* [gentoo-dev] [PATCH 1/2] kernel-build.eclass: Apply savedconfig on top of merged configs
@ 2024-08-22 5:21 Michał Górny
2024-08-22 5:21 ` [gentoo-dev] [PATCH 2/2] kernel-build.eclass: Merge two ifs in kernel-build_merge_configs() Michał Górny
0 siblings, 1 reply; 2+ messages in thread
From: Michał Górny @ 2024-08-22 5:21 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Move applying savedconfig from src_configure() into
kernel-build_merge_configs(), in order to make it possible to override
saved config options. Previously, the saved config would
unconditionally overwrite everything, which could be between
inconvenient and plain broken (particularly if savedconfig contained
signing key paths referring to ${T}).
The new logic applies saved config via merge method, on top
of the default config along with ebuild and eclass overrides. However,
MODULES_SIGN_KEY* and user config snippets do override saved config
for convenience.
Closes: https://bugs.gentoo.org/938130
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/kernel-build.eclass | 30 +++++++++++++++++++++---------
1 file changed, 21 insertions(+), 9 deletions(-)
diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index c4f3db0028a9..1eac9433b65c 100644
--- a/eclass/kernel-build.eclass
+++ b/eclass/kernel-build.eclass
@@ -167,8 +167,8 @@ kernel-build_pkg_setup() {
# @FUNCTION: kernel-build_src_configure
# @DESCRIPTION:
-# Prepare the toolchain for building the kernel, get the default .config
-# or restore savedconfig, and get build tree configured for modprep.
+# Prepare the toolchain for building the kernel, get the .config file,
+# and get build tree configured for modprep.
kernel-build_src_configure() {
debug-print-function ${FUNCNAME} "${@}"
@@ -243,7 +243,6 @@ kernel-build_src_configure() {
MAKEARGS+=( KBZIP2="lbzip2" )
fi
- restore_config .config
[[ -f .config ]] || die "Ebuild error: please copy default config into .config"
if [[ -z "${KV_LOCALVERSION}" ]]; then
@@ -594,11 +593,15 @@ kernel-build_pkg_postinst() {
# @FUNCTION: kernel-build_merge_configs
# @USAGE: [distro.config...]
# @DESCRIPTION:
-# Merge the config files specified as arguments (if any) into
-# the '.config' file in the current directory, then merge
-# any user-supplied configs from ${BROOT}/etc/kernel/config.d/*.config.
-# The '.config' file must exist already and contain the base
-# configuration.
+# Merge kernel config files. The following is merged onto the '.config'
+# file in the current directory, in order:
+#
+# 1. Config files specified as arguments.
+# 2. Default module signing and compression configuration
+# (if applicable).
+# 3. Config saved via USE=savedconfig (if applicable).
+# 4. Module signing key specified via MODULES_SIGN_KEY* variables.
+# 5. User-supplied configs from ${BROOT}/etc/kernel/config.d/*.config.
kernel-build_merge_configs() {
debug-print-function ${FUNCNAME} "${@}"
@@ -631,7 +634,7 @@ kernel-build_merge_configs() {
fi
if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -r ${MODULES_SIGN_KEY} ]]; then
echo "CONFIG_MODULE_SIG_KEY=\"${MODULES_SIGN_KEY}\"" \
- >> "${WORKDIR}/modules-sign.config"
+ >> "${WORKDIR}/modules-sign-key.config"
elif [[ -n ${MODULES_SIGN_KEY} ]]; then
die "MODULES_SIGN_KEY=${MODULES_SIGN_KEY} not found or not readable!"
