From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 37625158042 for ; Fri, 8 Nov 2024 12:00:15 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id E2D48E07D9; Fri, 8 Nov 2024 12:00:09 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id AB667E07BA for ; Fri, 8 Nov 2024 12:00:09 +0000 (UTC) From: Nowa Ammerlaan To: gentoo-dev@lists.gentoo.org Cc: Nowa Ammerlaan Subject: [gentoo-dev] [PATCH] kernel-build.eclass: install x509.genkey and everything else in certs/ Date: Fri, 8 Nov 2024 12:59:53 +0100 Message-ID: <20241108115953.1095247-1-andrewammerlaan@gentoo.org> X-Mailer: git-send-email 2.47.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Archives-Salt: 360b2a2b-f7f6-4dd9-8631-61a56ff6a6f7 X-Archives-Hash: c1d9544e2eb98218553586678f77ca45 Users setting up kernel module signing are instructed by our and upstream documentation to use the kernels x509.genkey config file. This ensures that a supported key is generated. However, in the current situation users will first have to emerge gentoo-sources or similar to actually get this genkey file. This is inconvenient so lets just install the genkey config file in our dist-kernels. There are also some other tools, scripts, and lists that may be useful, so while we are changing this anyway lets just install all of those as well and in the process simplify the code. Signed-off-by: Nowa Ammerlaan --- eclass/kernel-build.eclass | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass index 4a2af9845ad4..9d33aef92691 100644 --- a/eclass/kernel-build.eclass +++ b/eclass/kernel-build.eclass @@ -397,7 +397,7 @@ kernel-build_src_install() { fi dodir "${kernel_dir}/arch/${kern_arch}" - mv include scripts "${ED}${kernel_dir}/" || die + mv certs include scripts "${ED}${kernel_dir}/" || die mv "arch/${kern_arch}/include" \ "${ED}${kernel_dir}/arch/${kern_arch}/" || die # some arches need module.lds linker script to build external modules @@ -438,13 +438,8 @@ kernel-build_src_install() { local image=${ED}${kernel_dir}/${image_path} cp -p "build/${image_path}" "${image}" || die - # If a key was generated, copy it so external modules can be signed - local suffix - for suffix in pem x509; do - if [[ -f "build/certs/signing_key.${suffix}" ]]; then - cp -p "build/certs/signing_key.${suffix}" "${ED}${kernel_dir}/certs" || die - fi - done + # Copy built key/certificate files + cp -p build/certs/* "${ED}${kernel_dir}/certs/" || die # building modules fails with 'vmlinux has no symtab?' if stripped use ppc64 && dostrip -x "${kernel_dir}/${image_path}" -- 2.47.0