代码拉取完成,页面将自动刷新
同步操作将从 src-anolis-os/systemtap 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
commit 9839db5514a29cf4f58b3de8cc6155088be6d061
gpg: Signature made Sat 12 Aug 2023 02:49:26 PM EDT
gpg: using RSA key 5D38116FA4D3A7CC77E378D37E83610126DCC2E8
gpg: Good signature from "Frank Ch. Eigler <[email protected]>" [full]
Author: Frank Ch. Eigler <[email protected]>
Date: Sat Aug 12 14:28:44 2023 -0400
PR30749: correct stap --sign-module timing
Previous code signed the temp directory copy, after it had already
been copied into the cache -- so the signature never made it to a
permanent artifact.
If the module was being fetched from the cache from a previous build
run, a sign (re)attempt will still be done. This may not be
necessary, but shouldn't be harmful.
Reported-By: Renaud Métrich <[email protected]>
diff --git a/main.cxx b/main.cxx
index 06adb66ad..9f695cbd8 100644
--- a/main.cxx
+++ b/main.cxx
@@ -1190,8 +1190,10 @@ passes_0_4 (systemtap_session &s)
s.mok_fingerprints.clear();
s.mok_fingerprints.push_back(mok_fingerprint);
}
- rc =
- sign_module (s.tmpdir, s.module_filename(), s.mok_fingerprints, mok_path, s.kernel_build_tree);
+ if (s.verbose)
+ clog << _F("Signing %s with mok key %s", s.module_filename().c_str(), mok_path.c_str())
+ << endl;
+ rc = sign_module (s.tmpdir, s.module_filename(), s.mok_fingerprints, mok_path, s.kernel_build_tree);
}
#endif
@@ -1310,8 +1312,30 @@ passes_0_4 (systemtap_session &s)
if (! s.use_script_cache && s.last_pass <= 4)
s.save_module = true;
+#if HAVE_NSS
+ // PR30749
+ if (!rc && s.module_sign_given)
+ {
+ // when run on client as --sign-module, mok fingerprints are result of mokutil -l
+ // when run from server as --sign-module=PATH, mok fingerprint is given by PATH
+ string mok_path;
+ if (!s.module_sign_mok_path.empty())
+ {
+ string mok_fingerprint;
+ split_path (s.module_sign_mok_path, mok_path, mok_fingerprint);
+ s.mok_fingerprints.clear();
+ s.mok_fingerprints.push_back(mok_fingerprint);
+ }
+
+ if (s.verbose)
+ clog << _F("Signing %s with mok key %s", s.module_filename().c_str(), mok_path.c_str())
+ << endl;
+ rc = sign_module (s.tmpdir, s.module_filename(), s.mok_fingerprints, mok_path, s.kernel_build_tree);
+ }
+#endif
+
// Copy module to the current directory.
- if (s.save_module && !pending_interrupts)
+ if (!rc && s.save_module && !pending_interrupts)
{
string module_src_path = s.tmpdir + "/" + s.module_filename();
string module_dest_path = s.module_filename();
@@ -1327,29 +1351,11 @@ passes_0_4 (systemtap_session &s)
}
}
-#if HAVE_NSS
- if (s.module_sign_given)
- {
- // when run on client as --sign-module, mok fingerprints are result of mokutil -l
- // when run from server as --sign-module=PATH, mok fingerprint is given by PATH
- string mok_path;
- if (!s.module_sign_mok_path.empty())
- {
- string mok_fingerprint;
- split_path (s.module_sign_mok_path, mok_path, mok_fingerprint);
- s.mok_fingerprints.clear();
- s.mok_fingerprints.push_back(mok_fingerprint);
- }
-
- rc = sign_module (s.tmpdir, s.module_filename(), s.mok_fingerprints, mok_path, s.kernel_build_tree);
- }
-#endif
-
PROBE1(stap, pass4__end, &s);
return rc;
}
-
+
int
pass_5 (systemtap_session &s, vector<remote*> targets)
{
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手