then it should be due to the additional headers.
Using the --dump-section argument instead resolves this problem.
See-also: https://github.com/llvm/llvm-project/issues/108946
Signed-off-by: Andrew Ammerlaan
Closes: https://github.com/gentoo/gentoo/pull/38643
Signed-off-by: Andrew Ammerlaan
Some config options (that we enable by default, e.g. CONFIG_CRYPTO_POLY1305)
cause perl scripts to be run during the build.
Closes: https://bugs.gentoo.org/930390
Signed-off-by: Andrew Ammerlaan
---
eclass/kernel-build.eclass | 1 +
1 file changed, 1 insertion(+)
diff --git a/eclass/kernel
kernel-build_merge_configs should always be called first nowadays
because it applies the savedconfig.
Signed-off-by: Andrew Ammerlaan
Closes: https://github.com/gentoo/gentoo/pull/38345
Signed-off-by: Andrew Ammerlaan
---
eclass/kernel-build.eclass | 7 +--
1 file changed, 5 insertions
MODULES_SIGN_KEY may be unset when using USE=modules-sign. Fix an issue
introduced in e290c3c78b7acb59393f46d1d15175d6dbfc77da that breaks this
configuration due to modules-sign-key.config not existing.
Signed-off-by: Andrew Ammerlaan
---
eclass/kernel-build.eclass | 26
. So instead just ensure that the tree of modules we install is
consistent here in the eclass.
Signed-off-by: Andrew Ammerlaan
---
eclass/kernel-install.eclass | 3 +++
1 file changed, 3 insertions(+)
diff --git a/eclass/kernel-install.eclass b/eclass/kernel-install.eclass
index 496e258815d2
The source symlink does not exist on all systems.
If we can't find any config at all then there will be no preferred suffix
which means we fall back to the old '-nt' based cleaning.
Closes: https://bugs.gentoo.org/937569
Signed-off-by: Andrew Ammerlaan
---
eclass/dist-kernel-ut
Signed-off-by: Andrew Ammerlaan
---
eclass/tests/dist-kernel-utils.sh | 59 +++
1 file changed, 59 insertions(+)
diff --git a/eclass/tests/dist-kernel-utils.sh
b/eclass/tests/dist-kernel-utils.sh
index 50ba001f8e9c..28c8f7213a53 100755
--- a/eclass/tests/dist-kernel
Signed-off-by: Andrew Ammerlaan
---
eclass/tests/tests-common.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/eclass/tests/tests-common.sh b/eclass/tests/tests-common.sh
index 45b1e20b933a..f4e18f38fee9 100644
--- a/eclass/tests/tests-common.sh
+++ b/eclass/tests/tests-common.sh
with alternate module compression support, and may
in the future help to support gzip and zstd module compression in
gentoo-kernel-bin.
Signed-off-by: Andrew Ammerlaan
---
eclass/kernel-install.eclass | 36 +---
1 file changed, 29 insertions(+), 7 deletions
. Then,
remove only those files that do not match our desired compression.
Signed-off-by: Andrew Ammerlaan
---
eclass/dist-kernel-utils.eclass | 59 +++--
1 file changed, 49 insertions(+), 10 deletions(-)
diff --git a/eclass/dist-kernel-utils.eclass b/eclass/dist-kernel
This was merged with KERNEL_IUSE_MODULES_SIGN in
a42e98431e7538eadaee1df2b90f0e3174b22341, but this one was missed.
Signed-off-by: Andrew Ammerlaan
---
eclass/kernel-build.eclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/eclass/kernel-build.eclass b/eclass/kernel
otherwise.
https://docs.kernel.org/kbuild/llvm.html#the-llvm-argument
Signed-off-by: Alfred Wingate
Closes: https://github.com/gentoo/gentoo/pull/37690
Signed-off-by: Andrew Ammerlaan
---
eclass/kernel-build.eclass | 7 +++
1 file changed, 7 insertions(+)
diff --git a/eclass/kernel
prepare' so we quit earlier
if the KV_FULL is wrong. Note it should be run after we have completed the
config in 'make olddefconfig'.
Signed-off-by: Andrew Ammerlaan
Closes: https://github.com/gentoo/gentoo/pull/37694
Signed-off-by: Andrew Ammerlaan
---
eclass/kernel-build.eclas
s also provides an easy location for the user to access the
config. Considering that /boot/config-x.y.z does not always
exist (the config instalation via /sbin/installkernel depends
on layout and +/-systemd configuration).
Signed-off-by: Andrew Ammerlaan
Closes: https://github.com/gentoo/gentoo/pu
Signed-off-by: Andrew Ammerlaan
---
eclass/kernel-build.eclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index fa01be28723f..aca387bb5abd 100644
--- a/eclass/kernel-build.eclass
+++ b/eclass/kernel-build.eclass
Bug: https://bugs.gentoo.org/936402
Signed-off-by: Andrew Ammerlaan
---
eclass/kernel-build.eclass | 24 ++--
1 file changed, 22 insertions(+), 2 deletions(-)
diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index cf060fa83766..fa01be28723f 100644
--- a
Bug: https://bugs.gentoo.org/936402
Signed-off-by: Andrew Ammerlaan
---
eclass/secureboot.eclass | 26 +++---
1 file changed, 19 insertions(+), 7 deletions(-)
diff --git a/eclass/secureboot.eclass b/eclass/secureboot.eclass
index a9ba514cb7a0..4459b0341845 100644
--- a
and
confusing. In principle the 'eselect kernel' setting should still be respected
when binpkgs are used.
Bug: https://bugs.gentoo.org/926063
Bug: https://bugs.gentoo.org/931213
Signed-off-by: Andrew Ammerlaan
---
eclass/linux-info.eclass | 14 +++---
1 file changed, 11 insert
Closes: https://bugs.gentoo.org/931213
Bug: https://bugs.gentoo.org/926063
Signed-off-by: Andrew Ammerlaan
---
eclass/linux-mod-r1.eclass | 5 +
1 file changed, 5 insertions(+)
diff --git a/eclass/linux-mod-r1.eclass b/eclass/linux-mod-r1.eclass
index d9651f962604..6060074d8734 100644
--- a
both flags
are enabled we trigger initramfs re-installation. This ensures that when we
update this package, we also get the latest microcode in our dist-kernel
initramfs or UKI.
Signed-off-by: Andrew Ammerlaan
---
.../linux-firmware-20240220-r2.ebuild | 32 +++
.../linux
if both flags
are enabled we trigger initramfs re-installation. This ensures that when we
update this package, we also get the latest microcode in our dist-kernel
initramfs or UKI.
Signed-off-by: Andrew Ammerlaan
---
.../intel-microcode-20221108_p20221102.ebuild | 43
Signed-off-by: Andrew Ammerlaan
---
sys-fs/zfs-kmod/zfs-kmod-2.1.14.ebuild | 16 +++-
sys-fs/zfs-kmod/zfs-kmod-2.1.15.ebuild | 14 ++
sys-fs/zfs-kmod/zfs-kmod-2.2.2-r1.ebuild | 14 ++
sys-fs/zfs-kmod/zfs-kmod-2.2.2.ebuild| 14 ++
sys-fs/zfs
Signed-off-by: Andrew Ammerlaan
---
profiles/use.desc | 1 +
1 file changed, 1 insertion(+)
diff --git a/profiles/use.desc b/profiles/use.desc
index d00e21ff01e2..0b96f6add385 100644
--- a/profiles/use.desc
+++ b/profiles/use.desc
@@ -142,6 +142,7 @@ imagemagick - Enable optional support for
Bug: https://bugs.gentoo.org/923025
Bug: https://bugs.gentoo.org/928271
Signed-off-by: Andrew Ammerlaan
---
eclass/linux-mod-r1.eclass | 54 ++
1 file changed, 54 insertions(+)
diff --git a/eclass/linux-mod-r1.eclass b/eclass/linux-mod-r1.eclass
index 4b267aae4db1..d9
On 19 February 2024 23:08:32 CET, "Robin H. Johnson" wrote:
>Allow checking more disk space, for users with many split volumes and
>ever-larger packages.
