summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKyle McMartin <kyle@mcmartin.ca>2013-03-28 15:01:42 -0400
committerKyle McMartin <kyle@mcmartin.ca>2013-03-28 16:33:21 -0400
commit63cb38bed692a52a79e33f41bfe42c277e578712 (patch)
treec1f407308e9dba3c4d2693733fd8c355bcb1439f
parent60044b936a1178047fdd938c5eac81b5d1ee2ded (diff)
downloadkernel-63cb38bed692a52a79e33f41bfe42c277e578712.tar.gz
kernel-63cb38bed692a52a79e33f41bfe42c277e578712.tar.xz
kernel-63cb38bed692a52a79e33f41bfe42c277e578712.zip
simplify the signing stuff now that sign-file takes pub/priv key args
also fix %{with_*} tests (which jan stancek sent for rhel, thanks!)
-rw-r--r--kernel.spec24
-rwxr-xr-xmod-sign.sh12
2 files changed, 13 insertions, 23 deletions
diff --git a/kernel.spec b/kernel.spec
index 57fcf0cc5..3b92c23e9 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -1885,25 +1885,17 @@ find Documentation -type d | xargs chmod u+w
%define __modsign_install_post \
if [ "%{signmodules}" == "1" ]; then \
- if [ "%{with_pae}" != "0" ]; then \
- mv signing_key.priv.sign.PAE signing_key.priv \
- mv signing_key.x509.sign.PAE signing_key.x509 \
- %{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAE/ \
+ if [ "%{with_pae}" -ne "0" ]; then \
+ %{modsign_cmd} signing_key.priv.sign.PAE signing_key.x509.sign.PAE $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAE/ \
fi \
- if [ "%{with_debug}" != "0" ]; then \
- mv signing_key.priv.sign.debug signing_key.priv \
- mv signing_key.x509.sign.debug signing_key.x509 \
- %{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.debug/ \
+ if [ "%{with_debug}" -ne "0" ]; then \
+ %{modsign_cmd} signing_key.priv.sign.debug signing_key.x509.sign.debug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.debug/ \
fi \
- if [ "%{with_pae_debug}" != "0" ]; then \
- mv signing_key.priv.sign.PAEdebug signing_key.priv \
- mv signing_key.x509.sign.PAEdebug signing_key.x509 \
- %{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAEdebug/ \
+ if [ "%{with_pae_debug}" -ne "0" ]; then \
+ %{modsign_cmd} signing_key.priv.sign.PAEdebug signing_key.x509.sign.PAEdebug $RPM_BUILD_ROOT/lib/modules/%{KVERREL}.PAEdebug/ \
fi \
- if [ "%{with_up}" != "0" ]; then \
- mv signing_key.priv.sign signing_key.priv \
- mv signing_key.x509.sign signing_key.x509 \
- %{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
+ if [ "%{with_up}" != -ne "0" ]; then \
+ %{modsign_cmd} signing_key.priv.sign signing_key.x509.sign $RPM_BUILD_ROOT/lib/modules/%{KVERREL}/ \
fi \
fi \
%{nil}
diff --git a/mod-sign.sh b/mod-sign.sh
index 0e7b58c5c..5081e77dc 100755
--- a/mod-sign.sh
+++ b/mod-sign.sh
@@ -9,21 +9,19 @@
# This essentially duplicates the 'modules_sign' Kbuild target and runs the
# same commands for those modules.
-moddir=$1
+MODSECKEY=$1
+MODPUBKEY=$2
-modules=`find $moddir -name *.ko`
+moddir=$3
-MODSECKEY="./signing_key.priv"
-MODPUBKEY="./signing_key.x509"
+modules=`find $moddir -name *.ko`
for mod in $modules
do
dir=`dirname $mod`
file=`basename $mod`
- ./scripts/sign-file sha256 ${MODSECKEY} ${MODPUBKEY} ${dir}/${file} \
- ${dir}/${file}.signed
- mv ${dir}/${file}.signed ${dir}/${file}
+ ./scripts/sign-file sha256 ${MODSECKEY} ${MODPUBKEY} ${dir}/${file}
rm -f ${dir}/${file}.{sig,dig}
done