From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 9497D158042 for ; Tue, 12 Nov 2024 08:09:23 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id DD234E07EC; Tue, 12 Nov 2024 08:09:22 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id C6B11E07EC for ; Tue, 12 Nov 2024 08:09:22 +0000 (UTC) Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 122B9340BE0 for ; Tue, 12 Nov 2024 08:09:22 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 770C716D2 for ; Tue, 12 Nov 2024 08:09:20 +0000 (UTC) From: "Andrew Ammerlaan" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "Andrew Ammerlaan" Message-ID: <1731398951.3d37ab7f493f626e059cd24b8de8b722ba53b30a.andrewammerlaan@gentoo> Subject: [gentoo-commits] repo/gentoo:master commit in: eclass/ X-VCS-Repository: repo/gentoo X-VCS-Files: eclass/kernel-build.eclass X-VCS-Directories: eclass/ X-VCS-Committer: andrewammerlaan X-VCS-Committer-Name: Andrew Ammerlaan X-VCS-Revision: 3d37ab7f493f626e059cd24b8de8b722ba53b30a X-VCS-Branch: master Date: Tue, 12 Nov 2024 08:09:20 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 56ae58d6-7f60-4b8d-86b4-92bc0098ae4f X-Archives-Hash: e20c76a5cd6875b99dfb7e16b7108a19 commit: 3d37ab7f493f626e059cd24b8de8b722ba53b30a Author: Nowa Ammerlaan gentoo org> AuthorDate: Tue Nov 12 08:06:27 2024 +0000 Commit: Andrew Ammerlaan gentoo org> CommitDate: Tue Nov 12 08:09:11 2024 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3d37ab7f kernel-build.eclass: install x509.genkey and everything else in certs/ Users setting up kernel module signing are instructed by our and upstream documentation to use the kernels x509.genkey config file. This ensures that a supported key is generated. However, in the current situation users will first have to emerge gentoo-sources or similar to actually get this genkey file. This is inconvenient so lets just install the genkey config file in our dist-kernels. There are also some other tools, scripts, and lists that may be useful, so while we are changing this anyway lets just install all of those as well and in the process simplify the code. Signed-off-by: Nowa Ammerlaan gentoo.org> eclass/kernel-build.eclass | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass index 4a2af9845ad4..9d33aef92691 100644 --- a/eclass/kernel-build.eclass +++ b/eclass/kernel-build.eclass @@ -397,7 +397,7 @@ kernel-build_src_install() { fi dodir "${kernel_dir}/arch/${kern_arch}" - mv include scripts "${ED}${kernel_dir}/" || die + mv certs include scripts "${ED}${kernel_dir}/" || die mv "arch/${kern_arch}/include" \ "${ED}${kernel_dir}/arch/${kern_arch}/" || die # some arches need module.lds linker script to build external modules @@ -438,13 +438,8 @@ kernel-build_src_install() { local image=${ED}${kernel_dir}/${image_path} cp -p "build/${image_path}" "${image}" || die - # If a key was generated, copy it so external modules can be signed - local suffix - for suffix in pem x509; do - if [[ -f "build/certs/signing_key.${suffix}" ]]; then - cp -p "build/certs/signing_key.${suffix}" "${ED}${kernel_dir}/certs" || die - fi - done + # Copy built key/certificate files + cp -p build/certs/* "${ED}${kernel_dir}/certs/" || die # building modules fails with 'vmlinux has no symtab?' if stripped use ppc64 && dostrip -x "${kernel_dir}/${image_path}"