Bug#1118663: trixie-pu: package asahi-scripts/20250130-3+deb13u1
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: asahi-scripts@packages.debian.org, noisycoil@debian.org
Control: affects -1 + src:asahi-scripts
User: release.debian.org@packages.debian.org
Usertags: pu
[ Other info ]
Apple Silicon support is provided in Debian by the Bananas Team by
distributing the downstream Asahi kernel in a private repository (the
rest of the stack is in Debian proper). Since the Asahi project does
not support LTS kernels, the only way we have to mitigate security
issues in stable is by slowly rolling down unstable kernels to stable
(within our private repository, that is). This means kernel changes may
sometimes require stable updates (in Debian proper). One and a half out
of the three bugs fixed by this update are caused by such kernel changes.
[ Reason ]
This update is needed to fix bugs #1112262, #1112264 and #1112265.
All three bugs were fixed upstream and the fix was uploaded to unstable/
testing a couple of months ago in asahi-scripts 20250713-1.
[ Impact ]
- #1112262: asahi-diagnose, the tool we point our users at to diagnose
issues on Apple Silicon, falsely reports that the audio configuration
is in an invalid state. As a result, the user is alarmed by a
non-existing issue. This behavior is partly due to a kernel change and
partly due to an unrelated bug which apparently we didn't catch in
time for trixie as it only affects some laptops.
- #1112264: a change in the kernel may render systems unbootable in the
future unless the apple_nvmem_spmi module (which previously didn't
exist) is explicitly added to the initramfs. The fix is trivial, and
not dealing with it in time can become bad enough that we want to fix
this already instead of waiting for it to possibly break systems.
- #1112265: update-m1n1, the tool that updates DTBs when the kernel is
updated, *always* updates the DTBs, instead of only doing so when the
DTBs actually change. This breaks the security model of the DTB update,
since it overwrites old (functioning) DTBs with redundant copies of
possibly broken new ones. This is not a regression, but a behavior that
was always in the package and was only fixed upstream recently.
More details on these bugs can be found in the respective bug reports.
[ Tests ]
All fixes are backports and they were in unstable as-is since early
September. As for stable, I manually tested they work as intended.
[ Risks ]
All changes were accepted from upstream and then backported, so they
already underwent thorough review and testing.
- #1112262
* Fix 1 exchanges one `grep | sed || echo` in a script, which is a
no-op, to `sed | grep || echo`, which actually does something. That
something is actually checking if audio is configured as expected.
I would say there's no risk here.
* Fix 2 removes an obsolete diagnostic check that always fails on
newer kernels. Not having the check on older kernels is not a big
deal, especially since it tested a very common configuration.
Again I would say there's no risk.
- #1112264
* The fix adds a module to the initramfs. Empirically, this module
is already being added as a dependency, so at this time this change
is a no-op. But in the future something might change and that could
make systems unbootable by not including the module anymore. Since
we are already asking for a stable update, let's fix this now to
future-proof the package and avoid a subsequent stable update. If
the module does not exist (e.g. someone is still running an older
kernel), this change does nothing. So again there's no risk involved.
P.S.: the change also adds an non-user-facing deprecation notice for two
modules. This is again a no-op, I included it just to keep the delta
with unstable minimal as far as this specific change is concerned (the
deprecation notice is in unstable too).
- #1112265:
* The fix changes the logic by which DTBs are updated in the boot binary
by adding a check that the new DTBs are different than the old ones,
so that DTB updates become idempotent. This may be risky per se, but
the fix has been upstream since May, it was released by upstream in July
(during the freeze) and it has been in unstable since early September.
Moreover, I tested it purposefully in stable. So I would say testing
essentially brought the risk close to zero.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
See Risks above, where I explained the changes one-by-one.
Cheers!
diff -Nru asahi-scripts-20250130/debian/changelog asahi-scripts-20250130/debian/changelog
--- asahi-scripts-20250130/debian/changelog 2025-04-15 09:39:19.000000000 +0200
+++ asahi-scripts-20250130/debian/changelog 2025-08-28 02:04:55.000000000 +0200
@@ -1,3 +1,20 @@
+asahi-scripts (20250130-3+deb13u1) UNRELEASED; urgency=medium
+
+ * Team upload.
+ * d/patches:
+ - add 0000-Backport-asahi-diagnose-Fix-macaudio-default-profile.patch
+ to fix the macaudio default profile check (Closes: #1112262)
+ - add 0000-Backport-asahi-diagnose-drop-tas2764-checks.patch to drop
+ the tas2764 quirk checks (Closes: #1112262)
+ - 0003-debian-Add-initramfs-tools-implementation-for-cpio-f.patch:
+ add the apple_nvmem_spmi module to the initramfs explicitly and
+ obsolete simple-mfd-spmi and nvmem_spmi_mfd (Closes: #1112264)
+ - add 0000-Backport-update-m1n1-clobber-boot.bin.old-only-on-changes.patch
+ to make update-m1n1 idempotent (Closes: #1112265)
+ - refresh
+
+ -- NoisyCoil <noisycoil@debian.org> Thu, 28 Aug 2025 02:04:55 +0200
+
asahi-scripts (20250130-3) unstable; urgency=medium
* Team upload.
diff -Nru asahi-scripts-20250130/debian/gbp.conf asahi-scripts-20250130/debian/gbp.conf
--- asahi-scripts-20250130/debian/gbp.conf 2023-11-15 12:18:17.000000000 +0100
+++ asahi-scripts-20250130/debian/gbp.conf 2025-08-28 02:04:55.000000000 +0200
@@ -1,5 +1,5 @@
[DEFAULT]
-debian-branch = debian/unstable
+debian-branch = debian/trixie
upstream-branch = main
dist = DEP14
pristine-tar = False
diff -Nru asahi-scripts-20250130/debian/patches/0000-Backport-asahi-diagnose-drop-tas2764-checks.patch asahi-scripts-20250130/debian/patches/0000-Backport-asahi-diagnose-drop-tas2764-checks.patch
--- asahi-scripts-20250130/debian/patches/0000-Backport-asahi-diagnose-drop-tas2764-checks.patch 1970-01-01 01:00:00.000000000 +0100
+++ asahi-scripts-20250130/debian/patches/0000-Backport-asahi-diagnose-drop-tas2764-checks.patch 2025-08-28 02:04:55.000000000 +0200
@@ -0,0 +1,60 @@
+From: NoisyCoil <noisycoil@tutanota.com>
+Date: Tue, 19 Aug 2025 02:32:46 +0200
+Subject: asahi-diagnose: drop the tas2764 quirk checks
+
+The quirks were upstreamed in 6.16 and are not enabled by a kernel parameter
+anymore. Because of left-over checks, asahi-diagnose tells users 'Your audio
+configuration is in an invalid state', which is not true.
+
+Signed-off-by: NoisyCoil <noisycoil@tutanota.com>
+---
+ asahi-diagnose | 15 +--------------
+ 1 file changed, 1 insertion(+), 14 deletions(-)
+
+diff --git a/asahi-diagnose b/asahi-diagnose
+index 8e9ea7e..fe520d5 100755
+--- a/asahi-diagnose
++++ b/asahi-diagnose
+@@ -111,16 +111,6 @@ check_audio_macaudio() {
+ }
+ bad_macaudio_params=$(check_audio_macaudio)
+
+-# Check that snd-soc-tas2764.apple_quirks=0x3f is being applied
+-check_audio_tas2764() {
+- [ -e /sys/module/snd_soc_tas2764/ ] && (
+- grep "63" /sys/module/snd_soc_tas2764/parameters/apple_quirks > /dev/null \
+- && echo "yes" \
+- || echo "no"
+- ) || echo "N/A"
+-}
+-tas2764_quirks=$(check_audio_tas2764)
+-
+ audio_config() {
+ cat <<EOF
+ ## Audio Configuration:
+@@ -129,7 +119,6 @@ audio_config() {
+ Old configuration files in \`/etc/\`: $old_conf
+ File conflicts in \`/usr/share/\`: $racy_build
+ Speaker detonation requested: $bad_macaudio_params
+- TAS2764 quirks applied: $tas2764_quirks
+
+ EOF
+ }
+@@ -256,8 +245,7 @@ diagnose() {
+ if [ "$pro_audio" = "yes" ] || \
+ [ "$old_conf" = "yes" ] || \
+ [ "$racy_build" = "yes" ] || \
+- [ "$bad_macaudio_params" = "yes" ] || \
+- [ "$tas2764_quirks" = "no" ]; then
++ [ "$bad_macaudio_params" = "yes" ]; then
+ echo
+ echo "!! IMPORTANT !!"
+ echo "Your audio configuration is in an invalid state. It is likely that you tried to"
+@@ -268,7 +256,6 @@ diagnose() {
+ [ "$old_conf" = "yes" ] && echo " - You have files in /etc/ from a prerelease version of asahi-audio."
