@@ -221,10 +221,18 @@ from forcing GEXP-PROMISE."
#:guile-for-build guile)))
(define (make-linux-libre-source version
- upstream-source
+ linux-upstream-source
+ linux-libre-upstream-source
deblob-scripts)
"Return a 'computed' origin that generates a Linux-libre tarball from the
-corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
+corresponding LINUX-UPSTREAM-SOURCE (an origin), using the given
+DEBLOB-SCRIPTS. The generated Linux-libre source is compared against the
+corresponding LINUX-LIBRE-UPSTREAM-SOURCE upstream release (an origin), to
+ensure correctness. This comparison is skipped when
+LINUX-LIBRE-UPSTREAM-SOURCE is set to #f. This can be used in exceptional
+cases where for security reasons an update must be pushed before the
+Linux-libre project could publish a cleaned up tree. Manual screening of the
+new Linux changes for nonfree code is required when skipping the comparison."
(match deblob-scripts
((deblob-version (? origin? deblob) (? origin? deblob-check))
(unless (string=? deblob-version (version-major+minor version))
@@ -281,14 +289,14 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
(("/bin/sed") (which "sed"))
(("/usr/bin/python") (which "python"))))
- (if (file-is-directory? #+upstream-source)
+ (if (file-is-directory? #+linux-upstream-source)
(begin
- (format #t "Copying upstream linux source...~%")
- (invoke "cp" "--archive" #+upstream-source dir)
+ (format #t "Copying upstream Linux source...~%")
+ (invoke "cp" "--archive" #+linux-upstream-source dir)
(invoke "chmod" "--recursive" "u+w" dir))
(begin
- (format #t "Unpacking upstream linux tarball...~%")
- (invoke "tar" "xf" #$upstream-source)
+ (format #t "Unpacking upstream Linux tarball...~%")
+ (invoke "tar" "xf" #$linux-upstream-source)
(match (scandir "."
(lambda (name)
(and (not (member name '("." "..")))
@@ -315,7 +323,22 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
(format #t "~%Scanning the generated tarball for blobs...~%")
(invoke "/tmp/bin/deblob-check" "--use-awk" "--list-blobs"
- #$output))))))))))
+ #$output)
+
+ (if #+linux-libre-upstream-source
+ (begin
+
+ ;; Git doesn't track empty directories, so remove them
+ ;; from our local tree for the sake of comparison.
+ (invoke "find" dir "-type" "d" "-empty" "-delete")
+ (invoke "diff" "-ur"
+ dir
+ #+linux-libre-upstream-source))
+ (begin
+ (format #t "~%Skipping comparison with the upstream \
+Linux-libre release... Ensure new sources have been manually verified \
+against nonfree software.~%")
+ #t)))))))))))
;;;
@@ -344,8 +367,16 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
(uri (string-append "mirror://kernel.org"
"/linux/kernel/v" (version-major version) ".x/"
"linux-" version ".tar.xz"))
- (sha256 hash)))
+ (sha256 (base32 hash))))
+(define (%upstream-linux-libre-source version hash)
+ (origin
+ (method git-fetch)
+ (uri (git-reference
+ (url "git://linux-libre.fsfla.org/releases.git")
+ (commit (string-append "sources/v" version "-gnu"))))
+ (file-name (git-file-name "linux-libre-source" version))
+ (sha256 (base32 hash))))
;; The current "stable" kernel. That is, the most recently released major
;; version.
@@ -357,9 +388,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
(base32 "0j6jba5fcddqlb42f95gjl78jisfla4nswqila074gglcrbnl9q7")))
(define-public linux-libre-5.8-pristine-source
(let ((version linux-libre-5.8-version)
- (hash (base32 "0xm901zvvrwsb9k88la6pb65nybi43bygiyz1z68njwsx6ripxik")))
+ (hash "0xm901zvvrwsb9k88la6pb65nybi43bygiyz1z68njwsx6ripxik")
+ (libre-hash "0zjw82xrmlgmjb5w0ar4mhjsn9pf8halwzq6dvv71hmrmskjxbyn"))
(make-linux-libre-source version
(%upstream-linux-source version hash)
+ (%upstream-linux-libre-source version libre-hash)
deblob-scripts-5.8)))
;; The "longterm" kernels — the older releases with long-term upstream support.
