diff options
| author | Jouni Hogander <jouni.hogander@unikie.com> | 2020-10-08 13:38:53 +0300 |
|---|---|---|
| committer | Dmitry Vyukov <dvyukov@google.com> | 2020-10-09 16:15:40 +0200 |
| commit | dcf117a24d23d280b2e9128caac89cea86de617a (patch) | |
| tree | ee6ca51bc3e35b02c0ac6194fe8527791cb1bf39 /pkg/build/linux.go | |
| parent | 92a8adc259e162265e1702fb55bf5831595ee07d (diff) | |
pkg/build: use fixed key when signing modules
Generating new key for every build causes problems to having
reproducible builds. To avoid this use fixed key.
Diffstat (limited to 'pkg/build/linux.go')
| -rw-r--r-- | pkg/build/linux.go | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/pkg/build/linux.go b/pkg/build/linux.go index 6acf6f347..541929675 100644 --- a/pkg/build/linux.go +++ b/pkg/build/linux.go @@ -24,6 +24,30 @@ type linux struct{} var _ signer = linux{} +// Key for module signing. +const moduleSigningKey = `-----BEGIN PRIVATE KEY----- +MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAxu5GRXw7d13xTLlZ +GT1y63U4Firk3WjXapTgf9radlfzpqheFr5HWO8f11U/euZQWXDzi+Bsq+6s/2lJ +AU9XWQIDAQABAkB24ZxTGBv9iMGURUvOvp83wRRkgvvEqUva4N+M6MAXagav3GRi +K/gl3htzQVe+PLGDfbIkstPJUvI2izL8ZWmBAiEA/P72IitEYE4NQj4dPcYglEYT +Hbh2ydGYFbYxvG19DTECIQDJSvg7NdAaZNd9faE5UIAcLF35k988m9hSqBjtz0tC +qQIgGOJC901mJkrHBxLw8ViBb9QMoUm5dVRGLyyCa9QhDqECIQCQGLX4lP5DVrsY +X43BnMoI4Q3o8x1Uou/JxAIMg1+J+QIgamNCPBLeP8Ce38HtPcm8BXmhPKkpCXdn +uUf4bYtfSSw= +-----END PRIVATE KEY----- +-----BEGIN CERTIFICATE----- +MIIBvzCCAWmgAwIBAgIUKoM7Idv4nw571nWDgYFpw6I29u0wDQYJKoZIhvcNAQEF +BQAwLjEsMCoGA1UEAwwjQnVpbGQgdGltZSBhdXRvZ2VuZXJhdGVkIGtlcm5lbCBr +ZXkwIBcNMjAxMDA4MTAzMzIwWhgPMjEyMDA5MTQxMDMzMjBaMC4xLDAqBgNVBAMM +I0J1aWxkIHRpbWUgYXV0b2dlbmVyYXRlZCBrZXJuZWwga2V5MFwwDQYJKoZIhvcN +AQEBBQADSwAwSAJBAMbuRkV8O3dd8Uy5WRk9cut1OBYq5N1o12qU4H/a2nZX86ao +Xha+R1jvH9dVP3rmUFlw84vgbKvurP9pSQFPV1kCAwEAAaNdMFswDAYDVR0TAQH/ +BAIwADALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFPhQx4etmYw5auCJwIO5QP8Kmrt3 +MB8GA1UdIwQYMBaAFPhQx4etmYw5auCJwIO5QP8Kmrt3MA0GCSqGSIb3DQEBBQUA +A0EAK5moCH39eLLn98pBzSm3MXrHpLtOWuu2p696fg/ZjiUmRSdHK3yoRONxMHLJ +1nL9cAjWPantqCm5eoyhj7V7gg== +-----END CERTIFICATE-----` + func (linux linux) build(params *Params) error { if err := linux.buildKernel(params); err != nil { return err @@ -82,6 +106,17 @@ func (linux) buildKernel(params *Params) error { } } } + + // Different key is generated for each build if key is not provided. + // see Documentation/reproducible-builds.rst. This is causing problems to our signature + // calculation. + certsDir := filepath.Join(params.KernelDir, "certs") + if osutil.IsExist(certsDir) { + err := osutil.WriteFile(filepath.Join(certsDir, "signing_key.pem"), []byte(moduleSigningKey)) + if err != nil { + return err + } + } if err := runMake(params.KernelDir, target, "CC="+ccParam); err != nil { return err } |