Update securedrop-workstation-grsec for 5.15.41/bullseye #326
Conversation
|
I think we still need some of the stuff Conor did in #301, let me take a stab at making it build on bullseye and buster... |
|
@legoktm just explained that we can use debian substitution variables to no longer worry about having to manually update the version strings in the control file. This change can be appended to this PR. |
|
I'm going to rebuild the kernel anyway before creating a PR with the new debs for dev-lfs. I'll link to that PR once it's ready. |
|
The CI logic is a bit busted still, I'll fix that up tomorrow. But the package should build as we want it on both bullseye and buster. |
* Automatically determine the kernel version from the package version, rearrange the package version scheme so the upstream version is exactly the kernel version and the distro name is in the debian version. * Disable the u2mn stuff on bullseye/Qubes 4.1. * Adjust the packaging script so it will support a changelog-bullseye since it has to be different from buster. * Drop the old changelog-stretch. Co-authored-by: Conor Schaefer <conor@freedom.press>
With TODO comments left that this should be cleaned up properly.
legoktm
force-pushed
the
securedrop-workstation-grsec-5.15.38
branch
from
142ce59 to
e5640b8
Compare
|
CI correctly built |
|
The Tokens in postinst are documented at https://manpages.debian.org/bullseye/debhelper/dh_installdeb.1.en.html except the custom |
legoktm
changed the title
sssoleileraaa
changed the title
|
@legoktm It looks like |
|
Should be fixed with f5d13b3. |
|
Only thing left is to make sure we can run
Just making note that the result of this is also that our changelog script will need special casing for grsec. |
It needs a Debian revision while all the others are native packages. This is mostly a best effort thing, if people want to increment the Debian revision they should just run `dch` manually.
There was a problem hiding this comment.
Just tested the recent changes for a new test version of grsec and another package (i chose proxy) for a regression check.
So this lgtm and will need your approval still @legoktm!
Towards #321
$KERNEL-$REVISION~$PLATFORM. This means the package's "upstream version" will be the kernel version, so we can use variables like${source:Upstream-Version}and$DEB_VERSION_UPSTREAMto substitute in the kernel version without hardcoding it.changelog-bullseyesince we need a different version on bullseye.Cross link to freedomofpress/securedrop-apt-test#158
Test plan
apt show securedrop-workstation-grsec_4.14.241-2~buster_amd64.debandapt show securedrop-workstation-grsec_5.15.41-1~bullseye_amd64.debto verify the dependencies have the correct version substituted inar x securedrop-workstation-grsec_5.15.41-1~bullseye_amd64.deb && tar xvf control.tar.xz, and look at the postinst to verify the token was substituted properly.