>
>gentoo-kernel-bin:
>/ >=350MB/version (in /lib/modules)
>/boot >=40MB/version
>
The problem here is that the kernel is not always ins
On 11/02/2024 10:55, Sam James wrote:
Andrew Ammerlaan writes:
Author: Andrew Ammerlaan
Date: Sun Feb 11 10:41:32 2024 +0100
Did you not use git-send-email here or what's going on?
Formatting looks off.
I was lazy and copy-pasted from 'git log -p'. I do not have
Author: Andrew Ammerlaan
Date: Sun Feb 11 10:41:32 2024 +0100
kernel-install.eclass: explicitly set kernel image to 644
The kernel build system sets the permissions on the kernel
image to 644. However objcopy creates a file with permissions
755. This causes a discrepancy in the permissions
From a06fd4447d34febaa2cca449c8f6979b91a2818e Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Wed, 7 Feb 2024 13:41:30 +0100
Subject: [PATCH] kernel-install.eclass: install vmlinu{x,z} symlink
and also link generic initrd/uki.efi
Signed-off-by: Andrew Ammerlaan
---
eclass/kernel
From 3d3c073f932caa307c26f8cf17b061a609433fce Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Wed, 7 Feb 2024 13:28:02 +0100
Subject: [PATCH] kernel-build.eclass: install vmlinu{x,z} symlink
Some other distributions install (a symlink to) the kernel
image here. Tools such as 'k
ative layout is used to install the kernels.
Best regards,
Andrew
Title: installkernel new USE flag systemd-boot
Author: Andrew Ammerlaan
Posted: 2024-01-30
Revision: 1
News-Item-Format: 2.0
Display-If-Installed: sys-kernel/installkernel[systemd]
Display-If-Installed: sys-apps/systemd[boot]
Display-I
After user feedback we have decided to rename the systemd flag to
systemd-kernel-install so it is not enabled automatically on systemd
profiles.
Best regards,
Andrew
Title: installkernel systemd USE flag renamed to systemd-kernel-install
Author: Andrew Ammerlaan
Posted: 2024-01-30
Revision
From 3a3a69379650af341fa318d8f2d1533885b52d0e Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Mon, 29 Jan 2024 10:58:11 +0100
Subject: [PATCH] linux-mod-r1.eclass: warn if KV does not match
virtual/dist-kernel
We have no mechanism to ensure that we build the kernel modules for
the same
# Andrew Ammerlaan (2024-01-24)
# The functionality of sys-kernel/installkernel-systemd has been
# integrated into sys-kernel/installkernel[systemd].
# Please install sys-kernel/installkernel and remove
# sys-kernel/installkernel-systemd. See the news item entitled
# "Merging of installk
Title: Merging of installkernel-gentoo and installkernel-systemd
+Author: Andrew Ammerlaan
+Posted: 2024-01-18
+Revision: 1
+News-Item-Format: 2.0
+Display-If-Installed: sys-kernel/installkernel
+Display-If-Installed: sys-kernel/installkernel-gentoo
+Display-If-Installed: sys-kernel/installk
From 0f33e78d05f5e50f4734f5493255232ce1c647fa Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Wed, 3 Jan 2024 11:31:15 +0100
Subject: [PATCH] kernel-build.eclass: allow overriding UKI cmdline
Signed-off-by: Andrew Ammerlaan
---
eclass/kernel-build.eclass | 12 ++--
1 file
Part of https://github.com/gentoo/gentoo/pull/33727
From 0878f48e492b2c7bfd4b58c8f6dcfbfdbd642d8a Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Wed, 15 Nov 2023 19:59:06 +0100
Subject: [PATCH] eclass/(dist-)kernel-*.eclass: drop installkernel-gentoo-7
because we drop the generation of
Dear all,
First of all happy new year!
