From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 6BD4E138334 for ; Sat, 22 Sep 2018 02:30:49 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DD97AE0894; Sat, 22 Sep 2018 02:30:45 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8FA76E087A for ; Sat, 22 Sep 2018 02:30:45 +0000 (UTC) Received: from reaper.local.sysdump.net (ip72-194-88-79.oc.oc.cox.net [72.194.88.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: gyakovlev) by smtp.gentoo.org (Postfix) with ESMTPSA id 3D2E8335C4F for ; Sat, 22 Sep 2018 02:30:44 +0000 (UTC) From: Georgy Yakovlev To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [PATCH] eclass/linux-mod.eclass: add module signing support Date: Fri, 21 Sep 2018 19:30:42 -0700 Message-ID: <2311497.hzvSJFrEj0@reaper.local.sysdump.net> In-Reply-To: <63ca33b7-7663-65bc-24a9-b5f4538dbfa8@gentoo.org> References: <20180921051304.115704-1-gyakovlev@gentoo.org> <1537534680.1635.11.camel@tsoy.me> <63ca33b7-7663-65bc-24a9-b5f4538dbfa8@gentoo.org> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1613482.lU27hVACke"; micalg="pgp-sha256"; protocol="application/pgp-signature" X-Archives-Salt: 2dc2f061-0825-4d93-8bf9-83d2dedafcd9 X-Archives-Hash: d29a6bf0eac28d5c64db426a7800274d --nextPart1613482.lU27hVACke Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="UTF-8" On Friday, September 21, 2018 3:59:26 PM PDT Ch=C3=AD-Thanh Christopher Ngu= y=E1=BB=85n=20 wrote: > Alexander Tsoy schrieb: > >> + sign_binary_path=3D"${KV_OUT_DIR}/scripts/sign-file" > >=20 > > Yet another way to screw up modules building. It relies on some binary > > in the kernel build dir that may break after openssl update (e.g. > > soname change). >=20 > Maybe the sign-file application could be packaged, for example as part of > sys-apps/linux-misc-apps. >=20 >=20 > Best regards, > Ch=C3=AD-Thanh Christopher Nguy=E1=BB=85n linux-mod.eclass already relies on full kernel build dir to be available to= =20 build modules. and depending on another ebuild means that it has to be keyworded on differ= ent=20 arches to actually support signing on those arches. simple kbuild approach is better IMO, if a system can build a kernel and=20 modules means it can sign it. Maintaining separate package, especially with kernel update pace will be a= =20 nightmare. =2D-=20 Regads, Georgy Yakovlev Gentoo Linux Developer --nextPart1613482.lU27hVACke Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part. Content-Transfer-Encoding: 7Bit -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEE3NQc5d2Nq7vhc9JNonLI8BUSnVIFAlulqVIACgkQonLI8BUS nVKhSg/8DEKwxHYv4S7S/9cdBcbAgKLQPihFAnQyKTRNgxDXjmQmzvTO+W5psuku 6U3I6dbis6Z0A5KvkN5+h4+w1noWVMo8iYUnsae+8zmpYhdoORaVh0nr6lC89uwW lCn8cr86TdvTiRER8uJmPqsBLiF6kwAZobQ4kR0VE5KrMnnMY8DQ0RnElnD88ckA I5nxcswb9hBZfZfsefMEdFbBiIkB5TzHi7c7crKyeU2dUy+LLMIxAYS3S2xnwEY+ SBxD+XCGrcG7uFwht9fSy6rO6wKhTZ3oBF7+gqr2uYYzshCNaFW607DylcxTdl4h sbSKMzTaEgY+QXIOvyvml0S8yBlleRHluGRQQWBI9viU2+e6ZYSLsycLNGVdhWA6 WC6t5X7LWBkTth4TLxPAbbxJtZW4qSg3y9lrhUl1mUiEvbzTEi72E5sbOlTj3Ytr 2rMMfgEWvRH9B1X9y2Fi7SbfQ/8AaDmBPPUGls2NrGCFaSp5YXjxwwFkgArK2Ftc sY3y2um+PuHEbCN6PTJbjSJpNNEVCcpbAiIFUm0GCbqjucf33HfjFlILT1NCyleU OnN3sQy4pQUzynDkuC/Xb4s7qKs1AGiFgT6t4uUH4zW8x0LdhCGFMypbDRWorQVY gdtOV2jMOCcM0Vs8gHOWyTn16+OEc+3EfP9aCAZ7rtDxZqNkwlQ= =bLIP -----END PGP SIGNATURE----- --nextPart1613482.lU27hVACke--