Home Explore Help
Sign In
funkemunky
/
kernel-longterm
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Branch: master
Branches Tags
kernel-longterm
/
mod-sign.sh

mod-sign.sh 1.1 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637 
  1. #! /bin/bash
    2. 

  2. 

  3. # The modules_sign target checks for corresponding .o files for every .ko that
    4. 

  4. # is signed. This doesn't work for package builds which re-use the same build
    5. 

  5. # directory for every variant, and the .config may change between variants.
    6. 

  6. # So instead of using this script to just sign lib/modules/$KernelVer/extra,
    7. 

  7. # sign all .ko in the buildroot.
    8. 

  8. 

  9. # This essentially duplicates the 'modules_sign' Kbuild target and runs the
    10. 

  10. # same commands for those modules.
    11. 

  11. 

  12. MODSECKEY=$1
    13. 

  13. MODPUBKEY=$2
    14. 

  14. moddir=$3
    15. 

  15. 

  16. modules=$(find "$moddir" -type f -name '*.ko')
    17. 

  17. 

  18. NPROC=$(nproc)
    19. 

  19. [ -z "$NPROC" ] && NPROC=1
    20. 

  20. 

  21. # NB: this loop runs 2000+ iterations. Try to be fast.
    22. 

  22. echo "$modules" | xargs -r -n16 -P "$NPROC" sh -c "
    23. 

  23. for mod; do
    24. 

  24.     ./scripts/sign-file sha256 $MODSECKEY $MODPUBKEY \$mod
    25. 

  25.     rm -f \$mod.sig \$mod.dig
    26. 

  26. done
    27. 

  27. " DUMMYARG0   # xargs appends ARG1 ARG2..., which go into $mod in for loop.
    28. 

  28. 

  29. RANDOMMOD=$(echo "$modules" | sort -R | head -n 1)
    30. 

  30. if [ "~Module signature appended~" != "$(tail -c 28 "$RANDOMMOD")" ]; then
    31. 

  31.     echo "*****************************"
    32. 

  32.     echo "*** Modules are unsigned! ***"
    33. 

  33.     echo "*****************************"
    34. 

  34.     exit 1
    35. 

  35. fi
    36. 

  36. 

  37. exit 0
    38.