linux-source: Fix up module signing configuration in included kernel config files
Our signing certificate isn't included in the source tarball and would be pointless to include in custom kernels. Custom kernels also won't have a separate signing stage. So remove our settings for CONFIG_MODULE_SIG_ALL, CONFIG_MODULE_SIG_KEY and CONFIG_SYSTEM_TRUSTED_KEYS. This should cause custom kernels based on the included configs to follow the upstream default for signing, which is to use a new key pair for each build.
This commit is contained in:
parent
56d41759a0
commit
35602a868b
|
@ -119,6 +119,8 @@ linux (4.5.2-1) UNRELEASED; urgency=medium
|
|||
SND_SOC_INTEL_SKL_RT286_MACH, SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH,
|
||||
SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH as modules
|
||||
* module: Invalidate signatures on force-loaded modules
|
||||
* linux-source: Fix up module signing configuration in included kernel
|
||||
config files
|
||||
|
||||
[ Aurelien Jarno ]
|
||||
* [mips*] Emulate unaligned LDXC1 and SDXC1 instructions.
|
||||
|
|
|
@ -471,8 +471,10 @@ install-source: $(BUILD_DIR)/$(SOURCE_PACKAGE_NAME)-source-$(UPSTREAMVERSION).ta
|
|||
dh_testroot
|
||||
dh_installdirs /usr/src/linux-config-$(UPSTREAMVERSION)
|
||||
dh_install '$^' /usr/src
|
||||
# Include our kernel config files, but with the module signing
|
||||
# configuration fixed to work for custom kernels.
|
||||
for triplet in $(ALL_TRIPLETS); do \
|
||||
xz -c $(BUILD_DIR)/build_$$triplet/.config >debian/$(PACKAGE_NAME)/usr/src/linux-config-$(UPSTREAMVERSION)/config.$$triplet.xz; \
|
||||
sed '/CONFIG_\(MODULE_SIG_\(ALL\|KEY\)\|SYSTEM_TRUSTED_KEYS\)[ =]/d' $(BUILD_DIR)/build_$$triplet/.config | xz -c >debian/$(PACKAGE_NAME)/usr/src/linux-config-$(UPSTREAMVERSION)/config.$$triplet.xz; \
|
||||
done
|
||||
# We don't want to recompress, but -Znone is not compatible with older
|
||||
# tools and is currently rejected by dak. -Zgzip -z0 (uncompressed
|
||||
|
|
Loading…
Reference in New Issue