* gnu/packages/linux.scm (make-linux-libre-source): Rename the UPSTREAM-SOURCE parameter to LINUX-UPSTREAM-SOURCE. Add a new LINUX-LIBRE-UPSTREAM-SOURCE parameter. Update doc. Adjust variable names. Capitalize "Linux" in the user messages. Remove empty directories from the generated sources, then invoke diff between these sources and those of the corresponding Linux-libre release, unless LINUX-LIBRE-UPSTREAM-SOURCE is #f. (%upstream-linux-source): Convert the hash as base32 inside the definition, to simplify its use. (%upstream-linux-libre-source): New procedure. (linux-libre-5.8-pristine-source): Add a LIBRE-HASH binding and use it with %UPSTREAM-LINUX-LIBRE-SOURCE to provide the Linux-libre release origin to the make-linux-libre-source procedure call. (linux-libre-5.4-pristine-source): Likewise. (linux-libre-4.19-pristine-source): Likewise. (linux-libre-4.14-pristine-source): Likewise. (linux-libre-4.9-pristine-source): Likewise. (linux-libre-4.4-pristine-source): Likewise. --- gnu/packages/linux.scm | 79 ++++++++++++++++++++++++++++++++---------- 1 file changed, 61 insertions(+), 18 deletions(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 72fb3ca49d..1df66330cb 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -221,10 +221,18 @@ from forcing GEXP-PROMISE." #:guile-for-build guile))) (define (make-linux-libre-source version - upstream-source + linux-upstream-source + linux-libre-upstream-source deblob-scripts) "Return a 'computed' origin that generates a Linux-libre tarball from the -corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." +corresponding LINUX-UPSTREAM-SOURCE (an origin), using the given +DEBLOB-SCRIPTS. The generated Linux-libre source is compared against the +corresponding LINUX-LIBRE-UPSTREAM-SOURCE upstream release (an origin), to +ensure correctness. This comparison is skipped when +LINUX-LIBRE-UPSTREAM-SOURCE is set to #f. This can be used in exceptional +cases where for security reasons an update must be pushed before the +Linux-libre project could publish a cleaned up tree. Manual screening of the +new Linux changes for nonfree code is required when skipping the comparison." (match deblob-scripts ((deblob-version (? origin? deblob) (? origin? deblob-check)) (unless (string=? deblob-version (version-major+minor version)) @@ -281,14 +289,14 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (("/bin/sed") (which "sed")) (("/usr/bin/python") (which "python")))) - (if (file-is-directory? #+upstream-source) + (if (file-is-directory? #+linux-upstream-source) (begin - (format #t "Copying upstream linux source...~%") - (invoke "cp" "--archive" #+upstream-source dir) + (format #t "Copying upstream Linux source...~%") + (invoke "cp" "--archive" #+linux-upstream-source dir) (invoke "chmod" "--recursive" "u+w" dir)) (begin - (format #t "Unpacking upstream linux tarball...~%") - (invoke "tar" "xf" #$upstream-source) + (format #t "Unpacking upstream Linux tarball...~%") + (invoke "tar" "xf" #$linux-upstream-source) (match (scandir "." (lambda (name) (and (not (member name '("." ".."))) @@ -315,7 +323,22 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (format #t "~%Scanning the generated tarball for blobs...~%") (invoke "/tmp/bin/deblob-check" "--use-awk" "--list-blobs" - #$output)))))))))) + #$output) + + (if #+linux-libre-upstream-source + (begin + + ;; Git doesn't track empty directories, so remove them + ;; from our local tree for the sake of comparison. + (invoke "find" dir "-type" "d" "-empty" "-delete") + (invoke "diff" "-ur" + dir + #+linux-libre-upstream-source)) + (begin + (format #t "~%Skipping comparison with the upstream \ +Linux-libre release... Ensure new sources have been manually verified \ +against nonfree software.