diff -Nru linux-signed-oem-5.10-5.10.0/debian/changelog linux-signed-oem-5.10-5.10.0/debian/changelog --- linux-signed-oem-5.10-5.10.0/debian/changelog 2020-11-04 07:23:53.000000000 +0000 +++ linux-signed-oem-5.10-5.10.0/debian/changelog 2020-11-16 14:46:19.000000000 +0000 @@ -1,3 +1,18 @@ +linux-signed-oem-5.10 (5.10.0-1004.5) focal; urgency=medium + + * Master version: 5.10.0-1004.5 + + * Improve download-signed script to support current & grub2 (LP: #1876875) + - download-signed: improve to support grub2 downloads + + -- Timo Aaltonen Mon, 16 Nov 2020 16:46:19 +0200 + +linux-signed-oem-5.10 (5.10.0-1003.4) focal; urgency=medium + + * Master version: 5.10.0-1003.4 + + -- Timo Aaltonen Thu, 12 Nov 2020 11:30:46 +0200 + linux-signed-oem-5.10 (5.10.0-1002.3) focal; urgency=medium * Master version: 5.10.0-1002.3 diff -Nru linux-signed-oem-5.10-5.10.0/debian/control linux-signed-oem-5.10-5.10.0/debian/control --- linux-signed-oem-5.10-5.10.0/debian/control 2020-11-04 07:23:53.000000000 +0000 +++ linux-signed-oem-5.10-5.10.0/debian/control 2020-11-16 14:46:19.000000000 +0000 @@ -9,24 +9,24 @@ python3-apt, Build-Depends-Arch: sbsigntool [amd64 arm64], - linux-headers-5.10.0-1002-oem (>= 5.10.0-1002.3), + linux-headers-5.10.0-1004-oem (>= 5.10.0-1004.5), Standards-Version: 3.9.4 -Package: linux-image-5.10.0-1002-oem +Package: linux-image-5.10.0-1004-oem Architecture: amd64 Depends: ${unsigned:Depends} Recommends: ${unsigned:Recommends} Suggests: ${unsigned:Suggests} Conflicts: ${unsigned:Conflicts} Provides: ${unsigned:Provides} -Built-Using: linux-oem-5.10 (= 5.10.0-1002.3) +Built-Using: linux-oem-5.10 (= 5.10.0-1004.5) Description: Signed kernel image oem A kernel image for oem. This version of it is signed with Canonical's UEFI signing key. -Package: linux-image-5.10.0-1002-oem-dbgsym +Package: linux-image-5.10.0-1004-oem-dbgsym Section: devel Architecture: amd64 -Depends: linux-image-unsigned-5.10.0-1002-oem-dbgsym +Depends: linux-image-unsigned-5.10.0-1004-oem-dbgsym Description: Signed kernel image oem A link to the debugging symbols for the oem signed kernel. diff -Nru linux-signed-oem-5.10-5.10.0/download-signed linux-signed-oem-5.10-5.10.0/download-signed --- linux-signed-oem-5.10-5.10.0/download-signed 2019-10-25 16:49:46.000000000 +0000 +++ linux-signed-oem-5.10-5.10.0/download-signed 2020-11-16 13:17:45.000000000 +0000 @@ -1,9 +1,9 @@ #! /usr/bin/python3 import hashlib +import argparse import os import re -import shutil import sys import tarfile from urllib import request @@ -14,12 +14,28 @@ ) import apt -from aptsources.distro import get_distro # package_name: package containing the objects we signed # package_version: package version containing the objects we signed # src_package: source package name in dists -(package_name, package_version, src_package) = sys.argv[1:] +# signed_type: 'signed' or 'uefi' schema in the url + +parser = argparse.ArgumentParser() +parser.add_argument( + "package_name", + help="package containining the objects we signed") +parser.add_argument( + "package_version", + help="package version containing the objects we signed, or 'current'") +parser.add_argument( + "src_package", + help="source package name in dists") +parser.add_argument( + "signed_type", + nargs='?', + default='signed', + help="subdirectory type in the url, 'signed' or 'uefi'") +args = parser.parse_args() class SignedDownloader: @@ -30,7 +46,7 @@ identify the members and to validate them once downloaded. """ - def __init__(self, package_name, package_version, src_package): + def __init__(self, package_name, package_version, src_package, signed_type='signed'): self.package_name = package_name self.package_version = package_version self.src_package = src_package @@ -41,10 +57,13 @@ cache = apt.Cache() self.package = None - for version in cache[package_name].versions: - if version.version == self.package_version: - self.package = version - break + if self.package_version == "current": + self.package = cache[package_name].candidate + else: + for version in cache[package_name].versions: + if version.version == self.package_version: + self.package = version + break if not self.package: raise KeyError("{0}: package version not found".format(self.package_name)) @@ -52,7 +71,7 @@ origin = self.package.origins[0] pool_parsed = urlparse(self.package.uri) self.package_dir = "%s/%s/%s/%s-%s/%s/" % ( - origin.archive, 'main', 'signed', + origin.archive, 'main', signed_type, self.src_package, self.package.architecture, self.package_version) # Prepare the master url stem and pull out any username/password. If present @@ -152,7 +171,6 @@ if os.path.exists(tarball_filename): with tarfile.open(tarball_filename) as tarball: for tarinfo in tarball: - fullname = os.path.abspath(os.path.join(base, tarinfo.name)) if not filename.startswith(here): print('download-signed: {0}: tarball member outside output directory'.format(member)) sys.exit(1) @@ -161,5 +179,5 @@ tarball.extract(tarinfo, base) -downloader = SignedDownloader(package_name, package_version, src_package) +downloader = SignedDownloader(**vars(args)) downloader.download('.')