Gentoo Archives: gentoo-dev

From: Georgy Yakovlev <gyakovlev@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] [PATCH] linux-mod.eclass: support module signing
Date: Mon, 27 Jun 2022 21:25:24
Message-Id: a26ed78a58544ebed8d11340a37c4a91398e722f.camel@gentoo.org
In Reply to: Re: [gentoo-dev] [PATCH] linux-mod.eclass: support module signing by Kenton Groombridge
1 On Mon, 2022-06-27 at 16:02 -0400, Kenton Groombridge wrote:
2 > > > Why can't we do both in pkg_preinst? I am thinking it would be
3 > > > best
4 > > > if
5 > > > we drop the current compression implementation and rework your
6 > > > old
7 > > > code
8 > > > to handle both compression and signing since the signing code is
9 > > > more
10 > > > or
11 > > > less already complete.
12 > >
13 > > i'm not sure if sign-file can sign compressed modules.
14 >
15 > sign-file will not error when signing a compressed module, but the
16 > kernel will not be able to load it.
17
18 so we pretty much HAVE to strip->sign->compress, strictly in this
19 order. nothing else will work.
20
21 >
22 > > if we let kernel build handle compression - we have to sign prior
23 > > to
24 > > compression.
25 > > if we compress modules ourselves then yes, we could sign first
26 > > indeed.
27 > >
28 > > but preinst has it's own issues, you've already seen floppym's
29 > > remark.
30 > >