kernel/mod-sign.sh

38 lines
1.1 KiB
Bash
Raw Permalink Normal View History

#! /bin/bash
# The modules_sign target checks for corresponding .o files for every .ko that
# is signed. This doesn't work for package builds which re-use the same build
kernel-5.13.0-0.rc2.19.el9 * Mon May 17 2021 Fedora Kernel Team <kernel-team@fedoraproject.org> [5.13.0-0.rc2.19] - rpmspec: revert/drop content hash for kernel-headers (Herton R. Krzesinski) - rpmspec: fix check that calls InitBuildVars (Herton R. Krzesinski) - fedora: enable zonefs (Damien Le Moal) - redhat: load specific ARCH keys to INTEGRITY_PLATFORM_KEYRING (Bruno Meneguele) - redhat: enable INTEGRITY_TRUSTED_KEYRING across all variants (Bruno Meneguele) - redhat: enable SYSTEM_BLACKLIST_KEYRING across all variants (Bruno Meneguele) - redhat: enable INTEGRITY_ASYMMETRIC_KEYS across all variants (Bruno Meneguele) - Remove unused boot loader specification files (David Ward) - redhat/configs: Enable mlx5 IPsec and TLS offloads (Alaa Hleihel) [1869674 1957636] - Force DWARF4 because crash does not support DWARF5 yet (Justin M. Forbes) - common: disable Apple Silicon generally (Peter Robinson) - cleanup Intel's FPGA configs (Peter Robinson) - common: move PTP KVM support from ark to common (Peter Robinson) - [redhat] perf: enable dynamic linking of libbpf [1957210] - Enable CONFIG_DRM_AMDGPU_USERPTR for everyone (Justin M. Forbes) - redhat: add initial rpminspect configuration (Herton R. Krzesinski) - fedora: arm updates for 5.13 (Peter Robinson) - fedora: Enable WWAN and associated MHI bits (Peter Robinson) - Update CONFIG_MODPROBE_PATH to /usr/sbin (Justin Forbes) - Fedora set modprobe path (Justin M. Forbes) - Keep sctp and l2tp modules in modules-extra (Don Zickus) - Fix ppc64le cross build packaging (Don Zickus) - Fedora: Make amd_pinctrl module builtin (Hans de Goede) - Keep CONFIG_KASAN_HW_TAGS off for aarch64 debug configs (Justin M. Forbes) - New configs in drivers/bus (Fedora Kernel Team) - RHEL: Don't build KVM PR module on ppc64 (David Gibson) [1930649] - [redhat] spec: Add bzip2 dependency to perf package [1957219] - Flip CONFIG_USB_ROLE_SWITCH from m to y (Justin M. Forbes) - Set valid options for CONFIG_FW_LOADER_USER_HELPER (Justin M. Forbes) - Clean up CONFIG_FB_MODE_HELPERS (Justin M. Forbes) - Turn off CONFIG_VFIO for the s390x zfcpdump kernel (Justin M. Forbes) - Delete unused CONFIG_SND_SOC_MAX98390 pending-common (Justin M. Forbes) - Update pending-common configs, preparing to set correctly (Justin M. Forbes) - Update fedora filters for surface (Justin M. Forbes) - Build CONFIG_CRYPTO_ECDSA inline for s390x zfcpdump (Justin M. Forbes) - Replace "flavour" where "variant" is meant instead (David Ward) - Drop the %%{variant} macro and fix --with-vanilla (David Ward) - Fix syntax of %%kernel_variant_files (David Ward) - Change description of --without-vdso-install to fix typo (David Ward) - Config updates to work around mismatches (Justin M. Forbes) - CONFIG_SND_SOC_FSL_ASOC_CARD selects CONFIG_MFD_WM8994 now (Justin M. Forbes) - wireguard: disable in FIPS mode (Hangbin Liu) [1940794] - Enable mtdram for fedora (rhbz 1955916) (Justin M. Forbes) - Remove reference to bpf-helpers man page (Justin M. Forbes) - Fedora: enable more modules for surface devices (Dave Olsthoorn) - Fix Fedora config mismatch for CONFIG_FSL_ENETC_IERB (Justin M. Forbes) - hardlink is in /usr/bin/ now (Justin M. Forbes) - Ensure CONFIG_KVM_BOOK3S_64_PR stays on in Fedora, even if it is turned off in RHEL (Justin M. Forbes) - Set date in package release from repository commit, not system clock (David Ward) - Use a better upstream tarball filename for snapshots (David Ward) - Don't create empty pending-common files on pending-fedora commits (Don Zickus) - nvme: decouple basic ANA log page re-read support from native multipathing (Mike Snitzer) [1948690] - nvme: allow local retry and proper failover for REQ_FAILFAST_TRANSPORT (Mike Snitzer) [1948690] - nvme: Return BLK_STS_TARGET if the DNR bit is set (Mike Snitzer) [1948690] - Add redhat/configs/pending-common/generic/s390x/zfcpdump/CONFIG_NETFS_SUPPORT (Justin M. Forbes) Resolves: rhbz#1957219, rhbz#1930649, rhbz#1957210 Signed-off-by: Herton R. Krzesinski <herton@redhat.com>
