1. Forum
  2. Usenet
  3. LINUX.GENTOO.DEV

  • Re: [gentoo-dev] [PATCH 1/2] kernel-build.eclass: sign the kernel image

    From Andrew Ammerlaan@21:1/5 to All on Sat Aug 26 21:50:02 2023
    If we are not using UKIs we don't have to do anything since the kernel image was already signed in kernel-build.eclass.

    Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
    ---
    eclass/dist-kernel-utils.eclass | 8 ++++----
    1 file changed, 4 insertions(+), 4 deletions(-)

    diff --git a/eclass/dist-kernel-utils.eclass
    b/eclass/dist-kernel-utils.eclass
    index 6903183b6efb3..2a257a7b6dc8b 100644
    --- a/eclass/dist-kernel-utils.eclass
    +++ b/eclass/dist-kernel-utils.eclass
    @@ -131,11 +131,11 @@ dist-kernel_install_kernel() {
    done
    shopt -u nullglob
    export KERNEL_INSTALL_PLUGINS="${KERNEL_INSTALL_PLUGINS} ${plugins[@]}"
    - fi

    - if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then
    - # Kernel-install requires uki's are named uki.efi, sign in-place
    - secureboot_sign_efi_file "${image}" "${image}"
    + if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then
    + # Ensure the uki is signed if dracut hasn't already done so.
    + secureboot_sign_efi_file "${image}" "${image}"
    + fi
    fi

    ebegin "Installing the kernel via installkernel"

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrew Ammerlaan@21:1/5 to All on Sun Aug 27 21:40:02 2023
    From 1a1062e142cf654b43790d2a211e3d447feb055c Mon Sep 17 00:00:00 2001
    From: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
    Date: Sat, 26 Aug 2023 21:32:07 +0200
    Subject: [PATCH] dist-kernel-utils.eclass: only sign image if it is a UKI

    If we are not using UKIs we don't have to do anything since the kernel image was already signed in kernel-build.eclass.

    Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
    ---
    eclass/dist-kernel-utils.eclass | 8 ++++----
    1 file changed, 4 insertions(+), 4 deletions(-)

    diff --git a/eclass/dist-kernel-utils.eclass
    b/eclass/dist-kernel-utils.eclass
    index 6903183b6efb3..b2e9df6746e35 100644
    --- a/eclass/dist-kernel-utils.eclass
    +++ b/eclass/dist-kernel-utils.eclass
    @@ -131,11 +131,11 @@ dist-kernel_install_kernel() {
    done
    shopt -u nullglob
    export KERNEL_INSTALL_PLUGINS="${KERNEL_INSTALL_PLUGINS} ${plugins[@]}"
    - fi

    - if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then
    - # Kernel-install requires uki's are named uki.efi, sign in-place
    - secureboot_sign_efi_file "${image}" "${image}"
    + if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then
    + # Ensure the uki is signed if dracut hasn't already done so.
    + secureboot_sign_efi_file "${image}"
    + fi
    fi

    ebegin "Installing the kernel via installkernel"

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)