This patch changed keyring name and kernel module name to run modsign test
correctly.
Current kernel uses .system_keyring as keyring name so test code needs to use
key name .system_keyring instead of module_sign.
Fedora project provides kernel modules as xz archived format.
So, test code should extract a kernel module from an archive file.
---
default/modsign/modsign_tests.sh | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/default/modsign/modsign_tests.sh b/default/modsign/modsign_tests.sh
index b0bab67..63748ad 100755
--- a/default/modsign/modsign_tests.sh
+++ b/default/modsign/modsign_tests.sh
@@ -7,7 +7,7 @@ modsign_check_modules()
# Grab a module to mess around with. We'll pick one that is fairly
# stand-alone and rarely used.
- cp /lib/modules/`uname -r`/kernel/fs/minix/minix.ko .
+ xz -dc /lib/modules/`uname -r`/kernel/fs/minix/minix.ko.xz > minix.ko
# Make sure we have the signed module marker
cat ./minix.ko | strings | grep "~Module signature appended~" &>
/dev/null
@@ -59,7 +59,7 @@ modsign_unsigned()
{
# Grab a module to mess around with. We'll pick one that is fairly
# stand-alone and rarely used.
- cp /lib/modules/`uname -r`/kernel/fs/minix/minix.ko .
+ xz -dc /lib/modules/`uname -r`/kernel/fs/minix/minix.ko.xz > minix.ko
strip -g ./minix.ko
# Make sure it isn't already loaded
@@ -109,13 +109,13 @@ modsign_third_party()
modsign=0
if [ -f /proc/keys ]
then
- cat /proc/keys | grep module_sign &> /dev/null
+ cat /proc/keys | grep .system_keyring &> /dev/null
if [ $? -ne "0" ]
then
echo Module signing not enabled
exit 3
fi
- keyring=`cat /proc/keys | grep module_sign | cut -f 1 -d " "`
+ keyring=`cat /proc/keys | grep .system_keyring | cut -f 1 -d " "`
keyctl list 0x${keyring} | grep "Fedora kernel signing key" &>
/dev/null
if [ $? == "0" ]
then
--
2.4.3