[SRU][B][PATCH] UBUNTU: [Packaging] Add system trusted and revocation keys final check
Dimitri John Ledkov
dimitri.ledkov at canonical.com
Wed Oct 13 16:20:39 UTC 2021
If certificates are packaged, the config keys to use them must be
enabled otherwise boot testing will fail. This check ensures early
detection of incorrect configuration when rebasing derivative kernels.
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov at canonical.com>
---
debian/scripts/misc/final-checks | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/debian/scripts/misc/final-checks b/debian/scripts/misc/final-checks
index 52156463cc..a1700fa4d1 100755
--- a/debian/scripts/misc/final-checks
+++ b/debian/scripts/misc/final-checks
@@ -44,6 +44,18 @@ abi_check()
fi
}
+if [ -d debian/certs ]; then
+ if ! grep -q '^CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem"$' $debian/config/config.common.ubuntu; then
+ failure "'CONFIG_SYSTEM_TRUSTED_KEYS="debian/canonical-certs.pem"' is required"
+ fi
+fi
+
+if [ -d debian/revoked-certs ]; then
+ if ! grep -q '^CONFIG_SYSTEM_REVOCATION_KEYS="debian/canonical-revoked-certs.pem"$' $debian/config/config.common.ubuntu; then
+ failure "'CONFIG_SYSTEM_REVOCATION_KEYS="debian/canonical-revoked-certs.pem"' is required"
+ fi
+fi
+
for arch in $archs
do
if [ ! -f "$debian/rules.d/$arch.mk" ]; then
--
2.30.2
More information about the kernel-team
mailing list