[linux-signed] 08/09: Remove unnecessary and unresolvable sbsigntool dependencies

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Sat Apr 16 01:04:24 UTC 2016


This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch master
in repository linux-signed.

commit 6fde18c7bad7927ff11a8cb7331970731f6b4726
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Sat Apr 16 01:13:46 2016 +0100

    Remove unnecessary and unresolvable sbsigntool dependencies
    
    - Only depend on sbsigntool if the package includes a signature for the
      kernel image
    - For now, only generate those signatures on x86 because sbsigntool is
      not built for other architectures
---
 debian/bin/sign.py                       | 4 ++++
 debian/rules.real                        | 8 +++++---
 debian/templates/control.image-signed.in | 2 +-
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/debian/bin/sign.py b/debian/bin/sign.py
index 6f147ab..908b877 100755
--- a/debian/bin/sign.py
+++ b/debian/bin/sign.py
@@ -198,6 +198,10 @@ def sign(config_name, imageversion_str, modules_privkey_name, modules_cert_name,
                              '%s/lib/modules/%s' % (signature_dir, kernelversion),
                              modules_privkey_name, modules_cert_name)
 
+                # XXX sbsigntool isn't yet built for !x86 (bug #821144)
+                if arch not in ['amd64', 'i386']:
+                    continue
+
                 # Currently we can only sign kernel images built with an
                 # EFI stub, which has space for an embedded signature.
                 with open(os.path.join(package_dir,
diff --git a/debian/rules.real b/debian/rules.real
index 7a2948e..7faab7d 100644
--- a/debian/rules.real
+++ b/debian/rules.real
@@ -12,9 +12,11 @@ install-signed:
 	mkdir -p debian/$(PACKAGE_NAME)/lib/modules
 	cp -R debian/signatures/$(IMAGE_PACKAGE_NAME)/lib/modules/$(KERNEL_VERSION) \
 		debian/$(PACKAGE_NAME)/lib/modules/
-	! [ -f debian/signatures/$(IMAGE_PACKAGE_NAME)/boot/vmlinuz-$(KERNEL_VERSION).sig ] || \
-	install -m 644 -D -t debian/$(PACKAGE_NAME)/usr/lib/$(PACKAGE_NAME)/boot/ \
-		debian/signatures/$(IMAGE_PACKAGE_NAME)/boot/vmlinuz-$(KERNEL_VERSION).sig
+	if [ -f debian/signatures/$(IMAGE_PACKAGE_NAME)/boot/vmlinuz-$(KERNEL_VERSION).sig ]; then \
+		install -m 644 -D -t debian/$(PACKAGE_NAME)/usr/lib/$(PACKAGE_NAME)/boot/ \
+			debian/signatures/$(IMAGE_PACKAGE_NAME)/boot/vmlinuz-$(KERNEL_VERSION).sig; \
+		echo 'kernel:ImageSignTool=sbsigntool' >> debian/$(PACKAGE_NAME).substvars; \
+	fi
 	dh_install
 	dh_bugfiles
 	dh_installchangelogs
diff --git a/debian/templates/control.image-signed.in b/debian/templates/control.image-signed.in
index d4b5795..e4f0c87 100644
--- a/debian/templates/control.image-signed.in
+++ b/debian/templates/control.image-signed.in
@@ -1,6 +1,6 @@
 Package: linux-image- at abiname@@localversion at -signed
 Depends: linux-image- at abiname@@localversion@ (= ${kernel:ImageVersion}),
- kmod (>= 22-1.2~), sbsigntool, ${misc:Depends}
+ kmod (>= 22-1.2~), ${kernel:ImageSignTool}, ${misc:Depends}
 Description: Signatures for Linux @abiname@@localversion@ kernel and modules
  This package provides signatures for the kernel image and modules in
  linux-image- at abiname@@localversion at .  If the system has Secure Boot

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux-signed.git



More information about the Kernel-svn-changes mailing list