Re: [PATCH] builddeb: fix stripped module signatures if CONFIG_DEBUG_INFO and CONFIG_MODULE_SIG_ALL are set

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



(added Max to Cc)

On 2015-03-16 09:20, Andrey Skvortsov wrote:
> If CONFIG_MODULE_SIG_ALL is set, then user expects that all modules are
> automatically signed in the result package, as it's for rpm-pkg, binrpm-pkg,
> tar, tar-*. For deb-pkg this is correct only if CONFIG_DEBUG_INFO
> is NOT set. In that case deb-package contains signed modules.
> 
> But if CONFIG_DEBUG_INFO is set, builddeb creates separate package with
> debug information. To do that, debug information from all modules
> is copied into separate files by objcopy. And loadable kernel modules are
> stripped afterwards. Stripping removes previously (during modules_install)
> added signatures from loadable kernel modules. Therefore final deb-package
> contains unsigned modules despite of set option CONFIG_MODULE_SIG_ALL.
> 
> This patch resigns all stripped modules if CONFIG_MODULE_SIG_ALL is set
> to solve this problem.
> 
> Signed-off-by: Andrey Skvortsov <andrej.skvortzov@xxxxxxxxx>

Max, Ben, are you fine with this patch? It looks OK to me, the
modules_sign target has been added for this very purpose.

Thanks,
Michal

> ---
>  scripts/package/builddeb |    6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/scripts/package/builddeb b/scripts/package/builddeb
> index 88dbf23..977c4d7 100755
> --- a/scripts/package/builddeb
> +++ b/scripts/package/builddeb
> @@ -162,6 +162,12 @@ if grep -q '^CONFIG_MODULES=y' $KCONFIG_CONFIG ; then
>  			# then add a link to those
>  			$OBJCOPY --add-gnu-debuglink=$dbg_dir/usr/lib/debug/$module $tmpdir/$module
>  		done
> +
> +                # resign stripped modules
> +                MODULE_SIG_ALL="$(grep -s '^CONFIG_MODULE_SIG_ALL=y' $KCONFIG_CONFIG || true)"
> +                if [ -n "$MODULE_SIG_ALL" ]; then
> +	            	INSTALL_MOD_PATH="$tmpdir" $MAKE KBUILD_SRC= modules_sign
> +                fi
>  	fi
>  fi
>  
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux&nblp;USB Development]     [Linux Media]     [Video for Linux]     [Linux Audio Users]     [Yosemite Secrets]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux