Message ID | 1385494934-130858-1-git-send-email-tim.gardner@canonical.com |
---|---|
State | New |
Headers | show |
On Tue, Nov 26, 2013 at 12:42:14PM -0700, Tim Gardner wrote: > BugLink: http://bugs.launchpad.net/bugs/1253155 > > Adding a GNU debug link to a module ELF destroys the > module signature, so re-sign the module file after the objcopy. > > objcopy --add-gnu-debuglink=$(dbgpkgdir)/usr/lib/debug/$$module $(pkgdir)/$$module; > scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) $(pkgdir)/$$module; > > Signed-off-by: Tim Gardner <tim.gardner@canonical.com> > --- > debian/rules.d/2-binary-arch.mk | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk > index e24058a..147fbc3 100644 > --- a/debian/rules.d/2-binary-arch.mk > +++ b/debian/rules.d/2-binary-arch.mk > @@ -60,6 +60,9 @@ install-%: instfile = $(call custom_override,install_file,$*) > install-%: hdrdir = $(CURDIR)/debian/$(basepkg)-$*/usr/src/$(basepkg)-$* > install-%: target_flavour = $* > install-%: dtb_files = $(dtb_files_$*) > +install-%: CONFIG_MODULE_SIG_HASH=sha512 > +install-%: MODSECKEY=$(builddir)/build-$*/signing_key.priv > +install-%: MODPUBKEY=$(builddir)/build-$*/signing_key.x509 > install-%: checks-% > @echo Debug: $@ kernel_file $(kernel_file) kernfile $(kernfile) install_file $(install_file) instfile $(instfile) > dh_testdir > @@ -218,6 +221,8 @@ ifneq ($(skipdbg),true) > $(CROSS_COMPILE)objcopy \ > --add-gnu-debuglink=$(dbgpkgdir)/usr/lib/debug/$$module \ > $(pkgdir)/$$module; \ > + scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) \ > + $(pkgdir)/$$module; \ > fi; \ > done > rm -f $(dbgpkgdir)/usr/lib/debug/lib/modules/$(abi_release)-$*/build Makes sense. Tested in trusty. Acked-by: Andy Whitcroft <apw@canonical.com> -apw
Not tested myself but trusting Andy and does not look like it could make things any worse.
Applied to Saucy. -apw
diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk index e24058a..147fbc3 100644 --- a/debian/rules.d/2-binary-arch.mk +++ b/debian/rules.d/2-binary-arch.mk @@ -60,6 +60,9 @@ install-%: instfile = $(call custom_override,install_file,$*) install-%: hdrdir = $(CURDIR)/debian/$(basepkg)-$*/usr/src/$(basepkg)-$* install-%: target_flavour = $* install-%: dtb_files = $(dtb_files_$*) +install-%: CONFIG_MODULE_SIG_HASH=sha512 +install-%: MODSECKEY=$(builddir)/build-$*/signing_key.priv +install-%: MODPUBKEY=$(builddir)/build-$*/signing_key.x509 install-%: checks-% @echo Debug: $@ kernel_file $(kernel_file) kernfile $(kernfile) install_file $(install_file) instfile $(instfile) dh_testdir @@ -218,6 +221,8 @@ ifneq ($(skipdbg),true) $(CROSS_COMPILE)objcopy \ --add-gnu-debuglink=$(dbgpkgdir)/usr/lib/debug/$$module \ $(pkgdir)/$$module; \ + scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) \ + $(pkgdir)/$$module; \ fi; \ done rm -f $(dbgpkgdir)/usr/lib/debug/lib/modules/$(abi_release)-$*/build
BugLink: http://bugs.launchpad.net/bugs/1253155 Adding a GNU debug link to a module ELF destroys the module signature, so re-sign the module file after the objcopy. objcopy --add-gnu-debuglink=$(dbgpkgdir)/usr/lib/debug/$$module $(pkgdir)/$$module; scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) $(pkgdir)/$$module; Signed-off-by: Tim Gardner <tim.gardner@canonical.com> --- debian/rules.d/2-binary-arch.mk | 5 +++++ 1 file changed, 5 insertions(+)