From 0656d1dd8756dfea33f1d111ea4a98c270d00db4 Mon Sep 17 00:00:00 2001 From: Bertrand Jacquin Date: Sun, 28 Jan 2018 15:36:40 +0000 Subject: eclass/linux-build: Do not store signature private materials --- eclass/linux-build.eclass | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) (limited to 'eclass/linux-build.eclass') diff --git a/eclass/linux-build.eclass b/eclass/linux-build.eclass index d417843f..e8837b1f 100644 --- a/eclass/linux-build.eclass +++ b/eclass/linux-build.eclass @@ -100,13 +100,14 @@ _linux-build_pkg_setup-build-x509() { for _v in "${PF}" "${P}" "${PN}" ; do einfo "Checking existence of ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.pem" - if [[ -e "${PORTAGE_CONFIGROOT}/etc/ssl/private/${_v}.pem" ]] ; then - mkdir -p "${T}/etc/ssl/private" + if [[ -e "${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.pem" ]] ; then + mkdir "${T}/certs" cp --preserve=mode,ownership \ - "${PORTAGE_CONFIGROOT}/etc/ssl/private/${_v}.pem" "${T}/etc/ssl/private/${PF}.pem" \ + "${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.pem" "${T}/certs/signing_key.pem" \ || die "Failed to copy ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.pem" - export _LINUX_BUILD_MOD_SIG_X509_PFX="${_v}" + einfo "Use the following x509 pair for CONFIG_MODULE_SIG" + einfo " ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_v}.pem" eend 0 break @@ -221,15 +222,12 @@ _linux-build_src_prepare_build() { die "CONFIG_MODULE_SIG_HASH must be defined when using CONFIG_MODULE_SIG" fi - mkdir ${BUILDDIR}/certs - - if [[ -e "${T}/etc/ssl/private/${PF}.pem" ]] ; then - einfo "Use the following x509 pair for CONFIG_MODULE_SIG" - einfo " ${PORTAGE_CONFIGROOT%/}/etc/ssl/private/${_LINUX_BUILD_MOD_SIG_X509_PFX}.pem" + mkdir "${BUILDDIR}/certs" + if [[ -e "${T}/certs/signing_key.pem" ]] ; then touch "${BUILDDIR}/certs/x509.genkey" cp --preserve=mode,ownership \ - "${T}/etc/ssl/private/${PF}.pem" "${BUILDDIR}/certs/signing_key.pem" + "${T}/certs/signing_key.pem" "${BUILDDIR}/certs/signing_key.pem" else einfo "Generating x509 config" cat > "${BUILDDIR}/certs/x509.genkey" <<-EOF @@ -368,12 +366,6 @@ _linux-build_src_install_build() { fi fi - if _linux-build_configval MODULE_SIG ; then - insinto /etc/ssl/private - newins "${BUILDDIR}/certs/signing_key.pem" "${PF}.pem" - fperms 0400 "/etc/ssl/private/${PF}.pem" - fi - if [[ -d "${WORKDIR}/bootloader/boot" ]] ; then insinto /boot doins -r "${WORKDIR}"/bootloader/boot/* -- cgit v1.2.3