+ [ "$racy_build" = "yes" ] && echo " - You have files in /usr/share/ from a prerelease version of asahi-audio."
+ [ "$bad_macaudio_params" = "yes" ] && echo " - You have tried to manually circumvent our kernel-level safety controls."
+- [ "$tas2764_quirks" = "no" ] && echo " - Required speaker codec settings are not being applied."
+ )
+ echo "Please go to https://github.com/AsahiLinux/docs/wiki/Undoing-early-speaker-support-hacks for fixes."
+ echo "Do NOT file audio-related bugs until you have tried ALL fixes suggested at the page above."
diff -Nru asahi-scripts-20250130/debian/patches/0000-Backport-asahi-diagnose-Fix-macaudio-default-profile.patch asahi-scripts-20250130/debian/patches/0000-Backport-asahi-diagnose-Fix-macaudio-default-profile.patch
--- asahi-scripts-20250130/debian/patches/0000-Backport-asahi-diagnose-Fix-macaudio-default-profile.patch 1970-01-01 01:00:00.000000000 +0100
+++ asahi-scripts-20250130/debian/patches/0000-Backport-asahi-diagnose-Fix-macaudio-default-profile.patch 2025-08-28 02:04:55.000000000 +0200
@@ -0,0 +1,22 @@
+From: Dan Berindei <dan.berindei@gmail.com>
+Date: Fri, 6 Jun 2025 09:59:29 +0300
+Subject: asahi-diagnose: Fix macaudio default profile check
+
+Signed-off-by: Dan Berindei <dan.berindei@gmail.com>
+---
+ asahi-diagnose | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/asahi-diagnose b/asahi-diagnose
+index 5062387..8e9ea7e 100755
+--- a/asahi-diagnose
++++ b/asahi-diagnose
+@@ -73,7 +73,7 @@ EOF
+ check_macaudio_profile() {
+ local profile_config="${HOME}/.local/state/wireplumber/default-profile"
+ [ -e ${profile_config} ] \
+- && grep alsa_card.platform-sound ${profile_config} | sed -e 's/.*=//' \
++ && sed -ne 's/^alsa_card.platform-sound=// p' ${profile_config} | grep . \
+ || echo "Default"
+ }
+ macaudio_profile=$(check_macaudio_profile)
diff -Nru asahi-scripts-20250130/debian/patches/0000-Backport-update-m1n1-clobber-boot.bin.old-only-on-changes.patch asahi-scripts-20250130/debian/patches/0000-Backport-update-m1n1-clobber-boot.bin.old-only-on-changes.patch
--- asahi-scripts-20250130/debian/patches/0000-Backport-update-m1n1-clobber-boot.bin.old-only-on-changes.patch 1970-01-01 01:00:00.000000000 +0100
+++ asahi-scripts-20250130/debian/patches/0000-Backport-update-m1n1-clobber-boot.bin.old-only-on-changes.patch 2025-08-28 02:04:55.000000000 +0200
@@ -0,0 +1,31 @@
+From: Janne Grunau <j@jannau.net>
+Date: Sun, 27 Apr 2025 12:47:21 +0200
+Subject: update-m1n1: clobber boot.bin.old only if boot.bin changes
+
+Uses `sha512sum` instead of `cmp` to avoid a dependency on diffutils.
