Debian Kernel version and ABI in respect of #1040901

To: debian-kernel@lists.debian.org
Cc: debian-release@lists.debian.org
Subject: Debian Kernel version and ABI in respect of #1040901
From: Bastian Blank <waldi@debian.org>
Date: Thu, 13 Jul 2023 21:16:15 +0200
Message-id: <[🔎] 20230713191615.s5hmzixwkfkmeqig@shell.thinkmo.de>
Mail-followup-to: debian-kernel@lists.debian.org, debian-release@lists.debian.org

Hi folks

You might have heard that the masters of Linux Secure Boot, aka shim
reviewers, have spoken.  They have told us that our way of handling
kernel modules is not longer acceptable.  For some context see #1040901.

This means for us that we have to make sure that kernel and modules
can't be mixed between different builds.  If we want to continue with
the current behaviour, where you can keep old kernels usable, we have to
rename packages and kernel internal ABI on every upload.

This is the first version of a proposal that should work. But it also
ignores some Debian and release policy points to avoid some problematic
behaviour.  For example it should not possible for package names to grow
unrestricted.

Please share your thoughts or if we have a better solution overall.

Regards,
Bastian

## Current behaviour

Currently in use are the following types:

* experimental:
    Version 6.1~rc2-3~exp4, 6.1.2-3~exp4
    ABI 6.1.0-0-arm64
* unstable/testing/stable:
    Version 6.1.2-3
    ABI 6.1.0-1-arm64
* security/LTS:
    Version 6.1.2-3~deb12u4
    ABI 6.1.0-1-arm64
* backports:
    Version 6.1.2-3~bpo12+4
    ABI 6.1.0-0.bpo.1-arm64

But our version check allows allow more variants, including NMU, BinNMU,
local versions, +bpo, ~deb11u1~deb10u1.

## Proposed behaviour

This tries to make sure everything apart from experimental gets new
names and ABI on every upload.

* experimental:
    Keep version 6.1~rc2-3~exp4, 6.1.2-3~exp4
    Keep ABI 6.1.0-0-arm64
* unstable/testing/stable:
    Keep version 6.1.2-3
    ABI 6.1.2-3-arm64
* security:
    Use same version ranges as stable, makes it impossible to do stable
    and security with the same minor.
    Version 6.1.2-3
    ABI 6.1.2-3-arm64
* backports:
    Keep version 6.1.2-3~bpo12+4
    ABI 6.1.2-3.bpo12.4-arm64
* LTS:
    Version 6.1.2-3~deb12u4
    ABI 6.1.2-3.deb12.4-arm64
* Everything else:
    Not for Debian archive.
    Keep version
    ABI 6.1.2-local

## Removed feature for now

### NMU

Can be easily added back by adding "bX" or so to the ABI.

### BinNMU

Is impossible to support.  The version change requires changes in the
names of the created packages.

### Release team prefix

The release team mandated debXuY suffix is not used for any
stable/security or similar release.  Only the LTS one for now uses that.

This makes sure we never accrue more then one such suffix in any
version, to make sure it does not grow unlimited.

New stable uploads always try to gather new upstream minor releases, so
we should be safe.

-- 
I have never understood the female capacity to avoid a direct answer to
any question.
		-- Spock, "This Side of Paradise", stardate 3417.3

Reply to:

Follow-Ups:
- Re: Debian Kernel version and ABI in respect of #1040901
  - From: Adrian Bunk <bunk@debian.org>
- Re: Debian Kernel version and ABI in respect of #1040901
  - From: Ben Hutchings <ben@decadent.org.uk>
- Re: Debian Kernel version and ABI in respect of #1040901
  - From: Bastian Blank <waldi@debian.org>

Prev by Date: Bug#1040981: klibc-utils: Segmentation fault while executin klibc binaries in armhf architecture
Next by Date: Processed: severity of 1040966 is important
Previous by thread: Bug#1040981: klibc-utils: segfault executing armhf binaries under qemu-user
Next by thread: Re: Debian Kernel version and ABI in respect of #1040901
Index(es):
- Date
- Thread