diff options
| author | David Woodhouse <David.Woodhouse@intel.com> | 2015-07-20 16:16:34 -0400 |
|---|---|---|
| committer | David Howells <dhowells@redhat.com> | 2015-08-12 12:01:01 -0400 |
| commit | 770f2b98760ef0500183d7206724aac762433e2d (patch) | |
| tree | 014b2558c14bfdb67f2e6b464f9fcddf1194afc3 /kernel/Makefile | |
| parent | 84706caae9e06363db4f956cde4f9715ce5c0ef3 (diff) | |
modsign: Use extract-cert to process CONFIG_SYSTEM_TRUSTED_KEYS
Fix up the dependencies somewhat too, while we're at it.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Diffstat (limited to 'kernel/Makefile')
| -rw-r--r-- | kernel/Makefile | 25 |
1 files changed, 12 insertions, 13 deletions
diff --git a/kernel/Makefile b/kernel/Makefile index 575329777d9e..65ef3846fbe8 100644 --- a/kernel/Makefile +++ b/kernel/Makefile | |||
| @@ -166,23 +166,22 @@ endef | |||
| 166 | # | 166 | # |
| 167 | ############################################################################### | 167 | ############################################################################### |
| 168 | 168 | ||
| 169 | |||
| 170 | ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y) | 169 | ifeq ($(CONFIG_SYSTEM_TRUSTED_KEYRING),y) |
| 171 | 170 | ||
| 172 | $(eval $(call config_filename,SYSTEM_TRUSTED_KEYS)) | 171 | $(eval $(call config_filename,SYSTEM_TRUSTED_KEYS)) |
| 173 | 172 | ||
| 174 | SIGNING_X509-$(CONFIG_MODULE_SIG) += signing_key.x509 | 173 | # GCC doesn't include .incbin files in -MD generated dependencies (PR#66871) |
| 175 | 174 | $(obj)/system_certificates.o: $(obj)/x509_certificate_list | |
| 176 | kernel/system_certificates.o: $(obj)/x509_certificate_list | ||
| 177 | 175 | ||
| 178 | quiet_cmd_x509certs = CERTS $(SIGNING_X509-y) $(patsubst "%",%,$(2)) | 176 | # Cope with signing_key.x509 existing in $(srctree) not $(objtree) |
| 179 | cmd_x509certs = ( cat $(SIGNING_X509-y) /dev/null; \ | 177 | AFLAGS_system_certificates.o := -I$(srctree) |
| 180 | awk '/-----BEGIN CERTIFICATE-----/{flag=1;next}/-----END CERTIFICATE-----/{flag=0}flag' $(2) /dev/null | base64 -d ) > $@ || ( rm $@; exit 1) | ||
| 181 | 178 | ||
| 182 | targets += $(obj)/x509_certificate_list | 179 | quiet_cmd_extract_certs = EXTRACT_CERTS $(patsubst "%",%,$(2)) |
| 183 | $(obj)/x509_certificate_list: $(SIGNING_X509-y) include/config/system/trusted/keys.h $(wildcard include/config/module/sig.h) $(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(SYSTEM_TRUSTED_KEYS_FILENAME) | 180 | cmd_extract_certs = scripts/extract-cert $(2) $@ || ( rm $@; exit 1) |
| 184 | $(call if_changed,x509certs,$(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_TRUSTED_KEYS)) | ||
| 185 | 181 | ||
| 182 | targets += x509_certificate_list | ||
| 183 | $(obj)/x509_certificate_list: scripts/extract-cert $(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(SYSTEM_TRUSTED_KEYS_FILENAME) FORCE | ||
| 184 | $(call if_changed,extract_certs,$(SYSTEM_TRUSTED_KEYS_SRCPREFIX)$(CONFIG_SYSTEM_TRUSTED_KEYS)) | ||
| 186 | endif | 185 | endif |
| 187 | 186 | ||
| 188 | clean-files := x509_certificate_list .x509.list | 187 | clean-files := x509_certificate_list .x509.list |
| @@ -248,9 +247,9 @@ ifeq ($(patsubst pkcs11:%,%,$(firstword $(MODULE_SIG_KEY_FILENAME))),$(firstword | |||
| 248 | X509_DEP := $(MODULE_SIG_KEY_SRCPREFIX)$(MODULE_SIG_KEY_FILENAME) | 247 | X509_DEP := $(MODULE_SIG_KEY_SRCPREFIX)$(MODULE_SIG_KEY_FILENAME) |
| 249 | endif | 248 | endif |
| 250 | 249 | ||
| 251 | quiet_cmd_extract_der = SIGNING_CERT $(patsubst "%",%,$(2)) | 250 | # GCC PR#66871 again. |
| 252 | cmd_extract_der = scripts/extract-cert $(2) signing_key.x509 | 251 | $(obj)/system_certificates.o: signing_key.x509 |
| 253 | 252 | ||
| 254 | signing_key.x509: scripts/extract-cert include/config/module/sig/key.h $(X509_DEP) | 253 | signing_key.x509: scripts/extract-cert include/config/module/sig/key.h $(X509_DEP) |
| 255 | $(call cmd,extract_der,$(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY)) | 254 | $(call cmd,extract_certs,$(MODULE_SIG_KEY_SRCPREFIX)$(CONFIG_MODULE_SIG_KEY)) |
| 256 | endif | 255 | endif |