[linux] 02/03: Add script to regenerate lockdown patch series from git

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Tue Jul 18 00:08:28 UTC 2017


This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch master
in repository linux.

commit 81c11b5921a6c0524916d75a28c49ace5fb16f40
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Mon Jul 17 23:52:45 2017 +0100

    Add script to regenerate lockdown patch series from git
---
 debian/changelog                                 |  6 ++
 debian/patches/features/all/lockdown/genpatch.py | 99 ++++++++++++++++++++++++
 2 files changed, 105 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 6cbddae..ca747c8 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+linux (4.11.11-2) UNRELEASED; urgency=medium
+
+  * Add script to regenerate lockdown patch series from git
+
+ -- Ben Hutchings <ben at decadent.org.uk>  Tue, 18 Jul 2017 00:04:07 +0100
+
 linux (4.11.11-1) unstable; urgency=medium
 
   * New upstream stable update:
diff --git a/debian/patches/features/all/lockdown/genpatch.py b/debian/patches/features/all/lockdown/genpatch.py
new file mode 100755
index 0000000..aa8b785
--- /dev/null
+++ b/debian/patches/features/all/lockdown/genpatch.py
@@ -0,0 +1,99 @@
+#!/usr/bin/python3
+
+import codecs, errno, io, os, os.path, re, shutil, subprocess, sys, tempfile
+
+def main(repo, range='torvalds/master..dhowells/efi-lock-down'):
+    patch_dir = 'debian/patches'
+    lockdown_patch_dir = 'features/all/lockdown'
+    series_name = 'series'
+
+    # Only replace patches in this subdirectory and starting with a digit
+    # - the others are presumably Debian-specific for now
+    lockdown_patch_name_re = re.compile(
+        r'^' + re.escape(lockdown_patch_dir) + r'/\d')
+    series_before = []
+    series_after = []
+
+    old_series = set()
+    new_series = set()
+
+    try:
+        with open(os.path.join(patch_dir, series_name), 'r') as series_fh:
+            for line in series_fh:
+                name = line.strip()
+                if lockdown_patch_name_re.match(name):
+                    old_series.add(name)
+                elif len(old_series) == 0:
+                    series_before.append(line)
+                else:
+                    series_after.append(line)
+    except FileNotFoundError:
+        pass
+
+    with open(os.path.join(patch_dir, series_name), 'w') as series_fh:
+        for line in series_before:
+            series_fh.write(line)
+
+        # Add directory prefix to all filenames.
+        # Add Origin to all patch headers.
+        def add_patch(name, source_patch, origin):
+            name = os.path.join(lockdown_patch_dir, name)
+            path = os.path.join(patch_dir, name)
+            try:
+                os.unlink(path)
+            except FileNotFoundError:
+                pass
+            with open(path, 'w') as patch:
+                in_header = True
+                for line in source_patch:
+                    if in_header and re.match(r'^(\n|[^\w\s]|Index:)', line):
+                        patch.write('Origin: %s\n' % origin)
+                        if line != '\n':
+                            patch.write('\n')
+                        in_header = False
+                    patch.write(line)
+            series_fh.write(name)
+            series_fh.write('\n')
+            new_series.add(name)
+
+        # XXX No signature to verify
+
+        env = os.environ.copy()
+        env['GIT_DIR'] = os.path.join(repo, '.git')
+        args = ['git', 'format-patch', '--subject-prefix=', range]
+        format_proc = subprocess.Popen(args,
+                                       cwd=os.path.join(patch_dir, lockdown_patch_dir),
+                                       env=env, stdout=subprocess.PIPE)
+        with io.open(format_proc.stdout.fileno(), encoding='utf-8') as pipe:
+            for line in pipe:
+                name = line.strip('\n')
+                with open(os.path.join(patch_dir, lockdown_patch_dir, name)) as \
+                        source_patch:
+                    patch_from = source_patch.readline()
+                    match = re.match(r'From ([0-9a-f]{40}) ', patch_from)
+                    assert match
+                    origin = 'https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/commit?id=%s' % match.group(1)
+                    add_patch(name, source_patch, origin)
+
+        for line in series_after:
+            series_fh.write(line)
+
+    for name in new_series:
+        if name in old_series:
+            old_series.remove(name)
+        else:
+            print('Added patch', os.path.join(patch_dir, name))
+
+    for name in old_series:
+        print('Obsoleted patch', os.path.join(patch_dir, name))
+
+if __name__ == '__main__':
+    if not (2 <= len(sys.argv) <= 3):
+        sys.stderr.write('''\
+Usage: %s REPO [REVISION-RANGE]
+REPO is a git repo containing the REVISION-RANGE.  The default range is
+torvalds/master..dhowells/efi-lock-down.
+''' % sys.argv[0])
+        print('BASE is the base branch (default: torvalds/master).')
+        sys.exit(2)
+    main(*sys.argv[1:])

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git



More information about the Kernel-svn-changes mailing list