Add patch to not break modules_install for external module builds
This commit is contained in:
parent
0854ddfab8
commit
cd6bdb99f5
|
@ -62,7 +62,7 @@ Summary: The Linux kernel
|
|||
# For non-released -rc kernels, this will be appended after the rcX and
|
||||
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
|
||||
#
|
||||
%global baserelease 3
|
||||
%global baserelease 4
|
||||
%global fedora_build %{baserelease}
|
||||
|
||||
# base_sublevel is the kernel version we're starting with and patching
|
||||
|
@ -2380,6 +2380,9 @@ fi
|
|||
# ||----w |
|
||||
# || ||
|
||||
%changelog
|
||||
* Wed Nov 07 2012 Josh Boyer <jwboyer@redhat.com>
|
||||
- Add patch to not break modules_install for external module builds
|
||||
|
||||
* Mon Nov 05 2012 Josh Boyer <jwboyer@redhat.com> - 3.6.6-3
|
||||
- Backport efivarfs from efi/next for moktools
|
||||
- Fix build break without CONFIG_EFI set (reported by Peter W. Bowey)
|
||||
|
|
|
@ -1,58 +1,25 @@
|
|||
From f1fa90d02f50078a89da602d73dc9ab7743439ba Mon Sep 17 00:00:00 2001
|
||||
From 56713a28675b966e027a824a0130b80dffab209f Mon Sep 17 00:00:00 2001
|
||||
From: Josh Boyer <jwboyer@redhat.com>
|
||||
Date: Mon, 24 Sep 2012 10:46:36 -0400
|
||||
Subject: [PATCH 2/2] MODSIGN: Add modules_sign make target
|
||||
Date: Mon, 5 Nov 2012 09:09:24 +1030
|
||||
Subject: [PATCH] MODSIGN: Add modules_sign make target
|
||||
|
||||
If CONFIG_MODULE_SIG is set, and 'make modules_sign' is called then this
|
||||
patch will cause the modules to get a signature installed. The make target
|
||||
patch will cause the modules to get a signature appended. The make target
|
||||
is intended to be run after 'make modules_install', and will modify the
|
||||
modules in-place in the installed location.
|
||||
modules in-place in the installed location. It can be used to produce
|
||||
signed modules after they have been processed by distribution build
|
||||
scripts.
|
||||
|
||||
The signature will be appended to the module, along with some information
|
||||
about the signature size and a magic string that indicates the presence of
|
||||
the signature. This requires private and public keys to be available. By
|
||||
default these are expected to be found in files:
|
||||
|
||||
signing_key.priv
|
||||
signing_key.x509
|
||||
|
||||
in the base directory of the build. The first is the private key in PEM
|
||||
form and the second is the X.509 certificate in DER form as can be generated
|
||||
from openssl:
|
||||
|
||||
openssl req \
|
||||
-new -x509 -outform PEM -out signing_key.x509 \
|
||||
-keyout signing_key.priv -nodes \
|
||||
-subj "/CN=H2G2/O=Magrathea/CN=Slartibartfast"
|
||||
|
||||
If the secret key is not found then signing will be skipped and the unsigned
|
||||
module from (1) will just be copied to foo.ko.
|
||||
|
||||
If signing occurs, lines like the following will be seen:
|
||||
|
||||
SIGN [M] <install path>/fs/foo/foo.ko
|
||||
|
||||
will appear in the build log. If the signature step will be skipped and the
|
||||
following will be seen:
|
||||
|
||||
NO SIGN [M] <install path>/fs/foo/foo.ko
|
||||
|
||||
NOTE! After the signature step, the signed module must not be passed through
|
||||
strip. If you wish to strip or otherwise modify the kernel modules, use the
|
||||
built-in stripping capabilities with 'make modules_install' or perform said
|
||||
modifications before calling this make target. This restriction may affect
|
||||
packaging tools (such as rpmbuild) and initramfs composition tools.