Those of you that have already synced the tree this year might have
already noticed that gentoo-kernel(-bin) has gained two new USE flags
yesterday. The first (USE=modules-compress) I think is pretty
self-explanatory, it installs all modules xz compresse
re to ensure that the temporary key is readable by the user
that the kernel is being built as. The variable is then unset so it does
not end up in the final environment file.
Co-authored-by: Andrew Ammerlaan
Signed-off-by: Violet Purcell
---
eclass/kernel-build.eclass | 18 --
1
at the host has a valid one but
this shouldn't be a problem since at least for systemd systems you can
apparently not boot at all if it is not valid. v2:
From 0a22dcc93c8ba16cdb450f2443ad256e56111d6e Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Mon, 11 Dec 2023 08:36:58 +0100
Subje
ensure that the temporary key is readable by the user
that the kernel is being built as. The variable is then unset so it does
not end up in the final environment file.
Co-authored-by: Andrew Ammerlaan
Signed-off-by: Violet Purcell
---
eclass/kernel-build.eclass | 18 --
1 file
Patch is part of https://github.com/gentoo/gentoo/pull/34024
Best regards,
Andrew
From 03e17149eef9eba08f8c8bf32845c18106d32290 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Mon, 11 Dec 2023 08:36:58 +0100
Subject: [PATCH] kernel-install.eclass: fix test phase on systemd systems
On
=sys-kernel/installkernel-gentoo-7 will follow later once version 8
is stable, a sneak-preview of this patch can already be found in my PR[2].
[1] https://github.com/projg2/installkernel-gentoo/pull/10
[2] https://github.com/gentoo/gentoo/pull/33727
From 948a66a862f29b1356e530f95078c48c5bedbae0 M
Patch from https://github.com/gentoo/gentoo/pull/33850
Note that we only have this problem here, and not in linux-mod-r1.eclass
or secureboot.eclass, because in the latter two eclasses the signing is
done in src_install while the kernel build system requires the key in
src_compile. src_install
From 2ca438ca296cf53e255338aed3f504992c7d057a Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Wed, 15 Nov 2023 20:31:26 +0100
Subject: [PATCH] dist-kernel-utils.eclass: set arch to kernel for
installation
Some kernel-install plugins may require locating files in the
installed kernel
This fixes a small issue in the postrm phase, the name of the unified
kernel image is always uki.efi, not initrd.uefi.
Best regards,
Andrew
From 4ca978b9d1013cb7b28493af45cd4fbd57e1f76e Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Wed, 15 Nov 2023 20:00:15 +0100
Subject: [PATCH
This is part of a larger PR at
https://github.com/gentoo/gentoo/pull/33727. However these two eclass
patches are relatively trivial and independent from the rest, so lets do
these first.
From 0e4e64876732eb1d2794498a4f0446ec641bf978 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Wed
This is part of a larger PR at
https://github.com/gentoo/gentoo/pull/33727. However these two eclass
patches are relatively trivial and independent from the rest, so lets do
these first.
From 97a3eea0ab38bbe235df0ee20ede152a2a5e4dc1 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Wed
On 20/10/2023 14:39, Joonas Niilola wrote:
On 20.10.2023 15.30, Pascal Jaeger wrote:
This is only two years without a release. We have packages way way older
than that.
I know fetch scripts have a reputation, but this thing is kind
of a staple in the community and it is still widely used.
