[PATCH] kernel.bbclass: fix installation of modules signing certificates

[PATCH] kernel.bbclass: fix installation of modules signing certificates

[Dmitry Eremin-Solenikov]

From: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>

If one has provided external key/certificate for modules signing, Kbuild
will skip creating signing_key.pem and will write only signing_key.x509
certificate. Thus we have to check for .x509 file existence rather than
.pem one.

Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
---
 meta/classes/kernel.bbclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
index a60e15b57814..bf3674238f02 100644
--- a/meta/classes/kernel.bbclass
+++ b/meta/classes/kernel.bbclass
@@ -454,7 +454,7 @@ do_shared_workdir () {
 	cp .config $kerneldir/
 	mkdir -p $kerneldir/include/config
 	cp include/config/kernel.release $kerneldir/include/config/kernel.release
-	if [ -e certs/signing_key.pem ]; then
+	if [ -e certs/signing_key.x509 ]; then
 		# The signing_key.* files are stored in the certs/ dir in
 		# newer Linux kernels
 		mkdir -p $kerneldir/certs
-- 
2.20.1

Re: [PATCH] kernel.bbclass: fix installation of modules signing certificates

[Nicolas Dechesne]

hi Armin,

On Sun, Jul 28, 2019 at 12:01 PM Dmitry Eremin-Solenikov
<dbaryshkov@gmail.com> wrote:
>
> From: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>
>
> If one has provided external key/certificate for modules signing, Kbuild
> will skip creating signing_key.pem and will write only signing_key.x509
> certificate. Thus we have to check for .x509 file existence rather than
> .pem one.
>
> Signed-off-by: Dmitry Eremin-Solenikov <dmitry_eremin-solenikov@mentor.com>

This patch applies cleanly on warrior and thud, and it's a bug fix,
when the use provides its own private certificate to sign kernel
modules. I have spent quite a bit of time in this area this week,
sadly i was working with thud branch, fixed my issue and found out
that master didn't have the issue!

Any chance this can be pulled in thud and warrior? Feel free to add my
Signed-off tag , once again cherry-pick just works.

>
> ---
>  meta/classes/kernel.bbclass | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/classes/kernel.bbclass b/meta/classes/kernel.bbclass
> index a60e15b57814..bf3674238f02 100644
> --- a/meta/classes/kernel.bbclass
> +++ b/meta/classes/kernel.bbclass
> @@ -454,7 +454,7 @@ do_shared_workdir () {
>         cp .config $kerneldir/
>         mkdir -p $kerneldir/include/config
>         cp include/config/kernel.release $kerneldir/include/config/kernel.release
> -       if [ -e certs/signing_key.pem ]; then
> +       if [ -e certs/signing_key.x509 ]; then
>                 # The signing_key.* files are stored in the certs/ dir in
>                 # newer Linux kernels
>                 mkdir -p $kerneldir/certs
> --
> 2.20.1
>
> --
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core