summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Ammerlaan <andrewammerlaan@gentoo.org>2023-06-15 11:50:10 +0200
committerAndrew Ammerlaan <andrewammerlaan@gentoo.org>2023-06-20 20:57:33 +0200
commit09a8adc582e55ffc4521376c17ee8ad745a1fda0 (patch)
treed79a51a8c3cc07ab99ce7ec0aa656af1af358222
parentdev-lang/python: Bump to 3.12.0_beta3 (diff)
downloadgentoo-09a8adc582e55ffc4521376c17ee8ad745a1fda0.tar.gz
gentoo-09a8adc582e55ffc4521376c17ee8ad745a1fda0.tar.bz2
gentoo-09a8adc582e55ffc4521376c17ee8ad745a1fda0.zip
kernel-build.eclass: add IUSE="strip", install generated keys
- Let the kernel build system handle stripping of the modules. This is necessary for successfully signing and compressing modules. Inspired by linux-mod-r1.eclass. - If the build system has generated keys or certificates, install them. This is required to successfully sign external kernel modules. Closes: https://bugs.gentoo.org/814344 Closes: https://bugs.gentoo.org/881651 Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
-rw-r--r--eclass/kernel-build.eclass26
1 files changed, 23 insertions, 3 deletions
diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index 020557497ddc..c6f3ebeca962 100644
--- a/eclass/kernel-build.eclass
+++ b/eclass/kernel-build.eclass
@@ -1,4 +1,4 @@
-# Copyright 2020-2022 Gentoo Authors
+# Copyright 2020-2023 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# @ECLASS: kernel-build.eclass
@@ -41,6 +41,8 @@ BDEPEND="
app-alternatives/yacc
"
+IUSE="+strip"
+
# @FUNCTION: kernel-build_src_configure
# @DESCRIPTION:
# Prepare the toolchain for building the kernel, get the default .config
@@ -83,7 +85,7 @@ kernel-build_src_configure() {
LD="${LD}"
AR="$(tc-getAR)"
NM="$(tc-getNM)"
- STRIP=":"
+ STRIP="$(tc-getSTRIP)"
OBJCOPY="$(tc-getOBJCOPY)"
OBJDUMP="$(tc-getOBJDUMP)"
@@ -176,8 +178,18 @@ kernel-build_src_install() {
targets+=( dtbs_install )
fi
+ # Use the kernel build system to strip, this ensures the modules
+ # are stripped *before* they are signed or compressed.
+ local strip_args
+ if use strip; then
+ strip_args="--strip-unneeded"
+ fi
+ # Modules were already stripped by the kernel build system
+ dostrip -x /lib/modules
+
emake O="${WORKDIR}"/build "${MAKEARGS[@]}" \
- INSTALL_MOD_PATH="${ED}" INSTALL_PATH="${ED}/boot" "${targets[@]}"
+ INSTALL_MOD_PATH="${ED}" INSTALL_MOD_STRIP="${strip_args}" \
+ INSTALL_PATH="${ED}/boot" "${targets[@]}"
# note: we're using mv rather than doins to save space and time
# install main and arch-specific headers first, and scripts
@@ -217,6 +229,14 @@ kernel-build_src_install() {
local image_path=$(dist-kernel_get_image_path)
cp -p "build/${image_path}" "${ED}${kernel_dir}/${image_path}" || die
+ # If a key was generated, copy it so external modules can be signed
+ local suffix
+ for suffix in pem x509; do
+ if [[ -f "build/certs/signing_key.${suffix}" ]]; then
+ cp -p "build/certs/signing_key.${suffix}" "${ED}${kernel_dir}/certs" || die
+ fi
+ done
+
# building modules fails with 'vmlinux has no symtab?' if stripped
use ppc64 && dostrip -x "${kernel_dir}/${image_path}"