[linux] 01/02: linux-source: Fix up module signing configuration in included kernel config files
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Sun Apr 24 22:53:19 UTC 2016
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch sid
in repository linux.
commit 35602a868b282db3c5ea4a338675ebec24a8b38c
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Sun Apr 24 23:37:43 2016 +0200
linux-source: Fix up module signing configuration in included kernel config files
Our signing certificate isn't included in the source tarball and would
be pointless to include in custom kernels. Custom kernels also won't
have a separate signing stage. So remove our settings for
CONFIG_MODULE_SIG_ALL, CONFIG_MODULE_SIG_KEY and
CONFIG_SYSTEM_TRUSTED_KEYS. This should cause custom kernels based on
the included configs to follow the upstream default for signing, which
is to use a new key pair for each build.
---
debian/changelog | 2 ++
debian/rules.real | 4 +++-
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/debian/changelog b/debian/changelog
index 85dbd83..6d57ed1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -119,6 +119,8 @@ linux (4.5.2-1) UNRELEASED; urgency=medium
SND_SOC_INTEL_SKL_RT286_MACH, SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH,
SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH as modules
* module: Invalidate signatures on force-loaded modules
+ * linux-source: Fix up module signing configuration in included kernel
+ config files
[ Aurelien Jarno ]
* [mips*] Emulate unaligned LDXC1 and SDXC1 instructions.
diff --git a/debian/rules.real b/debian/rules.real
index c9b44a2..b1b13b6 100644
--- a/debian/rules.real
+++ b/debian/rules.real
@@ -471,8 +471,10 @@ install-source: $(BUILD_DIR)/$(SOURCE_PACKAGE_NAME)-source-$(UPSTREAMVERSION).ta
dh_testroot
dh_installdirs /usr/src/linux-config-$(UPSTREAMVERSION)
dh_install '$^' /usr/src
+# Include our kernel config files, but with the module signing
+# configuration fixed to work for custom kernels.
for triplet in $(ALL_TRIPLETS); do \
- xz -c $(BUILD_DIR)/build_$$triplet/.config >debian/$(PACKAGE_NAME)/usr/src/linux-config-$(UPSTREAMVERSION)/config.$$triplet.xz; \
+ sed '/CONFIG_\(MODULE_SIG_\(ALL\|KEY\)\|SYSTEM_TRUSTED_KEYS\)[ =]/d' $(BUILD_DIR)/build_$$triplet/.config | xz -c >debian/$(PACKAGE_NAME)/usr/src/linux-config-$(UPSTREAMVERSION)/config.$$triplet.xz; \
done
# We don't want to recompress, but -Znone is not compatible with older
# tools and is currently rejected by dak. -Zgzip -z0 (uncompressed
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list