pkg: fedora: Remove old package setup
This commit is contained in:
Dorian Stoll
parent
5f6172432e
commit
5ef44c41d7
|
|
@ -1,87 +0,0 @@
|
|||
From 4d40b8001ac67866e49659211163ebcc0b17dd73 Mon Sep 17 00:00:00 2001
|
||||
From: Dorian Stoll <dorian.stoll@tmsp.io>
|
||||
Date: Sun, 22 Sep 2019 22:44:16 +0200
|
||||
Subject: [PATCH] Add secureboot pre-signing to the kernel
|
||||
|
||||
If it detects a secure boot certificate at `keys/MOK.key` and `keys/MOK.cer`,
|
||||
the kernel Makefile will automatically sign the vmlinux / bzImage file that
|
||||
gets generated, and that is then used in packaging.
|
||||
|
||||
By integrating it into the kernel build system directly, it is fully integrated
|
||||
with targets like `make deb-pkg` (opposed to `make all`, sign, `make bindeb-pkg`)
|
||||
and it gets added to every tree by the same mechanism that is used to apply the
|
||||
other surface patches anyways.
|
||||
|
||||
Signed-off-by: Dorian Stoll <dorian.stoll@tmsp.io>
|
||||
---
|
||||
.gitignore | 3 +++
|
||||
arch/x86/Makefile | 1 +
|
||||
scripts/sign_kernel.sh | 30 ++++++++++++++++++++++++++++++
|
||||
3 files changed, 34 insertions(+)
|
||||
create mode 100755 scripts/sign_kernel.sh
|
||||
|
||||
diff --git a/.gitignore b/.gitignore
|
||||
index 2030c7a4d2f8..f0705ecd9340 100644
|
||||
--- a/.gitignore
|
||||
+++ b/.gitignore
|
||||
@@ -132,6 +132,9 @@ signing_key.priv
|
||||
signing_key.x509
|
||||
x509.genkey
|
||||
|
||||
+# Secureboot certificate
|
||||
+/keys/
|
||||
+
|
||||
# Kconfig presets
|
||||
/all.config
|
||||
/alldef.config
|
||||
diff --git a/arch/x86/Makefile b/arch/x86/Makefile
|
||||
index 94df0868804b..2c7b7829f0c2 100644
|
||||
--- a/arch/x86/Makefile
|
||||
+++ b/arch/x86/Makefile
|
||||
@@ -284,6 +284,7 @@ endif
|
||||
$(Q)$(MAKE) $(build)=$(boot) $(KBUILD_IMAGE)
|
||||
$(Q)mkdir -p $(objtree)/arch/$(UTS_MACHINE)/boot
|
||||
$(Q)ln -fsn ../../x86/boot/bzImage $(objtree)/arch/$(UTS_MACHINE)/boot/$@
|
||||
+ $(Q)$(srctree)/scripts/sign_kernel.sh $(objtree)/arch/$(UTS_MACHINE)/boot/$@
|
||||
|
||||
$(BOOT_TARGETS): vmlinux
|
||||
$(Q)$(MAKE) $(build)=$(boot) $@
|
||||
diff --git a/scripts/sign_kernel.sh b/scripts/sign_kernel.sh
|
||||
new file mode 100755
|
||||
index 000000000000..d2526a279254
|
||||
--- /dev/null
|
||||
+++ b/scripts/sign_kernel.sh
|
||||
@@ -0,0 +1,30 @@
|
||||
+#!/bin/sh
|
||||
+# SPDX-License-Identifier: GPL-2.0
|
||||
+
|
||||
+# The path to the compiled kernel image is passed as the first argument
|
||||
+BUILDDIR=$(dirname $(dirname $0))
|
||||
+VMLINUX=$1
|
||||
+
|
||||
+# Keys are stored in a toplevel directory called keys
|
||||
+# The following files need to be there:
|
||||
+# * MOK.priv (private key)
|
||||
+# * MOK.pem (public key)
|
||||
+#
|
||||
+# If the files don't exist, this script will do nothing.
|
||||
+if [ ! -f "$BUILDDIR/keys/MOK.key" ]; then
|
||||
+ exit 0
|
||||
+fi
|
||||
+if [ ! -f "$BUILDDIR/keys/MOK.crt" ]; then
|
||||
+ exit 0
|
||||
+fi
|
||||
+
|
||||
+# Both required certificates were found. Check if sbsign is installed.
|
||||
+echo "Keys for automatic secureboot signing found."
|
||||
+if [ ! -x "$(command -v sbsign)" ]; then
|
||||
+ echo "ERROR: sbsign not found!"
|
||||
+ exit -2
|
||||
+fi
|
||||
+
|
||||
+# Sign the kernel
|
||||
+sbsign --key $BUILDDIR/keys/MOK.key --cert $BUILDDIR/keys/MOK.crt \
|
||||
+ --output $VMLINUX $VMLINUX
|
||||
--
|
||||
2.23.0
|
||||
|
||||
|
|
@ -1,10 +0,0 @@
|
|||
##
|
||||
## Forcefully disable debug symbols
|
||||
##
|
||||
|
||||
CONFIG_DEBUG_INFO_NONE=y
|
||||
# CONFIG_DEBUG_INFO is not set
|
||||
# CONFIG_DEBUG_INFO_BTF is not set
|
||||
# CONFIG_DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT is not set
|
||||
# CONFIG_DEBUG_INFO_DWARF4 is not set
|
||||
# CONFIG_DEBUG_INFO_DWARF5 is not set
|
||||
|
|
@ -1,363 +0,0 @@
|
|||
#
|
||||
# Definitions to configure the kernel we want to build
|
||||
#
|
||||
|
||||
%global kernel_tag_fc38 kernel-6.3.5-200.fc38
|
||||
%global kernel_tag_fc37 kernel-6.3.5-100.fc37
|
||||
|
||||
%global kernel_release_fc38 1
|
||||
%global kernel_release_fc37 1
|
||||
|
||||
# This is what is printed in the GRUB menu. These cannot be fetched from the
|
||||
# buildhost, because in a container this will also say container. To get the
|
||||
# same text as the default kernels, just hardcode it. Hey, this is important!
|
||||
%global fedora_title_fc37 38 (Thirty Eight)
|
||||
%global fedora_title_fc37 37 (Thirty Seven)
|
||||
|
||||
%global ls_patches_commit f6d9315b8a3ecaee9f1575d8860a46cf44e79607
|
||||
|
||||
%global sb_crt surface.crt
|
||||
%global sb_key surface.key
|
||||
|
||||
#
|
||||
# Definitions that get automatically generated from the ones above
|
||||
#
|
||||
|
||||
%global kernel_tag %{kernel_tag_fc%{fedora}}
|
||||
%global kernel_release %{kernel_release_fc%{fedora}}
|
||||
%global fedora_title %{fedora_title_fc%{fedora}}
|
||||
|
||||
%global kernel_version %(echo %{kernel_tag} | cut -d'-' -f2)
|
||||
%global kernel_majorver %(echo %{kernel_version} | cut -d'.' -f1-2)
|
||||
%global kernel_patches patches/%{kernel_majorver}
|
||||
|
||||
%global kernel_localversion %{kernel_release}.surface%{?dist}.%{_target_cpu}
|
||||
%global kernel_config kernel-%{kernel_version}-%{_target_cpu}.config
|
||||
%global kernel_name %{kernel_version}-%{kernel_localversion}
|
||||
|
||||
%global fedora_source https://github.com/StollD/linux-fedora
|
||||
%global surface_source https://raw.githubusercontent.com/linux-surface/linux-surface/%{ls_patches_commit}
|
||||
|
||||
%global kernel_modpath %{buildroot}/lib/modules/%{kernel_name}
|
||||
|
||||
#
|
||||
# Actual specfile starts here
|
||||
#
|
||||
|
||||
%bcond_with signkernel
|
||||
|
||||
Name: kernel-surface
|
||||
Summary: The Linux Kernel with patches for Microsoft Surface
|
||||
Version: %{kernel_version}
|
||||
Release: %{kernel_release}%{?dist}