~%") + #t))))))))))) ;;; @@ -344,8 +367,16 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (uri (string-append "mirror://kernel.org" "/linux/kernel/v" (version-major version) ".x/" "linux-" version ".tar.xz")) - (sha256 hash))) + (sha256 (base32 hash)))) +(define (%upstream-linux-libre-source version hash) + (origin + (method git-fetch) + (uri (git-reference + (url "git://linux-libre.fsfla.org/releases.git") + (commit (string-append "sources/v" version "-gnu")))) + (file-name (git-file-name "linux-libre-source" version)) + (sha256 (base32 hash)))) ;; The current "stable" kernel. That is, the most recently released major ;; version. @@ -357,9 +388,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (base32 "0j6jba5fcddqlb42f95gjl78jisfla4nswqila074gglcrbnl9q7"))) (define-public linux-libre-5.8-pristine-source (let ((version linux-libre-5.8-version) - (hash (base32 "0xm901zvvrwsb9k88la6pb65nybi43bygiyz1z68njwsx6ripxik"))) + (hash "0xm901zvvrwsb9k88la6pb65nybi43bygiyz1z68njwsx6ripxik") + (libre-hash "0zjw82xrmlgmjb5w0ar4mhjsn9pf8halwzq6dvv71hmrmskjxbyn")) (make-linux-libre-source version (%upstream-linux-source version hash) + (%upstream-linux-libre-source version libre-hash) deblob-scripts-5.8))) ;; The "longterm" kernels — the older releases with long-term upstream support. @@ -373,10 +406,12 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (base32 "1b3q88i2qfdxyvpi9f7jds0qlb8hfpw87mgia096ax6822c2cmyb"))) (define-public linux-libre-5.4-pristine-source (let ((version linux-libre-5.4-version) - (hash (base32 "1vymhl6p7i06gfgpw9iv75bvga5sj5kgv46i1ykqiwv6hj9w5lxr"))) - (make-linux-libre-source version - (%upstream-linux-source version hash) - deblob-scripts-5.4))) + (hash "1vymhl6p7i06gfgpw9iv75bvga5sj5kgv46i1ykqiwv6hj9w5lxr") + (libre-hash "150cz1h9cn8klh8dhnbhb9zmxc6pf6x9rj5fa2wv9k7r42lk9kis")) + (make-linux-libre-source version + (%upstream-linux-source version hash) + (%upstream-linux-libre-source version libre-hash) + deblob-scripts-5.4))) (define-public linux-libre-4.19-version "4.19.144") (define deblob-scripts-4.19 @@ -386,9 +421,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (base32 "1jiaw0as1ippkrjdpd52657w5mz9qczg3y2hlra7m9k0xawwiqlf"))) (define-public linux-libre-4.19-pristine-source (let ((version linux-libre-4.19-version) - (hash (base32 "0jnj65bdy5y9lcj5zhrn4iaszpww8z41ac66j00l75sd931l1g9k"))) + (hash "0jnj65bdy5y9lcj5zhrn4iaszpww8z41ac66j00l75sd931l1g9k") + (libre-hash "04lijps8qjk3kwsgvkw9plhmy5rxgrp6ld82d96jgjm27s5xd308")) (make-linux-libre-source version (%upstream-linux-source version hash) + (%upstream-linux-libre-source version libre-hash) deblob-scripts-4.19))) (define-public linux-libre-4.14-version "4.14.197") @@ -399,9 +436,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (base32 "1qij18inijj6c3ma8hv98yjagnzxdxyn134da9fd23ky8q6hbvky"))) (define-public linux-libre-4.14-pristine-source (let ((version linux-libre-4.14-version) - (hash (base32 "029h46yki2hxdbn7afmnf3yar1pnwrpszx76irsa5mf8gnrasyp0"))) + (hash "029h46yki2hxdbn7afmnf3yar1pnwrpszx76irsa5mf8gnrasyp0") + (libre-hash "1hbp1shhhifk3xy8026c466vpfpgll11xx1kawq97llx1pars4hn")) (make-linux-libre-source version (%upstream-linux-source version hash) + (%upstream-linux-libre-source version libre-hash) deblob-scripts-4.14))) (define-public linux-libre-4.9-version "4.9.235") @@ -412,9 +451,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (base32 "0fxajshb75siq39lj5h8xvhdj8lcmddkslwlyj65rhlwk6g2r4b2"))) (define-public linux-libre-4.9-pristine-source (let ((version linux-libre-4.9-version) - (hash (base32 "1hqcb3zw4546h6x5xy2mywdznha8813lx15mxbgfbvwm4qhsc9g6"))) + (hash "1hqcb3zw4546h6x5xy2mywdznha8813lx15mxbgfbvwm4qhsc9g6") + (libre-hash "0sz73pxdz4kl4fyfvbkm7xzdhzx8x2xajr93mhapc65hssyz3059")) (make-linux-libre-source version (%upstream-linux-source version hash) + (%upstream-linux-libre-source version libre-hash) deblob-scripts-4.9))) (define-public linux-libre-4.4-version "4.4.235") @@ -425,9 +466,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS." (base32 "0hhin1jpfkd6nwrb6xqxjzl3hdxy4pn8a15hy2d3d83yw6pflbsf"))) (define-public linux-libre-4.4-pristine-source (let ((version linux-libre-4.4-version) - (hash (base32 "0w5pkv936zb0shjgnpv17gcp5n8f91djznzq54p6j1bl5q2qdyqd"))) + (hash "0w5pkv936zb0shjgnpv17gcp5n8f91djznzq54p6j1bl5q2qdyqd") + (libre-hash "1pydy3cr4malqlr69ksw22nphpydfmpbrfh190ahgym741zdfncg")) (make-linux-libre-source version (%upstream-linux-source version hash) + (%upstream-linux-libre-source version libre-hash) deblob-scripts-4.4))) (define %boot-logo-patch -- 2.28.0