From: Michal Marek <mmarek@suse.cz>
To: Andrey Skvortsov <andrej.skvortzov@gmail.com>,
Ben Hutchings <ben@decadent.org.uk>,
maximilian attems <max@stro.at>
Cc: linux-kbuild@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] builddeb: fix stripped module signatures if CONFIG_DEBUG_INFO and CONFIG_MODULE_SIG_ALL are set
Date: Tue, 21 Apr 2015 15:58:48 +0200 [thread overview]
Message-ID: <55365798.4090302@suse.cz> (raw)
In-Reply-To: <1426494054-32138-1-git-send-email-andrej.skvortzov@gmail.com>
(added Max to Cc)
On 2015-03-16 09:20, Andrey Skvortsov wrote:
> If CONFIG_MODULE_SIG_ALL is set, then user expects that all modules are
> automatically signed in the result package, as it's for rpm-pkg, binrpm-pkg,
> tar, tar-*. For deb-pkg this is correct only if CONFIG_DEBUG_INFO
> is NOT set. In that case deb-package contains signed modules.
>
> But if CONFIG_DEBUG_INFO is set, builddeb creates separate package with
> debug information. To do that, debug information from all modules
> is copied into separate files by objcopy. And loadable kernel modules are
> stripped afterwards. Stripping removes previously (during modules_install)
> added signatures from loadable kernel modules. Therefore final deb-package
> contains unsigned modules despite of set option CONFIG_MODULE_SIG_ALL.
>
> This patch resigns all stripped modules if CONFIG_MODULE_SIG_ALL is set
> to solve this problem.
>
> Signed-off-by: Andrey Skvortsov <andrej.skvortzov@gmail.com>
Max, Ben, are you fine with this patch? It looks OK to me, the
modules_sign target has been added for this very purpose.
Thanks,
Michal
> ---
> scripts/package/builddeb | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/scripts/package/builddeb b/scripts/package/builddeb
> index 88dbf23..977c4d7 100755
> --- a/scripts/package/builddeb
> +++ b/scripts/package/builddeb
> @@ -162,6 +162,12 @@ if grep -q '^CONFIG_MODULES=y' $KCONFIG_CONFIG ; then
> # then add a link to those
> $OBJCOPY --add-gnu-debuglink=$dbg_dir/usr/lib/debug/$module $tmpdir/$module
> done
> +
> + # resign stripped modules
> + MODULE_SIG_ALL="$(grep -s '^CONFIG_MODULE_SIG_ALL=y' $KCONFIG_CONFIG || true)"
> + if [ -n "$MODULE_SIG_ALL" ]; then
> + INSTALL_MOD_PATH="$tmpdir" $MAKE KBUILD_SRC= modules_sign
> + fi
> fi
> fi
>
>
next prev parent reply other threads:[~2015-04-21 13:58 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-03-16 8:20 [PATCH] builddeb: fix stripped module signatures if CONFIG_DEBUG_INFO and CONFIG_MODULE_SIG_ALL are set Andrey Skvortsov
2015-04-21 13:58 ` Michal Marek [this message]
2015-04-22 15:57 ` maximilian attems
2015-05-04 15:37 ` Andrey Skvortsov
2015-05-04 18:22 ` Ben Hutchings
2015-05-06 13:30 ` Michal Marek
2015-05-08 11:11 ` Andrey Skvortsov
2015-05-08 13:47 ` maximilian attems
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=55365798.4090302@suse.cz \
--to=mmarek@suse.cz \
--cc=andrej.skvortzov@gmail.com \
--cc=ben@decadent.org.uk \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=max@stro.at \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox