[linux] 05/07: debian/config: Add config variable to control module signing in linux-signed

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Mon Apr 4 18:29:53 UTC 2016


This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch benh/secure-boot
in repository linux.

commit 516d9dac1d8650fc21bdf13cfcd7e400fb925cdb
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Sun Apr 3 21:38:02 2016 +0100

    debian/config: Add config variable to control module signing in linux-signed
    
    - Enable it by default
    - Disable it for armel/marvell since signature verification is not enabled.
    - Disable it for mips and mipsel so linux-signed can be uploaded without
      waiting for them to build
    - Disable it for all architectures not in the main archive, as linux-signed
      won't support them (at least, not initially).
    
    We don't need a variable to control signing of the image, because
    we should do that for all flavours that have CONFIG_EFI_STUB=y.
---
 debian/bin/gencontrol.py         | 1 +
 debian/config/alpha/defines      | 2 ++
 debian/config/armel/defines      | 4 ++++
 debian/config/defines            | 4 ++++
 debian/config/hppa/defines       | 2 ++
 debian/config/m68k/defines       | 2 ++
 debian/config/mips/defines       | 2 ++
 debian/config/mips64/defines     | 2 ++
 debian/config/mips64el/defines   | 2 ++
 debian/config/mipsel/defines     | 2 ++
 debian/config/powerpcspe/defines | 2 ++
 debian/config/ppc64/defines      | 2 ++
 debian/config/sh4/defines        | 2 ++
 debian/config/sparc64/defines    | 2 ++
 14 files changed, 31 insertions(+)

diff --git a/debian/bin/gencontrol.py b/debian/bin/gencontrol.py
index 0aa6878..6584b7c 100755
--- a/debian/bin/gencontrol.py
+++ b/debian/bin/gencontrol.py
@@ -23,6 +23,7 @@ class Gencontrol(Base):
         },
         'build': {
             'debug-info': config.SchemaItemBoolean(),
+            'signed-modules': config.SchemaItemBoolean(),
             'vdso': config.SchemaItemBoolean(),
         },
         'description': {
diff --git a/debian/config/alpha/defines b/debian/config/alpha/defines
index 971b7f0..386809d 100644
--- a/debian/config/alpha/defines
+++ b/debian/config/alpha/defines
@@ -4,6 +4,8 @@ kernel-arch: alpha
 
 [build]
 image-file: arch/alpha/boot/vmlinux.gz
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 
 [image]
 suggests: aboot, fdutils
diff --git a/debian/config/armel/defines b/debian/config/armel/defines
index 70798d5..0a6341a 100644
--- a/debian/config/armel/defines
+++ b/debian/config/armel/defines
@@ -17,6 +17,10 @@ install-stem: vmlinuz
 [relations]
 headers%gcc-5: linux-compiler-gcc-5-arm
 
+[marvell_build]
+# Signature verification disabled to save on code size
+signed-modules: false
+
 [marvell_description]
 hardware: Marvell Kirkwood/Orion
 hardware-long: Marvell Kirkwood based systems (SheevaPlug, QNAP TS-119/TS-219, etc)
diff --git a/debian/config/defines b/debian/config/defines
index a2fe96c..412966a 100644
--- a/debian/config/defines
+++ b/debian/config/defines
@@ -31,6 +31,10 @@ featuresets:
  none
  rt
 
+[build]
+# Enable module signing by default (implemented in the linux-signed package)
+signed-modules: true
+
 [featureset-rt_base]
 enabled: false
 
diff --git a/debian/config/hppa/defines b/debian/config/hppa/defines
index 368576b..67351e6 100644
--- a/debian/config/hppa/defines
+++ b/debian/config/hppa/defines
@@ -4,6 +4,8 @@ kernel-arch: parisc
 
 [build]
 image-file: vmlinux
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 
 [image]
 suggests: palo
diff --git a/debian/config/m68k/defines b/debian/config/m68k/defines
index d5cddc9..dcaef97 100644
--- a/debian/config/m68k/defines
+++ b/debian/config/m68k/defines
@@ -6,6 +6,8 @@ kernel-arch: m68k
 
 [build]
 image-file: vmlinux.gz
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 
 [image]
 suggests: vmelilo, fdutils
diff --git a/debian/config/mips/defines b/debian/config/mips/defines
index 74f639e..55e0fb7 100644
--- a/debian/config/mips/defines
+++ b/debian/config/mips/defines
@@ -7,6 +7,8 @@ kernel-arch: mips
 
 [build]
 image-file: vmlinux
+# linux-signed should not wait for slow builds
+signed-modules: false
 
 [image]
 install-stem: vmlinux
diff --git a/debian/config/mips64/defines b/debian/config/mips64/defines
index 450568e..5e3d537 100644
--- a/debian/config/mips64/defines
+++ b/debian/config/mips64/defines
@@ -6,6 +6,8 @@ kernel-arch: mips
 
 [build]
 image-file: vmlinux
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 
 [image]
 install-stem: vmlinux
diff --git a/debian/config/mips64el/defines b/debian/config/mips64el/defines
index 5b198df..ca23bfc 100644
--- a/debian/config/mips64el/defines
+++ b/debian/config/mips64el/defines
@@ -7,6 +7,8 @@ kernel-arch: mips
 
 [build]
 image-file: vmlinux
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 
 [image]
 install-stem: vmlinux
diff --git a/debian/config/mipsel/defines b/debian/config/mipsel/defines
index a78c3a8..536455a 100644
--- a/debian/config/mipsel/defines
+++ b/debian/config/mipsel/defines
@@ -9,6 +9,8 @@ kernel-arch: mips
 
 [build]
 image-file: vmlinux
+# linux-signed should not wait for slow builds
+signed-modules: false
 
 [image]
 install-stem: vmlinux
diff --git a/debian/config/powerpcspe/defines b/debian/config/powerpcspe/defines
index adb4bea..e978279 100644
--- a/debian/config/powerpcspe/defines
+++ b/debian/config/powerpcspe/defines
@@ -5,6 +5,8 @@ kernel-arch: powerpc
 
 [build]
 image-file: vmlinux
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 vdso: true
 
 [image]
diff --git a/debian/config/ppc64/defines b/debian/config/ppc64/defines
index 7efcb1a..86b6b20 100644
--- a/debian/config/ppc64/defines
+++ b/debian/config/ppc64/defines
@@ -5,6 +5,8 @@ kernel-arch: powerpc
 
 [build]
 image-file: vmlinux
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 vdso: true
 
 [image]
diff --git a/debian/config/sh4/defines b/debian/config/sh4/defines
index e8e5a9e..a50ed41 100644
--- a/debian/config/sh4/defines
+++ b/debian/config/sh4/defines
@@ -6,6 +6,8 @@ kernel-arch: sh
 
 [build]
 image-file: arch/sh/boot/zImage
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 
 [image]
 suggests: fdutils
diff --git a/debian/config/sparc64/defines b/debian/config/sparc64/defines
index 607a267..cd4d9df 100644
--- a/debian/config/sparc64/defines
+++ b/debian/config/sparc64/defines
@@ -6,6 +6,8 @@ kernel-arch: sparc
 
 [build]
 image-file: arch/sparc/boot/zImage
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 
 [image]
 configs:

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git



More information about the Kernel-svn-changes mailing list