From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shymkent.ilbers.de ([unix socket]) by shymkent (Cyrus 2.5.10-Debian-2.5.10-3+deb9u2) with LMTPA; Thu, 23 Jan 2025 15:52:04 +0100 X-Sieve: CMU Sieve 2.4 Received: from mail-lj1-f187.google.com (mail-lj1-f187.google.com [209.85.208.187]) by shymkent.ilbers.de (8.15.2/8.15.2/Debian-8+deb9u1) with ESMTPS id 50NEq3kf008025 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 23 Jan 2025 15:52:03 +0100 Received: by mail-lj1-f187.google.com with SMTP id 38308e7fff4ca-306294df005sf4427251fa.1 for ; Thu, 23 Jan 2025 06:52:03 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1737643918; cv=pass; d=google.com; s=arc-20240605; b=iysCu1DXX+VeDeEwg9RuKPsaka2FTsd2u2x2LVz5AEbDur4xqlRtsTJjrm9fLgDzOt KttCLarYFT2hwJVkhIBeAKL3uEOa3e+hOtDorumWG6CF5hgfKA0NIAbjZGt/xwmcx9ZH oa+pGPS0u5YtUicDMmi/YfO8ekuQed+94aEOKGbI3xSwp8wKnemH9X1/BImqB26/4hsq RzKGek81X+T4S3BrhexuyKlD2RTIzVGt26440m+V4zTsJQO/fSev6nKPtyufXhUvs6bJ zbirPlPynHGk/2kR6Z3MDQdK/JuSSMTTs/UPcUmry600W3sVwNs0mGFsaO9x9fTaTa9f hDOA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:feedback-id:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=CqDXN/Wc0f1wKPB7hV+7wtOywK0GZaD6deHiSMZbrGA=; fh=mVhux7Ru2FfDWEBFvokyLKbvlFwa/yabcbsYRGmT3gU=; b=V/OHDEnvYxhv1+n8cFwLdzPxhORd5vykZpjS4h2j8915I/uU5EO1z1eo3FYGz/Ue2c 2BSEFBuo6upH3Ziz8P5JrVKADnpfqOGjo/rZSuGXTYV23TMelKzU+bPQVpf1B//AAIWJ wlvOb6FW+JseUH5nTr7FiJwIjAnBBTaKOozoAA72UiL21/eefVzYevavCk+X/d9VpoMC KQYW2Y1n7th4N6E6/Ng+dxcn0KYNvRSyvWjDoePL/l0laJKgk5J4ZnvkVNzyO8WLsvyk hxxwcAt+nEv05GXOHTomuvblmt0kpF5WIm8GdnDDEWa3Bc/u0zEEdDcUZYD8knp5/XQh elTA==; darn=ilbers.de ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=XFJzLZmG; spf=pass (google.com: domain of fm-1328731-2025012314515379d518041ccae1699f-11xy2q@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) smtp.mailfrom=fm-1328731-2025012314515379d518041ccae1699f-11Xy2q@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1737643918; x=1738248718; darn=ilbers.de; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:from:to:cc:subject:date:message-id:reply-to; bh=CqDXN/Wc0f1wKPB7hV+7wtOywK0GZaD6deHiSMZbrGA=; b=SF1QIy3EawGj82npztGH3pnH8aRUFhPP28KqFS8AZzkgiMSBiTBC9ezO/Wx3qoIjCK p3fDDh8TOKkjLcXPyz9fujpg7ljMT8c8oB/WyBfZUPA5/SfYeht+5t5XGtlB6Rp5WLAS WNy6vUqHzWTk/Yd61Qos9PcJgg/Q9ewUHiHGtOS4VQdzs5N/YOVO0Y5gx5dOMTSveTd9 P0Q6GrdK68C8RGUle/cwHq9/z9hJxkeWDJ4F4ABEU7op7ZuoH1EpStzwUFA2Hop2nZQh P0Hw7E0lxfjv9zXI8ekGxMR3vVTSLcti74oEuGSTbWvFw4WGyeZe6Zx2v9yE5ty6vJrp XyPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1737643918; x=1738248718; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :x-spam-checked-in-group:list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender:feedback-id :mime-version:references:in-reply-to:message-id:date:subject:cc:to :from:x-beenthere:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=CqDXN/Wc0f1wKPB7hV+7wtOywK0GZaD6deHiSMZbrGA=; b=JZnDEZBBm/Ul9F+8IgIJUD7nF+51DaJbaBDnmvEaizbc1N/LLjxSkVY7bAgMa+jzhR 3Ta9ttALqD3yaKI6aChDagnELRa1/dG4NKAls1dgHZz52Sxu8Pr39OTcBqL7mfytlDcK O0cjyD6yGvD3K2HTL1FDWTBsRJqYriEr0HarWwbgEntcZil/hZzVFxRmWK7TVFeCWRme SuK0H7IIKzMEfTiDnY0cvOUY9dGQjyZNV6ZYPRvIULov74kG0oiq4fW+fqZQMOx42x9T dT95Y25TYU5/BUrlOD9Xhamw3Fm92lElgJPk0+e4S3glIMPvG3lbw3wEZNyhS2bAnZqo