[prev in list] [next in list] [prev in thread] [next in thread]
List: gentoo-dev
Subject: [gentoo-dev] [PATCH 1/1]: kernel-build.eclass: error out early if signing key not readable
From: Andrew Ammerlaan <andrewammerlaan () gentoo ! org>
Date: 2023-08-21 8:43:21
Message-ID: a5804055-142b-4af0-935b-062ae211476b () gentoo ! org
[Download RAW message or body]
Hi all,
Currently if the MODULES_SIGN_KEY exists but is not readable the kernel
will fail to compile. The kernel build system does not produce a clear
error when this happens so it is not immediately obvious what is wrong.
This small patch adjusts our src_prepare logic to check if the signing
key is readable, this makes the build error out sooner and with a
clearer error message.
Best regards,
Andrew
diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index d498dd2e705b..5b324e036c5f 100644
--- a/eclass/kernel-build.eclass
+++ b/eclass/kernel-build.eclass
@@ -421,11 +421,11 @@ kernel-build_merge_configs() {
cat "${MODULES_SIGN_CERT}" "${MODULES_SIGN_KEY}" > "${T}/kernel_key.pem"
|| die
MODULES_SIGN_KEY="${T}/kernel_key.pem"
fi
- if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -e
${MODULES_SIGN_KEY} ]]; then
+ if [[ ${MODULES_SIGN_KEY} == pkcs11:* || -r
${MODULES_SIGN_KEY} ]]; then
echo "CONFIG_MODULE_SIG_KEY=\"${MODULES_SIGN_KEY}\"" \
>> "${WORKDIR}/modules-sign.config"
elif [[ -n ${MODULES_SIGN_KEY} ]]; then
- die
"MODULES_SIGN_KEY=${MODULES_SIGN_KEY} not found!"
+ die
"MODULES_SIGN_KEY=${MODULES_SIGN_KEY} not found or not readable!"
fi
merge_configs+=( "${WORKDIR}/modules-sign.config" )
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic