[linux-signed] 08/09: Remove unnecessary and unresolvable sbsigntool dependencies
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Sat Apr 16 01:04:24 UTC 2016
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch master
in repository linux-signed.
commit 6fde18c7bad7927ff11a8cb7331970731f6b4726
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Sat Apr 16 01:13:46 2016 +0100
Remove unnecessary and unresolvable sbsigntool dependencies
- Only depend on sbsigntool if the package includes a signature for the
kernel image
- For now, only generate those signatures on x86 because sbsigntool is
not built for other architectures
---
debian/bin/sign.py | 4 ++++
debian/rules.real | 8 +++++---
debian/templates/control.image-signed.in | 2 +-
3 files changed, 10 insertions(+), 4 deletions(-)
diff --git a/debian/bin/sign.py b/debian/bin/sign.py
index 6f147ab..908b877 100755
--- a/debian/bin/sign.py
+++ b/debian/bin/sign.py
@@ -198,6 +198,10 @@ def sign(config_name, imageversion_str, modules_privkey_name, modules_cert_name,
'%s/lib/modules/%s' % (signature_dir, kernelversion),
modules_privkey_name, modules_cert_name)
+ # XXX sbsigntool isn't yet built for !x86 (bug #821144)
+ if arch not in ['amd64', 'i386']:
+ continue
+
# Currently we can only sign kernel images built with an
# EFI stub, which has space for an embedded signature.
with open(os.path.join(package_dir,
diff --git a/debian/rules.real b/debian/rules.real
index 7a2948e..7faab7d 100644
--- a/debian/rules.real
+++ b/debian/rules.real
@@ -12,9 +12,11 @@ install-signed:
mkdir -p debian/$(PACKAGE_NAME)/lib/modules
cp -R debian/signatures/$(IMAGE_PACKAGE_NAME)/lib/modules/$(KERNEL_VERSION) \
debian/$(PACKAGE_NAME)/lib/modules/
- ! [ -f debian/signatures/$(IMAGE_PACKAGE_NAME)/boot/vmlinuz-$(KERNEL_VERSION).sig ] || \
- install -m 644 -D -t debian/$(PACKAGE_NAME)/usr/lib/$(PACKAGE_NAME)/boot/ \
- debian/signatures/$(IMAGE_PACKAGE_NAME)/boot/vmlinuz-$(KERNEL_VERSION).sig
+ if [ -f debian/signatures/$(IMAGE_PACKAGE_NAME)/boot/vmlinuz-$(KERNEL_VERSION).sig ]; then \
+ install -m 644 -D -t debian/$(PACKAGE_NAME)/usr/lib/$(PACKAGE_NAME)/boot/ \
+ debian/signatures/$(IMAGE_PACKAGE_NAME)/boot/vmlinuz-$(KERNEL_VERSION).sig; \
+ echo 'kernel:ImageSignTool=sbsigntool' >> debian/$(PACKAGE_NAME).substvars; \
+ fi
dh_install
dh_bugfiles
dh_installchangelogs
diff --git a/debian/templates/control.image-signed.in b/debian/templates/control.image-signed.in
index d4b5795..e4f0c87 100644
--- a/debian/templates/control.image-signed.in
+++ b/debian/templates/control.image-signed.in
@@ -1,6 +1,6 @@
Package: linux-image- at abiname@@localversion at -signed
Depends: linux-image- at abiname@@localversion@ (= ${kernel:ImageVersion}),
- kmod (>= 22-1.2~), sbsigntool, ${misc:Depends}
+ kmod (>= 22-1.2~), ${kernel:ImageSignTool}, ${misc:Depends}
Description: Signatures for Linux @abiname@@localversion@ kernel and modules
This package provides signatures for the kernel image and modules in
linux-image- at abiname@@localversion at . If the system has Secure Boot
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux-signed.git
More information about the Kernel-svn-changes
mailing list