1. 14 8月, 2015 3 次提交
    • D
      modsign: Handle signing key in source tree · 3ee550f1
      David Woodhouse 提交于
      Since commit 1329e8cc ("modsign: Extract signing cert from
      CONFIG_MODULE_SIG_KEY if needed"), the build system has carefully coped
      with the signing key being specified as a relative path in either the
      source or or the build trees.
      
      However, the actual signing of modules has not worked if the filename
      is relative to the source tree.
      
      Fix that by moving the config_filename helper into scripts/Kbuild.include
      so that it can be used from elsewhere, and then using it in the top-level
      Makefile to find the signing key file.
      
      Kill the intermediate $(MODPUBKEY) and $(MODSECKEY) variables too, while
      we're at it. There's no need for them.
      Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      3ee550f1
    • D
      modsign: Use if_changed rule for extracting cert from module signing key · 62172c81
      David Woodhouse 提交于
      We couldn't use if_changed for this before, because it didn't live in
      the kernel/ directory so we couldn't add it to $(targets). It was easier
      just to leave it as it was.
      
      Now it's in the certs/ directory we can use if_changed, the same as we
      do for the trusted certificate list.
      
      Aside from making things consistent, this means we don't need to depend
      explicitly on the include/config/module/sig/key.h file. And we also get
      to automatically do the right thing and re-extract the cert if the user
      does odd things like using a relative filename and then playing silly
      buggers with adding/removing that file in both the source and object
      trees. We always favour the one in the object tree if it exists, and
      now we'll correctly re-extract the cert when it changes. Previously we'd
      *only* re-extract the cert if the config option changed, even if the
      actual file we're using did change.
      Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com>
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      62172c81
    • D
      Move certificate handling to its own directory · cfc411e7
      David Howells 提交于
      Move certificate handling out of the kernel/ directory and into a certs/
      directory to get all the weird stuff in one place and move the generated
      signing keys into this directory.
      Signed-off-by: NDavid Howells <dhowells@redhat.com>
      Reviewed-by: NDavid Woodhouse <David.Woodhouse@intel.com>
      cfc411e7
新手
引导
客服 返回
顶部