commit: fa77d52a7ff39464c50707ca024725deab08b534
Author: Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org>
AuthorDate: Sun Jul 21 15:44:32 2024 +0000
Commit: Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org>
CommitDate: Sun Jul 21 15:45:23 2024 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa77d52a
kernel-build.eclass: support unset MODULES_SIGN_{CERT,KEY}
the kernel build system generates a key if not set, so don't check anything
if the key is unset
Signed-off-by: Andrew Ammerlaan <andrewammerlaan <AT> gentoo.org>
eclass/kernel-build.eclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index cbc80bddf6f7..be0256c21102 100644
--- a/eclass/kernel-build.eclass
+++ b/eclass/kernel-build.eclass
@@ -134,7 +134,7 @@ kernel-build_pkg_setup() {
if [[ ${KERNEL_IUSE_MODULES_SIGN} && ${MERGE_TYPE} != binary ]]; then
secureboot_pkg_setup
- if use modules-sign; then
+ if use modules-sign && [[ -n ${MODULES_SIGN_KEY} ]]; then
# Sanity check: fail early if key/cert in DER format or
does not exist
local openssl_args=(
-noout -nocert
@@ -155,7 +155,7 @@ kernel-build_pkg_setup() {
die "Kernel module signing certificate or key
not found or not PEM format."
if [[ ${MODULES_SIGN_KEY} != pkcs11:* ]]; then
- if [[ ${MODULES_SIGN_CERT} !=
${MODULES_SIGN_KEY} ]]; then
+ if [[ -n ${MODULES_SIGN_CERT} &&
${MODULES_SIGN_CERT} != ${MODULES_SIGN_KEY} ]]; then
MODULES_SIGN_KEY_CONTENTS="$(cat
"${MODULES_SIGN_CERT}" "${MODULES_SIGN_KEY}" || die)"
else
MODULES_SIGN_KEY_CONTENTS="$(<
"${MODULES_SIGN_KEY}")"
