[Disco] LP:1764792 -- produce signatures for nvidia dkms modules
Andy Whitcroft
apw at canonical.com
Wed Dec 19 15:40:20 UTC 2018
We are working up to producing signed Nvidia modules. We cannot ship
those assembled due to licensing but we wish for the result to be a
working .ko which is signed into the kernels kernel-module signing key.
To do this we will build the dkms modules in a reproducible manner which
allows them to be linked on installation on the end-user system (meeting
the licensing constraints). As the build is reproducible we are able
to build, sign, and discard the modules in the primary kernel build
keeping only the signatures. These will then be consumed by a linux-lrm
package which will produce the same reproducible build pieces (unlinked)
and incorporate the associated signature. Later when installed the .kos
can be linked and that signature applied so they are loadable under
signing.
Proposing for application to disco.
-apw
The following changes since commit 7df2ac79ed6d256af0c4f13ac2b8671c585ed9ca:
UBUNTU: update dkms package versions (2018-12-11 14:37:04 -0600)
are available in the Git repository at:
git://git.launchpad.net/~apw/ubuntu/+source/linux/+git/disco build-nvidia-signatures
for you to fetch changes up to 68aace1f2ec40a2a280d03e4f167e154697e256b:
UBUNTU: [Packaging] nvidia -- make nvidia package version explicit (2018-12-19 10:46:35 +0000)
----------------------------------------------------------------
* Build Nvidia drivers in conjunction with kernel (LP: #1764792)
- [Packaging] dkms -- add per package post-process step
- [Packaging] dkms -- switch to a consistent build prefix length and strip
- [Packaging] nvidia -- build and sign nvidia packages and ship signatures
- [Packaging] nvidia -- make nvidia package version explicit
More information about the kernel-team
mailing list