[prev in list] [next in list] [prev in thread] [next in thread]
List: gentoo-dev
Subject: [gentoo-dev] [PATCH] kernel-install.eclass: enforce signed modules in test with, USE=modules-sign
From: Andrew Ammerlaan <andrewammerlaan () gentoo ! org>
Date: 2023-08-26 18:10:31
Message-ID: ff6ba27a-9e1c-404f-97aa-ece9396be654 () gentoo ! org
[Download RAW message or body]
This only has effect when building the gpkg for gentoo-kernel-bin which
overrides CONFIG_MODULE_SIG_FORCE. To ensure that the module signing
was successful we instruct the kernel to reject modules with an invalid
signature.
This has no effect on other kernel packages which already have
CONFIG_MODULE_SIG_FORCE=y.
Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
---
eclass/kernel-install.eclass | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/eclass/kernel-install.eclass b/eclass/kernel-install.eclass
index 62fbb1dab0493..84d306c19f1ab 100644
--- a/eclass/kernel-install.eclass
+++ b/eclass/kernel-install.eclass
@@ -301,6 +301,10 @@ kernel-install_test() {
;;
esac
+ if [[ ${KERNEL_IUSE_MODULES_SIGN} ]]; then
+ use modules-sign && qemu_extra_append+=" module.sig_enforce=1 "
+ fi
+
cat > run.sh <<-EOF || die
#!/bin/sh
exec qemu-system-${qemu_arch} \
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic