Opened 2 years ago

Closed 2 years ago

#4422 closed task (fixed)


Reported by: Bruce Dubbs Owned by: lfs-book
Priority: normal Milestone: 8.4
Component: Book Version: SVN
Severity: normal Keywords:


New version.

  • Improvements
    • Add more error-checking in library functions and remove warnings on newer toolchains
  • Depmod now handles parallel invoctions better by protecting the temporary files being used
  • Improvements to testsuite and added tests to check the our behavior regardless of the features enabled in the kernel, or libraries we link to
  • Teach the --show-exports option to modprobe. This works similarly to --show-modversions, but it reports the exported symbols from that module. Under the hood this reads the .symtab and .strtab section rather than versions so it shows useful data even if kernel is configured without modversions (CONFIG_MODVERSIONS)
  • Teach pkcs7 parsing to modinfo by using openssl. This allows modinfo to correctly parse the signature appended to a module by the kernel build system when configured with CONFIG_MODULE_SIG_ALL, or when externally signed by the distro. Traditionally modules were signed and a struct was appended together with the signature to the end of the module. This has changed on the kernel for pkcs7 and now the structure isn't filled out with useful information. So we have to parse the signature block in order to return useful data to the user.

If kmod is linked with openssl we parse the signature and return the fields as we do for other signatures. An example of the relevant part on the output of modinfo is below:

        sig_id:         PKCS#7
        sig_hashalgo:   md4
        sig_id:         PKCS#7
        signer:         Fedora kernel signing key
        sig_key:        51:C4:0C:6D:7E:A5:6C:D8:8F:B4:3A:DF:91:78:4F:18:BC:D5:E4:C5
        sig_hashalgo:   sha256

If kmod is not linked to openssl we just start printing "unknonwn" in the sig_hashalgo field rather than the bogus value.

Change History (2)

comment:1 by Bruce Dubbs, 2 years ago

It looks like we will need to move kmod to after openssl and update kmod's dependencies in the appendix.

comment:2 by Bruce Dubbs, 2 years ago

Resolution: fixed
Status: newclosed

Fixed at revision 11518.

Note: See TracTickets for help on using tickets.