simplify the signing stuff now that sign-file takes pub/priv key args
also fix %{with_*} tests (which jan stancek sent for rhel, thanks!)
This commit is contained in:
parent
60044b936a
commit
63cb38bed6
24
kernel.spec
24
kernel.spec
@ -1885,25 +1885,17 @@ find Documentation -type d | xargs chmod u+w
|
|||||||
|
|
||||||
%define __modsign_install_post \
|
%define __modsign_install_post \
|
||||||
if [ "%{signmodules}" == "1" ]; then \
|
if [ "%{signmodules}" == "1" ]; then \
|
||||||
if [ "%{with_pae}" != "0" ]; then \
|
if [ "%{with_pae}" -ne "0" ]; then \
|
||||||
mv signing_key.priv.sign.PAE signing_key.priv \
|
%{modsign_cmd} signing_key.priv.sign.PAE signing_key.x509.sign.PAE $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAE/ \
|
||||||
mv signing_key.x509.sign.PAE signing_key.x509 \
|
|
||||||
%{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAE/ \
|
|
||||||
fi \
|
fi \
|
||||||
if [ "%{with_debug}" != "0" ]; then \
|
if [ "%{with_debug}" -ne "0" ]; then \
|
||||||
mv signing_key.priv.sign.debug signing_key.priv \
|
%{modsign_cmd} signing_key.priv.sign.debug signing_key.x509.sign.debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.debug/ \
|
||||||
mv signing_key.x509.sign.debug signing_key.x509 \
|
|
||||||
%{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.debug/ \
|
|
||||||
fi \
|
fi \
|
||||||
if [ "%{with_pae_debug}" != "0" ]; then \
|
if [ "%{with_pae_debug}" -ne "0" ]; then \
|
||||||
mv signing_key.priv.sign.PAEdebug signing_key.priv \
|
%{modsign_cmd} signing_key.priv.sign.PAEdebug signing_key.x509.sign.PAEdebug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAEdebug/ \
|
||||||
mv signing_key.x509.sign.PAEdebug signing_key.x509 \
|
|
||||||
%{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAEdebug/ \
|
|
||||||
fi \
|
fi \
|
||||||
if [ "%{with_up}" != "0" ]; then \
|
if [ "%{with_up}" != -ne "0" ]; then \
|
||||||
mv signing_key.priv.sign signing_key.priv \
|
%{modsign_cmd} signing_key.priv.sign signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
|
||||||
mv signing_key.x509.sign signing_key.x509 \
|
|
||||||
%{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
|
|
||||||
fi \
|
fi \
|
||||||
fi \
|
fi \
|
||||||
%{nil}
|
%{nil}
|
||||||
|
12
mod-sign.sh
12
mod-sign.sh
@ -9,21 +9,19 @@
|
|||||||
# This essentially duplicates the 'modules_sign' Kbuild target and runs the
|
# This essentially duplicates the 'modules_sign' Kbuild target and runs the
|
||||||
# same commands for those modules.
|
# same commands for those modules.
|
||||||
|
|
||||||
moddir=$1
|
MODSECKEY=$1
|
||||||
|
MODPUBKEY=$2
|
||||||
|
|
||||||
|
moddir=$3
|
||||||
|
|
||||||
modules=`find $moddir -name *.ko`
|
modules=`find $moddir -name *.ko`
|
||||||
|
|
||||||
MODSECKEY="./signing_key.priv"
|
|
||||||
MODPUBKEY="./signing_key.x509"
|
|
||||||
|
|
||||||
for mod in $modules
|
for mod in $modules
|
||||||
do
|
do
|
||||||
dir=`dirname $mod`
|
dir=`dirname $mod`
|
||||||
file=`basename $mod`
|
file=`basename $mod`
|
||||||
|
|
||||||
./scripts/sign-file sha256 ${MODSECKEY} ${MODPUBKEY} ${dir}/${file} \
|
./scripts/sign-file sha256 ${MODSECKEY} ${MODPUBKEY} ${dir}/${file}
|
||||||
${dir}/${file}.signed
|
|
||||||
mv ${dir}/${file}.signed ${dir}/${file}
|
|
||||||
rm -f ${dir}/${file}.{sig,dig}
|
rm -f ${dir}/${file}.{sig,dig}
|
||||||
done
|
done
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user