Dustin C. Hatch
2b7954bb52
It turns out, everything is already in place to enable kernel module signing. All that's necessary is to provide a certificate and private key at the correct path; if those are present, the modules files will be signed during `modules_install`.
26 lines
724 B
Bash
26 lines
724 B
Bash
#!/bin/sh
|
|
|
|
if [ $(id -u) -eq 0 ]; then
|
|
kver=$(rpm -q --qf %{VERSION}-%{RELEASE}.%{ARCH} kernel-devel)
|
|
ln -s "${SIGNING_KEY}" /usr/src/kernels/${kver}/certs/signing_key.x509
|
|
ln -s "${SIGNING_KEY}" /usr/src/kernels/${kver}/certs/signing_key.pem
|
|
|
|
exec setpriv --clear-groups --reuid 1000 --regid 1000 --inh-caps=-all \
|
|
sh -ex ci/build.sh
|
|
fi
|
|
|
|
git_rev=$(
|
|
sed -nr '/^%global git_revision_full/s/.* ([a-z0-9]{40})$/\1/p' \
|
|
gasket-driver.spec
|
|
)
|
|
curl -fL \
|
|
-o gasket-driver-${git_rev}.tar.gz \
|
|
https://github.com/google/gasket-driver/archive/${git_rev}.tar.gz
|
|
|
|
rpmbuild \
|
|
-D "_topdir ${PWD}" \
|
|
-D '_sourcedir %{_topdir}' \
|
|
-ba gasket-driver.spec
|
|
|
|
ln RPMS/*/*.rpm SRPMS/*.rpm .
|