From c9df52aa4c86ea34f1f51953f9b5ad77786a2b6b Mon Sep 17 00:00:00 2001
From: Mikhail Novosyolov <m.novosyolov@rosalinux.ru>
Date: Thu, 21 Nov 2019 21:17:42 +0300
Subject: [PATCH] Allow to rebuild allowing unsigned modules (needed for
 testing custom modules from rosa-test-suite e.g.)

---
 kernel.spec | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/kernel.spec b/kernel.spec
index 2d2e533..6b69850 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -11,7 +11,7 @@
 %define sublevel	11
 
 # Release number. Increase this before a rebuild.
-%define rpmrel		4
+%define rpmrel		5
 %define fullrpmrel	%{rpmrel}
 
 %define rpmtag		%{disttag}
@@ -49,6 +49,7 @@
 
 %if %{enhanced_security}
 %bcond_without additional_keys
+%bcond_without oblig_signed_modules
 %endif
 
 # Kernel flavour
@@ -781,8 +782,12 @@ echo CONFIG_SECURITY_SELINUX_BOOTPARAM=y >> .config
 # https://www.kernel.org/doc/html/v5.3/admin-guide/module-signing.html
 sed -i '/CONFIG_MODULE_SIG/d' .config
 echo CONFIG_MODULE_SIG=y >> .config
+%if %{with oblig_signed_modules}
 # Disallow loading not signed modules
 echo CONFIG_MODULE_SIG_FORCE=y >> .config
+%else
+echo CONFIG_MODULE_SIG_FORCE=n >> .config
+%endif
 # If %%build_debig is true, automatic signatures will be stripped,
 # then modules will be resigned, otherwise automatic signatures
 # will not be stripped and modules will not be resigned.