[Bug 1980057] Re: dkms fails to sign modules in kinetic, no more kmodsign
Julian Andres Klode
1980057 at bugs.launchpad.net
Tue Jun 28 08:10:52 UTC 2022
sbsigntool accidentally got synced dropping the Ubuntu delta, breaking
this
** Package changed: dkms (Ubuntu) => sbsigntool (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to sbsigntool in Ubuntu.
https://bugs.launchpad.net/bugs/1980057
Title:
dkms fails to sign modules in kinetic, no more kmodsign
Status in sbsigntool package in Ubuntu:
New
Bug description:
It seems that dkms uses a tool called kmodsign to sign modules, which
no longer exists in kinetic according to apt-file, causing dkms
modules to be unsigned.
sign_build()
{
[[ -x "$(command -v kmodsign)" && -d "/var/lib/shim-signed/mok/" ]] || return
local base_dir="$dkms_tree/$module/$module_version/$kernelver/$arch"
if type update-secureboot-policy >/dev/null 2>&1; then
echo $"Signing module:"
SHIM_NOTRIGGER=y update-secureboot-policy --new-key
for ko in `find "$base_dir/module/" -name "*.ko" -print`;
do
echo " - $ko"
kmodsign sha512 \
/var/lib/shim-signed/mok/MOK.priv \
/var/lib/shim-signed/mok/MOK.der \
"$ko"
done
update-secureboot-policy --enroll-key
fi
}
instead of kmodsign, it should use
/lib/modules/$kernelver/build/scripts/sign-file
AFAICT
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/sbsigntool/+bug/1980057/+subscriptions
More information about the foundations-bugs
mailing list