commit: 9f509fcc88e163559bcfd0787595189d4c2f6c0c Author: Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org> AuthorDate: Sun Nov 26 18:48:46 2023 +0000 Commit: Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org> CommitDate: Sun Nov 26 18:50:37 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9f509fcc
Revert "kernel-build.eclass: copy module signing key to tempdir in pkg_setup" reverted at mgorny's request, apparently we can't hardcode the portage user. This reverts commit d03c14cd4be8665830082f424e4443906b005c7e. Signed-off-by: Andrew Ammerlaan <andrewammerlaan <AT> gentoo.org> eclass/kernel-build.eclass | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass index 6f18bc1dc969..4f7e4d047739 100644 --- a/eclass/kernel-build.eclass +++ b/eclass/kernel-build.eclass @@ -114,16 +114,6 @@ kernel-build_pkg_setup() { python-any-r1_pkg_setup if [[ ${KERNEL_IUSE_MODULES_SIGN} ]]; then secureboot_pkg_setup - if [[ -e ${MODULES_SIGN_KEY} && ${MODULES_SIGN_KEY} != pkcs11:* ]]; then - if [[ -e ${MODULES_SIGN_CERT} && ${MODULES_SIGN_CERT} != ${MODULES_SIGN_KEY} ]]; then - cat "${MODULES_SIGN_CERT}" "${MODULES_SIGN_KEY}" > "${T}/kernel_key.pem" || die - else - cp "${MODULES_SIGN_KEY}" "${T}/kernel_key.pem" || die - fi - chown portage:portage "${T}/kernel_key.pem" || die - chmod 0400 "${T}/kernel_key.pem" || die - export MODULES_SIGN_KEY="${T}/kernel_key.pem" - fi fi } @@ -437,6 +427,13 @@ kernel-build_merge_configs() { CONFIG_MODULE_SIG_FORCE=y CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}=y EOF + if [[ -e ${MODULES_SIGN_KEY} && -e ${MODULES_SIGN_CERT} && + ${MODULES_SIGN_KEY} != ${MODULES_SIGN_CERT} && + ${MODULES_SIGN_KEY} != pkcs11:* ]] + then + cat "${MODULES_SIGN_CERT}" "${MODULES_SIGN_KEY}" > "${T}/kernel_key.pem" || die + MODULES_SIGN_KEY="${T}/kernel_key.pem" + fi if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -r ${MODULES_SIGN_KEY} ]]; then echo "CONFIG_MODULE_SIG_KEY=\"${MODULES_SIGN_KEY}\"" \ >> "${WORKDIR}/modules-sign.config"