- 14 8月, 2015 3 次提交
-
-
由 David Woodhouse 提交于
Since commit 1329e8cc ("modsign: Extract signing cert from CONFIG_MODULE_SIG_KEY if needed"), the build system has carefully coped with the signing key being specified as a relative path in either the source or or the build trees. However, the actual signing of modules has not worked if the filename is relative to the source tree. Fix that by moving the config_filename helper into scripts/Kbuild.include so that it can be used from elsewhere, and then using it in the top-level Makefile to find the signing key file. Kill the intermediate $(MODPUBKEY) and $(MODSECKEY) variables too, while we're at it. There's no need for them. Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com> Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
由 David Woodhouse 提交于
We couldn't use if_changed for this before, because it didn't live in the kernel/ directory so we couldn't add it to $(targets). It was easier just to leave it as it was. Now it's in the certs/ directory we can use if_changed, the same as we do for the trusted certificate list. Aside from making things consistent, this means we don't need to depend explicitly on the include/config/module/sig/key.h file. And we also get to automatically do the right thing and re-extract the cert if the user does odd things like using a relative filename and then playing silly buggers with adding/removing that file in both the source and object trees. We always favour the one in the object tree if it exists, and now we'll correctly re-extract the cert when it changes. Previously we'd *only* re-extract the cert if the config option changed, even if the actual file we're using did change. Signed-off-by: NDavid Woodhouse <David.Woodhouse@intel.com> Signed-off-by: NDavid Howells <dhowells@redhat.com>
-
由 David Howells 提交于
Move certificate handling out of the kernel/ directory and into a certs/ directory to get all the weird stuff in one place and move the generated signing keys into this directory. Signed-off-by: NDavid Howells <dhowells@redhat.com> Reviewed-by: NDavid Woodhouse <David.Woodhouse@intel.com>
-