[gentoo-commits] repo/gentoo:master commit in: eclass/

Sun, 25 Aug 2024 08:37:20 -0700 

commit:     0dd42ac730fd855166651d81e3f3d0db671e7328
Author:     Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org>
AuthorDate: Sun Aug 25 15:08:55 2024 +0000
Commit:     Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org>
CommitDate: Sun Aug 25 15:36:53 2024 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0dd42ac7

kernel-build.eclass: fix module signing with unspecified key

MODULES_SIGN_KEY may be unset when using USE=modules-sign. Fix an issue
introduced in e290c3c78b7acb59393f46d1d15175d6dbfc77da that breaks this
configuration due to modules-sign-key.config not existing.

Signed-off-by: Andrew Ammerlaan <andrewammerlaan <AT> gentoo.org>
Closes: https://github.com/gentoo/gentoo/pull/38287
Signed-off-by: Andrew Ammerlaan <andrewammerlaan <AT> gentoo.org>

 eclass/kernel-build.eclass | 26 +++++++++++++-------------
 1 file changed, 13 insertions(+), 13 deletions(-)

diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index 6406f5b3c0f3..be02920162f4 100644
--- a/eclass/kernel-build.eclass
+++ b/eclass/kernel-build.eclass
@@ -625,18 +625,6 @@ kernel-build_merge_configs() {
                        CONFIG_MODULE_SIG_FORCE=y
                        CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}=y
                EOF
-               if [[ -n ${MODULES_SIGN_KEY_CONTENTS} ]]; then
-                       (umask 066 && touch "${T}/kernel_key.pem" || die)
-                       echo "${MODULES_SIGN_KEY_CONTENTS}" > 
"${T}/kernel_key.pem" || die
-                       unset MODULES_SIGN_KEY_CONTENTS
-                       export MODULES_SIGN_KEY="${T}/kernel_key.pem"
-               fi
-               if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -r ${MODULES_SIGN_KEY} 
]]; then
-                       echo "CONFIG_MODULE_SIG_KEY=\"${MODULES_SIGN_KEY}\"" \
-                               >> "${WORKDIR}/modules-sign-key.config"
-               elif [[ -n ${MODULES_SIGN_KEY} ]]; then
-                       die "MODULES_SIGN_KEY=${MODULES_SIGN_KEY} not found or 
not readable!"
-               fi
                merge_configs+=( "${WORKDIR}/modules-sign.config" )
        fi
 
@@ -657,7 +645,19 @@ kernel-build_merge_configs() {
        fi
 
        if [[ ${KERNEL_IUSE_MODULES_SIGN} ]] && use modules-sign; then
-               merge_configs+=( "${WORKDIR}/modules-sign-key.config" )
+               if [[ -n ${MODULES_SIGN_KEY_CONTENTS} ]]; then
+                       (umask 066 && touch "${T}/kernel_key.pem" || die)
+                       echo "${MODULES_SIGN_KEY_CONTENTS}" > 
"${T}/kernel_key.pem" || die
+                       unset MODULES_SIGN_KEY_CONTENTS
+                       export MODULES_SIGN_KEY="${T}/kernel_key.pem"
+               fi
+               if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -r ${MODULES_SIGN_KEY} 
]]; then
+                       echo "CONFIG_MODULE_SIG_KEY=\"${MODULES_SIGN_KEY}\"" \
+                               >> "${WORKDIR}/modules-sign-key.config"
+                       merge_configs+=( "${WORKDIR}/modules-sign-key.config" )
+               elif [[ -n ${MODULES_SIGN_KEY} ]]; then
+                       die "MODULES_SIGN_KEY=${MODULES_SIGN_KEY} not found or 
not readable!"
+               fi
        fi
 
        if [[ ${#user_configs[@]} -gt 0 ]]; then

Reply via email to