[kernel/f18] Add patch to not break modules_install for external module builds
Josh Boyer
jwboyer at fedoraproject.org
Wed Nov 7 16:20:29 UTC 2012
commit cd6bdb99f51fc71efe3c002bcb2cddf6bb620af0
Author: Josh Boyer <jwboyer at redhat.com>
Date: Wed Nov 7 08:58:54 2012 -0500
Add patch to not break modules_install for external module builds
kernel.spec | 5 +++-
modsign-post-KS-jwb.patch | 63 ++++++++++---------------------------------
modsign-upstream-3.7.patch | 34 +++++++++++++++++++++++
3 files changed, 53 insertions(+), 49 deletions(-)
---
diff --git a/kernel.spec b/kernel.spec
index b86ecc6..a69036b 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -62,7 +62,7 @@ Summary: The Linux kernel
# For non-released -rc kernels, this will be appended after the rcX and
# gitX tags, so a 3 here would become part of release "0.rcX.gitX.3"
#
-%global baserelease 3
+%global baserelease 4
%global fedora_build %{baserelease}
# base_sublevel is the kernel version we're starting with and patching
@@ -2380,6 +2380,9 @@ fi
# ||----w |
# || ||
%changelog
+* Wed Nov 07 2012 Josh Boyer <jwboyer at redhat.com>
+- Add patch to not break modules_install for external module builds
+
* Mon Nov 05 2012 Josh Boyer <jwboyer at redhat.com> - 3.6.6-3
- Backport efivarfs from efi/next for moktools
- Fix build break without CONFIG_EFI set (reported by Peter W. Bowey)
diff --git a/modsign-post-KS-jwb.patch b/modsign-post-KS-jwb.patch
index ba94217..1bafd22 100644
--- a/modsign-post-KS-jwb.patch
+++ b/modsign-post-KS-jwb.patch
@@ -1,58 +1,25 @@
-From f1fa90d02f50078a89da602d73dc9ab7743439ba Mon Sep 17 00:00:00 2001
+From 56713a28675b966e027a824a0130b80dffab209f Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer at redhat.com>
-Date: Mon, 24 Sep 2012 10:46:36 -0400
-Subject: [PATCH 2/2] MODSIGN: Add modules_sign make target
+Date: Mon, 5 Nov 2012 09:09:24 +1030
+Subject: [PATCH] MODSIGN: Add modules_sign make target
If CONFIG_MODULE_SIG is set, and 'make modules_sign' is called then this
-patch will cause the modules to get a signature installed. The make target
+patch will cause the modules to get a signature appended. The make target
is intended to be run after 'make modules_install', and will modify the
-modules in-place in the installed location.
+modules in-place in the installed location. It can be used to produce
+signed modules after they have been processed by distribution build
+scripts.
-The signature will be appended to the module, along with some information
-about the signature size and a magic string that indicates the presence of
-the signature. This requires private and public keys to be available. By
-default these are expected to be found in files:
-
- signing_key.priv
- signing_key.x509
-
-in the base directory of the build. The first is the private key in PEM
-form and the second is the X.509 certificate in DER form as can be generated
-from openssl:
-
- openssl req \
- -new -x509 -outform PEM -out signing_key.x509 \
- -keyout signing_key.priv -nodes \
- -subj "/CN=H2G2/O=Magrathea/CN=Slartibartfast"
-
-If the secret key is not found then signing will be skipped and the unsigned
-module from (1) will just be copied to foo.ko.
-
-If signing occurs, lines like the following will be seen:
-
- SIGN [M] <install path>/fs/foo/foo.ko
-
-will appear in the build log. If the signature step will be skipped and the
-following will be seen:
-
- NO SIGN [M] <install path>/fs/foo/foo.ko
-
-NOTE! After the signature step, the signed module must not be passed through
-strip. If you wish to strip or otherwise modify the kernel modules, use the
-built-in stripping capabilities with 'make modules_install' or perform said
-modifications before calling this make target. This restriction may affect
-packaging tools (such as rpmbuild) and initramfs composition tools.
-
-Based heavily on work by: David Howells <dhowells at redhat.com>
Signed-off-by: Josh Boyer <jwboyer at redhat.com>
+Signed-off-by: Rusty Russell <rusty at rustcorp.com.au> (minor typo fix)
---
- Makefile | 6 ++++++
- scripts/Makefile.modsign | 32 ++++++++++++++++++++++++++++++++
- 2 files changed, 38 insertions(+)
+ Makefile | 6 ++++++
+ scripts/Makefile.modsign | 32 ++++++++++++++++++++++++++++++++
+ 2 files changed, 38 insertions(+), 0 deletions(-)
create mode 100644 scripts/Makefile.modsign
diff --git a/Makefile b/Makefile
-index 89a2e2c..ac04c11 100644
+index 42d0e56..253aa1b 100644
--- a/Makefile
+++ b/Makefile
@@ -981,6 +981,12 @@ _modinst_post: _modinst_
@@ -70,7 +37,7 @@ index 89a2e2c..ac04c11 100644
# Modules not configured
diff --git a/scripts/Makefile.modsign b/scripts/Makefile.modsign
new file mode 100644
-index 0000000..670d5dc
+index 0000000..abfda62
--- /dev/null
+++ b/scripts/Makefile.modsign
@@ -0,0 +1,32 @@
@@ -103,9 +70,9 @@ index 0000000..670d5dc
+ $(call cmd,sign_ko,$(MODLIB)/$(modinst_dir))
+
+# Declare the contents of the .PHONY variable as phony. We keep that
-+# # information in a variable se we can use it in if_changed and friends.
++# information in a variable se we can use it in if_changed and friends.
+
+.PHONY: $(PHONY)
--
-1.7.11.7
+1.7.7.6
diff --git a/modsign-upstream-3.7.patch b/modsign-upstream-3.7.patch
index 4ed27c8..33fd059 100644
--- a/modsign-upstream-3.7.patch
+++ b/modsign-upstream-3.7.patch
@@ -10961,3 +10961,37 @@ index d37d130..87ca59d 100755
--
1.7.12.1
+From f6a79af8f3701b5a0df431a76adee212616154dc Mon Sep 17 00:00:00 2001
+From: Rusty Russell <rusty at rustcorp.com.au>
+Date: Tue, 6 Nov 2012 11:46:59 +1030
+Subject: [PATCH] modules: don't break modules_install on external modules
+ with no key.
+
+The script still spits out an error ("Can't read private key") but we
+don't break modules_install.
+
+Reported-by: Bruno Wolff III <bruno at wolff.to>
+Original-patch-by: Josh Boyer <jwboyer at redhat.com>
+Signed-off-by: Rusty Russell <rusty at rustcorp.com.au>
+---
+ scripts/Makefile.modinst | 3 ++-
+ 1 files changed, 2 insertions(+), 1 deletions(-)
+
+diff --git a/scripts/Makefile.modinst b/scripts/Makefile.modinst
+index dda4b2b..ecbb447 100644
+--- a/scripts/Makefile.modinst
++++ b/scripts/Makefile.modinst
+@@ -16,8 +16,9 @@ PHONY += $(modules)
+ __modinst: $(modules)
+ @:
+
++# Don't stop modules_install if we can't sign external modules.
+ quiet_cmd_modules_install = INSTALL $@
+- cmd_modules_install = mkdir -p $(2); cp $@ $(2) ; $(mod_strip_cmd) $(2)/$(notdir $@) ; $(mod_sign_cmd) $(2)/$(notdir $@)
++ cmd_modules_install = mkdir -p $(2); cp $@ $(2) ; $(mod_strip_cmd) $(2)/$(notdir $@) ; $(mod_sign_cmd) $(2)/$(notdir $@) $(patsubst %,|| true,$(KBUILD_EXTMOD))
+
+ # Modules built outside the kernel source tree go into extra by default
+ INSTALL_MOD_DIR ?= extra
+--
+1.7.6.5
+
More information about the scm-commits
mailing list