[linux] 05/07: debian/config: Add config variable to control module signing in linux-signed
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Mon Apr 4 18:29:53 UTC 2016
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch benh/secure-boot
in repository linux.
commit 516d9dac1d8650fc21bdf13cfcd7e400fb925cdb
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Sun Apr 3 21:38:02 2016 +0100
debian/config: Add config variable to control module signing in linux-signed
- Enable it by default
- Disable it for armel/marvell since signature verification is not enabled.
- Disable it for mips and mipsel so linux-signed can be uploaded without
waiting for them to build
- Disable it for all architectures not in the main archive, as linux-signed
won't support them (at least, not initially).
We don't need a variable to control signing of the image, because
we should do that for all flavours that have CONFIG_EFI_STUB=y.
---
debian/bin/gencontrol.py | 1 +
debian/config/alpha/defines | 2 ++
debian/config/armel/defines | 4 ++++
debian/config/defines | 4 ++++
debian/config/hppa/defines | 2 ++
debian/config/m68k/defines | 2 ++
debian/config/mips/defines | 2 ++
debian/config/mips64/defines | 2 ++
debian/config/mips64el/defines | 2 ++
debian/config/mipsel/defines | 2 ++
debian/config/powerpcspe/defines | 2 ++
debian/config/ppc64/defines | 2 ++
debian/config/sh4/defines | 2 ++
debian/config/sparc64/defines | 2 ++
14 files changed, 31 insertions(+)
diff --git a/debian/bin/gencontrol.py b/debian/bin/gencontrol.py
index 0aa6878..6584b7c 100755
--- a/debian/bin/gencontrol.py
+++ b/debian/bin/gencontrol.py
@@ -23,6 +23,7 @@ class Gencontrol(Base):
},
'build': {
'debug-info': config.SchemaItemBoolean(),
+ 'signed-modules': config.SchemaItemBoolean(),
'vdso': config.SchemaItemBoolean(),
},
'description': {
diff --git a/debian/config/alpha/defines b/debian/config/alpha/defines
index 971b7f0..386809d 100644
--- a/debian/config/alpha/defines
+++ b/debian/config/alpha/defines
@@ -4,6 +4,8 @@ kernel-arch: alpha
[build]
image-file: arch/alpha/boot/vmlinux.gz
+# linux-signed only works for architectures in the main archive
+signed-modules: false
[image]
suggests: aboot, fdutils
diff --git a/debian/config/armel/defines b/debian/config/armel/defines
index 70798d5..0a6341a 100644
--- a/debian/config/armel/defines
+++ b/debian/config/armel/defines
@@ -17,6 +17,10 @@ install-stem: vmlinuz
[relations]
headers%gcc-5: linux-compiler-gcc-5-arm
+[marvell_build]
+# Signature verification disabled to save on code size
+signed-modules: false
+
[marvell_description]
hardware: Marvell Kirkwood/Orion
hardware-long: Marvell Kirkwood based systems (SheevaPlug, QNAP TS-119/TS-219, etc)
diff --git a/debian/config/defines b/debian/config/defines
index a2fe96c..412966a 100644
--- a/debian/config/defines
+++ b/debian/config/defines
@@ -31,6 +31,10 @@ featuresets:
none
rt
+[build]
+# Enable module signing by default (implemented in the linux-signed package)
+signed-modules: true
+
[featureset-rt_base]
enabled: false
diff --git a/debian/config/hppa/defines b/debian/config/hppa/defines
index 368576b..67351e6 100644
--- a/debian/config/hppa/defines
+++ b/debian/config/hppa/defines
@@ -4,6 +4,8 @@ kernel-arch: parisc
[build]
image-file: vmlinux
+# linux-signed only works for architectures in the main archive
+signed-modules: false
[image]
suggests: palo
diff --git a/debian/config/m68k/defines b/debian/config/m68k/defines
index d5cddc9..dcaef97 100644
--- a/debian/config/m68k/defines
+++ b/debian/config/m68k/defines
@@ -6,6 +6,8 @@ kernel-arch: m68k
[build]
image-file: vmlinux.gz
+# linux-signed only works for architectures in the main archive
+signed-modules: false
[image]
suggests: vmelilo, fdutils
diff --git a/debian/config/mips/defines b/debian/config/mips/defines
index 74f639e..55e0fb7 100644
--- a/debian/config/mips/defines
+++ b/debian/config/mips/defines
@@ -7,6 +7,8 @@ kernel-arch: mips
[build]
image-file: vmlinux
+# linux-signed should not wait for slow builds
+signed-modules: false
[image]
install-stem: vmlinux
diff --git a/debian/config/mips64/defines b/debian/config/mips64/defines
index 450568e..5e3d537 100644
--- a/debian/config/mips64/defines
+++ b/debian/config/mips64/defines
@@ -6,6 +6,8 @@ kernel-arch: mips
[build]
image-file: vmlinux
+# linux-signed only works for architectures in the main archive
+signed-modules: false
[image]
install-stem: vmlinux
diff --git a/debian/config/mips64el/defines b/debian/config/mips64el/defines
index 5b198df..ca23bfc 100644
--- a/debian/config/mips64el/defines
+++ b/debian/config/mips64el/defines
@@ -7,6 +7,8 @@ kernel-arch: mips
[build]
image-file: vmlinux
+# linux-signed only works for architectures in the main archive
+signed-modules: false
[image]
install-stem: vmlinux
diff --git a/debian/config/mipsel/defines b/debian/config/mipsel/defines
index a78c3a8..536455a 100644
--- a/debian/config/mipsel/defines
+++ b/debian/config/mipsel/defines
@@ -9,6 +9,8 @@ kernel-arch: mips
[build]
image-file: vmlinux
+# linux-signed should not wait for slow builds
+signed-modules: false
[image]
install-stem: vmlinux
diff --git a/debian/config/powerpcspe/defines b/debian/config/powerpcspe/defines
index adb4bea..e978279 100644
--- a/debian/config/powerpcspe/defines
+++ b/debian/config/powerpcspe/defines
@@ -5,6 +5,8 @@ kernel-arch: powerpc
[build]
image-file: vmlinux
+# linux-signed only works for architectures in the main archive
+signed-modules: false
vdso: true
[image]
diff --git a/debian/config/ppc64/defines b/debian/config/ppc64/defines
index 7efcb1a..86b6b20 100644
--- a/debian/config/ppc64/defines
+++ b/debian/config/ppc64/defines
@@ -5,6 +5,8 @@ kernel-arch: powerpc
[build]
image-file: vmlinux
+# linux-signed only works for architectures in the main archive
+signed-modules: false
vdso: true
[image]
diff --git a/debian/config/sh4/defines b/debian/config/sh4/defines
index e8e5a9e..a50ed41 100644
--- a/debian/config/sh4/defines
+++ b/debian/config/sh4/defines
@@ -6,6 +6,8 @@ kernel-arch: sh
[build]
image-file: arch/sh/boot/zImage
+# linux-signed only works for architectures in the main archive
+signed-modules: false
[image]
suggests: fdutils
diff --git a/debian/config/sparc64/defines b/debian/config/sparc64/defines
index 607a267..cd4d9df 100644
--- a/debian/config/sparc64/defines
+++ b/debian/config/sparc64/defines
@@ -6,6 +6,8 @@ kernel-arch: sparc
[build]
image-file: arch/sparc/boot/zImage
+# linux-signed only works for architectures in the main archive
+signed-modules: false
[image]
configs:
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list