* [gentoo-dev] [PATCH] kernel-build.eclass: fix module signing with unspecified key
@ 2024-08-25 15:32 Andrew Ammerlaan
0 siblings, 0 replies; only message in thread
From: Andrew Ammerlaan @ 2024-08-25 15:32 UTC (permalink / raw
To: gentoo-dev; +Cc: Andrew Ammerlaan
MODULES_SIGN_KEY may be unset when using USE=modules-sign. Fix an issue
introduced in e290c3c78b7acb59393f46d1d15175d6dbfc77da that breaks this
configuration due to modules-sign-key.config not existing.
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
---
eclass/kernel-build.eclass | 26 +++++++++++++-------------
1 file changed, 13 insertions(+), 13 deletions(-)
diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index 6406f5b3c0f3..be02920162f4 100644
--- a/eclass/kernel-build.eclass
+++ b/eclass/kernel-build.eclass
@@ -625,18 +625,6 @@ kernel-build_merge_configs() {
CONFIG_MODULE_SIG_FORCE=y
CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}=y
EOF
- if [[ -n ${MODULES_SIGN_KEY_CONTENTS} ]]; then
- (umask 066 && touch "${T}/kernel_key.pem" || die)
- echo "${MODULES_SIGN_KEY_CONTENTS}" > "${T}/kernel_key.pem" || die
- unset MODULES_SIGN_KEY_CONTENTS
- export MODULES_SIGN_KEY="${T}/kernel_key.pem"
- fi
- if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -r ${MODULES_SIGN_KEY} ]]; then
- echo "CONFIG_MODULE_SIG_KEY=\"${MODULES_SIGN_KEY}\"" \
- >> "${WORKDIR}/modules-sign-key.config"
- elif [[ -n ${MODULES_SIGN_KEY} ]]; then
- die "MODULES_SIGN_KEY=${MODULES_SIGN_KEY} not found or not readable!"
- fi
merge_configs+=( "${WORKDIR}/modules-sign.config" )
fi
@@ -657,7 +645,19 @@ kernel-build_merge_configs() {
fi
if [[ ${KERNEL_IUSE_MODULES_SIGN} ]] && use modules-sign; then
- merge_configs+=( "${WORKDIR}/modules-sign-key.config" )
+ if [[ -n ${MODULES_SIGN_KEY_CONTENTS} ]]; then
+ (umask 066 && touch "${T}/kernel_key.pem" || die)
+ echo "${MODULES_SIGN_KEY_CONTENTS}" > "${T}/kernel_key.pem" || die
+ unset MODULES_SIGN_KEY_CONTENTS
+ export MODULES_SIGN_KEY="${T}/kernel_key.pem"
+ fi
+ if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -r ${MODULES_SIGN_KEY} ]]; then
+ echo "CONFIG_MODULE_SIG_KEY=\"${MODULES_SIGN_KEY}\"" \
+ >> "${WORKDIR}/modules-sign-key.config"
+ merge_configs+=( "${WORKDIR}/modules-sign-key.config" )
+ elif [[ -n ${MODULES_SIGN_KEY} ]]; then
+ die "MODULES_SIGN_KEY=${MODULES_SIGN_KEY} not found or not readable!"
+ fi
fi
if [[ ${#user_configs[@]} -gt 0 ]]; then
--
2.46.0
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2024-08-25 15:32 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2024-08-25 15:32 [gentoo-dev] [PATCH] kernel-build.eclass: fix module signing with unspecified key Andrew Ammerlaan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox