@@ -109,7 +109,7 @@ override_dh_auto_install:
if grep -q "^Package: *$$hmac_pkg\$$" debian/control; then \
unsigned_hmac_pkg="linux-image-unsigned-hmac-$$verflav";\
hmac="$$(dirname "$$signed")/.$$(basename "$$signed").hmac"; \
- sha512hmac "$$signed" | \
+ openssl sha512 -r -hmac FIPS-FTW-RHT2009 "$$signed" | \
awk -vpkg="/boot/$$(basename "$$signed")" \
'{ printf("%s %s\n", $$1, pkg) }' \
> "$$hmac"; \
@@ -31,6 +31,8 @@ with open("debian/control.stub") as tfd, open("debian/control", "w") as cfd:
efi_archs.update([arch])
if efi_archs:
print(f' sbsigntool [{" ".join(efi_archs)}],', file=cfd)
+ # For HMACs
+ print(f" openssl,", file=cfd)
else:
print(line, end='', file=cfd)
kcapi-tools applications are not available in all suites, in the same path, with the same name, instead use openssl which is universally available. kcapi-tools itself also uses openssl to calculate its hmac. BugLink: https://bugs.launchpad.net/bugs/2027818 Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com> --- debian/rules | 2 +- debian/scripts/generate-control | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-)