[gentoo-commits] repo/gentoo:master commit in: eclass/

Sun, 26 Nov 2023 10:51:26 -0800 

commit:     9f509fcc88e163559bcfd0787595189d4c2f6c0c
Author:     Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org>
AuthorDate: Sun Nov 26 18:48:46 2023 +0000
Commit:     Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org>
CommitDate: Sun Nov 26 18:50:37 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f509fcc

Revert "kernel-build.eclass: copy module signing key to tempdir in pkg_setup"

reverted at mgorny's request, apparently we can't hardcode the portage user.

This reverts commit d03c14cd4be8665830082f424e4443906b005c7e.

Signed-off-by: Andrew Ammerlaan <andrewammerlaan <AT> gentoo.org>

 eclass/kernel-build.eclass | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index 6f18bc1dc969..4f7e4d047739 100644
--- a/eclass/kernel-build.eclass
+++ b/eclass/kernel-build.eclass
@@ -114,16 +114,6 @@ kernel-build_pkg_setup() {
        python-any-r1_pkg_setup
        if [[ ${KERNEL_IUSE_MODULES_SIGN} ]]; then
                secureboot_pkg_setup
-               if [[ -e ${MODULES_SIGN_KEY} && ${MODULES_SIGN_KEY} != pkcs11:* 
]]; then
-                       if [[ -e ${MODULES_SIGN_CERT} && ${MODULES_SIGN_CERT} 
!= ${MODULES_SIGN_KEY} ]]; then
-                               cat "${MODULES_SIGN_CERT}" 
"${MODULES_SIGN_KEY}" > "${T}/kernel_key.pem" || die
-                       else
-                               cp "${MODULES_SIGN_KEY}" "${T}/kernel_key.pem" 
|| die
-                       fi
-                       chown portage:portage "${T}/kernel_key.pem" || die
-                       chmod 0400 "${T}/kernel_key.pem" || die
-                       export MODULES_SIGN_KEY="${T}/kernel_key.pem"
-               fi
        fi
 }
 
@@ -437,6 +427,13 @@ kernel-build_merge_configs() {
                                CONFIG_MODULE_SIG_FORCE=y
                                CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}=y
                        EOF
+                       if [[ -e ${MODULES_SIGN_KEY} && -e ${MODULES_SIGN_CERT} 
&&
+                               ${MODULES_SIGN_KEY} != ${MODULES_SIGN_CERT} &&
+                               ${MODULES_SIGN_KEY} != pkcs11:* ]]
+                       then
+                               cat "${MODULES_SIGN_CERT}" 
"${MODULES_SIGN_KEY}" > "${T}/kernel_key.pem" || die
+                               MODULES_SIGN_KEY="${T}/kernel_key.pem"
+                       fi
                        if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -r 
${MODULES_SIGN_KEY} ]]; then
                                echo 
"CONFIG_MODULE_SIG_KEY=\"${MODULES_SIGN_KEY}\"" \
                                        >> "${WORKDIR}/modules-sign.config"

Reply via email to