Ack: [SRU precise/lts-backport-raring 1/1] UBUNTU: [Debian] Re-sign modules after debug objcopy

Brad Figg brad.figg at canonical.com
Fri Mar 7 18:35:23 UTC 2014 

On 03/07/2014 10:32 AM, Andy Whitcroft wrote:
> From: Tim Gardner <tim.gardner at canonical.com>
> 
> BugLink: http://bugs.launchpad.net/bugs/1253155
> 
> Adding a GNU debug link to a module ELF destroys the
> module signature, so re-sign the module file after the objcopy.
> 
> objcopy --add-gnu-debuglink=$(dbgpkgdir)/usr/lib/debug/$$module $(pkgdir)/$$module;
> scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) $(pkgdir)/$$module;
> 
> Signed-off-by: Tim Gardner <tim.gardner at canonical.com>
> Acked-by: Andy Whitcroft <apw at canonical.com>
> Acked-by: Stefan Bader <stefan.bader at canonical.com>
> Signed-off-by: Andy Whitcroft <apw at canonical.com>
> ---
>  debian/rules.d/2-binary-arch.mk | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
> index c593ef2..54bc527 100644
> --- a/debian/rules.d/2-binary-arch.mk
> +++ b/debian/rules.d/2-binary-arch.mk
> @@ -54,6 +54,9 @@ install-%: instfile = $(call custom_override,install_file,$*)
>  install-%: hdrdir = $(CURDIR)/debian/$(basepkg)-$*/usr/src/$(basepkg)-$*
>  install-%: target_flavour = $*
>  install-%: dtb_files = $(dtb_files_$*)
> +install-%: CONFIG_MODULE_SIG_HASH=sha512
> +install-%: MODSECKEY=$(builddir)/build-$*/signing_key.priv
> +install-%: MODPUBKEY=$(builddir)/build-$*/signing_key.x509
>  install-%: checks-%
>  	@echo Debug: $@ kernel_file $(kernel_file) kernfile $(kernfile) install_file $(install_file) instfile $(instfile)
>  	dh_testdir
> @@ -212,6 +215,8 @@ ifneq ($(skipdbg),true)
>  			$(CROSS_COMPILE)objcopy \
>  				--add-gnu-debuglink=$(dbgpkgdir)/usr/lib/debug/$$module \
>  				$(pkgdir)/$$module; \
> +			scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) \
> +				$(pkgdir)/$$module; \
>  		fi; \
>  	done
>  	rm -f $(dbgpkgdir)/usr/lib/debug/lib/modules/$(abi_release)-$*/build
> 


-- 
Brad Figg brad.figg at canonical.com http://www.canonical.com

More information about the kernel-team mailing list