summaryrefslogtreecommitdiff
path: root/eclass
diff options
context:
space:
mode:
Diffstat (limited to 'eclass')
-rw-r--r--eclass/Manifest.gzbin38319 -> 38315 bytes
-rw-r--r--eclass/kernel-build.eclass21
2 files changed, 20 insertions, 1 deletions
diff --git a/eclass/Manifest.gz b/eclass/Manifest.gz
index e94a11d3b679..aced42fd435d 100644
--- a/eclass/Manifest.gz
+++ b/eclass/Manifest.gz
Binary files differ
diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index 49462df7d518..d498dd2e705b 100644
--- a/eclass/kernel-build.eclass
+++ b/eclass/kernel-build.eclass
@@ -57,7 +57,8 @@ IUSE="+strip"
# @DESCRIPTION:
# If set to a non-null value, adds IUSE=modules-sign and required
# logic to manipulate the kernel config while respecting the
-# MODULES_SIGN_HASH and MODULES_SIGN_KEY user variables.
+# MODULES_SIGN_HASH, MODULES_SIGN_CERT, and MODULES_SIGN_KEY user
+# variables.
# @ECLASS_VARIABLE: MODULES_SIGN_HASH
# @USER_VARIABLE
@@ -89,9 +90,20 @@ IUSE="+strip"
#
# Default if unset: certs/signing_key.pem
+# @ECLASS_VARIABLE: MODULES_SIGN_CERT
+# @USER_VARIABLE
+# @DEFAULT_UNSET
+# @DESCRIPTION:
+# Used with USE=modules-sign. Can be set to the path of the public
+# key in PEM format to use. Must be specified if MODULES_SIGN_KEY
+# is set to a path of a file that only contains the private key.
+
if [[ ${KERNEL_IUSE_MODULES_SIGN} ]]; then
IUSE+=" modules-sign"
REQUIRED_USE="secureboot? ( modules-sign )"
+ BDEPEND+="
+ modules-sign? ( dev-libs/openssl )
+ "
fi
# @FUNCTION: kernel-build_pkg_setup
@@ -402,6 +414,13 @@ kernel-build_merge_configs() {
CONFIG_MODULE_SIG_FORCE=y
CONFIG_MODULE_SIG_${MODULES_SIGN_HASH^^}=y
EOF
+ if [[ -e ${MODULES_SIGN_KEY} && -e ${MODULES_SIGN_CERT} &&
+ ${MODULES_SIGN_KEY} != ${MODULES_SIGN_CERT} &&
+ ${MODULES_SIGN_KEY} != pkcs11:* ]]
+ then
+ cat "${MODULES_SIGN_CERT}" "${MODULES_SIGN_KEY}" > "${T}/kernel_key.pem" || die
+ MODULES_SIGN_KEY="${T}/kernel_key.pem"
+ fi
if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -e ${MODULES_SIGN_KEY} ]]; then
echo "CONFIG_MODULE_SIG_KEY=\"${MODULES_SIGN_KEY}\"" \
>> "${WORKDIR}/modules-sign.config"