SALSA_CI_DPKG_BUILDPACKAGE_ARGS}
DB_BUILD_TYPE: full
artifacts:
exclude:
- ${WORKING_DIR}/${SOURCE_DIR}/**/*
script:
# Unpack the source
- |
apt-get update && eatmydata apt-get install --no-install-recommends -y \
dpkg-dev
- dpkg-source -x ${WORKING_DIR}/*.dsc ${WORKING_DIR}/${SOURCE_DIR}
# Do the same as the common .build-definition script
- !reference [.build-before-script]
- !reference [.build-script]
- mv ${CCACHE_TMP_DIR} ${CCACHE_WORK_DIR}
dependencies:
- extract-source
build-arm64:
extends: build
image: $SALSA_CI_IMAGES_BASE_ARM64
variables:
BUILD_ARCH: 'arm64'
tags:
- arm64
rules:
- if: $DEBIAN_KERNEL_DISABLE_BUILD_PACKAGE_ARM64 =~ /^(1|yes|true)$/
when: never
# Make it possible to override the rules below. E.g. when a project fork
# has an ARM64 runner available.
- if: $DEBIAN_KERNEL_ENABLE_BUILD_PACKAGE_ARM64 =~ /^(1|yes|true)$/
when: always
# While there isn't an ARM shared runner avilable, let's run this job
# manually in forks of the kernel-team/linux project, and in branches other
# than the default branch, and allow it to fail in that case
- if: $CI_PROJECT_NAMESPACE != "kernel-team"
allow_failure: true
when: manual
- if: $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH
allow_failure: true
when: manual
- when: always
# The folllowing jobs are the standard tests, excluding any that
# require building again
lintian:
extends: .test-lintian
script:
- lintian --suppress-tags "${SALSA_CI_LINTIAN_SUPPRESS_TAGS}" --display-info --pedantic --fail-on error --allow-root ${SALSA_CI_LINTIAN_SHOW_OVERRIDES_ARG} ${SALSA_CI_LINTIAN_ARGS} ${WORKING_DIR}/*.changes | tee lintian.output || ECODE=$?
- lintian2junit.py --lintian-file lintian.output > ${WORKING_DIR}/lintian.xml
- exit ${ECODE-0}
needs:
- job: build
artifacts: true
- job: build-signed
artifacts: true
autopkgtest:
extends: .test-autopkgtest
blhc:
extends: .test-blhc
piuparts:
extends: .test-piuparts
needs:
- job: build
artifacts: true
- job: build-signed
artifacts: true
missing-breaks:
extends: .test-missing-breaks
rc-bugs:
extends: .test-rc-bugs
# Python static checkers
python-static:
stage: test
image: $SALSA_CI_IMAGES_BASE
rules:
- if: $CI_COMMIT_TAG != null
when: never
- when: always
script:
