diff options
author | Andrew Ammerlaan <andrewammerlaan@gentoo.org> | 2023-06-15 11:50:10 +0200 |
---|---|---|
committer | Andrew Ammerlaan <andrewammerlaan@gentoo.org> | 2023-06-20 20:57:33 +0200 |
commit | 09a8adc582e55ffc4521376c17ee8ad745a1fda0 (patch) | |
tree | d79a51a8c3cc07ab99ce7ec0aa656af1af358222 | |
parent | dev-lang/python: Bump to 3.12.0_beta3 (diff) | |
download | gentoo-09a8adc582e55ffc4521376c17ee8ad745a1fda0.tar.gz gentoo-09a8adc582e55ffc4521376c17ee8ad745a1fda0.tar.bz2 gentoo-09a8adc582e55ffc4521376c17ee8ad745a1fda0.zip |
kernel-build.eclass: add IUSE="strip", install generated keys
- Let the kernel build system handle stripping of the modules.
This is necessary for successfully signing and compressing modules.
Inspired by linux-mod-r1.eclass.
- If the build system has generated keys or certificates, install them.
This is required to successfully sign external kernel modules.
Closes: https://bugs.gentoo.org/814344
Closes: https://bugs.gentoo.org/881651
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
-rw-r--r-- | eclass/kernel-build.eclass | 26 |
1 files changed, 23 insertions, 3 deletions
diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass index 020557497ddc..c6f3ebeca962 100644 --- a/eclass/kernel-build.eclass +++ b/eclass/kernel-build.eclass @@ -1,4 +1,4 @@ -# Copyright 2020-2022 Gentoo Authors +# Copyright 2020-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # @ECLASS: kernel-build.eclass @@ -41,6 +41,8 @@ BDEPEND=" app-alternatives/yacc " +IUSE="+strip" + # @FUNCTION: kernel-build_src_configure # @DESCRIPTION: # Prepare the toolchain for building the kernel, get the default .config @@ -83,7 +85,7 @@ kernel-build_src_configure() { LD="${LD}" AR="$(tc-getAR)" NM="$(tc-getNM)" - STRIP=":" + STRIP="$(tc-getSTRIP)" OBJCOPY="$(tc-getOBJCOPY)" OBJDUMP="$(tc-getOBJDUMP)" @@ -176,8 +178,18 @@ kernel-build_src_install() { targets+=( dtbs_install ) fi + # Use the kernel build system to strip, this ensures the modules + # are stripped *before* they are signed or compressed. + local strip_args + if use strip; then + strip_args="--strip-unneeded" + fi + # Modules were already stripped by the kernel build system + dostrip -x /lib/modules + emake O="${WORKDIR}"/build "${MAKEARGS[@]}" \ - INSTALL_MOD_PATH="${ED}" INSTALL_PATH="${ED}/boot" "${targets[@]}" + INSTALL_MOD_PATH="${ED}" INSTALL_MOD_STRIP="${strip_args}" \ + INSTALL_PATH="${ED}/boot" "${targets[@]}" # note: we're using mv rather than doins to save space and time # install main and arch-specific headers first, and scripts @@ -217,6 +229,14 @@ kernel-build_src_install() { local image_path=$(dist-kernel_get_image_path) cp -p "build/${image_path}" "${ED}${kernel_dir}/${image_path}" || die + # If a key was generated, copy it so external modules can be signed + local suffix + for suffix in pem x509; do + if [[ -f "build/certs/signing_key.${suffix}" ]]; then + cp -p "build/certs/signing_key.${suffix}" "${ED}${kernel_dir}/certs" || die + fi + done + # building modules fails with 'vmlinux has no symtab?' if stripped use ppc64 && dostrip -x "${kernel_dir}/${image_path}" |