From: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Cc: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
Subject: [gentoo-dev] [PATCH] kernel-build.eclass: fix module signing with unspecified key
Date: Sun, 25 Aug 2024 17:32:41 +0200 [thread overview]
Message-ID: <20240825153241.495554-1-andrewammerlaan@gentoo.org> (raw)
MODULES_SIGN_KEY may be unset when using USE=modules-sign. Fix an issue
introduced in e290c3c78b7acb59393f46d1d15175d6dbfc77da that breaks this
configuration due to modules-sign-key.config not existing.
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
---
eclass/kernel-build.eclass | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index 6406f5b3c0f3..be02920162f4 100644
--- a/eclass/kernel-build.eclass
+++ b/eclass/kernel-build.eclass
@@ -625,18 +625,6 @@ kernel-build_merge_configs() {
CONFIG_MODULE_SIG_FORCE=y
CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}=y
EOF
- if [[ -n ${MODULES_SIGN_KEY_CONTENTS} ]]; then
- (umask 066 && touch "${T}/kernel_key.pem" || die)
- echo "${MODULES_SIGN_KEY_CONTENTS}" > "${T}/kernel_key.pem" || die
- unset MODULES_SIGN_KEY_CONTENTS
- export MODULES_SIGN_KEY="${T}/kernel_key.pem"
- fi
- if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -r ${MODULES_SIGN_KEY} ]]; then
- echo "CONFIG_MODULE_SIG_KEY=\"${MODULES_SIGN_KEY}\"" \
- >> "${WORKDIR}/modules-sign-key.config"
- elif [[ -n ${MODULES_SIGN_KEY} ]]; then
- die "MODULES_SIGN_KEY=${MODULES_SIGN_KEY} not found or not readable!"
- fi
merge_configs+=( "${WORKDIR}/modules-sign.config" )
fi
@@ -657,7 +645,19 @@ kernel-build_merge_configs() {
fi
if [[ ${KERNEL_IUSE_MODULES_SIGN} ]] && use modules-sign; then
- merge_configs+=( "${WORKDIR}/modules-sign-key.config" )
+ if [[ -n ${MODULES_SIGN_KEY_CONTENTS} ]]; then
+ (umask 066 && touch "${T}/kernel_key.pem" || die)
+ echo "${MODULES_SIGN_KEY_CONTENTS}" > "${T}/kernel_key.pem" || die
+ unset MODULES_SIGN_KEY_CONTENTS
+ export MODULES_SIGN_KEY="${T}/kernel_key.pem"
+ fi
+ if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -r ${MODULES_SIGN_KEY} ]]; then
+ echo "CONFIG_MODULE_SIG_KEY=\"${MODULES_SIGN_KEY}\"" \
+ >> "${WORKDIR}/modules-sign-key.config"
+ merge_configs+=( "${WORKDIR}/modules-sign-key.config" )
+ elif [[ -n ${MODULES_SIGN_KEY} ]]; then
+ die "MODULES_SIGN_KEY=${MODULES_SIGN_KEY} not found or not readable!"
+ fi
fi
if [[ ${#user_configs[@]} -gt 0 ]]; then
--
2.46.0
reply other threads:[~2024-08-25 15:32 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240825153241.495554-1-andrewammerlaan@gentoo.org \
--to=andrewammerlaan@gentoo.org \
--cc=gentoo-dev@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox