Gitiles
Code Review Sign In
gerrit.omnirom.org / android_packages_modules_Virtualization / 3fe0ce31e9b2879bfd4e26d878670769df2c149f^1..3fe0ce31e9b2879bfd4e26d878670769df2c149f / .
commit3fe0ce31e9b2879bfd4e26d878670769df2c149f[log] [tgz]
authorTreehugger Robot <android-test-infra-autosubmit@system.gserviceaccount.com>Wed Dec 11 18:41:56 2024 -0800
committerAutomerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>Wed Dec 11 18:41:56 2024 -0800
treeea65929e2ecca899204a878ea6ebea0c6dd4426c
parent86fce2089f115fa1fa19a684e9a479f33ee84168 [diff]
parent1b408dae153e0c0a3d3c4adfed743fc89d159e5a [diff]
Merge "build/debian: Verify checksums and signature for kernel sources" into main am: a0c4595a76 am: 1b408dae15

Original change: https://android-review.googlesource.com/c/platform/packages/modules/Virtualization/+/3404081

Change-Id: Ia4e86ec9b091563062495dd77324fe10c6099f05
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>

diff --git a/build/debian/build.sh b/build/debian/build.sh
index cc38dfd..9bb1481 100755
--- a/build/debian/build.sh
+++ b/build/debian/build.sh

@@ -238,15 +238,23 @@
 	local custom_flavour="avf"
 	local ksrc_base_url="https://deb.debian.org/debian/pool/main/l/linux"
 
+	local dsc_url="${ksrc_base_url}/linux_${debian_kver}.dsc"
 	local debian_ksrc_url="${ksrc_base_url}/linux_${debian_kver}.debian.tar.xz"
 	local orig_ksrc_url="${ksrc_base_url}/linux_${debian_kver%-*}.orig.tar.xz"
 
-	# 1. Grab original kernel source, merge debian patches etc.
-	mkdir -p "${workdir}/kernel/avf-${debian_arch}"
+	# 0. Grab the kernel sources, and the latest debian keyrings
+	mkdir -p "${workdir}/kernel"
 	pushd "${workdir}/kernel" > /dev/null
+	wget "$dsc_url"
 	wget "$orig_ksrc_url"
-	pushd "avf-${debian_arch}" > /dev/null
-	wget "${debian_ksrc_url}" -O - | tar xJ
+	wget "$debian_ksrc_url"
+	rsync -az --progress keyring.debian.org::keyrings/keyrings/ /usr/share/keyrings/
+
+	# 1. Verify, extract and merge patches into the original kernel sources
+	dpkg-source --require-strong-checksums \
+	            --require-valid-signature \
+	            --extract linux_${debian_kver}.dsc
+	pushd "linux-${debian_kver%-*}" > /dev/null
 	# TODO: Copy our own kernel patches to debian/patches
 	#       and add patch file names in the desired order to debian/patches/series
 	./debian/rules orig