|
||||
License: GPLv2
|
||||
URL: https://github.com/linux-surface/linux-surface
|
||||
|
||||
Provides: installonlypkg(kernel-surface)
|
||||
Provides: kernel-uname-r = %{kernel_name}
|
||||
Provides: kernel-core-uname-r = %{kernel_name}
|
||||
Provides: kernel-modules-uname-r = %{kernel_name}
|
||||
|
||||
Recommends: iptsd
|
||||
|
||||
Requires(pre): coreutils, systemd >= 203-2, /usr/bin/kernel-install
|
||||
Requires(pre): dracut >= 027
|
||||
Requires(pre): linux-firmware >= 20150904-56.git6ebf5d57
|
||||
Requires(preun): systemd >= 200
|
||||
|
||||
BuildRequires: openssl openssl-devel
|
||||
BuildRequires: kmod, patch, bash, tar, git-core, sbsigntools
|
||||
BuildRequires: bzip2, xz, findutils, gzip, m4, perl-interpreter,
|
||||
BuildRequires: perl-Carp, perl-devel, perl-generators, make, diffutils,
|
||||
BuildRequires: gawk, gcc, binutils, redhat-rpm-config, hmaccalc, bison
|
||||
BuildRequires: flex, net-tools, hostname, bc, elfutils-devel
|
||||
BuildRequires: gcc-plugin-devel dwarves
|
||||
|
||||
# Used to mangle unversioned shebangs to be Python 3
|
||||
BuildRequires: python3-devel
|
||||
|
||||
Conflicts: xfsprogs < 4.3.0-1
|
||||
Conflicts: xorg-x11-drv-vmmouse < 13.0.99
|
||||
BuildConflicts: rhbuildsys(DiskFree) < 500Mb
|
||||
BuildConflicts: rpm < 4.13.0.1-19
|
||||
BuildConflicts: dwarves < 1.13
|
||||
|
||||
Source0: %{fedora_source}/archive/%{kernel_tag}.tar.gz
|
||||
Source1: %{surface_source}/configs/surface-%{kernel_majorver}.config
|
||||
Source2: fedora.config
|
||||
|
||||
%if %{with signkernel}
|
||||
Source20: %{sb_crt}
|
||||
Source21: %{sb_key}
|
||||
%endif
|
||||
|
||||
Source100: mod-sign.sh
|
||||
Source101: parallel_xz.sh
|
||||
|
||||
Patch0: %{surface_source}/%{kernel_patches}/0001-surface3-oemb.patch
|
||||
Patch1: %{surface_source}/%{kernel_patches}/0002-mwifiex.patch
|
||||
Patch2: %{surface_source}/%{kernel_patches}/0003-ath10k.patch
|
||||
Patch3: %{surface_source}/%{kernel_patches}/0004-ipts.patch
|
||||
Patch4: %{surface_source}/%{kernel_patches}/0005-ithc.patch
|
||||
Patch5: %{surface_source}/%{kernel_patches}/0006-surface-sam.patch
|
||||
Patch6: %{surface_source}/%{kernel_patches}/0007-surface-sam-over-hid.patch
|
||||
Patch7: %{surface_source}/%{kernel_patches}/0008-surface-button.patch
|
||||
Patch8: %{surface_source}/%{kernel_patches}/0009-surface-typecover.patch
|
||||
Patch9: %{surface_source}/%{kernel_patches}/0010-surface-shutdown.patch
|
||||
Patch10: %{surface_source}/%{kernel_patches}/0011-surface-gpe.patch
|
||||
Patch11: %{surface_source}/%{kernel_patches}/0012-cameras.patch
|
||||
Patch12: %{surface_source}/%{kernel_patches}/0013-amd-gpio.patch
|
||||
Patch13: %{surface_source}/%{kernel_patches}/0014-rtc.patch
|
||||
|
||||
Patch100: 0001-Add-secureboot-pre-signing-to-the-kernel.patch
|
||||
|
||||
ExclusiveArch: x86_64
|
||||
|
||||
%global debug_package %{nil}
|
||||
%global _build_id_links alldebug
|
||||
|
||||
%description
|
||||
The Linux Kernel, the operating system core itself, with support for
|
||||
Microsoft Surface.
