mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-08-24 07:51:03 +02:00
Code Issues Packages Projects Releases Wiki Activity

coreos-kernel: fix shredding of private module signing key

Browse Source 
Two errors here: shred_keys was not updated when the keys were moved
from the top level directory to the certs directory and shred_keys was
getting called after `rm -r certs`, leaving nothing to shred.

Now the ebuild will fail if shred fails.
This commit is contained in:
Michael Marineau 2016-01-06 17:47:56 -08:00
parent 13899916c5
commit 67a462e423
1 changed files with 2 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sdk_container/src/third_party/coreos-overlay/eclass/coreos-kernel.eclass vendored
View File

@ -125,10 +125,7 @@ kmake() {
# Discard the module signing key, we use new keys for each build. # Discard the module signing key, we use new keys for each build.
shred_keys() { shred_keys() {
if [[ -e signing_key.priv ]]; then shred -u build/certs/signing_key.pem || die
shred -u signing_key.* || die
rm -f x509.genkey || die
fi
} }
# Populate /lib/modules/$(uname -r)/{build,source} # Populate /lib/modules/$(uname -r)/{build,source}
@ -273,9 +270,8 @@ coreos-kernel_src_install() {
dosym "vmlinuz-${version}" /usr/boot/vmlinuz dosym "vmlinuz-${version}" /usr/boot/vmlinuz
dosym "config-${version}" /usr/boot/config dosym "config-${version}" /usr/boot/config
prepare-lib-modules-release-dirs
shred_keys shred_keys
prepare-lib-modules-release-dirs
} }
EXPORT_FUNCTIONS pkg_pretend pkg_setup src_unpack src_prepare src_configure src_compile src_install EXPORT_FUNCTIONS pkg_pretend pkg_setup src_unpack src_prepare src_configure src_compile src_install