- |
apt-get update && eatmydata apt-get install --no-install-recommends -y \
flake8 python3 python3-dacite python3-jinja2 python3-pytest
# Check Python modules under debian/lib and Python scripts under
# debian/bin or debian/rules.d.
- sources="$(mktemp)"
- find debian/lib/python -name '*.py' > "$sources"
- |
find debian/bin debian/rules.d -type f -perm /111 |
while read script; do
if awk '/^#!.*python/ { exit 0 } { exit 1 }' "$script"; then
echo "$script"
fi
done \
>> "$sources"
# Run both checkers and coalesce their results rather than exiting
# on first failure
- pass=true
- xargs flake8 --max-line-length=100 < "$sources" || pass=false
- py.test debian/lib/python || pass=false
- $pass
needs: []
# kconfig static check
kconfig-static:
stage: test
image: $SALSA_CI_IMAGES_BASE
rules:
- if: $CI_COMMIT_TAG != null
when: never
- when: always
script:
# Unpack source and apply featureset patches
- |
apt-get update && eatmydata apt-get install --no-install-recommends -y \
debhelper dpkg-dev git python3 python3-dacite quilt
- dpkg-source -x ${WORKING_DIR}/*.dsc ${WORKING_DIR}/${SOURCE_DIR}
- cd ${WORKING_DIR}/${SOURCE_DIR}
- debian/rules source
# Fetch kernel-team repository
- kernel_team_dir="$(mktemp -d)"
- |
git clone --depth=1 https://salsa.debian.org/kernel-team/kernel-team.git \
"$kernel_team_dir"
# Run process.py and treat any error output as a failure
- error_log="$(mktemp)"
- |
"$kernel_team_dir"/utils/kconfigeditor2/process.py . 2>"$error_log" \
|| true
- |
if [ -s "$error_log" ]; then cat "$error_log"; false; fi
needs:
- job: extract-source
artifacts: true
# Sign code with the test key and certificate, build and test that
sign-code:
stage: sign-code
image: $SALSA_CI_IMAGES_BASE
extends:
- .artifacts-default-expire
rules:
- if: $CI_COMMIT_TAG != null
when: never
- when: always
script:
- |
apt-get update && eatmydata apt-get install --no-install-recommends -y \
dpkg-dev git openssl python3 python3-debian sbsigntool
# Fetch kernel-team repository
- kernel_team_dir="$(mktemp -d)"
- |
git clone --depth=1 https://salsa.debian.org/kernel-team/kernel-team.git \
"$kernel_team_dir"
# Sign the code and build a source package
- |
"$kernel_team_dir"/scripts/debian-test-sign \
${WORKING_DIR}/linux_*_${BUILD_ARCH}.changes \
debian/certs/ci-test-sign/ci-test-sign-key.pem \
debian/certs/ci-test-sign/ci-test-sign.pem
artifacts:
paths:
- ${WORKING_DIR}/linux-signed-${BUILD_ARCH}_*
needs:
- job: build
artifacts: true
build-signed:
stage: build-signed
image: $SALSA_CI_IMAGES_BASE
extends:
- .artifacts-default-expire
rules:
- if: $CI_COMMIT_TAG != null
when: never
- when: always
variables:
SALSA_CI_DPKG_BUILDPACKAGE_ARGS: ''
CCACHE_TMP_DIR: ${CI_PROJECT_DIR}/../.ccache
CCACHE_WORK_DIR: ${CI_PROJECT_DIR}/.ccache
DB_BUILD_PARAM: ${SALSA_CI_DPKG_BUILDPACKAGE_ARGS}
DB_BUILD_TYPE: full
script:
# Unpack the source
- |
apt-get update && eatmydata apt-get install --no-install-recommends -y \
dpkg-dev
- |
dpkg-source -x ${WORKING_DIR}/linux-signed-${BUILD_ARCH}_*.dsc \
${WORKING_DIR}/${SOURCE_DIR}
# Install build-dependencies produced by build job
- |
apt-get install --no-install-recommends -y \
${WORKING_DIR}/linux-image-*-unsigned_*_${BUILD_ARCH}.deb
# Do the same as the common .build-definition script
- !reference [.build-before-script]
- !reference [.build-script]
- mv ${CCACHE_TMP_DIR} ${CCACHE_WORK_DIR}
artifacts:
# This should include the linux-signed source package, its binary
# packages, and (for piuparts) the versioned dependencies produced
# by the build job
paths:
- ${WORKING_DIR}/linux-signed-${BUILD_ARCH}_*
- ${WORKING_DIR}/linux-headers-*_${BUILD_ARCH}.deb
- ${WORKING_DIR}/linux-headers-*-common_*_all.deb
- ${WORKING_DIR}/linux-image-*_${BUILD_ARCH}.deb
- ${WORKING_DIR}/linux-kbuild-*_${BUILD_ARCH}.deb
exclude:
- ${WORKING_DIR}/linux-image-*-unsigned_*_${BUILD_ARCH}.deb
needs:
- job: build
artifacts: true
- job: sign-code
artifacts: true