Reminder to self, don't send emails at 2 a.m. I now need to add a few clarifications:
On Sat, 2026-01-03 at 02:16 +0100, Ben Hutchings wrote:
[...]
> 4. The code signing service creates detached signatures for the code and
> adds them to the source package template. It then builds, signs, and
> uploads the complete source package (linux-signed-*).
Note that this "build" is a source-build. The binary packages are later
built in the usual way.
[...]
> > 3.) Given the somewhat special situation for the linux kernel, is there
> > anything you want me to focus on when reviewing such changes in the
> > linux-signed-* packages in the BACKPORTS-NEW queue?
>
> If you can find a way to s/\+deb14/+deb13/ on both file names and
> contents before comparing them, you should then be able to see any
> actually interesting changes. (But there should not be any after that.)
On some backports branches I have made minor changes to maintain
compatibility with stable user-space, dropping a Breaks, but this has
not yet happened for trixie-backports.
> Unfortunately I don't think debdiff can do that.
[...]
This will produce something closer to a reasonable diff:
VERSION=6.17.13+1
dpkg-source -x linux-signed-amd64_${VERSION}.dsc
dpkg-source -x linux-signed-amd64_${VERSION}~bpo13+1.dsc
find linux-signed-amd64-${VERSION} -type f -print0 | xargs -0 sed -i
's/+deb14/+deb13/g'
find linux-signed-amd64-${VERSION} -depth -name '*+deb14*' -print0 | xargs
-0 rename -d 's/\+deb14/+deb13/g'
diff -urN linux-signed-amd64-${VERSION}{,~bpo13+1}
However I also see many instances of the linux source version and the
compiler version differing. The linux source version doesn't really
need to be repeated multiple times in rules.gen and the compiler is not
needed at this point, so possibly we could eliminate some of that with
changes to the generation process.
Ben.
--
Ben Hutchings - Debian developer, member of kernel, installer and LTS
teams
signature.asc
Description: This is a digitally signed message part
