Add patch to not break modules_install for external module builds

kernel.spec

@@ -62,7 +62,7 @@ Summary: The Linux kernel
 # For non-released -rc kernels, this will be appended after the rcX and
 # gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
 #
-%global baserelease 3
+%global baserelease 4
 %global fedora_build %{baserelease}
 
 # base_sublevel is the kernel version we're starting with and patching
@@ -2380,6 +2380,9 @@ fi
 #                 ||----w |
 #                 ||     ||
 %changelog
+* Wed Nov 07 2012 Josh Boyer <jwboyer@redhat.com>
+- Add patch to not break modules_install for external module builds
+
 * Mon Nov 05 2012 Josh Boyer <jwboyer@redhat.com> - 3.6.6-3
 - Backport efivarfs from efi/next for moktools
 - Fix build break without CONFIG_EFI set (reported by Peter W. Bowey)

modsign-post-KS-jwb.patch

@@ -1,58 +1,25 @@
-From f1fa90d02f50078a89da602d73dc9ab7743439ba Mon Sep 17 00:00:00 2001
+From 56713a28675b966e027a824a0130b80dffab209f Mon Sep 17 00:00:00 2001
 From: Josh Boyer <jwboyer@redhat.com>
-Date: Mon, 24 Sep 2012 10:46:36 -0400
-Subject: [PATCH 2/2] MODSIGN: Add modules_sign make target
+Date: Mon, 5 Nov 2012 09:09:24 +1030
+Subject: [PATCH] MODSIGN: Add modules_sign make target
 
 If CONFIG_MODULE_SIG is set, and 'make modules_sign' is called then this
-patch will cause the modules to get a signature installed.  The make target
+patch will cause the modules to get a signature appended.  The make target
 is intended to be run after 'make modules_install', and will modify the
-modules in-place in the installed location.
+modules in-place in the installed location.  It can be used to produce
+signed modules after they have been processed by distribution build
+scripts.
 
-The signature will be appended to the module, along with some information
-about the signature size and a magic string that indicates the presence of
-the signature.  This requires private and public keys to be available.  By
-default these are expected to be found in files:
-
-    signing_key.priv
-    signing_key.x509
-
-in the base directory of the build.  The first is the private key in PEM
-form and the second is the X.509 certificate in DER form as can be generated
-from openssl:
-
-    openssl req \
-            -new -x509 -outform PEM -out signing_key.x509 \
-            -keyout signing_key.priv -nodes \
-            -subj "/CN=H2G2/O=Magrathea/CN=Slartibartfast"
-
-If the secret key is not found then signing will be skipped and the unsigned
-module from (1) will just be copied to foo.ko.
-
-If signing occurs, lines like the following will be seen:
-
-        SIGN [M] <install path>/fs/foo/foo.ko
-
-will appear in the build log.  If the signature step will be skipped and the
-following will be seen:
-
-        NO SIGN [M] <install path>/fs/foo/foo.ko
-
-NOTE!  After the signature step, the signed module must not be passed through
-strip.  If you wish to strip or otherwise modify the kernel modules, use the
-built-in stripping capabilities with 'make modules_install' or perform said
-modifications before calling this make target.  This restriction may affect
-packaging tools (such as rpmbuild) and initramfs composition tools.
-
-Based heavily on work by: David Howells <dhowells@redhat.com>
 Signed-off-by: Josh Boyer <jwboyer@redhat.com>
+Signed-off-by: Rusty Russell <rusty@rustcorp.com.au> (minor typo fix)
 ---
- Makefile                 |  6 ++++++
- scripts/Makefile.modsign | 32 ++++++++++++++++++++++++++++++++
- 2 files changed, 38 insertions(+)
+ Makefile                 |    6 ++++++
+ scripts/Makefile.modsign |   32 ++++++++++++++++++++++++++++++++
+ 2 files changed, 38 insertions(+), 0 deletions(-)
  create mode 100644 scripts/Makefile.modsign
 
 diff --git a/Makefile b/Makefile
-index 89a2e2c..ac04c11 100644
+index 42d0e56..253aa1b 100644
 --- a/Makefile
 +++ b/Makefile
 @@ -981,6 +981,12 @@ _modinst_post: _modinst_
@@ -70,7 +37,7 @@ index 89a2e2c..ac04c11 100644
  # Modules not configured
 diff --git a/scripts/Makefile.modsign b/scripts/Makefile.modsign
 new file mode 100644
-index 0000000..670d5dc
+index 0000000..abfda62
 --- /dev/null
 +++ b/scripts/Makefile.modsign
 @@ -0,0 +1,32 @@
@@ -103,9 +70,9 @@ index 0000000..670d5dc
 +	$(call cmd,sign_ko,$(MODLIB)/$(modinst_dir))
 +
 +# Declare the contents of the .PHONY variable as phony.  We keep that
-+# # information in a variable se we can use it in if_changed and friends.
++# information in a variable se we can use it in if_changed and friends.
 +
 +.PHONY: $(PHONY)
 -- 
-1.7.11.7
+1.7.7.6
 

modsign-upstream-3.7.patch

@@ -10961,3 +10961,37 @@ index d37d130..87ca59d 100755
 -- 
 1.7.12.1
 
+From f6a79af8f3701b5a0df431a76adee212616154dc Mon Sep 17 00:00:00 2001
+From: Rusty Russell <rusty@rustcorp.com.au>
+Date: Tue, 6 Nov 2012 11:46:59 +1030
+Subject: [PATCH] modules: don't break modules_install on external modules
+ with no key.
+
+The script still spits out an error ("Can't read private key") but we
+don't break modules_install.
+
+Reported-by: Bruno Wolff III <bruno@wolff.to>
+Original-patch-by: Josh Boyer <jwboyer@redhat.com>
+Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
+---
+ scripts/Makefile.modinst |    3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
+index dda4b2b..ecbb447 100644
+--- a/scripts/Makefile.modinst
++++ b/scripts/Makefile.modinst
+@@ -16,8 +16,9 @@ PHONY += $(modules)
+ __modinst: $(modules)
+ 	@:
+ 
++# Don't stop modules_install if we can't sign external modules.
+ quiet_cmd_modules_install = INSTALL $@
+-      cmd_modules_install = mkdir -p $(2); cp $@ $(2) ; $(mod_strip_cmd) $(2)/$(notdir $@) ; $(mod_sign_cmd) $(2)/$(notdir $@)
++      cmd_modules_install = mkdir -p $(2); cp $@ $(2) ; $(mod_strip_cmd) $(2)/$(notdir $@) ; $(mod_sign_cmd) $(2)/$(notdir $@) $(patsubst %,|| true,$(KBUILD_EXTMOD))
+ 
+ # Modules built outside the kernel source tree go into extra by default
+ INSTALL_MOD_DIR ?= extra
+-- 
+1.7.6.5
+