From 391fe055c943e33e9c191dbeeb21995c0d54ccd9 Mon Sep 17 00:00:00 2001
From: Sentry <sentry@Sentry-Desktop-Fedora.local>
Date: Tue, 14 Jul 2020 15:58:43 +0200
Subject: kernel 5.7.8

---
 SOURCES/mod-sign.sh | 37 +++++++++++++++++++++++++++++++++++++
 1 file changed, 37 insertions(+)
 create mode 100755 SOURCES/mod-sign.sh

(limited to 'SOURCES/mod-sign.sh')

diff --git a/SOURCES/mod-sign.sh b/SOURCES/mod-sign.sh
new file mode 100755
index 0000000..ed2bd62
--- /dev/null
+++ b/SOURCES/mod-sign.sh
@@ -0,0 +1,37 @@
+#! /bin/bash
+
+# The modules_sign target checks for corresponding .o files for every .ko that
+# is signed. This doesn't work for package builds which re-use the same build
+# directory for every flavour, and the .config may change between flavours.
+# So instead of using this script to just sign lib/modules/$KernelVer/extra,
+# sign all .ko in the buildroot.
+
+# This essentially duplicates the 'modules_sign' Kbuild target and runs the
+# same commands for those modules.
+
+MODSECKEY=$1
+MODPUBKEY=$2
+moddir=$3
+
+modules=`find $moddir -type f -name '*.ko'`
+
+NPROC=`nproc`
+[ -z "$NPROC" ] && NPROC=1
+
+# NB: this loop runs 2000+ iterations. Try to be fast.
+echo "$modules" | xargs -r -n16 -P $NPROC sh -c "
+for mod; do
+    ./scripts/sign-file sha256 $MODSECKEY $MODPUBKEY \$mod
+    rm -f \$mod.sig \$mod.dig
+done
+" DUMMYARG0   # xargs appends ARG1 ARG2..., which go into $mod in for loop.
+
+RANDOMMOD=$(echo "$modules" | sort -R | head -n 1)
+if [ "~Module signature appended~" != "$(tail -c 28 $RANDOMMOD)" ]; then
+    echo "*****************************"
+    echo "*** Modules are unsigned! ***"
+    echo "*****************************"
+    exit 1
+fi
+
+exit 0
-- 
cgit v1.2.3