2021-05-17 22:16:50 +00:00
# directory for every variant, and the .config may change between variants.
# So instead of using this script to just sign lib/modules/$KernelVer/extra,
# sign all .ko in the buildroot.
# This essentially duplicates the 'modules_sign' Kbuild target and runs the
# same commands for those modules.
MODSECKEY=$1
MODPUBKEY=$2
moddir=$3
modules=$(find "$moddir" -type f -name '*.ko')
NPROC=$(nproc)
[ -z "$NPROC" ] && NPROC=1
# NB: this loop runs 2000+ iterations. Try to be fast.
kernel-5.14.0-365.el9 * Tue Sep 12 2023 Scott Weaver <scweaver@redhat.com> [5.14.0-365.el9] - redhat/self-test: Remove rpmlint test (Prarit Bhargava) - redhat: shellcheck script fixes (Prarit Bhargava) - redhat/self-test: Clean up tests that do not work in CS9/RHEL9 (Prarit Bhargava) - redhat/self-test/data: Rework data (Prarit Bhargava) - redhat/kernel.spec.template: update compression variables to support zstd (Brian Masney) [RHEL-2376] - kernel.spec.template: Add global compression variables (Brian Masney) [RHEL-2376] - platform/x86/intel/tpmi: Add debugfs interface (David Arcari) [2177011] - platform/x86/intel/tpmi: Read feature control status (David Arcari) [2177011] - redhat/configs: enable CONFIG_INTEL_TPMI (David Arcari) [2177011] - platform/x86/intel/tpmi: Prevent overflow for cap_offset (David Arcari) [2177011] - platform/x86/intel: tpmi: Remove hardcoded unit and offset (David Arcari) [2177011] - platform/x86/intel: tpmi: Revise the comment of intel_vsec_add_aux (David Arcari) [2177011] - platform/x86/intel: tpmi: Fix double free in tpmi_create_device() (David Arcari) [2177011] - platform/x86/intel/tpmi: Fix double free reported by Smatch (David Arcari) [2177011] - platform/x86/intel/tpmi: ADD tpmi external interface for tpmi feature drivers (David Arcari) [2177011] - platform/x86/intel/tpmi: Process CPU package mapping (David Arcari) [2177011] - platform/x86/intel: Intel TPMI enumeration driver (David Arcari) [2177011] Resolves: rhbz#2177011, RHEL-2376 Signed-off-by: Scott Weaver <scweaver@redhat.com>
2023-09-12 12:27:19 +00:00
echo "$modules" | xargs -r -n16 -P "$NPROC" sh -c "
for mod; do
./scripts/sign-file sha256 $MODSECKEY $MODPUBKEY \$mod
rm -f \$mod.sig \$mod.dig
done
" DUMMYARG0 # xargs appends ARG1 ARG2..., which go into $mod in for loop.
RANDOMMOD=$(echo "$modules" | sort -R | head -n 1)
if [ "~Module signature appended~" != "$(tail -c 28 "$RANDOMMOD")" ]; then
echo "*****************************"
echo "*** Modules are unsigned! ***"
echo "*****************************"
exit 1
fi
exit 0