From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-97650-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id D9D73158094
	for <garchives@archives.gentoo.org>; Tue,  5 Jul 2022 20:11:36 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 393E8E0F85;
	Tue,  5 Jul 2022 20:11:33 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id C403DE0F7C
	for <gentoo-dev@lists.gentoo.org>; Tue,  5 Jul 2022 20:11:32 +0000 (UTC)
Received: by mail-yw1-f179.google.com with SMTP id 00721157ae682-31c89653790so69260127b3.13
        for <gentoo-dev@lists.gentoo.org>; Tue, 05 Jul 2022 13:11:32 -0700 (PDT)
X-Gm-Message-State: AJIora9fWTi6+duefnesgHrGMrGONsU16BfYIoEmnnA5i5oRhnFzrvja
	f6SFQIRy6NMB2iKVPeu9rL8+3qDLYOzgTwUIJjk=
X-Google-Smtp-Source: AGRyM1ugoFsXbIsvHAY4e3glG1StpkkVqcOeG3bENzDrg7iQCCncraf7HAad3cfw5cifLsa249rS+PccNvZgunajq30=
X-Received: by 2002:a81:f12:0:b0:31c:d032:b79 with SMTP id 18-20020a810f12000000b0031cd0320b79mr4477127ywp.406.1657051890152;
 Tue, 05 Jul 2022 13:11:30 -0700 (PDT)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
References: <20220621181959.920941-1-concord@gentoo.org> <84e99a74d64f0d9dd326af0f2c54b9d5717b2f8d.camel@gentoo.org>
 <9317f3aa1815d9ef219625794c06a8fb3057d707.camel@gentoo.org>
 <20220627183531.palnmdpvgzf44ssk@fuuko> <CAJ0EP410KN6BhtiiTWfd99pX4748zCS32DUNR5Fu8nM95LL_XA@mail.gmail.com>
 <ad8216d449752f138aebd07213f53648397b6610.camel@gentoo.org>
 <CAJ0EP42q3TV5AeN42A5FdS7nG9c8wfx2rUwprX1pFxF659mR1A@mail.gmail.com>
 <7311bbf9de54e3fb08953a40a9cd03df61f4dd00.camel@gentoo.org>
 <CAJ0EP4331QT12w=CQiscubEo9Z=Ma9CH7RyvrGJjhCeY7w+Y_Q@mail.gmail.com>
 <0f4a80cb6ee817dc015c1791960df032ae528ea4.camel@gentoo.org> <3e82436e9883431e59daf011b60deaffae1a3268.camel@gentoo.org>
In-Reply-To: <3e82436e9883431e59daf011b60deaffae1a3268.camel@gentoo.org>
From: Mike Gilbert <floppym@gentoo.org>
Date: Tue, 5 Jul 2022 16:11:18 -0400
X-Gmail-Original-Message-ID: <CAJ0EP40XwpPS2gMo7cMa+d962+ntoLsLN2Y-Fp+4L1MeshNYfg@mail.gmail.com>
Message-ID: <CAJ0EP40XwpPS2gMo7cMa+d962+ntoLsLN2Y-Fp+4L1MeshNYfg@mail.gmail.com>
Subject: Re: [gentoo-dev] [PATCH] linux-mod.eclass: support module signing
To: Gentoo Dev <gentoo-dev@lists.gentoo.org>
Content-Type: text/plain; charset="UTF-8"
X-Archives-Salt: 3eaea6db-0a4c-4e49-8dbd-880a2e31bc56
X-Archives-Hash: e7e209a5cdb145d1cacf30eb7f02fbcf

On Tue, Jul 5, 2022 at 3:02 PM Georgy Yakovlev <gyakovlev@gentoo.org> wrote:
>
> ...snip
> >
> > > In that case, I think the only viable way to make this work is to
> > > disable automatic stripping and handle stripping via custom code in
> > > the ebuild/eclass.
> > >
> > might work indeed if we do something like (pseudo-bash)
> >
> > if [[ module_sign == yes ]]; then
> >     dostrip -x /lib/modules # to stop portage stripping .ko objects
> >     manual-strip-respecting-features-nostrip -r /lib/modules
> >     sign-all-modules -r /lib/modules
> > fi
> > [[ compress_modules == yes ]] && compress-modules -r /lib/modules
> >
> >
> > this will equire eapi-bumping couple of packages
> > https://qa-reports.gentoo.org/output/eapi-per-eclass/linux-mod.eclass/6.txt
> > and restricting linux-mod.eclass to eapi7 or later.
> >
> >
> >
> started playing with my old code and got blocked right away:
>
> looks like dostrip just creates a list of files/directories to strip
> and processed at the very end of install phase.
>
> so skipping strip and doing manual one might be problematic.
> internally portage uses estrip
> https://github.com/gentoo/portage/blob/master/bin/estrip
> which contains quite a lot of logic and code and I don't think
> partially re-implementing this in eclass code is appropriate.
>

Looking at the kernel build system, it looks like modules don't get
stripped by default anyway: you have to explicitly pass
INSTALL_MOD_STRIP=1 to make modules_install.

I don't think it would be a major problem to just disable stripping
entirely for out-of-tree modules when module signing is enabled.

Alternatively, forget about trying to reimplement estrip and just
strip the files by calling ${STRIP} --strip-debug, as is done in
scripts/Makefile.modinst in the kernel sources. That will conflict
with FEATURES=splitdebug, but I doubt that's very useful for kernel
developers anyway.