forked from rpms/kernel
bc8bcb1212
* Mon May 17 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.13.0-0.rc2.19] - rpmspec: revert/drop content hash for kernel-headers (Herton R. Krzesinski) - rpmspec: fix check that calls InitBuildVars (Herton R. Krzesinski) - fedora: enable zonefs (Damien Le Moal) - redhat: load specific ARCH keys to INTEGRITY_PLATFORM_KEYRING (Bruno Meneguele) - redhat: enable INTEGRITY_TRUSTED_KEYRING across all variants (Bruno Meneguele) - redhat: enable SYSTEM_BLACKLIST_KEYRING across all variants (Bruno Meneguele) - redhat: enable INTEGRITY_ASYMMETRIC_KEYS across all variants (Bruno Meneguele) - Remove unused boot loader specification files (David Ward) - redhat/configs: Enable mlx5 IPsec and TLS offloads (Alaa Hleihel) [1869674 1957636] - Force DWARF4 because crash does not support DWARF5 yet (Justin M. Forbes) - common: disable Apple Silicon generally (Peter Robinson) - cleanup Intel's FPGA configs (Peter Robinson) - common: move PTP KVM support from ark to common (Peter Robinson) - [redhat] perf: enable dynamic linking of libbpf [1957210] - Enable CONFIG_DRM_AMDGPU_USERPTR for everyone (Justin M. Forbes) - redhat: add initial rpminspect configuration (Herton R. Krzesinski) - fedora: arm updates for 5.13 (Peter Robinson) - fedora: Enable WWAN and associated MHI bits (Peter Robinson) - Update CONFIG_MODPROBE_PATH to /usr/sbin (Justin Forbes) - Fedora set modprobe path (Justin M. Forbes) - Keep sctp and l2tp modules in modules-extra (Don Zickus) - Fix ppc64le cross build packaging (Don Zickus) - Fedora: Make amd_pinctrl module builtin (Hans de Goede) - Keep CONFIG_KASAN_HW_TAGS off for aarch64 debug configs (Justin M. Forbes) - New configs in drivers/bus (Fedora Kernel Team) - RHEL: Don't build KVM PR module on ppc64 (David Gibson) [1930649] - [redhat] spec: Add bzip2 dependency to perf package [1957219] - Flip CONFIG_USB_ROLE_SWITCH from m to y (Justin M. Forbes) - Set valid options for CONFIG_FW_LOADER_USER_HELPER (Justin M. Forbes) - Clean up CONFIG_FB_MODE_HELPERS (Justin M. Forbes) - Turn off CONFIG_VFIO for the s390x zfcpdump kernel (Justin M. Forbes) - Delete unused CONFIG_SND_SOC_MAX98390 pending-common (Justin M. Forbes) - Update pending-common configs, preparing to set correctly (Justin M. Forbes) - Update fedora filters for surface (Justin M. Forbes) - Build CONFIG_CRYPTO_ECDSA inline for s390x zfcpdump (Justin M. Forbes) - Replace "flavour" where "variant" is meant instead (David Ward) - Drop the %%{variant} macro and fix --with-vanilla (David Ward) - Fix syntax of %%kernel_variant_files (David Ward) - Change description of --without-vdso-install to fix typo (David Ward) - Config updates to work around mismatches (Justin M. Forbes) - CONFIG_SND_SOC_FSL_ASOC_CARD selects CONFIG_MFD_WM8994 now (Justin M. Forbes) - wireguard: disable in FIPS mode (Hangbin Liu) [1940794] - Enable mtdram for fedora (rhbz 1955916) (Justin M. Forbes) - Remove reference to bpf-helpers man page (Justin M. Forbes) - Fedora: enable more modules for surface devices (Dave Olsthoorn) - Fix Fedora config mismatch for CONFIG_FSL_ENETC_IERB (Justin M. Forbes) - hardlink is in /usr/bin/ now (Justin M. Forbes) - Ensure CONFIG_KVM_BOOK3S_64_PR stays on in Fedora, even if it is turned off in RHEL (Justin M. Forbes) - Set date in package release from repository commit, not system clock (David Ward) - Use a better upstream tarball filename for snapshots (David Ward) - Don't create empty pending-common files on pending-fedora commits (Don Zickus) - nvme: decouple basic ANA log page re-read support from native multipathing (Mike Snitzer) [1948690] - nvme: allow local retry and proper failover for REQ_FAILFAST_TRANSPORT (Mike Snitzer) [1948690] - nvme: Return BLK_STS_TARGET if the DNR bit is set (Mike Snitzer) [1948690] - Add redhat/configs/pending-common/generic/s390x/zfcpdump/CONFIG_NETFS_SUPPORT (Justin M. Forbes) Resolves: rhbz#1957219, rhbz#1930649, rhbz#1957210 Signed-off-by: Herton R. Krzesinski <herton@redhat.com>
38 lines
1.1 KiB
Bash
Executable File
38 lines
1.1 KiB
Bash
Executable File
#! /bin/bash
|
|
|
|
# The modules_sign target checks for corresponding .o files for every .ko that
|
|
# is signed. This doesn't work for package builds which re-use the same build
|
|
# directory for every variant, and the .config may change between variants.
|
|
# So instead of using this script to just sign lib/modules/$KernelVer/extra,
|
|
# sign all .ko in the buildroot.
|
|
|
|
# This essentially duplicates the 'modules_sign' Kbuild target and runs the
|
|
# same commands for those modules.
|
|
|
|
MODSECKEY=$1
|
|
MODPUBKEY=$2
|
|
moddir=$3
|
|
|
|
modules=$(find "$moddir" -type f -name '*.ko')
|
|
|
|
NPROC=$(nproc)
|
|
[ -z "$NPROC" ] && NPROC=1
|
|
|
|
# NB: this loop runs 2000+ iterations. Try to be fast.
|
|
echo "$modules" | xargs -r -n16 -P $NPROC sh -c "
|
|
for mod; do
|
|
./scripts/sign-file sha256 $MODSECKEY $MODPUBKEY \$mod
|
|
rm -f \$mod.sig \$mod.dig
|
|
done
|
|
" DUMMYARG0 # xargs appends ARG1 ARG2..., which go into $mod in for loop.
|
|
|
|
RANDOMMOD=$(echo "$modules" | sort -R | head -n 1)
|
|
if [ "~Module signature appended~" != "$(tail -c 28 "$RANDOMMOD")" ]; then
|
|
echo "*****************************"
|
|
echo "*** Modules are unsigned! ***"
|
|
echo "*****************************"
|
|
exit 1
|
|
fi
|
|
|
|
exit 0
|