From 14fff03b5545ac6b6f575afd2e6174afbd294fdd Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Sun, 27 Aug 2023 22:00:51 +0100 Subject: gentoo auto-resync : 27:08:2023 - 22:00:51 --- eclass/Manifest.gz | Bin 38505 -> 38513 bytes eclass/dist-kernel-utils.eclass | 8 ++++---- eclass/kernel-build.eclass | 5 +++++ eclass/kernel-install.eclass | 4 ++++ eclass/secureboot.eclass | 8 +++++--- eclass/tree-sitter-grammar.eclass | 9 ++++----- 6 files changed, 22 insertions(+), 12 deletions(-) (limited to 'eclass') diff --git a/eclass/Manifest.gz b/eclass/Manifest.gz index fe0847b97f8a..5ef5f6e317fb 100644 Binary files a/eclass/Manifest.gz and b/eclass/Manifest.gz differ diff --git a/eclass/dist-kernel-utils.eclass b/eclass/dist-kernel-utils.eclass index 6903183b6efb..b2e9df6746e3 100644 --- a/eclass/dist-kernel-utils.eclass +++ b/eclass/dist-kernel-utils.eclass @@ -131,11 +131,11 @@ dist-kernel_install_kernel() { done shopt -u nullglob export KERNEL_INSTALL_PLUGINS="${KERNEL_INSTALL_PLUGINS} ${plugins[@]}" - fi - if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then - # Kernel-install requires uki's are named uki.efi, sign in-place - secureboot_sign_efi_file "${image}" "${image}" + if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then + # Ensure the uki is signed if dracut hasn't already done so. + secureboot_sign_efi_file "${image}" + fi fi ebegin "Installing the kernel via installkernel" diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass index 5b324e036c5f..ca105ee1f133 100644 --- a/eclass/kernel-build.eclass +++ b/eclass/kernel-build.eclass @@ -33,6 +33,7 @@ if [[ ${KERNEL_IUSE_MODULES_SIGN} ]]; then # If we have enabled module signing IUSE # then we can also enable secureboot IUSE KERNEL_IUSE_SECUREBOOT=1 + inherit secureboot fi inherit multiprocessing python-any-r1 savedconfig toolchain-funcs kernel-install @@ -348,6 +349,10 @@ kernel-build_src_install() { dosym "../../../${kernel_dir}" "/lib/modules/${module_ver}/build" dosym "../../../${kernel_dir}" "/lib/modules/${module_ver}/source" + if [[ ${KERNEL_IUSE_SECUREBOOT} ]]; then + secureboot_sign_efi_file "${ED}${kernel_dir}/${image_path}" + fi + # unset to at least be out of the environment file in, e.g. shared binpkgs unset KBUILD_SIGN_PIN diff --git a/eclass/kernel-install.eclass b/eclass/kernel-install.eclass index 62fbb1dab049..c1b9798a9ff9 100644 --- a/eclass/kernel-install.eclass +++ b/eclass/kernel-install.eclass @@ -301,6 +301,10 @@ kernel-install_test() { ;; esac + if [[ ${KERNEL_IUSE_MODULES_SIGN} ]]; then + use modules-sign && qemu_extra_append+=" module.sig_enforce=1" + fi + cat > run.sh <<-EOF || die #!/bin/sh exec qemu-system-${qemu_arch} \ diff --git a/eclass/secureboot.eclass b/eclass/secureboot.eclass index 383fe7cc3afa..a9ba514cb7a0 100644 --- a/eclass/secureboot.eclass +++ b/eclass/secureboot.eclass @@ -98,16 +98,18 @@ secureboot_pkg_setup() { } # @FUNCTION: secureboot_sign_efi_file -# @USAGE: +# @USAGE: [] # @DESCRIPTION: # Sign a file using sbsign and the requested key/certificate. -# If the file is already signed with our key then skip. +# If the file is already signed with our key then the file is skipped. +# If no output file is specified the output file will be the same +# as the input file, i.e. the file will be overwritten. secureboot_sign_efi_file() { debug-print-function ${FUNCNAME[0]} "${@}" use secureboot || return local input_file=${1} - local output_file=${2} + local output_file=${2:-${1}} _secureboot_die_if_unset diff --git a/eclass/tree-sitter-grammar.eclass b/eclass/tree-sitter-grammar.eclass index e74d18653b8a..b2563220cfc2 100644 --- a/eclass/tree-sitter-grammar.eclass +++ b/eclass/tree-sitter-grammar.eclass @@ -24,9 +24,6 @@ SRC_URI="https://github.com/tree-sitter/${PN}/archive/${TS_PV:-v${PV}}.tar.gz -> ${P}.tar.gz" S="${WORKDIR}"/${PN}-${TS_PV:-${PV}}/src -# Needed for tree_sitter/parser.h -DEPEND="dev-libs/tree-sitter" - BDEPEND+=" test? ( dev-util/tree-sitter-cli )" IUSE+=" test" RESTRICT+=" !test? ( test )" @@ -61,8 +58,10 @@ tree-sitter-grammar_src_compile() { # or scanner.cc. tc-export CC CXX - export CFLAGS="${CFLAGS} -fPIC" - export CXXFLAGS="${CXXFLAGS} -fPIC" + # We want to use the bundled parser.h, not anything lurking on the system, hence -I + # See https://github.com/tree-sitter/tree-sitter-bash/issues/199#issuecomment-1694416505 + export CFLAGS="${CFLAGS} -fPIC -I. -Itree_sitter" + export CXXFLAGS="${CXXFLAGS} -fPIC -I. -Itree_sitter" local objects=( parser.o ) if [[ -f "${S}"/scanner.c || -f "${S}"/scanner.cc ]]; then -- cgit v1.2.3