I ca
From 9f9da2272d413bd06cd7cfce65fb15bab848a6b7 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Fri, 15 Sep 2023 07:53:56 +0200
Subject: [PATCH] kernel-build.eclass: drop obsolete if use secureboot
statement
CONFIG_EFI_ZBOOT (among other things) is now set by secureboot.config in
# Andrew Ammerlaan (2023-09-23)
# >=media-sound/spotify-1.2.20 now has its own tray icon.
# Therefore the use case for this package is gone.
# Removal on 2023-10-23
media-sound/spotify-tray
# Andrew Ammerlaan (2023-09-14)
# No longer a test dependency of dev-python/textdistance, now fails tests
# with the latest numpy. Upstream inactive and we already need patching for
# python 3.10 compatibility. No other reverse dependencies.
# Bug: https://bugs.gentoo.org/887845
# Removal on
On 12/09/2023 23:23, Eddie Chapman wrote:
Andrew Ammerlaan wrote:
On 12 September 2023 21:47:31 CEST, Eddie Chapman wrote:
Andreas K. Huettel wrote:
* You don't gain anything from using it instead of udev.
(Nobody does.)
Is there only 1 tool for the job? Why do we have bot
On 12 September 2023 21:47:31 CEST, Eddie Chapman wrote:
>Andreas K. Huettel wrote:
>> The eudev experiment has failed.
>> * It was false labeling from the start.[*]
>> * It's barely alive and not keeping up with udev upstream.
>
>Why does it have to? It is advertised as a fork after all.
>
>>
From 59743aeaef2a1c163ba2150208995055964091d4 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Thu, 31 Aug 2023 11:03:03 +0200
Subject: [PATCH] dist-kernel-utils.eclass: support CONFIG_EFI_ZBOOT with
USE=secureboot
This config options changes the name of the final image
Closes: https
From ae095ca61e87f647923d437fe0e8cbe1d18bd0eb Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Wed, 30 Aug 2023 18:38:43 +0200
Subject: [PATCH] kernel-build.eclass: fix kernel image signing on arm64 and
riscv
Arm64/riscv have no compressed kernel support. With CONFIG_EFI_ZBOOT enabled
the
From efd3a440e652d96b7fadc56b171e14116be59768 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Sun, 27 Aug 2023 18:24:08 +0200
Subject: [PATCH] secureboot.eclass: secureboot_sign_efi_file allow call
with 1
arg
Use the input file as the output file if it is not specified.
Signed-off-by
From 1a1062e142cf654b43790d2a211e3d447feb055c Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Sat, 26 Aug 2023 21:32:07 +0200
Subject: [PATCH] dist-kernel-utils.eclass: only sign image if it is a UKI
If we are not using UKIs we don't have to do anything since the kernel image
was al
From 11c08f41e858561bd71fc5f19b612a7fd365b14a Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Sat, 26 Aug 2023 21:26:46 +0200
Subject: [PATCH] kernel-build.eclass: sign the kernel image earlier in
src_install
By signing it in src_install instead of pkg_postinst the signed version is
If we are not using UKIs we don't have to do anything since the kernel image
was already signed in kernel-build.eclass.
Signed-off-by: Andrew Ammerlaan
---
eclass/dist-kernel-utils.eclass | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/eclass/dist-k
kernel image in
sys-kernel/gentoo-kernel-bin.
Note, UKIs are always generated locally, so if UKIs are used these will
still
have to be signed in pkg_postinst and therefore the private key is still
required on all systems with USE=secureboot and uefi=yes in dracut.conf.
Signed-off-by: Andrew
CONFIG_MODULE_SIG_FORCE=y.
Signed-off-by: Andrew Ammerlaan
---
eclass/kernel-install.eclass | 4
1 file changed, 4 insertions(+)
diff --git a/eclass/kernel-install.eclass b/eclass/kernel-install.eclass
index 62fbb1dab0493..84d306c19f1ab 100644
--- a/eclass/kernel-install.eclass
+++ b/eclass/kernel
Hi all,
This patch copies the sphinx-build logic from python-utils-r1.eclass to
use 'python -m mkdocs' instead of plain 'mkdocs' whenever possible. This
fixes building mkdocs themes in pep517 mode where the very themes we are
installing would otherwise be unavailable for building the documenta
Hi all,
This patch is similar to the one I sent earlier for kernel-build.eclass.
