[Replicant] [vendor_replicant-release-scripts] [PATCH] builder-patches.sh: Add support for transitions releases

Denis 'GNUtoo' Carikli GNUtoo at cyberdimension.org
Mon Jan 24 18:53:29 UTC 2022


In the Replicant 6.0 0004 transition release, we have the following
patches on top of the vendor/replicant master branch:
    53ab2743 Release Replicant 6.0 0004 transition release
    6c2772be Re-run the key migration at each boot
this is because for transition releases, we need two apply two patches
instead of one in vendor/replicant in the builder source code.

The goal of the transition releases is to enable users running images
signed with older keys to migrate to new images that are signed with
newly generated keys (which are stored in vendor/replicant-security),
without having to erase all their data.

This requires an extra patch to enable the service that runs the key
migration script at each boot.

After booting a transition release, users are expected to install a
regular release like the Replicant 6.0 0004 in order not to have the
key migration run at each boot (if the power runs out precisely
when the migration script runs, users could loose all their data).

The second patch is similar to what we have in all other releases: it
just sets the release versions and potentially adds release notes to
the changelog.

Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo at cyberdimension.org>
---
 builder-patches.sh | 20 +++++++++++++++-----
 common.sh          |  9 +++++++++
 2 files changed, 24 insertions(+), 5 deletions(-)

diff --git a/builder-patches.sh b/builder-patches.sh
index 4934a56..114ad5f 100755
--- a/builder-patches.sh
+++ b/builder-patches.sh
@@ -28,6 +28,8 @@ local_repositories="\
 	../manifest \
 "
 
+. $(dirname $0)/releasevars.sh
+
 local_tmpdir="$(mktemp -d)"
 
 usage()
@@ -173,14 +175,22 @@ apply_patches_to_remote()
 	repositories_dirs=""
 
 	for repository in ${local_repositories} ; do
-		patch="$(git -C ${repository} format-patch -1)"
+		nr_patches=1
 		destdir="${local_tmpdir}/$(basename ${repository})"
-
 		mkdir -p "${destdir}/"
-		mv -f "${repository}/${patch}" "${destdir}/"
-
-		append "patches" "$(basename ${repository})/${patch}"
 		append "repositories_dirs" "$(basename ${repository})"
+
+		if is_transition_release ; then
+			if [ "${repository}" = "../vendor_replicant" ] ; then
+				nr_patches=2
+			fi
+		fi
+
+		_patches="$(git -C ${repository} format-patch -${nr_patches})"
+		for patch in ${_patches} ; do
+			mv -f "${repository}/${patch}" "${destdir}/"
+			append "patches" "$(basename ${repository})/${patch}"
+		done
 	done
 
 	queue_patches_for_remote "${patches}"
diff --git a/common.sh b/common.sh
index 60b937c..3efd06f 100755
--- a/common.sh
+++ b/common.sh
@@ -25,6 +25,15 @@ is_replicant_11()
 	match_replicant_version '^11-'
 }
 
+is_transition_release()
+{
+	if echo "${RELEASE}" | grep '\-transition$' > /dev/null ; then
+		true
+	else
+		false
+	fi
+}
+
 match_replicant_version()
 {
 	regex="$1"
-- 
2.34.1



More information about the Replicant mailing list