+
+Signed-off-by: Janne Grunau <j@jannau.net>
+---
+ update-m1n1 | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/update-m1n1 b/update-m1n1
+index 9dd745c..5520ee2 100755
+--- a/update-m1n1
++++ b/update-m1n1
+@@ -56,7 +56,14 @@ cat "$M1N1" $DTBS >"${TARGET}.new"
+ gzip -c "$U_BOOT" >>"${TARGET}.new"
+ cat "$m1n1config" >>"${TARGET}.new"
+
+-[ -e "$TARGET" ] && mv -f "$TARGET" "${TARGET}.old"
++if [ -e "$TARGET" ]; then
++ # clobber "${TARGET}.old" only if "$TARGET" changes, use sha512sum to
++ # avoid dependency on diffutils
++ SHA512_CUR=$(sha512sum "$TARGET" | cut -d' ' -f1)
++ SHA512_NEW=$(sha512sum "$TARGET.new" | cut -d' ' -f1)
++ [ "$SHA512_CUR" != "$SHA512_NEW" ] && mv -f "$TARGET" "${TARGET}.old"
++fi
++
+ mv -f "${TARGET}.new" "$TARGET"
+
+ echo "m1n1 updated at ${TARGET}"
diff -Nru asahi-scripts-20250130/debian/patches/0003-debian-Add-initramfs-tools-implementation-for-cpio-f.patch asahi-scripts-20250130/debian/patches/0003-debian-Add-initramfs-tools-implementation-for-cpio-f.patch
--- asahi-scripts-20250130/debian/patches/0003-debian-Add-initramfs-tools-implementation-for-cpio-f.patch 2025-04-15 09:17:24.000000000 +0200
+++ asahi-scripts-20250130/debian/patches/0003-debian-Add-initramfs-tools-implementation-for-cpio-f.patch 2025-08-28 02:04:55.000000000 +0200
@@ -11,10 +11,10 @@
functions.sh | 4 +--
initramfs/hooks/asahi | 39 ++++++++++++++++++++++++
initramfs/kernel/zz-update-m1n1 | 26 ++++++++++++++++
- initramfs/modules | 40 ++++++++++++++++++++++++
+ initramfs/modules | 43 ++++++++++++++++++++++++++
initramfs/scripts/init-bottom/asahi | 19 ++++++++++++
initramfs/scripts/init-top/asahi | 61 +++++++++++++++++++++++++++++++++++++
- 7 files changed, 201 insertions(+), 3 deletions(-)
+ 7 files changed, 204 insertions(+), 3 deletions(-)
create mode 100644 initramfs/hooks/asahi
create mode 100644 initramfs/kernel/zz-update-m1n1
create mode 100644 initramfs/modules
@@ -155,10 +155,10 @@
+exit 0
diff --git a/initramfs/modules b/initramfs/modules
new file mode 100644
-index 0000000..0fe204f
+index 0000000..6cbe56c
--- /dev/null
+++ b/initramfs/modules
-@@ -0,0 +1,40 @@
+@@ -0,0 +1,43 @@
+# For NVMe & SMC
+apple-mailbox
+# For NVMe
@@ -187,8 +187,11 @@
+spi-hid-apple-of
+# For RTC
+rtc-macsmc
-+simple-mfd-spmi
+spmi-apple-controller
++apple_nvmem_spmi
++# For RTC, obsoleted by linux 6.15,
++# drop in future release
++simple-mfd-spmi
+nvmem_spmi_mfd
+# For MTP HID
+apple-dockchannel
diff -Nru asahi-scripts-20250130/debian/patches/0005-asahi-diagnose-update-doc-link.patch asahi-scripts-20250130/debian/patches/0005-asahi-diagnose-update-doc-link.patch
--- asahi-scripts-20250130/debian/patches/0005-asahi-diagnose-update-doc-link.patch 2025-04-15 09:39:14.000000000 +0200
+++ asahi-scripts-20250130/debian/patches/0005-asahi-diagnose-update-doc-link.patch 2025-08-28 02:04:55.000000000 +0200
@@ -9,12 +9,12 @@
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/asahi-diagnose b/asahi-diagnose
-index db894a8..dcf2fea 100755
+index 02f2c26..870b3f2 100755
--- a/asahi-diagnose
+++ b/asahi-diagnose
-@@ -277,7 +277,7 @@ diagnose() {
+@@ -264,7 +264,7 @@ diagnose() {
+ [ "$racy_build" = "yes" ] && echo " - You have files in /usr/share/ from a prerelease version of asahi-audio."
[ "$bad_macaudio_params" = "yes" ] && echo " - You have tried to manually circumvent our kernel-level safety controls."
- [ "$tas2764_quirks" = "no" ] && echo " - Required speaker codec settings are not being applied."
)
- echo "Please go to https://github.com/AsahiLinux/docs/wiki/Undoing-early-speaker-support-hacks for fixes."
+ echo "Please go to https://asahilinux.org/docs/sw/undoing-early-speaker-hacks/ for fixes."
diff -Nru asahi-scripts-20250130/debian/patches/series asahi-scripts-20250130/debian/patches/series
--- asahi-scripts-20250130/debian/patches/series 2025-04-15 09:39:14.000000000 +0200
+++ asahi-scripts-20250130/debian/patches/series 2025-08-28 02:04:55.000000000 +0200
@@ -1,3 +1,6 @@
+0000-Backport-asahi-diagnose-Fix-macaudio-default-profile.patch
+0000-Backport-asahi-diagnose-drop-tas2764-checks.patch
+0000-Backport-update-m1n1-clobber-boot.bin.old-only-on-changes.patch
0001-debian-add-install-debian-target.patch
0002-debian-Adjust-update-m1n1-for-debian.patch
0003-debian-Add-initramfs-tools-implementation-for-cpio-f.patch
Reply to: