summaryrefslogtreecommitdiff
path: root/eclass/linux-build.eclass
diff options
context:
space:
mode:
authorBertrand Jacquin <bertrand@jacquin.bzh>2018-01-27 14:41:55 +0000
committerBertrand Jacquin <bertrand@jacquin.bzh>2018-03-07 01:30:12 +0000
commit7d2ec7f931bcc6baa22cbcb1bd6979f7bbfb8889 (patch)
tree18f7e5b784dc8b02db55e841ba369622ee54e009 /eclass/linux-build.eclass
parenteclass/linux-build: Use PORTAGE_BUILD_USER since PORTAGE_USERNAME is (diff)
downloadportage-7d2ec7f931bcc6baa22cbcb1bd6979f7bbfb8889.tar.xz
eclass/linux-build: Use PEM file
DER is gone from fb1179499134bc718dc7557c7a6a95dc72f224cb
Diffstat (limited to 'eclass/linux-build.eclass')
-rw-r--r--eclass/linux-build.eclass46
1 files changed, 18 insertions, 28 deletions
diff --git a/eclass/linux-build.eclass b/eclass/linux-build.eclass
index e4cde419..159aacc0 100644
--- a/eclass/linux-build.eclass
+++ b/eclass/linux-build.eclass
@@ -98,18 +98,13 @@ _linux-build_pkg_setup-build-x509() {
local _v
for _v in "${PF}" "${P}" "${PN}" ; do
- einfo "Checking existence of ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.{crt,key}"
-
- if [[ -e "${PORTAGE_CONFIGROOT}/etc/ssl/private/${_v}.crt" &&
- -e "${PORTAGE_CONFIGROOT}/etc/ssl/private/${_v}.key" ]] ; then
+ einfo "Checking existence of ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.pem"
+ if [[ -e "${PORTAGE_CONFIGROOT}/etc/ssl/private/${_v}.pem" ]] ; then
mkdir -p "${T}/etc/ssl/private"
cp --preserve=mode,ownership \
- "${PORTAGE_CONFIGROOT}/etc/ssl/private/${_v}.crt" "${T}/etc/ssl/private/${PF}.crt" \
- || die "Failed to copy ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.crt"
- cp --preserve=mode,ownership \
- "${PORTAGE_CONFIGROOT}/etc/ssl/private/${_v}.key" "${T}/etc/ssl/private/${PF}.key" \
- || die "Failed to copy ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.key"
+ "${PORTAGE_CONFIGROOT}/etc/ssl/private/${_v}.pem" "${T}/etc/ssl/private/${PF}.pem" \
+ || die "Failed to copy ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.pem"
export _LINUX_BUILD_MOD_SIG_X509_PFX="${_v}"
eend 0
@@ -226,21 +221,18 @@ _linux-build_src_prepare_build() {
die "CONFIG_MODULE_SIG_HASH must be defined when using CONFIG_MODULE_SIG"
fi
- if [[ -e "${T}/etc/ssl/private/${PF}.crt" &&
- -e "${T}/etc/ssl/private/${PF}.key" ]] ; then
+ mkdir ${BUILDDIR}/certs
+ if [[ -e "${T}/etc/ssl/private/${PF}.pem" ]] ; then
einfo "Use the following x509 pair for CONFIG_MODULE_SIG"
- einfo " ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_LINUX_BUILD_MOD_SIG_X509_PFX}.crt"
- einfo " ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_LINUX_BUILD_MOD_SIG_X509_PFX}.key"
+ einfo " ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_LINUX_BUILD_MOD_SIG_X509_PFX}.pem"
- touch "${BUILDDIR}/x509.genkey"
+ touch "${BUILDDIR}/certs/x509.genkey"
cp --preserve=mode,ownership \
- "${T}/etc/ssl/private/${PF}.crt" "${BUILDDIR}/signing_key.x509"
- cp --preserve=mode,ownership \
- "${T}/etc/ssl/private/${PF}.key" "${BUILDDIR}/signing_key.priv"
+ "${T}/etc/ssl/private/${PF}.pem" "${BUILDDIR}/certs/signing_key.pem"
else
einfo "Generating x509 config"
- cat > "${BUILDDIR}/x509.genkey" <<-EOF
+ cat > "${BUILDDIR}/certs/x509.genkey" <<-EOF
[ req ]
prompt = no
distinguished_name = ${PF}_subj
@@ -264,15 +256,15 @@ _linux-build_src_prepare_build() {
-days "${LINUX_BUILD_MOD_SIG_DAYS}" \
-newkey "${LINUX_BUILD_MOD_SIG_KEY_ALG}:${LINUX_BUILD_MOD_SIG_KEY_SIZE}" \
"-${CONFIG_MODULE_SIG_HASH}" \
- -outform DER \
- -config "${BUILDDIR}/x509.genkey" \
- -out "${BUILDDIR}/signing_key.x509" \
- -keyout "${BUILDDIR}/signing_key.priv" \
+ -outform PEM \
+ -config "${BUILDDIR}/certs/x509.genkey" \
+ -out "${BUILDDIR}/certs/signing_key.pem" \
+ -keyout "${BUILDDIR}/certs/signing_key.pem" \
|| die "openssl req fail"
fi
- openssl x509 -inform DER -noout \
- -in "${BUILDDIR}/signing_key.x509" \
+ openssl x509 -inform PEM -noout \
+ -in "${BUILDDIR}/certs/signing_key.pem" \
-subject
fi
@@ -378,10 +370,8 @@ _linux-build_src_install_build() {
if _linux-build_configval MODULE_SIG ; then
insinto /etc/ssl/private
- newins "${BUILDDIR}/signing_key.x509" "${PF}.crt"
- newins "${BUILDDIR}/signing_key.priv" "${PF}.key"
-
- fperms 0400 "/etc/ssl/private/${PF}.key"
+ newins "${BUILDDIR}/certs/signing_key.pem" "${PF}.pem"
+ fperms 0400 "/etc/ssl/private/${PF}.pem"
fi
if [[ -d "${WORKDIR}/bootloader/boot" ]] ; then