From fa77d52a7ff39464c50707ca024725deab08b534 Mon Sep 17 00:00:00 2001
From: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
Date: Sun, 21 Jul 2024 17:44:32 +0200
Subject: kernel-build.eclass: support unset MODULES_SIGN_{CERT,KEY}

the kernel build system generates a key if not set, so don't check anything
if the key is unset

Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>
---
 eclass/kernel-build.eclass | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'eclass/kernel-build.eclass')

diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index cbc80bddf6f7..be0256c21102 100644
--- a/eclass/kernel-build.eclass
+++ b/eclass/kernel-build.eclass
@@ -134,7 +134,7 @@ kernel-build_pkg_setup() {
 	if [[ ${KERNEL_IUSE_MODULES_SIGN} && ${MERGE_TYPE} != binary ]]; then
 		secureboot_pkg_setup
 
-		if use modules-sign; then
+		if use modules-sign && [[ -n ${MODULES_SIGN_KEY} ]]; then
 			# Sanity check: fail early if key/cert in DER format or does not exist
 			local openssl_args=(
 				-noout -nocert
@@ -155,7 +155,7 @@ kernel-build_pkg_setup() {
 				die "Kernel module signing certificate or key not found or not PEM format."
 
 			if [[ ${MODULES_SIGN_KEY} != pkcs11:* ]]; then
-				if [[ ${MODULES_SIGN_CERT} != ${MODULES_SIGN_KEY} ]]; then
+				if [[ -n ${MODULES_SIGN_CERT} && ${MODULES_SIGN_CERT} != ${MODULES_SIGN_KEY} ]]; then
 					MODULES_SIGN_KEY_CONTENTS="$(cat "${MODULES_SIGN_CERT}" "${MODULES_SIGN_KEY}" || die)"
 				else
 					MODULES_SIGN_KEY_CONTENTS="$(< "${MODULES_SIGN_KEY}")"
-- 
cgit v1.2.3-65-gdbad