From patchwork Fri Feb 26 09:20:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Bader X-Patchwork-Id: 1444846 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4Dn3z25jF2z9sTD; Fri, 26 Feb 2021 20:20:13 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1lFZI6-00070P-Hw; Fri, 26 Feb 2021 09:20:06 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lFZI5-00070J-5p for kernel-team@lists.ubuntu.com; Fri, 26 Feb 2021 09:20:05 +0000 Received: from 1.general.smb.uk.vpn ([10.172.193.28] helo=canonical.com) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1lFZI4-00027d-Rh; Fri, 26 Feb 2021 09:20:04 +0000 From: Stefan Bader To: kernel-team@lists.ubuntu.com Subject: [SRU Focal][PATCH] UBUNTU: [Config] Fix up trusted keys annotation for i386 Date: Fri, 26 Feb 2021 10:20:04 +0100 Message-Id: <20210226092004.74615-1-stefan.bader@canonical.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: andy.whitcroft@canonical.com Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" BugLink: https://bugs.launchpad.net/bugs/1898716 When adding the annotations for CONFIG_SYSTEM_TRUSTED_KEYS the i386 string accidentally missed the '.pem' extension. This does not matter for Focal itself and most derivatives. Just bionic:linux-hwe-5.4 will fail to build that way. Fixing the annotation in Focal so future updates will work correctly. Ignore: yes Signed-off-by: Stefan Bader Acked-by: Kleber Sacilotto de Souza Acked-by: Guilherme G. Piccoli --- Proposing to hide the commit from the changelog because this does not change anything there. We only build i386 for hwe-5.4. -Stefan debian.master/config/annotations | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian.master/config/annotations b/debian.master/config/annotations index 91886242ae10..decbd099b916 100644 --- a/debian.master/config/annotations +++ b/debian.master/config/annotations @@ -351,7 +351,7 @@ CONFIG_SYSTEM_BLACKLIST_KEYRING mark # Menu: Cryptographic API >> Certificates for signature checking >> Provide system-wide ring of trusted keys CONFIG_SYSTEM_TRUSTED_KEYRING policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> -CONFIG_SYSTEM_TRUSTED_KEYS policy<{'amd64': '"debian/canonical-certs.pem"', 'arm64': '"debian/canonical-certs.pem"', 'armhf': '"debian/canonical-certs.pem"', 'i386': '"debian/canonical-certs"', 'ppc64el': '"debian/canonical-certs.pem"', 's390x': '"debian/canonical-certs.pem"'}> +CONFIG_SYSTEM_TRUSTED_KEYS policy<{'amd64': '"debian/canonical-certs.pem"', 'arm64': '"debian/canonical-certs.pem"', 'armhf': '"debian/canonical-certs.pem"', 'i386': '"debian/canonical-certs.pem"', 'ppc64el': '"debian/canonical-certs.pem"', 's390x': '"debian/canonical-certs.pem"'}> CONFIG_SYSTEM_EXTRA_CERTIFICATE policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}> CONFIG_SYSTEM_EXTRA_CERTIFICATE_SIZE policy<{'amd64': '4096', 'arm64': '4096', 'armhf': '4096', 'i386': '4096', 'ppc64el': '4096', 's390x': '4096'}> CONFIG_SECONDARY_TRUSTED_KEYRING policy<{'amd64': 'y', 'arm64': 'y', 'armhf': 'y', 'i386': 'y', 'ppc64el': 'y', 's390x': 'y'}>