Your message dated Sun, 01 Jul 2018 02:02:44 +0100 with message-id <12d146c5d46c834df8a150ce87b196e98d8f169a.camel@decadent.org.uk> and subject line Re: linux: building with CONFIG_DEBUG_INFO strips embedded modules signatures has caused the Debian Bug report #852715, regarding linux: building with CONFIG_DEBUG_INFO strips embedded modules signatures to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 852715: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852715 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: "submit@bugs.debian.org" <submit@bugs.debian.org>
- Subject: linux: building with CONFIG_DEBUG_INFO strips embedded modules signatures
- From: Luca Boccassi <luca.boccassi@gmail.com>
- Date: Thu, 26 Jan 2017 18:07:13 +0000
- Message-id: <1485454033.15017.9.camel@gmail.com>
Source: linux Version: 4.9.2-2 Severity: normal Tags: patch Dear maintainer, If building with CONFIG_MODULE_SIG_ALL and CONFIG_DEBUG_INFO the objcopy call that adds the debuglink has the side-effect of removing the signature added to the kernel module, which breaks booting if the option to enforce module signatures is also enabled. The fix is to explicitly sign the installed modules again in that case. A small patch from my colleague Jan Blunck is attached. Thank you! Kind regards, Luca Boccassi From 9e6f694354d25f47b4bcb6656d3eb05fc3351a13 Mon Sep 17 00:00:00 2001 From: Jan Blunck <jblunck@infradead.org> Date: Thu, 26 Jan 2017 17:04:11 +0100 Subject: [PATCH] Fix stripped module signatures if CONFIG_DEBUG_INFO If building with CONFIG_MODULE_SIG_ALL and CONFIG_DEBUG_INFO the objcopy call that adds the debuglink has the side-effect of removing the signature added to the kernel module. Let's explicitly sign the installed modules again in that case. --- debian/rules.real | 3 +++ 1 file changed, 3 insertions(+) diff --git a/debian/rules.real b/debian/rules.real index 868efa3..b818c35 100644 --- a/debian/rules.real +++ b/debian/rules.real @@ -417,6 +417,9 @@ ifeq ($(DEBUG),True) find $(PACKAGE_DIR) -name '*.ko' | sed 's|$(PACKAGE_DIR)/lib/modules/$(REAL_VERSION)/kernel/||' | while read module ; do \ $(CROSS_COMPILE)objcopy --add-gnu-debuglink=$(DIR)/$$module $(PACKAGE_DIR)/lib/modules/$(REAL_VERSION)/kernel/$$module || exit; \ done + +if grep -qs '^CONFIG_MODULE_SIG_ALL=y' $(DIR)/.config; then \ + $(MAKE_CLEAN) -C $(DIR) modules_sign INSTALL_MOD_PATH='$(CURDIR)'/$(PACKAGE_DIR); \ + fi endif cp $(DIR)/.config $(PACKAGE_DIR)/boot/config-$(REAL_VERSION) cp $(DIR)/System.map $(PACKAGE_DIR)/boot/System.map-$(REAL_VERSION) -- 2.1.4Attachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
- To: 852715-done@bugs.debian.org
- Subject: Re: linux: building with CONFIG_DEBUG_INFO strips embedded modules signatures
- From: Ben Hutchings <ben@decadent.org.uk>
- Date: Sun, 01 Jul 2018 02:02:44 +0100
- Message-id: <12d146c5d46c834df8a150ce87b196e98d8f169a.camel@decadent.org.uk>
- In-reply-to: <1485454033.15017.9.camel@gmail.com>
- References: <1485454033.15017.9.camel@gmail.com>
Version: 4.17~rc3-1~exp1 An updated version of this patch was included in the above version. Ben. -- Ben Hutchings Q. Which is the greater problem in the world today, ignorance or apathy? A. I don't know and I couldn't care less.Attachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---