[linux] 02/03: modules: Enable MODULE_SIG and MODULE_SIG_SHA256

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Sun Apr 3 13:58:21 UTC 2016 

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch benh/secure-boot
in repository linux.

commit c955e35c32d452b05f5d3c9ccebd6f588b1e90ae
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Sun Apr 3 04:53:27 2016 +0100

    modules: Enable MODULE_SIG and MODULE_SIG_SHA256
    
    ...but not MODULE_SIG_ALL as signatures will be packaged separately
---
 debian/changelog                   |  3 +++
 debian/config/armel/config.marvell |  1 +
 debian/config/config               | 15 ++++++++-------
 debian/templates/control.source.in |  2 +-
 4 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 728e711..a289718 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -10,6 +10,9 @@ linux (4.5-1~exp2) UNRELEASED; urgency=medium
     (Closes: #550379, #573483, #816500)
   * Add Matthew Garrett's securelevel patchset in preparation for Secure Boot
     support (see Documentation/security/securelevel.txt)
+  * modules: Enable MODULE_SIG and MODULE_SIG_SHA256, but not MODULE_SIG_ALL
+    as signatures will be packaged separately
+    - debian/control: Add build-dependency on libssl-dev
 
  -- Ben Hutchings <ben at decadent.org.uk>  Fri, 25 Mar 2016 13:43:57 +0000
 
diff --git a/debian/config/armel/config.marvell b/debian/config/armel/config.marvell
index ed9308d..d80a2cc 100644
--- a/debian/config/armel/config.marvell
+++ b/debian/config/armel/config.marvell
@@ -672,6 +672,7 @@ CONFIG_ORION_WATCHDOG=m
 # CONFIG_CHECKPOINT_RESTORE is not set
 CONFIG_CC_OPTIMIZE_FOR_SIZE=y
 # CONFIG_PROFILING is not set
+# CONFIG_MODULE_SIG is not set
 
 ##
 ## file: kernel/power/Kconfig
diff --git a/debian/config/config b/debian/config/config
index 9a0daf5..2b826b8 100644
--- a/debian/config/config
+++ b/debian/config/config
@@ -56,11 +56,6 @@ CONFIG_EFI_PARTITION=y
 # CONFIG_CMDLINE_PARTITION is not set
 
 ##
-## file: certs/Kconfig
-##
-# CONFIG_SYSTEM_TRUSTED_KEYRING is not set
-
-##
 ## file: crypto/Kconfig
 ##
 CONFIG_CRYPTO=y
@@ -5585,8 +5580,14 @@ CONFIG_MODULE_UNLOAD=y
 CONFIG_MODULE_FORCE_UNLOAD=y
 CONFIG_MODVERSIONS=y
 # CONFIG_MODULE_SRCVERSION_ALL is not set
-#. Not yet
-# CONFIG_MODULE_SIG is not set
+CONFIG_MODULE_SIG=y
+#. Signature validation is a run-time option
+# CONFIG_MODULE_SIG_FORCE is not set
+#. Signatures are added in linux-signed
+# CONFIG_MODULE_SIG_ALL is not set
+## choice: Which hash algorithm should modules be signed with?
+CONFIG_MODULE_SIG_SHA256=y
+## end choice
 # CONFIG_MODULE_COMPRESS is not set
 
 ##
diff --git a/debian/templates/control.source.in b/debian/templates/control.source.in
index ab65421..43677eb 100644
--- a/debian/templates/control.source.in
+++ b/debian/templates/control.source.in
@@ -4,7 +4,7 @@ Maintainer: Debian Kernel Team <debian-kernel at lists.debian.org>
 Uploaders: Bastian Blank <waldi at debian.org>, maximilian attems <maks at debian.org>, Ben Hutchings <ben at decadent.org.uk>
 Standards-Version: 3.9.5
 Build-Depends: debhelper, python3:any, quilt,
- cpio <!stage1>, kmod <!stage1>, xz-utils <!stage1>, kernel-wedge (>= 2.93~) <!stage1>, bc <!stage1>,
+ cpio <!stage1>, kmod <!stage1>, xz-utils <!stage1>, kernel-wedge (>= 2.93~) <!stage1>, bc <!stage1>, libssl-dev <!stage1>, openssl <!stage1>,
  asciidoc <!stage1>, bison <!stage1>, flex <!stage1>, gcc-multilib [amd64 ppc64 s390x sparc64] <!stage1>, libaudit-dev <!stage1>, libdw-dev <!stage1>, libelf-dev <!stage1>, libiberty-dev <!stage1> | binutils-dev (<< 2.23.91.20131123-1) <!stage1>, libnewt-dev <!stage1>, libnuma-dev [amd64 arm64 hppa i386 mips mips64 mips64el mipsel powerpc powerpcspe ppc64 ppc64el sparc x32] <!stage1>, libperl-dev <!stage1>, libunwind8-dev [amd64 armel armhf arm64 i386] <!stage1>, python-dev <!stage1>, xm [...]
  autoconf <!stage1>, automake <!stage1>, libtool <!stage1>, libglib2.0-dev <!stage1>, libudev-dev <!stage1>, libwrap0-dev <!stage1>, libpci-dev <!stage1>,
  dh-python <!stage1>, dh-systemd <!stage1>

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list