Instead of checking if the signing key/cert exists we now also check if
we can actually read it. Also removed an extra "#" that prevents the
documentation from rendering as intended.
Best regards,
Andrew
diff -
Hi all,
Currently if the MODULES_SIGN_KEY exists but is not readable the kernel
will fail to compile. The kernel build system does not produce a clear
error when this happens so it is not immediately obvious what is wrong.
This small patch adjusts our src_prepare logic to check if the signing
From the kernel `make nconfig` description:
```
Module signature verification (MODULE_SIG)
CONFIG_MODULE_SIG:
Check modules for valid signatures upon load: the signature
is simply appended to the module. For more information see
.
Note that this option adds the OpenSSL development packages as
Hi all,
This is a small patch from [1] that allows signing kernel modules using
a separate key and certificate PEM file. See the commit message below
for a more in-depth explanation.
Best regards,
Andrew
[1] https://github.com/gentoo/gentoo/pull/32275
From 61b7db57f343ab172bcc449320c4e96ca
00:00:00 2001
From: Andrew Ammerlaan
Date: Tue, 11 Jul 2023 19:47:52 +0200
Subject: [PATCH] eclass/secureboot.eclass: add new eclass
Signed-off-by: Andrew Ammerlaan
---
eclass/secureboot.eclass | 173 +++
1 file changed, 173 insertions(+)
create mode 100644
On 14/07/2023 19:11, Mike Gilbert wrote:
On Fri, Jul 14, 2023 at 5:07 AM Sam James wrote:
Andrew Ammerlaan writes:
Hi all,
Currently we have 7 packages defining the efi flag and an additional 2
defining the uefi flag. These flags do the same thing, add support for
(U)EFI booting. I
On 14/07/2023 11:05, David Seifert wrote:
On Thu, 1970-01-01 at 00:00 +, Andrew Ammerlaan wrote:
Hi all,
Currently we have 7 packages defining the efi flag and an additional 2
defining the uefi flag. These flags do the same thing, add support for
(U)EFI booting. I therefore propose we
/ipmicfg.
I don't have a strong preference between the efi or uefi flags, but
since a majority of the packages has chosen efi I suggest we go with that.
Best regards,
Andrew
From 737eb5d8509b088f7689d417375c00773c131042 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Fri, 14 Jul
From 53039f9497483f513b2ab98ca031689415b00b21 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Tue, 11 Jul 2023 20:13:08 +0200
Subject: [PATCH 02/13] profiles/use.desc: add secureboot global use flag
Signed-off-by: Andrew Ammerlaan
---
profiles/use.desc | 1 +
1 file changed, 1 insertion
From d528f87cb015cc60ef6f702d02d20b4f1fc42e74 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Thu, 13 Jul 2023 09:55:32 +0200
Subject: [PATCH 05/13] kernel-build.eclass: require modules-sign if
secureboot
Signed-off-by: Andrew Ammerlaan
---
eclass/kernel-build.eclass | 18
From e6d996555a460e9082c6b108fa038b84bf88bcd4 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Tue, 11 Jul 2023 13:20:12 +0200
Subject: [PATCH 04/13] dist-kernel-utils.eclass: optionally sign the kernels
We put this behind a KERNEL_IUSE_SECUREBOOT var so we can enable this
only if
From 06a132a4999b532308f27c55d27c1fce9ea91e0b Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Tue, 11 Jul 2023 20:17:11 +0200
Subject: [PATCH 03/13] profiles/arch: mask secureboot flag on arches
without sbsign
Signed-off-by: Andrew Ammerlaan
---
profiles/arch/amd64/use.mask | 4
From 3116d64388a5381b5ad1d200eb2e01a8194cf631 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Tue, 11 Jul 2023 19:47:52 +0200
Subject: [PATCH 01/13] eclass/secureboot.eclass: add new eclass
Signed-off-by: Andrew Ammerlaan
---
eclass/secureboot.eclass | 179
Hi all,
Now that we have support for unified kernel images and signed kernel
modules in gentoo-kernel and via linux-mod-r1.eclass the logical next
step is to also make it possible to sign the kernel images, bootloaders,
and other efi executables. This makes it possible to enable Secure Boot,
duplication is removed.
