kernel-build.eclass: support unset MODULES_SIGN_{CERT,KEY}

the kernel build system generates a key if not set, so don't check anything
if the key is unset

Signed-off-by: Andrew Ammerlaan <andrewammerlaan@gentoo.org>

1 files changed, 2 insertions, 2 deletions

diff --git a/eclass/kernel-build.eclass b/eclass/kernel-build.eclass
index cbc80bddf6f7..be0256c21102 100644
--- a/eclass/kernel-build.eclass
+++ b/eclass/kernel-build.eclass
@@ -134,7 +134,7 @@ kernel-build_pkg_setup() {
 	if [[ ${KERNEL_IUSE_MODULES_SIGN} && ${MERGE_TYPE} != binary ]]; then
 		secureboot_pkg_setup
 
-		if use modules-sign; then
+		if use modules-sign && [[ -n ${MODULES_SIGN_KEY} ]]; then
 			# Sanity check: fail early if key/cert in DER format or does not exist
 			local openssl_args=(
 				-noout -nocert
@@ -155,7 +155,7 @@ kernel-build_pkg_setup() {
 				die "Kernel module signing certificate or key not found or not PEM format."
 
 			if [[ ${MODULES_SIGN_KEY} != pkcs11:* ]]; then
-				if [[ ${MODULES_SIGN_CERT} != ${MODULES_SIGN_KEY} ]]; then
+				if [[ -n ${MODULES_SIGN_CERT} && ${MODULES_SIGN_CERT} != ${MODULES_SIGN_KEY} ]]; then
 					MODULES_SIGN_KEY_CONTENTS="$(cat "${MODULES_SIGN_CERT}" "${MODULES_SIGN_KEY}" || die)"
 				else
 					MODULES_SIGN_KEY_CONTENTS="$(< "${MODULES_SIGN_KEY}")"