Add new dkms-build scripting which prepares a kernel headers tree and
then builds specified DKMS packages against those headers. The
resulting .kos are then incorporated into the specified package,
including signing them into this kernels module signing key. This
allows them to be loaded in a secure-boot environment.
Squashes the following commits from bionic:
UBUNTU: update dkms package versions
UBUNTU: [Config] wireguard -- enable for all architectures
UBUNTU: [Packaging]: ignore wireguard modules when wireguard is disabled
UBUNTU: [Packaging] wireguard -- add support for building signed .ko
dkms-build: apt-cache policy elides username:password information
UBUNTU: [Packaging] file-downloader not handling positive failures correctly
UBUNTU: temporarily drop Built-Using data
UBUNTU: [packaging] handle downloads from the librarian better
UBUNTU: [Packaging] autoreconstruct -- manage executable debian files
UBUNTU: [Packaging] Fix config file assembly
UBUNTU: [Packaging] dkms -- dkms-build quieten wget verbiage
UBUNTU: [Packaging] dkms -- try launchpad librarian for pool downloads
UBUNTU: [Packaging] dkms-build -- backport latest version from disco
UBUNTU: [Packaging] dkms-build -- add support for unversioned overrides
UBUNTU: [Packaging] dkms-build: do not redownload files on subsequent passes
UBUNTU: [Packaging] dkms-build -- support building against packages in PPAs
UBUNTU: [Packaging] dkms -- switch to a consistent build prefix length and strip
UBUNTU: [Packaging] dkms -- add per package post-process step
UBUNTU: [Packaging] dkms -- dkms package build packaging support
Signed-off-by: Andy Whitcroft <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Acked-by: Stefan Bader <<email address hidden>
Signed-off-by: Ian May <email address hidden>
We generally mitigate executables within the debian directory but it would
be much simpler if we extended executable bit management into debian too.
Drop the exclusion there.
Signed-off-by: Andy Whitcroft <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>
Acked-by: Stefan Bader <<email address hidden>
Signed-off-by: Ian May <email address hidden>
In commit ed17b8d377ea ("xfrm: fix a warning in xfrm_policy_insert_list"),
it would take 'priority' to make a policy unique, and allow duplicated
policies with different 'priority' to be added, which is not expected
by userland, as Tobias reported in strongswan.
To fix this duplicated policies issue, and also fix the issue in
commit ed17b8d377ea ("xfrm: fix a warning in xfrm_policy_insert_list"),
when doing add/del/get/update on user interfaces, this patch is to change
to look up a policy with both mark and mask by doing:
mark.v == pol->mark.v && mark.m == pol->mark.m
and leave the check:
(mark & pol->mark.m) == pol->mark.v
for tx/rx path only.
As the userland expects an exact mark and mask match to manage policies.
v1->v2:
- make xfrm_policy_mark_match inline and fix the changelog as
Tobias suggested.
Fixes: 295fae568885 ("xfrm: Allow user space manipulation of SPD mark")
Fixes: ed17b8d377ea ("xfrm: fix a warning in xfrm_policy_insert_list")
Reported-by: Tobias Brunner <email address hidden>
Tested-by: Tobias Brunner <email address hidden>
Signed-off-by: Xin Long <email address hidden>
Signed-off-by: Steffen Klassert <email address hidden>
(backported from commit 4f47e8ab6ab796b5380f74866fa5287aca4dcc58)
[smb: work around missing if_id parameter and __xfrm_policy_bysel_ctx]
Signed-off-by: Stefan Bader <email address hidden>
Acked-by: Colin Ian King <email address hidden>
Acked-by: Marcelo Henrique Cerri <email address hidden>
Signed-off-by: Ian May <email address hidden>