If the kernel has been built without EFI_ZBOOT support (requires 6.1+)
then the resulting kernel image will be an Image.gz that we cannot
sign with sbsign (on arm64 and riscv). So, uncompress this image,
then add the signature, and finally recompress it with the same
options that the kernel Makefiles use.

Signed-off-by: Nowa Ammerlaan <[email protected]>
Part-of: https://github.com/gentoo/gentoo/pull/42457
Closes: https://github.com/gentoo/gentoo/pull/42457
Signed-off-by: Nowa Ammerlaan <[email protected]>
---
eclass/kernel-build.eclass | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index d2d634591fe1..77faf6f651e5 100644
--- a/eclass/kernel-build.eclass
+++ b/eclass/kernel-build.eclass
@@ -497,7 +497,15 @@ kernel-build_src_install() {
fi

if [[ ${KERNEL_IUSE_MODULES_SIGN} ]]; then
- secureboot_sign_efi_file "${image}"
+ if [[ ${image} == *.gz ]]; then
+ # Backwards compatibility with pre-zboot images
+ gunzip "${image}" || die
+ secureboot_sign_efi_file "${image%.gz}"
+ # Use same gzip options as the kernel Makefile
+ gzip -n -f -9 "${image%.gz}" || die
+ else
+ secureboot_sign_efi_file "${image}"
+ fi
fi

if [[ ${KERNEL_IUSE_GENERIC_UKI} ]]; then
--
2.49.0

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)