© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
The exclusion to module signing is broken in xenial, zesty, and artful. In xenial the mechanism will never sign any staging modules, not even those in the signature-inclusion whitelist. In zesty and artful all staging drivers are signed.
There are two problems, both related to the signature-inclusion whitelist handling. First, the path to the file is relative to where make was invoked, which only works when the source and build directories are the same (which is not the case for package builds). In xenial this means that the condition to signing always evaluates such that staging modules are not signed. However zesty and artful contain an additional check for the existence of that file which results in signing staging modules when it is not found.
The second problem is that signature-inclusion contains only the module name for staging drivers which should be signed. However the grep statement which matches against that file uses the full path to the install location of the module, which will never match.