From patchwork Mon May 15 20:37:56 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Seth Forshee <seth.forshee@canonical.com>
X-Patchwork-Id: 762709
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	by ozlabs.org (Postfix) with ESMTP id 3wRXTf0cdSz9s84;
	Tue, 16 May 2017 06:38:14 +1000 (AEST)
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=canonical-com.20150623.gappssmtp.com
	header.i=@canonical-com.20150623.gappssmtp.com
	header.b="MlrlSmik"; dkim-atps=neutral
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.76)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1dAMkr-0001L2-Uj; Mon, 15 May 2017 20:38:09 +0000
Received: from mail-io0-f175.google.com ([209.85.223.175])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <seth.forshee@canonical.com>)
	id 1dAMkj-0001Jz-TO
	for kernel-team@lists.ubuntu.com; Mon, 15 May 2017 20:38:02 +0000
Received: by mail-io0-f175.google.com with SMTP id f102so81253134ioi.2
	for <kernel-team@lists.ubuntu.com>;
	Mon, 15 May 2017 13:38:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=canonical-com.20150623.gappssmtp.com; s=20150623;
	h=from:to:subject:date:message-id:in-reply-to:references;
	bh=k1CPlMbesE9lDf3rlt2sGbXiXJGW/7IAtQ72ln92iUw=;
	b=MlrlSmikWpqfj8iIFF4Ef2ZE1D/Fz66UaAdmQyIoBpa9AvOWxmvlodVn0wAA4BgivY
	rgjTFaYJwwBZrxpblo+kbxyCBDCkMN5EAceGlfLGEhH7FDI7bNm51zMIFhsxVLt12tx/
	26wrK552wPgdM19v7eBAjGbh6cyfwoSm5v/LDo6kAaEDztKxO47aVoCrBbllA9OCIfEp
	T774+T7imN6AUzYyW0CiuD4GuDToHj8QEV/LY8COIajg2UnENfoettUU8jREF1a3HEyi
	rkV7AK8VLP+8IkMqdYh2FGlAVgDkqAxiU7mcJ/yd4hykRYOcHJVMFovR38t7zayfqGDF
	pozw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=k1CPlMbesE9lDf3rlt2sGbXiXJGW/7IAtQ72ln92iUw=;
	b=D60PpCdX7QBHsIJcOsSgUdCtGj6T+OkxPjHDQg8zGRQ5GPhgz0F3vG4VD9FtIraLvE
	F8YjaTBV3Cf0eRnyHfIobUirtBbXTMIMAYd3ev4EqCuALRHSmt7oxLiGX0/MUSFRrmJN
	2Klat1Xbstnf7CWYLL+iuMzZvnI1wfqmNCBVkU1vjHKURRnTCnRrnCnMh4lyzghca/aw
	lIdFUDHtaTZK/1+un2MGFf8mph5DhPG1oVc9GixTslRsok4djcJD4DTuJIWfR3NCBfWT
	ncibSC9Aqnre8cGNa/KaAHAWGfGyXgEri5iaaLJaz0eIAUwnjtb9lFI2yo4gzK4Z9dEG
	FFLQ==
X-Gm-Message-State: AODbwcDF2vvc7rniYmWeDWgSY6piQJhOZIReh8h1h7WnHPp/8HYDdu6g
	3DDFuLr1cUFOGLPEG1g=
X-Received: by 10.107.173.89 with SMTP id w86mr7947970ioe.170.1494880680611;
	Mon, 15 May 2017 13:38:00 -0700 (PDT)
Received: from localhost ([2605:a601:aa7:8220:4c4:515e:22d7:bd5d])
	by smtp.gmail.com with ESMTPSA id
	77sm5219473iof.55.2017.05.15.13.37.59
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Mon, 15 May 2017 13:38:00 -0700 (PDT)
From: Seth Forshee <seth.forshee@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH][Zesty] UBUNTU: SAUCE: Fix module signing exclusion in
	package builds
Date: Mon, 15 May 2017 15:37:56 -0500
Message-Id: <20170515203756.7580-3-seth.forshee@canonical.com>
X-Mailer: git-send-email 2.11.0
In-Reply-To: <20170515203756.7580-1-seth.forshee@canonical.com>
References: <20170515203756.7580-1-seth.forshee@canonical.com>
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: kernel-team-bounces@lists.ubuntu.com

BugLink: http://bugs.launchpad.net/bugs/1690908

The current module signing exclusion implementation suffers from
two problems. First, it looks for the signed-inclusion file
relative to the path where make is executed and thus doesn't work
if the source and build directories are different. Second, the
signed-inclusion file lists only the module name, but the strings
searched for in the file include the path (and the path to the
module install location at that).

Fix these problems by updating scripts/Makefile.modinst to look
for signed-inclusion relative to the path of the source tree and
to use only the module name when matching against the contents of
that file.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
---
 scripts/Makefile.modinst | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
index 39588e08eb0e..3e256ed0ef08 100644
--- a/scripts/Makefile.modinst
+++ b/scripts/Makefile.modinst
@@ -23,8 +23,8 @@ quiet_cmd_modules_install = INSTALL $@
     cp $@ $(2) ; \
     $(mod_strip_cmd) $(2)/$(notdir $@) ; \
     if (echo "$(2)/$(notdir $@)" | egrep -q "\/drivers\/staging\/") && \
-	[ -f $(CURDIR)/drivers/staging/signature-inclusion ] && \
-	(! egrep -x "$(2)/$(notdir $@)" $(CURDIR)/drivers/staging/signature-inclusion) ; \
+	[ -f $(srctree)/drivers/staging/signature-inclusion ] && \
+	(! egrep -x "$(notdir $@)" $(srctree)/drivers/staging/signature-inclusion) ; \
 	then echo Not signing "$(2)/$(notdir $@)"; \
 	else $(mod_sign_cmd) $(2)/$(notdir $@) $(patsubst %,|| true,$(KBUILD_EXTMOD)) && \
 		$(mod_compress_cmd) $(2)/$(notdir $@); fi