update-kernel-versions.sh

#!/bin/bash

msg2() {
 echo -e " \033[1;34m->\033[1;0m \033[1;1m$1\033[1;0m" >&2
}

escape() {
  _escaped=$(printf '%s\n' "$1" | sed -e 's/[]\/$*.^[]/\\&/g')
}

kernel_rc_tags=$(git -c 'versionsort.suffix=-' \
    ls-remote --exit-code --refs --sort='version:refname' --tags https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git '*.*' \
    | cut --delimiter='/' --fields=3)

source linux-tkg-config/prepare
trap - EXIT

# Start by making sure our GnuPG environment is sane
if [[ ! -x /usr/bin/gpg ]]; then
  echo "Could not find gpg"
  exit 4
fi

## Generate the keyring
if [ ! -s gnupg/keyring.gpg ]; then
  if [[ ! -d gnupg ]]; then
    echo "gnupg directory does not exist"
    mkdir -p -m 0700 gnupg
  fi
  echo "Making sure we have all the necessary keys"
  gpg --batch --quiet --homedir gnupg --auto-key-locate wkd --locate-keys autosigner@kernel.org
  if [[ $? != "0" ]]; then
    echo "FAILED to retrieve keys"
    exit 3
  fi
  gpg --batch --homedir gnupg --export torvalds@kernel.org gregkh@kernel.org autosigner@kernel.org > gnupg/keyring.gpg
  echo "----------------------"
fi

# Cleanup
rm -f v*.x.sha256sums{,.asc}

updates=""
for _key in "${_current_kernels[@]}"; do
  kver_major="$(echo ${_key} | cut -d. -f1)"
  kver_base="$(echo ${_key} | tr -d ".")"

  ## Getting sha256sums by sha256sums.asc
  if [ ! -s v${kver_major}.x.sha256sums ]; then
    echo "Downloading the checksums file for linux-v${kver_major}.x"
    curl -sL --retry 2 -o "v${kver_major}.x.sha256sums.asc" https://cdn.kernel.org/pub/linux/kernel/v${kver_major}.x/sha256sums.asc
    if [[ $? != "0" ]]; then
      echo "FAILED to download the v${kver_major}.x checksums file"
      exit 3
    fi
    echo "Verifying the v${kver_major}.x checksums file"
    count_gpg=$(gpg --homedir gnupg --keyring=gnupg/keyring.gpg --status-fd=1 v${kver_major}.x.sha256sums.asc | grep -c -E '^\[GNUPG:\] (GOODSIG|VALIDSIG)')
    if [[ ${count_gpg} -lt 2 ]]; then
      echo "FAILED to verify the v${kver_major}.x.sha256sums file."
      rm -f "v${kver_major}.x.sha256sums"
      exit 3
    fi
    rm -f "v${kver_major}.x.sha256sums.asc"
    echo "----------------------"
  fi

  _from_rc_to_release="false"
  latest_full_ver=$(cut -c 67- v${kver_major}.x.sha256sums | grep ".tar.xz" | sed 's/.tar.xz//' | grep -F "linux-$_key" | tail -1 | sed 's/linux-//')
  if [[ "${_kver_subver_map[$_key]}" == rc* ]]; then
    # check if latest_full_ver is non-RC
    if [ ! -n "$latest_full_ver" ]; then
      latest_full_ver=$(echo "$kernel_rc_tags" | grep -F "v$_key-rc" | tail -1 | cut -c2-)
    fi
    if [[ "$latest_full_ver" == *rc* ]]; then
      latest_subver="${latest_full_ver##*-rc}"
    else
      _from_rc_to_release="true"
      if [ "$latest_full_ver" = "$_key" ]; then
        # this is the first release after rc, so the kernel version will be 5.xx (and not 5.xx.0)
        latest_subver="0"
      else
        # For whatever reason we are moving from an rc kernel to 5.xx.y
        latest_subver="${latest_full_ver##*.}"
      fi
    fi

    current_subver="${_kver_subver_map[$_key]}"
    current_subver="${current_subver##*rc}"
  else
    if [ "$latest_full_ver" != "$_key" ]; then
      latest_subver="${latest_full_ver##*.}"
    else
      latest_subver="0"
    fi
    current_subver=${_kver_subver_map[$_key]}
  fi

  echo "current version on repository $_key.${_kver_subver_map[$_key]} -> $current_subver"
  echo "upstream version $latest_full_ver -> $latest_subver"

  old_kernel_shasum=""
  new_kernel_shasum=""

  old_kernel_patch_shasum=""
  new_kernel_patch_shasum=""

  if [ "$_from_rc_to_release" = "true" ]; then
    # append kernel version update to updates
    updates="${updates} ${latest_full_ver}"

    echo "Updating from rc kernel to release in linux-tkg-config/prepare"

    escape "[\"${_key}\"]=\"rc${current_subver}\""
    _from="$_escaped"

    escape "[\"${_key}\"]=\"${latest_subver}\""
    _to="$_escaped"

    sed -i "/^_kver_subver_map=($/,/^)$/s|$_from|$_to|g" linux-tkg-config/prepare

    old_kernel_shasum=$(grep -A$(wc -l PKGBUILD | cut -d' ' -f1) "${kver_base})" PKGBUILD | grep sha256sums -m 1 - | cut -d \' -f2)
    new_kernel_shasum=$(grep linux-${_key}.tar.xz v${kver_major}.x.sha256sums | cut -d' ' -f1)
    if [ ! -n "$new_kernel_shasum" ]; then
      echo "WARNING sha256sum for linux-${_key} was not found."
    fi

    if [ "$latest_subver" != "0" ]; then
      # we move from an rc release directly to a kernel with a subversion update
      sed -i "s|#\"\$patch_site\"|\"\$patch_site\"|g" PKGBUILD
      old_kernel_patch_shasum="#upcoming_kernel_patch_sha256"
      new_kernel_patch_shasum="'$(grep patch-${_key}.${latest_subver}.xz v${kver_major}.x.sha256sums | cut -d' ' -f1)'"
    fi
  elif (( "$current_subver" < "$latest_subver" )); then
    # append kernel version update to updates
    updates="${updates} ${latest_full_ver}"

    echo "Newer upstream"
    if [[ "${_kver_subver_map[$_key]}" == rc* ]]; then
      echo "Updating rc kernel version in linux-tkg-config/prepare"

      escape "[\"${_key}\"]=\"rc${current_subver}\""
      _from="$_escaped"

      escape "[\"${_key}\"]=\"rc${latest_subver}\""
      _to="$_escaped"

      sed -i "/^_kver_subver_map=($/,/^)$/s|$_from|$_to|g" linux-tkg-config/prepare

      old_kernel_shasum=$(grep -A$(wc -l PKGBUILD | cut -d' ' -f1) "${kver_base})" PKGBUILD | grep sha256sums -m 1 - | cut -d \' -f2)

      # For RC we need download the original file
      echo "Downloading the GZ tarball for linux-${_key}-rc${latest_subver}"
      curl -sL --retry 2 -o "linux-${_key}-rc${latest_subver}.tar.gz" https://git.kernel.org/torvalds/t/linux-${_key}-rc${latest_subver}.tar.gz
      if [[ $? != "0" ]]; then
        echo "FAILED to download the linux-${_key}-rc${latest_subver}.tar.gz"
        exit 3
      fi

      new_kernel_shasum=$(sha256sum linux-${_key}-rc${latest_subver}.tar.gz | cut -d' ' -f1)
    else
      echo "Updating kernel version in linux-tkg-config/prepare"

      escape "[\"${_key}\"]=\"${current_subver}\""
      _from="$_escaped"

      escape "[\"${_key}\"]=\"${latest_subver}\""
      _to="$_escaped"

      sed -i "/^_kver_subver_map=($/,/^)$/s|$_from|$_to|g" linux-tkg-config/prepare

      if [ "$current_subver" = "0" ]; then
        # we move from an initial release to a kernel subversion update
        sed -i "s|#\"\$patch_site\"|\"\$patch_site\"|g" PKGBUILD
        old_kernel_patch_shasum="#upcoming_kernel_patch_sha256"
        new_kernel_patch_shasum="'$(grep patch-${_key}.${latest_subver}.xz v${kver_major}.x.sha256sums | cut -d' ' -f1)'"
      else
        old_kernel_patch_shasum="$(grep patch-${_key}.${current_subver}.xz v${kver_major}.x.sha256sums | cut -d' ' -f1)"
        new_kernel_patch_shasum="$(grep patch-${_key}.${latest_subver}.xz v${kver_major}.x.sha256sums | cut -d' ' -f1)"
      fi
    fi
  else
    echo "Same upstream"
  fi

  if [ -n "$new_kernel_shasum" ]; then
    echo "Updating kernel shasum in PKGBUILD"
    echo "old kernel: $old_kernel_shasum"
    echo "new kernel: $new_kernel_shasum"
    sed -i "s|$old_kernel_shasum|$new_kernel_shasum|g" PKGBUILD
  fi

  if [ -n "$new_kernel_patch_shasum" ]; then
    echo "Updating kernel patch shasum in PKGBUILD"
    echo "old kernel patch: $old_kernel_patch_shasum"
    echo "new kernel patch: $new_kernel_patch_shasum"
    sed -i "s|$old_kernel_patch_shasum|$new_kernel_patch_shasum|g" PKGBUILD
  fi

  echo "----------------------"
done

echo "$updates" > kernel_updates