enhanced_security logically conflicts with dkms

2025-02-23 18:42:55 +00:00 · 2019-11-12 16:16:27 +03:00 · 2019-11-12 16:16:27 +03:00 · 6e1e792676
commit 6e1e792676
parent 9674247130
1 changed files with 10 additions and 0 deletions
--- a/kernel.spec
+++ b/kernel.spec
@ -370,8 +370,13 @@ Requires:	ncurses-devel
 Requires:	make
 Requires:	gcc
 Requires:	perl
+
+# Loading kernel modules without valid signature is prohobibited
+# when building with enhanced_security
+%if ! %{enhanced_security}
 Requires(post):		dkms
 Requires(preun):	dkms
+%endif

 Provides:	kernel-devel = %{kverrel}
 Provides:	kernel-desktop-devel = %{kverrel}
@ -385,15 +390,20 @@ This package contains the kernel files (headers and build tools)
 that should be enough to build additional drivers for
 use with kernel-%{flavour}-%{buildrel}.

+%if ! %{enhanced_security}
 %post -n kernel-%{flavour}-devel-%{buildrel}
 /usr/sbin/dkms_autoinstaller start %{kver_full}
+%endif

 %preun -n kernel-%{flavour}-devel-%{buildrel}
+
+%if ! %{enhanced_security}
 for ii in $(/usr/sbin/dkms status -k %{kver_full} | awk '{ print $1 $2; }'); do
 	mod=$(echo $ii | awk -v FS=',' '{ print $1; }')
 	ver=$(echo $ii | awk -v FS=',' '{ print $2; }')
 	/usr/sbin/dkms --rpm_safe_upgrade uninstall -m $mod -v $ver -k %{kver_full} || true
 done
+%endif

 # If any DKMS modules with REMAKE_INITRD=yes in their configs have been
 # uninstalled, initrd has been regenerated for the given kernel. However,