[Rpm-maint] [rpm-software-management/rpm] Don't brp-strip .ko files (#1744)
Michal Domonkos
notifications at github.com
Mon Jul 12 11:25:33 UTC 2021
Otherwise SecureBoot signatures may be stripped too.
We used to exclude shared libraries from this strip as they were
supposed to be covered by another brp script (brp-strip-shared), however
it turned out the latter was never really used, so we removed the
exclusion in commit 0ab151ab138fd4fb6d3176fd0270d9cc6f4623f3.
As it turns out, that was a little too ambitious, since we may now
inadvertently strip SecureBoot signatures from kernel modules too,
provided that they're made during the build, prior to the invocation of
brp-strip.
Note that this regression currently does *not* affect the following two
cases on Fedora/RHEL systems with redhat-rpm-config installed:
- in-tree modules; these are built from kernel.spec which already
contains a hack ensuring that module signing only happens *after*
any stripping (see %__modsign_install_post in kernel.spec)
- out-of-tree modules built with debuginfo enabled; this is because
brp-strip is only called when %debug_package is set to %{nil}
Any other combinations may be affected, depending on the macros and
.spec files used, so let's fix this by effectively "reverting" said
commit for .ko files only.
Fixes: rhbz#1967291
You can view, comment on, or merge this pull request online at:
https://github.com/rpm-software-management/rpm/pull/1744
-- Commit Summary --
* Don't brp-strip .ko files
-- File Changes --
M scripts/brp-strip (2)
-- Patch Links --
https://github.com/rpm-software-management/rpm/pull/1744.patch
https://github.com/rpm-software-management/rpm/pull/1744.diff
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1744
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210712/e0400d87/attachment.html>
More information about the Rpm-maint
mailing list