[Acked] [PATCH Saucy SRU] UBUNTU: [Debian] Re-sign modules after debug objcopy

[Andy Whitcroft]

On Tue, Nov 26, 2013 at 12:42:14PM -0700, Tim Gardner wrote:
> BugLink: http://bugs.launchpad.net/bugs/1253155
> 
> Adding a GNU debug link to a module ELF destroys the
> module signature, so re-sign the module file after the objcopy.
> 
> objcopy --add-gnu-debuglink=$(dbgpkgdir)/usr/lib/debug/$$module $(pkgdir)/$$module;
> scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) $(pkgdir)/$$module;
> 
> Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
> ---
>  debian/rules.d/2-binary-arch.mk |    5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
> index e24058a..147fbc3 100644
> --- a/debian/rules.d/2-binary-arch.mk
> +++ b/debian/rules.d/2-binary-arch.mk
> @@ -60,6 +60,9 @@ install-%: instfile = $(call custom_override,install_file,$*)
>  install-%: hdrdir = $(CURDIR)/debian/$(basepkg)-$*/usr/src/$(basepkg)-$*
>  install-%: target_flavour = $*
>  install-%: dtb_files = $(dtb_files_$*)
> +install-%: CONFIG_MODULE_SIG_HASH=sha512
> +install-%: MODSECKEY=$(builddir)/build-$*/signing_key.priv
> +install-%: MODPUBKEY=$(builddir)/build-$*/signing_key.x509
>  install-%: checks-%
>  	@echo Debug: $@ kernel_file $(kernel_file) kernfile $(kernfile) install_file $(install_file) instfile $(instfile)
>  	dh_testdir
> @@ -218,6 +221,8 @@ ifneq ($(skipdbg),true)
>  			$(CROSS_COMPILE)objcopy \
>  				--add-gnu-debuglink=$(dbgpkgdir)/usr/lib/debug/$$module \
>  				$(pkgdir)/$$module; \
> +			scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) \
> +				$(pkgdir)/$$module; \
>  		fi; \
>  	done
>  	rm -f $(dbgpkgdir)/usr/lib/debug/lib/modules/$(abi_release)-$*/build

Makes sense.  Tested in trusty.

Acked-by: Andy Whitcroft <apw at canonical.com>

-apw