|
||||
|
||||
%package devel
|
||||
Summary: Development package for building kernel modules for kernel-surface
|
||||
AutoReqProv: no
|
||||
Provides: installonlypkg(kernel-surface)
|
||||
Provides: kernel-devel-uname-r = %{kernel_name}
|
||||
|
||||
%description devel
|
||||
This package provides kernel headers and makefiles sufficient to build modules
|
||||
against the kernel-surface package.
|
||||
|
||||
%prep
|
||||
%autosetup -S git -n linux-fedora-%{kernel_tag}
|
||||
|
||||
# Fix missing Makefile.rhelver
|
||||
touch Makefile.rhelver
|
||||
|
||||
scripts/kconfig/merge_config.sh \
|
||||
fedora/configs/%{kernel_config} \
|
||||
%{SOURCE1} \
|
||||
%{SOURCE2}
|
||||
|
||||
echo $((%{kernel_release} - 1)) > .version
|
||||
|
||||
# Copy secureboot certificates if they are available
|
||||
%if %{with signkernel}
|
||||
mkdir -p keys
|
||||
cp %{SOURCE20} keys/MOK.crt
|
||||
cp %{SOURCE21} keys/MOK.key
|
||||
%endif
|
||||
|
||||
# This Prevents scripts/setlocalversion from mucking with our version numbers.
|
||||
touch .scmversion
|
||||
|
||||
# Mangle /usr/bin/python shebangs to /usr/bin/python3
|
||||
# Mangle all Python shebangs to be Python 3 explicitly
|
||||
# -p preserves timestamps
|
||||
# -n prevents creating ~backup files
|
||||
# -i specifies the interpreter for the shebang
|
||||
# This fixes errors such as
|
||||
# *** ERROR: ambiguous python shebang in /usr/bin/kvm_stat: #!/usr/bin/python. Change it to python3 (or python2) explicitly.
|
||||
# We patch all sources below for which we got a report/error.
|
||||
pathfix.py -i "%{__python3} %{py3_shbang_opts}" -p -n \
|
||||
tools/kvm/kvm_stat/kvm_stat \
|
||||
scripts/show_delta \
|
||||
scripts/diffconfig \
|
||||
scripts/bloat-o-meter \
|
||||
scripts/jobserver-exec \
|
||||
tools \
|
||||
Documentation \
|
||||
scripts/clang-tools
|
||||
|
||||
%build
|
||||
|
||||
# This ensures build-ids are unique to allow parallel debuginfo
|
||||
perl -p -i -e "s/^CONFIG_BUILD_SALT.*/CONFIG_BUILD_SALT=\"%{kernel_name}\"/" .config
|
||||
|
||||
make %{?_smp_mflags} all LOCALVERSION=-%{kernel_localversion} ARCH=%{_target_cpu}
