From: "'Cetin, Gokhan' via isar-users" <isar-users@googlegroups.com>
To: "isar-users@googlegroups.com" <isar-users@googlegroups.com>
Cc: "quirin.gylstorff@siemens.com" <quirin.gylstorff@siemens.com>,
"MOESSBAUER, Felix" <felix.moessbauer@siemens.com>
Subject: [PATCH] meta/recipes-kernel/linux-module: Allow use of external scripts to sign modules
Date: Mon, 20 Jan 2025 18:23:53 +0000 [thread overview]
Message-ID: <PRAPR10MB5422842E3C1E3945109CA50680E72@PRAPR10MB5422.EURPRD10.PROD.OUTLOOK.COM> (raw)
This facilitates the integration of scripts developed for signing solutions like HSM
where private keys are not accessible and allows the use of detached signatures
produced by such solutions.
Signed-off-by: Gokhan Cetin <gokhan.cetin@siemens.com>
---
meta/recipes-kernel/linux-module/files/debian/rules.tmpl | 4 ++++
meta/recipes-kernel/linux-module/module.inc | 2 ++
2 files changed, 6 insertions(+)
diff --git a/meta/recipes-kernel/linux-module/files/debian/rules.tmpl b/meta/recipes-kernel/linux-module/files/debian/rules.tmpl
index ad743437..30d7ce0f 100755
--- a/meta/recipes-kernel/linux-module/files/debian/rules.tmpl
+++ b/meta/recipes-kernel/linux-module/files/debian/rules.tmpl
@@ -56,6 +56,10 @@ endif
ifneq ($(filter pkg.sign,$(DEB_BUILD_PROFILES)),)
find . -name "*.ko" -print -exec $(KDIR)/scripts/sign-file ${SIGNATURE_HASHFN} ${SIGNATURE_KEYFILE} ${SIGNATURE_CERTFILE} {} \;
endif
+ifneq ($(filter pkg.signwith,$(DEB_BUILD_PROFILES)),)
+ find . -name "*.ko" | xargs -i ${SIGNATURE_SIGNWITH} {} {}.signature ${SIGNATURE_HASHFN} ${SIGNATURE_CERTFILE}
+ find . -name "*.ko" | xargs -i $(KDIR)/scripts/sign-file -s {}.signature ${SIGNATURE_HASHFN} ${SIGNATURE_CERTFILE} {}
+endif
override_dh_auto_install:
$(MAKE) -C $(KDIR) M=${MODULE_DIR} INSTALL_MOD_PATH=$(PWD)/debian/${PN} modules_install
diff --git a/meta/recipes-kernel/linux-module/module.inc b/meta/recipes-kernel/linux-module/module.inc
index 3e8e5e7a..d7432bf7 100644
--- a/meta/recipes-kernel/linux-module/module.inc
+++ b/meta/recipes-kernel/linux-module/module.inc
@@ -25,6 +25,7 @@ DEB_BUILD_OPTIONS += "noautodbgsym"
SIGNATURE_KEYFILE ??= ""
SIGNATURE_CERTFILE ??= ""
SIGNATURE_HASHFN ??= "sha256"
+SIGNATURE_SIGNWITH ??= ""
SRC_URI += "file://debian/"
@@ -57,6 +58,7 @@ TEMPLATE_VARS += " \
SIGNATURE_KEYFILE \
SIGNATURE_CERTFILE \
SIGNATURE_HASHFN \
+ SIGNATURE_SIGNWITH \
PN \
DEBIAN_COMPAT"
--
2.39.2
--
You received this message because you are subscribed to the Google Groups "isar-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to isar-users+unsubscribe@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/isar-users/PRAPR10MB5422842E3C1E3945109CA50680E72%40PRAPR10MB5422.EURPRD10.PROD.OUTLOOK.COM.
next reply other threads:[~2025-01-20 19:14 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-20 18:23 'Cetin, Gokhan' via isar-users [this message]
2025-01-21 9:23 ` 'MOESSBAUER, Felix' via isar-users
2025-01-21 9:37 ` 'Jan Kiszka' via isar-users
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=PRAPR10MB5422842E3C1E3945109CA50680E72@PRAPR10MB5422.EURPRD10.PROD.OUTLOOK.COM \
--to=isar-users@googlegroups.com \
--cc=felix.moessbauer@siemens.com \
--cc=gokhan.cetin@siemens.com \
--cc=quirin.gylstorff@siemens.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox