From patchwork Wed May  8 21:46:20 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: dann frazier <dann.frazier@canonical.com>
X-Patchwork-Id: 1097242
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com
	(client-ip=91.189.94.19; helo=huckleberry.canonical.com;
	envelope-from=kernel-team-bounces@lists.ubuntu.com;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none)
	header.from=canonical.com
Received: from huckleberry.canonical.com (huckleberry.canonical.com
	[91.189.94.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 44zqn23cQ1z9s9y;
	Thu,  9 May 2019 07:46:46 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com)
	by huckleberry.canonical.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1hOUOc-0004dr-Kr; Wed, 08 May 2019 21:46:38 +0000
Received: from youngberry.canonical.com ([91.189.89.112])
	by huckleberry.canonical.com with esmtps
	(TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128)
	(Exim 4.86_2) (envelope-from <dann.frazier@canonical.com>)
	id 1hOUOa-0004dZ-Me
	for kernel-team@lists.ubuntu.com; Wed, 08 May 2019 21:46:36 +0000
Received: from mail-it1-f198.google.com ([209.85.166.198])
	by youngberry.canonical.com with esmtps
	(TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.76) (envelope-from <dann.frazier@canonical.com>)
	id 1hOUOa-0007A3-7x
	for kernel-team@lists.ubuntu.com; Wed, 08 May 2019 21:46:36 +0000
Received: by mail-it1-f198.google.com with SMTP id q1so287116itc.3
	for <kernel-team@lists.ubuntu.com>;
	Wed, 08 May 2019 14:46:36 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=jBiW0o06fF+y7SDxm0OqG60M3KU397i/Q4MpBNYO0V4=;
	b=Xt9TJxkNdz2SGEJfp1HSpvaLNVkc+AQ7azxXyUIylAvxZAr7vv7WwO22Zn6kRHqHVU
	XOB/nikZGxi59uN1IH82vmUwO6yWi3/NTtsL3gx6hcSecC/Y4BlmwTqtkSnYxkUa+Uwl
	UFqL2EVW7yXv2XAZg9hTaMYz++OkPisyuBKhseiogtwrRYCs0/GP+frXj2MSXfr8rOph
	6or1cYRZqrwwZ4Z9NfQ2B28mCv5sOiMhzllWm4S2MdlaIAO9TfCd6SohXa8/LyvnFEAc
	5YREmkjgu0n77C14jL8jsEMXOB9WlrlEKPb7CZNURxgbdPazj6cy1ffm0HOBayHKjkVU
	IE+w==
X-Gm-Message-State: APjAAAXpVI5LFcVaoqPPIMcZ/hSMCzrLD5Krc6Nr/VKO3nErKrmfzWhE
	cQiG2nyvZowgE54WBwlidsBojnDEE4I7yIgp42bCDAZR/7R8QtLl8JqSgKRB0Dm4jF654+5tVv1
	GpPnNbNbW07sF/RYTOwwJsx4/PfUO0+z5BMjsBAROpw==
X-Received: by 2002:a05:660c:6cd:: with SMTP id
	z13mr119024itk.128.1557351995060;
	Wed, 08 May 2019 14:46:35 -0700 (PDT)
X-Google-Smtp-Source: 
 APXvYqxXOAqKvoleUAfrv1YS2gwZRGeqZ9+Z8voWFwfJPwtHCRENcRSEefmVBVx9xAbYCo2SjpXb6A==
X-Received: by 2002:a05:660c:6cd:: with SMTP id
	z13mr119008itk.128.1557351994764;
	Wed, 08 May 2019 14:46:34 -0700 (PDT)
Received: from xps13.canonical.com (c-71-56-235-36.hsd1.co.comcast.net.
	[71.56.235.36]) by smtp.gmail.com with ESMTPSA id
	v204sm59351itb.32.2019.05.08.14.46.34
	for <kernel-team@lists.ubuntu.com>
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Wed, 08 May 2019 14:46:34 -0700 (PDT)
From: dann frazier <dann.frazier@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [PATCH 1/1][linux-signed-hwe][linux-signed-hwe-edge][SRU Bionic]
	UBUNTU: support recompression of signed kernels
Date: Wed,  8 May 2019 15:46:20 -0600
Message-Id: <20190508214620.15808-2-dann.frazier@canonical.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20190508214620.15808-1-dann.frazier@canonical.com>
References: <20190508214620.15808-1-dann.frazier@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Seth Forshee <seth.forshee@canonical.com>

BugLink: https://bugs.launchpad.net/bugs/1804481

Our arm64 generic kernels are compressed, but they must be
decompressed for signing. The kernel build will indicate that a
signed kernel image should be recompressed by adding GZIP=1 into
a <kernel-image>.vars file in the signing tarball. Add support
for reading the contents of this file and compressing the kernel
image when GZIP=1.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
[ dannf: Use maximum gzip compression to match unsigned build ]
Signed-off-by: dann frazier <dann.frazier@canonical.com>
Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: Stefan Bader <stefan.bader@canonical.com>
---
 debian/rules | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/debian/rules b/debian/rules
index 926c4ae..0fbd900 100755
--- a/debian/rules
+++ b/debian/rules
@@ -44,8 +44,16 @@ override_dh_auto_build:
 		cd "$(src_version)" || exit 1;					\
 		for s in *.efi.signed; do					\
 			[ ! -f "$$s" ] && continue;				\
-			chmod 600 "$$s";					\
 			base=$$(echo "$$s" | sed -e 's/.efi.signed//');		\
+			(							\
+				vars="$${base}.efi.vars";			\
+				[ -f "$$vars" ] && . "./$$vars";		\
+				if [ "$$GZIP" = "1" ]; then			\
+					gzip -9 "$$s";				\
+					mv "$${s}.gz" "$$s";			\
+				fi;						\
+			);							\
+			chmod 600 "$$s";					\
 			ln "$$s" "../SIGNED/$$base";				\
 		done;								\
 		for s in *.opal.sig; do						\