drop signing

2024-10-29 05:12:06 +03:00
parent 3a08f39a8b
commit f63f36de4f
35 changed files with 8 additions and 377 deletions
--- a/debian/bin/gencontrol.py
+++ b/debian/bin/gencontrol.py
@@ -33,10 +33,7 @@ locale.setlocale(locale.LC_CTYPE, "C.UTF-8")


 class Gencontrol(Base):
-    disable_signed: bool
-
    env_flags = [
-        ('DEBIAN_KERNEL_DISABLE_SIGNED', 'disable_signed', 'signed code'),
    ]

    def __init__(
@@ -187,34 +184,6 @@ class Gencontrol(Base):
    ) -> None:
        arch = config.name

-        if not self.disable_signed:
-            build_signed = config.build.enable_signed
-        else:
-            build_signed = False
-
-        if build_signed:
-            # Make sure variables remain
-            vars['signedtemplate_binaryversion'] = '@signedtemplate_binaryversion@'
-            vars['signedtemplate_sourceversion'] = '@signedtemplate_sourceversion@'
-
-            self.bundle.add('signed-template', (arch,), makeflags, vars, arch=arch)
-
-            bundle_signed = self.bundles[f'signed-{arch}'] = \
-                PackagesBundle(f'signed-{arch}', 'signed.source.control', vars, self.templates)
-
-            with bundle_signed.open('source/lintian-overrides', 'w') as f:
-                f.write(self.substitute(
-                    self.templates.get('signed.source.lintian-overrides'), vars))
-
-            with bundle_signed.open('changelog.head', 'w') as f:
-                dist = self.changelog[0].distribution
-                urgency = self.changelog[0].urgency
-                f.write(f'''\
-linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={urgency}
-
-  * Sign kernel from {self.changelog[0].source} @signedtemplate_binaryversion@
-''')
-
        if config.packages.source and list(config.featuresets):
            self.bundle.add('config', (arch, ), makeflags, vars)

@@ -329,31 +298,11 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur

        packages_own = []

-        if not self.disable_signed:
-            build_signed = config.build.enable_signed
-        else:
-            build_signed = False
-
-        if build_signed:
-            bundle_signed = self.bundles[f'signed-{arch}']
-        else:
-            bundle_signed = self.bundle
-
        vars.setdefault('desc', '')

-        if build_signed:
-            packages_image_unsigned = (
-                self.bundle.add('image-unsigned', ruleid, makeflags, vars, arch=arch)
-            )
-            packages_image = packages_image_unsigned[:]
-            packages_image.extend(
-                bundle_signed.add('signed.image', ruleid, makeflags, vars, arch=arch)
-            )
-
-        else:
-            packages_image = packages_image_unsigned = (
-                bundle_signed.add('image', ruleid, makeflags, vars, arch=arch)
-            )
+        packages_image = (
+            self.bundle.add('image', ruleid, makeflags, vars, arch=arch)
+        )

        for field in ('Depends', 'Provides', 'Suggests', 'Recommends',
                      'Conflicts', 'Breaks'):
@@ -387,19 +336,13 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur
        packages_own.extend(packages_image)
        packages_own.extend(packages_headers)

-        # The image meta-packages will depend on signed linux-image
-        # packages where applicable, so should be built from the
-        # signed source packages The header meta-packages will also be
-        # built along with the signed packages, to create a dependency
-        # relationship that ensures src:linux and src:linux-signed-*
-        # transition to testing together.
        if do_meta:
            packages_meta = (
-                bundle_signed.add('image.meta', ruleid, makeflags, vars, arch=arch)
+                self.bundle.add('image.meta', ruleid, makeflags, vars, arch=arch)
            )
            assert len(packages_meta) == 1
            packages_meta += (
-                bundle_signed.add(build_signed and 'signed.headers.meta' or 'headers.meta',
+                self.bundle.add('headers.meta',
                                  ruleid, makeflags, vars, arch=arch)
            )
            assert len(packages_meta) == 2
@@ -503,31 +446,6 @@ linux-signed-{vars['arch']} (@signedtemplate_sourceversion@) {dist}; urgency={ur

    def write(self) -> None:
        super().write()
-        self.write_signed()
-
-    def write_signed(self) -> None:
-        for bundle in self.bundles.values():
-            pkg_sign_entries = {}
-
-            for p in bundle.packages.values():
-                if not isinstance(p, BinaryPackage):
-                    continue
-
-                if pkg_sign_pkg := p.meta_sign_package:
-                    pkg_sign_entries[pkg_sign_pkg] = {
-                        'trusted_certs': [],
-                        'files': [
-                            {
-                                'sig_type': e.split(':', 1)[-1],
-                                'file': e.split(':', 1)[0],
-                            }
-                            for e in p.meta_sign_files
-                        ],
-                    }
-
-            if pkg_sign_entries:
-                with bundle.path('files.json').open('w') as f:
-                    json.dump({'packages': pkg_sign_entries}, f, indent=2)


 if __name__ == '__main__':