[PATCH 1/1][linux-signed-hwe][linux-signed-hwe-edge][SRU Bionic] UBUNTU: support recompression of signed kernels

Stefan Bader stefan.bader at canonical.com
Tue May 14 14:54:38 UTC 2019 

On 14.05.19 15:04, dann frazier wrote:
> On Wed, May 8, 2019 at 3:46 PM dann frazier <dann.frazier at canonical.com> wrote:
>>
>> From: Seth Forshee <seth.forshee at canonical.com>
>>
>> BugLink: https://bugs.launchpad.net/bugs/1804481
> 
> fyi, it may make sense to change this buglink. We tagged this one with
> LP: #1804481 in disco because it was part of a series that enabled
> signing. But, in bionic the actual arm64 *signing* bits already
> landed. Since I submitted this, the regression *this* patch fixes was
> reported as LP: #1828553. So, it may make sense to just consider LP:
> #1804481 closed and reference LP: #1828553 in the commit.
> 
You should have spoken up *before* things were committed

-Stefan

>   -dann
> 
>> Our arm64 generic kernels are compressed, but they must be
>> decompressed for signing. The kernel build will indicate that a
>> signed kernel image should be recompressed by adding GZIP=1 into
>> a <kernel-image>.vars file in the signing tarball. Add support
>> for reading the contents of this file and compressing the kernel
>> image when GZIP=1.
>>
>> Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
>> [ dannf: Use maximum gzip compression to match unsigned build ]
>> Signed-off-by: dann frazier <dann.frazier at canonical.com>
>> ---
>>  debian/rules | 10 +++++++++-
>>  1 file changed, 9 insertions(+), 1 deletion(-)
>>
>> diff --git a/debian/rules b/debian/rules
>> index 926c4ae..0fbd900 100755
>> --- a/debian/rules
>> +++ b/debian/rules
>> @@ -44,8 +44,16 @@ override_dh_auto_build:
>>                 cd "$(src_version)" || exit 1;                                  \
>>                 for s in *.efi.signed; do                                       \
>>                         [ ! -f "$$s" ] && continue;                             \
>> -                       chmod 600 "$$s";                                        \
>>                         base=$$(echo "$$s" | sed -e 's/.efi.signed//');         \
>> +                       (                                                       \
>> +                               vars="$${base}.efi.vars";                       \
>> +                               [ -f "$$vars" ] && . "./$$vars";                \
>> +                               if [ "$$GZIP" = "1" ]; then                     \
>> +                                       gzip -9 "$$s";                          \
>> +                                       mv "$${s}.gz" "$$s";                    \
>> +                               fi;                                             \
>> +                       );                                                      \
>> +                       chmod 600 "$$s";                                        \
>>                         ln "$$s" "../SIGNED/$$base";                            \
>>                 done;                                                           \
>>                 for s in *.opal.sig; do                                         \
>> --
>> 2.20.1
>>
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20190514/62212de3/attachment-0001.sig>

More information about the kernel-team mailing list