diff options
author | Violet Purcell <vimproved@inventati.org> | 2023-11-16 12:23:16 -0500 |
---|---|---|
committer | Andrew Ammerlaan <andrewammerlaan@gentoo.org> | 2023-11-26 09:06:24 +0100 |
commit | d03c14cd4be8665830082f424e4443906b005c7e (patch) | |
tree | a9456b42c4c3b34553d66d1ac2bac3f0c373746a | |
parent | gui-wm/hyprland: Expand on comments (diff) | |
download | gentoo-d03c14cd4be8665830082f424e4443906b005c7e.tar.gz gentoo-d03c14cd4be8665830082f424e4443906b005c7e.tar.bz2 gentoo-d03c14cd4be8665830082f424e4443906b005c7e.zip |
kernel-build.eclass: copy module signing key to tempdir in pkg_setup
Previously, it was being copied in src_prepare, and thus would fail if
the signing key was not readable by portage:portage. This commit makes
kernel-build.eclass instead copy the signing key in pkg_setup, and then
correct the permissions.
Signed-off-by: Violet Purcell <vimproved@inventati.org>
Closes: https://github.com/gentoo/gentoo/pull/33850
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
-rw-r--r-- | eclass/kernel-build.eclass | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass index 4f7e4d047739..6f18bc1dc969 100644 --- a/eclass/kernel-build.eclass +++ b/eclass/kernel-build.eclass @@ -114,6 +114,16 @@ kernel-build_pkg_setup() { python-any-r1_pkg_setup if [[ ${KERNEL_IUSE_MODULES_SIGN} ]]; then secureboot_pkg_setup + if [[ -e ${MODULES_SIGN_KEY} && ${MODULES_SIGN_KEY} != pkcs11:* ]]; then + if [[ -e ${MODULES_SIGN_CERT} && ${MODULES_SIGN_CERT} != ${MODULES_SIGN_KEY} ]]; then + cat "${MODULES_SIGN_CERT}" "${MODULES_SIGN_KEY}" > "${T}/kernel_key.pem" || die + else + cp "${MODULES_SIGN_KEY}" "${T}/kernel_key.pem" || die + fi + chown portage:portage "${T}/kernel_key.pem" || die + chmod 0400 "${T}/kernel_key.pem" || die + export MODULES_SIGN_KEY="${T}/kernel_key.pem" + fi fi } @@ -427,13 +437,6 @@ kernel-build_merge_configs() { CONFIG_MODULE_SIG_FORCE=y CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}=y EOF - if [[ -e ${MODULES_SIGN_KEY} && -e ${MODULES_SIGN_CERT} && - ${MODULES_SIGN_KEY} != ${MODULES_SIGN_CERT} && - ${MODULES_SIGN_KEY} != pkcs11:* ]] - then - cat "${MODULES_SIGN_CERT}" "${MODULES_SIGN_KEY}" > "${T}/kernel_key.pem" || die - MODULES_SIGN_KEY="${T}/kernel_key.pem" - fi if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -r ${MODULES_SIGN_KEY} ]]; then echo "CONFIG_MODULE_SIG_KEY=\"${MODULES_SIGN_KEY}\"" \ >> "${WORKDIR}/modules-sign.config" |