rCKg== X-Forwarded-Encrypted: i=2; AJvYcCVmFrUOu9WrUqmZu2Eb7jvI0iDTWUSayog1yykEuxz50ZUqNuGyz1FI2Ipee1i8AjXD+xgx@ilbers.de X-Gm-Message-State: AOJu0YxhZ3YznycNpIt35RNX7sFaF9NhPNLS41PYrAePHdDFKi01f9RS 06jIwR6kxbu4TgtXGO2WPOprs7G2QCahCFmio774kpNqjieUU/7g X-Google-Smtp-Source: AGHT+IHOLNWpkODgTuX0XAvpLOTf/A7qsH0+wAGhiZU5w5bweaE+1SLakimtBk/ojzkkIATRAqL+uA== X-Received: by 2002:a2e:b5cf:0:b0:2fe:e44d:6162 with SMTP id 38308e7fff4ca-3072cb0def3mr90968461fa.26.1737643916394; Thu, 23 Jan 2025 06:51:56 -0800 (PST) X-BeenThere: isar-users@googlegroups.com Received: by 2002:a05:651c:893:b0:300:35e7:860c with SMTP id 38308e7fff4ca-30761da7e65ls2547871fa.2.-pod-prod-03-eu; Thu, 23 Jan 2025 06:51:54 -0800 (PST) X-Received: by 2002:ac2:5239:0:b0:540:1dca:52bd with SMTP id 2adb3069b0e04-5439c249eb7mr6911835e87.29.1737643913857; Thu, 23 Jan 2025 06:51:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1737643913; cv=none; d=google.com; s=arc-20240605; b=g81vJ8wgddBd6xCBUfCeKeG60cQ2i8Y/Ty8g553jrZvrh7ztB0Ow9HSg2xJ+nOgIcv 7zrekKHgAORfilV36f4DI6W/0yYAzPpOfDxmhoWyWbtIvEeHIGJeDrcigMwYz4zuKDmV 330e6/9SvSFbXgR5ID7g6ksogKFKleNR63B6ciPcKCZ3YPPdlnLxmSWCy1knKwpjYIYu 4s9uBD3H/5xYsmGLi7zU94TalNh9mmkib7zcp1aRfXV5B2okN7EQRURrwcNB0UroMJUH 4NPej+KqXH/FAt710r9shB155bMciRNWNR/OQkApOYz5vwBT6vFG/mg0QAjA509tSmX3 ENaQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=feedback-id:content-transfer-encoding:mime-version:references :in-reply-to:message-id:date:subject:cc:to:from:dkim-signature; bh=pX4n0lE9HWf6JaE/6xUU1DreP1whpIVEmfMrkxzg6BU=; fh=vM67Djwl41RMMQGrNcTm06QnRkAhOnQjK4pKA7dIR+w=; b=hKONIo+yxdQbfR/i2k9R3RdXYA+VElG8SED52i1OW92ImLHH3voR3KnGZILBDv6yje 5t943moCU3lUx9Q/NNoMIt7lxU5zk+PaNO5U1Z1GfScP6z+fvSp90xJpMMgotUAhcit0 xs/Tw1asDe30cmS5YskYAUFi1nXywKRt7MAUyY2hHJqbHEVqIL58b7VvzSQl4QjZtlaU YB7x/d1a4A6pNJaOu1vtxESa7XoLvSfUDxVx1gO12nUkoDiVzVvvG3L96c/O4usO6lMF jXB5K+r/F4pG+ToFAO/00NJDSBH8TpwJk2SobBJeh6QWAarLmrU4vQOievL4zQlNfF+8 UzXQ==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=XFJzLZmG; spf=pass (google.com: domain of fm-1328731-2025012314515379d518041ccae1699f-11xy2q@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) smtp.mailfrom=fm-1328731-2025012314515379d518041ccae1699f-11Xy2q@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com Received: from mta-65-226.siemens.flowmailer.net (mta-65-226.siemens.flowmailer.net. [185.136.65.226]) by gmr-mx.google.com with ESMTPS id 2adb3069b0e04-5439af637f1si371133e87.6.2025.01.23.06.51.53 for (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 23 Jan 2025 06:51:53 -0800 (PST) Received-SPF: pass (google.com: domain of fm-1328731-2025012314515379d518041ccae1699f-11xy2q@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) client-ip=185.136.65.226; Received: by mta-65-226.siemens.flowmailer.net with ESMTPSA id 2025012314515379d518041ccae1699f for ; Thu, 23 Jan 2025 15:51:53 +0100 From: "'Gokhan Cetin' via isar-users" To: isar-users@googlegroups.com Cc: gokhan.cetin@siemens.com, felix.moessbauer@siemens.com Subject: [PATCH 1/3] meta/recipes-kernel/linux-module: Allow use of external scripts to sign modules Date: Thu, 23 Jan 2025 15:51:29 +0100 Message-Id: <20250123145131.1142290-2-gokhan.cetin@siemens.com> In-Reply-To: <20250123145131.1142290-1-gokhan.cetin@siemens.com> References: <20250123145131.1142290-1-gokhan.cetin@siemens.com> MIME-Version: 1.0 X-Flowmailer-Platform: Siemens Feedback-ID: 519:519-1328731:519-21489:flowmailer X-Original-Sender: gokhan.cetin@siemens.