Re: [PATCH] builddeb: fix stripped module signatures if CONFIG_DEBUG_INFO and CONFIG_MODULE_SIG_ALL are set

[Ben Hutchings]

On Mon, 2015-05-04 at 18:37 +0300, Andrey Skvortsov wrote:
> On 22 Apr, maximilian attems wrote:
> > On Tue, Apr 21, 2015 at 03:58:48PM +0200, Michal Marek wrote:
> > > (added Max to Cc)
> > > 
> > > On 2015-03-16 09:20, Andrey Skvortsov wrote:
> > > > If CONFIG_MODULE_SIG_ALL is set, then user expects that all modules are
> > > > automatically signed in the result package, as it's for rpm-pkg, binrpm-pkg,
> > > > tar, tar-*. For deb-pkg this is correct only if CONFIG_DEBUG_INFO
> > > > is NOT set. In that case deb-package contains signed modules.
> > > > 
> > > > But if CONFIG_DEBUG_INFO is set, builddeb creates separate package with
> > > > debug information. To do that, debug information from all modules
> > > > is copied into separate files by objcopy. And loadable kernel modules are
> > > > stripped afterwards. Stripping removes previously (during modules_install)
> > > > added signatures from loadable kernel modules. Therefore final deb-package
> > > > contains unsigned modules despite of set option CONFIG_MODULE_SIG_ALL.
> > > > 
> > > > This patch resigns all stripped modules if CONFIG_MODULE_SIG_ALL is set
> > > > to solve this problem.
> > > > 
> > > > Signed-off-by: Andrey Skvortsov <andrej.skvortzov@xxxxxxxxx>
> > > 
> > > Max, Ben, are you fine with this patch? It looks OK to me, the
> > > modules_sign target has been added for this very purpose.
> > > 
> > 
> > Ben seems busy with the release, so jumping in. The patch looks
> > perfect to me.
> > 
> > Acked-by: maximilian attems <max@xxxxxxx>
> > 
> Maximilian, thanks for the review.
> 
> Michal, are we waiting for Ben's acknowledge too?

Don't wait for me.

Ben.

-- 
Ben Hutchings
If you seem to know what you are doing, you'll be given more to do.

Attachment: signature.asc
Description: This is a digitally signed message part