diff options
| author | Kyle McMartin <kyle@mcmartin.ca> | 2013-03-28 15:01:42 -0400 |
|---|---|---|
| committer | Kyle McMartin <kyle@mcmartin.ca> | 2013-03-28 16:33:21 -0400 |
| commit | 63cb38bed692a52a79e33f41bfe42c277e578712 (patch) | |
| tree | c1f407308e9dba3c4d2693733fd8c355bcb1439f | |
| parent | 60044b936a1178047fdd938c5eac81b5d1ee2ded (diff) | |
| download | kernel-63cb38bed692a52a79e33f41bfe42c277e578712.tar.gz kernel-63cb38bed692a52a79e33f41bfe42c277e578712.tar.xz kernel-63cb38bed692a52a79e33f41bfe42c277e578712.zip | |
simplify the signing stuff now that sign-file takes pub/priv key args
also fix %{with_*} tests (which jan stancek sent for rhel, thanks!)
| -rw-r--r-- | kernel.spec | 24 | ||||
| -rwxr-xr-x | mod-sign.sh | 12 |
2 files changed, 13 insertions, 23 deletions
diff --git a/kernel.spec b/kernel.spec index 57fcf0cc5..3b92c23e9 100644 --- a/kernel.spec +++ b/kernel.spec @@ -1885,25 +1885,17 @@ find Documentation -type d | xargs chmod u+w %define __modsign_install_post \ if [ "%{signmodules}" == "1" ]; then \ - if [ "%{with_pae}" != "0" ]; then \ - mv signing_key.priv.sign.PAE signing_key.priv \ - mv signing_key.x509.sign.PAE signing_key.x509 \ - %{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAE/ \ + if [ "%{with_pae}" -ne "0" ]; then \ + %{modsign_cmd} signing_key.priv.sign.PAE signing_key.x509.sign.PAE $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAE/ \ fi \ - if [ "%{with_debug}" != "0" ]; then \ - mv signing_key.priv.sign.debug signing_key.priv \ - mv signing_key.x509.sign.debug signing_key.x509 \ - %{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.debug/ \ + if [ "%{with_debug}" -ne "0" ]; then \ + %{modsign_cmd} signing_key.priv.sign.debug signing_key.x509.sign.debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.debug/ \ fi \ - if [ "%{with_pae_debug}" != "0" ]; then \ - mv signing_key.priv.sign.PAEdebug signing_key.priv \ - mv signing_key.x509.sign.PAEdebug signing_key.x509 \ - %{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAEdebug/ \ + if [ "%{with_pae_debug}" -ne "0" ]; then \ + %{modsign_cmd} signing_key.priv.sign.PAEdebug signing_key.x509.sign.PAEdebug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAEdebug/ \ fi \ - if [ "%{with_up}" != "0" ]; then \ - mv signing_key.priv.sign signing_key.priv \ - mv signing_key.x509.sign signing_key.x509 \ - %{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \ + if [ "%{with_up}" != -ne "0" ]; then \ + %{modsign_cmd} signing_key.priv.sign signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \ fi \ fi \ %{nil} diff --git a/mod-sign.sh b/mod-sign.sh index 0e7b58c5c..5081e77dc 100755 --- a/mod-sign.sh +++ b/mod-sign.sh @@ -9,21 +9,19 @@ # This essentially duplicates the 'modules_sign' Kbuild target and runs the # same commands for those modules. -moddir=$1 +MODSECKEY=$1 +MODPUBKEY=$2 -modules=`find $moddir -name *.ko` +moddir=$3 -MODSECKEY="./signing_key.priv" -MODPUBKEY="./signing_key.x509" +modules=`find $moddir -name *.ko` for mod in $modules do dir=`dirname $mod` file=`basename $mod` - ./scripts/sign-file sha256 ${MODSECKEY} ${MODPUBKEY} ${dir}/${file} \ - ${dir}/${file}.signed - mv ${dir}/${file}.signed ${dir}/${file} + ./scripts/sign-file sha256 ${MODSECKEY} ${MODPUBKEY} ${dir}/${file} rm -f ${dir}/${file}.{sig,dig} done |