On Friday, September 21, 2018 3:59:26 PM PDT Chí-Thanh Christopher Nguyễn
wrote:
> Alexander Tsoy schrieb:
> >> + sign_binary_path="${KV_OUT_DIR}/scripts/sign-file"
> >
> > Yet another way to screw up modules building. It relies on some binary
> > in the kernel build dir that may break after
On Friday, September 21, 2018 5:58:00 AM PDT Alexander Tsoy wrote:
> В Чт, 20/09/2018 в 22:13 -0700, Georgy Yakovlev пишет:
> > ->%---
> > @@ -144,13 +158,16 @@ esac
> >
> > 0) die "EAPI=${EAPI} is not supported with
> >
> > MODULES_OPTIONAL_USE_IUSE_DEFAULT
Alexander Tsoy schrieb:
+ sign_binary_path="${KV_OUT_DIR}/scripts/sign-file"
Yet another way to screw up modules building. It relies on some binary
in the kernel build dir that may break after openssl update (e.g.
soname change).
Maybe the sign-file application could be packaged, for
В Чт, 20/09/2018 в 22:13 -0700, Georgy Yakovlev пишет:
> ->%---
> @@ -144,13 +158,16 @@ esac
> 0) die "EAPI=${EAPI} is not supported with
> MODULES_OPTIONAL_USE_IUSE_DEFAULT due to lack of IUSE defaults" ;;
> esac
>
> -IUSE="kernel_linux
>
This commit adds some eclass variables and private functions
and a new global useflag.
Example config, part of make.conf
USE="... module-sign ..."
KERNEL_MODULE_SIG_KEY="/secure/location/kernel.pem"
And possible kernel options:
CONFIG_MODULE_SIG=y
CONFIG_MODULE_SIG_FORCE=y