@@ -373,10 +406,12 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
(base32 "1b3q88i2qfdxyvpi9f7jds0qlb8hfpw87mgia096ax6822c2cmyb")))
(define-public linux-libre-5.4-pristine-source
(let ((version linux-libre-5.4-version)
- (hash (base32 "1vymhl6p7i06gfgpw9iv75bvga5sj5kgv46i1ykqiwv6hj9w5lxr")))
- (make-linux-libre-source version
- (%upstream-linux-source version hash)
- deblob-scripts-5.4)))
+ (hash "1vymhl6p7i06gfgpw9iv75bvga5sj5kgv46i1ykqiwv6hj9w5lxr")
+ (libre-hash "150cz1h9cn8klh8dhnbhb9zmxc6pf6x9rj5fa2wv9k7r42lk9kis"))
+ (make-linux-libre-source version
+ (%upstream-linux-source version hash)
+ (%upstream-linux-libre-source version libre-hash)
+ deblob-scripts-5.4)))
(define-public linux-libre-4.19-version "4.19.144")
(define deblob-scripts-4.19
@@ -386,9 +421,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
(base32 "1jiaw0as1ippkrjdpd52657w5mz9qczg3y2hlra7m9k0xawwiqlf")))
(define-public linux-libre-4.19-pristine-source
(let ((version linux-libre-4.19-version)
- (hash (base32 "0jnj65bdy5y9lcj5zhrn4iaszpww8z41ac66j00l75sd931l1g9k")))
+ (hash "0jnj65bdy5y9lcj5zhrn4iaszpww8z41ac66j00l75sd931l1g9k")
+ (libre-hash "04lijps8qjk3kwsgvkw9plhmy5rxgrp6ld82d96jgjm27s5xd308"))
(make-linux-libre-source version
(%upstream-linux-source version hash)
+ (%upstream-linux-libre-source version libre-hash)
deblob-scripts-4.19)))
(define-public linux-libre-4.14-version "4.14.197")
@@ -399,9 +436,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
(base32 "1qij18inijj6c3ma8hv98yjagnzxdxyn134da9fd23ky8q6hbvky")))
(define-public linux-libre-4.14-pristine-source
(let ((version linux-libre-4.14-version)
- (hash (base32 "029h46yki2hxdbn7afmnf3yar1pnwrpszx76irsa5mf8gnrasyp0")))
+ (hash "029h46yki2hxdbn7afmnf3yar1pnwrpszx76irsa5mf8gnrasyp0")
+ (libre-hash "1hbp1shhhifk3xy8026c466vpfpgll11xx1kawq97llx1pars4hn"))
(make-linux-libre-source version
(%upstream-linux-source version hash)
+ (%upstream-linux-libre-source version libre-hash)
deblob-scripts-4.14)))
(define-public linux-libre-4.9-version "4.9.235")
@@ -412,9 +451,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
(base32 "0fxajshb75siq39lj5h8xvhdj8lcmddkslwlyj65rhlwk6g2r4b2")))
(define-public linux-libre-4.9-pristine-source
(let ((version linux-libre-4.9-version)
- (hash (base32 "1hqcb3zw4546h6x5xy2mywdznha8813lx15mxbgfbvwm4qhsc9g6")))
+ (hash "1hqcb3zw4546h6x5xy2mywdznha8813lx15mxbgfbvwm4qhsc9g6")
+ (libre-hash "0sz73pxdz4kl4fyfvbkm7xzdhzx8x2xajr93mhapc65hssyz3059"))
(make-linux-libre-source version
(%upstream-linux-source version hash)
+ (%upstream-linux-libre-source version libre-hash)
deblob-scripts-4.9)))
(define-public linux-libre-4.4-version "4.4.235")
@@ -425,9 +466,11 @@ corresponding UPSTREAM-SOURCE (an origin), using the given DEBLOB-SCRIPTS."
(base32 "0hhin1jpfkd6nwrb6xqxjzl3hdxy4pn8a15hy2d3d83yw6pflbsf")))
(define-public linux-libre-4.4-pristine-source
(let ((version linux-libre-4.4-version)
- (hash (base32 "0w5pkv936zb0shjgnpv17gcp5n8f91djznzq54p6j1bl5q2qdyqd")))
+ (hash "0w5pkv936zb0shjgnpv17gcp5n8f91djznzq54p6j1bl5q2qdyqd")
+ (libre-hash "1pydy3cr4malqlr69ksw22nphpydfmpbrfh190ahgym741zdfncg"))
(make-linux-libre-source version
(%upstream-linux-source version hash)
+ (%upstream-linux-libre-source version libre-hash)
deblob-scripts-4.4)))
(define %boot-logo-patch