# /etc/rpm/macros.kmodtool: kmodtool keypair sign and zip config.
#
# This file controls signing and zipping modules on the system, included
# akmods ones.
# It uses the rpm macros syntax to define global symbol imported
# directly by kmodtool while rebuilding kmods.
#
# Signing modules
#
# __kmodtool_signmodules can take one of these two values:
#     1 - Modules would be signed when rebuilding modules.
#     0 - No signed modules when rebuilding modules.
# __kmodtool_signmodules_pubkey gives path and name of the public key to
# be used to sign newly build modules.
# __kmodtool_signmodules_privkey gives path and name of the private key to
# be used to sign newly build modules.
#
# __kmodtool_signmodules* macros can be overriden by users and/or
# packagers provided that those values and their dependencies are
# manually checked. Be carefull when modifying these values. To override
# these macros please define these ones in your spec file (one
# underscore as prefix and not two):
# - _kmodtool_signmodules
# - _kmodtool_signmodules_pubkey
# - _kmodtool_signmodules_privkey
# It is also possible to uncomment one or several of the macros provided
# below:
#%%_kmodtool_signmodules 0
#%%_kmodtool_signmodules 1
#%%_kmodtool_signmodules_pubkey /path/to/your/public_key.der
#%%_kmodtool_signmodules_privkey /path/to/your/private_key.der
#
# Signing modules is enabled in Fedora kernels for every arches,
# even if kernels are not signed for arches other than
# %%{ix86} x86_64 aarch64.
#
# Sign modules on x86. Make sure the config files match this setting if
# more architectures are added.
%__kmodtool_signmodules %{?_kmodtool_signmodules:%{_kmodtool_signmodules}}%{!?_kmodtool_signmodules:1}

# This is current keypair enrolled in MOK to sign modules
%__kmodtool_signmodules_pubkey %{?_kmodtool_signmodules_pubkey:%{_kmodtool_signmodules_pubkey}}%{!?_kmodtool_signmodules_pubkey:/etc/pki/akmods/certs/public_key.der}
%__kmodtool_signmodules_privkey %{?_kmodtool_signmodules_privkey:%{_kmodtool_signmodules_privkey}}%{!?_kmodtool_signmodules_privkey:/etc/pki/akmods/private/private_key.priv}

# Define signing macros
#
%__kmodtool_modsign_cmd %{_rpmconfigdir}/brp-kmodsign
%__kmodtool_modsign_install_post \
if [ "%{__kmodtool_signmodules}" -eq "1" ] && [ -x %{__kmodtool_modsign_cmd} ] && [ -e %{__kmodtool_signmodules_privkey} ] && [ -e %{__kmodtool_signmodules_pubkey} ] ; then\
 %{__kmodtool_modsign_cmd} %{__kmodtool_signmodules_privkey} %{__kmodtool_signmodules_pubkey} %{buildroot}%{kmodinstdir_prefix}%{__kmodtool_kernel_uname_r}%{kmodinstdir_postfix} /usr/src/kernels/%{__kmodtool_kernel_uname_r}\
fi\
%{nil}

# Zipping modules
#
# __kmodtool_zipmodules can take one of these two values:
#     1 - Modules would be zipped when rebuilding modules.
#     0 - No zipped modules when rebuilding modules.
#
# __kmodtool_zipmodules* macros can be overriden by users and/or packagers
# provided that those values and their dependencies are manually
# checked. Be carefull when modifying these values. To override these
# macros please define these ones in your spec file (one underscore as
# prefix and not two):
# - _kmodtool_zipmodules
# It is also possible to uncomment one of the macros provided below:
#%%_kmodtool_zipmodules 0
#%%_kmodtool_zipmodules 1
#
# Zipping modules according to Fedora kernels sources is enabled only
# for arches %%{ix86} x86_64 aarch64. For information zipping kernel
# modules is available since rhel 7.x and fedora 21.
# Settings below conform to this directives.
#
# Zip modules on x86 x86_64 aarch64. Make sure the config files match
# this setting if more architectures are added.
%__kmodtool_zipmodules_arch_ok %(
echo %{ix86} x86_64 aarch64 | grep -qwo %{_arch}
if [ $? -eq 0 ] ; then
 echo 1
else
 echo 0
fi
)

# Distributions where zipping is enabled by default
%__kmodtool_zipmodules_dist_ok %(
if (( %{?rhel} + 0 > 6 || %{?fedora} + 0 > 20 )) ; then
 echo 1
else
 echo 0
fi
)

# Put arches and distributions conditions together
%__kmodtool_zipmodules_ok %(
if (( %{?__kmodtool_zipmodules_arch_ok} && %{?__kmodtool_zipmodules_dist_ok} )) ; then
 echo 1
else
 echo 0
fi
)

# Put them all in place
%__kmodtool_zipmodules %{?_kmodtool_zipmodules:%{_kmodtool_zipmodules}}%{!?_kmodtool_zipmodules:%{?__kmodtool_zipmodules_ok}}


# Define zipping macros
#
%__kmodtool_modzip_install_post\
if [ "%{__kmodtool_zipmodules}" -eq "1" ] ; then\
 find %{buildroot}%{kmodinstdir_prefix}%{__kmodtool_kernel_uname_r}%{kmodinstdir_postfix} -type f -name '*.ko' | xargs xz;\
fi\
%{nil}