Gentoo Archives: gentoo-dev

From: Mike Gilbert <floppym@g.o>
To: Gentoo Dev <gentoo-dev@l.g.o>
Subject: Re: [gentoo-dev] [PATCH] linux-mod.eclass: support module signing
Date: Mon, 27 Jun 2022 18:56:27
Message-Id: CAJ0EP410KN6BhtiiTWfd99pX4748zCS32DUNR5Fu8nM95LL_XA@mail.gmail.com
In Reply to: Re: [gentoo-dev] [PATCH] linux-mod.eclass: support module signing by Kenton Groombridge
1 On Mon, Jun 27, 2022 at 2:35 PM Kenton Groombridge <concord@g.o> wrote:
2 > > so looks like we need to combine both methods and do the following:
3 > > - if signing requested without compression - sign in pkg_preinst.
4 > > - if signing requested with compression - sign in src_install
5 > >
6 >
7 > Why can't we do both in pkg_preinst? I am thinking it would be best if
8 > we drop the current compression implementation and rework your old code
9 > to handle both compression and signing since the signing code is more or
10 > less already complete.
11
12 Signing modules in pkg_preinst seems like a bad idea to me. That means
13 you need to copy your private keys around to every host where the
14 package might be installed.
15
16 If you sign in src_compile or src_install, you only need private keys
17 on the system building your binpkg.

Replies