This bug is awaiting verification that the kernel in -proposed solves the problem. Please test the kernel and update this bug with the results. If the problem is solved, change the tag 'verification-needed- zesty' to 'verification-done-zesty'. If the problem still exists, change the tag 'verification-needed-zesty' to 'verification-failed-zesty'.
If verification is not done by 5 working days from today, this fix will be dropped from the source code, and this bug will be closed. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you! -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1690908 Title: Module signing exclusion for staging drivers does not work properly Status in linux package in Ubuntu: Fix Committed Status in linux source package in Xenial: Fix Committed Status in linux source package in Zesty: Fix Committed Bug description: SRU Justification Impact: The exclusion of staging drivers from module signing and associated whitelisting are broken in xenial and zesty. In xenial even whitelisted modules aren't signed; in zesty all staging modules are signed. Fix: Fix two implementation bugs, the first of which looks for the signature-inclusion file in the wrong location, and the second of which uses the full path to match against modules in signature- inclusion rather than just the module name. Regression Potential: The fix is simple and trivial to test, so no regressions are expected. --- The exclusion to module signing is broken in xenial, zesty, and artful. In xenial the mechanism will never sign any staging modules, not even those in the signature-inclusion whitelist. In zesty and artful all staging drivers are signed. There are two problems, both related to the signature-inclusion whitelist handling. First, the path to the file is relative to where make was invoked, which only works when the source and build directories are the same (which is not the case for package builds). In xenial this means that the condition to signing always evaluates such that staging modules are not signed. However zesty and artful contain an additional check for the existence of that file which results in signing staging modules when it is not found. The second problem is that signature-inclusion contains only the module name for staging drivers which should be signed. However the grep statement which matches against that file uses the full path to the install location of the module, which will never match. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1690908/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
