2 files changed, 49 insertions, 0 deletions

diff --git a/modules.d/03modsign/load-modsign-keys.sh b/modules.d/03modsign/load-modsign-keys.sh
new file mode 100755
index 0000000..a489067
--- /dev/null
+++ b/modules.d/03modsign/load-modsign-keys.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+#
+# Licensed under the GPLv2
+#
+# Copyright 2013 Red Hat, Inc.
+# Peter Jones <pjones@redhat.com>
+
+for x in /lib/modules/keys/*; do
+    [ "${x}" = "/lib/modules/keys/*" ] && break
+    keyctl padd asymmetric "" %:.secondary_trusted_keys < "${x}"
+done
diff --git a/modules.d/03modsign/module-setup.sh b/modules.d/03modsign/module-setup.sh
new file mode 100755
index 0000000..56e2bdb
--- /dev/null
+++ b/modules.d/03modsign/module-setup.sh
@@ -0,0 +1,38 @@
+#!/bin/bash
+#
+# Licensed under the GPLv2
+#
+# Copyright 2013 Red Hat, Inc.
+# Peter Jones <pjones@redhat.com>
+
+# called by dracut
+check() {
+    require_binaries keyctl || return 1
+
+    # do not include module in hostonly mode,
+    # if no keys are present
+    if [[ $hostonly ]]; then
+        x=$(echo "$dracutsysrootdir"/lib/modules/keys/*)
+        [[ ${x} == "$dracutsysrootdir/lib/modules/keys/*" ]] && return 255
+    fi
+
+    return 0
+}
+
+# called by dracut
+depends() {
+    return 0
+}
+
+# called by dracut
+install() {
+    inst_dir /lib/modules/keys
+    inst_binary keyctl
+
+    inst_hook pre-trigger 01 "$moddir/load-modsign-keys.sh"
+
+    for x in "$dracutsysrootdir"/lib/modules/keys/*; do
+        [[ ${x} == "$dracutsysrootdir/lib/modules/keys/*" ]] && break
+        inst_simple "${x#"$dracutsysrootdir"}"
+    done
+}