diff options
| author | V3n3RiX <venerix@koprulu.sector> | 2023-08-27 22:00:51 +0100 |
|---|---|---|
| committer | V3n3RiX <venerix@koprulu.sector> | 2023-08-27 22:00:51 +0100 |
| commit | 14fff03b5545ac6b6f575afd2e6174afbd294fdd (patch) | |
| tree | 21be5aee55de4f6216e406157ad8c59a811ea202 /eclass | |
| parent | 9f51c386724b9543e88a9c0e1be57d44326f3116 (diff) | |
gentoo auto-resync : 27:08:2023 - 22:00:51
Diffstat (limited to 'eclass')
| -rw-r--r-- | eclass/Manifest.gz | bin | 38505 -> 38513 bytes | |||
| -rw-r--r-- | eclass/dist-kernel-utils.eclass | 8 | ||||
| -rw-r--r-- | eclass/kernel-build.eclass | 5 | ||||
| -rw-r--r-- | eclass/kernel-install.eclass | 4 | ||||
| -rw-r--r-- | eclass/secureboot.eclass | 8 | ||||
| -rw-r--r-- | eclass/tree-sitter-grammar.eclass | 9 |
6 files changed, 22 insertions, 12 deletions
diff --git a/eclass/Manifest.gz b/eclass/Manifest.gz Binary files differindex fe0847b97f8a..5ef5f6e317fb 100644 --- a/eclass/Manifest.gz +++ b/eclass/Manifest.gz diff --git a/eclass/dist-kernel-utils.eclass b/eclass/dist-kernel-utils.eclass index 6903183b6efb..b2e9df6746e3 100644 --- a/eclass/dist-kernel-utils.eclass +++ b/eclass/dist-kernel-utils.eclass @@ -131,11 +131,11 @@ dist-kernel_install_kernel() { done shopt -u nullglob export KERNEL_INSTALL_PLUGINS="${KERNEL_INSTALL_PLUGINS} ${plugins[@]}" - fi - if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then - # Kernel-install requires uki's are named uki.efi, sign in-place - secureboot_sign_efi_file "${image}" "${image}" + if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then + # Ensure the uki is signed if dracut hasn't already done so. + secureboot_sign_efi_file "${image}" + fi fi ebegin "Installing the kernel via installkernel" diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass index 5b324e036c5f..ca105ee1f133 100644 --- a/eclass/kernel-build.eclass +++ b/eclass/kernel-build.eclass @@ -33,6 +33,7 @@ if [[ ${KERNEL_IUSE_MODULES_SIGN} ]]; then # If we have enabled module signing IUSE # then we can also enable secureboot IUSE KERNEL_IUSE_SECUREBOOT=1 + inherit secureboot fi inherit multiprocessing python-any-r1 savedconfig toolchain-funcs kernel-install @@ -348,6 +349,10 @@ kernel-build_src_install() { dosym "../../../${kernel_dir}" "/lib/modules/${module_ver}/build" dosym "../../../${kernel_dir}" "/lib/modules/${module_ver}/source" + if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then + secureboot_sign_efi_file "${ED}${kernel_dir}/${image_path}" + fi + # unset to at least be out of the environment file in, e.g. shared binpkgs unset KBUILD_SIGN_PIN diff --git a/eclass/kernel-install.eclass b/eclass/kernel-install.eclass index 62fbb1dab049..c1b9798a9ff9 100644 --- a/eclass/kernel-install.eclass +++ b/eclass/kernel-install.eclass @@ -301,6 +301,10 @@ kernel-install_test() { ;; esac + if [[ ${KERNEL_IUSE_MODULES_SIGN} ]]; then + use modules-sign && qemu_extra_append+=" module.sig_enforce=1" + fi + cat > run.sh <<-EOF || die #!/bin/sh exec qemu-system-${qemu_arch} \ diff --git a/eclass/secureboot.eclass b/eclass/secureboot.eclass index 383fe7cc3afa..a9ba514cb7a0 100644 --- a/eclass/secureboot.eclass +++ b/eclass/secureboot.eclass @@ -98,16 +98,18 @@ secureboot_pkg_setup() { } # @FUNCTION: secureboot_sign_efi_file -# @USAGE: <input file> <output file> +# @USAGE: <input file> [<output file>] # @DESCRIPTION: # Sign a file using sbsign and the requested key/certificate. -# If the file is already signed with our key then skip. +# If the file is already signed with our key then the file is skipped. +# If no output file is specified the output file will be the same +# as the input file, i.e. the file will be overwritten. secureboot_sign_efi_file() { debug-print-function ${FUNCNAME[0]} "${@}" use secureboot || return local input_file=${1} - local output_file=${2} + local output_file=${2:-${1}} _secureboot_die_if_unset diff --git a/eclass/tree-sitter-grammar.eclass b/eclass/tree-sitter-grammar.eclass index e74d18653b8a..b2563220cfc2 100644 --- a/eclass/tree-sitter-grammar.eclass +++ b/eclass/tree-sitter-grammar.eclass @@ -24,9 +24,6 @@ SRC_URI="https://github.com/tree-sitter/${PN}/archive/${TS_PV:-v${PV}}.tar.gz -> ${P}.tar.gz" S="${WORKDIR}"/${PN}-${TS_PV:-${PV}}/src -# Needed for tree_sitter/parser.h -DEPEND="dev-libs/tree-sitter" - BDEPEND+=" test? ( dev-util/tree-sitter-cli )" IUSE+=" test" RESTRICT+=" !test? ( test )" @@ -61,8 +58,10 @@ tree-sitter-grammar_src_compile() { # or scanner.cc. tc-export CC CXX - export CFLAGS="${CFLAGS} -fPIC" - export CXXFLAGS="${CXXFLAGS} -fPIC" + # We want to use the bundled parser.h, not anything lurking on the system, hence -I + # See https://github.com/tree-sitter/tree-sitter-bash/issues/199#issuecomment-1694416505 + export CFLAGS="${CFLAGS} -fPIC -I. -Itree_sitter" + export CXXFLAGS="${CXXFLAGS} -fPIC -I. -Itree_sitter" local objects=( parser.o ) if [[ -f "${S}"/scanner.c || -f "${S}"/scanner.cc ]]; then |