[SRU precise/lts-backport-raring 1/1] UBUNTU: [Debian] Re-sign modules after debug objcopy

[Andy Whitcroft]

From: Tim Gardner <tim.gardner at canonical.com>

BugLink: http://bugs.launchpad.net/bugs/1253155

Adding a GNU debug link to a module ELF destroys the
module signature, so re-sign the module file after the objcopy.

objcopy --add-gnu-debuglink=$(dbgpkgdir)/usr/lib/debug/$$module $(pkgdir)/$$module;
scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) $(pkgdir)/$$module;

Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
Acked-by: Andy Whitcroft <apw at canonical.com>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
Signed-off-by: Andy Whitcroft <apw at canonical.com>
---
 debian/rules.d/2-binary-arch.mk | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
index c593ef2..54bc527 100644
--- a/debian/rules.d/2-binary-arch.mk
+++ b/debian/rules.d/2-binary-arch.mk
@@ -54,6 +54,9 @@ install-%: instfile = $(call custom_override,install_file,$*)
 install-%: hdrdir = $(CURDIR)/debian/$(basepkg)-$*/usr/src/$(basepkg)-$*
 install-%: target_flavour = $*
 install-%: dtb_files = $(dtb_files_$*)
+install-%: CONFIG_MODULE_SIG_HASH=sha512
+install-%: MODSECKEY=$(builddir)/build-$*/signing_key.priv
+install-%: MODPUBKEY=$(builddir)/build-$*/signing_key.x509
 install-%: checks-%
 	@echo Debug: $@ kernel_file $(kernel_file) kernfile $(kernfile) install_file $(install_file) instfile $(instfile)
 	dh_testdir
@@ -212,6 +215,8 @@ ifneq ($(skipdbg),true)
 			$(CROSS_COMPILE)objcopy \
 				--add-gnu-debuglink=$(dbgpkgdir)/usr/lib/debug/$$module \
 				$(pkgdir)/$$module; \
+			scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) \
+				$(pkgdir)/$$module; \
 		fi; \
 	done
 	rm -f $(dbgpkgdir)/usr/lib/debug/lib/modules/$(abi_release)-$*/build
-- 
1.9.0