Re: [gentoo-dev] [PATCH 1/2] kernel-build.eclass: sign the kernel image earlier in, src_install

public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed

From: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] [PATCH 1/2] kernel-build.eclass: sign the kernel image earlier in, src_install
Date: Sat, 26 Aug 2023 21:44:40 +0200	[thread overview]
Message-ID: <69179d9e-1474-481e-90af-7f296d590268@gentoo.org> (raw)
In-Reply-To: <1d64b8dd-4958-419b-93e0-fccb28674180@gentoo.org>

If we are not using UKIs we don't have to do anything since the kernel image
was already signed in kernel-build.eclass.

Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
---
  eclass/dist-kernel-utils.eclass | 8 ++++----
  1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/eclass/dist-kernel-utils.eclass 
b/eclass/dist-kernel-utils.eclass
index 6903183b6efb3..2a257a7b6dc8b 100644
--- a/eclass/dist-kernel-utils.eclass
+++ b/eclass/dist-kernel-utils.eclass
@@ -131,11 +131,11 @@ dist-kernel_install_kernel() {
  		done
  		shopt -u nullglob
  		export KERNEL_INSTALL_PLUGINS="${KERNEL_INSTALL_PLUGINS} ${plugins[@]}"
-	fi

-	if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then
-		# Kernel-install requires uki's are named uki.efi, sign in-place
-		secureboot_sign_efi_file "${image}" "${image}"
+		if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then
+			# Ensure the uki is signed if dracut hasn't already done so.
+			secureboot_sign_efi_file "${image}" "${image}"
+		fi
  	fi

  	ebegin "Installing the kernel via installkernel"

next prev parent reply	other threads:[~2023-08-26 19:44 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-08-26 19:44 [gentoo-dev] [PATCH 1/2] kernel-build.eclass: sign the kernel image earlier in, src_install Andrew Ammerlaan
2023-08-26 19:44 ` Andrew Ammerlaan [this message]
2023-08-27 19:34   ` [gentoo-dev] [PATCH 2/3] dist-kernel-utils.eclass: only sign image if it is a UKI Andrew Ammerlaan
2023-08-27 19:33 ` [gentoo-dev] [PATCH 1/3 v2] kernel-build.eclass: sign the kernel image earlier in, src_install Andrew Ammerlaan
2023-08-27 19:35   ` [gentoo-dev] [PATCH 3/3 v2] secureboot.eclass: secureboot_sign_efi_file allow call with 1 Andrew Ammerlaan

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:6903183b6efb dfblob:2a257a7b6dc8 )
 OR (
bs:"Re: [gentoo-dev] [PATCH 1/2] kernel-build.eclass: sign the kernel image earlier in, src_install" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=69179d9e-1474-481e-90af-7f296d590268@gentoo.org \
    --to=andrewammerlaan@gentoo.org \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox