From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-99855-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 7D801158008
	for <garchives@archives.gentoo.org>; Thu, 15 Jun 2023 13:53:48 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 3CA1CE0986;
	Thu, 15 Jun 2023 13:53:45 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id EF63CE0940
	for <gentoo-dev@lists.gentoo.org>; Thu, 15 Jun 2023 13:53:44 +0000 (UTC)
Message-ID: <09981d71-71b3-e217-56a2-e5f7348df0bd@gentoo.org>
Date: Thu, 15 Jun 2023 15:53:40 +0200
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101
 Thunderbird/102.11.0
Content-Language: en-US, nl-NL
To: gentoo-dev@lists.gentoo.org
References: <dcdeb283-8276-6ac6-f430-5131a0e81883@gentoo.org>
 <fd911b23-dfeb-e8ca-3fac-8ad5bb405de8@gentoo.org>
 <CAJ0EP426px_7tssr1XAgAQ-dzXKvg+UxG+bHQX-fQmAPF2h8gw@mail.gmail.com>
From: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
Organization: Gentoo Linux
Subject: Re: [gentoo-dev] [PATCH 1/2 v2] kernel-build.eclass: add IUSE="+strip
 modules-sign", install generated keys
In-Reply-To: <CAJ0EP426px_7tssr1XAgAQ-dzXKvg+UxG+bHQX-fQmAPF2h8gw@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Archives-Salt: 1c024479-0c32-4dac-9677-dcf7c453b8a3
X-Archives-Hash: d2a89e9d1a48953337cfd605492ebb94

On 15/06/2023 15:46, Mike Gilbert wrote:
> On Thu, Jun 15, 2023 at 9:06 AM Andrew Ammerlaan
> <andrewammerlaan@gentoo.org> wrote:
>>    # @FUNCTION: kernel-build_merge_configs
>> @@ -270,16 +354,39 @@ kernel-build_merge_configs() {
>>          local user_configs=( "${BROOT}"/etc/kernel/config.d/*.config )
>>          shopt -u nullglob
>>
>> +       local merge_configs=( "${@}" )
>> +
>> +       if [[ -n "${ALLOW_MODULES_SIGN}" ]]; then
>> +               if use modules-sign; then
>> +                       : "${MODULES_SIGN_HASH:=sha512}"
>> +                       cat <<-EOF > "${WORKDIR}/modules-sign.config" || die
>> +                               ## Enable module signing
>> +                               CONFIG_MODULE_SIG=y
>> +                               CONFIG_MODULE_SIG_ALL=y
>> +                               CONFIG_MODULE_SIG_FORCE=y
>> +                               CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}=y
> 
> I'm not sure if it matters, but menuconfig would also set
> CONFIG_MODULE_SIG_HASH. eg.

When I tested this earlier CONFIG_MODULE_SIG_HASH was entirely dependent 
on the setting of CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}.
I.e. setting CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}=y automatically 
sets CONFIG_MODULE_SIG_HASH=${MODULES_SIGN_HASH} to the same value. Only 
setting CONFIG_MODULE_SIG_HASH is ignored and it reverts back to the 
default value of CONFIG_MODULE_SIG_SHA512. We could set both, but there 
is no functional difference.

Best regards,
Andrew