From 516d9dac1d8650fc21bdf13cfcd7e400fb925cdb Mon Sep 17 00:00:00 2001 From: Ben Hutchings Date: Sun, 3 Apr 2016 21:38:02 +0100 Subject: [PATCH] debian/config: Add config variable to control module signing in linux-signed - Enable it by default - Disable it for armel/marvell since signature verification is not enabled. - Disable it for mips and mipsel so linux-signed can be uploaded without waiting for them to build - Disable it for all architectures not in the main archive, as linux-signed won't support them (at least, not initially). We don't need a variable to control signing of the image, because we should do that for all flavours that have CONFIG_EFI_STUB=y. --- debian/bin/gencontrol.py | 1 + debian/config/alpha/defines | 2 ++ debian/config/armel/defines | 4 ++++ debian/config/defines | 4 ++++ debian/config/hppa/defines | 2 ++ debian/config/m68k/defines | 2 ++ debian/config/mips/defines | 2 ++ debian/config/mips64/defines | 2 ++ debian/config/mips64el/defines | 2 ++ debian/config/mipsel/defines | 2 ++ debian/config/powerpcspe/defines | 2 ++ debian/config/ppc64/defines | 2 ++ debian/config/sh4/defines | 2 ++ debian/config/sparc64/defines | 2 ++ 14 files changed, 31 insertions(+) diff --git a/debian/bin/gencontrol.py b/debian/bin/gencontrol.py index 0aa687855..6584b7cce 100755 --- a/debian/bin/gencontrol.py +++ b/debian/bin/gencontrol.py @@ -23,6 +23,7 @@ class Gencontrol(Base): }, 'build': { 'debug-info': config.SchemaItemBoolean(), + 'signed-modules': config.SchemaItemBoolean(), 'vdso': config.SchemaItemBoolean(), }, 'description': { diff --git a/debian/config/alpha/defines b/debian/config/alpha/defines index 971b7f0dd..386809d8d 100644 --- a/debian/config/alpha/defines +++ b/debian/config/alpha/defines @@ -4,6 +4,8 @@ kernel-arch: alpha [build] image-file: arch/alpha/boot/vmlinux.gz +# linux-signed only works for architectures in the main archive +signed-modules: false [image] suggests: aboot, fdutils diff --git a/debian/config/armel/defines b/debian/config/armel/defines index 70798d5fa..0a6341a7e 100644 --- a/debian/config/armel/defines +++ b/debian/config/armel/defines @@ -17,6 +17,10 @@ install-stem: vmlinuz [relations] headers%gcc-5: linux-compiler-gcc-5-arm +[marvell_build] +# Signature verification disabled to save on code size +signed-modules: false + [marvell_description] hardware: Marvell Kirkwood/Orion hardware-long: Marvell Kirkwood based systems (SheevaPlug, QNAP TS-119/TS-219, etc) diff --git a/debian/config/defines b/debian/config/defines index a2fe96cf4..412966a31 100644 --- a/debian/config/defines +++ b/debian/config/defines @@ -31,6 +31,10 @@ featuresets: none rt +[build] +# Enable module signing by default (implemented in the linux-signed package) +signed-modules: true + [featureset-rt_base] enabled: false diff --git a/debian/config/hppa/defines b/debian/config/hppa/defines index 368576bbe..67351e67b 100644 --- a/debian/config/hppa/defines +++ b/debian/config/hppa/defines @@ -4,6 +4,8 @@ kernel-arch: parisc [build] image-file: vmlinux +# linux-signed only works for architectures in the main archive +signed-modules: false [image] suggests: palo diff --git a/debian/config/m68k/defines b/debian/config/m68k/defines index d5cddc958..dcaef9788 100644 --- a/debian/config/m68k/defines +++ b/debian/config/m68k/defines @@ -6,6 +6,8 @@ kernel-arch: m68k [build] image-file: vmlinux.gz +# linux-signed only works for architectures in the main archive +signed-modules: false [image] suggests: vmelilo, fdutils diff --git a/debian/config/mips/defines b/debian/config/mips/defines index 74f639ef3..55e0fb7bb 100644 --- a/debian/config/mips/defines +++ b/debian/config/mips/defines @@ -7,6 +7,8 @@ kernel-arch: mips [build] image-file: vmlinux +# linux-signed should not wait for slow builds +signed-modules: false [image] install-stem: vmlinux diff --git a/debian/config/mips64/defines b/debian/config/mips64/defines index 450568eab..5e3d537a8 100644 --- a/debian/config/mips64/defines +++ b/debian/config/mips64/defines @@ -6,6 +6,8 @@ kernel-arch: mips [build] image-file: vmlinux +# linux-signed only works for architectures in the main archive +signed-modules: false [image] install-stem: vmlinux diff --git a/debian/config/mips64el/defines b/debian/config/mips64el/defines index 5b198df8b..ca23bfcb5 100644 --- a/debian/config/mips64el/defines +++ b/debian/config/mips64el/defines @@ -7,6 +7,8 @@ kernel-arch: mips [build] image-file: vmlinux +# linux-signed only works for architectures in the main archive +signed-modules: false [image] install-stem: vmlinux diff --git a/debian/config/mipsel/defines b/debian/config/mipsel/defines index a78c3a8ce..536455a4a 100644 --- a/debian/config/mipsel/defines +++ b/debian/config/mipsel/defines @@ -9,6 +9,8 @@ kernel-arch: mips [build] image-file: vmlinux +# linux-signed should not wait for slow builds +signed-modules: false [image] install-stem: vmlinux diff --git a/debian/config/powerpcspe/defines b/debian/config/powerpcspe/defines index adb4bea07..e978279a5 100644 --- a/debian/config/powerpcspe/defines +++ b/debian/config/powerpcspe/defines @@ -5,6 +5,8 @@ kernel-arch: powerpc [build] image-file: vmlinux +# linux-signed only works for architectures in the main archive +signed-modules: false vdso: true [image] diff --git a/debian/config/ppc64/defines b/debian/config/ppc64/defines index 7efcb1a95..86b6b2057 100644 --- a/debian/config/ppc64/defines +++ b/debian/config/ppc64/defines @@ -5,6 +5,8 @@ kernel-arch: powerpc [build] image-file: vmlinux +# linux-signed only works for architectures in the main archive +signed-modules: false vdso: true [image] diff --git a/debian/config/sh4/defines b/debian/config/sh4/defines index e8e5a9e14..a50ed413f 100644 --- a/debian/config/sh4/defines +++ b/debian/config/sh4/defines @@ -6,6 +6,8 @@ kernel-arch: sh [build] image-file: arch/sh/boot/zImage +# linux-signed only works for architectures in the main archive +signed-modules: false [image] suggests: fdutils diff --git a/debian/config/sparc64/defines b/debian/config/sparc64/defines index 607a267e3..cd4d9df6a 100644 --- a/debian/config/sparc64/defines +++ b/debian/config/sparc64/defines @@ -6,6 +6,8 @@ kernel-arch: sparc [build] image-file: arch/sparc/boot/zImage +# linux-signed only works for architectures in the main archive +signed-modules: false [image] configs: