[SRU][J][PATCH 1/6] UBUNTU: [Packaging] Move and update signature inclusion list
Stefan Bader
stefan.bader at canonical.com
Fri Dec 16 09:00:43 UTC 2022
On 15.12.22 08:27, Juerg Haefliger wrote:
> BugLink: https://bugs.launchpad.net/bugs/1642368
>
> Move the signature inclusion list from the source tree to the debian/
> directory to keep the upstream source clean. While at it, remove modules
> that are no longer in the staging area.
>
> Signed-off-by: Juerg Haefliger <juergh at canonical.com>
> Acked-by: Tim Gardner <tim.gardner at canonical.com>
> Signed-off-by: Andrea Righi <andrea.righi at canonical.com>
>
> (cherry picked from commit 4ec3305301067590bd5502ae09512883924d3d3f kinetic:linux)
> Signed-off-by: Juerg Haefliger <juerg.haefliger at canonical.com>
> ---
I am a bit ambivalent with this set. On one side I understand that allowing all
staging drivers can be a security problem. On the other hand Jammy was released
that way and retracting signing means a regression for people under secure boot.
So this needs to be considered very carefully. I stumbled over this change which
modifies the list of modules to sign. It comes directly from Kinetic (v5.19) and
drops drivers, claiming those are out of staging. But is this really true for
Jammy (v5.15)?
-Stefan
> {drivers/staging => debian}/signature-inclusion | 7 -------
> 1 file changed, 7 deletions(-)
> rename {drivers/staging => debian}/signature-inclusion (73%)
>
> diff --git a/drivers/staging/signature-inclusion b/debian/signature-inclusion
> similarity index 73%
> rename from drivers/staging/signature-inclusion
> rename to debian/signature-inclusion
> index 7e937c7fc0e3..f919d4dfddfa 100644
> --- a/drivers/staging/signature-inclusion
> +++ b/debian/signature-inclusion
> @@ -2,13 +2,6 @@
> # This file lists the staging drivers that are safe for signing
> # and loading in a secure boot environment with signed module enforcement.
> #
> -exfat.ko
> -rtl8192c-common.ko
> -rtl8192ce.ko
> -rtl8192cu.ko
> -rtl8192de.ko
> -rtl8192ee.ko
> -rtl8192se.ko
> r8188eu.ko
> r8192e_pci.ko
> r8192u_usb.ko
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20221216/556edfee/attachment.sig>
More information about the kernel-team
mailing list