Resolves: rhbz2231632
Resolves: rhbz2231635
This commit is contained in:
Frank Ch. Eigler
parent
27a7ba2b7d
commit
f963e1f652
1845
pr29108.patch
Normal file
1845
pr29108.patch
Normal file
File diff suppressed because it is too large
Load Diff
99
pr30749.patch
Normal file
99
pr30749.patch
Normal file
@ -0,0 +1,99 @@
|
|||||||
|
commit 9839db5514a29cf4f58b3de8cc6155088be6d061
|
||||||
|
gpg: Signature made Sat 12 Aug 2023 02:49:26 PM EDT
|
||||||
|
gpg: using RSA key 5D38116FA4D3A7CC77E378D37E83610126DCC2E8
|
||||||
|
gpg: Good signature from "Frank Ch. Eigler <fche@elastic.org>" [full]
|
||||||
|
Author: Frank Ch. Eigler <fche@redhat.com>
|
||||||
|
Date: Sat Aug 12 14:28:44 2023 -0400
|
||||||
|
|
||||||
|
PR30749: correct stap --sign-module timing
|
||||||
|
|
||||||
|
Previous code signed the temp directory copy, after it had already
|
||||||
|
been copied into the cache -- so the signature never made it to a
|
||||||
|
permanent artifact.
|
||||||
|
|
||||||
|
If the module was being fetched from the cache from a previous build
|
||||||
|
run, a sign (re)attempt will still be done. This may not be
|
||||||
|
necessary, but shouldn't be harmful.
|
||||||
|
|
||||||
|
Reported-By: Renaud Métrich <rmetrich@redhat.com>
|
||||||
|
|
||||||
|
diff --git a/main.cxx b/main.cxx
|
||||||
|
index 06adb66ad..9f695cbd8 100644
|
||||||
|
--- a/main.cxx
|
||||||
|
+++ b/main.cxx
|
||||||
|
@@ -1190,8 +1190,10 @@ passes_0_4 (systemtap_session &s)
|
||||||
|
s.mok_fingerprints.clear();
|
||||||
|
s.mok_fingerprints.push_back(mok_fingerprint);
|
||||||
|
}
|
||||||
|
- rc =
|
||||||
|
- sign_module (s.tmpdir, s.module_filename(), s.mok_fingerprints, mok_path, s.kernel_build_tree);
|
||||||
|
+ if (s.verbose)
|
||||||
|
+ clog << _F("Signing %s with mok key %s", s.module_filename().c_str(), mok_path.c_str())
|
||||||
|
+ << endl;
|
||||||
|
+ rc = sign_module (s.tmpdir, s.module_filename(), s.mok_fingerprints, mok_path, s.kernel_build_tree);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
@@ -1310,8 +1312,30 @@ passes_0_4 (systemtap_session &s)
|
||||||
|
if (! s.use_script_cache && s.last_pass <= 4)
|
||||||
|
s.save_module = true;
|
||||||
|
|
||||||
|
+#if HAVE_NSS
|
||||||
|
+ // PR30749
|
||||||
|
+ if (!rc && s.module_sign_given)
|
||||||
|
+ {
|
||||||
|
+ // when run on client as --sign-module, mok fingerprints are result of mokutil -l
|
||||||
|
+ // when run from server as --sign-module=PATH, mok fingerprint is given by PATH
|
||||||
|
+ string mok_path;
|
||||||
|
+ if (!s.module_sign_mok_path.empty())
|
||||||
|
+ {
|
||||||
|
+ string mok_fingerprint;
|
||||||
|
+ split_path (s.module_sign_mok_path, mok_path, mok_fingerprint);
|
||||||
|
+ s.mok_fingerprints.clear();
|
||||||
|
+ s.mok_fingerprints.push_back(mok_fingerprint);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ if (s.verbose)
|
||||||
|
+ clog << _F("Signing %s with mok key %s", s.module_filename().c_str(), mok_path.c_str())
|
||||||
|
+ << endl;
|
||||||
|
+ rc = sign_module (s.tmpdir, s.module_filename(), s.mok_fingerprints, mok_path, s.kernel_build_tree);
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
// Copy module to the current directory.
|
||||||
|
- if (s.save_module && !pending_interrupts)
|
||||||
|
+ if (!rc && s.save_module && !pending_interrupts)
|
||||||
|
{
|
||||||
|
string module_src_path = s.tmpdir + "/" + s.module_filename();
|
||||||
|
string module_dest_path = s.module_filename();
|
||||||
|
@@ -1327,29 +1351,11 @@ passes_0_4 (systemtap_session &s)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
-#if HAVE_NSS
|
||||||
|
- if (s.module_sign_given)
|
||||||
|
- {
|
||||||
|
- // when run on client as --sign-module, mok fingerprints are result of mokutil -l
|
||||||
|
- // when run from server as --sign-module=PATH, mok fingerprint is given by PATH
|
||||||
|
- string mok_path;
|
||||||
|
- if (!s.module_sign_mok_path.empty())
|
||||||
|
- {
|
||||||
|
- string mok_fingerprint;
|
||||||
|
- split_path (s.module_sign_mok_path, mok_path, mok_fingerprint);
|
||||||
|
- s.mok_fingerprints.clear();
|
||||||
|
- s.mok_fingerprints.push_back(mok_fingerprint);
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- rc = sign_module (s.tmpdir, s.module_filename(), s.mok_fingerprints, mok_path, s.kernel_build_tree);
|
||||||
|
- }
|
||||||
|
-#endif
|
||||||
|
-
|
||||||
|
PROBE1(stap, pass4__end, &s);
|
||||||
|
|
||||||
|
return rc;
|
||||||
|
}
|
||||||
|
-
|
||||||
|
+
|
||||||
|
int
|
||||||
|
pass_5 (systemtap_session &s, vector<remote*> targets)
|
||||||
|
{
|
||||||
@ -123,7 +123,7 @@ m stapdev stapdev
|
|||||||
Name: systemtap
|
Name: systemtap
|
||||||
# PRERELEASE
|
# PRERELEASE
|
||||||
Version: 4.9
|
Version: 4.9
|
||||||
Release: 2%{?release_override}%{?dist}
|
Release: 3%{?release_override}%{?dist}
|
||||||
# for version, see also configure.ac
|
# for version, see also configure.ac
|
||||||
|
|
||||||
|
|
||||||
@ -162,6 +162,8 @@ Source: ftp://sourceware.org/pub/systemtap/releases/systemtap-%{version}.tar.gz
|
|||||||
|
|
||||||
Patch1: rhbz2223733.patch
|
Patch1: rhbz2223733.patch
|
||||||
Patch2: rhbz2223735.patch
|
Patch2: rhbz2223735.patch
|
||||||
|
Patch3: pr29108.patch
|
||||||
|
Patch4: pr30749.patch
|
||||||
|
|
||||||
|
|
||||||
# Build*
|
# Build*
|
||||||
@ -594,6 +596,8 @@ or within a container.
|
|||||||
%setup -q
|
%setup -q
|
||||||
%patch -P1 -p1
|
%patch -P1 -p1
|
||||||
%patch -P2 -p1
|
%patch -P2 -p1
|
||||||
|
%patch -P3 -p1
|
||||||
|
%patch -P4 -p1
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
|
||||||
@ -1313,6 +1317,10 @@ exit 0
|
|||||||
|
|
||||||
# PRERELEASE
|
# PRERELEASE
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Aug 14 2023 Frank Ch. Eigler <fche@redhat.com> - 4.9-3
|
||||||
|
- rhbz2231632
|
||||||
|
- rhbz2231635
|
||||||
|
|
||||||
* Tue Jul 18 2023 Frank Ch. Eigler <fche@redhat.com> - 4.9-2
|
* Tue Jul 18 2023 Frank Ch. Eigler <fche@redhat.com> - 4.9-2
|
||||||
- rhbz2223733
|
- rhbz2223733
|
||||||
- rhbz2223735
|
- rhbz2223735
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user