Best regards,
Andrew
[1] https://bugs.gentoo.org/910278
From 4f758c021094db0e4f2a085aba33a614f97200d1 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Fri, 14 Jul 2023 09:40:59 +0200
Subject: [PATCH] docs.eclass: define python_check_deps()
and remove some code
On 21/06/2023 16:12, TOMAS FABRIZIO ORSI wrote:
In any case, this is just something to keep in mind when writing this
check. It is not fully guaranteed that eselect repository can find the
repository that is requested in some master= entry.
Great point.
Btw, in your opinion, do you t
On 21/06/2023 15:40, TOMAS FABRIZIO ORSI wrote:
What I meant is that emerge --sync/eix --sync does this check
instead of
eselect repository. To me this makes sense since we can only do this
check *after* syncing.
That is a great point; I had not considered it.
So, you are sayin
On 21/06/2023 04:17, TOMAS FABRIZIO ORSI wrote:
A warning could be a great way of making the user aware of this situation.
Having said that, if eselect repository is able to check and warn the
user of a not synced overlay(ies) dependency, then the hard bit is done
What I meant is that emerge
Version 4 (and that's the last one, I promise), makes this work with
pkcs11 uri's as well. Tested with my Nitrokey, it is (unsurprisingly)
incredibly slow but it works.
From 70415544a4aea458039f1abbbf9c7e112de846f3 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Thu, 15 Jun
On 20/06/2023 19:26, Mike Gilbert wrote:
On Tue, Jun 20, 2023 at 1:08 PM Florian Schmaus wrote:
On 20.06.23 16:41, TOMAS FABRIZIO ORSI wrote:
Isn't that duplicating the information of metadata/layout.conf's
'master' key-value pair [1]?
Yes, I agree that it would be duplicating tha
his problem when using the kernel Makefile.
Best regards,
Andrew
[1] https://github.com/dracutdevs/dracut/pull/2405
From 08302fddf42f9c34fa0cf5647ff44a55f25f75c2 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Fri, 16 Jun 2023 22:51:00 +0200
Subject: [PATCH] dist-kernel-utils.eclass: skip initrd install
pstream PR open to fix the underlying issue (i.e make
50-dracut.install work properly with uefi=yes and layout=uki):
https://github.com/dracutdevs/dracut/pull/2405
From c2d6ecb074d25c70677fa9c371801a0002c9a216 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Fri, 16 Jun 2023 22:51:00 +02
up on the ESP. This is required to
load the uki directly from efi firmware.
From 1c406ada60d3493203c1fbd6333caf74e53ee8ac Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Fri, 16 Jun 2023 16:33:56 +0200
Subject: [PATCH] dist-kernel-utils.eclass: fix extension of generated
efi file
If kern
Split the patch in two pieces and changed the name of the pre-inherit
variable to KERNEL_IUSE_MODULES_SIGN. Plus some quotation fixes.
From e019e78448376b04c91397c7efc60ee72c24bf93 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Thu, 15 Jun 2023 21:10:02 +0200
Subject: [PATCH] kernel
No functional changes in version 3, just renaming some variables and
splitting the version 2 patch.
From 969f242c3269c068ebfe5adc37ebfc92dcd56181 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Thu, 15 Jun 2023 11:50:10 +0200
Subject: [PATCH] kernel-build.eclass: add IUSE="
On 15/06/2023 15:46, Mike Gilbert wrote:
On Thu, Jun 15, 2023 at 9:06 AM Andrew Ammerlaan
wrote:
# @FUNCTION: kernel-build_merge_configs
@@ -270,16 +354,39 @@ kernel-build_merge_configs() {
local user_configs=( "${BROOT}"/etc/kernel/config.d/*.config )
shopt -
b0e42a34469c3799b2c2c636d794a95040549133 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Thu, 15 Jun 2023 11:50:10 +0200
Subject: [PATCH] kernel-build.eclass: add IUSE="+strip modules-sign",
install
generated keys
- Let the kernel build system handle stripping of the modules.
