summaryrefslogtreecommitdiff
path: root/eclass/linux-build.eclass
diff options
context:
space:
mode:
authorBertrand Jacquin <bertrand@jacquin.bzh>2021-11-07 20:59:45 +0000
committerBertrand Jacquin <bertrand@jacquin.bzh>2021-11-07 20:59:45 +0000
commita8f563fdf9d9db948e5db5ee4a7f74e2e6cb244a (patch)
treea3972cade24cb0ba790db146918f42d913e568db /eclass/linux-build.eclass
parentsys-kernel/stable-sources: version bump (diff)
downloadportage-a8f563fdf9d9db948e5db5ee4a7f74e2e6cb244a.tar.xz
eclass/linux-build: add support for MODULE_SIG_KEY_TYPE_ECDSA
New to 5.15
Diffstat (limited to 'eclass/linux-build.eclass')
-rw-r--r--eclass/linux-build.eclass20
1 files changed, 16 insertions, 4 deletions
diff --git a/eclass/linux-build.eclass b/eclass/linux-build.eclass
index e5b468bf..16afc6e6 100644
--- a/eclass/linux-build.eclass
+++ b/eclass/linux-build.eclass
@@ -25,8 +25,8 @@ detect_version
EXPORT_FUNCTIONS pkg_pretend pkg_setup src_prepare src_compile src_install pkg_postinst
: ${LINUX_BUILD_MOD_SIG_DAYS:=365}
-: ${LINUX_BUILD_MOD_SIG_KEY_ALG:=rsa}
-: ${LINUX_BUILD_MOD_SIG_KEY_SIZE:=2048}
+: ${LINUX_BUILD_MOD_SIG_RSA_KEY_SIZE:=2048}
+: ${LINUX_BUILD_MOD_SIG_ECC_KEY_CURVE:=secp384r1}
SLOT="${PV%.*}"
@@ -389,6 +389,9 @@ _linux-build_src_prepare_build() {
fi
if _linux-build_configval MODULE_SIG ; then
+ local _OPENSSL_REQ_ALGORITHM
+ local _OPENSSL_REQ_PKEYOPT
+
if ! has_version --host-root "dev-libs/openssl" ; then
die "dev-libs/openssl is required for CONFIG_MODULE_SIG"
fi
@@ -397,6 +400,14 @@ _linux-build_src_prepare_build() {
die "CONFIG_MODULE_SIG_HASH must be defined when using CONFIG_MODULE_SIG"
fi
+ if _linux-build_configval MODULE_SIG_KEY_TYPE_ECDSA ; then
+ _OPENSSL_REQ_ALGORITHM="ec"
+ _OPENSSL_REQ_PKEYOPT="ec_paramgen_curve:${LINUX_BUILD_MOD_SIG_ECC_KEY_CURVE}"
+ else
+ _OPENSSL_REQ_ALGORITHM="rsa"
+ _OPENSSL_REQ_PKEYOPT="rsa_keygen_bits:${LINUX_BUILD_MOD_SIG_RSA_KEY_SIZE}"
+ fi
+
mkdir "${BUILDDIR}/certs"
if [[ -e "${T}/certs/signing_key.pem" ]] ; then
@@ -424,10 +435,11 @@ _linux-build_src_prepare_build() {
authorityKeyIdentifier=keyid
EOF
- einfo "Generating x509 ${LINUX_BUILD_MOD_SIG_KEY_ALG} ${LINUX_BUILD_MOD_SIG_KEY_SIZE} / ${CONFIG_MODULE_SIG_HASH} pair"
+ einfo "Generating x509 ${_OPENSSL_REQ_ALGORITHM} pair with ${_OPENSSL_REQ_PKEYOPT} and ${CONFIG_MODULE_SIG_HASH}"
openssl req -x509 -nodes -batch \
-days "${LINUX_BUILD_MOD_SIG_DAYS}" \
- -newkey "${LINUX_BUILD_MOD_SIG_KEY_ALG}:${LINUX_BUILD_MOD_SIG_KEY_SIZE}" \
+ -newkey "${_OPENSSL_REQ_ALGORITHM}" \
+ -pkeyopt "${_OPENSSL_REQ_PKEYOPT}" \
"-${CONFIG_MODULE_SIG_HASH}" \
-outform PEM \
-config "${BUILDDIR}/certs/x509.genkey" \