Bug 590947
Summary: | debugedit vs modsign changes build ID | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Roland McGrath <roland> | ||||
Component: | rpm | Assignee: | Panu Matilainen <pmatilai> | ||||
Status: | CLOSED CURRENTRELEASE | QA Contact: | Miroslav Vadkerti <mvadkert> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | high | ||||||
Version: | 6.0 | CC: | dhowells, herrold, psklenar | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | rpm-4.8.0-7.el6 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2010-11-10 21:32:11 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 581965 | ||||||
Attachments: |
|
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux major release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Major release. This request is not yet committed for inclusion. Thanks for the patches, they're applied upstream now and ok by me for RHEL-6. Will these patches appear in Fedora 12 too? Built into rpm-4.8.0-7.el6. David: No plans for Fedora, but feel free to clone the bug if you think its actually needed there. Okay, the fixed rpm works for me, provided I manually override the debugedit program on my F12 desktop box before building the kernel RPM: If you look in the following extract from dmesg, you'll see the GNU build ID note section included in the digest (this does require an additional kernel patch): looking for sig section '.note.module.sig' sig in section 25 (size 72) ffffff8846040011020006 00000020 00 digested the .bss section, size 16 00000181 00 digested the .data section, size 320 000001cf 00 digested the .exit.text section, size 40 00000434 00 digested the .gnu.linkonce.this_module section, size 560 00000505 00 digested the .init.text section, size 171 00000629 00 digested the .modinfo section, size 256 0000067b 00 digested the .note.gnu.build-id section, size 36 00000b3e 00 digested the .rela.data section, nrels 29 00000c8d 00 digested the .rela.exit.text section, nrels 6 00000d1b 00 digested the .rela.gnu.linkonce.this_module section, nrels 2 00000f9b 00 digested the .rela.init.text section, nrels 13 00002e55 00 digested the .rela.rodata section, nrels 174 0000353c 00 digested the .rela.smp_locks section, nrels 43 00010856 00 digested the .rela.text section, nrels 1134 00010d86 00 digested the .rela__bug_table section, nrels 32 000122cf 00 digested the .rela__mcount_loc section, nrels 135 000130c5 00 digested the .rodata section, size 3539 0001365f 00 digested the .rodata.str1.1 section, size 1392 0001451d 00 digested the .rodata.str1.8 section, size 3732 0001469b 00 digested the .smp_locks section, size 344 000205c4 00 digested the .text section, size 48904 000206ab 00 digested the __bug_table section, size 192 00020b0b 00 digested the __mcount_loc section, size 1080 00023871 00 digested the __versions section, size 11584 Contributed 145521 bytes to the digest (csum 0x00) signature keyid: 59f5d69ccc7cf163 ver=4 ksign: Signature check succeeded verify-sig : 0 Created RHTS test for this issue: /CoreOS/rpm/Regression/bz590947-debugedit-vs-modsign-changes-build-ID VERIFIED as fixed in rpm-4.8.0-12.el6 rpm-4.8.0-12.el6.x86_64 :: [ PASS ] :: Running 'ld --build-id -r -o jump.ko.unsigned jump.o' :: [ PASS ] :: Running '/usr/lib/rpm/debugedit -i jump.ko.unsigned > /tmp/tmp.Ph64SB8Zzu' :: [ PASS ] :: Running 'ld -r -o jump.ko my.note.o jump.ko.unsigned' :: [ PASS ] :: File '/tmp/tmp.Ph64SB8Zzu' should contain 'feb01f8a1b5e2e053dc4edb7eb9c6a31843f4279' :: [ LOG ] :: Duration: 0s :: [ LOG ] :: Assertions: 4 good, 0 bad :: [ PASS ] :: RESULT: Test rpm-4.8.0-5.el6.x86_64 :: [ PASS ] :: Running 'ld --build-id -r -o jump.ko.unsigned jump.o' :: [ PASS ] :: Running '/usr/lib/rpm/debugedit -i jump.ko.unsigned > /tmp/tmp.G1c7OmSRpA' :: [ PASS ] :: Running 'ld -r -o jump.ko my.note.o jump.ko.unsigned' :: [ FAIL ] :: File '/tmp/tmp.G1c7OmSRpA' should contain '5e5ab122e1506f80cdb3f89aba28def402b775b0' :: [ LOG ] :: Duration: 1s :: [ LOG ] :: Assertions: 3 good, 1 bad :: [ FAIL ] :: RESULT: Test Red Hat Enterprise Linux 6.0 is now available and should resolve the problem described in this bug report. This report is therefore being closed with a resolution of CURRENTRELEASE. You may reopen this bug report if the solution does not work for you. |
Created attachment 413035 [details] two patches in an mbox file, as for git am The debugedit phase of the rpmbuild process changes the build ID of each .ko after it gets signed. The kernel build runs debugedit before signing to avoid this problem for this and other embedded-ELF-file kinds of cases (here it's signed, not embedded). In the other cases, it works out OK because debugedit regenerates the same ID the second time. With signed .ko files, it comes out different the second time. The attached changes to debugedit make it recompute build IDs only when it actually did any material changes to the DWARF data. This solves the problem for modsign.