|
||||
|
||||
Based heavily on work by: David Howells <dhowells@redhat.com>
|
||||
Signed-off-by: Josh Boyer <jwboyer@redhat.com>
|
||||
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (minor typo fix)
|
||||
---
|
||||
Makefile | 6 ++++++
|
||||
scripts/Makefile.modsign | 32 ++++++++++++++++++++++++++++++++
|
||||
2 files changed, 38 insertions(+)
|
||||
Makefile | 6 ++++++
|
||||
scripts/Makefile.modsign | 32 ++++++++++++++++++++++++++++++++
|
||||
2 files changed, 38 insertions(+), 0 deletions(-)
|
||||
create mode 100644 scripts/Makefile.modsign
|
||||
|
||||
diff --git a/Makefile b/Makefile
|
||||
index 89a2e2c..ac04c11 100644
|
||||
index 42d0e56..253aa1b 100644
|
||||
--- a/Makefile
|
||||
+++ b/Makefile
|
||||
@@ -981,6 +981,12 @@ _modinst_post: _modinst_
|
||||
|
@ -70,7 +37,7 @@ index 89a2e2c..ac04c11 100644
|
|||
# Modules not configured
|
||||
diff --git a/scripts/Makefile.modsign b/scripts/Makefile.modsign
|
||||
new file mode 100644
|
||||
index 0000000..670d5dc
|
||||
index 0000000..abfda62
|
||||
--- /dev/null
|
||||
+++ b/scripts/Makefile.modsign
|
||||
@@ -0,0 +1,32 @@
|
||||
|
@ -103,9 +70,9 @@ index 0000000..670d5dc
|
|||
+ $(call cmd,sign_ko,$(MODLIB)/$(modinst_dir))
|
||||
+
|
||||
+# Declare the contents of the .PHONY variable as phony. We keep that
|
||||
+# # information in a variable se we can use it in if_changed and friends.
|
||||
+# information in a variable se we can use it in if_changed and friends.
|
||||
+
|
||||
+.PHONY: $(PHONY)
|
||||
--
|
||||
1.7.11.7
|
||||
1.7.7.6
|
||||
|
||||
|
|
|
@ -10961,3 +10961,37 @@ index d37d130..87ca59d 100755
|
|||
--
|
||||
1.7.12.1
|
||||
|
||||
From f6a79af8f3701b5a0df431a76adee212616154dc Mon Sep 17 00:00:00 2001
|
||||
From: Rusty Russell <rusty@rustcorp.com.au>
|
||||
Date: Tue, 6 Nov 2012 11:46:59 +1030
|
||||
Subject: [PATCH] modules: don't break modules_install on external modules
|
||||
with no key.
|
||||
|
||||
The script still spits out an error ("Can't read private key") but we
|
||||
don't break modules_install.
|
||||
|
||||
Reported-by: Bruno Wolff III <bruno@wolff.to>
|
||||
Original-patch-by: Josh Boyer <jwboyer@redhat.com>
|
||||
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
|
||||
---
|
||||
scripts/Makefile.modinst | 3 ++-
|
||||
1 files changed, 2 insertions(+), 1 deletions(-)
|
||||
|
||||
diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
|
||||
index dda4b2b..ecbb447 100644
|
||||
--- a/scripts/Makefile.modinst
|
||||
+++ b/scripts/Makefile.modinst
|
||||
@@ -16,8 +16,9 @@ PHONY += $(modules)
|
||||
__modinst: $(modules)
|
||||
@:
|
||||
|
||||
+# Don't stop modules_install if we can't sign external modules.
|
||||
quiet_cmd_modules_install = INSTALL $@
|
||||
- cmd_modules_install = mkdir -p $(2); cp $@ $(2) ; $(mod_strip_cmd) $(2)/$(notdir $@) ; $(mod_sign_cmd) $(2)/$(notdir $@)
|
||||
+ cmd_modules_install = mkdir -p $(2); cp $@ $(2) ; $(mod_strip_cmd) $(2)/$(notdir $@) ; $(mod_sign_cmd) $(2)/$(notdir $@) $(patsubst %,|| true,$(KBUILD_EXTMOD))
|
||||
|
||||
# Modules built outside the kernel source tree go into extra by default
|
||||
INSTALL_MOD_DIR ?= extra
|
||||
--
|
||||
1.7.6.5
|
||||
|
||||
|
|
Loading…
Reference in New Issue