[gentoo-commits] repo/gentoo:master commit in: eclass/

Thu, 20 Jul 2023 04:33:13 -0700 

commit:     d4df03c213d176fd5cc394628b7bbf611a474125
Author:     Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 11 11:20:12 2023 +0000
Commit:     Andrew Ammerlaan <andrewammerlaan <AT> gentoo <DOT> org>
CommitDate: Thu Jul 20 11:32:13 2023 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d4df03c2

dist-kernel-utils.eclass: optionally sign the kernels

Signed-off-by: Andrew Ammerlaan <andrewammerlaan <AT> gentoo.org>

 eclass/dist-kernel-utils.eclass | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/eclass/dist-kernel-utils.eclass b/eclass/dist-kernel-utils.eclass
index 1ef3104245c6..cb0021f8b3a7 100644
--- a/eclass/dist-kernel-utils.eclass
+++ b/eclass/dist-kernel-utils.eclass
@@ -12,6 +12,13 @@
 # This eclass provides various utility functions related to Distribution
 # Kernels.
 
+# @ECLASS_VARIABLE: KERNEL_IUSE_SECUREBOOT
+# @PRE_INHERIT
+# @DEFAULT_UNSET
+# @DESCRIPTION:
+# If set to a non-null value, inherits secureboot.eclass
+# and allows signing of generated kernel images.
+
 if [[ ! ${_DIST_KERNEL_UTILS} ]]; then
 
 case ${EAPI} in
@@ -19,6 +26,10 @@ case ${EAPI} in
        *) die "${ECLASS}: EAPI ${EAPI:-0} not supported" ;;
 esac
 
+if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then
+       inherit secureboot
+fi
+
 # @FUNCTION: dist-kernel_build_initramfs
 # @USAGE: <output> <version>
 # @DESCRIPTION:
@@ -104,7 +115,7 @@ dist-kernel_install_kernel() {
        if [[ ${magic} == MZ ]]; then
                einfo "Combined UEFI kernel+initramfs executable found"
                # install the combined executable in place of kernel
-               image=${initrd}.efi
+               image=${initrd%/*}/uki.efi
                mv "${initrd}" "${image}" || die
                # We moved the generated initrd, prevent dracut from running 
again
                # https://github.com/dracutdevs/dracut/pull/2405
@@ -122,6 +133,11 @@ dist-kernel_install_kernel() {
                export KERNEL_INSTALL_PLUGINS="${KERNEL_INSTALL_PLUGINS} 
${plugins[@]}"
        fi
 
+       if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then
+               # Kernel-install requires uki's are named uki.efi, sign in-place
+               secureboot_sign_efi_file "${image}" "${image}"
+       fi
+
        ebegin "Installing the kernel via installkernel"
        # note: .config is taken relatively to System.map;
        # initrd relatively to bzImage

Reply via email to