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@siemens.com header.s=fm2 header.b=XFJzLZmG; spf=pass (google.com: domain of fm-1328731-2025012314515379d518041ccae1699f-11xy2q@rts-flowmailer.siemens.com designates 185.136.65.226 as permitted sender) smtp.mailfrom=fm-1328731-2025012314515379d518041ccae1699f-11Xy2q@rts-flowmailer.siemens.com; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=siemens.com X-Original-From: Gokhan Cetin Reply-To: Gokhan Cetin Content-Type: text/plain; charset="UTF-8" Precedence: list Mailing-list: list isar-users@googlegroups.com; contact isar-users+owners@googlegroups.com List-ID: X-Spam-Checked-In-Group: isar-users@googlegroups.com X-Google-Group-Id: 914930254986 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_RP_CERTIFIED, RCVD_IN_RP_RNBL,RCVD_IN_RP_SAFE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on shymkent.ilbers.de X-TUID: iWmcCGBtXrJO This facilitates the integration of scripts developed for signing solutions like HSM where private keys are not accessible and allows the use of detached signatures produced by such solutions. Signed-off-by: Gokhan Cetin --- meta/recipes-kernel/linux-module/files/debian/rules.tmpl | 4 ++++ meta/recipes-kernel/linux-module/module.inc | 2 ++ 2 files changed, 6 insertions(+) diff --git a/meta/recipes-kernel/linux-module/files/debian/rules.tmpl b/meta/recipes-kernel/linux-module/files/debian/rules.tmpl index ad743437..30d7ce0f 100755 --- a/meta/recipes-kernel/linux-module/files/debian/rules.tmpl +++ b/meta/recipes-kernel/linux-module/files/debian/rules.tmpl @@ -56,6 +56,10 @@ endif ifneq ($(filter pkg.sign,$(DEB_BUILD_PROFILES)),) find . -name "*.ko" -print -exec $(KDIR)/scripts/sign-file ${SIGNATURE_HASHFN} ${SIGNATURE_KEYFILE} ${SIGNATURE_CERTFILE} {} \; endif +ifneq ($(filter pkg.signwith,$(DEB_BUILD_PROFILES)),) + find . -name "*.ko" | xargs -i ${SIGNATURE_SIGNWITH} {} {}.signature ${SIGNATURE_HASHFN} ${SIGNATURE_CERTFILE} + find . -name "*.ko" | xargs -i $(KDIR)/scripts/sign-file -s {}.signature ${SIGNATURE_HASHFN} ${SIGNATURE_CERTFILE} {} +endif override_dh_auto_install: $(MAKE) -C $(KDIR) M=${MODULE_DIR} INSTALL_MOD_PATH=$(PWD)/debian/${PN} modules_install diff --git a/meta/recipes-kernel/linux-module/module.inc b/meta/recipes-kernel/linux-module/module.inc index 3e8e5e7a..d7432bf7 100644 --- a/meta/recipes-kernel/linux-module/module.inc +++ b/meta/recipes-kernel/linux-module/module.inc @@ -25,6 +25,7 @@ DEB_BUILD_OPTIONS += "noautodbgsym" SIGNATURE_KEYFILE ??= "" SIGNATURE_CERTFILE ??= "" SIGNATURE_HASHFN ??= "sha256" +SIGNATURE_SIGNWITH ??= "" SRC_URI += "file://debian/" @@ -57,6 +58,7 @@ TEMPLATE_VARS += " \ SIGNATURE_KEYFILE \ SIGNATURE_CERTFILE \ SIGNATURE_HASHFN \ + SIGNATURE_SIGNWITH \ PN \ DEBIAN_COMPAT" -- 2.39.2 -- You received this message because you are subscribed to the Google Groups "isar-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/isar-users/20250123145131.1142290-2-gokhan.cetin%40siemens.com.