diff options
Diffstat (limited to '')
-rw-r--r-- | debian/signing_templates/rules.real | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/debian/signing_templates/rules.real b/debian/signing_templates/rules.real new file mode 100644 index 000000000..23df05ccd --- /dev/null +++ b/debian/signing_templates/rules.real @@ -0,0 +1,85 @@ +SHELL := bash -e + +export DH_OPTIONS + +build-indep: + +install-signed: DH_OPTIONS = -p$(PACKAGE_NAME) +install-signed: KERNEL_VERSION = $(ABINAME)$(LOCALVERSION) +install-signed: IMAGE_PACKAGE_NAME = linux-image-$(KERNEL_VERSION)-unsigned +install-signed: PACKAGE_DIR = debian/$(PACKAGE_NAME) +install-signed: SIGNATURE_DIR = debian/signatures/$(IMAGE_PACKAGE_NAME) +install-signed: + mkdir -p $(PACKAGE_DIR)/boot + rsync -a $(patsubst %,/boot/%-$(KERNEL_VERSION),config System.map $(IMAGE_INSTALL_STEM)) \ + $(PACKAGE_DIR)/boot/ + if [ -f $(SIGNATURE_DIR)/boot/vmlinuz-$(KERNEL_VERSION).sig ]; then \ + sbattach --attach $(SIGNATURE_DIR)/boot/vmlinuz-$(KERNEL_VERSION).sig \ + $(PACKAGE_DIR)/boot/vmlinuz-$(KERNEL_VERSION); \ + echo >> debian/$(PACKAGE_NAME).substvars 'signed:Description=The kernel image and modules are signed for use with Secure Boot.'; \ + else \ + echo >> debian/$(PACKAGE_NAME).substvars 'signed:Description=The modules are signed.'; \ + fi + mkdir -p $(PACKAGE_DIR)/lib/modules/$(KERNEL_VERSION) + rsync -a $(addprefix /lib/modules/$(KERNEL_VERSION)/,kernel modules.builtin modules.builtin.modinfo modules.order) \ + $(PACKAGE_DIR)/lib/modules/$(KERNEL_VERSION)/ + while read path; do \ + /usr/lib/linux-kbuild-$(VERSION)/scripts/sign-file -s \ + $(SIGNATURE_DIR)/lib/modules/$(KERNEL_VERSION)/$$path \ + sha256 dummy \ + $(PACKAGE_DIR)/lib/modules/$(KERNEL_VERSION)/$${path%.sig}; \ + done < <(find $(SIGNATURE_DIR)/lib/modules/$(KERNEL_VERSION) -name '*.sig' -printf '%P\n') +# Copy any device tree files + if [ -d /usr/lib/linux-image-$(KERNEL_VERSION) ]; then \ + mkdir -p $(PACKAGE_DIR)/usr/lib/linux-image-$(KERNEL_VERSION); \ + rsync -a /usr/lib/linux-image-$(KERNEL_VERSION)/ \ + $(PACKAGE_DIR)/usr/lib/linux-image-$(KERNEL_VERSION)/; \ + fi +# Copy bug scripts but change the info file to refer to the right package + mkdir -p $(PACKAGE_DIR)/usr/share/bug/$(PACKAGE_NAME) + rsync -a /usr/share/bug/$(IMAGE_PACKAGE_NAME)/ \ + $(PACKAGE_DIR)/usr/share/bug/$(PACKAGE_NAME)/ + sed -i -e 's/^PACKAGE_NAME=.*/PACKAGE_NAME=$(PACKAGE_NAME)/' \ + -e 's/^PACKAGE_VERSION=.*/PACKAGE_VERSION=$(PACKAGE_VERSION)/' \ + $(PACKAGE_DIR)/usr/share/bug/$(PACKAGE_NAME)/info + dh_install + dh_installchangelogs + ln -sf linux-image.NEWS debian/$(PACKAGE_NAME).NEWS + dh_installdocs + dh_compress + dh_fixperms + dh_installdeb +# Copy most package relations and description from unsigned package + for field in Depends Suggests Recommends Breaks; do \ + echo >> debian/$(PACKAGE_NAME).substvars "unsigned:$$field=$$(dpkg-query -f '$${'$$field'}' -W $(IMAGE_PACKAGE_NAME))"; \ + done + echo >> debian/$(PACKAGE_NAME).substvars "unsigned:DescriptionShort=$$(dpkg-query -f '$${Description}' -W $(IMAGE_PACKAGE_NAME) | head -n 1)" + echo >> debian/$(PACKAGE_NAME).substvars "unsigned:DescriptionLong=$$(dpkg-query -f '$${Description}' -W $(IMAGE_PACKAGE_NAME) | tail -n +2 | sed -rz 's/\$$/$${}/g; s/^ //; s/\n \.?/$${Newline}/g')" + dh_gencontrol -- $(GENCONTROL_ARGS) + dh_md5sums + dh_builddeb + +install-meta: DH_OPTIONS = -p$(PACKAGE_NAME) +install-meta: + dh_testdir + dh_prep + dh_bugfiles + dh_installdocs --link-doc=$(LINK_DOC_PACKAGE_NAME) + dh_compress + dh_fixperms + dh_installdeb + dh_gencontrol -- $(GENCONTROL_ARGS) + dh_md5sums + dh_builddeb + +install-udeb_$(ARCH): export KW_DEFCONFIG_DIR=/usr/share/linux-support-$(ABINAME)/installer +install-udeb_$(ARCH): export KW_CONFIG_DIR=/usr/share/linux-support-$(ABINAME)/installer +install-udeb_$(ARCH): DH_OPTIONS=$(PACKAGE_NAMES:%=-p%) +install-udeb_$(ARCH): + dh_testdir + dh_prep + kernel-wedge install-files $(ABINAME) + kernel-wedge check $(PACKAGE_NAMES) + dh_fixperms + dh_gencontrol -- $(GENCONTROL_ARGS) + dh_builddeb |