diff options
author | Bertrand Jacquin <bertrand@jacquin.bzh> | 2018-01-27 14:41:55 +0000 |
---|---|---|
committer | Bertrand Jacquin <bertrand@jacquin.bzh> | 2018-03-07 01:30:12 +0000 |
commit | 7d2ec7f931bcc6baa22cbcb1bd6979f7bbfb8889 (patch) | |
tree | 18f7e5b784dc8b02db55e841ba369622ee54e009 /eclass/linux-build.eclass | |
parent | eclass/linux-build: Use PORTAGE_BUILD_USER since PORTAGE_USERNAME is (diff) | |
download | portage-7d2ec7f931bcc6baa22cbcb1bd6979f7bbfb8889.tar.xz |
eclass/linux-build: Use PEM file
DER is gone from fb1179499134bc718dc7557c7a6a95dc72f224cb
Diffstat (limited to 'eclass/linux-build.eclass')
-rw-r--r-- | eclass/linux-build.eclass | 46 |
1 files changed, 18 insertions, 28 deletions
diff --git a/eclass/linux-build.eclass b/eclass/linux-build.eclass index e4cde419..159aacc0 100644 --- a/eclass/linux-build.eclass +++ b/eclass/linux-build.eclass @@ -98,18 +98,13 @@ _linux-build_pkg_setup-build-x509() { local _v for _v in "${PF}" "${P}" "${PN}" ; do - einfo "Checking existence of ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.{crt,key}" - - if [[ -e "${PORTAGE_CONFIGROOT}/etc/ssl/private/${_v}.crt" && - -e "${PORTAGE_CONFIGROOT}/etc/ssl/private/${_v}.key" ]] ; then + einfo "Checking existence of ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.pem" + if [[ -e "${PORTAGE_CONFIGROOT}/etc/ssl/private/${_v}.pem" ]] ; then mkdir -p "${T}/etc/ssl/private" cp --preserve=mode,ownership \ - "${PORTAGE_CONFIGROOT}/etc/ssl/private/${_v}.crt" "${T}/etc/ssl/private/${PF}.crt" \ - || die "Failed to copy ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.crt" - cp --preserve=mode,ownership \ - "${PORTAGE_CONFIGROOT}/etc/ssl/private/${_v}.key" "${T}/etc/ssl/private/${PF}.key" \ - || die "Failed to copy ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.key" + "${PORTAGE_CONFIGROOT}/etc/ssl/private/${_v}.pem" "${T}/etc/ssl/private/${PF}.pem" \ + || die "Failed to copy ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.pem" export _LINUX_BUILD_MOD_SIG_X509_PFX="${_v}" eend 0 @@ -226,21 +221,18 @@ _linux-build_src_prepare_build() { die "CONFIG_MODULE_SIG_HASH must be defined when using CONFIG_MODULE_SIG" fi - if [[ -e "${T}/etc/ssl/private/${PF}.crt" && - -e "${T}/etc/ssl/private/${PF}.key" ]] ; then + mkdir ${BUILDDIR}/certs + if [[ -e "${T}/etc/ssl/private/${PF}.pem" ]] ; then einfo "Use the following x509 pair for CONFIG_MODULE_SIG" - einfo " ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_LINUX_BUILD_MOD_SIG_X509_PFX}.crt" - einfo " ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_LINUX_BUILD_MOD_SIG_X509_PFX}.key" + einfo " ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_LINUX_BUILD_MOD_SIG_X509_PFX}.pem" - touch "${BUILDDIR}/x509.genkey" + touch "${BUILDDIR}/certs/x509.genkey" cp --preserve=mode,ownership \ - "${T}/etc/ssl/private/${PF}.crt" "${BUILDDIR}/signing_key.x509" - cp --preserve=mode,ownership \ - "${T}/etc/ssl/private/${PF}.key" "${BUILDDIR}/signing_key.priv" + "${T}/etc/ssl/private/${PF}.pem" "${BUILDDIR}/certs/signing_key.pem" else einfo "Generating x509 config" - cat > "${BUILDDIR}/x509.genkey" <<-EOF + cat > "${BUILDDIR}/certs/x509.genkey" <<-EOF [ req ] prompt = no distinguished_name = ${PF}_subj @@ -264,15 +256,15 @@ _linux-build_src_prepare_build() { -days "${LINUX_BUILD_MOD_SIG_DAYS}" \ -newkey "${LINUX_BUILD_MOD_SIG_KEY_ALG}:${LINUX_BUILD_MOD_SIG_KEY_SIZE}" \ "-${CONFIG_MODULE_SIG_HASH}" \ - -outform DER \ - -config "${BUILDDIR}/x509.genkey" \ - -out "${BUILDDIR}/signing_key.x509" \ - -keyout "${BUILDDIR}/signing_key.priv" \ + -outform PEM \ + -config "${BUILDDIR}/certs/x509.genkey" \ + -out "${BUILDDIR}/certs/signing_key.pem" \ + -keyout "${BUILDDIR}/certs/signing_key.pem" \ || die "openssl req fail" fi - openssl x509 -inform DER -noout \ - -in "${BUILDDIR}/signing_key.x509" \ + openssl x509 -inform PEM -noout \ + -in "${BUILDDIR}/certs/signing_key.pem" \ -subject fi @@ -378,10 +370,8 @@ _linux-build_src_install_build() { if _linux-build_configval MODULE_SIG ; then insinto /etc/ssl/private - newins "${BUILDDIR}/signing_key.x509" "${PF}.crt" - newins "${BUILDDIR}/signing_key.priv" "${PF}.key" - - fperms 0400 "/etc/ssl/private/${PF}.key" + newins "${BUILDDIR}/certs/signing_key.pem" "${PF}.pem" + fperms 0400 "/etc/ssl/private/${PF}.pem" fi if [[ -d "${WORKDIR}/bootloader/boot" ]] ; then |