commit: 09a8adc582e55ffc4521376c17ee8ad745a1fda0 Author: Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org> AuthorDate: Thu Jun 15 09:50:10 2023 +0000 Commit: Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org> CommitDate: Tue Jun 20 18:57:33 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=09a8adc5
kernel-build.eclass: add IUSE="strip", install generated keys - Let the kernel build system handle stripping of the modules. This is necessary for successfully signing and compressing modules. Inspired by linux-mod-r1.eclass. - If the build system has generated keys or certificates, install them. This is required to successfully sign external kernel modules. Closes: https://bugs.gentoo.org/814344 Closes: https://bugs.gentoo.org/881651 Signed-off-by: Andrew Ammerlaan <andrewammerlaan <AT> gentoo.org> eclass/kernel-build.eclass | 26 +++++++++++++++++++++++--- 1 file changed, 23 insertions(+), 3 deletions(-) diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass index 020557497ddc..c6f3ebeca962 100644 --- a/eclass/kernel-build.eclass +++ b/eclass/kernel-build.eclass @@ -1,4 +1,4 @@ -# Copyright 2020-2022 Gentoo Authors +# Copyright 2020-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 # @ECLASS: kernel-build.eclass @@ -41,6 +41,8 @@ BDEPEND=" app-alternatives/yacc " +IUSE="+strip" + # @FUNCTION: kernel-build_src_configure # @DESCRIPTION: # Prepare the toolchain for building the kernel, get the default .config @@ -83,7 +85,7 @@ kernel-build_src_configure() { LD="${LD}" AR="$(tc-getAR)" NM="$(tc-getNM)" - STRIP=":" + STRIP="$(tc-getSTRIP)" OBJCOPY="$(tc-getOBJCOPY)" OBJDUMP="$(tc-getOBJDUMP)" @@ -176,8 +178,18 @@ kernel-build_src_install() { targets+=( dtbs_install ) fi + # Use the kernel build system to strip, this ensures the modules + # are stripped *before* they are signed or compressed. + local strip_args + if use strip; then + strip_args="--strip-unneeded" + fi + # Modules were already stripped by the kernel build system + dostrip -x /lib/modules + emake O="${WORKDIR}"/build "${MAKEARGS[@]}" \ - INSTALL_MOD_PATH="${ED}" INSTALL_PATH="${ED}/boot" "${targets[@]}" + INSTALL_MOD_PATH="${ED}" INSTALL_MOD_STRIP="${strip_args}" \ + INSTALL_PATH="${ED}/boot" "${targets[@]}" # note: we're using mv rather than doins to save space and time # install main and arch-specific headers first, and scripts @@ -217,6 +229,14 @@ kernel-build_src_install() { local image_path=$(dist-kernel_get_image_path) cp -p "build/${image_path}" "${ED}${kernel_dir}/${image_path}" || die + # If a key was generated, copy it so external modules can be signed + local suffix + for suffix in pem x509; do + if [[ -f "build/certs/signing_key.${suffix}" ]]; then + cp -p "build/certs/signing_key.${suffix}" "${ED}${kernel_dir}/certs" || die + fi + done + # building modules fails with 'vmlinux has no symtab?' if stripped use ppc64 && dostrip -x "${kernel_dir}/${image_path}"
