project-lakitu/eclass/cos-linux-artifact.eclass - cos/overlays/board-overlays - Git at Google

 #
 # Copyright 2025 Google LLC
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License
 # version 2 as published by the Free Software Foundation.
 #
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 # GNU General Public License for more details.
 #

 # eclass for handling signed artifacts on Container-Optimized OS.


 # Check for EAPI 5+
 case "${EAPI:-0}" in
 0|1|2|3|4) die "Unsupported EAPI=${EAPI:-0} (too old) for ${ECLASS}" ;;
 5|6) inherit eapi7-ver ;;
 7) ;;
 esac

 inherit linux-info linux-mod toolchain-funcs

 IUSE="
 	+clang
 	+llvm_ias
 	module_sign
 	platform-key
 "

 REQUIRED_USE="
 	llvm_ias? ( clang )
 "

 DEPEND="
 	platform-key? ( sys-boot/platform-key )
 	virtual/linux-sources
 "

 # Because our kernel version string ends with '+' (e.g.
 # "4.4.21+"), Gentoo Linux's linux-info.eclass cannot locate the kernel build
 # output directory. Hence we set it up here.
 KBUILD_OUTPUT="${KERNEL_DIR}"/build

 #
 # @FUNCTION: cos-linux-artifact-sign_and_install
 # @DESCRIPTION:
 # Signs and stages a list of artifacts (e.g., kernel modules or firmware).
 #
 # @PARAM: $1 - Description of the package (e.g., "NVIDIA modules")
 # @PARAM: $2 - Source directory containing the files to process
 # @PARAM: $3 - Destination directory for the staged files
 # @PARAM: $4 - The type of artifact to sign. Valid options: "module", "firmware"
 # @PARAM: $5... - List of files to be processed
 #
 cos-linux-artifact-sign_and_install() {
 	local description="$1"
 	local src_dir="$2"
 	local dest_dir="$3"
 	local artifact_type="$4"
 	shift 4
 	local files=("$@")

 	# Do nothing if there are no files to process.
 	[[ ${#files[@]} -eq 0 ]] && return 0

 	einfo "Signing and staging ${description}..."
 	pushd "${src_dir}" >/dev/null || die "Could not enter directory: ${src_dir}"

 	local file
 	for file in "${files[@]}"; do
 		[[ -f "${file}" ]] || die "Required file not found in ${src_dir}: ${file}"

 		# Select the signing function based on the artifact type
 		case "${artifact_type}" in
 			module)
 				cos-linux-mod_sign "${file}" "${KBUILD_OUTPUT}/certs" || die "Module signing failed for ${file}"
 				;;
 			firmware)
 				cos-linux-fw_sign "${file}" || die "Firmware signing failed for ${file}"
 				;;
 			*)
 				die "Unknown artifact type: '${artifact_type}'. Must be 'module' or 'firmware'."
 				;;
 		esac

 		cp -a "${file}" "${dest_dir}"/ || die "Failed to copy ${file} to ${dest_dir}"
 	done

 	popd >/dev/null || die
 }
	#
	# Copyright 2025 Google LLC
	#
	# This program is free software; you can redistribute it and/or
	# modify it under the terms of the GNU General Public License
	# version 2 as published by the Free Software Foundation.
	#
	# This program is distributed in the hope that it will be useful,
	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	# GNU General Public License for more details.
	#

	# eclass for handling signed artifacts on Container-Optimized OS.


	# Check for EAPI 5+
	case "${EAPI:-0}" in
	0\|1\|2\|3\|4) die "Unsupported EAPI=${EAPI:-0} (too old) for ${ECLASS}" ;;
	5\|6) inherit eapi7-ver ;;
	7) ;;
	esac

	inherit linux-info linux-mod toolchain-funcs

	IUSE="
	+clang
	+llvm_ias
	module_sign
	platform-key
	"

	REQUIRED_USE="
	llvm_ias? ( clang )
	"

	DEPEND="
	platform-key? ( sys-boot/platform-key )
	virtual/linux-sources
	"

	# Because our kernel version string ends with '+' (e.g.
	# "4.4.21+"), Gentoo Linux's linux-info.eclass cannot locate the kernel build
	# output directory. Hence we set it up here.
	KBUILD_OUTPUT="${KERNEL_DIR}"/build

	#
	# @FUNCTION: cos-linux-artifact-sign_and_install
	# @DESCRIPTION:
	# Signs and stages a list of artifacts (e.g., kernel modules or firmware).
	#
	# @PARAM: $1 - Description of the package (e.g., "NVIDIA modules")
	# @PARAM: $2 - Source directory containing the files to process
	# @PARAM: $3 - Destination directory for the staged files
	# @PARAM: $4 - The type of artifact to sign. Valid options: "module", "firmware"
	# @PARAM: $5... - List of files to be processed
	#
	cos-linux-artifact-sign_and_install() {
	local description="$1"
	local src_dir="$2"
	local dest_dir="$3"
	local artifact_type="$4"
	shift 4
	local files=("$@")

	# Do nothing if there are no files to process.
	[[ ${#files[@]} -eq 0 ]] && return 0

	einfo "Signing and staging ${description}..."
	pushd "${src_dir}" >/dev/null \|\| die "Could not enter directory: ${src_dir}"

	local file
	for file in "${files[@]}"; do
	[[ -f "${file}" ]] \|\| die "Required file not found in ${src_dir}: ${file}"

	# Select the signing function based on the artifact type
	case "${artifact_type}" in
	module)
	cos-linux-mod_sign "${file}" "${KBUILD_OUTPUT}/certs" \|\| die "Module signing failed for ${file}"
	;;
	firmware)
	cos-linux-fw_sign "${file}" \|\| die "Firmware signing failed for ${file}"
	;;
	*)
	die "Unknown artifact type: '${artifact_type}'. Must be 'module' or 'firmware'."
	;;
	esac

	cp -a "${file}" "${dest_dir}"/ \|\| die "Failed to copy ${file} to ${dest_dir}"
	done

	popd >/dev/null \|\| die
	}