(added Max to Cc) On 2015-03-16 09:20, Andrey Skvortsov wrote: > If CONFIG_MODULE_SIG_ALL is set, then user expects that all modules are > automatically signed in the result package, as it's for rpm-pkg, binrpm-pkg, > tar, tar-*. For deb-pkg this is correct only if CONFIG_DEBUG_INFO > is NOT set. In that case deb-package contains signed modules. > > But if CONFIG_DEBUG_INFO is set, builddeb creates separate package with > debug information. To do that, debug information from all modules > is copied into separate files by objcopy. And loadable kernel modules are > stripped afterwards. Stripping removes previously (during modules_install) > added signatures from loadable kernel modules. Therefore final deb-package > contains unsigned modules despite of set option CONFIG_MODULE_SIG_ALL. > > This patch resigns all stripped modules if CONFIG_MODULE_SIG_ALL is set > to solve this problem. > > Signed-off-by: Andrey Skvortsov <andrej.skvortzov@xxxxxxxxx> Max, Ben, are you fine with this patch? It looks OK to me, the modules_sign target has been added for this very purpose. Thanks, Michal > --- > scripts/package/builddeb | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/scripts/package/builddeb b/scripts/package/builddeb > index 88dbf23..977c4d7 100755 > --- a/scripts/package/builddeb > +++ b/scripts/package/builddeb > @@ -162,6 +162,12 @@ if grep -q '^CONFIG_MODULES=y' $KCONFIG_CONFIG ; then > # then add a link to those > $OBJCOPY --add-gnu-debuglink=$dbg_dir/usr/lib/debug/$module $tmpdir/$module > done > + > + # resign stripped modules > + MODULE_SIG_ALL="$(grep -s '^CONFIG_MODULE_SIG_ALL=y' $KCONFIG_CONFIG || true)" > + if [ -n "$MODULE_SIG_ALL" ]; then > + INSTALL_MOD_PATH="$tmpdir" $MAKE KBUILD_SRC= modules_sign > + fi > fi > fi > > -- To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html