[SRU,precise/lts-backport-raring,1/1] UBUNTU: [Debian] Re-sign modules after debug objcopy
diff mbox

Message ID 1394217123-32501-2-git-send-email-apw@canonical.com
State New
Headers show

Commit Message

Andy Whitcroft March 7, 2014, 6:32 p.m. UTC
From: Tim Gardner <tim.gardner@canonical.com>

BugLink: http://bugs.launchpad.net/bugs/1253155

Adding a GNU debug link to a module ELF destroys the
module signature, so re-sign the module file after the objcopy.

objcopy --add-gnu-debuglink=$(dbgpkgdir)/usr/lib/debug/$$module $(pkgdir)/$$module;
scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) $(pkgdir)/$$module;

Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
Acked-by: Andy Whitcroft <apw@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
Signed-off-by: Andy Whitcroft <apw@canonical.com>
---
 debian/rules.d/2-binary-arch.mk | 5 +++++
 1 file changed, 5 insertions(+)

Comments

Brad Figg March 7, 2014, 6:35 p.m. UTC | #1
On 03/07/2014 10:32 AM, Andy Whitcroft wrote:
> From: Tim Gardner <tim.gardner@canonical.com>
> 
> BugLink: http://bugs.launchpad.net/bugs/1253155
> 
> Adding a GNU debug link to a module ELF destroys the
> module signature, so re-sign the module file after the objcopy.
> 
> objcopy --add-gnu-debuglink=$(dbgpkgdir)/usr/lib/debug/$$module $(pkgdir)/$$module;
> scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) $(pkgdir)/$$module;
> 
> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
> Acked-by: Andy Whitcroft <apw@canonical.com>
> Acked-by: Stefan Bader <stefan.bader@canonical.com>
> Signed-off-by: Andy Whitcroft <apw@canonical.com>
> ---
>  debian/rules.d/2-binary-arch.mk | 5 +++++
>  1 file changed, 5 insertions(+)
> 
> diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
> index c593ef2..54bc527 100644
> --- a/debian/rules.d/2-binary-arch.mk
> +++ b/debian/rules.d/2-binary-arch.mk
> @@ -54,6 +54,9 @@ install-%: instfile = $(call custom_override,install_file,$*)
>  install-%: hdrdir = $(CURDIR)/debian/$(basepkg)-$*/usr/src/$(basepkg)-$*
>  install-%: target_flavour = $*
>  install-%: dtb_files = $(dtb_files_$*)
> +install-%: CONFIG_MODULE_SIG_HASH=sha512
> +install-%: MODSECKEY=$(builddir)/build-$*/signing_key.priv
> +install-%: MODPUBKEY=$(builddir)/build-$*/signing_key.x509
>  install-%: checks-%
>  	@echo Debug: $@ kernel_file $(kernel_file) kernfile $(kernfile) install_file $(install_file) instfile $(instfile)
>  	dh_testdir
> @@ -212,6 +215,8 @@ ifneq ($(skipdbg),true)
>  			$(CROSS_COMPILE)objcopy \
>  				--add-gnu-debuglink=$(dbgpkgdir)/usr/lib/debug/$$module \
>  				$(pkgdir)/$$module; \
> +			scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) \
> +				$(pkgdir)/$$module; \
>  		fi; \
>  	done
>  	rm -f $(dbgpkgdir)/usr/lib/debug/lib/modules/$(abi_release)-$*/build
>
Stefan Bader March 11, 2014, 9:40 a.m. UTC | #2
If that causes problems it would be in build... looks good enough.

Patch
diff mbox

diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
index c593ef2..54bc527 100644
--- a/debian/rules.d/2-binary-arch.mk
+++ b/debian/rules.d/2-binary-arch.mk
@@ -54,6 +54,9 @@  install-%: instfile = $(call custom_override,install_file,$*)
 install-%: hdrdir = $(CURDIR)/debian/$(basepkg)-$*/usr/src/$(basepkg)-$*
 install-%: target_flavour = $*
 install-%: dtb_files = $(dtb_files_$*)
+install-%: CONFIG_MODULE_SIG_HASH=sha512
+install-%: MODSECKEY=$(builddir)/build-$*/signing_key.priv
+install-%: MODPUBKEY=$(builddir)/build-$*/signing_key.x509
 install-%: checks-%
 	@echo Debug: $@ kernel_file $(kernel_file) kernfile $(kernfile) install_file $(install_file) instfile $(instfile)
 	dh_testdir
@@ -212,6 +215,8 @@  ifneq ($(skipdbg),true)
 			$(CROSS_COMPILE)objcopy \
 				--add-gnu-debuglink=$(dbgpkgdir)/usr/lib/debug/$$module \
 				$(pkgdir)/$$module; \
+			scripts/sign-file $(CONFIG_MODULE_SIG_HASH) $(MODSECKEY) $(MODPUBKEY) \
+				$(pkgdir)/$$module; \
 		fi; \
 	done
 	rm -f $(dbgpkgdir)/usr/lib/debug/lib/modules/$(abi_release)-$*/build