This is nec
On 15/06/2023 11:59, Florian Schmaus wrote:
On 15.06.23 11:50, Andrew Ammerlaan wrote:
+pkg_postinst() {
+ kernel-build_pkg_postinst
+ if use modules-sign; then
+ if [[ -z "${MODULES_SIGN_KEY}" ]]; then
+ ewarn ""
You can drop the empty string argu
From fc8894ff62b45cc7a4148a9f6ba51f1afe7b920a Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Thu, 8 Jun 2023 20:44:58 +0200
Subject: [PATCH] sys-kernel/gentoo-kernel: add USE="modules-sign"
- Enable module signing configure options if requested by the user.
- Respect the li
From 480e54c27d09ceeb1dab662fcb395c33f807402a Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan
Date: Fri, 9 Jun 2023 10:36:18 +0200
Subject: [PATCH] kernel-build.eclass: add IUSE="strip", install
generated keys
- Let the kernel build system handle stripping of the modules.
This is
Hi all,
This first patch reworks the stripping of kernel modules, mirroring the
changes from linux-mod.eclass to linux-mod-r1.eclass, and fixing Bug
814344 and Bug 881651.
Before this change enabling the CONFIG_MODULE_SIG=y and
CONFIG_MODULE_SIG_ALL=y kernel options would cause the kernel bu
On 30/05/2023 18:35, Arthur Zamarin wrote:
My solution is as such:
1. Undeprecate EGO_SUM in eclass
2. Forbid it's usage in ::gentoo (done by pkgcheck, error level, will
fail CI and as such we can see the misuse). Overlays are allowed.
3. Maintainer starts talks with upstreams to add release wor
On 26/04/2023 18:12, Matt Turner wrote:
On Wed, Apr 26, 2023 at 11:31 AM Florian Schmaus wrote:
The discussion would be more productive if someone who is supporting the
EGO_SUM deprecation could rationally summarize the main arguments why we
deprecated EGO_SUM.
You're requesting the changes.
Because the following packages are no longer (test) dependencies of
dev-python/spyder they are looking for a new maintainer:
dev-python/pytest-faulthandler
dev-python/pytest-ordering
dev-python/pytest-xvfb
dev-python/vncdotool (version bump available, requires new dependency)
dev-python/stdio-mgr
# Andrew Ammerlaan (2023-04-09)
# Archived upstream, better alternatives available, try:
# - net-im/whatsapp-desktop-bin (another electron based approach)
# - net-im/whatsie (a simple yet configurable Qt based app)
# - net-im/whatsapp-for-linux::guru (a simple app using webkit2gtk)
# Removal on
# Andrew Ammerlaan (2023-02-25)
# Fails tests, last upstream commit 2021, does not work with
# python3.11. No reverse dependencies.
# Removal on 2023-03-27. Bug 896898 and 888444
dev-python/trio-asyncio
On 28/01/2023 19:02, Ulrich Mueller wrote:
On Sat, 28 Jan 2023, Michał Górny wrote:
However, it's been pointed out that this makes it hard for people to
find packages they're looking for.
I don't understand this argument. Why would all-lowercase make finding a
package harder?
Here's an examp
Hi,
Pathlib2 is a backport, as such it doesn't really make sense to add 3.10 and
3.11 to compat. The package from the overlay probably should adjust its
dependencies to only depend on pathlib2 when instaling for 3.9 or 3.8. This can
be accomplished with the python_gen_cond_dep function (see doc
1 - 100 of 136 matches
Mail list logo
