From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 7B825158094 for ; Tue, 5 Jul 2022 19:02:23 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E42AFE0F29; Tue, 5 Jul 2022 19:02:18 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 911CAE0F24 for ; Tue, 5 Jul 2022 19:02:18 +0000 (UTC) Message-ID: <3e82436e9883431e59daf011b60deaffae1a3268.camel@gentoo.org> Subject: Re: [gentoo-dev] [PATCH] linux-mod.eclass: support module signing From: Georgy Yakovlev To: gentoo-dev@lists.gentoo.org Date: Tue, 05 Jul 2022 12:02:15 -0700 In-Reply-To: <0f4a80cb6ee817dc015c1791960df032ae528ea4.camel@gentoo.org> References: <20220621181959.920941-1-concord@gentoo.org> <84e99a74d64f0d9dd326af0f2c54b9d5717b2f8d.camel@gentoo.org> <9317f3aa1815d9ef219625794c06a8fb3057d707.camel@gentoo.org> <20220627183531.palnmdpvgzf44ssk@fuuko> <7311bbf9de54e3fb08953a40a9cd03df61f4dd00.camel@gentoo.org> <0f4a80cb6ee817dc015c1791960df032ae528ea4.camel@gentoo.org> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.44.3 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 X-Archives-Salt: d96c87f9-ac49-4cff-8d4e-cff5f7758164 X-Archives-Hash: 82803536fb9f2a2b242f173333a71b6b ...snip >=20 > > In that case, I think the only viable way to make this work is to > > disable automatic stripping and handle stripping via custom code in > > the ebuild/eclass. > >=20 > might work indeed if we do something like (pseudo-bash) >=20 > if [[ module_sign =3D=3D yes ]]; then > =C2=A0=C2=A0=C2=A0 dostrip -x /lib/modules # to stop portage stripping .k= o objects > =C2=A0=C2=A0=C2=A0 manual-strip-respecting-features-nostrip -r /lib/modul= es > =C2=A0=C2=A0=C2=A0 sign-all-modules -r /lib/modules > fi > [[ compress_modules =3D=3D yes ]] && compress-modules -r /lib/modules >=20 >=20 > this will equire eapi-bumping couple of packages > https://qa-reports.gentoo.org/output/eapi-per-eclass/linux-mod.eclass/6.t= xt > and restricting linux-mod.eclass to eapi7 or later. >=20 >=20 >=20 started playing with my old code and got blocked right away: looks like dostrip just creates a list of files/directories to strip and processed at the very end of install phase. so skipping strip and doing manual one might be problematic. internally portage uses estrip https://github.com/gentoo/portage/blob/master/bin/estrip which contains quite a lot of logic and code and I don't think partially re-implementing this in eclass code is appropriate.