diff options
Diffstat (limited to 'eclass/linux-build.eclass')
| -rw-r--r-- | eclass/linux-build.eclass | 20 |
1 files changed, 16 insertions, 4 deletions
diff --git a/eclass/linux-build.eclass b/eclass/linux-build.eclass index e5b468bf..16afc6e6 100644 --- a/eclass/linux-build.eclass +++ b/eclass/linux-build.eclass @@ -25,8 +25,8 @@ detect_version EXPORT_FUNCTIONS pkg_pretend pkg_setup src_prepare src_compile src_install pkg_postinst : ${LINUX_BUILD_MOD_SIG_DAYS:=365} -: ${LINUX_BUILD_MOD_SIG_KEY_ALG:=rsa} -: ${LINUX_BUILD_MOD_SIG_KEY_SIZE:=2048} +: ${LINUX_BUILD_MOD_SIG_RSA_KEY_SIZE:=2048} +: ${LINUX_BUILD_MOD_SIG_ECC_KEY_CURVE:=secp384r1} SLOT="${PV%.*}" @@ -389,6 +389,9 @@ _linux-build_src_prepare_build() { fi if _linux-build_configval MODULE_SIG ; then + local _OPENSSL_REQ_ALGORITHM + local _OPENSSL_REQ_PKEYOPT + if ! has_version --host-root "dev-libs/openssl" ; then die "dev-libs/openssl is required for CONFIG_MODULE_SIG" fi @@ -397,6 +400,14 @@ _linux-build_src_prepare_build() { die "CONFIG_MODULE_SIG_HASH must be defined when using CONFIG_MODULE_SIG" fi + if _linux-build_configval MODULE_SIG_KEY_TYPE_ECDSA ; then + _OPENSSL_REQ_ALGORITHM="ec" + _OPENSSL_REQ_PKEYOPT="ec_paramgen_curve:${LINUX_BUILD_MOD_SIG_ECC_KEY_CURVE}" + else + _OPENSSL_REQ_ALGORITHM="rsa" + _OPENSSL_REQ_PKEYOPT="rsa_keygen_bits:${LINUX_BUILD_MOD_SIG_RSA_KEY_SIZE}" + fi + mkdir "${BUILDDIR}/certs" if [[ -e "${T}/certs/signing_key.pem" ]] ; then @@ -424,10 +435,11 @@ _linux-build_src_prepare_build() { authorityKeyIdentifier=keyid EOF - einfo "Generating x509 ${LINUX_BUILD_MOD_SIG_KEY_ALG} ${LINUX_BUILD_MOD_SIG_KEY_SIZE} / ${CONFIG_MODULE_SIG_HASH} pair" + einfo "Generating x509 ${_OPENSSL_REQ_ALGORITHM} pair with ${_OPENSSL_REQ_PKEYOPT} and ${CONFIG_MODULE_SIG_HASH}" openssl req -x509 -nodes -batch \ -days "${LINUX_BUILD_MOD_SIG_DAYS}" \ - -newkey "${LINUX_BUILD_MOD_SIG_KEY_ALG}:${LINUX_BUILD_MOD_SIG_KEY_SIZE}" \ + -newkey "${_OPENSSL_REQ_ALGORITHM}" \ + -pkeyopt "${_OPENSSL_REQ_PKEYOPT}" \ "-${CONFIG_MODULE_SIG_HASH}" \ -outform PEM \ -config "${BUILDDIR}/certs/x509.genkey" \ |