fi
@@ -650,6 +653,15 @@ kernel-build_merge_configs() {
merge_configs+=( "${WORKDIR}/module-compress.config" )
fi
+ restore_config "${WORKDIR}/savedconfig.config"
+ if [[ -f ${WORKDIR}/savedconfig.config ]]; then
+ merge_configs+=( "${WORKDIR}/savedconfig.config" )
+ fi
+
+ if [[ ${KERNEL_IUSE_MODULES_SIGN} ]] && use modules-sign; then
+ merge_configs+=( "${WORKDIR}/modules-sign-key.config" )
+ fi
+
if [[ ${#user_configs[@]} -gt 0 ]]; then
elog "User config files are being applied:"
local x
--
2.46.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [gentoo-dev] [PATCH 2/2] kernel-build.eclass: Merge two ifs in kernel-build_merge_configs()
2024-08-22 5:21 [gentoo-dev] [PATCH 1/2] kernel-build.eclass: Apply savedconfig on top of merged configs Michał Górny
@ 2024-08-22 5:21 ` Michał Górny
0 siblings, 0 replies; 2+ messages in thread
From: Michał Górny @ 2024-08-22 5:21 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/kernel-build.eclass | 44 ++++++++++++++++++--------------------
1 file changed, 21 insertions(+), 23 deletions(-)
diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index 1eac9433b65c..6406f5b3c0f3 100644
--- a/eclass/kernel-build.eclass
+++ b/eclass/kernel-build.eclass
@@ -616,30 +616,28 @@ kernel-build_merge_configs() {
local merge_configs=( "${@}" )
- if [[ ${KERNEL_IUSE_MODULES_SIGN} ]]; then
- if use modules-sign; then
- : "${MODULES_SIGN_HASH:=sha512}"
- cat <<-EOF > "${WORKDIR}/modules-sign.config" || die
- ## Enable module signing
- CONFIG_MODULE_SIG=y
- CONFIG_MODULE_SIG_ALL=y
- CONFIG_MODULE_SIG_FORCE=y
- CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}=y
- EOF
- if [[ -n ${MODULES_SIGN_KEY_CONTENTS} ]]; then
- (umask 066 && touch "${T}/kernel_key.pem" || die)
- echo "${MODULES_SIGN_KEY_CONTENTS}" > "${T}/kernel_key.pem" || die
- unset MODULES_SIGN_KEY_CONTENTS
- export MODULES_SIGN_KEY="${T}/kernel_key.pem"
- fi
- if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -r ${MODULES_SIGN_KEY} ]]; then
- echo "CONFIG_MODULE_SIG_KEY=\"${MODULES_SIGN_KEY}\"" \
- >> "${WORKDIR}/modules-sign-key.config"
- elif [[ -n ${MODULES_SIGN_KEY} ]]; then
- die "MODULES_SIGN_KEY=${MODULES_SIGN_KEY} not found or not readable!"
- fi
- merge_configs+=( "${WORKDIR}/modules-sign.config" )
+ if [[ ${KERNEL_IUSE_MODULES_SIGN} ]] && use modules-sign; then
+ : "${MODULES_SIGN_HASH:=sha512}"
+ cat <<-EOF > "${WORKDIR}/modules-sign.config" || die
+ ## Enable module signing
+ CONFIG_MODULE_SIG=y
+ CONFIG_MODULE_SIG_ALL=y
+ CONFIG_MODULE_SIG_FORCE=y
+ CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}=y
+ EOF
+ if [[ -n ${MODULES_SIGN_KEY_CONTENTS} ]]; then
+ (umask 066 && touch "${T}/kernel_key.pem" || die)
+ echo "${MODULES_SIGN_KEY_CONTENTS}" > "${T}/kernel_key.pem" || die
+ unset MODULES_SIGN_KEY_CONTENTS
+ export MODULES_SIGN_KEY="${T}/kernel_key.pem"
+ fi
+ if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -r ${MODULES_SIGN_KEY} ]]; then
+ echo "CONFIG_MODULE_SIG_KEY=\"${MODULES_SIGN_KEY}\"" \
+ >> "${WORKDIR}/modules-sign-key.config"
+ elif [[ -n ${MODULES_SIGN_KEY} ]]; then
+ die "MODULES_SIGN_KEY=${MODULES_SIGN_KEY} not found or not readable!"
fi
+ merge_configs+=( "${WORKDIR}/modules-sign.config" )
fi
# Only semi-related but let's use that to avoid changing stable ebuilds.
--
2.46.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-08-22 5:22 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-22 5:21 [gentoo-dev] [PATCH 1/2] kernel-build.eclass: Apply savedconfig on top of merged configs Michał Górny
2024-08-22 5:21 ` [gentoo-dev] [PATCH 2/2] kernel-build.eclass: Merge two ifs in kernel-build_merge_configs() Michał Górny
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox