You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
114 lines
4.4 KiB
114 lines
4.4 KiB
# /etc/rpm/macros.kmodtool: kmodtool keypair sign and zip config. |
|
# |
|
# This file controls signing and zipping modules on the system, included |
|
# akmods ones. |
|
# It uses the rpm macros syntax to define global symbol imported |
|
# directly by kmodtool while rebuilding kmods. |
|
# |
|
# Signing modules |
|
# |
|
# __kmodtool_signmodules can take one of these two values: |
|
# 1 - Modules would be signed when rebuilding modules. |
|
# 0 - No signed modules when rebuilding modules. |
|
# __kmodtool_signmodules_pubkey gives path and name of the public key to |
|
# be used to sign newly build modules. |
|
# __kmodtool_signmodules_privkey gives path and name of the private key to |
|
# be used to sign newly build modules. |
|
# |
|
# __kmodtool_signmodules* macros can be overriden by users and/or |
|
# packagers provided that those values and their dependencies are |
|
# manually checked. Be carefull when modifying these values. To override |
|
# these macros please define these ones in your spec file (one |
|
# underscore as prefix and not two): |
|
# - _kmodtool_signmodules |
|
# - _kmodtool_signmodules_pubkey |
|
# - _kmodtool_signmodules_privkey |
|
# It is also possible to uncomment one or several of the macros provided |
|
# below: |
|
#%%_kmodtool_signmodules 0 |
|
#%%_kmodtool_signmodules 1 |
|
#%%_kmodtool_signmodules_pubkey /path/to/your/public_key.der |
|
#%%_kmodtool_signmodules_privkey /path/to/your/private_key.der |
|
# |
|
# Signing modules is enabled in Fedora kernels for every arches, |
|
# even if kernels are not signed for arches other than |
|
# %%{ix86} x86_64 aarch64. |
|
# |
|
# Sign modules on x86. Make sure the config files match this setting if |
|
# more architectures are added. |
|
%__kmodtool_signmodules %{?_kmodtool_signmodules:%{_kmodtool_signmodules}}%{!?_kmodtool_signmodules:1} |
|
|
|
# This is current keypair enrolled in MOK to sign modules |
|
%__kmodtool_signmodules_pubkey %{?_kmodtool_signmodules_pubkey:%{_kmodtool_signmodules_pubkey}}%{!?_kmodtool_signmodules_pubkey:/etc/pki/akmods/certs/public_key.der} |
|
%__kmodtool_signmodules_privkey %{?_kmodtool_signmodules_privkey:%{_kmodtool_signmodules_privkey}}%{!?_kmodtool_signmodules_privkey:/etc/pki/akmods/private/private_key.priv} |
|
|
|
# Define signing macros |
|
# |
|
%__kmodtool_modsign_cmd %{_rpmconfigdir}/brp-kmodsign |
|
%__kmodtool_modsign_install_post \ |
|
if [ "%{__kmodtool_signmodules}" -eq "1" ] && [ -x %{__kmodtool_modsign_cmd} ] && [ -e %{__kmodtool_signmodules_privkey} ] && [ -e %{__kmodtool_signmodules_pubkey} ] ; then\ |
|
%{__kmodtool_modsign_cmd} %{__kmodtool_signmodules_privkey} %{__kmodtool_signmodules_pubkey} %{buildroot}%{kmodinstdir_prefix}%{__kmodtool_kernel_uname_r}%{kmodinstdir_postfix} /usr/src/kernels/%{__kmodtool_kernel_uname_r}\ |
|
fi\ |
|
%{nil} |
|
|
|
# Zipping modules |
|
# |
|
# __kmodtool_zipmodules can take one of these two values: |
|
# 1 - Modules would be zipped when rebuilding modules. |
|
# 0 - No zipped modules when rebuilding modules. |
|
# |
|
# __kmodtool_zipmodules* macros can be overriden by users and/or packagers |
|
# provided that those values and their dependencies are manually |
|
# checked. Be carefull when modifying these values. To override these |
|
# macros please define these ones in your spec file (one underscore as |
|
# prefix and not two): |
|
# - _kmodtool_zipmodules |
|
# It is also possible to uncomment one of the macros provided below: |
|
#%%_kmodtool_zipmodules 0 |
|
#%%_kmodtool_zipmodules 1 |
|
# |
|
# Zipping modules according to Fedora kernels sources is enabled only |
|
# for arches %%{ix86} x86_64 aarch64. For information zipping kernel |
|
# modules is available since rhel 7.x and fedora 21. |
|
# Settings below conform to this directives. |
|
# |
|
# Zip modules on x86 x86_64 aarch64. Make sure the config files match |
|
# this setting if more architectures are added. |
|
%__kmodtool_zipmodules_arch_ok %( |
|
echo %{ix86} x86_64 aarch64 | grep -qwo %{_arch} |
|
if [ $? -eq 0 ] ; then |
|
echo 1 |
|
else |
|
echo 0 |
|
fi |
|
) |
|
|
|
# Distributions where zipping is enabled by default |
|
%__kmodtool_zipmodules_dist_ok %( |
|
if (( %{?rhel} + 0 > 6 || %{?fedora} + 0 > 20 )) ; then |
|
echo 1 |
|
else |
|
echo 0 |
|
fi |
|
) |
|
|
|
# Put arches and distributions conditions together |
|
%__kmodtool_zipmodules_ok %( |
|
if (( %{?__kmodtool_zipmodules_arch_ok} && %{?__kmodtool_zipmodules_dist_ok} )) ; then |
|
echo 1 |
|
else |
|
echo 0 |
|
fi |
|
) |
|
|
|
# Put them all in place |
|
%__kmodtool_zipmodules %{?_kmodtool_zipmodules:%{_kmodtool_zipmodules}}%{!?_kmodtool_zipmodules:%{?__kmodtool_zipmodules_ok}} |
|
|
|
|
|
# Define zipping macros |
|
# |
|
%__kmodtool_modzip_install_post\ |
|
if [ "%{__kmodtool_zipmodules}" -eq "1" ] ; then\ |
|
find %{buildroot}%{kmodinstdir_prefix}%{__kmodtool_kernel_uname_r}%{kmodinstdir_postfix} -type f -name '*.ko' | xargs xz;\ |
|
fi\ |
|
%{nil}
|
|
|