|
||||
|
||||
%define __modsign_install_post \
|
||||
%{SOURCE100} certs/signing_key.pem certs/signing_key.x509 %{kernel_modpath} \
|
||||
find %{kernel_modpath} -type f -name '*.ko' | %{SOURCE101} %{?_smp_mflags}; \
|
||||
%{nil}
|
||||
|
||||
#
|
||||
# Disgusting hack alert! We need to ensure we sign modules *after* all
|
||||
# invocations of strip occur.
|
||||
#
|
||||
%define __spec_install_post \
|
||||
%{?__debug_package:%{__debug_install_post}}\
|
||||
%{__arch_install_post}\
|
||||
%{__os_install_post}\
|
||||
%{__modsign_install_post}
|
||||
|
||||
%install
|
||||
mkdir -p %{buildroot}/boot
|
||||
|
||||
# Install modules
|
||||
make %{?_smp_mflags} INSTALL_MOD_PATH=%{buildroot} modules_install KERNELRELEASE=%{kernel_name}
|
||||
|
||||
# Install vmlinuz
|
||||
image_name=$(make -s image_name)
|
||||
install -m 755 $image_name %{buildroot}/boot/vmlinuz-%{kernel_name}
|
||||
install -m 755 $image_name %{kernel_modpath}/vmlinuz
|
||||
|
||||
# Install System.map and .config
|
||||
install -m 644 System.map %{kernel_modpath}/System.map
|
||||
install -m 644 System.map %{buildroot}/boot/System.map-%{kernel_name}
|
||||
install -m 644 .config %{kernel_modpath}/config
|
||||
install -m 644 .config %{buildroot}/boot/config-%{kernel_name}
|
||||
|
||||
# hmac sign the kernel for FIPS
|
||||
sha512hmac %{buildroot}/boot/vmlinuz-%{kernel_name} | sed -e "s,%{buildroot},," > %{kernel_modpath}/.vmlinuz.hmac
|
||||
cp %{kernel_modpath}/.vmlinuz.hmac %{buildroot}/boot/.vmlinuz-%{kernel_name}.hmac
|
||||
|
||||
# mark modules executable so that strip-to-file can strip them
|
||||
find %{kernel_modpath} -name "*.ko" -type f | xargs --no-run-if-empty chmod u+x
|
||||
|
||||
# Setup directories for -devel files
|
||||
rm -f %{kernel_modpath}/build
|
||||
rm -f %{kernel_modpath}/source
|
||||
mkdir -p %{kernel_modpath}/build
|
||||
pushd %{kernel_modpath}
|
||||
ln -s build source
|
||||
popd
|
||||
|
||||
# first copy everything
|
||||
cp --parents $(find -type f -name "Makefile*" -o -name "Kconfig*") %{kernel_modpath}/build
|
||||
cp Module.symvers %{kernel_modpath}/build
|
||||
cp System.map %{kernel_modpath}/build
|
||||
if [ -s Module.markers ]; then
|
||||
cp Module.markers %{kernel_modpath}/build
|
||||
fi
|
||||
|
||||
# then drop all but the needed Makefiles/Kconfig files
|
||||
rm -rf %{kernel_modpath}/build/scripts
|
||||
rm -rf %{kernel_modpath}/build/include
|
||||
cp .config %{kernel_modpath}/build
|
||||
cp -a scripts %{kernel_modpath}/build
|
||||
rm -rf %{kernel_modpath}/build/scripts/tracing
|
||||
rm -f %{kernel_modpath}/build/scripts/spdxcheck.py
|
||||
|
||||
if [ -f tools/objtool/objtool ]; then
|
||||
cp -a tools/objtool/objtool %{kernel_modpath}/build/tools/objtool/ || :
|
||||
|
||||
# these are a few files associated with objtool
|
||||
cp -a --parents tools/build/Build.include %{kernel_modpath}/build/
|
||||
cp -a --parents tools/build/Build %{kernel_modpath}/build/
|
||||
cp -a --parents tools/build/fixdep.c %{kernel_modpath}/build/
|
||||
cp -a --parents tools/scripts/utilities.mak %{kernel_modpath}/build/
|
||||
|
||||
# also more than necessary but it's not that many more files
|
||||
cp -a --parents tools/objtool/* %{kernel_modpath}/build/
|
||||
cp -a --parents tools/lib/str_error_r.c %{kernel_modpath}/build/
|
||||
cp -a --parents tools/lib/string.c %{kernel_modpath}/build/
|
||||
cp -a --parents tools/lib/subcmd/* %{kernel_modpath}/build/
|
||||
fi
|
||||
|
||||
if [ -d arch/x86/scripts ]; then
|
||||
cp -a arch/x86/scripts %{kernel_modpath}/build/arch/x86/ || :
|
||||
fi
|
||||
|
||||
if [ -f arch/x86/*lds ]; then
|
||||
