'[gentoo-dev] [PATCH 1/1]: kernel-build.eclass: error out early if signing key not readable'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    [gentoo-dev] [PATCH 1/1]: kernel-build.eclass: error out early if signing key not readable
From:       Andrew Ammerlaan <andrewammerlaan () gentoo ! org>
Date:       2023-08-21 8:43:21
Message-ID: a5804055-142b-4af0-935b-062ae211476b () gentoo ! org
[Download RAW message or body]

Hi all,

Currently if the MODULES_SIGN_KEY exists but is not readable the kernel 
will fail to compile. The kernel build system does not produce a clear 
error when this happens so it is not immediately obvious what is wrong. 
This small patch adjusts our src_prepare logic to check if the signing 
key is readable, this makes the build error out sooner and with a 
clearer error message.

Best regards,
Andrew

diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index d498dd2e705b..5b324e036c5f 100644
--- a/eclass/kernel-build.eclass
+++ b/eclass/kernel-build.eclass
@@ -421,11 +421,11 @@ kernel-build_merge_configs() {
cat "${MODULES_SIGN_CERT}" "${MODULES_SIGN_KEY}" > "${T}/kernel_key.pem" 
|| die
MODULES_SIGN_KEY="${T}/kernel_key.pem"
fi
-                       if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -e 
${MODULES_SIGN_KEY} ]]; then
+                       if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -r 
${MODULES_SIGN_KEY} ]]; then
echo "CONFIG_MODULE_SIG_KEY=\"${MODULES_SIGN_KEY}\"" \
 >> "${WORKDIR}/modules-sign.config"
elif [[ -n ${MODULES_SIGN_KEY} ]]; then
-                               die 
"MODULES_SIGN_KEY=${MODULES_SIGN_KEY} not found!"
+                               die 
"MODULES_SIGN_KEY=${MODULES_SIGN_KEY} not found or not readable!"
fi
merge_configs+=( "${WORKDIR}/modules-sign.config" )

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic