Closed jeandestouches closed 2 months ago
Hi, Can we detect if the running kernel requires signed modules?
It should be possible to check if sign is active for the current src with CONFIG_MODULE_SIG=y, the same way, the current vmware-modules check for vmware kernel specific options (CONFIG_CHECK) but a small reminder to check gentoo wiki page for manually sign module would be enough I think. (Something like : "If module fails to load, it is most likely you have module signature active, check the following wiki for guidance to sign them manually)
The "linux-mod-r1" eclass gives me a "modules-sign" USE flag, which is likely globally enabled by users signing their kernel modules.
Hello, Maybe it would be a good idea to tell the user (in pkg_postinst hook) to have a look at this Gentoo wiki page : https://wiki.gentoo.org/wiki/Signed_kernel_module_support#Manually_signing_modules
to make sure the signature hook (in /etc/portage/env/app-emulation/vmware-modules for example) is active to sign vmware modules. Otherwise modules fails to load (key rejected).
Cheers and thanks for the ebuild !