simplify the signing stuff now that sign-file takes pub/priv key args

also fix %{with_*} tests (which jan stancek sent for rhel, thanks!)
This commit is contained in:
Kyle McMartin 2013-03-28 15:01:42 -04:00
parent 60044b936a
commit 63cb38bed6
2 changed files with 13 additions and 23 deletions

View File

@ -1885,25 +1885,17 @@ find Documentation -type d | xargs chmod u+w
%define __modsign_install_post \
if [ "%{signmodules}" == "1" ]; then \
if [ "%{with_pae}" != "0" ]; then \
mv signing_key.priv.sign.PAE signing_key.priv \
mv signing_key.x509.sign.PAE signing_key.x509 \
%{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAE/ \
if [ "%{with_pae}" -ne "0" ]; then \
%{modsign_cmd} signing_key.priv.sign.PAE signing_key.x509.sign.PAE $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAE/ \
fi \
if [ "%{with_debug}" != "0" ]; then \
mv signing_key.priv.sign.debug signing_key.priv \
mv signing_key.x509.sign.debug signing_key.x509 \
%{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.debug/ \
if [ "%{with_debug}" -ne "0" ]; then \
%{modsign_cmd} signing_key.priv.sign.debug signing_key.x509.sign.debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.debug/ \
fi \
if [ "%{with_pae_debug}" != "0" ]; then \
mv signing_key.priv.sign.PAEdebug signing_key.priv \
mv signing_key.x509.sign.PAEdebug signing_key.x509 \
%{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAEdebug/ \
if [ "%{with_pae_debug}" -ne "0" ]; then \
%{modsign_cmd} signing_key.priv.sign.PAEdebug signing_key.x509.sign.PAEdebug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAEdebug/ \
fi \
if [ "%{with_up}" != "0" ]; then \
mv signing_key.priv.sign signing_key.priv \
mv signing_key.x509.sign signing_key.x509 \
%{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
if [ "%{with_up}" != -ne "0" ]; then \
%{modsign_cmd} signing_key.priv.sign signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
fi \
fi \
%{nil}

View File

@ -9,21 +9,19 @@
# This essentially duplicates the 'modules_sign' Kbuild target and runs the
# same commands for those modules.
moddir=$1
MODSECKEY=$1
MODPUBKEY=$2
moddir=$3
modules=`find $moddir -name *.ko`
MODSECKEY="./signing_key.priv"
MODPUBKEY="./signing_key.x509"
for mod in $modules
do
dir=`dirname $mod`
file=`basename $mod`
./scripts/sign-file sha256 ${MODSECKEY} ${MODPUBKEY} ${dir}/${file} \
${dir}/${file}.signed
mv ${dir}/${file}.signed ${dir}/${file}
./scripts/sign-file sha256 ${MODSECKEY} ${MODPUBKEY} ${dir}/${file}
rm -f ${dir}/${file}.{sig,dig}
done