[PATCH 2/3][disco linux] UBUNTU: [Packaging] decompress gzipped efi images in signing tarball

[Andy Whitcroft]

On Tue, Dec 18, 2018 at 09:57:15AM -0600, Seth Forshee wrote:
> BugLink: https://bugs.launchpad.net/bugs/1804481
> 
> The arm64 generic kernel image files are gzipped. For UEFI secure
> boot grub will validate the sigature on the decompressed image,
> so the file in the signing tarbal must also be decompressed. It
> can later be recompressed when building linux-signed.
> 
> Signed-off-by: Seth Forshee <seth.forshee at canonical.com>
> ---
>  debian/rules.d/2-binary-arch.mk | 12 ++++++++++--
>  1 file changed, 10 insertions(+), 2 deletions(-)
> 
> diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
> index 61805f69e3fc..60d1dd510174 100644
> --- a/debian/rules.d/2-binary-arch.mk
> +++ b/debian/rules.d/2-binary-arch.mk
> @@ -120,8 +120,16 @@ endif
>  
>  ifeq ($(uefi_signed),true)
>  	install -d $(signingv)
> -	cp -p $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \
> -		$(signingv)/$(instfile)-$(abi_release)-$*.efi;
> +	# We use Image.gz for arm64; detect and decompress for signing
> +	if [[ "$(kernfile)" =~ \.gz$$ ]]; then \
> +		cat $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* | \
> +			gunzip -cv > $(signingv)/$(instfile)-$(abi_release)-$*.efi; \
Why would this not be

		< $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \
			gunzip -cv > $(signingv)/$(instfile)-$(abi_release)-$*.efi; \

> +		cp -p --attributes-only $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \
> +			$(signingv)/$(instfile)-$(abi_release)-$*.efi; \
> +	else \
> +		cp -p $(pkgdir_bin)/boot/$(instfile)-$(abi_release)-$* \
> +			$(signingv)/$(instfile)-$(abi_release)-$*.efi; \
> +	fi
>  endif
>  ifeq ($(opal_signed),true)
>  	install -d $(signingv)

-apw