meta-integrity: kernel-modsign: prevents splitting out debug symbols

Starting with [1] kernel modules symbols is being slipped in OE-core and this breaks the kernel modules sign, so disable it. [1] https://git.openembedded.org/openembedded-core/commit/?id=e09a8fa931fe617afc05bd5e00dca5dd3fe386e8 Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Jose Quaresma <quaresma.jose@gmail.com> 2022-06-27 13:02:47 +0100
committer: Armin Kuster <akuster808@gmail.com> 2022-07-05 19:26:50 -0400
commit: c1c80cf0c0f26215fb252242f0d70f8870916734 (patch)
tree: 7fe246ce2e8d4b1b2cd29ccaa0da2d71350f6a97
parent: 7cff72ef8071dc7871eb1f39c528d8cf5e78c611 (diff)
download: meta-security-c1c80cf0c0f26215fb252242f0d70f8870916734.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/meta-integrity/classes/kernel-modsign.bbclass b/meta-integrity/classes/kernel-modsign.bbclass
index 093c358..d3aa7fb 100644
--- a/meta-integrity/classes/kernel-modsign.bbclass
+++ b/meta-integrity/classes/kernel-modsign.bbclass
@@ -13,7 +13,9 @@ MODSIGN_PRIVKEY ?= "${MODSIGN_KEY_DIR}/privkey_modsign.pem"
 MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt"
 # If this class is enabled, disable stripping signatures from modules
+# as well disable the debug symbols split
 INHIBIT_PACKAGE_STRIP = "1"
+INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
 kernel_do_configure:prepend() {
    if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then
author	Jose Quaresma <quaresma.jose@gmail.com>	2022-06-27 13:02:47 +0100
committer	Armin Kuster <akuster808@gmail.com>	2022-07-05 19:26:50 -0400
commit	c1c80cf0c0f26215fb252242f0d70f8870916734 (patch)
tree	7fe246ce2e8d4b1b2cd29ccaa0da2d71350f6a97
parent	7cff72ef8071dc7871eb1f39c528d8cf5e78c611 (diff)
download	meta-security-c1c80cf0c0f26215fb252242f0d70f8870916734.tar.gz

diff --git a/meta-integrity/classes/kernel-modsign.bbclass b/meta-integrity/classes/kernel-modsign.bbclass index 093c358..d3aa7fb 100644 --- a/meta-integrity/classes/kernel-modsign.bbclass +++ b/meta-integrity/classes/kernel-modsign.bbclass
@@ -13,7 +13,9 @@ MODSIGN_PRIVKEY ?= "${MODSIGN_KEY_DIR}/privkey_modsign.pem"
13	MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt"	13	MODSIGN_X509 ?= "${MODSIGN_KEY_DIR}/x509_modsign.crt"
14		14
15	# If this class is enabled, disable stripping signatures from modules	15	# If this class is enabled, disable stripping signatures from modules
		16	# as well disable the debug symbols split
16	INHIBIT_PACKAGE_STRIP = "1"	17	INHIBIT_PACKAGE_STRIP = "1"
		18	INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
17		19
18	kernel_do_configure:prepend() {	20	kernel_do_configure:prepend() {
19	if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then	21	if [ -f "${MODSIGN_PRIVKEY}" -a -f "${MODSIGN_X509}" ]; then