diff mbox series

[B,2/2] UBUNTU: [Packaging] Add fips-checks as part of finalchecks

Message ID 20211004133548.2168392-3-marcelo.cerri@canonical.com
State New
Headers show
Series LP:#1945989 - Check for changes relevant for security certifications | expand

Commit Message

Marcelo Henrique Cerri Oct. 4, 2021, 1:35 p.m. UTC 
BugLink: https://bugs.launchpad.net/bugs/1945989

Call fips-checks as part of the debian target "finalchecks". That will
ensure the checks are executed during build and during cranky close.

Kernels need to enable this check via do_fips_checks.

Signed-off-by: Marcelo Henrique Cerri <marcelo.cerri@canonical.com>
---
 debian/rules.d/0-common-vars.mk | 3 +++
 debian/rules.d/1-maintainer.mk  | 3 +++
 2 files changed, 6 insertions(+)
diff mbox series

Patch

diff --git a/debian/rules.d/0-common-vars.mk b/debian/rules.d/0-common-vars.mk
index 2e3ed3818c98..84057c37d378 100644
--- a/debian/rules.d/0-common-vars.mk
+++ b/debian/rules.d/0-common-vars.mk
@@ -205,6 +205,9 @@  do_flavour_header_package=true
 # DTBs
 do_dtbs=false
 
+# FIPS check
+do_fips_checks=false
+
 # Support parallel=<n> in DEB_BUILD_OPTIONS (see #209008)
 #
 # These 2 environment variables set the -j value of the kernel build. For example,
diff --git a/debian/rules.d/1-maintainer.mk b/debian/rules.d/1-maintainer.mk
index b32efbfc4f29..6d8700d8143d 100644
--- a/debian/rules.d/1-maintainer.mk
+++ b/debian/rules.d/1-maintainer.mk
@@ -125,6 +125,9 @@  autoreconstruct:
 	$(DROOT)/scripts/misc/gen-auto-reconstruct $(upstream_tag) $(DEBIAN)/reconstruct $(DROOT)/source/options
 
 finalchecks:
+ifeq ($(do_fips_checks),true)
+	$(DROOT)/scripts/misc/fips-checks
+endif
 	$(DROOT)/scripts/misc/final-checks "$(DEBIAN)" "$(prev_fullver)"
 
 diffupstream: