diff options
| author | Josh Boyer <jwboyer@redhat.com> | 2012-09-25 12:02:24 -0400 |
|---|---|---|
| committer | Josh Boyer <jwboyer@redhat.com> | 2012-09-25 13:22:04 -0400 |
| commit | f0f4ff23f140d044d079b021da98d819b910f0f9 (patch) | |
| tree | 63df63dfdf530304cba44d78a4aa821dfc150fe3 /mod-extra-sign.sh | |
| parent | 7e6e483520994df2dfc131a0d87305da663e61c5 (diff) | |
| download | kernel-f0f4ff23f140d044d079b021da98d819b910f0f9.tar.gz kernel-f0f4ff23f140d044d079b021da98d819b910f0f9.tar.xz kernel-f0f4ff23f140d044d079b021da98d819b910f0f9.zip | |
Switch to using modsign-post-KS upstream with x509 certs
Diffstat (limited to 'mod-extra-sign.sh')
| -rwxr-xr-x | mod-extra-sign.sh | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/mod-extra-sign.sh b/mod-extra-sign.sh new file mode 100755 index 000000000..a4b2c8cf7 --- /dev/null +++ b/mod-extra-sign.sh @@ -0,0 +1,28 @@ +#! /bin/bash + +# We need to sign modules we've moved from <path>/kernel/ to <path>/extra/ +# during mod-extra processing by hand. The 'modules_sign' Kbuild target can +# "handle" out-of-tree modules, but it does that by not signing them. Plus, +# the modules we've moved aren't actually out-of-tree. We've just shifted +# them to a different location behind Kbuild's back because we are mean. + +# This essentially duplicates the 'modules_sign' Kbuild target and runs the +# same commands for those modules. + +moddir=$1 + +modules=`find $moddir -name *.ko` + +MODSECKEY="./signing_key.priv" +MODPUBKEY="./signing_key.x509" + +for mod in $modules +do + dir=`dirname $mod` + file=`basename $mod` + + sh ./scripts/sign-file ${MODSECKEY} ${MODPUBKEY} ${dir}/${file} \ + ${dir}/${file}.signed + mv ${dir}/${file}.signed ${dir}/${file} + rm -f ${dir}/${file}.{sig,dig} +done |