From 493ba63c778b72db70d86d8774602a4d2a0cfd04 Mon Sep 17 00:00:00 2001 From: Zvonko Kaiser Date: Wed, 12 Feb 2025 17:06:45 +0000 Subject: [PATCH] gpu: Provide KBUILD_SIGN_PIN to the build.sh At the proper step pass-through the var KBUILD_SIGN_PIN so that the kernel_headers step has the PIN for encrypting the signing key. Signed-off-by: Zvonko Kaiser --- .../kernel/configs/fragments/gpu/nvidia.x86_64.conf.in | 1 + tools/packaging/static-build/kernel/build.sh | 2 ++ 2 files changed, 3 insertions(+) diff --git a/tools/packaging/kernel/configs/fragments/gpu/nvidia.x86_64.conf.in b/tools/packaging/kernel/configs/fragments/gpu/nvidia.x86_64.conf.in index a1386b239b..4285234e0f 100644 --- a/tools/packaging/kernel/configs/fragments/gpu/nvidia.x86_64.conf.in +++ b/tools/packaging/kernel/configs/fragments/gpu/nvidia.x86_64.conf.in @@ -30,3 +30,4 @@ CONFIG_MODULE_SIG_ALL=y CONFIG_MODULE_SIG_SHA512=y CONFIG_SYSTEM_TRUSTED_KEYS="" CONFIG_SYSTEM_TRUSTED_KEYRING=y + diff --git a/tools/packaging/static-build/kernel/build.sh b/tools/packaging/static-build/kernel/build.sh index cbf973c608..889283663b 100755 --- a/tools/packaging/static-build/kernel/build.sh +++ b/tools/packaging/static-build/kernel/build.sh @@ -22,6 +22,7 @@ DESTDIR=${DESTDIR:-${PWD}} PREFIX=${PREFIX:-/opt/kata} container_image="${KERNEL_CONTAINER_BUILDER:-$(get_kernel_image_name)}" MEASURED_ROOTFS=${MEASURED_ROOTFS:-no} +KBUILD_SIGN_PIN="${KBUILD_SIGN_PIN:-}" kernel_builder_args="-a ${ARCH} $*" if [ "${MEASURED_ROOTFS}" == "yes" ]; then @@ -71,6 +72,7 @@ docker run --rm -i -v "${repo_root_dir}:${repo_root_dir}" \ -w "${PWD}" \ --env DESTDIR="${DESTDIR}" --env PREFIX="${PREFIX}" \ --env USER="${USER}" \ + --env KBUILD_SIGN_PIN="${KBUILD_SIGN_PIN}" \ --user "$(id -u)":"$(id -g)" \ "${container_image}" \ bash -c "${kernel_builder} ${kernel_builder_args} build-headers"