cp -a arch/x86/*lds %{kernel_modpath}/build/arch/x86/ || :
|
||||
fi
|
||||
|
||||
if [ -f arch/x86/kernel/module.lds ]; then
|
||||
cp -a --parents arch/x86/kernel/module.lds %{kernel_modpath}/build/
|
||||
fi
|
||||
|
||||
rm -f %{kernel_modpath}/build/scripts/*.o
|
||||
rm -f %{kernel_modpath}/build/scripts/*/*.o
|
||||
|
||||
if [ -d arch/x86/include ]; then
|
||||
cp -a --parents arch/x86/include %{kernel_modpath}/build/
|
||||
fi
|
||||
|
||||
cp -a include %{kernel_modpath}/build/include
|
||||
|
||||
# files for 'make prepare' to succeed with kernel-devel
|
||||
cp -a --parents arch/x86/entry/syscalls/syscall_32.tbl %{kernel_modpath}/build/
|
||||
cp -a --parents arch/x86/entry/syscalls/syscall_64.tbl %{kernel_modpath}/build/
|
||||
cp -a --parents arch/x86/tools/relocs_32.c %{kernel_modpath}/build/
|
||||
cp -a --parents arch/x86/tools/relocs_64.c %{kernel_modpath}/build/
|
||||
cp -a --parents arch/x86/tools/relocs.c %{kernel_modpath}/build/
|
||||
cp -a --parents arch/x86/tools/relocs_common.c %{kernel_modpath}/build/
|
||||
cp -a --parents arch/x86/tools/relocs.h %{kernel_modpath}/build/
|
||||
|
||||
cp -a --parents scripts/syscalltbl.sh %{kernel_modpath}/build/
|
||||
cp -a --parents scripts/syscallhdr.sh %{kernel_modpath}/build/
|
||||
|
||||
# Yes this is more includes than we probably need. Feel free to sort out
|
||||
# dependencies if you so choose.
|
||||
cp -a --parents tools/include/* %{kernel_modpath}/build/
|
||||
cp -a --parents arch/x86/purgatory/purgatory.c %{kernel_modpath}/build/
|
||||
cp -a --parents arch/x86/purgatory/stack.S %{kernel_modpath}/build/
|
||||
cp -a --parents arch/x86/purgatory/setup-x86_64.S %{kernel_modpath}/build/
|
||||
cp -a --parents arch/x86/purgatory/entry64.S %{kernel_modpath}/build/
|
||||
cp -a --parents arch/x86/boot/string.h %{kernel_modpath}/build/
|
||||
cp -a --parents arch/x86/boot/string.c %{kernel_modpath}/build/
|
||||
cp -a --parents arch/x86/boot/ctype.h %{kernel_modpath}/build/
|
||||
|
||||
# Make sure the Makefile, version.h, and auto.conf have a matching
|
||||
# timestamp so that external modules can be built
|
||||
|
||||
touch -r %{kernel_modpath}/build/Makefile \
|
||||
%{kernel_modpath}/build/include/generated/uapi/linux/version.h \
|
||||
%{kernel_modpath}/build/include/config/auto.conf
|
||||
|
||||
mkdir -p %{buildroot}/usr/src/kernels
|
||||
mv %{kernel_modpath}/build %{buildroot}/usr/src/kernels/%{kernel_name}
|
||||
|
||||
# This is going to create a broken link during the build, but we don't use
|
||||
# it after this point. We need the link to actually point to something
|
||||
# when kernel-devel is installed, and a relative link doesn't work across
|
||||
# the F17 UsrMove feature.
|
||||
ln -sf /usr/src/kernels/%{kernel_name} %{kernel_modpath}/build
|
||||
|
||||
# prune junk from kernel-devel
|
||||
find %{buildroot}/usr/src/kernels -name ".*.cmd" -delete
|
||||
|
||||
# remove files that will be auto generated by depmod at rpm -i time
|
||||
pushd %{kernel_modpath}
|
||||
rm -f modules.{alias*,builtin.bin,dep*,*map,symbols*,devname,softdep}
|
||||
popd
|
||||
|
||||
# build a BLS config for this kernel
|
||||
cat >%{kernel_modpath}/bls.conf <<EOF
|
||||
title Fedora (%{kernel_name}) %{fedora_title}
|
||||
version %{kernel_name}
|
||||
linux /vmlinuz-%{kernel_name}
|
||||
initrd /initramfs-%{kernel_name}.img
|
||||
options \$kernelopts
|
||||
grub_users \$grub_users
|
||||
grub_arg --unrestricted
|
||||
grub_class kernel
|
||||
EOF
|
||||
|
||||
%clean
|
||||
rm -rf %{buildroot}
|
||||
|
||||
%posttrans
|
||||
/bin/kernel-install add %{kernel_name} /lib/modules/%{kernel_name}/vmlinuz || exit $?
|
||||
|
||||
%preun
|
||||
/bin/kernel-install remove %{kernel_name} /lib/modules/%{kernel_name}/vmlinuz || exit $?
|
||||
|
||||
%files
|
||||
%defattr (-, root, root)
|
||||
/lib/modules/%{kernel_name}
|
||||
%ghost /boot/vmlinuz-%{kernel_name}
|
||||
%ghost /boot/config-%{kernel_name}
|
||||
%ghost /boot/System.map-%{kernel_name}
|
||||
%ghost /boot/.vmlinuz-%{kernel_name}.hmac
|
||||
|
||||
%files devel
|
||||
%defattr (-, root, root)
|
||||
/usr/src/kernels/%{kernel_name}
|
||||
|
||||
%changelog
|
||||
* Thu Jan 09 2020 Dorian Stoll <dorian.stoll@tmsp.io>
|
||||
- Initial version
|
||||
|
|
@ -1,36 +0,0 @@
|
|||
#! /bin/bash
|
||||
|
||||
# The modules_sign target checks for corresponding .o files for every .ko that
|
||||
# is signed. This doesn't work for package builds which re-use the same build
|
||||
# directory for every flavour, and the .config may change between flavours.
|
||||
# So instead of using this script to just sign lib/modules/$KernelVer/extra,
|
||||
# sign all .ko in the buildroot.
|
||||
|
||||
# This essentially duplicates the 'modules_sign' Kbuild target and runs the
|
||||
# same commands for those modules.
|
||||
|
||||
MODSECKEY=$1
|
||||
MODPUBKEY=$2
|
||||
|
||||
moddir=$3
|
||||
|
||||
modules=`find $moddir -name *.ko`
|
||||
|
||||
for mod in $modules
|
||||
do
|
||||
dir=`dirname $mod`
|
||||
file=`basename $mod`
|
||||
|
||||
./scripts/sign-file sha256 ${MODSECKEY} ${MODPUBKEY} ${dir}/${file}
|
||||
rm -f ${dir}/${file}.{sig,dig}
|
||||
done
|
||||
|
||||
RANDOMMOD=$(find $moddir -type f -name '*.ko' | sort -R | head -n 1)
|
||||
if [ "~Module signature appended~" != "$(tail -c 28 $RANDOMMOD)" ]; then
|
||||
echo "*****************************"
|
||||
echo "*** Modules are unsigned! ***"
|
||||
echo "*****************************"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
|
@ -1,26 +0,0 @@
|
|||
#!/bin/sh
|
||||
# Reads filenames on stdin, xz-compresses each in place.
|
||||
# Not optimal for "compress relatively few, large files" scenario!
|
||||
|
||||
# How many xz's to run in parallel:
|
||||
procgroup=""
|
||||
while test "$#" != 0; do
|
||||
# Get it from -jNUM
|
||||
N="${1#-j}"
|
||||
if test "$N" = "$1"; then
|
||||
# Not -j<something> - warn and ignore
|
||||
echo "parallel_xz: warning: unrecognized argument: '$1'"
|
||||
else
|
||||
procgroup="$N"
|
||||
fi
|
||||
shift
|
||||
done
|
||||
|
||||
# If told to use only one cpu:
|
||||
test "$procgroup" || exec xargs -r xz
|
||||
test "$procgroup" = 1 && exec xargs -r xz
|
||||
|
||||
# xz has some startup cost. If files are really small,
|
||||
# this cost might be significant. To combat this,
|
||||
# process several files (in sequence) by each xz process via -n 16:
|
||||
exec xargs -r -n 16 -P $procgroup xz
|
||||
Loading…
Reference in a new issue