diff options
| author | Bertrand Jacquin <bertrand@jacquin.bzh> | 2018-01-28 15:36:40 +0000 |
|---|---|---|
| committer | Bertrand Jacquin <bertrand@jacquin.bzh> | 2018-03-07 01:30:12 +0000 |
| commit | 0656d1dd8756dfea33f1d111ea4a98c270d00db4 (patch) | |
| tree | f7280afa5b4b8f49dc436250262599d9231d59d2 /eclass | |
| parent | sys-kernel: Bump to EAPI 6 (diff) | |
| download | portage-0656d1dd8756dfea33f1d111ea4a98c270d00db4.tar.xz | |
eclass/linux-build: Do not store signature private materials
Diffstat (limited to 'eclass')
| -rw-r--r-- | eclass/linux-build.eclass | 24 |
1 files changed, 8 insertions, 16 deletions
diff --git a/eclass/linux-build.eclass b/eclass/linux-build.eclass index d417843f..e8837b1f 100644 --- a/eclass/linux-build.eclass +++ b/eclass/linux-build.eclass @@ -100,13 +100,14 @@ _linux-build_pkg_setup-build-x509() { for _v in "${PF}" "${P}" "${PN}" ; do einfo "Checking existence of ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.pem" - if [[ -e "${PORTAGE_CONFIGROOT}/etc/ssl/private/${_v}.pem" ]] ; then - mkdir -p "${T}/etc/ssl/private" + if [[ -e "${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.pem" ]] ; then + mkdir "${T}/certs" cp --preserve=mode,ownership \ - "${PORTAGE_CONFIGROOT}/etc/ssl/private/${_v}.pem" "${T}/etc/ssl/private/${PF}.pem" \ + "${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.pem" "${T}/certs/signing_key.pem" \ || die "Failed to copy ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.pem" - export _LINUX_BUILD_MOD_SIG_X509_PFX="${_v}" + einfo "Use the following x509 pair for CONFIG_MODULE_SIG" + einfo " ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.pem" eend 0 break @@ -221,15 +222,12 @@ _linux-build_src_prepare_build() { die "CONFIG_MODULE_SIG_HASH must be defined when using CONFIG_MODULE_SIG" fi - mkdir ${BUILDDIR}/certs - - if [[ -e "${T}/etc/ssl/private/${PF}.pem" ]] ; then - einfo "Use the following x509 pair for CONFIG_MODULE_SIG" - einfo " ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_LINUX_BUILD_MOD_SIG_X509_PFX}.pem" + mkdir "${BUILDDIR}/certs" + if [[ -e "${T}/certs/signing_key.pem" ]] ; then touch "${BUILDDIR}/certs/x509.genkey" cp --preserve=mode,ownership \ - "${T}/etc/ssl/private/${PF}.pem" "${BUILDDIR}/certs/signing_key.pem" + "${T}/certs/signing_key.pem" "${BUILDDIR}/certs/signing_key.pem" else einfo "Generating x509 config" cat > "${BUILDDIR}/certs/x509.genkey" <<-EOF @@ -368,12 +366,6 @@ _linux-build_src_install_build() { fi fi - if _linux-build_configval MODULE_SIG ; then - insinto /etc/ssl/private - newins "${BUILDDIR}/certs/signing_key.pem" "${PF}.pem" - fperms 0400 "/etc/ssl/private/${PF}.pem" - fi - if [[ -d "${WORKDIR}/bootloader/boot" ]] ; then insinto /boot doins -r "${WORKDIR}"/bootloader/boot/* |