2022-06-15 14:11:00 +01:00
|
|
|
# Portage bashrc
|
|
|
|
|
|
|
|
|
|
# Copyright 2022 Inference
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# This hook is necessary for automatic updating of the cfg-update index.
|
2022-05-22 02:03:20 +01:00
|
|
|
pre_pkg_setup() {
|
|
|
|
|
[[ $ROOT = / ]] && cfg-update --index
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function pre_pkg_preinst() {
|
2022-06-15 14:11:00 +01:00
|
|
|
# Sign out-of-tree kernel modules.
|
2022-05-22 02:03:20 +01:00
|
|
|
if [[ "$(type -t linux-mod_pkg_preinst)" != "function" ]]; then
|
|
|
|
|
# The package does not seem to install any kernel modules.
|
|
|
|
|
return
|
|
|
|
|
fi
|
2022-06-15 14:11:00 +01:00
|
|
|
# Get signature algorithm used by the kernel.
|
2022-05-22 02:03:20 +01:00
|
|
|
local module_sig_hash="$(grep -Po '(?<=CONFIG_MODULE_SIG_HASH=").*(?=")' "${KERNEL_DIR}/.config")"
|
|
|
|
|
# Get the key file used by the kernel.
|
|
|
|
|
local module_sig_key="$(grep -Po '(?<=CONFIG_MODULE_SIG_KEY=").*(?=")' "${KERNEL_DIR}/.config")"
|
|
|
|
|
module_sig_key="${module_sig_key:-certs/signing_key.pem}"
|
2022-06-15 14:11:00 +01:00
|
|
|
# Key file or PKCS11 URI path.
|
2022-05-22 02:03:20 +01:00
|
|
|
if [[ "${module_sig_key#pkcs11:}" == "${module_sig_key}" && "${module_sig_key#/}" == "${module_sig_key}" ]]; then
|
|
|
|
|
local key_path="${KERNEL_DIR}/${module_sig_key}"
|
|
|
|
|
else
|
|
|
|
|
local key_path="${module_sig_key}"
|
|
|
|
|
fi
|
2022-06-15 14:11:00 +01:00
|
|
|
# Certificate path.
|
2022-05-22 02:03:20 +01:00
|
|
|
local cert_path="${KERNEL_DIR}/certs/signing_key.x509"
|
|
|
|
|
# Sign all installed modules before merging.
|
|
|
|
|
find "${D%/}/${INSDESTTREE#/}/" -name "*.ko" -exec "${KERNEL_DIR}/scripts/sign-file" "${module_sig_hash}" "${key_path}" "${cert_path}" '{}' \;
|
|
|
|
|
}
|
