Ben Hutchings writes: > The code signing service logs every file it signs, along with a hash of > the detached signature, but I don't know where the logs are so I can't > comapre with that.
I checked the audit log, but I don't think it will help much. It currently records that: - 2019-10-21 07:20:03.898781: decided to sign linux-image-5.3.0-1-amd64-unsigned_5.3.7-1_amd64/[...]/snd-hda-codec-hdmi.ko with sha256sum 3fe77a308b28825f0d18717e073b411246aea9bb753f76f6071b3fc4e60c6005 - 2019-10-21 07:20:04.175379: signature for the file logged with sha256sum c2a36f35867ae92b8664f4bd2193e70370eb3b92013ea53f3573d2508d3da4cb (which matches snd-hda-codec-hdmi.ko.sig in src:linux-signed-amd64) So linux' sign-file likely produced a truncated file for some reason; note that ftp-master still uses linux-kbuild-4.9/4.9.189-3+deb9u1. Ansgar
