From patchwork Mon May 15 20:37:55 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Seth Forshee <seth.forshee@canonical.com>
X-Patchwork-Id: 762710
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	by ozlabs.org (Postfix) with ESMTP id 3wRXTj1dBpz9s84;
	Tue, 16 May 2017 06:38:17 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=canonical-com.20150623.gappssmtp.com
	header.i=@canonical-com.20150623.gappssmtp.com
	header.b="oqCH0c1l"; dkim-atps=neutral
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.76)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1dAMkw-0001NM-4n; Mon, 15 May 2017 20:38:14 +0000
Received: from mail-it0-f43.google.com ([209.85.214.43])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <seth.forshee@canonical.com>)
	id 1dAMki-0001Ju-R3
	for kernel-team@lists.ubuntu.com; Mon, 15 May 2017 20:38:00 +0000
Received: by mail-it0-f43.google.com with SMTP id c15so50624169ith.0
	for <kernel-team@lists.ubuntu.com>;
	Mon, 15 May 2017 13:38:00 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=canonical-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:subject:date:message-id:in-reply-to:references;
	bh=LuzxqyzZF5Fb6xRpI5NdQ0NJqVi1rvmi99UnBUjmsac=;
	b=oqCH0c1lJS8nkfsQU7A3jrVilRG4N/pPq6vRtzfGXnQSXc8q3gCTpXle6zci53/aX7
	KN7XmvKtpwv9DzccgzITVbHlU7PN5FQJ/TADZAWx9UmM03s6bkTzzRXW21zpNtpbd174
	aN567ou+p5uH07AUYnpHvO53EhFU2+cqwdgH/QY6l3q1eR4eAa0QOH164jvaYxnvrpNr
	KXNLPJ4uCkUJO1q0DwR/jTBhl+fv4FOQtggc666Qxa8wGW8/FZld69oDoUviXiSKB3a5
	1Ua7DMHeUVGdPQ7Snvd1hsjERI8EkjgqfUVhMbTLcqwRXqpJn8pGRFZBbtM/dsGfeouj
	3p6A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=LuzxqyzZF5Fb6xRpI5NdQ0NJqVi1rvmi99UnBUjmsac=;
	b=g9tCcf5zMNkhrwfKZTMyVKxN6tHyVXA/2w7TDXoYp2c6UUFm7G0r/F0QcYlkPWCkPL
	gY4qmvX208Xqj/bjHKwr0K3qOJzZEpFXMDpfK47mDv4P45vKYrWdKsazR6QI+c1h6I/S
	2S0UtGqKjscUMBZOfdDzhhD2XMrIcPmq8ro05aHeKMgHmIawlSR52XjxQLLYmMSget34
	8tqeIl1HDSpikRW9IovN1MuQsy/gEzTHXbtbNS9prQIsHfWoYzmoUcJejPqnQ0vdtBkY
	cJfxXV9TTLqhchjmuoE5J5Gx3lRhuaszZoqXh3eizvaWxkVBEZmwPPZz/8QtgWSQnT4Z
	vcNA==
X-Gm-Message-State: AODbwcCSra3SaebUHk7OGGAErtwLiKxvlwmR548R9XhP/fuxmhd/wgRo
	0TprMvYYY9UW14E/BuI=
X-Received: by 10.36.252.66 with SMTP id b63mr7586885ith.21.1494880679497;
	Mon, 15 May 2017 13:37:59 -0700 (PDT)
Received: from localhost ([2605:a601:aa7:8220:4c4:515e:22d7:bd5d])
	by smtp.gmail.com with ESMTPSA id
	j17sm249449ioo.28.2017.05.15.13.37.58
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Mon, 15 May 2017 13:37:58 -0700 (PDT)
From: Seth Forshee <seth.forshee@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH][Xenial] UBUNTU: SAUCE: Fix module signing exclusion in
	package builds
Date: Mon, 15 May 2017 15:37:55 -0500
Message-Id: <20170515203756.7580-2-seth.forshee@canonical.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20170515203756.7580-1-seth.forshee@canonical.com>
References: <20170515203756.7580-1-seth.forshee@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: kernel-team-bounces@lists.ubuntu.com

BugLink: http://bugs.launchpad.net/bugs/1690908

The current module signing exclusion implementation suffers from
two problems. First, it looks for the signed-inclusion file
relative to the path where make is executed and thus doesn't work
if the source and build directories are different. Second, the
signed-inclusion file lists only the module name, but the strings
searched for in the file include the path (and the path to the
module install location at that).

Fix these problems by updating scripts/Makefile.modinst to look
for signed-inclusion relative to the path of the source tree and
to use only the module name when matching against the contents of
that file.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
 scripts/Makefile.modinst | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
index 0f7b7cb18122..3a182e91d5d6 100644
--- a/scripts/Makefile.modinst
+++ b/scripts/Makefile.modinst
@@ -23,7 +23,7 @@ quiet_cmd_modules_install = INSTALL $@
     cp $@ $(2) ; \
     $(mod_strip_cmd) $(2)/$(notdir $@) ; \
     if (echo "$(2)/$(notdir $@)" | egrep -q "\/drivers\/staging\/") && \
-	(! egrep -x "$(2)/$(notdir $@)" $(CURDIR)/drivers/staging/signature-inclusion) ; \
+	(! egrep -x "$(notdir $@)" $(srctree)/drivers/staging/signature-inclusion) ; \
 	then echo Not signing "$(2)/$(notdir $@)"; \
 	else $(mod_sign_cmd) $(2)/$(notdir $@) $(patsubst %,|| true,$(KBUILD_EXTMOD)) && \
 		$(mod_compress_cmd) $(2)/$(notdir $@); fi