7eb6754956
Support generating module/kernel signature with openEuler signature platform: 1. Insert openEuler kernel certificate into trusted keyring. 2. Sign kernel modules and kernel image with openEuler signature platform when the RPM macro openEuler_sign_rsa is set. Signed-off-by: Jin Lun <jinlun@huawei.com>
33 lines
661 B
Bash
33 lines
661 B
Bash
#! /bin/bash
|
|
|
|
sign_module()
|
|
{
|
|
sh /usr/lib/rpm/brp-ebs-sign --module $1 &> /dev/null
|
|
mv $1.sig $1
|
|
}
|
|
|
|
sign_module_list()
|
|
{
|
|
IFS=$'\n'
|
|
for m in $1; do
|
|
sign_module $m &
|
|
done
|
|
wait
|
|
}
|
|
|
|
moddir=$1
|
|
find $moddir -name *.ko > module_openeuler_unsign.list
|
|
row_num=`wc -l module_openeuler_unsign.list | awk '{print $1}'`
|
|
for((i=1;i<$row_num;i+=10)); do
|
|
IFS=""
|
|
sign_module_list $(sed -n "$i,$((i+9))p" module_openeuler_unsign.list)
|
|
done
|
|
|
|
RANDOMMOD=$(find $moddir -type f -name '*.ko' | sort -R | tail -n 1)
|
|
if [ "~Module signature appended~" != "$(tail -c 28 $RANDOMMOD)" ]; then
|
|
echo "*** Modules are unsigned! ***"
|
|
exit 1
|
|
fi
|
|
|
|
exit 0
|