[PATCH 1/1][linux-signed-hwe][linux-signed-hwe-edge][SRU Bionic] UBUNTU: support recompression of signed kernels

[dann frazier]

From: Seth Forshee <seth.forshee at canonical.com>

BugLink: https://bugs.launchpad.net/bugs/1804481

Our arm64 generic kernels are compressed, but they must be
decompressed for signing. The kernel build will indicate that a
signed kernel image should be recompressed by adding GZIP=1 into
a <kernel-image>.vars file in the signing tarball. Add support
for reading the contents of this file and compressing the kernel
image when GZIP=1.

Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
[ dannf: Use maximum gzip compression to match unsigned build ]
Signed-off-by: dann frazier <dann.frazier at canonical.com>
---
 debian/rules | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 926c4ae..0fbd900 100755
--- a/debian/rules
+++ b/debian/rules
@@ -44,8 +44,16 @@ override_dh_auto_build:
 		cd "$(src_version)" || exit 1;					\
 		for s in *.efi.signed; do					\
 			[ ! -f "$$s" ] && continue;				\
-			chmod 600 "$$s";					\
 			base=$$(echo "$$s" | sed -e 's/.efi.signed//');		\
+			(							\
+				vars="$${base}.efi.vars";			\
+				[ -f "$$vars" ] && . "./$$vars";		\
+				if [ "$$GZIP" = "1" ]; then			\
+					gzip -9 "$$s";				\
+					mv "$${s}.gz" "$$s";			\
+				fi;						\
+			);							\
+			chmod 600 "$$s";					\
 			ln "$$s" "../SIGNED/$$base";				\
 		done;								\
 		for s in *.opal.sig; do						\
-- 
2.20.1