UBUNTU: [Packaging] Fix module signing with older modinfo

BugLink: https://bugs.launchpad.net/bugs/1852581 Not all versions of modinfo support the signer field; specifically, the version in boinic does not. This leaves all modules unsigned in hwe kernels based on eoan and later. Change the check to look for the magic string at the end of the module, which does not rely on any external tools being aware of module signatures. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Acked-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com> Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com> Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
mariux64 · Dec 5, 2019 · bd72bd1 · bd72bd1
1 parent ea803bd
commit bd72bd1
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
@@ -413,12 +413,12 @@ ifneq ($(skipdbg),true)
 	  -name '*.ko' | while read path_module ; do \
 		module="/lib/modules/$${path_module#*/lib/modules/}"; \
 		if [[ -f "$(dbgpkgdir)/usr/lib/debug/$$module" ]] ; then \
-			signer=$$(/sbin/modinfo -F signer "$$path_module"); \
+			signature=$$(tail -c 28 "$$path_module"); \
 			$(CROSS_COMPILE)objcopy \
 				--add-gnu-debuglink=$(dbgpkgdir)/usr/lib/debug/$$module \
 				$$path_module; \
 			if grep -q CONFIG_MODULE_SIG=y $(builddir)/build-$*/.config && \
-			   [ -n "$$signer" ]; then \
+			   [ "$$signature" = "~Module signature appended~" ]; then \
 				$(builddir)/build-$*/scripts/sign-file $(MODHASHALGO) \
 					$(MODSECKEY) \
 					$(MODPUBKEY) \