commit: 5b526a23565920557fcfaae55ed79c4392e712c0 Author: Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org> AuthorDate: Sat Aug 26 18:03:16 2023 +0000 Commit: Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org> CommitDate: Sun Aug 27 18:04:31 2023 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5b526a23
kernel-install.eclass: enforce signed modules in test with USE=modules-sign This only has effect when building the gpkg for gentoo-kernel-bin which overrides CONFIG_MODULE_SIG_FORCE. To ensure that the module signing was successful we instruct the kernel to reject modules with an invalid signature. This has no effect on other kernel packages which already have CONFIG_MODULE_SIG_FORCE=y. Signed-off-by: Andrew Ammerlaan <andrewammerlaan <AT> gentoo.org> Closes: https://github.com/gentoo/gentoo/pull/32463 Signed-off-by: Andrew Ammerlaan <andrewammerlaan <AT> gentoo.org> eclass/kernel-install.eclass | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/eclass/kernel-install.eclass b/eclass/kernel-install.eclass index 62fbb1dab049..c1b9798a9ff9 100644 --- a/eclass/kernel-install.eclass +++ b/eclass/kernel-install.eclass @@ -301,6 +301,10 @@ kernel-install_test() { ;; esac + if [[ ${KERNEL_IUSE_MODULES_SIGN} ]]; then + use modules-sign && qemu_extra_append+=" module.sig_enforce=1" + fi + cat > run.sh <<-EOF || die #!/bin/sh exec qemu-system-${qemu_arch} \
