diff options
author | Bertrand Jacquin <bertrand@jacquin.bzh> | 2021-11-07 20:59:45 +0000 |
---|---|---|
committer | Bertrand Jacquin <bertrand@jacquin.bzh> | 2021-11-07 20:59:45 +0000 |
commit | a8f563fdf9d9db948e5db5ee4a7f74e2e6cb244a (patch) | |
tree | a3972cade24cb0ba790db146918f42d913e568db | |
parent | sys-kernel/stable-sources: version bump (diff) | |
download | portage-a8f563fdf9d9db948e5db5ee4a7f74e2e6cb244a.tar.xz |
eclass/linux-build: add support for MODULE_SIG_KEY_TYPE_ECDSA
New to 5.15
-rw-r--r-- | eclass/linux-build.eclass | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/eclass/linux-build.eclass b/eclass/linux-build.eclass index e5b468bf..16afc6e6 100644 --- a/eclass/linux-build.eclass +++ b/eclass/linux-build.eclass @@ -25,8 +25,8 @@ detect_version EXPORT_FUNCTIONS pkg_pretend pkg_setup src_prepare src_compile src_install pkg_postinst : ${LINUX_BUILD_MOD_SIG_DAYS:=365} -: ${LINUX_BUILD_MOD_SIG_KEY_ALG:=rsa} -: ${LINUX_BUILD_MOD_SIG_KEY_SIZE:=2048} +: ${LINUX_BUILD_MOD_SIG_RSA_KEY_SIZE:=2048} +: ${LINUX_BUILD_MOD_SIG_ECC_KEY_CURVE:=secp384r1} SLOT="${PV%.*}" @@ -389,6 +389,9 @@ _linux-build_src_prepare_build() { fi if _linux-build_configval MODULE_SIG ; then + local _OPENSSL_REQ_ALGORITHM + local _OPENSSL_REQ_PKEYOPT + if ! has_version --host-root "dev-libs/openssl" ; then die "dev-libs/openssl is required for CONFIG_MODULE_SIG" fi @@ -397,6 +400,14 @@ _linux-build_src_prepare_build() { die "CONFIG_MODULE_SIG_HASH must be defined when using CONFIG_MODULE_SIG" fi + if _linux-build_configval MODULE_SIG_KEY_TYPE_ECDSA ; then + _OPENSSL_REQ_ALGORITHM="ec" + _OPENSSL_REQ_PKEYOPT="ec_paramgen_curve:${LINUX_BUILD_MOD_SIG_ECC_KEY_CURVE}" + else + _OPENSSL_REQ_ALGORITHM="rsa" + _OPENSSL_REQ_PKEYOPT="rsa_keygen_bits:${LINUX_BUILD_MOD_SIG_RSA_KEY_SIZE}" + fi + mkdir "${BUILDDIR}/certs" if [[ -e "${T}/certs/signing_key.pem" ]] ; then @@ -424,10 +435,11 @@ _linux-build_src_prepare_build() { authorityKeyIdentifier=keyid EOF - einfo "Generating x509 ${LINUX_BUILD_MOD_SIG_KEY_ALG} ${LINUX_BUILD_MOD_SIG_KEY_SIZE} / ${CONFIG_MODULE_SIG_HASH} pair" + einfo "Generating x509 ${_OPENSSL_REQ_ALGORITHM} pair with ${_OPENSSL_REQ_PKEYOPT} and ${CONFIG_MODULE_SIG_HASH}" openssl req -x509 -nodes -batch \ -days "${LINUX_BUILD_MOD_SIG_DAYS}" \ - -newkey "${LINUX_BUILD_MOD_SIG_KEY_ALG}:${LINUX_BUILD_MOD_SIG_KEY_SIZE}" \ + -newkey "${_OPENSSL_REQ_ALGORITHM}" \ + -pkeyopt "${_OPENSSL_REQ_PKEYOPT}" \ "-${CONFIG_MODULE_SIG_HASH}" \ -outform PEM \ -config "${BUILDDIR}/certs/x509.genkey" \ |