main/linux-lts: add support for pre-generated signing key

We need be able to use a pre-configured key to sign kernel modules, so
3rd party modules can be signed

Include public key in -dev package

main/linux-lts/APKBUILD

@@ -7,7 +7,7 @@ case $pkgver in
 	*.*.*)	_kernver=${pkgver%.*};;
 	*.*) _kernver=$pkgver;;
 esac
-pkgrel=1
+pkgrel=2
 pkgdesc="Linux lts kernel"
 url="https://www.kernel.org"
 depends="initramfs-generator"
@@ -109,6 +109,17 @@ _prepareconfig() {
 		O="$_builddir" \
 		ARCH="$(_kernelarch $_arch)" \
 		olddefconfig
+
+	if grep "CONFIG_MODULE_SIG=y" "$_builddir"/.config >/dev/null; then
+		if [ -f "$KERNEL_SIGNING_KEY" ]; then
+			sed -i -e "s:^CONFIG_MODULE_SIG_KEY=.*:CONFIG_MODULE_SIG_KEY=\"$KERNEL_SIGNING_KEY\":" \
+				"$_builddir"/.config
+			msg "Using $KERNEL_SIGNING_KEY to sign $_flavor kernel ($_arch) modules"
+		else
+			warning "KERNEL_SIGNING_KEY was not set. A signing key will be generated, but 3rd"
+			warning "party modules can not be signed"
+		fi
+	fi
 }
 
 listconfigs() {
@@ -274,6 +285,8 @@ _dev() {
 	cp -a "$_builddir"/.config "$_builddir"/localversion-alpine \
 		"$dir"/
 
+	install -D -t "$dir"/certs "$_builddir"/certs/signing_key.x509 || :
+
 	make -C "$srcdir"/linux-$_kernver \
 		O="$dir" \
 		ARCH="$(_kernelarch $CARCH)" \
@@ -312,7 +325,7 @@ _dev() {
 	msg "Removing unneeded arch headers..."
 	for i in "$dir"/arch/*; do
 		if [ "${i##*/}" != "$_karch" ]; then
-			echo "  $_karch"
+			echo "  ${i##*/}"
 			rm -r "$i"
 		fi
 	done