[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    Re: [gentoo-dev] [PATCH 2/3] dist-kernel-utils.eclass: only sign image if it is a UKI
From:       Andrew Ammerlaan <andrewammerlaan () gentoo ! org>
Date:       2023-08-27 19:34:18
Message-ID: 7b383ca6-194b-4557-92c0-40f290189b23 () gentoo ! org
[Download RAW message or body]

 From 1a1062e142cf654b43790d2a211e3d447feb055c Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
Date: Sat, 26 Aug 2023 21:32:07 +0200
Subject: [PATCH] dist-kernel-utils.eclass: only sign image if it is a UKI

If we are not using UKIs we don't have to do anything since the kernel image
was already signed in kernel-build.eclass.

Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
---
  eclass/dist-kernel-utils.eclass | 8 ++++----
  1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/eclass/dist-kernel-utils.eclass 
b/eclass/dist-kernel-utils.eclass
index 6903183b6efb3..b2e9df6746e35 100644
--- a/eclass/dist-kernel-utils.eclass
+++ b/eclass/dist-kernel-utils.eclass
@@ -131,11 +131,11 @@ dist-kernel_install_kernel() {
  		done
  		shopt -u nullglob
  		export KERNEL_INSTALL_PLUGINS="${KERNEL_INSTALL_PLUGINS} ${plugins[@]}"
-	fi

-	if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then
-		# Kernel-install requires uki's are named uki.efi, sign in-place
-		secureboot_sign_efi_file "${image}" "${image}"
+		if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then
+			# Ensure the uki is signed if dracut hasn't already done so.
+			secureboot_sign_efi_file "${image}"
+		fi
  	fi

  	ebegin "Installing the kernel via installkernel"


[prev in list] [next in list] [prev in thread] [next in thread]