debian/config: Add config variable to control module signing in linux-signed

- Enable it by default
- Disable it for armel/marvell since signature verification is not enabled.
- Disable it for mips and mipsel so linux-signed can be uploaded without
  waiting for them to build
- Disable it for all architectures not in the main archive, as linux-signed
  won't support them (at least, not initially).

We don't need a variable to control signing of the image, because
we should do that for all flavours that have CONFIG_EFI_STUB=y.

debian/bin/gencontrol.py

@@ -23,6 +23,7 @@ class Gencontrol(Base):
         },
         'build': {
             'debug-info': config.SchemaItemBoolean(),
+            'signed-modules': config.SchemaItemBoolean(),
             'vdso': config.SchemaItemBoolean(),
         },
         'description': {

debian/config/alpha/defines

@@ -4,6 +4,8 @@ kernel-arch: alpha
 
 [build]
 image-file: arch/alpha/boot/vmlinux.gz
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 
 [image]
 suggests: aboot, fdutils

debian/config/armel/defines

@@ -17,6 +17,10 @@ install-stem: vmlinuz
 [relations]
 headers%gcc-5: linux-compiler-gcc-5-arm
 
+[marvell_build]
+# Signature verification disabled to save on code size
+signed-modules: false
+
 [marvell_description]
 hardware: Marvell Kirkwood/Orion
 hardware-long: Marvell Kirkwood based systems (SheevaPlug, QNAP TS-119/TS-219, etc)

debian/config/defines

@@ -31,6 +31,10 @@ featuresets:
  none
  rt
 
+[build]
+# Enable module signing by default (implemented in the linux-signed package)
+signed-modules: true
+
 [featureset-rt_base]
 enabled: false
 

debian/config/hppa/defines

@@ -4,6 +4,8 @@ kernel-arch: parisc
 
 [build]
 image-file: vmlinux
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 
 [image]
 suggests: palo

debian/config/m68k/defines

@@ -6,6 +6,8 @@ kernel-arch: m68k
 
 [build]
 image-file: vmlinux.gz
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 
 [image]
 suggests: vmelilo, fdutils

debian/config/mips/defines

@@ -7,6 +7,8 @@ kernel-arch: mips
 
 [build]
 image-file: vmlinux
+# linux-signed should not wait for slow builds
+signed-modules: false
 
 [image]
 install-stem: vmlinux

debian/config/mips64/defines

@@ -6,6 +6,8 @@ kernel-arch: mips
 
 [build]
 image-file: vmlinux
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 
 [image]
 install-stem: vmlinux

debian/config/mips64el/defines

@@ -7,6 +7,8 @@ kernel-arch: mips
 
 [build]
 image-file: vmlinux
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 
 [image]
 install-stem: vmlinux

debian/config/mipsel/defines

@@ -9,6 +9,8 @@ kernel-arch: mips
 
 [build]
 image-file: vmlinux
+# linux-signed should not wait for slow builds
+signed-modules: false
 
 [image]
 install-stem: vmlinux

debian/config/powerpcspe/defines

@@ -5,6 +5,8 @@ kernel-arch: powerpc
 
 [build]
 image-file: vmlinux
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 vdso: true
 
 [image]

debian/config/ppc64/defines

@@ -5,6 +5,8 @@ kernel-arch: powerpc
 
 [build]
 image-file: vmlinux
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 vdso: true
 
 [image]

debian/config/sh4/defines

@@ -6,6 +6,8 @@ kernel-arch: sh
 
 [build]
 image-file: arch/sh/boot/zImage
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 
 [image]
 suggests: fdutils

debian/config/sparc64/defines

@@ -6,6 +6,8 @@ kernel-arch: sparc
 
 [build]
 image-file: arch/sparc/boot/zImage
+# linux-signed only works for architectures in the main archive
+signed-modules: false
 
 [image]
 configs: