From patchwork Wed Dec 19 15:40:20 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andy Whitcroft X-Patchwork-Id: 1016136 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Authentication-Results: ozlabs.org; dmarc=fail (p=none dis=none) header.from=canonical.com Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 43KfH50QfMz9sD9; Thu, 20 Dec 2018 02:40:32 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1gZdxP-0001rF-Oz; Wed, 19 Dec 2018 15:40:23 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:128) (Exim 4.86_2) (envelope-from ) id 1gZdxN-0001r8-Sg for kernel-team@lists.ubuntu.com; Wed, 19 Dec 2018 15:40:21 +0000 Received: from 1.general.apw.uk.vpn ([10.172.192.78] helo=localhost) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1gZdxM-0004z8-PU for kernel-team@lists.ubuntu.com; Wed, 19 Dec 2018 15:40:21 +0000 Date: Wed, 19 Dec 2018 15:40:20 +0000 From: Andy Whitcroft To: Ubuntu Kernel Team Subject: [Disco] LP:1764792 -- produce signatures for nvidia dkms modules Message-ID: <20181219154020.GA4659@brain> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" We are working up to producing signed Nvidia modules. We cannot ship those assembled due to licensing but we wish for the result to be a working .ko which is signed into the kernels kernel-module signing key. To do this we will build the dkms modules in a reproducible manner which allows them to be linked on installation on the end-user system (meeting the licensing constraints). As the build is reproducible we are able to build, sign, and discard the modules in the primary kernel build keeping only the signatures. These will then be consumed by a linux-lrm package which will produce the same reproducible build pieces (unlinked) and incorporate the associated signature. Later when installed the .kos can be linked and that signature applied so they are loadable under signing. Proposing for application to disco. -apw The following changes since commit 7df2ac79ed6d256af0c4f13ac2b8671c585ed9ca: UBUNTU: update dkms package versions (2018-12-11 14:37:04 -0600) are available in the Git repository at: git://git.launchpad.net/~apw/ubuntu/+source/linux/+git/disco build-nvidia-signatures for you to fetch changes up to 68aace1f2ec40a2a280d03e4f167e154697e256b: UBUNTU: [Packaging] nvidia -- make nvidia package version explicit (2018-12-19 10:46:35 +0000) ---------------------------------------------------------------- * Build Nvidia drivers in conjunction with kernel (LP: #1764792) - [Packaging] dkms -- add per package post-process step - [Packaging] dkms -- switch to a consistent build prefix length and strip - [Packaging] nvidia -- build and sign nvidia packages and ship signatures - [Packaging] nvidia -- make nvidia package version explicit