[SRU,B/linux-signed-hwe] UBUNTU: fix vmlinuz-* permissions for opal signed kernels
diff mbox series

Message ID 20191128142742.3559-1-kleber.souza@canonical.com
State New
Headers show
Series
  • [SRU,B/linux-signed-hwe] UBUNTU: fix vmlinuz-* permissions for opal signed kernels
Related show

Commit Message

Kleber Sacilotto de Souza Nov. 28, 2019, 2:27 p.m. UTC
From: Seth Forshee <seth.forshee@canonical.com>

BugLink: https://bugs.launchpad.net/bugs/1843327

We're currently changing the permissions on the signature file
instead of the concatenated kernel+signature file which will be
installed. Fix this.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
---

Notes:
    This bug was already fixed for Bionic and Disco, however this wasn't
    fixed for bionic/linux-signed-hwe.

 debian/rules | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

Comments

Thadeu Lima de Souza Cascardo Nov. 28, 2019, 3:31 p.m. UTC | #1
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Kleber Sacilotto de Souza Nov. 28, 2019, 3:35 p.m. UTC | #2
On 28.11.19 15:27, Kleber Sacilotto de Souza wrote:
> From: Seth Forshee <seth.forshee@canonical.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/1843327
> 
> We're currently changing the permissions on the signature file
> instead of the concatenated kernel+signature file which will be
> installed. Fix this.
> 
> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
> ---
> 
> Notes:
>     This bug was already fixed for Bionic and Disco, however this wasn't
>     fixed for bionic/linux-signed-hwe.
> 
>  debian/rules | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/debian/rules b/debian/rules
> index d8d99f8..bd5b948 100755
> --- a/debian/rules
> +++ b/debian/rules
> @@ -59,10 +59,10 @@ override_dh_auto_build:
>  		done;								\
>  		for s in *.opal.sig; do						\
>  			[ ! -f "$$s" ] && continue;				\
> -			chmod 600 "$$s";					\
>  			base=$$(echo "$$s" | sed -e 's/.opal.sig//');		\
> -			cat "$$base.opal" "$$s" >"../SIGNED/$$base";\
> -		done								\
> +			cat "$$base.opal" "$$s" >"../SIGNED/$$base";		\
> +			chmod 600 "../SIGNED/$$base";				\
> +		done;								\
>  	)
>  
>  override_dh_auto_install:
> 

I just noticed this fix is also needed for xenial/linux-signed-hwe. I have already
added the nomination to the bug report, please consider this patch also for Xenial.


Thanks,
Kleber
Thadeu Lima de Souza Cascardo Nov. 28, 2019, 3:37 p.m. UTC | #3
Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>

ACK for xenial/linux-hwe as well.
Khaled Elmously Nov. 29, 2019, 8:19 a.m. UTC | #4
For B and X

On 2019-11-28 15:27:42 , Kleber Souza wrote:
> From: Seth Forshee <seth.forshee@canonical.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/1843327
> 
> We're currently changing the permissions on the signature file
> instead of the concatenated kernel+signature file which will be
> installed. Fix this.
> 
> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
> ---
> 
> Notes:
>     This bug was already fixed for Bionic and Disco, however this wasn't
>     fixed for bionic/linux-signed-hwe.
> 
>  debian/rules | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/debian/rules b/debian/rules
> index d8d99f8..bd5b948 100755
> --- a/debian/rules
> +++ b/debian/rules
> @@ -59,10 +59,10 @@ override_dh_auto_build:
>  		done;								\
>  		for s in *.opal.sig; do						\
>  			[ ! -f "$$s" ] && continue;				\
> -			chmod 600 "$$s";					\
>  			base=$$(echo "$$s" | sed -e 's/.opal.sig//');		\
> -			cat "$$base.opal" "$$s" >"../SIGNED/$$base";\
> -		done								\
> +			cat "$$base.opal" "$$s" >"../SIGNED/$$base";		\
> +			chmod 600 "../SIGNED/$$base";				\
> +		done;								\
>  	)
>  
>  override_dh_auto_install:

Acked-by: Khalid Elmously <khalid.elmously@canonical.com>
Khaled Elmously Nov. 29, 2019, 8:26 a.m. UTC | #5
On 2019-11-28 15:27:42 , Kleber Souza wrote:
> From: Seth Forshee <seth.forshee@canonical.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/1843327
> 
> We're currently changing the permissions on the signature file
> instead of the concatenated kernel+signature file which will be
> installed. Fix this.
> 
> Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
> Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
> ---
> 
> Notes:
>     This bug was already fixed for Bionic and Disco, however this wasn't
>     fixed for bionic/linux-signed-hwe.
> 
>  debian/rules | 6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/debian/rules b/debian/rules
> index d8d99f8..bd5b948 100755
> --- a/debian/rules
> +++ b/debian/rules
> @@ -59,10 +59,10 @@ override_dh_auto_build:
>  		done;								\
>  		for s in *.opal.sig; do						\
>  			[ ! -f "$$s" ] && continue;				\
> -			chmod 600 "$$s";					\
>  			base=$$(echo "$$s" | sed -e 's/.opal.sig//');		\
> -			cat "$$base.opal" "$$s" >"../SIGNED/$$base";\
> -		done								\
> +			cat "$$base.opal" "$$s" >"../SIGNED/$$base";		\
> +			chmod 600 "../SIGNED/$$base";				\
> +		done;								\
>  	)
>  
>  override_dh_auto_install:
> -- 
> 2.20.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

Patch
diff mbox series

diff --git a/debian/rules b/debian/rules
index d8d99f8..bd5b948 100755
--- a/debian/rules
+++ b/debian/rules
@@ -59,10 +59,10 @@  override_dh_auto_build:
 		done;								\
 		for s in *.opal.sig; do						\
 			[ ! -f "$$s" ] && continue;				\
-			chmod 600 "$$s";					\
 			base=$$(echo "$$s" | sed -e 's/.opal.sig//');		\
-			cat "$$base.opal" "$$s" >"../SIGNED/$$base";\
-		done								\
+			cat "$$base.opal" "$$s" >"../SIGNED/$$base";		\
+			chmod 600 "../SIGNED/$$base";				\
+		done;								\
 	)
 
 override_dh_auto_install: