[xenial/linux-signed-hwe]: [SRU][B/linux-signed-hwe][PATCH] UBUNTU: fix vmlinuz-* permissions for opal signed kernels

Kleber Souza kleber.souza at canonical.com
Thu Nov 28 15:35:29 UTC 2019


On 28.11.19 15:27, Kleber Sacilotto de Souza wrote:
> From: Seth Forshee <seth.forshee at canonical.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/1843327
> 
> We're currently changing the permissions on the signature file
> instead of the concatenated kernel+signature file which will be
> installed. Fix this.
> 
> Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo at canonical.com>
> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza at canonical.com>
> ---
> 
> Notes:
>     This bug was already fixed for Bionic and Disco, however this wasn't
>     fixed for bionic/linux-signed-hwe.
> 
>  debian/rules | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/debian/rules b/debian/rules
> index d8d99f8..bd5b948 100755
> --- a/debian/rules
> +++ b/debian/rules
> @@ -59,10 +59,10 @@ override_dh_auto_build:
>  		done;								\
>  		for s in *.opal.sig; do						\
>  			[ ! -f "$$s" ] && continue;				\
> -			chmod 600 "$$s";					\
>  			base=$$(echo "$$s" | sed -e 's/.opal.sig//');		\
> -			cat "$$base.opal" "$$s" >"../SIGNED/$$base";\
> -		done								\
> +			cat "$$base.opal" "$$s" >"../SIGNED/$$base";		\
> +			chmod 600 "../SIGNED/$$base";				\
> +		done;								\
>  	)
>  
>  override_dh_auto_install:
> 

I just noticed this fix is also needed for xenial/linux-signed-hwe. I have already
added the nomination to the bug report, please consider this patch also for Xenial.


Thanks,
Kleber



More information about the kernel-team mailing list