On 15/01/2019 14:27, Maheshwari, Shagun wrote:
> Hi,
>
>
>
> Latest CentOS kernel comes with openvswitch-2.0.0 drivers, but for an
> application, I needed openvswitch-2.9.2. I am trying to get my
> openvswitch.ko (from openvswitch-kmod-2.9.2-1.el7.centos.x86_64.rpm ) to
> get signed by the kernel module signing key. To achieve this I included
> below line to my spec file:
>
>
>
> mv signing_key.x509.sign.debug signing_key.x509 \
>
> %{modsign_cmd} ~/home/nupur/openvswitch/*.ko
>
> %{modsign_cmd} $RPM_BUILD_ROOT/lib/modules/%{KVRA}.debug || exit 1 \
>
> fi \
>
> if [ "%{with_default}" -ne "0" ]; then \
>
>
>
> But the build is failing. Please suggest , if it is feasible to achieve
> this. Or is this the right thing to do to sign third-party module with
> centos signing key.
>
We dont/wont sign an external build with the kernel sign key ( once the
trust path is established, we dont preserve it even )
regards
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20190115/8580c821/attachment-0008.sig>